diff --git a/Pipfile b/Pipfile
index dda13ec..f73f02f 100644
--- a/Pipfile
+++ b/Pipfile
@@ -11,6 +11,8 @@ typing-extensions = "*"
mkdocs-rss-plugin = "*"
mkdocs-git-committers-plugin-2 = "*"
mkdocs-macros-plugin = "*"
+pillow = "*"
+cairosvg = "*"
[dev-packages]
scour = "*"
diff --git a/Pipfile.lock b/Pipfile.lock
index 53b3094..a6f5dfc 100644
--- a/Pipfile.lock
+++ b/Pipfile.lock
@@ -1,7 +1,7 @@
{
"_meta": {
"hash": {
- "sha256": "8ab933fe2560e65ac1267c91177010fc46a91531347c5761e74d06f566eafd4e"
+ "sha256": "2646001bb1622eefe38b1aaec5ffbc2bb8eac06e24bb312113c6fd82358064d9"
},
"pipfile-spec": 6,
"requires": {
@@ -32,6 +32,21 @@
"markers": "python_version >= '3.6'",
"version": "==4.11.1"
},
+ "cairocffi": {
+ "hashes": [
+ "sha256:509339b32ccd8d7b00c2204c32736cde78db53a32e6a162d312478d25626cd9a"
+ ],
+ "markers": "python_version >= '3.7'",
+ "version": "==1.4.0"
+ },
+ "cairosvg": {
+ "hashes": [
+ "sha256:98c276b7e4f0caf01e5c7176765c104ffa1aa1461d63b2053b04ab663cf7052b",
+ "sha256:b0b9929cf5dba005178d746a8036fcf0025550f498ca54db61873322384783bc"
+ ],
+ "index": "pypi",
+ "version": "==2.5.2"
+ },
"certifi": {
"hashes": [
"sha256:0d9c601124e5a6ba9712dbc60d9c53c21e34f5f641fe83002317394311bdce14",
@@ -40,6 +55,75 @@
"markers": "python_version >= '3.6'",
"version": "==2022.9.24"
},
+ "cffi": {
+ "hashes": [
+ "sha256:00a9ed42e88df81ffae7a8ab6d9356b371399b91dbdf0c3cb1e84c03a13aceb5",
+ "sha256:03425bdae262c76aad70202debd780501fabeaca237cdfddc008987c0e0f59ef",
+ "sha256:04ed324bda3cda42b9b695d51bb7d54b680b9719cfab04227cdd1e04e5de3104",
+ "sha256:0e2642fe3142e4cc4af0799748233ad6da94c62a8bec3a6648bf8ee68b1c7426",
+ "sha256:173379135477dc8cac4bc58f45db08ab45d228b3363adb7af79436135d028405",
+ "sha256:198caafb44239b60e252492445da556afafc7d1e3ab7a1fb3f0584ef6d742375",
+ "sha256:1e74c6b51a9ed6589199c787bf5f9875612ca4a8a0785fb2d4a84429badaf22a",
+ "sha256:2012c72d854c2d03e45d06ae57f40d78e5770d252f195b93f581acf3ba44496e",
+ "sha256:21157295583fe8943475029ed5abdcf71eb3911894724e360acff1d61c1d54bc",
+ "sha256:2470043b93ff09bf8fb1d46d1cb756ce6132c54826661a32d4e4d132e1977adf",
+ "sha256:285d29981935eb726a4399badae8f0ffdff4f5050eaa6d0cfc3f64b857b77185",
+ "sha256:30d78fbc8ebf9c92c9b7823ee18eb92f2e6ef79b45ac84db507f52fbe3ec4497",
+ "sha256:320dab6e7cb2eacdf0e658569d2575c4dad258c0fcc794f46215e1e39f90f2c3",
+ "sha256:33ab79603146aace82c2427da5ca6e58f2b3f2fb5da893ceac0c42218a40be35",
+ "sha256:3548db281cd7d2561c9ad9984681c95f7b0e38881201e157833a2342c30d5e8c",
+ "sha256:3799aecf2e17cf585d977b780ce79ff0dc9b78d799fc694221ce814c2c19db83",
+ "sha256:39d39875251ca8f612b6f33e6b1195af86d1b3e60086068be9cc053aa4376e21",
+ "sha256:3b926aa83d1edb5aa5b427b4053dc420ec295a08e40911296b9eb1b6170f6cca",
+ "sha256:3bcde07039e586f91b45c88f8583ea7cf7a0770df3a1649627bf598332cb6984",
+ "sha256:3d08afd128ddaa624a48cf2b859afef385b720bb4b43df214f85616922e6a5ac",
+ "sha256:3eb6971dcff08619f8d91607cfc726518b6fa2a9eba42856be181c6d0d9515fd",
+ "sha256:40f4774f5a9d4f5e344f31a32b5096977b5d48560c5592e2f3d2c4374bd543ee",
+ "sha256:4289fc34b2f5316fbb762d75362931e351941fa95fa18789191b33fc4cf9504a",
+ "sha256:470c103ae716238bbe698d67ad020e1db9d9dba34fa5a899b5e21577e6d52ed2",
+ "sha256:4f2c9f67e9821cad2e5f480bc8d83b8742896f1242dba247911072d4fa94c192",
+ "sha256:50a74364d85fd319352182ef59c5c790484a336f6db772c1a9231f1c3ed0cbd7",
+ "sha256:54a2db7b78338edd780e7ef7f9f6c442500fb0d41a5a4ea24fff1c929d5af585",
+ "sha256:5635bd9cb9731e6d4a1132a498dd34f764034a8ce60cef4f5319c0541159392f",
+ "sha256:59c0b02d0a6c384d453fece7566d1c7e6b7bae4fc5874ef2ef46d56776d61c9e",
+ "sha256:5d598b938678ebf3c67377cdd45e09d431369c3b1a5b331058c338e201f12b27",
+ "sha256:5df2768244d19ab7f60546d0c7c63ce1581f7af8b5de3eb3004b9b6fc8a9f84b",
+ "sha256:5ef34d190326c3b1f822a5b7a45f6c4535e2f47ed06fec77d3d799c450b2651e",
+ "sha256:6975a3fac6bc83c4a65c9f9fcab9e47019a11d3d2cf7f3c0d03431bf145a941e",
+ "sha256:6c9a799e985904922a4d207a94eae35c78ebae90e128f0c4e521ce339396be9d",
+ "sha256:70df4e3b545a17496c9b3f41f5115e69a4f2e77e94e1d2a8e1070bc0c38c8a3c",
+ "sha256:7473e861101c9e72452f9bf8acb984947aa1661a7704553a9f6e4baa5ba64415",
+ "sha256:8102eaf27e1e448db915d08afa8b41d6c7ca7a04b7d73af6514df10a3e74bd82",
+ "sha256:87c450779d0914f2861b8526e035c5e6da0a3199d8f1add1a665e1cbc6fc6d02",
+ "sha256:8b7ee99e510d7b66cdb6c593f21c043c248537a32e0bedf02e01e9553a172314",
+ "sha256:91fc98adde3d7881af9b59ed0294046f3806221863722ba7d8d120c575314325",
+ "sha256:94411f22c3985acaec6f83c6df553f2dbe17b698cc7f8ae751ff2237d96b9e3c",
+ "sha256:98d85c6a2bef81588d9227dde12db8a7f47f639f4a17c9ae08e773aa9c697bf3",
+ "sha256:9ad5db27f9cabae298d151c85cf2bad1d359a1b9c686a275df03385758e2f914",
+ "sha256:a0b71b1b8fbf2b96e41c4d990244165e2c9be83d54962a9a1d118fd8657d2045",
+ "sha256:a0f100c8912c114ff53e1202d0078b425bee3649ae34d7b070e9697f93c5d52d",
+ "sha256:a591fe9e525846e4d154205572a029f653ada1a78b93697f3b5a8f1f2bc055b9",
+ "sha256:a5c84c68147988265e60416b57fc83425a78058853509c1b0629c180094904a5",
+ "sha256:a66d3508133af6e8548451b25058d5812812ec3798c886bf38ed24a98216fab2",
+ "sha256:a8c4917bd7ad33e8eb21e9a5bbba979b49d9a97acb3a803092cbc1133e20343c",
+ "sha256:b3bbeb01c2b273cca1e1e0c5df57f12dce9a4dd331b4fa1635b8bec26350bde3",
+ "sha256:cba9d6b9a7d64d4bd46167096fc9d2f835e25d7e4c121fb2ddfc6528fb0413b2",
+ "sha256:cc4d65aeeaa04136a12677d3dd0b1c0c94dc43abac5860ab33cceb42b801c1e8",
+ "sha256:ce4bcc037df4fc5e3d184794f27bdaab018943698f4ca31630bc7f84a7b69c6d",
+ "sha256:cec7d9412a9102bdc577382c3929b337320c4c4c4849f2c5cdd14d7368c5562d",
+ "sha256:d400bfb9a37b1351253cb402671cea7e89bdecc294e8016a707f6d1d8ac934f9",
+ "sha256:d61f4695e6c866a23a21acab0509af1cdfd2c013cf256bbf5b6b5e2695827162",
+ "sha256:db0fbb9c62743ce59a9ff687eb5f4afbe77e5e8403d6697f7446e5f609976f76",
+ "sha256:dd86c085fae2efd48ac91dd7ccffcfc0571387fe1193d33b6394db7ef31fe2a4",
+ "sha256:e00b098126fd45523dd056d2efba6c5a63b71ffe9f2bbe1a4fe1716e1d0c331e",
+ "sha256:e229a521186c75c8ad9490854fd8bbdd9a0c9aa3a524326b55be83b54d4e0ad9",
+ "sha256:e263d77ee3dd201c3a142934a086a4450861778baaeeb45db4591ef65550b0a6",
+ "sha256:ed9cb427ba5504c1dc15ede7d516b84757c3e3d7868ccc85121d9310d27eed0b",
+ "sha256:fa6693661a4c91757f4412306191b6dc88c1703f780c8234035eac011922bc01",
+ "sha256:fcd131dd944808b5bdb38e6f5b53013c5aa4f334c5cad0c72742f6eba4b73db0"
+ ],
+ "version": "==1.15.1"
+ },
"charset-normalizer": {
"hashes": [
"sha256:5a3d016c7c547f69d6f81fb0db9449ce888b418b5b9952cc5e6e66843e9dd845",
@@ -64,6 +148,22 @@
"markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'",
"version": "==1.1.0"
},
+ "cssselect2": {
+ "hashes": [
+ "sha256:1ccd984dab89fc68955043aca4e1b03e0cf29cad9880f6e28e3ba7a74b14aa5a",
+ "sha256:fd23a65bfd444595913f02fc71f6b286c29261e354c41d722ca7a261a49b5969"
+ ],
+ "markers": "python_version >= '3.7'",
+ "version": "==0.7.0"
+ },
+ "defusedxml": {
+ "hashes": [
+ "sha256:1bb3032db185915b62d7c6209c5a8792be6a32ab2fedacc84e01b52c51aa3e69",
+ "sha256:a352e7e428770286cc899e2542b6cdaedb2b4953ff269a210103ec58f6198a61"
+ ],
+ "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'",
+ "version": "==0.7.1"
+ },
"ghp-import": {
"hashes": [
"sha256:8337dd7b50877f163d4c0289bc1f1c7f127550241988d568c1db512c4324a619",
@@ -323,6 +423,77 @@
],
"version": "==0.5.6"
},
+ "pillow": {
+ "hashes": [
+ "sha256:0030fdbd926fb85844b8b92e2f9449ba89607231d3dd597a21ae72dc7fe26927",
+ "sha256:030e3460861488e249731c3e7ab59b07c7853838ff3b8e16aac9561bb345da14",
+ "sha256:0ed2c4ef2451de908c90436d6e8092e13a43992f1860275b4d8082667fbb2ffc",
+ "sha256:136659638f61a251e8ed3b331fc6ccd124590eeff539de57c5f80ef3a9594e58",
+ "sha256:13b725463f32df1bfeacbf3dd197fb358ae8ebcd8c5548faa75126ea425ccb60",
+ "sha256:1536ad017a9f789430fb6b8be8bf99d2f214c76502becc196c6f2d9a75b01b76",
+ "sha256:15928f824870535c85dbf949c09d6ae7d3d6ac2d6efec80f3227f73eefba741c",
+ "sha256:17d4cafe22f050b46d983b71c707162d63d796a1235cdf8b9d7a112e97b15bac",
+ "sha256:1802f34298f5ba11d55e5bb09c31997dc0c6aed919658dfdf0198a2fe75d5490",
+ "sha256:1cc1d2451e8a3b4bfdb9caf745b58e6c7a77d2e469159b0d527a4554d73694d1",
+ "sha256:1fd6f5e3c0e4697fa7eb45b6e93996299f3feee73a3175fa451f49a74d092b9f",
+ "sha256:254164c57bab4b459f14c64e93df11eff5ded575192c294a0c49270f22c5d93d",
+ "sha256:2ad0d4df0f5ef2247e27fc790d5c9b5a0af8ade9ba340db4a73bb1a4a3e5fb4f",
+ "sha256:2c58b24e3a63efd22554c676d81b0e57f80e0a7d3a5874a7e14ce90ec40d3069",
+ "sha256:2d33a11f601213dcd5718109c09a52c2a1c893e7461f0be2d6febc2879ec2402",
+ "sha256:336b9036127eab855beec9662ac3ea13a4544a523ae273cbf108b228ecac8437",
+ "sha256:337a74fd2f291c607d220c793a8135273c4c2ab001b03e601c36766005f36885",
+ "sha256:37ff6b522a26d0538b753f0b4e8e164fdada12db6c6f00f62145d732d8a3152e",
+ "sha256:3d1f14f5f691f55e1b47f824ca4fdcb4b19b4323fe43cc7bb105988cad7496be",
+ "sha256:4134d3f1ba5f15027ff5c04296f13328fecd46921424084516bdb1b2548e66ff",
+ "sha256:4ad2f835e0ad81d1689f1b7e3fbac7b01bb8777d5a985c8962bedee0cc6d43da",
+ "sha256:50dff9cc21826d2977ef2d2a205504034e3a4563ca6f5db739b0d1026658e004",
+ "sha256:510cef4a3f401c246cfd8227b300828715dd055463cdca6176c2e4036df8bd4f",
+ "sha256:5aed7dde98403cd91d86a1115c78d8145c83078e864c1de1064f52e6feb61b20",
+ "sha256:69bd1a15d7ba3694631e00df8de65a8cb031911ca11f44929c97fe05eb9b6c1d",
+ "sha256:6bf088c1ce160f50ea40764f825ec9b72ed9da25346216b91361eef8ad1b8f8c",
+ "sha256:6e8c66f70fb539301e064f6478d7453e820d8a2c631da948a23384865cd95544",
+ "sha256:74a04183e6e64930b667d321524e3c5361094bb4af9083db5c301db64cd341f3",
+ "sha256:75e636fd3e0fb872693f23ccb8a5ff2cd578801251f3a4f6854c6a5d437d3c04",
+ "sha256:7761afe0126d046974a01e030ae7529ed0ca6a196de3ec6937c11df0df1bc91c",
+ "sha256:7888310f6214f19ab2b6df90f3f06afa3df7ef7355fc025e78a3044737fab1f5",
+ "sha256:7b0554af24df2bf96618dac71ddada02420f946be943b181108cac55a7a2dcd4",
+ "sha256:7c7b502bc34f6e32ba022b4a209638f9e097d7a9098104ae420eb8186217ebbb",
+ "sha256:808add66ea764ed97d44dda1ac4f2cfec4c1867d9efb16a33d158be79f32b8a4",
+ "sha256:831e648102c82f152e14c1a0938689dbb22480c548c8d4b8b248b3e50967b88c",
+ "sha256:93689632949aff41199090eff5474f3990b6823404e45d66a5d44304e9cdc467",
+ "sha256:96b5e6874431df16aee0c1ba237574cb6dff1dcb173798faa6a9d8b399a05d0e",
+ "sha256:9a54614049a18a2d6fe156e68e188da02a046a4a93cf24f373bffd977e943421",
+ "sha256:a138441e95562b3c078746a22f8fca8ff1c22c014f856278bdbdd89ca36cff1b",
+ "sha256:a647c0d4478b995c5e54615a2e5360ccedd2f85e70ab57fbe817ca613d5e63b8",
+ "sha256:a9c9bc489f8ab30906d7a85afac4b4944a572a7432e00698a7239f44a44e6efb",
+ "sha256:ad2277b185ebce47a63f4dc6302e30f05762b688f8dc3de55dbae4651872cdf3",
+ "sha256:adabc0bce035467fb537ef3e5e74f2847c8af217ee0be0455d4fec8adc0462fc",
+ "sha256:b6d5e92df2b77665e07ddb2e4dbd6d644b78e4c0d2e9272a852627cdba0d75cf",
+ "sha256:bc431b065722a5ad1dfb4df354fb9333b7a582a5ee39a90e6ffff688d72f27a1",
+ "sha256:bdd0de2d64688ecae88dd8935012c4a72681e5df632af903a1dca8c5e7aa871a",
+ "sha256:c79698d4cd9318d9481d89a77e2d3fcaeff5486be641e60a4b49f3d2ecca4e28",
+ "sha256:cb6259196a589123d755380b65127ddc60f4c64b21fc3bb46ce3a6ea663659b0",
+ "sha256:d5b87da55a08acb586bad5c3aa3b86505f559b84f39035b233d5bf844b0834b1",
+ "sha256:dcd7b9c7139dc8258d164b55696ecd16c04607f1cc33ba7af86613881ffe4ac8",
+ "sha256:dfe4c1fedfde4e2fbc009d5ad420647f7730d719786388b7de0999bf32c0d9fd",
+ "sha256:ea98f633d45f7e815db648fd7ff0f19e328302ac36427343e4432c84432e7ff4",
+ "sha256:ec52c351b35ca269cb1f8069d610fc45c5bd38c3e91f9ab4cbbf0aebc136d9c8",
+ "sha256:eef7592281f7c174d3d6cbfbb7ee5984a671fcd77e3fc78e973d492e9bf0eb3f",
+ "sha256:f07f1f00e22b231dd3d9b9208692042e29792d6bd4f6639415d2f23158a80013",
+ "sha256:f3fac744f9b540148fa7715a435d2283b71f68bfb6d4aae24482a890aed18b59",
+ "sha256:fa768eff5f9f958270b081bb33581b4b569faabf8774726b283edb06617101dc",
+ "sha256:fac2d65901fb0fdf20363fbd345c01958a742f2dc62a8dd4495af66e3ff502a4"
+ ],
+ "index": "pypi",
+ "version": "==9.2.0"
+ },
+ "pycparser": {
+ "hashes": [
+ "sha256:8ee45429555515e1f6b185e78100aea234072576aa43ab53aefcae078162fca9",
+ "sha256:e644fdec12f7872f86c58ff790da456218b10f863970249516d60a5eaca77206"
+ ],
+ "version": "==2.21"
+ },
"pygments": {
"hashes": [
"sha256:56a8508ae95f98e2b9bdf93a6be5ae3f7d8af858b43e02c5a2ff083726be40c1",
@@ -565,6 +736,14 @@
"markers": "python_version >= '3.7'",
"version": "==2.0.1"
},
+ "tinycss2": {
+ "hashes": [
+ "sha256:2b80a96d41e7c3914b8cda8bc7f705a4d9c49275616e886103dd839dfc847847",
+ "sha256:8cff3a8f066c2ec677c06dbc7b45619804a6938478d9d73c284b29d14ecb0627"
+ ],
+ "markers": "python_version >= '3.7'",
+ "version": "==1.2.1"
+ },
"typing-extensions": {
"hashes": [
"sha256:1511434bb92bf8dd198c12b1cc812e800d4181cfcb867674e0f8279cc93087aa",
@@ -612,13 +791,20 @@
"markers": "python_version >= '3.6'",
"version": "==2.1.9"
},
+ "webencodings": {
+ "hashes": [
+ "sha256:a0af1213f3c2226497a97e2b3aa01a7e4bee4f403f95be16fc9acd2947514a78",
+ "sha256:b36a1c245f2d304965eb4e0a82848379241dc04b865afcc4aab16748587e1923"
+ ],
+ "version": "==0.5.1"
+ },
"zipp": {
"hashes": [
- "sha256:3a7af91c3db40ec72dd9d154ae18e008c69efe8ca88dde4f9a731bb82fe2f9eb",
- "sha256:972cfa31bc2fedd3fa838a51e9bc7e64b7fb725a8c00e7431554311f180e9980"
+ "sha256:4fcb6f278987a6605757302a6e40e896257570d11c51628968ccb2a47e80c6c1",
+ "sha256:7a7262fd930bd3e36c50b9a64897aec3fafff3dfdeec9623ae22b40e93f99bb8"
],
"markers": "python_version >= '3.7'",
- "version": "==3.9.0"
+ "version": "==3.10.0"
}
},
"develop": {
diff --git a/docs/.authors.yml b/docs/.authors.yml
index 2d68fc6..6661b84 100644
--- a/docs/.authors.yml
+++ b/docs/.authors.yml
@@ -1,16 +1,24 @@
-jonaharagon:
- name: Jonah
- description: Team Member
- avatar: https://github.com/jonaharagon.png
-freddy-m:
- name: Freddy
- description: Team Member
- avatar: https://github.com/freddy-m.png
-dngray:
- name: Daniel
- description: Team Member
- avatar: https://github.com/dngray.png
danarel:
name: Dan Arel
description: Guest Contributor
avatar: https://github.com/danarel.png
+dngray:
+ name: Daniel
+ description: Team Member
+ avatar: https://github.com/dngray.png
+freddy-m:
+ name: Freddy
+ description: Team Member
+ avatar: https://github.com/freddy-m.png
+jonaharagon:
+ name: Jonah
+ description: Team Member
+ avatar: https://github.com/jonaharagon.png
+natebartram:
+ name: Nate Bartram
+ description: Guest Contributor
+ avatar: https://gitlab.com/uploads/-/system/user/avatar/8993331/avatar.png
+sam-howell:
+ name: Sam Howell
+ description: Guest Contributor
+ avatar: https://gitlab.com/uploads/-/system/user/avatar/5349522/avatar.png
diff --git a/docs/assets/images/the-trouble-with-vpn-and-privacy-review-sites/image1.png b/docs/assets/images/the-trouble-with-vpn-and-privacy-review-sites/image1.png
new file mode 100644
index 0000000..d6816d4
Binary files /dev/null and b/docs/assets/images/the-trouble-with-vpn-and-privacy-review-sites/image1.png differ
diff --git a/docs/index.md b/docs/index.md
index 05761ac..0e7e2ca 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -1 +1 @@
-# Blog
+# Privacy Guides Blog
diff --git a/docs/posts/.meta.yml b/docs/posts/.meta.yml
new file mode 100644
index 0000000..f9defc8
--- /dev/null
+++ b/docs/posts/.meta.yml
@@ -0,0 +1 @@
+comments: true
diff --git a/docs/posts/choosing-the-right-messenger.md b/docs/posts/choosing-the-right-messenger.md
new file mode 100644
index 0000000..e3337d4
--- /dev/null
+++ b/docs/posts/choosing-the-right-messenger.md
@@ -0,0 +1,107 @@
+---
+date: 2019-11-27
+categories:
+ - Instant Messengers
+ - Software
+authors:
+ - danarel
+---
+# Choosing The Right Messenger
+
+One of the most common questions users have when it comes to privacy is about messaging services. It seems almost all of them mention some level of privacy or encryption to entice the user to sign up for their service, but how can you be sure you’re using the most secure, privacy respecting platform?
+
+The answer actually lies in one’s [threat model](https://www.privacyguides.org/basics/threat-modeling/), which is often an ignored step in choosing all privacy related apps and services, meaning a lot of users limit their internet and communication experience because they believe they need Edward Snowden level privacy settings.
+
+The truth is, each user needs to decide what their privacy goals are. Is your goal to stop corporations from tracking you, targeting you, and profiting from your data? Or, are you are trying to hide communications from the government or law enforcement, which is common for journalists and activists who want to protect their sources or communications from government eyes?
+
+Once you understand your goals you can start to look at messengers and their upsides and downsides, and it’s important to remember, there is no perfect solution. Each service, no matter how secure can be compromised, because at the end of the day, you’re dealing with other humans who can screenshot, copy, or forward your messages to parties you did not intend to see them. So, it’s also important to know who you are messaging, verifying their keys, and ensuring that you place the utmost trust in them with the content you are sending.
+
+If your goal is to simply avoid corporate tracking and the harvesting of your data from your communications, you can eliminate apps such as Facebook Messenger and WhatsApp, both services owned by Facebook and while offering encrypted messaging (optional in Messenger), Facebook [reads your non-encrypted messages](https://web.archive.org/web/20210729190737/https://www.digitaltrends.com/social-media/facebook-reads-messenger-messages/), and WhatsApp has [fallen victim](https://web.archive.org/web/20210729190737/https://www.forbes.com/sites/zakdoffman/2019/05/14/whatsapps-cybersecurity-breach-phones-hit-with-israeli-spyware-over-voice-calls/#734cec155549) to security breaches.
+
+For this type of user, your options are much more wide as you may be more willing to share your email address or phone number at signup and can be less concerned with metadata (we will get to that shortly), and you want to look for a messenger that simply isn’t scanning your content or behavior to sell it.
+
+If your goal is to evade more massive state-sponsored surveillance programs, the aforementioned apps are out of the question, but so are many others.
+
+This is because when it comes to these apps, and other like it, you don’t own the encryption keys, the service does, so they are able to decrypt your messages, for their own use, or for the use of government officials who request it. This is something important you’ll want to remember as you choose the messenger that is right for you.
+
+Even Apple’s iMessage, which is encrypted, while more secure than Facebook’s offerings, still control the keys and can access your messages if necessary. Apple does also collect data based on your behavior, so while using iMessage isn’t the same as handing your data over to Facebook, you’re still messaging with a variety of privacy vulnerabilities. On Android, you’re using SMS messages which are even less secure and can be [easily hijacked](https://web.archive.org/web/20210729190737/https://www.theverge.com/2017/9/18/16328172/sms-two-factor-authentication-hack-password-bitcoin) by someone with just enough know-how.
+
+## Metadata
+
+One important aspect of messaging apps you need to be sure of is what kind of [metadata](https://ssd.eff.org/en/glossary/metadata) it exposes, what is encrypted and what isn’t.
+
+Wire, a popular encrypted messenger app has always been criticized for its decision not to encrypt user metadata, such as the date and time of registration, IP geographical coordinates, and the date and time of creation, creator, name, and list of participants in a conversation.
+
+Metadata can be used to place you in a certain location, speaking to a certain person and can be used against you by law enforcement, even if they have no idea and no access to what the conversation was about.
+
+Apps such as Signal, or Wickr encrypt metadata, making the conversations between two or more parties more secure and harder to track individual users with.
+
+When it comes to avoiding corporate data mining, your metadata won’t be as useful, especially if you’re using a service that is not profiting from your data to begin with. For those avoiding state-sponsored surveillance, [metadata can be a killer](https://web.archive.org/web/20210729190737/https://theintercept.com/2019/08/04/whistleblowers-surveillance-fbi-trump/).
+
+## Encryption
+
+This article will not get into the complexities of the best kinds of end-to-end encryption (E2EE), but ensuring your messenger has it, that must be discussed.
+
+The popular messaging app Telegram has come under fire the most for this. Telegram says on their homepage that, “Telegram messages are heavily encrypted and can self-destruct.” Yet, this statement is only partially true. Yes, you can set your messages to self-destruct, a great privacy feature for some, and yes, they do offer encryption, but what they don’t tell users is that encryption isn’t turned on by default.
+
+In an [interview](https://web.archive.org/web/20210729190737/https://gizmodo.com/why-you-should-stop-using-telegram-right-now-1782557415) with Gizmodo, Christopher Soghoian, Principal Technologist and Senior Policy Analyst at the American Civil Liberties Union said that, "There are many Telegram users who think they are communicating in an [end-to-end] encrypted way, when they’re not because they don’t realize that they have to turn on an additional setting,” he continued to say that while he’s happy they offer the encryption, it’s not useful if it’s turned off.
+
+Apps such as Signal, Keybase, and Wickr offer E2EE by default. Less popular but quickly growing apps such as Element, offer E2EE but like Telegram, have not made it a default setting, though the Matrix.org team has [said](https://web.archive.org/web/20210729190737/https://github.com/vector-im/element-web/issues/6779) that default encryption is on their road map.
+
+Ensuring your conversations and metadata are E2EE is one of the best practices you can have when choosing a messenger.
+
+## Registration Process
+
+When it comes to your goals and threat model, you will need to decide how much, if any, information you’re willing to give this company on signup. Do they require a phone number and or SIM card? Do they require an email address, or do they allow completely anonymous signups, and how anonymous is anonymous? Are they storing that info (remember the metadata) unencrypted?
+
+Giving up your phone number or email won’t be a big deal for many, as any good privacy policy will state they won’t use it for any purpose other than those you’ve granted permission for. Yet, for those avoiding state-sponsored surveillance, you may have a regularly changing number, no number, or would rather not risk giving that information up. Same goes for email.
+
+So, you will want to find a service that fits this need. While Signal is currently testing signup without a phone number, currently you’re unable to do so. Element, Wickr, many XMPP services, don’t require anything but choosing a username.
+
+## Source Code
+
+Open source may be the most used phrase in all of privacy and security, and for good reason. It’s really helpful to be able to review the source code of the product you’re trusting. Experts can look for backdoors, leaks, and other bugs. Organizations that opt to open source their code are showing good faith effort to increase trust between them and the user.
+
+Yet, open source can also limit your options, again, depending on your threat model and goals. Signal, Wire, and Keybase all offer open source repositories of their applications, and sometimes even the server software itself.
+
+Open source also doesn’t mean secure. This is often misunderstood, and people hear open source and assume it must be good. Look at the apps code you want to use, you don’t need to be able to check it, but are others? An open source app that no one follows, or contributes to is no more or less secure than a closed source app.
+
+Wickr, Threema, and others are closed source. They don’t offer the ability to check the source, but that doesn’t immediately rule them out either. When the Electronic Frontier Foundation (EFF) had a comparison chart for messenger apps, it gave Wickr 5-stars. This doesn’t mean it’s perfect for someone like Snowden, but for those avoiding Facebook and Google, it could be a usable option.
+
+It’s also important to remember there’s no way to check that someone is always using the source code in their repository in the app or server you’re downloading from the Apple Store or Google Play. When it comes to this, reputation becomes a key player in your decision, as does trust, which we will get to next.
+
+If you’re unsure what to do here, it’s always a safe bet to stick with open source that has a large contributor base and strong reputation. It’s always best to use open source options when they are available and only recommend closed source when there isn’t a usable open source option. This is generally a good way to pick a messenger app as well.
+
+## Ownership & Trust
+
+An often overlooked, but increasingly important part of choosing a secure messenger is, who owns the company that’s providing your service? What would the gain or lose from selling your data and who does the company answer to?
+
+Wire [recently lost](https://web.archive.org/web/20210729190737/https://blog.privacytools.io/delisting-wire/) a great deal of trust and standing in the privacy world because they quietly sold their company and moved it to the US. They also changed parts of their privacy policy making it harder for users to tell when Wire would share customer data. They did all of this while never updating their current users of such changes, either to the change of the privacy policy, or the move to the US.
+
+Wire also took in more than $8 million in venture capital funding. So now, users wanted to know more about who owned their data and what jurisdictional rights were changing with the move from Europe to the United States?
+
+These are questions we must ask of all services. Wire now has investors to answer to who will want a return on their millions of dollars.
+
+Signal on the other hand is a [non-profit](https://signal.org/blog/signal-foundation/) which does not rely on investors and instead relies on donations, sponsorships, and grants. Because of their non-profit status in the US, they must also be highly transparent about not only where the money comes from, but how they spend it. So, users can see where this money goes, and who it’s going to.
+
+Matrix.org (the service Element uses) runs a similar business model as Signal, located in the UK instead of the US, they reply on donations, partnerships, and grants. Matrix.org is heavily supported by New Vector, a venture capital backed company, however, Matrix.org as a non-profit is transparent about its spending, income, and influences.
+
+Not all services are non-profit, and that should not rule them out immediately. You can also follow their funding goals. Wire lost credibility because instead of simply relying on user signups, they wanted to be the next Skype for Business and wanted to build a larger enough user base to get the attention of investors. Meanwhile apps such as Wickr, while for-profit, is transparent about taking limited investors to become sustainable on subscriptions.
+
+This can take some time, because it’s important to know who the investors are, and what the organizational goals are. Will they eventually need to resort to data harvesting to sustain itself, if they do, and you decide to leave the platform, will you leave behind data you don’t want them to get their hands on?
+
+## Making Your Choice
+
+Now it’s time to choose a messenger and no one can do that for you. Popularity will need to play a role here, there’s no point in joining the new up and coming messenger service if you don’t have a single contact using it as well. One reason Telegram has been so popular is they have managed to convince more than 100 million people to sign up. If you sign in today, you’ll likely see a group of your friends in there. Signal isn’t as far behind, and others are catching up.
+
+You’ll need to decide who you trust, and who your other contacts trust, and then compare all of that with your goals and your threat model. How much information are you willing to give on signup, does metadata matter to your threat model, and is the service you’re choosing likely to sell itself to the highest bidder once enough people sign up?
+
+The important thing to remember is there is no one size fits all for messengers, and that each user must decide what is best for them. If someone is an avid WhatsApp or Facebook Messenger user, even Telegram is a step in the right direction. Yet, if that user is concerned with more than just giving data over to Facebook, they may need to look at more secure options.
+
+Ensure you keep your messenger apps up to date. You don’t want to discover you’ve been compromised because a bug found in version 1 was fixed in version 2 but you didn’t bother upgrading your apps.
+
+One last piece of advice is that users need to be diligent and never become complacent in their decision. You must be willing to change services if the goals and values of your messenger of choice change in a way that no longer match yours. Look for news of sales, mergers, or acquisitions that could compromise the organization.
+
+---
+
+*Dan Arel is a journalist, author, and privacy advocate. This article was originally published to [Hacker Noon](https://hackernoon.com/choosing-the-right-messenger-mm3x2z47) on November 27th, 2019.*
diff --git a/docs/posts/firefox-privacy-2021-update.md b/docs/posts/firefox-privacy-2021-update.md
index 028ddf1..30429e9 100644
--- a/docs/posts/firefox-privacy-2021-update.md
+++ b/docs/posts/firefox-privacy-2021-update.md
@@ -2,6 +2,7 @@
date: 2021-12-01
categories:
- Browsers
+ - Software
authors:
- dngray
---
@@ -9,7 +10,7 @@ authors:
A lot changed between 2019 and now, not least in regards to Firefox. Since our last post, Mozilla has [improved](https://blog.mozilla.org/en/products/firefox/latest-firefox-rolls-out-enhanced-tracking-protection-2-0-blocking-redirect-trackers-by-default/) privacy with [Enhanced Tracking Protection (ETP)](https://blog.mozilla.org/en/products/firefox/firefox-now-available-with-enhanced-tracking-protection-by-default/). Earlier this year Mozilla introduced [Total Cookie Protection](https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/) (Dynamic First Party Isolation dFPI). This was then further tightened with [Enhanced Cookie Clearing](https://blog.mozilla.org/security/2021/08/10/firefox-91-introduces-enhanced-cookie-clearing/). We’re also looking very forward to [Site Isolation](https://blog.mozilla.org/security/2021/05/18/introducing-site-isolation-in-firefox/) (code named Fission) being enabled by default in the coming releases.
-Now that so many privacy features are built into the browser, there is little need for extensions made by third-party developers. Accordingly, we have updated our very outdated [browser](../../../../desktop-browsers.md) section. If you’ve got an old browser profile we suggest **creating a new one**. Some of the old advice may make your browser _more_ unique.
+Now that so many privacy features are built into the browser, there is little need for extensions made by third-party developers. Accordingly, we have updated our very outdated [browser](https://www.privacyguides.org/desktop-browsers/) section. If you’ve got an old browser profile we suggest **creating a new one**. Some of the old advice may make your browser _more_ unique.
#### Privacy Tweaks “about:config”
diff --git a/docs/posts/firefox-privacy.md b/docs/posts/firefox-privacy.md
new file mode 100644
index 0000000..606cf27
--- /dev/null
+++ b/docs/posts/firefox-privacy.md
@@ -0,0 +1,145 @@
+---
+date: 2019-11-09
+categories:
+ - Browsers
+ - Software
+authors:
+ - jonaharagon
+---
+# Firefox Privacy: Tips and Tricks for Better Browsing
+
+Mozilla Firefox is one of the most popular web browsers around, and for good reason. It's fast, secure, open-source, and it's backed by an organization that actually respects your privacy. Unlike many other Chrome alternatives and forks, it has a massive development team behind it that publishes new updates on a constant, regular basis. Regular updates doesn't only mean shiny new features, it means you'll also receive security updates that will keep you protected as you browse the web.
+
+Because of all of this, [we recommend Firefox](https://www.privacyguides.org/desktop-browsers/#firefox) as our general-purpose browser for most users. It's the best alternative to Chrome and Edge for privacy conscious individuals.
+
+Firefox is fantastic out of the box, but where it really shines is customizability. By adjusting Firefox privacy settings and using helpful add-ons, you can increase your privacy and security even further. Making those changes is what we're going to go over in this Firefox privacy guide.
+
+Before we get started, there's a couple things that should be noted that are not only applicable to this guide, but privacy in general:
+
+## Considerations
+
+Protecting your privacy online is a tricky proposition, there are so many factors to take into consideration on an individual basis for any one guide or site to cover comprehensively. You will need to take into account things like threat modeling and your general preferences before making any changes or following any recommendations.
+
+### Threat Modeling
+
+What is [threat modeling](https://www.privacyguides.org/basics/threat-modeling/)? Consider who you're trying to keep your data hidden from. Do you need to keep your information hidden from the government, or just the average stranger? Maybe you are just looking to alternatives to Big Tech like Google and Facebook. You'll also want to consider how much time and resources you want to spend hiding your data from those "threats". Some solutions might not be feasible from a financial or time standpoint and you'll have to make compromises. Taking all those questions into account creates a basic threat model for you to work with.
+
+We want to publish a more complete guide on threat modeling in the future, so stay tuned to this blog for further updates. But for now, just keep those thoughts in the back of your mind as we go through this article. Not every solution might be for you, or conversely you may need to pay more attention to certain areas we aren't able to cover completely.
+
+### Browser Fingerprinting
+
+Another consideration is your browser's fingerprint. When you visit a web page, your browser voluntarily sends information about its configuration, such as available fonts, browser type, and add-ons. If this combination of information is unique, it may be possible to identify and track you without using more common tracking tools, like cookies.
+
+That's right, add-ons contribute to your fingerprint. Another thing a lot of people miss when they are setting up their browser is that more is not always the best solution to their problems. You don't need to use every add-on and tweak we recommend installed, and the more you configure the greater chance there is that your browser will appear more unique to websites. Think about your specific situation and pick and choose the add-ons and tweaks we recommend only if you think they will help you.
+
+## Firefox Privacy Settings
+
+We'll start off with the easy solutions. Firefox has a number of privacy settings built in, no add-ons necessary! Open your Options page (Preferences on macOS) and we'll go through them one at a time.
+
+### DNS over HTTPS
+
+DNS (or the Domain Name System) is what your browser uses to turn domain names like `privacyguides.org` into IP addresses like `65.109.20.157`. Because computers can only make connections to IP addresses, it's necessary to use DNS every time you visit a new domain. But DNS is unencrypted by default, that means everyone on your network (including your ISP) can view what domains you're looking up, and in some situations even change the IP answers to redirect you to their own websites! Encrypting your DNS traffic can shield your queries and add some additional protection to your browsing.
+
+Encrypted DNS takes many forms: DNS over HTTPS (DoH), DNS over TLS, DNSCrypt, etc., but they all accomplish the same thing. They keep your DNS queries private from your ISP, and they make sure they aren't tampered with in transit between your DNS provider. Fortunately, Firefox recently added native DoH support to the browser. On the **General** page of your preferences, scroll down to and open **Network Settings**. At the bottom of the window you will be able to select "Enable DNS over HTTPS" and choose a provider.
+
+Keep in mind that by using DoH you're sending all your queries to a single provider, probably Cloudflare unless you choose [another provider](https://www.privacyguides.org/dns/) that supports DNS over HTTPS. While it may add some privacy protection from your ISP, you're only shifting that trust to the DoH provider. Make sure that's something you want to do.
+
+It should also be noted that even with DoH, your ISP will still be able to see what domain you're connecting to because of a technology called Server Name Indication (SNI). Until SNI is encrypted as well, there's no getting around it. Encrypted SNI (eSNI) is in the works — and can actually be [enabled on Firefox](https://blog.cloudflare.com/encrypt-that-sni-firefox-edition/) today — but it only works with a small number of servers, mainly ones operated by Cloudflare, so its use is limited currently. Therefore, while DoH provides some additional privacy and integrity protections, its use as a privacy tool is limited until other supplemental tools like eSNI and [DNSSEC](https://www.icann.org/resources/pages/dnssec-what-is-it-why-important-2019-03-05-en) are finalized and implemented.
+
+### Change Your Search Engine
+
+This is an easy one. In the **Search** tab, change your **Default Search Engine** to something other than Google. Out of the built-in options, DuckDuckGo is the most privacy respecting service, but there's a number of [search engines we would recommend](https://www.privacyguides.org/search-engines/) that can be easily installed as well.
+
+### Enhanced Tracking Protection
+
+Now we'll delve into the biggest set of options for people like us, Firefox's **Privacy & Security** tab. First up is their **Enhanced Tracking Protection**. This set of filters is set to Standard by default, but we'll want to change it to Strict for more comprehensive coverage.
+
+In rare occasions, Strict browsing protections might cause some of the websites you visit to not function properly. But there's no need to worry! If you suspect the Strict browsing protection is breaking a website you visit frequently, you can disable it on a site by site basis with the shield icon in the address bar.
+
+Disabling Enhanced Tracking Protection will of course decrease your privacy on that site, so you will have consider whether that's something you are willing to compromise on, on a site-by-site basis.
+
+Another benefit of Firefox's Enhanced Tracking Protection is that it can actually speed up your browsing! Advertising networks and social media embeds can sometimes make your browser download huge files just to show an ad or a like button, and blocking those out trims the fat, in a sense.
+
+### Disabling Telemetrics
+
+When you use Firefox, Mozilla collects information about what you do, what kind of extensions you have installed, and various other aspects of your browser. While they claim to do this in a privacy-respecting way, sending as little data as possible is always preferred from a privacy standpoint, so we would go ahead and uncheck all the boxes under **Firefox Data Collection and Use** just to be safe.
+
+### Clearing Cookies and Site Data
+
+This one is for more advanced users, so if you don't understand what this is doing you can skip this section. Firefox provides the option to delete all your cookies and site data every time Firefox is closed. Cookies and site data are little pieces of information sites store in your browser, and they have a myriad of uses. They are used for things like keeping you logged in and saving your website preferences, but they also can be used to track you across different websites. By deleting your cookies regularly, your browser will appear clean to websites, making you harder to track.
+
+This will likely log you out of websites quite often, so make sure that's an inconvenience you're willing to put up with for enhanced privacy.
+
+## Firefox Privacy Add-Ons
+
+Of course, just the browser settings alone won't go quite far enough to protect your privacy. Mozilla has made a lot of compromises in order to provide a more functional browsing experience for the average user, which is completely understandable. But, we can take it even further with some browser add-ons that prevent tracking and make your experience more private and secure.
+
+[We recommend a number of fantastic add-ons](https://www.privacyguides.org/desktop-browsers/#ublock-origin) for Firefox, nine at the time of writing, but they aren't all necessary for everyone. Some of them provide redundant functionality to each other, and some of them accomplish similar tasks to the settings we've enabled above.
+
+When you are installing add-ons for Firefox, consider whether you actually need them for your personal browsing. Remember that fingerprinting warning from earlier? Adding as many extensions as possible might make you stand out more, which is not the goal.
+
+Keeping all that in mind, there are three add-ons I would consider necessary for virtually every user:
+
+- uBlock Origin
+- HTTPS Everywhere
+- Decentraleyes
+
+Out of the box, these add-ons only complement the settings we've described in this article already, and they have sane defaults that won't break the sites you visit.
+
+### uBlock Origin
+
+[**uBlock Origin**](https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/) is an efficient ad- and tracker-blocker that is easy on memory, and yet can load and enforce thousands more filters than competing blockers. We trust it because it is completely open-source. Additionally, unlike its competitors it has no monetization strategy: There's no "Acceptable" ads program or a similar whitelist like many other adblockers feature.
+
+### HTTPS Everywhere
+
+HTTPS is the secure, encrypted version of HTTP. When you see an address starting with `https://` along with the padlock in your browser's address bar, you know that your connection to the website is completely secure. This is of course important when you're logging into websites and sending your passwords and emails in a form. But it also prevents people on your network and your ISP from snooping in on what you're reading, or changing the contents of an unencrypted webpage to whatever they want.
+
+Therefore, [**HTTPS Everywhere**](https://addons.mozilla.org/en-US/firefox/addon/https-everywhere) is a must-have extension, all it does is upgrade your HTTP connections to HTTPS wherever possible. And because it works silently in the background, you probably will never notice it! We trust HTTPS Everywhere because it is completely open-source, and is developed by the Electronic Frontier Foundation, a non-profit dedicated to private and secure technologies.
+
+Of course, it only works with sites that support HTTPS on the server's side, so you'll still need to keep an eye on your address bar to make sure you're securely connected. But fortunately more and more websites have implemented HTTPS thanks to the advent of free certificates from organizations like Let's Encrypt.
+
+### Decentraleyes
+
+When you connect to many websites, your browser is most likely making connections to a myriad of "Content Delivery Networks" like Google Fonts, Akamai, and Cloudflare, to download fonts and Javascript that make the website run. This generally makes websites look and feel better, but it means you're constantly making connections to these servers, allowing them to build a fairly accurate tracking profile of you.
+
+[**Decentraleyes**](https://addons.mozilla.org/en-US/firefox/addon/decentraleyes) works by impersonating those CDNs locally in your browser. When a website wants to download a program like jQuery, instead of connecting to a remote CDN Decentraleyes will serve the file from its own cache of files. This means that you'll won't have to make remote CDN connections for the files that Decentraleyes supports, and therefore the remote CDNs can't track your browser. Because everything is stored locally instead of on a far away server, Decentraleyes has the added benefit of speeding up your browsing as well. Everything happens instantly, and you won't see a difference in the websites you visit.
+
+### Additional Privacy Add-Ons
+
+There is of course more functionality that can be achieved at the expense of more time spent configuring your browser and reduced website functionality. If you're looking for the most privacy options possible however, they may be for you. Check out our [desktop browsers recommendations page](https://www.privacyguides.org/desktop-browsers/) for further information and additional resources.
+
+## More Privacy Functionality
+
+Firefox has developed a number of other privacy tools that can be used to enhance your privacy or security. They may be worth looking into, but they have some drawbacks that would prevent me from recommending them outright.
+
+### Firefox Private Network
+
+Firefox Private Network is a new extension developed by Mozilla that serves as a [Virtual Private Network](https://www.privacyguides.org/basics/vpn-overview/) (VPN), securing you on public WiFi networks and other situations where you might trust Mozilla more than the ISP or network administrator. It is free in beta, but will likely be available at some subscription pricing once the test pilot ends.
+
+Firefox Private Network is still just a VPN, and there are a number of drawbacks you would want to consider before using it. We wrote an entire article on [choosing a VPN provider](https://www.jonaharagon.com/posts/choosing-a-vpn/) that is worth a read, but it boils down to the fact that your VPN provider will be able to see your web traffic. All you are accomplishing is shifting the trust from your network to the VPN provider, in this case *Cloudflare*, the operators behind this service.
+
+Additionally, unlike a traditional VPN, only data through the Firefox browser is protected, not every app on your machine. This means that it won't adequately protect you from many of the threats people typically want to protect against when they use a VPN, like IP leaks.
+
+And finally, Cloudflare and Mozilla are both US companies. There are a number of concerns with entrusting internet traffic to the US and other fourteen eyes countries that should not be overlooked.
+
+If you require a Virtual Private Network, we would look elsewhere. There are a number of [recommended providers](https://www.privacyguides.org/vpn/) like Mullvad that will provide a better experience at a low cost.
+
+### Multi-Account Containers
+
+Mozilla has an in-house add-on called [Multi-Account Containers](https://support.mozilla.org/en-US/kb/containers) that allows you to isolate websites from each other. For example, you could have Facebook in a container separate from your other browsing. In this situation, Facebook would only be able to set cookies with your profile on sites within the container, keeping your other browsing protected.
+
+A containers setup may be a good alternative to techniques like regularly deleting cookies, but requires a lot of manual intervention to setup and maintain. If you want complete control of what websites can do in your browser, it's definitely worth looking into, but we wouldn't call it a necessary addition by any means.
+
+## Additional Resources
+
+[Desktop Browsers (Privacy Guides)](https://www.privacyguides.org/desktop-browsers/) — Our comprehensive set of recommendations for browsers and tweaks you can make to enhance your privacy is a great next step for more advanced users looking to protect their privacy online.
+
+[arkenfox user.js](https://github.com/arkenfox/user.js) — For more advanced users, the arkenfox user.js is a "configuration file that can control hundreds of Firefox settings [...] which aims to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and breakage".
+
+[Mozilla's Privacy Policy](https://www.mozilla.org/en-US/privacy/) — Of course, we always recommend reading through the privacy statement of any organization you deal with, and Mozilla is no exception.
+
+## Firefox Privacy Summary
+
+In conclusion, we believe that Firefox is the most promising browser for privacy-conscious individuals. The non-profit behind it seems truly dedicated to promoting user control and privacy, and the good defaults coupled with the sheer customizability of the browser allow you to truly protect your information when you browse the web.
+
+For more Firefox privacy-related information, or for recommendations for non-desktop platforms, give our full page on [web browsers](https://www.privacyguides.org/desktop-browsers/) a read.
diff --git a/docs/posts/hide-nothing.md b/docs/posts/hide-nothing.md
index 8e708a8..30d095f 100644
--- a/docs/posts/hide-nothing.md
+++ b/docs/posts/hide-nothing.md
@@ -5,7 +5,7 @@ categories:
authors:
- danarel
---
-# "Hide Nothing"
+# Hide Nothing
In the wake of the September 11, 2001, attack on the United States, the US government enacted laws that weakened citizen privacy in the name of national emergency. This sent up many red flags for human rights and privacy advocates.
diff --git a/docs/posts/security-privacy-anonymity.md b/docs/posts/security-privacy-anonymity.md
new file mode 100644
index 0000000..f471630
--- /dev/null
+++ b/docs/posts/security-privacy-anonymity.md
@@ -0,0 +1,50 @@
+---
+date: 2021-02-23
+categories:
+ - Opinion
+authors:
+ - natebartram
+---
+# Security, Privacy, and Anonymity
+
+We may think that we know the differences between privacy, security and anonymity, however we often mix them up. People will often criticize a product or service as “not private” when they really mean “not anonymous.” Privacy, security, and anonymity often complement each other, but they are not always dependent on each other, and they are definitely not the same thing. A service can be private without being anonymous, or even secure without being private. Which one should you prioritize? To some extent, there are no wrong answers. It really comes down to your threat model and what your desired goal is. It is perfectly fine to pick a product that provides privacy even though it doesn't provide anonymity. Furthermore, it's okay to pick a product that doesn't provide security if it does provide one of the other features. The important thing is that you need to be aware what these products and services are and aren’t offering you so that you can use them correctly.
+
+There’s lots of ways to define privacy, security, and anonymity. Someone showed me [this](https://github.com/privacytools/privacytools.io/issues/1760#issuecomment-597497298) definition and I really liked it. It seems to pretty much hit the nail on the head when applying these terms specifically to data privacy and cybersecurity:
+
+**Anonymity**: *The sender and/or recipient's real ID is unknown*
+
+In the real world this could be a secret admirer sending a Valentine's Day card. Online this could be when ones "footprints" cannot lead back to the poster: e.g. Tor.
+
+**Privacy**: *The contents of the message can only be seen/heard by the intended recipient(s)*
+
+In the real world this could be a whispered conversation between two people in the middle of Siberia. Online this could be a Signal message, which is end-to-end encrypted and only the recipient & sender can read the contents.
+
+**Security** (in the context of privacy/anonymity): *The parties involved are who they say they are*
+
+In the real world this could be something unique and verifiable such as a passport or fingerprints. Online this could be certificates or PGP signatures.
+
+These topics often overlap: Privacy can help your security because if people don't know information about you, they can't effectively target you. For example, an attacker that doesn't know who you bank with cannot know which bank to target. Security can protect your privacy by forcibly controlling who has access to that information about you. Let’s take a few examples:
+
+## Security without Privacy or Anonymity
+
+The most obvious example of this that comes to mind is Google. Google has had almost no major data breaches in all their years of existence, yet they know almost everything about everyone to the point that the former CEO Eric Schmidt remarked "[We can more or less know what you're thinking about.](https://web.archive.org/web/20210729190743/https://www.zdnet.com/article/google-even-knows-what-youre-thinking/)" Google offers world-class security with zero privacy or anonymity.
+
+## Security and Some Privacy without Anonymity
+
+Consider the renowned encrypted messaging app Signal. Because your phone number is required, you can be unmasked by a court order or even a web search depending on the phone number you use. However, Signal is renowned for having some of the best security in the world, and the content of your messages and the information you transfer will be protected and controlled even if your identity is not. Top-notch security and privacy over the content of your messages, but anonymity cannot be guaranteed.
+
+## Anonymity without Security
+
+Cash is a great example of this. Paying for a product in cash preserves your anonymity - unless the business requires it, you don't have to give any kind of information at all. Yet, you have no security if the seller doesn't deliver the item (unless you have a receipt). You have no protection from fraud or anything like that.
+
+## Security with Privacy and Anonymity
+
+XMPP is arguably the best example of this. XMPP allows you to sign up without any real information, over a VPN or Tor connection for total anonymity. Additionally, the conversations can be protected by OMEMO encryption, meaning the data itself is also private. When used properly, this is as closed to perfect as you can get, if a bit user-unfriendly. (**Editor's note**: XMPP is not officially endorsed by Privacy Guides for the reasons listed [here](https://github.com/privacytools/privacytools.io/issues/1854).)
+
+## Closing Thoughts
+
+These three concepts are not necessarily dependent on each other. A secure product does not guarantee privacy, a private product does not guarantee security, and anonymity does not guarantee either. As I said before, there is nothing wrong with valuing one facet over another. It's also okay to use Signal even though it doesn't give you total anonymity. Just be sure you understand how a product is meant to be used and where it both shines and falls short. It would be awful to use Google thinking that it will give your communications total privacy and then your financial details get stolen by a [rogue employee](https://web.archive.org/web/20210729190743/https://nypost.com/2020/09/23/shopify-says-rogue-employees-may-have-stolen-customer-data/). Or if you used a service like Signal to organize protests in a hostile country only to be arrested once your phone number is unmasked. Know the limitations of the services you choose and decide what features are important to you. It’s also important to know that privacy and security are sliding scales. This could be an entire blog post on its own. Think of passwords. Any password – even “password” - is technically more secure than no password at all. But a 16-character randomly-generated password is even more secure than “password.” Sometimes it’s okay to find a solution that offers a blend – less privacy in one area in exchange for more security in another, or vice versa. Once again, it all comes back to your threat model, your needs, and your resources.
+
+---
+
+Originally published on [The New Oil](https://web.archive.org/web/20210729190743/https://thenewoil.xyz/privsecanon.html).
diff --git a/docs/posts/the-trouble-with-vpn-and-privacy-review-sites.md b/docs/posts/the-trouble-with-vpn-and-privacy-review-sites.md
new file mode 100644
index 0000000..96d5acb
--- /dev/null
+++ b/docs/posts/the-trouble-with-vpn-and-privacy-review-sites.md
@@ -0,0 +1,86 @@
+---
+date: 2019-11-20
+categories:
+ - Virtual Private Networks
+ - Opinion
+authors:
+ - jonaharagon
+---
+# The Trouble with VPN and Privacy Review Sites
+
+There’s a massive problem in the privacy world. Websites, social media accounts, and other platforms are constantly popping up out of nowhere, telling you to buy _The Greatest Service Ever_ in order to solve all your privacy woes, whatever that may be. These websites often employ marketing teams to make sure their “reviews” are what you see first when you begin your research. Some of them are even operated by VPN providers themselves, operating under anonymous business entities to hide their bias, or doing it right out in the open, hoping you’ll mistake their advertising-filled press releases and blogs as insider knowledge of the VPN space.
+
+When a seemingly “unbiased review” on a site is merely a paid advertisement in disguise, that website is breaking their reader’s trust. From a consumer’s point of view, affiliate marketing and other paid promotional techniques like this make it near impossible to know when a review is genuine or not.
+
+This isn’t going to be a lengthy blog post on advertising being bad, far from it. In fact, many of the VPN providers we recommend on _Privacy Guides_ engage in responsible advertising across various platforms. The key is transparency: Their advertisements should _look like advertisements_, and nothing else.
+
+I’m really looking to take the time here and identify “the bad” sites and resources that use these techniques to profit off a community just looking for reliable answers. Lots of sites like these will claim they’re acting in your best interest, but they’re just here to make money.
+
+One common thing I’ll see on these sites is a ranked list of providers that are ostensibly the best ones to choose from. These sites have supposedly done all the work for you, so you can just click and go, assured you’re making the right choices.
+
+So here’s my issue with ranking VPN providers: Let’s face it, VPN providers are all offering the same service, and they will either protect your information or they won’t. Ranking providers like this only serves as an easy way to guide users to a certain choice (in this case, the choice that will make the reviewers the most money).
+
+Let’s look at one of these “review” sites for example, which will go unnamed for the purposes of this article. On their homepage they prominently list 10 providers as the “best” VPN services, in this order:
+
+1. NordVPN
+2. Surfshark
+3. ExpressVPN
+4. PerfectPrivacy
+5. IPVanish
+6. Mullvad
+7. CyberGhost
+8. Trust.Zone
+9. ibVPN
+10. Private Internet Access
+
+To their credit, this review site also helpfully included an advertising disclosure in their footer. On this fairly well hidden away page, they note that they participate in affiliate programs from 8 providers, as follows:
+
+- NordVPN
+- SurfShark
+- ExpressVPN
+- Perfect-Privacy
+- IPVanish
+- CyberGhost
+- Trust.Zone
+- Private Internet Access
+
+_Hmm_. Look familiar? Of the 73 providers this site had reviewed at the time of writing this article, **all eight** of the VPN providers paying this review site happened to make their top 10 recommendations. In fact, you’d have to scroll down to #6 before you found a provider that wouldn’t pay them, practically buried.
+
+Furthermore, their list includes NordVPN, a company [notable for not disclosing security breaches](https://www.reddit.com/r/privacytoolsIO/comments/dl2m7b/nordvpn_confirms_one_of_their_finland_data_center/) in a timely fashion, and ExpressVPN, a provider [notable for using weak 1024-bit encryption keys](https://www.goldenfrog.com/blog/some-providers-use-weak-1024-bit-keys-vyprvpn-explains-why-its-strong-keys-matter) to protect their users. By any objective standard, these providers do not deserve to be included in a top 10 recommendations list for securing anybody’s information. This review site in particular claims to have set criteria for their recommendations, but this just demonstrates that any criteria can be adjusted to fit any goal you may have.
+
+If these sites truly wanted to be helpful, they would consolidate all the relevant information and present it to their users without making the choice for them. A provider is going to be better or worse for every user depending on their particular situation, and encouraging making an informed choice between options presented equally is far more beneficial to putting one over the other in a largely arbitrary fashion.
+
+But that isn’t to say they should just throw all the providers in a big table and call it a day. Almost worse than the ranking scheme above is when sites provide out of context lists of providers, often just with pricing and a link. Sometimes they will link you to a full review (more on that in a bit), but for the most part these sites just expect you to follow their recommendations blindly.
+
+
+
+These read like advertisements, because they usually are. Once again we see the usual suspects — NordVPN, ExpressVPN… — paraded as the gold standard in the VPN space, not out of any inherent value, but based on the value of their affiliate programs. To further this point, let’s take a look at how much each of the five providers above will pay you for a referral (on a one-month plan).
+
+1. ExpressVPN: $13 for first month
+2. NordVPN: $11.95 for first month
+3. VPNArea: $4.95 for first month
+4. VPN.ac: $2.90 for first month
+
+_Unfortunately, Perfect Privacy would not share their commission rates publicly, but if anyone has any information on that I’d be happy to receive it. What I will say is that based on the information above, I would not be surprised if it fell right between ExpressVPN and NordVPN’s rates. Their one-month plan costs $12.99, so assuming a 100% match on the first month (the standard from NordVPN and ExpressVPN) that would add up quite nicely._
+
+Once again, we see a lineup of providers ordered in a way that _conveniently_ pays the most to the website owner. And therein lies the issue with affiliate programs. Once you begin receiving financial compensation _on a per-signup basis_, you are now motivated to push the most users to the sites that pay more on a monthly basis, rather than the sites that will actually help the user.
+
+Occasionally, these recommendations are coupled with a “review” that is supposedly independent and unbiased, but in reality are simply more marketing tools to persuade you towards their opinions. In most cases, these reviewers will simply copy the VPN provider’s own press releases and even media, presenting their advertising as fact to their readers. These reviews are always hidden away as well, with main navigation links directing users towards the more affiliate-link-laden lists and tables that they’d much rather you browse. The true value of these review articles is the [Search Engine Optimization (SEO) advantage they bring](https://www.pcmag.com/news/367640/how-a-vpn-review-site-dominated-google-search-with-a-scam) in the rankings on Google, and not much more. More traffic = More clicks, at the expense of good, independent content and integrity.
+
+_Originally, this article contained a section about how ‘ThatOnePrivacySite’ was the last bastion of a hope in the VPN review world. However, that has since sold out to ‘Safety Detectives’, a site guilty of using all the affiliate tricks mentioned above. Goes to show, eh?_
+
+At [Privacy Guides](https://privacyguides.org/), we’ve developed a set list of criteria, and we make that abundantly clear when you read our list of [recommended VPN providers](https://privacyguides.org/vpn/). We also refrain from using affiliate links. As we’ve discussed, they are fundamentally flawed ways to market a service, and using them would break the trust our community has in our recommendations.
+
+We do have a sponsorship program, but all of our finances are handled in an incredibly transparent fashion. As a non-profit organization, the funding we receive cannot be used for private profit, and our community can see both where we receive money from and how it is being spent thanks to [Open Collective.](https://opencollective.com/privacyguides) Additionally, the recommendations on our site are handled by an entirely separate team of editors and contributors than the administrative team such as myself that handles the sponsorships and finances. The editors have sole control over our recommendations and operate entirely independently and on a volunteer-basis to ensure the choices we make are for the benefit of the privacy community over one individual.
+
+Ultimately, as a matter of policy our sponsors have no say over our recommendations, or whether they are recommended or a competitor is removed. We have given our community vast access to our website and internal workings to keep us in check and ensure we’re staying true to our word. This separation of management and editors is a strategy that has served the media industry well for decades, and makes all of our team and organization a more credible and trustworthy source of information.
+
+## Summary
+
+We have a lot of points we want to get across. The current landscape of privacy reviewers and “experts” weighing in on topics regarding the very companies that pay for their reviews is morally reprehensible, and just another way for big tech companies to collect all of our data more easily.
+
+Review sites should make it abundantly clear when their reviews are paid for by the VPN companies in any fashion, whether that be via affiliate programs or good old-fashioned sponsorships. This can’t be via a hidden-away disclosure in the footer or not published at all, but _clear_ and _close in proximity_ to the claims published on their site. **Customers are not expecting or seeking out these disclosures** when they visit review sites, and can’t be expected to immediately discern whether you’re speaking from a place of unbiased fact, or from a place with the greatest financial incentive. Better yet, they should reconsider their entire business model. Our site is based solely on a community donation model that still keeps us sustained. It’s the more difficult way to build a site to be sure, actually working to gain the trust of a huge community, but the difference in quality and integrity is remarkable.
+
+VPN providers should consider spending less money on paid reviews, and more money on securing and validating their infrastructure. Regular security audits are one fantastic way for companies to demonstrate their dedication to keeping their users secure. We strongly believe VPN services should consider our criteria, especially in regard to the ownership of their organization. Your VPN provider should not be hiding away in Panama controlled by anonymous leadership. While you _as a user_ deserve privacy, transparency should be _required_ of providers if you are expected to trust them. I would not give my money to some anonymous overseas investor, why would I give all of my internet traffic to some anonymous overseas administrator?
+
+Finally, when you’re choosing a VPN provider, do your own research. [Understand what a VPN actually does for you](https://www.jonaharagon.com/posts/understanding-vpns/). [Understand what it is a security audit proves](https://www.pcmag.com/article/371839/what-does-a-vpn-security-audit-really-prove), find out who owns and operates the VPN service you want to use, and make sure their policies and technologies reflect your values. [Ultimately gathering the information yourself](https://www.jonaharagon.com/posts/choosing-a-vpn/) and making an informed decision is the only way to make sure your privacy is being respected.
diff --git a/docs/posts/us-government-continues-encryption-war.md b/docs/posts/us-government-continues-encryption-war.md
new file mode 100644
index 0000000..e6d90c5
--- /dev/null
+++ b/docs/posts/us-government-continues-encryption-war.md
@@ -0,0 +1,34 @@
+---
+date: 2020-11-06
+categories:
+ - Opinion
+authors:
+ - freddy-m
+---
+# US Government Continues Encryption War
+
+Wars can be fought in the real world, but there is also a virtual battlefield - and it is just as harmful. The [Lawful Access to Encrypted Data Act](https://www.judiciary.senate.gov/press/rep/releases/graham-cotton-blackburn-introduce-balanced-solution-to-bolster-national-security-end-use-of-warrant-proof-encryption-that-shields-criminal-activity) is the latest attempt to access people's encrypted data, and it serves as another reinforcement.
+
+> This type of “warrant-proof” encryption adds little to the security of the communications of the ordinary user, but it is a serious benefit for those who use the internet for illicit purposes.
+
+This statement is plainly false. Encryption has as much benefit, if not more, for ordinary users. Encryption is used in every website that has the padlock sign (HTTP**S**), in every iPhone app since 2016, in every Android app since 2018 and in almost every modern application - and for good reason. Encryption helps protect sensitive information (such as that shared with your bank, or any time you use a password on a website). It may also help protect files which are not in use (at rest), or in the event the server is accessed by an unauthorised person (such as a criminal attempting to siphon off important data).
+
+In 2016, Bruce Schneier wrote an article on [the value of encryption](https://www.schneier.com/essays/archives/2016/04/the_value_of_encrypt.html) clearly outlining why encryption is needed. Schneier went on to say that when the US Government was [previously](us-government-wages-war-on-encryption.md) [fighting cryptography](https://en.wikipedia.org/wiki/Crypto_Wars), he wondered if they were aware how much they relied on it themselves. No-one is above the law, so if you ban strong encryption, the FBI should not use it either. Attorney General Barr [gives the impression](https://www.theregister.com/2019/07/23/us_encryption_backdoor/) that the government, along with certain large companies, should have an exception to the law. Barr recognizes that there are some things that are secret, but he doesn't recognize that regular citizens might also want to enjoy privacy as well.
+
+> "We are not talking about protecting the nation’s nuclear launch codes," Barr told the International Conference on Cybersecurity at Fordham University. [...]
+
+> "Nor are we necessarily talking about the customized encryption used by large business enterprises to protect their operations. We are talking about consumer products and services such as messaging, smart phones, email, and voice and data applications."
+
+Somehow, because your average Joe does not have government level secrets, he is no longer entitled to encryption. We are all humans, and we all need privacy. By taking away encryption, you are taking away privacy online.
+
+This act is aimed at Section 230, which ensures that no interactive computer service provider shall be treated as the publisher or speaker of content published by their users - an essential part of the survival of all search engines, social media platforms and video sharing sites. Without it, the internet would become a self-censored platform – one that is more concerned with fending off lawsuits than providing a medium for ideas and innovation as it originally was.
+
+It is easy to sympathize with an act that is being pushed through on the grounds that terrorists, pedophiles and drug-dealers all use encryption. Reading the New York Times' [reporting](https://www.nytimes.com/2020/02/19/podcasts/the-daily/child-sex-abuse.html) on online images of sexual abuse would leave some wondering why this sort of Act has not been passed already. Equally, if no-one had encryption then it would certainly be easier to catch the aforementioned crooks and felons.
+
+Encryption, however, did not create these problems; these crimes were around long before it came into existence. In addition, those who partake in illicit activity will always find loopholes and ways to do so, such as using products or encryption tools that don't have backdoors. Criminals do not obey laws by definition. Furthermore, many innocent people use similar encryption to these criminals, but only to protect privacy, not hide any illegalities, and yet they could still be subject to some kind of prosecution. It is assumed the use or possession of non-backdoored software would also become an offense if too many people used that instead. Statistically, it's agreed there are many more innocent people in society than criminals; those innocent people would be punished as a result of the bad actions of a few.
+
+It is not feasible for a government to make a law of this sort that can apply outside its own country. Governments around the world would almost certainly disagree on which countries should be allowed access to the backdoor. As a result, this backdoor would most certainly lead to every unauthorized party having access, as the key to decrypt the data would be discovered by third parties, this would result in completely broken encryption for all. In federated networks, such as Matrix, it's not even possible to add a backdoor to every homeserver. Federation decentralizes trust, which means that the person deploying the server isn't necessarily the same entity who makes the client software or server software. Matrix has even written a [thorough article](https://matrix.org/blog/2020/10/19/combating-abuse-in-matrix-without-backdoors) on how to combat this sort of abuse without backdoors.
+
+Weakening encryption will only result in criminals using strong encryption anyway, without fighting any of the problems that the law claims to solve. There is no easy solution, and it is down to politicians to provide one. Yes, encryption can be used by people with bad intentions, but it is also used by so many ordinary people who would never think to use it in a malicious way. Nearly every tool in life can be used for nefarious purposes, but does not mean it should be unavailable for legitimate non-criminal uses. You could hit someone with a hammer, but it doesn't mean hammers should be made out of foam, because if they were, people would just use knives instead. Weakening encryption will not solve these issues, and that's probably because they were not the focus of the Act. Instead, it seems that this law seeks to criminalize strong encryption that does not have backdoors, even though the government knows full well that this will not stop criminals. The US Government should stop devising new ways to breach its citizens' privacy, and focus on combating the issues that this Act fails to.
+
+In 1988, Timothy May [predicted](https://activism.net/cypherpunk/crypto-anarchy.html) that “the State will of course try to slow or halt the spread of [encryption], citing national security concerns, use of the technology by drug dealers and tax evaders, and fears of societal disintegration”. He was spot on.
diff --git a/docs/posts/us-government-wages-war-on-encryption.md b/docs/posts/us-government-wages-war-on-encryption.md
new file mode 100644
index 0000000..32104b4
--- /dev/null
+++ b/docs/posts/us-government-wages-war-on-encryption.md
@@ -0,0 +1,30 @@
+---
+date: 2020-03-29
+categories:
+ - Opinion
+authors:
+ - freddy-m
+---
+# US Government Wages War on Encryption
+
+As the world finds itself preoccupied with COVID-19, the United States government is trying to pass a law to ban encryption.
+
+It's called the EARN IT act, and while it claims to combat the sexual exploitation of children online, it has potentially devastating repercussions for encryption and companies that use it.
+
+> EARN IT focuses specifically on Section 230, which has historically given tech companies freedom to expand with minimal liability for how people use their platforms. Under EARN IT, those companies wouldn't automatically have a liability exemption for activity and content related to child sexual exploitation. Instead, companies would have to "earn" the protection by showing that they are following recommendations for combatting child sexual exploitation laid out by a 16-person commission.
+
+*(Source: WIRED "[The EARN IT Act Is a Sneak Attack on Encryption](https://web.archive.org/web/20210729184554/https://www.wired.com/story/earn-it-act-sneak-attack-on-encryption/)")*
+
+The US government has never been a fan of cryptography even though they make extensive use of it themselves. The "[Crypto Wars](https://en.wikipedia.org/wiki/Crypto_Wars)" provide more than enough evidence to suggest that this might not be the only reason they wish to ban the use of encryption by the public. A suspicion only further realized when you understand the breadth of the National Security Agency's [spying capabilities](https://en.wikipedia.org/wiki/Edward_Snowden#Global_surveillance_disclosures) as demonstrated by Edward Snowden.
+
+The logic behind the EARN IT act does not seem to add up. If we ban things because unsavory people use them then why does the US allow guns, for example? The problem is that strong lobbies who have the power to influence both politicians and the voting public exist to ensure that things like guns are never banned. Meanwhile, privacy advocates have such a small voice in comparison.
+
+It is also important to note that encryption is available to everyone, yet only a few use it for the wrong reasons. I am not responsible for the actions of anyone except myself. Group punishment is rarely the best option. PGP and similar encryption software were created to improve the privacy of communications and online file storage. The idea of secrecy or privacy is bound to attract some of the wrong people, and yet encryption is also a force for great good. It is used by governments to keep their secrets safe and privacy-seekers to take control of their information. It is used by activists, victims, and thousands of others who rely on it for their personal safety. And it is used by millions of regular people who use encryption — perhaps not even realizing it — on a daily basis to keep their identity, finances, medical information, and more out of the hands of criminals and ne'er-do-wells.
+
+People with the wrong intent will always find ways to get around anti-encryption laws, and there are many forms of communication that would be impossible to police. [Memespeech](https://www.obsessivefacts.com/memespeech) for example, is a supposedly censor-proof method of encryption which hides messages inside normal passages of free speech by adjusting the letter formatting. While Memespeech was built as a counter to the EARN IT act, it demonstrates that any encryption technology — including itself — could be easily built and utilized by the wrong people. Banning encryption unfortunately won't prevent pedophiles from communicating, it will only harm law-abiding citizens.
+
+If you live in the United States, the best thing you can do right now is to call your representatives and tell them not to pass the bill. The EFF has built a [helpful tool](https://act.eff.org/action/protect-our-speech-and-security-online-reject-the-graham-blumenthal-bill) if you are struggling with this.
+
+In this time of struggle, we must continue to pay a close eye on all aspects of our governments and their actions. The US government is already taking advantage of the situation, as they are currently also in talks with phone companies to [use phone location data](https://www.nbcnews.com/tech/tech-news/u-s-wants-smartphone-location-data-fight-coronavirus-privacy-advocates-n1162821) to help track the spread of the virus. Even if this power could be used responsibly to help prevent the spread of disease, historically we have seen that when power is handed to governments in the midst of a crisis, it is incredibly difficult to take it away in the aftermath.
+
+And if you find these ideas alarming, it is also important to realize **your** privacy is being abused on a daily basis. If you aren't already aware of this and actively doing something against it, this is a great time to get started and find out more. There are lots of great websites, communities, and video channels to help you learn.
diff --git a/docs/posts/weve-joined-the-open-collective-foundation.md b/docs/posts/weve-joined-the-open-collective-foundation.md
new file mode 100644
index 0000000..f850456
--- /dev/null
+++ b/docs/posts/weve-joined-the-open-collective-foundation.md
@@ -0,0 +1,20 @@
+---
+date: 2019-10-31
+categories:
+ - Announcements
+authors:
+ - jonaharagon
+---
+# We've joined the Open Collective Foundation 501(c)(3)
+
+[Privacy Guides](https://www.privacyguides.org) provides knowledge, recommendations, and services to protect you against global mass surveillance programs and encourage self-control of your data online. Our website is free of advertisements and is not affiliated with any listed providers, because we believe that our ability to recommend solutions without receiving financial kickbacks is incredibly important in remaining unbiased.
+
+However, we have always accepted and solicited financial contributions from our community. Running this network of websites and services for free to the public is a time-consuming and costly endeavor. We do it because we believe it is the right thing to do, not because we are looking to make a profit. Any contributions have been either used to pay our expenses or saved in a reserve for expansion or times of need.
+
+Today we are building on our transparency efforts by joining OpenCollective, a platform which will allow us to accept contributions and create expenses completely transparently. We are being sponsored by a fiscal host, the Open Collective Foundation, a nonprofit organization whose mission is to promote access to educational resources like ours.
+
+The Open Collective Foundation is a 501(c)(3) organization that is collecting these contributions on our behalf. Because of this, contributions to Privacy Guides through OpenCollective are **tax-deductible** for US taxpayers.
+
+Your support of this project will help us keep our servers running and pay for other various expenses accrued by the team while developing this community platform. We do not operate Privacy Guides for personal profit, and all funds will be used to further our mission in one form or another.
+
+Please consider contributing at [opencollective.com/privacyguides](https://opencollective.com/privacyguides) if you like what we do.
diff --git a/docs/posts/why-i-run-a-tor-relay.md b/docs/posts/why-i-run-a-tor-relay.md
new file mode 100644
index 0000000..11ab1b4
--- /dev/null
+++ b/docs/posts/why-i-run-a-tor-relay.md
@@ -0,0 +1,35 @@
+---
+date: 2020-05-04
+categories:
+ - Opinion
+authors:
+ - sam-howell
+---
+# Why I Decided to Run a Tor Relay
+
+It makes me smile when I come across someone struggling with the decision of whether to get a [VPN](https://www.privacyguides.org/vpn/). It makes me smile not because of the indecision and relative lack of knowledge, but because it wasn't so long ago I was in exactly the same position—perceiving VPNs to be some kind of extreme measure only the paranoid and the criminal resorted to. How wrong I was.
+
+In just a few months I've come to realize that something like a VPN is in fact a basic measure one might take in the effort to more freely roam the Internet—tainted as it is by censorship, surveillance and many other forms of state control. So where do you go from realizing these issues if you know them to be the threats that they are to democracy and freedom? You seek to *take control*.
+
+You discover the [Tor Project](https://www.torproject.org/)—or rather, you learn more about a network that's been around for years and for years has suffered the type of reputation which only blinds everyday people from its incredible potential for positive change in numerous oppressed countries around the world.
+
+At the time of writing there are over 6,300 Tor relays, and I like to think this number will continue to grow steadily. Each one—no matter its uptime, bandwidth or overall reputation, or whether it’s a Guard, Middle or Exit—each one is the direct result of an individual deciding to sacrifice money, time and effort for the cause of fighting for a freer Internet: enabling millions of users—journalists, bloggers, whistleblowers, activists and everyday people like you and I—to communicate anonymously, and therefore safely, wherever we are in the world.
+
+Like many others, at first I was unsure about running my own relay. The usual doubts and questions arose: surely it's too difficult; I don’t know much about servers, and it’s surely expensive and beyond my skill-set to configure one as a Tor relay. But then I watched this talk by the articulate, intelligent and passionate Tor Project developer [Jacob Appelbaum](https://www.invidio.us/watch?v=Wl5OQz0Ko8c) (if you do nothing else today, watch it).
+
+Jacob couldn’t have made a better case for direct action, requesting of the audience:
+
+> Raise your hand if you think anonymity is something that is good, and you think is a fundamental human right that we should all have...
+> Now raise your hand if you want to do something about it...
+> Now keep your hand up if you’re going to run a Tor relay...
+> Everybody that put your hand down, why aren’t you running a Tor relay? You can do something about it right now.
+
+And this is when it struck me, as I hope it struck many others at that talk: Am I doing enough? Can I claim to take this subject seriously if I’m not willing to invest the effort to really *be a part* of the solution? Not simply to donate money—which of course is still a great way to contribute—but to truly, technologically support the Tor network.
+
+It struck me that I have enough money, time and access to the right information to run my own relay. So it begged the question: Why *wouldn’t* I?
+
+At the time of writing my relay has been flagged ‘valid’, ‘running’ and ‘fast’ and is on track to have relayed around 750GB by the end of the month. It feels good. It feels really good.
+
+---
+
+*Sam is an elearning designer and privacy advocate interested in free (libre) software and how it can protect civil liberties. This article was [originally published](https://web.archive.org/web/20200508115203/https://samhowell.uk/dark/blog/blog-Tor_Relay.html) on my personal blog at [samhowell.uk](https://samhowell.uk), on February 15th, 2019. It is made available under the [Creative Commons By-SA 4.0 License](https://creativecommons.org/licenses/by-sa/4.0/).*
diff --git a/mkdocs.yml b/mkdocs.yml
index ad16c86..5086b1d 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -2,7 +2,7 @@ docs_dir: 'docs'
site_url: "https://blog.privacyguides.org/"
site_dir: 'site'
-site_name: Privacy Guides Blog
+site_name: Privacy Guides
site_description: |
Privacy Guides is your central privacy and security resource to protect yourself online.
copyright: |
diff --git a/theme/partials/comments.html b/theme/partials/comments.html
new file mode 100644
index 0000000..93cff2a
--- /dev/null
+++ b/theme/partials/comments.html
@@ -0,0 +1,14 @@
+{% if page.meta.comments %}
+
+
+
+{% endif %}