update help landing page for wg, privacy policy

static/css/style.css

@@ -264,7 +264,7 @@ box-shadow: 1px 1px 2px 1px rgba(0,0,0,0.21);
 .content-box h3 {
     font-weight: bold;
     font-size: 1.2em;
-    margin: 0.5em 0 0.25em 0;
+    margin: 1em 0 0.25em 0;
 }
 .content-box h4 {
     font-weight: bold;
@@ -463,15 +463,15 @@ ul.errorlist {
 }
 .install-guides li {
     display: inline-block;
-    width: 10em;
-    padding-top: 1em;
+    width: 7em;
+    padding-top: 0.5em;
     text-align: center;
     border: 1px solid #ccc;
     border-radius: 5px;
-    margin: 0.5em 1em;
+    margin: 0.5em 0.50em;
 }
 .install-guides li a {
-    line-height: 3em;
+    line-height: 2.2em;
     text-decoration: none;
 }
 .install-guides li i {

templates/base_help.html

@@ -6,7 +6,7 @@
 <div class="flex-page">
     <div class="left-menu">
         <div class="submenu">
-            <p class="menu-title">{% trans 'Help' %}</p>
+            <p class="menu-title"></p>
             <ul>
                 <li class="pure-menu-item">
                     <a href="{% url 'page' 'help' %}">
@@ -34,7 +34,7 @@
         </div>
 
         <div class="submenu">
-            <p class="menu-title">{% trans 'Installation' %}</p>
+            <p class="menu-title">{% trans 'OpenVPN' %}</p>
             <ul>
                 <li><a href="/page/install-android">
                     <i class="fa fa-android fa-fw" aria-hidden="true"></i>&nbsp;
@@ -56,6 +56,10 @@
                     <i class="fa fa-chrome fa-fw" aria-hidden="true"></i>&nbsp;
                     {% trans 'Chrome OS' %}
                 </a></li>
+                <li><a href="/page/install-openvpn">
+                    <i class="fa fa-server fa-fw" aria-hidden="true"></i>&nbsp;
+                    {% trans 'Other' %}
+                </a></li>
             </ul>
         </div>
 

templates/pages/help.en.md

@@ -2,15 +2,29 @@
 Title: Support
 ---
 
+CCrypto VPN uses mainly two VPN technologies,
+[OpenVPN](https://openvpn.net/) and
+[WireGuard](https://www.wireguard.com/).  
+We recommend WireGuard for its simplicity, security, and performances,
+but also provide OpenVPN servers for compatibility with many devices and setups.
+
+### WireGuard Installation Guide
+
+The most up to date installation instructions for WireGuard are on its official website:
+[*Installation - Wireguard*](https://www.wireguard.com/install/).
+
+- On Android and iOS, simply open the app and scan a [QR code from your account page](/account/wireguard) to associate a device.
+- On Windows, mac OS and Linux, import a configuration file [downloaded from your account](/account/wireguard).
 
 ### OpenVPN Installation Guides
 
 <ul class="install-guides">
-  <li><a href="/page/install-android"><i class="fa fa-android fa-5x"></i> Android</a></li>
-  <li><a href="/page/install-windows"><i class="fa fa-windows fa-5x"></i> Windows</a></li>
-  <li><a href="/page/install-gnulinux"><i class="fa fa-linux fa-5x"></i> GNU/Linux</a></li>
-  <li><a href="/page/install-osx"><i class="fa fa-apple fa-5x"></i> OS X</a></li>
-  <li><a href="/page/install-chromeos"><i class="fa fa-chrome fa-5x"></i> Chromebook</a></li>
+  <li><a href="/page/install-android"><i class="fa fa-android fa-3x"></i> Android</a></li>
+  <li><a href="/page/install-windows"><i class="fa fa-windows fa-3x"></i> Windows</a></li>
+  <li><a href="/page/install-gnulinux"><i class="fa fa-linux fa-3x"></i> GNU/Linux</a></li>
+  <li><a href="/page/install-osx"><i class="fa fa-apple fa-3x"></i> OS X</a></li>
+  <li><a href="/page/install-chromeos"><i class="fa fa-chrome fa-3x"></i> Chromebook</a></li>
+  <li><a href="/page/install-openvpn"><i class="fa fa-server fa-3x"></i> Other</a></li>
 </ul>
 
 ### Help

templates/pages/help.fr.md

@@ -2,14 +2,29 @@
 Title: Guides
 ---
 
-### Installation d'OpenVPN
+CCrypto VPN utilise principalement deux technologies de VPN,
+[OpenVPN](https://openvpn.net/) et
+[WireGuard](https://www.wireguard.com/).  
+Nous recommandons WireGuard pour sa simplicité, sécurité, et performances,
+mais fournissons aussi des serveurs OpenVPN pour une compatibilité avec plus de plateformes.
+
+### Installation avec WireGuard
+
+Les instructions pour installer WireGuard sont disponibles sur le site officiel:
+[Installation - WireGuard](https://www.wireguard.com/install/).
+
+- Sur Android and iOS, scannez simplement [le code QR donné dans votre compte](/account/wireguard) pour associer un appareil.
+- Sur Windows, mac OS, et Linux, importez un fichier de configuration [téléchargé depuis votre compte](/account/wireguard).
+
+### Installation avec OpenVPN
 
 <ul class="install-guides">
-  <li><a href="/page/install-android"><i class="fa fa-android fa-5x"></i> Android</a></li>
-  <li><a href="/page/install-windows"><i class="fa fa-windows fa-5x"></i> Windows</a></li>
-  <li><a href="/page/install-gnulinux"><i class="fa fa-linux fa-5x"></i> GNU/Linux</a></li>
-  <li><a href="/page/install-osx"><i class="fa fa-apple fa-5x"></i> OS X</a></li>
-  <li><a href="/page/install-chromeos"><i class="fa fa-chrome fa-5x"></i> Chromebook</a></li>
+  <li><a href="/page/install-android"><i class="fa fa-android fa-3x"></i> Android</a></li>
+  <li><a href="/page/install-windows"><i class="fa fa-windows fa-3x"></i> Windows</a></li>
+  <li><a href="/page/install-gnulinux"><i class="fa fa-linux fa-3x"></i> GNU/Linux</a></li>
+  <li><a href="/page/install-osx"><i class="fa fa-apple fa-3x"></i> OS X</a></li>
+  <li><a href="/page/install-chromeos"><i class="fa fa-chrome fa-3x"></i> Chromebook</a></li>
+  <li><a href="/page/install-openvpn"><i class="fa fa-server fa-3x"></i> Autre</a></li>
 </ul>
 
 ### Aide

templates/pages/install-openvpn.en.md

@@ -0,0 +1,48 @@
+---
+Title: Configure OpenVPN
+---
+
+Some devices will let you upload and import a VPN configuration; the "Other / GNU/Linux" configuration option is made to be compatible.
+
+For most other devices and client applications, including most routers supporting OpenVPN, you will need to fill in a few parameters as described below:
+
+<table class="admin-list">
+    <thead><tr><td>Option</td><td>Value</td></tr></thead>
+    <tr>
+        <td>CA Certificate</td>
+        <td>The file available on <a href="https://vpn.ccrypto.org/ca.crt">vpn.ccrypto.org/ca.crt</a></td>
+    </tr>
+    <tr>
+        <td>Client / Server certificates</td>
+        <td>None</td>
+    </tr>
+    <tr>
+        <td>Username / Password</td>
+        <td>The same as used to log in on this website</td>
+    </tr>
+    <tr>
+        <td>Host or Gateway</td>
+        <td><code>fr.204vpn.net</code>, or any host in our <a href="/status">server list</a></td>
+    </tr>
+    <tr>
+        <td>Port / Protocol</td>
+        <td>1196 in UDP mode (or 443 in TCP mode; prefer UDP unless blocked)</td>
+    </tr>
+    <tr>
+        <td>Interface Type</td>
+        <td><code>tun</code></td>
+    </tr>
+    <tr>
+        <td>LZO Compression</td>
+        <td>Enabled</td>
+    </tr>
+    <tr>
+        <td>Cipher / HMAC</td>
+        <td><code>BF-CBC</code> and <code>SHA1</code> by default, renegociable with a recent OpenVPN version</td>
+    </tr>
+    <tr>
+        <td>DNS Server</td>
+        <td><code>10.99.0.20</code></td>
+    </tr>
+</table>
+

templates/pages/nop2p.en.md

@@ -1,38 +0,0 @@
----
-Title: NO-P2P Servers
----
-
-See also: our [Privacy Policy](/page/privacy).
-
-Because of its high number of simultaneous connections and high bandwidth usage,
-and the amount of legal issues sometimes linked,
-we have to restrict the use of the BitTorrent protocol on specific servers.  
-Our servers marked as **NO-P2P** are more expensive to maintain
-and cost more in bandwidth than in other countries,
-so we ask our clients to not use the BitTorrent protocol
-on these servers.
-
-
-### Enforcement
-
-As monitoring all connections would be a big privacy violation towards our clients and cost much more,
-we chose to only intercept connection made to a specific set of known BitTorrent trackers
-as listed at the end of this page.  
-Rules are then applied to the intercepted content and if a match if found,
-the client is disconnected and banned from the server.  
-Intercepted data is never logged or stored, only the username and the date of detection are stored.
-
-If you think this has happened by mistake, please contact our support.
-
-Trackers targeted:
-
-    94.23.183.33
-    62.138.0.158
-    163.172.157.35
-    151.80.120.112/30
-    109.121.134.121
-    87.98.148.74
-    192.99.81.115
-
-The exact rules used are still under development and will be published once stable.
-

templates/pages/privacy.en.md

@@ -2,57 +2,45 @@
 Title: Privacy Policy
 ---
 
-We believe transparency is one of the most important qualities a VPN service can have.
-This page is meant to inform users about what informations CCrypto stores,
+This page is meant to inform users about the information CCrypto stores,
 in what conditions, and the exact limits under which it is kept and transfered.
 If you have any question that is not answered by this page, please contact us.
 
 
-### 1. Informations stored
-
-To run our VPN service, we collect and store the following informations:
+### 1. Information stored
 
   - Username
-  - Hashed password (see our published source code for details)
+  - Hashed password
   - E-mail address, if provided
-  - Support tickets
+  - Messages sent as support tickets
   - IP address used when browsing the site
+  - For payments and subscriptions, external identifiers to the associated payment processors.
 
-For each payment or subscription, we store:
-
-  - PayPal: the PayPal transaction or subscription ID and paid amount
-  - Stripe: the Stripe charge or subscription ID and paid amount
-  - Bitcoin: the transaction id, receiving address and received amount at the time the payment was confirmed.
-
-All these informations are strictly kept by CCrypto and will not be shared to a third party,
-except as described in section 4.
+See our published source code for technical details.  
+We use no additional external analytics or advertisement network on our website.  
+All these informations are strictly kept by CCrypto and will not be shared to a third party unless required by law (see 4.).
 
 Our websites embeds a support chat widget operated by Tawk.to. It can be blocked
-without breaking the rest of the website and tickets can be used for communication.
-
-We use no additional external analytics or advertisement network on our website.
+without breaking the rest of the website and tickets can be used for secure communication.
 
 
 ### 2. VPN Logging
 
-Each connection from a VPN client to our VPN server is logged for security and billing purposes.
+Each connection from a VPN client to our OpenVPN servers is logged for legal reasons.
 For each connection or authentication, we store for up to a year:
 
   - Username
-  - Server used and shared server IP address
-  - Client IP address and port
-  - Amount of data transferred per hour (used exclusively for usage statistics and against extreme service abuses)
+  - Server used (and shared server IP address)
+  - OpenVPN client IP address and port
+  - Amount of data transferred per hour (used exclusively for usage statistics and against extreme abuses)
 
-As opposed to many VPN service providers, no data is stored or logged in the gateway servers.
-Those are too exposed and would be the easiest target to raid or steal, and depend on the
-law of many countries.
-Instead, connection logs are stored separately on a secure server.
+**CCrypto will never monitor, record, or use without your consent the traffic you send and receive through the VPN, including but not limited to DNS queries and browsing history.**
 
-**CCrypto will never, in any event, monitor, record, or use without your consent the traffic you send and receive through the VPN, including but not limited to DNS queries and browsing history.**
+We will however watch for known dangerous patterns to limit abuse,
+exclusively used internally to avoid issues with our current server providers:
 
-On some servers, we will however watch for known dangerous patterns to limit abuse,
-as explicitly described by a dedicated page: [NO-P2P](/page/nop2p)  
-Such detections are exclusively for use by CCrypto internally and will not be shared.
+- Denial of service attacks
+- BitTorrent connections to know public trackers (on servers indicated by a "NO-P2P" tag)
 
 
 ### 3. DMCA handling
@@ -61,15 +49,11 @@ DMCA cease & desists are usually ignored as we have very little control over it.
 If one user generates too many abuse, we may investigate and block their access
 to a server without notice as a warning.
 
-Since we cannot precisely identify users responsible from DMCA notices,
+Since we cannot precisely identify users responsible for DMCA notices,
 we will ban from the server the user or users that match the most the report or reports received.
 If you think you have been banned unfairly,
 you can open a ticket and we will reinstate your access to the server as soon as possible.
 
-Servers designated as "NO P2P" servers have a lower tolerance and
-will result in a ban as fast as possible.  
-Please do not abuse the service, as it will only lower the quality for everyone.
-
 **We will never disclose user information as a result of a DMCA notice.**
 
 ### 4. Data requests