Git-Mirrors/privacyguides.org
1
0
Fork 0
mirror of https://github.com/privacyguides/privacyguides.org.git synced 2024-07-01 17:11:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Convert 6 pages to HTML admonitions (#2419)

Browse Source 
- "DNS providers" page
- "Data redaction" page
- "2FA" page
- tools.md file
- "Tor" page
- "VPN providers page"

Signed-off-by: Daniel Gray <dngray@privacyguides.org>
This commit is contained in:
rollsicecream 2024-03-05 05:43:45 +00:00 committed by Daniel Gray
parent 5b09c59a7c
commit f60fcf4b2f
No known key found for this signature in database
GPG Key ID: 41911F722B0F9AE3
6 changed files with 412 additions and 263 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
docs/data-redaction.md
View File

@ -11,7 +11,7 @@ When sharing files, be sure to remove associated metadata. Image files commonly
### MAT2
!!! recommendation
<div class="admonition recommendation" markdown>
![MAT2 logo](assets/img/data-redaction/mat2.svg){ align=right }
@ -23,18 +23,23 @@ When sharing files, be sure to remove associated metadata. Image files commonly
[:octicons-info-16:](https://0xacab.org/jvoisin/mat2/-/blob/master/README.md){ .card-link title=Documentation}
[:octicons-code-16:](https://0xacab.org/jvoisin/mat2){ .card-link title="Source Code" }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-windows11: Windows](https://pypi.org/project/mat2)
- [:simple-apple: macOS](https://0xacab.org/jvoisin/mat2#requirements-setup-on-macos-os-x-using-homebrew)
- [:simple-linux: Linux](https://pypi.org/project/mat2)
- [:octicons-globe-16: Web](https://0xacab.org/jvoisin/mat2#web-interface)
</details>
</div>
## Mobile
### ExifEraser (Android)
!!! recommendation
<div class="admonition recommendation" markdown>
![ExifEraser logo](assets/img/data-redaction/exiferaser.svg){ align=right }
@ -46,12 +51,17 @@ When sharing files, be sure to remove associated metadata. Image files commonly
[:octicons-info-16:](https://github.com/Tommy-Geenexus/exif-eraser#readme){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/Tommy-Geenexus/exif-eraser){ .card-link title="Source Code" }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.none.tom.exiferaser)
- [:octicons-moon-16: Accrescent](https://accrescent.app/app/com.none.tom.exiferaser)
- [:simple-github: GitHub](https://github.com/Tommy-Geenexus/exif-eraser/releases)
</details>
</div>
The metadata that is erased depends on the image's file type:
- **JPEG**: ICC Profile, Exif, Photoshop Image Resources and XMP/ExtendedXMP metadata will be erased if it exists.
@ -70,7 +80,7 @@ The app offers multiple ways to erase metadata from images. Namely:
### Metapho (iOS)
!!! recommendation
<div class="admonition recommendation" markdown>
![Metapho logo](assets/img/data-redaction/metapho.jpg){ align=right }
@ -79,13 +89,18 @@ The app offers multiple ways to erase metadata from images. Namely:
[:octicons-home-16: Homepage](https://zininworks.com/metapho){ .md-button .md-button--primary }
[:octicons-eye-16:](https://zininworks.com/privacy/){ .card-link title="Privacy Policy" }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-appstore: App Store](https://apps.apple.com/us/app/metapho/id914457352)
</details>
</div>
### PrivacyBlur
!!! recommendation
<div class="admonition recommendation" markdown>
![PrivacyBlur logo](assets/img/data-redaction/privacyblur.svg){ align=right }
@ -96,20 +111,28 @@ The app offers multiple ways to erase metadata from images. Namely:
[:octicons-info-16:](https://github.com/MATHEMA-GmbH/privacyblur#readme){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/MATHEMA-GmbH/privacyblur){ .card-link title="Source Code" }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=de.mathema.privacyblur)
- [:simple-appstore: App Store](https://apps.apple.com/us/app/privacyblur/id1536274106)
!!! warning
</details>
</div>
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
You should **never** use blur to redact [text in images](https://bishopfox.com/blog/unredacter-tool-never-pixelation). If you want to redact text in an image, draw a box over the text. For this, we suggest apps like [Pocket Paint](https://github.com/Catrobat/Paintroid).
</div>
## Command-line
### ExifTool
!!! recommendation
<div class="admonition recommendation" markdown>
![ExifTool logo](assets/img/data-redaction/exiftool.png){ align=right }
@ -122,25 +145,36 @@ The app offers multiple ways to erase metadata from images. Namely:
[:octicons-code-16:](https://github.com/exiftool/exiftool){ .card-link title="Source Code" }
[:octicons-heart-16:](https://exiftool.org/#donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-windows11: Windows](https://exiftool.org)
- [:simple-apple: macOS](https://exiftool.org)
- [:simple-linux: Linux](https://exiftool.org)
!!! example "Deleting data from a directory of files"
</details>
</div>
<div class="admonition example" markdown>
<p class="admonition-title">Deleting data from a directory of files</p>
```bash
exiftool -all= *.file_extension
```
</div>
## Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
!!! example "This section is new"
<div class="admonition example" markdown>
<p class="admonition-title">This section is new</p>
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
</div>
- Apps developed for open-source operating systems must be open source.
- Apps must be free and should not include ads or other limitations.

48
docs/dns.md
View File

@ -13,10 +13,10 @@ Encrypted DNS with third-party servers should only be used to get around basic [
| DNS Provider | Privacy Policy | Protocols | Logging | ECS | Filtering |
| ------------ | -------------- | --------- | ------- | --- | --------- |
| [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Cleartext <br> DoH/3 <br> DoT <br> DoQ <br> DNSCrypt | Some[^1] | Yes | Based on personal configuration. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS)
| [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Cleartext <br> DoH/3 <br> DoT <br> DoQ <br> DNSCrypt | Some[^1] | Yes | Based on personal configuration. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS) |
| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Cleartext <br> DoH/3 <br> DoT | Some[^2] | No | Based on personal configuration.|
| [**Control D**](https://controld.com/free-dns) | [:octicons-link-external-24:](https://controld.com/privacy) | Cleartext <br> DoH/3 <br> DoT <br> DoQ| Optional[^3] | No | Based on personal configuration. |
| [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | DoH <br> DoT | No[^4] | No | Based on personal configuration. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock)
| [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | DoH <br> DoT | No[^4] | No | Based on personal configuration. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) |
| [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Cleartext <br> DoH/3 <br> DoT <br> DoQ | Optional[^5] | Optional | Based on personal configuration. |
| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Cleartext <br> DoH <br> DoT <br> DNSCrypt | Some[^6] | Optional | Based on personal configuration, Malware blocking by default. |
@ -31,10 +31,13 @@ Encrypted DNS with third-party servers should only be used to get around basic [
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
!!! example "This section is new"
<div class="admonition example" markdown>
<p class="admonition-title">This section is new</p>
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
</div>
- Must support [DNSSEC](advanced/dns-overview.md#what-is-dnssec).
- [QNAME Minimization](advanced/dns-overview.md#what-is-qname-minimization).
- Allow for [ECS](advanced/dns-overview.md#what-is-edns-client-subnet-ecs) to be disabled.
@ -56,17 +59,20 @@ After installation of either a configuration profile or an app that uses the DNS
Apple does not provide a native interface for creating encrypted DNS profiles. [Secure DNS profile creator](https://dns.notjakob.com/tool.html) is an unofficial tool for creating your own encrypted DNS profiles, however they will not be signed. Signed profiles are preferred; signing validates a profile's origin and helps to ensure the integrity of the profiles. A green "Verified" label is given to signed configuration profiles. For more information on code signing, see [About Code Signing](https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html). **Signed profiles** are offered by [AdGuard](https://adguard.com/en/blog/encrypted-dns-ios-14.html), [NextDNS](https://apple.nextdns.io), and [Quad9](https://www.quad9.net/news/blog/ios-mobile-provisioning-profiles/).
!!! info
<div class="admonition info" markdown>
<p class="admonition-title">Info</p>
`systemd-resolved`, which many Linux distributions use to do their DNS lookups, doesn't yet [support DoH](https://github.com/systemd/systemd/issues/8639). If you want to use DoH, you'll need to install a proxy like [dnscrypt-proxy](https://github.com/DNSCrypt/dnscrypt-proxy) and [configure it](https://wiki.archlinux.org/title/Dnscrypt-proxy) to take all the DNS queries from your system resolver and forward them over HTTPS.
</div>
## Encrypted DNS Proxies
Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](advanced/dns-overview.md#unencrypted-dns) resolver to forward to. Typically it is used on platforms that don't natively support [encrypted DNS](advanced/dns-overview.md#what-is-encrypted-dns).
### RethinkDNS
!!! recommendation
<div class="admonition recommendation" markdown>
![RethinkDNS logo](assets/img/android/rethinkdns.svg#only-light){ align=right }
![RethinkDNS logo](assets/img/android/rethinkdns-dark.svg#only-dark){ align=right }
@ -78,39 +84,51 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](ad
[:octicons-info-16:](https://docs.rethinkdns.com/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/celzero/rethink-app){ .card-link title="Source Code" }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.celzero.bravedns)
- [:simple-github: GitHub](https://github.com/celzero/rethink-app/releases)
</details>
</div>
### dnscrypt-proxy
!!! recommendation
<div class="admonition recommendation" markdown>
![dnscrypt-proxy logo](assets/img/dns/dnscrypt-proxy.svg){ align=right }
**dnscrypt-proxy** is a DNS proxy with support for [DNSCrypt](advanced/dns-overview.md#dnscrypt), [DNS-over-HTTPS](advanced/dns-overview.md#dns-over-https-doh), and [Anonymized DNS](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Anonymized-DNS).
!!! warning "The anonymized DNS feature does [**not**](advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns) anonymize other network traffic."
<div class="admonition warning" markdown>
<p class="admonition-title">The anonymized DNS feature does <a href="advanced/dns-overview.md#why-shouldnt-i0-use-encrypted-dns"><strong>not</strong></a> anonymize other network traffic.</p>
</div>
[:octicons-repo-16: Repository](https://github.com/DNSCrypt/dnscrypt-proxy){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/DNSCrypt/dnscrypt-proxy/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/DNSCrypt/dnscrypt-proxy){ .card-link title="Source Code" }
[:octicons-heart-16:](https://opencollective.com/dnscrypt/contribute){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-windows11: Windows](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-Windows)
- [:simple-apple: macOS](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-macOS)
- [:simple-linux: Linux](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-linux)
</details>
</div>
## Self-hosted Solutions
A self-hosted DNS solution is useful for providing filtering on controlled platforms, such as Smart TVs and other IoT devices, as no client-side software is needed.
### AdGuard Home
!!! recommendation
<div class="admonition recommendation" markdown>
![AdGuard Home logo](assets/img/dns/adguard-home.svg){ align=right }
@ -123,9 +141,13 @@ A self-hosted DNS solution is useful for providing filtering on controlled platf
[:octicons-info-16:](https://github.com/AdguardTeam/AdGuardHome/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/AdguardTeam/AdGuardHome){ .card-link title="Source Code" }
</details>
</div>
### Pi-hole
!!! recommendation
<div class="admonition recommendation" markdown>
![Pi-hole logo](assets/img/dns/pi-hole.svg){ align=right }
@ -138,3 +160,7 @@ A self-hosted DNS solution is useful for providing filtering on controlled platf
[:octicons-info-16:](https://docs.pi-hole.net/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" }
[:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute }
</details>
</div>

56
docs/multi-factor-authentication.md
View File

@ -8,7 +8,7 @@ cover: multi-factor-authentication.webp
### YubiKey
!!! recommendation
<div class="admonition recommendation" markdown>
![YubiKeys](assets/img/multi-factor-authentication/yubikey.png)
@ -20,18 +20,26 @@ cover: multi-factor-authentication.webp
[:octicons-eye-16:](https://www.yubico.com/support/terms-conditions/privacy-notice){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://docs.yubico.com/){ .card-link title=Documentation}
</details>
</div>
The [comparison table](https://www.yubico.com/store/compare/) shows the features and how the YubiKeys compare. We highly recommend that you select keys from the YubiKey 5 Series.
YubiKeys can be programmed using the [YubiKey Manager](https://www.yubico.com/support/download/yubikey-manager/) or [YubiKey Personalization Tools](https://www.yubico.com/support/download/yubikey-personalization-tools/). For managing TOTP codes, you can use the [Yubico Authenticator](https://www.yubico.com/products/yubico-authenticator/). All of Yubico's clients are open source.
For models which support HOTP and TOTP, there are 2 slots in the OTP interface which could be used for HOTP and 32 slots to store TOTP secrets. These secrets are stored encrypted on the key and never expose them to the devices they are plugged into. Once a seed (shared secret) is given to the Yubico Authenticator, it will only give out the six-digit codes, but never the seed. This security model helps limit what an attacker can do if they compromise one of the devices running the Yubico Authenticator and make the YubiKey resistant to a physical attacker.
!!! warning
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
The firmware of YubiKey is not open source and is not updatable. If you want features in newer firmware versions, or if there is a vulnerability in the firmware version you are using, you would need to purchase a new key.
</div>
### Nitrokey
!!! recommendation
<div class="admonition recommendation" markdown>
![Nitrokey](assets/img/multi-factor-authentication/nitrokey.jpg){ align=right }
@ -41,20 +49,30 @@ For models which support HOTP and TOTP, there are 2 slots in the OTP interface w
[:octicons-eye-16:](https://www.nitrokey.com/data-privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://docs.nitrokey.com/){ .card-link title=Documentation}
</details>
</div>
The [comparison table](https://www.nitrokey.com/#comparison) shows the features and how the Nitrokey models compare. The **Nitrokey 3** listed will have a combined feature set.
Nitrokey models can be configured using the [Nitrokey app](https://www.nitrokey.com/download).
For the models which support HOTP and TOTP, there are 3 slots for HOTP and 15 for TOTP. Some Nitrokeys can act as a password manager. They can store 16 different credentials and encrypt them using the same password as the OpenPGP interface.
!!! warning
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
While Nitrokeys do not release the HOTP/TOTP secrets to the device they are plugged into, the HOTP and TOTP storage is **not** encrypted and is vulnerable to physical attacks. If you are looking to store HOTP or TOTP secrets, we highly recommend that you use a YubiKey instead.
!!! warning
</div>
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
Resetting the OpenPGP interface on a Nitrokey will also make the password database [inaccessible](https://docs.nitrokey.com/pro/linux/factory-reset).
</div>
The Nitrokey Pro 2, Nitrokey Storage 2, and the upcoming Nitrokey 3 supports system integrity verification for laptops with the [Coreboot](https://www.coreboot.org/) + [Heads](https://osresearch.net/) firmware.
Nitrokey's firmware is open source, unlike the YubiKey. The firmware on modern NitroKey models (except the **NitroKey Pro 2**) is updatable.
@ -63,10 +81,13 @@ Nitrokey's firmware is open source, unlike the YubiKey. The firmware on modern N
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
!!! example "This section is new"
<div class="admonition example" markdown>
<p class="admonition-title">This section is new</p>
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
</div>
#### Minimum Requirements
- Must use high quality, tamper resistant hardware security modules.
@ -91,7 +112,7 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative
### ente Auth
!!! recommendation
<div class="admonition recommendation" markdown>
![ente Auth logo](assets/img/multi-factor-authentication/ente-auth.png){ align=right }
@ -101,16 +122,21 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative
[:octicons-eye-16:](https://ente.io/privacy){ .card-link title="Privacy Policy" }
[:octicons-code-16:](https://github.com/ente-io/auth){ .card-link title="Source Code" }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=io.ente.auth)
- [:simple-appstore: App Store](https://apps.apple.com/us/app/ente-authenticator/id6444121398)
- [:simple-github: GitHub](https://github.com/ente-io/auth/releases)
- [:octicons-globe-16: Web](https://auth.ente.io)
</details>
</div>
### Aegis Authenticator (Android)
!!! recommendation
<div class="admonition recommendation" markdown>
![Aegis logo](assets/img/multi-factor-authentication/aegis.png){ align=right }
@ -122,19 +148,27 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative
[:octicons-code-16:](https://github.com/beemdevelopment/Aegis){ .card-link title="Source Code" }
[:octicons-heart-16:](https://www.buymeacoffee.com/beemdevelopment){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.beemdevelopment.aegis)
- [:simple-github: GitHub](https://github.com/beemdevelopment/Aegis/releases)
</details>
</div>
### Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
!!! example "This section is new"
<div class="admonition example" markdown>
<p class="admonition-title">This section is new</p>
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
</div>
- Source code must be publicly available.
- Must not require internet connectivity.
- Must not sync to a third-party cloud sync/backup service.

10
docs/tools.md
View File

@ -199,7 +199,8 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
### VPN Providers
??? danger "VPNs do not provide anonymity"
<details class="danger" markdown>
<summary>VPNs do not provide anonymity</summary>
Using a VPN will **not** keep your browsing habits anonymous, nor will it add additional security to non-secure (HTTP) traffic.
@ -209,6 +210,8 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
[Learn more :material-arrow-right-drop-circle:](vpn.md)
</details>
<div class="grid cards" markdown>
- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn)
@ -276,12 +279,15 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
### Encryption Software
??? info "Operating System Disk Encryption"
<details class="info" markdown>
<summary>Operating System Disk Encryption</summary>
For encrypting your operating system drive, we typically recommend using whichever encryption tool your operating system provides, whether that is **BitLocker** on Windows, **FileVault** on macOS, or **LUKS** on Linux. These tools are included with the operating system and typically use hardware encryption elements such as a TPM that other full-disk encryption software like VeraCrypt do not. VeraCrypt is still suitable for non-operating system disks such as external drives, especially drives that may be accessed from multiple operating systems.
[Learn more :material-arrow-right-drop-circle:](encryption.md##operating-system-included-full-disk-encryption-fde)
</details>
<div class="grid cards" markdown>
- ![Cryptomator logo](assets/img/encryption-software/cryptomator.svg){ .twemoji } [Cryptomator](encryption.md#cryptomator-cloud)

48
docs/tor.md
View File

@ -39,10 +39,13 @@ Tor works by routing your internet traffic through those volunteer-operated serv
## Connecting to Tor
!!! tip
<div class="admonition tip" markdown>
<p class="admonition-title">Tip</p>
Before connecting to Tor, please ensure you've read our [overview](advanced/tor-overview.md) on what Tor is and how to connect to it safely. We often recommend connecting to Tor through a trusted [VPN provider](vpn.md), but you have to do so **properly** to avoid decreasing your anonymity.
</div>
There are a variety of ways to connect to the Tor network from your device, the most commonly used being the **Tor Browser**, a fork of Firefox designed for anonymous browsing for desktop computers and Android.
Some of these apps are better than others, and again making a determination comes down to your threat model. If you are a casual Tor user who is not worried about your ISP collecting evidence against you, using apps like [Orbot](#orbot) or mobile browser apps to access the Tor network is probably fine. Increasing the number of people who use Tor on an everyday basis helps reduce the bad stigma of Tor, and lowers the quality of "lists of Tor users" that ISPs and governments may compile.
@ -51,7 +54,7 @@ If more complete anonymity is paramount to your situation, you should **only** b
### Tor Browser
!!! recommendation
<div class="admonition recommendation" markdown>
![Tor Browser logo](assets/img/browsers/tor.svg){ align=right }
@ -63,7 +66,8 @@ If more complete anonymity is paramount to your situation, you should **only** b
[:octicons-code-16:](https://gitlab.torproject.org/tpo/applications/tor-browser){ .card-link title="Source Code" }
[:octicons-heart-16:](https://donate.torproject.org/){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.torproject.torbrowser)
- [:simple-android: Android](https://www.torproject.org/download/#android)
@ -71,17 +75,24 @@ If more complete anonymity is paramount to your situation, you should **only** b
- [:simple-apple: macOS](https://www.torproject.org/download/)
- [:simple-linux: Linux](https://www.torproject.org/download/)
!!! danger
</details>
</div>
<div class="admonition danger" markdown>
<p class="admonition-title">Danger</p>
You should **never** install any additional extensions on Tor Browser or edit `about:config` settings, including the ones we suggest for Firefox. Browser extensions and non-standard settings make you stand out from others on the Tor network, thus making your browser easier to [fingerprint](https://support.torproject.org/glossary/browser-fingerprinting).
</div>
The Tor Browser is designed to prevent fingerprinting, or identifying you based on your browser configuration. Therefore, it is imperative that you do **not** modify the browser beyond the default [security levels](https://tb-manual.torproject.org/security-settings/).
In addition to installing Tor Browser on your computer directly, there are also operating systems designed specifically to connect to the Tor network such as [Whonix](desktop.md#whonix) on [Qubes OS](desktop.md#qubes-os), which provide even greater security and protections than the standard Tor Browser alone.
### Orbot
!!! recommendation
<div class="admonition recommendation" markdown>
![Orbot logo](assets/img/self-contained-networks/orbot.svg){ align=right }
@ -93,15 +104,21 @@ In addition to installing Tor Browser on your computer directly, there are also
[:octicons-code-16:](https://orbot.app/code){ .card-link title="Source Code" }
[:octicons-heart-16:](https://orbot.app/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.torproject.android)
- [:simple-appstore: App Store](https://apps.apple.com/us/app/orbot/id1609461599)
- [:simple-github: GitHub](https://github.com/guardianproject/orbot/releases)
</details>
</div>
We previously recommended enabling the *Isolate Destination Address* preference in Orbot settings. While this setting can theoretically improve privacy by enforcing the use of a different circuit for each IP address you connect to, it doesn't provide a practical advantage for most applications (especially web browsing), can come with a significant performance penalty, and increases the load on the Tor network. We no longer recommend adjusting this setting from its default value unless you know you need to.[^1]
!!! tip "Tips for Android"
<div class="admonition tip" markdown>
<p class="admonition-title">Tips for Android</p>
Orbot can proxy individual apps if they support SOCKS or HTTP proxying. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN killswitch in :gear: **Settings****Network & internet****VPN** → :gear: → **Block connections without VPN**.
@ -109,9 +126,11 @@ We previously recommended enabling the *Isolate Destination Address* preference
All versions are signed using the same signature so they should be compatible with each other.
</div>
### Onion Browser
!!! recommendation
<div class="admonition recommendation" markdown>
![Onion Browser logo](assets/img/self-contained-networks/onion_browser.svg){ align=right }
@ -123,15 +142,20 @@ We previously recommended enabling the *Isolate Destination Address* preference
[:octicons-code-16:](https://github.com/OnionBrowser/OnionBrowser){ .card-link title="Source Code" }
[:octicons-heart-16:](https://onionbrowser.com/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-appstore: App Store](https://apps.apple.com/app/id519296448)
</details>
</div>
## Relays and Bridges
### Snowflake
!!! recommendation
<div class="admonition recommendation" markdown>
![Snowflake logo](assets/img/browsers/snowflake.svg#only-light){ align=right }
![Snowflake logo](assets/img/browsers/snowflake-dark.svg#only-dark){ align=right }
@ -145,6 +169,10 @@ We previously recommended enabling the *Isolate Destination Address* preference
[:octicons-code-16:](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake){ .card-link title="Source Code" }
[:octicons-heart-16:](https://donate.torproject.org/){ .card-link title=Contribute }
</details>
</div>
You can enable Snowflake in your browser by opening it in another tab and turning the switch on. You can leave it running in the background while you browse to contribute your connection. We don't recommend installing Snowflake as a browser extension; adding third-party extensions can increase your attack surface.
[Run Snowflake in your Browser :material-arrow-right-drop-circle:](https://snowflake.torproject.org/embed.html){ .md-button }

37
docs/vpn.md
View File

@ -16,7 +16,8 @@ If you're looking for additional **privacy** from your ISP, on a public Wi-Fi ne
</div>
!!! danger "VPNs do not provide anonymity"
<div class="admonition danger" markdown>
<p class="admonition-title">VPNs do not provide anonymity</p>
Using a VPN will **not** keep your browsing habits anonymous, nor will it add additional security to non-secure (HTTP) traffic.
@ -26,6 +27,8 @@ If you're looking for additional **privacy** from your ISP, on a public Wi-Fi ne
[Download Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Tor Myths & FAQ](advanced/tor-overview.md){ .md-button }
</div>
[Detailed VPN Overview :material-arrow-right-drop-circle:](basics/vpn-overview.md){ .md-button }
## Recommended Providers
@ -34,7 +37,7 @@ Our recommended providers use encryption, accept Monero, support WireGuard & Ope
### Proton VPN
!!! recommendation annotate
<div class="admonition recommendation" markdown>
![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right }
@ -45,7 +48,8 @@ Our recommended providers use encryption, accept Monero, support WireGuard & Ope
[:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android)
- [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085)
@ -53,6 +57,10 @@ Our recommended providers use encryption, accept Monero, support WireGuard & Ope
- [:simple-windows11: Windows](https://protonvpn.com/download-windows)
- [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/)
</details>
</div>
#### :material-check:{ .pg-green } 71 Countries
Proton VPN has [servers in 71 countries](https://protonvpn.com/vpn-servers) [or 3 if you use their free plan](https://protonvpn.com/free-vpn).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
@ -104,7 +112,7 @@ System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-swit
### IVPN
!!! recommendation
<div class="admonition recommendation" markdown>
![IVPN logo](assets/img/vpn/ivpn.svg){ align=right }
@ -115,7 +123,8 @@ System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-swit
[:octicons-info-16:](https://www.ivpn.net/knowledgebase/general/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/ivpn){ .card-link title="Source Code" }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client)
- [:octicons-moon-16: Accrescent](https://accrescent.app/app/net.ivpn.client)
@ -124,6 +133,10 @@ System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-swit
- [:simple-apple: macOS](https://www.ivpn.net/apps-macos/)
- [:simple-linux: Linux](https://www.ivpn.net/apps-linux/)
</details>
</div>
#### :material-check:{ .pg-green } 37 Countries
IVPN has [servers in 37 countries](https://www.ivpn.net/server-locations).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
@ -169,7 +182,7 @@ IVPN clients support two factor authentication (Mullvad's clients do not). IVPN
### Mullvad
!!! recommendation
<div class="admonition recommendation" markdown>
![Mullvad logo](assets/img/vpn/mullvad.svg){ align=right }
@ -181,7 +194,8 @@ IVPN clients support two factor authentication (Mullvad's clients do not). IVPN
[:octicons-info-16:](https://mullvad.net/en/help/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/mullvad){ .card-link title="Source Code" }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn)
- [:simple-appstore: App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513)
@ -190,6 +204,10 @@ IVPN clients support two factor authentication (Mullvad's clients do not). IVPN
- [:simple-apple: macOS](https://mullvad.net/en/download/macos/)
- [:simple-linux: Linux](https://mullvad.net/en/download/linux/)
</details>
</div>
#### :material-check:{ .pg-green } 40 Countries
Mullvad has [servers in 40 countries](https://mullvad.net/servers/).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
@ -247,10 +265,13 @@ Mullvad is very transparent about which nodes they [own or rent](https://mullvad
## Criteria
!!! danger
<div class="admonition danger" markdown>
<p class="admonition-title">Danger</p>
It is important to note that using a VPN provider will not make you anonymous, but it will give you better privacy in certain situations. A VPN is not a tool for illegal activities. Don't rely on a "no log" policy.
</div>
**Please note we are not affiliated with any of the providers we recommend. This allows us to provide completely objective recommendations.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements for any VPN provider wishing to be recommended, including strong encryption, independent security audits, modern technology, and more. We suggest you familiarize yourself with this list before choosing a VPN provider, and conduct your own research to ensure the VPN provider you choose is as trustworthy as possible.
### Technology