Fixed broken links (#938)

This commit is contained in:
Daniel Gray 2022-04-07 15:25:11 +00:00
parent 72ef50f914
commit e37fa65be1
No known key found for this signature in database
GPG Key ID: 41911F722B0F9AE3
12 changed files with 27 additions and 27 deletions

View File

@ -257,7 +257,7 @@ Main privacy features include:
[Rooting](https://en.wikipedia.org/wiki/Rooting_(Android)) Android phones can decrease security significantly as it weakens the complete [Android security model](https://en.wikipedia.org/wiki/Android_(operating_system)#Security_and_privacy). This can decrease privacy should there be an exploit that is assisted by the decreased security. Common rooting methods involve directly tampering with the boot partition, making it impossible to perform successful [Verified Boot](https://source.android.com/security/verifiedboot). Apps that require root will also modify the system partition meaning that Verified Boot would have to remain disabled. Having root exposed directly in the user interface also increases the [attack surface](https://en.wikipedia.org/wiki/Attack_surface) of your device and may assist in [privilege escalation](https://en.wikipedia.org/wiki/Privilege_escalation) vulnerabilities and [SELinux](https://en.wikipedia.org/wiki/Security-Enhanced_Linux) policy bypasses.
Adblockers (AdAway) which modify the [hosts file](https://en.wikipedia.org/wiki/Hosts_(file)) and firewalls (AFWall+) which require root access persistently are dangerous and should not be used. They are also not the correct way to solve their intended purposes. For Adblocking we suggest encrypted [DNS](/dns) or [VPN](/providers/vpn/) server blocking solutions instead. RethinkDNS, TrackerControl and AdAway in non-root mode will take up the VPN slot (by using a local loopback VPN) preventing you from using privacy enhancing services such as Orbot or a real VPN server.
Adblockers (AdAway) which modify the [hosts file](https://en.wikipedia.org/wiki/Hosts_(file)) and firewalls (AFWall+) which require root access persistently are dangerous and should not be used. They are also not the correct way to solve their intended purposes. For Adblocking we suggest encrypted [DNS](/dns) or [VPN](/vpn) server blocking solutions instead. RethinkDNS, TrackerControl and AdAway in non-root mode will take up the VPN slot (by using a local loopback VPN) preventing you from using privacy enhancing services such as Orbot or a real VPN server.
AFWall+ works based on the [packet filtering](https://en.wikipedia.org/wiki/Firewall_(computing)#Packet_filter) approach and may be bypassable in some situations.

View File

@ -14,7 +14,7 @@ As we [announced](https://web.archive.org/web/20210729184422/https://blog.privac
We chose the name Privacy Guides because it represents two things for us as an organization: An expansion beyond simple recommendation lists, and a goal of acting as the trusted guides to anyone newly learning about protecting their personal data.
As a name, it moves us past recommendations of various tools and focuses us more on the bigger picture. We want to provide more _education_rather than _direction_surrounding privacy-related topics. You can see the very beginnings of this work in our new page on [threat modeling](https://privacyguides.org/threat-modeling/), or our [VPN](https://privacyguides.org/providers/vpn/) and [Email Provider](https://privacyguides.org/providers/email/) recommendations, but this is just the start of what we eventually hope to accomplish.
As a name, it moves us past recommendations of various tools and focuses us more on the bigger picture. We want to provide more _education_rather than _direction_surrounding privacy-related topics. You can see the very beginnings of this work in our new page on [threat modeling](/threat-modeling), or our [VPN](/vpn) and [Email Provider](/email) recommendations, but this is just the start of what we eventually hope to accomplish.
### Website Development

View File

@ -6,9 +6,9 @@ template: overrides/blog.html
excerpt: A lot changed between 2019 and now, not least in regards to Firefox.
---
A lot changed between 2019 and now, not least in regards to Firefox. Since our last [post](https://privacyguides.org/blog/2019/11/09/firefox-privacy/), Mozilla has [improved](https://blog.mozilla.org/en/products/firefox/latest-firefox-rolls-out-enhanced-tracking-protection-2-0-blocking-redirect-trackers-by-default/) privacy with [Enhanced Tracking Protection (ETP)](https://blog.mozilla.org/en/products/firefox/firefox-now-available-with-enhanced-tracking-protection-by-default/). Earlier this year Mozilla introduced [Total Cookie Protection](https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/) (Dynamic First Party Isolation dFPI). This was then further tightened with [Enhanced Cookie Clearing](https://blog.mozilla.org/security/2021/08/10/firefox-91-introduces-enhanced-cookie-clearing/). We're also looking very forward to [Site Isolation](https://blog.mozilla.org/security/2021/05/18/introducing-site-isolation-in-firefox/) (code named Fission) being enabled by default in the coming releases.
A lot changed between 2019 and now, not least in regards to Firefox. Since our last post, Mozilla has [improved](https://blog.mozilla.org/en/products/firefox/latest-firefox-rolls-out-enhanced-tracking-protection-2-0-blocking-redirect-trackers-by-default/) privacy with [Enhanced Tracking Protection (ETP)](https://blog.mozilla.org/en/products/firefox/firefox-now-available-with-enhanced-tracking-protection-by-default/). Earlier this year Mozilla introduced [Total Cookie Protection](https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/) (Dynamic First Party Isolation dFPI). This was then further tightened with [Enhanced Cookie Clearing](https://blog.mozilla.org/security/2021/08/10/firefox-91-introduces-enhanced-cookie-clearing/). We're also looking very forward to [Site Isolation](https://blog.mozilla.org/security/2021/05/18/introducing-site-isolation-in-firefox/) (code named Fission) being enabled by default in the coming releases.
Now that so many privacy features are built into the browser, there is little need for extensions made by third-party developers. Accordingly, we have updated our very outdated [browser](https://privacyguides.org/browsers/) section. If you've got an old browser profile we suggest **creating a new one**. Some of the old advice may make your browser *more* unique.
Now that so many privacy features are built into the browser, there is little need for extensions made by third-party developers. Accordingly, we have updated our very outdated [browser](/browsers) section. If you've got an old browser profile we suggest **creating a new one**. Some of the old advice may make your browser *more* unique.
#### Privacy Tweaks "about:config"

View File

@ -22,7 +22,7 @@ Véliz argues that privacy is a form of power. It is the power to influence you,
The social media giant is tip-toeing ever closer into our personal lives. When Facebook encountered competition it just bought it, adding Instagram and WhatsApp to its roster. The company even tried to make its own cryptocurrency so that one day the Facebook would control all our purchases too. Earlier this year, the project was [killed](https://www.ft.com/content/a88fb591-72d5-4b6b-bb5d-223adfb893f3) by regulators. It is worth noting that when Zuckerberg purchased WhatsApp and Instagram, they had no revenue. Author Tim Wu notes in his book *The Attention Merchants* that Facebook is 'a business with an exceedingly low ratio of invention to success'. Perhaps that is a part of Zuck's genius.
'Move fast and break things' was the old company motto. When there were a few too many scandals, they moved fast and [rebranded](https://privacyguides.org/blog/2021/11/01/virtual-insanity/) to Meta. No one expected online privacy to be the 'thing' they broke.
'Move fast and break things' was the old company motto. When there were a few too many scandals, they moved fast and [rebranded](/blog/2021/11/01/virtual-insanity) to Meta. No one expected online privacy to be the 'thing' they broke.
Before it became a global behemoth, Facebook started out as a dorm-room project. Zuckerberg sat at his keyboard after a few drinks and built it mainly because he could. It now has nearly three billion users. In the same way, Facebook [conducted](https://www.theguardian.com/technology/2014/jul/02/facebook-apologises-psychological-experiments-on-users) social experiments seemingly just for fun. Why he did it doesn't really matter. As John Lanchester [put it](https://www.lrb.co.uk/the-paper/v39/n16/john-lanchester/you-are-the-product): he simply did it *because*.

View File

@ -6,7 +6,7 @@ Calendaring and contacts are some of the most sensitive data posess. Use only pr
## Software as a service (SaaS) only
These products are included with an subscription to the respective [email providers](/providers/email).
These products are included with an subscription to the respective [email providers](/email).
### Tutanota
@ -94,7 +94,7 @@ Some of these options are self-hostable, or able to be hosted by third party pro
![DecSync logo](/assets/img/calendar-contacts/decsync.svg){ align=right }
**DecSync CC** synchronizes contacts, calendars and tasks using DecSync. It stores this data in a shared directory, using [Syncthing](/software/file-sharing/#sync), or any other file synchronization service.
**DecSync CC** synchronizes contacts, calendars and tasks using DecSync. It stores this data in a shared directory, using [Syncthing](/file-sharing/#syncthing), or any other file synchronization service.
There are [plugins](https://github.com/39aldo39/DecSync#rss) to sync other types of data such as [RSS](/news-aggregators).

View File

@ -27,7 +27,7 @@ Find a secure email provider that will keep your privacy in mind. Dont settle
**ProtonMail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since **2013**. ProtonMail is based in Genève, Switzerland. Accounts start with 500 MB storage with their free plan.
Free accounts have some limitations, such as not being able to search body text and not having access to [ProtonMail Bridge](https://protonmail.com/bridge), which is required to use a [recommended desktop email client](https://privacyguides.org/software/email) (e.g. Thunderbird). Paid accounts are available starting at **€48/y** which include features like ProtonMail Bridge, additional storage, and custom domain support.
Free accounts have some limitations, such as not being able to search body text and not having access to [ProtonMail Bridge](https://protonmail.com/bridge), which is required to use a [recommended desktop email client](/email-clients) (e.g. Thunderbird). Paid accounts are available starting at **€48/y** which include features like ProtonMail Bridge, additional storage, and custom domain support.
**Free**
@ -91,7 +91,7 @@ Find a secure email provider that will keep your privacy in mind. Dont settle
Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key.
However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](https://privacyguides.org/software/calendar-contacts/) may be more appropriate for that information.
However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](/calendar-contacts) may be more appropriate for that information.
??? check "Email Encryption"
@ -136,7 +136,7 @@ Find a secure email provider that will keep your privacy in mind. Dont settle
Disroot uses full disk encryption. However, it doesn't appear to be "zero access", meaning it is technically possible for them to decrypt the data they have if it is not additionally encrypted with a tool like OpenPGP.
Disroot also uses the standard [CalDAV](https://en.wikipedia.org/wiki/CalDAV) and [CardDAV](https://en.wikipedia.org/wiki/CardDAV) protocols for calendars and contacts, which do not support E2EE. A [standalone option](https://privacyguides.org/software/calendar-contacts/) may be more appropriate.
Disroot also uses the standard [CalDAV](https://en.wikipedia.org/wiki/CalDAV) and [CardDAV](https://en.wikipedia.org/wiki/CardDAV) protocols for calendars and contacts, which do not support E2EE. A [standalone option](/calendar-contacts) may be more appropriate.
??? check "Email Encryption"
@ -163,7 +163,7 @@ Find a secure email provider that will keep your privacy in mind. Dont settle
[Visit Tutanota.com](https://tutanota.com){ .md-button .md-button--primary }
Tutanota [doesn't allow](https://tutanota.com/faq/#imap) the use of third-party [email clients](https://privacyguides.org/software/email/). Tutanota has no plans pull email from [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) using the [IMAP](https://en.wikipedia.org/wiki/Internet_Message_Access_Protocol) protocol. [Email import](https://github.com/tutao/tutanota/issues/630) is currently not possible.
Tutanota [doesn't allow](https://tutanota.com/faq/#imap) the use of third-party [email clients](/email-clients). Tutanota has no plans pull email from [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) using the [IMAP](https://en.wikipedia.org/wiki/Internet_Message_Access_Protocol) protocol. [Email import](https://github.com/tutao/tutanota/issues/630) is currently not possible.
Emails can be exported [individually or by bulk selection](https://tutanota.com/howto#generalMail). Tutanota does not allow for [subfolders](https://github.com/tutao/tutanota/issues/927) as you might expect with other email providers.
@ -230,7 +230,7 @@ Tutanota is working on a [desktop client](https://tutanota.com/blog/posts/deskto
StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When a user logs in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key.
StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption, so a [standalone option](https://privacyguides.org/software/calendar-contacts/) may be more appropriate.
StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption, so a [standalone option](/calendar-contacts) may be more appropriate.
??? check "Email Encryption"
@ -403,7 +403,7 @@ Must not have any marketing which is irresponsible:
- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know users can quite easily deanonymize themselves in a number of ways, e.g.:
- Reusing personal information e.g. (email accounts, unique pseudonyms etc) that they accessed without anonymity software (Tor, VPN etc)
- [Browser fingerprinting](https://privacyguides.org/browsers/#fingerprint)
- [Browser fingerprinting](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint)
**Best Case:**
@ -427,7 +427,7 @@ There is another standard that was popular with business called [S/MIME](https:/
### What software can I use to get E2EE?
Email providers which allow you to use standard access protocols like [IMAP](https://en.wikipedia.org/wiki/Internet_Message_Access_Protocol) and [SMTP](https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol) can be used with any of the [email clients we recommend](https://privacyguides.org/software/email/). This can be less secure as you are now relying on email providers to ensure that their encryption implementation works and has not been compromised in anyway.
Email providers which allow you to use standard access protocols like [IMAP](https://en.wikipedia.org/wiki/Internet_Message_Access_Protocol) and [SMTP](https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol) can be used with any of the [email clients we recommend](/email-clients). This can be less secure as you are now relying on email providers to ensure that their encryption implementation works and has not been compromised in anyway.
### How do I protect my private keys?

View File

@ -44,7 +44,7 @@ Tumbleweed follows a rolling release model where each update is released as a sn
Arch Linux has a rolling release cycle. There is no fixed release schedule and packages are updated very frequently.
Being a DIY distribution, the user is [expected to setup and maintain](https://privacyguides.org/linux-desktop/#arch-based-distributions) their system. Arch has an [official installer](https://wiki.archlinux.org/title/Archinstall) to make the installation process a little easier.
Being a DIY distribution, the user is [expected to setup and maintain](/linux-desktop/#arch-based-distributions) their system. Arch has an [official installer](https://wiki.archlinux.org/title/Archinstall) to make the installation process a little easier.
A large portion of [Arch Linuxs packages](https://reproducible.archlinux.org) are [reproducible](https://reproducible-builds.org).
@ -239,7 +239,7 @@ There isnt much point in randomizing the MAC address for Ethernet connections
### Other identifiers
There are other system [identifiers](https://madaidans-insecurities.github.io/guides/linux-hardening.html#identifiers) which you may wish to be careful about. You should give this some thought to see if it applies to your [threat model](https://privacyguides.org/threat-modeling):
There are other system [identifiers](https://madaidans-insecurities.github.io/guides/linux-hardening.html#identifiers) which you may wish to be careful about. You should give this some thought to see if it applies to your [threat model](/threat-modeling):
- [10.1 Hostnames and usernames](https://madaidans-insecurities.github.io/guides/linux-hardening.html#hostnames)
- [10.2 Time zones / Locales / Keymaps](https://madaidans-insecurities.github.io/guides/linux-hardening.html#timezones-locales-keymaps)
@ -346,7 +346,7 @@ Note that setting `kernel.unprivileged_userns_clone=0` will stop Flatpak, Snap (
### Linux-Hardened
Some distributions like Arch Linux have the [linux-hardened](https://github.com/anthraxx/linux-hardened), kernel package. It includes [hardening patches](https://wiki.archlinux.org/title/security#Kernel_hardening) and more security-conscious defaults. Linux-Hardened has `kernel.unprivileged_userns_clone=0` disabled by default. See the [warning above](https://privacyguides.org/linux-desktop/#kernel-hardening) about how this might impact you.
Some distributions like Arch Linux have the [linux-hardened](https://github.com/anthraxx/linux-hardened), kernel package. It includes [hardening patches](https://wiki.archlinux.org/title/security#Kernel_hardening) and more security-conscious defaults. Linux-Hardened has `kernel.unprivileged_userns_clone=0` disabled by default. See the [warning above](/linux-desktop/#kernel-hardening) about how this might impact you.
### Simultaneous multithreading (SMT)
@ -382,7 +382,7 @@ On systems where [`pam_faillock`](https://man7.org/linux/man-pages/man8/pam_tall
To better protect your [USB](https://en.wikipedia.org/wiki/USB) ports from attacks such as [BadUSB](https://en.wikipedia.org/wiki/BadUSB) we recommend [USBGuard](https://github.com/USBGuard/usbguard). USBGuard has [documentation](https://github.com/USBGuard/usbguard#documentation) as does the [Arch Wiki](https://wiki.archlinux.org/title/USBGuard).
Another alternative option if youre using the [linux-hardened](https://privacyguides.org/linux-desktop/#linux-hardened) is the [`deny_new_usb`](https://github.com/GrapheneOS/linux-hardened/commit/96dc427ab60d28129b36362e1577b6673b0ba5c4) sysctl. See [Preventing USB Attacks with `linux-hardened`](https://blog.lizzie.io/preventing-usb-attacks-with-linux-hardened.html).
Another alternative option if youre using the [linux-hardened](/linux-desktop/#linux-hardened) is the [`deny_new_usb`](https://github.com/GrapheneOS/linux-hardened/commit/96dc427ab60d28129b36362e1577b6673b0ba5c4) sysctl. See [Preventing USB Attacks with `linux-hardened`](https://blog.lizzie.io/preventing-usb-attacks-with-linux-hardened.html).
### Secure Boot

View File

@ -8,7 +8,7 @@ Stay safe and secure online with an encrypted and open-source password manager.
- Always use unique passwords. Don't make yourself a victim of "[credential stuffing](https://en.wikipedia.org/wiki/Credential_stuffing)".
- Store an exported backup of your passwords in an [encrypted container](/encryption) on another storage device. This can be useful if something happens to your device or the service you are using.
- If possible, store [Time-based one-time password (TOTP)](https://en.wikipedia.org/wiki/Time-based_one-time_password) tokens in a separate [TOTP app](/multi-factor-authentication) and not your password manager. TOTP codes are generated from a "[shared secret](https://en.wikipedia.org/wiki/Time-based_one-time_password#Security)". If the secret is obtained by an adversary they can generate TOTP values. Typically, mobile platforms have better app isolation and more secure methods for storing sensitive credentials.
- If possible, store [Time-based one-time password (TOTP)](https://en.wikipedia.org/wiki/Time-based_one-time_password) tokens in a separate [TOTP app](/security/multi-factor-authentication/#authenticator-apps) and not your password manager. TOTP codes are generated from a "[shared secret](https://en.wikipedia.org/wiki/Time-based_one-time_password#Security)". If the secret is obtained by an adversary they can generate TOTP values. Typically, mobile platforms have better app isolation and more secure methods for storing sensitive credentials.
## Local Password Managers

View File

@ -57,7 +57,7 @@ Profile pictures, reactions, and nicknames are not encrypted.
Group voice and video calls are [not](https://github.com/vector-im/element-web/issues/12878) E2EE, and use Jitsi, but this is expected to change with [Native Group VoIP Signalling](https://github.com/matrix-org/matrix-doc/pull/3401). Group calls have [no authentication](https://github.com/vector-im/element-web/issues/13074) currently, meaning that non room participants can also join the calls. We recommend that you do not use this feature for private meetings.
When using [element-web](https://github.com/vector-im/element-web), you must trust the server hosting the Element client. If your [threat model](https://privacyguides.org/threat-modeling) requires stronger protection, then use a desktop or mobile client instead.
When using [element-web](https://github.com/vector-im/element-web), you must trust the server hosting the Element client. If your [threat model](/threat-modeling) requires stronger protection, then use a desktop or mobile client instead.
The protocol was independently [audited](https://matrix.org/blog/2016/11/21/matrixs-olm-end-to-end-encryption-security-assessment-released-and-implemented-cross-platform-on-riot-at-last) in 2016. The specification for the Matrix protocol can be found in their [documentation](https://spec.matrix.org/latest/). The [Olm](https://matrix.org/docs/projects/other/olm) cryptographic ratchet used by Matrix is an implementation of Signals [Double Ratchet algorithm](https://signal.org/docs/specifications/doubleratchet/).
@ -183,7 +183,7 @@ P2P networks do not use servers, as users communicate directly between each othe
- Messages can only be sent when both peers are online, however, your client may store messages locally to wait for the contact to return online.
- Generally increases battery usage on mobile devices, because the client must stay connected to the distributed network to learn about who is online.
- Some common messenger features may not be implemented or incompletely, such as message deletion.
- Your [IP address](https://en.wikipedia.org/wiki/IP_address) and that of the contacts you're communicating with may be exposed if you do not use the software in conjunction with a [VPN](https://privacyguides.org/providers/vpn) or [self contained network](https://privacyguides.org/software/networks), such as [Tor](https://www.torproject.org) or [I2P](https://geti2p.net/). Many countries have some form of mass surveillance and/or metadata retention.
- Your [IP address](https://en.wikipedia.org/wiki/IP_address) and that of the contacts you're communicating with may be exposed if you do not use the software in conjunction with a [VPN](/vpn) or [self contained network](/self-contained-networks), such as [Tor](https://www.torproject.org) or [I2P](https://geti2p.net/). Many countries have some form of mass surveillance and/or metadata retention.
### Anonymous Routing

View File

@ -6,7 +6,7 @@ Use a search engine that doesn't build an advertising profile based on your sear
The recommendations here are based on the merits of each service's privacy policy. There is **no guarantee** that these privacy policies are honored.
Consider using a [VPN](/providers/vpn) or [Tor](https://www.torproject.org/) if your threat model requires hiding your IP address from the search provider.
Consider using a [VPN](/vpn) or [Tor](https://www.torproject.org/) if your threat model requires hiding your IP address from the search provider.
### DuckDuckGo
@ -32,7 +32,7 @@ DuckDuckGo has a [lite](https://duckduckgo.com/lite) and [html](https://duckduck
![Startpage logo](/assets/img/search-engines/startpage.svg){ align=right }
**Startpage** is a search engine that provides Google search results. It is a very convenient way to get Google search results without experiencing dark patterns such as difficult captchas or being refused access because you used a [VPN](/providers/vpn) or [Tor](https://www.torproject.org/download/).
**Startpage** is a search engine that provides Google search results. It is a very convenient way to get Google search results without experiencing dark patterns such as difficult captchas or being refused access because you used a [VPN](/vpn) or [Tor](https://www.torproject.org/download/).
[Visit startpage.com](https://www.startpage.com){ .md-button .md-button--primary } [Privacy Policy](https://www.startpage.com/en/privacy-policy){ .md-button }

View File

@ -109,7 +109,7 @@ We can see the [connection establishment](https://en.wikipedia.org/wiki/Transmis
## Why **shouldn't** I use encrypted DNS?
In locations where there is internet filtering (or censorship), visiting forbidden resources may have its own consequences which you should consider in your [threat model](/threat-modeling/). We do **not** suggest the use of encrypted DNS for this purpose. Use [Tor](https://torproject.org) or a [VPN](/providers/vpn/) instead. If you're using a VPN, you should use your VPN's DNS servers. When using a VPN, you are already trusting them with all your network activity.
In locations where there is internet filtering (or censorship), visiting forbidden resources may have its own consequences which you should consider in your [threat model](/threat-modeling/). We do **not** suggest the use of encrypted DNS for this purpose. Use [Tor](https://torproject.org) or a [VPN](/vpn) instead. If you're using a VPN, you should use your VPN's DNS servers. When using a VPN, you are already trusting them with all your network activity.
When we do a DNS lookup, it's generally because we want to access a resource. Below, we will discuss some of the methods that may disclose your browsing activities even when using encrypted DNS:

View File

@ -2,7 +2,7 @@
title: Video Streaming
icon: material/video-wireless
---
The primary threat when using a video streaming platform is that your streaming habits and subscription lists could be used to profile you. You should combine these tools with a [VPN](/providers/vpn/) or [Tor](https://www.torproject.org/) to make it harder to profile your usage.
The primary threat when using a video streaming platform is that your streaming habits and subscription lists could be used to profile you. You should combine these tools with a [VPN](/vpn) or [Tor](https://www.torproject.org/) to make it harder to profile your usage.
## Clients
@ -10,7 +10,7 @@ The primary threat when using a video streaming platform is that your streaming
!!! Warning
When using Freetube, your IP address is still known to YouTube, [Invidious](https://instances.invidious.io) and the SponsorBlock instances that you use. Consider using a [VPN](/providers/vpn) or [Tor](https://www.torproject.org) if your [threat model](/threat-modeling.md) requires hiding your IP address.
When using Freetube, your IP address is still known to YouTube, [Invidious](https://instances.invidious.io) and the SponsorBlock instances that you use. Consider using a [VPN](/vpn) or [Tor](https://www.torproject.org) if your [threat model](/threat-modeling.md) requires hiding your IP address.
!!! recommendation
@ -53,7 +53,7 @@ The primary threat when using a video streaming platform is that your streaming
!!! warning
While watching and hosting videos, your IP address is visible to the LBRY network. Consider using a [VPN](/providers/vpn) or [Tor](https://www.torproject.org) if your [threat model](/threat-modeling) requires hiding your IP address.
While watching and hosting videos, your IP address is visible to the LBRY network. Consider using a [VPN](/vpn) or [Tor](https://www.torproject.org) if your [threat model](/threat-modeling) requires hiding your IP address.
We recommend **against** synchronizing your wallet with LBRY Inc., as synchronizing encrypted wallets is not supported yet. If you synchronize your wallet with LBRY Inc., you have to trust them to not look at your subscription list, [LBC](https://lbry.com/faq/earn-credits) funds, or take control of your channel.