riseupnet / riseup_help Goto Github PK

https://developers.google.com/speed/pagespeed/insights/?url=https%3A%2F%2Friseup.net%2F

And it has a weird look for the phone on the title bar.

Hi,

The instructions at https://help.riseup.net/en/security/message-security/openpgp/best-practices/#use-the-sks-keyserver-pool-instead-of-one-specific-server-with-secure-connections indicate to verify the fingerprint of the sks-keyservers.net CA certificate.

However, there the indication of how to do this is missing. The instructions to verify link to https://sks-keyservers.net/verify_tls.php which gives the fingerprints, but does not say how to verify them.

It would also be good to include these things in the page itself, in case the link dies.

You failed to feed(update) your canary. Therefore, ALL RISEUP USERS MUST STAY AWAY FROM THIS
PROVIDER BECAUSE this service is compromised.

Hi, I saw a nice article mentioning about using plain LUKS on top of plain LUKS for block encryption in https://www.linuxvoice.com/download-linux-voice-issue-15/

I hope that it can redirect it to the nice article.

Hey lovely birds,

The list of onion addresses on https://help.riseup.net/en/tor are in clear text with no signature.
It's hard to verify the cert every time you're using a new browser on a new machine, while it's much easier to just 'gpg --verify' the text and see if I'm getting the right addresses.

Thanks in advance!

I wanted to contribute to the help but I doesn't know it at first, until I read each page. I hope that the help show ways to contribute to the help page.

We should rewrite the IRC section of the contact page to make it as clear as possible and higlight informations like server adress, port, channel and not only the warning in bold that highlight that we have to use the port 6697.

If you want, you can assign it to me. I'll do it when I'll have some free time. :)

The network security intro page has been translated in March 2015 according to git logs but does not appear as published...

I'm not running Amber on this machine so I can't test my way around a patch, sorry...

zine.riseup.net links are dead. IMHO there are two long term options:

1 - you put it back up
2- you remove all the links

In the mean time I plan to replace the links by archive.org ones.

Hello,

The OpenPGP Best Practices guide https://help.riseup.net/en/gpg-best-practices instructs users to add the following to ~/.gnupg/gpg.conf:

keyserver-options ca-cert-file=/path/to/CA/sks-keyservers.netCA.pem

However, for users running GnuPG 2.1, this will result in the following warning:

gpg: keyserver option 'ca-cert-file' is obsolete; please use 'hkp-cacert' in dirmngr.conf

Further, it will be ignored according to https://www.gnupg.org/documentation/manuals/gnupg/GPG-Configuration-Options.html

I think the guide should be updated accordingly, though I'm not sure whether the more recent option is supported on older versions that people may still be using.

I don't know if this is the precise place to left this matter. Forgive me if it's not...
The link to the place is: [(https://riseup.net/es/email/clients/k9)], point 6.

At the help page for K-9 Mail settings -for Android- there is a detail that needs to be changed.
At the second page, where you configure the IMAP settings, it's mandatory to insert your complete email address ([email protected]), not only your user name. It's needed at this point and at the next page, the SMTP one.
I would corrected myself If make a correction was easier, but it looks difficult to me, I'm sorry.

the navbar commit (676392a) results in malfunctions with amber, at least with ruby 2.3. if i checkout previous commits (such as 349eb5c), there is no such issue.

the particular error (which repeats itself) from amber is:

ERROR: undefined method `link_to' for #<Amber::Render::View:0xf5bb187c>
Did you mean?  link
ERROR: /home/wxl/git/riseup_help/amber/layouts/_riseup_bar.html.haml:4:in `block in singleton class'
       /home/wxl/git/riseup_help/amber/layouts/_riseup_bar.html.haml:131062:in `instance_eval'
       /home/wxl/git/riseup_help/amber/layouts/_riseup_bar.html.haml:131062:in `singleton class'
       /home/wxl/git/riseup_help/amber/layouts/_riseup_bar.html.haml:131060:in `__tilt_739184650'
       /home/wxl/.rbenv/versions/2.3.0/lib/ruby/gems/2.3.0/gems/tilt-2.0.7/lib/tilt/template.rb:170:in `call'
       /home/wxl/.rbenv/versions/2.3.0/lib/ruby/gems/2.3.0/gems/tilt-2.0.7/lib/tilt/template.rb:170:in `evaluate'
       /home/wxl/.rbenv/versions/2.3.0/lib/ruby/gems/2.3.0/gems/tilt-2.0.7/lib/tilt/haml.rb:19:in `evaluate'
       /home/wxl/.rbenv/versions/2.3.0/lib/ruby/gems/2.3.0/gems/tilt-2.0.7/lib/tilt/template.rb:109:in `render'
       /home/wxl/.rbenv/versions/2.3.0/lib/ruby/gems/2.3.0/gems/amber-0.3.11/lib/amber/render/template.rb:128:in `render_haml'
       /home/wxl/.rbenv/versions/2.3.0/lib/ruby/gems/2.3.0/gems/amber-0.3.11/lib/amber/render/template.rb:73:in `render_html'
       /home/wxl/.rbenv/versions/2.3.0/lib/ruby/gems/2.3.0/gems/amber-0.3.11/lib/amber/render/template.rb:55:in `render'
       /home/wxl/.rbenv/versions/2.3.0/lib/ruby/gems/2.3.0/gems/amber-0.3.11/lib/amber/render/view.rb:70:in `render'
       /home/wxl/git/riseup_help/amber/layouts/home.html.haml:15:in `block in singleton class'
       /home/wxl/git/riseup_help/amber/layouts/home.html.haml:131063:in `instance_eval'
       /home/wxl/git/riseup_help/amber/layouts/home.html.haml:131063:in `singleton class'
       /home/wxl/git/riseup_help/amber/layouts/home.html.haml:131061:in `__tilt_739184650'
       /home/wxl/.rbenv/versions/2.3.0/lib/ruby/gems/2.3.0/gems/tilt-2.0.7/lib/tilt/template.rb:170:in `call'
       /home/wxl/.rbenv/versions/2.3.0/lib/ruby/gems/2.3.0/gems/tilt-2.0.7/lib/tilt/template.rb:170:in `evaluate'
       /home/wxl/.rbenv/versions/2.3.0/lib/ruby/gems/2.3.0/gems/tilt-2.0.7/lib/tilt/haml.rb:19:in `evaluate'
       /home/wxl/.rbenv/versions/2.3.0/lib/ruby/gems/2.3.0/gems/tilt-2.0.7/lib/tilt/template.rb:109:in `render'
       /home/wxl/.rbenv/versions/2.3.0/lib/ruby/gems/2.3.0/gems/amber-0.3.11/lib/amber/render/layout.rb:46:in `render'
       /home/wxl/.rbenv/versions/2.3.0/lib/ruby/gems/2.3.0/gems/amber-0.3.11/lib/amber/render/view.rb:66:in `render'
       /home/wxl/.rbenv/versions/2.3.0/lib/ruby/gems/2.3.0/gems/amber-0.3.11/lib/amber/static_page/render.rb:131:in `block (2 levels) in render_content_files'
       /home/wxl/.rbenv/versions/2.3.0/lib/ruby/gems/2.3.0/gems/amber-0.3.11/lib/amber/static_page/render.rb:129:in `open'
       /home/wxl/.rbenv/versions/2.3.0/lib/ruby/gems/2.3.0/gems/amber-0.3.11/lib/amber/static_page/render.rb:129:in `block in render_content_files'
       /home/wxl/.rbenv/versions/2.3.0/lib/ruby/gems/2.3.0/gems/amber-0.3.11/lib/amber/static_page/render.rb:121:in `each'
       /home/wxl/.rbenv/versions/2.3.0/lib/ruby/gems/2.3.0/gems/amber-0.3.11/lib/amber/static_page/render.rb:121:in `render_content_files'
       /home/wxl/.rbenv/versions/2.3.0/lib/ruby/gems/2.3.0/gems/amber-0.3.11/lib/amber/static_page/render.rb:35:in `render_to_file'
       /home/wxl/.rbenv/versions/2.3.0/lib/ruby/gems/2.3.0/gems/amber-0.3.11/lib/amber/server.rb:139:in `render_page'
       /home/wxl/.rbenv/versions/2.3.0/lib/ruby/gems/2.3.0/gems/amber-0.3.11/lib/amber/server.rb:64:in `do_GET'
       /home/wxl/.rbenv/versions/2.3.0/lib/ruby/2.3.0/webrick/httpservlet/abstract.rb:107:in `service'
       /home/wxl/.rbenv/versions/2.3.0/lib/ruby/2.3.0/webrick/httpservlet/filehandler.rb:214:in `service'
       /home/wxl/.rbenv/versions/2.3.0/lib/ruby/2.3.0/webrick/httpserver.rb:140:in `service'
       /home/wxl/.rbenv/versions/2.3.0/lib/ruby/2.3.0/webrick/httpserver.rb:96:in `run'
       /home/wxl/.rbenv/versions/2.3.0/lib/ruby/2.3.0/webrick/server.rb:296:in `block in start_thread'

Instructions for verifying Riseup's SSL certificate specify a command for verifying "riseup-signed-certificate-fingerprints" instead of "riseup-signed-certificate-fingerprints.txt".

https://help.riseup.net/en/eip/how-to/linux

images are all broken here. e.g. it links to https://help.riseup.net/en/eip/how-to/linux/linux/Bitmask-1.png - 404.

The Device Security page desperately needs a section on phones! I've started such a section in my repository. It's just brainstorming at the moment, but at least it's progress. I'd appreciate any help that can be offered, even if it's just further brainstorming or expanding on what's already listed. Please fork my repository and make a pull request with any contributions.

It appears that the BetterPrivacy extension (linked on browser privacy scorecard and in "not recommended" on the better web browsing page) is gone from the Firefox addons store. Should these links be left there anyways to show that it was at some point recommended or completely removed?

since today the riseup.net SSL-certificate is outdated.

Tor Browser

riseup.net uses an invalid security certificate.
The certificate expired on 27.05.2016 23:59. The current time is 28.05.2016 10:08.
(Error code: sec_error_expired_certificate)

Mozilla Firefox

help.riseup.net uses an invalid security certificate.
The certificate expired on 28.05.2016 01:59. The current time is 28.05.2016 11:24.
Error code: SEC_ERROR_EXPIRED_CERTIFICATE

It is still possible to load the page with for example elinks as the expiration date is neither checked nor shown (press '=').

When I click on the donate button Grab a bitcoin address it says:

Not Found

The requested URL /new-bitcoin-address was not found on this server.

http://www.inventati.org/en/stuff/man_anon/remailer.html

There are some concerns I'd raise with the best practices recommended on this page: https://help.riseup.net/en/security/network-security/tor/onionservices-best-practices

First of all, the localhost exposure is almost unique to apache (nginx has a status page and I saw some time ago a lighttpd which provided such an interface but they'd need to be explicitly enabled, there are few default configs like debians apache which enabled mod_status on /server_status). (p.s. I twice had to tell you to disable this "quirk" ;)

Second of all binding to a public IP is a bad method to follow to stop this kind of problem, this makes your server and vhost potentially reachable to an external entity. There has been a growing number of attempts to discover the true location of sites behind cloudflare that are badly configured because they still expose their true httpd on a public IP address. People regularly use masscan and zmap to scan the entire ipv4 address space and I have also seen attempts to connect to a publicly exposed httpd and request "high-value" onion addresses from the httpd to see if they send a Host header and make the site serve their probed vhosts content.

Thirdly binding to a port that is different from the "true" port is a source of a potential leak on apache (lol apache again). If there is a directory, e.g. foo.onion/css/ then a request to foo.onion/css will cause apache to emit a 301 redirect, but when it does issue it, it will include the port that it thinks the service is listening on: instead of sending a 301 to foo.onion/css/ it would send a 301 for foo.onion:81/css/ this both breaks the website and reveals the port the httpd is really running on.

May also be worth mentioning using some kind of tails-like tor-or-fail packet filter if they don't opt to use a network namespace to isolate? unix sockets++ though

I was going to submit a pull request but what the heck is that formatting scheme? Sorry :( just raising an issue instead

The config on this page: https://riseup.net/ru/vpn/vpn-red has an error. Please add before and after the cert.

in https://help.riseup.net/fr/security/human-security - there's a bunch of what look to me like chinese characters.

The Pidgin project suggests that OS X users use Adium. The Pidgin page should probably reflect this.

Thanks,
Michael

Often I found myself translating terms that existed in English but did not in French, or worse, existed but was so obscure that nobody ever used it.

PR #309 makes it clear we need a French lexicon to have consistent translation.

Hello, im unable to login (i actually have a acc) / register on https://black.riseup.net/

The login give me that message:

Ouch!
We ran into a server error.
The problem has been logged and we will look into it.

And on the register:

The server failed to process your request. We'll look into it (ActiveResource::ServerError).

And from Bitmask App on Linux im unable to login too, return me with invalid credentials.

Well, in a bad timing thing there was some issues and drama related to uBlock. It seems uBlock was developed by several people but some weeks ago one of the main developers decided to take over the extension and put some donate buttons and saying it was made from him.

Now there are two uBlock extensions, one made by gorhill (uBlock Origin) and one made by Chris AlJoudi (uBlock). None of them is the original one or a fork by one, but the take over by Chris seems to be a bad move thinking about ethics and the future of the project (as it looks for monetization).

gorhill's uBlock Origin keeps the manifesto of "Free. Open source. For users by users. No donations sought." as for the developers seems the only way to make this kind of extension good (compared with the history of adblock).

So, for probably only ethical reasons I think it's a good idea to promote gorhill's addon instead of Chris one. As none is a fork or the main one, i guess it's totally doable.

You can read a more of the drama here:
https://www.reddit.com/r/linux/comments/39quzj/chris_aljoudis_ublock_not_gorhills_ublock_origin/
https://en.wikipedia.org/w/index.php?title=UBlock&type=revision&diff=662527440&oldid=662107368
https://www.reddit.com/r/chrome/comments/32ory7/ublock_is_back_under_a_new_name/cqd5ayy

gorhill's ublock or "uBlock Origin": https://github.com/gorhill/uBlock

The list on https://help.riseup.net/en/security/network-security/better-web-browsing is pretty out of date.

What browser extensions would we now recommend? My proposal:

Firefox

Recommended:

• HTTPS Everywhere https://www.eff.org/https-everywhere
• uBlock https://addons.mozilla.org/en-US/firefox/addon/ublock/
• Self Destructing Cookies https://addons.mozilla.org/en-US/firefox/addon/self-destructing-cookies/
• Disable Flash. Alternately, if you want to use Flash occasionally, install:
  • Flash Block. this will allow 'click to play' even for latest flash version. https://addons.mozilla.org/en-US/firefox/addon/flashblock/ I think firefox just lets you select 'click to activate' now, like chrome.
  • Better Privacy: needed to remove LSO or "flash cookies". https://addons.mozilla.org/en-US/firefox/addon/betterprivacy/
• Disable Java

Additional protection (but likely to cause compatibility problems on many websites):

• Referrer privacy, either:
  • RefControl https://addons.mozilla.org/en-US/firefox/addon/refcontrol/
  • Smart Referrer https://addons.mozilla.org/en-US/firefox/addon/smart-referer/
• Canvas Blocker https://addons.mozilla.org/en-US/firefox/addon/canvasblocker/
• NoScript https://addons.mozilla.org/en-US/firefox/addon/noscript/
• RequestPolicy https://addons.mozilla.org/en-US/firefox/addon/requestpolicy/
• Random Agent Spoofer https://addons.mozilla.org/en-US/firefox/addon/random-agent-spoofer/

Not recommended:

• TrackMeNot: an interesting idea to generate bogus search data, but better to just use DuckDuckGo.
• Better Privacy: This is only needed if you have Flash installed or enabled. It is used to clean up LSO or the so called "flash cookie".
• AdBlockPlus: uBlock is much better.
• Privacy Badger: uBlock already blocks tracking, as well as ads. Privacy Badger does do social media widget replacement, which could be a reason to recommend installing it. Privacy Badger might be useful if there is a new tracking network that uBlock is not yet configured for, but this happens rarely.
• Disconnect: No benefit over other free software alternatives. It is unclear where the Disconnect company is headed, since if you go to their website there is no link to install the Firefox extension anymore, they just want you to install their VPN.
• Ghostery: Closed source, and no benefit over the free software alternatives.

Chrome

Recommended

• uBlock

When I run amber rebuild I got this error:

/usr/local/lib64/ruby/gems/2.1.0/gems/i18n-0.7.0/lib/i18n.rb:284:in `enforce_available_locales!': :en is not a valid locale (I18n::InvalidLocale)
    from /usr/local/lib64/ruby/gems/2.1.0/gems/i18n-0.7.0/lib/i18n/config.rb:34:in `default_locale='
    from /usr/local/lib64/ruby/gems/2.1.0/gems/i18n-0.7.0/lib/i18n.rb:35:in `default_locale='
    from /usr/local/lib64/ruby/gems/2.1.0/gems/amber-0.3.3/lib/amber/site_configuration.rb:96:in `cleanup'
    from /usr/local/lib64/ruby/gems/2.1.0/gems/amber-0.3.3/lib/amber/site_configuration.rb:79:in `initialize'
    from /usr/local/lib64/ruby/gems/2.1.0/gems/amber-0.3.3/lib/amber/site_configuration.rb:46:in `new'
    from /usr/local/lib64/ruby/gems/2.1.0/gems/amber-0.3.3/lib/amber/site_configuration.rb:46:in `load'
    from /usr/local/lib64/ruby/gems/2.1.0/gems/amber-0.3.3/lib/amber/site.rb:17:in `initialize'
    from /usr/local/lib64/ruby/gems/2.1.0/gems/amber-0.3.3/lib/amber/cli.rb:40:in `new'
    from /usr/local/lib64/ruby/gems/2.1.0/gems/amber-0.3.3/lib/amber/cli.rb:40:in `rebuild'
    from /usr/local/lib64/ruby/gems/2.1.0/gems/amber-0.3.3/bin/amber:79:in `main'
    from /usr/local/lib64/ruby/gems/2.1.0/gems/amber-0.3.3/bin/amber:82:in `<top (required)>'
    from /usr/local/bin/amber:23:in `load'
    from /usr/local/bin/amber:23:in `<main>'

I run ruby 2.1.5 and amber 0.3.3.

Some of the options used in the OpenPGP best practices are deprecated, for example:

gpg: keyserver option 'ca-cert-file' is obsolete; please use 'hkp-cacert' in dirmngr.conf

It seems like the page needs to be updated to use dirmngr for some configuration.

uMatrix now has an option to Delete session cookies X minutes after the last time they have been used. So Self-Destructing cookies addon might be a redundancy.

Also uMatrix can clear browser cache every X minutes, so as to fight the zombie cookies.

The best practices guide could suggest considering ECC subkeys since they are now supported in 2.1. They are faster, which is very useful for security tokens. Note that if there's a RSA and ECC key on a key, GnuPG 1.4 will do the right thing and choose the one that works (e.g. use RSA if it doesn't support ECC)...

From this support thread it looks like the training feature for the statistical filter is not documented in the help pages.

It was mentioned in a newsletter in 2014 ("If any legitimate mail gets put in your Spam folder, drag it over to your INBOX so our system can learn from its mistakes!"), but did not find its way into any of these help pages:

• https://riseup.net/en/spam
• https://riseup.net/en/email/settings/email-filters
• https://riseup.net/en/email/scams

Hi!

While browsing through the git repo looking for pages to translate, I found the Usage Agreement for Mail Accounts page.

It is not accessible by browsing menus on h.r.n and seems to contain quite redundant information.

If it is to be kept, you should add a nav link to it somewhere (and actualize the information on it). If not, it should be deleted.

The IMAP standard supports an extension named "IDLE" where a client can keep a connection open to the server and when new mail arrives at the server it "pushes" a notification to the client that mail is waiting and it is automatically retrieved. This can speed up mail delivery quite a bit and also has the benefits of clients not needing to check mail as often and reduced resource usage on the server. Riseup's IMAP server already supports it and it works well and several clients support it. It would be nice to document on our help pages so users enable it. I think this means the following:

• it would be good to add something generic to https://riseup.net/en/email/clients
• Thunderbird supports it, document in https://riseup.net/en/email/clients/thunderbird
• iOS, does not
• MacOS Mail.app does,  hints https://www.lifewire.com/instant-updates-imap-idle-os-x-1172878
• K-9 does, hints https://www.skynetbb.com/email-setup/k9-mail
• Outlook didn't appear to as of Mar 2017
• offlineimap might (but we don't have a page for it)

Since GPG 2.1, a bunch of non-default algo recommendations we have in the best practices guide may not be relevant anymore, either because they are the default now, or because they are superseded by better algorithms.

A thorough review of those should be performed to make sure we're up to date.

Problem is: I am not sure how to actually tell what the current defaults are...

I have some questions / ideas about the help.r.n design and I'd like to discuss them with you before jump into the code and waste time to code things that may be rejected. :P

General

• Change bootstrap link color to be the same has the header color or the U color in the logo

Status updates

Do you think is there a way to hide a part of the status updates and than keep the page a decent length or move them back to status.r.n?

Email and list links

It could be nice to find a way to make links (Get help on mail.; Login to webmail.; Request an account.; Reset lost password.; Change my settings.) easier to read and give them a better disposition.

Footer

• Rearrange content
• Remove system status
• make a shorter and more simple link to invite people to contribute to the pages
• Add link to the social medias accounts, irc and a link to the contact page for email key informations

What do you think about that, have you other ideas, comments, etc !?? :)

why is privacy badger necessary, on top of ublock? the docs say:

Privacy Badger dynamically detects attempts to track your browsing behavior and blocks content from these trackers. Privacy Badger is not designed to stop ads, so it is not a replacement for uBlock, but it includes some security features that uBlock does not have.

What are those security features exactly?

This is a meta-issue to regroup issues surrounding a formal review of the GnuPG best practices after the publication of the GnuPG 2.1 release, which includes some of the recommendations from the document.

• #294 ca-cert-file option deprecated in GnuPG 2.1
• #449 Use dirmngr in OpenPGP best practices
• #450 GPG 2.1 use hkps by default
• #447 Note hopenpgp-tools broken with GnuPG >= 2.1
• #452 newer GnuPG releases generate revocation cert
• #453 update key splitting procedure for GnuPG 2.1
• #454 mention elliptic curve algorithms in best practices guide
• #455 review default algorithms recommendations for GPG 2.1
• #456 clarify that GPG doesn't store keys in pubring.kbx
• #457 link to the 2.1 review issue

You have User-Agent Switcher for Chrome

Consider adding https://github.com/dillbyrne/random-agent-spoofer for Firefox

I'm working on improving the German translations and stumbled on this page vpn/why-is-needed/en.text. It says:

When you connect to the RiseupVPN, your computer will get its own public internet IP address, even if your computer normally only has a non-public IP address like 198.162.0.1. Every time you connect, you will get a different randomly assigned public IP (if we temporarily run out of available public IPs, then you will get a shared IP instead). This makes running certain applications much easier or faster.

First of all, this doesn't seem to work as I've been getting the same IP every time I connect.
Secondly: How/with what does it help exactly? If the IPs are randomly assigned, hosting something behind the VPN is still difficult (if possible at all). Or this just about P2P stuff?

The key splitting procedure is designed for GnuPG 1.4 and should be update for GnuPG 2.1.

I wonder why the WebRTC IP leak problem is not mentioned on the Better Web Browsing
Help page, as it is on this manual (which is really interesting, btw) : https://gist.github.com/atcuno/3425484ac5cce5298932

WebRTC has a major privacy issue in that it can be abused to leak the internal IP address of users. This is very useful for advertisers who wish to develop very unique identifiers for users. It can also be abused to deanonymize users that whom utilized VPNs and/or Tor (1, 2, 3) in order to hide their true identity.

To block WebRTC in Chrome you must install this plugin.
https://github.com/rentamob/WebRTC-Leak-Prevent
https://chrome.google.com/webstore/detail/webrtc-leak-prevent/eiadekoaikejlgdbkbdfeijglgfdalml

To disable WebRTC in Firefox:
Enter "about:config" in the URL bar
Find the key of "media.peerconnection.enabled"
Set the value to "false"

To test if the plugin is operating correctly, visit this website and make sure that your local IP address does not appear.
https://diafygi.github.io/webrtc-ips/

Currently, the openpgp best practices state:

Do not blindly trust keys from keyservers.

Anyone can upload keys to keyservers and there is no reason that you should trust that any key you download actually belongs to the individual listed in the key. You should therefore verify with the individual owner the full key fingerprint of their key. You should do this verification in real life or over the phone. Once you have verified the key fingerprint that you need, you may download the key from the keyserver pool:

gpg --recv-key 'fingerprint'

I thought that --recv-key is never enough, because the keyserver is not bound to return, necessarily, a key that matches the fingerprint and gpg does not actually confirm the fingerprint before importing.

Shouldn't this be like so?

gpg --recv-key '<fingerprint>'
gpg --fingerprint '<fingerprint>'

I noticed the Spanish About Us Page shows no translation, but the Spanish Translation Markdown exists in master since 2 months ago...

Thanks!

On this page and its translation, there is a dead link on how to install Ubuntu.

Should we even recommend Ubuntu as a Windows replacement? Ubuntu is terrible and since the whole "We are selling your data to Amazon thing" I do not recommend it to anyone.

Linux Mint is nice and easy to install though and if the goal was to have something friendlier than Debian, I think we should go with it.

Hi, I hope that I can help to add documents for mutt email client to use with riseup and tor. Can I create a pull request?

Someone on twitter reported a missing vpn/troubleshooting page. I couldn't find how they had got there exactly, but there are some old references to it:

pages/vpn/vpn-red/pt.text:* [[vpn-howto/troubleshooting]].
pages/vpn/how-to/linux/de.md:Schau auf die [[Problemlösungsseite -> vpn/troubleshooting]].
pages/vpn/how-to/linux/en.md:Please check the [[Troubleshooting section -> vpn/troubleshooting]].
pages/vpn/de.text:* Etwas funktioniert nicht? [[Troubleshooting -> /vpn/troubleshooting]]
ages/vpn/how-to/linux/de.md:Bitmask muss sicherstellen, dass die Verbindung zu riseup.net sicher ist. Danach drücke *next*. Wenn bei diesem Schritt Probleme entstehen, siehe [[troubleshooting]].
pages/vpn/how-to/linux/fr.md:Allez dans la [[section Dépannages -> troubleshooting]].
ages/vpn/how-to/linux/en.md:Bitmask has to make sure that it can connect securily with riseup.net. After that press *next* to continue. If there is any issues in this step, please check the [[troubleshooting]].
pages/vpn/how-to/linux/pt.md:O Bitmask precisa se certificar que pode se conectar com seguraça a riseup.net. Depois, aperte *Next* para continuar. Se houver algum problema neste passo, consulte a página de [[troubleshooting]].
pages/vpn/how-to/linux/pt.md:Consulte a [[seção de _Resolução de problemas_ -> troubleshooting]].
pages/vpn/es.text:* ¿Algo no funciona? comprueba [[Resolución de problemas -> troubleshooting]]

and some old references to the how-to pages

pages/vpn/de.text:* Linux Benutzer? [[Installationsanleitung -> /vpn/how-to/linux]]
pages/vpn/de.text:* Android Benutzer? [[Installationsanleitung -> /vpn/how-to/android]]
pages/vpn/de.text:Um *Bitmask* auszuprobieren, lies die [[Installationsanleitung->vpn/how-to]]. Keine Angst!
pages/vpn/de.text:Die Bitmask-Anwendung läuft auf [[GNU/Linux->how-to/linux]] (als Debian/Ubuntu-Paket und als eigenständiges Paket für andere Distributionen), Mac OSX und [[Android->how-to/android]]. Bitte lies [[Installationsanleitung->how-to]].
pages/vpn/pt.text:Quer experimentar? Leia as [[instruções de instalação->vpn/how-to]]. Não tenha medo!
pages/vpn/pt.text:O aplicativo Bitmask funciona no [[GNU/Linux->how-to/linux]] (como pacote no Debian e no Ubuntu e como conjunto de pacotes em outras distribuições), Mac OSX e [[Android->how-to/android]]. Consulte as [[instruções de configuração->how-to]] para esses sistemas.

The recent update to the es pages has left some broken links. I think that's because translators are translating both the [Link Name=> and the =>Link target], i.e. both the parts before and after the =>.

Should we add something in the README about this, e.g. suggesting that people not translate the part after the => ?

Riseup: http://vww6ybal4bd7szmgncyruucpgfkqahzddi37ktceo3ah7ngmcopnpyyd.onion
searx.riseup.net: http://ozmh2zkwx5cjuzopui64csb5ertcooi5vya6c2gm4e3vcvf2c2qvjiyd.onion

Found these on Tor blog. Where is the proof of these? I can't find it on your "security - tor" webpage.
Please confirm that these are your onions, and "searx.riseup.net" is your service.

Add I2P to network security.