diff --git a/docs/alternative-networks.md b/docs/alternative-networks.md index 330d5704ac..d190eb35d3 100644 --- a/docs/alternative-networks.md +++ b/docs/alternative-networks.md @@ -12,7 +12,7 @@ When it comes to anonymizing networks, we want to specially note that [Tor](adva ### Tor
- +:material-incognito: :material-server-network: :material-eye-outline: :material-account-cash: ![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right } The **Tor** network is a group of volunteer-operated servers that allows you to connect for free and improve your privacy and security on the Internet. Individuals and organizations can also share information over the Tor network with ".onion hidden services" without compromising their privacy. Because Tor traffic is difficult to block and trace, Tor is an effective censorship circumvention tool. @@ -67,7 +67,7 @@ Running a Snowflake proxy is low-risk, even more so than running a Tor relay or ### I2P (The Invisible Internet Project)
- +:material-incognito: :material-server-network: :material-eye-outline: :material-account-cash: ![I2P logo](assets/img/self-contained-networks/i2p.svg#only-light){ align=right } ![I2P logo](assets/img/self-contained-networks/i2p-dark.svg#only-dark){ align=right } diff --git a/docs/android.md b/docs/android.md index a294301c46..e75f68cf11 100644 --- a/docs/android.md +++ b/docs/android.md @@ -105,7 +105,7 @@ End-of-life devices (such as GrapheneOS's or CalyxOS's "extended support" device ### GrapheneOS
- +:material-target-account: :material-bug-outline: ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ align=right } ![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ align=right } @@ -130,7 +130,7 @@ Google Pixel phones are the only devices that currently meet GrapheneOS's [hardw ### DivestOS
- +:material-target-account: :material-bug-outline: ![DivestOS logo](assets/img/android/divestos.svg){ align=right } **DivestOS** is a soft-fork of [LineageOS](https://lineageos.org). @@ -180,7 +180,7 @@ A few more tips regarding Android devices and operating system compatibility: Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
- +:material-target-account: :material-bug-outline: ![Google Pixel 6](assets/img/android/google-pixel.png){ align=right } **Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems. @@ -248,7 +248,7 @@ When using Shelter, you are placing complete trust in its developer, as Shelter ### Secure Camera
- +:material-account-search: ![Secure camera logo](assets/img/android/secure_camera.svg#only-light){ align=right } ![Secure camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ align=right } @@ -288,7 +288,7 @@ The image orientation metadata is not deleted. If you enable location (in Secure ### Secure PDF Viewer
- +:material-target-account: :material-bug-outline: ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ align=right } ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right } diff --git a/docs/browser-extensions.md b/docs/browser-extensions.md index be09966226..d5178cfb7f 100644 --- a/docs/browser-extensions.md +++ b/docs/browser-extensions.md @@ -16,7 +16,7 @@ Don't install extensions which you don't immediately have a need for, or ones th ### uBlock Origin
- +:material-account-cash: ![uBlock Origin logo](assets/img/browsers/ublock_origin.svg){ align=right } **uBlock Origin** is a popular content blocker that could help you block ads, trackers, and fingerprinting scripts. @@ -55,7 +55,7 @@ uBlock Origin also has a "Lite" version of their extension, which offers a very
![uBlock Origin Lite logo](assets/img/browsers/ublock_origin_lite.svg){ align=right } - +:material-bug-outline: :material-account-cash: **uBlock Origin Lite** is a Manifest V3 compatible content blocker. Compared to the original *uBlock Origin*, this extension does not require broad "read/modify data" permissions to function. [:octicons-repo-16: Repository](https://github.com/uBlockOrigin/uBOL-home#readme){ .md-button .md-button--primary } @@ -88,7 +88,7 @@ We recommend [Safari](mobile-browsers.md#safari) for iOS users, which unfortunat
![AdGuard logo](assets/img/browsers/adguard.svg){ align=right } - +:material-account-cash: **AdGuard for iOS** is a free and open-source content-blocking extension for Safari that uses the native [Content Blocker API](https://developer.apple.com/documentation/safariservices/creating_a_content_blocker). [:octicons-home-16: Homepage](https://adguard.com/en/adguard-ios/overview.html){ .md-button .md-button--primary } diff --git a/docs/calendar.md b/docs/calendar.md index 6dd1630fbf..d01de379dd 100644 --- a/docs/calendar.md +++ b/docs/calendar.md @@ -9,7 +9,7 @@ Calendars contain some of your most sensitive data; use products that implement ## Tuta
- +:material-bug-outline: :material-server-network: ![Tuta logo](assets/img/email/tuta.svg#only-light){ align=right } ![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ align=right } @@ -41,7 +41,7 @@ Multiple calendars and extended sharing functionality is limited to paid subscri ## Proton Calendar
- +:material-bug-outline: :material-server-network: ![Proton](assets/img/calendar/proton-calendar.svg){ align=right } **Proton Calendar** is an encrypted calendar service available to Proton members via web or mobile clients. Features include: automatic E2EE of all data, sharing features, import/export functionality, and [more](https://proton.me/support/proton-calendar-guide). Those on the free tier gain access to 3 calendars, whereas paid subscribers can create up to 25 calendars. Extended sharing functionality is also limited to paid subscribers. diff --git a/docs/cloud.md b/docs/cloud.md index ea6540a93c..deb80c575b 100644 --- a/docs/cloud.md +++ b/docs/cloud.md @@ -19,7 +19,7 @@ Nextcloud is [still a recommended tool](productivity.md) for self-hosting a file ## Proton Drive
- +:material-bug-outline: :material-server-network: ![Proton Drive logo](assets/img/cloud/protondrive.svg){ align=right } **Proton Drive** is a Swiss encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2GB, but with completion of certain steps, additional storage can be obtained up to 5GB. @@ -48,7 +48,7 @@ Proton Drive's brand new mobile clients have not yet been publicly audited by a ## Tresorit
- +:material-bug-outline: :material-server-network: ![Tresorit logo](assets/img/cloud/tresorit.svg){ align=right } **Tresorit** is a Swiss-Hungarian encrypted cloud storage provider founded in 2011. Tresorit is owned by the Swiss Post, the national postal service of Switzerland. @@ -87,7 +87,7 @@ They have also received the Digital Trust Label, a certification from the [Swiss ## Peergos
- +:material-bug-outline: :material-server-network: :material-close-outline: ![Peergos logo](assets/img/cloud/peergos.svg){ align=right } **Peergos** is a decentralized protocol and open-source platform for storage, social media, and applications. It provides a secure and private space where users can store, share, and view their photos, videos, documents, etc. Peergos secures your files with quantum-resistant end-to-end encryption and ensures all data about your files remains private. It is built on top of [IPFS (InterPlanetary File System)](https://ipfs.tech). diff --git a/docs/cryptocurrency.md b/docs/cryptocurrency.md index de350372ea..e216b9a8c1 100644 --- a/docs/cryptocurrency.md +++ b/docs/cryptocurrency.md @@ -19,7 +19,7 @@ Many if not most cryptocurrency projects are scams. Make transactions carefully ## Monero
- +:material-incognito: :material-eye-outline: :material-close-outline: ![Monero logo](assets/img/cryptocurrency/monero.svg){ align=right } **Monero** uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve anonymity. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices. diff --git a/docs/desktop-browsers.md b/docs/desktop-browsers.md index c85f6591a3..471e64ac9d 100644 --- a/docs/desktop-browsers.md +++ b/docs/desktop-browsers.md @@ -63,7 +63,7 @@ If you need to browse the internet anonymously, you should use [Tor](tor.md) ins ## Mullvad Browser
- +:material-eye-outline: :material-account-cash: ![Mullvad Browser logo](assets/img/browsers/mullvad_browser.svg){ align=right } **Mullvad Browser** is a version of [Tor Browser](tor.md#tor-browser) with Tor network integrations removed, aimed at providing Tor Browser's anti-fingerprinting browser technologies to VPN users. It is developed by the Tor Project and distributed by [Mullvad](vpn.md#mullvad), and does **not** require the use of Mullvad's VPN. @@ -109,7 +109,7 @@ Mullvad Browser comes with DuckDuckGo set as the default [search engine](search- ## Firefox
- +:material-account-cash: ![Firefox logo](assets/img/browsers/firefox.svg){ align=right } **Firefox** provides strong privacy settings such as [Enhanced Tracking Protection](https://support.mozilla.org/kb/enhanced-tracking-protection-firefox-desktop), which can help block various [types of tracking](https://support.mozilla.org/kb/enhanced-tracking-protection-firefox-desktop#w_what-enhanced-tracking-protection-blocks). @@ -221,7 +221,7 @@ Arkenfox only aims to thwart basic or naive tracking scripts through canvas rand ## Brave
- +:material-account-cash: ![Brave logo](assets/img/browsers/brave.svg){ align=right } **Brave Browser** includes a built-in content blocker and [privacy features](https://brave.com/privacy-features), many of which are enabled by default. diff --git a/docs/device-integrity.md b/docs/device-integrity.md index a58a0d12f9..69b9750985 100644 --- a/docs/device-integrity.md +++ b/docs/device-integrity.md @@ -63,7 +63,7 @@ These tools can trigger false-positives. If any of these tools finds indicators ### Mobile Verification Toolkit
- +:material-target-account: ![MVT logo](assets/img/device-integrity/mvt.webp){ align=right } **Mobile Verification Toolkit** (**MVT**) is a collection of utilities which simplifies and automates the process of scanning mobile devices for potential traces of targeting or infection by known spyware campaigns. MVT was developed by Amnesty International and released in 2021 in the context of the [Pegasus Project](https://forbiddenstories.org/about-the-pegasus-project). @@ -106,7 +106,7 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
![iMazing logo](assets/img/device-integrity/imazing.png){ align=right } - +:material-target-account: **iMazing** provides a free spyware analyzer tool for iOS devices which acts as a GUI-wrapper for [MVT](#mobile-verification-toolkit). This can be much easier to run compared to MVT itself, which is a command-line tool designed for technologists and forensic investigators. [:octicons-home-16: Homepage](https://imazing.com){ .md-button .md-button--primary } @@ -139,7 +139,7 @@ Using these apps is insufficient to determine that a device is "clean", and not ### Auditor (Android)
- +:material-target-account: Targeted Attacks :material-bug-outline: ![Auditor logo](assets/img/device-integrity/auditor.svg#only-light){ align=right } ![Auditor logo](assets/img/device-integrity/auditor-dark.svg#only-dark){ align=right } @@ -192,7 +192,7 @@ Using these apps is insufficient to determine that a device is "clean", and not ### Hypatia (Android)
- +:material-bug-outline: ![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right } ![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right } @@ -217,7 +217,7 @@ Hypatia is particularly good at detecting common stalkerware: If you suspect you ### iVerify Basic (iOS)
- +:material-target-account: Targeted Attacks :material-bug-outline: ![iVerify logo](assets/img/device-integrity/iverify.webp){ align=right } **iVerify Basic** is an iOS app which can scan your device to check configuration settings, patch level, and other areas of security. It also checks your device for indicators of compromise by jailbreak tools or spyware such as Pegasus. diff --git a/docs/dns.md b/docs/dns.md index 8c1081fa14..ece967d1ca 100644 --- a/docs/dns.md +++ b/docs/dns.md @@ -38,7 +38,7 @@ A self-hosted DNS solution is useful for providing filtering on controlled platf ### Pi-hole
- +:material-account-cash: ![Pi-hole logo](assets/img/dns/pi-hole.svg){ align=right } **Pi-hole** is an open-source [DNS-sinkhole](https://en.wikipedia.org/wiki/DNS_sinkhole) which uses [DNS filtering](https://cloudflare.com/learning/access-management/what-is-dns-filtering) to block unwanted web content, such as advertisements. @@ -58,7 +58,7 @@ Pi-hole is designed to be hosted on a Raspberry Pi, but it is not limited to suc ### AdGuard Home
- +:material-account-cash: ![AdGuard Home logo](assets/img/dns/adguard-home.svg){ align=right } **AdGuard Home** is an open-source [DNS-sinkhole](https://en.wikipedia.org/wiki/DNS_sinkhole) which uses [DNS filtering](https://cloudflare.com/learning/access-management/what-is-dns-filtering) to block unwanted web content, such as advertisements. @@ -81,7 +81,7 @@ These DNS filtering solutions offer a web dashboard where you can customize the ### Control D
- +:material-account-cash: ![Control D logo](assets/img/dns/control-d.svg){ align=right } **Control D** is a customizable DNS service which lets you block security threats, unwanted content, and advertisements on a DNS level. In addition to their paid plans, they offer a number of preconfigured DNS resolvers you can use for free. @@ -108,7 +108,7 @@ These DNS filtering solutions offer a web dashboard where you can customize the ### NextDNS
- +:material-account-cash: ![NextDNS logo](assets/img/dns/nextdns.svg){ align=right } **NextDNS** is a customizable DNS service which lets you block security threats, unwanted content, and advertisements on a DNS level. They offer a fully functional free plan for limited use. @@ -144,7 +144,7 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](ad ### RethinkDNS
- +:material-account-cash: ![RethinkDNS logo](assets/img/android/rethinkdns.svg#only-light){ align=right } ![RethinkDNS logo](assets/img/android/rethinkdns-dark.svg#only-dark){ align=right } @@ -172,7 +172,7 @@ While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot
![dnscrypt-proxy logo](assets/img/dns/dnscrypt-proxy.svg){ align=right } - +:material-server-network: :material-account-cash: **dnscrypt-proxy** is a DNS proxy with support for [DNSCrypt](advanced/dns-overview.md#dnscrypt), [DNS-over-HTTPS](advanced/dns-overview.md#dns-over-https-doh), and [Anonymized DNS](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Anonymized-DNS). [:octicons-repo-16: Repository](https://github.com/DNSCrypt/dnscrypt-proxy){ .md-button .md-button--primary } diff --git a/docs/email-aliasing.md b/docs/email-aliasing.md index fa5b36da9a..ec0be33632 100644 --- a/docs/email-aliasing.md +++ b/docs/email-aliasing.md @@ -33,7 +33,7 @@ Using an aliasing service requires trusting both your email provider and your al ### addy.io
- +:material-account-cash: :material-account-search: ![addy.io logo](assets/img/email-aliasing/addy.svg){ align=right } **addy.io** lets you create 10 domain aliases on a shared domain for free, or unlimited "standard" aliases which are less anonymous. @@ -69,7 +69,7 @@ Notable free features: ### SimpleLogin
- +:material-account-cash: :material-account-search: ![Simplelogin logo](assets/img/email-aliasing/simplelogin.svg){ align=right } **SimpleLogin** is a free service which provides email aliases on a variety of shared domain names, and optionally provides paid features like unlimited aliases and custom domains. diff --git a/docs/encryption.md b/docs/encryption.md index 2165e954cd..08f7f54085 100644 --- a/docs/encryption.md +++ b/docs/encryption.md @@ -14,7 +14,7 @@ The options listed here are multi-platform and great for creating encrypted back ### Cryptomator (Cloud)
- +:material-bug-outline: :material-server-network: ![Cryptomator logo](assets/img/encryption-software/cryptomator.svg){ align=right } **Cryptomator** is an encryption solution designed for privately saving files to any cloud provider. It allows you to create vaults that are stored on a virtual drive, the contents of which are encrypted and synced with your cloud storage provider. @@ -49,7 +49,7 @@ Cryptomator's documentation details its intended [security target](https://docs. ### Picocrypt (File)
- +:material-target-account: ![Picocrypt logo](assets/img/encryption-software/picocrypt.svg){ align=right } **Picocrypt** is a small and simple encryption tool that provides modern encryption. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security. It uses Go's standard x/crypto modules for its encryption features. @@ -72,7 +72,7 @@ Cryptomator's documentation details its intended [security target](https://docs. ### VeraCrypt (Disk)
- +:material-target-account: ![VeraCrypt logo](assets/img/encryption-software/veracrypt.svg#only-light){ align=right } ![VeraCrypt logo](assets/img/encryption-software/veracrypt-dark.svg#only-dark){ align=right } @@ -105,9 +105,9 @@ Truecrypt has been [audited a number of times](https://en.wikipedia.org/wiki/Tru For encrypting the drive your operating system boots from, we generally recommend enabling the encryption software that comes with your operating system rather than using a third-party tool. This is because your operating system's native encryption tools often make use of OS and hardware-specific features like the [secure cryptoprocessor](https://en.wikipedia.org/wiki/Secure_cryptoprocessor) in your device to protect your computer against more advanced physical attacks. For secondary drives and external drives which you *don't* boot from, we still recommend using open-source tools like [VeraCrypt](#veracrypt-disk) over the tools below, because they offer additional flexibility and let you avoid vendor lock-in. ### BitLocker - +:material-target-account:
- +:material-target-account: ![BitLocker logo](assets/img/encryption-software/bitlocker.png){ align=right } **BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://learn.microsoft.com/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection). @@ -181,7 +181,7 @@ We recommend storing a local recovery key in a secure place as opposed to using ### Linux Unified Key Setup
- +:material-target-account: ![LUKS logo](assets/img/encryption-software/luks.png){ align=right } **LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers. @@ -233,7 +233,7 @@ Tools with command-line interfaces are useful for integrating [shell scripts](ht
![Kryptor logo](assets/img/encryption-software/kryptor.png){ align=right } - +:material-target-account: **Kryptor** is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign) to provide a simple, easier alternative to GPG. [:octicons-home-16: Homepage](https://kryptor.co.uk){ .md-button .md-button--primary } @@ -258,7 +258,7 @@ Tools with command-line interfaces are useful for integrating [shell scripts](ht
![Tomb logo](assets/img/encryption-software/tomb.png){ align=right } - +:material-target-account: **Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://dyne.org/software/tomb/#advanced-usage). [:octicons-home-16: Homepage](https://dyne.org/software/tomb){ .md-button .md-button--primary } @@ -292,7 +292,7 @@ gpg --quick-gen-key alice@example.com future-default
![GNU Privacy Guard logo](assets/img/encryption-software/gnupg.svg){ align=right } - +:material-target-account: :material-bug-outline: :material-server-network: **GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government. [:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary } @@ -317,7 +317,7 @@ gpg --quick-gen-key alice@example.com future-default
![GPG4win logo](assets/img/encryption-software/gpg4win.svg){ align=right } - +:material-target-account: :material-bug-outline: :material-server-network: **GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005. [:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary } @@ -345,7 +345,7 @@ We suggest [Canary Mail](email-clients.md#canary-mail-ios) for using PGP with em
- +:material-target-account: :material-bug-outline: :material-server-network: ![GPG Suite logo](assets/img/encryption-software/gpgsuite.png){ align=right } **GPG Suite** provides OpenPGP support for [Apple Mail](email-clients.md#apple-mail-macos) and macOS. @@ -371,7 +371,7 @@ We recommend taking a look at their [First steps](https://gpgtools.tenderapp.com
![OpenKeychain logo](assets/img/encryption-software/openkeychain.svg){ align=right } - +:material-target-account: :material-bug-outline: :material-server-network: **OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail-android) and [FairEmail](email-clients.md#fairemail-android) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015). [:octicons-home-16: Homepage](https://openkeychain.org){ .md-button .md-button--primary } diff --git a/docs/file-sharing.md b/docs/file-sharing.md index a1ed805809..94abf3d2b9 100644 --- a/docs/file-sharing.md +++ b/docs/file-sharing.md @@ -11,7 +11,7 @@ Discover how to privately share your files between your devices, with your frien ### Send
- +:material-bug-outline: :material-server-network: :material-eye-outline: ![Send logo](assets/img/file-sharing-sync/send.svg){ align=right } **Send** is a fork of Mozilla's discontinued Firefox Send service which allows you to send files to others with a link. Files are encrypted on your device so that they cannot be read by the server, and they can be optionally password-protected as well. The maintainer of Send hosts a [public instance](https://send.vis.ee). You can use other public instances, or you can host Send yourself. @@ -35,7 +35,7 @@ ffsend upload --host https://send.vis.ee/ FILE ### OnionShare
- +:material-incognito: :material-server-network: :material-eye-outline: :material-close-outline: ![OnionShare logo](assets/img/file-sharing-sync/onionshare.svg){ align=right } **OnionShare** is an open-source tool that lets you securely and anonymously share a file of any size. It works by starting a web server accessible as a Tor onion service, with an unguessable URL that you can share with the recipients to download or send files. @@ -67,7 +67,7 @@ ffsend upload --host https://send.vis.ee/ FILE ## FreedomBox
- +:material-server-network: ![FreedomBox logo](assets/img/file-sharing-sync/freedombox.svg){ align=right } **FreedomBox** is an operating system designed to be run on a [single-board computer (SBC)](https://en.wikipedia.org/wiki/Single-board_computer). The purpose is to make it easy to set up server applications that you might want to self-host. @@ -86,7 +86,7 @@ ffsend upload --host https://send.vis.ee/ FILE ### Nextcloud (Client-Server)
- +:material-server-network: ![Nextcloud logo](assets/img/productivity/nextcloud.svg){ align=right } **Nextcloud** is a suite of free and open-source client-server software for creating your own file hosting services on a private server you control. @@ -121,7 +121,7 @@ We don't recommend using the [E2EE App](https://apps.nextcloud.com/apps/end_to_e ### Syncthing (P2P)
- +:material-server-network: :material-eye-outline: ![Syncthing logo](assets/img/file-sharing-sync/syncthing.svg){ align=right } **Syncthing** is an open-source peer-to-peer continuous file synchronization utility. It is used to synchronize files between two or more devices over the local network or the internet. Syncthing does not use a centralized server; it uses the [Block Exchange Protocol](https://docs.syncthing.net/specs/bep-v1.html#bep-v1) to transfer data between devices. All data is encrypted using TLS. diff --git a/docs/mobile-browsers.md b/docs/mobile-browsers.md index 47d5e78997..1e0c01312b 100644 --- a/docs/mobile-browsers.md +++ b/docs/mobile-browsers.md @@ -43,7 +43,7 @@ These are our currently recommended mobile web browsers and configurations for s ### Brave
- +:material-account-cash: ![Brave logo](assets/img/browsers/brave.svg){ align=right } **Brave Browser** includes a built-in content blocker and [privacy features](https://brave.com/privacy-features), many of which are enabled by default. @@ -131,7 +131,7 @@ Brave allows you to select additional content filters within the internal `brave ### Mull
- +:material-account-cash: ![Mull logo](assets/img/browsers/mull.svg){ align=right } **Mull** is a privacy oriented and deblobbed Android browser based on Firefox. Compared to Firefox, it offers much greater fingerprinting protection out of the box, and disables JavaScript Just-in-Time (JIT) compilation for enhanced security. It also removes all proprietary elements from Firefox, such as replacing Google Play Services references. @@ -181,7 +181,7 @@ On iOS, any app that can browse the web is [restricted](https://developer.apple.
![Safari logo](assets/img/browsers/safari.svg){ align=right } - +:material-account-cash: **Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/15.0/ios/15.0) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), Privacy Report, isolated and ephemeral Private Browsing tabs, iCloud Private Relay, fingerprinting protection by randomizing and presenting a simplified version of the system configuration to websites so more devices look identical, and the ability to lock private tabs with your biometrics/PIN. It also allows you to separate your browsing with different profiles. [:octicons-home-16: Homepage](https://apple.com/safari){ .md-button .md-button--primary } diff --git a/docs/multi-factor-authentication.md b/docs/multi-factor-authentication.md index bbc0cc0d73..5df75692cc 100644 --- a/docs/multi-factor-authentication.md +++ b/docs/multi-factor-authentication.md @@ -19,7 +19,7 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative ## Ente Auth
- +:material-target-account: ![Ente Auth logo](assets/img/multi-factor-authentication/ente-auth.png){ align=right } **Ente Auth** is a free and open-source app which stores and generates TOTP tokens. It can be used with an online account to backup and sync your tokens across your devices (and access them via a web interface) in a secure, end-to-end encrypted fashion. It can also be used offline on a single device with no account necessary. @@ -44,7 +44,7 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative ## Aegis Authenticator (Android)
- +:material-target-account: ![Aegis logo](assets/img/multi-factor-authentication/aegis.png){ align=right } **Aegis Authenticator** is a free and open-source app for Android to manage your 2-step verification tokens for your online services. Aegis Authenticator operates completely offline/locally, but includes the option to export your tokens for backup unlike many alternatives. diff --git a/docs/notebooks.md b/docs/notebooks.md index 52367d5d84..6e889c9567 100644 --- a/docs/notebooks.md +++ b/docs/notebooks.md @@ -14,7 +14,7 @@ If you are currently using an application like Evernote, Google Keep, or Microso ### Standard Notes
- +:material-server-network: ![Standard Notes logo](assets/img/notebooks/standard-notes.svg){ align=right } **Standard Notes** is a simple and private notes app that makes your notes easy and available everywhere you are. It features E2EE on every platform, and a powerful desktop experience with themes and custom editors. It has also been [independently audited](https://standardnotes.com/help/2/has-standard-notes-completed-a-third-party-security-audit). @@ -45,7 +45,7 @@ Standard Notes has [joined Proton AG](https://standardnotes.com/blog/joining-for ### Notesnook
- +:material-server-network: ![Notesnook logo](assets/img/notebooks/notesnook.svg){ align=right } **Notesnook** is a free (as in speech) & open-source note-taking app focused on user privacy & ease of use. It features end-to-end encryption on all platforms with a powerful sync to take your notes on the go. You can easily import your notes from Evernote, OneNote & a lot of other apps using their [official importer](https://importer.notesnook.com). @@ -77,7 +77,7 @@ Standard Notes has [joined Proton AG](https://standardnotes.com/blog/joining-for ### Joplin
- +:material-server-network: ![Joplin logo](assets/img/notebooks/joplin.svg){ align=right } **Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle a large number of markdown notes organized into notebooks and tags. It offers E2EE and can sync through Nextcloud, Dropbox, and more. It also offers easy import from Evernote and plain-text notes. @@ -110,7 +110,7 @@ Since January 2023, Joplin [supports biometrics](https://github.com/laurent22/jo ### Cryptee
- +:material-server-network: ![Cryptee logo](./assets/img/notebooks/cryptee.svg#only-light){ align=right } ![Cryptee logo](./assets/img/notebooks/cryptee-dark.svg#only-dark){ align=right } @@ -137,7 +137,7 @@ Cryptee offers 100MB of storage for free, with paid options if you need more. Si ### Org-mode
- +:material-server-network: ![Org-mode logo](assets/img/notebooks/org-mode.svg){ align=right } **Org-mode** is a [major mode](https://gnu.org/software/emacs/manual/html_node/elisp/Major-Modes.html) for GNU Emacs. Org-mode is for keeping notes, maintaining to-do lists, planning projects, and authoring documents with a fast and effective plain-text system. Synchronization is possible with [file synchronization](file-sharing.md#file-sync) tools. diff --git a/docs/passwords.md b/docs/passwords.md index e0a1ed1bd9..1b633970c3 100644 --- a/docs/passwords.md +++ b/docs/passwords.md @@ -151,7 +151,7 @@ These password managers sync your passwords to a cloud server for easy accessibi ### Bitwarden
- +:material-target-account: :material-bug-outline: :material-server-network: ![Bitwarden logo](assets/img/password-management/bitwarden.svg){ align=right } **Bitwarden** is a free and open-source password and passkey manager. It aims to solve password management problems for individuals, teams, and business organizations. Bitwarden is among the best and safest solutions to store all of your logins and passwords while conveniently keeping them synced between all of your devices. @@ -195,7 +195,7 @@ Bitwarden's server-side code is [open source](https://github.com/bitwarden/serve ### Proton Pass
- +:material-target-account: :material-bug-outline: :material-server-network: ![Proton Pass logo](assets/img/password-management/protonpass.svg){ align=right } **Proton Pass** is an open-source, end-to-end encrypted password manager developed by Proton, the team behind [Proton Mail](email.md#proton-mail). It securely stores your login credentials, generates unique email aliases, and supports and stores passkeys. @@ -233,7 +233,7 @@ All issues were addressed and fixed shortly after the [report](https://res.cloud ### 1Password
- +:material-target-account: :material-bug-outline: :material-server-network: ![1Password logo](assets/img/password-management/1password.svg){ align=right } **1Password** is a password manager with a strong focus on security and ease-of-use, which allows you to store passwords, passkeys, credit cards, software licenses, and any other sensitive information in a secure digital vault. Your vault is hosted on 1Password's servers for a [monthly fee](https://1password.com/sign-up). 1Password is [audited](https://support.1password.com/security-assessments) on a regular basis and provides exceptional customer support. 1Password is closed source; however, the security of the product is thoroughly documented in their [security white paper](https://1passwordstatic.com/files/security/1password-white-paper.pdf). @@ -267,7 +267,7 @@ Your 1Password vault is secured with both your master password and a randomized ### Psono
- +:material-target-account: :material-bug-outline: :material-server-network: ![Psono logo](assets/img/password-management/psono.svg){ align=right } **Psono** is a free and open-source password manager from Germany, with a focus on password management for teams. Psono supports secure sharing of passwords, files, bookmarks, and emails. All secrets are protected by a master password. @@ -350,7 +350,7 @@ KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-se ### KeePassDX (Android)
- +:material-target-account: :material-bug-outline: :material-server-network: ![KeePassDX logo](assets/img/password-management/keepassdx.svg){ align=right } **KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms in a secure way. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development. @@ -373,7 +373,7 @@ KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-se ### Strongbox (iOS & macOS)
- +:material-target-account: :material-bug-outline: :material-server-network: ![Strongbox logo](assets/img/password-management/strongbox.svg){ align=right } **Strongbox** is a native, open-source password manager for iOS and macOS. Supporting both KeePass and Password Safe formats, Strongbox can be used in tandem with other password managers, like KeePassXC, on non-Apple platforms. By employing a [freemium model](https://strongboxsafe.com/pricing), Strongbox offers most features under its free tier, with more convenience-oriented [features](https://strongboxsafe.com/comparison)—such as biometric authentication—locked behind a subscription or perpetual license. @@ -398,7 +398,7 @@ Additionally, there is an offline-only version offered: [Strongbox Zero](https:/ ### gopass (CLI)
- +:material-target-account: :material-bug-outline: :material-server-network: ![gopass logo](assets/img/password-management/gopass.svg){ align=right } **gopass** is a minimal password manager for the command line written in Go. It can be used within scripting applications and works on all major desktop and server operating systems (Linux, macOS, BSD, Windows). diff --git a/docs/photo-management.md b/docs/photo-management.md index 2d37916faa..753e138ec0 100644 --- a/docs/photo-management.md +++ b/docs/photo-management.md @@ -9,7 +9,7 @@ Most cloud photo management solutions like Google Photos, Flickr, and Amazon Pho ## Ente Photos
- +:material-bug-outline: :material-server-network: ![Ente logo](assets/img/photo-management/ente.svg#only-light){ align=right } ![Ente logo](assets/img/photo-management/ente-dark.svg#only-dark){ align=right } @@ -39,7 +39,7 @@ Most cloud photo management solutions like Google Photos, Flickr, and Amazon Pho ## Stingle
- +:material-bug-outline: :material-server-network: ![Stingle logo](assets/img/photo-management/stingle.png#only-light){ align=right } ![Stingle logo](assets/img/photo-management/stingle-dark.png#only-dark){ align=right } @@ -65,7 +65,7 @@ Most cloud photo management solutions like Google Photos, Flickr, and Amazon Pho ## PhotoPrism
- +:material-bug-outline: :material-close-outline: Censorship ![PhotoPrism logo](assets/img/photo-management/photoprism.svg){ align=right } **PhotoPrism** is a self-hostable platform for managing photos. It supports album syncing and sharing as well as a variety of other [features](https://photoprism.app/features). It does not include E2EE, so it's best hosted on a server that you trust and is under your control. diff --git a/docs/productivity.md b/docs/productivity.md index 85de4cd5b4..c3f6927a6d 100644 --- a/docs/productivity.md +++ b/docs/productivity.md @@ -14,7 +14,7 @@ Most online office suites do not support E2EE, meaning the cloud provider has ac
![Nextcloud logo](assets/img/productivity/nextcloud.svg){ align=right } - +:material-bug-outline: :material-close-outline: **Nextcloud** is a suite of free and open-source client-server software for creating your own file hosting services on a private server you control. [:octicons-home-16: Homepage](https://nextcloud.com){ .md-button .md-button--primary } @@ -49,7 +49,7 @@ We don't recommend using the [E2EE App](https://apps.nextcloud.com/apps/end_to_e
![CryptPad logo](assets/img/productivity/cryptpad.svg){ align=right } - +:material-bug-outline: :material-server-network: **CryptPad** is a private-by-design alternative to popular office tools. All content on this web service is end-to-end encrypted and can be shared with other users easily. [:octicons-home-16: Homepage](https://cryptpad.fr){ .md-button .md-button--primary } @@ -191,7 +191,7 @@ Our best-case criteria represents what we would like to see from the perfect pro ### LanguageTool
- +:material-server-network: :material-eye-outline: :material-account-cash: :material-close-outline: ![LanguageTool logo](assets/img/productivity/languagetool.svg#only-light){ align=right } ![LanguageTool logo](assets/img/productivity/languagetool-dark.svg#only-dark){ align=right } diff --git a/docs/real-time-communication.md b/docs/real-time-communication.md index fa1be7de85..99ce978563 100644 --- a/docs/real-time-communication.md +++ b/docs/real-time-communication.md @@ -17,7 +17,7 @@ These messengers are great for securing your sensitive communications. ### Signal
- +:material-bug-outline: :material-server-network: :material-eye-outline: :material-account-cash: ![Signal logo](assets/img/messengers/signal.svg){ align=right } **Signal** is a mobile app developed by Signal Messenger LLC. The app provides instant messaging and calls secured with the Signal Protocol, an extremely secure encryption protocol which supports forward secrecy[^1] and post-compromise security.[^2] @@ -66,7 +66,7 @@ We have some additional tips on configuring and hardening your Signal installati
![Simplex logo](assets/img/messengers/simplex.svg){ align=right } - +:material-bug-outline: :material-server-network: :material-eye-outline: :material-account-cash: :material-close-outline: **SimpleX** Chat is an instant messenger that is decentralized and doesn't depend on any unique identifiers such as phone numbers or usernames. Users of SimpleX Chat can scan a QR code or click an invite link to participate in group conversations. [:octicons-home-16: Homepage](https://simplex.chat){ .md-button .md-button--primary } @@ -95,7 +95,7 @@ SimpleX Chat supports basic group chatting functionality, direct messaging, and ### Briar
- +:material-bug-outline: :material-server-network: :material-eye-outline: :material-account-cash: :material-close-outline: ![Briar logo](assets/img/messengers/briar.svg){ align=right } **Briar** is an encrypted instant messenger that [connects](https://briarproject.org/how-it-works) to other clients using the Tor Network. Briar can also connect via Wi-Fi or Bluetooth when in local proximity. Briar’s local mesh mode can be useful when internet availability is a problem. @@ -176,7 +176,7 @@ The protocol was independently [audited](https://matrix.org/blog/2016/11/21/matr ### Session
- +:material-bug-outline: :material-server-network: :material-eye-outline: :material-account-cash: ![Session logo](assets/img/messengers/session.svg){ align=right } **Session** is a decentralized messenger with a focus on private, secure, and anonymous communications. Session offers support for direct messages, group chats, and voice calls. diff --git a/docs/security-keys.md b/docs/security-keys.md index df1761a08b..388a079746 100644 --- a/docs/security-keys.md +++ b/docs/security-keys.md @@ -9,7 +9,7 @@ A physical **security key** adds a very strong layer of protection to your onlin ## Yubico Security Key
- +:material-target-account: :material-bug-outline:
![Security Key Series by Yubico](assets/img/security-keys/yubico-security-key.webp){ width="315" }
@@ -44,7 +44,7 @@ The firmware of Yubico's Security Keys is not updatable. If you want features in ## YubiKey
- +:material-target-account: :material-bug-outline:
![YubiKeys](assets/img/security-keys/yubikey.png){ width="400" }
@@ -77,7 +77,7 @@ The firmware of YubiKey is not updatable. If you want features in newer firmware ## Nitrokey
- +:material-target-account: :material-bug-outline:
![Nitrokey](assets/img/security-keys/nitrokey.jpg){ width="300" }
diff --git a/docs/tor.md b/docs/tor.md index 88e82cab59..e49dfb53a5 100644 --- a/docs/tor.md +++ b/docs/tor.md @@ -43,7 +43,7 @@ If more complete anonymity is paramount to your situation, you should **only** b ## Tor Browser
- +:material-incognito: :material-eye-outline: :material-account-cash: :material-close-outline: ![Tor Browser logo](assets/img/browsers/tor.svg){ align=right } **Tor Browser** is the choice if you need anonymity, as it provides you with access to the Tor network and bridges, and it includes default settings and extensions that are automatically configured by the default security levels: *Standard*, *Safer* and *Safest*. @@ -81,7 +81,7 @@ In addition to installing Tor Browser on your computer directly, there are also ## Orbot
- +:material-incognito: :material-eye-outline: :material-account-cash: :material-close-outline: ![Orbot logo](assets/img/self-contained-networks/orbot.svg){ align=right } **Orbot** is a free Tor VPN for smartphones which routes traffic from any app on your device through the Tor network. @@ -119,7 +119,7 @@ All versions are signed using the same signature so they should be compatible wi ## Onion Browser
- +:material-incognito: :material-eye-outline: :material-account-cash: :material-close-outline: ![Onion Browser logo](assets/img/self-contained-networks/onion_browser.svg){ align=right } **Onion Browser** is an open-source browser that lets you browse the web anonymously over the Tor network on iOS devices and is endorsed by the [Tor Project](https://support.torproject.org/glossary/onion-browser). diff --git a/docs/vpn.md b/docs/vpn.md index 32c089833f..bc5d38ab49 100644 --- a/docs/vpn.md +++ b/docs/vpn.md @@ -37,7 +37,7 @@ Our recommended providers use encryption, support WireGuard & OpenVPN, and have ### Proton VPN
- +:material-account-cash: ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option. @@ -116,7 +116,7 @@ System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-swit ### IVPN
- +:material-account-cash: ![IVPN logo](assets/img/vpn/ivpn.svg){ align=right } **IVPN** is another premium VPN provider, and they have been in operation since 2009. IVPN is based in Gibraltar and does not offer a free trial. @@ -190,7 +190,7 @@ IVPN clients support two factor authentication. IVPN also provides "[AntiTracker ### Mullvad
- +:material-account-cash: ![Mullvad logo](assets/img/vpn/mullvad.svg){ align=right } **Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since **2009**. Mullvad is based in Sweden and does not offer a free trial.