dependencies {
compile fileTree(include: ['*.jar'], dir: 'libs')
- compile 'com.android.support:design:25.3.1'
+ compile 'com.android.support:design:25.4.0'
// Only compile `com.google.firebase:firebase-ads:9.8.0` for the free flavor.
- freeCompile 'com.google.firebase:firebase-ads:9.8.0'
+ freeCompile 'com.google.firebase:firebase-ads:11.2.2'
}
// Google's documentation says the following line is required for `firebase-ads` but things work correctly without it. I have no interest in applying the Google Mobile Services plugin in the standard flavor if I don't have to.
+++ /dev/null
-<!--
- Copyright © 2017 Soren Stoutner <soren@stoutner.com>.
-
- This file is part of Privacy Browser <https://www.stoutner.com/privacy-browser>.
-
- Privacy Browser is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- Privacy Browser is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with Privacy Browser. If not, see <http://www.gnu.org/licenses/>. -->
-
-<html>
- <head>
- <meta charset="UTF-8">
- <style>
- h3 {
- color: 0D4781;
- }
-
- img.title {
- vertical-align: bottom;
- height: 32;
- width: 32;
- }
-
- img.center {
- display: block;
- margin-left: auto;
- margin-right: auto;
- height: 640;
- width: 360;
- }
- </style>
- </head>
-
- <body>
- <h3><img class="title" src="../en/images/ic_vpn_lock_dark_blue.png"> Connect with Confidence</h3>
-
- <p>When visiting an encrypted URL (one that begins with HTTPS), the webserver uses an SSL certificate to both encrypt the information sent to the browser and to identify the server.
- The purpose of the server identification is to prevent a machine located between the browser and the webserver from pretending to be the server and decrypting the information in transit.
- This type of attack is known as a Man In The Middle (MITM) attack. SSL certificates are generated by certificate authorities: companies that verify a server’s identity and produce a certificate for a fee.
- Android has a list of trusted certificate authorities, and will accept any of their certificates for any website.
- It isn’t supposed to be possible for an organization to acquire an SSL certificate for a domain they do not control, but in practice many governments and large corporations have been able to do so.</p>
-
- <p>The purpose of SSL certificate pinning is to tell the browser that only one specific SSL certificate is to be trusted for a particular domain. Any other certificate, even if it is valid, will be rejected.</p>
-
- <p><img class="center" src="images/ssl_certificate_mismatch.png"></p>
-
- <p>SSL certificates expire on a specified date, so even pinned SSL certificates will legitimately need to be updated from time to time.
- As a general rule, pinning SSL certificates probably isn’t needed in the majority of cases.
- But for those who suspect that powerful organizations may be targeting them, SSL certificate pinning can detect and thwart a MITM attack.</p>
-
- <p><img class="center" src="images/pinned_ssl_certificate.png"></p>
-
- <p>SSL certificates can be pinned in Domain Settings.
- Besides protecting against MITM attacks, pinning a self-signed certificate for a device like a wireless router or access point will remove the error message that is normally presented every time its website is loaded.</p>
- </body>
-</html>
\ No newline at end of file
--- /dev/null
+<!--
+ Copyright © 2017 Soren Stoutner <soren@stoutner.com>.
+
+ This file is part of Privacy Browser <https://www.stoutner.com/privacy-browser>.
+
+ Privacy Browser is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ Privacy Browser is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with Privacy Browser. If not, see <http://www.gnu.org/licenses/>. -->
+
+<html>
+ <head>
+ <meta charset="UTF-8">
+ <style>
+ h3 {
+ color: 0D4781;
+ }
+
+ img.title {
+ vertical-align: bottom;
+ height: 32;
+ width: 32;
+ }
+
+ img.center {
+ display: block;
+ margin-left: auto;
+ margin-right: auto;
+ height: 640;
+ width: 360;
+ }
+ </style>
+ </head>
+
+ <body>
+ <h3><img class="title" src="../en/images/ic_vpn_lock_dark_blue.png"> Connect with Confidence</h3>
+
+ <p>When visiting an encrypted URL (one that begins with HTTPS), the webserver uses an SSL certificate to both encrypt the information sent to the browser and to identify the server.
+ The purpose of the server identification is to prevent a machine located between the browser and the webserver from pretending to be the server and decrypting the information in transit.
+ This type of attack is known as a Man In The Middle (MITM) attack. SSL certificates are generated by certificate authorities: companies that verify a server’s identity and produce a certificate for a fee.
+ Android has a list of trusted certificate authorities, and will accept any of their certificates for any website.
+ It isn’t supposed to be possible for an organization to acquire an SSL certificate for a domain they do not control, but in practice many governments and large corporations have been able to do so.</p>
+
+ <p>Pinning an SSL certificate tells the browser that only one specific SSL certificate is to be trusted for a particular domain. Any other certificate, even if it is valid, will be rejected.</p>
+
+ <p><img class="center" src="images/ssl_certificate_mismatch.png"></p>
+
+ <p>SSL certificates expire on a specified date, so even pinned SSL certificates will legitimately need to be updated from time to time.
+ As a general rule, pinning SSL certificates probably isn’t needed in the majority of cases.
+ But for those who suspect that powerful organizations may be targeting them, SSL certificate pinning can detect and thwart a MITM attack.</p>
+
+ <p><img class="center" src="images/pinned_ssl_certificate.png"></p>
+
+ <p>SSL certificates can be pinned in Domain Settings.
+ Besides protecting against MITM attacks, pinning a self-signed certificate for a device like a wireless router or access point will remove the error message that is normally presented every time its website is loaded.
+ To view the current website SSL certificate, tap on the favorite icon next to the URL bar.</p>
+ </body>
+</html>
\ No newline at end of file
</head>
<body>
+ <h3>2.6 (version code 26)</h3>
+ <p>14 September 2017 - minimum API 19, target API 25</p>
+ <ul>
+ <li>Add <a href="https://redmine.stoutner.com/issues/145">night mode rendering</a>.</li>
+ <li>Add support for <a href="https://redmine.stoutner.com/issues/52">HTTP authentication</a>.</li>
+ <li><a href="https://redmine.stoutner.com/issues/178">Color code the Common Name</a> in the view SSL certificate dialog.</li>
+ <li>Updated Italian translation provided by Francesco Buratti.</li>
+ <li>Updated Spanish translation provided by <a href="mailto:emails@joseleon.me">Jose A. León Becerra</a></li>
+ </ul>
+
<h3>2.5 (version code 25)</h3>
<p><a href="https://git.stoutner.com/?p=PrivacyBrowser.git;a=commitdiff;h=80ddcb075d03a4c78263d1ff80466f3df0967f6d">26 August 2017</a> - minimum API 19, target API 25</p>
<ul>
+++ /dev/null
-<!--
- Copyright © 2017 Soren Stoutner <soren@stoutner.com>.
-
- This file is part of Privacy Browser <https://www.stoutner.com/privacy-browser>.
-
- Privacy Browser is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- Privacy Browser is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with Privacy Browser. If not, see <http://www.gnu.org/licenses/>. -->
-
-<html>
- <head>
- <meta charset="UTF-8">
- <style>
- h3 {
- color: 0D4781;
- }
-
- img.title {
- vertical-align: bottom;
- height: 32;
- width: 32;
- }
-
- img.center {
- display: block;
- margin-left: auto;
- margin-right: auto;
- height: 640;
- width: 360;
- }
- </style>
- </head>
-
- <body>
- <h3><img class="title" src="images/ic_vpn_lock_dark_blue.png"> Connect with Confidence</h3>
-
- <p>When visiting an encrypted URL (one that begins with HTTPS), the webserver uses an SSL certificate to both encrypt the information sent to the browser and to identify the server.
- The purpose of the server identification is to prevent a machine located between the browser and the webserver from pretending to be the server and decrypting the information in transit.
- This type of attack is known as a Man In The Middle (MITM) attack. SSL certificates are generated by certificate authorities: companies that verify a server’s identity and produce a certificate for a fee.
- Android has a list of trusted certificate authorities, and will accept any of their certificates for any website.
- It isn’t supposed to be possible for an organization to acquire an SSL certificate for a domain they do not control, but in practice many governments and large corporations have been able to do so.</p>
-
- <p>The purpose of SSL certificate pinning is to tell the browser that only one specific SSL certificate is to be trusted for a particular domain. Any other certificate, even if it is valid, will be rejected.</p>
-
- <p><img class="center" src="images/ssl_certificate_mismatch.png"></p>
-
- <p>SSL certificates expire on a specified date, so even pinned SSL certificates will legitimately need to be updated from time to time.
- As a general rule, pinning SSL certificates probably isn’t needed in the majority of cases.
- But for those who suspect that powerful organizations may be targeting them, SSL certificate pinning can detect and thwart a MITM attack.</p>
-
- <p><img class="center" src="images/pinned_ssl_certificate.png"></p>
-
- <p>SSL certificates can be pinned in Domain Settings.
- Besides protecting against MITM attacks, pinning a self-signed certificate for a device like a wireless router or access point will remove the error message that is normally presented every time its website is loaded.</p>
- </body>
-</html>
\ No newline at end of file
--- /dev/null
+<!--
+ Copyright © 2017 Soren Stoutner <soren@stoutner.com>.
+
+ This file is part of Privacy Browser <https://www.stoutner.com/privacy-browser>.
+
+ Privacy Browser is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ Privacy Browser is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with Privacy Browser. If not, see <http://www.gnu.org/licenses/>. -->
+
+<html>
+ <head>
+ <meta charset="UTF-8">
+ <style>
+ h3 {
+ color: 0D4781;
+ }
+
+ img.title {
+ vertical-align: bottom;
+ height: 32;
+ width: 32;
+ }
+
+ img.center {
+ display: block;
+ margin-left: auto;
+ margin-right: auto;
+ height: 640;
+ width: 360;
+ }
+ </style>
+ </head>
+
+ <body>
+ <h3><img class="title" src="images/ic_vpn_lock_dark_blue.png"> Connect with Confidence</h3>
+
+ <p>When visiting an encrypted URL (one that begins with HTTPS), the webserver uses an SSL certificate to both encrypt the information sent to the browser and to identify the server.
+ The purpose of the server identification is to prevent a machine located between the browser and the webserver from pretending to be the server and decrypting the information in transit.
+ This type of attack is known as a Man In The Middle (MITM) attack. SSL certificates are generated by certificate authorities: companies that verify a server’s identity and produce a certificate for a fee.
+ Android has a list of trusted certificate authorities, and will accept any of their certificates for any website.
+ It isn’t supposed to be possible for an organization to acquire an SSL certificate for a domain they do not control, but in practice many governments and large corporations have been able to do so.</p>
+
+ <p>Pinning an SSL certificate tells the browser that only one specific SSL certificate is to be trusted for a particular domain. Any other certificate, even if it is valid, will be rejected.</p>
+
+ <p><img class="center" src="images/ssl_certificate_mismatch.png"></p>
+
+ <p>SSL certificates expire on a specified date, so even pinned SSL certificates will legitimately need to be updated from time to time.
+ As a general rule, pinning SSL certificates probably isn’t needed in the majority of cases.
+ But for those who suspect that powerful organizations may be targeting them, SSL certificate pinning can detect and thwart a MITM attack.</p>
+
+ <p><img class="center" src="images/pinned_ssl_certificate.png"></p>
+
+ <p>SSL certificates can be pinned in Domain Settings.
+ Besides protecting against MITM attacks, pinning a self-signed certificate for a device like a wireless router or access point will remove the error message that is normally presented every time its website is loaded.
+ To view the current website SSL certificate, tap on the favorite icon next to the URL bar.</p>
+ </body>
+</html>
\ No newline at end of file
+++ /dev/null
-<!--
- Copyright © 2017 Soren Stoutner <soren@stoutner.com>.
-
- This file is part of Privacy Browser <https://www.stoutner.com/privacy-browser>.
-
- Privacy Browser is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- Privacy Browser is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with Privacy Browser. If not, see <http://www.gnu.org/licenses/>. -->
-
-<html>
- <head>
- <meta charset="UTF-8">
- <style>
- h3 {
- color: 0D4781;
- }
-
- img.title {
- vertical-align: bottom;
- height: 32;
- width: 32;
- }
-
- img.center {
- display: block;
- margin-left: auto;
- margin-right: auto;
- height: 640;
- width: 360;
- }
- </style>
- </head>
-
- <body>
- <h3><img class="title" src="../en/images/ic_vpn_lock_dark_blue.png"> Conectar con confianza</h3>
-
- <p>Al visitar una URL cifrada (que empieza con HTTPS), el servidor web usa un certificado SSL para cifrar tanto la información enviada al navegador como asimismo para identificar al servidor.
- El propósito de la identificación del servidor es para prevenir que una máquina ubicada entre el navegador y el servidor web pretenda ser el servidor y descifrar la información en tránsito.
- Este clase de ataque es conocido como Hombre en Medio (MITM en sus iniciales en inglés).
- Los certificados SSL son generados por las autoridades certificadoras: compañías que verifican la identidad de un servidor y producen un certificado a cambio de una tarifa.
- Android tiene una lista de autoridades certificadoras de confianza y aceptará cualquiera de sus certificados para cualquier página web.
- Se supone que no es posible que una organización adquiera un certificado SSL para un dominio que no controla, pero en la práctica muchos gobiernos y grandes corporaciones han sido capaces de hacerlo.</p>
-
- <p>El propósito de la fijación de certificado SSL es para decir al navegador que sólo un certificado SSL específico es confiable para un dominio particular.
- Cualquier otro certificado, aunque sea válido, será rechazado.</p>
-
- <p><img class="center" src="images/ssl_certificate_mismatch.png"></p>
-
- <p>Los certificados SSL expiran en una fecha especificada, por lo que incluso los certificados SSL fijados necesitarán legítimamente ser actualizados de vez en cuando.
- Como regla general, fijar los certificados SSL probablemente no sea necesario en la mayoría de los casos.
- Pero para aquellos que sospechan que organizaciones poderosas puedan estar aputando hacia ellos, la fijación de certificados SSL puede detectar y frustar un ataque MITM.</p>
-
- <p><img class="center" src="images/pinned_ssl_certificate.png"></p>
-
- <p>Los certificados SSL pueden ser fijados en Configuración de Dominios.
- Además de proteger contra ataques MITM, fijar un certificado autofirmado para un dispositivo como un router inalámbrico o punto de acceso eliminará el mensaje de error que se presenta normalmente cada vez que se carga su página web.</p>
- </body>
-</html>
\ No newline at end of file
--- /dev/null
+<!--
+ Copyright © 2017 Soren Stoutner <soren@stoutner.com>.
+
+ This file is part of Privacy Browser <https://www.stoutner.com/privacy-browser>.
+
+ Privacy Browser is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ Privacy Browser is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with Privacy Browser. If not, see <http://www.gnu.org/licenses/>. -->
+
+<html>
+ <head>
+ <meta charset="UTF-8">
+ <style>
+ h3 {
+ color: 0D4781;
+ }
+
+ img.title {
+ vertical-align: bottom;
+ height: 32;
+ width: 32;
+ }
+
+ img.center {
+ display: block;
+ margin-left: auto;
+ margin-right: auto;
+ height: 640;
+ width: 360;
+ }
+ </style>
+ </head>
+
+ <body>
+ <h3><img class="title" src="../en/images/ic_vpn_lock_dark_blue.png"> Conectar con confianza</h3>
+
+ <p>Al visitar una URL cifrada (que empieza con HTTPS), el servidor web usa un certificado SSL para cifrar tanto la información enviada al navegador como asimismo para identificar al servidor.
+ El propósito de la identificación del servidor es para prevenir que una máquina ubicada entre el navegador y el servidor web pretenda ser el servidor y descifrar la información en tránsito.
+ Este clase de ataque es conocido como Hombre en Medio (MITM en sus iniciales en inglés).
+ Los certificados SSL son generados por las autoridades certificadoras: compañías que verifican la identidad de un servidor y producen un certificado a cambio de una tarifa.
+ Android tiene una lista de autoridades certificadoras de confianza y aceptará cualquiera de sus certificados para cualquier página web.
+ Se supone que no es posible que una organización adquiera un certificado SSL para un dominio que no controla, pero en la práctica muchos gobiernos y grandes corporaciones han sido capaces de hacerlo.</p>
+
+ <p>El propósito de la fijación de certificado SSL es para decir al navegador que sólo un certificado SSL específico es confiable para un dominio particular.
+ Cualquier otro certificado, aunque sea válido, será rechazado.</p>
+
+ <p><img class="center" src="images/ssl_certificate_mismatch.png"></p>
+
+ <p>Los certificados SSL expiran en una fecha especificada, por lo que incluso los certificados SSL fijados necesitarán legítimamente ser actualizados de vez en cuando.
+ Como regla general, fijar los certificados SSL probablemente no sea necesario en la mayoría de los casos.
+ Pero para aquellos que sospechan que organizaciones poderosas puedan estar aputando hacia ellos, la fijación de certificados SSL puede detectar y frustar un ataque MITM.</p>
+
+ <p><img class="center" src="images/pinned_ssl_certificate.png"></p>
+
+ <p>Los certificados SSL pueden ser fijados en Configuración de Dominios.
+ Además de proteger contra ataques MITM, fijar un certificado autofirmado para un dispositivo como un router inalámbrico o punto de acceso eliminará el mensaje de error que se presenta normalmente cada vez que se carga su página web.</p>
+ </body>
+</html>
\ No newline at end of file
+++ /dev/null
-<!--
- Copyright © 2017 Soren Stoutner <soren@stoutner.com>.
-
- This file is part of Privacy Browser <https://www.stoutner.com/privacy-browser>.
-
- Privacy Browser is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- Privacy Browser is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with Privacy Browser. If not, see <http://www.gnu.org/licenses/>. -->
-
-<html>
- <head>
- <meta charset="UTF-8">
- <style>
- h3 {
- color: 0D4781;
- }
-
- img.title {
- vertical-align: bottom;
- height: 32;
- width: 32;
- }
-
- img.center {
- display: block;
- margin-left: auto;
- margin-right: auto;
- height: 640;
- width: 360;
- }
- </style>
- </head>
-
- <body>
- <h3><img class="title" src="../en/images/ic_vpn_lock_dark_blue.png"> Connettiti in sicurezza</h3>
-
- <p>Quando si accede ad una URL criptata (quelle che iniziano con HTTPS), il server web utilizza un certificato SSL con lo scopo di criptare le informazioni inviate al browser e di identificare il server stesso.
- Lo scopo di questa identificazione è quello di impedire che una macchina situata tra il browser e il server web tenti di decriptare le informazioni in transito.
- Questo tipo di attacco è conosciuto come attacco “Man In The Middle (MITM)”.
- I certificati SSL sono generati dalle autorità di certificazione: sono aziende che verificano l'identità dei server e producono il certificato (a pagamento).
- Android ha una lista di autorità di certificazione fidate, e pertanto accetterà qualsiasi loro certificato fornito dai siti web.
- Non dovrebbe essere possibile che una organizzazione qualsiasi possa acquisire un certificato SSL per un dominio che non sia sotto il proprio controllo, ma in pratica alcuni governi e grosse multinazionali sono in grado di farlo.</p>
-
- <p>Lo scopo di appuntare un certificato SSL è quello di dire al browser che solo un determinato certificato SSL è fidato per un particolare dominio. Qualsiasi altro certificato, per quanto valido, sarà rifiutato.</p>
-
- <p><img class="center" src="images/ssl_certificate_mismatch.png"></p>
-
- <p>I certificati SSL scadono in corrispondenza di una data specifica, così anche i certificati che sono stati appuntati dovranno essere aggiornati regolarmente.
- Come regola generale, nella maggioranza dei casi, appuntare un certificato SSL non dovrebbe essere necessario.
- Per coloro che sospettano però di essere sorvegliati da qualche organizzazione, appuntare il certificato SSL può permettere di scoprire e sventare un attacco "MITM".</p>
-
- <p><img class="center" src="images/pinned_ssl_certificate.png"></p>
-
- <p>I certificati SSL possono essere appuntati nelle impostazioni dei domini.
- Oltre a proteggere dagli attacchi “MITM”, appuntare un certificato auto-firmato per un dispositivo come un router wireless o un access point eliminerà il messaggio di errore che si presenta ogni volta che viene caricato un sito web.</p>
- </body>
-</html>
\ No newline at end of file
--- /dev/null
+<!--
+ Copyright © 2017 Soren Stoutner <soren@stoutner.com>.
+
+ This file is part of Privacy Browser <https://www.stoutner.com/privacy-browser>.
+
+ Privacy Browser is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ Privacy Browser is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with Privacy Browser. If not, see <http://www.gnu.org/licenses/>. -->
+
+<html>
+ <head>
+ <meta charset="UTF-8">
+ <style>
+ h3 {
+ color: 0D4781;
+ }
+
+ img.title {
+ vertical-align: bottom;
+ height: 32;
+ width: 32;
+ }
+
+ img.center {
+ display: block;
+ margin-left: auto;
+ margin-right: auto;
+ height: 640;
+ width: 360;
+ }
+ </style>
+ </head>
+
+ <body>
+ <h3><img class="title" src="../en/images/ic_vpn_lock_dark_blue.png"> Connettiti in sicurezza</h3>
+
+ <p>Quando si accede ad una URL criptata (quelle che iniziano con HTTPS), il server web utilizza un certificato SSL con lo scopo di criptare le informazioni inviate al browser e di identificare il server stesso.
+ Lo scopo di questa identificazione è quello di impedire che una macchina situata tra il browser e il server web tenti di decriptare le informazioni in transito.
+ Questo tipo di attacco è conosciuto come attacco “Man In The Middle (MITM)”.
+ I certificati SSL sono generati dalle autorità di certificazione: sono aziende che verificano l'identità dei server e producono il certificato (a pagamento).
+ Android ha una lista di autorità di certificazione fidate, e pertanto accetterà qualsiasi loro certificato fornito dai siti web.
+ Non dovrebbe essere possibile che una organizzazione qualsiasi possa acquisire un certificato SSL per un dominio che non sia sotto il proprio controllo, ma in pratica alcuni governi e grosse multinazionali sono in grado di farlo.</p>
+
+ <p>Lo scopo di appuntare un certificato SSL è quello di dire al browser che solo un determinato certificato SSL è fidato per un particolare dominio. Qualsiasi altro certificato, per quanto valido, sarà rifiutato.</p>
+
+ <p><img class="center" src="images/ssl_certificate_mismatch.png"></p>
+
+ <p>I certificati SSL scadono in corrispondenza di una data specifica, così anche i certificati che sono stati appuntati dovranno essere aggiornati regolarmente.
+ Come regola generale, nella maggioranza dei casi, appuntare un certificato SSL non dovrebbe essere necessario.
+ Per coloro che sospettano però di essere sorvegliati da qualche organizzazione, appuntare il certificato SSL può permettere di scoprire e sventare un attacco "MITM".</p>
+
+ <p><img class="center" src="images/pinned_ssl_certificate.png"></p>
+
+ <p>I certificati SSL possono essere appuntati nelle impostazioni dei domini.
+ Oltre a proteggere dagli attacchi “MITM”, appuntare un certificato auto-firmato per un dispositivo come un router wireless o un access point eliminerà il messaggio di errore che si presenta ogni volta che viene caricato un sito web.</p>
+ </body>
+</html>
\ No newline at end of file
return getString(R.string.domain_settings);
case 5:
- return getString(R.string.ssl_certificate_pinning);
+ return getString(R.string.ssl_certificates);
case 6:
return getString(R.string.tor);
break;
case 5:
- tabWebView.loadUrl("file:///android_asset/" + getString(R.string.android_asset_path) + "/guide_ssl_certificate_pinning.html");
+ tabWebView.loadUrl("file:///android_asset/" + getString(R.string.android_asset_path) + "/guide_ssl_certificates.html");
break;
case 6:
<string name="privacy_browser_guide">Guía de Navegador Privado</string>
<string name="overview">Visión general</string>
<string name="local_storage">Almacenamiento local</string>
- <string name="ssl_certificate_pinning">Fijación de certificados SSL</string>
+ <string name="ssl_certificates">Certificados SSL</string>
<string name="tracking_ids">Rastreo de IDs</string>
<!-- Preferences. -->
<string name="privacy_browser_guide">Guida di Privacy Browser</string>
<string name="overview">Descrizione</string>
<string name="local_storage">Archiviazione Locale</string>
- <string name="ssl_certificate_pinning">Appuntare il certificato SSL</string>
+ <string name="ssl_certificates">Certificatos SSL</string>
<string name="tracking_ids">Tracciamento utenti</string>
<!-- Preferences. -->
<string name="privacy_browser_guide">Privacy Browser Guide</string>
<string name="overview">Overview</string>
<string name="local_storage">Local Storage</string>
- <string name="ssl_certificate_pinning">SSL Certificate Pinning</string>
+ <string name="ssl_certificates">SSL Certificates</string>
<string name="tracking_ids">Tracking IDs</string>
<!-- Preferences. -->
allprojects {
repositories {
jcenter()
+ maven {
+ url "https://maven.google.com"
+ }
}
}
projects / PrivacyBrowserAndroid.git / commitdiff