From d98db5bb3be7c16532f0d8135522bb4d4eb1f6e6 Mon Sep 17 00:00:00 2001 From: redoomed1 <161974310+redoomed1@users.noreply.github.com> Date: Sun, 10 Nov 2024 07:24:18 +0000 Subject: [PATCH 01/21] update!: Remove Fluent Reader (#2801) Signed-off-by: fria <138676274+friadev@users.noreply.github.com> Signed-off-by: Daniel Gray --- docs/news-aggregators.md | 57 ++++++------------- docs/tools.md | 1 - .../img/news-aggregators/fluent-reader.svg | 1 - 3 files changed, 18 insertions(+), 41 deletions(-) delete mode 100644 theme/assets/img/news-aggregators/fluent-reader.svg diff --git a/docs/news-aggregators.md b/docs/news-aggregators.md index 1da820422b..280b282e5b 100644 --- a/docs/news-aggregators.md +++ b/docs/news-aggregators.md @@ -4,6 +4,9 @@ icon: material/rss description: These news aggregator clients let you keep up with your favorite blogs and news sites using internet standards like RSS. cover: news-aggregators.webp --- +Protects against the following threat(s): + +- [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers){ .pg-teal } A **news aggregator** is software which aggregates digital content from online newspapers, blogs, podcasts, and other resources to one location for easy viewing. Using one can be a great way to keep up with your favorite content. @@ -15,13 +18,13 @@ A **news aggregator** is software which aggregates digital content from online n ![Akregator logo](assets/img/news-aggregators/akregator.svg){ align=right } -**Akregator** is a news feed reader that is a part of the [KDE](https://kde.org) project. It comes with a fast search, advanced archiving functionality and an internal browser for easy news reading. +**Akregator** is a news feed reader that is a part of the [KDE](https://kde.org) project. It comes with a fast search, advanced archiving functionality, and an internal browser for easy news reading. [:octicons-home-16: Homepage](https://apps.kde.org/akregator){ .md-button .md-button--primary } [:octicons-eye-16:](https://kde.org/privacypolicy-apps){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://docs.kde.org/?application=akregator){ .card-link title=Documentation} +[:octicons-info-16:](https://docs.kde.org/?application=akregator){ .card-link title="Documentation" } [:octicons-code-16:](https://invent.kde.org/pim/akregator){ .card-link title="Source Code" } -[:octicons-heart-16:](https://kde.org/community/donations){ .card-link title=Contribute } +[:octicons-heart-16:](https://kde.org/community/donations){ .card-link title="Contribute" }
Downloads @@ -38,7 +41,7 @@ A **news aggregator** is software which aggregates digital content from online n ![NewsFlash logo](assets/img/news-aggregators/newsflash.png){ align=right } -**NewsFlash** is an open-source, modern, simple and easy to use GTK4 news feed reader for Linux. It can be used offline or used with services like [NextCloud News](https://apps.nextcloud.com/apps/news) or [Inoreader](https://inoreader.com). It has a search feature and even a pre-defined list of sources like [TechCrunch](https://techcrunch.com) that you can add directly. It is only available as a Flatpak (on the Flathub repository). +**NewsFlash** is an open-source, modern, and easy-to-use news feed reader for Linux. It can be used offline or used with services like [Nextcloud News](https://apps.nextcloud.com/apps/news) or [Inoreader](https://inoreader.com). It has a search feature and a pre-defined list of sources that you can add directly. [:octicons-repo-16: Repository](https://gitlab.com/news-flash/news_flash_gtk){ .md-button .md-button--primary } [:octicons-code-16:](https://gitlab.com/news-flash/news_flash_gtk){ .card-link title="Source Code" } @@ -58,11 +61,11 @@ A **news aggregator** is software which aggregates digital content from online n ![Feeder logo](assets/img/news-aggregators/feeder.png){ align=right } -**Feeder** is a modern RSS client for Android that has many [features](https://github.com/spacecowboy/Feeder#features) and works well with folders of RSS feeds. It supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)), [RDF](https://en.wikipedia.org/wiki/RDF%2FXML) and [JSON Feed](https://en.wikipedia.org/wiki/JSON_Feed). +**Feeder** is a modern RSS client for Android that has many [features](https://github.com/spacecowboy/Feeder#features) and works well with folders of RSS feeds. It supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)), [RDF](https://en.wikipedia.org/wiki/RDF%2FXML), and [JSON Feed](https://en.wikipedia.org/wiki/JSON_Feed). [:octicons-repo-16: Repository](https://github.com/spacecowboy/Feeder){ .md-button .md-button--primary } [:octicons-code-16:](https://github.com/spacecowboy/Feeder){ .card-link title="Source Code" } -[:octicons-heart-16:](https://ko-fi.com/spacecowboy){ .card-link title=Contribute } +[:octicons-heart-16:](https://ko-fi.com/spacecowboy){ .card-link title="Contribute" }
Downloads @@ -74,30 +77,6 @@ A **news aggregator** is software which aggregates digital content from online n -### Fluent Reader - -
- -![Fluent Reader logo](assets/img/news-aggregators/fluent-reader.svg){ align=right } - -**Fluent Reader** is a secure cross-platform news aggregator that has useful privacy features such as deletion of cookies on exit, strict [content security policies (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) and proxy support, meaning you can use it over [Tor](tor.md). - -[:octicons-home-16: Homepage](https://hyliu.me/fluent-reader){ .md-button .md-button--primary } -[:octicons-eye-16:](https://github.com/yang991178/fluent-reader/wiki/Privacy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://github.com/yang991178/fluent-reader/wiki){ .card-link title=Documentation} -[:octicons-code-16:](https://github.com/yang991178/fluent-reader){ .card-link title="Source Code" } -[:octicons-heart-16:](https://github.com/sponsors/yang991178){ .card-link title=Contribute } - -
-Downloads - -- [:fontawesome-brands-windows: Windows](https://hyliu.me/fluent-reader) -- [:simple-appstore: App Store](https://apps.apple.com/app/id1520907427) - -
- -
- ### Miniflux
@@ -105,12 +84,12 @@ A **news aggregator** is software which aggregates digital content from online n ![Miniflux logo](assets/img/news-aggregators/miniflux.svg#only-light){ align=right } ![Miniflux logo](assets/img/news-aggregators/miniflux-dark.svg#only-dark){ align=right } -**Miniflux** is a web-based news aggregator that you can self-host. It supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)), [RDF](https://en.wikipedia.org/wiki/RDF%2FXML) and [JSON Feed](https://en.wikipedia.org/wiki/JSON_Feed). +**Miniflux** is a web-based news aggregator that you can self-host. It supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)), [RDF](https://en.wikipedia.org/wiki/RDF%2FXML), and [JSON Feed](https://en.wikipedia.org/wiki/JSON_Feed). [:octicons-home-16: Homepage](https://miniflux.app){ .md-button .md-button--primary } -[:octicons-info-16:](https://miniflux.app/docs/index.html){ .card-link title=Documentation} +[:octicons-info-16:](https://miniflux.app/docs/index){ .card-link title="Documentation" } [:octicons-code-16:](https://github.com/miniflux/v2){ .card-link title="Source Code" } -[:octicons-heart-16:](https://miniflux.app/#donations){ .card-link title=Contribute } +[:octicons-heart-16:](https://miniflux.app/#donations){ .card-link title="Contribute" }
@@ -123,8 +102,8 @@ A **news aggregator** is software which aggregates digital content from online n **NetNewsWire** is a free and open-source feed reader for macOS and iOS with a focus on a native design and feature set. It supports the typical feed formats alongside built-in support for Reddit feeds. [:octicons-home-16: Homepage](https://netnewswire.com){ .md-button .md-button--primary } -[:octicons-eye-16:](https://netnewswire.com/privacypolicy.html){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://netnewswire.com/help){ .card-link title=Documentation} +[:octicons-eye-16:](https://netnewswire.com/privacypolicy){ .card-link title="Privacy Policy" } +[:octicons-info-16:](https://netnewswire.com/help){ .card-link title="Documentation" } [:octicons-code-16:](https://github.com/Ranchero-Software/NetNewsWire){ .card-link title="Source Code" }
@@ -143,10 +122,10 @@ A **news aggregator** is software which aggregates digital content from online n ![Newsboat logo](assets/img/news-aggregators/newsboat.svg){ align=right } -**Newsboat** is an RSS/Atom feed reader for the text console. It's an actively maintained fork of [Newsbeuter](https://en.wikipedia.org/wiki/Newsbeuter). It is very lightweight, and ideal for use over [Secure Shell](https://en.wikipedia.org/wiki/Secure_Shell). +**Newsboat** is an RSS/Atom feed reader for the text console. It's an actively maintained fork of [Newsbeuter](https://en.wikipedia.org/wiki/Newsbeuter). It is very lightweight and ideal for use over [Secure Shell](https://en.wikipedia.org/wiki/Secure_Shell). [:octicons-home-16: Homepage](https://newsboat.org){ .md-button .md-button--primary } -[:octicons-info-16:](https://newsboat.org/releases/2.27/docs/newsboat.html){ .card-link title=Documentation} +[:octicons-info-16:](https://newsboat.org/releases/2.37/docs/newsboat.html){ .card-link title="Documentation" } [:octicons-code-16:](https://github.com/newsboat/newsboat){ .card-link title="Source Code" } @@ -179,12 +158,12 @@ https://reddit.com/r/[SUBREDDIT]/new/.rss ### YouTube -You can subscribe YouTube channels without logging in and associating usage information with your Google account. +You can subscribe to YouTube channels without logging in and associating usage information with your Google account.

Example

-To subscribe to a YouTube channel with an RSS client, first look for its [channel code](https://support.google.com/youtube/answer/6180214). The channel code can be found on the about page of the YouTube channel you wish to subscribe to, under: **About** > **Share** > **Copy channel ID**. Replace `[CHANNEL ID]` below: +To subscribe to a YouTube channel with an RSS client, first look for its [channel code](https://support.google.com/youtube/answer/6180214). The channel code can be found on the about page of the YouTube channel you wish to subscribe to, under: **About** → **Share** → **Copy channel ID**. Replace `[CHANNEL ID]` below: ```text https://youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID] diff --git a/docs/tools.md b/docs/tools.md index 95b1017523..5ebfb8bd24 100644 --- a/docs/tools.md +++ b/docs/tools.md @@ -498,7 +498,6 @@ For encrypting your operating system drive, we typically recommend using whichev - ![Akregator logo](assets/img/news-aggregators/akregator.svg){ .twemoji loading=lazy } [Akregator](news-aggregators.md#akregator) - ![NewsFlash logo](assets/img/news-aggregators/newsflash.png){ .twemoji loading=lazy } [NewsFlash](news-aggregators.md#newsflash) - ![Feeder logo](assets/img/news-aggregators/feeder.png){ .twemoji} [Feeder (Android)](news-aggregators.md#feeder) -- ![Fluent Reader logo](assets/img/news-aggregators/fluent-reader.svg){ .twemoji loading=lazy } [Fluent Reader](news-aggregators.md#fluent-reader) - ![Miniflux logo](assets/img/news-aggregators/miniflux.svg#only-light){ .twemoji loading=lazy }![Miniflux logo](assets/img/news-aggregators/miniflux-dark.svg#only-dark){ .twemoji loading=lazy } [Miniflux](news-aggregators.md#miniflux) - ![NetNewsWire logo](assets/img/news-aggregators/netnewswire.png){ .twemoji loading=lazy } [NetNewsWire](news-aggregators.md#netnewswire) - ![Newsboat logo](assets/img/news-aggregators/newsboat.svg){ .twemoji loading=lazy } [Newsboat](news-aggregators.md#newsboat) diff --git a/theme/assets/img/news-aggregators/fluent-reader.svg b/theme/assets/img/news-aggregators/fluent-reader.svg deleted file mode 100644 index 2ab38b3a91..0000000000 --- a/theme/assets/img/news-aggregators/fluent-reader.svg +++ /dev/null @@ -1 +0,0 @@ -F \ No newline at end of file From 3573915166b421cea46e3f4a4e42492454cc8463 Mon Sep 17 00:00:00 2001 From: fria <138676274+friadev@users.noreply.github.com> Date: Sun, 10 Nov 2024 07:36:23 +0000 Subject: [PATCH 02/21] update: iOS 18 Browser Recommendations/Improvements (#2802) Signed-off-by: redoomed1 <161974310+redoomed1@users.noreply.github.com> Signed-off-by: Daniel Gray --- docs/mobile-browsers.md | 45 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 44 insertions(+), 1 deletion(-) diff --git a/docs/mobile-browsers.md b/docs/mobile-browsers.md index 971e17ddff..2cbec388b5 100644 --- a/docs/mobile-browsers.md +++ b/docs/mobile-browsers.md @@ -229,7 +229,7 @@ Because Mull has more advanced and strict privacy protections enabled by default ## Safari (iOS) -On iOS, any app that can browse the web is [restricted](https://developer.apple.com/app-store/review/guidelines) to using an Apple-provided [WebKit framework](https://developer.apple.com/documentation/webkit), so there is little reason to use a third-party web browser. +On iOS, any app that can browse the web is [restricted](https://developer.apple.com/app-store/review/guidelines) to using an Apple-provided [WebKit framework](https://developer.apple.com/documentation/webkit), so a browser like [Brave](#brave) does not use the Chromium engine like its counterparts on other operating systems.
@@ -251,6 +251,23 @@ We would suggest installing [AdGuard](browser-extensions.md#adguard) if you want The following privacy/security-related options can be found in :gear: **Settings** → **Apps** → **Safari**. +#### Allow Safari to Access + +Under **Siri**: + +- [ ] Disable **Learn from this App** +- [ ] Disable **Show in App** +- [ ] Disable **Show on Home Screen** +- [ ] Disable **Suggest App** + +This prevents Siri from using content from Safari for Siri suggestions. + +#### Search + +- [ ] Disable **Search Engine Suggestions** + +This setting sends whatever you type in the address bar to the search engine set in Safari. Disabling search suggestions allows you to more precisely control what data you send to your search engine provider. + #### Profiles Safari allows you to separate your browsing with different profiles. All of your cookies, history, and website data are separate for each profile. You should use different profiles for different purposes e.g. Shopping, Work, or School. @@ -265,6 +282,32 @@ This enables WebKit's [Intelligent Tracking Protection](https://webkit.org/track This setting allows you to lock your private tabs behind biometrics/PIN when not in use. +- [ ] Disable **Fraudulent Website Warning** + +This setting uses Google Safe Browsing (or Tencent Safe Browsing for users in mainland China or Hong Kong) to protect you while you browse. As such, your IP address may be logged by your Safe Browsing provider. Disabling this setting will disable this logging, but you might be more vulnerable to known phishing sites. + +- [ ] Disable **Highlights** + +Apple's privacy policy for Safari states: + +> When visiting a webpage, Safari may send information calculated from the webpage address to Apple over OHTTP to determine if relevant highlights are available. + +#### Settings for Websites + +Under **Camera** + +- [x] Select **Ask** + +Under **Microphone** + +- [x] Select **Ask** + +Under **Location** + +- [x] Select **Ask** + +These settings ensure that websites can only access your camera, microphone, or location after you explicitly grant them access. + #### Other Privacy Settings These options can be found in :gear: **Settings** → **Apps** → **Safari** → **Advanced**. From 1c30ca8cbc546b99a011b90a7ee37b0a134f80fc Mon Sep 17 00:00:00 2001 From: Triple T <78900789+I-I-IT@users.noreply.github.com> Date: Sun, 10 Nov 2024 08:32:10 +0000 Subject: [PATCH 03/21] update: Add criteria to VPN Services page and update other sections (#2788) Updates include: - Obfuscation info, ProtonVPN IPv6 and added missing download links - added a few criteria Testing: - Proton has IPv6 support on Linux but it didn't work for me - Requirements for FDE/ram servers make sense to prevent logging by malicious employees. - Mullvad/IVPN are ram-only while Proton has FDE. - Requirements for the jurisdiction is to prevent cases like RiseupVPN (https://riseup.net/en/about-us/press/canary-statement). Co-authored-by: redoomed1 <161974310+redoomed1@users.noreply.github.com> Co-authored-by: fria <138676274+friadev@users.noreply.github.com> Signed-off-by: Daniel Gray --- docs/advanced/tor-overview.md | 4 ++-- docs/mobile-browsers.md | 16 ++++++++-------- docs/os/android-overview.md | 2 +- docs/real-time-communication.md | 5 ++--- docs/vpn.md | 33 ++++++++++++++++++++++----------- includes/abbreviations.en.txt | 2 ++ 6 files changed, 37 insertions(+), 25 deletions(-) diff --git a/docs/advanced/tor-overview.md b/docs/advanced/tor-overview.md index db4ba4feea..9fca7e0027 100644 --- a/docs/advanced/tor-overview.md +++ b/docs/advanced/tor-overview.md @@ -204,5 +204,5 @@ It is [possible](https://discuss.privacyguides.net/t/clarify-tors-weaknesses-wit ## Additional Resources - [Tor Browser User Manual](https://tb-manual.torproject.org) -- [How Tor Works - Computerphile](https://www.youtube.com/watch?v=QRYzre4bf7I) (YouTube) -- [Tor Onion Services - Computerphile](https://www.youtube.com/watch?v=lVcbq_a5N9I) (YouTube) +- [How Tor Works - Computerphile](https://youtube.com/watch?v=QRYzre4bf7I) (YouTube) +- [Tor Onion Services - Computerphile](https://youtube.com/watch?v=lVcbq_a5N9I) (YouTube) diff --git a/docs/mobile-browsers.md b/docs/mobile-browsers.md index 2cbec388b5..60d5a96f64 100644 --- a/docs/mobile-browsers.md +++ b/docs/mobile-browsers.md @@ -91,7 +91,7 @@ Shields' options can be downgraded on a per-site basis as needed, but by default === "Android"
- + - [x] Select **Aggressive** under *Block trackers & ads* - [x] Select **Auto-redirect AMP pages** - [x] Select **Auto-redirect tracking URLs** @@ -107,24 +107,24 @@ Shields' options can be downgraded on a per-site basis as needed, but by default Brave allows you to select additional content filters within the **Content Filtering** menu or the internal `brave://adblock` page. We advise against using this feature; instead, keep the default filter lists. Using extra lists will make you stand out from other Brave users and may also increase attack surface if there is an exploit in Brave and a malicious rule is added to one of the lists you use.
- + - [x] Select **Forget me when I close this site** 1. This option disables JavaScript, which will break a lot of sites. To unbreak them, you can set exceptions on a per-site basis by tapping on the Shield icon in the address bar and unchecking this setting under *Advanced controls*. - + === "iOS"
- + - [x] Select **Aggressive** under *Trackers & Ads Blocking* - [x] Select **Strict** under *Upgrade Connections to HTTPS* - [x] Select **Auto-Redirect AMP pages** - [x] Select **Auto-Redirect Tracking URLs** - [x] (Optional) Select **Block Scripts** (1) - [x] Select **Block Fingerprinting** - +
Use default filter lists @@ -135,7 +135,7 @@ Shields' options can be downgraded on a per-site basis as needed, but by default
1. This option disables JavaScript, which will break a lot of sites. To unbreak them, you can set exceptions on a per-site basis by tapping on the Shield icon in the address bar and unchecking this setting under *Advanced controls*. - + ##### Clear browsing data (Android only) - [x] Select **Clear data on exit** @@ -149,7 +149,7 @@ Shields' options can be downgraded on a per-site basis as needed, but by default === "Android"
- + - [x] Select **Disable non-proxied UDP** under [*WebRTC IP handling policy*](https://support.brave.com/hc/articles/360017989132-How-do-I-change-my-Privacy-Settings#webrtc) - [x] (Optional) Select **No protection** under *Safe Browsing* (1) - [ ] Uncheck **Allow sites to check if you have payment methods saved** @@ -166,7 +166,7 @@ Shields' options can be downgraded on a per-site basis as needed, but by default - [ ] Uncheck **Allow Privacy-Preserving Product Analytics (P3A)** - [ ] Uncheck **Automatically send daily usage ping to Brave** - + ### Leo These options can be found in :material-menu: → **Settings** → **Leo**. diff --git a/docs/os/android-overview.md b/docs/os/android-overview.md index 871216f484..199775e032 100644 --- a/docs/os/android-overview.md +++ b/docs/os/android-overview.md @@ -34,7 +34,7 @@ Many OEMs also have broken implementation of Verified Boot that you have to be a **Firmware updates** are critical for maintaining security and without them your device cannot be secure. OEMs have support agreements with their partners to provide the closed-source components for a limited support period. These are detailed in the monthly [Android Security Bulletins](https://source.android.com/security/bulletin). -As the components of the phone, such as the processor and radio technologies rely on closed-source components, the updates must be provided by the respective manufacturers. Therefore, it is important that you purchase a device within an active support cycle. [Qualcomm](https://www.qualcomm.com/news/releases/2020/12/qualcomm-and-google-announce-collaboration-extend-android-os-support-and) and [Samsung](https://news.samsung.com/us/samsung-galaxy-security-extending-updates-knox) support their devices for 4 years, while cheaper products often have shorter support cycles. With the introduction of the [Pixel 6](https://support.google.com/pixelphone/answer/4457705), Google now makes their own SoC, and they will provide a minimum of 5 years of support. With the introduction of the Pixel 8 series, Google increased that support window to 7 years. +As the components of the phone, such as the processor and radio technologies rely on closed-source components, the updates must be provided by the respective manufacturers. Therefore, it is important that you purchase a device within an active support cycle. [Qualcomm](https://qualcomm.com/news/releases/2020/12/qualcomm-and-google-announce-collaboration-extend-android-os-support-and) and [Samsung](https://news.samsung.com/us/samsung-galaxy-security-extending-updates-knox) support their devices for 4 years, while cheaper products often have shorter support cycles. With the introduction of the [Pixel 6](https://support.google.com/pixelphone/answer/4457705), Google now makes their own SoC, and they will provide a minimum of 5 years of support. With the introduction of the Pixel 8 series, Google increased that support window to 7 years. EOL devices which are no longer supported by the SoC manufacturer cannot receive firmware updates from OEM vendors or after market Android distributors. This means that security issues with those devices will remain unfixed. diff --git a/docs/real-time-communication.md b/docs/real-time-communication.md index 216518153a..5198f451dc 100644 --- a/docs/real-time-communication.md +++ b/docs/real-time-communication.md @@ -98,9 +98,9 @@ Molly is updated every two weeks to include the latest features and bug fixes fr Note that you are trusting multiple parties by using Molly, as you now need to trust the Signal team *and* the Molly team to deliver safe and timely updates. -There is a version of Molly called **Molly-FOSS** which removes proprietary code like the Google services used by both Signal and Molly, at the expense of some features like battery-saving push notifications via Google Play Services. +There is a version of Molly called **Molly-FOSS** which removes proprietary code like the Google services used by both Signal and Molly, at the expense of some features like battery-saving push notifications via Google Play Services. -There is also a version called [**Molly-UP**](https://github.com/mollyim/mollyim-android#unifiedpush) which is based on Molly-FOSS and adds support for push notifications with [UnifiedPush](https://unifiedpush.org/), an open source alternative to the push notifications provided by Google Play Services, but it requires running a separate program called [Mollysocket](https://github.com/mollyim/mollysocket) to function. Mollysocket can either be self-hosted on a separate computer or server (VPS), or alternatively a public Mollysocket instance can be used ([step-by-step tutorial, in German](https://www.kuketz-blog.de/messenger-wechsel-von-signal-zu-molly-unifiedpush-mollysocket-ntfy/)). +There is also a version called [**Molly-UP**](https://github.com/mollyim/mollyim-android#unifiedpush) which is based on Molly-FOSS and adds support for push notifications with [UnifiedPush](https://unifiedpush.org/), an open source alternative to the push notifications provided by Google Play Services, but it requires running a separate program called [Mollysocket](https://github.com/mollyim/mollysocket) to function. Mollysocket can either be self-hosted on a separate computer or server (VPS), or alternatively a public Mollysocket instance can be used ([step-by-step tutorial, in German](https://kuketz-blog.de/messenger-wechsel-von-signal-zu-molly-unifiedpush-mollysocket-ntfy)). All three versions of Molly provide the same security improvements. @@ -141,7 +141,6 @@ You can find a full list of the privacy and security [features](https://github.c SimpleX Chat was independently audited in [July 2024](https://simplex.chat/blog/20241014-simplex-network-v6-1-security-review-better-calls-user-experience.html#simplex-cryptographic-design-review-by-trail-of-bits) and in [October 2022](https://simplex.chat/blog/20221108-simplex-chat-v4.2-security-audit-new-website). - ### Briar
diff --git a/docs/vpn.md b/docs/vpn.md index d0b934a83e..fe978ca003 100644 --- a/docs/vpn.md +++ b/docs/vpn.md @@ -32,7 +32,7 @@ Our recommended providers use encryption, support WireGuard & OpenVPN, and have | Provider | Countries | WireGuard | Port Forwarding | IPv6 | Anonymous Payments |---|---|---|---|---|--- -| [Proton](#proton-vpn) | 112+ | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Partial Support | :material-alert-outline:{ .pg-orange } | Cash +| [Proton](#proton-vpn) | 112+ | :material-check:{ .pg-green } | :material-alert-outline:{ .pg-orange } Partial Support | :material-information-outline:{ .pg-blue } Limited Support | Cash | [IVPN](#ivpn) | 37+ | :material-check:{ .pg-green } | :material-alert-outline:{ .pg-orange } | :material-information-outline:{ .pg-blue } Outgoing Only | Monero, Cash | [Mullvad](#mullvad) | 45+ | :material-check:{ .pg-green } | :material-alert-outline:{ .pg-orange } | :material-check:{ .pg-green } | Monero, Cash @@ -56,6 +56,7 @@ Our recommended providers use encryption, support WireGuard & OpenVPN, and have - [:simple-appstore: App Store](https://apps.apple.com/app/id1437005085) - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) - [:fontawesome-brands-windows: Windows](https://protonvpn.com/download-windows) +- [:simple-apple: macOS](https://protonvpn.com/download-macos) - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup)
@@ -89,9 +90,9 @@ Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://wiregua Proton VPN [recommends](https://protonvpn.com/blog/wireguard) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols) for the protocol is not present in their Linux app. -#### :material-alert-outline:{ .pg-orange } No IPv6 Support +#### :material-alert-outline:{ .pg-orange } Limited IPv6 Support -Proton VPN's servers are only compatible with IPv4. The Proton VPN applications will block all outgoing IPv6 traffic, so you don't have to worry about your IPv6 address being leaked, but you will not be able to connect to any IPv6-only sites, and you will not be able to connect to Proton VPN from an IPv6-only network. +Proton [now supports IPv6](https://protonvpn.com/support/prevent-ipv6-vpn-leaks) in their browser extension but only 80% of their servers are IPv6-compatible. On other platforms, the Proton VPN client will block all outgoing IPv6 traffic, so you don't have to worry about your IPv6 address being leaked, but you will not be able to connect to any IPv6-only sites, nor will you be able to connect to Proton VPN from an IPv6-only network. #### :material-information-outline:{ .pg-info } Remote Port Forwarding @@ -179,7 +180,7 @@ IVPN previously supported port forwarding, but removed the option in [June 2023] #### :material-check:{ .pg-green } Anti-Censorship -IVPN has obfuscation modes using the [v2ray](https://v2ray.com/en/index.html) project which helps in situations where VPN protocols like OpenVPN or Wireguard are blocked. Currently this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic. +IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or Wireguard are blocked. Currently this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic. #### :material-check:{ .pg-green } Mobile Clients @@ -195,7 +196,7 @@ IVPN clients support two factor authentication. IVPN also provides "[AntiTracker ![Mullvad logo](assets/img/vpn/mullvad.svg){ align=right } -**Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since 2009. Mullvad is based in Sweden and does not offer a free trial. +**Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since 2009. Mullvad is based in Sweden and offers a 30-day money-back guarantee for payment methods that allow it. [:octicons-home-16: Homepage](https://mullvad.net){ .md-button .md-button--primary } [:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Service" } @@ -244,7 +245,7 @@ Mullvad provides the source code for their desktop and mobile clients in their [ #### :material-check:{ .pg-green } Accepts Cash and Monero -Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. Prepaid cards with redeem codes are also available. Mullvad also accepts Swish and bank wire transfers. +Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. Prepaid cards with redeem codes are also available. Mullvad also accepts Swish and bank wire transfers, as well as a few European payment systems. #### :material-check:{ .pg-green } WireGuard Support @@ -262,7 +263,12 @@ Mullvad previously supported port forwarding, but removed the option in [May 202 #### :material-check:{ .pg-green } Anti-Censorship -Mullvad has obfuscation an mode using [Shadowsocks with v2ray](https://mullvad.net/en/help/shadowsocks-with-v2ray) which may be useful in situations where VPN protocols like OpenVPN or Wireguard are blocked. +Mullvad offers several features to help bypass censorship and access the internet freely: + +- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["Wireguard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en). +- **Advanced obfuscation with Shadowsocks and v2ray**: For more advanced users, Mullvad provides a guide on how to use the [Shadowsocks with v2ray](https://mullvad.net/en/help/shadowsocks-with-v2ray) plugin with Mullvad clients. This setup provides an additional layer of obfuscation and encryption. +- **Custom server IPs**: To counter IP-blocking, you can request custom server IPs from Mullvad's support team. Once you receive the custom IPs, you can input the text file in the "Server IP override" settings, which will override the chosen server IP addresses with ones that aren't known to the censor. +- **Bridges and proxies**: Mullvad also allows you to use bridges or proxies to reach their API (needed for authentication), which can help bypass censorship attempts that block access to the API itself. #### :material-check:{ .pg-green } Mobile Clients @@ -270,7 +276,7 @@ Mullvad has published [App Store](https://apps.apple.com/app/id1488466513) and [ #### :material-information-outline:{ .pg-blue } Additional Notes -Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers). They use [ShadowSocks](https://shadowsocks.org) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). +Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers). They also provide the option to enable Defense Against AI-guided Traffic Analysis ([DAITA](https://mullvad.net/en/blog/daita-defense-against-ai-guided-traffic-analysis)) in their apps. DAITA protects against the threat of advanced traffic analysis which can be used to connect patterns in VPN traffic with specific websites. ## Criteria @@ -293,14 +299,15 @@ We require all our recommended VPN providers to provide OpenVPN configuration fi - Killswitch built in to clients. - Multihop support. Multihopping is important to keep data private in case of a single node compromise. - If VPN clients are provided, they should be [open source](https://en.wikipedia.org/wiki/Open_source), like the VPN software they generally have built into them. We believe that [source code](https://en.wikipedia.org/wiki/Source_code) availability provides greater transparency about what your device is actually doing. +- Censorship resistance features designed to bypass firewalls without DPI. **Best Case:** - Killswitch with highly configurable options (enable/disable on certain networks, on boot, etc.) - Easy-to-use VPN clients -- Supports [IPv6](https://en.wikipedia.org/wiki/IPv6). We expect that servers will allow incoming connections via IPv6 and allow you to access services hosted on IPv6 addresses. +- [IPv6](https://en.wikipedia.org/wiki/IPv6) support. We expect that servers will allow incoming connections via IPv6 and allow you to access services hosted on IPv6 addresses. - Capability of [remote port forwarding](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) assists in creating connections when using P2P ([Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer)) file sharing software or hosting a server (e.g., Mumble). -- Obfuscation technology which pads data packets with random data to circumvent internet censorship. +- Obfuscation technology which camouflages the true nature of internet traffic, designed to circumvent advanced internet censorship methods like DPI. ### Privacy @@ -325,13 +332,16 @@ A VPN is pointless if it can't even provide adequate security. We require all ou - Strong Encryption Schemes: OpenVPN with SHA-256 authentication; RSA-2048 or better handshake; AES-256-GCM or AES-256-CBC data encryption. - Forward Secrecy. - Published security audits from a reputable third-party firm. +- VPN servers that use full-disk encryption or are RAM-only. **Best Case:** - Strongest Encryption: RSA-4096. +- Optional quantum-resistant encryption. - Forward Secrecy. - Comprehensive published security audits from a reputable third-party firm. - Bug-bounty programs and/or a coordinated vulnerability-disclosure process. +- RAM-only VPN servers. ### Trust @@ -340,6 +350,7 @@ You wouldn't trust your finances to someone with a fake identity, so why trust t **Minimum to Qualify:** - Public-facing leadership or ownership. +- Company based in a jurisdiction where it cannot be forced to do secret logging. **Best Case:** @@ -371,4 +382,4 @@ Responsible marketing that is both educational and useful to the consumer could ### Additional Functionality -While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include content blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc. +While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include content blocking functionality, warrant canaries, excellent customer support, the number of allowed simultaneous connections, etc. diff --git a/includes/abbreviations.en.txt b/includes/abbreviations.en.txt index 93195bd33f..03c478c7a7 100644 --- a/includes/abbreviations.en.txt +++ b/includes/abbreviations.en.txt @@ -16,6 +16,7 @@ *[DoQ]: DNS over QUIC *[DoH3]: DNS over HTTP/3 *[DoT]: DNS over TLS +*[DPI]: Deep Packet Inspection identifies and blocks packet with specific payloads *[E2EE]: End-to-End Encryption/Encrypted *[ECS]: EDNS Client Subnet *[EEA]: European Economic Area @@ -71,6 +72,7 @@ *[PGP]: Pretty Good Privacy (see OpenPGP) *[PII]: Personally Identifiable Information *[QNAME]: Qualified Name +*[QUIC]: A network protocol based on UDP, but aiming to combine the speed of UDP with the reliability of TCP. *[rolling release]: Updates which are released frequently rather than set intervals *[RSS]: Really Simple Syndication *[SELinux]: Security-Enhanced Linux From 54094cc1f88c9bcd28da5183e3a702872c36d914 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sayf=20Dh=C5=AB=20al-Faq=C4=81r?= <155405590+sdhlfqr@users.noreply.github.com> Date: Sun, 10 Nov 2024 08:40:28 +0000 Subject: [PATCH 04/21] fix: typo, consistency linting (#2804) Signed-off-by: Freddy Signed-off-by: fria <138676274+friadev@users.noreply.github.com> Signed-off-by: Daniel Gray --- docs/about.md | 2 +- docs/about/contributors.md | 2 +- docs/about/jobs/journalist.md | 2 +- docs/basics/account-creation.md | 2 +- docs/data-broker-removals.md | 34 ++++++++++++++++----------------- docs/real-time-communication.md | 2 +- docs/tools.md | 2 +- docs/tor.md | 2 +- 8 files changed, 24 insertions(+), 24 deletions(-) diff --git a/docs/about.md b/docs/about.md index 1db1a16456..1157f044a6 100644 --- a/docs/about.md +++ b/docs/about.md @@ -118,7 +118,7 @@ In 2022, we completed the transition of our main website framework from Jekyll t We additionally launched our new discussion forum at [discuss.privacyguides.net](https://discuss.privacyguides.net) as a community platform to share ideas and ask questions about our mission. This augments our existing community on Matrix, and replaced our previous GitHub Discussions platform, decreasing our reliance on proprietary discussion platforms. -In 2023, we launched international translations of our website in [French](https://www.privacyguides.org/fr/), [Hebrew](https://www.privacyguides.org/he/), [Dutch](https://www.privacyguides.org/nl/), and more languages, made possible by our excellent translation team on [Crowdin](https://crowdin.com/project/privacyguides). We plan to continue carrying forward our mission of outreach and education, and finding ways to more clearly highlight the dangers of a lack of privacy awareness in the modern digital age, and the prevalence and harms of security breaches across the technology industry. +In 2023, we launched international translations of our website in [French](https://www.privacyguides.org/fr), [Hebrew](https://www.privacyguides.org/he), [Dutch](https://www.privacyguides.org/nl), and more languages, made possible by our excellent translation team on [Crowdin](https://crowdin.com/project/privacyguides). We plan to continue carrying forward our mission of outreach and education, and finding ways to more clearly highlight the dangers of a lack of privacy awareness in the modern digital age, and the prevalence and harms of security breaches across the technology industry. ## Site License diff --git a/docs/about/contributors.md b/docs/about/contributors.md index 39a92d655f..cafa44bc1b 100644 --- a/docs/about/contributors.md +++ b/docs/about/contributors.md @@ -10,7 +10,7 @@ This project follows the [all-contributors](https://github.com/all-contributors/ | Emoji | Type | Description | --- | --- | --- -| 📖 | `doc` | A contributor to the content on [privacyguides.org](https://www.privacyguides.org/en/). +| 📖 | `doc` | A contributor to the content on [privacyguides.org](https://www.privacyguides.org/en). | 👀 | `review` | Someone who has taken the time to review [pull requests](https://github.com/privacyguides/privacyguides.org/pulls) to the site. | 📝 | `blog` | Someone who has written a [blog](https://blog.privacyguides.org) post for us. | 💬 | `question` | Someone who has been helpful when answering questions on our [forum](https://discuss.privacyguides.net) or Matrix channels. diff --git a/docs/about/jobs/journalist.md b/docs/about/jobs/journalist.md index dd6696c58b..10fb32bde6 100644 --- a/docs/about/jobs/journalist.md +++ b/docs/about/jobs/journalist.md @@ -20,7 +20,7 @@ Privacy Guides is a small, largely volunteer-driven nonprofit media organization Your responsibilities will include, but aren’t limited to: - Creating high-quality articles for our [knowledge base](../../basics/why-privacy-matters.md). -- Performing product reviews for our [reviews](https://www.privacyguides.org/articles/category/reviews/) section and [tool recommendations](../../tools.md). +- Performing product reviews for our [reviews](https://www.privacyguides.org/articles/category/reviews) section and [tool recommendations](../../tools.md). - Researching new topics to cover. - Interviewing and fact-checking all relevant sources. - Regular posting of high-quality, unbiased journalistic content across our platforms. diff --git a/docs/basics/account-creation.md b/docs/basics/account-creation.md index 22b11db619..44b4f4ebd1 100644 --- a/docs/basics/account-creation.md +++ b/docs/basics/account-creation.md @@ -74,7 +74,7 @@ Malicious applications, particularly on mobile devices where the application has ### Phone number -We recommend avoiding services that require a phone number for sign up. A phone number can identity you across multiple services and depending on data sharing agreements this will make your usage easier to track, particularly if one of those services is breached as the phone number is often **not** encrypted. +We recommend avoiding services that require a phone number for sign up. A phone number can identify you across multiple services and depending on data sharing agreements this will make your usage easier to track, particularly if one of those services is breached as the phone number is often **not** encrypted. You should avoid giving out your real phone number if you can. Some services will allow the use of VOIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts. diff --git a/docs/data-broker-removals.md b/docs/data-broker-removals.md index c236cc4eb2..131920f30a 100644 --- a/docs/data-broker-removals.md +++ b/docs/data-broker-removals.md @@ -27,21 +27,21 @@ The quickest, most effective, and most private way to remove yourself from peopl You should search for your information on these sites first, and submit an opt-out request if your information is found. Removing your data from these providers typically removes your data from many smaller sites at the same time. -- Advanced Background Checks ([Search](https://www.advancedbackgroundchecks.com/), [Opt-Out](https://www.advancedbackgroundchecks.com/removal)) -- BeenVerified ([Search](https://www.beenverified.com/app/optout/search), [Opt-Out](https://www.beenverified.com/app/optout/address-search)) +- Advanced Background Checks ([Search](https://advancedbackgroundchecks.com), [Opt-Out](https://advancedbackgroundchecks.com/removal)) +- BeenVerified ([Search](https://beenverified.com/app/optout/search), [Opt-Out](https://beenverified.com/app/optout/address-search)) - CheckPeople ([Search](https://checkpeople.com/do-not-sell-info), select *Remove Record* to opt-out) -- ClustrMaps ([Search](https://clustrmaps.com/), [Opt-Out](https://clustrmaps.com/bl/opt-out)) -- Dataveria ([Search](https://dataveria.com/), [Opt-Out](https://dataveria.com/ng/control/privacy)) -- Glad I Know ([Search](https://gladiknow.com/), [Opt-Out](https://gladiknow.com/opt-out)) -- InfoTracer ([Search](https://www.infotracer.com/), [Opt-Out](https://www.infotracer.com/optout)) -- Intelius ([Search](https://www.intelius.com/), [Opt-Out](https://suppression.peopleconnect.us/login)) -- PeekYou ([Search](https://www.peekyou.com/), [Opt-Out](https://www.peekyou.com/about/contact/optout)) -- PublicDataUSA ([Search](https://www.publicdatausa.com/), [Opt-Out](https://www.publicdatausa.com/remove.php)) -- Radaris ([Search](https://radaris.com/), [Opt-Out](https://radaris.com/page/how-to-remove)) -- Spokeo ([Search](https://www.spokeo.com/search), [Opt-Out](https://www.spokeo.com/optout)) -- That's Them ([Search](https://thatsthem.com/), [Opt-Out](https://thatsthem.com/optout)) -- USPhonebook ([Search and Opt-Out](https://www.usphonebook.com/opt-out/)) -- Whitepages ([Search](https://www.whitepages.com/), [Opt-Out](https://www.whitepages.com/suppression_requests)) +- ClustrMaps ([Search](https://clustrmaps.com), [Opt-Out](https://clustrmaps.com/bl/opt-out)) +- Dataveria ([Search](https://dataveria.com), [Opt-Out](https://dataveria.com/ng/control/privacy)) +- Glad I Know ([Search](https://gladiknow.com), [Opt-Out](https://gladiknow.com/opt-out)) +- InfoTracer ([Search](https://infotracer.com), [Opt-Out](https://infotracer.com/optout)) +- Intelius ([Search](https://intelius.com), [Opt-Out](https://suppression.peopleconnect.us/login)) +- PeekYou ([Search](https://peekyou.com), [Opt-Out](https://peekyou.com/about/contact/optout)) +- PublicDataUSA ([Search](https://publicdatausa.com), [Opt-Out](https://publicdatausa.com/remove.php)) +- Radaris ([Search](https://radaris.com), [Opt-Out](https://radaris.com/page/how-to-remove)) +- Spokeo ([Search](https://spokeo.com/search), [Opt-Out](https://spokeo.com/optout)) +- That's Them ([Search](https://thatsthem.com), [Opt-Out](https://thatsthem.com/optout)) +- USPhonebook ([Search and Opt-Out](https://usphonebook.com/opt-out)) +- Whitepages ([Search](https://whitepages.com), [Opt-Out](https://whitepages.com/suppression_requests))

A tip on opt-out strategy

@@ -84,9 +84,9 @@ Our testing indicates that EasyOptOuts provides the best value out of any data r EasyOptOuts does not cover the following sites we consider to be "high priority," so you should still manually opt-out of: -- Intelius ([Search](https://www.intelius.com/), [Opt-Out](https://suppression.peopleconnect.us/login)) -- PeekYou ([Search](https://www.peekyou.com/), [Opt-Out](https://www.peekyou.com/about/contact/optout)) -- PublicDataUSA ([Search](https://www.publicdatausa.com/), [Opt-Out](https://www.publicdatausa.com/remove.php)) +- Intelius ([Search](https://intelius.com), [Opt-Out](https://suppression.peopleconnect.us/login)) +- PeekYou ([Search](https://peekyou.com), [Opt-Out](https://peekyou.com/about/contact/optout)) +- PublicDataUSA ([Search](https://publicdatausa.com), [Opt-Out](https://publicdatausa.com/remove.php))
diff --git a/docs/real-time-communication.md b/docs/real-time-communication.md index 5198f451dc..e0ea1cae5f 100644 --- a/docs/real-time-communication.md +++ b/docs/real-time-communication.md @@ -100,7 +100,7 @@ Note that you are trusting multiple parties by using Molly, as you now need to t There is a version of Molly called **Molly-FOSS** which removes proprietary code like the Google services used by both Signal and Molly, at the expense of some features like battery-saving push notifications via Google Play Services. -There is also a version called [**Molly-UP**](https://github.com/mollyim/mollyim-android#unifiedpush) which is based on Molly-FOSS and adds support for push notifications with [UnifiedPush](https://unifiedpush.org/), an open source alternative to the push notifications provided by Google Play Services, but it requires running a separate program called [Mollysocket](https://github.com/mollyim/mollysocket) to function. Mollysocket can either be self-hosted on a separate computer or server (VPS), or alternatively a public Mollysocket instance can be used ([step-by-step tutorial, in German](https://kuketz-blog.de/messenger-wechsel-von-signal-zu-molly-unifiedpush-mollysocket-ntfy)). +There is also a version called [**Molly-UP**](https://github.com/mollyim/mollyim-android#unifiedpush) which is based on Molly-FOSS and adds support for push notifications with [UnifiedPush](https://unifiedpush.org), an open source alternative to the push notifications provided by Google Play Services, but it requires running a separate program called [Mollysocket](https://github.com/mollyim/mollysocket) to function. Mollysocket can either be self-hosted on a separate computer or server (VPS), or alternatively a public Mollysocket instance can be used ([step-by-step tutorial, in German](https://kuketz-blog.de/messenger-wechsel-von-signal-zu-molly-unifiedpush-mollysocket-ntfy)). All three versions of Molly provide the same security improvements. diff --git a/docs/tools.md b/docs/tools.md index 5ebfb8bd24..0d4d8b8841 100644 --- a/docs/tools.md +++ b/docs/tools.md @@ -88,7 +88,7 @@ For more details about each project, why they were chosen, and additional tips o --- - We recommend **Safari** due to its [anti-fingerprinting](https://webkit.org/blog/15697/private-browsing-2-0/) features and default tracker blocking. It also separates your cookies in private browsing mode to prevent tracking between tabs. + We recommend **Safari** due to its [anti-fingerprinting](https://webkit.org/blog/15697/private-browsing-2-0) features and default tracker blocking. It also separates your cookies in private browsing mode to prevent tracking between tabs. - [Read Full Review :material-arrow-right-drop-circle:](mobile-browsers.md#safari-ios) diff --git a/docs/tor.md b/docs/tor.md index 7a1758df3e..624721fa1c 100644 --- a/docs/tor.md +++ b/docs/tor.md @@ -127,7 +127,7 @@ All versions are signed using the same signature so they should be compatible wi ![Onion Browser logo](assets/img/self-contained-networks/onion_browser.svg){ align=right } -**Onion Browser** is an open-source browser that lets you browse the web anonymously over the Tor network on iOS devices and is endorsed by the [Tor Project](https://support.torproject.org/glossary/onion-browser). [:material-star-box: Read our latest Onion Browser review.](/articles/2024/09/18/onion-browser-review/) +**Onion Browser** is an open-source browser that lets you browse the web anonymously over the Tor network on iOS devices and is endorsed by the [Tor Project](https://support.torproject.org/glossary/onion-browser). [:material-star-box: Read our latest Onion Browser review.](/articles/2024/09/18/onion-browser-review) [:octicons-home-16: Homepage](https://onionbrowser.com){ .md-button .md-button--primary } [:octicons-eye-16:](https://onionbrowser.com/privacy-policy){ .card-link title="Privacy Policy" } From d4f8370fc3f59fc95f6130e3e6034c57c1d3c961 Mon Sep 17 00:00:00 2001 From: redoomed1 <161974310+redoomed1@users.noreply.github.com> Date: Mon, 11 Nov 2024 04:23:44 +0000 Subject: [PATCH 05/21] update: Disabling search suggestions (#2800) Signed-off-by: fria <138676274+friadev@users.noreply.github.com> Signed-off-by: Daniel Gray --- docs/desktop-browsers.md | 23 +++++++++++++++-------- docs/mobile-browsers.md | 12 +++++++++--- 2 files changed, 24 insertions(+), 11 deletions(-) diff --git a/docs/desktop-browsers.md b/docs/desktop-browsers.md index 86c1b5e76a..100a7a0285 100644 --- a/docs/desktop-browsers.md +++ b/docs/desktop-browsers.md @@ -74,7 +74,7 @@ If you need to browse the internet anonymously, you should use [Tor](tor.md) ins [:octicons-home-16: Homepage](https://mullvad.net/en/browser){ .md-button .md-button--primary } [:octicons-eye-16:](https://mullvad.net/en/help/privacy-policy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://mullvad.net/en/help/tag/mullvad-browser){ .card-link title=Documentation} +[:octicons-info-16:](https://mullvad.net/en/help/tag/mullvad-browser){ .card-link title="Documentation" } [:octicons-code-16:](https://gitlab.torproject.org/tpo/applications/mullvad-browser){ .card-link title="Source Code" }
@@ -120,9 +120,9 @@ Mullvad Browser comes with DuckDuckGo set as the default [search engine](search- [:octicons-home-16: Homepage](https://firefox.com){ .md-button .md-button--primary } [:octicons-eye-16:](https://mozilla.org/privacy/firefox){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://support.mozilla.org/products/firefox){ .card-link title=Documentation} +[:octicons-info-16:](https://support.mozilla.org/products/firefox){ .card-link title="Documentation" } [:octicons-code-16:](https://hg.mozilla.org/mozilla-central){ .card-link title="Source Code" } -[:octicons-heart-16:](https://donate.mozilla.org){ .card-link title=Contribute } +[:octicons-heart-16:](https://donate.mozilla.org){ .card-link title="Contribute" }
Downloads @@ -184,6 +184,8 @@ This protects you from persistent cookies, but does not protect you against cook - [ ] Uncheck **Allow Firefox to install and run studies** - [ ] Uncheck **Allow Firefox to send backlogged crash reports on your behalf** +According to Mozilla's privacy policy for Firefox, + > Firefox sends data about your Firefox version and language; device operating system and hardware configuration; memory, basic information about crashes and errors; outcome of automated processes like updates, safebrowsing, and activation to us. When Firefox sends data to us, your IP address is temporarily collected as part of our server logs. Additionally, the Mozilla Accounts service collects [some technical data](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt-out: @@ -226,7 +228,7 @@ Max Protection enforces the use of DNS over HTTPS, and a security warning will s The [Arkenfox project](https://github.com/arkenfox/user.js) provides a set of carefully considered options for Firefox. If you [decide](https://github.com/arkenfox/user.js/wiki/1.1-To-Arkenfox-or-Not) to use Arkenfox, a [few options](https://github.com/arkenfox/user.js/wiki/3.2-Overrides-[Common]) are subjectively strict and/or may cause some websites to not work properly—which you can [easily change](https://github.com/arkenfox/user.js/wiki/3.1-Overrides) to suit your needs. We **strongly recommend** reading through their full [wiki](https://github.com/arkenfox/user.js/wiki). Arkenfox also enables [container](https://support.mozilla.org/kb/containers#w_for-advanced-users) support. -Arkenfox only aims to thwart basic or naive tracking scripts through canvas randomization and Firefox's built-in fingerprint resistance configuration settings. It does not aim to make your browser blend in with a large crowd of other Arkenfox users in the same way Mullvad Browser or Tor Browser do, which is the only way to thwart advanced fingerprint tracking scripts. Remember you can always use multiple browsers, for example, you could consider using Firefox+Arkenfox for a few sites that you want to stay logged in on or otherwise trust, and Mullvad Browser for general browsing. +Arkenfox only aims to thwart basic or naive tracking scripts through canvas randomization and Firefox's built-in fingerprint resistance configuration settings. It does not aim to make your browser blend in with a large crowd of other Arkenfox users in the same way Mullvad Browser or Tor Browser do, which is the only way to thwart advanced fingerprint tracking scripts. Remember that you can always use multiple browsers, for example, you could consider using Firefox+Arkenfox for a few sites that you want to stay logged in on or otherwise trust, and Mullvad Browser for general browsing. ## Brave @@ -241,7 +243,7 @@ Brave is built upon the Chromium web browser project, so it should feel familiar [:octicons-home-16: Homepage](https://brave.com){ .md-button .md-button--primary } [:simple-torbrowser:](https://brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title="Onion Service" } [:octicons-eye-16:](https://brave.com/privacy/browser){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://support.brave.com){ .card-link title=Documentation} +[:octicons-info-16:](https://support.brave.com){ .card-link title="Documentation" } [:octicons-code-16:](https://github.com/brave/brave-browser){ .card-link title="Source Code" }
@@ -324,7 +326,7 @@ If you wish to stay logged in to a particular site you visit often, you can set ##### Tor windows -[**Private Window with Tor**](https://support.brave.com/hc/articles/360018121491-What-is-a-Private-Window-with-Tor-Connectivity) allows you to route your traffic through the Tor network in Private Windows and access .onion services, which may be useful in some cases. However, Brave is **not** as resistant to fingerprinting as the Tor Browser and far fewer people use Brave with Tor, so you will stand out. If your threat model requires strong anonymity, use the [Tor Browser](tor.md#tor-browser). +[**Private Window with Tor**](https://support.brave.com/hc/articles/360018121491-What-is-a-Private-Window-with-Tor-Connectivity) allows you to route your traffic through the Tor network in Private Windows and access .onion services, which may be useful in some cases. However, Brave is **not** as resistant to fingerprinting as the Tor Browser is, and far fewer people use Brave with Tor, so you will stand out. If your threat model requires strong anonymity, use the [Tor Browser](tor.md#tor-browser). ##### Data Collection @@ -343,6 +345,12 @@ Brave's Web3 features can potentially add to your browser fingerprint and attack - [ ] Uncheck all built-in extensions you don't use +#### Search engine + +We recommend disabling search suggestions in Brave for the same reason we recommend disabling this feature in [Firefox](#search). + +- [ ] Uncheck **Show search suggestions** + #### System
@@ -383,8 +391,7 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should include built-in content blocking functionality. - Should support cookie compartmentalization (à la [Multi-Account Containers](https://support.mozilla.org/kb/containers)). -- Should support Progressive Web Apps. - PWAs enable you to install certain websites as if they were native apps on your computer. This can have advantages over installing Electron-based apps, because PWAs benefit from your browser's regular security updates. +- Should support Progressive Web Apps (PWAs). PWAs enable you to install certain websites as if they were native apps on your computer. This can have advantages over installing Electron-based apps because PWAs benefit from your browser's regular security updates. - Should not include add-on functionality (bloatware) that does not impact user privacy. - Should not collect telemetry by default. - Should provide an open-source sync server implementation. diff --git a/docs/mobile-browsers.md b/docs/mobile-browsers.md index 60d5a96f64..acd276d8c4 100644 --- a/docs/mobile-browsers.md +++ b/docs/mobile-browsers.md @@ -56,7 +56,7 @@ Brave is built upon the Chromium web browser project, so it should feel familiar [:octicons-home-16: Homepage](https://brave.com){ .md-button .md-button--primary } [:simple-torbrowser:](https://brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title="Onion Service" } [:octicons-eye-16:](https://brave.com/privacy/browser){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://support.brave.com){ .card-link title=Documentation} +[:octicons-info-16:](https://support.brave.com){ .card-link title="Documentation" } [:octicons-code-16:](https://github.com/brave/brave-browser){ .card-link title="Source Code" }
@@ -179,6 +179,12 @@ These options can be found in :material-menu: → **Settings** → **Leo**. 1. This option is not present in Brave's iOS app. +### Search engines + +These options can be found in :material-menu:/:fontawesome-solid-ellipsis: → **Settings** → **Search engines**. + +- [ ] Uncheck **Show search suggestions** + ### Brave Sync [Brave Sync](https://support.brave.com/hc/articles/360059793111-Understanding-Brave-Sync) allows your browsing data (history, bookmarks, etc.) to be accessible on all your devices without requiring an account and protects it with E2EE. @@ -193,7 +199,7 @@ These options can be found in :material-menu: → **Settings** → **Leo**. [:octicons-home-16: Homepage](https://divestos.org/pages/our_apps#mull){ .md-button .md-button--primary } [:octicons-eye-16:](https://divestos.org/pages/privacy_policy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://divestos.org/pages/browsers#tuningFenix){ .card-link title=Documentation } +[:octicons-info-16:](https://divestos.org/pages/browsers#tuningFenix){ .card-link title="Documentation" } [:octicons-code-16:](https://codeberg.org/divested-mobile/mull-fenix){ .card-link title="Source Code" }
@@ -239,7 +245,7 @@ On iOS, any app that can browse the web is [restricted](https://developer.apple. [:octicons-home-16: Homepage](https://apple.com/safari){ .md-button .md-button--primary } [:octicons-eye-16:](https://apple.com/legal/privacy/data/en/safari){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://support.apple.com/guide/iphone/browse-the-web-iph1fbef4daa/ios){ .card-link title=Documentation} +[:octicons-info-16:](https://support.apple.com/guide/iphone/browse-the-web-iph1fbef4daa/ios){ .card-link title="Documentation" }
From 9d05fe7cb2ef0e2f377f49ed192c74f390afaa99 Mon Sep 17 00:00:00 2001 From: redoomed1 <161974310+redoomed1@users.noreply.github.com> Date: Mon, 11 Nov 2024 13:58:32 +0000 Subject: [PATCH 06/21] update: Refine OS Encryption section (#2805) Signed-off-by: fria <138676274+friadev@users.noreply.github.com> Signed-off-by: Daniel Gray --- docs/encryption.md | 22 ++++++++++++---------- docs/os/macos-overview.md | 4 ++-- docs/tools.md | 8 +++++--- 3 files changed, 19 insertions(+), 15 deletions(-) diff --git a/docs/encryption.md b/docs/encryption.md index 19911d5099..0da24c558b 100644 --- a/docs/encryption.md +++ b/docs/encryption.md @@ -9,7 +9,7 @@ cover: encryption.webp ## Multi-platform -The options listed here are multi-platform and great for creating encrypted backups of your data. +The options listed here are available on multiple platforms and great for creating encrypted backups of your data. ### Cryptomator (Cloud) @@ -114,13 +114,13 @@ When encrypting with VeraCrypt, you have the option to select from different [ha Truecrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit). -## OS Full Disk Encryption +## Operating System Encryption Protects against the following threat(s): - [:material-target-account: Targeted Attacks](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red } -For encrypting the drive your operating system boots from, we generally recommend enabling the encryption software that comes with your operating system rather than using a third-party tool. This is because your operating system's native encryption tools often make use of OS and hardware-specific features like the [secure cryptoprocessor](https://en.wikipedia.org/wiki/Secure_cryptoprocessor) in your device to protect your computer against more advanced physical attacks. For secondary drives and external drives which you *don't* boot from, we still recommend using open-source tools like [VeraCrypt](#veracrypt-disk) over the tools below, because they offer additional flexibility and let you avoid vendor lock-in. +Built-in OS encryption solutions generally leverage hardware security features such as a [secure cryptoprocessor](basics/hardware.md#tpmsecure-cryptoprocessor). Therefore, we recommend using the built-in encryption solutions for your operating system. For cross-platform encryption, we still recommend [cross-platform tools](#multi-platform) for additional flexibility and to avoid vendor lock-in. ### BitLocker @@ -128,7 +128,7 @@ For encrypting the drive your operating system boots from, we generally recommen ![BitLocker logo](assets/img/encryption-software/bitlocker.png){ align=right } -**BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://learn.microsoft.com/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection). +**BitLocker** is the full volume encryption solution bundled with Microsoft Windows that uses the Trusted Platform Module ([TPM](https://learn.microsoft.com/windows/security/information-protection/tpm/how-windows-uses-the-tpm)) for hardware-based security. [:octicons-info-16:](https://learn.microsoft.com/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title="Documentation" } @@ -136,7 +136,7 @@ For encrypting the drive your operating system boots from, we generally recommen
-BitLocker is [only supported](https://support.microsoft.com/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) on Pro, Enterprise and Education editions of Windows. It can be enabled on Home editions provided that they meet the prerequisites. +BitLocker is [officially supported](https://support.microsoft.com/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) on the Pro, Enterprise, and Education editions of Windows. It can be enabled on Home editions provided that they meet the following prerequisites.
Enabling BitLocker on Windows Home @@ -186,7 +186,7 @@ Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device ![FileVault logo](assets/img/encryption-software/filevault.png){ align=right } -**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip. +**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple silicon SoC or T2 Security Chip. [:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title="Documentation" } @@ -194,7 +194,7 @@ Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device -We recommend storing a local recovery key in a secure place as opposed to using your iCloud account for recovery. +We advise against using your iCloud account for recovery; instead, you should securely store a local recovery key on a separate storage device. ### Linux Unified Key Setup @@ -376,7 +376,7 @@ We suggest [Canary Mail](email-clients.md#canary-mail-ios) for using PGP with em ![GPG Suite logo](assets/img/encryption-software/gpgsuite.png){ align=right } -**GPG Suite** provides OpenPGP support for [Apple Mail](email-clients.md#apple-mail-macos) and macOS. +**GPG Suite** provides OpenPGP support for [Apple Mail](email-clients.md#apple-mail-macos) and other email clients on macOS. We recommend taking a look at their [First steps](https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email) and [Knowledge Base](https://gpgtools.tenderapp.com/kb) for support. @@ -394,7 +394,7 @@ We recommend taking a look at their [First steps](https://gpgtools.tenderapp.com -Currently, GPG Suite does [not yet](https://gpgtools.com/sonoma) have a stable release for macOS Sonoma. +Currently, GPG Suite does [not yet](https://gpgtools.com/sequoia) have a stable release for macOS Sonoma and later. ### OpenKeychain @@ -402,7 +402,7 @@ Currently, GPG Suite does [not yet](https://gpgtools.com/sonoma) have a stable r ![OpenKeychain logo](assets/img/encryption-software/openkeychain.svg){ align=right } -**OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [Thunderbird](email-clients.md#thunderbird) and [FairEmail](email-clients.md#fairemail-android) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015). +**OpenKeychain** is an implementation of GnuPG for Android. It's commonly required by mail clients such as [Thunderbird](email-clients.md#thunderbird), [FairEmail](email-clients.md#fairemail-android), and other Android apps to provide encryption support. [:octicons-home-16: Homepage](https://openkeychain.org){ .md-button .md-button--primary } [:octicons-eye-16:](https://openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" } @@ -418,6 +418,8 @@ Currently, GPG Suite does [not yet](https://gpgtools.com/sonoma) have a stable r +Cure53 completed a [security audit](https://openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. The published audit and OpenKeychain's solutions to the issues raised in the audit can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015). + ## Criteria **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. diff --git a/docs/os/macos-overview.md b/docs/os/macos-overview.md index acca6171a3..67e87e378f 100644 --- a/docs/os/macos-overview.md +++ b/docs/os/macos-overview.md @@ -121,7 +121,7 @@ Decide whether you want personalized ads based on your usage. ##### FileVault -On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling FileVault additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on. +On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on. On older Intel-based Mac computers, FileVault is the only form of disk encryption available by default, and should always be enabled. @@ -233,7 +233,7 @@ We recommend against installing third-party antivirus software as they typically ##### Backups -macOS comes with automatic backup software called [Time Machine](https://support.apple.com/HT201250), so you can create encrypted backups to an external or network drive in the event of corrupted/deleted files. +macOS comes with automatic backup software called [Time Machine](https://support.apple.com/HT201250), so you can create encrypted backups to an external drive or a network drive in the event of corrupted/deleted files. ### Hardware Security diff --git a/docs/tools.md b/docs/tools.md index 0d4d8b8841..ba6f577a46 100644 --- a/docs/tools.md +++ b/docs/tools.md @@ -404,14 +404,16 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b ### Encryption Software
-Operating System Disk Encryption +Operating System Encryption -For encrypting your operating system drive, we typically recommend using whichever encryption tool your operating system provides, whether that is **BitLocker** on Windows, **FileVault** on macOS, or **LUKS** on Linux. These tools are included with the operating system and typically use hardware encryption elements such as a TPM that other full-disk encryption software like VeraCrypt do not. VeraCrypt is still suitable for non-operating system disks such as external drives, especially drives that may be accessed from multiple operating systems. +For encrypting your OS drive, we typically recommend using the encryption tool your operating system provides, whether that is **BitLocker** on Windows, **FileVault** on macOS, or **LUKS** on Linux. These tools are included with the operating system and take advantage of hardware encryption elements such as a [secure cryptoprocessor](basics/hardware.md/#tpmsecure-cryptoprocessor). -[Learn more :material-arrow-right-drop-circle:](encryption.md#os-full-disk-encryption) +[Learn more :material-arrow-right-drop-circle:](encryption.md#operating-system-encryption)
+#### Cross-platform Tools +
- ![Cryptomator logo](assets/img/encryption-software/cryptomator.svg){ .twemoji loading=lazy } [Cryptomator](encryption.md#cryptomator-cloud) From 0b78517a9d0d47144deef1848f4eded521f2ea09 Mon Sep 17 00:00:00 2001 From: Jonah Aragon Date: Mon, 11 Nov 2024 12:43:08 -0600 Subject: [PATCH 07/21] ci: Release to Garage, stop mirroring to Sourcehut --- .github/workflows/publish-mirror.yml | 11 ----------- .github/workflows/publish-pr.yml | 20 +++++++++++++++++--- .github/workflows/publish-release.yml | 2 ++ 3 files changed, 19 insertions(+), 14 deletions(-) diff --git a/.github/workflows/publish-mirror.yml b/.github/workflows/publish-mirror.yml index 116ae80c20..b5216fa1b1 100644 --- a/.github/workflows/publish-mirror.yml +++ b/.github/workflows/publish-mirror.yml @@ -51,14 +51,3 @@ jobs: with: source-repo: "git@github.com:privacyguides/privacyguides.org.git" destination-repo: "git@codeberg.org:privacyguides/privacyguides.org.git" - - sourcehut: - runs-on: ubuntu-latest - steps: - - name: Mirror to SourceHut - uses: wearerequired/git-mirror-action@v1 - env: - SSH_PRIVATE_KEY: ${{ secrets.ACTIONS_SSH_KEY }} - with: - source-repo: "git@github.com:privacyguides/privacyguides.org.git" - destination-repo: "git@git.sr.ht:~jonaharagon/privacyguides.org" diff --git a/.github/workflows/publish-pr.yml b/.github/workflows/publish-pr.yml index 65f1a8ffd2..962d91d898 100644 --- a/.github/workflows/publish-pr.yml +++ b/.github/workflows/publish-pr.yml @@ -87,7 +87,7 @@ jobs: echo "pr_number=$(cat metadata/NR)" >> "$GITHUB_OUTPUT" echo "sha=$(cat metadata/SHA)" >> "$GITHUB_OUTPUT" - deploy: + deploy_netlify: needs: metadata permissions: contents: read @@ -99,13 +99,27 @@ jobs: secrets: NETLIFY_TOKEN: ${{ secrets.NETLIFY_TOKEN }} + deploy_garage: + needs: metadata + permissions: + contents: read + + uses: privacyguides/webserver/.github/workflows/deploy-garage-preview.yml@main + with: + alias: ${{ needs.metadata.outputs.pr_number }} + bucket: ${{ vars.PREVIEW_GARAGE_BUCKET }} + hostname: ${{ vars.PREVIEW_GARAGE_HOSTNAME }} + secrets: + PREVIEW_GARAGE_KEY_ID: ${{ secrets.PREVIEW_GARAGE_KEY_ID }} + PREVIEW_GARAGE_SECRET_KEY: ${{ secrets.PREVIEW_GARAGE_SECRET_KEY }} + comment: permissions: pull-requests: write - needs: [deploy, metadata] + needs: [deploy_netlify, metadata] runs-on: ubuntu-latest env: - address: ${{ needs.deploy.outputs.address }} + address: ${{ needs.deploy_netlify.outputs.address }} steps: - uses: thollander/actions-comment-pull-request@v2.5.0 with: diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml index d5c25113e8..89e4d1e2bf 100644 --- a/.github/workflows/publish-release.yml +++ b/.github/workflows/publish-release.yml @@ -90,6 +90,8 @@ jobs: NETLIFY_TOKEN: ${{ secrets.NETLIFY_TOKEN }} PROD_MINIO_KEY_ID: ${{ secrets.PROD_MINIO_KEY_ID }} PROD_MINIO_SECRET_KEY: ${{ secrets.PROD_MINIO_SECRET_KEY }} + PROD_GARAGE_KEY_ID: ${{ secrets.PROD_GARAGE_KEY_ID }} + PROD_GARAGE_SECRET_KEY: ${{ secrets.PROD_GARAGE_SECRET_KEY }} CF_API_TOKEN: ${{ secrets.CF_API_TOKEN }} CF_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }} CLUSTER_USERNAME: ${{ secrets.CLUSTER_USERNAME }} From d62e22161563724f7bba1fce4393731169525338 Mon Sep 17 00:00:00 2001 From: Jonah Aragon Date: Mon, 11 Nov 2024 13:06:50 -0600 Subject: [PATCH 08/21] ci: Build blog automatically on release --- .github/workflows/build.yml | 18 ++++++++++++------ .github/workflows/publish-release.yml | 15 +++++++++++++-- 2 files changed, 25 insertions(+), 8 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index bb0172afbf..26edc9ac64 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -27,6 +27,9 @@ on: strict: type: boolean default: false + cache: + type: boolean + default: true permissions: contents: read @@ -119,6 +122,7 @@ jobs: - name: Restore Privacy Plugin Cache uses: actions/cache/restore@v4.0.2 id: privacy_cache_restore + if: inputs.cache with: key: privacy-cache-${{ inputs.repo }}-${{ hashfiles('.cache/plugin/privacy/**') }} path: | @@ -131,6 +135,7 @@ jobs: - name: Restore Social Plugin Cache uses: actions/cache/restore@v4.0.2 id: social_cache_restore + if: inputs.cache with: key: social-cache-${{ inputs.repo }}-${{ inputs.lang }}-${{ hashfiles('.cache/plugin/social/manifest.json') }} path: | @@ -143,6 +148,7 @@ jobs: - name: Restore Optimize Plugin Cache uses: actions/cache/restore@v4.0.2 id: optimize_cache_restore + if: inputs.cache with: key: optimize-cache-${{ inputs.repo }}-${{ hashfiles('.cache/plugin/optimize/manifest.json') }} path: | @@ -176,7 +182,7 @@ jobs: - name: Find Privacy Plugin Cache uses: actions/cache/restore@v4.0.2 - if: steps.privacy_cache_restore.outputs.cache-hit != 'true' + if: steps.privacy_cache_restore.outputs.cache-hit != 'true' && inputs.cache id: privacy_cache_test with: key: privacy-cache-privacyguides/privacyguides.org-${{ hashfiles('.cache/plugin/privacy/**') }} @@ -186,7 +192,7 @@ jobs: - name: Find Social Plugin Cache uses: actions/cache/restore@v4.0.2 - if: steps.social_cache_restore.outputs.cache-hit != 'true' + if: steps.social_cache_restore.outputs.cache-hit != 'true' && inputs.cache id: social_cache_test with: key: social-cache-privacyguides/privacyguides.org-${{ inputs.lang }}-${{ hashfiles('.cache/plugin/social/manifest.json') }} @@ -197,7 +203,7 @@ jobs: - name: Find Optimize Plugin Cache uses: actions/cache/restore@v4.0.2 - if: steps.optimize_cache_restore.outputs.cache-hit != 'true' + if: steps.optimize_cache_restore.outputs.cache-hit != 'true' && inputs.cache id: optimize_cache_test with: key: optimize-cache-privacyguides/privacyguides.org-${{ hashfiles('.cache/plugin/optimize/manifest.json') }} @@ -207,14 +213,14 @@ jobs: - name: Save Privacy Plugin Cache uses: actions/cache/save@v4.0.2 - if: steps.privacy_cache_test.outputs.cache-hit != 'true' + if: steps.privacy_cache_test.outputs.cache-hit != 'true' && inputs.cache with: key: privacy-cache-${{ inputs.repo }}-${{ hashfiles('.cache/plugin/privacy/**') }} path: .cache/plugin/privacy - name: Save Social Plugin Cache uses: actions/cache/save@v4.0.2 - if: steps.social_cache_test.outputs.cache-hit != 'true' + if: steps.social_cache_test.outputs.cache-hit != 'true' && inputs.cache with: key: social-cache-${{ inputs.repo }}-${{ inputs.lang }}-${{ hashfiles('.cache/plugin/social/manifest.json') }} path: | @@ -223,7 +229,7 @@ jobs: - name: Save Optimize Plugin Cache uses: actions/cache/save@v4.0.2 - if: steps.optimize_cache_test.outputs.cache-hit != 'true' + if: steps.optimize_cache_test.outputs.cache-hit != 'true' && inputs.cache with: key: optimize-cache-${{ inputs.repo }}-${{ hashfiles('.cache/plugin/optimize/manifest.json') }} path: .cache/plugin/optimize diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml index 89e4d1e2bf..c04d40c003 100644 --- a/.github/workflows/publish-release.yml +++ b/.github/workflows/publish-release.yml @@ -62,6 +62,17 @@ jobs: lang: ${{ matrix.lang }} context: production continue-on-error: false + cache: false + + build_blog: + needs: submodule + permissions: + contents: read + uses: ./.github/workflows/build-blog.yml + with: + repo: ${{ github.repository }} + ref: ${{ github.ref }} + continue-on-error: false release: name: Create release notes @@ -84,7 +95,7 @@ jobs: makeLatest: true deploy: - needs: build + needs: [build, build_blog] uses: privacyguides/webserver/.github/workflows/deploy-all.yml@main secrets: NETLIFY_TOKEN: ${{ secrets.NETLIFY_TOKEN }} @@ -101,5 +112,5 @@ jobs: cleanup: if: ${{ always() }} - needs: build + needs: [build, build_blog] uses: privacyguides/.github/.github/workflows/cleanup.yml@main From 12c58d567cbf437a73d305629c9a2bbf3258c06a Mon Sep 17 00:00:00 2001 From: Jonah Aragon Date: Mon, 11 Nov 2024 17:34:27 -0600 Subject: [PATCH 09/21] style: Homepage performance improvements (#2806) --- .github/workflows/publish-pr.yml | 4 ++-- docs/index.md | 8 ++++---- includes/strings.en.env | 4 +--- mkdocs.yml | 15 +++++---------- theme/assets/javascripts/discourse-topics.js | 3 +++ theme/home.html | 2 +- theme/partials/alternate.html | 4 ++-- theme/partials/copyright.html | 2 +- theme/partials/logo.html | 4 ++-- 9 files changed, 21 insertions(+), 25 deletions(-) diff --git a/.github/workflows/publish-pr.yml b/.github/workflows/publish-pr.yml index 962d91d898..0853eab43d 100644 --- a/.github/workflows/publish-pr.yml +++ b/.github/workflows/publish-pr.yml @@ -116,10 +116,10 @@ jobs: comment: permissions: pull-requests: write - needs: [deploy_netlify, metadata] + needs: [deploy_garage, metadata] runs-on: ubuntu-latest env: - address: ${{ needs.deploy_netlify.outputs.address }} + address: ${{ needs.deploy_garage.outputs.address }} steps: - uses: thollander/actions-comment-pull-request@v2.5.0 with: diff --git a/docs/index.md b/docs/index.md index 23f1e59c74..43d208fab9 100644 --- a/docs/index.md +++ b/docs/index.md @@ -86,7 +86,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
-- ![Proton Mail logo](assets/img/email/protonmail.svg){ .lg .middle .twemoji } **Proton Mail** +- ![Proton Mail logo](assets/img/email/protonmail.svg){ .lg .middle .twemoji loading=lazy } **Proton Mail** --- @@ -94,7 +94,7 @@ Trying to protect all your data from everyone all the time is impractical, expen [:octicons-arrow-right-24: Read Full Review](email.md#proton-mail) -- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .lg .middle .twemoji } **Mailbox.org** +- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .lg .middle .twemoji loading=lazy } **Mailbox.org** --- @@ -102,7 +102,7 @@ Trying to protect all your data from everyone all the time is impractical, expen [:octicons-arrow-right-24: Read Full Review](email.md#mailboxorg) -- ![Tuta logo](assets/img/email/tuta.svg#only-light){ .lg .middle .twemoji }![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ .lg .middle .twemoji } **Tuta** +- ![Tuta logo](assets/img/email/tuta.svg#only-light){ .lg .middle .twemoji loading=lazy }![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ .lg .middle .twemoji loading=lazy } **Tuta** --- @@ -162,7 +162,7 @@ Trying to protect all your data from everyone all the time is impractical, expen ## About Privacy Guides -![Privacy Guides logo](assets/brand/logos/png/square/pg-yellow.png){ align=right } +![Privacy Guides logo](assets/brand/logos/png/square/pg-yellow.png){ align=right loading=lazy } Established in 2021 due to the difficulty of finding unbiased reviewers in the VPN and privacy space, **Privacy Guides** is the most popular, trustworthy, non-profit website that provides information about protecting your *personal* data security and privacy. Our crowdsourced recommendations and reviews of **privacy tools** and our community dedicated to helping others set us apart from other blogs and content creators. The team behind this project has been researching privacy and security in the open-source space for over 5 years, originally with a now-defunct web resource that eventually became the *Privacy Guides* millions of readers trust. diff --git a/includes/strings.en.env b/includes/strings.en.env index 453ab999f3..758f9d2c40 100644 --- a/includes/strings.en.env +++ b/includes/strings.en.env @@ -11,10 +11,8 @@ HOMEPAGE_CTA_DESCRIPTION="It's important for a website like Privacy Guides to al HOMEPAGE_DESCRIPTION="A socially motivated website which provides information about protecting your online data privacy and security." HOMEPAGE_RSS_CHANGELOG_LINK="https://discuss.privacyguides.net/c/site-development/changelog/9.rss" HOMEPAGE_RSS_CHANGELOG_TITLE="Privacy Guides release changelog" -HOMEPAGE_RSS_BLOG_LINK="https://blog.privacyguides.org/feed_rss_created.xml" +HOMEPAGE_RSS_BLOG_LINK="https://www.privacyguides.org/articles/feed_rss_created.xml" HOMEPAGE_RSS_BLOG_TITLE="Privacy Guides blog feed" -HOMEPAGE_RSS_STORIES_LINK="https://share.privacyguides.org/web-stories/feed/" -HOMEPAGE_RSS_STORIES_TITLE="Privacy Guides web stories feed" HOMEPAGE_RSS_FORUM_LINK="https://discuss.privacyguides.net/latest.rss" HOMEPAGE_RSS_FORUM_TITLE="Latest Privacy Guides forum topics" HOMEPAGE_HEADER="The collaborative privacy advocacy community." diff --git a/mkdocs.yml b/mkdocs.yml index b67a82985d..bcab6a69d7 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -143,14 +143,7 @@ extra: link: !ENV [ HOMEPAGE_RSS_BLOG_LINK, - "https://blog.privacyguides.org/feed_rss_created.xml", - ] - - title: - !ENV [HOMEPAGE_RSS_STORIES_TITLE, "Privacy Guides Web Stories feed"] - link: - !ENV [ - HOMEPAGE_RSS_STORIES_LINK, - "https://share.privacyguides.org/web-stories/feed/", + "https://www.privacyguides.org/articles/feed_rss_created.xml", ] - title: !ENV [ @@ -284,8 +277,10 @@ theme: extra_css: - assets/stylesheets/extra.css?v=20240802 extra_javascript: - - assets/javascripts/randomize-element.js?v=20240801 - - assets/javascripts/feedback.js?v=20240801 + - path: assets/javascripts/randomize-element.js?v=20240801 + defer: true + - path: assets/javascripts/feedback.js?v=20240801 + defer: true watch: - theme diff --git a/theme/assets/javascripts/discourse-topics.js b/theme/assets/javascripts/discourse-topics.js index 1a070aefdf..325aaf4f3f 100644 --- a/theme/assets/javascripts/discourse-topics.js +++ b/theme/assets/javascripts/discourse-topics.js @@ -79,6 +79,9 @@ async function main() { avatar.width = 20; avatar.height = 20; avatar.className = "middle"; + avatar.loading = "lazy"; + avatar.ariaHidden = "true"; + avatar.alt = ""; author.appendChild(avatar); var namespan = document.createElement('span'); namespan.innerText = " Posted by " + author_data['username']; diff --git a/theme/home.html b/theme/home.html index 018d93459c..493154197a 100644 --- a/theme/home.html +++ b/theme/home.html @@ -121,6 +121,6 @@

Latest discussions

{% endif %} {% endblock %} {% block scripts %} - + {{ super() }} {% endblock %} diff --git a/theme/partials/alternate.html b/theme/partials/alternate.html index 807b9818cd..91b2afeac7 100644 --- a/theme/partials/alternate.html +++ b/theme/partials/alternate.html @@ -27,7 +27,7 @@ {% for alt in config.extra.alternate %} {% if alt.lang == config.theme.language %} {% endif %} {% endfor %} @@ -40,7 +40,7 @@ hreflang="{{ alt.lang }}" class="md-select__link" > - {{ alt.lang }} + {{ alt.lang }} {{ alt.name }} diff --git a/theme/partials/copyright.html b/theme/partials/copyright.html index 0e57b407c0..f4f168f7c1 100644 --- a/theme/partials/copyright.html +++ b/theme/partials/copyright.html @@ -29,7 +29,7 @@
{{ copyright.note }}
- + {% for icon in copyright.license %} {% include ".icons/" ~ icon ~ ".svg" %} {% endfor %} diff --git a/theme/partials/logo.html b/theme/partials/logo.html index e102470b75..760fa4a3c6 100644 --- a/theme/partials/logo.html +++ b/theme/partials/logo.html @@ -23,5 +23,5 @@ logo logo #} --> -logo -logo +logo +logo From 7c66d26061e82fbafefb59f6059562cae35b512f Mon Sep 17 00:00:00 2001 From: jermanuts <109705802+jermanuts@users.noreply.github.com> Date: Thu, 11 Apr 2024 19:16:19 +0300 Subject: [PATCH 10/21] update: More detailed Session description (#2519) Signed-off-by: fria <138676274+friadev@users.noreply.github.com> Signed-off-by: redoomed1 <161974310+redoomed1@users.noreply.github.com> Co-Authored-By: Jonah Aragon --- docs/real-time-communication.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/real-time-communication.md b/docs/real-time-communication.md index e0ea1cae5f..becd3be3b2 100644 --- a/docs/real-time-communication.md +++ b/docs/real-time-communication.md @@ -251,7 +251,7 @@ Session uses the decentralized [Oxen Service Node Network](https://oxen.io) to s
-Session allows for E2EE in one-on-one chats or closed groups which allow for up to 100 members. Open groups have no restriction on the number of members, but are open by design. +Session allows for E2EE in one-on-one chats or closed groups which allow for up to 100 members. It is also possible to [set up](https://docs.oxen.io/oxen-docs/products-built-on-oxen/session/guides/open-group-setup) or join open groups which can host thousands of members, but messages in these open groups are **not** end-to-end encrypted between participants. Session was previously based on Signal Protocol before replacing it with their own in December 2020. Session Protocol does [not](https://getsession.org/blog/session-protocol-technical-information) support forward secrecy.[^1] From f76be45a40b336a94228073fe840b44ea88f9924 Mon Sep 17 00:00:00 2001 From: fria <138676274+friadev@users.noreply.github.com> Date: Wed, 13 Nov 2024 16:28:08 -0600 Subject: [PATCH 11/21] style: Fix typo in VPN Overview (#2812) --- docs/basics/vpn-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/basics/vpn-overview.md b/docs/basics/vpn-overview.md index d604e71909..983d26cf0d 100644 --- a/docs/basics/vpn-overview.md +++ b/docs/basics/vpn-overview.md @@ -25,7 +25,7 @@ VPNs encrypt your traffic between your device and a server owned by your VPN pro ``` mermaid flowchart LR 763931["Your Device
(with VPN Client)
"] ===|"VPN Encryption"| 404512{"VPN Server"} - 404512 -.-|"No VPN Encryption"| 593753((("The Internet\n(Your Destination)"))) + 404512 -.-|"No VPN Encryption"| 593753(("The Internet
(Your Destination)
")) subgraph 763931["Your Device
(with VPN Client)
"] end ``` From 82fb92114b10a60693ed24d08eb2a38eb802a7a3 Mon Sep 17 00:00:00 2001 From: Jonah Aragon Date: Mon, 11 Nov 2024 22:25:28 -0600 Subject: [PATCH 12/21] fix: Correct broken statistics link (#2809) Signed-off-by: fria <138676274+friadev@users.noreply.github.com> Signed-off-by: redoomed1 <161974310+redoomed1@users.noreply.github.com> --- docs/about/statistics.md | 2 +- theme/assets/javascripts/feedback.js | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/about/statistics.md b/docs/about/statistics.md index 061bf5b982..1d8cf9d410 100644 --- a/docs/about/statistics.md +++ b/docs/about/statistics.md @@ -5,7 +5,7 @@ description: We self-host Umami to create a nice visualization of our traffic st We self-host [Umami](https://umami.is) to create a nice visualization of our traffic statistics, which are public at the link below. -[View Statistics](https://stats.privacyguides.net/share/nVWjyd2QfgOPBhMF/www.privacyguides.org){ .md-button .md-button--primary } +[View Statistics](https://stats.triplebit.net/share/S80jBc50hxr5TquS/www.privacyguides.org){ .md-button .md-button--primary } With this process: diff --git a/theme/assets/javascripts/feedback.js b/theme/assets/javascripts/feedback.js index 7a1f9eef38..ba968b0c6c 100644 --- a/theme/assets/javascripts/feedback.js +++ b/theme/assets/javascripts/feedback.js @@ -19,7 +19,7 @@ feedback.addEventListener("submit", function(ev) { referrer: document.referrer, screen: `${window.screen.width}x${window.screen.height}`, url: window.location.pathname, - website: '30b92047-7cbb-4800-9815-2e075a293e0a', + website: '246e357e-0764-4674-9314-7676724b3a88', name: umamiEventName, }, type: 'event', @@ -32,7 +32,7 @@ feedback.addEventListener("submit", function(ev) { console.log(umamiEvent) - fetch("https://stats.jonaharagon.net/api/send", { + fetch("https://stats.triplebit.net/api/send", { method: "POST", body: JSON.stringify(umamiEvent), headers: { From fa64257fcde004d53de14cba9ccf53fbaff6fa4a Mon Sep 17 00:00:00 2001 From: Austin Huang Date: Mon, 29 Jan 2024 22:46:21 -0500 Subject: [PATCH 13/21] update!: Add Cromite to mobile browsers (#2381) Signed-off-by: Jonah Aragon Co-Authored-By: redoomed1 <161974310+redoomed1@users.noreply.github.com> --- docs/browser-extensions.md | 2 +- docs/mobile-browsers.md | 79 ++++++++++++++++++++++++++- docs/search-engines.md | 2 +- docs/tools.md | 12 +++- theme/assets/img/browsers/cromite.svg | 21 +++++++ 5 files changed, 109 insertions(+), 7 deletions(-) create mode 100644 theme/assets/img/browsers/cromite.svg diff --git a/docs/browser-extensions.md b/docs/browser-extensions.md index 0364e0f59a..ebbe1055cc 100644 --- a/docs/browser-extensions.md +++ b/docs/browser-extensions.md @@ -85,7 +85,7 @@ uBlock Origin Lite only receives block list updates whenever the extension is up ### AdGuard -We recommend [Safari](mobile-browsers.md#safari) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, Adguard provides an adequate alternative: +We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, Adguard provides an adequate alternative:
diff --git a/docs/mobile-browsers.md b/docs/mobile-browsers.md index acd276d8c4..d4e16839fe 100644 --- a/docs/mobile-browsers.md +++ b/docs/mobile-browsers.md @@ -24,6 +24,18 @@ schema: subjectOf: "@type": WebPage url: "./" + - + "@context": http://schema.org + "@type": MobileApplication + name: Cromite + image: /assets/img/browsers/cromite.svg + url: https://cromite.org + applicationCategory: Web Browser + operatingSystem: + - Android + subjectOf: + "@type": WebPage + url: "./" - "@context": http://schema.org "@type": MobileApplication @@ -167,7 +179,7 @@ Shields' options can be downgraded on a per-site basis as needed, but by default - [ ] Uncheck **Allow Privacy-Preserving Product Analytics (P3A)** - [ ] Uncheck **Automatically send daily usage ping to Brave** -### Leo +#### Leo These options can be found in :material-menu: → **Settings** → **Leo**. @@ -179,16 +191,77 @@ These options can be found in :material-menu: → **Settings** → **Leo**. 1. This option is not present in Brave's iOS app. -### Search engines +#### Search engines These options can be found in :material-menu:/:fontawesome-solid-ellipsis: → **Settings** → **Search engines**. - [ ] Uncheck **Show search suggestions** -### Brave Sync +#### Brave Sync [Brave Sync](https://support.brave.com/hc/articles/360059793111-Understanding-Brave-Sync) allows your browsing data (history, bookmarks, etc.) to be accessible on all your devices without requiring an account and protects it with E2EE. +## Cromite (Android) + +
+ +![Cromite logo](assets/img/browsers/cromite.svg){ align=right } + +**Cromite** is a Chromium-based browser with built-in ad blocking, fingerprinting protections, and other [privacy and security enhancements](https://github.com/uazo/cromite/blob/master/docs/FEATURES.md). It is a fork of the discontinued **Bromite** browser. + +[:octicons-home-16: Homepage](https://www.cromite.org){ .md-button .md-button--primary } +[:octicons-eye-16:](https://github.com/uazo/cromite/blob/master/docs/PRIVACY_POLICY.md){ .card-link title="Privacy Policy" } +[:octicons-info-16:](https://github.com/uazo/cromite?tab=readme-ov-file#docs){ .card-link title="Documentation" } +[:octicons-code-16:](https://github.com/uazo/cromite){ .card-link title="Source Code" } + +
+Downloads + +- [:simple-android: F-Droid](https://www.cromite.org/fdroid/repo/?fingerprint=49F37E74DEE483DCA2B991334FB5A0200787430D0B5F9A783DD5F13695E9517B) +- [:simple-github: GitHub](https://github.com/uazo/cromite/releases/latest) + +
+ +
+ +### Recommended Configuration + +These options can be found in :material-menu: → :gear: **Settings** → **Privacy and security**. + +#### Browsing data + +- [x] Select **Close all open tabs on exit** + +#### Incognito mode + +- [x] Select **Open external links in incognito** + +#### Security + +- [x] Select **Always use secure connections** + +This prevents you from unintentionally connecting to a website in plain-text HTTP. HTTP is extremely uncommon nowadays, so this should have little to no impact on your day-to-day browsing. + +#### Adblock Plus settings + +These options can be found in :material-menu: → :gear: **Settings** → **Adblock Plus settings**. + +Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **FIlter lists** menu. + +Using extra lists will make you stand out from other Cromite users and may also increase attack surface if a malicious rule is added to one of the lists you use. + +- [x] (Optional) Select **Enable anti-circumvention and snippets** + +This setting adds an additional Adblock Plus list that may increase the effectiveness of Cromite's content blocking. The warnings about standing out and potentially increasing attack surface apply. + +#### Legacy Adblock settings + +These options can be found in :material-menu: → :gear: **Settings** → **Legacy Adblock settings**. + +- [ ] Uncheck the autoupdate setting + +This disables update checks for the unmaintained Bromite adblock filter. + ## Mull (Android)
diff --git a/docs/search-engines.md b/docs/search-engines.md index 9e48a9ac2a..07027a23cb 100644 --- a/docs/search-engines.md +++ b/docs/search-engines.md @@ -60,7 +60,7 @@ We recommend you disable [Anonymous usage metrics](https://search.brave.com/help **DuckDuckGo** is one of the more mainstream private search engine options. Notable DuckDuckGo search features include [bangs](https://duckduckgo.com/bang) and a variety of [instant answers](https://help.duckduckgo.com/duckduckgo-help-pages/features/instant-answers-and-other-features). The search engine uses numerous [sources](https://help.duckduckgo.com/results/sources) other than Bing for instant answers and other non-primary results. -DuckDuckGo is the default search engine for the [Tor Browser](tor.md#tor-browser) and is one of the few available options on Apple’s [Safari](mobile-browsers.md#safari) browser. +DuckDuckGo is the default search engine for the [Tor Browser](tor.md#tor-browser) and is one of the few available options on Apple’s [Safari](mobile-browsers.md#safari-ios) browser. [:octicons-home-16: Homepage](https://duckduckgo.com){ .md-button .md-button--primary } [:simple-torbrowser:](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion){ .card-link title="Onion Service" } diff --git a/docs/tools.md b/docs/tools.md index ba6f577a46..28a574b3ec 100644 --- a/docs/tools.md +++ b/docs/tools.md @@ -76,13 +76,21 @@ For more details about each project, why they were chosen, and additional tips o - [Brave Desktop Review :material-arrow-right-drop-circle:](desktop-browsers.md#brave) - [Brave Mobile Review :material-arrow-right-drop-circle:](mobile-browsers.md#brave) +- ![Cromite logo](assets/img/browsers/cromite.svg){ .lg .middle .twemoji } **Cromite (Android)** + + --- + + **Cromite** is a Chromium-based Android browser with built-in ad-blocking and [privacy enhancements](https://github.com/uazo/cromite/blob/master/docs/FEATURES.md). It is a fork of the popular, now-discontinued Bromite browser. + + - [Read Full Review :material-arrow-right-drop-circle:](mobile-browsers.md#cromite-android) + - ![Mull logo](assets/img/browsers/mull.svg){ .lg .middle .twemoji } **Mull (Android)** --- **Mull** is a Firefox-based browser for Android centered around privacy and removing proprietary components. - - [Read Full Review :material-arrow-right-drop-circle:](mobile-browsers.md#mull) + - [Read Full Review :material-arrow-right-drop-circle:](mobile-browsers.md#mull-android) - ![Safari logo](assets/img/browsers/safari.svg){ .lg .middle .twemoji } **Safari (iOS)** @@ -115,7 +123,7 @@ For more details about each project, why they were chosen, and additional tips o
- ![Orbot logo](assets/img/self-contained-networks/orbot.svg){ .twemoji loading=lazy } [Orbot (Smartphone Tor Proxy)](tor.md#orbot) -- ![Onion Browser logo](assets/img/self-contained-networks/onion_browser.svg){ .twemoji loading=lazy } [Onion Browser (Tor for iOS)](tor.md#onion-browser) +- ![Onion Browser logo](assets/img/self-contained-networks/onion_browser.svg){ .twemoji loading=lazy } [Onion Browser (Tor for iOS)](tor.md#onion-browser-ios)
diff --git a/theme/assets/img/browsers/cromite.svg b/theme/assets/img/browsers/cromite.svg new file mode 100644 index 0000000000..c49bb2bdfd --- /dev/null +++ b/theme/assets/img/browsers/cromite.svg @@ -0,0 +1,21 @@ + + + + + + + + + + + + + + + + + + + + + From e6bedf136dca380eeb73a78a924dde14526d8bf9 Mon Sep 17 00:00:00 2001 From: fria <138676274+friadev@users.noreply.github.com> Date: Mon, 11 Nov 2024 22:10:48 -0600 Subject: [PATCH 14/21] docs: Update size requirements for company logos (#2808) Signed-off-by: redoomed1 <161974310+redoomed1@users.noreply.github.com> Co-Authored-By: Jonah Aragon --- docs/meta/uploading-images.md | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/docs/meta/uploading-images.md b/docs/meta/uploading-images.md index bce3dd071b..eaace09537 100644 --- a/docs/meta/uploading-images.md +++ b/docs/meta/uploading-images.md @@ -9,10 +9,7 @@ If you make changes to this website that involve adding new images or replacing - We **prefer** SVG images, but if those do not exist we can use PNG images. Additionally, for cover images, we prefer that they are obtained from [Unsplash](https://unsplash.com) and are in the WebP format. -Company logos have canvas size of: - -- 128x128px -- 384x128px +Company logos should be square if possible, and at least 200x200px if they are PNGs (non-vector images). ## Optimization From a5ec96a56f858da1a5d3f64926d3cacc8018ffdc Mon Sep 17 00:00:00 2001 From: Jonah Aragon Date: Mon, 11 Nov 2024 19:31:02 -0600 Subject: [PATCH 15/21] docs: Add missing contributors (#2807) Signed-off-by: fria <138676274+friadev@users.noreply.github.com> Signed-off-by: redoomed1 <161974310+redoomed1@users.noreply.github.com> --- .all-contributorsrc | 88 ++++++++++++++ README.md | 241 ++++++++++++++++++++------------------- includes/contributors.md | 241 ++++++++++++++++++++------------------- 3 files changed, 340 insertions(+), 230 deletions(-) diff --git a/.all-contributorsrc b/.all-contributorsrc index 671ca01eaf..8b0a0bb3a4 100644 --- a/.all-contributorsrc +++ b/.all-contributorsrc @@ -236,6 +236,20 @@ "blog" ] }, + { + "login": "friadev", + "name": "fria", + "avatar_url": "https://avatars.githubusercontent.com/u/138676274?v=4", + "profile": "https://friadev.github.io/", + "contributions": [ + "doc", + "review", + "research", + "question", + "bug", + "ideas" + ] + }, { "login": "actions", "name": "GitHub Actions", @@ -245,6 +259,24 @@ "infra" ] }, + { + "login": "triplebit", + "name": "Triplebit", + "avatar_url": "https://avatars.githubusercontent.com/u/178061783?v=4", + "profile": "https://www.triplebit.org/", + "contributions": [ + "infra" + ] + }, + { + "login": "magicgrants", + "name": "MAGIC Grants", + "avatar_url": "https://avatars.githubusercontent.com/u/90805358?v=4", + "profile": "https://magicgrants.org/", + "contributions": [ + "business" + ] + }, { "login": "netlify", "name": "Netlify", @@ -2868,6 +2900,62 @@ "contributions": [ "doc" ] + }, + { + "login": "yusuf-daglioglu", + "name": "Yusuf Daglioglu", + "avatar_url": "https://avatars.githubusercontent.com/u/90555550?v=4", + "profile": "https://github.com/yusuf-daglioglu", + "contributions": [ + "doc" + ] + }, + { + "login": "yikerman", + "name": "Yi Cao", + "avatar_url": "https://avatars.githubusercontent.com/u/32544798?v=4", + "profile": "https://ycao.net/", + "contributions": [ + "doc" + ] + }, + { + "login": "sdhlfqr", + "name": "Sayf Dhū al-Faqār", + "avatar_url": "https://avatars.githubusercontent.com/u/155405590?v=4", + "profile": "https://github.com/sdhlfqr", + "contributions": [ + "doc" + ] + }, + { + "login": "eylenburg", + "name": "eylenburg", + "avatar_url": "https://avatars.githubusercontent.com/u/84839316?v=4", + "profile": "https://github.com/eylenburg", + "contributions": [ + "doc" + ] + }, + { + "login": "PASSK3YS", + "name": "Kieran Colfer", + "avatar_url": "https://avatars.githubusercontent.com/u/54213179?v=4", + "profile": "https://github.com/PASSK3YS", + "contributions": [ + "doc" + ] + }, + { + "login": "SamsungGalaxyPlayer", + "name": "Justin Ehrenhofer", + "avatar_url": "https://avatars.githubusercontent.com/u/12520755?v=4", + "profile": "https://github.com/SamsungGalaxyPlayer", + "contributions": [ + "doc", + "business", + "fundingFinding" + ] } ], "contributorsPerLine": 5, diff --git a/README.md b/README.md index 216635dcec..44f6253afa 100644 --- a/README.md +++ b/README.md @@ -189,412 +189,423 @@ Privacy Guides wouldn't be possible without these wonderful people ([emoji key](
matchboxbananasynergy
📖 🔬 🤔 👀 📝 +
fria
📖 👀 🔬 💬 🐛 🤔
GitHub Actions
🚇 +
Triplebit
🚇 +
MAGIC Grants
💼 + +
Netlify
🚇
Dependabot
💻 🚇
Hetzner Cloud
🚇 - -
Cloudflare
🚇
Open Collective
💼 + +
Safing
💵
Dan Arel
📝 📖 🔬
Techlore
💵 - -
elitejake
📖
samsepi0l
📖 + +
rollsicecream
📖 💬 🌍 👀
Henry Fisher
📖
Nate Bartram
📝 - -
Sam Howell
📝
asddsaz
📖 + +
Hugo Costa
📖
C-O-M-P-A-R-T-M-E-N-T-A-L-I-Z-A-T-I-O-N
📖
Alberto Strappazzon
📖 - -
Victorhck
📖
Tai Lam
📖 + +
NinebitX
📖
Alexander Antukh
📖
Gusted
📖 - -
redoomed1
👀 📖
Offpics
📖 + +
kimg45
📖
djoate
📖
afighttilldeath
📖 - -
Paul Verbeke
📖 🌍 🐛 🧑‍🏫
Mitchell Cash
📖 + +
NeverDucky
📖
efb4f5ff-1298-471a-8973-3d47447115dc
📖
Stephen Karl Larroque
📖 - -
0rdinant
📖
Zenithium
📖 + +
Jordan Gwyn
📖
Guru
📖
datoshkr
📖 - -
Kcchouette
📖
Jacob Neplokh
📖 + +
Leonardo Mazzon
📖 🐛 💵 📣 💬 🌍
Andrew Chong
📖
Wok
📖 - -
nopeitsnothing
📖
Lynn Stephenson
📖 + +
Cory Solovewicz
📖
noClaps
📖
Brian
📖 - -
SkewedZeppelin
📖 💬
Arcadius3D
📖 + +
vpnarea
📖
namazso
📖 💬
cYDN48
📖 - -
gjhklfdsa
📖
Pavel Zolotarevskiy
📖 + +
quiddity-wp
📖
Nikhil Jha
📖
Subatomic Honda Civic
📖 - -
ticklemyIP
📖
jermanuts
📖 + +
conorohiggins
📖
TechFanTheo
📖
Ryan Taylor
📖 - -
Positron832
📖
JustLuckNoSkill
📖 + +
Arkadiy
📖
Jack Chou
📖
ave
📖 - -
Boo
📖
IDKwhattoputhere
📖 + +
idkrn
📖
ggg27
📖
WalterKlosse
📖 - -
Tom Hacohen
📖
Paul Feuvraux
📖 + +
Scott Bennett
📖
Federico Ariel Castagnini
📖
jslawler-gh
📖 - -
spaceoden
📖
xe3
📖 + +
Andrew Morgan
📖
Caleb King
📖
Eduardo
📖 - -
NafeezJS
📖
Sloofy
📖 + +
Sam Schlinkert
📖
Gabor Luk
📖
DeiAsPie
📖 - -
Davide Taviani
📖
spanishharlem
📖 + +
Jacob Gonzales
📖
Kaede
📖
LABB
📖 - -
Raviu8
📖
Peter Dave Hello
📖 + +
Rose
📖
Oskar Sharipov
📖
Samuel Lucas
📖 - -
NylaTheWolf
📖
Matthew Davis
📖 + +
Mark Cohen
📖
Mad Scientist
📖
Maarten
📖 - -
William Davis
📖
William Thomas Wilkins
📖 + +
wylel
📖
Will Browning
📖
Yi Cao
📖 - -
Yusuf Daglioglu
📖
Zack
📖 + +
ZH王
📖
ansuz
📖
archeite
📖 - -
asdfghjz
📖
ayaen
📖 + +
b-harper
📖
Loic Vourch
📖
crasm
📖 - -
eagerto-learn
📖
egecelikci
📖 + +
elleybean
📖
Evan Song
📖
pynixis
📖 - -
Seirdy
📖
Ryan Huang
📖 + +
Sascha P.
📖
Securified
📖
Sergey Musiyenko
📖 - -
Spydar007
📖
Steven Bach
📖 + +
Steven Lehn
📖
Steven van de Graaf
📖
Sven Kortekaas
📖 - -
Tejas Gupta
📖
Tebowy Seba
📖 + +
Ted Gravlin
📖
TheFrenchGhosty
📖
TheNoobWar
📖 - -
Thomas Rientjes
📖
Tim Vergenz
📖 + +
Tom Sullivan
📖
Tony Tan
📖
TroubleDog54
📖 - -
User486375
📖
Nicholas Christensen
📖 + +
oppressor1761
📖
pbbob
📖
pdjpdjpdj
📖 - -
Stella Polaris
📖 🔬 📣 💬 👀
regaldude
📖 + +
rusty-snake
📖
sacha
📖
schwukas
📖 - -
sh-dv
📖
szTheory
📖 + +
Thunderbolt Digital
📖
E. S. Leonesco
📖
titanism
📖 - -
tomac4t
📖
virustotalop
📖 + +
wintr
📖
xelarate86
📖
yeoneer
📖 - -
foxt
📖
Freddie
📖 + +
ghbjklhv
📖
Raymond Hill
📖
luke crouch
📖 - -
fd1f744993de14178e6c
📖
habitualname
📖 + +
hook
📖
nein
📖
jkhgvfgvsth
📖 - -
joaonsg
📖
johnnyburnaway
📖 + +
jus9
📖
kc1212
📖
kryptish
📖 - -
m3t
📖
macau23
📖 + +
mat1th
📖
MWM
📖
Michael Plews
📖 - -
moritztk
📖
Aaron Horler
📖 + +
Commenter
📖
Cédric Laubacher
📖
Daniel Peukert
📖 - -
David Breese
📖
Dimitris Apostolou
📖 + +
Dyrimon
📖
Ikel Atomig
📖
Elias Ojala
📖 - -
Feni Brian
📖
Filip Š
📖 + +
Felix Albroscheit
📖
GReagle
📖
Gamma
📖 - -
GetBoz
📖
GrimPixel
📖 + +
Guillem L. Jara
📖
HxxxxxS
📖
Himanshu Chandola
📖 - -
Issam Maghni
📖
ItsDonny
📖 + +
Abdullah Atta
📖
Adam Sroka
📖
criadoperez
📖 - -
Alex Amiryan
📖
Alex Shoup
📖 + +
Alex Thomassen
📖
Amolith
📖
Andrea Scarpino
📖 - -
Armando Lüscher
📖
Ash T
📖 + +
Bernd Eichelberger
📖
BionicBison05
📖
Brent Gervais
📖 - -
Brian Cooper
📖
Caboose700
📖 + +
Cadel Watson
📖
trosel
📖
Carl
📖 - -
Chad Birch
📖
Chris Barry
📖 + +
Júlio Ferraz
📖
Jack Hill
📖
Mathias Oterhals Myklebust
📖 - -
Mats Estensen
📖
Matt Baer
📖 + +
Mehdi Chaouch
📖
Mike Perrone
📖
Mitch Wilkins
📖 - -
Mo
📖
Morten Linderud
📖 + +
natzim
📖
Douglas
📖
Nick
📖 - -
NielDB
📖
Nihal Raj
📖 + +
Noah
📖
Panagiotis "Ivory" Vasilopoulos
📖
Patrick R
📖 - -
Fart Attorney
📖
Pilou
📖 + +
PoorPockets McNewHold
📖 🌍
PrinceKael
📖
Richard
📖 - -
Jaden Site
📖
Jake Zeal
📖 + +
James Kerrane
📖
Sell
📖
YMHuang
📖 - -
Jonathan Vansina
📖
jorgeluiscarrillo
📖 + +
Julian
📖
Kefaku
📖
Kevin Brennan
📖 - -
Kyle Spearrin
📖
Leon Allen
📖 + +
LisaWilbourn
📖
Lord Shedy
📖
Louis Wolfers
📖 - -
Lunush
📖
MMR
📖 + +
Mads Peter Rommedahl
📖
Manuel Quarneti
📖
Marco Menzel
📖 - -
Mario
📖
skye
💬 + +
r2fo
🌍
LamTrinh.Dev
📖 🐛 💬
frostlike
💬 - -
Merlin Scholz
🌍
jordan warne
📖 + +
Dženan
🌍
jx tsai
🌍
backstab5983
📖 - -
antgig
📖
Ákos Nikházy
📖 + +
Francois Marier
📖
5-tom
📖
Ralphie0511
📖 - -
aleksejs1
📖
Martin
📖 + +
Overwatch
📖
Kieran Colfer
📖
Triple T
📖 +
IDON-TEXIST
📖 +
Yusuf Daglioglu
📖 -
IDON-TEXIST
📖 +
Yi Cao
📖 +
Sayf Dhū al-Faqār
📖 +
eylenburg
📖 +
Kieran Colfer
📖 +
Justin Ehrenhofer
📖 💼 🔍 diff --git a/includes/contributors.md b/includes/contributors.md index b1983c8213..1ddda1da19 100644 --- a/includes/contributors.md +++ b/includes/contributors.md @@ -28,412 +28,423 @@
matchboxbananasynergy
📖 🔬 🤔 👀 📝 +
fria
📖 👀 🔬 💬 🐛 🤔
GitHub Actions
🚇 +
Triplebit
🚇 +
MAGIC Grants
💼 + +
Netlify
🚇
Dependabot
💻 🚇
Hetzner Cloud
🚇 - -
Cloudflare
🚇
Open Collective
💼 + +
Safing
💵
Dan Arel
📝 📖 🔬
Techlore
💵 - -
elitejake
📖
samsepi0l
📖 + +
rollsicecream
📖 💬 🌍 👀
Henry Fisher
📖
Nate Bartram
📝 - -
Sam Howell
📝
asddsaz
📖 + +
Hugo Costa
📖
C-O-M-P-A-R-T-M-E-N-T-A-L-I-Z-A-T-I-O-N
📖
Alberto Strappazzon
📖 - -
Victorhck
📖
Tai Lam
📖 + +
NinebitX
📖
Alexander Antukh
📖
Gusted
📖 - -
redoomed1
👀 📖
Offpics
📖 + +
kimg45
📖
djoate
📖
afighttilldeath
📖 - -
Paul Verbeke
📖 🌍 🐛 🧑‍🏫
Mitchell Cash
📖 + +
NeverDucky
📖
efb4f5ff-1298-471a-8973-3d47447115dc
📖
Stephen Karl Larroque
📖 - -
0rdinant
📖
Zenithium
📖 + +
Jordan Gwyn
📖
Guru
📖
datoshkr
📖 - -
Kcchouette
📖
Jacob Neplokh
📖 + +
Leonardo Mazzon
📖 🐛 💵 📣 💬 🌍
Andrew Chong
📖
Wok
📖 - -
nopeitsnothing
📖
Lynn Stephenson
📖 + +
Cory Solovewicz
📖
noClaps
📖
Brian
📖 - -
SkewedZeppelin
📖 💬
Arcadius3D
📖 + +
vpnarea
📖
namazso
📖 💬
cYDN48
📖 - -
gjhklfdsa
📖
Pavel Zolotarevskiy
📖 + +
quiddity-wp
📖
Nikhil Jha
📖
Subatomic Honda Civic
📖 - -
ticklemyIP
📖
jermanuts
📖 + +
conorohiggins
📖
TechFanTheo
📖
Ryan Taylor
📖 - -
Positron832
📖
JustLuckNoSkill
📖 + +
Arkadiy
📖
Jack Chou
📖
ave
📖 - -
Boo
📖
IDKwhattoputhere
📖 + +
idkrn
📖
ggg27
📖
WalterKlosse
📖 - -
Tom Hacohen
📖
Paul Feuvraux
📖 + +
Scott Bennett
📖
Federico Ariel Castagnini
📖
jslawler-gh
📖 - -
spaceoden
📖
xe3
📖 + +
Andrew Morgan
📖
Caleb King
📖
Eduardo
📖 - -
NafeezJS
📖
Sloofy
📖 + +
Sam Schlinkert
📖
Gabor Luk
📖
DeiAsPie
📖 - -
Davide Taviani
📖
spanishharlem
📖 + +
Jacob Gonzales
📖
Kaede
📖
LABB
📖 - -
Raviu8
📖
Peter Dave Hello
📖 + +
Rose
📖
Oskar Sharipov
📖
Samuel Lucas
📖 - -
NylaTheWolf
📖
Matthew Davis
📖 + +
Mark Cohen
📖
Mad Scientist
📖
Maarten
📖 - -
William Davis
📖
William Thomas Wilkins
📖 + +
wylel
📖
Will Browning
📖
Yi Cao
📖 - -
Yusuf Daglioglu
📖
Zack
📖 + +
ZH王
📖
ansuz
📖
archeite
📖 - -
asdfghjz
📖
ayaen
📖 + +
b-harper
📖
Loic Vourch
📖
crasm
📖 - -
eagerto-learn
📖
egecelikci
📖 + +
elleybean
📖
Evan Song
📖
pynixis
📖 - -
Seirdy
📖
Ryan Huang
📖 + +
Sascha P.
📖
Securified
📖
Sergey Musiyenko
📖 - -
Spydar007
📖
Steven Bach
📖 + +
Steven Lehn
📖
Steven van de Graaf
📖
Sven Kortekaas
📖 - -
Tejas Gupta
📖
Tebowy Seba
📖 + +
Ted Gravlin
📖
TheFrenchGhosty
📖
TheNoobWar
📖 - -
Thomas Rientjes
📖
Tim Vergenz
📖 + +
Tom Sullivan
📖
Tony Tan
📖
TroubleDog54
📖 - -
User486375
📖
Nicholas Christensen
📖 + +
oppressor1761
📖
pbbob
📖
pdjpdjpdj
📖 - -
Stella Polaris
📖 🔬 📣 💬 👀
regaldude
📖 + +
rusty-snake
📖
sacha
📖
schwukas
📖 - -
sh-dv
📖
szTheory
📖 + +
Thunderbolt Digital
📖
E. S. Leonesco
📖
titanism
📖 - -
tomac4t
📖
virustotalop
📖 + +
wintr
📖
xelarate86
📖
yeoneer
📖 - -
foxt
📖
Freddie
📖 + +
ghbjklhv
📖
Raymond Hill
📖
luke crouch
📖 - -
fd1f744993de14178e6c
📖
habitualname
📖 + +
hook
📖
nein
📖
jkhgvfgvsth
📖 - -
joaonsg
📖
johnnyburnaway
📖 + +
jus9
📖
kc1212
📖
kryptish
📖 - -
m3t
📖
macau23
📖 + +
mat1th
📖
MWM
📖
Michael Plews
📖 - -
moritztk
📖
Aaron Horler
📖 + +
Commenter
📖
Cédric Laubacher
📖
Daniel Peukert
📖 - -
David Breese
📖
Dimitris Apostolou
📖 + +
Dyrimon
📖
Ikel Atomig
📖
Elias Ojala
📖 - -
Feni Brian
📖
Filip Š
📖 + +
Felix Albroscheit
📖
GReagle
📖
Gamma
📖 - -
GetBoz
📖
GrimPixel
📖 + +
Guillem L. Jara
📖
HxxxxxS
📖
Himanshu Chandola
📖 - -
Issam Maghni
📖
ItsDonny
📖 + +
Abdullah Atta
📖
Adam Sroka
📖
criadoperez
📖 - -
Alex Amiryan
📖
Alex Shoup
📖 + +
Alex Thomassen
📖
Amolith
📖
Andrea Scarpino
📖 - -
Armando Lüscher
📖
Ash T
📖 + +
Bernd Eichelberger
📖
BionicBison05
📖
Brent Gervais
📖 - -
Brian Cooper
📖
Caboose700
📖 + +
Cadel Watson
📖
trosel
📖
Carl
📖 - -
Chad Birch
📖
Chris Barry
📖 + +
Júlio Ferraz
📖
Jack Hill
📖
Mathias Oterhals Myklebust
📖 - -
Mats Estensen
📖
Matt Baer
📖 + +
Mehdi Chaouch
📖
Mike Perrone
📖
Mitch Wilkins
📖 - -
Mo
📖
Morten Linderud
📖 + +
natzim
📖
Douglas
📖
Nick
📖 - -
NielDB
📖
Nihal Raj
📖 + +
Noah
📖
Panagiotis "Ivory" Vasilopoulos
📖
Patrick R
📖 - -
Fart Attorney
📖
Pilou
📖 + +
PoorPockets McNewHold
📖 🌍
PrinceKael
📖
Richard
📖 - -
Jaden Site
📖
Jake Zeal
📖 + +
James Kerrane
📖
Sell
📖
YMHuang
📖 - -
Jonathan Vansina
📖
jorgeluiscarrillo
📖 + +
Julian
📖
Kefaku
📖
Kevin Brennan
📖 - -
Kyle Spearrin
📖
Leon Allen
📖 + +
LisaWilbourn
📖
Lord Shedy
📖
Louis Wolfers
📖 - -
Lunush
📖
MMR
📖 + +
Mads Peter Rommedahl
📖
Manuel Quarneti
📖
Marco Menzel
📖 - -
Mario
📖
skye
💬 + +
r2fo
🌍
LamTrinh.Dev
📖 🐛 💬
frostlike
💬 - -
Merlin Scholz
🌍
jordan warne
📖 + +
Dženan
🌍
jx tsai
🌍
backstab5983
📖 - -
antgig
📖
Ákos Nikházy
📖 + +
Francois Marier
📖
5-tom
📖
Ralphie0511
📖 - -
aleksejs1
📖
Martin
📖 + +
Overwatch
📖
Kieran Colfer
📖
Triple T
📖 +
IDON-TEXIST
📖 +
Yusuf Daglioglu
📖 -
IDON-TEXIST
📖 +
Yi Cao
📖 +
Sayf Dhū al-Faqār
📖 +
eylenburg
📖 +
Kieran Colfer
📖 +
Justin Ehrenhofer
📖 💼 🔍 From 155691f94b6fae390fe446f142389ed24bbd12bf Mon Sep 17 00:00:00 2001 From: Jonah Aragon Date: Thu, 14 Nov 2024 13:31:44 -0600 Subject: [PATCH 16/21] docs: Close internship listing (#2814) Signed-off-by: fria <138676274+friadev@users.noreply.github.com> Co-Authored-By: redoomed1 <161974310+redoomed1@users.noreply.github.com> --- docs/about/jobs.md | 8 -------- docs/about/jobs/intern-news.md | 18 +++++++++++++++++- 2 files changed, 17 insertions(+), 9 deletions(-) diff --git a/docs/about/jobs.md b/docs/about/jobs.md index b907c9178d..a3383e4992 100644 --- a/docs/about/jobs.md +++ b/docs/about/jobs.md @@ -29,12 +29,4 @@ We are occasionally looking for strong journalistic writers, product reviewers, [View posting :material-arrow-right-drop-circle:](jobs/journalist.md) -- :material-comment-account-outline:{ .lg .middle } **Intern - Community/News** - - --- - - Internship | Remote | \$15/hour - - [View posting :material-arrow-right-drop-circle:](jobs/intern-news.md) -
diff --git a/docs/about/jobs/intern-news.md b/docs/about/jobs/intern-news.md index c4e83ad29c..6bbe28461c 100644 --- a/docs/about/jobs/intern-news.md +++ b/docs/about/jobs/intern-news.md @@ -5,6 +5,15 @@ description: Privacy Guides is looking for an intern to discover and promote rel [:material-arrow-left-drop-circle: Job Openings](../jobs.md) +
+

Position Closed

+ +Thank you for your interest in this position at Privacy Guides. At this time we are no longer accepting new applications, but please follow our [job openings](../jobs.md) page to learn about future opportunities. + +As of November 14, 2024, we may still be reaching out to existing candidates. If you previously applied, please keep an eye on your inbox! + +
+ Are you passionate about privacy and cybersecurity? Privacy Guides is an international nonprofit dedicated to producing top-tier, unbiased educational content and journalism, and to fostering safe and informative online communities to discuss technical topics around improving personal privacy and cybersecurity. @@ -35,7 +44,14 @@ This is a 6-month contract paying $15 / hour USD, with the optional opportunity --- -**To apply, please send a cover letter and resume to , and include the name of this position in the subject line. Feel free to include any other information or examples of your work that you think we may find relevant if you'd like.** +
+

Position Closed

+ +Thank you for your interest in this position at Privacy Guides. At this time we are no longer accepting new applications, but please follow our [job openings](../jobs.md) page to learn about future opportunities. + +As of November 14, 2024, we may still be reaching out to existing candidates. If you previously applied, please keep an eye on your inbox! + +
Privacy Guides is fiscally hosted by [MAGIC Grants](https://magicgrants.org), a 501(c)(3) public charity. MAGIC Grants is an equal opportunity employer. MAGIC Grants does not discriminate against any applicant or employee because of age, color, sex, disability, national origin, race, religion, sexual orientation, sexual identity, veteran status, or other protected characteristic. From 7c3424f0018da38261e8398516977ba8af74b4c1 Mon Sep 17 00:00:00 2001 From: Jonah Aragon Date: Fri, 15 Nov 2024 23:11:30 -0600 Subject: [PATCH 17/21] ci: Allow blog builds from unprivileged forks --- .github/workflows/build-blog.yml | 18 +++++++++++++++++- .github/workflows/build-pr.yml | 14 ++++++++------ .github/workflows/publish-pr.yml | 19 +++++++++++++++++++ 3 files changed, 44 insertions(+), 7 deletions(-) diff --git a/.github/workflows/build-blog.yml b/.github/workflows/build-blog.yml index f7e50091d1..5d39e7905e 100644 --- a/.github/workflows/build-blog.yml +++ b/.github/workflows/build-blog.yml @@ -65,6 +65,10 @@ jobs: with: cache: "pipenv" + - name: Install Python (no pipenv) + if: ${{ !inputs.privileged }} + uses: actions/setup-python@v5 + - name: Install Python Dependencies if: inputs.privileged run: | @@ -72,10 +76,22 @@ jobs: pipenv install sudo apt install pngquant - - name: Build Website + - name: Install Python Dependencies (Unprivileged) + if: ${{ !inputs.privileged }} + run: | + pip install mkdocs-material mkdocs-rss-plugin mkdocs-glightbox mkdocs-macros-plugin + sudo apt install pngquant + + - name: Build Website (Privileged) + if: inputs.privileged run: | pipenv run mkdocs build --config-file mkdocs.blog.yml + - name: Build Website (Unprivileged) + if: ${{ !inputs.privileged }} + run: | + BUILD_INSIDERS=false mkdocs build --config-file mkdocs.blog.yml + - name: Package Website run: | tar -czf site-build-blog.tar.gz site diff --git a/.github/workflows/build-pr.yml b/.github/workflows/build-pr.yml index 5f9b298730..c57aeb4d0e 100644 --- a/.github/workflows/build-pr.yml +++ b/.github/workflows/build-pr.yml @@ -19,12 +19,19 @@ jobs: env: ACTIONS_SSH_KEY: ${{ secrets.ACTIONS_SSH_KEY }} steps: + - name: Save PR metadata + run: | + mkdir -p ./metadata + echo ${{ github.event.number }} > ./metadata/NR + echo ${{ github.event.pull_request.head.sha }} > ./metadata/SHA + - name: Set submodules for fork if: env.ACTIONS_SSH_KEY == '' id: submodules-fork run: | echo 'submodules={"repo":["brand","i18n"]}' >> "$GITHUB_OUTPUT" echo "privileged=false" >> "$GITHUB_OUTPUT" + echo "false" > ./metadata/PRIVILEGED - name: Set submodules for main repo if: env.ACTIONS_SSH_KEY != '' @@ -32,12 +39,7 @@ jobs: run: | echo 'submodules={"repo":["brand","i18n","mkdocs-material-insiders"]}' >> "$GITHUB_OUTPUT" echo "privileged=true" >> "$GITHUB_OUTPUT" - - - name: Save PR metadata - run: | - mkdir -p ./metadata - echo ${{ github.event.number }} > ./metadata/NR - echo ${{ github.event.pull_request.head.sha }} > ./metadata/SHA + echo "true" > ./metadata/PRIVILEGED - name: Upload metadata as artifact uses: actions/upload-artifact@v4 diff --git a/.github/workflows/publish-pr.yml b/.github/workflows/publish-pr.yml index 0853eab43d..ea72a72782 100644 --- a/.github/workflows/publish-pr.yml +++ b/.github/workflows/publish-pr.yml @@ -22,6 +22,7 @@ jobs: outputs: pr_number: ${{ steps.metadata.outputs.pr_number }} sha: ${{ steps.metadata.outputs.sha }} + privileged: ${{ steps.metadata.outputs.privileged }} steps: - name: Download Website Build Artifact @@ -86,6 +87,7 @@ jobs: unzip metadata.zip -d metadata echo "pr_number=$(cat metadata/NR)" >> "$GITHUB_OUTPUT" echo "sha=$(cat metadata/SHA)" >> "$GITHUB_OUTPUT" + echo "privileged=$(cat metadata/PRIVILEGED)" >> "$GITHUB_OUTPUT" deploy_netlify: needs: metadata @@ -122,6 +124,7 @@ jobs: address: ${{ needs.deploy_garage.outputs.address }} steps: - uses: thollander/actions-comment-pull-request@v2.5.0 + if: ${{ needs.metadata.outputs.privileged == 'true' }} with: pr_number: ${{ needs.metadata.outputs.pr_number }} message: | @@ -132,3 +135,19 @@ jobs: | Latest commit | ${{ needs.metadata.outputs.sha }} | | Preview | ${{ env.address }} | comment_tag: deployment + + - uses: thollander/actions-comment-pull-request@v2.5.0 + if: ${{ needs.metadata.outputs.privileged == 'false' }} + with: + pr_number: ${{ needs.metadata.outputs.pr_number }} + message: | + ### Your preview is ready! + + | Name | Link | + | :---: | ---- | + | Latest commit | ${{ needs.metadata.outputs.sha }} | + | Preview | ${{ env.address }} | + + Please note that this preview was built from an untrusted source, so it was not granted access to all mkdocs-material features. + Maintainers should ensure this PR has been reviewed locally with a full build before merging. + comment_tag: deployment From 37a938be33677e7e24e275e51258edb7a4f4b271 Mon Sep 17 00:00:00 2001 From: fria <138676274+friadev@users.noreply.github.com> Date: Wed, 13 Nov 2024 14:11:32 -0600 Subject: [PATCH 18/21] update(blog)!: Where are all the Multi-Party Relays? (#2813) Signed-off-by: redoomed1 <161974310+redoomed1@users.noreply.github.com> Signed-off-by: Jonah Aragon --- blog/.authors.yml | 4 ++ .../icloud-private-relay.png | Bin 0 -> 30386 bytes blog/posts/where-are-all-the-mprs.md | 58 ++++++++++++++++++ 3 files changed, 62 insertions(+) create mode 100644 blog/assets/images/where-are-all-the-mprs/icloud-private-relay.png create mode 100644 blog/posts/where-are-all-the-mprs.md diff --git a/blog/.authors.yml b/blog/.authors.yml index 03582ed4b5..6425d0f2f2 100644 --- a/blog/.authors.yml +++ b/blog/.authors.yml @@ -51,3 +51,7 @@ authors: name: Sam Howell description: Guest Contributor avatar: https://gitlab.com/uploads/-/system/user/avatar/5349522/avatar.png + fria: + name: fria + description: Team Member + avatar: https://github.com/friadev.png diff --git a/blog/assets/images/where-are-all-the-mprs/icloud-private-relay.png b/blog/assets/images/where-are-all-the-mprs/icloud-private-relay.png new file mode 100644 index 0000000000000000000000000000000000000000..b163d8fa6172298b81ba813170eff4ce5045c9c9 GIT binary patch literal 30386 zcmeFYWmJ@1*fu;f42|Sa(jlGFJ#KxD1<3`z?-=v~8*zW3e}cU46=Vc~-Cw$iQTG>k%KvTp|1(UI5+3wu0JMDF3zxKJ z7Ep(O@i+eu|7ZW=KlLyEE&t*F_1~rY{NK`X{~Oc)ZTi0#Cc>-J(s4e*FpKlsJ?y~Z z;*w%GeQ|N|I$WH4*g=!Zg9Qr~7RVwqB#_g){AXbr1hT;Xmos$ z*8hjMpXd`@OdVg<2l&3CGo2l%Gtw{FzJ2stYSPSrr$Vb_?sKEy%IcxY1ir~26F^rt zU|=q#)Hf6O4X+HuSM|gKz8@y&DCW#J9L^8{BxeM}K&utBhfTX8YeVZ7KAbtC`AxK$ zcz`}E62igeh4q=9lNAa*2`qPSw{&&nz#t?A6ao5>RZ3I1>viPFJMd*g8PJXnV&KC( zg-khP0lU>RrE2e(g8}u3Vn#w*&Tic=lVpL01tf6rpU%@0Odp#wsxJ3=iyN>bs*j8h zVOk@C0U3rvpnS$`BHWo7mvRw-WW`uTPD`-jmu!$Aw&>-WVv^cG+etM-a(25G?$Y++ zxf=VA%vi}S5zN71i&N_DqN8g0s*#)tPvZM-(tl@Nw-B+Et+;x4Sj!BG9Z8S+3ghQ>yE!$4{nyLSe|o{o@U4}R+8a&RiQ7a?(x@q@m3q`x z%$^iFeKMJ!FI9a%N<{Ea*Mq_LU4M@y4b35rIqFDfF5E5U?fTe|pg8fnP^|PKZ|z5-)O2dH8pdrhFeX~p<6fgcpkIL?cWEr3o?$ce>1icLDvK(? zt53BhhqFw5di34w!Y&;qQH{5Z^^E{HOpjowl^y~EGoJ*}#KTGHNB}4}5<=0w9I7F3 zL$mQjhz%dc7}w>yWh&IfpZWWf(`2-%0-IqwHYN_p95)w~{P^fwfKsOFPD73&u(I@U zu=?NYj1J+Kr`>C0(gzdCtVMf-R7YPbxo!r{){N%cMK~$J5C<0{|jO-E0<* zX1z5c0~XjeuOIs<`#``txVfL@6{D=+Wq5bLn7T^(J`qasfA(Q~B<1^Vf98Z+K#^88 zQ%iFJn{Htvjhha2hVK$JGe34$h5K?VzzB{ch8Da3&xXxuXGiTpX*jX@JsqJtzexZ3 zAx#b^y!%yU+@CC9r*NKpz<2woRPMHlgcms%Z;1dOUB#39`HwFsHI8b*%-$ZfcxIhit!Y@dq5Z*8Lsl z#dm?SrOKV=lHwo01 zEC>|(%ZpE7>SBH*@G&J@I}yrYQmuNcJ)IuD^C%5ezEJ<%@5XTQtwGaYdB%rzeaQyd zY|ZDk7b{&a_%c>}{u?p*-w~lnRA15;vW!mH8gYMZ9Hz%Kn1_?0_8e0DK4VImVj-TW zvcP{f<}rn?$?uK(zb)KR?+xhZIJJ zJt_&>=zS!}9UEHQNDtTeSoe7H;6<<1|7a@mDy_dj!Er%?wTGw56#|?`Al3$t-r3ruuJu(shvF#(s zvA^x@n!@>mRvaHP4!!m8VAuTT12hcfy1pKjAiuxb|L=y4D>>>nY1WSsS#Y{c>kkk; zgZZ>N9VekNEpaFtJ$yh`^XRtcZqMp(XJ>g|)*7hsocce$&|x81Ws!2vE?7NyW0(rD z1pDxmk!s$w;&m`nj}xJXHOXgRIb7PP@8hFkNWZD}J`me`XEXEk?b&GsmqijbW#m6B~V@Fp`BBHZj&>|0h{^1_*XQ4r&Be}W#;zUu+0>*hiQRcxk- zV|C7VG2=fBji8BoDc3ifeWw=t_qpy%2WSB6zoGOWYWaCGujF{I)TNYV22_i>+m&(8 z6mJl@qXn$5>peHF{7mgD3}jW2_1Csn>-`M{=1W@!Q9dG(2SZ#Tv$K(KKRD7l8w#m$ z%vMW7(A5V5Ldi!5AP<2NqK2t1?0<*U#*Y8xEE4m|-9O(*Mxl#ZyICcVNC~(bJQd93 zaH%O{a2#KM>XG;Yq8BhR^C{v`y6LRnIy#xGYeGBse)1bFJKl1ud9HmUIXplGcJs8AhhG-Re!qR0;BsG- z>ER@!w!&r6)+4VRo^HJ&)vD92K<_cIzpVV4`a`L1cTk)U3qhEWG1Bq=NO6b`^w7D- zhgQ;6H^3Dwa`*Y5idDm3@<3B#ULOrlQ%?E<&;tXJ$ZBn^=$L?^pE>)oU4=zjlQlOu ztyCN&K_K^pc8H#>iK`4+_r9=esz$h`C?NZUFT|MYKM7jn*O$1R9JkT}VPXx>=NDzJ zDs?=YDf!LwbV>QCp3gLoJQ0eJD?o6$V?jS74K*+DQe*wN|7k$OQlmAwi*Lj7#UJWm zQ*`M}0lk2la_1*C9dwK%wZ$W40*aCi@2)>71LQ1g@hrH!Ie zNjq3mzXAhV1hwT_=6S?Vj<%P^__*lRuXF^IEu1s7_cd7nFO15fXRVkqcdYARZreJ! zAg-#D5Ni8&I{A1!R=2U!ztIj00ky@DMFOHiA9$($nsVa%Z_Mg{Fm6cl-9$3|uz5&g ze9V<0gAT?i-K8G1l-3aoycA@3ICP>Iyt%B9Emi-AhFJ|M{?6aX1i!wpT>NBx+{BUE z>xDDXJ^6Mbp_VJjtm;_Y`-7<1#pRLkw2gE25@FgbRnc&O*?-+{6 zpv#4isWJ~&-wpkAjy%)-SP-`!Gz3c{M&Sp8YRRF+O!V+_Mq4a;jMe^7xi0n}!4Ynk z$vwCk(#(Lso3nn!Mbs8!R{P?!au%eMCYu3-bXv^j{dJumLMNReW{Q`W_D9$MQ@L)t z@qQXmJut8kKthQ_Ambc_C~KwICtdnVm?LhA5iAHA+GzO0Th7$+9AG~N)^Mx#6aW(zA{CBI7YiC#X~epUKpTME zFVebmv2a`4(8#jp^tuj!d1w3&D#TsG-_RVNH*VgJaFhLK*>#mbi5lR-8V0*;j+dY{ ztVa=H4KKPky9H0hFS-MDtOjRT=JMT{*7eXsO0W5IeKG4biN<{Z8gw{v-e&fR=+c_R z#Uc4%C5^wuMQ)L^pZS@9px;4!^Rw&azOpszy%TB9;yQd7INgP;_oS)vuHs9o^|j!b zE52=tXBJx_cmV$jd${aX!P!^N_LTmLR6vCuwifa*NcUb>VDyXk!ex;M1m48g>D{oee<|Izu?(bdVHM2>vZh)ElOfSCm}hW z5XEOGDE~5~uFrtVpE)?=jmdz-C6ll9X2sLgUwmaBQ^z~gJfEypk_CsB*7g-suj?4Z z;^F5ui_C-T$)UE*6m)bl^v2X|kR+g@gTVH3c?-xg89z}{w52Zc|68I`#R21>DQfHzt@6~ndJ(><*do|l7MUy%x=~mMvGBs&SmkeDG|bs5 z4KlZ^Eo%bS^fA`3zst@{Z7?RmS22K5vd9^rsO=vP&6SE!U-i^hi2#&Ov5W^z95AnY z$y~Ro1sMb+2O00ciBLwJuaxW>I72sww~IXRe%R2NRmNnR=!@A{VwU=>FA1VLHG=@= z27zh^0V4o-z;Qvr7#xzA198nj$5lO6e4Fx7X?3Z`bNZ!%dOR>HX*VFN%-O$U4f~iT z%nZdi?$L?5F6}QLju;$8THjrFuaS>QAWqs0s1Ee8ATXt`kc9fB8`}7G^+IV(kq{kB zKgfepc{RQ?&=&nmD6}|H7HPZ;#94s>PJiFVa|@c1fN#FNc*ZR-c@d7?C&LaIpvOWW zw{Z}49njOG_2vafAK8HOshu~~&uDD0{7xqtd?YtC9KX3~FhgxqBC_iaJ7dhmLxo}#I`H|^GxIEbS_V6d*)+t{PwX7inFktZaI0&PTg850`yXG9{Z;k0?Q`K8?ssvJ5uYN1ywx1o# z?#O(4|$WGVq>*?(%x^Xu(VwX-&dD_ySOMPn7X*+wN!qZ*&Q9caegd_g{Os zpgBYku-bC~a9_-aSct{fgs1~bDymn0{tWPH)gUL<#z|d2WMK{t8B9a?P15N}E-t`b z34Sx=DyM1Cp%$sn*QOYmD|_iF+OELDG(5MD#yQ#3qcJQB1Z)t&U|aV?sL3olO|g;z z6E*jS@)qdQNv6X?%3eC~f)Tg10Sz*~1GpMb6c%DF7!*Bpe*Sj$2p60#RPp=MajEnh zuS(uTBfAZ4x_Y3LekS>eZaead`E$;l*cCEpoGa(xOh48)oe{x4ZZ7O1f5yshZkU&LG=^N7Z_+PBikaQnmIBpoiE@y(^;O)ABQ!>Cw{SZyXx zuZ4`{y^FZTi%`%2tSatc;hU6wl6x2r9{K*d8jc)@DNOF=)CzGOz+?gxsJaCjR4CI-hCZyZ zqO9rVYSl%t3;V1d=FiDdiHnrNH5^WC56E9c3({k;Wc zWO{IC6($5@1HLd-yv@3OT<%{kJ#I-cAosK3mUgz_r27b4xZg7jde9_`Ot0RdCP&W-DzCiR=a(cD_C3dy+qg>6^`i-;qcOSR! zz*ADPZmtY;bHsbI7*)x=9+m3<`A~~|ej&qoh}@eL73=H7Ao^Zelk493?le|OI^vHj zfgg$vH_d7Z#O_2tfUffh4|$TkVKLGmndVQQVs^mEcx#tT@!?mUv;@llbB6$7#Hza( zy^c&k2Ire}rYbABIu;URzZ(jEzLhaLJlc<&9c$v!;qzL}EAlyjj0)ne|D0@J$;qhg zG%hf85+tdaIErvq2bArp8413XNxWQ0I@3@ zv&+z?x7W)JG)K;y~r#!ROH zmjYF^pxmZ#H-^q^TlDLglKYK%rb$-zbfi$6BC=lY*hdn|rke7lxvpTHn-SvH4Q%Kr zleajGzo~WVj!bgkD4S15m)2|}5@&kY&J`8T|b32#eqsZf-$S<~H#at8LULR2$>GBQjSX&o7Z zKkfzgz8$a>t%;`F8GR`l1#%DnD>`foE}hgec@R->QD$)1b!Vkfe{?-zIm^n1HEfah z>bWH#o-@j?7H+t{FfB-EU$q|1Cp$xNkFTzN&Y^<8OEbc0$WY?g8|dpkvjEo$03Y+1 z86MoRpe%;DKIZoUP0tUreiKjTvJMMzr1}Rw#yj(-fbSu=lu|6%;`yTOnIC2?7UCO4 z4O%oA>Tf~ZRC3v?M-z2;wsVg$ev9tYd*f_HWEvu$n)!?_+*0z3cX;0PR+;f$zNX8l zh{Zy1Qrz{+wYP{a8l-@t-x7Y@izY>10u0LM1hZ;So<^7F8wZ#i2VMbS`89qjD zxRoVdv7wbp(iAbf>G%r~-hrmVzfc{hh&_*?bxMaxG&_razksFB=^DO9CHceEdN9vA@Sk+Fh(@$Z9T` zjM$e&Giu#rHh6?0J}@y6!CE3^<>uU2;RMOn4u9R3V%wMaiKJ`r z8kZ!`ag_Pra7lwp<8s$`cF{G5#yvL{%9?Pkl4kaFJZ;*T9z?t*nPuP%&LJf@O(^|g zE(wL9LZ-q4A#NRI0h8fWuJ{S+kOvvJ7n{6fE==fbU%CSa9d|i1vs9p&8J3;#h3k4n zK^*m0b&~orPu$#4Fcco|mTsxmhLl#8c=8z9DZ@?a2AUl06_~HYJL~WRvA0wsOs*h6J!BW>3O_mTAdzlG{n+;fK z^8I+8_Gy{ccr{a$z)Z=3AuF*QJ6tFiRBM9lO=T~;mG2w#_$-_$MrZlt-(@BqgRYxu z2!o>OvGsP~6Q{a`0Xj(HxF2XV6ckf)bFgBZElDgPdq_ z{_;OijlbHM))EHQV&Nd*d9R=;70g-_T6g~fyXNxn{Ur6qRs=;`;j-$CoA=qHquU8JVPf-V#Zll;vnb1-&{V0RA>ns_JA@iws#C(Df2 zb2}B;xb~l(x~D!=Cv5A8X9(od?AZ2k@1DM-cr)%=5b$@YjmRsWiXMZf9BY&c2!6X= z5M2K>2eDWRLl6&o|VNVu=u!?e%CX<$CwiIWBobaP&{}>?z^6=SN$OyTVR^JIo zHOfO`_{BDB%dXCLf32FlbV3eS#22~;IKz0z_Ms?p-qnPc4i4&Zrl*Mz!Neab*FU5p zMIQAOYsTW_9Z%(EP++F50yH@tP*pvoK|Y z3t(Tm+B5ra76vU&qmP{9b+W?at+1+B(F=>Cg1Z~S3Wdc}GC6nsu12dod1-%16Pr{} z8dR3<^pI8INPmHomD4xof*!SNs*|9eGz^Cmbu~=>3cedrUeG!w=+J?o#syhk-(Fu3 zCbq){cgxzE_AP?Y{C1pay=rC7TiLF#t#i&OO0>Y~WW``X1!SJ}1B2&LW&KGJset;~ zd0dZsqNXtZ^5GmMRDcvyEN>d@E~{+qD!961a!SO8ZE%BZeKD3uP>~L@0b*Z4j^29n zW$WD$@7N<-XVGoLs>xSyW2Kg_~29#2~|wzNH6O}_Zz^=rhKznZz25JoHOU$}O5@T`PpT6?rj(Jz>OE~VFz4<7_O;+=-qE|K!$Tc(eU8x=Gud$=Aq_GgV_Az_My)y zbiQ?uCRowgR4K&JO&9!oW%tR? zx|GEv&<-UGl`rsgTI;i(aNnFNrZ}6{Gqk(FHojiHZB}@*Ub6ChB`zaZ!)DY|q$N=d zKA};iZxPxF96fAN;6px0zf7DtPzPyja-oU&a96aOL4^|IsYuAc@;TEikXs=T!5}<@ zA|G0kTbuM1Hjcjj&gu41l?qyBi{cM+;|K5+D6{3PzF7_A_}8QaH#xyNCWi`3A*~CG z&Q&gspD_jo#SWE=kyk>~2zDj(OP8!JlE6I;+Fi-Xu|VPh@~sK)?i14F%| z1qWPs{LSiFnS7UOO6g1S7Hjk)-JQJu`piu91tU5eQN*m)a|;&wJsf?qO?%blN}S{8 zPfbtka1bX#*c?~T2$;Z5QCEp>5tJW=X*)29=61Ibz!8pNJ)@PnFz0kX;AEWH_suZx zUN*6R%9tukQOjMIFA=fsoeGHZa&Q?ZL7p8RVRBk+b8&h@b6UCmTRHgwyuoTqKPL>N zZ<1m@t$s@LB((tZ-`VwGAixu1JdCeJ)LBaa6@G?m|i z-{mpI^T2s>#bXBQ4A3JIjfu>9TUoDVMJUz~0_ec6wHygeT_2>3GPQVT=1`(Ck^ z{UOzM5>zZTe{mZBm0)jJnTk>W^Rv%y4DaSO!vIsa{`a%+%^OQgx$_U%*)cB|f6&8F z!d6c%i!!lzsX;|iqB7JJ6#Fs3Fq8sIpzC=969P%R7y>F6e0X_EQoCREvdG$P9Q7J7 zG|bdJQ(8vomD%WbuPa$btz2qZw3gnxqBakdtA~v4vSqI*HIbUWO%Vl<&Q<&j&HT*U zX~3xst#uG2sXekYPJ=!q#2MbUFt{wzRYfJ#K-Wh#-OFao^C={13q`S5c$7Hd+TM>; zMDP6~(F1V$E&W?VO`{7Q+cuvcpxw_l`)ab6m-OeBp84Z=7(l zu~OEQQSTt@Io28s*h3E73?8Ew`!ixtITU2yMtJ13VXo4z_LJ_7d;+Ee&9Wxy;nt2sso)+i)iH)3ao#>66(-Xiu z)S|yq!{rFI0;I^x+kr{8sNl$krOQ^c_aYc)}E%1YRXwA-Eo<=>ybEl@uBv*Y;)xy=)Raa*xi)qlaAMZAhwb*iCd#e3}ky0%~&GkX+x~YM0j9vl> ztflI)IC9`kr9azx+6tuN`@e84`2gm8XM|H}5an|oBi7@SuEz`saNzJp*Hg{4){n`H*9xmiXFhxx zfrB89sl>UmuY9NG6)$?8HMy>u6vW=?1Y>RpAw<~}32WZjPwc}VyLV}s#l4)3T2ikF zP}V8Rbb;Y>#Uy{mF%7hX)LeGFT}ia~iPof5qkZQj-d*+K)auENkE6$PXklFyD7c5? zd|4ZJSccLU`2-^@Ft7$0!^)kzblo+C&VO$Lsfkf5_4Z_vnM_>y&F3^CEM)SNzh)ER zC+O=DM_P^Om;@|7i|5Q;Z3tw-`M4>^SX>;`UPX)XhwnBNs50v7w5Tvl9w$__76EowF1?-O32vu&0PWR8x#vD9++knFB{jbaoo{ie*+f1_^NY)OYh z910RT`qKeFPqY%x4tag59d_@(7{EABJsMa7O`H5sde?_;4AvVZzba#o(b;e)^H zMx{BG$k26>2_F*Rdwb&wi+@C#3!;fQymdCZZ?ArHjLFcvg9y5VBQKAKllRi=a_WD^ zFDH2c$rTIg2veLm(>1xMQ28_AW!i5<90D0ngL9kfjm3RN(Ra!NY))vJpGssfmtmSp!71+Q3>&or1kf~BISgpx1?=+lu*s?1UeX#zzaakMH!&$<&~a@ zCr)qwoR1!$NM1}Y@O*t6AWwx}*e=1MzFT+S_VAC&F|w%#G%AHiG4eh=P`m-$DP-K^PzX=TMsnAk)E>J3Hzr7FOA66!D?=utrC88u{P^)**o7(v1wC$<5e^abGqs{oWwkMZ#DW3N zjB{-&BKy{Mn(}SQEH-r0z|N0h5PLW#3m)$jp^<#hn))n4MXNT%&g;3!ve%mS4Cu;r4x`)t<-HsC&If;o zFf|vXk(!p4_MEM=vopchL&z}pzEmOGe51wov{~}sB5}QFeE2clr>6scA67yXI2Ty?FNi-uy>FYWyCK4%Z5y5h%`oUGd}$xb3sC z2bcQuUgM8D%QULOfD&42r;>TG^g!D3Kw^UhP8kuZ7soEHY^aAb3`hb(Nj;ZBzA{F1 zR7S$uWzj?ZZ4qb(9lf|=#NR^ncA6z>LEzp(#^4|jQ+L5=H}I4eDv~N_lV179@ANew zbkXbwP2V=}h@JlcTdBB@phv1?Z9~$$srG5^0ogY%4kU6x1)$_d`!G}^3N)a`1}%2o zZU}#<4%cB$c`8Fw2+{}i+zGX6Qp5k+u3&a)NV6Q*lIlLgIpNRJ0p^?V_4?mBmA@~a zDK+s3VQ|1R+UVsM5Nx$v2(%ox)PWs z6!YihY$e_F<(Lj&L0pWH-bc^!(S$gjo^n7!h*5;;+&j`&N+~Gzn?NdpuT4Ba#`%5S z()b`<#L>Dk{?W9gvL=Uz5q&+!#Q(DIj-8J<>SU*0lgK+Dpc$mi97rqS!Bx~XHJt;$bqtBVE1$(j@BhKN4BsCklEr$xY zH(bJ;B9t&X8NI^_;j{ZK?zh@FXAa&K8f~>z(n0_U?HDezzsDAT*fjJ^2jDXJ0q6n5L>6{d~LvLkmAnD_WdL} z^R%xmL@z;2sZ?%fohI4_IcJNi(u4U1yF+H)yg-JXeP*Ub?HC?Xi?Io771TUu2~@jx z+Kb=h2<23i{@K6Q1phJQG)Uy}N!5@!fflQ?w=t@$;ZfWU{!+mz06o%n2~e(YgO{Mf zwB9K%vI-}hCL)l=P>$(0^o|$d`k|HWtT5E+AEWNmIQz%a2+P>}U@foE8A4vb{#nU} z!XOp_%8hALeHQ;sT*OV2-P=7tN)K!IAIFKe{=!a1bs3P`1KBj}aS>Z-;PgMm_=~d>oh)|2#Ajx`@KxU&+z^^Im%M8lMuoL zlYe5CQg9x&6#9WZu-CMoZ5X_LQo;bY3V|fG8z@%TqDrvFvsv?DFUkL?nP~4|1jc7uk(`nc=0|*R8A%3 zpOrlxZZT&JcvGfh#yOedS%$L|;UjYTDlYr&j|Cs#WK~2~91vPHuF~I(hy3x$lsRYZ zz5KPI?n#P$e-a) zY{^IQC}|7>eWQE*htC<$3tQ!nkyI|^w4jrc%I9B*Wy7<~`|HzEbct&3ZnR{v7}EZs zCIT1OrBi;K+fV+v)r0u{B;Qfak}-fpST{a6qGA6Bn{!w2m+++QbpCHWRi1KOe?sGH zFk@sGzgig(vvtuC$vsEj6a1fE(iGxxN_mwS3}60f=9lUVHemsR!dx#(tHvx0Af5$| z@jh&br`@Vzx%{h0+(6S8r1>wr6MvQCx?OXLd^lGP*D%la8N?91&Uz8Nd0d=UpZIeD zo52alB9&3d@zv<B%UF~YFMD7V4uHcQ|qss zkhnXWy@Fh@8GrCz2l$yHt0;8%yT=n(vv|<@F1fNla%|y_!RdHN)c;MZmNF8XD z2v$KJ3dM3zL!dfPZR(oZcY&)JR+B31*(h^%=YOv8Xs#es?mXe{#!ViC&cf;FrBj>l z$RGJ$94vS!ma>M%CZ`gfM1ApPsq-=pQFp#p@#GBZHVlZX9co;QzBE*26kd`8`b+|0 zi~Dfo`O2OQKERp`*0a9&nFIQuX~Xw?FWPdw!8+j7+1of;`}leTk2+@^dtLFNEl+CS z_WMh0g;}`InU;FN@*3Ybr^T}-rG#s`~qxRWfEs#e1x(hrE1H-TgP)|4? z_^r=^xiMe{(ns z+<>nHLT^JW-oD~_DsG=5tHI(2t})!;k}M|zZin1tgW-f(ys%{P{5vH<|6_78tE2Aw zR?%Fj)gA~ALO6M?0wBxbJZ1xg?u8hf$bA2#$ZG1qZ z0AhPuCAA{KD>7G0CzaM!mem&3c^y0xK}F>nlx+jtdkT9o>mi*p)GlAq-^66TU52`0 zCAU(`aeaA80|o)8d@zGP=t$Xair4INI&DzZv^hxXO6ZRF2?Vm3bROO*&vyc z3RZGwn>Whbl4+K^gn}S!`>Bl$HjW%PXrj01#}da(Zsb8_FE-K@O_))^K^yaRiCFmf z#0JTzDD&zU#1$FxXgo7BoGHRda5HwlIzL;K8wbPjO7`qRtj+hIfj(gZH-BGul4@+; z&NaJwv^OJ;YJu%m;-jLsYcA7*KGg?dtq{jCgT%hl#%-O4`bzWO_) z#q$FV3&m%F;dmx&vwEjBRFPDTJzrX)1j_RMO3k`CG5L2i{TLe#sp5+2TFe-*ZZvI1 zz5Qih`?QRd)2eY7nO+Qc2ZZKEZ z4<~yd7eOGE7!VFKkQ2Z|C<0aW&uhR_jx9wWK8{#V+FK*T>H7G~i=Dlv%abF*)~g2p zPmjp?MW+{CBXfSo5^~EYTGwX|1baRi_dUfyz%Z4c#}2eBU+@G@+`Q~=P{6Ao9eO0h zE_{_@Mf(N{JcS}Or@jO~M9PAYfxn7uSoi{?{Vwn+Lsoh8wYwj_k=pYt<)6I&S<3T{ zf8qmG;oV0JqVM}Z`|0q&{Do<4jJ&MmqaVa`otD|a4f+j`r@1&E&G(RJkVl9h z&lvZ|%36uZzo_WFdak8kzt3Bb9jUG89POZ}P8%8;^2#Q+de7fUasTf_Sr??3-?LY8 z=qKNGZZ(PmKKJR~E1s?yHE!YYHG@d%R~9@r^UCRC`NR?qce>jI?nHg z?=Q?GB_)@ceEH3~x_aF?-uw18Ha2qq6V9qsYr~pEroJg=;mb`iU91!gC*BD~dM*S{L z5}B41Vc|fe)}1brdTE7rbtc0NKiT<$4bdKpU}K!_sw|wHC&xnGdYT5LJ?pp!P+`(t zPsUxgc41GSSqH2)g6*EY7Cx0kw`GBgTJ38^6nz@{GM;437-Ur??Pj&2{&Bc8zB#*G z=a0w7S0Y!85H@ElbKR}{1{?74WzR1Y4+Sa-m-9bWI95$J1=^$`SkIlvk1OUqsZe$N zd>h49pSp@TZW*L{ynUIMa|L>0kE2w2nv3V@aqTeFpQQOM_ZfnORxADn>5_uo1B4b? zbyvNt-9C6zQ$8PiInEI`c)bafl6K>;>E5d=AKD%jt=6)iT?aXz7-I>3a?N*{2_%I^*cSN|a zfaZ;Js|}G%?}Q;Ke1oLAWpZ+|BeN4yd^iRvW~xeC_zdzE11F6YoWR~ZG4D4}_mNBp zYpk!$ulkj-Ru^YO3x)2!Lp`bs+U1?(Q+)vXTHD$x(SbYX1Nro?8t zhS0CX+X8gNk-nsi%-BG0S2kAEgA;}{G+8?dS&^q}LZ#Zv_>X!QupR2cJ{MDHnix*+ zo!P#4)S2jkaI9lTt{T6&^_LzhjASO6{?khWH!+=0iv&f6<*NQ5jVdt*>z(%uh|(!D zLaa_SVQg=}FWMF@rZRobJ(Ku&cKj6(NnreG3#SMRig5zHL8C2x8T4VVY$LlPMEva% zj*!v`2F+0~um+v4T{;MJ9B&&yy$*9Y3{YUQ#t3G;)3c-K7 zNk>fyAH&Qd!sS2(z78ixt~KZgDZ$k3vZkX|s7Y=z72Orgx7u6~f9i2;g)9j7hm*si;s}YJ?10u*wuzhPCQpxx|nQE@50cDx}Q^l`y zprJ3i`W`h`;u+4Hu*WJz4>5{Em)bCFn|ic(2LHOS=)0A_%iN^f+zQYeIg@INvJz1& z5VSBc8FjRp9lbbfld5viqlBF2XZB8{86^tvn@|aca*KxTfW%4Q^s>+hmvys>RivOC@yeC zl~AH3JK2s+@T%pdBe4=_0fAMpg z1KAdY!xSAJITn6cm-D2nG+kdRACL2;qNBv`UFNOlKjU*=DQ%)DD~y3gn0KEHzvj=J zJno50HD{d$ZWP?gWsK2xahttm&=r;6_+C(Mm)C@E6Dh582y6Z;Oa_nUmtjV_I+K?o zL~4d*k0~C%86~O#*$*l!r?ZrjebiC>=@=e$D-t6_ zNskC_6zcTA=~s6GX^c&@Z7#YKF&rCr#DEJfovay=^vOC8xEmfWgy1zZKXFvWqrJnBne%fC~49gPK#Msfo<<2 zR-&;UVW+UPWdY0RBPGzL=m%g zx;W-lcOj_PoyLEaG}qTRODi_qJXL_8p%EK@@{)_O9vqncWeD3e{VS*!9G6GuW|G=R zEq?lzjF*5v7h;<&U7--7l%j&^@TH~f{ppQ=j*_{8-Y*9}t!#6}zuRpdU_CRu%w4^D zf{uZa*Oa#JrEiM+_QMc5xx*zxgcWIiqx%@PouGjo5jrcr#&B~%3ipS&q*WAUdisov zE0adVX+j(#1V62N&1W@5uu%^w3swHoJjqfMsuJ%kYc2B9;%xYw#(itC=Mc;EEs*U) zg8X-NnqGFa&_9HkL0u0g%Y>c@vB5fwBW7=w?48jQ=*i`gu}4H1ZM|ue?c_eL2|o_^ zTEpx-Z$70`CRYB!GV^~UmMVP>c{fnD*2x$SDGvWsn{fnTTcJu&)duTTSiOCo8=3l& zq-%bZ`f>Kqcw)2$Kg1J%_lXz`<1C95KITeqU3;o7>CW^|}X~;X&1Pi8P)q@w*^Gj9w!YUTBwB3fG5`y3LC%M6bJugOw zR#Xobhi$&j@cn7rqFaSet(|YG_)9w?(Q*od)*#oywPG2)XCUy6U)J~AN!JnR0Q33La_f@wRFy~TQ!C|Z0;KXRmPDfHV%*YWM5D#f+BH?Y_Il+2tcBrs@u{}v zgXTt(KCd^Lel4PxFWoqbK(`Uo+KWNHJTGWa{sa|N(o%gRhIFWiiyGycna2fshT)SQ1iTbU2d92}$C`*j>%t`=qv8iCyw z7TJ)lYjvx2GRw_gQ&)oA8yuMH#-IVM*ZVwz#`_!n5L*`dLHsvL)qz*PH40m^;6o4BZniS<9dM0h2XKPcY8vs-p}XI zh=_6SUbKj>v=`fwuvota`6UrNg35Hqu zzaWFBEea?NT>Z=h4rl(E=O2c5I#|Km_I9=U=-KS2RbJduea{^G(8k#{25o%)7)Qp0 zP^XOO9!fQ~u<`7t72#Rf!CV|lY;rFPZ)segj^{QQ@plK=K!@vkZA=0+H6uCp_u;K( zbhG;wysXlxA#%o@wIJ_e_oHSJ_~RpaC_+@4DVi%rk+(XHI!KIdibdCvz#sVbHHtod zM&FU5;Uh>q_WDBYka#4M-Ri>oFr~$d#J3itCcq%3;M##m@Bbpa?M4Wp@-&PB8hG=`Nq=Y2m& zh70ed^qWit(M0D7|4lzUIN07JsK-&rl&w1McS$_Os*TXZM%iULr9K!QKk@Kp(#D#n=gp*yBdF#p66~EyT3tyh69&vgc5wUe(|T zn@EF2ggtPA$uh#=7Rleii;H{@*5?Adf&@-TY}G`pVDL#RuCH|~;PjhorxuHe$(6xg z^RZbjcF!HRL9iOo|K?g|a8O3StTF$E)hQ@m<2##uZZj9ZdmKeb`-w&C%N;JHtIC@< zO$mF+UZpgvPtXzCAW|aa1&a@vpTfd63G5O_?5 zo`tCTCNA!(hIf^TAN_WREtsBo#||v0BtH9iK)4gvO!AsN%J^FSd)rU#UTLxYl1f`ow5B8}wGrGRv&N`oRD!yt-;h)5|242{IlT_S>nFm#t7 zT@phK^?T6weSd!6@4vh5UH7iLzUL2Evu2;&=bU}^vu7W=Rrwik>OyoCK3lKoKc(G` zRcsuif(k|rC*aFwj=L@Z5ADodt=ID|&k{0iZ`n}#<9(NeFQsYh+RJ_ z0iDrr+Gty1fX>s~!cPNS*7BqEQzv?Bm9#w7E1p>8j9fyz&-O7;WlFcyZYe~)8!TRW zemN(fC5MU7=D3Bzea*;~8fs7J)bZe8J&AAtT%Z(&Z!6^H;@970Tax`To8X}r#Y>og zdE*A4c&()Am6{p)*=nvSl(AccyDx^5*c~6tX99Fg<&wMQ=3}Y&5cmD=burVM6`?=q zhKlh0Ka$=*e}A(&GoG=waM5;R4M%HnCb!3Z|J^1R1|H0^K_@I=Be1DtfU*c8zP;g7r`tO zaS3~};LwYm8+=XxV`e+X)Q#h$U<)f6DN92~M{YBctV-UMGKH%ISHyTl%)AzIMSzwpr=}53DQoyD#VYu|pdY(OX+7PfkL3ERz@{7g(6`a55uuRE zF>QeNy({CW8RKKxe3hB!qZ0uVH>O@%tEh<2#L`wBdutEv%1du&c3Ix|be3{cpWTsD zhMXK+l)%TwgBiYwJ9dh0E`2DPzfa$t0?}NRyrE$PGZxX-NM+1-+7G@=79dt9IzOYR z0D8KDg2E3yjVK=#ofbGV>s;=*H?rdBxuft0&sp z+UkRLG}Y|?P(O8!dSUvbV&yu&9%;;OF`yeR9rh0(mf54shV=CMSeeAe`xaRFos?AG z`CBd6?>=kENBIK#DVBP0-K$23$n1FpnWt(m9Ybu|LWiK1?+YM0>l4q>!bcVRra63e=2PD^~O3A?>W=3kyF8{ zzXjvq3>pOyv!bv{xqAcbEd!xkws3Z-Xe}(f6x?QNufLX^*@z@c8aswy>H^ypkP(CFfrG^X{S9MM@73(j zki~8`ISCy?01gn9=jE#_@i{&Dch3cxZPN6Yd@Wn&q8qDSdGFRTFX-PIU^ z4UjgNeSaJ=^E5X(uSLhg2|ji^thYy(1Z=N@fM)n+8>UVqE2r>t-y|P@uLdIjx;|Cn zLO({;_CyMciTTBvE|1PC@vtkDMKO^#^D~yVV!=>5!LYDirZ#y^vE!{bofE|!@z+Q6 zor3qrFXJ?mGxNAezv*kXe0`_ZfUeW)(HU6MN+kTDMzDua(qi))t}#6v=C!Axd8(x= z?|AUjS>?+V!-4lQfjD`nvOzy6IN(eIjbmCkD$)!O_qR7t>Hp4t?4Nx17FMseI}2G9 zGLsve5d=_9u9;3=Ai1Y#r(P>5T$rg>?O(rL>*NBG`H;dXl6<T$}q|&UYv_=-BU>R|4f&$pl|AxL4G`S^F9ffjLKEzu|v~ zxQd7HRYSH-@OD4guJTOT1RU#9ul0EMlJY{?u?UydYAG(-9#OXIq(GMEGY&ka99JrN z6$W%^827M2HcZ?>J3_n2;8@q)1%M&5;r-3c9$4+Qvtq5(Ja>8@ff@qs$0ybu;Z;B~ zL1x-7@&J|=vk6GIqTc13*UXP4zRIP3&NXC_P*ZjQw;IHqrPuuz)?*NBS}?>ea=>Jf z2^n$4#5(?A@k1ux;HxpFy$}CX8X+{gViK$OEJn0q(#Squ?MX-IJNn9%6RycorobQf zY?lSZ$yK1gt%!qwv>WO}a#KF%JNl|`FFXvkjTlVg@4ovTgyZ=W4hPY0Dhs+U*gp6(ik#c`%Cl;W5-^B$Ku60}I)paNK<@Y*RIHrq!Sn=csx@G?z zkR1p(Th+$S_3<&9aK;1&jT34fr3Hh!g#0!s8Jq&n5?BJU%ShSMc|kugHk51&792B) zhic$Z^u}GN27oMA5kr@DeSpL(@NrCK#o$Rxg`bJh=c>$<=utgfx@UiaN@4ddxcPW` ziqJ)dw4|L4qNE2X1H{bV-@W<04SXZ*>FK$b<4IAPrbAnFH%CX}Yl)b60zPd`6MUO~ z%~X#20R_B=X2fIa-cb#gabu;g&D!wz$VA1Qu&o`=pXxfe42|>N_ibQMwzA{I({rjS zE3K$! z^ki>%)%K%Nv3j3}rJlk9Z3Puw!*RK>v^HcXs(Gtg z@$~%wF0~+Gvsj=U4ap_WXzMR{|9JkewbXaMWk9oaMWmJlO|rPs^$;jkX2;t8+pG6B zA`?6mSjw^#@b|#)B%rI0o3O%kUD%?BA?u_jcPJ zny8$%^gMA}Nl41A3PDjr+8L7x*bslaHVr)c#S=Gg?`qC~n3$L=Oz<{Mf#f1K=OURZ zIyj!rDRUr3OlpFM1*nKL1L*F&+Ut_0nUMc-G)xa)MVpgaoU$*8gcvWyov>5d5#vuS ze&l8fIFC@1v9nfR*|71YcBN-sVfwHp#L2areuXm}=|77cECE*n=t~bFpd$3K*fkel z(cCN#X#ky;8EBO&!Yys-!bgREsnwQeVefaK-Sb&n{k5l|Jg{0>)B{m3x;yk~|KOmB zPIhx+gK8;WBWFMxSoLzGcXY@jg(}KS48bsa9~-snNzO_g{p!}MQbMJVRv%&FX1*t5 z_fn5^{9sW?>M0WXegkzSEmw&qS>?X_jZ4j7`!+K8nat>TP031Y0>-~Q9lkP{ z>w*LTd7Qbo=E~z1m{@=zB-g&Z-_Mqx@@NxdoOOYPJkgTzHff+@CcdqJlzV!?SV~gn zcHbwio&;cUWO?stC}QQd&+F9m@%!#9ihXg7zAa;c5Wub)q<0e+5iY0D+V5ojS|xuMn6Z$}8tcik-?eMbF(;oLi|pR|RE zTGC$qLQx*|d3A3A@YO7q78zWG6{t`^SxcOIoVQnIy@Wkm6~XF#64Y8MvdBiAGVWD@ z>Svc89r~Gv(#>NEs`5$PZ+zCD(!INc^3r#AzXXj)_09rxCrm~iyzw~{?^7z?@6HZ)|O3{?-C)*^~^8<*vs=WdOaE|^pT=yucZqV~&RnP#?`SGK=@%=#cc zWAfDY9+D@(I*&%S-&LJ6$9bL4&t5W-#n@l)BS~R?CY!pt5HtU>v*o#~<=W|gQ3eY{z3OKAizZbhdyESlACa}-3i^XeNMr@?*tQopd z8UKCd&t>jp-oo}Do#P>>r;R!*Uw7<1uF868&2QunI5@6zydAJ!=%NZ3DYQ(v26uQV z!a1ZrKjsOnF4;I3w05NI`>ZT`;>PkilzU>*iBH;L!o%K5abiD+=n|Nc~jJBqdT{a4?>Zn@`mXe~U=T~sB-$?z6 z5r_NZ0*~nbFwu|8gJolZpu+ryCrWP24q$6FnGnM!Ai1e;?YC#dl?H?SnRCgWq9;n{ zSbxGE<(5Q$#Ybe-RHe9WFvn|2#E&{i!npEt#46Gt%kG{YsS`Q<<*|J$wpI7s?Ag;S z#hXS5D#Bg<+R{3WYj?KJz3Tt~@%^`lJgpV(tmTJRn5Y6mTxX@jJvw82`gL+_z1DX`nOt)V{oOPC@%y)ue`%TzT`Q9)nR_$9PSm(hEEHHVtTgU;4 z3ywV+H)&d_?9r+ldZu>_P^g`8*>d`S;$LtL#L^Oig0UU7b~S1*{^;|tRc?)M%lj1Q zWzo%_9O)Xo05KT1asC}BfC1i^IstUouhTW~x;>R>1cH^_F4wHl!gpRH&AnyNn$o?z7^HPP_xj0URT!eRE$b4esOUH&fNNWYb zaQ_GcU5#)N={ftGx7U8G4=rSD1&%pTCHOAO_*}Wu{=G~Qp!+i>v;zdu`H%Tr;|A%^Px@q@t<- zC6SC*4=NcCphU!H0fooOq*ZOZizhXhjQ6e{h+sDIN_NnCY&_7QK zg9=~QPEHw}r1sr{MW5T@y(K7Q25}c609=PxJ}s(ObIe|O7DxXzpoJ3}R3^FSg$AcU zw?{*B`KXB=oK3Fl0+}HAonZI?hh|FPTGS&0m%vIl&DLJj|B=Mg}$hzdd~R zL*eT{24s{?gAvjuKoUbP^EHAB06uh{a=AxJYJ*x_j7aA6{Aj(8-abq4E0UfWld9gH z8)&0)ZN+D7F#Gay{w>(}c(OzWl_r9`kYuXBV)+YA8l$le~Co2!#7JtmnsfB?A$X)i;SHL@W@vC6O3T_$H-`HQ$4Z@EavwgG@v zkzCc4sB&3sN{+D6!rnKvnfzb@A2`I}3+qN7fSXb$=Ira{m=i3iD;arb0<8K&bGegm ztJvGavCgY)t+tQZqt#R9!|z?W3S3Z{{K9%82NaZipe#FBB0~}YjCG3ShC-D)HL)q} zN}aFElw`5pS)Vv5&1--&;`M|GtS~l>92%k_rrIJ4tpnO34KXw*2cp}C%NCh(YzEJ%5@;p7M z(*polw)#hfZxDIJy+?I*3{2y0PGq8zQ^W6hqT4VbQOO<*d{xolyhd}y#(QVxgAB&& zl|nGB^T9oCO6&JRlP@XbdzEOWZM0ZO&q#}RN_gyR*B8>C{_;GNFB#qn*p&UcrI7LM z?f~Mk{Pu_b+dCNs$5~CqAMo?A0ED?-QGd)A)+r5a%2FZ`s08B-aW`_2Gv~ap=1`+~ z$Req0=I1wjQR3}i2w8p^@Wq26N4SQ|2IaMxWO0eB$|dFA0>~u^(K@=3qgI+i)YGuj zOGio}qvNw|znw?!m-AfL8=^zZtTRzF%@Avtx?;YKjyE)ip)?v`E2EqvtUA2ePq+1z zL%h2}yg?i0{I+2_glHqz5PNT6BUM73B8TtW(#XDW>bTj&H)a1L@x->o6kP_Lx_47l zk{u7X>)1i-OUX76asC#3{C)}E@?qO)&#f)T08bCeH>8{6-B#FJyo)IJ$_Oj}`DQ*8 z7^VZuuzxJk8=@u*Z5ltWC?g+BGH_YAlU-Rnjqz-v-EK{JLAyMJM1n0UTLubU*CM{| z;DaYnXk+6kf?jx(<|LFLgEYj*Z`ibeO|D3GmBe&!kqf3e}l zb;f1-+SG~_LS8Rtm>PCKyU5_@N0?C80h6w`E)(2c-1u}mW=p{JtA*Nh-wMS;3m|cq zJno({xK4vd>6fQmP^x!P-;|+%8K>%7A-YIA83l@DjU3!hVdT)j^|R>dgm0Dso5NR3 zeD@a@>-SDJY<HEPaVUkTm1Kq1=#qe2jUQ(k0ch9hHnx>#O5DjRdDGLzDUQ3G+f zy;qVxEquaNn&~mCKh6t($!h#*`d%RDG+=gxXWamj_sRc(G#1vf8hL%9RihbSs&)7hk1gDO_S4Vv42&zl*cVr{tV3ppJk7YJ~=BBEl@(?x3IvSaZ! zhGdod=S%}zO+>lG1PJx4vse4=rQf(W(7t__Yl?{ngd*pwXSUc?(>p&J$dXm!b+!)^)Ba! z;qo)3F0t_zkP{#x5aB7@aO1e!so(9RGy2*WFY86?q9vqcw-#yRj*+WeJyMW9YSmMX zoQwl>ZX->xd!|{t$I(#$anZy^IMeo`R0IRZlZQ5M(m1XSMjh_0M#OSb&4~@C_2v|p z)NI>*z;8zoAgI>++YAku>lDm<_Kek?!{a4f87?VLG<6t3M zn1QOw&nx-C%bzXwd$JW@v%GGBJ@bb|rPMDh(ma;EKU&6IfZv?-l&ItS?PXq?gW2h4 z<)WI=xSGCWt-)2J%-&=#6vODg$hXs9XLE-=Xpc%i7ZjEnkdhcM0sBGUHZd78lTz)A z%bAuw;Fy{2`>3?Bx2i46_gJfbdwZm0{n+A^(%g0J3!3g%cy-$vdG5btePBSC{)Sf3 z?+5c?IuySD*)L#xvO{jzqrtr`m#D|zR6JN)kj0r+Cqgt?BWpi4ms_FF{(-v5$Q?1U zVimNThgr7SN%sHgPkF$`*_ zZxa<~qTADy!JzXuG=2Aoe9{PAM0-=_p?X=+g^k8!?XT{ zzPrk5Z9KI6u2XWbh$>iqi>o1iT3TFhSudfnc4v)d?@azzj7_Odc&hh|gH5TA@j}JRKfPtt)Y~Aq zcBaFHD3%{HjX(vZi>l^n?gTN|1MC{awS81eh{`|L=TD9c@$f6iDZynr)xgjJStb9}^>kpU>HBU}K3e9~fd4SJ zQGE;6x1>GYIBsHk(3Hri6{Sk1aFY(C!Js7l3^etZ+4HC*yC_lEX;F|h6poDAND(&0 zz1 zu|2i-g>^IgmwPuzg{DsC&(HV>i6?!&IdA2TqzrIP2Oh7QO%wmRF=e@^-{M8IoZs^Z z94z;Mb>fXF_ns)W><1RLGg%KmtS9Y=mEGjh*Asq!w}3Nez+M?bC!8MTu6ajN@^01f z;D*0ajNBN3?Jx1`|GH&d3sOzbRrWey=vMn^J>*nX5 z$?~M57vBBJF0F~E7k8X>gPaVp^gKB`%S2(b2)S1Cl2uWNyDY*=sOOQBpbncJ&CtDD zZW-#c8PA3L8$0h50NsHNrTrZTS2z{nDU$)S;!Xi%sJbfeLuBBG$$D%nl71T+{CGX4Tt1h9I#C4x1xjgqWzwKUJVqzZs7+a^zI37kNYs`a(2|GD2 zXG$gRRxJA|Y_GntuJOH)ZDYaeieKxN>9V}d=Z)t(Uz#FRu4C=>WaJ=QDm~q{zXxEG z%-n%BooD_!Irhl~QXwvtE02Ti*&+Hlv=GeU*wZbWsX($K)Du`jQGmqk&*Y3>p#1Xx z2D(})xXzp+z5F#UWJ@w_Nnscs`54`OIpb(ir$+n+H`tzV1F^7J7*WmoKf#a*}{bG~}6_yH_!H z1d`+y5w2_~&Sh$n=Sqp?{MY$mv2%w7AsLU|7TYreX5P<4jR`UR=uRU=#hl-M%8|o3 z#EPY5cwZB;ylsJ+gE%JRDwiCsCJwPysdWmy|>3?x=D2oMAk-J{2Q0M=6=de)#dMwrzC?o>8$^u zZheZ2IO1B%ukOZ-Z}=rJnTL99mj&Pha33lqS*d;i!jU;>0S*}9PRZPK9zJ50FE3Y2 zjcmE}WVLyp0RR^DXfL7LM+rfqx3GIh(RuDM>eCrX-%9|G^Dq*a2Dj6gglP=(xggTzi8ttZ zyIikgeIL}*5rQoM!{HsJcy)7u>$kCcZ%auQO&DD0e4vw?E~y3laosxutHD85)*%(Z z!D!w%7|i1h2hWE$nXM1D9=$l)M6b5xcvyV$o&^~d{fB(~4IluPP-9vb;Ci+iZ)fje z(J+&GnhYKhLjHD#!BQMVLfEm^>V9#ROiEkH3&S-pSiy0BO)V~fkY5Cgw|;qA7X|#* zmQ{;?t2^I?E&oykh@ZicbfDoviE@PKTt<5~0JnD4DydGn77TmA(V2`_2%te-TjeS1 zsU$gm0sInA9EC5wF%0v?fp8Rm+536&q6(QLb0QG1X98w^cDXLU^L;RjgZKoE5}d@W zl-T?ho^p^?{w9DMUw!_AW&B;F1OS9|)DztpWR(Oe5>`q2i~MS;$y zy&63PQkD%95eaZ-tn)Dj`H_#Yq1ol)ncq^bWd(50P-!8B_+Kk9`jbODyJM-~TkCK6 zz1Ps~6j)l8?bcP!OFyDE#yS=^`|<*~D%T + +## Traditional VPNs + +The original purpose of Virtual Private Networks (VPNs) was to access a network privately when you're not physically there, with encryption in between, so you can securely access your files or manage your network from wherever you are. It extends the security you'd expect from being physically at your LAN to anywhere you are. + +[Commercial VPNs](https://www.privacyguides.org/en/basics/vpn-overview) like Proton VPN use this technology to allow you to connect to *their* network, and then connect to your destination. This keeps sites and services you connect to from knowing your real IP address and using it as a metric to track you. But there's a problem here: you now need to fully trust your VPN provider in the same way you need to trust your ISP with all your internet traffic. This "shifting trust" problem has haunted VPNs for as long as they've been marketed as a privacy product. It's clear that a better solution is needed. + +## The Alternative: Tor + +Mix networks like [Tor](https://www.privacyguides.org/en/advanced/tor-overview) have solved this problem by decoupling the sender from the destination. No relay along the path has all the information: the entry (or *guard*) relay knows who you are but not where you're going, the middle relay knows the other two relays, and the exit relay knows the destination but not the sender. There's also separate encryption between each relay. + +
+ ![Tor path showing your device connecting to an entry node, middle node, and exit node before reaching the destination website](https://www.privacyguides.org/en/assets/img/how-tor-works/tor-path.svg#only-light) + ![Tor path showing your device connecting to an entry node, middle node, and exit node before reaching the destination website](https://www.privacyguides.org/en/assets/img/how-tor-works/tor-path-dark.svg#only-dark) +
Tor circuit pathway
+
+ +Tor provides great privacy properties, but the relays are run by volunteers, so they can be extremely slow and unreliable. Anyone who's tried to download a file while connected to Tor knows how painful it can be. Even normal browsing can be slow, with potentially minutes collectively wasted on loading times in any given browsing session. Tor is hands down the most private way to [browse the web](https://www.privacyguides.org/en/tor), and if your threat model calls for it there is no substitute. But for VPN users who want better privacy, an obvious next step is a paid solution where you have access to fast and reliable servers like on a VPN, and *also* separation between who you are and what you're connecting to. + +## A Solution: Multi-Party Relays + +Enter Multi-Party Relays. Services like iCloud Private Relay and (the unfortunately discontinued) INVISV Multi-Party Relay take inspiration from mix networks like Tor and separate the sender from the destination using two relays operated by different parties, as the name implies. There's separate encryption between each relay as well. MPRs *do* require you to trust that the two parties don't collaborate to correlate your traffic, so keep that in mind. + +Typically, the first relay is controlled by the provider (either Apple or INVISV in the previous examples), and the second relay is controlled by another company such as Fastly or Cloudflare. These are big names, so you won't need to worry about reliability. + +
+ ![A diagram showing how your IP address is known to your ISP and Apple, and the server you're accessing is known to Cloudflare and the destination, in the case of iCloud Private Relay](../assets/images/where-are-all-the-mprs/icloud-private-relay.png) +
source: blog.cloudflare.com
+
+ +They also provide *speed*. Private Relay uses the QUIC protocol and as a result it's lightning fast. You wouldn't even know you were connecting to two servers in between your cat videos. The reliability is so good that I forget I even have it on. It even integrates with Safari and gives you a different IP address for different websites, similar to Tor's stream isolation. + +So why haven't MPRs taken off? INVISV's Pretty Good Phone Privacy service never seemed to make it out of [beta](https://invisv.com/pgpp/#pgpp-release-notes). INVISV [partnered](https://invisv.com/articles/vivaldi-privacy-guard) with Vivaldi, but I can't seem to find any mention of it in the Vivaldi settings or on their website outside of the original [announcement](https://vivaldi.com/blog/desktop/privacy-guard-your-privacy-matters-vivaldi-browser-snapshot-3319-12/). INVISV ultimately [shut down](https://invisv.com/articles/service_shutdown.html) their service back in June. I hope to see more from them in the future because they were providing something that currently isn't possible to get anymore on Android. + +That leaves [iCloud Private Relay](https://support.apple.com/en-us/102602) as the only commercial offering that I'm aware of, but it's limited to Apple devices only. Great for Apple users, but everyone else is left high and dry. As is Apple's way, they didn't want any extra inconvenience from using their service, so they restrict you to your real country and timezone. You don't have the same freedom to choose a server wherever in the world you want like a [traditional VPN service](https://www.privacyguides.org/en/vpn) would allow. + +There is one more honorary mention: [OHTTP](https://blog.cloudflare.com/stronger-than-a-promise-proving-oblivious-http-privacy-properties). It's a new protocol with a design based on the same principles as those of MPRs: two servers, a relay and a gateway, that decouple the sender from the destination. It's already seeing use by large companies to maintain user privacy for things like Google's Safe Browsing and Apple's new Safari Highlights feature. Unfortunately, it's not quite comparable to MPRs. According to Cloudflare: + +> OHTTP is not a general purpose proxy protocol: it's fit for purpose, aimed at transactional interactions between clients and servers (such as app-level APIs). + +So it can't cover all the traffic on your device. Still, it's a promising protocol and I hope it becomes more widespread. + +It really is a shame to see such a promising technology go so underutilized. Perhaps VPN companies could make their own MPR product and fill the gap in the market. Only time will tell. From 7025dfccc6077da95869ef26aa52a41dd2f144e5 Mon Sep 17 00:00:00 2001 From: Ted Gravlin Date: Fri, 15 Nov 2024 15:55:17 -0500 Subject: [PATCH 19/21] update: Remove outdated master password info from Proton Pass (#2815) Signed-off-by: redoomed1 <161974310+redoomed1@users.noreply.github.com> Signed-off-by: Jonah Aragon --- docs/passwords.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/docs/passwords.md b/docs/passwords.md index ac03013c06..54392a2fe8 100644 --- a/docs/passwords.md +++ b/docs/passwords.md @@ -228,8 +228,6 @@ Bitwarden's server-side code is [open source](https://github.com/bitwarden/serve With the acquisition of SimpleLogin in April 2022, Proton has offered a "hide-my-email" feature that lets you create 10 aliases (free plan) or unlimited aliases (paid plans). -Proton Pass currently doesn't have any "master password" functionality, which means that your vault is protected with the password for your Proton account and any of their supported [two factor authentication](basics/multi-factor-authentication.md) methods. - The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June of 2023. The security analysis company concluded: > Proton Pass apps and components leave a rather positive impression in terms of security. From bba6ffe74fbea1ea5fe3d71a6b6a6ede0426ea9e Mon Sep 17 00:00:00 2001 From: Ted Gravlin Date: Fri, 15 Nov 2024 16:22:00 -0500 Subject: [PATCH 20/21] update: Add Signal Android GitHub releases (#2816) Signed-off-by: Jonah Aragon Signed-off-by: redoomed1 <161974310+redoomed1@users.noreply.github.com> Signed-off-by: fria <138676274+friadev@users.noreply.github.com> --- docs/real-time-communication.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/real-time-communication.md b/docs/real-time-communication.md index becd3be3b2..b094d81850 100644 --- a/docs/real-time-communication.md +++ b/docs/real-time-communication.md @@ -39,6 +39,7 @@ These messengers are great for securing your sensitive communications. - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms) - [:simple-appstore: App Store](https://apps.apple.com/app/id874139669) +- [:simple-github: GitHub](https://github.com/signalapp/Signal-Android/releases) - [:simple-android: Android](https://signal.org/android/apk) - [:fontawesome-brands-windows: Windows](https://signal.org/download/windows) - [:simple-apple: macOS](https://signal.org/download/macos) From 2d44ecf8a62abef01df9e079015f0bb3b6284906 Mon Sep 17 00:00:00 2001 From: redoomed1 <161974310+redoomed1@users.noreply.github.com> Date: Sat, 16 Nov 2024 09:33:54 -0800 Subject: [PATCH 21/21] update: Privacy Notes section of iOS Overview (#2817) Signed-off-by: blacklight447 Signed-off-by: Jonah Aragon --- docs/os/ios-overview.md | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/docs/os/ios-overview.md b/docs/os/ios-overview.md index 00a88128e2..1357b6bead 100644 --- a/docs/os/ios-overview.md +++ b/docs/os/ios-overview.md @@ -21,9 +21,15 @@ The only source for apps on iOS is Apple's App Store, which requires an Apple Ac ### Invasive Telemetry -Apple has historically had problems with properly anonymizing their telemetry on iOS. [In 2019](https://theguardian.com/technology/2019/jul/26/apple-contractors-regularly-hear-confidential-details-on-siri-recordings), Apple was found to transmit Siri recordings—some containing highly confidential information—to their servers for manual review by third-party contractors. While they temporarily stopped that program after that practice was [widely reported on](https://theverge.com/2019/8/23/20830120/apple-contractors-siri-recordings-listening-1000-a-day-globetech-microsoft-cortana), the problem wasn't completely resolved [until 2021](https://theguardian.com/technology/2021/jun/07/apple-overhauls-siri-to-address-privacy-concerns-and-improve-performance). +Apple has historically had problems with properly disassociating their telemetry from Apple Accounts on iOS. In [2019](https://theguardian.com/technology/2019/jul/26/apple-contractors-regularly-hear-confidential-details-on-siri-recordings), Apple was found to transmit Siri recordings—some containing highly confidential information—to their servers for manual review by third-party contractors. Though Apple temporarily stopped that program after that practice was [widely reported on](https://theverge.com/2019/8/23/20830120/apple-contractors-siri-recordings-listening-1000-a-day-globetech-microsoft-cortana), the company rolled out a switch to [**opt out** of uploading conversations with Siri](https://theguardian.com/technology/2019/oct/30/apple-lets-users-opt-out-of-having-siri-conversations-recorded) a few months later in the succeeding iOS update. Moreover, in 2021, [Apple reworked Siri](https://theguardian.com/technology/2021/jun/07/apple-overhauls-siri-to-address-privacy-concerns-and-improve-performance) so that it processes voice recordings locally rather than sending it to their servers. -More recently, Apple has been found to [transmit analytics even when analytics sharing is disabled](https://gizmodo.com/apple-iphone-analytics-tracking-even-when-off-app-store-1849757558) on iOS, and this data [appears](https://twitter.com/mysk_co/status/1594515229915979776) to be easily linked to unique iCloud account identifiers despite supposedly being anonymous. +More recently, Apple has been found to transmit analytics [even when analytics sharing is disabled](https://gizmodo.com/apple-iphone-analytics-tracking-even-when-off-app-store-1849757558) on iOS, and this data [appears](https://twitter.com/mysk_co/status/1594515229915979776) to be easily linked to unique iCloud account identifiers despite supposedly being decoupled from Apple Accounts. + +### Traffic Outside Active VPN Connections + +Apple's [privacy policy regarding VPNs](https://apple.com/legal/privacy/data/en/vpns) states: + +> Even when a VPN is active, some traffic that is necessary for essential system services will take place outside the VPN so that your device can function properly. ## Recommended Configuration