diff --git a/.all-contributorsrc b/.all-contributorsrc index 4eb4a4e6..7b510b92 100644 --- a/.all-contributorsrc +++ b/.all-contributorsrc @@ -250,6 +250,45 @@ "ideas" ] }, + { + "login": "jordan-warne", + "name": "jordan warne", + "avatar_url": "https://avatars.githubusercontent.com/u/154663344?v=4", + "profile": "https://jordanwarne.net/", + "contributions": [ + "doc", + "video", + "research", + "ideas", + "question", + "promotion" + ] + }, + { + "login": "EmAtPrivacyGuides", + "name": "Em", + "avatar_url": "https://avatars.githubusercontent.com/u/194856901?v=4", + "profile": "https://github.com/EmAtPrivacyGuides", + "contributions": [ + "blog", + "promotion", + "ideas" + ] + }, + { + "login": "kpham42", + "name": "Kevin Pham", + "avatar_url": "https://avatars.githubusercontent.com/u/123699355?v=4", + "profile": "https://github.com/kpham42", + "contributions": [ + "blog", + "promotion", + "question", + "research", + "ideas", + "doc" + ] + }, { "login": "actions", "name": "GitHub Actions", @@ -1955,15 +1994,6 @@ "doc" ] }, - { - "login": "aghorler", - "name": "Aaron Horler", - "avatar_url": "https://avatars.githubusercontent.com/u/13065365?v=4", - "profile": "https://aaronhorler.com/", - "contributions": [ - "doc" - ] - }, { "login": "Commenter25", "name": "Commenter", @@ -2767,15 +2797,6 @@ "translation" ] }, - { - "login": "jordan-warne", - "name": "jordan warne", - "avatar_url": "https://avatars.githubusercontent.com/u/154663344?v=4", - "profile": "https://jordanwarne.net/", - "contributions": [ - "doc" - ] - }, { "login": "dzenan", "name": "Dženan", @@ -3006,6 +3027,97 @@ "maintenance", "security" ] + }, + { + "login": "austinhuang0131", + "name": "Austin Huang", + "avatar_url": "https://avatars.githubusercontent.com/u/16656689?v=4", + "profile": "https://austinhuang.me/", + "contributions": [ + "doc", + "question" + ] + }, + { + "login": "WardPearce", + "name": "Ward", + "avatar_url": "https://avatars.githubusercontent.com/u/27844174?v=4", + "profile": "https://github.com/WardPearce", + "contributions": [ + "doc" + ] + }, + { + "login": "oilmaint", + "name": "oilmaint", + "avatar_url": "https://avatars.githubusercontent.com/u/79659024?v=4", + "profile": "https://github.com/oilmaint", + "contributions": [ + "doc" + ] + }, + { + "login": "headdirt", + "name": "headdirt", + "avatar_url": "https://avatars.githubusercontent.com/u/37009392?v=4", + "profile": "https://github.com/headdirt", + "contributions": [ + "doc" + ] + }, + { + "login": "qmcree", + "name": "Quentin McRee", + "avatar_url": "https://avatars.githubusercontent.com/u/7796024?v=4", + "profile": "https://github.com/qmcree", + "contributions": [ + "doc" + ] + }, + { + "login": "sv3nnie", + "name": "Sven", + "avatar_url": "https://avatars.githubusercontent.com/u/67653224?v=4", + "profile": "https://github.com/sv3nnie", + "contributions": [ + "doc" + ] + }, + { + "login": "tomhonour", + "name": "Tom Honour", + "avatar_url": "https://avatars.githubusercontent.com/u/132141431?v=4", + "profile": "https://git.sr.ht/~tomhonour/", + "contributions": [ + "doc" + ] + }, + { + "login": "brog-io", + "name": "Brogio", + "avatar_url": "https://avatars.githubusercontent.com/u/141176104?v=4", + "profile": "https://brog.io/", + "contributions": [ + "doc" + ] + }, + { + "login": "nathany", + "name": "Nathan Youngman", + "avatar_url": "https://avatars.githubusercontent.com/u/4566?v=4", + "profile": "https://nathany.com/", + "contributions": [ + "doc" + ] + }, + { + "login": "blanchardjeremy", + "name": "Jeremy", + "avatar_url": "https://avatars.githubusercontent.com/u/32290?v=4", + "profile": "https://github.com/blanchardjeremy", + "contributions": [ + "doc" + ] } ], "contributorsPerLine": 5, diff --git a/.devcontainer/Caddyfile b/.devcontainer/Caddyfile index 92000e0e..b8a0039f 100644 --- a/.devcontainer/Caddyfile +++ b/.devcontainer/Caddyfile @@ -1,6 +1,5 @@ :1337 { reverse_proxy /articles/* http://127.0.0.1:8001 - reverse_proxy /videos/* http://127.0.0.1:8002 reverse_proxy /en/* http://127.0.0.1:8000 redir / /en/ } diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 2c128ea7..7d298ce0 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -1,7 +1,11 @@ // For format details, see https://aka.ms/devcontainer.json. { "name": "Privacy Guides", - "image": "ghcr.io/privacyguides/privacyguides.org:sha-750239d", + "image": "ghcr.io/privacyguides/privacyguides.org:sha-5648a3f", + // "build": { + // "dockerfile": "../Dockerfile", + // "context": ".." + // }, "overrideCommand": true, "portsAttributes": { "1337": { @@ -15,10 +19,6 @@ "8001": { "label": "Articles", "onAutoForward": "silent" - }, - "8002": { - "label": "Videos", - "onAutoForward": "silent" } }, "otherPortsAttributes": { @@ -48,24 +48,10 @@ "group": "Live server" } }, - { - "label": "Videos", - "type": "shell", - "command": "mkdocs serve --config-file=mkdocs.videos.yml --dev-addr=localhost:8002", - "group": "test", - "runOptions": { - "runOn": "folderOpen" - }, - "presentation": { - "reveal": "always", - "panel": "dedicated", - "group": "Live server" - } - }, { "label": "Main", "type": "shell", - "command": "./run.sh --cmd=mkdocs --insiders --production", + "command": "./run.sh --cmd=mkdocs --insiders", "group": "test", "runOptions": { "runOn": "folderOpen" diff --git a/.github/workflows/build-pr.yml b/.github/workflows/build-pr.yml index 02c52f10..ac753007 100644 --- a/.github/workflows/build-pr.yml +++ b/.github/workflows/build-pr.yml @@ -80,7 +80,7 @@ jobs: needs: [submodule, metadata] strategy: matrix: - lang: [es, fr, he, it, nl, ru, zh-Hant] + lang: [es, fr, he, it, nl, ru, zh-Hant, zh-TW] fail-fast: false uses: ./.github/workflows/build.yml with: @@ -101,24 +101,23 @@ jobs: continue-on-error: true privileged: ${{ fromJSON(needs.metadata.outputs.privileged) }} - build_videos: - if: ${{ contains(github.event.pull_request.labels.*.name, 'ci:build videos') }} + build_zimfile: + if: ${{ contains(github.event.pull_request.labels.*.name, 'ci:build zimfile') }} needs: [submodule, metadata] - uses: ./.github/workflows/build-videos.yml + uses: ./.github/workflows/build-zimfile.yml with: ref: ${{github.event.pull_request.head.ref}} repo: ${{github.event.pull_request.head.repo.full_name}} - continue-on-error: true - privileged: ${{ fromJSON(needs.metadata.outputs.privileged) }} + secrets: + RO_DISCOURSE_API_KEY: ${{ secrets.RO_DISCOURSE_API_KEY }} combine_build: - needs: [build_english, build_i18n, build_blog, build_videos] + needs: [build_english, build_i18n, build_blog] if: | (always() && !cancelled() && !failure()) && needs.build_english.result == 'success' && (needs.build_i18n.result == 'success' || needs.build_i18n.result == 'skipped') && - (needs.build_blog.result == 'success' || needs.build_blog.result == 'skipped') && - (needs.build_videos.result == 'success' || needs.build_videos.result == 'skipped') + (needs.build_blog.result == 'success' || needs.build_blog.result == 'skipped') runs-on: ubuntu-latest steps: @@ -140,5 +139,5 @@ jobs: cleanup: if: ${{ always() }} - needs: [build_english, build_i18n, build_blog, build_videos] + needs: [build_english, build_i18n, build_blog, build_zimfile] uses: privacyguides/.github/.github/workflows/cleanup.yml@main diff --git a/.github/workflows/build-videos.yml b/.github/workflows/build-videos.yml deleted file mode 100644 index 2d24dc63..00000000 --- a/.github/workflows/build-videos.yml +++ /dev/null @@ -1,116 +0,0 @@ -name: 🛠️ Build Videos - -on: - workflow_call: - inputs: - ref: - required: true - type: string - repo: - required: true - type: string - context: - type: string - default: deploy-preview - continue-on-error: - type: boolean - default: true - privileged: - type: boolean - default: true - -permissions: - contents: read - -jobs: - build: - runs-on: ubuntu-latest - continue-on-error: ${{ inputs.continue-on-error }} - permissions: - contents: read - - steps: - - name: Add GitHub Token to Environment - run: | - echo "GH_TOKEN=${{ secrets.GITHUB_TOKEN }}" >> "$GITHUB_ENV" - - - name: Download Repository - uses: actions/checkout@v4 - with: - repository: ${{ inputs.repo }} - ref: ${{ inputs.ref }} - persist-credentials: "false" - fetch-depth: 0 - - - name: Download Submodules - uses: actions/download-artifact@v4 - with: - pattern: repo-* - path: modules - - - name: Move mkdocs-material-insiders to mkdocs-material - if: inputs.privileged - run: | - rmdir modules/mkdocs-material - mv modules/repo-mkdocs-material-insiders modules/mkdocs-material - - - name: Move brand submodule to theme/assets/brand - run: | - rmdir theme/assets/brand - mv modules/repo-brand theme/assets/brand - - - name: Install Python (pipenv) - if: inputs.privileged - uses: actions/setup-python@v5 - with: - cache: "pipenv" - - - name: Install Python (no pipenv) - if: ${{ !inputs.privileged }} - uses: actions/setup-python@v5 - - - name: Install Python Dependencies - if: inputs.privileged - run: | - pip install pipenv - pipenv install - sudo apt install pngquant - - - name: Install Python Dependencies (Unprivileged) - if: ${{ !inputs.privileged }} - run: | - pip install mkdocs-material mkdocs-rss-plugin mkdocs-glightbox mkdocs-macros-plugin - sudo apt install pngquant - - - name: Set base navigation URLs for production build - if: inputs.context == 'production' - run: | - { - echo "MAIN_SITE_BASE_URL=https://www.privacyguides.org/en/" - echo "MAIN_SITE_ABOUT_URL=https://www.privacyguides.org/en/about/" - echo "MAIN_SITE_RECOMMENDATIONS_URL=https://www.privacyguides.org/en/tools/" - echo "MAIN_SITE_KNOWLEDGE_BASE_URL=https://www.privacyguides.org/en/basics/why-privacy-matters/" - echo "ARTICLES_SITE_BASE_URL=https://www.privacyguides.org/articles/" - echo "VIDEOS_SITE_BASE_URL=https://www.privacyguides.org/videos/" - } >> "$GITHUB_ENV" - - - name: Build Website (Privileged) - if: inputs.privileged - run: | - pipenv run mkdocs build --config-file mkdocs.videos.yml - - - name: Build Website (Unprivileged) - if: ${{ !inputs.privileged }} - run: | - BUILD_INSIDERS=false mkdocs build --config-file mkdocs.videos.yml - - - name: Package Website - run: | - tar -czf site-build-videos.tar.gz site - - - name: Upload Site - uses: actions/upload-artifact@v4 - with: - name: site-build-videos.tar.gz - path: site-build-videos.tar.gz - retention-days: 1 diff --git a/.github/workflows/build-zimfile.yml b/.github/workflows/build-zimfile.yml new file mode 100644 index 00000000..d129540e --- /dev/null +++ b/.github/workflows/build-zimfile.yml @@ -0,0 +1,603 @@ +name: 🥝 Build Zimfile + +on: + workflow_call: + inputs: + ref: + required: true + type: string + repo: + required: true + type: string + secrets: + RO_DISCOURSE_API_KEY: + required: false + +permissions: + contents: read + +env: + VIDEOS_SITE_BASE_URL: https://www.privacyguides.org/videos/ + HOMEPAGE_CTA_ABOUT_LINK: about.html + HOMEPAGE_CTA_DONATE_LINK: about/donate.html + BUILD_OFFLINE: true + PRODUCTION: true + CARDS: false + GITREVISIONDATE: false + GITAUTHORS: false + +jobs: + package_eng: + runs-on: ubuntu-latest + permissions: + contents: read + + env: + LANGUAGE_SWITCHER: false + MAIN_SITE_BASE_URL: /en/index.html + MAIN_SITE_ABOUT_URL: /en/about.html + MAIN_SITE_RECOMMENDATIONS_URL: /en/tools.html + MAIN_SITE_KNOWLEDGE_BASE_URL: /en/basics/why-privacy-matters.html + ARTICLES_SITE_BASE_URL: /articles/index.html + + steps: + - name: Add GitHub Token to Environment + run: | + echo "GH_TOKEN=${{ secrets.GITHUB_TOKEN }}" >> "$GITHUB_ENV" + + - name: Download Repository + uses: actions/checkout@v4 + with: + repository: ${{ inputs.repo }} + ref: ${{ inputs.ref }} + persist-credentials: "false" + fetch-depth: 0 + + - name: Download Submodules + uses: actions/download-artifact@v4 + with: + pattern: repo-* + path: modules + + - name: Move mkdocs-material-insiders to mkdocs-material + run: | + rmdir modules/mkdocs-material + mv modules/repo-mkdocs-material-insiders modules/mkdocs-material + + - name: Move brand submodule to theme/assets/brand + run: | + rmdir theme/assets/brand + mv modules/repo-brand theme/assets/brand + + - name: Install Python (pipenv) + uses: actions/setup-python@v5 + with: + cache: "pipenv" + + - name: Install Python Dependencies + run: | + pip install pipenv + pipenv install + sudo apt install pngquant + + - name: Generate Donating Members List + continue-on-error: true + env: + DISCOURSE_API_KEY: ${{ secrets.RO_DISCOURSE_API_KEY }} + run: | + pip install requests + python tools/generate-members.py > includes/members.md + + - name: Build English + run: | + ./run.sh --build --production --insiders --offline --lang=en + + - name: Delete Unreferenced Assets + run: | + bash tools/delete-unreferenced.sh + env: + ASSETS_DIR: site/en/assets + SEARCH_DIR: site/en + + - name: Run generate-topics.sh for top posts + run: | + bash tools/generate-topics.sh \ + --source='https://discuss.privacyguides.net/top.json?period=weekly' \ + --tag="top posts" \ + --destination="./site/en/index.html" \ + --count=3 + + - name: Run generate-topics.sh for latest posts + run: | + bash tools/generate-topics.sh \ + --source='https://discuss.privacyguides.net/latest.json' \ + --tag="latest posts" \ + --destination="./site/en/index.html" \ + --count=12 + + - name: Build Articles + run: | + pipenv run mkdocs build --config-file mkdocs.blog.yml + + - name: Delete Unreferenced Assets + run: | + bash tools/delete-unreferenced.sh + env: + ASSETS_DIR: site/articles/assets + SEARCH_DIR: site/articles + + - name: Remove Duplicate Files + run: | + cd site && bash ../tools/symlink-duplicates.sh + ln -s en/index.html index.html + ln -s en/about/notices.html license + cd .. + + - name: Set zimfile name + run: | + echo "ZIMFILE_NAME=privacyguides.org_en_all_$(date +%Y)-$(date +%m).zim" >> "$GITHUB_ENV" + + - name: Create ZIM File + uses: addnab/docker-run-action@v3 + with: + image: ghcr.io/openzim/zim-tools:3.1.3 + options: -v ${{ github.workspace }}:/data + run: | + zimwriterfs \ + -w index.html \ + -I en/assets/brand/logos/png/square/pg-yellow.png \ + -l eng \ + -t "Privacy Guides" \ + -d "Your central privacy and security resource to protect yourself online." \ + -c "Privacy Guides" \ + -p "Privacy Guides" \ + -e "https://www.privacyguides.org" \ + -n "privacyguides.org_en_all" \ + /data/site/ /data/${{ env.ZIMFILE_NAME }} + + - name: Upload ZIM File + uses: actions/upload-artifact@v4 + with: + path: ${{ env.ZIMFILE_NAME }} + name: ${{ env.ZIMFILE_NAME }} + compression-level: 0 + + - name: Run zimcheck + uses: addnab/docker-run-action@v3 + continue-on-error: true + with: + image: ghcr.io/openzim/zim-tools:3.1.3 + options: -v ${{ github.workspace }}:/data + run: | + zimcheck /data/${{ env.ZIMFILE_NAME }} + + package_eng_kb: + runs-on: ubuntu-latest + permissions: + contents: read + + env: + LANGUAGE_SWITCHER: false + ARTICLES_SITE_BASE_URL: https://www.privacyguides.org/articles/ + + steps: + - name: Add GitHub Token to Environment + run: | + echo "GH_TOKEN=${{ secrets.GITHUB_TOKEN }}" >> "$GITHUB_ENV" + + - name: Download Repository + uses: actions/checkout@v4 + with: + repository: ${{ inputs.repo }} + ref: ${{ inputs.ref }} + persist-credentials: "false" + fetch-depth: 0 + + - name: Download Submodules + uses: actions/download-artifact@v4 + with: + pattern: repo-* + path: modules + + - name: Move mkdocs-material-insiders to mkdocs-material + run: | + rmdir modules/mkdocs-material + mv modules/repo-mkdocs-material-insiders modules/mkdocs-material + + - name: Move brand submodule to theme/assets/brand + run: | + rmdir theme/assets/brand + mv modules/repo-brand theme/assets/brand + + - name: Install Python (pipenv) + uses: actions/setup-python@v5 + with: + cache: "pipenv" + + - name: Install Python Dependencies + run: | + pip install pipenv + pipenv install + sudo apt install pngquant + + - name: Generate Donating Members List + continue-on-error: true + env: + DISCOURSE_API_KEY: ${{ secrets.RO_DISCOURSE_API_KEY }} + run: | + pip install requests + python tools/generate-members.py > includes/members.md + + - name: Build English + run: | + ./run.sh --build --production --insiders --offline --lang=en + + - name: Run generate-topics.sh for top posts + run: | + bash tools/generate-topics.sh \ + --source='https://discuss.privacyguides.net/top.json?period=weekly' \ + --tag="top posts" \ + --destination="./site/en/index.html" \ + --count=3 + + - name: Run generate-topics.sh for latest posts + run: | + bash tools/generate-topics.sh \ + --source='https://discuss.privacyguides.net/latest.json' \ + --tag="latest posts" \ + --destination="./site/en/index.html" \ + --count=12 + + - name: Delete Unreferenced Assets + run: | + bash tools/delete-unreferenced.sh + env: + ASSETS_DIR: site/en/assets + SEARCH_DIR: site/en + + - name: Remove Duplicate Files + run: | + cd site && bash ../tools/symlink-duplicates.sh + ln -s en/index.html index.html + ln -s en/about/notices.html license + cd .. + + - name: Set zimfile name + run: | + echo "ZIMFILE_NAME=privacyguides.org_en_kb_$(date +%Y)-$(date +%m).zim" >> "$GITHUB_ENV" + + - name: Create ZIM File + uses: addnab/docker-run-action@v3 + with: + image: ghcr.io/openzim/zim-tools:3.1.3 + options: -v ${{ github.workspace }}:/data + run: | + zimwriterfs \ + -w index.html \ + -I en/assets/brand/logos/png/square/pg-yellow.png \ + -l eng \ + -t "Privacy Guides" \ + -d "Knowledge base articles and recommendations from Privacy Guides." \ + -c "Privacy Guides" \ + -p "Privacy Guides" \ + -e "https://www.privacyguides.org" \ + -n "privacyguides.org_en_kb" \ + /data/site/ /data/${{ env.ZIMFILE_NAME }} + + - name: Upload ZIM File + uses: actions/upload-artifact@v4 + with: + path: ${{ env.ZIMFILE_NAME }} + name: ${{ env.ZIMFILE_NAME }} + compression-level: 0 + + - name: Run zimcheck + uses: addnab/docker-run-action@v3 + continue-on-error: true + with: + image: ghcr.io/openzim/zim-tools:3.1.3 + options: -v ${{ github.workspace }}:/data + run: | + zimcheck /data/${{ env.ZIMFILE_NAME }} + + package_eng_articles: + runs-on: ubuntu-latest + permissions: + contents: read + + env: + MAIN_SITE_BASE_URL: https://www.privacyguides.org/en/ + MAIN_SITE_ABOUT_URL: https://www.privacyguides.org/en/about/ + MAIN_SITE_RECOMMENDATIONS_URL: https://www.privacyguides.org/en/tools/ + MAIN_SITE_KNOWLEDGE_BASE_URL: https://www.privacyguides.org/en/basics/ + + steps: + - name: Add GitHub Token to Environment + run: | + echo "GH_TOKEN=${{ secrets.GITHUB_TOKEN }}" >> "$GITHUB_ENV" + + - name: Download Repository + uses: actions/checkout@v4 + with: + repository: ${{ inputs.repo }} + ref: ${{ inputs.ref }} + persist-credentials: "false" + fetch-depth: 0 + + - name: Download Submodules + uses: actions/download-artifact@v4 + with: + pattern: repo-* + path: modules + + - name: Move mkdocs-material-insiders to mkdocs-material + run: | + rmdir modules/mkdocs-material + mv modules/repo-mkdocs-material-insiders modules/mkdocs-material + + - name: Move brand submodule to theme/assets/brand + run: | + rmdir theme/assets/brand + mv modules/repo-brand theme/assets/brand + + - name: Install Python (pipenv) + uses: actions/setup-python@v5 + with: + cache: "pipenv" + + - name: Install Python Dependencies + run: | + pip install pipenv + pipenv install + sudo apt install pngquant + + - name: Build Articles + run: | + pipenv run mkdocs build --config-file mkdocs.blog.yml + + - name: Delete Unreferenced Assets + run: | + bash tools/delete-unreferenced.sh + env: + ASSETS_DIR: site/articles/assets + SEARCH_DIR: site/articles + + - name: Remove Duplicate Files + run: | + cd site && bash ../tools/symlink-duplicates.sh + ln -s articles/index.html index.html + cd .. + + - name: Set zimfile name + run: | + echo "ZIMFILE_NAME=privacyguides.org_en_articles_$(date +%Y)-$(date +%m).zim" >> "$GITHUB_ENV" + + - name: Create ZIM File + uses: addnab/docker-run-action@v3 + with: + image: ghcr.io/openzim/zim-tools:3.1.3 + options: -v ${{ github.workspace }}:/data + run: | + zimwriterfs \ + -w index.html \ + -I articles/assets/brand/logos/png/square/pg-yellow.png \ + -l eng \ + -t "Privacy Guides" \ + -d "Long-form articles from the Privacy Guides team and other contributors." \ + -c "Privacy Guides" \ + -p "Privacy Guides" \ + -e "https://www.privacyguides.org" \ + -n "privacyguides.org_en_articles" \ + /data/site/ /data/${{ env.ZIMFILE_NAME }} + + - name: Upload ZIM File + uses: actions/upload-artifact@v4 + with: + path: ${{ env.ZIMFILE_NAME }} + name: ${{ env.ZIMFILE_NAME }} + compression-level: 0 + + - name: Run zimcheck + uses: addnab/docker-run-action@v3 + continue-on-error: true + with: + image: ghcr.io/openzim/zim-tools:3.1.3 + options: -v ${{ github.workspace }}:/data + run: | + zimcheck /data/${{ env.ZIMFILE_NAME }} + + build_mul: + runs-on: ubuntu-latest + continue-on-error: true + permissions: + contents: read + + env: + MAIN_SITE_BASE_URL: /en/index.html + MAIN_SITE_ABOUT_URL: /en/about.html + MAIN_SITE_RECOMMENDATIONS_URL: /en/tools.html + MAIN_SITE_KNOWLEDGE_BASE_URL: /en/basics/why-privacy-matters.html + ARTICLES_SITE_BASE_URL: /articles/index.html + + strategy: + matrix: + lang: [en, es, fr, he, it, nl, ru, zh-Hant] + + steps: + - name: Add GitHub Token to Environment + run: | + echo "GH_TOKEN=${{ secrets.GITHUB_TOKEN }}" >> "$GITHUB_ENV" + + - name: Download Repository + uses: actions/checkout@v4 + with: + repository: ${{ inputs.repo }} + ref: ${{ inputs.ref }} + persist-credentials: "false" + fetch-depth: 0 + + - name: Download Submodules + uses: actions/download-artifact@v4 + with: + pattern: repo-* + path: modules + + - name: Move mkdocs-material-insiders to mkdocs-material + run: | + rmdir modules/mkdocs-material + mv modules/repo-mkdocs-material-insiders modules/mkdocs-material + + - name: Move brand submodule to theme/assets/brand + run: | + rmdir theme/assets/brand + mv modules/repo-brand theme/assets/brand + + - name: Copy Translation Files + if: matrix.lang != 'en' + run: | + cp -rl modules/repo-i18n/i18n . + cp -rl modules/repo-i18n/includes . + + - name: Install Python (pipenv) + uses: actions/setup-python@v5 + with: + cache: "pipenv" + + - name: Install Python Dependencies + run: | + pip install pipenv + pipenv install + sudo apt install pngquant + + - name: Generate Donating Members List + continue-on-error: true + env: + DISCOURSE_API_KEY: ${{ secrets.RO_DISCOURSE_API_KEY }} + run: | + pip install requests + python tools/generate-members.py > includes/members.md + + - name: Build Website + run: | + ./run.sh --build --production --insiders --offline --lang=${{ matrix.lang }} + + - name: Run generate-topics.sh for top posts + if: matrix.lang == 'en' + run: | + bash tools/generate-topics.sh \ + --source='https://discuss.privacyguides.net/top.json?period=weekly' \ + --tag="top posts" \ + --destination="./site/en/index.html" \ + --count=3 + + - name: Run generate-topics.sh for latest posts + if: matrix.lang == 'en' + run: | + bash tools/generate-topics.sh \ + --source='https://discuss.privacyguides.net/latest.json' \ + --tag="latest posts" \ + --destination="./site/en/index.html" \ + --count=12 + + - name: Delete Unreferenced Assets + run: | + bash tools/delete-unreferenced.sh + env: + ASSETS_DIR: site/${{ matrix.lang }}/assets + SEARCH_DIR: site/${{ matrix.lang }} + + - name: Build Articles + if: matrix.lang == 'en' + run: | + pipenv run mkdocs build --config-file mkdocs.blog.yml + + - name: Delete Unreferenced Assets + if: matrix.lang == 'en' + run: | + bash tools/delete-unreferenced.sh + env: + ASSETS_DIR: site/articles/assets + SEARCH_DIR: site/articles + + - name: Package Website + run: | + tar -czf site-zimready-${{ matrix.lang }}.tar.gz site + + - name: Upload Site + uses: actions/upload-artifact@v4 + with: + name: site-zimready-${{ matrix.lang }}.tar.gz + path: site-zimready-${{ matrix.lang }}.tar.gz + retention-days: 1 + compression-level: 0 + + package_mul: + runs-on: ubuntu-latest + needs: [build_mul] + permissions: + contents: read + + steps: + - name: Download Repository + uses: actions/checkout@v4 + with: + repository: ${{ inputs.repo }} + ref: ${{ inputs.ref }} + persist-credentials: "false" + fetch-depth: 0 + + - name: Download All Sites + uses: actions/download-artifact@v4 + with: + pattern: site-zimready-* + merge-multiple: true + + - name: List Files (for debugging) + run: | + for file in *.tar.gz; do tar -zxf "$file"; done + ls -la site/ + + - name: Remove Duplicate Files + run: | + cd site && bash ../tools/symlink-duplicates.sh + ln -s en/index.html index.html + ln -s en/about/notices.html license + cd .. + + - name: Set zimfile name + run: | + echo "ZIMFILE_NAME=privacyguides.org_mul_all_$(date +%Y)-$(date +%m).zim" >> "$GITHUB_ENV" + + - name: Create ZIM File + uses: addnab/docker-run-action@v3 + with: + image: ghcr.io/openzim/zim-tools:3.1.3 + options: -v ${{ github.workspace }}:/data + run: | + zimwriterfs \ + -w index.html \ + -I en/assets/brand/logos/png/square/pg-yellow.png \ + -l mul \ + -t "Privacy Guides" \ + -d "Your central privacy and security resource to protect yourself online." \ + -c "Privacy Guides" \ + -p "Privacy Guides" \ + -e "https://www.privacyguides.org" \ + -n "privacyguides.org_mul_all" \ + /data/site/ /data/${{ env.ZIMFILE_NAME }} + + - name: Upload ZIM File + uses: actions/upload-artifact@v4 + with: + path: ${{ env.ZIMFILE_NAME }} + name: ${{ env.ZIMFILE_NAME }} + compression-level: 0 + + - name: Run zimcheck + uses: addnab/docker-run-action@v3 + continue-on-error: true + with: + image: ghcr.io/openzim/zim-tools:3.1.3 + options: -v ${{ github.workspace }}:/data + run: | + zimcheck /data/${{ env.ZIMFILE_NAME }} diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index be92650f..1edbe837 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -160,19 +160,6 @@ jobs: social-cache-${{ inputs.repo }}-${{ inputs.lang }}- social-cache-privacyguides/privacyguides.org-${{ inputs.lang }}- - - name: Restore Optimize Plugin Cache - uses: actions/cache/restore@v4 - id: optimize_cache_restore - if: inputs.cache - with: - key: optimize-cache-${{ inputs.repo }}-${{ hashfiles('.cache/plugin/optimize/manifest.json') }} - path: | - .cache/plugin/optimize - restore-keys: | - optimize-cache-${{ inputs.repo }}- - optimize-cache-privacyguides/privacyguides.org- - optimize-cache- - - name: Install Python Dependencies if: inputs.privileged run: | @@ -193,7 +180,7 @@ jobs: DISCOURSE_API_KEY: ${{ secrets.RO_DISCOURSE_API_KEY }} run: | pip install requests - python generate-members.py > includes/members.md + python tools/generate-members.py > includes/members.md - name: Build Website run: | @@ -202,7 +189,7 @@ jobs: - name: Run generate-topics.sh for top posts if: inputs.lang == 'en' run: | - bash generate-topics.sh \ + bash tools/generate-topics.sh \ --source='https://discuss.privacyguides.net/top.json?period=weekly' \ --tag="top posts" \ --destination="./site/en/index.html" \ @@ -211,7 +198,7 @@ jobs: - name: Run generate-topics.sh for latest posts if: inputs.lang == 'en' run: | - bash generate-topics.sh \ + bash tools/generate-topics.sh \ --source='https://discuss.privacyguides.net/latest.json' \ --tag="latest posts" \ --destination="./site/en/index.html" \ @@ -242,16 +229,6 @@ jobs: .cache/plugin/social/manifest.json .cache/plugin/social/assets - - name: Find Optimize Plugin Cache - uses: actions/cache/restore@v4 - if: steps.optimize_cache_restore.outputs.cache-hit != 'true' && inputs.cache - id: optimize_cache_test - with: - key: optimize-cache-privacyguides/privacyguides.org-${{ hashfiles('.cache/plugin/optimize/manifest.json') }} - lookup-only: true - path: | - .cache/plugin/optimize - - name: Save Privacy Plugin Cache uses: actions/cache/save@v4 if: steps.privacy_cache_test.outputs.cache-hit != 'true' && inputs.cache @@ -268,13 +245,6 @@ jobs: .cache/plugin/social/manifest.json .cache/plugin/social/assets - - name: Save Optimize Plugin Cache - uses: actions/cache/save@v4 - if: steps.optimize_cache_test.outputs.cache-hit != 'true' && inputs.cache - with: - key: optimize-cache-${{ inputs.repo }}-${{ hashfiles('.cache/plugin/optimize/manifest.json') }} - path: .cache/plugin/optimize - - name: Upload Site uses: actions/upload-artifact@v4 with: @@ -289,47 +259,3 @@ jobs: name: members.md path: includes/members.md retention-days: 1 - - offline_package: - if: inputs.config == 'offline' && inputs.lang == 'en' - needs: build - runs-on: ubuntu-latest - continue-on-error: ${{ inputs.continue-on-error }} - permissions: - contents: read - - steps: - - uses: actions/download-artifact@v4 - with: - name: site-offline-en.tar.gz - - - run: | - tar -xzf site-offline-en.tar.gz - tar -czf offline.tar.gz site/en - zip -r -q offline.zip site/en - - - name: Upload tar.gz file - uses: actions/upload-artifact@v4 - with: - name: offline.tar.gz - path: offline.tar.gz - - - name: Upload zip file - uses: actions/upload-artifact@v4 - with: - name: offline.zip - path: offline.zip - - - name: Create ZIM File - uses: addnab/docker-run-action@v3 - with: - image: ghcr.io/openzim/zim-tools:3.1.3 - options: -v ${{ github.workspace }}:/data - run: | - zimwriterfs -w index.html -I assets/brand/logos/png/square/pg-yellow.png -l eng -t "Privacy Guides" -d "Your central privacy and security resource to protect yourself online." -c "Privacy Guides" -p "Jonah Aragon" -n "Privacy Guides" -e "https://github.com/privacyguides/privacyguides.org" /data/site/en /data/offline-privacy_guides.zim - - - name: Upload ZIM file - uses: actions/upload-artifact@v4 - with: - name: offline-privacy_guides.zim - path: offline-privacy_guides.zim diff --git a/.github/workflows/publish-immediate.yml b/.github/workflows/publish-immediate.yml index c2d97f5e..41a9fb7d 100644 --- a/.github/workflows/publish-immediate.yml +++ b/.github/workflows/publish-immediate.yml @@ -27,7 +27,6 @@ on: - "main" paths: - "blog/**" - - "videos/**" concurrency: group: release-deployment @@ -61,19 +60,8 @@ jobs: continue-on-error: false context: production - build_videos: - needs: submodule - permissions: - contents: read - uses: ./.github/workflows/build-videos.yml - with: - repo: ${{ github.repository }} - ref: ${{ github.ref }} - continue-on-error: false - context: production - deploy: - needs: [build_blog, build_videos] + needs: [build_blog] uses: privacyguides/webserver/.github/workflows/deploy-garage.yml@main with: environment: production @@ -83,5 +71,5 @@ jobs: cleanup: if: ${{ always() }} - needs: [build_blog, build_videos] + needs: [build_blog] uses: privacyguides/.github/.github/workflows/cleanup.yml@main diff --git a/.github/workflows/publish-pr.yml b/.github/workflows/publish-pr.yml index 569b0c7b..8800e865 100644 --- a/.github/workflows/publish-pr.yml +++ b/.github/workflows/publish-pr.yml @@ -89,18 +89,6 @@ jobs: echo "sha=$(cat metadata/SHA)" >> "$GITHUB_OUTPUT" echo "privileged=$(cat metadata/PRIVILEGED)" >> "$GITHUB_OUTPUT" - deploy_netlify: - needs: metadata - permissions: - contents: read - - uses: privacyguides/webserver/.github/workflows/deploy-netlify-preview.yml@main - with: - netlify_alias: ${{ needs.metadata.outputs.pr_number }} - netlify_site_id: ${{ vars.NETLIFY_SITE }} - secrets: - NETLIFY_TOKEN: ${{ secrets.NETLIFY_TOKEN }} - deploy_garage: needs: metadata permissions: diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml index 3a5b12a8..f320761d 100644 --- a/.github/workflows/publish-release.yml +++ b/.github/workflows/publish-release.yml @@ -50,8 +50,8 @@ jobs: needs: submodule strategy: matrix: - lang: [en, es, fr, he, it, nl, ru, zh-Hant] - build: [build, offline] + lang: [en, es, fr, he, it, nl, ru, zh-Hant, zh-TW] + build: [build] permissions: contents: read uses: ./.github/workflows/build.yml @@ -77,20 +77,20 @@ jobs: continue-on-error: false context: production - build_videos: + build_zimfile: needs: submodule permissions: contents: read - uses: ./.github/workflows/build-videos.yml + uses: ./.github/workflows/build-zimfile.yml with: repo: ${{ github.repository }} ref: ${{ github.ref }} - continue-on-error: false - context: production + secrets: + RO_DISCOURSE_API_KEY: ${{ secrets.RO_DISCOURSE_API_KEY }} release: name: Create release notes - needs: build + needs: [build, build_zimfile] runs-on: ubuntu-latest permissions: contents: write @@ -98,21 +98,20 @@ jobs: steps: - uses: actions/download-artifact@v4 with: - pattern: offline* + pattern: "*.zim" merge-multiple: true - name: Create release notes uses: ncipollo/release-action@v1 with: generateReleaseNotes: true - artifacts: "offline.zip,offline.tar.gz,offline-privacy_guides.zim" + artifacts: "*.zim" makeLatest: true deploy: - needs: [build, build_blog, build_videos] + needs: [build, build_blog] uses: privacyguides/webserver/.github/workflows/deploy-all.yml@main secrets: - NETLIFY_TOKEN: ${{ secrets.NETLIFY_TOKEN }} PROD_MINIO_KEY_ID: ${{ secrets.PROD_MINIO_KEY_ID }} PROD_MINIO_SECRET_KEY: ${{ secrets.PROD_MINIO_SECRET_KEY }} PROD_GARAGE_KEY_ID: ${{ secrets.PROD_GARAGE_KEY_ID }} @@ -126,5 +125,5 @@ jobs: cleanup: if: ${{ always() }} - needs: [build, build_blog, build_videos] + needs: [build, build_blog, build_zimfile] uses: privacyguides/.github/.github/workflows/cleanup.yml@main diff --git a/.github/workflows/update-discussions.yml b/.github/workflows/update-discussions.yml index 3cfb99fa..7c2bb2a7 100644 --- a/.github/workflows/update-discussions.yml +++ b/.github/workflows/update-discussions.yml @@ -57,7 +57,7 @@ jobs: - name: Run generate-topics.sh for top posts run: | - bash generate-topics.sh \ + bash tools/generate-topics.sh \ --source='https://discuss.privacyguides.net/top.json?period=weekly' \ --tag="top posts" \ --destination="./site/en/index.html" \ @@ -65,7 +65,7 @@ jobs: - name: Run generate-topics.sh for latest posts run: | - bash generate-topics.sh \ + bash tools/generate-topics.sh \ --source='https://discuss.privacyguides.net/latest.json' \ --tag="latest posts" \ --destination="./site/en/index.html" \ diff --git a/.mailmap b/.mailmap index 145d381c..1a195b3f 100644 --- a/.mailmap +++ b/.mailmap @@ -15,6 +15,7 @@ Jonah Aragon Jonah Aragon Jonah Aragon Jordan Warne +Jordan Warne Justin Ehrenhofer <12520755+SamsungGalaxyPlayer@users.noreply.github.com> Mare Polaris <15004290+ph00lt0@users.noreply.github.com> Niek de Wilde diff --git a/.vscode/ltex.dictionary.en-US.txt b/.vscode/ltex.dictionary.en-US.txt index 5a2c68ae..a9790e79 100644 --- a/.vscode/ltex.dictionary.en-US.txt +++ b/.vscode/ltex.dictionary.en-US.txt @@ -316,7 +316,6 @@ cryptofs siv-mode cryptolib-swift cryptomator-objc-cryptor -Picocrypt VeraCrypt TrueCrypt cryptoprocessor @@ -569,3 +568,4 @@ allowlisted MyMonero Monero-LWS OkCupid +Anom diff --git a/.vscode/settings.json b/.vscode/settings.json index 3aa44cac..9a388048 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -115,5 +115,6 @@ "editor.formatOnSave": true, "[github-actions-workflow]": { "editor.defaultFormatter": "esbenp.prettier-vscode" - } + }, + "python-envs.pythonProjects": [] } diff --git a/Dockerfile b/Dockerfile index 1d844b91..ce086535 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.12-bookworm AS base +FROM python:3.12-slim-bookworm AS base LABEL org.opencontainers.image.source="https://github.com/privacyguides/privacyguides.org" @@ -33,6 +33,18 @@ COPY Pipfile.lock . # Install all Python dependencies into a project‐local virtual environment at /.venv RUN PIPENV_VENV_IN_PROJECT=1 pipenv install --deploy +#################################################### +# Stage: nodejs-deps +# Install nodejs/npm and compilation dependencies +#################################################### +FROM node:24-bookworm-slim AS nodejs-deps + +RUN npm i -g all-contributors-cli +RUN npm install -g pkg + +RUN cd /usr/local/lib/node_modules/all-contributors-cli && \ + pkg dist/cli.js -t node18-linux -o /usr/local/bin/all-contributors-cli + #################################################### # Stage: runtime # Install runtime dependencies and copy runtime artifacts @@ -60,6 +72,9 @@ RUN apt-get update && \ COPY --from=python-deps /.venv /.venv COPY --from=python-deps /modules/mkdocs-material /modules/mkdocs-material +# Copy all-contributors-cli from nodejs-deps stage +COPY --from=nodejs-deps /usr/local/bin/all-contributors-cli /usr/local/bin/all-contributors-cli + # Ensure the virtual environment’s bin directory is first in PATH ENV PATH="/.venv/bin:$PATH" diff --git a/Pipfile.lock b/Pipfile.lock index 98e22866..84d172c4 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -64,11 +64,11 @@ }, "certifi": { "hashes": [ - "sha256:0a816057ea3cdefcef70270d2c515e4506bbc954f417fa5ade2021213bb8f0c6", - "sha256:30350364dfe371162649852c63336a15c70c6510c2ad5015b21c2345311805f3" + "sha256:e564105f78ded564e3ae7c923924435e1daa7463faeab5bb932bc53ffae63407", + "sha256:f6c12493cfb1b06ba2ff328595af9350c65d6644968e5d3a2ffd78699af217a5" ], - "markers": "python_version >= '3.6'", - "version": "==2025.4.26" + "markers": "python_version >= '3.7'", + "version": "==2025.8.3" }, "cffi": { "hashes": [ @@ -145,101 +145,88 @@ }, "charset-normalizer": { "hashes": [ - "sha256:005fa3432484527f9732ebd315da8da8001593e2cf46a3d817669f062c3d9ed4", - "sha256:046595208aae0120559a67693ecc65dd75d46f7bf687f159127046628178dc45", - "sha256:0c29de6a1a95f24b9a1aa7aefd27d2487263f00dfd55a77719b530788f75cff7", - "sha256:0c8c57f84ccfc871a48a47321cfa49ae1df56cd1d965a09abe84066f6853b9c0", - "sha256:0f5d9ed7f254402c9e7d35d2f5972c9bbea9040e99cd2861bd77dc68263277c7", - "sha256:18dd2e350387c87dabe711b86f83c9c78af772c748904d372ade190b5c7c9d4d", - "sha256:1b1bde144d98e446b056ef98e59c256e9294f6b74d7af6846bf5ffdafd687a7d", - "sha256:1c95a1e2902a8b722868587c0e1184ad5c55631de5afc0eb96bc4b0d738092c0", - "sha256:1cad5f45b3146325bb38d6855642f6fd609c3f7cad4dbaf75549bf3b904d3184", - "sha256:21b2899062867b0e1fde9b724f8aecb1af14f2778d69aacd1a5a1853a597a5db", - "sha256:24498ba8ed6c2e0b56d4acbf83f2d989720a93b41d712ebd4f4979660db4417b", - "sha256:25a23ea5c7edc53e0f29bae2c44fcb5a1aa10591aae107f2a2b2583a9c5cbc64", - "sha256:289200a18fa698949d2b39c671c2cc7a24d44096784e76614899a7ccf2574b7b", - "sha256:28a1005facc94196e1fb3e82a3d442a9d9110b8434fc1ded7a24a2983c9888d8", - "sha256:32fc0341d72e0f73f80acb0a2c94216bd704f4f0bce10aedea38f30502b271ff", - "sha256:36b31da18b8890a76ec181c3cf44326bf2c48e36d393ca1b72b3f484113ea344", - "sha256:3c21d4fca343c805a52c0c78edc01e3477f6dd1ad7c47653241cf2a206d4fc58", - "sha256:3fddb7e2c84ac87ac3a947cb4e66d143ca5863ef48e4a5ecb83bd48619e4634e", - "sha256:43e0933a0eff183ee85833f341ec567c0980dae57c464d8a508e1b2ceb336471", - "sha256:4a476b06fbcf359ad25d34a057b7219281286ae2477cc5ff5e3f70a246971148", - "sha256:4e594135de17ab3866138f496755f302b72157d115086d100c3f19370839dd3a", - "sha256:50bf98d5e563b83cc29471fa114366e6806bc06bc7a25fd59641e41445327836", - "sha256:5a9979887252a82fefd3d3ed2a8e3b937a7a809f65dcb1e068b090e165bbe99e", - "sha256:5baececa9ecba31eff645232d59845c07aa030f0c81ee70184a90d35099a0e63", - "sha256:5bf4545e3b962767e5c06fe1738f951f77d27967cb2caa64c28be7c4563e162c", - "sha256:6333b3aa5a12c26b2a4d4e7335a28f1475e0e5e17d69d55141ee3cab736f66d1", - "sha256:65c981bdbd3f57670af8b59777cbfae75364b483fa8a9f420f08094531d54a01", - "sha256:68a328e5f55ec37c57f19ebb1fdc56a248db2e3e9ad769919a58672958e8f366", - "sha256:6a0289e4589e8bdfef02a80478f1dfcb14f0ab696b5a00e1f4b8a14a307a3c58", - "sha256:6b66f92b17849b85cad91259efc341dce9c1af48e2173bf38a85c6329f1033e5", - "sha256:6c9379d65defcab82d07b2a9dfbfc2e95bc8fe0ebb1b176a3190230a3ef0e07c", - "sha256:6fc1f5b51fa4cecaa18f2bd7a003f3dd039dd615cd69a2afd6d3b19aed6775f2", - "sha256:70f7172939fdf8790425ba31915bfbe8335030f05b9913d7ae00a87d4395620a", - "sha256:721c76e84fe669be19c5791da68232ca2e05ba5185575086e384352e2c309597", - "sha256:7222ffd5e4de8e57e03ce2cef95a4c43c98fcb72ad86909abdfc2c17d227fc1b", - "sha256:75d10d37a47afee94919c4fab4c22b9bc2a8bf7d4f46f87363bcf0573f3ff4f5", - "sha256:76af085e67e56c8816c3ccf256ebd136def2ed9654525348cfa744b6802b69eb", - "sha256:770cab594ecf99ae64c236bc9ee3439c3f46be49796e265ce0cc8bc17b10294f", - "sha256:7a6ab32f7210554a96cd9e33abe3ddd86732beeafc7a28e9955cdf22ffadbab0", - "sha256:7c48ed483eb946e6c04ccbe02c6b4d1d48e51944b6db70f697e089c193404941", - "sha256:7f56930ab0abd1c45cd15be65cc741c28b1c9a34876ce8c17a2fa107810c0af0", - "sha256:8075c35cd58273fee266c58c0c9b670947c19df5fb98e7b66710e04ad4e9ff86", - "sha256:8272b73e1c5603666618805fe821edba66892e2870058c94c53147602eab29c7", - "sha256:82d8fd25b7f4675d0c47cf95b594d4e7b158aca33b76aa63d07186e13c0e0ab7", - "sha256:844da2b5728b5ce0e32d863af26f32b5ce61bc4273a9c720a9f3aa9df73b1455", - "sha256:8755483f3c00d6c9a77f490c17e6ab0c8729e39e6390328e42521ef175380ae6", - "sha256:915f3849a011c1f593ab99092f3cecfcb4d65d8feb4a64cf1bf2d22074dc0ec4", - "sha256:926ca93accd5d36ccdabd803392ddc3e03e6d4cd1cf17deff3b989ab8e9dbcf0", - "sha256:982bb1e8b4ffda883b3d0a521e23abcd6fd17418f6d2c4118d257a10199c0ce3", - "sha256:98f862da73774290f251b9df8d11161b6cf25b599a66baf087c1ffe340e9bfd1", - "sha256:9cbfacf36cb0ec2897ce0ebc5d08ca44213af24265bd56eca54bee7923c48fd6", - "sha256:a370b3e078e418187da8c3674eddb9d983ec09445c99a3a263c2011993522981", - "sha256:a955b438e62efdf7e0b7b52a64dc5c3396e2634baa62471768a64bc2adb73d5c", - "sha256:aa6af9e7d59f9c12b33ae4e9450619cf2488e2bbe9b44030905877f0b2324980", - "sha256:aa88ca0b1932e93f2d961bf3addbb2db902198dca337d88c89e1559e066e7645", - "sha256:aaeeb6a479c7667fbe1099af9617c83aaca22182d6cf8c53966491a0f1b7ffb7", - "sha256:aaf27faa992bfee0264dc1f03f4c75e9fcdda66a519db6b957a3f826e285cf12", - "sha256:b2680962a4848b3c4f155dc2ee64505a9c57186d0d56b43123b17ca3de18f0fa", - "sha256:b2d318c11350e10662026ad0eb71bb51c7812fc8590825304ae0bdd4ac283acd", - "sha256:b33de11b92e9f75a2b545d6e9b6f37e398d86c3e9e9653c4864eb7e89c5773ef", - "sha256:b3daeac64d5b371dea99714f08ffc2c208522ec6b06fbc7866a450dd446f5c0f", - "sha256:be1e352acbe3c78727a16a455126d9ff83ea2dfdcbc83148d2982305a04714c2", - "sha256:bee093bf902e1d8fc0ac143c88902c3dfc8941f7ea1d6a8dd2bcb786d33db03d", - "sha256:c72fbbe68c6f32f251bdc08b8611c7b3060612236e960ef848e0a517ddbe76c5", - "sha256:c9e36a97bee9b86ef9a1cf7bb96747eb7a15c2f22bdb5b516434b00f2a599f02", - "sha256:cddf7bd982eaa998934a91f69d182aec997c6c468898efe6679af88283b498d3", - "sha256:cf713fe9a71ef6fd5adf7a79670135081cd4431c2943864757f0fa3a65b1fafd", - "sha256:d11b54acf878eef558599658b0ffca78138c8c3655cf4f3a4a673c437e67732e", - "sha256:d41c4d287cfc69060fa91cae9683eacffad989f1a10811995fa309df656ec214", - "sha256:d524ba3f1581b35c03cb42beebab4a13e6cdad7b36246bd22541fa585a56cccd", - "sha256:daac4765328a919a805fa5e2720f3e94767abd632ae410a9062dff5412bae65a", - "sha256:db4c7bf0e07fc3b7d89ac2a5880a6a8062056801b83ff56d8464b70f65482b6c", - "sha256:dc7039885fa1baf9be153a0626e337aa7ec8bf96b0128605fb0d77788ddc1681", - "sha256:dccab8d5fa1ef9bfba0590ecf4d46df048d18ffe3eec01eeb73a42e0d9e7a8ba", - "sha256:dedb8adb91d11846ee08bec4c8236c8549ac721c245678282dcb06b221aab59f", - "sha256:e45ba65510e2647721e35323d6ef54c7974959f6081b58d4ef5d87c60c84919a", - "sha256:e53efc7c7cee4c1e70661e2e112ca46a575f90ed9ae3fef200f2a25e954f4b28", - "sha256:e635b87f01ebc977342e2697d05b56632f5f879a4f15955dfe8cef2448b51691", - "sha256:e70e990b2137b29dc5564715de1e12701815dacc1d056308e2b17e9095372a82", - "sha256:e8082b26888e2f8b36a042a58307d5b917ef2b1cacab921ad3323ef91901c71a", - "sha256:e8323a9b031aa0393768b87f04b4164a40037fb2a3c11ac06a03ffecd3618027", - "sha256:e92fca20c46e9f5e1bb485887d074918b13543b1c2a1185e69bb8d17ab6236a7", - "sha256:eb30abc20df9ab0814b5a2524f23d75dcf83cde762c161917a2b4b7b55b1e518", - "sha256:eba9904b0f38a143592d9fc0e19e2df0fa2e41c3c3745554761c5f6447eedabf", - "sha256:ef8de666d6179b009dce7bcb2ad4c4a779f113f12caf8dc77f0162c29d20490b", - "sha256:efd387a49825780ff861998cd959767800d54f8308936b21025326de4b5a42b9", - "sha256:f0aa37f3c979cf2546b73e8222bbfa3dc07a641585340179d768068e3455e544", - "sha256:f4074c5a429281bf056ddd4c5d3b740ebca4d43ffffe2ef4bf4d2d05114299da", - "sha256:f69a27e45c43520f5487f27627059b64aaf160415589230992cec34c5e18a509", - "sha256:fb707f3e15060adf5b7ada797624a6c6e0138e2a26baa089df64c68ee98e040f", - "sha256:fcbe676a55d7445b22c10967bceaaf0ee69407fbe0ece4d032b6eb8d4565982a", - "sha256:fdb20a30fe1175ecabed17cbf7812f7b804b8a315a25f24678bcdf120a90077f" + "sha256:00237675befef519d9af72169d8604a067d92755e84fe76492fef5441db05b91", + "sha256:02425242e96bcf29a49711b0ca9f37e451da7c70562bc10e8ed992a5a7a25cc0", + "sha256:027b776c26d38b7f15b26a5da1044f376455fb3766df8fc38563b4efbc515154", + "sha256:07a0eae9e2787b586e129fdcbe1af6997f8d0e5abaa0bc98c0e20e124d67e601", + "sha256:0cacf8f7297b0c4fcb74227692ca46b4a5852f8f4f24b3c766dd94a1075c4884", + "sha256:0e78314bdc32fa80696f72fa16dc61168fda4d6a0c014e0380f9d02f0e5d8a07", + "sha256:0f2be7e0cf7754b9a30eb01f4295cc3d4358a479843b31f328afd210e2c7598c", + "sha256:13faeacfe61784e2559e690fc53fa4c5ae97c6fcedb8eb6fb8d0a15b475d2c64", + "sha256:14c2a87c65b351109f6abfc424cab3927b3bdece6f706e4d12faaf3d52ee5efe", + "sha256:1606f4a55c0fd363d754049cdf400175ee96c992b1f8018b993941f221221c5f", + "sha256:16a8770207946ac75703458e2c743631c79c59c5890c80011d536248f8eaa432", + "sha256:18343b2d246dc6761a249ba1fb13f9ee9a2bcd95decc767319506056ea4ad4dc", + "sha256:18b97b8404387b96cdbd30ad660f6407799126d26a39ca65729162fd810a99aa", + "sha256:1bb60174149316da1c35fa5233681f7c0f9f514509b8e399ab70fea5f17e45c9", + "sha256:1e8ac75d72fa3775e0b7cb7e4629cec13b7514d928d15ef8ea06bca03ef01cae", + "sha256:1ef99f0456d3d46a50945c98de1774da86f8e992ab5c77865ea8b8195341fc19", + "sha256:2001a39612b241dae17b4687898843f254f8748b796a2e16f1051a17078d991d", + "sha256:23b6b24d74478dc833444cbd927c338349d6ae852ba53a0d02a2de1fce45b96e", + "sha256:252098c8c7a873e17dd696ed98bbe91dbacd571da4b87df3736768efa7a792e4", + "sha256:257f26fed7d7ff59921b78244f3cd93ed2af1800ff048c33f624c87475819dd7", + "sha256:2c322db9c8c89009a990ef07c3bcc9f011a3269bc06782f916cd3d9eed7c9312", + "sha256:30a96e1e1f865f78b030d65241c1ee850cdf422d869e9028e2fc1d5e4db73b92", + "sha256:30d006f98569de3459c2fc1f2acde170b7b2bd265dc1943e87e1a4efe1b67c31", + "sha256:31a9a6f775f9bcd865d88ee350f0ffb0e25936a7f930ca98995c05abf1faf21c", + "sha256:320e8e66157cc4e247d9ddca8e21f427efc7a04bbd0ac8a9faf56583fa543f9f", + "sha256:34a7f768e3f985abdb42841e20e17b330ad3aaf4bb7e7aeeb73db2e70f077b99", + "sha256:3653fad4fe3ed447a596ae8638b437f827234f01a8cd801842e43f3d0a6b281b", + "sha256:3cd35b7e8aedeb9e34c41385fda4f73ba609e561faedfae0a9e75e44ac558a15", + "sha256:3cfb2aad70f2c6debfbcb717f23b7eb55febc0bb23dcffc0f076009da10c6392", + "sha256:416175faf02e4b0810f1f38bcb54682878a4af94059a1cd63b8747244420801f", + "sha256:41d1fc408ff5fdfb910200ec0e74abc40387bccb3252f3f27c0676731df2b2c8", + "sha256:42e5088973e56e31e4fa58eb6bd709e42fc03799c11c42929592889a2e54c491", + "sha256:4ca4c094de7771a98d7fbd67d9e5dbf1eb73efa4f744a730437d8a3a5cf994f0", + "sha256:511729f456829ef86ac41ca78c63a5cb55240ed23b4b737faca0eb1abb1c41bc", + "sha256:53cd68b185d98dde4ad8990e56a58dea83a4162161b1ea9272e5c9182ce415e0", + "sha256:585f3b2a80fbd26b048a0be90c5aae8f06605d3c92615911c3a2b03a8a3b796f", + "sha256:5b413b0b1bfd94dbf4023ad6945889f374cd24e3f62de58d6bb102c4d9ae534a", + "sha256:5d8d01eac18c423815ed4f4a2ec3b439d654e55ee4ad610e153cf02faf67ea40", + "sha256:6aab0f181c486f973bc7262a97f5aca3ee7e1437011ef0c2ec04b5a11d16c927", + "sha256:6cf8fd4c04756b6b60146d98cd8a77d0cdae0e1ca20329da2ac85eed779b6849", + "sha256:6fb70de56f1859a3f71261cbe41005f56a7842cc348d3aeb26237560bfa5e0ce", + "sha256:6fce4b8500244f6fcb71465d4a4930d132ba9ab8e71a7859e6a5d59851068d14", + "sha256:70bfc5f2c318afece2f5838ea5e4c3febada0be750fcf4775641052bbba14d05", + "sha256:73dc19b562516fc9bcf6e5d6e596df0b4eb98d87e4f79f3ae71840e6ed21361c", + "sha256:74d77e25adda8581ffc1c720f1c81ca082921329452eba58b16233ab1842141c", + "sha256:78deba4d8f9590fe4dae384aeff04082510a709957e968753ff3c48399f6f92a", + "sha256:86df271bf921c2ee3818f0522e9a5b8092ca2ad8b065ece5d7d9d0e9f4849bcc", + "sha256:88ab34806dea0671532d3f82d82b85e8fc23d7b2dd12fa837978dad9bb392a34", + "sha256:8999f965f922ae054125286faf9f11bc6932184b93011d138925a1773830bbe9", + "sha256:8dcfc373f888e4fb39a7bc57e93e3b845e7f462dacc008d9749568b1c4ece096", + "sha256:939578d9d8fd4299220161fdd76e86c6a251987476f5243e8864a7844476ba14", + "sha256:96b2b3d1a83ad55310de8c7b4a2d04d9277d5591f40761274856635acc5fcb30", + "sha256:a2d08ac246bb48479170408d6c19f6385fa743e7157d716e144cad849b2dd94b", + "sha256:b256ee2e749283ef3ddcff51a675ff43798d92d746d1a6e4631bf8c707d22d0b", + "sha256:b5e3b2d152e74e100a9e9573837aba24aab611d39428ded46f4e4022ea7d1942", + "sha256:b89bc04de1d83006373429975f8ef9e7932534b8cc9ca582e4db7d20d91816db", + "sha256:bd28b817ea8c70215401f657edef3a8aa83c29d447fb0b622c35403780ba11d5", + "sha256:c60e092517a73c632ec38e290eba714e9627abe9d301c8c8a12ec32c314a2a4b", + "sha256:c6dbd0ccdda3a2ba7c2ecd9d77b37f3b5831687d8dc1b6ca5f56a4880cc7b7ce", + "sha256:c6e490913a46fa054e03699c70019ab869e990270597018cef1d8562132c2669", + "sha256:c6f162aabe9a91a309510d74eeb6507fab5fff92337a15acbe77753d88d9dcf0", + "sha256:c6fd51128a41297f5409deab284fecbe5305ebd7e5a1f959bee1c054622b7018", + "sha256:cc34f233c9e71701040d772aa7490318673aa7164a0efe3172b2981218c26d93", + "sha256:cc9370a2da1ac13f0153780040f465839e6cccb4a1e44810124b4e22483c93fe", + "sha256:ccf600859c183d70eb47e05a44cd80a4ce77394d1ac0f79dbd2dd90a69a3a049", + "sha256:ce571ab16d890d23b5c278547ba694193a45011ff86a9162a71307ed9f86759a", + "sha256:cf1ebb7d78e1ad8ec2a8c4732c7be2e736f6e5123a4146c5b89c9d1f585f8cef", + "sha256:d0e909868420b7049dafd3a31d45125b31143eec59235311fc4c57ea26a4acd2", + "sha256:d22dbedd33326a4a5190dd4fe9e9e693ef12160c77382d9e87919bce54f3d4ca", + "sha256:d716a916938e03231e86e43782ca7878fb602a125a91e7acb8b5112e2e96ac16", + "sha256:d79c198e27580c8e958906f803e63cddb77653731be08851c7df0b1a14a8fc0f", + "sha256:d95bfb53c211b57198bb91c46dd5a2d8018b3af446583aab40074bf7988401cb", + "sha256:e28e334d3ff134e88989d90ba04b47d84382a828c061d0d1027b1b12a62b39b1", + "sha256:ec557499516fc90fd374bf2e32349a2887a876fbf162c160e3c01b6849eaf557", + "sha256:fb6fecfd65564f208cbf0fba07f107fb661bcd1a7c389edbced3f7a493f70e37", + "sha256:fb731e5deb0c7ef82d698b0f4c5bb724633ee2a489401594c5c88b02e6cb15f7", + "sha256:fb7f67a1bfa6e40b438170ebdc8158b78dc465a5a67b6dde178a46987b244a72", + "sha256:fd10de089bcdcd1be95a2f73dbe6254798ec1bda9f450d5828c96f93e2536b9c", + "sha256:fdabf8315679312cfa71302f9bd509ded4f2f263fb5b765cf1433b39106c3cc9" ], "markers": "python_version >= '3.7'", - "version": "==3.4.2" + "version": "==3.4.3" }, "click": { "hashes": [ @@ -275,11 +262,11 @@ }, "filelock": { "hashes": [ - "sha256:adbc88eabb99d2fec8c9c1b229b171f18afa655400173ddc653d5d01501fb9f2", - "sha256:c401f4f8377c4464e6db25fff06205fd89bdd83b65eb0488ed1b160f780e21de" + "sha256:66eda1888b0171c998b35be2bcc0f6d75c388a7ce20c3f3f37aa8e96c2dddf58", + "sha256:d38e30481def20772f5baf097c122c3babc4fcdb7e14e57049eb9d88c6dc017d" ], "markers": "python_version >= '3.9'", - "version": "==3.18.0" + "version": "==3.19.1" }, "ghp-import": { "hashes": [ @@ -298,11 +285,11 @@ }, "gitpython": { "hashes": [ - "sha256:9e0e10cda9bed1ee64bc9a6de50e7e38a9c9943241cd7f585f6df3ed28011110", - "sha256:c87e30b26253bf5418b01b0660f818967f3c503193838337fe5e573331249269" + "sha256:85b0ee964ceddf211c41b9f27a49086010a190fd8132a24e21f362a4b36a791c", + "sha256:8908cb2e02fb3b93b7eb0f2827125cb699869470432cc885f019b8fd0fccff77" ], "markers": "python_version >= '3.7'", - "version": "==3.1.44" + "version": "==3.1.45" }, "hjson": { "hashes": [ @@ -336,11 +323,11 @@ }, "markdown": { "hashes": [ - "sha256:794a929b79c5af141ef5ab0f2f642d0f7b1872981250230e72682346f7cc90dc", - "sha256:7df81e63f0df5c4b24b7d156eb81e4690595239b7d70937d0409f1b0de319c6f" + "sha256:9f4d91ed810864ea88a6f32c07ba8bee1346c0cc1f6b1f9f6c822f2a9667d280", + "sha256:d2900fe1782bd33bdbbd56859defef70c2e78fc46668f8eb9df3128138f2cb6a" ], "markers": "python_version >= '3.9'", - "version": "==3.8" + "version": "==3.9" }, "markupsafe": { "hashes": [ @@ -435,12 +422,12 @@ }, "mkdocs-git-authors-plugin": { "hashes": [ - "sha256:acdacc8452db90a94d9c395a230b16965a9f2f51e0a6eef182ac7d3e02e394fb", - "sha256:e19f0252ead3d626fd73e15bb56d6675704c3b62aa569ebc363f791291b8f60e" + "sha256:28421a99c3e872a8e205674bb80ec48524838243e5f59eaf9bd97df103e38901", + "sha256:29d1973b2835663d79986fb756e02f1f0ff3fe35c278e993206bd3c550c205e4" ], "index": "pypi", "markers": "python_version >= '3.8'", - "version": "==0.9.5" + "version": "==0.10.0" }, "mkdocs-git-revision-date-localized-plugin": { "hashes": [ @@ -453,20 +440,21 @@ }, "mkdocs-glightbox": { "hashes": [ - "sha256:392b34207bf95991071a16d5f8916d1d2f2cd5d5bb59ae2997485ccd778c70d9", - "sha256:e0107beee75d3eb7380ac06ea2d6eac94c999eaa49f8c3cbab0e7be2ac006ccf" - ], - "index": "pypi", - "version": "==0.4.0" - }, - "mkdocs-macros-plugin": { - "hashes": [ - "sha256:02432033a5b77fb247d6ec7924e72fc4ceec264165b1644ab8d0dc159c22ce59", - "sha256:17c7fd1a49b94defcdb502fd453d17a1e730f8836523379d21292eb2be4cb523" + "sha256:7d78a5b045f2479f61b0bbb17742ba701755c56b013e70ac189c9d87a91e80bf", + "sha256:f47af0daff164edf8d36e553338425be3aab6e34b987d9cbbc2ae7819a98cb01" ], "index": "pypi", "markers": "python_version >= '3.8'", - "version": "==1.3.7" + "version": "==0.5.1" + }, + "mkdocs-macros-plugin": { + "hashes": [ + "sha256:01b6003fbe9b55fdc97c0abb66f811d65abfd291dcf70f277990165553faa99a", + "sha256:c52351295efdbdbb37a9f0ea639719055ddb64a00115457289940e85696a81d9" + ], + "index": "pypi", + "markers": "python_version >= '3.8'", + "version": "==1.3.9" }, "mkdocs-material": { "extras": [ @@ -494,73 +482,68 @@ }, "msgpack": { "hashes": [ - "sha256:06f5fd2f6bb2a7914922d935d3b8bb4a7fff3a9a91cfce6d06c13bc42bec975b", - "sha256:071603e2f0771c45ad9bc65719291c568d4edf120b44eb36324dcb02a13bfddf", - "sha256:0907e1a7119b337971a689153665764adc34e89175f9a34793307d9def08e6ca", - "sha256:0f92a83b84e7c0749e3f12821949d79485971f087604178026085f60ce109330", - "sha256:115a7af8ee9e8cddc10f87636767857e7e3717b7a2e97379dc2054712693e90f", - "sha256:13599f8829cfbe0158f6456374e9eea9f44eee08076291771d8ae93eda56607f", - "sha256:17fb65dd0bec285907f68b15734a993ad3fc94332b5bb21b0435846228de1f39", - "sha256:2137773500afa5494a61b1208619e3871f75f27b03bcfca7b3a7023284140247", - "sha256:3180065ec2abbe13a4ad37688b61b99d7f9e012a535b930e0e683ad6bc30155b", - "sha256:398b713459fea610861c8a7b62a6fec1882759f308ae0795b5413ff6a160cf3c", - "sha256:3d364a55082fb2a7416f6c63ae383fbd903adb5a6cf78c5b96cc6316dc1cedc7", - "sha256:3df7e6b05571b3814361e8464f9304c42d2196808e0119f55d0d3e62cd5ea044", - "sha256:41c991beebf175faf352fb940bf2af9ad1fb77fd25f38d9142053914947cdbf6", - "sha256:42f754515e0f683f9c79210a5d1cad631ec3d06cea5172214d2176a42e67e19b", - "sha256:452aff037287acb1d70a804ffd022b21fa2bb7c46bee884dbc864cc9024128a0", - "sha256:4676e5be1b472909b2ee6356ff425ebedf5142427842aa06b4dfd5117d1ca8a2", - "sha256:46c34e99110762a76e3911fc923222472c9d681f1094096ac4102c18319e6468", - "sha256:471e27a5787a2e3f974ba023f9e265a8c7cfd373632247deb225617e3100a3c7", - "sha256:4a1964df7b81285d00a84da4e70cb1383f2e665e0f1f2a7027e683956d04b734", - "sha256:4b51405e36e075193bc051315dbf29168d6141ae2500ba8cd80a522964e31434", - "sha256:4d1b7ff2d6146e16e8bd665ac726a89c74163ef8cd39fa8c1087d4e52d3a2325", - "sha256:53258eeb7a80fc46f62fd59c876957a2d0e15e6449a9e71842b6d24419d88ca1", - "sha256:534480ee5690ab3cbed89d4c8971a5c631b69a8c0883ecfea96c19118510c846", - "sha256:58638690ebd0a06427c5fe1a227bb6b8b9fdc2bd07701bec13c2335c82131a88", - "sha256:58dfc47f8b102da61e8949708b3eafc3504509a5728f8b4ddef84bd9e16ad420", - "sha256:59caf6a4ed0d164055ccff8fe31eddc0ebc07cf7326a2aaa0dbf7a4001cd823e", - "sha256:5dbad74103df937e1325cc4bfeaf57713be0b4f15e1c2da43ccdd836393e2ea2", - "sha256:5e1da8f11a3dd397f0a32c76165cf0c4eb95b31013a94f6ecc0b280c05c91b59", - "sha256:646afc8102935a388ffc3914b336d22d1c2d6209c773f3eb5dd4d6d3b6f8c1cb", - "sha256:64fc9068d701233effd61b19efb1485587560b66fe57b3e50d29c5d78e7fef68", - "sha256:65553c9b6da8166e819a6aa90ad15288599b340f91d18f60b2061f402b9a4915", - "sha256:685ec345eefc757a7c8af44a3032734a739f8c45d1b0ac45efc5d8977aa4720f", - "sha256:6ad622bf7756d5a497d5b6836e7fc3752e2dd6f4c648e24b1803f6048596f701", - "sha256:73322a6cc57fcee3c0c57c4463d828e9428275fb85a27aa2aa1a92fdc42afd7b", - "sha256:74bed8f63f8f14d75eec75cf3d04ad581da6b914001b474a5d3cd3372c8cc27d", - "sha256:79ec007767b9b56860e0372085f8504db5d06bd6a327a335449508bbee9648fa", - "sha256:7a946a8992941fea80ed4beae6bff74ffd7ee129a90b4dd5cf9c476a30e9708d", - "sha256:7ad442d527a7e358a469faf43fda45aaf4ac3249c8310a82f0ccff9164e5dccd", - "sha256:7c9a35ce2c2573bada929e0b7b3576de647b0defbd25f5139dcdaba0ae35a4cc", - "sha256:7e7b853bbc44fb03fbdba34feb4bd414322180135e2cb5164f20ce1c9795ee48", - "sha256:879a7b7b0ad82481c52d3c7eb99bf6f0645dbdec5134a4bddbd16f3506947feb", - "sha256:8a706d1e74dd3dea05cb54580d9bd8b2880e9264856ce5068027eed09680aa74", - "sha256:8a84efb768fb968381e525eeeb3d92857e4985aacc39f3c47ffd00eb4509315b", - "sha256:8cf9e8c3a2153934a23ac160cc4cba0ec035f6867c8013cc6077a79823370346", - "sha256:8da4bf6d54ceed70e8861f833f83ce0814a2b72102e890cbdfe4b34764cdd66e", - "sha256:8e59bca908d9ca0de3dc8684f21ebf9a690fe47b6be93236eb40b99af28b6ea6", - "sha256:914571a2a5b4e7606997e169f64ce53a8b1e06f2cf2c3a7273aa106236d43dd5", - "sha256:a51abd48c6d8ac89e0cfd4fe177c61481aca2d5e7ba42044fd218cfd8ea9899f", - "sha256:a52a1f3a5af7ba1c9ace055b659189f6c669cf3657095b50f9602af3a3ba0fe5", - "sha256:ad33e8400e4ec17ba782f7b9cf868977d867ed784a1f5f2ab46e7ba53b6e1e1b", - "sha256:b4c01941fd2ff87c2a934ee6055bda4ed353a7846b8d4f341c428109e9fcde8c", - "sha256:bce7d9e614a04d0883af0b3d4d501171fbfca038f12c77fa838d9f198147a23f", - "sha256:c40ffa9a15d74e05ba1fe2681ea33b9caffd886675412612d93ab17b58ea2fec", - "sha256:c5a91481a3cc573ac8c0d9aace09345d989dc4a0202b7fcb312c88c26d4e71a8", - "sha256:c921af52214dcbb75e6bdf6a661b23c3e6417f00c603dd2070bccb5c3ef499f5", - "sha256:d46cf9e3705ea9485687aa4001a76e44748b609d260af21c4ceea7f2212a501d", - "sha256:d8ce0b22b890be5d252de90d0e0d119f363012027cf256185fc3d474c44b1b9e", - "sha256:dd432ccc2c72b914e4cb77afce64aab761c1137cc698be3984eee260bcb2896e", - "sha256:e0856a2b7e8dcb874be44fea031d22e5b3a19121be92a1e098f46068a11b0870", - "sha256:e1f3c3d21f7cf67bcf2da8e494d30a75e4cf60041d98b3f79875afb5b96f3a3f", - "sha256:f1ba6136e650898082d9d5a5217d5906d1e138024f836ff48691784bbe1adf96", - "sha256:f3e9b4936df53b970513eac1758f3882c88658a220b58dcc1e39606dccaaf01c", - "sha256:f80bc7d47f76089633763f952e67f8214cb7b3ee6bfa489b3cb6a84cfac114cd", - "sha256:fd2906780f25c8ed5d7b323379f6138524ba793428db5d0e9d226d3fa6aa1788" + "sha256:196a736f0526a03653d829d7d4c5500a97eea3648aebfd4b6743875f28aa2af8", + "sha256:1abfc6e949b352dadf4bce0eb78023212ec5ac42f6abfd469ce91d783c149c2a", + "sha256:1b13fe0fb4aac1aa5320cd693b297fe6fdef0e7bea5518cbc2dd5299f873ae90", + "sha256:1d75f3807a9900a7d575d8d6674a3a47e9f227e8716256f35bc6f03fc597ffbf", + "sha256:2fbbc0b906a24038c9958a1ba7ae0918ad35b06cb449d398b76a7d08470b0ed9", + "sha256:33be9ab121df9b6b461ff91baac6f2731f83d9b27ed948c5b9d1978ae28bf157", + "sha256:353b6fc0c36fde68b661a12949d7d49f8f51ff5fa019c1e47c87c4ff34b080ed", + "sha256:36043272c6aede309d29d56851f8841ba907a1a3d04435e43e8a19928e243c1d", + "sha256:3765afa6bd4832fc11c3749be4ba4b69a0e8d7b728f78e68120a157a4c5d41f0", + "sha256:3a89cd8c087ea67e64844287ea52888239cbd2940884eafd2dcd25754fb72232", + "sha256:40eae974c873b2992fd36424a5d9407f93e97656d999f43fca9d29f820899084", + "sha256:4147151acabb9caed4e474c3344181e91ff7a388b888f1e19ea04f7e73dc7ad5", + "sha256:435807eeb1bc791ceb3247d13c79868deb22184e1fc4224808750f0d7d1affc1", + "sha256:4835d17af722609a45e16037bb1d4d78b7bdf19d6c0128116d178956618c4e88", + "sha256:4a28e8072ae9779f20427af07f53bbb8b4aa81151054e882aee333b158da8752", + "sha256:4d3237b224b930d58e9d83c81c0dba7aacc20fcc2f89c1e5423aa0529a4cd142", + "sha256:4df2311b0ce24f06ba253fda361f938dfecd7b961576f9be3f3fbd60e87130ac", + "sha256:4fd6b577e4541676e0cc9ddc1709d25014d3ad9a66caa19962c4f5de30fc09ef", + "sha256:500e85823a27d6d9bba1d057c871b4210c1dd6fb01fbb764e37e4e8847376323", + "sha256:5692095123007180dca3e788bb4c399cc26626da51629a31d40207cb262e67f4", + "sha256:5fd1b58e1431008a57247d6e7cc4faa41c3607e8e7d4aaf81f7c29ea013cb458", + "sha256:61abccf9de335d9efd149e2fff97ed5974f2481b3353772e8e2dd3402ba2bd57", + "sha256:61e35a55a546a1690d9d09effaa436c25ae6130573b6ee9829c37ef0f18d5e78", + "sha256:6640fd979ca9a212e4bcdf6eb74051ade2c690b862b679bfcb60ae46e6dc4bfd", + "sha256:6d489fba546295983abd142812bda76b57e33d0b9f5d5b71c09a583285506f69", + "sha256:6f64ae8fe7ffba251fecb8408540c34ee9df1c26674c50c4544d72dbf792e5ce", + "sha256:71ef05c1726884e44f8b1d1773604ab5d4d17729d8491403a705e649116c9558", + "sha256:77b79ce34a2bdab2594f490c8e80dd62a02d650b91a75159a63ec413b8d104cd", + "sha256:78426096939c2c7482bf31ef15ca219a9e24460289c00dd0b94411040bb73ad2", + "sha256:79c408fcf76a958491b4e3b103d1c417044544b68e96d06432a189b43d1215c8", + "sha256:7a17ac1ea6ec3c7687d70201cfda3b1e8061466f28f686c24f627cae4ea8efd0", + "sha256:7da8831f9a0fdb526621ba09a281fadc58ea12701bc709e7b8cbc362feabc295", + "sha256:870b9a626280c86cff9c576ec0d9cbcc54a1e5ebda9cd26dab12baf41fee218c", + "sha256:88d1e966c9235c1d4e2afac21ca83933ba59537e2e2727a999bf3f515ca2af26", + "sha256:88daaf7d146e48ec71212ce21109b66e06a98e5e44dca47d853cbfe171d6c8d2", + "sha256:8a8b10fdb84a43e50d38057b06901ec9da52baac6983d3f709d8507f3889d43f", + "sha256:8b17ba27727a36cb73aabacaa44b13090feb88a01d012c0f4be70c00f75048b4", + "sha256:8b65b53204fe1bd037c40c4148d00ef918eb2108d24c9aaa20bc31f9810ce0a8", + "sha256:8ddb2bcfd1a8b9e431c8d6f4f7db0773084e107730ecf3472f1dfe9ad583f3d9", + "sha256:96decdfc4adcbc087f5ea7ebdcfd3dee9a13358cae6e81d54be962efc38f6338", + "sha256:996f2609ddf0142daba4cefd767d6db26958aac8439ee41db9cc0db9f4c4c3a6", + "sha256:9d592d06e3cc2f537ceeeb23d38799c6ad83255289bb84c2e5792e5a8dea268a", + "sha256:a32747b1b39c3ac27d0670122b57e6e57f28eefb725e0b625618d1b59bf9d1e0", + "sha256:a494554874691720ba5891c9b0b39474ba43ffb1aaf32a5dac874effb1619e1a", + "sha256:a8ef6e342c137888ebbfb233e02b8fbd689bb5b5fcc59b34711ac47ebd504478", + "sha256:ae497b11f4c21558d95de9f64fff7053544f4d1a17731c866143ed6bb4591238", + "sha256:b1ce7f41670c5a69e1389420436f41385b1aa2504c3b0c30620764b15dded2e7", + "sha256:b8f93dcddb243159c9e4109c9750ba5b335ab8d48d9522c5308cd05d7e3ce600", + "sha256:ba0c325c3f485dc54ec298d8b024e134acf07c10d494ffa24373bea729acf704", + "sha256:bb29aaa613c0a1c40d1af111abf025f1732cab333f96f285d6a93b934738a68a", + "sha256:bba1be28247e68994355e028dcd668316db30c1f758d3241a7b903ac78dcd285", + "sha256:cb643284ab0ed26f6957d969fe0dd8bb17beb567beb8998140b5e38a90974f6c", + "sha256:d182dac0221eb8faef2e6f44701812b467c02674a322c739355c39e94730cdbf", + "sha256:d275a9e3c81b1093c060c3837e580c37f47c51eca031f7b5fb76f7b8470f5f9b", + "sha256:d8b55ea20dc59b181d3f47103f113e6f28a5e1c89fd5b67b9140edb442ab67f2", + "sha256:da8f41e602574ece93dbbda1fab24650d6bf2a24089f9e9dbb4f5730ec1e58ad", + "sha256:e4141c5a32b5e37905b5940aacbc59739f036930367d7acce7a64e4dec1f5e0b", + "sha256:f5be6b6bc52fad84d010cb45433720327ce886009d862f46b26d4d154001994b", + "sha256:f6d58656842e1b2ddbe07f43f56b10a60f2ba5826164910968f5933e5178af75" ], "markers": "python_version >= '3.8'", - "version": "==1.1.0" + "version": "==1.1.1" }, "packaging": { "hashes": [ @@ -672,11 +655,11 @@ }, "platformdirs": { "hashes": [ - "sha256:3d512d96e16bcb959a814c9f348431070822a6496326a4be0911c40b5a74c2bc", - "sha256:ff7059bb7eb1179e2685604f4aaf157cfd9535242bd23742eadc3c13542139b4" + "sha256:abd01743f24e5287cd7a5db3752faf1a2d65353f38ec26d98e25a6db65958c85", + "sha256:ca753cf4d81dc309bc67b0ea38fd15dc97bc30ce419a7f58d13eb3bf14c4febf" ], "markers": "python_version >= '3.9'", - "version": "==4.3.8" + "version": "==4.4.0" }, "pycparser": { "hashes": [ @@ -786,11 +769,77 @@ }, "requests": { "hashes": [ - "sha256:55365417734eb18255590a9ff9eb97e9e1da868d4ccd6402399eaf68af20a760", - "sha256:70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6" + "sha256:2462f94637a34fd532264295e186976db0f5d453d1cdd31473c85a6a161affb6", + "sha256:dbba0bac56e100853db0ea71b82b4dfd5fe2bf6d3754a8893c3af500cec7d7cf" ], - "markers": "python_version >= '3.8'", - "version": "==2.32.3" + "markers": "python_version >= '3.9'", + "version": "==2.32.5" + }, + "selectolax": { + "hashes": [ + "sha256:0933659b4250b91317ccd78167e6804389cdaf7ed86c5d034b058a550d23110f", + "sha256:0a98c3f3d8fffb175456cb06096bc78103ddf6a209bea6392e0e4ea4e25aca71", + "sha256:15679e9935ccf6c480a34baf8fe217c2b2023e0df18799f0232032dc8ac66d41", + "sha256:21de62b5093b1cb6c5d4cab0bef5f708b9ee1483b640d42be9d955becfcd287a", + "sha256:24f3f5de4051ca33ea769c8a99798c7e30e6500e090e363d5fcd3382b1ae8dfa", + "sha256:25cfccfefc41361ab8a07f15a224524a4a8b77dfa7d253b34bbd397e45856734", + "sha256:28696fa4581765c705e15d05dfba464334f5f9bcb3eac9f25045f815aec6fbc1", + "sha256:29e71fbd58b90d2920ef91a940680cb5331710fe397925ce9d10c3f2f086bf27", + "sha256:2bfe4327215a20af4197c5b7e3729a9552fb324bb57250dc7e7abfa0f848a463", + "sha256:2f5c3523ad5199a4fb9b95b6e24ff9222d3605023ca394b23f7dd910e7536daf", + "sha256:3625057ba0eab766db555f753959cc2759ec8ac49cded7c5f4d507d80fdf9433", + "sha256:38462ae369897f71da287f1282079c11f1b878b99a4d1d509d1116ce05226d88", + "sha256:394d356ea611a7853c13c910a57c1a80a8356f9c920aa8168b3f8aaa62e433d8", + "sha256:3e5354d805dd76b4b38002f58e6ae2e7b429ac311bf3601992a6662d2bc86911", + "sha256:3f58dca53d2d3dc18dfd2cb9210a5625f32598db24e3f857f5be58f21a8f3b88", + "sha256:45682905dd88e268bb5906ce2c3927e89f77b910824a6f64419bfec482cd67be", + "sha256:47587db7cef411d22f8224cf2926aacdb326c4c838d386035229f16ccc2d8d26", + "sha256:484274f73839f9a143f4c13ce1b0a0123b5d64be22f967a1dc202a9a78687d67", + "sha256:50b18a262ea01ca5522f9a30c28ecadb004be88296f6bd2ace21464f89a3cbcc", + "sha256:5388c56456272b2c241fc1906db9cc993984cafdad936cb5e061e3af0c44144e", + "sha256:558a0c665538bfd0549c40c4ea46523a77e8eae09f4e678191cf54c31c17517c", + "sha256:565304311e45c582e85ec525b0646aede6f8db1f22bc08786e94f7b6552d4311", + "sha256:6abdd8357f1c105c1add01a9f0373511fa832548b2e2778b00a8ba2a4508d6ed", + "sha256:6c684d66a0f8e48786ef6d79b9e1e84cb1ffd0835232b4033bed37cf978d1303", + "sha256:6d3f373efd1db18ac9b2222de2668aaa366a1f0b560241eab128f3ca68e8add1", + "sha256:6ff48efe4364c8148a553a4105773a0accee9cc25e0f2a40ddac44d18a5a3000", + "sha256:7073e3bcdc60ebdb5f8777c79b465471ec000ab556134da4e00f037d3321a2ec", + "sha256:7c10452a3a14ee7aa49afb141c3725ef7ba930d5b5391798daf2e053c414a158", + "sha256:8377c317bf1d5fd6ccc56dfb5a0928bbcbea3e800b7af54761cfbbb99dc94cb9", + "sha256:85aeae54f055cf5451828a21fbfecac99b8b5c27ec29fd10725b631593a7c9a3", + "sha256:90c435bc49395344abdaed80d98079466e8c8b6469118cec5cc9cae4dce8bcad", + "sha256:912a1fc03157ebd066d8f59ae9ca2412ef95c7101a51590327c23071b02c97c7", + "sha256:97b9971bb37b54ef4440134f22792d15c9ee12d890a526a7fe0b376502240143", + "sha256:9858fef96e4e332fa64102f0ab1ecf8f88a9ea46a82d379fb421c8f736b60090", + "sha256:9c969626b2295702076f50aac91e44c3bba639fa2e1a612bf6ae254bf29b4d57", + "sha256:a3d44a295416b79815d2858ed4ccb71bf3b63087483a5d3705daa837c9dcf44d", + "sha256:ac940963c52f13cdf5d7266a979744949b660d367ce669efa073b557f6e09a18", + "sha256:aecf29641a4b092331d081fb59f12f6b3fd236c16b48ef6e86419454df787ae1", + "sha256:af5cd03298cd75cb0fbf712d6ae4f8aca9c13a226d2821ca82f51cc9b33b032f", + "sha256:b0c9005e9089a6b0c6fb6a9f691ddbbb10a3a23ebeff54393980340f3dbcdb99", + "sha256:bc1676cd243812ca6ddd79ad53997996535e27db17fda3d440b470bb322f5959", + "sha256:bd99ff0f5a6c017c471635d4ee45b61d25f24689331e407147b2cf5e36892480", + "sha256:bdd1e63735f2fb8485fb6b9f4fe30d6c030930f438f46a4a62bd9886ab3c7fd9", + "sha256:be12a160b1feacd3db1ea2274dcb70dfa9b123b7a1216849eec7b48b6783e903", + "sha256:bf14ca824c4c9fd9b0534d0f316657495ffcedbaf77690be335242c688512b86", + "sha256:c198a1d3693aeccf1c45871bf3fee4bd46428fa99cdb9f3dfee20e1b48c363c7", + "sha256:c6b569fa67a122bfd7f0776c1c922daf122fb4502c8116a903c6168742b84db9", + "sha256:cfb803d6bbe0ef3c8847cf5a01167cc428c0d9179946e1c994cc6178b5332d1a", + "sha256:d0a6d8e02c6b9ba951d7b5a5dd2788a1d4bbdedc89782a4de165f1a87c4168ac", + "sha256:d458db7fee5f6b1ce75664ce8a009343c0aac1993a7b844a997cfea3ad0ea77b", + "sha256:d4ecc262db7afb0087e679176043178dc59791fce56659f62775a96d60596f1d", + "sha256:d6a1cd0518fa7656ea1683c4b2d3b5a98306753f364da9f673517847e1680a3e", + "sha256:db734ba4ef44fa3b57ad9374fd7ccfc7815c0ae5cfcbd5ee25fe8587092618d1", + "sha256:deeab93386b6c9a75052515f5b9e7e3dd623c585871c0c2b3126970ff902603b", + "sha256:dfee3340e8c89dd25a7dd621940b928960e4c9a70c4830d208f29b0adf288743", + "sha256:e13befacff5f78102aa11465055ecb6d4b35f89663e36f271f2b506bcab14112", + "sha256:e3112f05a34bf36d36ecc51520b1d98c4667b54a3f123dffef5072273e89a360", + "sha256:e7f4cc1b7ce9691559decfd5db7cc500e71a9f6ccfe76c054f284c184a1d1dc9", + "sha256:e9e4690894f406863e25ba49da27e1a6fda9bfc21b0b315c399d3093be080e81", + "sha256:ea52e0c128e8e89f98ab0ccaabbc853677de5730729a3351da595976131b66e0", + "sha256:edd2760699c60dde7d847aebd81f02035f7bddcd0ad3db8e73326dfc84a2dc8f" + ], + "version": "==0.3.29" }, "six": { "hashes": [ @@ -834,11 +883,11 @@ }, "urllib3": { "hashes": [ - "sha256:414bc6535b787febd7567804cc015fee39daab8ad86268f1310a9250697de466", - "sha256:4e16665048960a0900c702d4a66415956a584919c03361cac9f1df5c5dd7e813" + "sha256:3fc47733c7e419d4bc3f6b3dc2b4f890bb743906a30d56ba4a5bfa4bbff92760", + "sha256:e6b01673c0fa6a13e374b50871808eb3bf7046c4b125b216f6bf1cc604cff0dc" ], "markers": "python_version >= '3.9'", - "version": "==2.4.0" + "version": "==2.5.0" }, "watchdog": { "hashes": [ diff --git a/README.md b/README.md index e7f81258..db0b3409 100644 --- a/README.md +++ b/README.md @@ -42,7 +42,7 @@ **Privacy Guides** is a socially motivated website that provides information for protecting your data security and privacy. Our mission is to inform the public about the value of digital privacy, and global government initiatives which aim to monitor your online activity. We are a non-profit collective operated entirely by volunteer team members and contributors. Our website is free of advertisements and not affiliated with any of the listed providers. -The current list of team members can be found [here](https://www.privacyguides.org/en/about/#executive-committee). Additionally, [many people](#contributors) have made contributions to the project, and you can too! +The current list of team members can be found on [the executive committee page](https://www.privacyguides.org/en/about/#executive-committee). Additionally, [many people](#contributors) have made contributions to the project, and you can too! *Featured on: [Tweakers](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html), [The New York Times](https://nytimes.com/wirecutter/guides/online-security-social-media-privacy), [Wired](https://wired.com/story/firefox-mozilla-2022), and [Fast Company](https://www.fastcompany.com/91167564/mozilla-wants-you-to-love-firefox-again).* @@ -63,9 +63,7 @@ All contributors to the site are listed [here](#contributors). If you have contr ## Mirrors - **GitHub Pages:** [privacyguides.github.io/privacyguides.org](https://privacyguides.github.io/privacyguides.org/en/) -- **Netlify (AWS):** [illustrious-bavarois-56cf30.netlify.app](https://illustrious-bavarois-56cf30.netlify.app/en/) - **BunnyCDN:** [privacyguides-org-production.b-cdn.net](https://privacyguides-org-production.b-cdn.net/en/) -- **Hetzner:** [direct.privacyguides.org](https://direct.privacyguides.org/en/) (discouraged!) ### Alternative Networks @@ -117,7 +115,7 @@ Committing to this repository requires [signing your commits](https://docs.githu It is required to create a GitHub release to publish the current site to privacyguides.org. The current `main` branch can be previewed at [https://main.staging.privacyguides.dev](https://main.staging.privacyguides.dev) prior to release. 1. Create a new tag: `git tag -s YYYY.MM.DD -m 'Some message'` - - Tag numbering: `YYYY.MM.DD` - if two+ releases are published on the same day, append short commit sha to next release, e.g. `YYYY.MM.DD-6aa14e8` + - Tag numbering: `YYYY.MM.DD` - if two+ releases are published on the same day, append short commit to the next release, e.g. `YYYY.MM.DD-6aa14e8` - Enable GPG tag signing by default (`git config tag.gpgSign true`) to avoid missing signatures 2. Push the tag to GitHub: `git push --tags` 3. A GitHub Release will be automatically created and deployed to the live site. @@ -156,429 +154,446 @@ Privacy Guides wouldn't be possible without these wonderful people ([emoji key](
matchboxbananasynergy
📖 🔬 🤔 👀 📝
fria
📖 👀 🔬 💬 🐛 🤔 +
jordan warne
📖 📹 🔬 🤔 💬 📣 +
Em
📝 📣 🤔 +
Kevin Pham
📝 📣 💬 🔬 🤔 📖 + +
GitHub Actions
🚇
Triplebit
🚇
MAGIC Grants
💼 - -
Netlify
🚇
Dependabot
💻 🚇 + +
Hetzner Cloud
🚇
Cloudflare
🚇
Open Collective
💼 - -
Safing
💵
Dan Arel
📝 📖 🔬 + +
Techlore
💵
elitejake
📖
samsepi0l
📖 - -
rollsicecream
📖 💬 🌍 👀
Henry Fisher
📖 + +
Nate Bartram
📝
Sam Howell
📝
asddsaz
📖 - -
Hugo Costa
📖
C-O-M-P-A-R-T-M-E-N-T-A-L-I-Z-A-T-I-O-N
📖 + +
Alberto Strappazzon
📖
Victorhck
📖
Tai Lam
📖 🚧 - -
NinebitX
📖
Alexander Antukh
📖 + +
Gusted
📖
redoomed1
👀 📖
Offpics
📖 - -
kimg45
📖
djoate
📖 + +
afighttilldeath
📖
Paul Verbeke
📖 🌍 🐛 🧑‍🏫
Mitchell Cash
📖 - -
NeverDucky
📖
efb4f5ff-1298-471a-8973-3d47447115dc
📖 + +
Stephen Karl Larroque
📖
0rdinant
📖
Zenithium
📖 - -
Jordan Gwyn
📖
Guru
📖 + +
datoshkr
📖
Kcchouette
📖
Jacob Neplokh
📖 - -
Leonardo Mazzon
📖 🐛 💵 📣 💬 🌍
Andrew Chong
📖 + +
Wok
📖
nopeitsnothing
📖
Lynn Stephenson
📖 - -
Cory Solovewicz
📖
noClaps
📖 + +
Brian
📖
SkewedZeppelin
📖 💬
Arcadius3D
📖 - -
vpnarea
📖
namazso
📖 💬 + +
cYDN48
📖
gjhklfdsa
📖
Pavel Zolotarevskiy
📖 - -
quiddity-wp
📖
Nikhil Jha
📖 + +
Subatomic Honda Civic
📖
ticklemyIP
📖
jermanuts
📖 - -
conorohiggins
📖
TechFanTheo
📖 + +
Ryan Taylor
📖
Positron832
📖
JustLuckNoSkill
📖 - -
Arkadiy
📖
Jack Chou
📖 + +
ave
📖
Boo
📖
IDKwhattoputhere
📖 - -
idkrn
📖
ggg27
📖 + +
WalterKlosse
📖
Tom Hacohen
📖
Paul Feuvraux
📖 - -
Scott Bennett
📖
Federico Ariel Castagnini
📖 + +
jslawler-gh
📖
spaceoden
📖
xe3
📖 - -
Andrew Morgan
📖
Caleb King
📖 + +
Eduardo
📖
NafeezJS
📖
Sloofy
📖 - -
Sam Schlinkert
📖
Gabor Luk
📖 + +
DeiAsPie
📖
Davide Taviani
📖
spanishharlem
📖 - -
Jacob Gonzales
📖
Kaede
📖 + +
LABB
📖
Raviu8
📖
Peter Dave Hello
📖 - -
Rose
📖
Oskar Sharipov
📖 + +
Samuel Lucas
📖
NylaTheWolf
📖
Matthew Davis
📖 - -
Mark Cohen
📖
Mad Scientist
📖 + +
Maarten
📖
William Davis
📖
William Thomas Wilkins
📖 - -
wylel
📖
Will Browning
📖 + +
Yi Cao
📖
Yusuf Daglioglu
📖
Zack
📖 - -
ZH王
📖
ansuz
📖 + +
archeite
📖
asdfghjz
📖
ayaen
📖 - -
b-harper
📖
Loic Vourch
📖 + +
crasm
📖
eagerto-learn
📖
egecelikci
📖 - -
elleybean
📖
Evan Song
📖 + +
pynixis
📖
Seirdy
📖
Ryan Huang
📖 - -
Sascha P.
📖
Securified
📖 + +
Sergey Musiyenko
📖
Spydar007
📖
Steven Bach
📖 - -
Steven Lehn
📖
Steven van de Graaf
📖 + +
Sven Kortekaas
📖
Tejas Gupta
📖
Tebowy Seba
📖 - -
Ted Gravlin
📖
TheFrenchGhosty
📖 + +
TheNoobWar
📖
Thomas Rientjes
📖
Tim Vergenz
📖 - -
Tom Sullivan
📖
Tony Tan
📖 + +
TroubleDog54
📖
User486375
📖
Nicholas Christensen
📖 - -
oppressor1761
📖
pbbob
📖 + +
pdjpdjpdj
📖
Stella Polaris
📖 🔬 📣 💬 👀
regaldude
📖 - -
rusty-snake
📖
sacha
📖 + +
schwukas
📖
sh-dv
📖
szTheory
📖 - -
Thunderbolt Digital
📖
E. S. Leonesco
📖 + +
titanism
📖
tomac4t
📖
virustotalop
📖 - -
wintr
📖
xelarate86
📖 + +
yeoneer
📖
foxt
📖
Freddie
📖 - -
ghbjklhv
📖
Raymond Hill
📖 + +
luke crouch
📖
fd1f744993de14178e6c
📖
habitualname
📖 - -
hook
📖
nein
📖 + +
jkhgvfgvsth
📖
joaonsg
📖
johnnyburnaway
📖 - -
jus9
📖
kc1212
📖 + +
kryptish
📖
m3t
📖
macau23
📖 - -
mat1th
📖
MWM
📖 -
Michael Plews
📖 -
moritztk
📖 -
Aaron Horler
📖 +
Michael Plews
📖 +
moritztk
📖
Commenter
📖
Cédric Laubacher
📖
Daniel Peukert
📖 -
David Breese
📖 -
Dimitris Apostolou
📖 +
David Breese
📖 +
Dimitris Apostolou
📖
Dyrimon
📖
Ikel Atomig
📖
Elias Ojala
📖 -
Feni Brian
📖 -
Filip Š
📖 +
Feni Brian
📖 +
Filip Š
📖
Felix Albroscheit
📖
GReagle
📖
Gamma
📖 -
GetBoz
📖 -
GrimPixel
📖 +
GetBoz
📖 +
GrimPixel
📖
Guillem L. Jara
📖
HxxxxxS
📖
Himanshu Chandola
📖 -
Issam Maghni
📖 -
ItsDonny
📖 +
Issam Maghni
📖 +
ItsDonny
📖
Abdullah Atta
📖
Adam Sroka
📖
criadoperez
📖 -
Alex Amiryan
📖 -
Alex Shoup
📖 +
Alex Amiryan
📖 +
Alex Shoup
📖
Alex Thomassen
📖
Amolith
📖
Andrea Scarpino
📖 -
Armando Lüscher
📖 -
Ash T
📖 +
Armando Lüscher
📖 +
Ash T
📖
Bernd Eichelberger
📖
BionicBison05
📖
Brent Gervais
📖 -
Brian Cooper
📖 -
Caboose700
📖 +
Brian Cooper
📖 +
Caboose700
📖
Cadel Watson
📖
trosel
📖
Carl
📖 -
Chad Birch
📖 -
Chris Barry
📖 +
Chad Birch
📖 +
Chris Barry
📖
Júlio Ferraz
📖
Jack Hill
📖
Mathias Oterhals Myklebust
📖 -
Mats Estensen
📖 -
Matt Baer
📖 +
Mats Estensen
📖 +
Matt Baer
📖
Mehdi Chaouch
📖
Mike Perrone
📖
Mitch Wilkins
📖 -
Mo
📖 -
Morten Linderud
📖 +
Mo
📖 +
Morten Linderud
📖
natzim
📖
Douglas
📖
Nick
📖 -
NielDB
📖 -
Nihal Raj
📖 +
NielDB
📖 +
Nihal Raj
📖
Noah
📖
Panagiotis "Ivory" Vasilopoulos
📖
Patrick R
📖 -
Fart Attorney
📖 -
Pilou
📖 +
Fart Attorney
📖 +
Pilou
📖
PoorPockets McNewHold
📖 🌍
PrinceKael
📖
Richard
📖 -
Jaden Site
📖 -
Jake Zeal
📖 +
Jaden Site
📖 +
Jake Zeal
📖
James Kerrane
📖
Sell
📖
YMHuang
📖 -
Jonathan Vansina
📖 -
jorgeluiscarrillo
📖 +
Jonathan Vansina
📖 +
jorgeluiscarrillo
📖
Julian
📖
Kefaku
📖
Kevin Brennan
📖 -
Kyle Spearrin
📖 -
Leon Allen
📖 +
Kyle Spearrin
📖 +
Leon Allen
📖
LisaWilbourn
📖
Lord Shedy
📖
Louis Wolfers
📖 -
Lunush
📖 -
MMR
📖 +
Lunush
📖 +
MMR
📖
Mads Peter Rommedahl
📖
Manuel Quarneti
📖
Marco Menzel
📖 -
Mario
📖 -
skye
💬 +
Mario
📖 +
skye
💬
r2fo
🌍
LamTrinh.Dev
📖 🐛 💬
frostlike
💬 -
Merlin Scholz
🌍 -
jordan warne
📖 +
Merlin Scholz
🌍
Dženan
🌍
jx tsai
🌍
backstab5983
📖
antgig
📖 -
Ákos Nikházy
📖 +
Ákos Nikházy
📖
Francois Marier
📖
5-tom
📖
Ralphie0511
📖
aleksejs1
📖 -
Martin
📖 +
Martin
📖
Overwatch
📖
Kieran Colfer
📖
Triple T
📖
IDON-TEXIST
📖 -
Yusuf Daglioglu
📖 +
Yusuf Daglioglu
📖
Yi Cao
📖
Sayf Dhū al-Faqār
📖
eylenburg
📖
Kieran Colfer
📖 -
Justin Ehrenhofer
📖 💼 🔍 +
Justin Ehrenhofer
📖 💼 🔍
Alex Bruch
🌍
qiyongzheng
📖
Sam K
📖 📣 💬
Spirizer
🌍 + +
jordbm
📖 🚧 🛡️ +
Austin Huang
📖 💬 +
Ward
📖 +
oilmaint
📖 +
headdirt
📖 + + +
Quentin McRee
📖 +
Sven
📖 +
Tom Honour
📖 +
Brogio
📖 +
Nathan Youngman
📖 + + +
Jeremy
📖 @@ -597,22 +612,22 @@ Privacy Guides wouldn't be possible without these wonderful people ([emoji key]( -This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind welcome, including contributions to Privacy Guides outside of this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.). +This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind welcome, including contributions to Privacy Guides outside this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.). CLI to generate this table: ```bash -npx --package all-contributors-cli -- npx all-contributors generate +all-contributors-cli generate ``` CLI to add a contributor: ```bash -npx --package all-contributors-cli -- npx all-contributors add +all-contributors-cli add ``` -See [this table](https://allcontributors.org/docs/en/emoji-key) for valid contribution reasons, comma-separated. Do **not** use the `content` code for contributors to the website, use `docs` instead (this way it will automatically link to their commits). Example: +See [this table](https://allcontributors.org/docs/en/emoji-key) for valid contribution reasons, comma-separated. Do **not** use the `content` code for contributors to the website, use `doc` instead (this way it will automatically link to their commits). Example: ```bash -npx --package all-contributors-cli -- npx all-contributors add jonaharagon docs,research,question +all-contributors-cli add jonaharagon doc,research,question ``` diff --git a/blog/assets/images/chat-control-must-be-stopped/chatcontrol-LornaSchutte-chatcontroleu-1.webp b/blog/assets/images/chat-control-must-be-stopped/chatcontrol-LornaSchutte-chatcontroleu-1.webp new file mode 100644 index 00000000..38e0c7e0 Binary files /dev/null and b/blog/assets/images/chat-control-must-be-stopped/chatcontrol-LornaSchutte-chatcontroleu-1.webp differ diff --git a/blog/assets/images/chat-control-must-be-stopped/chatcontrol-LornaSchutte-chatcontroleu-2.webp b/blog/assets/images/chat-control-must-be-stopped/chatcontrol-LornaSchutte-chatcontroleu-2.webp new file mode 100644 index 00000000..f6920802 Binary files /dev/null and b/blog/assets/images/chat-control-must-be-stopped/chatcontrol-LornaSchutte-chatcontroleu-2.webp differ diff --git a/blog/assets/images/chat-control-must-be-stopped/chatcontrol-LornaSchutte-chatcontroleu-3.webp b/blog/assets/images/chat-control-must-be-stopped/chatcontrol-LornaSchutte-chatcontroleu-3.webp new file mode 100644 index 00000000..9b3c70d7 Binary files /dev/null and b/blog/assets/images/chat-control-must-be-stopped/chatcontrol-LornaSchutte-chatcontroleu-3.webp differ diff --git a/blog/assets/images/chat-control-must-be-stopped/chatcontrol-cover.webp b/blog/assets/images/chat-control-must-be-stopped/chatcontrol-cover.webp new file mode 100644 index 00000000..0f5f299e Binary files /dev/null and b/blog/assets/images/chat-control-must-be-stopped/chatcontrol-cover.webp differ diff --git a/blog/assets/images/chat-control-must-be-stopped/chatcontrol-fightchatcontrol-website.webp b/blog/assets/images/chat-control-must-be-stopped/chatcontrol-fightchatcontrol-website.webp new file mode 100644 index 00000000..4aa44630 Binary files /dev/null and b/blog/assets/images/chat-control-must-be-stopped/chatcontrol-fightchatcontrol-website.webp differ diff --git a/blog/assets/images/chat-control-must-be-stopped/chatcontrol-map-chatcontroleu-20250903.webp b/blog/assets/images/chat-control-must-be-stopped/chatcontrol-map-chatcontroleu-20250903.webp new file mode 100644 index 00000000..c1e0d9ed Binary files /dev/null and b/blog/assets/images/chat-control-must-be-stopped/chatcontrol-map-chatcontroleu-20250903.webp differ diff --git a/blog/assets/images/chat-control-must-be-stopped/chatcontrol-stopscanningme-meme-2.webp b/blog/assets/images/chat-control-must-be-stopped/chatcontrol-stopscanningme-meme-2.webp new file mode 100644 index 00000000..f61db43c Binary files /dev/null and b/blog/assets/images/chat-control-must-be-stopped/chatcontrol-stopscanningme-meme-2.webp differ diff --git a/blog/assets/images/chat-control-must-be-stopped/chatcontrol-stopscanningme-meme-4.webp b/blog/assets/images/chat-control-must-be-stopped/chatcontrol-stopscanningme-meme-4.webp new file mode 100644 index 00000000..3626472c Binary files /dev/null and b/blog/assets/images/chat-control-must-be-stopped/chatcontrol-stopscanningme-meme-4.webp differ diff --git a/blog/assets/images/chat-control-must-be-stopped/chatcontrol-stopscanningme-video.webp b/blog/assets/images/chat-control-must-be-stopped/chatcontrol-stopscanningme-video.webp new file mode 100644 index 00000000..6c61e2ad Binary files /dev/null and b/blog/assets/images/chat-control-must-be-stopped/chatcontrol-stopscanningme-video.webp differ diff --git a/blog/assets/images/mastodon-privacy-and-security/mastodon-choosing-instance.webp b/blog/assets/images/mastodon-privacy-and-security/mastodon-choosing-instance.webp new file mode 100644 index 00000000..5c9dd26a Binary files /dev/null and b/blog/assets/images/mastodon-privacy-and-security/mastodon-choosing-instance.webp differ diff --git a/blog/assets/images/mastodon-privacy-and-security/mastodon-cover.webp b/blog/assets/images/mastodon-privacy-and-security/mastodon-cover.webp new file mode 100644 index 00000000..97f25c0d Binary files /dev/null and b/blog/assets/images/mastodon-privacy-and-security/mastodon-cover.webp differ diff --git a/blog/assets/images/mastodon-privacy-and-security/mastodon-private-mention-encryption.webp b/blog/assets/images/mastodon-privacy-and-security/mastodon-private-mention-encryption.webp new file mode 100644 index 00000000..289ec901 Binary files /dev/null and b/blog/assets/images/mastodon-privacy-and-security/mastodon-private-mention-encryption.webp differ diff --git a/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-accesses-authorized-apps.webp b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-accesses-authorized-apps.webp new file mode 100644 index 00000000..ed6a75af Binary files /dev/null and b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-accesses-authorized-apps.webp differ diff --git a/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-accesses-login-history.webp b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-accesses-login-history.webp new file mode 100644 index 00000000..171df739 Binary files /dev/null and b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-accesses-login-history.webp differ diff --git a/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-accesses-sessions-list.webp b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-accesses-sessions-list.webp new file mode 100644 index 00000000..5000f61e Binary files /dev/null and b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-accesses-sessions-list.webp differ diff --git a/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-account-privacy-options.webp b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-account-privacy-options.webp new file mode 100644 index 00000000..a56a253f Binary files /dev/null and b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-account-privacy-options.webp differ diff --git a/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-account-privacy-reach.webp b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-account-privacy-reach.webp new file mode 100644 index 00000000..6f9109b5 Binary files /dev/null and b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-account-privacy-reach.webp differ diff --git a/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-block-domains-csv.webp b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-block-domains-csv.webp new file mode 100644 index 00000000..0279052a Binary files /dev/null and b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-block-domains-csv.webp differ diff --git a/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-block-domains-file.webp b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-block-domains-file.webp new file mode 100644 index 00000000..3e6301a7 Binary files /dev/null and b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-block-domains-file.webp differ diff --git a/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-block-domains-import.webp b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-block-domains-import.webp new file mode 100644 index 00000000..17b2623c Binary files /dev/null and b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-block-domains-import.webp differ diff --git a/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-block-instance.webp b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-block-instance.webp new file mode 100644 index 00000000..5978afb6 Binary files /dev/null and b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-block-instance.webp differ diff --git a/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-block-user.webp b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-block-user.webp new file mode 100644 index 00000000..b294f6b4 Binary files /dev/null and b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-block-user.webp differ diff --git a/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-deletion-account.webp b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-deletion-account.webp new file mode 100644 index 00000000..fb1ce7d0 Binary files /dev/null and b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-deletion-account.webp differ diff --git a/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-deletion.webp b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-deletion.webp new file mode 100644 index 00000000..c54e0ffb Binary files /dev/null and b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-deletion.webp differ diff --git a/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-export.webp b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-export.webp new file mode 100644 index 00000000..a630de8e Binary files /dev/null and b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-export.webp differ diff --git a/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-move-account-alias.webp b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-move-account-alias.webp new file mode 100644 index 00000000..0ca2c7fe Binary files /dev/null and b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-move-account-alias.webp differ diff --git a/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-move-account-migration.webp b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-move-account-migration.webp new file mode 100644 index 00000000..26f4b02f Binary files /dev/null and b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-move-account-migration.webp differ diff --git a/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-move-export.webp b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-move-export.webp new file mode 100644 index 00000000..ac079130 Binary files /dev/null and b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-move-export.webp differ diff --git a/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-move-import.webp b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-move-import.webp new file mode 100644 index 00000000..7d8d8d08 Binary files /dev/null and b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-move-import.webp differ diff --git a/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-multifactor-enabled.webp b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-multifactor-enabled.webp new file mode 100644 index 00000000..96a3195d Binary files /dev/null and b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-multifactor-enabled.webp differ diff --git a/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-multifactor-mac-popup.webp b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-multifactor-mac-popup.webp new file mode 100644 index 00000000..afa7fb1b Binary files /dev/null and b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-multifactor-mac-popup.webp differ diff --git a/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-multifactor-qrcode.webp b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-multifactor-qrcode.webp new file mode 100644 index 00000000..ee85e974 Binary files /dev/null and b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-multifactor-qrcode.webp differ diff --git a/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-multifactor-securitykey-added.webp b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-multifactor-securitykey-added.webp new file mode 100644 index 00000000..fcab02c0 Binary files /dev/null and b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-multifactor-securitykey-added.webp differ diff --git a/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-multifactor-securitykey-prompted.webp b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-multifactor-securitykey-prompted.webp new file mode 100644 index 00000000..c09adab4 Binary files /dev/null and b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-multifactor-securitykey-prompted.webp differ diff --git a/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-multifactor-securitykey.webp b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-multifactor-securitykey.webp new file mode 100644 index 00000000..692ef16b Binary files /dev/null and b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-multifactor-securitykey.webp differ diff --git a/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-multifactor-setup.webp b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-multifactor-setup.webp new file mode 100644 index 00000000..9b49688c Binary files /dev/null and b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-multifactor-setup.webp differ diff --git a/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-personal-note.webp b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-personal-note.webp new file mode 100644 index 00000000..50fc2c83 Binary files /dev/null and b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-personal-note.webp differ diff --git a/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-posts-account-page.webp b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-posts-account-page.webp new file mode 100644 index 00000000..5d3e0bc6 Binary files /dev/null and b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-posts-account-page.webp differ diff --git a/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-posts-default.webp b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-posts-default.webp new file mode 100644 index 00000000..0c5b8349 Binary files /dev/null and b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-posts-default.webp differ diff --git a/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-posts-quote-posts.webp b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-posts-quote-posts.webp new file mode 100644 index 00000000..8e3517d1 Binary files /dev/null and b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-posts-quote-posts.webp differ diff --git a/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-posts-visibility-types.webp b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-posts-visibility-types.webp new file mode 100644 index 00000000..69e02ae4 Binary files /dev/null and b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-posts-visibility-types.webp differ diff --git a/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-private-mention.webp b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-private-mention.webp new file mode 100644 index 00000000..d3b79cc5 Binary files /dev/null and b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-private-mention.webp differ diff --git a/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-report.webp b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-report.webp new file mode 100644 index 00000000..cddc5a5b Binary files /dev/null and b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-report.webp differ diff --git a/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-tutorial-cover.webp b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-tutorial-cover.webp new file mode 100644 index 00000000..eeb99300 Binary files /dev/null and b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-tutorial-cover.webp differ diff --git a/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-verification-author-setup.webp b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-verification-author-setup.webp new file mode 100644 index 00000000..17a30d29 Binary files /dev/null and b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-verification-author-setup.webp differ diff --git a/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-verification-link-setup.webp b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-verification-link-setup.webp new file mode 100644 index 00000000..491788cc Binary files /dev/null and b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-verification-link-setup.webp differ diff --git a/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-verification-links.webp b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-verification-links.webp new file mode 100644 index 00000000..bbb83e88 Binary files /dev/null and b/blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-verification-links.webp differ diff --git a/blog/assets/images/privacy-is-like-broccoli/broccoli-cover.webp b/blog/assets/images/privacy-is-like-broccoli/broccoli-cover.webp new file mode 100644 index 00000000..bfb1c981 Binary files /dev/null and b/blog/assets/images/privacy-is-like-broccoli/broccoli-cover.webp differ diff --git a/blog/assets/images/privacy-washing-is-a-dirty-business/washing-cover.webp b/blog/assets/images/privacy-washing-is-a-dirty-business/washing-cover.webp new file mode 100644 index 00000000..786e7ff3 Binary files /dev/null and b/blog/assets/images/privacy-washing-is-a-dirty-business/washing-cover.webp differ diff --git a/blog/assets/images/red-and-green-privacy-flags/dontcare-cover.webp b/blog/assets/images/red-and-green-privacy-flags/dontcare-cover.webp new file mode 100644 index 00000000..c5500513 Binary files /dev/null and b/blog/assets/images/red-and-green-privacy-flags/dontcare-cover.webp differ diff --git a/blog/posts/activists-guide-securing-your-smartphone.md b/blog/posts/activists-guide-securing-your-smartphone.md index 17635027..8fbb3a55 100644 --- a/blog/posts/activists-guide-securing-your-smartphone.md +++ b/blog/posts/activists-guide-securing-your-smartphone.md @@ -8,6 +8,8 @@ authors: - jonah description: Your phone is an essential tool, but it also represents a huge risk to your privacy and security. Understanding these best practices when it comes to securing your smartphone will help keep you and your data safe. schema_type: AnalysisNewsArticle +preview: + cover: blog/assets/images/activists-guide-securing-your-smartphone/cover.webp --- # The Protesters' Guide to Smartphone Security diff --git a/blog/posts/biometrics-explained.md b/blog/posts/biometrics-explained.md index 244a17c4..b1e43655 100644 --- a/blog/posts/biometrics-explained.md +++ b/blog/posts/biometrics-explained.md @@ -11,6 +11,8 @@ license: BY-SA schema_type: BackgroundNewsArticle description: | Biometrics are a convenient and secure way to authenticate our devices. Many of us use and trust the biometrics of our devices without much thought, but are they really secure? With so many options, which ones are the best? +preview: + cover: blog/assets/images/biometrics-explained/biometrics.webp --- # Biometrics Explained diff --git a/blog/posts/chat-control-must-be-stopped.md b/blog/posts/chat-control-must-be-stopped.md new file mode 100644 index 00000000..12f61936 --- /dev/null +++ b/blog/posts/chat-control-must-be-stopped.md @@ -0,0 +1,313 @@ +--- +date: + created: 2025-09-08T18:00:00Z + updated: 2025-09-15T16:30:00Z +categories: + - News +authors: + - em +description: + Chat Control is back to undermine everyone's privacy. There's an important deadline on October 14th, 2025. We must act now to stop it! +schema_type: ReportageNewsArticle +preview: + cover: blog/assets/images/chat-control-must-be-stopped/chatcontrol-cover.webp +--- + +# Chat Control Must Be Stopped, Act Now! + +![Filtered photo of a protest with a protestor holding a sign in first plan. The background is a red monochrome and the sign is in turquoise. The sign says "You won't make me live this 1984 sh*t".](../assets/images/chat-control-must-be-stopped/chatcontrol-cover.webp) + + + +If you've heard of [Chat Control](the-future-of-privacy.md) already, bad news: **it's back**. If you haven't, this is a pressing issue you should urgently learn more about if you value privacy, democracy, and human rights. This is happening **right now**, and **we must act to stop it right now**. + +Take a minute to visualize this: Every morning you wake up with a police officer entering your home to inspect it, and staying with you all day long. + +The agent checks your bathroom, your medicine cabinet, your bedroom, your closets, your drawers, your fridge, and takes photos and notes to document everything. Then, this report is uploaded to the police's cloud. It's "[for a good cause](encryption-is-not-a-crime.md)" you know, it's to make sure you aren't hiding any child sexual abuse material under your bed. + +Every morning. Even if you're naked in bed. Even while you're having a call with your doctor or your lover. Even when you're on a date. Even while you're working and discussing your client's confidential information with their attorney. This police officer is there, listening to you and reporting on everything you do. + +This is the in-person equivalent of Chat Control, a piece of legislation that would mandate **all** services to scan **all** private digital communications of **everyone** residing in the European Union. + +This is an Orwellian nightmare. + +## Act now! + +This is happening **right now**. European governments will be finalizing their positions on the regulation proposal on September 12th, and there will be a final vote on **October 14th, 2025**. + +
+

Important: If you are reading this article after September 12th

+ +Regardless of the outcome on September 12th, the fight isn't over. The next deadline will be the **final vote on October 14th, 2025**. + +If you've missed September 12th, make sure to contact your representatives **right now** to tell them to **oppose Chat Control** on October 14th. + +
+ +- ==If you are not located in Europe==: Keep reading, this will affect you too. + +- If you are still unconvinced: Keep reading, we discuss Chat Control in [more details](#why-is-this-bad) below. + +- If you are located in Europe: You must **act now** to stop it. + +
+

How to stop this? Contact your MEPs today

+ +Use this [**website**](https://fightchatcontrol.eu/) to easily contact your government representatives, and tell them they should **oppose Chat Control**. Even if your country already opposes Chat Control, contact your representatives to tell them you are relieved they oppose, and support them in this decision to protect human rights. This will help reinforce their position. + +But if your country *supports* Chat Control, or is *undecided*, **it is vital that you contact your representatives as soon as possible**. To support your point, you can share this article with them or one of the many great [resources](#resources-to-learn-more-and-fight-for-human-rights) listed at the end. + +At the time of this writing, the list of countries to contact is: + +| **Supporting (15)** | | **Undecided (6)** | +| ---------------------------------- | ----------------------------------- | -------------------- | +| :triangular_flag_on_post: Bulgaria | :triangular_flag_on_post: Latvia | :warning: Estonia | +| :triangular_flag_on_post: Croatia | :triangular_flag_on_post: Lithuania | :warning: Germany | +| :triangular_flag_on_post: Cyprus | :triangular_flag_on_post: Malta | :warning: Greece | +| :triangular_flag_on_post: Denmark | :triangular_flag_on_post: Portugal | :warning: Luxembourg | +| :triangular_flag_on_post: France | :triangular_flag_on_post: Slovakia | :warning: Romania | +| :triangular_flag_on_post: Hungary | :triangular_flag_on_post: Spain | :warning: Slovenia | +| :triangular_flag_on_post: Ireland | :triangular_flag_on_post: Sweden | | +| :triangular_flag_on_post: Italy | | | + +
+ +![A map of countries part of the European Union. Countries opposing Chat Control are represented in green, countries undecided in blue, and countries in favor are in red. Below there is text saying "Act now! www.chatcontrol.eu".](../assets/images/chat-control-must-be-stopped/chatcontrol-map-chatcontroleu-20250903.webp) + + +## What is Chat Control? + +"Chat Control" refers to a series of legislative proposals that would make it mandatory for *all* service providers (text messaging, email, social media, cloud storage, hosting services, etc.) to scan *all* communications and *all* files (including end-to-end encrypted ones), in order to supposedly detect whatever the government deems "abusive material." + +The push for Chat Control started in 2021 with the approval of a [derogation](https://www.patrick-breyer.de/en/chatcontrol-european-parliament-approves-mass-surveillance-of-private-communications/) to the ePrivacy Directive by the European Parliament. This derogation escalated to a second proposal for *mandatory* scanning a year later, which was [rejected](https://fortune.com/europe/2023/10/26/eu-chat-control-csam-encryption-privacy-european-commission-parliament-johansson-breyer-zarzalejos-ernst/) in 2023. Nevertheless, lawmakers and lobbyists determined to undermine our safety and civil liberties are bringing it back again two years later, **literally trying to wear you down**. + +We cannot let authoritarians wear us down until we lose all our privacy rights. Our privacy rights are fundamental to so many other human rights, to civil liberties, to public safety, and to functioning democracies. + +Chat Control undermines all of this. + +Cryptography professor and cybersecurity expert Matthew Green described the 2022 proposal document for Chat Control as "[**the most terrifying thing I've ever seen**](https://fortune.com/2022/05/12/europe-phone-surveillance-crackdown-child-sexual-abuse-material-sparks-outrage-among-cybersecurity-experts-privacy-activists/)". + +And terrifying, it is. + +The [most recent proposal for Chat Control](https://tuta.com/blog/chat-control-criticism) comes from the EU Council Danish presidency pushing for regulation misleadingly called the **Child Sexual Abuse Regulation** (CSAR). Despite its seemingly caring name, this regulation will **not** help fight child abuse, and will even likely worsen it, impacting negatively what is already being done to fight child abuse (more on this in the [next section](#would-this-protect-the-children)). + +The CSAR proposal (which *is* the latest iteration of Chat Control) could be implemented as early as *next month*, if we do not stop it. + +**The problem is this: Chat Control will not work, it is unreliable, it will escalate in scope, and it will endanger everyone (including the children).** + +Even if you are not in Europe, know that Chat Control will affect everyone inside *and* outside of Europe one way or another. Regardless of where you are, you should be concerned and pay attention, and there are things you can do to fight back. This is important. + +![Still image from a video showing an illustration of three cellphones being scanned by a red light, with lines leading to a law enforcement icon.](../assets/images/chat-control-must-be-stopped/chatcontrol-stopscanningme-video.webp) + + +## Why is this bad? + +The idea that it's possible to somehow [magically protect](encryption-is-not-a-crime.md/#magical-backdoor-only-for-the-good-guys-is-a-complete-fantasy) information properly while giving access to unquestionably well-intended law enforcement comes from either extreme naivety, lack of information, and plain dishonesty. + +This proposal would effectively break any end-to-end encryption protections, and potentially expose all your files and communications to not only law enforcement, but eventually also to criminals of all sorts (with the data breaches, data leaks, and corruption that will inevitably follow). + +Here's a summary of some dangers this regulation would create if approved: + +- **Breaking end-to-end encryption**: Removing crucial protections for all sensitive files and communications of vulnerable populations, victims, whistleblowers, journalists, activists, and everyone else. + +- **Mission creep**: Once this mass surveillance system is in place, authorities can decide to add more criteria such as searching all communications for references to drug use, protest attendances, political dissidence, or even [negative comments](https://www.lemonde.fr/en/international/article/2025/03/22/how-a-french-researcher-being-refused-entry-to-the-us-turned-into-a-diplomatic-mess_6739415_4.html) about a leader. Europol (the EU law enforcement agency) has already called for [expanding the program](https://www.youtube.com/watch?v=L933xDcSS3o&t=2016s). + +![A cartoon illustration explaining that chat control is planning to monitor all chats, emails, and messenger conversations, and use artificial intelligence to automatically report flagged content to the police.](../assets/images/chat-control-must-be-stopped/chatcontrol-LornaSchutte-chatcontroleu-1.webp) + + +- **Criminal attacks**: Each time a backdoor exists, it doesn't take long for criminals to find access and steal our information. This could include criminals finding access to each service independently or to the entire database authorities would keep. A database that would be filled with material tagged as sexually explicit text or photos of children. This could even *create* new Child Sexual Abuse Material (CSAM) for criminals. For example, consenting teenagers innocently sexting together could have their photos collected in this database, after being wrongly flagged by the automated system. Then, criminals could steal their intimate photos from the governments. + +- **False positives**: With a mass surveillance system this large, moreover a system with no transparency and little oversight, false positives are inevitable. Despite marketing promises from the [organizations lobbying government officials](https://www.patrick-breyer.de/en/chat-control-eu-ombudsman-criticises-revolving-door-between-europol-and-chat-control-tech-lobbyist-thorn/), we all know AI technologies regularly misfire and cannot be reliable for anything of such importance. Loving parents could get flagged as pedophiles just for innocently uploading a photo of their child in the bathtub on their *private* cloud. Teenagers exploring their sexuality consensually with each other could get tagged as sexual predators (a label that might stick on them decades later). The police could receive reports for breastfeeding mothers. The list is infinite. + +![A cartoon illustration summarizing why chat control is dangerous.](../assets/images/chat-control-must-be-stopped/chatcontrol-LornaSchutte-chatcontroleu-3.webp) + + +- **Overwhelming resources**: The inevitable false positives will completely overwhelm the agencies responsible for investigating flagged material. This will cost them precious time they will not have to investigate *actual* abuse cases. Organizations fighting child sexual abuse are already overwhelmed and lack resources to prosecute real criminals. + +- **Hurting victims**: Such system of mass surveillance could prevent victims of child sexual abuse (and other crimes) to reach out for help. Knowing that all their communications would be scanned, they would lose all confidentiality while reporting crimes. The evidences they share could even be tagged by Chat Control, as if they were the perpetrator rather than the victim. Sadly, many will likely decide it's safer not to report at all. + +- **Self-censorship**: With Chat Control in place, not only victims might censor themselves and stop reaching out for help, but everyone else as well. When people know they are being observed, they feel less free to be themselves and to share openly. This is doubly true for anyone who is part of a marginalized group, such as [LGBTQ+ people](importance-of-privacy-for-the-queer-community.md), or anyone who is being victimized or at risk of victimization. + +![A cartoon illustration explaining how chat control does not protect the victims and might silence them due to loss of confidentiality.](../assets/images/chat-control-must-be-stopped/chatcontrol-LornaSchutte-chatcontroleu-2.webp) + + +- **Undermining democracy**: This surveillance system would allow governments to spy on opposition. Chat logs from opposing candidates, activists, and journalists could all be accessed by authorities in order to silence opponents or blackmail candidates. Even if you trust your government to not do this now, this doesn't mean it could not be used in this way by the next government. We have all seen how fast the political landscape can change. + +- **Violating the GDPR (and other laws)**: The General Data Protection Regulation (GDPR) offers wonderful protections to Europeans. Sadly, Chat Control would make a complete farce of it. The Right to Erasure (right to delete) could be reduced to ashes by Chat Control, including for any highly sensitive information wrongly caught in the CSAR net. Moreover, it would [violate Article 7 and Article 8](https://tuta.com/blog/chat-control-criticism) of the EU Charter of Fundamental Rights. + +Protecting the children is only the excuse used in hope of convincing a misinformed public. **Chat Control is authoritarian mass surveillance.** + +Authorities understand well how important protecting communication and information is. This is why they included an exemption to protect *their own* communications, but not yours. + +## Would this protect the children? + +No. + +This cannot be stressed enough: **This regulation would not protect the children, it would *harm* the children**, and everyone else too, worldwide. Claiming otherwise is either naivety, or misinformation. + +Last year, the civil and human rights association European Digital Rights (EDRi) put together a [joint statement from 48 organizations](https://edri.org/our-work/joint-statement-on-the-future-of-the-csa-regulation/) for children's protection, digital rights, and human rights, demanding that the European Parliament invest instead in proven strategies to fight child abuse. This appeal to reason does not seem to have been heard by most EU Member States. + +There are many things we can do as a society to increase protections for children and fight abusers and criminals, but Chat Control is far from it all. Protection of the children is clearly only an excuse here, and a very misleading one. + +![A popular No Yes meme, with the face replaced with the European Commission logo. In the No-part is: "Invest in: social workers, help for victims, support hotlines, prevention, education, targeted police work, IT-security", and in the Yes-part below is: "Buy Chat Control filter technology that doesn't solve the problem".](../assets/images/chat-control-must-be-stopped/chatcontrol-stopscanningme-meme-4.webp) + + +### Mislabelling children as criminals + +First, this automated system is flawed in many ways, and the false-positive rate would likely be high. But let's imagine that, magically, the system could flag CSAM at an accuracy rate of 99%. This still means 1% of reports would be false. Expanded to the size of European Union's population of approximately 450 million people, exchanging likely billions of messages and files every day, this still means millions could be falsely tagged as sexual predators, with all the [consequences](https://www.republik.ch/2022/12/08/die-dunklen-schatten-der-chatkontrolle) this implies. + +Worse, the Swiss federal police reported that currently about 80% of all automated reports received were [false-positives](https://www.patrick-breyer.de/en/posts/chat-control/#WhatYouCanDo). This means in reality, the error rate is likely far higher than 1%, and actually closer to an **80% error rate**. Of the approximate 20% of positive reports, in Germany, over 40% of investigations initiated [targeted children](https://www.polizei-beratung.de/aktuelles/detailansicht/straftat-verbreitung-kinderpornografie-pks-2022/) themselves. + +Sometimes, flagged content is simply teenagers innocently sexting each other consensually. Not only would they be wrongly tagged as criminals under Chat Control, but they'd be triggering an investigation that would expose their intimate photos to some faceless officers or tech employees working on the system. + +Even in a magical world where Chat Control AI is 99% accurate, it would still wrongly tag and **expose sensitive data from millions of children**. In reality, no AI system is even remotely close to this accuracy level, and proprietary algorithms are usually opaque black boxes impossible to audit transparently. The number of children Chat Control would harm, and likely traumatize for life, would be disastrous. + +### Exposing children's sensitive and sexual information + +Any content that could be deemed suspicious or explicit by the system, accurately or not, would be flagged and reported. + +When this content is reported, it will likely be uploaded to a database for human review. This means that if a teenager was sending an intimate photo of themselves to another consenting teenager, they could be flagged as sharing CSAM, even if it's their own photo. Then, their photo would be sent to the police for review. Information that should very much have stayed protected and private between these two teenagers is now exposed to strangers. This is wrong, and dangerous. + +Even innocuous communications such as daily conversations, teenagers chatting with each other, parents reporting information about their child to a [doctor](https://www.nytimes.com/2022/08/21/technology/google-surveillance-toddler-photo.html), and therapists talking with their patients, could all inadvertently expose children sensitive information. This is information that should have remained *private*, and would now be uploaded to a police database, likely [stored there forever](https://www.iccl.ie/news/an-garda-siochana-unlawfully-retains-files-on-innocent-people-who-it-has-already-cleared-of-producing-or-sharing-of-child-sex-abuse-material/) with few recourses to remove it. + +The more we collect sensitive information about children (photos, faces, locations, identifications, medical information, private chats, experiences, etc.), the more we risk exposing children to harm. This includes systems used by authorities and governments. Even if everyone with legitimate access to this data is miraculously 100% exemplary and incorruptible citizens, the databases and scanning systems will still be vulnerable to attacks from criminals and hostile governments alike. + +The only way to protect children's information properly is to **1) not collect it**, and **2) use end-to-end encryption to protect it** when we cannot avoid collecting it. Spying on everyone and every child is the opposite of that. + +### Authorities' databases will be attacked + +It's impossible to perfectly secure information online. There is a lot we can do to improve security (much more than is done now), but data breaches will happen. + +If governments mandate a backdoor to have access to all our online communication and stored files, it's inevitable that at least some criminals will eventually get access to it as well. This is even truer if this system is closed-source, [privatized](https://fortune.com/europe/2023/09/26/thorn-ashton-kutcher-ylva-johansson-csam-csa-regulation-european-commission-encryption-privacy-surveillance/), and isn't subjected to frequent independent audits with strong accountability. + +Once a vulnerability is found by criminals, they will have the same access as authorities have to our data. With Chat Control, this means pretty much all our data. + +In addition, Chat Control could facilitate the proliferation of even more spyware and [stalkerware](https://stopstalkerware.org/) on the market, thriving on the vulnerabilities found in the powerful system. This would allow *anyone* to purchase access to spy on *anyone*, including databases of identified children. It could give a direct backdoor-access to pedophiles. How could *this* be helping to protect the children? + +### The danger is inside + +Even if the idea of online strangers accessing children's sensitive data is terrifying, the worse danger in often much closer. + +Sadly, we already know that the [vast majority](https://content.c3p.ca/pdfs/C3P_SurvivorsSurveyFullReport2017.pdf) of child sexual abuse is perpetrated by adults close to the child, not strangers, and that two-thirds of CSAM images appear to have been [produced at home](https://theconversation.com/new-research-shows-parents-are-major-producers-of-child-sexual-abuse-material-153722). Chat Control would do nothing to fight this. In fact, it could facilitate it. + +Child abuse is an incredibly important topic to discuss and to fight against as a society. Utilizing this issue as an excuse to pass a surveillance law that would endanger everyone, including the victims, is despicable. + +When children are living with the abuser, the only escape is outside the home, and sometimes this means *online*. Abusers often use spying technologies to control and restrict access to help for their victims. If we make mass surveillance mandatory and normalized, this risks aggravating the stalkerware problem by obligating providers to implement backdoors in their systems. We would effectively be helping abusers at home to restrict access to help for their victims, including victims of CSAM. This is completely unacceptable. + +### How to actually help the children + +Despite the politicization of this issue to manipulate the public opinion in accepting mass surveillance, there are actually *proven* solutions to help to protect the children, online and offline. + +First, governments should [listen](https://mogis.info/static/media/uploads/eu-libe-mogis-hahne-07032023_en.pdf) to [organizations already doing the work](https://edri.org/our-work/most-criticised-eu-law-of-all-time/). Most are understaffed and under-resourced to properly support the victims and prosecute the criminals. Thousands of more reports every day would not help them do any effective work. More capacity to conduct *targeted* investigation and arrest criminals, and more capacity to create safe spaces to support the victims and witnesses will help. + +Privacy should be the default, for everyone. + +If all our services were using end-to-end encryption when possible, and implemented proper security and privacy features and practices, this would effectively help to protect the children as well. Abusers and criminals are looking for leaked and stolen data all the time. When a cloud photo storage gets hacked, your photos are up for grabs online, including the photos of your children. When parents upload photos of their children and their address online, and this data gets exposed (leaked, breached, AI-scraped, etc.), this data then becomes accessible to criminals. + +**Better privacy protections also means better protections for the children.** + +Children themselves should receive better education on how their data is used online and how to protect it. Additionally, it is vital to provide better education on what behaviors aren't normal coming from an adult, and how to reach out for help when it happens. Children should have access to safe and confidential resources to report abuse, whether it's happening outside or inside their home. + +Parents should be careful when sharing information about their children. And when they have to, they should benefit from complete confidentiality, knowing their communication is fully end-to-end encrypted and not shared with anyone else. + +There is so much we can do to help to protect better the children online, surveillance is the opposite of it all. + +## How would this affect me? + +If this regulation is approved on **October 14th, 2025** (the date for the final vote), the consequences would be devastating for everyone, even outside the European Union. + +We have seen how platforms implemented better privacy practices and features after the GDPR became effective in 2018, features that often benefited people worldwide. This could have the same effect in reverse. + +Every platform potentially handling data of people located in the EU would be subjected to the law. Platforms would be obligated to scan all communications and all files of (at least) data subjects located in the EU, even data currently protected with end-to-end encryption. This would affect popular apps and services like Signal, Tuta, Proton, WhatsApp, Telegram, and much more. + +### Outside of Europe + +This would not only affect Europeans' data, but also the data of anyone outside communicating with someone located in the European Union. Because end-to-end encryption can only work if **both** ends are protected. + +If Chat Control gets approved and applied, it will become very difficult to communicate with anyone located in the EU while keeping strong protections for your data. Many people might just accept the surveillance passively, and as a result lose their rights, their protections, and compromise their democratic processes. Overtime, this will likely lead to a slippery slope towards dystopian authoritarianism. + +Outside of Europe, you could expect to see services removing some privacy-protective features, downgrading encryption, blocking European countries that are subjected to the law, or moving outside of Europe entirely. If localization-based scanning is too complicated to handle for an application, some companies might just decide it's simpler to scan communications for all users, worldwide. + +Additionally, Five Eyes countries (Australia, Canada, New Zealand, the United Kingdom, and the United States) have already [expressed support](https://www.youtube.com/watch?v=L933xDcSS3o&t=2163s) for Chat Control, and might be keen to try the same at home, if this gets approved and tested in Europe first. + +### Inside of Europe + +Without using tools that would be now deemed illegal, you would lose any protections currently granted by end-to-end encryption. It would become impossible for you to send an email, a text message, or a photo without being observed by your government, and potentially also by criminals and foreign governments, following the inevitable data breaches. + +You would have to constantly self-censor to avoid triggering the system and getting reported to the authorities. At first, you would probably just have to stop sending nudes, sexting, or sending photos of naked children in the bathtub or playing at the beach. Then, this would escalate to never mentioning drug or anything that could sound like drug, even as a joke. Later, you might have to stop texting about going to a protest, and stop organizing protests online. Further down the line, you might even have to self-censor to make sure you are not saying anything negative about a leader, or a [foreign politician](https://www.reuters.com/world/us/trump-administration-resuming-student-visa-appointments-state-dept-official-says-2025-06-18/) even. This isn't that hypothetical, this sort of [oppressive surveillance](https://www.hrw.org/news/2017/11/19/china-police-big-data-systems-violate-privacy-target-dissent) already exists in some countries. + +Many services you currently rely on right now would simply shut down, or move away from Europe entirely. Businesses might also move outside of Europe if they worry about protecting their proprietary information. This could cause massive layoffs, while organizations move to jurisdictions where they are allowed to keep their data protected and unobserved. + +Finally, even if this doesn't affect you personally, or you don't believe it will, [**this isn't just about you**](the-privacy-of-others.md). + +The data of vulnerable people would be exposed and their safety put at risk. Victims might decide to stop reaching out for help or reporting crimes. Sources requiring anonymity might decide the risk isn't worth reporting valuable information to journalists. Opponents of governments in power could be silenced. Every democracy in the European Union would suffer greatly from it. + +Chat Control is completely antithetical to the values the European Union has been presenting to the world in recent years. + +![The popular Red Dress meme, with the offended woman overlaid with the words "Fundamental Rights", the whistling man the words "European Commission", and woman wearing the red dress the words "Scanning private messages and controlling how citizens use the internet".](../assets/images/chat-control-must-be-stopped/chatcontrol-stopscanningme-meme-2.webp) + + +## What can I do about it? + +Even if the landscape seems dismal, **the battle isn't over**. There are many things you can do, right now, to fight against this authoritarian dystopia. + +### For Europeans, specifically + +- Contact your country representatives **TODAY**. The group Fight Chat Control has put together an [**easy tool**](https://fightchatcontrol.eu/#contact-tool) making this quick with only a few clicks. + +- After September 12th, the battle isn't over. Although governments will finalize their positions on that day, the final vote happens on **October 14th, 2025**. If you missed the September 12th deadline, keep contacting your representatives anyway. + +- Tell your family and friends to contact their representatives as well, talk about it, make noise. + +### For Everyone, including Europeans + +- Talk about Chat Control on social media often, especially this month. Make noise online. Use the hashtags #ChatControl and #StopScanningMe to help others learn more about the opposition movement. + +- Share informative [videos and memes](#resources-to-learn-more-and-fight-for-human-rights) about Chat Control. Spread the word in various forms. + +- Contact your European friends in impacted countries and tell them to contact their representatives NOW. + +- Even outside the EU, you can contact your own representatives as well, to let them know regulations like Chat Control are horrible for human rights, and you hope your country will never fall for such repressive laws. Tell your political representatives that privacy rights are important to you. **Your voice matters.** + +We need your help to fight this. For democracy, for privacy, and for all other human rights, we cannot afford to lose this battle. + +![Screenshot of the Fight Chat Control website in a browser.](../assets/images/chat-control-must-be-stopped/chatcontrol-fightchatcontrol-website.webp) + + +## Resources to learn more, and fight for human rights + +### Videos about Chat Control + +- [**Stop Scanning Me**: Short video that summarizes perfectly the issues with Chat Control](https://stopscanningme.eu/video/csar-explainer.mp4) + +- [**Stop Scanning Me**: German-language version of the same short video](https://www.patrick-breyer.de/posts/chat-control/) + +- [**Louis Rossmann**: Video discussing why privacy matters, and the impact of Chat Control from a perspective outside of Europe](https://www.youtube.com/watch?v=3NyUgv6dpJc) + +- [**Shaping Opinion**: Excellent interview with Chat Control expert Patrick Breyer (recommended)](https://www.youtube.com/watch?v=L933xDcSS3o) + +- [**Patrick Breyer**: PeerTube channel with numerous videos related to Chat Control (German & English)](https://peertube.european-pirates.eu/c/patrick_breyer_mep_channel) + +### Memes about Chat Control + +- [**Stop Scanning Me**: Memes, banners, and other graphics](https://stopscanningme.eu/en/organise-now.html) + +- [**Patrick Breyer**: Memes, explainers, maps, and other graphics](https://www.patrick-breyer.de/posts/chat-control/#WhatYouCanDo) + +### Websites with more information + +- [**Fight Chat Control** (Contact your representatives here **TODAY**!)](https://fightchatcontrol.eu/) + +- [**Stop Scanning Me** (from EDRi)](https://stopscanningme.eu) + +- [**Patrick Breyer** (expert and former Member of the European Parliament)](https://www.patrick-breyer.de/posts/chat-control/) + +- [**European Crypto Initiative**](https://eu.ci/eu-chat-control-regulation/) + +- [Follow **Fight Chat Control** on Mastodon for updates](https://mastodon.social/@chatcontrol) + +--- + +**Update (9/15):** Added modifications related to the second important deadline for action, on October 14th. + +**Update (9/8):** Added clarification about what Chat Control is for readers unfamiliar with it. diff --git a/blog/posts/choosing-the-right-messenger.md b/blog/posts/choosing-the-right-messenger.md index cbf2e291..01bb566e 100644 --- a/blog/posts/choosing-the-right-messenger.md +++ b/blog/posts/choosing-the-right-messenger.md @@ -13,6 +13,8 @@ tags: license: BY-SA description: Choosing an instant messenger is a challenge. How can you be sure you’re using the most secure, privacy respecting platform? schema_type: AnalysisNewsArticle +preview: + cover: blog/assets/images/choosing-the-right-messenger/cover.webp --- # Choosing the Right Messenger diff --git a/blog/posts/clearing-browsing-data.md b/blog/posts/clearing-browsing-data.md index bb2857f8..6fdf517e 100644 --- a/blog/posts/clearing-browsing-data.md +++ b/blog/posts/clearing-browsing-data.md @@ -13,6 +13,8 @@ tags: license: BY-SA description: A beginner's guide to clearing browsing data — such as cookies, website cache, and browsing history — on Chrome, Firefox, Safari, Edge, and Brave. schema_type: BackgroundNewsArticle +preview: + cover: blog/assets/images/clearing-your-browsing-data/dimmis-vart-JPu345g_OYM-unsplash.webp --- # How to Clear Your Browser History on Chrome, Firefox, and Other Browsers diff --git a/blog/posts/delisting-startpage.md b/blog/posts/delisting-startpage.md index 81ac9a12..57e65188 100644 --- a/blog/posts/delisting-startpage.md +++ b/blog/posts/delisting-startpage.md @@ -12,6 +12,8 @@ tags: - Search Engines description: Startpage has been removed from Privacy Guides' recommendations following their acquisition by System1. schema_type: NewsArticle +preview: + cover: blog/assets/images/delisting-startpage/cover.webp --- # Delisting Startpage From Privacy Guides diff --git a/blog/posts/digital-provenance.md b/blog/posts/digital-provenance.md index a10a7a9a..b9048f1c 100644 --- a/blog/posts/digital-provenance.md +++ b/blog/posts/digital-provenance.md @@ -8,11 +8,12 @@ authors: tags: - AI - Content Credentials +preview: + cover: blog/assets/images/digital-provenance/cover.jpg --- # The Power of Digital Provenance in the Age of AI ![Article cover showing a painterly background with cool colors and the Content Credentials logo](../assets/images/digital-provenance/cover.jpg) - With the popularity of generative AI, it's becoming more and more difficult to [distinguish](https://uwaterloo.ca/news/media/can-you-tell-ai-generated-people-real-ones) reality from fiction. Can this problem be solved using cryptography? What are the privacy implications of the currently proposed systems? diff --git a/blog/posts/firefox-privacy-2021-update.md b/blog/posts/firefox-privacy-2021-update.md index 2ef533ce..9d42d393 100644 --- a/blog/posts/firefox-privacy-2021-update.md +++ b/blog/posts/firefox-privacy-2021-update.md @@ -12,6 +12,8 @@ tags: - Firefox license: CC0 schema_type: AnalysisNewsArticle +preview: + cover: blog/assets/images/firefox-privacy/cover.webp --- # Firefox Privacy: 2021 Update diff --git a/blog/posts/firefox-privacy.md b/blog/posts/firefox-privacy.md index 087355b6..f12cc29a 100644 --- a/blog/posts/firefox-privacy.md +++ b/blog/posts/firefox-privacy.md @@ -12,6 +12,8 @@ tags: - Firefox license: BY-SA schema_type: AnalysisNewsArticle +preview: + cover: blog/assets/images/firefox-privacy/cover.webp --- # Firefox Privacy: Tips and Tricks for Better Browsing diff --git a/blog/posts/installing-and-using-tails.md b/blog/posts/installing-and-using-tails.md index 98f2e8b5..9a5daa8b 100644 --- a/blog/posts/installing-and-using-tails.md +++ b/blog/posts/installing-and-using-tails.md @@ -7,6 +7,8 @@ authors: - em description: When browsing the web at home becomes dangerous to your safety, there are tools that can help minimizing your digital traces to stay safe. Tails is one of these tools. Here's why, when, and how you can install and use Tails. schema_type: AnalysisNewsArticle +preview: + cover: blog/assets/images/installing-and-using-tails/cover.webp --- # Using Tails When Your World Doesn't Feel Safe Anymore diff --git a/blog/posts/installing-keepassxc-and-yubikey.md b/blog/posts/installing-keepassxc-and-yubikey.md index 8bdc0c3e..2a700fdc 100644 --- a/blog/posts/installing-keepassxc-and-yubikey.md +++ b/blog/posts/installing-keepassxc-and-yubikey.md @@ -7,6 +7,8 @@ authors: - em description: This tutorial demonstrates how to install the local-only password manager KeePassXC and secure a password database with YubiKey. schema_type: AnalysisNewsArticle +preview: + cover: blog/assets/images/installing-keepassxc-and-yubikey/keepassxc-cover.webp --- # KeePassXC + YubiKey: How to set up a local-only password manager diff --git a/blog/posts/mastodon-privacy-and-security.md b/blog/posts/mastodon-privacy-and-security.md new file mode 100644 index 00000000..c6d47514 --- /dev/null +++ b/blog/posts/mastodon-privacy-and-security.md @@ -0,0 +1,365 @@ +--- +date: + created: 2025-07-15T17:00:00Z + updated: 2025-07-22T20:00:00Z +categories: + - Explainers +authors: + - em +tags: + - Mastodon +description: While most social media rely on commercial models harvesting users' data, Mastodon offers an alternative that doesn't seek profits from your data and attention. +schema_type: AnalysisNewsArticle +preview: + cover: blog/assets/images/mastodon-privacy-and-security/mastodon-cover.webp +--- + +# Privacy and Security on Mastodon + +![The Mastodon name and logo over a dark purple background with a large purple padlock icon under it.](../assets/images/mastodon-privacy-and-security/mastodon-cover.webp) + + + +Mastodon is an open-source and decentralized social network that has been growing in popularity for the past few years. + +While most social media rely on commercial models harvesting users' data to sell to advertisers, Mastodon offers a human-centric alternative that doesn't seek profits from your data and attention. This means better social connections, better controls, and better privacy. + +Mastodon doesn't use your data to make money. This fact alone comes with incredible benefits for data privacy and security. Because the goal isn't to collect as much information as possible on its users, Mastodon embraces data minimization and only requires providing what is truly needed to run the service for you. + +This article is the first of a **series of two** on Mastodon, covering a general overview of the privacy and security benefits of Mastodon. The [second article](mastodon-tutorial-privacy-and-security.md) will delve into specific settings you can adjust to improve your privacy as a Mastodon user. + +If you do not have a Mastodon account yet, but would like to learn more about its privacy and security practices and features before creating one, this first article will give you an overview of what they are. + +If you're still unsure about using Mastodon, [this excellent video](https://news.elenarossini.com/fediverse-video/) from Elena Rossini might convince you. + +
+

Mastodon the software vs the network vs the instance

+ +Unless otherwise specified, the word *Mastodon* in this article will refer to the Mastodon *software,* in its default version. The Mastodon *software* is different from the Mastodon.Social original *instance* (server), and is different from the Mastodon *network*. + +**Mastodon software**: The software used by people on the Mastodon network, and installed by administrators to run an instance (what you see). + +**Mastodon network**: The network of interconnected instances using the Mastodon software (all the different Mastodon instances you interact with). The Mastodon network also connects to the larger Fediverse network. + +**Mastodon.Social, the instance**: The largest Mastodon server, managed and moderated by the Mastodon nonprofit organization. + +
+ +One of the wonderful possibility Mastodon offers is to [self-host your own Mastodon instance](https://docs.joinmastodon.org/user/run-your-own/). While this is the pinnacle of control, security, and privacy for a skilled administrator, self-hosting also means more responsibilities, where more expertise and resources are required. This isn't realistically accessible to everyone. + +For this reason, this article will focus on the experience from the **user side**, not the administrator side. + +## :octicons-home-16: Choosing a Mastodon instance + +The biggest distinction of Mastodon compared to commercial social media is its true decentralization. + +The Mastodon network is composed of a [multiplicity of instances](https://joinmastodon.org/servers) that connect with each other, through a protocol called [ActivityPub](https://docs.joinmastodon.org/#fediverse). This collection of connected instances, along with other connected software using the same protocol, is called [the Fediverse](https://jointhefediverse.net/). + +![Screenshot of the official Mastodon website from the page presenting various Mastodon instances.](../assets/images/mastodon-privacy-and-security/mastodon-choosing-instance.webp) + +This article will not go deep into this topic, but it's important to mention that different instances will offer different degrees of privacy and security. Choosing an instance can have an important impact on this. + +This is because the administration team of each instance has the responsibility to configure the software properly, to keep it updated, and to safeguard the server hosting the data. This in itself implies many security duties. It's important to consider the capabilities of the administration team to secure the instance you choose to join. + +Moreover, even when the security part of hosting is well managed, the administration team is also responsible for enforcing policies and moderation. The quality of moderation can have a significant impact on the safety and privacy of a community. + +Choosing an instance where you trust the administration and moderation team is essential to have a good and secure experience on the network. This is true for any other social media as well, even the ones that sadly don't offer any option to move your account if you aren't happy with management. + +To facilitate choosing an instance, the Mastodon official website keeps a list of instances that have all agreed to follow the [Mastodon Server Covenant](https://joinmastodon.org/covenant), committing to the following: + +- Enforcing active moderation against racism, sexism, homophobia, and transphobia + +- Conducting daily backup to avoid accidental data loss + +- Having at least one other person with emergency access to the server + +- Giving at least 3 months of advance notice if the server shuts down and users have to move (this isn't frequent) + +### Changing instance + +Despite these considerations, Mastodon newcomers **shouldn't feel [analysis paralysis](https://en.wikipedia.org/wiki/Analysis_paralysis) over choosing an instance**. This decision isn't permanent, and can be changed later on, once one has acquired a better sense of the platform. + +Indeed, Mastodon makes it easy to [move an account](mastodon-tutorial-privacy-and-security.md/#moving-to-another-instance) from one instance to another! + +If trust is broken by an instance administration or moderation team, users can easily decide to migrate to another one with better practices. This account portability is quite unique to the Fediverse. + +While account content (posts) will unfortunately not get transferred through this process on Mastodon (yet), account followers *and* follows will be moved unharmed during a Mastodon account migration. + +Furthermore, this process might get improved soon! There is work currently being done to implement data portability between two ActivityPub servers (even for account content) with the [LOLA protocol](https://swicg.github.io/activitypub-data-portability/lola). This could eventually allow Mastodon's account migration process to include posts migration as well. + +
+

You can always keep a copy of your content!

+ +Even if the Mastodon migration process doesn't allow for automatic posts transfer (yet), you are still able to [keep a local copy of all your content](mastodon-tutorial-privacy-and-security.md#data-access-and-backups), before moving to another instance or for backup purposes. + +
+ +## :octicons-shield-check-16: How secure is Mastodon + +As explained previously, choosing an instance with a competent and trustworthy administration team is fundamental on Mastodon. Due to a plurality of instances, levels of security expertise can greatly vary from one server to another. + +### Server security + +As for any platform we use online (including commercial social media), it's important to evaluate properly the level of trust we are willing to give before subscribing to a service handling our data. + +In this case, it means trusting the administration team of the instance you choose to safeguard the instance's server and data properly. + +Additionally, like any other social media, Mastodon isn't immune to software vulnerability. When a problem arises, your server's security will depend on the responsiveness of your administrator(s). + +Mastodon's development team has a good track record of acting promptly to fix and transparently inform the community when a critical [vulnerability is found](https://www.theregister.com/2024/02/02/critical_vulnerability_in_mastodon_is/). However, your instance's administration team must also act quickly to implement the fix. + +Due to the decentralization of the Mastodon network, software patches cannot be automatically pushed to all instances at once. Administrators' reaction time may vary for each instance. + +### Software security + +Because the Mastodon software is open-source, anyone can inspect [its code](https://github.com/mastodon/mastodon). This *can* offer the benefit of getting more opportunities to spot and patch potential problems. + +It also allows anyone to verify privacy and security claims, which greatly improves transparency and trust. This is something that cannot be done with proprietary closed-source software like most commercial social media use. + +But open-source code isn't magically secure either. Experts still have to take the time to actually inspect the code for this to have any significant value. + +In 2023, the Mozilla Foundation funded a penetration test for Mastodon that was conducted by the German cybersecurity firm [Cure53](https://cure53.de/). Following the results, the Mastodon development team [promptly fixed](https://arstechnica.com/security/2023/07/mastodon-fixes-critical-tootroot-vulnerability-allowing-node-hijacking/) the critical vulnerabilities found, and informed instance administrators to be ready to patch the software quickly. Mastodon instances updated to the most recent software now benefit from greater security, thanks to the excellent work of Cure53 and the Mastodon development team. + +Additionally, anybody detecting a security vulnerability in Mastodon's code can [report it easily](https://github.com/mastodon/mastodon/security/policy) on the project's GitHub page. Known security vulnerabilities are also transparently reported to the public in the [security advisories](https://github.com/mastodon/mastodon/security/advisories) list. + +Since April 1st this year, the Nivenly Foundation started the Fediverse Security Fund, a [security bounty program](https://nivenly.org/docs/programs/fediverse-security-fund/) to encourage more people to contribute to securing Mastodon and other Fediverse-connected software. + +The experimental program will run **until September 30th, 2025**, and invites individual researchers and contributors to identify or patch vulnerabilities, rewarding them with a one-time sponsorship. If successful, the program could get extended, depending on member votes. + +Regarding the software itself, Mastodon [uses](https://docs.joinmastodon.org/spec/security/) public key cryptography to secure HTTP Signatures and Linked Data Signatures. From [version 4.4](https://blog.joinmastodon.org/2025/07/mastodon-4.4/), Mastodon implemented a number of [security improvements](https://blog.joinmastodon.org/2025/07/mastodon-4-4-for-devs/) to authentication and authorization mechanisms. Mastodon 4.4 now [supports](https://docs.joinmastodon.org/spec/security/#http-message-signatures) incoming HTTP requests to be signed with RFC9421-compatible signatures. Additionally, the older (less secure) OAuth password grant type has been removed, and the OAuth Client Auth with HTTP Basic Auth with SSO has been fixed. + +On the user side, Mastodon gives options to improve account security with the use of **multifactor authentication**, using an authenticator app or a physical security key. Already, this is better account security than what many (if not most) commercial social media platforms propose. + +In addition, Mastodon users can see within their account lists of all sessions open, the authentication history, and all third-party software authorized to access the account. Users can quickly revoke access to any unauthorized or unused sessions or app, as necessary. + +### Data security + +Finally, because Mastodon only requires **minimal information** to create an account, less personal data risks getting exposed, in the unfortunate eventuality of a data breach. For example, no phone number, legal name, or official ID is required. This is excellent for both privacy and security. + +Even if Mastodon has a much smaller security team than larger commercial platforms, its decentralization, transparency, and data minimization gives it significant advantages over for-profit social media. + +Users' private data is protected reasonably well at the software level, but again, this protection also relies on the server security for each specific instance. + +While security and privacy are related concepts that can enhance each other, they differ in many points. A piece of software could be very secure, yet collect and use a lot of private data, regardless of the user's consent or knowledge. Inversely, a seemingly privacy-respectful software could be collecting very little user data, yet not securing it properly. + +Both privacy and security are important to consider for users, and both must be examined when evaluating software. + +## :octicons-lock-16: How private is Mastodon + +When using social media, there are always two sides to data privacy: The data collected by the service, and the data exposed by the user posting content. + +### Data collected by the service + +On Mastodon, the platform collects only minimal information from the user. Besides the content you decide to share for your profile and posts, the software only requires an *email address,* a *username,* and a *password* to sign up. + +Starting from version 4.4, some instances might also collect a *date of birth,* if the instance implements a minimum age policy. This date of birth is only used to validate age requirements and isn't stored anywhere, but it is [checked](https://blog.joinmastodon.org/2025/07/mastodon-4-4-for-devs/) against the minimum age condition server-side. + +Additionally, Mastodon will collect your *IP address(es)*, *applications* used, and the *times* you logged in. This is necessary to provide the service to you. You can increase your account privacy by registering with an [alias email address](https://www.privacyguides.org/en/email-aliasing) (if allowed by your instance), and logging in through a [trustworthy VPN](https://www.privacyguides.org/en/vpn/). + +It's worth mentioning that Mastodon.Social, the instance administrated by the Mastodon organization, recently added to their terms of service an additional clause to [explicitly prohibit scraping](https://techcrunch.com/2025/06/17/mastodon-updates-its-terms-to-prohibit-ai-model-training/) users' data for unauthorized purposes, such as to train AI models. Many other instances might soon add similar clauses (or already have them). + +While this provides little technical protections, it does provide some interesting *legal* protections. These are protections most commercial social media do not offer, as many already exploit users' content to train their own AI models or sell it to third-parties for this purpose. + +This new Mastodon.Social policy is well aligned with the more human-centric values of the Fediverse. + +
+

Summary of data collected by Mastodon

+ +- Email address +- Username +- Password +- IP addresses (temporarily stored, may vary per instance) +- Browser and application types (temporarily stored, may vary per instance) +- Login history (temporarily stored, may vary per instance) +- Date of birth (not stored, may vary per instance) +- Optional: The data you decide to share with the service (profile information, posts, post timestamps, uploaded media, favorites, boosts, followers, follows, bookmarks, lists, blocks, mutes, personal notes) + +
+ +### Data you post on the service + +Regarding the content of your profile and posts (including private mentions), no matter how much you restrict access to your account, you should always consider that this content *can* technically be accessed by the administration and moderation team of your instance. + +Concerning people outside your instance's administration team, the privacy of the data you upload yourself will greatly vary depending on how you use and configure your account. + +We have a [dedicated tutorial](./mastodon-tutorial-privacy-and-security.md) in this Mastodon article series which provides information on how to adjust your account's configuration for better privacy in more detail. + +### Who can access your private data + +As described above, the administration team of your instance *can* always technically access *any* data related to your account, regardless of if you make it public or private. This is true for most commercial platforms as well. + +That being said, administration teams are generally much smaller on the Mastodon network, so this might not represent a lot of people. It could even mean only *one* administrator. + +This has both benefits and downsides: The benefit is that fewer people have access to your private account data. The downsides are that, due to limited resources, this data *could* get less protection. That said, large commercial platforms aren't immune to data breaches either, despite all the resources they could use in prevention. + +### Account configuration + +Outside access from the administration team, content privacy will vary per account, depending on configuration. Similarly to any other social media platforms. + +Some people might prefer to share openly with everyone, even with people who do not have a Mastodon account. While others might prefer to lock their account entirely, and reduce content visibility to their approved followers only. Both types of usage are possible on Mastodon. + +Additionally, Mastodon offers much better controls over your data. You can set up automated post deletion with specific thresholds, adjust post visibility for each post, adjust searchability and discoverability to your preferences, and allow or restrict the upcoming quote posts feature. + +All these features are fantastic for data privacy, and often absent from commercial platforms. + +### Users tracking and profiling + +Most important of all, because Mastodon has no interest in monetizing your data, there is **no tracking, no advertising, and no "Mastodon-AI" profiling you** and scanning all your posts. Mastodon doesn't collect any data from you for a reason other than providing the service *to you*. + +This is completely antithesis to commercial social media. And this alone makes Mastodon fundamentally **much more private than any other big tech platforms**. + +## :material-lock-check-outline: Privacy benefits of Mastodon + +Each Mastodon instance will have a different privacy policy that you should consult before creating an account, like for any other platforms. But unless the software was modified, data collection should be similar to what is described here, and remain minimal for the majority of connected instances. + +Here's a summary of some benefits Mastodon can offer for your data privacy: + +### Data minimization + +Mastodon only collects what's necessary. The information required to create an account is minimal. There are no "real-name" policy and no phone number required. Only the data absolutely necessary to provide the service to you is required. + +### Adjustable visibility + +While profile information will be visible publicly, post visibility can be adjusted to your preference for each post. The list of who follows you and who you follow can be visible or hidden. Account searchability, discoverability, and quote posts from unmentioned users can all be disabled. + +### Your data is yours + +On Mastodon, you have full control over accessing and deleting your data. You don't need any third-party software to get your post deleted, and you don't need to wait after a company's customer service to download your data. Those controls are accessible to any user from their own account. + +### No data monetization + +The Mastodon software is developed and maintained by a nonprofit organization, the German [Mastodon gGmbH](https://joinmastodon.org/about). This software is free and accessible to anyone. There is no incentive to generate profit from your data on Mastodon. This is an *immense* privacy advantage over *any* commercial social platforms. There is nothing tracking you around or building an advertising profile on you. Your data is not for sale. + +### Transparency and mobility + +Because the Mastodon code is open-source, anyone can inspect it. This helps quickly verifying claims, proposing new features, and allowing other developers to create their own application for Mastodon. + +With Mastodon, you are not stuck with only one app. If you don't like the official app, just use [another one](https://joinmastodon.org/apps)! Moreover, you can even move your account from one instance to another. This means you don't have to trust your administration team forever. **You can choose who you trust, and your trust (and consent) is revocable, as it should.** + +### Respects your privacy protections + +So many services and websites have adopted a hostile stance towards people using privacy protections such as a VPN server, a privacy-focused browser, or running their phone in [Lockdown Mode](https://support.apple.com/en-us/105120). But with Mastodon, you are free to use all the protections you love. **Mastodon isn't hostile to your privacy.** + +## :octicons-alert-16: What to stay careful about + +While the privacy benefits of Mastodon are numerous, there are also a few things to keep in mind when using the platform: + +### Direct messages (private mentions) + +Direct messages on Mastodon are better described at private mentions. Private mentions are like any other posts (and will sometimes show up in your feed! Don't panic!), but they will only be visible to the people you *mentioned* in it. + +However, do **not** type the handle of someone to talk "in private" about them with someone else, because this *mentioned* person *will* also get included in this thread! + +Additionally, private mentions on Mastodon, like private messages on other commercial social media, aren't end-to-end encrypted. The Mastodon interface shows this clearly: + +![Screenshot of the Mastodon interface showing a warning presented when selecting private mention visibility for a post. The message says: "Posts on Mastodon are not end-to-end encrypted. Do not share any sensitive information over Mastodon. Learn more"](../assets/images/mastodon-privacy-and-security/mastodon-private-mention-encryption.webp){width="400"} + +This means that all your private mention posts *could* be accessed by the administration and moderation team of your instance. **Never share any sensitive information using private mentions.** The same advice is applicable to any other social media. + +
+

End-to-end encryption could be coming soon!

+ +That being said, this could change soon! The ActivityPub team is currently [working on integrating end-to-end encryption](https://socialwebfoundation.org/program-protocol-e2ee/) for the protocol. This would be nothing less than revolutionary for platforms using ActivityPub, like Mastodon. + +It's difficult to estimate when this feature could be available to Mastodon users however, because implementing end-to-end encryption properly isn't a simple task. Even once the integration is completed for the ActivityPub protocol, it might take some time before the Mastodon development team implements it for the software as well. + +Nevertheless, Fediverse users can dare to hope this feature may be available relatively soon, perhaps in the next year or two. + +
+ +### The open web is open to all + +On Mastodon, you don't need an account to see people's profile page and public (or quiet-public) posts. + +This is an **immense benefit for organizations**, to share information with the public without restricting access like on commercial platforms. However, this can also mean more account visibility than some individual users may prefer. + +It's important to stay aware that your account *could* be seen by anyone on the internet visiting your Mastodon account's public page. Your account's public page address is your instance's website address followed by your account's username, in the following format: + +```html +https://YOUR_INSTANCE_ADDRESS/@YOUR_USERNAME +``` + +For example, for the Privacy Guides Mastodon account hosted on the mastodon.neat.computer Mastodon instance, this account's public page address looks like this: + +```html {.copy} +https://mastodon.neat.computer/@privacyguides +``` + +Whether you lock your account (approve followers and use followers-only posts) or not, your display name, biography, profile and header pictures, followers and follows counts, date joining the instance, and extra fields will always be visible to anyone from your account's public page. + +Your public posts can even be accessed via [RSS feed](https://fedi.tips/following-mastodon-and-fediverse-accounts-through-rss/) on Mastodon. To limit this, you can adjust the settings to restrict the visibility of your posts. + +### Connection with commercial social media + +Some Mastodon instances [connect](https://www.howtogeek.com/threads-now-connects-to-mastodon-and-other-fediverse-platforms/) with larger commercial social media like Threads (from Meta), and Bluesky ([through a bridge](https://techcrunch.com/2024/06/05/bluesky-and-mastodon-users-can-now-talk-to-each-other-with-bridgy-fed/)). + +The Fediverse community is quite [divided](https://wedistribute.org/2024/03/block-threads-to-remain-listed/) on this topic. Some people argue that more connectivity is good, while others want to stay away from commercial platforms entirely, partly due to their questionable data privacy, ethics, and [moderation practices](https://www.wired.com/story/meta-immigration-gender-policies-change/). + +If this is important to you, you can check your instance's policies to see if it allows connections with these commercial social media. If it does, and you do not want this, you can block specific instances at the account level. This isn't a complete protection for your data, but it does reduce visibility from and to these platforms. + +If this isn't enough for you, you can migrate your account to an [instance blocking Threads](https://fedipact.veganism.social/) (or other servers) at the administrator level. This offers stronger protections. + +### Connection with other instances + +It's important to remember that on Mastodon, there isn't only one centralized entity that receives your data. + +For example, if you send a private mention post to someone on a different instance than yours, this person's instance administration team will now have access to your message as well, and your data *for this post* will also be stored on that instance. + +This is very similar to how emails work. If you are a Tuta or Proton email user, and you send a message to someone using Gmail, now Google will also have a stored copy of your message. + +### Decision paralysis trusting an instance + +Finally, probably the biggest block people hit when starting to use Mastodon is *which instance to trust*. + +Sadly, this simple decision has discouraged many potential users. Yet, having to choose an instance is indeed a feature and not a bug. + +Because yes, this choice does burden you to pick who you trust, but **it also empowers you** to be able to *revoke* this trust at any time. No commercial social media gives you the option to stop trusting Mark Zuckerberg and move to another Facebook server that matches better your values, for example. + +Be careful who you trust of course, but don't get paralyzed by this choice. Even if this might feel intimidating at first, this fear of choosing isn't worth staying with possibly even less trustworthy big tech administrators. + +## :octicons-star-16: Mastodon keeps getting better + +This article only presents an overview of Mastodon's features, and focuses on the features related to privacy and security. But Mastodon is so much more. It's a social platform that truly respects its community. + +Mastodon is genuinely mindful of its users' experiences. In comparison, commercial social media are far behind in terms of customization and respect for their users. + +**On Mastodon, you are not a product, you are a *person*.** + +Moreover, the software and community keeps growing and getting even better every year. For the next Mastodon update planned later this year, we can expect Quote Posts to be fully implemented, while respecting users' consent to have their posts quoted or not. + +Perhaps next year we can hope for improvement of the migration process, allowing users to also transfer their content to a new instance, thanks to the LOLA protocol. Then, we can dream of fully private direct messaging down the road, with the integration of end-to-end encryption. + +Once again, all these features will put Mastodon and other Fediverse software well above any commercial platforms. Keep an eye on the [Mastodon roadmap for more](https://joinmastodon.org/roadmap)! + +Mastodon isn't there to exploit your data and sell it to advertisers. There is no incentive to monetize you. On Mastodon, **you are a person who is part of a community**. This makes all the difference to respect your privacy rights 💛 + +
+

What next?

+ +To continue learning about Mastodon's privacy and security features, consult the [second article](mastodon-tutorial-privacy-and-security.md) of this series, a step-by-step guide to improving your privacy and security as a Mastodon user. + +
+ +## :material-hand-heart-outline: Consider supporting Mastodon + +Mastodon doesn't sell your data, but it still needs money to survive and thrive. Mastodon is supported by its community! + +If you enjoy the platform and can contribute, consider supporting the project by: + +- [Donating to support Mastodon's development and operations](https://joinmastodon.org/sponsors) + +- Donating to your Mastodon instance (ask your administrator) + +- [Buying cute merch from the Mastodon organization](https://shop.joinmastodon.org/) + +- [Contributing to the Mastodon project on GitHub](https://github.com/mastodon/.github/blob/main/CONTRIBUTING.md) + +- [Starting your own Mastodon instance](https://docs.joinmastodon.org/user/run-your-own/) + +- [Talking to your friends and family about joining the Fediverse!](https://jointhefediverse.net/join) + + + +--- + +**Update (2025-07-22):** This article was updated to move the tutorial portion to a [separate article](mastodon-tutorial-privacy-and-security.md), to segment the information better for readers. diff --git a/blog/posts/mastodon-tutorial-privacy-and-security.md b/blog/posts/mastodon-tutorial-privacy-and-security.md new file mode 100644 index 00000000..1ed08d2e --- /dev/null +++ b/blog/posts/mastodon-tutorial-privacy-and-security.md @@ -0,0 +1,631 @@ +--- +date: + created: 2025-07-22T20:00:00Z +categories: + - Tutorials +authors: + - em +tags: + - Mastodon +description: This article is a tutorial on how to improve your Mastodon account's security, and how to adjust the different privacy features to your preferences. +schema_type: AnalysisNewsArticle +preview: + cover: blog/assets/images/mastodon-tutorial-privacy-and-security/mastodon-tutorial-cover.webp +--- + +# How To Improve Your Privacy and Security on Mastodon + +![Illustration of a mastodon mascot pointing at a padlock icon in a cheerful way. Above is the Mastodon logo over a purple background.](../assets/images/mastodon-tutorial-privacy-and-security/mastodon-tutorial-cover.webp) + +{ .annotate } + +1. Mastodon mascot by [@dopatwo@mastodon.social](https://mastodon.social/@dopatwo) and Mastodon logo used with permission from Mastodon gGmbH. This site is not otherwise affiliated with Mastodon gGmbH. + +Increasingly, more and more people have joined Mastodon in recent years. The advantages provided by a decentralized network and using open-source software maintained by a nonprofit organization are undeniable. Mastodon offers much more robust protections for your privacy than commercial social media platforms do. This tutorial will show you how to make the most of it. + +This tutorial is the second of a **series of two** articles on Mastodon. If you would like to read a general overview about privacy and security on Mastodon, start with reading the [first article](mastodon-privacy-and-security.md) of this series. + +This second article will guide you on how to improve your Mastodon account's security, and how to adjust the different privacy features to your preferences. This isn't an onboarding guide to start using Mastodon, but if that's what you seek, you can first take a look at this [short guide](https://docpop.org/2025/02/how-to-get-started-with-mastodon/) from Doc Pop. + +Additionally, while self-hosting a Mastodon account offers the most freedom and control over your data, it also requires much more expertise and resources, which isn't realistically accessible to everyone. For this reason, this tutorial will focus on the experience from the **user side**, and not from the administrator side. + +
+

Who is this tutorial for?

+ +- You already have an account on Mastodon + +- You are *not* familiar with all the Mastodon settings yet + +- You are *not* self-hosting your instance + +
+ +Although many variations and versions of the Mastodon software are in use on the Fediverse, for the sake of simplification and universality, this tutorial will focus on its most recently released version (4.4). + +If your instance software version is different, you will likely still be able to follow this tutorial, but might notice some variations. + +
+

What software version is your instance running?

+ +To check which version your instance (server) is currently running, from the web interface on desktop, check the information in the lower-left corner of your instance website (e.g. [https://mastodon.social/](https://mastodon.social/)). The very last line should list something similar to `v4.4.1`. This is your instance's Mastodon version number. + +
+ +This tutorial was created from the desktop web interface (desktop browser). Experiences and setting accesses may vary greatly from a mobile app. It is recommended to **follow along from the desktop web interface** as well. + +Screenshots for the tutorial were mostly taken from an account on the Mastodon.Social instance (server), but you will be able to follow this tutorial even if your account is on a different instance. + +
+

Mastodon the software vs the network vs the instance

+ +The Mastodon *software* is different from the Mastodon.Social original *instance* (server), and is different from the Mastodon *network*. + +**Mastodon software**: The software used by people on the Mastodon network, and installed by administrators to run an instance (what you see). + +**Mastodon network**: The network of interconnected instances using the Mastodon software (all the different Mastodon instances you interact with). The Mastodon network also connects to the larger Fediverse network. + +**Mastodon.Social, the instance**: The largest Mastodon server, managed and moderated by the Mastodon nonprofit organization. + +
+ +## :octicons-shield-check-16: Improving account security + +Using a [unique email address](https://www.privacyguides.org/en/email-aliasing/) and a unique and [strong password](https://www.privacyguides.org/en/basics/passwords-overview/) are the starting points for good account security, and this is no different for Mastodon accounts. + +Additionally, you should enable multifactor authentication for your account as soon as you can. This is one of the most important step you can take to increase your account's security, and its protections against account takeover attacks. + +### Two-factor authentication + +For this, go to "Preferences" (in the right-side menu) > "Account" > "Two-factor Auth", then click on the purple "Set up" button at the bottom. + +![Screenshot of the Mastodon web interface showing the Two-factor Auth page in Preferences.](../assets/images/mastodon-tutorial-privacy-and-security/mastodon-multifactor-setup.webp) + +#### Authenticator app + +Confirm your password when prompted. Then scan the QR code with your [authenticator app](https://www.privacyguides.org/en/multi-factor-authentication/), or enter manually the plain-text secret on the right of the QR code. Confirm with entering the two-factor code from your authenticator app, then click "Enable" at the bottom. + +![Screenshot of the Mastodon web interface showing the Two-factor Auth page in Preferences. This shows a QR code to scan or a plain-text secret to register a code for an authenticator app.](../assets/images/mastodon-tutorial-privacy-and-security/mastodon-multifactor-qrcode.webp) + +**Carefully note the recovery codes** provided. You will need to use them if you lose access to your authenticator, for example if you were to lose your phone. + +If you need to change your authenticator app later, you can go back to this menu and select "Edit" on the right of "Authenticator app". You can also return to this menu to generate new recovery codes, if you have lost your older ones or if they were compromised. Generating new recovery codes will invalidate your previous ones. + +![Screenshot of the Mastodon web interface showing the Two-factor Auth page in Preferences. The page displays a confirmation message that authentication is enabled, and options to "Edit", "Add", or "Disable 2FA" methods.](../assets/images/mastodon-tutorial-privacy-and-security/mastodon-multifactor-enabled.webp) + +#### Security key + +Once you have enabled two-factor authentication with an authenticator app, you will see the option to add a [security key](https://www.privacyguides.org/en/security-keys/) as well. You can add one if you want to register multiple second factors of authentication for your account. + +
+

Browser compatibility

+ +Some browsers will not support security key authentication. For example, the Mullvad Browser doesn't support it. + +
+ +To add a security key, click on "Add" on the right of the listing. Insert your security key, choose a "Nickname" for it, then click on the "Add new security key" purple button. + +![Screenshot of the Mastodon web interface showing the Security keys page in Preferences.](../assets/images/mastodon-tutorial-privacy-and-security/mastodon-multifactor-securitykey.webp) + +On macOS, you might be prompted with an option to "Choose how to manage your passkeys". If you get this pop-up, click on "Other Options" at the bottom. + +![Screenshot of the Mastodon web interface showing the Security keys page with a macOS pop-up window over it. The pop-up gives options to "Choose how to manage your passkeys".](../assets/images/mastodon-tutorial-privacy-and-security/mastodon-multifactor-mac-popup.webp) + +On the second pop-up, select "Security key" then "Continue". When prompted with "Set Up Security Key", activate your security key (for some keys, this means touching the metal part of it). This step may differ depending on your operating system type and version. + +Once completed, you should see a confirmation that "Your security key was successfully added" on the page. + +![Screenshot of the Mastodon web interface showing the Two-factor Auth page in Preferences. The page displays a confirmation message and options to "Edit" both two-factor methods.](../assets/images/mastodon-tutorial-privacy-and-security/mastodon-multifactor-securitykey-added.webp) + +From now, each time you log in your Mastodon account, you will be prompted to select one of your authentication methods after entering your email address and password: + +**To log in using your security key**, click on the "Use security key" purple button when prompted by your browser. Your operating system might present you with a pop-up to choose again between your authenticator app or your security key. On macOS, select "Security key", click "Continue", then insert and activate your key. There may be variations depending on your operating system, but it should be similar to this. + +**To log in using your authenticator app**, click on the "Enter a two-factor code from your phone or a recovery code" link at the bottom, then enter the code from your authenticator app when prompted by your browser (or recovery code if you've lost your authenticator). + +If you try to sign in from a browser that doesn't support security keys after enabling it (or if you lost access to your security key), you can still log in your account using your authenticator app as described above. + +![Screenshot of the Mastodon web interface showing the login page for the second factor of authentication. The page gives the option to "Use security key" or "Enter a two-factor code from your phone or a recovery code".](../assets/images/mastodon-tutorial-privacy-and-security/mastodon-multifactor-securitykey-prompted.webp) + +Keep in mind that adding *more* methods of authentication to your account *doesn't* make it more secure, it's the opposite. + +If you register both an authenticator app *and* a security key, this means anyone who can access *either* your authenticator app *or* your security key could log into your account (if they already have your password). Different second factors aren't added together here, they simply provide more options to *access* your account. + +
+

When enabling multifactor authentication with any account

+ +Be careful to choose a method you will have access to easily each time you log in. In addition, make sure to note the recovery codes provided *very carefully* and store them in a secure location (ideally offline). Keep in mind these codes will allow you to recover your account, but could also allow *anyone* to bypass your multifactor authentication. + +
+ +### Account accesses + +In "Preferences" > "Account" > "Authorized apps", you can see which applications have access to your account. + +There, you will see every application you have granted access to. If you no longer use a mobile app or a service listed there, you should revoke access. + +If you do not recognize a listed service, you can ask your instance administrator to know if this is a legitimate application (some administrators might connect legitimate services to your account you may not recognize, such as Matrix). + +![Screenshot of the Mastodon web interface showing the "Your authorized applications" page in Preferences.](../assets/images/mastodon-tutorial-privacy-and-security/mastodon-accesses-authorized-apps.webp) + +### Sessions and login history + +Additionally, in "Preferences" > "Account" > "Account settings", in the "Sessions" section, you will find a list of authorized browser sessions. Again, you can revoke access to any sessions you no longer use, or do not recognize. + +![Screenshot of the Mastodon web interface showing the Account settings page in Preferences.](../assets/images/mastodon-tutorial-privacy-and-security/mastodon-accesses-sessions-list.webp) + +Just above this sessions list, you will see a link labeled "View authentication history of your account". Click on it to see a list of past logins, including applications used and IP addresses. + +If you see a login that isn't legitimate, you should *immediately* revoke accesses you aren't using, and consider changing your password. + +![Screenshot of the Mastodon web interface showing the Authentication history page from clicking on the "View authentication history of your account" link on the previous Account settings page.](../assets/images/mastodon-tutorial-privacy-and-security/mastodon-accesses-login-history.webp) + +## :octicons-lock-16: Adjusting privacy vs discovery + +When using social media, there's usually a sliding scale between privacy and discoverability. + +You might decide to enable the most restrictions on your account's visibility (more privacy), make it as public as possible (more reach), or anything in between. + +**Only you can decide what is best for your unique situation and usage.** + +On Mastodon, you have many options to adjust this to your preferences and needs. In "Preferences" > "Public profile", select the "Privacy and reach" tab at the top. + +![Screenshot of the Mastodon web interface showing the Public profile page in Preferences, from the "Privacy and reach" tab.](../assets/images/mastodon-tutorial-privacy-and-security/mastodon-account-privacy-reach.webp) + +### Reach + +- The option "Feature profile and posts in discovery algorithms" allows more people to find your account and public posts (default is unchecked). **Leave it *unchecked* for more privacy.** + +- The option "Automatically accept new followers" allows anyone to be able to follow you (default is checked). Approving each follower can increase the privacy of your follower-only posts. **If you prefer to approve each new follower (locking your account), then *uncheck* this option.** + +### Search + +- The option "Include public posts in search results" allows people to be able to find your public posts when searching for keywords in Mastodon (default is unchecked). **Leave it *unchecked* for more privacy.** + +- The option "Include profile page in search engines" allows your Mastodon profile to potentially appear in search engine results, like Google and Bing (default is checked). ***Uncheck* this option to increase your account's privacy.** + +### Privacy + +- The option "Show follows and followers on profile" allows anyone to be able to see who you follow and who follows you (default is checked). If you prefer to hide this from the public, ***uncheck* this option for more privacy.** + +- The option "Display from which app you sent a post" will display publicly which application you are posting from for each post (default is checked). If you prefer to not show which app(s) you are using, ***uncheck* this option for more privacy.** + +Once you have adjusted the account options to your preferences, click on "Save changes" at the bottom to confirm your choices. + +![Screenshot of the Mastodon web interface showing the Public profile page in Preferences, from the "Privacy and reach" tab. The page is scrolled down to the "Save changes" button at the very bottom of the six unchecked options.](../assets/images/mastodon-tutorial-privacy-and-security/mastodon-account-privacy-options.webp) + +## :material-message-lock-outline: Selecting post visibility and access + +In addition to your account's privacy preferences, you can also adjust visibility for each post. This is very handy to allow you to pick in a more granular way which information you wish to share more or less openly. + +On Mastodon, you can choose between 4 types of visibility for each post: Public, Quiet public, Followers, and Private mention. + +![Screenshot of the Mastodon web interface showing the post composition window. The image shows the drop-menu from the "Change post privacy" button, with four different post visibility options.](../assets/images/mastodon-tutorial-privacy-and-security/mastodon-posts-visibility-types.webp){width="400"} + +### Public post + +This post is visible to anyone, whether they follow you or not. This post will also be visible from your account's public page, to people who do not necessarily have a Mastodon account. + +For example, if you log *out* of your account, then go to `https://YOUR_INSTANCE_ADDRESS/@YOUR_USERNAME`, you will see what someone outside of Mastodon could see from your public page. + +![Screenshot of a Mastodon account's public page from a browser. A yellow arrow points at the account's URL, and three red arrows point at information visible to the public such as a public post, a quiet-public post, and the fact that this account is locked.](../assets/images/mastodon-tutorial-privacy-and-security/mastodon-posts-account-page.webp) + + +### Quiet public post + +This post is visible to anyone, and is also visible from your account's public page (like a Public post). However, it will not be featured in the "Trending" or "Live feeds" timelines. Additionally, it will not be searchable. This reduces its public exposure slightly, and is sometimes recommended for replies. + +### Followers post + +This post is only visible to your followers. If you enabled the option to approve each follower, then only people you have approved will see this post. Followers-only posts cannot be boosted (re-posted) by others, and will *not* appear on your account's public page. + +Your Followers-only posts will have significantly less reach, and potentially less engagement, but will be much more private. + +
+

Followers-only post and approving followers

+ +An important thing to keep in mind when selecting a post's visibility is who your followers are (or could be). + +If you select Followers-only, but anyone could follow you, this restriction will block boosts for this post, and remove visibility from your account's public page, but anyone who decided to follow you can see it. + +However, if you *also* enable restrictions on who can follow you, you will have more control over the visibility of your Followers-only posts, by pre-approving who can follow you and see these posts. + +
+ +### Private mention post + +This post is only visible to the people mentioned in it. This works like a "Direct message" feature, except that anyone mentioned will be included. + +Be careful not to write the handle of someone you do not want included in this conversation! Because this *will* include them. + +Additionally, always keep in mind that the administration and moderation team of your instance *could* see all your posts, including your Private mention posts (like it is the case for any other social media). Never share sensitive information in Private mention posts! + +![Screenshot of the Mastodon web interface showing the post composition window for a Private mention post. There is a warning message above saying that "Posts on Mastodon are not end-to-end encrypted. Do not share any sensitive information over Mastodon. Learn more".](../assets/images/mastodon-tutorial-privacy-and-security/mastodon-private-mention.webp){width="400"} + +
+

End-to-end encryption for private mentions

+ +There is currently work being done to [integrate end-to-end encryption](https://socialwebfoundation.org/program-protocol-e2ee/) to the ActivityPub protocol, potentially making end-to-end encrypted private mention on Mastodon possible one day. + +Implementing end-to-end encryption properly is no small task, and understandably it could take some time for this to be ready for Mastodon users. + +However, it would make your private mentions truly private, being accessible only to its intended sender(s) and recipient(s). This could be groundbreaking for the Fediverse, and for your privacy! + +
+ +### Default post visibility + +Even if you can adjust visibility for each post, you may also want to adjust your account's *default* post visibility. + +For example, this can help by preventing accidentally sharing something publicly if posting to followers only is preferred, especially if your account is locked for more privacy. + +To adjust the default post visibility, go to "Preferences" > "Preferences" > "Other". In the "Posting privacy" section, select your preference in the "Posting privacy" drop-menu for either "Public - Everyone can see", "Unlisted - Everyone can see, but not listed on public timelines", or "Followers-only - Only show to followers". + +Confirm your choice by clicking on "Save changes" on the upper-right. + +![Screenshot of the Mastodon web interface showing the "Preferences" page in Preferences.](../assets/images/mastodon-tutorial-privacy-and-security/mastodon-posts-default.webp) + +
+

Hide posted media (slighly)

+ +Additionally, you might want to check the "Always mark media as sensitive" option from the same section. This will label the media as "Sensitive content", and require others to click on it to view the image. This will **not stop anyone from clicking to view it**, including people without a Mastodon account from your account's public page, but it might *slightly* reduce the visibility for certain media. + +Depending on the content, your instance may have some rules requiring to hide certain type of content. Make sure to consult your instance's Server rules about this. + +
+ +### Quote posts + +Mastodon version 4.4 is already preparing for the implementation of a new [Quote Posts feature](https://blog.joinmastodon.org/2025/02/bringing-quote-posts-to-mastodon/) coming up in Mastodon 4.5. Quote posts have been long requested and debated on Mastodon. + +Mastodon didn't lack quote posts accidentally, it was a deliberate choice from the development team to [reduce potential abuse](https://techcrunch.com/2025/07/08/mastodons-latest-update-readies-the-app-for-quote-posts-revamps-design/). This is why the team has been very careful, taking the time to implement this new feature properly, and giving options for Mastodon users to opt out. + +Again, this shows how Mastodon differs from commercial social media, by prioritizing users' safety and control over monetizing attention. + +To give control to the users, important options have been planned out: + +1. People will be able to choose if they want their post to be quoted or not +2. People will be notified when their post is quoted +3. People will be able to **withdraw their post from being quoted** at any time + +These options greatly reduce the potential for abuse when quoting posts, a behavior we have sadly all witnessed on commercial social media with a culture of dunking on others. + +From Mastodon version 4.4, you can already decide which permission you want to allow for your posts to be quoted. This is only in preparation for the feature for now, the final implementation should be available in the [next software update](https://blog.joinmastodon.org/2025/07/mastodon-4-4-for-devs/). + +To adjust this in preparation, go to "Preferences" > "Preferences" > "Other". From the "Posting defaults" section, find the drop-menu labeled "Who can quote", and select either "Everyone", "Followers and mentioned users", or "Only mentioned users". + +Confirm your choice by clicking on "Save changes" on the upper-right. + +![Screenshot of the Mastodon web interface showing the "Preferences" page in Preferences.](../assets/images/mastodon-tutorial-privacy-and-security/mastodon-posts-quote-posts.webp) + +## :material-checkbox-marked-circle-outline: Verifying yourself and others + +The account verification process on Mastodon is excellent. Not only is it free, but it doesn't require you to provide any official ID or other intrusive documentation to proof your identity. It is a privacy-respectful verification feature. + +The way it functions is very simple: Verification works by providing a *proof of control* over a website, or a web page. + +For example, if you are the official Mastodon account for the privacyguides.org website, you can easily add a simple invisible link to this website to confirm that this Mastodon account is official. Once the verification process is completed, the Mastodon account profile page will display a **verified link in green with a checkmark**, confirming this account is authorized by the owner of this website (or web page). + +From a profile page, it looks like this: + +![Screenshot of the Privacy Guides Mastodon account's public page. The profile page shows multiple verified links in green with a checkmark on the left, including the official Privacy Guides website, forum, articles, videos, and donation pages.](../assets/images/mastodon-tutorial-privacy-and-security/mastodon-verification-links.webp) + +All the links displayed in green with a checkmark have been verified from the listed websites. + +This is **a feature very important to use for organizations**. It confirms to readers and followers this Mastodon account is authorized and truly belongs to the organization. It's also important for any individuals, writers, and journalists who want to confirm their identity to the public. + +Looking for these verified links, other Mastodon users can validate if an account is legitimate, increasing trust and security. + +### Account verification + +If you would like to verify your own account, here's how you can do it yourself. + +It's easy, and it's free! + +Go to "Preferences" > "Public profile", then select the "Verification" tab at the top. From there, follow the instructions to copy the link to the web page you want to use to verify your account. + +![Screenshot of the Mastodon web interface showing the Public profile page in Preferences, from the "Verification" tab. The page shows a link to copy containing the account's address, and a confirmation of links already verified.](../assets/images/mastodon-tutorial-privacy-and-security/mastodon-verification-link-setup.webp) + +If you prefer not to add a Mastodon link to your web page, you can simply add this HTML line in the web page's head section (replacing `https://YOUR_INSTANCE_ADDRESS/@YOUR_USERNAME` with the link to your own Mastodon account): + +```html + +``` + +### Author attribution for journalists and writers + +In addition to the verification process available to everyone, Mastodon recently [added](https://blog.joinmastodon.org/2024/07/highlighting-journalism-on-mastodon/) a feature specifically for writers and journalists! + +Since last year, journalists and bloggers alike can link their articles to their Mastodon account. This validates their identity, while also increasing their Mastodon account's discoverability from article links. This is fantastic feature! + +Popular websites like TechCrunch, ProPublica, and of course Privacy Guides have already adopted it! You might have noticed this feature previously, for example if you found this article from a Mastodon post. + +To add author attributions to your articles, scroll down the same page and simply add the provided link to each of your article's HTML page, then lists the website(s) allowed to credit you below: + +```html + +``` + +![Screenshot of the Mastodon web interface showing the Public profile page in Preferences, from the "Verification" tab. The page is scrolled down to the very bottom, showing the option and instructions to add Author attribution to articles.](../assets/images/mastodon-tutorial-privacy-and-security/mastodon-verification-author-setup.webp) + +## :material-folder-multiple-outline: Deleting and accessing your data + +Data deletion is a fundamental part of data privacy, and a protected right under many privacy laws. + +Mastodon makes data deletion effortless. You will never have to battle the insufferable BigTech™️ customer service to request your data to be deleted on Mastodon. You can control most of it just by yourself. + +### Automated post deletion + +First, you can easily set up automatic post deletion and adjust it to your precise preferences. This is a rare feature on social media, and demonstrates once again how Mastodon prioritizes users' benefits over data monetization. + +To enable it, go to "Preferences" > "Automated post deletion", then check the option "Automatically delete old posts" on the upper-left. Adjust the "Age threshold" on the upper-right to anything between 1 week and 2 years. + +In the "Exceptions" section below, you can select a number of variables to customize post deletion. Keeping your pinned posts from being deleted is likely a good idea, for example. + +You can also keep the option checked to protect from deletion your own posts that you have favorited. This is very convenient to get a more granular control over automated deletion, purposefully keeping some posts while letting others getting automatically deleted. + +![Screenshot of the Mastodon web interface showing the Automated post deletion page in Preferences.](../assets/images/mastodon-tutorial-privacy-and-security/mastodon-deletion.webp) + +In the "Exceptions based on interactions" section, you can select a threshold of favorites and/or boosts to protect posts from automatic deletion. + +Once you have adjusted automated deletion to your preferences, click on "Save changes" on the upper-right to confirm your choices. + +### Data access and backups + +Another important side of digital rights is access to your own data. Here again, Mastodon makes it easy. You can download a copy of your account data any time you want. + +For this, go to "Preferences" > "Import and export" > "Export". From there, you can request a compressed archive of all your posts and uploaded media once every 7 days. This archive will be readable by any ActivityPub-compatible software, or you can open it with any simple text software. + +![Screenshot of the Mastodon web interface showing the Export page in Preferences.](../assets/images/mastodon-tutorial-privacy-and-security/mastodon-export.webp) + +Additionally, you can download lists of your Follows, Followers, Lists, Mutes, Blocks, Domain Blocks, and Bookmarks in CSV format any time (also readable with any simple text software). + +Keeping a local copy of your data for regular backup purposes is a good idea in general, and also recommended before an account migration. + +### Account deletion + +Finally, if you decide to delete your *whole* account, this is again incredibly easy. Simply go to "Preferences" > "Account" > "Account settings", and scroll down to the bottom of this page. + +Once you are ready to delete your data (and have downloaded the data you wish to keep), click on the "proceed here" link. Read the information from the "Account deletion" page, and enter your password when you are ready to confirm. + +![Screenshot of the Mastodon web interface showing the Account deletion page, from the "proceed here" link on the previous "Account" page.](../assets/images/mastodon-tutorial-privacy-and-security/mastodon-deletion-account.webp) + +## :octicons-blocked-16: Blocking users and instances + +You have a lot of control on which information you show and see on Mastodon. Like for other social media, you can block users individually on Mastodon. But additionally, you can also block a whole instance if you aren't happy interacting with it. This, like an individual block, can benefit your privacy by restricting further who can access your posts. + +
+

Filtering content and muting users

+ +This tutorial will not discuss in details all the Mastodon features, as it focuses on privacy and security. However, it's worth mentioning briefly that there are softer options than blocking, if you simply wish not to see some content on Mastodon. + +First, you can use [Filters](https://docs.joinmastodon.org/user/moderating/#filters) to hide specific content or hashtags from your timelines. Second, you can [Mute](https://docs.joinmastodon.org/user/moderating/#mute) a user, temporarily or permanently. However, remember that muting a user will still allow them to see your posts. Since Mastodon 4.4, you can also use "Remove follower" to simply remove someone from following you, without having to block them. + +
+ +### User block + +If you block a user, this person will not be able to interact with you, and will not see your posts from their account anymore. They could however still see your public and quiet-public posts from your account's public page. + +
+

Adding a Personal Note

+ +If you want to remember why you blocked (or muted) someone, you can [add a Personal Note](https://fedi.tips/what-are-notes-on-mastodon-what-does-click-to-add-note-mean-on-mastodon-profiles/) on their profile page. They will not be able to see this note, but your notes could be read by your instance's administration or moderation team. Be careful what you write there. Notes cannot be transferred during account migration at this time. + +![Screenshot of the Mastodon web interface showing a user's profile page viewed from within a logged-in user interface. A yellow arrow points at the section to add a Personal Note on a user's profile page.](../assets/images/mastodon-tutorial-privacy-and-security/mastodon-personal-note.webp) + +
+ +To block a single user, find their profile and click on the 3-dot "Menu" button on the upper-right. From the drop-menu, select "Block `USERNAME`". + +![Screenshot of the Mastodon web interface showing a user's profile page viewed from within a logged-in user interface. A yellow arrow points at the drop-menu from the profile page's "Menu" button, with the selection to Block that user.](../assets/images/mastodon-tutorial-privacy-and-security/mastodon-block-user.webp) + +
+

Blocked users can still visit your account's public page

+ +Remember that blocked accounts (and instances) might still be able to see your public and quiet-public posts outside Mastodon, by visiting your account's public page. Although, they will not be able to interact with your posts anymore. + +
+ +### Instance block + +If you block an entire instance, *everyone* from this instance will stop seeing your posts, you will stop seeing theirs, and they will be removed from your followers and follows. Nobody from this instance will be able to follow you anymore, and you will not be able to follow them either. + +There are two ways to block a whole instance. The simplest way is to find a user from that instance and click on the 3-dot "Menu" button on their profile. From the drop-menu, select "Block domain `DOMAIN_NAME`". + +
+

This blocks everyone from that instance

+ +Remember this will block *everyone* using this instance at once, and you will lose *all* followers and follows you may have from this instance as well. You might not be able to recover those followers if you change your mind later. + +
+ +![Screenshot of the Mastodon web interface showing a user's profile page viewed from within a logged-in user interface. A yellow arrow points at the drop-menu from the profile page's "Menu" button, with the selection to Block domain the whole instance this user is from.](../assets/images/mastodon-tutorial-privacy-and-security/mastodon-block-instance.webp) + +Alternatively, you can even "pre-block" an instance on Mastodon. For example, many people used this method when Meta's Threads announced they would connect to the Fediverse, but didn't have any connected accounts yet. + +To do this, go to "Preferences" > "Import and export" > "Export", then download the "CSV" file for your "Domain blocks". + +![Screenshot of the Mastodon web interface showing the Export page in Preferences.](../assets/images/mastodon-tutorial-privacy-and-security/mastodon-block-domains-csv.webp) + +Open the `blocked_domains.csv` file as a text file, then type each domain you wish to block. Use one line for each domain (if you want to block more than one). Save this file using the same filename. + +![Screenshot of the "blocked domains" CSV file opened with TextEdit. The file contains two different domains written on each a separate line.](../assets/images/mastodon-tutorial-privacy-and-security/mastodon-block-domains-file.webp) + +Back to your account, move to the "Import" section from the left-side menu. From the "Import type", select "Domain blocking list". + +Keep the "Merge" option on if you want to *add* new domains to block, or select "Overwrite" to replace your old list with this new list. Browse to upload the file you just modified, then click "Upload". + +
+

Carefully verify the correct type!

+ +Make sure to select "Domain blocking list" in the "Import type" or you could accidentally overwrite other important data! For safety, always save a backup of your existing data before doing any modifications like this. + +
+ +![Screenshot of the Mastodon web interface showing the Import page in Preferences.](../assets/images/mastodon-tutorial-privacy-and-security/mastodon-block-domains-import.webp) + +You will be prompted to confirm. Verify the information is correct, then click "Confirm". You should see a confirmation message with "Your data was successfully uploaded and will be processed in due time". You can now leave this page. + +### User report + +Reporting users isn't necessarily directly linked to privacy and security (although it can be), but it's still an important mechanism to address the overall safety of the network. + +Because moderators have less resources on the Fediverse, they rely on users reporting problematic posts in order to enforce moderation policies. + +As a member of your instance's community, it's important to report posts violating your instance's Server rules, but it's also important not to misuse report mechanisms when there are no violations. + +To report a post, click on the 3-dot "More" button on the lower-right of the problematic post, then select "Report `USERNAME`". + +Answer the form to the best of your knowledge, and **try to be as helpful to your instance's moderation team as you can, without overwhelming them**. + +![Screenshot of the Mastodon web interface showing a user's profile page viewed from within a logged-in user interface. A red arrow points at the "More" button of a post, and another red arrow points at the "Report" selection from the drop-menu.](../assets/images/mastodon-tutorial-privacy-and-security/mastodon-report.webp) + +
+

Do not report if there are no policy violations

+ +People who volunteer to moderate an instance are doing it for the community. It's important to respect their time, to stay kind, and to not abuse reporting mechanisms. + +Only report content that violates the policies of your instance, or theirs. Do not report users simply because you dislike their posts. There are better mechanisms to hide the content you simply dislike, such as Filters, Mutes, or Blocks. + +
+ +## :fontawesome-solid-hashtag: Opting out with hashtags + +Data privacy and user consent are principles strongly valued by the Fediverse community. Sometimes, developers trying to create tools for the Fediverse or utilizing its user data without prior explicit consent have come into conflict with these values. + +Unfortunately, despite how illegal it may be, there aren't many technical barriers to stop malicious actors from violating users' consent. + +### Special hashtags + +However, many developers creating tools for the Fediverse actually *do care* about respecting these values, and want to build tools the right way. + +Some have implemented methods to opt in or opt out the data they collect or the tools they build. This is why you will sometimes see people adding special hashtags in their profile biography, such as `#noindex`, `#nosearch`, `#nobot`, `#noai`, `#nobridge`, etc. + +Ideally, all data collection should be prohibited until users' consent is obtained, and data subjects notified (opt in default). This is obligatory by law for many jurisdictions. Sadly, many developers do not follow sound legal practices in reality, and will not seek users' consent, despite their legal and moral obligations. + +Adding these hashtags (and maybe others in the future) to your profile biography *might* help to opt out certain data collection and certain tools built by developers who do respect users' consent. This can effectively *reduce* data scraping, in some situations. If anything, it is at least a public statement against disrespectful (and sometimes illegal) practices. + +## :material-arrow-right-bold-box-outline: Moving to another instance + +The freedom to move from one instance to another can greatly contribute to keeping Mastodon a place that puts its users first. + +If suddenly your instance were to implement a data scraper for its AI model to train on all your content (like so many commercial social media do now), or drastically drop moderation, you could simply move your account to another instance, one that is more respectful of your values and privacy rights. + +This is a feature completely absent from centralized social media. Allowing them to unleash unchecked user exploitation, knowing fully users feel trapped and somehow forced to endure the abuse on their platforms. + +Mastodon is protected again such abuse, by design. + +When investing your precious time and energy participating in a Fediverse community, you will retain your data and your agency to choose which type of administration you prefer. + +If you are unhappy with your Mastodon instance's management, here's how to leave for greener pastures: + +### Planning your move + +First, plan your move properly. While moving your account is easy enough to do, there is a 30 days cooldown period in which you will not be able to move your account again. Make sure to choose your new home (instance) carefully, you will be there for *at least* 30 days. + +Then, you might want to inform your followers. While moving followers is done automatically, it may take a few hours before completion, and your followers might be wondering what is going on. It can be a good idea to post about it from the account you are moving away from before moving. + +
+

Summary of the steps to follow

+ +1. Save an archive of your posts (if you want) +2. Save a copy of the six CSV files in "Export" (to import later) +3. Choose a new instance +4. Create a new account on your new instance (you can use the same username if available) +5. Alias your two accounts +6. Move your old account to the new one +7. From your new account: Wait that your followers are all transferred +8. From your new account: Import data and verify that everything is transferred properly +9. From your old account: Delete your older account (if you want) + +
+ +### Backing up your data + +The first step is to back up your data. This is important both for security and to allow you to import it later to your new account (some data isn't transferred automatically). + +Go to "Preferences" > "Import and export" > "Export", then click the "Request your archive" purple button at the bottom. + +Wait for the archive to be ready (you should receive an email notification within a few minutes), then download your precious archive somewhere secure. + +Do not stop there! + +You also need to download the CSV files above to import them manually to your new account. For each line with a CSV option on the table below ("Follows", "Lists", "You mute", "You block", "Domain blocks", and "Bookmarks"), download the CSV file in a secure location. Be careful not to forget anything. + +![Screenshot of the Mastodon web interface showing the Export page in Preferences. The downloadable CSV files are highlighted.](../assets/images/mastodon-tutorial-privacy-and-security/mastodon-move-export.webp) + +
+

Your posts will not be moved!

+ +Unfortunately, you will not be able to import your posts to your new Mastodon account (yet). + +But this might change soon! The ActivityPub team is currently working on a [live online account portability protocol (LOLA)](https://swicg.github.io/activitypub-data-portability/lola) that could get added to Mastodon relatively soon. This will be a wonderful improvement to this process, and allow even more freedom and agency to Mastodon users! + +
+ +### Moving your account + +Once you have backed up your data, informed your followers, and created a new account on your instance of choice, you can start the migration process. + +**From your new account:** Go to "Preferences" > "Account" > "Account settings", scroll down to "Moving **from** a different account", and click on "create an account alias". + +In the field labeled "Handle of the old account", enter the complete handle (`@YOUR_USERNAME@YOUR_INSTANCE_ADDRESS`) of the *old* account you want to move *from*. Then click on "Create alias" at the bottom to confirm. + +This will not initiate the migration yet. It will only create an alias, and it is reversible. + +![Screenshot of the Mastodon web interface showing the Account aliases page in Preferences, from the "Moving from a different account" link on the Account settings page.](../assets/images/mastodon-tutorial-privacy-and-security/mastodon-move-account-alias.webp) + +**From your old account:** Go to "Preferences" > "Account" > "Account settings", scroll down to "Move **to** a different account", and click on "configure it here". + +Carefully read the information on this page. Enter the *complete handle* (`@YOUR_NEW_USERNAME@YOUR_NEW_INSTANCE_ADDRESS`) of the new account you want to move *to* in "Handle of the new account". Confirm with your current (old) account password on the right, then click on the "Move followers" purple button at the bottom. + +**This will initiate the migration process.** + +![Screenshot of the Mastodon web interface showing the Account aliases page in Preferences, from the "Move to a different account" link on the Account settings page.](../assets/images/mastodon-tutorial-privacy-and-security/mastodon-move-account-migration.webp) + +Moving all your followers to your new account might take some time, but normally should be fully completed within 24 hours. + +Besides waiting for your followers to migrate, you will also need to manually import your "Following list", "Bookmarks", "Lists", "Muting list", "Blocking list", and "Domain blocking list". For this, go to "Preferences" > "Import and export" > "Import". + +For **each** of these 6 types of data, select a type in the "Import type" drop-menu, then click on "Browse" to upload the corresponding file you have exported earlier in the [Backing up your data](#backing-up-your-data) step. + +Choose "Merge" on the right if you want to *add* this old data to data your already have on your new account, or "Overwrite" if you want to only keep data from your old account. Then click "Upload" below. + +![Screenshot of the Mastodon web interface showing the Import page in Preferences.](../assets/images/mastodon-tutorial-privacy-and-security/mastodon-move-import.webp) + +There you go! Your Mastodon account was successfully moved from one Mastodon instance to another! + +
+

Delete your old account (if you want)

+ +You may want to delete your old account once you have completed your account migration and verified all your followers and data were transferred properly. + +If your old instance isn't shutting down, you can also keep it of course. But remember that keeping an account abandoned in the long-term can create some security issues. + +
+ +## :material-hand-heart-outline: Consider supporting Mastodon + +Mastodon is supported by its community! If you enjoy the platform and can contribute, consider supporting the project by: + +- [Donating to support Mastodon's development and operations](https://joinmastodon.org/sponsors) + +- Donating to your Mastodon instance (ask your administrator) + +- [Buying cute merch from the Mastodon organization](https://shop.joinmastodon.org/) + +- [Contributing to the Mastodon project on GitHub](https://github.com/mastodon/.github/blob/main/CONTRIBUTING.md) + +- [Starting your own Mastodon instance](https://docs.joinmastodon.org/user/run-your-own/) + +- [Talking to your friends and family about joining the Fediverse!](https://jointhefediverse.net/join) + +
+

More information

+ +For more information on Mastodon and the Fediverse, you can visit the excellent website [Fedi.Tips](https://fedi.tips/). + +
+ + diff --git a/blog/posts/mozilla-disappoints-us-yet-again-2.md b/blog/posts/mozilla-disappoints-us-yet-again-2.md index 5be61041..25c6966c 100644 --- a/blog/posts/mozilla-disappoints-us-yet-again-2.md +++ b/blog/posts/mozilla-disappoints-us-yet-again-2.md @@ -10,6 +10,8 @@ tags: - Mozilla description: "'No shady privacy policies or back doors for advertisers' proclaims the Firefox homepage, but that's no longer true in Firefox 128." schema_type: AnalysisNewsArticle +preview: + cover: blog/assets/images/mozilla-disappoints-us-yet-again-2/cover.webp --- # "Privacy-Preserving" Attribution: Mozilla Disappoints Us Yet Again diff --git a/blog/posts/privacy-guides-partners-with-magic-grants-501-c-3.md b/blog/posts/privacy-guides-partners-with-magic-grants-501-c-3.md index 1c98037b..4dbc3a4e 100644 --- a/blog/posts/privacy-guides-partners-with-magic-grants-501-c-3.md +++ b/blog/posts/privacy-guides-partners-with-magic-grants-501-c-3.md @@ -7,6 +7,8 @@ authors: - jonah description: We're excited to announce a partnership with MAGIC Grants, a Public 501(c)(3) charity with the mission of supporting privacy projects like ours and providing undergraduate scholarships for students interested in cryptocurrencies and privacy. schema_type: BackgroundNewsArticle +preview: + cover: blog/assets/images/privacy-guides-partners-with-magic-grants-501-c-3/magicblog.webp --- # Privacy Guides Partners With MAGIC Grants 501(c)(3) diff --git a/blog/posts/privacy-is-like-broccoli.md b/blog/posts/privacy-is-like-broccoli.md new file mode 100644 index 00000000..9ff15f9b --- /dev/null +++ b/blog/posts/privacy-is-like-broccoli.md @@ -0,0 +1,112 @@ +--- +date: + created: 2025-07-24T18:20:00Z +categories: + - Opinion +authors: + - em +description: Improving privacy can get overwhelming at first. It's important to move one step at a time, but remain persistent. Good privacy is like good health habits. +schema_type: AnalysisNewsArticle +preview: + cover: blog/assets/images/privacy-is-like-broccoli/broccoli-cover.webp +--- + +# Privacy Is Like Broccoli + +![Background filled with numbers from 0 to 2, representing binary code separated by the character 2. Outlined in bright green color is the shape of a piece of broccoli.](../assets/images/privacy-is-like-broccoli/broccoli-cover.webp) + + + +If you are just starting the journey to improve your privacy online, you might feel overwhelmed by all the information you recently learned. This is normal, don't panic! + +When we first start learning about how much data is collected on us, and all the things we need to do to protect it, it's very common to feel stressed and distressed. + +In a state of panic, you might be tempted to try doing it all at once, driven by an urgent desire to delete yourself from the entire internet, like right now! While this feeling is very understandable, this is the wrong approach. + +The right approach is to see privacy like broccoli. Yes, broccoli, you have not misread me. + +## Privacy is like good health habits + +Good privacy is very similar to good health habits. If you want to improve your health, and your plan for this is to take one week per year to stuff yourself with broccoli, spend 7 days in a bath, and exercise 20 hours per day that week (while in the bath eating broccoli, I presume), then for the rest of the year follow a strict diet of ice cream and chips without any exercise or hygiene, you will not in fact end up being healthier. + +The best *sustainable* approach to become healthier is to adopt better practices that you can keep doing the *whole* year, at a reasonable pace. + +Slowly, while you eat some broccoli with healthy meals once in a while, exercise moderately but regularly, and take care of your body in general, you will effectively improve your health over the months and years. + +The same is true for data privacy. + +Trying to stuff yourself with better privacy is a common and normal reaction after realizing how much of our personal data is getting exploited online. The extent to which our privacy rights are getting violated daily is understandably terrifying. + +However, trying to fix it all at once can lead to the greatest danger of all: Giving up entirely. + +As it is for good health habits, it's important to work on adopting good privacy habits slowly but *persistently*. These improvements need to be habits you will be able to maintain through the whole year. + +For some privacy-enhancing tools, it might take more time to set it up and get used to it at first, but then take no extra time to keep using it through the year. Nevertheless, it's important to actually **keep using these tools**. If you spend money on a stationary bike, then leave it to collect dust in the garage, this isn't going to improve your health at all. + +## What you can do concretely + +There is so much you can do to improve your privacy online, but here's the good news: You should start with the *easiest*. + +Here are a few things you can start doing to improve your data privacy. Start with the **easiest for you.** Complete goals **one at a time**. Once you are comfortable with one improvement, **then pick another one**. + +Don't forget to keep using these tools and practices through the whole year, not just for one stuffing-broccoli week. The key here is persistence. + +### Tools and services you can start using + +Start with the improvements that are easier for you, and with the recommendations that are realistically applicable to your unique situation. Only you can determine what are the tools that work best for yourself. Don't do it all at once! Pace yourself, but stay persistent. + +- [x] [**Browser**: Start using privacy-respectful browsers](https://www.privacyguides.org/en/desktop-browsers/) + +- [x] [**Internet Search**: Use a privacy-focused search engine](https://www.privacyguides.org/en/search-engines/) + +- [x] [**Communication**: Use Signal for your text messages, calls, and video chats whenever possible](https://www.privacyguides.org/en/real-time-communication/#signal) + +- [x] [**Social Media**: Start using better social media like Mastodon](https://www.privacyguides.org/en/social-networks/) + +- [x] [**Documents**: Use CryptPad for your collaborative documents and forms](cryptpad-review.md) + +- [x] [**Security**: Enable multifactor authentication for your accounts](https://www.privacyguides.org/en/multi-factor-authentication/) + +- [x] [**Passwords**: Start using a secure password manager](https://www.privacyguides.org/en/passwords/) + +- [x] [**Email**: Migrate to a privacy-respectful email service](https://www.privacyguides.org/en/email/) + +- [x] [**Virtual Private Network**: Protect your IP address with a trustworthy VPN service](https://www.privacyguides.org/en/vpn/) + +- [x] [**Cloud**: Move your data to an end-to-end encrypted cloud storage](https://www.privacyguides.org/en/cloud/) + +- [x] [Continue your journey with more recommendations here!](https://www.privacyguides.org/en/tools/) + +### Practices and habits to adopt progressively + +- [x] [**Use pseudonymity when creating accounts:**](stay-safe-but-stay-connected.md/#pseudonymity) Favor sharing only a nickname or a first name when possible. Create accounts using email aliases, unique passwords, and a VPN connection when you can. Avoid sharing your phone number as much as possible. + +- [x] [**Limit the photos you share:**](stay-safe-but-stay-connected.md/#photo-sharing) Be careful when sharing photos of yourself online. Be mindful of the information it contains, such as precise location. Examine your photos for reflections that could share more details than you intended. Keep in mind that using the same photos on different services might link these services together. Never share photos of others without their prior consent! + +- [x] [**Remove metadata:**](stay-safe-but-stay-connected.md/#file-metadata) Whenever you share a photo or a file somewhere, strip the metadata from this file before sharing it. + +- [x] **Minimize shared data:** When filling a form or creating an account, don't share more information than what is necessary. Even if there is a question with a field, this field might not be mandatory to fill. Only fill the mandated information to obtain the service you need. + +- [x] [**Opt out of data collection, say no:**](you-can-say-no.md) Whenever possible, try opting out of unnecessary data collection. Sometimes, options to opt out aren't advertised, but you can ask if there is one. Opt out of meetings or medical visits being recorded (often done from AI transcription tools), opt out of facial scans at airports (if you legally can), reject all cookies! + +- [x] **Opt out of AI features:** Each time a service or app asks for your consent to use a "smart" feature, if you don't absolutely need it, choose No. Don't use AI features if you can avoid it. Unfortunately, many if not most of these features do collect your data, in a way that often makes it impossible to delete later. Unless you have reliable guarantees this feature is privacy-respectful, it's always safer to opt out and say no. + +- [x] [**Delete your unused accounts:**](https://www.privacyguides.org/en/basics/account-deletion/) Get into the habit of deleting the accounts you no longer use (and the data it contains). If required, email the service to submit an official data deletion request. You will feel lighter and lighter over time! + +- [x] **Continue your journey with us:** Keep consulting our many resources to adopt even more healthy privacy practices persistently! + +## Persistence is key + +There are a lot of recommendations above, but don't do it all at once. Be careful not to choke on broccoli! + +Take steps to bookmark this information for later, and go through it slowly at a pace that doesn't overwhelm you. **Always take the easiest next step.** + +Maybe keep a to-do list, use a privacy-respectful calendar app, or even a bingo card (gamified privacy!) for your privacy improvement goals for the year. Make it easy, and make it fun! + +Perhaps joining a group of like-minded people may also help you to stay motivated. There's a truly wonderful community on our [Privacy Guides Forum](https://discuss.privacyguides.net/) you are welcome to join! Many people there will be able to help you if you have questions through your privacy journey. Give yourself the tools and support you need to succeed, you are not alone with this. + +Your greatest enemy is yourself giving up. + +Your greatest allies are the amazing variety of free privacy-preserving tools and services available to you, the numerous guides and communities out there to help you, and the friends you will make along the way. + +Remember to stay healthy and persistent with your privacy! 🥦✨ diff --git a/blog/posts/privacy-is-not-dead.md b/blog/posts/privacy-is-not-dead.md index f6dcf964..5177aef0 100644 --- a/blog/posts/privacy-is-not-dead.md +++ b/blog/posts/privacy-is-not-dead.md @@ -8,9 +8,7 @@ authors: description: Privacy is only dead if we let it die. Be careful about the all-or-nothing mindset in data privacy, it can do more damage than good to the cause. While striving for improvements, do not forget to cheer and celebrate each small win. schema_type: OpinionNewsArticle preview: - color: "#28323F" - text_color: "#FFD06F" - site_logo: privacy-guides-logo-notext-darkbg.svg + cover: blog/assets/images/privacy-is-not-dead/cover.webp --- # No, Privacy is Not Dead: Beware the All-or-Nothing Mindset diff --git a/blog/posts/privacy-means-safety.md b/blog/posts/privacy-means-safety.md index c0eaf7a1..1fd26c8a 100644 --- a/blog/posts/privacy-means-safety.md +++ b/blog/posts/privacy-means-safety.md @@ -7,6 +7,8 @@ authors: - em description: Privacy is a human right that should be granted to everyone, no matter the reason. That being said, it's also important to remember that for millions of people around the world, data privacy is crucial for physical safety. For people in extreme situations, privacy can literally mean life or death. schema_type: NewsArticle +preview: + cover: blog/assets/images/privacy-means-safety/privacy-means-safety-cover.webp --- # Privacy Means Safety diff --git a/blog/posts/privacy-pass.md b/blog/posts/privacy-pass.md index d4639197..b15acae0 100644 --- a/blog/posts/privacy-pass.md +++ b/blog/posts/privacy-pass.md @@ -11,6 +11,8 @@ license: BY-SA schema_type: BackgroundNewsArticle description: | Privacy Pass is a new way to privately authenticate with a service. Let's look at how it could change the way we use services. +preview: + cover: blog/assets/images/privacy-pass/cover.webp --- # Privacy Pass: The New Protocol for Private Authentication diff --git a/blog/posts/privacy-washing-is-a-dirty-business.md b/blog/posts/privacy-washing-is-a-dirty-business.md new file mode 100644 index 00000000..cc6341fc --- /dev/null +++ b/blog/posts/privacy-washing-is-a-dirty-business.md @@ -0,0 +1,216 @@ +--- +date: + created: 2025-08-20T17:00:00Z +categories: + - Opinion +authors: + - em +description: + Privacy washing is a widely used deceptive strategy. Learning to detect it better is an important skill to develop to help us to respond to it and report it. +schema_type: Opinion +preview: + cover: blog/assets/images/privacy-washing-is-a-dirty-business/washing-cover.webp +--- + +# Privacy Washing Is a Dirty Business + +![Filtered photo of a sticker on a metallic surface with graffiti. The sticker has the sentence "We respect your privacy!" written on it, and the whole sentence is barred is a red line over it.](../assets/images/privacy-washing-is-a-dirty-business/washing-cover.webp) + + + +Perhaps you haven't heard the term *privacy washing* before. Nonetheless, it's likely that you have already been exposed to this scheme in the wild. Regrettably, privacy washing is a widespread deceptive strategy. + +## What is privacy washing + +Similarly to whitewashing (concealing unwanted truths to improve a reputation) and greenwashing (deceptively presenting a product as environmentally friendly for marketing purposes), privacy washing misleadingly, or fraudulently, presents a product, service, or organization as being responsible and trustworthy with data protection, when it isn't. + +
+

Your privacy is* important to us.

+ +The term has been used for over a decade already. It's saddening to see that not only is this [not a new problem](https://dataethics.eu/privacy-washing/), but it has only gotten worse through the years. + +With the acceleration of data collection, the accumulation of data breaches, and the erosion of customers' trust, companies have an increased need for reassuring users to gain their business. + +Despite consumers' rights and expectations, implementing proper data protection takes time, expertise, and money. Even if the long term benefits are colossal, the time invested often doesn't translate into direct *short term* profits, the main objective for most businesses. On the other hand, collecting more data to sell it to third parties often *does* translate into short term profits. + +For these reasons, many companies quickly realize the need for *advertising* better privacy, but aren't necessarily willing to invest what it takes to make these claims true. + +There comes privacy washing: "Your privacy is* important to us." + +Privacy washing comes with a selection of washer cycles, from malicious trap to deceptive snake oil to perhaps the most common wash: plain negligence. + +## Negligence, incompetence, or malevolence + +In some other contexts, intentions might matter more. But when it comes to privacy washing, the result is often the same regardless of intentions: Personal data from users, customers, employees, patients, or children even being leaked and exploited in all sorts of ways. + +Whether false claims come from negligence by failing to verify that data protections are properly implemented, incompetence to evaluate if they are, or maliciously trying to trick users in using a service that is actually detrimental to their privacy, harm is done, and sometimes permanently so. + +Nonetheless, understanding the different types of privacy washing can help us to evaluate how to detect it, respond to it, and report it. + +### Negligence and greed + +> *They know what they are doing, but they care more about money* + +The most common occurrence of privacy washing likely comes from negligence and greed. One of the biggest drivers for this is that the current market incentivizes it. + +Today's software industry is largely inflated by venture capitalist funding, which creates expectations for a substantial return on investment. This funding model often encourages startups to quickly build an app following the [minimum viable product](https://en.wikipedia.org/wiki/Minimum_viable_product) principles, grow its user base as fast as possible, increase its value, and then sell it off for profits. + +The problem is, this model is antithetical to implementing good privacy, security, and legal practices from the start. Data privacy cannot only be an afterthought. It must be implemented from the start, before users' data even gets collected. + +Many startups fail to see how being thorough with data privacy will benefit them in the long term, and view privacy and security requirements only as a burden slowing down their growth. This mindset can result in perceiving privacy as a simple marketing asset, something businesses talk to users about for reassurance, but without putting any real effort into it beneath the surface. + +
+

Perhaps moving fast and breaking things wasn't such a good idea after all.

+ +Outside of privacy, this common startup mindset of playing fast and loose with customers and their safety frequently has **devastating** consequences. One recent and tragic example comes from OceanGate's Titan deep-sea submersible that [infamously imploded](https://globalnews.ca/news/11318623/titan-sub-report-oceangate-culture-critically-flawed/) during an exploration, killing its five passengers in an instant. + +The final report blamed a problematic safety culture at OceanGate that was “critically flawed and at the core of these failures were glaring disparities between their written safety protocols and their actual practices.” + +Perhaps [moving fast and breaking things](move-fast-and-break-things.md) wasn't such a good idea after all. + +Alas, similar "glaring disparities" between policies and practices are widespread in the tech industry. While maybe not as dramatic and spectacular as an imploding submersible, [data leaks can also literally kill people](privacy-means-safety.md). + +**Data privacy is the "passenger safety protocol" for software**, and it should never be trivialized. + +Privacy isn't just "risk management", it is a human right. Analogous to safety protocols, organizations are responsible for ensuring their data protection policies are being followed, and are accurately describing their current practices. Anything less is negligence, at best. + +Unfortunately, users (like passengers) often have very few ways to verify false claims about allegedly privacy-respectful features and policies. But this burden should never be on them in the first place. + +### Incompetence and willful ignorance + +> *They don't know what they are doing, or they just don't want to know* + +Partly related to negligence, is plain incompetence and willful ignorance. Some organizations might be well-intentioned initially, but either lack the internal expertise to implement proper privacy practices, or conveniently decide not to spend much time researching about what their data protection responsibilities are. + +For example, most businesses have heard by now of the requirement to present a privacy policy to their users, customers, and even web visitors. Deplorably, in a failed attempt to fulfill this legal obligation, many simply copy someone else's privacy policy and paste it on their own website. Not only this is very unlikely to be compliant with applicable privacy regulations, but it also possibly infringes *copyright* laws. + +Do not simply copy-paste another organization's privacy policy and claim it as your own! + +It's important to remember that legal requirements for policies aren't the end goal here. **The true requirements are the data protection *practices*.** + +The policies *must* accurately describe what the *practices* are in reality. Because no two organizations have the exact same internal practices and third-party vendors, no two organizations should have the exact same privacy policy. + +**Copy-paste privacy policies aren't compliance, they're deception.** + +A privacy policy that isn't accurately describing an organization's practices is a form of privacy washing. Sadly, a quite commonly used one, like some quick light-wash cycle. + +It's worth noting these days that creating a privacy policy using generative AI will lead to the exact same problems related to accuracy and potential infringement of both privacy and copyright laws. This is *not* a smart "shortcut" to try. + +While lack of understanding of policies and legal requirements is only one example of how incompetence can become a form of privacy washing, there are infinitely more ways this can happen. + +As soon as data is collected by an organization (or by the third-party software it uses), there is almost certainly legal obligations to protect this data, to restrict its collection and retention, and to inform data subjects. + +Organizations that do not take this responsibility seriously, or blissfully decide to remain unaware of it, while presenting an empty privacy policy, are effectively doing privacy washing. + +Implementing protections and limiting collection cannot be an afterthought. Once data is leaked, there is often nothing that can be done to truly delete it from the wild. The damage caused by leaked data can be tragic and permanent. + +Organizations must take this responsibility much more seriously. + +### Malevolence and fraud + +> *They lie, and they want your data* + +Greed and ignorance are common causes of privacy washing, but they can quickly escalate to fraud and ambush. + +It's worth noting that a large amount of negligence or incompetence can be indistinguishable from malice, but there are organizations that deliberately lie to users to exploit them, or to trick them into unwillingly revealing sensitive information. + +#### Anom, the secret FBI operation + +Perhaps one of the most infamous example of this is the Anom honeypot. Anom was an encrypted phone company promising privacy and security, but that was in fact part of an undercover operation staged by the American Federal Bureau of Investigation (FBI), [Operation Trojan Shield](https://en.wikipedia.org/wiki/Operation_Trojan_Shield). + +Investigative journalist Joseph Cox [reported](https://www.vice.com/en/article/inside-anom-video-operation-trojan-shield-ironside/) in 2021 that Anom advertised their products to criminal groups, then secretly sent a copy of every message on the device to the FBI. It was so secret, even Anom developers didn't know about the operation. They were told their customers were corporations. + +A screenshot [shared](https://www.vice.com/en/article/operation-trojan-shield-anom-fbi-secret-phone-network/) by Motherboard shows an Anom slogan: "Anom, Enforce your right to privacy". It's hard to tell how many non-criminal persons (if any) might have accidentally been caught in this FBI net. Although this specific operation seems to have been narrowly targeting criminals, who knows if a similar operation could not be casting a wider net, inadvertently catching many innocent privacy-conscious users in its path. + +#### Navigating VPN providers can be a minefield + +Using a [trustworthy](https://www.privacyguides.org/en/vpn/) Virtual Private Network (VPN) service is a good strategy to improve your privacy online. That being said, evaluating trustworthiness is critical here. Using a VPN is only a transfer of trust, from your Internet Service Provider (ISP) to your VPN provider. Your VPN provider will still know your true IP address and location, and *could* technically see all your online activity while using the service, if they decided to look. + +[Different VPN services are not equal](https://www.privacyguides.org/videos/2024/12/12/do-you-need-a-vpn/), unfortunately, snake oil products and traps are everywhere in this market. As with anything, do not assume that whoever screams the loudest is the most trustworthy. Loudness here only means more investment in advertising. + +For example, take the interesting case of [Kape Technologies](https://en.wikipedia.org/wiki/Kape_Technologies), a billionaire-run company formerly known as Crossrider. This corporation has now acquired four different VPN services: ExpressVPN, CyberGhost, Private Internet Access, and Zenmate. This isn't that suspicious in itself, but Kape Technologies has also [acquired](https://cyberinsider.com/kape-technologies-owns-expressvpn-cyberghost-pia-zenmate-vpn-review-sites/) a number of VPN *review* websites, suspiciously always ranking its own VPN services at the top. This is a blatant conflict of interest, to say the least. + +Sadly, on the VPN market — [estimated](https://www.grandviewresearch.com/industry-analysis/virtual-private-network-market) at $41.33 billion USD in 2022 — what is called a ["review" is often just *advertising*](the-trouble-with-vpn-and-privacy-review-sites.md). + +Moreover, many free VPN providers [break their privacy promises](https://iapp.org/news/a/privacy-violations-by-free-vpn-service-providers) regarding users' data. In 2013, Facebook [bought](https://gizmodo.com/do-not-i-repeat-do-not-download-onavo-facebook-s-vam-1822937825) the free VPN provider Onavo, and included it in a Facebook feature deceptively labeled "Protect". As is now standard behavior for Facebook, the social media juggernaut actually collected and analyzed the data from Onavo users. This allowed Facebook to monitor the online habits of its users even when they weren't using the Facebook app. This is very much the opposite of data privacy, and of any implied promises to "Protect". + +Then there's the case of Hotspot Shield VPN, accused in 2017 of [breaking](https://www.zdnet.com/article/privacy-group-accuses-hotspot-shield-of-snooping-on-web-traffic/) its privacy promises by the Center for Democracy & Technology, a digital rights nonprofit organization. While promising "anonymous browsing", Hotspot Shield allegedly deployed persistent cookies and used more than five different third-party tracking libraries. The parent company AnchorFree denied the accusations, but even *if* it wasn't the case for AnchorFree, how tempting would it be for a business with an ad-based revenue model to utilize the valuable data it collects for more of this revenue? And indeed, many free VPN services do [monetize](https://thebestvpn.com/how-free-vpns-sell-your-data/) users' data. + +Worst of all are the *fake*, free VPN services. Like stepping on a landmine, criminals are [luring users](https://www.techradar.com/pro/criminals-are-using-a-dangerous-fake-free-vpn-to-spread-malware-via-github-heres-how-to-stay-safe) looking for a free VPN service and tricking them into downloading malware on their devices. While this goes beyond privacy washing, it's still a piece of software actively harming users and deceptively gaining their trust with the false promise of better privacy. Wherever privacy washing is being normalized by greedy or lazy organizations, criminals like this flourish. + +#### Using compliance to appear legitimate + +Another fraudulent case of privacy washing is organizations using false claims related to privacy law compliance to appear more legitimate. + +Earlier this year, the digital rights organization Electronic Frontier Foundation (EFF) [called](https://www.eff.org/deeplinks/2025/01/eff-state-ags-time-investigate-crisis-pregnancy-centers) for an investigation into deceptive anti-abortion militant organizations (also called "[fake clinics](https://www.plannedparenthood.org/blog/what-are-crisis-pregnancy-centers)") in eight different US states. + +These fake clinics were claiming to be bound by the Health Insurance Portability and Accountability Act (HIPAA) in order to appear like genuine health organizations. HIPAA is an American federal privacy law that was established in 1996 to protect sensitive health information in the United States. + +Not only are many of these fake clinics **not** complying with HIPAA, but they collect extremely sensitive information without being bound by HIPAA in the first place, because they *aren't* licensed healthcare providers. Worse, some have [leaked this data](https://jessica.substack.com/p/exclusive-health-data-breach-at-americas) in all sorts of ways. + +Thanks to the EFF's work, some of those fake clinics have now [quietly removed](https://www.eff.org/deeplinks/2025/08/fake-clinics-quietly-edit-their-websites-after-being-called-out-hipaa-claims) misleading language from their websites. But sadly, this small victory doesn't make these organizations any more trustworthy, it only slightly reduces the extent of their privacy washing. + +### Deception and privacy-masquerading + +> *They talk privacy, but their words are empty* + +Perhaps the most obvious and pernicious examples of privacy washing are organizations that are clearly building products and features harming people's privacy, while using deceptive, pro-privacy language to disguise themselves as privacy-respectful organizations. There are likely more occurrences of this than there are characters in this article's text. + +Buzzwords like "military-grade encryption", "privacy-enhancing", and the reassuring classic "we never share your data with anyone" get thrown around like candies falling off a privacy-preserving-piñata. + +But **words are meaningless when they are deceitful**, and these candies quickly turn bitter once we learn the truth. + +#### Google, the advertising company + +An infamous recent example of this is Google, who [pushed](https://proton.me/blog/privacy-washing-2023) a new Chrome feature for targeted advertising in 2023 and dared to call it "Enhanced Ad Privacy" + +This [enabled by default](https://www.eff.org/deeplinks/2023/09/how-turn-googles-privacy-sandbox-ad-tracking-and-why-you-should) technology allows Google to target users with ads customized around their browsing history. It's really difficult to see where the "privacy" is supposed to be here, even when squinting very hard. + +Of course, Google, an advertising company, has long mastered the art of misleading language around data privacy to reassure its valuable natural resource, the user. + +
+

Google continued to collect personally identifiable user data from their extensive server-side tracking network.

+ +Everyone is likely familiar with Chrome's infamously deceptive "Incognito mode". In reality, becoming "Incognito" stopped at your own device where browsing history will not be kept, while Google continued to collect personally identifiable user data from their extensive server-side tracking network. Understandably, disgruntled users filed an official [class action lawsuit](https://www.theverge.com/2023/8/7/23823878/google-privacy-tracking-incognito-mode-lawsuit-summary-judgment-denied) to get reparation from this deception. In 2023, Google agreed [to settle](https://www.bbc.co.uk/news/business-67838384) this $5 billion lawsuit. + +Despite claims of "privacy" in their advertising to users, Google, like many other big tech giants, has in reality spent millions [lobbying against](https://www.politico.com/news/2021/10/22/google-kids-privacy-protections-tech-giants-516834) better privacy protections for years. + +#### World App, the biometric data collector + +Similarly, Sam Altman's World project loves to throw privacy-preserving language around to reassure prospect users and investors. But despite all its claims, data protection authorities around the world have been [investigating, fining, and even banning](sam-altman-wants-your-eyeball.md/#privacy-legislators-arent-on-board) its operations. + +The World App (developed by the World project) is an "everything app" providing users with a unique identifier called a World ID. This World ID, which grants various perks and accesses while using the World App, is earned by providing biometric data to the organization, in the form of an iris scan. + +Providing an iris scan to a for-profit corporation with little oversight will rightfully scare away many potential users. This is why the company has evidently invested heavily in branding itself as a "privacy-preserving" technology, claims that are [questionable](sam-altman-wants-your-eyeball.md/#how-privacy-preserving-is-it) to say the least. + +Despite catchy declarations such as "privacy by default and by design approach", the World project has accumulated an impressive history of privacy violations, and multiplies contradicting and misleading statements in its own documentation. + +There are some stains that even a powerful, billionaire-backed, privacy wash just cannot clean off. + +#### Flo, sharing your period data with Facebook + +In 2019, the Wall Street Journal [reported](https://therecord.media/meta-flo-trial-period-tracking-data-sharing) that the period tracking application Flo had been sharing sensitive health data with Facebook (Meta), despite its promises of privacy. + +The app, developed by Flo Health, repeatedly reassured users that the very sensitive information they shared with the app would remain private and would not be shared with any third parties without explicit consent. + +Despite this pledge, the Flo app did share sensitive personal data with third parties, via the software development kits incorporated into the app. + +This extreme negligence (or malevolence) have likely harmed some users in unbelievable ways. Considering the state of abortion rights in the United States at the moment, it's not an exaggeration to say this data leak could [severely endanger](privacy-means-safety.md/#healthcare-seekers) Flo App's users, including with risk of imprisonment. + +In response, users have filed several [class action lawsuits](https://www.hipaajournal.com/jury-trial-meta-flo-health-consumer-privacy/) against Flo Health, Facebook, Google, AppsFlyer, and Flurry. + +Trivializing health data privacy while promising confidentiality to gain users' trust should never be banalized. This is a very serious infringement of users' rights. + +## Remain skeptical, revoke your trust when needed + +Regardless of the promises to safeguard our personal data, it's sad to say, we can never let our guard down. + +Privacy washing isn't a trend that is about to fade away, it's quite likely that it will even worsen in the years to come. We must prepare accordingly. + +The only way to improve our safety (and our privacy) is to remain vigilant at all time, and grant our trust only sparsely. We also need to stay prepared to revoke this trust at any time, when we learn new information that justifies it. + +Always remain skeptical when you encounter privacy policies that seem suspiciously too generic; official-looking badges on websites advertising unsupported claims of "GDPR compliance", reviews that are lacking supporting evidence and doubtfully independent; and over usage of buzzwords like "military-grade encryption", "privacy-enhancing", "fully encrypted", and (more recently) "AI-powered". + +It's not easy to navigate the perilous waters of supposedly privacy-respectful software. And it's even worse in an age where AI-spawned websites and articles can create the illusion of trustworthiness with only a few clicks and prompts. + +Learning [how to spot the red flags, and the green(ish) flags](red-and-green-privacy-flags.md), to protect ourselves from the deceptive manipulation of privacy washing is an important skill to develop to make better informed choices. diff --git a/blog/posts/queer-dating-apps-beware-who-you-trust.md b/blog/posts/queer-dating-apps-beware-who-you-trust.md index b0ab7d13..3556187d 100644 --- a/blog/posts/queer-dating-apps-beware-who-you-trust.md +++ b/blog/posts/queer-dating-apps-beware-who-you-trust.md @@ -271,7 +271,7 @@ At the time of this article's publication, Lex's current [privacy policy](https: It goes without saying that you shouldn't email a copy of your passport to anyone, and you should never have to provide *more* information than the app already has on you to get your data deleted. This is especially true if all the data mentioned above gets shared with a third-party advertising company like Google, through the use of Google Forms. -Privacy Guides has reached out to Lex for clarification on its data deletion practices, but has not received any response at the time of this publication. +Privacy Guides has reached out to Lex for clarification on its data deletion practices, but has not received any response at the time of this publication. This article will be updated with new information once we receive an answer. Before creating an account with a dating app (or any other app for that matter), it's important to find information on what will be the process to delete your data and account once you are done with the app. diff --git a/blog/posts/red-and-green-privacy-flags.md b/blog/posts/red-and-green-privacy-flags.md new file mode 100644 index 00000000..8fb091e2 --- /dev/null +++ b/blog/posts/red-and-green-privacy-flags.md @@ -0,0 +1,448 @@ +--- +date: + created: 2025-09-03T19:30:00Z +categories: + - Tutorials +authors: + - em +description: + Being able to distinguish facts from marketing lies is an essential skill in today's world. Despite all the privacy washing, there are clues we can look for to help. +schema_type: AnalysisNewsArticle +preview: + cover: blog/assets/images/red-and-green-privacy-flags/dontcare-cover.webp +--- + +# “We [Don't] Care About Your Privacy” + +![Filtered photo of a metal container left on the street, with on it the painted sentence "We've updated our privacy policy." with three faded happy face icons around it. On and around the container are icons of hidden red flags.](../assets/images/red-and-green-privacy-flags/dontcare-cover.webp) + + + +They all claim "Your privacy is important to us." How can we know if that's true? With privacy washing being normalized by big tech and startups alike, it becomes increasingly difficult to evaluate who we can trust with our personal data. Fortunately, there are red (and green) flags we can look for to help us. + +If you haven't heard this term before, [privacy washing](privacy-washing-is-a-dirty-business.md) is the practice of misleadingly, or fraudulently, presenting a product, service, or organization as being trustworthy for data privacy, when in fact it isn't. + +Privacy washing isn't a new trend, but it has become more prominent in recent years, as a strategy to gain trust from progressively more suspicious prospect customers. Unless politicians and regulators start getting much more serious and severe about protecting our privacy rights, this trend is likely to only get worse. + +In this article, we will examine common indicators of privacy washing, and the "red" and "green" flags we should look for to make better-informed decisions and avoid deception. + +## Spotting the red flags + +
+

Marketing claims can be separated from facts by an abysmally large pit of lies

+ +It's important to keep in mind that it's not the most visible product that's necessarily the best. More visibility only means more marketing. Marketing claims can be separated from facts by an abysmally large pit of lies. + +Being able to distinguish between facts and marketing lies is an important skill to develop, doubly so on the internet. After all, it's difficult to find a single surface of the internet that isn't covered with ads, whether in plain sight or lurking in the shadows, disguised as innocent comments and enthusiastic reviews. + +So what can we do about it? + +There are some signs that should be considered when evaluating a product to determine its trustworthiness. It's unfair this burden falls on us, but sadly, until we get better regulations and institutions to protect us, we will have to protect ourselves. + +It's also important to remember that evaluating trustworthiness isn't binary, and isn't permanent. There is always at least some risk, no matter how low, and trust should always be revoked when new information justifies it. + +
+

Examine flags collectively, and in context

+ +It's important to note that each red flag isn't necessarily a sign of untrustworthiness on its own (and the same is true for green flags, in reverse). But the more red flags you spot, the more suspicious you should get. + +Taken into account *together*, these warning signs can help us estimate when it's probably reasonably safe to trust (low risk), when we should revoke our trust, or when we should refrain from trusting a product or organization entirely (high risk). + +
+ +### :triangular_flag_on_post: Conflict of interest + +Conflict of interest is one of the biggest red flag to look for. It comes in many shapes: Sponsorships, affiliate links, parent companies, donations, employments, personal relationships, and so on and so forth. + +#### Content sponsorships and affiliate links + +Online influencers and educators regularly receive offers to "monetize their audience with ease" if they accept to overtly or subtly advertise products within their content. If this isn't explicitly presented as advertising, then there is obviously a strong conflict of interest. The same is true for affiliate links, where creators receive a sum of money each time a visitor clicks on a link or purchase a product from this link. + +It's understandable that content creators are seeking sources of revenue to continue doing their work. This isn't an easy job. But a trustworthy content creator should always **disclose** any potential conflicts of interest related to their content, and present paid advertising explicitly as paid advertising. + +
+

What to do?

+ +Before trusting content online, try to examine what the sources of revenue are for this content. Look for affiliate links and sponsorships, and try to evaluate if what you find might have influenced the impartiality of the content. + +
+ +#### Parent companies + +This one is harder to examine, but is extremely important. In today's corporate landscape, it's not rare to find conglomerates of corporations with a trail of ownership so long it's sometimes impossible to find the head. Nevertheless, investigating which company owns which is fundamental to detect conflicts of interest. + +For example, the corporation [Kape Technologies](https://en.wikipedia.org/wiki/Teddy_Sagi#Kape_Technologies) is the owner of both VPN providers (ExpressVPN, CyberGhost, Private Internet Access, and Zenmate) and websites publishing [*VPN reviews*](https://cyberinsider.com/kape-technologies-owns-expressvpn-cyberghost-pia-zenmate-vpn-review-sites/). Suspiciously, their own VPN providers always get ranked at the top on their own review websites. Even if there were no explicit directive for the websites to do this, which review publisher would dare to rank negatively a product owned by its parent company, the one keeping them alive? This is a direct and obvious conflict of interest. + +
+

What to do?

+ +Look at the *Terms of Service* and *Privacy Policy* (or *Privacy Notice*) for declarations related to a parent company. This is often stated there. You can also examine an organization's *About* page, Wikipedia page, or even the official government corporate registries to find out if anyone else owns an organization. + +
+ +#### Donations, event sponsorships, and other revenues + +When money is involved, there is always a potential for conflict of interest. If an organization receives a substantial donation, grant, or loan from another, it will be difficult to remain impartial about it. Few would dare to talk negatively about a large donor. + +This isn't necessarily a red flag in every situation of course. For example, a receiving organization could be in a position where the donor's values are aligned, or where impartiality isn't required. Nevertheless, it's something important to consider. + +In 2016, developer and activist Aral Balkan [wrote](https://ar.al/notes/why-im-not-speaking-at-cpdp/) about how he refused an invitation to speak at a panel on Surveillance Capitalism at the [Computers, Privacy, & Data Protection Conference](http://www.cpdpconferences.org) (CPDP). The conference had accepted sponsorship from an organization completely antithetical to its stated values: [Palantir](https://www.independent.co.uk/news/world/americas/us-politics/trump-doge-palantir-data-immigration-b2761096.html). + +Balkan wrote: "The sponsorship of privacy and human rights conferences by corporations that erode our privacy and human rights is a clear conflict of interests that we must challenge." + +
+

How could one claim to defend privacy rights while receiving money from organizations thriving on destroying them?

+ +This is a great example of how sponsors can severely compromise not only the impartiality of an organization, but also its credibility and its values. How could the talks being put forward at such a conference be selected without bias? How could one claim to defend privacy rights while receiving money from organizations thriving on destroying them? + +It's worth nothing that this year's CPDP 2025 sponsors [included](https://www.cpdpconferences.org/sponsors-partners) Google, Microsoft, TikTok, and Uber. + +
+

What to do?

+ +Examine who sponsors events and who donates to organizations. Try to evaluate if an organization or event received money from sources that could be in contradiction with its values. Does this compromise its credibility? If a sponsor or donor has conflicting values, what benefit would there be for the sponsor supporting this event or organization? + +
+ +#### Employment and relationships + +Finally, another important type of conflicts of interest to keep in mind are the relationships between the individuals producing the content and the companies or products they are reporting on. + +For example, if a content creator is working or previously worked for an organization, and the content requires impartiality, this is a potential conflict of interest that should be openly disclosed. + +The same can be true if this person is in a professional or personal relationship with people involved with the product. This can be difficult to detect of course, and is not categorically a sign of bias, but it's worth paying attention to it in our evaluations. + +
+

What to do?

+ +Look for disclaimers related to conflict of interest. Research the history of an organization to gain a better understanding of the people involved. Wikipedia can be a valuable resource for this. + +
+ +### :triangular_flag_on_post: Checkbox compliance and copy-paste policies + +Regrettably, many organizations have no intention whatsoever to genuinely implement privacy-respectful practices, and are simply trying to get rid of these "pesky privacy regulation requirements" as cheaply and quickly as possible. + +They treat privacy law compliance like an annoying list of annoying tasks. They think they can complete this list doing the bare *cosmetic* minimum, so that it will all *look* like it's compliant (of course, it is not). + +A good clue this mindset might be ongoing in an organization is when it uses a very generic privacy policy and terms of service, policies that are often simply copy-pasted from another website or AI-generated (which is kind of the same thing). + +Not only this is *extremely unlikely* to truly fulfill the requirements for privacy compliance, but it also almost certainly infringes on *copyright* laws. + +
+

What to do?

+ +If you find few details in a privacy policy that are specific to the organization, try copying one of its paragraph or long sentence in a search engine (using quotation marks around it to find the exact same entry). This will help detect where other websites are using the same policy. + +Some might be using legitimate templates of course, but even legal usable policy templates need to be customized heavily to be compliant. Sadly, many simply copy-paste material from other organizations without permission, or use generative AI tools doing the same. + +If the whole policy is copied without customization, it's very unlikely to describe anything true. + +
+ +### :triangular_flag_on_post: Meaningless privacy compliance badges + +Many businesses and startups have started to proudly display privacy law "[compliance badges](https://www.shutterstock.com/search/compliance-badge)" on their websites, to reassure potential clients and customers. + +While it can indeed be reassuring at first glance to see "GDPR Compliant!", "CCPA Privacy Approved", and other deceitful designs, there is no central authority verifying this systematically. At this time, anyone could decide to claim they are "GDPR Compliant" and ornate their website with a pretty badge. + +Moreover, if this claim isn't true, this is fraudulent of course and likely to break many laws. But some businesses bet on the assumption that no one will verify or report it, or that data protection authorities simply have better things to do. + +While most privacy regulations adopt principles similar to the European General Data Protection Regulation (GDPR) [principle of accountability](https://commission.europa.eu/law/law-topic/data-protection/rules-business-and-organisations/obligations/how-can-i-demonstrate-my-organisation-compliant-gdpr_en) (where organizations are responsible for compliance and for demonstrating compliance), organizations' assertions are rarely challenged or audited. Because most of the time there isn't anyone verifying compliance unless there's an individual complaint, organizations have grown increasingly fearless with false claims of compliance. + +
+

What to do?

+ +Never trust a claim of privacy compliance at face value, especially if it comes in the shape of a pretty website badge. + +Examine organizations' privacy policies, contact them and ask questions, look for independent reviews, investigate to see if an organization has been reported before. Never trust a first-party source to tell you how great and compliant the first-party is. + +
+ +### :triangular_flag_on_post: Fake reviews + +Fake reviews are a growing problem on the internet. And this was only aggravated by the arrival of generative AI. There are so many review websites that are simply advertising in disguise. Some fake reviews are [generated by AI](https://apnews.com/article/fake-online-reviews-generative-ai-40f5000346b1894a778434ba295a0496), some are paid for or [influenced by sponsorships and affiliate links](the-trouble-with-vpn-and-privacy-review-sites.md), some are in [conflict of interest](https://cyberinsider.com/kape-technologies-owns-expressvpn-cyberghost-pia-zenmate-vpn-review-sites/) from parent companies, and many are biased in other ways. Trusting an online review today feels like trying to find the single strand of true grass through an enormous plastic haystack. + +Genuine reviews are (were?) usually a good way to get a second opinion while shopping online and offline. Fake reviews pollute this verification mechanism by duping us in believing something comes from an independent third-party, when it doesn't. + +
+

What to do?

+ +Train yourself to spot fake reviews. There are [many signs](https://www.bbb.org/all/spot-a-scam/how-to-spot-a-fake-review) that can help with this, such as language that suspiciously uses the complete and correct product and feature brand each time, reviewers who published an unnatural quantity of reviews in a short period of time, excessively positive review, negative reviews talking about how great this *other* brand is, etc. Make sure to look for potential conflicts of interest as well. + +
+ +### :triangular_flag_on_post: Fake AI-generated content + +Sadly, the internet has been infected by a new plague in recent years: AI-generated content. This was mentioned before, but truly deserves its own red flag. + +Besides AI-generated reviews, it's important to know there are also now multiple articles, social media posts, and even entire websites that are completely AI-generated, and doubly fake. This affliction makes it even harder for readers to find genuine sources of reliable information online. [Learning to recognize this fake content](https://www.cnn.com/interactive/2023/07/business/detect-ai-text-human-writing/) is now an internet survival skill. + +
+

What to do?

+ +If you find a blog that publishes 5 articles per day from the same author every day, be suspicious. Look for publication dates, and if they are inhumanly close to each other, this can be a sign of AI-generated content. + +When reading an article, AI-generated text will often use very generic sentences, you will rarely find the colorful writing style that is unique to an author. AI-writing is generally bland with no personality shinning through. You might also notice the writing feels circular. It will seems like it's not really saying anything specific, except for that one thing, that is repeated over and over. + +
+ +### :triangular_flag_on_post: Excessive self-references + +When writing an article, review, or a product description, writers often use text links to add sources of information to support their statements, or to provide additional resources to readers. + +When **all** the text links in an article point to the same source, you should grow suspicious. If all the seemingly external links only direct to material created from the original source, this can give the impression of supporting independent evidences, when in fact there aren't any. + +Of course, organizations will sometimes refer back to their own material to share more of what they did with you (we certainly do!), but if an article or review *only* uses self-references, and these references also only use self-references, this could be a red flag. + +
+

What to do?

+ +Even if you do not click on links, at least hover over them to see where they lead. Usually, trustworthy sources will have at least a few links pointing to *external* third-party websites. A diversity of supporting resources is important when conducting impartial research, and should be demonstrated there whenever relevant. + +
+ +### :triangular_flag_on_post: Deceptive designs + +Deceptive design can be difficult to spot. Sometimes it's obvious, like a cookie banner with a ridiculously small "reject all" button, or an opt-out option hidden under twenty layers of menu. + +Most of the time however, deceptive design is well-planned to psychologically manipulate us to pick the option most favorable to the company, at the expense of our privacy. The Office of the Privacy Commissioner of Canada has produced this informative [web page](https://www.priv.gc.ca/en/privacy-topics/technology/online-privacy-tracking-cookies/online-privacy/deceptive-design/gd_dd-ind/) to help us recognize better deceptive design. + +
+

What to do?

+ +Favor tools and services that are built for privacy from the ground up, and always default to privacy first. Train yourself to spot deceptive patterns and be persistent to choose the most privacy-protective option. + +Don't be afraid to [say no](you-can-say-no.md), to reject options and products, and to also report them when deceptive design becomes fraudulent or infringes privacy laws. + +
+ +### :triangular_flag_on_post: Buzzword language + +Be suspicious of buzzword language, especially when it becomes excessive or lacks any supportive evidences. **Remember that buzzwords aren't a promise, but only marketing to get your attention.** These words don't mean anything on their own. + +Expressions like "military-grade encryption" are usually designed to inspire trust, but there is [no such thing](https://www.howtogeek.com/445096/what-does-military-grade-encryption-mean/) that grants better privacy. Most military organizations likely use industry-standard encryption from solid and tested cryptographic algorithms, like any trustworthy organizations and privacy-preserving tools do. + +Newer promises like "AI-powered" are completely empty, if not *scary*. Thankfully, many "AI-powered" apps aren't really AI-powered, and this is a good thing because "AI" is more often [a danger to your privacy](https://www.sciencenewstoday.org/the-dark-side-of-ai-bias-surveillance-and-control), and not an enhancement at all. + +
+

What to do?

+ +Remain skeptical of expressions like "privacy-enhancing", "privacy-first approach", "fully-encrypted", or "fully compliant" when these claims aren't supported with evidences. Fully encrypted means nothing if the encryption algorithm is weak, or if the company has access to your encryption keys. + +When you see claims of "military-grade encryption", ask which cryptographic algorithms are used, and how encryption is implemented. Look for evidences and detailed information on technological claims. Never accept vague promises as facts. + +
+ +### :triangular_flag_on_post: Unverifiable and unrealistic promises + +Along the same lines, many businesses will be happy to promise you the moon. But then, they become reluctant to explain how they will get you the moon, how they will manage to give the moon to multiple customers at once, and what will happen to the planet once they've transported the moon away from its orbit to bring it back to you on Earth... Maybe getting the moon isn't such a good promise after all. + +
+

companies promising you software that is 100% secure and 100% private are either lying or misinformed themselves

+ +Similarly, companies promising you software that is 100% secure and 100% private are either lying or misinformed themselves. + +No software product is 100% secure and/or 100% private. Promises like this are unrealistic, and (fortunately for those companies) often also *unverifiable*. But an unverifiable claim shouldn't default to a trustworthy claim, quite the opposite. Trust must be earned. If a product cannot demonstrate how their claims are true, then we must remain skeptical. + +
+

What to do?

+ +Same as for buzzwords and compliance claims, never trust at face value. If there are no ways for you to verify a claim, remain skeptical and aware this promise could be empty. + +Be especially suspicious with organizations repeating exaggerated guarantees such as 100% secure. Organizations that are knowledgeable about security and privacy will usually restrain from such binary statement, and tend to talk about risk reduction with nuanced terms like "more secure", or "more private". + +
+ +### :triangular_flag_on_post: Flawed or absent process for data deletion + +Examining an organization's processes for data deletion can reveal a lot on their privacy practices and expertise. Organizations that are knowledgeable about privacy rights will usually be prepared to respond to data deletion requests, and will already have a process in place, a process that [doesn't require providing more information](queer-dating-apps-beware-who-you-trust.md/#they-can-make-deleting-data-difficult) than they already have. + +Be especially worried if: + +- [ ] You don't find any mentions of data deletion in their privacy policy. + +- [ ] From your account's settings or app, you cannot find any option to delete your account and data. + +- [ ] The account and data deletion process uses vague terms that make it unclear if your data will be truly deleted. + +- [ ] You cannot find an email address to contact a privacy officer in their privacy policy. + +- [ ] The email listed in their privacy policy isn't an address dedicated to privacy. + +- [ ] You emailed the address listed but didn't get any reply after two weeks. + +- [ ] Their deletion process requires to fill a form demanding more information than they already have on you, or uses a privacy-invasive third-party like Google Forms. + +- [ ] They argue with you when you ask for legitimate deletion. + +
+

What to do?

+ +If this isn't already explicitly explained in their policies (or if you do not trust their description), find the privacy contact for an organization and email them *before* using their products or services, to ask about their data deletion practices. + +Ask in advance which information will be required from you in order to delete your data. Also ask if they keep any data afterward, and (if they do) what data they keep. Once data is shared, this could be much harder to deal with. It's best to verify data deletion processes *before* trusting an organization with our data. + +
+ +### :triangular_flag_on_post: False reassurances + +The goal of privacy washing is to reassure worried clients, consumers, users, patients, and investors into using the organization's products or services. But making us *feel* more secure doesn't always mean that we are. + +#### Privacy theaters + +You might have heard the term "security theater" already, but there's also "[privacy theater](https://slate.com/technology/2021/12/facebook-twitter-big-tech-privacy-sham.html)". Many large tech organizations have mastered this art for decades now. In response to criticisms about their dubious privacy practices, companies like Facebook and Google love to add seemingly "privacy-preserving" options to their software's settings, to give people the impression it's possible to use their products while preserving their privacy. But alas, it is not. + +Unfortunately, no matter how much you "harden" your Facebook or Google account for privacy, these corporations will keep tracking everything you do on and off their platforms. Yes, enabling these options *might* very slightly reduce exposure for *some* of your data (and you should enable them if you cannot leave these platforms). However, Facebook and Google will still collect enough data on you to make them billions in profits each year, otherwise they wouldn't implement these options at all. + +#### Misleading protections + +The same can be said for applications that have built a reputation on a supposedly privacy-first approach like [Telegram](https://cybersecuritycue.com/telegram-data-sharing-after-ceo-arrest/) and [WhatsApp](https://insidetelecom.com/whatsapp-security-risk-alert-over-privacy-concerns/). In fact, the protections these apps offer are only partial, often poorly explained to users, and the apps still collect a large amount of data and/or metadata. + +#### When deletion doesn't mean deletion + +In other cases, false reassurance comes in the form of supposedly deleted data that isn't truly deleted. In 2019, Global News [reported](https://globalnews.ca/news/5463630/amazon-alexa-keeps-data-deleted-privacy/) on Amazon's Alexa virtual assistant speaker that didn't always delete voice-recorded data as promised. Google was also found [guilty](https://www.cnet.com/tech/services-and-software/google-oops-did-not-delete-street-view-data-as-promised/) of this, even after receiving an order from UK's Information Commissioner's Office. + +This can also happen with cloud storage services that display an option to "delete" a file, when in fact the file is [simply hidden](https://www.consumersearch.com/technology/cloud-storage-privacy-concerns-learn-permanently-delete-data) from the interface, while remaining available in a bin directory or from version control. + +How many unaware organizations might have inadvertently (or maliciously) kept deleted data by misusing their storage service and version control system? Of course, if a copy of the data is kept in backups or versioning system, then it's **not** fully deleted, and doesn't legally fulfill a data deletion requirement. + +
+

What to do?

+ +Do not simply trust a "privacy" or "opt-out" option. Look at the overall practices of an organization to establish trust. Privacy features have no value at all if we cannot trust the organization that implemented them. + +Investigate to find an organization's history of data breaches and how they responded to it. Was this organization repeatedly fined by data protection authorities? Do not hesitate to ask questions to an organization's privacy officer about their practices. And look for independent reviews of the organization. + +
+ +### :triangular_flag_on_post: New and untested technologies + +Many software startups brag about how revolutionary their NewTechnology™ is. Some even dare to brag about a "unique" and "game-changing" novel encryption algorithm. You should not feel excited by this, you should feel *terrified*. + +For example, any startups serious about security and privacy will know that **you should never be ["rolling your own crypto"](https://www.infosecinstitute.com/resources/cryptography/the-dangers-of-rolling-your-own-encryption/)**. + +Cryptography is a complex discipline, and developing a robust encryption algorithm takes a lot of time and transparent testing to achieve. Usually, it is achieved with the help of an entire community of experts. Some beginners might think they had the idea of the century, but until their algorithm has been rigorously tested by hundreds of experts, this is an unfounded claim. + +The reason most software use the same few cryptographic algorithms for encryption, and usually follow strict protocols to implement them, is because this isn't an easy task to do, and the slightest mistake could render this encryption completely useless. The same can be true for other types of technology as well. + +Novel technologies might sound more exciting, but *proven* and *tested* technologies are usually much more reliable when it comes to privacy, and especially when it comes to encryption. + +
+

What to do?

+ +If a company brags about its new technology, investigate what information they have made available about it. Look for a document called a *White Paper*, which should describe in technical details how the technology works. + +If the code is open source, look at the project's page and see how many people have worked on it, who is involved, since how long, etc. + +More importantly, look for independent audits from trustworthy experts. Read the reports and verify if the organization's claims are supported by professionals in the field. + +
+ +### :triangular_flag_on_post: Critics from experts + +
+

if you find multiple reports of privacy experts raising the alarm about it, consider this a dark-red red flag

+ +No matter how much an organization or product claims to be "privacy-first", if you find multiple reports of privacy experts raising the alarm about it, consider this a dark-red red flag. + +If a company has been [criticized by privacy commissioners](sam-altman-wants-your-eyeball.md/#privacy-legislators-arent-on-board), data protection authorities, privacy professionals, and consumer associations, especially if this has happened repeatedly, you should be *very* suspicious. + +Sometimes, criticized corporations will use misleading language like "we are currently working with the commissioner", this *isn't* a good sign. + +The marketing department will try to spin any authority audits into something that sounds favorable to the corporation, but this is only privacy washing. They would not be "working with" the privacy commissioner if they hadn't been forced to in the first place. And **they wouldn't have been forced to if they truly had privacy-respectful practices**. + +
+

What to do?

+ +Use a search engine to look for related news using keywords such as the company's name with "data breach", "fined", or "privacy". + +Check the product's or corporation's Wikipedia page, sometimes there will be references to previous incidents and controversies listed there. Follow trustworthy sources of privacy and security news to stay informed about reported data leaks and experts raising the alarm. + +
+ +## Looking for the green(ish) flags + +Now that we have discussed some red flags to help us know when we should be careful, let's examine the signs that *can* be indicator of trustworthiness. + +Like for red flags, green flags should always be taken into context and considered together. One, or even a few green flags (or greenish flags) aren't on their own a guarantee that an organization is trustworthy. Always remain vigilant, and be ready to revoke your trust at any time if new information warrants it. + +### :custom-green-flag: Independent reviews + +Independent reviews from trustworthy sources can be a valuable resource to help to determine if a product is reliable. This is never a guarantee of course, humans (even experts) can also make mistakes (less than AI, but still) and aren't immune to lies. + +However, an impartial review conducted by an expert in the field has the benefit of someone who has likely put many hours investigating this topic, something you might understandably not always have the time to do yourself. But be careful to first evaluate if this is a genuine unbiased assessment, or simply marketing content disguised as one. + +### :custom-green-flag: Independent audits + +Similarly, independent audits from credible organizations are very useful to assess a product's claims. Make sure the company conducting the audit is reputable, impartial, and that you can find a copy of the audit's report they produced, ideally from a source that *isn't* the audited company's website (for example, the auditing organization might [provide](https://cure53.de/#publications) access to it transparently). + +### :custom-green-flag: Transparency + +Transparency helps a lot to earn trust, and source code that is publicly available helps a lot with transparency. If a piece of software publishes its code for anyone to see, this is already a significant level of transparency above any proprietary code. + +Open source code is never a guarantee of security and privacy, but it makes it much easier to verify any organization assertions. This is almost impossible to do when code is proprietary. Because no one outside the organization can examine the code, they must be trusted on their own words entirely. Favor products with code that is transparently available whenever possible. + +### :custom-green-flag: Verifiable claims + +If you can easily verify an organization's claims, this is a good sign. For example, if privacy practices are explicitly detailed in policies (and match the observed behaviors), if source code is open and easy to inspect, if independent audits have confirmed the organization's claims, and if the organization is consistent with its privacy practices (in private as much as in public), this all helps to establish trust. + +### :custom-green-flag: Well-defined policies + +Trustworthy organizations should always have well-defined, unique, and easy to read privacy policies and terms of service. The conditions within it should also be fair. **You shouldn't have to sell your soul to 1442 marketing partners just to use a service or visit a website.** + +Read an organization's privacy policy (or privacy notice), and make sure it includes: + +- [x] Language unique to this organization (no copy-paste policy). + +- [x] Disclosure of any parent companies owning this organization (if any). + +- [x] A dedicated email address to contact for privacy-related questions and requests. + +- [x] Detailed information on what data is collected for each activity. For example, the data collected when you use an app or are employed by an organization shouldn't be bundled together indistinctly with the data collected when you simply visit the website. + +- [x] Clear limits on data retention periods (when the data will be automatically deleted). + +- [x] Clear description of the process to follow in order to delete, access, or correct your personal data. + +- [x] A list of third-party vendors used by the organization to process your information. + +- [x] Evidences of accountability. The organization should demonstrate accountability for the data it collects, and shouldn't just transfer this responsibility to the processors it uses. + +### :custom-green-flag: Availability + +Verify availability. Who will you contact if a problem arises with your account, software, or data? Will you be ignored by an AI chatbot just repeating what you've already read on the company's website? Will you be able to reach out to a competent human? + +If you contact an organization at the listed privacy-dedicated email address to ask a question, and receive a thoughtful non-AI-generated reply within a couple of weeks, this can be a good sign. If you can easily find a privacy officer email address, a company's phone number, and the location where the organization is based, this also can be encouraging signs. + +### :custom-green-flag: Clear funding model + +If a *free* service is provided by a *for-profit* corporation, you should investigate further. The old adage that if you do not pay for a product you are the product is sadly often true in tech, and doubly so for big tech. + +Before using a new service, try to find what the funding model is. Maybe it's a free service run by volunteers? Maybe they have a paid tier for businesses, but remain free for individual users? Maybe they survive and thrive on donations? Or maybe everyone does pay for it (with money, not data). + +Look for what the funding model is. If it's free, and you can't really find any details on how it's financed, this could be a red flag that your data might be used for monetization. But if the funding model is transparent, fair, and ethical, this *can* be a green flag. + +### :custom-green-flag: Reputation history + +Some errors are forgivable, but others are too big to let go. Look for an organization's track record to help to evaluate its reputation overtime. Check if there was any security or privacy incidents, or expert criticisms, and check how the organization responded to it. + +If you find an organization that has always stuck to its values (integrity), is still run by the same core people in recent years (stability), seems to have a generally good reputation with others (reputability), and had few (or no) incidents in the past (reliability), this *can* be a green flag. + +### :custom-green-flag: Expert advice + +Seek expert advice before using a new product or service. Look online for reliable and independent sources of [recommendations](https://www.privacyguides.org/en/tools/) (like Privacy Guides!), and read thoroughly to determine if the description fits your privacy needs. No tool is perfect to protect your privacy, but experts will warn you about a tool's limitations and downsides. + +There's also added value in community consensus. If a piece of software is repeatedly recommended by multiple experts (not websites or influencers, *experts*), then this *can* be a green flag that this tool or service is generally trusted by the community (at this point in time). + +## Take a stand for better privacy + +Trying to evaluate who is worthy of our trust and who isn't is an increasingly difficult task. While this burden shouldn't fall on us, there are unfortunately too few institutional protections we can rely on at the moment. + +Until our governments finally prioritize the protection of human rights and privacy rights over corporate interests, we will have to protect ourselves. But this isn't limited to self-protection, our individual choices also matter collectively. + +Each time we dig in to thoroughly investigate a malicious organization and expose its privacy washing, we contribute in improving safety for everyone around us. + +Each time we report a business infringing privacy laws, talk publicly about our bad experience to get our data deleted, and more importantly refuse to participate in services and products that aren't worthy of our trust, this all helps to improve data privacy for everyone overtime. + +Being vigilant and reporting bad practices is taking a stand for better privacy. We must all take a stand for better privacy, and expose privacy washing each time we spot it. diff --git a/blog/posts/relisting-startpage.md b/blog/posts/relisting-startpage.md index 2f7da60f..fac44b53 100644 --- a/blog/posts/relisting-startpage.md +++ b/blog/posts/relisting-startpage.md @@ -11,6 +11,8 @@ tags: - Search Engines description: Startpage has been relisted in our search engine recommendations following their open communications with the Privacy Guides community. schema_type: NewsArticle +preview: + cover: blog/assets/images/relisting-startpage/cover.webp --- # Relisting Startpage.com diff --git a/blog/posts/sam-altman-wants-your-eyeball.md b/blog/posts/sam-altman-wants-your-eyeball.md index 237ab720..c2e61915 100644 --- a/blog/posts/sam-altman-wants-your-eyeball.md +++ b/blog/posts/sam-altman-wants-your-eyeball.md @@ -9,10 +9,7 @@ authors: description: Last week, OpenAI's CEO Sam Altman announced in San Francisco that the World project he co-founded, formerly known as Worldcoin, is opening six stores across the United States, allowing users of the project's app to scan their eyeballs. schema_type: AnalysisNewsArticle preview: - color: "#c0322f" - text_color: "#ffffff" - site_logo: privacy-guides-logo-notext-colorbg-white.svg - icon: material/eye-circle + cover: blog/assets/images/sam-altman-wants-your-eyeball/orb-cover.webp --- diff --git a/blog/posts/security-privacy-anonymity.md b/blog/posts/security-privacy-anonymity.md index 757a1c9f..68d682f2 100644 --- a/blog/posts/security-privacy-anonymity.md +++ b/blog/posts/security-privacy-anonymity.md @@ -13,6 +13,8 @@ tags: license: BY description: Privacy, security, and anonymity often complement each other, but they are not always dependent on each other, and they are definitely not the same thing. schema_type: OpinionNewsArticle +preview: + cover: blog/assets/images/security-privacy-anonymity/cover.jpeg --- # Security, Privacy, and Anonymity diff --git a/blog/posts/the-future-of-privacy.md b/blog/posts/the-future-of-privacy.md index ce4dae16..19b9a8ae 100644 --- a/blog/posts/the-future-of-privacy.md +++ b/blog/posts/the-future-of-privacy.md @@ -7,6 +7,8 @@ authors: - em description: Privacy is intrinsically intertwined with politics. Each change in governance can have serious effects on privacy rights and privacy tools, for better or for worse. Let's examine with concrete examples how politics affect legislations that can have an immense impact on the privacy tools and features we use. schema_type: NewsArticle +preview: + cover: blog/assets/images/the-future-of-privacy/cover.webp --- # The Future of Privacy: How Governments Shape Your Digital Life diff --git a/blog/posts/the-privacy-of-others.md b/blog/posts/the-privacy-of-others.md index 0e453be3..1205b7d1 100644 --- a/blog/posts/the-privacy-of-others.md +++ b/blog/posts/the-privacy-of-others.md @@ -7,6 +7,8 @@ authors: - em description: In privacy, we talk a lot about how to protect our own data, but what about our responsibility to protect the data of others? If you care about privacy rights, you must also care for the data of the people around you. Together, we must start building a culture of data privacy where everyone cares for the data of others. schema_type: NewsArticle +preview: + cover: blog/assets/images/the-privacy-of-others/cover.webp --- # Privacy is Also Protecting the Data of Others diff --git a/blog/posts/the-trouble-with-vpn-and-privacy-review-sites.md b/blog/posts/the-trouble-with-vpn-and-privacy-review-sites.md index 3de250e8..fdf8cada 100644 --- a/blog/posts/the-trouble-with-vpn-and-privacy-review-sites.md +++ b/blog/posts/the-trouble-with-vpn-and-privacy-review-sites.md @@ -14,6 +14,8 @@ tags: license: BY-SA description: There’s a massive problem in the privacy world. Many shady companies are disguising advertisements as genuine reviews, to the detriment of real news sources like Privacy Guides and to potential buyers of these services. schema_type: AnalysisNewsArticle +preview: + cover: blog/assets/images/the-trouble-with-vpn-and-privacy-review-sites/cover.webp --- # The Trouble With VPN and Privacy Review Sites diff --git a/blog/posts/threads-launch-twitter.md b/blog/posts/threads-launch-twitter.md index 29402ff1..3ec11b7d 100644 --- a/blog/posts/threads-launch-twitter.md +++ b/blog/posts/threads-launch-twitter.md @@ -14,6 +14,8 @@ tags: license: BY-SA description: The man behind Facebook has somehow managed to make the Twitter experience worse. schema_type: OpinionNewsArticle +preview: + cover: blog/assets/images/threads-launch-twitter/cover.webp --- # Threads Is the Perfect Twitter Alternative, Just Not for You diff --git a/blog/posts/toward-a-passwordless-future.md b/blog/posts/toward-a-passwordless-future.md index 16c7618e..1b7f7336 100644 --- a/blog/posts/toward-a-passwordless-future.md +++ b/blog/posts/toward-a-passwordless-future.md @@ -9,6 +9,8 @@ tags: - Passkeys - Passwords license: BY-SA +preview: + cover: blog/assets/images/toward-a-passwordless-future/cover.webp --- # Toward a Passwordless Future diff --git a/blog/posts/uk-forced-apple-to-remove-adp.md b/blog/posts/uk-forced-apple-to-remove-adp.md index b2096091..a42d53b9 100644 --- a/blog/posts/uk-forced-apple-to-remove-adp.md +++ b/blog/posts/uk-forced-apple-to-remove-adp.md @@ -7,6 +7,8 @@ authors: - em description: The UK government has served a technical capability notice to Apple under the UK Investigatory Act. Apple's response was to remove the Advanced Data Protection feature from the UK this week. What does this mean for Apple users in the UK and for encryption rights worldwide? schema_type: ReportageNewsArticle +preview: + cover: blog/assets/images/uk-forced-apple-to-remove-adp/cover.webp --- # The UK Government Forced Apple to Remove Advanced Data Protection: What Does This Mean for You? diff --git a/blog/posts/welcome-to-privacy-guides.md b/blog/posts/welcome-to-privacy-guides.md index 27734ecf..2e0fda34 100644 --- a/blog/posts/welcome-to-privacy-guides.md +++ b/blog/posts/welcome-to-privacy-guides.md @@ -19,7 +19,6 @@ schema_type: NewsArticle # Welcome to Privacy Guides ![Privacy Guides cover image](../assets/brand/images/png/cover.png) - We are excited to announce the launch of [Privacy Guides](https://www.privacyguides.org/) and [r/PrivacyGuides](https://www.reddit.com/r/PrivacyGuides/), and welcome the privacy community to participate in our crowdsourced software recommendations and share tips and tricks for keeping your data safe online. Our goal is to be a central resource for privacy and security-related tips that are usable by anybody, and to carry on the trusted legacy of PrivacyTools. diff --git a/blog/posts/why-i-run-a-tor-relay.md b/blog/posts/why-i-run-a-tor-relay.md index 5b6a42e0..485a7b0e 100644 --- a/blog/posts/why-i-run-a-tor-relay.md +++ b/blog/posts/why-i-run-a-tor-relay.md @@ -13,6 +13,8 @@ tags: license: BY-SA description: Each Tor relay is the direct result of an individual deciding to sacrifice money, time and effort for the cause of fighting for a freer Internet. schema_type: OpinionNewsArticle +preview: + cover: blog/assets/images/why-i-run-a-tor-relay/cover.png --- # Why I Decided to Run a Tor Relay diff --git a/blog/posts/yubikey-reset-and-backup.md b/blog/posts/yubikey-reset-and-backup.md index 9c9833be..d0396ab2 100644 --- a/blog/posts/yubikey-reset-and-backup.md +++ b/blog/posts/yubikey-reset-and-backup.md @@ -7,6 +7,8 @@ authors: - em description: This tutorial demonstrates how to reset a YubiKey close to factory defaults and create a backup of most YubiKey applications on a spare key. schema_type: AnalysisNewsArticle +preview: + cover: blog/assets/images/yubikey-reset-and-backup/cover.webp --- # How to Reset Your YubiKey and Create a Backup diff --git a/docs/about.md b/docs/about.md index 98fdc5fc..8024d5c1 100644 --- a/docs/about.md +++ b/docs/about.md @@ -19,7 +19,7 @@ schema: **Privacy Guides** is a socially motivated website that provides information for protecting your data security and privacy. We are a non-profit project with a mission to inform the public about the value of digital privacy, and about global government initiatives which aim to monitor your online activity. Our website is free of advertisements and not affiliated with any of the listed providers. -[:material-heart:{.pg-red} Make a Donation](https://donate.magicgrants.org/privacyguides){ .md-button .md-button--primary } +[:material-heart:{.pg-red} Become a Member](https://donate.magicgrants.org/privacyguides){ .md-button .md-button--primary data-portal="signup" } [:octicons-home-16:](https://www.privacyguides.org){ .card-link title=Homepage } [:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" } @@ -37,7 +37,7 @@ The best way to get individual help is from our community on Discourse. If you n ![Signal contact QR code](assets/img/layout/signal-contact-qr.png){ align=right } -Have a tip for us, or need to share some sensitive information? The best way to get in touch with us securely is via `@privacyguides.01` on Signal. This group account is monitored by [Jonah](https://discuss.privacyguides.net/u/jonah), [Niek](https://discuss.privacyguides.net/u/niek-de-wilde), [Em](https://discuss.privacyguides.net/u/ematprivacyguides), and [Jordan](https://discuss.privacyguides.net/u/jordan). +Have a tip for us, or need to share some sensitive information? The best way to get in touch with us securely is via `@privacyguides.01` on Signal. This group account is monitored by [Jonah](https://discuss.privacyguides.net/u/jonah), [Niek](https://discuss.privacyguides.net/u/niek-de-wilde), [Em](https://discuss.privacyguides.net/u/em), and [Jordan](https://discuss.privacyguides.net/u/jordan). [:simple-signal: Chat on Signal](https://signal.me/#eu/zg9xcrIv5w-EtXt2FmTJgfWv01LmyTed8rpr7RDv35Mizq8ISZ9NJLmYtzsxI0Z4){ .md-button } @@ -130,7 +130,7 @@ Our staff are paid to contribute to supplemental content at Privacy Guides, like :material-text-account: Journalist - [:material-account: Profile](https://discuss.privacyguides.net/u/ematprivacyguides) + [:material-account: Profile](https://discuss.privacyguides.net/u/em) [:material-github:](https://github.com/EmAtPrivacyGuides "GitHub") [:material-mastodon:](https://infosec.exchange/@Em0nM4stodon "@Em0nM4stodon@infosec.exchange"){rel=me} @@ -182,6 +182,7 @@ However, Privacy Guides *does* have social media accounts on a wide variety of p - [:simple-reddit: Reddit](https://reddit.com/r/PrivacyGuides) - [:simple-x: X (Twitter)](https://x.com/privacy_guides) - [:simple-youtube: YouTube](https://youtube.com/@privacyguides) +- [:simple-tiktok: TikTok](https://www.tiktok.com/@privacyguides) diff --git a/docs/about/donate.md b/docs/about/donate.md index 4bbf099a..26495781 100644 --- a/docs/about/donate.md +++ b/docs/about/donate.md @@ -5,8 +5,11 @@ description: The charitable mission of Privacy Guides relies on contributions fr Support our mission to defend digital rights and spread the word about mass surveillance programs and other daily privacy invasions. You can help Privacy Guides researchers, activists, and maintainers create informative content, host private digital services, and protect privacy rights at a time when the world needs it most. -[:material-heart:{ .pg-red } Become a Member](https://donate.magicgrants.org/privacyguides/membership){ class="md-button md-button--primary" } -[:material-hand-coin: Make a Donation](https://donate.magicgrants.org/privacyguides/donate/privacyguides){ class="md-button md-button--primary" } + +[:material-heart:{ .pg-red } Become a Member](https://donate.magicgrants.org/privacyguides/membership){ class="md-button md-button--primary" data-portal="signup" } + +[Become a Member (Cryptocurrency)](https://donate.magicgrants.org/privacyguides/membership){ class="md-button" } +[One-Time Donation](https://donate.magicgrants.org/privacyguides/donate/privacyguides){ class="md-button" } diff --git a/docs/advanced/payments.md b/docs/advanced/payments.md index f8128a3b..9f473298 100644 --- a/docs/advanced/payments.md +++ b/docs/advanced/payments.md @@ -3,7 +3,7 @@ title: Private Payments icon: material/hand-coin description: Your buying habits are the holy grail of ad targeting, but you still have plenty of options when it comes to making payments privately. --- -Data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately. +Data about your buying habits is considered the holy grail of ad targeting: Your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately. ## Cash @@ -17,7 +17,7 @@ Despite the above, cash is typically the best option when available. You can easily purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually don’t have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout in an effort to reduce fraud. -Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (e.g.: from Visa or Mastercard) usually have limits of up to $1,000 per card. +Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (e.g. from Visa or Mastercard) usually have limits of up to $1,000 per card. Gift cards have the downside of being subject to merchant policies, which can have terrible terms and restrictions. For example, some merchants don’t accept payment in gift cards exclusively, or they may cancel the value of the card if they consider you to be a high-risk user. Once you have merchant credit, the merchant has a strong degree of control over this credit. @@ -43,7 +43,7 @@ These tend to be good options for recurring/subscription payments online, while ## Cryptocurrency -Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a transparent blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose. +Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a transparent blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only purchase amounts which would not be disastrous to lose.

Danger

@@ -72,7 +72,7 @@ Anonymous transactions on a transparent blockchain are *theoretically* possible, ### Wallet Custody -With cryptocurrency there are two forms of wallets: custodial wallets and self-custody wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Self-custody wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, self-custody wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies. +With cryptocurrency there are two forms of wallets: custodial wallets and self-custody wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Self-custody wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, self-custody wallets provide greater security and censorship resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies. ### Acquisition @@ -84,7 +84,7 @@ If you go this route, make sure to purchase Monero at different times and in dif ## Additional Considerations -When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself. +When you're making a payment in person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself. When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address. diff --git a/docs/basics/email-security.md b/docs/basics/email-security.md index d3d0fd2e..71a01850 100644 --- a/docs/basics/email-security.md +++ b/docs/basics/email-security.md @@ -21,7 +21,7 @@ There is another standard which is popular with business called [S/MIME](https:/ The [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD) standard allows email clients to discover the OpenPGP key for other mailboxes, even those hosted on a different provider. Email clients which support WKD will ask the recipient's server for a key based on the email address' domain name. For example, if you emailed `jonah@privacyguides.org`, your email client would ask `privacyguides.org` for Jonah's OpenPGP key, and if `privacyguides.org` has a key for that account, your message would be automatically encrypted. -In addition to the [email clients we recommend](../email-clients.md) which support WKD, some webmail providers also support WKD. Whether *your own* key is published to WKD for others to use depends on your domain configuration. If you use an [email provider](../email.md#openpgp-compatible-services) which supports WKD, such as Proton Mail or Mailbox.org, they can publish your OpenPGP key on their domain for you. +In addition to the [email clients we recommend](../email-clients.md) which support WKD, some webmail providers also support WKD. Whether *your own* key is published to WKD for others to use depends on your domain configuration. If you use an [email provider](../email.md#openpgp-compatible-services) which supports WKD, such as Proton Mail or Mailbox Mail, they can publish your OpenPGP key on their domain for you. If you use your own custom domain, you will need to configure WKD separately. If you control your domain name, you can set up WKD regardless of your email provider. One easy way to do this is to use the "[WKD as a Service](https://keys.openpgp.org/about/usage#wkd-as-a-service)" feature from the `keys.openpgp.org` server: Set a CNAME record on the `openpgpkey` subdomain of your domain pointed to `wkd.keys.openpgp.org`, then upload your key to [keys.openpgp.org](https://keys.openpgp.org). Alternatively, you can [self-host WKD on your own web server](https://wiki.gnupg.org/WKDHosting). diff --git a/docs/browser-extensions.md b/docs/browser-extensions.md index 3b3102f7..d9b95987 100644 --- a/docs/browser-extensions.md +++ b/docs/browser-extensions.md @@ -70,6 +70,8 @@ uBlock Origin also has a "Lite" version of their extension, which offers a very Downloads - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/ublock-origin-lite/ddkjiahejlhfcafbddmgiahcphecmpfh) +- [:fontawesome-brands-edge: Edge](https://microsoftedge.microsoft.com/addons/detail/cimighlppcgcoapaliogpjjdehbnofhn) +- [:simple-safari: Safari](https://apps.apple.com/app/id6745342698) @@ -81,7 +83,7 @@ This version offers three levels of blocking: "Basic" works without requiring an If you set the default filtering mode to "Optimal" or "Complete" the extension will request read/modify access to **all** websites you visit. However, you also have the option to change the setting to "Optimal" or "Complete" on a **per-site** basis by adjusting the slider in the extension's pop-up panel on any given site. When you do so, the extension will request read/modify access to that site only. Therefore, if you want to take advantage of uBlock Origin Lite's "permission-less" configuration, you should probably leave the default setting as "Basic" and only adjust it higher on sites where that level is not adequate. -uBlock Origin Lite only receives block list updates whenever the extension is updated from your browser's extension marketplace, as opposed to on demand. This means that you may miss out on new threats being blocked for weeks until a full extension release is published. +uBlock Origin Lite only receives block list updates whenever the extension is updated from your browser's extension marketplace, as opposed to on demand. Google has an [expedited review process](https://developer.chrome.com/docs/webstore/skip-review) for filter updates, which means you still typically receive filter list updates as frequently as uBlock Origin Lite chooses to publish a release (historically every 2-7 days). However, only so-called "[safe rules](https://developer.chrome.com/docs/extensions/reference/api/declarativeNetRequest#safe_rules)" can be updated, which may limit the update frequency of lists using advanced techniques. ### AdGuard diff --git a/docs/calendar.md b/docs/calendar.md index 427d7389..cfcfabb7 100644 --- a/docs/calendar.md +++ b/docs/calendar.md @@ -1,5 +1,5 @@ --- -title: "Calendar Sync" +title: Calendar Sync icon: material/calendar description: Calendars contain some of your most sensitive data; use products that implement encryption at rest. cover: calendar.webp @@ -9,7 +9,7 @@ cover: calendar.webp - [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange } - [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers){ .pg-teal } -**Calendars** contain some of your most sensitive data; use products that implement E2EE at rest to prevent a provider from reading them. +**Calendars** contain some of your most sensitive data; use products that implement end-to-end encryption at rest to prevent a provider from reading them. ## Tuta @@ -18,21 +18,22 @@ cover: calendar.webp ![Tuta logo](assets/img/email/tuta.svg#only-light){ align=right } ![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ align=right } -**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multifactor authentication, and [more](https://tuta.com/calendar-app-comparison). +**Tuta** offers a free and encrypted calendar across their supported platforms. Features include automatic E2EE of all data, sharing features, import/export functionality, multifactor authentication, and [more](https://tuta.com/calendar-app-comparison). -Multiple calendars and extended sharing functionality is limited to paid subscribers. +Multiple calendars and extended sharing functionality are limited to paid subscribers. [:octicons-home-16: Homepage](https://tuta.com/calendar){ .md-button .md-button--primary } [:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" } [:octicons-info-16:](https://tuta.com/support){ .card-link title="Documentation" } [:octicons-code-16:](https://github.com/tutao/tutanota){ .card-link title="Source Code" } -[:octicons-heart-16:](https://tuta.com/community){ .card-link title="Contribute" } +[:octicons-heart-16:](https://tuta.com/community#donate){ .card-link title="Contribute" }
Downloads -- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=de.tutao.tutanota) -- [:simple-appstore: App Store](https://apps.apple.com/app/id922429609) +- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=de.tutao.calendar) +- [:simple-appstore: App Store](https://apps.apple.com/app/id6657977811) +- [:simple-github: GitHub](https://github.com/tutao/tutanota/releases?q=Calendar) - [:fontawesome-brands-windows: Windows](https://tuta.com/blog/desktop-clients) - [:simple-apple: macOS](https://tuta.com/blog/desktop-clients) - [:simple-linux: Linux](https://tuta.com/blog/desktop-clients) @@ -49,7 +50,9 @@ Multiple calendars and extended sharing functionality is limited to paid subscri ![Proton](assets/img/calendar/proton-calendar.svg){ align=right } -**Proton Calendar** is an encrypted calendar service available to Proton members via web or mobile clients. Features include: automatic E2EE of all data, sharing features, import/export functionality, and [more](https://proton.me/support/proton-calendar-guide). Those on the free tier gain access to 3 calendars, whereas paid subscribers can create up to 25 calendars. Extended sharing functionality is also limited to paid subscribers. +**Proton Calendar** is an encrypted calendar service available to Proton members via web or mobile clients. Features include automatic E2EE of all data, sharing features, import/export functionality, and [more](https://proton.me/support/proton-calendar-guide). + +Those on the free tier have access to 3 calendars, whereas paid subscribers can create up to 25 calendars. Extended sharing functionality is also limited to paid subscribers. [:octicons-home-16: Homepage](https://proton.me/calendar){ .md-button .md-button--primary } [:octicons-eye-16:](https://proton.me/calendar/privacy-policy){ .card-link title="Privacy Policy" } diff --git a/docs/cloud.md b/docs/cloud.md index 160770f3..a4ec2b93 100644 --- a/docs/cloud.md +++ b/docs/cloud.md @@ -1,6 +1,6 @@ --- meta_title: "The Best Private and Secure Cloud Storage Providers - Privacy Guides" -title: "Cloud Storage" +title: Cloud Storage icon: material/file-cloud description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives! cover: cloud.webp @@ -17,7 +17,7 @@ If these alternatives do not fit your needs, we suggest you look into using encr
Looking for Nextcloud? -Nextcloud is [still a recommended tool](document-collaboration.md#nextcloud) for self-hosting a file management suite, however we do not recommend third-party Nextcloud storage providers at the moment, because we do [not recommend](https://discuss.privacyguides.net/t/dont-recommend-nextcloud-e2ee/10352/29) Nextcloud's built-in E2EE functionality for home users. +For more technical readers, Nextcloud is [still a recommended tool](self-hosting/file-management.md#nextcloud) for self-hosting a file management suite, however we do not recommend third-party Nextcloud storage providers at the moment, because we do [not recommend](https://discuss.privacyguides.net/t/dont-recommend-nextcloud-e2ee/10352/29) Nextcloud's built-in E2EE functionality for home users.
@@ -97,7 +97,7 @@ They have also received the Digital Trust Label, a certification from the [Swiss ![Peergos logo](assets/img/cloud/peergos.svg){ align=right } -**Peergos** is a decentralized protocol and open-source platform for storage, social media, and applications. It provides a secure and private space where users can store, share, and view their photos, videos, documents, etc. Peergos secures your files with quantum-resistant end-to-end encryption and ensures all data about your files remains private. +**Peergos** is a decentralized protocol and open-source platform for storage, social media, and applications. It provides a secure and private space where users can store, share, and view their photos, videos, documents, etc. Peergos secures your files with quantum-resistant E2EE and ensures all data about your files remains private. [:octicons-home-16: Homepage](https://peergos.org){ .md-button .md-button--primary } [:octicons-eye-16:](https://peergos.net/privacy.html){ .card-link title="Privacy Policy" } diff --git a/docs/data-broker-removals.md b/docs/data-broker-removals.md index 9a2432c9..23e3eea4 100644 --- a/docs/data-broker-removals.md +++ b/docs/data-broker-removals.md @@ -34,7 +34,7 @@ You should search for your information on these sites first, and submit an opt-o - Dataveria ([Search](https://dataveria.com), [Opt-Out](https://dataveria.com/ng/control/privacy)) - InfoTracer ([Search](https://infotracer.com), [Opt-Out](https://infotracer.com/optout)) - Intelius ([Search](https://intelius.com), [Opt-Out](https://suppression.peopleconnect.us/login)) -- PeekYou ([Search](https://peekyou.com), [Opt-Out](https://peekyou.com/about/contact/optout)) +- PeekYou ([Search](https://peekyou.com), [Opt-Out](https://peekyou.com/about/contact/ccpa_optout/do_not_sell)) - PublicDataUSA ([Search](https://publicdatausa.com), [Opt-Out](https://publicdatausa.com/remove.php)) - Radaris ([Search](https://radaris.com), [Opt-Out](https://radaris.com/page/how-to-remove)) - Spokeo ([Search](https://spokeo.com/search), [Opt-Out](https://spokeo.com/optout)) @@ -84,7 +84,7 @@ Our [testing](https://www.privacyguides.org/articles/2025/02/03/easyoptouts-revi EasyOptOuts does not cover the following sites we consider to be "high priority," so you should still manually opt-out of: - Intelius ([Search](https://intelius.com), [Opt-Out](https://suppression.peopleconnect.us/login)) -- PeekYou ([Search](https://peekyou.com), [Opt-Out](https://peekyou.com/about/contact/optout)) +- PeekYou ([Search](https://peekyou.com), [Opt-Out](https://peekyou.com/about/contact/ccpa_optout/do_not_sell))
diff --git a/docs/desktop-browsers.md b/docs/desktop-browsers.md index 6d386b59..ac18baea 100644 --- a/docs/desktop-browsers.md +++ b/docs/desktop-browsers.md @@ -1,6 +1,6 @@ --- meta_title: "Privacy Respecting Web Browsers for PC and Mac - Privacy Guides" -title: "Desktop Browsers" +title: Desktop Browsers icon: material/laptop description: These privacy-protecting browsers are what we currently recommend for standard/non-anonymous internet browsing on desktop systems. cover: desktop-browsers.webp @@ -112,9 +112,9 @@ This is required to prevent advanced forms of tracking, but does come at the cos ### Mullvad Leta -Mullvad Browser comes with [**Mullvad Leta**](https://leta.mullvad.net) as the default search engine, which functions as a proxy to either Google or Brave search results (configurable on the Mullvad Leta homepage). +Mullvad Browser comes with [**Mullvad Leta**](search-engines.md#mullvad-leta) as the default search engine, which functions as a proxy to either Google or Brave search results (configurable on the Mullvad Leta homepage). -If you are a Mullvad VPN user, there is some risk in using services like Mullvad Leta which are offered by your VPN provider themselves. This is because Mullvad theoretically has access to your true IP address (via their VPN) and your search activity (via Leta), which is information a VPN is typically intended to separate. Even though Mullvad collects very little information about their VPN subscribers or Leta users, you should consider a different [search engine](search-engines.md) if this risk concerns you. +If you are a Mullvad VPN user, there is some risk in using services like Mullvad Leta which are offered by your VPN provider themselves. This is because Mullvad theoretically has access to your true IP address (via their VPN) and your search activity (via Leta); the latter is information a VPN is typically intended to separate. Even though Mullvad collects very little information about their VPN subscribers or Leta users, you should consider a different [search engine](search-engines.md) if this risk concerns you. ## Firefox diff --git a/docs/dns.md b/docs/dns.md index 3ccfd648..9e8495ea 100644 --- a/docs/dns.md +++ b/docs/dns.md @@ -1,5 +1,5 @@ --- -title: "DNS Resolvers" +title: DNS Resolvers icon: material/dns description: We recommend choosing these encrypted DNS providers to replace your ISP's default configuration. cover: dns.webp @@ -10,7 +10,7 @@ global: - [:material-account-cash: Surveillance Capitalism](basics/common-threats.md#surveillance-as-a-business-model){ .pg-brown } -Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity. +Encrypted **DNS** with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity. [Learn more about DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md){ .md-button } @@ -20,7 +20,7 @@ These are our favorite public DNS resolvers based on their privacy and security | DNS Provider | Protocols | Logging / Privacy Policy | [ECS](advanced/dns-overview.md#what-is-edns-client-subnet-ecs) | Filtering | Signed Apple Profile | |---|---|---|---|---|---| -| [**AdGuard Public DNS**](https://adguard-dns.io/en/public-dns.html) | Cleartext
DoH/3
DoT
DoQ
DNSCrypt | Anonymized[^1] | Anonymized | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS) | Yes [:octicons-link-external-24:](https://adguard-dns.io/en/blog/encrypted-dns-ios-14.html) | +| [**AdGuard Public DNS**](https://adguard-dns.io/en/public-dns.html) | Cleartext
DoH/3
DoT
DoQ
DNSCrypt | Anonymized[^1] | Anonymized | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardSDNSFilter) | Yes [:octicons-link-external-24:](https://adguard-dns.io/en/blog/encrypted-dns-ios-14.html) | | [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setup) | Cleartext
DoH/3
DoT | Anonymized[^2] | No | Based on server choice. | No [:octicons-link-external-24:](https://community.cloudflare.com/t/requesting-1-1-1-1-signed-profiles-for-apple/571846) | | [**Control D Free DNS**](https://controld.com/free-dns) | Cleartext
DoH/3
DoT
DoQ | No[^3] | No | Based on server choice. | Yes
[:simple-apple: iOS](https://docs.controld.com/docs/ios-platform)
[:material-apple-finder: macOS](https://docs.controld.com/docs/macos-platform#manual-setup-profile) | | [**DNS0.eu**](https://dns0.eu) | Cleartext
DoH/3
DoH
DoT
DoQ | Anonymized[^4] | Anonymized | Based on server choice. | Yes [:octicons-link-external-24:](https://dns0.eu/zero.dns0.eu.mobileconfig) | @@ -54,52 +54,9 @@ These are our favorite public DNS resolvers based on their privacy and security Quad9: [*Data and Privacy Policy*](https://quad9.net/privacy/policy) -## Self-Hosted DNS Filtering - -A self-hosted DNS solution is useful for providing filtering on controlled platforms, such as Smart TVs and other IoT devices, as no client-side software is needed. - -### Pi-hole - -
- -![Pi-hole logo](assets/img/dns/pi-hole.svg){ align=right } - -**Pi-hole** is an open-source [DNS-sinkhole](https://en.wikipedia.org/wiki/DNS_sinkhole) which uses [DNS filtering](https://cloudflare.com/learning/access-management/what-is-dns-filtering) to block unwanted web content, such as advertisements. - -Pi-hole is designed to be hosted on a Raspberry Pi, but it is not limited to such hardware. The software features a friendly web interface to view insights and manage blocked content. - -[:octicons-home-16: Homepage](https://pi-hole.net){ .md-button .md-button--primary } -[:octicons-eye-16:](https://pi-hole.net/privacy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://docs.pi-hole.net){ .card-link title=Documentation} -[:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" } -[:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute } - - - -
- -### AdGuard Home - -
- -![AdGuard Home logo](assets/img/dns/adguard-home.svg){ align=right } - -**AdGuard Home** is an open-source [DNS-sinkhole](https://en.wikipedia.org/wiki/DNS_sinkhole) which uses [DNS filtering](https://cloudflare.com/learning/access-management/what-is-dns-filtering) to block unwanted web content, such as advertisements. - -AdGuard Home features a polished web interface to view insights and manage blocked content. - -[:octicons-home-16: Homepage](https://adguard.com/adguard-home/overview.html){ .md-button .md-button--primary } -[:octicons-eye-16:](https://adguard.com/privacy/home.html){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://github.com/AdguardTeam/AdGuardHome/wiki){ .card-link title=Documentation} -[:octicons-code-16:](https://github.com/AdguardTeam/AdGuardHome){ .card-link title="Source Code" } - - - -
- ## Cloud-Based DNS Filtering -These DNS filtering solutions offer a web dashboard where you can customize the block lists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration). +These DNS filtering solutions offer a web dashboard where you can customize the block lists to your exact needs. These services can be used easily across multiple networks. ### Control D @@ -107,7 +64,9 @@ These DNS filtering solutions offer a web dashboard where you can customize the ![Control D logo](assets/img/dns/control-d.svg){ align=right } -**Control D** is a customizable DNS service which lets you block security threats, unwanted content, and advertisements on a DNS level. In addition to their paid plans, they offer a number of preconfigured DNS resolvers you can use for free. +**Control D** is a customizable DNS service which lets you block security threats, unwanted content, and advertisements on a DNS level. + +In addition to their paid plans, they offer a number of preconfigured DNS resolvers you can use for free. [:octicons-home-16: Homepage](https://controld.com){ .md-button .md-button--primary } [:octicons-eye-16:](https://controld.com/privacy){ .card-link title="Privacy Policy" } @@ -134,7 +93,9 @@ These DNS filtering solutions offer a web dashboard where you can customize the ![NextDNS logo](assets/img/dns/nextdns.svg){ align=right } -**NextDNS** is a customizable DNS service which lets you block security threats, unwanted content, and advertisements on a DNS level. They offer a fully functional free plan for limited use. +**NextDNS** is a customizable DNS service which lets you block security threats, unwanted content, and advertisements on a DNS level. + +They offer a fully functional free plan for limited use. [:octicons-home-16: Homepage](https://nextdns.io){ .md-button .md-button--primary } [:octicons-eye-16:](https://nextdns.io/privacy){ .card-link title="Privacy Policy" } diff --git a/docs/document-collaboration.md b/docs/document-collaboration.md index 4c31f57a..e43e1dba 100644 --- a/docs/document-collaboration.md +++ b/docs/document-collaboration.md @@ -1,77 +1,41 @@ --- -title: "Document Collaboration" +title: Document Collaboration icon: material/account-group -description: Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. +description: Most online office suites do not support end-to-end encryption, meaning the cloud provider has access to everything you do. cover: document-collaboration.webp --- Protects against the following threat(s): - [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers){ .pg-teal } -Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. The provider's privacy policy may legally protect your rights, but it does not provide technical access constraints. +Most online **document collaboration** platforms like Google Drive do not support end-to-end encryption, meaning the cloud provider has access to everything you do. The provider's privacy policy may legally protect your rights, but it does not provide technical access constraints. -## Collaboration Platforms - -### Nextcloud - -
- -![Nextcloud logo](assets/img/document-collaboration/nextcloud.svg){ align=right } - -**Nextcloud** is a suite of free and open-source client-server software for creating your own file hosting services on a private server you control. - -[:octicons-home-16: Homepage](https://nextcloud.com){ .md-button .md-button--primary } -[:octicons-eye-16:](https://nextcloud.com/privacy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://nextcloud.com/support){ .card-link title=Documentation} -[:octicons-code-16:](https://github.com/nextcloud){ .card-link title="Source Code" } -[:octicons-heart-16:](https://nextcloud.com/contribute){ .card-link title=Contribute } - -
-Downloads - -- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.nextcloud.client) -- [:simple-appstore: App Store](https://apps.apple.com/app/id1125420102) -- [:simple-github: GitHub](https://github.com/nextcloud/android/releases) -- [:fontawesome-brands-windows: Windows](https://nextcloud.com/install/#install-clients) -- [:simple-apple: macOS](https://nextcloud.com/install/#install-clients) -- [:simple-linux: Linux](https://nextcloud.com/install/#install-clients) - -
- -
- -
-

Danger

- -We don't recommend using the [E2EE App](https://apps.nextcloud.com/apps/end_to_end_encryption) for Nextcloud as it may lead to data loss; it is highly experimental and not production quality. For this reason, we don't recommend third-party Nextcloud providers. - -
- -### CryptPad +## CryptPad
![CryptPad logo](assets/img/document-collaboration/cryptpad.svg){ align=right } -**CryptPad** is a private-by-design alternative to popular office tools. All content on this web service is end-to-end encrypted and can be shared with other users easily. [:material-star-box: Read our latest CryptPad review.](https://www.privacyguides.org/articles/2025/02/07/cryptpad-review) +**CryptPad** is a private-by-design alternative to popular, full-fledged office suites. All content on this web service is E2EE and can be shared with other users easily. + +[:material-star-box: Read our latest CryptPad review.](https://www.privacyguides.org/articles/2025/02/07/cryptpad-review) [:octicons-home-16: Homepage](https://cryptpad.fr){ .md-button .md-button--primary } [:octicons-eye-16:](https://cryptpad.fr/pad/#/2/pad/view/GcNjAWmK6YDB3EO2IipRZ0fUe89j43Ryqeb4fjkjehE){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://docs.cryptpad.fr){ .card-link title=Documentation} +[:octicons-server-16:](https://cryptpad.org/instances){ .card-link title="Public Instances" } +[:octicons-info-16:](https://docs.cryptpad.fr){ .card-link title="Documentation" } [:octicons-code-16:](https://github.com/xwiki-labs/cryptpad){ .card-link title="Source Code" } -[:octicons-heart-16:](https://opencollective.com/cryptpad){ .card-link title=Contribute } +[:octicons-heart-16:](https://opencollective.com/cryptpad){ .card-link title="Contribute" }
-### Criteria +## Criteria **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. -#### Minimum Requirements - -In general, we define collaboration platforms as full-fledged suites which could reasonably act as a replacement to Google Drive. +### Minimum Requirements - Must be open source. - Must make files accessible via WebDAV unless it is impossible due to E2EE. @@ -80,7 +44,7 @@ In general, we define collaboration platforms as full-fledged suites which could - Must support real-time document collaboration. - Must support exporting documents to standard document formats (e.g. ODF). -#### Best-Case +### Best-Case Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. diff --git a/docs/email.md b/docs/email.md index 61bda2c9..1a13f0c3 100644 --- a/docs/email.md +++ b/docs/email.md @@ -1,6 +1,6 @@ --- meta_title: "Encrypted Private Email Recommendations - Privacy Guides" -title: "Email Services" +title: Email Services icon: material/email description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers. cover: email.webp @@ -22,7 +22,7 @@ For everything else, we recommend a variety of email providers based on sustaina | Provider | OpenPGP / WKD | IMAP / SMTP | Zero-Access Encryption | Anonymous Payment Methods | |---|---|---|---|---| | [Proton Mail](#proton-mail) | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Paid plans only | :material-check:{ .pg-green } | Cash | -| [Mailbox.org](#mailboxorg) | :material-check:{ .pg-green } | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Mail only | Cash | +| [Mailbox Mail](#mailbox-mail) | :material-check:{ .pg-green } | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Mail only | Cash | | [Tuta](#tuta) | :material-alert-outline:{ .pg-orange } | :material-alert-outline:{ .pg-orange } | :material-check:{ .pg-green } | Monero
Cash via third party | In addition to (or instead of) an email provider recommended here, you may wish to consider a dedicated [email aliasing service](email-aliasing.md#recommended-providers) to protect your privacy. Among other things, these services can help protect your real inbox from spam, prevent marketers from correlating your accounts, and encrypt all incoming messages with PGP. @@ -31,12 +31,12 @@ In addition to (or instead of) an email provider recommended here, you may wish ## OpenPGP Compatible Services -These providers natively support OpenPGP encryption/decryption and the [Web Key Directory (WKD) standard](basics/email-security.md#what-is-the-web-key-directory-standard), allowing for provider-agnostic end-to-end encrypted emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. +These providers natively support OpenPGP encryption/decryption and the [Web Key Directory (WKD) standard](basics/email-security.md#what-is-the-web-key-directory-standard), allowing for provider-agnostic end-to-end encrypted emails. For example, a Proton Mail user could send an E2EE message to a Mailbox Mail user, or you could receive OpenPGP-encrypted notifications from internet services which support it.
-- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) -- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) +- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](#proton-mail) +- ![Mailbox Mail logo](assets/img/email/mailbox-mail.svg){ .twemoji } [Mailbox Mail](#mailbox-mail)
@@ -120,13 +120,13 @@ If you have a paid account and your [bill is unpaid](https://proton.me/support/d Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500 GB of storage. -### Mailbox.org +### Mailbox Mail
-![Mailbox.org logo](assets/img/email/mailboxorg.svg){ align=right } +![Mailbox Mail logo](assets/img/email/mailbox-mail.svg){ align=right } -**Mailbox.org** is an email service with a focus on being secure, ad-free, and powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. +**Mailbox Mail** is an email service with a focus on being secure, ad-free, and powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox Mail is based in Berlin, Germany. Accounts start with up to 2 GB storage, which can be upgraded as needed. @@ -145,27 +145,27 @@ Accounts start with up to 2 GB storage, which can be upgraded as needed. #### :material-check:{ .pg-green } Custom Domains and Aliases -Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/en/private/custom-domains/how-to-set-up-a-catch-all-alias-with-a-custom-domain-name) addresses. Mailbox.org also supports [sub-addressing](https://kb.mailbox.org/en/private/account-article/what-is-an-alias-and-how-do-i-use-it), which is useful if you don't want to purchase a domain. +Mailbox Mail lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/en/private/custom-domains/how-to-set-up-a-catch-all-alias-with-a-custom-domain-name) addresses. Mailbox Mail also supports [sub-addressing](https://kb.mailbox.org/en/private/account-article/what-is-an-alias-and-how-do-i-use-it), which is useful if you don't want to purchase a domain. #### :material-check:{ .pg-green } Private Payment Methods -Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept **cash** by mail, **cash** payment to bank account, bank transfer, credit card, PayPal, and a couple of German-specific processors: Paydirekt and Sofortüberweisung. +Mailbox Mail doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept **cash** by mail, **cash** payment to bank account, bank transfer, credit card, PayPal, and a couple of German-specific processors: Paydirekt and Sofortüberweisung. #### :material-check:{ .pg-green } Account Security -Mailbox.org supports [two-factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online) are not yet supported. +Mailbox Mail supports [two-factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](security-keys.md#yubikey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online) are not yet supported. #### :material-information-outline:{ .pg-blue } Data Security -Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/en/private/e-mail-article/your-encrypted-mailbox). New messages that you receive will then be immediately encrypted with your public key. +Mailbox Mail allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/en/private/e-mail-article/your-encrypted-mailbox). New messages that you receive will then be immediately encrypted with your public key. -However, [Open-Xchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/en/private/security-privacy-article/encryption-of-calendar-and-address-book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that data. +However, [Open-Xchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox Mail, [does not support](https://kb.mailbox.org/en/private/security-privacy-article/encryption-of-calendar-and-address-book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that data. #### :material-check:{ .pg-green } Email Encryption -Mailbox.org has [integrated encryption](https://kb.mailbox.org/en/private/e-mail-article/send-encrypted-e-mails-with-guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/en/private/e-mail-article/my-recipient-does-not-use-pgp) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. +Mailbox Mail has [integrated encryption](https://kb.mailbox.org/en/private/e-mail-article/send-encrypted-e-mails-with-guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/en/private/e-mail-article/my-recipient-does-not-use-pgp) on Mailbox Mail's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. -Mailbox.org also supports the discovery of public keys via HTTP from their WKD. This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily for cross-provider E2EE. This only applies to email addresses ending in one of Mailbox.org's own domains, like `@mailbox.org`. If you use a custom domain, you must [configure WKD](basics/email-security.md#what-is-the-web-key-directory-standard) separately. +Mailbox Mail also supports the discovery of public keys via HTTP from their WKD. This allows people outside of Mailbox Mail to find the OpenPGP keys of Mailbox Mail accounts easily for cross-provider E2EE. This only applies to email addresses ending in one of Mailbox Mail's own domains, like `@mailbox.org`. If you use a custom domain, you must [configure WKD](basics/email-security.md#what-is-the-web-key-directory-standard) separately. #### :material-information-outline:{ .pg-blue } Account Termination @@ -173,11 +173,11 @@ Your account will be set to a restricted user account when your contract ends. I #### :material-information-outline:{ .pg-blue } Additional Functionality -You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). However, their webmail interface cannot be accessed via their .onion service, and you may experience TLS certificate errors. +You can access your Mailbox Mail account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). However, their webmail interface cannot be accessed via their .onion service, and you may experience TLS certificate errors. -All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/en/private/drive-article/encrypt-files-on-your-drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/en/private/e-mail-article/ensuring-e-mails-are-sent-securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. +All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/en/private/drive-article/encrypt-files-on-your-drive). Mailbox Mail also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/en/private/e-mail-article/ensuring-e-mails-are-sent-securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox Mail also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. -Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs, providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. +Mailbox Mail has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs, providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. ## More Providers @@ -185,7 +185,7 @@ These providers store your emails with zero-knowledge encryption, making them gr
-- ![Tuta logo](assets/img/email/tuta.svg#only-light){ .twemoji loading=lazy }![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ .twemoji loading=lazy } [Tuta](email.md#tuta) +- ![Tuta logo](assets/img/email/tuta.svg#only-light){ .twemoji loading=lazy }![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ .twemoji loading=lazy } [Tuta](#tuta)
@@ -257,7 +257,7 @@ Tuta offers the business version of [Tuta to non-profit organizations](https://t ### Technology -We regard these features as important in order to provide a safe and optimal service. You should consider whether the provider which has the features you require. +We regard these features as important in order to provide a safe and optimal service. You should consider whether the provider has the features you require. **Minimum to Qualify:** diff --git a/docs/encryption.md b/docs/encryption.md index a9d2b801..e02377f7 100644 --- a/docs/encryption.md +++ b/docs/encryption.md @@ -1,5 +1,5 @@ --- -meta_title: "Recommended Encryption Software: VeraCrypt, Cryptomator, PicoCrypt, and OpenPGP - Privacy Guides" +meta_title: "Recommended Encryption Software: VeraCrypt, Cryptomator, and OpenPGP - Privacy Guides" title: "Encryption Software" icon: material/file-lock description: Encryption of data is the only way to control who can access it. These tools allow you to encrypt your emails and any other files. @@ -52,35 +52,6 @@ Some Cryptomator cryptographic libraries have been [audited](https://community.c Cryptomator's documentation details its intended [security target](https://docs.cryptomator.org/en/latest/security/security-target), [security architecture](https://docs.cryptomator.org/en/latest/security/architecture), and [best practices](https://docs.cryptomator.org/en/latest/security/best-practices) for use in further detail. -### Picocrypt (File) - -Protects against the following threat(s): - -- [:material-target-account: Targeted Attacks](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red } - -
- -![Picocrypt logo](assets/img/encryption-software/picocrypt.svg){ align=right } - -**Picocrypt** is a small and simple encryption tool that provides modern encryption. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security. It uses Go's standard x/crypto modules for its encryption features. - -[:octicons-repo-16: Repository](https://github.com/Picocrypt/Picocrypt#readme){ .md-button .md-button--primary } -[:octicons-code-16:](https://github.com/Picocrypt/Picocrypt){ .card-link title="Source Code" } -[:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title="Contribute" } - -
-Downloads - -- [:fontawesome-brands-windows: Windows](https://github.com/Picocrypt/Picocrypt/releases) -- [:simple-apple: macOS](https://github.com/Picocrypt/Picocrypt/releases) -- [:simple-linux: Linux](https://github.com/Picocrypt/Picocrypt/releases) - -
- -
- -Picocrypt has been [audited](https://github.com/Picocrypt/storage/blob/main/Picocrypt.Audit.Report.pdf) by Radically Open Security in August 2024, and [most](https://github.com/Picocrypt/Picocrypt/issues/32#issuecomment-2329722740) of the issues found in the audit were subsequently fixed. - ### VeraCrypt (Disk) Protects against the following threat(s): diff --git a/docs/file-sharing.md b/docs/file-sharing.md index 4ff921aa..28873234 100644 --- a/docs/file-sharing.md +++ b/docs/file-sharing.md @@ -1,5 +1,5 @@ --- -title: "File Sharing and Sync" +title: File Sharing and Sync icon: material/share-variant description: Discover how to privately share your files between your devices, with your friends and family, or anonymously online. cover: file-sharing.webp @@ -24,9 +24,9 @@ If you already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarde [:octicons-home-16: Homepage](https://send.vis.ee){ .md-button .md-button--primary } [:octicons-server-16:](https://github.com/timvisee/send-instances){ .card-link title="Public Instances"} -[:octicons-info-16:](https://github.com/timvisee/send#readme){ .card-link title=Documentation} +[:octicons-info-16:](https://github.com/timvisee/send#readme){ .card-link title="Documentation" } [:octicons-code-16:](https://github.com/timvisee/send){ .card-link title="Source Code" } -[:octicons-heart-16:](https://github.com/sponsors/timvisee){ .card-link title=Contribute } +[:octicons-heart-16:](https://github.com/sponsors/timvisee){ .card-link title="Contribute" } @@ -48,7 +48,7 @@ ffsend upload --host https://send.vis.ee/ FILE [:octicons-home-16: Homepage](https://onionshare.org){ .md-button .md-button--primary } [:simple-torbrowser:](http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion){ .card-link title="Onion Service" } -[:octicons-info-16:](https://docs.onionshare.org){ .card-link title=Documentation} +[:octicons-info-16:](https://docs.onionshare.org){ .card-link title="Documentation" } [:octicons-code-16:](https://github.com/onionshare/onionshare){ .card-link title="Source Code" }
@@ -73,60 +73,8 @@ OnionShare provides the option to connect via [Tor bridges](https://docs.onionsh - Must be open-source software. - Must either have clients for Linux, macOS, and Windows; or have a web interface. -## FreedomBox - -
- -![FreedomBox logo](assets/img/file-sharing-sync/freedombox.svg){ align=right } - -**FreedomBox** is an operating system designed to be run on a [single-board computer (SBC)](https://en.wikipedia.org/wiki/Single-board_computer). The purpose is to make it easy to set up server applications that you might want to self-host. - -[:octicons-home-16: Homepage](https://freedombox.org){ .md-button .md-button--primary } -[:octicons-info-16:](https://wiki.debian.org/FreedomBox/Manual){ .card-link title=Documentation} -[:octicons-code-16:](https://salsa.debian.org/freedombox-team/freedombox){ .card-link title="Source Code" } -[:octicons-heart-16:](https://freedomboxfoundation.org/donate){ .card-link title=Contribute } - -
- -
- ## File Sync -### Nextcloud (Client-Server) - -
- -![Nextcloud logo](assets/img/document-collaboration/nextcloud.svg){ align=right } - -**Nextcloud** is a suite of free and open-source client-server software for creating your own file hosting services on a private server you control. - -[:octicons-home-16: Homepage](https://nextcloud.com){ .md-button .md-button--primary } -[:octicons-eye-16:](https://nextcloud.com/privacy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://nextcloud.com/support){ .card-link title=Documentation} -[:octicons-code-16:](https://github.com/nextcloud){ .card-link title="Source Code" } -[:octicons-heart-16:](https://nextcloud.com/contribute){ .card-link title=Contribute } - -
-Downloads - -- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.nextcloud.client) -- [:simple-appstore: App Store](https://apps.apple.com/app/id1125420102) -- [:simple-github: GitHub](https://github.com/nextcloud/android/releases) -- [:fontawesome-brands-windows: Windows](https://nextcloud.com/install/#install-clients) -- [:simple-apple: macOS](https://nextcloud.com/install/#install-clients) -- [:simple-linux: Linux](https://nextcloud.com/install/#install-clients) - -
- -
- -
-

Danger

- -We don't recommend using the [E2EE App](https://apps.nextcloud.com/apps/end_to_end_encryption) for Nextcloud as it may lead to data loss; it is highly experimental and not production quality. - -
- ### Syncthing (P2P)
diff --git a/docs/frontends.md b/docs/frontends.md index e0fa7989..7cb988c6 100644 --- a/docs/frontends.md +++ b/docs/frontends.md @@ -147,7 +147,7 @@ Piped is useful if you want to use [SponsorBlock](https://sponsor.ajay.app) with **FreeTube** is a free and open-source desktop application for [YouTube](https://youtube.com). FreeTube extracts data from YouTube using its built-in API based on [YouTube.js](https://github.com/LuanRT/YouTube.js) or the [Invidious](#invidious) API. You can configure either as the default, with the other serving as a fallback. -When using FreeTube, your subscription list and playlists are saved locally on your device. +When using FreeTube, your subscription list, playlists, watch history and search history are saved locally on your device. [:octicons-home-16: Homepage](https://freetubeapp.io){ .md-button .md-button--primary } [:octicons-eye-16:](https://freetubeapp.io/privacy.php){ .card-link title="Privacy Policy" } diff --git a/docs/health-and-wellness.md b/docs/health-and-wellness.md index 3a03edde..77a6fbe2 100644 --- a/docs/health-and-wellness.md +++ b/docs/health-and-wellness.md @@ -66,21 +66,20 @@ Popular menstrual trackers like [Flo](https://techcrunch.com/2021/01/13/flo-gets These general purpose apps can do everything from counting steps and tracking sleep to measuring your heartbeat. -### Apple Health +### Apple Fitness
-![Apple logo](assets/img/health-and-wellness/apple-health.svg#only-light){ align=right }![Apple logo](assets/img/health-and-wellness/apple-health-dark.svg#only-dark){ align=right } +![Apple Fitness logo](assets/img/health-and-wellness/apple-fitness.webp){ align=right } -**Apple Health** is the default health and fitness app for iOS. Apple Health always uses end-to-end encryption when syncing across multiple devices. Additionally, almost all measured data is processed on your device. +**Apple Fitness** is the default fitness app for iOS. Apple Fitness always uses end-to-end encryption when syncing across multiple devices. Additionally, almost all measured data is processed on your device. -[:octicons-home-16: Homepage](https://apple.com/health){ .md-button .md-button--primary } [:octicons-eye-16:](https://apple.com/legal/privacy/consumer-health-personal-data/en-ww){ .card-link title="Privacy Policy" }
Downloads -- [:simple-appstore: App Store](https://apps.apple.com/app/apple-health/id1242545199) +- [:simple-appstore: App Store](https://apps.apple.com/app/id1208224953)
@@ -120,9 +119,9 @@ These apps help you collect and manage personal health data and share it with he
-![Apple logo](assets/img/health-and-wellness/apple-health.svg#only-light){ align=right }![Apple logo](assets/img/health-and-wellness/apple-health-dark.svg#only-dark){ align=right } +![Apple logo](assets/img/health-and-wellness/apple-health.webp#only-light){ align=right }![Apple logo](assets/img/health-and-wellness/apple-health-dark.webp#only-dark){ align=right } -**Apple Health Records** is a built-in feature within [Apple Health](#apple-health) that allows you to view, store, and share your health records. It shares the security and privacy features of Apple Health. +**Apple Health Records** is a built-in feature within [Apple Health](https://apple.com/health) that allows you to view, store, and share your health records. It shares the security and privacy features of [Apple Fitness](#apple-fitness). [:octicons-home-16: Homepage](https://apple.com/health){ .md-button .md-button--primary } [:octicons-eye-16:](https://apple.com/legal/privacy/consumer-health-personal-data/en-ww){ .card-link title="Privacy Policy" } diff --git a/docs/index.md b/docs/index.md index e7464db4..c867c21b 100644 --- a/docs/index.md +++ b/docs/index.md @@ -70,7 +70,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
**Privacy Guides** has a dedicated [community](https://discuss.privacyguides.net) independently reviewing various *privacy tools* and services. Each of our recommendations comply with a strict set of criteria to ensure they provide the most value to most people, and provide the best balance of privacy, security, and convenience. As part of a non-profit **public charity**, Privacy Guides has strict **journalistic standards** and policies to ensure our recommendations are free of conflict of interest, and we do not partner with providers or affiliate programs that could sway our reviews and recommendations. -[:material-heart:{.pg-red} Support Our Work](about/donate.md){ class="md-button md-button--primary" } +[:material-heart:{.pg-red} Support Our Work](about/donate.md){ class="md-button md-button--primary" data-portal="signup" }
diff --git a/docs/language-tools.md b/docs/language-tools.md index bc280d8f..841178f8 100644 --- a/docs/language-tools.md +++ b/docs/language-tools.md @@ -11,7 +11,9 @@ cover: language-tools.webp Text inputted to grammar, spelling, and style checkers, as well as translation services, can contain sensitive information which may be stored on their servers for an indefinite amount of time and sold to third parties. The language tools listed on this page do not store your submitted text on a server and can be self-hosted and used offline for maximum control of your data. -## LanguageTool +## Grammar & Spelling + +### LanguageTool
@@ -42,6 +44,26 @@ Text inputted to grammar, spelling, and style checkers, as well as translation s LanguageTool offers integration with a variety of [office suites](https://languagetool.org/services#text_editors) and [email clients](https://languagetool.org/services#mail_clients). +## Translation Tools + +### LibreTranslate + +
+ +![LibreTranslate logo](assets/img/language-tools/libretranslate.png){ align=right } + +**LibreTranslate** is a free and open-source machine translation web interface and API server. It uses [Argos Translate](https://github.com/argosopentech/argos-translate) models on the backend for translations. + +[:octicons-home-16: Homepage](https://libretranslate.com){ .md-button .md-button--primary } +[:octicons-server-16:](https://github.com/LibreTranslate/LibreTranslate#mirrors){ .card-link title="Public Instances" } +[:octicons-code-16:](https://github.com/LibreTranslate/LibreTranslate){ .card-link title="Source Code" } + +
+ +You can use LibreTranslate through a number of public instances, with some that offer a [Tor](tor.md) onion service or an [I2P](alternative-networks.md#i2p-the-invisible-internet-project) eepsite. You can also host the software yourself for maximum control over the text submitted for translation. + +We use a self-hosted instance of LibreTranslate to automatically translate posts on our [forum](https://discuss.privacyguides.net) to multiple languages. + ## Criteria **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. diff --git a/docs/maps.md b/docs/maps.md index 39996da3..135c5bfe 100644 --- a/docs/maps.md +++ b/docs/maps.md @@ -1,6 +1,6 @@ --- meta_title: "Recommended Maps and Navigation Apps - Privacy Guides" -title: "Maps and Navigation" +title: Maps and Navigation icon: material/map description: Privacy-respecting map providers and navigation apps which don't build an advertising profile based on your searches and locations. cover: maps.webp @@ -11,7 +11,7 @@ cover: maps.webp Use a **map and navigation app** that doesn't build an advertising profile based on your searches and location history. Instead of using Google Maps, Apple Maps, or Waze, we recommend these privacy-respecting alternatives. -The recommendations here either do not collect any user data or at least do not collect personally identifying information (PII) based on each service's privacy policy. There is **no guarantee** that these privacy policies are honored. +The recommendations here do not collect personally identifying information (PII) based on each application's privacy policy. There is **no guarantee** that these privacy policies are honored. ## Organic Maps @@ -25,14 +25,14 @@ Features include cycling routes, hiking trails and walking paths, turn-by-turn n [:octicons-home-16: Homepage](https://organicmaps.app){ .md-button .md-button--primary } [:octicons-eye-16:](https://organicmaps.app/privacy){ .card-link title="Privacy Policy" } -[:octicons-code-16:](https://git.omaps.dev/organicmaps/organicmaps){ .card-link title="Source Code" } +[:octicons-code-16:](https://github.com/organicmaps/organicmaps){ .card-link title="Source Code" }
Downloads - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.organicmaps) - [:simple-appstore: App Store](https://apps.apple.com/app/organic-maps/id1567437057) -- [:simple-forgejo: Forgejo](https://git.omaps.dev/organicmaps/organicmaps/releases) +- [:simple-github: GitHub](https://github.com/organicmaps/organicmaps/releases) - [:simple-linux: Linux](https://flathub.org/apps/app.organicmaps.desktop)
@@ -47,7 +47,7 @@ Please note that Organic Maps is a simple, basic app that lacks certain features ![OsmAnd logo](assets/img/maps/osmand.svg){ align=right } -**OsmAnd** is an offline map and navigation application based on OpenStreetMap that offers turn-by-turn navigation for walking, cycling, driving, as well as public transport. It is open source and does not collect any user data. +**OsmAnd** is an open-source, offline map and navigation application based on OpenStreetMap that offers turn-by-turn navigation for walking, cycling, driving, as well as public transport. You can find a detailed overview of OsmAnd's supported [features](https://wiki.openstreetmap.org/wiki/OsmAnd#Features) on the OpenStreet Map Wiki. [:octicons-home-16: Homepage](https://osmand.net){ .md-button .md-button--primary } [:octicons-eye-16:](https://osmand.net/docs/legal/privacy-policy){ .card-link title="Privacy Policy" } @@ -58,16 +58,29 @@ Please note that Organic Maps is a simple, basic app that lacks certain features Downloads - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=net.osmand) -- [:simple-android: Android](https://osmand.net/docs/versions/free-versions) - [:simple-appstore: App Store](https://apps.apple.com/us/app/id934850257) +- [:simple-android: Android](https://osmand.net/docs/versions/free-versions)
-OsmAnd allows you to overlay or underlay external map data, such as satellite images from Microsoft or [traffic data](https://themm.net/public/osmand_traffic) from Google, although the latter is ignored by the automatic route planning. OsmAnd also has an optional integration of street view images provided by [Mapillary](https://mapillary.com). +
+

Unique User Identifier

-You can find a detailed overview of OsmAnd's supported [features](https://wiki.openstreetmap.org/wiki/OsmAnd#Features) on the OpenStreet Map Wiki. +OsmAnd generates a [unique user identifier (UUID)](https://osmand.net/docs/legal/terms-of-use/#6-unique-user-indentifier) for each app install that rotates every three months and is used for internal reports and statistics. The UUID is also sent to OsmAnd's servers when downloading maps. On Android, there is a setting that controls whether the UUID is sent with each download request. From the home screen, go to :material-menu: → :gear: **Settings** → :gear: **OsmAnd settings** → :material-web: **Identifiers**. + +- [ ] Uncheck **Send Unique User Identifier (UUID)** + +This setting is not available on the iOS app. + +
+ +The app also includes a setting for sharing anonymous data about your downloaded maps and the features you use. This setting is disabled by default on Android, but enabled by default on iOS. To disable it in the iOS app, tap the :material-menu: on the home screen to find the :gear: **Settings** menu. Select that, then select :gear: **OsmAnd settings**. + +- [ ] Uncheck **Send anonymous data** + +OsmAnd allows you to overlay or underlay external map data, such as satellite images from Microsoft or [traffic data](https://themm.net/public/osmand_traffic) from Google, although the latter is ignored by the automatic route planning. OsmAnd also has an optional integration of street view images provided by [Mapillary](https://mapillary.com). ## Criteria diff --git a/docs/meta/admonitions.md b/docs/meta/admonitions.md index e53b5505..0f9ae478 100644 --- a/docs/meta/admonitions.md +++ b/docs/meta/admonitions.md @@ -164,7 +164,7 @@ This format is used to generate recommendation cards. Notably it is missing the ``` markdown title="Recommendation Card"
-![PhotoPrism logo](assets/img/photo-management/photoprism.svg){ align=right } +![PhotoPrism logo](assets/img/self-hosting/photoprism.svg){ align=right } **PhotoPrism** is a self-hostable platform for managing photos. It supports album syncing and sharing as well as a variety of other [features](https://photoprism.app/features). It does not include end-to-end encryption, so it's best hosted on a server that you trust and is under your control. @@ -173,13 +173,6 @@ This format is used to generate recommendation cards. Notably it is missing the [:octicons-info-16:](https://photoprism.app/kb){ .card-link title="Documentation" } [:octicons-code-16:](https://github.com/photoprism){ .card-link title="Source Code" } -
-Downloads - -- [:simple-github: GitHub](https://github.com/photoprism) - -
-
``` @@ -187,7 +180,7 @@ This format is used to generate recommendation cards. Notably it is missing the
-![PhotoPrism logo](../assets/img/photo-management/photoprism.svg){ align=right } +![PhotoPrism logo](../assets/img/self-hosting/photoprism.svg){ align=right } **PhotoPrism** is a self-hostable platform for managing photos. It supports album syncing and sharing as well as a variety of other [features](https://photoprism.app/features). It does not include end-to-end encryption, so it's best hosted on a server that you trust and is under your control. @@ -196,13 +189,6 @@ This format is used to generate recommendation cards. Notably it is missing the [:octicons-info-16:](https://photoprism.app/kb){ .card-link title="Documentation" } [:octicons-code-16:](https://github.com/photoprism){ .card-link title="Source Code" } -
-Downloads - -- [:simple-github: GitHub](https://github.com/photoprism) - -
-
diff --git a/docs/mobile-browsers.md b/docs/mobile-browsers.md index b72863ca..99dcd885 100644 --- a/docs/mobile-browsers.md +++ b/docs/mobile-browsers.md @@ -1,6 +1,6 @@ --- meta_title: "Privacy Respecting Web Browsers for Android and iOS - Privacy Guides" -title: "Mobile Browsers" +title: Mobile Browsers icon: material/cellphone-information description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone. cover: mobile-browsers.webp @@ -77,6 +77,7 @@ Brave is built upon the Chromium web browser project, so it should feel familiar - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.brave.browser) - [:simple-appstore: App Store](https://apps.apple.com/app/id1052879175) - [:simple-github: GitHub](https://github.com/brave/brave-browser/releases) +- [:simple-fdroid: F-Droid](https://brave-browser-apk-release.s3.brave.com/fdroid/repo/index.html) @@ -166,7 +167,7 @@ Shields' options can be downgraded on a per-site basis as needed, but by default - [x] Select **Disable non-proxied UDP** under [*WebRTC IP handling policy*](https://support.brave.com/hc/articles/360017989132-How-do-I-change-my-Privacy-Settings#webrtc) - [x] (Optional) Select **No protection** under *Safe Browsing* (1) - [ ] Uncheck **Allow sites to check if you have payment methods saved** - - [ ] Uncheck **V8 Optimizer** under *Manage V8 security* + - [ ] Uncheck **Javascript optimization & security** under the setting with the same name - [x] Select **Close tabs on exit** - [ ] Uncheck **Allow privacy-preserving product analytics (P3A)** - [ ] Uncheck **Automatically send diagnostic reports** @@ -266,7 +267,7 @@ This disables update checks for the unmaintained Bromite adblock filter. ## Safari (iOS) -On iOS, any app that can browse the web is [restricted](https://developer.apple.com/app-store/review/guidelines) to using an Apple-provided [WebKit framework](https://developer.apple.com/documentation/webkit), so a browser like [Brave](#brave) does not use the Chromium engine like its counterparts on other operating systems. +On iOS, any app that can browse the web is [restricted](https://developer.apple.com/app-store/review/guidelines) to using an Apple-provided [WebKit framework](https://developer.apple.com/documentation/webkit), so a browser like [Brave](#brave) does not use the Blink engine (the core component of Chromium) like its counterparts on other operating systems.
@@ -284,8 +285,6 @@ On iOS, any app that can browse the web is [restricted](https://developer.apple. ### Recommended Safari Configuration -We would suggest installing [AdGuard](browser-extensions.md#adguard) if you want a content blocker in Safari. - The following privacy/security-related options can be found in :gear: **Settings** → **Apps** → **Safari**. #### Allow Safari to Access diff --git a/docs/os/linux-overview.md b/docs/os/linux-overview.md index 312cb2a6..026511b8 100644 --- a/docs/os/linux-overview.md +++ b/docs/os/linux-overview.md @@ -138,9 +138,26 @@ Many alternatives don't provide these same permission controls yet,[^1] while so Many desktop Linux distributions (Fedora, openSUSE, etc.) come with [NetworkManager](https://en.wikipedia.org/wiki/NetworkManager) to configure Ethernet and Wi-Fi settings. -It is possible to [randomize](https://fedoramagazine.org/randomize-mac-address-nm) the [MAC address](https://en.wikipedia.org/wiki/MAC_address) when using NetworkManager. This provides a bit more privacy on Wi-Fi networks as it makes it harder to track specific devices on the network you’re connected to. It does [**not**](https://papers.mathyvanhoef.com/wisec2016.pdf) make you anonymous. +It is possible to randomize the [MAC address](https://en.wikipedia.org/wiki/MAC_address) when using NetworkManager. This provides a bit more privacy on Wi-Fi networks as it makes it harder to track specific devices on the network you’re connected to. It does [**not**](https://papers.mathyvanhoef.com/wisec2016.pdf) make you anonymous. -We recommend changing the setting to **random** instead of **stable**, as suggested in the [article](https://fedoramagazine.org/randomize-mac-address-nm). +In the terminal, create a new file `/etc/NetworkManager/conf.d/00-macrandomize.conf` and add the following to it: + +```text +[device] +wifi.scan-rand-mac-address=yes + +[connection] +wifi.cloned-mac-address=random +ethernet.cloned-mac-address=random +``` + +Then, restart NetworkManager: + +```sh +systemctl restart NetworkManager +``` + +Optionally, changing the connection parameter from `random` to `stable` will give you a random MAC address *per network*, but keep it stable for that network when you reconnect to it later. Using `random` will give you a random MAC address *per connection*. This may be desirable for networks with captive portals or where you have a static DHCP assignment, at the expense of making you more identifiable by a single network operator you connect to multiple times. If you are using [systemd-networkd](https://en.wikipedia.org/wiki/Systemd#Ancillary_components), you will need to set [`MACAddressPolicy=random`](https://freedesktop.org/software/systemd/man/systemd.link.html#MACAddressPolicy=) which will enable [RFC 7844 (Anonymity Profiles for DHCP Clients)](https://freedesktop.org/software/systemd/man/systemd.network.html#Anonymize=). diff --git a/docs/passwords.md b/docs/passwords.md index 36010e0e..576a28fb 100644 --- a/docs/passwords.md +++ b/docs/passwords.md @@ -1,6 +1,6 @@ --- meta_title: "The Best Password Managers to Protect Your Privacy and Security - Privacy Guides" -title: "Password Managers" +title: Password Managers icon: material/form-textbox-password description: Password managers allow you to securely store and manage passwords and other credentials. cover: passwords.webp @@ -176,17 +176,10 @@ These password managers sync your passwords to a cloud server for easy accessibi Bitwarden uses [PBKDF2](https://bitwarden.com/help/kdf-algorithms/#pbkdf2) as its key derivation function (KDF) algorithm by default. It also offers [Argon2](https://bitwarden.com/help/kdf-algorithms/#argon2id), which is more secure, as an alternative. You can change your account's KDF algorithm in the web vault: -- [x] Select **Settings > Security > Keys > KDF algorithm > Argon2id** +- [x] Select **Settings → Security → Keys → KDF algorithm → Argon2id** Bitwarden's server-side code is [open source](https://github.com/bitwarden/server), so if you don't want to use the Bitwarden cloud, you can easily host your own Bitwarden sync server. -**Vaultwarden** is an alternative implementation of Bitwarden's sync server written in Rust and compatible with official Bitwarden clients, perfect for self-hosted deployment where running the resource-heavy official service might not be ideal. If you are looking to self-host Bitwarden on your own server, you almost certainly want to use Vaultwarden over Bitwarden's official server code. - -[:octicons-repo-16: Vaultwarden Repository](https://github.com/dani-garcia/vaultwarden){ .md-button } -[:octicons-info-16:](https://github.com/dani-garcia/vaultwarden/wiki){ .card-link title="Documentation" } -[:octicons-code-16:](https://github.com/dani-garcia/vaultwarden){ .card-link title="Source Code" } -[:octicons-heart-16:](https://github.com/sponsors/dani-garcia){ .card-link title="Contribute" } - ### Proton Pass
@@ -367,6 +360,35 @@ KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-se The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development. +### KeePassium (iOS & macOS) + +
+ +![KeePassium logo](assets/img/password-management/keepassium.svg){ align=right } + +KeePassium is a commercial, open-source password manager made by KeePassium Labs that's compatible with other KeePass applications. It provides autofill support, passkey management, automatic two-way synchronization through [most cloud storage providers](https://support.keepassium.com/kb/sync), and more. + +[:material-star-box: Read our latest KeePassium review.](https://www.privacyguides.org/articles/2025/05/13/keepassium-review) + +[:octicons-home-16: Homepage](https://keepassium.com){ .md-button .md-button--primary } +[:octicons-eye-16:](https://keepassium.com/privacy/app){ .card-link title="Privacy Policy" } +[:octicons-info-16:](https://support.keepassium.com){ .card-link title="Documentation" } +[:octicons-code-16:](https://github.com/keepassium/KeePassium){ .card-link title="Source Code" } +[:octicons-heart-16:](https://keepassium.com/donate){ .card-link title="Contribute" } + +
+Downloads + +- [:simple-appstore: App Store](https://apps.apple.com/us/app/id1435127111) + +
+ +
+ +KeePassium offers a [Premium version](https://keepassium.com/pricing) with additional features such as support for multiple databases, YubiKey support, and a password audit tool. + +KeePassium's iOS app has been [audited](https://cure53.de/pentest-report_keepassium.pdf) by Cure53 in October 2024, and all [issues](https://keepassium.com/blog/2024/11/independent-security-audit-complete) found in the audit were subsequently fixed. + ### Gopass (CLI)
diff --git a/docs/photo-management.md b/docs/photo-management.md index 2c348a73..3fb41620 100644 --- a/docs/photo-management.md +++ b/docs/photo-management.md @@ -1,5 +1,5 @@ --- -title: "Photo Management" +title: Photo Management icon: material/image description: These photo management tools keep your personal photos safe from the prying eyes of cloud storage providers and other unauthorized parties. cover: photo-management.webp @@ -19,7 +19,7 @@ Most cloud **photo management solutions** like Google Photos, Flickr, and Amazon **Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). -The free plan offers 5 GB of storage as long as you use the service at least once a year. +The free plan offers 10 GB of storage as long as you use the service at least once a year. [:octicons-home-16: Homepage](https://ente.io){ .md-button .md-button--primary } [:octicons-eye-16:](https://ente.io/privacy){ .card-link title="Privacy Policy" } @@ -42,56 +42,7 @@ The free plan offers 5 GB of storage as long as you use the service at least on
-Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-audit) in March 2023 and by [Fallible](https://ente.io/reports/Fallible-Audit-Report-19-04-2023.pdf) in April 2023. - -## Stingle - -
- -![Stingle logo](assets/img/photo-management/stingle.png#only-light){ align=right } -![Stingle logo](assets/img/photo-management/stingle-dark.png#only-dark){ align=right } - -**Stingle** is a gallery and camera application with built-in, E2EE backup and sync functionality for your photos and videos. - -Storage starts at 1 GB for free accounts on their cloud, or you can host your own Stingle API server for total independence. - -[:octicons-home-16: Homepage](https://stingle.org){ .md-button .md-button--primary } -[:octicons-eye-16:](https://stingle.org/privacy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://stingle.org/faq){ .card-link title="Documentation" } -[:octicons-code-16:](https://github.com/stingle){ .card-link title="Source Code" } - -
-Downloads - -- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.stingle.photos) -- [:simple-appstore: App Store](https://apps.apple.com/app/id1582535448) -- [:simple-github: GitHub](https://github.com/stingle/stingle-photos-android/releases) - -
- -
- -## PhotoPrism - -
- -![PhotoPrism logo](assets/img/photo-management/photoprism.svg){ align=right } - -**PhotoPrism** is a self-hostable platform for managing photos. It supports album syncing and sharing as well as a variety of other [features](https://photoprism.app/features). It does not include E2EE, so it's best hosted on a server that you trust and is under your control. - -[:octicons-home-16: Homepage](https://photoprism.app){ .md-button .md-button--primary } -[:octicons-eye-16:](https://photoprism.app/privacy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://photoprism.app/kb){ .card-link title=Documentation} -[:octicons-code-16:](https://github.com/photoprism){ .card-link title="Source Code" } - -
-Downloads - -- [:simple-github: GitHub](https://github.com/photoprism) - -
- -
+Ente Photos underwent an audit by [Cure53](https://ente.io/blog/cryptography-audit) in March 2023 and by [Fallible](https://ente.io/reports/Fallible-Audit-Report-19-04-2023.pdf) in April 2023. ## Criteria diff --git a/docs/search-engines.md b/docs/search-engines.md index 80f71afc..be1a5252 100644 --- a/docs/search-engines.md +++ b/docs/search-engines.md @@ -1,8 +1,8 @@ --- -meta_title: "Recommended Search Engines: Anonymous Google Alternatives - Privacy Guides" -title: "Search Engines" +meta_title: "Recommended Search Engines: Anonymous Alternatives to Google - Privacy Guides" +title: Search Engines icon: material/search-web -description: Privacy-respecting search engines which don't build an advertising profile based on your searches. +description: Use privacy-respecting search engines which don't build an advertising profile based on your searches. cover: search-engines.webp global: - [randomize-element, "table tbody"] @@ -23,11 +23,25 @@ Consider using a [VPN](vpn.md) or [Tor](tor.md) if your threat model requires hi |---|---|---|---|---| | [Brave Search](#brave-search) | [Independent](https://brave.com/search-independence) | :material-check:{ .pg-green } | Anonymized[^1] | United States | | [DuckDuckGo](#duckduckgo) | [Bing](https://help.duckduckgo.com/results/sources) | :material-check:{ .pg-green } | Anonymized[^2] | United States | -| [Startpage](#startpage) | [Google and Bing](https://support.startpage.com/hc/articles/4522435533844-What-is-the-relationship-between-Startpage-and-your-search-partners-like-Google-and-Microsoft-Bing) | :material-check:{ .pg-green } | Anonymized[^3] | Netherlands | +| [Mullvad Leta](#mullvad-leta) | [Brave and Google](https://leta.mullvad.net/faq#what-can-leta-do) | :material-check:{ .pg-green } | Anonymized[^3] | Sweden | +| [Startpage](#startpage) | [Google and Bing](https://support.startpage.com/hc/articles/4522435533844-What-is-the-relationship-between-Startpage-and-your-search-partners-like-Google-and-Microsoft-Bing) | :material-check:{ .pg-green } | Anonymized[^4] | Netherlands | -[^1]: Brave Search collects aggregated usage metrics, which includes the OS and the user agent. However, they do not collect PII. To serve [anonymous local results](https://search.brave.com/help/anonymous-local-results), IP addresses are temporarily processed, but are not retained. [https://search.brave.com/help/privacy-policy](https://search.brave.com/help/privacy-policy) -[^2]: DuckDuckGo **does** log your searches for product improvement purposes, but not your IP address or any other PII. [https://duckduckgo.com/privacy](https://duckduckgo.com/privacy) -[^3]: Startpage logs details such as operating system, user agent, and language. They do not log your IP address, search queries, or other PII. [https://startpage.com/en/privacy-policy](https://startpage.com/en/privacy-policy) +[^1]: + Brave Search collects aggregated usage metrics, which includes the OS and the user agent. However, they do not collect PII. To serve [anonymous local results](https://search.brave.com/help/anonymous-local-results), IP addresses are temporarily processed, but are not retained. + + Brave Search: [*Brave Search privacy notice*](https://search.brave.com/help/privacy-policy) +[^2]: + DuckDuckGo **does** log your searches for product improvement purposes, but not your IP address or any other PII. + + DuckDuckGo Privacy Policy: [*We don't track you.*](https://duckduckgo.com/privacy) +[^3]: + Mullvad Leta logs your searches and stores them hashed with a secret in a RAM-based cache. The cache is removed after it reaches 30 days in age, or when the server-side Leta application is restarted. They do not collect any PII. + + Terms of Service: [*Service Usage*](https://leta.mullvad.net/terms-of-service) +[^4]: + Startpage logs details such as operating system, user agent, and language. They do not log your IP address, search queries, or other PII. + + Our Privacy Policy: [*How we have implemented truly anonymous analytics*](https://startpage.com/en/privacy-policy#section-4) ### Brave Search @@ -35,18 +49,18 @@ Consider using a [VPN](vpn.md) or [Tor](tor.md) if your threat model requires hi ![Brave Search logo](assets/img/search-engines/brave-search.svg){ align=right } -**Brave Search** is a search engine developed by Brave. The index is optimized against Google Search and therefore may provide more contextually accurate results compared to other alternatives. +**Brave Search** is a search engine developed by Brave. It includes unique features such as [Discussions](https://search.brave.com/help/discussions), which highlights conversation-focused results such as forum posts. -Brave Search includes unique features such as [Discussions](https://search.brave.com/help/discussions), which highlights conversation-focused results such as forum posts. +Brave Search is the default search engine for the [Brave Browser](desktop-browsers.md#brave). [:octicons-home-16: Homepage](https://search.brave.com){ .md-button .md-button--primary } [:simple-torbrowser:](https://search.brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title="Onion Service" } [:octicons-eye-16:](https://search.brave.com/help/privacy-policy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://search.brave.com/help){ .card-link title=Documentation} +[:octicons-info-16:](https://search.brave.com/help){ .card-link title="Documentation" }
-Note that if you use Brave Search while logged in to a Premium account, it may make it easier for Brave to correlate queries with specific users. +If you use Brave Search while logged in to a Premium account, there is a risk of Brave correlating search queries with your account. We recommend you disable [Anonymous usage metrics](https://search.brave.com/help/usage-metrics) as it is enabled by default and can be disabled within settings. @@ -63,12 +77,38 @@ DuckDuckGo is the default search engine for the [Tor Browser](tor.md#tor-browser [:octicons-home-16: Homepage](https://duckduckgo.com){ .md-button .md-button--primary } [:simple-torbrowser:](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion){ .card-link title="Onion Service" } [:octicons-eye-16:](https://duckduckgo.com/privacy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://help.duckduckgo.com){ .card-link title=Documentation} +[:octicons-info-16:](https://help.duckduckgo.com){ .card-link title="Documentation" }
DuckDuckGo offers two [other versions](https://help.duckduckgo.com/features/non-javascript) of their search engine, both of which do not require JavaScript. These versions do lack features, however. These versions can also be used in conjunction with their Tor hidden address by appending [/lite](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/lite) or [/html](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/html) for the respective version. +### Mullvad Leta + +
+ +![Mullvad logo](assets/img/vpn/mullvad.svg){ align=right } + +**Mullvad Leta** is a search engine developed by Mullvad. It uses a [shared cache](https://leta.mullvad.net/faq#what-is-cached-search) to fetch search results and limit calls to the search APIs it uses. + +Mullvad Leta currently only provides text search results. It is the default search engine for the [Mullvad Browser](desktop-browsers.md#mullvad-browser). + +[:octicons-home-16: Homepage](https://leta.mullvad.net){ .md-button .md-button--primary } +[:simple-torbrowser:](http://uxngojcovdcyrmwkmkltyy2q7enzzvgv7vlqac64f2vl6hcrrqtlskqd.onion){ .card-link title="Onion Service" } +[:octicons-eye-16:](https://leta.mullvad.net/terms-of-service){ .card-link title="Privacy Policy" } +[:octicons-info-16:](https://leta.mullvad.net/faq){ .card-link title="Documentation" } + +
+ +
+

Tip

+ +Mullvad Leta is useful if you want to disable JavaScript in your browser, such as [Mullvad Browser](desktop-browsers.md#mullvad-browser) on the Safest security level. + +
+ +Mullvad Leta was [audited](https://mullvad.net/en/blog/security-audit-of-our-letamullvadnet-search-service) by Assured AB in March 2023. All issues were addressed and fixed shortly after the [report](https://assured.se/publications/Assured_Mullvad_Leta_pentest_report_2023.pdf). + ### Startpage
@@ -81,7 +121,7 @@ DuckDuckGo offers two [other versions](https://help.duckduckgo.com/features/non- [:octicons-home-16: Homepage](https://startpage.com){ .md-button .md-button--primary } [:simple-torbrowser:](http://startpagel6srwcjlue4zgq3zevrujfaow726kjytqbbjyrswwmjzcqd.onion){ .card-link title="Onion Service" } [:octicons-eye-16:](https://startpage.com/en/privacy-policy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://support.startpage.com/hc/categories/4481917470356-Startpage-Search-Engine){ .card-link title=Documentation} +[:octicons-info-16:](https://support.startpage.com/hc/categories/4481917470356-Startpage-Search-Engine){ .card-link title="Documentation" }
@@ -102,7 +142,7 @@ A [metasearch engine](https://en.wikipedia.org/wiki/Metasearch_engine) aggregate **SearXNG** is an open-source, self-hostable, metasearch engine. It is an actively maintained fork of [SearX](https://github.com/searx/searx). [:octicons-home-16: Homepage](https://searxng.org){ .md-button .md-button--primary } -[:octicons-server-16:](https://searx.space){ .card-link title="Public Instances"} +[:octicons-server-16:](https://searx.space){ .card-link title="Public Instances" } [:octicons-code-16:](https://github.com/searxng/searxng){ .card-link title="Source Code" }
diff --git a/docs/security-keys.md b/docs/security-keys.md index c5828d33..68b62e6c 100644 --- a/docs/security-keys.md +++ b/docs/security-keys.md @@ -85,7 +85,7 @@ The firmware of YubiKey is not updatable. If you want features in newer firmware ![Nitrokey](assets/img/security-keys/nitrokey.jpg){ width="300" } -**Nitrokey** has a security key capable of [FIDO2 and WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online) called the **Nitrokey FIDO2**. For PGP support, you need to purchase one of their other keys such as the **Nitrokey Start**, **Nitrokey Pro 2**, or the **Nitrokey Storage 2**. +The **Nitrokey 3A Mini** [has FIDO Authenticator Level 1 Certification](https://www.nitrokey.com/news/2024/nitrokey-3a-mini-receives-official-fido2-certification). The Nitrokey 3 Series in general has a wide range of features such as [Universal 2nd Factor (U2F)](https://en.wikipedia.org/wiki/Universal_2nd_Factor), [FIDO2 and WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online), Personal Identity Verification (PIV), OpenPGP, and TOTP and HOTP authentication. [:octicons-home-16: Homepage](https://nitrokey.com){ .md-button .md-button--primary } [:octicons-eye-16:](https://nitrokey.com/data-privacy-policy){ .card-link title="Privacy Policy" } @@ -95,23 +95,26 @@ The firmware of YubiKey is not updatable. If you want features in newer firmware
-The [comparison table](https://nitrokey.com/products/nitrokeys) shows how the different Nitrokey models compare to each other in terms of features and other specifications. The **Nitrokey 3** listed will have a combined feature set. +The [comparison table](https://nitrokey.com/products/nitrokeys) shows how the different Nitrokey models compare to each other in terms of features and other specifications. Nitrokey models can be configured using the [Nitrokey app](https://nitrokey.com/download). -For the models which support HOTP and TOTP, there are 3 slots for HOTP and 15 for TOTP. Some Nitrokeys can act as a password manager. They can store 16 different credentials and encrypt them using the same password as the OpenPGP interface. +The Nitrokey 3 Series can act as a password manager. They can store up to 50 different entries, and each entry can contain login, password, comment and OTP.

Warning

-While Nitrokeys do not release the HOTP/TOTP secrets to the device they are plugged into, the HOTP and TOTP storage is **not** encrypted and is vulnerable to physical attacks. If you are looking to store HOTP or TOTP secrets, we highly recommend that you use a YubiKey instead. +Excluding the Nitrokey 3, Nitrokeys with HOTP and TOTP storage do not have it encrypted, making them vulnerable to physical attacks.
-
-

Warning

+**Nitrokey** also has the **Nitrokey Passkey**, a lower-price security key capable of [FIDO2 and WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online). This key provides only basic FIDO2 functionality, but for most people that is all you will need. Some notable features the Security Key series does **not** have include: -Resetting the OpenPGP interface on a Nitrokey [Pro 2](https://docs.nitrokey.com/nitrokeys/pro/factory-reset) or Nitrokey [Start 2](https://docs.nitrokey.com/nitrokeys/storage/factory-reset) will also make the password database inaccessible. +- Password Manager +- PIV +- OpenPGP +- Tamper-resistant smart card +- TOTP and HOTP
diff --git a/docs/self-hosting/dns-filtering.md b/docs/self-hosting/dns-filtering.md new file mode 100644 index 00000000..40591e80 --- /dev/null +++ b/docs/self-hosting/dns-filtering.md @@ -0,0 +1,48 @@ +--- +title: DNS Filtering +meta_title: "Self-Hosting DNS Solutions - Privacy Guides" +icon: material/dns +description: For our more technical readers, self-hosting a DNS solution can provide filtering for devices not covered by cloud-based DNS solutions. +cover: dns.webp +--- +Protects against the following threat(s): + +- [:material-server-network: Service Providers](../basics/common-threats.md#privacy-from-service-providers){ .pg-teal } +- [:material-account-cash: Surveillance Capitalism](../basics/common-threats.md#surveillance-as-a-business-model){ .pg-brown } + +**Self-hosting DNS** is useful for providing [DNS filtering](https://cloudflare.com/learning/access-management/what-is-dns-filtering) on controlled platforms, such as smart TVs and other IoT devices, as no client-side software is needed. Keep in mind that the DNS solutions below are typically restricted to your home or local network unless you set up a more advanced configuration. + +## DNS Sinkholes + +[**DNS sinkholes**](https://en.wikipedia.org/wiki/DNS_sinkhole) use DNS filtering to block unwanted web content such as advertisements. + +### Pi-Hole + +
+ +![Pi-hole logo](../assets/img/self-hosting/pi-hole.svg){ align=right } + +**Pi-hole** is an open-source DNS sinkhole which features a friendly web interface to view insights and manage blocked content. Pi-hole is designed to be hosted on a Raspberry Pi, but it is not limited to such hardware. + +[:octicons-home-16: Homepage](https://pi-hole.net){ .md-button .md-button--primary } +[:octicons-eye-16:](https://pi-hole.net/privacy){ .card-link title="Privacy Policy" } +[:octicons-info-16:](https://docs.pi-hole.net){ .card-link title="Documentation" } +[:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" } +[:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title="Contribute" } + +
+ +### AdGuard Home + +
+ +![AdGuard Home logo](../assets/img/self-hosting/adguard-home.svg){ align=right } + +**AdGuard Home** is an open-source DNS sinkhole which features a polished web interface to view insights and manage blocked content. + +[:octicons-home-16: Homepage](https://adguard.com/adguard-home/overview.html){ .md-button .md-button--primary } +[:octicons-eye-16:](https://adguard.com/privacy/home.html){ .card-link title="Privacy Policy" } +[:octicons-info-16:](https://github.com/AdguardTeam/AdGuardHome/wiki){ .card-link title="Documentation" } +[:octicons-code-16:](https://github.com/AdguardTeam/AdGuardHome){ .card-link title="Source Code" } + +
diff --git a/docs/self-hosting/email-servers.md b/docs/self-hosting/email-servers.md index 7cf55f78..4830d37b 100644 --- a/docs/self-hosting/email-servers.md +++ b/docs/self-hosting/email-servers.md @@ -1,6 +1,6 @@ --- title: Email Servers -meta_title: "Self-Hosted Email - Privacy Guides" +meta_title: "Self-Hosting Email - Privacy Guides" icon: material/email description: For our more technical readers, self-hosting your own email can provide additional privacy assurances by having maximum control over your data. cover: email.webp @@ -9,7 +9,7 @@ cover: email.webp - [:material-server-network: Service Providers](../basics/common-threats.md#privacy-from-service-providers){ .pg-teal } -Advanced system administrators may consider setting up their own email server. Mail servers require attention and continuous maintenance in order to keep things secure and mail delivery reliable. In addition to the "all-in-one" solutions below, we've picked out a few articles that cover a more manual approach: +Advanced system administrators may consider setting up their own **email server**. Mail servers require attention and continuous maintenance in order to keep things secure and mail delivery reliable. In addition to the "all-in-one" solutions below, we've picked out a few articles that cover a more manual approach: - [Setting up a mail server with OpenSMTPD, Dovecot and Rspamd](https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd) (2019) - [How To Run Your Own Mail Server](https://www.c0ffee.net/blog/mail-server-guide) (August 2017) diff --git a/docs/self-hosting/file-management.md b/docs/self-hosting/file-management.md new file mode 100644 index 00000000..2026689d --- /dev/null +++ b/docs/self-hosting/file-management.md @@ -0,0 +1,81 @@ +--- +title: File Management +meta_title: "Self-Hosting File Management Tools - Privacy Guides" +icon: material/file-multiple-outline +description: For our more technical readers, self-hosting file management tools can provide additional privacy assurances by having maximum control over your data. +cover: cloud.webp +--- +Protects against the following threat(s): + +- [:material-server-network: Service Providers](../basics/common-threats.md#privacy-from-service-providers){ .pg-teal } + +Self-hosting your own **file management** tools may be a good idea to reduce the risk of encryption flaws in a cloud provider's native clients. + +## Photo Management + +### PhotoPrism + +
+ +![PhotoPrism logo](../assets/img/self-hosting/photoprism.svg){ align=right } + +**PhotoPrism** is a platform for managing photos. It supports album syncing and sharing as well as a variety of other [features](https://photoprism.app/features). It does not include end-to-end encryption, so it's best hosted on a server that you trust and is under your control. + +[:octicons-home-16: Homepage](https://photoprism.app){ .md-button .md-button--primary } +[:octicons-eye-16:](https://photoprism.app/privacy){ .card-link title="Privacy Policy" } +[:octicons-info-16:](https://photoprism.app/kb){ .card-link title="Documentation" } +[:octicons-code-16:](https://github.com/photoprism){ .card-link title="Source Code" } + +
+ +## File Sharing and Sync + +### FreedomBox + +
+ +![FreedomBox logo](../assets/img/self-hosting/freedombox.svg){ align=right } + +**FreedomBox** is an operating system designed to be run on a [single-board computer (SBC)](https://en.wikipedia.org/wiki/Single-board_computer). The purpose is to make it easy to set up server applications for use cases like sharing files. + +[:octicons-home-16: Homepage](https://freedombox.org){ .md-button .md-button--primary } +[:octicons-info-16:](https://wiki.debian.org/FreedomBox/Manual){ .card-link title="Documentation" } +[:octicons-code-16:](https://salsa.debian.org/freedombox-team/freedombox){ .card-link title="Source Code" } +[:octicons-heart-16:](https://freedomboxfoundation.org/donate){ .card-link title="Contribute" } + +
+ +### Nextcloud + +
+ +![Nextcloud logo](../assets/img/self-hosting/nextcloud.svg){ align=right } + +**Nextcloud** is a suite of free and open-source client-server software for creating your own file hosting services on a private server you control. + +[:octicons-home-16: Homepage](https://nextcloud.com){ .md-button .md-button--primary } +[:octicons-eye-16:](https://nextcloud.com/privacy){ .card-link title="Privacy Policy" } +[:octicons-info-16:](https://nextcloud.com/support){ .card-link title="Documentation" } +[:octicons-code-16:](https://github.com/nextcloud){ .card-link title="Source Code" } +[:octicons-heart-16:](https://nextcloud.com/contribute){ .card-link title="Contribute" } + +
+Downloads + +- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.nextcloud.client) +- [:simple-appstore: App Store](https://apps.apple.com/app/id1125420102) +- [:simple-github: GitHub](https://github.com/nextcloud/android/releases) +- [:fontawesome-brands-windows: Windows](https://nextcloud.com/install/#install-clients) +- [:simple-apple: macOS](https://nextcloud.com/install/#install-clients) +- [:simple-linux: Linux](https://nextcloud.com/install/#install-clients) + +
+ +
+ +
+

Danger

+ +We don't recommend using the [E2EE App](https://apps.nextcloud.com/apps/end_to_end_encryption) for Nextcloud as it may lead to data loss; it is highly experimental and not production quality. For this reason, we don't recommend third-party Nextcloud providers. + +
diff --git a/docs/self-hosting/index.md b/docs/self-hosting/index.md index 7874dc23..fbff9d59 100644 --- a/docs/self-hosting/index.md +++ b/docs/self-hosting/index.md @@ -1,17 +1,28 @@ --- title: Self-Hosting -meta_title: "Self-Hosted Software and Services - Privacy Guides" -description: For our more technical readers, self-hosted software and services can provide additional privacy assurances since you have maximum control over your data. +meta_title: "Self-Hosting Software and Services - Privacy Guides" +description: For our more technical readers, self-hosting software and services can provide additional privacy assurances since you have maximum control over your data. cover: router.webp --- Protects against the following threat(s): - [:material-server-network: Service Providers](../basics/common-threats.md#privacy-from-service-providers){ .pg-teal } -Using **self-hosted software and services** can be a way to achieve a higher level of privacy through digital sovereignty, particularly independence from cloud servers controlled by product developers or vendors. By self-hosting, we mean hosting applications and data on your own hardware. +**Self-hosting** software and services can be a way to achieve a higher level of privacy through digital sovereignty, particularly independence from cloud servers controlled by product developers or vendors. By self-hosting, we mean hosting applications and data on your own hardware. Self-hosting your own solutions requires advanced technical knowledge and a deep understanding of the associated risks. By becoming the host for yourself and possibly others, you take on responsibilities you might not otherwise have. Self-hosting privacy software improperly can leave you worse off than using e.g. an end-to-end encrypted service provider, so it is best avoided if you are not already comfortable doing so. +## :material-dns: DNS Filtering + +
+ +- ![AdGuard Home logo](../assets/img/self-hosting/adguard-home.svg){ .twemoji loading=lazy } [AdGuard Home](dns-filtering.md#adguard-home) +- ![Pi-Hole logo](../assets/img/self-hosting/pi-hole.svg){ .twemoji loading=lazy } [Pi-Hole](dns-filtering.md#pi-hole) + +
+ +[Learn more :material-arrow-right-drop-circle:](dns-filtering.md) + ## :material-email: Email Servers
@@ -24,6 +35,36 @@ Self-hosting your own solutions requires advanced technical knowledge and a deep [Learn more :material-arrow-right-drop-circle:](email-servers.md) +## :material-file-multiple-outline: File Management + +
+ +- ![PhotoPrism logo](../assets/img/self-hosting/photoprism.svg){ .twemoji loading=lazy } [PhotoPrism](file-management.md#photoprism) +- ![FreedomBox logo](../assets/img/self-hosting/freedombox.svg){ .twemoji loading=lazy } [FreedomBox](file-management.md#freedombox) +- ![Nextcloud logo](../assets/img/self-hosting/nextcloud.svg){ .twemoji loading=lazy } [Nextcloud](file-management.md#nextcloud) + +
+ +[Learn more :material-arrow-right-drop-circle:](file-management.md) + +## :material-form-textbox-password: Password Management + +### Vaultwarden + +
+ +![Vaultwarden logo](../assets/img/self-hosting/vaultwarden.svg#only-light){ align=right } +![Vaultwarden logo](../assets/img/self-hosting/vaultwarden-dark.svg#only-dark){ align=right } + +**Vaultwarden** is an alternative implementation of [Bitwarden](../passwords.md#bitwarden)'s sync server written in Rust and compatible with official Bitwarden clients, perfect for self-hosted deployment where running the resource-heavy, [official service](https://github.com/bitwarden/server) might not be ideal. + +[:octicons-repo-16: Repository](https://github.com/dani-garcia/vaultwarden#readme){ .md-button .md-button--primary } +[:octicons-info-16:](https://github.com/dani-garcia/vaultwarden/wiki){ .card-link title="Documentation" } +[:octicons-code-16:](https://github.com/dani-garcia/vaultwarden){ .card-link title="Source Code" } +[:octicons-heart-16:](https://github.com/sponsors/dani-garcia){ .card-link title="Contribute" } + +
+ ## :material-account-supervisor-circle-outline: Social Networks Self-hosting your own instance of a social network software can help circumvent potential [censorship on a server level](../social-networks.md#censorship-resistance) by a public server's administrator or admin team. @@ -102,6 +143,14 @@ Tool recommendations in other categories of the website also provide a self-host
+- ![Peergos logo](../assets/img/cloud/peergos.svg){ .twemoji } [**Peergos**](../cloud.md#peergos) + + --- + + [:octicons-home-16:](https://peergos.org){ .card-link title="Homepage" } + [:octicons-info-16:](https://github.com/peergos/peergos#usage---running-locally-to-log-in-to-another-instance){ .card-link title="Admin Documentation" } + [:octicons-code-16:](https://github.com/Peergos/Peergos){ .card-link title="Source Code" } + - ![Addy.io logo](../assets/img/email-aliasing/addy.svg){ .twemoji } [**Addy.io**](../email-aliasing.md#addyio) --- @@ -118,6 +167,14 @@ Tool recommendations in other categories of the website also provide a self-host [:octicons-info-16:](https://github.com/simple-login/app#prerequisites){ .card-link title="Admin Documentation" } [:octicons-code-16:](https://github.com/simple-login){ .card-link title="Source Code" } +- ![Ente logo](../assets/img/photo-management/ente.svg){ .twemoji } [**Ente Photos**](../photo-management.md#ente-photos) + + --- + + [:octicons-home-16:](https://ente.io){ .card-link title="Homepage" } + [:octicons-info-16:](https://help.ente.io/self-hosting){ .card-link title="Admin Documentation" } + [:octicons-code-16:](https://github.com/ente-io/ente){ .card-link title="Source Code" } + - ![CryptPad logo](../assets/img/document-collaboration/cryptpad.svg){ .twemoji } [**CryptPad**](../document-collaboration.md#cryptpad) --- @@ -126,6 +183,22 @@ Tool recommendations in other categories of the website also provide a self-host [:octicons-info-16:](https://docs.cryptpad.org/en/admin_guide/index.html){ .card-link title="Admin Documentation" } [:octicons-code-16:](https://github.com/xwiki-labs/cryptpad){ .card-link title="Source Code" } +- ![Send logo](../assets/img/file-sharing-sync/send.svg){ .twemoji } [**Send**](../file-sharing.md#send) + + --- + + [:octicons-home-16:](https://send.vis.ee){ .card-link title="Homepage" } + [:octicons-info-16:](https://github.com/timvisee/send/blob/master/docs/deployment.md){ .card-link title="Admin Documentation" } + [:octicons-code-16:](https://github.com/timvisee/send){ .card-link title="Source Code" } + +- ![LibreTranslate logo](../assets/img/language-tools/libretranslate.png){ .twemoji } [**LibreTranslate**](../language-tools.md#libretranslate) + + --- + + [:octicons-home-16:](https://libretranslate.com){ .card-link title="Homepage" } + [:octicons-info-16:](https://docs.libretranslate.com){ .card-link title="Admin Documentation" } + [:octicons-code-16:](https://github.com/LibreTranslate/LibreTranslate){ .card-link title="Source Code" } + - ![Miniflux logo](../assets/img/news-aggregators/miniflux.svg#only-light){ .twemoji }![Miniflux logo](../assets/img/news-aggregators/miniflux-dark.svg#only-dark){ .twemoji } [**Miniflux**](../news-aggregators.md#miniflux) --- diff --git a/docs/tools.md b/docs/tools.md index ced3968d..dc516d6a 100644 --- a/docs/tools.md +++ b/docs/tools.md @@ -205,13 +205,13 @@ If you're looking for added **security**, you should always ensure you're connec [Read Full Review :material-arrow-right-drop-circle:](email.md#proton-mail) -- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .lg .middle .twemoji } **Mailbox.org** +- ![Mailbox Mail logo](assets/img/email/mailbox-mail.svg){ .lg .middle .twemoji } **Mailbox Mail** --- - Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2 GB storage, which can be upgraded as needed. + Mailbox Mail is an email service with a focus on being secure, ad-free, and powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox Mail is based in Berlin, Germany. Accounts start with up to 2 GB storage, which can be upgraded as needed. - [Read Full Review :material-arrow-right-drop-circle:](email.md#mailboxorg) + [Read Full Review :material-arrow-right-drop-circle:](email.md#mailbox-mail) - ![Tuta logo](assets/img/email/tuta.svg#only-light){ .lg .middle .twemoji }![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ .lg .middle .twemoji } **Tuta** @@ -299,17 +299,6 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Learn more :material-arrow-right-drop-circle:](dns.md#encrypted-dns-proxies) -#### Self-hosted Solutions - -
- -- ![AdGuard Home logo](assets/img/dns/adguard-home.svg){ .twemoji loading=lazy } [AdGuard Home](dns.md#adguard-home) -- ![Pi-hole logo](assets/img/dns/pi-hole.svg){ .twemoji loading=lazy } [Pi-hole](dns.md#pi-hole) - -
- -[Learn more :material-arrow-right-drop-circle:](dns.md#self-hosted-dns-filtering) - ### Financial Services #### Payment Masking Services @@ -338,8 +327,6 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
- ![Ente logo](assets/img/photo-management/ente.svg){ .twemoji loading=lazy } [Ente Photos](photo-management.md#ente-photos) -- ![Stingle logo](assets/img/photo-management/stingle.png#only-light){ .twemoji loading=lazy }![Stingle logo](assets/img/photo-management/stingle-dark.png#only-dark){ .twemoji loading=lazy } [Stingle](photo-management.md#stingle) -- ![PhotoPrism logo](assets/img/photo-management/photoprism.svg){ .twemoji loading=lazy } [PhotoPrism](photo-management.md#photoprism)
@@ -351,6 +338,7 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b - ![Brave Search logo](assets/img/search-engines/brave-search.svg){ .twemoji loading=lazy } [Brave Search](search-engines.md#brave-search) - ![DuckDuckGo logo](assets/img/search-engines/duckduckgo.svg){ .twemoji loading=lazy } [DuckDuckGo](search-engines.md#duckduckgo) +- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji loading=lazy } [Mullvad Leta](search-engines.md#mullvad-leta) - ![SearXNG logo](assets/img/search-engines/searxng.svg){ .twemoji loading=lazy } [SearXNG](search-engines.md#searxng) - ![Startpage logo](assets/img/search-engines/startpage.svg#only-light){ .twemoji loading=lazy }![Startpage logo](assets/img/search-engines/startpage-dark.svg#only-dark){ .twemoji loading=lazy } [Startpage](search-engines.md#startpage) @@ -409,7 +397,6 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
-- ![Nextcloud logo](assets/img/document-collaboration/nextcloud.svg){ .twemoji loading=lazy } [Nextcloud (Self-Hostable)](document-collaboration.md#nextcloud) - ![CryptPad logo](assets/img/document-collaboration/cryptpad.svg){ .twemoji loading=lazy } [CryptPad](document-collaboration.md#cryptpad)
@@ -432,7 +419,6 @@ For encrypting your OS drive, we typically recommend using the encryption tool y
- ![Cryptomator logo](assets/img/encryption-software/cryptomator.svg){ .twemoji loading=lazy } [Cryptomator](encryption.md#cryptomator-cloud) -- ![Picocrypt logo](assets/img/encryption-software/picocrypt.svg){ .twemoji loading=lazy } [Picocrypt](encryption.md#picocrypt-file) - ![VeraCrypt logo](assets/img/encryption-software/veracrypt.svg#only-light){ .twemoji loading=lazy }![VeraCrypt logo](assets/img/encryption-software/veracrypt-dark.svg#only-dark){ .twemoji loading=lazy } [VeraCrypt (FDE)](encryption.md#veracrypt-disk) - ![Kryptor logo](assets/img/encryption-software/kryptor.png){ .twemoji loading=lazy } [Kryptor](encryption.md#kryptor) - ![Tomb logo](assets/img/encryption-software/tomb.png){ .twemoji loading=lazy } [Tomb](encryption.md#tomb) @@ -460,8 +446,6 @@ For encrypting your OS drive, we typically recommend using the encryption tool y - ![Send logo](assets/img/file-sharing-sync/send.svg){ .twemoji loading=lazy } [Send](file-sharing.md#send) - ![OnionShare logo](assets/img/file-sharing-sync/onionshare.svg){ .twemoji loading=lazy } [OnionShare](file-sharing.md#onionshare) -- ![FreedomBox logo](assets/img/file-sharing-sync/freedombox.svg){ .twemoji loading=lazy } [FreedomBox](file-sharing.md#freedombox) -- ![Nextcloud logo](assets/img/document-collaboration/nextcloud.svg){ .twemoji loading=lazy } [Nextcloud (Self-Hostable)](file-sharing.md#nextcloud-client-server) - ![Syncthing logo](assets/img/file-sharing-sync/syncthing.svg){ .twemoji loading=lazy } [Syncthing](file-sharing.md#syncthing-p2p)
@@ -491,9 +475,9 @@ For encrypting your OS drive, we typically recommend using the encryption tool y - ![Drip logo](assets/img/health-and-wellness/drip.png){ .twemoji loading=lazy } [Drip](health-and-wellness.md#drip) - ![Euki logo](assets/img/health-and-wellness/euki.svg){ .twemoji loading=lazy } [Euki](health-and-wellness.md#euki) -- ![Apple Health logo](assets/img/health-and-wellness/apple-health.svg#only-light){ .twemoji loading=lazy } ![Apple Health logo](assets/img/health-and-wellness/apple-health-dark.svg#only-dark){ .twemoji loading=lazy } [Apple Health](health-and-wellness.md#apple-health) +- ![Apple Fitness logo](assets/img/health-and-wellness/apple-fitness.webp){ .twemoji loading=lazy } [Apple Fitness](health-and-wellness.md#apple-fitness) - ![Gadgetbridge logo](assets/img/health-and-wellness/gadgetbridge.svg#only-light){ .twemoji loading=lazy }![Gadgetbridge logo](assets/img/health-and-wellness/gadgetbridge-dark.svg#only-dark){ .twemoji loading=lazy } [Gadgetbridge](health-and-wellness.md#gadgetbridge) -- ![Apple Health logo](assets/img/health-and-wellness/apple-health.svg#only-light){ .twemoji loading=lazy } ![Apple Health logo](assets/img/health-and-wellness/apple-health-dark.svg#only-dark){ .twemoji loading=lazy } [Apple Health Records](health-and-wellness.md#apple-health-records) +- ![Apple Health logo](assets/img/health-and-wellness/apple-health.webp#only-light){ .twemoji loading=lazy } ![Apple Health logo](assets/img/health-and-wellness/apple-health-dark.webp#only-dark){ .twemoji loading=lazy } [Apple Health Records](health-and-wellness.md#apple-health-records) - ![CommonHealth logo](assets/img/health-and-wellness/commonhealth.png){ .twemoji loading=lazy } [CommonHealth](health-and-wellness.md#commonhealth)
@@ -505,6 +489,7 @@ For encrypting your OS drive, we typically recommend using the encryption tool y
- ![LanguageTool logo](assets/img/language-tools/languagetool.svg#only-light){ .twemoji loading=lazy }![LanguageTool logo](assets/img/language-tools/languagetool-dark.svg#only-dark){ .twemoji loading=lazy } [LanguageTool](language-tools.md#languagetool) +- ![LibreTranslate logo](assets/img/language-tools/libretranslate.png){ .twemoji } [LibreTranslate](language-tools.md#libretranslate)
@@ -584,6 +569,7 @@ For encrypting your OS drive, we typically recommend using the encryption tool y - ![Psono logo](assets/img/password-management/psono.svg){ .twemoji loading=lazy } [Psono](passwords.md#psono) - ![KeePassXC logo](assets/img/password-management/keepassxc.svg){ .twemoji loading=lazy } [KeePassXC](passwords.md#keepassxc) - ![KeePassDX logo](assets/img/password-management/keepassdx.svg){ .twemoji loading=lazy } [KeePassDX (Android)](passwords.md#keepassdx-android) +- ![KeePassium logo](assets/img/password-management/keepassium.svg){ .twemoji loading=lazy } [KeePassium (iOS & macOS)](passwords.md#keepassium-ios-macos) - ![Gopass logo](assets/img/password-management/gopass.svg){ .twemoji loading=lazy } [Gopass (CLI)](passwords.md#gopass-cli)
diff --git a/docs/vpn.md b/docs/vpn.md index 6698f6cb..a8680cdf 100644 --- a/docs/vpn.md +++ b/docs/vpn.md @@ -340,7 +340,6 @@ A VPN is pointless if it can't even provide adequate security. We require all ou - Strongest Encryption: RSA-4096. - Optional quantum-resistant encryption. -- Forward Secrecy. - Comprehensive published security audits from a reputable third-party firm. - Bug-bounty programs and/or a coordinated vulnerability-disclosure process. - RAM-only VPN servers. diff --git a/includes/contributors.md b/includes/contributors.md index f4d3cf98..40497145 100644 --- a/includes/contributors.md +++ b/includes/contributors.md @@ -29,429 +29,446 @@
matchboxbananasynergy
📖 🔬 🤔 👀 📝
fria
📖 👀 🔬 💬 🐛 🤔 +
jordan warne
📖 📹 🔬 🤔 💬 📣 +
Em
📝 📣 🤔 +
Kevin Pham
📝 📣 💬 🔬 🤔 📖 + +
GitHub Actions
🚇
Triplebit
🚇
MAGIC Grants
💼 - -
Netlify
🚇
Dependabot
💻 🚇 + +
Hetzner Cloud
🚇
Cloudflare
🚇
Open Collective
💼 - -
Safing
💵
Dan Arel
📝 📖 🔬 + +
Techlore
💵
elitejake
📖
samsepi0l
📖 - -
rollsicecream
📖 💬 🌍 👀
Henry Fisher
📖 + +
Nate Bartram
📝
Sam Howell
📝
asddsaz
📖 - -
Hugo Costa
📖
C-O-M-P-A-R-T-M-E-N-T-A-L-I-Z-A-T-I-O-N
📖 + +
Alberto Strappazzon
📖
Victorhck
📖
Tai Lam
📖 🚧 - -
NinebitX
📖
Alexander Antukh
📖 + +
Gusted
📖
redoomed1
👀 📖
Offpics
📖 - -
kimg45
📖
djoate
📖 + +
afighttilldeath
📖
Paul Verbeke
📖 🌍 🐛 🧑‍🏫
Mitchell Cash
📖 - -
NeverDucky
📖
efb4f5ff-1298-471a-8973-3d47447115dc
📖 + +
Stephen Karl Larroque
📖
0rdinant
📖
Zenithium
📖 - -
Jordan Gwyn
📖
Guru
📖 + +
datoshkr
📖
Kcchouette
📖
Jacob Neplokh
📖 - -
Leonardo Mazzon
📖 🐛 💵 📣 💬 🌍
Andrew Chong
📖 + +
Wok
📖
nopeitsnothing
📖
Lynn Stephenson
📖 - -
Cory Solovewicz
📖
noClaps
📖 + +
Brian
📖
SkewedZeppelin
📖 💬
Arcadius3D
📖 - -
vpnarea
📖
namazso
📖 💬 + +
cYDN48
📖
gjhklfdsa
📖
Pavel Zolotarevskiy
📖 - -
quiddity-wp
📖
Nikhil Jha
📖 + +
Subatomic Honda Civic
📖
ticklemyIP
📖
jermanuts
📖 - -
conorohiggins
📖
TechFanTheo
📖 + +
Ryan Taylor
📖
Positron832
📖
JustLuckNoSkill
📖 - -
Arkadiy
📖
Jack Chou
📖 + +
ave
📖
Boo
📖
IDKwhattoputhere
📖 - -
idkrn
📖
ggg27
📖 + +
WalterKlosse
📖
Tom Hacohen
📖
Paul Feuvraux
📖 - -
Scott Bennett
📖
Federico Ariel Castagnini
📖 + +
jslawler-gh
📖
spaceoden
📖
xe3
📖 - -
Andrew Morgan
📖
Caleb King
📖 + +
Eduardo
📖
NafeezJS
📖
Sloofy
📖 - -
Sam Schlinkert
📖
Gabor Luk
📖 + +
DeiAsPie
📖
Davide Taviani
📖
spanishharlem
📖 - -
Jacob Gonzales
📖
Kaede
📖 + +
LABB
📖
Raviu8
📖
Peter Dave Hello
📖 - -
Rose
📖
Oskar Sharipov
📖 + +
Samuel Lucas
📖
NylaTheWolf
📖
Matthew Davis
📖 - -
Mark Cohen
📖
Mad Scientist
📖 + +
Maarten
📖
William Davis
📖
William Thomas Wilkins
📖 - -
wylel
📖
Will Browning
📖 + +
Yi Cao
📖
Yusuf Daglioglu
📖
Zack
📖 - -
ZH王
📖
ansuz
📖 + +
archeite
📖
asdfghjz
📖
ayaen
📖 - -
b-harper
📖
Loic Vourch
📖 + +
crasm
📖
eagerto-learn
📖
egecelikci
📖 - -
elleybean
📖
Evan Song
📖 + +
pynixis
📖
Seirdy
📖
Ryan Huang
📖 - -
Sascha P.
📖
Securified
📖 + +
Sergey Musiyenko
📖
Spydar007
📖
Steven Bach
📖 - -
Steven Lehn
📖
Steven van de Graaf
📖 + +
Sven Kortekaas
📖
Tejas Gupta
📖
Tebowy Seba
📖 - -
Ted Gravlin
📖
TheFrenchGhosty
📖 + +
TheNoobWar
📖
Thomas Rientjes
📖
Tim Vergenz
📖 - -
Tom Sullivan
📖
Tony Tan
📖 + +
TroubleDog54
📖
User486375
📖
Nicholas Christensen
📖 - -
oppressor1761
📖
pbbob
📖 + +
pdjpdjpdj
📖
Stella Polaris
📖 🔬 📣 💬 👀
regaldude
📖 - -
rusty-snake
📖
sacha
📖 + +
schwukas
📖
sh-dv
📖
szTheory
📖 - -
Thunderbolt Digital
📖
E. S. Leonesco
📖 + +
titanism
📖
tomac4t
📖
virustotalop
📖 - -
wintr
📖
xelarate86
📖 + +
yeoneer
📖
foxt
📖
Freddie
📖 - -
ghbjklhv
📖
Raymond Hill
📖 + +
luke crouch
📖
fd1f744993de14178e6c
📖
habitualname
📖 - -
hook
📖
nein
📖 + +
jkhgvfgvsth
📖
joaonsg
📖
johnnyburnaway
📖 - -
jus9
📖
kc1212
📖 + +
kryptish
📖
m3t
📖
macau23
📖 - -
mat1th
📖
MWM
📖 -
Michael Plews
📖 -
moritztk
📖 -
Aaron Horler
📖 +
Michael Plews
📖 +
moritztk
📖
Commenter
📖
Cédric Laubacher
📖
Daniel Peukert
📖 -
David Breese
📖 -
Dimitris Apostolou
📖 +
David Breese
📖 +
Dimitris Apostolou
📖
Dyrimon
📖
Ikel Atomig
📖
Elias Ojala
📖 -
Feni Brian
📖 -
Filip Š
📖 +
Feni Brian
📖 +
Filip Š
📖
Felix Albroscheit
📖
GReagle
📖
Gamma
📖 -
GetBoz
📖 -
GrimPixel
📖 +
GetBoz
📖 +
GrimPixel
📖
Guillem L. Jara
📖
HxxxxxS
📖
Himanshu Chandola
📖 -
Issam Maghni
📖 -
ItsDonny
📖 +
Issam Maghni
📖 +
ItsDonny
📖
Abdullah Atta
📖
Adam Sroka
📖
criadoperez
📖 -
Alex Amiryan
📖 -
Alex Shoup
📖 +
Alex Amiryan
📖 +
Alex Shoup
📖
Alex Thomassen
📖
Amolith
📖
Andrea Scarpino
📖 -
Armando Lüscher
📖 -
Ash T
📖 +
Armando Lüscher
📖 +
Ash T
📖
Bernd Eichelberger
📖
BionicBison05
📖
Brent Gervais
📖 -
Brian Cooper
📖 -
Caboose700
📖 +
Brian Cooper
📖 +
Caboose700
📖
Cadel Watson
📖
trosel
📖
Carl
📖 -
Chad Birch
📖 -
Chris Barry
📖 +
Chad Birch
📖 +
Chris Barry
📖
Júlio Ferraz
📖
Jack Hill
📖
Mathias Oterhals Myklebust
📖 -
Mats Estensen
📖 -
Matt Baer
📖 +
Mats Estensen
📖 +
Matt Baer
📖
Mehdi Chaouch
📖
Mike Perrone
📖
Mitch Wilkins
📖 -
Mo
📖 -
Morten Linderud
📖 +
Mo
📖 +
Morten Linderud
📖
natzim
📖
Douglas
📖
Nick
📖 -
NielDB
📖 -
Nihal Raj
📖 +
NielDB
📖 +
Nihal Raj
📖
Noah
📖
Panagiotis "Ivory" Vasilopoulos
📖
Patrick R
📖 -
Fart Attorney
📖 -
Pilou
📖 +
Fart Attorney
📖 +
Pilou
📖
PoorPockets McNewHold
📖 🌍
PrinceKael
📖
Richard
📖 -
Jaden Site
📖 -
Jake Zeal
📖 +
Jaden Site
📖 +
Jake Zeal
📖
James Kerrane
📖
Sell
📖
YMHuang
📖 -
Jonathan Vansina
📖 -
jorgeluiscarrillo
📖 +
Jonathan Vansina
📖 +
jorgeluiscarrillo
📖
Julian
📖
Kefaku
📖
Kevin Brennan
📖 -
Kyle Spearrin
📖 -
Leon Allen
📖 +
Kyle Spearrin
📖 +
Leon Allen
📖
LisaWilbourn
📖
Lord Shedy
📖
Louis Wolfers
📖 -
Lunush
📖 -
MMR
📖 +
Lunush
📖 +
MMR
📖
Mads Peter Rommedahl
📖
Manuel Quarneti
📖
Marco Menzel
📖 -
Mario
📖 -
skye
💬 +
Mario
📖 +
skye
💬
r2fo
🌍
LamTrinh.Dev
📖 🐛 💬
frostlike
💬 -
Merlin Scholz
🌍 -
jordan warne
📖 +
Merlin Scholz
🌍
Dženan
🌍
jx tsai
🌍
backstab5983
📖
antgig
📖 -
Ákos Nikházy
📖 +
Ákos Nikházy
📖
Francois Marier
📖
5-tom
📖
Ralphie0511
📖
aleksejs1
📖 -
Martin
📖 +
Martin
📖
Overwatch
📖
Kieran Colfer
📖
Triple T
📖
IDON-TEXIST
📖 -
Yusuf Daglioglu
📖 +
Yusuf Daglioglu
📖
Yi Cao
📖
Sayf Dhū al-Faqār
📖
eylenburg
📖
Kieran Colfer
📖 -
Justin Ehrenhofer
📖 💼 🔍 +
Justin Ehrenhofer
📖 💼 🔍
Alex Bruch
🌍
qiyongzheng
📖
Sam K
📖 📣 💬
Spirizer
🌍 + +
jordbm
📖 🚧 🛡️ +
Austin Huang
📖 💬 +
Ward
📖 +
oilmaint
📖 +
headdirt
📖 + + +
Quentin McRee
📖 +
Sven
📖 +
Tom Honour
📖 +
Brogio
📖 +
Nathan Youngman
📖 + + +
Jeremy
📖 diff --git a/includes/strings.en.env b/includes/strings.en.env index 5fc84828..cf415a7b 100644 --- a/includes/strings.en.env +++ b/includes/strings.en.env @@ -1,5 +1,5 @@ ANALYTICS_FEEDBACK_NEGATIVE_NAME="This page could be improved" -ANALYTICS_FEEDBACK_NEGATIVE_NOTE='Thanks for your feedback! If you want to let us know more, please leave a post on our forum.' +ANALYTICS_FEEDBACK_NEGATIVE_NOTE="Thanks for your feedback! If you want to let us know more, please leave a post on our forum." ANALYTICS_FEEDBACK_POSITIVE_NAME="This page was helpful" ANALYTICS_FEEDBACK_POSITIVE_NOTE="Thanks for your feedback!" ANALYTICS_FEEDBACK_TITLE="Was this page helpful?" diff --git a/mkdocs.blog.yml b/mkdocs.blog.yml index 9f34370e..e94acaa4 100644 --- a/mkdocs.blog.yml +++ b/mkdocs.blog.yml @@ -27,6 +27,12 @@ site_description: "Privacy Guides is the most popular & trustworthy non-profit p edit_uri_template: blob/main/blog/{path}?plain=1 extra: + scope: / + ghost: + base_url: https://www.privacyguides.org + admin_url: https://ghost.privacyguides.org/ghost + tb_site_uuid: 5f3bdb03-a1af-4844-85ca-cbc82c89eb9a + content_api_key: da9d77deb3e85ee73925167f3a privacy_guides: footer: intro: @@ -47,7 +53,7 @@ extra: - fontawesome/brands/creative-commons - fontawesome/brands/creative-commons-by - fontawesome/brands/creative-commons-sa - homepage: !ENV [MAIN_SITE_BASE_URL, "https://www.privacyguides.org/en/"] + homepage: / generator: false context: !ENV [BUILD_CONTEXT, "production"] offline: !ENV [BUILD_OFFLINE, false] @@ -118,7 +124,7 @@ theme: - search.highlight extra_css: - - assets/stylesheets/extra.css?v=20240829 + - assets/stylesheets/extra.css?v=20250723 watch: - theme @@ -163,8 +169,6 @@ plugins: plugins: macros: {} meta: {} - optimize: - enabled: !ENV [OPTIMIZE, PRODUCTION, NETLIFY, false] typeset: {} social: cards: !ENV [CARDS, true] @@ -202,6 +206,9 @@ markdown_extensions: pymdownx.emoji: emoji_index: !!python/name:material.extensions.emoji.twemoji emoji_generator: !!python/name:material.extensions.emoji.to_svg + options: + custom_icons: + - theme/icons tables: {} footnotes: {} toc: diff --git a/mkdocs.videos.yml b/mkdocs.videos.yml deleted file mode 100644 index 2d766aaa..00000000 --- a/mkdocs.videos.yml +++ /dev/null @@ -1,220 +0,0 @@ -# Copyright (c) 2022-2024 Jonah Aragon - -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the "Software"), to -# deal in the Software without restriction, including without limitation the -# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or -# sell copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: - -# The above copyright notice and this permission notice shall be included in -# all copies or substantial portions of the Software. - -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE -# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING -# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS -# IN THE SOFTWARE. - -docs_dir: "videos" -site_url: "https://www.privacyguides.org/videos/" -site_dir: "site/videos" - -site_name: Privacy Guides -site_description: "This is our home for the latest video content from the Privacy Guides team. Privacy Guides is the most popular & trustworthy non-profit privacy resource to find privacy tools and learn about protecting your digital life." -edit_uri_template: blob/main/videos/{path}?plain=1 - -extra: - privacy_guides: - footer: - intro: - !ENV [ - FOOTER_INTRO, - "Privacy Guides is a non-profit, socially motivated website that provides information for protecting your data security and privacy.", - ] - note: - !ENV [ - FOOTER_NOTE, - "We do not make money from recommending certain products, and we do not use affiliate links.", - ] - copyright: - author: - !ENV [FOOTER_COPYRIGHT_AUTHOR, "Privacy Guides and contributors."] - date: !ENV [FOOTER_COPYRIGHT_DATE, "2019-2025"] - license: - - fontawesome/brands/creative-commons - - fontawesome/brands/creative-commons-by - - fontawesome/brands/creative-commons-sa - homepage: !ENV [MAIN_SITE_BASE_URL, "https://www.privacyguides.org/en/"] - generator: false - context: !ENV [BUILD_CONTEXT, "production"] - offline: !ENV [BUILD_OFFLINE, false] - deploy: !ENV DEPLOY_ID - social: - - icon: simple/mastodon - link: https://mastodon.neat.computer/@privacyguides - name: !ENV [SOCIAL_MASTODON, "Mastodon"] - - icon: simple/peertube - link: https://neat.tube/c/privacyguides - name: !ENV [SOCIAL_PEERTUBE, "PeerTube"] - - icon: simple/matrix - link: https://matrix.to/#/#privacyguides:matrix.org - name: !ENV [SOCIAL_MATRIX, "Matrix"] - - icon: simple/discourse - link: https://discuss.privacyguides.net/ - name: !ENV [SOCIAL_FORUM, "Forum"] - - icon: simple/github - link: https://github.com/privacyguides - name: !ENV [SOCIAL_GITHUB, "GitHub"] - - icon: simple/torbrowser - link: http://www.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion/posts/ - name: !ENV [SOCIAL_TOR_SITE, "Hidden service"] - -repo_url: - !ENV [BUILD_REPO_URL, "https://github.com/privacyguides/privacyguides.org"] -repo_name: "" - -theme: - name: material - language: en - custom_dir: theme - font: - text: Public Sans - code: DM Mono - palette: - - media: "(prefers-color-scheme)" - scheme: default - accent: deep purple - toggle: - icon: material/brightness-auto - name: !ENV [THEME_DARK, "Switch to dark mode"] - - media: "(prefers-color-scheme: dark)" - scheme: slate - accent: amber - toggle: - icon: material/brightness-2 - name: !ENV [THEME_LIGHT, "Switch to light mode"] - - media: "(prefers-color-scheme: light)" - scheme: default - accent: deep purple - toggle: - icon: material/brightness-5 - name: !ENV [THEME_AUTO, "Switch to system theme"] - favicon: assets/brand/logos/png/favicon-32x32.png - icon: - repo: simple/github - features: - - announce.dismiss - - navigation.tracking - - navigation.tabs - - navigation.path - - navigation.indexes - - navigation.footer - - content.action.edit - - content.tabs.link - - content.tooltips - - search.highlight - -extra_css: - - assets/stylesheets/extra.css?v=20240829 - -watch: - - theme - - includes - -plugins: - blog: - blog_dir: . - blog_toc: true - post_url_format: "{date}/{file}" - post_excerpt_max_authors: 0 - authors_profiles: false - categories: false - rss: - match_path: posts/.* - abstract_chars_count: -1 - date_from_meta: - as_creation: date.created - as_update: date.updated - categories: - - categories - - tags - glightbox: {} - tags: {} - search: {} - privacy: - enabled: !ENV [BUILD_PRIVACY, true] - offline: - enabled: !ENV [BUILD_OFFLINE, false] - group: - enabled: !ENV [BUILD_INSIDERS, true] - plugins: - macros: {} - meta: {} - optimize: - enabled: !ENV [OPTIMIZE, PRODUCTION, NETLIFY, false] - typeset: {} - social: - cards: !ENV [CARDS, true] - cards_dir: assets/img/social - cards_layout_dir: theme/layouts - cards_layout: page - -markdown_extensions: - admonition: {} - pymdownx.details: {} - pymdownx.superfences: - custom_fences: - - name: mermaid - class: mermaid - format: !!python/name:pymdownx.superfences.fence_code_format - pymdownx.tabbed: - alternate_style: true - pymdownx.arithmatex: - generic: true - pymdownx.critic: {} - pymdownx.caret: {} - pymdownx.keys: {} - pymdownx.mark: {} - pymdownx.tilde: {} - pymdownx.snippets: - auto_append: - - !ENV [BUILD_ABBREVIATIONS, "includes/abbreviations.en.txt"] - pymdownx.tasklist: - custom_checkbox: true - attr_list: {} - def_list: {} - md_in_html: {} - meta: {} - abbr: {} - pymdownx.emoji: - emoji_index: !!python/name:material.extensions.emoji.twemoji - emoji_generator: !!python/name:material.extensions.emoji.to_svg - tables: {} - footnotes: {} - toc: - toc_depth: 4 - -nav: - - !ENV [NAV_HOME, "Home"]: !ENV [MAIN_SITE_BASE_URL, "/en/"] - - !ENV [NAV_KNOWLEDGE_BASE, "Knowledge Base"]: - !ENV [MAIN_SITE_KNOWLEDGE_BASE_URL, "/en/basics/why-privacy-matters/"] - - !ENV [NAV_RECOMMENDATIONS, "Recommendations"]: - !ENV [MAIN_SITE_RECOMMENDATIONS_URL, "/en/tools/"] - - !ENV [NAV_BLOG, "Articles"]: !ENV [ARTICLES_SITE_BASE_URL, "/articles/"] - - !ENV [NAV_VIDEOS, "Videos"]: - - index.md - - playlists.md - - !ENV [NAV_FORUM, "Forum"]: "https://discuss.privacyguides.net/" - - !ENV [NAV_WIKI, "Wiki"]: - !ENV [ - NAV_WIKI_LINK, - "https://discuss.privacyguides.net/c/community-wiki/9411/none", - ] - - !ENV [NAV_ABOUT, "About"]: !ENV [MAIN_SITE_ABOUT_URL, "/en/about/"] - -validation: - nav: - not_found: info diff --git a/mkdocs.yml b/mkdocs.yml index 3726ad8d..5dc9cfe0 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -32,10 +32,17 @@ edit_uri_template: !ENV [BUILD_EDIT_URI_TEMPLATE, "blob/main/docs/{path}?plain=1"] extra: + scope: / + homepage: / generator: false context: !ENV [BUILD_CONTEXT, "production"] offline: !ENV [BUILD_OFFLINE, false] deploy: !ENV DEPLOY_ID + ghost: + base_url: https://www.privacyguides.org + admin_url: https://ghost.privacyguides.org/ghost + tb_site_uuid: 5f3bdb03-a1af-4844-85ca-cbc82c89eb9a + content_api_key: da9d77deb3e85ee73925167f3a privacy_guides: footer: intro: @@ -122,10 +129,10 @@ extra: link: https://matrix.to/#/#privacyguides:matrix.org - icon: material/information-outline name: !ENV [HOMEPAGE_CTA_ABOUT_NAME, "Learn more about us"] - link: about/ + link: !ENV [HOMEPAGE_CTA_ABOUT_LINK, "about/"] - icon: material/hand-coin name: !ENV [HOMEPAGE_CTA_DONATE_NAME, "Donate to Privacy Guides"] - link: about/donate/ + link: !ENV [HOMEPAGE_CTA_DONATE_LINK, "about/donate/"] description: !ENV [ HOMEPAGE_CTA_DESCRIPTION, @@ -182,6 +189,7 @@ extra: - icon: simple/torbrowser link: http://www.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion/ name: !ENV [SOCIAL_TOR_SITE, "Hidden service"] + language_switcher: !ENV [LANGUAGE_SWITCHER, true] alternate: - name: English link: /en/ @@ -207,10 +215,14 @@ extra: link: /nl/ lang: nl icon: https://raw.githubusercontent.com/twitter/twemoji/master/assets/svg/1f1f3-1f1f1.svg - - name: 正體中文 + - name: 中文 (繁體) link: /zh-hant/ lang: zh-Hant - icon: https://raw.githubusercontent.com/twitter/twemoji/master/assets/svg/1f1ed-1f1f0.svg + icon: https://raw.githubusercontent.com/jdecked/twemoji/master/assets/svg/1f1ed-1f1f0.svg + - name: 中文 (繁體,台灣) + link: /zh-TW/ + lang: zh-TW + icon: https://raw.githubusercontent.com/jdecked/twemoji/master/assets/svg/1f1f9-1f1fc.svg - name: Русский link: /ru/ lang: ru @@ -281,7 +293,7 @@ theme: - search.highlight extra_css: - - assets/stylesheets/extra.css?v=20250306 + - assets/stylesheets/extra.css?v=20250723 extra_javascript: - path: assets/javascripts/randomize-element.js?v=20250306 defer: true @@ -316,8 +328,6 @@ plugins: - index.md fallback_to_build_date: true enable_creation_date: true - optimize: - enabled: !ENV [OPTIMIZE, PRODUCTION, NETLIFY, false] typeset: {} social: cards: !ENV [CARDS, true] @@ -395,7 +405,9 @@ nav: - "tools.md" - !ENV [NAV_SELF_HOSTING, "Self-Hosting"]: - "self-hosting/index.md" + - "self-hosting/dns-filtering.md" - "self-hosting/email-servers.md" + - "self-hosting/file-management.md" - !ENV [NAV_INTERNET_BROWSING, "Internet Browsing"]: - "tor.md" - "desktop-browsers.md" diff --git a/modules/mkdocs-material b/modules/mkdocs-material index ce2cca8c..33c22511 160000 --- a/modules/mkdocs-material +++ b/modules/mkdocs-material @@ -1 +1 @@ -Subproject commit ce2cca8c5240ae520e09a67954de09949bd04efe +Subproject commit 33c22511c28f74ba51733e402071515c9cd4ed6e diff --git a/run.sh b/run.sh index d24f3690..8a5117eb 100755 --- a/run.sh +++ b/run.sh @@ -100,14 +100,14 @@ if [ "$language" == "he" ]; then export BUILD_THEME_FONT_TEXT="Open Sans" fi -# Set font if chinese -if [ "$language" == "zh-Hant" ]; then +# Set font if russian or chinese +if [[ "ru zh-Hant zh-TW" =~ $language ]]; then export BUILD_THEME_FONT_CODE="Noto Sans TC" export BUILD_THEME_FONT_TEXT="Noto Sans TC" fi # Set stylesheet if hebrew or russian or chinese -if [[ "he ru zh-Hant" =~ $language ]]; then +if [[ "he ru zh-Hant zh-TW" =~ $language ]]; then export TRANSLATION_STYLESHEET="assets/stylesheets/lang-$language.css?v=20240410" fi diff --git a/theme/assets/img/email/kolab_now-dark.svg b/theme/assets/img/email/kolab_now-dark.svg deleted file mode 100644 index cad11ad5..00000000 --- a/theme/assets/img/email/kolab_now-dark.svg +++ /dev/null @@ -1 +0,0 @@ - \ No newline at end of file diff --git a/theme/assets/img/email/kolab_now.svg b/theme/assets/img/email/kolab_now.svg deleted file mode 100644 index c6647e1f..00000000 --- a/theme/assets/img/email/kolab_now.svg +++ /dev/null @@ -1 +0,0 @@ - \ No newline at end of file diff --git a/theme/assets/img/email/mailbox-mail.svg b/theme/assets/img/email/mailbox-mail.svg new file mode 100644 index 00000000..0b8eb69d --- /dev/null +++ b/theme/assets/img/email/mailbox-mail.svg @@ -0,0 +1,18 @@ + + + + + + + + + + + + + + + + + + diff --git a/theme/assets/img/email/mailboxorg.svg b/theme/assets/img/email/mailboxorg.svg deleted file mode 100644 index 514cf39f..00000000 --- a/theme/assets/img/email/mailboxorg.svg +++ /dev/null @@ -1 +0,0 @@ - \ No newline at end of file diff --git a/theme/assets/img/email/mailfence-dark.svg b/theme/assets/img/email/mailfence-dark.svg deleted file mode 100644 index 1aeb6200..00000000 --- a/theme/assets/img/email/mailfence-dark.svg +++ /dev/null @@ -1 +0,0 @@ - \ No newline at end of file diff --git a/theme/assets/img/email/mailfence.svg b/theme/assets/img/email/mailfence.svg deleted file mode 100644 index 91b8001b..00000000 --- a/theme/assets/img/email/mailfence.svg +++ /dev/null @@ -1 +0,0 @@ - \ No newline at end of file diff --git a/theme/assets/img/encryption-software/picocrypt.svg b/theme/assets/img/encryption-software/picocrypt.svg deleted file mode 100644 index 01a2812e..00000000 --- a/theme/assets/img/encryption-software/picocrypt.svg +++ /dev/null @@ -1 +0,0 @@ - \ No newline at end of file diff --git a/theme/assets/img/health-and-wellness/apple-fitness.webp b/theme/assets/img/health-and-wellness/apple-fitness.webp new file mode 100644 index 00000000..6bf35db2 Binary files /dev/null and b/theme/assets/img/health-and-wellness/apple-fitness.webp differ diff --git a/theme/assets/img/health-and-wellness/apple-health-dark.svg b/theme/assets/img/health-and-wellness/apple-health-dark.svg deleted file mode 100644 index bcd6ac0f..00000000 --- a/theme/assets/img/health-and-wellness/apple-health-dark.svg +++ /dev/null @@ -1 +0,0 @@ - diff --git a/theme/assets/img/health-and-wellness/apple-health-dark.webp b/theme/assets/img/health-and-wellness/apple-health-dark.webp new file mode 100644 index 00000000..5a814950 Binary files /dev/null and b/theme/assets/img/health-and-wellness/apple-health-dark.webp differ diff --git a/theme/assets/img/health-and-wellness/apple-health.svg b/theme/assets/img/health-and-wellness/apple-health.svg deleted file mode 100644 index 4f96b2f0..00000000 --- a/theme/assets/img/health-and-wellness/apple-health.svg +++ /dev/null @@ -1 +0,0 @@ - diff --git a/theme/assets/img/health-and-wellness/apple-health.webp b/theme/assets/img/health-and-wellness/apple-health.webp new file mode 100644 index 00000000..99e0dde0 Binary files /dev/null and b/theme/assets/img/health-and-wellness/apple-health.webp differ diff --git a/theme/assets/img/language-tools/libretranslate.png b/theme/assets/img/language-tools/libretranslate.png new file mode 100644 index 00000000..30b33fd7 Binary files /dev/null and b/theme/assets/img/language-tools/libretranslate.png differ diff --git a/theme/assets/img/password-management/keepassium.svg b/theme/assets/img/password-management/keepassium.svg new file mode 100644 index 00000000..7d83b2cc --- /dev/null +++ b/theme/assets/img/password-management/keepassium.svg @@ -0,0 +1,10 @@ + + + + + + + + + + \ No newline at end of file diff --git a/theme/assets/img/photo-management/stingle-dark.png b/theme/assets/img/photo-management/stingle-dark.png deleted file mode 100644 index f22dfd26..00000000 Binary files a/theme/assets/img/photo-management/stingle-dark.png and /dev/null differ diff --git a/theme/assets/img/photo-management/stingle.png b/theme/assets/img/photo-management/stingle.png deleted file mode 100644 index 8b22a6a7..00000000 Binary files a/theme/assets/img/photo-management/stingle.png and /dev/null differ diff --git a/theme/assets/img/dns/adguard-home.svg b/theme/assets/img/self-hosting/adguard-home.svg similarity index 97% rename from theme/assets/img/dns/adguard-home.svg rename to theme/assets/img/self-hosting/adguard-home.svg index 7ce0dc9e..3e57fc9a 100644 --- a/theme/assets/img/dns/adguard-home.svg +++ b/theme/assets/img/self-hosting/adguard-home.svg @@ -1 +1 @@ - \ No newline at end of file + diff --git a/theme/assets/img/file-sharing-sync/freedombox.svg b/theme/assets/img/self-hosting/freedombox.svg similarity index 100% rename from theme/assets/img/file-sharing-sync/freedombox.svg rename to theme/assets/img/self-hosting/freedombox.svg diff --git a/theme/assets/img/document-collaboration/nextcloud.svg b/theme/assets/img/self-hosting/nextcloud.svg similarity index 100% rename from theme/assets/img/document-collaboration/nextcloud.svg rename to theme/assets/img/self-hosting/nextcloud.svg diff --git a/theme/assets/img/photo-management/photoprism.svg b/theme/assets/img/self-hosting/photoprism.svg similarity index 100% rename from theme/assets/img/photo-management/photoprism.svg rename to theme/assets/img/self-hosting/photoprism.svg diff --git a/theme/assets/img/dns/pi-hole.svg b/theme/assets/img/self-hosting/pi-hole.svg similarity index 98% rename from theme/assets/img/dns/pi-hole.svg rename to theme/assets/img/self-hosting/pi-hole.svg index 6424454c..1a1d3069 100644 --- a/theme/assets/img/dns/pi-hole.svg +++ b/theme/assets/img/self-hosting/pi-hole.svg @@ -1 +1 @@ - \ No newline at end of file + diff --git a/theme/assets/img/self-hosting/vaultwarden-dark.svg b/theme/assets/img/self-hosting/vaultwarden-dark.svg new file mode 100644 index 00000000..c6253a6d --- /dev/null +++ b/theme/assets/img/self-hosting/vaultwarden-dark.svg @@ -0,0 +1,2 @@ + + diff --git a/theme/assets/img/self-hosting/vaultwarden.svg b/theme/assets/img/self-hosting/vaultwarden.svg new file mode 100644 index 00000000..a84ae414 --- /dev/null +++ b/theme/assets/img/self-hosting/vaultwarden.svg @@ -0,0 +1,2 @@ + + diff --git a/theme/assets/stylesheets/extra.css b/theme/assets/stylesheets/extra.css index 2faf2e00..56235bc8 100644 --- a/theme/assets/stylesheets/extra.css +++ b/theme/assets/stylesheets/extra.css @@ -46,6 +46,7 @@ --pg-green: #2e7e31; --pg-blue-gray: #546d78; --pg-viridian: #40826d; + --ghost-accent-color: #4f46e5; } :root, [data-md-color-scheme="slate"] { --md-default-bg-color: rgb(26, 26, 27); @@ -67,6 +68,7 @@ --pg-blue-gray: #9ab2bc; --pg-viridian: #40826d; --md-footer-bg-color--dark: var(--md-default-bg-color); + --ghost-accent-color: #4f46e5; } /* Better contrast link colors */ @@ -599,3 +601,12 @@ path[d="M20.71 7.04c.39-.39.39-1.04 0-1.41l-2.34-2.34c-.37-.39-1.02-.39-1.41 0l- .md-typeset .mdx-donors-total { font-weight:700 } + +.md-typeset small { + opacity: 1; + color: var(--md-default-fg-color--light); +} + +#ghost-portal-root, #ghost-comments-root { + color-scheme: light; +} diff --git a/theme/assets/stylesheets/lang-zh-TW.css b/theme/assets/stylesheets/lang-zh-TW.css new file mode 100644 index 00000000..fd78bb57 --- /dev/null +++ b/theme/assets/stylesheets/lang-zh-TW.css @@ -0,0 +1,58 @@ +/* +/// Copyright (c) 2023 Jonah Aragon +/// +/// Permission is hereby granted, free of charge, to any person obtaining a +/// copy of this software and associated documentation files (the "Software"), +/// to deal in the Software without restriction, including without limitation +/// the rights to use, copy, modify, merge, publish, distribute, sublicense, +/// and/or sell copies of the Software, and to permit persons to whom the +/// Software is furnished to do so, subject to the following conditions: +/// +/// The above copyright notice and this permission notice shall be included in +/// all copies or substantial portions of the Software. +/// +/// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +/// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +/// FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL +/// THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +/// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +/// FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +/// DEALINGS +*/ + +/* chinese-traditional */ +@font-face { + font-family: 'Noto Serif TC'; + font-style: normal; + font-weight: 400; + src: url(https://fonts.bunny.net/noto-serif-tc/files/noto-serif-tc-chinese-traditional-400-normal.woff2) format('woff2'), url(https://fonts.bunny.net/noto-serif-tc/files/noto-serif-tc-chinese-traditional-400-normal.woff) format('woff'); +} + +/* latin */ +@font-face { + font-family: 'Noto Serif TC'; + font-style: normal; + font-weight: 400; + src: url(https://fonts.bunny.net/noto-serif-tc/files/noto-serif-tc-latin-400-normal.woff2) format('woff2'), url(https://fonts.bunny.net/noto-serif-tc/files/noto-serif-tc-latin-400-normal.woff) format('woff'); +} + +/* chinese-traditional */ +@font-face { + font-family: 'Noto Serif TC'; + font-style: normal; + font-weight: 700; + src: url(https://fonts.bunny.net/noto-serif-tc/files/noto-serif-tc-chinese-traditional-700-normal.woff2) format('woff2'), url(https://fonts.bunny.net/noto-serif-tc/files/noto-serif-tc-chinese-traditional-700-normal.woff) format('woff'); +} + +/* latin */ +@font-face { + font-family: 'Noto Serif TC'; + font-style: normal; + font-weight: 700; + src: url(https://fonts.bunny.net/noto-serif-tc/files/noto-serif-tc-latin-700-normal.woff2) format('woff2'), url(https://fonts.bunny.net/noto-serif-tc/files/noto-serif-tc-latin-700-normal.woff) format('woff'); +} + +h1, h2, h3, .md-header__topic { + font-family: "Bagnard", "Noto Serif TC", serif; + font-weight: 700!important; +} diff --git a/theme/icons/custom/green-flag.svg b/theme/icons/custom/green-flag.svg new file mode 100644 index 00000000..dad7a07b --- /dev/null +++ b/theme/icons/custom/green-flag.svg @@ -0,0 +1,6 @@ + + + + + + diff --git a/theme/layouts/home.yml b/theme/layouts/home.yml index ab2223fa..3cbc7a65 100644 --- a/theme/layouts/home.yml +++ b/theme/layouts/home.yml @@ -11,7 +11,7 @@ definitions: - &font_family >- {%- if config.theme.language == "he" -%} Suez One - {%- elif config.theme.language == ("zh-Hant" or "ru") -%} + {%- elif config.theme.language == ("ru" or "zh-Hant" or "zh-TW") -%} Noto Sans TC {%- else -%} Public Sans diff --git a/theme/layouts/page.yml b/theme/layouts/page.yml index 1bee1429..9ac64112 100644 --- a/theme/layouts/page.yml +++ b/theme/layouts/page.yml @@ -19,7 +19,7 @@ definitions: - &title_font_family >- {%- if config.theme.language == "he" -%} Suez One - {%- elif config.theme.language == ("zh-Hant" or "ru") -%} + {%- elif config.theme.language == ("ru" or "zh-Hant" or "zh-TW") -%} Noto Serif TC {%- else -%} Bagnard @@ -35,7 +35,7 @@ definitions: - &font_family >- {%- if config.theme.language == "he" -%} Suez One - {%- elif config.theme.language == ("zh-Hant" or "ru") -%} + {%- elif config.theme.language == ("ru" or "zh-Hant" or "zh-TW") -%} Noto Sans TC {%- else -%} Public Sans diff --git a/theme/layouts/pride.yml b/theme/layouts/pride.yml index 461c0140..e97deabf 100644 --- a/theme/layouts/pride.yml +++ b/theme/layouts/pride.yml @@ -15,7 +15,7 @@ definitions: - &title_font_family >- {%- if config.theme.language == "he" -%} Suez One - {%- elif config.theme.language == ("zh-Hant" or "ru") -%} + {%- elif config.theme.language == ("ru" or "zh-Hant" or "zh-TW") -%} Noto Serif TC {%- else -%} Bagnard @@ -24,7 +24,7 @@ definitions: - &font_family >- {%- if config.theme.language == "he" -%} Suez One - {%- elif config.theme.language == ("zh-Hant" or "ru") -%} + {%- elif config.theme.language == ("ru" or "zh-Hant" or "zh-TW") -%} Noto Sans TC {%- else -%} Public Sans diff --git a/theme/main.html b/theme/main.html index f3090eee..3e04be72 100644 --- a/theme/main.html +++ b/theme/main.html @@ -44,7 +44,11 @@ {% endif %} {% if config.extra.alternate is iterable %} + {% if page.is_homepage %} + + {% else %} + {% endif %} {% for alt in config.extra.alternate %} {% endfor %} @@ -83,9 +87,44 @@ {% endif %} - {% if config.extra.context == "production" %} - + {% if not config.extra.offline %} + + {% endif %} + + {% if config.extra.context == "production" %} + + + + + {% if config.theme.language == "en" %} + + {% endif %} + + {% endif %} + {% if page and page.meta and page.meta.schema %}