diff options
30 files changed, 624 insertions, 214 deletions
diff --git a/amber/layouts/default.html.haml b/amber/layouts/default.html.haml index 61f7f38..833aef6 100644 --- a/amber/layouts/default.html.haml +++ b/amber/layouts/default.html.haml @@ -8,6 +8,7 @@ %link(rel="stylesheet" href="/assets/bootstrap.min.css") %link(rel="stylesheet" href="/assets/font-awesome/css/font-awesome.min.css") %link(rel="stylesheet" href="/assets/style.css") + %script(src="/assets/js/jquery.min.js") %link(rel="icon" href="/favicon.ico" type="image/x-icon") = html_head_base %body diff --git a/amber/layouts/home.html.haml b/amber/layouts/home.html.haml index a3d26ea..c44e4db 100644 --- a/amber/layouts/home.html.haml +++ b/amber/layouts/home.html.haml @@ -17,21 +17,23 @@ #masthead = render 'layouts/masthead' #main - .darker + .container + .row + .col-sm-12 + .locale-links + - available_languages.each do |name, code, url| + %a.label{:href => url, :class => (I18n.locale == code ? 'label-primary' : '')}= name + .dark .container .row - .col-sm-9 + .col-sm-12 .introtext = render 'home/intro' - .col-sm-3 .download.text-left %a.btn.btn-large.btn-primary{:href => 'install'} %i.fa.fa-download.fa-2x %span = t :download_bitmask - .container - .shadow-box - .content-box - = yield :content + = yield :content #footer = render 'layouts/footer' diff --git a/amber/locales/en.yml b/amber/locales/en.yml index 763a3d1..6c6f48e 100644 --- a/amber/locales/en.yml +++ b/amber/locales/en.yml @@ -19,6 +19,7 @@ en: # # front page text # + services: Services fork_our_code: Fork our code about_us: About us supported_providers: Supported providers diff --git a/amber/locales/es.yml b/amber/locales/es.yml index 0022b5b..b7681b0 100644 --- a/amber/locales/es.yml +++ b/amber/locales/es.yml @@ -7,12 +7,13 @@ es: downloads: Descargas download: Descargar warning: > - <b>ADVERTENCIA:</b> Bitmask está todavía en fase experimental. Por favor, no uses estas versiones beta + <b>ADVERTENCIA:</b> Bitmask está todavía en fase experimental. Por favor, no uses estas versiones beta de Bitmask en situaciones en las que un compromiso de tus datos podría ponerte en peligro. # # front page text # + services: Servicios fork_our_code: Clónate nuestro código about_us: Quiénes somos supported_providers: Proveedores soportados @@ -26,5 +27,5 @@ es: tu proveedor antes de ser descifrado y enviado a la Internet abierta. encrypted_email: Correo Electrónico Cifrado encrypted_email_blurb: > - El [[Mail Cifrado Bitmask => features#email]] es fácil de usar, permaneciendo + El [[Mail Cifrado Bitmask => features#email]] es fácil de usar, permaneciendo compatible con el protocolo OpenPGP existente para correo electrónico seguro. diff --git a/amber/menu.txt b/amber/menu.txt index 293f251..4a6e612 100644 --- a/amber/menu.txt +++ b/amber/menu.txt @@ -1,4 +1,6 @@ features + vpn + cryptography install android linux diff --git a/pages/assets/style.scss b/pages/assets/style.scss index ebc7bf3..2a7eb96 100644 --- a/pages/assets/style.scss +++ b/pages/assets/style.scss @@ -83,6 +83,8 @@ h4 { width: 50%; font-weight: bold; font-family: Helvetica,Arial,sans-serif; + white-space: nowrap; + overflow: hidden; &.bottom { display: none; } @@ -150,38 +152,34 @@ body.home #masthead .text { body.home #masthead .text { height: $masthead-medium-height/2; &.bottom { - font-size: 10px; - line-height: 19px !important; + font-size: 12px; + line-height: 22px !important; } } } // small masthead +// same as medium, but smaller 'bitmask' and hide bottom text. -// @media (max-width: 767px) { -// #masthead { -// background: $masthead-background-color url(#{$masthead-small-img}) 50% 50%; -// .masthead-inner { -// height: $masthead-small-height; -// .text { -// padding-left: 1px; -// font-size: 30px; -// line-height: $masthead-small-height; -// } -// } -// } -// body.home #masthead .text { -// height: $masthead-small-height/2; -// &.bottom { -// font-size: 9px; -// line-height: 14px !important; -// span { -// padding: 2px; -// } -// } -// } -// } +@media (max-width: 540px) { + #masthead { + .masthead-inner { + .text { + padding-left: 1px; + font-size: 36px; + } + } + } + // no .bottom, make .top fill whole space + body.home #masthead .text { + height: $masthead-medium-height; + line-height: $masthead-medium-height !important; + &.bottom { + display: none; + } + } +} #top-menu { position: absolute; @@ -207,7 +205,7 @@ body.home #masthead .text { @media only screen and (max-width: 767px) { #top-menu a { - padding: 2px 6px; + padding: 2px 10px; font-size: 12px; } } @@ -363,8 +361,8 @@ body.home { span { color: #333; } - margin: 20px 0 15px 0; - font-size: 36px; + margin: 20px 0 0px 0; + font-size: 28px; } .thumbnail { word-break: break-all; @@ -398,14 +396,14 @@ body.home { color: lighten($link-visited-color, 30%); } } - .dark { - background-color: lighten($home-dark-background-color, 5%); + .darker { + background-color: darken($home-dark-background-color, 5%); } .light, .lighter { color: $home-light-color; background-color: $home-light-background-color; } - .light { + .lighter { background-color: lighten($home-light-background-color, 20%); } .b { @@ -418,4 +416,3 @@ body.home { margin-left: 22px; } } - diff --git a/pages/assets/variables.scss b/pages/assets/variables.scss index f1ad236..98112dd 100644 --- a/pages/assets/variables.scss +++ b/pages/assets/variables.scss @@ -42,8 +42,8 @@ $navigation-shadow: 1px 1px 4px #111; $link-color: darken($masthead-background-color, 15%); $link-visited-color: darken($masthead-background-color, 25%); -$home-light-color: #fff; -$home-light-background-color: #111; +$home-light-color: #000; +$home-light-background-color: #eee; $home-dark-color: #fff; $home-dark-background-color: $background-color; diff --git a/pages/features/benefits/en.text b/pages/features/benefits/en.text deleted file mode 100644 index 1d9391b..0000000 --- a/pages/features/benefits/en.text +++ /dev/null @@ -1,36 +0,0 @@ -- @title = 'Benefits of EIP' -- @nav_title = 'Benefits' - -h2. Why would you want an Encrypted Internet Proxy? - -The internet is being broken by governments, internet service providers (ISPs), and corporations. - -h3. Broken by governments - -Around the world, governments are using the internet for social control, through both surveillance and censorship. Many countries, such as China, Iran, and the United States practice active surveillance of the social relationships of everyone and the European Union countries require all ISPs and website operators to record and retain personal data on your behavior. With three-strikes laws, many countries now deny citizens access to the internet if accused of file sharing. Some countries even forbid the use of new communication technologies, like Skype. - -h3. Broken by ISPs - -Internet service providers are breaking the internet too. They happily cooperate with government repression, they practice intrusive monitoring of your traffic through deep packet inspection, they track your DNS usage, and they get people thrown in jail, expelled from school, or banned from the internet, merely from the accusation of copyright infringement. Also, ISPs typically limit you to one internet address. If you want to share your internet connection with multiple devices, you must put all the devices on a local network. This works OK if you just want to browse the web, but makes life difficult if you want to take advantage of many applications. - -h3. Broken by corporations - -Corporations have discovered how to make money from the internet: surveillance. By tracking your online habits, advertising companies build detailed profiles of your individual behavior in order to better sell you useless crap. Every single major internet ad company now uses behavioral tracking. Also, to comply with national copyright, many companies only make their services available to some internet users, those who reside in the 'right' country. - -h2. How an Encrypted Internet Proxy helps - -There are many ways that EIP can help: - -# *protect against ISP surveillance*: An EIP eliminates the ability of your ISP to monitor your communication. They have no meaningful records which can be used against you, either by marketers or the government. -# *bypass government censorship*: An EIP can entirely bypass all government censorship, so long as you still have access to the internet. Note, however, that careful analysis of your traffic could reveal that you are using an EIP, which may or may not be legal in your jurisdiction. -# *access the entire internet, regardless of where you live*: An EIP allows you to pretend to live in any country where we have a EIP gateway server. This gives you access to restricted content only available in those countries. An EIP also allows you to use services that may be blocked in your country. -# *secure your Wi-Fi connection*: Any time you use a public Wi-Fi connection, everyone else using that access point can spy on your traffic. An EIP will prevent this. -# *keep websites from logging your IP address*: Most all websites will log your IP address and some even retain this information for several years. Because your IP address is effectively an unique identifier that is connected to your real identity and your real location, there are many reasons why someone might not want every website they visit to have access to this personal information. - -h2. Special features of Bitmask EIP - -The Bitmask application provides an Encrypted Internet that has several advantages over traditional "Personal VPN": - -* Does not leak traffic: IPv6, DNS, Does not "Fail Open" -* No logging: by default... -* Semi-anonymous
\ No newline at end of file diff --git a/pages/features/cryptography/en.text b/pages/features/cryptography/en.text new file mode 100644 index 0000000..f2500fb --- /dev/null +++ b/pages/features/cryptography/en.text @@ -0,0 +1,138 @@ +@title = "Bitmask Cryptography Details" +@nav_title = "Crypto Details" + +You asked for encryption details, you get encryption details. Here we try to document all the crypto used by Bitmask, and some of the thinking behind these decisions. For more details, [[inspect the source => https://leap.se/git]] or browse our [[technical documentation => https://leap.se/docs]]. + +h2. Authentication - Secure Remote Password + +Bitmask uses Secure Remote Password (SRP) to authenticate with a service provider. SRP is a type of zero-knowledge-proof for authentication via username and password that does not give the server a copy of the actual password. Typically, password systems work by sending a cleartext copy of the password to the server, which then hashes this password and saves the hash. With SRP, the client and server negotiate a "password verifier" after several round trips. The server never has access to the cleartext of the password. + +One additional benefit of SRP is that both parties authenticate each other. With traditional hashed passwords, the server can say that the password was correct, even if it has no idea what the real password is. With SRP, the user authenticates with the server, but the server also authenticates with the user. + +There are some limitations with SRP. A compromised or nefarious provider can attempt to brute force crack a password by trying millions of combinations, just like with normal hashed passwords. For this reason, it is still important to pick a strong password. In practice, however, users are horrible at picking strong passwords. + +A second limitation is with the web application. It also uses SRP, but the SRP javascript code is loaded from the provider. If the provider is compromised or nefarious, they could load some javascript to capture the user's password. + +We have three plans for the future to overcome these potential problems: + +# Allow the use of an additional long random key that is required as part of the authentication process (optionally). For example, each device a user has Bitmask installed on could have a "device key" and the user would need to authorize these device keys before they could run Bitmask on that new device. + +# We also plan to include with Bitmask a bloom filter of the top 10,000 most commonly used passwords. By some accounts, 98.8% of all users pick a password in the top 10,000. A bloom filter of these passwords is relatively small, and we can simply forbid the user from selecting any of these (albeit with some false positives). + +# Allow providers to forbid authentication via the web application. Authentication would happen via the Bitmask app, which would then load the website with the session token it obtained. This way, the critical SRP authentication code is never loaded from the provider. + +For more information, see: + +* http://srp.stanford.edu +* https://en.wikipedia.org/wiki/Secure_Remote_Password_protocol +* https://xato.net/passwords/more-top-worst-passwords + +h2. Transport - TLS + +The Bitmask client frequently makes various connections using TLS to the provider. For example, to check to see if there is an update to the list of VPN gateways. + +When a service provider is first added by Bitmask, the CA certificate from the provider is downloaded via a normal TLS connection authenticated using existing x.509 CA system. This is the only moment that Bitmask relies on the CA system. + +All subsequent connections with that provider use the provider-specific CA to authenticate the TLS connection. Essentially, this is a form of certificate pinning and TOFU. In order for an outside attacker to impersonate a provider, they would need to present a false x.509 server certificate authenticated by a Certificate Authority, and then intercept and rewrite all subsequent traffic between the Bitmask client and provider. + +If a provider has been pre-seeded with the Bitmask application, then the fingerprint of the provider-specific CA certificate is known in advance. In these cases, the x.509 CA system is never relied upon. + +The provider-specific CA certificates use 4096 bit RSA with SHA256 digest, by default. The server certificates use 2048 bit RSA with SHA256 digest, by default. These defaults are easily changed. + +All TLS connections use PFS ciphers. + +h2. Storage - Soledad + +The Bitmask application stores its data in [[Soledad => https://leap.se/soledad]], which handles encrypting this data, securely backing it up, and synchronizing it among a user's devices. In Soledad, local storage uses symmetric block encryption of the entire database using a single key. For data stored remotely, each individual document is separately encrypted using a key unique to that document. + +Both local storage and remote storage keys are derived from a master "storage secret." This long random storage secret is stored locally on disk, protected by symmetric encryption using a key derived from the user's password (scrypt is used as the key derivation function). + +*Local storage* + +p((. The block-encrypted local SQLite database uses @AES-256-CBC@. See https://github.com/kalikaneko/python-u1dbcipher and http://sqlcipher.net. + +<!-- p((. The key size is ??? --> + +*Remote storage* + +p((. Per-document encryption of documents stored remotely uses symmetric encryption with a AES-256-CTR cipher. The library pycryptopp is used for this. + +<!-- p((. The key for each document is X bits in length, and is derived from X. --> + +p((. Some documents in a user's remote data store are added by the provider, such as in the case of new incoming email. These documents use asymmetric encryption, with each document encrypted using the user's OpenPGP public key. The library we use for this is [[Isis's fork of python-gnupg => https://github.com/isislovecruft/python-gnupg]]. These documents are only temporarily stored this way: as soon as the client sees them, they get unencrypted and re-encrypted using the other methods. + +*Transport* + +p((. TLS, as above. Soon to be CurveZMQ. + +h2. Encrypted Tunnel - OpenVPN + +OpenVPN has three settings that control what ciphers it uses (there is a fourth, @--tls-auth@, but we cannot use this in a public multi-user environment). Every provider can easily choose whatever options they want for these. Below are the current defaults that come with the leap_platform. + +*tls-cipher* + +p((. The @--tls-cipher@ option governs the session authentication process of OpenVPN. If this is compromised, you could be communicating with a MiTM attacker. The TLS part of OpenVPN authenticates the server and client with each other, and negotiates the random material used in the packet authentication digest and the packet encryption. + +p((. Instead of allowing many options, Bitmask only supports a single cipher (to prevent rollback attacks). + +p((. For the moment, we have chosen @DHE-RSA-AES128-SHA@. The most important thing is to choose a cipher that supports PFS, as all the @DHE@ ciphers do. + +p((. We have chosen @AES-128@ because there are known weaknesses with the @AES-192@ and @AES-256@ key schedules. There is no known weakness to brute force attacks against full 14 round AES-256, but weakness of AES-256 using other round counts is sufficient to recommend AES-128 over AES-256 generally. For more information, see Bruce Scheier's post [[ +Another New AES Attack => https://www.schneier.com/blog/archives/2009/07/another_new_aes.html]]. + +p((. We would prefer to use ECC over RSA, and plan to eventually. It is a bit more complicated and involves changes to our TLS code in many places (recompiling openvpn, and changing certificate generation libraries used by sysadmins and the provider API). + +p((. The current default for client and server x.509 certificates used by OpenVPN is 2048 RSA with SHA256 digest. At this time, we feel there is no evidence to support the use of larger key sizes, which would dramatically slow down the connection time. This is also easily configurable by the provider (to see all the options, run @leap inspect provider.json@). + +*auth* + +p((. The @--auth@ option determines what hashing digest is used to to authenticate each packet of traffic using HMAC. + +p((. We have chosen to keep the @SHA1@ the default digest rather than go with @SHA256@. If an attacker can break a SHA1 HMAC on each packet in real time, you have bigger problems than your VPN. + +*cipher* + +p((. The @--cipher@ option determines how actual traffic packets are encrypted. We have chosen @AES-128-CBC@. + +p((. The OpenVPN default is probably actually better than AES-128, since it's Blowfish. We have chosen AES-128 because the TLS cipher is already relying on AES-128. We would normally prefer cipher mode OFB over CBC, but the OpenVPN manual says that "CBC is recommended and CFB and OFB should be considered advanced modes". + +h3. obfsproxy + +Obfsproxy is optionally used to make VPN traffic not appear as VPN traffic to someone who is monitoring the network. Obfsproxy uses modules called pluggable transports to obfuscate underlying traffic. Different transports may or may not use encryption and have different implementation and choices over encryption schemes. + +We have chosen the Scramblesuit pluggable transport that uses Uniform Diffie-Hellman for the initial handshake and AES-CTR 256 for application data. + +h2. Encrypted Email - OpenPGP + +The user's autogenerated key pair uses 4096 RSA for the master signing key. + +Bitmask will refuse to encrypt to a recipient's public key if the length is 1024 or less. + +All keys are stored in Soledad. + +Bitmask does not yet support ECC keys. + +Bitmask uses GnuPG. The python library we use is [[Isis's fork of python-gnupg => https://github.com/isislovecruft/python-gnupg]]. + +h2. Secure Updates - TUF + +The secure updates are done using [[TUF => http://theupdateframework.com/]], they use OpenSSL 4096 RSA keys with pyCrypto. There is three keys involved in the update process (root, targets and timestamp). + +* The root key is used to certify the rest of the keys that lives in an offline storage and only gets used once per year to update the cerification or in case of rotation of another other key. +* The targets key is used to sign all the updates. This key is in the hands of the release manager and used on every release. +* The timestamp key is used to sing a timestamp file every day, this file is used by the client to prevent an adversary from replaying an out-of-date updates. This key lives online in the platform servers. + +h2. Other + +h3. OpenSSH + +Servers use ecdsa keys. + +h3. DNSSec + +To be written + +h3. StartTLS + DANE + +To be written + diff --git a/pages/features/en.haml b/pages/features/en.haml index df23539..c1eb95b 100644 --- a/pages/features/en.haml +++ b/pages/features/en.haml @@ -64,6 +64,6 @@ %li %i.fa-li.fa.fa-institution <b>Don't trust the provider</b><br> - If you download the Bitmask application from [[dl.bitmask.net => https://dl.bitmask.net]], your service provider cannot add a backdoor to compromise your security. + When you download Bitmask from [[dl.bitmask.net => https://dl.bitmask.net]], your service provider will not be able to distribute to you a compromised client with a backdoor. %p As with any security system, Bitmask has [[known limitations => https://leap.se/en/limitations]]. For technical details, see our [[design documentation => https://leap.se/en/design]]. diff --git a/pages/features/limitations/en.text b/pages/features/limitations/en.text deleted file mode 100644 index 146a343..0000000 --- a/pages/features/limitations/en.text +++ /dev/null @@ -1,74 +0,0 @@ -@title = "Limitations of EIP" -@nav_title = "Limitations" - -To understand the limitations of *Encrypted Internet Proxy*, let us first look at the different types of security and how EIP works. - -h2. Types of security - -<table class="table table-striped"> -<tr> - <th style="width: 10em">Type of security</th> - <th>What is it?</th> -</tr> -<tr> - <td>Human Security</td> - <td>Human behavior that keeps you safe and out of harms way.</td> -</tr> -<tr> - <td>Device Security</td> - <td>The integrity of your computing devices to be free from hardware or software modifications that steal your information.</td> -</tr> -<tr> - <td>Message Security</td> - <td>The confidentiality of messages you send and receive, and the pattern of your associations.</td> -</tr> -<tr> - <td>Network Security</td> - <td>Protection of your internet traffic against behavioral tracking, account hijacking, censorship, eavesdropping, and advertising.</td> -</tr> -</table> - -An *Encrypted Internet Proxy* only applies to *Network Security*. For example, it cannot improve your behavior, protect your device against viruses, or ensure your messages are end-to-end encrypted. - -h2. How it works - -h3. A normal internet connection - -!vpn-01_large.png! - -In a normal internet connection, all your traffic is routed from your computer through your ISP (Internet Service Provider) and out onto the internet and finally to its destinate. At every step of the way, your data is being recorded and is vulnerable to eavesdropping or man-in-the-middle attacks. - -h3. An internet connection with EIP - -!vpn-02_large.png! - -With an EIP, your traffic is encrypted on your computer, passes through your ISP and on to your EIP provider. Because the data is encrypted, your ISP has no knowledge of what is in your data that they relay on to your EIP provider. Once your data reaches the EIP provider, it is decrypted and forwarded on to its final destination. - -With the *Encrypted Internet Proxy*, if your data is not using a secure connections then it is still vulnerable from the point it leaves the EIP Gateway. However, by routing your data through the EIP provider, you have acheived two important advantages: - -* Your data is protected from blocking, tracking, or man-in-the-middle attacks conducted by your ISP or network operators in your local country. -* Your data now appears to use the IP address of the EIP provider, and not your real IP address. Most websites gather and retain extensive data base on this IP address, which has now been anonymized. - -h3. EIP anonymizes your connection - -!vpn-03_large.png! - -Because your traffic appears to originate from the EIP provider, the recipient of your network communication does not know where you actually reside (unless, of course, you tell them). Also, your traffic has been mixed together with the traffic of hundreds or even thousands of other people. - -In the case illustrated above, the website in California thinks that the laptop in Brazil, the laptop in Europe, and the giant cellphone floating over Canada are all coming from New York, because that is where the EIP provider is. - -h2. Limitations of EIP - -* *Legality*: If you live in an non-democratic state, it may be illegal to use an EIP or personal VPN to access the internet that has not been approved by the government. - -* *Mobile network*: Using an EIP on your mobile device will secure your data connection, but the telephone company will still know your location by recording which towers your device communicates with. - -* *An insecure connection is still insecure*: Although Bitmask will anonymize your location and protect you from surveillance from your ISP, once your data is securely routed through through your provider it will go out on the internet as it normally would. This means you should still use TLS when available (ie. https, imaps, etc). - -* *EIP only applies to network security*: Using an EIP will not protect your communication if your computer is already compromised with software or hardware that is stealing your personal information. Also, if you give personal information to a website, there is little that an EIP can do to maintain your anonymity with that website or its partners. - -* *Browser fingerprints*: Every web browser effectively has a fingerprint that can uniquely identify your web traffic from everyone else. Although websites rely on cookies for tracking, a powerful network observer could use the uniqueness of your browser in order to de-anonymize your traffic. - -* *The internet might get slower*: the Bitmask EIP routes all your traffic through an encrypted connection to your provider of choice before it goes out onto the normal internet. This extra step can slow things down. To minimize the slowdown, try to choose a EIP gateway server close to where you actually live. - -* *Anonymous proxies*: There are some websites that block access from "Anonymous Proxies". For this reason, depending on which EIP gateway you are using, your traffic might be blocked.
\ No newline at end of file diff --git a/pages/features/vpn/en.text b/pages/features/vpn/en.text new file mode 100644 index 0000000..3623ace --- /dev/null +++ b/pages/features/vpn/en.text @@ -0,0 +1,110 @@ +@title = "Bitmask VPN Features and Limitations" +@nav_title = "VPN" + +h1. Benefits of Bitmask VPN + +h2. Why would you want to run Bitmask VPN? + +The internet is being broken by governments, internet service providers (ISPs), and corporations. + +h3. Broken by governments + +Around the world, governments are using the internet for social control, through both surveillance and censorship. Many countries, such as China, Iran, and the United States practice active surveillance of the social relationships of everyone and the European Union countries require all ISPs and website operators to record and retain personal data on your behavior. With three-strikes laws, many countries now deny citizens access to the internet if accused of file sharing. Some countries even forbid the use of new communication technologies, like Skype. + +h3. Broken by ISPs + +Internet service providers are breaking the internet too. They happily cooperate with government repression, they practice intrusive monitoring of your traffic through deep packet inspection, they track your DNS usage, and they get people thrown in jail, expelled from school, or banned from the internet, merely from the accusation of copyright infringement. Also, ISPs typically limit you to one internet address. If you want to share your internet connection with multiple devices, you must put all the devices on a local network. This works OK if you just want to browse the web, but makes life difficult if you want to take advantage of many applications. + +h3. Broken by corporations + +Corporations have discovered how to make money from the internet: surveillance. By tracking your online habits, advertising companies build detailed profiles of your individual behavior in order to better sell you useless crap. Every single major internet ad company now uses behavioral tracking. Also, to comply with national copyright, many companies only make their services available to some internet users, those who reside in the 'right' country. + +h2. How Bitmask VPN helps + +There are many ways that Bitmask VPN can help: + +# *Protect against ISP surveillance*: A VPN eliminates the ability of your ISP to monitor your communication. They have no meaningful records which can be used against you, either by marketers or the government. +# *Bypass government censorship*: An VPN can entirely bypass all government censorship, so long as you still have access to the internet. Note, however, that careful analysis of your traffic could reveal that you are using an VPN, which may or may not be legal in your jurisdiction. In particular, no VPN can hide your traffic from the NSA or GCHQ. +# *Access the entire internet, regardless of where you live*: An VPN allows you to pretend to live in any country where we have a VPN gateway server. This gives you access to restricted content only available in those countries. An VPN also allows you to use services that may be blocked in your country. +# *Secure your Wi-Fi connection*: Any time you use a public Wi-Fi connection, everyone else using that access point can spy on your traffic. An VPN will prevent this. +# *Keep websites from logging your IP address*: Most all websites will log your IP address and some even retain this information for several years. Because your IP address is effectively an unique identifier that is connected to your real identity and your real location, there are many reasons why someone might not want every website they visit to have access to this personal information. + +h2. Special features of Bitmask VPN + +The Bitmask application provides an Encrypted Internet that has several advantages over traditional "Personal VPN": + +* Does not leak traffic: Bitmask VPN is much better than other VPNs at preventing any unencrypted traffic from leaking from your computer (for example, because of IPv6, DNS, "Fail Open" leaks). These guarentees are strong on the Desktop version, but weaker on the Android version (because of limitations in what the Android OS will let us do). +* No logging: Bitmask VPN servers are configure to not keep any logs either for the VPN or domain name resolution. A nefarious provider may manually modify this behavior. +* Semi-anonymous: Some Bitmask-compatible providers will allow anonymous VPN usage. + +h1. How Bitmask VPN works + +h2. Network security + +<table class="table table-striped"> +<tr> + <th style="width: 10em">Type of security</th> + <th>What is it?</th> +</tr> +<tr> + <td>Human Security</td> + <td>Human behavior that keeps you safe and out of harms way.</td> +</tr> +<tr> + <td>Device Security</td> + <td>The integrity of your computing devices to be free from hardware or software modifications that steal your information.</td> +</tr> +<tr> + <td>Message Security</td> + <td>The confidentiality of messages you send and receive, and the pattern of your associations.</td> +</tr> +<tr> + <td>Network Security</td> + <td>Protection of your internet traffic against behavioral tracking, account hijacking, censorship, eavesdropping, and advertising.</td> +</tr> +</table> + +Bitmask VPN only applies to *Network Security*. For example, it cannot improve your behavior, protect your device against viruses, or ensure your messages are end-to-end encrypted. + +h2. A normal internet connection + +!vpn-01_large.png! + +In a normal internet connection, all your traffic is routed from your computer through your ISP (Internet Service Provider) and out onto the internet and finally to its destinate. At every step of the way, your data is being recorded and is vulnerable to eavesdropping or man-in-the-middle attacks. + +h2. An internet connection with VPN + +!vpn-02_large.png! + +With an VPN, your traffic is encrypted on your computer, passes through your ISP and on to your VPN provider. Because the data is encrypted, your ISP has no knowledge of what is in your data that they relay on to your VPN provider. Once your data reaches the VPN provider, it is decrypted and forwarded on to its final destination. + +With the *Encrypted Internet Proxy*, if your data is not using a secure connections then it is still vulnerable from the point it leaves the VPN Gateway. However, by routing your data through the VPN provider, you have acheived two important advantages: + +* Your data is protected from blocking, tracking, or man-in-the-middle attacks conducted by your ISP or network operators in your local country. +* Your data now appears to use the IP address of the VPN provider, and not your real IP address. Most websites gather and retain extensive data base on this IP address, which has now been anonymized. + +h2. VPN anonymizes your connection + +!vpn-03_large.png! + +Because your traffic appears to originate from the VPN provider, the recipient of your network communication does not know where you actually reside (unless, of course, you tell them). Also, your traffic has been mixed together with the traffic of hundreds or even thousands of other people. + +In the case illustrated above, the website in California thinks that the laptop in Brazil, the laptop in Europe, and the giant cellphone floating over Canada are all coming from New York, because that is where the VPN provider is. + +h1. Limitations of VPN + +* *Powerful attackers*: Very large spy agencies from the US and UK, like the NSA and GCHQ, have the ability to monitor all traffic everywhere on the internet. With this capability, we know that they will identify VPN traffic and correlate where this traffic originated. Because of this, using a VPN might actually invite more scrutiny from the NSA or GCHQ than not using anything at all. + +* *Legality*: If you live in an non-democratic state, it may be illegal to use an VPN or personal VPN to access the internet that has not been approved by the government. + +* *Mobile network*: Using an VPN on your mobile device will secure your data connection, but the telephone company will still know your location by recording which towers your device communicates with. + +* *An insecure connection is still insecure*: Although Bitmask will anonymize your location and protect you from surveillance from your ISP, once your data is securely routed through through your provider it will go out on the internet as it normally would. This means you should still use SSL or TLS when available. + +* *VPN only applies to network security*: Using an VPN will not protect your communication if your computer is already compromised with software or hardware that is stealing your personal information. Also, if you give personal information to a website, there is little that an VPN can do to maintain your anonymity with that website or its partners. + +* *Browser fingerprints*: Every web browser effectively has a fingerprint that can uniquely identify your web traffic from everyone else. Although websites rely on cookies for tracking, a powerful network observer could use the uniqueness of your browser in order to de-anonymize your traffic. + +* *The internet might get slower*: the Bitmask VPN routes all your traffic through an encrypted connection to your provider of choice before it goes out onto the normal internet. This extra step can slow things down. To minimize the slowdown, try to choose a VPN gateway server close to where you actually live. + +* *Anonymous proxies*: There are some websites that block access from "Anonymous Proxies". For this reason, depending on which VPN gateway you are using, your traffic might be blocked.
\ No newline at end of file diff --git a/pages/features/limitations/vpn-01_large.png b/pages/features/vpn/vpn-01_large.png Binary files differindex 64bad2a..64bad2a 100644 --- a/pages/features/limitations/vpn-01_large.png +++ b/pages/features/vpn/vpn-01_large.png diff --git a/pages/features/limitations/vpn-02_large.png b/pages/features/vpn/vpn-02_large.png Binary files differindex a2d5355..a2d5355 100644 --- a/pages/features/limitations/vpn-02_large.png +++ b/pages/features/vpn/vpn-02_large.png diff --git a/pages/features/limitations/vpn-03_large.png b/pages/features/vpn/vpn-03_large.png Binary files differindex 6bfb62a..6bfb62a 100644 --- a/pages/features/limitations/vpn-03_large.png +++ b/pages/features/vpn/vpn-03_large.png diff --git a/pages/help/email/es.text b/pages/help/email/es.text new file mode 100644 index 0000000..cc1e3d0 --- /dev/null +++ b/pages/help/email/es.text @@ -0,0 +1,28 @@ +@title = "Mail Cifrado" +@nav_title = "Mail" + +h2. Configurando el Email. + +Para hacer funcionar el mail cifrado tienes dos opciones: + +1. [[Extensión Bitmask para Thunderbird => https://addons.mozilla.org/en-us/thunderbird/addon/bitmask/]] (recomendada) +2. Configuración Manual de tu cliente de correo. + +h3. Extensión Bitmask para Thunderbird + +# Instala la aplicación Bitmask y registra una cuenta. +# Instala la [[Extensión Bitmask para Thunderbird => https://addons.mozilla.org/en-us/thunderbird/addon/bitmask/]]. Dentro de Thunderbird, Accede al menú *Herramientas* > *Extensiones...* y luego busca por "Bitmask". +# Una vez que la extensión está instalada, puedes añadir una cuenta de mail desde Thunderbird mediante el menú *Preferencias* > *Configuración de Cuentas* y seleccionando *Bitmask Account...* en el menú desplegable de *Acciones*. + +h3. Manual email client configuration +h3. Configuración manual del cliente de correo. + +* IMAP -- @localhost:1984@ +** *username*: tu dirección completa del email que usas con Bitmask. +** *password*: ignóralo, puede ser cualquier frase. +** *SSL/TLS*: off +* SMTP -- @localhost:2013@ +** *authentication*: ninguna +** *SSL/TLS*: off + +*Deshabilita el caché*: Deberías deshabilitar cualquier tipo de caché en tu cliente de correo, si lo soporta. Toda la información almacenada por Bitmask se guarda en tu disco de forma cifrada, pero cualquier tipo de caché que tu cliente de correo almacene es probablemente menos seguro. Como todo el Mail de Bitmask es sincronizado de forma local no hay un beneficio real en el uso de caché.
\ No newline at end of file diff --git a/pages/help/es.haml b/pages/help/es.haml new file mode 100644 index 0000000..7f4d960 --- /dev/null +++ b/pages/help/es.haml @@ -0,0 +1,43 @@ +- @title = 'Ayuda de Bitmask' +- @nav_title = 'Ayuda' +- @this.toc = false + +%br + +.row + .col-xs-1.text-right + %h2 + %i.fa.fa-support + .col-xs-11.text-left + %h2 [[Soporte => help/support]] + %p Obtén soporte, envía un ticket de ayuda, reporta algún fallo o pide nuevas funcionalidades. + +%hr + +.row + .col-xs-1.text-right + %h2 + %i.fa.fa-flag-checkered + .col-xs-11.text-left + %h2 [[Comenzando => help/getting-started]] + %p Corriendo Bitmask por primera vez. + +%hr + +.row + .col-xs-1.text-right + %h2 + %i.fa.fa-shield + .col-xs-11.text-left + %h2 [[VPN => help/vpn]] + %p Cómo proteger tu navegación de la censura y la vigilancia usando Bitmask VPN. + +%hr + +.row + .col-xs-1.text-right + %h2 + %i.fa.fa-envelope + .col-xs-11.text-left + %h2 [[Encrypted Email => help/email]] + %p Cómo enviar y recibir fácilmente mensajes seguros con el Correo Cifrado de Bitmask. diff --git a/pages/help/faq/es.text b/pages/help/faq/es.text new file mode 100644 index 0000000..2ff3ed6 --- /dev/null +++ b/pages/help/faq/es.text @@ -0,0 +1,13 @@ +@title = 'Preguntas Frecuentes' +@nav_title = "FAQ" + +h1. Temas generales + +h2. ¿Cómo elimino un proveedor? + +Actualmente estamos trabajando en una forma sencilla de eliminar un proveedor. Por ahora, puedes hacerlo manualmente. Si el proveedor que deseas eliminar es example.org: + +* En Linux, ejecuta @rm -r ~/.config/leap/providers/example.org@ +* En Mac, ??? +* En Windows, ??? + diff --git a/pages/help/getting-started/es.text b/pages/help/getting-started/es.text new file mode 100644 index 0000000..49edaef --- /dev/null +++ b/pages/help/getting-started/es.text @@ -0,0 +1,73 @@ +@title = 'Comenzando' + +h1. Registra una nueva cuenta + +Para usar Bitmask necesitas una cuenta en un proveedor compatible. Puedes crear una desde el mismo Bitmask o visitando la web del proveedor. Por motivos de seguridad, recomendamos siempre crear la cuenta desde la aplicación Bitmask. + +h2. Android + +h4. Paso 1 -- Elige un proveedor. + +p((. Bitmask mostrará una lista de los proveedores disponibles la primera vez que lo ejecutes. + +p((. Para añadir un proveedor que no es parte de la lista, presiona el botón <button>⊕</button>. + +h4. Paso 2 -- Configuración del proveedor + +p((. Para entablar una conexión segura con el proveedor, Bitmask necesita descargar y validar sus credenciales de identificación. Esto es necesario para que Bitmask siempre esté seguro que se comunica con el proveedor correcto. + +h4. Paso 3 -- Registrar una nueva cuenta de usuario + +p((. Escribe los nombre de usuario y contraseña que deseas usar con Bitmask. El nombre de usuario debe estar compuesto solo por letras minúsculas o números. La contraseña debe tener al menos 8 caracteres y distingue entre mayúculas y minúsculas. + +p((. Como tu contraseña nunca se comunica con el proveedor, es imposible recuperar una contraseña perdida con Bitmask. Por favor, escríbela en un papel o almacénala en un administrador de contraseñas. + +h4. Paso 4 -- Activa la VPN + +p((. Activa la VPN de Bitmask presionando en el interruptor de Si/No. + +p((. Android preguntará si deseas que Bitmask cree una conexión VPN. Marca "Confío en esta aplicación" y luego acepta. + +p((. Una vez que el interruptor indica el estado Sí, estás usando Bitmask VPN. + +h2. Escritorio + +Cuando ejecutas Bitmask por primera vez se te presentará el *Asistente de Configuración*. Si anteriormente ya has abierto la aplicación, puedes invocar nuevamente al asistente accediendo al item del menú *Bitmask -> Crear nueva cuenta*. + +h4. Paso 1 -- Bienvenido + +p((. Elige *Sign up for a new account* si ya posees una cuenta o *Log in with my credentials* si ya posees un cuenta. Presiona el botón <button>Next</button> tras tu elección. + +h4. Paso 2 -- Elige un proveedor + +p((. Si el proveedor que deseas usar es conocido por Bitmask, puedes elegirlo mediante el menú desplegable.. + +p((. De lo contrario, selecciona *Configure new provider* y escribe su nombre de dominio del proveedor. + +p((. Presiona el botón <button>Check</button> para validar el proveedor. Bitmask intentará contactarse con éste para asegurarse que es compatible. + +p((. Si todas las pruebas pasan, entonces presiona el botón <button>Next</button>. Si algo sale mal, comunícate con el proveedor e indícale que algo anda mal. + +p((. La siguiente página te entregará más detalles del proveedor que elegiste. Si quieres continuar, presiona el botón <button>Next</button> nuevamente. + +h4. Paso 3 -- Configuración del proveedor + +p((. Para entablar una conexión segura con el proveedor, Bitmask necesita descargar y validar sus credenciales de identificación. Esto es necesario para que Bitmask siempre esté seguro que se comunica con el proveedor correcto. + +p((. Si todos los tests resultan exitosos, presiona <button>Next</button>. + +h4. Paso 4 -- Registra una nueva cuenta de usuario. + +p((. Escribe los nombre de usuario y contraseña que deseas usar con Bitmask. El nombre de usuario debe estar compuesto solo por letras minúsculas o números. La contraseña debe tener al menos 8 caracteres y distingue entre mayúculas y minúsculas. + +p((. Como tu contraseña nunca se comunica con el proveedor, es imposible recuperar una contraseña perdida con Bitmask. Por favor, escríbela en un papel o almacénala en un administrador de contraseñas. + +p((. Si todo sale bien, presiona <button>Next</button>. + +h4. Paso 5 - Selección de servicio + +p((. Elige los servicios que quieres activados para esta nueva cuenta. Puedes cambiar esta configuración más tarde. + +p((. Finalmente, presiona el <button>Connect</button>. + + diff --git a/pages/help/support/es.text b/pages/help/support/es.text new file mode 100644 index 0000000..243022c --- /dev/null +++ b/pages/help/support/es.text @@ -0,0 +1,26 @@ +@title = 'Obteniendo Soporte' +@nav_title = 'Soporte' +@toc = true + +El idioma en común entre todos quienes desarrollan Bitmask es Inglés. Si necesitas ayuda con el idioma contacta con tu proveedor de Bitmask. + +h2. ¿Encontraste un fallo en el programa? + +Puedes enviar un "reporte del fallo":https://leap.se/code/projects/report-issues/issues/new?issue[tracker_id]=2 en el Sistema de Seguimiento de Errores de LEAP. Primero, [[busca entre los reportes existentes => https://leap.se/code/search]] para ver si alguien ya lo envió. + + +h2. ¿Quieres pedir una nueva funcionalidad? + +Puedes "pedir una nueva funcionalidad":https://leap.se/code/projects/report-issues/issues/new?issue[tracker_id]=1 en el Sistema de Seguimiento de Errores de LEAP. Primero, [[busca entre las peticiones existentes => https://leap.se/code/search]] para ver si alguien ya lo hizo. + +h2. Buscar en los foros + +Pronto... + +h2. Obtén ayuda de tu proveedor + +Para preguntas directamente relacionadas con tus servicios, y no el software de Bitmask, necesitarás contactar a tu proveedor de servicios directamente. Aquí hay una lista de algunos de los proveedores que soportan Bitmask: + +* [[demo.bitmask.net -> https://demo.bitmask.net]] +* [[riseup.net -> https://black.riseup.net]] +* [[calyx.net -> https://calyx.net]] diff --git a/pages/help/vpn/android/es.text b/pages/help/vpn/android/es.text new file mode 100644 index 0000000..885115e --- /dev/null +++ b/pages/help/vpn/android/es.text @@ -0,0 +1,23 @@ +@title = 'VPN en Android' +@nav_title = 'Android' +@summary = 'Usando Bitmask VPN en Android' + +h2. Estados de conexión VPN + +El estado de la conexión VPN se muestra mediante un ícono de notificación: + +*(android-on) La VPN está *conectada*, todo el tráfico está saliendo de forma cifrada hacia el proveedor. +*(android-wait) La VPN está *esperando* conectar o reconectarse tras haber perdido acceso a la red. Puede que parte del tráfico pueda escapar sin cifrar durante este periodo. +*(android-off) La VPN está *desactivada*. El tráfico . + +h2. Ingresando + +Cuando ejecutas Bitmask por primera vez, necesitarás autentificarte con tu proveedor. Tras esto podrás usar la VPN sin necesidad ingresar los datos de tu cuenta. + +De vez en cuando, Bitmask puede necesitar que te identifiques nuevamente con el fin de actualizar las credenciales necesarias para la conexión VPN. El tiempo por defecto de esto es un mes, aunque es posible que tu proveedor haya configurado las cosas de forma diferente. + +h2. VPN Anónima + +Algunos proveedores soportan conexiones VPN de forma anónima. Cuando esta función esté activa, no necesitarás autentificarte con el proveedor para usar el servicio. Sin embargo, los proveedores suelen ofrecer un servicio más veloz a quienes sí lo hacen. + +Cuando ejecutas Bitmask en modo VPN Anónima es posible que se te impida el acceso a ciertos sitios. Esto es porque algunos sitios bloquean todas las conexiones desde proxies anónimos. diff --git a/pages/help/vpn/es.text b/pages/help/vpn/es.text new file mode 100644 index 0000000..371b496 --- /dev/null +++ b/pages/help/vpn/es.text @@ -0,0 +1,17 @@ +@nav_title = 'VPN' +@title = 'Bitmask VPN' +@this.toc = false + +h1. ¿Qué es Bitmask VPN? + +Al usar Bitmask VPN estás enviando todo tu tráfico de internet forma cifrada hacia le proveedor de tu elección. + +Al hacer esto Bitmask VPN te permite eludir la censura, anonimizar tu ubicación y bloquear varias formas de la vigilancia en la red. + +Para más información, revisa: + +* [[Beneficios de usar Internet Cifrada => benefits]] +* [[Limitaciones de la Internet Cifrada => limitations]] + +<%= child_summaries :include_toc => true, :heading => 1 %> + diff --git a/pages/help/vpn/linux/es.text b/pages/help/vpn/linux/es.text new file mode 100644 index 0000000..07ae385 --- /dev/null +++ b/pages/help/vpn/linux/es.text @@ -0,0 +1,50 @@ +@title = 'VPN on Linux' +@nav_title = 'Linux' +@summary = 'Using Bitmask VPN on Linux devices' + +h2. Estados de conexión VPN + +El estado de la conexión VPN se muestra en la bandeja del sistema: + +*(desktop-off) VPN está *apagada*. No se está cifrando el tráfico. +** Si la VPN estaba previamente activada, entonces todo el tráfico está bloqueado hasta que se reactive la conexión VPN. +** Presiona el botón <button>OFF</button> si deseas volver a usar la conexión regular sin protección. +*(desktop-wait) La VPN está *esperando* conectar o reconectar tras tras haber perdido acceso a la red. +** Todo el tráfico está bloqueado hasta que se vuelva conectar a la VPN. +** Presiona el botón <button>Cancel</button> si deseas volver a usar la conexión regular sin protección. +*(desktop-on) La VPN está *conectada*, todo el tráfico está saliendo de forma cifrada hacia el proveedor. + +h2. Ingresando + +Cuando ejecutas Bitmask por primera vez, necesitarás autentificarte con tu proveedor. Tras esto podrás usar la VPN sin necesidad ingresar los datos de tu cuenta. + +De vez en cuando, Bitmask puede necesitar que te identifiques nuevamente con el fin de actualizar las credenciales necesarias para la conexión VPN. El tiempo por defecto de esto es un mes, aunque es posible que tu proveedor haya configurado las cosas de forma diferente. + +h2. Resolviendo Problemas + +h3. DNS + +El Sistema de Nombres de Dominios (DNS) es lo que permite a tu computador encontrar la dirección real de un ordenador tras un nombre de dominio como "bitmask.net". Desafortunadamente, DNS tiene muchos problemas: + +# La mayoría de los DNS son muy inseguros, y un atacante puede fácilmente falsificar respuestas para enviarte a un servidor incorrecto. +# DNS no usa conexiones seguras, lo que significa que alguien husmeando tu tráfico puede crear un registro histórico de las páginas que visitas. +# La mayoría de los servidores DNS también un registro de los sitios que visitas. + +Por estos motivos, Bitmask obligará que todas las peticiones de DNS que tu computador realiza sean a través del servidor DNS del proveedor. + +Esto significa que no le será permitido a tu computador realizar peticiones de DNS a ningún otro servidor, incluso si eso es lo que deseas hacer. Por ejemplo, el comando @host bitmask.net 8.8.8.8@ será re-escrito para usar el servidor DNS de tu proveedor en vez de 8.8.8.8. + +Tampoco podrás correr un servidor DNS local que intente conectarse directamente a la zona DNS raíz. @bind9@ o @unbound@ están configurados de esta forma por defecto, y fallarán debido a que las peticiones enviadas serán re-escritas para usar el servidor DNS de tu proveedor. Sin embargo, Bitmask es compatible con @dnsmasq@. + +Si deseas deshabilitar este comportamiento para solucionar posibles errores, puedes ejecutar @sudo bitmask-root firewall stop@. Sin embargo, al hacer esto, parte de tu tráfico puede evadir la VPN y salir desde tu computadora sin cifrar. + +h3. En caso de emergencia, rompa el vidrio + +En alguna situación fortuita, es posible que tu computadora se mantenga en un modo que impida todo el tráfico de red. Prueba lo siguiente: + +* Ejecuta @sudo bitmask-root firewall stop@ para eliminar todas las reglas que el firewall de Bitmask levanta para impedir conexiones inseguras. +* Si todo esto falla, prueba desconectarte del proveedor o reiniciar tu computadora. + +Si encuentras algún fallo, por favor [[repórtalo => support]]. + + diff --git a/pages/home/_code.en.text b/pages/home/_code.en.text index abeea65..fca1312 100644 --- a/pages/home/_code.en.text +++ b/pages/home/_code.en.text @@ -2,11 +2,11 @@ In particular, if you have finely honed skill in Python, Android Java, Ruby, C, CouchDB, Windows, Mac, Puppet, Qt, or you really love crypto, we could sure use your help. -* [[Fork our code => https://leap.se/en/source]] -* Create a new branch from develop called feature/x or bugfix/x. -* Hack away. -* Issue a pull request on github from your feature or bugfix branch to the upstream develop branch. -* Discuss and wait for request to be merged. -* Repeat. +# [[Fork our code => https://leap.se/en/source]] +# Create a new branch from develop called feature/x or bugfix/x. +# Hack away. +# Issue a pull request on github from your feature or bugfix branch to the upstream develop branch. +# Discuss and wait for request to be merged. +# Repeat. Currently, we release a new version of the Bitmask application every three weeks, and other components as necessary. diff --git a/pages/home/_intro.en.text b/pages/home/_intro.en.text index 3a1ada5..16e07dc 100644 --- a/pages/home/_intro.en.text +++ b/pages/home/_intro.en.text @@ -1 +1 @@ -*Bitmask* is an open source application to provide easy and secure encrypted communication. You can choose among [[several different service providers => #providers]] or [[start your own => https://leap.se/en/doc/platform]]. Currently, Bitmask supports encrypted internet and encrypted email (with more services in the works).
\ No newline at end of file +*Bitmask* is an open source application to provide easy and secure encrypted communication. You can choose among [[several different service providers => #providers]] or [[start your own => https://leap.se/en/doc/platform]]. Currently, Bitmask supports encrypted internet (VPN) with encrypted email coming soon. diff --git a/pages/home/_text.haml b/pages/home/_text.haml index 6f59d01..a6338cd 100644 --- a/pages/home/_text.haml +++ b/pages/home/_text.haml @@ -1,35 +1,32 @@ -.row - .col-sm-12 - %p.big - = t :bitmask_app_blurb - -.row - .col-sm-6 - .heading - %span - %i.fa.fa-shield - = t :bitmask_vpn - %p.big - = t :bitmask_vpn_blurb - .col-sm-6 - .heading - %span - %i.fa.fa-envelope - = t :encrypted_email - %p.big - = t :encrypted_email_blurb - -.row - .col-sm-12 - .heading#providers - %span - %i.fa.fa-institution - = t :supported_providers - - %p.big - = t :supported_providers_text +.light + .container + .row + .col-sm-12 + %h1.b= t :services + %p.big + = t :bitmask_app_blurb + .col-lg-6 + .heading + %span + %i.fa.fa-shield + = t :bitmask_vpn + %p.big + = t :bitmask_vpn_blurb + .col-lg-6 + .heading + %span + %i.fa.fa-envelope + = t :encrypted_email + %p.big + = t :encrypted_email_blurb +.lighter + .container .row + .col-sm-12 + %h1.b#providers= t :supported_providers + %p.big + = t :supported_providers_text .col-lg-2.col-md-3.col-sm-3.col-xs-4 .thumbnail %img(src='/assets/providers/demo.bitmask.net.png') @@ -50,18 +47,16 @@ %img(src='/assets/providers/riseup.net.png') .b [[riseup.net => https://black.riseup.net]] +.light + .container + .row + .col-sm-12 + %h1.b= t :fork_our_code + = render 'home/code' -.row - .col-sm-6 - .heading - %span - %i.fa.fa-code-fork - = t :fork_our_code - = render 'home/code' - - .col-sm-6 - .heading - %span - %i.fa.fa-group - = t :about_us - = render 'home/about' +.lighter + .container + .row + .col-sm-12 + %h1.b= t :about_us + = render 'home/about' diff --git a/pages/install/android/en.haml b/pages/install/android/en.haml index d205ec5..0a959a5 100644 --- a/pages/install/android/en.haml +++ b/pages/install/android/en.haml @@ -30,10 +30,10 @@ You can search for "Bitmask" in the Google Play store or use this link: %p Alternately, you can download the Bitmask app directly from this website. You will need to enabled the option <b>Settings > Security > Unknown Sources</b> on your device for this method to work. .p.android - = render({:partial => 'common/download_button'}, {:link => '/client/android/Bitmask-Android-latest.apk', :text => 'Download for Android'}) + = render({:partial => 'common/download_button'}, {:link => 'https://dl.bitmask.net/client/android/Bitmask-Android-latest.apk', :text => 'Download for Android'}) .p.non-android - %a(href='/client/android/Bitmask-Android-latest.apk' alt='download') + %a(href='https://dl.bitmask.net/client/android/Bitmask-Android-latest.apk' alt='download') %img(src='/assets/qr/dl.bitmask.net-bitmask-android-latest.png') %h2 Download other versions diff --git a/pages/install/linux/en.md b/pages/install/linux/en.md index e123d65..313af63 100644 --- a/pages/install/linux/en.md +++ b/pages/install/linux/en.md @@ -42,14 +42,14 @@ If the result is: ### 32 bit kernel -<%= render({:partial => 'common/download_button'}, {:link => '/client/linux/Bitmask-linux32-latest.tar.bz2', :text => 'Download 32 bit'}) %> +<%= render({:partial => 'common/download_button'}, {:link => 'https://dl.bitmask.net/client/linux/Bitmask-linux32-latest.tar.bz2', :text => 'Download 32 bit'}) %> ### 64 bit kernel -<%= render({:partial => 'common/download_button'}, {:link => '/client/linux/Bitmask-linux64-latest.tar.bz2', :text => 'Download 64 bit'}) %> +<%= render({:partial => 'common/download_button'}, {:link => 'https://dl.bitmask.net/client/linux/Bitmask-linux64-latest.tar.bz2', :text => 'Download 64 bit'}) %> ### Other options -If you want to install an old or development version of Bitmask, you can [browse all releases.](/client/linux/) +If you want to install an old or development version of Bitmask, you can [browse all releases.](https://dl.bitmask.net/client/linux/) <%= render({:partial => 'common/email'}) %> diff --git a/pages/install/mac/en.md b/pages/install/mac/en.md index 4fd0f9c..495bf24 100644 --- a/pages/install/mac/en.md +++ b/pages/install/mac/en.md @@ -5,12 +5,12 @@ Bitmask requires Mountain Lion or newer. -<%= render({:partial => 'common/download_button'}, {:link => '/client/osx/Bitmask-OSX-latest.dmg', :text => 'Download for Mac OS'}) %> +<%= render({:partial => 'common/download_button'}, {:link => 'https://dl.bitmask.net/client/osx/Bitmask-OSX-latest.dmg', :text => 'Download for Mac OS'}) %> Once the file `Bitmask-OSX-latest.dmg` has been saved to your computer, mount the `.dmg` image and drag the `Bitmask` icon to your `Applications` folder. ## Download other versions -If you want to install an old or experimental version of Bitmask, you can [browse all releases.](/client/osx/) +If you want to install an old or experimental version of Bitmask, you can [browse all releases.](https://dl.bitmask.net/client/osx/) <%= render({:partial => 'common/email'}) %> diff --git a/pages/install/windows/en.haml b/pages/install/windows/en.haml index 860285c..bb2b2e4 100644 --- a/pages/install/windows/en.haml +++ b/pages/install/windows/en.haml @@ -10,10 +10,10 @@ %h2 Download latest version -= render({:partial => 'common/download_button'}, {:link => '/client/windows/Bitmask-win32-latest.zip', :text => 'Download for Windows'}) += render({:partial => 'common/download_button'}, {:link => 'https://dl.bitmask.net/client/windows/Bitmask-win32-latest.zip', :text => 'Download for Windows'}) %h2 Download other versions -%p If you want to install an old version of Bitmask, you can <a href="/client/windows/">browse all releases</a>. +%p If you want to install an old version of Bitmask, you can <a href="https://dl.bitmask.net/client/windows/">browse all releases</a>. = render({:partial => 'common/email'}) |
