mirror of
https://github.com/privacyguides/privacyguides.org.git
synced 2024-12-20 05:14:35 -05:00
New Crowdin Translations (#2074)
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
This commit is contained in:
parent
5bad28ff6d
commit
9e35e2ef8a
@ -1,17 +1,19 @@
|
||||
---
|
||||
hide:
|
||||
- feedback
|
||||
meta:
|
||||
-
|
||||
property: "robots"
|
||||
content: "noindex, nofollow"
|
||||
---
|
||||
|
||||
# 404 - Not Found
|
||||
# 404 - غير متوفر
|
||||
|
||||
We couldn't find the page you were looking for! Maybe you were looking for one of these?
|
||||
لم نتمكن من العثور على الصفحة التي تبحث عنها! ربما كنت تبحث عن واحد من هؤلاء؟
|
||||
|
||||
- [Introduction to Threat Modeling](basics/threat-modeling.md)
|
||||
- [Recommended DNS Providers](dns.md)
|
||||
- [Best Desktop Web Browsers](desktop-browsers.md)
|
||||
- [مقدمة إلى نمذجة التهديدات](basics/threat-modeling.md)
|
||||
- [خوادِم DNS الموصى بها](dns.md)
|
||||
- [أفضل متصفحات الويب للكمبيوتر](desktop-browsers.md)
|
||||
- [Best VPN Providers](vpn.md)
|
||||
- [Privacy Guides Forum](https://discuss.privacyguides.net)
|
||||
- [Our Blog](https://blog.privacyguides.org)
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
@ -38,5 +38,3 @@ We have these requirements in regard to developers which wish to submit their pr
|
||||
|
||||
- Must state what the exact threat model is with their project.
|
||||
- It should be clear to potential users what the project can provide, and what it cannot.
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
@ -48,5 +48,3 @@ We host [internet services](https://privacyguides.net) for testing and showcasin
|
||||
We occasionally purchase products and services for the purposes of testing our [recommended tools](../tools.md).
|
||||
|
||||
We are still working with our fiscal host (the Open Collective Foundation) to receive cryptocurrency donations, at the moment the accounting is unfeasible for many smaller transactions, but this should change in the future. In the meantime, if you wish to make a sizable (> $100) cryptocurrency donation, please reach out to [jonah@privacyguides.org](mailto:jonah@privacyguides.org).
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
@ -1,10 +1,38 @@
|
||||
---
|
||||
template: schema.html
|
||||
title: "About Privacy Guides"
|
||||
description: Privacy Guides is a socially motivated website that provides information for protecting your data security and privacy.
|
||||
---
|
||||
|
||||
**Privacy Guides** is a socially motivated website that provides information for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors.
|
||||
![Privacy Guides logo](../assets/brand/png/square/pg-yellow.png){ align=right }
|
||||
|
||||
[:material-hand-coin-outline: Support the project](donate.md ""){.md-button.md-button--primary}
|
||||
**Privacy Guides** is a socially motivated website that provides [information](/kb) for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. Our website is free of advertisements and not affiliated with any listed providers.
|
||||
|
||||
[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title=Homepage }
|
||||
[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" }
|
||||
[:octicons-heart-16:](donate.md){ .card-link title=Contribute }
|
||||
|
||||
The purpose of Privacy Guides is to educate our community on the importance of privacy online and government programs internationally that are designed to monitor all of your online activities.
|
||||
|
||||
> To find [privacy-focused alternative] apps, check out sites like Good Reports and **Privacy Guides**, which list privacy-focused apps in a variety of categories, notably including email providers (usually on paid plans) that aren’t run by the big tech companies.
|
||||
|
||||
— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/)
|
||||
|
||||
> If you're looking for a new VPN, you can go to the discount code of just about any podcast. If you are looking for a **good** VPN, you need professional help. The same goes for email clients, browsers, operating systems and password managers. How do you know which of these is the best, most privacy-friendly option? For that there is **Privacy Guides**, a platform on which a number of volunteers search day in, day out for the best privacy-friendly tools to use on the internet.
|
||||
|
||||
— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [Translated from Dutch]
|
||||
|
||||
Also featured on: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], and [Wired](https://www.wired.com/story/firefox-mozilla-2022/).
|
||||
|
||||
## History
|
||||
|
||||
Privacy Guides was launched in September 2021 as a continuation of the [defunct](privacytools.md) "PrivacyTools" open-source educational project. We recognized the importance of independent, criteria-focused product recommendations and general knowledge in the privacy space, which is why we needed to preserve the work that had been created by so many contributors since 2015 and make sure that information had a stable home on the web indefinitely.
|
||||
|
||||
In 2022, we completed the transition of our main website framework from Jekyll to MkDocs, using the `mkdocs-material` documentation software. This change made open-source contributions to our site significantly easier for outsiders, because instead of needing to know complicated syntax to write posts effectively, contributing is now as easy as writing a standard Markdown document.
|
||||
|
||||
We additionally launched our new discussion forum at [discuss.privacyguides.net](https://discuss.privacyguides.net/) as a community platform to share ideas and ask questions about our mission. This augments our existing community on Matrix, and replaced our previous GitHub Discussions platform, decreasing our reliance on proprietary discussion platforms.
|
||||
|
||||
So far in 2023 we've launched international translations of our website in [French](/fr/), [Hebrew](/he/), and [Dutch](/nl/), with more languages on the way, made possible by our excellent translation team on [Crowdin](https://crowdin.com/project/privacyguides). We plan to continue carrying forward our mission of outreach and education, and finding ways to more clearly highlight the dangers of a lack of privacy awareness in the modern digital age, and the prevalence and harms of security breaches across the technology industry.
|
||||
|
||||
## Our Team
|
||||
|
||||
@ -48,9 +76,9 @@ title: "About Privacy Guides"
|
||||
- [:simple-github: GitHub](https://github.com/hook9 "@hook9")
|
||||
- [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me}
|
||||
|
||||
Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub!
|
||||
Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides).
|
||||
|
||||
Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax deductible in the United States.
|
||||
Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax-deductible in the United States.
|
||||
|
||||
## Site License
|
||||
|
||||
@ -59,5 +87,3 @@ Our team members review all changes made to the website and handle administrativ
|
||||
:fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Unless otherwise noted, the original content on this website is made available under the [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). This means that you are free to copy and redistribute the material in any medium or format for any purpose, even commercially; as long as you give appropriate credit to `Privacy Guides (www.privacyguides.org)` and provide a link to the license. You may do so in any reasonable manner, but not in any way that suggests Privacy Guides endorses you or your use. If you remix, transform, or build upon the content of this website, you may not distribute the modified material.
|
||||
|
||||
This license is in place to prevent people from sharing our work without giving proper credit, and to prevent people from modifying our work in a way that could be used to mislead people. If you find the terms of this license too restrictive for the project you're working on, please reach out to us at `jonah@privacyguides.org`. We are happy to provide alternative licensing options for well-intentioned projects in the privacy space!
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
@ -41,5 +41,3 @@ You must not conduct any systematic or automated data collection activities on o
|
||||
* Scraping
|
||||
* Data Mining
|
||||
* 'Framing' (IFrames)
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
@ -59,5 +59,3 @@ For complaints under GDPR more generally, you may lodge complaints with your loc
|
||||
We will post any new versions of this statement [here](privacy-policy.md). We may change how we announce changes in future versions of this document. In the meantime we may update our contact information at any time without announcing a change. Please refer to the [Privacy Policy](privacy-policy.md) for the latest contact information at any time.
|
||||
|
||||
A full revision [history](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) of this page can be found on GitHub.
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
@ -116,5 +116,3 @@ This topic has been discussed extensively within our communities in various loca
|
||||
- [Apr 2, 2022 response by u/dng99 to PrivacyTools' accusatory blog post](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/)
|
||||
- [May 16, 2022 response by @TommyTran732 on Twitter](https://twitter.com/TommyTran732/status/1526153497984618496)
|
||||
- [Sep 3, 2022 post on Techlore's forum by @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20)
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
@ -36,5 +36,3 @@ We run a number of web services to test out features and promote cool decentrali
|
||||
- Availability: Semi-Public
|
||||
We host Invidious primarily to serve embedded YouTube videos on our website, this instance is not intended for general-purpose use and may be limited at any time.
|
||||
- Source: [github.com/iv-org/invidious](https://github.com/iv-org/invidious)
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
@ -59,5 +59,3 @@ title: Traffic Statistics
|
||||
})
|
||||
})
|
||||
</script>
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Types of Communication Networks"
|
||||
icon: 'material/transit-connection-variant'
|
||||
description: An overview of several network architectures commonly used by instant messaging applications.
|
||||
---
|
||||
|
||||
There are several network architectures commonly used to relay messages between people. These networks can provide different privacy guarantees, which is why it's worth considering your [threat model](../basics/threat-modeling.md) when deciding which app to use.
|
||||
@ -100,5 +101,3 @@ Self-hosting a node in an anonymous routing network does not provide the hoster
|
||||
- Less reliable if nodes are selected by randomized routing, some nodes may be very far from the sender and receiver, adding latency or even failing to transmit messages if one of the nodes goes offline.
|
||||
- More complex to get started, as the creation and secured backup of a cryptographic private key is required.
|
||||
- Just like other decentralized platforms, adding features is more complex for developers than on a centralized platform. Hence, features may be lacking or incompletely implemented, such as offline message relaying or message deletion.
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "DNS Overview"
|
||||
icon: material/dns
|
||||
description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for.
|
||||
---
|
||||
|
||||
The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers.
|
||||
@ -303,5 +304,3 @@ The [EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) is a
|
||||
It's intended to "speed up" delivery of data by giving the client an answer that belongs to a server that is close to them such as a [content delivery network](https://en.wikipedia.org/wiki/Content_delivery_network), which are often used in video streaming and serving JavaScript web apps.
|
||||
|
||||
This feature does come at a privacy cost, as it tells the DNS server some information about the client's location.
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
84
i18n/ar/advanced/payments.md
Normal file
84
i18n/ar/advanced/payments.md
Normal file
@ -0,0 +1,84 @@
|
||||
---
|
||||
title: Private Payments
|
||||
icon: material/hand-coin
|
||||
---
|
||||
|
||||
There's a reason data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately.
|
||||
|
||||
## Cash
|
||||
|
||||
For centuries, **cash** has functioned as the primary form of private payment. Cash has excellent privacy properties in most cases, is widely accepted in most countries, and is **fungible**, meaning it is non-unique and completely interchangable.
|
||||
|
||||
Cash payment laws vary by country. In the United States, special disclosure is required for cash payments over $10,000 to the IRS on [Form 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). The receiving business is required to ID verify the payee’s name, address, occupation, date of birth, and Social Security Number or other TIN (with some exceptions). Lower limits without ID such as $3,000 or less exist for exchanges and money transmission. Cash also contains serial numbers. These are almost never tracked by merchants, but they can be used by law enforcement in targeted investigations.
|
||||
|
||||
Despite this, it’s typically the best option.
|
||||
|
||||
## Prepaid Cards & Gift Cards
|
||||
|
||||
It’s relatively simple to purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually don’t have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout to reduce fraud.
|
||||
|
||||
Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (eg: from Visa or Mastercard) usually have limits of up to $1,000 per card.
|
||||
|
||||
Gift cards have the downside of being subject to merchant policies, which can have terrible terms and restrictions. For example, some merchants don’t accept payment in gift cards exclusively, or they may cancel the value of the card if they consider you to be a high-risk user. Once you have merchant credit, the merchant has a strong degree of control over this credit.
|
||||
|
||||
Prepaid cards don’t allow cash withdrawals from ATMs or “peer-to-peer” payments in Venmo and similar apps.
|
||||
|
||||
Cash remains the best option for in-person purchases for most people. Gift cards can be useful for the savings they bring. Prepaid cards can be useful for places that don’t accept cash. Gift cards and prepaid cards are easier to use online than cash, and they are easier to acquire with cryptocurrencies than cash.
|
||||
|
||||
### Online Marketplaces
|
||||
|
||||
If you have [cryptocurrency](../cryptocurrency.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered).
|
||||
|
||||
When buying gift cards online, there is usually a slight discount. Prepaid cards are usually sold online at face value or with a fee. If you buy prepaid cards and gift cards with cryptocurrencies, you should strongly prefer to pay with Monero which provides strong privacy, more on this below. Paying for a gift card with a traceable payment method negates the benefits a gift card can provide when purchased with cash or Monero.
|
||||
|
||||
- [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces)
|
||||
|
||||
## Virtual Cards
|
||||
|
||||
Another way to protect your information from merchants online is to use virtual, single-use cards which mask your actual banking or billing information. This is primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft. They do **not** assist you in making a purchase completely anonymously, nor do they hide any information from the banking institution themselves. Regular financial institutions which offer virtual cards are subject to "Know Your Customer" (KYC) laws, meaning they may require your ID or other identifying information.
|
||||
|
||||
- [Recommended Payment Masking Services :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services)
|
||||
|
||||
These tend to be good options for recurring/subscription payments online, while prepaid gift cards are preferred for one-time transactions.
|
||||
|
||||
## Cryptocurrency
|
||||
|
||||
Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a public blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly at any time. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose.
|
||||
|
||||
!!! danger
|
||||
|
||||
The vast majority of cryptocurrencies operate on a **public** blockchain, meaning that every transaction is public knowledge. This includes even most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity.
|
||||
|
||||
Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust.
|
||||
|
||||
### Privacy Coins
|
||||
|
||||
There are a number of cryptocurrency projects which purport to provide privacy by making transactions anonymous. We recommend using one which provides transaction anonymity **by default** to avoid operational errors.
|
||||
|
||||
- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../cryptocurrency.md#coins)
|
||||
|
||||
Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can break Bitcoin Lightning Network and/or Monero's transaction privacy. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million for tools which purport to do so (it is unknown which cryptocurrency network these tools target). Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins only succeed in thwarting mass surveillance.
|
||||
|
||||
### Other Coins (Bitcoin, Ethereum, etc.)
|
||||
|
||||
The vast majority of cryptocurrency projects use a public blockchain, meaning that all transactions are both easily traceable and permanent. As such, we strongly discourage the use of most cryptocurrency for privacy-related reasons.
|
||||
|
||||
Anonymous transactions on a public blockchain are *theoretically* possible, and the Bitcoin wiki [gives one example of a "completely anonymous" transaction](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). However, doing so requires a complicated setup involving Tor and "solo-mining" a block to generate completely independent cryptocurrency, a practice which has not been practical for nearly any enthusiast for many years.
|
||||
|
||||
==Your best option is to avoid these cryptocurrencies entirely and stick with one which provides privacy by default.== Attempting to use other cryptocurrency is outside the scope of this site and strongly discouraged.
|
||||
|
||||
### Wallet Custody
|
||||
|
||||
With cryptocurrency there are two forms of wallets: custodial wallets and noncustodial wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Noncustodial wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, noncustodial wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies.
|
||||
|
||||
### Acquisition
|
||||
|
||||
Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces like [LocalMonero](https://localmonero.co/), a platform which facilitates trades between people, are one option that can be used. If using an exchange which requires KYC is an acceptable risk for you as long as subsequent transactions can't be traced, a much easier option is to purchase Monero on an exchange like [Kraken](https://kraken.com/), or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own noncustodial wallet to use privately from that point forward.
|
||||
|
||||
If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall.
|
||||
|
||||
## Additional Considerations
|
||||
|
||||
When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself.
|
||||
|
||||
When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address.
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Tor Overview"
|
||||
icon: 'simple/torproject'
|
||||
description: Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible.
|
||||
---
|
||||
|
||||
Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications.
|
||||
@ -74,8 +75,6 @@ If you wish to use Tor for browsing the web, we only recommend the **official**
|
||||
- [How Tor Works - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) <small>(YouTube)</small>
|
||||
- [Tor Onion Services - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) <small>(YouTube)</small>
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
||||
[^1]: The first relay in your circuit is called an "entry guard" or "guard". It is a fast and stable relay that remains the first one in your circuit for 2-3 months in order to protect against a known anonymity-breaking attack. The rest of your circuit changes with every new website you visit, and all together these relays provide the full privacy protections of Tor. For more information on how guard relays work, see this [blog post](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) and [paper](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) on entry guards. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/))
|
||||
|
||||
[^2]: Relay flag: a special (dis-)qualification of relays for circuit positions (for example, "Guard", "Exit", "BadExit"), circuit properties (for example, "Fast", "Stable"), or roles (for example, "Authority", "HSDir"), as assigned by the directory authorities and further defined in the directory protocol specification. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html))
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Android"
|
||||
icon: 'simple/android'
|
||||
description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
|
||||
---
|
||||
|
||||
![Android logo](assets/img/android/android.svg){ align=right }
|
||||
@ -13,8 +14,9 @@ The **Android Open Source Project** is an open-source mobile operating system le
|
||||
|
||||
These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. To learn more about Android:
|
||||
|
||||
- [General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md)
|
||||
- [Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/)
|
||||
[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button}
|
||||
|
||||
[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button}
|
||||
|
||||
## AOSP Derivatives
|
||||
|
||||
@ -349,5 +351,3 @@ That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](htt
|
||||
- Applications on this page must not be applicable to any other software category on the site.
|
||||
- General applications should extend or replace core system functionality.
|
||||
- Applications should receive regular updates and maintenance.
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Account Creation"
|
||||
icon: 'material/account-plus'
|
||||
description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private.
|
||||
---
|
||||
|
||||
Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line.
|
||||
@ -78,5 +79,3 @@ In many cases you will need to provide a number that you can receive SMS or call
|
||||
### Username and password
|
||||
|
||||
Some services allow you to register without using an email address and only require you to set a username and password. These services may provide increased anonymity when combined with a VPN or Tor. Keep in mind that for these accounts there will most likely be **no way to recover your account** in the event you forget your username or password.
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Account Deletion"
|
||||
icon: 'material/account-remove'
|
||||
description: It's easy to accumulate a large number of internet accounts, here are some tips on how to prune your collection.
|
||||
---
|
||||
|
||||
Over time, it can be easy to accumulate a number of online accounts, many of which you may no longer use. Deleting these unused accounts is an important step in reclaiming your privacy, as dormant accounts are vulnerable to data breaches. A data breach is when a service's security is compromised and protected information is viewed, transmitted, or stolen by unauthorized actors. Data breaches are unfortunately all [too common](https://haveibeenpwned.com/PwnedWebsites) these days, and so practicing good digital hygiene is the best way to minimize the impact they have on your life. The goal of this guide then is to help navigate you through the irksome process of account deletion, often made difficult by [deceptive design](https://www.deceptive.design/), for the betterment of your online presence.
|
||||
@ -59,5 +60,3 @@ Even when you are able to delete an account, there is no guarantee that all your
|
||||
## Avoid New Accounts
|
||||
|
||||
As the old saying goes, "an ounce of prevention is worth a pound of cure." Whenever you feel tempted to sign up for a new account, ask yourself, "Do I really need this? Can I accomplish what I need to without an account?" It can often be much harder to delete an account than to create one. And even after deleting or changing the info on your account, there might be a cached version from a third-party—like the [Internet Archive](https://archive.org/). Avoid the temptation when you're able to—your future self will thank you!
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Common Misconceptions"
|
||||
icon: 'material/robot-confused'
|
||||
description: Privacy isn't a straightforward topic, and it's easy to get caught up in marketing claims and other disinformation.
|
||||
---
|
||||
|
||||
## "Open-source software is always secure" or "Proprietary software is more secure"
|
||||
@ -56,6 +57,4 @@ One of the clearest threat models is one where people *know who you are* and one
|
||||
|
||||
Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.)
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
||||
[^1]: One notable example of this is the [2021 incident in which University of Minnesota researchers introduced three vulnerabilities into the Linux kernel development project](https://cse.umn.edu/cs/linux-incident).
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Common Threats"
|
||||
icon: 'material/eye-outline'
|
||||
description: Your threat model is personal to you, but these are some of the things many visitors to this site care about.
|
||||
---
|
||||
|
||||
Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat.
|
||||
@ -140,8 +141,6 @@ People concerned with the threat of censorship can use technologies like [Tor](.
|
||||
|
||||
You must always consider the risks of trying to bypass censorship, the potential consequences, and how sophisticated your adversary may be. You should be cautious with your software selection, and have a backup plan in case you are caught.
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
||||
[^1]: Wikipedia: [*Mass Surveillance*](https://en.wikipedia.org/wiki/Mass_surveillance) and [*Surveillance*](https://en.wikipedia.org/wiki/Surveillance).
|
||||
[^2]: United States Privacy and Civil Liberties Oversight Board: [*Report on the Telephone Records Program Conducted under Section 215*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf)
|
||||
[^3]: Wikipedia: [*Surveillance capitalism*](https://en.wikipedia.org/wiki/Surveillance_capitalism)
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: Email Security
|
||||
icon: material/email
|
||||
description: Email is inherently insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications.
|
||||
---
|
||||
|
||||
Email is an insecure form of communication by default. You can improve your email security with tools such as OpenPGP, which add End-to-End Encryption to your messages, but OpenPGP still has a number of drawbacks compared to encryption in other messaging applications, and some email data can never be encrypted inherently due to how email is designed.
|
||||
@ -38,5 +39,3 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http
|
||||
### Why Can't Metadata be E2EE?
|
||||
|
||||
Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc.
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Multi-Factor Authentication"
|
||||
icon: 'material/two-factor-authentication'
|
||||
description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others.
|
||||
---
|
||||
|
||||
**Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app.
|
||||
@ -162,5 +163,3 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How
|
||||
### KeePass (and KeePassXC)
|
||||
|
||||
KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Introduction to Passwords"
|
||||
icon: 'material/form-textbox-password'
|
||||
description: These are some tips and tricks on how to create the strongest passwords and keep your accounts secure.
|
||||
---
|
||||
|
||||
Passwords are an essential part of our everyday digital lives. We use them to protect our accounts, our devices and our secrets. Despite often being the only thing between us and an adversary who's after our private information, not a lot of thought is put into them, which often leads to people using passwords that can be easily guessed or brute-forced.
|
||||
@ -108,5 +109,3 @@ There are many good options to choose from, both cloud-based and local. Choose o
|
||||
### Backups
|
||||
|
||||
You should store an [encrypted](../encryption.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using.
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "تصميم التهديات"
|
||||
icon: 'المادة/الحساب-المستهدف'
|
||||
description: موازنة الأمان، الخصوصية، وقابلية الاستخدام تعد واحدة من أول وأصعب المهام التي ستواجهها في رحلة الخصوصية.
|
||||
---
|
||||
|
||||
موازنة الأمان، الخصوصية، وقابلية الاستخدام تعد واحدة من أول وأصعب المهام التي ستواجهها في رحلة الخصوصية. Everything is a trade-off: The more secure something is, the more restricting or inconvenient it generally is, etc. Often, people find that the problem with the tools they see recommended is that they're just too hard to start using!
|
||||
@ -107,5 +108,3 @@ For people looking to increase their privacy and security online, we've compiled
|
||||
## Sources
|
||||
|
||||
- [EFF Surveillance Self Defense: Your Security Plan](https://ssd.eff.org/en/module/your-security-plan)
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
@ -1,11 +1,12 @@
|
||||
---
|
||||
title: VPN Overview
|
||||
icon: material/vpn
|
||||
description: Virtual Private Networks shift risk away from your ISP to a third-party you trust. You should keep these things in mind.
|
||||
---
|
||||
|
||||
Virtual Private Networks are a way of extending the end of your network to exit somewhere else in the world. An ISP can see the flow of internet traffic entering and exiting your network termination device (i.e. modem).
|
||||
|
||||
Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns).
|
||||
Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns).
|
||||
|
||||
A VPN can help as it can shift trust to a server somewhere else in the world. As a result, the ISP then only sees that you are connected to a VPN and nothing about the activity that you're passing into it.
|
||||
|
||||
@ -74,5 +75,3 @@ For situations like these, or if you have another compelling reason, the VPN pro
|
||||
- [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/)
|
||||
- [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/)
|
||||
- [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/)
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Calendar Sync"
|
||||
icon: material/calendar
|
||||
description: Calendars contain some of your most sensitive data; use products that implement encryption at rest.
|
||||
---
|
||||
|
||||
Calendars contain some of your most sensitive data; use products that implement E2EE at rest to prevent a provider from reading them.
|
||||
@ -67,5 +68,3 @@ Calendars contain some of your most sensitive data; use products that implement
|
||||
Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
|
||||
|
||||
- Should integrate with native OS calendar and contact management apps if applicable.
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Cloud Storage"
|
||||
icon: material/file-cloud
|
||||
description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives!
|
||||
---
|
||||
|
||||
Many cloud storage providers require your full trust that they will not look at your files. The alternatives listed below eliminate the need for trust by either putting you in control of your data or by implementing E2EE.
|
||||
@ -29,7 +30,6 @@ If these alternatives do not fit your needs, we suggest you look into [Encryptio
|
||||
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive)
|
||||
- [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851)
|
||||
|
||||
Proton Drive's mobile clients were released in December 2022 and are not yet open-source. Proton has historically delayed their source code releases until after initial product releases, and [plans to](https://www.reddit.com/r/ProtonDrive/comments/zf14i8/comment/izdwmme/?utm_source=share&utm_medium=web2x&context=3) release the source code by the end of 2023. Proton Drive desktop clients are still in development.
|
||||
|
||||
## Criteria
|
||||
|
||||
@ -58,5 +58,3 @@ Our best-case criteria represents what we would like to see from the perfect pro
|
||||
- These clients should integrate with native OS tools for cloud storage providers, such as Files app integration on iOS, or DocumentsProvider functionality on Android.
|
||||
- Should support easy file-sharing with other users.
|
||||
- Should offer at least basic file preview and editing functionality on the web interface.
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
53
i18n/ar/cryptocurrency.md
Normal file
53
i18n/ar/cryptocurrency.md
Normal file
@ -0,0 +1,53 @@
|
||||
---
|
||||
title: Cryptocurrency
|
||||
icon: material/bank-circle
|
||||
---
|
||||
|
||||
Making payments online is one of the biggest challenges to privacy. These cryptocurrencies provide transaction privacy by default (something which is **not** guaranteed by the majority of cryptocurrencies), provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases:
|
||||
|
||||
[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button}
|
||||
|
||||
!!! danger
|
||||
|
||||
Many if not most cryptocurrency projects are scams. Make transactions carefully with only projects you trust.
|
||||
|
||||
## Monero
|
||||
|
||||
!!! recommendation
|
||||
|
||||
![Monero logo](assets/img/cryptocurrency/monero.svg){ align=right }
|
||||
|
||||
**Monero** uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve anonymity. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices.
|
||||
|
||||
[:octicons-home-16: Homepage](https://www.getmonero.org/){ .md-button .md-button--primary }
|
||||
[:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation}
|
||||
[:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" }
|
||||
[:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribute }
|
||||
|
||||
With Monero, outside observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories.
|
||||
|
||||
For optimal privacy, make sure to use a noncustodial wallet where the view key stays on the device. This means that only you will have the ability to spend your funds and see incoming and outgoing transactions. If you use a custodial wallet, the provider can see **everything** you do; if you use a “lightweight” wallet where the provider retains your private view key, the provider can see almost everything you do. Some noncustodial wallets include:
|
||||
|
||||
- [Official Monero client](https://getmonero.org/downloads) (Desktop)
|
||||
- [Cake Wallet](https://cakewallet.com/) (iOS, Android)
|
||||
- Cake Wallet supports multiple cryptocurrencies. A Monero-only version of Cake Wallet is available at [Monero.com](https://monero.com/).
|
||||
- [Feather Wallet](https://featherwallet.org/) (Desktop)
|
||||
- [Monerujo](https://www.monerujo.io/) (Android)
|
||||
|
||||
For maximum privacy (even with a noncustodial wallet), you should run your own Monero node. Using another person’s node will expose some information to them, such as the IP address that you connect to it from, the timestamps that you sync your wallet, and the transactions that you send from your wallet (though no other details about those transactions). Alternatively, you can connect to someone else’s Monero node over Tor or i2p.
|
||||
|
||||
In August 2021, CipherTrace [announced](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) enhanced Monero tracing capabilities for government agencies. Public postings show that the US Department of the Treasury's Financial Crimes Enforcement Network [licensed](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace's "Monero Module" in late 2022.
|
||||
|
||||
Monero transaction graph privacy is limited by its relatively small ring signatures, especially against targeted attacks. Monero's privacy features have also been [called into question](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) by some security researchers, and a number of severe vulnerabilities have been found and patched in the past, so the claims made by organizations like CipherTrace are not out of the question. While it's unlikely that Monero mass surveillance tools exist like they do for Bitcoin and others, it's certain that tracing tools assist with targeted investigations.
|
||||
|
||||
Ultimately, Monero is the strongest contender for a privacy-friendly cryptocurrency, but its privacy claims have **not** been definitively proven one way or the other. More time and research is needed to assess whether Monero is resilient enough to attacks to always provide adequate privacy.
|
||||
|
||||
## Criteria
|
||||
|
||||
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
|
||||
|
||||
!!! example "This section is new"
|
||||
|
||||
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
|
||||
|
||||
- Cryptocurrency must provide private/untraceable transactions by default.
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Data and Metadata Redaction"
|
||||
icon: material/tag-remove
|
||||
description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share.
|
||||
---
|
||||
|
||||
When sharing files, be sure to remove associated metadata. Image files commonly include [Exif](https://en.wikipedia.org/wiki/Exif) data. Photos sometimes even include GPS coordinates in the file metadata.
|
||||
@ -142,5 +143,3 @@ The app offers multiple ways to erase metadata from images. Namely:
|
||||
|
||||
- Apps developed for open-source operating systems must be open-source.
|
||||
- Apps must be free and should not include ads or other limitations.
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Desktop Browsers"
|
||||
icon: material/laptop
|
||||
description: Firefox and Brave are our recommendations for standard/non-anonymous browsing.
|
||||
---
|
||||
|
||||
These are our currently recommended desktop web browsers and configurations for standard/non-anonymous browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping your browser extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation.
|
||||
@ -258,6 +259,4 @@ Our best-case criteria represents what we would like to see from the perfect pro
|
||||
- Must not replicate built-in browser or OS functionality.
|
||||
- Must directly impact user privacy, i.e. must not simply provide information.
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
||||
[^1]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state/).
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Desktop/PC"
|
||||
icon: simple/linux
|
||||
description: Linux distributions are commonly recommended for privacy protection and software freedom.
|
||||
---
|
||||
|
||||
Linux distributions are commonly recommended for privacy protection and software freedom. If you don't already use Linux, below are some distributions we suggest trying out, as well as some general privacy and security improvement tips that are applicable to many Linux distributions.
|
||||
@ -180,5 +181,3 @@ Our recommended operating systems:
|
||||
- Must support full-disk encryption during installation.
|
||||
- Must not freeze regular releases for more than 1 year. We [do not recommend](os/linux-overview.md#release-cycle) "Long Term Support" or "stable" distro releases for desktop usage.
|
||||
- Must support a wide variety of hardware.
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
@ -1,13 +1,12 @@
|
||||
---
|
||||
title: "DNS Resolvers"
|
||||
icon: material/dns
|
||||
description: These are some encrypted DNS providers we recommend switching to, to replace your ISP's default configuration.
|
||||
---
|
||||
|
||||
!!! question "Should I use encrypted DNS?"
|
||||
Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity.
|
||||
|
||||
Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity.
|
||||
|
||||
[Learn more about DNS](advanced/dns-overview.md){ .md-button }
|
||||
[Learn more about DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button}
|
||||
|
||||
## Recommended Providers
|
||||
|
||||
@ -132,8 +131,6 @@ A self-hosted DNS solution is useful for providing filtering on controlled platf
|
||||
[:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" }
|
||||
[:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute }
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
||||
[^1]: AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested in within last 24 hours. "We need this information to identify and block new trackers and threats." "We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html)
|
||||
[^2]: Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver. The 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is stored only for 25 hours. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/)
|
||||
[^3]: Control D only logs for Premium resolvers with custom DNS profiles. Free resolvers do not log data. [https://controld.com/privacy](https://controld.com/privacy)
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Email Clients"
|
||||
icon: material/email-open
|
||||
description: These email clients are privacy-respecting and support OpenPGP email encryption.
|
||||
---
|
||||
|
||||
Our recommendation list contains email clients that support both [OpenPGP](encryption.md#openpgp) and strong authentication such as [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). OAuth allows you to use [Multi-Factor Authentication](basics/multi-factor-authentication.md) and prevent account theft.
|
||||
@ -235,5 +236,3 @@ Our best-case criteria represents what we would like to see from the perfect pro
|
||||
- Should not collect any telemetry by default.
|
||||
- Should support OpenPGP natively, i.e. without extensions.
|
||||
- Should support storing OpenPGP encrypted emails locally.
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
187
i18n/ar/email.md
187
i18n/ar/email.md
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Email Services"
|
||||
icon: material/email
|
||||
description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers.
|
||||
---
|
||||
|
||||
Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy.
|
||||
@ -9,9 +10,21 @@ Email is practically a necessity for using any online service, however we do not
|
||||
|
||||
For everything else, we recommend a variety of email providers based on sustainable business models and built-in security and privacy features.
|
||||
|
||||
- [OpenPGP-Compatible Email Providers :material-arrow-right-drop-circle:](#openpgp-compatible-services)
|
||||
- [Other Encrypted Providers :material-arrow-right-drop-circle:](#more-providers)
|
||||
- [Email Aliasing Services :material-arrow-right-drop-circle:](#email-aliasing-services)
|
||||
- [Self-Hosted Options :material-arrow-right-drop-circle:](#self-hosting-email)
|
||||
|
||||
## OpenPGP Compatible Services
|
||||
|
||||
These providers natively support OpenPGP encryption/decryption, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it.
|
||||
These providers natively support OpenPGP encryption/decryption and the Web Key Directory (WKD) standard, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it.
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail)
|
||||
- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg)
|
||||
|
||||
</div>
|
||||
|
||||
!!! warning
|
||||
|
||||
@ -49,41 +62,41 @@ If you have the Proton Unlimited, Business, or Visionary Plan, you also get [Sim
|
||||
|
||||
Proton Mail has internal crash reports that they **do not** share with third parties. This can be disabled in: **Settings** > **Go to Settings** > **Account** > **Security and privacy** > **Send crash reports**.
|
||||
|
||||
??? success "Custom Domains and Aliases"
|
||||
#### :material-check:{ .pg-green } Custom Domains and Aliases
|
||||
|
||||
Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain.
|
||||
Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain.
|
||||
|
||||
??? success "Private Payment Methods"
|
||||
#### :material-check:{ .pg-green } Private Payment Methods
|
||||
|
||||
Proton Mail [accepts](https://proton.me/support/payment-options) Bitcoin and cash by mail in addition to standard credit/debit card and PayPal payments.
|
||||
Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments.
|
||||
|
||||
??? success "Account Security"
|
||||
#### :material-check:{ .pg-green } Account Security
|
||||
|
||||
Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code.
|
||||
Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code.
|
||||
|
||||
??? success "Data Security"
|
||||
#### :material-check:{ .pg-green } Data Security
|
||||
|
||||
Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you.
|
||||
Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you.
|
||||
|
||||
Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon.
|
||||
Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon.
|
||||
|
||||
??? success "Email Encryption"
|
||||
#### :material-check:{ .pg-green } Email Encryption
|
||||
|
||||
Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP.
|
||||
Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP.
|
||||
|
||||
Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE.
|
||||
Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE.
|
||||
|
||||
??? warning "Digital Legacy"
|
||||
#### :material-alert-outline:{ .pg-orange } Digital Legacy
|
||||
|
||||
Proton Mail doesn't offer a digital legacy feature.
|
||||
Proton Mail doesn't offer a digital legacy feature.
|
||||
|
||||
??? info "Account Termination"
|
||||
#### :material-information-outline:{ .pg-blue } Account Termination
|
||||
|
||||
If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period.
|
||||
If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period.
|
||||
|
||||
??? info "Additional Functionality"
|
||||
#### :material-information-outline:{ .pg-blue } Additional Functionality
|
||||
|
||||
Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage.
|
||||
Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage.
|
||||
|
||||
### Mailbox.org
|
||||
|
||||
@ -101,43 +114,54 @@ Proton Mail has internal crash reports that they **do not** share with third par
|
||||
|
||||
- [:octicons-browser-16: Web](https://login.mailbox.org)
|
||||
|
||||
??? success "Custom Domains and Aliases"
|
||||
#### :material-check:{ .pg-green } Custom Domains and Aliases
|
||||
|
||||
Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain.
|
||||
Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain.
|
||||
|
||||
??? info "Private Payment Methods"
|
||||
#### :material-check:{ .pg-green } Private Payment Methods
|
||||
|
||||
Mailbox.org doesn't accept Bitcoin or any other cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung.
|
||||
Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung.
|
||||
|
||||
??? success "Account Security"
|
||||
#### :material-check:{ .pg-green } Account Security
|
||||
|
||||
Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported.
|
||||
Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported.
|
||||
|
||||
??? info "Data Security"
|
||||
#### :material-information-outline:{ .pg-blue } Data Security
|
||||
|
||||
Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key.
|
||||
Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key.
|
||||
|
||||
However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information.
|
||||
However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information.
|
||||
|
||||
??? success "Email Encryption"
|
||||
#### :material-check:{ .pg-green } Email Encryption
|
||||
|
||||
Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox.
|
||||
Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox.
|
||||
|
||||
Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE.
|
||||
Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE.
|
||||
|
||||
??? success "Digital Legacy"
|
||||
#### :material-check:{ .pg-green } Digital Legacy
|
||||
|
||||
Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address.
|
||||
Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address.
|
||||
|
||||
??? info "Account Termination"
|
||||
#### :material-information-outline:{ .pg-blue } Account Termination
|
||||
|
||||
Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract).
|
||||
Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract).
|
||||
|
||||
??? info "Additional Functionality"
|
||||
#### :material-information-outline:{ .pg-blue } Additional Functionality
|
||||
|
||||
You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors.
|
||||
You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors.
|
||||
|
||||
All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3.
|
||||
All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3.
|
||||
|
||||
## More Providers
|
||||
|
||||
These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers.
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail)
|
||||
- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota)
|
||||
|
||||
</div>
|
||||
|
||||
### StartMail
|
||||
|
||||
@ -156,43 +180,39 @@ Proton Mail has internal crash reports that they **do not** share with third par
|
||||
|
||||
- [:octicons-browser-16: Web](https://mail.startmail.com/login)
|
||||
|
||||
??? success "Custom Domains and Aliases"
|
||||
#### :material-check:{ .pg-green } Custom Domains and Aliases
|
||||
|
||||
Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available.
|
||||
Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available.
|
||||
|
||||
??? warning "Private Payment Methods"
|
||||
#### :material-alert-outline:{ .pg-orange } Private Payment Methods
|
||||
|
||||
StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as Bitcoin (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year.
|
||||
StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year.
|
||||
|
||||
??? success "Account Security"
|
||||
#### :material-check:{ .pg-green } Account Security
|
||||
|
||||
StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication.
|
||||
StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication.
|
||||
|
||||
??? info "Data Security"
|
||||
#### :material-information-outline:{ .pg-blue } Data Security
|
||||
|
||||
StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key.
|
||||
StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key.
|
||||
|
||||
StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption.
|
||||
StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption.
|
||||
|
||||
??? success "Email Encryption"
|
||||
#### :material-check:{ .pg-green } Email Encryption
|
||||
|
||||
StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys.
|
||||
StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. However, they do not support the Web Key Directory standard, making the discovery of a Startmail mailbox's public key more challenging for other email providers or clients.
|
||||
|
||||
??? warning "Digital Legacy"
|
||||
#### :material-alert-outline:{ .pg-orange } Digital Legacy
|
||||
|
||||
StartMail does not offer a digital legacy feature.
|
||||
StartMail does not offer a digital legacy feature.
|
||||
|
||||
??? info "Account Termination"
|
||||
#### :material-information-outline:{ .pg-blue } Account Termination
|
||||
|
||||
On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration).
|
||||
On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration).
|
||||
|
||||
??? info "Additional Functionality"
|
||||
#### :material-information-outline:{ .pg-blue } Additional Functionality
|
||||
|
||||
StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is.
|
||||
|
||||
## More Providers
|
||||
|
||||
These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers.
|
||||
StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is.
|
||||
|
||||
### Tutanota
|
||||
|
||||
@ -220,44 +240,51 @@ These providers store your emails with zero-knowledge encryption, making them gr
|
||||
|
||||
Tutanota doesn't support the [IMAP protocol](https://tutanota.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tutanota app. Neither [Email import](https://github.com/tutao/tutanota/issues/630) or [subfolders](https://github.com/tutao/tutanota/issues/927) are currently supported, though this is [due to be changed](https://tutanota.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tutanota.com/howto#generalMail) per folder, which may be inconvenient if you have many folders.
|
||||
|
||||
??? success "Custom Domains and Aliases"
|
||||
#### :material-check:{ .pg-green } Custom Domains and Aliases
|
||||
|
||||
Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain.
|
||||
Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain.
|
||||
|
||||
??? warning "Private Payment Methods"
|
||||
#### :material-information-outline:{ .pg-blue } Private Payment Methods
|
||||
|
||||
Tutanota only directly accepts credit cards and PayPal, however Bitcoin and Monero can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore.
|
||||
Tutanota only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore.
|
||||
|
||||
??? success "Account Security"
|
||||
#### :material-check:{ .pg-green } Account Security
|
||||
|
||||
Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F.
|
||||
Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F.
|
||||
|
||||
??? success "Data Security"
|
||||
#### :material-check:{ .pg-green } Data Security
|
||||
|
||||
Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you.
|
||||
Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you.
|
||||
|
||||
??? warning "Email Encryption"
|
||||
#### :material-information-outline:{ .pg-blue } Email Encryption
|
||||
|
||||
Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external).
|
||||
Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external).
|
||||
|
||||
??? warning "Digital Legacy"
|
||||
#### :material-alert-outline:{ .pg-orange } Digital Legacy
|
||||
|
||||
Tutanota doesn't offer a digital legacy feature.
|
||||
Tutanota doesn't offer a digital legacy feature.
|
||||
|
||||
??? info "Account Termination"
|
||||
#### :material-information-outline:{ .pg-blue } Account Termination
|
||||
|
||||
Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay.
|
||||
Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay.
|
||||
|
||||
??? info "Additional Functionality"
|
||||
#### :material-information-outline:{ .pg-blue } Additional Functionality
|
||||
|
||||
Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount.
|
||||
Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount.
|
||||
|
||||
Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y.
|
||||
Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y.
|
||||
|
||||
## Email Aliasing Services
|
||||
|
||||
An email aliasing service allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your email provider. True email aliasing is better than plus addressing commonly used and supported by many providers, which allows you to create aliases like yourname+[anythinghere]@example.com, because websites, advertisers, and tracking networks can trivially remove anything after the + sign to know your true email address.
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ .twemoji }![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy)
|
||||
- ![SimpleLogin logo](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin)
|
||||
|
||||
</div>
|
||||
|
||||
Email aliasing can act as a safeguard in case your email provider ever ceases operation. In that scenario, you can easily re-route your aliases to a new email address. In turn, however, you are placing trust in the aliasing service to continue functioning.
|
||||
|
||||
Using a dedicated email aliasing service also has a number of benefits over a catch-all alias on a custom domain:
|
||||
@ -411,7 +438,7 @@ We prefer our recommended providers to collect as little data as possible.
|
||||
|
||||
**Best Case:**
|
||||
|
||||
- Accepts Bitcoin, cash, and other forms of cryptocurrency and/or anonymous payment options (gift cards, etc.)
|
||||
- Accepts [anonymous payment options](advanced/payments.md) ([cryptocurrency](cryptocurrency.md), cash, gift cards, etc.)
|
||||
|
||||
### Security
|
||||
|
||||
@ -428,7 +455,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w
|
||||
- Valid [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) records.
|
||||
- Valid [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) and [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) records.
|
||||
- Have a proper [DMARC](https://en.wikipedia.org/wiki/DMARC) record and policy or use [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) for authentication. If DMARC authentication is being used, the policy must be set to `reject` or `quarantine`.
|
||||
- A server suite preference of TLS 1.2 or later and a plan for [Deprecating TLSv1.0 and TLSv1.1](https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/).
|
||||
- A server suite preference of TLS 1.2 or later and a plan for [RFC8996](https://datatracker.ietf.org/doc/rfc8996/).
|
||||
- [SMTPS](https://en.wikipedia.org/wiki/SMTPS) submission, assuming SMTP is used.
|
||||
- Website security standards such as:
|
||||
- [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security)
|
||||
@ -443,7 +470,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w
|
||||
- Bug-bounty programs and/or a coordinated vulnerability-disclosure process.
|
||||
- Website security standards such as:
|
||||
- [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy)
|
||||
- [Expect-CT](https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct)
|
||||
- [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/)
|
||||
|
||||
### Trust
|
||||
|
||||
@ -481,5 +508,3 @@ Must not have any marketing which is irresponsible:
|
||||
### Additional Functionality
|
||||
|
||||
While not strictly requirements, there are some other convenience or privacy factors we looked into when determining which providers to recommend.
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Encryption Software"
|
||||
icon: material/file-lock
|
||||
description: Encryption of data is the only way to control who can access it. These tools allow you to encrypt your emails and any other files.
|
||||
---
|
||||
|
||||
Encryption of data is the only way to control who can access it. If you are currently not using encryption software for your hard disk, emails or files, you should pick an option here.
|
||||
@ -353,5 +354,3 @@ Our best-case criteria represents what we would like to see from the perfect pro
|
||||
|
||||
- Operating System (FDE) encryption apps should utilize hardware security such as a TPM or Secure Enclave.
|
||||
- File encryption apps should have first- or third-party support for mobile platforms.
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "File Sharing and Sync"
|
||||
icon: material/share-variant
|
||||
description: Discover how to privately share your files between your devices, with your friends and family, or anonymously online.
|
||||
---
|
||||
|
||||
Discover how to privately share your files between your devices, with your friends and family, or anonymously online.
|
||||
@ -144,5 +145,3 @@ Our best-case criteria represents what we would like to see from the perfect pro
|
||||
|
||||
- Has mobile clients for iOS and Android, which at least support document previews.
|
||||
- Supports photo backup from iOS and Android, and optionally supports file/folder sync on Android.
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
94
i18n/ar/financial-services.md
Normal file
94
i18n/ar/financial-services.md
Normal file
@ -0,0 +1,94 @@
|
||||
---
|
||||
title: Financial Services
|
||||
icon: material/bank
|
||||
---
|
||||
|
||||
Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases:
|
||||
|
||||
[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button}
|
||||
|
||||
## Payment Masking Services
|
||||
|
||||
There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously.
|
||||
|
||||
!!! tip "Check your current bank"
|
||||
|
||||
Many banks and credit card providers offer native virtual card functionality. If you use one which provides this option already, you should use it over the following recommendations in most cases. That way you are not trusting multiple parties with your personal information.
|
||||
|
||||
### Privacy.com (US)
|
||||
|
||||
!!! recommendation
|
||||
|
||||
![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ align=right }
|
||||
![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ align=right }
|
||||
|
||||
**Privacy.com**'s free plan allows you to create up to 12 virtual cards per month, set spend limits on those cards, and shut off cards instantly. Their paid plan allows you to create up to 36 cards per month, get 1% cash back on purchases, and hide transaction information from your bank.
|
||||
|
||||
[:octicons-home-16: Homepage](https://privacy.com){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=Documentation}
|
||||
|
||||
Privacy.com gives information about the merchants you purchase from to your bank by default. Their paid "discreet merchants" feature hides merchant information from your bank, so your bank only sees that a purchase was made with Privacy.com but not where that money was spent, however that is not foolproof, and of course Privacy.com still has knowledge about the merchants you are spending money with.
|
||||
|
||||
### MySudo (US, Paid)
|
||||
|
||||
!!! recommendation
|
||||
|
||||
![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ align=right }
|
||||
![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right }
|
||||
|
||||
**MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](email.md) for extensive email aliasing use.
|
||||
|
||||
[:octicons-home-16: Homepage](https://mysudo.com/){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation}
|
||||
|
||||
### Criteria
|
||||
|
||||
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
|
||||
|
||||
!!! example "This section is new"
|
||||
|
||||
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
|
||||
|
||||
- Allows the creation of multiple cards which function as a shield between the merchant and your personal finances.
|
||||
- Cards must not require you to provide accurate billing address information to the merchant.
|
||||
|
||||
## Gift Card Marketplaces
|
||||
|
||||
These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](cryptocurrency.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered).
|
||||
|
||||
### Cake Pay
|
||||
|
||||
!!! recommendation
|
||||
|
||||
![CakePay logo](assets/img/financial-services/cakepay.svg){ align=right }
|
||||
|
||||
**Cake Pay** allows you to purchase gift cards and related products with Monero. Purchases for USA merchants are available in the Cake Wallet mobile app, while the Cake Pay web app includes a broad selection of global merchants.
|
||||
|
||||
[:octicons-home-16: Homepage](https://cakepay.com/){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=Documentation}
|
||||
|
||||
### CoinCards
|
||||
|
||||
!!! recommendation
|
||||
|
||||
![CakePay logo](assets/img/financial-services/coincards.svg){ align=right }
|
||||
|
||||
**CoinCards** (available in the US, Canada, and UK) allows you to purchase gift cards for a large variety of merchants.
|
||||
|
||||
[:octicons-home-16: Homepage](https://coincards.com/){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=Documentation}
|
||||
|
||||
### Criteria
|
||||
|
||||
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
|
||||
|
||||
!!! example "This section is new"
|
||||
|
||||
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
|
||||
|
||||
- Accepts payment in [a recommended cryptocurrency](cryptocurrency.md).
|
||||
- No ID requirement.
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Frontends"
|
||||
icon: material/flip-to-front
|
||||
description: These open-source frontends for various internet services allow you to access content without JavaScript or other annoyances.
|
||||
---
|
||||
|
||||
Sometimes services will try to force you to sign up for an account by blocking access to content with annoying popups. They might also break without JavaScript enabled. These frontends can allow you to get around these restrictions.
|
||||
@ -264,5 +265,3 @@ Recommended frontends...
|
||||
We only consider frontends for websites which are...
|
||||
|
||||
- Not normally accessible without JavaScript.
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
@ -40,5 +40,3 @@ Trying to protect all your data from everyone all the time is impractical, expen
|
||||
[:material-hand-coin-outline:](about/donate.md){ title="Support the project" }
|
||||
|
||||
It's important for a website like Privacy Guides to always stay up-to-date. We need our audience to keep an eye on software updates for the applications listed on our site and follow recent news about providers that we recommend. It's hard to keep up with the fast pace of the internet, but we try our best. If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know.
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: KB Archive
|
||||
icon: material/archive
|
||||
description: Some pages that used to be in our knowledge base can now be found on our blog.
|
||||
---
|
||||
|
||||
# Pages Moved to Blog
|
||||
@ -14,5 +15,3 @@ Some pages that used to be in our knowledge base can now be found on our blog:
|
||||
- [Secure Data Erasure](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/)
|
||||
- [Integrating Metadata Removal](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/)
|
||||
- [iOS Configuration Guide](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/)
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
@ -20,5 +20,3 @@ Additional branding guidelines can be found at [github.com/privacyguides/brand](
|
||||
"Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project.
|
||||
|
||||
Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at jonah@privacyguides.org. Consult your legal counsel if you have questions.
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
@ -44,5 +44,3 @@ If you are working on your own branch, run these commands before submitting a PR
|
||||
git fetch origin
|
||||
git rebase origin/main
|
||||
```
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
@ -87,5 +87,3 @@ scour --set-precision=5 \
|
||||
--protect-ids-noninkscape \
|
||||
input.svg output.svg
|
||||
```
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
@ -85,5 +85,3 @@ Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversatio
|
||||
> - “must not” for a prohibition
|
||||
> - “may” for a discretionary action
|
||||
> - “should” for a recommendation
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Mobile Browsers"
|
||||
icon: material/cellphone-information
|
||||
description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone.
|
||||
---
|
||||
|
||||
These are our currently recommended mobile web browsers and configurations for standard/non-anonymous internet browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation.
|
||||
@ -189,5 +190,3 @@ Additional filter lists do slow things down and may increase your attack surface
|
||||
|
||||
- Must not replicate built-in browser or OS functionality.
|
||||
- Must directly impact user privacy, i.e. must not simply provide information.
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Multi-Factor Authenticators"
|
||||
icon: 'material/two-factor-authentication'
|
||||
description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party.
|
||||
---
|
||||
|
||||
## Hardware Security Keys
|
||||
@ -140,5 +141,3 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative
|
||||
- Must not require internet connectivity.
|
||||
- Must not sync to a third-party cloud sync/backup service.
|
||||
- **Optional** E2EE sync support with OS-native tools is acceptable, e.g. encrypted sync via iCloud.
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
@ -1,9 +1,10 @@
|
||||
---
|
||||
title: "News Aggregators"
|
||||
icon: material/rss
|
||||
description: These news aggregator clients let you keep up with your favorite blogs and news sites using internet standards like RSS.
|
||||
---
|
||||
|
||||
A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favourite blogs and news sites.
|
||||
A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favorite blogs and news sites.
|
||||
|
||||
## Aggregator clients
|
||||
|
||||
@ -169,5 +170,3 @@ You can subscribe YouTube channels without logging in and associating usage info
|
||||
```text
|
||||
https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID]
|
||||
```
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Notebooks"
|
||||
icon: material/notebook-edit-outline
|
||||
description: These encrypted note-taking apps let you keep track of your notes without giving them to a third-party.
|
||||
---
|
||||
|
||||
Keep track of your notes and journalings without giving them to a third-party.
|
||||
@ -111,5 +112,3 @@ Cryptee offers 100MB of storage for free, with paid options if you need more. Si
|
||||
|
||||
- Local backup/sync functionality should support encryption.
|
||||
- Cloud-based platforms should support document sharing.
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: Android Overview
|
||||
icon: simple/android
|
||||
description: Android is an open-source operating system with strong security protections, which makes it our top choice for phones.
|
||||
---
|
||||
|
||||
Android is a secure operating system that has strong [app sandboxing](https://source.android.com/security/app-sandbox), [Verified Boot](https://source.android.com/security/verifiedboot) (AVB), and a robust [permission](https://developer.android.com/guide/topics/permissions/overview) control system.
|
||||
@ -53,9 +54,44 @@ It's important to not use an [end-of-life](https://endoflife.date/android) versi
|
||||
|
||||
## Android Permissions
|
||||
|
||||
[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel.
|
||||
[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps.
|
||||
|
||||
Should you want to run an app that you're unsure about, consider using a user or work profile.
|
||||
A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel.
|
||||
|
||||
Android 10:
|
||||
|
||||
- [Scoped Storage](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) gives you more control over your files and can limit what can [access external storage](https://developer.android.com/training/data-storage#permissions). Apps can have a specific directory in external storage as well as the ability to store specific types of media there.
|
||||
- Tighter access on [device location](https://developer.android.com/about/versions/10/privacy/changes#app-access-device-location) by introducing the `ACCESS_BACKGROUND_LOCATION` permission. This prevents apps from accessing the location when running in the background without express permission from the user.
|
||||
|
||||
Android 11:
|
||||
|
||||
- [One-time permissions](https://developer.android.com/about/versions/11/privacy/permissions#one-time) which allows you to grant a permission to an app just once.
|
||||
- [Auto-reset permissions](https://developer.android.com/about/versions/11/privacy/permissions#auto-reset), which resets [runtime permissions](https://developer.android.com/guide/topics/permissions/overview#runtime) that were granted when the app was opened.
|
||||
- Granular permissions for accessing [phone number](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers) related features.
|
||||
|
||||
Android 12:
|
||||
|
||||
- A permission to grant only the [approximate location](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location).
|
||||
- Auto-reset of [hibernated apps](https://developer.android.com/about/versions/12/behavior-changes-12#app-hibernation).
|
||||
- [Data access auditing](https://developer.android.com/about/versions/12/behavior-changes-12#data-access-auditing) which makes it easier to determine what part of an app is performing a specific type of data access.
|
||||
|
||||
Android 13:
|
||||
|
||||
- A permission for [nearby wifi access](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). The MAC addresses of nearby WiFi access points was a popular way for apps to track a user's location.
|
||||
- More [granular media permissions](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions), meaning you can grant access to images, videos or audio files only.
|
||||
- Background use of sensors now requires the [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission) permission.
|
||||
|
||||
An app may request a permission for a specific feature it has. For example, any app that can scan QR codes will require the camera permission. Some apps can request more permissions than they need.
|
||||
|
||||
[Exodus](https://exodus-privacy.eu.org/) can be useful when comparing apps that have similar purposes. If an app requires a lot of permissions and has a lot of advertising and analytics this is probably a bad sign. We recommend looking at the individual trackers and reading their descriptions rather than simply **counting the total** and assuming all items listed are equal.
|
||||
|
||||
!!! warning
|
||||
|
||||
If an app is mostly a web-based service, the tracking may occur on the server side. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) shows "no trackers" but certainly does track users' interests and behavior across the site. Apps may evade detection by not using standard code libraries produced by the advertising industry, though this is unlikely.
|
||||
|
||||
!!! note
|
||||
|
||||
Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics.
|
||||
|
||||
## Media Access
|
||||
|
||||
@ -131,5 +167,3 @@ You will either be given the option to delete your advertising ID or to *Opt out
|
||||
[SafetyNet](https://developer.android.com/training/safetynet/attestation) and the [Play Integrity APIs](https://developer.android.com/google/play/integrity) are generally used for [banking apps](https://grapheneos.org/usage#banking-apps). Many banking apps will work fine in GrapheneOS with sandboxed Play services, however some non-financial apps have their own crude anti-tampering mechanisms which might fail. GrapheneOS passes the `basicIntegrity` check, but not the certification check `ctsProfileMatch`. Devices with Android 8 or later have hardware attestation support which cannot be bypassed without leaked keys or serious vulnerabilities.
|
||||
|
||||
As for Google Wallet, we don't recommend this due to their [privacy policy](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), which states you must opt-out if you don't want your credit rating and personal information shared with affiliate marketing services.
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
@ -1,9 +1,10 @@
|
||||
---
|
||||
title: Linux Overview
|
||||
icon: simple/linux
|
||||
description: Linux is an open-source, privacy-focused desktop operating system alternative, but not all distribitions are created equal.
|
||||
---
|
||||
|
||||
It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigour applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years.
|
||||
It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigor applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years.
|
||||
|
||||
At the moment, desktop Linux does have some areas that could be better improved when compared to their proprietary counterparts, e.g.:
|
||||
|
||||
@ -139,5 +140,3 @@ The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Co
|
||||
This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer.
|
||||
|
||||
openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file.
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Qubes Overview"
|
||||
icon: simple/qubesos
|
||||
description: Qubes is an operating system built around isolating apps within virtual machines for heightened security.
|
||||
---
|
||||
|
||||
[**Qubes OS**](../desktop.md#qubes-os) is an operating system which uses the [Xen](https://en.wikipedia.org/wiki/Xen) hypervisor to provide strong security for desktop computing through isolated virtual machines. Each VM is called a *Qube* and you can assign each Qube a level of trust based on its purpose. As Qubes OS provides security by using isolation, and only permitting actions on a per case basis, it is the opposite of [badness enumeration](https://www.ranum.com/security/computer_security/editorials/dumb/).
|
||||
@ -52,5 +53,3 @@ For additional information we encourage you to consult the extensive Qubes OS do
|
||||
- J. Rutkowska: [*Software compartmentalization vs. physical separation*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf)
|
||||
- J. Rutkowska: [*Partitioning my digital life into security domains*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html)
|
||||
- Qubes OS: [*Related Articles*](https://www.qubes-os.org/news/categories/#articles)
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Password Managers"
|
||||
icon: material/form-textbox-password
|
||||
description: Password managers allow you to securely store and manage passwords and other credentials.
|
||||
---
|
||||
|
||||
Password managers allow you to securely store and manage passwords and other credentials with the use of a master password.
|
||||
@ -226,5 +227,3 @@ These products are minimal password managers that can be used within scripting a
|
||||
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
|
||||
|
||||
- Must be cross-platform.
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Productivity Tools"
|
||||
icon: material/file-sign
|
||||
description: Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do.
|
||||
---
|
||||
|
||||
Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. The privacy policy may legally protect your rights, but it does not provide technical access constraints.
|
||||
@ -152,5 +153,3 @@ In general, we define office suites as applications which could reasonably act a
|
||||
[:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Public Instances"}
|
||||
[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
|
||||
[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Real-Time Communication"
|
||||
icon: material/chat-processing
|
||||
description: Other instant messengers make all of your private conversations available to the company that runs them.
|
||||
---
|
||||
|
||||
These are our recommendations for encrypted real-time communication.
|
||||
@ -191,5 +192,3 @@ Our best-case criteria represents what we would like to see from the perfect pro
|
||||
- Should be decentralized, i.e. federated or P2P.
|
||||
- Should use E2EE for all messages by default.
|
||||
- Should support Linux, macOS, Windows, Android, and iOS.
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Router Firmware"
|
||||
icon: material/router-wireless
|
||||
description: These alternative operating systems can be used to secure your router or Wi-Fi access point.
|
||||
---
|
||||
|
||||
Below are a few alternative operating systems, that can be used on routers, Wi-Fi access points, etc.
|
||||
@ -47,5 +48,3 @@ OPNsense was originally developed as a fork of [pfSense](https://en.wikipedia.or
|
||||
- Must be open source.
|
||||
- Must receive regular updates.
|
||||
- Must support a wide variety of hardware.
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Search Engines"
|
||||
icon: material/search-web
|
||||
description: These privacy-respecting search engines don't build an advertising profile based on your searches.
|
||||
---
|
||||
|
||||
Use a search engine that doesn't build an advertising profile based on your searches.
|
||||
@ -105,5 +106,3 @@ Our best-case criteria represents what we would like to see from the perfect pro
|
||||
|
||||
- Should be based on open-source software.
|
||||
- Should not block Tor exit node IP addresses.
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
@ -3,6 +3,7 @@ title: "Privacy Tools"
|
||||
icon: material/tools
|
||||
hide:
|
||||
- toc
|
||||
description: Privacy Guides is the most transparent and reliable website for finding software, apps, and services that protect your personal data from mass surveillance programs and other internet threats.
|
||||
---
|
||||
|
||||
If you're looking for a specific solution to something, these are the hardware and software tools we recommend in a variety of categories. Our recommended privacy tools are primarily chosen based on security features, with additional emphasis on decentralized and open-source tools. They are applicable to a variety of threat models ranging from protection against global mass surveillance programs and avoiding big tech companies to mitigating attacks, but only you can determine what will work best for your needs.
|
||||
@ -84,7 +85,7 @@ For more details about each project, why they were chosen, and additional tips o
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- ![Aurora Store logo](/assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store)
|
||||
- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store)
|
||||
- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter)
|
||||
- ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor)
|
||||
- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera)
|
||||
@ -199,6 +200,29 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
|
||||
|
||||
[Learn more :material-arrow-right-drop-circle:](email.md#self-hosting-email)
|
||||
|
||||
### Financial Services
|
||||
|
||||
#### Payment Masking Services
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us-free)
|
||||
- ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid)
|
||||
</div>
|
||||
|
||||
[Learn more :material-arrow-right-drop-circle:](financial-services.md#payment-masking-services)
|
||||
|
||||
#### Online Gift Card Marketplaces
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- ![Cake Pay logo](assets/img/financial-services/cakepay.svg){ .twemoji } [Cake Pay](financial-services.md#cake-pay)
|
||||
- ![CoinCards logo](assets/img/financial-services/coincards.svg){ .twemoji } [CoinCards](financial-services.md#coincards)
|
||||
|
||||
</div>
|
||||
|
||||
[Learn more :material-arrow-right-drop-circle:](financial-services.md#gift-card-marketplaces)
|
||||
|
||||
### Search Engines
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
@ -226,9 +250,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn)
|
||||
- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn)
|
||||
- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad)
|
||||
- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn)
|
||||
|
||||
</div>
|
||||
|
||||
@ -247,6 +271,16 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
|
||||
|
||||
[Learn more :material-arrow-right-drop-circle:](calendar.md)
|
||||
|
||||
### Cryptocurrency
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- ![Monero logo](assets/img/cryptocurrency/monero.svg){ .twemoji }[Monero](cryptocurrency.md#monero)
|
||||
|
||||
</div>
|
||||
|
||||
[Learn more :material-arrow-right-drop-circle:](cryptocurrency.md)
|
||||
|
||||
### Data and Metadata Redaction
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
@ -439,5 +473,3 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
|
||||
</div>
|
||||
|
||||
[Learn more :material-arrow-right-drop-circle:](video-streaming.md)
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Tor Network"
|
||||
icon: simple/torproject
|
||||
description: Protect your internet browsing from prying eyes by using the Tor network, a secure network which circumvents censorship.
|
||||
---
|
||||
|
||||
![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right }
|
||||
@ -15,13 +16,7 @@ The **Tor** network is a group of volunteer-operated servers that allows you to
|
||||
|
||||
Tor works by routing your internet traffic through those volunteer-operated servers, instead of making a direct connection to the site you're trying to visit. This obfuscates where the traffic is coming from, and no server in the connection path is able to see the full path of where the traffic is coming from and going to, meaning even the servers you are using to connect cannot break your anonymity.
|
||||
|
||||
<figure markdown>
|
||||
![Tor path](assets/img/how-tor-works/tor-path.svg#only-light)
|
||||
![Tor path](assets/img/how-tor-works/tor-path-dark.svg#only-dark)
|
||||
<figcaption>Tor circuit pathway - Nodes in the path can only see the servers they are directly connected to, for example the "Entry" node shown can see your IP address, and the address of the "Middle" node, but has no way to see which website you are visiting.</figcaption>
|
||||
</figure>
|
||||
|
||||
- [More information about how Tor works :material-arrow-right-drop-circle:](advanced/tor-overview.md)
|
||||
[Detailed Tor Overview :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button}
|
||||
|
||||
## Connecting to Tor
|
||||
|
||||
@ -120,5 +115,3 @@ For resistance against traffic analysis attacks, consider enabling *Isolate Dest
|
||||
Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours.
|
||||
|
||||
Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Video Streaming"
|
||||
icon: material/video-wireless
|
||||
description: These networks allow you to stream internet content without building an advertising profile based on your interests.
|
||||
---
|
||||
|
||||
The primary threat when using a video streaming platform is that your streaming habits and subscription lists could be used to profile you. You should combine these tools with a [VPN](vpn.md) or [Tor](https://www.torproject.org/) to make it harder to profile your usage.
|
||||
@ -48,5 +49,3 @@ You can disable *Save hosting data to help the LBRY network* option in :gear: **
|
||||
|
||||
- Must not require a centralized account to view videos.
|
||||
- Decentralized authentication, such as via a mobile wallet's private key is acceptable.
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
248
i18n/ar/vpn.md
248
i18n/ar/vpn.md
@ -1,11 +1,20 @@
|
||||
---
|
||||
title: "VPN Services"
|
||||
icon: material/vpn
|
||||
description: These are the best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you.
|
||||
---
|
||||
|
||||
Find a no-logging VPN operator who isn’t out to sell or read your web traffic.
|
||||
If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. We think these providers are a cut above the rest:
|
||||
|
||||
??? danger "VPNs do not provide anonymity"
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn)
|
||||
- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad)
|
||||
- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn)
|
||||
|
||||
</div>
|
||||
|
||||
!!! danger "VPNs do not provide anonymity"
|
||||
|
||||
Using a VPN will **not** keep your browsing habits anonymous, nor will it add additional security to non-secure (HTTP) traffic.
|
||||
|
||||
@ -15,80 +24,11 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic.
|
||||
|
||||
[Download Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Tor Myths & FAQ](advanced/tor-overview.md){ .md-button }
|
||||
|
||||
??? question "When are VPNs useful?"
|
||||
|
||||
If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved.
|
||||
|
||||
[More Info](basics/vpn-overview.md){ .md-button }
|
||||
[Detailed VPN Overview :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button}
|
||||
|
||||
## Recommended Providers
|
||||
|
||||
!!! abstract "Criteria"
|
||||
|
||||
Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#our-criteria) for more information.
|
||||
|
||||
### Proton VPN
|
||||
|
||||
!!! recommendation annotate
|
||||
|
||||
![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right }
|
||||
|
||||
**Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option.
|
||||
|
||||
[:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation}
|
||||
[:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" }
|
||||
|
||||
??? downloads
|
||||
|
||||
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android)
|
||||
- [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085)
|
||||
- [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases)
|
||||
- [:simple-windows11: Windows](https://protonvpn.com/download-windows)
|
||||
- [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/)
|
||||
|
||||
??? success annotate "67 Countries"
|
||||
|
||||
Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
|
||||
|
||||
We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).
|
||||
|
||||
1. Last checked: 2022-09-16
|
||||
|
||||
??? success "Independently Audited"
|
||||
|
||||
As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com).
|
||||
|
||||
??? success "Open-Source Clients"
|
||||
|
||||
Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN).
|
||||
|
||||
??? success "Accepts Cash"
|
||||
|
||||
Proton VPN, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, and **cash/local currency** as anonymous forms of payment.
|
||||
|
||||
??? success "WireGuard Support"
|
||||
|
||||
Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant.
|
||||
|
||||
Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app.
|
||||
|
||||
??? warning "Remote Port Forwarding"
|
||||
|
||||
Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients.
|
||||
|
||||
??? success "Mobile Clients"
|
||||
|
||||
In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers.
|
||||
|
||||
??? info "Additional Functionality"
|
||||
|
||||
Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose.
|
||||
|
||||
!!! danger "Killswitch feature is broken on Intel-based Macs"
|
||||
|
||||
System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service.
|
||||
Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#criteria) for more information.
|
||||
|
||||
### IVPN
|
||||
|
||||
@ -111,43 +51,44 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic.
|
||||
- [:simple-apple: macOS](https://www.ivpn.net/apps-macos/)
|
||||
- [:simple-linux: Linux](https://www.ivpn.net/apps-linux/)
|
||||
|
||||
??? success annotate "35 Countries"
|
||||
#### :material-check:{ .pg-green } 35 Countries
|
||||
|
||||
IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
|
||||
|
||||
We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).
|
||||
IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
|
||||
{ .annotate }
|
||||
|
||||
1. Last checked: 2022-09-16
|
||||
|
||||
??? success "Independently Audited"
|
||||
We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).
|
||||
|
||||
IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf).
|
||||
#### :material-check:{ .pg-green } Independently Audited
|
||||
|
||||
??? success "Open-Source Clients"
|
||||
IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf).
|
||||
|
||||
As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn).
|
||||
#### :material-check:{ .pg-green } Open-Source Clients
|
||||
|
||||
??? success "Accepts Cash and Monero"
|
||||
As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn).
|
||||
|
||||
In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment.
|
||||
#### :material-check:{ .pg-green } Accepts Cash and Monero
|
||||
|
||||
??? success "WireGuard Support"
|
||||
In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment.
|
||||
|
||||
IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant.
|
||||
#### :material-check:{ .pg-green } WireGuard Support
|
||||
|
||||
IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/).
|
||||
IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant.
|
||||
|
||||
??? success "Remote Port Forwarding"
|
||||
IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/).
|
||||
|
||||
Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html).
|
||||
#### :material-check:{ .pg-green } Remote Port Forwarding
|
||||
|
||||
??? success "Mobile Clients"
|
||||
Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html).
|
||||
|
||||
In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers.
|
||||
#### :material-check:{ .pg-green } Mobile Clients
|
||||
|
||||
??? info "Additional Functionality"
|
||||
In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers.
|
||||
|
||||
IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
|
||||
#### :material-information-outline:{ .pg-blue } Additional Functionality
|
||||
|
||||
IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
|
||||
|
||||
### Mullvad
|
||||
|
||||
@ -172,55 +113,120 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic.
|
||||
- [:simple-apple: macOS](https://mullvad.net/en/download/macos/)
|
||||
- [:simple-linux: Linux](https://mullvad.net/en/download/linux/)
|
||||
|
||||
??? success annotate "41 Countries"
|
||||
#### :material-check:{ .pg-green } 41 Countries
|
||||
|
||||
Mullvad has [servers in 41 countries](https://mullvad.net/servers/) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
|
||||
|
||||
We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).
|
||||
Mullvad has [servers in 41 countries](https://mullvad.net/servers/).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
|
||||
{ .annotate }
|
||||
|
||||
1. Last checked: 2023-01-19
|
||||
|
||||
??? success "Independently Audited"
|
||||
We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).
|
||||
|
||||
Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded:
|
||||
#### :material-check:{ .pg-green } Independently Audited
|
||||
|
||||
> Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint.
|
||||
Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded:
|
||||
|
||||
In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website:
|
||||
> Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint.
|
||||
|
||||
> The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks.
|
||||
In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website:
|
||||
|
||||
In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf).
|
||||
> The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks.
|
||||
|
||||
??? success "Open-Source Clients"
|
||||
In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf).
|
||||
|
||||
Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app).
|
||||
#### :material-check:{ .pg-green } Open-Source Clients
|
||||
|
||||
??? success "Accepts Cash and Monero"
|
||||
Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app).
|
||||
|
||||
Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers.
|
||||
#### :material-check:{ .pg-green } Accepts Cash and Monero
|
||||
|
||||
??? success "WireGuard Support"
|
||||
Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers.
|
||||
|
||||
Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant.
|
||||
#### :material-check:{ .pg-green } WireGuard Support
|
||||
|
||||
Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/).
|
||||
Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant.
|
||||
|
||||
??? success "IPv6 Support"
|
||||
Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/).
|
||||
|
||||
Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections.
|
||||
#### :material-check:{ .pg-green } IPv6 Support
|
||||
|
||||
??? success "Remote Port Forwarding"
|
||||
Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections.
|
||||
|
||||
Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information.
|
||||
#### :material-check:{ .pg-green } Remote Port Forwarding
|
||||
|
||||
??? success "Mobile Clients"
|
||||
Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information.
|
||||
|
||||
Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases).
|
||||
#### :material-check:{ .pg-green } Mobile Clients
|
||||
|
||||
??? info "Additional Functionality"
|
||||
Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases).
|
||||
|
||||
Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion).
|
||||
#### :material-information-outline:{ .pg-blue } Additional Functionality
|
||||
|
||||
Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion).
|
||||
|
||||
### Proton VPN
|
||||
|
||||
!!! recommendation annotate
|
||||
|
||||
![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right }
|
||||
|
||||
**Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option.
|
||||
|
||||
[:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation}
|
||||
[:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" }
|
||||
|
||||
??? downloads
|
||||
|
||||
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android)
|
||||
- [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085)
|
||||
- [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases)
|
||||
- [:simple-windows11: Windows](https://protonvpn.com/download-windows)
|
||||
- [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/)
|
||||
|
||||
#### :material-check:{ .pg-green } 67 Countries
|
||||
|
||||
Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
|
||||
{ .annotate }
|
||||
|
||||
1. Last checked: 2022-09-16
|
||||
|
||||
We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).
|
||||
|
||||
#### :material-check:{ .pg-green } Independently Audited
|
||||
|
||||
As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com).
|
||||
|
||||
#### :material-check:{ .pg-green } Open-Source Clients
|
||||
|
||||
Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN).
|
||||
|
||||
#### :material-check:{ .pg-green } Accepts Cash
|
||||
|
||||
Proton VPN, in addition to accepting credit/debit cards, PayPal, and [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), also accepts **cash/local currency** as an anonymous form of payment.
|
||||
|
||||
#### :material-check:{ .pg-green } WireGuard Support
|
||||
|
||||
Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant.
|
||||
|
||||
Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app.
|
||||
|
||||
#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding
|
||||
|
||||
Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients.
|
||||
|
||||
#### :material-check:{ .pg-green } Mobile Clients
|
||||
|
||||
In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers.
|
||||
|
||||
#### :material-information-outline:{ .pg-blue } Additional Functionality
|
||||
|
||||
Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose.
|
||||
|
||||
#### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs
|
||||
|
||||
System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service.
|
||||
|
||||
## Criteria
|
||||
|
||||
@ -255,13 +261,13 @@ We prefer our recommended providers to collect as little data as possible. Not c
|
||||
|
||||
**Minimum to Qualify:**
|
||||
|
||||
- Monero or cash payment option.
|
||||
- [Anonymous cryptocurrency](cryptocurrency.md) **or** cash payment option.
|
||||
- No personal information required to register: Only username, password, and email at most.
|
||||
|
||||
**Best Case:**
|
||||
|
||||
- Accepts Monero, cash, and other forms of anonymous payment options (gift cards, etc.)
|
||||
- No personal information accepted (autogenerated username, no email required, etc.)
|
||||
- Accepts multiple [anonymous payment options](advanced/payments.md).
|
||||
- No personal information accepted (autogenerated username, no email required, etc.).
|
||||
|
||||
### Security
|
||||
|
||||
@ -319,5 +325,3 @@ Responsible marketing that is both educational and useful to the consumer could
|
||||
### Additional Functionality
|
||||
|
||||
While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include adblocking/tracker-blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc.
|
||||
|
||||
--8<-- "includes/abbreviations.ar.txt"
|
||||
|
@ -1,6 +1,10 @@
|
||||
---
|
||||
hide:
|
||||
- feedback
|
||||
meta:
|
||||
-
|
||||
property: "robots"
|
||||
content: "noindex, nofollow"
|
||||
---
|
||||
|
||||
# 404 - Not Found
|
||||
@ -13,5 +17,3 @@ We couldn't find the page you were looking for! Maybe you were looking for one o
|
||||
- [Best VPN Providers](vpn.md)
|
||||
- [Privacy Guides Forum](https://discuss.privacyguides.net)
|
||||
- [Our Blog](https://blog.privacyguides.org)
|
||||
|
||||
--8<-- "includes/abbreviations.bn.txt"
|
||||
|
@ -38,5 +38,3 @@ We have these requirements in regard to developers which wish to submit their pr
|
||||
|
||||
- Must state what the exact threat model is with their project.
|
||||
- It should be clear to potential users what the project can provide, and what it cannot.
|
||||
|
||||
--8<-- "includes/abbreviations.bn.txt"
|
||||
|
@ -48,5 +48,3 @@ We host [internet services](https://privacyguides.net) for testing and showcasin
|
||||
We occasionally purchase products and services for the purposes of testing our [recommended tools](../tools.md).
|
||||
|
||||
We are still working with our fiscal host (the Open Collective Foundation) to receive cryptocurrency donations, at the moment the accounting is unfeasible for many smaller transactions, but this should change in the future. In the meantime, if you wish to make a sizable (> $100) cryptocurrency donation, please reach out to [jonah@privacyguides.org](mailto:jonah@privacyguides.org).
|
||||
|
||||
--8<-- "includes/abbreviations.bn.txt"
|
||||
|
@ -1,10 +1,38 @@
|
||||
---
|
||||
template: schema.html
|
||||
title: "About Privacy Guides"
|
||||
description: Privacy Guides is a socially motivated website that provides information for protecting your data security and privacy.
|
||||
---
|
||||
|
||||
**Privacy Guides** is a socially motivated website that provides information for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors.
|
||||
![Privacy Guides logo](../assets/brand/png/square/pg-yellow.png){ align=right }
|
||||
|
||||
[:material-hand-coin-outline: Support the project](donate.md ""){.md-button.md-button--primary}
|
||||
**Privacy Guides** is a socially motivated website that provides [information](/kb) for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. Our website is free of advertisements and not affiliated with any listed providers.
|
||||
|
||||
[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title=Homepage }
|
||||
[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" }
|
||||
[:octicons-heart-16:](donate.md){ .card-link title=Contribute }
|
||||
|
||||
The purpose of Privacy Guides is to educate our community on the importance of privacy online and government programs internationally that are designed to monitor all of your online activities.
|
||||
|
||||
> To find [privacy-focused alternative] apps, check out sites like Good Reports and **Privacy Guides**, which list privacy-focused apps in a variety of categories, notably including email providers (usually on paid plans) that aren’t run by the big tech companies.
|
||||
|
||||
— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/)
|
||||
|
||||
> If you're looking for a new VPN, you can go to the discount code of just about any podcast. If you are looking for a **good** VPN, you need professional help. The same goes for email clients, browsers, operating systems and password managers. How do you know which of these is the best, most privacy-friendly option? For that there is **Privacy Guides**, a platform on which a number of volunteers search day in, day out for the best privacy-friendly tools to use on the internet.
|
||||
|
||||
— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [Translated from Dutch]
|
||||
|
||||
Also featured on: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], and [Wired](https://www.wired.com/story/firefox-mozilla-2022/).
|
||||
|
||||
## History
|
||||
|
||||
Privacy Guides was launched in September 2021 as a continuation of the [defunct](privacytools.md) "PrivacyTools" open-source educational project. We recognized the importance of independent, criteria-focused product recommendations and general knowledge in the privacy space, which is why we needed to preserve the work that had been created by so many contributors since 2015 and make sure that information had a stable home on the web indefinitely.
|
||||
|
||||
In 2022, we completed the transition of our main website framework from Jekyll to MkDocs, using the `mkdocs-material` documentation software. This change made open-source contributions to our site significantly easier for outsiders, because instead of needing to know complicated syntax to write posts effectively, contributing is now as easy as writing a standard Markdown document.
|
||||
|
||||
We additionally launched our new discussion forum at [discuss.privacyguides.net](https://discuss.privacyguides.net/) as a community platform to share ideas and ask questions about our mission. This augments our existing community on Matrix, and replaced our previous GitHub Discussions platform, decreasing our reliance on proprietary discussion platforms.
|
||||
|
||||
So far in 2023 we've launched international translations of our website in [French](/fr/), [Hebrew](/he/), and [Dutch](/nl/), with more languages on the way, made possible by our excellent translation team on [Crowdin](https://crowdin.com/project/privacyguides). We plan to continue carrying forward our mission of outreach and education, and finding ways to more clearly highlight the dangers of a lack of privacy awareness in the modern digital age, and the prevalence and harms of security breaches across the technology industry.
|
||||
|
||||
## Our Team
|
||||
|
||||
@ -48,9 +76,9 @@ title: "About Privacy Guides"
|
||||
- [:simple-github: GitHub](https://github.com/hook9 "@hook9")
|
||||
- [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me}
|
||||
|
||||
Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub!
|
||||
Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides).
|
||||
|
||||
Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax deductible in the United States.
|
||||
Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax-deductible in the United States.
|
||||
|
||||
## Site License
|
||||
|
||||
@ -59,5 +87,3 @@ Our team members review all changes made to the website and handle administrativ
|
||||
:fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Unless otherwise noted, the original content on this website is made available under the [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). This means that you are free to copy and redistribute the material in any medium or format for any purpose, even commercially; as long as you give appropriate credit to `Privacy Guides (www.privacyguides.org)` and provide a link to the license. You may do so in any reasonable manner, but not in any way that suggests Privacy Guides endorses you or your use. If you remix, transform, or build upon the content of this website, you may not distribute the modified material.
|
||||
|
||||
This license is in place to prevent people from sharing our work without giving proper credit, and to prevent people from modifying our work in a way that could be used to mislead people. If you find the terms of this license too restrictive for the project you're working on, please reach out to us at `jonah@privacyguides.org`. We are happy to provide alternative licensing options for well-intentioned projects in the privacy space!
|
||||
|
||||
--8<-- "includes/abbreviations.bn.txt"
|
||||
|
@ -41,5 +41,3 @@ You must not conduct any systematic or automated data collection activities on o
|
||||
* Scraping
|
||||
* Data Mining
|
||||
* 'Framing' (IFrames)
|
||||
|
||||
--8<-- "includes/abbreviations.bn.txt"
|
||||
|
@ -59,5 +59,3 @@ For complaints under GDPR more generally, you may lodge complaints with your loc
|
||||
We will post any new versions of this statement [here](privacy-policy.md). We may change how we announce changes in future versions of this document. In the meantime we may update our contact information at any time without announcing a change. Please refer to the [Privacy Policy](privacy-policy.md) for the latest contact information at any time.
|
||||
|
||||
A full revision [history](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) of this page can be found on GitHub.
|
||||
|
||||
--8<-- "includes/abbreviations.bn.txt"
|
||||
|
@ -116,5 +116,3 @@ This topic has been discussed extensively within our communities in various loca
|
||||
- [Apr 2, 2022 response by u/dng99 to PrivacyTools' accusatory blog post](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/)
|
||||
- [May 16, 2022 response by @TommyTran732 on Twitter](https://twitter.com/TommyTran732/status/1526153497984618496)
|
||||
- [Sep 3, 2022 post on Techlore's forum by @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20)
|
||||
|
||||
--8<-- "includes/abbreviations.bn.txt"
|
||||
|
@ -36,5 +36,3 @@ We run a number of web services to test out features and promote cool decentrali
|
||||
- Availability: Semi-Public
|
||||
We host Invidious primarily to serve embedded YouTube videos on our website, this instance is not intended for general-purpose use and may be limited at any time.
|
||||
- Source: [github.com/iv-org/invidious](https://github.com/iv-org/invidious)
|
||||
|
||||
--8<-- "includes/abbreviations.bn.txt"
|
||||
|
@ -59,5 +59,3 @@ title: Traffic Statistics
|
||||
})
|
||||
})
|
||||
</script>
|
||||
|
||||
--8<-- "includes/abbreviations.bn.txt"
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Types of Communication Networks"
|
||||
icon: 'material/transit-connection-variant'
|
||||
description: An overview of several network architectures commonly used by instant messaging applications.
|
||||
---
|
||||
|
||||
There are several network architectures commonly used to relay messages between people. These networks can provide different privacy guarantees, which is why it's worth considering your [threat model](../basics/threat-modeling.md) when deciding which app to use.
|
||||
@ -100,5 +101,3 @@ Self-hosting a node in an anonymous routing network does not provide the hoster
|
||||
- Less reliable if nodes are selected by randomized routing, some nodes may be very far from the sender and receiver, adding latency or even failing to transmit messages if one of the nodes goes offline.
|
||||
- More complex to get started, as the creation and secured backup of a cryptographic private key is required.
|
||||
- Just like other decentralized platforms, adding features is more complex for developers than on a centralized platform. Hence, features may be lacking or incompletely implemented, such as offline message relaying or message deletion.
|
||||
|
||||
--8<-- "includes/abbreviations.bn.txt"
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "DNS Overview"
|
||||
icon: material/dns
|
||||
description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for.
|
||||
---
|
||||
|
||||
The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers.
|
||||
@ -303,5 +304,3 @@ The [EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) is a
|
||||
It's intended to "speed up" delivery of data by giving the client an answer that belongs to a server that is close to them such as a [content delivery network](https://en.wikipedia.org/wiki/Content_delivery_network), which are often used in video streaming and serving JavaScript web apps.
|
||||
|
||||
This feature does come at a privacy cost, as it tells the DNS server some information about the client's location.
|
||||
|
||||
--8<-- "includes/abbreviations.bn.txt"
|
||||
|
84
i18n/bn/advanced/payments.md
Normal file
84
i18n/bn/advanced/payments.md
Normal file
@ -0,0 +1,84 @@
|
||||
---
|
||||
title: Private Payments
|
||||
icon: material/hand-coin
|
||||
---
|
||||
|
||||
There's a reason data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately.
|
||||
|
||||
## Cash
|
||||
|
||||
For centuries, **cash** has functioned as the primary form of private payment. Cash has excellent privacy properties in most cases, is widely accepted in most countries, and is **fungible**, meaning it is non-unique and completely interchangable.
|
||||
|
||||
Cash payment laws vary by country. In the United States, special disclosure is required for cash payments over $10,000 to the IRS on [Form 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). The receiving business is required to ID verify the payee’s name, address, occupation, date of birth, and Social Security Number or other TIN (with some exceptions). Lower limits without ID such as $3,000 or less exist for exchanges and money transmission. Cash also contains serial numbers. These are almost never tracked by merchants, but they can be used by law enforcement in targeted investigations.
|
||||
|
||||
Despite this, it’s typically the best option.
|
||||
|
||||
## Prepaid Cards & Gift Cards
|
||||
|
||||
It’s relatively simple to purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually don’t have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout to reduce fraud.
|
||||
|
||||
Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (eg: from Visa or Mastercard) usually have limits of up to $1,000 per card.
|
||||
|
||||
Gift cards have the downside of being subject to merchant policies, which can have terrible terms and restrictions. For example, some merchants don’t accept payment in gift cards exclusively, or they may cancel the value of the card if they consider you to be a high-risk user. Once you have merchant credit, the merchant has a strong degree of control over this credit.
|
||||
|
||||
Prepaid cards don’t allow cash withdrawals from ATMs or “peer-to-peer” payments in Venmo and similar apps.
|
||||
|
||||
Cash remains the best option for in-person purchases for most people. Gift cards can be useful for the savings they bring. Prepaid cards can be useful for places that don’t accept cash. Gift cards and prepaid cards are easier to use online than cash, and they are easier to acquire with cryptocurrencies than cash.
|
||||
|
||||
### Online Marketplaces
|
||||
|
||||
If you have [cryptocurrency](../cryptocurrency.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered).
|
||||
|
||||
When buying gift cards online, there is usually a slight discount. Prepaid cards are usually sold online at face value or with a fee. If you buy prepaid cards and gift cards with cryptocurrencies, you should strongly prefer to pay with Monero which provides strong privacy, more on this below. Paying for a gift card with a traceable payment method negates the benefits a gift card can provide when purchased with cash or Monero.
|
||||
|
||||
- [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces)
|
||||
|
||||
## Virtual Cards
|
||||
|
||||
Another way to protect your information from merchants online is to use virtual, single-use cards which mask your actual banking or billing information. This is primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft. They do **not** assist you in making a purchase completely anonymously, nor do they hide any information from the banking institution themselves. Regular financial institutions which offer virtual cards are subject to "Know Your Customer" (KYC) laws, meaning they may require your ID or other identifying information.
|
||||
|
||||
- [Recommended Payment Masking Services :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services)
|
||||
|
||||
These tend to be good options for recurring/subscription payments online, while prepaid gift cards are preferred for one-time transactions.
|
||||
|
||||
## Cryptocurrency
|
||||
|
||||
Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a public blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly at any time. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose.
|
||||
|
||||
!!! danger
|
||||
|
||||
The vast majority of cryptocurrencies operate on a **public** blockchain, meaning that every transaction is public knowledge. This includes even most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity.
|
||||
|
||||
Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust.
|
||||
|
||||
### Privacy Coins
|
||||
|
||||
There are a number of cryptocurrency projects which purport to provide privacy by making transactions anonymous. We recommend using one which provides transaction anonymity **by default** to avoid operational errors.
|
||||
|
||||
- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../cryptocurrency.md#coins)
|
||||
|
||||
Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can break Bitcoin Lightning Network and/or Monero's transaction privacy. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million for tools which purport to do so (it is unknown which cryptocurrency network these tools target). Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins only succeed in thwarting mass surveillance.
|
||||
|
||||
### Other Coins (Bitcoin, Ethereum, etc.)
|
||||
|
||||
The vast majority of cryptocurrency projects use a public blockchain, meaning that all transactions are both easily traceable and permanent. As such, we strongly discourage the use of most cryptocurrency for privacy-related reasons.
|
||||
|
||||
Anonymous transactions on a public blockchain are *theoretically* possible, and the Bitcoin wiki [gives one example of a "completely anonymous" transaction](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). However, doing so requires a complicated setup involving Tor and "solo-mining" a block to generate completely independent cryptocurrency, a practice which has not been practical for nearly any enthusiast for many years.
|
||||
|
||||
==Your best option is to avoid these cryptocurrencies entirely and stick with one which provides privacy by default.== Attempting to use other cryptocurrency is outside the scope of this site and strongly discouraged.
|
||||
|
||||
### Wallet Custody
|
||||
|
||||
With cryptocurrency there are two forms of wallets: custodial wallets and noncustodial wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Noncustodial wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, noncustodial wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies.
|
||||
|
||||
### Acquisition
|
||||
|
||||
Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces like [LocalMonero](https://localmonero.co/), a platform which facilitates trades between people, are one option that can be used. If using an exchange which requires KYC is an acceptable risk for you as long as subsequent transactions can't be traced, a much easier option is to purchase Monero on an exchange like [Kraken](https://kraken.com/), or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own noncustodial wallet to use privately from that point forward.
|
||||
|
||||
If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall.
|
||||
|
||||
## Additional Considerations
|
||||
|
||||
When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself.
|
||||
|
||||
When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address.
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Tor Overview"
|
||||
icon: 'simple/torproject'
|
||||
description: Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible.
|
||||
---
|
||||
|
||||
Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications.
|
||||
@ -74,8 +75,6 @@ If you wish to use Tor for browsing the web, we only recommend the **official**
|
||||
- [How Tor Works - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) <small>(YouTube)</small>
|
||||
- [Tor Onion Services - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) <small>(YouTube)</small>
|
||||
|
||||
--8<-- "includes/abbreviations.bn.txt"
|
||||
|
||||
[^1]: The first relay in your circuit is called an "entry guard" or "guard". It is a fast and stable relay that remains the first one in your circuit for 2-3 months in order to protect against a known anonymity-breaking attack. The rest of your circuit changes with every new website you visit, and all together these relays provide the full privacy protections of Tor. For more information on how guard relays work, see this [blog post](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) and [paper](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) on entry guards. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/))
|
||||
|
||||
[^2]: Relay flag: a special (dis-)qualification of relays for circuit positions (for example, "Guard", "Exit", "BadExit"), circuit properties (for example, "Fast", "Stable"), or roles (for example, "Authority", "HSDir"), as assigned by the directory authorities and further defined in the directory protocol specification. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html))
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "অ্যান্ড্রয়েড"
|
||||
icon: 'ফন্টঅ্যাওসাম/ ব্র্যান্ড / অ্যান্ড্রয়েড'
|
||||
description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
|
||||
---
|
||||
|
||||
![Android logo](assets/img/android/android.svg){ align=right }
|
||||
@ -13,8 +14,9 @@ The **Android Open Source Project** is an open-source mobile operating system le
|
||||
|
||||
These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. রেকমেন্ডেশন
|
||||
|
||||
- [সাধারণ অ্যান্ড্রয়েড ওভারভিউ এবং সুপারিশ :hero-arrow-circle-right-fill:](os/android-overview.md)
|
||||
- [আমরা কেন GrapheneOS এর বদলে CalyxOS এর সুপারিশ করি :hero-arrow-circle-right-fill:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/)
|
||||
[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button}
|
||||
|
||||
[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button}
|
||||
|
||||
## AOSP এর ডেরিভেটিভস্
|
||||
|
||||
@ -349,5 +351,3 @@ That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](htt
|
||||
- Applications on this page must not be applicable to any other software category on the site.
|
||||
- General applications should extend or replace core system functionality.
|
||||
- Applications should receive regular updates and maintenance.
|
||||
|
||||
--8<-- "includes/abbreviations.bn.txt"
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Account Creation"
|
||||
icon: 'material/account-plus'
|
||||
description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private.
|
||||
---
|
||||
|
||||
Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line.
|
||||
@ -78,5 +79,3 @@ In many cases you will need to provide a number that you can receive SMS or call
|
||||
### Username and password
|
||||
|
||||
Some services allow you to register without using an email address and only require you to set a username and password. These services may provide increased anonymity when combined with a VPN or Tor. Keep in mind that for these accounts there will most likely be **no way to recover your account** in the event you forget your username or password.
|
||||
|
||||
--8<-- "includes/abbreviations.bn.txt"
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Account Deletion"
|
||||
icon: 'material/account-remove'
|
||||
description: It's easy to accumulate a large number of internet accounts, here are some tips on how to prune your collection.
|
||||
---
|
||||
|
||||
Over time, it can be easy to accumulate a number of online accounts, many of which you may no longer use. Deleting these unused accounts is an important step in reclaiming your privacy, as dormant accounts are vulnerable to data breaches. A data breach is when a service's security is compromised and protected information is viewed, transmitted, or stolen by unauthorized actors. Data breaches are unfortunately all [too common](https://haveibeenpwned.com/PwnedWebsites) these days, and so practicing good digital hygiene is the best way to minimize the impact they have on your life. The goal of this guide then is to help navigate you through the irksome process of account deletion, often made difficult by [deceptive design](https://www.deceptive.design/), for the betterment of your online presence.
|
||||
@ -59,5 +60,3 @@ Even when you are able to delete an account, there is no guarantee that all your
|
||||
## Avoid New Accounts
|
||||
|
||||
As the old saying goes, "an ounce of prevention is worth a pound of cure." Whenever you feel tempted to sign up for a new account, ask yourself, "Do I really need this? Can I accomplish what I need to without an account?" It can often be much harder to delete an account than to create one. And even after deleting or changing the info on your account, there might be a cached version from a third-party—like the [Internet Archive](https://archive.org/). Avoid the temptation when you're able to—your future self will thank you!
|
||||
|
||||
--8<-- "includes/abbreviations.bn.txt"
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Common Misconceptions"
|
||||
icon: 'material/robot-confused'
|
||||
description: Privacy isn't a straightforward topic, and it's easy to get caught up in marketing claims and other disinformation.
|
||||
---
|
||||
|
||||
## "Open-source software is always secure" or "Proprietary software is more secure"
|
||||
@ -56,6 +57,4 @@ One of the clearest threat models is one where people *know who you are* and one
|
||||
|
||||
Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.)
|
||||
|
||||
--8<-- "includes/abbreviations.bn.txt"
|
||||
|
||||
[^1]: One notable example of this is the [2021 incident in which University of Minnesota researchers introduced three vulnerabilities into the Linux kernel development project](https://cse.umn.edu/cs/linux-incident).
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Common Threats"
|
||||
icon: 'material/eye-outline'
|
||||
description: Your threat model is personal to you, but these are some of the things many visitors to this site care about.
|
||||
---
|
||||
|
||||
Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat.
|
||||
@ -140,8 +141,6 @@ People concerned with the threat of censorship can use technologies like [Tor](.
|
||||
|
||||
You must always consider the risks of trying to bypass censorship, the potential consequences, and how sophisticated your adversary may be. You should be cautious with your software selection, and have a backup plan in case you are caught.
|
||||
|
||||
--8<-- "includes/abbreviations.bn.txt"
|
||||
|
||||
[^1]: Wikipedia: [*Mass Surveillance*](https://en.wikipedia.org/wiki/Mass_surveillance) and [*Surveillance*](https://en.wikipedia.org/wiki/Surveillance).
|
||||
[^2]: United States Privacy and Civil Liberties Oversight Board: [*Report on the Telephone Records Program Conducted under Section 215*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf)
|
||||
[^3]: Wikipedia: [*Surveillance capitalism*](https://en.wikipedia.org/wiki/Surveillance_capitalism)
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: Email Security
|
||||
icon: material/email
|
||||
description: Email is inherently insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications.
|
||||
---
|
||||
|
||||
Email is an insecure form of communication by default. You can improve your email security with tools such as OpenPGP, which add End-to-End Encryption to your messages, but OpenPGP still has a number of drawbacks compared to encryption in other messaging applications, and some email data can never be encrypted inherently due to how email is designed.
|
||||
@ -38,5 +39,3 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http
|
||||
### Why Can't Metadata be E2EE?
|
||||
|
||||
Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc.
|
||||
|
||||
--8<-- "includes/abbreviations.bn.txt"
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Multi-Factor Authentication"
|
||||
icon: 'material/two-factor-authentication'
|
||||
description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others.
|
||||
---
|
||||
|
||||
**Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app.
|
||||
@ -162,5 +163,3 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How
|
||||
### KeePass (and KeePassXC)
|
||||
|
||||
KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
|
||||
|
||||
--8<-- "includes/abbreviations.bn.txt"
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Introduction to Passwords"
|
||||
icon: 'material/form-textbox-password'
|
||||
description: These are some tips and tricks on how to create the strongest passwords and keep your accounts secure.
|
||||
---
|
||||
|
||||
Passwords are an essential part of our everyday digital lives. We use them to protect our accounts, our devices and our secrets. Despite often being the only thing between us and an adversary who's after our private information, not a lot of thought is put into them, which often leads to people using passwords that can be easily guessed or brute-forced.
|
||||
@ -108,5 +109,3 @@ There are many good options to choose from, both cloud-based and local. Choose o
|
||||
### Backups
|
||||
|
||||
You should store an [encrypted](../encryption.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using.
|
||||
|
||||
--8<-- "includes/abbreviations.bn.txt"
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Threat Modeling"
|
||||
icon: 'material/target-account'
|
||||
description: প্রাইভেসি সিকিউরিটি, এবং ব্যবহারযোগ্যতা এর মধ্যে ভারসাম্য রক্ষা করা আপনার প্রাইভেসি যাত্রার সবথেকে কঠিন কাজ।
|
||||
---
|
||||
|
||||
প্রাইভেসি সিকিউরিটি, এবং ব্যবহারযোগ্যতা এর মধ্যে ভারসাম্য রক্ষা করা আপনার প্রাইভেসি যাত্রার সবথেকে কঠিন কাজ। Everything is a trade-off: The more secure something is, the more restricting or inconvenient it generally is, etc. Often, people find that the problem with the tools they see recommended is that they're just too hard to start using!
|
||||
@ -107,5 +108,3 @@ For people looking to increase their privacy and security online, we've compiled
|
||||
## Sources
|
||||
|
||||
- [EFF Surveillance Self Defense: Your Security Plan](https://ssd.eff.org/en/module/your-security-plan)
|
||||
|
||||
--8<-- "includes/abbreviations.bn.txt"
|
||||
|
@ -1,11 +1,12 @@
|
||||
---
|
||||
title: VPN Overview
|
||||
icon: material/vpn
|
||||
description: Virtual Private Networks shift risk away from your ISP to a third-party you trust. You should keep these things in mind.
|
||||
---
|
||||
|
||||
Virtual Private Networks are a way of extending the end of your network to exit somewhere else in the world. An ISP can see the flow of internet traffic entering and exiting your network termination device (i.e. modem).
|
||||
|
||||
Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns).
|
||||
Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns).
|
||||
|
||||
A VPN can help as it can shift trust to a server somewhere else in the world. As a result, the ISP then only sees that you are connected to a VPN and nothing about the activity that you're passing into it.
|
||||
|
||||
@ -74,5 +75,3 @@ For situations like these, or if you have another compelling reason, the VPN pro
|
||||
- [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/)
|
||||
- [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/)
|
||||
- [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/)
|
||||
|
||||
--8<-- "includes/abbreviations.bn.txt"
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Calendar Sync"
|
||||
icon: material/calendar
|
||||
description: Calendars contain some of your most sensitive data; use products that implement encryption at rest.
|
||||
---
|
||||
|
||||
Calendars contain some of your most sensitive data; use products that implement E2EE at rest to prevent a provider from reading them.
|
||||
@ -67,5 +68,3 @@ Calendars contain some of your most sensitive data; use products that implement
|
||||
Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
|
||||
|
||||
- Should integrate with native OS calendar and contact management apps if applicable.
|
||||
|
||||
--8<-- "includes/abbreviations.bn.txt"
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Cloud Storage"
|
||||
icon: material/file-cloud
|
||||
description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives!
|
||||
---
|
||||
|
||||
Many cloud storage providers require your full trust that they will not look at your files. The alternatives listed below eliminate the need for trust by either putting you in control of your data or by implementing E2EE.
|
||||
@ -29,7 +30,6 @@ If these alternatives do not fit your needs, we suggest you look into [Encryptio
|
||||
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive)
|
||||
- [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851)
|
||||
|
||||
Proton Drive's mobile clients were released in December 2022 and are not yet open-source. Proton has historically delayed their source code releases until after initial product releases, and [plans to](https://www.reddit.com/r/ProtonDrive/comments/zf14i8/comment/izdwmme/?utm_source=share&utm_medium=web2x&context=3) release the source code by the end of 2023. Proton Drive desktop clients are still in development.
|
||||
|
||||
## Criteria
|
||||
|
||||
@ -58,5 +58,3 @@ Our best-case criteria represents what we would like to see from the perfect pro
|
||||
- These clients should integrate with native OS tools for cloud storage providers, such as Files app integration on iOS, or DocumentsProvider functionality on Android.
|
||||
- Should support easy file-sharing with other users.
|
||||
- Should offer at least basic file preview and editing functionality on the web interface.
|
||||
|
||||
--8<-- "includes/abbreviations.bn.txt"
|
||||
|
53
i18n/bn/cryptocurrency.md
Normal file
53
i18n/bn/cryptocurrency.md
Normal file
@ -0,0 +1,53 @@
|
||||
---
|
||||
title: Cryptocurrency
|
||||
icon: material/bank-circle
|
||||
---
|
||||
|
||||
Making payments online is one of the biggest challenges to privacy. These cryptocurrencies provide transaction privacy by default (something which is **not** guaranteed by the majority of cryptocurrencies), provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases:
|
||||
|
||||
[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button}
|
||||
|
||||
!!! danger
|
||||
|
||||
Many if not most cryptocurrency projects are scams. Make transactions carefully with only projects you trust.
|
||||
|
||||
## Monero
|
||||
|
||||
!!! recommendation
|
||||
|
||||
![Monero logo](assets/img/cryptocurrency/monero.svg){ align=right }
|
||||
|
||||
**Monero** uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve anonymity. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices.
|
||||
|
||||
[:octicons-home-16: Homepage](https://www.getmonero.org/){ .md-button .md-button--primary }
|
||||
[:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation}
|
||||
[:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" }
|
||||
[:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribute }
|
||||
|
||||
With Monero, outside observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories.
|
||||
|
||||
For optimal privacy, make sure to use a noncustodial wallet where the view key stays on the device. This means that only you will have the ability to spend your funds and see incoming and outgoing transactions. If you use a custodial wallet, the provider can see **everything** you do; if you use a “lightweight” wallet where the provider retains your private view key, the provider can see almost everything you do. Some noncustodial wallets include:
|
||||
|
||||
- [Official Monero client](https://getmonero.org/downloads) (Desktop)
|
||||
- [Cake Wallet](https://cakewallet.com/) (iOS, Android)
|
||||
- Cake Wallet supports multiple cryptocurrencies. A Monero-only version of Cake Wallet is available at [Monero.com](https://monero.com/).
|
||||
- [Feather Wallet](https://featherwallet.org/) (Desktop)
|
||||
- [Monerujo](https://www.monerujo.io/) (Android)
|
||||
|
||||
For maximum privacy (even with a noncustodial wallet), you should run your own Monero node. Using another person’s node will expose some information to them, such as the IP address that you connect to it from, the timestamps that you sync your wallet, and the transactions that you send from your wallet (though no other details about those transactions). Alternatively, you can connect to someone else’s Monero node over Tor or i2p.
|
||||
|
||||
In August 2021, CipherTrace [announced](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) enhanced Monero tracing capabilities for government agencies. Public postings show that the US Department of the Treasury's Financial Crimes Enforcement Network [licensed](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace's "Monero Module" in late 2022.
|
||||
|
||||
Monero transaction graph privacy is limited by its relatively small ring signatures, especially against targeted attacks. Monero's privacy features have also been [called into question](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) by some security researchers, and a number of severe vulnerabilities have been found and patched in the past, so the claims made by organizations like CipherTrace are not out of the question. While it's unlikely that Monero mass surveillance tools exist like they do for Bitcoin and others, it's certain that tracing tools assist with targeted investigations.
|
||||
|
||||
Ultimately, Monero is the strongest contender for a privacy-friendly cryptocurrency, but its privacy claims have **not** been definitively proven one way or the other. More time and research is needed to assess whether Monero is resilient enough to attacks to always provide adequate privacy.
|
||||
|
||||
## Criteria
|
||||
|
||||
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
|
||||
|
||||
!!! example "This section is new"
|
||||
|
||||
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
|
||||
|
||||
- Cryptocurrency must provide private/untraceable transactions by default.
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Data and Metadata Redaction"
|
||||
icon: material/tag-remove
|
||||
description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share.
|
||||
---
|
||||
|
||||
When sharing files, be sure to remove associated metadata. Image files commonly include [Exif](https://en.wikipedia.org/wiki/Exif) data. Photos sometimes even include GPS coordinates in the file metadata.
|
||||
@ -142,5 +143,3 @@ The app offers multiple ways to erase metadata from images. Namely:
|
||||
|
||||
- Apps developed for open-source operating systems must be open-source.
|
||||
- Apps must be free and should not include ads or other limitations.
|
||||
|
||||
--8<-- "includes/abbreviations.bn.txt"
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Desktop Browsers"
|
||||
icon: material/laptop
|
||||
description: Firefox and Brave are our recommendations for standard/non-anonymous browsing.
|
||||
---
|
||||
|
||||
These are our currently recommended desktop web browsers and configurations for standard/non-anonymous browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping your browser extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation.
|
||||
@ -258,6 +259,4 @@ Our best-case criteria represents what we would like to see from the perfect pro
|
||||
- Must not replicate built-in browser or OS functionality.
|
||||
- Must directly impact user privacy, i.e. must not simply provide information.
|
||||
|
||||
--8<-- "includes/abbreviations.bn.txt"
|
||||
|
||||
[^1]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state/).
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Desktop/PC"
|
||||
icon: simple/linux
|
||||
description: Linux distributions are commonly recommended for privacy protection and software freedom.
|
||||
---
|
||||
|
||||
Linux distributions are commonly recommended for privacy protection and software freedom. If you don't already use Linux, below are some distributions we suggest trying out, as well as some general privacy and security improvement tips that are applicable to many Linux distributions.
|
||||
@ -180,5 +181,3 @@ Our recommended operating systems:
|
||||
- Must support full-disk encryption during installation.
|
||||
- Must not freeze regular releases for more than 1 year. We [do not recommend](os/linux-overview.md#release-cycle) "Long Term Support" or "stable" distro releases for desktop usage.
|
||||
- Must support a wide variety of hardware.
|
||||
|
||||
--8<-- "includes/abbreviations.bn.txt"
|
||||
|
@ -1,13 +1,12 @@
|
||||
---
|
||||
title: "DNS Resolvers"
|
||||
icon: material/dns
|
||||
description: These are some encrypted DNS providers we recommend switching to, to replace your ISP's default configuration.
|
||||
---
|
||||
|
||||
!!! question "Should I use encrypted DNS?"
|
||||
Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity.
|
||||
|
||||
Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity.
|
||||
|
||||
[Learn more about DNS](advanced/dns-overview.md){ .md-button }
|
||||
[Learn more about DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button}
|
||||
|
||||
## Recommended Providers
|
||||
|
||||
@ -132,8 +131,6 @@ A self-hosted DNS solution is useful for providing filtering on controlled platf
|
||||
[:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" }
|
||||
[:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute }
|
||||
|
||||
--8<-- "includes/abbreviations.bn.txt"
|
||||
|
||||
[^1]: AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested in within last 24 hours. "We need this information to identify and block new trackers and threats." "We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html)
|
||||
[^2]: Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver. The 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is stored only for 25 hours. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/)
|
||||
[^3]: Control D only logs for Premium resolvers with custom DNS profiles. Free resolvers do not log data. [https://controld.com/privacy](https://controld.com/privacy)
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Email Clients"
|
||||
icon: material/email-open
|
||||
description: These email clients are privacy-respecting and support OpenPGP email encryption.
|
||||
---
|
||||
|
||||
Our recommendation list contains email clients that support both [OpenPGP](encryption.md#openpgp) and strong authentication such as [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). OAuth allows you to use [Multi-Factor Authentication](basics/multi-factor-authentication.md) and prevent account theft.
|
||||
@ -235,5 +236,3 @@ Our best-case criteria represents what we would like to see from the perfect pro
|
||||
- Should not collect any telemetry by default.
|
||||
- Should support OpenPGP natively, i.e. without extensions.
|
||||
- Should support storing OpenPGP encrypted emails locally.
|
||||
|
||||
--8<-- "includes/abbreviations.bn.txt"
|
||||
|
187
i18n/bn/email.md
187
i18n/bn/email.md
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Email Services"
|
||||
icon: material/email
|
||||
description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers.
|
||||
---
|
||||
|
||||
Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy.
|
||||
@ -9,9 +10,21 @@ Email is practically a necessity for using any online service, however we do not
|
||||
|
||||
For everything else, we recommend a variety of email providers based on sustainable business models and built-in security and privacy features.
|
||||
|
||||
- [OpenPGP-Compatible Email Providers :material-arrow-right-drop-circle:](#openpgp-compatible-services)
|
||||
- [Other Encrypted Providers :material-arrow-right-drop-circle:](#more-providers)
|
||||
- [Email Aliasing Services :material-arrow-right-drop-circle:](#email-aliasing-services)
|
||||
- [Self-Hosted Options :material-arrow-right-drop-circle:](#self-hosting-email)
|
||||
|
||||
## OpenPGP Compatible Services
|
||||
|
||||
These providers natively support OpenPGP encryption/decryption, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it.
|
||||
These providers natively support OpenPGP encryption/decryption and the Web Key Directory (WKD) standard, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it.
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail)
|
||||
- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg)
|
||||
|
||||
</div>
|
||||
|
||||
!!! warning
|
||||
|
||||
@ -49,41 +62,41 @@ If you have the Proton Unlimited, Business, or Visionary Plan, you also get [Sim
|
||||
|
||||
Proton Mail has internal crash reports that they **do not** share with third parties. This can be disabled in: **Settings** > **Go to Settings** > **Account** > **Security and privacy** > **Send crash reports**.
|
||||
|
||||
??? success "Custom Domains and Aliases"
|
||||
#### :material-check:{ .pg-green } Custom Domains and Aliases
|
||||
|
||||
Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain.
|
||||
Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain.
|
||||
|
||||
??? success "Private Payment Methods"
|
||||
#### :material-check:{ .pg-green } Private Payment Methods
|
||||
|
||||
Proton Mail [accepts](https://proton.me/support/payment-options) Bitcoin and cash by mail in addition to standard credit/debit card and PayPal payments.
|
||||
Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments.
|
||||
|
||||
??? success "Account Security"
|
||||
#### :material-check:{ .pg-green } Account Security
|
||||
|
||||
Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code.
|
||||
Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code.
|
||||
|
||||
??? success "Data Security"
|
||||
#### :material-check:{ .pg-green } Data Security
|
||||
|
||||
Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you.
|
||||
Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you.
|
||||
|
||||
Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon.
|
||||
Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon.
|
||||
|
||||
??? success "Email Encryption"
|
||||
#### :material-check:{ .pg-green } Email Encryption
|
||||
|
||||
Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP.
|
||||
Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP.
|
||||
|
||||
Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE.
|
||||
Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE.
|
||||
|
||||
??? warning "Digital Legacy"
|
||||
#### :material-alert-outline:{ .pg-orange } Digital Legacy
|
||||
|
||||
Proton Mail doesn't offer a digital legacy feature.
|
||||
Proton Mail doesn't offer a digital legacy feature.
|
||||
|
||||
??? info "Account Termination"
|
||||
#### :material-information-outline:{ .pg-blue } Account Termination
|
||||
|
||||
If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period.
|
||||
If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period.
|
||||
|
||||
??? info "Additional Functionality"
|
||||
#### :material-information-outline:{ .pg-blue } Additional Functionality
|
||||
|
||||
Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage.
|
||||
Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage.
|
||||
|
||||
### Mailbox.org
|
||||
|
||||
@ -101,43 +114,54 @@ Proton Mail has internal crash reports that they **do not** share with third par
|
||||
|
||||
- [:octicons-browser-16: Web](https://login.mailbox.org)
|
||||
|
||||
??? success "Custom Domains and Aliases"
|
||||
#### :material-check:{ .pg-green } Custom Domains and Aliases
|
||||
|
||||
Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain.
|
||||
Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain.
|
||||
|
||||
??? info "Private Payment Methods"
|
||||
#### :material-check:{ .pg-green } Private Payment Methods
|
||||
|
||||
Mailbox.org doesn't accept Bitcoin or any other cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung.
|
||||
Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung.
|
||||
|
||||
??? success "Account Security"
|
||||
#### :material-check:{ .pg-green } Account Security
|
||||
|
||||
Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported.
|
||||
Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported.
|
||||
|
||||
??? info "Data Security"
|
||||
#### :material-information-outline:{ .pg-blue } Data Security
|
||||
|
||||
Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key.
|
||||
Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key.
|
||||
|
||||
However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information.
|
||||
However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information.
|
||||
|
||||
??? success "Email Encryption"
|
||||
#### :material-check:{ .pg-green } Email Encryption
|
||||
|
||||
Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox.
|
||||
Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox.
|
||||
|
||||
Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE.
|
||||
Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE.
|
||||
|
||||
??? success "Digital Legacy"
|
||||
#### :material-check:{ .pg-green } Digital Legacy
|
||||
|
||||
Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address.
|
||||
Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address.
|
||||
|
||||
??? info "Account Termination"
|
||||
#### :material-information-outline:{ .pg-blue } Account Termination
|
||||
|
||||
Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract).
|
||||
Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract).
|
||||
|
||||
??? info "Additional Functionality"
|
||||
#### :material-information-outline:{ .pg-blue } Additional Functionality
|
||||
|
||||
You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors.
|
||||
You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors.
|
||||
|
||||
All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3.
|
||||
All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3.
|
||||
|
||||
## More Providers
|
||||
|
||||
These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers.
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail)
|
||||
- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota)
|
||||
|
||||
</div>
|
||||
|
||||
### StartMail
|
||||
|
||||
@ -156,43 +180,39 @@ Proton Mail has internal crash reports that they **do not** share with third par
|
||||
|
||||
- [:octicons-browser-16: Web](https://mail.startmail.com/login)
|
||||
|
||||
??? success "Custom Domains and Aliases"
|
||||
#### :material-check:{ .pg-green } Custom Domains and Aliases
|
||||
|
||||
Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available.
|
||||
Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available.
|
||||
|
||||
??? warning "Private Payment Methods"
|
||||
#### :material-alert-outline:{ .pg-orange } Private Payment Methods
|
||||
|
||||
StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as Bitcoin (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year.
|
||||
StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year.
|
||||
|
||||
??? success "Account Security"
|
||||
#### :material-check:{ .pg-green } Account Security
|
||||
|
||||
StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication.
|
||||
StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication.
|
||||
|
||||
??? info "Data Security"
|
||||
#### :material-information-outline:{ .pg-blue } Data Security
|
||||
|
||||
StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key.
|
||||
StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key.
|
||||
|
||||
StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption.
|
||||
StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption.
|
||||
|
||||
??? success "Email Encryption"
|
||||
#### :material-check:{ .pg-green } Email Encryption
|
||||
|
||||
StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys.
|
||||
StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. However, they do not support the Web Key Directory standard, making the discovery of a Startmail mailbox's public key more challenging for other email providers or clients.
|
||||
|
||||
??? warning "Digital Legacy"
|
||||
#### :material-alert-outline:{ .pg-orange } Digital Legacy
|
||||
|
||||
StartMail does not offer a digital legacy feature.
|
||||
StartMail does not offer a digital legacy feature.
|
||||
|
||||
??? info "Account Termination"
|
||||
#### :material-information-outline:{ .pg-blue } Account Termination
|
||||
|
||||
On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration).
|
||||
On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration).
|
||||
|
||||
??? info "Additional Functionality"
|
||||
#### :material-information-outline:{ .pg-blue } Additional Functionality
|
||||
|
||||
StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is.
|
||||
|
||||
## More Providers
|
||||
|
||||
These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers.
|
||||
StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is.
|
||||
|
||||
### Tutanota
|
||||
|
||||
@ -220,44 +240,51 @@ These providers store your emails with zero-knowledge encryption, making them gr
|
||||
|
||||
Tutanota doesn't support the [IMAP protocol](https://tutanota.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tutanota app. Neither [Email import](https://github.com/tutao/tutanota/issues/630) or [subfolders](https://github.com/tutao/tutanota/issues/927) are currently supported, though this is [due to be changed](https://tutanota.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tutanota.com/howto#generalMail) per folder, which may be inconvenient if you have many folders.
|
||||
|
||||
??? success "Custom Domains and Aliases"
|
||||
#### :material-check:{ .pg-green } Custom Domains and Aliases
|
||||
|
||||
Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain.
|
||||
Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain.
|
||||
|
||||
??? warning "Private Payment Methods"
|
||||
#### :material-information-outline:{ .pg-blue } Private Payment Methods
|
||||
|
||||
Tutanota only directly accepts credit cards and PayPal, however Bitcoin and Monero can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore.
|
||||
Tutanota only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore.
|
||||
|
||||
??? success "Account Security"
|
||||
#### :material-check:{ .pg-green } Account Security
|
||||
|
||||
Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F.
|
||||
Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F.
|
||||
|
||||
??? success "Data Security"
|
||||
#### :material-check:{ .pg-green } Data Security
|
||||
|
||||
Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you.
|
||||
Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you.
|
||||
|
||||
??? warning "Email Encryption"
|
||||
#### :material-information-outline:{ .pg-blue } Email Encryption
|
||||
|
||||
Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external).
|
||||
Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external).
|
||||
|
||||
??? warning "Digital Legacy"
|
||||
#### :material-alert-outline:{ .pg-orange } Digital Legacy
|
||||
|
||||
Tutanota doesn't offer a digital legacy feature.
|
||||
Tutanota doesn't offer a digital legacy feature.
|
||||
|
||||
??? info "Account Termination"
|
||||
#### :material-information-outline:{ .pg-blue } Account Termination
|
||||
|
||||
Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay.
|
||||
Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay.
|
||||
|
||||
??? info "Additional Functionality"
|
||||
#### :material-information-outline:{ .pg-blue } Additional Functionality
|
||||
|
||||
Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount.
|
||||
Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount.
|
||||
|
||||
Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y.
|
||||
Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y.
|
||||
|
||||
## Email Aliasing Services
|
||||
|
||||
An email aliasing service allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your email provider. True email aliasing is better than plus addressing commonly used and supported by many providers, which allows you to create aliases like yourname+[anythinghere]@example.com, because websites, advertisers, and tracking networks can trivially remove anything after the + sign to know your true email address.
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ .twemoji }![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy)
|
||||
- ![SimpleLogin logo](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin)
|
||||
|
||||
</div>
|
||||
|
||||
Email aliasing can act as a safeguard in case your email provider ever ceases operation. In that scenario, you can easily re-route your aliases to a new email address. In turn, however, you are placing trust in the aliasing service to continue functioning.
|
||||
|
||||
Using a dedicated email aliasing service also has a number of benefits over a catch-all alias on a custom domain:
|
||||
@ -411,7 +438,7 @@ We prefer our recommended providers to collect as little data as possible.
|
||||
|
||||
**Best Case:**
|
||||
|
||||
- Accepts Bitcoin, cash, and other forms of cryptocurrency and/or anonymous payment options (gift cards, etc.)
|
||||
- Accepts [anonymous payment options](advanced/payments.md) ([cryptocurrency](cryptocurrency.md), cash, gift cards, etc.)
|
||||
|
||||
### Security
|
||||
|
||||
@ -428,7 +455,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w
|
||||
- Valid [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) records.
|
||||
- Valid [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) and [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) records.
|
||||
- Have a proper [DMARC](https://en.wikipedia.org/wiki/DMARC) record and policy or use [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) for authentication. If DMARC authentication is being used, the policy must be set to `reject` or `quarantine`.
|
||||
- A server suite preference of TLS 1.2 or later and a plan for [Deprecating TLSv1.0 and TLSv1.1](https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/).
|
||||
- A server suite preference of TLS 1.2 or later and a plan for [RFC8996](https://datatracker.ietf.org/doc/rfc8996/).
|
||||
- [SMTPS](https://en.wikipedia.org/wiki/SMTPS) submission, assuming SMTP is used.
|
||||
- Website security standards such as:
|
||||
- [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security)
|
||||
@ -443,7 +470,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w
|
||||
- Bug-bounty programs and/or a coordinated vulnerability-disclosure process.
|
||||
- Website security standards such as:
|
||||
- [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy)
|
||||
- [Expect-CT](https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct)
|
||||
- [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/)
|
||||
|
||||
### Trust
|
||||
|
||||
@ -481,5 +508,3 @@ Must not have any marketing which is irresponsible:
|
||||
### Additional Functionality
|
||||
|
||||
While not strictly requirements, there are some other convenience or privacy factors we looked into when determining which providers to recommend.
|
||||
|
||||
--8<-- "includes/abbreviations.bn.txt"
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Encryption Software"
|
||||
icon: material/file-lock
|
||||
description: Encryption of data is the only way to control who can access it. These tools allow you to encrypt your emails and any other files.
|
||||
---
|
||||
|
||||
Encryption of data is the only way to control who can access it. If you are currently not using encryption software for your hard disk, emails or files, you should pick an option here.
|
||||
@ -353,5 +354,3 @@ Our best-case criteria represents what we would like to see from the perfect pro
|
||||
|
||||
- Operating System (FDE) encryption apps should utilize hardware security such as a TPM or Secure Enclave.
|
||||
- File encryption apps should have first- or third-party support for mobile platforms.
|
||||
|
||||
--8<-- "includes/abbreviations.bn.txt"
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "File Sharing and Sync"
|
||||
icon: material/share-variant
|
||||
description: Discover how to privately share your files between your devices, with your friends and family, or anonymously online.
|
||||
---
|
||||
|
||||
Discover how to privately share your files between your devices, with your friends and family, or anonymously online.
|
||||
@ -144,5 +145,3 @@ Our best-case criteria represents what we would like to see from the perfect pro
|
||||
|
||||
- Has mobile clients for iOS and Android, which at least support document previews.
|
||||
- Supports photo backup from iOS and Android, and optionally supports file/folder sync on Android.
|
||||
|
||||
--8<-- "includes/abbreviations.bn.txt"
|
||||
|
94
i18n/bn/financial-services.md
Normal file
94
i18n/bn/financial-services.md
Normal file
@ -0,0 +1,94 @@
|
||||
---
|
||||
title: Financial Services
|
||||
icon: material/bank
|
||||
---
|
||||
|
||||
Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases:
|
||||
|
||||
[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button}
|
||||
|
||||
## Payment Masking Services
|
||||
|
||||
There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously.
|
||||
|
||||
!!! tip "Check your current bank"
|
||||
|
||||
Many banks and credit card providers offer native virtual card functionality. If you use one which provides this option already, you should use it over the following recommendations in most cases. That way you are not trusting multiple parties with your personal information.
|
||||
|
||||
### Privacy.com (US)
|
||||
|
||||
!!! recommendation
|
||||
|
||||
![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ align=right }
|
||||
![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ align=right }
|
||||
|
||||
**Privacy.com**'s free plan allows you to create up to 12 virtual cards per month, set spend limits on those cards, and shut off cards instantly. Their paid plan allows you to create up to 36 cards per month, get 1% cash back on purchases, and hide transaction information from your bank.
|
||||
|
||||
[:octicons-home-16: Homepage](https://privacy.com){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=Documentation}
|
||||
|
||||
Privacy.com gives information about the merchants you purchase from to your bank by default. Their paid "discreet merchants" feature hides merchant information from your bank, so your bank only sees that a purchase was made with Privacy.com but not where that money was spent, however that is not foolproof, and of course Privacy.com still has knowledge about the merchants you are spending money with.
|
||||
|
||||
### MySudo (US, Paid)
|
||||
|
||||
!!! recommendation
|
||||
|
||||
![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ align=right }
|
||||
![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right }
|
||||
|
||||
**MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](email.md) for extensive email aliasing use.
|
||||
|
||||
[:octicons-home-16: Homepage](https://mysudo.com/){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation}
|
||||
|
||||
### Criteria
|
||||
|
||||
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
|
||||
|
||||
!!! example "This section is new"
|
||||
|
||||
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
|
||||
|
||||
- Allows the creation of multiple cards which function as a shield between the merchant and your personal finances.
|
||||
- Cards must not require you to provide accurate billing address information to the merchant.
|
||||
|
||||
## Gift Card Marketplaces
|
||||
|
||||
These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](cryptocurrency.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered).
|
||||
|
||||
### Cake Pay
|
||||
|
||||
!!! recommendation
|
||||
|
||||
![CakePay logo](assets/img/financial-services/cakepay.svg){ align=right }
|
||||
|
||||
**Cake Pay** allows you to purchase gift cards and related products with Monero. Purchases for USA merchants are available in the Cake Wallet mobile app, while the Cake Pay web app includes a broad selection of global merchants.
|
||||
|
||||
[:octicons-home-16: Homepage](https://cakepay.com/){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=Documentation}
|
||||
|
||||
### CoinCards
|
||||
|
||||
!!! recommendation
|
||||
|
||||
![CakePay logo](assets/img/financial-services/coincards.svg){ align=right }
|
||||
|
||||
**CoinCards** (available in the US, Canada, and UK) allows you to purchase gift cards for a large variety of merchants.
|
||||
|
||||
[:octicons-home-16: Homepage](https://coincards.com/){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=Documentation}
|
||||
|
||||
### Criteria
|
||||
|
||||
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
|
||||
|
||||
!!! example "This section is new"
|
||||
|
||||
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
|
||||
|
||||
- Accepts payment in [a recommended cryptocurrency](cryptocurrency.md).
|
||||
- No ID requirement.
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Frontends"
|
||||
icon: material/flip-to-front
|
||||
description: These open-source frontends for various internet services allow you to access content without JavaScript or other annoyances.
|
||||
---
|
||||
|
||||
Sometimes services will try to force you to sign up for an account by blocking access to content with annoying popups. They might also break without JavaScript enabled. These frontends can allow you to get around these restrictions.
|
||||
@ -264,5 +265,3 @@ Recommended frontends...
|
||||
We only consider frontends for websites which are...
|
||||
|
||||
- Not normally accessible without JavaScript.
|
||||
|
||||
--8<-- "includes/abbreviations.bn.txt"
|
||||
|
@ -40,5 +40,3 @@ Trying to protect all your data from everyone all the time is impractical, expen
|
||||
[:material-hand-coin-outline:](about/donate.md){ title="Support the project" }
|
||||
|
||||
It's important for a website like Privacy Guides to always stay up-to-date. We need our audience to keep an eye on software updates for the applications listed on our site and follow recent news about providers that we recommend. It's hard to keep up with the fast pace of the internet, but we try our best. If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know.
|
||||
|
||||
--8<-- "includes/abbreviations.bn.txt"
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: KB Archive
|
||||
icon: material/archive
|
||||
description: Some pages that used to be in our knowledge base can now be found on our blog.
|
||||
---
|
||||
|
||||
# Pages Moved to Blog
|
||||
@ -14,5 +15,3 @@ Some pages that used to be in our knowledge base can now be found on our blog:
|
||||
- [Secure Data Erasure](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/)
|
||||
- [Integrating Metadata Removal](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/)
|
||||
- [iOS Configuration Guide](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/)
|
||||
|
||||
--8<-- "includes/abbreviations.bn.txt"
|
||||
|
@ -20,5 +20,3 @@ Additional branding guidelines can be found at [github.com/privacyguides/brand](
|
||||
"Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project.
|
||||
|
||||
Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at jonah@privacyguides.org. Consult your legal counsel if you have questions.
|
||||
|
||||
--8<-- "includes/abbreviations.bn.txt"
|
||||
|
@ -44,5 +44,3 @@ If you are working on your own branch, run these commands before submitting a PR
|
||||
git fetch origin
|
||||
git rebase origin/main
|
||||
```
|
||||
|
||||
--8<-- "includes/abbreviations.bn.txt"
|
||||
|
@ -87,5 +87,3 @@ scour --set-precision=5 \
|
||||
--protect-ids-noninkscape \
|
||||
input.svg output.svg
|
||||
```
|
||||
|
||||
--8<-- "includes/abbreviations.bn.txt"
|
||||
|
@ -85,5 +85,3 @@ Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversatio
|
||||
> - “must not” for a prohibition
|
||||
> - “may” for a discretionary action
|
||||
> - “should” for a recommendation
|
||||
|
||||
--8<-- "includes/abbreviations.bn.txt"
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user