diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index ff87ce093e..abb2fa5a8b 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -1 +1 @@
-@evilaliv3
+* @globaleaks/maintainers
diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml
new file mode 100644
index 0000000000..7caa142eb0
--- /dev/null
+++ b/.github/dependabot.yaml
@@ -0,0 +1,39 @@
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    open-pull-requests-limit: 0
+    schedule:
+      interval: daily
+
+  - package-ecosystem: pip
+    directory: /backend
+    open-pull-requests-limit: 0
+    schedule:
+      interval: daily
+
+  - package-ecosystem: pip
+    directory: backend/requirements
+    schedule:
+      interval: "monthly"
+    labels: [ ]
+    ignore:
+      - dependency-name: "*"
+
+  - package-ecosystem: npm
+    directory: /client
+    open-pull-requests-limit: 0
+    schedule:
+      interval: daily
+
+  - package-ecosystem: docker
+    directory: /docker
+    open-pull-requests-limit: 0
+    schedule:
+      interval: daily
+
+  - package-ecosystem: pip
+    directory: /documentation
+    open-pull-requests-limit: 0
+    schedule:
+      interval: daily
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index d3c1bedde9..dd919b228c 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -2,14 +2,17 @@ name: Build
 
 on: [ push, pull_request ]
 
+# Declare default permissions as read only.
+permissions: read-all
+
 jobs:
   run_build:
     runs-on: "ubuntu-latest"
     steps:
       - name: Check out repository code
-        uses: actions/checkout@v4
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with:
-          fetch-depth: 0
+          fetch-depth: 1
 
       - name: Install git
         run: |
diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml
new file mode 100644
index 0000000000..d1e30a3134
--- /dev/null
+++ b/.github/workflows/codacy.yml
@@ -0,0 +1,61 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# This workflow checks out code, performs a Codacy security scan
+# and integrates the results with the
+# GitHub Advanced Security code scanning feature.  For more information on
+# the Codacy security scan action usage and parameters, see
+# https://github.com/codacy/codacy-analysis-cli-action.
+# For more information on Codacy Analysis CLI in general, see
+# https://github.com/codacy/codacy-analysis-cli.
+
+name: Codacy Security Scan
+
+on:
+  push:
+    branches: [ "stable", "devel" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "stable" ]
+  schedule:
+    - cron: '33 6 * * 2'
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+  codacy-security-scan:
+    permissions:
+      contents: read # for actions/checkout to fetch code
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+    name: Codacy Security Scan
+    runs-on: ubuntu-latest
+    steps:
+      # Checkout the repository to the GitHub Actions runner
+      - name: Checkout code
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+
+      # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis
+      - name: Run Codacy Analysis CLI
+        uses: codacy/codacy-analysis-cli-action@d840f886c4bd4edc059706d09c6a1586111c540b
+        with:
+          # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository
+          # You can also omit the token and run the tools that support default configurations
+          project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
+          verbose: true
+          output: results.sarif
+          format: sarif
+          # Adjust severity of non-security issues
+          gh-code-scanning-compat: true
+          # Force 0 exit code to allow SARIF file generation
+          # This will handover control about PR rejection to the GitHub side
+          max-allowed-issues: 2147483647
+
+      # Upload the SARIF file generated in the previous step
+      - name: Upload SARIF results file
+        uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13
+        with:
+          sarif_file: results.sarif
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
new file mode 100644
index 0000000000..f87568ee77
--- /dev/null
+++ b/.github/workflows/codeql.yml
@@ -0,0 +1,86 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "stable"]
+  pull_request:
+    branches: [ "stable", "devel"]
+  schedule:
+    - cron: '15 14 * * 6'
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+  analyze:
+    name: Analyze (${{ matrix.language }})
+    # Runner size impacts CodeQL analysis time. To learn more, please see:
+    #   - https://gh.io/recommended-hardware-resources-for-running-codeql
+    #   - https://gh.io/supported-runners-and-hardware-resources
+    #   - https://gh.io/using-larger-runners (GitHub.com only)
+    # Consider using larger runners or machines with greater resources for possible analysis time improvements.
+    runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
+    permissions:
+      # required for all workflows
+      security-events: write
+
+      # required to fetch internal or private CodeQL packs
+      packages: read
+
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+        - language: javascript-typescript
+          build-mode: none
+        - language: python
+          build-mode: none
+        # CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift'
+        # Use `c-cpp` to analyze code written in C, C++ or both
+        # Use 'java-kotlin' to analyze code written in Java, Kotlin or both
+        # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
+        # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis,
+        # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
+        # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how
+        # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13
+      with:
+        languages: ${{ matrix.language }}
+        build-mode: ${{ matrix.build-mode }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+
+        # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        # queries: security-extended,security-and-quality
+
+    # If the analyze step fails for one of the languages you are analyzing with
+    # "We were unable to automatically build your code", modify the matrix above
+    # to set the build mode to "manual" for that language. Then modify this step
+    # to build your code.
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+    - if: matrix.build-mode == 'manual'
+      shell: bash
+      run: |
+        echo 'If you are using a "manual" build mode for one or more of the' \
+          'languages you are analyzing, replace this with the commands to build' \
+          'your code, for example:'
+        echo '  make bootstrap'
+        echo '  make release'
+        exit 1
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13
+      with:
+        category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
new file mode 100644
index 0000000000..333b3977d8
--- /dev/null
+++ b/.github/workflows/scorecard.yml
@@ -0,0 +1,73 @@
+# This workflow uses actions that are not certified by GitHub. They are provided
+# by a third-party and are governed by separate terms of service, privacy
+# policy, and support documentation.
+
+name: Scorecard supply-chain security
+on:
+  # For Branch-Protection check. Only the default branch is supported. See
+  # https://github.com/ossf/scorecard/blob/stable/docs/checks.md#branch-protection
+  branch_protection_rule:
+  # To guarantee Maintained check is occasionally updated. See
+  # https://github.com/ossf/scorecard/blob/stable/docs/checks.md#maintained
+  schedule:
+    - cron: '33 21 * * 4'
+  push:
+    branches: [ "stable" ]
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecard analysis
+    runs-on: ubuntu-latest
+    permissions:
+      # Needed to upload the results to code-scanning dashboard.
+      security-events: write
+      # Needed to publish results and get a badge (see publish_results below).
+      id-token: write
+      # Uncomment the permissions below if installing in a private repository.
+      # contents: read
+      # actions: read
+
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          persist-credentials: false
+
+      - name: "Run analysis"
+        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          # (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
+          # - you want to enable the Branch-Protection check on a *public* repository, or
+          # - you are installing Scorecard on a *private* repository
+          # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action?tab=readme-ov-file#authentication-with-fine-grained-pat-optional.
+          # repo_token: ${{ secrets.SCORECARD_TOKEN }}
+
+          # Public repositories:
+          #   - Publish results to OpenSSF REST API for easy access by consumers
+          #   - Allows the repository to include the Scorecard badge.
+          #   - See https://github.com/ossf/scorecard-action#publishing-results.
+          # For private repositories:
+          #   - `publish_results` will always be set to `false`, regardless
+          #     of the value entered here.
+          publish_results: true
+
+      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
+      # format to the repository Actions tab.
+      - name: "Upload artifact"
+        uses: actions/upload-artifact@97a0fba1372883ab732affbe8f94b823f91727db # v3.pre.node20
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 5
+
+      # Upload the results to GitHub's code scanning dashboard (optional).
+      # Commenting out will disable upload of results to your repo's Code Scanning dashboard
+      - name: "Upload to code-scanning"
+        uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13
+        with:
+          sarif_file: results.sarif
diff --git a/.github/workflows/scripts/build_and_install.sh b/.github/workflows/scripts/build_and_install.sh
index 34385c00cf..c7f9562908 100755
--- a/.github/workflows/scripts/build_and_install.sh
+++ b/.github/workflows/scripts/build_and_install.sh
@@ -4,7 +4,7 @@ set -e
 echo "Running Build & Install"
 distro="$(lsb_release -cs)"
 
-cd /build/GlobaLeaks
+cd /build/globaleaks-whistleblowing-software
 
 sudo apt-get -y update
 
diff --git a/.github/workflows/scripts/run-build.sh b/.github/workflows/scripts/run-build.sh
index df987fcb49..1327e47cb3 100755
--- a/.github/workflows/scripts/run-build.sh
+++ b/.github/workflows/scripts/run-build.sh
@@ -2,21 +2,6 @@
 
 set -e
 
-LOGFILE="/var/globaleaks/log/globaleaks.log"
-ACCESSLOG="/var/globaleaks/log/access.log"
-
-function atexit {
-  if [[ -f $LOGFILE ]]; then
-    cat $LOGFILE
-  fi
-
-  if [[ -f $ACCESSLOG ]]; then
-    cat $ACCESSLOG
-  fi
-}
-
-trap atexit EXIT
-
 sudo apt-get install -y debootstrap
 
 export chroot="/tmp/globaleaks_chroot/"
@@ -38,4 +23,4 @@ sudo -E chroot "$chroot" locale-gen
 sudo -E chroot "$chroot" useradd -m builduser
 sudo -E su -c 'echo "builduser ALL=NOPASSWD: ALL" >> "$chroot"/etc/sudoers'
 sudo -E chroot "$chroot" chown builduser -R /build
-sudo -E chroot "$chroot" su - builduser /bin/bash -c '/build/GlobaLeaks/.github/workflows/scripts/build_and_install.sh'
+sudo -E chroot "$chroot" su - builduser /bin/bash -c '/build/globaleaks-whistleblowing-software/.github/workflows/scripts/build_and_install.sh'
diff --git a/.github/workflows/scripts/run-tests.sh b/.github/workflows/scripts/run-tests.sh
index 37759f211b..25617e6e4a 100755
--- a/.github/workflows/scripts/run-tests.sh
+++ b/.github/workflows/scripts/run-tests.sh
@@ -2,21 +2,6 @@
 
 set -e
 
-LOGFILE="$GITHUB_WORKSPACE/backend/workingdir/log/globaleaks.log"
-ACCESSLOG="$GITHUB_WORKSPACE/backend/workingdir/log/access.log"
-
-function atexit {
-  if [[ -f $LOGFILE ]]; then
-    cat $LOGFILE
-  fi
-
-  if [[ -f $ACCESSLOG ]]; then
-    cat $ACCESSLOG
-  fi
-}
-
-trap atexit EXIT
-
 setupClient() {
   cd  $GITHUB_WORKSPACE/client  # to install frontend dependencies
   npm install -d
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 06adcb260c..499cfb257b 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -2,6 +2,9 @@ name: Test
 
 on: [ push, pull_request ]
 
+# Declare default permissions as read only.
+permissions: read-all
+
 env:
   CODACY_PROJECT_TOKEN: ${{ secrets.CODACY_PROJECT_TOKEN }}
 
@@ -10,9 +13,9 @@ jobs:
     runs-on: "ubuntu-latest"
     steps:
       - name: Check out repository code
-        uses: actions/checkout@v4
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with:
-          fetch-depth: 0
+          fetch-depth: 1
 
       - name: Install git
         run: |
diff --git a/.gitignore b/.gitignore
index 49ff745e1e..d39dfbc181 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,4 @@ backend/env/
 backend/workingdir/
 client/build
 client/node_modules/
+documentation/_build
diff --git a/.readthedocs.yml b/.readthedocs.yaml
similarity index 86%
rename from .readthedocs.yml
rename to .readthedocs.yaml
index 2b19abc1d5..d9be484d81 100644
--- a/.readthedocs.yml
+++ b/.readthedocs.yaml
@@ -2,9 +2,9 @@
 # See https://docs.readthedocs.io/en/stable/config-file/v2.html for details
 
 build:
-  os: ubuntu-22.04
+  os: ubuntu-lts-latest
   tools:
-    python: "3.12"
+    python: latest
 
 sphinx:
   configuration: documentation/conf.py
diff --git a/AUTHORS b/AUTHORS
index 99bb042984..9d1272a8a4 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -1,6 +1,6 @@
 Copyright: 2011-2024 - GlobaLeaks
 
-License: https://github.com/globaleaks/GlobaLeaks/blob/main/LICENSE
+License: https://github.com/globaleaks/globaleaks-whistleblowing-software/blob/stable/LICENSE
 
 Original authors:
     Arturo Filastò
@@ -11,6 +11,6 @@ Original authors:
 
 Up-to-date team: https://www.globaleaks.org/about/people/
 
-Contributors list: https://github.com/globaleaks/GlobaLeaks/graphs/contributors
+Contributors list: https://github.com/globaleaks/globaleaks-whistleblowing-software/graphs/contributors
 
 Special shoutout to the Localization Lab and our translators community for their support over the years: https://www.localizationlab.org/
diff --git a/CHANGELOG b/CHANGELOG
index 9f71decb60..4b895500f3 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,3 +1,124 @@
+Changes in version 5.0.20
+    Fix retrival of account recovery key when 2FA is enabled
+
+Changes in version 5.0.19
+    Update codebase to use new angular 17 standalone components and control flow
+    Correct accessibility of language selector
+    Fix issue #4278
+    Revise colors of the application
+    Revise sticky footer implementation using Bootstrap 5 classes
+    Bump client dependencies to latest version
+    Update translations
+    Update brand assets
+    Rename main branch in stable
+    [ci] Revise tests to improve screenshots
+
+Changes in version 5.0.18
+    Adopt OpenSSF Scorecard and implement most of the recommendations
+    Add OpenSSF Scorecard to README.md
+    Ensure docker images uses pinned dependencies
+    Enable CodeQL action
+    Enable Dependabot action
+    Revise default permission on workflows
+    Strip HTML from Markdown text using DOMPurify
+    Revise login redirect and implement sanitization
+    Correct accessibility of language selector
+    Revise audit logs tracking users target of grant/revoke
+      report operations
+    Revise report search making it possible to make full text search
+      on the entire report
+    Fix audit log exporting correctly the object column (#4248)
+    Correct exceptions in relation to ngx-translate/core/issues/782
+    Fix translation of string:
+      Allow the recipient to edit the reports' expiration date
+    Use postcss-rtlcss to create a single optimized CSS bundle
+      supporting both ltr and rtl
+    Optimize loading of css files including primary fonts in main css
+     and ensuring secondary fonts are lazy-loaded
+    Revise CSS colors in relation to globaleaks visual identity
+    Apply GLBOALEAKS brand colors via SCSS
+    Update GlobaLeaks visual identity document
+    Update translations
+    Bump client dependencies to latest version
+    [doc] Update documentation images
+
+Changes in version 5.0.17
+    Fix logins exceptions on systems still apparently not implementing encryption introduced in 5.0.16
+
+Changes in version 5.0.16
+    Remove the content-language header from the http headers preferring to dynamically set the language in HTML
+    Revise UI Mock implementation
+    Revise implementation of pagination interface improving accessibility and internationalization
+    Bump client dependencies to latest version
+    Add Greenlandic translation
+    Update translations
+    Revise fix for #4228
+    [doc] Enable generation of documentation in ar, it, fr, es, ru, zu-cn
+          These languages now features texts in english but translated images
+
+Changes in version 5.0.15
+    Fix correct redirection after login
+
+Changes in version 5.0.14
+    Reiplement 'public' class on each whistleblower's page
+
+Changes in version 5.0.13
+    Fix issue #4228
+    Ensure to set html lang attribute when varying language (#4198)
+    Ensure to set html dir attribute depending on the language used
+    Correct logo and favicon removing incorrectly added black border
+    Revise wrong positioning of checkboxes on wizard interface
+    Revise gl-admin tool fixing configuration of intergers variables
+    Revise gl-admin tool making configuration of boolean values case insensitive
+    Bump client dependencies to latest versions
+    Update client dependencies shrinkwrap
+    [doc] Revise documentation informing users that a 64-bit system is required to run GlobaLeaks (#4202)
+
+Changes in version 5.0.12
+    Add ConnectionRefusedError to list of silenced exceptions
+    Revise implementation of periodic jobs and implement minutely exception notifications limits
+    Revise functionality and UI for date range questions
+    Ensure reports could be exported even if one single answer fails to be processed
+    Fix pdf export (available for the moment only on Ubuntu Noble)
+    Implement full case insensitive search on admin's sites interface
+    Order audit log entries with descending order
+    Extend client session idling time from 5 to 20 minutes
+    Fix issues #4209, #4218, #4217, #4207, #4211
+    Revise Language configuration UI improving usability
+    Apply CSS fixes to improve adherence to GlobaLeaks brand color
+    Uniform layout of checkboxes and radios using boostrap classes (#4216)
+    Include Ubuntu Noble in current recommended LTS distributions along with Debian Bookworm
+    Bump client dependencies to latest version
+    Update client dependencies shrinkwrap
+    Update translations
+    [ci] Update tests in relation to latest changes
+    [doc] Update documentation images
+
+Changes in version 5.0.11
+    Correct decryption of change status motivations for whistleblowers
+
+Changes in version 5.0.10
+    Revert "Update codebase to new angular control flow-directive" causing instabilities on 5.0.9
+
+Changes in version 5.0.9
+    Fix failure in the loading of translations at first load of the application introduced in 5.0.7 (#4194)
+    Reimplement override of localStorage with sessionStorage (#3277)
+    Replace usages of localStorage with sessionStorage
+    Bump client dependencies to latest versions
+
+Changes in version 5.0.8
+    Fix multilang export of questionnaires (#4190)
+    Bump client dependencies to latest version
+    Update translations
+
+Changes in version 5.0.7
+    Revise implementation of form validation
+    Implement language changes on ng-bootstrap datepicker
+    Revise internationalization issues
+    Revise admin sidebar menu fixing "Channels" link
+    Bump client dependencies to latest version
+    Update translations
+
 Changes in version 5.0.6
     Change text "Postpone the expiration date" to "Edit the expiration date" (#4175)
     Revise reports' statuses configuration (#4177)
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index aaa9e08731..b020714a49 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,29 +1,31 @@
-# Contributing to GlobaLeaks
+# GlobaLeaks Contributing Guide
 
-We would love for you to contribute to GlobaLeaks and help make it even better than it is today!
-As a contributor, here are the guidelines we would like you to follow:
+Hi! We are really excited that you are interested in contributing to GlobaLeaks.
+
+As a contributor, here are the guidelines we would like you to read:
 
  - [Code of Conduct](#coc)
  - [Got a Question or Problem?](#question)
  - [Found a Bug?](#issue)
  - [Do you have a Feature Idea?](#feature)
  - [Contributing Guidelines](#submit)
+ - [Donations](#donate)
 
 ## <a name="coc"></a> Code of Conduct
 
 Help us keep GlobaLeaks community safe and inclusive.
-Please read and follow our [Code of Conduct](https://github.com/globaleaks/GlobaLeaks/blob/main/CODE_OF_CONDUCT.md).
+Please read and follow our [Code of Conduct](https://github.com/globaleaks/globaleaks-whistleblowing-software/blob/stable/CODE_OF_CONDUCT.md).
 
 ## <a name="question"></a> Got a Question or Problem?
 
 Do not open issues for general support questions as we want to keep GitHub issues for bug reports and feature requests.
-Instead, we recommend using our [Discussion Forum](https://github.com/globaleaks/GlobaLeaks/discussions) space to ask support-related questions.
+Instead, we recommend using our [Discussion Forum](https://github.com/globaleaks/globaleaks-whistleblowing-software/discussions) space to ask support-related questions.
 
 If you would like to chat about the question in real-time, you can reach out via [Community Chat](https://community.globaleaks.org).
 
 ## <a name="issue"></a> Found a Bug?
 
-If you find a bug in the source code, you can help us by [Opening a Ticket](#submit-issue) to our [Ticketing System](https://github.com/globaleaks/GlobaLeaks/issues).
+If you find a bug in the source code, you can help us by [Opening a Ticket](#submit-issue) to our [Ticketing System](https://github.com/globaleaks/globaleaks-whistleblowing-software/issues).
 Even better, you can [Submit a Pull Request](#submit-pr) with a fix.
 
 ## <a name="feature"></a> Do you have a Feature Idea?
@@ -39,7 +41,7 @@ If you would like to implement a new feature, please consider the size of the ch
 
 ### <a name="submit-issue"></a> Opening a Ticket
 
-Before you open a ticket, please search through the [List of Tickets]((https://github.com/globaleaks/GlobaLeaks/issues)). A ticket for your problem might already exist and the discussion might inform you of workarounds readily available.
+Before you open a ticket, please search through the [List of Tickets]((https://github.com/globaleaks/globaleaks-whistleblowing-software/issues)). A ticket for your problem might already exist and the discussion might inform you of workarounds readily available.
 
 We want to fix all the issues as soon as possible, but before fixing a bug, we need to reproduce and confirm it.
 In order to reproduce bugs, we require that you provide a minimal reproduction.
@@ -53,13 +55,13 @@ We understand that sometimes it might be hard to extract essential bits of code
 
 Unfortunately, we are not able to investigate / fix bugs without a minimal reproduction, so if we don't hear back from you, we are going to close an issue that doesn't have enough info to be reproduced.
 
-You can file new issues by selecting from our [new issue templates](https://github.com/globaleaks/GlobaLeaks/issues/new/choose) and filling out the issue template.
+You can file new issues by selecting from our [new issue templates](https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/new/choose) and filling out the issue template.
 
 ### <a name="submit-pr"></a> Submitting a Pull Request
 
 Before you submit your Pull Request consider the following guidelines:
 
-1. Search on the [List of Pull Requests](https://github.com/globaleaks/GlobaLeaks/pulls) for an open or closed pull requests that relates to your contribution.
+1. Search on the [List of Pull Requests](https://github.com/globaleaks/globaleaks-whistleblowing-software/pulls) for an open or closed pull requests that relates to your contribution.
    You don't want to duplicate existing efforts.
 
 2. Be sure that an issue describes the problem you're fixing, or documents the design for the feature you'd like to add.
@@ -78,3 +80,10 @@ Before you submit your Pull Request consider the following guidelines:
 8. Commit your changes using a descriptive commit message.
 
 9. In GitHub, send a pull request to `GlobaLeaks:main`.
+
+## <a name="donate"></a> Donations <img src="https://raw.githubusercontent.com/globaleaks/globaleaks-whistleblowing-software/stable/brand/assets/heart.svg" alt="heart icon" width="24" />
+As a pure community-driven project without major corporate backing, we also welcome [donations](https://github.com/sponsors/globaleaks).
+
+- [Help Us Protect Whistleblowers—Become a GlobaLeaks Donor](https://github.com/sponsors/globaleaks)
+
+A big thank you to everyone who has already [contributed](https://github.com/globaleaks/globaleaks-whistleblowing-software/graphs/contributors) or [donated](https://github.com/sponsors/globaleaks) to the development of GlobaLeaks!
diff --git a/GOVERNANCE.md b/GOVERNANCE.md
index e099176634..1ec9927a74 100644
--- a/GOVERNANCE.md
+++ b/GOVERNANCE.md
@@ -3,17 +3,17 @@
 ## Introduction
 [GlobaLeaks](https://www.globaleaks.org) is free, open source software enabling anyone to easily set up and maintain a secure whistleblowing platform.
 
-The software project has been started in 2011 and [originally authored](https://github.com/globaleaks/GlobaLeaks/blob/main/AUTHORS) by Arturo Filastò, Claudio Agosti, Fabio Pietrosanti, Giovanni Pellerano and Michele Orrù.
+The software project has been started in 2011 and [originally authored](https://github.com/globaleaks/globaleaks-whistleblowing-software/blob/stable/AUTHORS) by Arturo Filastò, Claudio Agosti, Fabio Pietrosanti, Giovanni Pellerano and Michele Orrù.
 
 Authored in 2021, this document is a responsible and tentative attempt to analyze the existing governance status, define roles and responsibilities in order to properly define a proper project governance and thus be sure to be able to continue to protect whistleblowers in the long run.
 
 ## Roles and responsibilities
-This section defines the main project roles and respective responsibilities for the [GlobaLeaks Team](https://www.globaleaks.org/about/people/) and other project [Contributors](https://github.com/globaleaks/GlobaLeaks/graphs/contributors).
+This section defines the main project roles and respective responsibilities for the [GlobaLeaks Team](https://www.globaleaks.org/about/people/) and other project [Contributors](https://github.com/globaleaks/globaleaks-whistleblowing-software/graphs/contributors).
 
 ### Project Lead
 The Project Lead is responsible for coordinating the overall work of the GlobaLeaks team and of the GlobaLeaks FLOSS community with the aim of continuously improving the software and methodology and protecting whistleblowers.
 
-The project is currently led by [Giovanni Pellerano](https://www.globaleaks.org/about/people/#giovanni-pellerano), who is currently the lead developer and has continuously guided and advised contributors and users since 2011. This lead role and responsibility is focused on doing what's best for this project, guiding contributors through the analysis of user requirements and the definition and execution of the [Project Roadmap](https://docs.globaleaks.org/en/main/roadmap/) in adherence to [Contributributors Guidelines](https://github.com/globaleaks/GlobaLeaks/blob/main/CONTRIBUTING.md) and the [Best Practices](https://bestpractices.coreinfrastructure.org/en/projects/3816).
+The project is currently led by [Giovanni Pellerano](https://www.globaleaks.org/about/people/#giovanni-pellerano), who is currently the lead developer and has continuously guided and advised contributors and users since 2011. This lead role and responsibility is focused on doing what's best for this project, guiding contributors through the analysis of user requirements and the definition and execution of the [Project Roadmap](https://docs.globaleaks.org/en/stable/roadmap/) in adherence to [Contributributors Guidelines](https://github.com/globaleaks/globaleaks-whistleblowing-software/blob/stable/CONTRIBUTING.md) and the [Best Practices](https://bestpractices.coreinfrastructure.org/en/projects/3816).
 
 ### Project Manager
 The Project Manager is in charge of managing and coordinating the activities of the project.
@@ -21,7 +21,7 @@ The Project Manager is in charge of managing and coordinating the activities of
 [Susanna Ferro](https://www.globaleaks.org/about/people/#susanna-ferro) is the current Project Manager.
 
 ### Community Lead
-The Community Lead is responsible for identifying community needs, verifying and enforcing the project’s [Code of Conduct](https://github.com/globaleaks/GlobaLeaks/blob/main/CODE_OF_CONDUCT.md), making sure everybody feels represented and safe.
+The Community Lead is responsible for identifying community needs, verifying and enforcing the project’s [Code of Conduct](https://github.com/globaleaks/globaleaks-whistleblowing-software/blob/stable/CODE_OF_CONDUCT.md), making sure everybody feels represented and safe.
 
 [Rima Sghaier](https://www.globaleaks.org/about/people/#rima-sghaier) is the current Community Lead.
 
@@ -38,12 +38,12 @@ The Data Protection Officer (DPO) is responsible for educating the members of th
 ### Contributors
 Everyone is welcome!
 
-[Contributors](https://github.com/globaleaks/GlobaLeaks/graphs/contributors) are invited to adhere to the [Contributors Guidelines](https://github.com/globaleaks/GlobaLeaks/blob/main/CONTRIBUTING.md), participate in the project [Community Chat](https://community.globaleaks.org) and [Forum](https://forum.globaleaks.org) and to propose contributions opening Tickets and Pull Requests on the project’s [Ticketing System](https://github.com/globaleaks/GlobaLeaks/issues).
+[Contributors](https://github.com/globaleaks/globaleaks-whistleblowing-software/graphs/contributors) are invited to adhere to the [Contributors Guidelines](https://github.com/globaleaks/globaleaks-whistleblowing-software/blob/stable/CONTRIBUTING.md), participate in the project [Community Chat](https://community.globaleaks.org) and [Forum](https://forum.globaleaks.org) and to propose contributions opening Tickets and Pull Requests on the project’s [Ticketing System](https://github.com/globaleaks/globaleaks-whistleblowing-software/issues).
 
 List of team members, current and previous contributors and related statistics can be found at:
 
 * https://www.globaleaks.org/about/people
-* https://github.com/globaleaks/GlobaLeaks/graphs/contributors
+* https://github.com/globaleaks/globaleaks-whistleblowing-software/graphs/contributors
 * https://www.openhub.net/p/globaleaks
 
 ### Maintainers
@@ -63,7 +63,7 @@ The security team consists of all people who are subscribed to the GlobaLeaks se
 
 This list of people vary over time and include experts familiar with the overall project threat model and risks.
 
-The security team is responsible for evaluating reports of security vulnerabilities and issues received according to the [Security Policy](https://github.com/globaleaks/GlobaLeaks/security/policy), as well as scheduling and publishing periodic independent security audits of the software.
+The security team is responsible for evaluating reports of security vulnerabilities and issues received according to the [Security Policy](https://github.com/globaleaks/globaleaks-whistleblowing-software/security/policy), as well as scheduling and publishing periodic independent security audits of the software.
 
 ### Server admins
 We run some infrastructure used to support the community during work and discussions and implemented using open source and socially committed providers.
@@ -79,7 +79,7 @@ Here are listed the main organizations behind the project’s governance and sus
 
 * [Whistleblowing Solutions Impresa Sociale (S.r.l.)](https://www.whistleblowingsolutions.it/): an innovative social enterprise that carries out research and development to support whistleblowers and the fight against corruption. It was founded in 2016 to guarantee the economic sustainability of the GlobaLeaks project, through taking care of the growing number of requests for assistance, maintenance and custom deployment. WBS hosts the development activities and coordinates the community efforts.
 
-* [Hermes Center for Transparency and Digital Human Rights (HERMES)](https://www.hermescenter.org/): a non-profit association founded in 2012 by a group of hacktivists, lawyers and digital rights defenders to host the development and implementation of open source technologies with the purpose of advocating for freedom of speech online and, more generally, the protection of human rights and personal freedom in a connected world. Fiscal sponsor for the initial GlobaLeaks development lifecycle is owner of the [AGPLv3 License](https://github.com/globaleaks/GlobaLeaks/blob/main/LICENSE) and [Trademark](https://github.com/globaleaks/GlobaLeaks/blob/main/brand/globaleaks-euipo-trademark-certificate.pdf).
+* [Hermes Center for Transparency and Digital Human Rights (HERMES)](https://www.hermescenter.org/): a non-profit association founded in 2012 by a group of hacktivists, lawyers and digital rights defenders to host the development and implementation of open source technologies with the purpose of advocating for freedom of speech online and, more generally, the protection of human rights and personal freedom in a connected world. Fiscal sponsor for the initial GlobaLeaks development lifecycle is owner of the [AGPLv3 License](https://github.com/globaleaks/globaleaks-whistleblowing-software/blob/stable/LICENSE) and [Trademark](https://github.com/globaleaks/globaleaks-whistleblowing-software/blob/stable/brand/globaleaks-euipo-trademark-certificate.pdf).
 
 ## Possible improvements
 The GlobaLeaks team looks forward to improving the project governance and is exploring the following possibilities:
@@ -93,7 +93,7 @@ Feedback is welcome by any former or new contributor.
 ## Annexes
 
 * [Project Roadmap](https://docs.globaleaks.org/en/devel/roadmap/index.html)
-* [Project Code of Conduct](https://github.com/globaleaks/GlobaLeaks/blob/main/CODE_OF_CONDUCT.md)
-* [Contributors Guidelines](https://github.com/globaleaks/GlobaLeaks/blob/main/CONTRIBUTING.md)
-* [Project Security Policy](https://github.com/globaleaks/GlobaLeaks/security/policy)
+* [Project Code of Conduct](https://github.com/globaleaks/globaleaks-whistleblowing-software/blob/stable/CODE_OF_CONDUCT.md)
+* [Contributors Guidelines](https://github.com/globaleaks/globaleaks-whistleblowing-software/blob/stable/CONTRIBUTING.md)
+* [Project Security Policy](https://github.com/globaleaks/globaleaks-whistleblowing-software/security/policy)
 * [Project Best Practices](https://bestpractices.coreinfrastructure.org/en/projects/3816)
diff --git a/LICENSE b/LICENSE
index 60e42c2048..830c644219 100644
--- a/LICENSE
+++ b/LICENSE
@@ -11,15 +11,15 @@ but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 GNU Affero General Public License for more details.
 
-You should have received a copy of the GNU Affero General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
+Below is a full copy of the GNU Affero General Public License v3 along with
+additional terms allowed under section 7 of the AGPLv3.
 -------------------------------------------------------------------------------
                                AGPLv3 LICENSE
 -------------------------------------------------------------------------------
                     GNU AFFERO GENERAL PUBLIC LICENSE
                        Version 3, 19 November 2007
 
- Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
  Everyone is permitted to copy and distribute verbatim copies
  of this license document, but changing it is not allowed.
 
@@ -635,6 +635,47 @@ Program, unless a warranty or assumption of liability accompanies a
 copy of the Program in return for a fee.
 
                      END OF TERMS AND CONDITIONS
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU Affero General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU Affero General Public License for more details.
+
+    You should have received a copy of the GNU Affero General Public License
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+  If your software can interact with users remotely through a computer
+network, you should also make sure that it provides a way for users to
+get its source.  For example, if your program is a web application, its
+interface could display a "Source" link that leads users to an archive
+of the code.  There are many ways you could offer source, and different
+solutions will be better for different programs; see section 13 for the
+specific requirements.
+
+  You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU AGPL, see
+<https://www.gnu.org/licenses/>.
 --------------------------------------------------------------------------------
                 ADDITIONAL TERMS PURSUANT TO SECTION 7 OF AGPLv3
 --------------------------------------------------------------------------------
diff --git a/README.md b/README.md
index 03a7f53d3d..4f9a41b77e 100644
--- a/README.md
+++ b/README.md
@@ -1,28 +1,29 @@
 <div align="center">
- <a href="https://www.globaleaks.org"><img src="https://raw.githubusercontent.com/globaleaks/GlobaLeaks/main/brand/assets/globaleaks-logo-color.png" width="400"></a>
+ <a href="https://www.globaleaks.org"><img src="https://raw.githubusercontent.com/globaleaks/globaleaks-whistleblowing-software/stable/brand/assets/globaleaks-logo-color.png" width="400"></a>
 </div>
 
 <div align="center">
-  <a href="https://github.com/globaleaks/GlobaLeaks/blob/main/LICENSE"><img src="https://img.shields.io/badge/license-AGPLv3%2B-green" alt="License"></a> <a href="https://github.com/globaleaks/GlobaLeaks/blob/main/CODE_OF_CONDUCT.md"><img src="https://img.shields.io/badge/Contributor%20Covenant-v2.1%20adopted-ff69b4.svg" alt="Code of Conduct"></a>
+  <a href="https://github.com/globaleaks/globaleaks-whistleblowing-software/blob/stable/LICENSE"><img src="https://img.shields.io/badge/license-AGPLv3%2B-green" alt="License"></a> <a href="https://github.com/globaleaks/globaleaks-whistleblowing-software/blob/stable/CODE_OF_CONDUCT.md"><img src="https://img.shields.io/badge/Contributor%20Covenant-v2.1%20adopted-ff69b4.svg" alt="Code of Conduct"></a>
 </div>
 
-[GlobaLeaks](https://www.globaleaks.org/) is free, open source whistleblowing software enabling anyone to easily set up and maintain a secure reporting platform.
+[GlobaLeaks](https://www.globaleaks.org/) is free and open-source whistleblowing software enabling anyone to easily set up and maintain a secure reporting platform.
 
 The software is recognized by the [Digital Public Good Alliance](https://digitalpublicgoods.net) as a [Digital Public Good](https://app.digitalpublicgoods.net/a/11113).
 
 ## Continuous integration and testing
 | Branch | Build Status | Test Status | Quality | Coverage | Documentation
 | :---: | :---: | :---: | :---: | :---: | :---: |
-| [main](https://github.com/globaleaks/GlobaLeaks/tree/main) | [![build workflow](https://github.com/globaleaks/GlobaLeaks/actions/workflows/build.yml/badge.svg?branch=main)](https://github.com/globaleaks/GlobaLeaks/actions/workflows/build.yml?query=branch%3Amain) | [![build workflow](https://github.com/globaleaks/GlobaLeaks/actions/workflows/test.yml/badge.svg?branch=main)](https://github.com/globaleaks/GlobaLeaks/actions/workflows/test.yml?query=branch%3Amain) | [![Codacy Badge](https://app.codacy.com/project/badge/Grade/c09f1ec9607f4546924d19798a98dd7d?branch=main)](https://app.codacy.com/gh/globaleaks/GlobaLeaks/dashboard) | [![Codacy Badge](https://app.codacy.com/project/badge/Coverage/c09f1ec9607f4546924d19798a98dd7d?branch=main)](https://app.codacy.com/gh/globaleaks/GlobaLeaks/dashboard) | [![Build Status](https://readthedocs.org/projects/globaleaks/badge/?version=main&style=flat)](https://docs.globaleaks.org/en/main/)
-| [devel](https://github.com/globaleaks/GlobaLeaks/tree/devel) | [![build workflow](https://github.com/globaleaks/GlobaLeaks/actions/workflows/build.yml/badge.svg?branch=devel)](https://github.com/globaleaks/GlobaLeaks/actions/workflows/build.yml?query=branch%3Adevel) | [![test workflow](https://github.com/globaleaks/GlobaLeaks/actions/workflows/test.yml/badge.svg?branch=devel)](https://github.com/globaleaks/GlobaLeaks/actions/workflows/test.yml?query=branch%3Adevel) | [![Codacy Badge](https://app.codacy.com/project/badge/Grade/c09f1ec9607f4546924d19798a98dd7d?branch=devel)](https://app.codacy.com/gh/globaleaks/GlobaLeaks/dashboard?branch=devel) | [![Codacy Badge](https://app.codacy.com/project/badge/Coverage/c09f1ec9607f4546924d19798a98dd7d?branch=devel)](https://app.codacy.com/gh/globaleaks/GlobaLeaks/dashboard?branch=devel) | [![Build Status](https://readthedocs.org/projects/globaleaks/badge/?version=devel&style=flat)](https://docs.globaleaks.org/en/devel/)
+| [stable](https://github.com/globaleaks/globaleaks-whistleblowing-software/tree/stable) | [![build workflow](https://github.com/globaleaks/globaleaks-whistleblowing-software/actions/workflows/build.yml/badge.svg?branch=stable)](https://github.com/globaleaks/globaleaks-whistleblowing-software/actions/workflows/build.yml?query=branch%3Astable) | [![build workflow](https://github.com/globaleaks/globaleaks-whistleblowing-software/actions/workflows/test.yml/badge.svg?branch=stable)](https://github.com/globaleaks/globaleaks-whistleblowing-software/actions/workflows/test.yml?query=branch%3Astable) | [![Codacy Badge](https://app.codacy.com/project/badge/Grade/c09f1ec9607f4546924d19798a98dd7d?branch=stable)](https://app.codacy.com/gh/globaleaks/globaleaks-whistleblowing-software/dashboard) | [![Codacy Badge](https://app.codacy.com/project/badge/Coverage/c09f1ec9607f4546924d19798a98dd7d?branch=stable)](https://app.codacy.com/gh/globaleaks/globaleaks-whistleblowing-software/dashboard) | [![Build Status](https://readthedocs.org/projects/globaleaks/badge/?version=stable&style=flat)](https://docs.globaleaks.org/en/stable/)
+| [devel](https://github.com/globaleaks/globaleaks-whistleblowing-software/tree/devel) | [![build workflow](https://github.com/globaleaks/globaleaks-whistleblowing-software/actions/workflows/build.yml/badge.svg?branch=devel)](https://github.com/globaleaks/globaleaks-whistleblowing-software/actions/workflows/build.yml?query=branch%3Adevel) | [![test workflow](https://github.com/globaleaks/globaleaks-whistleblowing-software/actions/workflows/test.yml/badge.svg?branch=devel)](https://github.com/globaleaks/globaleaks-whistleblowing-software/actions/workflows/test.yml?query=branch%3Adevel) | [![Codacy Badge](https://app.codacy.com/project/badge/Grade/c09f1ec9607f4546924d19798a98dd7d?branch=devel)](https://app.codacy.com/gh/globaleaks/globaleaks-whistleblowing-software/dashboard?branch=devel) | [![Codacy Badge](https://app.codacy.com/project/badge/Coverage/c09f1ec9607f4546924d19798a98dd7d?branch=devel)](https://app.codacy.com/gh/globaleaks/globaleaks-whistleblowing-software/dashboard?branch=devel) | [![Build Status](https://readthedocs.org/projects/globaleaks/badge/?version=devel&style=flat)](https://docs.globaleaks.org/en/devel/)
 
 Project best practices and scores:
 | Metric | Score
 | :---: | :---: |
+| [OpenSSF Scorecard](https://scorecard.dev/) | [![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/globaleaks/globaleaks-whistleblowing-software/badge)](https://scorecard.dev/viewer/?uri=github.com/globaleaks/globaleaks-whistleblowing-software)
+| [OpenSSF Best Practices](https://bestpractices.coreinfrastructure.org/) | [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/3816/badge)](https://bestpractices.coreinfrastructure.org/projects/3816)
 | [MDN HTTP Observatory](https://developer.mozilla.org/en-US/observatory/analyze?host=try.globaleaks.org) | ![Status](https://img.shields.io/badge/observatory-A%2B-brightgreen)
 | [Security Headers](https://securityheaders.com/?q=https%3A%2F%2Ftry.globaleaks.org%2F) | ![Status](https://img.shields.io/badge/security%20headers-A%2B-brightgreen)
 | [SSLLabs](https://www.ssllabs.com/ssltest/analyze.html?d=try.globaleaks.org) | [![Status](https://img.shields.io/static/v1?label=SSLLabs&message=A%2B&color=%3CCOLOR%3E)](https://www.ssllabs.com/ssltest/analyze.html?d=try.globaleaks.org&latest)
-| [CII Best Practices](https://bestpractices.coreinfrastructure.org/) | [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/3816/badge)](https://bestpractices.coreinfrastructure.org/projects/3816)
 
 Project statistics on OpenHub: [www.openhub.net/p/globaleaks](https://www.openhub.net/p/globaleaks)
 
@@ -31,23 +32,27 @@ Infrastructure status: [uptime.globaleaks.org](https://uptime.globaleaks.org)
 ## Documentation
 GlobaLeaks's documentation is accessible at: [docs.globaleaks.org](https://docs.globaleaks.org)
 
-## Community support
+## Community Support
 If you need technical support, have general questions, or have new ideas for GlobaLeaks, please post your message on the [Community Forum](https://forum.globaleaks.org/).
 
 Join our [Community Chat](https://community.globaleaks.org) to get in touch with the development team and the GlobaLeaks community:
 * #development to participate in development discussions
 * #community-support for the community support
 
-If you want to contribute to the project please check the [Contributors Guidelines](https://github.com/globaleaks/GlobaLeaks/blob/main/CONTRIBUTING.md).
+In case you need to file a security report please check our [Security Policy](https://github.com/globaleaks/globaleaks-whistleblowing-software/blob/stable/SECURITY.md).
 
-In case you need to file a security report please check our [Security Policy](https://github.com/globaleaks/GlobaLeaks/blob/main/SECURITY.md)
+## Contributions and Donations <img src="https://raw.githubusercontent.com/globaleaks/globaleaks-whistleblowing-software/stable/brand/assets/heart.svg" alt="heart icon" width="24" />
+Thank you! If you would like to to contribute to the project please check the [Contributors Guidelines](https://github.com/globaleaks/globaleaks-whistleblowing-software/blob/stable/CONTRIBUTING.md).
 
-## Brand guidelines and brand assets
-Within the GlobaLeaks project we researched a nice and smooth brand style, using accessible colors and trying to communicate our values.
-If you are planning some press releases, a conference, or promoting GlobaLeaks please keep at reference our official [Brand Guidelines](https://github.com/globaleaks/GlobaLeaks/blob/main/brand/globaleaks-brand-guidelines.pdf) and use our [Brand Assets](https://github.com/globaleaks/GlobaLeaks/blob/main/brand/assets/).
+As a pure community-driven project without major corporate backing, we also welcome [donations](https://github.com/sponsors/globaleaks).
+
+- [Help Us Protect Whistleblowers—Become a GlobaLeaks Donor](https://github.com/sponsors/globaleaks)
 
-## Donate
-To support the GlobaLeaks project you can help us with [donations](https://github.com/sponsors/globaleaks) that will goes entirely for the software development.
+A big thank you to everyone who has already [contributed](https://github.com/globaleaks/globaleaks-whistleblowing-software/graphs/contributors) or [donated](https://github.com/sponsors/globaleaks) to the development of GlobaLeaks!
+
+## Brand Guidelines and Brand Assets
+Within the GlobaLeaks project we researched a nice and smooth brand style, using accessible colors and trying to communicate our values.
+If you are planning some press releases, a conference, or promoting GlobaLeaks please keep at reference our official [Brand Guidelines](https://github.com/globaleaks/globaleaks-whistleblowing-software/blob/stable/brand/globaleaks-brand-guidelines.pdf) and use our [Brand Assets](https://github.com/globaleaks/globaleaks-whistleblowing-software/blob/stable/brand/assets/).
 
 ## License
-GlobaLeaks is released under the AGPLv3 license. See [LICENSE](https://github.com/globaleaks/GlobaLeaks/blob/main/LICENSE) for more information on Additional Terms as per [7(b)](https://github.com/globaleaks/GlobaLeaks/blob/main/LICENSE#L684) and [7(c)](https://github.com/globaleaks/GlobaLeaks/blob/main/LICENSE#L713).
+GlobaLeaks is released under the [AGPLv3 license](https://github.com/globaleaks/globaleaks-whistleblowing-software/blob/stable/LICENSE) with [additional terms](https://github.com/globaleaks/globaleaks-whistleblowing-software/blob/stable/LICENSE#L679) allowed under section 7 of the AGPLv3. These terms are designed to make whistleblowers aware of the technology they are using and to enhance administrators' responsibility in keeping systems up-to-date.
diff --git a/SECURITY.md b/SECURITY.md
index 19c91552b2..ab4e085f3d 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,8 +1,11 @@
-# Security Policy
-If you have found a vulnerability, please do not file a public issue.
+If you've discovered a vulnerability, please refrain from filing a public issue.
 
-Please send us your report privately either via:
-- Reporting form: https://github.com/globaleaks/GlobaLeaks/security/advisories/new
+We kindly ask that you follow responsible disclosure guidelines, keeping in mind the risks faced by whistleblowers.
+
+To report a vulnerability, please contact us privately via one of the following methods:
+- Reporting form: Submit a security advisory
 - Email: security@globaleaks.org
 
-Please encrypt any sensitive configuration with the PGP key [F6EFBDFAD0A3CF4A55085C3E7BBB231D031957FA](https://deb.globaleaks.org/security.asc)
+For any sensitive information, please encrypt your message using our PGP key: F6EFBDFAD0A3CF4A55085C3E7BBB231D031957FA
+
+We aim to acknowledge reports within 8 hours and address any critical issues with short-term fixes within 2 days, whenever possible.
diff --git a/brand/assets/favicon.ico b/brand/assets/favicon.ico
new file mode 100644
index 0000000000..399dfaa97b
Binary files /dev/null and b/brand/assets/favicon.ico differ
diff --git a/brand/assets/favicon.svg b/brand/assets/favicon.svg
new file mode 100644
index 0000000000..f4f39bcb88
--- /dev/null
+++ b/brand/assets/favicon.svg
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   width="45.508335mm"
+   height="45.508335mm"
+   viewBox="0 0 45.508334 45.508334"
+   version="1.1"
+   id="svg1"
+   inkscape:version="1.3.1 (9b9bdc1480, 2023-11-25, custom)"
+   sodipodi:docname="favicon.svg"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:svg="http://www.w3.org/2000/svg">
+  <sodipodi:namedview
+     id="namedview1"
+     pagecolor="#ffffff"
+     bordercolor="#000000"
+     borderopacity="0.56078431"
+     inkscape:showpageshadow="2"
+     inkscape:pageopacity="0.0"
+     inkscape:pagecheckerboard="0"
+     inkscape:deskcolor="#d1d1d1"
+     inkscape:document-units="mm"
+     inkscape:zoom="1.4142136"
+     inkscape:cx="335.16862"
+     inkscape:cy="231.93102"
+     inkscape:window-width="1920"
+     inkscape:window-height="1131"
+     inkscape:window-x="0"
+     inkscape:window-y="0"
+     inkscape:window-maximized="1"
+     inkscape:current-layer="layer1" />
+  <defs
+     id="defs1">
+    <linearGradient
+       id="swatch2">
+      <stop
+         style="stop-color:#00e672;stop-opacity:0;"
+         offset="0"
+         id="stop2" />
+    </linearGradient>
+  </defs>
+  <g
+     inkscape:label="Layer 1"
+     inkscape:groupmode="layer"
+     id="layer1"
+     transform="translate(-15.622676,-14.801661)">
+    <circle
+       style="fill:#ffffff;fill-opacity:0.98668736;stroke:none;stroke-width:0.153723;stroke-dasharray:none"
+       id="path2"
+       cx="52.013237"
+       cy="13.335879"
+       r="22.677305"
+       transform="rotate(30)" />
+    <g
+       id="g4"
+       transform="matrix(0.26982655,0,0,0.27010796,26.735177,25.914162)">
+      <g
+         id="g2">
+        <path
+           fill-rule="evenodd"
+           clip-rule="evenodd"
+           d="m 69.99,0 h 9.2 c 3.9,0 7.1,3.19998 7.1,7.09998 V 79.1 c 0,3.9 -3.2,7.1001 -7.1,7.1001 H 60.99 L 66.39,70.9 c 0.6,-1.7 -0.3,-3.5999 -2,-4.1999 -0.3,-0.1 -0.5,-0.2001 -0.8,-0.2001 -0.3,0 -0.7,0 -1,0.1 -1,0.2 -1.9,1.0001 -2.3,2.1001 L 59.09,71.9 v -13 c 0,-2.1 -1.5,-3.7999 -3.5,-4.1999 h -0.2 c -0.2,0 -0.4,0 -0.5,0 -0.2,0 -0.3,0 -0.5,0 -0.1,0 -0.2,0 -0.2,0 -0.1,0 -0.2,0 -0.3,0.0999 -0.1,0 -0.2,0.1 -0.3,0.1 -0.5,0.2 -1,0.5001 -1.4,0.8001 V 54.9 c 0,-1.1 -0.5,-1.9999 -1.1,-2.6999 -0.1,-0.1 -0.1,-0.1001 -0.2,-0.2001 -0.2,-0.2 -0.5,-0.4 -0.8,-0.5 v -5.1 c 0,-1 -0.8,-1.8 -1.8,-1.8 h -7.7 c -1.3,0 -2.2,-1.4 -1.6,-2.6 l 15.5,-32 c 2.8,-6 8.8,-9.9 15.5,-10 z m -5.2,28.8 c 2,0 3.6,-1.5999 3.6,-3.5999 0,-2 -1.6,-3.6001 -3.6,-3.6001 -2,0 -3.6,1.6001 -3.6,3.6001 -0.1,1.9 1.6,3.5999 3.6,3.5999 z"
+           fill="#103253"
+           id="path1" />
+        <path
+           fill-rule="evenodd"
+           clip-rule="evenodd"
+           d="m 52.5899,6.20007 c 0.4,-3.1 -2,-6.20007 -5.4,-6.20007 h -16.3 c -6.9,0 -13.1,3.89998 -16.2,10.1 L 0.189941,39.9 c -0.6,1.2 0.299991,2.6 1.599989,2.6 h 6.40001 c 1.2,0 2.09996,1.1 1.7,2.3 l -1.7,6.3 c 0,0.1 0.1,0.2 0.2,0.2 4.79996,0 8.59996,3.9 8.59996,8.7 v 0.8 c 0,4.8001 -3.9,8.7 -8.59996,8.7 H 4.98993 c -0.2,0 -0.5,0 -0.7,0 -0.6,-0.1 -1.19999,0.3 -1.39999,0.9 -2.200002,7.9 3.7,15.7 11.79996,15.7 h 18.4 V 65.7001 c 0,-1.8 1.5,-3.3001 3.3,-3.3001 h 0.2 0.1 c 0.1,0 0.2,0 0.3,0 v -3.6999 c 0,-2.3 1.9,-4.2001 4.2,-4.2001 1.1,0 2.1,0.4 2.8,1.1 v -0.7 c 0,-1.7 1,-3.2 2.5,-3.8 V 48 h -5.9 c -3.9,0 -6.4,-4.1 -4.7,-7.7 l 15.5,-31.99995 c 0.3,-0.6 0.7,-1.39998 1.2,-2.09998 z M 25.6899,28.8 c 2,0 3.6,-1.5999 3.6,-3.5999 0,-2 -1.6,-3.6001 -3.6,-3.6001 -2,0 -3.6,1.6001 -3.6,3.6001 0,1.9 1.6,3.5999 3.6,3.5999 z"
+           fill="#3679bb"
+           id="path2-2" />
+      </g>
+    </g>
+  </g>
+</svg>
diff --git a/brand/assets/globaleaks-icon-color.png b/brand/assets/globaleaks-icon-color.png
index 88a5cacddf..f4f2818b16 100644
Binary files a/brand/assets/globaleaks-icon-color.png and b/brand/assets/globaleaks-icon-color.png differ
diff --git a/brand/assets/globaleaks-icon-color.svg b/brand/assets/globaleaks-icon-color.svg
index e569f9a36e..bce473b629 100644
--- a/brand/assets/globaleaks-icon-color.svg
+++ b/brand/assets/globaleaks-icon-color.svg
@@ -1,87 +1,52 @@
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 <svg
-   style="fill:none"
-   id="svg26"
+   width="88"
+   height="88"
+   viewBox="0 0 88 88"
+   fill="none"
    version="1.1"
-   viewBox="0 0 480 480"
-   height="480"
-   width="480"
-   sodipodi:docname="globaleaks-icon-color.svg"
-   inkscape:version="1.2.2 (732a01da63, 2022-12-09, custom)"
-   inkscape:export-filename="/home/evilaliv3/Development/GlobaLeaks/brand/assets/globaleaks-icon-color.png"
-   inkscape:export-xdpi="96"
-   inkscape:export-ydpi="96"
+   id="svg2"
+   sodipodi:docname="globaleaks-logo-icon-default.svg"
+   inkscape:version="1.3.1 (9b9bdc1480, 2023-11-25, custom)"
    xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
    xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
    xmlns="http://www.w3.org/2000/svg"
-   xmlns:svg="http://www.w3.org/2000/svg"
-   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
-   xmlns:cc="http://creativecommons.org/ns#"
-   xmlns:dc="http://purl.org/dc/elements/1.1/">
+   xmlns:svg="http://www.w3.org/2000/svg">
+  <defs
+     id="defs2" />
   <sodipodi:namedview
+     id="namedview2"
      pagecolor="#ffffff"
-     bordercolor="#666666"
-     borderopacity="1"
-     objecttolerance="10"
-     gridtolerance="10"
-     guidetolerance="10"
-     inkscape:pageopacity="0"
-     inkscape:pageshadow="2"
+     bordercolor="#000000"
+     borderopacity="0.25"
+     inkscape:showpageshadow="2"
+     inkscape:pageopacity="0.0"
+     inkscape:pagecheckerboard="0"
+     inkscape:deskcolor="#d1d1d1"
+     inkscape:zoom="7.2011104"
+     inkscape:cx="43.604386"
+     inkscape:cy="43.604386"
      inkscape:window-width="1920"
-     inkscape:window-height="1136"
-     id="namedview987"
-     showgrid="false"
-     inkscape:zoom="1.0699947"
-     inkscape:cx="220.56184"
-     inkscape:cy="137.85115"
+     inkscape:window-height="1131"
      inkscape:window-x="0"
-     inkscape:window-y="27"
+     inkscape:window-y="0"
      inkscape:window-maximized="1"
-     inkscape:current-layer="svg26"
-     inkscape:showpageshadow="2"
-     inkscape:pagecheckerboard="0"
-     inkscape:deskcolor="#d1d1d1" />
-  <metadata
-     id="metadata32">
-    <rdf:RDF>
-      <cc:Work
-         rdf:about="">
-        <dc:format>image/svg+xml</dc:format>
-        <dc:type
-           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
-      </cc:Work>
-    </rdf:RDF>
-  </metadata>
-  <defs
-     id="defs30" />
+     inkscape:current-layer="svg2" />
   <g
-     id="g374"
-     transform="matrix(0.90543093,0,0,0.90543093,22.696577,22.696577)">
-    <circle
-       style="fill:#ffffff;fill-rule:evenodd;stroke-width:0.949824"
-       id="path367"
-       cx="240"
-       cy="240"
-       r="237.45599" />
-    <g
-       style="stroke:none"
-       id="g1003"
-       transform="matrix(0.6,0,0,0.6,120,119.9994)">
-      <g
-         style="fill:none;stroke:none"
-         id="g1087"
-         transform="matrix(5.0000062,0,0,4.9999813,2.1407318e-6,9.8982409e-4)">
-        <path
-           inkscape:connector-curvature="0"
-           id="path22"
-           d="m 65.6676,3.05176e-4 h 7.529 c 3.7191,0 6.8033,2.923584824 6.8033,6.644514824 V 73.3558 c 0,3.6323 -2.9934,6.6445 -6.8033,6.6445 H 57.1408 l 5.1705,-14.175 C 62.8556,64.2306 62.0392,62.4588 60.4064,61.9272 60.1343,61.8386 59.8621,61.75 59.59,61.75 c -0.3628,0 -0.635,0 -0.9978,0.0886 -0.9978,0.2658 -1.8142,0.9745 -2.1771,1.9491 l -1.1792,2.9235 V 54.5739 c 0,-1.949 -1.4514,-3.5437 -3.3563,-3.8981 h -0.1814 c -0.1815,0 -0.3629,0 -0.5443,0 -0.1814,0 -0.2721,0 -0.4536,0 -0.0907,0 -0.1814,0 -0.2721,0 -0.0907,0 -0.1814,0 -0.2721,0.0886 -0.0907,0 -0.1814,0.0886 -0.2722,0.0886 h -0.0907 c -0.4535,0.1772 -0.9071,0.443 -1.3606,0.7974 v -0.7088 c 0,-0.9745 -0.4536,-1.8605 -1.0886,-2.5692 -0.0907,-0.0886 -0.1814,-0.1772 -0.1814,-0.1772 -0.1814,-0.1772 -0.4535,-0.3544 -0.7257,-0.5316 v -4.6954 c 0,-0.8859 -0.7256,-1.6833 -1.7235,-1.6833 h -7.3475 c -1.27,0 -2.0864,-1.2403 -1.5421,-2.392 L 50.6096,9.21407 C 53.6031,3.72126 59.4086,0.0888987 65.6676,3.05176e-4 Z M 60.6785,26.667 c 1.9049,0 3.447,-1.5061 3.447,-3.3666 0,-1.8604 -1.5421,-3.3665 -3.447,-3.3665 -1.9049,0 -3.447,1.5061 -3.447,3.3665 0,1.8605 1.5421,3.3666 3.447,3.3666 z"
-           style="clip-rule:evenodd;fill:#103253;fill-rule:evenodd;stroke:none" />
-        <path
-           inkscape:connector-curvature="0"
-           id="path24"
-           d="M 47.8289,8.39103 C 48.668,5.03462 46.1507,0 41.9551,0 H 28.7105 C 22.2974,0 16.5348,3.62367 13.6535,9.38442 L 0.17654,37.0732 c -0.557668,1.115 0.278826,2.4158 1.48711,2.4158 h 5.94846 c 1.11534,0 1.95184,1.0221 1.58006,2.1371 l -1.58006,5.8536 c 0,0.0929 0.09294,0.1859 0.18589,0.1859 4.4613,0 7.9932,3.6236 7.9932,8.0836 v 0.7433 c 0,4.4599 -3.6248,8.0836 -7.9932,8.0836 H 4.63787 c -0.18589,0 -0.46472,0 -0.65061,0 C 3.42959,64.4832 2.87193,64.8549 2.68604,65.4124 0.641261,72.7527 6.125,80 13.6535,80 H 30.7553 V 61.0454 c 0,-1.6725 1.3942,-3.0663 3.0672,-3.0663 h 0.1859 0.0929 c 0.093,0 0.1859,0 0.2789,0 v -3.4378 c 0,-2.137 1.7659,-3.9025 3.9036,-3.9025 1.0224,0 1.9519,0.3716 2.6025,1.0221 v -0.6504 c 0,-1.5796 0.9294,-2.9733 2.3236,-3.5308 v -2.8804 h -5.4837 c -3.6249,0 -5.9485,-3.8095 -4.3684,-7.1544 z M 23.8774,26.7596 c 1.8589,0 3.346,-1.4866 3.346,-3.3449 0,-1.8583 -1.4871,-3.345 -3.346,-3.345 -1.8589,0 -3.346,1.4867 -3.346,3.345 0,1.7654 1.4871,3.3449 3.346,3.3449 z"
-           style="clip-rule:evenodd;fill:#377abc;fill-rule:evenodd;stroke:none" />
-      </g>
-    </g>
+     id="g4">
+    <path
+       fill-rule="evenodd"
+       clip-rule="evenodd"
+       d="M 71.376984,0 H 80.7593 C 84.736585,0 88,3.2667971 88,7.248231 V 80.751647 C 88,84.733081 84.736585,88 80.7593,88 H 62.198632 l 5.507012,-15.619573 c 0.61189,-1.735497 -0.305946,-3.675069 -2.039634,-4.287597 -0.305945,-0.10209 -0.509909,-0.204277 -0.815854,-0.204277 -0.305945,0 -0.713871,0 -1.019816,0.10209 -1.019817,0.204175 -1.937653,1.020982 -2.345579,2.143951 l -1.22378,3.266715 V 60.129861 c 0,-2.143849 -1.529726,-3.879244 -3.56936,-4.287597 h -0.203964 c -0.203962,0 -0.407926,0 -0.509907,0 -0.203964,0 -0.305946,0 -0.509909,0 -0.101978,0 -0.203964,0 -0.203964,0 -0.101977,0 -0.203963,0 -0.305944,0.101988 -0.101978,0 -0.203964,0.102091 -0.305945,0.102091 -0.509909,0.204176 -1.019817,0.510542 -1.427744,0.816806 v -0.816806 c 0,-1.122968 -0.509909,-2.041659 -1.121799,-2.756275 -0.101977,-0.10209 -0.101977,-0.102193 -0.203963,-0.204279 -0.203964,-0.204176 -0.509909,-0.408352 -0.815854,-0.51044 v -5.206494 c 0,-1.020881 -0.815853,-1.837585 -1.83567,-1.837585 h -7.85259 c -1.325762,0 -2.243598,-1.429233 -1.631707,-2.654289 L 55.569823,10.208805 C 58.42531,4.0835219 64.544211,0.10208805 71.376984,0 Z m -5.303048,29.401358 c 2.039635,0 3.671342,-1.633307 3.671342,-3.675068 0,-2.04176 -1.631707,-3.675271 -3.671342,-3.675271 -2.039633,0 -3.67134,1.633511 -3.67134,3.675271 -0.101978,1.939673 1.631707,3.675068 3.67134,3.675068 z"
+       fill="#103253"
+       id="path1"
+       style="stroke-width:1.02035" />
+    <path
+       fill-rule="evenodd"
+       clip-rule="evenodd"
+       d="M 53.632069,6.3295305 C 54.039996,3.164801 51.592434,0 48.125057,0 H 31.502041 C 24.465306,0 18.14244,3.9814135 14.981008,10.310892 L 0.19370517,40.733131 c -0.61189013,1.225057 0.30593589,2.65429 1.63169583,2.65429 h 6.5268383 c 1.2237802,0 2.1415747,1.122968 1.7336887,2.348025 l -1.7336887,6.431546 c 0,0.102091 0.1019818,0.204177 0.2039634,0.204177 4.8950803,0 8.7703843,3.981434 8.7703843,8.88166 v 0.816704 c 0,4.900329 -3.977286,8.881661 -8.7703843,8.881661 H 5.088815 c -0.2039633,0 -0.5099084,0 -0.7138718,0 C 3.763053,70.849104 3.1511731,71.257458 2.9472097,71.869986 0.70361056,79.934942 6.7205323,87.897809 14.981008,87.897809 H 33.745639 V 67.071951 c 0,-1.837586 1.529726,-3.369009 3.365396,-3.369009 h 0.203963 0.101978 c 0.101977,0 0.203963,0 0.305945,0 v -3.777155 c 0,-2.348026 1.937652,-4.2878 4.283231,-4.2878 1.121799,0 2.141615,0.408351 2.855487,1.122968 v -0.714617 c 0,-1.735496 1.019817,-3.266816 2.549543,-3.879346 v -3.164728 h -6.01692 c -3.977286,0 -6.526828,-4.185611 -4.793139,-7.86078 L 52.408288,8.473359 C 52.714234,7.8608307 53.12216,7.0441468 53.632069,6.3295305 Z M 26.198994,29.401358 c 2.039634,0 3.671341,-1.633307 3.671341,-3.675068 0,-2.04176 -1.631707,-3.675271 -3.671341,-3.675271 -2.039634,0 -3.671341,1.633511 -3.671341,3.675271 0,1.939673 1.631707,3.675068 3.671341,3.675068 z"
+       fill="#3679bb"
+       id="path2"
+       style="stroke-width:1.02035" />
   </g>
 </svg>
diff --git a/brand/assets/globaleaks-icon-white.png b/brand/assets/globaleaks-icon-white.png
index 8b0efde1e7..dff7a6e12f 100644
Binary files a/brand/assets/globaleaks-icon-white.png and b/brand/assets/globaleaks-icon-white.png differ
diff --git a/brand/assets/globaleaks-icon-white.svg b/brand/assets/globaleaks-icon-white.svg
index 68855176aa..842f149509 100644
--- a/brand/assets/globaleaks-icon-white.svg
+++ b/brand/assets/globaleaks-icon-white.svg
@@ -1,71 +1,53 @@
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 <svg
-   xmlns:dc="http://purl.org/dc/elements/1.1/"
-   xmlns:cc="http://creativecommons.org/ns#"
-   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
-   xmlns:svg="http://www.w3.org/2000/svg"
-   xmlns="http://www.w3.org/2000/svg"
-   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
-   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
-   style="fill:none"
-   id="svg26"
+   width="88"
+   height="88"
+   viewBox="0 0 88 88"
+   fill="none"
    version="1.1"
-   viewBox="0 0 480 480"
-   height="480"
-   width="480"
-   sodipodi:docname="globaleaks-icon-white.svg"
-   inkscape:version="0.92.4 (5da689c313, 2019-01-14)">
+   id="svg2"
+   sodipodi:docname="globaleaks-logo-icon-white.svg"
+   inkscape:version="1.3.1 (9b9bdc1480, 2023-11-25, custom)"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:svg="http://www.w3.org/2000/svg">
+  <defs
+     id="defs2" />
   <sodipodi:namedview
+     id="namedview2"
      pagecolor="#ffffff"
-     bordercolor="#666666"
-     borderopacity="1"
-     objecttolerance="10"
-     gridtolerance="10"
-     guidetolerance="10"
-     inkscape:pageopacity="0"
-     inkscape:pageshadow="2"
+     bordercolor="#000000"
+     borderopacity="0.25"
+     inkscape:showpageshadow="2"
+     inkscape:pageopacity="0.0"
+     inkscape:pagecheckerboard="0"
+     inkscape:deskcolor="#d1d1d1"
+     inkscape:zoom="7.2011104"
+     inkscape:cx="43.604386"
+     inkscape:cy="43.604386"
      inkscape:window-width="1920"
-     inkscape:window-height="1080"
-     id="namedview2959"
-     showgrid="false"
-     inkscape:zoom="0.58999707"
-     inkscape:cx="-271.18878"
-     inkscape:cy="200.00099"
+     inkscape:window-height="1131"
      inkscape:window-x="0"
      inkscape:window-y="0"
-     inkscape:window-maximized="0"
-     inkscape:current-layer="svg26" />
-  <metadata
-     id="metadata32">
-    <rdf:RDF>
-      <cc:Work
-         rdf:about="">
-        <dc:format>image/svg+xml</dc:format>
-        <dc:type
-           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
-        <dc:title></dc:title>
-      </cc:Work>
-    </rdf:RDF>
-  </metadata>
-  <defs
-     id="defs30" />
+     inkscape:window-maximized="1"
+     inkscape:current-layer="svg2" />
   <g
-     id="g3507"
-     transform="matrix(0.80000001,0,0,0.79999601,80,80)">
-    <g
-       id="g1087"
-       transform="scale(5.0000062)"
-       style="fill:#ffffff">
-      <path
-         id="path22"
-         d="m 65.6676,3.05176e-4 h 7.529 c 3.7191,0 6.8033,2.923584824 6.8033,6.644514824 V 73.3558 c 0,3.6323 -2.9934,6.6445 -6.8033,6.6445 H 57.1408 l 5.1705,-14.175 C 62.8556,64.2306 62.0392,62.4588 60.4064,61.9272 60.1343,61.8386 59.8621,61.75 59.59,61.75 c -0.3628,0 -0.635,0 -0.9978,0.0886 -0.9978,0.2658 -1.8142,0.9745 -2.1771,1.9491 l -1.1792,2.9235 V 54.5739 c 0,-1.949 -1.4514,-3.5437 -3.3563,-3.8981 h -0.1814 c -0.1815,0 -0.3629,0 -0.5443,0 -0.1814,0 -0.2721,0 -0.4536,0 -0.0907,0 -0.1814,0 -0.2721,0 -0.0907,0 -0.1814,0 -0.2721,0.0886 -0.0907,0 -0.1814,0.0886 -0.2722,0.0886 h -0.0907 c -0.4535,0.1772 -0.9071,0.443 -1.3606,0.7974 v -0.7088 c 0,-0.9745 -0.4536,-1.8605 -1.0886,-2.5692 -0.0907,-0.0886 -0.1814,-0.1772 -0.1814,-0.1772 -0.1814,-0.1772 -0.4535,-0.3544 -0.7257,-0.5316 v -4.6954 c 0,-0.8859 -0.7256,-1.6833 -1.7235,-1.6833 h -7.3475 c -1.27,0 -2.0864,-1.2403 -1.5421,-2.392 L 50.6096,9.21407 C 53.6031,3.72126 59.4086,0.0888987 65.6676,3.05176e-4 Z M 60.6785,26.667 c 1.9049,0 3.447,-1.5061 3.447,-3.3666 0,-1.8604 -1.5421,-3.3665 -3.447,-3.3665 -1.9049,0 -3.447,1.5061 -3.447,3.3665 0,1.8605 1.5421,3.3666 3.447,3.3666 z"
-         style="clip-rule:evenodd;fill:#ffffff;fill-rule:evenodd"
-         inkscape:connector-curvature="0" />
-      <path
-         id="path24"
-         d="M 47.8289,8.39103 C 48.668,5.03462 46.1507,0 41.9551,0 H 28.7105 C 22.2974,0 16.5348,3.62367 13.6535,9.38442 L 0.17654,37.0732 c -0.557668,1.115 0.278826,2.4158 1.48711,2.4158 h 5.94846 c 1.11534,0 1.95184,1.0221 1.58006,2.1371 l -1.58006,5.8536 c 0,0.0929 0.09294,0.1859 0.18589,0.1859 4.4613,0 7.9932,3.6236 7.9932,8.0836 v 0.7433 c 0,4.4599 -3.6248,8.0836 -7.9932,8.0836 H 4.63787 c -0.18589,0 -0.46472,0 -0.65061,0 C 3.42959,64.4832 2.87193,64.8549 2.68604,65.4124 0.641261,72.7527 6.125,80 13.6535,80 H 30.7553 V 61.0454 c 0,-1.6725 1.3942,-3.0663 3.0672,-3.0663 h 0.1859 0.0929 c 0.093,0 0.1859,0 0.2789,0 v -3.4378 c 0,-2.137 1.7659,-3.9025 3.9036,-3.9025 1.0224,0 1.9519,0.3716 2.6025,1.0221 v -0.6504 c 0,-1.5796 0.9294,-2.9733 2.3236,-3.5308 v -2.8804 h -5.4837 c -3.6249,0 -5.9485,-3.8095 -4.3684,-7.1544 z M 23.8774,26.7596 c 1.8589,0 3.346,-1.4866 3.346,-3.3449 0,-1.8583 -1.4871,-3.345 -3.346,-3.345 -1.8589,0 -3.346,1.4867 -3.346,3.345 0,1.7654 1.4871,3.3449 3.346,3.3449 z"
-         style="clip-rule:evenodd;fill:#ffffff;fill-rule:evenodd"
-         inkscape:connector-curvature="0" />
-    </g>
+     id="g4"
+     style="fill:#ffffff">
+    <path
+       fill-rule="evenodd"
+       clip-rule="evenodd"
+       d="M 71.376984,0 H 80.7593 C 84.736585,0 88,3.2667971 88,7.248231 V 80.751647 C 88,84.733081 84.736585,88 80.7593,88 H 62.198632 l 5.507012,-15.619573 c 0.61189,-1.735497 -0.305946,-3.675069 -2.039634,-4.287597 -0.305945,-0.10209 -0.509909,-0.204277 -0.815854,-0.204277 -0.305945,0 -0.713871,0 -1.019816,0.10209 -1.019817,0.204175 -1.937653,1.020982 -2.345579,2.143951 l -1.22378,3.266715 V 60.129861 c 0,-2.143849 -1.529726,-3.879244 -3.56936,-4.287597 h -0.203964 c -0.203962,0 -0.407926,0 -0.509907,0 -0.203964,0 -0.305946,0 -0.509909,0 -0.101978,0 -0.203964,0 -0.203964,0 -0.101977,0 -0.203963,0 -0.305944,0.101988 -0.101978,0 -0.203964,0.102091 -0.305945,0.102091 -0.509909,0.204176 -1.019817,0.510542 -1.427744,0.816806 v -0.816806 c 0,-1.122968 -0.509909,-2.041659 -1.121799,-2.756275 -0.101977,-0.10209 -0.101977,-0.102193 -0.203963,-0.204279 -0.203964,-0.204176 -0.509909,-0.408352 -0.815854,-0.51044 v -5.206494 c 0,-1.020881 -0.815853,-1.837585 -1.83567,-1.837585 h -7.85259 c -1.325762,0 -2.243598,-1.429233 -1.631707,-2.654289 L 55.569823,10.208805 C 58.42531,4.0835219 64.544211,0.10208805 71.376984,0 Z m -5.303048,29.401358 c 2.039635,0 3.671342,-1.633307 3.671342,-3.675068 0,-2.04176 -1.631707,-3.675271 -3.671342,-3.675271 -2.039633,0 -3.67134,1.633511 -3.67134,3.675271 -0.101978,1.939673 1.631707,3.675068 3.67134,3.675068 z"
+       fill="#103253"
+       id="path1"
+       style="stroke-width:1.02035;fill:#ffffff" />
+    <path
+       fill-rule="evenodd"
+       clip-rule="evenodd"
+       d="M 53.632069,6.3295305 C 54.039996,3.164801 51.592434,0 48.125057,0 H 31.502041 C 24.465306,0 18.14244,3.9814135 14.981008,10.310892 L 0.19370517,40.733131 c -0.61189013,1.225057 0.30593589,2.65429 1.63169583,2.65429 h 6.5268383 c 1.2237802,0 2.1415747,1.122968 1.7336887,2.348025 l -1.7336887,6.431546 c 0,0.102091 0.1019818,0.204177 0.2039634,0.204177 4.8950803,0 8.7703843,3.981434 8.7703843,8.88166 v 0.816704 c 0,4.900329 -3.977286,8.881661 -8.7703843,8.881661 H 5.088815 c -0.2039633,0 -0.5099084,0 -0.7138718,0 C 3.763053,70.849104 3.1511731,71.257458 2.9472097,71.869986 0.70361056,79.934942 6.7205323,87.897809 14.981008,87.897809 H 33.745639 V 67.071951 c 0,-1.837586 1.529726,-3.369009 3.365396,-3.369009 h 0.203963 0.101978 c 0.101977,0 0.203963,0 0.305945,0 v -3.777155 c 0,-2.348026 1.937652,-4.2878 4.283231,-4.2878 1.121799,0 2.141615,0.408351 2.855487,1.122968 v -0.714617 c 0,-1.735496 1.019817,-3.266816 2.549543,-3.879346 v -3.164728 h -6.01692 c -3.977286,0 -6.526828,-4.185611 -4.793139,-7.86078 L 52.408288,8.473359 C 52.714234,7.8608307 53.12216,7.0441468 53.632069,6.3295305 Z M 26.198994,29.401358 c 2.039634,0 3.671341,-1.633307 3.671341,-3.675068 0,-2.04176 -1.631707,-3.675271 -3.671341,-3.675271 -2.039634,0 -3.671341,1.633511 -3.671341,3.675271 0,1.939673 1.631707,3.675068 3.671341,3.675068 z"
+       fill="#3679bb"
+       id="path2"
+       style="stroke-width:1.02035;fill:#ffffff" />
   </g>
 </svg>
diff --git a/brand/assets/globaleaks-logo-color.png b/brand/assets/globaleaks-logo-color.png
index ec6d49cc04..f7b23cb050 100644
Binary files a/brand/assets/globaleaks-logo-color.png and b/brand/assets/globaleaks-logo-color.png differ
diff --git a/brand/assets/globaleaks-logo-color.svg b/brand/assets/globaleaks-logo-color.svg
index 2d98b7a8fd..a3ddb085f3 100644
--- a/brand/assets/globaleaks-logo-color.svg
+++ b/brand/assets/globaleaks-logo-color.svg
@@ -1,131 +1,142 @@
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 <svg
-   xmlns:dc="http://purl.org/dc/elements/1.1/"
-   xmlns:cc="http://creativecommons.org/ns#"
-   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
-   xmlns:svg="http://www.w3.org/2000/svg"
-   xmlns="http://www.w3.org/2000/svg"
-   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
-   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
-   id="svg26"
+   width="524.19049"
+   height="128"
+   viewBox="0 0 524.19049 128"
+   fill="none"
    version="1.1"
-   viewBox="0 0 500 120"
-   height="120"
-   width="500"
+   id="svg12"
    sodipodi:docname="globaleaks-logo-color.svg"
-   style="fill:none"
-   inkscape:version="0.92.4 (5da689c313, 2019-01-14)"
-   inkscape:export-filename="/home/evilaliv3/Development/GlobaLeaks/brand/assets/globaleaks-logo-color.png"
-   inkscape:export-xdpi="96"
-   inkscape:export-ydpi="96">
+   inkscape:version="1.3.1 (9b9bdc1480, 2023-11-25, custom)"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:svg="http://www.w3.org/2000/svg">
+  <defs
+     id="defs12">
+    <clipPath
+       clipPathUnits="userSpaceOnUse"
+       id="clipPath47">
+      <path
+         d="m 340,323.00006 h -27 v -27 h 27 z"
+         transform="translate(-313.00001,-296.00007)"
+         clip-rule="evenodd"
+         id="path47" />
+    </clipPath>
+    <clipPath
+       clipPathUnits="userSpaceOnUse"
+       id="clipPath50">
+      <path
+         d="m 730,323.00006 h -27 v -27 h 27 z"
+         transform="translate(-703.00002,-296.00007)"
+         clip-rule="evenodd"
+         id="path50" />
+    </clipPath>
+    <clipPath
+       clipPathUnits="userSpaceOnUse"
+       id="clipPath53">
+      <path
+         d="m 242,323.00006 h -27 v -27 h 27 z"
+         transform="translate(-215.00001,-296.00007)"
+         clip-rule="evenodd"
+         id="path53" />
+    </clipPath>
+    <clipPath
+       clipPathUnits="userSpaceOnUse"
+       id="clipPath56">
+      <path
+         d="m 242,225.00006 h -27 v -27 h 27 z"
+         transform="translate(-215.00001,-198.00007)"
+         clip-rule="evenodd"
+         id="path56" />
+    </clipPath>
+    <clipPath
+       clipPathUnits="userSpaceOnUse"
+       id="clipPath59">
+      <path
+         d="m 340,225.00006 h -27 v -27 h 27 z"
+         transform="translate(-313.00001,-198.00007)"
+         clip-rule="evenodd"
+         id="path59" />
+    </clipPath>
+    <clipPath
+       clipPathUnits="userSpaceOnUse"
+       id="clipPath62">
+      <path
+         d="m 730,225.00006 h -27 v -27 h 27 z"
+         transform="translate(-703.00002,-198.00007)"
+         clip-rule="evenodd"
+         id="path62" />
+    </clipPath>
+  </defs>
   <sodipodi:namedview
+     id="namedview12"
      pagecolor="#ffffff"
-     bordercolor="#666666"
-     borderopacity="1"
-     objecttolerance="10"
-     gridtolerance="10"
-     guidetolerance="10"
-     inkscape:pageopacity="0"
-     inkscape:pageshadow="2"
+     bordercolor="#000000"
+     borderopacity="0.25"
+     inkscape:showpageshadow="2"
+     inkscape:pageopacity="0.0"
+     inkscape:pagecheckerboard="false"
+     inkscape:deskcolor="#d1d1d1"
+     inkscape:zoom="1.3079578"
+     inkscape:cx="224.77789"
+     inkscape:cy="-1.5291013"
      inkscape:window-width="1920"
-     inkscape:window-height="1080"
-     id="namedview895"
-     showgrid="false"
-     inkscape:zoom="1.2706521"
-     inkscape:cx="384.06262"
-     inkscape:cy="40"
+     inkscape:window-height="1011"
      inkscape:window-x="0"
      inkscape:window-y="0"
-     inkscape:window-maximized="0"
-     inkscape:current-layer="svg26" />
-  <metadata
-     id="metadata32">
-    <rdf:RDF>
-      <cc:Work
-         rdf:about="">
-        <dc:format>image/svg+xml</dc:format>
-        <dc:type
-           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
-        <dc:title></dc:title>
-      </cc:Work>
-    </rdf:RDF>
-  </metadata>
-  <defs
-     id="defs30" />
-  <rect
-     ry="0.70079827"
-     y="0"
-     x="0"
-     height="120"
-     width="500"
-     id="rect824"
-     style="opacity:1;fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:1.93361735;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+     inkscape:window-maximized="1"
+     inkscape:current-layer="svg12"
+     showgrid="false" />
   <g
-     id="g855"
-     transform="translate(15.581752,-2.225965)">
+     id="g1">
     <path
-       style="fill:#103253"
-       d="m 122.29825,65.702015 h 7.707 v 4.5093 c -1.782,1.206 -3.932,1.8876 -6.03,1.8876 -5.61,0 -10.381,-4.8239 -10.381,-10.5391 0,-5.6628 4.771,-10.4866 10.381,-10.4866 3.094,0 6.24,1.4681 8.18,3.88 l 6.554,-5.8201 c -3.67,-3.88 -9.176,-6.1871 -14.734,-6.1871 -10.643,0 -19.5571,8.4942 -19.5571,18.6138 0,10.1196 8.9141,18.6662 19.5571,18.6662 5.558,0 11.064,-2.307 14.734,-6.2395 v -15.0483 h -16.411 z"
-       id="path2"
-       inkscape:connector-curvature="0" />
+       id="path33"
+       d="m 146.20499,68.536408 h 7.88511 v 4.613635 c -1.84545,1.258262 -4.02644,1.929377 -6.20743,1.929377 -5.70413,0 -10.65331,-4.949192 -10.65331,-10.821088 0,-5.788015 4.8653,-10.737126 10.65331,-10.737126 3.1876,0 6.37521,1.509878 8.38843,3.942521 l 6.71074,-5.955763 c -3.77479,-3.942557 -9.39504,-6.291318 -15.09917,-6.291318 -10.90495,0 -20.04833,8.72392 -20.04833,19.041686 0,10.317763 9.14338,19.125651 20.04833,19.125651 5.70413,0 11.32438,-2.348738 15.09917,-6.375183 V 61.574075 h -16.77685 z"
+       style="fill:#103253;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:1.01587" />
     <path
-       style="fill:#103253"
-       d="m 153.50525,71.574615 v -27.9994 h -8.913 v 36.0216 h 26.269 v -8.0222 z"
-       id="path4"
-       inkscape:connector-curvature="0" />
+       id="path34"
+       d="M 178.16474,74.576132 V 45.887653 h -9.1434 v 36.82521 h 26.84296 v -8.220596 h -17.69956 z"
+       style="fill:#103253;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:1.01587" />
     <path
-       style="fill:#103253"
-       d="m 193.55725,80.226015 c 10.539,0 19.401,-8.5466 19.401,-18.6662 0,-10.1196 -8.862,-18.6138 -19.401,-18.6138 -10.486,0 -19.348,8.4942 -19.348,18.6138 0,10.1196 8.862,18.6662 19.348,18.6662 z m 0,-8.1271 c -5.505,0 -10.172,-4.8239 -10.172,-10.5391 0,-5.6628 4.667,-10.4866 10.172,-10.4866 5.506,0 10.172,4.8238 10.172,10.4866 0,5.7152 -4.666,10.5391 -10.172,10.5391 z"
-       id="path6"
-       inkscape:connector-curvature="0" />
+       id="path35"
+       d="m 219.10028,83.467869 c 10.82107,0 19.88058,-8.724005 19.88058,-19.125651 0,-10.317766 -9.05951,-19.041686 -19.88058,-19.041686 -10.73719,0 -19.79669,8.72392 -19.79669,19.041686 0,10.317763 9.0595,19.125651 19.79669,19.125651 z m 0,-8.388427 c -5.62025,0 -10.40164,-4.94919 -10.40164,-10.821088 0,-5.788015 4.78139,-10.737124 10.40164,-10.737124 5.62024,0 10.40164,4.949109 10.40164,10.737124 0,5.955781 -4.7814,10.821088 -10.40164,10.821088 z"
+       style="fill:#103253;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:1.01587" />
     <path
-       style="fill:#103253"
-       d="m 218.38325,79.596815 h 19.505 c 7.131,0 12.217,-3.9849 12.217,-9.7525 0,-3.9325 -2.464,-7.3407 -6.606,-9.1759 3.146,-1.5729 4.981,-4.4568 4.981,-8.0222 0,-5.2434 -4.614,-9.071 -11.273,-9.071 h -18.824 z m 8.914,-21.7597 v -6.6591 h 7.707 c 2.465,0 4.248,1.3633 4.248,3.3033 0,1.9401 -1.783,3.3558 -4.248,3.3558 z m 0,14.1569 v -7.2358 h 9.071 c 2.621,0 4.509,1.5206 4.509,3.6179 0,2.0974 -1.888,3.6179 -4.509,3.6179 z"
-       id="path8"
-       inkscape:connector-curvature="0" />
+       id="path36"
+       d="m 244.51717,82.796719 h 19.96447 c 7.29793,0 12.49875,-4.110248 12.49875,-9.982143 0,-4.026446 -2.51654,-7.549645 -6.79463,-9.395099 3.1876,-1.5938 5.11694,-4.529688 5.11694,-8.220595 0,-5.368591 -4.69751,-9.311233 -11.57601,-9.311233 h -19.29338 v 36.90907 z m 9.14341,-22.313192 v -6.794602 h 7.88511 c 2.51653,0 4.36197,1.426031 4.36197,3.35537 0,1.929339 -1.84544,3.439232 -4.36197,3.439232 z m 0,14.512016 V 67.61369 h 9.31113 c 2.68429,0 4.61363,1.593822 4.61363,3.690927 0,2.097107 -1.92934,3.690926 -4.61363,3.690926 z"
+       style="fill:#103253;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:1.01587" />
     <path
-       style="fill:#103253"
-       d="m 280.73025,79.596815 h 10.068 l -14.262,-36.0216 h -10.068 l -14.261,36.0216 h 10.067 l 2.097,-5.2433 h 14.262 z m -13.58,-12.2693 4.352,-11.0634 4.352,11.0634 z"
-       id="path10"
-       inkscape:connector-curvature="0" />
+       id="path37"
+       d="m 308.26937,82.796775 h 10.31778 L 303.9913,45.97167 h -10.31778 l -14.59586,36.825105 h 10.31775 l 2.181,-5.368509 h 14.59586 z m -13.8409,-12.582636 4.44588,-11.324375 4.44586,11.324375 z"
+       style="fill:#103253;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:1.01587" />
     <path
-       style="fill:#103253"
-       d="m 303.32925,71.574615 v -27.9994 h -8.914 v 36.0216 h 26.269 v -8.0222 z"
-       id="path12"
-       inkscape:connector-curvature="0" />
+       id="path38"
+       d="M 331.42119,74.576132 V 45.887653 h -9.14338 v 36.82521 h 26.84295 v -8.220596 h -17.69957 z"
+       style="fill:#103253;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:1.01587" />
     <path
-       style="fill:#103253"
-       d="m 353.76325,51.597515 v -8.0223 h -28.367 v 36.0216 h 28.367 v -8.0222 h -19.4 v -6.3445 h 17.617 v -8.0222 h -17.617 v -5.6104 z"
-       id="path14"
-       inkscape:connector-curvature="0" />
+       id="path39"
+       d="m 383.01013,54.108353 v -8.2207 h -29.02399 v 36.82521 h 29.02399 v -8.220596 h -19.88058 v -6.459149 h 18.03511 v -8.220597 h -18.03511 v -5.704168 z"
+       style="fill:#103253;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:1.01587" />
     <path
-       style="fill:#103253"
-       d="m 384.82925,79.596815 h 10.067 l -14.262,-36.0216 h -10.067 l -14.262,36.0216 h 10.067 l 2.098,-5.2433 h 14.261 z m -13.58,-12.2693 4.351,-11.0634 4.352,11.0634 z"
-       id="path16"
-       inkscape:connector-curvature="0" />
+       id="path40"
+       d="m 414.80212,82.796775 h 10.31775 L 410.52404,45.97167 h -10.31775 l -14.59588,36.825105 h 10.31775 l 2.18102,-5.368509 h 14.59583 z m -13.8409,-12.582636 4.44585,-11.324375 4.44591,11.324375 z"
+       style="fill:#103253;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:1.01587" />
     <path
-       style="fill:#103253"
-       d="m 398.72425,79.596815 h 8.966 v -9.805 l 4.142,-4.4568 10.119,14.2618 h 10.802 l -14.734,-20.7111 13.685,-15.3105 h -10.644 l -13.37,15.363 v -15.363 h -8.966 z"
-       id="path18"
-       inkscape:connector-curvature="0" />
+       id="path41"
+       d="m 429.06254,82.796719 h 9.1434 v -10.06611 l 4.27808,-4.529668 10.31775,14.595778 H 463.8745 L 448.77534,61.574065 462.78402,45.887649 H 451.87906 L 438.20594,61.574065 V 45.887649 h -9.1434 z"
+       style="fill:#103253;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:1.01587" />
     <path
-       style="fill:#103253"
-       d="m 449.99925,80.226015 c 8.913,0 14.419,-4.5092 14.419,-11.745 0,-6.7639 -5.191,-9.071 -13.266,-10.8012 -5.348,-1.1536 -7.078,-1.8876 -7.078,-4.0898 0,-1.7828 1.625,-3.146 4.509,-3.146 3.356,0 6.974,1.3108 10.277,3.8276 l 4.562,-6.3969 c -3.828,-3.1984 -8.547,-4.9287 -14.577,-4.9287 -8.232,0 -13.79,4.6141 -13.79,11.5353 0,7.2358 5.715,9.3331 13.423,11.0634 5.243,1.2584 6.921,1.7303 6.921,3.8801 0,1.94 -1.73,3.3033 -5.086,3.3033 -4.404,0 -8.337,-1.6779 -11.85,-4.5617 l -5.033,6.0298 c 4.352,3.9325 10.172,6.0298 16.569,6.0298 z"
-       id="path20"
-       inkscape:connector-curvature="0" />
-    <g
-       transform="translate(4.4182455,22.225965)"
-       id="g911">
-      <path
-         inkscape:connector-curvature="0"
-         id="path22"
-         d="m 65.6676,1.55176e-4 h 7.529 c 3.7191,0 6.8033,2.923584824 6.8033,6.644514824 v 66.71098 c 0,3.6323 -2.9934,6.6445 -6.8033,6.6445 H 57.1408 l 5.1705,-14.175 c 0.5443,-1.5947 -0.2721,-3.3665 -1.9049,-3.8981 -0.2721,-0.0886 -0.5443,-0.1772 -0.8164,-0.1772 -0.3628,0 -0.635,0 -0.9978,0.0886 -0.9978,0.2658 -1.8142,0.9745 -2.1771,1.9491 l -1.1792,2.9235 v -12.1373 c 0,-1.949 -1.4514,-3.5437 -3.3563,-3.8981 h -0.1814 c -0.1815,0 -0.3629,0 -0.5443,0 -0.1814,0 -0.2721,0 -0.4536,0 -0.0907,0 -0.1814,0 -0.2721,0 -0.0907,0 -0.1814,0 -0.2721,0.0886 -0.0907,0 -0.1814,0.0886 -0.2722,0.0886 h -0.0907 c -0.4535,0.1772 -0.9071,0.443 -1.3606,0.7974 v -0.7088 c 0,-0.9745 -0.4536,-1.8605 -1.0886,-2.5692 -0.0907,-0.0886 -0.1814,-0.1772 -0.1814,-0.1772 -0.1814,-0.1772 -0.4535,-0.3544 -0.7257,-0.5316 v -4.6954 c 0,-0.8859 -0.7256,-1.6833 -1.7235,-1.6833 h -7.3475 c -1.27,0 -2.0864,-1.2403 -1.5421,-2.392 L 50.6096,9.21392 C 53.6031,3.72111 59.4086,0.0887487 65.6676,1.55176e-4 Z M 60.6785,26.66685 c 1.9049,0 3.447,-1.5061 3.447,-3.3666 0,-1.8604 -1.5421,-3.3665 -3.447,-3.3665 -1.9049,0 -3.447,1.5061 -3.447,3.3665 0,1.8605 1.5421,3.3666 3.447,3.3666 z"
-         style="clip-rule:evenodd;fill:#103253;fill-rule:evenodd" />
-      <path
-         inkscape:connector-curvature="0"
-         id="path24"
-         d="M 47.8289,8.39088 C 48.668,5.03447 46.1507,-1.5e-4 41.9551,-1.5e-4 H 28.7105 c -6.4131,0 -12.1757,3.62367 -15.057,9.38442 L 0.17654003,37.07305 c -0.557668,1.115 0.278826,2.4158 1.48710997,2.4158 h 5.94846 c 1.11534,0 1.95184,1.0221 1.58006,2.1371 l -1.58006,5.8536 c 0,0.0929 0.09294,0.1859 0.18589,0.1859 4.4613,0 7.9932,3.6236 7.9932,8.0836 v 0.7433 c 0,4.4599 -3.6248,8.0836 -7.9932,8.0836 H 4.63787 c -0.18589,0 -0.46472,0 -0.65061,0 -0.55767,-0.0929 -1.11533,0.2788 -1.30122,0.8363 -2.04477897,7.3403 3.43896,14.5876 10.96746,14.5876 h 17.1018 v -18.9546 c 0,-1.6725 1.3942,-3.0663 3.0672,-3.0663 h 0.1859 0.0929 c 0.093,0 0.1859,0 0.2789,0 v -3.4378 c 0,-2.137 1.7659,-3.9025 3.9036,-3.9025 1.0224,0 1.9519,0.3716 2.6025,1.0221 v -0.6504 c 0,-1.5796 0.9294,-2.9733 2.3236,-3.5308 v -2.8804 h -5.4837 c -3.6249,0 -5.9485,-3.8095 -4.3684,-7.1544 z M 23.8774,26.75945 c 1.8589,0 3.346,-1.4866 3.346,-3.3449 0,-1.8583 -1.4871,-3.345 -3.346,-3.345 -1.8589,0 -3.346,1.4867 -3.346,3.345 0,1.7654 1.4871,3.3449 3.346,3.3449 z"
-         style="clip-rule:evenodd;fill:#377abc;fill-rule:evenodd" />
-    </g>
+       id="path42"
+       d="m 481.49031,83.467834 c 9.14339,0 14.76367,-4.613673 14.76367,-11.995487 0,-6.962396 -5.28472,-9.311112 -13.58927,-11.072684 -5.45247,-1.174379 -7.21407,-1.929335 -7.21407,-4.194212 0,-1.845451 1.67768,-3.187642 4.61363,-3.187642 3.43926,0 7.13016,1.34221 10.48554,3.942622 l 4.69754,-6.543012 c -3.94255,-3.271489 -8.72395,-5.033056 -14.93139,-5.033056 -8.38842,0 -14.0926,4.697498 -14.0926,11.82766 0,7.381813 5.87193,9.562804 13.75705,11.324373 5.36859,1.258265 7.0463,1.761632 7.0463,3.942622 0,2.013222 -1.76158,3.35537 -5.20084,3.35537 -4.52975,0 -8.55619,-1.677665 -12.16322,-4.697499 l -5.11697,6.207354 c 4.44587,3.942559 10.40166,6.123591 16.94463,6.123591 z"
+       style="fill:#103253;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:1.01587" />
+    <path
+       id="path43"
+       d="m 86.647089,27.600944 h 7.71736 c 3.271489,0 5.955771,2.684276 5.955771,5.955761 V 93.95338 c 0,3.271485 -2.684282,5.955862 -5.955771,5.955862 H 79.097507 l 4.529756,-12.83433 c 0.503306,-1.426034 -0.251652,-3.019796 -1.677684,-3.523101 -0.251652,-0.08388 -0.419423,-0.167829 -0.671077,-0.167829 -0.251653,0 -0.587188,-2e-5 -0.838842,0.08386 -0.838844,0.167767 -1.593804,0.838925 -1.929341,1.761653 L 77.50371,87.913748 V 77.008795 c 0,-1.761572 -1.258262,-3.187562 -2.935947,-3.523101 h -0.167767 c -0.167768,0 -0.335538,0 -0.419421,0 -0.16777,0 -0.251653,0 -0.419422,0 -0.08388,0 -0.167765,0 -0.167765,0 -0.08388,0 -0.167772,-1.9e-5 -0.251656,0.08386 -0.08388,0 -0.167772,0.08386 -0.251655,0.08386 -0.419422,0.167771 -0.838838,0.419464 -1.174374,0.671115 v -0.671115 c 0,-0.922728 -0.419428,-1.677646 -0.922733,-2.264836 -0.08388,-0.08388 -0.08388,-0.08394 -0.167765,-0.167828 -0.16777,-0.167755 -0.419425,-0.335527 -0.671077,-0.41941 v -4.278076 c 0,-0.838845 -0.671076,-1.509957 -1.509919,-1.509957 h -6.459085 c -1.090496,0 -1.84546,-1.174358 -1.342153,-2.18097 L 73.64503,35.989369 c 2.348758,-5.033056 7.381814,-8.304541 13.002059,-8.388425 z M 82.28511,51.759653 c 1.677686,0 3.01984,-1.342126 3.01984,-3.01981 0,-1.677688 -1.342154,-3.019919 -3.01984,-3.019919 -1.677684,0 -3.019824,1.342231 -3.019824,3.019919 -0.08388,1.593796 1.34214,3.01981 3.019824,3.01981 z"
+       style="fill:#103253;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:1.01587" />
+    <path
+       id="path44"
+       d="m 72.051194,32.801829 c 0.335534,-2.600416 -1.67768,-5.200885 -4.529747,-5.200885 H 53.84831 c -5.788013,0 -10.988835,3.271469 -13.589247,8.472288 L 28.095845,61.070786 c -0.503306,1.00661 0.251645,2.18097 1.342141,2.18097 h 5.368599 c 1.006612,0 1.761568,0.922766 1.42603,1.929377 l -1.42603,5.284649 c 0,0.08388 0.08388,0.16783 0.167767,0.16783 4.026444,0 7.214039,3.271445 7.214039,7.297887 v 0.671115 c 0,4.026446 -3.271479,7.297891 -7.214039,7.297891 h -2.852073 c -0.167768,0 -0.419419,0 -0.587187,0 -0.503306,-0.08388 -1.006606,0.251675 -1.174375,0.75498 -1.845454,6.626857 3.10372,13.169787 9.898346,13.169787 H 55.693761 V 82.712966 c 0,-1.509917 1.258268,-2.768222 2.768185,-2.768222 h 0.167766 0.08389 c 0.08388,0 0.167758,0 0.251642,0 v -3.103678 c 0,-1.929339 1.593813,-3.523202 3.523148,-3.523202 0.922728,0 1.76156,0.335519 2.348749,0.922709 v -0.58715 c 0,-1.42603 0.838844,-2.684335 2.097107,-3.187641 V 67.86539 h -4.949165 c -3.271488,0 -5.368591,-3.439213 -3.942558,-6.459047 L 71.044583,34.563377 c 0.251654,-0.503301 0.587189,-1.174355 1.006611,-1.761548 z M 49.486332,51.759653 c 1.677685,0 3.019826,-1.34213 3.019826,-3.019815 0,-1.677684 -1.342141,-3.019915 -3.019826,-3.019915 -1.677686,0 -3.01984,1.342231 -3.01984,3.019915 0,1.593801 1.342154,3.019815 3.01984,3.019815 z"
+       style="fill:#3679bb;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:1.01587" />
   </g>
 </svg>
diff --git a/brand/assets/globaleaks-logo-white.png b/brand/assets/globaleaks-logo-white.png
index 1ada2076b3..5ec2a477f7 100644
Binary files a/brand/assets/globaleaks-logo-white.png and b/brand/assets/globaleaks-logo-white.png differ
diff --git a/brand/assets/globaleaks-logo-white.svg b/brand/assets/globaleaks-logo-white.svg
index ae888b1749..e7a8a370d6 100644
--- a/brand/assets/globaleaks-logo-white.svg
+++ b/brand/assets/globaleaks-logo-white.svg
@@ -1,124 +1,143 @@
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 <svg
-   xmlns:dc="http://purl.org/dc/elements/1.1/"
-   xmlns:cc="http://creativecommons.org/ns#"
-   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
-   xmlns:svg="http://www.w3.org/2000/svg"
-   xmlns="http://www.w3.org/2000/svg"
-   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
-   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
-   width="500"
-   height="120"
-   viewBox="0 0 500 120"
+   width="524.19049"
+   height="128"
+   viewBox="0 0 524.19049 128"
+   fill="none"
    version="1.1"
-   id="svg26"
+   id="svg12"
    sodipodi:docname="globaleaks-logo-white.svg"
-   style="fill:none"
-   inkscape:version="0.92.4 (5da689c313, 2019-01-14)"
-   inkscape:export-filename="/home/evilaliv3/Development/GlobaLeaks/brand/assets/globaleaks-logo-white.png"
-   inkscape:export-xdpi="96"
-   inkscape:export-ydpi="96">
-  <sodipodi:namedview
-     pagecolor="#ffffff"
-     bordercolor="#666666"
-     borderopacity="1"
-     objecttolerance="10"
-     gridtolerance="10"
-     guidetolerance="10"
-     inkscape:pageopacity="0"
-     inkscape:pageshadow="2"
-     inkscape:window-width="1916"
-     inkscape:window-height="1040"
-     id="namedview887"
-     showgrid="false"
-     inkscape:zoom="2.5326087"
-     inkscape:cx="231.97425"
-     inkscape:cy="40"
-     inkscape:window-x="0"
-     inkscape:window-y="18"
-     inkscape:window-maximized="0"
-     inkscape:current-layer="svg26" />
-  <metadata
-     id="metadata32">
-    <rdf:RDF>
-      <cc:Work
-         rdf:about="">
-        <dc:format>image/svg+xml</dc:format>
-        <dc:type
-           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
-        <dc:title></dc:title>
-      </cc:Work>
-    </rdf:RDF>
-  </metadata>
+   inkscape:version="1.3.1 (9b9bdc1480, 2023-11-25, custom)"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:svg="http://www.w3.org/2000/svg">
   <defs
-     id="defs30" />
-  <g
-     id="g902"
-     transform="translate(20,-20.00015)">
-    <g
-       transform="translate(0,40)"
-       style="fill:#ffffff"
-       id="g859">
+     id="defs12">
+    <clipPath
+       clipPathUnits="userSpaceOnUse"
+       id="clipPath47">
       <path
-         inkscape:connector-curvature="0"
-         style="fill:#ffffff"
-         d="m 117.88,43.4762 h 7.707 v 4.5093 c -1.782,1.206 -3.932,1.8876 -6.03,1.8876 -5.61,0 -10.381,-4.8239 -10.381,-10.5391 0,-5.6628 4.771,-10.4866 10.381,-10.4866 3.094,0 6.24,1.4681 8.18,3.88 l 6.554,-5.8201 c -3.67,-3.88 -9.176,-6.1871 -14.734,-6.1871 -10.643,0 -19.5571,8.4942 -19.5571,18.6138 0,10.1196 8.9141,18.6662 19.5571,18.6662 5.558,0 11.064,-2.307 14.734,-6.2395 V 36.7124 H 117.88 Z"
-         id="path2" />
+         d="m 340,323.00006 h -27 v -27 h 27 z"
+         transform="translate(-313.00001,-296.00007)"
+         clip-rule="evenodd"
+         id="path47" />
+    </clipPath>
+    <clipPath
+       clipPathUnits="userSpaceOnUse"
+       id="clipPath50">
       <path
-         inkscape:connector-curvature="0"
-         style="fill:#ffffff"
-         d="M 149.087,49.3488 V 21.3494 h -8.913 V 57.371 h 26.269 v -8.0222 z"
-         id="path4" />
+         d="m 730,323.00006 h -27 v -27 h 27 z"
+         transform="translate(-703.00002,-296.00007)"
+         clip-rule="evenodd"
+         id="path50" />
+    </clipPath>
+    <clipPath
+       clipPathUnits="userSpaceOnUse"
+       id="clipPath53">
       <path
-         inkscape:connector-curvature="0"
-         style="fill:#ffffff"
-         d="m 189.139,58.0002 c 10.539,0 19.401,-8.5466 19.401,-18.6662 0,-10.1196 -8.862,-18.6138 -19.401,-18.6138 -10.486,0 -19.348,8.4942 -19.348,18.6138 0,10.1196 8.862,18.6662 19.348,18.6662 z m 0,-8.1271 c -5.505,0 -10.172,-4.8239 -10.172,-10.5391 0,-5.6628 4.667,-10.4866 10.172,-10.4866 5.506,0 10.172,4.8238 10.172,10.4866 0,5.7152 -4.666,10.5391 -10.172,10.5391 z"
-         id="path6" />
+         d="m 242,323.00006 h -27 v -27 h 27 z"
+         transform="translate(-215.00001,-296.00007)"
+         clip-rule="evenodd"
+         id="path53" />
+    </clipPath>
+    <clipPath
+       clipPathUnits="userSpaceOnUse"
+       id="clipPath56">
       <path
-         inkscape:connector-curvature="0"
-         style="fill:#ffffff"
-         d="m 213.965,57.371 h 19.505 c 7.131,0 12.217,-3.9849 12.217,-9.7525 0,-3.9325 -2.464,-7.3407 -6.606,-9.1759 3.146,-1.5729 4.981,-4.4568 4.981,-8.0222 0,-5.2434 -4.614,-9.071 -11.273,-9.071 h -18.824 z m 8.914,-21.7597 v -6.6591 h 7.707 c 2.465,0 4.248,1.3633 4.248,3.3033 0,1.9401 -1.783,3.3558 -4.248,3.3558 z m 0,14.1569 v -7.2358 h 9.071 c 2.621,0 4.509,1.5206 4.509,3.6179 0,2.0974 -1.888,3.6179 -4.509,3.6179 z"
-         id="path8" />
+         d="m 242,225.00006 h -27 v -27 h 27 z"
+         transform="translate(-215.00001,-198.00007)"
+         clip-rule="evenodd"
+         id="path56" />
+    </clipPath>
+    <clipPath
+       clipPathUnits="userSpaceOnUse"
+       id="clipPath59">
       <path
-         inkscape:connector-curvature="0"
-         style="fill:#ffffff"
-         d="M 276.312,57.371 H 286.38 L 272.118,21.3494 H 262.05 L 247.789,57.371 h 10.067 l 2.097,-5.2433 h 14.262 z m -13.58,-12.2693 4.352,-11.0634 4.352,11.0634 z"
-         id="path10" />
+         d="m 340,225.00006 h -27 v -27 h 27 z"
+         transform="translate(-313.00001,-198.00007)"
+         clip-rule="evenodd"
+         id="path59" />
+    </clipPath>
+    <clipPath
+       clipPathUnits="userSpaceOnUse"
+       id="clipPath62">
       <path
-         inkscape:connector-curvature="0"
-         style="fill:#ffffff"
-         d="M 298.911,49.3488 V 21.3494 h -8.914 V 57.371 h 26.269 v -8.0222 z"
-         id="path12" />
-      <path
-         inkscape:connector-curvature="0"
-         style="fill:#ffffff"
-         d="M 349.345,29.3717 V 21.3494 H 320.978 V 57.371 h 28.367 v -8.0222 h -19.4 v -6.3445 h 17.617 v -8.0222 h -17.617 v -5.6104 z"
-         id="path14" />
-      <path
-         inkscape:connector-curvature="0"
-         style="fill:#ffffff"
-         d="m 380.411,57.371 h 10.067 L 376.216,21.3494 H 366.149 L 351.887,57.371 h 10.067 l 2.098,-5.2433 h 14.261 z m -13.58,-12.2693 4.351,-11.0634 4.352,11.0634 z"
-         id="path16" />
-      <path
-         inkscape:connector-curvature="0"
-         style="fill:#ffffff"
-         d="m 394.306,57.371 h 8.966 v -9.805 l 4.142,-4.4568 10.119,14.2618 h 10.802 L 413.601,36.6599 427.286,21.3494 h -10.644 l -13.37,15.363 v -15.363 h -8.966 z"
-         id="path18" />
-      <path
-         inkscape:connector-curvature="0"
-         style="fill:#ffffff"
-         d="m 445.581,58.0002 c 8.913,0 14.419,-4.5092 14.419,-11.745 0,-6.7639 -5.191,-9.071 -13.266,-10.8012 -5.348,-1.1536 -7.078,-1.8876 -7.078,-4.0898 0,-1.7828 1.625,-3.146 4.509,-3.146 3.356,0 6.974,1.3108 10.277,3.8276 l 4.562,-6.3969 c -3.828,-3.1984 -8.547,-4.9287 -14.577,-4.9287 -8.232,0 -13.79,4.6141 -13.79,11.5353 0,7.2358 5.715,9.3331 13.423,11.0634 5.243,1.2584 6.921,1.7303 6.921,3.8801 0,1.94 -1.73,3.3033 -5.086,3.3033 -4.404,0 -8.337,-1.6779 -11.85,-4.5617 l -5.033,6.0298 c 4.352,3.9325 10.172,6.0298 16.569,6.0298 z"
-         id="path20" />
-      <path
-         inkscape:connector-curvature="0"
-         style="clip-rule:evenodd;fill:#ffffff;fill-rule:evenodd"
-         d="m 65.6676,3.05176e-4 h 7.529 c 3.7191,0 6.8033,2.923584824 6.8033,6.644514824 V 73.3558 c 0,3.6323 -2.9934,6.6445 -6.8033,6.6445 H 57.1408 l 5.1705,-14.175 C 62.8556,64.2306 62.0392,62.4588 60.4064,61.9272 60.1343,61.8386 59.8621,61.75 59.59,61.75 c -0.3628,0 -0.635,0 -0.9978,0.0886 -0.9978,0.2658 -1.8142,0.9745 -2.1771,1.9491 l -1.1792,2.9235 V 54.5739 c 0,-1.949 -1.4514,-3.5437 -3.3563,-3.8981 h -0.1814 c -0.1815,0 -0.3629,0 -0.5443,0 -0.1814,0 -0.2721,0 -0.4536,0 -0.0907,0 -0.1814,0 -0.2721,0 -0.0907,0 -0.1814,0 -0.2721,0.0886 -0.0907,0 -0.1814,0.0886 -0.2722,0.0886 h -0.0907 c -0.4535,0.1772 -0.9071,0.443 -1.3606,0.7974 v -0.7088 c 0,-0.9745 -0.4536,-1.8605 -1.0886,-2.5692 -0.0907,-0.0886 -0.1814,-0.1772 -0.1814,-0.1772 -0.1814,-0.1772 -0.4535,-0.3544 -0.7257,-0.5316 v -4.6954 c 0,-0.8859 -0.7256,-1.6833 -1.7235,-1.6833 h -7.3475 c -1.27,0 -2.0864,-1.2403 -1.5421,-2.392 L 50.6096,9.21407 C 53.6031,3.72126 59.4086,0.0888987 65.6676,3.05176e-4 Z M 60.6785,26.667 c 1.9049,0 3.447,-1.5061 3.447,-3.3666 0,-1.8604 -1.5421,-3.3665 -3.447,-3.3665 -1.9049,0 -3.447,1.5061 -3.447,3.3665 0,1.8605 1.5421,3.3666 3.447,3.3666 z"
-         id="path22" />
-      <path
-         inkscape:connector-curvature="0"
-         style="clip-rule:evenodd;fill:#ffffff;fill-rule:evenodd"
-         d="M 47.8289,8.39103 C 48.668,5.03462 46.1507,0 41.9551,0 H 28.7105 C 22.2974,0 16.5348,3.62367 13.6535,9.38442 L 0.17654,37.0732 c -0.557668,1.115 0.278826,2.4158 1.48711,2.4158 h 5.94846 c 1.11534,0 1.95184,1.0221 1.58006,2.1371 l -1.58006,5.8536 c 0,0.0929 0.09294,0.1859 0.18589,0.1859 4.4613,0 7.9932,3.6236 7.9932,8.0836 v 0.7433 c 0,4.4599 -3.6248,8.0836 -7.9932,8.0836 H 4.63787 c -0.18589,0 -0.46472,0 -0.65061,0 C 3.42959,64.4832 2.87193,64.8549 2.68604,65.4124 0.641261,72.7527 6.125,80 13.6535,80 H 30.7553 V 61.0454 c 0,-1.6725 1.3942,-3.0663 3.0672,-3.0663 h 0.1859 0.0929 c 0.093,0 0.1859,0 0.2789,0 v -3.4378 c 0,-2.137 1.7659,-3.9025 3.9036,-3.9025 1.0224,0 1.9519,0.3716 2.6025,1.0221 v -0.6504 c 0,-1.5796 0.9294,-2.9733 2.3236,-3.5308 v -2.8804 h -5.4837 c -3.6249,0 -5.9485,-3.8095 -4.3684,-7.1544 z M 23.8774,26.7596 c 1.8589,0 3.346,-1.4866 3.346,-3.3449 0,-1.8583 -1.4871,-3.345 -3.346,-3.345 -1.8589,0 -3.346,1.4867 -3.346,3.345 0,1.7654 1.4871,3.3449 3.346,3.3449 z"
-         id="path24" />
-    </g>
+         d="m 730,225.00006 h -27 v -27 h 27 z"
+         transform="translate(-703.00002,-198.00007)"
+         clip-rule="evenodd"
+         id="path62" />
+    </clipPath>
+  </defs>
+  <sodipodi:namedview
+     id="namedview12"
+     pagecolor="#ffffff"
+     bordercolor="#000000"
+     borderopacity="0.25"
+     inkscape:showpageshadow="2"
+     inkscape:pageopacity="0.0"
+     inkscape:pagecheckerboard="false"
+     inkscape:deskcolor="#d1d1d1"
+     inkscape:zoom="1.3079578"
+     inkscape:cx="224.77789"
+     inkscape:cy="-1.5291013"
+     inkscape:window-width="1920"
+     inkscape:window-height="1011"
+     inkscape:window-x="0"
+     inkscape:window-y="0"
+     inkscape:window-maximized="1"
+     inkscape:current-layer="svg12"
+     showgrid="false" />
+  <g
+     id="g1"
+     style="fill:#ffffff">
+    <path
+       id="path33"
+       d="m 146.20499,68.536408 h 7.88511 v 4.613635 c -1.84545,1.258262 -4.02644,1.929377 -6.20743,1.929377 -5.70413,0 -10.65331,-4.949192 -10.65331,-10.821088 0,-5.788015 4.8653,-10.737126 10.65331,-10.737126 3.1876,0 6.37521,1.509878 8.38843,3.942521 l 6.71074,-5.955763 c -3.77479,-3.942557 -9.39504,-6.291318 -15.09917,-6.291318 -10.90495,0 -20.04833,8.72392 -20.04833,19.041686 0,10.317763 9.14338,19.125651 20.04833,19.125651 5.70413,0 11.32438,-2.348738 15.09917,-6.375183 V 61.574075 h -16.77685 z"
+       style="fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:1.01587" />
+    <path
+       id="path34"
+       d="M 178.16474,74.576132 V 45.887653 h -9.1434 v 36.82521 h 26.84296 v -8.220596 h -17.69956 z"
+       style="fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:1.01587" />
+    <path
+       id="path35"
+       d="m 219.10028,83.467869 c 10.82107,0 19.88058,-8.724005 19.88058,-19.125651 0,-10.317766 -9.05951,-19.041686 -19.88058,-19.041686 -10.73719,0 -19.79669,8.72392 -19.79669,19.041686 0,10.317763 9.0595,19.125651 19.79669,19.125651 z m 0,-8.388427 c -5.62025,0 -10.40164,-4.94919 -10.40164,-10.821088 0,-5.788015 4.78139,-10.737124 10.40164,-10.737124 5.62024,0 10.40164,4.949109 10.40164,10.737124 0,5.955781 -4.7814,10.821088 -10.40164,10.821088 z"
+       style="fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:1.01587" />
+    <path
+       id="path36"
+       d="m 244.51717,82.796719 h 19.96447 c 7.29793,0 12.49875,-4.110248 12.49875,-9.982143 0,-4.026446 -2.51654,-7.549645 -6.79463,-9.395099 3.1876,-1.5938 5.11694,-4.529688 5.11694,-8.220595 0,-5.368591 -4.69751,-9.311233 -11.57601,-9.311233 h -19.29338 v 36.90907 z m 9.14341,-22.313192 v -6.794602 h 7.88511 c 2.51653,0 4.36197,1.426031 4.36197,3.35537 0,1.929339 -1.84544,3.439232 -4.36197,3.439232 z m 0,14.512016 V 67.61369 h 9.31113 c 2.68429,0 4.61363,1.593822 4.61363,3.690927 0,2.097107 -1.92934,3.690926 -4.61363,3.690926 z"
+       style="fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:1.01587" />
+    <path
+       id="path37"
+       d="m 308.26937,82.796775 h 10.31778 L 303.9913,45.97167 h -10.31778 l -14.59586,36.825105 h 10.31775 l 2.181,-5.368509 h 14.59586 z m -13.8409,-12.582636 4.44588,-11.324375 4.44586,11.324375 z"
+       style="fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:1.01587" />
+    <path
+       id="path38"
+       d="M 331.42119,74.576132 V 45.887653 h -9.14338 v 36.82521 h 26.84295 v -8.220596 h -17.69957 z"
+       style="fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:1.01587" />
+    <path
+       id="path39"
+       d="m 383.01013,54.108353 v -8.2207 h -29.02399 v 36.82521 h 29.02399 v -8.220596 h -19.88058 v -6.459149 h 18.03511 v -8.220597 h -18.03511 v -5.704168 z"
+       style="fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:1.01587" />
+    <path
+       id="path40"
+       d="m 414.80212,82.796775 h 10.31775 L 410.52404,45.97167 h -10.31775 l -14.59588,36.825105 h 10.31775 l 2.18102,-5.368509 h 14.59583 z m -13.8409,-12.582636 4.44585,-11.324375 4.44591,11.324375 z"
+       style="fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:1.01587" />
+    <path
+       id="path41"
+       d="m 429.06254,82.796719 h 9.1434 v -10.06611 l 4.27808,-4.529668 10.31775,14.595778 H 463.8745 L 448.77534,61.574065 462.78402,45.887649 H 451.87906 L 438.20594,61.574065 V 45.887649 h -9.1434 z"
+       style="fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:1.01587" />
+    <path
+       id="path42"
+       d="m 481.49031,83.467834 c 9.14339,0 14.76367,-4.613673 14.76367,-11.995487 0,-6.962396 -5.28472,-9.311112 -13.58927,-11.072684 -5.45247,-1.174379 -7.21407,-1.929335 -7.21407,-4.194212 0,-1.845451 1.67768,-3.187642 4.61363,-3.187642 3.43926,0 7.13016,1.34221 10.48554,3.942622 l 4.69754,-6.543012 c -3.94255,-3.271489 -8.72395,-5.033056 -14.93139,-5.033056 -8.38842,0 -14.0926,4.697498 -14.0926,11.82766 0,7.381813 5.87193,9.562804 13.75705,11.324373 5.36859,1.258265 7.0463,1.761632 7.0463,3.942622 0,2.013222 -1.76158,3.35537 -5.20084,3.35537 -4.52975,0 -8.55619,-1.677665 -12.16322,-4.697499 l -5.11697,6.207354 c 4.44587,3.942559 10.40166,6.123591 16.94463,6.123591 z"
+       style="fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:1.01587" />
+    <path
+       id="path43"
+       d="m 86.647089,27.600944 h 7.71736 c 3.271489,0 5.955771,2.684276 5.955771,5.955761 V 93.95338 c 0,3.271485 -2.684282,5.955862 -5.955771,5.955862 H 79.097507 l 4.529756,-12.83433 c 0.503306,-1.426034 -0.251652,-3.019796 -1.677684,-3.523101 -0.251652,-0.08388 -0.419423,-0.167829 -0.671077,-0.167829 -0.251653,0 -0.587188,-2e-5 -0.838842,0.08386 -0.838844,0.167767 -1.593804,0.838925 -1.929341,1.761653 L 77.50371,87.913748 V 77.008795 c 0,-1.761572 -1.258262,-3.187562 -2.935947,-3.523101 h -0.167767 c -0.167768,0 -0.335538,0 -0.419421,0 -0.16777,0 -0.251653,0 -0.419422,0 -0.08388,0 -0.167765,0 -0.167765,0 -0.08388,0 -0.167772,-1.9e-5 -0.251656,0.08386 -0.08388,0 -0.167772,0.08386 -0.251655,0.08386 -0.419422,0.167771 -0.838838,0.419464 -1.174374,0.671115 v -0.671115 c 0,-0.922728 -0.419428,-1.677646 -0.922733,-2.264836 -0.08388,-0.08388 -0.08388,-0.08394 -0.167765,-0.167828 -0.16777,-0.167755 -0.419425,-0.335527 -0.671077,-0.41941 v -4.278076 c 0,-0.838845 -0.671076,-1.509957 -1.509919,-1.509957 h -6.459085 c -1.090496,0 -1.84546,-1.174358 -1.342153,-2.18097 L 73.64503,35.989369 c 2.348758,-5.033056 7.381814,-8.304541 13.002059,-8.388425 z M 82.28511,51.759653 c 1.677686,0 3.01984,-1.342126 3.01984,-3.01981 0,-1.677688 -1.342154,-3.019919 -3.01984,-3.019919 -1.677684,0 -3.019824,1.342231 -3.019824,3.019919 -0.08388,1.593796 1.34214,3.01981 3.019824,3.01981 z"
+       style="fill:#ffffff;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:1.01587" />
+    <path
+       id="path44"
+       d="m 72.051194,32.801829 c 0.335534,-2.600416 -1.67768,-5.200885 -4.529747,-5.200885 H 53.84831 c -5.788013,0 -10.988835,3.271469 -13.589247,8.472288 L 28.095845,61.070786 c -0.503306,1.00661 0.251645,2.18097 1.342141,2.18097 h 5.368599 c 1.006612,0 1.761568,0.922766 1.42603,1.929377 l -1.42603,5.284649 c 0,0.08388 0.08388,0.16783 0.167767,0.16783 4.026444,0 7.214039,3.271445 7.214039,7.297887 v 0.671115 c 0,4.026446 -3.271479,7.297891 -7.214039,7.297891 h -2.852073 c -0.167768,0 -0.419419,0 -0.587187,0 -0.503306,-0.08388 -1.006606,0.251675 -1.174375,0.75498 -1.845454,6.626857 3.10372,13.169787 9.898346,13.169787 H 55.693761 V 82.712966 c 0,-1.509917 1.258268,-2.768222 2.768185,-2.768222 h 0.167766 0.08389 c 0.08388,0 0.167758,0 0.251642,0 v -3.103678 c 0,-1.929339 1.593813,-3.523202 3.523148,-3.523202 0.922728,0 1.76156,0.335519 2.348749,0.922709 v -0.58715 c 0,-1.42603 0.838844,-2.684335 2.097107,-3.187641 V 67.86539 h -4.949165 c -3.271488,0 -5.368591,-3.439213 -3.942558,-6.459047 L 71.044583,34.563377 c 0.251654,-0.503301 0.587189,-1.174355 1.006611,-1.761548 z M 49.486332,51.759653 c 1.677685,0 3.019826,-1.34213 3.019826,-3.019815 0,-1.677684 -1.342141,-3.019915 -3.019826,-3.019915 -1.677686,0 -3.01984,1.342231 -3.01984,3.019915 0,1.593801 1.342154,3.019815 3.01984,3.019815 z"
+       style="fill:#ffffff;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:1.01587" />
   </g>
 </svg>
diff --git a/brand/assets/heart.svg b/brand/assets/heart.svg
new file mode 100644
index 0000000000..55f50dd3fe
--- /dev/null
+++ b/brand/assets/heart.svg
@@ -0,0 +1,34 @@
+<svg viewBox="0, 0, 350, 300" xmlns="http://www.w3.org/2000/svg" width="350" height="300">
+    <rect x="50" width="50" height="50" fill="#ad1d45" stroke="none"/>
+    <rect x="100" width="50" height="50" fill="#d9195c" stroke="none"/>
+    <rect x="200" width="50" height="50" fill="#d9195c" stroke="none"/>
+    <rect x="250" width="50" height="50" fill="#d62d75" stroke="none"/>
+
+    <rect y="50" width="50" height="50" fill="#d9195c" stroke="none"/>
+    <rect x="50" y="50" width="50" height="50" fill="#ee2178" stroke="none"/>
+    <rect x="100" y="50" width="50" height="50" fill="#ee2178" stroke="none"/>
+    <rect x="150" y="50" width="50" height="50" fill="#d9195c" stroke="none"/>
+    <rect x="200" y="50" width="50" height="50" fill="#ee2178" stroke="none"/>
+    <rect x="250" y="50" width="50" height="50" fill="#f7b0cf" stroke="none"/>
+    <rect x="300" y="50" width="50" height="50" fill="#ad1d45" stroke="none"/>
+
+    <rect y="100" width="50" height="50" fill="#d62d75" stroke="none"/>
+    <rect x="50" y="100" width="50" height="50" fill="#d9195c" stroke="none"/>
+    <rect x="100" y="100" width="50" height="50" fill="#d9195c" stroke="none"/>
+    <rect x="150" y="100" width="50" height="50" fill="#ad1d45" stroke="none"/>
+    <rect x="200" y="100" width="50" height="50" fill="#d9195c" stroke="none"/>
+    <rect x="250" y="100" width="50" height="50" fill="#d62d75" stroke="none"/>
+    <rect x="300" y="100" width="50" height="50" fill="#ad1d45" stroke="none"/>
+
+    <rect x="50" y="150" width="50" height="50" fill="#ad1d45" stroke="none"/>
+    <rect x="100" y="150" width="50" height="50" fill="#ee2178" stroke="none"/>
+    <rect x="150" y="150" width="50" height="50" fill="#d9195c" stroke="none"/>
+    <rect x="200" y="150" width="50" height="50" fill="#ee2178" stroke="none"/>
+    <rect x="250" y="150" width="50" height="50" fill="#d9195c" stroke="none"/>
+
+    <rect x="100" y="200" width="50" height="50" fill="#d9195c" stroke="none"/>
+    <rect x="150" y="200" width="50" height="50" fill="#d62d75" stroke="none"/>
+    <rect x="200" y="200" width="50" height="50" fill="#d9195c" stroke="none"/>
+
+    <rect x="150" y="250" width="50" height="50" fill="#ee2178" stroke="none"/>
+</svg>
diff --git a/brand/assets/icon.ico b/brand/assets/icon.ico
deleted file mode 100644
index beced1404a..0000000000
Binary files a/brand/assets/icon.ico and /dev/null differ
diff --git a/brand/globaleaks-brand-guidelines.fig b/brand/globaleaks-brand-guidelines.fig
deleted file mode 100644
index 61af5bd862..0000000000
Binary files a/brand/globaleaks-brand-guidelines.fig and /dev/null differ
diff --git a/brand/globaleaks-brand-guidelines.pdf b/brand/globaleaks-brand-guidelines.pdf
index 16141c22ae..5a8c83f03c 100644
Binary files a/brand/globaleaks-brand-guidelines.pdf and b/brand/globaleaks-brand-guidelines.pdf differ
diff --git a/client/app/assets/data/field_attrs.json b/client/app/assets/data/field_attrs.json
old mode 100755
new mode 100644
diff --git a/client/app/assets/data/templates_descriptor.json b/client/app/assets/data/templates_descriptor.json
old mode 100755
new mode 100644
diff --git a/debian/changelog b/debian/changelog
index 0c7ca4a7d5..300e9fdd77 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,87 @@
+globaleaks (5.0.20) stable; urgency=medium
+
+  * New stable release
+
+ -- GlobaLeaks software signing key <info@globaleaks.org>  Wed, 30 Oct 2024 16:40:23 +0100
+
+globaleaks (5.0.19) stable; urgency=medium
+
+  * New stable release
+
+ -- GlobaLeaks software signing key <info@globaleaks.org>  Tue, 29 Oct 2024 12:12:26 +0100
+
+globaleaks (5.0.18) stable; urgency=medium
+
+  * New stable release
+
+ -- GlobaLeaks software signing key <info@globaleaks.org>  Sun, 20 Oct 2024 22:01:25 +0200
+
+globaleaks (5.0.17) stable; urgency=medium
+
+  * New stable release
+
+ -- GlobaLeaks software signing key <info@globaleaks.org>  Tue, 15 Oct 2024 23:44:23 +0200
+
+globaleaks (5.0.16) stable; urgency=medium
+
+  * New stable release
+
+ -- GlobaLeaks software signing key <info@globaleaks.org>  Tue, 15 Oct 2024 09:05:33 +0200
+
+globaleaks (5.0.15) stable; urgency=medium
+
+  * New stable release
+
+ -- GlobaLeaks software signing key <info@globaleaks.org>  Wed, 09 Oct 2024 14:55:49 +0200
+
+globaleaks (5.0.14) stable; urgency=medium
+
+  * New stable release
+
+ -- GlobaLeaks software signing key <info@globaleaks.org>  Tue, 08 Oct 2024 20:22:11 +0200
+
+globaleaks (5.0.13) stable; urgency=medium
+
+  * New stable release
+
+ -- GlobaLeaks software signing key <info@globaleaks.org>  Tue, 08 Oct 2024 17:11:44 +0200
+
+globaleaks (5.0.12) stable; urgency=medium
+
+  * New stable release
+
+ -- GlobaLeaks software signing key <info@globaleaks.org>  Sun, 06 Oct 2024 19:14:30 +0200
+
+globaleaks (5.0.11) stable; urgency=medium
+
+  * New stable release
+
+ -- GlobaLeaks software signing key <info@globaleaks.org>  Tue, 24 Sep 2024 13:01:52 +0200
+
+globaleaks (5.0.10) stable; urgency=medium
+
+  * New stable release
+
+ -- GlobaLeaks software signing key <info@globaleaks.org>  Fri, 20 Sep 2024 17:25:31 +0200
+
+globaleaks (5.0.9) stable; urgency=medium
+
+  * New stable release
+
+ -- GlobaLeaks software signing key <info@globaleaks.org>  Thu, 19 Sep 2024 23:05:36 +0200
+
+globaleaks (5.0.8) stable; urgency=medium
+
+  * New stable release
+
+ -- GlobaLeaks software signing key <info@globaleaks.org>  Thu, 19 Sep 2024 00:13:38 +0200
+
+globaleaks (5.0.7) stable; urgency=medium
+
+  * New stable release
+
+ -- GlobaLeaks software signing key <info@globaleaks.org>  Sun, 15 Sep 2024 21:39:22 +0200
+
 globaleaks (5.0.6) stable; urgency=medium
 
   * New stable release
diff --git a/debian/controlX/control.bionic b/debian/controlX/control.bionic
index 7c5a0a08a0..f2d2e08cf4 100644
--- a/debian/controlX/control.bionic
+++ b/debian/controlX/control.bionic
@@ -11,7 +11,7 @@ Build-Depends:
   python3-setuptools,
   python3-sphinx
 Homepage: https://www.globaleaks.org/
-Vcs-Git: https://github.com/globaleaks/GlobaLeaks.git
+Vcs-Git: https://github.com/globaleaks/globaleaks-whistleblowing-software.git
 Standards-Version: 4.6.1
 
 Package: globaleaks
diff --git a/debian/controlX/control.bookworm b/debian/controlX/control.bookworm
index 1d61087465..69d38ad1ab 100644
--- a/debian/controlX/control.bookworm
+++ b/debian/controlX/control.bookworm
@@ -11,7 +11,7 @@ Build-Depends:
   python3-setuptools,
   python3-sphinx
 Homepage: https://www.globaleaks.org/
-Vcs-Git: https://github.com/globaleaks/GlobaLeaks.git
+Vcs-Git: https://github.com/globaleaks/globaleaks-whistleblowing-software.git
 Standards-Version: 4.6.1
 
 Package: globaleaks
diff --git a/debian/controlX/control.bullseye b/debian/controlX/control.bullseye
index 9b1de716e6..c75f7b91ef 100644
--- a/debian/controlX/control.bullseye
+++ b/debian/controlX/control.bullseye
@@ -11,7 +11,7 @@ Build-Depends:
   python3-setuptools,
   python3-sphinx
 Homepage: https://www.globaleaks.org/
-Vcs-Git: https://github.com/globaleaks/GlobaLeaks.git
+Vcs-Git: https://github.com/globaleaks/globaleaks-whistleblowing-software.git
 Standards-Version: 4.6.1
 
 Package: globaleaks
diff --git a/debian/controlX/control.buster b/debian/controlX/control.buster
index 2fa264b209..2acd8b98c5 100644
--- a/debian/controlX/control.buster
+++ b/debian/controlX/control.buster
@@ -11,7 +11,7 @@ Build-Depends:
   python3-setuptools,
   python3-sphinx
 Homepage: https://www.globaleaks.org/
-Vcs-Git: https://github.com/globaleaks/GlobaLeaks.git
+Vcs-Git: https://github.com/globaleaks/globaleaks-whistleblowing-software.git
 Standards-Version: 4.6.1
 
 Package: globaleaks
diff --git a/debian/controlX/control.focal b/debian/controlX/control.focal
index 0ab2ef2187..4d9e97e268 100644
--- a/debian/controlX/control.focal
+++ b/debian/controlX/control.focal
@@ -11,7 +11,7 @@ Build-Depends:
   python3-setuptools,
   python3-sphinx
 Homepage: https://www.globaleaks.org/
-Vcs-Git: https://github.com/globaleaks/GlobaLeaks.git
+Vcs-Git: https://github.com/globaleaks/globaleaks-whistleblowing-software.git
 Standards-Version: 4.6.1
 
 Package: globaleaks
diff --git a/debian/controlX/control.jammy b/debian/controlX/control.jammy
index 9b1de716e6..c75f7b91ef 100644
--- a/debian/controlX/control.jammy
+++ b/debian/controlX/control.jammy
@@ -11,7 +11,7 @@ Build-Depends:
   python3-setuptools,
   python3-sphinx
 Homepage: https://www.globaleaks.org/
-Vcs-Git: https://github.com/globaleaks/GlobaLeaks.git
+Vcs-Git: https://github.com/globaleaks/globaleaks-whistleblowing-software.git
 Standards-Version: 4.6.1
 
 Package: globaleaks
diff --git a/debian/controlX/control.noble b/debian/controlX/control.noble
index 83e53c5655..5558ec38c8 100644
--- a/debian/controlX/control.noble
+++ b/debian/controlX/control.noble
@@ -11,7 +11,7 @@ Build-Depends:
   python3-setuptools,
   python3-sphinx
 Homepage: https://www.globaleaks.org/
-Vcs-Git: https://github.com/globaleaks/GlobaLeaks.git
+Vcs-Git: https://github.com/globaleaks/globaleaks-whistleblowing-software.git
 Standards-Version: 4.6.1
 
 Package: globaleaks
diff --git a/debian/copyright b/debian/copyright
index fbd5e72040..ba196501f1 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -1,7 +1,7 @@
 Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
 Upstream-Name: globaleaks
 Upstream-Context: info@globaleaks.org
-Source: https://github.com/globaleaks/GlobaLeaks
+Source: https://github.com/globaleaks/globaleaks-whistleblowing-software
 
 Files: *
 Copyright: © 2011-2022, GlobaLeaks
diff --git a/debian/rules b/debian/rules
index cb415021e1..362585efe3 100755
--- a/debian/rules
+++ b/debian/rules
@@ -8,6 +8,9 @@ export PYBUILD_INSTALL_ARGS=--no-compile
 %:
 	dh $@ --with python3 --buildsystem=pybuild --sourcedirectory=backend/
 
+override_dh_builddeb:
+	dh_builddeb -- -Zgzip
+
 override_dh_install:
 	dh_apparmor --profile-name=usr.bin.globaleaks
 	dh_install
diff --git a/docker/Dockerfile b/docker/Dockerfile
index 42f683028e..eb8823244c 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -1,4 +1,4 @@
-FROM debian:stable-slim
+FROM debian:bookworm-slim@sha256:36e591f228bb9b99348f584e83f16e012c33ba5cad44ef5981a1d7c0a93eca22
 
 RUN apt-get update -q && \
     apt-get dist-upgrade -y && \
diff --git a/documentation/_static/custom.css b/documentation/_static/custom.css
index b5976dacec..bd09bb0095 100644
--- a/documentation/_static/custom.css
+++ b/documentation/_static/custom.css
@@ -31,22 +31,14 @@ legend,
 }
 
 a,
-a:hover,
 a:active,
 a:visited,
-a:focus,
-.wy-side-nav-search a,
-.wy-side-nav-search a:hover,
-.wy-side-nav-search a:active,
-.wy-side-nav-search a:visited,
-.wy-side-nav-search a:focus,
-.wy-side-nav-search > a,
-.wy-side-nav-search > div.version {
+a:focus {
   color: #204f82;
 }
 
-.wy-side-nav-search {
-  background-color: #fff !important;
+a:hover {
+  color: #3679BB;
 }
 
 .highlight {
@@ -56,25 +48,46 @@ a:focus,
 .rst-content tt.literal,
 .rst-content tt.literal,
 .rst-content code.literal {
-  color: #377abc;
+  color: #3679BB;
 }
 
 .wy-nav-side {
   background-color: #103253;
 }
 
+.wy-nav-top a,
+.wy-nav-top a:active,
+.wy-nav-top a:focus,
+.wy-nav-top a:hover,
+.wy-nav-top a:visited,
+.wy-nav-side a,
+.wy-nav-side a:active,
+.wy-nav-side a:focus,
+.wy-nav-side a:hover,
+.wy-nav-side a:visited,
+.wy-side-nav-search>div.switch-menus>div.language-switch select,
+.wy-side-nav-search>div.switch-menus>div.version-switch select {
+  color: #FFF;
+}
+
+.wy-side-nav-search>div.switch-menus>div.language-switch select:active,
+.wy-side-nav-search>div.switch-menus>div.language-switch select:focus,
+.wy-side-nav-search>div.switch-menus>div.language-switch select:hover,
+.wy-side-nav-search>div.switch-menus>div.version-switch select:active,
+.wy-side-nav-search>div.switch-menus>div.version-switch select:focus,
+.wy-side-nav-search>div.switch-menus>div.version-switch select:hover {
+  background: none; 
+  color: #FFF;
+}
+
 .wy-nav-top {
-  background-color: #377abc;
+  background-color: #3679BB;
 }
 
 .wy-menu .caption-text {
   color: #5794d5;
 }
 
-.wy-menu-vertical a {
-  color: #fff;
-}
-
 vertical li.current > a {
   color: #1d1f2a;
 }
@@ -84,6 +97,25 @@ vertical li.current > a {
   list-style: disc;
 }
 
+.donation-banner {
+  background-color: #fff;
+  padding: 10px;
+  text-align: center;
+  width: 100%;
+  z-index: 1000;
+}
+
+.donation-banner a {
+  font-weight: bold;
+}
+
+.donation-icon {
+  width: 30px;
+  height: 30px;
+  vertical-align: middle;
+  margin-right: 10px;
+}
+
 @media screen and (min-width: 767px) {
   .wy-nav-content {
     max-width: 100% !important;
diff --git a/documentation/_static/custom.js b/documentation/_static/custom.js
new file mode 100644
index 0000000000..fbca5aafee
--- /dev/null
+++ b/documentation/_static/custom.js
@@ -0,0 +1,12 @@
+document.addEventListener("DOMContentLoaded", function() {
+    var mainElement = document.querySelector('[role="main"]');
+
+    if (!mainElement) {
+      return;
+    }
+
+    var banner = document.createElement("div");
+    banner.className = 'donation-banner';
+    banner.innerHTML = '<img src="https://raw.githubusercontent.com/globaleaks/globaleaks-whistleblowing-software/stable/brand/assets/heart.svg" class="donation-icon" alt="Donate" /> Globaleaks is free and open-source whistleblowing software. <a href="https://github.com/sponsors/globaleaks">Donate here to support its development!</a>';
+    mainElement.insertBefore(banner, mainElement.firstChild);
+});
diff --git a/documentation/conf.py b/documentation/conf.py
index 7dc1c75f24..4b8eacfa10 100644
--- a/documentation/conf.py
+++ b/documentation/conf.py
@@ -3,16 +3,21 @@
 # GlobaLeaks documentation build configuration file, created by
 # sphinx-quickstart on Thu Jul  6 16:34:48 2017.
 #
+import gettext
 import os
 import sys
 
 sys.path.insert(0, os.path.abspath('../backend'))
 
+from globaleaks import __author__,  __copyright__, __version__
+
 autodoc_member_order = 'bysource'
 autodoc_default_flags = ['members', 'show-inheritance', 'undoc-members']
 
 extensions = [
-  'sphinx_rtd_theme'
+  'sphinx_rtd_theme',
+  'sphinx_copybutton',
+  'sphinx_sitemap'
 ]
 
 templates_path = ['_templates']
@@ -21,50 +26,66 @@
 
 master_doc = 'index'
 
-from globaleaks import __author__,  __copyright__, __version__
 project = __author__
 copyright = __copyright__
 author = __author__
 version = __version__
 release = __version__
 
-
 language = 'en'
+locale_dirs = ['locale/']
+locale_dir = os.path.join(os.path.dirname(__file__), locale_dirs[0])
+gettext.bindtextdomain('sphinx', locale_dir)
+gettext.textdomain('sphinx')
+gettext_compact = 'sphinx'
+
 exclude_patterns = ['_build']
 show_authors = False
 pygments_style = 'sphinx'
+
 html_theme = 'sphinx_rtd_theme'
 html_logo = 'logo-html.png'
-html_favicon = '../client/app/data/favicon.ico'
+html_baseurl = 'https://docs.globaleaks.org/'
+html_favicon = '../client/app/assets/data/favicon.ico'
 html_show_copyright = False
 htmlhelp_basename = 'globaleaks'
+html_static_path = ['_static']
+
+html_context = {
+'description': 'GlobaLeaks is free, open souce whistleblowing software enabling anyone to easily set up and maintain a secure reporting platforms',
+'keywords': 'globaleaks, whistleblowing, globaleaks-whistleblowing-software',
+'author': 'GLOBALEAKS',
+}
 
 latex_elements = {
-  'sphinxsetup': 'TitleColor={HTML}{377abc}, \
-                  InnerLinkColor={HTML}{377abc}, \
-                  OuterLinkColor={HTML}{377abc}',
+  'sphinxsetup': 'TitleColor={HTML}{3679BB}, \
+  InnerLinkColor={HTML}{3679BB}, \
+  OuterLinkColor={HTML}{3679BB}',
 }
 
-latex_documents = [
-    (master_doc, 'GlobaLeaks.tex', u'Documentation', '', 'manual'),
-]
+latex_documents = []
 
-latex_logo = 'logo-latex.png'
+latex_logo = 'logo-latex.pdf'
 
 man_pages = [
-    (master_doc, 'globaleaks', u'Documentation',
-     [author], 1)
+(master_doc, 'globaleaks', u'Documentation',
+ [author], 1)
 ]
 
 texinfo_documents = [
-    (master_doc, 'GlobaLeaks', u'Documentation',
-     author, 'GlobaLeaks', ' GlobaLeaks is free, open souce software enabling anyone to easily set up and maintain a secure whistleblowing platform',
-     'Miscellaneous'),
+(master_doc, 'GLOBALEAKS', u'Documentation',
+ author, 'GLOBALEAKS', ' GlobaLeaks is free, open source whistleblowing software enabling anyone to easily set up and maintain a secure reporting platforms',
+ 'Miscellaneous'),
 ]
 
 html_theme_options = {
-  'style_nav_header_background': '#377abc',
+  'style_nav_header_background': '#3679BB',
 }
 
 def setup(app):
+    translation = gettext.translation('sphinx', localedir=locale_dir, languages=[app.config.language], fallback=True)
+    document_title = translation.gettext('Documentation')
+    app.config.latex_documents = [(master_doc, 'GlobaLeaks.tex', document_title, '', 'manual'),]
+
     app.add_css_file("custom.css")
+    app.add_js_file("custom.js")
diff --git a/documentation/developer/ContinuousIntegration.rst b/documentation/developer/ContinuousIntegration.rst
index 94242ef28f..a2a3c5d60c 100644
--- a/documentation/developer/ContinuousIntegration.rst
+++ b/documentation/developer/ContinuousIntegration.rst
@@ -1,14 +1,14 @@
 ======================
-Continuous Integration
+Continuous integration
 ======================
 The GlobaLeaks codebase is continuously tested for bug within a complete continuous integration lifecycle implemented.
 
 Testes are performed at every commit by:
 
-* performing continous integration testing with `GitHub Actions <https://github.com/globaleaks/GlobaLeaks/actions>`_;
+* performing continous integration testing with `GitHub Actions <https://github.com/globaleaks/globaleaks-whistleblowing-software/actions>`_;
 * tracking tests coverage and code quality with `Codacy <https://app.codacy.com/manual/GlobaLeaks/GlobaLeaks>`_.
 
-Unit Tests
+Unit tests
 ==========
 Unit tests are implemented by means of python-twisted and trial
 
@@ -19,7 +19,7 @@ Tests can be run manually by issuing:
   cd GlobaLeaks/backend
   trial globaleaks
 
-E2E Tests
+E2E tests
 =========
 End to end tests are implemented by means of Cypress.
 
diff --git a/documentation/developer/DatabaseSchema.rst b/documentation/developer/DatabaseSchema.rst
index c6d90d72e8..184410df10 100644
--- a/documentation/developer/DatabaseSchema.rst
+++ b/documentation/developer/DatabaseSchema.rst
@@ -1,4 +1,4 @@
-Database Schema
+Database schema
 ===============
 .. image:: ../data/database.png
-  :target: https://github.com/globaleaks/GlobaLeaks/blob/main/documentation/data/database.pdf
+  :target: https://github.com/globaleaks/globaleaks-whistleblowing-software/blob/stable/documentation/data/database.pdf
diff --git a/documentation/developer/Environment.rst b/documentation/developer/Environment.rst
index 618626ec87..23ad192cfa 100644
--- a/documentation/developer/Environment.rst
+++ b/documentation/developer/Environment.rst
@@ -1,5 +1,5 @@
 =======================
-Development Environment
+Development environment
 =======================
 This guide describes how to set up an environment in order to contribute to the development of GlobaLeaks.
 
@@ -28,7 +28,7 @@ The repository could be cloned with:
 
 .. code:: sh
 
-  git clone https://github.com/globaleaks/GlobaLeaks.git
+  git clone https://github.com/globaleaks/globaleaks-whistleblowing-software.git
 
 Client dependencies could be installed by issuing:
 
@@ -84,7 +84,7 @@ To run globaleaks from sources within the development environment you should iss
 
 GlobaLeaks will start and be reachable at the following address https://127.0.0.1:8443
 
-Building The Docs
+Building the docs
 =================
 To build the documentation:
 
diff --git a/documentation/developer/ReleaseProcedure.rst b/documentation/developer/ReleaseProcedure.rst
index 6d2fc02e10..c956e6eabc 100644
--- a/documentation/developer/ReleaseProcedure.rst
+++ b/documentation/developer/ReleaseProcedure.rst
@@ -1,4 +1,4 @@
-Release Procedure
+Release procedure
 =================
 This is the procedure followed to publish a new GlobaLeaks release.
 
@@ -11,15 +11,25 @@ A release is represented by:
 * An updated package on deb.globaleaks.org;
 * A signed repository.
 
-Release Tagging
-===============
-To release is tagger by means of the official version bump script by issuing:
+Release versioning
+==================
+A new release version is issued by means of the official version bump script by issuing:
 
 .. code:: sh
 
   cd GlobaLeaks && ./scripts/bump_version.sh $version
 
-Release Packaging
+Release tagging
+===============
+The release is tagged by meand of the following commands
+
+.. code:: sh
+  export DEBFULLNAME="GlobaLeaks software signing key"
+  export DEBEMAIL="info@globaleaks.org"
+  git tag -s v0.1 -m 'GlobaLeaks version 0.1'
+  git push origin --tags
+
+Release packaging
 =================
 The package is built by means of the official build script by issuing:
 
@@ -29,7 +39,7 @@ The package is built by means of the official build script by issuing:
 
 This command builds a package for each supported distribution and version.
 
-Package Publishing
+Package publishing
 ==================
 The package is published on https://deb.globaleaks.org by issuing:
 
@@ -37,7 +47,7 @@ The package is published on https://deb.globaleaks.org by issuing:
 
   dput globaleaks ../globaleaks_${version}_all.changes
 
-Repository Signing
+Repository signing
 ==================
 The release is then signed by a core developer by using the official project key via:
 
diff --git a/documentation/developer/SoftwareLibraries.rst b/documentation/developer/SoftwareLibraries.rst
index e3f70a9d91..a050fc4e53 100644
--- a/documentation/developer/SoftwareLibraries.rst
+++ b/documentation/developer/SoftwareLibraries.rst
@@ -1,7 +1,7 @@
-Software Libraries
+Software libraries
 ==================
 The software libraries used by GlobaLeaks are listed in the following files:
 
-* Backend: `backend/requirements.txt <https://github.com/globaleaks/GlobaLeaks/blob/main/backend/requirements/requirements-bullseye.txt>`_
-* Client: `client/package.json <https://github.com/globaleaks/GlobaLeaks/blob/main/client/package.json>`_
-* Packaging: `debian/control <https://github.com/globaleaks/GlobaLeaks/blob/main/debian/controlX/control.bullseye>`_
+* Backend: `backend/requirements.txt <https://github.com/globaleaks/globaleaks-whistleblowing-software/blob/stable/backend/requirements/requirements-bullseye.txt>`_
+* Client: `client/package.json <https://github.com/globaleaks/globaleaks-whistleblowing-software/blob/stable/client/package.json>`_
+* Packaging: `debian/control <https://github.com/globaleaks/globaleaks-whistleblowing-software/blob/stable/debian/controlX/control.bullseye>`_
diff --git a/documentation/developer/index.rst b/documentation/developer/index.rst
index 027e80498d..5e72b98f47 100644
--- a/documentation/developer/index.rst
+++ b/documentation/developer/index.rst
@@ -1,4 +1,4 @@
-Developer Documentation
+Developer documentation
 =======================
 
 .. toctree::
diff --git a/documentation/gettingstarted/Features.rst b/documentation/gettingstarted/Features.rst
index 31ee73d5f4..ef620612cc 100644
--- a/documentation/gettingstarted/Features.rst
+++ b/documentation/gettingstarted/Features.rst
@@ -1,8 +1,7 @@
 Features
 ========
-These are the key features of the software:
 
-User Features
+User features
 -------------
 
 - Multi-user system with customizable user roles (whistleblower, recipient, administrator)
@@ -21,12 +20,12 @@ User Features
 - Enables creation and management of multiple whistleblowing sites (e.g., for subsidiaries or third-party clients)
 - Advanced questionnaire builder
 - Provides whistleblowing system statistics
-- Support for `over 90 languages <https://www.transifex.com/otf/globaleaks>`_ and Right-to-Left (RTL) languages
+- Support for `more than 70 languages <https://www.transifex.com/otf/globaleaks>`_ and Right-to-Left (RTL) languages
 
-Legal Features
+Legal features
 --------------
 
-- Designed in adherence to `ISO 37002:2021 <https://www.iso.org/standard/65035.html>`_ and `EU Directive 2019/1937 <https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32019L1937>`_ recommendations for whistleblowing compliance
+- Designed in adherence to `ISO 37002:2021 <https://www.iso.org/standard/65035.html>`_ and `Directive (EU) 2019/1937 <https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32019L1937>`_ recommendations for whistleblowing compliance
 - Supports bidirectional anonymous communication (comments/messages)
 - Customizable case management workflow (statuses/sub-statuses)
 - Conditional reporting workflow based on whistleblower identity
@@ -38,12 +37,12 @@ Legal Features
 - No IP address logging
 - Includes an audit log
 - Integrates with existing enterprise case management platforms
-- Free Software OSI Approved `AGPL 3.0 License <https://github.com/globaleaks/GlobaLeaks/blob/main/LICENSE>`_
+- Free Software OSI Approved `AGPL 3.0 License <https://github.com/globaleaks/globaleaks-whistleblowing-software/blob/stable/LICENSE>`_
 
-Security Features
+Security features
 -----------------
 
-- Designed in adherence to `ISO 27001:2022 <https://www.iso.org/standard/82875.html>`_, `CSA STAR <https://cloudsecurityalliance.org/star>`_, and `OWASP <https://owasp.org/>`_ recommendations for security compliance
+- Designed in adherence to `ISO 27001:2022 <https://www.iso.org/standard/82875.html>`_, `General Data Protection Regulation (EU) 2016/679 <https://eur-lex.europa.eu/eli/reg/2016/679/oj>`_, `CSA STAR <https://cloudsecurityalliance.org/star>`_, and `OWASP <https://owasp.org/>`_ recommendations for privacy and security compliance
 - Full data encryption for whistleblower reports and recipient communications
 - Supports digital anonymity through `Tor <https://www.torproject.org/>`_ integration
 - Built-in HTTPS support with `TLS 1.3 <https://tools.ietf.org/html/rfc8446>`_ standard and `SSLabs A+ <https://www.ssllabs.com/ssltest/analyze.html?d=try.globaleaks.org>`_ rating
@@ -57,10 +56,10 @@ Security Features
 - PGP support for encrypted email notifications and file downloads
 - Leaves no traces in browser cache
 
-Technical Features
+Technical features
 ------------------
 
-- Designed in adherence to `Directive (EU) 2019/882 <https://eur-lex.europa.eu/legal-content/IT/TXT/?uri=CELEX%3A32019L0882>`_, `Directive (EU) 2016/2102 <https://eur-lex.europa.eu/legal-content/IT/TXT/?uri=CELEX%3A32016L2102>`_, `ETSI EN 301 549 <https://www.etsi.org/deliver/etsi_en/301500_301599/301549/03.02.01_60/en_301549v030201p.pdf>`_, `W3C WCAG 2.2 <https://www.w3.org/TR/WCAG22/>`_, and `WAI-ARIA 2.2 <https://www.w3.org/TR/wai-aria-1.2/>`_ recommendations for accessibility compliance
+- Designed in adherence to `ISO 27001:2022 <https://www.iso.org/standard/82875.html>`_, `Directive (EU) 2019/882 <https://eur-lex.europa.eu/legal-content/IT/TXT/?uri=CELEX%3A32019L0882>`_, `Directive (EU) 2016/2102 <https://eur-lex.europa.eu/legal-content/IT/TXT/?uri=CELEX%3A32016L2102>`_, `W3C WCAG 2.2 <https://www.w3.org/TR/WCAG22/>`_, and `WAI-ARIA 2.2 <https://www.w3.org/TR/wai-aria-1.2/>`_ recommendations for accessibility compliance
 - Multi-site support enabling the operation of multiple virtual sites on the same setup
 - Responsive user interfaces created with `Bootstrap <https://getbootstrap.com/>`_ CSS framework
 - Automated software quality measurement and continuous integration testing
diff --git a/documentation/gettingstarted/Glossary.rst b/documentation/gettingstarted/Glossary.rst
index 137938b6e2..12dae2b53f 100644
--- a/documentation/gettingstarted/Glossary.rst
+++ b/documentation/gettingstarted/Glossary.rst
@@ -9,9 +9,15 @@ This glossary defines jargon used in GlobaLeaks in a clear and consistent manner
    Channel
        A reporting channel used as a container for reports. Channels can be configured with specific questionnaires, recipients, and policies. They are typically used to organize the reporting process.
 
+   Free Software
+       Free Software is software that grants users the freedom to run, modify, and share it freely, without cost of licensing, promoting user control, transparency, and community-driven improvements.
+
    Notification
        An email sent to inform a recipient of a new report or an update to an existing report.
 
+   Open-Source Software
+       Open-Source Software is software with publicly accessible source code that can be used, modified, and distributed by anyone, benefiting from peer review and community-driven security audits to enhance code quality, transparency, and security.
+
    Platform
        A system running the GlobaLeaks software.
 
diff --git a/documentation/gettingstarted/Introduction.rst b/documentation/gettingstarted/Introduction.rst
new file mode 100644
index 0000000000..6c0ac34ff1
--- /dev/null
+++ b/documentation/gettingstarted/Introduction.rst
@@ -0,0 +1,16 @@
+Introduction
+============
+`GlobaLeaks <https://www.globaleaks.org/>`_ is a free and open-source whistleblowing software that enables anyone to easily set up and maintain a secure reporting platform.
+
+As a `community-driven project <https://github.com/globaleaks/globaleaks-whistleblowing-software/issues>`_, the software features `public code <https://github.com/globaleaks/globaleaks-whistleblowing-software>`_, `open documentation <https://docs.globaleaks.org/>`_, `public application security specifications <https://docs.globaleaks.org/en/stable/security/index.html>`_, `public peer review <https://github.com/globaleaks/globaleaks-whistleblowing-software>`_, and a large set of `independent security audits <https://docs.globaleaks.org/en/stable/security/PenetrationTests.html>`_.
+
+Designed with high security and usability in mind, the software adheres to:
+
+- `ISO 37002:2021 <https://www.iso.org/standard/65035.html>`_ and `EU Directive 2019/1937 <https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32019L1937>`_ standards and recommendations for whistleblowing compliance
+- `ISO 27001:2022 <https://www.iso.org/standard/82875.html>`_, `General Data Protection Regulation (EU) 2016/679 <https://eur-lex.europa.eu/eli/reg/2016/679/oj>`_, `CSA STAR <https://cloudsecurityalliance.org/star>`_, `OWASP <https://owasp.org/>`_ standards and recommendations for privacy and security compliance
+- `ISO/IEC 40500:2012 <https://www.iso.org/standard/58625.html>`_, `Directive (EU) 2019/882 <https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32019L0882>`_, `Directive (EU) 2016/2102 <https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32016L2102>`_, `W3C WCAG 2.2 <https://www.w3.org/TR/WCAG22/>`_, `WAI-ARIA 2.2 <https://www.w3.org/TR/wai-aria-1.2/>`_ standards recommendations for accessibility compliance
+
+Currently translated into over 70 languages, it has been widely adopted worldwide since its creation in 2011, with more than 30,000 organizations working in fields such as anti-corruption activism, corporate compliance, human rights violation reporting, and investigative journalism.
+
+The software is recognized by the `Digital Public Good Alliance <https://digitalpublicgoods.net>`_ as a `Digital Public Good <https://app.digitalpublicgoods.net/a/11113>`_.
+
diff --git a/documentation/gettingstarted/Requirements.rst b/documentation/gettingstarted/Requirements.rst
index 27bed1d144..cb47e84050 100644
--- a/documentation/gettingstarted/Requirements.rst
+++ b/documentation/gettingstarted/Requirements.rst
@@ -2,11 +2,11 @@ Requirements
 ============
 Ensure you understand and meet each of the following technical requirements.
 
-Hardware Requirements
+Hardware requirements
 ---------------------
 **Requirements**:
 
-- CPU: Dual-core 2.0GHz
+- CPU: Dual-core 2.0GHz (64-bit)
 - RAM: 1GB
 - Storage: 20GB
 - I/O: 10Mbit/s (shared)
@@ -15,17 +15,17 @@ Please note that GlobaLeaks is designed to run on servers with specifications sm
 
 The storage size should be determined based on your data retention policies and the expected use of the platform.
 
-Software Requirements
+Software requirements
 ---------------------
 GlobaLeaks is designed to run on GNU/Linux and is developed and tested specifically for Debian-based systems.
 
-The currently recommended distribution is: Debian 12 (Bookworm).
+The currently recommended distributions are: Debian 12 (Bookworm) and Ubuntu 24.04 (Noble)
 
 The software lifecycle of the platform includes full support for all Debian and Ubuntu LTS versions starting from `Debian 10 <https://www.debian.org/releases/buster/>`_ and `Ubuntu 20.04 <https://releases.ubuntu.com/20.04/>`_.
 
 Support is guaranteed on these platforms according to the official long-term support timelines:
 
-- `Release End of Life Timeline <https://wiki.debian.org/LTS>`_ as defined by Debian;
-- `Release End of Life Timeline <https://www.ubuntu.com/info/release-end-of-life>`_ as defined by Ubuntu.
+- `Debian Release End of Life Timeline <https://wiki.debian.org/LTS>`_
+- `Ubuntu Release End of Life Timeline <https://www.ubuntu.com/info/release-end-of-life>`_
 
 Currently, we do not plan to support additional distributions, as GlobaLeaks adheres to the Unix philosophy of making each program excel in a specific area. By focusing our efforts on mastering one domain, we aim to serve our community most effectively. If you are interested in helping us extend support to additional distributions, please get in touch.
diff --git a/documentation/gettingstarted/SupportedBrowsers.rst b/documentation/gettingstarted/SupportedBrowsers.rst
index 78d1af8faf..99c8c4d1ab 100644
--- a/documentation/gettingstarted/SupportedBrowsers.rst
+++ b/documentation/gettingstarted/SupportedBrowsers.rst
@@ -1,4 +1,4 @@
-Supported Browsers
+Supported browsers
 ==================
 
 GlobaLeaks is designed to fully support commonly used browsers on desktop PCs, laptops, tablets, and smartphones.
diff --git a/documentation/gettingstarted/index.rst b/documentation/gettingstarted/index.rst
index 2d4f2c6b79..28b357dec9 100644
--- a/documentation/gettingstarted/index.rst
+++ b/documentation/gettingstarted/index.rst
@@ -1,10 +1,11 @@
-Getting Started
+Getting started
 ===============
 
 .. toctree::
     :name: gettingstarted
     :maxdepth: 4
 
+    Introduction.rst
     Glossary.rst
     Features.rst
     Requirements.rst
diff --git a/documentation/images/admin/access_control.de.png b/documentation/images/admin/access_control.de.png
new file mode 100644
index 0000000000..509552f19c
Binary files /dev/null and b/documentation/images/admin/access_control.de.png differ
diff --git a/documentation/images/admin/access_control.en.png b/documentation/images/admin/access_control.en.png
new file mode 100644
index 0000000000..4cdde1cbb0
Binary files /dev/null and b/documentation/images/admin/access_control.en.png differ
diff --git a/documentation/images/admin/access_control.es.png b/documentation/images/admin/access_control.es.png
new file mode 100644
index 0000000000..864895928d
Binary files /dev/null and b/documentation/images/admin/access_control.es.png differ
diff --git a/documentation/images/admin/access_control.fr.png b/documentation/images/admin/access_control.fr.png
new file mode 100644
index 0000000000..6fabb0ef52
Binary files /dev/null and b/documentation/images/admin/access_control.fr.png differ
diff --git a/documentation/images/admin/access_control.it.png b/documentation/images/admin/access_control.it.png
new file mode 100644
index 0000000000..3dcbba7a06
Binary files /dev/null and b/documentation/images/admin/access_control.it.png differ
diff --git a/documentation/images/admin/access_control.png b/documentation/images/admin/access_control.png
deleted file mode 100644
index 4d9200de11..0000000000
Binary files a/documentation/images/admin/access_control.png and /dev/null differ
diff --git a/documentation/images/admin/access_control.ru.png b/documentation/images/admin/access_control.ru.png
new file mode 100644
index 0000000000..324b4cc15e
Binary files /dev/null and b/documentation/images/admin/access_control.ru.png differ
diff --git a/documentation/images/admin/access_control.zh_CN.png b/documentation/images/admin/access_control.zh_CN.png
new file mode 100644
index 0000000000..fda1c3fc88
Binary files /dev/null and b/documentation/images/admin/access_control.zh_CN.png differ
diff --git a/documentation/images/admin/advanced_settings.de.png b/documentation/images/admin/advanced_settings.de.png
new file mode 100644
index 0000000000..cd087b9458
Binary files /dev/null and b/documentation/images/admin/advanced_settings.de.png differ
diff --git a/documentation/images/admin/advanced_settings.en.png b/documentation/images/admin/advanced_settings.en.png
new file mode 100644
index 0000000000..01ecf0a7e6
Binary files /dev/null and b/documentation/images/admin/advanced_settings.en.png differ
diff --git a/documentation/images/admin/advanced_settings.es.png b/documentation/images/admin/advanced_settings.es.png
new file mode 100644
index 0000000000..2a8613146b
Binary files /dev/null and b/documentation/images/admin/advanced_settings.es.png differ
diff --git a/documentation/images/admin/advanced_settings.fr.png b/documentation/images/admin/advanced_settings.fr.png
new file mode 100644
index 0000000000..6b63bdb997
Binary files /dev/null and b/documentation/images/admin/advanced_settings.fr.png differ
diff --git a/documentation/images/admin/advanced_settings.it.png b/documentation/images/admin/advanced_settings.it.png
new file mode 100644
index 0000000000..09fdb70646
Binary files /dev/null and b/documentation/images/admin/advanced_settings.it.png differ
diff --git a/documentation/images/admin/advanced_settings.png b/documentation/images/admin/advanced_settings.png
deleted file mode 100644
index 853a29226b..0000000000
Binary files a/documentation/images/admin/advanced_settings.png and /dev/null differ
diff --git a/documentation/images/admin/advanced_settings.ru.png b/documentation/images/admin/advanced_settings.ru.png
new file mode 100644
index 0000000000..3e2a8ee841
Binary files /dev/null and b/documentation/images/admin/advanced_settings.ru.png differ
diff --git a/documentation/images/admin/advanced_settings.zh_CN.png b/documentation/images/admin/advanced_settings.zh_CN.png
new file mode 100644
index 0000000000..dcb76999fa
Binary files /dev/null and b/documentation/images/admin/advanced_settings.zh_CN.png differ
diff --git a/documentation/images/admin/audit_log.de.png b/documentation/images/admin/audit_log.de.png
new file mode 100644
index 0000000000..65ee94e7f7
Binary files /dev/null and b/documentation/images/admin/audit_log.de.png differ
diff --git a/documentation/images/admin/audit_log.en.png b/documentation/images/admin/audit_log.en.png
new file mode 100644
index 0000000000..5659477c96
Binary files /dev/null and b/documentation/images/admin/audit_log.en.png differ
diff --git a/documentation/images/admin/audit_log.es.png b/documentation/images/admin/audit_log.es.png
new file mode 100644
index 0000000000..c9f9fb58bd
Binary files /dev/null and b/documentation/images/admin/audit_log.es.png differ
diff --git a/documentation/images/admin/audit_log.fr.png b/documentation/images/admin/audit_log.fr.png
new file mode 100644
index 0000000000..b3c74724f6
Binary files /dev/null and b/documentation/images/admin/audit_log.fr.png differ
diff --git a/documentation/images/admin/audit_log.it.png b/documentation/images/admin/audit_log.it.png
new file mode 100644
index 0000000000..b1644d5918
Binary files /dev/null and b/documentation/images/admin/audit_log.it.png differ
diff --git a/documentation/images/admin/audit_log.png b/documentation/images/admin/audit_log.png
deleted file mode 100644
index 36c0c1e0dc..0000000000
Binary files a/documentation/images/admin/audit_log.png and /dev/null differ
diff --git a/documentation/images/admin/audit_log.ru.png b/documentation/images/admin/audit_log.ru.png
new file mode 100644
index 0000000000..41c7daf05d
Binary files /dev/null and b/documentation/images/admin/audit_log.ru.png differ
diff --git a/documentation/images/admin/audit_log.zh_CN.png b/documentation/images/admin/audit_log.zh_CN.png
new file mode 100644
index 0000000000..20c9f00e43
Binary files /dev/null and b/documentation/images/admin/audit_log.zh_CN.png differ
diff --git a/documentation/images/admin/audit_log_reports.de.png b/documentation/images/admin/audit_log_reports.de.png
new file mode 100644
index 0000000000..583233421b
Binary files /dev/null and b/documentation/images/admin/audit_log_reports.de.png differ
diff --git a/documentation/images/admin/audit_log_reports.en.png b/documentation/images/admin/audit_log_reports.en.png
new file mode 100644
index 0000000000..d62d5924db
Binary files /dev/null and b/documentation/images/admin/audit_log_reports.en.png differ
diff --git a/documentation/images/admin/audit_log_reports.es.png b/documentation/images/admin/audit_log_reports.es.png
new file mode 100644
index 0000000000..c42035c3e8
Binary files /dev/null and b/documentation/images/admin/audit_log_reports.es.png differ
diff --git a/documentation/images/admin/audit_log_reports.fr.png b/documentation/images/admin/audit_log_reports.fr.png
new file mode 100644
index 0000000000..58afb81cff
Binary files /dev/null and b/documentation/images/admin/audit_log_reports.fr.png differ
diff --git a/documentation/images/admin/audit_log_reports.it.png b/documentation/images/admin/audit_log_reports.it.png
new file mode 100644
index 0000000000..1f1ab9c5a2
Binary files /dev/null and b/documentation/images/admin/audit_log_reports.it.png differ
diff --git a/documentation/images/admin/audit_log_reports.png b/documentation/images/admin/audit_log_reports.png
deleted file mode 100644
index 1da35183dd..0000000000
Binary files a/documentation/images/admin/audit_log_reports.png and /dev/null differ
diff --git a/documentation/images/admin/audit_log_reports.ru.png b/documentation/images/admin/audit_log_reports.ru.png
new file mode 100644
index 0000000000..d9911f2c00
Binary files /dev/null and b/documentation/images/admin/audit_log_reports.ru.png differ
diff --git a/documentation/images/admin/audit_log_reports.zh_CN.png b/documentation/images/admin/audit_log_reports.zh_CN.png
new file mode 100644
index 0000000000..6dd45691e0
Binary files /dev/null and b/documentation/images/admin/audit_log_reports.zh_CN.png differ
diff --git a/documentation/images/admin/audit_log_scheduled_jobs.de.png b/documentation/images/admin/audit_log_scheduled_jobs.de.png
new file mode 100644
index 0000000000..1f4918e2de
Binary files /dev/null and b/documentation/images/admin/audit_log_scheduled_jobs.de.png differ
diff --git a/documentation/images/admin/audit_log_scheduled_jobs.en.png b/documentation/images/admin/audit_log_scheduled_jobs.en.png
new file mode 100644
index 0000000000..443d7d688b
Binary files /dev/null and b/documentation/images/admin/audit_log_scheduled_jobs.en.png differ
diff --git a/documentation/images/admin/audit_log_scheduled_jobs.es.png b/documentation/images/admin/audit_log_scheduled_jobs.es.png
new file mode 100644
index 0000000000..0869cad8f2
Binary files /dev/null and b/documentation/images/admin/audit_log_scheduled_jobs.es.png differ
diff --git a/documentation/images/admin/audit_log_scheduled_jobs.fr.png b/documentation/images/admin/audit_log_scheduled_jobs.fr.png
new file mode 100644
index 0000000000..c8ffe3ed36
Binary files /dev/null and b/documentation/images/admin/audit_log_scheduled_jobs.fr.png differ
diff --git a/documentation/images/admin/audit_log_scheduled_jobs.it.png b/documentation/images/admin/audit_log_scheduled_jobs.it.png
new file mode 100644
index 0000000000..2cf42d0a2d
Binary files /dev/null and b/documentation/images/admin/audit_log_scheduled_jobs.it.png differ
diff --git a/documentation/images/admin/audit_log_scheduled_jobs.png b/documentation/images/admin/audit_log_scheduled_jobs.png
deleted file mode 100644
index 7a4eb356c2..0000000000
Binary files a/documentation/images/admin/audit_log_scheduled_jobs.png and /dev/null differ
diff --git a/documentation/images/admin/audit_log_scheduled_jobs.ru.png b/documentation/images/admin/audit_log_scheduled_jobs.ru.png
new file mode 100644
index 0000000000..d747afe768
Binary files /dev/null and b/documentation/images/admin/audit_log_scheduled_jobs.ru.png differ
diff --git a/documentation/images/admin/audit_log_scheduled_jobs.zh_CN.png b/documentation/images/admin/audit_log_scheduled_jobs.zh_CN.png
new file mode 100644
index 0000000000..d382145e55
Binary files /dev/null and b/documentation/images/admin/audit_log_scheduled_jobs.zh_CN.png differ
diff --git a/documentation/images/admin/audit_log_users.de.png b/documentation/images/admin/audit_log_users.de.png
new file mode 100644
index 0000000000..97227d7b5d
Binary files /dev/null and b/documentation/images/admin/audit_log_users.de.png differ
diff --git a/documentation/images/admin/audit_log_users.en.png b/documentation/images/admin/audit_log_users.en.png
new file mode 100644
index 0000000000..79d1f41544
Binary files /dev/null and b/documentation/images/admin/audit_log_users.en.png differ
diff --git a/documentation/images/admin/audit_log_users.es.png b/documentation/images/admin/audit_log_users.es.png
new file mode 100644
index 0000000000..4ead40f5fc
Binary files /dev/null and b/documentation/images/admin/audit_log_users.es.png differ
diff --git a/documentation/images/admin/audit_log_users.fr.png b/documentation/images/admin/audit_log_users.fr.png
new file mode 100644
index 0000000000..c25baf2031
Binary files /dev/null and b/documentation/images/admin/audit_log_users.fr.png differ
diff --git a/documentation/images/admin/audit_log_users.it.png b/documentation/images/admin/audit_log_users.it.png
new file mode 100644
index 0000000000..f12c8f721c
Binary files /dev/null and b/documentation/images/admin/audit_log_users.it.png differ
diff --git a/documentation/images/admin/audit_log_users.png b/documentation/images/admin/audit_log_users.png
deleted file mode 100644
index 14f83d8289..0000000000
Binary files a/documentation/images/admin/audit_log_users.png and /dev/null differ
diff --git a/documentation/images/admin/audit_log_users.ru.png b/documentation/images/admin/audit_log_users.ru.png
new file mode 100644
index 0000000000..838b9fa35d
Binary files /dev/null and b/documentation/images/admin/audit_log_users.ru.png differ
diff --git a/documentation/images/admin/audit_log_users.zh_CN.png b/documentation/images/admin/audit_log_users.zh_CN.png
new file mode 100644
index 0000000000..d2a94c958d
Binary files /dev/null and b/documentation/images/admin/audit_log_users.zh_CN.png differ
diff --git a/documentation/images/admin/changelog.de.png b/documentation/images/admin/changelog.de.png
new file mode 100644
index 0000000000..baf643c50b
Binary files /dev/null and b/documentation/images/admin/changelog.de.png differ
diff --git a/documentation/images/admin/changelog.en.png b/documentation/images/admin/changelog.en.png
new file mode 100644
index 0000000000..42cd0df667
Binary files /dev/null and b/documentation/images/admin/changelog.en.png differ
diff --git a/documentation/images/admin/changelog.es.png b/documentation/images/admin/changelog.es.png
new file mode 100644
index 0000000000..c058c5a5b6
Binary files /dev/null and b/documentation/images/admin/changelog.es.png differ
diff --git a/documentation/images/admin/changelog.fr.png b/documentation/images/admin/changelog.fr.png
new file mode 100644
index 0000000000..7751d3c02d
Binary files /dev/null and b/documentation/images/admin/changelog.fr.png differ
diff --git a/documentation/images/admin/changelog.it.png b/documentation/images/admin/changelog.it.png
new file mode 100644
index 0000000000..9011eefb7f
Binary files /dev/null and b/documentation/images/admin/changelog.it.png differ
diff --git a/documentation/images/admin/changelog.png b/documentation/images/admin/changelog.png
deleted file mode 100644
index edbd9cf839..0000000000
Binary files a/documentation/images/admin/changelog.png and /dev/null differ
diff --git a/documentation/images/admin/changelog.ru.png b/documentation/images/admin/changelog.ru.png
new file mode 100644
index 0000000000..8788769f08
Binary files /dev/null and b/documentation/images/admin/changelog.ru.png differ
diff --git a/documentation/images/admin/changelog.zh_CN.png b/documentation/images/admin/changelog.zh_CN.png
new file mode 100644
index 0000000000..e1e99a7c0c
Binary files /dev/null and b/documentation/images/admin/changelog.zh_CN.png differ
diff --git a/documentation/images/admin/channels.de.png b/documentation/images/admin/channels.de.png
new file mode 100644
index 0000000000..1c5816fc09
Binary files /dev/null and b/documentation/images/admin/channels.de.png differ
diff --git a/documentation/images/admin/channels.en.png b/documentation/images/admin/channels.en.png
new file mode 100644
index 0000000000..25c9dcc64d
Binary files /dev/null and b/documentation/images/admin/channels.en.png differ
diff --git a/documentation/images/admin/channels.es.png b/documentation/images/admin/channels.es.png
new file mode 100644
index 0000000000..44d2da2578
Binary files /dev/null and b/documentation/images/admin/channels.es.png differ
diff --git a/documentation/images/admin/channels.fr.png b/documentation/images/admin/channels.fr.png
new file mode 100644
index 0000000000..e454be9646
Binary files /dev/null and b/documentation/images/admin/channels.fr.png differ
diff --git a/documentation/images/admin/channels.it.png b/documentation/images/admin/channels.it.png
new file mode 100644
index 0000000000..43ef63622f
Binary files /dev/null and b/documentation/images/admin/channels.it.png differ
diff --git a/documentation/images/admin/channels.png b/documentation/images/admin/channels.png
deleted file mode 100644
index 6a0624dc0f..0000000000
Binary files a/documentation/images/admin/channels.png and /dev/null differ
diff --git a/documentation/images/admin/channels.ru.png b/documentation/images/admin/channels.ru.png
new file mode 100644
index 0000000000..5e524a3097
Binary files /dev/null and b/documentation/images/admin/channels.ru.png differ
diff --git a/documentation/images/admin/channels.zh_CN.png b/documentation/images/admin/channels.zh_CN.png
new file mode 100644
index 0000000000..573908b4bc
Binary files /dev/null and b/documentation/images/admin/channels.zh_CN.png differ
diff --git a/documentation/images/admin/home.de.png b/documentation/images/admin/home.de.png
new file mode 100644
index 0000000000..7ceb5b847c
Binary files /dev/null and b/documentation/images/admin/home.de.png differ
diff --git a/documentation/images/admin/home.en.png b/documentation/images/admin/home.en.png
new file mode 100644
index 0000000000..10e4537d69
Binary files /dev/null and b/documentation/images/admin/home.en.png differ
diff --git a/documentation/images/admin/home.es.png b/documentation/images/admin/home.es.png
new file mode 100644
index 0000000000..dd14fac22c
Binary files /dev/null and b/documentation/images/admin/home.es.png differ
diff --git a/documentation/images/admin/home.fr.png b/documentation/images/admin/home.fr.png
new file mode 100644
index 0000000000..986e9de5bf
Binary files /dev/null and b/documentation/images/admin/home.fr.png differ
diff --git a/documentation/images/admin/home.it.png b/documentation/images/admin/home.it.png
new file mode 100644
index 0000000000..b8835ed6a5
Binary files /dev/null and b/documentation/images/admin/home.it.png differ
diff --git a/documentation/images/admin/home.png b/documentation/images/admin/home.png
deleted file mode 100644
index 9f9b6333db..0000000000
Binary files a/documentation/images/admin/home.png and /dev/null differ
diff --git a/documentation/images/admin/home.ru.png b/documentation/images/admin/home.ru.png
new file mode 100644
index 0000000000..46356aebf8
Binary files /dev/null and b/documentation/images/admin/home.ru.png differ
diff --git a/documentation/images/admin/home.zh_CN.png b/documentation/images/admin/home.zh_CN.png
new file mode 100644
index 0000000000..7a6486831d
Binary files /dev/null and b/documentation/images/admin/home.zh_CN.png differ
diff --git a/documentation/images/admin/https.de.png b/documentation/images/admin/https.de.png
new file mode 100644
index 0000000000..ca9933907a
Binary files /dev/null and b/documentation/images/admin/https.de.png differ
diff --git a/documentation/images/admin/https.en.png b/documentation/images/admin/https.en.png
new file mode 100644
index 0000000000..f534d6680a
Binary files /dev/null and b/documentation/images/admin/https.en.png differ
diff --git a/documentation/images/admin/https.es.png b/documentation/images/admin/https.es.png
new file mode 100644
index 0000000000..396b515548
Binary files /dev/null and b/documentation/images/admin/https.es.png differ
diff --git a/documentation/images/admin/https.fr.png b/documentation/images/admin/https.fr.png
new file mode 100644
index 0000000000..b9c3261f64
Binary files /dev/null and b/documentation/images/admin/https.fr.png differ
diff --git a/documentation/images/admin/https.it.png b/documentation/images/admin/https.it.png
new file mode 100644
index 0000000000..b570450dab
Binary files /dev/null and b/documentation/images/admin/https.it.png differ
diff --git a/documentation/images/admin/https.png b/documentation/images/admin/https.png
deleted file mode 100644
index 556ed8ff70..0000000000
Binary files a/documentation/images/admin/https.png and /dev/null differ
diff --git a/documentation/images/admin/https.ru.png b/documentation/images/admin/https.ru.png
new file mode 100644
index 0000000000..59f2985575
Binary files /dev/null and b/documentation/images/admin/https.ru.png differ
diff --git a/documentation/images/admin/https.zh_CN.png b/documentation/images/admin/https.zh_CN.png
new file mode 100644
index 0000000000..6255bd3eb3
Binary files /dev/null and b/documentation/images/admin/https.zh_CN.png differ
diff --git a/documentation/images/admin/license.de.png b/documentation/images/admin/license.de.png
new file mode 100644
index 0000000000..edae79b280
Binary files /dev/null and b/documentation/images/admin/license.de.png differ
diff --git a/documentation/images/admin/license.en.png b/documentation/images/admin/license.en.png
new file mode 100644
index 0000000000..afef4f525c
Binary files /dev/null and b/documentation/images/admin/license.en.png differ
diff --git a/documentation/images/admin/license.es.png b/documentation/images/admin/license.es.png
new file mode 100644
index 0000000000..8f1d221f2c
Binary files /dev/null and b/documentation/images/admin/license.es.png differ
diff --git a/documentation/images/admin/license.fr.png b/documentation/images/admin/license.fr.png
new file mode 100644
index 0000000000..7da2dfda19
Binary files /dev/null and b/documentation/images/admin/license.fr.png differ
diff --git a/documentation/images/admin/license.it.png b/documentation/images/admin/license.it.png
new file mode 100644
index 0000000000..a51bc2c233
Binary files /dev/null and b/documentation/images/admin/license.it.png differ
diff --git a/documentation/images/admin/license.png b/documentation/images/admin/license.png
deleted file mode 100644
index 29a7d9d490..0000000000
Binary files a/documentation/images/admin/license.png and /dev/null differ
diff --git a/documentation/images/admin/license.ru.png b/documentation/images/admin/license.ru.png
new file mode 100644
index 0000000000..ecb21bc8ed
Binary files /dev/null and b/documentation/images/admin/license.ru.png differ
diff --git a/documentation/images/admin/license.zh_CN.png b/documentation/images/admin/license.zh_CN.png
new file mode 100644
index 0000000000..0b4258c186
Binary files /dev/null and b/documentation/images/admin/license.zh_CN.png differ
diff --git a/documentation/images/admin/notification_settings.de.png b/documentation/images/admin/notification_settings.de.png
new file mode 100644
index 0000000000..ac118415aa
Binary files /dev/null and b/documentation/images/admin/notification_settings.de.png differ
diff --git a/documentation/images/admin/notification_settings.en.png b/documentation/images/admin/notification_settings.en.png
new file mode 100644
index 0000000000..e61f12537b
Binary files /dev/null and b/documentation/images/admin/notification_settings.en.png differ
diff --git a/documentation/images/admin/notification_settings.es.png b/documentation/images/admin/notification_settings.es.png
new file mode 100644
index 0000000000..02d68d9842
Binary files /dev/null and b/documentation/images/admin/notification_settings.es.png differ
diff --git a/documentation/images/admin/notification_settings.fr.png b/documentation/images/admin/notification_settings.fr.png
new file mode 100644
index 0000000000..e37f2db7a6
Binary files /dev/null and b/documentation/images/admin/notification_settings.fr.png differ
diff --git a/documentation/images/admin/notification_settings.it.png b/documentation/images/admin/notification_settings.it.png
new file mode 100644
index 0000000000..8c79e58855
Binary files /dev/null and b/documentation/images/admin/notification_settings.it.png differ
diff --git a/documentation/images/admin/notification_settings.png b/documentation/images/admin/notification_settings.png
deleted file mode 100644
index 433aaf2dde..0000000000
Binary files a/documentation/images/admin/notification_settings.png and /dev/null differ
diff --git a/documentation/images/admin/notification_settings.ru.png b/documentation/images/admin/notification_settings.ru.png
new file mode 100644
index 0000000000..2c8f6a6a6d
Binary files /dev/null and b/documentation/images/admin/notification_settings.ru.png differ
diff --git a/documentation/images/admin/notification_settings.zh_CN.png b/documentation/images/admin/notification_settings.zh_CN.png
new file mode 100644
index 0000000000..64e695b567
Binary files /dev/null and b/documentation/images/admin/notification_settings.zh_CN.png differ
diff --git a/documentation/images/admin/notification_settings_detail.de.png b/documentation/images/admin/notification_settings_detail.de.png
new file mode 100644
index 0000000000..350db4b307
Binary files /dev/null and b/documentation/images/admin/notification_settings_detail.de.png differ
diff --git a/documentation/images/admin/notification_settings_detail.en.png b/documentation/images/admin/notification_settings_detail.en.png
new file mode 100644
index 0000000000..8a06d6f679
Binary files /dev/null and b/documentation/images/admin/notification_settings_detail.en.png differ
diff --git a/documentation/images/admin/notification_settings_detail.es.png b/documentation/images/admin/notification_settings_detail.es.png
new file mode 100644
index 0000000000..48ac2f9b7d
Binary files /dev/null and b/documentation/images/admin/notification_settings_detail.es.png differ
diff --git a/documentation/images/admin/notification_settings_detail.fr.png b/documentation/images/admin/notification_settings_detail.fr.png
new file mode 100644
index 0000000000..4fdf9f6677
Binary files /dev/null and b/documentation/images/admin/notification_settings_detail.fr.png differ
diff --git a/documentation/images/admin/notification_settings_detail.it.png b/documentation/images/admin/notification_settings_detail.it.png
new file mode 100644
index 0000000000..ab7fb75331
Binary files /dev/null and b/documentation/images/admin/notification_settings_detail.it.png differ
diff --git a/documentation/images/admin/notification_settings_detail.png b/documentation/images/admin/notification_settings_detail.png
deleted file mode 100644
index e72d9513bd..0000000000
Binary files a/documentation/images/admin/notification_settings_detail.png and /dev/null differ
diff --git a/documentation/images/admin/notification_settings_detail.ru.png b/documentation/images/admin/notification_settings_detail.ru.png
new file mode 100644
index 0000000000..a3de611e20
Binary files /dev/null and b/documentation/images/admin/notification_settings_detail.ru.png differ
diff --git a/documentation/images/admin/notification_settings_detail.zh_CN.png b/documentation/images/admin/notification_settings_detail.zh_CN.png
new file mode 100644
index 0000000000..bb7aa8dfa9
Binary files /dev/null and b/documentation/images/admin/notification_settings_detail.zh_CN.png differ
diff --git a/documentation/images/admin/notification_templates.de.png b/documentation/images/admin/notification_templates.de.png
new file mode 100644
index 0000000000..826291db69
Binary files /dev/null and b/documentation/images/admin/notification_templates.de.png differ
diff --git a/documentation/images/admin/notification_templates.en.png b/documentation/images/admin/notification_templates.en.png
new file mode 100644
index 0000000000..a6143b42df
Binary files /dev/null and b/documentation/images/admin/notification_templates.en.png differ
diff --git a/documentation/images/admin/notification_templates.es.png b/documentation/images/admin/notification_templates.es.png
new file mode 100644
index 0000000000..21240ec66d
Binary files /dev/null and b/documentation/images/admin/notification_templates.es.png differ
diff --git a/documentation/images/admin/notification_templates.fr.png b/documentation/images/admin/notification_templates.fr.png
new file mode 100644
index 0000000000..e2f3ed5c47
Binary files /dev/null and b/documentation/images/admin/notification_templates.fr.png differ
diff --git a/documentation/images/admin/notification_templates.it.png b/documentation/images/admin/notification_templates.it.png
new file mode 100644
index 0000000000..004c581061
Binary files /dev/null and b/documentation/images/admin/notification_templates.it.png differ
diff --git a/documentation/images/admin/notification_templates.png b/documentation/images/admin/notification_templates.png
deleted file mode 100644
index 84ec739b8e..0000000000
Binary files a/documentation/images/admin/notification_templates.png and /dev/null differ
diff --git a/documentation/images/admin/notification_templates.ru.png b/documentation/images/admin/notification_templates.ru.png
new file mode 100644
index 0000000000..88bad9be1e
Binary files /dev/null and b/documentation/images/admin/notification_templates.ru.png differ
diff --git a/documentation/images/admin/notification_templates.zh_CN.png b/documentation/images/admin/notification_templates.zh_CN.png
new file mode 100644
index 0000000000..2bb98e9868
Binary files /dev/null and b/documentation/images/admin/notification_templates.zh_CN.png differ
diff --git a/documentation/images/admin/question_templates.de.png b/documentation/images/admin/question_templates.de.png
new file mode 100644
index 0000000000..ecdfa5ae94
Binary files /dev/null and b/documentation/images/admin/question_templates.de.png differ
diff --git a/documentation/images/admin/question_templates.en.png b/documentation/images/admin/question_templates.en.png
new file mode 100644
index 0000000000..a13ff87c08
Binary files /dev/null and b/documentation/images/admin/question_templates.en.png differ
diff --git a/documentation/images/admin/question_templates.es.png b/documentation/images/admin/question_templates.es.png
new file mode 100644
index 0000000000..531ec9e925
Binary files /dev/null and b/documentation/images/admin/question_templates.es.png differ
diff --git a/documentation/images/admin/question_templates.fr.png b/documentation/images/admin/question_templates.fr.png
new file mode 100644
index 0000000000..f59edd5ca8
Binary files /dev/null and b/documentation/images/admin/question_templates.fr.png differ
diff --git a/documentation/images/admin/question_templates.it.png b/documentation/images/admin/question_templates.it.png
new file mode 100644
index 0000000000..1d14b21e4b
Binary files /dev/null and b/documentation/images/admin/question_templates.it.png differ
diff --git a/documentation/images/admin/question_templates.png b/documentation/images/admin/question_templates.png
deleted file mode 100644
index c3da6b5b98..0000000000
Binary files a/documentation/images/admin/question_templates.png and /dev/null differ
diff --git a/documentation/images/admin/question_templates.ru.png b/documentation/images/admin/question_templates.ru.png
new file mode 100644
index 0000000000..4373290e8e
Binary files /dev/null and b/documentation/images/admin/question_templates.ru.png differ
diff --git a/documentation/images/admin/question_templates.zh_CN.png b/documentation/images/admin/question_templates.zh_CN.png
new file mode 100644
index 0000000000..57b06b2827
Binary files /dev/null and b/documentation/images/admin/question_templates.zh_CN.png differ
diff --git a/documentation/images/admin/questionnaires.de.png b/documentation/images/admin/questionnaires.de.png
new file mode 100644
index 0000000000..d7b49e53f7
Binary files /dev/null and b/documentation/images/admin/questionnaires.de.png differ
diff --git a/documentation/images/admin/questionnaires.en.png b/documentation/images/admin/questionnaires.en.png
new file mode 100644
index 0000000000..75fbcd79f3
Binary files /dev/null and b/documentation/images/admin/questionnaires.en.png differ
diff --git a/documentation/images/admin/questionnaires.es.png b/documentation/images/admin/questionnaires.es.png
new file mode 100644
index 0000000000..8d9c8176e9
Binary files /dev/null and b/documentation/images/admin/questionnaires.es.png differ
diff --git a/documentation/images/admin/questionnaires.fr.png b/documentation/images/admin/questionnaires.fr.png
new file mode 100644
index 0000000000..c32ef44ec0
Binary files /dev/null and b/documentation/images/admin/questionnaires.fr.png differ
diff --git a/documentation/images/admin/questionnaires.it.png b/documentation/images/admin/questionnaires.it.png
new file mode 100644
index 0000000000..ed7664905a
Binary files /dev/null and b/documentation/images/admin/questionnaires.it.png differ
diff --git a/documentation/images/admin/questionnaires.png b/documentation/images/admin/questionnaires.png
deleted file mode 100644
index 3abeff1629..0000000000
Binary files a/documentation/images/admin/questionnaires.png and /dev/null differ
diff --git a/documentation/images/admin/questionnaires.ru.png b/documentation/images/admin/questionnaires.ru.png
new file mode 100644
index 0000000000..7ab51dd9cb
Binary files /dev/null and b/documentation/images/admin/questionnaires.ru.png differ
diff --git a/documentation/images/admin/questionnaires.zh_CN.png b/documentation/images/admin/questionnaires.zh_CN.png
new file mode 100644
index 0000000000..d8fe05a642
Binary files /dev/null and b/documentation/images/admin/questionnaires.zh_CN.png differ
diff --git a/documentation/images/admin/report_statuses.de.png b/documentation/images/admin/report_statuses.de.png
new file mode 100644
index 0000000000..5f02238465
Binary files /dev/null and b/documentation/images/admin/report_statuses.de.png differ
diff --git a/documentation/images/admin/report_statuses.en.png b/documentation/images/admin/report_statuses.en.png
new file mode 100644
index 0000000000..8e3516e996
Binary files /dev/null and b/documentation/images/admin/report_statuses.en.png differ
diff --git a/documentation/images/admin/report_statuses.es.png b/documentation/images/admin/report_statuses.es.png
new file mode 100644
index 0000000000..7f3a02b415
Binary files /dev/null and b/documentation/images/admin/report_statuses.es.png differ
diff --git a/documentation/images/admin/report_statuses.fr.png b/documentation/images/admin/report_statuses.fr.png
new file mode 100644
index 0000000000..3fd255d270
Binary files /dev/null and b/documentation/images/admin/report_statuses.fr.png differ
diff --git a/documentation/images/admin/report_statuses.it.png b/documentation/images/admin/report_statuses.it.png
new file mode 100644
index 0000000000..03fe21cb5e
Binary files /dev/null and b/documentation/images/admin/report_statuses.it.png differ
diff --git a/documentation/images/admin/report_statuses.png b/documentation/images/admin/report_statuses.png
deleted file mode 100644
index aed3e4e5fd..0000000000
Binary files a/documentation/images/admin/report_statuses.png and /dev/null differ
diff --git a/documentation/images/admin/report_statuses.ru.png b/documentation/images/admin/report_statuses.ru.png
new file mode 100644
index 0000000000..2b687fae5e
Binary files /dev/null and b/documentation/images/admin/report_statuses.ru.png differ
diff --git a/documentation/images/admin/report_statuses.zh_CN.png b/documentation/images/admin/report_statuses.zh_CN.png
new file mode 100644
index 0000000000..8f7edf6512
Binary files /dev/null and b/documentation/images/admin/report_statuses.zh_CN.png differ
diff --git a/documentation/images/admin/signup_configuration.de.png b/documentation/images/admin/signup_configuration.de.png
new file mode 100644
index 0000000000..fd024698d3
Binary files /dev/null and b/documentation/images/admin/signup_configuration.de.png differ
diff --git a/documentation/images/admin/signup_configuration.en.png b/documentation/images/admin/signup_configuration.en.png
new file mode 100644
index 0000000000..3393b6fa16
Binary files /dev/null and b/documentation/images/admin/signup_configuration.en.png differ
diff --git a/documentation/images/admin/signup_configuration.es.png b/documentation/images/admin/signup_configuration.es.png
new file mode 100644
index 0000000000..f912ca2d2a
Binary files /dev/null and b/documentation/images/admin/signup_configuration.es.png differ
diff --git a/documentation/images/admin/signup_configuration.fr.png b/documentation/images/admin/signup_configuration.fr.png
new file mode 100644
index 0000000000..bce42ccc17
Binary files /dev/null and b/documentation/images/admin/signup_configuration.fr.png differ
diff --git a/documentation/images/admin/signup_configuration.it.png b/documentation/images/admin/signup_configuration.it.png
new file mode 100644
index 0000000000..79f78fa68d
Binary files /dev/null and b/documentation/images/admin/signup_configuration.it.png differ
diff --git a/documentation/images/admin/signup_configuration.png b/documentation/images/admin/signup_configuration.png
deleted file mode 100644
index fb46b7e2b0..0000000000
Binary files a/documentation/images/admin/signup_configuration.png and /dev/null differ
diff --git a/documentation/images/admin/signup_configuration.ru.png b/documentation/images/admin/signup_configuration.ru.png
new file mode 100644
index 0000000000..e9ccd959a5
Binary files /dev/null and b/documentation/images/admin/signup_configuration.ru.png differ
diff --git a/documentation/images/admin/signup_configuration.zh_CN.png b/documentation/images/admin/signup_configuration.zh_CN.png
new file mode 100644
index 0000000000..682765d2c0
Binary files /dev/null and b/documentation/images/admin/signup_configuration.zh_CN.png differ
diff --git a/documentation/images/admin/signup_form.de.png b/documentation/images/admin/signup_form.de.png
new file mode 100644
index 0000000000..0f6f2ec819
Binary files /dev/null and b/documentation/images/admin/signup_form.de.png differ
diff --git a/documentation/images/admin/signup_form.en.png b/documentation/images/admin/signup_form.en.png
new file mode 100644
index 0000000000..ea54018b1a
Binary files /dev/null and b/documentation/images/admin/signup_form.en.png differ
diff --git a/documentation/images/admin/signup_form.es.png b/documentation/images/admin/signup_form.es.png
new file mode 100644
index 0000000000..d80de74ed3
Binary files /dev/null and b/documentation/images/admin/signup_form.es.png differ
diff --git a/documentation/images/admin/signup_form.fr.png b/documentation/images/admin/signup_form.fr.png
new file mode 100644
index 0000000000..7ecb98d8ce
Binary files /dev/null and b/documentation/images/admin/signup_form.fr.png differ
diff --git a/documentation/images/admin/signup_form.it.png b/documentation/images/admin/signup_form.it.png
new file mode 100644
index 0000000000..a003d00b15
Binary files /dev/null and b/documentation/images/admin/signup_form.it.png differ
diff --git a/documentation/images/admin/signup_form.png b/documentation/images/admin/signup_form.png
deleted file mode 100644
index 9c22230deb..0000000000
Binary files a/documentation/images/admin/signup_form.png and /dev/null differ
diff --git a/documentation/images/admin/signup_form.ru.png b/documentation/images/admin/signup_form.ru.png
new file mode 100644
index 0000000000..81e7c4187b
Binary files /dev/null and b/documentation/images/admin/signup_form.ru.png differ
diff --git a/documentation/images/admin/signup_form.zh_CN.png b/documentation/images/admin/signup_form.zh_CN.png
new file mode 100644
index 0000000000..ee13c4e5ca
Binary files /dev/null and b/documentation/images/admin/signup_form.zh_CN.png differ
diff --git a/documentation/images/admin/site_settings_files.de.png b/documentation/images/admin/site_settings_files.de.png
new file mode 100644
index 0000000000..085a5e98f4
Binary files /dev/null and b/documentation/images/admin/site_settings_files.de.png differ
diff --git a/documentation/images/admin/site_settings_files.en.png b/documentation/images/admin/site_settings_files.en.png
new file mode 100644
index 0000000000..fc8237a627
Binary files /dev/null and b/documentation/images/admin/site_settings_files.en.png differ
diff --git a/documentation/images/admin/site_settings_files.es.png b/documentation/images/admin/site_settings_files.es.png
new file mode 100644
index 0000000000..aa80a9c7a4
Binary files /dev/null and b/documentation/images/admin/site_settings_files.es.png differ
diff --git a/documentation/images/admin/site_settings_files.fr.png b/documentation/images/admin/site_settings_files.fr.png
new file mode 100644
index 0000000000..ebe21291dd
Binary files /dev/null and b/documentation/images/admin/site_settings_files.fr.png differ
diff --git a/documentation/images/admin/site_settings_files.it.png b/documentation/images/admin/site_settings_files.it.png
new file mode 100644
index 0000000000..2f50e0ea01
Binary files /dev/null and b/documentation/images/admin/site_settings_files.it.png differ
diff --git a/documentation/images/admin/site_settings_files.png b/documentation/images/admin/site_settings_files.png
deleted file mode 100644
index f35cef2f4e..0000000000
Binary files a/documentation/images/admin/site_settings_files.png and /dev/null differ
diff --git a/documentation/images/admin/site_settings_files.ru.png b/documentation/images/admin/site_settings_files.ru.png
new file mode 100644
index 0000000000..7d7ccdf191
Binary files /dev/null and b/documentation/images/admin/site_settings_files.ru.png differ
diff --git a/documentation/images/admin/site_settings_files.zh_CN.png b/documentation/images/admin/site_settings_files.zh_CN.png
new file mode 100644
index 0000000000..7af4b625ab
Binary files /dev/null and b/documentation/images/admin/site_settings_files.zh_CN.png differ
diff --git a/documentation/images/admin/site_settings_languages.de.png b/documentation/images/admin/site_settings_languages.de.png
new file mode 100644
index 0000000000..96875e76ab
Binary files /dev/null and b/documentation/images/admin/site_settings_languages.de.png differ
diff --git a/documentation/images/admin/site_settings_languages.en.png b/documentation/images/admin/site_settings_languages.en.png
new file mode 100644
index 0000000000..08e92c8ff9
Binary files /dev/null and b/documentation/images/admin/site_settings_languages.en.png differ
diff --git a/documentation/images/admin/site_settings_languages.es.png b/documentation/images/admin/site_settings_languages.es.png
new file mode 100644
index 0000000000..660f079890
Binary files /dev/null and b/documentation/images/admin/site_settings_languages.es.png differ
diff --git a/documentation/images/admin/site_settings_languages.fr.png b/documentation/images/admin/site_settings_languages.fr.png
new file mode 100644
index 0000000000..94dae6977a
Binary files /dev/null and b/documentation/images/admin/site_settings_languages.fr.png differ
diff --git a/documentation/images/admin/site_settings_languages.it.png b/documentation/images/admin/site_settings_languages.it.png
new file mode 100644
index 0000000000..de6a47a294
Binary files /dev/null and b/documentation/images/admin/site_settings_languages.it.png differ
diff --git a/documentation/images/admin/site_settings_languages.png b/documentation/images/admin/site_settings_languages.png
deleted file mode 100644
index 392346d6ec..0000000000
Binary files a/documentation/images/admin/site_settings_languages.png and /dev/null differ
diff --git a/documentation/images/admin/site_settings_languages.ru.png b/documentation/images/admin/site_settings_languages.ru.png
new file mode 100644
index 0000000000..47d5a338ea
Binary files /dev/null and b/documentation/images/admin/site_settings_languages.ru.png differ
diff --git a/documentation/images/admin/site_settings_languages.zh_CN.png b/documentation/images/admin/site_settings_languages.zh_CN.png
new file mode 100644
index 0000000000..8cd20b0b85
Binary files /dev/null and b/documentation/images/admin/site_settings_languages.zh_CN.png differ
diff --git a/documentation/images/admin/site_settings_languages_detail.de.png b/documentation/images/admin/site_settings_languages_detail.de.png
new file mode 100644
index 0000000000..0041dbe563
Binary files /dev/null and b/documentation/images/admin/site_settings_languages_detail.de.png differ
diff --git a/documentation/images/admin/site_settings_languages_detail.en.png b/documentation/images/admin/site_settings_languages_detail.en.png
new file mode 100644
index 0000000000..9c3f88d340
Binary files /dev/null and b/documentation/images/admin/site_settings_languages_detail.en.png differ
diff --git a/documentation/images/admin/site_settings_languages_detail.es.png b/documentation/images/admin/site_settings_languages_detail.es.png
new file mode 100644
index 0000000000..f13e0a0c3e
Binary files /dev/null and b/documentation/images/admin/site_settings_languages_detail.es.png differ
diff --git a/documentation/images/admin/site_settings_languages_detail.fr.png b/documentation/images/admin/site_settings_languages_detail.fr.png
new file mode 100644
index 0000000000..2f16bbd6e4
Binary files /dev/null and b/documentation/images/admin/site_settings_languages_detail.fr.png differ
diff --git a/documentation/images/admin/site_settings_languages_detail.it.png b/documentation/images/admin/site_settings_languages_detail.it.png
new file mode 100644
index 0000000000..8f61660131
Binary files /dev/null and b/documentation/images/admin/site_settings_languages_detail.it.png differ
diff --git a/documentation/images/admin/site_settings_languages_detail.png b/documentation/images/admin/site_settings_languages_detail.png
deleted file mode 100644
index 6c69db54ca..0000000000
Binary files a/documentation/images/admin/site_settings_languages_detail.png and /dev/null differ
diff --git a/documentation/images/admin/site_settings_languages_detail.ru.png b/documentation/images/admin/site_settings_languages_detail.ru.png
new file mode 100644
index 0000000000..c973a9d86a
Binary files /dev/null and b/documentation/images/admin/site_settings_languages_detail.ru.png differ
diff --git a/documentation/images/admin/site_settings_languages_detail.zh_CN.png b/documentation/images/admin/site_settings_languages_detail.zh_CN.png
new file mode 100644
index 0000000000..0b04a452a4
Binary files /dev/null and b/documentation/images/admin/site_settings_languages_detail.zh_CN.png differ
diff --git a/documentation/images/admin/site_settings_logo_detail.de.png b/documentation/images/admin/site_settings_logo_detail.de.png
new file mode 100644
index 0000000000..33071a97fe
Binary files /dev/null and b/documentation/images/admin/site_settings_logo_detail.de.png differ
diff --git a/documentation/images/admin/site_settings_logo_detail.en.png b/documentation/images/admin/site_settings_logo_detail.en.png
new file mode 100644
index 0000000000..fbfb1d1426
Binary files /dev/null and b/documentation/images/admin/site_settings_logo_detail.en.png differ
diff --git a/documentation/images/admin/site_settings_logo_detail.es.png b/documentation/images/admin/site_settings_logo_detail.es.png
new file mode 100644
index 0000000000..8eb916d88d
Binary files /dev/null and b/documentation/images/admin/site_settings_logo_detail.es.png differ
diff --git a/documentation/images/admin/site_settings_logo_detail.fr.png b/documentation/images/admin/site_settings_logo_detail.fr.png
new file mode 100644
index 0000000000..db830d6ab7
Binary files /dev/null and b/documentation/images/admin/site_settings_logo_detail.fr.png differ
diff --git a/documentation/images/admin/site_settings_logo_detail.it.png b/documentation/images/admin/site_settings_logo_detail.it.png
new file mode 100644
index 0000000000..2216d95d07
Binary files /dev/null and b/documentation/images/admin/site_settings_logo_detail.it.png differ
diff --git a/documentation/images/admin/site_settings_logo_detail.png b/documentation/images/admin/site_settings_logo_detail.png
deleted file mode 100644
index 203fcd8635..0000000000
Binary files a/documentation/images/admin/site_settings_logo_detail.png and /dev/null differ
diff --git a/documentation/images/admin/site_settings_logo_detail.ru.png b/documentation/images/admin/site_settings_logo_detail.ru.png
new file mode 100644
index 0000000000..fe8aae423c
Binary files /dev/null and b/documentation/images/admin/site_settings_logo_detail.ru.png differ
diff --git a/documentation/images/admin/site_settings_logo_detail.zh_CN.png b/documentation/images/admin/site_settings_logo_detail.zh_CN.png
new file mode 100644
index 0000000000..738cf6e87d
Binary files /dev/null and b/documentation/images/admin/site_settings_logo_detail.zh_CN.png differ
diff --git a/documentation/images/admin/site_settings_main_configuration.de.png b/documentation/images/admin/site_settings_main_configuration.de.png
new file mode 100644
index 0000000000..2f7cd7c490
Binary files /dev/null and b/documentation/images/admin/site_settings_main_configuration.de.png differ
diff --git a/documentation/images/admin/site_settings_main_configuration.en.png b/documentation/images/admin/site_settings_main_configuration.en.png
new file mode 100644
index 0000000000..fa7c49d270
Binary files /dev/null and b/documentation/images/admin/site_settings_main_configuration.en.png differ
diff --git a/documentation/images/admin/site_settings_main_configuration.es.png b/documentation/images/admin/site_settings_main_configuration.es.png
new file mode 100644
index 0000000000..e6b4d559b5
Binary files /dev/null and b/documentation/images/admin/site_settings_main_configuration.es.png differ
diff --git a/documentation/images/admin/site_settings_main_configuration.fr.png b/documentation/images/admin/site_settings_main_configuration.fr.png
new file mode 100644
index 0000000000..5f4f4b921b
Binary files /dev/null and b/documentation/images/admin/site_settings_main_configuration.fr.png differ
diff --git a/documentation/images/admin/site_settings_main_configuration.it.png b/documentation/images/admin/site_settings_main_configuration.it.png
new file mode 100644
index 0000000000..547d3dc9a3
Binary files /dev/null and b/documentation/images/admin/site_settings_main_configuration.it.png differ
diff --git a/documentation/images/admin/site_settings_main_configuration.png b/documentation/images/admin/site_settings_main_configuration.png
deleted file mode 100644
index b1e1c7b89b..0000000000
Binary files a/documentation/images/admin/site_settings_main_configuration.png and /dev/null differ
diff --git a/documentation/images/admin/site_settings_main_configuration.ru.png b/documentation/images/admin/site_settings_main_configuration.ru.png
new file mode 100644
index 0000000000..5766174e9f
Binary files /dev/null and b/documentation/images/admin/site_settings_main_configuration.ru.png differ
diff --git a/documentation/images/admin/site_settings_main_configuration.zh_CN.png b/documentation/images/admin/site_settings_main_configuration.zh_CN.png
new file mode 100644
index 0000000000..a7316f8043
Binary files /dev/null and b/documentation/images/admin/site_settings_main_configuration.zh_CN.png differ
diff --git a/documentation/images/admin/site_settings_text_customization.de.png b/documentation/images/admin/site_settings_text_customization.de.png
new file mode 100644
index 0000000000..ea003b2c4a
Binary files /dev/null and b/documentation/images/admin/site_settings_text_customization.de.png differ
diff --git a/documentation/images/admin/site_settings_text_customization.en.png b/documentation/images/admin/site_settings_text_customization.en.png
new file mode 100644
index 0000000000..56c68651de
Binary files /dev/null and b/documentation/images/admin/site_settings_text_customization.en.png differ
diff --git a/documentation/images/admin/site_settings_text_customization.es.png b/documentation/images/admin/site_settings_text_customization.es.png
new file mode 100644
index 0000000000..2d46670584
Binary files /dev/null and b/documentation/images/admin/site_settings_text_customization.es.png differ
diff --git a/documentation/images/admin/site_settings_text_customization.fr.png b/documentation/images/admin/site_settings_text_customization.fr.png
new file mode 100644
index 0000000000..2a94a898f3
Binary files /dev/null and b/documentation/images/admin/site_settings_text_customization.fr.png differ
diff --git a/documentation/images/admin/site_settings_text_customization.it.png b/documentation/images/admin/site_settings_text_customization.it.png
new file mode 100644
index 0000000000..d86f658b8b
Binary files /dev/null and b/documentation/images/admin/site_settings_text_customization.it.png differ
diff --git a/documentation/images/admin/site_settings_text_customization.png b/documentation/images/admin/site_settings_text_customization.png
deleted file mode 100644
index f6adbcbd88..0000000000
Binary files a/documentation/images/admin/site_settings_text_customization.png and /dev/null differ
diff --git a/documentation/images/admin/site_settings_text_customization.ru.png b/documentation/images/admin/site_settings_text_customization.ru.png
new file mode 100644
index 0000000000..596c55fd53
Binary files /dev/null and b/documentation/images/admin/site_settings_text_customization.ru.png differ
diff --git a/documentation/images/admin/site_settings_text_customization.zh_CN.png b/documentation/images/admin/site_settings_text_customization.zh_CN.png
new file mode 100644
index 0000000000..7d764dd35d
Binary files /dev/null and b/documentation/images/admin/site_settings_text_customization.zh_CN.png differ
diff --git a/documentation/images/admin/sites_management_options.de.png b/documentation/images/admin/sites_management_options.de.png
new file mode 100644
index 0000000000..03f309c91b
Binary files /dev/null and b/documentation/images/admin/sites_management_options.de.png differ
diff --git a/documentation/images/admin/sites_management_options.en.png b/documentation/images/admin/sites_management_options.en.png
new file mode 100644
index 0000000000..12384afbaf
Binary files /dev/null and b/documentation/images/admin/sites_management_options.en.png differ
diff --git a/documentation/images/admin/sites_management_options.es.png b/documentation/images/admin/sites_management_options.es.png
new file mode 100644
index 0000000000..480ec92a75
Binary files /dev/null and b/documentation/images/admin/sites_management_options.es.png differ
diff --git a/documentation/images/admin/sites_management_options.fr.png b/documentation/images/admin/sites_management_options.fr.png
new file mode 100644
index 0000000000..15ea5b524a
Binary files /dev/null and b/documentation/images/admin/sites_management_options.fr.png differ
diff --git a/documentation/images/admin/sites_management_options.it.png b/documentation/images/admin/sites_management_options.it.png
new file mode 100644
index 0000000000..0f3ddc736c
Binary files /dev/null and b/documentation/images/admin/sites_management_options.it.png differ
diff --git a/documentation/images/admin/sites_management_options.png b/documentation/images/admin/sites_management_options.png
deleted file mode 100644
index fc1fb93059..0000000000
Binary files a/documentation/images/admin/sites_management_options.png and /dev/null differ
diff --git a/documentation/images/admin/sites_management_options.ru.png b/documentation/images/admin/sites_management_options.ru.png
new file mode 100644
index 0000000000..d6c2fd2eac
Binary files /dev/null and b/documentation/images/admin/sites_management_options.ru.png differ
diff --git a/documentation/images/admin/sites_management_options.zh_CN.png b/documentation/images/admin/sites_management_options.zh_CN.png
new file mode 100644
index 0000000000..6f2abdf3c8
Binary files /dev/null and b/documentation/images/admin/sites_management_options.zh_CN.png differ
diff --git a/documentation/images/admin/sites_management_sites.de.png b/documentation/images/admin/sites_management_sites.de.png
new file mode 100644
index 0000000000..ce4c51fe19
Binary files /dev/null and b/documentation/images/admin/sites_management_sites.de.png differ
diff --git a/documentation/images/admin/sites_management_sites.en.png b/documentation/images/admin/sites_management_sites.en.png
new file mode 100644
index 0000000000..877f34d10c
Binary files /dev/null and b/documentation/images/admin/sites_management_sites.en.png differ
diff --git a/documentation/images/admin/sites_management_sites.es.png b/documentation/images/admin/sites_management_sites.es.png
new file mode 100644
index 0000000000..78fd37d906
Binary files /dev/null and b/documentation/images/admin/sites_management_sites.es.png differ
diff --git a/documentation/images/admin/sites_management_sites.fr.png b/documentation/images/admin/sites_management_sites.fr.png
new file mode 100644
index 0000000000..8a19171b53
Binary files /dev/null and b/documentation/images/admin/sites_management_sites.fr.png differ
diff --git a/documentation/images/admin/sites_management_sites.it.png b/documentation/images/admin/sites_management_sites.it.png
new file mode 100644
index 0000000000..66a29a3723
Binary files /dev/null and b/documentation/images/admin/sites_management_sites.it.png differ
diff --git a/documentation/images/admin/sites_management_sites.png b/documentation/images/admin/sites_management_sites.png
deleted file mode 100644
index 2846449490..0000000000
Binary files a/documentation/images/admin/sites_management_sites.png and /dev/null differ
diff --git a/documentation/images/admin/sites_management_sites.ru.png b/documentation/images/admin/sites_management_sites.ru.png
new file mode 100644
index 0000000000..fc16a2b89d
Binary files /dev/null and b/documentation/images/admin/sites_management_sites.ru.png differ
diff --git a/documentation/images/admin/sites_management_sites.zh_CN.png b/documentation/images/admin/sites_management_sites.zh_CN.png
new file mode 100644
index 0000000000..ed28467790
Binary files /dev/null and b/documentation/images/admin/sites_management_sites.zh_CN.png differ
diff --git a/documentation/images/admin/tor.de.png b/documentation/images/admin/tor.de.png
new file mode 100644
index 0000000000..9b6b515d5c
Binary files /dev/null and b/documentation/images/admin/tor.de.png differ
diff --git a/documentation/images/admin/tor.en.png b/documentation/images/admin/tor.en.png
new file mode 100644
index 0000000000..46f3513d70
Binary files /dev/null and b/documentation/images/admin/tor.en.png differ
diff --git a/documentation/images/admin/tor.es.png b/documentation/images/admin/tor.es.png
new file mode 100644
index 0000000000..840efa43aa
Binary files /dev/null and b/documentation/images/admin/tor.es.png differ
diff --git a/documentation/images/admin/tor.fr.png b/documentation/images/admin/tor.fr.png
new file mode 100644
index 0000000000..f96e02e289
Binary files /dev/null and b/documentation/images/admin/tor.fr.png differ
diff --git a/documentation/images/admin/tor.it.png b/documentation/images/admin/tor.it.png
new file mode 100644
index 0000000000..26637c891c
Binary files /dev/null and b/documentation/images/admin/tor.it.png differ
diff --git a/documentation/images/admin/tor.png b/documentation/images/admin/tor.png
deleted file mode 100644
index 9dce3607e9..0000000000
Binary files a/documentation/images/admin/tor.png and /dev/null differ
diff --git a/documentation/images/admin/tor.ru.png b/documentation/images/admin/tor.ru.png
new file mode 100644
index 0000000000..712bafc4f7
Binary files /dev/null and b/documentation/images/admin/tor.ru.png differ
diff --git a/documentation/images/admin/tor.zh_CN.png b/documentation/images/admin/tor.zh_CN.png
new file mode 100644
index 0000000000..7599a72b88
Binary files /dev/null and b/documentation/images/admin/tor.zh_CN.png differ
diff --git a/documentation/images/admin/url_redirects.de.png b/documentation/images/admin/url_redirects.de.png
new file mode 100644
index 0000000000..d4fb49df0b
Binary files /dev/null and b/documentation/images/admin/url_redirects.de.png differ
diff --git a/documentation/images/admin/url_redirects.en.png b/documentation/images/admin/url_redirects.en.png
new file mode 100644
index 0000000000..f03f26931a
Binary files /dev/null and b/documentation/images/admin/url_redirects.en.png differ
diff --git a/documentation/images/admin/url_redirects.es.png b/documentation/images/admin/url_redirects.es.png
new file mode 100644
index 0000000000..6f7aa8ddfa
Binary files /dev/null and b/documentation/images/admin/url_redirects.es.png differ
diff --git a/documentation/images/admin/url_redirects.fr.png b/documentation/images/admin/url_redirects.fr.png
new file mode 100644
index 0000000000..891534bea4
Binary files /dev/null and b/documentation/images/admin/url_redirects.fr.png differ
diff --git a/documentation/images/admin/url_redirects.it.png b/documentation/images/admin/url_redirects.it.png
new file mode 100644
index 0000000000..b4fd979961
Binary files /dev/null and b/documentation/images/admin/url_redirects.it.png differ
diff --git a/documentation/images/admin/url_redirects.png b/documentation/images/admin/url_redirects.png
deleted file mode 100644
index 79c68fb697..0000000000
Binary files a/documentation/images/admin/url_redirects.png and /dev/null differ
diff --git a/documentation/images/admin/url_redirects.ru.png b/documentation/images/admin/url_redirects.ru.png
new file mode 100644
index 0000000000..37ec7cbbf8
Binary files /dev/null and b/documentation/images/admin/url_redirects.ru.png differ
diff --git a/documentation/images/admin/url_redirects.zh_CN.png b/documentation/images/admin/url_redirects.zh_CN.png
new file mode 100644
index 0000000000..7da12409a2
Binary files /dev/null and b/documentation/images/admin/url_redirects.zh_CN.png differ
diff --git a/documentation/images/admin/users.de.png b/documentation/images/admin/users.de.png
new file mode 100644
index 0000000000..422f150d0f
Binary files /dev/null and b/documentation/images/admin/users.de.png differ
diff --git a/documentation/images/admin/users.en.png b/documentation/images/admin/users.en.png
new file mode 100644
index 0000000000..76fffc369c
Binary files /dev/null and b/documentation/images/admin/users.en.png differ
diff --git a/documentation/images/admin/users.es.png b/documentation/images/admin/users.es.png
new file mode 100644
index 0000000000..21f20ed66f
Binary files /dev/null and b/documentation/images/admin/users.es.png differ
diff --git a/documentation/images/admin/users.fr.png b/documentation/images/admin/users.fr.png
new file mode 100644
index 0000000000..bd277e509d
Binary files /dev/null and b/documentation/images/admin/users.fr.png differ
diff --git a/documentation/images/admin/users.it.png b/documentation/images/admin/users.it.png
new file mode 100644
index 0000000000..fa3c7b9315
Binary files /dev/null and b/documentation/images/admin/users.it.png differ
diff --git a/documentation/images/admin/users.png b/documentation/images/admin/users.png
deleted file mode 100644
index 69bc253728..0000000000
Binary files a/documentation/images/admin/users.png and /dev/null differ
diff --git a/documentation/images/admin/users.ru.png b/documentation/images/admin/users.ru.png
new file mode 100644
index 0000000000..d72c04f1ef
Binary files /dev/null and b/documentation/images/admin/users.ru.png differ
diff --git a/documentation/images/admin/users.zh_CN.png b/documentation/images/admin/users.zh_CN.png
new file mode 100644
index 0000000000..232b1cd591
Binary files /dev/null and b/documentation/images/admin/users.zh_CN.png differ
diff --git a/documentation/images/admin/users_options.de.png b/documentation/images/admin/users_options.de.png
new file mode 100644
index 0000000000..26b4c1b934
Binary files /dev/null and b/documentation/images/admin/users_options.de.png differ
diff --git a/documentation/images/admin/users_options.en.png b/documentation/images/admin/users_options.en.png
new file mode 100644
index 0000000000..dbb137c55a
Binary files /dev/null and b/documentation/images/admin/users_options.en.png differ
diff --git a/documentation/images/admin/users_options.es.png b/documentation/images/admin/users_options.es.png
new file mode 100644
index 0000000000..ec84540e14
Binary files /dev/null and b/documentation/images/admin/users_options.es.png differ
diff --git a/documentation/images/admin/users_options.fr.png b/documentation/images/admin/users_options.fr.png
new file mode 100644
index 0000000000..4cedd781e5
Binary files /dev/null and b/documentation/images/admin/users_options.fr.png differ
diff --git a/documentation/images/admin/users_options.it.png b/documentation/images/admin/users_options.it.png
new file mode 100644
index 0000000000..268c1d02c7
Binary files /dev/null and b/documentation/images/admin/users_options.it.png differ
diff --git a/documentation/images/admin/users_options.png b/documentation/images/admin/users_options.png
deleted file mode 100644
index 2bf33656dc..0000000000
Binary files a/documentation/images/admin/users_options.png and /dev/null differ
diff --git a/documentation/images/admin/users_options.ru.png b/documentation/images/admin/users_options.ru.png
new file mode 100644
index 0000000000..1d066f1206
Binary files /dev/null and b/documentation/images/admin/users_options.ru.png differ
diff --git a/documentation/images/admin/users_options.zh_CN.png b/documentation/images/admin/users_options.zh_CN.png
new file mode 100644
index 0000000000..49367e5439
Binary files /dev/null and b/documentation/images/admin/users_options.zh_CN.png differ
diff --git a/documentation/images/analyst/home.de.png b/documentation/images/analyst/home.de.png
new file mode 100644
index 0000000000..5d7ee67076
Binary files /dev/null and b/documentation/images/analyst/home.de.png differ
diff --git a/documentation/images/analyst/home.en.png b/documentation/images/analyst/home.en.png
new file mode 100644
index 0000000000..7b5f4db656
Binary files /dev/null and b/documentation/images/analyst/home.en.png differ
diff --git a/documentation/images/analyst/home.es.png b/documentation/images/analyst/home.es.png
new file mode 100644
index 0000000000..69de8a2687
Binary files /dev/null and b/documentation/images/analyst/home.es.png differ
diff --git a/documentation/images/analyst/home.fr.png b/documentation/images/analyst/home.fr.png
new file mode 100644
index 0000000000..41507ac03a
Binary files /dev/null and b/documentation/images/analyst/home.fr.png differ
diff --git a/documentation/images/analyst/home.it.png b/documentation/images/analyst/home.it.png
new file mode 100644
index 0000000000..488fefad0c
Binary files /dev/null and b/documentation/images/analyst/home.it.png differ
diff --git a/documentation/images/analyst/home.ru.png b/documentation/images/analyst/home.ru.png
new file mode 100644
index 0000000000..753ba120f1
Binary files /dev/null and b/documentation/images/analyst/home.ru.png differ
diff --git a/documentation/images/analyst/home.zh_CN.png b/documentation/images/analyst/home.zh_CN.png
new file mode 100644
index 0000000000..524e871b2c
Binary files /dev/null and b/documentation/images/analyst/home.zh_CN.png differ
diff --git a/documentation/images/analyst/statistics.de.png b/documentation/images/analyst/statistics.de.png
new file mode 100644
index 0000000000..c01558e353
Binary files /dev/null and b/documentation/images/analyst/statistics.de.png differ
diff --git a/documentation/images/analyst/statistics.en.png b/documentation/images/analyst/statistics.en.png
new file mode 100644
index 0000000000..4555e984fa
Binary files /dev/null and b/documentation/images/analyst/statistics.en.png differ
diff --git a/documentation/images/analyst/statistics.es.png b/documentation/images/analyst/statistics.es.png
new file mode 100644
index 0000000000..ee272b0933
Binary files /dev/null and b/documentation/images/analyst/statistics.es.png differ
diff --git a/documentation/images/analyst/statistics.fr.png b/documentation/images/analyst/statistics.fr.png
new file mode 100644
index 0000000000..18aa4827c9
Binary files /dev/null and b/documentation/images/analyst/statistics.fr.png differ
diff --git a/documentation/images/analyst/statistics.it.png b/documentation/images/analyst/statistics.it.png
new file mode 100644
index 0000000000..51536ead6d
Binary files /dev/null and b/documentation/images/analyst/statistics.it.png differ
diff --git a/documentation/images/analyst/statistics.png b/documentation/images/analyst/statistics.png
deleted file mode 100644
index a642665757..0000000000
Binary files a/documentation/images/analyst/statistics.png and /dev/null differ
diff --git a/documentation/images/analyst/statistics.ru.png b/documentation/images/analyst/statistics.ru.png
new file mode 100644
index 0000000000..8add21da66
Binary files /dev/null and b/documentation/images/analyst/statistics.ru.png differ
diff --git a/documentation/images/analyst/statistics.zh_CN.png b/documentation/images/analyst/statistics.zh_CN.png
new file mode 100644
index 0000000000..79b2d3f238
Binary files /dev/null and b/documentation/images/analyst/statistics.zh_CN.png differ
diff --git a/documentation/images/custodian/home.de.png b/documentation/images/custodian/home.de.png
new file mode 100644
index 0000000000..f7355ce2b8
Binary files /dev/null and b/documentation/images/custodian/home.de.png differ
diff --git a/documentation/images/custodian/home.en.png b/documentation/images/custodian/home.en.png
new file mode 100644
index 0000000000..842bc9ea68
Binary files /dev/null and b/documentation/images/custodian/home.en.png differ
diff --git a/documentation/images/custodian/home.es.png b/documentation/images/custodian/home.es.png
new file mode 100644
index 0000000000..477fc9642c
Binary files /dev/null and b/documentation/images/custodian/home.es.png differ
diff --git a/documentation/images/custodian/home.fr.png b/documentation/images/custodian/home.fr.png
new file mode 100644
index 0000000000..e9ae0447c5
Binary files /dev/null and b/documentation/images/custodian/home.fr.png differ
diff --git a/documentation/images/custodian/home.it.png b/documentation/images/custodian/home.it.png
new file mode 100644
index 0000000000..25b8c7fbb3
Binary files /dev/null and b/documentation/images/custodian/home.it.png differ
diff --git a/documentation/images/custodian/home.ru.png b/documentation/images/custodian/home.ru.png
new file mode 100644
index 0000000000..fb803a5d67
Binary files /dev/null and b/documentation/images/custodian/home.ru.png differ
diff --git a/documentation/images/custodian/home.zh_CN.png b/documentation/images/custodian/home.zh_CN.png
new file mode 100644
index 0000000000..f9b012221d
Binary files /dev/null and b/documentation/images/custodian/home.zh_CN.png differ
diff --git a/documentation/images/custodian/requests.de.png b/documentation/images/custodian/requests.de.png
new file mode 100644
index 0000000000..8bc8a2a290
Binary files /dev/null and b/documentation/images/custodian/requests.de.png differ
diff --git a/documentation/images/custodian/requests.en.png b/documentation/images/custodian/requests.en.png
new file mode 100644
index 0000000000..0a3978de3b
Binary files /dev/null and b/documentation/images/custodian/requests.en.png differ
diff --git a/documentation/images/custodian/requests.es.png b/documentation/images/custodian/requests.es.png
new file mode 100644
index 0000000000..a910a05c00
Binary files /dev/null and b/documentation/images/custodian/requests.es.png differ
diff --git a/documentation/images/custodian/requests.fr.png b/documentation/images/custodian/requests.fr.png
new file mode 100644
index 0000000000..9ca639bcb9
Binary files /dev/null and b/documentation/images/custodian/requests.fr.png differ
diff --git a/documentation/images/custodian/requests.it.png b/documentation/images/custodian/requests.it.png
new file mode 100644
index 0000000000..f7986c418c
Binary files /dev/null and b/documentation/images/custodian/requests.it.png differ
diff --git a/documentation/images/custodian/requests.png b/documentation/images/custodian/requests.png
deleted file mode 100644
index 714a03d04b..0000000000
Binary files a/documentation/images/custodian/requests.png and /dev/null differ
diff --git a/documentation/images/custodian/requests.ru.png b/documentation/images/custodian/requests.ru.png
new file mode 100644
index 0000000000..664c5e72c0
Binary files /dev/null and b/documentation/images/custodian/requests.ru.png differ
diff --git a/documentation/images/custodian/requests.zh_CN.png b/documentation/images/custodian/requests.zh_CN.png
new file mode 100644
index 0000000000..a07e59db87
Binary files /dev/null and b/documentation/images/custodian/requests.zh_CN.png differ
diff --git a/documentation/images/recipient/home.de.png b/documentation/images/recipient/home.de.png
new file mode 100644
index 0000000000..45dbdb0d1a
Binary files /dev/null and b/documentation/images/recipient/home.de.png differ
diff --git a/documentation/images/recipient/home.en.png b/documentation/images/recipient/home.en.png
new file mode 100644
index 0000000000..a87ef16dc4
Binary files /dev/null and b/documentation/images/recipient/home.en.png differ
diff --git a/documentation/images/recipient/home.es.png b/documentation/images/recipient/home.es.png
new file mode 100644
index 0000000000..792bbe8bf4
Binary files /dev/null and b/documentation/images/recipient/home.es.png differ
diff --git a/documentation/images/recipient/home.fr.png b/documentation/images/recipient/home.fr.png
new file mode 100644
index 0000000000..925a7c2d9c
Binary files /dev/null and b/documentation/images/recipient/home.fr.png differ
diff --git a/documentation/images/recipient/home.it.png b/documentation/images/recipient/home.it.png
new file mode 100644
index 0000000000..eaa3440c13
Binary files /dev/null and b/documentation/images/recipient/home.it.png differ
diff --git a/documentation/images/recipient/home.png b/documentation/images/recipient/home.png
deleted file mode 100644
index 5aa2cc69f1..0000000000
Binary files a/documentation/images/recipient/home.png and /dev/null differ
diff --git a/documentation/images/recipient/home.ru.png b/documentation/images/recipient/home.ru.png
new file mode 100644
index 0000000000..11d190f8e4
Binary files /dev/null and b/documentation/images/recipient/home.ru.png differ
diff --git a/documentation/images/recipient/home.zh_CN.png b/documentation/images/recipient/home.zh_CN.png
new file mode 100644
index 0000000000..39b13af33f
Binary files /dev/null and b/documentation/images/recipient/home.zh_CN.png differ
diff --git a/documentation/images/recipient/masking-popup.de.png b/documentation/images/recipient/masking-popup.de.png
new file mode 100644
index 0000000000..a3e2dfffbf
Binary files /dev/null and b/documentation/images/recipient/masking-popup.de.png differ
diff --git a/documentation/images/recipient/masking-popup.en.png b/documentation/images/recipient/masking-popup.en.png
new file mode 100644
index 0000000000..b458ab6efa
Binary files /dev/null and b/documentation/images/recipient/masking-popup.en.png differ
diff --git a/documentation/images/recipient/masking-popup.es.png b/documentation/images/recipient/masking-popup.es.png
new file mode 100644
index 0000000000..4e0a5278bc
Binary files /dev/null and b/documentation/images/recipient/masking-popup.es.png differ
diff --git a/documentation/images/recipient/masking-popup.fr.png b/documentation/images/recipient/masking-popup.fr.png
new file mode 100644
index 0000000000..ca03683e00
Binary files /dev/null and b/documentation/images/recipient/masking-popup.fr.png differ
diff --git a/documentation/images/recipient/masking-popup.it.png b/documentation/images/recipient/masking-popup.it.png
new file mode 100644
index 0000000000..f45b896e0c
Binary files /dev/null and b/documentation/images/recipient/masking-popup.it.png differ
diff --git a/documentation/images/recipient/masking-popup.ru.png b/documentation/images/recipient/masking-popup.ru.png
new file mode 100644
index 0000000000..256e59fe78
Binary files /dev/null and b/documentation/images/recipient/masking-popup.ru.png differ
diff --git a/documentation/images/recipient/masking-popup.zh_CN.png b/documentation/images/recipient/masking-popup.zh_CN.png
new file mode 100644
index 0000000000..8b8f6fe798
Binary files /dev/null and b/documentation/images/recipient/masking-popup.zh_CN.png differ
diff --git a/documentation/images/recipient/report.de.png b/documentation/images/recipient/report.de.png
new file mode 100644
index 0000000000..77a0180512
Binary files /dev/null and b/documentation/images/recipient/report.de.png differ
diff --git a/documentation/images/recipient/report.en.png b/documentation/images/recipient/report.en.png
new file mode 100644
index 0000000000..9d74edbfbe
Binary files /dev/null and b/documentation/images/recipient/report.en.png differ
diff --git a/documentation/images/recipient/report.es.png b/documentation/images/recipient/report.es.png
new file mode 100644
index 0000000000..18116c1e2a
Binary files /dev/null and b/documentation/images/recipient/report.es.png differ
diff --git a/documentation/images/recipient/report.fr.png b/documentation/images/recipient/report.fr.png
new file mode 100644
index 0000000000..8b4ea24931
Binary files /dev/null and b/documentation/images/recipient/report.fr.png differ
diff --git a/documentation/images/recipient/report.it.png b/documentation/images/recipient/report.it.png
new file mode 100644
index 0000000000..ed02f1d45f
Binary files /dev/null and b/documentation/images/recipient/report.it.png differ
diff --git a/documentation/images/recipient/report.png b/documentation/images/recipient/report.png
deleted file mode 100644
index a4b36c8f8b..0000000000
Binary files a/documentation/images/recipient/report.png and /dev/null differ
diff --git a/documentation/images/recipient/report.ru.png b/documentation/images/recipient/report.ru.png
new file mode 100644
index 0000000000..a68b2e16b8
Binary files /dev/null and b/documentation/images/recipient/report.ru.png differ
diff --git a/documentation/images/recipient/report.zh_CN.png b/documentation/images/recipient/report.zh_CN.png
new file mode 100644
index 0000000000..e77eb84577
Binary files /dev/null and b/documentation/images/recipient/report.zh_CN.png differ
diff --git a/documentation/images/recipient/reports.de.png b/documentation/images/recipient/reports.de.png
new file mode 100644
index 0000000000..37f5c60a1a
Binary files /dev/null and b/documentation/images/recipient/reports.de.png differ
diff --git a/documentation/images/recipient/reports.en.png b/documentation/images/recipient/reports.en.png
new file mode 100644
index 0000000000..0eb7808ea9
Binary files /dev/null and b/documentation/images/recipient/reports.en.png differ
diff --git a/documentation/images/recipient/reports.es.png b/documentation/images/recipient/reports.es.png
new file mode 100644
index 0000000000..20059c4e37
Binary files /dev/null and b/documentation/images/recipient/reports.es.png differ
diff --git a/documentation/images/recipient/reports.fr.png b/documentation/images/recipient/reports.fr.png
new file mode 100644
index 0000000000..7d283fe98e
Binary files /dev/null and b/documentation/images/recipient/reports.fr.png differ
diff --git a/documentation/images/recipient/reports.it.png b/documentation/images/recipient/reports.it.png
new file mode 100644
index 0000000000..6c5cb366df
Binary files /dev/null and b/documentation/images/recipient/reports.it.png differ
diff --git a/documentation/images/recipient/reports.png b/documentation/images/recipient/reports.png
deleted file mode 100644
index 6e76a59889..0000000000
Binary files a/documentation/images/recipient/reports.png and /dev/null differ
diff --git a/documentation/images/recipient/reports.ru.png b/documentation/images/recipient/reports.ru.png
new file mode 100644
index 0000000000..82a87982c2
Binary files /dev/null and b/documentation/images/recipient/reports.ru.png differ
diff --git a/documentation/images/recipient/reports.zh_CN.png b/documentation/images/recipient/reports.zh_CN.png
new file mode 100644
index 0000000000..24b9d2e872
Binary files /dev/null and b/documentation/images/recipient/reports.zh_CN.png differ
diff --git a/documentation/images/recipient/settings.de.png b/documentation/images/recipient/settings.de.png
new file mode 100644
index 0000000000..2da06fe4c0
Binary files /dev/null and b/documentation/images/recipient/settings.de.png differ
diff --git a/documentation/images/recipient/settings.en.png b/documentation/images/recipient/settings.en.png
new file mode 100644
index 0000000000..87d347ccb6
Binary files /dev/null and b/documentation/images/recipient/settings.en.png differ
diff --git a/documentation/images/recipient/settings.es.png b/documentation/images/recipient/settings.es.png
new file mode 100644
index 0000000000..bf675d2e79
Binary files /dev/null and b/documentation/images/recipient/settings.es.png differ
diff --git a/documentation/images/recipient/settings.fr.png b/documentation/images/recipient/settings.fr.png
new file mode 100644
index 0000000000..a98d4a37ae
Binary files /dev/null and b/documentation/images/recipient/settings.fr.png differ
diff --git a/documentation/images/recipient/settings.it.png b/documentation/images/recipient/settings.it.png
new file mode 100644
index 0000000000..abb036fd82
Binary files /dev/null and b/documentation/images/recipient/settings.it.png differ
diff --git a/documentation/images/recipient/settings.ru.png b/documentation/images/recipient/settings.ru.png
new file mode 100644
index 0000000000..f315987a58
Binary files /dev/null and b/documentation/images/recipient/settings.ru.png differ
diff --git a/documentation/images/recipient/settings.zh_CN.png b/documentation/images/recipient/settings.zh_CN.png
new file mode 100644
index 0000000000..94c22e65e7
Binary files /dev/null and b/documentation/images/recipient/settings.zh_CN.png differ
diff --git a/documentation/images/user/2fa.de.png b/documentation/images/user/2fa.de.png
new file mode 100644
index 0000000000..2e421c0152
Binary files /dev/null and b/documentation/images/user/2fa.de.png differ
diff --git a/documentation/images/user/2fa.en.png b/documentation/images/user/2fa.en.png
new file mode 100644
index 0000000000..a52ed8c0dc
Binary files /dev/null and b/documentation/images/user/2fa.en.png differ
diff --git a/documentation/images/user/2fa.es.png b/documentation/images/user/2fa.es.png
new file mode 100644
index 0000000000..3c9d975fa2
Binary files /dev/null and b/documentation/images/user/2fa.es.png differ
diff --git a/documentation/images/user/2fa.fr.png b/documentation/images/user/2fa.fr.png
new file mode 100644
index 0000000000..99396f01d3
Binary files /dev/null and b/documentation/images/user/2fa.fr.png differ
diff --git a/documentation/images/user/2fa.it.png b/documentation/images/user/2fa.it.png
new file mode 100644
index 0000000000..26240d0ffe
Binary files /dev/null and b/documentation/images/user/2fa.it.png differ
diff --git a/documentation/images/user/2fa.png b/documentation/images/user/2fa.png
deleted file mode 100644
index c49c45c635..0000000000
Binary files a/documentation/images/user/2fa.png and /dev/null differ
diff --git a/documentation/images/user/2fa.ru.png b/documentation/images/user/2fa.ru.png
new file mode 100644
index 0000000000..d4c483f301
Binary files /dev/null and b/documentation/images/user/2fa.ru.png differ
diff --git a/documentation/images/user/2fa.zh_CN.png b/documentation/images/user/2fa.zh_CN.png
new file mode 100644
index 0000000000..5e585c1579
Binary files /dev/null and b/documentation/images/user/2fa.zh_CN.png differ
diff --git a/documentation/images/user/login.de.png b/documentation/images/user/login.de.png
new file mode 100644
index 0000000000..dba0d3597a
Binary files /dev/null and b/documentation/images/user/login.de.png differ
diff --git a/documentation/images/user/login.en.png b/documentation/images/user/login.en.png
new file mode 100644
index 0000000000..e2a9355fd7
Binary files /dev/null and b/documentation/images/user/login.en.png differ
diff --git a/documentation/images/user/login.es.png b/documentation/images/user/login.es.png
new file mode 100644
index 0000000000..4b82c0cc63
Binary files /dev/null and b/documentation/images/user/login.es.png differ
diff --git a/documentation/images/user/login.fr.png b/documentation/images/user/login.fr.png
new file mode 100644
index 0000000000..49180b3883
Binary files /dev/null and b/documentation/images/user/login.fr.png differ
diff --git a/documentation/images/user/login.it.png b/documentation/images/user/login.it.png
new file mode 100644
index 0000000000..0afd27f798
Binary files /dev/null and b/documentation/images/user/login.it.png differ
diff --git a/documentation/images/user/login.png b/documentation/images/user/login.png
deleted file mode 100644
index 27af818ebb..0000000000
Binary files a/documentation/images/user/login.png and /dev/null differ
diff --git a/documentation/images/user/login.ru.png b/documentation/images/user/login.ru.png
new file mode 100644
index 0000000000..f0aebef41e
Binary files /dev/null and b/documentation/images/user/login.ru.png differ
diff --git a/documentation/images/user/login.zh_CN.png b/documentation/images/user/login.zh_CN.png
new file mode 100644
index 0000000000..a7b9e2d819
Binary files /dev/null and b/documentation/images/user/login.zh_CN.png differ
diff --git a/documentation/images/user/password.de.png b/documentation/images/user/password.de.png
new file mode 100644
index 0000000000..4914474c27
Binary files /dev/null and b/documentation/images/user/password.de.png differ
diff --git a/documentation/images/user/password.en.png b/documentation/images/user/password.en.png
new file mode 100644
index 0000000000..e4fdddb14b
Binary files /dev/null and b/documentation/images/user/password.en.png differ
diff --git a/documentation/images/user/password.es.png b/documentation/images/user/password.es.png
new file mode 100644
index 0000000000..9fc722305d
Binary files /dev/null and b/documentation/images/user/password.es.png differ
diff --git a/documentation/images/user/password.fr.png b/documentation/images/user/password.fr.png
new file mode 100644
index 0000000000..9e03057aa7
Binary files /dev/null and b/documentation/images/user/password.fr.png differ
diff --git a/documentation/images/user/password.it.png b/documentation/images/user/password.it.png
new file mode 100644
index 0000000000..43d56e7350
Binary files /dev/null and b/documentation/images/user/password.it.png differ
diff --git a/documentation/images/user/password.png b/documentation/images/user/password.png
deleted file mode 100644
index d269b2123b..0000000000
Binary files a/documentation/images/user/password.png and /dev/null differ
diff --git a/documentation/images/user/password.ru.png b/documentation/images/user/password.ru.png
new file mode 100644
index 0000000000..bc9991365c
Binary files /dev/null and b/documentation/images/user/password.ru.png differ
diff --git a/documentation/images/user/password.zh_CN.png b/documentation/images/user/password.zh_CN.png
new file mode 100644
index 0000000000..866741a790
Binary files /dev/null and b/documentation/images/user/password.zh_CN.png differ
diff --git a/documentation/images/user/password_reset_1.de.png b/documentation/images/user/password_reset_1.de.png
new file mode 100644
index 0000000000..6ef1bd54b6
Binary files /dev/null and b/documentation/images/user/password_reset_1.de.png differ
diff --git a/documentation/images/user/password_reset_1.en.png b/documentation/images/user/password_reset_1.en.png
new file mode 100644
index 0000000000..72ecb4e23e
Binary files /dev/null and b/documentation/images/user/password_reset_1.en.png differ
diff --git a/documentation/images/user/password_reset_1.es.png b/documentation/images/user/password_reset_1.es.png
new file mode 100644
index 0000000000..71efacd897
Binary files /dev/null and b/documentation/images/user/password_reset_1.es.png differ
diff --git a/documentation/images/user/password_reset_1.fr.png b/documentation/images/user/password_reset_1.fr.png
new file mode 100644
index 0000000000..cf4f753b95
Binary files /dev/null and b/documentation/images/user/password_reset_1.fr.png differ
diff --git a/documentation/images/user/password_reset_1.it.png b/documentation/images/user/password_reset_1.it.png
new file mode 100644
index 0000000000..45658dca15
Binary files /dev/null and b/documentation/images/user/password_reset_1.it.png differ
diff --git a/documentation/images/user/password_reset_1.png b/documentation/images/user/password_reset_1.png
deleted file mode 100644
index e9e9119a3b..0000000000
Binary files a/documentation/images/user/password_reset_1.png and /dev/null differ
diff --git a/documentation/images/user/password_reset_1.ru.png b/documentation/images/user/password_reset_1.ru.png
new file mode 100644
index 0000000000..45ec2cc2d4
Binary files /dev/null and b/documentation/images/user/password_reset_1.ru.png differ
diff --git a/documentation/images/user/password_reset_1.zh_CN.png b/documentation/images/user/password_reset_1.zh_CN.png
new file mode 100644
index 0000000000..c72d209049
Binary files /dev/null and b/documentation/images/user/password_reset_1.zh_CN.png differ
diff --git a/documentation/images/user/password_reset_2.de.png b/documentation/images/user/password_reset_2.de.png
new file mode 100644
index 0000000000..092833c73e
Binary files /dev/null and b/documentation/images/user/password_reset_2.de.png differ
diff --git a/documentation/images/user/password_reset_2.en.png b/documentation/images/user/password_reset_2.en.png
new file mode 100644
index 0000000000..66708910a2
Binary files /dev/null and b/documentation/images/user/password_reset_2.en.png differ
diff --git a/documentation/images/user/password_reset_2.es.png b/documentation/images/user/password_reset_2.es.png
new file mode 100644
index 0000000000..fe8741869e
Binary files /dev/null and b/documentation/images/user/password_reset_2.es.png differ
diff --git a/documentation/images/user/password_reset_2.fr.png b/documentation/images/user/password_reset_2.fr.png
new file mode 100644
index 0000000000..58c641dbf0
Binary files /dev/null and b/documentation/images/user/password_reset_2.fr.png differ
diff --git a/documentation/images/user/password_reset_2.it.png b/documentation/images/user/password_reset_2.it.png
new file mode 100644
index 0000000000..0e5ac7bbcc
Binary files /dev/null and b/documentation/images/user/password_reset_2.it.png differ
diff --git a/documentation/images/user/password_reset_2.png b/documentation/images/user/password_reset_2.png
deleted file mode 100644
index 3158ac5218..0000000000
Binary files a/documentation/images/user/password_reset_2.png and /dev/null differ
diff --git a/documentation/images/user/password_reset_2.ru.png b/documentation/images/user/password_reset_2.ru.png
new file mode 100644
index 0000000000..b05c4b6ad6
Binary files /dev/null and b/documentation/images/user/password_reset_2.ru.png differ
diff --git a/documentation/images/user/password_reset_2.zh_CN.png b/documentation/images/user/password_reset_2.zh_CN.png
new file mode 100644
index 0000000000..00b0c6f4d8
Binary files /dev/null and b/documentation/images/user/password_reset_2.zh_CN.png differ
diff --git a/documentation/images/user/preferences.de.png b/documentation/images/user/preferences.de.png
new file mode 100644
index 0000000000..5e564bbd5e
Binary files /dev/null and b/documentation/images/user/preferences.de.png differ
diff --git a/documentation/images/user/preferences.en.png b/documentation/images/user/preferences.en.png
new file mode 100644
index 0000000000..60b7b1e526
Binary files /dev/null and b/documentation/images/user/preferences.en.png differ
diff --git a/documentation/images/user/preferences.es.png b/documentation/images/user/preferences.es.png
new file mode 100644
index 0000000000..5b144aea76
Binary files /dev/null and b/documentation/images/user/preferences.es.png differ
diff --git a/documentation/images/user/preferences.fr.png b/documentation/images/user/preferences.fr.png
new file mode 100644
index 0000000000..c870dd35ef
Binary files /dev/null and b/documentation/images/user/preferences.fr.png differ
diff --git a/documentation/images/user/preferences.it.png b/documentation/images/user/preferences.it.png
new file mode 100644
index 0000000000..81009d8a69
Binary files /dev/null and b/documentation/images/user/preferences.it.png differ
diff --git a/documentation/images/user/preferences.png b/documentation/images/user/preferences.png
deleted file mode 100644
index 68208beb00..0000000000
Binary files a/documentation/images/user/preferences.png and /dev/null differ
diff --git a/documentation/images/user/preferences.ru.png b/documentation/images/user/preferences.ru.png
new file mode 100644
index 0000000000..48d188390c
Binary files /dev/null and b/documentation/images/user/preferences.ru.png differ
diff --git a/documentation/images/user/preferences.zh_CN.png b/documentation/images/user/preferences.zh_CN.png
new file mode 100644
index 0000000000..b51900d018
Binary files /dev/null and b/documentation/images/user/preferences.zh_CN.png differ
diff --git a/documentation/images/user/recoverykey.de.png b/documentation/images/user/recoverykey.de.png
new file mode 100644
index 0000000000..91d7c7c47a
Binary files /dev/null and b/documentation/images/user/recoverykey.de.png differ
diff --git a/documentation/images/user/recoverykey.en.png b/documentation/images/user/recoverykey.en.png
new file mode 100644
index 0000000000..5defbbad69
Binary files /dev/null and b/documentation/images/user/recoverykey.en.png differ
diff --git a/documentation/images/user/recoverykey.es.png b/documentation/images/user/recoverykey.es.png
new file mode 100644
index 0000000000..a942603440
Binary files /dev/null and b/documentation/images/user/recoverykey.es.png differ
diff --git a/documentation/images/user/recoverykey.fr.png b/documentation/images/user/recoverykey.fr.png
new file mode 100644
index 0000000000..c9df441829
Binary files /dev/null and b/documentation/images/user/recoverykey.fr.png differ
diff --git a/documentation/images/user/recoverykey.it.png b/documentation/images/user/recoverykey.it.png
new file mode 100644
index 0000000000..2df81b3577
Binary files /dev/null and b/documentation/images/user/recoverykey.it.png differ
diff --git a/documentation/images/user/recoverykey.png b/documentation/images/user/recoverykey.png
deleted file mode 100644
index d4cbbdf623..0000000000
Binary files a/documentation/images/user/recoverykey.png and /dev/null differ
diff --git a/documentation/images/user/recoverykey.ru.png b/documentation/images/user/recoverykey.ru.png
new file mode 100644
index 0000000000..5c2e2c28bd
Binary files /dev/null and b/documentation/images/user/recoverykey.ru.png differ
diff --git a/documentation/images/user/recoverykey.zh_CN.png b/documentation/images/user/recoverykey.zh_CN.png
new file mode 100644
index 0000000000..baf2972f63
Binary files /dev/null and b/documentation/images/user/recoverykey.zh_CN.png differ
diff --git a/documentation/images/whistleblower/home.de.png b/documentation/images/whistleblower/home.de.png
new file mode 100644
index 0000000000..c6b52eea3d
Binary files /dev/null and b/documentation/images/whistleblower/home.de.png differ
diff --git a/documentation/images/whistleblower/home.en.png b/documentation/images/whistleblower/home.en.png
new file mode 100644
index 0000000000..cacec54cee
Binary files /dev/null and b/documentation/images/whistleblower/home.en.png differ
diff --git a/documentation/images/whistleblower/home.es.png b/documentation/images/whistleblower/home.es.png
new file mode 100644
index 0000000000..5d5771c522
Binary files /dev/null and b/documentation/images/whistleblower/home.es.png differ
diff --git a/documentation/images/whistleblower/home.fr.png b/documentation/images/whistleblower/home.fr.png
new file mode 100644
index 0000000000..66dae411e2
Binary files /dev/null and b/documentation/images/whistleblower/home.fr.png differ
diff --git a/documentation/images/whistleblower/home.it.png b/documentation/images/whistleblower/home.it.png
new file mode 100644
index 0000000000..20325a5d01
Binary files /dev/null and b/documentation/images/whistleblower/home.it.png differ
diff --git a/documentation/images/whistleblower/home.png b/documentation/images/whistleblower/home.png
deleted file mode 100644
index c26f758634..0000000000
Binary files a/documentation/images/whistleblower/home.png and /dev/null differ
diff --git a/documentation/images/whistleblower/home.ru.png b/documentation/images/whistleblower/home.ru.png
new file mode 100644
index 0000000000..a7745b36c5
Binary files /dev/null and b/documentation/images/whistleblower/home.ru.png differ
diff --git a/documentation/images/whistleblower/home.zh_CN.png b/documentation/images/whistleblower/home.zh_CN.png
new file mode 100644
index 0000000000..862382c6a3
Binary files /dev/null and b/documentation/images/whistleblower/home.zh_CN.png differ
diff --git a/documentation/images/whistleblower/receipt.de.png b/documentation/images/whistleblower/receipt.de.png
new file mode 100644
index 0000000000..351821b500
Binary files /dev/null and b/documentation/images/whistleblower/receipt.de.png differ
diff --git a/documentation/images/whistleblower/receipt.en.png b/documentation/images/whistleblower/receipt.en.png
new file mode 100644
index 0000000000..4d2bff52fd
Binary files /dev/null and b/documentation/images/whistleblower/receipt.en.png differ
diff --git a/documentation/images/whistleblower/receipt.es.png b/documentation/images/whistleblower/receipt.es.png
new file mode 100644
index 0000000000..4d61d47f83
Binary files /dev/null and b/documentation/images/whistleblower/receipt.es.png differ
diff --git a/documentation/images/whistleblower/receipt.fr.png b/documentation/images/whistleblower/receipt.fr.png
new file mode 100644
index 0000000000..accbeaa471
Binary files /dev/null and b/documentation/images/whistleblower/receipt.fr.png differ
diff --git a/documentation/images/whistleblower/receipt.it.png b/documentation/images/whistleblower/receipt.it.png
new file mode 100644
index 0000000000..97ae9099e4
Binary files /dev/null and b/documentation/images/whistleblower/receipt.it.png differ
diff --git a/documentation/images/whistleblower/receipt.png b/documentation/images/whistleblower/receipt.png
deleted file mode 100644
index 60748109fb..0000000000
Binary files a/documentation/images/whistleblower/receipt.png and /dev/null differ
diff --git a/documentation/images/whistleblower/receipt.ru.png b/documentation/images/whistleblower/receipt.ru.png
new file mode 100644
index 0000000000..03ab610580
Binary files /dev/null and b/documentation/images/whistleblower/receipt.ru.png differ
diff --git a/documentation/images/whistleblower/receipt.zh_CN.png b/documentation/images/whistleblower/receipt.zh_CN.png
new file mode 100644
index 0000000000..1ca9fc96ed
Binary files /dev/null and b/documentation/images/whistleblower/receipt.zh_CN.png differ
diff --git a/documentation/images/whistleblower/report.de.png b/documentation/images/whistleblower/report.de.png
new file mode 100644
index 0000000000..3a533f8f6c
Binary files /dev/null and b/documentation/images/whistleblower/report.de.png differ
diff --git a/documentation/images/whistleblower/report.en.png b/documentation/images/whistleblower/report.en.png
new file mode 100644
index 0000000000..4e4cdee21b
Binary files /dev/null and b/documentation/images/whistleblower/report.en.png differ
diff --git a/documentation/images/whistleblower/report.es.png b/documentation/images/whistleblower/report.es.png
new file mode 100644
index 0000000000..71d98bfdf4
Binary files /dev/null and b/documentation/images/whistleblower/report.es.png differ
diff --git a/documentation/images/whistleblower/report.fr.png b/documentation/images/whistleblower/report.fr.png
new file mode 100644
index 0000000000..735cd37571
Binary files /dev/null and b/documentation/images/whistleblower/report.fr.png differ
diff --git a/documentation/images/whistleblower/report.it.png b/documentation/images/whistleblower/report.it.png
new file mode 100644
index 0000000000..7468f33345
Binary files /dev/null and b/documentation/images/whistleblower/report.it.png differ
diff --git a/documentation/images/whistleblower/report.png b/documentation/images/whistleblower/report.png
deleted file mode 100644
index d4d9656de4..0000000000
Binary files a/documentation/images/whistleblower/report.png and /dev/null differ
diff --git a/documentation/images/whistleblower/report.ru.png b/documentation/images/whistleblower/report.ru.png
new file mode 100644
index 0000000000..353c2814eb
Binary files /dev/null and b/documentation/images/whistleblower/report.ru.png differ
diff --git a/documentation/images/whistleblower/report.zh_CN.png b/documentation/images/whistleblower/report.zh_CN.png
new file mode 100644
index 0000000000..96c8d20e3d
Binary files /dev/null and b/documentation/images/whistleblower/report.zh_CN.png differ
diff --git a/documentation/images/whistleblower/submission.de.png b/documentation/images/whistleblower/submission.de.png
new file mode 100644
index 0000000000..aa3f48188e
Binary files /dev/null and b/documentation/images/whistleblower/submission.de.png differ
diff --git a/documentation/images/whistleblower/submission.en.png b/documentation/images/whistleblower/submission.en.png
new file mode 100644
index 0000000000..3267f576dc
Binary files /dev/null and b/documentation/images/whistleblower/submission.en.png differ
diff --git a/documentation/images/whistleblower/submission.es.png b/documentation/images/whistleblower/submission.es.png
new file mode 100644
index 0000000000..48867d4b2b
Binary files /dev/null and b/documentation/images/whistleblower/submission.es.png differ
diff --git a/documentation/images/whistleblower/submission.fr.png b/documentation/images/whistleblower/submission.fr.png
new file mode 100644
index 0000000000..30c50e9b47
Binary files /dev/null and b/documentation/images/whistleblower/submission.fr.png differ
diff --git a/documentation/images/whistleblower/submission.it.png b/documentation/images/whistleblower/submission.it.png
new file mode 100644
index 0000000000..1e86a8eac4
Binary files /dev/null and b/documentation/images/whistleblower/submission.it.png differ
diff --git a/documentation/images/whistleblower/submission.png b/documentation/images/whistleblower/submission.png
deleted file mode 100644
index cd369e5bec..0000000000
Binary files a/documentation/images/whistleblower/submission.png and /dev/null differ
diff --git a/documentation/images/whistleblower/submission.ru.png b/documentation/images/whistleblower/submission.ru.png
new file mode 100644
index 0000000000..c6cd995229
Binary files /dev/null and b/documentation/images/whistleblower/submission.ru.png differ
diff --git a/documentation/images/whistleblower/submission.zh_CN.png b/documentation/images/whistleblower/submission.zh_CN.png
new file mode 100644
index 0000000000..a5328af388
Binary files /dev/null and b/documentation/images/whistleblower/submission.zh_CN.png differ
diff --git a/documentation/images/wizard/1.de.png b/documentation/images/wizard/1.de.png
new file mode 100644
index 0000000000..0023cd7373
Binary files /dev/null and b/documentation/images/wizard/1.de.png differ
diff --git a/documentation/images/wizard/1.en.png b/documentation/images/wizard/1.en.png
new file mode 100644
index 0000000000..356724f120
Binary files /dev/null and b/documentation/images/wizard/1.en.png differ
diff --git a/documentation/images/wizard/1.es.png b/documentation/images/wizard/1.es.png
new file mode 100644
index 0000000000..330fb00e36
Binary files /dev/null and b/documentation/images/wizard/1.es.png differ
diff --git a/documentation/images/wizard/1.fr.png b/documentation/images/wizard/1.fr.png
new file mode 100644
index 0000000000..3f2962b143
Binary files /dev/null and b/documentation/images/wizard/1.fr.png differ
diff --git a/documentation/images/wizard/1.it.png b/documentation/images/wizard/1.it.png
new file mode 100644
index 0000000000..966b9b7cc3
Binary files /dev/null and b/documentation/images/wizard/1.it.png differ
diff --git a/documentation/images/wizard/1.png b/documentation/images/wizard/1.png
deleted file mode 100644
index ba132eaa73..0000000000
Binary files a/documentation/images/wizard/1.png and /dev/null differ
diff --git a/documentation/images/wizard/1.ru.png b/documentation/images/wizard/1.ru.png
new file mode 100644
index 0000000000..5d9d1ca03c
Binary files /dev/null and b/documentation/images/wizard/1.ru.png differ
diff --git a/documentation/images/wizard/1.zh_CN.png b/documentation/images/wizard/1.zh_CN.png
new file mode 100644
index 0000000000..415717d1ef
Binary files /dev/null and b/documentation/images/wizard/1.zh_CN.png differ
diff --git a/documentation/images/wizard/2.de.png b/documentation/images/wizard/2.de.png
new file mode 100644
index 0000000000..20275ace22
Binary files /dev/null and b/documentation/images/wizard/2.de.png differ
diff --git a/documentation/images/wizard/2.en.png b/documentation/images/wizard/2.en.png
new file mode 100644
index 0000000000..7006d35459
Binary files /dev/null and b/documentation/images/wizard/2.en.png differ
diff --git a/documentation/images/wizard/2.es.png b/documentation/images/wizard/2.es.png
new file mode 100644
index 0000000000..c15ed410e6
Binary files /dev/null and b/documentation/images/wizard/2.es.png differ
diff --git a/documentation/images/wizard/2.fr.png b/documentation/images/wizard/2.fr.png
new file mode 100644
index 0000000000..d2da51ec06
Binary files /dev/null and b/documentation/images/wizard/2.fr.png differ
diff --git a/documentation/images/wizard/2.it.png b/documentation/images/wizard/2.it.png
new file mode 100644
index 0000000000..df8ba5a026
Binary files /dev/null and b/documentation/images/wizard/2.it.png differ
diff --git a/documentation/images/wizard/2.png b/documentation/images/wizard/2.png
deleted file mode 100644
index 09775f46c4..0000000000
Binary files a/documentation/images/wizard/2.png and /dev/null differ
diff --git a/documentation/images/wizard/2.ru.png b/documentation/images/wizard/2.ru.png
new file mode 100644
index 0000000000..2dabdb3bf4
Binary files /dev/null and b/documentation/images/wizard/2.ru.png differ
diff --git a/documentation/images/wizard/2.zh_CN.png b/documentation/images/wizard/2.zh_CN.png
new file mode 100644
index 0000000000..914f9a78cb
Binary files /dev/null and b/documentation/images/wizard/2.zh_CN.png differ
diff --git a/documentation/images/wizard/3.de.png b/documentation/images/wizard/3.de.png
new file mode 100644
index 0000000000..8ae07401a1
Binary files /dev/null and b/documentation/images/wizard/3.de.png differ
diff --git a/documentation/images/wizard/3.en.png b/documentation/images/wizard/3.en.png
new file mode 100644
index 0000000000..8d953ebb82
Binary files /dev/null and b/documentation/images/wizard/3.en.png differ
diff --git a/documentation/images/wizard/3.es.png b/documentation/images/wizard/3.es.png
new file mode 100644
index 0000000000..08b530d39e
Binary files /dev/null and b/documentation/images/wizard/3.es.png differ
diff --git a/documentation/images/wizard/3.fr.png b/documentation/images/wizard/3.fr.png
new file mode 100644
index 0000000000..db885d9874
Binary files /dev/null and b/documentation/images/wizard/3.fr.png differ
diff --git a/documentation/images/wizard/3.it.png b/documentation/images/wizard/3.it.png
new file mode 100644
index 0000000000..5a00f36c32
Binary files /dev/null and b/documentation/images/wizard/3.it.png differ
diff --git a/documentation/images/wizard/3.png b/documentation/images/wizard/3.png
deleted file mode 100644
index 54e2793a74..0000000000
Binary files a/documentation/images/wizard/3.png and /dev/null differ
diff --git a/documentation/images/wizard/3.ru.png b/documentation/images/wizard/3.ru.png
new file mode 100644
index 0000000000..8662abadb7
Binary files /dev/null and b/documentation/images/wizard/3.ru.png differ
diff --git a/documentation/images/wizard/3.zh_CN.png b/documentation/images/wizard/3.zh_CN.png
new file mode 100644
index 0000000000..9b43a51eec
Binary files /dev/null and b/documentation/images/wizard/3.zh_CN.png differ
diff --git a/documentation/images/wizard/4.de.png b/documentation/images/wizard/4.de.png
new file mode 100644
index 0000000000..96bb34abc9
Binary files /dev/null and b/documentation/images/wizard/4.de.png differ
diff --git a/documentation/images/wizard/4.en.png b/documentation/images/wizard/4.en.png
new file mode 100644
index 0000000000..fb092c4029
Binary files /dev/null and b/documentation/images/wizard/4.en.png differ
diff --git a/documentation/images/wizard/4.es.png b/documentation/images/wizard/4.es.png
new file mode 100644
index 0000000000..f7a7c0ce0a
Binary files /dev/null and b/documentation/images/wizard/4.es.png differ
diff --git a/documentation/images/wizard/4.fr.png b/documentation/images/wizard/4.fr.png
new file mode 100644
index 0000000000..a24bb62d5a
Binary files /dev/null and b/documentation/images/wizard/4.fr.png differ
diff --git a/documentation/images/wizard/4.it.png b/documentation/images/wizard/4.it.png
new file mode 100644
index 0000000000..945096c945
Binary files /dev/null and b/documentation/images/wizard/4.it.png differ
diff --git a/documentation/images/wizard/4.png b/documentation/images/wizard/4.png
deleted file mode 100644
index 6fcc3f160b..0000000000
Binary files a/documentation/images/wizard/4.png and /dev/null differ
diff --git a/documentation/images/wizard/4.ru.png b/documentation/images/wizard/4.ru.png
new file mode 100644
index 0000000000..feadb33eb0
Binary files /dev/null and b/documentation/images/wizard/4.ru.png differ
diff --git a/documentation/images/wizard/4.zh_CN.png b/documentation/images/wizard/4.zh_CN.png
new file mode 100644
index 0000000000..022afa3e79
Binary files /dev/null and b/documentation/images/wizard/4.zh_CN.png differ
diff --git a/documentation/images/wizard/5.de.png b/documentation/images/wizard/5.de.png
new file mode 100644
index 0000000000..3949264816
Binary files /dev/null and b/documentation/images/wizard/5.de.png differ
diff --git a/documentation/images/wizard/5.en.png b/documentation/images/wizard/5.en.png
new file mode 100644
index 0000000000..c9e66fd601
Binary files /dev/null and b/documentation/images/wizard/5.en.png differ
diff --git a/documentation/images/wizard/5.es.png b/documentation/images/wizard/5.es.png
new file mode 100644
index 0000000000..376e417b9d
Binary files /dev/null and b/documentation/images/wizard/5.es.png differ
diff --git a/documentation/images/wizard/5.fr.png b/documentation/images/wizard/5.fr.png
new file mode 100644
index 0000000000..d243084b0a
Binary files /dev/null and b/documentation/images/wizard/5.fr.png differ
diff --git a/documentation/images/wizard/5.it.png b/documentation/images/wizard/5.it.png
new file mode 100644
index 0000000000..08b3059c08
Binary files /dev/null and b/documentation/images/wizard/5.it.png differ
diff --git a/documentation/images/wizard/5.png b/documentation/images/wizard/5.png
deleted file mode 100644
index 928fdf28bf..0000000000
Binary files a/documentation/images/wizard/5.png and /dev/null differ
diff --git a/documentation/images/wizard/5.ru.png b/documentation/images/wizard/5.ru.png
new file mode 100644
index 0000000000..17205be11e
Binary files /dev/null and b/documentation/images/wizard/5.ru.png differ
diff --git a/documentation/images/wizard/5.zh_CN.png b/documentation/images/wizard/5.zh_CN.png
new file mode 100644
index 0000000000..083890958d
Binary files /dev/null and b/documentation/images/wizard/5.zh_CN.png differ
diff --git a/documentation/images/wizard/6.de.png b/documentation/images/wizard/6.de.png
new file mode 100644
index 0000000000..09232801f9
Binary files /dev/null and b/documentation/images/wizard/6.de.png differ
diff --git a/documentation/images/wizard/6.en.png b/documentation/images/wizard/6.en.png
new file mode 100644
index 0000000000..26bc14b92c
Binary files /dev/null and b/documentation/images/wizard/6.en.png differ
diff --git a/documentation/images/wizard/6.es.png b/documentation/images/wizard/6.es.png
new file mode 100644
index 0000000000..45e6b233d0
Binary files /dev/null and b/documentation/images/wizard/6.es.png differ
diff --git a/documentation/images/wizard/6.fr.png b/documentation/images/wizard/6.fr.png
new file mode 100644
index 0000000000..eeb8ad5912
Binary files /dev/null and b/documentation/images/wizard/6.fr.png differ
diff --git a/documentation/images/wizard/6.it.png b/documentation/images/wizard/6.it.png
new file mode 100644
index 0000000000..b6d49ea271
Binary files /dev/null and b/documentation/images/wizard/6.it.png differ
diff --git a/documentation/images/wizard/6.png b/documentation/images/wizard/6.png
deleted file mode 100644
index 2416c76f9e..0000000000
Binary files a/documentation/images/wizard/6.png and /dev/null differ
diff --git a/documentation/images/wizard/6.ru.png b/documentation/images/wizard/6.ru.png
new file mode 100644
index 0000000000..137f939614
Binary files /dev/null and b/documentation/images/wizard/6.ru.png differ
diff --git a/documentation/images/wizard/6.zh_CN.png b/documentation/images/wizard/6.zh_CN.png
new file mode 100644
index 0000000000..2e5a52a2b2
Binary files /dev/null and b/documentation/images/wizard/6.zh_CN.png differ
diff --git a/documentation/index.rst b/documentation/index.rst
index ec4d84f24a..d0b4e237be 100644
--- a/documentation/index.rst
+++ b/documentation/index.rst
@@ -1,10 +1,7 @@
 Documentation
 =============
 
-`GlobaLeaks <https://www.globaleaks.org/>`_ is an open-source, free software intended to enable anyone to easily set up and maintain a secure whistleblowing platform.
-
-
-.. note:: This documentation is thank to the support of our community. Join us and contribute with your additions and suggestion. In any of the page you find a link that enables you to provide suggestions and corrections. We remind you that in case of any software issue or bug you may always report on the `ticketing system <https://github.com/globaleaks/GlobaLeaks/issues>`_.
+.. note:: This documentation is thank to the support of our community. Join us and contribute with your additions and suggestion. In any of the page you find a link that enables you to provide suggestions and corrections. We remind you that in case of any software issue or bug you may always report on the `ticketing system <https://github.com/globaleaks/globaleaks-whistleblowing-software/issues>`_.
 
 .. toctree::
   gettingstarted/index.rst
diff --git a/documentation/locale/ar/.readthedocs.yaml b/documentation/locale/ar/.readthedocs.yaml
new file mode 100644
index 0000000000..2f81c2c003
--- /dev/null
+++ b/documentation/locale/ar/.readthedocs.yaml
@@ -0,0 +1,14 @@
+# Read the Docs configuration file
+# See https://docs.readthedocs.io/en/stable/config-file/v2.html for details
+
+build:
+  os: ubuntu-lts-latest
+  tools:
+    python: latest
+
+sphinx:
+  configuration: documentation/conf.py
+
+python:
+  install:
+    - requirements: documentation/requirements.txt
diff --git a/documentation/locale/ar/LC_MESSAGES/sphinx.mo b/documentation/locale/ar/LC_MESSAGES/sphinx.mo
new file mode 100644
index 0000000000..750b1d6157
Binary files /dev/null and b/documentation/locale/ar/LC_MESSAGES/sphinx.mo differ
diff --git a/documentation/locale/ar/LC_MESSAGES/sphinx.po b/documentation/locale/ar/LC_MESSAGES/sphinx.po
new file mode 100644
index 0000000000..82680dc6ef
--- /dev/null
+++ b/documentation/locale/ar/LC_MESSAGES/sphinx.po
@@ -0,0 +1,4672 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) 2011-2024 - GlobaLeaks
+# This file is distributed under the same license as the GlobaLeaks package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2024.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: GlobaLeaks 5.0.15\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2024-10-14 19:43+0200\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language: ar\n"
+"Language-Team: ar <LL@li.org>\n"
+"Plural-Forms: nplurals=6; plural=(n==0 ? 0 : n==1 ? 1 : n==2 ? 2 : "
+"n%100>=3 && n%100<=10 ? 3 : n%100>=0 && n%100<=2 ? 4 : 5);\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Generated-By: Babel 2.16.0\n"
+
+#: ../../developer/ContinuousIntegration.rst:3
+msgid "Continuous integration"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:4
+msgid ""
+"The GlobaLeaks codebase is continuously tested for bug within a complete "
+"continuous integration lifecycle implemented."
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:6
+msgid "Testes are performed at every commit by:"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:8
+msgid ""
+"performing continous integration testing with `GitHub Actions "
+"<https://github.com/globaleaks/globaleaks-whistleblowing-software/actions>`_;"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:9
+msgid ""
+"tracking tests coverage and code quality with `Codacy "
+"<https://app.codacy.com/manual/GlobaLeaks/GlobaLeaks>`_."
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:12
+msgid "Unit tests"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:13
+msgid "Unit tests are implemented by means of python-twisted and trial"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:15
+#: ../../developer/ContinuousIntegration.rst:26
+msgid "Tests can be run manually by issuing:"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:23
+msgid "E2E tests"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:24
+msgid "End to end tests are implemented by means of Cypress."
+msgstr ""
+
+#: ../../developer/DatabaseSchema.rst:2
+msgid "Database schema"
+msgstr ""
+
+#: ../../developer/Environment.rst:3
+msgid "Development environment"
+msgstr ""
+
+#: ../../developer/Environment.rst:4
+msgid ""
+"This guide describes how to set up an environment in order to contribute "
+"to the development of GlobaLeaks."
+msgstr ""
+
+#: ../../developer/Environment.rst:7 ../../gettingstarted/Requirements.rst:2
+msgid "Requirements"
+msgstr ""
+
+#: ../../developer/Environment.rst:8
+msgid ""
+"The guide assumes you run a Debian based system and that the following "
+"software is installed on your system:"
+msgstr ""
+
+#: ../../developer/Environment.rst:10
+msgid "debhelper"
+msgstr ""
+
+#: ../../developer/Environment.rst:11
+msgid "devscripts"
+msgstr ""
+
+#: ../../developer/Environment.rst:12
+msgid "dh-apparmor"
+msgstr ""
+
+#: ../../developer/Environment.rst:13
+msgid "dh-python"
+msgstr ""
+
+#: ../../developer/Environment.rst:14
+msgid "git"
+msgstr ""
+
+#: ../../developer/Environment.rst:15
+msgid "grunt-cli"
+msgstr ""
+
+#: ../../developer/Environment.rst:16
+msgid "node"
+msgstr ""
+
+#: ../../developer/Environment.rst:17
+msgid "npm"
+msgstr ""
+
+#: ../../developer/Environment.rst:18
+msgid "python3"
+msgstr ""
+
+#: ../../developer/Environment.rst:19
+msgid "python3-dev"
+msgstr ""
+
+#: ../../developer/Environment.rst:20
+msgid "python3-pip"
+msgstr ""
+
+#: ../../developer/Environment.rst:21
+msgid "python3-setuptools"
+msgstr ""
+
+#: ../../developer/Environment.rst:22
+msgid "python3-sphinx"
+msgstr ""
+
+#: ../../developer/Environment.rst:23
+msgid "python3-virtualenv"
+msgstr ""
+
+#: ../../developer/Environment.rst:26 ../../setup/index.rst:2
+msgid "Setup"
+msgstr ""
+
+#: ../../developer/Environment.rst:27
+msgid "The repository could be cloned with:"
+msgstr ""
+
+#: ../../developer/Environment.rst:33
+msgid "Client dependencies could be installed by issuing:"
+msgstr ""
+
+#: ../../developer/Environment.rst:41
+msgid "Backend dependencies could be installed by issuing:"
+msgstr ""
+
+#: ../../developer/Environment.rst:50
+msgid ""
+"This will create for you a python virtualenv in the directory env "
+"containing all the required python dependencies. To leave the virtualenv,"
+" type ``deactivate``."
+msgstr ""
+
+#: ../../developer/Environment.rst:52
+msgid ""
+"Then, anytime you will want to activate the environment to run globaleaks"
+" you will just need to issue the command:"
+msgstr ""
+
+#: ../../developer/Environment.rst:58
+msgid "Setup the client:"
+msgstr ""
+
+#: ../../developer/Environment.rst:66
+msgid "Setup the backend and its dependencies:"
+msgstr ""
+
+#: ../../developer/Environment.rst:76
+msgid "Run"
+msgstr ""
+
+#: ../../developer/Environment.rst:77
+msgid ""
+"To run globaleaks from sources within the development environment you "
+"should issue:"
+msgstr ""
+
+#: ../../developer/Environment.rst:85
+msgid ""
+"GlobaLeaks will start and be reachable at the following address "
+"https://127.0.0.1:8443"
+msgstr ""
+
+#: ../../developer/Environment.rst:88
+msgid "Building the docs"
+msgstr ""
+
+#: ../../developer/Environment.rst:89
+msgid "To build the documentation:"
+msgstr ""
+
+#: ../../developer/Environment.rst:97
+msgid "To edit the docs with hot-reload functionality:"
+msgstr ""
+
+#: ../../developer/Environment.rst:107
+msgid ""
+"Sphinx server will start and be reachable at the following address "
+"http://127.0.0.1:8000 in the web browser."
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:2
+msgid "Release procedure"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:3
+msgid "This is the procedure followed to publish a new GlobaLeaks release."
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:5
+msgid "A release is represented by:"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:7
+msgid "A version bump;"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:8
+msgid "An updated CHANGELOG;"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:9
+msgid "A commit titled \"Bump to version $number\";"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:10
+msgid "A tag commit $version signed by a core developer with their own key;"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:11
+msgid "An updated package on deb.globaleaks.org;"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:12
+msgid "A signed repository."
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:15
+msgid "Release tagging"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:16
+msgid ""
+"To release is tagger by means of the official version bump script by "
+"issuing:"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:23
+msgid "Release packaging"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:24
+msgid "The package is built by means of the official build script by issuing:"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:30
+msgid "This command builds a package for each supported distribution and version."
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:33
+msgid "Package publishing"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:34
+msgid "The package is published on https://deb.globaleaks.org by issuing:"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:41
+msgid "Repository signing"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:42
+msgid ""
+"The release is then signed by a core developer by using the official "
+"project key via:"
+msgstr ""
+
+#: ../../developer/SoftwareLibraries.rst:2
+msgid "Software libraries"
+msgstr ""
+
+#: ../../developer/SoftwareLibraries.rst:3
+msgid ""
+"The software libraries used by GlobaLeaks are listed in the following "
+"files:"
+msgstr ""
+
+#: ../../developer/SoftwareLibraries.rst:5
+msgid ""
+"Backend: `backend/requirements.txt <https://github.com/globaleaks"
+"/globaleaks-whistleblowing-software/blob/main/backend/requirements/requirements-"
+"bullseye.txt>`_"
+msgstr ""
+
+#: ../../developer/SoftwareLibraries.rst:6
+msgid ""
+"Client: `client/package.json <https://github.com/globaleaks"
+"/globaleaks-whistleblowing-software/blob/main/client/package.json>`_"
+msgstr ""
+
+#: ../../developer/SoftwareLibraries.rst:7
+msgid ""
+"Packaging: `debian/control <https://github.com/globaleaks/whistleblowing-"
+"software/blob/main/debian/controlX/control.bullseye>`_"
+msgstr ""
+
+#: ../../developer/index.rst:2
+msgid "Developer documentation"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:2
+msgid "Features"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:3
+msgid "These are the key features of the software:"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:6
+msgid "User features"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:8
+msgid ""
+"Multi-user system with customizable user roles (whistleblower, recipient,"
+" administrator)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:9
+msgid "Fully manageable via a web administration interface"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:10
+msgid ""
+"Allows whistleblowers to decide if and when to confidentially declare "
+"their identity"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:11
+msgid "Facilitates multimedia file exchanges with whistleblowers"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:12
+msgid "Secure management of file access and visualization"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:13
+msgid "Enables chat with whistleblowers to discuss reports"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:14
+msgid "Provides a unique 16-digit receipt for anonymous whistleblower login"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:15
+msgid "Simple recipient interface for receiving and analyzing reports"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:16
+msgid "Supports report categorization with labels"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:17
+msgid "Includes user search functionality for reports"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:18
+msgid "Supports the creation and assignment of case management statuses"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:19
+msgid "Customizable appearance (logo, color, styles, font, text)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:20
+msgid "Allows defining multiple reporting channels (e.g., by topic, department)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:21
+msgid ""
+"Enables creation and management of multiple whistleblowing sites (e.g., "
+"for subsidiaries or third-party clients)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:22
+msgid "Advanced questionnaire builder"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:23
+msgid "Provides whistleblowing system statistics"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:24
+msgid ""
+"Support for `over 90 languages "
+"<https://www.transifex.com/otf/globaleaks>`_ and Right-to-Left (RTL) "
+"languages"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:27
+msgid "Legal features"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:29
+msgid ""
+"Designed in adherence to `ISO 37002:2021 "
+"<https://www.iso.org/standard/65035.html>`_ and `EU Directive 2019/1937 "
+"<https://eur-lex.europa.eu/legal-"
+"content/en/TXT/?uri=CELEX%3A32019L1937>`_ recommendations for "
+"whistleblowing compliance"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:30
+msgid "Supports bidirectional anonymous communication (comments/messages)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:31
+msgid "Customizable case management workflow (statuses/sub-statuses)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:32
+msgid "Conditional reporting workflow based on whistleblower identity"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:33
+msgid "Manages conflicts of interest in the reporting workflow"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:34
+msgid "Custodian functionality to authorize access to whistleblower identity"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:35
+msgid "GDPR privacy by design and by default"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:36
+msgid "Configurable GDPR data retention policies"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:37
+msgid "GDPR-compliant subscriber module for new SaaS users"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:38
+msgid "No IP address logging"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:39
+msgid "Includes an audit log"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:40
+msgid "Integrates with existing enterprise case management platforms"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:41
+msgid ""
+"Free Software OSI Approved `AGPL 3.0 License "
+"<https://github.com/globaleaks/whistleblowing-"
+"software/blob/main/LICENSE>`_"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:44
+msgid "Security features"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:46
+msgid ""
+"Designed in adherence to `ISO 27001:2022 "
+"<https://www.iso.org/standard/82875.html>`_, `CSA STAR "
+"<https://cloudsecurityalliance.org/star>`_, and `OWASP "
+"<https://owasp.org/>`_ recommendations for security compliance"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:47
+msgid ""
+"Full data encryption for whistleblower reports and recipient "
+"communications"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:48
+msgid ""
+"Supports digital anonymity through `Tor <https://www.torproject.org/>`_ "
+"integration"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:49
+msgid ""
+"Built-in HTTPS support with `TLS 1.3 "
+"<https://tools.ietf.org/html/rfc8446>`_ standard and `SSLabs A+ "
+"<https://www.ssllabs.com/ssltest/analyze.html?d=try.globaleaks.org>`_ "
+"rating"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:50
+msgid ""
+"Automatic enrollment for free digital certificates with `Let’s Encrypt "
+"<https://letsencrypt.org/>`_"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:51
+msgid "Multiple penetration tests with publicly available reports"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:52
+msgid ""
+"Two-Factor Authentication (2FA) compliant with `TOTP RFC 6238 "
+"<https://tools.ietf.org/html/rfc6238>`_"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:53
+msgid "Integrated network sandboxing with iptables"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:54
+msgid "Application sandboxing with `AppArmor <http://wiki.apparmor.net/>`_"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:55
+msgid "Complete protection against automated submissions (spam prevention)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:56
+msgid "Continuous peer review and periodic security audits"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:57
+msgid "PGP support for encrypted email notifications and file downloads"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:58
+msgid "Leaves no traces in browser cache"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:61
+msgid "Technical features"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:63
+msgid ""
+"Designed in adherence to `Directive (EU) 2019/882 <https://eur-"
+"lex.europa.eu/legal-content/IT/TXT/?uri=CELEX%3A32019L0882>`_, `Directive"
+" (EU) 2016/2102 <https://eur-lex.europa.eu/legal-"
+"content/IT/TXT/?uri=CELEX%3A32016L2102>`_, `ETSI EN 301 549 "
+"<https://www.etsi.org/deliver/etsi_en/301500_301599/301549/03.02.01_60/en_301549v030201p.pdf>`_,"
+" `W3C WCAG 2.2 <https://www.w3.org/TR/WCAG22/>`_, and `WAI-ARIA 2.2 "
+"<https://www.w3.org/TR/wai-aria-1.2/>`_ recommendations for accessibility"
+" compliance"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:64
+msgid ""
+"Multi-site support enabling the operation of multiple virtual sites on "
+"the same setup"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:65
+msgid ""
+"Responsive user interfaces created with `Bootstrap "
+"<https://getbootstrap.com/>`_ CSS framework"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:66
+msgid "Automated software quality measurement and continuous integration testing"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:67
+msgid "Long-Term Support (LTS) plan"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:68
+msgid ""
+"Built with lightweight framework technologies (`Angular "
+"<https://angular.dev/>`_ and `Python Twisted <https://twisted.org/>`_)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:69
+msgid "Integrated `SQLite <https://sqlite.org>`_ database"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:70
+msgid ""
+"Automatic setup for `Tor Onion Services Version 3 "
+"<https://www.torproject.org/>`_"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:71
+msgid "Supports self-service signup for whistleblowing SaaS setup"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:72
+msgid ""
+"Compatible with Linux operating systems (`Debian "
+"<https://www.debian.org/>`_ / `Ubuntu <https://ubuntu.com/>`_)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:73
+msgid "Debian packaging with a repository for updates/upgrades"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:74
+msgid "Fully self-contained application"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:75
+msgid "Easy integration with existing websites"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:76
+msgid ""
+"Built and packaged with `reproducibility "
+"<https://en.wikipedia.org/wiki/Reproducible_builds>`_ in mind"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:77
+msgid "REST API"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:2
+msgid "Glossary"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:3
+msgid ""
+"This glossary defines jargon used in GlobaLeaks in a clear and consistent"
+" manner."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:5 ../../security/ThreatModel.rst:1
+msgid "Administrator"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:7
+msgid ""
+"The user who has set up and maintains the platform. An Administrator does"
+" not have access to Whistleblowers’ reports."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:8
+msgid "Channel"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:10
+msgid ""
+"A reporting channel used as a container for reports. Channels can be "
+"configured with specific questionnaires, recipients, and policies. They "
+"are typically used to organize the reporting process."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:11 ../../user/admin/UserInterface.rst:19
+#: ../../user/admin/UserInterface.rst:201
+msgid "Notification"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:13
+msgid ""
+"An email sent to inform a recipient of a new report or an update to an "
+"existing report."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:14
+msgid "Platform"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:16
+msgid "A system running the GlobaLeaks software."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:17
+msgid "Questionnaire"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:19
+msgid "A set of questions that the whistleblower must complete to file a report."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:20
+#: ../../security/ApplicationSecurity.rst:32
+msgid "Receipt"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:22
+msgid ""
+"A 16-digit random secret code generated by the system and provided to "
+"whistleblowers upon submission of their report. This code allows them to "
+"anonymously access and update their report by adding comments and new "
+"files."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:23 ../../security/ThreatModel.rst:1
+msgid "Recipient"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:25
+msgid ""
+"A user authorized to read whistleblowers’ reports. Recipients may also "
+"communicate with whistleblowers via the GlobaLeaks platform."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:26 ../../security/PenetrationTests.rst:1
+msgid "Report"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:28
+msgid ""
+"The submission by a whistleblower, including answers to a questionnaire "
+"and any attached material."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:29 ../../security/ThreatModel.rst:1
+msgid "Whistleblower"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:31
+msgid "The person who files a report."
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:3
+msgid ""
+"Ensure you understand and meet each of the following technical "
+"requirements."
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:6
+msgid "Hardware requirements"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:7
+msgid "**Requirements**:"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:9
+msgid "CPU: Dual-core 2.0GHz (64-bit)"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:10
+msgid "RAM: 1GB"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:11
+msgid "Storage: 20GB"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:12
+msgid "I/O: 10Mbit/s (shared)"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:14
+msgid ""
+"Please note that GlobaLeaks is designed to run on servers with "
+"specifications smaller than those listed above."
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:16
+msgid ""
+"The storage size should be determined based on your data retention "
+"policies and the expected use of the platform."
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:19
+msgid "Software requirements"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:20
+msgid ""
+"GlobaLeaks is designed to run on GNU/Linux and is developed and tested "
+"specifically for Debian-based systems."
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:22
+msgid ""
+"The currently recommended distributions are: Debian 12 (Bookworm) and "
+"Ubuntu 24.04 (Noble)"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:24
+msgid ""
+"The software lifecycle of the platform includes full support for all "
+"Debian and Ubuntu LTS versions starting from `Debian 10 "
+"<https://www.debian.org/releases/buster/>`_ and `Ubuntu 20.04 "
+"<https://releases.ubuntu.com/20.04/>`_."
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:26
+msgid ""
+"Support is guaranteed on these platforms according to the official long-"
+"term support timelines:"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:28
+msgid "`Debian Release End of Life Timeline <https://wiki.debian.org/LTS>`_"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:29
+msgid ""
+"`Ubuntu Release End of Life Timeline <https://www.ubuntu.com/info"
+"/release-end-of-life>`_"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:31
+msgid ""
+"Currently, we do not plan to support additional distributions, as "
+"GlobaLeaks adheres to the Unix philosophy of making each program excel in"
+" a specific area. By focusing our efforts on mastering one domain, we aim"
+" to serve our community most effectively. If you are interested in "
+"helping us extend support to additional distributions, please get in "
+"touch."
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:2
+msgid "Supported browsers"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:4
+msgid ""
+"GlobaLeaks is designed to fully support commonly used browsers on desktop"
+" PCs, laptops, tablets, and smartphones."
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:6
+msgid ""
+"We recommend using the `Tor Browser <https://www.torproject.org/>`_ for "
+"enhanced anonymity and additional privacy and security features not "
+"available in other browsers."
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:8
+msgid "Other supported browsers include:"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Browser"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Version"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Mozilla Firefox"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid ">= 38"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Google Chrome"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid ">= 45"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Brave"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid ">= 1.20.110"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Edge"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "any"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Safari"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid ">= 8"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "iOS"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid ">= 9"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Android"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid ">= 4.4"
+msgstr ""
+
+#: ../../gettingstarted/index.rst:2
+msgid "Getting started"
+msgstr ""
+
+#: ../../index.rst:2
+msgid "Documentation"
+msgstr "التوثيق"
+
+#: ../../index.rst:4
+msgid ""
+"`GlobaLeaks <https://www.globaleaks.org/>`_ is an open-source, free "
+"software intended to enable anyone to easily set up and maintain a secure"
+" whistleblowing platform."
+msgstr ""
+
+#: ../../index.rst:7
+msgid ""
+"This documentation is thank to the support of our community. Join us and "
+"contribute with your additions and suggestion. In any of the page you "
+"find a link that enables you to provide suggestions and corrections. We "
+"remind you that in case of any software issue or bug you may always "
+"report on the `ticketing system <https://github.com/globaleaks"
+"/globaleaks-whistleblowing-software/issues>`_."
+msgstr ""
+
+#: ../../roadmap/index.rst:2
+msgid "Project roadmap"
+msgstr ""
+
+#: ../../roadmap/index.rst:5
+msgid ""
+"This tentative roadmap is built by the GlobaLeaks team in order to try to"
+" respond to main users' needs. Please get sure that the needs of your "
+"projects and users are well represented on the project `Ticketing System "
+"<https://github.com/globaleaks/globaleaks-whistleblowing-software/issues>`_. If your"
+" organization could fund the development of parts of this roadmap please "
+"write us at info@globaleaks.org"
+msgstr ""
+
+#: ../../roadmap/index.rst:8
+msgid "Introduction"
+msgstr ""
+
+#: ../../roadmap/index.rst:9
+msgid ""
+"`GlobaLeaks <https://www.globaleaks.org>`_ is free, open source software "
+"enabling anyone to easily set up and maintain a secure whistleblowing "
+"platform."
+msgstr ""
+
+#: ../../roadmap/index.rst:11
+msgid ""
+"Started in 2011, the software is now widely used worldwide by more than "
+"3000 organizations working in the fields of anti-corruption activism, "
+"human rights violations reporting, investigative journalism, and "
+"corporate compliance."
+msgstr ""
+
+#: ../../roadmap/index.rst:13
+msgid ""
+"This document details the main areas of research development and "
+"represents the actual tentative readmap of consolidation planned for "
+"2024-2026 based on the analysis of the large set of user needs collected "
+"within the official `Ticketing System <https://github.com/globaleaks"
+"/globaleaks-whistleblowing-software/issues>`_."
+msgstr ""
+
+#: ../../roadmap/index.rst:16
+msgid "Development areas"
+msgstr ""
+
+#: ../../roadmap/index.rst:19
+msgid "Statistics and Reporting"
+msgstr ""
+
+#: ../../roadmap/index.rst:20
+msgid ""
+"GlobaLeaks still misses the implementation for any generation of "
+"statistics and reports. Such features are considered fundamental in order"
+" to properly support users in analysis, investigation and reporting."
+msgstr ""
+
+#: ../../roadmap/index.rst:22
+msgid "E.g:"
+msgstr ""
+
+#: ../../roadmap/index.rst:24
+msgid ""
+"Recipients should be able to visually see statistics about the received "
+"reports received and the data contained; these statistics should empower "
+"users in their work providing relevant information out of the data "
+"collection that could help users analyze and study social problems like "
+"corruption and be able to organize and export automatic reporting;"
+msgstr ""
+
+#: ../../roadmap/index.rst:25
+msgid ""
+"Administrators should be able to visually see a dashboard in order to "
+"monitor the system and assure that all is working well (e.g. that "
+"recipients are receiving submissions and are able to access them and that"
+" no attacks are performed on the system)."
+msgstr ""
+
+#: ../../roadmap/index.rst:27 ../../roadmap/index.rst:42
+msgid "Ideas:"
+msgstr ""
+
+#: ../../roadmap/index.rst:29
+msgid ""
+"A client library could be adopted to generate reports directly on the "
+"client (e.g. Chart.js)"
+msgstr ""
+
+#: ../../roadmap/index.rst:30
+msgid ""
+"The implementation should support the possibility of exporting the report"
+" in PDF; in relation to this aspect it should be considered the "
+"advantages of a possible backend implementation."
+msgstr ""
+
+#: ../../roadmap/index.rst:32 ../../roadmap/index.rst:47
+#: ../../roadmap/index.rst:58 ../../roadmap/index.rst:71
+#: ../../roadmap/index.rst:84
+msgid "Reference tickets:"
+msgstr ""
+
+#: ../../roadmap/index.rst:34
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/1959"
+msgstr ""
+
+#: ../../roadmap/index.rst:35
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2254"
+msgstr ""
+
+#: ../../roadmap/index.rst:39
+msgid "Audit Log"
+msgstr ""
+
+#: ../../roadmap/index.rst:40
+msgid ""
+"GlobaLeaks still misses the implementation of a complete audit logit. "
+"This is considered a fundamental feature in order to achieve full "
+"accontability of the whistleblowing process and increase security."
+msgstr ""
+
+#: ../../roadmap/index.rst:44
+msgid "Software audit log should be improved"
+msgstr ""
+
+#: ../../roadmap/index.rst:45
+msgid ""
+"The software could exposes a standard log interfaces in CEF/LEEF/Syslog "
+"format to foster integration with third party SIEM software."
+msgstr ""
+
+#: ../../roadmap/index.rst:49
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2579"
+msgstr ""
+
+#: ../../roadmap/index.rst:50
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2580"
+msgstr ""
+
+#: ../../roadmap/index.rst:51
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2651"
+msgstr ""
+
+#: ../../roadmap/index.rst:54
+msgid "GDPR compliance"
+msgstr ""
+
+#: ../../roadmap/index.rst:55
+msgid ""
+"GlobaLeaks implements by-design many best practices in matters of privacy"
+" and security. In order to be effectively accepted and competitive beside"
+" commercial proprietary solutions and to guarantee the sustainability of "
+"the project, the software needs to achieve some market “standards” (e.g. "
+"GDPR compliance / ISO certifications / etc.); among all we selected that "
+"GDPR compliance is a first step where the software could implement best "
+"practices (e.g. procedures for self signup should present appropriate "
+"legal notices, terms of services, and contractualization). Within the "
+"software, there should be implemented an automatic contract generation "
+"via PDF or other suitable formats in respect with the GDPR requirements."
+msgstr ""
+
+#: ../../roadmap/index.rst:60
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2145"
+msgstr ""
+
+#: ../../roadmap/index.rst:61
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2658"
+msgstr ""
+
+#: ../../roadmap/index.rst:62
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2866"
+msgstr ""
+
+#: ../../roadmap/index.rst:63
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2767"
+msgstr ""
+
+#: ../../roadmap/index.rst:64
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/3011"
+msgstr ""
+
+#: ../../roadmap/index.rst:65
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/3012"
+msgstr ""
+
+#: ../../roadmap/index.rst:68
+msgid "Backup and Restore"
+msgstr ""
+
+#: ../../roadmap/index.rst:69
+msgid ""
+"GlobaLeaks currently misses any feature for performing backup and "
+"restoring of its setup. These duties are currently performed by its users"
+" following typical best manual practices (e.g. archiving the data "
+"directory of the application). This project idea is to research the best "
+"practices to be applied in this context and to identify suitable "
+"strategies for implementing periodic, secure and encrypted backups to be "
+"restored upon necessity."
+msgstr ""
+
+#: ../../roadmap/index.rst:73
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/528"
+msgstr ""
+
+#: ../../roadmap/index.rst:74
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2149"
+msgstr ""
+
+#: ../../roadmap/index.rst:77
+msgid "Multitenancy"
+msgstr ""
+
+#: ../../roadmap/index.rst:79
+msgid "Import and Export of Tenants"
+msgstr ""
+
+#: ../../roadmap/index.rst:80
+msgid ""
+"Part of the software is a recent feature of Multitenancy, first "
+"implemented in 2018 and stabilized during 2019. Through this feature, "
+"GlobaLeaks makes it possible to create multiple setups of itself via "
+"virtual sites (similarly to Wordpress multisite feature). In order to "
+"make it more easy for an administrator to migrate a platform form a "
+"system to an other or to enable users to require data portability from a "
+"globaleaks provider to an other, for example in relation to GDPR it has "
+"been evaluated necessary to improve the multi tenancy implementation by "
+"implementing support for import-export of tenants. In the context of a "
+"whistleblowing application, involving encryption and logging this poses "
+"important challenges on how to best handle this process."
+msgstr ""
+
+#: ../../roadmap/index.rst:86
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2632"
+msgstr ""
+
+#: ../../roadmap/index.rst:87
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2631"
+msgstr ""
+
+#: ../../roadmap/index.rst:90
+msgid "Multisite users"
+msgstr ""
+
+#: ../../roadmap/index.rst:91
+msgid "(To be further researched)"
+msgstr ""
+
+#: ../../roadmap/index.rst:93
+msgid ""
+"Important requirement at the base of the Multitenancy expansion is the "
+"possibility to enable users to be administrators and recipients of two or"
+" multiple instances running on the same multi-site setup. This is useful "
+"for example when a lawyer takes part as a recipient on multiple projects;"
+" as well it is useful when an ICT consultant joins consultancy on "
+"multiple projects."
+msgstr ""
+
+#: ../../roadmap/index.rst:96
+msgid ""
+"This could significatively simplify user access enabling the user to have"
+" a single set of username and password and associated keys."
+msgstr ""
+
+#: ../../roadmap/index.rst:98
+msgid "References tickets:"
+msgstr ""
+
+#: ../../roadmap/index.rst:100
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2302"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:3
+msgid "Application security"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:4
+msgid ""
+"The GlobaLeaks software aims to adhere to industry-standard best "
+"practices, with its security being the result of applied research."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:6
+msgid ""
+"This document details every aspect implemented by the application in "
+"relation to security design."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:9
+msgid "Architecture"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:10
+msgid "The software comprises two main components: a `Backend` and a `Client`:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:12
+msgid ""
+"The Backend is a Python-based server that runs on a physical server and "
+"exposes a `REST API "
+"<https://en.wikipedia.org/wiki/Representational_state_transfer>`_."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:13
+msgid ""
+"The Client is a JavaScript client-side web application that interacts "
+"with the Backend only through `XHR "
+"<https://en.wikipedia.org/wiki/XMLHttpRequest>`_."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:16
+msgid "Anonymity"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:17
+msgid ""
+"Users' anonymity is protected by means of `Tor "
+"<https://www.torproject.org>`_ technology."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:19
+msgid ""
+"The application is designed to avoid logging sensitive metadata that "
+"could lead to the identification of whistleblowers."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:22
+msgid "Authentication"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:23
+msgid ""
+"The confidentiality of authentication is protected either by `Tor Onion "
+"Services v3 <https://www.torproject.org/docs/onion-services.html.en>`_ or"
+" `TLS version 1.2+ "
+"<https://en.wikipedia.org/wiki/Transport_Layer_Security>`_."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:25
+msgid ""
+"This section describes the authentication methods implemented by the "
+"system."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:28
+msgid "Password"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:29
+msgid ""
+"By accessing the login web interface, `Administrators` and `Recipients` "
+"need to enter their respective `Username` and `Password`. If the "
+"submitted password is valid, the system grants access to the "
+"functionality available to that user."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:33
+msgid ""
+"`Whistleblowers` access their `Reports` using an anonymous `Receipt`, "
+"which is a randomly generated 16-digit sequence created by the Backend "
+"when the Report is first submitted. This format resembles a standard "
+"phone number, making it easier for whistleblowers to conceal their "
+"receipts."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:36
+msgid "Password security"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:37
+msgid "The system implements the following password security measures:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:40
+msgid "Password storage"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:41
+msgid ""
+"Passwords are never stored in plaintext; instead, the system maintains "
+"only a hashed version. This applies to all authentication secrets, "
+"including whistleblower receipts."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:43
+msgid ""
+"The platform stores users’ passwords hashed with a random 128-bit salt, "
+"unique for each user."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:45
+msgid ""
+"Passwords are hashed using `Argon2 "
+"<https://en.wikipedia.org/wiki/Argon2>`_, a key derivation function "
+"selected as the winner of the `Password Hashing Competition "
+"<https://en.wikipedia.org/wiki/Password_Hashing_Competition>`_ in July "
+"2015."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:47
+msgid ""
+"The hash involves a per-user salt for each user and a per-system salt for"
+" whistleblowers."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:50
+msgid "Password complexity"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:51
+msgid ""
+"The system enforces complex passwords by implementing a custom algorithm "
+"necessary to ensure reasonable entropy for each authentication secret."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:53
+msgid ""
+"Passwords are scored at three levels: `Strong`, `Acceptable`, and "
+"`Insecure`."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:55
+msgid ""
+"Strong: A strong password should include capital letters, lowercase "
+"letters, numbers, and symbols, be at least 12 characters long, and "
+"contain a variety of at least 10 different characters."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:56
+msgid ""
+"Acceptable: An acceptable password should include at least 3 different "
+"types of characters from capital letters, lowercase letters, numbers, and"
+" symbols, be at least 10 characters long, and contain a variety of at "
+"least 7 different characters."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:57
+msgid ""
+"Insecure: Passwords ranked below the strong or acceptable levels are "
+"marked as insecure and are not accepted by the system."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:59
+msgid ""
+"We encourage each end user to use `KeePassXC <https://keepassxc.org>`_ to"
+" generate and retain strong, unique passphrases."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:62
+msgid "Two-factor authentication"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:63
+msgid ""
+"The system implements Two-Factor Authentication (2FA) based on `TOTP` "
+"using the `RFC 6238 <https://tools.ietf.org/rfc/rfc6238.txt>`_ algorithm "
+"and 160-bit secrets."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:65
+msgid ""
+"Users can enroll in 2FA via their own preferences, and administrators can"
+" optionally enforce this requirement."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:67
+msgid ""
+"We recommend using `FreeOTP <https://freeotp.github.io/>`_, available "
+"`for Android "
+"<https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp>`_"
+" and `for iOS <https://apps.apple.com/us/app/freeotp-"
+"authenticator/id872559395>`_."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:70
+msgid "Slowdown on failed login attempts"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:71
+msgid ""
+"The system identifies multiple failed login attempts and implements a "
+"slowdown procedure, requiring an authenticating client to wait up to 42 "
+"seconds to complete an authentication."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:73
+msgid ""
+"This feature is intended to slow down potential attacks, requiring more "
+"resources in terms of time, computation, and memory."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:76
+msgid "Password change on first login"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:77
+msgid "The system enforces users to change their password at their first login."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:79
+msgid ""
+"Administrators can also enforce a password change for users at their next"
+" login."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:82
+msgid "Periodic password change"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:83
+msgid ""
+"By default, the system enforces users to change their password at least "
+"every year."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:85
+msgid "This period is configurable by administrators."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:88
+msgid "Password recovery"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:89
+msgid ""
+"In case of a lost password, users can request a password reset via the "
+"web login interface by clicking on a `Forgot password?` button present on"
+" the login page."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:91
+msgid ""
+"When this button is clicked, users are invited to enter their username or"
+" email. If the provided username or email corresponds to an existing "
+"user, the system will send a reset link to the configured email."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:93
+msgid ""
+"By clicking the link received by email, the user is then invited to set a"
+" new password different from the previous one."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:95
+msgid ""
+"If encryption is enabled on the system, a user clicking on the reset link"
+" must first enter their `Account Recovery Key`. Only after correct entry "
+"will the user be able to set a new password."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:98
+msgid "Web application security"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:99
+msgid ""
+"This section describes the Web Application Security implemented by the "
+"software in adherence to the `OWASP Security Guidelines "
+"<https://www.owasp.org>`_."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:102
+msgid "Session management"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:103
+msgid ""
+"The session implementation follows the `OWASP Session Management Cheat "
+"Sheet "
+"<https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html>`_"
+" security guidelines."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:105
+msgid ""
+"The system assigns a session to each authenticated user. The Session ID "
+"is a 256-bit long secret generated randomly by the backend. Each session "
+"expires according to a timeout of 30 minutes. Session IDs are exchanged "
+"between the client and the backend via a header (`X-Session`) and expire "
+"as soon as users close their browser or the tab running GlobaLeaks. Users"
+" can explicitly log out via a logout button or implicitly by closing the "
+"browser."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:108
+msgid "Session encryption"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:109
+msgid ""
+"To minimize the exposure of users' encryption keys, the keys are stored "
+"in an encrypted format and decrypted only upon each client request."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:111
+msgid ""
+"The implementation uses Libsodium's SecretBox, where the client's session"
+" key is used as the secret. Only the client maintains a copy of the "
+"session key, while the server retains only a SHA-256 hash."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:114
+msgid "Cookies and xsrf prevention"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:115
+msgid ""
+"Cookies are not used intentionally to minimize XSRF attacks and any "
+"possible attacks based on them. Instead of using cookies, authentication "
+"is based on a custom HTTP Session Header sent by the client on "
+"authenticated requests."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:118
+msgid "HTTP headers"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:119
+#, python-format
+msgid ""
+"The system implements a large set of HTTP headers specifically configured"
+" to improve software security and achieves a `score A+ by Security "
+"Headers "
+"<https://securityheaders.com/?q=https%3A%2F%2Ftry.globaleaks.org&followRedirects=on>`_"
+" and a `score A+ by Mozilla Observatory "
+"<https://observatory.mozilla.org/analyze/try.globaleaks.org>`_."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:122
+msgid "Strict-Transport-Security"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:123
+msgid "The system implements strict transport security by default. ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:128
+msgid "The default configuration of the application sees this feature disabled."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:131
+msgid "Content-Security-Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:132
+msgid ""
+"The backend implements a strict `Content Security Policy (CSP) "
+"<https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP>`_ preventing any "
+"interaction with third-party resources and restricting the execution of "
+"untrusted user input: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:137
+msgid ""
+"Specific policies are implemented in adherence to the principle of least "
+"privilege."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:139
+msgid "For example:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:141
+msgid ""
+"The `index.html` source of the app is the only resource allowed to load "
+"scripts from the same origin;"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:142
+msgid "Every dynamic content is strictly sandboxed on a null origin;"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:143
+msgid ""
+"Every untrusted user input or third-party library is executed in a "
+"sandbox, limiting its interaction with other application components."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:146
+msgid "Cross-Origin-Embedder-Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:147
+msgid ""
+"The backend implements the following `Cross-Origin-Embedder-Policy (COEP)"
+" <https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-"
+"Embedder-Policy>`_: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:153
+msgid "Cross-Origin-Opener-Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:154
+msgid ""
+"The backend implements the following `Cross-Origin-Opener-Policy (COOP) "
+"<https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-"
+"Opener-Policy>`_: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:160
+msgid "Cross-Origin-Resource-Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:161
+msgid ""
+"The backend implements the following `Cross-Origin-Resource-Policy (CORP)"
+" <https://developer.mozilla.org/en-US/docs/Web/HTTP/Cross-"
+"Origin_Resource_Policy>`_: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:167
+msgid "Permissions-Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:168
+msgid ""
+"The backend implements the following Permissions-Policy header "
+"configuration to limit the possible de-anonymization of the user by "
+"disabling dangerous browser features: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:174
+msgid "X-Frame-Options"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:175
+msgid ""
+"In addition to implementing Content Security Policy level 3 to prevent "
+"the application from being included in an iframe, the backend also "
+"implements the outdated X-Frame-Options header to ensure that iframes are"
+" always prevented in any circumstance, including on outdated browsers: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:181
+msgid "Referrer-Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:182
+msgid ""
+"Web browsers usually attach referrers in their HTTP headers as they "
+"browse links. The platform enforces a referrer policy to avoid this "
+"behavior. ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:188
+msgid "X-Content-Type-Options"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:189
+msgid ""
+"To avoid automatic MIME type detection by the browser when setting the "
+"Content-Type for specific output, the following header is used: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:195
+msgid "Cache-Control"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:196
+msgid ""
+"To prevent or limit forensic traces left on devices used by "
+"whistleblowers and in devices involved in communication with the "
+"platform, as specified in section ``3. Storing Responses in Caches`` of "
+"`RFC 7234 <https://tools.ietf.org/html/rfc7234>`__, the platform uses the"
+" ``Cache-Control`` HTTP header with the configuration ``no-store`` to "
+"instruct clients and possible network proxies to disable any form of data"
+" caching. ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:202
+msgid "Crawlers Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:203
+msgid ""
+"For security reasons, the backend instructs crawlers to avoid caching and"
+" indexing of the application and uses the ``robots.txt`` file to allow "
+"crawling only of the home page. Indexing the home page is considered best"
+" practice to promote the platform's existence and facilitate access for "
+"potential whistleblowers."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:205
+msgid "The implemented configuration is as follows: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:212
+msgid ""
+"The platform also instructs crawlers to avoid caching by injecting the "
+"following HTTP header: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:217
+msgid ""
+"For highly sensitive projects where the platform is intended to remain "
+"``hidden`` and communicated to potential whistleblowers directly, it can "
+"be configured to disable indexing completely."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:219
+msgid "In such cases, the following HTTP header is used: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:225
+msgid "Anchor tags and external urls"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:226
+msgid ""
+"The client opens external URLs in a new tab, independent of the "
+"application context, by setting ``rel='noreferrer'`` and "
+"``target='_blank'``` on every anchor tag. ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:232
+msgid "Input validation"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:233
+msgid ""
+"The application implements strict input validation both on the backend "
+"and on the client."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:236
+msgid "On the backend"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:237
+msgid ""
+"Each client request is strictly validated by the backend against a set of"
+" regular expressions, and only requests matching the expressions are "
+"processed."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:239
+msgid ""
+"Additionally, a set of rules is applied to each request type to limit "
+"potential attacks. For example, any request is limited to a payload of "
+"1MB."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:242
+msgid "On the client"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:243
+msgid ""
+"Each server output is strictly validated by the client at rendering time "
+"using the Angular component `ngSanitize.$sanitize "
+"<http://docs.angularjs.org/api/ngSanitize.$sanitize>`__."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:246
+msgid "Form autocomplete off"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:247
+msgid ""
+"Forms implemented by the platform use the HTML5 form attribute to "
+"instruct the browser not to cache user data for form prediction and "
+"autocomplete on subsequent submissions."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:249
+msgid ""
+"This is achieved by setting `autocomplete=\"off\" "
+"<https://www.w3.org/TR/html5/forms.html=autofilling-form-controls:-the-"
+"autocomplete-attribute>`__ on the relevant forms or attributes."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:252
+msgid "Network security"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:254
+msgid "Connection anonymity"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:255
+msgid ""
+"User anonymity is provided through the implementation of `Tor "
+"<https://www.torproject.org/>`__ technology. The application implements "
+"an ``Onion Service v3`` and advises users to use the Tor Browser when "
+"accessing it."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:258
+msgid "Connection encryption"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:259
+msgid ""
+"User connections are always encrypted, either through the `Tor Protocol "
+"<https://www.torproject.org>`__ when using the Tor Browser or via `TLS "
+"<https://en.wikipedia.org/wiki/Transport_Layer_Security>`__ when accessed"
+" through a common browser."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:261
+msgid ""
+"Using ``Tor`` is recommended over HTTPS due to its advanced resistance to"
+" selective interception and censorship, making it difficult for a third "
+"party to capture or block access to the site for specific whistleblowers "
+"or departments."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:263
+msgid ""
+"The software also facilitates easy setup of ``HTTPS``, offering both "
+"automatic setup via `Let's Encrypt <https://letsencrypt.org/>`__ and "
+"manual configuration."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:265
+msgid ""
+"TLS certificates are generated using `NIST Curve P-384 "
+"<https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf>`__."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:267
+msgid ""
+"The configuration enables only ``TLS1.2+`` and is fine-tuned and hardened"
+" to achieve `SSLLabs grade A+ "
+"<https://www.ssllabs.com/ssltest/analyze.html?d=try.globaleaks.org>`__."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:269
+msgid "In particular, only the following ciphers are enabled: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:283
+msgid "Network sandboxing"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:284
+msgid ""
+"The GlobaLeaks backend integrates `iptables "
+"<https://www.netfilter.org/>`__ by default and implements strict firewall"
+" rules that restrict incoming network connections to HTTP and HTTPS on "
+"ports 80 and 443."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:286
+msgid ""
+"Additionally, the application allows anonymizing outgoing connections, "
+"which can be configured to route through Tor."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:289
+msgid "Data encryption"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:290
+msgid ""
+"Submission data, file attachments, messages, and metadata exchanged "
+"between whistleblowers and recipients are encrypted using the GlobaLeaks "
+":doc:`EncryptionProtocol`."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:292
+msgid ""
+"GlobaLeaks also incorporates various other encryption components. The "
+"main libraries and their uses are:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:294
+msgid ""
+"`Python-NaCL <https://github.com/pyca/pynacl>`__: used for implementing "
+"data encryption"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:295
+msgid ""
+"`PyOpenSSL <https://github.com/pyca/pyopenssl>`__: used for implementing "
+"HTTPS"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:296
+msgid ""
+"`Python-Cryptography <https://cryptography.io>`__: used for implementing "
+"authentication"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:297
+msgid ""
+"`Python-GnuPG <http://pythonhosted.org/python-gnupg/index.html>`__: used "
+"for encrypting email notifications and file downloads via ```PGP```"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:300
+msgid "Application sandboxing"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:301
+msgid ""
+"The GlobaLeaks backend integrates `AppArmor <https://apparmor.net/>`__ by"
+" default and implements a strict sandboxing profile, allowing the "
+"application to access only the strictly required files. Additionally, the"
+" application runs under a dedicated user and group \"globaleaks\" with "
+"reduced privileges."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:304
+msgid "Database security"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:305
+msgid ""
+"The GlobaLeaks backend uses a hardened local SQLite database accessed via"
+" SQLAlchemy ORM."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:307
+msgid ""
+"This design choice ensures the application can fully control its "
+"configuration while implementing extensive security measures in adherence"
+" to the `security recommendations by SQLite "
+"<https://sqlite.org/security.html>`__."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:310
+msgid "Secure deletion"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:311
+msgid ""
+"The GlobaLeaks backend enables SQLite’s secure deletion capability, which"
+" automatically overwrites the database data upon each delete query: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:317
+msgid "Auto vacuum"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:318
+msgid ""
+"The platform enables SQLite’s auto vacuum capability for automatic "
+"cleanup of deleted entries and recall of unused pages: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:324
+msgid "Limited database trust"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:325
+msgid ""
+"The GlobaLeaks backend uses the SQLite `trusted_schema "
+"<https://www.sqlite.org/src/doc/latest/doc/trusted-schema.md>`__ pragma "
+"to limit trust in the database, mitigating risks of malicious corruption."
+" ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:331
+msgid "Limited database functionalities"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:332
+msgid ""
+"The GlobaLeaks backend restricts SQLite functionalities to only those "
+"necessary for running the application, reducing the potential for "
+"exploitation in case of SQL injection attacks."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:334
+msgid ""
+"This is implemented using the ```conn.set_authorizer``` API and a strict "
+"authorizer callback that authorizes only a limited set of SQL "
+"instructions: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:345
+msgid "DoS resiliency"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:346
+msgid ""
+"To mitigate denial of service attacks, GlobaLeaks applies the following "
+"measures:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:348
+msgid ""
+"Implements a proof-of-work (hashcash) on each unauthenticated request to "
+"limit automation."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:349
+msgid "Applies rate limiting on authenticated sessions."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:350
+msgid ""
+"Limits the possibility of triggering CPU-intensive routines by external "
+"users (e.g., limits on query and job execution times)."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:351
+msgid ""
+"Monitors activity to detect and respond to attacks, implementing "
+"proactive security measures to prevent DoS (e.g., slowing down fast "
+"operations)."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:354
+msgid "Proof of work on users' sessions"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:355
+msgid ""
+"The system implements an automatic `Proof of Work "
+"<https://en.wikipedia.org/wiki/Proof_of_work>`__ based on the hashcash "
+"algorithm for every user session, requiring clients to request a token "
+"and continuously solve a computational problem to acquire and renew the "
+"session."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:358
+msgid "Rate limit on users' sessions"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:359
+msgid ""
+"The system implements rate limiting on user sessions, preventing more "
+"than 5 requests per second and applying increasing delays on requests "
+"that exceed this threshold."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:362
+msgid "Rate limit on whistleblowers' reports and attachments"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:363
+msgid ""
+"The system applies rate limiting on whistleblower reports and "
+"attachments, preventing new submissions and file uploads if thresholds "
+"are exceeded."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:365
+msgid "Implemented thresholds are:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "Threshold Variable"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+#: ../../security/PenetrationTests.rst:1
+msgid "Goal"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "Default Threshold Setting"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "threshold_reports_per_hour"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "Limit the number of reports that can be filed per hour"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "20"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "threshold_reports_per_hour_per_ip"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid ""
+"Limit the number of reports that can be filed per hour by the same IP "
+"address"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "5"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "threshold_attachments_per_hour_per_ip"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid ""
+"Limit the number of attachments that can be uploaded per hour by the same"
+" IP address"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "120"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "threshold_attachments_per_hour_per_report"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "Limit the number of attachments that can be uploaded per hour on a report"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "30"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:375
+msgid ""
+"In case of necessity, threshold configurations can be adjusted using the "
+"`gl-admin` command as follows: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:381
+msgid "Other measures"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:383
+msgid "Browser history and forensic traces"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:384
+msgid ""
+"The entire application is designed to minimize or reduce the forensic "
+"traces left by whistleblowers on their devices while filing reports."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:386
+msgid ""
+"When accessed via the Tor Browser, the browser ensures that no persistent"
+" traces are left on the user's device."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:388
+msgid ""
+"To prevent or limit forensic traces in the browser history of users "
+"accessing the platform via a common browser, the application avoids "
+"changing the URI during whistleblower navigation. This prevents the "
+"browser from logging user activities and offers high plausible "
+"deniability, making the whistleblower appear as a simple visitor to the "
+"homepage and avoiding evidence of any submission."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:391
+msgid "Secure file management"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:393
+msgid "Secure file download"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:394
+msgid ""
+"Any attachment uploaded by anonymous whistleblowers might contain "
+"malware, either intentionally or not. It is highly recommended, if "
+"possible, to download files and access them on an air-gapped machine "
+"disconnected from the network and other sensitive devices. To facilitate "
+"safe file downloads and transfers using a USB stick, the application "
+"provides the option to export reports, enabling the download of a ZIP "
+"archive containing all report content. This reduces the risk of executing"
+" files during the transfer process."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:397
+msgid "Safe file opening"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:398
+msgid ""
+"For scenarios where the whistleblower's trustworthiness has been "
+"validated or in projects with a low-risk threat model, the application "
+"offers an integrated file viewer. This viewer, leveraging modern browser "
+"sandboxing capabilities, allows the safe opening of a limited set of file"
+" types considered more secure than accessing files directly through the "
+"operating system. This feature is disabled by default. Administrators "
+"should enable it only after thorough evaluation and ensure that "
+"recipients' browsers are kept up-to-date."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:400
+msgid "The supported file formats are:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:402
+msgid "AUDIO"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:403
+msgid "CSV"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:404
+msgid "IMAGE"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:405
+msgid "PDF"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:406
+msgid "VIDEO"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:407
+msgid "TXT"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:409
+#: ../../security/ApplicationSecurity.rst:419
+msgid "The default configuration has this feature disabled."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:412
+msgid "PGP encryption"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:413
+msgid "The system offers an optional PGP encryption feature."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:415
+msgid ""
+"When enabled, users can activate a personal PGP key that will be used by "
+"the system to encrypt email notifications and files on-the-fly."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:417
+msgid ""
+"This feature is recommended for high-risk threat models, especially when "
+"used in conjunction with air-gapped systems for report visualization."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:422
+msgid "Encryption of temporary files"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:423
+msgid ""
+"Files uploaded and temporarily stored on disk during the upload process "
+"are encrypted with a temporary, symmetric AES key to prevent any "
+"unencrypted data from being written to disk. Encryption is performed in "
+"streaming mode using `AES 128-bit` in `CTR mode`. Key files are stored in"
+" memory and are unique for each file being uploaded."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:426
+msgid "Secure file delete"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:427
+msgid ""
+"Every file deleted by the application is overwritten before the file "
+"space is released on disk."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:429
+msgid ""
+"The overwrite routine is executed by a periodic scheduler and follows "
+"these steps:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:431
+msgid "A first overwrite writes 0 across the entire file;"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:432
+msgid "A second overwrite writes 1 across the entire file;"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:433
+msgid "A third overwrite writes random bytes across the entire file."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:436
+msgid "Exception logging and redaction"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:437
+msgid ""
+"To quickly diagnose potential software issues when client exceptions "
+"occur, they are automatically reported to the backend. The backend "
+"temporarily caches these exceptions and sends them to the backend "
+"administrator via email."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:439
+msgid ""
+"To prevent inadvertent information leaks, logs are processed through "
+"filters that redact email addresses and UUIDs."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:442
+msgid "Entropy sources"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:443
+msgid "The primary source of entropy for the platform is `/dev/urandom`."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:446
+msgid "UUIDv4 randomness"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:447
+msgid ""
+"System resources like submissions and files are identified by UUIDv4 to "
+"make them unguessable by external users and limit potential attacks."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:450
+msgid "TLS for smtp notification"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:451
+msgid ""
+"All notifications are sent through an SMTP channel encrypted with TLS, "
+"using either SMTP/TLS or SMTPS, depending on the configuration."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:2
+msgid "Encryption protocol"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:3
+msgid ""
+"GlobaLeaks implements an encryption protocol specifically designed for "
+"anonymous whistleblowing applications."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:5
+msgid ""
+"The protocol has been developed and validated in collaboration with the "
+"`Open Technology Fund <https://www.opentech.fund/results/supported-"
+"projects/globaleaks/>`_ and represents a trade-off between security and "
+"usability. It is designed to be user-friendly for whistleblowers while "
+"providing reasonable protection against attackers attempting to breach "
+"the backend and perform brute-force decryption."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:7
+msgid ""
+"Encryption is applied to each submission, protecting answers to "
+"questionnaires, comments, attachments, and associated metadata. The "
+"encryption keys are assigned per user and per report, ensuring that only "
+"whistleblowers and their intended recipients can access the reports. This"
+" means that if users forget their passwords, they will lose access to the"
+" data in their accounts."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:9
+msgid ""
+"To enable users to recover their accounts in case they forget their "
+"passwords, the system includes a `Key Recovery`_ mechanism and provides "
+"each user with an Account Recovery Key. This measure ensures that users "
+"with their own Account Recovery Key can always restore access to their "
+"account and the data it contains."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:11
+msgid ""
+"To prevent data loss in case users lose both their password and their "
+"account recovery key, the system can be configured to use a `Key Escrow`_"
+" mechanism. This delegates the responsibility of supporting users in "
+"recovering access to their accounts to administrators. This capability "
+"enhances the project's resilience against data loss due to users' death "
+"or conflicts of interest within the recipient team. However, it also "
+"means that administrators with access to escrow keys could potentially "
+"access other users' accounts and data. Project owners should carefully "
+"decide whether to enable this feature based on the project's threat model"
+" and document their decision in the project's privacy policies."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:14
+msgid "Encryption's workflow"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:15
+msgid ""
+"Users choose a secure personal password during their first login using an"
+" account activation link."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:16
+msgid ""
+"The system creates a personal asymmetric keypair for each user and stores"
+" the private key symmetrically encrypted with a secret derived from the "
+"user's password."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:17
+msgid ""
+"Each user's private key is protected by the Key Recovery mechanism and, "
+"if enabled, by the Key Escrow mechanism."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:18
+msgid "The whistleblower files a report."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:19
+msgid "The system assigns a unique 16-digit receipt number to the whistleblower."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:20
+msgid ""
+"The system generates an asymmetric keypair for the whistleblower and "
+"stores the private key symmetrically encrypted with a secret derived from"
+" the whistleblower’s receipt number."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:21
+msgid ""
+"The system generates an asymmetric keypair for encrypting the report, "
+"attachments, comments, and associated metadata, and stores a copy of the "
+"private key encrypted for each involved user using their own public key."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:22
+msgid ""
+"The system encrypts the report, attachments, comments, and metadata with "
+"the public key generated for the report."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:23
+msgid ""
+"The system grants each involved user access to their reports and "
+"facilitates communication by automatically locking and unlocking the "
+"involved keys when a report is accessed or new communication is made."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:26
+msgid "Encryption's details"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:28
+msgid "Algorithms"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Type"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Implementation"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Asymmetric encryption"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid ""
+"`Libsodium SealedBoxes "
+"<https://pynacl.readthedocs.io/en/stable/public/#nacl.public.SealedBox>`_,"
+" which combines Curve25519, XSalsa20, and Poly1305 algorithms."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Symmetric encryption"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid ""
+"`Libsodium SecretBoxes "
+"<https://pynacl.readthedocs.io/en/stable/secret/#nacl.secret.SecretBox>`_,"
+" which combines XSalsa20 and Poly1305."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:36
+msgid "Users’ credentials"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:37
+msgid "The system uses two types of credentials depending on the user role:"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Credentials type"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "User role"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Passwords"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Used for authenticating users identified by a username"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Receipts"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "16-digit random secrets used for authenticating anonymous whistleblowers"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:45
+msgid "Assumptions:"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:47
+msgid "The system enforces strong password complexity."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:48
+msgid ""
+"The system enforces expiration of receipts according to a strict data "
+"retention policy that limits the number of concurrent active receipts."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:51
+msgid "Users’ keys"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Generation"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Storage"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "ECC Curve25519 keypair"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid ""
+"Generated by the backend during first user login for authenticated users "
+"and upon submission for whistleblowers"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid ""
+"Keys are stored on the backend encrypted using symmetric encryption. The "
+"symmetric key used for encrypting users’ keys is derived from the users’ "
+"credentials using the KDF function `Argon2ID <https://password-"
+"hashing.net/argon2-specs.pdf>`_. The parameters for Argon2ID used for KDF"
+" are stronger than those used for user authentication, with the hash "
+"stored. The parameters are selected to require 128MB of memory per login "
+"and 1 second of computation."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:58
+msgid "Data encryption's keys"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "256-bit keys"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Generated by the backend for each report"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid ""
+"Keys are stored on the backend filesystem encrypted using asymmetric "
+"encryption with Users’ and Whistleblower’s keys, respectively."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:65
+msgid "Key generation"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:66
+msgid ""
+"Users' encryption keys are automatically generated during the first login"
+" and secured using the user passphrase. This straightforward but "
+"effective key generation policy requires users to complete their first "
+"login before being able to receive reports."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:69
+msgid "Key recovery"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:70
+msgid ""
+"The system implements a key recovery mechanism using a recovery key and "
+"symmetric encryption."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:72
+msgid ""
+"When a user key is generated, the private key is symmetrically encrypted "
+"with a randomly generated recovery key."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:74
+msgid ""
+"For usability reasons, this recovery key is also securely encrypted and "
+"stored on the backend, allowing logged-in users who possess their "
+"password to retrieve and print their own account recovery key."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:77
+msgid "Key escrow"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:78
+msgid ""
+"The system offers an optional key escrow mechanism to mitigate data loss "
+"in the event of users losing their passwords."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:80
+msgid ""
+"Key escrow can be enabled during the initial application setup or in the "
+"advanced settings of the software."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:82
+msgid ""
+"We recommend enabling this option to protect whistleblowers' submissions "
+"in cases where recipients lose their passwords. However, if you want to "
+"set up a system where only recipients can access submissions, we advise "
+"against using this feature."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:84
+msgid ""
+"When enabled, the system generates and assigns an escrow key to the "
+"administrator who activated the feature. This key is then used to encrypt"
+" every system key, with a copy preserved that any administrator with the "
+"escrow key can unlock."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:86
+msgid ""
+"Administrators with access to the escrow key can assist internal users "
+"with password recovery and issue password resets. They can also grant "
+"this privilege to other administrators or disable the feature entirely."
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:3
+msgid "Security audits"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:5
+msgid ""
+"GlobaLeaks undergoes independent security audits periodically to verify "
+"and enhance the security of the system. This page lists the most "
+"significant reports available."
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:7
+msgid ""
+"We aim to have audits conducted at least every two years, thanks to "
+"funding opportunities. Each adopter is encouraged to contribute by "
+"funding a general or topic-specific audit based on their capabilities. "
+"This helps ensure that every algorithm, component, and methodology "
+"applied within the project is thoroughly verified."
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:9
+msgid ""
+"If you have conducted or are considering sponsoring a security audit, "
+"please email us at `info@globaleaks.org <mailto:info@globaleaks.org>`_. "
+"This is especially important for general software security. When "
+"requesting a company to audit the software, always remember to ask if the"
+" report can be published afterward; many auditors may not agree to "
+"publish the report later, which has often led to wasted project "
+"resources."
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:11
+msgid ""
+"If you are an independent security auditor or, during your peer review of"
+" GlobaLeaks, you discover or suspect a vulnerability, please do not file "
+"a public issue. Instead, send your report privately through our "
+"`reporting form <https://github.com/globaleaks/whistleblowing-"
+"software/security/advisories/new>`_ or via email to "
+"`security@globaleaks.org <mailto:security@globaleaks.org>`_."
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1 ../../user/admin/UserInterface.rst:135
+msgid "Date"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Auditor"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "2013"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`iSecPartners <https://www.isecpartners.com>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Architecture Audit"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`Report <https://www.globaleaks.org/docs/en/pt/2013-isec.pdf>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`Cure53 <https://cure53.de/>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Web Security Audit"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`Report <https://www.globaleaks.org/docs/en/pt/2013-cure53.pdf>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "2014"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`LeastAuthority <https://leastauthority.com/>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Source Code Audit"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`Report <https://www.globaleaks.org/docs/en/pt/2014-leastauthority.pdf>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "2018"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`SubGraph <https://subgraph.com/>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Overall Audit"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`Report <https://www.globaleaks.org/docs/en/pt/2018-subgraph.pdf>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "2019"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`RadicallyOpenSecurity <https://radicallyopensecurity.com/>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Crypto Audit, Multi-tenancy Audit, Overall Audit"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid ""
+"`Report "
+"<https://www.globaleaks.org/docs/en/pt/2019-radicallyopensecurity.pdf>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "2022"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid ""
+"Server Source Code Audit, Client Pentest, OpSec for Whistleblowers, OpSec"
+" for Server Administrators"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid ""
+"`Report "
+"<https://www.globaleaks.org/docs/en/pt/2022-radicallyopensecurity.pdf>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "2024"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`ISGroup <https://isgroup.it/>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Surface Analysis and Network Penetration Test"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`Report <https://www.globaleaks.org/docs/en/pt/2024-isgroup.pdf>`_"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:3
+msgid "Threat model"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:4
+msgid ""
+"GlobaLeaks is a free and open-source whistleblowing software designed for"
+" various usage scenarios, each requiring a balance between strong "
+"security and high usability. These two requirements are crucial for "
+"managing whistleblowing procedures effectively, protecting "
+"whistleblowers, and achieving specific project goals. Given the variety "
+"of use cases and associated risks, the software can be configured to "
+"address the specific threat model detailed here."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:6
+msgid ""
+"This document is intended for organizations implementing a whistleblowing"
+" procedure using GlobaLeaks. It supports the analysis and understanding "
+"of the specific threat model relevant to their context and risks and "
+"guides users in selecting best practices for their project."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:9
+msgid "Users matrix"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:10
+msgid ""
+"The first step is to define the types of users interacting with a "
+"GlobaLeaks platform."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "User"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Definition"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"The user who submits an anonymous report through the platform. "
+"Whistleblowers may operate under various threat models depending on the "
+"usage scenario and the nature of the information submitted."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"The user who receives and analyzes anonymous reports from Whistleblowers."
+" Recipients act in good faith and are considered trusted parties "
+"concerning the protection of Whistleblowers' confidentiality."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"Users responsible for setting up, managing, and monitoring the platform's"
+" security. Administrators may not be the same entities running or "
+"managing the whistleblowing initiatives (e.g., hosted solutions, multiple"
+" stakeholder projects). Administrators are trusted entities but do not "
+"have direct access to reports and advise Recipients on best practices."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:19
+msgid ""
+"It is crucial to apply security measures relative to the users of the "
+"platform, aiming to achieve an appropriate tradeoff between security and "
+"usability."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:22
+msgid "Anonymity matrix"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:23
+msgid ""
+"The anonymity of users must be classified depending on the context of "
+"use, as follows:"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Anonymous"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"The user accesses the platform via the Tor Browser and follows best "
+"practices to protect their identity, minimizing the risk of tracking by "
+"any system involved in the operation. The user has not disclosed their "
+"identity to Recipients."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Confidential"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"The user accesses the platform via a common browser. While third parties "
+"might log their IP address, the platform protects the content of their "
+"communication. The user may choose to disclose their identity to "
+"Recipients confidentially."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:31
+msgid ""
+"The platform always informs users of their current anonymity status and "
+"provides guidance on best practices for anonymous access via the Tor "
+"Browser. Administrators may enforce the requirement that Whistleblowers "
+"use the Tor Browser to file reports, depending on the use case."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:34
+msgid "Communication security matrix"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:35
+msgid ""
+"The security of communication concerning third-party monitoring varies "
+"based on the context of use."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Security level"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Description"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "High security"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"Tor is used, and communication is encrypted end-to-end with the "
+"GlobaLeaks platform, ensuring that no third party can eavesdrop on the "
+"communication."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Medium security"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"HTTPS is used, and communication is encrypted end-to-end with the "
+"GlobaLeaks platform. A third party capable of manipulating HTTPS security"
+" (e.g., re-issuing TLS certificates) could eavesdrop on the "
+"communication. If HTTPS security is maintained, monitoring the user's "
+"communication line or the GlobaLeaks platform's communication line is not"
+" feasible."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1 ../../security/ThreatModel.rst:44
+msgid "Identity disclosure matrix"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:45
+msgid ""
+"Regardless of the anonymity matrix, users may choose or be required to "
+"disclose their identity."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Undisclosed"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "The user's identity is not disclosed and is unlikely to be disclosed."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Optionally disclosed"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"The user's identity is not disclosed by default but may be voluntarily "
+"disclosed (e.g., an anonymous tip-off MAY receive a follow-up, whereas a "
+"formal report with disclosed identity MUST receive a follow-up)."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Disclosed"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "The user chooses or is required to disclose their identity to other users."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:54
+msgid ""
+"Identity disclosure is crucial because even in an Anonymous High security"
+" environment, disclosing one's identity may be a valuable option for "
+"specific whistleblowing workflows."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:56
+msgid ""
+"Users starting with an anonymity setting of “Anonymous” and an "
+"“Undisclosed Identity” can decide later to disclose their identity. "
+"Conversely, this cannot be undone. This consideration is key to ensuring "
+"user protection in GlobaLeaks."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:58
+msgid ""
+"Voluntary identity disclosure may be required in certain whistleblowing "
+"procedures because:"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:60
+msgid "A tip-off MAY receive a follow-up and can be anonymous;"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:61
+msgid "Formal reports MUST receive a follow-up and cannot be anonymous."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:63
+msgid ""
+"The distinction between “MAY” and “MUST” refers to the actions of "
+"recipients and is a fundamental element of the guarantees provided to "
+"whistleblowers in many initiatives (e.g., a corporate or institutional "
+"whistleblowing platform should not follow a MUST approach for anonymous "
+"submission follow-up, treating such submissions as tip-offs rather than "
+"formal reports)."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:66
+msgid "Usage scenarios matrix"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:67
+msgid ""
+"This section provides examples of how different anonymity levels for "
+"users can be combined depending on the context of use."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Use case"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Media outlet"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"A media outlet with a disclosed identity initiates a whistleblowing "
+"project. The outlet’s recipients are disclosed to Whistleblowers, "
+"allowing them to trust a specific journalist rather than the outlet "
+"itself. Full anonymity must be assured to whistleblowers, and their "
+"identity cannot be disclosed in connection with anonymous submissions. "
+"Whistleblowers MAY choose to disclose their identity if they trust the "
+"journalist's source-protection record."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Corporate compliance"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"A corporation implements transparency or anti-bribery law compliance by "
+"promoting initiatives to employees, consultants, and providers. "
+"Recipients are part of a company division (e.g., Internal Audit office). "
+"Whistleblowers are guaranteed full anonymity but may optionally disclose "
+"their identity."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Human Rights Activism Initiative"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"A human rights group initiates a whistleblowing project to expose "
+"violations in a dangerous area. The organization requires anonymity to "
+"avoid retaliation and operates under a pseudonym. Recipients MUST not be "
+"disclosed to Whistleblowers, but partial disclosure by pseudonym is "
+"acceptable to establish trust. The Whistleblower MUST be guaranteed "
+"anonymity and their identity cannot be disclosed."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Citizen media initiative"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"A citizen media initiative with a public identity seeks reports on "
+"specific topics (e.g., political, environmental malpractice, corruption) "
+"in a medium-low risk operational context. Recipients may use pseudonyms "
+"or remain public to avoid complete exposure. Whistleblowers, if the topic"
+" is not life-threatening, may submit reports confidentially to lower the "
+"entry barrier."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:77
+msgid ""
+"The following matrix illustrates how different usage scenarios can "
+"require various anonymity levels, communication security requirements, "
+"and identity disclosures for different users."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:79
+msgid ""
+"GlobaLeaks will provide appropriate security awareness information "
+"through its user interface and enforce specific requirements based on "
+"clear configuration guidelines."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Scenario"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Anonymity level"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Identity disclosure"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Communication security"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "No anonymity"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Admin"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Partially disclosed"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:98
+msgid "Data security matrix"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:99
+msgid ""
+"This section highlights the data handled by GlobaLeaks and the protection"
+" schemes applied to it."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:101
+msgid "The following information types are involved in GlobaLeaks:"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Information type"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Questionnaire answers"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"Data associated with a submission, including the filled forms and options"
+" selected by the Whistleblower."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Submission attachments"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Files associated with a submission."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Platform configuration"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Data for configuring and customizing the platform."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Software files"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"All files required for the software to function, including default "
+"configurations."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Email notifications"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Data sent to notify recipients of new reports via email."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:112
+msgid "Below is a matrix showing the different security measures applied to data."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Encryption"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Filters"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Sanitization"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Encrypted in the database with per-user/per-submission keys"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Keyword filters"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Antispam, Anti-XSS"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Encrypted on the filesystem with per-user/per-submission keys"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Extension blocking, Antivirus"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "N/A"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Encrypted with PGP when recipient keys are available"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Antispam to prevent flooding"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:122
+msgid "Threats to anonymity and confidentiality"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:123
+msgid ""
+"This section highlights various threats that require specific "
+"consideration."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:126
+msgid "Browser history and cache"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:127
+msgid ""
+"GlobaLeaks uses crafted HTTP headers and other techniques to minimize "
+"leaking information into a user’s browser history or cache. While this "
+"privacy feature enhances safety, it cannot guarantee protection against "
+"forensic analysis of browser cache and history but serves as an "
+"additional safety measure."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:130
+msgid "Metadata"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:131
+msgid ""
+"Files may contain metadata related to the author or whistleblower. "
+"Cleaning metadata from submitted files helps protect an \"unaware\" "
+"whistleblower from inadvertently including information that may "
+"compromise their anonymity. GlobaLeaks does not automatically clean "
+"metadata by default, as metadata is considered a fundamental part of the "
+"original evidence that should be preserved. Metadata cleanup is an "
+"optional step that may be suggested to Whistleblowers or performed by "
+"Recipients when sharing documents with others. When sharing files with "
+"external parties, Recipients are advised to print the document and "
+"provide a hard copy to ensure that only visible information is shared, "
+"avoiding the risk of sharing sensitive metadata. For more on metadata and"
+" redacting digital files, see the article `Everything you wanted to know "
+"about media metadata, but were afraid to ask "
+"<https://freedom.press/training/everything-you-wanted-know-about-media-"
+"metadata-were-afraid-ask/>`_ by Harlo Holmes. A useful tool for these "
+"procedures is the `Metadata Anonymization Toolkit "
+"<https://0xacab.org/jvoisin/mat2>`_."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:134
+msgid "Malware and trojans"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:135
+msgid ""
+"GlobaLeaks cannot prevent an attacker from using the platform maliciously"
+" to target recipients with malware or trojans. To mitigate risks of data "
+"exfiltration through trojans, Recipients should implement proper "
+"operational security by using dedicated laptops for report viewing and "
+"opening file attachments on offline computers. Wherever possible, they "
+"should use specialized secure operating systems like `QubesOS "
+"<https://www.qubes-os.org/>`_ or `Tails <https://tails.boum.org/>`_ and "
+"ensure up-to-date antivirus software is running."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:138
+msgid "Network and reverse proxies"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:139
+msgid ""
+"GlobaLeaks is designed for use with direct Tor or TLS connections from "
+"the user’s browser to the application backend. The use of Network and "
+"Reverse Proxies in front of the application is discouraged as they can "
+"interfere with the application and compromise confidentiality and "
+"anonymity measures implemented in GlobaLeaks."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:142
+msgid "Data stored outside the platform"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:143
+msgid ""
+"GlobaLeaks does not provide security for data stored outside the "
+"GlobaLeaks system. It is the responsibility of Recipients to protect data"
+" downloaded from the platform or shared via external USB drives. The "
+"operating system used or the USB drive should offer encryption to ensure "
+"that, in case of device loss or theft, the data remains inaccessible."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:146
+msgid "Environmental factors"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:147
+msgid ""
+"GlobaLeaks does not protect against environmental factors related to "
+"users' physical locations or social relationships. For example, if a user"
+" has a surveillance device in their home, GlobaLeaks cannot provide "
+"protection. Similarly, if a whistleblower, who is supposed to be "
+"anonymous, shares their story with friends or coworkers, GlobaLeaks "
+"cannot offer protection."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:150
+msgid "Incorrect data retention policies"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:151
+msgid ""
+"GlobaLeaks implements a strict default data retention policy of 90 days "
+"to allow users to manage reports within a limited time frame necessary "
+"for investigations. If the platform is configured to retain reports for "
+"an extended period and Recipients do not manually delete unnecessary "
+"reports, the value of the data increases, along with the risk of "
+"exposure."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:154
+msgid "Human negligence"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:155
+msgid ""
+"While GlobaLeaks provides Administrators with the ability to fine-tune "
+"security configurations and continuously informs users about their "
+"security context, it cannot protect against major security threats "
+"resulting from human negligence. For instance, if a Whistleblower submits"
+" data that can identify them as the unique owner or recent viewer, "
+"GlobaLeaks cannot protect their identity."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:158
+msgid "Advanced traffic analysis"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:159
+msgid ""
+"An attacker monitoring HTTPS traffic, without the ability to decrypt it, "
+"can still identify user roles based on different network traffic patterns"
+" generated by Whistleblowers, Recipients, and Administrators. GlobaLeaks "
+"does not offer protection against this type of threat. We recommend using"
+" `Tor pluggable transports <https://2019.www.torproject.org/docs"
+"/pluggable-transports.html.en>`_ or other methods that provide additional"
+" protection against such attacks."
+msgstr ""
+
+#: ../../security/index.rst:2
+msgid "Security"
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:2
+msgid "Installation guide"
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:3
+msgid "The following guide will help you through the installation of GlobaLeaks."
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:5
+msgid ""
+"Before starting the installation, ensure that your system meets the "
+":doc:`Requirements </gettingstarted/Requirements>`."
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:8
+msgid ""
+"GlobaLeaks is designed to provide optimal technical anonymity for "
+"whistleblowers. Additionally, the software can be configured to protect "
+"the identity of the platform administrator and the server's location, but"
+" this requires advanced setup procedures not covered in this simplified "
+"installation guide. By executing the commands below, your IP address and "
+"system location could be tracked by network providers, and our systems "
+"will receive the same information to facilitate software provisioning."
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:12
+msgid "**Install GlobaLeaks**"
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:14
+msgid "To install GlobaLeaks, run the following commands:"
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:22
+msgid ""
+"You may also install GlobaLeaks using Docker. Check out the `docker` "
+"directory in our GitHub repository for instructions."
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:24
+msgid ""
+"After installation, follow the instructions provided to guide you through"
+" accessing the :doc:`Platform wizard </setup/PlatformWizard>`."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:2
+msgid "Platform wizard"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:3
+msgid "After installing GlobaLeaks, you can proceed with the platform wizard."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:5
+msgid ""
+"Open a browser at port 443 or port 8443 on your remote or local IP, "
+"respectively."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:7
+msgid ""
+"We recommend performing the wizard either using the Tor address provided "
+"at the end of the setup or on localhost via a VPN."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:10
+msgid "Choose the primary language for your site"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:11
+msgid ""
+"On the first page of the wizard, you will be prompted to select the "
+"language for your site. The default choice is English, but many other "
+"languages are available, with more expected in the future."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:16
+msgid "Choose a name for your project"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:17
+msgid "In the second section of the wizard, configure the name of your project."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:22
+msgid "Configure the account for the administrator of your whistleblowing site"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:23
+msgid ""
+"In the third section of the wizard, configure the account details for the"
+" administrator of your project."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:25
+msgid ""
+"Be sure to choose a strong password to protect this sensitive account; an"
+" indication of the strength of the chosen password is provided to guide "
+"you."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:30
+msgid "Configure the account for the first recipient of reports"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:31
+msgid ""
+"In the fourth section of the wizard, configure the account details for "
+"the first recipient of reports sent to your project."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:36
+msgid "Read and accept the license"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:37
+msgid ""
+"In the fifth section of the wizard, you will be prompted to read and "
+"accept the GlobaLeaks License."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:42
+msgid "Complete the wizard"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:43
+msgid "The sixth section of the wizard confirms the completion of the setup."
+msgstr ""
+
+#: ../../user/Admin.rst:2
+msgid "For administrators"
+msgstr ""
+
+#: ../../user/Common.rst:2
+msgid "Common to all users"
+msgstr ""
+
+#: ../../user/Common.rst:4
+msgid "Login"
+msgstr ""
+
+#: ../../user/Common.rst:5
+msgid "Users could login by accessing the ``/#/login`` page."
+msgstr ""
+
+#: ../../user/Common.rst:10
+msgid "Access the user preferences"
+msgstr ""
+
+#: ../../user/Common.rst:11
+msgid ""
+"After login Users could access their preferences by clicking the "
+"``Preferences`` link present in the login status bar."
+msgstr ""
+
+#: ../../user/Common.rst:16
+msgid "Change your password"
+msgstr ""
+
+#: ../../user/Common.rst:17
+msgid ""
+"Users could change their own password by accessing the ``Password`` tab "
+"present in the ``Preferences`` page."
+msgstr ""
+
+#: ../../user/Common.rst:22
+msgid "Reset your password"
+msgstr ""
+
+#: ../../user/Common.rst:23
+msgid ""
+"Users could requests a password reset via the ``/#/login`` page by "
+"clicking the ``Forgot password?`` button."
+msgstr ""
+
+#: ../../user/Common.rst:25
+msgid ""
+"After clicking the button users are requested to type their own username "
+"or email address."
+msgstr ""
+
+#: ../../user/Common.rst:34
+msgid "Enable two-factor-authentication (2fa)"
+msgstr ""
+
+#: ../../user/Common.rst:35
+msgid ""
+"Users could enable Two-Factor-Authentication by clicking the ``Enable two"
+" factor authentication`` option inside the ``Preferences`` page."
+msgstr ""
+
+#: ../../user/Common.rst:37
+msgid ""
+"To enable the feature the user requires to have a phone with installed a "
+"common ``Authenticator APP`` implementing the TOTP standard as by `RFC "
+"6238 <https://tools.ietf.org/html/rfc6238>`_"
+msgstr ""
+
+#: ../../user/Common.rst:42
+msgid "Access and save your account recovery key"
+msgstr ""
+
+#: ../../user/Common.rst:43
+msgid ""
+"Users could access their own Account Recovery key by clicking the "
+"``Account Recovery Key`` button present in the ``Preferences`` page."
+msgstr ""
+
+#: ../../user/Common.rst:45
+msgid ""
+"This is a fundamental step that any user should do at their first login "
+"after activating their own account in order to backup their own account "
+"recovery key and get sure to not incur in data loss due to password loss."
+msgstr ""
+
+#: ../../user/Recipient.rst:2
+msgid "For recipients"
+msgstr ""
+
+#: ../../user/Recipient.rst:5
+msgid "Access the list of the existing reports"
+msgstr ""
+
+#: ../../user/Recipient.rst:6
+msgid ""
+"The lists of the existing reports can be accessed via the link "
+"``Reports`` on the sidebar of the Recipient's Homepage."
+msgstr ""
+
+#: ../../user/Recipient.rst:13
+msgid "Access a report"
+msgstr ""
+
+#: ../../user/Recipient.rst:14
+msgid "A report can be accessed in two ways:"
+msgstr ""
+
+#: ../../user/Recipient.rst:16
+msgid "By clicking on it like on a mailbox system from the ``Reports`` page"
+msgstr ""
+
+#: ../../user/Recipient.rst:17
+msgid ""
+"By clicking on the link received on a mail notification and entering own "
+"credentials"
+msgstr ""
+
+#: ../../user/Whistleblower.rst:2
+msgid "For whistleblowers"
+msgstr ""
+
+#: ../../user/Whistleblower.rst:5
+msgid "File a new report"
+msgstr ""
+
+#: ../../user/Whistleblower.rst:6
+msgid ""
+"A new report can be filed by accessing the homepage of the platform and "
+"clicking the ``File a report`` button."
+msgstr ""
+
+#: ../../user/Whistleblower.rst:12
+msgid ""
+"After filing a new report the systems provides to the user a 16-digit "
+"receipt."
+msgstr ""
+
+#: ../../user/Whistleblower.rst:17
+msgid "Access an existing report"
+msgstr ""
+
+#: ../../user/Whistleblower.rst:18
+msgid ""
+"An existing report can be accessed by entering the 16-digit receipt "
+"obtained at the end of the submission on the login interface present on "
+"the home page of the platform."
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:2
+msgid "Backup and restore"
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:4
+msgid "To perform a manual backup, you can use the following bash script:"
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:21
+msgid ""
+"After running the script, you will find a `tar.gz` archive in "
+"`/var/globaleaks/backups`. The file will be named in the format: "
+"`globaleaks-$version-$timestamp.tar.gz`."
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:23
+msgid ""
+"GlobaLeaks automatically performs a backup during each platform update. "
+"These backups are retained under a data retention policy and are deleted "
+"15 days after the update."
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:25
+msgid "To restore an existing backup:"
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:27
+msgid ""
+"Ensure that GlobaLeaks is not running; you can stop it using: `service "
+"globaleaks stop`."
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:28
+msgid ""
+"Identify the version of GlobaLeaks required for the restoration, which is"
+" indicated in the backup filename."
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:29
+msgid ""
+"Extract the contents of the archive to `/var/globaleaks` using: `tar "
+"-zxvf backup.tar.gz`."
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:30
+msgid ""
+"Install the required version of GlobaLeaks with: `apt-get install "
+"globaleaks=<version>` (e.g., `globaleaks=3`)."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:2
+msgid "Common configurations"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:4
+msgid "Configure the logo"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:5
+msgid ""
+"The first thing you want to give to your whistleblowing site is a "
+"branding identity; this could be done by loading a logo in section Site "
+"settings / Main configuration."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:9
+msgid ""
+"Scroll down along the page to reach the \"Save\" button, click on it and "
+"have your logo and favicon applied."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:12
+msgid "Enable languages"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:13
+msgid "You may want your GlobaLeaks installation served on more than one language"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:15
+msgid ""
+"To do so, in the section \"Site settings / Languages\" select the "
+"languages you would like and add them."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:17
+msgid ""
+"Note that in the same interface you can mark the default application "
+"language."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:22
+msgid "Configure notification settings"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:23
+msgid ""
+"GlobaLeaks sends out notifications of different events to different "
+"receivers and to admins. In order to have this working, you have to "
+"select  \"Notification Settings\" in the \"Administration Interface - "
+"General Settings\" page and set up email account and related server "
+"parameters."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:25
+msgid ""
+"We suggest you to setup an email account dedicated to sending out "
+"notifications from your initiative."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:29
+msgid "Enter the followings:"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:31
+msgid ""
+"SMTP name: the name of your GlobaLeaks project or something that equally "
+"descriptive"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:32
+msgid "SMTP email address: the email address used to send notifications"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:33
+msgid ""
+"Username: the username corresponding to the just inserted \"SMTP email "
+"address\"; this is needed to authenticate to the SMTP server and send "
+"emails"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:34
+msgid "Password: Password of the above corresponding \"SMTP email address\""
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:35
+msgid ""
+"SMTP Server Address: it is the hostname of the SMTP server you are using "
+"to send notification emails"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:36
+msgid ""
+"SMTP Server Port: Port used to send outgoing emails. It is usually 465 or"
+" 587 (SMTP with TLS is at TCP port 587; SMTP with SSL is at 465)"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:37
+msgid ""
+"Transport Security: from the drop down menu select the opportune security"
+" level"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:39
+msgid ""
+"It is better to leave untouched the pre-defined settings pertaining the "
+"notification to admins and to recipients, but in the case you want to "
+"disable them, it is possible to check the corresponding checkboxes."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:41
+msgid ""
+"You can then set the value for the time at which the notification alert "
+"of expiring report; this value is set at 72hours to give time to the "
+"recipient(s) to check and manage the pending submissions."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:43
+msgid ""
+"It is possible to tweak the maximum number of emails allowed in an hour, "
+"before email wil be suspended in order to avoid flooding the system. It "
+"is advised to keep the pre-defined value, and eventually change it "
+"accordingly with mail server capabilities."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:45
+msgid ""
+"Once configured all the parameters for notifications, it is possible to "
+"test them by just clicking on the \"Test the configuration\" button."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:47
+msgid ""
+"If all is working as expected, click on the \"Save\" button to keep the "
+"configured parameters."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:50
+msgid "Configure recipients"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:51
+msgid ""
+"The Recipient is the person that will receive and process the data that "
+"whistleblowers input in the platform. You can have one or multiple "
+"Recipients per Context, and also have one Recipient that can access to "
+"multiple Contexts. The platform is very flexible on this and allows you "
+"to define in very detail your whistleblowing system and procedure."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:55
+msgid "Customize the graphic layout"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:57
+msgid "Example 1: Custom Background"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:58
+msgid ""
+"This CSS example shows how to customize the Background Color of the "
+"application."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:68
+msgid "Example 2: Custom Font"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:69
+msgid "This CSS example shows how to customize the font of the application."
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:2
+msgid "Troubleshooting"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:5
+msgid "Issues and bug reporting"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:7
+msgid "If you encounter any issues and are unable to run GlobaLeaks:"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:9
+msgid "Ensure you strictly follow the Installation Guide."
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:10
+msgid ""
+"Verify that you meet the Technical Requirements for hardware and "
+"operating system version."
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:11
+msgid ""
+"Search the support forum to see if a user has already encountered your "
+"issue: `GlobaLeaks Discussions "
+"<https://github.com/orgs/globaleaks/discussions>`_"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:12
+msgid ""
+"Report the issue on the official software issue tracker: `GlobaLeaks "
+"Issues <https://github.com/globaleaks/globaleaks-whistleblowing-software/issues>`_"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:15
+msgid "Useful debugging commands"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:17
+msgid ""
+"Depending on your setup, here are some common checks to determine if "
+"GlobaLeaks is working:"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:19
+msgid "Is the service running?"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:25
+msgid "Is the service responding on the loopback interface?"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:31
+msgid "Is the service listening on external interfaces?"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:37
+msgid "Are exceptions being generated?"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:45
+msgid "Log files"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:46
+msgid ""
+"Here are some useful logs and their corresponding files when GlobaLeaks "
+"is installed:"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:48
+msgid "**GlobaLeaks process:**"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:55
+msgid ""
+"The verbosity of the logs is configurable via the web interface of the "
+"software under Advanced Settings."
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:2
+msgid "Upgrade guide"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:4
+msgid "Regular update"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:5
+msgid ""
+"To safely upgrade a GlobaLeaks installation please proceed with a backup "
+"of your setup by following the :doc:`Backup and restore "
+"</user/admin/BackupAndRestore>` guide."
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:7
+msgid ""
+"This is necessary so that if something goes wrong and you need to "
+"rollback, you will be able to just uninstall the current package, then "
+"install the same version of globaleaks that was previously installed and "
+"working."
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:9
+msgid "In order to update GlobaLeaks perform the following commands:"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:16
+msgid "Upgrade of the distribution version"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:17
+msgid ""
+"For security and stability reasons it is recommended to not perform a "
+"distribution upgrade."
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:19
+msgid ""
+"GlobaLeaks could be instead easily migrated to a new up-to-date Debian "
+"system with the following recommended instructions:"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:21
+msgid "create an archive backup of /var/globaleaks"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:22
+msgid "instantiate the lates Debian available"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:23
+msgid "log on the new server and extract the backup in /var/globaleaks"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:24
+msgid ""
+"follow the :doc:`Installation Guide </setup/InstallationGuide>`; "
+"GlobaLeaks while installing will recognize the presence of an existing "
+"data directory and will use it"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:27
+msgid "In case of errors"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:28
+msgid ""
+"The above commands should allow you to perform regularly updates. On some"
+" conditions due to special updates it could be possible that those "
+"commands result in a failure. Consult this page for knowning specific "
+"FAQs on precise failures."
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:30
+msgid ""
+"In case you do not find any specific documented solution for your "
+"failure, you could run the GlobaLeaks install script. The installation "
+"script in fact is designed to allow the update of GlobaLeaks and it "
+"includes fixes for the most common issue."
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:33
+msgid ""
+"To run the install script for updating globaleaks perform the following "
+"commands:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:2
+msgid "User interface"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:3
+msgid ""
+"This section offers you a summary of the user interface offered to Admin "
+"users."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:7
+msgid "Through the menu you could access the following administrative sections:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:9 ../../user/admin/UserInterface.rst:28
+#: ../../user/admin/UserInterface.rst:33 ../../user/admin/UserInterface.rst:44
+msgid "Settings"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:11 ../../user/admin/UserInterface.rst:77
+msgid "Users"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:13 ../../user/admin/UserInterface.rst:99
+msgid "Questionnaires"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:15 ../../user/admin/UserInterface.rst:158
+msgid "Channels"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:17 ../../user/admin/UserInterface.rst:185
+msgid "Case management"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:21 ../../user/admin/UserInterface.rst:228
+msgid "Network"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:23 ../../user/admin/UserInterface.rst:279
+msgid "Sites"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:25 ../../user/admin/UserInterface.rst:309
+msgid "Audit log"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:29
+msgid ""
+"This is the section that offers you all the main customization "
+"possibilities necessary for implementing a basic and functional "
+"whistleblowing site."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:31
+msgid "This section is furtherly divided in:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:35 ../../user/admin/UserInterface.rst:50
+msgid "Files"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:37 ../../user/admin/UserInterface.rst:56
+msgid "Languages"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:39
+msgid "Text customization"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:41
+msgid "Advanced settings"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:45
+msgid ""
+"In this section is configurable the logo and all the texts of the main "
+"user interfaces."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:51
+msgid ""
+"In this section could be loaded CSS and Javascript and other files "
+"necessary to customize the interface."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:57
+msgid ""
+"In this section you could enable all the languages required by your "
+"project and configure the default language."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:60
+msgid ""
+"Thanks to the `Localization Lab <https://www.localizationlab.org/>`_ and "
+"our great volunteer community, the software is already available and "
+"continuously made available in a lot of languages. This aspect of "
+"internationalization is crucial in many projects. In case you are "
+"starting a project and the required languages are not available we "
+"strongly invite you to register on our `web translation platform "
+"<https://www.transifex.com/otf/globaleaks/>`_ offered by `Transifex "
+"<https://www.transifex.com/otf/globaleaks/>`_ and support yourself the "
+"translation. Internationalization and Localization is in fact are crucial"
+" for the success of a whistleblowing project. Thank you!"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:65
+msgid "Text Customization"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:66
+msgid ""
+"Here could be configured overrides for any of the texts of the platform "
+"and of their translation."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:71
+msgid "Advanced Settings"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:72
+msgid "In this section could be configured a set of advanced settings."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:78
+msgid ""
+"This sections is where users could be created and managed. The system "
+"with the basic configuration completed with the initial Platform wizard "
+"is configured with an Administrator and a Recipient."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:81
+msgid ""
+"Depending on your project needs here you could create users with "
+"different roles and manage their respective privileges."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:86
+msgid "User Roles"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:87
+msgid ""
+"The software offers the possibility to create users with the following "
+"roles:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:89
+msgid "Administrators"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:91
+msgid "Recipients"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:94
+msgid "User Options"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:100
+msgid ""
+"The softare implements a standard default questionnaire that is proposed "
+"as a good base for a generic whistleblowing procedure. This questinnaire "
+"is the current result of the research performed by the project team with "
+"the organizations that have adopted the solution and expecially with "
+"anticorruption and investigative journalism NGOs."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:102
+msgid ""
+"As every organization has different needs, risks and goals globaleaks has"
+" been designed considering to implement an advanced questionnaire builder"
+" offering the possibility to design custom questionnaires."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:104
+msgid ""
+"The following sections present the questionnaire builder and its "
+"capabilities."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:108
+msgid ""
+"Depending on your project needs you may evaluate defining some questions "
+"once as Question Templates and reuse the same question in multiple "
+"questionnaires."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:113
+msgid "Steps"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:114
+msgid ""
+"The software enables to organize questionnaire in one or multiple steps. "
+"For example the default questionnaire is organized with a single step "
+"including all the questions."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:118
+msgid "Questions Types"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:119
+msgid "The software enables you to create questions of the following types:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:121
+msgid "Single-line text input"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:123
+msgid "Multi-line text input"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:125
+msgid "Selection box"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:127
+msgid "Multiple choice input"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:129
+msgid "Checkbox"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:131
+msgid "Attachment"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:133
+msgid "Terms of service"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:137
+msgid "Date range"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:139
+msgid "Voice"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:141
+msgid "Question group"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:144
+msgid "Common Question Properties"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:145
+msgid ""
+"Each of the software question types make it possible to configure the "
+"following properties:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:147
+msgid "Question: The text of the question"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:149
+msgid ""
+"Hint: A hint that will be shown via an popover an a question mark near "
+"the question."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:151
+msgid "Description: A description text that will be shown below the question"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:153
+msgid "Required: Set this field if you want this question to be mandatory"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:155
+msgid ""
+"Preview: Set this field if you want the answers to this question to "
+"appear in the preview section of the list"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:159
+msgid ""
+"This section is where whistleblowing channels could be created and "
+"managed."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:161
+msgid ""
+"A whistleblowing channel is typically defined by the following main "
+"characteristics"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:163
+msgid ""
+"Name: the name of the channel Image: an image to identify the channel "
+"Description: a description of the channel Recipients: the set of "
+"recipients that will receive reports sent to this channel Questionnaire: "
+"the questionnaire that will be proposed to whistleblowers selecting this "
+"channel Submission expiration: the data retention policy for the channel"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:170
+msgid ""
+"The system with the basic configuration completed with the initial "
+"platform wizard is configured with a single Channel called Default, on "
+"which is associated a recipient and the default questionnaire."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:172
+msgid ""
+"Depending on your project needs here you could create additional Channels"
+" and configure their respective properties."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:177
+msgid "Data Retention Policy"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:178
+msgid ""
+"The software enables to configure a data retention policy for each "
+"channel. This is a fundamental property of the whistleblowing channel "
+"that makes it possible to configure automatic secure deletion of reports "
+"after a certain period of time. This setting should be configured in "
+"relation to the risk of the channel in order to limit unneeded exposure "
+"of the reports received therein."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:182
+msgid "By default a channel is configured with a report expiration of 90 days."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:186
+msgid ""
+"This section is intended to host all the main case management feature "
+"that will be offered by the software. Currently it hosts the possibility "
+"to define reports statuses and sub-statuses intended to be used by "
+"Recipients while working on the reports."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:194
+msgid "By default the system includes the following report statuses:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:190
+msgid "New"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:192
+msgid "Open"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:194
+msgid "Closed"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:196
+msgid ""
+"Within this section you may add additional Statuses between the State "
+"Open and Closed and you can furtherly define Sub-statuses for the Closed "
+"status (e.g. Archived / Spam)"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:202
+msgid ""
+"This is the section where are configured all the aspects related to the "
+"mail notifications sent by the software."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:207
+#: ../../user/admin/UserInterface.rst:238
+msgid "The section is furtherly divided in:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:205
+#: ../../user/admin/UserInterface.rst:210
+msgid "Notification Settings"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:207
+#: ../../user/admin/UserInterface.rst:219
+msgid "Notification Templates"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:211
+msgid "Here are configured the technical details about SMTP."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:214
+msgid ""
+"By default GlobaLeaks comes with a working configuration that is based on"
+" systems offered by the GlobaLeaks developers to the community of users "
+"and testers; even though this configuration is designed by their owners "
+"with special care in relation to security and privacy you are invited to "
+"consider using alternative systems for your production environment."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:220
+msgid "In this section are configured the notification templates."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:222
+msgid ""
+"By default globaleaks includes text and translations for each of the "
+"templates that are provided to be fully functional and studied with "
+"particular care in relation to security and privacy. Depending on your "
+"project needs you may override the default text with your customized "
+"texts."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:229
+msgid "In this section are configured the network settings."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:232
+#: ../../user/admin/UserInterface.rst:241
+msgid "HTTPS"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:234
+#: ../../user/admin/UserInterface.rst:255
+msgid "Tor"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:236
+msgid "IP Access control"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:238
+#: ../../user/admin/UserInterface.rst:273
+msgid "URL Redirects"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:242
+msgid ""
+"Here you can configure all the aspects related to the access of the "
+"platform via the HTTPS Protocol."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:246
+msgid "In particular here are configured:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:248
+msgid "The domain name used by your project"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:250
+msgid "The HTTPS key and certificates"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:252
+msgid ""
+"To ease the deployment and the maintenance and reduce the costs of your "
+"project, consider using the software includes support for the Let’s "
+"Encrypt HTTPS certificates."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:256
+msgid ""
+"Here you can configure all the aspects related to the access of the "
+"platform via the Tor Protocol."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:261
+msgid "IP Access Control"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:262
+msgid "Here you can configure IP based Access Control."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:266
+msgid "Suggested configurations are:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:268
+msgid "Prevent Whistleblowers to report from within their respective work space."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:270
+msgid "Restrict Recipients access to their intranet."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:274
+msgid "Here you can configure URL Redirects."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:280
+msgid ""
+"The site section enables organization to create and manage multiple "
+"secondary whistleblowing sites."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:283
+msgid "Sites Management"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:284
+msgid ""
+"Secondary whistleblowing platforms with independent configurations can be"
+" manually created and managed through the Sites interface."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:286
+msgid ""
+"Organizations have typically need for creating a secondary site when "
+"dealing with subsidiaries or third party clients."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:290
+msgid ""
+"After creating a secondary site an administrators of the main site could "
+"simply enter on that system by clicking a \"Configure\" button."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:292
+msgid ""
+"After clicking on the button the administrator will be logged in on the "
+"the administrative panel of the site."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:295
+msgid "Signup Module"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:296
+msgid ""
+"The software features a signup module that can be enabled and used to "
+"offers others users the possibility to register their secondary site."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:298
+msgid ""
+"Organizations have typically need for a signup module when offering the "
+"platform to other subsidiaries or third party clients where they want "
+"users to have the possibility to self subscribe."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:300
+msgid "The signup feature can be anabled in the Options tab of the Sites section."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:304
+msgid ""
+"When the signup module is enabled the submission module of the main site "
+"is automatically disabled and the home page will be featuring the "
+"following signup form:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:310
+msgid ""
+"The software features a privacy precerving audit log enabling "
+"administrators of the system to supervise on projects operations."
+msgstr ""
+
+#: ../../user/index.rst:2
+msgid "User documentation"
+msgstr ""
+
diff --git a/documentation/locale/de/LC_MESSAGES/sphinx.mo b/documentation/locale/de/LC_MESSAGES/sphinx.mo
new file mode 100644
index 0000000000..abefb90ac1
Binary files /dev/null and b/documentation/locale/de/LC_MESSAGES/sphinx.mo differ
diff --git a/documentation/locale/de/LC_MESSAGES/sphinx.po b/documentation/locale/de/LC_MESSAGES/sphinx.po
new file mode 100644
index 0000000000..a5dd3e3822
--- /dev/null
+++ b/documentation/locale/de/LC_MESSAGES/sphinx.po
@@ -0,0 +1,4671 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) 2011-2024 - GlobaLeaks
+# This file is distributed under the same license as the GlobaLeaks package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2024.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: GlobaLeaks 5.0.15\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2024-10-14 19:43+0200\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language: de\n"
+"Language-Team: de <LL@li.org>\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Generated-By: Babel 2.16.0\n"
+
+#: ../../developer/ContinuousIntegration.rst:3
+msgid "Continuous integration"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:4
+msgid ""
+"The GlobaLeaks codebase is continuously tested for bug within a complete "
+"continuous integration lifecycle implemented."
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:6
+msgid "Testes are performed at every commit by:"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:8
+msgid ""
+"performing continous integration testing with `GitHub Actions "
+"<https://github.com/globaleaks/globaleaks-whistleblowing-software/actions>`_;"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:9
+msgid ""
+"tracking tests coverage and code quality with `Codacy "
+"<https://app.codacy.com/manual/GlobaLeaks/GlobaLeaks>`_."
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:12
+msgid "Unit tests"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:13
+msgid "Unit tests are implemented by means of python-twisted and trial"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:15
+#: ../../developer/ContinuousIntegration.rst:26
+msgid "Tests can be run manually by issuing:"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:23
+msgid "E2E tests"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:24
+msgid "End to end tests are implemented by means of Cypress."
+msgstr ""
+
+#: ../../developer/DatabaseSchema.rst:2
+msgid "Database schema"
+msgstr ""
+
+#: ../../developer/Environment.rst:3
+msgid "Development environment"
+msgstr ""
+
+#: ../../developer/Environment.rst:4
+msgid ""
+"This guide describes how to set up an environment in order to contribute "
+"to the development of GlobaLeaks."
+msgstr ""
+
+#: ../../developer/Environment.rst:7 ../../gettingstarted/Requirements.rst:2
+msgid "Requirements"
+msgstr ""
+
+#: ../../developer/Environment.rst:8
+msgid ""
+"The guide assumes you run a Debian based system and that the following "
+"software is installed on your system:"
+msgstr ""
+
+#: ../../developer/Environment.rst:10
+msgid "debhelper"
+msgstr ""
+
+#: ../../developer/Environment.rst:11
+msgid "devscripts"
+msgstr ""
+
+#: ../../developer/Environment.rst:12
+msgid "dh-apparmor"
+msgstr ""
+
+#: ../../developer/Environment.rst:13
+msgid "dh-python"
+msgstr ""
+
+#: ../../developer/Environment.rst:14
+msgid "git"
+msgstr ""
+
+#: ../../developer/Environment.rst:15
+msgid "grunt-cli"
+msgstr ""
+
+#: ../../developer/Environment.rst:16
+msgid "node"
+msgstr ""
+
+#: ../../developer/Environment.rst:17
+msgid "npm"
+msgstr ""
+
+#: ../../developer/Environment.rst:18
+msgid "python3"
+msgstr ""
+
+#: ../../developer/Environment.rst:19
+msgid "python3-dev"
+msgstr ""
+
+#: ../../developer/Environment.rst:20
+msgid "python3-pip"
+msgstr ""
+
+#: ../../developer/Environment.rst:21
+msgid "python3-setuptools"
+msgstr ""
+
+#: ../../developer/Environment.rst:22
+msgid "python3-sphinx"
+msgstr ""
+
+#: ../../developer/Environment.rst:23
+msgid "python3-virtualenv"
+msgstr ""
+
+#: ../../developer/Environment.rst:26 ../../setup/index.rst:2
+msgid "Setup"
+msgstr ""
+
+#: ../../developer/Environment.rst:27
+msgid "The repository could be cloned with:"
+msgstr ""
+
+#: ../../developer/Environment.rst:33
+msgid "Client dependencies could be installed by issuing:"
+msgstr ""
+
+#: ../../developer/Environment.rst:41
+msgid "Backend dependencies could be installed by issuing:"
+msgstr ""
+
+#: ../../developer/Environment.rst:50
+msgid ""
+"This will create for you a python virtualenv in the directory env "
+"containing all the required python dependencies. To leave the virtualenv,"
+" type ``deactivate``."
+msgstr ""
+
+#: ../../developer/Environment.rst:52
+msgid ""
+"Then, anytime you will want to activate the environment to run globaleaks"
+" you will just need to issue the command:"
+msgstr ""
+
+#: ../../developer/Environment.rst:58
+msgid "Setup the client:"
+msgstr ""
+
+#: ../../developer/Environment.rst:66
+msgid "Setup the backend and its dependencies:"
+msgstr ""
+
+#: ../../developer/Environment.rst:76
+msgid "Run"
+msgstr ""
+
+#: ../../developer/Environment.rst:77
+msgid ""
+"To run globaleaks from sources within the development environment you "
+"should issue:"
+msgstr ""
+
+#: ../../developer/Environment.rst:85
+msgid ""
+"GlobaLeaks will start and be reachable at the following address "
+"https://127.0.0.1:8443"
+msgstr ""
+
+#: ../../developer/Environment.rst:88
+msgid "Building the docs"
+msgstr ""
+
+#: ../../developer/Environment.rst:89
+msgid "To build the documentation:"
+msgstr ""
+
+#: ../../developer/Environment.rst:97
+msgid "To edit the docs with hot-reload functionality:"
+msgstr ""
+
+#: ../../developer/Environment.rst:107
+msgid ""
+"Sphinx server will start and be reachable at the following address "
+"http://127.0.0.1:8000 in the web browser."
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:2
+msgid "Release procedure"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:3
+msgid "This is the procedure followed to publish a new GlobaLeaks release."
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:5
+msgid "A release is represented by:"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:7
+msgid "A version bump;"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:8
+msgid "An updated CHANGELOG;"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:9
+msgid "A commit titled \"Bump to version $number\";"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:10
+msgid "A tag commit $version signed by a core developer with their own key;"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:11
+msgid "An updated package on deb.globaleaks.org;"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:12
+msgid "A signed repository."
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:15
+msgid "Release tagging"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:16
+msgid ""
+"To release is tagger by means of the official version bump script by "
+"issuing:"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:23
+msgid "Release packaging"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:24
+msgid "The package is built by means of the official build script by issuing:"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:30
+msgid "This command builds a package for each supported distribution and version."
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:33
+msgid "Package publishing"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:34
+msgid "The package is published on https://deb.globaleaks.org by issuing:"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:41
+msgid "Repository signing"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:42
+msgid ""
+"The release is then signed by a core developer by using the official "
+"project key via:"
+msgstr ""
+
+#: ../../developer/SoftwareLibraries.rst:2
+msgid "Software libraries"
+msgstr ""
+
+#: ../../developer/SoftwareLibraries.rst:3
+msgid ""
+"The software libraries used by GlobaLeaks are listed in the following "
+"files:"
+msgstr ""
+
+#: ../../developer/SoftwareLibraries.rst:5
+msgid ""
+"Backend: `backend/requirements.txt <https://github.com/globaleaks"
+"/globaleaks-whistleblowing-software/blob/main/backend/requirements/requirements-"
+"bullseye.txt>`_"
+msgstr ""
+
+#: ../../developer/SoftwareLibraries.rst:6
+msgid ""
+"Client: `client/package.json <https://github.com/globaleaks"
+"/globaleaks-whistleblowing-software/blob/main/client/package.json>`_"
+msgstr ""
+
+#: ../../developer/SoftwareLibraries.rst:7
+msgid ""
+"Packaging: `debian/control <https://github.com/globaleaks/whistleblowing-"
+"software/blob/main/debian/controlX/control.bullseye>`_"
+msgstr ""
+
+#: ../../developer/index.rst:2
+msgid "Developer documentation"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:2
+msgid "Features"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:3
+msgid "These are the key features of the software:"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:6
+msgid "User features"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:8
+msgid ""
+"Multi-user system with customizable user roles (whistleblower, recipient,"
+" administrator)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:9
+msgid "Fully manageable via a web administration interface"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:10
+msgid ""
+"Allows whistleblowers to decide if and when to confidentially declare "
+"their identity"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:11
+msgid "Facilitates multimedia file exchanges with whistleblowers"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:12
+msgid "Secure management of file access and visualization"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:13
+msgid "Enables chat with whistleblowers to discuss reports"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:14
+msgid "Provides a unique 16-digit receipt for anonymous whistleblower login"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:15
+msgid "Simple recipient interface for receiving and analyzing reports"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:16
+msgid "Supports report categorization with labels"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:17
+msgid "Includes user search functionality for reports"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:18
+msgid "Supports the creation and assignment of case management statuses"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:19
+msgid "Customizable appearance (logo, color, styles, font, text)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:20
+msgid "Allows defining multiple reporting channels (e.g., by topic, department)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:21
+msgid ""
+"Enables creation and management of multiple whistleblowing sites (e.g., "
+"for subsidiaries or third-party clients)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:22
+msgid "Advanced questionnaire builder"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:23
+msgid "Provides whistleblowing system statistics"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:24
+msgid ""
+"Support for `over 90 languages "
+"<https://www.transifex.com/otf/globaleaks>`_ and Right-to-Left (RTL) "
+"languages"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:27
+msgid "Legal features"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:29
+msgid ""
+"Designed in adherence to `ISO 37002:2021 "
+"<https://www.iso.org/standard/65035.html>`_ and `EU Directive 2019/1937 "
+"<https://eur-lex.europa.eu/legal-"
+"content/en/TXT/?uri=CELEX%3A32019L1937>`_ recommendations for "
+"whistleblowing compliance"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:30
+msgid "Supports bidirectional anonymous communication (comments/messages)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:31
+msgid "Customizable case management workflow (statuses/sub-statuses)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:32
+msgid "Conditional reporting workflow based on whistleblower identity"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:33
+msgid "Manages conflicts of interest in the reporting workflow"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:34
+msgid "Custodian functionality to authorize access to whistleblower identity"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:35
+msgid "GDPR privacy by design and by default"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:36
+msgid "Configurable GDPR data retention policies"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:37
+msgid "GDPR-compliant subscriber module for new SaaS users"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:38
+msgid "No IP address logging"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:39
+msgid "Includes an audit log"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:40
+msgid "Integrates with existing enterprise case management platforms"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:41
+msgid ""
+"Free Software OSI Approved `AGPL 3.0 License "
+"<https://github.com/globaleaks/whistleblowing-"
+"software/blob/main/LICENSE>`_"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:44
+msgid "Security features"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:46
+msgid ""
+"Designed in adherence to `ISO 27001:2022 "
+"<https://www.iso.org/standard/82875.html>`_, `CSA STAR "
+"<https://cloudsecurityalliance.org/star>`_, and `OWASP "
+"<https://owasp.org/>`_ recommendations for security compliance"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:47
+msgid ""
+"Full data encryption for whistleblower reports and recipient "
+"communications"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:48
+msgid ""
+"Supports digital anonymity through `Tor <https://www.torproject.org/>`_ "
+"integration"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:49
+msgid ""
+"Built-in HTTPS support with `TLS 1.3 "
+"<https://tools.ietf.org/html/rfc8446>`_ standard and `SSLabs A+ "
+"<https://www.ssllabs.com/ssltest/analyze.html?d=try.globaleaks.org>`_ "
+"rating"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:50
+msgid ""
+"Automatic enrollment for free digital certificates with `Let’s Encrypt "
+"<https://letsencrypt.org/>`_"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:51
+msgid "Multiple penetration tests with publicly available reports"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:52
+msgid ""
+"Two-Factor Authentication (2FA) compliant with `TOTP RFC 6238 "
+"<https://tools.ietf.org/html/rfc6238>`_"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:53
+msgid "Integrated network sandboxing with iptables"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:54
+msgid "Application sandboxing with `AppArmor <http://wiki.apparmor.net/>`_"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:55
+msgid "Complete protection against automated submissions (spam prevention)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:56
+msgid "Continuous peer review and periodic security audits"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:57
+msgid "PGP support for encrypted email notifications and file downloads"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:58
+msgid "Leaves no traces in browser cache"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:61
+msgid "Technical features"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:63
+msgid ""
+"Designed in adherence to `Directive (EU) 2019/882 <https://eur-"
+"lex.europa.eu/legal-content/IT/TXT/?uri=CELEX%3A32019L0882>`_, `Directive"
+" (EU) 2016/2102 <https://eur-lex.europa.eu/legal-"
+"content/IT/TXT/?uri=CELEX%3A32016L2102>`_, `ETSI EN 301 549 "
+"<https://www.etsi.org/deliver/etsi_en/301500_301599/301549/03.02.01_60/en_301549v030201p.pdf>`_,"
+" `W3C WCAG 2.2 <https://www.w3.org/TR/WCAG22/>`_, and `WAI-ARIA 2.2 "
+"<https://www.w3.org/TR/wai-aria-1.2/>`_ recommendations for accessibility"
+" compliance"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:64
+msgid ""
+"Multi-site support enabling the operation of multiple virtual sites on "
+"the same setup"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:65
+msgid ""
+"Responsive user interfaces created with `Bootstrap "
+"<https://getbootstrap.com/>`_ CSS framework"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:66
+msgid "Automated software quality measurement and continuous integration testing"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:67
+msgid "Long-Term Support (LTS) plan"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:68
+msgid ""
+"Built with lightweight framework technologies (`Angular "
+"<https://angular.dev/>`_ and `Python Twisted <https://twisted.org/>`_)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:69
+msgid "Integrated `SQLite <https://sqlite.org>`_ database"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:70
+msgid ""
+"Automatic setup for `Tor Onion Services Version 3 "
+"<https://www.torproject.org/>`_"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:71
+msgid "Supports self-service signup for whistleblowing SaaS setup"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:72
+msgid ""
+"Compatible with Linux operating systems (`Debian "
+"<https://www.debian.org/>`_ / `Ubuntu <https://ubuntu.com/>`_)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:73
+msgid "Debian packaging with a repository for updates/upgrades"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:74
+msgid "Fully self-contained application"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:75
+msgid "Easy integration with existing websites"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:76
+msgid ""
+"Built and packaged with `reproducibility "
+"<https://en.wikipedia.org/wiki/Reproducible_builds>`_ in mind"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:77
+msgid "REST API"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:2
+msgid "Glossary"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:3
+msgid ""
+"This glossary defines jargon used in GlobaLeaks in a clear and consistent"
+" manner."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:5 ../../security/ThreatModel.rst:1
+msgid "Administrator"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:7
+msgid ""
+"The user who has set up and maintains the platform. An Administrator does"
+" not have access to Whistleblowers’ reports."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:8
+msgid "Channel"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:10
+msgid ""
+"A reporting channel used as a container for reports. Channels can be "
+"configured with specific questionnaires, recipients, and policies. They "
+"are typically used to organize the reporting process."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:11 ../../user/admin/UserInterface.rst:19
+#: ../../user/admin/UserInterface.rst:201
+msgid "Notification"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:13
+msgid ""
+"An email sent to inform a recipient of a new report or an update to an "
+"existing report."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:14
+msgid "Platform"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:16
+msgid "A system running the GlobaLeaks software."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:17
+msgid "Questionnaire"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:19
+msgid "A set of questions that the whistleblower must complete to file a report."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:20
+#: ../../security/ApplicationSecurity.rst:32
+msgid "Receipt"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:22
+msgid ""
+"A 16-digit random secret code generated by the system and provided to "
+"whistleblowers upon submission of their report. This code allows them to "
+"anonymously access and update their report by adding comments and new "
+"files."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:23 ../../security/ThreatModel.rst:1
+msgid "Recipient"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:25
+msgid ""
+"A user authorized to read whistleblowers’ reports. Recipients may also "
+"communicate with whistleblowers via the GlobaLeaks platform."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:26 ../../security/PenetrationTests.rst:1
+msgid "Report"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:28
+msgid ""
+"The submission by a whistleblower, including answers to a questionnaire "
+"and any attached material."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:29 ../../security/ThreatModel.rst:1
+msgid "Whistleblower"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:31
+msgid "The person who files a report."
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:3
+msgid ""
+"Ensure you understand and meet each of the following technical "
+"requirements."
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:6
+msgid "Hardware requirements"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:7
+msgid "**Requirements**:"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:9
+msgid "CPU: Dual-core 2.0GHz (64-bit)"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:10
+msgid "RAM: 1GB"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:11
+msgid "Storage: 20GB"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:12
+msgid "I/O: 10Mbit/s (shared)"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:14
+msgid ""
+"Please note that GlobaLeaks is designed to run on servers with "
+"specifications smaller than those listed above."
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:16
+msgid ""
+"The storage size should be determined based on your data retention "
+"policies and the expected use of the platform."
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:19
+msgid "Software requirements"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:20
+msgid ""
+"GlobaLeaks is designed to run on GNU/Linux and is developed and tested "
+"specifically for Debian-based systems."
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:22
+msgid ""
+"The currently recommended distributions are: Debian 12 (Bookworm) and "
+"Ubuntu 24.04 (Noble)"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:24
+msgid ""
+"The software lifecycle of the platform includes full support for all "
+"Debian and Ubuntu LTS versions starting from `Debian 10 "
+"<https://www.debian.org/releases/buster/>`_ and `Ubuntu 20.04 "
+"<https://releases.ubuntu.com/20.04/>`_."
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:26
+msgid ""
+"Support is guaranteed on these platforms according to the official long-"
+"term support timelines:"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:28
+msgid "`Debian Release End of Life Timeline <https://wiki.debian.org/LTS>`_"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:29
+msgid ""
+"`Ubuntu Release End of Life Timeline <https://www.ubuntu.com/info"
+"/release-end-of-life>`_"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:31
+msgid ""
+"Currently, we do not plan to support additional distributions, as "
+"GlobaLeaks adheres to the Unix philosophy of making each program excel in"
+" a specific area. By focusing our efforts on mastering one domain, we aim"
+" to serve our community most effectively. If you are interested in "
+"helping us extend support to additional distributions, please get in "
+"touch."
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:2
+msgid "Supported browsers"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:4
+msgid ""
+"GlobaLeaks is designed to fully support commonly used browsers on desktop"
+" PCs, laptops, tablets, and smartphones."
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:6
+msgid ""
+"We recommend using the `Tor Browser <https://www.torproject.org/>`_ for "
+"enhanced anonymity and additional privacy and security features not "
+"available in other browsers."
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:8
+msgid "Other supported browsers include:"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Browser"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Version"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Mozilla Firefox"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid ">= 38"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Google Chrome"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid ">= 45"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Brave"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid ">= 1.20.110"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Edge"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "any"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Safari"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid ">= 8"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "iOS"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid ">= 9"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Android"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid ">= 4.4"
+msgstr ""
+
+#: ../../gettingstarted/index.rst:2
+msgid "Getting started"
+msgstr ""
+
+#: ../../index.rst:2
+msgid "Documentation"
+msgstr "Dokumentation"
+
+#: ../../index.rst:4
+msgid ""
+"`GlobaLeaks <https://www.globaleaks.org/>`_ is an open-source, free "
+"software intended to enable anyone to easily set up and maintain a secure"
+" whistleblowing platform."
+msgstr ""
+
+#: ../../index.rst:7
+msgid ""
+"This documentation is thank to the support of our community. Join us and "
+"contribute with your additions and suggestion. In any of the page you "
+"find a link that enables you to provide suggestions and corrections. We "
+"remind you that in case of any software issue or bug you may always "
+"report on the `ticketing system <https://github.com/globaleaks"
+"/globaleaks-whistleblowing-software/issues>`_."
+msgstr ""
+
+#: ../../roadmap/index.rst:2
+msgid "Project roadmap"
+msgstr ""
+
+#: ../../roadmap/index.rst:5
+msgid ""
+"This tentative roadmap is built by the GlobaLeaks team in order to try to"
+" respond to main users' needs. Please get sure that the needs of your "
+"projects and users are well represented on the project `Ticketing System "
+"<https://github.com/globaleaks/globaleaks-whistleblowing-software/issues>`_. If your"
+" organization could fund the development of parts of this roadmap please "
+"write us at info@globaleaks.org"
+msgstr ""
+
+#: ../../roadmap/index.rst:8
+msgid "Introduction"
+msgstr ""
+
+#: ../../roadmap/index.rst:9
+msgid ""
+"`GlobaLeaks <https://www.globaleaks.org>`_ is free, open source software "
+"enabling anyone to easily set up and maintain a secure whistleblowing "
+"platform."
+msgstr ""
+
+#: ../../roadmap/index.rst:11
+msgid ""
+"Started in 2011, the software is now widely used worldwide by more than "
+"3000 organizations working in the fields of anti-corruption activism, "
+"human rights violations reporting, investigative journalism, and "
+"corporate compliance."
+msgstr ""
+
+#: ../../roadmap/index.rst:13
+msgid ""
+"This document details the main areas of research development and "
+"represents the actual tentative readmap of consolidation planned for "
+"2024-2026 based on the analysis of the large set of user needs collected "
+"within the official `Ticketing System <https://github.com/globaleaks"
+"/globaleaks-whistleblowing-software/issues>`_."
+msgstr ""
+
+#: ../../roadmap/index.rst:16
+msgid "Development areas"
+msgstr ""
+
+#: ../../roadmap/index.rst:19
+msgid "Statistics and Reporting"
+msgstr ""
+
+#: ../../roadmap/index.rst:20
+msgid ""
+"GlobaLeaks still misses the implementation for any generation of "
+"statistics and reports. Such features are considered fundamental in order"
+" to properly support users in analysis, investigation and reporting."
+msgstr ""
+
+#: ../../roadmap/index.rst:22
+msgid "E.g:"
+msgstr ""
+
+#: ../../roadmap/index.rst:24
+msgid ""
+"Recipients should be able to visually see statistics about the received "
+"reports received and the data contained; these statistics should empower "
+"users in their work providing relevant information out of the data "
+"collection that could help users analyze and study social problems like "
+"corruption and be able to organize and export automatic reporting;"
+msgstr ""
+
+#: ../../roadmap/index.rst:25
+msgid ""
+"Administrators should be able to visually see a dashboard in order to "
+"monitor the system and assure that all is working well (e.g. that "
+"recipients are receiving submissions and are able to access them and that"
+" no attacks are performed on the system)."
+msgstr ""
+
+#: ../../roadmap/index.rst:27 ../../roadmap/index.rst:42
+msgid "Ideas:"
+msgstr ""
+
+#: ../../roadmap/index.rst:29
+msgid ""
+"A client library could be adopted to generate reports directly on the "
+"client (e.g. Chart.js)"
+msgstr ""
+
+#: ../../roadmap/index.rst:30
+msgid ""
+"The implementation should support the possibility of exporting the report"
+" in PDF; in relation to this aspect it should be considered the "
+"advantages of a possible backend implementation."
+msgstr ""
+
+#: ../../roadmap/index.rst:32 ../../roadmap/index.rst:47
+#: ../../roadmap/index.rst:58 ../../roadmap/index.rst:71
+#: ../../roadmap/index.rst:84
+msgid "Reference tickets:"
+msgstr ""
+
+#: ../../roadmap/index.rst:34
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/1959"
+msgstr ""
+
+#: ../../roadmap/index.rst:35
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2254"
+msgstr ""
+
+#: ../../roadmap/index.rst:39
+msgid "Audit Log"
+msgstr ""
+
+#: ../../roadmap/index.rst:40
+msgid ""
+"GlobaLeaks still misses the implementation of a complete audit logit. "
+"This is considered a fundamental feature in order to achieve full "
+"accontability of the whistleblowing process and increase security."
+msgstr ""
+
+#: ../../roadmap/index.rst:44
+msgid "Software audit log should be improved"
+msgstr ""
+
+#: ../../roadmap/index.rst:45
+msgid ""
+"The software could exposes a standard log interfaces in CEF/LEEF/Syslog "
+"format to foster integration with third party SIEM software."
+msgstr ""
+
+#: ../../roadmap/index.rst:49
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2579"
+msgstr ""
+
+#: ../../roadmap/index.rst:50
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2580"
+msgstr ""
+
+#: ../../roadmap/index.rst:51
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2651"
+msgstr ""
+
+#: ../../roadmap/index.rst:54
+msgid "GDPR compliance"
+msgstr ""
+
+#: ../../roadmap/index.rst:55
+msgid ""
+"GlobaLeaks implements by-design many best practices in matters of privacy"
+" and security. In order to be effectively accepted and competitive beside"
+" commercial proprietary solutions and to guarantee the sustainability of "
+"the project, the software needs to achieve some market “standards” (e.g. "
+"GDPR compliance / ISO certifications / etc.); among all we selected that "
+"GDPR compliance is a first step where the software could implement best "
+"practices (e.g. procedures for self signup should present appropriate "
+"legal notices, terms of services, and contractualization). Within the "
+"software, there should be implemented an automatic contract generation "
+"via PDF or other suitable formats in respect with the GDPR requirements."
+msgstr ""
+
+#: ../../roadmap/index.rst:60
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2145"
+msgstr ""
+
+#: ../../roadmap/index.rst:61
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2658"
+msgstr ""
+
+#: ../../roadmap/index.rst:62
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2866"
+msgstr ""
+
+#: ../../roadmap/index.rst:63
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2767"
+msgstr ""
+
+#: ../../roadmap/index.rst:64
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/3011"
+msgstr ""
+
+#: ../../roadmap/index.rst:65
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/3012"
+msgstr ""
+
+#: ../../roadmap/index.rst:68
+msgid "Backup and Restore"
+msgstr ""
+
+#: ../../roadmap/index.rst:69
+msgid ""
+"GlobaLeaks currently misses any feature for performing backup and "
+"restoring of its setup. These duties are currently performed by its users"
+" following typical best manual practices (e.g. archiving the data "
+"directory of the application). This project idea is to research the best "
+"practices to be applied in this context and to identify suitable "
+"strategies for implementing periodic, secure and encrypted backups to be "
+"restored upon necessity."
+msgstr ""
+
+#: ../../roadmap/index.rst:73
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/528"
+msgstr ""
+
+#: ../../roadmap/index.rst:74
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2149"
+msgstr ""
+
+#: ../../roadmap/index.rst:77
+msgid "Multitenancy"
+msgstr ""
+
+#: ../../roadmap/index.rst:79
+msgid "Import and Export of Tenants"
+msgstr ""
+
+#: ../../roadmap/index.rst:80
+msgid ""
+"Part of the software is a recent feature of Multitenancy, first "
+"implemented in 2018 and stabilized during 2019. Through this feature, "
+"GlobaLeaks makes it possible to create multiple setups of itself via "
+"virtual sites (similarly to Wordpress multisite feature). In order to "
+"make it more easy for an administrator to migrate a platform form a "
+"system to an other or to enable users to require data portability from a "
+"globaleaks provider to an other, for example in relation to GDPR it has "
+"been evaluated necessary to improve the multi tenancy implementation by "
+"implementing support for import-export of tenants. In the context of a "
+"whistleblowing application, involving encryption and logging this poses "
+"important challenges on how to best handle this process."
+msgstr ""
+
+#: ../../roadmap/index.rst:86
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2632"
+msgstr ""
+
+#: ../../roadmap/index.rst:87
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2631"
+msgstr ""
+
+#: ../../roadmap/index.rst:90
+msgid "Multisite users"
+msgstr ""
+
+#: ../../roadmap/index.rst:91
+msgid "(To be further researched)"
+msgstr ""
+
+#: ../../roadmap/index.rst:93
+msgid ""
+"Important requirement at the base of the Multitenancy expansion is the "
+"possibility to enable users to be administrators and recipients of two or"
+" multiple instances running on the same multi-site setup. This is useful "
+"for example when a lawyer takes part as a recipient on multiple projects;"
+" as well it is useful when an ICT consultant joins consultancy on "
+"multiple projects."
+msgstr ""
+
+#: ../../roadmap/index.rst:96
+msgid ""
+"This could significatively simplify user access enabling the user to have"
+" a single set of username and password and associated keys."
+msgstr ""
+
+#: ../../roadmap/index.rst:98
+msgid "References tickets:"
+msgstr ""
+
+#: ../../roadmap/index.rst:100
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2302"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:3
+msgid "Application security"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:4
+msgid ""
+"The GlobaLeaks software aims to adhere to industry-standard best "
+"practices, with its security being the result of applied research."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:6
+msgid ""
+"This document details every aspect implemented by the application in "
+"relation to security design."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:9
+msgid "Architecture"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:10
+msgid "The software comprises two main components: a `Backend` and a `Client`:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:12
+msgid ""
+"The Backend is a Python-based server that runs on a physical server and "
+"exposes a `REST API "
+"<https://en.wikipedia.org/wiki/Representational_state_transfer>`_."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:13
+msgid ""
+"The Client is a JavaScript client-side web application that interacts "
+"with the Backend only through `XHR "
+"<https://en.wikipedia.org/wiki/XMLHttpRequest>`_."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:16
+msgid "Anonymity"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:17
+msgid ""
+"Users' anonymity is protected by means of `Tor "
+"<https://www.torproject.org>`_ technology."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:19
+msgid ""
+"The application is designed to avoid logging sensitive metadata that "
+"could lead to the identification of whistleblowers."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:22
+msgid "Authentication"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:23
+msgid ""
+"The confidentiality of authentication is protected either by `Tor Onion "
+"Services v3 <https://www.torproject.org/docs/onion-services.html.en>`_ or"
+" `TLS version 1.2+ "
+"<https://en.wikipedia.org/wiki/Transport_Layer_Security>`_."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:25
+msgid ""
+"This section describes the authentication methods implemented by the "
+"system."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:28
+msgid "Password"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:29
+msgid ""
+"By accessing the login web interface, `Administrators` and `Recipients` "
+"need to enter their respective `Username` and `Password`. If the "
+"submitted password is valid, the system grants access to the "
+"functionality available to that user."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:33
+msgid ""
+"`Whistleblowers` access their `Reports` using an anonymous `Receipt`, "
+"which is a randomly generated 16-digit sequence created by the Backend "
+"when the Report is first submitted. This format resembles a standard "
+"phone number, making it easier for whistleblowers to conceal their "
+"receipts."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:36
+msgid "Password security"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:37
+msgid "The system implements the following password security measures:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:40
+msgid "Password storage"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:41
+msgid ""
+"Passwords are never stored in plaintext; instead, the system maintains "
+"only a hashed version. This applies to all authentication secrets, "
+"including whistleblower receipts."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:43
+msgid ""
+"The platform stores users’ passwords hashed with a random 128-bit salt, "
+"unique for each user."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:45
+msgid ""
+"Passwords are hashed using `Argon2 "
+"<https://en.wikipedia.org/wiki/Argon2>`_, a key derivation function "
+"selected as the winner of the `Password Hashing Competition "
+"<https://en.wikipedia.org/wiki/Password_Hashing_Competition>`_ in July "
+"2015."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:47
+msgid ""
+"The hash involves a per-user salt for each user and a per-system salt for"
+" whistleblowers."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:50
+msgid "Password complexity"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:51
+msgid ""
+"The system enforces complex passwords by implementing a custom algorithm "
+"necessary to ensure reasonable entropy for each authentication secret."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:53
+msgid ""
+"Passwords are scored at three levels: `Strong`, `Acceptable`, and "
+"`Insecure`."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:55
+msgid ""
+"Strong: A strong password should include capital letters, lowercase "
+"letters, numbers, and symbols, be at least 12 characters long, and "
+"contain a variety of at least 10 different characters."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:56
+msgid ""
+"Acceptable: An acceptable password should include at least 3 different "
+"types of characters from capital letters, lowercase letters, numbers, and"
+" symbols, be at least 10 characters long, and contain a variety of at "
+"least 7 different characters."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:57
+msgid ""
+"Insecure: Passwords ranked below the strong or acceptable levels are "
+"marked as insecure and are not accepted by the system."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:59
+msgid ""
+"We encourage each end user to use `KeePassXC <https://keepassxc.org>`_ to"
+" generate and retain strong, unique passphrases."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:62
+msgid "Two-factor authentication"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:63
+msgid ""
+"The system implements Two-Factor Authentication (2FA) based on `TOTP` "
+"using the `RFC 6238 <https://tools.ietf.org/rfc/rfc6238.txt>`_ algorithm "
+"and 160-bit secrets."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:65
+msgid ""
+"Users can enroll in 2FA via their own preferences, and administrators can"
+" optionally enforce this requirement."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:67
+msgid ""
+"We recommend using `FreeOTP <https://freeotp.github.io/>`_, available "
+"`for Android "
+"<https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp>`_"
+" and `for iOS <https://apps.apple.com/us/app/freeotp-"
+"authenticator/id872559395>`_."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:70
+msgid "Slowdown on failed login attempts"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:71
+msgid ""
+"The system identifies multiple failed login attempts and implements a "
+"slowdown procedure, requiring an authenticating client to wait up to 42 "
+"seconds to complete an authentication."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:73
+msgid ""
+"This feature is intended to slow down potential attacks, requiring more "
+"resources in terms of time, computation, and memory."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:76
+msgid "Password change on first login"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:77
+msgid "The system enforces users to change their password at their first login."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:79
+msgid ""
+"Administrators can also enforce a password change for users at their next"
+" login."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:82
+msgid "Periodic password change"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:83
+msgid ""
+"By default, the system enforces users to change their password at least "
+"every year."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:85
+msgid "This period is configurable by administrators."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:88
+msgid "Password recovery"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:89
+msgid ""
+"In case of a lost password, users can request a password reset via the "
+"web login interface by clicking on a `Forgot password?` button present on"
+" the login page."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:91
+msgid ""
+"When this button is clicked, users are invited to enter their username or"
+" email. If the provided username or email corresponds to an existing "
+"user, the system will send a reset link to the configured email."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:93
+msgid ""
+"By clicking the link received by email, the user is then invited to set a"
+" new password different from the previous one."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:95
+msgid ""
+"If encryption is enabled on the system, a user clicking on the reset link"
+" must first enter their `Account Recovery Key`. Only after correct entry "
+"will the user be able to set a new password."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:98
+msgid "Web application security"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:99
+msgid ""
+"This section describes the Web Application Security implemented by the "
+"software in adherence to the `OWASP Security Guidelines "
+"<https://www.owasp.org>`_."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:102
+msgid "Session management"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:103
+msgid ""
+"The session implementation follows the `OWASP Session Management Cheat "
+"Sheet "
+"<https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html>`_"
+" security guidelines."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:105
+msgid ""
+"The system assigns a session to each authenticated user. The Session ID "
+"is a 256-bit long secret generated randomly by the backend. Each session "
+"expires according to a timeout of 30 minutes. Session IDs are exchanged "
+"between the client and the backend via a header (`X-Session`) and expire "
+"as soon as users close their browser or the tab running GlobaLeaks. Users"
+" can explicitly log out via a logout button or implicitly by closing the "
+"browser."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:108
+msgid "Session encryption"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:109
+msgid ""
+"To minimize the exposure of users' encryption keys, the keys are stored "
+"in an encrypted format and decrypted only upon each client request."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:111
+msgid ""
+"The implementation uses Libsodium's SecretBox, where the client's session"
+" key is used as the secret. Only the client maintains a copy of the "
+"session key, while the server retains only a SHA-256 hash."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:114
+msgid "Cookies and xsrf prevention"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:115
+msgid ""
+"Cookies are not used intentionally to minimize XSRF attacks and any "
+"possible attacks based on them. Instead of using cookies, authentication "
+"is based on a custom HTTP Session Header sent by the client on "
+"authenticated requests."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:118
+msgid "HTTP headers"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:119
+#, python-format
+msgid ""
+"The system implements a large set of HTTP headers specifically configured"
+" to improve software security and achieves a `score A+ by Security "
+"Headers "
+"<https://securityheaders.com/?q=https%3A%2F%2Ftry.globaleaks.org&followRedirects=on>`_"
+" and a `score A+ by Mozilla Observatory "
+"<https://observatory.mozilla.org/analyze/try.globaleaks.org>`_."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:122
+msgid "Strict-Transport-Security"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:123
+msgid "The system implements strict transport security by default. ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:128
+msgid "The default configuration of the application sees this feature disabled."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:131
+msgid "Content-Security-Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:132
+msgid ""
+"The backend implements a strict `Content Security Policy (CSP) "
+"<https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP>`_ preventing any "
+"interaction with third-party resources and restricting the execution of "
+"untrusted user input: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:137
+msgid ""
+"Specific policies are implemented in adherence to the principle of least "
+"privilege."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:139
+msgid "For example:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:141
+msgid ""
+"The `index.html` source of the app is the only resource allowed to load "
+"scripts from the same origin;"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:142
+msgid "Every dynamic content is strictly sandboxed on a null origin;"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:143
+msgid ""
+"Every untrusted user input or third-party library is executed in a "
+"sandbox, limiting its interaction with other application components."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:146
+msgid "Cross-Origin-Embedder-Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:147
+msgid ""
+"The backend implements the following `Cross-Origin-Embedder-Policy (COEP)"
+" <https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-"
+"Embedder-Policy>`_: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:153
+msgid "Cross-Origin-Opener-Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:154
+msgid ""
+"The backend implements the following `Cross-Origin-Opener-Policy (COOP) "
+"<https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-"
+"Opener-Policy>`_: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:160
+msgid "Cross-Origin-Resource-Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:161
+msgid ""
+"The backend implements the following `Cross-Origin-Resource-Policy (CORP)"
+" <https://developer.mozilla.org/en-US/docs/Web/HTTP/Cross-"
+"Origin_Resource_Policy>`_: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:167
+msgid "Permissions-Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:168
+msgid ""
+"The backend implements the following Permissions-Policy header "
+"configuration to limit the possible de-anonymization of the user by "
+"disabling dangerous browser features: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:174
+msgid "X-Frame-Options"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:175
+msgid ""
+"In addition to implementing Content Security Policy level 3 to prevent "
+"the application from being included in an iframe, the backend also "
+"implements the outdated X-Frame-Options header to ensure that iframes are"
+" always prevented in any circumstance, including on outdated browsers: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:181
+msgid "Referrer-Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:182
+msgid ""
+"Web browsers usually attach referrers in their HTTP headers as they "
+"browse links. The platform enforces a referrer policy to avoid this "
+"behavior. ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:188
+msgid "X-Content-Type-Options"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:189
+msgid ""
+"To avoid automatic MIME type detection by the browser when setting the "
+"Content-Type for specific output, the following header is used: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:195
+msgid "Cache-Control"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:196
+msgid ""
+"To prevent or limit forensic traces left on devices used by "
+"whistleblowers and in devices involved in communication with the "
+"platform, as specified in section ``3. Storing Responses in Caches`` of "
+"`RFC 7234 <https://tools.ietf.org/html/rfc7234>`__, the platform uses the"
+" ``Cache-Control`` HTTP header with the configuration ``no-store`` to "
+"instruct clients and possible network proxies to disable any form of data"
+" caching. ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:202
+msgid "Crawlers Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:203
+msgid ""
+"For security reasons, the backend instructs crawlers to avoid caching and"
+" indexing of the application and uses the ``robots.txt`` file to allow "
+"crawling only of the home page. Indexing the home page is considered best"
+" practice to promote the platform's existence and facilitate access for "
+"potential whistleblowers."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:205
+msgid "The implemented configuration is as follows: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:212
+msgid ""
+"The platform also instructs crawlers to avoid caching by injecting the "
+"following HTTP header: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:217
+msgid ""
+"For highly sensitive projects where the platform is intended to remain "
+"``hidden`` and communicated to potential whistleblowers directly, it can "
+"be configured to disable indexing completely."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:219
+msgid "In such cases, the following HTTP header is used: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:225
+msgid "Anchor tags and external urls"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:226
+msgid ""
+"The client opens external URLs in a new tab, independent of the "
+"application context, by setting ``rel='noreferrer'`` and "
+"``target='_blank'``` on every anchor tag. ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:232
+msgid "Input validation"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:233
+msgid ""
+"The application implements strict input validation both on the backend "
+"and on the client."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:236
+msgid "On the backend"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:237
+msgid ""
+"Each client request is strictly validated by the backend against a set of"
+" regular expressions, and only requests matching the expressions are "
+"processed."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:239
+msgid ""
+"Additionally, a set of rules is applied to each request type to limit "
+"potential attacks. For example, any request is limited to a payload of "
+"1MB."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:242
+msgid "On the client"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:243
+msgid ""
+"Each server output is strictly validated by the client at rendering time "
+"using the Angular component `ngSanitize.$sanitize "
+"<http://docs.angularjs.org/api/ngSanitize.$sanitize>`__."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:246
+msgid "Form autocomplete off"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:247
+msgid ""
+"Forms implemented by the platform use the HTML5 form attribute to "
+"instruct the browser not to cache user data for form prediction and "
+"autocomplete on subsequent submissions."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:249
+msgid ""
+"This is achieved by setting `autocomplete=\"off\" "
+"<https://www.w3.org/TR/html5/forms.html=autofilling-form-controls:-the-"
+"autocomplete-attribute>`__ on the relevant forms or attributes."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:252
+msgid "Network security"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:254
+msgid "Connection anonymity"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:255
+msgid ""
+"User anonymity is provided through the implementation of `Tor "
+"<https://www.torproject.org/>`__ technology. The application implements "
+"an ``Onion Service v3`` and advises users to use the Tor Browser when "
+"accessing it."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:258
+msgid "Connection encryption"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:259
+msgid ""
+"User connections are always encrypted, either through the `Tor Protocol "
+"<https://www.torproject.org>`__ when using the Tor Browser or via `TLS "
+"<https://en.wikipedia.org/wiki/Transport_Layer_Security>`__ when accessed"
+" through a common browser."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:261
+msgid ""
+"Using ``Tor`` is recommended over HTTPS due to its advanced resistance to"
+" selective interception and censorship, making it difficult for a third "
+"party to capture or block access to the site for specific whistleblowers "
+"or departments."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:263
+msgid ""
+"The software also facilitates easy setup of ``HTTPS``, offering both "
+"automatic setup via `Let's Encrypt <https://letsencrypt.org/>`__ and "
+"manual configuration."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:265
+msgid ""
+"TLS certificates are generated using `NIST Curve P-384 "
+"<https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf>`__."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:267
+msgid ""
+"The configuration enables only ``TLS1.2+`` and is fine-tuned and hardened"
+" to achieve `SSLLabs grade A+ "
+"<https://www.ssllabs.com/ssltest/analyze.html?d=try.globaleaks.org>`__."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:269
+msgid "In particular, only the following ciphers are enabled: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:283
+msgid "Network sandboxing"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:284
+msgid ""
+"The GlobaLeaks backend integrates `iptables "
+"<https://www.netfilter.org/>`__ by default and implements strict firewall"
+" rules that restrict incoming network connections to HTTP and HTTPS on "
+"ports 80 and 443."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:286
+msgid ""
+"Additionally, the application allows anonymizing outgoing connections, "
+"which can be configured to route through Tor."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:289
+msgid "Data encryption"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:290
+msgid ""
+"Submission data, file attachments, messages, and metadata exchanged "
+"between whistleblowers and recipients are encrypted using the GlobaLeaks "
+":doc:`EncryptionProtocol`."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:292
+msgid ""
+"GlobaLeaks also incorporates various other encryption components. The "
+"main libraries and their uses are:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:294
+msgid ""
+"`Python-NaCL <https://github.com/pyca/pynacl>`__: used for implementing "
+"data encryption"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:295
+msgid ""
+"`PyOpenSSL <https://github.com/pyca/pyopenssl>`__: used for implementing "
+"HTTPS"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:296
+msgid ""
+"`Python-Cryptography <https://cryptography.io>`__: used for implementing "
+"authentication"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:297
+msgid ""
+"`Python-GnuPG <http://pythonhosted.org/python-gnupg/index.html>`__: used "
+"for encrypting email notifications and file downloads via ```PGP```"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:300
+msgid "Application sandboxing"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:301
+msgid ""
+"The GlobaLeaks backend integrates `AppArmor <https://apparmor.net/>`__ by"
+" default and implements a strict sandboxing profile, allowing the "
+"application to access only the strictly required files. Additionally, the"
+" application runs under a dedicated user and group \"globaleaks\" with "
+"reduced privileges."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:304
+msgid "Database security"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:305
+msgid ""
+"The GlobaLeaks backend uses a hardened local SQLite database accessed via"
+" SQLAlchemy ORM."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:307
+msgid ""
+"This design choice ensures the application can fully control its "
+"configuration while implementing extensive security measures in adherence"
+" to the `security recommendations by SQLite "
+"<https://sqlite.org/security.html>`__."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:310
+msgid "Secure deletion"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:311
+msgid ""
+"The GlobaLeaks backend enables SQLite’s secure deletion capability, which"
+" automatically overwrites the database data upon each delete query: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:317
+msgid "Auto vacuum"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:318
+msgid ""
+"The platform enables SQLite’s auto vacuum capability for automatic "
+"cleanup of deleted entries and recall of unused pages: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:324
+msgid "Limited database trust"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:325
+msgid ""
+"The GlobaLeaks backend uses the SQLite `trusted_schema "
+"<https://www.sqlite.org/src/doc/latest/doc/trusted-schema.md>`__ pragma "
+"to limit trust in the database, mitigating risks of malicious corruption."
+" ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:331
+msgid "Limited database functionalities"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:332
+msgid ""
+"The GlobaLeaks backend restricts SQLite functionalities to only those "
+"necessary for running the application, reducing the potential for "
+"exploitation in case of SQL injection attacks."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:334
+msgid ""
+"This is implemented using the ```conn.set_authorizer``` API and a strict "
+"authorizer callback that authorizes only a limited set of SQL "
+"instructions: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:345
+msgid "DoS resiliency"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:346
+msgid ""
+"To mitigate denial of service attacks, GlobaLeaks applies the following "
+"measures:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:348
+msgid ""
+"Implements a proof-of-work (hashcash) on each unauthenticated request to "
+"limit automation."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:349
+msgid "Applies rate limiting on authenticated sessions."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:350
+msgid ""
+"Limits the possibility of triggering CPU-intensive routines by external "
+"users (e.g., limits on query and job execution times)."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:351
+msgid ""
+"Monitors activity to detect and respond to attacks, implementing "
+"proactive security measures to prevent DoS (e.g., slowing down fast "
+"operations)."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:354
+msgid "Proof of work on users' sessions"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:355
+msgid ""
+"The system implements an automatic `Proof of Work "
+"<https://en.wikipedia.org/wiki/Proof_of_work>`__ based on the hashcash "
+"algorithm for every user session, requiring clients to request a token "
+"and continuously solve a computational problem to acquire and renew the "
+"session."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:358
+msgid "Rate limit on users' sessions"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:359
+msgid ""
+"The system implements rate limiting on user sessions, preventing more "
+"than 5 requests per second and applying increasing delays on requests "
+"that exceed this threshold."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:362
+msgid "Rate limit on whistleblowers' reports and attachments"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:363
+msgid ""
+"The system applies rate limiting on whistleblower reports and "
+"attachments, preventing new submissions and file uploads if thresholds "
+"are exceeded."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:365
+msgid "Implemented thresholds are:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "Threshold Variable"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+#: ../../security/PenetrationTests.rst:1
+msgid "Goal"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "Default Threshold Setting"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "threshold_reports_per_hour"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "Limit the number of reports that can be filed per hour"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "20"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "threshold_reports_per_hour_per_ip"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid ""
+"Limit the number of reports that can be filed per hour by the same IP "
+"address"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "5"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "threshold_attachments_per_hour_per_ip"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid ""
+"Limit the number of attachments that can be uploaded per hour by the same"
+" IP address"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "120"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "threshold_attachments_per_hour_per_report"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "Limit the number of attachments that can be uploaded per hour on a report"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "30"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:375
+msgid ""
+"In case of necessity, threshold configurations can be adjusted using the "
+"`gl-admin` command as follows: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:381
+msgid "Other measures"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:383
+msgid "Browser history and forensic traces"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:384
+msgid ""
+"The entire application is designed to minimize or reduce the forensic "
+"traces left by whistleblowers on their devices while filing reports."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:386
+msgid ""
+"When accessed via the Tor Browser, the browser ensures that no persistent"
+" traces are left on the user's device."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:388
+msgid ""
+"To prevent or limit forensic traces in the browser history of users "
+"accessing the platform via a common browser, the application avoids "
+"changing the URI during whistleblower navigation. This prevents the "
+"browser from logging user activities and offers high plausible "
+"deniability, making the whistleblower appear as a simple visitor to the "
+"homepage and avoiding evidence of any submission."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:391
+msgid "Secure file management"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:393
+msgid "Secure file download"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:394
+msgid ""
+"Any attachment uploaded by anonymous whistleblowers might contain "
+"malware, either intentionally or not. It is highly recommended, if "
+"possible, to download files and access them on an air-gapped machine "
+"disconnected from the network and other sensitive devices. To facilitate "
+"safe file downloads and transfers using a USB stick, the application "
+"provides the option to export reports, enabling the download of a ZIP "
+"archive containing all report content. This reduces the risk of executing"
+" files during the transfer process."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:397
+msgid "Safe file opening"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:398
+msgid ""
+"For scenarios where the whistleblower's trustworthiness has been "
+"validated or in projects with a low-risk threat model, the application "
+"offers an integrated file viewer. This viewer, leveraging modern browser "
+"sandboxing capabilities, allows the safe opening of a limited set of file"
+" types considered more secure than accessing files directly through the "
+"operating system. This feature is disabled by default. Administrators "
+"should enable it only after thorough evaluation and ensure that "
+"recipients' browsers are kept up-to-date."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:400
+msgid "The supported file formats are:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:402
+msgid "AUDIO"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:403
+msgid "CSV"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:404
+msgid "IMAGE"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:405
+msgid "PDF"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:406
+msgid "VIDEO"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:407
+msgid "TXT"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:409
+#: ../../security/ApplicationSecurity.rst:419
+msgid "The default configuration has this feature disabled."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:412
+msgid "PGP encryption"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:413
+msgid "The system offers an optional PGP encryption feature."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:415
+msgid ""
+"When enabled, users can activate a personal PGP key that will be used by "
+"the system to encrypt email notifications and files on-the-fly."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:417
+msgid ""
+"This feature is recommended for high-risk threat models, especially when "
+"used in conjunction with air-gapped systems for report visualization."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:422
+msgid "Encryption of temporary files"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:423
+msgid ""
+"Files uploaded and temporarily stored on disk during the upload process "
+"are encrypted with a temporary, symmetric AES key to prevent any "
+"unencrypted data from being written to disk. Encryption is performed in "
+"streaming mode using `AES 128-bit` in `CTR mode`. Key files are stored in"
+" memory and are unique for each file being uploaded."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:426
+msgid "Secure file delete"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:427
+msgid ""
+"Every file deleted by the application is overwritten before the file "
+"space is released on disk."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:429
+msgid ""
+"The overwrite routine is executed by a periodic scheduler and follows "
+"these steps:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:431
+msgid "A first overwrite writes 0 across the entire file;"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:432
+msgid "A second overwrite writes 1 across the entire file;"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:433
+msgid "A third overwrite writes random bytes across the entire file."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:436
+msgid "Exception logging and redaction"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:437
+msgid ""
+"To quickly diagnose potential software issues when client exceptions "
+"occur, they are automatically reported to the backend. The backend "
+"temporarily caches these exceptions and sends them to the backend "
+"administrator via email."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:439
+msgid ""
+"To prevent inadvertent information leaks, logs are processed through "
+"filters that redact email addresses and UUIDs."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:442
+msgid "Entropy sources"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:443
+msgid "The primary source of entropy for the platform is `/dev/urandom`."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:446
+msgid "UUIDv4 randomness"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:447
+msgid ""
+"System resources like submissions and files are identified by UUIDv4 to "
+"make them unguessable by external users and limit potential attacks."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:450
+msgid "TLS for smtp notification"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:451
+msgid ""
+"All notifications are sent through an SMTP channel encrypted with TLS, "
+"using either SMTP/TLS or SMTPS, depending on the configuration."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:2
+msgid "Encryption protocol"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:3
+msgid ""
+"GlobaLeaks implements an encryption protocol specifically designed for "
+"anonymous whistleblowing applications."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:5
+msgid ""
+"The protocol has been developed and validated in collaboration with the "
+"`Open Technology Fund <https://www.opentech.fund/results/supported-"
+"projects/globaleaks/>`_ and represents a trade-off between security and "
+"usability. It is designed to be user-friendly for whistleblowers while "
+"providing reasonable protection against attackers attempting to breach "
+"the backend and perform brute-force decryption."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:7
+msgid ""
+"Encryption is applied to each submission, protecting answers to "
+"questionnaires, comments, attachments, and associated metadata. The "
+"encryption keys are assigned per user and per report, ensuring that only "
+"whistleblowers and their intended recipients can access the reports. This"
+" means that if users forget their passwords, they will lose access to the"
+" data in their accounts."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:9
+msgid ""
+"To enable users to recover their accounts in case they forget their "
+"passwords, the system includes a `Key Recovery`_ mechanism and provides "
+"each user with an Account Recovery Key. This measure ensures that users "
+"with their own Account Recovery Key can always restore access to their "
+"account and the data it contains."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:11
+msgid ""
+"To prevent data loss in case users lose both their password and their "
+"account recovery key, the system can be configured to use a `Key Escrow`_"
+" mechanism. This delegates the responsibility of supporting users in "
+"recovering access to their accounts to administrators. This capability "
+"enhances the project's resilience against data loss due to users' death "
+"or conflicts of interest within the recipient team. However, it also "
+"means that administrators with access to escrow keys could potentially "
+"access other users' accounts and data. Project owners should carefully "
+"decide whether to enable this feature based on the project's threat model"
+" and document their decision in the project's privacy policies."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:14
+msgid "Encryption's workflow"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:15
+msgid ""
+"Users choose a secure personal password during their first login using an"
+" account activation link."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:16
+msgid ""
+"The system creates a personal asymmetric keypair for each user and stores"
+" the private key symmetrically encrypted with a secret derived from the "
+"user's password."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:17
+msgid ""
+"Each user's private key is protected by the Key Recovery mechanism and, "
+"if enabled, by the Key Escrow mechanism."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:18
+msgid "The whistleblower files a report."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:19
+msgid "The system assigns a unique 16-digit receipt number to the whistleblower."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:20
+msgid ""
+"The system generates an asymmetric keypair for the whistleblower and "
+"stores the private key symmetrically encrypted with a secret derived from"
+" the whistleblower’s receipt number."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:21
+msgid ""
+"The system generates an asymmetric keypair for encrypting the report, "
+"attachments, comments, and associated metadata, and stores a copy of the "
+"private key encrypted for each involved user using their own public key."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:22
+msgid ""
+"The system encrypts the report, attachments, comments, and metadata with "
+"the public key generated for the report."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:23
+msgid ""
+"The system grants each involved user access to their reports and "
+"facilitates communication by automatically locking and unlocking the "
+"involved keys when a report is accessed or new communication is made."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:26
+msgid "Encryption's details"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:28
+msgid "Algorithms"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Type"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Implementation"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Asymmetric encryption"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid ""
+"`Libsodium SealedBoxes "
+"<https://pynacl.readthedocs.io/en/stable/public/#nacl.public.SealedBox>`_,"
+" which combines Curve25519, XSalsa20, and Poly1305 algorithms."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Symmetric encryption"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid ""
+"`Libsodium SecretBoxes "
+"<https://pynacl.readthedocs.io/en/stable/secret/#nacl.secret.SecretBox>`_,"
+" which combines XSalsa20 and Poly1305."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:36
+msgid "Users’ credentials"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:37
+msgid "The system uses two types of credentials depending on the user role:"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Credentials type"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "User role"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Passwords"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Used for authenticating users identified by a username"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Receipts"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "16-digit random secrets used for authenticating anonymous whistleblowers"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:45
+msgid "Assumptions:"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:47
+msgid "The system enforces strong password complexity."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:48
+msgid ""
+"The system enforces expiration of receipts according to a strict data "
+"retention policy that limits the number of concurrent active receipts."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:51
+msgid "Users’ keys"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Generation"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Storage"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "ECC Curve25519 keypair"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid ""
+"Generated by the backend during first user login for authenticated users "
+"and upon submission for whistleblowers"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid ""
+"Keys are stored on the backend encrypted using symmetric encryption. The "
+"symmetric key used for encrypting users’ keys is derived from the users’ "
+"credentials using the KDF function `Argon2ID <https://password-"
+"hashing.net/argon2-specs.pdf>`_. The parameters for Argon2ID used for KDF"
+" are stronger than those used for user authentication, with the hash "
+"stored. The parameters are selected to require 128MB of memory per login "
+"and 1 second of computation."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:58
+msgid "Data encryption's keys"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "256-bit keys"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Generated by the backend for each report"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid ""
+"Keys are stored on the backend filesystem encrypted using asymmetric "
+"encryption with Users’ and Whistleblower’s keys, respectively."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:65
+msgid "Key generation"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:66
+msgid ""
+"Users' encryption keys are automatically generated during the first login"
+" and secured using the user passphrase. This straightforward but "
+"effective key generation policy requires users to complete their first "
+"login before being able to receive reports."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:69
+msgid "Key recovery"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:70
+msgid ""
+"The system implements a key recovery mechanism using a recovery key and "
+"symmetric encryption."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:72
+msgid ""
+"When a user key is generated, the private key is symmetrically encrypted "
+"with a randomly generated recovery key."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:74
+msgid ""
+"For usability reasons, this recovery key is also securely encrypted and "
+"stored on the backend, allowing logged-in users who possess their "
+"password to retrieve and print their own account recovery key."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:77
+msgid "Key escrow"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:78
+msgid ""
+"The system offers an optional key escrow mechanism to mitigate data loss "
+"in the event of users losing their passwords."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:80
+msgid ""
+"Key escrow can be enabled during the initial application setup or in the "
+"advanced settings of the software."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:82
+msgid ""
+"We recommend enabling this option to protect whistleblowers' submissions "
+"in cases where recipients lose their passwords. However, if you want to "
+"set up a system where only recipients can access submissions, we advise "
+"against using this feature."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:84
+msgid ""
+"When enabled, the system generates and assigns an escrow key to the "
+"administrator who activated the feature. This key is then used to encrypt"
+" every system key, with a copy preserved that any administrator with the "
+"escrow key can unlock."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:86
+msgid ""
+"Administrators with access to the escrow key can assist internal users "
+"with password recovery and issue password resets. They can also grant "
+"this privilege to other administrators or disable the feature entirely."
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:3
+msgid "Security audits"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:5
+msgid ""
+"GlobaLeaks undergoes independent security audits periodically to verify "
+"and enhance the security of the system. This page lists the most "
+"significant reports available."
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:7
+msgid ""
+"We aim to have audits conducted at least every two years, thanks to "
+"funding opportunities. Each adopter is encouraged to contribute by "
+"funding a general or topic-specific audit based on their capabilities. "
+"This helps ensure that every algorithm, component, and methodology "
+"applied within the project is thoroughly verified."
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:9
+msgid ""
+"If you have conducted or are considering sponsoring a security audit, "
+"please email us at `info@globaleaks.org <mailto:info@globaleaks.org>`_. "
+"This is especially important for general software security. When "
+"requesting a company to audit the software, always remember to ask if the"
+" report can be published afterward; many auditors may not agree to "
+"publish the report later, which has often led to wasted project "
+"resources."
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:11
+msgid ""
+"If you are an independent security auditor or, during your peer review of"
+" GlobaLeaks, you discover or suspect a vulnerability, please do not file "
+"a public issue. Instead, send your report privately through our "
+"`reporting form <https://github.com/globaleaks/whistleblowing-"
+"software/security/advisories/new>`_ or via email to "
+"`security@globaleaks.org <mailto:security@globaleaks.org>`_."
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1 ../../user/admin/UserInterface.rst:135
+msgid "Date"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Auditor"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "2013"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`iSecPartners <https://www.isecpartners.com>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Architecture Audit"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`Report <https://www.globaleaks.org/docs/en/pt/2013-isec.pdf>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`Cure53 <https://cure53.de/>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Web Security Audit"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`Report <https://www.globaleaks.org/docs/en/pt/2013-cure53.pdf>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "2014"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`LeastAuthority <https://leastauthority.com/>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Source Code Audit"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`Report <https://www.globaleaks.org/docs/en/pt/2014-leastauthority.pdf>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "2018"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`SubGraph <https://subgraph.com/>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Overall Audit"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`Report <https://www.globaleaks.org/docs/en/pt/2018-subgraph.pdf>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "2019"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`RadicallyOpenSecurity <https://radicallyopensecurity.com/>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Crypto Audit, Multi-tenancy Audit, Overall Audit"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid ""
+"`Report "
+"<https://www.globaleaks.org/docs/en/pt/2019-radicallyopensecurity.pdf>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "2022"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid ""
+"Server Source Code Audit, Client Pentest, OpSec for Whistleblowers, OpSec"
+" for Server Administrators"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid ""
+"`Report "
+"<https://www.globaleaks.org/docs/en/pt/2022-radicallyopensecurity.pdf>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "2024"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`ISGroup <https://isgroup.it/>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Surface Analysis and Network Penetration Test"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`Report <https://www.globaleaks.org/docs/en/pt/2024-isgroup.pdf>`_"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:3
+msgid "Threat model"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:4
+msgid ""
+"GlobaLeaks is a free and open-source whistleblowing software designed for"
+" various usage scenarios, each requiring a balance between strong "
+"security and high usability. These two requirements are crucial for "
+"managing whistleblowing procedures effectively, protecting "
+"whistleblowers, and achieving specific project goals. Given the variety "
+"of use cases and associated risks, the software can be configured to "
+"address the specific threat model detailed here."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:6
+msgid ""
+"This document is intended for organizations implementing a whistleblowing"
+" procedure using GlobaLeaks. It supports the analysis and understanding "
+"of the specific threat model relevant to their context and risks and "
+"guides users in selecting best practices for their project."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:9
+msgid "Users matrix"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:10
+msgid ""
+"The first step is to define the types of users interacting with a "
+"GlobaLeaks platform."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "User"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Definition"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"The user who submits an anonymous report through the platform. "
+"Whistleblowers may operate under various threat models depending on the "
+"usage scenario and the nature of the information submitted."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"The user who receives and analyzes anonymous reports from Whistleblowers."
+" Recipients act in good faith and are considered trusted parties "
+"concerning the protection of Whistleblowers' confidentiality."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"Users responsible for setting up, managing, and monitoring the platform's"
+" security. Administrators may not be the same entities running or "
+"managing the whistleblowing initiatives (e.g., hosted solutions, multiple"
+" stakeholder projects). Administrators are trusted entities but do not "
+"have direct access to reports and advise Recipients on best practices."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:19
+msgid ""
+"It is crucial to apply security measures relative to the users of the "
+"platform, aiming to achieve an appropriate tradeoff between security and "
+"usability."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:22
+msgid "Anonymity matrix"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:23
+msgid ""
+"The anonymity of users must be classified depending on the context of "
+"use, as follows:"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Anonymous"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"The user accesses the platform via the Tor Browser and follows best "
+"practices to protect their identity, minimizing the risk of tracking by "
+"any system involved in the operation. The user has not disclosed their "
+"identity to Recipients."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Confidential"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"The user accesses the platform via a common browser. While third parties "
+"might log their IP address, the platform protects the content of their "
+"communication. The user may choose to disclose their identity to "
+"Recipients confidentially."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:31
+msgid ""
+"The platform always informs users of their current anonymity status and "
+"provides guidance on best practices for anonymous access via the Tor "
+"Browser. Administrators may enforce the requirement that Whistleblowers "
+"use the Tor Browser to file reports, depending on the use case."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:34
+msgid "Communication security matrix"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:35
+msgid ""
+"The security of communication concerning third-party monitoring varies "
+"based on the context of use."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Security level"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Description"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "High security"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"Tor is used, and communication is encrypted end-to-end with the "
+"GlobaLeaks platform, ensuring that no third party can eavesdrop on the "
+"communication."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Medium security"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"HTTPS is used, and communication is encrypted end-to-end with the "
+"GlobaLeaks platform. A third party capable of manipulating HTTPS security"
+" (e.g., re-issuing TLS certificates) could eavesdrop on the "
+"communication. If HTTPS security is maintained, monitoring the user's "
+"communication line or the GlobaLeaks platform's communication line is not"
+" feasible."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1 ../../security/ThreatModel.rst:44
+msgid "Identity disclosure matrix"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:45
+msgid ""
+"Regardless of the anonymity matrix, users may choose or be required to "
+"disclose their identity."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Undisclosed"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "The user's identity is not disclosed and is unlikely to be disclosed."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Optionally disclosed"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"The user's identity is not disclosed by default but may be voluntarily "
+"disclosed (e.g., an anonymous tip-off MAY receive a follow-up, whereas a "
+"formal report with disclosed identity MUST receive a follow-up)."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Disclosed"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "The user chooses or is required to disclose their identity to other users."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:54
+msgid ""
+"Identity disclosure is crucial because even in an Anonymous High security"
+" environment, disclosing one's identity may be a valuable option for "
+"specific whistleblowing workflows."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:56
+msgid ""
+"Users starting with an anonymity setting of “Anonymous” and an "
+"“Undisclosed Identity” can decide later to disclose their identity. "
+"Conversely, this cannot be undone. This consideration is key to ensuring "
+"user protection in GlobaLeaks."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:58
+msgid ""
+"Voluntary identity disclosure may be required in certain whistleblowing "
+"procedures because:"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:60
+msgid "A tip-off MAY receive a follow-up and can be anonymous;"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:61
+msgid "Formal reports MUST receive a follow-up and cannot be anonymous."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:63
+msgid ""
+"The distinction between “MAY” and “MUST” refers to the actions of "
+"recipients and is a fundamental element of the guarantees provided to "
+"whistleblowers in many initiatives (e.g., a corporate or institutional "
+"whistleblowing platform should not follow a MUST approach for anonymous "
+"submission follow-up, treating such submissions as tip-offs rather than "
+"formal reports)."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:66
+msgid "Usage scenarios matrix"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:67
+msgid ""
+"This section provides examples of how different anonymity levels for "
+"users can be combined depending on the context of use."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Use case"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Media outlet"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"A media outlet with a disclosed identity initiates a whistleblowing "
+"project. The outlet’s recipients are disclosed to Whistleblowers, "
+"allowing them to trust a specific journalist rather than the outlet "
+"itself. Full anonymity must be assured to whistleblowers, and their "
+"identity cannot be disclosed in connection with anonymous submissions. "
+"Whistleblowers MAY choose to disclose their identity if they trust the "
+"journalist's source-protection record."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Corporate compliance"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"A corporation implements transparency or anti-bribery law compliance by "
+"promoting initiatives to employees, consultants, and providers. "
+"Recipients are part of a company division (e.g., Internal Audit office). "
+"Whistleblowers are guaranteed full anonymity but may optionally disclose "
+"their identity."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Human Rights Activism Initiative"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"A human rights group initiates a whistleblowing project to expose "
+"violations in a dangerous area. The organization requires anonymity to "
+"avoid retaliation and operates under a pseudonym. Recipients MUST not be "
+"disclosed to Whistleblowers, but partial disclosure by pseudonym is "
+"acceptable to establish trust. The Whistleblower MUST be guaranteed "
+"anonymity and their identity cannot be disclosed."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Citizen media initiative"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"A citizen media initiative with a public identity seeks reports on "
+"specific topics (e.g., political, environmental malpractice, corruption) "
+"in a medium-low risk operational context. Recipients may use pseudonyms "
+"or remain public to avoid complete exposure. Whistleblowers, if the topic"
+" is not life-threatening, may submit reports confidentially to lower the "
+"entry barrier."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:77
+msgid ""
+"The following matrix illustrates how different usage scenarios can "
+"require various anonymity levels, communication security requirements, "
+"and identity disclosures for different users."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:79
+msgid ""
+"GlobaLeaks will provide appropriate security awareness information "
+"through its user interface and enforce specific requirements based on "
+"clear configuration guidelines."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Scenario"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Anonymity level"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Identity disclosure"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Communication security"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "No anonymity"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Admin"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Partially disclosed"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:98
+msgid "Data security matrix"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:99
+msgid ""
+"This section highlights the data handled by GlobaLeaks and the protection"
+" schemes applied to it."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:101
+msgid "The following information types are involved in GlobaLeaks:"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Information type"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Questionnaire answers"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"Data associated with a submission, including the filled forms and options"
+" selected by the Whistleblower."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Submission attachments"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Files associated with a submission."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Platform configuration"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Data for configuring and customizing the platform."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Software files"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"All files required for the software to function, including default "
+"configurations."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Email notifications"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Data sent to notify recipients of new reports via email."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:112
+msgid "Below is a matrix showing the different security measures applied to data."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Encryption"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Filters"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Sanitization"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Encrypted in the database with per-user/per-submission keys"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Keyword filters"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Antispam, Anti-XSS"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Encrypted on the filesystem with per-user/per-submission keys"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Extension blocking, Antivirus"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "N/A"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Encrypted with PGP when recipient keys are available"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Antispam to prevent flooding"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:122
+msgid "Threats to anonymity and confidentiality"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:123
+msgid ""
+"This section highlights various threats that require specific "
+"consideration."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:126
+msgid "Browser history and cache"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:127
+msgid ""
+"GlobaLeaks uses crafted HTTP headers and other techniques to minimize "
+"leaking information into a user’s browser history or cache. While this "
+"privacy feature enhances safety, it cannot guarantee protection against "
+"forensic analysis of browser cache and history but serves as an "
+"additional safety measure."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:130
+msgid "Metadata"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:131
+msgid ""
+"Files may contain metadata related to the author or whistleblower. "
+"Cleaning metadata from submitted files helps protect an \"unaware\" "
+"whistleblower from inadvertently including information that may "
+"compromise their anonymity. GlobaLeaks does not automatically clean "
+"metadata by default, as metadata is considered a fundamental part of the "
+"original evidence that should be preserved. Metadata cleanup is an "
+"optional step that may be suggested to Whistleblowers or performed by "
+"Recipients when sharing documents with others. When sharing files with "
+"external parties, Recipients are advised to print the document and "
+"provide a hard copy to ensure that only visible information is shared, "
+"avoiding the risk of sharing sensitive metadata. For more on metadata and"
+" redacting digital files, see the article `Everything you wanted to know "
+"about media metadata, but were afraid to ask "
+"<https://freedom.press/training/everything-you-wanted-know-about-media-"
+"metadata-were-afraid-ask/>`_ by Harlo Holmes. A useful tool for these "
+"procedures is the `Metadata Anonymization Toolkit "
+"<https://0xacab.org/jvoisin/mat2>`_."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:134
+msgid "Malware and trojans"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:135
+msgid ""
+"GlobaLeaks cannot prevent an attacker from using the platform maliciously"
+" to target recipients with malware or trojans. To mitigate risks of data "
+"exfiltration through trojans, Recipients should implement proper "
+"operational security by using dedicated laptops for report viewing and "
+"opening file attachments on offline computers. Wherever possible, they "
+"should use specialized secure operating systems like `QubesOS "
+"<https://www.qubes-os.org/>`_ or `Tails <https://tails.boum.org/>`_ and "
+"ensure up-to-date antivirus software is running."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:138
+msgid "Network and reverse proxies"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:139
+msgid ""
+"GlobaLeaks is designed for use with direct Tor or TLS connections from "
+"the user’s browser to the application backend. The use of Network and "
+"Reverse Proxies in front of the application is discouraged as they can "
+"interfere with the application and compromise confidentiality and "
+"anonymity measures implemented in GlobaLeaks."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:142
+msgid "Data stored outside the platform"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:143
+msgid ""
+"GlobaLeaks does not provide security for data stored outside the "
+"GlobaLeaks system. It is the responsibility of Recipients to protect data"
+" downloaded from the platform or shared via external USB drives. The "
+"operating system used or the USB drive should offer encryption to ensure "
+"that, in case of device loss or theft, the data remains inaccessible."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:146
+msgid "Environmental factors"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:147
+msgid ""
+"GlobaLeaks does not protect against environmental factors related to "
+"users' physical locations or social relationships. For example, if a user"
+" has a surveillance device in their home, GlobaLeaks cannot provide "
+"protection. Similarly, if a whistleblower, who is supposed to be "
+"anonymous, shares their story with friends or coworkers, GlobaLeaks "
+"cannot offer protection."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:150
+msgid "Incorrect data retention policies"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:151
+msgid ""
+"GlobaLeaks implements a strict default data retention policy of 90 days "
+"to allow users to manage reports within a limited time frame necessary "
+"for investigations. If the platform is configured to retain reports for "
+"an extended period and Recipients do not manually delete unnecessary "
+"reports, the value of the data increases, along with the risk of "
+"exposure."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:154
+msgid "Human negligence"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:155
+msgid ""
+"While GlobaLeaks provides Administrators with the ability to fine-tune "
+"security configurations and continuously informs users about their "
+"security context, it cannot protect against major security threats "
+"resulting from human negligence. For instance, if a Whistleblower submits"
+" data that can identify them as the unique owner or recent viewer, "
+"GlobaLeaks cannot protect their identity."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:158
+msgid "Advanced traffic analysis"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:159
+msgid ""
+"An attacker monitoring HTTPS traffic, without the ability to decrypt it, "
+"can still identify user roles based on different network traffic patterns"
+" generated by Whistleblowers, Recipients, and Administrators. GlobaLeaks "
+"does not offer protection against this type of threat. We recommend using"
+" `Tor pluggable transports <https://2019.www.torproject.org/docs"
+"/pluggable-transports.html.en>`_ or other methods that provide additional"
+" protection against such attacks."
+msgstr ""
+
+#: ../../security/index.rst:2
+msgid "Security"
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:2
+msgid "Installation guide"
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:3
+msgid "The following guide will help you through the installation of GlobaLeaks."
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:5
+msgid ""
+"Before starting the installation, ensure that your system meets the "
+":doc:`Requirements </gettingstarted/Requirements>`."
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:8
+msgid ""
+"GlobaLeaks is designed to provide optimal technical anonymity for "
+"whistleblowers. Additionally, the software can be configured to protect "
+"the identity of the platform administrator and the server's location, but"
+" this requires advanced setup procedures not covered in this simplified "
+"installation guide. By executing the commands below, your IP address and "
+"system location could be tracked by network providers, and our systems "
+"will receive the same information to facilitate software provisioning."
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:12
+msgid "**Install GlobaLeaks**"
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:14
+msgid "To install GlobaLeaks, run the following commands:"
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:22
+msgid ""
+"You may also install GlobaLeaks using Docker. Check out the `docker` "
+"directory in our GitHub repository for instructions."
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:24
+msgid ""
+"After installation, follow the instructions provided to guide you through"
+" accessing the :doc:`Platform wizard </setup/PlatformWizard>`."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:2
+msgid "Platform wizard"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:3
+msgid "After installing GlobaLeaks, you can proceed with the platform wizard."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:5
+msgid ""
+"Open a browser at port 443 or port 8443 on your remote or local IP, "
+"respectively."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:7
+msgid ""
+"We recommend performing the wizard either using the Tor address provided "
+"at the end of the setup or on localhost via a VPN."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:10
+msgid "Choose the primary language for your site"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:11
+msgid ""
+"On the first page of the wizard, you will be prompted to select the "
+"language for your site. The default choice is English, but many other "
+"languages are available, with more expected in the future."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:16
+msgid "Choose a name for your project"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:17
+msgid "In the second section of the wizard, configure the name of your project."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:22
+msgid "Configure the account for the administrator of your whistleblowing site"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:23
+msgid ""
+"In the third section of the wizard, configure the account details for the"
+" administrator of your project."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:25
+msgid ""
+"Be sure to choose a strong password to protect this sensitive account; an"
+" indication of the strength of the chosen password is provided to guide "
+"you."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:30
+msgid "Configure the account for the first recipient of reports"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:31
+msgid ""
+"In the fourth section of the wizard, configure the account details for "
+"the first recipient of reports sent to your project."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:36
+msgid "Read and accept the license"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:37
+msgid ""
+"In the fifth section of the wizard, you will be prompted to read and "
+"accept the GlobaLeaks License."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:42
+msgid "Complete the wizard"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:43
+msgid "The sixth section of the wizard confirms the completion of the setup."
+msgstr ""
+
+#: ../../user/Admin.rst:2
+msgid "For administrators"
+msgstr ""
+
+#: ../../user/Common.rst:2
+msgid "Common to all users"
+msgstr ""
+
+#: ../../user/Common.rst:4
+msgid "Login"
+msgstr ""
+
+#: ../../user/Common.rst:5
+msgid "Users could login by accessing the ``/#/login`` page."
+msgstr ""
+
+#: ../../user/Common.rst:10
+msgid "Access the user preferences"
+msgstr ""
+
+#: ../../user/Common.rst:11
+msgid ""
+"After login Users could access their preferences by clicking the "
+"``Preferences`` link present in the login status bar."
+msgstr ""
+
+#: ../../user/Common.rst:16
+msgid "Change your password"
+msgstr ""
+
+#: ../../user/Common.rst:17
+msgid ""
+"Users could change their own password by accessing the ``Password`` tab "
+"present in the ``Preferences`` page."
+msgstr ""
+
+#: ../../user/Common.rst:22
+msgid "Reset your password"
+msgstr ""
+
+#: ../../user/Common.rst:23
+msgid ""
+"Users could requests a password reset via the ``/#/login`` page by "
+"clicking the ``Forgot password?`` button."
+msgstr ""
+
+#: ../../user/Common.rst:25
+msgid ""
+"After clicking the button users are requested to type their own username "
+"or email address."
+msgstr ""
+
+#: ../../user/Common.rst:34
+msgid "Enable two-factor-authentication (2fa)"
+msgstr ""
+
+#: ../../user/Common.rst:35
+msgid ""
+"Users could enable Two-Factor-Authentication by clicking the ``Enable two"
+" factor authentication`` option inside the ``Preferences`` page."
+msgstr ""
+
+#: ../../user/Common.rst:37
+msgid ""
+"To enable the feature the user requires to have a phone with installed a "
+"common ``Authenticator APP`` implementing the TOTP standard as by `RFC "
+"6238 <https://tools.ietf.org/html/rfc6238>`_"
+msgstr ""
+
+#: ../../user/Common.rst:42
+msgid "Access and save your account recovery key"
+msgstr ""
+
+#: ../../user/Common.rst:43
+msgid ""
+"Users could access their own Account Recovery key by clicking the "
+"``Account Recovery Key`` button present in the ``Preferences`` page."
+msgstr ""
+
+#: ../../user/Common.rst:45
+msgid ""
+"This is a fundamental step that any user should do at their first login "
+"after activating their own account in order to backup their own account "
+"recovery key and get sure to not incur in data loss due to password loss."
+msgstr ""
+
+#: ../../user/Recipient.rst:2
+msgid "For recipients"
+msgstr ""
+
+#: ../../user/Recipient.rst:5
+msgid "Access the list of the existing reports"
+msgstr ""
+
+#: ../../user/Recipient.rst:6
+msgid ""
+"The lists of the existing reports can be accessed via the link "
+"``Reports`` on the sidebar of the Recipient's Homepage."
+msgstr ""
+
+#: ../../user/Recipient.rst:13
+msgid "Access a report"
+msgstr ""
+
+#: ../../user/Recipient.rst:14
+msgid "A report can be accessed in two ways:"
+msgstr ""
+
+#: ../../user/Recipient.rst:16
+msgid "By clicking on it like on a mailbox system from the ``Reports`` page"
+msgstr ""
+
+#: ../../user/Recipient.rst:17
+msgid ""
+"By clicking on the link received on a mail notification and entering own "
+"credentials"
+msgstr ""
+
+#: ../../user/Whistleblower.rst:2
+msgid "For whistleblowers"
+msgstr ""
+
+#: ../../user/Whistleblower.rst:5
+msgid "File a new report"
+msgstr ""
+
+#: ../../user/Whistleblower.rst:6
+msgid ""
+"A new report can be filed by accessing the homepage of the platform and "
+"clicking the ``File a report`` button."
+msgstr ""
+
+#: ../../user/Whistleblower.rst:12
+msgid ""
+"After filing a new report the systems provides to the user a 16-digit "
+"receipt."
+msgstr ""
+
+#: ../../user/Whistleblower.rst:17
+msgid "Access an existing report"
+msgstr ""
+
+#: ../../user/Whistleblower.rst:18
+msgid ""
+"An existing report can be accessed by entering the 16-digit receipt "
+"obtained at the end of the submission on the login interface present on "
+"the home page of the platform."
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:2
+msgid "Backup and restore"
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:4
+msgid "To perform a manual backup, you can use the following bash script:"
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:21
+msgid ""
+"After running the script, you will find a `tar.gz` archive in "
+"`/var/globaleaks/backups`. The file will be named in the format: "
+"`globaleaks-$version-$timestamp.tar.gz`."
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:23
+msgid ""
+"GlobaLeaks automatically performs a backup during each platform update. "
+"These backups are retained under a data retention policy and are deleted "
+"15 days after the update."
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:25
+msgid "To restore an existing backup:"
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:27
+msgid ""
+"Ensure that GlobaLeaks is not running; you can stop it using: `service "
+"globaleaks stop`."
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:28
+msgid ""
+"Identify the version of GlobaLeaks required for the restoration, which is"
+" indicated in the backup filename."
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:29
+msgid ""
+"Extract the contents of the archive to `/var/globaleaks` using: `tar "
+"-zxvf backup.tar.gz`."
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:30
+msgid ""
+"Install the required version of GlobaLeaks with: `apt-get install "
+"globaleaks=<version>` (e.g., `globaleaks=3`)."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:2
+msgid "Common configurations"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:4
+msgid "Configure the logo"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:5
+msgid ""
+"The first thing you want to give to your whistleblowing site is a "
+"branding identity; this could be done by loading a logo in section Site "
+"settings / Main configuration."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:9
+msgid ""
+"Scroll down along the page to reach the \"Save\" button, click on it and "
+"have your logo and favicon applied."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:12
+msgid "Enable languages"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:13
+msgid "You may want your GlobaLeaks installation served on more than one language"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:15
+msgid ""
+"To do so, in the section \"Site settings / Languages\" select the "
+"languages you would like and add them."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:17
+msgid ""
+"Note that in the same interface you can mark the default application "
+"language."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:22
+msgid "Configure notification settings"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:23
+msgid ""
+"GlobaLeaks sends out notifications of different events to different "
+"receivers and to admins. In order to have this working, you have to "
+"select  \"Notification Settings\" in the \"Administration Interface - "
+"General Settings\" page and set up email account and related server "
+"parameters."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:25
+msgid ""
+"We suggest you to setup an email account dedicated to sending out "
+"notifications from your initiative."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:29
+msgid "Enter the followings:"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:31
+msgid ""
+"SMTP name: the name of your GlobaLeaks project or something that equally "
+"descriptive"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:32
+msgid "SMTP email address: the email address used to send notifications"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:33
+msgid ""
+"Username: the username corresponding to the just inserted \"SMTP email "
+"address\"; this is needed to authenticate to the SMTP server and send "
+"emails"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:34
+msgid "Password: Password of the above corresponding \"SMTP email address\""
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:35
+msgid ""
+"SMTP Server Address: it is the hostname of the SMTP server you are using "
+"to send notification emails"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:36
+msgid ""
+"SMTP Server Port: Port used to send outgoing emails. It is usually 465 or"
+" 587 (SMTP with TLS is at TCP port 587; SMTP with SSL is at 465)"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:37
+msgid ""
+"Transport Security: from the drop down menu select the opportune security"
+" level"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:39
+msgid ""
+"It is better to leave untouched the pre-defined settings pertaining the "
+"notification to admins and to recipients, but in the case you want to "
+"disable them, it is possible to check the corresponding checkboxes."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:41
+msgid ""
+"You can then set the value for the time at which the notification alert "
+"of expiring report; this value is set at 72hours to give time to the "
+"recipient(s) to check and manage the pending submissions."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:43
+msgid ""
+"It is possible to tweak the maximum number of emails allowed in an hour, "
+"before email wil be suspended in order to avoid flooding the system. It "
+"is advised to keep the pre-defined value, and eventually change it "
+"accordingly with mail server capabilities."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:45
+msgid ""
+"Once configured all the parameters for notifications, it is possible to "
+"test them by just clicking on the \"Test the configuration\" button."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:47
+msgid ""
+"If all is working as expected, click on the \"Save\" button to keep the "
+"configured parameters."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:50
+msgid "Configure recipients"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:51
+msgid ""
+"The Recipient is the person that will receive and process the data that "
+"whistleblowers input in the platform. You can have one or multiple "
+"Recipients per Context, and also have one Recipient that can access to "
+"multiple Contexts. The platform is very flexible on this and allows you "
+"to define in very detail your whistleblowing system and procedure."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:55
+msgid "Customize the graphic layout"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:57
+msgid "Example 1: Custom Background"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:58
+msgid ""
+"This CSS example shows how to customize the Background Color of the "
+"application."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:68
+msgid "Example 2: Custom Font"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:69
+msgid "This CSS example shows how to customize the font of the application."
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:2
+msgid "Troubleshooting"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:5
+msgid "Issues and bug reporting"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:7
+msgid "If you encounter any issues and are unable to run GlobaLeaks:"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:9
+msgid "Ensure you strictly follow the Installation Guide."
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:10
+msgid ""
+"Verify that you meet the Technical Requirements for hardware and "
+"operating system version."
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:11
+msgid ""
+"Search the support forum to see if a user has already encountered your "
+"issue: `GlobaLeaks Discussions "
+"<https://github.com/orgs/globaleaks/discussions>`_"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:12
+msgid ""
+"Report the issue on the official software issue tracker: `GlobaLeaks "
+"Issues <https://github.com/globaleaks/globaleaks-whistleblowing-software/issues>`_"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:15
+msgid "Useful debugging commands"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:17
+msgid ""
+"Depending on your setup, here are some common checks to determine if "
+"GlobaLeaks is working:"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:19
+msgid "Is the service running?"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:25
+msgid "Is the service responding on the loopback interface?"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:31
+msgid "Is the service listening on external interfaces?"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:37
+msgid "Are exceptions being generated?"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:45
+msgid "Log files"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:46
+msgid ""
+"Here are some useful logs and their corresponding files when GlobaLeaks "
+"is installed:"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:48
+msgid "**GlobaLeaks process:**"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:55
+msgid ""
+"The verbosity of the logs is configurable via the web interface of the "
+"software under Advanced Settings."
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:2
+msgid "Upgrade guide"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:4
+msgid "Regular update"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:5
+msgid ""
+"To safely upgrade a GlobaLeaks installation please proceed with a backup "
+"of your setup by following the :doc:`Backup and restore "
+"</user/admin/BackupAndRestore>` guide."
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:7
+msgid ""
+"This is necessary so that if something goes wrong and you need to "
+"rollback, you will be able to just uninstall the current package, then "
+"install the same version of globaleaks that was previously installed and "
+"working."
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:9
+msgid "In order to update GlobaLeaks perform the following commands:"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:16
+msgid "Upgrade of the distribution version"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:17
+msgid ""
+"For security and stability reasons it is recommended to not perform a "
+"distribution upgrade."
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:19
+msgid ""
+"GlobaLeaks could be instead easily migrated to a new up-to-date Debian "
+"system with the following recommended instructions:"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:21
+msgid "create an archive backup of /var/globaleaks"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:22
+msgid "instantiate the lates Debian available"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:23
+msgid "log on the new server and extract the backup in /var/globaleaks"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:24
+msgid ""
+"follow the :doc:`Installation Guide </setup/InstallationGuide>`; "
+"GlobaLeaks while installing will recognize the presence of an existing "
+"data directory and will use it"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:27
+msgid "In case of errors"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:28
+msgid ""
+"The above commands should allow you to perform regularly updates. On some"
+" conditions due to special updates it could be possible that those "
+"commands result in a failure. Consult this page for knowning specific "
+"FAQs on precise failures."
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:30
+msgid ""
+"In case you do not find any specific documented solution for your "
+"failure, you could run the GlobaLeaks install script. The installation "
+"script in fact is designed to allow the update of GlobaLeaks and it "
+"includes fixes for the most common issue."
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:33
+msgid ""
+"To run the install script for updating globaleaks perform the following "
+"commands:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:2
+msgid "User interface"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:3
+msgid ""
+"This section offers you a summary of the user interface offered to Admin "
+"users."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:7
+msgid "Through the menu you could access the following administrative sections:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:9 ../../user/admin/UserInterface.rst:28
+#: ../../user/admin/UserInterface.rst:33 ../../user/admin/UserInterface.rst:44
+msgid "Settings"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:11 ../../user/admin/UserInterface.rst:77
+msgid "Users"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:13 ../../user/admin/UserInterface.rst:99
+msgid "Questionnaires"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:15 ../../user/admin/UserInterface.rst:158
+msgid "Channels"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:17 ../../user/admin/UserInterface.rst:185
+msgid "Case management"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:21 ../../user/admin/UserInterface.rst:228
+msgid "Network"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:23 ../../user/admin/UserInterface.rst:279
+msgid "Sites"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:25 ../../user/admin/UserInterface.rst:309
+msgid "Audit log"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:29
+msgid ""
+"This is the section that offers you all the main customization "
+"possibilities necessary for implementing a basic and functional "
+"whistleblowing site."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:31
+msgid "This section is furtherly divided in:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:35 ../../user/admin/UserInterface.rst:50
+msgid "Files"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:37 ../../user/admin/UserInterface.rst:56
+msgid "Languages"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:39
+msgid "Text customization"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:41
+msgid "Advanced settings"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:45
+msgid ""
+"In this section is configurable the logo and all the texts of the main "
+"user interfaces."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:51
+msgid ""
+"In this section could be loaded CSS and Javascript and other files "
+"necessary to customize the interface."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:57
+msgid ""
+"In this section you could enable all the languages required by your "
+"project and configure the default language."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:60
+msgid ""
+"Thanks to the `Localization Lab <https://www.localizationlab.org/>`_ and "
+"our great volunteer community, the software is already available and "
+"continuously made available in a lot of languages. This aspect of "
+"internationalization is crucial in many projects. In case you are "
+"starting a project and the required languages are not available we "
+"strongly invite you to register on our `web translation platform "
+"<https://www.transifex.com/otf/globaleaks/>`_ offered by `Transifex "
+"<https://www.transifex.com/otf/globaleaks/>`_ and support yourself the "
+"translation. Internationalization and Localization is in fact are crucial"
+" for the success of a whistleblowing project. Thank you!"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:65
+msgid "Text Customization"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:66
+msgid ""
+"Here could be configured overrides for any of the texts of the platform "
+"and of their translation."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:71
+msgid "Advanced Settings"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:72
+msgid "In this section could be configured a set of advanced settings."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:78
+msgid ""
+"This sections is where users could be created and managed. The system "
+"with the basic configuration completed with the initial Platform wizard "
+"is configured with an Administrator and a Recipient."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:81
+msgid ""
+"Depending on your project needs here you could create users with "
+"different roles and manage their respective privileges."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:86
+msgid "User Roles"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:87
+msgid ""
+"The software offers the possibility to create users with the following "
+"roles:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:89
+msgid "Administrators"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:91
+msgid "Recipients"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:94
+msgid "User Options"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:100
+msgid ""
+"The softare implements a standard default questionnaire that is proposed "
+"as a good base for a generic whistleblowing procedure. This questinnaire "
+"is the current result of the research performed by the project team with "
+"the organizations that have adopted the solution and expecially with "
+"anticorruption and investigative journalism NGOs."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:102
+msgid ""
+"As every organization has different needs, risks and goals globaleaks has"
+" been designed considering to implement an advanced questionnaire builder"
+" offering the possibility to design custom questionnaires."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:104
+msgid ""
+"The following sections present the questionnaire builder and its "
+"capabilities."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:108
+msgid ""
+"Depending on your project needs you may evaluate defining some questions "
+"once as Question Templates and reuse the same question in multiple "
+"questionnaires."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:113
+msgid "Steps"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:114
+msgid ""
+"The software enables to organize questionnaire in one or multiple steps. "
+"For example the default questionnaire is organized with a single step "
+"including all the questions."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:118
+msgid "Questions Types"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:119
+msgid "The software enables you to create questions of the following types:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:121
+msgid "Single-line text input"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:123
+msgid "Multi-line text input"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:125
+msgid "Selection box"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:127
+msgid "Multiple choice input"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:129
+msgid "Checkbox"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:131
+msgid "Attachment"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:133
+msgid "Terms of service"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:137
+msgid "Date range"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:139
+msgid "Voice"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:141
+msgid "Question group"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:144
+msgid "Common Question Properties"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:145
+msgid ""
+"Each of the software question types make it possible to configure the "
+"following properties:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:147
+msgid "Question: The text of the question"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:149
+msgid ""
+"Hint: A hint that will be shown via an popover an a question mark near "
+"the question."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:151
+msgid "Description: A description text that will be shown below the question"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:153
+msgid "Required: Set this field if you want this question to be mandatory"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:155
+msgid ""
+"Preview: Set this field if you want the answers to this question to "
+"appear in the preview section of the list"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:159
+msgid ""
+"This section is where whistleblowing channels could be created and "
+"managed."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:161
+msgid ""
+"A whistleblowing channel is typically defined by the following main "
+"characteristics"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:163
+msgid ""
+"Name: the name of the channel Image: an image to identify the channel "
+"Description: a description of the channel Recipients: the set of "
+"recipients that will receive reports sent to this channel Questionnaire: "
+"the questionnaire that will be proposed to whistleblowers selecting this "
+"channel Submission expiration: the data retention policy for the channel"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:170
+msgid ""
+"The system with the basic configuration completed with the initial "
+"platform wizard is configured with a single Channel called Default, on "
+"which is associated a recipient and the default questionnaire."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:172
+msgid ""
+"Depending on your project needs here you could create additional Channels"
+" and configure their respective properties."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:177
+msgid "Data Retention Policy"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:178
+msgid ""
+"The software enables to configure a data retention policy for each "
+"channel. This is a fundamental property of the whistleblowing channel "
+"that makes it possible to configure automatic secure deletion of reports "
+"after a certain period of time. This setting should be configured in "
+"relation to the risk of the channel in order to limit unneeded exposure "
+"of the reports received therein."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:182
+msgid "By default a channel is configured with a report expiration of 90 days."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:186
+msgid ""
+"This section is intended to host all the main case management feature "
+"that will be offered by the software. Currently it hosts the possibility "
+"to define reports statuses and sub-statuses intended to be used by "
+"Recipients while working on the reports."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:194
+msgid "By default the system includes the following report statuses:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:190
+msgid "New"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:192
+msgid "Open"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:194
+msgid "Closed"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:196
+msgid ""
+"Within this section you may add additional Statuses between the State "
+"Open and Closed and you can furtherly define Sub-statuses for the Closed "
+"status (e.g. Archived / Spam)"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:202
+msgid ""
+"This is the section where are configured all the aspects related to the "
+"mail notifications sent by the software."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:207
+#: ../../user/admin/UserInterface.rst:238
+msgid "The section is furtherly divided in:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:205
+#: ../../user/admin/UserInterface.rst:210
+msgid "Notification Settings"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:207
+#: ../../user/admin/UserInterface.rst:219
+msgid "Notification Templates"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:211
+msgid "Here are configured the technical details about SMTP."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:214
+msgid ""
+"By default GlobaLeaks comes with a working configuration that is based on"
+" systems offered by the GlobaLeaks developers to the community of users "
+"and testers; even though this configuration is designed by their owners "
+"with special care in relation to security and privacy you are invited to "
+"consider using alternative systems for your production environment."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:220
+msgid "In this section are configured the notification templates."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:222
+msgid ""
+"By default globaleaks includes text and translations for each of the "
+"templates that are provided to be fully functional and studied with "
+"particular care in relation to security and privacy. Depending on your "
+"project needs you may override the default text with your customized "
+"texts."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:229
+msgid "In this section are configured the network settings."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:232
+#: ../../user/admin/UserInterface.rst:241
+msgid "HTTPS"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:234
+#: ../../user/admin/UserInterface.rst:255
+msgid "Tor"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:236
+msgid "IP Access control"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:238
+#: ../../user/admin/UserInterface.rst:273
+msgid "URL Redirects"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:242
+msgid ""
+"Here you can configure all the aspects related to the access of the "
+"platform via the HTTPS Protocol."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:246
+msgid "In particular here are configured:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:248
+msgid "The domain name used by your project"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:250
+msgid "The HTTPS key and certificates"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:252
+msgid ""
+"To ease the deployment and the maintenance and reduce the costs of your "
+"project, consider using the software includes support for the Let’s "
+"Encrypt HTTPS certificates."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:256
+msgid ""
+"Here you can configure all the aspects related to the access of the "
+"platform via the Tor Protocol."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:261
+msgid "IP Access Control"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:262
+msgid "Here you can configure IP based Access Control."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:266
+msgid "Suggested configurations are:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:268
+msgid "Prevent Whistleblowers to report from within their respective work space."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:270
+msgid "Restrict Recipients access to their intranet."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:274
+msgid "Here you can configure URL Redirects."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:280
+msgid ""
+"The site section enables organization to create and manage multiple "
+"secondary whistleblowing sites."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:283
+msgid "Sites Management"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:284
+msgid ""
+"Secondary whistleblowing platforms with independent configurations can be"
+" manually created and managed through the Sites interface."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:286
+msgid ""
+"Organizations have typically need for creating a secondary site when "
+"dealing with subsidiaries or third party clients."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:290
+msgid ""
+"After creating a secondary site an administrators of the main site could "
+"simply enter on that system by clicking a \"Configure\" button."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:292
+msgid ""
+"After clicking on the button the administrator will be logged in on the "
+"the administrative panel of the site."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:295
+msgid "Signup Module"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:296
+msgid ""
+"The software features a signup module that can be enabled and used to "
+"offers others users the possibility to register their secondary site."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:298
+msgid ""
+"Organizations have typically need for a signup module when offering the "
+"platform to other subsidiaries or third party clients where they want "
+"users to have the possibility to self subscribe."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:300
+msgid "The signup feature can be anabled in the Options tab of the Sites section."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:304
+msgid ""
+"When the signup module is enabled the submission module of the main site "
+"is automatically disabled and the home page will be featuring the "
+"following signup form:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:310
+msgid ""
+"The software features a privacy precerving audit log enabling "
+"administrators of the system to supervise on projects operations."
+msgstr ""
+
+#: ../../user/index.rst:2
+msgid "User documentation"
+msgstr ""
+
diff --git a/documentation/locale/en/LC_MESSAGES/sphinx.mo b/documentation/locale/en/LC_MESSAGES/sphinx.mo
new file mode 100644
index 0000000000..efc883abe9
Binary files /dev/null and b/documentation/locale/en/LC_MESSAGES/sphinx.mo differ
diff --git a/documentation/locale/en/LC_MESSAGES/sphinx.po b/documentation/locale/en/LC_MESSAGES/sphinx.po
new file mode 100644
index 0000000000..e84326f223
--- /dev/null
+++ b/documentation/locale/en/LC_MESSAGES/sphinx.po
@@ -0,0 +1,4671 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) 2011-2024 - GlobaLeaks
+# This file is distributed under the same license as the GlobaLeaks package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2024.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: GlobaLeaks 5.0.15\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2024-10-14 19:43+0200\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language: en\n"
+"Language-Team: en <LL@li.org>\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Generated-By: Babel 2.16.0\n"
+
+#: ../../developer/ContinuousIntegration.rst:3
+msgid "Continuous integration"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:4
+msgid ""
+"The GlobaLeaks codebase is continuously tested for bug within a complete "
+"continuous integration lifecycle implemented."
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:6
+msgid "Testes are performed at every commit by:"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:8
+msgid ""
+"performing continous integration testing with `GitHub Actions "
+"<https://github.com/globaleaks/globaleaks-whistleblowing-software/actions>`_;"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:9
+msgid ""
+"tracking tests coverage and code quality with `Codacy "
+"<https://app.codacy.com/manual/GlobaLeaks/GlobaLeaks>`_."
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:12
+msgid "Unit tests"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:13
+msgid "Unit tests are implemented by means of python-twisted and trial"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:15
+#: ../../developer/ContinuousIntegration.rst:26
+msgid "Tests can be run manually by issuing:"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:23
+msgid "E2E tests"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:24
+msgid "End to end tests are implemented by means of Cypress."
+msgstr ""
+
+#: ../../developer/DatabaseSchema.rst:2
+msgid "Database schema"
+msgstr ""
+
+#: ../../developer/Environment.rst:3
+msgid "Development environment"
+msgstr ""
+
+#: ../../developer/Environment.rst:4
+msgid ""
+"This guide describes how to set up an environment in order to contribute "
+"to the development of GlobaLeaks."
+msgstr ""
+
+#: ../../developer/Environment.rst:7 ../../gettingstarted/Requirements.rst:2
+msgid "Requirements"
+msgstr ""
+
+#: ../../developer/Environment.rst:8
+msgid ""
+"The guide assumes you run a Debian based system and that the following "
+"software is installed on your system:"
+msgstr ""
+
+#: ../../developer/Environment.rst:10
+msgid "debhelper"
+msgstr ""
+
+#: ../../developer/Environment.rst:11
+msgid "devscripts"
+msgstr ""
+
+#: ../../developer/Environment.rst:12
+msgid "dh-apparmor"
+msgstr ""
+
+#: ../../developer/Environment.rst:13
+msgid "dh-python"
+msgstr ""
+
+#: ../../developer/Environment.rst:14
+msgid "git"
+msgstr ""
+
+#: ../../developer/Environment.rst:15
+msgid "grunt-cli"
+msgstr ""
+
+#: ../../developer/Environment.rst:16
+msgid "node"
+msgstr ""
+
+#: ../../developer/Environment.rst:17
+msgid "npm"
+msgstr ""
+
+#: ../../developer/Environment.rst:18
+msgid "python3"
+msgstr ""
+
+#: ../../developer/Environment.rst:19
+msgid "python3-dev"
+msgstr ""
+
+#: ../../developer/Environment.rst:20
+msgid "python3-pip"
+msgstr ""
+
+#: ../../developer/Environment.rst:21
+msgid "python3-setuptools"
+msgstr ""
+
+#: ../../developer/Environment.rst:22
+msgid "python3-sphinx"
+msgstr ""
+
+#: ../../developer/Environment.rst:23
+msgid "python3-virtualenv"
+msgstr ""
+
+#: ../../developer/Environment.rst:26 ../../setup/index.rst:2
+msgid "Setup"
+msgstr ""
+
+#: ../../developer/Environment.rst:27
+msgid "The repository could be cloned with:"
+msgstr ""
+
+#: ../../developer/Environment.rst:33
+msgid "Client dependencies could be installed by issuing:"
+msgstr ""
+
+#: ../../developer/Environment.rst:41
+msgid "Backend dependencies could be installed by issuing:"
+msgstr ""
+
+#: ../../developer/Environment.rst:50
+msgid ""
+"This will create for you a python virtualenv in the directory env "
+"containing all the required python dependencies. To leave the virtualenv,"
+" type ``deactivate``."
+msgstr ""
+
+#: ../../developer/Environment.rst:52
+msgid ""
+"Then, anytime you will want to activate the environment to run globaleaks"
+" you will just need to issue the command:"
+msgstr ""
+
+#: ../../developer/Environment.rst:58
+msgid "Setup the client:"
+msgstr ""
+
+#: ../../developer/Environment.rst:66
+msgid "Setup the backend and its dependencies:"
+msgstr ""
+
+#: ../../developer/Environment.rst:76
+msgid "Run"
+msgstr ""
+
+#: ../../developer/Environment.rst:77
+msgid ""
+"To run globaleaks from sources within the development environment you "
+"should issue:"
+msgstr ""
+
+#: ../../developer/Environment.rst:85
+msgid ""
+"GlobaLeaks will start and be reachable at the following address "
+"https://127.0.0.1:8443"
+msgstr ""
+
+#: ../../developer/Environment.rst:88
+msgid "Building the docs"
+msgstr ""
+
+#: ../../developer/Environment.rst:89
+msgid "To build the documentation:"
+msgstr ""
+
+#: ../../developer/Environment.rst:97
+msgid "To edit the docs with hot-reload functionality:"
+msgstr ""
+
+#: ../../developer/Environment.rst:107
+msgid ""
+"Sphinx server will start and be reachable at the following address "
+"http://127.0.0.1:8000 in the web browser."
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:2
+msgid "Release procedure"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:3
+msgid "This is the procedure followed to publish a new GlobaLeaks release."
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:5
+msgid "A release is represented by:"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:7
+msgid "A version bump;"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:8
+msgid "An updated CHANGELOG;"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:9
+msgid "A commit titled \"Bump to version $number\";"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:10
+msgid "A tag commit $version signed by a core developer with their own key;"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:11
+msgid "An updated package on deb.globaleaks.org;"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:12
+msgid "A signed repository."
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:15
+msgid "Release tagging"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:16
+msgid ""
+"To release is tagger by means of the official version bump script by "
+"issuing:"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:23
+msgid "Release packaging"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:24
+msgid "The package is built by means of the official build script by issuing:"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:30
+msgid "This command builds a package for each supported distribution and version."
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:33
+msgid "Package publishing"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:34
+msgid "The package is published on https://deb.globaleaks.org by issuing:"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:41
+msgid "Repository signing"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:42
+msgid ""
+"The release is then signed by a core developer by using the official "
+"project key via:"
+msgstr ""
+
+#: ../../developer/SoftwareLibraries.rst:2
+msgid "Software libraries"
+msgstr ""
+
+#: ../../developer/SoftwareLibraries.rst:3
+msgid ""
+"The software libraries used by GlobaLeaks are listed in the following "
+"files:"
+msgstr ""
+
+#: ../../developer/SoftwareLibraries.rst:5
+msgid ""
+"Backend: `backend/requirements.txt <https://github.com/globaleaks"
+"/globaleaks-whistleblowing-software/blob/main/backend/requirements/requirements-"
+"bullseye.txt>`_"
+msgstr ""
+
+#: ../../developer/SoftwareLibraries.rst:6
+msgid ""
+"Client: `client/package.json <https://github.com/globaleaks"
+"/globaleaks-whistleblowing-software/blob/main/client/package.json>`_"
+msgstr ""
+
+#: ../../developer/SoftwareLibraries.rst:7
+msgid ""
+"Packaging: `debian/control <https://github.com/globaleaks/whistleblowing-"
+"software/blob/main/debian/controlX/control.bullseye>`_"
+msgstr ""
+
+#: ../../developer/index.rst:2
+msgid "Developer documentation"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:2
+msgid "Features"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:3
+msgid "These are the key features of the software:"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:6
+msgid "User features"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:8
+msgid ""
+"Multi-user system with customizable user roles (whistleblower, recipient,"
+" administrator)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:9
+msgid "Fully manageable via a web administration interface"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:10
+msgid ""
+"Allows whistleblowers to decide if and when to confidentially declare "
+"their identity"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:11
+msgid "Facilitates multimedia file exchanges with whistleblowers"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:12
+msgid "Secure management of file access and visualization"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:13
+msgid "Enables chat with whistleblowers to discuss reports"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:14
+msgid "Provides a unique 16-digit receipt for anonymous whistleblower login"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:15
+msgid "Simple recipient interface for receiving and analyzing reports"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:16
+msgid "Supports report categorization with labels"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:17
+msgid "Includes user search functionality for reports"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:18
+msgid "Supports the creation and assignment of case management statuses"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:19
+msgid "Customizable appearance (logo, color, styles, font, text)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:20
+msgid "Allows defining multiple reporting channels (e.g., by topic, department)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:21
+msgid ""
+"Enables creation and management of multiple whistleblowing sites (e.g., "
+"for subsidiaries or third-party clients)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:22
+msgid "Advanced questionnaire builder"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:23
+msgid "Provides whistleblowing system statistics"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:24
+msgid ""
+"Support for `over 90 languages "
+"<https://www.transifex.com/otf/globaleaks>`_ and Right-to-Left (RTL) "
+"languages"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:27
+msgid "Legal features"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:29
+msgid ""
+"Designed in adherence to `ISO 37002:2021 "
+"<https://www.iso.org/standard/65035.html>`_ and `EU Directive 2019/1937 "
+"<https://eur-lex.europa.eu/legal-"
+"content/en/TXT/?uri=CELEX%3A32019L1937>`_ recommendations for "
+"whistleblowing compliance"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:30
+msgid "Supports bidirectional anonymous communication (comments/messages)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:31
+msgid "Customizable case management workflow (statuses/sub-statuses)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:32
+msgid "Conditional reporting workflow based on whistleblower identity"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:33
+msgid "Manages conflicts of interest in the reporting workflow"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:34
+msgid "Custodian functionality to authorize access to whistleblower identity"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:35
+msgid "GDPR privacy by design and by default"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:36
+msgid "Configurable GDPR data retention policies"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:37
+msgid "GDPR-compliant subscriber module for new SaaS users"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:38
+msgid "No IP address logging"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:39
+msgid "Includes an audit log"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:40
+msgid "Integrates with existing enterprise case management platforms"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:41
+msgid ""
+"Free Software OSI Approved `AGPL 3.0 License "
+"<https://github.com/globaleaks/whistleblowing-"
+"software/blob/main/LICENSE>`_"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:44
+msgid "Security features"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:46
+msgid ""
+"Designed in adherence to `ISO 27001:2022 "
+"<https://www.iso.org/standard/82875.html>`_, `CSA STAR "
+"<https://cloudsecurityalliance.org/star>`_, and `OWASP "
+"<https://owasp.org/>`_ recommendations for security compliance"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:47
+msgid ""
+"Full data encryption for whistleblower reports and recipient "
+"communications"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:48
+msgid ""
+"Supports digital anonymity through `Tor <https://www.torproject.org/>`_ "
+"integration"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:49
+msgid ""
+"Built-in HTTPS support with `TLS 1.3 "
+"<https://tools.ietf.org/html/rfc8446>`_ standard and `SSLabs A+ "
+"<https://www.ssllabs.com/ssltest/analyze.html?d=try.globaleaks.org>`_ "
+"rating"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:50
+msgid ""
+"Automatic enrollment for free digital certificates with `Let’s Encrypt "
+"<https://letsencrypt.org/>`_"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:51
+msgid "Multiple penetration tests with publicly available reports"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:52
+msgid ""
+"Two-Factor Authentication (2FA) compliant with `TOTP RFC 6238 "
+"<https://tools.ietf.org/html/rfc6238>`_"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:53
+msgid "Integrated network sandboxing with iptables"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:54
+msgid "Application sandboxing with `AppArmor <http://wiki.apparmor.net/>`_"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:55
+msgid "Complete protection against automated submissions (spam prevention)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:56
+msgid "Continuous peer review and periodic security audits"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:57
+msgid "PGP support for encrypted email notifications and file downloads"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:58
+msgid "Leaves no traces in browser cache"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:61
+msgid "Technical features"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:63
+msgid ""
+"Designed in adherence to `Directive (EU) 2019/882 <https://eur-"
+"lex.europa.eu/legal-content/IT/TXT/?uri=CELEX%3A32019L0882>`_, `Directive"
+" (EU) 2016/2102 <https://eur-lex.europa.eu/legal-"
+"content/IT/TXT/?uri=CELEX%3A32016L2102>`_, `ETSI EN 301 549 "
+"<https://www.etsi.org/deliver/etsi_en/301500_301599/301549/03.02.01_60/en_301549v030201p.pdf>`_,"
+" `W3C WCAG 2.2 <https://www.w3.org/TR/WCAG22/>`_, and `WAI-ARIA 2.2 "
+"<https://www.w3.org/TR/wai-aria-1.2/>`_ recommendations for accessibility"
+" compliance"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:64
+msgid ""
+"Multi-site support enabling the operation of multiple virtual sites on "
+"the same setup"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:65
+msgid ""
+"Responsive user interfaces created with `Bootstrap "
+"<https://getbootstrap.com/>`_ CSS framework"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:66
+msgid "Automated software quality measurement and continuous integration testing"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:67
+msgid "Long-Term Support (LTS) plan"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:68
+msgid ""
+"Built with lightweight framework technologies (`Angular "
+"<https://angular.dev/>`_ and `Python Twisted <https://twisted.org/>`_)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:69
+msgid "Integrated `SQLite <https://sqlite.org>`_ database"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:70
+msgid ""
+"Automatic setup for `Tor Onion Services Version 3 "
+"<https://www.torproject.org/>`_"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:71
+msgid "Supports self-service signup for whistleblowing SaaS setup"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:72
+msgid ""
+"Compatible with Linux operating systems (`Debian "
+"<https://www.debian.org/>`_ / `Ubuntu <https://ubuntu.com/>`_)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:73
+msgid "Debian packaging with a repository for updates/upgrades"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:74
+msgid "Fully self-contained application"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:75
+msgid "Easy integration with existing websites"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:76
+msgid ""
+"Built and packaged with `reproducibility "
+"<https://en.wikipedia.org/wiki/Reproducible_builds>`_ in mind"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:77
+msgid "REST API"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:2
+msgid "Glossary"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:3
+msgid ""
+"This glossary defines jargon used in GlobaLeaks in a clear and consistent"
+" manner."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:5 ../../security/ThreatModel.rst:1
+msgid "Administrator"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:7
+msgid ""
+"The user who has set up and maintains the platform. An Administrator does"
+" not have access to Whistleblowers’ reports."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:8
+msgid "Channel"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:10
+msgid ""
+"A reporting channel used as a container for reports. Channels can be "
+"configured with specific questionnaires, recipients, and policies. They "
+"are typically used to organize the reporting process."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:11 ../../user/admin/UserInterface.rst:19
+#: ../../user/admin/UserInterface.rst:201
+msgid "Notification"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:13
+msgid ""
+"An email sent to inform a recipient of a new report or an update to an "
+"existing report."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:14
+msgid "Platform"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:16
+msgid "A system running the GlobaLeaks software."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:17
+msgid "Questionnaire"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:19
+msgid "A set of questions that the whistleblower must complete to file a report."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:20
+#: ../../security/ApplicationSecurity.rst:32
+msgid "Receipt"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:22
+msgid ""
+"A 16-digit random secret code generated by the system and provided to "
+"whistleblowers upon submission of their report. This code allows them to "
+"anonymously access and update their report by adding comments and new "
+"files."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:23 ../../security/ThreatModel.rst:1
+msgid "Recipient"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:25
+msgid ""
+"A user authorized to read whistleblowers’ reports. Recipients may also "
+"communicate with whistleblowers via the GlobaLeaks platform."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:26 ../../security/PenetrationTests.rst:1
+msgid "Report"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:28
+msgid ""
+"The submission by a whistleblower, including answers to a questionnaire "
+"and any attached material."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:29 ../../security/ThreatModel.rst:1
+msgid "Whistleblower"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:31
+msgid "The person who files a report."
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:3
+msgid ""
+"Ensure you understand and meet each of the following technical "
+"requirements."
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:6
+msgid "Hardware requirements"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:7
+msgid "**Requirements**:"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:9
+msgid "CPU: Dual-core 2.0GHz (64-bit)"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:10
+msgid "RAM: 1GB"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:11
+msgid "Storage: 20GB"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:12
+msgid "I/O: 10Mbit/s (shared)"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:14
+msgid ""
+"Please note that GlobaLeaks is designed to run on servers with "
+"specifications smaller than those listed above."
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:16
+msgid ""
+"The storage size should be determined based on your data retention "
+"policies and the expected use of the platform."
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:19
+msgid "Software requirements"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:20
+msgid ""
+"GlobaLeaks is designed to run on GNU/Linux and is developed and tested "
+"specifically for Debian-based systems."
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:22
+msgid ""
+"The currently recommended distributions are: Debian 12 (Bookworm) and "
+"Ubuntu 24.04 (Noble)"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:24
+msgid ""
+"The software lifecycle of the platform includes full support for all "
+"Debian and Ubuntu LTS versions starting from `Debian 10 "
+"<https://www.debian.org/releases/buster/>`_ and `Ubuntu 20.04 "
+"<https://releases.ubuntu.com/20.04/>`_."
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:26
+msgid ""
+"Support is guaranteed on these platforms according to the official long-"
+"term support timelines:"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:28
+msgid "`Debian Release End of Life Timeline <https://wiki.debian.org/LTS>`_"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:29
+msgid ""
+"`Ubuntu Release End of Life Timeline <https://www.ubuntu.com/info"
+"/release-end-of-life>`_"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:31
+msgid ""
+"Currently, we do not plan to support additional distributions, as "
+"GlobaLeaks adheres to the Unix philosophy of making each program excel in"
+" a specific area. By focusing our efforts on mastering one domain, we aim"
+" to serve our community most effectively. If you are interested in "
+"helping us extend support to additional distributions, please get in "
+"touch."
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:2
+msgid "Supported browsers"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:4
+msgid ""
+"GlobaLeaks is designed to fully support commonly used browsers on desktop"
+" PCs, laptops, tablets, and smartphones."
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:6
+msgid ""
+"We recommend using the `Tor Browser <https://www.torproject.org/>`_ for "
+"enhanced anonymity and additional privacy and security features not "
+"available in other browsers."
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:8
+msgid "Other supported browsers include:"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Browser"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Version"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Mozilla Firefox"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid ">= 38"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Google Chrome"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid ">= 45"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Brave"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid ">= 1.20.110"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Edge"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "any"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Safari"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid ">= 8"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "iOS"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid ">= 9"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Android"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid ">= 4.4"
+msgstr ""
+
+#: ../../gettingstarted/index.rst:2
+msgid "Getting started"
+msgstr ""
+
+#: ../../index.rst:2
+msgid "Documentation"
+msgstr ""
+
+#: ../../index.rst:4
+msgid ""
+"`GlobaLeaks <https://www.globaleaks.org/>`_ is an open-source, free "
+"software intended to enable anyone to easily set up and maintain a secure"
+" whistleblowing platform."
+msgstr ""
+
+#: ../../index.rst:7
+msgid ""
+"This documentation is thank to the support of our community. Join us and "
+"contribute with your additions and suggestion. In any of the page you "
+"find a link that enables you to provide suggestions and corrections. We "
+"remind you that in case of any software issue or bug you may always "
+"report on the `ticketing system <https://github.com/globaleaks"
+"/globaleaks-whistleblowing-software/issues>`_."
+msgstr ""
+
+#: ../../roadmap/index.rst:2
+msgid "Project roadmap"
+msgstr ""
+
+#: ../../roadmap/index.rst:5
+msgid ""
+"This tentative roadmap is built by the GlobaLeaks team in order to try to"
+" respond to main users' needs. Please get sure that the needs of your "
+"projects and users are well represented on the project `Ticketing System "
+"<https://github.com/globaleaks/globaleaks-whistleblowing-software/issues>`_. If your"
+" organization could fund the development of parts of this roadmap please "
+"write us at info@globaleaks.org"
+msgstr ""
+
+#: ../../roadmap/index.rst:8
+msgid "Introduction"
+msgstr ""
+
+#: ../../roadmap/index.rst:9
+msgid ""
+"`GlobaLeaks <https://www.globaleaks.org>`_ is free, open source software "
+"enabling anyone to easily set up and maintain a secure whistleblowing "
+"platform."
+msgstr ""
+
+#: ../../roadmap/index.rst:11
+msgid ""
+"Started in 2011, the software is now widely used worldwide by more than "
+"3000 organizations working in the fields of anti-corruption activism, "
+"human rights violations reporting, investigative journalism, and "
+"corporate compliance."
+msgstr ""
+
+#: ../../roadmap/index.rst:13
+msgid ""
+"This document details the main areas of research development and "
+"represents the actual tentative readmap of consolidation planned for "
+"2024-2026 based on the analysis of the large set of user needs collected "
+"within the official `Ticketing System <https://github.com/globaleaks"
+"/globaleaks-whistleblowing-software/issues>`_."
+msgstr ""
+
+#: ../../roadmap/index.rst:16
+msgid "Development areas"
+msgstr ""
+
+#: ../../roadmap/index.rst:19
+msgid "Statistics and Reporting"
+msgstr ""
+
+#: ../../roadmap/index.rst:20
+msgid ""
+"GlobaLeaks still misses the implementation for any generation of "
+"statistics and reports. Such features are considered fundamental in order"
+" to properly support users in analysis, investigation and reporting."
+msgstr ""
+
+#: ../../roadmap/index.rst:22
+msgid "E.g:"
+msgstr ""
+
+#: ../../roadmap/index.rst:24
+msgid ""
+"Recipients should be able to visually see statistics about the received "
+"reports received and the data contained; these statistics should empower "
+"users in their work providing relevant information out of the data "
+"collection that could help users analyze and study social problems like "
+"corruption and be able to organize and export automatic reporting;"
+msgstr ""
+
+#: ../../roadmap/index.rst:25
+msgid ""
+"Administrators should be able to visually see a dashboard in order to "
+"monitor the system and assure that all is working well (e.g. that "
+"recipients are receiving submissions and are able to access them and that"
+" no attacks are performed on the system)."
+msgstr ""
+
+#: ../../roadmap/index.rst:27 ../../roadmap/index.rst:42
+msgid "Ideas:"
+msgstr ""
+
+#: ../../roadmap/index.rst:29
+msgid ""
+"A client library could be adopted to generate reports directly on the "
+"client (e.g. Chart.js)"
+msgstr ""
+
+#: ../../roadmap/index.rst:30
+msgid ""
+"The implementation should support the possibility of exporting the report"
+" in PDF; in relation to this aspect it should be considered the "
+"advantages of a possible backend implementation."
+msgstr ""
+
+#: ../../roadmap/index.rst:32 ../../roadmap/index.rst:47
+#: ../../roadmap/index.rst:58 ../../roadmap/index.rst:71
+#: ../../roadmap/index.rst:84
+msgid "Reference tickets:"
+msgstr ""
+
+#: ../../roadmap/index.rst:34
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/1959"
+msgstr ""
+
+#: ../../roadmap/index.rst:35
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2254"
+msgstr ""
+
+#: ../../roadmap/index.rst:39
+msgid "Audit Log"
+msgstr ""
+
+#: ../../roadmap/index.rst:40
+msgid ""
+"GlobaLeaks still misses the implementation of a complete audit logit. "
+"This is considered a fundamental feature in order to achieve full "
+"accontability of the whistleblowing process and increase security."
+msgstr ""
+
+#: ../../roadmap/index.rst:44
+msgid "Software audit log should be improved"
+msgstr ""
+
+#: ../../roadmap/index.rst:45
+msgid ""
+"The software could exposes a standard log interfaces in CEF/LEEF/Syslog "
+"format to foster integration with third party SIEM software."
+msgstr ""
+
+#: ../../roadmap/index.rst:49
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2579"
+msgstr ""
+
+#: ../../roadmap/index.rst:50
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2580"
+msgstr ""
+
+#: ../../roadmap/index.rst:51
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2651"
+msgstr ""
+
+#: ../../roadmap/index.rst:54
+msgid "GDPR compliance"
+msgstr ""
+
+#: ../../roadmap/index.rst:55
+msgid ""
+"GlobaLeaks implements by-design many best practices in matters of privacy"
+" and security. In order to be effectively accepted and competitive beside"
+" commercial proprietary solutions and to guarantee the sustainability of "
+"the project, the software needs to achieve some market “standards” (e.g. "
+"GDPR compliance / ISO certifications / etc.); among all we selected that "
+"GDPR compliance is a first step where the software could implement best "
+"practices (e.g. procedures for self signup should present appropriate "
+"legal notices, terms of services, and contractualization). Within the "
+"software, there should be implemented an automatic contract generation "
+"via PDF or other suitable formats in respect with the GDPR requirements."
+msgstr ""
+
+#: ../../roadmap/index.rst:60
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2145"
+msgstr ""
+
+#: ../../roadmap/index.rst:61
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2658"
+msgstr ""
+
+#: ../../roadmap/index.rst:62
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2866"
+msgstr ""
+
+#: ../../roadmap/index.rst:63
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2767"
+msgstr ""
+
+#: ../../roadmap/index.rst:64
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/3011"
+msgstr ""
+
+#: ../../roadmap/index.rst:65
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/3012"
+msgstr ""
+
+#: ../../roadmap/index.rst:68
+msgid "Backup and Restore"
+msgstr ""
+
+#: ../../roadmap/index.rst:69
+msgid ""
+"GlobaLeaks currently misses any feature for performing backup and "
+"restoring of its setup. These duties are currently performed by its users"
+" following typical best manual practices (e.g. archiving the data "
+"directory of the application). This project idea is to research the best "
+"practices to be applied in this context and to identify suitable "
+"strategies for implementing periodic, secure and encrypted backups to be "
+"restored upon necessity."
+msgstr ""
+
+#: ../../roadmap/index.rst:73
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/528"
+msgstr ""
+
+#: ../../roadmap/index.rst:74
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2149"
+msgstr ""
+
+#: ../../roadmap/index.rst:77
+msgid "Multitenancy"
+msgstr ""
+
+#: ../../roadmap/index.rst:79
+msgid "Import and Export of Tenants"
+msgstr ""
+
+#: ../../roadmap/index.rst:80
+msgid ""
+"Part of the software is a recent feature of Multitenancy, first "
+"implemented in 2018 and stabilized during 2019. Through this feature, "
+"GlobaLeaks makes it possible to create multiple setups of itself via "
+"virtual sites (similarly to Wordpress multisite feature). In order to "
+"make it more easy for an administrator to migrate a platform form a "
+"system to an other or to enable users to require data portability from a "
+"globaleaks provider to an other, for example in relation to GDPR it has "
+"been evaluated necessary to improve the multi tenancy implementation by "
+"implementing support for import-export of tenants. In the context of a "
+"whistleblowing application, involving encryption and logging this poses "
+"important challenges on how to best handle this process."
+msgstr ""
+
+#: ../../roadmap/index.rst:86
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2632"
+msgstr ""
+
+#: ../../roadmap/index.rst:87
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2631"
+msgstr ""
+
+#: ../../roadmap/index.rst:90
+msgid "Multisite users"
+msgstr ""
+
+#: ../../roadmap/index.rst:91
+msgid "(To be further researched)"
+msgstr ""
+
+#: ../../roadmap/index.rst:93
+msgid ""
+"Important requirement at the base of the Multitenancy expansion is the "
+"possibility to enable users to be administrators and recipients of two or"
+" multiple instances running on the same multi-site setup. This is useful "
+"for example when a lawyer takes part as a recipient on multiple projects;"
+" as well it is useful when an ICT consultant joins consultancy on "
+"multiple projects."
+msgstr ""
+
+#: ../../roadmap/index.rst:96
+msgid ""
+"This could significatively simplify user access enabling the user to have"
+" a single set of username and password and associated keys."
+msgstr ""
+
+#: ../../roadmap/index.rst:98
+msgid "References tickets:"
+msgstr ""
+
+#: ../../roadmap/index.rst:100
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2302"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:3
+msgid "Application security"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:4
+msgid ""
+"The GlobaLeaks software aims to adhere to industry-standard best "
+"practices, with its security being the result of applied research."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:6
+msgid ""
+"This document details every aspect implemented by the application in "
+"relation to security design."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:9
+msgid "Architecture"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:10
+msgid "The software comprises two main components: a `Backend` and a `Client`:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:12
+msgid ""
+"The Backend is a Python-based server that runs on a physical server and "
+"exposes a `REST API "
+"<https://en.wikipedia.org/wiki/Representational_state_transfer>`_."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:13
+msgid ""
+"The Client is a JavaScript client-side web application that interacts "
+"with the Backend only through `XHR "
+"<https://en.wikipedia.org/wiki/XMLHttpRequest>`_."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:16
+msgid "Anonymity"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:17
+msgid ""
+"Users' anonymity is protected by means of `Tor "
+"<https://www.torproject.org>`_ technology."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:19
+msgid ""
+"The application is designed to avoid logging sensitive metadata that "
+"could lead to the identification of whistleblowers."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:22
+msgid "Authentication"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:23
+msgid ""
+"The confidentiality of authentication is protected either by `Tor Onion "
+"Services v3 <https://www.torproject.org/docs/onion-services.html.en>`_ or"
+" `TLS version 1.2+ "
+"<https://en.wikipedia.org/wiki/Transport_Layer_Security>`_."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:25
+msgid ""
+"This section describes the authentication methods implemented by the "
+"system."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:28
+msgid "Password"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:29
+msgid ""
+"By accessing the login web interface, `Administrators` and `Recipients` "
+"need to enter their respective `Username` and `Password`. If the "
+"submitted password is valid, the system grants access to the "
+"functionality available to that user."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:33
+msgid ""
+"`Whistleblowers` access their `Reports` using an anonymous `Receipt`, "
+"which is a randomly generated 16-digit sequence created by the Backend "
+"when the Report is first submitted. This format resembles a standard "
+"phone number, making it easier for whistleblowers to conceal their "
+"receipts."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:36
+msgid "Password security"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:37
+msgid "The system implements the following password security measures:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:40
+msgid "Password storage"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:41
+msgid ""
+"Passwords are never stored in plaintext; instead, the system maintains "
+"only a hashed version. This applies to all authentication secrets, "
+"including whistleblower receipts."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:43
+msgid ""
+"The platform stores users’ passwords hashed with a random 128-bit salt, "
+"unique for each user."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:45
+msgid ""
+"Passwords are hashed using `Argon2 "
+"<https://en.wikipedia.org/wiki/Argon2>`_, a key derivation function "
+"selected as the winner of the `Password Hashing Competition "
+"<https://en.wikipedia.org/wiki/Password_Hashing_Competition>`_ in July "
+"2015."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:47
+msgid ""
+"The hash involves a per-user salt for each user and a per-system salt for"
+" whistleblowers."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:50
+msgid "Password complexity"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:51
+msgid ""
+"The system enforces complex passwords by implementing a custom algorithm "
+"necessary to ensure reasonable entropy for each authentication secret."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:53
+msgid ""
+"Passwords are scored at three levels: `Strong`, `Acceptable`, and "
+"`Insecure`."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:55
+msgid ""
+"Strong: A strong password should include capital letters, lowercase "
+"letters, numbers, and symbols, be at least 12 characters long, and "
+"contain a variety of at least 10 different characters."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:56
+msgid ""
+"Acceptable: An acceptable password should include at least 3 different "
+"types of characters from capital letters, lowercase letters, numbers, and"
+" symbols, be at least 10 characters long, and contain a variety of at "
+"least 7 different characters."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:57
+msgid ""
+"Insecure: Passwords ranked below the strong or acceptable levels are "
+"marked as insecure and are not accepted by the system."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:59
+msgid ""
+"We encourage each end user to use `KeePassXC <https://keepassxc.org>`_ to"
+" generate and retain strong, unique passphrases."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:62
+msgid "Two-factor authentication"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:63
+msgid ""
+"The system implements Two-Factor Authentication (2FA) based on `TOTP` "
+"using the `RFC 6238 <https://tools.ietf.org/rfc/rfc6238.txt>`_ algorithm "
+"and 160-bit secrets."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:65
+msgid ""
+"Users can enroll in 2FA via their own preferences, and administrators can"
+" optionally enforce this requirement."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:67
+msgid ""
+"We recommend using `FreeOTP <https://freeotp.github.io/>`_, available "
+"`for Android "
+"<https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp>`_"
+" and `for iOS <https://apps.apple.com/us/app/freeotp-"
+"authenticator/id872559395>`_."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:70
+msgid "Slowdown on failed login attempts"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:71
+msgid ""
+"The system identifies multiple failed login attempts and implements a "
+"slowdown procedure, requiring an authenticating client to wait up to 42 "
+"seconds to complete an authentication."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:73
+msgid ""
+"This feature is intended to slow down potential attacks, requiring more "
+"resources in terms of time, computation, and memory."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:76
+msgid "Password change on first login"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:77
+msgid "The system enforces users to change their password at their first login."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:79
+msgid ""
+"Administrators can also enforce a password change for users at their next"
+" login."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:82
+msgid "Periodic password change"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:83
+msgid ""
+"By default, the system enforces users to change their password at least "
+"every year."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:85
+msgid "This period is configurable by administrators."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:88
+msgid "Password recovery"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:89
+msgid ""
+"In case of a lost password, users can request a password reset via the "
+"web login interface by clicking on a `Forgot password?` button present on"
+" the login page."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:91
+msgid ""
+"When this button is clicked, users are invited to enter their username or"
+" email. If the provided username or email corresponds to an existing "
+"user, the system will send a reset link to the configured email."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:93
+msgid ""
+"By clicking the link received by email, the user is then invited to set a"
+" new password different from the previous one."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:95
+msgid ""
+"If encryption is enabled on the system, a user clicking on the reset link"
+" must first enter their `Account Recovery Key`. Only after correct entry "
+"will the user be able to set a new password."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:98
+msgid "Web application security"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:99
+msgid ""
+"This section describes the Web Application Security implemented by the "
+"software in adherence to the `OWASP Security Guidelines "
+"<https://www.owasp.org>`_."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:102
+msgid "Session management"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:103
+msgid ""
+"The session implementation follows the `OWASP Session Management Cheat "
+"Sheet "
+"<https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html>`_"
+" security guidelines."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:105
+msgid ""
+"The system assigns a session to each authenticated user. The Session ID "
+"is a 256-bit long secret generated randomly by the backend. Each session "
+"expires according to a timeout of 30 minutes. Session IDs are exchanged "
+"between the client and the backend via a header (`X-Session`) and expire "
+"as soon as users close their browser or the tab running GlobaLeaks. Users"
+" can explicitly log out via a logout button or implicitly by closing the "
+"browser."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:108
+msgid "Session encryption"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:109
+msgid ""
+"To minimize the exposure of users' encryption keys, the keys are stored "
+"in an encrypted format and decrypted only upon each client request."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:111
+msgid ""
+"The implementation uses Libsodium's SecretBox, where the client's session"
+" key is used as the secret. Only the client maintains a copy of the "
+"session key, while the server retains only a SHA-256 hash."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:114
+msgid "Cookies and xsrf prevention"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:115
+msgid ""
+"Cookies are not used intentionally to minimize XSRF attacks and any "
+"possible attacks based on them. Instead of using cookies, authentication "
+"is based on a custom HTTP Session Header sent by the client on "
+"authenticated requests."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:118
+msgid "HTTP headers"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:119
+#, python-format
+msgid ""
+"The system implements a large set of HTTP headers specifically configured"
+" to improve software security and achieves a `score A+ by Security "
+"Headers "
+"<https://securityheaders.com/?q=https%3A%2F%2Ftry.globaleaks.org&followRedirects=on>`_"
+" and a `score A+ by Mozilla Observatory "
+"<https://observatory.mozilla.org/analyze/try.globaleaks.org>`_."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:122
+msgid "Strict-Transport-Security"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:123
+msgid "The system implements strict transport security by default. ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:128
+msgid "The default configuration of the application sees this feature disabled."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:131
+msgid "Content-Security-Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:132
+msgid ""
+"The backend implements a strict `Content Security Policy (CSP) "
+"<https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP>`_ preventing any "
+"interaction with third-party resources and restricting the execution of "
+"untrusted user input: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:137
+msgid ""
+"Specific policies are implemented in adherence to the principle of least "
+"privilege."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:139
+msgid "For example:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:141
+msgid ""
+"The `index.html` source of the app is the only resource allowed to load "
+"scripts from the same origin;"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:142
+msgid "Every dynamic content is strictly sandboxed on a null origin;"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:143
+msgid ""
+"Every untrusted user input or third-party library is executed in a "
+"sandbox, limiting its interaction with other application components."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:146
+msgid "Cross-Origin-Embedder-Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:147
+msgid ""
+"The backend implements the following `Cross-Origin-Embedder-Policy (COEP)"
+" <https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-"
+"Embedder-Policy>`_: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:153
+msgid "Cross-Origin-Opener-Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:154
+msgid ""
+"The backend implements the following `Cross-Origin-Opener-Policy (COOP) "
+"<https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-"
+"Opener-Policy>`_: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:160
+msgid "Cross-Origin-Resource-Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:161
+msgid ""
+"The backend implements the following `Cross-Origin-Resource-Policy (CORP)"
+" <https://developer.mozilla.org/en-US/docs/Web/HTTP/Cross-"
+"Origin_Resource_Policy>`_: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:167
+msgid "Permissions-Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:168
+msgid ""
+"The backend implements the following Permissions-Policy header "
+"configuration to limit the possible de-anonymization of the user by "
+"disabling dangerous browser features: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:174
+msgid "X-Frame-Options"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:175
+msgid ""
+"In addition to implementing Content Security Policy level 3 to prevent "
+"the application from being included in an iframe, the backend also "
+"implements the outdated X-Frame-Options header to ensure that iframes are"
+" always prevented in any circumstance, including on outdated browsers: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:181
+msgid "Referrer-Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:182
+msgid ""
+"Web browsers usually attach referrers in their HTTP headers as they "
+"browse links. The platform enforces a referrer policy to avoid this "
+"behavior. ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:188
+msgid "X-Content-Type-Options"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:189
+msgid ""
+"To avoid automatic MIME type detection by the browser when setting the "
+"Content-Type for specific output, the following header is used: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:195
+msgid "Cache-Control"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:196
+msgid ""
+"To prevent or limit forensic traces left on devices used by "
+"whistleblowers and in devices involved in communication with the "
+"platform, as specified in section ``3. Storing Responses in Caches`` of "
+"`RFC 7234 <https://tools.ietf.org/html/rfc7234>`__, the platform uses the"
+" ``Cache-Control`` HTTP header with the configuration ``no-store`` to "
+"instruct clients and possible network proxies to disable any form of data"
+" caching. ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:202
+msgid "Crawlers Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:203
+msgid ""
+"For security reasons, the backend instructs crawlers to avoid caching and"
+" indexing of the application and uses the ``robots.txt`` file to allow "
+"crawling only of the home page. Indexing the home page is considered best"
+" practice to promote the platform's existence and facilitate access for "
+"potential whistleblowers."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:205
+msgid "The implemented configuration is as follows: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:212
+msgid ""
+"The platform also instructs crawlers to avoid caching by injecting the "
+"following HTTP header: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:217
+msgid ""
+"For highly sensitive projects where the platform is intended to remain "
+"``hidden`` and communicated to potential whistleblowers directly, it can "
+"be configured to disable indexing completely."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:219
+msgid "In such cases, the following HTTP header is used: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:225
+msgid "Anchor tags and external urls"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:226
+msgid ""
+"The client opens external URLs in a new tab, independent of the "
+"application context, by setting ``rel='noreferrer'`` and "
+"``target='_blank'``` on every anchor tag. ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:232
+msgid "Input validation"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:233
+msgid ""
+"The application implements strict input validation both on the backend "
+"and on the client."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:236
+msgid "On the backend"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:237
+msgid ""
+"Each client request is strictly validated by the backend against a set of"
+" regular expressions, and only requests matching the expressions are "
+"processed."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:239
+msgid ""
+"Additionally, a set of rules is applied to each request type to limit "
+"potential attacks. For example, any request is limited to a payload of "
+"1MB."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:242
+msgid "On the client"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:243
+msgid ""
+"Each server output is strictly validated by the client at rendering time "
+"using the Angular component `ngSanitize.$sanitize "
+"<http://docs.angularjs.org/api/ngSanitize.$sanitize>`__."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:246
+msgid "Form autocomplete off"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:247
+msgid ""
+"Forms implemented by the platform use the HTML5 form attribute to "
+"instruct the browser not to cache user data for form prediction and "
+"autocomplete on subsequent submissions."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:249
+msgid ""
+"This is achieved by setting `autocomplete=\"off\" "
+"<https://www.w3.org/TR/html5/forms.html=autofilling-form-controls:-the-"
+"autocomplete-attribute>`__ on the relevant forms or attributes."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:252
+msgid "Network security"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:254
+msgid "Connection anonymity"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:255
+msgid ""
+"User anonymity is provided through the implementation of `Tor "
+"<https://www.torproject.org/>`__ technology. The application implements "
+"an ``Onion Service v3`` and advises users to use the Tor Browser when "
+"accessing it."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:258
+msgid "Connection encryption"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:259
+msgid ""
+"User connections are always encrypted, either through the `Tor Protocol "
+"<https://www.torproject.org>`__ when using the Tor Browser or via `TLS "
+"<https://en.wikipedia.org/wiki/Transport_Layer_Security>`__ when accessed"
+" through a common browser."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:261
+msgid ""
+"Using ``Tor`` is recommended over HTTPS due to its advanced resistance to"
+" selective interception and censorship, making it difficult for a third "
+"party to capture or block access to the site for specific whistleblowers "
+"or departments."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:263
+msgid ""
+"The software also facilitates easy setup of ``HTTPS``, offering both "
+"automatic setup via `Let's Encrypt <https://letsencrypt.org/>`__ and "
+"manual configuration."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:265
+msgid ""
+"TLS certificates are generated using `NIST Curve P-384 "
+"<https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf>`__."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:267
+msgid ""
+"The configuration enables only ``TLS1.2+`` and is fine-tuned and hardened"
+" to achieve `SSLLabs grade A+ "
+"<https://www.ssllabs.com/ssltest/analyze.html?d=try.globaleaks.org>`__."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:269
+msgid "In particular, only the following ciphers are enabled: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:283
+msgid "Network sandboxing"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:284
+msgid ""
+"The GlobaLeaks backend integrates `iptables "
+"<https://www.netfilter.org/>`__ by default and implements strict firewall"
+" rules that restrict incoming network connections to HTTP and HTTPS on "
+"ports 80 and 443."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:286
+msgid ""
+"Additionally, the application allows anonymizing outgoing connections, "
+"which can be configured to route through Tor."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:289
+msgid "Data encryption"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:290
+msgid ""
+"Submission data, file attachments, messages, and metadata exchanged "
+"between whistleblowers and recipients are encrypted using the GlobaLeaks "
+":doc:`EncryptionProtocol`."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:292
+msgid ""
+"GlobaLeaks also incorporates various other encryption components. The "
+"main libraries and their uses are:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:294
+msgid ""
+"`Python-NaCL <https://github.com/pyca/pynacl>`__: used for implementing "
+"data encryption"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:295
+msgid ""
+"`PyOpenSSL <https://github.com/pyca/pyopenssl>`__: used for implementing "
+"HTTPS"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:296
+msgid ""
+"`Python-Cryptography <https://cryptography.io>`__: used for implementing "
+"authentication"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:297
+msgid ""
+"`Python-GnuPG <http://pythonhosted.org/python-gnupg/index.html>`__: used "
+"for encrypting email notifications and file downloads via ```PGP```"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:300
+msgid "Application sandboxing"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:301
+msgid ""
+"The GlobaLeaks backend integrates `AppArmor <https://apparmor.net/>`__ by"
+" default and implements a strict sandboxing profile, allowing the "
+"application to access only the strictly required files. Additionally, the"
+" application runs under a dedicated user and group \"globaleaks\" with "
+"reduced privileges."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:304
+msgid "Database security"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:305
+msgid ""
+"The GlobaLeaks backend uses a hardened local SQLite database accessed via"
+" SQLAlchemy ORM."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:307
+msgid ""
+"This design choice ensures the application can fully control its "
+"configuration while implementing extensive security measures in adherence"
+" to the `security recommendations by SQLite "
+"<https://sqlite.org/security.html>`__."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:310
+msgid "Secure deletion"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:311
+msgid ""
+"The GlobaLeaks backend enables SQLite’s secure deletion capability, which"
+" automatically overwrites the database data upon each delete query: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:317
+msgid "Auto vacuum"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:318
+msgid ""
+"The platform enables SQLite’s auto vacuum capability for automatic "
+"cleanup of deleted entries and recall of unused pages: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:324
+msgid "Limited database trust"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:325
+msgid ""
+"The GlobaLeaks backend uses the SQLite `trusted_schema "
+"<https://www.sqlite.org/src/doc/latest/doc/trusted-schema.md>`__ pragma "
+"to limit trust in the database, mitigating risks of malicious corruption."
+" ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:331
+msgid "Limited database functionalities"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:332
+msgid ""
+"The GlobaLeaks backend restricts SQLite functionalities to only those "
+"necessary for running the application, reducing the potential for "
+"exploitation in case of SQL injection attacks."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:334
+msgid ""
+"This is implemented using the ```conn.set_authorizer``` API and a strict "
+"authorizer callback that authorizes only a limited set of SQL "
+"instructions: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:345
+msgid "DoS resiliency"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:346
+msgid ""
+"To mitigate denial of service attacks, GlobaLeaks applies the following "
+"measures:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:348
+msgid ""
+"Implements a proof-of-work (hashcash) on each unauthenticated request to "
+"limit automation."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:349
+msgid "Applies rate limiting on authenticated sessions."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:350
+msgid ""
+"Limits the possibility of triggering CPU-intensive routines by external "
+"users (e.g., limits on query and job execution times)."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:351
+msgid ""
+"Monitors activity to detect and respond to attacks, implementing "
+"proactive security measures to prevent DoS (e.g., slowing down fast "
+"operations)."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:354
+msgid "Proof of work on users' sessions"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:355
+msgid ""
+"The system implements an automatic `Proof of Work "
+"<https://en.wikipedia.org/wiki/Proof_of_work>`__ based on the hashcash "
+"algorithm for every user session, requiring clients to request a token "
+"and continuously solve a computational problem to acquire and renew the "
+"session."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:358
+msgid "Rate limit on users' sessions"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:359
+msgid ""
+"The system implements rate limiting on user sessions, preventing more "
+"than 5 requests per second and applying increasing delays on requests "
+"that exceed this threshold."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:362
+msgid "Rate limit on whistleblowers' reports and attachments"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:363
+msgid ""
+"The system applies rate limiting on whistleblower reports and "
+"attachments, preventing new submissions and file uploads if thresholds "
+"are exceeded."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:365
+msgid "Implemented thresholds are:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "Threshold Variable"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+#: ../../security/PenetrationTests.rst:1
+msgid "Goal"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "Default Threshold Setting"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "threshold_reports_per_hour"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "Limit the number of reports that can be filed per hour"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "20"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "threshold_reports_per_hour_per_ip"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid ""
+"Limit the number of reports that can be filed per hour by the same IP "
+"address"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "5"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "threshold_attachments_per_hour_per_ip"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid ""
+"Limit the number of attachments that can be uploaded per hour by the same"
+" IP address"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "120"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "threshold_attachments_per_hour_per_report"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "Limit the number of attachments that can be uploaded per hour on a report"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "30"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:375
+msgid ""
+"In case of necessity, threshold configurations can be adjusted using the "
+"`gl-admin` command as follows: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:381
+msgid "Other measures"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:383
+msgid "Browser history and forensic traces"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:384
+msgid ""
+"The entire application is designed to minimize or reduce the forensic "
+"traces left by whistleblowers on their devices while filing reports."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:386
+msgid ""
+"When accessed via the Tor Browser, the browser ensures that no persistent"
+" traces are left on the user's device."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:388
+msgid ""
+"To prevent or limit forensic traces in the browser history of users "
+"accessing the platform via a common browser, the application avoids "
+"changing the URI during whistleblower navigation. This prevents the "
+"browser from logging user activities and offers high plausible "
+"deniability, making the whistleblower appear as a simple visitor to the "
+"homepage and avoiding evidence of any submission."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:391
+msgid "Secure file management"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:393
+msgid "Secure file download"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:394
+msgid ""
+"Any attachment uploaded by anonymous whistleblowers might contain "
+"malware, either intentionally or not. It is highly recommended, if "
+"possible, to download files and access them on an air-gapped machine "
+"disconnected from the network and other sensitive devices. To facilitate "
+"safe file downloads and transfers using a USB stick, the application "
+"provides the option to export reports, enabling the download of a ZIP "
+"archive containing all report content. This reduces the risk of executing"
+" files during the transfer process."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:397
+msgid "Safe file opening"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:398
+msgid ""
+"For scenarios where the whistleblower's trustworthiness has been "
+"validated or in projects with a low-risk threat model, the application "
+"offers an integrated file viewer. This viewer, leveraging modern browser "
+"sandboxing capabilities, allows the safe opening of a limited set of file"
+" types considered more secure than accessing files directly through the "
+"operating system. This feature is disabled by default. Administrators "
+"should enable it only after thorough evaluation and ensure that "
+"recipients' browsers are kept up-to-date."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:400
+msgid "The supported file formats are:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:402
+msgid "AUDIO"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:403
+msgid "CSV"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:404
+msgid "IMAGE"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:405
+msgid "PDF"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:406
+msgid "VIDEO"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:407
+msgid "TXT"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:409
+#: ../../security/ApplicationSecurity.rst:419
+msgid "The default configuration has this feature disabled."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:412
+msgid "PGP encryption"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:413
+msgid "The system offers an optional PGP encryption feature."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:415
+msgid ""
+"When enabled, users can activate a personal PGP key that will be used by "
+"the system to encrypt email notifications and files on-the-fly."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:417
+msgid ""
+"This feature is recommended for high-risk threat models, especially when "
+"used in conjunction with air-gapped systems for report visualization."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:422
+msgid "Encryption of temporary files"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:423
+msgid ""
+"Files uploaded and temporarily stored on disk during the upload process "
+"are encrypted with a temporary, symmetric AES key to prevent any "
+"unencrypted data from being written to disk. Encryption is performed in "
+"streaming mode using `AES 128-bit` in `CTR mode`. Key files are stored in"
+" memory and are unique for each file being uploaded."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:426
+msgid "Secure file delete"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:427
+msgid ""
+"Every file deleted by the application is overwritten before the file "
+"space is released on disk."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:429
+msgid ""
+"The overwrite routine is executed by a periodic scheduler and follows "
+"these steps:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:431
+msgid "A first overwrite writes 0 across the entire file;"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:432
+msgid "A second overwrite writes 1 across the entire file;"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:433
+msgid "A third overwrite writes random bytes across the entire file."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:436
+msgid "Exception logging and redaction"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:437
+msgid ""
+"To quickly diagnose potential software issues when client exceptions "
+"occur, they are automatically reported to the backend. The backend "
+"temporarily caches these exceptions and sends them to the backend "
+"administrator via email."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:439
+msgid ""
+"To prevent inadvertent information leaks, logs are processed through "
+"filters that redact email addresses and UUIDs."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:442
+msgid "Entropy sources"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:443
+msgid "The primary source of entropy for the platform is `/dev/urandom`."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:446
+msgid "UUIDv4 randomness"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:447
+msgid ""
+"System resources like submissions and files are identified by UUIDv4 to "
+"make them unguessable by external users and limit potential attacks."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:450
+msgid "TLS for smtp notification"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:451
+msgid ""
+"All notifications are sent through an SMTP channel encrypted with TLS, "
+"using either SMTP/TLS or SMTPS, depending on the configuration."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:2
+msgid "Encryption protocol"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:3
+msgid ""
+"GlobaLeaks implements an encryption protocol specifically designed for "
+"anonymous whistleblowing applications."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:5
+msgid ""
+"The protocol has been developed and validated in collaboration with the "
+"`Open Technology Fund <https://www.opentech.fund/results/supported-"
+"projects/globaleaks/>`_ and represents a trade-off between security and "
+"usability. It is designed to be user-friendly for whistleblowers while "
+"providing reasonable protection against attackers attempting to breach "
+"the backend and perform brute-force decryption."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:7
+msgid ""
+"Encryption is applied to each submission, protecting answers to "
+"questionnaires, comments, attachments, and associated metadata. The "
+"encryption keys are assigned per user and per report, ensuring that only "
+"whistleblowers and their intended recipients can access the reports. This"
+" means that if users forget their passwords, they will lose access to the"
+" data in their accounts."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:9
+msgid ""
+"To enable users to recover their accounts in case they forget their "
+"passwords, the system includes a `Key Recovery`_ mechanism and provides "
+"each user with an Account Recovery Key. This measure ensures that users "
+"with their own Account Recovery Key can always restore access to their "
+"account and the data it contains."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:11
+msgid ""
+"To prevent data loss in case users lose both their password and their "
+"account recovery key, the system can be configured to use a `Key Escrow`_"
+" mechanism. This delegates the responsibility of supporting users in "
+"recovering access to their accounts to administrators. This capability "
+"enhances the project's resilience against data loss due to users' death "
+"or conflicts of interest within the recipient team. However, it also "
+"means that administrators with access to escrow keys could potentially "
+"access other users' accounts and data. Project owners should carefully "
+"decide whether to enable this feature based on the project's threat model"
+" and document their decision in the project's privacy policies."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:14
+msgid "Encryption's workflow"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:15
+msgid ""
+"Users choose a secure personal password during their first login using an"
+" account activation link."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:16
+msgid ""
+"The system creates a personal asymmetric keypair for each user and stores"
+" the private key symmetrically encrypted with a secret derived from the "
+"user's password."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:17
+msgid ""
+"Each user's private key is protected by the Key Recovery mechanism and, "
+"if enabled, by the Key Escrow mechanism."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:18
+msgid "The whistleblower files a report."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:19
+msgid "The system assigns a unique 16-digit receipt number to the whistleblower."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:20
+msgid ""
+"The system generates an asymmetric keypair for the whistleblower and "
+"stores the private key symmetrically encrypted with a secret derived from"
+" the whistleblower’s receipt number."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:21
+msgid ""
+"The system generates an asymmetric keypair for encrypting the report, "
+"attachments, comments, and associated metadata, and stores a copy of the "
+"private key encrypted for each involved user using their own public key."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:22
+msgid ""
+"The system encrypts the report, attachments, comments, and metadata with "
+"the public key generated for the report."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:23
+msgid ""
+"The system grants each involved user access to their reports and "
+"facilitates communication by automatically locking and unlocking the "
+"involved keys when a report is accessed or new communication is made."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:26
+msgid "Encryption's details"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:28
+msgid "Algorithms"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Type"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Implementation"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Asymmetric encryption"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid ""
+"`Libsodium SealedBoxes "
+"<https://pynacl.readthedocs.io/en/stable/public/#nacl.public.SealedBox>`_,"
+" which combines Curve25519, XSalsa20, and Poly1305 algorithms."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Symmetric encryption"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid ""
+"`Libsodium SecretBoxes "
+"<https://pynacl.readthedocs.io/en/stable/secret/#nacl.secret.SecretBox>`_,"
+" which combines XSalsa20 and Poly1305."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:36
+msgid "Users’ credentials"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:37
+msgid "The system uses two types of credentials depending on the user role:"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Credentials type"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "User role"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Passwords"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Used for authenticating users identified by a username"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Receipts"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "16-digit random secrets used for authenticating anonymous whistleblowers"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:45
+msgid "Assumptions:"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:47
+msgid "The system enforces strong password complexity."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:48
+msgid ""
+"The system enforces expiration of receipts according to a strict data "
+"retention policy that limits the number of concurrent active receipts."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:51
+msgid "Users’ keys"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Generation"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Storage"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "ECC Curve25519 keypair"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid ""
+"Generated by the backend during first user login for authenticated users "
+"and upon submission for whistleblowers"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid ""
+"Keys are stored on the backend encrypted using symmetric encryption. The "
+"symmetric key used for encrypting users’ keys is derived from the users’ "
+"credentials using the KDF function `Argon2ID <https://password-"
+"hashing.net/argon2-specs.pdf>`_. The parameters for Argon2ID used for KDF"
+" are stronger than those used for user authentication, with the hash "
+"stored. The parameters are selected to require 128MB of memory per login "
+"and 1 second of computation."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:58
+msgid "Data encryption's keys"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "256-bit keys"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Generated by the backend for each report"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid ""
+"Keys are stored on the backend filesystem encrypted using asymmetric "
+"encryption with Users’ and Whistleblower’s keys, respectively."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:65
+msgid "Key generation"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:66
+msgid ""
+"Users' encryption keys are automatically generated during the first login"
+" and secured using the user passphrase. This straightforward but "
+"effective key generation policy requires users to complete their first "
+"login before being able to receive reports."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:69
+msgid "Key recovery"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:70
+msgid ""
+"The system implements a key recovery mechanism using a recovery key and "
+"symmetric encryption."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:72
+msgid ""
+"When a user key is generated, the private key is symmetrically encrypted "
+"with a randomly generated recovery key."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:74
+msgid ""
+"For usability reasons, this recovery key is also securely encrypted and "
+"stored on the backend, allowing logged-in users who possess their "
+"password to retrieve and print their own account recovery key."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:77
+msgid "Key escrow"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:78
+msgid ""
+"The system offers an optional key escrow mechanism to mitigate data loss "
+"in the event of users losing their passwords."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:80
+msgid ""
+"Key escrow can be enabled during the initial application setup or in the "
+"advanced settings of the software."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:82
+msgid ""
+"We recommend enabling this option to protect whistleblowers' submissions "
+"in cases where recipients lose their passwords. However, if you want to "
+"set up a system where only recipients can access submissions, we advise "
+"against using this feature."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:84
+msgid ""
+"When enabled, the system generates and assigns an escrow key to the "
+"administrator who activated the feature. This key is then used to encrypt"
+" every system key, with a copy preserved that any administrator with the "
+"escrow key can unlock."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:86
+msgid ""
+"Administrators with access to the escrow key can assist internal users "
+"with password recovery and issue password resets. They can also grant "
+"this privilege to other administrators or disable the feature entirely."
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:3
+msgid "Security audits"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:5
+msgid ""
+"GlobaLeaks undergoes independent security audits periodically to verify "
+"and enhance the security of the system. This page lists the most "
+"significant reports available."
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:7
+msgid ""
+"We aim to have audits conducted at least every two years, thanks to "
+"funding opportunities. Each adopter is encouraged to contribute by "
+"funding a general or topic-specific audit based on their capabilities. "
+"This helps ensure that every algorithm, component, and methodology "
+"applied within the project is thoroughly verified."
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:9
+msgid ""
+"If you have conducted or are considering sponsoring a security audit, "
+"please email us at `info@globaleaks.org <mailto:info@globaleaks.org>`_. "
+"This is especially important for general software security. When "
+"requesting a company to audit the software, always remember to ask if the"
+" report can be published afterward; many auditors may not agree to "
+"publish the report later, which has often led to wasted project "
+"resources."
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:11
+msgid ""
+"If you are an independent security auditor or, during your peer review of"
+" GlobaLeaks, you discover or suspect a vulnerability, please do not file "
+"a public issue. Instead, send your report privately through our "
+"`reporting form <https://github.com/globaleaks/whistleblowing-"
+"software/security/advisories/new>`_ or via email to "
+"`security@globaleaks.org <mailto:security@globaleaks.org>`_."
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1 ../../user/admin/UserInterface.rst:135
+msgid "Date"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Auditor"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "2013"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`iSecPartners <https://www.isecpartners.com>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Architecture Audit"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`Report <https://www.globaleaks.org/docs/en/pt/2013-isec.pdf>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`Cure53 <https://cure53.de/>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Web Security Audit"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`Report <https://www.globaleaks.org/docs/en/pt/2013-cure53.pdf>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "2014"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`LeastAuthority <https://leastauthority.com/>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Source Code Audit"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`Report <https://www.globaleaks.org/docs/en/pt/2014-leastauthority.pdf>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "2018"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`SubGraph <https://subgraph.com/>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Overall Audit"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`Report <https://www.globaleaks.org/docs/en/pt/2018-subgraph.pdf>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "2019"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`RadicallyOpenSecurity <https://radicallyopensecurity.com/>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Crypto Audit, Multi-tenancy Audit, Overall Audit"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid ""
+"`Report "
+"<https://www.globaleaks.org/docs/en/pt/2019-radicallyopensecurity.pdf>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "2022"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid ""
+"Server Source Code Audit, Client Pentest, OpSec for Whistleblowers, OpSec"
+" for Server Administrators"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid ""
+"`Report "
+"<https://www.globaleaks.org/docs/en/pt/2022-radicallyopensecurity.pdf>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "2024"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`ISGroup <https://isgroup.it/>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Surface Analysis and Network Penetration Test"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`Report <https://www.globaleaks.org/docs/en/pt/2024-isgroup.pdf>`_"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:3
+msgid "Threat model"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:4
+msgid ""
+"GlobaLeaks is a free and open-source whistleblowing software designed for"
+" various usage scenarios, each requiring a balance between strong "
+"security and high usability. These two requirements are crucial for "
+"managing whistleblowing procedures effectively, protecting "
+"whistleblowers, and achieving specific project goals. Given the variety "
+"of use cases and associated risks, the software can be configured to "
+"address the specific threat model detailed here."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:6
+msgid ""
+"This document is intended for organizations implementing a whistleblowing"
+" procedure using GlobaLeaks. It supports the analysis and understanding "
+"of the specific threat model relevant to their context and risks and "
+"guides users in selecting best practices for their project."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:9
+msgid "Users matrix"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:10
+msgid ""
+"The first step is to define the types of users interacting with a "
+"GlobaLeaks platform."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "User"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Definition"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"The user who submits an anonymous report through the platform. "
+"Whistleblowers may operate under various threat models depending on the "
+"usage scenario and the nature of the information submitted."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"The user who receives and analyzes anonymous reports from Whistleblowers."
+" Recipients act in good faith and are considered trusted parties "
+"concerning the protection of Whistleblowers' confidentiality."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"Users responsible for setting up, managing, and monitoring the platform's"
+" security. Administrators may not be the same entities running or "
+"managing the whistleblowing initiatives (e.g., hosted solutions, multiple"
+" stakeholder projects). Administrators are trusted entities but do not "
+"have direct access to reports and advise Recipients on best practices."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:19
+msgid ""
+"It is crucial to apply security measures relative to the users of the "
+"platform, aiming to achieve an appropriate tradeoff between security and "
+"usability."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:22
+msgid "Anonymity matrix"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:23
+msgid ""
+"The anonymity of users must be classified depending on the context of "
+"use, as follows:"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Anonymous"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"The user accesses the platform via the Tor Browser and follows best "
+"practices to protect their identity, minimizing the risk of tracking by "
+"any system involved in the operation. The user has not disclosed their "
+"identity to Recipients."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Confidential"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"The user accesses the platform via a common browser. While third parties "
+"might log their IP address, the platform protects the content of their "
+"communication. The user may choose to disclose their identity to "
+"Recipients confidentially."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:31
+msgid ""
+"The platform always informs users of their current anonymity status and "
+"provides guidance on best practices for anonymous access via the Tor "
+"Browser. Administrators may enforce the requirement that Whistleblowers "
+"use the Tor Browser to file reports, depending on the use case."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:34
+msgid "Communication security matrix"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:35
+msgid ""
+"The security of communication concerning third-party monitoring varies "
+"based on the context of use."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Security level"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Description"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "High security"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"Tor is used, and communication is encrypted end-to-end with the "
+"GlobaLeaks platform, ensuring that no third party can eavesdrop on the "
+"communication."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Medium security"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"HTTPS is used, and communication is encrypted end-to-end with the "
+"GlobaLeaks platform. A third party capable of manipulating HTTPS security"
+" (e.g., re-issuing TLS certificates) could eavesdrop on the "
+"communication. If HTTPS security is maintained, monitoring the user's "
+"communication line or the GlobaLeaks platform's communication line is not"
+" feasible."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1 ../../security/ThreatModel.rst:44
+msgid "Identity disclosure matrix"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:45
+msgid ""
+"Regardless of the anonymity matrix, users may choose or be required to "
+"disclose their identity."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Undisclosed"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "The user's identity is not disclosed and is unlikely to be disclosed."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Optionally disclosed"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"The user's identity is not disclosed by default but may be voluntarily "
+"disclosed (e.g., an anonymous tip-off MAY receive a follow-up, whereas a "
+"formal report with disclosed identity MUST receive a follow-up)."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Disclosed"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "The user chooses or is required to disclose their identity to other users."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:54
+msgid ""
+"Identity disclosure is crucial because even in an Anonymous High security"
+" environment, disclosing one's identity may be a valuable option for "
+"specific whistleblowing workflows."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:56
+msgid ""
+"Users starting with an anonymity setting of “Anonymous” and an "
+"“Undisclosed Identity” can decide later to disclose their identity. "
+"Conversely, this cannot be undone. This consideration is key to ensuring "
+"user protection in GlobaLeaks."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:58
+msgid ""
+"Voluntary identity disclosure may be required in certain whistleblowing "
+"procedures because:"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:60
+msgid "A tip-off MAY receive a follow-up and can be anonymous;"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:61
+msgid "Formal reports MUST receive a follow-up and cannot be anonymous."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:63
+msgid ""
+"The distinction between “MAY” and “MUST” refers to the actions of "
+"recipients and is a fundamental element of the guarantees provided to "
+"whistleblowers in many initiatives (e.g., a corporate or institutional "
+"whistleblowing platform should not follow a MUST approach for anonymous "
+"submission follow-up, treating such submissions as tip-offs rather than "
+"formal reports)."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:66
+msgid "Usage scenarios matrix"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:67
+msgid ""
+"This section provides examples of how different anonymity levels for "
+"users can be combined depending on the context of use."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Use case"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Media outlet"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"A media outlet with a disclosed identity initiates a whistleblowing "
+"project. The outlet’s recipients are disclosed to Whistleblowers, "
+"allowing them to trust a specific journalist rather than the outlet "
+"itself. Full anonymity must be assured to whistleblowers, and their "
+"identity cannot be disclosed in connection with anonymous submissions. "
+"Whistleblowers MAY choose to disclose their identity if they trust the "
+"journalist's source-protection record."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Corporate compliance"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"A corporation implements transparency or anti-bribery law compliance by "
+"promoting initiatives to employees, consultants, and providers. "
+"Recipients are part of a company division (e.g., Internal Audit office). "
+"Whistleblowers are guaranteed full anonymity but may optionally disclose "
+"their identity."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Human Rights Activism Initiative"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"A human rights group initiates a whistleblowing project to expose "
+"violations in a dangerous area. The organization requires anonymity to "
+"avoid retaliation and operates under a pseudonym. Recipients MUST not be "
+"disclosed to Whistleblowers, but partial disclosure by pseudonym is "
+"acceptable to establish trust. The Whistleblower MUST be guaranteed "
+"anonymity and their identity cannot be disclosed."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Citizen media initiative"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"A citizen media initiative with a public identity seeks reports on "
+"specific topics (e.g., political, environmental malpractice, corruption) "
+"in a medium-low risk operational context. Recipients may use pseudonyms "
+"or remain public to avoid complete exposure. Whistleblowers, if the topic"
+" is not life-threatening, may submit reports confidentially to lower the "
+"entry barrier."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:77
+msgid ""
+"The following matrix illustrates how different usage scenarios can "
+"require various anonymity levels, communication security requirements, "
+"and identity disclosures for different users."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:79
+msgid ""
+"GlobaLeaks will provide appropriate security awareness information "
+"through its user interface and enforce specific requirements based on "
+"clear configuration guidelines."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Scenario"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Anonymity level"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Identity disclosure"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Communication security"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "No anonymity"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Admin"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Partially disclosed"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:98
+msgid "Data security matrix"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:99
+msgid ""
+"This section highlights the data handled by GlobaLeaks and the protection"
+" schemes applied to it."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:101
+msgid "The following information types are involved in GlobaLeaks:"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Information type"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Questionnaire answers"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"Data associated with a submission, including the filled forms and options"
+" selected by the Whistleblower."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Submission attachments"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Files associated with a submission."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Platform configuration"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Data for configuring and customizing the platform."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Software files"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"All files required for the software to function, including default "
+"configurations."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Email notifications"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Data sent to notify recipients of new reports via email."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:112
+msgid "Below is a matrix showing the different security measures applied to data."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Encryption"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Filters"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Sanitization"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Encrypted in the database with per-user/per-submission keys"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Keyword filters"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Antispam, Anti-XSS"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Encrypted on the filesystem with per-user/per-submission keys"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Extension blocking, Antivirus"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "N/A"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Encrypted with PGP when recipient keys are available"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Antispam to prevent flooding"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:122
+msgid "Threats to anonymity and confidentiality"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:123
+msgid ""
+"This section highlights various threats that require specific "
+"consideration."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:126
+msgid "Browser history and cache"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:127
+msgid ""
+"GlobaLeaks uses crafted HTTP headers and other techniques to minimize "
+"leaking information into a user’s browser history or cache. While this "
+"privacy feature enhances safety, it cannot guarantee protection against "
+"forensic analysis of browser cache and history but serves as an "
+"additional safety measure."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:130
+msgid "Metadata"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:131
+msgid ""
+"Files may contain metadata related to the author or whistleblower. "
+"Cleaning metadata from submitted files helps protect an \"unaware\" "
+"whistleblower from inadvertently including information that may "
+"compromise their anonymity. GlobaLeaks does not automatically clean "
+"metadata by default, as metadata is considered a fundamental part of the "
+"original evidence that should be preserved. Metadata cleanup is an "
+"optional step that may be suggested to Whistleblowers or performed by "
+"Recipients when sharing documents with others. When sharing files with "
+"external parties, Recipients are advised to print the document and "
+"provide a hard copy to ensure that only visible information is shared, "
+"avoiding the risk of sharing sensitive metadata. For more on metadata and"
+" redacting digital files, see the article `Everything you wanted to know "
+"about media metadata, but were afraid to ask "
+"<https://freedom.press/training/everything-you-wanted-know-about-media-"
+"metadata-were-afraid-ask/>`_ by Harlo Holmes. A useful tool for these "
+"procedures is the `Metadata Anonymization Toolkit "
+"<https://0xacab.org/jvoisin/mat2>`_."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:134
+msgid "Malware and trojans"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:135
+msgid ""
+"GlobaLeaks cannot prevent an attacker from using the platform maliciously"
+" to target recipients with malware or trojans. To mitigate risks of data "
+"exfiltration through trojans, Recipients should implement proper "
+"operational security by using dedicated laptops for report viewing and "
+"opening file attachments on offline computers. Wherever possible, they "
+"should use specialized secure operating systems like `QubesOS "
+"<https://www.qubes-os.org/>`_ or `Tails <https://tails.boum.org/>`_ and "
+"ensure up-to-date antivirus software is running."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:138
+msgid "Network and reverse proxies"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:139
+msgid ""
+"GlobaLeaks is designed for use with direct Tor or TLS connections from "
+"the user’s browser to the application backend. The use of Network and "
+"Reverse Proxies in front of the application is discouraged as they can "
+"interfere with the application and compromise confidentiality and "
+"anonymity measures implemented in GlobaLeaks."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:142
+msgid "Data stored outside the platform"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:143
+msgid ""
+"GlobaLeaks does not provide security for data stored outside the "
+"GlobaLeaks system. It is the responsibility of Recipients to protect data"
+" downloaded from the platform or shared via external USB drives. The "
+"operating system used or the USB drive should offer encryption to ensure "
+"that, in case of device loss or theft, the data remains inaccessible."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:146
+msgid "Environmental factors"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:147
+msgid ""
+"GlobaLeaks does not protect against environmental factors related to "
+"users' physical locations or social relationships. For example, if a user"
+" has a surveillance device in their home, GlobaLeaks cannot provide "
+"protection. Similarly, if a whistleblower, who is supposed to be "
+"anonymous, shares their story with friends or coworkers, GlobaLeaks "
+"cannot offer protection."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:150
+msgid "Incorrect data retention policies"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:151
+msgid ""
+"GlobaLeaks implements a strict default data retention policy of 90 days "
+"to allow users to manage reports within a limited time frame necessary "
+"for investigations. If the platform is configured to retain reports for "
+"an extended period and Recipients do not manually delete unnecessary "
+"reports, the value of the data increases, along with the risk of "
+"exposure."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:154
+msgid "Human negligence"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:155
+msgid ""
+"While GlobaLeaks provides Administrators with the ability to fine-tune "
+"security configurations and continuously informs users about their "
+"security context, it cannot protect against major security threats "
+"resulting from human negligence. For instance, if a Whistleblower submits"
+" data that can identify them as the unique owner or recent viewer, "
+"GlobaLeaks cannot protect their identity."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:158
+msgid "Advanced traffic analysis"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:159
+msgid ""
+"An attacker monitoring HTTPS traffic, without the ability to decrypt it, "
+"can still identify user roles based on different network traffic patterns"
+" generated by Whistleblowers, Recipients, and Administrators. GlobaLeaks "
+"does not offer protection against this type of threat. We recommend using"
+" `Tor pluggable transports <https://2019.www.torproject.org/docs"
+"/pluggable-transports.html.en>`_ or other methods that provide additional"
+" protection against such attacks."
+msgstr ""
+
+#: ../../security/index.rst:2
+msgid "Security"
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:2
+msgid "Installation guide"
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:3
+msgid "The following guide will help you through the installation of GlobaLeaks."
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:5
+msgid ""
+"Before starting the installation, ensure that your system meets the "
+":doc:`Requirements </gettingstarted/Requirements>`."
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:8
+msgid ""
+"GlobaLeaks is designed to provide optimal technical anonymity for "
+"whistleblowers. Additionally, the software can be configured to protect "
+"the identity of the platform administrator and the server's location, but"
+" this requires advanced setup procedures not covered in this simplified "
+"installation guide. By executing the commands below, your IP address and "
+"system location could be tracked by network providers, and our systems "
+"will receive the same information to facilitate software provisioning."
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:12
+msgid "**Install GlobaLeaks**"
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:14
+msgid "To install GlobaLeaks, run the following commands:"
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:22
+msgid ""
+"You may also install GlobaLeaks using Docker. Check out the `docker` "
+"directory in our GitHub repository for instructions."
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:24
+msgid ""
+"After installation, follow the instructions provided to guide you through"
+" accessing the :doc:`Platform wizard </setup/PlatformWizard>`."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:2
+msgid "Platform wizard"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:3
+msgid "After installing GlobaLeaks, you can proceed with the platform wizard."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:5
+msgid ""
+"Open a browser at port 443 or port 8443 on your remote or local IP, "
+"respectively."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:7
+msgid ""
+"We recommend performing the wizard either using the Tor address provided "
+"at the end of the setup or on localhost via a VPN."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:10
+msgid "Choose the primary language for your site"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:11
+msgid ""
+"On the first page of the wizard, you will be prompted to select the "
+"language for your site. The default choice is English, but many other "
+"languages are available, with more expected in the future."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:16
+msgid "Choose a name for your project"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:17
+msgid "In the second section of the wizard, configure the name of your project."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:22
+msgid "Configure the account for the administrator of your whistleblowing site"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:23
+msgid ""
+"In the third section of the wizard, configure the account details for the"
+" administrator of your project."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:25
+msgid ""
+"Be sure to choose a strong password to protect this sensitive account; an"
+" indication of the strength of the chosen password is provided to guide "
+"you."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:30
+msgid "Configure the account for the first recipient of reports"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:31
+msgid ""
+"In the fourth section of the wizard, configure the account details for "
+"the first recipient of reports sent to your project."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:36
+msgid "Read and accept the license"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:37
+msgid ""
+"In the fifth section of the wizard, you will be prompted to read and "
+"accept the GlobaLeaks License."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:42
+msgid "Complete the wizard"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:43
+msgid "The sixth section of the wizard confirms the completion of the setup."
+msgstr ""
+
+#: ../../user/Admin.rst:2
+msgid "For administrators"
+msgstr ""
+
+#: ../../user/Common.rst:2
+msgid "Common to all users"
+msgstr ""
+
+#: ../../user/Common.rst:4
+msgid "Login"
+msgstr ""
+
+#: ../../user/Common.rst:5
+msgid "Users could login by accessing the ``/#/login`` page."
+msgstr ""
+
+#: ../../user/Common.rst:10
+msgid "Access the user preferences"
+msgstr ""
+
+#: ../../user/Common.rst:11
+msgid ""
+"After login Users could access their preferences by clicking the "
+"``Preferences`` link present in the login status bar."
+msgstr ""
+
+#: ../../user/Common.rst:16
+msgid "Change your password"
+msgstr ""
+
+#: ../../user/Common.rst:17
+msgid ""
+"Users could change their own password by accessing the ``Password`` tab "
+"present in the ``Preferences`` page."
+msgstr ""
+
+#: ../../user/Common.rst:22
+msgid "Reset your password"
+msgstr ""
+
+#: ../../user/Common.rst:23
+msgid ""
+"Users could requests a password reset via the ``/#/login`` page by "
+"clicking the ``Forgot password?`` button."
+msgstr ""
+
+#: ../../user/Common.rst:25
+msgid ""
+"After clicking the button users are requested to type their own username "
+"or email address."
+msgstr ""
+
+#: ../../user/Common.rst:34
+msgid "Enable two-factor-authentication (2fa)"
+msgstr ""
+
+#: ../../user/Common.rst:35
+msgid ""
+"Users could enable Two-Factor-Authentication by clicking the ``Enable two"
+" factor authentication`` option inside the ``Preferences`` page."
+msgstr ""
+
+#: ../../user/Common.rst:37
+msgid ""
+"To enable the feature the user requires to have a phone with installed a "
+"common ``Authenticator APP`` implementing the TOTP standard as by `RFC "
+"6238 <https://tools.ietf.org/html/rfc6238>`_"
+msgstr ""
+
+#: ../../user/Common.rst:42
+msgid "Access and save your account recovery key"
+msgstr ""
+
+#: ../../user/Common.rst:43
+msgid ""
+"Users could access their own Account Recovery key by clicking the "
+"``Account Recovery Key`` button present in the ``Preferences`` page."
+msgstr ""
+
+#: ../../user/Common.rst:45
+msgid ""
+"This is a fundamental step that any user should do at their first login "
+"after activating their own account in order to backup their own account "
+"recovery key and get sure to not incur in data loss due to password loss."
+msgstr ""
+
+#: ../../user/Recipient.rst:2
+msgid "For recipients"
+msgstr ""
+
+#: ../../user/Recipient.rst:5
+msgid "Access the list of the existing reports"
+msgstr ""
+
+#: ../../user/Recipient.rst:6
+msgid ""
+"The lists of the existing reports can be accessed via the link "
+"``Reports`` on the sidebar of the Recipient's Homepage."
+msgstr ""
+
+#: ../../user/Recipient.rst:13
+msgid "Access a report"
+msgstr ""
+
+#: ../../user/Recipient.rst:14
+msgid "A report can be accessed in two ways:"
+msgstr ""
+
+#: ../../user/Recipient.rst:16
+msgid "By clicking on it like on a mailbox system from the ``Reports`` page"
+msgstr ""
+
+#: ../../user/Recipient.rst:17
+msgid ""
+"By clicking on the link received on a mail notification and entering own "
+"credentials"
+msgstr ""
+
+#: ../../user/Whistleblower.rst:2
+msgid "For whistleblowers"
+msgstr ""
+
+#: ../../user/Whistleblower.rst:5
+msgid "File a new report"
+msgstr ""
+
+#: ../../user/Whistleblower.rst:6
+msgid ""
+"A new report can be filed by accessing the homepage of the platform and "
+"clicking the ``File a report`` button."
+msgstr ""
+
+#: ../../user/Whistleblower.rst:12
+msgid ""
+"After filing a new report the systems provides to the user a 16-digit "
+"receipt."
+msgstr ""
+
+#: ../../user/Whistleblower.rst:17
+msgid "Access an existing report"
+msgstr ""
+
+#: ../../user/Whistleblower.rst:18
+msgid ""
+"An existing report can be accessed by entering the 16-digit receipt "
+"obtained at the end of the submission on the login interface present on "
+"the home page of the platform."
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:2
+msgid "Backup and restore"
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:4
+msgid "To perform a manual backup, you can use the following bash script:"
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:21
+msgid ""
+"After running the script, you will find a `tar.gz` archive in "
+"`/var/globaleaks/backups`. The file will be named in the format: "
+"`globaleaks-$version-$timestamp.tar.gz`."
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:23
+msgid ""
+"GlobaLeaks automatically performs a backup during each platform update. "
+"These backups are retained under a data retention policy and are deleted "
+"15 days after the update."
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:25
+msgid "To restore an existing backup:"
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:27
+msgid ""
+"Ensure that GlobaLeaks is not running; you can stop it using: `service "
+"globaleaks stop`."
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:28
+msgid ""
+"Identify the version of GlobaLeaks required for the restoration, which is"
+" indicated in the backup filename."
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:29
+msgid ""
+"Extract the contents of the archive to `/var/globaleaks` using: `tar "
+"-zxvf backup.tar.gz`."
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:30
+msgid ""
+"Install the required version of GlobaLeaks with: `apt-get install "
+"globaleaks=<version>` (e.g., `globaleaks=3`)."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:2
+msgid "Common configurations"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:4
+msgid "Configure the logo"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:5
+msgid ""
+"The first thing you want to give to your whistleblowing site is a "
+"branding identity; this could be done by loading a logo in section Site "
+"settings / Main configuration."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:9
+msgid ""
+"Scroll down along the page to reach the \"Save\" button, click on it and "
+"have your logo and favicon applied."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:12
+msgid "Enable languages"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:13
+msgid "You may want your GlobaLeaks installation served on more than one language"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:15
+msgid ""
+"To do so, in the section \"Site settings / Languages\" select the "
+"languages you would like and add them."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:17
+msgid ""
+"Note that in the same interface you can mark the default application "
+"language."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:22
+msgid "Configure notification settings"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:23
+msgid ""
+"GlobaLeaks sends out notifications of different events to different "
+"receivers and to admins. In order to have this working, you have to "
+"select  \"Notification Settings\" in the \"Administration Interface - "
+"General Settings\" page and set up email account and related server "
+"parameters."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:25
+msgid ""
+"We suggest you to setup an email account dedicated to sending out "
+"notifications from your initiative."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:29
+msgid "Enter the followings:"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:31
+msgid ""
+"SMTP name: the name of your GlobaLeaks project or something that equally "
+"descriptive"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:32
+msgid "SMTP email address: the email address used to send notifications"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:33
+msgid ""
+"Username: the username corresponding to the just inserted \"SMTP email "
+"address\"; this is needed to authenticate to the SMTP server and send "
+"emails"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:34
+msgid "Password: Password of the above corresponding \"SMTP email address\""
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:35
+msgid ""
+"SMTP Server Address: it is the hostname of the SMTP server you are using "
+"to send notification emails"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:36
+msgid ""
+"SMTP Server Port: Port used to send outgoing emails. It is usually 465 or"
+" 587 (SMTP with TLS is at TCP port 587; SMTP with SSL is at 465)"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:37
+msgid ""
+"Transport Security: from the drop down menu select the opportune security"
+" level"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:39
+msgid ""
+"It is better to leave untouched the pre-defined settings pertaining the "
+"notification to admins and to recipients, but in the case you want to "
+"disable them, it is possible to check the corresponding checkboxes."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:41
+msgid ""
+"You can then set the value for the time at which the notification alert "
+"of expiring report; this value is set at 72hours to give time to the "
+"recipient(s) to check and manage the pending submissions."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:43
+msgid ""
+"It is possible to tweak the maximum number of emails allowed in an hour, "
+"before email wil be suspended in order to avoid flooding the system. It "
+"is advised to keep the pre-defined value, and eventually change it "
+"accordingly with mail server capabilities."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:45
+msgid ""
+"Once configured all the parameters for notifications, it is possible to "
+"test them by just clicking on the \"Test the configuration\" button."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:47
+msgid ""
+"If all is working as expected, click on the \"Save\" button to keep the "
+"configured parameters."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:50
+msgid "Configure recipients"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:51
+msgid ""
+"The Recipient is the person that will receive and process the data that "
+"whistleblowers input in the platform. You can have one or multiple "
+"Recipients per Context, and also have one Recipient that can access to "
+"multiple Contexts. The platform is very flexible on this and allows you "
+"to define in very detail your whistleblowing system and procedure."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:55
+msgid "Customize the graphic layout"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:57
+msgid "Example 1: Custom Background"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:58
+msgid ""
+"This CSS example shows how to customize the Background Color of the "
+"application."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:68
+msgid "Example 2: Custom Font"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:69
+msgid "This CSS example shows how to customize the font of the application."
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:2
+msgid "Troubleshooting"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:5
+msgid "Issues and bug reporting"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:7
+msgid "If you encounter any issues and are unable to run GlobaLeaks:"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:9
+msgid "Ensure you strictly follow the Installation Guide."
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:10
+msgid ""
+"Verify that you meet the Technical Requirements for hardware and "
+"operating system version."
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:11
+msgid ""
+"Search the support forum to see if a user has already encountered your "
+"issue: `GlobaLeaks Discussions "
+"<https://github.com/orgs/globaleaks/discussions>`_"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:12
+msgid ""
+"Report the issue on the official software issue tracker: `GlobaLeaks "
+"Issues <https://github.com/globaleaks/globaleaks-whistleblowing-software/issues>`_"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:15
+msgid "Useful debugging commands"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:17
+msgid ""
+"Depending on your setup, here are some common checks to determine if "
+"GlobaLeaks is working:"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:19
+msgid "Is the service running?"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:25
+msgid "Is the service responding on the loopback interface?"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:31
+msgid "Is the service listening on external interfaces?"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:37
+msgid "Are exceptions being generated?"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:45
+msgid "Log files"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:46
+msgid ""
+"Here are some useful logs and their corresponding files when GlobaLeaks "
+"is installed:"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:48
+msgid "**GlobaLeaks process:**"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:55
+msgid ""
+"The verbosity of the logs is configurable via the web interface of the "
+"software under Advanced Settings."
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:2
+msgid "Upgrade guide"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:4
+msgid "Regular update"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:5
+msgid ""
+"To safely upgrade a GlobaLeaks installation please proceed with a backup "
+"of your setup by following the :doc:`Backup and restore "
+"</user/admin/BackupAndRestore>` guide."
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:7
+msgid ""
+"This is necessary so that if something goes wrong and you need to "
+"rollback, you will be able to just uninstall the current package, then "
+"install the same version of globaleaks that was previously installed and "
+"working."
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:9
+msgid "In order to update GlobaLeaks perform the following commands:"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:16
+msgid "Upgrade of the distribution version"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:17
+msgid ""
+"For security and stability reasons it is recommended to not perform a "
+"distribution upgrade."
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:19
+msgid ""
+"GlobaLeaks could be instead easily migrated to a new up-to-date Debian "
+"system with the following recommended instructions:"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:21
+msgid "create an archive backup of /var/globaleaks"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:22
+msgid "instantiate the lates Debian available"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:23
+msgid "log on the new server and extract the backup in /var/globaleaks"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:24
+msgid ""
+"follow the :doc:`Installation Guide </setup/InstallationGuide>`; "
+"GlobaLeaks while installing will recognize the presence of an existing "
+"data directory and will use it"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:27
+msgid "In case of errors"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:28
+msgid ""
+"The above commands should allow you to perform regularly updates. On some"
+" conditions due to special updates it could be possible that those "
+"commands result in a failure. Consult this page for knowning specific "
+"FAQs on precise failures."
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:30
+msgid ""
+"In case you do not find any specific documented solution for your "
+"failure, you could run the GlobaLeaks install script. The installation "
+"script in fact is designed to allow the update of GlobaLeaks and it "
+"includes fixes for the most common issue."
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:33
+msgid ""
+"To run the install script for updating globaleaks perform the following "
+"commands:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:2
+msgid "User interface"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:3
+msgid ""
+"This section offers you a summary of the user interface offered to Admin "
+"users."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:7
+msgid "Through the menu you could access the following administrative sections:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:9 ../../user/admin/UserInterface.rst:28
+#: ../../user/admin/UserInterface.rst:33 ../../user/admin/UserInterface.rst:44
+msgid "Settings"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:11 ../../user/admin/UserInterface.rst:77
+msgid "Users"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:13 ../../user/admin/UserInterface.rst:99
+msgid "Questionnaires"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:15 ../../user/admin/UserInterface.rst:158
+msgid "Channels"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:17 ../../user/admin/UserInterface.rst:185
+msgid "Case management"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:21 ../../user/admin/UserInterface.rst:228
+msgid "Network"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:23 ../../user/admin/UserInterface.rst:279
+msgid "Sites"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:25 ../../user/admin/UserInterface.rst:309
+msgid "Audit log"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:29
+msgid ""
+"This is the section that offers you all the main customization "
+"possibilities necessary for implementing a basic and functional "
+"whistleblowing site."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:31
+msgid "This section is furtherly divided in:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:35 ../../user/admin/UserInterface.rst:50
+msgid "Files"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:37 ../../user/admin/UserInterface.rst:56
+msgid "Languages"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:39
+msgid "Text customization"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:41
+msgid "Advanced settings"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:45
+msgid ""
+"In this section is configurable the logo and all the texts of the main "
+"user interfaces."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:51
+msgid ""
+"In this section could be loaded CSS and Javascript and other files "
+"necessary to customize the interface."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:57
+msgid ""
+"In this section you could enable all the languages required by your "
+"project and configure the default language."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:60
+msgid ""
+"Thanks to the `Localization Lab <https://www.localizationlab.org/>`_ and "
+"our great volunteer community, the software is already available and "
+"continuously made available in a lot of languages. This aspect of "
+"internationalization is crucial in many projects. In case you are "
+"starting a project and the required languages are not available we "
+"strongly invite you to register on our `web translation platform "
+"<https://www.transifex.com/otf/globaleaks/>`_ offered by `Transifex "
+"<https://www.transifex.com/otf/globaleaks/>`_ and support yourself the "
+"translation. Internationalization and Localization is in fact are crucial"
+" for the success of a whistleblowing project. Thank you!"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:65
+msgid "Text Customization"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:66
+msgid ""
+"Here could be configured overrides for any of the texts of the platform "
+"and of their translation."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:71
+msgid "Advanced Settings"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:72
+msgid "In this section could be configured a set of advanced settings."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:78
+msgid ""
+"This sections is where users could be created and managed. The system "
+"with the basic configuration completed with the initial Platform wizard "
+"is configured with an Administrator and a Recipient."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:81
+msgid ""
+"Depending on your project needs here you could create users with "
+"different roles and manage their respective privileges."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:86
+msgid "User Roles"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:87
+msgid ""
+"The software offers the possibility to create users with the following "
+"roles:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:89
+msgid "Administrators"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:91
+msgid "Recipients"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:94
+msgid "User Options"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:100
+msgid ""
+"The softare implements a standard default questionnaire that is proposed "
+"as a good base for a generic whistleblowing procedure. This questinnaire "
+"is the current result of the research performed by the project team with "
+"the organizations that have adopted the solution and expecially with "
+"anticorruption and investigative journalism NGOs."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:102
+msgid ""
+"As every organization has different needs, risks and goals globaleaks has"
+" been designed considering to implement an advanced questionnaire builder"
+" offering the possibility to design custom questionnaires."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:104
+msgid ""
+"The following sections present the questionnaire builder and its "
+"capabilities."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:108
+msgid ""
+"Depending on your project needs you may evaluate defining some questions "
+"once as Question Templates and reuse the same question in multiple "
+"questionnaires."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:113
+msgid "Steps"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:114
+msgid ""
+"The software enables to organize questionnaire in one or multiple steps. "
+"For example the default questionnaire is organized with a single step "
+"including all the questions."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:118
+msgid "Questions Types"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:119
+msgid "The software enables you to create questions of the following types:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:121
+msgid "Single-line text input"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:123
+msgid "Multi-line text input"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:125
+msgid "Selection box"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:127
+msgid "Multiple choice input"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:129
+msgid "Checkbox"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:131
+msgid "Attachment"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:133
+msgid "Terms of service"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:137
+msgid "Date range"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:139
+msgid "Voice"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:141
+msgid "Question group"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:144
+msgid "Common Question Properties"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:145
+msgid ""
+"Each of the software question types make it possible to configure the "
+"following properties:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:147
+msgid "Question: The text of the question"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:149
+msgid ""
+"Hint: A hint that will be shown via an popover an a question mark near "
+"the question."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:151
+msgid "Description: A description text that will be shown below the question"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:153
+msgid "Required: Set this field if you want this question to be mandatory"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:155
+msgid ""
+"Preview: Set this field if you want the answers to this question to "
+"appear in the preview section of the list"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:159
+msgid ""
+"This section is where whistleblowing channels could be created and "
+"managed."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:161
+msgid ""
+"A whistleblowing channel is typically defined by the following main "
+"characteristics"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:163
+msgid ""
+"Name: the name of the channel Image: an image to identify the channel "
+"Description: a description of the channel Recipients: the set of "
+"recipients that will receive reports sent to this channel Questionnaire: "
+"the questionnaire that will be proposed to whistleblowers selecting this "
+"channel Submission expiration: the data retention policy for the channel"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:170
+msgid ""
+"The system with the basic configuration completed with the initial "
+"platform wizard is configured with a single Channel called Default, on "
+"which is associated a recipient and the default questionnaire."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:172
+msgid ""
+"Depending on your project needs here you could create additional Channels"
+" and configure their respective properties."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:177
+msgid "Data Retention Policy"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:178
+msgid ""
+"The software enables to configure a data retention policy for each "
+"channel. This is a fundamental property of the whistleblowing channel "
+"that makes it possible to configure automatic secure deletion of reports "
+"after a certain period of time. This setting should be configured in "
+"relation to the risk of the channel in order to limit unneeded exposure "
+"of the reports received therein."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:182
+msgid "By default a channel is configured with a report expiration of 90 days."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:186
+msgid ""
+"This section is intended to host all the main case management feature "
+"that will be offered by the software. Currently it hosts the possibility "
+"to define reports statuses and sub-statuses intended to be used by "
+"Recipients while working on the reports."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:194
+msgid "By default the system includes the following report statuses:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:190
+msgid "New"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:192
+msgid "Open"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:194
+msgid "Closed"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:196
+msgid ""
+"Within this section you may add additional Statuses between the State "
+"Open and Closed and you can furtherly define Sub-statuses for the Closed "
+"status (e.g. Archived / Spam)"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:202
+msgid ""
+"This is the section where are configured all the aspects related to the "
+"mail notifications sent by the software."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:207
+#: ../../user/admin/UserInterface.rst:238
+msgid "The section is furtherly divided in:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:205
+#: ../../user/admin/UserInterface.rst:210
+msgid "Notification Settings"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:207
+#: ../../user/admin/UserInterface.rst:219
+msgid "Notification Templates"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:211
+msgid "Here are configured the technical details about SMTP."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:214
+msgid ""
+"By default GlobaLeaks comes with a working configuration that is based on"
+" systems offered by the GlobaLeaks developers to the community of users "
+"and testers; even though this configuration is designed by their owners "
+"with special care in relation to security and privacy you are invited to "
+"consider using alternative systems for your production environment."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:220
+msgid "In this section are configured the notification templates."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:222
+msgid ""
+"By default globaleaks includes text and translations for each of the "
+"templates that are provided to be fully functional and studied with "
+"particular care in relation to security and privacy. Depending on your "
+"project needs you may override the default text with your customized "
+"texts."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:229
+msgid "In this section are configured the network settings."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:232
+#: ../../user/admin/UserInterface.rst:241
+msgid "HTTPS"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:234
+#: ../../user/admin/UserInterface.rst:255
+msgid "Tor"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:236
+msgid "IP Access control"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:238
+#: ../../user/admin/UserInterface.rst:273
+msgid "URL Redirects"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:242
+msgid ""
+"Here you can configure all the aspects related to the access of the "
+"platform via the HTTPS Protocol."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:246
+msgid "In particular here are configured:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:248
+msgid "The domain name used by your project"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:250
+msgid "The HTTPS key and certificates"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:252
+msgid ""
+"To ease the deployment and the maintenance and reduce the costs of your "
+"project, consider using the software includes support for the Let’s "
+"Encrypt HTTPS certificates."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:256
+msgid ""
+"Here you can configure all the aspects related to the access of the "
+"platform via the Tor Protocol."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:261
+msgid "IP Access Control"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:262
+msgid "Here you can configure IP based Access Control."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:266
+msgid "Suggested configurations are:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:268
+msgid "Prevent Whistleblowers to report from within their respective work space."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:270
+msgid "Restrict Recipients access to their intranet."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:274
+msgid "Here you can configure URL Redirects."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:280
+msgid ""
+"The site section enables organization to create and manage multiple "
+"secondary whistleblowing sites."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:283
+msgid "Sites Management"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:284
+msgid ""
+"Secondary whistleblowing platforms with independent configurations can be"
+" manually created and managed through the Sites interface."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:286
+msgid ""
+"Organizations have typically need for creating a secondary site when "
+"dealing with subsidiaries or third party clients."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:290
+msgid ""
+"After creating a secondary site an administrators of the main site could "
+"simply enter on that system by clicking a \"Configure\" button."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:292
+msgid ""
+"After clicking on the button the administrator will be logged in on the "
+"the administrative panel of the site."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:295
+msgid "Signup Module"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:296
+msgid ""
+"The software features a signup module that can be enabled and used to "
+"offers others users the possibility to register their secondary site."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:298
+msgid ""
+"Organizations have typically need for a signup module when offering the "
+"platform to other subsidiaries or third party clients where they want "
+"users to have the possibility to self subscribe."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:300
+msgid "The signup feature can be anabled in the Options tab of the Sites section."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:304
+msgid ""
+"When the signup module is enabled the submission module of the main site "
+"is automatically disabled and the home page will be featuring the "
+"following signup form:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:310
+msgid ""
+"The software features a privacy precerving audit log enabling "
+"administrators of the system to supervise on projects operations."
+msgstr ""
+
+#: ../../user/index.rst:2
+msgid "User documentation"
+msgstr ""
+
diff --git a/documentation/locale/es/LC_MESSAGES/sphinx.mo b/documentation/locale/es/LC_MESSAGES/sphinx.mo
new file mode 100644
index 0000000000..b29f3ac5cc
Binary files /dev/null and b/documentation/locale/es/LC_MESSAGES/sphinx.mo differ
diff --git a/documentation/locale/es/LC_MESSAGES/sphinx.po b/documentation/locale/es/LC_MESSAGES/sphinx.po
new file mode 100644
index 0000000000..73d4a51551
--- /dev/null
+++ b/documentation/locale/es/LC_MESSAGES/sphinx.po
@@ -0,0 +1,4671 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) 2011-2024 - GlobaLeaks
+# This file is distributed under the same license as the GlobaLeaks package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2024.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: GlobaLeaks 5.0.15\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2024-10-14 19:43+0200\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language: es\n"
+"Language-Team: es <LL@li.org>\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Generated-By: Babel 2.16.0\n"
+
+#: ../../developer/ContinuousIntegration.rst:3
+msgid "Continuous integration"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:4
+msgid ""
+"The GlobaLeaks codebase is continuously tested for bug within a complete "
+"continuous integration lifecycle implemented."
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:6
+msgid "Testes are performed at every commit by:"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:8
+msgid ""
+"performing continous integration testing with `GitHub Actions "
+"<https://github.com/globaleaks/globaleaks-whistleblowing-software/actions>`_;"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:9
+msgid ""
+"tracking tests coverage and code quality with `Codacy "
+"<https://app.codacy.com/manual/GlobaLeaks/GlobaLeaks>`_."
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:12
+msgid "Unit tests"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:13
+msgid "Unit tests are implemented by means of python-twisted and trial"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:15
+#: ../../developer/ContinuousIntegration.rst:26
+msgid "Tests can be run manually by issuing:"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:23
+msgid "E2E tests"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:24
+msgid "End to end tests are implemented by means of Cypress."
+msgstr ""
+
+#: ../../developer/DatabaseSchema.rst:2
+msgid "Database schema"
+msgstr ""
+
+#: ../../developer/Environment.rst:3
+msgid "Development environment"
+msgstr ""
+
+#: ../../developer/Environment.rst:4
+msgid ""
+"This guide describes how to set up an environment in order to contribute "
+"to the development of GlobaLeaks."
+msgstr ""
+
+#: ../../developer/Environment.rst:7 ../../gettingstarted/Requirements.rst:2
+msgid "Requirements"
+msgstr ""
+
+#: ../../developer/Environment.rst:8
+msgid ""
+"The guide assumes you run a Debian based system and that the following "
+"software is installed on your system:"
+msgstr ""
+
+#: ../../developer/Environment.rst:10
+msgid "debhelper"
+msgstr ""
+
+#: ../../developer/Environment.rst:11
+msgid "devscripts"
+msgstr ""
+
+#: ../../developer/Environment.rst:12
+msgid "dh-apparmor"
+msgstr ""
+
+#: ../../developer/Environment.rst:13
+msgid "dh-python"
+msgstr ""
+
+#: ../../developer/Environment.rst:14
+msgid "git"
+msgstr ""
+
+#: ../../developer/Environment.rst:15
+msgid "grunt-cli"
+msgstr ""
+
+#: ../../developer/Environment.rst:16
+msgid "node"
+msgstr ""
+
+#: ../../developer/Environment.rst:17
+msgid "npm"
+msgstr ""
+
+#: ../../developer/Environment.rst:18
+msgid "python3"
+msgstr ""
+
+#: ../../developer/Environment.rst:19
+msgid "python3-dev"
+msgstr ""
+
+#: ../../developer/Environment.rst:20
+msgid "python3-pip"
+msgstr ""
+
+#: ../../developer/Environment.rst:21
+msgid "python3-setuptools"
+msgstr ""
+
+#: ../../developer/Environment.rst:22
+msgid "python3-sphinx"
+msgstr ""
+
+#: ../../developer/Environment.rst:23
+msgid "python3-virtualenv"
+msgstr ""
+
+#: ../../developer/Environment.rst:26 ../../setup/index.rst:2
+msgid "Setup"
+msgstr ""
+
+#: ../../developer/Environment.rst:27
+msgid "The repository could be cloned with:"
+msgstr ""
+
+#: ../../developer/Environment.rst:33
+msgid "Client dependencies could be installed by issuing:"
+msgstr ""
+
+#: ../../developer/Environment.rst:41
+msgid "Backend dependencies could be installed by issuing:"
+msgstr ""
+
+#: ../../developer/Environment.rst:50
+msgid ""
+"This will create for you a python virtualenv in the directory env "
+"containing all the required python dependencies. To leave the virtualenv,"
+" type ``deactivate``."
+msgstr ""
+
+#: ../../developer/Environment.rst:52
+msgid ""
+"Then, anytime you will want to activate the environment to run globaleaks"
+" you will just need to issue the command:"
+msgstr ""
+
+#: ../../developer/Environment.rst:58
+msgid "Setup the client:"
+msgstr ""
+
+#: ../../developer/Environment.rst:66
+msgid "Setup the backend and its dependencies:"
+msgstr ""
+
+#: ../../developer/Environment.rst:76
+msgid "Run"
+msgstr ""
+
+#: ../../developer/Environment.rst:77
+msgid ""
+"To run globaleaks from sources within the development environment you "
+"should issue:"
+msgstr ""
+
+#: ../../developer/Environment.rst:85
+msgid ""
+"GlobaLeaks will start and be reachable at the following address "
+"https://127.0.0.1:8443"
+msgstr ""
+
+#: ../../developer/Environment.rst:88
+msgid "Building the docs"
+msgstr ""
+
+#: ../../developer/Environment.rst:89
+msgid "To build the documentation:"
+msgstr ""
+
+#: ../../developer/Environment.rst:97
+msgid "To edit the docs with hot-reload functionality:"
+msgstr ""
+
+#: ../../developer/Environment.rst:107
+msgid ""
+"Sphinx server will start and be reachable at the following address "
+"http://127.0.0.1:8000 in the web browser."
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:2
+msgid "Release procedure"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:3
+msgid "This is the procedure followed to publish a new GlobaLeaks release."
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:5
+msgid "A release is represented by:"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:7
+msgid "A version bump;"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:8
+msgid "An updated CHANGELOG;"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:9
+msgid "A commit titled \"Bump to version $number\";"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:10
+msgid "A tag commit $version signed by a core developer with their own key;"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:11
+msgid "An updated package on deb.globaleaks.org;"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:12
+msgid "A signed repository."
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:15
+msgid "Release tagging"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:16
+msgid ""
+"To release is tagger by means of the official version bump script by "
+"issuing:"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:23
+msgid "Release packaging"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:24
+msgid "The package is built by means of the official build script by issuing:"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:30
+msgid "This command builds a package for each supported distribution and version."
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:33
+msgid "Package publishing"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:34
+msgid "The package is published on https://deb.globaleaks.org by issuing:"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:41
+msgid "Repository signing"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:42
+msgid ""
+"The release is then signed by a core developer by using the official "
+"project key via:"
+msgstr ""
+
+#: ../../developer/SoftwareLibraries.rst:2
+msgid "Software libraries"
+msgstr ""
+
+#: ../../developer/SoftwareLibraries.rst:3
+msgid ""
+"The software libraries used by GlobaLeaks are listed in the following "
+"files:"
+msgstr ""
+
+#: ../../developer/SoftwareLibraries.rst:5
+msgid ""
+"Backend: `backend/requirements.txt <https://github.com/globaleaks"
+"/globaleaks-whistleblowing-software/blob/main/backend/requirements/requirements-"
+"bullseye.txt>`_"
+msgstr ""
+
+#: ../../developer/SoftwareLibraries.rst:6
+msgid ""
+"Client: `client/package.json <https://github.com/globaleaks"
+"/globaleaks-whistleblowing-software/blob/main/client/package.json>`_"
+msgstr ""
+
+#: ../../developer/SoftwareLibraries.rst:7
+msgid ""
+"Packaging: `debian/control <https://github.com/globaleaks/whistleblowing-"
+"software/blob/main/debian/controlX/control.bullseye>`_"
+msgstr ""
+
+#: ../../developer/index.rst:2
+msgid "Developer documentation"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:2
+msgid "Features"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:3
+msgid "These are the key features of the software:"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:6
+msgid "User features"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:8
+msgid ""
+"Multi-user system with customizable user roles (whistleblower, recipient,"
+" administrator)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:9
+msgid "Fully manageable via a web administration interface"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:10
+msgid ""
+"Allows whistleblowers to decide if and when to confidentially declare "
+"their identity"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:11
+msgid "Facilitates multimedia file exchanges with whistleblowers"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:12
+msgid "Secure management of file access and visualization"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:13
+msgid "Enables chat with whistleblowers to discuss reports"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:14
+msgid "Provides a unique 16-digit receipt for anonymous whistleblower login"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:15
+msgid "Simple recipient interface for receiving and analyzing reports"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:16
+msgid "Supports report categorization with labels"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:17
+msgid "Includes user search functionality for reports"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:18
+msgid "Supports the creation and assignment of case management statuses"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:19
+msgid "Customizable appearance (logo, color, styles, font, text)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:20
+msgid "Allows defining multiple reporting channels (e.g., by topic, department)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:21
+msgid ""
+"Enables creation and management of multiple whistleblowing sites (e.g., "
+"for subsidiaries or third-party clients)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:22
+msgid "Advanced questionnaire builder"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:23
+msgid "Provides whistleblowing system statistics"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:24
+msgid ""
+"Support for `over 90 languages "
+"<https://www.transifex.com/otf/globaleaks>`_ and Right-to-Left (RTL) "
+"languages"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:27
+msgid "Legal features"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:29
+msgid ""
+"Designed in adherence to `ISO 37002:2021 "
+"<https://www.iso.org/standard/65035.html>`_ and `EU Directive 2019/1937 "
+"<https://eur-lex.europa.eu/legal-"
+"content/en/TXT/?uri=CELEX%3A32019L1937>`_ recommendations for "
+"whistleblowing compliance"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:30
+msgid "Supports bidirectional anonymous communication (comments/messages)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:31
+msgid "Customizable case management workflow (statuses/sub-statuses)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:32
+msgid "Conditional reporting workflow based on whistleblower identity"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:33
+msgid "Manages conflicts of interest in the reporting workflow"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:34
+msgid "Custodian functionality to authorize access to whistleblower identity"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:35
+msgid "GDPR privacy by design and by default"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:36
+msgid "Configurable GDPR data retention policies"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:37
+msgid "GDPR-compliant subscriber module for new SaaS users"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:38
+msgid "No IP address logging"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:39
+msgid "Includes an audit log"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:40
+msgid "Integrates with existing enterprise case management platforms"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:41
+msgid ""
+"Free Software OSI Approved `AGPL 3.0 License "
+"<https://github.com/globaleaks/whistleblowing-"
+"software/blob/main/LICENSE>`_"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:44
+msgid "Security features"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:46
+msgid ""
+"Designed in adherence to `ISO 27001:2022 "
+"<https://www.iso.org/standard/82875.html>`_, `CSA STAR "
+"<https://cloudsecurityalliance.org/star>`_, and `OWASP "
+"<https://owasp.org/>`_ recommendations for security compliance"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:47
+msgid ""
+"Full data encryption for whistleblower reports and recipient "
+"communications"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:48
+msgid ""
+"Supports digital anonymity through `Tor <https://www.torproject.org/>`_ "
+"integration"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:49
+msgid ""
+"Built-in HTTPS support with `TLS 1.3 "
+"<https://tools.ietf.org/html/rfc8446>`_ standard and `SSLabs A+ "
+"<https://www.ssllabs.com/ssltest/analyze.html?d=try.globaleaks.org>`_ "
+"rating"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:50
+msgid ""
+"Automatic enrollment for free digital certificates with `Let’s Encrypt "
+"<https://letsencrypt.org/>`_"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:51
+msgid "Multiple penetration tests with publicly available reports"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:52
+msgid ""
+"Two-Factor Authentication (2FA) compliant with `TOTP RFC 6238 "
+"<https://tools.ietf.org/html/rfc6238>`_"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:53
+msgid "Integrated network sandboxing with iptables"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:54
+msgid "Application sandboxing with `AppArmor <http://wiki.apparmor.net/>`_"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:55
+msgid "Complete protection against automated submissions (spam prevention)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:56
+msgid "Continuous peer review and periodic security audits"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:57
+msgid "PGP support for encrypted email notifications and file downloads"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:58
+msgid "Leaves no traces in browser cache"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:61
+msgid "Technical features"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:63
+msgid ""
+"Designed in adherence to `Directive (EU) 2019/882 <https://eur-"
+"lex.europa.eu/legal-content/IT/TXT/?uri=CELEX%3A32019L0882>`_, `Directive"
+" (EU) 2016/2102 <https://eur-lex.europa.eu/legal-"
+"content/IT/TXT/?uri=CELEX%3A32016L2102>`_, `ETSI EN 301 549 "
+"<https://www.etsi.org/deliver/etsi_en/301500_301599/301549/03.02.01_60/en_301549v030201p.pdf>`_,"
+" `W3C WCAG 2.2 <https://www.w3.org/TR/WCAG22/>`_, and `WAI-ARIA 2.2 "
+"<https://www.w3.org/TR/wai-aria-1.2/>`_ recommendations for accessibility"
+" compliance"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:64
+msgid ""
+"Multi-site support enabling the operation of multiple virtual sites on "
+"the same setup"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:65
+msgid ""
+"Responsive user interfaces created with `Bootstrap "
+"<https://getbootstrap.com/>`_ CSS framework"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:66
+msgid "Automated software quality measurement and continuous integration testing"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:67
+msgid "Long-Term Support (LTS) plan"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:68
+msgid ""
+"Built with lightweight framework technologies (`Angular "
+"<https://angular.dev/>`_ and `Python Twisted <https://twisted.org/>`_)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:69
+msgid "Integrated `SQLite <https://sqlite.org>`_ database"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:70
+msgid ""
+"Automatic setup for `Tor Onion Services Version 3 "
+"<https://www.torproject.org/>`_"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:71
+msgid "Supports self-service signup for whistleblowing SaaS setup"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:72
+msgid ""
+"Compatible with Linux operating systems (`Debian "
+"<https://www.debian.org/>`_ / `Ubuntu <https://ubuntu.com/>`_)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:73
+msgid "Debian packaging with a repository for updates/upgrades"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:74
+msgid "Fully self-contained application"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:75
+msgid "Easy integration with existing websites"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:76
+msgid ""
+"Built and packaged with `reproducibility "
+"<https://en.wikipedia.org/wiki/Reproducible_builds>`_ in mind"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:77
+msgid "REST API"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:2
+msgid "Glossary"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:3
+msgid ""
+"This glossary defines jargon used in GlobaLeaks in a clear and consistent"
+" manner."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:5 ../../security/ThreatModel.rst:1
+msgid "Administrator"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:7
+msgid ""
+"The user who has set up and maintains the platform. An Administrator does"
+" not have access to Whistleblowers’ reports."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:8
+msgid "Channel"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:10
+msgid ""
+"A reporting channel used as a container for reports. Channels can be "
+"configured with specific questionnaires, recipients, and policies. They "
+"are typically used to organize the reporting process."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:11 ../../user/admin/UserInterface.rst:19
+#: ../../user/admin/UserInterface.rst:201
+msgid "Notification"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:13
+msgid ""
+"An email sent to inform a recipient of a new report or an update to an "
+"existing report."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:14
+msgid "Platform"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:16
+msgid "A system running the GlobaLeaks software."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:17
+msgid "Questionnaire"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:19
+msgid "A set of questions that the whistleblower must complete to file a report."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:20
+#: ../../security/ApplicationSecurity.rst:32
+msgid "Receipt"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:22
+msgid ""
+"A 16-digit random secret code generated by the system and provided to "
+"whistleblowers upon submission of their report. This code allows them to "
+"anonymously access and update their report by adding comments and new "
+"files."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:23 ../../security/ThreatModel.rst:1
+msgid "Recipient"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:25
+msgid ""
+"A user authorized to read whistleblowers’ reports. Recipients may also "
+"communicate with whistleblowers via the GlobaLeaks platform."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:26 ../../security/PenetrationTests.rst:1
+msgid "Report"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:28
+msgid ""
+"The submission by a whistleblower, including answers to a questionnaire "
+"and any attached material."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:29 ../../security/ThreatModel.rst:1
+msgid "Whistleblower"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:31
+msgid "The person who files a report."
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:3
+msgid ""
+"Ensure you understand and meet each of the following technical "
+"requirements."
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:6
+msgid "Hardware requirements"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:7
+msgid "**Requirements**:"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:9
+msgid "CPU: Dual-core 2.0GHz (64-bit)"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:10
+msgid "RAM: 1GB"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:11
+msgid "Storage: 20GB"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:12
+msgid "I/O: 10Mbit/s (shared)"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:14
+msgid ""
+"Please note that GlobaLeaks is designed to run on servers with "
+"specifications smaller than those listed above."
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:16
+msgid ""
+"The storage size should be determined based on your data retention "
+"policies and the expected use of the platform."
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:19
+msgid "Software requirements"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:20
+msgid ""
+"GlobaLeaks is designed to run on GNU/Linux and is developed and tested "
+"specifically for Debian-based systems."
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:22
+msgid ""
+"The currently recommended distributions are: Debian 12 (Bookworm) and "
+"Ubuntu 24.04 (Noble)"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:24
+msgid ""
+"The software lifecycle of the platform includes full support for all "
+"Debian and Ubuntu LTS versions starting from `Debian 10 "
+"<https://www.debian.org/releases/buster/>`_ and `Ubuntu 20.04 "
+"<https://releases.ubuntu.com/20.04/>`_."
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:26
+msgid ""
+"Support is guaranteed on these platforms according to the official long-"
+"term support timelines:"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:28
+msgid "`Debian Release End of Life Timeline <https://wiki.debian.org/LTS>`_"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:29
+msgid ""
+"`Ubuntu Release End of Life Timeline <https://www.ubuntu.com/info"
+"/release-end-of-life>`_"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:31
+msgid ""
+"Currently, we do not plan to support additional distributions, as "
+"GlobaLeaks adheres to the Unix philosophy of making each program excel in"
+" a specific area. By focusing our efforts on mastering one domain, we aim"
+" to serve our community most effectively. If you are interested in "
+"helping us extend support to additional distributions, please get in "
+"touch."
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:2
+msgid "Supported browsers"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:4
+msgid ""
+"GlobaLeaks is designed to fully support commonly used browsers on desktop"
+" PCs, laptops, tablets, and smartphones."
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:6
+msgid ""
+"We recommend using the `Tor Browser <https://www.torproject.org/>`_ for "
+"enhanced anonymity and additional privacy and security features not "
+"available in other browsers."
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:8
+msgid "Other supported browsers include:"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Browser"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Version"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Mozilla Firefox"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid ">= 38"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Google Chrome"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid ">= 45"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Brave"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid ">= 1.20.110"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Edge"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "any"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Safari"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid ">= 8"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "iOS"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid ">= 9"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Android"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid ">= 4.4"
+msgstr ""
+
+#: ../../gettingstarted/index.rst:2
+msgid "Getting started"
+msgstr ""
+
+#: ../../index.rst:2
+msgid "Documentation"
+msgstr "Documentación"
+
+#: ../../index.rst:4
+msgid ""
+"`GlobaLeaks <https://www.globaleaks.org/>`_ is an open-source, free "
+"software intended to enable anyone to easily set up and maintain a secure"
+" whistleblowing platform."
+msgstr ""
+
+#: ../../index.rst:7
+msgid ""
+"This documentation is thank to the support of our community. Join us and "
+"contribute with your additions and suggestion. In any of the page you "
+"find a link that enables you to provide suggestions and corrections. We "
+"remind you that in case of any software issue or bug you may always "
+"report on the `ticketing system <https://github.com/globaleaks"
+"/globaleaks-whistleblowing-software/issues>`_."
+msgstr ""
+
+#: ../../roadmap/index.rst:2
+msgid "Project roadmap"
+msgstr ""
+
+#: ../../roadmap/index.rst:5
+msgid ""
+"This tentative roadmap is built by the GlobaLeaks team in order to try to"
+" respond to main users' needs. Please get sure that the needs of your "
+"projects and users are well represented on the project `Ticketing System "
+"<https://github.com/globaleaks/globaleaks-whistleblowing-software/issues>`_. If your"
+" organization could fund the development of parts of this roadmap please "
+"write us at info@globaleaks.org"
+msgstr ""
+
+#: ../../roadmap/index.rst:8
+msgid "Introduction"
+msgstr ""
+
+#: ../../roadmap/index.rst:9
+msgid ""
+"`GlobaLeaks <https://www.globaleaks.org>`_ is free, open source software "
+"enabling anyone to easily set up and maintain a secure whistleblowing "
+"platform."
+msgstr ""
+
+#: ../../roadmap/index.rst:11
+msgid ""
+"Started in 2011, the software is now widely used worldwide by more than "
+"3000 organizations working in the fields of anti-corruption activism, "
+"human rights violations reporting, investigative journalism, and "
+"corporate compliance."
+msgstr ""
+
+#: ../../roadmap/index.rst:13
+msgid ""
+"This document details the main areas of research development and "
+"represents the actual tentative readmap of consolidation planned for "
+"2024-2026 based on the analysis of the large set of user needs collected "
+"within the official `Ticketing System <https://github.com/globaleaks"
+"/globaleaks-whistleblowing-software/issues>`_."
+msgstr ""
+
+#: ../../roadmap/index.rst:16
+msgid "Development areas"
+msgstr ""
+
+#: ../../roadmap/index.rst:19
+msgid "Statistics and Reporting"
+msgstr ""
+
+#: ../../roadmap/index.rst:20
+msgid ""
+"GlobaLeaks still misses the implementation for any generation of "
+"statistics and reports. Such features are considered fundamental in order"
+" to properly support users in analysis, investigation and reporting."
+msgstr ""
+
+#: ../../roadmap/index.rst:22
+msgid "E.g:"
+msgstr ""
+
+#: ../../roadmap/index.rst:24
+msgid ""
+"Recipients should be able to visually see statistics about the received "
+"reports received and the data contained; these statistics should empower "
+"users in their work providing relevant information out of the data "
+"collection that could help users analyze and study social problems like "
+"corruption and be able to organize and export automatic reporting;"
+msgstr ""
+
+#: ../../roadmap/index.rst:25
+msgid ""
+"Administrators should be able to visually see a dashboard in order to "
+"monitor the system and assure that all is working well (e.g. that "
+"recipients are receiving submissions and are able to access them and that"
+" no attacks are performed on the system)."
+msgstr ""
+
+#: ../../roadmap/index.rst:27 ../../roadmap/index.rst:42
+msgid "Ideas:"
+msgstr ""
+
+#: ../../roadmap/index.rst:29
+msgid ""
+"A client library could be adopted to generate reports directly on the "
+"client (e.g. Chart.js)"
+msgstr ""
+
+#: ../../roadmap/index.rst:30
+msgid ""
+"The implementation should support the possibility of exporting the report"
+" in PDF; in relation to this aspect it should be considered the "
+"advantages of a possible backend implementation."
+msgstr ""
+
+#: ../../roadmap/index.rst:32 ../../roadmap/index.rst:47
+#: ../../roadmap/index.rst:58 ../../roadmap/index.rst:71
+#: ../../roadmap/index.rst:84
+msgid "Reference tickets:"
+msgstr ""
+
+#: ../../roadmap/index.rst:34
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/1959"
+msgstr ""
+
+#: ../../roadmap/index.rst:35
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2254"
+msgstr ""
+
+#: ../../roadmap/index.rst:39
+msgid "Audit Log"
+msgstr ""
+
+#: ../../roadmap/index.rst:40
+msgid ""
+"GlobaLeaks still misses the implementation of a complete audit logit. "
+"This is considered a fundamental feature in order to achieve full "
+"accontability of the whistleblowing process and increase security."
+msgstr ""
+
+#: ../../roadmap/index.rst:44
+msgid "Software audit log should be improved"
+msgstr ""
+
+#: ../../roadmap/index.rst:45
+msgid ""
+"The software could exposes a standard log interfaces in CEF/LEEF/Syslog "
+"format to foster integration with third party SIEM software."
+msgstr ""
+
+#: ../../roadmap/index.rst:49
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2579"
+msgstr ""
+
+#: ../../roadmap/index.rst:50
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2580"
+msgstr ""
+
+#: ../../roadmap/index.rst:51
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2651"
+msgstr ""
+
+#: ../../roadmap/index.rst:54
+msgid "GDPR compliance"
+msgstr ""
+
+#: ../../roadmap/index.rst:55
+msgid ""
+"GlobaLeaks implements by-design many best practices in matters of privacy"
+" and security. In order to be effectively accepted and competitive beside"
+" commercial proprietary solutions and to guarantee the sustainability of "
+"the project, the software needs to achieve some market “standards” (e.g. "
+"GDPR compliance / ISO certifications / etc.); among all we selected that "
+"GDPR compliance is a first step where the software could implement best "
+"practices (e.g. procedures for self signup should present appropriate "
+"legal notices, terms of services, and contractualization). Within the "
+"software, there should be implemented an automatic contract generation "
+"via PDF or other suitable formats in respect with the GDPR requirements."
+msgstr ""
+
+#: ../../roadmap/index.rst:60
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2145"
+msgstr ""
+
+#: ../../roadmap/index.rst:61
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2658"
+msgstr ""
+
+#: ../../roadmap/index.rst:62
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2866"
+msgstr ""
+
+#: ../../roadmap/index.rst:63
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2767"
+msgstr ""
+
+#: ../../roadmap/index.rst:64
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/3011"
+msgstr ""
+
+#: ../../roadmap/index.rst:65
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/3012"
+msgstr ""
+
+#: ../../roadmap/index.rst:68
+msgid "Backup and Restore"
+msgstr ""
+
+#: ../../roadmap/index.rst:69
+msgid ""
+"GlobaLeaks currently misses any feature for performing backup and "
+"restoring of its setup. These duties are currently performed by its users"
+" following typical best manual practices (e.g. archiving the data "
+"directory of the application). This project idea is to research the best "
+"practices to be applied in this context and to identify suitable "
+"strategies for implementing periodic, secure and encrypted backups to be "
+"restored upon necessity."
+msgstr ""
+
+#: ../../roadmap/index.rst:73
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/528"
+msgstr ""
+
+#: ../../roadmap/index.rst:74
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2149"
+msgstr ""
+
+#: ../../roadmap/index.rst:77
+msgid "Multitenancy"
+msgstr ""
+
+#: ../../roadmap/index.rst:79
+msgid "Import and Export of Tenants"
+msgstr ""
+
+#: ../../roadmap/index.rst:80
+msgid ""
+"Part of the software is a recent feature of Multitenancy, first "
+"implemented in 2018 and stabilized during 2019. Through this feature, "
+"GlobaLeaks makes it possible to create multiple setups of itself via "
+"virtual sites (similarly to Wordpress multisite feature). In order to "
+"make it more easy for an administrator to migrate a platform form a "
+"system to an other or to enable users to require data portability from a "
+"globaleaks provider to an other, for example in relation to GDPR it has "
+"been evaluated necessary to improve the multi tenancy implementation by "
+"implementing support for import-export of tenants. In the context of a "
+"whistleblowing application, involving encryption and logging this poses "
+"important challenges on how to best handle this process."
+msgstr ""
+
+#: ../../roadmap/index.rst:86
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2632"
+msgstr ""
+
+#: ../../roadmap/index.rst:87
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2631"
+msgstr ""
+
+#: ../../roadmap/index.rst:90
+msgid "Multisite users"
+msgstr ""
+
+#: ../../roadmap/index.rst:91
+msgid "(To be further researched)"
+msgstr ""
+
+#: ../../roadmap/index.rst:93
+msgid ""
+"Important requirement at the base of the Multitenancy expansion is the "
+"possibility to enable users to be administrators and recipients of two or"
+" multiple instances running on the same multi-site setup. This is useful "
+"for example when a lawyer takes part as a recipient on multiple projects;"
+" as well it is useful when an ICT consultant joins consultancy on "
+"multiple projects."
+msgstr ""
+
+#: ../../roadmap/index.rst:96
+msgid ""
+"This could significatively simplify user access enabling the user to have"
+" a single set of username and password and associated keys."
+msgstr ""
+
+#: ../../roadmap/index.rst:98
+msgid "References tickets:"
+msgstr ""
+
+#: ../../roadmap/index.rst:100
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2302"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:3
+msgid "Application security"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:4
+msgid ""
+"The GlobaLeaks software aims to adhere to industry-standard best "
+"practices, with its security being the result of applied research."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:6
+msgid ""
+"This document details every aspect implemented by the application in "
+"relation to security design."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:9
+msgid "Architecture"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:10
+msgid "The software comprises two main components: a `Backend` and a `Client`:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:12
+msgid ""
+"The Backend is a Python-based server that runs on a physical server and "
+"exposes a `REST API "
+"<https://en.wikipedia.org/wiki/Representational_state_transfer>`_."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:13
+msgid ""
+"The Client is a JavaScript client-side web application that interacts "
+"with the Backend only through `XHR "
+"<https://en.wikipedia.org/wiki/XMLHttpRequest>`_."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:16
+msgid "Anonymity"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:17
+msgid ""
+"Users' anonymity is protected by means of `Tor "
+"<https://www.torproject.org>`_ technology."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:19
+msgid ""
+"The application is designed to avoid logging sensitive metadata that "
+"could lead to the identification of whistleblowers."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:22
+msgid "Authentication"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:23
+msgid ""
+"The confidentiality of authentication is protected either by `Tor Onion "
+"Services v3 <https://www.torproject.org/docs/onion-services.html.en>`_ or"
+" `TLS version 1.2+ "
+"<https://en.wikipedia.org/wiki/Transport_Layer_Security>`_."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:25
+msgid ""
+"This section describes the authentication methods implemented by the "
+"system."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:28
+msgid "Password"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:29
+msgid ""
+"By accessing the login web interface, `Administrators` and `Recipients` "
+"need to enter their respective `Username` and `Password`. If the "
+"submitted password is valid, the system grants access to the "
+"functionality available to that user."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:33
+msgid ""
+"`Whistleblowers` access their `Reports` using an anonymous `Receipt`, "
+"which is a randomly generated 16-digit sequence created by the Backend "
+"when the Report is first submitted. This format resembles a standard "
+"phone number, making it easier for whistleblowers to conceal their "
+"receipts."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:36
+msgid "Password security"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:37
+msgid "The system implements the following password security measures:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:40
+msgid "Password storage"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:41
+msgid ""
+"Passwords are never stored in plaintext; instead, the system maintains "
+"only a hashed version. This applies to all authentication secrets, "
+"including whistleblower receipts."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:43
+msgid ""
+"The platform stores users’ passwords hashed with a random 128-bit salt, "
+"unique for each user."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:45
+msgid ""
+"Passwords are hashed using `Argon2 "
+"<https://en.wikipedia.org/wiki/Argon2>`_, a key derivation function "
+"selected as the winner of the `Password Hashing Competition "
+"<https://en.wikipedia.org/wiki/Password_Hashing_Competition>`_ in July "
+"2015."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:47
+msgid ""
+"The hash involves a per-user salt for each user and a per-system salt for"
+" whistleblowers."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:50
+msgid "Password complexity"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:51
+msgid ""
+"The system enforces complex passwords by implementing a custom algorithm "
+"necessary to ensure reasonable entropy for each authentication secret."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:53
+msgid ""
+"Passwords are scored at three levels: `Strong`, `Acceptable`, and "
+"`Insecure`."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:55
+msgid ""
+"Strong: A strong password should include capital letters, lowercase "
+"letters, numbers, and symbols, be at least 12 characters long, and "
+"contain a variety of at least 10 different characters."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:56
+msgid ""
+"Acceptable: An acceptable password should include at least 3 different "
+"types of characters from capital letters, lowercase letters, numbers, and"
+" symbols, be at least 10 characters long, and contain a variety of at "
+"least 7 different characters."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:57
+msgid ""
+"Insecure: Passwords ranked below the strong or acceptable levels are "
+"marked as insecure and are not accepted by the system."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:59
+msgid ""
+"We encourage each end user to use `KeePassXC <https://keepassxc.org>`_ to"
+" generate and retain strong, unique passphrases."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:62
+msgid "Two-factor authentication"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:63
+msgid ""
+"The system implements Two-Factor Authentication (2FA) based on `TOTP` "
+"using the `RFC 6238 <https://tools.ietf.org/rfc/rfc6238.txt>`_ algorithm "
+"and 160-bit secrets."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:65
+msgid ""
+"Users can enroll in 2FA via their own preferences, and administrators can"
+" optionally enforce this requirement."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:67
+msgid ""
+"We recommend using `FreeOTP <https://freeotp.github.io/>`_, available "
+"`for Android "
+"<https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp>`_"
+" and `for iOS <https://apps.apple.com/us/app/freeotp-"
+"authenticator/id872559395>`_."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:70
+msgid "Slowdown on failed login attempts"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:71
+msgid ""
+"The system identifies multiple failed login attempts and implements a "
+"slowdown procedure, requiring an authenticating client to wait up to 42 "
+"seconds to complete an authentication."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:73
+msgid ""
+"This feature is intended to slow down potential attacks, requiring more "
+"resources in terms of time, computation, and memory."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:76
+msgid "Password change on first login"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:77
+msgid "The system enforces users to change their password at their first login."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:79
+msgid ""
+"Administrators can also enforce a password change for users at their next"
+" login."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:82
+msgid "Periodic password change"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:83
+msgid ""
+"By default, the system enforces users to change their password at least "
+"every year."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:85
+msgid "This period is configurable by administrators."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:88
+msgid "Password recovery"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:89
+msgid ""
+"In case of a lost password, users can request a password reset via the "
+"web login interface by clicking on a `Forgot password?` button present on"
+" the login page."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:91
+msgid ""
+"When this button is clicked, users are invited to enter their username or"
+" email. If the provided username or email corresponds to an existing "
+"user, the system will send a reset link to the configured email."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:93
+msgid ""
+"By clicking the link received by email, the user is then invited to set a"
+" new password different from the previous one."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:95
+msgid ""
+"If encryption is enabled on the system, a user clicking on the reset link"
+" must first enter their `Account Recovery Key`. Only after correct entry "
+"will the user be able to set a new password."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:98
+msgid "Web application security"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:99
+msgid ""
+"This section describes the Web Application Security implemented by the "
+"software in adherence to the `OWASP Security Guidelines "
+"<https://www.owasp.org>`_."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:102
+msgid "Session management"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:103
+msgid ""
+"The session implementation follows the `OWASP Session Management Cheat "
+"Sheet "
+"<https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html>`_"
+" security guidelines."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:105
+msgid ""
+"The system assigns a session to each authenticated user. The Session ID "
+"is a 256-bit long secret generated randomly by the backend. Each session "
+"expires according to a timeout of 30 minutes. Session IDs are exchanged "
+"between the client and the backend via a header (`X-Session`) and expire "
+"as soon as users close their browser or the tab running GlobaLeaks. Users"
+" can explicitly log out via a logout button or implicitly by closing the "
+"browser."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:108
+msgid "Session encryption"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:109
+msgid ""
+"To minimize the exposure of users' encryption keys, the keys are stored "
+"in an encrypted format and decrypted only upon each client request."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:111
+msgid ""
+"The implementation uses Libsodium's SecretBox, where the client's session"
+" key is used as the secret. Only the client maintains a copy of the "
+"session key, while the server retains only a SHA-256 hash."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:114
+msgid "Cookies and xsrf prevention"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:115
+msgid ""
+"Cookies are not used intentionally to minimize XSRF attacks and any "
+"possible attacks based on them. Instead of using cookies, authentication "
+"is based on a custom HTTP Session Header sent by the client on "
+"authenticated requests."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:118
+msgid "HTTP headers"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:119
+#, python-format
+msgid ""
+"The system implements a large set of HTTP headers specifically configured"
+" to improve software security and achieves a `score A+ by Security "
+"Headers "
+"<https://securityheaders.com/?q=https%3A%2F%2Ftry.globaleaks.org&followRedirects=on>`_"
+" and a `score A+ by Mozilla Observatory "
+"<https://observatory.mozilla.org/analyze/try.globaleaks.org>`_."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:122
+msgid "Strict-Transport-Security"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:123
+msgid "The system implements strict transport security by default. ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:128
+msgid "The default configuration of the application sees this feature disabled."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:131
+msgid "Content-Security-Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:132
+msgid ""
+"The backend implements a strict `Content Security Policy (CSP) "
+"<https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP>`_ preventing any "
+"interaction with third-party resources and restricting the execution of "
+"untrusted user input: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:137
+msgid ""
+"Specific policies are implemented in adherence to the principle of least "
+"privilege."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:139
+msgid "For example:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:141
+msgid ""
+"The `index.html` source of the app is the only resource allowed to load "
+"scripts from the same origin;"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:142
+msgid "Every dynamic content is strictly sandboxed on a null origin;"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:143
+msgid ""
+"Every untrusted user input or third-party library is executed in a "
+"sandbox, limiting its interaction with other application components."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:146
+msgid "Cross-Origin-Embedder-Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:147
+msgid ""
+"The backend implements the following `Cross-Origin-Embedder-Policy (COEP)"
+" <https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-"
+"Embedder-Policy>`_: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:153
+msgid "Cross-Origin-Opener-Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:154
+msgid ""
+"The backend implements the following `Cross-Origin-Opener-Policy (COOP) "
+"<https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-"
+"Opener-Policy>`_: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:160
+msgid "Cross-Origin-Resource-Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:161
+msgid ""
+"The backend implements the following `Cross-Origin-Resource-Policy (CORP)"
+" <https://developer.mozilla.org/en-US/docs/Web/HTTP/Cross-"
+"Origin_Resource_Policy>`_: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:167
+msgid "Permissions-Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:168
+msgid ""
+"The backend implements the following Permissions-Policy header "
+"configuration to limit the possible de-anonymization of the user by "
+"disabling dangerous browser features: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:174
+msgid "X-Frame-Options"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:175
+msgid ""
+"In addition to implementing Content Security Policy level 3 to prevent "
+"the application from being included in an iframe, the backend also "
+"implements the outdated X-Frame-Options header to ensure that iframes are"
+" always prevented in any circumstance, including on outdated browsers: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:181
+msgid "Referrer-Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:182
+msgid ""
+"Web browsers usually attach referrers in their HTTP headers as they "
+"browse links. The platform enforces a referrer policy to avoid this "
+"behavior. ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:188
+msgid "X-Content-Type-Options"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:189
+msgid ""
+"To avoid automatic MIME type detection by the browser when setting the "
+"Content-Type for specific output, the following header is used: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:195
+msgid "Cache-Control"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:196
+msgid ""
+"To prevent or limit forensic traces left on devices used by "
+"whistleblowers and in devices involved in communication with the "
+"platform, as specified in section ``3. Storing Responses in Caches`` of "
+"`RFC 7234 <https://tools.ietf.org/html/rfc7234>`__, the platform uses the"
+" ``Cache-Control`` HTTP header with the configuration ``no-store`` to "
+"instruct clients and possible network proxies to disable any form of data"
+" caching. ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:202
+msgid "Crawlers Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:203
+msgid ""
+"For security reasons, the backend instructs crawlers to avoid caching and"
+" indexing of the application and uses the ``robots.txt`` file to allow "
+"crawling only of the home page. Indexing the home page is considered best"
+" practice to promote the platform's existence and facilitate access for "
+"potential whistleblowers."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:205
+msgid "The implemented configuration is as follows: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:212
+msgid ""
+"The platform also instructs crawlers to avoid caching by injecting the "
+"following HTTP header: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:217
+msgid ""
+"For highly sensitive projects where the platform is intended to remain "
+"``hidden`` and communicated to potential whistleblowers directly, it can "
+"be configured to disable indexing completely."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:219
+msgid "In such cases, the following HTTP header is used: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:225
+msgid "Anchor tags and external urls"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:226
+msgid ""
+"The client opens external URLs in a new tab, independent of the "
+"application context, by setting ``rel='noreferrer'`` and "
+"``target='_blank'``` on every anchor tag. ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:232
+msgid "Input validation"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:233
+msgid ""
+"The application implements strict input validation both on the backend "
+"and on the client."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:236
+msgid "On the backend"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:237
+msgid ""
+"Each client request is strictly validated by the backend against a set of"
+" regular expressions, and only requests matching the expressions are "
+"processed."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:239
+msgid ""
+"Additionally, a set of rules is applied to each request type to limit "
+"potential attacks. For example, any request is limited to a payload of "
+"1MB."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:242
+msgid "On the client"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:243
+msgid ""
+"Each server output is strictly validated by the client at rendering time "
+"using the Angular component `ngSanitize.$sanitize "
+"<http://docs.angularjs.org/api/ngSanitize.$sanitize>`__."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:246
+msgid "Form autocomplete off"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:247
+msgid ""
+"Forms implemented by the platform use the HTML5 form attribute to "
+"instruct the browser not to cache user data for form prediction and "
+"autocomplete on subsequent submissions."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:249
+msgid ""
+"This is achieved by setting `autocomplete=\"off\" "
+"<https://www.w3.org/TR/html5/forms.html=autofilling-form-controls:-the-"
+"autocomplete-attribute>`__ on the relevant forms or attributes."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:252
+msgid "Network security"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:254
+msgid "Connection anonymity"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:255
+msgid ""
+"User anonymity is provided through the implementation of `Tor "
+"<https://www.torproject.org/>`__ technology. The application implements "
+"an ``Onion Service v3`` and advises users to use the Tor Browser when "
+"accessing it."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:258
+msgid "Connection encryption"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:259
+msgid ""
+"User connections are always encrypted, either through the `Tor Protocol "
+"<https://www.torproject.org>`__ when using the Tor Browser or via `TLS "
+"<https://en.wikipedia.org/wiki/Transport_Layer_Security>`__ when accessed"
+" through a common browser."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:261
+msgid ""
+"Using ``Tor`` is recommended over HTTPS due to its advanced resistance to"
+" selective interception and censorship, making it difficult for a third "
+"party to capture or block access to the site for specific whistleblowers "
+"or departments."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:263
+msgid ""
+"The software also facilitates easy setup of ``HTTPS``, offering both "
+"automatic setup via `Let's Encrypt <https://letsencrypt.org/>`__ and "
+"manual configuration."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:265
+msgid ""
+"TLS certificates are generated using `NIST Curve P-384 "
+"<https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf>`__."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:267
+msgid ""
+"The configuration enables only ``TLS1.2+`` and is fine-tuned and hardened"
+" to achieve `SSLLabs grade A+ "
+"<https://www.ssllabs.com/ssltest/analyze.html?d=try.globaleaks.org>`__."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:269
+msgid "In particular, only the following ciphers are enabled: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:283
+msgid "Network sandboxing"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:284
+msgid ""
+"The GlobaLeaks backend integrates `iptables "
+"<https://www.netfilter.org/>`__ by default and implements strict firewall"
+" rules that restrict incoming network connections to HTTP and HTTPS on "
+"ports 80 and 443."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:286
+msgid ""
+"Additionally, the application allows anonymizing outgoing connections, "
+"which can be configured to route through Tor."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:289
+msgid "Data encryption"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:290
+msgid ""
+"Submission data, file attachments, messages, and metadata exchanged "
+"between whistleblowers and recipients are encrypted using the GlobaLeaks "
+":doc:`EncryptionProtocol`."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:292
+msgid ""
+"GlobaLeaks also incorporates various other encryption components. The "
+"main libraries and their uses are:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:294
+msgid ""
+"`Python-NaCL <https://github.com/pyca/pynacl>`__: used for implementing "
+"data encryption"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:295
+msgid ""
+"`PyOpenSSL <https://github.com/pyca/pyopenssl>`__: used for implementing "
+"HTTPS"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:296
+msgid ""
+"`Python-Cryptography <https://cryptography.io>`__: used for implementing "
+"authentication"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:297
+msgid ""
+"`Python-GnuPG <http://pythonhosted.org/python-gnupg/index.html>`__: used "
+"for encrypting email notifications and file downloads via ```PGP```"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:300
+msgid "Application sandboxing"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:301
+msgid ""
+"The GlobaLeaks backend integrates `AppArmor <https://apparmor.net/>`__ by"
+" default and implements a strict sandboxing profile, allowing the "
+"application to access only the strictly required files. Additionally, the"
+" application runs under a dedicated user and group \"globaleaks\" with "
+"reduced privileges."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:304
+msgid "Database security"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:305
+msgid ""
+"The GlobaLeaks backend uses a hardened local SQLite database accessed via"
+" SQLAlchemy ORM."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:307
+msgid ""
+"This design choice ensures the application can fully control its "
+"configuration while implementing extensive security measures in adherence"
+" to the `security recommendations by SQLite "
+"<https://sqlite.org/security.html>`__."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:310
+msgid "Secure deletion"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:311
+msgid ""
+"The GlobaLeaks backend enables SQLite’s secure deletion capability, which"
+" automatically overwrites the database data upon each delete query: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:317
+msgid "Auto vacuum"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:318
+msgid ""
+"The platform enables SQLite’s auto vacuum capability for automatic "
+"cleanup of deleted entries and recall of unused pages: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:324
+msgid "Limited database trust"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:325
+msgid ""
+"The GlobaLeaks backend uses the SQLite `trusted_schema "
+"<https://www.sqlite.org/src/doc/latest/doc/trusted-schema.md>`__ pragma "
+"to limit trust in the database, mitigating risks of malicious corruption."
+" ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:331
+msgid "Limited database functionalities"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:332
+msgid ""
+"The GlobaLeaks backend restricts SQLite functionalities to only those "
+"necessary for running the application, reducing the potential for "
+"exploitation in case of SQL injection attacks."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:334
+msgid ""
+"This is implemented using the ```conn.set_authorizer``` API and a strict "
+"authorizer callback that authorizes only a limited set of SQL "
+"instructions: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:345
+msgid "DoS resiliency"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:346
+msgid ""
+"To mitigate denial of service attacks, GlobaLeaks applies the following "
+"measures:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:348
+msgid ""
+"Implements a proof-of-work (hashcash) on each unauthenticated request to "
+"limit automation."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:349
+msgid "Applies rate limiting on authenticated sessions."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:350
+msgid ""
+"Limits the possibility of triggering CPU-intensive routines by external "
+"users (e.g., limits on query and job execution times)."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:351
+msgid ""
+"Monitors activity to detect and respond to attacks, implementing "
+"proactive security measures to prevent DoS (e.g., slowing down fast "
+"operations)."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:354
+msgid "Proof of work on users' sessions"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:355
+msgid ""
+"The system implements an automatic `Proof of Work "
+"<https://en.wikipedia.org/wiki/Proof_of_work>`__ based on the hashcash "
+"algorithm for every user session, requiring clients to request a token "
+"and continuously solve a computational problem to acquire and renew the "
+"session."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:358
+msgid "Rate limit on users' sessions"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:359
+msgid ""
+"The system implements rate limiting on user sessions, preventing more "
+"than 5 requests per second and applying increasing delays on requests "
+"that exceed this threshold."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:362
+msgid "Rate limit on whistleblowers' reports and attachments"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:363
+msgid ""
+"The system applies rate limiting on whistleblower reports and "
+"attachments, preventing new submissions and file uploads if thresholds "
+"are exceeded."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:365
+msgid "Implemented thresholds are:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "Threshold Variable"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+#: ../../security/PenetrationTests.rst:1
+msgid "Goal"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "Default Threshold Setting"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "threshold_reports_per_hour"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "Limit the number of reports that can be filed per hour"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "20"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "threshold_reports_per_hour_per_ip"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid ""
+"Limit the number of reports that can be filed per hour by the same IP "
+"address"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "5"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "threshold_attachments_per_hour_per_ip"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid ""
+"Limit the number of attachments that can be uploaded per hour by the same"
+" IP address"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "120"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "threshold_attachments_per_hour_per_report"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "Limit the number of attachments that can be uploaded per hour on a report"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "30"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:375
+msgid ""
+"In case of necessity, threshold configurations can be adjusted using the "
+"`gl-admin` command as follows: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:381
+msgid "Other measures"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:383
+msgid "Browser history and forensic traces"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:384
+msgid ""
+"The entire application is designed to minimize or reduce the forensic "
+"traces left by whistleblowers on their devices while filing reports."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:386
+msgid ""
+"When accessed via the Tor Browser, the browser ensures that no persistent"
+" traces are left on the user's device."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:388
+msgid ""
+"To prevent or limit forensic traces in the browser history of users "
+"accessing the platform via a common browser, the application avoids "
+"changing the URI during whistleblower navigation. This prevents the "
+"browser from logging user activities and offers high plausible "
+"deniability, making the whistleblower appear as a simple visitor to the "
+"homepage and avoiding evidence of any submission."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:391
+msgid "Secure file management"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:393
+msgid "Secure file download"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:394
+msgid ""
+"Any attachment uploaded by anonymous whistleblowers might contain "
+"malware, either intentionally or not. It is highly recommended, if "
+"possible, to download files and access them on an air-gapped machine "
+"disconnected from the network and other sensitive devices. To facilitate "
+"safe file downloads and transfers using a USB stick, the application "
+"provides the option to export reports, enabling the download of a ZIP "
+"archive containing all report content. This reduces the risk of executing"
+" files during the transfer process."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:397
+msgid "Safe file opening"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:398
+msgid ""
+"For scenarios where the whistleblower's trustworthiness has been "
+"validated or in projects with a low-risk threat model, the application "
+"offers an integrated file viewer. This viewer, leveraging modern browser "
+"sandboxing capabilities, allows the safe opening of a limited set of file"
+" types considered more secure than accessing files directly through the "
+"operating system. This feature is disabled by default. Administrators "
+"should enable it only after thorough evaluation and ensure that "
+"recipients' browsers are kept up-to-date."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:400
+msgid "The supported file formats are:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:402
+msgid "AUDIO"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:403
+msgid "CSV"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:404
+msgid "IMAGE"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:405
+msgid "PDF"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:406
+msgid "VIDEO"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:407
+msgid "TXT"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:409
+#: ../../security/ApplicationSecurity.rst:419
+msgid "The default configuration has this feature disabled."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:412
+msgid "PGP encryption"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:413
+msgid "The system offers an optional PGP encryption feature."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:415
+msgid ""
+"When enabled, users can activate a personal PGP key that will be used by "
+"the system to encrypt email notifications and files on-the-fly."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:417
+msgid ""
+"This feature is recommended for high-risk threat models, especially when "
+"used in conjunction with air-gapped systems for report visualization."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:422
+msgid "Encryption of temporary files"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:423
+msgid ""
+"Files uploaded and temporarily stored on disk during the upload process "
+"are encrypted with a temporary, symmetric AES key to prevent any "
+"unencrypted data from being written to disk. Encryption is performed in "
+"streaming mode using `AES 128-bit` in `CTR mode`. Key files are stored in"
+" memory and are unique for each file being uploaded."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:426
+msgid "Secure file delete"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:427
+msgid ""
+"Every file deleted by the application is overwritten before the file "
+"space is released on disk."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:429
+msgid ""
+"The overwrite routine is executed by a periodic scheduler and follows "
+"these steps:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:431
+msgid "A first overwrite writes 0 across the entire file;"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:432
+msgid "A second overwrite writes 1 across the entire file;"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:433
+msgid "A third overwrite writes random bytes across the entire file."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:436
+msgid "Exception logging and redaction"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:437
+msgid ""
+"To quickly diagnose potential software issues when client exceptions "
+"occur, they are automatically reported to the backend. The backend "
+"temporarily caches these exceptions and sends them to the backend "
+"administrator via email."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:439
+msgid ""
+"To prevent inadvertent information leaks, logs are processed through "
+"filters that redact email addresses and UUIDs."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:442
+msgid "Entropy sources"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:443
+msgid "The primary source of entropy for the platform is `/dev/urandom`."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:446
+msgid "UUIDv4 randomness"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:447
+msgid ""
+"System resources like submissions and files are identified by UUIDv4 to "
+"make them unguessable by external users and limit potential attacks."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:450
+msgid "TLS for smtp notification"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:451
+msgid ""
+"All notifications are sent through an SMTP channel encrypted with TLS, "
+"using either SMTP/TLS or SMTPS, depending on the configuration."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:2
+msgid "Encryption protocol"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:3
+msgid ""
+"GlobaLeaks implements an encryption protocol specifically designed for "
+"anonymous whistleblowing applications."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:5
+msgid ""
+"The protocol has been developed and validated in collaboration with the "
+"`Open Technology Fund <https://www.opentech.fund/results/supported-"
+"projects/globaleaks/>`_ and represents a trade-off between security and "
+"usability. It is designed to be user-friendly for whistleblowers while "
+"providing reasonable protection against attackers attempting to breach "
+"the backend and perform brute-force decryption."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:7
+msgid ""
+"Encryption is applied to each submission, protecting answers to "
+"questionnaires, comments, attachments, and associated metadata. The "
+"encryption keys are assigned per user and per report, ensuring that only "
+"whistleblowers and their intended recipients can access the reports. This"
+" means that if users forget their passwords, they will lose access to the"
+" data in their accounts."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:9
+msgid ""
+"To enable users to recover their accounts in case they forget their "
+"passwords, the system includes a `Key Recovery`_ mechanism and provides "
+"each user with an Account Recovery Key. This measure ensures that users "
+"with their own Account Recovery Key can always restore access to their "
+"account and the data it contains."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:11
+msgid ""
+"To prevent data loss in case users lose both their password and their "
+"account recovery key, the system can be configured to use a `Key Escrow`_"
+" mechanism. This delegates the responsibility of supporting users in "
+"recovering access to their accounts to administrators. This capability "
+"enhances the project's resilience against data loss due to users' death "
+"or conflicts of interest within the recipient team. However, it also "
+"means that administrators with access to escrow keys could potentially "
+"access other users' accounts and data. Project owners should carefully "
+"decide whether to enable this feature based on the project's threat model"
+" and document their decision in the project's privacy policies."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:14
+msgid "Encryption's workflow"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:15
+msgid ""
+"Users choose a secure personal password during their first login using an"
+" account activation link."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:16
+msgid ""
+"The system creates a personal asymmetric keypair for each user and stores"
+" the private key symmetrically encrypted with a secret derived from the "
+"user's password."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:17
+msgid ""
+"Each user's private key is protected by the Key Recovery mechanism and, "
+"if enabled, by the Key Escrow mechanism."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:18
+msgid "The whistleblower files a report."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:19
+msgid "The system assigns a unique 16-digit receipt number to the whistleblower."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:20
+msgid ""
+"The system generates an asymmetric keypair for the whistleblower and "
+"stores the private key symmetrically encrypted with a secret derived from"
+" the whistleblower’s receipt number."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:21
+msgid ""
+"The system generates an asymmetric keypair for encrypting the report, "
+"attachments, comments, and associated metadata, and stores a copy of the "
+"private key encrypted for each involved user using their own public key."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:22
+msgid ""
+"The system encrypts the report, attachments, comments, and metadata with "
+"the public key generated for the report."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:23
+msgid ""
+"The system grants each involved user access to their reports and "
+"facilitates communication by automatically locking and unlocking the "
+"involved keys when a report is accessed or new communication is made."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:26
+msgid "Encryption's details"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:28
+msgid "Algorithms"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Type"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Implementation"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Asymmetric encryption"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid ""
+"`Libsodium SealedBoxes "
+"<https://pynacl.readthedocs.io/en/stable/public/#nacl.public.SealedBox>`_,"
+" which combines Curve25519, XSalsa20, and Poly1305 algorithms."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Symmetric encryption"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid ""
+"`Libsodium SecretBoxes "
+"<https://pynacl.readthedocs.io/en/stable/secret/#nacl.secret.SecretBox>`_,"
+" which combines XSalsa20 and Poly1305."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:36
+msgid "Users’ credentials"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:37
+msgid "The system uses two types of credentials depending on the user role:"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Credentials type"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "User role"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Passwords"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Used for authenticating users identified by a username"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Receipts"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "16-digit random secrets used for authenticating anonymous whistleblowers"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:45
+msgid "Assumptions:"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:47
+msgid "The system enforces strong password complexity."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:48
+msgid ""
+"The system enforces expiration of receipts according to a strict data "
+"retention policy that limits the number of concurrent active receipts."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:51
+msgid "Users’ keys"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Generation"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Storage"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "ECC Curve25519 keypair"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid ""
+"Generated by the backend during first user login for authenticated users "
+"and upon submission for whistleblowers"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid ""
+"Keys are stored on the backend encrypted using symmetric encryption. The "
+"symmetric key used for encrypting users’ keys is derived from the users’ "
+"credentials using the KDF function `Argon2ID <https://password-"
+"hashing.net/argon2-specs.pdf>`_. The parameters for Argon2ID used for KDF"
+" are stronger than those used for user authentication, with the hash "
+"stored. The parameters are selected to require 128MB of memory per login "
+"and 1 second of computation."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:58
+msgid "Data encryption's keys"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "256-bit keys"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Generated by the backend for each report"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid ""
+"Keys are stored on the backend filesystem encrypted using asymmetric "
+"encryption with Users’ and Whistleblower’s keys, respectively."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:65
+msgid "Key generation"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:66
+msgid ""
+"Users' encryption keys are automatically generated during the first login"
+" and secured using the user passphrase. This straightforward but "
+"effective key generation policy requires users to complete their first "
+"login before being able to receive reports."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:69
+msgid "Key recovery"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:70
+msgid ""
+"The system implements a key recovery mechanism using a recovery key and "
+"symmetric encryption."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:72
+msgid ""
+"When a user key is generated, the private key is symmetrically encrypted "
+"with a randomly generated recovery key."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:74
+msgid ""
+"For usability reasons, this recovery key is also securely encrypted and "
+"stored on the backend, allowing logged-in users who possess their "
+"password to retrieve and print their own account recovery key."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:77
+msgid "Key escrow"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:78
+msgid ""
+"The system offers an optional key escrow mechanism to mitigate data loss "
+"in the event of users losing their passwords."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:80
+msgid ""
+"Key escrow can be enabled during the initial application setup or in the "
+"advanced settings of the software."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:82
+msgid ""
+"We recommend enabling this option to protect whistleblowers' submissions "
+"in cases where recipients lose their passwords. However, if you want to "
+"set up a system where only recipients can access submissions, we advise "
+"against using this feature."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:84
+msgid ""
+"When enabled, the system generates and assigns an escrow key to the "
+"administrator who activated the feature. This key is then used to encrypt"
+" every system key, with a copy preserved that any administrator with the "
+"escrow key can unlock."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:86
+msgid ""
+"Administrators with access to the escrow key can assist internal users "
+"with password recovery and issue password resets. They can also grant "
+"this privilege to other administrators or disable the feature entirely."
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:3
+msgid "Security audits"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:5
+msgid ""
+"GlobaLeaks undergoes independent security audits periodically to verify "
+"and enhance the security of the system. This page lists the most "
+"significant reports available."
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:7
+msgid ""
+"We aim to have audits conducted at least every two years, thanks to "
+"funding opportunities. Each adopter is encouraged to contribute by "
+"funding a general or topic-specific audit based on their capabilities. "
+"This helps ensure that every algorithm, component, and methodology "
+"applied within the project is thoroughly verified."
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:9
+msgid ""
+"If you have conducted or are considering sponsoring a security audit, "
+"please email us at `info@globaleaks.org <mailto:info@globaleaks.org>`_. "
+"This is especially important for general software security. When "
+"requesting a company to audit the software, always remember to ask if the"
+" report can be published afterward; many auditors may not agree to "
+"publish the report later, which has often led to wasted project "
+"resources."
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:11
+msgid ""
+"If you are an independent security auditor or, during your peer review of"
+" GlobaLeaks, you discover or suspect a vulnerability, please do not file "
+"a public issue. Instead, send your report privately through our "
+"`reporting form <https://github.com/globaleaks/whistleblowing-"
+"software/security/advisories/new>`_ or via email to "
+"`security@globaleaks.org <mailto:security@globaleaks.org>`_."
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1 ../../user/admin/UserInterface.rst:135
+msgid "Date"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Auditor"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "2013"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`iSecPartners <https://www.isecpartners.com>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Architecture Audit"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`Report <https://www.globaleaks.org/docs/en/pt/2013-isec.pdf>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`Cure53 <https://cure53.de/>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Web Security Audit"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`Report <https://www.globaleaks.org/docs/en/pt/2013-cure53.pdf>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "2014"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`LeastAuthority <https://leastauthority.com/>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Source Code Audit"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`Report <https://www.globaleaks.org/docs/en/pt/2014-leastauthority.pdf>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "2018"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`SubGraph <https://subgraph.com/>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Overall Audit"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`Report <https://www.globaleaks.org/docs/en/pt/2018-subgraph.pdf>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "2019"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`RadicallyOpenSecurity <https://radicallyopensecurity.com/>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Crypto Audit, Multi-tenancy Audit, Overall Audit"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid ""
+"`Report "
+"<https://www.globaleaks.org/docs/en/pt/2019-radicallyopensecurity.pdf>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "2022"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid ""
+"Server Source Code Audit, Client Pentest, OpSec for Whistleblowers, OpSec"
+" for Server Administrators"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid ""
+"`Report "
+"<https://www.globaleaks.org/docs/en/pt/2022-radicallyopensecurity.pdf>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "2024"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`ISGroup <https://isgroup.it/>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Surface Analysis and Network Penetration Test"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`Report <https://www.globaleaks.org/docs/en/pt/2024-isgroup.pdf>`_"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:3
+msgid "Threat model"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:4
+msgid ""
+"GlobaLeaks is a free and open-source whistleblowing software designed for"
+" various usage scenarios, each requiring a balance between strong "
+"security and high usability. These two requirements are crucial for "
+"managing whistleblowing procedures effectively, protecting "
+"whistleblowers, and achieving specific project goals. Given the variety "
+"of use cases and associated risks, the software can be configured to "
+"address the specific threat model detailed here."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:6
+msgid ""
+"This document is intended for organizations implementing a whistleblowing"
+" procedure using GlobaLeaks. It supports the analysis and understanding "
+"of the specific threat model relevant to their context and risks and "
+"guides users in selecting best practices for their project."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:9
+msgid "Users matrix"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:10
+msgid ""
+"The first step is to define the types of users interacting with a "
+"GlobaLeaks platform."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "User"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Definition"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"The user who submits an anonymous report through the platform. "
+"Whistleblowers may operate under various threat models depending on the "
+"usage scenario and the nature of the information submitted."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"The user who receives and analyzes anonymous reports from Whistleblowers."
+" Recipients act in good faith and are considered trusted parties "
+"concerning the protection of Whistleblowers' confidentiality."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"Users responsible for setting up, managing, and monitoring the platform's"
+" security. Administrators may not be the same entities running or "
+"managing the whistleblowing initiatives (e.g., hosted solutions, multiple"
+" stakeholder projects). Administrators are trusted entities but do not "
+"have direct access to reports and advise Recipients on best practices."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:19
+msgid ""
+"It is crucial to apply security measures relative to the users of the "
+"platform, aiming to achieve an appropriate tradeoff between security and "
+"usability."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:22
+msgid "Anonymity matrix"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:23
+msgid ""
+"The anonymity of users must be classified depending on the context of "
+"use, as follows:"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Anonymous"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"The user accesses the platform via the Tor Browser and follows best "
+"practices to protect their identity, minimizing the risk of tracking by "
+"any system involved in the operation. The user has not disclosed their "
+"identity to Recipients."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Confidential"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"The user accesses the platform via a common browser. While third parties "
+"might log their IP address, the platform protects the content of their "
+"communication. The user may choose to disclose their identity to "
+"Recipients confidentially."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:31
+msgid ""
+"The platform always informs users of their current anonymity status and "
+"provides guidance on best practices for anonymous access via the Tor "
+"Browser. Administrators may enforce the requirement that Whistleblowers "
+"use the Tor Browser to file reports, depending on the use case."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:34
+msgid "Communication security matrix"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:35
+msgid ""
+"The security of communication concerning third-party monitoring varies "
+"based on the context of use."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Security level"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Description"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "High security"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"Tor is used, and communication is encrypted end-to-end with the "
+"GlobaLeaks platform, ensuring that no third party can eavesdrop on the "
+"communication."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Medium security"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"HTTPS is used, and communication is encrypted end-to-end with the "
+"GlobaLeaks platform. A third party capable of manipulating HTTPS security"
+" (e.g., re-issuing TLS certificates) could eavesdrop on the "
+"communication. If HTTPS security is maintained, monitoring the user's "
+"communication line or the GlobaLeaks platform's communication line is not"
+" feasible."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1 ../../security/ThreatModel.rst:44
+msgid "Identity disclosure matrix"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:45
+msgid ""
+"Regardless of the anonymity matrix, users may choose or be required to "
+"disclose their identity."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Undisclosed"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "The user's identity is not disclosed and is unlikely to be disclosed."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Optionally disclosed"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"The user's identity is not disclosed by default but may be voluntarily "
+"disclosed (e.g., an anonymous tip-off MAY receive a follow-up, whereas a "
+"formal report with disclosed identity MUST receive a follow-up)."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Disclosed"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "The user chooses or is required to disclose their identity to other users."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:54
+msgid ""
+"Identity disclosure is crucial because even in an Anonymous High security"
+" environment, disclosing one's identity may be a valuable option for "
+"specific whistleblowing workflows."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:56
+msgid ""
+"Users starting with an anonymity setting of “Anonymous” and an "
+"“Undisclosed Identity” can decide later to disclose their identity. "
+"Conversely, this cannot be undone. This consideration is key to ensuring "
+"user protection in GlobaLeaks."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:58
+msgid ""
+"Voluntary identity disclosure may be required in certain whistleblowing "
+"procedures because:"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:60
+msgid "A tip-off MAY receive a follow-up and can be anonymous;"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:61
+msgid "Formal reports MUST receive a follow-up and cannot be anonymous."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:63
+msgid ""
+"The distinction between “MAY” and “MUST” refers to the actions of "
+"recipients and is a fundamental element of the guarantees provided to "
+"whistleblowers in many initiatives (e.g., a corporate or institutional "
+"whistleblowing platform should not follow a MUST approach for anonymous "
+"submission follow-up, treating such submissions as tip-offs rather than "
+"formal reports)."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:66
+msgid "Usage scenarios matrix"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:67
+msgid ""
+"This section provides examples of how different anonymity levels for "
+"users can be combined depending on the context of use."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Use case"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Media outlet"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"A media outlet with a disclosed identity initiates a whistleblowing "
+"project. The outlet’s recipients are disclosed to Whistleblowers, "
+"allowing them to trust a specific journalist rather than the outlet "
+"itself. Full anonymity must be assured to whistleblowers, and their "
+"identity cannot be disclosed in connection with anonymous submissions. "
+"Whistleblowers MAY choose to disclose their identity if they trust the "
+"journalist's source-protection record."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Corporate compliance"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"A corporation implements transparency or anti-bribery law compliance by "
+"promoting initiatives to employees, consultants, and providers. "
+"Recipients are part of a company division (e.g., Internal Audit office). "
+"Whistleblowers are guaranteed full anonymity but may optionally disclose "
+"their identity."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Human Rights Activism Initiative"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"A human rights group initiates a whistleblowing project to expose "
+"violations in a dangerous area. The organization requires anonymity to "
+"avoid retaliation and operates under a pseudonym. Recipients MUST not be "
+"disclosed to Whistleblowers, but partial disclosure by pseudonym is "
+"acceptable to establish trust. The Whistleblower MUST be guaranteed "
+"anonymity and their identity cannot be disclosed."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Citizen media initiative"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"A citizen media initiative with a public identity seeks reports on "
+"specific topics (e.g., political, environmental malpractice, corruption) "
+"in a medium-low risk operational context. Recipients may use pseudonyms "
+"or remain public to avoid complete exposure. Whistleblowers, if the topic"
+" is not life-threatening, may submit reports confidentially to lower the "
+"entry barrier."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:77
+msgid ""
+"The following matrix illustrates how different usage scenarios can "
+"require various anonymity levels, communication security requirements, "
+"and identity disclosures for different users."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:79
+msgid ""
+"GlobaLeaks will provide appropriate security awareness information "
+"through its user interface and enforce specific requirements based on "
+"clear configuration guidelines."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Scenario"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Anonymity level"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Identity disclosure"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Communication security"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "No anonymity"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Admin"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Partially disclosed"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:98
+msgid "Data security matrix"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:99
+msgid ""
+"This section highlights the data handled by GlobaLeaks and the protection"
+" schemes applied to it."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:101
+msgid "The following information types are involved in GlobaLeaks:"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Information type"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Questionnaire answers"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"Data associated with a submission, including the filled forms and options"
+" selected by the Whistleblower."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Submission attachments"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Files associated with a submission."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Platform configuration"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Data for configuring and customizing the platform."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Software files"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"All files required for the software to function, including default "
+"configurations."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Email notifications"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Data sent to notify recipients of new reports via email."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:112
+msgid "Below is a matrix showing the different security measures applied to data."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Encryption"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Filters"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Sanitization"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Encrypted in the database with per-user/per-submission keys"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Keyword filters"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Antispam, Anti-XSS"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Encrypted on the filesystem with per-user/per-submission keys"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Extension blocking, Antivirus"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "N/A"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Encrypted with PGP when recipient keys are available"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Antispam to prevent flooding"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:122
+msgid "Threats to anonymity and confidentiality"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:123
+msgid ""
+"This section highlights various threats that require specific "
+"consideration."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:126
+msgid "Browser history and cache"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:127
+msgid ""
+"GlobaLeaks uses crafted HTTP headers and other techniques to minimize "
+"leaking information into a user’s browser history or cache. While this "
+"privacy feature enhances safety, it cannot guarantee protection against "
+"forensic analysis of browser cache and history but serves as an "
+"additional safety measure."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:130
+msgid "Metadata"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:131
+msgid ""
+"Files may contain metadata related to the author or whistleblower. "
+"Cleaning metadata from submitted files helps protect an \"unaware\" "
+"whistleblower from inadvertently including information that may "
+"compromise their anonymity. GlobaLeaks does not automatically clean "
+"metadata by default, as metadata is considered a fundamental part of the "
+"original evidence that should be preserved. Metadata cleanup is an "
+"optional step that may be suggested to Whistleblowers or performed by "
+"Recipients when sharing documents with others. When sharing files with "
+"external parties, Recipients are advised to print the document and "
+"provide a hard copy to ensure that only visible information is shared, "
+"avoiding the risk of sharing sensitive metadata. For more on metadata and"
+" redacting digital files, see the article `Everything you wanted to know "
+"about media metadata, but were afraid to ask "
+"<https://freedom.press/training/everything-you-wanted-know-about-media-"
+"metadata-were-afraid-ask/>`_ by Harlo Holmes. A useful tool for these "
+"procedures is the `Metadata Anonymization Toolkit "
+"<https://0xacab.org/jvoisin/mat2>`_."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:134
+msgid "Malware and trojans"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:135
+msgid ""
+"GlobaLeaks cannot prevent an attacker from using the platform maliciously"
+" to target recipients with malware or trojans. To mitigate risks of data "
+"exfiltration through trojans, Recipients should implement proper "
+"operational security by using dedicated laptops for report viewing and "
+"opening file attachments on offline computers. Wherever possible, they "
+"should use specialized secure operating systems like `QubesOS "
+"<https://www.qubes-os.org/>`_ or `Tails <https://tails.boum.org/>`_ and "
+"ensure up-to-date antivirus software is running."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:138
+msgid "Network and reverse proxies"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:139
+msgid ""
+"GlobaLeaks is designed for use with direct Tor or TLS connections from "
+"the user’s browser to the application backend. The use of Network and "
+"Reverse Proxies in front of the application is discouraged as they can "
+"interfere with the application and compromise confidentiality and "
+"anonymity measures implemented in GlobaLeaks."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:142
+msgid "Data stored outside the platform"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:143
+msgid ""
+"GlobaLeaks does not provide security for data stored outside the "
+"GlobaLeaks system. It is the responsibility of Recipients to protect data"
+" downloaded from the platform or shared via external USB drives. The "
+"operating system used or the USB drive should offer encryption to ensure "
+"that, in case of device loss or theft, the data remains inaccessible."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:146
+msgid "Environmental factors"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:147
+msgid ""
+"GlobaLeaks does not protect against environmental factors related to "
+"users' physical locations or social relationships. For example, if a user"
+" has a surveillance device in their home, GlobaLeaks cannot provide "
+"protection. Similarly, if a whistleblower, who is supposed to be "
+"anonymous, shares their story with friends or coworkers, GlobaLeaks "
+"cannot offer protection."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:150
+msgid "Incorrect data retention policies"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:151
+msgid ""
+"GlobaLeaks implements a strict default data retention policy of 90 days "
+"to allow users to manage reports within a limited time frame necessary "
+"for investigations. If the platform is configured to retain reports for "
+"an extended period and Recipients do not manually delete unnecessary "
+"reports, the value of the data increases, along with the risk of "
+"exposure."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:154
+msgid "Human negligence"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:155
+msgid ""
+"While GlobaLeaks provides Administrators with the ability to fine-tune "
+"security configurations and continuously informs users about their "
+"security context, it cannot protect against major security threats "
+"resulting from human negligence. For instance, if a Whistleblower submits"
+" data that can identify them as the unique owner or recent viewer, "
+"GlobaLeaks cannot protect their identity."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:158
+msgid "Advanced traffic analysis"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:159
+msgid ""
+"An attacker monitoring HTTPS traffic, without the ability to decrypt it, "
+"can still identify user roles based on different network traffic patterns"
+" generated by Whistleblowers, Recipients, and Administrators. GlobaLeaks "
+"does not offer protection against this type of threat. We recommend using"
+" `Tor pluggable transports <https://2019.www.torproject.org/docs"
+"/pluggable-transports.html.en>`_ or other methods that provide additional"
+" protection against such attacks."
+msgstr ""
+
+#: ../../security/index.rst:2
+msgid "Security"
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:2
+msgid "Installation guide"
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:3
+msgid "The following guide will help you through the installation of GlobaLeaks."
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:5
+msgid ""
+"Before starting the installation, ensure that your system meets the "
+":doc:`Requirements </gettingstarted/Requirements>`."
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:8
+msgid ""
+"GlobaLeaks is designed to provide optimal technical anonymity for "
+"whistleblowers. Additionally, the software can be configured to protect "
+"the identity of the platform administrator and the server's location, but"
+" this requires advanced setup procedures not covered in this simplified "
+"installation guide. By executing the commands below, your IP address and "
+"system location could be tracked by network providers, and our systems "
+"will receive the same information to facilitate software provisioning."
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:12
+msgid "**Install GlobaLeaks**"
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:14
+msgid "To install GlobaLeaks, run the following commands:"
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:22
+msgid ""
+"You may also install GlobaLeaks using Docker. Check out the `docker` "
+"directory in our GitHub repository for instructions."
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:24
+msgid ""
+"After installation, follow the instructions provided to guide you through"
+" accessing the :doc:`Platform wizard </setup/PlatformWizard>`."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:2
+msgid "Platform wizard"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:3
+msgid "After installing GlobaLeaks, you can proceed with the platform wizard."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:5
+msgid ""
+"Open a browser at port 443 or port 8443 on your remote or local IP, "
+"respectively."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:7
+msgid ""
+"We recommend performing the wizard either using the Tor address provided "
+"at the end of the setup or on localhost via a VPN."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:10
+msgid "Choose the primary language for your site"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:11
+msgid ""
+"On the first page of the wizard, you will be prompted to select the "
+"language for your site. The default choice is English, but many other "
+"languages are available, with more expected in the future."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:16
+msgid "Choose a name for your project"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:17
+msgid "In the second section of the wizard, configure the name of your project."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:22
+msgid "Configure the account for the administrator of your whistleblowing site"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:23
+msgid ""
+"In the third section of the wizard, configure the account details for the"
+" administrator of your project."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:25
+msgid ""
+"Be sure to choose a strong password to protect this sensitive account; an"
+" indication of the strength of the chosen password is provided to guide "
+"you."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:30
+msgid "Configure the account for the first recipient of reports"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:31
+msgid ""
+"In the fourth section of the wizard, configure the account details for "
+"the first recipient of reports sent to your project."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:36
+msgid "Read and accept the license"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:37
+msgid ""
+"In the fifth section of the wizard, you will be prompted to read and "
+"accept the GlobaLeaks License."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:42
+msgid "Complete the wizard"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:43
+msgid "The sixth section of the wizard confirms the completion of the setup."
+msgstr ""
+
+#: ../../user/Admin.rst:2
+msgid "For administrators"
+msgstr ""
+
+#: ../../user/Common.rst:2
+msgid "Common to all users"
+msgstr ""
+
+#: ../../user/Common.rst:4
+msgid "Login"
+msgstr ""
+
+#: ../../user/Common.rst:5
+msgid "Users could login by accessing the ``/#/login`` page."
+msgstr ""
+
+#: ../../user/Common.rst:10
+msgid "Access the user preferences"
+msgstr ""
+
+#: ../../user/Common.rst:11
+msgid ""
+"After login Users could access their preferences by clicking the "
+"``Preferences`` link present in the login status bar."
+msgstr ""
+
+#: ../../user/Common.rst:16
+msgid "Change your password"
+msgstr ""
+
+#: ../../user/Common.rst:17
+msgid ""
+"Users could change their own password by accessing the ``Password`` tab "
+"present in the ``Preferences`` page."
+msgstr ""
+
+#: ../../user/Common.rst:22
+msgid "Reset your password"
+msgstr ""
+
+#: ../../user/Common.rst:23
+msgid ""
+"Users could requests a password reset via the ``/#/login`` page by "
+"clicking the ``Forgot password?`` button."
+msgstr ""
+
+#: ../../user/Common.rst:25
+msgid ""
+"After clicking the button users are requested to type their own username "
+"or email address."
+msgstr ""
+
+#: ../../user/Common.rst:34
+msgid "Enable two-factor-authentication (2fa)"
+msgstr ""
+
+#: ../../user/Common.rst:35
+msgid ""
+"Users could enable Two-Factor-Authentication by clicking the ``Enable two"
+" factor authentication`` option inside the ``Preferences`` page."
+msgstr ""
+
+#: ../../user/Common.rst:37
+msgid ""
+"To enable the feature the user requires to have a phone with installed a "
+"common ``Authenticator APP`` implementing the TOTP standard as by `RFC "
+"6238 <https://tools.ietf.org/html/rfc6238>`_"
+msgstr ""
+
+#: ../../user/Common.rst:42
+msgid "Access and save your account recovery key"
+msgstr ""
+
+#: ../../user/Common.rst:43
+msgid ""
+"Users could access their own Account Recovery key by clicking the "
+"``Account Recovery Key`` button present in the ``Preferences`` page."
+msgstr ""
+
+#: ../../user/Common.rst:45
+msgid ""
+"This is a fundamental step that any user should do at their first login "
+"after activating their own account in order to backup their own account "
+"recovery key and get sure to not incur in data loss due to password loss."
+msgstr ""
+
+#: ../../user/Recipient.rst:2
+msgid "For recipients"
+msgstr ""
+
+#: ../../user/Recipient.rst:5
+msgid "Access the list of the existing reports"
+msgstr ""
+
+#: ../../user/Recipient.rst:6
+msgid ""
+"The lists of the existing reports can be accessed via the link "
+"``Reports`` on the sidebar of the Recipient's Homepage."
+msgstr ""
+
+#: ../../user/Recipient.rst:13
+msgid "Access a report"
+msgstr ""
+
+#: ../../user/Recipient.rst:14
+msgid "A report can be accessed in two ways:"
+msgstr ""
+
+#: ../../user/Recipient.rst:16
+msgid "By clicking on it like on a mailbox system from the ``Reports`` page"
+msgstr ""
+
+#: ../../user/Recipient.rst:17
+msgid ""
+"By clicking on the link received on a mail notification and entering own "
+"credentials"
+msgstr ""
+
+#: ../../user/Whistleblower.rst:2
+msgid "For whistleblowers"
+msgstr ""
+
+#: ../../user/Whistleblower.rst:5
+msgid "File a new report"
+msgstr ""
+
+#: ../../user/Whistleblower.rst:6
+msgid ""
+"A new report can be filed by accessing the homepage of the platform and "
+"clicking the ``File a report`` button."
+msgstr ""
+
+#: ../../user/Whistleblower.rst:12
+msgid ""
+"After filing a new report the systems provides to the user a 16-digit "
+"receipt."
+msgstr ""
+
+#: ../../user/Whistleblower.rst:17
+msgid "Access an existing report"
+msgstr ""
+
+#: ../../user/Whistleblower.rst:18
+msgid ""
+"An existing report can be accessed by entering the 16-digit receipt "
+"obtained at the end of the submission on the login interface present on "
+"the home page of the platform."
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:2
+msgid "Backup and restore"
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:4
+msgid "To perform a manual backup, you can use the following bash script:"
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:21
+msgid ""
+"After running the script, you will find a `tar.gz` archive in "
+"`/var/globaleaks/backups`. The file will be named in the format: "
+"`globaleaks-$version-$timestamp.tar.gz`."
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:23
+msgid ""
+"GlobaLeaks automatically performs a backup during each platform update. "
+"These backups are retained under a data retention policy and are deleted "
+"15 days after the update."
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:25
+msgid "To restore an existing backup:"
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:27
+msgid ""
+"Ensure that GlobaLeaks is not running; you can stop it using: `service "
+"globaleaks stop`."
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:28
+msgid ""
+"Identify the version of GlobaLeaks required for the restoration, which is"
+" indicated in the backup filename."
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:29
+msgid ""
+"Extract the contents of the archive to `/var/globaleaks` using: `tar "
+"-zxvf backup.tar.gz`."
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:30
+msgid ""
+"Install the required version of GlobaLeaks with: `apt-get install "
+"globaleaks=<version>` (e.g., `globaleaks=3`)."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:2
+msgid "Common configurations"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:4
+msgid "Configure the logo"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:5
+msgid ""
+"The first thing you want to give to your whistleblowing site is a "
+"branding identity; this could be done by loading a logo in section Site "
+"settings / Main configuration."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:9
+msgid ""
+"Scroll down along the page to reach the \"Save\" button, click on it and "
+"have your logo and favicon applied."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:12
+msgid "Enable languages"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:13
+msgid "You may want your GlobaLeaks installation served on more than one language"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:15
+msgid ""
+"To do so, in the section \"Site settings / Languages\" select the "
+"languages you would like and add them."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:17
+msgid ""
+"Note that in the same interface you can mark the default application "
+"language."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:22
+msgid "Configure notification settings"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:23
+msgid ""
+"GlobaLeaks sends out notifications of different events to different "
+"receivers and to admins. In order to have this working, you have to "
+"select  \"Notification Settings\" in the \"Administration Interface - "
+"General Settings\" page and set up email account and related server "
+"parameters."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:25
+msgid ""
+"We suggest you to setup an email account dedicated to sending out "
+"notifications from your initiative."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:29
+msgid "Enter the followings:"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:31
+msgid ""
+"SMTP name: the name of your GlobaLeaks project or something that equally "
+"descriptive"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:32
+msgid "SMTP email address: the email address used to send notifications"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:33
+msgid ""
+"Username: the username corresponding to the just inserted \"SMTP email "
+"address\"; this is needed to authenticate to the SMTP server and send "
+"emails"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:34
+msgid "Password: Password of the above corresponding \"SMTP email address\""
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:35
+msgid ""
+"SMTP Server Address: it is the hostname of the SMTP server you are using "
+"to send notification emails"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:36
+msgid ""
+"SMTP Server Port: Port used to send outgoing emails. It is usually 465 or"
+" 587 (SMTP with TLS is at TCP port 587; SMTP with SSL is at 465)"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:37
+msgid ""
+"Transport Security: from the drop down menu select the opportune security"
+" level"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:39
+msgid ""
+"It is better to leave untouched the pre-defined settings pertaining the "
+"notification to admins and to recipients, but in the case you want to "
+"disable them, it is possible to check the corresponding checkboxes."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:41
+msgid ""
+"You can then set the value for the time at which the notification alert "
+"of expiring report; this value is set at 72hours to give time to the "
+"recipient(s) to check and manage the pending submissions."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:43
+msgid ""
+"It is possible to tweak the maximum number of emails allowed in an hour, "
+"before email wil be suspended in order to avoid flooding the system. It "
+"is advised to keep the pre-defined value, and eventually change it "
+"accordingly with mail server capabilities."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:45
+msgid ""
+"Once configured all the parameters for notifications, it is possible to "
+"test them by just clicking on the \"Test the configuration\" button."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:47
+msgid ""
+"If all is working as expected, click on the \"Save\" button to keep the "
+"configured parameters."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:50
+msgid "Configure recipients"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:51
+msgid ""
+"The Recipient is the person that will receive and process the data that "
+"whistleblowers input in the platform. You can have one or multiple "
+"Recipients per Context, and also have one Recipient that can access to "
+"multiple Contexts. The platform is very flexible on this and allows you "
+"to define in very detail your whistleblowing system and procedure."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:55
+msgid "Customize the graphic layout"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:57
+msgid "Example 1: Custom Background"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:58
+msgid ""
+"This CSS example shows how to customize the Background Color of the "
+"application."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:68
+msgid "Example 2: Custom Font"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:69
+msgid "This CSS example shows how to customize the font of the application."
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:2
+msgid "Troubleshooting"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:5
+msgid "Issues and bug reporting"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:7
+msgid "If you encounter any issues and are unable to run GlobaLeaks:"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:9
+msgid "Ensure you strictly follow the Installation Guide."
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:10
+msgid ""
+"Verify that you meet the Technical Requirements for hardware and "
+"operating system version."
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:11
+msgid ""
+"Search the support forum to see if a user has already encountered your "
+"issue: `GlobaLeaks Discussions "
+"<https://github.com/orgs/globaleaks/discussions>`_"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:12
+msgid ""
+"Report the issue on the official software issue tracker: `GlobaLeaks "
+"Issues <https://github.com/globaleaks/globaleaks-whistleblowing-software/issues>`_"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:15
+msgid "Useful debugging commands"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:17
+msgid ""
+"Depending on your setup, here are some common checks to determine if "
+"GlobaLeaks is working:"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:19
+msgid "Is the service running?"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:25
+msgid "Is the service responding on the loopback interface?"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:31
+msgid "Is the service listening on external interfaces?"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:37
+msgid "Are exceptions being generated?"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:45
+msgid "Log files"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:46
+msgid ""
+"Here are some useful logs and their corresponding files when GlobaLeaks "
+"is installed:"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:48
+msgid "**GlobaLeaks process:**"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:55
+msgid ""
+"The verbosity of the logs is configurable via the web interface of the "
+"software under Advanced Settings."
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:2
+msgid "Upgrade guide"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:4
+msgid "Regular update"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:5
+msgid ""
+"To safely upgrade a GlobaLeaks installation please proceed with a backup "
+"of your setup by following the :doc:`Backup and restore "
+"</user/admin/BackupAndRestore>` guide."
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:7
+msgid ""
+"This is necessary so that if something goes wrong and you need to "
+"rollback, you will be able to just uninstall the current package, then "
+"install the same version of globaleaks that was previously installed and "
+"working."
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:9
+msgid "In order to update GlobaLeaks perform the following commands:"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:16
+msgid "Upgrade of the distribution version"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:17
+msgid ""
+"For security and stability reasons it is recommended to not perform a "
+"distribution upgrade."
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:19
+msgid ""
+"GlobaLeaks could be instead easily migrated to a new up-to-date Debian "
+"system with the following recommended instructions:"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:21
+msgid "create an archive backup of /var/globaleaks"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:22
+msgid "instantiate the lates Debian available"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:23
+msgid "log on the new server and extract the backup in /var/globaleaks"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:24
+msgid ""
+"follow the :doc:`Installation Guide </setup/InstallationGuide>`; "
+"GlobaLeaks while installing will recognize the presence of an existing "
+"data directory and will use it"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:27
+msgid "In case of errors"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:28
+msgid ""
+"The above commands should allow you to perform regularly updates. On some"
+" conditions due to special updates it could be possible that those "
+"commands result in a failure. Consult this page for knowning specific "
+"FAQs on precise failures."
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:30
+msgid ""
+"In case you do not find any specific documented solution for your "
+"failure, you could run the GlobaLeaks install script. The installation "
+"script in fact is designed to allow the update of GlobaLeaks and it "
+"includes fixes for the most common issue."
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:33
+msgid ""
+"To run the install script for updating globaleaks perform the following "
+"commands:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:2
+msgid "User interface"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:3
+msgid ""
+"This section offers you a summary of the user interface offered to Admin "
+"users."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:7
+msgid "Through the menu you could access the following administrative sections:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:9 ../../user/admin/UserInterface.rst:28
+#: ../../user/admin/UserInterface.rst:33 ../../user/admin/UserInterface.rst:44
+msgid "Settings"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:11 ../../user/admin/UserInterface.rst:77
+msgid "Users"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:13 ../../user/admin/UserInterface.rst:99
+msgid "Questionnaires"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:15 ../../user/admin/UserInterface.rst:158
+msgid "Channels"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:17 ../../user/admin/UserInterface.rst:185
+msgid "Case management"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:21 ../../user/admin/UserInterface.rst:228
+msgid "Network"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:23 ../../user/admin/UserInterface.rst:279
+msgid "Sites"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:25 ../../user/admin/UserInterface.rst:309
+msgid "Audit log"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:29
+msgid ""
+"This is the section that offers you all the main customization "
+"possibilities necessary for implementing a basic and functional "
+"whistleblowing site."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:31
+msgid "This section is furtherly divided in:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:35 ../../user/admin/UserInterface.rst:50
+msgid "Files"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:37 ../../user/admin/UserInterface.rst:56
+msgid "Languages"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:39
+msgid "Text customization"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:41
+msgid "Advanced settings"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:45
+msgid ""
+"In this section is configurable the logo and all the texts of the main "
+"user interfaces."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:51
+msgid ""
+"In this section could be loaded CSS and Javascript and other files "
+"necessary to customize the interface."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:57
+msgid ""
+"In this section you could enable all the languages required by your "
+"project and configure the default language."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:60
+msgid ""
+"Thanks to the `Localization Lab <https://www.localizationlab.org/>`_ and "
+"our great volunteer community, the software is already available and "
+"continuously made available in a lot of languages. This aspect of "
+"internationalization is crucial in many projects. In case you are "
+"starting a project and the required languages are not available we "
+"strongly invite you to register on our `web translation platform "
+"<https://www.transifex.com/otf/globaleaks/>`_ offered by `Transifex "
+"<https://www.transifex.com/otf/globaleaks/>`_ and support yourself the "
+"translation. Internationalization and Localization is in fact are crucial"
+" for the success of a whistleblowing project. Thank you!"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:65
+msgid "Text Customization"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:66
+msgid ""
+"Here could be configured overrides for any of the texts of the platform "
+"and of their translation."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:71
+msgid "Advanced Settings"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:72
+msgid "In this section could be configured a set of advanced settings."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:78
+msgid ""
+"This sections is where users could be created and managed. The system "
+"with the basic configuration completed with the initial Platform wizard "
+"is configured with an Administrator and a Recipient."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:81
+msgid ""
+"Depending on your project needs here you could create users with "
+"different roles and manage their respective privileges."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:86
+msgid "User Roles"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:87
+msgid ""
+"The software offers the possibility to create users with the following "
+"roles:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:89
+msgid "Administrators"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:91
+msgid "Recipients"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:94
+msgid "User Options"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:100
+msgid ""
+"The softare implements a standard default questionnaire that is proposed "
+"as a good base for a generic whistleblowing procedure. This questinnaire "
+"is the current result of the research performed by the project team with "
+"the organizations that have adopted the solution and expecially with "
+"anticorruption and investigative journalism NGOs."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:102
+msgid ""
+"As every organization has different needs, risks and goals globaleaks has"
+" been designed considering to implement an advanced questionnaire builder"
+" offering the possibility to design custom questionnaires."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:104
+msgid ""
+"The following sections present the questionnaire builder and its "
+"capabilities."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:108
+msgid ""
+"Depending on your project needs you may evaluate defining some questions "
+"once as Question Templates and reuse the same question in multiple "
+"questionnaires."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:113
+msgid "Steps"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:114
+msgid ""
+"The software enables to organize questionnaire in one or multiple steps. "
+"For example the default questionnaire is organized with a single step "
+"including all the questions."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:118
+msgid "Questions Types"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:119
+msgid "The software enables you to create questions of the following types:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:121
+msgid "Single-line text input"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:123
+msgid "Multi-line text input"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:125
+msgid "Selection box"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:127
+msgid "Multiple choice input"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:129
+msgid "Checkbox"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:131
+msgid "Attachment"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:133
+msgid "Terms of service"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:137
+msgid "Date range"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:139
+msgid "Voice"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:141
+msgid "Question group"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:144
+msgid "Common Question Properties"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:145
+msgid ""
+"Each of the software question types make it possible to configure the "
+"following properties:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:147
+msgid "Question: The text of the question"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:149
+msgid ""
+"Hint: A hint that will be shown via an popover an a question mark near "
+"the question."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:151
+msgid "Description: A description text that will be shown below the question"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:153
+msgid "Required: Set this field if you want this question to be mandatory"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:155
+msgid ""
+"Preview: Set this field if you want the answers to this question to "
+"appear in the preview section of the list"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:159
+msgid ""
+"This section is where whistleblowing channels could be created and "
+"managed."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:161
+msgid ""
+"A whistleblowing channel is typically defined by the following main "
+"characteristics"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:163
+msgid ""
+"Name: the name of the channel Image: an image to identify the channel "
+"Description: a description of the channel Recipients: the set of "
+"recipients that will receive reports sent to this channel Questionnaire: "
+"the questionnaire that will be proposed to whistleblowers selecting this "
+"channel Submission expiration: the data retention policy for the channel"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:170
+msgid ""
+"The system with the basic configuration completed with the initial "
+"platform wizard is configured with a single Channel called Default, on "
+"which is associated a recipient and the default questionnaire."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:172
+msgid ""
+"Depending on your project needs here you could create additional Channels"
+" and configure their respective properties."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:177
+msgid "Data Retention Policy"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:178
+msgid ""
+"The software enables to configure a data retention policy for each "
+"channel. This is a fundamental property of the whistleblowing channel "
+"that makes it possible to configure automatic secure deletion of reports "
+"after a certain period of time. This setting should be configured in "
+"relation to the risk of the channel in order to limit unneeded exposure "
+"of the reports received therein."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:182
+msgid "By default a channel is configured with a report expiration of 90 days."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:186
+msgid ""
+"This section is intended to host all the main case management feature "
+"that will be offered by the software. Currently it hosts the possibility "
+"to define reports statuses and sub-statuses intended to be used by "
+"Recipients while working on the reports."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:194
+msgid "By default the system includes the following report statuses:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:190
+msgid "New"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:192
+msgid "Open"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:194
+msgid "Closed"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:196
+msgid ""
+"Within this section you may add additional Statuses between the State "
+"Open and Closed and you can furtherly define Sub-statuses for the Closed "
+"status (e.g. Archived / Spam)"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:202
+msgid ""
+"This is the section where are configured all the aspects related to the "
+"mail notifications sent by the software."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:207
+#: ../../user/admin/UserInterface.rst:238
+msgid "The section is furtherly divided in:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:205
+#: ../../user/admin/UserInterface.rst:210
+msgid "Notification Settings"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:207
+#: ../../user/admin/UserInterface.rst:219
+msgid "Notification Templates"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:211
+msgid "Here are configured the technical details about SMTP."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:214
+msgid ""
+"By default GlobaLeaks comes with a working configuration that is based on"
+" systems offered by the GlobaLeaks developers to the community of users "
+"and testers; even though this configuration is designed by their owners "
+"with special care in relation to security and privacy you are invited to "
+"consider using alternative systems for your production environment."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:220
+msgid "In this section are configured the notification templates."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:222
+msgid ""
+"By default globaleaks includes text and translations for each of the "
+"templates that are provided to be fully functional and studied with "
+"particular care in relation to security and privacy. Depending on your "
+"project needs you may override the default text with your customized "
+"texts."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:229
+msgid "In this section are configured the network settings."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:232
+#: ../../user/admin/UserInterface.rst:241
+msgid "HTTPS"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:234
+#: ../../user/admin/UserInterface.rst:255
+msgid "Tor"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:236
+msgid "IP Access control"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:238
+#: ../../user/admin/UserInterface.rst:273
+msgid "URL Redirects"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:242
+msgid ""
+"Here you can configure all the aspects related to the access of the "
+"platform via the HTTPS Protocol."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:246
+msgid "In particular here are configured:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:248
+msgid "The domain name used by your project"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:250
+msgid "The HTTPS key and certificates"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:252
+msgid ""
+"To ease the deployment and the maintenance and reduce the costs of your "
+"project, consider using the software includes support for the Let’s "
+"Encrypt HTTPS certificates."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:256
+msgid ""
+"Here you can configure all the aspects related to the access of the "
+"platform via the Tor Protocol."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:261
+msgid "IP Access Control"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:262
+msgid "Here you can configure IP based Access Control."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:266
+msgid "Suggested configurations are:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:268
+msgid "Prevent Whistleblowers to report from within their respective work space."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:270
+msgid "Restrict Recipients access to their intranet."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:274
+msgid "Here you can configure URL Redirects."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:280
+msgid ""
+"The site section enables organization to create and manage multiple "
+"secondary whistleblowing sites."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:283
+msgid "Sites Management"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:284
+msgid ""
+"Secondary whistleblowing platforms with independent configurations can be"
+" manually created and managed through the Sites interface."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:286
+msgid ""
+"Organizations have typically need for creating a secondary site when "
+"dealing with subsidiaries or third party clients."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:290
+msgid ""
+"After creating a secondary site an administrators of the main site could "
+"simply enter on that system by clicking a \"Configure\" button."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:292
+msgid ""
+"After clicking on the button the administrator will be logged in on the "
+"the administrative panel of the site."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:295
+msgid "Signup Module"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:296
+msgid ""
+"The software features a signup module that can be enabled and used to "
+"offers others users the possibility to register their secondary site."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:298
+msgid ""
+"Organizations have typically need for a signup module when offering the "
+"platform to other subsidiaries or third party clients where they want "
+"users to have the possibility to self subscribe."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:300
+msgid "The signup feature can be anabled in the Options tab of the Sites section."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:304
+msgid ""
+"When the signup module is enabled the submission module of the main site "
+"is automatically disabled and the home page will be featuring the "
+"following signup form:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:310
+msgid ""
+"The software features a privacy precerving audit log enabling "
+"administrators of the system to supervise on projects operations."
+msgstr ""
+
+#: ../../user/index.rst:2
+msgid "User documentation"
+msgstr ""
+
diff --git a/documentation/locale/fr/LC_MESSAGES/sphinx.mo b/documentation/locale/fr/LC_MESSAGES/sphinx.mo
new file mode 100644
index 0000000000..89c9260405
Binary files /dev/null and b/documentation/locale/fr/LC_MESSAGES/sphinx.mo differ
diff --git a/documentation/locale/fr/LC_MESSAGES/sphinx.po b/documentation/locale/fr/LC_MESSAGES/sphinx.po
new file mode 100644
index 0000000000..0ae0d68ea3
--- /dev/null
+++ b/documentation/locale/fr/LC_MESSAGES/sphinx.po
@@ -0,0 +1,4671 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) 2011-2024 - GlobaLeaks
+# This file is distributed under the same license as the GlobaLeaks package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2024.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: GlobaLeaks 5.0.15\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2024-10-14 19:43+0200\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language: fr\n"
+"Language-Team: fr <LL@li.org>\n"
+"Plural-Forms: nplurals=2; plural=(n > 1);\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Generated-By: Babel 2.16.0\n"
+
+#: ../../developer/ContinuousIntegration.rst:3
+msgid "Continuous integration"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:4
+msgid ""
+"The GlobaLeaks codebase is continuously tested for bug within a complete "
+"continuous integration lifecycle implemented."
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:6
+msgid "Testes are performed at every commit by:"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:8
+msgid ""
+"performing continous integration testing with `GitHub Actions "
+"<https://github.com/globaleaks/globaleaks-whistleblowing-software/actions>`_;"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:9
+msgid ""
+"tracking tests coverage and code quality with `Codacy "
+"<https://app.codacy.com/manual/GlobaLeaks/GlobaLeaks>`_."
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:12
+msgid "Unit tests"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:13
+msgid "Unit tests are implemented by means of python-twisted and trial"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:15
+#: ../../developer/ContinuousIntegration.rst:26
+msgid "Tests can be run manually by issuing:"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:23
+msgid "E2E tests"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:24
+msgid "End to end tests are implemented by means of Cypress."
+msgstr ""
+
+#: ../../developer/DatabaseSchema.rst:2
+msgid "Database schema"
+msgstr ""
+
+#: ../../developer/Environment.rst:3
+msgid "Development environment"
+msgstr ""
+
+#: ../../developer/Environment.rst:4
+msgid ""
+"This guide describes how to set up an environment in order to contribute "
+"to the development of GlobaLeaks."
+msgstr ""
+
+#: ../../developer/Environment.rst:7 ../../gettingstarted/Requirements.rst:2
+msgid "Requirements"
+msgstr ""
+
+#: ../../developer/Environment.rst:8
+msgid ""
+"The guide assumes you run a Debian based system and that the following "
+"software is installed on your system:"
+msgstr ""
+
+#: ../../developer/Environment.rst:10
+msgid "debhelper"
+msgstr ""
+
+#: ../../developer/Environment.rst:11
+msgid "devscripts"
+msgstr ""
+
+#: ../../developer/Environment.rst:12
+msgid "dh-apparmor"
+msgstr ""
+
+#: ../../developer/Environment.rst:13
+msgid "dh-python"
+msgstr ""
+
+#: ../../developer/Environment.rst:14
+msgid "git"
+msgstr ""
+
+#: ../../developer/Environment.rst:15
+msgid "grunt-cli"
+msgstr ""
+
+#: ../../developer/Environment.rst:16
+msgid "node"
+msgstr ""
+
+#: ../../developer/Environment.rst:17
+msgid "npm"
+msgstr ""
+
+#: ../../developer/Environment.rst:18
+msgid "python3"
+msgstr ""
+
+#: ../../developer/Environment.rst:19
+msgid "python3-dev"
+msgstr ""
+
+#: ../../developer/Environment.rst:20
+msgid "python3-pip"
+msgstr ""
+
+#: ../../developer/Environment.rst:21
+msgid "python3-setuptools"
+msgstr ""
+
+#: ../../developer/Environment.rst:22
+msgid "python3-sphinx"
+msgstr ""
+
+#: ../../developer/Environment.rst:23
+msgid "python3-virtualenv"
+msgstr ""
+
+#: ../../developer/Environment.rst:26 ../../setup/index.rst:2
+msgid "Setup"
+msgstr ""
+
+#: ../../developer/Environment.rst:27
+msgid "The repository could be cloned with:"
+msgstr ""
+
+#: ../../developer/Environment.rst:33
+msgid "Client dependencies could be installed by issuing:"
+msgstr ""
+
+#: ../../developer/Environment.rst:41
+msgid "Backend dependencies could be installed by issuing:"
+msgstr ""
+
+#: ../../developer/Environment.rst:50
+msgid ""
+"This will create for you a python virtualenv in the directory env "
+"containing all the required python dependencies. To leave the virtualenv,"
+" type ``deactivate``."
+msgstr ""
+
+#: ../../developer/Environment.rst:52
+msgid ""
+"Then, anytime you will want to activate the environment to run globaleaks"
+" you will just need to issue the command:"
+msgstr ""
+
+#: ../../developer/Environment.rst:58
+msgid "Setup the client:"
+msgstr ""
+
+#: ../../developer/Environment.rst:66
+msgid "Setup the backend and its dependencies:"
+msgstr ""
+
+#: ../../developer/Environment.rst:76
+msgid "Run"
+msgstr ""
+
+#: ../../developer/Environment.rst:77
+msgid ""
+"To run globaleaks from sources within the development environment you "
+"should issue:"
+msgstr ""
+
+#: ../../developer/Environment.rst:85
+msgid ""
+"GlobaLeaks will start and be reachable at the following address "
+"https://127.0.0.1:8443"
+msgstr ""
+
+#: ../../developer/Environment.rst:88
+msgid "Building the docs"
+msgstr ""
+
+#: ../../developer/Environment.rst:89
+msgid "To build the documentation:"
+msgstr ""
+
+#: ../../developer/Environment.rst:97
+msgid "To edit the docs with hot-reload functionality:"
+msgstr ""
+
+#: ../../developer/Environment.rst:107
+msgid ""
+"Sphinx server will start and be reachable at the following address "
+"http://127.0.0.1:8000 in the web browser."
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:2
+msgid "Release procedure"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:3
+msgid "This is the procedure followed to publish a new GlobaLeaks release."
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:5
+msgid "A release is represented by:"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:7
+msgid "A version bump;"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:8
+msgid "An updated CHANGELOG;"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:9
+msgid "A commit titled \"Bump to version $number\";"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:10
+msgid "A tag commit $version signed by a core developer with their own key;"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:11
+msgid "An updated package on deb.globaleaks.org;"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:12
+msgid "A signed repository."
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:15
+msgid "Release tagging"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:16
+msgid ""
+"To release is tagger by means of the official version bump script by "
+"issuing:"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:23
+msgid "Release packaging"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:24
+msgid "The package is built by means of the official build script by issuing:"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:30
+msgid "This command builds a package for each supported distribution and version."
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:33
+msgid "Package publishing"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:34
+msgid "The package is published on https://deb.globaleaks.org by issuing:"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:41
+msgid "Repository signing"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:42
+msgid ""
+"The release is then signed by a core developer by using the official "
+"project key via:"
+msgstr ""
+
+#: ../../developer/SoftwareLibraries.rst:2
+msgid "Software libraries"
+msgstr ""
+
+#: ../../developer/SoftwareLibraries.rst:3
+msgid ""
+"The software libraries used by GlobaLeaks are listed in the following "
+"files:"
+msgstr ""
+
+#: ../../developer/SoftwareLibraries.rst:5
+msgid ""
+"Backend: `backend/requirements.txt <https://github.com/globaleaks"
+"/globaleaks-whistleblowing-software/blob/main/backend/requirements/requirements-"
+"bullseye.txt>`_"
+msgstr ""
+
+#: ../../developer/SoftwareLibraries.rst:6
+msgid ""
+"Client: `client/package.json <https://github.com/globaleaks"
+"/globaleaks-whistleblowing-software/blob/main/client/package.json>`_"
+msgstr ""
+
+#: ../../developer/SoftwareLibraries.rst:7
+msgid ""
+"Packaging: `debian/control <https://github.com/globaleaks/whistleblowing-"
+"software/blob/main/debian/controlX/control.bullseye>`_"
+msgstr ""
+
+#: ../../developer/index.rst:2
+msgid "Developer documentation"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:2
+msgid "Features"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:3
+msgid "These are the key features of the software:"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:6
+msgid "User features"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:8
+msgid ""
+"Multi-user system with customizable user roles (whistleblower, recipient,"
+" administrator)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:9
+msgid "Fully manageable via a web administration interface"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:10
+msgid ""
+"Allows whistleblowers to decide if and when to confidentially declare "
+"their identity"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:11
+msgid "Facilitates multimedia file exchanges with whistleblowers"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:12
+msgid "Secure management of file access and visualization"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:13
+msgid "Enables chat with whistleblowers to discuss reports"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:14
+msgid "Provides a unique 16-digit receipt for anonymous whistleblower login"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:15
+msgid "Simple recipient interface for receiving and analyzing reports"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:16
+msgid "Supports report categorization with labels"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:17
+msgid "Includes user search functionality for reports"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:18
+msgid "Supports the creation and assignment of case management statuses"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:19
+msgid "Customizable appearance (logo, color, styles, font, text)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:20
+msgid "Allows defining multiple reporting channels (e.g., by topic, department)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:21
+msgid ""
+"Enables creation and management of multiple whistleblowing sites (e.g., "
+"for subsidiaries or third-party clients)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:22
+msgid "Advanced questionnaire builder"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:23
+msgid "Provides whistleblowing system statistics"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:24
+msgid ""
+"Support for `over 90 languages "
+"<https://www.transifex.com/otf/globaleaks>`_ and Right-to-Left (RTL) "
+"languages"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:27
+msgid "Legal features"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:29
+msgid ""
+"Designed in adherence to `ISO 37002:2021 "
+"<https://www.iso.org/standard/65035.html>`_ and `EU Directive 2019/1937 "
+"<https://eur-lex.europa.eu/legal-"
+"content/en/TXT/?uri=CELEX%3A32019L1937>`_ recommendations for "
+"whistleblowing compliance"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:30
+msgid "Supports bidirectional anonymous communication (comments/messages)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:31
+msgid "Customizable case management workflow (statuses/sub-statuses)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:32
+msgid "Conditional reporting workflow based on whistleblower identity"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:33
+msgid "Manages conflicts of interest in the reporting workflow"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:34
+msgid "Custodian functionality to authorize access to whistleblower identity"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:35
+msgid "GDPR privacy by design and by default"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:36
+msgid "Configurable GDPR data retention policies"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:37
+msgid "GDPR-compliant subscriber module for new SaaS users"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:38
+msgid "No IP address logging"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:39
+msgid "Includes an audit log"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:40
+msgid "Integrates with existing enterprise case management platforms"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:41
+msgid ""
+"Free Software OSI Approved `AGPL 3.0 License "
+"<https://github.com/globaleaks/whistleblowing-"
+"software/blob/main/LICENSE>`_"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:44
+msgid "Security features"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:46
+msgid ""
+"Designed in adherence to `ISO 27001:2022 "
+"<https://www.iso.org/standard/82875.html>`_, `CSA STAR "
+"<https://cloudsecurityalliance.org/star>`_, and `OWASP "
+"<https://owasp.org/>`_ recommendations for security compliance"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:47
+msgid ""
+"Full data encryption for whistleblower reports and recipient "
+"communications"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:48
+msgid ""
+"Supports digital anonymity through `Tor <https://www.torproject.org/>`_ "
+"integration"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:49
+msgid ""
+"Built-in HTTPS support with `TLS 1.3 "
+"<https://tools.ietf.org/html/rfc8446>`_ standard and `SSLabs A+ "
+"<https://www.ssllabs.com/ssltest/analyze.html?d=try.globaleaks.org>`_ "
+"rating"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:50
+msgid ""
+"Automatic enrollment for free digital certificates with `Let’s Encrypt "
+"<https://letsencrypt.org/>`_"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:51
+msgid "Multiple penetration tests with publicly available reports"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:52
+msgid ""
+"Two-Factor Authentication (2FA) compliant with `TOTP RFC 6238 "
+"<https://tools.ietf.org/html/rfc6238>`_"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:53
+msgid "Integrated network sandboxing with iptables"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:54
+msgid "Application sandboxing with `AppArmor <http://wiki.apparmor.net/>`_"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:55
+msgid "Complete protection against automated submissions (spam prevention)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:56
+msgid "Continuous peer review and periodic security audits"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:57
+msgid "PGP support for encrypted email notifications and file downloads"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:58
+msgid "Leaves no traces in browser cache"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:61
+msgid "Technical features"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:63
+msgid ""
+"Designed in adherence to `Directive (EU) 2019/882 <https://eur-"
+"lex.europa.eu/legal-content/IT/TXT/?uri=CELEX%3A32019L0882>`_, `Directive"
+" (EU) 2016/2102 <https://eur-lex.europa.eu/legal-"
+"content/IT/TXT/?uri=CELEX%3A32016L2102>`_, `ETSI EN 301 549 "
+"<https://www.etsi.org/deliver/etsi_en/301500_301599/301549/03.02.01_60/en_301549v030201p.pdf>`_,"
+" `W3C WCAG 2.2 <https://www.w3.org/TR/WCAG22/>`_, and `WAI-ARIA 2.2 "
+"<https://www.w3.org/TR/wai-aria-1.2/>`_ recommendations for accessibility"
+" compliance"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:64
+msgid ""
+"Multi-site support enabling the operation of multiple virtual sites on "
+"the same setup"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:65
+msgid ""
+"Responsive user interfaces created with `Bootstrap "
+"<https://getbootstrap.com/>`_ CSS framework"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:66
+msgid "Automated software quality measurement and continuous integration testing"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:67
+msgid "Long-Term Support (LTS) plan"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:68
+msgid ""
+"Built with lightweight framework technologies (`Angular "
+"<https://angular.dev/>`_ and `Python Twisted <https://twisted.org/>`_)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:69
+msgid "Integrated `SQLite <https://sqlite.org>`_ database"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:70
+msgid ""
+"Automatic setup for `Tor Onion Services Version 3 "
+"<https://www.torproject.org/>`_"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:71
+msgid "Supports self-service signup for whistleblowing SaaS setup"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:72
+msgid ""
+"Compatible with Linux operating systems (`Debian "
+"<https://www.debian.org/>`_ / `Ubuntu <https://ubuntu.com/>`_)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:73
+msgid "Debian packaging with a repository for updates/upgrades"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:74
+msgid "Fully self-contained application"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:75
+msgid "Easy integration with existing websites"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:76
+msgid ""
+"Built and packaged with `reproducibility "
+"<https://en.wikipedia.org/wiki/Reproducible_builds>`_ in mind"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:77
+msgid "REST API"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:2
+msgid "Glossary"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:3
+msgid ""
+"This glossary defines jargon used in GlobaLeaks in a clear and consistent"
+" manner."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:5 ../../security/ThreatModel.rst:1
+msgid "Administrator"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:7
+msgid ""
+"The user who has set up and maintains the platform. An Administrator does"
+" not have access to Whistleblowers’ reports."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:8
+msgid "Channel"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:10
+msgid ""
+"A reporting channel used as a container for reports. Channels can be "
+"configured with specific questionnaires, recipients, and policies. They "
+"are typically used to organize the reporting process."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:11 ../../user/admin/UserInterface.rst:19
+#: ../../user/admin/UserInterface.rst:201
+msgid "Notification"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:13
+msgid ""
+"An email sent to inform a recipient of a new report or an update to an "
+"existing report."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:14
+msgid "Platform"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:16
+msgid "A system running the GlobaLeaks software."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:17
+msgid "Questionnaire"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:19
+msgid "A set of questions that the whistleblower must complete to file a report."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:20
+#: ../../security/ApplicationSecurity.rst:32
+msgid "Receipt"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:22
+msgid ""
+"A 16-digit random secret code generated by the system and provided to "
+"whistleblowers upon submission of their report. This code allows them to "
+"anonymously access and update their report by adding comments and new "
+"files."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:23 ../../security/ThreatModel.rst:1
+msgid "Recipient"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:25
+msgid ""
+"A user authorized to read whistleblowers’ reports. Recipients may also "
+"communicate with whistleblowers via the GlobaLeaks platform."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:26 ../../security/PenetrationTests.rst:1
+msgid "Report"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:28
+msgid ""
+"The submission by a whistleblower, including answers to a questionnaire "
+"and any attached material."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:29 ../../security/ThreatModel.rst:1
+msgid "Whistleblower"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:31
+msgid "The person who files a report."
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:3
+msgid ""
+"Ensure you understand and meet each of the following technical "
+"requirements."
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:6
+msgid "Hardware requirements"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:7
+msgid "**Requirements**:"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:9
+msgid "CPU: Dual-core 2.0GHz (64-bit)"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:10
+msgid "RAM: 1GB"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:11
+msgid "Storage: 20GB"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:12
+msgid "I/O: 10Mbit/s (shared)"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:14
+msgid ""
+"Please note that GlobaLeaks is designed to run on servers with "
+"specifications smaller than those listed above."
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:16
+msgid ""
+"The storage size should be determined based on your data retention "
+"policies and the expected use of the platform."
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:19
+msgid "Software requirements"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:20
+msgid ""
+"GlobaLeaks is designed to run on GNU/Linux and is developed and tested "
+"specifically for Debian-based systems."
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:22
+msgid ""
+"The currently recommended distributions are: Debian 12 (Bookworm) and "
+"Ubuntu 24.04 (Noble)"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:24
+msgid ""
+"The software lifecycle of the platform includes full support for all "
+"Debian and Ubuntu LTS versions starting from `Debian 10 "
+"<https://www.debian.org/releases/buster/>`_ and `Ubuntu 20.04 "
+"<https://releases.ubuntu.com/20.04/>`_."
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:26
+msgid ""
+"Support is guaranteed on these platforms according to the official long-"
+"term support timelines:"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:28
+msgid "`Debian Release End of Life Timeline <https://wiki.debian.org/LTS>`_"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:29
+msgid ""
+"`Ubuntu Release End of Life Timeline <https://www.ubuntu.com/info"
+"/release-end-of-life>`_"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:31
+msgid ""
+"Currently, we do not plan to support additional distributions, as "
+"GlobaLeaks adheres to the Unix philosophy of making each program excel in"
+" a specific area. By focusing our efforts on mastering one domain, we aim"
+" to serve our community most effectively. If you are interested in "
+"helping us extend support to additional distributions, please get in "
+"touch."
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:2
+msgid "Supported browsers"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:4
+msgid ""
+"GlobaLeaks is designed to fully support commonly used browsers on desktop"
+" PCs, laptops, tablets, and smartphones."
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:6
+msgid ""
+"We recommend using the `Tor Browser <https://www.torproject.org/>`_ for "
+"enhanced anonymity and additional privacy and security features not "
+"available in other browsers."
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:8
+msgid "Other supported browsers include:"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Browser"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Version"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Mozilla Firefox"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid ">= 38"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Google Chrome"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid ">= 45"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Brave"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid ">= 1.20.110"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Edge"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "any"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Safari"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid ">= 8"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "iOS"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid ">= 9"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Android"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid ">= 4.4"
+msgstr ""
+
+#: ../../gettingstarted/index.rst:2
+msgid "Getting started"
+msgstr ""
+
+#: ../../index.rst:2
+msgid "Documentation"
+msgstr "Documentation"
+
+#: ../../index.rst:4
+msgid ""
+"`GlobaLeaks <https://www.globaleaks.org/>`_ is an open-source, free "
+"software intended to enable anyone to easily set up and maintain a secure"
+" whistleblowing platform."
+msgstr ""
+
+#: ../../index.rst:7
+msgid ""
+"This documentation is thank to the support of our community. Join us and "
+"contribute with your additions and suggestion. In any of the page you "
+"find a link that enables you to provide suggestions and corrections. We "
+"remind you that in case of any software issue or bug you may always "
+"report on the `ticketing system <https://github.com/globaleaks"
+"/globaleaks-whistleblowing-software/issues>`_."
+msgstr ""
+
+#: ../../roadmap/index.rst:2
+msgid "Project roadmap"
+msgstr ""
+
+#: ../../roadmap/index.rst:5
+msgid ""
+"This tentative roadmap is built by the GlobaLeaks team in order to try to"
+" respond to main users' needs. Please get sure that the needs of your "
+"projects and users are well represented on the project `Ticketing System "
+"<https://github.com/globaleaks/globaleaks-whistleblowing-software/issues>`_. If your"
+" organization could fund the development of parts of this roadmap please "
+"write us at info@globaleaks.org"
+msgstr ""
+
+#: ../../roadmap/index.rst:8
+msgid "Introduction"
+msgstr ""
+
+#: ../../roadmap/index.rst:9
+msgid ""
+"`GlobaLeaks <https://www.globaleaks.org>`_ is free, open source software "
+"enabling anyone to easily set up and maintain a secure whistleblowing "
+"platform."
+msgstr ""
+
+#: ../../roadmap/index.rst:11
+msgid ""
+"Started in 2011, the software is now widely used worldwide by more than "
+"3000 organizations working in the fields of anti-corruption activism, "
+"human rights violations reporting, investigative journalism, and "
+"corporate compliance."
+msgstr ""
+
+#: ../../roadmap/index.rst:13
+msgid ""
+"This document details the main areas of research development and "
+"represents the actual tentative readmap of consolidation planned for "
+"2024-2026 based on the analysis of the large set of user needs collected "
+"within the official `Ticketing System <https://github.com/globaleaks"
+"/globaleaks-whistleblowing-software/issues>`_."
+msgstr ""
+
+#: ../../roadmap/index.rst:16
+msgid "Development areas"
+msgstr ""
+
+#: ../../roadmap/index.rst:19
+msgid "Statistics and Reporting"
+msgstr ""
+
+#: ../../roadmap/index.rst:20
+msgid ""
+"GlobaLeaks still misses the implementation for any generation of "
+"statistics and reports. Such features are considered fundamental in order"
+" to properly support users in analysis, investigation and reporting."
+msgstr ""
+
+#: ../../roadmap/index.rst:22
+msgid "E.g:"
+msgstr ""
+
+#: ../../roadmap/index.rst:24
+msgid ""
+"Recipients should be able to visually see statistics about the received "
+"reports received and the data contained; these statistics should empower "
+"users in their work providing relevant information out of the data "
+"collection that could help users analyze and study social problems like "
+"corruption and be able to organize and export automatic reporting;"
+msgstr ""
+
+#: ../../roadmap/index.rst:25
+msgid ""
+"Administrators should be able to visually see a dashboard in order to "
+"monitor the system and assure that all is working well (e.g. that "
+"recipients are receiving submissions and are able to access them and that"
+" no attacks are performed on the system)."
+msgstr ""
+
+#: ../../roadmap/index.rst:27 ../../roadmap/index.rst:42
+msgid "Ideas:"
+msgstr ""
+
+#: ../../roadmap/index.rst:29
+msgid ""
+"A client library could be adopted to generate reports directly on the "
+"client (e.g. Chart.js)"
+msgstr ""
+
+#: ../../roadmap/index.rst:30
+msgid ""
+"The implementation should support the possibility of exporting the report"
+" in PDF; in relation to this aspect it should be considered the "
+"advantages of a possible backend implementation."
+msgstr ""
+
+#: ../../roadmap/index.rst:32 ../../roadmap/index.rst:47
+#: ../../roadmap/index.rst:58 ../../roadmap/index.rst:71
+#: ../../roadmap/index.rst:84
+msgid "Reference tickets:"
+msgstr ""
+
+#: ../../roadmap/index.rst:34
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/1959"
+msgstr ""
+
+#: ../../roadmap/index.rst:35
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2254"
+msgstr ""
+
+#: ../../roadmap/index.rst:39
+msgid "Audit Log"
+msgstr ""
+
+#: ../../roadmap/index.rst:40
+msgid ""
+"GlobaLeaks still misses the implementation of a complete audit logit. "
+"This is considered a fundamental feature in order to achieve full "
+"accontability of the whistleblowing process and increase security."
+msgstr ""
+
+#: ../../roadmap/index.rst:44
+msgid "Software audit log should be improved"
+msgstr ""
+
+#: ../../roadmap/index.rst:45
+msgid ""
+"The software could exposes a standard log interfaces in CEF/LEEF/Syslog "
+"format to foster integration with third party SIEM software."
+msgstr ""
+
+#: ../../roadmap/index.rst:49
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2579"
+msgstr ""
+
+#: ../../roadmap/index.rst:50
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2580"
+msgstr ""
+
+#: ../../roadmap/index.rst:51
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2651"
+msgstr ""
+
+#: ../../roadmap/index.rst:54
+msgid "GDPR compliance"
+msgstr ""
+
+#: ../../roadmap/index.rst:55
+msgid ""
+"GlobaLeaks implements by-design many best practices in matters of privacy"
+" and security. In order to be effectively accepted and competitive beside"
+" commercial proprietary solutions and to guarantee the sustainability of "
+"the project, the software needs to achieve some market “standards” (e.g. "
+"GDPR compliance / ISO certifications / etc.); among all we selected that "
+"GDPR compliance is a first step where the software could implement best "
+"practices (e.g. procedures for self signup should present appropriate "
+"legal notices, terms of services, and contractualization). Within the "
+"software, there should be implemented an automatic contract generation "
+"via PDF or other suitable formats in respect with the GDPR requirements."
+msgstr ""
+
+#: ../../roadmap/index.rst:60
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2145"
+msgstr ""
+
+#: ../../roadmap/index.rst:61
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2658"
+msgstr ""
+
+#: ../../roadmap/index.rst:62
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2866"
+msgstr ""
+
+#: ../../roadmap/index.rst:63
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2767"
+msgstr ""
+
+#: ../../roadmap/index.rst:64
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/3011"
+msgstr ""
+
+#: ../../roadmap/index.rst:65
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/3012"
+msgstr ""
+
+#: ../../roadmap/index.rst:68
+msgid "Backup and Restore"
+msgstr ""
+
+#: ../../roadmap/index.rst:69
+msgid ""
+"GlobaLeaks currently misses any feature for performing backup and "
+"restoring of its setup. These duties are currently performed by its users"
+" following typical best manual practices (e.g. archiving the data "
+"directory of the application). This project idea is to research the best "
+"practices to be applied in this context and to identify suitable "
+"strategies for implementing periodic, secure and encrypted backups to be "
+"restored upon necessity."
+msgstr ""
+
+#: ../../roadmap/index.rst:73
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/528"
+msgstr ""
+
+#: ../../roadmap/index.rst:74
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2149"
+msgstr ""
+
+#: ../../roadmap/index.rst:77
+msgid "Multitenancy"
+msgstr ""
+
+#: ../../roadmap/index.rst:79
+msgid "Import and Export of Tenants"
+msgstr ""
+
+#: ../../roadmap/index.rst:80
+msgid ""
+"Part of the software is a recent feature of Multitenancy, first "
+"implemented in 2018 and stabilized during 2019. Through this feature, "
+"GlobaLeaks makes it possible to create multiple setups of itself via "
+"virtual sites (similarly to Wordpress multisite feature). In order to "
+"make it more easy for an administrator to migrate a platform form a "
+"system to an other or to enable users to require data portability from a "
+"globaleaks provider to an other, for example in relation to GDPR it has "
+"been evaluated necessary to improve the multi tenancy implementation by "
+"implementing support for import-export of tenants. In the context of a "
+"whistleblowing application, involving encryption and logging this poses "
+"important challenges on how to best handle this process."
+msgstr ""
+
+#: ../../roadmap/index.rst:86
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2632"
+msgstr ""
+
+#: ../../roadmap/index.rst:87
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2631"
+msgstr ""
+
+#: ../../roadmap/index.rst:90
+msgid "Multisite users"
+msgstr ""
+
+#: ../../roadmap/index.rst:91
+msgid "(To be further researched)"
+msgstr ""
+
+#: ../../roadmap/index.rst:93
+msgid ""
+"Important requirement at the base of the Multitenancy expansion is the "
+"possibility to enable users to be administrators and recipients of two or"
+" multiple instances running on the same multi-site setup. This is useful "
+"for example when a lawyer takes part as a recipient on multiple projects;"
+" as well it is useful when an ICT consultant joins consultancy on "
+"multiple projects."
+msgstr ""
+
+#: ../../roadmap/index.rst:96
+msgid ""
+"This could significatively simplify user access enabling the user to have"
+" a single set of username and password and associated keys."
+msgstr ""
+
+#: ../../roadmap/index.rst:98
+msgid "References tickets:"
+msgstr ""
+
+#: ../../roadmap/index.rst:100
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2302"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:3
+msgid "Application security"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:4
+msgid ""
+"The GlobaLeaks software aims to adhere to industry-standard best "
+"practices, with its security being the result of applied research."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:6
+msgid ""
+"This document details every aspect implemented by the application in "
+"relation to security design."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:9
+msgid "Architecture"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:10
+msgid "The software comprises two main components: a `Backend` and a `Client`:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:12
+msgid ""
+"The Backend is a Python-based server that runs on a physical server and "
+"exposes a `REST API "
+"<https://en.wikipedia.org/wiki/Representational_state_transfer>`_."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:13
+msgid ""
+"The Client is a JavaScript client-side web application that interacts "
+"with the Backend only through `XHR "
+"<https://en.wikipedia.org/wiki/XMLHttpRequest>`_."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:16
+msgid "Anonymity"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:17
+msgid ""
+"Users' anonymity is protected by means of `Tor "
+"<https://www.torproject.org>`_ technology."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:19
+msgid ""
+"The application is designed to avoid logging sensitive metadata that "
+"could lead to the identification of whistleblowers."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:22
+msgid "Authentication"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:23
+msgid ""
+"The confidentiality of authentication is protected either by `Tor Onion "
+"Services v3 <https://www.torproject.org/docs/onion-services.html.en>`_ or"
+" `TLS version 1.2+ "
+"<https://en.wikipedia.org/wiki/Transport_Layer_Security>`_."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:25
+msgid ""
+"This section describes the authentication methods implemented by the "
+"system."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:28
+msgid "Password"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:29
+msgid ""
+"By accessing the login web interface, `Administrators` and `Recipients` "
+"need to enter their respective `Username` and `Password`. If the "
+"submitted password is valid, the system grants access to the "
+"functionality available to that user."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:33
+msgid ""
+"`Whistleblowers` access their `Reports` using an anonymous `Receipt`, "
+"which is a randomly generated 16-digit sequence created by the Backend "
+"when the Report is first submitted. This format resembles a standard "
+"phone number, making it easier for whistleblowers to conceal their "
+"receipts."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:36
+msgid "Password security"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:37
+msgid "The system implements the following password security measures:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:40
+msgid "Password storage"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:41
+msgid ""
+"Passwords are never stored in plaintext; instead, the system maintains "
+"only a hashed version. This applies to all authentication secrets, "
+"including whistleblower receipts."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:43
+msgid ""
+"The platform stores users’ passwords hashed with a random 128-bit salt, "
+"unique for each user."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:45
+msgid ""
+"Passwords are hashed using `Argon2 "
+"<https://en.wikipedia.org/wiki/Argon2>`_, a key derivation function "
+"selected as the winner of the `Password Hashing Competition "
+"<https://en.wikipedia.org/wiki/Password_Hashing_Competition>`_ in July "
+"2015."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:47
+msgid ""
+"The hash involves a per-user salt for each user and a per-system salt for"
+" whistleblowers."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:50
+msgid "Password complexity"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:51
+msgid ""
+"The system enforces complex passwords by implementing a custom algorithm "
+"necessary to ensure reasonable entropy for each authentication secret."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:53
+msgid ""
+"Passwords are scored at three levels: `Strong`, `Acceptable`, and "
+"`Insecure`."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:55
+msgid ""
+"Strong: A strong password should include capital letters, lowercase "
+"letters, numbers, and symbols, be at least 12 characters long, and "
+"contain a variety of at least 10 different characters."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:56
+msgid ""
+"Acceptable: An acceptable password should include at least 3 different "
+"types of characters from capital letters, lowercase letters, numbers, and"
+" symbols, be at least 10 characters long, and contain a variety of at "
+"least 7 different characters."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:57
+msgid ""
+"Insecure: Passwords ranked below the strong or acceptable levels are "
+"marked as insecure and are not accepted by the system."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:59
+msgid ""
+"We encourage each end user to use `KeePassXC <https://keepassxc.org>`_ to"
+" generate and retain strong, unique passphrases."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:62
+msgid "Two-factor authentication"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:63
+msgid ""
+"The system implements Two-Factor Authentication (2FA) based on `TOTP` "
+"using the `RFC 6238 <https://tools.ietf.org/rfc/rfc6238.txt>`_ algorithm "
+"and 160-bit secrets."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:65
+msgid ""
+"Users can enroll in 2FA via their own preferences, and administrators can"
+" optionally enforce this requirement."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:67
+msgid ""
+"We recommend using `FreeOTP <https://freeotp.github.io/>`_, available "
+"`for Android "
+"<https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp>`_"
+" and `for iOS <https://apps.apple.com/us/app/freeotp-"
+"authenticator/id872559395>`_."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:70
+msgid "Slowdown on failed login attempts"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:71
+msgid ""
+"The system identifies multiple failed login attempts and implements a "
+"slowdown procedure, requiring an authenticating client to wait up to 42 "
+"seconds to complete an authentication."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:73
+msgid ""
+"This feature is intended to slow down potential attacks, requiring more "
+"resources in terms of time, computation, and memory."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:76
+msgid "Password change on first login"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:77
+msgid "The system enforces users to change their password at their first login."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:79
+msgid ""
+"Administrators can also enforce a password change for users at their next"
+" login."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:82
+msgid "Periodic password change"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:83
+msgid ""
+"By default, the system enforces users to change their password at least "
+"every year."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:85
+msgid "This period is configurable by administrators."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:88
+msgid "Password recovery"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:89
+msgid ""
+"In case of a lost password, users can request a password reset via the "
+"web login interface by clicking on a `Forgot password?` button present on"
+" the login page."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:91
+msgid ""
+"When this button is clicked, users are invited to enter their username or"
+" email. If the provided username or email corresponds to an existing "
+"user, the system will send a reset link to the configured email."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:93
+msgid ""
+"By clicking the link received by email, the user is then invited to set a"
+" new password different from the previous one."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:95
+msgid ""
+"If encryption is enabled on the system, a user clicking on the reset link"
+" must first enter their `Account Recovery Key`. Only after correct entry "
+"will the user be able to set a new password."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:98
+msgid "Web application security"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:99
+msgid ""
+"This section describes the Web Application Security implemented by the "
+"software in adherence to the `OWASP Security Guidelines "
+"<https://www.owasp.org>`_."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:102
+msgid "Session management"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:103
+msgid ""
+"The session implementation follows the `OWASP Session Management Cheat "
+"Sheet "
+"<https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html>`_"
+" security guidelines."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:105
+msgid ""
+"The system assigns a session to each authenticated user. The Session ID "
+"is a 256-bit long secret generated randomly by the backend. Each session "
+"expires according to a timeout of 30 minutes. Session IDs are exchanged "
+"between the client and the backend via a header (`X-Session`) and expire "
+"as soon as users close their browser or the tab running GlobaLeaks. Users"
+" can explicitly log out via a logout button or implicitly by closing the "
+"browser."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:108
+msgid "Session encryption"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:109
+msgid ""
+"To minimize the exposure of users' encryption keys, the keys are stored "
+"in an encrypted format and decrypted only upon each client request."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:111
+msgid ""
+"The implementation uses Libsodium's SecretBox, where the client's session"
+" key is used as the secret. Only the client maintains a copy of the "
+"session key, while the server retains only a SHA-256 hash."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:114
+msgid "Cookies and xsrf prevention"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:115
+msgid ""
+"Cookies are not used intentionally to minimize XSRF attacks and any "
+"possible attacks based on them. Instead of using cookies, authentication "
+"is based on a custom HTTP Session Header sent by the client on "
+"authenticated requests."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:118
+msgid "HTTP headers"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:119
+#, python-format
+msgid ""
+"The system implements a large set of HTTP headers specifically configured"
+" to improve software security and achieves a `score A+ by Security "
+"Headers "
+"<https://securityheaders.com/?q=https%3A%2F%2Ftry.globaleaks.org&followRedirects=on>`_"
+" and a `score A+ by Mozilla Observatory "
+"<https://observatory.mozilla.org/analyze/try.globaleaks.org>`_."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:122
+msgid "Strict-Transport-Security"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:123
+msgid "The system implements strict transport security by default. ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:128
+msgid "The default configuration of the application sees this feature disabled."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:131
+msgid "Content-Security-Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:132
+msgid ""
+"The backend implements a strict `Content Security Policy (CSP) "
+"<https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP>`_ preventing any "
+"interaction with third-party resources and restricting the execution of "
+"untrusted user input: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:137
+msgid ""
+"Specific policies are implemented in adherence to the principle of least "
+"privilege."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:139
+msgid "For example:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:141
+msgid ""
+"The `index.html` source of the app is the only resource allowed to load "
+"scripts from the same origin;"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:142
+msgid "Every dynamic content is strictly sandboxed on a null origin;"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:143
+msgid ""
+"Every untrusted user input or third-party library is executed in a "
+"sandbox, limiting its interaction with other application components."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:146
+msgid "Cross-Origin-Embedder-Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:147
+msgid ""
+"The backend implements the following `Cross-Origin-Embedder-Policy (COEP)"
+" <https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-"
+"Embedder-Policy>`_: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:153
+msgid "Cross-Origin-Opener-Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:154
+msgid ""
+"The backend implements the following `Cross-Origin-Opener-Policy (COOP) "
+"<https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-"
+"Opener-Policy>`_: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:160
+msgid "Cross-Origin-Resource-Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:161
+msgid ""
+"The backend implements the following `Cross-Origin-Resource-Policy (CORP)"
+" <https://developer.mozilla.org/en-US/docs/Web/HTTP/Cross-"
+"Origin_Resource_Policy>`_: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:167
+msgid "Permissions-Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:168
+msgid ""
+"The backend implements the following Permissions-Policy header "
+"configuration to limit the possible de-anonymization of the user by "
+"disabling dangerous browser features: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:174
+msgid "X-Frame-Options"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:175
+msgid ""
+"In addition to implementing Content Security Policy level 3 to prevent "
+"the application from being included in an iframe, the backend also "
+"implements the outdated X-Frame-Options header to ensure that iframes are"
+" always prevented in any circumstance, including on outdated browsers: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:181
+msgid "Referrer-Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:182
+msgid ""
+"Web browsers usually attach referrers in their HTTP headers as they "
+"browse links. The platform enforces a referrer policy to avoid this "
+"behavior. ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:188
+msgid "X-Content-Type-Options"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:189
+msgid ""
+"To avoid automatic MIME type detection by the browser when setting the "
+"Content-Type for specific output, the following header is used: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:195
+msgid "Cache-Control"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:196
+msgid ""
+"To prevent or limit forensic traces left on devices used by "
+"whistleblowers and in devices involved in communication with the "
+"platform, as specified in section ``3. Storing Responses in Caches`` of "
+"`RFC 7234 <https://tools.ietf.org/html/rfc7234>`__, the platform uses the"
+" ``Cache-Control`` HTTP header with the configuration ``no-store`` to "
+"instruct clients and possible network proxies to disable any form of data"
+" caching. ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:202
+msgid "Crawlers Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:203
+msgid ""
+"For security reasons, the backend instructs crawlers to avoid caching and"
+" indexing of the application and uses the ``robots.txt`` file to allow "
+"crawling only of the home page. Indexing the home page is considered best"
+" practice to promote the platform's existence and facilitate access for "
+"potential whistleblowers."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:205
+msgid "The implemented configuration is as follows: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:212
+msgid ""
+"The platform also instructs crawlers to avoid caching by injecting the "
+"following HTTP header: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:217
+msgid ""
+"For highly sensitive projects where the platform is intended to remain "
+"``hidden`` and communicated to potential whistleblowers directly, it can "
+"be configured to disable indexing completely."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:219
+msgid "In such cases, the following HTTP header is used: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:225
+msgid "Anchor tags and external urls"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:226
+msgid ""
+"The client opens external URLs in a new tab, independent of the "
+"application context, by setting ``rel='noreferrer'`` and "
+"``target='_blank'``` on every anchor tag. ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:232
+msgid "Input validation"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:233
+msgid ""
+"The application implements strict input validation both on the backend "
+"and on the client."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:236
+msgid "On the backend"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:237
+msgid ""
+"Each client request is strictly validated by the backend against a set of"
+" regular expressions, and only requests matching the expressions are "
+"processed."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:239
+msgid ""
+"Additionally, a set of rules is applied to each request type to limit "
+"potential attacks. For example, any request is limited to a payload of "
+"1MB."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:242
+msgid "On the client"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:243
+msgid ""
+"Each server output is strictly validated by the client at rendering time "
+"using the Angular component `ngSanitize.$sanitize "
+"<http://docs.angularjs.org/api/ngSanitize.$sanitize>`__."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:246
+msgid "Form autocomplete off"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:247
+msgid ""
+"Forms implemented by the platform use the HTML5 form attribute to "
+"instruct the browser not to cache user data for form prediction and "
+"autocomplete on subsequent submissions."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:249
+msgid ""
+"This is achieved by setting `autocomplete=\"off\" "
+"<https://www.w3.org/TR/html5/forms.html=autofilling-form-controls:-the-"
+"autocomplete-attribute>`__ on the relevant forms or attributes."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:252
+msgid "Network security"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:254
+msgid "Connection anonymity"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:255
+msgid ""
+"User anonymity is provided through the implementation of `Tor "
+"<https://www.torproject.org/>`__ technology. The application implements "
+"an ``Onion Service v3`` and advises users to use the Tor Browser when "
+"accessing it."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:258
+msgid "Connection encryption"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:259
+msgid ""
+"User connections are always encrypted, either through the `Tor Protocol "
+"<https://www.torproject.org>`__ when using the Tor Browser or via `TLS "
+"<https://en.wikipedia.org/wiki/Transport_Layer_Security>`__ when accessed"
+" through a common browser."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:261
+msgid ""
+"Using ``Tor`` is recommended over HTTPS due to its advanced resistance to"
+" selective interception and censorship, making it difficult for a third "
+"party to capture or block access to the site for specific whistleblowers "
+"or departments."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:263
+msgid ""
+"The software also facilitates easy setup of ``HTTPS``, offering both "
+"automatic setup via `Let's Encrypt <https://letsencrypt.org/>`__ and "
+"manual configuration."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:265
+msgid ""
+"TLS certificates are generated using `NIST Curve P-384 "
+"<https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf>`__."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:267
+msgid ""
+"The configuration enables only ``TLS1.2+`` and is fine-tuned and hardened"
+" to achieve `SSLLabs grade A+ "
+"<https://www.ssllabs.com/ssltest/analyze.html?d=try.globaleaks.org>`__."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:269
+msgid "In particular, only the following ciphers are enabled: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:283
+msgid "Network sandboxing"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:284
+msgid ""
+"The GlobaLeaks backend integrates `iptables "
+"<https://www.netfilter.org/>`__ by default and implements strict firewall"
+" rules that restrict incoming network connections to HTTP and HTTPS on "
+"ports 80 and 443."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:286
+msgid ""
+"Additionally, the application allows anonymizing outgoing connections, "
+"which can be configured to route through Tor."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:289
+msgid "Data encryption"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:290
+msgid ""
+"Submission data, file attachments, messages, and metadata exchanged "
+"between whistleblowers and recipients are encrypted using the GlobaLeaks "
+":doc:`EncryptionProtocol`."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:292
+msgid ""
+"GlobaLeaks also incorporates various other encryption components. The "
+"main libraries and their uses are:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:294
+msgid ""
+"`Python-NaCL <https://github.com/pyca/pynacl>`__: used for implementing "
+"data encryption"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:295
+msgid ""
+"`PyOpenSSL <https://github.com/pyca/pyopenssl>`__: used for implementing "
+"HTTPS"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:296
+msgid ""
+"`Python-Cryptography <https://cryptography.io>`__: used for implementing "
+"authentication"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:297
+msgid ""
+"`Python-GnuPG <http://pythonhosted.org/python-gnupg/index.html>`__: used "
+"for encrypting email notifications and file downloads via ```PGP```"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:300
+msgid "Application sandboxing"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:301
+msgid ""
+"The GlobaLeaks backend integrates `AppArmor <https://apparmor.net/>`__ by"
+" default and implements a strict sandboxing profile, allowing the "
+"application to access only the strictly required files. Additionally, the"
+" application runs under a dedicated user and group \"globaleaks\" with "
+"reduced privileges."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:304
+msgid "Database security"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:305
+msgid ""
+"The GlobaLeaks backend uses a hardened local SQLite database accessed via"
+" SQLAlchemy ORM."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:307
+msgid ""
+"This design choice ensures the application can fully control its "
+"configuration while implementing extensive security measures in adherence"
+" to the `security recommendations by SQLite "
+"<https://sqlite.org/security.html>`__."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:310
+msgid "Secure deletion"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:311
+msgid ""
+"The GlobaLeaks backend enables SQLite’s secure deletion capability, which"
+" automatically overwrites the database data upon each delete query: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:317
+msgid "Auto vacuum"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:318
+msgid ""
+"The platform enables SQLite’s auto vacuum capability for automatic "
+"cleanup of deleted entries and recall of unused pages: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:324
+msgid "Limited database trust"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:325
+msgid ""
+"The GlobaLeaks backend uses the SQLite `trusted_schema "
+"<https://www.sqlite.org/src/doc/latest/doc/trusted-schema.md>`__ pragma "
+"to limit trust in the database, mitigating risks of malicious corruption."
+" ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:331
+msgid "Limited database functionalities"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:332
+msgid ""
+"The GlobaLeaks backend restricts SQLite functionalities to only those "
+"necessary for running the application, reducing the potential for "
+"exploitation in case of SQL injection attacks."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:334
+msgid ""
+"This is implemented using the ```conn.set_authorizer``` API and a strict "
+"authorizer callback that authorizes only a limited set of SQL "
+"instructions: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:345
+msgid "DoS resiliency"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:346
+msgid ""
+"To mitigate denial of service attacks, GlobaLeaks applies the following "
+"measures:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:348
+msgid ""
+"Implements a proof-of-work (hashcash) on each unauthenticated request to "
+"limit automation."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:349
+msgid "Applies rate limiting on authenticated sessions."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:350
+msgid ""
+"Limits the possibility of triggering CPU-intensive routines by external "
+"users (e.g., limits on query and job execution times)."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:351
+msgid ""
+"Monitors activity to detect and respond to attacks, implementing "
+"proactive security measures to prevent DoS (e.g., slowing down fast "
+"operations)."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:354
+msgid "Proof of work on users' sessions"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:355
+msgid ""
+"The system implements an automatic `Proof of Work "
+"<https://en.wikipedia.org/wiki/Proof_of_work>`__ based on the hashcash "
+"algorithm for every user session, requiring clients to request a token "
+"and continuously solve a computational problem to acquire and renew the "
+"session."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:358
+msgid "Rate limit on users' sessions"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:359
+msgid ""
+"The system implements rate limiting on user sessions, preventing more "
+"than 5 requests per second and applying increasing delays on requests "
+"that exceed this threshold."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:362
+msgid "Rate limit on whistleblowers' reports and attachments"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:363
+msgid ""
+"The system applies rate limiting on whistleblower reports and "
+"attachments, preventing new submissions and file uploads if thresholds "
+"are exceeded."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:365
+msgid "Implemented thresholds are:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "Threshold Variable"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+#: ../../security/PenetrationTests.rst:1
+msgid "Goal"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "Default Threshold Setting"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "threshold_reports_per_hour"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "Limit the number of reports that can be filed per hour"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "20"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "threshold_reports_per_hour_per_ip"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid ""
+"Limit the number of reports that can be filed per hour by the same IP "
+"address"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "5"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "threshold_attachments_per_hour_per_ip"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid ""
+"Limit the number of attachments that can be uploaded per hour by the same"
+" IP address"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "120"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "threshold_attachments_per_hour_per_report"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "Limit the number of attachments that can be uploaded per hour on a report"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "30"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:375
+msgid ""
+"In case of necessity, threshold configurations can be adjusted using the "
+"`gl-admin` command as follows: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:381
+msgid "Other measures"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:383
+msgid "Browser history and forensic traces"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:384
+msgid ""
+"The entire application is designed to minimize or reduce the forensic "
+"traces left by whistleblowers on their devices while filing reports."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:386
+msgid ""
+"When accessed via the Tor Browser, the browser ensures that no persistent"
+" traces are left on the user's device."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:388
+msgid ""
+"To prevent or limit forensic traces in the browser history of users "
+"accessing the platform via a common browser, the application avoids "
+"changing the URI during whistleblower navigation. This prevents the "
+"browser from logging user activities and offers high plausible "
+"deniability, making the whistleblower appear as a simple visitor to the "
+"homepage and avoiding evidence of any submission."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:391
+msgid "Secure file management"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:393
+msgid "Secure file download"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:394
+msgid ""
+"Any attachment uploaded by anonymous whistleblowers might contain "
+"malware, either intentionally or not. It is highly recommended, if "
+"possible, to download files and access them on an air-gapped machine "
+"disconnected from the network and other sensitive devices. To facilitate "
+"safe file downloads and transfers using a USB stick, the application "
+"provides the option to export reports, enabling the download of a ZIP "
+"archive containing all report content. This reduces the risk of executing"
+" files during the transfer process."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:397
+msgid "Safe file opening"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:398
+msgid ""
+"For scenarios where the whistleblower's trustworthiness has been "
+"validated or in projects with a low-risk threat model, the application "
+"offers an integrated file viewer. This viewer, leveraging modern browser "
+"sandboxing capabilities, allows the safe opening of a limited set of file"
+" types considered more secure than accessing files directly through the "
+"operating system. This feature is disabled by default. Administrators "
+"should enable it only after thorough evaluation and ensure that "
+"recipients' browsers are kept up-to-date."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:400
+msgid "The supported file formats are:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:402
+msgid "AUDIO"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:403
+msgid "CSV"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:404
+msgid "IMAGE"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:405
+msgid "PDF"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:406
+msgid "VIDEO"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:407
+msgid "TXT"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:409
+#: ../../security/ApplicationSecurity.rst:419
+msgid "The default configuration has this feature disabled."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:412
+msgid "PGP encryption"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:413
+msgid "The system offers an optional PGP encryption feature."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:415
+msgid ""
+"When enabled, users can activate a personal PGP key that will be used by "
+"the system to encrypt email notifications and files on-the-fly."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:417
+msgid ""
+"This feature is recommended for high-risk threat models, especially when "
+"used in conjunction with air-gapped systems for report visualization."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:422
+msgid "Encryption of temporary files"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:423
+msgid ""
+"Files uploaded and temporarily stored on disk during the upload process "
+"are encrypted with a temporary, symmetric AES key to prevent any "
+"unencrypted data from being written to disk. Encryption is performed in "
+"streaming mode using `AES 128-bit` in `CTR mode`. Key files are stored in"
+" memory and are unique for each file being uploaded."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:426
+msgid "Secure file delete"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:427
+msgid ""
+"Every file deleted by the application is overwritten before the file "
+"space is released on disk."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:429
+msgid ""
+"The overwrite routine is executed by a periodic scheduler and follows "
+"these steps:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:431
+msgid "A first overwrite writes 0 across the entire file;"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:432
+msgid "A second overwrite writes 1 across the entire file;"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:433
+msgid "A third overwrite writes random bytes across the entire file."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:436
+msgid "Exception logging and redaction"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:437
+msgid ""
+"To quickly diagnose potential software issues when client exceptions "
+"occur, they are automatically reported to the backend. The backend "
+"temporarily caches these exceptions and sends them to the backend "
+"administrator via email."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:439
+msgid ""
+"To prevent inadvertent information leaks, logs are processed through "
+"filters that redact email addresses and UUIDs."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:442
+msgid "Entropy sources"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:443
+msgid "The primary source of entropy for the platform is `/dev/urandom`."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:446
+msgid "UUIDv4 randomness"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:447
+msgid ""
+"System resources like submissions and files are identified by UUIDv4 to "
+"make them unguessable by external users and limit potential attacks."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:450
+msgid "TLS for smtp notification"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:451
+msgid ""
+"All notifications are sent through an SMTP channel encrypted with TLS, "
+"using either SMTP/TLS or SMTPS, depending on the configuration."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:2
+msgid "Encryption protocol"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:3
+msgid ""
+"GlobaLeaks implements an encryption protocol specifically designed for "
+"anonymous whistleblowing applications."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:5
+msgid ""
+"The protocol has been developed and validated in collaboration with the "
+"`Open Technology Fund <https://www.opentech.fund/results/supported-"
+"projects/globaleaks/>`_ and represents a trade-off between security and "
+"usability. It is designed to be user-friendly for whistleblowers while "
+"providing reasonable protection against attackers attempting to breach "
+"the backend and perform brute-force decryption."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:7
+msgid ""
+"Encryption is applied to each submission, protecting answers to "
+"questionnaires, comments, attachments, and associated metadata. The "
+"encryption keys are assigned per user and per report, ensuring that only "
+"whistleblowers and their intended recipients can access the reports. This"
+" means that if users forget their passwords, they will lose access to the"
+" data in their accounts."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:9
+msgid ""
+"To enable users to recover their accounts in case they forget their "
+"passwords, the system includes a `Key Recovery`_ mechanism and provides "
+"each user with an Account Recovery Key. This measure ensures that users "
+"with their own Account Recovery Key can always restore access to their "
+"account and the data it contains."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:11
+msgid ""
+"To prevent data loss in case users lose both their password and their "
+"account recovery key, the system can be configured to use a `Key Escrow`_"
+" mechanism. This delegates the responsibility of supporting users in "
+"recovering access to their accounts to administrators. This capability "
+"enhances the project's resilience against data loss due to users' death "
+"or conflicts of interest within the recipient team. However, it also "
+"means that administrators with access to escrow keys could potentially "
+"access other users' accounts and data. Project owners should carefully "
+"decide whether to enable this feature based on the project's threat model"
+" and document their decision in the project's privacy policies."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:14
+msgid "Encryption's workflow"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:15
+msgid ""
+"Users choose a secure personal password during their first login using an"
+" account activation link."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:16
+msgid ""
+"The system creates a personal asymmetric keypair for each user and stores"
+" the private key symmetrically encrypted with a secret derived from the "
+"user's password."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:17
+msgid ""
+"Each user's private key is protected by the Key Recovery mechanism and, "
+"if enabled, by the Key Escrow mechanism."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:18
+msgid "The whistleblower files a report."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:19
+msgid "The system assigns a unique 16-digit receipt number to the whistleblower."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:20
+msgid ""
+"The system generates an asymmetric keypair for the whistleblower and "
+"stores the private key symmetrically encrypted with a secret derived from"
+" the whistleblower’s receipt number."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:21
+msgid ""
+"The system generates an asymmetric keypair for encrypting the report, "
+"attachments, comments, and associated metadata, and stores a copy of the "
+"private key encrypted for each involved user using their own public key."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:22
+msgid ""
+"The system encrypts the report, attachments, comments, and metadata with "
+"the public key generated for the report."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:23
+msgid ""
+"The system grants each involved user access to their reports and "
+"facilitates communication by automatically locking and unlocking the "
+"involved keys when a report is accessed or new communication is made."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:26
+msgid "Encryption's details"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:28
+msgid "Algorithms"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Type"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Implementation"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Asymmetric encryption"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid ""
+"`Libsodium SealedBoxes "
+"<https://pynacl.readthedocs.io/en/stable/public/#nacl.public.SealedBox>`_,"
+" which combines Curve25519, XSalsa20, and Poly1305 algorithms."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Symmetric encryption"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid ""
+"`Libsodium SecretBoxes "
+"<https://pynacl.readthedocs.io/en/stable/secret/#nacl.secret.SecretBox>`_,"
+" which combines XSalsa20 and Poly1305."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:36
+msgid "Users’ credentials"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:37
+msgid "The system uses two types of credentials depending on the user role:"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Credentials type"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "User role"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Passwords"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Used for authenticating users identified by a username"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Receipts"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "16-digit random secrets used for authenticating anonymous whistleblowers"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:45
+msgid "Assumptions:"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:47
+msgid "The system enforces strong password complexity."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:48
+msgid ""
+"The system enforces expiration of receipts according to a strict data "
+"retention policy that limits the number of concurrent active receipts."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:51
+msgid "Users’ keys"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Generation"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Storage"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "ECC Curve25519 keypair"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid ""
+"Generated by the backend during first user login for authenticated users "
+"and upon submission for whistleblowers"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid ""
+"Keys are stored on the backend encrypted using symmetric encryption. The "
+"symmetric key used for encrypting users’ keys is derived from the users’ "
+"credentials using the KDF function `Argon2ID <https://password-"
+"hashing.net/argon2-specs.pdf>`_. The parameters for Argon2ID used for KDF"
+" are stronger than those used for user authentication, with the hash "
+"stored. The parameters are selected to require 128MB of memory per login "
+"and 1 second of computation."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:58
+msgid "Data encryption's keys"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "256-bit keys"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Generated by the backend for each report"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid ""
+"Keys are stored on the backend filesystem encrypted using asymmetric "
+"encryption with Users’ and Whistleblower’s keys, respectively."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:65
+msgid "Key generation"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:66
+msgid ""
+"Users' encryption keys are automatically generated during the first login"
+" and secured using the user passphrase. This straightforward but "
+"effective key generation policy requires users to complete their first "
+"login before being able to receive reports."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:69
+msgid "Key recovery"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:70
+msgid ""
+"The system implements a key recovery mechanism using a recovery key and "
+"symmetric encryption."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:72
+msgid ""
+"When a user key is generated, the private key is symmetrically encrypted "
+"with a randomly generated recovery key."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:74
+msgid ""
+"For usability reasons, this recovery key is also securely encrypted and "
+"stored on the backend, allowing logged-in users who possess their "
+"password to retrieve and print their own account recovery key."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:77
+msgid "Key escrow"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:78
+msgid ""
+"The system offers an optional key escrow mechanism to mitigate data loss "
+"in the event of users losing their passwords."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:80
+msgid ""
+"Key escrow can be enabled during the initial application setup or in the "
+"advanced settings of the software."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:82
+msgid ""
+"We recommend enabling this option to protect whistleblowers' submissions "
+"in cases where recipients lose their passwords. However, if you want to "
+"set up a system where only recipients can access submissions, we advise "
+"against using this feature."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:84
+msgid ""
+"When enabled, the system generates and assigns an escrow key to the "
+"administrator who activated the feature. This key is then used to encrypt"
+" every system key, with a copy preserved that any administrator with the "
+"escrow key can unlock."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:86
+msgid ""
+"Administrators with access to the escrow key can assist internal users "
+"with password recovery and issue password resets. They can also grant "
+"this privilege to other administrators or disable the feature entirely."
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:3
+msgid "Security audits"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:5
+msgid ""
+"GlobaLeaks undergoes independent security audits periodically to verify "
+"and enhance the security of the system. This page lists the most "
+"significant reports available."
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:7
+msgid ""
+"We aim to have audits conducted at least every two years, thanks to "
+"funding opportunities. Each adopter is encouraged to contribute by "
+"funding a general or topic-specific audit based on their capabilities. "
+"This helps ensure that every algorithm, component, and methodology "
+"applied within the project is thoroughly verified."
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:9
+msgid ""
+"If you have conducted or are considering sponsoring a security audit, "
+"please email us at `info@globaleaks.org <mailto:info@globaleaks.org>`_. "
+"This is especially important for general software security. When "
+"requesting a company to audit the software, always remember to ask if the"
+" report can be published afterward; many auditors may not agree to "
+"publish the report later, which has often led to wasted project "
+"resources."
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:11
+msgid ""
+"If you are an independent security auditor or, during your peer review of"
+" GlobaLeaks, you discover or suspect a vulnerability, please do not file "
+"a public issue. Instead, send your report privately through our "
+"`reporting form <https://github.com/globaleaks/whistleblowing-"
+"software/security/advisories/new>`_ or via email to "
+"`security@globaleaks.org <mailto:security@globaleaks.org>`_."
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1 ../../user/admin/UserInterface.rst:135
+msgid "Date"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Auditor"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "2013"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`iSecPartners <https://www.isecpartners.com>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Architecture Audit"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`Report <https://www.globaleaks.org/docs/en/pt/2013-isec.pdf>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`Cure53 <https://cure53.de/>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Web Security Audit"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`Report <https://www.globaleaks.org/docs/en/pt/2013-cure53.pdf>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "2014"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`LeastAuthority <https://leastauthority.com/>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Source Code Audit"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`Report <https://www.globaleaks.org/docs/en/pt/2014-leastauthority.pdf>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "2018"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`SubGraph <https://subgraph.com/>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Overall Audit"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`Report <https://www.globaleaks.org/docs/en/pt/2018-subgraph.pdf>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "2019"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`RadicallyOpenSecurity <https://radicallyopensecurity.com/>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Crypto Audit, Multi-tenancy Audit, Overall Audit"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid ""
+"`Report "
+"<https://www.globaleaks.org/docs/en/pt/2019-radicallyopensecurity.pdf>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "2022"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid ""
+"Server Source Code Audit, Client Pentest, OpSec for Whistleblowers, OpSec"
+" for Server Administrators"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid ""
+"`Report "
+"<https://www.globaleaks.org/docs/en/pt/2022-radicallyopensecurity.pdf>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "2024"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`ISGroup <https://isgroup.it/>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Surface Analysis and Network Penetration Test"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`Report <https://www.globaleaks.org/docs/en/pt/2024-isgroup.pdf>`_"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:3
+msgid "Threat model"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:4
+msgid ""
+"GlobaLeaks is a free and open-source whistleblowing software designed for"
+" various usage scenarios, each requiring a balance between strong "
+"security and high usability. These two requirements are crucial for "
+"managing whistleblowing procedures effectively, protecting "
+"whistleblowers, and achieving specific project goals. Given the variety "
+"of use cases and associated risks, the software can be configured to "
+"address the specific threat model detailed here."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:6
+msgid ""
+"This document is intended for organizations implementing a whistleblowing"
+" procedure using GlobaLeaks. It supports the analysis and understanding "
+"of the specific threat model relevant to their context and risks and "
+"guides users in selecting best practices for their project."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:9
+msgid "Users matrix"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:10
+msgid ""
+"The first step is to define the types of users interacting with a "
+"GlobaLeaks platform."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "User"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Definition"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"The user who submits an anonymous report through the platform. "
+"Whistleblowers may operate under various threat models depending on the "
+"usage scenario and the nature of the information submitted."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"The user who receives and analyzes anonymous reports from Whistleblowers."
+" Recipients act in good faith and are considered trusted parties "
+"concerning the protection of Whistleblowers' confidentiality."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"Users responsible for setting up, managing, and monitoring the platform's"
+" security. Administrators may not be the same entities running or "
+"managing the whistleblowing initiatives (e.g., hosted solutions, multiple"
+" stakeholder projects). Administrators are trusted entities but do not "
+"have direct access to reports and advise Recipients on best practices."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:19
+msgid ""
+"It is crucial to apply security measures relative to the users of the "
+"platform, aiming to achieve an appropriate tradeoff between security and "
+"usability."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:22
+msgid "Anonymity matrix"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:23
+msgid ""
+"The anonymity of users must be classified depending on the context of "
+"use, as follows:"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Anonymous"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"The user accesses the platform via the Tor Browser and follows best "
+"practices to protect their identity, minimizing the risk of tracking by "
+"any system involved in the operation. The user has not disclosed their "
+"identity to Recipients."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Confidential"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"The user accesses the platform via a common browser. While third parties "
+"might log their IP address, the platform protects the content of their "
+"communication. The user may choose to disclose their identity to "
+"Recipients confidentially."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:31
+msgid ""
+"The platform always informs users of their current anonymity status and "
+"provides guidance on best practices for anonymous access via the Tor "
+"Browser. Administrators may enforce the requirement that Whistleblowers "
+"use the Tor Browser to file reports, depending on the use case."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:34
+msgid "Communication security matrix"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:35
+msgid ""
+"The security of communication concerning third-party monitoring varies "
+"based on the context of use."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Security level"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Description"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "High security"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"Tor is used, and communication is encrypted end-to-end with the "
+"GlobaLeaks platform, ensuring that no third party can eavesdrop on the "
+"communication."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Medium security"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"HTTPS is used, and communication is encrypted end-to-end with the "
+"GlobaLeaks platform. A third party capable of manipulating HTTPS security"
+" (e.g., re-issuing TLS certificates) could eavesdrop on the "
+"communication. If HTTPS security is maintained, monitoring the user's "
+"communication line or the GlobaLeaks platform's communication line is not"
+" feasible."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1 ../../security/ThreatModel.rst:44
+msgid "Identity disclosure matrix"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:45
+msgid ""
+"Regardless of the anonymity matrix, users may choose or be required to "
+"disclose their identity."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Undisclosed"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "The user's identity is not disclosed and is unlikely to be disclosed."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Optionally disclosed"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"The user's identity is not disclosed by default but may be voluntarily "
+"disclosed (e.g., an anonymous tip-off MAY receive a follow-up, whereas a "
+"formal report with disclosed identity MUST receive a follow-up)."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Disclosed"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "The user chooses or is required to disclose their identity to other users."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:54
+msgid ""
+"Identity disclosure is crucial because even in an Anonymous High security"
+" environment, disclosing one's identity may be a valuable option for "
+"specific whistleblowing workflows."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:56
+msgid ""
+"Users starting with an anonymity setting of “Anonymous” and an "
+"“Undisclosed Identity” can decide later to disclose their identity. "
+"Conversely, this cannot be undone. This consideration is key to ensuring "
+"user protection in GlobaLeaks."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:58
+msgid ""
+"Voluntary identity disclosure may be required in certain whistleblowing "
+"procedures because:"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:60
+msgid "A tip-off MAY receive a follow-up and can be anonymous;"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:61
+msgid "Formal reports MUST receive a follow-up and cannot be anonymous."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:63
+msgid ""
+"The distinction between “MAY” and “MUST” refers to the actions of "
+"recipients and is a fundamental element of the guarantees provided to "
+"whistleblowers in many initiatives (e.g., a corporate or institutional "
+"whistleblowing platform should not follow a MUST approach for anonymous "
+"submission follow-up, treating such submissions as tip-offs rather than "
+"formal reports)."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:66
+msgid "Usage scenarios matrix"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:67
+msgid ""
+"This section provides examples of how different anonymity levels for "
+"users can be combined depending on the context of use."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Use case"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Media outlet"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"A media outlet with a disclosed identity initiates a whistleblowing "
+"project. The outlet’s recipients are disclosed to Whistleblowers, "
+"allowing them to trust a specific journalist rather than the outlet "
+"itself. Full anonymity must be assured to whistleblowers, and their "
+"identity cannot be disclosed in connection with anonymous submissions. "
+"Whistleblowers MAY choose to disclose their identity if they trust the "
+"journalist's source-protection record."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Corporate compliance"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"A corporation implements transparency or anti-bribery law compliance by "
+"promoting initiatives to employees, consultants, and providers. "
+"Recipients are part of a company division (e.g., Internal Audit office). "
+"Whistleblowers are guaranteed full anonymity but may optionally disclose "
+"their identity."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Human Rights Activism Initiative"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"A human rights group initiates a whistleblowing project to expose "
+"violations in a dangerous area. The organization requires anonymity to "
+"avoid retaliation and operates under a pseudonym. Recipients MUST not be "
+"disclosed to Whistleblowers, but partial disclosure by pseudonym is "
+"acceptable to establish trust. The Whistleblower MUST be guaranteed "
+"anonymity and their identity cannot be disclosed."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Citizen media initiative"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"A citizen media initiative with a public identity seeks reports on "
+"specific topics (e.g., political, environmental malpractice, corruption) "
+"in a medium-low risk operational context. Recipients may use pseudonyms "
+"or remain public to avoid complete exposure. Whistleblowers, if the topic"
+" is not life-threatening, may submit reports confidentially to lower the "
+"entry barrier."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:77
+msgid ""
+"The following matrix illustrates how different usage scenarios can "
+"require various anonymity levels, communication security requirements, "
+"and identity disclosures for different users."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:79
+msgid ""
+"GlobaLeaks will provide appropriate security awareness information "
+"through its user interface and enforce specific requirements based on "
+"clear configuration guidelines."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Scenario"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Anonymity level"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Identity disclosure"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Communication security"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "No anonymity"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Admin"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Partially disclosed"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:98
+msgid "Data security matrix"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:99
+msgid ""
+"This section highlights the data handled by GlobaLeaks and the protection"
+" schemes applied to it."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:101
+msgid "The following information types are involved in GlobaLeaks:"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Information type"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Questionnaire answers"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"Data associated with a submission, including the filled forms and options"
+" selected by the Whistleblower."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Submission attachments"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Files associated with a submission."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Platform configuration"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Data for configuring and customizing the platform."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Software files"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"All files required for the software to function, including default "
+"configurations."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Email notifications"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Data sent to notify recipients of new reports via email."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:112
+msgid "Below is a matrix showing the different security measures applied to data."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Encryption"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Filters"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Sanitization"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Encrypted in the database with per-user/per-submission keys"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Keyword filters"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Antispam, Anti-XSS"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Encrypted on the filesystem with per-user/per-submission keys"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Extension blocking, Antivirus"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "N/A"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Encrypted with PGP when recipient keys are available"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Antispam to prevent flooding"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:122
+msgid "Threats to anonymity and confidentiality"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:123
+msgid ""
+"This section highlights various threats that require specific "
+"consideration."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:126
+msgid "Browser history and cache"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:127
+msgid ""
+"GlobaLeaks uses crafted HTTP headers and other techniques to minimize "
+"leaking information into a user’s browser history or cache. While this "
+"privacy feature enhances safety, it cannot guarantee protection against "
+"forensic analysis of browser cache and history but serves as an "
+"additional safety measure."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:130
+msgid "Metadata"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:131
+msgid ""
+"Files may contain metadata related to the author or whistleblower. "
+"Cleaning metadata from submitted files helps protect an \"unaware\" "
+"whistleblower from inadvertently including information that may "
+"compromise their anonymity. GlobaLeaks does not automatically clean "
+"metadata by default, as metadata is considered a fundamental part of the "
+"original evidence that should be preserved. Metadata cleanup is an "
+"optional step that may be suggested to Whistleblowers or performed by "
+"Recipients when sharing documents with others. When sharing files with "
+"external parties, Recipients are advised to print the document and "
+"provide a hard copy to ensure that only visible information is shared, "
+"avoiding the risk of sharing sensitive metadata. For more on metadata and"
+" redacting digital files, see the article `Everything you wanted to know "
+"about media metadata, but were afraid to ask "
+"<https://freedom.press/training/everything-you-wanted-know-about-media-"
+"metadata-were-afraid-ask/>`_ by Harlo Holmes. A useful tool for these "
+"procedures is the `Metadata Anonymization Toolkit "
+"<https://0xacab.org/jvoisin/mat2>`_."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:134
+msgid "Malware and trojans"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:135
+msgid ""
+"GlobaLeaks cannot prevent an attacker from using the platform maliciously"
+" to target recipients with malware or trojans. To mitigate risks of data "
+"exfiltration through trojans, Recipients should implement proper "
+"operational security by using dedicated laptops for report viewing and "
+"opening file attachments on offline computers. Wherever possible, they "
+"should use specialized secure operating systems like `QubesOS "
+"<https://www.qubes-os.org/>`_ or `Tails <https://tails.boum.org/>`_ and "
+"ensure up-to-date antivirus software is running."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:138
+msgid "Network and reverse proxies"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:139
+msgid ""
+"GlobaLeaks is designed for use with direct Tor or TLS connections from "
+"the user’s browser to the application backend. The use of Network and "
+"Reverse Proxies in front of the application is discouraged as they can "
+"interfere with the application and compromise confidentiality and "
+"anonymity measures implemented in GlobaLeaks."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:142
+msgid "Data stored outside the platform"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:143
+msgid ""
+"GlobaLeaks does not provide security for data stored outside the "
+"GlobaLeaks system. It is the responsibility of Recipients to protect data"
+" downloaded from the platform or shared via external USB drives. The "
+"operating system used or the USB drive should offer encryption to ensure "
+"that, in case of device loss or theft, the data remains inaccessible."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:146
+msgid "Environmental factors"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:147
+msgid ""
+"GlobaLeaks does not protect against environmental factors related to "
+"users' physical locations or social relationships. For example, if a user"
+" has a surveillance device in their home, GlobaLeaks cannot provide "
+"protection. Similarly, if a whistleblower, who is supposed to be "
+"anonymous, shares their story with friends or coworkers, GlobaLeaks "
+"cannot offer protection."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:150
+msgid "Incorrect data retention policies"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:151
+msgid ""
+"GlobaLeaks implements a strict default data retention policy of 90 days "
+"to allow users to manage reports within a limited time frame necessary "
+"for investigations. If the platform is configured to retain reports for "
+"an extended period and Recipients do not manually delete unnecessary "
+"reports, the value of the data increases, along with the risk of "
+"exposure."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:154
+msgid "Human negligence"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:155
+msgid ""
+"While GlobaLeaks provides Administrators with the ability to fine-tune "
+"security configurations and continuously informs users about their "
+"security context, it cannot protect against major security threats "
+"resulting from human negligence. For instance, if a Whistleblower submits"
+" data that can identify them as the unique owner or recent viewer, "
+"GlobaLeaks cannot protect their identity."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:158
+msgid "Advanced traffic analysis"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:159
+msgid ""
+"An attacker monitoring HTTPS traffic, without the ability to decrypt it, "
+"can still identify user roles based on different network traffic patterns"
+" generated by Whistleblowers, Recipients, and Administrators. GlobaLeaks "
+"does not offer protection against this type of threat. We recommend using"
+" `Tor pluggable transports <https://2019.www.torproject.org/docs"
+"/pluggable-transports.html.en>`_ or other methods that provide additional"
+" protection against such attacks."
+msgstr ""
+
+#: ../../security/index.rst:2
+msgid "Security"
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:2
+msgid "Installation guide"
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:3
+msgid "The following guide will help you through the installation of GlobaLeaks."
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:5
+msgid ""
+"Before starting the installation, ensure that your system meets the "
+":doc:`Requirements </gettingstarted/Requirements>`."
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:8
+msgid ""
+"GlobaLeaks is designed to provide optimal technical anonymity for "
+"whistleblowers. Additionally, the software can be configured to protect "
+"the identity of the platform administrator and the server's location, but"
+" this requires advanced setup procedures not covered in this simplified "
+"installation guide. By executing the commands below, your IP address and "
+"system location could be tracked by network providers, and our systems "
+"will receive the same information to facilitate software provisioning."
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:12
+msgid "**Install GlobaLeaks**"
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:14
+msgid "To install GlobaLeaks, run the following commands:"
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:22
+msgid ""
+"You may also install GlobaLeaks using Docker. Check out the `docker` "
+"directory in our GitHub repository for instructions."
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:24
+msgid ""
+"After installation, follow the instructions provided to guide you through"
+" accessing the :doc:`Platform wizard </setup/PlatformWizard>`."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:2
+msgid "Platform wizard"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:3
+msgid "After installing GlobaLeaks, you can proceed with the platform wizard."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:5
+msgid ""
+"Open a browser at port 443 or port 8443 on your remote or local IP, "
+"respectively."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:7
+msgid ""
+"We recommend performing the wizard either using the Tor address provided "
+"at the end of the setup or on localhost via a VPN."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:10
+msgid "Choose the primary language for your site"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:11
+msgid ""
+"On the first page of the wizard, you will be prompted to select the "
+"language for your site. The default choice is English, but many other "
+"languages are available, with more expected in the future."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:16
+msgid "Choose a name for your project"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:17
+msgid "In the second section of the wizard, configure the name of your project."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:22
+msgid "Configure the account for the administrator of your whistleblowing site"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:23
+msgid ""
+"In the third section of the wizard, configure the account details for the"
+" administrator of your project."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:25
+msgid ""
+"Be sure to choose a strong password to protect this sensitive account; an"
+" indication of the strength of the chosen password is provided to guide "
+"you."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:30
+msgid "Configure the account for the first recipient of reports"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:31
+msgid ""
+"In the fourth section of the wizard, configure the account details for "
+"the first recipient of reports sent to your project."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:36
+msgid "Read and accept the license"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:37
+msgid ""
+"In the fifth section of the wizard, you will be prompted to read and "
+"accept the GlobaLeaks License."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:42
+msgid "Complete the wizard"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:43
+msgid "The sixth section of the wizard confirms the completion of the setup."
+msgstr ""
+
+#: ../../user/Admin.rst:2
+msgid "For administrators"
+msgstr ""
+
+#: ../../user/Common.rst:2
+msgid "Common to all users"
+msgstr ""
+
+#: ../../user/Common.rst:4
+msgid "Login"
+msgstr ""
+
+#: ../../user/Common.rst:5
+msgid "Users could login by accessing the ``/#/login`` page."
+msgstr ""
+
+#: ../../user/Common.rst:10
+msgid "Access the user preferences"
+msgstr ""
+
+#: ../../user/Common.rst:11
+msgid ""
+"After login Users could access their preferences by clicking the "
+"``Preferences`` link present in the login status bar."
+msgstr ""
+
+#: ../../user/Common.rst:16
+msgid "Change your password"
+msgstr ""
+
+#: ../../user/Common.rst:17
+msgid ""
+"Users could change their own password by accessing the ``Password`` tab "
+"present in the ``Preferences`` page."
+msgstr ""
+
+#: ../../user/Common.rst:22
+msgid "Reset your password"
+msgstr ""
+
+#: ../../user/Common.rst:23
+msgid ""
+"Users could requests a password reset via the ``/#/login`` page by "
+"clicking the ``Forgot password?`` button."
+msgstr ""
+
+#: ../../user/Common.rst:25
+msgid ""
+"After clicking the button users are requested to type their own username "
+"or email address."
+msgstr ""
+
+#: ../../user/Common.rst:34
+msgid "Enable two-factor-authentication (2fa)"
+msgstr ""
+
+#: ../../user/Common.rst:35
+msgid ""
+"Users could enable Two-Factor-Authentication by clicking the ``Enable two"
+" factor authentication`` option inside the ``Preferences`` page."
+msgstr ""
+
+#: ../../user/Common.rst:37
+msgid ""
+"To enable the feature the user requires to have a phone with installed a "
+"common ``Authenticator APP`` implementing the TOTP standard as by `RFC "
+"6238 <https://tools.ietf.org/html/rfc6238>`_"
+msgstr ""
+
+#: ../../user/Common.rst:42
+msgid "Access and save your account recovery key"
+msgstr ""
+
+#: ../../user/Common.rst:43
+msgid ""
+"Users could access their own Account Recovery key by clicking the "
+"``Account Recovery Key`` button present in the ``Preferences`` page."
+msgstr ""
+
+#: ../../user/Common.rst:45
+msgid ""
+"This is a fundamental step that any user should do at their first login "
+"after activating their own account in order to backup their own account "
+"recovery key and get sure to not incur in data loss due to password loss."
+msgstr ""
+
+#: ../../user/Recipient.rst:2
+msgid "For recipients"
+msgstr ""
+
+#: ../../user/Recipient.rst:5
+msgid "Access the list of the existing reports"
+msgstr ""
+
+#: ../../user/Recipient.rst:6
+msgid ""
+"The lists of the existing reports can be accessed via the link "
+"``Reports`` on the sidebar of the Recipient's Homepage."
+msgstr ""
+
+#: ../../user/Recipient.rst:13
+msgid "Access a report"
+msgstr ""
+
+#: ../../user/Recipient.rst:14
+msgid "A report can be accessed in two ways:"
+msgstr ""
+
+#: ../../user/Recipient.rst:16
+msgid "By clicking on it like on a mailbox system from the ``Reports`` page"
+msgstr ""
+
+#: ../../user/Recipient.rst:17
+msgid ""
+"By clicking on the link received on a mail notification and entering own "
+"credentials"
+msgstr ""
+
+#: ../../user/Whistleblower.rst:2
+msgid "For whistleblowers"
+msgstr ""
+
+#: ../../user/Whistleblower.rst:5
+msgid "File a new report"
+msgstr ""
+
+#: ../../user/Whistleblower.rst:6
+msgid ""
+"A new report can be filed by accessing the homepage of the platform and "
+"clicking the ``File a report`` button."
+msgstr ""
+
+#: ../../user/Whistleblower.rst:12
+msgid ""
+"After filing a new report the systems provides to the user a 16-digit "
+"receipt."
+msgstr ""
+
+#: ../../user/Whistleblower.rst:17
+msgid "Access an existing report"
+msgstr ""
+
+#: ../../user/Whistleblower.rst:18
+msgid ""
+"An existing report can be accessed by entering the 16-digit receipt "
+"obtained at the end of the submission on the login interface present on "
+"the home page of the platform."
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:2
+msgid "Backup and restore"
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:4
+msgid "To perform a manual backup, you can use the following bash script:"
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:21
+msgid ""
+"After running the script, you will find a `tar.gz` archive in "
+"`/var/globaleaks/backups`. The file will be named in the format: "
+"`globaleaks-$version-$timestamp.tar.gz`."
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:23
+msgid ""
+"GlobaLeaks automatically performs a backup during each platform update. "
+"These backups are retained under a data retention policy and are deleted "
+"15 days after the update."
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:25
+msgid "To restore an existing backup:"
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:27
+msgid ""
+"Ensure that GlobaLeaks is not running; you can stop it using: `service "
+"globaleaks stop`."
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:28
+msgid ""
+"Identify the version of GlobaLeaks required for the restoration, which is"
+" indicated in the backup filename."
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:29
+msgid ""
+"Extract the contents of the archive to `/var/globaleaks` using: `tar "
+"-zxvf backup.tar.gz`."
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:30
+msgid ""
+"Install the required version of GlobaLeaks with: `apt-get install "
+"globaleaks=<version>` (e.g., `globaleaks=3`)."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:2
+msgid "Common configurations"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:4
+msgid "Configure the logo"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:5
+msgid ""
+"The first thing you want to give to your whistleblowing site is a "
+"branding identity; this could be done by loading a logo in section Site "
+"settings / Main configuration."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:9
+msgid ""
+"Scroll down along the page to reach the \"Save\" button, click on it and "
+"have your logo and favicon applied."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:12
+msgid "Enable languages"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:13
+msgid "You may want your GlobaLeaks installation served on more than one language"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:15
+msgid ""
+"To do so, in the section \"Site settings / Languages\" select the "
+"languages you would like and add them."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:17
+msgid ""
+"Note that in the same interface you can mark the default application "
+"language."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:22
+msgid "Configure notification settings"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:23
+msgid ""
+"GlobaLeaks sends out notifications of different events to different "
+"receivers and to admins. In order to have this working, you have to "
+"select  \"Notification Settings\" in the \"Administration Interface - "
+"General Settings\" page and set up email account and related server "
+"parameters."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:25
+msgid ""
+"We suggest you to setup an email account dedicated to sending out "
+"notifications from your initiative."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:29
+msgid "Enter the followings:"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:31
+msgid ""
+"SMTP name: the name of your GlobaLeaks project or something that equally "
+"descriptive"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:32
+msgid "SMTP email address: the email address used to send notifications"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:33
+msgid ""
+"Username: the username corresponding to the just inserted \"SMTP email "
+"address\"; this is needed to authenticate to the SMTP server and send "
+"emails"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:34
+msgid "Password: Password of the above corresponding \"SMTP email address\""
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:35
+msgid ""
+"SMTP Server Address: it is the hostname of the SMTP server you are using "
+"to send notification emails"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:36
+msgid ""
+"SMTP Server Port: Port used to send outgoing emails. It is usually 465 or"
+" 587 (SMTP with TLS is at TCP port 587; SMTP with SSL is at 465)"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:37
+msgid ""
+"Transport Security: from the drop down menu select the opportune security"
+" level"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:39
+msgid ""
+"It is better to leave untouched the pre-defined settings pertaining the "
+"notification to admins and to recipients, but in the case you want to "
+"disable them, it is possible to check the corresponding checkboxes."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:41
+msgid ""
+"You can then set the value for the time at which the notification alert "
+"of expiring report; this value is set at 72hours to give time to the "
+"recipient(s) to check and manage the pending submissions."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:43
+msgid ""
+"It is possible to tweak the maximum number of emails allowed in an hour, "
+"before email wil be suspended in order to avoid flooding the system. It "
+"is advised to keep the pre-defined value, and eventually change it "
+"accordingly with mail server capabilities."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:45
+msgid ""
+"Once configured all the parameters for notifications, it is possible to "
+"test them by just clicking on the \"Test the configuration\" button."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:47
+msgid ""
+"If all is working as expected, click on the \"Save\" button to keep the "
+"configured parameters."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:50
+msgid "Configure recipients"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:51
+msgid ""
+"The Recipient is the person that will receive and process the data that "
+"whistleblowers input in the platform. You can have one or multiple "
+"Recipients per Context, and also have one Recipient that can access to "
+"multiple Contexts. The platform is very flexible on this and allows you "
+"to define in very detail your whistleblowing system and procedure."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:55
+msgid "Customize the graphic layout"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:57
+msgid "Example 1: Custom Background"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:58
+msgid ""
+"This CSS example shows how to customize the Background Color of the "
+"application."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:68
+msgid "Example 2: Custom Font"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:69
+msgid "This CSS example shows how to customize the font of the application."
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:2
+msgid "Troubleshooting"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:5
+msgid "Issues and bug reporting"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:7
+msgid "If you encounter any issues and are unable to run GlobaLeaks:"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:9
+msgid "Ensure you strictly follow the Installation Guide."
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:10
+msgid ""
+"Verify that you meet the Technical Requirements for hardware and "
+"operating system version."
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:11
+msgid ""
+"Search the support forum to see if a user has already encountered your "
+"issue: `GlobaLeaks Discussions "
+"<https://github.com/orgs/globaleaks/discussions>`_"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:12
+msgid ""
+"Report the issue on the official software issue tracker: `GlobaLeaks "
+"Issues <https://github.com/globaleaks/globaleaks-whistleblowing-software/issues>`_"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:15
+msgid "Useful debugging commands"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:17
+msgid ""
+"Depending on your setup, here are some common checks to determine if "
+"GlobaLeaks is working:"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:19
+msgid "Is the service running?"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:25
+msgid "Is the service responding on the loopback interface?"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:31
+msgid "Is the service listening on external interfaces?"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:37
+msgid "Are exceptions being generated?"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:45
+msgid "Log files"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:46
+msgid ""
+"Here are some useful logs and their corresponding files when GlobaLeaks "
+"is installed:"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:48
+msgid "**GlobaLeaks process:**"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:55
+msgid ""
+"The verbosity of the logs is configurable via the web interface of the "
+"software under Advanced Settings."
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:2
+msgid "Upgrade guide"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:4
+msgid "Regular update"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:5
+msgid ""
+"To safely upgrade a GlobaLeaks installation please proceed with a backup "
+"of your setup by following the :doc:`Backup and restore "
+"</user/admin/BackupAndRestore>` guide."
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:7
+msgid ""
+"This is necessary so that if something goes wrong and you need to "
+"rollback, you will be able to just uninstall the current package, then "
+"install the same version of globaleaks that was previously installed and "
+"working."
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:9
+msgid "In order to update GlobaLeaks perform the following commands:"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:16
+msgid "Upgrade of the distribution version"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:17
+msgid ""
+"For security and stability reasons it is recommended to not perform a "
+"distribution upgrade."
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:19
+msgid ""
+"GlobaLeaks could be instead easily migrated to a new up-to-date Debian "
+"system with the following recommended instructions:"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:21
+msgid "create an archive backup of /var/globaleaks"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:22
+msgid "instantiate the lates Debian available"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:23
+msgid "log on the new server and extract the backup in /var/globaleaks"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:24
+msgid ""
+"follow the :doc:`Installation Guide </setup/InstallationGuide>`; "
+"GlobaLeaks while installing will recognize the presence of an existing "
+"data directory and will use it"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:27
+msgid "In case of errors"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:28
+msgid ""
+"The above commands should allow you to perform regularly updates. On some"
+" conditions due to special updates it could be possible that those "
+"commands result in a failure. Consult this page for knowning specific "
+"FAQs on precise failures."
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:30
+msgid ""
+"In case you do not find any specific documented solution for your "
+"failure, you could run the GlobaLeaks install script. The installation "
+"script in fact is designed to allow the update of GlobaLeaks and it "
+"includes fixes for the most common issue."
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:33
+msgid ""
+"To run the install script for updating globaleaks perform the following "
+"commands:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:2
+msgid "User interface"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:3
+msgid ""
+"This section offers you a summary of the user interface offered to Admin "
+"users."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:7
+msgid "Through the menu you could access the following administrative sections:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:9 ../../user/admin/UserInterface.rst:28
+#: ../../user/admin/UserInterface.rst:33 ../../user/admin/UserInterface.rst:44
+msgid "Settings"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:11 ../../user/admin/UserInterface.rst:77
+msgid "Users"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:13 ../../user/admin/UserInterface.rst:99
+msgid "Questionnaires"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:15 ../../user/admin/UserInterface.rst:158
+msgid "Channels"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:17 ../../user/admin/UserInterface.rst:185
+msgid "Case management"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:21 ../../user/admin/UserInterface.rst:228
+msgid "Network"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:23 ../../user/admin/UserInterface.rst:279
+msgid "Sites"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:25 ../../user/admin/UserInterface.rst:309
+msgid "Audit log"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:29
+msgid ""
+"This is the section that offers you all the main customization "
+"possibilities necessary for implementing a basic and functional "
+"whistleblowing site."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:31
+msgid "This section is furtherly divided in:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:35 ../../user/admin/UserInterface.rst:50
+msgid "Files"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:37 ../../user/admin/UserInterface.rst:56
+msgid "Languages"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:39
+msgid "Text customization"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:41
+msgid "Advanced settings"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:45
+msgid ""
+"In this section is configurable the logo and all the texts of the main "
+"user interfaces."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:51
+msgid ""
+"In this section could be loaded CSS and Javascript and other files "
+"necessary to customize the interface."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:57
+msgid ""
+"In this section you could enable all the languages required by your "
+"project and configure the default language."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:60
+msgid ""
+"Thanks to the `Localization Lab <https://www.localizationlab.org/>`_ and "
+"our great volunteer community, the software is already available and "
+"continuously made available in a lot of languages. This aspect of "
+"internationalization is crucial in many projects. In case you are "
+"starting a project and the required languages are not available we "
+"strongly invite you to register on our `web translation platform "
+"<https://www.transifex.com/otf/globaleaks/>`_ offered by `Transifex "
+"<https://www.transifex.com/otf/globaleaks/>`_ and support yourself the "
+"translation. Internationalization and Localization is in fact are crucial"
+" for the success of a whistleblowing project. Thank you!"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:65
+msgid "Text Customization"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:66
+msgid ""
+"Here could be configured overrides for any of the texts of the platform "
+"and of their translation."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:71
+msgid "Advanced Settings"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:72
+msgid "In this section could be configured a set of advanced settings."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:78
+msgid ""
+"This sections is where users could be created and managed. The system "
+"with the basic configuration completed with the initial Platform wizard "
+"is configured with an Administrator and a Recipient."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:81
+msgid ""
+"Depending on your project needs here you could create users with "
+"different roles and manage their respective privileges."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:86
+msgid "User Roles"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:87
+msgid ""
+"The software offers the possibility to create users with the following "
+"roles:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:89
+msgid "Administrators"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:91
+msgid "Recipients"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:94
+msgid "User Options"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:100
+msgid ""
+"The softare implements a standard default questionnaire that is proposed "
+"as a good base for a generic whistleblowing procedure. This questinnaire "
+"is the current result of the research performed by the project team with "
+"the organizations that have adopted the solution and expecially with "
+"anticorruption and investigative journalism NGOs."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:102
+msgid ""
+"As every organization has different needs, risks and goals globaleaks has"
+" been designed considering to implement an advanced questionnaire builder"
+" offering the possibility to design custom questionnaires."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:104
+msgid ""
+"The following sections present the questionnaire builder and its "
+"capabilities."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:108
+msgid ""
+"Depending on your project needs you may evaluate defining some questions "
+"once as Question Templates and reuse the same question in multiple "
+"questionnaires."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:113
+msgid "Steps"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:114
+msgid ""
+"The software enables to organize questionnaire in one or multiple steps. "
+"For example the default questionnaire is organized with a single step "
+"including all the questions."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:118
+msgid "Questions Types"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:119
+msgid "The software enables you to create questions of the following types:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:121
+msgid "Single-line text input"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:123
+msgid "Multi-line text input"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:125
+msgid "Selection box"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:127
+msgid "Multiple choice input"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:129
+msgid "Checkbox"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:131
+msgid "Attachment"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:133
+msgid "Terms of service"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:137
+msgid "Date range"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:139
+msgid "Voice"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:141
+msgid "Question group"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:144
+msgid "Common Question Properties"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:145
+msgid ""
+"Each of the software question types make it possible to configure the "
+"following properties:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:147
+msgid "Question: The text of the question"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:149
+msgid ""
+"Hint: A hint that will be shown via an popover an a question mark near "
+"the question."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:151
+msgid "Description: A description text that will be shown below the question"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:153
+msgid "Required: Set this field if you want this question to be mandatory"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:155
+msgid ""
+"Preview: Set this field if you want the answers to this question to "
+"appear in the preview section of the list"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:159
+msgid ""
+"This section is where whistleblowing channels could be created and "
+"managed."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:161
+msgid ""
+"A whistleblowing channel is typically defined by the following main "
+"characteristics"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:163
+msgid ""
+"Name: the name of the channel Image: an image to identify the channel "
+"Description: a description of the channel Recipients: the set of "
+"recipients that will receive reports sent to this channel Questionnaire: "
+"the questionnaire that will be proposed to whistleblowers selecting this "
+"channel Submission expiration: the data retention policy for the channel"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:170
+msgid ""
+"The system with the basic configuration completed with the initial "
+"platform wizard is configured with a single Channel called Default, on "
+"which is associated a recipient and the default questionnaire."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:172
+msgid ""
+"Depending on your project needs here you could create additional Channels"
+" and configure their respective properties."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:177
+msgid "Data Retention Policy"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:178
+msgid ""
+"The software enables to configure a data retention policy for each "
+"channel. This is a fundamental property of the whistleblowing channel "
+"that makes it possible to configure automatic secure deletion of reports "
+"after a certain period of time. This setting should be configured in "
+"relation to the risk of the channel in order to limit unneeded exposure "
+"of the reports received therein."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:182
+msgid "By default a channel is configured with a report expiration of 90 days."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:186
+msgid ""
+"This section is intended to host all the main case management feature "
+"that will be offered by the software. Currently it hosts the possibility "
+"to define reports statuses and sub-statuses intended to be used by "
+"Recipients while working on the reports."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:194
+msgid "By default the system includes the following report statuses:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:190
+msgid "New"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:192
+msgid "Open"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:194
+msgid "Closed"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:196
+msgid ""
+"Within this section you may add additional Statuses between the State "
+"Open and Closed and you can furtherly define Sub-statuses for the Closed "
+"status (e.g. Archived / Spam)"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:202
+msgid ""
+"This is the section where are configured all the aspects related to the "
+"mail notifications sent by the software."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:207
+#: ../../user/admin/UserInterface.rst:238
+msgid "The section is furtherly divided in:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:205
+#: ../../user/admin/UserInterface.rst:210
+msgid "Notification Settings"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:207
+#: ../../user/admin/UserInterface.rst:219
+msgid "Notification Templates"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:211
+msgid "Here are configured the technical details about SMTP."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:214
+msgid ""
+"By default GlobaLeaks comes with a working configuration that is based on"
+" systems offered by the GlobaLeaks developers to the community of users "
+"and testers; even though this configuration is designed by their owners "
+"with special care in relation to security and privacy you are invited to "
+"consider using alternative systems for your production environment."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:220
+msgid "In this section are configured the notification templates."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:222
+msgid ""
+"By default globaleaks includes text and translations for each of the "
+"templates that are provided to be fully functional and studied with "
+"particular care in relation to security and privacy. Depending on your "
+"project needs you may override the default text with your customized "
+"texts."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:229
+msgid "In this section are configured the network settings."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:232
+#: ../../user/admin/UserInterface.rst:241
+msgid "HTTPS"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:234
+#: ../../user/admin/UserInterface.rst:255
+msgid "Tor"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:236
+msgid "IP Access control"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:238
+#: ../../user/admin/UserInterface.rst:273
+msgid "URL Redirects"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:242
+msgid ""
+"Here you can configure all the aspects related to the access of the "
+"platform via the HTTPS Protocol."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:246
+msgid "In particular here are configured:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:248
+msgid "The domain name used by your project"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:250
+msgid "The HTTPS key and certificates"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:252
+msgid ""
+"To ease the deployment and the maintenance and reduce the costs of your "
+"project, consider using the software includes support for the Let’s "
+"Encrypt HTTPS certificates."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:256
+msgid ""
+"Here you can configure all the aspects related to the access of the "
+"platform via the Tor Protocol."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:261
+msgid "IP Access Control"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:262
+msgid "Here you can configure IP based Access Control."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:266
+msgid "Suggested configurations are:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:268
+msgid "Prevent Whistleblowers to report from within their respective work space."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:270
+msgid "Restrict Recipients access to their intranet."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:274
+msgid "Here you can configure URL Redirects."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:280
+msgid ""
+"The site section enables organization to create and manage multiple "
+"secondary whistleblowing sites."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:283
+msgid "Sites Management"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:284
+msgid ""
+"Secondary whistleblowing platforms with independent configurations can be"
+" manually created and managed through the Sites interface."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:286
+msgid ""
+"Organizations have typically need for creating a secondary site when "
+"dealing with subsidiaries or third party clients."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:290
+msgid ""
+"After creating a secondary site an administrators of the main site could "
+"simply enter on that system by clicking a \"Configure\" button."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:292
+msgid ""
+"After clicking on the button the administrator will be logged in on the "
+"the administrative panel of the site."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:295
+msgid "Signup Module"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:296
+msgid ""
+"The software features a signup module that can be enabled and used to "
+"offers others users the possibility to register their secondary site."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:298
+msgid ""
+"Organizations have typically need for a signup module when offering the "
+"platform to other subsidiaries or third party clients where they want "
+"users to have the possibility to self subscribe."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:300
+msgid "The signup feature can be anabled in the Options tab of the Sites section."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:304
+msgid ""
+"When the signup module is enabled the submission module of the main site "
+"is automatically disabled and the home page will be featuring the "
+"following signup form:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:310
+msgid ""
+"The software features a privacy precerving audit log enabling "
+"administrators of the system to supervise on projects operations."
+msgstr ""
+
+#: ../../user/index.rst:2
+msgid "User documentation"
+msgstr ""
+
diff --git a/documentation/locale/it/LC_MESSAGES/sphinx.mo b/documentation/locale/it/LC_MESSAGES/sphinx.mo
new file mode 100644
index 0000000000..31e8e2f9d6
Binary files /dev/null and b/documentation/locale/it/LC_MESSAGES/sphinx.mo differ
diff --git a/documentation/locale/it/LC_MESSAGES/sphinx.po b/documentation/locale/it/LC_MESSAGES/sphinx.po
new file mode 100644
index 0000000000..3984af5d06
--- /dev/null
+++ b/documentation/locale/it/LC_MESSAGES/sphinx.po
@@ -0,0 +1,4671 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) 2011-2024 - GlobaLeaks
+# This file is distributed under the same license as the GlobaLeaks package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2024.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: GlobaLeaks 5.0.15\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2024-10-14 19:43+0200\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language: it\n"
+"Language-Team: it <LL@li.org>\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Generated-By: Babel 2.16.0\n"
+
+#: ../../developer/ContinuousIntegration.rst:3
+msgid "Continuous integration"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:4
+msgid ""
+"The GlobaLeaks codebase is continuously tested for bug within a complete "
+"continuous integration lifecycle implemented."
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:6
+msgid "Testes are performed at every commit by:"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:8
+msgid ""
+"performing continous integration testing with `GitHub Actions "
+"<https://github.com/globaleaks/globaleaks-whistleblowing-software/actions>`_;"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:9
+msgid ""
+"tracking tests coverage and code quality with `Codacy "
+"<https://app.codacy.com/manual/GlobaLeaks/GlobaLeaks>`_."
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:12
+msgid "Unit tests"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:13
+msgid "Unit tests are implemented by means of python-twisted and trial"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:15
+#: ../../developer/ContinuousIntegration.rst:26
+msgid "Tests can be run manually by issuing:"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:23
+msgid "E2E tests"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:24
+msgid "End to end tests are implemented by means of Cypress."
+msgstr ""
+
+#: ../../developer/DatabaseSchema.rst:2
+msgid "Database schema"
+msgstr ""
+
+#: ../../developer/Environment.rst:3
+msgid "Development environment"
+msgstr ""
+
+#: ../../developer/Environment.rst:4
+msgid ""
+"This guide describes how to set up an environment in order to contribute "
+"to the development of GlobaLeaks."
+msgstr ""
+
+#: ../../developer/Environment.rst:7 ../../gettingstarted/Requirements.rst:2
+msgid "Requirements"
+msgstr ""
+
+#: ../../developer/Environment.rst:8
+msgid ""
+"The guide assumes you run a Debian based system and that the following "
+"software is installed on your system:"
+msgstr ""
+
+#: ../../developer/Environment.rst:10
+msgid "debhelper"
+msgstr ""
+
+#: ../../developer/Environment.rst:11
+msgid "devscripts"
+msgstr ""
+
+#: ../../developer/Environment.rst:12
+msgid "dh-apparmor"
+msgstr ""
+
+#: ../../developer/Environment.rst:13
+msgid "dh-python"
+msgstr ""
+
+#: ../../developer/Environment.rst:14
+msgid "git"
+msgstr ""
+
+#: ../../developer/Environment.rst:15
+msgid "grunt-cli"
+msgstr ""
+
+#: ../../developer/Environment.rst:16
+msgid "node"
+msgstr ""
+
+#: ../../developer/Environment.rst:17
+msgid "npm"
+msgstr ""
+
+#: ../../developer/Environment.rst:18
+msgid "python3"
+msgstr ""
+
+#: ../../developer/Environment.rst:19
+msgid "python3-dev"
+msgstr ""
+
+#: ../../developer/Environment.rst:20
+msgid "python3-pip"
+msgstr ""
+
+#: ../../developer/Environment.rst:21
+msgid "python3-setuptools"
+msgstr ""
+
+#: ../../developer/Environment.rst:22
+msgid "python3-sphinx"
+msgstr ""
+
+#: ../../developer/Environment.rst:23
+msgid "python3-virtualenv"
+msgstr ""
+
+#: ../../developer/Environment.rst:26 ../../setup/index.rst:2
+msgid "Setup"
+msgstr ""
+
+#: ../../developer/Environment.rst:27
+msgid "The repository could be cloned with:"
+msgstr ""
+
+#: ../../developer/Environment.rst:33
+msgid "Client dependencies could be installed by issuing:"
+msgstr ""
+
+#: ../../developer/Environment.rst:41
+msgid "Backend dependencies could be installed by issuing:"
+msgstr ""
+
+#: ../../developer/Environment.rst:50
+msgid ""
+"This will create for you a python virtualenv in the directory env "
+"containing all the required python dependencies. To leave the virtualenv,"
+" type ``deactivate``."
+msgstr ""
+
+#: ../../developer/Environment.rst:52
+msgid ""
+"Then, anytime you will want to activate the environment to run globaleaks"
+" you will just need to issue the command:"
+msgstr ""
+
+#: ../../developer/Environment.rst:58
+msgid "Setup the client:"
+msgstr ""
+
+#: ../../developer/Environment.rst:66
+msgid "Setup the backend and its dependencies:"
+msgstr ""
+
+#: ../../developer/Environment.rst:76
+msgid "Run"
+msgstr ""
+
+#: ../../developer/Environment.rst:77
+msgid ""
+"To run globaleaks from sources within the development environment you "
+"should issue:"
+msgstr ""
+
+#: ../../developer/Environment.rst:85
+msgid ""
+"GlobaLeaks will start and be reachable at the following address "
+"https://127.0.0.1:8443"
+msgstr ""
+
+#: ../../developer/Environment.rst:88
+msgid "Building the docs"
+msgstr ""
+
+#: ../../developer/Environment.rst:89
+msgid "To build the documentation:"
+msgstr ""
+
+#: ../../developer/Environment.rst:97
+msgid "To edit the docs with hot-reload functionality:"
+msgstr ""
+
+#: ../../developer/Environment.rst:107
+msgid ""
+"Sphinx server will start and be reachable at the following address "
+"http://127.0.0.1:8000 in the web browser."
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:2
+msgid "Release procedure"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:3
+msgid "This is the procedure followed to publish a new GlobaLeaks release."
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:5
+msgid "A release is represented by:"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:7
+msgid "A version bump;"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:8
+msgid "An updated CHANGELOG;"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:9
+msgid "A commit titled \"Bump to version $number\";"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:10
+msgid "A tag commit $version signed by a core developer with their own key;"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:11
+msgid "An updated package on deb.globaleaks.org;"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:12
+msgid "A signed repository."
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:15
+msgid "Release tagging"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:16
+msgid ""
+"To release is tagger by means of the official version bump script by "
+"issuing:"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:23
+msgid "Release packaging"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:24
+msgid "The package is built by means of the official build script by issuing:"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:30
+msgid "This command builds a package for each supported distribution and version."
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:33
+msgid "Package publishing"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:34
+msgid "The package is published on https://deb.globaleaks.org by issuing:"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:41
+msgid "Repository signing"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:42
+msgid ""
+"The release is then signed by a core developer by using the official "
+"project key via:"
+msgstr ""
+
+#: ../../developer/SoftwareLibraries.rst:2
+msgid "Software libraries"
+msgstr ""
+
+#: ../../developer/SoftwareLibraries.rst:3
+msgid ""
+"The software libraries used by GlobaLeaks are listed in the following "
+"files:"
+msgstr ""
+
+#: ../../developer/SoftwareLibraries.rst:5
+msgid ""
+"Backend: `backend/requirements.txt <https://github.com/globaleaks"
+"/globaleaks-whistleblowing-software/blob/main/backend/requirements/requirements-"
+"bullseye.txt>`_"
+msgstr ""
+
+#: ../../developer/SoftwareLibraries.rst:6
+msgid ""
+"Client: `client/package.json <https://github.com/globaleaks"
+"/globaleaks-whistleblowing-software/blob/main/client/package.json>`_"
+msgstr ""
+
+#: ../../developer/SoftwareLibraries.rst:7
+msgid ""
+"Packaging: `debian/control <https://github.com/globaleaks/whistleblowing-"
+"software/blob/main/debian/controlX/control.bullseye>`_"
+msgstr ""
+
+#: ../../developer/index.rst:2
+msgid "Developer documentation"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:2
+msgid "Features"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:3
+msgid "These are the key features of the software:"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:6
+msgid "User features"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:8
+msgid ""
+"Multi-user system with customizable user roles (whistleblower, recipient,"
+" administrator)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:9
+msgid "Fully manageable via a web administration interface"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:10
+msgid ""
+"Allows whistleblowers to decide if and when to confidentially declare "
+"their identity"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:11
+msgid "Facilitates multimedia file exchanges with whistleblowers"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:12
+msgid "Secure management of file access and visualization"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:13
+msgid "Enables chat with whistleblowers to discuss reports"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:14
+msgid "Provides a unique 16-digit receipt for anonymous whistleblower login"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:15
+msgid "Simple recipient interface for receiving and analyzing reports"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:16
+msgid "Supports report categorization with labels"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:17
+msgid "Includes user search functionality for reports"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:18
+msgid "Supports the creation and assignment of case management statuses"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:19
+msgid "Customizable appearance (logo, color, styles, font, text)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:20
+msgid "Allows defining multiple reporting channels (e.g., by topic, department)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:21
+msgid ""
+"Enables creation and management of multiple whistleblowing sites (e.g., "
+"for subsidiaries or third-party clients)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:22
+msgid "Advanced questionnaire builder"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:23
+msgid "Provides whistleblowing system statistics"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:24
+msgid ""
+"Support for `over 90 languages "
+"<https://www.transifex.com/otf/globaleaks>`_ and Right-to-Left (RTL) "
+"languages"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:27
+msgid "Legal features"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:29
+msgid ""
+"Designed in adherence to `ISO 37002:2021 "
+"<https://www.iso.org/standard/65035.html>`_ and `EU Directive 2019/1937 "
+"<https://eur-lex.europa.eu/legal-"
+"content/en/TXT/?uri=CELEX%3A32019L1937>`_ recommendations for "
+"whistleblowing compliance"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:30
+msgid "Supports bidirectional anonymous communication (comments/messages)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:31
+msgid "Customizable case management workflow (statuses/sub-statuses)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:32
+msgid "Conditional reporting workflow based on whistleblower identity"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:33
+msgid "Manages conflicts of interest in the reporting workflow"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:34
+msgid "Custodian functionality to authorize access to whistleblower identity"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:35
+msgid "GDPR privacy by design and by default"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:36
+msgid "Configurable GDPR data retention policies"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:37
+msgid "GDPR-compliant subscriber module for new SaaS users"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:38
+msgid "No IP address logging"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:39
+msgid "Includes an audit log"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:40
+msgid "Integrates with existing enterprise case management platforms"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:41
+msgid ""
+"Free Software OSI Approved `AGPL 3.0 License "
+"<https://github.com/globaleaks/whistleblowing-"
+"software/blob/main/LICENSE>`_"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:44
+msgid "Security features"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:46
+msgid ""
+"Designed in adherence to `ISO 27001:2022 "
+"<https://www.iso.org/standard/82875.html>`_, `CSA STAR "
+"<https://cloudsecurityalliance.org/star>`_, and `OWASP "
+"<https://owasp.org/>`_ recommendations for security compliance"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:47
+msgid ""
+"Full data encryption for whistleblower reports and recipient "
+"communications"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:48
+msgid ""
+"Supports digital anonymity through `Tor <https://www.torproject.org/>`_ "
+"integration"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:49
+msgid ""
+"Built-in HTTPS support with `TLS 1.3 "
+"<https://tools.ietf.org/html/rfc8446>`_ standard and `SSLabs A+ "
+"<https://www.ssllabs.com/ssltest/analyze.html?d=try.globaleaks.org>`_ "
+"rating"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:50
+msgid ""
+"Automatic enrollment for free digital certificates with `Let’s Encrypt "
+"<https://letsencrypt.org/>`_"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:51
+msgid "Multiple penetration tests with publicly available reports"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:52
+msgid ""
+"Two-Factor Authentication (2FA) compliant with `TOTP RFC 6238 "
+"<https://tools.ietf.org/html/rfc6238>`_"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:53
+msgid "Integrated network sandboxing with iptables"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:54
+msgid "Application sandboxing with `AppArmor <http://wiki.apparmor.net/>`_"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:55
+msgid "Complete protection against automated submissions (spam prevention)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:56
+msgid "Continuous peer review and periodic security audits"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:57
+msgid "PGP support for encrypted email notifications and file downloads"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:58
+msgid "Leaves no traces in browser cache"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:61
+msgid "Technical features"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:63
+msgid ""
+"Designed in adherence to `Directive (EU) 2019/882 <https://eur-"
+"lex.europa.eu/legal-content/IT/TXT/?uri=CELEX%3A32019L0882>`_, `Directive"
+" (EU) 2016/2102 <https://eur-lex.europa.eu/legal-"
+"content/IT/TXT/?uri=CELEX%3A32016L2102>`_, `ETSI EN 301 549 "
+"<https://www.etsi.org/deliver/etsi_en/301500_301599/301549/03.02.01_60/en_301549v030201p.pdf>`_,"
+" `W3C WCAG 2.2 <https://www.w3.org/TR/WCAG22/>`_, and `WAI-ARIA 2.2 "
+"<https://www.w3.org/TR/wai-aria-1.2/>`_ recommendations for accessibility"
+" compliance"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:64
+msgid ""
+"Multi-site support enabling the operation of multiple virtual sites on "
+"the same setup"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:65
+msgid ""
+"Responsive user interfaces created with `Bootstrap "
+"<https://getbootstrap.com/>`_ CSS framework"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:66
+msgid "Automated software quality measurement and continuous integration testing"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:67
+msgid "Long-Term Support (LTS) plan"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:68
+msgid ""
+"Built with lightweight framework technologies (`Angular "
+"<https://angular.dev/>`_ and `Python Twisted <https://twisted.org/>`_)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:69
+msgid "Integrated `SQLite <https://sqlite.org>`_ database"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:70
+msgid ""
+"Automatic setup for `Tor Onion Services Version 3 "
+"<https://www.torproject.org/>`_"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:71
+msgid "Supports self-service signup for whistleblowing SaaS setup"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:72
+msgid ""
+"Compatible with Linux operating systems (`Debian "
+"<https://www.debian.org/>`_ / `Ubuntu <https://ubuntu.com/>`_)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:73
+msgid "Debian packaging with a repository for updates/upgrades"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:74
+msgid "Fully self-contained application"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:75
+msgid "Easy integration with existing websites"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:76
+msgid ""
+"Built and packaged with `reproducibility "
+"<https://en.wikipedia.org/wiki/Reproducible_builds>`_ in mind"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:77
+msgid "REST API"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:2
+msgid "Glossary"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:3
+msgid ""
+"This glossary defines jargon used in GlobaLeaks in a clear and consistent"
+" manner."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:5 ../../security/ThreatModel.rst:1
+msgid "Administrator"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:7
+msgid ""
+"The user who has set up and maintains the platform. An Administrator does"
+" not have access to Whistleblowers’ reports."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:8
+msgid "Channel"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:10
+msgid ""
+"A reporting channel used as a container for reports. Channels can be "
+"configured with specific questionnaires, recipients, and policies. They "
+"are typically used to organize the reporting process."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:11 ../../user/admin/UserInterface.rst:19
+#: ../../user/admin/UserInterface.rst:201
+msgid "Notification"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:13
+msgid ""
+"An email sent to inform a recipient of a new report or an update to an "
+"existing report."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:14
+msgid "Platform"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:16
+msgid "A system running the GlobaLeaks software."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:17
+msgid "Questionnaire"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:19
+msgid "A set of questions that the whistleblower must complete to file a report."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:20
+#: ../../security/ApplicationSecurity.rst:32
+msgid "Receipt"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:22
+msgid ""
+"A 16-digit random secret code generated by the system and provided to "
+"whistleblowers upon submission of their report. This code allows them to "
+"anonymously access and update their report by adding comments and new "
+"files."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:23 ../../security/ThreatModel.rst:1
+msgid "Recipient"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:25
+msgid ""
+"A user authorized to read whistleblowers’ reports. Recipients may also "
+"communicate with whistleblowers via the GlobaLeaks platform."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:26 ../../security/PenetrationTests.rst:1
+msgid "Report"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:28
+msgid ""
+"The submission by a whistleblower, including answers to a questionnaire "
+"and any attached material."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:29 ../../security/ThreatModel.rst:1
+msgid "Whistleblower"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:31
+msgid "The person who files a report."
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:3
+msgid ""
+"Ensure you understand and meet each of the following technical "
+"requirements."
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:6
+msgid "Hardware requirements"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:7
+msgid "**Requirements**:"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:9
+msgid "CPU: Dual-core 2.0GHz (64-bit)"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:10
+msgid "RAM: 1GB"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:11
+msgid "Storage: 20GB"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:12
+msgid "I/O: 10Mbit/s (shared)"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:14
+msgid ""
+"Please note that GlobaLeaks is designed to run on servers with "
+"specifications smaller than those listed above."
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:16
+msgid ""
+"The storage size should be determined based on your data retention "
+"policies and the expected use of the platform."
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:19
+msgid "Software requirements"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:20
+msgid ""
+"GlobaLeaks is designed to run on GNU/Linux and is developed and tested "
+"specifically for Debian-based systems."
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:22
+msgid ""
+"The currently recommended distributions are: Debian 12 (Bookworm) and "
+"Ubuntu 24.04 (Noble)"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:24
+msgid ""
+"The software lifecycle of the platform includes full support for all "
+"Debian and Ubuntu LTS versions starting from `Debian 10 "
+"<https://www.debian.org/releases/buster/>`_ and `Ubuntu 20.04 "
+"<https://releases.ubuntu.com/20.04/>`_."
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:26
+msgid ""
+"Support is guaranteed on these platforms according to the official long-"
+"term support timelines:"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:28
+msgid "`Debian Release End of Life Timeline <https://wiki.debian.org/LTS>`_"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:29
+msgid ""
+"`Ubuntu Release End of Life Timeline <https://www.ubuntu.com/info"
+"/release-end-of-life>`_"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:31
+msgid ""
+"Currently, we do not plan to support additional distributions, as "
+"GlobaLeaks adheres to the Unix philosophy of making each program excel in"
+" a specific area. By focusing our efforts on mastering one domain, we aim"
+" to serve our community most effectively. If you are interested in "
+"helping us extend support to additional distributions, please get in "
+"touch."
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:2
+msgid "Supported browsers"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:4
+msgid ""
+"GlobaLeaks is designed to fully support commonly used browsers on desktop"
+" PCs, laptops, tablets, and smartphones."
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:6
+msgid ""
+"We recommend using the `Tor Browser <https://www.torproject.org/>`_ for "
+"enhanced anonymity and additional privacy and security features not "
+"available in other browsers."
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:8
+msgid "Other supported browsers include:"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Browser"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Version"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Mozilla Firefox"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid ">= 38"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Google Chrome"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid ">= 45"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Brave"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid ">= 1.20.110"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Edge"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "any"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Safari"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid ">= 8"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "iOS"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid ">= 9"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Android"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid ">= 4.4"
+msgstr ""
+
+#: ../../gettingstarted/index.rst:2
+msgid "Getting started"
+msgstr ""
+
+#: ../../index.rst:2
+msgid "Documentation"
+msgstr "Documentazione"
+
+#: ../../index.rst:4
+msgid ""
+"`GlobaLeaks <https://www.globaleaks.org/>`_ is an open-source, free "
+"software intended to enable anyone to easily set up and maintain a secure"
+" whistleblowing platform."
+msgstr ""
+
+#: ../../index.rst:7
+msgid ""
+"This documentation is thank to the support of our community. Join us and "
+"contribute with your additions and suggestion. In any of the page you "
+"find a link that enables you to provide suggestions and corrections. We "
+"remind you that in case of any software issue or bug you may always "
+"report on the `ticketing system <https://github.com/globaleaks"
+"/globaleaks-whistleblowing-software/issues>`_."
+msgstr ""
+
+#: ../../roadmap/index.rst:2
+msgid "Project roadmap"
+msgstr ""
+
+#: ../../roadmap/index.rst:5
+msgid ""
+"This tentative roadmap is built by the GlobaLeaks team in order to try to"
+" respond to main users' needs. Please get sure that the needs of your "
+"projects and users are well represented on the project `Ticketing System "
+"<https://github.com/globaleaks/globaleaks-whistleblowing-software/issues>`_. If your"
+" organization could fund the development of parts of this roadmap please "
+"write us at info@globaleaks.org"
+msgstr ""
+
+#: ../../roadmap/index.rst:8
+msgid "Introduction"
+msgstr ""
+
+#: ../../roadmap/index.rst:9
+msgid ""
+"`GlobaLeaks <https://www.globaleaks.org>`_ is free, open source software "
+"enabling anyone to easily set up and maintain a secure whistleblowing "
+"platform."
+msgstr ""
+
+#: ../../roadmap/index.rst:11
+msgid ""
+"Started in 2011, the software is now widely used worldwide by more than "
+"3000 organizations working in the fields of anti-corruption activism, "
+"human rights violations reporting, investigative journalism, and "
+"corporate compliance."
+msgstr ""
+
+#: ../../roadmap/index.rst:13
+msgid ""
+"This document details the main areas of research development and "
+"represents the actual tentative readmap of consolidation planned for "
+"2024-2026 based on the analysis of the large set of user needs collected "
+"within the official `Ticketing System <https://github.com/globaleaks"
+"/globaleaks-whistleblowing-software/issues>`_."
+msgstr ""
+
+#: ../../roadmap/index.rst:16
+msgid "Development areas"
+msgstr ""
+
+#: ../../roadmap/index.rst:19
+msgid "Statistics and Reporting"
+msgstr ""
+
+#: ../../roadmap/index.rst:20
+msgid ""
+"GlobaLeaks still misses the implementation for any generation of "
+"statistics and reports. Such features are considered fundamental in order"
+" to properly support users in analysis, investigation and reporting."
+msgstr ""
+
+#: ../../roadmap/index.rst:22
+msgid "E.g:"
+msgstr ""
+
+#: ../../roadmap/index.rst:24
+msgid ""
+"Recipients should be able to visually see statistics about the received "
+"reports received and the data contained; these statistics should empower "
+"users in their work providing relevant information out of the data "
+"collection that could help users analyze and study social problems like "
+"corruption and be able to organize and export automatic reporting;"
+msgstr ""
+
+#: ../../roadmap/index.rst:25
+msgid ""
+"Administrators should be able to visually see a dashboard in order to "
+"monitor the system and assure that all is working well (e.g. that "
+"recipients are receiving submissions and are able to access them and that"
+" no attacks are performed on the system)."
+msgstr ""
+
+#: ../../roadmap/index.rst:27 ../../roadmap/index.rst:42
+msgid "Ideas:"
+msgstr ""
+
+#: ../../roadmap/index.rst:29
+msgid ""
+"A client library could be adopted to generate reports directly on the "
+"client (e.g. Chart.js)"
+msgstr ""
+
+#: ../../roadmap/index.rst:30
+msgid ""
+"The implementation should support the possibility of exporting the report"
+" in PDF; in relation to this aspect it should be considered the "
+"advantages of a possible backend implementation."
+msgstr ""
+
+#: ../../roadmap/index.rst:32 ../../roadmap/index.rst:47
+#: ../../roadmap/index.rst:58 ../../roadmap/index.rst:71
+#: ../../roadmap/index.rst:84
+msgid "Reference tickets:"
+msgstr ""
+
+#: ../../roadmap/index.rst:34
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/1959"
+msgstr ""
+
+#: ../../roadmap/index.rst:35
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2254"
+msgstr ""
+
+#: ../../roadmap/index.rst:39
+msgid "Audit Log"
+msgstr ""
+
+#: ../../roadmap/index.rst:40
+msgid ""
+"GlobaLeaks still misses the implementation of a complete audit logit. "
+"This is considered a fundamental feature in order to achieve full "
+"accontability of the whistleblowing process and increase security."
+msgstr ""
+
+#: ../../roadmap/index.rst:44
+msgid "Software audit log should be improved"
+msgstr ""
+
+#: ../../roadmap/index.rst:45
+msgid ""
+"The software could exposes a standard log interfaces in CEF/LEEF/Syslog "
+"format to foster integration with third party SIEM software."
+msgstr ""
+
+#: ../../roadmap/index.rst:49
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2579"
+msgstr ""
+
+#: ../../roadmap/index.rst:50
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2580"
+msgstr ""
+
+#: ../../roadmap/index.rst:51
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2651"
+msgstr ""
+
+#: ../../roadmap/index.rst:54
+msgid "GDPR compliance"
+msgstr ""
+
+#: ../../roadmap/index.rst:55
+msgid ""
+"GlobaLeaks implements by-design many best practices in matters of privacy"
+" and security. In order to be effectively accepted and competitive beside"
+" commercial proprietary solutions and to guarantee the sustainability of "
+"the project, the software needs to achieve some market “standards” (e.g. "
+"GDPR compliance / ISO certifications / etc.); among all we selected that "
+"GDPR compliance is a first step where the software could implement best "
+"practices (e.g. procedures for self signup should present appropriate "
+"legal notices, terms of services, and contractualization). Within the "
+"software, there should be implemented an automatic contract generation "
+"via PDF or other suitable formats in respect with the GDPR requirements."
+msgstr ""
+
+#: ../../roadmap/index.rst:60
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2145"
+msgstr ""
+
+#: ../../roadmap/index.rst:61
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2658"
+msgstr ""
+
+#: ../../roadmap/index.rst:62
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2866"
+msgstr ""
+
+#: ../../roadmap/index.rst:63
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2767"
+msgstr ""
+
+#: ../../roadmap/index.rst:64
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/3011"
+msgstr ""
+
+#: ../../roadmap/index.rst:65
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/3012"
+msgstr ""
+
+#: ../../roadmap/index.rst:68
+msgid "Backup and Restore"
+msgstr ""
+
+#: ../../roadmap/index.rst:69
+msgid ""
+"GlobaLeaks currently misses any feature for performing backup and "
+"restoring of its setup. These duties are currently performed by its users"
+" following typical best manual practices (e.g. archiving the data "
+"directory of the application). This project idea is to research the best "
+"practices to be applied in this context and to identify suitable "
+"strategies for implementing periodic, secure and encrypted backups to be "
+"restored upon necessity."
+msgstr ""
+
+#: ../../roadmap/index.rst:73
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/528"
+msgstr ""
+
+#: ../../roadmap/index.rst:74
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2149"
+msgstr ""
+
+#: ../../roadmap/index.rst:77
+msgid "Multitenancy"
+msgstr ""
+
+#: ../../roadmap/index.rst:79
+msgid "Import and Export of Tenants"
+msgstr ""
+
+#: ../../roadmap/index.rst:80
+msgid ""
+"Part of the software is a recent feature of Multitenancy, first "
+"implemented in 2018 and stabilized during 2019. Through this feature, "
+"GlobaLeaks makes it possible to create multiple setups of itself via "
+"virtual sites (similarly to Wordpress multisite feature). In order to "
+"make it more easy for an administrator to migrate a platform form a "
+"system to an other or to enable users to require data portability from a "
+"globaleaks provider to an other, for example in relation to GDPR it has "
+"been evaluated necessary to improve the multi tenancy implementation by "
+"implementing support for import-export of tenants. In the context of a "
+"whistleblowing application, involving encryption and logging this poses "
+"important challenges on how to best handle this process."
+msgstr ""
+
+#: ../../roadmap/index.rst:86
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2632"
+msgstr ""
+
+#: ../../roadmap/index.rst:87
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2631"
+msgstr ""
+
+#: ../../roadmap/index.rst:90
+msgid "Multisite users"
+msgstr ""
+
+#: ../../roadmap/index.rst:91
+msgid "(To be further researched)"
+msgstr ""
+
+#: ../../roadmap/index.rst:93
+msgid ""
+"Important requirement at the base of the Multitenancy expansion is the "
+"possibility to enable users to be administrators and recipients of two or"
+" multiple instances running on the same multi-site setup. This is useful "
+"for example when a lawyer takes part as a recipient on multiple projects;"
+" as well it is useful when an ICT consultant joins consultancy on "
+"multiple projects."
+msgstr ""
+
+#: ../../roadmap/index.rst:96
+msgid ""
+"This could significatively simplify user access enabling the user to have"
+" a single set of username and password and associated keys."
+msgstr ""
+
+#: ../../roadmap/index.rst:98
+msgid "References tickets:"
+msgstr ""
+
+#: ../../roadmap/index.rst:100
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2302"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:3
+msgid "Application security"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:4
+msgid ""
+"The GlobaLeaks software aims to adhere to industry-standard best "
+"practices, with its security being the result of applied research."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:6
+msgid ""
+"This document details every aspect implemented by the application in "
+"relation to security design."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:9
+msgid "Architecture"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:10
+msgid "The software comprises two main components: a `Backend` and a `Client`:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:12
+msgid ""
+"The Backend is a Python-based server that runs on a physical server and "
+"exposes a `REST API "
+"<https://en.wikipedia.org/wiki/Representational_state_transfer>`_."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:13
+msgid ""
+"The Client is a JavaScript client-side web application that interacts "
+"with the Backend only through `XHR "
+"<https://en.wikipedia.org/wiki/XMLHttpRequest>`_."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:16
+msgid "Anonymity"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:17
+msgid ""
+"Users' anonymity is protected by means of `Tor "
+"<https://www.torproject.org>`_ technology."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:19
+msgid ""
+"The application is designed to avoid logging sensitive metadata that "
+"could lead to the identification of whistleblowers."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:22
+msgid "Authentication"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:23
+msgid ""
+"The confidentiality of authentication is protected either by `Tor Onion "
+"Services v3 <https://www.torproject.org/docs/onion-services.html.en>`_ or"
+" `TLS version 1.2+ "
+"<https://en.wikipedia.org/wiki/Transport_Layer_Security>`_."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:25
+msgid ""
+"This section describes the authentication methods implemented by the "
+"system."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:28
+msgid "Password"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:29
+msgid ""
+"By accessing the login web interface, `Administrators` and `Recipients` "
+"need to enter their respective `Username` and `Password`. If the "
+"submitted password is valid, the system grants access to the "
+"functionality available to that user."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:33
+msgid ""
+"`Whistleblowers` access their `Reports` using an anonymous `Receipt`, "
+"which is a randomly generated 16-digit sequence created by the Backend "
+"when the Report is first submitted. This format resembles a standard "
+"phone number, making it easier for whistleblowers to conceal their "
+"receipts."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:36
+msgid "Password security"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:37
+msgid "The system implements the following password security measures:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:40
+msgid "Password storage"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:41
+msgid ""
+"Passwords are never stored in plaintext; instead, the system maintains "
+"only a hashed version. This applies to all authentication secrets, "
+"including whistleblower receipts."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:43
+msgid ""
+"The platform stores users’ passwords hashed with a random 128-bit salt, "
+"unique for each user."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:45
+msgid ""
+"Passwords are hashed using `Argon2 "
+"<https://en.wikipedia.org/wiki/Argon2>`_, a key derivation function "
+"selected as the winner of the `Password Hashing Competition "
+"<https://en.wikipedia.org/wiki/Password_Hashing_Competition>`_ in July "
+"2015."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:47
+msgid ""
+"The hash involves a per-user salt for each user and a per-system salt for"
+" whistleblowers."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:50
+msgid "Password complexity"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:51
+msgid ""
+"The system enforces complex passwords by implementing a custom algorithm "
+"necessary to ensure reasonable entropy for each authentication secret."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:53
+msgid ""
+"Passwords are scored at three levels: `Strong`, `Acceptable`, and "
+"`Insecure`."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:55
+msgid ""
+"Strong: A strong password should include capital letters, lowercase "
+"letters, numbers, and symbols, be at least 12 characters long, and "
+"contain a variety of at least 10 different characters."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:56
+msgid ""
+"Acceptable: An acceptable password should include at least 3 different "
+"types of characters from capital letters, lowercase letters, numbers, and"
+" symbols, be at least 10 characters long, and contain a variety of at "
+"least 7 different characters."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:57
+msgid ""
+"Insecure: Passwords ranked below the strong or acceptable levels are "
+"marked as insecure and are not accepted by the system."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:59
+msgid ""
+"We encourage each end user to use `KeePassXC <https://keepassxc.org>`_ to"
+" generate and retain strong, unique passphrases."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:62
+msgid "Two-factor authentication"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:63
+msgid ""
+"The system implements Two-Factor Authentication (2FA) based on `TOTP` "
+"using the `RFC 6238 <https://tools.ietf.org/rfc/rfc6238.txt>`_ algorithm "
+"and 160-bit secrets."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:65
+msgid ""
+"Users can enroll in 2FA via their own preferences, and administrators can"
+" optionally enforce this requirement."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:67
+msgid ""
+"We recommend using `FreeOTP <https://freeotp.github.io/>`_, available "
+"`for Android "
+"<https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp>`_"
+" and `for iOS <https://apps.apple.com/us/app/freeotp-"
+"authenticator/id872559395>`_."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:70
+msgid "Slowdown on failed login attempts"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:71
+msgid ""
+"The system identifies multiple failed login attempts and implements a "
+"slowdown procedure, requiring an authenticating client to wait up to 42 "
+"seconds to complete an authentication."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:73
+msgid ""
+"This feature is intended to slow down potential attacks, requiring more "
+"resources in terms of time, computation, and memory."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:76
+msgid "Password change on first login"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:77
+msgid "The system enforces users to change their password at their first login."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:79
+msgid ""
+"Administrators can also enforce a password change for users at their next"
+" login."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:82
+msgid "Periodic password change"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:83
+msgid ""
+"By default, the system enforces users to change their password at least "
+"every year."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:85
+msgid "This period is configurable by administrators."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:88
+msgid "Password recovery"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:89
+msgid ""
+"In case of a lost password, users can request a password reset via the "
+"web login interface by clicking on a `Forgot password?` button present on"
+" the login page."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:91
+msgid ""
+"When this button is clicked, users are invited to enter their username or"
+" email. If the provided username or email corresponds to an existing "
+"user, the system will send a reset link to the configured email."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:93
+msgid ""
+"By clicking the link received by email, the user is then invited to set a"
+" new password different from the previous one."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:95
+msgid ""
+"If encryption is enabled on the system, a user clicking on the reset link"
+" must first enter their `Account Recovery Key`. Only after correct entry "
+"will the user be able to set a new password."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:98
+msgid "Web application security"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:99
+msgid ""
+"This section describes the Web Application Security implemented by the "
+"software in adherence to the `OWASP Security Guidelines "
+"<https://www.owasp.org>`_."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:102
+msgid "Session management"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:103
+msgid ""
+"The session implementation follows the `OWASP Session Management Cheat "
+"Sheet "
+"<https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html>`_"
+" security guidelines."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:105
+msgid ""
+"The system assigns a session to each authenticated user. The Session ID "
+"is a 256-bit long secret generated randomly by the backend. Each session "
+"expires according to a timeout of 30 minutes. Session IDs are exchanged "
+"between the client and the backend via a header (`X-Session`) and expire "
+"as soon as users close their browser or the tab running GlobaLeaks. Users"
+" can explicitly log out via a logout button or implicitly by closing the "
+"browser."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:108
+msgid "Session encryption"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:109
+msgid ""
+"To minimize the exposure of users' encryption keys, the keys are stored "
+"in an encrypted format and decrypted only upon each client request."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:111
+msgid ""
+"The implementation uses Libsodium's SecretBox, where the client's session"
+" key is used as the secret. Only the client maintains a copy of the "
+"session key, while the server retains only a SHA-256 hash."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:114
+msgid "Cookies and xsrf prevention"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:115
+msgid ""
+"Cookies are not used intentionally to minimize XSRF attacks and any "
+"possible attacks based on them. Instead of using cookies, authentication "
+"is based on a custom HTTP Session Header sent by the client on "
+"authenticated requests."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:118
+msgid "HTTP headers"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:119
+#, python-format
+msgid ""
+"The system implements a large set of HTTP headers specifically configured"
+" to improve software security and achieves a `score A+ by Security "
+"Headers "
+"<https://securityheaders.com/?q=https%3A%2F%2Ftry.globaleaks.org&followRedirects=on>`_"
+" and a `score A+ by Mozilla Observatory "
+"<https://observatory.mozilla.org/analyze/try.globaleaks.org>`_."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:122
+msgid "Strict-Transport-Security"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:123
+msgid "The system implements strict transport security by default. ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:128
+msgid "The default configuration of the application sees this feature disabled."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:131
+msgid "Content-Security-Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:132
+msgid ""
+"The backend implements a strict `Content Security Policy (CSP) "
+"<https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP>`_ preventing any "
+"interaction with third-party resources and restricting the execution of "
+"untrusted user input: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:137
+msgid ""
+"Specific policies are implemented in adherence to the principle of least "
+"privilege."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:139
+msgid "For example:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:141
+msgid ""
+"The `index.html` source of the app is the only resource allowed to load "
+"scripts from the same origin;"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:142
+msgid "Every dynamic content is strictly sandboxed on a null origin;"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:143
+msgid ""
+"Every untrusted user input or third-party library is executed in a "
+"sandbox, limiting its interaction with other application components."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:146
+msgid "Cross-Origin-Embedder-Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:147
+msgid ""
+"The backend implements the following `Cross-Origin-Embedder-Policy (COEP)"
+" <https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-"
+"Embedder-Policy>`_: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:153
+msgid "Cross-Origin-Opener-Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:154
+msgid ""
+"The backend implements the following `Cross-Origin-Opener-Policy (COOP) "
+"<https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-"
+"Opener-Policy>`_: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:160
+msgid "Cross-Origin-Resource-Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:161
+msgid ""
+"The backend implements the following `Cross-Origin-Resource-Policy (CORP)"
+" <https://developer.mozilla.org/en-US/docs/Web/HTTP/Cross-"
+"Origin_Resource_Policy>`_: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:167
+msgid "Permissions-Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:168
+msgid ""
+"The backend implements the following Permissions-Policy header "
+"configuration to limit the possible de-anonymization of the user by "
+"disabling dangerous browser features: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:174
+msgid "X-Frame-Options"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:175
+msgid ""
+"In addition to implementing Content Security Policy level 3 to prevent "
+"the application from being included in an iframe, the backend also "
+"implements the outdated X-Frame-Options header to ensure that iframes are"
+" always prevented in any circumstance, including on outdated browsers: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:181
+msgid "Referrer-Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:182
+msgid ""
+"Web browsers usually attach referrers in their HTTP headers as they "
+"browse links. The platform enforces a referrer policy to avoid this "
+"behavior. ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:188
+msgid "X-Content-Type-Options"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:189
+msgid ""
+"To avoid automatic MIME type detection by the browser when setting the "
+"Content-Type for specific output, the following header is used: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:195
+msgid "Cache-Control"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:196
+msgid ""
+"To prevent or limit forensic traces left on devices used by "
+"whistleblowers and in devices involved in communication with the "
+"platform, as specified in section ``3. Storing Responses in Caches`` of "
+"`RFC 7234 <https://tools.ietf.org/html/rfc7234>`__, the platform uses the"
+" ``Cache-Control`` HTTP header with the configuration ``no-store`` to "
+"instruct clients and possible network proxies to disable any form of data"
+" caching. ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:202
+msgid "Crawlers Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:203
+msgid ""
+"For security reasons, the backend instructs crawlers to avoid caching and"
+" indexing of the application and uses the ``robots.txt`` file to allow "
+"crawling only of the home page. Indexing the home page is considered best"
+" practice to promote the platform's existence and facilitate access for "
+"potential whistleblowers."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:205
+msgid "The implemented configuration is as follows: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:212
+msgid ""
+"The platform also instructs crawlers to avoid caching by injecting the "
+"following HTTP header: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:217
+msgid ""
+"For highly sensitive projects where the platform is intended to remain "
+"``hidden`` and communicated to potential whistleblowers directly, it can "
+"be configured to disable indexing completely."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:219
+msgid "In such cases, the following HTTP header is used: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:225
+msgid "Anchor tags and external urls"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:226
+msgid ""
+"The client opens external URLs in a new tab, independent of the "
+"application context, by setting ``rel='noreferrer'`` and "
+"``target='_blank'``` on every anchor tag. ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:232
+msgid "Input validation"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:233
+msgid ""
+"The application implements strict input validation both on the backend "
+"and on the client."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:236
+msgid "On the backend"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:237
+msgid ""
+"Each client request is strictly validated by the backend against a set of"
+" regular expressions, and only requests matching the expressions are "
+"processed."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:239
+msgid ""
+"Additionally, a set of rules is applied to each request type to limit "
+"potential attacks. For example, any request is limited to a payload of "
+"1MB."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:242
+msgid "On the client"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:243
+msgid ""
+"Each server output is strictly validated by the client at rendering time "
+"using the Angular component `ngSanitize.$sanitize "
+"<http://docs.angularjs.org/api/ngSanitize.$sanitize>`__."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:246
+msgid "Form autocomplete off"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:247
+msgid ""
+"Forms implemented by the platform use the HTML5 form attribute to "
+"instruct the browser not to cache user data for form prediction and "
+"autocomplete on subsequent submissions."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:249
+msgid ""
+"This is achieved by setting `autocomplete=\"off\" "
+"<https://www.w3.org/TR/html5/forms.html=autofilling-form-controls:-the-"
+"autocomplete-attribute>`__ on the relevant forms or attributes."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:252
+msgid "Network security"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:254
+msgid "Connection anonymity"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:255
+msgid ""
+"User anonymity is provided through the implementation of `Tor "
+"<https://www.torproject.org/>`__ technology. The application implements "
+"an ``Onion Service v3`` and advises users to use the Tor Browser when "
+"accessing it."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:258
+msgid "Connection encryption"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:259
+msgid ""
+"User connections are always encrypted, either through the `Tor Protocol "
+"<https://www.torproject.org>`__ when using the Tor Browser or via `TLS "
+"<https://en.wikipedia.org/wiki/Transport_Layer_Security>`__ when accessed"
+" through a common browser."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:261
+msgid ""
+"Using ``Tor`` is recommended over HTTPS due to its advanced resistance to"
+" selective interception and censorship, making it difficult for a third "
+"party to capture or block access to the site for specific whistleblowers "
+"or departments."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:263
+msgid ""
+"The software also facilitates easy setup of ``HTTPS``, offering both "
+"automatic setup via `Let's Encrypt <https://letsencrypt.org/>`__ and "
+"manual configuration."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:265
+msgid ""
+"TLS certificates are generated using `NIST Curve P-384 "
+"<https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf>`__."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:267
+msgid ""
+"The configuration enables only ``TLS1.2+`` and is fine-tuned and hardened"
+" to achieve `SSLLabs grade A+ "
+"<https://www.ssllabs.com/ssltest/analyze.html?d=try.globaleaks.org>`__."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:269
+msgid "In particular, only the following ciphers are enabled: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:283
+msgid "Network sandboxing"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:284
+msgid ""
+"The GlobaLeaks backend integrates `iptables "
+"<https://www.netfilter.org/>`__ by default and implements strict firewall"
+" rules that restrict incoming network connections to HTTP and HTTPS on "
+"ports 80 and 443."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:286
+msgid ""
+"Additionally, the application allows anonymizing outgoing connections, "
+"which can be configured to route through Tor."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:289
+msgid "Data encryption"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:290
+msgid ""
+"Submission data, file attachments, messages, and metadata exchanged "
+"between whistleblowers and recipients are encrypted using the GlobaLeaks "
+":doc:`EncryptionProtocol`."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:292
+msgid ""
+"GlobaLeaks also incorporates various other encryption components. The "
+"main libraries and their uses are:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:294
+msgid ""
+"`Python-NaCL <https://github.com/pyca/pynacl>`__: used for implementing "
+"data encryption"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:295
+msgid ""
+"`PyOpenSSL <https://github.com/pyca/pyopenssl>`__: used for implementing "
+"HTTPS"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:296
+msgid ""
+"`Python-Cryptography <https://cryptography.io>`__: used for implementing "
+"authentication"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:297
+msgid ""
+"`Python-GnuPG <http://pythonhosted.org/python-gnupg/index.html>`__: used "
+"for encrypting email notifications and file downloads via ```PGP```"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:300
+msgid "Application sandboxing"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:301
+msgid ""
+"The GlobaLeaks backend integrates `AppArmor <https://apparmor.net/>`__ by"
+" default and implements a strict sandboxing profile, allowing the "
+"application to access only the strictly required files. Additionally, the"
+" application runs under a dedicated user and group \"globaleaks\" with "
+"reduced privileges."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:304
+msgid "Database security"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:305
+msgid ""
+"The GlobaLeaks backend uses a hardened local SQLite database accessed via"
+" SQLAlchemy ORM."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:307
+msgid ""
+"This design choice ensures the application can fully control its "
+"configuration while implementing extensive security measures in adherence"
+" to the `security recommendations by SQLite "
+"<https://sqlite.org/security.html>`__."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:310
+msgid "Secure deletion"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:311
+msgid ""
+"The GlobaLeaks backend enables SQLite’s secure deletion capability, which"
+" automatically overwrites the database data upon each delete query: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:317
+msgid "Auto vacuum"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:318
+msgid ""
+"The platform enables SQLite’s auto vacuum capability for automatic "
+"cleanup of deleted entries and recall of unused pages: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:324
+msgid "Limited database trust"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:325
+msgid ""
+"The GlobaLeaks backend uses the SQLite `trusted_schema "
+"<https://www.sqlite.org/src/doc/latest/doc/trusted-schema.md>`__ pragma "
+"to limit trust in the database, mitigating risks of malicious corruption."
+" ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:331
+msgid "Limited database functionalities"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:332
+msgid ""
+"The GlobaLeaks backend restricts SQLite functionalities to only those "
+"necessary for running the application, reducing the potential for "
+"exploitation in case of SQL injection attacks."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:334
+msgid ""
+"This is implemented using the ```conn.set_authorizer``` API and a strict "
+"authorizer callback that authorizes only a limited set of SQL "
+"instructions: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:345
+msgid "DoS resiliency"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:346
+msgid ""
+"To mitigate denial of service attacks, GlobaLeaks applies the following "
+"measures:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:348
+msgid ""
+"Implements a proof-of-work (hashcash) on each unauthenticated request to "
+"limit automation."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:349
+msgid "Applies rate limiting on authenticated sessions."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:350
+msgid ""
+"Limits the possibility of triggering CPU-intensive routines by external "
+"users (e.g., limits on query and job execution times)."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:351
+msgid ""
+"Monitors activity to detect and respond to attacks, implementing "
+"proactive security measures to prevent DoS (e.g., slowing down fast "
+"operations)."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:354
+msgid "Proof of work on users' sessions"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:355
+msgid ""
+"The system implements an automatic `Proof of Work "
+"<https://en.wikipedia.org/wiki/Proof_of_work>`__ based on the hashcash "
+"algorithm for every user session, requiring clients to request a token "
+"and continuously solve a computational problem to acquire and renew the "
+"session."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:358
+msgid "Rate limit on users' sessions"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:359
+msgid ""
+"The system implements rate limiting on user sessions, preventing more "
+"than 5 requests per second and applying increasing delays on requests "
+"that exceed this threshold."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:362
+msgid "Rate limit on whistleblowers' reports and attachments"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:363
+msgid ""
+"The system applies rate limiting on whistleblower reports and "
+"attachments, preventing new submissions and file uploads if thresholds "
+"are exceeded."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:365
+msgid "Implemented thresholds are:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "Threshold Variable"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+#: ../../security/PenetrationTests.rst:1
+msgid "Goal"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "Default Threshold Setting"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "threshold_reports_per_hour"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "Limit the number of reports that can be filed per hour"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "20"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "threshold_reports_per_hour_per_ip"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid ""
+"Limit the number of reports that can be filed per hour by the same IP "
+"address"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "5"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "threshold_attachments_per_hour_per_ip"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid ""
+"Limit the number of attachments that can be uploaded per hour by the same"
+" IP address"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "120"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "threshold_attachments_per_hour_per_report"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "Limit the number of attachments that can be uploaded per hour on a report"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "30"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:375
+msgid ""
+"In case of necessity, threshold configurations can be adjusted using the "
+"`gl-admin` command as follows: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:381
+msgid "Other measures"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:383
+msgid "Browser history and forensic traces"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:384
+msgid ""
+"The entire application is designed to minimize or reduce the forensic "
+"traces left by whistleblowers on their devices while filing reports."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:386
+msgid ""
+"When accessed via the Tor Browser, the browser ensures that no persistent"
+" traces are left on the user's device."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:388
+msgid ""
+"To prevent or limit forensic traces in the browser history of users "
+"accessing the platform via a common browser, the application avoids "
+"changing the URI during whistleblower navigation. This prevents the "
+"browser from logging user activities and offers high plausible "
+"deniability, making the whistleblower appear as a simple visitor to the "
+"homepage and avoiding evidence of any submission."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:391
+msgid "Secure file management"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:393
+msgid "Secure file download"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:394
+msgid ""
+"Any attachment uploaded by anonymous whistleblowers might contain "
+"malware, either intentionally or not. It is highly recommended, if "
+"possible, to download files and access them on an air-gapped machine "
+"disconnected from the network and other sensitive devices. To facilitate "
+"safe file downloads and transfers using a USB stick, the application "
+"provides the option to export reports, enabling the download of a ZIP "
+"archive containing all report content. This reduces the risk of executing"
+" files during the transfer process."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:397
+msgid "Safe file opening"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:398
+msgid ""
+"For scenarios where the whistleblower's trustworthiness has been "
+"validated or in projects with a low-risk threat model, the application "
+"offers an integrated file viewer. This viewer, leveraging modern browser "
+"sandboxing capabilities, allows the safe opening of a limited set of file"
+" types considered more secure than accessing files directly through the "
+"operating system. This feature is disabled by default. Administrators "
+"should enable it only after thorough evaluation and ensure that "
+"recipients' browsers are kept up-to-date."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:400
+msgid "The supported file formats are:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:402
+msgid "AUDIO"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:403
+msgid "CSV"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:404
+msgid "IMAGE"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:405
+msgid "PDF"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:406
+msgid "VIDEO"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:407
+msgid "TXT"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:409
+#: ../../security/ApplicationSecurity.rst:419
+msgid "The default configuration has this feature disabled."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:412
+msgid "PGP encryption"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:413
+msgid "The system offers an optional PGP encryption feature."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:415
+msgid ""
+"When enabled, users can activate a personal PGP key that will be used by "
+"the system to encrypt email notifications and files on-the-fly."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:417
+msgid ""
+"This feature is recommended for high-risk threat models, especially when "
+"used in conjunction with air-gapped systems for report visualization."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:422
+msgid "Encryption of temporary files"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:423
+msgid ""
+"Files uploaded and temporarily stored on disk during the upload process "
+"are encrypted with a temporary, symmetric AES key to prevent any "
+"unencrypted data from being written to disk. Encryption is performed in "
+"streaming mode using `AES 128-bit` in `CTR mode`. Key files are stored in"
+" memory and are unique for each file being uploaded."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:426
+msgid "Secure file delete"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:427
+msgid ""
+"Every file deleted by the application is overwritten before the file "
+"space is released on disk."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:429
+msgid ""
+"The overwrite routine is executed by a periodic scheduler and follows "
+"these steps:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:431
+msgid "A first overwrite writes 0 across the entire file;"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:432
+msgid "A second overwrite writes 1 across the entire file;"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:433
+msgid "A third overwrite writes random bytes across the entire file."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:436
+msgid "Exception logging and redaction"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:437
+msgid ""
+"To quickly diagnose potential software issues when client exceptions "
+"occur, they are automatically reported to the backend. The backend "
+"temporarily caches these exceptions and sends them to the backend "
+"administrator via email."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:439
+msgid ""
+"To prevent inadvertent information leaks, logs are processed through "
+"filters that redact email addresses and UUIDs."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:442
+msgid "Entropy sources"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:443
+msgid "The primary source of entropy for the platform is `/dev/urandom`."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:446
+msgid "UUIDv4 randomness"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:447
+msgid ""
+"System resources like submissions and files are identified by UUIDv4 to "
+"make them unguessable by external users and limit potential attacks."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:450
+msgid "TLS for smtp notification"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:451
+msgid ""
+"All notifications are sent through an SMTP channel encrypted with TLS, "
+"using either SMTP/TLS or SMTPS, depending on the configuration."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:2
+msgid "Encryption protocol"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:3
+msgid ""
+"GlobaLeaks implements an encryption protocol specifically designed for "
+"anonymous whistleblowing applications."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:5
+msgid ""
+"The protocol has been developed and validated in collaboration with the "
+"`Open Technology Fund <https://www.opentech.fund/results/supported-"
+"projects/globaleaks/>`_ and represents a trade-off between security and "
+"usability. It is designed to be user-friendly for whistleblowers while "
+"providing reasonable protection against attackers attempting to breach "
+"the backend and perform brute-force decryption."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:7
+msgid ""
+"Encryption is applied to each submission, protecting answers to "
+"questionnaires, comments, attachments, and associated metadata. The "
+"encryption keys are assigned per user and per report, ensuring that only "
+"whistleblowers and their intended recipients can access the reports. This"
+" means that if users forget their passwords, they will lose access to the"
+" data in their accounts."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:9
+msgid ""
+"To enable users to recover their accounts in case they forget their "
+"passwords, the system includes a `Key Recovery`_ mechanism and provides "
+"each user with an Account Recovery Key. This measure ensures that users "
+"with their own Account Recovery Key can always restore access to their "
+"account and the data it contains."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:11
+msgid ""
+"To prevent data loss in case users lose both their password and their "
+"account recovery key, the system can be configured to use a `Key Escrow`_"
+" mechanism. This delegates the responsibility of supporting users in "
+"recovering access to their accounts to administrators. This capability "
+"enhances the project's resilience against data loss due to users' death "
+"or conflicts of interest within the recipient team. However, it also "
+"means that administrators with access to escrow keys could potentially "
+"access other users' accounts and data. Project owners should carefully "
+"decide whether to enable this feature based on the project's threat model"
+" and document their decision in the project's privacy policies."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:14
+msgid "Encryption's workflow"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:15
+msgid ""
+"Users choose a secure personal password during their first login using an"
+" account activation link."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:16
+msgid ""
+"The system creates a personal asymmetric keypair for each user and stores"
+" the private key symmetrically encrypted with a secret derived from the "
+"user's password."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:17
+msgid ""
+"Each user's private key is protected by the Key Recovery mechanism and, "
+"if enabled, by the Key Escrow mechanism."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:18
+msgid "The whistleblower files a report."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:19
+msgid "The system assigns a unique 16-digit receipt number to the whistleblower."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:20
+msgid ""
+"The system generates an asymmetric keypair for the whistleblower and "
+"stores the private key symmetrically encrypted with a secret derived from"
+" the whistleblower’s receipt number."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:21
+msgid ""
+"The system generates an asymmetric keypair for encrypting the report, "
+"attachments, comments, and associated metadata, and stores a copy of the "
+"private key encrypted for each involved user using their own public key."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:22
+msgid ""
+"The system encrypts the report, attachments, comments, and metadata with "
+"the public key generated for the report."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:23
+msgid ""
+"The system grants each involved user access to their reports and "
+"facilitates communication by automatically locking and unlocking the "
+"involved keys when a report is accessed or new communication is made."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:26
+msgid "Encryption's details"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:28
+msgid "Algorithms"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Type"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Implementation"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Asymmetric encryption"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid ""
+"`Libsodium SealedBoxes "
+"<https://pynacl.readthedocs.io/en/stable/public/#nacl.public.SealedBox>`_,"
+" which combines Curve25519, XSalsa20, and Poly1305 algorithms."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Symmetric encryption"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid ""
+"`Libsodium SecretBoxes "
+"<https://pynacl.readthedocs.io/en/stable/secret/#nacl.secret.SecretBox>`_,"
+" which combines XSalsa20 and Poly1305."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:36
+msgid "Users’ credentials"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:37
+msgid "The system uses two types of credentials depending on the user role:"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Credentials type"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "User role"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Passwords"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Used for authenticating users identified by a username"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Receipts"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "16-digit random secrets used for authenticating anonymous whistleblowers"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:45
+msgid "Assumptions:"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:47
+msgid "The system enforces strong password complexity."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:48
+msgid ""
+"The system enforces expiration of receipts according to a strict data "
+"retention policy that limits the number of concurrent active receipts."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:51
+msgid "Users’ keys"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Generation"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Storage"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "ECC Curve25519 keypair"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid ""
+"Generated by the backend during first user login for authenticated users "
+"and upon submission for whistleblowers"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid ""
+"Keys are stored on the backend encrypted using symmetric encryption. The "
+"symmetric key used for encrypting users’ keys is derived from the users’ "
+"credentials using the KDF function `Argon2ID <https://password-"
+"hashing.net/argon2-specs.pdf>`_. The parameters for Argon2ID used for KDF"
+" are stronger than those used for user authentication, with the hash "
+"stored. The parameters are selected to require 128MB of memory per login "
+"and 1 second of computation."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:58
+msgid "Data encryption's keys"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "256-bit keys"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Generated by the backend for each report"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid ""
+"Keys are stored on the backend filesystem encrypted using asymmetric "
+"encryption with Users’ and Whistleblower’s keys, respectively."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:65
+msgid "Key generation"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:66
+msgid ""
+"Users' encryption keys are automatically generated during the first login"
+" and secured using the user passphrase. This straightforward but "
+"effective key generation policy requires users to complete their first "
+"login before being able to receive reports."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:69
+msgid "Key recovery"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:70
+msgid ""
+"The system implements a key recovery mechanism using a recovery key and "
+"symmetric encryption."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:72
+msgid ""
+"When a user key is generated, the private key is symmetrically encrypted "
+"with a randomly generated recovery key."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:74
+msgid ""
+"For usability reasons, this recovery key is also securely encrypted and "
+"stored on the backend, allowing logged-in users who possess their "
+"password to retrieve and print their own account recovery key."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:77
+msgid "Key escrow"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:78
+msgid ""
+"The system offers an optional key escrow mechanism to mitigate data loss "
+"in the event of users losing their passwords."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:80
+msgid ""
+"Key escrow can be enabled during the initial application setup or in the "
+"advanced settings of the software."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:82
+msgid ""
+"We recommend enabling this option to protect whistleblowers' submissions "
+"in cases where recipients lose their passwords. However, if you want to "
+"set up a system where only recipients can access submissions, we advise "
+"against using this feature."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:84
+msgid ""
+"When enabled, the system generates and assigns an escrow key to the "
+"administrator who activated the feature. This key is then used to encrypt"
+" every system key, with a copy preserved that any administrator with the "
+"escrow key can unlock."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:86
+msgid ""
+"Administrators with access to the escrow key can assist internal users "
+"with password recovery and issue password resets. They can also grant "
+"this privilege to other administrators or disable the feature entirely."
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:3
+msgid "Security audits"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:5
+msgid ""
+"GlobaLeaks undergoes independent security audits periodically to verify "
+"and enhance the security of the system. This page lists the most "
+"significant reports available."
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:7
+msgid ""
+"We aim to have audits conducted at least every two years, thanks to "
+"funding opportunities. Each adopter is encouraged to contribute by "
+"funding a general or topic-specific audit based on their capabilities. "
+"This helps ensure that every algorithm, component, and methodology "
+"applied within the project is thoroughly verified."
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:9
+msgid ""
+"If you have conducted or are considering sponsoring a security audit, "
+"please email us at `info@globaleaks.org <mailto:info@globaleaks.org>`_. "
+"This is especially important for general software security. When "
+"requesting a company to audit the software, always remember to ask if the"
+" report can be published afterward; many auditors may not agree to "
+"publish the report later, which has often led to wasted project "
+"resources."
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:11
+msgid ""
+"If you are an independent security auditor or, during your peer review of"
+" GlobaLeaks, you discover or suspect a vulnerability, please do not file "
+"a public issue. Instead, send your report privately through our "
+"`reporting form <https://github.com/globaleaks/whistleblowing-"
+"software/security/advisories/new>`_ or via email to "
+"`security@globaleaks.org <mailto:security@globaleaks.org>`_."
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1 ../../user/admin/UserInterface.rst:135
+msgid "Date"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Auditor"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "2013"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`iSecPartners <https://www.isecpartners.com>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Architecture Audit"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`Report <https://www.globaleaks.org/docs/en/pt/2013-isec.pdf>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`Cure53 <https://cure53.de/>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Web Security Audit"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`Report <https://www.globaleaks.org/docs/en/pt/2013-cure53.pdf>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "2014"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`LeastAuthority <https://leastauthority.com/>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Source Code Audit"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`Report <https://www.globaleaks.org/docs/en/pt/2014-leastauthority.pdf>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "2018"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`SubGraph <https://subgraph.com/>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Overall Audit"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`Report <https://www.globaleaks.org/docs/en/pt/2018-subgraph.pdf>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "2019"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`RadicallyOpenSecurity <https://radicallyopensecurity.com/>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Crypto Audit, Multi-tenancy Audit, Overall Audit"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid ""
+"`Report "
+"<https://www.globaleaks.org/docs/en/pt/2019-radicallyopensecurity.pdf>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "2022"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid ""
+"Server Source Code Audit, Client Pentest, OpSec for Whistleblowers, OpSec"
+" for Server Administrators"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid ""
+"`Report "
+"<https://www.globaleaks.org/docs/en/pt/2022-radicallyopensecurity.pdf>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "2024"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`ISGroup <https://isgroup.it/>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Surface Analysis and Network Penetration Test"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`Report <https://www.globaleaks.org/docs/en/pt/2024-isgroup.pdf>`_"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:3
+msgid "Threat model"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:4
+msgid ""
+"GlobaLeaks is a free and open-source whistleblowing software designed for"
+" various usage scenarios, each requiring a balance between strong "
+"security and high usability. These two requirements are crucial for "
+"managing whistleblowing procedures effectively, protecting "
+"whistleblowers, and achieving specific project goals. Given the variety "
+"of use cases and associated risks, the software can be configured to "
+"address the specific threat model detailed here."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:6
+msgid ""
+"This document is intended for organizations implementing a whistleblowing"
+" procedure using GlobaLeaks. It supports the analysis and understanding "
+"of the specific threat model relevant to their context and risks and "
+"guides users in selecting best practices for their project."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:9
+msgid "Users matrix"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:10
+msgid ""
+"The first step is to define the types of users interacting with a "
+"GlobaLeaks platform."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "User"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Definition"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"The user who submits an anonymous report through the platform. "
+"Whistleblowers may operate under various threat models depending on the "
+"usage scenario and the nature of the information submitted."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"The user who receives and analyzes anonymous reports from Whistleblowers."
+" Recipients act in good faith and are considered trusted parties "
+"concerning the protection of Whistleblowers' confidentiality."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"Users responsible for setting up, managing, and monitoring the platform's"
+" security. Administrators may not be the same entities running or "
+"managing the whistleblowing initiatives (e.g., hosted solutions, multiple"
+" stakeholder projects). Administrators are trusted entities but do not "
+"have direct access to reports and advise Recipients on best practices."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:19
+msgid ""
+"It is crucial to apply security measures relative to the users of the "
+"platform, aiming to achieve an appropriate tradeoff between security and "
+"usability."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:22
+msgid "Anonymity matrix"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:23
+msgid ""
+"The anonymity of users must be classified depending on the context of "
+"use, as follows:"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Anonymous"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"The user accesses the platform via the Tor Browser and follows best "
+"practices to protect their identity, minimizing the risk of tracking by "
+"any system involved in the operation. The user has not disclosed their "
+"identity to Recipients."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Confidential"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"The user accesses the platform via a common browser. While third parties "
+"might log their IP address, the platform protects the content of their "
+"communication. The user may choose to disclose their identity to "
+"Recipients confidentially."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:31
+msgid ""
+"The platform always informs users of their current anonymity status and "
+"provides guidance on best practices for anonymous access via the Tor "
+"Browser. Administrators may enforce the requirement that Whistleblowers "
+"use the Tor Browser to file reports, depending on the use case."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:34
+msgid "Communication security matrix"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:35
+msgid ""
+"The security of communication concerning third-party monitoring varies "
+"based on the context of use."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Security level"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Description"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "High security"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"Tor is used, and communication is encrypted end-to-end with the "
+"GlobaLeaks platform, ensuring that no third party can eavesdrop on the "
+"communication."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Medium security"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"HTTPS is used, and communication is encrypted end-to-end with the "
+"GlobaLeaks platform. A third party capable of manipulating HTTPS security"
+" (e.g., re-issuing TLS certificates) could eavesdrop on the "
+"communication. If HTTPS security is maintained, monitoring the user's "
+"communication line or the GlobaLeaks platform's communication line is not"
+" feasible."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1 ../../security/ThreatModel.rst:44
+msgid "Identity disclosure matrix"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:45
+msgid ""
+"Regardless of the anonymity matrix, users may choose or be required to "
+"disclose their identity."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Undisclosed"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "The user's identity is not disclosed and is unlikely to be disclosed."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Optionally disclosed"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"The user's identity is not disclosed by default but may be voluntarily "
+"disclosed (e.g., an anonymous tip-off MAY receive a follow-up, whereas a "
+"formal report with disclosed identity MUST receive a follow-up)."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Disclosed"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "The user chooses or is required to disclose their identity to other users."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:54
+msgid ""
+"Identity disclosure is crucial because even in an Anonymous High security"
+" environment, disclosing one's identity may be a valuable option for "
+"specific whistleblowing workflows."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:56
+msgid ""
+"Users starting with an anonymity setting of “Anonymous” and an "
+"“Undisclosed Identity” can decide later to disclose their identity. "
+"Conversely, this cannot be undone. This consideration is key to ensuring "
+"user protection in GlobaLeaks."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:58
+msgid ""
+"Voluntary identity disclosure may be required in certain whistleblowing "
+"procedures because:"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:60
+msgid "A tip-off MAY receive a follow-up and can be anonymous;"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:61
+msgid "Formal reports MUST receive a follow-up and cannot be anonymous."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:63
+msgid ""
+"The distinction between “MAY” and “MUST” refers to the actions of "
+"recipients and is a fundamental element of the guarantees provided to "
+"whistleblowers in many initiatives (e.g., a corporate or institutional "
+"whistleblowing platform should not follow a MUST approach for anonymous "
+"submission follow-up, treating such submissions as tip-offs rather than "
+"formal reports)."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:66
+msgid "Usage scenarios matrix"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:67
+msgid ""
+"This section provides examples of how different anonymity levels for "
+"users can be combined depending on the context of use."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Use case"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Media outlet"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"A media outlet with a disclosed identity initiates a whistleblowing "
+"project. The outlet’s recipients are disclosed to Whistleblowers, "
+"allowing them to trust a specific journalist rather than the outlet "
+"itself. Full anonymity must be assured to whistleblowers, and their "
+"identity cannot be disclosed in connection with anonymous submissions. "
+"Whistleblowers MAY choose to disclose their identity if they trust the "
+"journalist's source-protection record."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Corporate compliance"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"A corporation implements transparency or anti-bribery law compliance by "
+"promoting initiatives to employees, consultants, and providers. "
+"Recipients are part of a company division (e.g., Internal Audit office). "
+"Whistleblowers are guaranteed full anonymity but may optionally disclose "
+"their identity."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Human Rights Activism Initiative"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"A human rights group initiates a whistleblowing project to expose "
+"violations in a dangerous area. The organization requires anonymity to "
+"avoid retaliation and operates under a pseudonym. Recipients MUST not be "
+"disclosed to Whistleblowers, but partial disclosure by pseudonym is "
+"acceptable to establish trust. The Whistleblower MUST be guaranteed "
+"anonymity and their identity cannot be disclosed."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Citizen media initiative"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"A citizen media initiative with a public identity seeks reports on "
+"specific topics (e.g., political, environmental malpractice, corruption) "
+"in a medium-low risk operational context. Recipients may use pseudonyms "
+"or remain public to avoid complete exposure. Whistleblowers, if the topic"
+" is not life-threatening, may submit reports confidentially to lower the "
+"entry barrier."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:77
+msgid ""
+"The following matrix illustrates how different usage scenarios can "
+"require various anonymity levels, communication security requirements, "
+"and identity disclosures for different users."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:79
+msgid ""
+"GlobaLeaks will provide appropriate security awareness information "
+"through its user interface and enforce specific requirements based on "
+"clear configuration guidelines."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Scenario"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Anonymity level"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Identity disclosure"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Communication security"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "No anonymity"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Admin"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Partially disclosed"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:98
+msgid "Data security matrix"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:99
+msgid ""
+"This section highlights the data handled by GlobaLeaks and the protection"
+" schemes applied to it."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:101
+msgid "The following information types are involved in GlobaLeaks:"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Information type"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Questionnaire answers"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"Data associated with a submission, including the filled forms and options"
+" selected by the Whistleblower."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Submission attachments"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Files associated with a submission."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Platform configuration"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Data for configuring and customizing the platform."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Software files"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"All files required for the software to function, including default "
+"configurations."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Email notifications"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Data sent to notify recipients of new reports via email."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:112
+msgid "Below is a matrix showing the different security measures applied to data."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Encryption"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Filters"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Sanitization"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Encrypted in the database with per-user/per-submission keys"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Keyword filters"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Antispam, Anti-XSS"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Encrypted on the filesystem with per-user/per-submission keys"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Extension blocking, Antivirus"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "N/A"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Encrypted with PGP when recipient keys are available"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Antispam to prevent flooding"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:122
+msgid "Threats to anonymity and confidentiality"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:123
+msgid ""
+"This section highlights various threats that require specific "
+"consideration."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:126
+msgid "Browser history and cache"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:127
+msgid ""
+"GlobaLeaks uses crafted HTTP headers and other techniques to minimize "
+"leaking information into a user’s browser history or cache. While this "
+"privacy feature enhances safety, it cannot guarantee protection against "
+"forensic analysis of browser cache and history but serves as an "
+"additional safety measure."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:130
+msgid "Metadata"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:131
+msgid ""
+"Files may contain metadata related to the author or whistleblower. "
+"Cleaning metadata from submitted files helps protect an \"unaware\" "
+"whistleblower from inadvertently including information that may "
+"compromise their anonymity. GlobaLeaks does not automatically clean "
+"metadata by default, as metadata is considered a fundamental part of the "
+"original evidence that should be preserved. Metadata cleanup is an "
+"optional step that may be suggested to Whistleblowers or performed by "
+"Recipients when sharing documents with others. When sharing files with "
+"external parties, Recipients are advised to print the document and "
+"provide a hard copy to ensure that only visible information is shared, "
+"avoiding the risk of sharing sensitive metadata. For more on metadata and"
+" redacting digital files, see the article `Everything you wanted to know "
+"about media metadata, but were afraid to ask "
+"<https://freedom.press/training/everything-you-wanted-know-about-media-"
+"metadata-were-afraid-ask/>`_ by Harlo Holmes. A useful tool for these "
+"procedures is the `Metadata Anonymization Toolkit "
+"<https://0xacab.org/jvoisin/mat2>`_."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:134
+msgid "Malware and trojans"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:135
+msgid ""
+"GlobaLeaks cannot prevent an attacker from using the platform maliciously"
+" to target recipients with malware or trojans. To mitigate risks of data "
+"exfiltration through trojans, Recipients should implement proper "
+"operational security by using dedicated laptops for report viewing and "
+"opening file attachments on offline computers. Wherever possible, they "
+"should use specialized secure operating systems like `QubesOS "
+"<https://www.qubes-os.org/>`_ or `Tails <https://tails.boum.org/>`_ and "
+"ensure up-to-date antivirus software is running."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:138
+msgid "Network and reverse proxies"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:139
+msgid ""
+"GlobaLeaks is designed for use with direct Tor or TLS connections from "
+"the user’s browser to the application backend. The use of Network and "
+"Reverse Proxies in front of the application is discouraged as they can "
+"interfere with the application and compromise confidentiality and "
+"anonymity measures implemented in GlobaLeaks."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:142
+msgid "Data stored outside the platform"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:143
+msgid ""
+"GlobaLeaks does not provide security for data stored outside the "
+"GlobaLeaks system. It is the responsibility of Recipients to protect data"
+" downloaded from the platform or shared via external USB drives. The "
+"operating system used or the USB drive should offer encryption to ensure "
+"that, in case of device loss or theft, the data remains inaccessible."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:146
+msgid "Environmental factors"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:147
+msgid ""
+"GlobaLeaks does not protect against environmental factors related to "
+"users' physical locations or social relationships. For example, if a user"
+" has a surveillance device in their home, GlobaLeaks cannot provide "
+"protection. Similarly, if a whistleblower, who is supposed to be "
+"anonymous, shares their story with friends or coworkers, GlobaLeaks "
+"cannot offer protection."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:150
+msgid "Incorrect data retention policies"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:151
+msgid ""
+"GlobaLeaks implements a strict default data retention policy of 90 days "
+"to allow users to manage reports within a limited time frame necessary "
+"for investigations. If the platform is configured to retain reports for "
+"an extended period and Recipients do not manually delete unnecessary "
+"reports, the value of the data increases, along with the risk of "
+"exposure."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:154
+msgid "Human negligence"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:155
+msgid ""
+"While GlobaLeaks provides Administrators with the ability to fine-tune "
+"security configurations and continuously informs users about their "
+"security context, it cannot protect against major security threats "
+"resulting from human negligence. For instance, if a Whistleblower submits"
+" data that can identify them as the unique owner or recent viewer, "
+"GlobaLeaks cannot protect their identity."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:158
+msgid "Advanced traffic analysis"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:159
+msgid ""
+"An attacker monitoring HTTPS traffic, without the ability to decrypt it, "
+"can still identify user roles based on different network traffic patterns"
+" generated by Whistleblowers, Recipients, and Administrators. GlobaLeaks "
+"does not offer protection against this type of threat. We recommend using"
+" `Tor pluggable transports <https://2019.www.torproject.org/docs"
+"/pluggable-transports.html.en>`_ or other methods that provide additional"
+" protection against such attacks."
+msgstr ""
+
+#: ../../security/index.rst:2
+msgid "Security"
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:2
+msgid "Installation guide"
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:3
+msgid "The following guide will help you through the installation of GlobaLeaks."
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:5
+msgid ""
+"Before starting the installation, ensure that your system meets the "
+":doc:`Requirements </gettingstarted/Requirements>`."
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:8
+msgid ""
+"GlobaLeaks is designed to provide optimal technical anonymity for "
+"whistleblowers. Additionally, the software can be configured to protect "
+"the identity of the platform administrator and the server's location, but"
+" this requires advanced setup procedures not covered in this simplified "
+"installation guide. By executing the commands below, your IP address and "
+"system location could be tracked by network providers, and our systems "
+"will receive the same information to facilitate software provisioning."
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:12
+msgid "**Install GlobaLeaks**"
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:14
+msgid "To install GlobaLeaks, run the following commands:"
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:22
+msgid ""
+"You may also install GlobaLeaks using Docker. Check out the `docker` "
+"directory in our GitHub repository for instructions."
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:24
+msgid ""
+"After installation, follow the instructions provided to guide you through"
+" accessing the :doc:`Platform wizard </setup/PlatformWizard>`."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:2
+msgid "Platform wizard"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:3
+msgid "After installing GlobaLeaks, you can proceed with the platform wizard."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:5
+msgid ""
+"Open a browser at port 443 or port 8443 on your remote or local IP, "
+"respectively."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:7
+msgid ""
+"We recommend performing the wizard either using the Tor address provided "
+"at the end of the setup or on localhost via a VPN."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:10
+msgid "Choose the primary language for your site"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:11
+msgid ""
+"On the first page of the wizard, you will be prompted to select the "
+"language for your site. The default choice is English, but many other "
+"languages are available, with more expected in the future."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:16
+msgid "Choose a name for your project"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:17
+msgid "In the second section of the wizard, configure the name of your project."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:22
+msgid "Configure the account for the administrator of your whistleblowing site"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:23
+msgid ""
+"In the third section of the wizard, configure the account details for the"
+" administrator of your project."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:25
+msgid ""
+"Be sure to choose a strong password to protect this sensitive account; an"
+" indication of the strength of the chosen password is provided to guide "
+"you."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:30
+msgid "Configure the account for the first recipient of reports"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:31
+msgid ""
+"In the fourth section of the wizard, configure the account details for "
+"the first recipient of reports sent to your project."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:36
+msgid "Read and accept the license"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:37
+msgid ""
+"In the fifth section of the wizard, you will be prompted to read and "
+"accept the GlobaLeaks License."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:42
+msgid "Complete the wizard"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:43
+msgid "The sixth section of the wizard confirms the completion of the setup."
+msgstr ""
+
+#: ../../user/Admin.rst:2
+msgid "For administrators"
+msgstr ""
+
+#: ../../user/Common.rst:2
+msgid "Common to all users"
+msgstr ""
+
+#: ../../user/Common.rst:4
+msgid "Login"
+msgstr ""
+
+#: ../../user/Common.rst:5
+msgid "Users could login by accessing the ``/#/login`` page."
+msgstr ""
+
+#: ../../user/Common.rst:10
+msgid "Access the user preferences"
+msgstr ""
+
+#: ../../user/Common.rst:11
+msgid ""
+"After login Users could access their preferences by clicking the "
+"``Preferences`` link present in the login status bar."
+msgstr ""
+
+#: ../../user/Common.rst:16
+msgid "Change your password"
+msgstr ""
+
+#: ../../user/Common.rst:17
+msgid ""
+"Users could change their own password by accessing the ``Password`` tab "
+"present in the ``Preferences`` page."
+msgstr ""
+
+#: ../../user/Common.rst:22
+msgid "Reset your password"
+msgstr ""
+
+#: ../../user/Common.rst:23
+msgid ""
+"Users could requests a password reset via the ``/#/login`` page by "
+"clicking the ``Forgot password?`` button."
+msgstr ""
+
+#: ../../user/Common.rst:25
+msgid ""
+"After clicking the button users are requested to type their own username "
+"or email address."
+msgstr ""
+
+#: ../../user/Common.rst:34
+msgid "Enable two-factor-authentication (2fa)"
+msgstr ""
+
+#: ../../user/Common.rst:35
+msgid ""
+"Users could enable Two-Factor-Authentication by clicking the ``Enable two"
+" factor authentication`` option inside the ``Preferences`` page."
+msgstr ""
+
+#: ../../user/Common.rst:37
+msgid ""
+"To enable the feature the user requires to have a phone with installed a "
+"common ``Authenticator APP`` implementing the TOTP standard as by `RFC "
+"6238 <https://tools.ietf.org/html/rfc6238>`_"
+msgstr ""
+
+#: ../../user/Common.rst:42
+msgid "Access and save your account recovery key"
+msgstr ""
+
+#: ../../user/Common.rst:43
+msgid ""
+"Users could access their own Account Recovery key by clicking the "
+"``Account Recovery Key`` button present in the ``Preferences`` page."
+msgstr ""
+
+#: ../../user/Common.rst:45
+msgid ""
+"This is a fundamental step that any user should do at their first login "
+"after activating their own account in order to backup their own account "
+"recovery key and get sure to not incur in data loss due to password loss."
+msgstr ""
+
+#: ../../user/Recipient.rst:2
+msgid "For recipients"
+msgstr ""
+
+#: ../../user/Recipient.rst:5
+msgid "Access the list of the existing reports"
+msgstr ""
+
+#: ../../user/Recipient.rst:6
+msgid ""
+"The lists of the existing reports can be accessed via the link "
+"``Reports`` on the sidebar of the Recipient's Homepage."
+msgstr ""
+
+#: ../../user/Recipient.rst:13
+msgid "Access a report"
+msgstr ""
+
+#: ../../user/Recipient.rst:14
+msgid "A report can be accessed in two ways:"
+msgstr ""
+
+#: ../../user/Recipient.rst:16
+msgid "By clicking on it like on a mailbox system from the ``Reports`` page"
+msgstr ""
+
+#: ../../user/Recipient.rst:17
+msgid ""
+"By clicking on the link received on a mail notification and entering own "
+"credentials"
+msgstr ""
+
+#: ../../user/Whistleblower.rst:2
+msgid "For whistleblowers"
+msgstr ""
+
+#: ../../user/Whistleblower.rst:5
+msgid "File a new report"
+msgstr ""
+
+#: ../../user/Whistleblower.rst:6
+msgid ""
+"A new report can be filed by accessing the homepage of the platform and "
+"clicking the ``File a report`` button."
+msgstr ""
+
+#: ../../user/Whistleblower.rst:12
+msgid ""
+"After filing a new report the systems provides to the user a 16-digit "
+"receipt."
+msgstr ""
+
+#: ../../user/Whistleblower.rst:17
+msgid "Access an existing report"
+msgstr ""
+
+#: ../../user/Whistleblower.rst:18
+msgid ""
+"An existing report can be accessed by entering the 16-digit receipt "
+"obtained at the end of the submission on the login interface present on "
+"the home page of the platform."
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:2
+msgid "Backup and restore"
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:4
+msgid "To perform a manual backup, you can use the following bash script:"
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:21
+msgid ""
+"After running the script, you will find a `tar.gz` archive in "
+"`/var/globaleaks/backups`. The file will be named in the format: "
+"`globaleaks-$version-$timestamp.tar.gz`."
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:23
+msgid ""
+"GlobaLeaks automatically performs a backup during each platform update. "
+"These backups are retained under a data retention policy and are deleted "
+"15 days after the update."
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:25
+msgid "To restore an existing backup:"
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:27
+msgid ""
+"Ensure that GlobaLeaks is not running; you can stop it using: `service "
+"globaleaks stop`."
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:28
+msgid ""
+"Identify the version of GlobaLeaks required for the restoration, which is"
+" indicated in the backup filename."
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:29
+msgid ""
+"Extract the contents of the archive to `/var/globaleaks` using: `tar "
+"-zxvf backup.tar.gz`."
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:30
+msgid ""
+"Install the required version of GlobaLeaks with: `apt-get install "
+"globaleaks=<version>` (e.g., `globaleaks=3`)."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:2
+msgid "Common configurations"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:4
+msgid "Configure the logo"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:5
+msgid ""
+"The first thing you want to give to your whistleblowing site is a "
+"branding identity; this could be done by loading a logo in section Site "
+"settings / Main configuration."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:9
+msgid ""
+"Scroll down along the page to reach the \"Save\" button, click on it and "
+"have your logo and favicon applied."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:12
+msgid "Enable languages"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:13
+msgid "You may want your GlobaLeaks installation served on more than one language"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:15
+msgid ""
+"To do so, in the section \"Site settings / Languages\" select the "
+"languages you would like and add them."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:17
+msgid ""
+"Note that in the same interface you can mark the default application "
+"language."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:22
+msgid "Configure notification settings"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:23
+msgid ""
+"GlobaLeaks sends out notifications of different events to different "
+"receivers and to admins. In order to have this working, you have to "
+"select  \"Notification Settings\" in the \"Administration Interface - "
+"General Settings\" page and set up email account and related server "
+"parameters."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:25
+msgid ""
+"We suggest you to setup an email account dedicated to sending out "
+"notifications from your initiative."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:29
+msgid "Enter the followings:"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:31
+msgid ""
+"SMTP name: the name of your GlobaLeaks project or something that equally "
+"descriptive"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:32
+msgid "SMTP email address: the email address used to send notifications"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:33
+msgid ""
+"Username: the username corresponding to the just inserted \"SMTP email "
+"address\"; this is needed to authenticate to the SMTP server and send "
+"emails"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:34
+msgid "Password: Password of the above corresponding \"SMTP email address\""
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:35
+msgid ""
+"SMTP Server Address: it is the hostname of the SMTP server you are using "
+"to send notification emails"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:36
+msgid ""
+"SMTP Server Port: Port used to send outgoing emails. It is usually 465 or"
+" 587 (SMTP with TLS is at TCP port 587; SMTP with SSL is at 465)"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:37
+msgid ""
+"Transport Security: from the drop down menu select the opportune security"
+" level"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:39
+msgid ""
+"It is better to leave untouched the pre-defined settings pertaining the "
+"notification to admins and to recipients, but in the case you want to "
+"disable them, it is possible to check the corresponding checkboxes."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:41
+msgid ""
+"You can then set the value for the time at which the notification alert "
+"of expiring report; this value is set at 72hours to give time to the "
+"recipient(s) to check and manage the pending submissions."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:43
+msgid ""
+"It is possible to tweak the maximum number of emails allowed in an hour, "
+"before email wil be suspended in order to avoid flooding the system. It "
+"is advised to keep the pre-defined value, and eventually change it "
+"accordingly with mail server capabilities."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:45
+msgid ""
+"Once configured all the parameters for notifications, it is possible to "
+"test them by just clicking on the \"Test the configuration\" button."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:47
+msgid ""
+"If all is working as expected, click on the \"Save\" button to keep the "
+"configured parameters."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:50
+msgid "Configure recipients"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:51
+msgid ""
+"The Recipient is the person that will receive and process the data that "
+"whistleblowers input in the platform. You can have one or multiple "
+"Recipients per Context, and also have one Recipient that can access to "
+"multiple Contexts. The platform is very flexible on this and allows you "
+"to define in very detail your whistleblowing system and procedure."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:55
+msgid "Customize the graphic layout"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:57
+msgid "Example 1: Custom Background"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:58
+msgid ""
+"This CSS example shows how to customize the Background Color of the "
+"application."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:68
+msgid "Example 2: Custom Font"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:69
+msgid "This CSS example shows how to customize the font of the application."
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:2
+msgid "Troubleshooting"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:5
+msgid "Issues and bug reporting"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:7
+msgid "If you encounter any issues and are unable to run GlobaLeaks:"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:9
+msgid "Ensure you strictly follow the Installation Guide."
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:10
+msgid ""
+"Verify that you meet the Technical Requirements for hardware and "
+"operating system version."
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:11
+msgid ""
+"Search the support forum to see if a user has already encountered your "
+"issue: `GlobaLeaks Discussions "
+"<https://github.com/orgs/globaleaks/discussions>`_"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:12
+msgid ""
+"Report the issue on the official software issue tracker: `GlobaLeaks "
+"Issues <https://github.com/globaleaks/globaleaks-whistleblowing-software/issues>`_"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:15
+msgid "Useful debugging commands"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:17
+msgid ""
+"Depending on your setup, here are some common checks to determine if "
+"GlobaLeaks is working:"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:19
+msgid "Is the service running?"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:25
+msgid "Is the service responding on the loopback interface?"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:31
+msgid "Is the service listening on external interfaces?"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:37
+msgid "Are exceptions being generated?"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:45
+msgid "Log files"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:46
+msgid ""
+"Here are some useful logs and their corresponding files when GlobaLeaks "
+"is installed:"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:48
+msgid "**GlobaLeaks process:**"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:55
+msgid ""
+"The verbosity of the logs is configurable via the web interface of the "
+"software under Advanced Settings."
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:2
+msgid "Upgrade guide"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:4
+msgid "Regular update"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:5
+msgid ""
+"To safely upgrade a GlobaLeaks installation please proceed with a backup "
+"of your setup by following the :doc:`Backup and restore "
+"</user/admin/BackupAndRestore>` guide."
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:7
+msgid ""
+"This is necessary so that if something goes wrong and you need to "
+"rollback, you will be able to just uninstall the current package, then "
+"install the same version of globaleaks that was previously installed and "
+"working."
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:9
+msgid "In order to update GlobaLeaks perform the following commands:"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:16
+msgid "Upgrade of the distribution version"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:17
+msgid ""
+"For security and stability reasons it is recommended to not perform a "
+"distribution upgrade."
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:19
+msgid ""
+"GlobaLeaks could be instead easily migrated to a new up-to-date Debian "
+"system with the following recommended instructions:"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:21
+msgid "create an archive backup of /var/globaleaks"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:22
+msgid "instantiate the lates Debian available"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:23
+msgid "log on the new server and extract the backup in /var/globaleaks"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:24
+msgid ""
+"follow the :doc:`Installation Guide </setup/InstallationGuide>`; "
+"GlobaLeaks while installing will recognize the presence of an existing "
+"data directory and will use it"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:27
+msgid "In case of errors"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:28
+msgid ""
+"The above commands should allow you to perform regularly updates. On some"
+" conditions due to special updates it could be possible that those "
+"commands result in a failure. Consult this page for knowning specific "
+"FAQs on precise failures."
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:30
+msgid ""
+"In case you do not find any specific documented solution for your "
+"failure, you could run the GlobaLeaks install script. The installation "
+"script in fact is designed to allow the update of GlobaLeaks and it "
+"includes fixes for the most common issue."
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:33
+msgid ""
+"To run the install script for updating globaleaks perform the following "
+"commands:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:2
+msgid "User interface"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:3
+msgid ""
+"This section offers you a summary of the user interface offered to Admin "
+"users."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:7
+msgid "Through the menu you could access the following administrative sections:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:9 ../../user/admin/UserInterface.rst:28
+#: ../../user/admin/UserInterface.rst:33 ../../user/admin/UserInterface.rst:44
+msgid "Settings"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:11 ../../user/admin/UserInterface.rst:77
+msgid "Users"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:13 ../../user/admin/UserInterface.rst:99
+msgid "Questionnaires"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:15 ../../user/admin/UserInterface.rst:158
+msgid "Channels"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:17 ../../user/admin/UserInterface.rst:185
+msgid "Case management"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:21 ../../user/admin/UserInterface.rst:228
+msgid "Network"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:23 ../../user/admin/UserInterface.rst:279
+msgid "Sites"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:25 ../../user/admin/UserInterface.rst:309
+msgid "Audit log"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:29
+msgid ""
+"This is the section that offers you all the main customization "
+"possibilities necessary for implementing a basic and functional "
+"whistleblowing site."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:31
+msgid "This section is furtherly divided in:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:35 ../../user/admin/UserInterface.rst:50
+msgid "Files"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:37 ../../user/admin/UserInterface.rst:56
+msgid "Languages"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:39
+msgid "Text customization"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:41
+msgid "Advanced settings"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:45
+msgid ""
+"In this section is configurable the logo and all the texts of the main "
+"user interfaces."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:51
+msgid ""
+"In this section could be loaded CSS and Javascript and other files "
+"necessary to customize the interface."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:57
+msgid ""
+"In this section you could enable all the languages required by your "
+"project and configure the default language."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:60
+msgid ""
+"Thanks to the `Localization Lab <https://www.localizationlab.org/>`_ and "
+"our great volunteer community, the software is already available and "
+"continuously made available in a lot of languages. This aspect of "
+"internationalization is crucial in many projects. In case you are "
+"starting a project and the required languages are not available we "
+"strongly invite you to register on our `web translation platform "
+"<https://www.transifex.com/otf/globaleaks/>`_ offered by `Transifex "
+"<https://www.transifex.com/otf/globaleaks/>`_ and support yourself the "
+"translation. Internationalization and Localization is in fact are crucial"
+" for the success of a whistleblowing project. Thank you!"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:65
+msgid "Text Customization"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:66
+msgid ""
+"Here could be configured overrides for any of the texts of the platform "
+"and of their translation."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:71
+msgid "Advanced Settings"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:72
+msgid "In this section could be configured a set of advanced settings."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:78
+msgid ""
+"This sections is where users could be created and managed. The system "
+"with the basic configuration completed with the initial Platform wizard "
+"is configured with an Administrator and a Recipient."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:81
+msgid ""
+"Depending on your project needs here you could create users with "
+"different roles and manage their respective privileges."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:86
+msgid "User Roles"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:87
+msgid ""
+"The software offers the possibility to create users with the following "
+"roles:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:89
+msgid "Administrators"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:91
+msgid "Recipients"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:94
+msgid "User Options"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:100
+msgid ""
+"The softare implements a standard default questionnaire that is proposed "
+"as a good base for a generic whistleblowing procedure. This questinnaire "
+"is the current result of the research performed by the project team with "
+"the organizations that have adopted the solution and expecially with "
+"anticorruption and investigative journalism NGOs."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:102
+msgid ""
+"As every organization has different needs, risks and goals globaleaks has"
+" been designed considering to implement an advanced questionnaire builder"
+" offering the possibility to design custom questionnaires."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:104
+msgid ""
+"The following sections present the questionnaire builder and its "
+"capabilities."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:108
+msgid ""
+"Depending on your project needs you may evaluate defining some questions "
+"once as Question Templates and reuse the same question in multiple "
+"questionnaires."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:113
+msgid "Steps"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:114
+msgid ""
+"The software enables to organize questionnaire in one or multiple steps. "
+"For example the default questionnaire is organized with a single step "
+"including all the questions."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:118
+msgid "Questions Types"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:119
+msgid "The software enables you to create questions of the following types:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:121
+msgid "Single-line text input"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:123
+msgid "Multi-line text input"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:125
+msgid "Selection box"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:127
+msgid "Multiple choice input"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:129
+msgid "Checkbox"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:131
+msgid "Attachment"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:133
+msgid "Terms of service"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:137
+msgid "Date range"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:139
+msgid "Voice"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:141
+msgid "Question group"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:144
+msgid "Common Question Properties"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:145
+msgid ""
+"Each of the software question types make it possible to configure the "
+"following properties:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:147
+msgid "Question: The text of the question"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:149
+msgid ""
+"Hint: A hint that will be shown via an popover an a question mark near "
+"the question."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:151
+msgid "Description: A description text that will be shown below the question"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:153
+msgid "Required: Set this field if you want this question to be mandatory"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:155
+msgid ""
+"Preview: Set this field if you want the answers to this question to "
+"appear in the preview section of the list"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:159
+msgid ""
+"This section is where whistleblowing channels could be created and "
+"managed."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:161
+msgid ""
+"A whistleblowing channel is typically defined by the following main "
+"characteristics"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:163
+msgid ""
+"Name: the name of the channel Image: an image to identify the channel "
+"Description: a description of the channel Recipients: the set of "
+"recipients that will receive reports sent to this channel Questionnaire: "
+"the questionnaire that will be proposed to whistleblowers selecting this "
+"channel Submission expiration: the data retention policy for the channel"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:170
+msgid ""
+"The system with the basic configuration completed with the initial "
+"platform wizard is configured with a single Channel called Default, on "
+"which is associated a recipient and the default questionnaire."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:172
+msgid ""
+"Depending on your project needs here you could create additional Channels"
+" and configure their respective properties."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:177
+msgid "Data Retention Policy"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:178
+msgid ""
+"The software enables to configure a data retention policy for each "
+"channel. This is a fundamental property of the whistleblowing channel "
+"that makes it possible to configure automatic secure deletion of reports "
+"after a certain period of time. This setting should be configured in "
+"relation to the risk of the channel in order to limit unneeded exposure "
+"of the reports received therein."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:182
+msgid "By default a channel is configured with a report expiration of 90 days."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:186
+msgid ""
+"This section is intended to host all the main case management feature "
+"that will be offered by the software. Currently it hosts the possibility "
+"to define reports statuses and sub-statuses intended to be used by "
+"Recipients while working on the reports."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:194
+msgid "By default the system includes the following report statuses:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:190
+msgid "New"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:192
+msgid "Open"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:194
+msgid "Closed"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:196
+msgid ""
+"Within this section you may add additional Statuses between the State "
+"Open and Closed and you can furtherly define Sub-statuses for the Closed "
+"status (e.g. Archived / Spam)"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:202
+msgid ""
+"This is the section where are configured all the aspects related to the "
+"mail notifications sent by the software."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:207
+#: ../../user/admin/UserInterface.rst:238
+msgid "The section is furtherly divided in:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:205
+#: ../../user/admin/UserInterface.rst:210
+msgid "Notification Settings"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:207
+#: ../../user/admin/UserInterface.rst:219
+msgid "Notification Templates"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:211
+msgid "Here are configured the technical details about SMTP."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:214
+msgid ""
+"By default GlobaLeaks comes with a working configuration that is based on"
+" systems offered by the GlobaLeaks developers to the community of users "
+"and testers; even though this configuration is designed by their owners "
+"with special care in relation to security and privacy you are invited to "
+"consider using alternative systems for your production environment."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:220
+msgid "In this section are configured the notification templates."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:222
+msgid ""
+"By default globaleaks includes text and translations for each of the "
+"templates that are provided to be fully functional and studied with "
+"particular care in relation to security and privacy. Depending on your "
+"project needs you may override the default text with your customized "
+"texts."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:229
+msgid "In this section are configured the network settings."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:232
+#: ../../user/admin/UserInterface.rst:241
+msgid "HTTPS"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:234
+#: ../../user/admin/UserInterface.rst:255
+msgid "Tor"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:236
+msgid "IP Access control"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:238
+#: ../../user/admin/UserInterface.rst:273
+msgid "URL Redirects"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:242
+msgid ""
+"Here you can configure all the aspects related to the access of the "
+"platform via the HTTPS Protocol."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:246
+msgid "In particular here are configured:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:248
+msgid "The domain name used by your project"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:250
+msgid "The HTTPS key and certificates"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:252
+msgid ""
+"To ease the deployment and the maintenance and reduce the costs of your "
+"project, consider using the software includes support for the Let’s "
+"Encrypt HTTPS certificates."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:256
+msgid ""
+"Here you can configure all the aspects related to the access of the "
+"platform via the Tor Protocol."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:261
+msgid "IP Access Control"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:262
+msgid "Here you can configure IP based Access Control."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:266
+msgid "Suggested configurations are:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:268
+msgid "Prevent Whistleblowers to report from within their respective work space."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:270
+msgid "Restrict Recipients access to their intranet."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:274
+msgid "Here you can configure URL Redirects."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:280
+msgid ""
+"The site section enables organization to create and manage multiple "
+"secondary whistleblowing sites."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:283
+msgid "Sites Management"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:284
+msgid ""
+"Secondary whistleblowing platforms with independent configurations can be"
+" manually created and managed through the Sites interface."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:286
+msgid ""
+"Organizations have typically need for creating a secondary site when "
+"dealing with subsidiaries or third party clients."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:290
+msgid ""
+"After creating a secondary site an administrators of the main site could "
+"simply enter on that system by clicking a \"Configure\" button."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:292
+msgid ""
+"After clicking on the button the administrator will be logged in on the "
+"the administrative panel of the site."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:295
+msgid "Signup Module"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:296
+msgid ""
+"The software features a signup module that can be enabled and used to "
+"offers others users the possibility to register their secondary site."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:298
+msgid ""
+"Organizations have typically need for a signup module when offering the "
+"platform to other subsidiaries or third party clients where they want "
+"users to have the possibility to self subscribe."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:300
+msgid "The signup feature can be anabled in the Options tab of the Sites section."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:304
+msgid ""
+"When the signup module is enabled the submission module of the main site "
+"is automatically disabled and the home page will be featuring the "
+"following signup form:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:310
+msgid ""
+"The software features a privacy precerving audit log enabling "
+"administrators of the system to supervise on projects operations."
+msgstr ""
+
+#: ../../user/index.rst:2
+msgid "User documentation"
+msgstr ""
+
diff --git a/documentation/locale/ru/LC_MESSAGES/sphinx.mo b/documentation/locale/ru/LC_MESSAGES/sphinx.mo
new file mode 100644
index 0000000000..676b140ef9
Binary files /dev/null and b/documentation/locale/ru/LC_MESSAGES/sphinx.mo differ
diff --git a/documentation/locale/ru/LC_MESSAGES/sphinx.po b/documentation/locale/ru/LC_MESSAGES/sphinx.po
new file mode 100644
index 0000000000..fe8366e320
--- /dev/null
+++ b/documentation/locale/ru/LC_MESSAGES/sphinx.po
@@ -0,0 +1,4672 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) 2011-2024 - GlobaLeaks
+# This file is distributed under the same license as the GlobaLeaks package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2024.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: GlobaLeaks 5.0.15\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2024-10-14 19:43+0200\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language: ru\n"
+"Language-Team: ru <LL@li.org>\n"
+"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && "
+"n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Generated-By: Babel 2.16.0\n"
+
+#: ../../developer/ContinuousIntegration.rst:3
+msgid "Continuous integration"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:4
+msgid ""
+"The GlobaLeaks codebase is continuously tested for bug within a complete "
+"continuous integration lifecycle implemented."
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:6
+msgid "Testes are performed at every commit by:"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:8
+msgid ""
+"performing continous integration testing with `GitHub Actions "
+"<https://github.com/globaleaks/globaleaks-whistleblowing-software/actions>`_;"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:9
+msgid ""
+"tracking tests coverage and code quality with `Codacy "
+"<https://app.codacy.com/manual/GlobaLeaks/GlobaLeaks>`_."
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:12
+msgid "Unit tests"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:13
+msgid "Unit tests are implemented by means of python-twisted and trial"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:15
+#: ../../developer/ContinuousIntegration.rst:26
+msgid "Tests can be run manually by issuing:"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:23
+msgid "E2E tests"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:24
+msgid "End to end tests are implemented by means of Cypress."
+msgstr ""
+
+#: ../../developer/DatabaseSchema.rst:2
+msgid "Database schema"
+msgstr ""
+
+#: ../../developer/Environment.rst:3
+msgid "Development environment"
+msgstr ""
+
+#: ../../developer/Environment.rst:4
+msgid ""
+"This guide describes how to set up an environment in order to contribute "
+"to the development of GlobaLeaks."
+msgstr ""
+
+#: ../../developer/Environment.rst:7 ../../gettingstarted/Requirements.rst:2
+msgid "Requirements"
+msgstr ""
+
+#: ../../developer/Environment.rst:8
+msgid ""
+"The guide assumes you run a Debian based system and that the following "
+"software is installed on your system:"
+msgstr ""
+
+#: ../../developer/Environment.rst:10
+msgid "debhelper"
+msgstr ""
+
+#: ../../developer/Environment.rst:11
+msgid "devscripts"
+msgstr ""
+
+#: ../../developer/Environment.rst:12
+msgid "dh-apparmor"
+msgstr ""
+
+#: ../../developer/Environment.rst:13
+msgid "dh-python"
+msgstr ""
+
+#: ../../developer/Environment.rst:14
+msgid "git"
+msgstr ""
+
+#: ../../developer/Environment.rst:15
+msgid "grunt-cli"
+msgstr ""
+
+#: ../../developer/Environment.rst:16
+msgid "node"
+msgstr ""
+
+#: ../../developer/Environment.rst:17
+msgid "npm"
+msgstr ""
+
+#: ../../developer/Environment.rst:18
+msgid "python3"
+msgstr ""
+
+#: ../../developer/Environment.rst:19
+msgid "python3-dev"
+msgstr ""
+
+#: ../../developer/Environment.rst:20
+msgid "python3-pip"
+msgstr ""
+
+#: ../../developer/Environment.rst:21
+msgid "python3-setuptools"
+msgstr ""
+
+#: ../../developer/Environment.rst:22
+msgid "python3-sphinx"
+msgstr ""
+
+#: ../../developer/Environment.rst:23
+msgid "python3-virtualenv"
+msgstr ""
+
+#: ../../developer/Environment.rst:26 ../../setup/index.rst:2
+msgid "Setup"
+msgstr ""
+
+#: ../../developer/Environment.rst:27
+msgid "The repository could be cloned with:"
+msgstr ""
+
+#: ../../developer/Environment.rst:33
+msgid "Client dependencies could be installed by issuing:"
+msgstr ""
+
+#: ../../developer/Environment.rst:41
+msgid "Backend dependencies could be installed by issuing:"
+msgstr ""
+
+#: ../../developer/Environment.rst:50
+msgid ""
+"This will create for you a python virtualenv in the directory env "
+"containing all the required python dependencies. To leave the virtualenv,"
+" type ``deactivate``."
+msgstr ""
+
+#: ../../developer/Environment.rst:52
+msgid ""
+"Then, anytime you will want to activate the environment to run globaleaks"
+" you will just need to issue the command:"
+msgstr ""
+
+#: ../../developer/Environment.rst:58
+msgid "Setup the client:"
+msgstr ""
+
+#: ../../developer/Environment.rst:66
+msgid "Setup the backend and its dependencies:"
+msgstr ""
+
+#: ../../developer/Environment.rst:76
+msgid "Run"
+msgstr ""
+
+#: ../../developer/Environment.rst:77
+msgid ""
+"To run globaleaks from sources within the development environment you "
+"should issue:"
+msgstr ""
+
+#: ../../developer/Environment.rst:85
+msgid ""
+"GlobaLeaks will start and be reachable at the following address "
+"https://127.0.0.1:8443"
+msgstr ""
+
+#: ../../developer/Environment.rst:88
+msgid "Building the docs"
+msgstr ""
+
+#: ../../developer/Environment.rst:89
+msgid "To build the documentation:"
+msgstr ""
+
+#: ../../developer/Environment.rst:97
+msgid "To edit the docs with hot-reload functionality:"
+msgstr ""
+
+#: ../../developer/Environment.rst:107
+msgid ""
+"Sphinx server will start and be reachable at the following address "
+"http://127.0.0.1:8000 in the web browser."
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:2
+msgid "Release procedure"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:3
+msgid "This is the procedure followed to publish a new GlobaLeaks release."
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:5
+msgid "A release is represented by:"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:7
+msgid "A version bump;"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:8
+msgid "An updated CHANGELOG;"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:9
+msgid "A commit titled \"Bump to version $number\";"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:10
+msgid "A tag commit $version signed by a core developer with their own key;"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:11
+msgid "An updated package on deb.globaleaks.org;"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:12
+msgid "A signed repository."
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:15
+msgid "Release tagging"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:16
+msgid ""
+"To release is tagger by means of the official version bump script by "
+"issuing:"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:23
+msgid "Release packaging"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:24
+msgid "The package is built by means of the official build script by issuing:"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:30
+msgid "This command builds a package for each supported distribution and version."
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:33
+msgid "Package publishing"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:34
+msgid "The package is published on https://deb.globaleaks.org by issuing:"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:41
+msgid "Repository signing"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:42
+msgid ""
+"The release is then signed by a core developer by using the official "
+"project key via:"
+msgstr ""
+
+#: ../../developer/SoftwareLibraries.rst:2
+msgid "Software libraries"
+msgstr ""
+
+#: ../../developer/SoftwareLibraries.rst:3
+msgid ""
+"The software libraries used by GlobaLeaks are listed in the following "
+"files:"
+msgstr ""
+
+#: ../../developer/SoftwareLibraries.rst:5
+msgid ""
+"Backend: `backend/requirements.txt <https://github.com/globaleaks"
+"/globaleaks-whistleblowing-software/blob/main/backend/requirements/requirements-"
+"bullseye.txt>`_"
+msgstr ""
+
+#: ../../developer/SoftwareLibraries.rst:6
+msgid ""
+"Client: `client/package.json <https://github.com/globaleaks"
+"/globaleaks-whistleblowing-software/blob/main/client/package.json>`_"
+msgstr ""
+
+#: ../../developer/SoftwareLibraries.rst:7
+msgid ""
+"Packaging: `debian/control <https://github.com/globaleaks/whistleblowing-"
+"software/blob/main/debian/controlX/control.bullseye>`_"
+msgstr ""
+
+#: ../../developer/index.rst:2
+msgid "Developer documentation"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:2
+msgid "Features"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:3
+msgid "These are the key features of the software:"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:6
+msgid "User features"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:8
+msgid ""
+"Multi-user system with customizable user roles (whistleblower, recipient,"
+" administrator)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:9
+msgid "Fully manageable via a web administration interface"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:10
+msgid ""
+"Allows whistleblowers to decide if and when to confidentially declare "
+"their identity"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:11
+msgid "Facilitates multimedia file exchanges with whistleblowers"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:12
+msgid "Secure management of file access and visualization"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:13
+msgid "Enables chat with whistleblowers to discuss reports"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:14
+msgid "Provides a unique 16-digit receipt for anonymous whistleblower login"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:15
+msgid "Simple recipient interface for receiving and analyzing reports"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:16
+msgid "Supports report categorization with labels"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:17
+msgid "Includes user search functionality for reports"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:18
+msgid "Supports the creation and assignment of case management statuses"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:19
+msgid "Customizable appearance (logo, color, styles, font, text)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:20
+msgid "Allows defining multiple reporting channels (e.g., by topic, department)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:21
+msgid ""
+"Enables creation and management of multiple whistleblowing sites (e.g., "
+"for subsidiaries or third-party clients)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:22
+msgid "Advanced questionnaire builder"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:23
+msgid "Provides whistleblowing system statistics"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:24
+msgid ""
+"Support for `over 90 languages "
+"<https://www.transifex.com/otf/globaleaks>`_ and Right-to-Left (RTL) "
+"languages"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:27
+msgid "Legal features"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:29
+msgid ""
+"Designed in adherence to `ISO 37002:2021 "
+"<https://www.iso.org/standard/65035.html>`_ and `EU Directive 2019/1937 "
+"<https://eur-lex.europa.eu/legal-"
+"content/en/TXT/?uri=CELEX%3A32019L1937>`_ recommendations for "
+"whistleblowing compliance"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:30
+msgid "Supports bidirectional anonymous communication (comments/messages)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:31
+msgid "Customizable case management workflow (statuses/sub-statuses)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:32
+msgid "Conditional reporting workflow based on whistleblower identity"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:33
+msgid "Manages conflicts of interest in the reporting workflow"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:34
+msgid "Custodian functionality to authorize access to whistleblower identity"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:35
+msgid "GDPR privacy by design and by default"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:36
+msgid "Configurable GDPR data retention policies"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:37
+msgid "GDPR-compliant subscriber module for new SaaS users"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:38
+msgid "No IP address logging"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:39
+msgid "Includes an audit log"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:40
+msgid "Integrates with existing enterprise case management platforms"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:41
+msgid ""
+"Free Software OSI Approved `AGPL 3.0 License "
+"<https://github.com/globaleaks/whistleblowing-"
+"software/blob/main/LICENSE>`_"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:44
+msgid "Security features"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:46
+msgid ""
+"Designed in adherence to `ISO 27001:2022 "
+"<https://www.iso.org/standard/82875.html>`_, `CSA STAR "
+"<https://cloudsecurityalliance.org/star>`_, and `OWASP "
+"<https://owasp.org/>`_ recommendations for security compliance"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:47
+msgid ""
+"Full data encryption for whistleblower reports and recipient "
+"communications"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:48
+msgid ""
+"Supports digital anonymity through `Tor <https://www.torproject.org/>`_ "
+"integration"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:49
+msgid ""
+"Built-in HTTPS support with `TLS 1.3 "
+"<https://tools.ietf.org/html/rfc8446>`_ standard and `SSLabs A+ "
+"<https://www.ssllabs.com/ssltest/analyze.html?d=try.globaleaks.org>`_ "
+"rating"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:50
+msgid ""
+"Automatic enrollment for free digital certificates with `Let’s Encrypt "
+"<https://letsencrypt.org/>`_"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:51
+msgid "Multiple penetration tests with publicly available reports"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:52
+msgid ""
+"Two-Factor Authentication (2FA) compliant with `TOTP RFC 6238 "
+"<https://tools.ietf.org/html/rfc6238>`_"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:53
+msgid "Integrated network sandboxing with iptables"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:54
+msgid "Application sandboxing with `AppArmor <http://wiki.apparmor.net/>`_"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:55
+msgid "Complete protection against automated submissions (spam prevention)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:56
+msgid "Continuous peer review and periodic security audits"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:57
+msgid "PGP support for encrypted email notifications and file downloads"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:58
+msgid "Leaves no traces in browser cache"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:61
+msgid "Technical features"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:63
+msgid ""
+"Designed in adherence to `Directive (EU) 2019/882 <https://eur-"
+"lex.europa.eu/legal-content/IT/TXT/?uri=CELEX%3A32019L0882>`_, `Directive"
+" (EU) 2016/2102 <https://eur-lex.europa.eu/legal-"
+"content/IT/TXT/?uri=CELEX%3A32016L2102>`_, `ETSI EN 301 549 "
+"<https://www.etsi.org/deliver/etsi_en/301500_301599/301549/03.02.01_60/en_301549v030201p.pdf>`_,"
+" `W3C WCAG 2.2 <https://www.w3.org/TR/WCAG22/>`_, and `WAI-ARIA 2.2 "
+"<https://www.w3.org/TR/wai-aria-1.2/>`_ recommendations for accessibility"
+" compliance"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:64
+msgid ""
+"Multi-site support enabling the operation of multiple virtual sites on "
+"the same setup"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:65
+msgid ""
+"Responsive user interfaces created with `Bootstrap "
+"<https://getbootstrap.com/>`_ CSS framework"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:66
+msgid "Automated software quality measurement and continuous integration testing"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:67
+msgid "Long-Term Support (LTS) plan"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:68
+msgid ""
+"Built with lightweight framework technologies (`Angular "
+"<https://angular.dev/>`_ and `Python Twisted <https://twisted.org/>`_)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:69
+msgid "Integrated `SQLite <https://sqlite.org>`_ database"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:70
+msgid ""
+"Automatic setup for `Tor Onion Services Version 3 "
+"<https://www.torproject.org/>`_"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:71
+msgid "Supports self-service signup for whistleblowing SaaS setup"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:72
+msgid ""
+"Compatible with Linux operating systems (`Debian "
+"<https://www.debian.org/>`_ / `Ubuntu <https://ubuntu.com/>`_)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:73
+msgid "Debian packaging with a repository for updates/upgrades"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:74
+msgid "Fully self-contained application"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:75
+msgid "Easy integration with existing websites"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:76
+msgid ""
+"Built and packaged with `reproducibility "
+"<https://en.wikipedia.org/wiki/Reproducible_builds>`_ in mind"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:77
+msgid "REST API"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:2
+msgid "Glossary"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:3
+msgid ""
+"This glossary defines jargon used in GlobaLeaks in a clear and consistent"
+" manner."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:5 ../../security/ThreatModel.rst:1
+msgid "Administrator"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:7
+msgid ""
+"The user who has set up and maintains the platform. An Administrator does"
+" not have access to Whistleblowers’ reports."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:8
+msgid "Channel"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:10
+msgid ""
+"A reporting channel used as a container for reports. Channels can be "
+"configured with specific questionnaires, recipients, and policies. They "
+"are typically used to organize the reporting process."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:11 ../../user/admin/UserInterface.rst:19
+#: ../../user/admin/UserInterface.rst:201
+msgid "Notification"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:13
+msgid ""
+"An email sent to inform a recipient of a new report or an update to an "
+"existing report."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:14
+msgid "Platform"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:16
+msgid "A system running the GlobaLeaks software."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:17
+msgid "Questionnaire"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:19
+msgid "A set of questions that the whistleblower must complete to file a report."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:20
+#: ../../security/ApplicationSecurity.rst:32
+msgid "Receipt"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:22
+msgid ""
+"A 16-digit random secret code generated by the system and provided to "
+"whistleblowers upon submission of their report. This code allows them to "
+"anonymously access and update their report by adding comments and new "
+"files."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:23 ../../security/ThreatModel.rst:1
+msgid "Recipient"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:25
+msgid ""
+"A user authorized to read whistleblowers’ reports. Recipients may also "
+"communicate with whistleblowers via the GlobaLeaks platform."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:26 ../../security/PenetrationTests.rst:1
+msgid "Report"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:28
+msgid ""
+"The submission by a whistleblower, including answers to a questionnaire "
+"and any attached material."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:29 ../../security/ThreatModel.rst:1
+msgid "Whistleblower"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:31
+msgid "The person who files a report."
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:3
+msgid ""
+"Ensure you understand and meet each of the following technical "
+"requirements."
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:6
+msgid "Hardware requirements"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:7
+msgid "**Requirements**:"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:9
+msgid "CPU: Dual-core 2.0GHz (64-bit)"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:10
+msgid "RAM: 1GB"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:11
+msgid "Storage: 20GB"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:12
+msgid "I/O: 10Mbit/s (shared)"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:14
+msgid ""
+"Please note that GlobaLeaks is designed to run on servers with "
+"specifications smaller than those listed above."
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:16
+msgid ""
+"The storage size should be determined based on your data retention "
+"policies and the expected use of the platform."
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:19
+msgid "Software requirements"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:20
+msgid ""
+"GlobaLeaks is designed to run on GNU/Linux and is developed and tested "
+"specifically for Debian-based systems."
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:22
+msgid ""
+"The currently recommended distributions are: Debian 12 (Bookworm) and "
+"Ubuntu 24.04 (Noble)"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:24
+msgid ""
+"The software lifecycle of the platform includes full support for all "
+"Debian and Ubuntu LTS versions starting from `Debian 10 "
+"<https://www.debian.org/releases/buster/>`_ and `Ubuntu 20.04 "
+"<https://releases.ubuntu.com/20.04/>`_."
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:26
+msgid ""
+"Support is guaranteed on these platforms according to the official long-"
+"term support timelines:"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:28
+msgid "`Debian Release End of Life Timeline <https://wiki.debian.org/LTS>`_"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:29
+msgid ""
+"`Ubuntu Release End of Life Timeline <https://www.ubuntu.com/info"
+"/release-end-of-life>`_"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:31
+msgid ""
+"Currently, we do not plan to support additional distributions, as "
+"GlobaLeaks adheres to the Unix philosophy of making each program excel in"
+" a specific area. By focusing our efforts on mastering one domain, we aim"
+" to serve our community most effectively. If you are interested in "
+"helping us extend support to additional distributions, please get in "
+"touch."
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:2
+msgid "Supported browsers"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:4
+msgid ""
+"GlobaLeaks is designed to fully support commonly used browsers on desktop"
+" PCs, laptops, tablets, and smartphones."
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:6
+msgid ""
+"We recommend using the `Tor Browser <https://www.torproject.org/>`_ for "
+"enhanced anonymity and additional privacy and security features not "
+"available in other browsers."
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:8
+msgid "Other supported browsers include:"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Browser"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Version"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Mozilla Firefox"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid ">= 38"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Google Chrome"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid ">= 45"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Brave"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid ">= 1.20.110"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Edge"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "any"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Safari"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid ">= 8"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "iOS"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid ">= 9"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Android"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid ">= 4.4"
+msgstr ""
+
+#: ../../gettingstarted/index.rst:2
+msgid "Getting started"
+msgstr ""
+
+#: ../../index.rst:2
+msgid "Documentation"
+msgstr "Документация"
+
+#: ../../index.rst:4
+msgid ""
+"`GlobaLeaks <https://www.globaleaks.org/>`_ is an open-source, free "
+"software intended to enable anyone to easily set up and maintain a secure"
+" whistleblowing platform."
+msgstr ""
+
+#: ../../index.rst:7
+msgid ""
+"This documentation is thank to the support of our community. Join us and "
+"contribute with your additions and suggestion. In any of the page you "
+"find a link that enables you to provide suggestions and corrections. We "
+"remind you that in case of any software issue or bug you may always "
+"report on the `ticketing system <https://github.com/globaleaks"
+"/globaleaks-whistleblowing-software/issues>`_."
+msgstr ""
+
+#: ../../roadmap/index.rst:2
+msgid "Project roadmap"
+msgstr ""
+
+#: ../../roadmap/index.rst:5
+msgid ""
+"This tentative roadmap is built by the GlobaLeaks team in order to try to"
+" respond to main users' needs. Please get sure that the needs of your "
+"projects and users are well represented on the project `Ticketing System "
+"<https://github.com/globaleaks/globaleaks-whistleblowing-software/issues>`_. If your"
+" organization could fund the development of parts of this roadmap please "
+"write us at info@globaleaks.org"
+msgstr ""
+
+#: ../../roadmap/index.rst:8
+msgid "Introduction"
+msgstr ""
+
+#: ../../roadmap/index.rst:9
+msgid ""
+"`GlobaLeaks <https://www.globaleaks.org>`_ is free, open source software "
+"enabling anyone to easily set up and maintain a secure whistleblowing "
+"platform."
+msgstr ""
+
+#: ../../roadmap/index.rst:11
+msgid ""
+"Started in 2011, the software is now widely used worldwide by more than "
+"3000 organizations working in the fields of anti-corruption activism, "
+"human rights violations reporting, investigative journalism, and "
+"corporate compliance."
+msgstr ""
+
+#: ../../roadmap/index.rst:13
+msgid ""
+"This document details the main areas of research development and "
+"represents the actual tentative readmap of consolidation planned for "
+"2024-2026 based on the analysis of the large set of user needs collected "
+"within the official `Ticketing System <https://github.com/globaleaks"
+"/globaleaks-whistleblowing-software/issues>`_."
+msgstr ""
+
+#: ../../roadmap/index.rst:16
+msgid "Development areas"
+msgstr ""
+
+#: ../../roadmap/index.rst:19
+msgid "Statistics and Reporting"
+msgstr ""
+
+#: ../../roadmap/index.rst:20
+msgid ""
+"GlobaLeaks still misses the implementation for any generation of "
+"statistics and reports. Such features are considered fundamental in order"
+" to properly support users in analysis, investigation and reporting."
+msgstr ""
+
+#: ../../roadmap/index.rst:22
+msgid "E.g:"
+msgstr ""
+
+#: ../../roadmap/index.rst:24
+msgid ""
+"Recipients should be able to visually see statistics about the received "
+"reports received and the data contained; these statistics should empower "
+"users in their work providing relevant information out of the data "
+"collection that could help users analyze and study social problems like "
+"corruption and be able to organize and export automatic reporting;"
+msgstr ""
+
+#: ../../roadmap/index.rst:25
+msgid ""
+"Administrators should be able to visually see a dashboard in order to "
+"monitor the system and assure that all is working well (e.g. that "
+"recipients are receiving submissions and are able to access them and that"
+" no attacks are performed on the system)."
+msgstr ""
+
+#: ../../roadmap/index.rst:27 ../../roadmap/index.rst:42
+msgid "Ideas:"
+msgstr ""
+
+#: ../../roadmap/index.rst:29
+msgid ""
+"A client library could be adopted to generate reports directly on the "
+"client (e.g. Chart.js)"
+msgstr ""
+
+#: ../../roadmap/index.rst:30
+msgid ""
+"The implementation should support the possibility of exporting the report"
+" in PDF; in relation to this aspect it should be considered the "
+"advantages of a possible backend implementation."
+msgstr ""
+
+#: ../../roadmap/index.rst:32 ../../roadmap/index.rst:47
+#: ../../roadmap/index.rst:58 ../../roadmap/index.rst:71
+#: ../../roadmap/index.rst:84
+msgid "Reference tickets:"
+msgstr ""
+
+#: ../../roadmap/index.rst:34
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/1959"
+msgstr ""
+
+#: ../../roadmap/index.rst:35
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2254"
+msgstr ""
+
+#: ../../roadmap/index.rst:39
+msgid "Audit Log"
+msgstr ""
+
+#: ../../roadmap/index.rst:40
+msgid ""
+"GlobaLeaks still misses the implementation of a complete audit logit. "
+"This is considered a fundamental feature in order to achieve full "
+"accontability of the whistleblowing process and increase security."
+msgstr ""
+
+#: ../../roadmap/index.rst:44
+msgid "Software audit log should be improved"
+msgstr ""
+
+#: ../../roadmap/index.rst:45
+msgid ""
+"The software could exposes a standard log interfaces in CEF/LEEF/Syslog "
+"format to foster integration with third party SIEM software."
+msgstr ""
+
+#: ../../roadmap/index.rst:49
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2579"
+msgstr ""
+
+#: ../../roadmap/index.rst:50
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2580"
+msgstr ""
+
+#: ../../roadmap/index.rst:51
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2651"
+msgstr ""
+
+#: ../../roadmap/index.rst:54
+msgid "GDPR compliance"
+msgstr ""
+
+#: ../../roadmap/index.rst:55
+msgid ""
+"GlobaLeaks implements by-design many best practices in matters of privacy"
+" and security. In order to be effectively accepted and competitive beside"
+" commercial proprietary solutions and to guarantee the sustainability of "
+"the project, the software needs to achieve some market “standards” (e.g. "
+"GDPR compliance / ISO certifications / etc.); among all we selected that "
+"GDPR compliance is a first step where the software could implement best "
+"practices (e.g. procedures for self signup should present appropriate "
+"legal notices, terms of services, and contractualization). Within the "
+"software, there should be implemented an automatic contract generation "
+"via PDF or other suitable formats in respect with the GDPR requirements."
+msgstr ""
+
+#: ../../roadmap/index.rst:60
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2145"
+msgstr ""
+
+#: ../../roadmap/index.rst:61
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2658"
+msgstr ""
+
+#: ../../roadmap/index.rst:62
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2866"
+msgstr ""
+
+#: ../../roadmap/index.rst:63
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2767"
+msgstr ""
+
+#: ../../roadmap/index.rst:64
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/3011"
+msgstr ""
+
+#: ../../roadmap/index.rst:65
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/3012"
+msgstr ""
+
+#: ../../roadmap/index.rst:68
+msgid "Backup and Restore"
+msgstr ""
+
+#: ../../roadmap/index.rst:69
+msgid ""
+"GlobaLeaks currently misses any feature for performing backup and "
+"restoring of its setup. These duties are currently performed by its users"
+" following typical best manual practices (e.g. archiving the data "
+"directory of the application). This project idea is to research the best "
+"practices to be applied in this context and to identify suitable "
+"strategies for implementing periodic, secure and encrypted backups to be "
+"restored upon necessity."
+msgstr ""
+
+#: ../../roadmap/index.rst:73
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/528"
+msgstr ""
+
+#: ../../roadmap/index.rst:74
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2149"
+msgstr ""
+
+#: ../../roadmap/index.rst:77
+msgid "Multitenancy"
+msgstr ""
+
+#: ../../roadmap/index.rst:79
+msgid "Import and Export of Tenants"
+msgstr ""
+
+#: ../../roadmap/index.rst:80
+msgid ""
+"Part of the software is a recent feature of Multitenancy, first "
+"implemented in 2018 and stabilized during 2019. Through this feature, "
+"GlobaLeaks makes it possible to create multiple setups of itself via "
+"virtual sites (similarly to Wordpress multisite feature). In order to "
+"make it more easy for an administrator to migrate a platform form a "
+"system to an other or to enable users to require data portability from a "
+"globaleaks provider to an other, for example in relation to GDPR it has "
+"been evaluated necessary to improve the multi tenancy implementation by "
+"implementing support for import-export of tenants. In the context of a "
+"whistleblowing application, involving encryption and logging this poses "
+"important challenges on how to best handle this process."
+msgstr ""
+
+#: ../../roadmap/index.rst:86
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2632"
+msgstr ""
+
+#: ../../roadmap/index.rst:87
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2631"
+msgstr ""
+
+#: ../../roadmap/index.rst:90
+msgid "Multisite users"
+msgstr ""
+
+#: ../../roadmap/index.rst:91
+msgid "(To be further researched)"
+msgstr ""
+
+#: ../../roadmap/index.rst:93
+msgid ""
+"Important requirement at the base of the Multitenancy expansion is the "
+"possibility to enable users to be administrators and recipients of two or"
+" multiple instances running on the same multi-site setup. This is useful "
+"for example when a lawyer takes part as a recipient on multiple projects;"
+" as well it is useful when an ICT consultant joins consultancy on "
+"multiple projects."
+msgstr ""
+
+#: ../../roadmap/index.rst:96
+msgid ""
+"This could significatively simplify user access enabling the user to have"
+" a single set of username and password and associated keys."
+msgstr ""
+
+#: ../../roadmap/index.rst:98
+msgid "References tickets:"
+msgstr ""
+
+#: ../../roadmap/index.rst:100
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2302"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:3
+msgid "Application security"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:4
+msgid ""
+"The GlobaLeaks software aims to adhere to industry-standard best "
+"practices, with its security being the result of applied research."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:6
+msgid ""
+"This document details every aspect implemented by the application in "
+"relation to security design."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:9
+msgid "Architecture"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:10
+msgid "The software comprises two main components: a `Backend` and a `Client`:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:12
+msgid ""
+"The Backend is a Python-based server that runs on a physical server and "
+"exposes a `REST API "
+"<https://en.wikipedia.org/wiki/Representational_state_transfer>`_."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:13
+msgid ""
+"The Client is a JavaScript client-side web application that interacts "
+"with the Backend only through `XHR "
+"<https://en.wikipedia.org/wiki/XMLHttpRequest>`_."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:16
+msgid "Anonymity"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:17
+msgid ""
+"Users' anonymity is protected by means of `Tor "
+"<https://www.torproject.org>`_ technology."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:19
+msgid ""
+"The application is designed to avoid logging sensitive metadata that "
+"could lead to the identification of whistleblowers."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:22
+msgid "Authentication"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:23
+msgid ""
+"The confidentiality of authentication is protected either by `Tor Onion "
+"Services v3 <https://www.torproject.org/docs/onion-services.html.en>`_ or"
+" `TLS version 1.2+ "
+"<https://en.wikipedia.org/wiki/Transport_Layer_Security>`_."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:25
+msgid ""
+"This section describes the authentication methods implemented by the "
+"system."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:28
+msgid "Password"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:29
+msgid ""
+"By accessing the login web interface, `Administrators` and `Recipients` "
+"need to enter their respective `Username` and `Password`. If the "
+"submitted password is valid, the system grants access to the "
+"functionality available to that user."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:33
+msgid ""
+"`Whistleblowers` access their `Reports` using an anonymous `Receipt`, "
+"which is a randomly generated 16-digit sequence created by the Backend "
+"when the Report is first submitted. This format resembles a standard "
+"phone number, making it easier for whistleblowers to conceal their "
+"receipts."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:36
+msgid "Password security"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:37
+msgid "The system implements the following password security measures:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:40
+msgid "Password storage"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:41
+msgid ""
+"Passwords are never stored in plaintext; instead, the system maintains "
+"only a hashed version. This applies to all authentication secrets, "
+"including whistleblower receipts."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:43
+msgid ""
+"The platform stores users’ passwords hashed with a random 128-bit salt, "
+"unique for each user."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:45
+msgid ""
+"Passwords are hashed using `Argon2 "
+"<https://en.wikipedia.org/wiki/Argon2>`_, a key derivation function "
+"selected as the winner of the `Password Hashing Competition "
+"<https://en.wikipedia.org/wiki/Password_Hashing_Competition>`_ in July "
+"2015."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:47
+msgid ""
+"The hash involves a per-user salt for each user and a per-system salt for"
+" whistleblowers."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:50
+msgid "Password complexity"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:51
+msgid ""
+"The system enforces complex passwords by implementing a custom algorithm "
+"necessary to ensure reasonable entropy for each authentication secret."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:53
+msgid ""
+"Passwords are scored at three levels: `Strong`, `Acceptable`, and "
+"`Insecure`."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:55
+msgid ""
+"Strong: A strong password should include capital letters, lowercase "
+"letters, numbers, and symbols, be at least 12 characters long, and "
+"contain a variety of at least 10 different characters."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:56
+msgid ""
+"Acceptable: An acceptable password should include at least 3 different "
+"types of characters from capital letters, lowercase letters, numbers, and"
+" symbols, be at least 10 characters long, and contain a variety of at "
+"least 7 different characters."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:57
+msgid ""
+"Insecure: Passwords ranked below the strong or acceptable levels are "
+"marked as insecure and are not accepted by the system."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:59
+msgid ""
+"We encourage each end user to use `KeePassXC <https://keepassxc.org>`_ to"
+" generate and retain strong, unique passphrases."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:62
+msgid "Two-factor authentication"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:63
+msgid ""
+"The system implements Two-Factor Authentication (2FA) based on `TOTP` "
+"using the `RFC 6238 <https://tools.ietf.org/rfc/rfc6238.txt>`_ algorithm "
+"and 160-bit secrets."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:65
+msgid ""
+"Users can enroll in 2FA via their own preferences, and administrators can"
+" optionally enforce this requirement."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:67
+msgid ""
+"We recommend using `FreeOTP <https://freeotp.github.io/>`_, available "
+"`for Android "
+"<https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp>`_"
+" and `for iOS <https://apps.apple.com/us/app/freeotp-"
+"authenticator/id872559395>`_."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:70
+msgid "Slowdown on failed login attempts"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:71
+msgid ""
+"The system identifies multiple failed login attempts and implements a "
+"slowdown procedure, requiring an authenticating client to wait up to 42 "
+"seconds to complete an authentication."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:73
+msgid ""
+"This feature is intended to slow down potential attacks, requiring more "
+"resources in terms of time, computation, and memory."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:76
+msgid "Password change on first login"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:77
+msgid "The system enforces users to change their password at their first login."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:79
+msgid ""
+"Administrators can also enforce a password change for users at their next"
+" login."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:82
+msgid "Periodic password change"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:83
+msgid ""
+"By default, the system enforces users to change their password at least "
+"every year."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:85
+msgid "This period is configurable by administrators."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:88
+msgid "Password recovery"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:89
+msgid ""
+"In case of a lost password, users can request a password reset via the "
+"web login interface by clicking on a `Forgot password?` button present on"
+" the login page."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:91
+msgid ""
+"When this button is clicked, users are invited to enter their username or"
+" email. If the provided username or email corresponds to an existing "
+"user, the system will send a reset link to the configured email."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:93
+msgid ""
+"By clicking the link received by email, the user is then invited to set a"
+" new password different from the previous one."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:95
+msgid ""
+"If encryption is enabled on the system, a user clicking on the reset link"
+" must first enter their `Account Recovery Key`. Only after correct entry "
+"will the user be able to set a new password."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:98
+msgid "Web application security"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:99
+msgid ""
+"This section describes the Web Application Security implemented by the "
+"software in adherence to the `OWASP Security Guidelines "
+"<https://www.owasp.org>`_."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:102
+msgid "Session management"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:103
+msgid ""
+"The session implementation follows the `OWASP Session Management Cheat "
+"Sheet "
+"<https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html>`_"
+" security guidelines."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:105
+msgid ""
+"The system assigns a session to each authenticated user. The Session ID "
+"is a 256-bit long secret generated randomly by the backend. Each session "
+"expires according to a timeout of 30 minutes. Session IDs are exchanged "
+"between the client and the backend via a header (`X-Session`) and expire "
+"as soon as users close their browser or the tab running GlobaLeaks. Users"
+" can explicitly log out via a logout button or implicitly by closing the "
+"browser."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:108
+msgid "Session encryption"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:109
+msgid ""
+"To minimize the exposure of users' encryption keys, the keys are stored "
+"in an encrypted format and decrypted only upon each client request."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:111
+msgid ""
+"The implementation uses Libsodium's SecretBox, where the client's session"
+" key is used as the secret. Only the client maintains a copy of the "
+"session key, while the server retains only a SHA-256 hash."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:114
+msgid "Cookies and xsrf prevention"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:115
+msgid ""
+"Cookies are not used intentionally to minimize XSRF attacks and any "
+"possible attacks based on them. Instead of using cookies, authentication "
+"is based on a custom HTTP Session Header sent by the client on "
+"authenticated requests."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:118
+msgid "HTTP headers"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:119
+#, python-format
+msgid ""
+"The system implements a large set of HTTP headers specifically configured"
+" to improve software security and achieves a `score A+ by Security "
+"Headers "
+"<https://securityheaders.com/?q=https%3A%2F%2Ftry.globaleaks.org&followRedirects=on>`_"
+" and a `score A+ by Mozilla Observatory "
+"<https://observatory.mozilla.org/analyze/try.globaleaks.org>`_."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:122
+msgid "Strict-Transport-Security"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:123
+msgid "The system implements strict transport security by default. ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:128
+msgid "The default configuration of the application sees this feature disabled."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:131
+msgid "Content-Security-Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:132
+msgid ""
+"The backend implements a strict `Content Security Policy (CSP) "
+"<https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP>`_ preventing any "
+"interaction with third-party resources and restricting the execution of "
+"untrusted user input: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:137
+msgid ""
+"Specific policies are implemented in adherence to the principle of least "
+"privilege."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:139
+msgid "For example:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:141
+msgid ""
+"The `index.html` source of the app is the only resource allowed to load "
+"scripts from the same origin;"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:142
+msgid "Every dynamic content is strictly sandboxed on a null origin;"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:143
+msgid ""
+"Every untrusted user input or third-party library is executed in a "
+"sandbox, limiting its interaction with other application components."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:146
+msgid "Cross-Origin-Embedder-Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:147
+msgid ""
+"The backend implements the following `Cross-Origin-Embedder-Policy (COEP)"
+" <https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-"
+"Embedder-Policy>`_: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:153
+msgid "Cross-Origin-Opener-Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:154
+msgid ""
+"The backend implements the following `Cross-Origin-Opener-Policy (COOP) "
+"<https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-"
+"Opener-Policy>`_: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:160
+msgid "Cross-Origin-Resource-Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:161
+msgid ""
+"The backend implements the following `Cross-Origin-Resource-Policy (CORP)"
+" <https://developer.mozilla.org/en-US/docs/Web/HTTP/Cross-"
+"Origin_Resource_Policy>`_: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:167
+msgid "Permissions-Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:168
+msgid ""
+"The backend implements the following Permissions-Policy header "
+"configuration to limit the possible de-anonymization of the user by "
+"disabling dangerous browser features: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:174
+msgid "X-Frame-Options"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:175
+msgid ""
+"In addition to implementing Content Security Policy level 3 to prevent "
+"the application from being included in an iframe, the backend also "
+"implements the outdated X-Frame-Options header to ensure that iframes are"
+" always prevented in any circumstance, including on outdated browsers: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:181
+msgid "Referrer-Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:182
+msgid ""
+"Web browsers usually attach referrers in their HTTP headers as they "
+"browse links. The platform enforces a referrer policy to avoid this "
+"behavior. ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:188
+msgid "X-Content-Type-Options"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:189
+msgid ""
+"To avoid automatic MIME type detection by the browser when setting the "
+"Content-Type for specific output, the following header is used: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:195
+msgid "Cache-Control"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:196
+msgid ""
+"To prevent or limit forensic traces left on devices used by "
+"whistleblowers and in devices involved in communication with the "
+"platform, as specified in section ``3. Storing Responses in Caches`` of "
+"`RFC 7234 <https://tools.ietf.org/html/rfc7234>`__, the platform uses the"
+" ``Cache-Control`` HTTP header with the configuration ``no-store`` to "
+"instruct clients and possible network proxies to disable any form of data"
+" caching. ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:202
+msgid "Crawlers Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:203
+msgid ""
+"For security reasons, the backend instructs crawlers to avoid caching and"
+" indexing of the application and uses the ``robots.txt`` file to allow "
+"crawling only of the home page. Indexing the home page is considered best"
+" practice to promote the platform's existence and facilitate access for "
+"potential whistleblowers."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:205
+msgid "The implemented configuration is as follows: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:212
+msgid ""
+"The platform also instructs crawlers to avoid caching by injecting the "
+"following HTTP header: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:217
+msgid ""
+"For highly sensitive projects where the platform is intended to remain "
+"``hidden`` and communicated to potential whistleblowers directly, it can "
+"be configured to disable indexing completely."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:219
+msgid "In such cases, the following HTTP header is used: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:225
+msgid "Anchor tags and external urls"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:226
+msgid ""
+"The client opens external URLs in a new tab, independent of the "
+"application context, by setting ``rel='noreferrer'`` and "
+"``target='_blank'``` on every anchor tag. ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:232
+msgid "Input validation"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:233
+msgid ""
+"The application implements strict input validation both on the backend "
+"and on the client."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:236
+msgid "On the backend"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:237
+msgid ""
+"Each client request is strictly validated by the backend against a set of"
+" regular expressions, and only requests matching the expressions are "
+"processed."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:239
+msgid ""
+"Additionally, a set of rules is applied to each request type to limit "
+"potential attacks. For example, any request is limited to a payload of "
+"1MB."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:242
+msgid "On the client"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:243
+msgid ""
+"Each server output is strictly validated by the client at rendering time "
+"using the Angular component `ngSanitize.$sanitize "
+"<http://docs.angularjs.org/api/ngSanitize.$sanitize>`__."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:246
+msgid "Form autocomplete off"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:247
+msgid ""
+"Forms implemented by the platform use the HTML5 form attribute to "
+"instruct the browser not to cache user data for form prediction and "
+"autocomplete on subsequent submissions."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:249
+msgid ""
+"This is achieved by setting `autocomplete=\"off\" "
+"<https://www.w3.org/TR/html5/forms.html=autofilling-form-controls:-the-"
+"autocomplete-attribute>`__ on the relevant forms or attributes."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:252
+msgid "Network security"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:254
+msgid "Connection anonymity"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:255
+msgid ""
+"User anonymity is provided through the implementation of `Tor "
+"<https://www.torproject.org/>`__ technology. The application implements "
+"an ``Onion Service v3`` and advises users to use the Tor Browser when "
+"accessing it."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:258
+msgid "Connection encryption"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:259
+msgid ""
+"User connections are always encrypted, either through the `Tor Protocol "
+"<https://www.torproject.org>`__ when using the Tor Browser or via `TLS "
+"<https://en.wikipedia.org/wiki/Transport_Layer_Security>`__ when accessed"
+" through a common browser."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:261
+msgid ""
+"Using ``Tor`` is recommended over HTTPS due to its advanced resistance to"
+" selective interception and censorship, making it difficult for a third "
+"party to capture or block access to the site for specific whistleblowers "
+"or departments."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:263
+msgid ""
+"The software also facilitates easy setup of ``HTTPS``, offering both "
+"automatic setup via `Let's Encrypt <https://letsencrypt.org/>`__ and "
+"manual configuration."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:265
+msgid ""
+"TLS certificates are generated using `NIST Curve P-384 "
+"<https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf>`__."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:267
+msgid ""
+"The configuration enables only ``TLS1.2+`` and is fine-tuned and hardened"
+" to achieve `SSLLabs grade A+ "
+"<https://www.ssllabs.com/ssltest/analyze.html?d=try.globaleaks.org>`__."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:269
+msgid "In particular, only the following ciphers are enabled: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:283
+msgid "Network sandboxing"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:284
+msgid ""
+"The GlobaLeaks backend integrates `iptables "
+"<https://www.netfilter.org/>`__ by default and implements strict firewall"
+" rules that restrict incoming network connections to HTTP and HTTPS on "
+"ports 80 and 443."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:286
+msgid ""
+"Additionally, the application allows anonymizing outgoing connections, "
+"which can be configured to route through Tor."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:289
+msgid "Data encryption"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:290
+msgid ""
+"Submission data, file attachments, messages, and metadata exchanged "
+"between whistleblowers and recipients are encrypted using the GlobaLeaks "
+":doc:`EncryptionProtocol`."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:292
+msgid ""
+"GlobaLeaks also incorporates various other encryption components. The "
+"main libraries and their uses are:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:294
+msgid ""
+"`Python-NaCL <https://github.com/pyca/pynacl>`__: used for implementing "
+"data encryption"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:295
+msgid ""
+"`PyOpenSSL <https://github.com/pyca/pyopenssl>`__: used for implementing "
+"HTTPS"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:296
+msgid ""
+"`Python-Cryptography <https://cryptography.io>`__: used for implementing "
+"authentication"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:297
+msgid ""
+"`Python-GnuPG <http://pythonhosted.org/python-gnupg/index.html>`__: used "
+"for encrypting email notifications and file downloads via ```PGP```"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:300
+msgid "Application sandboxing"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:301
+msgid ""
+"The GlobaLeaks backend integrates `AppArmor <https://apparmor.net/>`__ by"
+" default and implements a strict sandboxing profile, allowing the "
+"application to access only the strictly required files. Additionally, the"
+" application runs under a dedicated user and group \"globaleaks\" with "
+"reduced privileges."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:304
+msgid "Database security"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:305
+msgid ""
+"The GlobaLeaks backend uses a hardened local SQLite database accessed via"
+" SQLAlchemy ORM."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:307
+msgid ""
+"This design choice ensures the application can fully control its "
+"configuration while implementing extensive security measures in adherence"
+" to the `security recommendations by SQLite "
+"<https://sqlite.org/security.html>`__."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:310
+msgid "Secure deletion"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:311
+msgid ""
+"The GlobaLeaks backend enables SQLite’s secure deletion capability, which"
+" automatically overwrites the database data upon each delete query: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:317
+msgid "Auto vacuum"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:318
+msgid ""
+"The platform enables SQLite’s auto vacuum capability for automatic "
+"cleanup of deleted entries and recall of unused pages: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:324
+msgid "Limited database trust"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:325
+msgid ""
+"The GlobaLeaks backend uses the SQLite `trusted_schema "
+"<https://www.sqlite.org/src/doc/latest/doc/trusted-schema.md>`__ pragma "
+"to limit trust in the database, mitigating risks of malicious corruption."
+" ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:331
+msgid "Limited database functionalities"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:332
+msgid ""
+"The GlobaLeaks backend restricts SQLite functionalities to only those "
+"necessary for running the application, reducing the potential for "
+"exploitation in case of SQL injection attacks."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:334
+msgid ""
+"This is implemented using the ```conn.set_authorizer``` API and a strict "
+"authorizer callback that authorizes only a limited set of SQL "
+"instructions: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:345
+msgid "DoS resiliency"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:346
+msgid ""
+"To mitigate denial of service attacks, GlobaLeaks applies the following "
+"measures:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:348
+msgid ""
+"Implements a proof-of-work (hashcash) on each unauthenticated request to "
+"limit automation."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:349
+msgid "Applies rate limiting on authenticated sessions."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:350
+msgid ""
+"Limits the possibility of triggering CPU-intensive routines by external "
+"users (e.g., limits on query and job execution times)."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:351
+msgid ""
+"Monitors activity to detect and respond to attacks, implementing "
+"proactive security measures to prevent DoS (e.g., slowing down fast "
+"operations)."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:354
+msgid "Proof of work on users' sessions"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:355
+msgid ""
+"The system implements an automatic `Proof of Work "
+"<https://en.wikipedia.org/wiki/Proof_of_work>`__ based on the hashcash "
+"algorithm for every user session, requiring clients to request a token "
+"and continuously solve a computational problem to acquire and renew the "
+"session."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:358
+msgid "Rate limit on users' sessions"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:359
+msgid ""
+"The system implements rate limiting on user sessions, preventing more "
+"than 5 requests per second and applying increasing delays on requests "
+"that exceed this threshold."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:362
+msgid "Rate limit on whistleblowers' reports and attachments"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:363
+msgid ""
+"The system applies rate limiting on whistleblower reports and "
+"attachments, preventing new submissions and file uploads if thresholds "
+"are exceeded."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:365
+msgid "Implemented thresholds are:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "Threshold Variable"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+#: ../../security/PenetrationTests.rst:1
+msgid "Goal"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "Default Threshold Setting"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "threshold_reports_per_hour"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "Limit the number of reports that can be filed per hour"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "20"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "threshold_reports_per_hour_per_ip"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid ""
+"Limit the number of reports that can be filed per hour by the same IP "
+"address"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "5"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "threshold_attachments_per_hour_per_ip"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid ""
+"Limit the number of attachments that can be uploaded per hour by the same"
+" IP address"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "120"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "threshold_attachments_per_hour_per_report"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "Limit the number of attachments that can be uploaded per hour on a report"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "30"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:375
+msgid ""
+"In case of necessity, threshold configurations can be adjusted using the "
+"`gl-admin` command as follows: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:381
+msgid "Other measures"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:383
+msgid "Browser history and forensic traces"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:384
+msgid ""
+"The entire application is designed to minimize or reduce the forensic "
+"traces left by whistleblowers on their devices while filing reports."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:386
+msgid ""
+"When accessed via the Tor Browser, the browser ensures that no persistent"
+" traces are left on the user's device."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:388
+msgid ""
+"To prevent or limit forensic traces in the browser history of users "
+"accessing the platform via a common browser, the application avoids "
+"changing the URI during whistleblower navigation. This prevents the "
+"browser from logging user activities and offers high plausible "
+"deniability, making the whistleblower appear as a simple visitor to the "
+"homepage and avoiding evidence of any submission."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:391
+msgid "Secure file management"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:393
+msgid "Secure file download"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:394
+msgid ""
+"Any attachment uploaded by anonymous whistleblowers might contain "
+"malware, either intentionally or not. It is highly recommended, if "
+"possible, to download files and access them on an air-gapped machine "
+"disconnected from the network and other sensitive devices. To facilitate "
+"safe file downloads and transfers using a USB stick, the application "
+"provides the option to export reports, enabling the download of a ZIP "
+"archive containing all report content. This reduces the risk of executing"
+" files during the transfer process."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:397
+msgid "Safe file opening"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:398
+msgid ""
+"For scenarios where the whistleblower's trustworthiness has been "
+"validated or in projects with a low-risk threat model, the application "
+"offers an integrated file viewer. This viewer, leveraging modern browser "
+"sandboxing capabilities, allows the safe opening of a limited set of file"
+" types considered more secure than accessing files directly through the "
+"operating system. This feature is disabled by default. Administrators "
+"should enable it only after thorough evaluation and ensure that "
+"recipients' browsers are kept up-to-date."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:400
+msgid "The supported file formats are:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:402
+msgid "AUDIO"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:403
+msgid "CSV"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:404
+msgid "IMAGE"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:405
+msgid "PDF"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:406
+msgid "VIDEO"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:407
+msgid "TXT"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:409
+#: ../../security/ApplicationSecurity.rst:419
+msgid "The default configuration has this feature disabled."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:412
+msgid "PGP encryption"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:413
+msgid "The system offers an optional PGP encryption feature."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:415
+msgid ""
+"When enabled, users can activate a personal PGP key that will be used by "
+"the system to encrypt email notifications and files on-the-fly."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:417
+msgid ""
+"This feature is recommended for high-risk threat models, especially when "
+"used in conjunction with air-gapped systems for report visualization."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:422
+msgid "Encryption of temporary files"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:423
+msgid ""
+"Files uploaded and temporarily stored on disk during the upload process "
+"are encrypted with a temporary, symmetric AES key to prevent any "
+"unencrypted data from being written to disk. Encryption is performed in "
+"streaming mode using `AES 128-bit` in `CTR mode`. Key files are stored in"
+" memory and are unique for each file being uploaded."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:426
+msgid "Secure file delete"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:427
+msgid ""
+"Every file deleted by the application is overwritten before the file "
+"space is released on disk."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:429
+msgid ""
+"The overwrite routine is executed by a periodic scheduler and follows "
+"these steps:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:431
+msgid "A first overwrite writes 0 across the entire file;"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:432
+msgid "A second overwrite writes 1 across the entire file;"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:433
+msgid "A third overwrite writes random bytes across the entire file."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:436
+msgid "Exception logging and redaction"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:437
+msgid ""
+"To quickly diagnose potential software issues when client exceptions "
+"occur, they are automatically reported to the backend. The backend "
+"temporarily caches these exceptions and sends them to the backend "
+"administrator via email."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:439
+msgid ""
+"To prevent inadvertent information leaks, logs are processed through "
+"filters that redact email addresses and UUIDs."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:442
+msgid "Entropy sources"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:443
+msgid "The primary source of entropy for the platform is `/dev/urandom`."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:446
+msgid "UUIDv4 randomness"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:447
+msgid ""
+"System resources like submissions and files are identified by UUIDv4 to "
+"make them unguessable by external users and limit potential attacks."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:450
+msgid "TLS for smtp notification"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:451
+msgid ""
+"All notifications are sent through an SMTP channel encrypted with TLS, "
+"using either SMTP/TLS or SMTPS, depending on the configuration."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:2
+msgid "Encryption protocol"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:3
+msgid ""
+"GlobaLeaks implements an encryption protocol specifically designed for "
+"anonymous whistleblowing applications."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:5
+msgid ""
+"The protocol has been developed and validated in collaboration with the "
+"`Open Technology Fund <https://www.opentech.fund/results/supported-"
+"projects/globaleaks/>`_ and represents a trade-off between security and "
+"usability. It is designed to be user-friendly for whistleblowers while "
+"providing reasonable protection against attackers attempting to breach "
+"the backend and perform brute-force decryption."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:7
+msgid ""
+"Encryption is applied to each submission, protecting answers to "
+"questionnaires, comments, attachments, and associated metadata. The "
+"encryption keys are assigned per user and per report, ensuring that only "
+"whistleblowers and their intended recipients can access the reports. This"
+" means that if users forget their passwords, they will lose access to the"
+" data in their accounts."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:9
+msgid ""
+"To enable users to recover their accounts in case they forget their "
+"passwords, the system includes a `Key Recovery`_ mechanism and provides "
+"each user with an Account Recovery Key. This measure ensures that users "
+"with their own Account Recovery Key can always restore access to their "
+"account and the data it contains."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:11
+msgid ""
+"To prevent data loss in case users lose both their password and their "
+"account recovery key, the system can be configured to use a `Key Escrow`_"
+" mechanism. This delegates the responsibility of supporting users in "
+"recovering access to their accounts to administrators. This capability "
+"enhances the project's resilience against data loss due to users' death "
+"or conflicts of interest within the recipient team. However, it also "
+"means that administrators with access to escrow keys could potentially "
+"access other users' accounts and data. Project owners should carefully "
+"decide whether to enable this feature based on the project's threat model"
+" and document their decision in the project's privacy policies."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:14
+msgid "Encryption's workflow"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:15
+msgid ""
+"Users choose a secure personal password during their first login using an"
+" account activation link."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:16
+msgid ""
+"The system creates a personal asymmetric keypair for each user and stores"
+" the private key symmetrically encrypted with a secret derived from the "
+"user's password."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:17
+msgid ""
+"Each user's private key is protected by the Key Recovery mechanism and, "
+"if enabled, by the Key Escrow mechanism."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:18
+msgid "The whistleblower files a report."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:19
+msgid "The system assigns a unique 16-digit receipt number to the whistleblower."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:20
+msgid ""
+"The system generates an asymmetric keypair for the whistleblower and "
+"stores the private key symmetrically encrypted with a secret derived from"
+" the whistleblower’s receipt number."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:21
+msgid ""
+"The system generates an asymmetric keypair for encrypting the report, "
+"attachments, comments, and associated metadata, and stores a copy of the "
+"private key encrypted for each involved user using their own public key."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:22
+msgid ""
+"The system encrypts the report, attachments, comments, and metadata with "
+"the public key generated for the report."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:23
+msgid ""
+"The system grants each involved user access to their reports and "
+"facilitates communication by automatically locking and unlocking the "
+"involved keys when a report is accessed or new communication is made."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:26
+msgid "Encryption's details"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:28
+msgid "Algorithms"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Type"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Implementation"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Asymmetric encryption"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid ""
+"`Libsodium SealedBoxes "
+"<https://pynacl.readthedocs.io/en/stable/public/#nacl.public.SealedBox>`_,"
+" which combines Curve25519, XSalsa20, and Poly1305 algorithms."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Symmetric encryption"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid ""
+"`Libsodium SecretBoxes "
+"<https://pynacl.readthedocs.io/en/stable/secret/#nacl.secret.SecretBox>`_,"
+" which combines XSalsa20 and Poly1305."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:36
+msgid "Users’ credentials"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:37
+msgid "The system uses two types of credentials depending on the user role:"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Credentials type"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "User role"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Passwords"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Used for authenticating users identified by a username"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Receipts"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "16-digit random secrets used for authenticating anonymous whistleblowers"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:45
+msgid "Assumptions:"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:47
+msgid "The system enforces strong password complexity."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:48
+msgid ""
+"The system enforces expiration of receipts according to a strict data "
+"retention policy that limits the number of concurrent active receipts."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:51
+msgid "Users’ keys"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Generation"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Storage"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "ECC Curve25519 keypair"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid ""
+"Generated by the backend during first user login for authenticated users "
+"and upon submission for whistleblowers"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid ""
+"Keys are stored on the backend encrypted using symmetric encryption. The "
+"symmetric key used for encrypting users’ keys is derived from the users’ "
+"credentials using the KDF function `Argon2ID <https://password-"
+"hashing.net/argon2-specs.pdf>`_. The parameters for Argon2ID used for KDF"
+" are stronger than those used for user authentication, with the hash "
+"stored. The parameters are selected to require 128MB of memory per login "
+"and 1 second of computation."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:58
+msgid "Data encryption's keys"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "256-bit keys"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Generated by the backend for each report"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid ""
+"Keys are stored on the backend filesystem encrypted using asymmetric "
+"encryption with Users’ and Whistleblower’s keys, respectively."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:65
+msgid "Key generation"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:66
+msgid ""
+"Users' encryption keys are automatically generated during the first login"
+" and secured using the user passphrase. This straightforward but "
+"effective key generation policy requires users to complete their first "
+"login before being able to receive reports."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:69
+msgid "Key recovery"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:70
+msgid ""
+"The system implements a key recovery mechanism using a recovery key and "
+"symmetric encryption."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:72
+msgid ""
+"When a user key is generated, the private key is symmetrically encrypted "
+"with a randomly generated recovery key."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:74
+msgid ""
+"For usability reasons, this recovery key is also securely encrypted and "
+"stored on the backend, allowing logged-in users who possess their "
+"password to retrieve and print their own account recovery key."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:77
+msgid "Key escrow"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:78
+msgid ""
+"The system offers an optional key escrow mechanism to mitigate data loss "
+"in the event of users losing their passwords."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:80
+msgid ""
+"Key escrow can be enabled during the initial application setup or in the "
+"advanced settings of the software."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:82
+msgid ""
+"We recommend enabling this option to protect whistleblowers' submissions "
+"in cases where recipients lose their passwords. However, if you want to "
+"set up a system where only recipients can access submissions, we advise "
+"against using this feature."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:84
+msgid ""
+"When enabled, the system generates and assigns an escrow key to the "
+"administrator who activated the feature. This key is then used to encrypt"
+" every system key, with a copy preserved that any administrator with the "
+"escrow key can unlock."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:86
+msgid ""
+"Administrators with access to the escrow key can assist internal users "
+"with password recovery and issue password resets. They can also grant "
+"this privilege to other administrators or disable the feature entirely."
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:3
+msgid "Security audits"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:5
+msgid ""
+"GlobaLeaks undergoes independent security audits periodically to verify "
+"and enhance the security of the system. This page lists the most "
+"significant reports available."
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:7
+msgid ""
+"We aim to have audits conducted at least every two years, thanks to "
+"funding opportunities. Each adopter is encouraged to contribute by "
+"funding a general or topic-specific audit based on their capabilities. "
+"This helps ensure that every algorithm, component, and methodology "
+"applied within the project is thoroughly verified."
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:9
+msgid ""
+"If you have conducted or are considering sponsoring a security audit, "
+"please email us at `info@globaleaks.org <mailto:info@globaleaks.org>`_. "
+"This is especially important for general software security. When "
+"requesting a company to audit the software, always remember to ask if the"
+" report can be published afterward; many auditors may not agree to "
+"publish the report later, which has often led to wasted project "
+"resources."
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:11
+msgid ""
+"If you are an independent security auditor or, during your peer review of"
+" GlobaLeaks, you discover or suspect a vulnerability, please do not file "
+"a public issue. Instead, send your report privately through our "
+"`reporting form <https://github.com/globaleaks/whistleblowing-"
+"software/security/advisories/new>`_ or via email to "
+"`security@globaleaks.org <mailto:security@globaleaks.org>`_."
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1 ../../user/admin/UserInterface.rst:135
+msgid "Date"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Auditor"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "2013"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`iSecPartners <https://www.isecpartners.com>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Architecture Audit"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`Report <https://www.globaleaks.org/docs/en/pt/2013-isec.pdf>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`Cure53 <https://cure53.de/>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Web Security Audit"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`Report <https://www.globaleaks.org/docs/en/pt/2013-cure53.pdf>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "2014"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`LeastAuthority <https://leastauthority.com/>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Source Code Audit"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`Report <https://www.globaleaks.org/docs/en/pt/2014-leastauthority.pdf>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "2018"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`SubGraph <https://subgraph.com/>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Overall Audit"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`Report <https://www.globaleaks.org/docs/en/pt/2018-subgraph.pdf>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "2019"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`RadicallyOpenSecurity <https://radicallyopensecurity.com/>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Crypto Audit, Multi-tenancy Audit, Overall Audit"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid ""
+"`Report "
+"<https://www.globaleaks.org/docs/en/pt/2019-radicallyopensecurity.pdf>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "2022"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid ""
+"Server Source Code Audit, Client Pentest, OpSec for Whistleblowers, OpSec"
+" for Server Administrators"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid ""
+"`Report "
+"<https://www.globaleaks.org/docs/en/pt/2022-radicallyopensecurity.pdf>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "2024"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`ISGroup <https://isgroup.it/>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Surface Analysis and Network Penetration Test"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`Report <https://www.globaleaks.org/docs/en/pt/2024-isgroup.pdf>`_"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:3
+msgid "Threat model"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:4
+msgid ""
+"GlobaLeaks is a free and open-source whistleblowing software designed for"
+" various usage scenarios, each requiring a balance between strong "
+"security and high usability. These two requirements are crucial for "
+"managing whistleblowing procedures effectively, protecting "
+"whistleblowers, and achieving specific project goals. Given the variety "
+"of use cases and associated risks, the software can be configured to "
+"address the specific threat model detailed here."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:6
+msgid ""
+"This document is intended for organizations implementing a whistleblowing"
+" procedure using GlobaLeaks. It supports the analysis and understanding "
+"of the specific threat model relevant to their context and risks and "
+"guides users in selecting best practices for their project."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:9
+msgid "Users matrix"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:10
+msgid ""
+"The first step is to define the types of users interacting with a "
+"GlobaLeaks platform."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "User"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Definition"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"The user who submits an anonymous report through the platform. "
+"Whistleblowers may operate under various threat models depending on the "
+"usage scenario and the nature of the information submitted."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"The user who receives and analyzes anonymous reports from Whistleblowers."
+" Recipients act in good faith and are considered trusted parties "
+"concerning the protection of Whistleblowers' confidentiality."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"Users responsible for setting up, managing, and monitoring the platform's"
+" security. Administrators may not be the same entities running or "
+"managing the whistleblowing initiatives (e.g., hosted solutions, multiple"
+" stakeholder projects). Administrators are trusted entities but do not "
+"have direct access to reports and advise Recipients on best practices."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:19
+msgid ""
+"It is crucial to apply security measures relative to the users of the "
+"platform, aiming to achieve an appropriate tradeoff between security and "
+"usability."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:22
+msgid "Anonymity matrix"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:23
+msgid ""
+"The anonymity of users must be classified depending on the context of "
+"use, as follows:"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Anonymous"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"The user accesses the platform via the Tor Browser and follows best "
+"practices to protect their identity, minimizing the risk of tracking by "
+"any system involved in the operation. The user has not disclosed their "
+"identity to Recipients."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Confidential"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"The user accesses the platform via a common browser. While third parties "
+"might log their IP address, the platform protects the content of their "
+"communication. The user may choose to disclose their identity to "
+"Recipients confidentially."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:31
+msgid ""
+"The platform always informs users of their current anonymity status and "
+"provides guidance on best practices for anonymous access via the Tor "
+"Browser. Administrators may enforce the requirement that Whistleblowers "
+"use the Tor Browser to file reports, depending on the use case."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:34
+msgid "Communication security matrix"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:35
+msgid ""
+"The security of communication concerning third-party monitoring varies "
+"based on the context of use."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Security level"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Description"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "High security"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"Tor is used, and communication is encrypted end-to-end with the "
+"GlobaLeaks platform, ensuring that no third party can eavesdrop on the "
+"communication."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Medium security"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"HTTPS is used, and communication is encrypted end-to-end with the "
+"GlobaLeaks platform. A third party capable of manipulating HTTPS security"
+" (e.g., re-issuing TLS certificates) could eavesdrop on the "
+"communication. If HTTPS security is maintained, monitoring the user's "
+"communication line or the GlobaLeaks platform's communication line is not"
+" feasible."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1 ../../security/ThreatModel.rst:44
+msgid "Identity disclosure matrix"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:45
+msgid ""
+"Regardless of the anonymity matrix, users may choose or be required to "
+"disclose their identity."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Undisclosed"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "The user's identity is not disclosed and is unlikely to be disclosed."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Optionally disclosed"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"The user's identity is not disclosed by default but may be voluntarily "
+"disclosed (e.g., an anonymous tip-off MAY receive a follow-up, whereas a "
+"formal report with disclosed identity MUST receive a follow-up)."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Disclosed"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "The user chooses or is required to disclose their identity to other users."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:54
+msgid ""
+"Identity disclosure is crucial because even in an Anonymous High security"
+" environment, disclosing one's identity may be a valuable option for "
+"specific whistleblowing workflows."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:56
+msgid ""
+"Users starting with an anonymity setting of “Anonymous” and an "
+"“Undisclosed Identity” can decide later to disclose their identity. "
+"Conversely, this cannot be undone. This consideration is key to ensuring "
+"user protection in GlobaLeaks."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:58
+msgid ""
+"Voluntary identity disclosure may be required in certain whistleblowing "
+"procedures because:"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:60
+msgid "A tip-off MAY receive a follow-up and can be anonymous;"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:61
+msgid "Formal reports MUST receive a follow-up and cannot be anonymous."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:63
+msgid ""
+"The distinction between “MAY” and “MUST” refers to the actions of "
+"recipients and is a fundamental element of the guarantees provided to "
+"whistleblowers in many initiatives (e.g., a corporate or institutional "
+"whistleblowing platform should not follow a MUST approach for anonymous "
+"submission follow-up, treating such submissions as tip-offs rather than "
+"formal reports)."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:66
+msgid "Usage scenarios matrix"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:67
+msgid ""
+"This section provides examples of how different anonymity levels for "
+"users can be combined depending on the context of use."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Use case"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Media outlet"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"A media outlet with a disclosed identity initiates a whistleblowing "
+"project. The outlet’s recipients are disclosed to Whistleblowers, "
+"allowing them to trust a specific journalist rather than the outlet "
+"itself. Full anonymity must be assured to whistleblowers, and their "
+"identity cannot be disclosed in connection with anonymous submissions. "
+"Whistleblowers MAY choose to disclose their identity if they trust the "
+"journalist's source-protection record."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Corporate compliance"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"A corporation implements transparency or anti-bribery law compliance by "
+"promoting initiatives to employees, consultants, and providers. "
+"Recipients are part of a company division (e.g., Internal Audit office). "
+"Whistleblowers are guaranteed full anonymity but may optionally disclose "
+"their identity."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Human Rights Activism Initiative"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"A human rights group initiates a whistleblowing project to expose "
+"violations in a dangerous area. The organization requires anonymity to "
+"avoid retaliation and operates under a pseudonym. Recipients MUST not be "
+"disclosed to Whistleblowers, but partial disclosure by pseudonym is "
+"acceptable to establish trust. The Whistleblower MUST be guaranteed "
+"anonymity and their identity cannot be disclosed."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Citizen media initiative"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"A citizen media initiative with a public identity seeks reports on "
+"specific topics (e.g., political, environmental malpractice, corruption) "
+"in a medium-low risk operational context. Recipients may use pseudonyms "
+"or remain public to avoid complete exposure. Whistleblowers, if the topic"
+" is not life-threatening, may submit reports confidentially to lower the "
+"entry barrier."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:77
+msgid ""
+"The following matrix illustrates how different usage scenarios can "
+"require various anonymity levels, communication security requirements, "
+"and identity disclosures for different users."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:79
+msgid ""
+"GlobaLeaks will provide appropriate security awareness information "
+"through its user interface and enforce specific requirements based on "
+"clear configuration guidelines."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Scenario"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Anonymity level"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Identity disclosure"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Communication security"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "No anonymity"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Admin"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Partially disclosed"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:98
+msgid "Data security matrix"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:99
+msgid ""
+"This section highlights the data handled by GlobaLeaks and the protection"
+" schemes applied to it."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:101
+msgid "The following information types are involved in GlobaLeaks:"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Information type"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Questionnaire answers"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"Data associated with a submission, including the filled forms and options"
+" selected by the Whistleblower."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Submission attachments"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Files associated with a submission."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Platform configuration"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Data for configuring and customizing the platform."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Software files"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"All files required for the software to function, including default "
+"configurations."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Email notifications"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Data sent to notify recipients of new reports via email."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:112
+msgid "Below is a matrix showing the different security measures applied to data."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Encryption"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Filters"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Sanitization"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Encrypted in the database with per-user/per-submission keys"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Keyword filters"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Antispam, Anti-XSS"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Encrypted on the filesystem with per-user/per-submission keys"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Extension blocking, Antivirus"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "N/A"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Encrypted with PGP when recipient keys are available"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Antispam to prevent flooding"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:122
+msgid "Threats to anonymity and confidentiality"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:123
+msgid ""
+"This section highlights various threats that require specific "
+"consideration."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:126
+msgid "Browser history and cache"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:127
+msgid ""
+"GlobaLeaks uses crafted HTTP headers and other techniques to minimize "
+"leaking information into a user’s browser history or cache. While this "
+"privacy feature enhances safety, it cannot guarantee protection against "
+"forensic analysis of browser cache and history but serves as an "
+"additional safety measure."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:130
+msgid "Metadata"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:131
+msgid ""
+"Files may contain metadata related to the author or whistleblower. "
+"Cleaning metadata from submitted files helps protect an \"unaware\" "
+"whistleblower from inadvertently including information that may "
+"compromise their anonymity. GlobaLeaks does not automatically clean "
+"metadata by default, as metadata is considered a fundamental part of the "
+"original evidence that should be preserved. Metadata cleanup is an "
+"optional step that may be suggested to Whistleblowers or performed by "
+"Recipients when sharing documents with others. When sharing files with "
+"external parties, Recipients are advised to print the document and "
+"provide a hard copy to ensure that only visible information is shared, "
+"avoiding the risk of sharing sensitive metadata. For more on metadata and"
+" redacting digital files, see the article `Everything you wanted to know "
+"about media metadata, but were afraid to ask "
+"<https://freedom.press/training/everything-you-wanted-know-about-media-"
+"metadata-were-afraid-ask/>`_ by Harlo Holmes. A useful tool for these "
+"procedures is the `Metadata Anonymization Toolkit "
+"<https://0xacab.org/jvoisin/mat2>`_."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:134
+msgid "Malware and trojans"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:135
+msgid ""
+"GlobaLeaks cannot prevent an attacker from using the platform maliciously"
+" to target recipients with malware or trojans. To mitigate risks of data "
+"exfiltration through trojans, Recipients should implement proper "
+"operational security by using dedicated laptops for report viewing and "
+"opening file attachments on offline computers. Wherever possible, they "
+"should use specialized secure operating systems like `QubesOS "
+"<https://www.qubes-os.org/>`_ or `Tails <https://tails.boum.org/>`_ and "
+"ensure up-to-date antivirus software is running."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:138
+msgid "Network and reverse proxies"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:139
+msgid ""
+"GlobaLeaks is designed for use with direct Tor or TLS connections from "
+"the user’s browser to the application backend. The use of Network and "
+"Reverse Proxies in front of the application is discouraged as they can "
+"interfere with the application and compromise confidentiality and "
+"anonymity measures implemented in GlobaLeaks."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:142
+msgid "Data stored outside the platform"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:143
+msgid ""
+"GlobaLeaks does not provide security for data stored outside the "
+"GlobaLeaks system. It is the responsibility of Recipients to protect data"
+" downloaded from the platform or shared via external USB drives. The "
+"operating system used or the USB drive should offer encryption to ensure "
+"that, in case of device loss or theft, the data remains inaccessible."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:146
+msgid "Environmental factors"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:147
+msgid ""
+"GlobaLeaks does not protect against environmental factors related to "
+"users' physical locations or social relationships. For example, if a user"
+" has a surveillance device in their home, GlobaLeaks cannot provide "
+"protection. Similarly, if a whistleblower, who is supposed to be "
+"anonymous, shares their story with friends or coworkers, GlobaLeaks "
+"cannot offer protection."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:150
+msgid "Incorrect data retention policies"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:151
+msgid ""
+"GlobaLeaks implements a strict default data retention policy of 90 days "
+"to allow users to manage reports within a limited time frame necessary "
+"for investigations. If the platform is configured to retain reports for "
+"an extended period and Recipients do not manually delete unnecessary "
+"reports, the value of the data increases, along with the risk of "
+"exposure."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:154
+msgid "Human negligence"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:155
+msgid ""
+"While GlobaLeaks provides Administrators with the ability to fine-tune "
+"security configurations and continuously informs users about their "
+"security context, it cannot protect against major security threats "
+"resulting from human negligence. For instance, if a Whistleblower submits"
+" data that can identify them as the unique owner or recent viewer, "
+"GlobaLeaks cannot protect their identity."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:158
+msgid "Advanced traffic analysis"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:159
+msgid ""
+"An attacker monitoring HTTPS traffic, without the ability to decrypt it, "
+"can still identify user roles based on different network traffic patterns"
+" generated by Whistleblowers, Recipients, and Administrators. GlobaLeaks "
+"does not offer protection against this type of threat. We recommend using"
+" `Tor pluggable transports <https://2019.www.torproject.org/docs"
+"/pluggable-transports.html.en>`_ or other methods that provide additional"
+" protection against such attacks."
+msgstr ""
+
+#: ../../security/index.rst:2
+msgid "Security"
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:2
+msgid "Installation guide"
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:3
+msgid "The following guide will help you through the installation of GlobaLeaks."
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:5
+msgid ""
+"Before starting the installation, ensure that your system meets the "
+":doc:`Requirements </gettingstarted/Requirements>`."
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:8
+msgid ""
+"GlobaLeaks is designed to provide optimal technical anonymity for "
+"whistleblowers. Additionally, the software can be configured to protect "
+"the identity of the platform administrator and the server's location, but"
+" this requires advanced setup procedures not covered in this simplified "
+"installation guide. By executing the commands below, your IP address and "
+"system location could be tracked by network providers, and our systems "
+"will receive the same information to facilitate software provisioning."
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:12
+msgid "**Install GlobaLeaks**"
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:14
+msgid "To install GlobaLeaks, run the following commands:"
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:22
+msgid ""
+"You may also install GlobaLeaks using Docker. Check out the `docker` "
+"directory in our GitHub repository for instructions."
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:24
+msgid ""
+"After installation, follow the instructions provided to guide you through"
+" accessing the :doc:`Platform wizard </setup/PlatformWizard>`."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:2
+msgid "Platform wizard"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:3
+msgid "After installing GlobaLeaks, you can proceed with the platform wizard."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:5
+msgid ""
+"Open a browser at port 443 or port 8443 on your remote or local IP, "
+"respectively."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:7
+msgid ""
+"We recommend performing the wizard either using the Tor address provided "
+"at the end of the setup or on localhost via a VPN."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:10
+msgid "Choose the primary language for your site"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:11
+msgid ""
+"On the first page of the wizard, you will be prompted to select the "
+"language for your site. The default choice is English, but many other "
+"languages are available, with more expected in the future."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:16
+msgid "Choose a name for your project"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:17
+msgid "In the second section of the wizard, configure the name of your project."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:22
+msgid "Configure the account for the administrator of your whistleblowing site"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:23
+msgid ""
+"In the third section of the wizard, configure the account details for the"
+" administrator of your project."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:25
+msgid ""
+"Be sure to choose a strong password to protect this sensitive account; an"
+" indication of the strength of the chosen password is provided to guide "
+"you."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:30
+msgid "Configure the account for the first recipient of reports"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:31
+msgid ""
+"In the fourth section of the wizard, configure the account details for "
+"the first recipient of reports sent to your project."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:36
+msgid "Read and accept the license"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:37
+msgid ""
+"In the fifth section of the wizard, you will be prompted to read and "
+"accept the GlobaLeaks License."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:42
+msgid "Complete the wizard"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:43
+msgid "The sixth section of the wizard confirms the completion of the setup."
+msgstr ""
+
+#: ../../user/Admin.rst:2
+msgid "For administrators"
+msgstr ""
+
+#: ../../user/Common.rst:2
+msgid "Common to all users"
+msgstr ""
+
+#: ../../user/Common.rst:4
+msgid "Login"
+msgstr ""
+
+#: ../../user/Common.rst:5
+msgid "Users could login by accessing the ``/#/login`` page."
+msgstr ""
+
+#: ../../user/Common.rst:10
+msgid "Access the user preferences"
+msgstr ""
+
+#: ../../user/Common.rst:11
+msgid ""
+"After login Users could access their preferences by clicking the "
+"``Preferences`` link present in the login status bar."
+msgstr ""
+
+#: ../../user/Common.rst:16
+msgid "Change your password"
+msgstr ""
+
+#: ../../user/Common.rst:17
+msgid ""
+"Users could change their own password by accessing the ``Password`` tab "
+"present in the ``Preferences`` page."
+msgstr ""
+
+#: ../../user/Common.rst:22
+msgid "Reset your password"
+msgstr ""
+
+#: ../../user/Common.rst:23
+msgid ""
+"Users could requests a password reset via the ``/#/login`` page by "
+"clicking the ``Forgot password?`` button."
+msgstr ""
+
+#: ../../user/Common.rst:25
+msgid ""
+"After clicking the button users are requested to type their own username "
+"or email address."
+msgstr ""
+
+#: ../../user/Common.rst:34
+msgid "Enable two-factor-authentication (2fa)"
+msgstr ""
+
+#: ../../user/Common.rst:35
+msgid ""
+"Users could enable Two-Factor-Authentication by clicking the ``Enable two"
+" factor authentication`` option inside the ``Preferences`` page."
+msgstr ""
+
+#: ../../user/Common.rst:37
+msgid ""
+"To enable the feature the user requires to have a phone with installed a "
+"common ``Authenticator APP`` implementing the TOTP standard as by `RFC "
+"6238 <https://tools.ietf.org/html/rfc6238>`_"
+msgstr ""
+
+#: ../../user/Common.rst:42
+msgid "Access and save your account recovery key"
+msgstr ""
+
+#: ../../user/Common.rst:43
+msgid ""
+"Users could access their own Account Recovery key by clicking the "
+"``Account Recovery Key`` button present in the ``Preferences`` page."
+msgstr ""
+
+#: ../../user/Common.rst:45
+msgid ""
+"This is a fundamental step that any user should do at their first login "
+"after activating their own account in order to backup their own account "
+"recovery key and get sure to not incur in data loss due to password loss."
+msgstr ""
+
+#: ../../user/Recipient.rst:2
+msgid "For recipients"
+msgstr ""
+
+#: ../../user/Recipient.rst:5
+msgid "Access the list of the existing reports"
+msgstr ""
+
+#: ../../user/Recipient.rst:6
+msgid ""
+"The lists of the existing reports can be accessed via the link "
+"``Reports`` on the sidebar of the Recipient's Homepage."
+msgstr ""
+
+#: ../../user/Recipient.rst:13
+msgid "Access a report"
+msgstr ""
+
+#: ../../user/Recipient.rst:14
+msgid "A report can be accessed in two ways:"
+msgstr ""
+
+#: ../../user/Recipient.rst:16
+msgid "By clicking on it like on a mailbox system from the ``Reports`` page"
+msgstr ""
+
+#: ../../user/Recipient.rst:17
+msgid ""
+"By clicking on the link received on a mail notification and entering own "
+"credentials"
+msgstr ""
+
+#: ../../user/Whistleblower.rst:2
+msgid "For whistleblowers"
+msgstr ""
+
+#: ../../user/Whistleblower.rst:5
+msgid "File a new report"
+msgstr ""
+
+#: ../../user/Whistleblower.rst:6
+msgid ""
+"A new report can be filed by accessing the homepage of the platform and "
+"clicking the ``File a report`` button."
+msgstr ""
+
+#: ../../user/Whistleblower.rst:12
+msgid ""
+"After filing a new report the systems provides to the user a 16-digit "
+"receipt."
+msgstr ""
+
+#: ../../user/Whistleblower.rst:17
+msgid "Access an existing report"
+msgstr ""
+
+#: ../../user/Whistleblower.rst:18
+msgid ""
+"An existing report can be accessed by entering the 16-digit receipt "
+"obtained at the end of the submission on the login interface present on "
+"the home page of the platform."
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:2
+msgid "Backup and restore"
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:4
+msgid "To perform a manual backup, you can use the following bash script:"
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:21
+msgid ""
+"After running the script, you will find a `tar.gz` archive in "
+"`/var/globaleaks/backups`. The file will be named in the format: "
+"`globaleaks-$version-$timestamp.tar.gz`."
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:23
+msgid ""
+"GlobaLeaks automatically performs a backup during each platform update. "
+"These backups are retained under a data retention policy and are deleted "
+"15 days after the update."
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:25
+msgid "To restore an existing backup:"
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:27
+msgid ""
+"Ensure that GlobaLeaks is not running; you can stop it using: `service "
+"globaleaks stop`."
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:28
+msgid ""
+"Identify the version of GlobaLeaks required for the restoration, which is"
+" indicated in the backup filename."
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:29
+msgid ""
+"Extract the contents of the archive to `/var/globaleaks` using: `tar "
+"-zxvf backup.tar.gz`."
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:30
+msgid ""
+"Install the required version of GlobaLeaks with: `apt-get install "
+"globaleaks=<version>` (e.g., `globaleaks=3`)."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:2
+msgid "Common configurations"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:4
+msgid "Configure the logo"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:5
+msgid ""
+"The first thing you want to give to your whistleblowing site is a "
+"branding identity; this could be done by loading a logo in section Site "
+"settings / Main configuration."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:9
+msgid ""
+"Scroll down along the page to reach the \"Save\" button, click on it and "
+"have your logo and favicon applied."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:12
+msgid "Enable languages"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:13
+msgid "You may want your GlobaLeaks installation served on more than one language"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:15
+msgid ""
+"To do so, in the section \"Site settings / Languages\" select the "
+"languages you would like and add them."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:17
+msgid ""
+"Note that in the same interface you can mark the default application "
+"language."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:22
+msgid "Configure notification settings"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:23
+msgid ""
+"GlobaLeaks sends out notifications of different events to different "
+"receivers and to admins. In order to have this working, you have to "
+"select  \"Notification Settings\" in the \"Administration Interface - "
+"General Settings\" page and set up email account and related server "
+"parameters."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:25
+msgid ""
+"We suggest you to setup an email account dedicated to sending out "
+"notifications from your initiative."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:29
+msgid "Enter the followings:"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:31
+msgid ""
+"SMTP name: the name of your GlobaLeaks project or something that equally "
+"descriptive"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:32
+msgid "SMTP email address: the email address used to send notifications"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:33
+msgid ""
+"Username: the username corresponding to the just inserted \"SMTP email "
+"address\"; this is needed to authenticate to the SMTP server and send "
+"emails"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:34
+msgid "Password: Password of the above corresponding \"SMTP email address\""
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:35
+msgid ""
+"SMTP Server Address: it is the hostname of the SMTP server you are using "
+"to send notification emails"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:36
+msgid ""
+"SMTP Server Port: Port used to send outgoing emails. It is usually 465 or"
+" 587 (SMTP with TLS is at TCP port 587; SMTP with SSL is at 465)"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:37
+msgid ""
+"Transport Security: from the drop down menu select the opportune security"
+" level"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:39
+msgid ""
+"It is better to leave untouched the pre-defined settings pertaining the "
+"notification to admins and to recipients, but in the case you want to "
+"disable them, it is possible to check the corresponding checkboxes."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:41
+msgid ""
+"You can then set the value for the time at which the notification alert "
+"of expiring report; this value is set at 72hours to give time to the "
+"recipient(s) to check and manage the pending submissions."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:43
+msgid ""
+"It is possible to tweak the maximum number of emails allowed in an hour, "
+"before email wil be suspended in order to avoid flooding the system. It "
+"is advised to keep the pre-defined value, and eventually change it "
+"accordingly with mail server capabilities."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:45
+msgid ""
+"Once configured all the parameters for notifications, it is possible to "
+"test them by just clicking on the \"Test the configuration\" button."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:47
+msgid ""
+"If all is working as expected, click on the \"Save\" button to keep the "
+"configured parameters."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:50
+msgid "Configure recipients"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:51
+msgid ""
+"The Recipient is the person that will receive and process the data that "
+"whistleblowers input in the platform. You can have one or multiple "
+"Recipients per Context, and also have one Recipient that can access to "
+"multiple Contexts. The platform is very flexible on this and allows you "
+"to define in very detail your whistleblowing system and procedure."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:55
+msgid "Customize the graphic layout"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:57
+msgid "Example 1: Custom Background"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:58
+msgid ""
+"This CSS example shows how to customize the Background Color of the "
+"application."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:68
+msgid "Example 2: Custom Font"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:69
+msgid "This CSS example shows how to customize the font of the application."
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:2
+msgid "Troubleshooting"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:5
+msgid "Issues and bug reporting"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:7
+msgid "If you encounter any issues and are unable to run GlobaLeaks:"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:9
+msgid "Ensure you strictly follow the Installation Guide."
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:10
+msgid ""
+"Verify that you meet the Technical Requirements for hardware and "
+"operating system version."
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:11
+msgid ""
+"Search the support forum to see if a user has already encountered your "
+"issue: `GlobaLeaks Discussions "
+"<https://github.com/orgs/globaleaks/discussions>`_"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:12
+msgid ""
+"Report the issue on the official software issue tracker: `GlobaLeaks "
+"Issues <https://github.com/globaleaks/globaleaks-whistleblowing-software/issues>`_"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:15
+msgid "Useful debugging commands"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:17
+msgid ""
+"Depending on your setup, here are some common checks to determine if "
+"GlobaLeaks is working:"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:19
+msgid "Is the service running?"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:25
+msgid "Is the service responding on the loopback interface?"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:31
+msgid "Is the service listening on external interfaces?"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:37
+msgid "Are exceptions being generated?"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:45
+msgid "Log files"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:46
+msgid ""
+"Here are some useful logs and their corresponding files when GlobaLeaks "
+"is installed:"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:48
+msgid "**GlobaLeaks process:**"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:55
+msgid ""
+"The verbosity of the logs is configurable via the web interface of the "
+"software under Advanced Settings."
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:2
+msgid "Upgrade guide"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:4
+msgid "Regular update"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:5
+msgid ""
+"To safely upgrade a GlobaLeaks installation please proceed with a backup "
+"of your setup by following the :doc:`Backup and restore "
+"</user/admin/BackupAndRestore>` guide."
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:7
+msgid ""
+"This is necessary so that if something goes wrong and you need to "
+"rollback, you will be able to just uninstall the current package, then "
+"install the same version of globaleaks that was previously installed and "
+"working."
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:9
+msgid "In order to update GlobaLeaks perform the following commands:"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:16
+msgid "Upgrade of the distribution version"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:17
+msgid ""
+"For security and stability reasons it is recommended to not perform a "
+"distribution upgrade."
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:19
+msgid ""
+"GlobaLeaks could be instead easily migrated to a new up-to-date Debian "
+"system with the following recommended instructions:"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:21
+msgid "create an archive backup of /var/globaleaks"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:22
+msgid "instantiate the lates Debian available"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:23
+msgid "log on the new server and extract the backup in /var/globaleaks"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:24
+msgid ""
+"follow the :doc:`Installation Guide </setup/InstallationGuide>`; "
+"GlobaLeaks while installing will recognize the presence of an existing "
+"data directory and will use it"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:27
+msgid "In case of errors"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:28
+msgid ""
+"The above commands should allow you to perform regularly updates. On some"
+" conditions due to special updates it could be possible that those "
+"commands result in a failure. Consult this page for knowning specific "
+"FAQs on precise failures."
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:30
+msgid ""
+"In case you do not find any specific documented solution for your "
+"failure, you could run the GlobaLeaks install script. The installation "
+"script in fact is designed to allow the update of GlobaLeaks and it "
+"includes fixes for the most common issue."
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:33
+msgid ""
+"To run the install script for updating globaleaks perform the following "
+"commands:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:2
+msgid "User interface"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:3
+msgid ""
+"This section offers you a summary of the user interface offered to Admin "
+"users."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:7
+msgid "Through the menu you could access the following administrative sections:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:9 ../../user/admin/UserInterface.rst:28
+#: ../../user/admin/UserInterface.rst:33 ../../user/admin/UserInterface.rst:44
+msgid "Settings"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:11 ../../user/admin/UserInterface.rst:77
+msgid "Users"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:13 ../../user/admin/UserInterface.rst:99
+msgid "Questionnaires"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:15 ../../user/admin/UserInterface.rst:158
+msgid "Channels"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:17 ../../user/admin/UserInterface.rst:185
+msgid "Case management"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:21 ../../user/admin/UserInterface.rst:228
+msgid "Network"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:23 ../../user/admin/UserInterface.rst:279
+msgid "Sites"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:25 ../../user/admin/UserInterface.rst:309
+msgid "Audit log"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:29
+msgid ""
+"This is the section that offers you all the main customization "
+"possibilities necessary for implementing a basic and functional "
+"whistleblowing site."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:31
+msgid "This section is furtherly divided in:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:35 ../../user/admin/UserInterface.rst:50
+msgid "Files"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:37 ../../user/admin/UserInterface.rst:56
+msgid "Languages"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:39
+msgid "Text customization"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:41
+msgid "Advanced settings"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:45
+msgid ""
+"In this section is configurable the logo and all the texts of the main "
+"user interfaces."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:51
+msgid ""
+"In this section could be loaded CSS and Javascript and other files "
+"necessary to customize the interface."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:57
+msgid ""
+"In this section you could enable all the languages required by your "
+"project and configure the default language."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:60
+msgid ""
+"Thanks to the `Localization Lab <https://www.localizationlab.org/>`_ and "
+"our great volunteer community, the software is already available and "
+"continuously made available in a lot of languages. This aspect of "
+"internationalization is crucial in many projects. In case you are "
+"starting a project and the required languages are not available we "
+"strongly invite you to register on our `web translation platform "
+"<https://www.transifex.com/otf/globaleaks/>`_ offered by `Transifex "
+"<https://www.transifex.com/otf/globaleaks/>`_ and support yourself the "
+"translation. Internationalization and Localization is in fact are crucial"
+" for the success of a whistleblowing project. Thank you!"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:65
+msgid "Text Customization"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:66
+msgid ""
+"Here could be configured overrides for any of the texts of the platform "
+"and of their translation."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:71
+msgid "Advanced Settings"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:72
+msgid "In this section could be configured a set of advanced settings."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:78
+msgid ""
+"This sections is where users could be created and managed. The system "
+"with the basic configuration completed with the initial Platform wizard "
+"is configured with an Administrator and a Recipient."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:81
+msgid ""
+"Depending on your project needs here you could create users with "
+"different roles and manage their respective privileges."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:86
+msgid "User Roles"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:87
+msgid ""
+"The software offers the possibility to create users with the following "
+"roles:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:89
+msgid "Administrators"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:91
+msgid "Recipients"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:94
+msgid "User Options"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:100
+msgid ""
+"The softare implements a standard default questionnaire that is proposed "
+"as a good base for a generic whistleblowing procedure. This questinnaire "
+"is the current result of the research performed by the project team with "
+"the organizations that have adopted the solution and expecially with "
+"anticorruption and investigative journalism NGOs."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:102
+msgid ""
+"As every organization has different needs, risks and goals globaleaks has"
+" been designed considering to implement an advanced questionnaire builder"
+" offering the possibility to design custom questionnaires."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:104
+msgid ""
+"The following sections present the questionnaire builder and its "
+"capabilities."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:108
+msgid ""
+"Depending on your project needs you may evaluate defining some questions "
+"once as Question Templates and reuse the same question in multiple "
+"questionnaires."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:113
+msgid "Steps"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:114
+msgid ""
+"The software enables to organize questionnaire in one or multiple steps. "
+"For example the default questionnaire is organized with a single step "
+"including all the questions."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:118
+msgid "Questions Types"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:119
+msgid "The software enables you to create questions of the following types:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:121
+msgid "Single-line text input"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:123
+msgid "Multi-line text input"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:125
+msgid "Selection box"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:127
+msgid "Multiple choice input"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:129
+msgid "Checkbox"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:131
+msgid "Attachment"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:133
+msgid "Terms of service"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:137
+msgid "Date range"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:139
+msgid "Voice"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:141
+msgid "Question group"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:144
+msgid "Common Question Properties"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:145
+msgid ""
+"Each of the software question types make it possible to configure the "
+"following properties:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:147
+msgid "Question: The text of the question"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:149
+msgid ""
+"Hint: A hint that will be shown via an popover an a question mark near "
+"the question."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:151
+msgid "Description: A description text that will be shown below the question"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:153
+msgid "Required: Set this field if you want this question to be mandatory"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:155
+msgid ""
+"Preview: Set this field if you want the answers to this question to "
+"appear in the preview section of the list"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:159
+msgid ""
+"This section is where whistleblowing channels could be created and "
+"managed."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:161
+msgid ""
+"A whistleblowing channel is typically defined by the following main "
+"characteristics"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:163
+msgid ""
+"Name: the name of the channel Image: an image to identify the channel "
+"Description: a description of the channel Recipients: the set of "
+"recipients that will receive reports sent to this channel Questionnaire: "
+"the questionnaire that will be proposed to whistleblowers selecting this "
+"channel Submission expiration: the data retention policy for the channel"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:170
+msgid ""
+"The system with the basic configuration completed with the initial "
+"platform wizard is configured with a single Channel called Default, on "
+"which is associated a recipient and the default questionnaire."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:172
+msgid ""
+"Depending on your project needs here you could create additional Channels"
+" and configure their respective properties."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:177
+msgid "Data Retention Policy"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:178
+msgid ""
+"The software enables to configure a data retention policy for each "
+"channel. This is a fundamental property of the whistleblowing channel "
+"that makes it possible to configure automatic secure deletion of reports "
+"after a certain period of time. This setting should be configured in "
+"relation to the risk of the channel in order to limit unneeded exposure "
+"of the reports received therein."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:182
+msgid "By default a channel is configured with a report expiration of 90 days."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:186
+msgid ""
+"This section is intended to host all the main case management feature "
+"that will be offered by the software. Currently it hosts the possibility "
+"to define reports statuses and sub-statuses intended to be used by "
+"Recipients while working on the reports."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:194
+msgid "By default the system includes the following report statuses:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:190
+msgid "New"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:192
+msgid "Open"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:194
+msgid "Closed"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:196
+msgid ""
+"Within this section you may add additional Statuses between the State "
+"Open and Closed and you can furtherly define Sub-statuses for the Closed "
+"status (e.g. Archived / Spam)"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:202
+msgid ""
+"This is the section where are configured all the aspects related to the "
+"mail notifications sent by the software."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:207
+#: ../../user/admin/UserInterface.rst:238
+msgid "The section is furtherly divided in:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:205
+#: ../../user/admin/UserInterface.rst:210
+msgid "Notification Settings"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:207
+#: ../../user/admin/UserInterface.rst:219
+msgid "Notification Templates"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:211
+msgid "Here are configured the technical details about SMTP."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:214
+msgid ""
+"By default GlobaLeaks comes with a working configuration that is based on"
+" systems offered by the GlobaLeaks developers to the community of users "
+"and testers; even though this configuration is designed by their owners "
+"with special care in relation to security and privacy you are invited to "
+"consider using alternative systems for your production environment."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:220
+msgid "In this section are configured the notification templates."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:222
+msgid ""
+"By default globaleaks includes text and translations for each of the "
+"templates that are provided to be fully functional and studied with "
+"particular care in relation to security and privacy. Depending on your "
+"project needs you may override the default text with your customized "
+"texts."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:229
+msgid "In this section are configured the network settings."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:232
+#: ../../user/admin/UserInterface.rst:241
+msgid "HTTPS"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:234
+#: ../../user/admin/UserInterface.rst:255
+msgid "Tor"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:236
+msgid "IP Access control"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:238
+#: ../../user/admin/UserInterface.rst:273
+msgid "URL Redirects"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:242
+msgid ""
+"Here you can configure all the aspects related to the access of the "
+"platform via the HTTPS Protocol."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:246
+msgid "In particular here are configured:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:248
+msgid "The domain name used by your project"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:250
+msgid "The HTTPS key and certificates"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:252
+msgid ""
+"To ease the deployment and the maintenance and reduce the costs of your "
+"project, consider using the software includes support for the Let’s "
+"Encrypt HTTPS certificates."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:256
+msgid ""
+"Here you can configure all the aspects related to the access of the "
+"platform via the Tor Protocol."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:261
+msgid "IP Access Control"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:262
+msgid "Here you can configure IP based Access Control."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:266
+msgid "Suggested configurations are:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:268
+msgid "Prevent Whistleblowers to report from within their respective work space."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:270
+msgid "Restrict Recipients access to their intranet."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:274
+msgid "Here you can configure URL Redirects."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:280
+msgid ""
+"The site section enables organization to create and manage multiple "
+"secondary whistleblowing sites."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:283
+msgid "Sites Management"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:284
+msgid ""
+"Secondary whistleblowing platforms with independent configurations can be"
+" manually created and managed through the Sites interface."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:286
+msgid ""
+"Organizations have typically need for creating a secondary site when "
+"dealing with subsidiaries or third party clients."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:290
+msgid ""
+"After creating a secondary site an administrators of the main site could "
+"simply enter on that system by clicking a \"Configure\" button."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:292
+msgid ""
+"After clicking on the button the administrator will be logged in on the "
+"the administrative panel of the site."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:295
+msgid "Signup Module"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:296
+msgid ""
+"The software features a signup module that can be enabled and used to "
+"offers others users the possibility to register their secondary site."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:298
+msgid ""
+"Organizations have typically need for a signup module when offering the "
+"platform to other subsidiaries or third party clients where they want "
+"users to have the possibility to self subscribe."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:300
+msgid "The signup feature can be anabled in the Options tab of the Sites section."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:304
+msgid ""
+"When the signup module is enabled the submission module of the main site "
+"is automatically disabled and the home page will be featuring the "
+"following signup form:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:310
+msgid ""
+"The software features a privacy precerving audit log enabling "
+"administrators of the system to supervise on projects operations."
+msgstr ""
+
+#: ../../user/index.rst:2
+msgid "User documentation"
+msgstr ""
+
diff --git a/documentation/locale/zh_CN/LC_MESSAGES/sphinx.mo b/documentation/locale/zh_CN/LC_MESSAGES/sphinx.mo
new file mode 100644
index 0000000000..a6de58bff5
Binary files /dev/null and b/documentation/locale/zh_CN/LC_MESSAGES/sphinx.mo differ
diff --git a/documentation/locale/zh_CN/LC_MESSAGES/sphinx.po b/documentation/locale/zh_CN/LC_MESSAGES/sphinx.po
new file mode 100644
index 0000000000..9ff400d038
--- /dev/null
+++ b/documentation/locale/zh_CN/LC_MESSAGES/sphinx.po
@@ -0,0 +1,4671 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) 2011-2024 - GlobaLeaks
+# This file is distributed under the same license as the GlobaLeaks package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2024.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: GlobaLeaks 5.0.15\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2024-10-14 19:43+0200\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language: zh_CN\n"
+"Language-Team: zh_CN <LL@li.org>\n"
+"Plural-Forms: nplurals=1; plural=0;\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Generated-By: Babel 2.16.0\n"
+
+#: ../../developer/ContinuousIntegration.rst:3
+msgid "Continuous integration"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:4
+msgid ""
+"The GlobaLeaks codebase is continuously tested for bug within a complete "
+"continuous integration lifecycle implemented."
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:6
+msgid "Testes are performed at every commit by:"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:8
+msgid ""
+"performing continous integration testing with `GitHub Actions "
+"<https://github.com/globaleaks/globaleaks-whistleblowing-software/actions>`_;"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:9
+msgid ""
+"tracking tests coverage and code quality with `Codacy "
+"<https://app.codacy.com/manual/GlobaLeaks/GlobaLeaks>`_."
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:12
+msgid "Unit tests"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:13
+msgid "Unit tests are implemented by means of python-twisted and trial"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:15
+#: ../../developer/ContinuousIntegration.rst:26
+msgid "Tests can be run manually by issuing:"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:23
+msgid "E2E tests"
+msgstr ""
+
+#: ../../developer/ContinuousIntegration.rst:24
+msgid "End to end tests are implemented by means of Cypress."
+msgstr ""
+
+#: ../../developer/DatabaseSchema.rst:2
+msgid "Database schema"
+msgstr ""
+
+#: ../../developer/Environment.rst:3
+msgid "Development environment"
+msgstr ""
+
+#: ../../developer/Environment.rst:4
+msgid ""
+"This guide describes how to set up an environment in order to contribute "
+"to the development of GlobaLeaks."
+msgstr ""
+
+#: ../../developer/Environment.rst:7 ../../gettingstarted/Requirements.rst:2
+msgid "Requirements"
+msgstr ""
+
+#: ../../developer/Environment.rst:8
+msgid ""
+"The guide assumes you run a Debian based system and that the following "
+"software is installed on your system:"
+msgstr ""
+
+#: ../../developer/Environment.rst:10
+msgid "debhelper"
+msgstr ""
+
+#: ../../developer/Environment.rst:11
+msgid "devscripts"
+msgstr ""
+
+#: ../../developer/Environment.rst:12
+msgid "dh-apparmor"
+msgstr ""
+
+#: ../../developer/Environment.rst:13
+msgid "dh-python"
+msgstr ""
+
+#: ../../developer/Environment.rst:14
+msgid "git"
+msgstr ""
+
+#: ../../developer/Environment.rst:15
+msgid "grunt-cli"
+msgstr ""
+
+#: ../../developer/Environment.rst:16
+msgid "node"
+msgstr ""
+
+#: ../../developer/Environment.rst:17
+msgid "npm"
+msgstr ""
+
+#: ../../developer/Environment.rst:18
+msgid "python3"
+msgstr ""
+
+#: ../../developer/Environment.rst:19
+msgid "python3-dev"
+msgstr ""
+
+#: ../../developer/Environment.rst:20
+msgid "python3-pip"
+msgstr ""
+
+#: ../../developer/Environment.rst:21
+msgid "python3-setuptools"
+msgstr ""
+
+#: ../../developer/Environment.rst:22
+msgid "python3-sphinx"
+msgstr ""
+
+#: ../../developer/Environment.rst:23
+msgid "python3-virtualenv"
+msgstr ""
+
+#: ../../developer/Environment.rst:26 ../../setup/index.rst:2
+msgid "Setup"
+msgstr ""
+
+#: ../../developer/Environment.rst:27
+msgid "The repository could be cloned with:"
+msgstr ""
+
+#: ../../developer/Environment.rst:33
+msgid "Client dependencies could be installed by issuing:"
+msgstr ""
+
+#: ../../developer/Environment.rst:41
+msgid "Backend dependencies could be installed by issuing:"
+msgstr ""
+
+#: ../../developer/Environment.rst:50
+msgid ""
+"This will create for you a python virtualenv in the directory env "
+"containing all the required python dependencies. To leave the virtualenv,"
+" type ``deactivate``."
+msgstr ""
+
+#: ../../developer/Environment.rst:52
+msgid ""
+"Then, anytime you will want to activate the environment to run globaleaks"
+" you will just need to issue the command:"
+msgstr ""
+
+#: ../../developer/Environment.rst:58
+msgid "Setup the client:"
+msgstr ""
+
+#: ../../developer/Environment.rst:66
+msgid "Setup the backend and its dependencies:"
+msgstr ""
+
+#: ../../developer/Environment.rst:76
+msgid "Run"
+msgstr ""
+
+#: ../../developer/Environment.rst:77
+msgid ""
+"To run globaleaks from sources within the development environment you "
+"should issue:"
+msgstr ""
+
+#: ../../developer/Environment.rst:85
+msgid ""
+"GlobaLeaks will start and be reachable at the following address "
+"https://127.0.0.1:8443"
+msgstr ""
+
+#: ../../developer/Environment.rst:88
+msgid "Building the docs"
+msgstr ""
+
+#: ../../developer/Environment.rst:89
+msgid "To build the documentation:"
+msgstr ""
+
+#: ../../developer/Environment.rst:97
+msgid "To edit the docs with hot-reload functionality:"
+msgstr ""
+
+#: ../../developer/Environment.rst:107
+msgid ""
+"Sphinx server will start and be reachable at the following address "
+"http://127.0.0.1:8000 in the web browser."
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:2
+msgid "Release procedure"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:3
+msgid "This is the procedure followed to publish a new GlobaLeaks release."
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:5
+msgid "A release is represented by:"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:7
+msgid "A version bump;"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:8
+msgid "An updated CHANGELOG;"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:9
+msgid "A commit titled \"Bump to version $number\";"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:10
+msgid "A tag commit $version signed by a core developer with their own key;"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:11
+msgid "An updated package on deb.globaleaks.org;"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:12
+msgid "A signed repository."
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:15
+msgid "Release tagging"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:16
+msgid ""
+"To release is tagger by means of the official version bump script by "
+"issuing:"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:23
+msgid "Release packaging"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:24
+msgid "The package is built by means of the official build script by issuing:"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:30
+msgid "This command builds a package for each supported distribution and version."
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:33
+msgid "Package publishing"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:34
+msgid "The package is published on https://deb.globaleaks.org by issuing:"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:41
+msgid "Repository signing"
+msgstr ""
+
+#: ../../developer/ReleaseProcedure.rst:42
+msgid ""
+"The release is then signed by a core developer by using the official "
+"project key via:"
+msgstr ""
+
+#: ../../developer/SoftwareLibraries.rst:2
+msgid "Software libraries"
+msgstr ""
+
+#: ../../developer/SoftwareLibraries.rst:3
+msgid ""
+"The software libraries used by GlobaLeaks are listed in the following "
+"files:"
+msgstr ""
+
+#: ../../developer/SoftwareLibraries.rst:5
+msgid ""
+"Backend: `backend/requirements.txt <https://github.com/globaleaks"
+"/globaleaks-whistleblowing-software/blob/main/backend/requirements/requirements-"
+"bullseye.txt>`_"
+msgstr ""
+
+#: ../../developer/SoftwareLibraries.rst:6
+msgid ""
+"Client: `client/package.json <https://github.com/globaleaks"
+"/globaleaks-whistleblowing-software/blob/main/client/package.json>`_"
+msgstr ""
+
+#: ../../developer/SoftwareLibraries.rst:7
+msgid ""
+"Packaging: `debian/control <https://github.com/globaleaks/whistleblowing-"
+"software/blob/main/debian/controlX/control.bullseye>`_"
+msgstr ""
+
+#: ../../developer/index.rst:2
+msgid "Developer documentation"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:2
+msgid "Features"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:3
+msgid "These are the key features of the software:"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:6
+msgid "User features"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:8
+msgid ""
+"Multi-user system with customizable user roles (whistleblower, recipient,"
+" administrator)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:9
+msgid "Fully manageable via a web administration interface"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:10
+msgid ""
+"Allows whistleblowers to decide if and when to confidentially declare "
+"their identity"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:11
+msgid "Facilitates multimedia file exchanges with whistleblowers"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:12
+msgid "Secure management of file access and visualization"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:13
+msgid "Enables chat with whistleblowers to discuss reports"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:14
+msgid "Provides a unique 16-digit receipt for anonymous whistleblower login"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:15
+msgid "Simple recipient interface for receiving and analyzing reports"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:16
+msgid "Supports report categorization with labels"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:17
+msgid "Includes user search functionality for reports"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:18
+msgid "Supports the creation and assignment of case management statuses"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:19
+msgid "Customizable appearance (logo, color, styles, font, text)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:20
+msgid "Allows defining multiple reporting channels (e.g., by topic, department)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:21
+msgid ""
+"Enables creation and management of multiple whistleblowing sites (e.g., "
+"for subsidiaries or third-party clients)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:22
+msgid "Advanced questionnaire builder"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:23
+msgid "Provides whistleblowing system statistics"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:24
+msgid ""
+"Support for `over 90 languages "
+"<https://www.transifex.com/otf/globaleaks>`_ and Right-to-Left (RTL) "
+"languages"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:27
+msgid "Legal features"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:29
+msgid ""
+"Designed in adherence to `ISO 37002:2021 "
+"<https://www.iso.org/standard/65035.html>`_ and `EU Directive 2019/1937 "
+"<https://eur-lex.europa.eu/legal-"
+"content/en/TXT/?uri=CELEX%3A32019L1937>`_ recommendations for "
+"whistleblowing compliance"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:30
+msgid "Supports bidirectional anonymous communication (comments/messages)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:31
+msgid "Customizable case management workflow (statuses/sub-statuses)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:32
+msgid "Conditional reporting workflow based on whistleblower identity"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:33
+msgid "Manages conflicts of interest in the reporting workflow"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:34
+msgid "Custodian functionality to authorize access to whistleblower identity"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:35
+msgid "GDPR privacy by design and by default"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:36
+msgid "Configurable GDPR data retention policies"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:37
+msgid "GDPR-compliant subscriber module for new SaaS users"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:38
+msgid "No IP address logging"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:39
+msgid "Includes an audit log"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:40
+msgid "Integrates with existing enterprise case management platforms"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:41
+msgid ""
+"Free Software OSI Approved `AGPL 3.0 License "
+"<https://github.com/globaleaks/whistleblowing-"
+"software/blob/main/LICENSE>`_"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:44
+msgid "Security features"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:46
+msgid ""
+"Designed in adherence to `ISO 27001:2022 "
+"<https://www.iso.org/standard/82875.html>`_, `CSA STAR "
+"<https://cloudsecurityalliance.org/star>`_, and `OWASP "
+"<https://owasp.org/>`_ recommendations for security compliance"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:47
+msgid ""
+"Full data encryption for whistleblower reports and recipient "
+"communications"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:48
+msgid ""
+"Supports digital anonymity through `Tor <https://www.torproject.org/>`_ "
+"integration"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:49
+msgid ""
+"Built-in HTTPS support with `TLS 1.3 "
+"<https://tools.ietf.org/html/rfc8446>`_ standard and `SSLabs A+ "
+"<https://www.ssllabs.com/ssltest/analyze.html?d=try.globaleaks.org>`_ "
+"rating"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:50
+msgid ""
+"Automatic enrollment for free digital certificates with `Let’s Encrypt "
+"<https://letsencrypt.org/>`_"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:51
+msgid "Multiple penetration tests with publicly available reports"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:52
+msgid ""
+"Two-Factor Authentication (2FA) compliant with `TOTP RFC 6238 "
+"<https://tools.ietf.org/html/rfc6238>`_"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:53
+msgid "Integrated network sandboxing with iptables"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:54
+msgid "Application sandboxing with `AppArmor <http://wiki.apparmor.net/>`_"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:55
+msgid "Complete protection against automated submissions (spam prevention)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:56
+msgid "Continuous peer review and periodic security audits"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:57
+msgid "PGP support for encrypted email notifications and file downloads"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:58
+msgid "Leaves no traces in browser cache"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:61
+msgid "Technical features"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:63
+msgid ""
+"Designed in adherence to `Directive (EU) 2019/882 <https://eur-"
+"lex.europa.eu/legal-content/IT/TXT/?uri=CELEX%3A32019L0882>`_, `Directive"
+" (EU) 2016/2102 <https://eur-lex.europa.eu/legal-"
+"content/IT/TXT/?uri=CELEX%3A32016L2102>`_, `ETSI EN 301 549 "
+"<https://www.etsi.org/deliver/etsi_en/301500_301599/301549/03.02.01_60/en_301549v030201p.pdf>`_,"
+" `W3C WCAG 2.2 <https://www.w3.org/TR/WCAG22/>`_, and `WAI-ARIA 2.2 "
+"<https://www.w3.org/TR/wai-aria-1.2/>`_ recommendations for accessibility"
+" compliance"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:64
+msgid ""
+"Multi-site support enabling the operation of multiple virtual sites on "
+"the same setup"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:65
+msgid ""
+"Responsive user interfaces created with `Bootstrap "
+"<https://getbootstrap.com/>`_ CSS framework"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:66
+msgid "Automated software quality measurement and continuous integration testing"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:67
+msgid "Long-Term Support (LTS) plan"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:68
+msgid ""
+"Built with lightweight framework technologies (`Angular "
+"<https://angular.dev/>`_ and `Python Twisted <https://twisted.org/>`_)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:69
+msgid "Integrated `SQLite <https://sqlite.org>`_ database"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:70
+msgid ""
+"Automatic setup for `Tor Onion Services Version 3 "
+"<https://www.torproject.org/>`_"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:71
+msgid "Supports self-service signup for whistleblowing SaaS setup"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:72
+msgid ""
+"Compatible with Linux operating systems (`Debian "
+"<https://www.debian.org/>`_ / `Ubuntu <https://ubuntu.com/>`_)"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:73
+msgid "Debian packaging with a repository for updates/upgrades"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:74
+msgid "Fully self-contained application"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:75
+msgid "Easy integration with existing websites"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:76
+msgid ""
+"Built and packaged with `reproducibility "
+"<https://en.wikipedia.org/wiki/Reproducible_builds>`_ in mind"
+msgstr ""
+
+#: ../../gettingstarted/Features.rst:77
+msgid "REST API"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:2
+msgid "Glossary"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:3
+msgid ""
+"This glossary defines jargon used in GlobaLeaks in a clear and consistent"
+" manner."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:5 ../../security/ThreatModel.rst:1
+msgid "Administrator"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:7
+msgid ""
+"The user who has set up and maintains the platform. An Administrator does"
+" not have access to Whistleblowers’ reports."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:8
+msgid "Channel"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:10
+msgid ""
+"A reporting channel used as a container for reports. Channels can be "
+"configured with specific questionnaires, recipients, and policies. They "
+"are typically used to organize the reporting process."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:11 ../../user/admin/UserInterface.rst:19
+#: ../../user/admin/UserInterface.rst:201
+msgid "Notification"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:13
+msgid ""
+"An email sent to inform a recipient of a new report or an update to an "
+"existing report."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:14
+msgid "Platform"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:16
+msgid "A system running the GlobaLeaks software."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:17
+msgid "Questionnaire"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:19
+msgid "A set of questions that the whistleblower must complete to file a report."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:20
+#: ../../security/ApplicationSecurity.rst:32
+msgid "Receipt"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:22
+msgid ""
+"A 16-digit random secret code generated by the system and provided to "
+"whistleblowers upon submission of their report. This code allows them to "
+"anonymously access and update their report by adding comments and new "
+"files."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:23 ../../security/ThreatModel.rst:1
+msgid "Recipient"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:25
+msgid ""
+"A user authorized to read whistleblowers’ reports. Recipients may also "
+"communicate with whistleblowers via the GlobaLeaks platform."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:26 ../../security/PenetrationTests.rst:1
+msgid "Report"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:28
+msgid ""
+"The submission by a whistleblower, including answers to a questionnaire "
+"and any attached material."
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:29 ../../security/ThreatModel.rst:1
+msgid "Whistleblower"
+msgstr ""
+
+#: ../../gettingstarted/Glossary.rst:31
+msgid "The person who files a report."
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:3
+msgid ""
+"Ensure you understand and meet each of the following technical "
+"requirements."
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:6
+msgid "Hardware requirements"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:7
+msgid "**Requirements**:"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:9
+msgid "CPU: Dual-core 2.0GHz (64-bit)"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:10
+msgid "RAM: 1GB"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:11
+msgid "Storage: 20GB"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:12
+msgid "I/O: 10Mbit/s (shared)"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:14
+msgid ""
+"Please note that GlobaLeaks is designed to run on servers with "
+"specifications smaller than those listed above."
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:16
+msgid ""
+"The storage size should be determined based on your data retention "
+"policies and the expected use of the platform."
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:19
+msgid "Software requirements"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:20
+msgid ""
+"GlobaLeaks is designed to run on GNU/Linux and is developed and tested "
+"specifically for Debian-based systems."
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:22
+msgid ""
+"The currently recommended distributions are: Debian 12 (Bookworm) and "
+"Ubuntu 24.04 (Noble)"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:24
+msgid ""
+"The software lifecycle of the platform includes full support for all "
+"Debian and Ubuntu LTS versions starting from `Debian 10 "
+"<https://www.debian.org/releases/buster/>`_ and `Ubuntu 20.04 "
+"<https://releases.ubuntu.com/20.04/>`_."
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:26
+msgid ""
+"Support is guaranteed on these platforms according to the official long-"
+"term support timelines:"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:28
+msgid "`Debian Release End of Life Timeline <https://wiki.debian.org/LTS>`_"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:29
+msgid ""
+"`Ubuntu Release End of Life Timeline <https://www.ubuntu.com/info"
+"/release-end-of-life>`_"
+msgstr ""
+
+#: ../../gettingstarted/Requirements.rst:31
+msgid ""
+"Currently, we do not plan to support additional distributions, as "
+"GlobaLeaks adheres to the Unix philosophy of making each program excel in"
+" a specific area. By focusing our efforts on mastering one domain, we aim"
+" to serve our community most effectively. If you are interested in "
+"helping us extend support to additional distributions, please get in "
+"touch."
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:2
+msgid "Supported browsers"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:4
+msgid ""
+"GlobaLeaks is designed to fully support commonly used browsers on desktop"
+" PCs, laptops, tablets, and smartphones."
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:6
+msgid ""
+"We recommend using the `Tor Browser <https://www.torproject.org/>`_ for "
+"enhanced anonymity and additional privacy and security features not "
+"available in other browsers."
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:8
+msgid "Other supported browsers include:"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Browser"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Version"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Mozilla Firefox"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid ">= 38"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Google Chrome"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid ">= 45"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Brave"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid ">= 1.20.110"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Edge"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "any"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Safari"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid ">= 8"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "iOS"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid ">= 9"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid "Android"
+msgstr ""
+
+#: ../../gettingstarted/SupportedBrowsers.rst:1
+msgid ">= 4.4"
+msgstr ""
+
+#: ../../gettingstarted/index.rst:2
+msgid "Getting started"
+msgstr ""
+
+#: ../../index.rst:2
+msgid "Documentation"
+msgstr "文档"
+
+#: ../../index.rst:4
+msgid ""
+"`GlobaLeaks <https://www.globaleaks.org/>`_ is an open-source, free "
+"software intended to enable anyone to easily set up and maintain a secure"
+" whistleblowing platform."
+msgstr ""
+
+#: ../../index.rst:7
+msgid ""
+"This documentation is thank to the support of our community. Join us and "
+"contribute with your additions and suggestion. In any of the page you "
+"find a link that enables you to provide suggestions and corrections. We "
+"remind you that in case of any software issue or bug you may always "
+"report on the `ticketing system <https://github.com/globaleaks"
+"/globaleaks-whistleblowing-software/issues>`_."
+msgstr ""
+
+#: ../../roadmap/index.rst:2
+msgid "Project roadmap"
+msgstr ""
+
+#: ../../roadmap/index.rst:5
+msgid ""
+"This tentative roadmap is built by the GlobaLeaks team in order to try to"
+" respond to main users' needs. Please get sure that the needs of your "
+"projects and users are well represented on the project `Ticketing System "
+"<https://github.com/globaleaks/globaleaks-whistleblowing-software/issues>`_. If your"
+" organization could fund the development of parts of this roadmap please "
+"write us at info@globaleaks.org"
+msgstr ""
+
+#: ../../roadmap/index.rst:8
+msgid "Introduction"
+msgstr ""
+
+#: ../../roadmap/index.rst:9
+msgid ""
+"`GlobaLeaks <https://www.globaleaks.org>`_ is free, open source software "
+"enabling anyone to easily set up and maintain a secure whistleblowing "
+"platform."
+msgstr ""
+
+#: ../../roadmap/index.rst:11
+msgid ""
+"Started in 2011, the software is now widely used worldwide by more than "
+"3000 organizations working in the fields of anti-corruption activism, "
+"human rights violations reporting, investigative journalism, and "
+"corporate compliance."
+msgstr ""
+
+#: ../../roadmap/index.rst:13
+msgid ""
+"This document details the main areas of research development and "
+"represents the actual tentative readmap of consolidation planned for "
+"2024-2026 based on the analysis of the large set of user needs collected "
+"within the official `Ticketing System <https://github.com/globaleaks"
+"/globaleaks-whistleblowing-software/issues>`_."
+msgstr ""
+
+#: ../../roadmap/index.rst:16
+msgid "Development areas"
+msgstr ""
+
+#: ../../roadmap/index.rst:19
+msgid "Statistics and Reporting"
+msgstr ""
+
+#: ../../roadmap/index.rst:20
+msgid ""
+"GlobaLeaks still misses the implementation for any generation of "
+"statistics and reports. Such features are considered fundamental in order"
+" to properly support users in analysis, investigation and reporting."
+msgstr ""
+
+#: ../../roadmap/index.rst:22
+msgid "E.g:"
+msgstr ""
+
+#: ../../roadmap/index.rst:24
+msgid ""
+"Recipients should be able to visually see statistics about the received "
+"reports received and the data contained; these statistics should empower "
+"users in their work providing relevant information out of the data "
+"collection that could help users analyze and study social problems like "
+"corruption and be able to organize and export automatic reporting;"
+msgstr ""
+
+#: ../../roadmap/index.rst:25
+msgid ""
+"Administrators should be able to visually see a dashboard in order to "
+"monitor the system and assure that all is working well (e.g. that "
+"recipients are receiving submissions and are able to access them and that"
+" no attacks are performed on the system)."
+msgstr ""
+
+#: ../../roadmap/index.rst:27 ../../roadmap/index.rst:42
+msgid "Ideas:"
+msgstr ""
+
+#: ../../roadmap/index.rst:29
+msgid ""
+"A client library could be adopted to generate reports directly on the "
+"client (e.g. Chart.js)"
+msgstr ""
+
+#: ../../roadmap/index.rst:30
+msgid ""
+"The implementation should support the possibility of exporting the report"
+" in PDF; in relation to this aspect it should be considered the "
+"advantages of a possible backend implementation."
+msgstr ""
+
+#: ../../roadmap/index.rst:32 ../../roadmap/index.rst:47
+#: ../../roadmap/index.rst:58 ../../roadmap/index.rst:71
+#: ../../roadmap/index.rst:84
+msgid "Reference tickets:"
+msgstr ""
+
+#: ../../roadmap/index.rst:34
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/1959"
+msgstr ""
+
+#: ../../roadmap/index.rst:35
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2254"
+msgstr ""
+
+#: ../../roadmap/index.rst:39
+msgid "Audit Log"
+msgstr ""
+
+#: ../../roadmap/index.rst:40
+msgid ""
+"GlobaLeaks still misses the implementation of a complete audit logit. "
+"This is considered a fundamental feature in order to achieve full "
+"accontability of the whistleblowing process and increase security."
+msgstr ""
+
+#: ../../roadmap/index.rst:44
+msgid "Software audit log should be improved"
+msgstr ""
+
+#: ../../roadmap/index.rst:45
+msgid ""
+"The software could exposes a standard log interfaces in CEF/LEEF/Syslog "
+"format to foster integration with third party SIEM software."
+msgstr ""
+
+#: ../../roadmap/index.rst:49
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2579"
+msgstr ""
+
+#: ../../roadmap/index.rst:50
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2580"
+msgstr ""
+
+#: ../../roadmap/index.rst:51
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2651"
+msgstr ""
+
+#: ../../roadmap/index.rst:54
+msgid "GDPR compliance"
+msgstr ""
+
+#: ../../roadmap/index.rst:55
+msgid ""
+"GlobaLeaks implements by-design many best practices in matters of privacy"
+" and security. In order to be effectively accepted and competitive beside"
+" commercial proprietary solutions and to guarantee the sustainability of "
+"the project, the software needs to achieve some market “standards” (e.g. "
+"GDPR compliance / ISO certifications / etc.); among all we selected that "
+"GDPR compliance is a first step where the software could implement best "
+"practices (e.g. procedures for self signup should present appropriate "
+"legal notices, terms of services, and contractualization). Within the "
+"software, there should be implemented an automatic contract generation "
+"via PDF or other suitable formats in respect with the GDPR requirements."
+msgstr ""
+
+#: ../../roadmap/index.rst:60
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2145"
+msgstr ""
+
+#: ../../roadmap/index.rst:61
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2658"
+msgstr ""
+
+#: ../../roadmap/index.rst:62
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2866"
+msgstr ""
+
+#: ../../roadmap/index.rst:63
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2767"
+msgstr ""
+
+#: ../../roadmap/index.rst:64
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/3011"
+msgstr ""
+
+#: ../../roadmap/index.rst:65
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/3012"
+msgstr ""
+
+#: ../../roadmap/index.rst:68
+msgid "Backup and Restore"
+msgstr ""
+
+#: ../../roadmap/index.rst:69
+msgid ""
+"GlobaLeaks currently misses any feature for performing backup and "
+"restoring of its setup. These duties are currently performed by its users"
+" following typical best manual practices (e.g. archiving the data "
+"directory of the application). This project idea is to research the best "
+"practices to be applied in this context and to identify suitable "
+"strategies for implementing periodic, secure and encrypted backups to be "
+"restored upon necessity."
+msgstr ""
+
+#: ../../roadmap/index.rst:73
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/528"
+msgstr ""
+
+#: ../../roadmap/index.rst:74
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2149"
+msgstr ""
+
+#: ../../roadmap/index.rst:77
+msgid "Multitenancy"
+msgstr ""
+
+#: ../../roadmap/index.rst:79
+msgid "Import and Export of Tenants"
+msgstr ""
+
+#: ../../roadmap/index.rst:80
+msgid ""
+"Part of the software is a recent feature of Multitenancy, first "
+"implemented in 2018 and stabilized during 2019. Through this feature, "
+"GlobaLeaks makes it possible to create multiple setups of itself via "
+"virtual sites (similarly to Wordpress multisite feature). In order to "
+"make it more easy for an administrator to migrate a platform form a "
+"system to an other or to enable users to require data portability from a "
+"globaleaks provider to an other, for example in relation to GDPR it has "
+"been evaluated necessary to improve the multi tenancy implementation by "
+"implementing support for import-export of tenants. In the context of a "
+"whistleblowing application, involving encryption and logging this poses "
+"important challenges on how to best handle this process."
+msgstr ""
+
+#: ../../roadmap/index.rst:86
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2632"
+msgstr ""
+
+#: ../../roadmap/index.rst:87
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2631"
+msgstr ""
+
+#: ../../roadmap/index.rst:90
+msgid "Multisite users"
+msgstr ""
+
+#: ../../roadmap/index.rst:91
+msgid "(To be further researched)"
+msgstr ""
+
+#: ../../roadmap/index.rst:93
+msgid ""
+"Important requirement at the base of the Multitenancy expansion is the "
+"possibility to enable users to be administrators and recipients of two or"
+" multiple instances running on the same multi-site setup. This is useful "
+"for example when a lawyer takes part as a recipient on multiple projects;"
+" as well it is useful when an ICT consultant joins consultancy on "
+"multiple projects."
+msgstr ""
+
+#: ../../roadmap/index.rst:96
+msgid ""
+"This could significatively simplify user access enabling the user to have"
+" a single set of username and password and associated keys."
+msgstr ""
+
+#: ../../roadmap/index.rst:98
+msgid "References tickets:"
+msgstr ""
+
+#: ../../roadmap/index.rst:100
+msgid "https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2302"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:3
+msgid "Application security"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:4
+msgid ""
+"The GlobaLeaks software aims to adhere to industry-standard best "
+"practices, with its security being the result of applied research."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:6
+msgid ""
+"This document details every aspect implemented by the application in "
+"relation to security design."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:9
+msgid "Architecture"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:10
+msgid "The software comprises two main components: a `Backend` and a `Client`:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:12
+msgid ""
+"The Backend is a Python-based server that runs on a physical server and "
+"exposes a `REST API "
+"<https://en.wikipedia.org/wiki/Representational_state_transfer>`_."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:13
+msgid ""
+"The Client is a JavaScript client-side web application that interacts "
+"with the Backend only through `XHR "
+"<https://en.wikipedia.org/wiki/XMLHttpRequest>`_."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:16
+msgid "Anonymity"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:17
+msgid ""
+"Users' anonymity is protected by means of `Tor "
+"<https://www.torproject.org>`_ technology."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:19
+msgid ""
+"The application is designed to avoid logging sensitive metadata that "
+"could lead to the identification of whistleblowers."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:22
+msgid "Authentication"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:23
+msgid ""
+"The confidentiality of authentication is protected either by `Tor Onion "
+"Services v3 <https://www.torproject.org/docs/onion-services.html.en>`_ or"
+" `TLS version 1.2+ "
+"<https://en.wikipedia.org/wiki/Transport_Layer_Security>`_."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:25
+msgid ""
+"This section describes the authentication methods implemented by the "
+"system."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:28
+msgid "Password"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:29
+msgid ""
+"By accessing the login web interface, `Administrators` and `Recipients` "
+"need to enter their respective `Username` and `Password`. If the "
+"submitted password is valid, the system grants access to the "
+"functionality available to that user."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:33
+msgid ""
+"`Whistleblowers` access their `Reports` using an anonymous `Receipt`, "
+"which is a randomly generated 16-digit sequence created by the Backend "
+"when the Report is first submitted. This format resembles a standard "
+"phone number, making it easier for whistleblowers to conceal their "
+"receipts."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:36
+msgid "Password security"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:37
+msgid "The system implements the following password security measures:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:40
+msgid "Password storage"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:41
+msgid ""
+"Passwords are never stored in plaintext; instead, the system maintains "
+"only a hashed version. This applies to all authentication secrets, "
+"including whistleblower receipts."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:43
+msgid ""
+"The platform stores users’ passwords hashed with a random 128-bit salt, "
+"unique for each user."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:45
+msgid ""
+"Passwords are hashed using `Argon2 "
+"<https://en.wikipedia.org/wiki/Argon2>`_, a key derivation function "
+"selected as the winner of the `Password Hashing Competition "
+"<https://en.wikipedia.org/wiki/Password_Hashing_Competition>`_ in July "
+"2015."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:47
+msgid ""
+"The hash involves a per-user salt for each user and a per-system salt for"
+" whistleblowers."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:50
+msgid "Password complexity"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:51
+msgid ""
+"The system enforces complex passwords by implementing a custom algorithm "
+"necessary to ensure reasonable entropy for each authentication secret."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:53
+msgid ""
+"Passwords are scored at three levels: `Strong`, `Acceptable`, and "
+"`Insecure`."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:55
+msgid ""
+"Strong: A strong password should include capital letters, lowercase "
+"letters, numbers, and symbols, be at least 12 characters long, and "
+"contain a variety of at least 10 different characters."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:56
+msgid ""
+"Acceptable: An acceptable password should include at least 3 different "
+"types of characters from capital letters, lowercase letters, numbers, and"
+" symbols, be at least 10 characters long, and contain a variety of at "
+"least 7 different characters."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:57
+msgid ""
+"Insecure: Passwords ranked below the strong or acceptable levels are "
+"marked as insecure and are not accepted by the system."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:59
+msgid ""
+"We encourage each end user to use `KeePassXC <https://keepassxc.org>`_ to"
+" generate and retain strong, unique passphrases."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:62
+msgid "Two-factor authentication"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:63
+msgid ""
+"The system implements Two-Factor Authentication (2FA) based on `TOTP` "
+"using the `RFC 6238 <https://tools.ietf.org/rfc/rfc6238.txt>`_ algorithm "
+"and 160-bit secrets."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:65
+msgid ""
+"Users can enroll in 2FA via their own preferences, and administrators can"
+" optionally enforce this requirement."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:67
+msgid ""
+"We recommend using `FreeOTP <https://freeotp.github.io/>`_, available "
+"`for Android "
+"<https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp>`_"
+" and `for iOS <https://apps.apple.com/us/app/freeotp-"
+"authenticator/id872559395>`_."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:70
+msgid "Slowdown on failed login attempts"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:71
+msgid ""
+"The system identifies multiple failed login attempts and implements a "
+"slowdown procedure, requiring an authenticating client to wait up to 42 "
+"seconds to complete an authentication."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:73
+msgid ""
+"This feature is intended to slow down potential attacks, requiring more "
+"resources in terms of time, computation, and memory."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:76
+msgid "Password change on first login"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:77
+msgid "The system enforces users to change their password at their first login."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:79
+msgid ""
+"Administrators can also enforce a password change for users at their next"
+" login."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:82
+msgid "Periodic password change"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:83
+msgid ""
+"By default, the system enforces users to change their password at least "
+"every year."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:85
+msgid "This period is configurable by administrators."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:88
+msgid "Password recovery"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:89
+msgid ""
+"In case of a lost password, users can request a password reset via the "
+"web login interface by clicking on a `Forgot password?` button present on"
+" the login page."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:91
+msgid ""
+"When this button is clicked, users are invited to enter their username or"
+" email. If the provided username or email corresponds to an existing "
+"user, the system will send a reset link to the configured email."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:93
+msgid ""
+"By clicking the link received by email, the user is then invited to set a"
+" new password different from the previous one."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:95
+msgid ""
+"If encryption is enabled on the system, a user clicking on the reset link"
+" must first enter their `Account Recovery Key`. Only after correct entry "
+"will the user be able to set a new password."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:98
+msgid "Web application security"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:99
+msgid ""
+"This section describes the Web Application Security implemented by the "
+"software in adherence to the `OWASP Security Guidelines "
+"<https://www.owasp.org>`_."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:102
+msgid "Session management"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:103
+msgid ""
+"The session implementation follows the `OWASP Session Management Cheat "
+"Sheet "
+"<https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html>`_"
+" security guidelines."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:105
+msgid ""
+"The system assigns a session to each authenticated user. The Session ID "
+"is a 256-bit long secret generated randomly by the backend. Each session "
+"expires according to a timeout of 30 minutes. Session IDs are exchanged "
+"between the client and the backend via a header (`X-Session`) and expire "
+"as soon as users close their browser or the tab running GlobaLeaks. Users"
+" can explicitly log out via a logout button or implicitly by closing the "
+"browser."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:108
+msgid "Session encryption"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:109
+msgid ""
+"To minimize the exposure of users' encryption keys, the keys are stored "
+"in an encrypted format and decrypted only upon each client request."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:111
+msgid ""
+"The implementation uses Libsodium's SecretBox, where the client's session"
+" key is used as the secret. Only the client maintains a copy of the "
+"session key, while the server retains only a SHA-256 hash."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:114
+msgid "Cookies and xsrf prevention"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:115
+msgid ""
+"Cookies are not used intentionally to minimize XSRF attacks and any "
+"possible attacks based on them. Instead of using cookies, authentication "
+"is based on a custom HTTP Session Header sent by the client on "
+"authenticated requests."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:118
+msgid "HTTP headers"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:119
+#, python-format
+msgid ""
+"The system implements a large set of HTTP headers specifically configured"
+" to improve software security and achieves a `score A+ by Security "
+"Headers "
+"<https://securityheaders.com/?q=https%3A%2F%2Ftry.globaleaks.org&followRedirects=on>`_"
+" and a `score A+ by Mozilla Observatory "
+"<https://observatory.mozilla.org/analyze/try.globaleaks.org>`_."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:122
+msgid "Strict-Transport-Security"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:123
+msgid "The system implements strict transport security by default. ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:128
+msgid "The default configuration of the application sees this feature disabled."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:131
+msgid "Content-Security-Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:132
+msgid ""
+"The backend implements a strict `Content Security Policy (CSP) "
+"<https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP>`_ preventing any "
+"interaction with third-party resources and restricting the execution of "
+"untrusted user input: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:137
+msgid ""
+"Specific policies are implemented in adherence to the principle of least "
+"privilege."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:139
+msgid "For example:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:141
+msgid ""
+"The `index.html` source of the app is the only resource allowed to load "
+"scripts from the same origin;"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:142
+msgid "Every dynamic content is strictly sandboxed on a null origin;"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:143
+msgid ""
+"Every untrusted user input or third-party library is executed in a "
+"sandbox, limiting its interaction with other application components."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:146
+msgid "Cross-Origin-Embedder-Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:147
+msgid ""
+"The backend implements the following `Cross-Origin-Embedder-Policy (COEP)"
+" <https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-"
+"Embedder-Policy>`_: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:153
+msgid "Cross-Origin-Opener-Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:154
+msgid ""
+"The backend implements the following `Cross-Origin-Opener-Policy (COOP) "
+"<https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-"
+"Opener-Policy>`_: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:160
+msgid "Cross-Origin-Resource-Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:161
+msgid ""
+"The backend implements the following `Cross-Origin-Resource-Policy (CORP)"
+" <https://developer.mozilla.org/en-US/docs/Web/HTTP/Cross-"
+"Origin_Resource_Policy>`_: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:167
+msgid "Permissions-Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:168
+msgid ""
+"The backend implements the following Permissions-Policy header "
+"configuration to limit the possible de-anonymization of the user by "
+"disabling dangerous browser features: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:174
+msgid "X-Frame-Options"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:175
+msgid ""
+"In addition to implementing Content Security Policy level 3 to prevent "
+"the application from being included in an iframe, the backend also "
+"implements the outdated X-Frame-Options header to ensure that iframes are"
+" always prevented in any circumstance, including on outdated browsers: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:181
+msgid "Referrer-Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:182
+msgid ""
+"Web browsers usually attach referrers in their HTTP headers as they "
+"browse links. The platform enforces a referrer policy to avoid this "
+"behavior. ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:188
+msgid "X-Content-Type-Options"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:189
+msgid ""
+"To avoid automatic MIME type detection by the browser when setting the "
+"Content-Type for specific output, the following header is used: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:195
+msgid "Cache-Control"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:196
+msgid ""
+"To prevent or limit forensic traces left on devices used by "
+"whistleblowers and in devices involved in communication with the "
+"platform, as specified in section ``3. Storing Responses in Caches`` of "
+"`RFC 7234 <https://tools.ietf.org/html/rfc7234>`__, the platform uses the"
+" ``Cache-Control`` HTTP header with the configuration ``no-store`` to "
+"instruct clients and possible network proxies to disable any form of data"
+" caching. ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:202
+msgid "Crawlers Policy"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:203
+msgid ""
+"For security reasons, the backend instructs crawlers to avoid caching and"
+" indexing of the application and uses the ``robots.txt`` file to allow "
+"crawling only of the home page. Indexing the home page is considered best"
+" practice to promote the platform's existence and facilitate access for "
+"potential whistleblowers."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:205
+msgid "The implemented configuration is as follows: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:212
+msgid ""
+"The platform also instructs crawlers to avoid caching by injecting the "
+"following HTTP header: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:217
+msgid ""
+"For highly sensitive projects where the platform is intended to remain "
+"``hidden`` and communicated to potential whistleblowers directly, it can "
+"be configured to disable indexing completely."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:219
+msgid "In such cases, the following HTTP header is used: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:225
+msgid "Anchor tags and external urls"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:226
+msgid ""
+"The client opens external URLs in a new tab, independent of the "
+"application context, by setting ``rel='noreferrer'`` and "
+"``target='_blank'``` on every anchor tag. ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:232
+msgid "Input validation"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:233
+msgid ""
+"The application implements strict input validation both on the backend "
+"and on the client."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:236
+msgid "On the backend"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:237
+msgid ""
+"Each client request is strictly validated by the backend against a set of"
+" regular expressions, and only requests matching the expressions are "
+"processed."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:239
+msgid ""
+"Additionally, a set of rules is applied to each request type to limit "
+"potential attacks. For example, any request is limited to a payload of "
+"1MB."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:242
+msgid "On the client"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:243
+msgid ""
+"Each server output is strictly validated by the client at rendering time "
+"using the Angular component `ngSanitize.$sanitize "
+"<http://docs.angularjs.org/api/ngSanitize.$sanitize>`__."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:246
+msgid "Form autocomplete off"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:247
+msgid ""
+"Forms implemented by the platform use the HTML5 form attribute to "
+"instruct the browser not to cache user data for form prediction and "
+"autocomplete on subsequent submissions."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:249
+msgid ""
+"This is achieved by setting `autocomplete=\"off\" "
+"<https://www.w3.org/TR/html5/forms.html=autofilling-form-controls:-the-"
+"autocomplete-attribute>`__ on the relevant forms or attributes."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:252
+msgid "Network security"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:254
+msgid "Connection anonymity"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:255
+msgid ""
+"User anonymity is provided through the implementation of `Tor "
+"<https://www.torproject.org/>`__ technology. The application implements "
+"an ``Onion Service v3`` and advises users to use the Tor Browser when "
+"accessing it."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:258
+msgid "Connection encryption"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:259
+msgid ""
+"User connections are always encrypted, either through the `Tor Protocol "
+"<https://www.torproject.org>`__ when using the Tor Browser or via `TLS "
+"<https://en.wikipedia.org/wiki/Transport_Layer_Security>`__ when accessed"
+" through a common browser."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:261
+msgid ""
+"Using ``Tor`` is recommended over HTTPS due to its advanced resistance to"
+" selective interception and censorship, making it difficult for a third "
+"party to capture or block access to the site for specific whistleblowers "
+"or departments."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:263
+msgid ""
+"The software also facilitates easy setup of ``HTTPS``, offering both "
+"automatic setup via `Let's Encrypt <https://letsencrypt.org/>`__ and "
+"manual configuration."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:265
+msgid ""
+"TLS certificates are generated using `NIST Curve P-384 "
+"<https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf>`__."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:267
+msgid ""
+"The configuration enables only ``TLS1.2+`` and is fine-tuned and hardened"
+" to achieve `SSLLabs grade A+ "
+"<https://www.ssllabs.com/ssltest/analyze.html?d=try.globaleaks.org>`__."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:269
+msgid "In particular, only the following ciphers are enabled: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:283
+msgid "Network sandboxing"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:284
+msgid ""
+"The GlobaLeaks backend integrates `iptables "
+"<https://www.netfilter.org/>`__ by default and implements strict firewall"
+" rules that restrict incoming network connections to HTTP and HTTPS on "
+"ports 80 and 443."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:286
+msgid ""
+"Additionally, the application allows anonymizing outgoing connections, "
+"which can be configured to route through Tor."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:289
+msgid "Data encryption"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:290
+msgid ""
+"Submission data, file attachments, messages, and metadata exchanged "
+"between whistleblowers and recipients are encrypted using the GlobaLeaks "
+":doc:`EncryptionProtocol`."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:292
+msgid ""
+"GlobaLeaks also incorporates various other encryption components. The "
+"main libraries and their uses are:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:294
+msgid ""
+"`Python-NaCL <https://github.com/pyca/pynacl>`__: used for implementing "
+"data encryption"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:295
+msgid ""
+"`PyOpenSSL <https://github.com/pyca/pyopenssl>`__: used for implementing "
+"HTTPS"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:296
+msgid ""
+"`Python-Cryptography <https://cryptography.io>`__: used for implementing "
+"authentication"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:297
+msgid ""
+"`Python-GnuPG <http://pythonhosted.org/python-gnupg/index.html>`__: used "
+"for encrypting email notifications and file downloads via ```PGP```"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:300
+msgid "Application sandboxing"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:301
+msgid ""
+"The GlobaLeaks backend integrates `AppArmor <https://apparmor.net/>`__ by"
+" default and implements a strict sandboxing profile, allowing the "
+"application to access only the strictly required files. Additionally, the"
+" application runs under a dedicated user and group \"globaleaks\" with "
+"reduced privileges."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:304
+msgid "Database security"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:305
+msgid ""
+"The GlobaLeaks backend uses a hardened local SQLite database accessed via"
+" SQLAlchemy ORM."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:307
+msgid ""
+"This design choice ensures the application can fully control its "
+"configuration while implementing extensive security measures in adherence"
+" to the `security recommendations by SQLite "
+"<https://sqlite.org/security.html>`__."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:310
+msgid "Secure deletion"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:311
+msgid ""
+"The GlobaLeaks backend enables SQLite’s secure deletion capability, which"
+" automatically overwrites the database data upon each delete query: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:317
+msgid "Auto vacuum"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:318
+msgid ""
+"The platform enables SQLite’s auto vacuum capability for automatic "
+"cleanup of deleted entries and recall of unused pages: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:324
+msgid "Limited database trust"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:325
+msgid ""
+"The GlobaLeaks backend uses the SQLite `trusted_schema "
+"<https://www.sqlite.org/src/doc/latest/doc/trusted-schema.md>`__ pragma "
+"to limit trust in the database, mitigating risks of malicious corruption."
+" ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:331
+msgid "Limited database functionalities"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:332
+msgid ""
+"The GlobaLeaks backend restricts SQLite functionalities to only those "
+"necessary for running the application, reducing the potential for "
+"exploitation in case of SQL injection attacks."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:334
+msgid ""
+"This is implemented using the ```conn.set_authorizer``` API and a strict "
+"authorizer callback that authorizes only a limited set of SQL "
+"instructions: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:345
+msgid "DoS resiliency"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:346
+msgid ""
+"To mitigate denial of service attacks, GlobaLeaks applies the following "
+"measures:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:348
+msgid ""
+"Implements a proof-of-work (hashcash) on each unauthenticated request to "
+"limit automation."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:349
+msgid "Applies rate limiting on authenticated sessions."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:350
+msgid ""
+"Limits the possibility of triggering CPU-intensive routines by external "
+"users (e.g., limits on query and job execution times)."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:351
+msgid ""
+"Monitors activity to detect and respond to attacks, implementing "
+"proactive security measures to prevent DoS (e.g., slowing down fast "
+"operations)."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:354
+msgid "Proof of work on users' sessions"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:355
+msgid ""
+"The system implements an automatic `Proof of Work "
+"<https://en.wikipedia.org/wiki/Proof_of_work>`__ based on the hashcash "
+"algorithm for every user session, requiring clients to request a token "
+"and continuously solve a computational problem to acquire and renew the "
+"session."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:358
+msgid "Rate limit on users' sessions"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:359
+msgid ""
+"The system implements rate limiting on user sessions, preventing more "
+"than 5 requests per second and applying increasing delays on requests "
+"that exceed this threshold."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:362
+msgid "Rate limit on whistleblowers' reports and attachments"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:363
+msgid ""
+"The system applies rate limiting on whistleblower reports and "
+"attachments, preventing new submissions and file uploads if thresholds "
+"are exceeded."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:365
+msgid "Implemented thresholds are:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "Threshold Variable"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+#: ../../security/PenetrationTests.rst:1
+msgid "Goal"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "Default Threshold Setting"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "threshold_reports_per_hour"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "Limit the number of reports that can be filed per hour"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "20"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "threshold_reports_per_hour_per_ip"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid ""
+"Limit the number of reports that can be filed per hour by the same IP "
+"address"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "5"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "threshold_attachments_per_hour_per_ip"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid ""
+"Limit the number of attachments that can be uploaded per hour by the same"
+" IP address"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "120"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "threshold_attachments_per_hour_per_report"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "Limit the number of attachments that can be uploaded per hour on a report"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:1
+msgid "30"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:375
+msgid ""
+"In case of necessity, threshold configurations can be adjusted using the "
+"`gl-admin` command as follows: ::"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:381
+msgid "Other measures"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:383
+msgid "Browser history and forensic traces"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:384
+msgid ""
+"The entire application is designed to minimize or reduce the forensic "
+"traces left by whistleblowers on their devices while filing reports."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:386
+msgid ""
+"When accessed via the Tor Browser, the browser ensures that no persistent"
+" traces are left on the user's device."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:388
+msgid ""
+"To prevent or limit forensic traces in the browser history of users "
+"accessing the platform via a common browser, the application avoids "
+"changing the URI during whistleblower navigation. This prevents the "
+"browser from logging user activities and offers high plausible "
+"deniability, making the whistleblower appear as a simple visitor to the "
+"homepage and avoiding evidence of any submission."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:391
+msgid "Secure file management"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:393
+msgid "Secure file download"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:394
+msgid ""
+"Any attachment uploaded by anonymous whistleblowers might contain "
+"malware, either intentionally or not. It is highly recommended, if "
+"possible, to download files and access them on an air-gapped machine "
+"disconnected from the network and other sensitive devices. To facilitate "
+"safe file downloads and transfers using a USB stick, the application "
+"provides the option to export reports, enabling the download of a ZIP "
+"archive containing all report content. This reduces the risk of executing"
+" files during the transfer process."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:397
+msgid "Safe file opening"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:398
+msgid ""
+"For scenarios where the whistleblower's trustworthiness has been "
+"validated or in projects with a low-risk threat model, the application "
+"offers an integrated file viewer. This viewer, leveraging modern browser "
+"sandboxing capabilities, allows the safe opening of a limited set of file"
+" types considered more secure than accessing files directly through the "
+"operating system. This feature is disabled by default. Administrators "
+"should enable it only after thorough evaluation and ensure that "
+"recipients' browsers are kept up-to-date."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:400
+msgid "The supported file formats are:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:402
+msgid "AUDIO"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:403
+msgid "CSV"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:404
+msgid "IMAGE"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:405
+msgid "PDF"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:406
+msgid "VIDEO"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:407
+msgid "TXT"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:409
+#: ../../security/ApplicationSecurity.rst:419
+msgid "The default configuration has this feature disabled."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:412
+msgid "PGP encryption"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:413
+msgid "The system offers an optional PGP encryption feature."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:415
+msgid ""
+"When enabled, users can activate a personal PGP key that will be used by "
+"the system to encrypt email notifications and files on-the-fly."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:417
+msgid ""
+"This feature is recommended for high-risk threat models, especially when "
+"used in conjunction with air-gapped systems for report visualization."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:422
+msgid "Encryption of temporary files"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:423
+msgid ""
+"Files uploaded and temporarily stored on disk during the upload process "
+"are encrypted with a temporary, symmetric AES key to prevent any "
+"unencrypted data from being written to disk. Encryption is performed in "
+"streaming mode using `AES 128-bit` in `CTR mode`. Key files are stored in"
+" memory and are unique for each file being uploaded."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:426
+msgid "Secure file delete"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:427
+msgid ""
+"Every file deleted by the application is overwritten before the file "
+"space is released on disk."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:429
+msgid ""
+"The overwrite routine is executed by a periodic scheduler and follows "
+"these steps:"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:431
+msgid "A first overwrite writes 0 across the entire file;"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:432
+msgid "A second overwrite writes 1 across the entire file;"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:433
+msgid "A third overwrite writes random bytes across the entire file."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:436
+msgid "Exception logging and redaction"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:437
+msgid ""
+"To quickly diagnose potential software issues when client exceptions "
+"occur, they are automatically reported to the backend. The backend "
+"temporarily caches these exceptions and sends them to the backend "
+"administrator via email."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:439
+msgid ""
+"To prevent inadvertent information leaks, logs are processed through "
+"filters that redact email addresses and UUIDs."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:442
+msgid "Entropy sources"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:443
+msgid "The primary source of entropy for the platform is `/dev/urandom`."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:446
+msgid "UUIDv4 randomness"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:447
+msgid ""
+"System resources like submissions and files are identified by UUIDv4 to "
+"make them unguessable by external users and limit potential attacks."
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:450
+msgid "TLS for smtp notification"
+msgstr ""
+
+#: ../../security/ApplicationSecurity.rst:451
+msgid ""
+"All notifications are sent through an SMTP channel encrypted with TLS, "
+"using either SMTP/TLS or SMTPS, depending on the configuration."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:2
+msgid "Encryption protocol"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:3
+msgid ""
+"GlobaLeaks implements an encryption protocol specifically designed for "
+"anonymous whistleblowing applications."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:5
+msgid ""
+"The protocol has been developed and validated in collaboration with the "
+"`Open Technology Fund <https://www.opentech.fund/results/supported-"
+"projects/globaleaks/>`_ and represents a trade-off between security and "
+"usability. It is designed to be user-friendly for whistleblowers while "
+"providing reasonable protection against attackers attempting to breach "
+"the backend and perform brute-force decryption."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:7
+msgid ""
+"Encryption is applied to each submission, protecting answers to "
+"questionnaires, comments, attachments, and associated metadata. The "
+"encryption keys are assigned per user and per report, ensuring that only "
+"whistleblowers and their intended recipients can access the reports. This"
+" means that if users forget their passwords, they will lose access to the"
+" data in their accounts."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:9
+msgid ""
+"To enable users to recover their accounts in case they forget their "
+"passwords, the system includes a `Key Recovery`_ mechanism and provides "
+"each user with an Account Recovery Key. This measure ensures that users "
+"with their own Account Recovery Key can always restore access to their "
+"account and the data it contains."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:11
+msgid ""
+"To prevent data loss in case users lose both their password and their "
+"account recovery key, the system can be configured to use a `Key Escrow`_"
+" mechanism. This delegates the responsibility of supporting users in "
+"recovering access to their accounts to administrators. This capability "
+"enhances the project's resilience against data loss due to users' death "
+"or conflicts of interest within the recipient team. However, it also "
+"means that administrators with access to escrow keys could potentially "
+"access other users' accounts and data. Project owners should carefully "
+"decide whether to enable this feature based on the project's threat model"
+" and document their decision in the project's privacy policies."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:14
+msgid "Encryption's workflow"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:15
+msgid ""
+"Users choose a secure personal password during their first login using an"
+" account activation link."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:16
+msgid ""
+"The system creates a personal asymmetric keypair for each user and stores"
+" the private key symmetrically encrypted with a secret derived from the "
+"user's password."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:17
+msgid ""
+"Each user's private key is protected by the Key Recovery mechanism and, "
+"if enabled, by the Key Escrow mechanism."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:18
+msgid "The whistleblower files a report."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:19
+msgid "The system assigns a unique 16-digit receipt number to the whistleblower."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:20
+msgid ""
+"The system generates an asymmetric keypair for the whistleblower and "
+"stores the private key symmetrically encrypted with a secret derived from"
+" the whistleblower’s receipt number."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:21
+msgid ""
+"The system generates an asymmetric keypair for encrypting the report, "
+"attachments, comments, and associated metadata, and stores a copy of the "
+"private key encrypted for each involved user using their own public key."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:22
+msgid ""
+"The system encrypts the report, attachments, comments, and metadata with "
+"the public key generated for the report."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:23
+msgid ""
+"The system grants each involved user access to their reports and "
+"facilitates communication by automatically locking and unlocking the "
+"involved keys when a report is accessed or new communication is made."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:26
+msgid "Encryption's details"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:28
+msgid "Algorithms"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Type"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Implementation"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Asymmetric encryption"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid ""
+"`Libsodium SealedBoxes "
+"<https://pynacl.readthedocs.io/en/stable/public/#nacl.public.SealedBox>`_,"
+" which combines Curve25519, XSalsa20, and Poly1305 algorithms."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Symmetric encryption"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid ""
+"`Libsodium SecretBoxes "
+"<https://pynacl.readthedocs.io/en/stable/secret/#nacl.secret.SecretBox>`_,"
+" which combines XSalsa20 and Poly1305."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:36
+msgid "Users’ credentials"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:37
+msgid "The system uses two types of credentials depending on the user role:"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Credentials type"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "User role"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Passwords"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Used for authenticating users identified by a username"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Receipts"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "16-digit random secrets used for authenticating anonymous whistleblowers"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:45
+msgid "Assumptions:"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:47
+msgid "The system enforces strong password complexity."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:48
+msgid ""
+"The system enforces expiration of receipts according to a strict data "
+"retention policy that limits the number of concurrent active receipts."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:51
+msgid "Users’ keys"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Generation"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Storage"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "ECC Curve25519 keypair"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid ""
+"Generated by the backend during first user login for authenticated users "
+"and upon submission for whistleblowers"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid ""
+"Keys are stored on the backend encrypted using symmetric encryption. The "
+"symmetric key used for encrypting users’ keys is derived from the users’ "
+"credentials using the KDF function `Argon2ID <https://password-"
+"hashing.net/argon2-specs.pdf>`_. The parameters for Argon2ID used for KDF"
+" are stronger than those used for user authentication, with the hash "
+"stored. The parameters are selected to require 128MB of memory per login "
+"and 1 second of computation."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:58
+msgid "Data encryption's keys"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "256-bit keys"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid "Generated by the backend for each report"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:1
+msgid ""
+"Keys are stored on the backend filesystem encrypted using asymmetric "
+"encryption with Users’ and Whistleblower’s keys, respectively."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:65
+msgid "Key generation"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:66
+msgid ""
+"Users' encryption keys are automatically generated during the first login"
+" and secured using the user passphrase. This straightforward but "
+"effective key generation policy requires users to complete their first "
+"login before being able to receive reports."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:69
+msgid "Key recovery"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:70
+msgid ""
+"The system implements a key recovery mechanism using a recovery key and "
+"symmetric encryption."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:72
+msgid ""
+"When a user key is generated, the private key is symmetrically encrypted "
+"with a randomly generated recovery key."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:74
+msgid ""
+"For usability reasons, this recovery key is also securely encrypted and "
+"stored on the backend, allowing logged-in users who possess their "
+"password to retrieve and print their own account recovery key."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:77
+msgid "Key escrow"
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:78
+msgid ""
+"The system offers an optional key escrow mechanism to mitigate data loss "
+"in the event of users losing their passwords."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:80
+msgid ""
+"Key escrow can be enabled during the initial application setup or in the "
+"advanced settings of the software."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:82
+msgid ""
+"We recommend enabling this option to protect whistleblowers' submissions "
+"in cases where recipients lose their passwords. However, if you want to "
+"set up a system where only recipients can access submissions, we advise "
+"against using this feature."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:84
+msgid ""
+"When enabled, the system generates and assigns an escrow key to the "
+"administrator who activated the feature. This key is then used to encrypt"
+" every system key, with a copy preserved that any administrator with the "
+"escrow key can unlock."
+msgstr ""
+
+#: ../../security/EncryptionProtocol.rst:86
+msgid ""
+"Administrators with access to the escrow key can assist internal users "
+"with password recovery and issue password resets. They can also grant "
+"this privilege to other administrators or disable the feature entirely."
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:3
+msgid "Security audits"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:5
+msgid ""
+"GlobaLeaks undergoes independent security audits periodically to verify "
+"and enhance the security of the system. This page lists the most "
+"significant reports available."
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:7
+msgid ""
+"We aim to have audits conducted at least every two years, thanks to "
+"funding opportunities. Each adopter is encouraged to contribute by "
+"funding a general or topic-specific audit based on their capabilities. "
+"This helps ensure that every algorithm, component, and methodology "
+"applied within the project is thoroughly verified."
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:9
+msgid ""
+"If you have conducted or are considering sponsoring a security audit, "
+"please email us at `info@globaleaks.org <mailto:info@globaleaks.org>`_. "
+"This is especially important for general software security. When "
+"requesting a company to audit the software, always remember to ask if the"
+" report can be published afterward; many auditors may not agree to "
+"publish the report later, which has often led to wasted project "
+"resources."
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:11
+msgid ""
+"If you are an independent security auditor or, during your peer review of"
+" GlobaLeaks, you discover or suspect a vulnerability, please do not file "
+"a public issue. Instead, send your report privately through our "
+"`reporting form <https://github.com/globaleaks/whistleblowing-"
+"software/security/advisories/new>`_ or via email to "
+"`security@globaleaks.org <mailto:security@globaleaks.org>`_."
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1 ../../user/admin/UserInterface.rst:135
+msgid "Date"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Auditor"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "2013"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`iSecPartners <https://www.isecpartners.com>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Architecture Audit"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`Report <https://www.globaleaks.org/docs/en/pt/2013-isec.pdf>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`Cure53 <https://cure53.de/>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Web Security Audit"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`Report <https://www.globaleaks.org/docs/en/pt/2013-cure53.pdf>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "2014"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`LeastAuthority <https://leastauthority.com/>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Source Code Audit"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`Report <https://www.globaleaks.org/docs/en/pt/2014-leastauthority.pdf>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "2018"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`SubGraph <https://subgraph.com/>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Overall Audit"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`Report <https://www.globaleaks.org/docs/en/pt/2018-subgraph.pdf>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "2019"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`RadicallyOpenSecurity <https://radicallyopensecurity.com/>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Crypto Audit, Multi-tenancy Audit, Overall Audit"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid ""
+"`Report "
+"<https://www.globaleaks.org/docs/en/pt/2019-radicallyopensecurity.pdf>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "2022"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid ""
+"Server Source Code Audit, Client Pentest, OpSec for Whistleblowers, OpSec"
+" for Server Administrators"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid ""
+"`Report "
+"<https://www.globaleaks.org/docs/en/pt/2022-radicallyopensecurity.pdf>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "2024"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`ISGroup <https://isgroup.it/>`_"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "Surface Analysis and Network Penetration Test"
+msgstr ""
+
+#: ../../security/PenetrationTests.rst:1
+msgid "`Report <https://www.globaleaks.org/docs/en/pt/2024-isgroup.pdf>`_"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:3
+msgid "Threat model"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:4
+msgid ""
+"GlobaLeaks is a free and open-source whistleblowing software designed for"
+" various usage scenarios, each requiring a balance between strong "
+"security and high usability. These two requirements are crucial for "
+"managing whistleblowing procedures effectively, protecting "
+"whistleblowers, and achieving specific project goals. Given the variety "
+"of use cases and associated risks, the software can be configured to "
+"address the specific threat model detailed here."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:6
+msgid ""
+"This document is intended for organizations implementing a whistleblowing"
+" procedure using GlobaLeaks. It supports the analysis and understanding "
+"of the specific threat model relevant to their context and risks and "
+"guides users in selecting best practices for their project."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:9
+msgid "Users matrix"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:10
+msgid ""
+"The first step is to define the types of users interacting with a "
+"GlobaLeaks platform."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "User"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Definition"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"The user who submits an anonymous report through the platform. "
+"Whistleblowers may operate under various threat models depending on the "
+"usage scenario and the nature of the information submitted."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"The user who receives and analyzes anonymous reports from Whistleblowers."
+" Recipients act in good faith and are considered trusted parties "
+"concerning the protection of Whistleblowers' confidentiality."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"Users responsible for setting up, managing, and monitoring the platform's"
+" security. Administrators may not be the same entities running or "
+"managing the whistleblowing initiatives (e.g., hosted solutions, multiple"
+" stakeholder projects). Administrators are trusted entities but do not "
+"have direct access to reports and advise Recipients on best practices."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:19
+msgid ""
+"It is crucial to apply security measures relative to the users of the "
+"platform, aiming to achieve an appropriate tradeoff between security and "
+"usability."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:22
+msgid "Anonymity matrix"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:23
+msgid ""
+"The anonymity of users must be classified depending on the context of "
+"use, as follows:"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Anonymous"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"The user accesses the platform via the Tor Browser and follows best "
+"practices to protect their identity, minimizing the risk of tracking by "
+"any system involved in the operation. The user has not disclosed their "
+"identity to Recipients."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Confidential"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"The user accesses the platform via a common browser. While third parties "
+"might log their IP address, the platform protects the content of their "
+"communication. The user may choose to disclose their identity to "
+"Recipients confidentially."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:31
+msgid ""
+"The platform always informs users of their current anonymity status and "
+"provides guidance on best practices for anonymous access via the Tor "
+"Browser. Administrators may enforce the requirement that Whistleblowers "
+"use the Tor Browser to file reports, depending on the use case."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:34
+msgid "Communication security matrix"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:35
+msgid ""
+"The security of communication concerning third-party monitoring varies "
+"based on the context of use."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Security level"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Description"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "High security"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"Tor is used, and communication is encrypted end-to-end with the "
+"GlobaLeaks platform, ensuring that no third party can eavesdrop on the "
+"communication."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Medium security"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"HTTPS is used, and communication is encrypted end-to-end with the "
+"GlobaLeaks platform. A third party capable of manipulating HTTPS security"
+" (e.g., re-issuing TLS certificates) could eavesdrop on the "
+"communication. If HTTPS security is maintained, monitoring the user's "
+"communication line or the GlobaLeaks platform's communication line is not"
+" feasible."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1 ../../security/ThreatModel.rst:44
+msgid "Identity disclosure matrix"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:45
+msgid ""
+"Regardless of the anonymity matrix, users may choose or be required to "
+"disclose their identity."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Undisclosed"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "The user's identity is not disclosed and is unlikely to be disclosed."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Optionally disclosed"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"The user's identity is not disclosed by default but may be voluntarily "
+"disclosed (e.g., an anonymous tip-off MAY receive a follow-up, whereas a "
+"formal report with disclosed identity MUST receive a follow-up)."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Disclosed"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "The user chooses or is required to disclose their identity to other users."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:54
+msgid ""
+"Identity disclosure is crucial because even in an Anonymous High security"
+" environment, disclosing one's identity may be a valuable option for "
+"specific whistleblowing workflows."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:56
+msgid ""
+"Users starting with an anonymity setting of “Anonymous” and an "
+"“Undisclosed Identity” can decide later to disclose their identity. "
+"Conversely, this cannot be undone. This consideration is key to ensuring "
+"user protection in GlobaLeaks."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:58
+msgid ""
+"Voluntary identity disclosure may be required in certain whistleblowing "
+"procedures because:"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:60
+msgid "A tip-off MAY receive a follow-up and can be anonymous;"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:61
+msgid "Formal reports MUST receive a follow-up and cannot be anonymous."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:63
+msgid ""
+"The distinction between “MAY” and “MUST” refers to the actions of "
+"recipients and is a fundamental element of the guarantees provided to "
+"whistleblowers in many initiatives (e.g., a corporate or institutional "
+"whistleblowing platform should not follow a MUST approach for anonymous "
+"submission follow-up, treating such submissions as tip-offs rather than "
+"formal reports)."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:66
+msgid "Usage scenarios matrix"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:67
+msgid ""
+"This section provides examples of how different anonymity levels for "
+"users can be combined depending on the context of use."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Use case"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Media outlet"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"A media outlet with a disclosed identity initiates a whistleblowing "
+"project. The outlet’s recipients are disclosed to Whistleblowers, "
+"allowing them to trust a specific journalist rather than the outlet "
+"itself. Full anonymity must be assured to whistleblowers, and their "
+"identity cannot be disclosed in connection with anonymous submissions. "
+"Whistleblowers MAY choose to disclose their identity if they trust the "
+"journalist's source-protection record."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Corporate compliance"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"A corporation implements transparency or anti-bribery law compliance by "
+"promoting initiatives to employees, consultants, and providers. "
+"Recipients are part of a company division (e.g., Internal Audit office). "
+"Whistleblowers are guaranteed full anonymity but may optionally disclose "
+"their identity."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Human Rights Activism Initiative"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"A human rights group initiates a whistleblowing project to expose "
+"violations in a dangerous area. The organization requires anonymity to "
+"avoid retaliation and operates under a pseudonym. Recipients MUST not be "
+"disclosed to Whistleblowers, but partial disclosure by pseudonym is "
+"acceptable to establish trust. The Whistleblower MUST be guaranteed "
+"anonymity and their identity cannot be disclosed."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Citizen media initiative"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"A citizen media initiative with a public identity seeks reports on "
+"specific topics (e.g., political, environmental malpractice, corruption) "
+"in a medium-low risk operational context. Recipients may use pseudonyms "
+"or remain public to avoid complete exposure. Whistleblowers, if the topic"
+" is not life-threatening, may submit reports confidentially to lower the "
+"entry barrier."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:77
+msgid ""
+"The following matrix illustrates how different usage scenarios can "
+"require various anonymity levels, communication security requirements, "
+"and identity disclosures for different users."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:79
+msgid ""
+"GlobaLeaks will provide appropriate security awareness information "
+"through its user interface and enforce specific requirements based on "
+"clear configuration guidelines."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Scenario"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Anonymity level"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Identity disclosure"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Communication security"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "No anonymity"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Admin"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Partially disclosed"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:98
+msgid "Data security matrix"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:99
+msgid ""
+"This section highlights the data handled by GlobaLeaks and the protection"
+" schemes applied to it."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:101
+msgid "The following information types are involved in GlobaLeaks:"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Information type"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Questionnaire answers"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"Data associated with a submission, including the filled forms and options"
+" selected by the Whistleblower."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Submission attachments"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Files associated with a submission."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Platform configuration"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Data for configuring and customizing the platform."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Software files"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid ""
+"All files required for the software to function, including default "
+"configurations."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Email notifications"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Data sent to notify recipients of new reports via email."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:112
+msgid "Below is a matrix showing the different security measures applied to data."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Encryption"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Filters"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Sanitization"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Encrypted in the database with per-user/per-submission keys"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Keyword filters"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Antispam, Anti-XSS"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Encrypted on the filesystem with per-user/per-submission keys"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Extension blocking, Antivirus"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "N/A"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Encrypted with PGP when recipient keys are available"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:1
+msgid "Antispam to prevent flooding"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:122
+msgid "Threats to anonymity and confidentiality"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:123
+msgid ""
+"This section highlights various threats that require specific "
+"consideration."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:126
+msgid "Browser history and cache"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:127
+msgid ""
+"GlobaLeaks uses crafted HTTP headers and other techniques to minimize "
+"leaking information into a user’s browser history or cache. While this "
+"privacy feature enhances safety, it cannot guarantee protection against "
+"forensic analysis of browser cache and history but serves as an "
+"additional safety measure."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:130
+msgid "Metadata"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:131
+msgid ""
+"Files may contain metadata related to the author or whistleblower. "
+"Cleaning metadata from submitted files helps protect an \"unaware\" "
+"whistleblower from inadvertently including information that may "
+"compromise their anonymity. GlobaLeaks does not automatically clean "
+"metadata by default, as metadata is considered a fundamental part of the "
+"original evidence that should be preserved. Metadata cleanup is an "
+"optional step that may be suggested to Whistleblowers or performed by "
+"Recipients when sharing documents with others. When sharing files with "
+"external parties, Recipients are advised to print the document and "
+"provide a hard copy to ensure that only visible information is shared, "
+"avoiding the risk of sharing sensitive metadata. For more on metadata and"
+" redacting digital files, see the article `Everything you wanted to know "
+"about media metadata, but were afraid to ask "
+"<https://freedom.press/training/everything-you-wanted-know-about-media-"
+"metadata-were-afraid-ask/>`_ by Harlo Holmes. A useful tool for these "
+"procedures is the `Metadata Anonymization Toolkit "
+"<https://0xacab.org/jvoisin/mat2>`_."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:134
+msgid "Malware and trojans"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:135
+msgid ""
+"GlobaLeaks cannot prevent an attacker from using the platform maliciously"
+" to target recipients with malware or trojans. To mitigate risks of data "
+"exfiltration through trojans, Recipients should implement proper "
+"operational security by using dedicated laptops for report viewing and "
+"opening file attachments on offline computers. Wherever possible, they "
+"should use specialized secure operating systems like `QubesOS "
+"<https://www.qubes-os.org/>`_ or `Tails <https://tails.boum.org/>`_ and "
+"ensure up-to-date antivirus software is running."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:138
+msgid "Network and reverse proxies"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:139
+msgid ""
+"GlobaLeaks is designed for use with direct Tor or TLS connections from "
+"the user’s browser to the application backend. The use of Network and "
+"Reverse Proxies in front of the application is discouraged as they can "
+"interfere with the application and compromise confidentiality and "
+"anonymity measures implemented in GlobaLeaks."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:142
+msgid "Data stored outside the platform"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:143
+msgid ""
+"GlobaLeaks does not provide security for data stored outside the "
+"GlobaLeaks system. It is the responsibility of Recipients to protect data"
+" downloaded from the platform or shared via external USB drives. The "
+"operating system used or the USB drive should offer encryption to ensure "
+"that, in case of device loss or theft, the data remains inaccessible."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:146
+msgid "Environmental factors"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:147
+msgid ""
+"GlobaLeaks does not protect against environmental factors related to "
+"users' physical locations or social relationships. For example, if a user"
+" has a surveillance device in their home, GlobaLeaks cannot provide "
+"protection. Similarly, if a whistleblower, who is supposed to be "
+"anonymous, shares their story with friends or coworkers, GlobaLeaks "
+"cannot offer protection."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:150
+msgid "Incorrect data retention policies"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:151
+msgid ""
+"GlobaLeaks implements a strict default data retention policy of 90 days "
+"to allow users to manage reports within a limited time frame necessary "
+"for investigations. If the platform is configured to retain reports for "
+"an extended period and Recipients do not manually delete unnecessary "
+"reports, the value of the data increases, along with the risk of "
+"exposure."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:154
+msgid "Human negligence"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:155
+msgid ""
+"While GlobaLeaks provides Administrators with the ability to fine-tune "
+"security configurations and continuously informs users about their "
+"security context, it cannot protect against major security threats "
+"resulting from human negligence. For instance, if a Whistleblower submits"
+" data that can identify them as the unique owner or recent viewer, "
+"GlobaLeaks cannot protect their identity."
+msgstr ""
+
+#: ../../security/ThreatModel.rst:158
+msgid "Advanced traffic analysis"
+msgstr ""
+
+#: ../../security/ThreatModel.rst:159
+msgid ""
+"An attacker monitoring HTTPS traffic, without the ability to decrypt it, "
+"can still identify user roles based on different network traffic patterns"
+" generated by Whistleblowers, Recipients, and Administrators. GlobaLeaks "
+"does not offer protection against this type of threat. We recommend using"
+" `Tor pluggable transports <https://2019.www.torproject.org/docs"
+"/pluggable-transports.html.en>`_ or other methods that provide additional"
+" protection against such attacks."
+msgstr ""
+
+#: ../../security/index.rst:2
+msgid "Security"
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:2
+msgid "Installation guide"
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:3
+msgid "The following guide will help you through the installation of GlobaLeaks."
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:5
+msgid ""
+"Before starting the installation, ensure that your system meets the "
+":doc:`Requirements </gettingstarted/Requirements>`."
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:8
+msgid ""
+"GlobaLeaks is designed to provide optimal technical anonymity for "
+"whistleblowers. Additionally, the software can be configured to protect "
+"the identity of the platform administrator and the server's location, but"
+" this requires advanced setup procedures not covered in this simplified "
+"installation guide. By executing the commands below, your IP address and "
+"system location could be tracked by network providers, and our systems "
+"will receive the same information to facilitate software provisioning."
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:12
+msgid "**Install GlobaLeaks**"
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:14
+msgid "To install GlobaLeaks, run the following commands:"
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:22
+msgid ""
+"You may also install GlobaLeaks using Docker. Check out the `docker` "
+"directory in our GitHub repository for instructions."
+msgstr ""
+
+#: ../../setup/InstallationGuide.rst:24
+msgid ""
+"After installation, follow the instructions provided to guide you through"
+" accessing the :doc:`Platform wizard </setup/PlatformWizard>`."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:2
+msgid "Platform wizard"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:3
+msgid "After installing GlobaLeaks, you can proceed with the platform wizard."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:5
+msgid ""
+"Open a browser at port 443 or port 8443 on your remote or local IP, "
+"respectively."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:7
+msgid ""
+"We recommend performing the wizard either using the Tor address provided "
+"at the end of the setup or on localhost via a VPN."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:10
+msgid "Choose the primary language for your site"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:11
+msgid ""
+"On the first page of the wizard, you will be prompted to select the "
+"language for your site. The default choice is English, but many other "
+"languages are available, with more expected in the future."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:16
+msgid "Choose a name for your project"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:17
+msgid "In the second section of the wizard, configure the name of your project."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:22
+msgid "Configure the account for the administrator of your whistleblowing site"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:23
+msgid ""
+"In the third section of the wizard, configure the account details for the"
+" administrator of your project."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:25
+msgid ""
+"Be sure to choose a strong password to protect this sensitive account; an"
+" indication of the strength of the chosen password is provided to guide "
+"you."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:30
+msgid "Configure the account for the first recipient of reports"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:31
+msgid ""
+"In the fourth section of the wizard, configure the account details for "
+"the first recipient of reports sent to your project."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:36
+msgid "Read and accept the license"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:37
+msgid ""
+"In the fifth section of the wizard, you will be prompted to read and "
+"accept the GlobaLeaks License."
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:42
+msgid "Complete the wizard"
+msgstr ""
+
+#: ../../setup/PlatformWizard.rst:43
+msgid "The sixth section of the wizard confirms the completion of the setup."
+msgstr ""
+
+#: ../../user/Admin.rst:2
+msgid "For administrators"
+msgstr ""
+
+#: ../../user/Common.rst:2
+msgid "Common to all users"
+msgstr ""
+
+#: ../../user/Common.rst:4
+msgid "Login"
+msgstr ""
+
+#: ../../user/Common.rst:5
+msgid "Users could login by accessing the ``/#/login`` page."
+msgstr ""
+
+#: ../../user/Common.rst:10
+msgid "Access the user preferences"
+msgstr ""
+
+#: ../../user/Common.rst:11
+msgid ""
+"After login Users could access their preferences by clicking the "
+"``Preferences`` link present in the login status bar."
+msgstr ""
+
+#: ../../user/Common.rst:16
+msgid "Change your password"
+msgstr ""
+
+#: ../../user/Common.rst:17
+msgid ""
+"Users could change their own password by accessing the ``Password`` tab "
+"present in the ``Preferences`` page."
+msgstr ""
+
+#: ../../user/Common.rst:22
+msgid "Reset your password"
+msgstr ""
+
+#: ../../user/Common.rst:23
+msgid ""
+"Users could requests a password reset via the ``/#/login`` page by "
+"clicking the ``Forgot password?`` button."
+msgstr ""
+
+#: ../../user/Common.rst:25
+msgid ""
+"After clicking the button users are requested to type their own username "
+"or email address."
+msgstr ""
+
+#: ../../user/Common.rst:34
+msgid "Enable two-factor-authentication (2fa)"
+msgstr ""
+
+#: ../../user/Common.rst:35
+msgid ""
+"Users could enable Two-Factor-Authentication by clicking the ``Enable two"
+" factor authentication`` option inside the ``Preferences`` page."
+msgstr ""
+
+#: ../../user/Common.rst:37
+msgid ""
+"To enable the feature the user requires to have a phone with installed a "
+"common ``Authenticator APP`` implementing the TOTP standard as by `RFC "
+"6238 <https://tools.ietf.org/html/rfc6238>`_"
+msgstr ""
+
+#: ../../user/Common.rst:42
+msgid "Access and save your account recovery key"
+msgstr ""
+
+#: ../../user/Common.rst:43
+msgid ""
+"Users could access their own Account Recovery key by clicking the "
+"``Account Recovery Key`` button present in the ``Preferences`` page."
+msgstr ""
+
+#: ../../user/Common.rst:45
+msgid ""
+"This is a fundamental step that any user should do at their first login "
+"after activating their own account in order to backup their own account "
+"recovery key and get sure to not incur in data loss due to password loss."
+msgstr ""
+
+#: ../../user/Recipient.rst:2
+msgid "For recipients"
+msgstr ""
+
+#: ../../user/Recipient.rst:5
+msgid "Access the list of the existing reports"
+msgstr ""
+
+#: ../../user/Recipient.rst:6
+msgid ""
+"The lists of the existing reports can be accessed via the link "
+"``Reports`` on the sidebar of the Recipient's Homepage."
+msgstr ""
+
+#: ../../user/Recipient.rst:13
+msgid "Access a report"
+msgstr ""
+
+#: ../../user/Recipient.rst:14
+msgid "A report can be accessed in two ways:"
+msgstr ""
+
+#: ../../user/Recipient.rst:16
+msgid "By clicking on it like on a mailbox system from the ``Reports`` page"
+msgstr ""
+
+#: ../../user/Recipient.rst:17
+msgid ""
+"By clicking on the link received on a mail notification and entering own "
+"credentials"
+msgstr ""
+
+#: ../../user/Whistleblower.rst:2
+msgid "For whistleblowers"
+msgstr ""
+
+#: ../../user/Whistleblower.rst:5
+msgid "File a new report"
+msgstr ""
+
+#: ../../user/Whistleblower.rst:6
+msgid ""
+"A new report can be filed by accessing the homepage of the platform and "
+"clicking the ``File a report`` button."
+msgstr ""
+
+#: ../../user/Whistleblower.rst:12
+msgid ""
+"After filing a new report the systems provides to the user a 16-digit "
+"receipt."
+msgstr ""
+
+#: ../../user/Whistleblower.rst:17
+msgid "Access an existing report"
+msgstr ""
+
+#: ../../user/Whistleblower.rst:18
+msgid ""
+"An existing report can be accessed by entering the 16-digit receipt "
+"obtained at the end of the submission on the login interface present on "
+"the home page of the platform."
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:2
+msgid "Backup and restore"
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:4
+msgid "To perform a manual backup, you can use the following bash script:"
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:21
+msgid ""
+"After running the script, you will find a `tar.gz` archive in "
+"`/var/globaleaks/backups`. The file will be named in the format: "
+"`globaleaks-$version-$timestamp.tar.gz`."
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:23
+msgid ""
+"GlobaLeaks automatically performs a backup during each platform update. "
+"These backups are retained under a data retention policy and are deleted "
+"15 days after the update."
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:25
+msgid "To restore an existing backup:"
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:27
+msgid ""
+"Ensure that GlobaLeaks is not running; you can stop it using: `service "
+"globaleaks stop`."
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:28
+msgid ""
+"Identify the version of GlobaLeaks required for the restoration, which is"
+" indicated in the backup filename."
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:29
+msgid ""
+"Extract the contents of the archive to `/var/globaleaks` using: `tar "
+"-zxvf backup.tar.gz`."
+msgstr ""
+
+#: ../../user/admin/BackupAndRestore.rst:30
+msgid ""
+"Install the required version of GlobaLeaks with: `apt-get install "
+"globaleaks=<version>` (e.g., `globaleaks=3`)."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:2
+msgid "Common configurations"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:4
+msgid "Configure the logo"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:5
+msgid ""
+"The first thing you want to give to your whistleblowing site is a "
+"branding identity; this could be done by loading a logo in section Site "
+"settings / Main configuration."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:9
+msgid ""
+"Scroll down along the page to reach the \"Save\" button, click on it and "
+"have your logo and favicon applied."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:12
+msgid "Enable languages"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:13
+msgid "You may want your GlobaLeaks installation served on more than one language"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:15
+msgid ""
+"To do so, in the section \"Site settings / Languages\" select the "
+"languages you would like and add them."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:17
+msgid ""
+"Note that in the same interface you can mark the default application "
+"language."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:22
+msgid "Configure notification settings"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:23
+msgid ""
+"GlobaLeaks sends out notifications of different events to different "
+"receivers and to admins. In order to have this working, you have to "
+"select  \"Notification Settings\" in the \"Administration Interface - "
+"General Settings\" page and set up email account and related server "
+"parameters."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:25
+msgid ""
+"We suggest you to setup an email account dedicated to sending out "
+"notifications from your initiative."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:29
+msgid "Enter the followings:"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:31
+msgid ""
+"SMTP name: the name of your GlobaLeaks project or something that equally "
+"descriptive"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:32
+msgid "SMTP email address: the email address used to send notifications"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:33
+msgid ""
+"Username: the username corresponding to the just inserted \"SMTP email "
+"address\"; this is needed to authenticate to the SMTP server and send "
+"emails"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:34
+msgid "Password: Password of the above corresponding \"SMTP email address\""
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:35
+msgid ""
+"SMTP Server Address: it is the hostname of the SMTP server you are using "
+"to send notification emails"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:36
+msgid ""
+"SMTP Server Port: Port used to send outgoing emails. It is usually 465 or"
+" 587 (SMTP with TLS is at TCP port 587; SMTP with SSL is at 465)"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:37
+msgid ""
+"Transport Security: from the drop down menu select the opportune security"
+" level"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:39
+msgid ""
+"It is better to leave untouched the pre-defined settings pertaining the "
+"notification to admins and to recipients, but in the case you want to "
+"disable them, it is possible to check the corresponding checkboxes."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:41
+msgid ""
+"You can then set the value for the time at which the notification alert "
+"of expiring report; this value is set at 72hours to give time to the "
+"recipient(s) to check and manage the pending submissions."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:43
+msgid ""
+"It is possible to tweak the maximum number of emails allowed in an hour, "
+"before email wil be suspended in order to avoid flooding the system. It "
+"is advised to keep the pre-defined value, and eventually change it "
+"accordingly with mail server capabilities."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:45
+msgid ""
+"Once configured all the parameters for notifications, it is possible to "
+"test them by just clicking on the \"Test the configuration\" button."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:47
+msgid ""
+"If all is working as expected, click on the \"Save\" button to keep the "
+"configured parameters."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:50
+msgid "Configure recipients"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:51
+msgid ""
+"The Recipient is the person that will receive and process the data that "
+"whistleblowers input in the platform. You can have one or multiple "
+"Recipients per Context, and also have one Recipient that can access to "
+"multiple Contexts. The platform is very flexible on this and allows you "
+"to define in very detail your whistleblowing system and procedure."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:55
+msgid "Customize the graphic layout"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:57
+msgid "Example 1: Custom Background"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:58
+msgid ""
+"This CSS example shows how to customize the Background Color of the "
+"application."
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:68
+msgid "Example 2: Custom Font"
+msgstr ""
+
+#: ../../user/admin/CommonConfigurations.rst:69
+msgid "This CSS example shows how to customize the font of the application."
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:2
+msgid "Troubleshooting"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:5
+msgid "Issues and bug reporting"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:7
+msgid "If you encounter any issues and are unable to run GlobaLeaks:"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:9
+msgid "Ensure you strictly follow the Installation Guide."
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:10
+msgid ""
+"Verify that you meet the Technical Requirements for hardware and "
+"operating system version."
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:11
+msgid ""
+"Search the support forum to see if a user has already encountered your "
+"issue: `GlobaLeaks Discussions "
+"<https://github.com/orgs/globaleaks/discussions>`_"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:12
+msgid ""
+"Report the issue on the official software issue tracker: `GlobaLeaks "
+"Issues <https://github.com/globaleaks/globaleaks-whistleblowing-software/issues>`_"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:15
+msgid "Useful debugging commands"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:17
+msgid ""
+"Depending on your setup, here are some common checks to determine if "
+"GlobaLeaks is working:"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:19
+msgid "Is the service running?"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:25
+msgid "Is the service responding on the loopback interface?"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:31
+msgid "Is the service listening on external interfaces?"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:37
+msgid "Are exceptions being generated?"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:45
+msgid "Log files"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:46
+msgid ""
+"Here are some useful logs and their corresponding files when GlobaLeaks "
+"is installed:"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:48
+msgid "**GlobaLeaks process:**"
+msgstr ""
+
+#: ../../user/admin/TroubleShooting.rst:55
+msgid ""
+"The verbosity of the logs is configurable via the web interface of the "
+"software under Advanced Settings."
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:2
+msgid "Upgrade guide"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:4
+msgid "Regular update"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:5
+msgid ""
+"To safely upgrade a GlobaLeaks installation please proceed with a backup "
+"of your setup by following the :doc:`Backup and restore "
+"</user/admin/BackupAndRestore>` guide."
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:7
+msgid ""
+"This is necessary so that if something goes wrong and you need to "
+"rollback, you will be able to just uninstall the current package, then "
+"install the same version of globaleaks that was previously installed and "
+"working."
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:9
+msgid "In order to update GlobaLeaks perform the following commands:"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:16
+msgid "Upgrade of the distribution version"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:17
+msgid ""
+"For security and stability reasons it is recommended to not perform a "
+"distribution upgrade."
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:19
+msgid ""
+"GlobaLeaks could be instead easily migrated to a new up-to-date Debian "
+"system with the following recommended instructions:"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:21
+msgid "create an archive backup of /var/globaleaks"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:22
+msgid "instantiate the lates Debian available"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:23
+msgid "log on the new server and extract the backup in /var/globaleaks"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:24
+msgid ""
+"follow the :doc:`Installation Guide </setup/InstallationGuide>`; "
+"GlobaLeaks while installing will recognize the presence of an existing "
+"data directory and will use it"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:27
+msgid "In case of errors"
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:28
+msgid ""
+"The above commands should allow you to perform regularly updates. On some"
+" conditions due to special updates it could be possible that those "
+"commands result in a failure. Consult this page for knowning specific "
+"FAQs on precise failures."
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:30
+msgid ""
+"In case you do not find any specific documented solution for your "
+"failure, you could run the GlobaLeaks install script. The installation "
+"script in fact is designed to allow the update of GlobaLeaks and it "
+"includes fixes for the most common issue."
+msgstr ""
+
+#: ../../user/admin/UpgradeGuide.rst:33
+msgid ""
+"To run the install script for updating globaleaks perform the following "
+"commands:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:2
+msgid "User interface"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:3
+msgid ""
+"This section offers you a summary of the user interface offered to Admin "
+"users."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:7
+msgid "Through the menu you could access the following administrative sections:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:9 ../../user/admin/UserInterface.rst:28
+#: ../../user/admin/UserInterface.rst:33 ../../user/admin/UserInterface.rst:44
+msgid "Settings"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:11 ../../user/admin/UserInterface.rst:77
+msgid "Users"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:13 ../../user/admin/UserInterface.rst:99
+msgid "Questionnaires"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:15 ../../user/admin/UserInterface.rst:158
+msgid "Channels"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:17 ../../user/admin/UserInterface.rst:185
+msgid "Case management"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:21 ../../user/admin/UserInterface.rst:228
+msgid "Network"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:23 ../../user/admin/UserInterface.rst:279
+msgid "Sites"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:25 ../../user/admin/UserInterface.rst:309
+msgid "Audit log"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:29
+msgid ""
+"This is the section that offers you all the main customization "
+"possibilities necessary for implementing a basic and functional "
+"whistleblowing site."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:31
+msgid "This section is furtherly divided in:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:35 ../../user/admin/UserInterface.rst:50
+msgid "Files"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:37 ../../user/admin/UserInterface.rst:56
+msgid "Languages"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:39
+msgid "Text customization"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:41
+msgid "Advanced settings"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:45
+msgid ""
+"In this section is configurable the logo and all the texts of the main "
+"user interfaces."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:51
+msgid ""
+"In this section could be loaded CSS and Javascript and other files "
+"necessary to customize the interface."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:57
+msgid ""
+"In this section you could enable all the languages required by your "
+"project and configure the default language."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:60
+msgid ""
+"Thanks to the `Localization Lab <https://www.localizationlab.org/>`_ and "
+"our great volunteer community, the software is already available and "
+"continuously made available in a lot of languages. This aspect of "
+"internationalization is crucial in many projects. In case you are "
+"starting a project and the required languages are not available we "
+"strongly invite you to register on our `web translation platform "
+"<https://www.transifex.com/otf/globaleaks/>`_ offered by `Transifex "
+"<https://www.transifex.com/otf/globaleaks/>`_ and support yourself the "
+"translation. Internationalization and Localization is in fact are crucial"
+" for the success of a whistleblowing project. Thank you!"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:65
+msgid "Text Customization"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:66
+msgid ""
+"Here could be configured overrides for any of the texts of the platform "
+"and of their translation."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:71
+msgid "Advanced Settings"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:72
+msgid "In this section could be configured a set of advanced settings."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:78
+msgid ""
+"This sections is where users could be created and managed. The system "
+"with the basic configuration completed with the initial Platform wizard "
+"is configured with an Administrator and a Recipient."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:81
+msgid ""
+"Depending on your project needs here you could create users with "
+"different roles and manage their respective privileges."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:86
+msgid "User Roles"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:87
+msgid ""
+"The software offers the possibility to create users with the following "
+"roles:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:89
+msgid "Administrators"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:91
+msgid "Recipients"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:94
+msgid "User Options"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:100
+msgid ""
+"The softare implements a standard default questionnaire that is proposed "
+"as a good base for a generic whistleblowing procedure. This questinnaire "
+"is the current result of the research performed by the project team with "
+"the organizations that have adopted the solution and expecially with "
+"anticorruption and investigative journalism NGOs."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:102
+msgid ""
+"As every organization has different needs, risks and goals globaleaks has"
+" been designed considering to implement an advanced questionnaire builder"
+" offering the possibility to design custom questionnaires."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:104
+msgid ""
+"The following sections present the questionnaire builder and its "
+"capabilities."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:108
+msgid ""
+"Depending on your project needs you may evaluate defining some questions "
+"once as Question Templates and reuse the same question in multiple "
+"questionnaires."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:113
+msgid "Steps"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:114
+msgid ""
+"The software enables to organize questionnaire in one or multiple steps. "
+"For example the default questionnaire is organized with a single step "
+"including all the questions."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:118
+msgid "Questions Types"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:119
+msgid "The software enables you to create questions of the following types:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:121
+msgid "Single-line text input"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:123
+msgid "Multi-line text input"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:125
+msgid "Selection box"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:127
+msgid "Multiple choice input"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:129
+msgid "Checkbox"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:131
+msgid "Attachment"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:133
+msgid "Terms of service"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:137
+msgid "Date range"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:139
+msgid "Voice"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:141
+msgid "Question group"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:144
+msgid "Common Question Properties"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:145
+msgid ""
+"Each of the software question types make it possible to configure the "
+"following properties:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:147
+msgid "Question: The text of the question"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:149
+msgid ""
+"Hint: A hint that will be shown via an popover an a question mark near "
+"the question."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:151
+msgid "Description: A description text that will be shown below the question"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:153
+msgid "Required: Set this field if you want this question to be mandatory"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:155
+msgid ""
+"Preview: Set this field if you want the answers to this question to "
+"appear in the preview section of the list"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:159
+msgid ""
+"This section is where whistleblowing channels could be created and "
+"managed."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:161
+msgid ""
+"A whistleblowing channel is typically defined by the following main "
+"characteristics"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:163
+msgid ""
+"Name: the name of the channel Image: an image to identify the channel "
+"Description: a description of the channel Recipients: the set of "
+"recipients that will receive reports sent to this channel Questionnaire: "
+"the questionnaire that will be proposed to whistleblowers selecting this "
+"channel Submission expiration: the data retention policy for the channel"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:170
+msgid ""
+"The system with the basic configuration completed with the initial "
+"platform wizard is configured with a single Channel called Default, on "
+"which is associated a recipient and the default questionnaire."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:172
+msgid ""
+"Depending on your project needs here you could create additional Channels"
+" and configure their respective properties."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:177
+msgid "Data Retention Policy"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:178
+msgid ""
+"The software enables to configure a data retention policy for each "
+"channel. This is a fundamental property of the whistleblowing channel "
+"that makes it possible to configure automatic secure deletion of reports "
+"after a certain period of time. This setting should be configured in "
+"relation to the risk of the channel in order to limit unneeded exposure "
+"of the reports received therein."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:182
+msgid "By default a channel is configured with a report expiration of 90 days."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:186
+msgid ""
+"This section is intended to host all the main case management feature "
+"that will be offered by the software. Currently it hosts the possibility "
+"to define reports statuses and sub-statuses intended to be used by "
+"Recipients while working on the reports."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:194
+msgid "By default the system includes the following report statuses:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:190
+msgid "New"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:192
+msgid "Open"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:194
+msgid "Closed"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:196
+msgid ""
+"Within this section you may add additional Statuses between the State "
+"Open and Closed and you can furtherly define Sub-statuses for the Closed "
+"status (e.g. Archived / Spam)"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:202
+msgid ""
+"This is the section where are configured all the aspects related to the "
+"mail notifications sent by the software."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:207
+#: ../../user/admin/UserInterface.rst:238
+msgid "The section is furtherly divided in:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:205
+#: ../../user/admin/UserInterface.rst:210
+msgid "Notification Settings"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:207
+#: ../../user/admin/UserInterface.rst:219
+msgid "Notification Templates"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:211
+msgid "Here are configured the technical details about SMTP."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:214
+msgid ""
+"By default GlobaLeaks comes with a working configuration that is based on"
+" systems offered by the GlobaLeaks developers to the community of users "
+"and testers; even though this configuration is designed by their owners "
+"with special care in relation to security and privacy you are invited to "
+"consider using alternative systems for your production environment."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:220
+msgid "In this section are configured the notification templates."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:222
+msgid ""
+"By default globaleaks includes text and translations for each of the "
+"templates that are provided to be fully functional and studied with "
+"particular care in relation to security and privacy. Depending on your "
+"project needs you may override the default text with your customized "
+"texts."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:229
+msgid "In this section are configured the network settings."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:232
+#: ../../user/admin/UserInterface.rst:241
+msgid "HTTPS"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:234
+#: ../../user/admin/UserInterface.rst:255
+msgid "Tor"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:236
+msgid "IP Access control"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:238
+#: ../../user/admin/UserInterface.rst:273
+msgid "URL Redirects"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:242
+msgid ""
+"Here you can configure all the aspects related to the access of the "
+"platform via the HTTPS Protocol."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:246
+msgid "In particular here are configured:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:248
+msgid "The domain name used by your project"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:250
+msgid "The HTTPS key and certificates"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:252
+msgid ""
+"To ease the deployment and the maintenance and reduce the costs of your "
+"project, consider using the software includes support for the Let’s "
+"Encrypt HTTPS certificates."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:256
+msgid ""
+"Here you can configure all the aspects related to the access of the "
+"platform via the Tor Protocol."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:261
+msgid "IP Access Control"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:262
+msgid "Here you can configure IP based Access Control."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:266
+msgid "Suggested configurations are:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:268
+msgid "Prevent Whistleblowers to report from within their respective work space."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:270
+msgid "Restrict Recipients access to their intranet."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:274
+msgid "Here you can configure URL Redirects."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:280
+msgid ""
+"The site section enables organization to create and manage multiple "
+"secondary whistleblowing sites."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:283
+msgid "Sites Management"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:284
+msgid ""
+"Secondary whistleblowing platforms with independent configurations can be"
+" manually created and managed through the Sites interface."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:286
+msgid ""
+"Organizations have typically need for creating a secondary site when "
+"dealing with subsidiaries or third party clients."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:290
+msgid ""
+"After creating a secondary site an administrators of the main site could "
+"simply enter on that system by clicking a \"Configure\" button."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:292
+msgid ""
+"After clicking on the button the administrator will be logged in on the "
+"the administrative panel of the site."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:295
+msgid "Signup Module"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:296
+msgid ""
+"The software features a signup module that can be enabled and used to "
+"offers others users the possibility to register their secondary site."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:298
+msgid ""
+"Organizations have typically need for a signup module when offering the "
+"platform to other subsidiaries or third party clients where they want "
+"users to have the possibility to self subscribe."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:300
+msgid "The signup feature can be anabled in the Options tab of the Sites section."
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:304
+msgid ""
+"When the signup module is enabled the submission module of the main site "
+"is automatically disabled and the home page will be featuring the "
+"following signup form:"
+msgstr ""
+
+#: ../../user/admin/UserInterface.rst:310
+msgid ""
+"The software features a privacy precerving audit log enabling "
+"administrators of the system to supervise on projects operations."
+msgstr ""
+
+#: ../../user/index.rst:2
+msgid "User documentation"
+msgstr ""
+
diff --git a/documentation/logo-html.png b/documentation/logo-html.png
index ec97a24732..f0abfad214 100644
Binary files a/documentation/logo-html.png and b/documentation/logo-html.png differ
diff --git a/documentation/logo-latex.pdf b/documentation/logo-latex.pdf
new file mode 100644
index 0000000000..4d8089c0d7
Binary files /dev/null and b/documentation/logo-latex.pdf differ
diff --git a/documentation/logo-latex.png b/documentation/logo-latex.png
deleted file mode 100644
index 7a05fd7747..0000000000
Binary files a/documentation/logo-latex.png and /dev/null differ
diff --git a/documentation/requirements.txt b/documentation/requirements.txt
index 7f017844fd..d1eeb4ebd9 100644
--- a/documentation/requirements.txt
+++ b/documentation/requirements.txt
@@ -1,3 +1,6 @@
 sphinx
+sphinx-intl
 sphinx_rtd_theme
 sphinx-autobuild
+sphinx-copybutton
+sphinx-sitemap
diff --git a/documentation/roadmap/index.rst b/documentation/roadmap/index.rst
index 8a3d620658..8a9cb24714 100644
--- a/documentation/roadmap/index.rst
+++ b/documentation/roadmap/index.rst
@@ -1,21 +1,17 @@
-Project Roadmap
+Project roadmap
 ===============
 
 .. NOTE::
-  This tentative roadmap is built by the GlobaLeaks team in order to try to respond to main users' needs. Please get sure that the needs of your projects and users are well represented on the project `Ticketing System <https://github.com/globaleaks/GlobaLeaks/issues>`_. If your organization could fund the development of parts of this roadmap please write us at info@globaleaks.org
+  This tentative roadmap is built by the GlobaLeaks team in order to try to respond to main users' needs. Please get sure that the needs of your projects and users are well represented on the project `Ticketing System <https://github.com/globaleaks/globaleaks-whistleblowing-software/issues>`_. If your organization could fund the development of parts of this roadmap please write us at info@globaleaks.org
 
 Introduction
 ------------
-`GlobaLeaks <https://www.globaleaks.org>`_ is free, open source software enabling anyone to easily set up and maintain a secure whistleblowing platform.
+This document details the main areas of research development and represents the actual tentative readmap of consolidation planned for 2024-2026 based on the analysis of the large set of user needs collected within the official `Ticketing System <https://github.com/globaleaks/globaleaks-whistleblowing-software/issues>`_.
 
-Started in 2011, the software is now widely used worldwide by more than 3000 organizations working in the fields of anti-corruption activism, human rights violations reporting, investigative journalism, and corporate compliance.
-
-This document details the main areas of research development and represents the actual tentative readmap of consolidation planned for 2024-2026 based on the analysis of the large set of user needs collected within the official `Ticketing System <https://github.com/globaleaks/GlobaLeaks/issues>`_.
-
-Development Areas
+Development areas
 -----------------
 
-Statistics and Reporting
+Statistics and reporting
 ........................
 GlobaLeaks still misses the implementation for any generation of statistics and reports. Such features are considered fundamental in order to properly support users in analysis, investigation and reporting.
 
@@ -31,11 +27,11 @@ Ideas:
 
 Reference tickets:
 
-- https://github.com/globaleaks/GlobaLeaks/issues/1959
-- https://github.com/globaleaks/GlobaLeaks/issues/2254
+- https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/1959
+- https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2254
 
 
-Audit Log
+Audit log
 .........
 GlobaLeaks still misses the implementation of a complete audit logit. This is considered a fundamental feature in order to achieve full accontability of the whistleblowing process and increase security.
 
@@ -46,9 +42,9 @@ Ideas:
 
 Reference tickets:
 
-- https://github.com/globaleaks/GlobaLeaks/issues/2579
-- https://github.com/globaleaks/GlobaLeaks/issues/2580
-- https://github.com/globaleaks/GlobaLeaks/issues/2651
+- https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2579
+- https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2580
+- https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2651
 
 GDPR compliance
 ...............
@@ -57,25 +53,25 @@ In order to be effectively accepted and competitive beside commercial proprietar
 
 Reference tickets:
 
-- https://github.com/globaleaks/GlobaLeaks/issues/2145
-- https://github.com/globaleaks/GlobaLeaks/issues/2658
-- https://github.com/globaleaks/GlobaLeaks/issues/2866
-- https://github.com/globaleaks/GlobaLeaks/issues/2767
-- https://github.com/globaleaks/GlobaLeaks/issues/3011
-- https://github.com/globaleaks/GlobaLeaks/issues/3012
+- https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2145
+- https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2658
+- https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2866
+- https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2767
+- https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/3011
+- https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/3012
 
-Backup and Restore
+Backup and restore
 ..................
 GlobaLeaks currently misses any feature for performing backup and restoring of its setup. These duties are currently performed by its users following typical best manual practices (e.g. archiving the data directory of the application). This project idea is to research the best practices to be applied in this context and to identify suitable strategies for implementing periodic, secure and encrypted backups to be restored upon necessity.
 
 Reference tickets:
 
-- https://github.com/globaleaks/GlobaLeaks/issues/528
-- https://github.com/globaleaks/GlobaLeaks/issues/2149
+- https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/528
+- https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2149
 
 Multitenancy
 ............
-Import and Export of Tenants
+Import and export of tenants
 ............................
 Part of the software is a recent feature of Multitenancy, first implemented in 2018 and stabilized during 2019. Through this feature, GlobaLeaks makes it possible to create multiple setups of itself via virtual sites (similarly to Wordpress multisite feature).
 In order to make it more easy for an administrator to migrate a platform form a system to an other or to enable users to require data portability from a globaleaks provider to an other, for example in relation to GDPR it has been evaluated necessary to improve the multi tenancy implementation by implementing support for import-export of tenants.
@@ -83,10 +79,10 @@ In the context of a whistleblowing application, involving encryption and logging
 
 Reference tickets:
 
-- https://github.com/globaleaks/GlobaLeaks/issues/2632
-- https://github.com/globaleaks/GlobaLeaks/issues/2631
+- https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2632
+- https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2631
 
-Multisite Users
+Multisite users
 ---------------
 (To be further researched)
 
@@ -97,4 +93,4 @@ This could significatively simplify user access enabling the user to have a sing
 
 References tickets:
 
-- https://github.com/globaleaks/GlobaLeaks/issues/2302
+- https://github.com/globaleaks/globaleaks-whistleblowing-software/issues/2302
diff --git a/documentation/scripts/update_locales.sh b/documentation/scripts/update_locales.sh
new file mode 100755
index 0000000000..b7e59f64c3
--- /dev/null
+++ b/documentation/scripts/update_locales.sh
@@ -0,0 +1,28 @@
+#!/bin/bash
+
+# Set the directory where your translation files are located
+TRANSLATION_DIR="../client/app/assets/data_src/pot/"
+
+# Define the list of languages and corresponding .po files to merge
+LANGUAGES=("it" "en" "fr" "es" "de" "ru" "ar" "zh_CN")
+
+# Path to the gettext .pot template file generated by Sphinx
+POT_FILE="_build/gettext/sphinx.pot"
+
+# Check if the .pot file exists, if not generate it
+if [ ! -f "$POT_FILE" ]; then
+  echo "Generating .pot file with Sphinx"
+  sphinx-build -b gettext . _build/gettext
+fi
+
+# Initialize translations for each language if not already initialized
+for LANG in "${LANGUAGES[@]}"; do
+  echo "Initializing translations for language: $LANG"
+
+  # Initialize language directory with sphinx-intl
+  sphinx-intl update -p _build/gettext -l $LANG
+  find locale/$LANG/LC_MESSAGES/ -mindepth 1 ! -name 'sphinx.po' ! -name 'sphinx.mo' -delete
+done
+
+# Compile .po files into .mo files for Sphinx to use
+sphinx-intl build
diff --git a/documentation/security/ApplicationSecurity.rst b/documentation/security/ApplicationSecurity.rst
index e2eb540f5d..8b244a9294 100644
--- a/documentation/security/ApplicationSecurity.rst
+++ b/documentation/security/ApplicationSecurity.rst
@@ -1,5 +1,5 @@
 ====================
-Application Security
+Application security
 ====================
 The GlobaLeaks software aims to adhere to industry-standard best practices, with its security being the result of applied research.
 
@@ -32,11 +32,11 @@ Receipt
 -------
 `Whistleblowers` access their `Reports` using an anonymous `Receipt`, which is a randomly generated 16-digit sequence created by the Backend when the Report is first submitted. This format resembles a standard phone number, making it easier for whistleblowers to conceal their receipts.
 
-Password Security
+Password security
 =================
 The system implements the following password security measures:
 
-Password Storage
+Password storage
 ----------------
 Passwords are never stored in plaintext; instead, the system maintains only a hashed version. This applies to all authentication secrets, including whistleblower receipts.
 
@@ -46,7 +46,7 @@ Passwords are hashed using `Argon2 <https://en.wikipedia.org/wiki/Argon2>`_, a k
 
 The hash involves a per-user salt for each user and a per-system salt for whistleblowers.
 
-Password Complexity
+Password complexity
 -------------------
 The system enforces complex passwords by implementing a custom algorithm necessary to ensure reasonable entropy for each authentication secret.
 
@@ -58,7 +58,7 @@ Passwords are scored at three levels: `Strong`, `Acceptable`, and `Insecure`.
 
 We encourage each end user to use `KeePassXC <https://keepassxc.org>`_ to generate and retain strong, unique passphrases.
 
-Two-Factor Authentication
+Two-factor authentication
 -------------------------
 The system implements Two-Factor Authentication (2FA) based on `TOTP` using the `RFC 6238 <https://tools.ietf.org/rfc/rfc6238.txt>`_ algorithm and 160-bit secrets.
 
@@ -66,25 +66,25 @@ Users can enroll in 2FA via their own preferences, and administrators can option
 
 We recommend using `FreeOTP <https://freeotp.github.io/>`_, available `for Android <https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp>`_ and `for iOS <https://apps.apple.com/us/app/freeotp-authenticator/id872559395>`_.
 
-Slowdown on Failed Login Attempts
+Slowdown on failed login attempts
 ---------------------------------
 The system identifies multiple failed login attempts and implements a slowdown procedure, requiring an authenticating client to wait up to 42 seconds to complete an authentication.
 
 This feature is intended to slow down potential attacks, requiring more resources in terms of time, computation, and memory.
 
-Password Change on First Login
+Password change on first login
 ------------------------------
 The system enforces users to change their password at their first login.
 
 Administrators can also enforce a password change for users at their next login.
 
-Periodic Password Change
+Periodic password change
 ------------------------
 By default, the system enforces users to change their password at least every year.
 
 This period is configurable by administrators.
 
-Password Recovery
+Password recovery
 -----------------
 In case of a lost password, users can request a password reset via the web login interface by clicking on a `Forgot password?` button present on the login page.
 
@@ -94,34 +94,35 @@ By clicking the link received by email, the user is then invited to set a new pa
 
 If encryption is enabled on the system, a user clicking on the reset link must first enter their `Account Recovery Key`. Only after correct entry will the user be able to set a new password.
 
-Web Application Security
+Web application security
 ========================
 This section describes the Web Application Security implemented by the software in adherence to the `OWASP Security Guidelines <https://www.owasp.org>`_.
 
-Session Management
+Session management
 ------------------
 The session implementation follows the `OWASP Session Management Cheat Sheet <https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html>`_ security guidelines.
 
-The system assigns a session to each authenticated user. The Session ID is a 256-bit long secret generated randomly by the backend. Each session expires according to a timeout of 60 minutes. Session IDs are exchanged between the client and the backend via a header (`X-Session`) and expire as soon as users close their browser or the tab running GlobaLeaks. Users can explicitly log out via a logout button or implicitly by closing the browser.
+The system assigns a session to each authenticated user. The Session ID is a 256-bit long secret generated randomly by the backend. Each session expires according to a timeout of 30 minutes. Session IDs are exchanged between the client and the backend via a header (`X-Session`) and expire as soon as users close their browser or the tab running GlobaLeaks. Users can explicitly log out via a logout button or implicitly by closing the browser.
 
-Session Encryption
+Session encryption
 ------------------
 To minimize the exposure of users' encryption keys, the keys are stored in an encrypted format and decrypted only upon each client request.
 
 The implementation uses Libsodium's SecretBox, where the client's session key is used as the secret. Only the client maintains a copy of the session key, while the server retains only a SHA-256 hash.
 
-Cookies and XSRF Prevention
+Cookies and xsrf prevention
 ---------------------------
 Cookies are not used intentionally to minimize XSRF attacks and any possible attacks based on them. Instead of using cookies, authentication is based on a custom HTTP Session Header sent by the client on authenticated requests.
 
-HTTP Headers
+HTTP headers
 ------------
-The system implements a large set of HTTP headers specifically configured to improve software security and achieves a `score A+ <https://securityheaders.com/?q=https%3A%2F%2Ftry.globaleaks.org&followRedirects=on>`_ by `Security Headers <https://securityheaders.com/>`_ and a `score A+ <https://observatory.mozilla.org/analyze/try.globaleaks.org>`_ by `Mozilla Observatory <https://observatory.mozilla.org/>`_.
+The system implements a large set of HTTP headers specifically configured to improve software security and achieves a `score A+ by Security Headers <https://securityheaders.com/?q=https%3A%2F%2Ftry.globaleaks.org&followRedirects=on>`_ and a `score A+ by Mozilla Observatory <https://observatory.mozilla.org/analyze/try.globaleaks.org>`_.
 
 Strict-Transport-Security
 +++++++++++++++++++++++++
 The system implements strict transport security by default.
 ::
+
   Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
 
 The default configuration of the application sees this feature disabled.
@@ -130,6 +131,7 @@ Content-Security-Policy
 +++++++++++++++++++++++
 The backend implements a strict `Content Security Policy (CSP) <https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP>`_ preventing any interaction with third-party resources and restricting the execution of untrusted user input:
 ::
+
   Content-Security-Policy: base-uri 'none'; default-src 'none'; form-action 'none'; frame-ancestors 'none'; sandbox;
 
 Specific policies are implemented in adherence to the principle of least privilege.
@@ -144,103 +146,115 @@ Cross-Origin-Embedder-Policy
 ++++++++++++++++++++++++++++
 The backend implements the following `Cross-Origin-Embedder-Policy (COEP) <https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Embedder-Policy>`_:
 ::
+
   Cross-Origin-Embedder-Policy: require-corp
 
 Cross-Origin-Opener-Policy
 ++++++++++++++++++++++++++
 The backend implements the following `Cross-Origin-Opener-Policy (COOP) <https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Opener-Policy>`_:
 ::
+
   Cross-Origin-Opener-Policy: same-origin
 
 Cross-Origin-Resource-Policy
 ++++++++++++++++++++++++++++
 The backend implements the following `Cross-Origin-Resource-Policy (CORP) <https://developer.mozilla.org/en-US/docs/Web/HTTP/Cross-Origin_Resource_Policy>`_:
 ::
+
   Cross-Origin-Resource-Policy: same-origin
 
 Permissions-Policy
 ++++++++++++++++++
 The backend implements the following Permissions-Policy header configuration to limit the possible de-anonymization of the user by disabling dangerous browser features:
 ::
+
   Permissions-Policy: camera=() display-capture=() document-domain=() fullscreen=() geolocation=() microphone=() serial=() usb=() web-share=()
 
 X-Frame-Options
 +++++++++++++++
 In addition to implementing Content Security Policy level 3 to prevent the application from being included in an iframe, the backend also implements the outdated X-Frame-Options header to ensure that iframes are always prevented in any circumstance, including on outdated browsers:
 ::
+
   X-Frame-Options: deny
 
 Referrer-Policy
 +++++++++++++++
 Web browsers usually attach referrers in their HTTP headers as they browse links. The platform enforces a referrer policy to avoid this behavior.
 ::
+
   Referrer-Policy: no-referrer
 
 X-Content-Type-Options
 ++++++++++++++++++++++
 To avoid automatic MIME type detection by the browser when setting the Content-Type for specific output, the following header is used:
 ::
+
   X-Content-Type-Options: nosniff
 
 Cache-Control
 +++++++++++++
 To prevent or limit forensic traces left on devices used by whistleblowers and in devices involved in communication with the platform, as specified in section ``3. Storing Responses in Caches`` of `RFC 7234 <https://tools.ietf.org/html/rfc7234>`__, the platform uses the ``Cache-Control`` HTTP header with the configuration ``no-store`` to instruct clients and possible network proxies to disable any form of data caching.
 ::
+
   Cache-Control: no-store
 
-Crawlers Policy
+Crawlers policy
 ---------------
 For security reasons, the backend instructs crawlers to avoid caching and indexing of the application and uses the ``robots.txt`` file to allow crawling only of the home page. Indexing the home page is considered best practice to promote the platform's existence and facilitate access for potential whistleblowers.
 
 The implemented configuration is as follows:
 ::
+
   User-agent: *
   Allow: /$
   Disallow: *
 
 The platform also instructs crawlers to avoid caching by injecting the following HTTP header:
 ::
+
   X-Robots-Tag: noarchive
 
 For highly sensitive projects where the platform is intended to remain ``hidden`` and communicated to potential whistleblowers directly, it can be configured to disable indexing completely.
 
 In such cases, the following HTTP header is used:
 ::
+
   X-Robots-Tag: noindex
 
-Anchor Tags and External URLs
+Anchor tags and external urls
 -----------------------------
 The client opens external URLs in a new tab, independent of the application context, by setting ``rel='noreferrer'`` and ``target='_blank'``` on every anchor tag.
 ::
+
   <a href="url" rel="noreferrer" target="_blank">link title</a>
 
-Input Validation
+Input validation
 ----------------
 The application implements strict input validation both on the backend and on the client.
 
-On the Backend
+On the backend
 ++++++++++++++
 Each client request is strictly validated by the backend against a set of regular expressions, and only requests matching the expressions are processed.
 
 Additionally, a set of rules is applied to each request type to limit potential attacks. For example, any request is limited to a payload of 1MB.
 
-On the Client
+On the client
 +++++++++++++
 Each server output is strictly validated by the client at rendering time using the Angular component `ngSanitize.$sanitize <http://docs.angularjs.org/api/ngSanitize.$sanitize>`__.
 
-Form Autocomplete OFF
+Form autocomplete off
 ---------------------
 Forms implemented by the platform use the HTML5 form attribute to instruct the browser not to cache user data for form prediction and autocomplete on subsequent submissions.
 
 This is achieved by setting `autocomplete="off" <https://www.w3.org/TR/html5/forms.html=autofilling-form-controls:-the-autocomplete-attribute>`__ on the relevant forms or attributes.
 
-Network Security
+Network security
 ================
-Connection Anonymity
+Connection anonymity
 --------------------
 User anonymity is provided through the implementation of `Tor <https://www.torproject.org/>`__ technology. The application implements an ``Onion Service v3`` and advises users to use the Tor Browser when accessing it.
 
-Connection Encryption
+Connection encryption
 ---------------------
 User connections are always encrypted, either through the `Tor Protocol <https://www.torproject.org>`__ when using the Tor Browser or via `TLS <https://en.wikipedia.org/wiki/Transport_Layer_Security>`__ when accessed through a common browser.
 
@@ -254,6 +268,7 @@ The configuration enables only ``TLS1.2+`` and is fine-tuned and hardened to ach
 
 In particular, only the following ciphers are enabled:
 ::
+
   TLS13-AES-256-GCM-SHA384
   TLS13-CHACHA20-POLY1305-SHA256
   TLS13-AES-128-GCM-SHA256
@@ -264,13 +279,13 @@ In particular, only the following ciphers are enabled:
   ECDHE-ECDSA-AES128-GCM-SHA256
   ECDHE-RSA-AES128-GCM-SHA256
 
-Network Sandboxing
+Network sandboxing
 -------------------
 The GlobaLeaks backend integrates `iptables <https://www.netfilter.org/>`__ by default and implements strict firewall rules that restrict incoming network connections to HTTP and HTTPS on ports 80 and 443.
 
 Additionally, the application allows anonymizing outgoing connections, which can be configured to route through Tor.
 
-Data Encryption
+Data encryption
 ===============
 Submission data, file attachments, messages, and metadata exchanged between whistleblowers and recipients are encrypted using the GlobaLeaks :doc:`EncryptionProtocol`.
 
@@ -281,40 +296,44 @@ GlobaLeaks also incorporates various other encryption components. The main libra
 * `Python-Cryptography <https://cryptography.io>`__: used for implementing authentication
 * `Python-GnuPG <http://pythonhosted.org/python-gnupg/index.html>`__: used for encrypting email notifications and file downloads via ```PGP```
 
-Application Sandboxing
+Application sandboxing
 ======================
 The GlobaLeaks backend integrates `AppArmor <https://apparmor.net/>`__ by default and implements a strict sandboxing profile, allowing the application to access only the strictly required files. Additionally, the application runs under a dedicated user and group "globaleaks" with reduced privileges.
 
-Database Security
+Database security
 =================
 The GlobaLeaks backend uses a hardened local SQLite database accessed via SQLAlchemy ORM.
 
 This design choice ensures the application can fully control its configuration while implementing extensive security measures in adherence to the `security recommendations by SQLite <https://sqlite.org/security.html>`__.
 
-Secure Deletion
+Secure deletion
 ---------------
 The GlobaLeaks backend enables SQLite’s secure deletion capability, which automatically overwrites the database data upon each delete query:
 ::
+
   PRAGMA secure_delete = ON
 
-Auto Vacuum
+Auto vacuum
 -----------
 The platform enables SQLite’s auto vacuum capability for automatic cleanup of deleted entries and recall of unused pages:
 ::
+
   PRAGMA auto_vacuum = FULL
 
-Limited Database Trust
+Limited database trust
 ----------------------
 The GlobaLeaks backend uses the SQLite `trusted_schema <https://www.sqlite.org/src/doc/latest/doc/trusted-schema.md>`__ pragma to limit trust in the database, mitigating risks of malicious corruption.
 ::
+
   PRAGMA trusted_schema = OFF
 
-Limited Database Functionalities
+Limited database functionalities
 --------------------------------
 The GlobaLeaks backend restricts SQLite functionalities to only those necessary for running the application, reducing the potential for exploitation in case of SQL injection attacks.
 
 This is implemented using the ```conn.set_authorizer``` API and a strict authorizer callback that authorizes only a limited set of SQL instructions:
 ::
+
   SQLITE_FUNCTION: count, lower, min, max
   SQLITE_INSERT
   SQLITE_READ
@@ -322,7 +341,7 @@ This is implemented using the ```conn.set_authorizer``` API and a strict authori
   SQLITE_TRANSACTION
   SQLITE_UPDATE
 
-DoS Resiliency
+DoS resiliency
 ==============
 To mitigate denial of service attacks, GlobaLeaks applies the following measures:
 
@@ -331,15 +350,15 @@ To mitigate denial of service attacks, GlobaLeaks applies the following measures
 * Limits the possibility of triggering CPU-intensive routines by external users (e.g., limits on query and job execution times).
 * Monitors activity to detect and respond to attacks, implementing proactive security measures to prevent DoS (e.g., slowing down fast operations).
 
-Proof of Work on Users' Sessions
+Proof of work on users' sessions
 --------------------------------
 The system implements an automatic `Proof of Work <https://en.wikipedia.org/wiki/Proof_of_work>`__ based on the hashcash algorithm for every user session, requiring clients to request a token and continuously solve a computational problem to acquire and renew the session.
 
-Rate Limit on Users' Sessions
+Rate limit on users' sessions
 ------------------------------
 The system implements rate limiting on user sessions, preventing more than 5 requests per second and applying increasing delays on requests that exceed this threshold.
 
-Rate Limit on Whistleblowers' Reports and Attachments
+Rate limit on whistleblowers' reports and attachments
 -----------------------------------------------------
 The system applies rate limiting on whistleblower reports and attachments, preventing new submissions and file uploads if thresholds are exceeded.
 
@@ -355,11 +374,12 @@ Implemented thresholds are:
 
 In case of necessity, threshold configurations can be adjusted using the `gl-admin` command as follows:
 ::
+
   gl-admin setvar threshold_reports_per_hour 1
 
-Other Measures
+Other measures
 ==============
-Browser History and Forensic Traces
+Browser history and forensic traces
 -----------------------------------
 The entire application is designed to minimize or reduce the forensic traces left by whistleblowers on their devices while filing reports.
 
@@ -367,13 +387,13 @@ When accessed via the Tor Browser, the browser ensures that no persistent traces
 
 To prevent or limit forensic traces in the browser history of users accessing the platform via a common browser, the application avoids changing the URI during whistleblower navigation. This prevents the browser from logging user activities and offers high plausible deniability, making the whistleblower appear as a simple visitor to the homepage and avoiding evidence of any submission.
 
-Secure File Management
+Secure file management
 ----------------------
-Secure File Download
+Secure file download
 ++++++++++++++++++++
 Any attachment uploaded by anonymous whistleblowers might contain malware, either intentionally or not. It is highly recommended, if possible, to download files and access them on an air-gapped machine disconnected from the network and other sensitive devices. To facilitate safe file downloads and transfers using a USB stick, the application provides the option to export reports, enabling the download of a ZIP archive containing all report content. This reduces the risk of executing files during the transfer process.
 
-Safe File Opening
+Safe file opening
 +++++++++++++++++
 For scenarios where the whistleblower's trustworthiness has been validated or in projects with a low-risk threat model, the application offers an integrated file viewer. This viewer, leveraging modern browser sandboxing capabilities, allows the safe opening of a limited set of file types considered more secure than accessing files directly through the operating system. This feature is disabled by default. Administrators should enable it only after thorough evaluation and ensure that recipients' browsers are kept up-to-date.
 
@@ -388,7 +408,7 @@ The supported file formats are:
 
 The default configuration has this feature disabled.
 
-PGP Encryption
+PGP encryption
 ++++++++++++++
 The system offers an optional PGP encryption feature.
 
@@ -398,11 +418,11 @@ This feature is recommended for high-risk threat models, especially when used in
 
 The default configuration has this feature disabled.
 
-Encryption of Temporary Files
+Encryption of temporary files
 -----------------------------
 Files uploaded and temporarily stored on disk during the upload process are encrypted with a temporary, symmetric AES key to prevent any unencrypted data from being written to disk. Encryption is performed in streaming mode using `AES 128-bit` in `CTR mode`. Key files are stored in memory and are unique for each file being uploaded.
 
-Secure File Delete
+Secure file delete
 ------------------
 Every file deleted by the application is overwritten before the file space is released on disk.
 
@@ -412,20 +432,20 @@ The overwrite routine is executed by a periodic scheduler and follows these step
 * A second overwrite writes 1 across the entire file;
 * A third overwrite writes random bytes across the entire file.
 
-Exception Logging and Redaction
+Exception logging and redaction
 -------------------------------
 To quickly diagnose potential software issues when client exceptions occur, they are automatically reported to the backend. The backend temporarily caches these exceptions and sends them to the backend administrator via email.
 
 To prevent inadvertent information leaks, logs are processed through filters that redact email addresses and UUIDs.
 
-Entropy Sources
+Entropy sources
 ---------------
 The primary source of entropy for the platform is `/dev/urandom`.
 
-UUIDv4 Randomness
+UUIDv4 randomness
 -----------------
 System resources like submissions and files are identified by UUIDv4 to make them unguessable by external users and limit potential attacks.
 
-TLS for SMTP Notification
+TLS for smtp notification
 -------------------------
 All notifications are sent through an SMTP channel encrypted with TLS, using either SMTP/TLS or SMTPS, depending on the configuration.
diff --git a/documentation/security/EncryptionProtocol.rst b/documentation/security/EncryptionProtocol.rst
index c4e7d8736d..5574ad1c7a 100644
--- a/documentation/security/EncryptionProtocol.rst
+++ b/documentation/security/EncryptionProtocol.rst
@@ -1,4 +1,4 @@
-Encryption Protocol
+Encryption protocol
 ===================
 GlobaLeaks implements an encryption protocol specifically designed for anonymous whistleblowing applications.
 
@@ -10,7 +10,7 @@ To enable users to recover their accounts in case they forget their passwords, t
 
 To prevent data loss in case users lose both their password and their account recovery key, the system can be configured to use a `Key Escrow`_ mechanism. This delegates the responsibility of supporting users in recovering access to their accounts to administrators. This capability enhances the project's resilience against data loss due to users' death or conflicts of interest within the recipient team. However, it also means that administrators with access to escrow keys could potentially access other users' accounts and data. Project owners should carefully decide whether to enable this feature based on the project's threat model and document their decision in the project's privacy policies.
 
-Encryption's Workflow
+Encryption's workflow
 #####################
 * Users choose a secure personal password during their first login using an account activation link.
 * The system creates a personal asymmetric keypair for each user and stores the private key symmetrically encrypted with a secret derived from the user's password.
@@ -22,7 +22,7 @@ Encryption's Workflow
 * The system encrypts the report, attachments, comments, and metadata with the public key generated for the report.
 * The system grants each involved user access to their reports and facilitates communication by automatically locking and unlocking the involved keys when a report is accessed or new communication is made.
 
-Encryption's Details
+Encryption's details
 ####################
 Algorithms
 ----------
@@ -32,7 +32,7 @@ Algorithms
    "Asymmetric encryption", "`Libsodium SealedBoxes <https://pynacl.readthedocs.io/en/stable/public/#nacl.public.SealedBox>`_, which combines Curve25519, XSalsa20, and Poly1305 algorithms."
    "Symmetric encryption", "`Libsodium SecretBoxes <https://pynacl.readthedocs.io/en/stable/secret/#nacl.secret.SecretBox>`_, which combines XSalsa20 and Poly1305."
 
-Users’ Credentials
+Users’ credentials
 ------------------
 The system uses two types of credentials depending on the user role:
 
@@ -47,25 +47,25 @@ Assumptions:
 * The system enforces strong password complexity.
 * The system enforces expiration of receipts according to a strict data retention policy that limits the number of concurrent active receipts.
 
-Users’ Keys
+Users’ keys
 -----------
 .. csv-table::
    :header: "Type", "Generation", "Storage"
 
    "ECC Curve25519 keypair", "Generated by the backend during first user login for authenticated users and upon submission for whistleblowers", "Keys are stored on the backend encrypted using symmetric encryption. The symmetric key used for encrypting users’ keys is derived from the users’ credentials using the KDF function `Argon2ID <https://password-hashing.net/argon2-specs.pdf>`_. The parameters for Argon2ID used for KDF are stronger than those used for user authentication, with the hash stored. The parameters are selected to require 128MB of memory per login and 1 second of computation."
 
-Data Encryption's Keys
+Data encryption's keys
 ----------------------
 .. csv-table::
    :header: "Type", "Generation", "Storage"
 
    "256-bit keys", "Generated by the backend for each report", "Keys are stored on the backend filesystem encrypted using asymmetric encryption with Users’ and Whistleblower’s keys, respectively."
 
-Key Generation
+Key generation
 ##############
 Users' encryption keys are automatically generated during the first login and secured using the user passphrase. This straightforward but effective key generation policy requires users to complete their first login before being able to receive reports.
 
-Key Recovery
+Key recovery
 ############
 The system implements a key recovery mechanism using a recovery key and symmetric encryption.
 
@@ -73,7 +73,7 @@ When a user key is generated, the private key is symmetrically encrypted with a
 
 For usability reasons, this recovery key is also securely encrypted and stored on the backend, allowing logged-in users who possess their password to retrieve and print their own account recovery key.
 
-Key Escrow
+Key escrow
 ##########
 The system offers an optional key escrow mechanism to mitigate data loss in the event of users losing their passwords.
 
diff --git a/documentation/security/PenetrationTests.rst b/documentation/security/PenetrationTests.rst
index 738ebb766a..86e88f4874 100644
--- a/documentation/security/PenetrationTests.rst
+++ b/documentation/security/PenetrationTests.rst
@@ -1,5 +1,5 @@
 ===============
-Security Audits
+Security audits
 ===============
 
 GlobaLeaks undergoes independent security audits periodically to verify and enhance the security of the system. This page lists the most significant reports available.
@@ -8,7 +8,7 @@ We aim to have audits conducted at least every two years, thanks to funding oppo
 
 If you have conducted or are considering sponsoring a security audit, please email us at `info@globaleaks.org <mailto:info@globaleaks.org>`_. This is especially important for general software security. When requesting a company to audit the software, always remember to ask if the report can be published afterward; many auditors may not agree to publish the report later, which has often led to wasted project resources.
 
-If you are an independent security auditor or, during your peer review of GlobaLeaks, you discover or suspect a vulnerability, please do not file a public issue. Instead, send your report privately through our reporting form at https://github.com/globaleaks/GlobaLeaks/security/advisories/new or via email to `security@globaleaks.org <mailto:security@globaleaks.org>`_.
+If you are an independent security auditor or, during your peer review of GlobaLeaks, you discover or suspect a vulnerability, please do not file a public issue. Instead, send your report privately through our `reporting form <https://github.com/globaleaks/globaleaks-whistleblowing-software/security/advisories/new>`_ or via email to `security@globaleaks.org <mailto:security@globaleaks.org>`_.
 
 .. csv-table::
    :header: "Date", "Auditor", "Goal", "Report"
diff --git a/documentation/security/ThreatModel.rst b/documentation/security/ThreatModel.rst
index e21a19e709..bda2924a97 100644
--- a/documentation/security/ThreatModel.rst
+++ b/documentation/security/ThreatModel.rst
@@ -1,11 +1,11 @@
 ============
-Threat Model
+Threat model
 ============
 GlobaLeaks is a free and open-source whistleblowing software designed for various usage scenarios, each requiring a balance between strong security and high usability. These two requirements are crucial for managing whistleblowing procedures effectively, protecting whistleblowers, and achieving specific project goals. Given the variety of use cases and associated risks, the software can be configured to address the specific threat model detailed here.
 
 This document is intended for organizations implementing a whistleblowing procedure using GlobaLeaks. It supports the analysis and understanding of the specific threat model relevant to their context and risks and guides users in selecting best practices for their project.
 
-Users Matrix
+Users matrix
 ============
 The first step is to define the types of users interacting with a GlobaLeaks platform.
 
@@ -18,7 +18,7 @@ The first step is to define the types of users interacting with a GlobaLeaks pla
 
 It is crucial to apply security measures relative to the users of the platform, aiming to achieve an appropriate tradeoff between security and usability.
 
-Anonymity Matrix
+Anonymity matrix
 ================
 The anonymity of users must be classified depending on the context of use, as follows:
 
@@ -30,7 +30,7 @@ The anonymity of users must be classified depending on the context of use, as fo
 
 The platform always informs users of their current anonymity status and provides guidance on best practices for anonymous access via the Tor Browser. Administrators may enforce the requirement that Whistleblowers use the Tor Browser to file reports, depending on the use case.
 
-Communication Security Matrix
+Communication security matrix
 =============================
 The security of communication concerning third-party monitoring varies based on the context of use.
 
@@ -40,6 +40,7 @@ The security of communication concerning third-party monitoring varies based on
    "High security", "Tor is used, and communication is encrypted end-to-end with the GlobaLeaks platform, ensuring that no third party can eavesdrop on the communication."
    "Medium security", "HTTPS is used, and communication is encrypted end-to-end with the GlobaLeaks platform. A third party capable of manipulating HTTPS security (e.g., re-issuing TLS certificates) could eavesdrop on the communication. If HTTPS security is maintained, monitoring the user's communication line or the GlobaLeaks platform's communication line is not feasible."
 
+Identity disclosure matrix
 ==========================
 Regardless of the anonymity matrix, users may choose or be required to disclose their identity.
 
@@ -61,7 +62,7 @@ Voluntary identity disclosure may be required in certain whistleblowing procedur
 
 The distinction between “MAY” and “MUST” refers to the actions of recipients and is a fundamental element of the guarantees provided to whistleblowers in many initiatives (e.g., a corporate or institutional whistleblowing platform should not follow a MUST approach for anonymous submission follow-up, treating such submissions as tip-offs rather than formal reports).
 
-Usage Scenarios Matrix
+Usage scenarios matrix
 ======================
 This section provides examples of how different anonymity levels for users can be combined depending on the context of use.
 
@@ -93,7 +94,7 @@ GlobaLeaks will provide appropriate security awareness information through its u
    "", "Recipient", "Confidential", "Confidential", "Medium security"
    "", "Admin", "No anonymity", "Disclosed", "Medium security"
 
-Data Security Matrix
+Data security matrix
 ====================
 This section highlights the data handled by GlobaLeaks and the protection schemes applied to it.
 
@@ -117,11 +118,11 @@ Below is a matrix showing the different security measures applied to data.
    "Submission attachments", "Encrypted on the filesystem with per-user/per-submission keys", "Extension blocking, Antivirus", "N/A"
    "Email notifications", "Encrypted with PGP when recipient keys are available", "Antispam to prevent flooding", "N/A"
 
-Threats to Anonymity and Confidentiality
+Threats to anonymity and confidentiality
 ========================================
 This section highlights various threats that require specific consideration.
 
-Browser History and Cache
+Browser history and cache
 -------------------------
 GlobaLeaks uses crafted HTTP headers and other techniques to minimize leaking information into a user’s browser history or cache. While this privacy feature enhances safety, it cannot guarantee protection against forensic analysis of browser cache and history but serves as an additional safety measure.
 
@@ -129,30 +130,30 @@ Metadata
 --------
 Files may contain metadata related to the author or whistleblower. Cleaning metadata from submitted files helps protect an "unaware" whistleblower from inadvertently including information that may compromise their anonymity. GlobaLeaks does not automatically clean metadata by default, as metadata is considered a fundamental part of the original evidence that should be preserved. Metadata cleanup is an optional step that may be suggested to Whistleblowers or performed by Recipients when sharing documents with others. When sharing files with external parties, Recipients are advised to print the document and provide a hard copy to ensure that only visible information is shared, avoiding the risk of sharing sensitive metadata. For more on metadata and redacting digital files, see the article `Everything you wanted to know about media metadata, but were afraid to ask <https://freedom.press/training/everything-you-wanted-know-about-media-metadata-were-afraid-ask/>`_ by Harlo Holmes. A useful tool for these procedures is the `Metadata Anonymization Toolkit <https://0xacab.org/jvoisin/mat2>`_.
 
-Malware and Trojans
+Malware and trojans
 -------------------
 GlobaLeaks cannot prevent an attacker from using the platform maliciously to target recipients with malware or trojans. To mitigate risks of data exfiltration through trojans, Recipients should implement proper operational security by using dedicated laptops for report viewing and opening file attachments on offline computers. Wherever possible, they should use specialized secure operating systems like `QubesOS <https://www.qubes-os.org/>`_ or `Tails <https://tails.boum.org/>`_ and ensure up-to-date antivirus software is running.
 
-Network and Reverse Proxies
+Network and reverse proxies
 ---------------------------
 GlobaLeaks is designed for use with direct Tor or TLS connections from the user’s browser to the application backend. The use of Network and Reverse Proxies in front of the application is discouraged as they can interfere with the application and compromise confidentiality and anonymity measures implemented in GlobaLeaks.
 
-Data Stored Outside the Platform
+Data stored outside the platform
 --------------------------------
 GlobaLeaks does not provide security for data stored outside the GlobaLeaks system. It is the responsibility of Recipients to protect data downloaded from the platform or shared via external USB drives. The operating system used or the USB drive should offer encryption to ensure that, in case of device loss or theft, the data remains inaccessible.
 
-Environmental Factors
+Environmental factors
 ---------------------
 GlobaLeaks does not protect against environmental factors related to users' physical locations or social relationships. For example, if a user has a surveillance device in their home, GlobaLeaks cannot provide protection. Similarly, if a whistleblower, who is supposed to be anonymous, shares their story with friends or coworkers, GlobaLeaks cannot offer protection.
 
-Incorrect Data Retention Policies
+Incorrect data retention policies
 ---------------------------------
 GlobaLeaks implements a strict default data retention policy of 90 days to allow users to manage reports within a limited time frame necessary for investigations. If the platform is configured to retain reports for an extended period and Recipients do not manually delete unnecessary reports, the value of the data increases, along with the risk of exposure.
 
-Human Negligence
+Human negligence
 ----------------
 While GlobaLeaks provides Administrators with the ability to fine-tune security configurations and continuously informs users about their security context, it cannot protect against major security threats resulting from human negligence. For instance, if a Whistleblower submits data that can identify them as the unique owner or recent viewer, GlobaLeaks cannot protect their identity.
 
-Advanced Traffic Analysis
+Advanced traffic analysis
 -------------------------
 An attacker monitoring HTTPS traffic, without the ability to decrypt it, can still identify user roles based on different network traffic patterns generated by Whistleblowers, Recipients, and Administrators. GlobaLeaks does not offer protection against this type of threat. We recommend using `Tor pluggable transports <https://2019.www.torproject.org/docs/pluggable-transports.html.en>`_ or other methods that provide additional protection against such attacks.
diff --git a/documentation/setup/InstallationGuide.rst b/documentation/setup/InstallationGuide.rst
index b9335bffd2..39c4232ca2 100644
--- a/documentation/setup/InstallationGuide.rst
+++ b/documentation/setup/InstallationGuide.rst
@@ -1,4 +1,4 @@
-Installation Guide
+Installation guide
 ==================
 The following guide will help you through the installation of GlobaLeaks.
 
diff --git a/documentation/setup/PlatformWizard.rst b/documentation/setup/PlatformWizard.rst
index bfe8aceebb..6785dd9e01 100644
--- a/documentation/setup/PlatformWizard.rst
+++ b/documentation/setup/PlatformWizard.rst
@@ -1,4 +1,4 @@
-Platform Wizard
+Platform wizard
 ===============
 After installing GlobaLeaks, you can proceed with the platform wizard.
 
@@ -6,19 +6,19 @@ Open a browser at port 443 or port 8443 on your remote or local IP, respectively
 
 We recommend performing the wizard either using the Tor address provided at the end of the setup or on localhost via a VPN.
 
-Choose the Primary Language for Your Site
+Choose the primary language for your site
 -----------------------------------------
 On the first page of the wizard, you will be prompted to select the language for your site. The default choice is English, but many other languages are available, with more expected in the future.
 
 .. image:: ../images/wizard/1.png
 
-Choose a Name for Your Project
+Choose a name for your project
 ------------------------------
 In the second section of the wizard, configure the name of your project.
 
 .. image:: ../images/wizard/2.png
 
-Configure the Account for the Administrator of Your Whistleblowing Site
+Configure the account for the administrator of your whistleblowing site
 -----------------------------------------------------------------------
 In the third section of the wizard, configure the account details for the administrator of your project.
 
@@ -26,19 +26,19 @@ Be sure to choose a strong password to protect this sensitive account; an indica
 
 .. image:: ../images/wizard/3.png
 
-Configure the Account for the First Recipient of Reports
+Configure the account for the first recipient of reports
 --------------------------------------------------------
 In the fourth section of the wizard, configure the account details for the first recipient of reports sent to your project.
 
 .. image:: ../images/wizard/4.png
 
-Read and Accept the License
+Read and accept the license
 ---------------------------
 In the fifth section of the wizard, you will be prompted to read and accept the GlobaLeaks License.
 
 .. image:: ../images/wizard/5.png
 
-Complete the Wizard
+Complete the wizard
 -------------------
 The sixth section of the wizard confirms the completion of the setup.
 
diff --git a/documentation/user/Admin.rst b/documentation/user/Admin.rst
index 0ca9eb7c1b..7dd90cbe9c 100644
--- a/documentation/user/Admin.rst
+++ b/documentation/user/Admin.rst
@@ -1,4 +1,4 @@
-For Administrators
+For administrators
 ==================
 
 .. toctree::
diff --git a/documentation/user/Common.rst b/documentation/user/Common.rst
index 2f723a8821..0f86440b4a 100644
--- a/documentation/user/Common.rst
+++ b/documentation/user/Common.rst
@@ -1,4 +1,4 @@
-Common to All Users
+Common to all users
 ===================
 Login
 -----
@@ -6,19 +6,19 @@ Users could login by accessing the ``/#/login`` page.
 
 .. image:: ../images/user/login.png
 
-Access the User Preferences
+Access the user preferences
 ---------------------------
 After login Users could access their preferences by clicking the ``Preferences`` link present in the login status bar.
 
 .. image:: ../images/user/preferences.png
 
-Change Your Password
+Change your password
 --------------------
 Users could change their own password by accessing the ``Password`` tab present in the ``Preferences`` page.
 
 .. image:: ../images/user/password.png
 
-Reset Your Password
+Reset your password
 -------------------
 Users could requests a password reset via the ``/#/login`` page by clicking the ``Forgot password?`` button.
 
@@ -30,7 +30,7 @@ After clicking the button users are requested to type their own username or emai
 
 .. image:: ../images/user/password_reset_2.png
 
-Enable Two-Factor-Authentication (2FA)
+Enable two-factor-authentication (2fa)
 --------------------------------------
 Users could enable Two-Factor-Authentication by clicking the ``Enable two factor authentication`` option inside the ``Preferences`` page.
 
@@ -38,7 +38,7 @@ To enable the feature the user requires to have a phone with installed a common
 
 .. image:: ../images/user/2fa.png
 
-Access and Save Your Account Recovery Key
+Access and save your account recovery key
 -----------------------------------------
 Users could access their own Account Recovery key by clicking the ``Account Recovery Key`` button present in the ``Preferences`` page.
 
diff --git a/documentation/user/Recipient.rst b/documentation/user/Recipient.rst
index 985ab1466e..ab17fa9337 100644
--- a/documentation/user/Recipient.rst
+++ b/documentation/user/Recipient.rst
@@ -1,7 +1,7 @@
-For Recipients
+For recipients
 ==============
 
-Access the List of the Existing Reports
+Access the list of the existing reports
 -------------------------------------------
 The lists of the existing reports can be accessed via the link ``Reports`` on the sidebar of the Recipient's Homepage.
 
@@ -9,7 +9,7 @@ The lists of the existing reports can be accessed via the link ``Reports`` on th
 
 .. image:: ../images/recipient/reports.png
 
-Access a Report
+Access a report
 ---------------
 A report can be accessed in two ways:
 
diff --git a/documentation/user/Whistleblower.rst b/documentation/user/Whistleblower.rst
index 20fd61b6f5..38c3dece69 100644
--- a/documentation/user/Whistleblower.rst
+++ b/documentation/user/Whistleblower.rst
@@ -1,7 +1,7 @@
-For Whistleblowers
+For whistleblowers
 ==================
 
-File a New Report
+File a new report
 -----------------
 A new report can be filed by accessing the homepage of the platform and clicking the ``File a report`` button.
 
@@ -13,7 +13,7 @@ After filing a new report the systems provides to the user a 16-digit receipt.
 
 .. image:: ../images/whistleblower/receipt.png
 
-Access an Existing Report
+Access an existing report
 -------------------------
 An existing report can be accessed by entering the 16-digit receipt obtained at the end of the submission on the login interface present on the home page of the platform.
 
diff --git a/documentation/user/admin/BackupAndRestore.rst b/documentation/user/admin/BackupAndRestore.rst
index 0da88d0f4b..616e4853a1 100644
--- a/documentation/user/admin/BackupAndRestore.rst
+++ b/documentation/user/admin/BackupAndRestore.rst
@@ -1,4 +1,4 @@
-Backup and Restore
+Backup and restore
 ==================
 
 To perform a manual backup, you can use the following bash script:
diff --git a/documentation/user/admin/CommonConfigurations.rst b/documentation/user/admin/CommonConfigurations.rst
index 290569f861..f24ec3764e 100644
--- a/documentation/user/admin/CommonConfigurations.rst
+++ b/documentation/user/admin/CommonConfigurations.rst
@@ -1,6 +1,6 @@
-Common Configurations
+Common configurations
 =====================
-Configure the Logo
+Configure the logo
 ------------------
 The first thing you want to give to your whistleblowing site is a branding identity; this could be done by loading a logo in section Site settings / Main configuration.
 
@@ -8,7 +8,7 @@ The first thing you want to give to your whistleblowing site is a branding ident
 
 Scroll down along the page to reach the "Save" button, click on it and have your logo and favicon applied.
 
-Enable Languages
+Enable languages
 ----------------
 You may want your GlobaLeaks installation served on more than one language
 
@@ -18,7 +18,7 @@ Note that in the same interface you can mark the default application language.
 
 .. image:: ../../images/admin/site_settings_languages_detail.png
 
-Configure Notification Settings
+Configure notification settings
 -------------------------------
 GlobaLeaks sends out notifications of different events to different receivers and to admins. In order to have this working, you have to select  "Notification Settings" in the "Administration Interface - General Settings" page and set up email account and related server parameters.
 
@@ -46,14 +46,14 @@ Once configured all the parameters for notifications, it is possible to test the
 
 If all is working as expected, click on the "Save" button to keep the configured parameters.
 
-Configure Recipients
+Configure recipients
 --------------------
 The Recipient is the person that will receive and process the data that whistleblowers input in the platform.
 You can have one or multiple Recipients per Context, and also have one Recipient that can access to multiple Contexts. The platform is very flexible on this and allows you to define in very detail your whistleblowing system and procedure.
 
-Customize the Graphic Layout
+Customize the graphic layout
 ----------------------------
-Example 1: Custom Background
+Example 1: custom background
 ............................
 This CSS example shows how to customize the Background Color of the application.
 
@@ -64,7 +64,7 @@ This CSS example shows how to customize the Background Color of the application.
       background-color: blue;
    }
 
-Example 2: Custom Font
+Example 2: custom font
 ......................
 This CSS example shows how to customize the font of the application.
 
diff --git a/documentation/user/admin/TroubleShooting.rst b/documentation/user/admin/TroubleShooting.rst
index b181b2eb2c..307cd23955 100644
--- a/documentation/user/admin/TroubleShooting.rst
+++ b/documentation/user/admin/TroubleShooting.rst
@@ -1,7 +1,7 @@
 Troubleshooting
 ===============
 
-Issues and Bug Reporting
+Issues and bug reporting
 ------------------------
 
 If you encounter any issues and are unable to run GlobaLeaks:
@@ -9,9 +9,9 @@ If you encounter any issues and are unable to run GlobaLeaks:
 - Ensure you strictly follow the Installation Guide.
 - Verify that you meet the Technical Requirements for hardware and operating system version.
 - Search the support forum to see if a user has already encountered your issue: `GlobaLeaks Discussions <https://github.com/orgs/globaleaks/discussions>`_
-- Report the issue on the official software issue tracker: `GlobaLeaks Issues <https://github.com/globaleaks/GlobaLeaks/issues>`_
+- Report the issue on the official software issue tracker: `GlobaLeaks Issues <https://github.com/globaleaks/globaleaks-whistleblowing-software/issues>`_
 
-Useful Debugging Commands
+Useful debugging commands
 -------------------------
 
 Depending on your setup, here are some common checks to determine if GlobaLeaks is working:
@@ -41,7 +41,7 @@ Depending on your setup, here are some common checks to determine if GlobaLeaks
   less /var/globleaks/log/globaleaks.log
 
 
-Log Files
+Log files
 ---------
 Here are some useful logs and their corresponding files when GlobaLeaks is installed:
 
diff --git a/documentation/user/admin/UpgradeGuide.rst b/documentation/user/admin/UpgradeGuide.rst
index 8a16fe14db..554f501acd 100644
--- a/documentation/user/admin/UpgradeGuide.rst
+++ b/documentation/user/admin/UpgradeGuide.rst
@@ -1,6 +1,6 @@
-Upgrade Guide
+Upgrade guide
 =============
-Regular Update
+Regular update
 --------------
 To safely upgrade a GlobaLeaks installation please proceed with a backup of your setup by following the :doc:`Backup and restore </user/admin/BackupAndRestore>` guide.
 
@@ -12,7 +12,7 @@ In order to update GlobaLeaks perform the following commands:
 
    apt-get update && apt-get install globaleaks
 
-Upgrade of the Distribution Version
+Upgrade of the distribution version
 -----------------------------------
 For security and stability reasons it is recommended to not perform a distribution upgrade.
 
@@ -23,7 +23,7 @@ GlobaLeaks could be instead easily migrated to a new up-to-date Debian system wi
 - log on the new server and extract the backup in /var/globaleaks
 - follow the :doc:`Installation Guide </setup/InstallationGuide>`; GlobaLeaks while installing will recognize the presence of an existing data directory and will use it
 
-In Case of Errors
+In case of errors
 -----------------
 The above commands should allow you to perform regularly updates. On some conditions due to special updates it could be possible that those commands result in a failure. Consult this page for knowning specific FAQs on precise failures.
 
diff --git a/documentation/user/admin/UserInterface.rst b/documentation/user/admin/UserInterface.rst
index 9cfe54f35b..7223759c6e 100644
--- a/documentation/user/admin/UserInterface.rst
+++ b/documentation/user/admin/UserInterface.rst
@@ -1,4 +1,4 @@
-User Interface
+User interface
 ==============
 This section offers you a summary of the user interface offered to Admin users.
 
@@ -61,13 +61,13 @@ In this section you could enable all the languages required by your project and
 
 .. image:: ../../images/admin/site_settings_languages.png
 
-Text Customization
+Text customization
 ..................
 Here could be configured overrides for any of the texts of the platform and of their translation.
 
 .. image:: ../../images/admin/site_settings_text_customization.png
 
-Advanced Settings
+Advanced settings
 .................
 In this section could be configured a set of advanced settings.
 
@@ -82,7 +82,7 @@ Depending on your project needs here you could create users with different roles
 
 .. image:: ../../images/admin/users.png
 
-User Roles
+User roles
 ..........
 The software offers the possibility to create users with the following roles:
 
@@ -90,7 +90,7 @@ The software offers the possibility to create users with the following roles:
 
    2. Recipients
 
-User Options
+User options
 ............
 
 .. image:: ../../images/admin/users_options.png
@@ -114,7 +114,7 @@ Steps
 The software enables to organize questionnaire in one or multiple steps.
 For example the default questionnaire is organized with a single step including all the questions.
 
-Questions Types
+Questions types
 ...............
 The software enables you to create questions of the following types:
 
@@ -140,7 +140,7 @@ The software enables you to create questions of the following types:
 
    11. Question group
 
-Common Question Properties
+Common question properties
 ...........................
 Each of the software question types make it possible to configure the following properties:
 
@@ -173,7 +173,7 @@ Depending on your project needs here you could create additional Channels and co
 
 .. image:: ../../images/admin/channels.png
 
-Data Retention Policy
+Data retention policy
 .....................
 The software enables to configure a data retention policy for each channel.
 This is a fundamental property of the whistleblowing channel that makes it possible to configure automatic secure deletion of reports after a certain period of time.
@@ -181,7 +181,7 @@ This setting should be configured in relation to the risk of the channel in orde
 
 By default a channel is configured with a report expiration of 90 days.
 
-Case Management
+Case management
 ---------------
 This section is intended to host all the main case management feature that will be offered by the software.
 Currently it hosts the possibility to define reports statuses and sub-statuses intended to be used by Recipients while working on the reports.
@@ -206,7 +206,7 @@ The section is furtherly divided in:
 
    2. Notification Templates
 
-Notification Settings
+Notification settings
 .....................
 Here are configured the technical details about SMTP.
 
@@ -215,7 +215,7 @@ Here are configured the technical details about SMTP.
 
 .. image:: ../../images/admin/notification_settings.png
 
-Notification Templates
+Notification templates
 ......................
 In this section are configured the notification templates.
 
@@ -257,7 +257,7 @@ Here you can configure all the aspects related to the access of the platform via
 
 .. image:: ../../images/admin/tor.png
 
-IP Access Control
+IP access control
 .................
 Here you can configure IP based Access Control.
 
@@ -269,7 +269,7 @@ Suggested configurations are:
 
    2. Restrict Recipients access to their intranet.
 
-URL Redirects
+URL redirects
 .............
 Here you can configure URL Redirects.
 
@@ -279,7 +279,7 @@ Sites
 -----
 The site section enables organization to create and manage multiple secondary whistleblowing sites.
 
-Sites Management
+Sites management
 ................
 Secondary whistleblowing platforms with independent configurations can be manually created and managed through the Sites interface.
 
@@ -291,7 +291,7 @@ After creating a secondary site an administrators of the main site could simply
 
 After clicking on the button the administrator will be logged in on the the administrative panel of the site.
 
-Signup Module
+Signup module
 .............
 The software features a signup module that can be enabled and used to offers others users the possibility to register their secondary site.
 
@@ -305,7 +305,7 @@ When the signup module is enabled the submission module of the main site is auto
 
 .. image:: ../../images/admin/signup_form.png
 
-Audit Log
+Audit log
 ---------
 The software features a privacy precerving audit log enabling administrators of the system to supervise on projects operations.
 
diff --git a/documentation/user/index.rst b/documentation/user/index.rst
index 25cebdf4a9..219592411c 100644
--- a/documentation/user/index.rst
+++ b/documentation/user/index.rst
@@ -1,4 +1,4 @@
-User Documentation
+User documentation
 ==================
 .. toctree::
   :name: user
diff --git a/publiccode.yml b/publiccode.yml
index 5672eece97..ac028700fe 100644
--- a/publiccode.yml
+++ b/publiccode.yml
@@ -1,11 +1,11 @@
 name: GlobaLeaks
-releaseDate: '2024-09-11'
+releaseDate: '2024-10-30'
 publiccodeYmlVersion: '0.4.0'
-url: 'https://github.com/globaleaks/GlobaLeaks'
+url: 'https://github.com/globaleaks/globaleaks-whistleblowing-software'
 landingURL: 'https://www.globaleaks.org/'
-roadmap: "https://docs.globaleaks.org/en/main/roadmap/"
+roadmap: "https://docs.globaleaks.org/en/stable/roadmap/"
 logo: brand/assets/globaleaks-icon-color.svg
-softwareVersion: 5.0.6
+softwareVersion: 5.0.20
 softwareType: standalone/web
 developmentStatus: stable
 platforms:
@@ -139,22 +139,22 @@ it:
 description:
   en:
     shortDescription: >-
-      GlobaLeaks is free, open-source whistleblowing software enabling anyone to easily set
-      up and maintain a secure reporting platform
+      GlobaLeaks is a free and open-source whistleblowing software enabling anyone to
+      easily set up and maintain a secure reporting platform
     longDescription: >-
-      [GlobaLeaks](https://www.globaleaks.org/) is free, open-souce whistleblowing software
-      enabling anyone to easily set up and maintain a secure reporting platform.
+      [GlobaLeaks](https://www.globaleaks.org/) is a free and open-source whistleblowing
+      software enabling anyone to easily set up and maintain a secure reporting platform.
       Thanks to GlobaLeaks even non-technical people are be able to setup their
       own anonymous whistleblowing project. Designed to be user-friendly the
       software is customizable up to own needs and protects the whistleblower's
       privacy and submissions. GlobaLeaks targets
       [many use cases](https://www.globaleaks.org/usecases/) and therefore
       it has been designed as a framework. Designed with flexibility in mind and
-      translated in [more than 90 languages](https://www.transifex.com/otf/globaleaks)
-      GlobaLeaks is nowadays adopted worldwide by more than 10000 projects.
+      translated in [more than 70 languages](https://www.transifex.com/otf/globaleaks)
+      GlobaLeaks is nowadays adopted worldwide by more than 30000 projects.
       The vast range of adopters includes independent media, activists, public
       agencies, corporations and more.
-      the software is recognized by the
+      The software is recognized by the
       [Digital Public Good Alliance](https://digitalpublicgoods.net) as a
       [Digital Public Good](https://app.digitalpublicgoods.net/a/11113).
     documentation: 'https://docs.globaleaks.org/'
@@ -174,7 +174,7 @@ description:
       - PNRR/Misura/1.6
       - "Multi-user system with customizable user roles (whistleblower, recipient, administrator)"
       - "Entirely manageable from a web administration interface"
-      - "Support for more than 90 languages with Right-to-Left (RTL)"
+      - "Support for more than 70 languages with Right-to-Left (RTL)"
       - "Receive reports from whistleblower through structured multi-step questionnaire"
       - "Let whistleblowers decide if and when to confidentially declare their identity"
       - "Exchange multimedia files with whistleblower"
@@ -190,7 +190,7 @@ description:
       - "Create and manage multiple whistleblowing site (e.g for subsidiaries or third party clients)"
       - "Advanced questionnaire builder"
       - "Whistleblowing system statistics"
-      - "Designed in adherence with ISO 37002:2021 and EU Directive 2019/1937 for security compliance"
+      - "Designed in adherence to ISO 37002:2021, EU Directive 2019/1937 standards and recommendations for whistleblowing compliance"
       - "Bidirectional anonymous communication (comments/messages)"
       - "Customizable case management workflow (statuses/sub-statuses)"
       - "Whistleblower identity conditional reporting workflow"
@@ -203,7 +203,7 @@ description:
       - "Audit log"
       - "Integratable with existing enterprise case management platform"
       - "Free Software OSI Approved AGPL 3.0 License"
-      - "Designed in adherence with the ISO 27001:2022, CSA Star and OWASP recommendations for security compliance"
+      - "Designed in adherence to ISO 27001:2022, General Data Protection Regulation (EU) 2016/679, CSA STAR, OWASP standards and recommendations for privacy and security compliance"
       - "Full data encryption of data and metadata exchanged via the platform"
       - "Digital anonymity support with Tor integration"
       - "Built-in HTTPS support with TLS 1.3 standard (SSLabs A+ rating)"
@@ -218,7 +218,7 @@ description:
       - "Does not leave traces on browser cache"
       - "Multi-site support enabling to run multiple virtual site on the same setup"
       - "Responsive user interfaces built with Boostrap CSS framework"
-      - "Designed in adherence to Directive (EU) 2019/882, Directive (EU) 2016/2102, EN 301 549, W3C WCAG 2.2 and WAI-ARIA 2.2 standards and recommendations for accessibility compliance"
+      - "Designed in adherence to ISO/IEC 40500:2012, Directive (EU) 2019/882, Directive (EU) 2016/2102, W3C WCAG 2.2 WAI-ARIA 2.2 standards and recommendations for accessibility compliance"
       - "Automated Software Quality Measurement and Continuous Integration Testing"
       - "Long-Term Support plan (LTS)"
       - "Built with lightweight framework technologies (Angular and Python Twisted)"
@@ -231,13 +231,13 @@ description:
       - "Easy integration of the platform with existing websites and intranets"
       - "REST API"
     screenshots:
-      - documentation/images/whistleblower/home.png
-      - documentation/images/whistleblower/submission.png
-      - documentation/images/whistleblower/receipt.png
-      - documentation/images/whistleblower/report.png
-      - documentation/images/user/login.png
-      - documentation/images/recipient/reports.png
-      - documentation/images/recipient/report.png
+      - documentation/images/whistleblower/home.en.png
+      - documentation/images/whistleblower/submission.en.png
+      - documentation/images/whistleblower/receipt.en.png
+      - documentation/images/whistleblower/report.en.png
+      - documentation/images/user/login.en.png
+      - documentation/images/recipient/reports.en.png
+      - documentation/images/recipient/report.en.png
   it:
     genericName: Whistleblowing Software
     shortDescription: >-
@@ -252,8 +252,8 @@ description:
       dei segnalanti. GlobaLeaks si rivolge a
       [molti casi d'uso](https://www.globaleaks.org/usecases/) e quindi è stato progettato
       come un framework. Progettato per essere altamente configurabile e tradotto in
-      [oltre 90 lingue](https://www.transifex.com/otf/globaleaks), GlobaLeaks è oggi adottato
-      in tutto il mondo da oltre 10000 progetti. La variegata gamma di utenti comprende media
+      [oltre 70 lingue](https://www.transifex.com/otf/globaleaks), GlobaLeaks è oggi adottato
+      in tutto il mondo da oltre 30000 progetti. La variegata gamma di utenti comprende media
       indipendenti, attivisti,  agenzie pubbliche, imprese private e altro.
       Il software è riconosciuto dalla
       [Digital Public Good Alliance](https://digitalpublicgoods.net/) come un
@@ -275,7 +275,7 @@ description:
       - PNRR/Misura/1.6
       - "Sistema multiutente con ruoli utente personalizzabili (segnalante, ricevente, amministratore)"
       - "Interamente gestibile da un'interfaccia di amministrazione web"
-      - "Supporto per oltre 90 lingue ed RTL"
+      - "Supporto per oltre 70 lingue ed RTL"
       - "Ricevi segnalazioni da un segnalante tramite un questionario strutturato in più passaggi"
       - "Possibilità per i segnalanti di decidere se e quando dichiarare la propria identità"
       - "Possibilità di scambio dile con il segnalante"
@@ -291,7 +291,7 @@ description:
       - "Gestisci più siti di segnalazione da un'unica dashboard"
       - "Create e gestisci più siti di whistleblowing (e.g. per società controllate o clienti terzi)"
       - "Statistiche del sistema di segnalazione"
-      - "Progettato in aderenza con ISO 37002:2021 e Direttiva EU 2019/1937 per whistleblowing compliance"
+      - "Progettato in aderenza con gli standard e raccomandazioni ISO 37002:2021 e Direttiva EU 2019/1937 in materia di compliance per il whistleblowing."
       - "Comunicazione anonima bidirezionale (commenti / messaggi)"
       - "Flusso di lavoro personalizzabile per la gestione dei casi (stati / stati secondari)"
       - "Flusso di lavoro di segnalazione condizionale dell'identità di Whistleblower"
@@ -304,7 +304,7 @@ description:
       - "Audit log"
       - "Integrabile con la piattaforma esistente di gestione dei casi aziendali"
       - "Licenza AGPL 3.0 per software libero approvata OSI"
-      - "Progettato in aderenza con le raccomandazioni ISO 27001:2022, CSA Star e OWASP per security compliance"
+      - "Progettato in aderenza con gli standard e le raccomandazioni ISO 27001:2022, Regolamento Generale sulla Protezione dei Dati (UE) 2016/679, CSA STAR OWASP per compliance in materia di privacy e sicurezza"
       - "Crittografia completa dei dati e dei metadati scambiati sulla piattaforma"
       - "Supporto dell'anonimato digitale con integrazione Tor"
       - "Supporto HTTPS integrato con standard TLS 1.3 (classificazione SSLabs A +)"
@@ -319,7 +319,7 @@ description:
       - "Non lascia tracce nella cache del browser"
       - "Supporto multi-sito per eseguire più siti virtuali sulla stessa installazione"
       - "Interfacce utente responsive realizzate con il framework CSS Boostrap"
-      - "Progettato in conformità alla Direttiva (UE) 2019/882, Direttiva (UE) 2016/2102, EN 301 549, W3C WCAG 2.2 e alle raccomandazioni WAI-ARIA 2.2 per accessibility compliance"
+      - "Progettato in aderenza con gli standard e le raccomandazioni ISO/IEC 40500:2012, Direttiva (UE) 2019/882, Direttiva (UE) 2016/2102, EN 301 549, W3C WCAG 2.2 e alle raccomandazioni WAI-ARIA 2.2 per compliance in materia di accessibilità"
       - "Misurazione automatizzata della qualità del software e test di integrazione continua"
       - "Piano di supporto a lungo termine (LTS)"
       - "Costruito con tecnologie framework leggere (Angular e Python Twisted)"
@@ -332,13 +332,13 @@ description:
       - "Facile integrazione della piattaforma con siti web e intranet esistenti"
       - "REST API"
     screenshots:
-      - documentation/images/whistleblower/home.png
-      - documentation/images/whistleblower/submission.png
-      - documentation/images/whistleblower/receipt.png
-      - documentation/images/whistleblower/report.png
-      - documentation/images/user/login.png
-      - documentation/images/recipient/reports.png
-      - documentation/images/recipient/report.png
+      - documentation/images/whistleblower/home.it.png
+      - documentation/images/whistleblower/submission.it.png
+      - documentation/images/whistleblower/receipt.it.png
+      - documentation/images/whistleblower/report.it.png
+      - documentation/images/user/login.it.png
+      - documentation/images/recipient/reports.it.png
+      - documentation/images/recipient/report.it.png
 usedBy:
   - Agenzia per l'Italia Digitale (AgID)
   - Agenzia per la cybersicurezza nazionale (ACN)
diff --git a/scripts/build.sh b/scripts/build.sh
index a8506edf60..b8e74444ee 100755
--- a/scripts/build.sh
+++ b/scripts/build.sh
@@ -4,7 +4,7 @@ set -e
 
 TARGETS="bionic bookworm bullseye buster focal jammy noble"
 DISTRIBUTION="bookworm"
-TAG="main"
+TAG="stable"
 LOCAL_ENV=0
 NOSIGN=0
 PUSH=0
@@ -78,9 +78,9 @@ BUILDSRC="$BUILDDIR/src"
 mkdir -p $BUILDSRC && cd $BUILDSRC
 
 if [ $LOCAL_ENV -eq 1 ]; then
-  git clone --branch="$TAG" --depth=1 file://$(pwd)/../../../GlobaLeaks .
+  git clone --branch="$TAG" --depth=1 file://$(pwd)/../../../globaleaks-whistleblowing-software .
 else
-  git clone --branch="$TAG" --depth=1 https://github.com/globaleaks/GlobaLeaks.git .
+  git clone --branch="$TAG" --depth=1 https://github.com/globaleaks/globaleaks-whistleblowing-software.git .
 fi
 
 cd client && npm install -d && ./node_modules/grunt/bin/grunt build
diff --git a/scripts/bump_version.sh b/scripts/bump_version.sh
index 43caa6a389..c8fe1e1b8c 100755
--- a/scripts/bump_version.sh
+++ b/scripts/bump_version.sh
@@ -13,7 +13,7 @@ if [[ "$1" != "" ]]; then
 
 	sed -i "s/\"version\":.*/\"version\": \"$1\",/g" "$ROOTDIR"/client/package.json
 
-	awk -v ver="$1" 'BEGIN{cnt=0} /"version":/ && cnt<2 {sub(/"version": "[^"]*"/, "\"version\": \"" ver "\""); cnt++} 1' "$ROOTDIR/client/npm-shrinkwrap.json" > tmp && mv tmp "$ROOTDIR/client/npm-shrinkwrap.json"
+	awk -v ver="$1" 'BEGIN{cnt=0} /"version":/ && cnt<2 {sub(/"version": "[^"]*"/, "\"version\": \"" ver "\""); cnt++} 1' "$ROOTDIR/client/package-lock.json" > tmp && mv tmp "$ROOTDIR/client/package-lock.json"
 
 	sed -i "s/^releaseDate:.*/releaseDate: '$(date +'%Y-%m-%d')'/g" "$ROOTDIR"/publiccode.yml
 
@@ -26,8 +26,6 @@ if [[ "$1" != "" ]]; then
  -- GlobaLeaks software signing key <info@globaleaks.org>  $(date --rfc-email)\n\n$(cat debian/changelog)" > "$ROOTDIR"/debian/changelog
 
         git commit -a -m "Bump to version $1"
-
-        git tag -s v$1 -m 'GlobaLeaks version $1' --force
 else
 	echo -e "Please specify a version"
 	exit 1
diff --git a/scripts/install.sh b/scripts/install.sh
index de3ede0a9d..e04a907cd4 100755
--- a/scripts/install.sh
+++ b/scripts/install.sh
@@ -100,15 +100,15 @@ while getopts "ynv:h" opt; do
   esac
 done
 
-echo -e "Running the GlobaLeaks installation...\nIn case of failure please report encountered issues to the ticketing system at: https://github.com/globaleaks/GlobaLeaks/issues\n"
+echo -e "Running the GlobaLeaks installation...\nIn case of failure please report encountered issues to the ticketing system at: https://github.com/globaleaks/globaleaks-whistleblowing-software/issues\n"
 
 echo "Detected OS: $DISTRO - $DISTRO_CODENAME"
 
 last_command "check_distro"
 
-if echo "$DISTRO_CODENAME" | grep -vqE "^bookworm$" ; then
-  echo "WARNING: The GlobaLeaks software lifecycle includes full support for all Debian and Ubuntu LTS versions starting from Debian 10 and Ubuntu 20.04"
-  echo "WARNING: The currently recommended distribution is: Debian 12 (Bookworm)"
+if echo "$DISTRO_CODENAME" | grep -vqE "^(bookworm)|(noble)$" ; then
+  echo "WARNING: The recommended up-to-date platforms are Debian 12 (Bookworm) and Ubuntu 24.04 (Noble)"
+  echo "WARNING: Use one of these platforms to ensure best stability and security"
 
   prompt_for_continuation
 fi
diff --git a/scripts/tag_release.sh b/scripts/tag_release.sh
new file mode 100755
index 0000000000..83020725af
--- /dev/null
+++ b/scripts/tag_release.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+# This script tag a new release version
+set -e
+
+if [[ "$1" != "" ]]; then
+	echo "Tagging version v$1"
+
+        git tag -s v$1 -m 'GlobaLeaks version $1' --force
+else
+	echo -e "Please specify a version"
+	exit 1
+fi