diff --git a/content/tools/advanced/alternative-networks/_index.md b/content/tools/advanced/alternative-networks/_index.md
index 8a8c8b56f..d1a3c0aed 100644
--- a/content/tools/advanced/alternative-networks/_index.md
+++ b/content/tools/advanced/alternative-networks/_index.md
@@ -12,25 +12,29 @@ description: These tools allow you to access networks other than the World Wide
When it comes to anonymizing networks, we want to specially note that [Tor](../../../wiki/advanced/tor-overview.md) is our top choice. It is by far the most utilized, robustly studied, and actively developed anonymous network. Using other networks could be more likely to endanger your [:material-incognito: Anonymity](../../../wiki/basics/common-threats.md#anonymity-vs-privacy){ .pg-purple }, unless you know what you're doing.
+
+{{< cards >}}
+ {{< card link="#tor" title="Tor" image="./tor.svg" subtitle="The Tor network is a group of volunteer-operated servers that allows you to connect for free and improve your privacy and security on the Internet. Individuals and organizations can also share information over the Tor network with “.onion hidden services” without compromising their privacy." >}}
+ {{< card link="#orbot" title="Orbot" image="./orbot.svg" subtitle="Orbot is a mobile application which routes traffic from any app on your device through the Tor network." >}}
+ {{< card link="#snowflake" title="Snowflake" image="./snowflake.svg" subtitle="Snowflake allows you to donate bandwidth to the Tor Project by operating a “Snowflake proxy” within your browser." >}}
+ {{< card link="#i2p-the-invisible-internet-project" title="I2P" image="./i2p.svg" subtitle="I2P is a network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous." >}}
+{{< /cards >}}
+
+
### Tor
-
-
-{ align=right }
-
The **Tor** network is a group of volunteer-operated servers that allows you to connect for free and improve your privacy and security on the Internet. Individuals and organizations can also share information over the Tor network with ".onion hidden services" without compromising their privacy. Because Tor traffic is difficult to block and trace, Tor is an effective [:material-close-outline: Censorship](../../../wiki/basics/common-threats.md#avoiding-censorship){ .pg-blue-gray } circumvention tool.
-[:octicons-home-16:](https://torproject.org){ .card-link title=Homepage }
-[:simple-torbrowser:](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion){ .card-link title="Onion Service" }
-[:octicons-info-16:](https://tb-manual.torproject.org){ .card-link title=Documentation}
-[:octicons-code-16:](https://gitlab.torproject.org/tpo/core/tor){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://donate.torproject.org){ .card-link title=Contribute }
-
-
+{{< cards >}}
+ {{< card link="https://torproject.org" title="Homepage" icon="home" >}}
+ {{< card link="https://tb-manual.torproject.org" title="Documentation" icon="document-text" >}}
+{{< /cards >}}
The recommended way to access the Tor network is via the official Tor Browser, which we have covered in more detail on a dedicated page:
-[Tor Browser Info :material-arrow-right-drop-circle:](tor.md){ .md-button .md-button--primary } [Detailed Tor Overview :material-arrow-right-drop-circle:](../../../wiki/advanced/tor-overview.md){ .md-button }
+[Tor Browser Info :material-arrow-right-drop-circle:](../../software/tor/_index.md){ .md-button .md-button--primary }
+
+[Detailed Tor Overview :material-arrow-right-drop-circle:](../../../wiki/advanced/tor-overview.md){ .md-button }
You can access the Tor network using other tools; making this determination comes down to your threat model. If you are a casual Tor user who is not worried about your ISP collecting evidence against you, using apps like [Orbot](#orbot) or mobile browser apps to access the Tor network is probably fine. Increasing the number of people who use Tor on an everyday basis helps reduce the bad stigma of Tor, and lowers the quality of "lists of Tor users" that ISPs and governments may compile.
@@ -43,29 +47,17 @@ You can try connecting to *Privacy Guides* via Tor at [xoe4vn5uwdztif6goazfbmogh
#### Orbot
-
-
-{ align=right }
-
**Orbot** is a mobile application which routes traffic from any app on your device through the Tor network.
-[:octicons-home-16: Homepage](https://orbot.app){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://orbot.app/privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://orbot.app/faqs){ .card-link title="Documentation" }
-[:octicons-code-16:](https://orbot.app/code){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://orbot.app/donate){ .card-link title="Contribute" }
+{{< cards >}}
+ {{< card link="https://orbot.app" title="Homepage" icon="home" >}}
+ {{< card link="https://orbot.app/privacy-policy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.torproject.android)
-- [:simple-appstore: App Store](https://apps.apple.com/app/id1609461599)
-- [:simple-github: GitHub](https://github.com/guardianproject/orbot/releases)
-- [:simple-fdroid: F-Droid](https://guardianproject.info/fdroid)
-
-
-
-
+[{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=org.torproject.android)
+[{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/app/id1609461599)
+[{{< badge content="GitHub" >}}](https://github.com/guardianproject/orbot/releases)
+[{{< badge content="F-Droid" >}}](https://guardianproject.info/fdroid)
We previously recommended enabling the *Isolate Destination Address* preference in Orbot settings. While this setting can theoretically improve privacy by enforcing the use of a different circuit for each IP address you connect to, it doesn't provide a practical advantage for most applications (especially web browsing), can come with a significant performance penalty, and increases the load on the Tor network. We no longer recommend adjusting this setting from its default value unless you know you need to.[^1]
@@ -81,23 +73,14 @@ We previously recommended enabling the *Isolate Destination Address* preference
#### Snowflake
-
-
-{ align=right }
-{ align=right }
-
**Snowflake** allows you to donate bandwidth to the Tor Project by operating a "Snowflake proxy" within your browser.
People who are censored can use Snowflake proxies to connect to the Tor network. Snowflake is a great way to contribute to the network even if you don't have the technical know-how to run a Tor relay or bridge.
-[:octicons-home-16: Homepage](https://snowflake.torproject.org){ .md-button .md-button--primary }
-[:octicons-info-16:](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/Technical%20Overview){ .card-link title=Documentation}
-[:octicons-code-16:](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://donate.torproject.org){ .card-link title=Contribute }
-
-
-
-
+{{< cards >}}
+ {{< card link="https://snowflake.torproject.org" title="Homepage" icon="home" >}}
+ {{< card link="https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/Technical%20Overview" title="Documentation" icon="document-text" >}}
+{{< /cards >}}
You can enable Snowflake in your browser by opening it in another tab and turning the switch on. You can leave it running in the background while you browse to contribute your connection. We don't recommend installing Snowflake as a browser extension, because adding third-party extensions can increase your attack surface.
@@ -109,30 +92,18 @@ Running a Snowflake proxy is low-risk, even more so than running a Tor relay or
### I2P (The Invisible Internet Project)
-
-
-{ align=right }
-{ align=right }
-
**I2P** is a network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
-[:octicons-home-16: Homepage](https://geti2p.net/en){ .md-button .md-button--primary }
-[:octicons-info-16:](https://geti2p.net/en/about/software){ .card-link title=Documentation }
-[:octicons-code-16:](https://github.com/i2p/i2p.i2p){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://geti2p.net/en/get-involved){ .card-link title=Contribute }
+{{< cards >}}
+ {{< card link="https://geti2p.net/en" title="Homepage" icon="home" >}}
+ {{< card link="https://geti2p.net/en/about/software" title="Documentation" icon="document-text" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=net.i2p.android)
-- [:simple-android: Android](https://geti2p.net/en/download#android)
-- [:fontawesome-brands-windows: Windows](https://geti2p.net/en/download#windows)
-- [:simple-apple: macOS](https://geti2p.net/en/download#mac)
-- [:simple-linux: Linux](https://geti2p.net/en/download#unix)
-
-
-
-
+[{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=net.i2p.android)
+[{{< badge content="Android" >}}](https://geti2p.net/en/download#android)
+[{{< badge content="Windows" color="red" >}}](https://geti2p.net/en/download#windows)
+[{{< badge content="macOS" color="indigo" >}}](https://geti2p.net/en/download#mac)
+[{{< badge content="Linux" color="yellow" >}}](https://geti2p.net/en/download#unix)
Unlike Tor, all I2P traffic is internal to the I2P network, which means regular internet websites are **not** directly accessible from I2P. Instead, you can connect to websites which are hosted anonymously and directly on the I2P network, which are called "eepsites" and have domains which end in `.i2p`.
@@ -145,7 +116,7 @@ You can try connecting to *Privacy Guides* via I2P at [privacyguides.i2p](http:/
Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottle necked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
-There are downsides to I2P's approach, however. Tor relying on dedicated exit nodes means more people in less safe environments can use it, and the relays that do exist on Tor are likely to be more performant and stable, as they generally aren't run on residential connections. Tor is also far more focused on **browser privacy** (i.e. anti-fingerprinting), with a dedicated [Tor Browser](tor.md) to make browsing activity as anonymous as possible. I2P is used via your [regular web browser](desktop-browsers.md), and while you can configure your browser to be more privacy-protecting, you probably still won't have the same browser fingerprint as other I2P users (there's no "crowd" to blend in with in that regard).
+There are downsides to I2P's approach, however. Tor relying on dedicated exit nodes means more people in less safe environments can use it, and the relays that do exist on Tor are likely to be more performant and stable, as they generally aren't run on residential connections. Tor is also far more focused on **browser privacy** (i.e. anti-fingerprinting), with a dedicated [Tor Browser](../../software/tor/_index.md) to make browsing activity as anonymous as possible. I2P is used via your [regular web browser](../../software/desktop-browsers/_index.md), and while you can configure your browser to be more privacy-protecting, you probably still won't have the same browser fingerprint as other I2P users (there's no "crowd" to blend in with in that regard).
Tor is likely to be more resistant to censorship, due to their robust network of bridges and varying [pluggable transports](https://tb-manual.torproject.org/circumvention). On the other hand, I2P uses directory servers for the initial connection which are varying/untrusted and run by volunteers, compared to the hard-coded/trusted ones Tor uses which are likely easier to block.
diff --git a/content/tools/advanced/device-integrity/_index.md b/content/tools/advanced/device-integrity/_index.md
index eba8d1e97..77c6e100c 100644
--- a/content/tools/advanced/device-integrity/_index.md
+++ b/content/tools/advanced/device-integrity/_index.md
@@ -12,6 +12,14 @@ These tools may provide utility for certain individuals. They provide functional
+
+{{< cards >}}
+ {{< card link="#mobile-verification-toolkit" title="MVT" image="./mvt.webp" subtitle="Mobile Verification Toolkit (MVT) is a collection of utilities which simplifies and automates the process of scanning mobile devices for potential traces of targeting or infection by known spyware campaigns. MVT was developed by Amnesty International and released in 2021 in the context of the Pegasus Project." >}}
+ {{< card link="#imazing-ios" title="iMazing" image="./imazing.png" subtitle="iMazing provides a free spyware analyzer tool for iOS devices which acts as a GUI-wrapper for MVT. This can be much easier to run compared to MVT itself, which is a command-line tool designed for technologists and forensic investigators." >}}
+ {{< card link="#auditor-android" title="Auditor" image="./auditor.svg" subtitle="Auditor is an app which leverages hardware security features to provide device integrity monitoring by actively validating the identity of a device and the integrity of its operating system. Currently, it only works with GrapheneOS or the stock operating system for supported devices." >}}
+{{< /cards >}}
+
+
It is **critical** to understand that scanning your device for public indicators of compromise is **not sufficient** to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on these publicly-available scanning tools can miss recent security developments and give you a false sense of security.
## General Advice
@@ -64,25 +72,15 @@ These tools can trigger false-positives. If any of these tools finds indicators
### Mobile Verification Toolkit
-
-
-{ align=right }
-{ align=right }
-
**Mobile Verification Toolkit** (**MVT**) is a collection of utilities which simplifies and automates the process of scanning mobile devices for potential traces of targeting or infection by known spyware campaigns. MVT was developed by Amnesty International and released in 2021 in the context of the [Pegasus Project](https://forbiddenstories.org/about-the-pegasus-project).
-[:octicons-home-16: Homepage](https://mvt.re){ .md-button .md-button--primary }
-[:octicons-code-16:](https://github.com/mvt-project/mvt){ .card-link title="Source Code" }
+{{< cards >}}
+ {{< card link="https://mvt.re" title="Homepage" icon="home" >}}
+ {{< card link="https://github.com/mvt-project/mvt" title="Source code" icon="code" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install)
-- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install)
-
-
-
-
@@ -106,25 +104,15 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
### iMazing (iOS)
-
-
-{ align=right }
-
**iMazing** provides a free spyware analyzer tool for iOS devices which acts as a GUI-wrapper for [MVT](#mobile-verification-toolkit). This can be much easier to run compared to MVT itself, which is a command-line tool designed for technologists and forensic investigators.
-[:octicons-home-16: Homepage](https://imazing.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://imazing.com/privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://imazing.com/spyware-analyzer){ .card-link title=Documentation}
+{{< cards >}}
+ {{< card link="https://imazing.com" title="Homepage" icon="home" >}}
+ {{< card link="https://imazing.com/privacy-policy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:fontawesome-brands-windows: Windows](https://imazing.com/download)
-- [:simple-apple: macOS](https://imazing.com/download)
-
-
-
-
+[{{< badge content="Windows" color="red" >}}](https://imazing.com/download)
+[{{< badge content="macOS" color="indigo" >}}](https://imazing.com/download)
iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
@@ -146,33 +134,20 @@ Using these apps is insufficient to determine that a device is "clean", and not
### Auditor (Android)
-
-
-{ align=right }
-{ align=right }
-
**Auditor** is an app which leverages hardware security features to provide device integrity monitoring by actively validating the identity of a device and the integrity of its operating system. Currently, it only works with GrapheneOS or the stock operating system for [supported devices](https://attestation.app/about#device-support).
-[:octicons-home-16: Homepage](https://attestation.app){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://attestation.app/privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://attestation.app/about){ .card-link title=Documentation}
-[:octicons-code-16:](https://attestation.app/source){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://attestation.app/donate){ .card-link title=Contribute }
+{{< cards >}}
+ {{< card link="https://attestation.app" title="Homepage" icon="home" >}}
+ {{< card link="https://attestation.app/privacy-policy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-
-
-
+[{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
+[{{< badge content="GitHub" >}}](https://github.com/GrapheneOS/Auditor/releases)
+[{{< badge content="GrapheneOS App Store" >}}](https://github.com/GrapheneOS/Apps/releases)
Auditor is not a scanning/analysis tool like some other tools on this page. Rather, it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
-Auditor performs attestation and intrusion detection with **two** devices, an *auditee* (the device being verified) and an *auditor* (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android/distributions.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
+Auditor performs attestation and intrusion detection with **two** devices, an *auditee* (the device being verified) and an *auditor* (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](../../os/android/distributions.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
- Using a [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) model between an *auditor* and *auditee*, the pair establish a private key in the [hardware-backed keystore](https://source.android.com/security/keystore) of the *Auditor*.
- The *auditor* can either be another instance of the Auditor app or the [Remote Attestation Service](https://attestation.app).
@@ -184,4 +159,4 @@ It is important to note that Auditor can only effectively detect changes **after
No personally identifiable information is submitted to the attestation service. We recommend that you sign up with an anonymous account and enable remote attestation for continuous monitoring.
-If your [threat model](../../../wiki/basics/threat-modeling.md requires hiding your IP address from the attestation service, you could consider using [Orbot](alternative-networks.md#orbot) or a [VPN](vpn.md).
+If your [threat model](../../../wiki/basics/threat-modeling.md) requires hiding your IP address from the attestation service, you could consider using [Orbot](../alternative-networks/_index.md#orbot) or a [VPN](../../services/vpn/_index.md).
diff --git a/content/tools/all.md b/content/tools/all.md
index 3f70b5490..17e79328a 100644
--- a/content/tools/all.md
+++ b/content/tools/all.md
@@ -60,7 +60,7 @@ We [**recommend**](dns.md#recommended-providers) a number of encrypted DNS serve
{{< cards >}}
{{< card link="../services/email/#proton-mail" title="Proton Mail" image="../services/email/protonmail.svg" subtitle="Proton Mail is a privacy-focused email provider developed by the makers of Proton VPN." >}}
{{< card link="../services/email/#mailbox-mail" title="Mailbox" image="../services/email/mailbox-mail.svg" subtitle="Mailbox is a privacy-focused email provider that offers end-to-end encryption and a suite of collaboration tools." >}}
- {{< card link="../services/email/#tutanota" title="Tuta" image="../services/email/tuta.svg" subtitle="Tutanota is a privacy-focused email provider that offers end-to-end encryption and a user-friendly interface." >}}
+ {{< card link="../services/email/#tuta" title="Tuta" image="../services/email/tuta.svg" subtitle="Tutanota is a privacy-focused email provider that offers end-to-end encryption and a user-friendly interface." >}}
{{< /cards >}}
### Financial Services
@@ -68,8 +68,8 @@ We [**recommend**](dns.md#recommended-providers) a number of encrypted DNS serve
#### Payment Masking Services
{{< cards >}}
- {{< card link="../services/financial-services/#privacycom" title="Privacy.com" image="../services/financial-services/privacy_com.svg" subtitle="Privacy.com is a US-based payment masking service that allows you to create virtual credit cards for online purchases." >}}
- {{< card link="../services/financial-services/#mysudo" title="MySudo" image="../services/financial-services/mysudo.svg" subtitle="MySudo is a US-based payment masking service that allows you to create virtual credit cards for online purchases, as well as providing private phone numbers and email addresses." >}}
+ {{< card link="../services/financial-services/#privacycom-us" title="Privacy.com" image="../services/financial-services/privacy_com.svg" subtitle="Privacy.com is a US-based payment masking service that allows you to create virtual credit cards for online purchases." >}}
+ {{< card link="../services/financial-services/#mysudo-us-paid" title="MySudo" image="../services/financial-services/mysudo.svg" subtitle="MySudo is a US-based payment masking service that allows you to create virtual credit cards for online purchases, as well as providing private phone numbers and email addresses." >}}
{{< /cards >}}
#### Online Gift Card Marketplaces
diff --git a/content/tools/hardware/mobile-phones/_index.md b/content/tools/hardware/mobile-phones/_index.md
index 9839b6178..9b315872e 100644
--- a/content/tools/hardware/mobile-phones/_index.md
+++ b/content/tools/hardware/mobile-phones/_index.md
@@ -11,7 +11,17 @@ Most **mobile phones** receive short or limited windows of security updates from
The mobile devices listed here provide a long lifespan of guaranteed security updates and allow you to install a custom operating system without violating the Android security model.
-[Recommended Android Distributions :material-arrow-right-drop-circle:](android/distributions.md){ .md-button .md-button--primary } [Details about Android Security :material-arrow-right-drop-circle:](os/android-overview.md#security-protections){ .md-button }
+
+{{< cards >}}
+ {{< card link="#google-pixel" title="Google Pixel" image="./google-pixel.png" subtitle="Google Pixel phones are the only devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google’s custom Titan security chips acting as the Secure Element." >}}
+{{< /cards >}}
+
@@ -38,17 +48,14 @@ A few more tips regarding Android devices and operating system compatibility:
Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
-
-
-{ align=right }
-
**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
-[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
-
-
+{{< cards >}}
+ {{< card link="https://store.google.com/category/phones" title="Store" icon="shopping-bag" >}}
+ {{< card link="https://support.google.com/pixelphone" title="Documentation" icon="document-text" >}}
+{{< /cards >}}
### Hardware Security
@@ -56,7 +63,7 @@ Secure Elements like the Titan M2 are more limited than the processor's Trusted
Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
-The Pixel 8 series and later supports ARM's Memory Tagging Extension ([MTE](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension)), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. The stock Pixel OS allows you to enable MTE for supported apps through Google's Advanced Protection Program or via a developer option, but its usability is quite limited. [GrapheneOS](android/distributions.md#grapheneos), an alternative Android OS we recommend, greatly improves the usability and coverage of MTE in its implementation of the feature.
+The Pixel 8 series and later supports ARM's Memory Tagging Extension ([MTE](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension)), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. The stock Pixel OS allows you to enable MTE for supported apps through Google's Advanced Protection Program or via a developer option, but its usability is quite limited. [GrapheneOS](../../os/android/distributions.md#grapheneos), an alternative Android OS we recommend, greatly improves the usability and coverage of MTE in its implementation of the feature.
### Buying a Google Pixel
@@ -83,7 +90,7 @@ The installation of GrapheneOS on a Pixel phone is easy with their [web installe
## Criteria
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../../../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
- Must support at least one of our recommended custom operating systems.
- Must be currently sold new in stores.
diff --git a/content/tools/hardware/security-keys/_index.md b/content/tools/hardware/security-keys/_index.md
index 86af38936..628908ee7 100644
--- a/content/tools/hardware/security-keys/_index.md
+++ b/content/tools/hardware/security-keys/_index.md
@@ -7,25 +7,24 @@ description: These security keys provide a form of phishing-immune authenticatio
[{{< badge content="Targeted Attacks" color="red" >}}](../../../wiki/basics/common-threats.md#attacks-against-specific-individuals)
[{{< badge content="Passive Attacks" color="amber" >}}](../../../wiki/basics/common-threats.md#security-and-privacy)
-A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the [FIDO2](../../../wiki/basics/multi-factor-authentication.md#fido-fast-identity-online) security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multifactor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
+A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](../../software/multi-factor-authentication/_index.md), the [FIDO2](../../../wiki/basics/multi-factor-authentication.md#fido-fast-identity-online) security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multifactor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
+
+
+{{< cards >}}
+ {{< card link="#yubico-security-key" title="Yubico Security Key" image="./yubico-security-key.webp" subtitle="The Yubico Security Key series is the most cost-effective hardware security key with FIDO Level 2 certification. It supports FIDO2/WebAuthn and FIDO Universal 2nd Factor (U2F), and works out of the box with most services that support a security key as a second factor, as well as many password managers." >}}
+ {{< card link="#yubikey" title="YubiKey" image="./yubikey.png" subtitle="The YubiKey series from Yubico are among the most popular security keys with FIDO Level 2 Certification. The YubiKey 5 Series has a wide range of features such as FIDO2/WebAuthn and FIDO U2F, TOTP and HOTP authentication, Personal Identity Verification (PIV), and OpenPGP." >}}
+ {{< card link="#nitrokey" title="Nitrokey" image="./nitrokey-square.svg" subtitle="Nitrokey has a cost-effective security key capable of FIDO2/WebAuthn and FIDO U2F called the Nitrokey Passkey. For support for features such as PIV, OpenPGP, and TOTP and HOTP authentication, you need to purchase one of their other keys like the Nitrokey 3. Currently, only the Nitrokey 3A Mini has FIDO Level 1 Certification." >}}
+{{< /cards >}}
+
## Yubico Security Key
-
-
-
- { width="315" }
-
-
The **Yubico Security Key** series is the most cost-effective hardware security key with FIDO Level 2 certification[^1]. It supports FIDO2/WebAuthn and FIDO Universal 2nd Factor (U2F), and works out of the box with most services that support a security key as a second factor, as well as many password managers.
-[:octicons-home-16: Homepage](https://yubico.com/products/security-key){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://yubico.com/support/terms-conditions/privacy-notice){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://docs.yubico.com){ .card-link title="Documentation" }
-
-
-
-
+{{< cards >}}
+ {{< card link="https://yubico.com/products/security-key" title="Homepage" icon="home" >}}
+ {{< card link="https://yubico.com/support/terms-conditions/privacy-notice" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
These keys are available in both USB-C and USB-A variants, and both options support NFC for use with a mobile device as well.
@@ -46,21 +45,12 @@ The firmware of Yubico's Security Keys is not updatable. If you want features in
## YubiKey
-
-
-
- { width="400" }
-
-
The **YubiKey** series from Yubico are among the most popular security keys with FIDO Level 2 Certification[^1]. The **YubiKey 5 Series** has a wide range of features such as FIDO2/WebAuthn and FIDO U2F, [TOTP and HOTP](https://developers.yubico.com/OATH) authentication, [Personal Identity Verification (PIV)](https://developers.yubico.com/PIV), and [OpenPGP](https://developers.yubico.com/PGP).
-[:octicons-home-16: Homepage](https://yubico.com/products/yubikey-5-overview){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://yubico.com/support/terms-conditions/privacy-notice){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://docs.yubico.com){ .card-link title="Documentation" }
-
-
-
-
+{{< cards >}}
+ {{< card link="https://yubico.com/products/yubikey-5-overview" title="Homepage" icon="home" >}}
+ {{< card link="https://yubico.com/support/terms-conditions/privacy-notice" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
The [comparison table](https://yubico.com/store/compare) shows how the YubiKeys compare to each other and to Yubico's [Security Key](#yubico-security-key) series in terms of features and other specifications. One of the benefits of the YubiKey series is that one key can do almost everything you could expect from a hardware security key. We encourage you to take their [quiz](https://yubico.com/quiz) before purchasing in order to make sure you choose the right security key.
@@ -77,21 +67,12 @@ The firmware of YubiKey is not updatable. If you want features in newer firmware
## Nitrokey
-
-
-
- { width="300" }
-
-
**Nitrokey** has a cost-effective security key capable of FIDO2/WebAuthn and FIDO U2F called the **Nitrokey Passkey**. For support for features such as PIV, OpenPGP, and TOTP and HOTP authentication, you need to purchase one of their other keys like the **Nitrokey 3**. Currently, only the **Nitrokey 3A Mini** has [FIDO Level 1 Certification](https://nitrokey.com/news/2024/nitrokey-3a-mini-receives-official-fido2-certification).
-[:octicons-home-16: Homepage](https://nitrokey.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://nitrokey.com/data-privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://docs.nitrokey.com){ .card-link title="Documentation" }
-
-
-
-
+{{< cards >}}
+ {{< card link="https://nitrokey.com" title="Homepage" icon="home" >}}
+ {{< card link="https://nitrokey.com/data-privacy-policy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
The [comparison table](https://nitrokey.com/products/nitrokeys#:~:text=The%20Nitrokey%20Family) shows how the different Nitrokey models compare to each other in terms of features and other specifications. Refer to Nitrokey's [documentation](https://docs.nitrokey.com/nitrokeys/features) for more details about the features available on your Nitrokey.
@@ -106,7 +87,7 @@ Excluding the Nitrokey 3, Nitrokeys which support HOTP and TOTP do not have encr
## Criteria
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../../../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
### Minimum Requirements
diff --git a/content/tools/os/android/_index.md b/content/tools/os/android/_index.md
index be766e3b7..28c58f50b 100644
--- a/content/tools/os/android/_index.md
+++ b/content/tools/os/android/_index.md
@@ -2,11 +2,19 @@
title: "Android"
description: Our advice for replacing privacy-invasive default Android features with private and secure alternatives.
---
-{ align=right }
+
+
+
+{ .pg-width-120}
The **Android Open Source Project** (AOSP) is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
-[General Android Overview :material-arrow-right-drop-circle:](../os/android-overview.md){ .md-button .md-button--primary }
+[General Android Overview](../os/android-overview.md)
+{ .md-button .md-button--primary }
## Our Advice
@@ -14,11 +22,13 @@ The **Android Open Source Project** (AOSP) is an open-source mobile operating sy
There are many methods of obtaining apps on Android while avoiding Google Play. Whenever possible, try using one of these methods before getting your apps from non-private sources:
-[Obtaining Applications :material-arrow-right-drop-circle:](obtaining-apps.md){ .md-button }
+[Obtaining Applications](obtaining-apps.md)
+{ .md-button }
There are also many private alternatives to the apps that come pre-installed on your phone, such as the camera app. Besides the Android apps we recommend throughout this site in general, we've created a list of system utilities specific to Android which you might find useful.
-[General App Recommendations :material-arrow-right-drop-circle:](general-apps.md){ .md-button }
+[General App Recommendations](general-apps.md)
+{ .md-button }
### Install a Custom Distribution
@@ -28,7 +38,8 @@ This problem could be solved by using an alternative Android distribution, commo
Ideally, when choosing a custom Android distribution, you should make sure that it upholds the Android security model. At the very least, the distribution should have production builds, support for AVB, rollback protection, timely firmware and operating system updates, and SELinux in [enforcing mode](https://source.android.com/security/selinux/concepts#enforcement_levels). All of our recommended Android distributions satisfy these criteria:
-[Recommended Distributions :material-arrow-right-drop-circle:](distributions.md){ .md-button }
+[Recommended Distributions](distributions.md)
+{ .md-button }
### Avoid Root
diff --git a/content/tools/os/android/distributions.md b/content/tools/os/android/distributions/_index.md
similarity index 62%
rename from content/tools/os/android/distributions.md
rename to content/tools/os/android/distributions/_index.md
index c0ba0fd81..960343f5f 100644
--- a/content/tools/os/android/distributions.md
+++ b/content/tools/os/android/distributions/_index.md
@@ -11,32 +11,30 @@ A **custom Android-based operating system** (sometimes referred to as a **custom
We recommend installing GrapheneOS if you have a Google Pixel as it provides improved security hardening and additional privacy features. The reasons we don't list other operating systems or devices are as follows:
-- They often have [weaker security](index.md#install-a-custom-distribution).
+- They often have [weaker security](../_index.md#install-a-custom-distribution).
- Support is frequently dropped when the maintainer loses interest or upgrades their device, which is in contrast to the predictable [support cycle](https://grapheneos.org/faq#device-lifetime) that GrapheneOS follows.
- They generally have few or no notable privacy or security improvements that make installing them worthwhile.
+
+{{< cards >}}
+ {{< card link="#grapheneos" title="GrapheneOS" image="./grapheneos.svg" subtitle="GrapheneOS hardens the Android stack on supported Pixels with verified boot, firmware updates, and sandboxed Play." >}}
+{{< /cards >}}
+
+
## GrapheneOS
-
-
-{ align=right }
-{ align=right }
-
**GrapheneOS** is the best choice when it comes to privacy and security.
GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_(computing)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
-[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title="Documentation" }
-[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title="Contribute" }
+{{< cards >}}
+ {{< card link="https://grapheneos.org" title="Homepage" icon="home" >}}
+ {{< card link="https://grapheneos.org/faq#privacy-policy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
+GrapheneOS supports [sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs Google Play Services fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as push notifications, while giving you full control over their permissions and access, and while containing them to a specific [work profile](../android-overview.md#work-profile) or [user profile](../android-overview.md#user-profiles) of your choice.
-GrapheneOS supports [sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs Google Play Services fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as push notifications, while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice.
-
-[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). The Pixel 8 and later support ARM's Memory Tagging Extension (MTE), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. GrapheneOS greatly expands the coverage of MTE on supported devices. Whereas the stock OS only allows you to opt in to a limited implementation of MTE via a developer option or Google's Advanced Protection Program, GrapheneOS features a more robust implementation of MTE by default in the system kernel, default system components, and their Vanadium web browser and its WebView.
+[Google Pixel phones](../../hardware/mobile-phones/_index.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). The Pixel 8 and later support ARM's Memory Tagging Extension (MTE), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. GrapheneOS greatly expands the coverage of MTE on supported devices. Whereas the stock OS only allows you to opt in to a limited implementation of MTE via a developer option or Google's Advanced Protection Program, GrapheneOS features a more robust implementation of MTE by default in the system kernel, default system components, and their Vanadium web browser and its WebView.
GrapheneOS also provides a global toggle for enabling MTE on all user-installed apps at :gear: **Settings** → **Security & privacy** → **Exploit protection** → **Memory tagging** → **Enable by default**. The OS also features per-app toggles to opt out of MTE for apps which may crash due to compatibility issues.
@@ -44,11 +42,11 @@ GrapheneOS also provides a global toggle for enabling MTE on all user-installed
By default, Android makes many network connections to Google to perform DNS connectivity checks, to sync with current network time, to check your network connectivity, and for many other background tasks. GrapheneOS replaces these with connections to servers operated by GrapheneOS and subject to their privacy policy. This hides information like your IP address [from Google](../../../wiki/basics/common-threats.md#privacy-from-service-providers), but means it is trivial for an admin on your network or ISP to see you are making connections to `grapheneos.network`, `grapheneos.org`, etc. and deduce what operating system you are using.
-If you want to hide information like this from an adversary on your network or ISP, you **must** use a [trusted VPN](../vpn.md) in addition to changing the connectivity check setting to **Standard (Google)**. It can be found in :gear: **Settings** → **Network & internet** → **Internet connectivity checks**. This option allows you to connect to Google's servers for connectivity checks, which, alongside the usage of a VPN, helps you blend in with a larger pool of Android devices.
+If you want to hide information like this from an adversary on your network or ISP, you **must** use a [trusted VPN](../../services/vpn/_index.md) in addition to changing the connectivity check setting to **Standard (Google)**. It can be found in :gear: **Settings** → **Network & internet** → **Internet connectivity checks**. This option allows you to connect to Google's servers for connectivity checks, which, alongside the usage of a VPN, helps you blend in with a larger pool of Android devices.
## Criteria
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../../../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
- Must be open-source software.
- Must support bootloader locking with custom AVB key support.
diff --git a/content/tools/os/android/grapheneos-dark.svg b/content/tools/os/android/distributions/grapheneos-dark.svg
similarity index 100%
rename from content/tools/os/android/grapheneos-dark.svg
rename to content/tools/os/android/distributions/grapheneos-dark.svg
diff --git a/content/tools/os/android/grapheneos.svg b/content/tools/os/android/distributions/grapheneos.svg
similarity index 100%
rename from content/tools/os/android/grapheneos.svg
rename to content/tools/os/android/distributions/grapheneos.svg
diff --git a/content/tools/os/android/general-apps.md b/content/tools/os/android/general-apps/_index.md
similarity index 55%
rename from content/tools/os/android/general-apps.md
rename to content/tools/os/android/general-apps/_index.md
index f85c1fa95..280930ad0 100644
--- a/content/tools/os/android/general-apps.md
+++ b/content/tools/os/android/general-apps/_index.md
@@ -8,23 +8,26 @@ description: The apps listed here are Android-exclusive and specifically enhance
We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
-### Shelter
+
+{{< cards >}}
+ {{< card link="#shelter" title="Shelter" image="./shelter.svg" subtitle="Shelter uses a managed work profile to isolate or duplicate apps with optional cross-profile controls." >}}
+ {{< card link="#secure-camera" title="Secure Camera" image="./secure_camera.svg" subtitle="Secure Camera captures media with minimal metadata and modern Android storage APIs." >}}
+ {{< card link="#secure-pdf-viewer" title="Secure PDF Viewer" image="./secure_pdf_viewer.svg" subtitle="Secure PDF Viewer renders PDFs in a sandboxed WebView without broad file permissions." >}}
+{{< /cards >}}
+
-If your device is on Android 15 or greater, we recommend using the native [Private Space](../os/android-overview.md#private-space) feature instead, which provides nearly the same functionality without needing to place trust in and grant powerful permissions to a third-party app.
+## Shelter
-
-
-{ align=right }
+If your device is on Android 15 or greater, we recommend using the native [Private Space](../android-overview.md#private-space) feature instead, which provides nearly the same functionality without needing to place trust in and grant powerful permissions to a third-party app.
**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
-[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
-[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
-
-
@@ -35,34 +38,22 @@ When using Shelter, you are placing complete trust in its developer, as Shelter
Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
-### Secure Camera
+## Secure Camera
Protects against the following threat(s):
[{{< badge content="Public Exposure" color="green" >}}](../../../wiki/basics/common-threats.md#limiting-public-information)
-
-
-{ align=right }
-{ align=right }
-
**Secure Camera** is a camera app focused on privacy and security which can capture images, videos, and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera#readme){ .md-button .md-button--primary }
-[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+{{< cards >}}
+ {{< card link="https://github.com/GrapheneOS/Camera#readme" title="Repository" icon="code" >}}
+ {{< card link="https://grapheneos.org/usage#camera" title="Documentation" icon="document-text" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-
-
-
+[{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
+[{{< badge content="GitHub" >}}](https://github.com/GrapheneOS/Camera/releases)
+[{{< badge content="GrapheneOS App Store" >}}](https://github.com/GrapheneOS/Apps/releases)
Main privacy features include:
@@ -75,43 +66,32 @@ Main privacy features include:
Metadata is not currently deleted from video files, but that is planned.
-The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
+The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../../software/data-redaction/_index.md#exiferaser-android).
-### Secure PDF Viewer
+## Secure PDF Viewer
Protects against the following threat(s):
[{{< badge content="Targeted Attacks" color="red" >}}](../../../wiki/basics/common-threats.md#attacks-against-specific-individuals)
-
-
-{ align=right }
-{ align=right }
-
**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_(software_development)) [WebView](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer#readme){ .md-button .md-button--primary }
-[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+{{< cards >}}
+ {{< card link="https://github.com/GrapheneOS/PdfViewer#readme" title="Repository" icon="code" >}}
+ {{< card link="https://grapheneos.org/donate" title="Contribute" icon="heart" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-
-
-
+[{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
+[{{< badge content="GitHub" >}}](https://github.com/GrapheneOS/PdfViewer/releases)
+[{{< badge content="GrapheneOS App Store" >}}](https://github.com/GrapheneOS/Apps/releases)
## Criteria
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../../../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
- Applications on this page must not be applicable to any other software category on the site.
- General applications should extend or replace core system functionality.
diff --git a/content/tools/os/android/secure_camera-dark.svg b/content/tools/os/android/general-apps/secure_camera-dark.svg
similarity index 100%
rename from content/tools/os/android/secure_camera-dark.svg
rename to content/tools/os/android/general-apps/secure_camera-dark.svg
diff --git a/content/tools/os/android/secure_camera.svg b/content/tools/os/android/general-apps/secure_camera.svg
similarity index 100%
rename from content/tools/os/android/secure_camera.svg
rename to content/tools/os/android/general-apps/secure_camera.svg
diff --git a/content/tools/os/android/secure_pdf_viewer-dark.svg b/content/tools/os/android/general-apps/secure_pdf_viewer-dark.svg
similarity index 100%
rename from content/tools/os/android/secure_pdf_viewer-dark.svg
rename to content/tools/os/android/general-apps/secure_pdf_viewer-dark.svg
diff --git a/content/tools/os/android/secure_pdf_viewer.svg b/content/tools/os/android/general-apps/secure_pdf_viewer.svg
similarity index 100%
rename from content/tools/os/android/secure_pdf_viewer.svg
rename to content/tools/os/android/general-apps/secure_pdf_viewer.svg
diff --git a/content/tools/os/android/shelter.svg b/content/tools/os/android/general-apps/shelter.svg
similarity index 100%
rename from content/tools/os/android/shelter.svg
rename to content/tools/os/android/general-apps/shelter.svg
diff --git a/content/tools/os/android/obtaining-apps.md b/content/tools/os/android/obtaining-apps/_index.md
similarity index 64%
rename from content/tools/os/android/obtaining-apps.md
rename to content/tools/os/android/obtaining-apps/_index.md
index 7122ccea2..b9a1a885b 100644
--- a/content/tools/os/android/obtaining-apps.md
+++ b/content/tools/os/android/obtaining-apps/_index.md
@@ -4,64 +4,52 @@ description: We recommend these methods for obtaining applications on Android wi
---
There are many ways to obtain Android apps privately, even from the Play Store, without interacting with Google Play Services. We recommend the following methods of obtaining applications on Android, listed in order of preference.
+
+{{< cards >}}
+ {{< card link="#obtainium" title="Obtainium" image="./obtainium.svg" subtitle="Obtainium is an app manager which allows you to install and update apps directly from the developer’s own releases page (i.e. GitHub, GitLab, the developer’s website, etc.), rather than a centralized app store/repository." >}}
+ {{< card link="#grapheneos-app-store" title="GrapheneOS App Store" subtitle="GrapheneOS’s app store is available on GitHub. It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the Auditor, Camera, and PDF Viewer." >}}
+ {{< card link="#aurora-store" title="Aurora Store" image="./aurora-store.webp" subtitle="Aurora Store is a Google Play Store client which does not require a Google account, Google Play Services, or microG to download apps." >}}
+ {{< card link="#f-droid" title="F-Droid" image="./f-droid.svg" subtitle="We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above. F-Droid is often recommended as an alternative to Google Play, particularly within the privacy community. The option to add third-party repositories and not be confined to Google’s walled garden has led to its popularity." >}}
+{{< /cards >}}
+
+
## Obtainium
-
-
-{ align=right }
-
**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
-[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
-[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
+{{< cards >}}
+ {{< card link="https://github.com/ImranR98/Obtainium#readme" title="Repository" icon="code" >}}
+ {{< card link="https://github.com/ImranR98/Obtainium/wiki" title="Documentation" icon="document-text" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
-
-
-
-
+[{{< badge content="GitHub" >}}](https://github.com/ImranR98/Obtainium/releases)
Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious *update* is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
## GrapheneOS App Store
-GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](../device-integrity.md#auditor-android), [Camera](general-apps.md#secure-camera), and [PDF Viewer](general-apps.md#secure-pdf-viewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
+GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](../../advanced/device-integrity/_index.md#auditor-android), [Camera](general-apps.md#secure-camera), and [PDF Viewer](general-apps.md#secure-pdf-viewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
## Aurora Store
The Google Play Store requires a Google account to log in, which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
-
-
-{ align=right }
-
**Aurora Store** is a Google Play Store client which does not require a Google account, Google Play Services, or microG to download apps.
-[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
-[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
+{{< cards >}}
+ {{< card link="https://auroraoss.com" title="Homepage" icon="home" >}}
+ {{< card link="https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
-
-
-
-
+[{{< badge content="GitLab" >}}](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
## Manually with RSS Notifications
-For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](../news-aggregators.md) that will help you keep track of new releases.
+For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](../../software/news-aggregators/_index.md) that will help you keep track of new releases.
-   
+   
### GitHub
@@ -108,9 +96,9 @@ If you download APK files to install manually, you can verify their signature wi
## F-Droid
-{ align=right width=120px }
+We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.
-==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly within the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
+F-Droid is often recommended as an alternative to Google Play, particularly within the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
Due to their process of building apps, apps in the *official* F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
@@ -121,6 +109,6 @@ The [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izz
F-Droid Basic
-In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](../health-and-wellness.md#gadgetbridge) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
+In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](../../software/health-and-wellness/_index.md#gadgetbridge) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
diff --git a/content/tools/os/android/aurora-store.webp b/content/tools/os/android/obtaining-apps/aurora-store.webp
similarity index 100%
rename from content/tools/os/android/aurora-store.webp
rename to content/tools/os/android/obtaining-apps/aurora-store.webp
diff --git a/content/tools/os/android/f-droid.svg b/content/tools/os/android/obtaining-apps/f-droid.svg
similarity index 100%
rename from content/tools/os/android/f-droid.svg
rename to content/tools/os/android/obtaining-apps/f-droid.svg
diff --git a/content/tools/os/android/obtainium.svg b/content/tools/os/android/obtaining-apps/obtainium.svg
similarity index 100%
rename from content/tools/os/android/obtainium.svg
rename to content/tools/os/android/obtaining-apps/obtainium.svg
diff --git a/content/assets/img/android/rss-apk-dark.png b/content/tools/os/android/obtaining-apps/rss-apk-dark.png
similarity index 100%
rename from content/assets/img/android/rss-apk-dark.png
rename to content/tools/os/android/obtaining-apps/rss-apk-dark.png
diff --git a/content/assets/img/android/rss-apk-light.png b/content/tools/os/android/obtaining-apps/rss-apk-light.png
similarity index 100%
rename from content/assets/img/android/rss-apk-light.png
rename to content/tools/os/android/obtaining-apps/rss-apk-light.png
diff --git a/content/assets/img/android/rss-changes-dark.png b/content/tools/os/android/obtaining-apps/rss-changes-dark.png
similarity index 100%
rename from content/assets/img/android/rss-changes-dark.png
rename to content/tools/os/android/obtaining-apps/rss-changes-dark.png
diff --git a/content/assets/img/android/rss-changes-light.png b/content/tools/os/android/obtaining-apps/rss-changes-light.png
similarity index 100%
rename from content/assets/img/android/rss-changes-light.png
rename to content/tools/os/android/obtaining-apps/rss-changes-light.png
diff --git a/content/tools/os/desktop/_index.md b/content/tools/os/desktop/_index.md
index becbf685e..1f2d5ce71 100644
--- a/content/tools/os/desktop/_index.md
+++ b/content/tools/os/desktop/_index.md
@@ -8,25 +8,33 @@ description: Linux distributions are commonly recommended for privacy protection
Linux distributions are commonly recommended for privacy protection and software freedom. If you don't already use Linux, below are some distributions we suggest trying out, as well as some general privacy and security improvement tips that are applicable to many Linux distributions.
-- [General Linux Overview :material-arrow-right-drop-circle:](os/linux-overview.md)
+- [General Linux Overview](../linux-overview.md)
+
+
+{{< cards >}}
+ {{< card link="#fedora-linux" title="Fedora Linux" image="./fedora.svg" subtitle="Fedora Linux is our recommended desktop distribution for people new to Linux. Fedora generally adopts newer technologies (e.g., Wayland and PipeWire) before other distributions. These new technologies often come with improvements in security, privacy, and usability in general." >}}
+ {{< card link="#opensuse-tumbleweed" title="openSUSE Tumbleweed" image="./opensuse-tumbleweed.svg" subtitle="openSUSE Tumbleweed is a stable rolling release distribution. openSUSE Tumbleweed uses Btrfs and Snapper to ensure that snapshots can be rolled back should there be a problem." >}}
+ {{< card link="#arch-linux" title="Arch Linux" image="./archlinux.svg" subtitle="Arch Linux is a lightweight, do-it-yourself (DIY) distribution, meaning that you only get what you install. For more information see their FAQ." >}}
+ {{< card link="#fedora-atomic-desktops" title="Fedora Atomic Desktops" image="./fedora.svg" subtitle="Fedora Atomic Desktops are variants of Fedora which use the rpm-ostree package manager and have a strong focus on containerized workflows and Flatpak for desktop applications. All of these variants follow the same release schedule as Fedora Workstation, benefiting from the same fast updates and staying very close to upstream." >}}
+ {{< card link="#nixos" title="NixOS" image="./nixos.svg" subtitle="NixOS is an independent distribution based on the Nix package manager with a focus on reproducibility and reliability." >}}
+ {{< card link="#whonix" title="Whonix" image="./whonix.svg" subtitle="Whonix is based on Kicksecure, a security-focused fork of Debian. It aims to provide privacy, security, and anonymity on the internet. Whonix is best used in conjunction with Qubes OS." >}}
+ {{< card link="#tails" title="Tails" image="./tails.svg" subtitle="Tails is a live operating system based on Debian that routes all communications through Tor, which can boot on on almost any computer from a DVD, USB stick, or SD card installation. It uses Tor to preserve privacy and anonymity while circumventing censorship, and it leaves no trace of itself on the computer it is used on after it is powered off." >}}
+ {{< card link="#qubes-os" title="Qubes OS" image="./qubes_os.svg" subtitle="Qubes OS is an open-source operating system designed to provide strong security for desktop computing through secure virtual machines (or “qubes”). Qubes is based on Xen, the X Window System, and Linux. It can run most Linux applications and use most of the Linux drivers." >}}
+ {{< card link="#secureblue" title="Secureblue" image="./secureblue.svg" subtitle="Secureblue is a security-focused operating system based on Fedora Atomic Desktops. It includes a number of security features intended to proactively defend against the exploitation of both known and unknown vulnerabilities, and ships with Trivalent, their hardened, Chromium-based web browser." >}}
+ {{< card link="#kicksecure" title="Kicksecure" image="./kicksecure.svg" subtitle="Kicksecure—in oversimplified terms—is a set of scripts, configurations, and packages that substantially reduce the attack surface of Debian. It covers a lot of privacy and hardening recommendations by default. It also serves as the base OS for Whonix." >}}
+{{< /cards >}}
+
## Traditional Distributions
### Fedora Linux
-
-
-{ align=right }
-
**Fedora Linux** is our recommended desktop distribution for people new to Linux. Fedora generally adopts newer technologies (e.g., [Wayland](https://wayland.freedesktop.org) and [PipeWire](https://pipewire.org)) before other distributions. These new technologies often come with improvements in security, privacy, and usability in general.
-[:octicons-home-16: Homepage](https://fedoraproject.org){ .md-button .md-button--primary }
-[:octicons-info-16:](https://docs.fedoraproject.org/en-US/docs){ .card-link title="Documentation" }
-[:octicons-heart-16:](https://whatcanidoforfedora.org){ .card-link title="Contribute" }
-
-
-
-
+{{< cards >}}
+ {{< card link="https://fedoraproject.org" title="Homepage" icon="home" >}}
+ {{< card link="https://docs.fedoraproject.org/en-US/docs" title="Documentation" icon="document-text" >}}
+{{< /cards >}}
Fedora comes in two primary desktop editions, [Fedora Workstation](https://fedoraproject.org/workstation), which uses the GNOME desktop environment, and [Fedora KDE Plasma Desktop](https://fedoraproject.org/kde), which uses KDE. Historically, Fedora Workstation has been more popular and widely recommended, but KDE has been gaining in popularity and provides an experience more similar to Windows, which may make transitioning to Linux easier for some. The security and privacy benefits of both editions are very similar, so it mostly comes down to personal preference.
@@ -34,65 +42,44 @@ Fedora has a semi-rolling release cycle. While some packages like the desktop en
### openSUSE Tumbleweed
-
-
-{ align=right }
-
**openSUSE Tumbleweed** is a stable rolling release distribution.
openSUSE Tumbleweed uses [Btrfs](https://en.wikipedia.org/wiki/Btrfs) and [Snapper](https://en.opensuse.org/openSUSE:Snapper_Tutorial) to ensure that snapshots can be rolled back should there be a problem.
-[:octicons-home-16: Homepage](https://get.opensuse.org/tumbleweed){ .md-button .md-button--primary }
-[:octicons-info-16:](https://doc.opensuse.org){ .card-link title="Documentation" }
-[:octicons-heart-16:](https://shop.opensuse.org){ .card-link title="Contribute" }
-
-
-
-
+{{< cards >}}
+ {{< card link="https://get.opensuse.org/tumbleweed" title="Homepage" icon="home" >}}
+ {{< card link="https://doc.opensuse.org" title="Documentation" icon="document-text" >}}
+{{< /cards >}}
Tumbleweed follows a rolling release model where each update is released as a snapshot of the distribution. When you upgrade your system, a new snapshot is downloaded. Each snapshot is run through a series of automated tests by [openQA](https://openqa.opensuse.org) to ensure its quality.
### Arch Linux
-
-
-{ align=right }
-
**Arch Linux** is a lightweight, do-it-yourself (DIY) distribution, meaning that you only get what you install. For more information see their [FAQ](https://wiki.archlinux.org/title/Frequently_asked_questions).
-[:octicons-home-16: Homepage](https://archlinux.org){ .md-button .md-button--primary }
-[:octicons-info-16:](https://wiki.archlinux.org){ .card-link title="Documentation" }
-[:octicons-heart-16:](https://archlinux.org/donate){ .card-link title="Contribute" }
-
-
-
-
+{{< cards >}}
+ {{< card link="https://archlinux.org" title="Homepage" icon="home" >}}
+ {{< card link="https://wiki.archlinux.org" title="Documentation" icon="document-text" >}}
+{{< /cards >}}
Arch Linux has a rolling release cycle. There is no fixed release schedule and packages are updated very frequently.
-Being a DIY distribution, you are [expected to set up and maintain](os/linux-overview.md#arch-based-distributions) your system on your own. Arch has an [official installer](https://wiki.archlinux.org/title/Archinstall) to make the installation process a little easier.
+Being a DIY distribution, you are [expected to set up and maintain](../linux-overview.md#arch-based-distributions) your system on your own. Arch has an [official installer](https://wiki.archlinux.org/title/Archinstall) to make the installation process a little easier.
A large portion of [Arch Linux’s packages](https://reproducible.archlinux.org) are [reproducible](https://reproducible-builds.org)[^1].
## Atomic Distributions
-**Atomic distributions** (sometimes also referred to as **immutable distributions**) are operating systems which handle package installation and updates by layering changes atop your core system image, rather than by directly modifying the system. Advantages of atomic distros include increased stability and the ability to easily roll back updates. See [*Traditional vs. Atomic Updates*](os/linux-overview.md#traditional-vs-atomic-updates) for more info.
+**Atomic distributions** (sometimes also referred to as **immutable distributions**) are operating systems which handle package installation and updates by layering changes atop your core system image, rather than by directly modifying the system. Advantages of atomic distros include increased stability and the ability to easily roll back updates. See [*Traditional vs. Atomic Updates*](../linux-overview.md#traditional-vs-atomic-updates) for more info.
### Fedora Atomic Desktops
-
-
-{ align=right }
-
**Fedora Atomic Desktops** are variants of Fedora which use the `rpm-ostree` package manager and have a strong focus on containerized workflows and Flatpak for desktop applications. All of these variants follow the same release schedule as Fedora Workstation, benefiting from the same fast updates and staying very close to upstream.
-[:octicons-home-16: Homepage](https://fedoraproject.org/atomic-desktops){ .md-button .md-button--primary }
-[:octicons-info-16:](https://docs.fedoraproject.org/en-US/emerging){ .card-link title="Documentation" }
-[:octicons-heart-16:](https://whatcanidoforfedora.org){ .card-link title="Contribute" }
-
-
-
-
+{{< cards >}}
+ {{< card link="https://fedoraproject.org/atomic-desktops" title="Homepage" icon="home" >}}
+ {{< card link="https://docs.fedoraproject.org/en-US/emerging" title="Documentation" icon="document-text" >}}
+{{< /cards >}}
[Fedora Atomic Desktops](https://fedoramagazine.org/introducing-fedora-atomic-desktops) come in a variety of flavors depending on the desktop environment you prefer. As with the recommendation to avoid X11 in our [criteria](#criteria) for Linux distributions, we recommend avoiding flavors that support only the legacy X11 window system.
@@ -106,19 +93,12 @@ As an alternative to Flatpaks, there is the option of [Toolbx](https://docs.fedo
### NixOS
-
+**NixOS** is an independent distribution based on the Nix package manager with a focus on reproducibility and reliability.
-{ align=right }
-
-NixOS is an independent distribution based on the Nix package manager with a focus on reproducibility and reliability.
-
-[:octicons-home-16: Homepage](https://nixos.org){ .md-button .md-button--primary }
-[:octicons-info-16:](https://nixos.org/learn.html){ .card-link title="Documentation" }
-[:octicons-heart-16:](https://nixos.org/donate.html){ .card-link title="Contribute" }
-
-
-
-
+{{< cards >}}
+ {{< card link="https://nixos.org" title="Homepage" icon="home" >}}
+ {{< card link="https://nixos.org/learn.html" title="Documentation" icon="document-text" >}}
+{{< /cards >}}
NixOS’s package manager keeps every version of every package in a different folder in the **Nix store**. Due to this you can have different versions of the same package installed on your system. After the package contents have been written to the folder, the folder is made read-only.
@@ -134,42 +114,27 @@ Nix is a source-based package manager; if there’s no pre-built available in th
### Whonix
-
+**Whonix** is based on [Kicksecure](#kicksecure), a security-focused fork of Debian. It aims to provide privacy, security, and [anonymity](../../../wiki/basics/common-threats.md#anonymity-vs-privacy) on the internet. Whonix is best used in conjunction with [Qubes OS](#qubes-os).
-{ align=right }
-
-**Whonix** is based on [Kicksecure](#kicksecure), a security-focused fork of Debian. It aims to provide privacy, security, and [:material-incognito: Anonymity](../../../wiki/basics/common-threats.md#anonymity-vs-privacy){ .pg-purple } on the internet. Whonix is best used in conjunction with [Qubes OS](#qubes-os).
-
-[:octicons-home-16: Homepage](https://whonix.org){ .md-button .md-button--primary }
-[:simple-torbrowser:](http://dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion){ .card-link title="Onion Service" }
-[:octicons-info-16:](https://whonix.org/wiki/Documentation){ .card-link title="Documentation" }
-[:octicons-heart-16:](https://whonix.org/wiki/Donate){ .card-link title="Contribute" }
-
-
-
-
+{{< cards >}}
+ {{< card link="https://whonix.org" title="Homepage" icon="home" >}}
+ {{< card link="https://whonix.org/wiki/Documentation" title="Documentation" icon="document-text" >}}
+{{< /cards >}}
Whonix is meant to run as two virtual machines: a “Workstation” and a Tor “Gateway.” All communications from the Workstation must go through the Tor gateway. This means that even if the Workstation is compromised by malware of some kind, the true IP address remains hidden.
Some of its features include Tor Stream Isolation, [keystroke anonymization](https://whonix.org/wiki/Keystroke_Deanonymization#Kloak), [encrypted swap](https://github.com/Whonix/swap-file-creator), and a hardened memory allocator. Future versions of Whonix will likely include [full system AppArmor policies](https://github.com/roddhjav/apparmor.d) and a [sandboxed app launcher](https://whonix.org/wiki/Sandbox-app-launcher) to fully confine all processes on the system.
-Whonix is best used [in conjunction with Qubes](https://whonix.org/wiki/Qubes/Why_use_Qubes_over_other_Virtualizers). We have a [recommended guide](os/qubes-overview.md#connecting-to-tor-via-a-vpn) on configuring Whonix in conjunction with a VPN ProxyVM in Qubes to hide your Tor activities from your ISP.
+Whonix is best used [in conjunction with Qubes](https://whonix.org/wiki/Qubes/Why_use_Qubes_over_other_Virtualizers). We have a [recommended guide](../qubes-overview.md#connecting-to-tor-via-a-vpn) on configuring Whonix in conjunction with a VPN ProxyVM in Qubes to hide your Tor activities from your ISP.
### Tails
-
+**Tails** is a live operating system based on Debian that routes all communications through Tor, which can boot on on almost any computer from a DVD, USB stick, or SD card installation. It uses [Tor](../../software/tor/_index.md) to preserve privacy and [anonymity](../../../wiki/basics/common-threats.md#anonymity-vs-privacy) while circumventing censorship, and it leaves no trace of itself on the computer it is used on after it is powered off.
-{ align=right }
-
-**Tails** is a live operating system based on Debian that routes all communications through Tor, which can boot on on almost any computer from a DVD, USB stick, or SD card installation. It uses [Tor](tor.md) to preserve privacy and [:material-incognito: Anonymity](../../../wiki/basics/common-threats.md#anonymity-vs-privacy){ .pg-purple } while circumventing censorship, and it leaves no trace of itself on the computer it is used on after it is powered off.
-
-[:octicons-home-16: Homepage](https://tails.net){ .md-button .md-button--primary }
-[:octicons-info-16:](https://tails.net/doc/index.en.html){ .card-link title="Documentation" }
-[:octicons-heart-16:](https://tails.net/donate){ .card-link title="Contribute" }
-
-
-
-
@@ -180,7 +145,7 @@ Tails [doesn't erase](https://gitlab.tails.boum.org/tails/tails/-/issues/5356) t
Tails is great for counter forensics due to amnesia (meaning nothing is written to the disk); however, it is not a hardened distribution like Whonix. It lacks many anonymity and security features that Whonix has and gets updated much less often (only once every six weeks). A Tails system that is compromised by malware may potentially bypass the transparent proxy, allowing for the user to be deanonymized.
-Tails includes [uBlock Origin](browser-extensions.md#ublock-origin) in Tor Browser by default, which may potentially make it easier for adversaries to fingerprint Tails users. [Whonix](desktop.md#whonix) virtual machines may be more leak-proof, however they are not amnesic, meaning data may be recovered from your storage device.
+Tails includes [uBlock Origin](../../software/browser-extensions/_index.md#ublock-origin) in Tor Browser by default, which may potentially make it easier for adversaries to fingerprint Tails users. [Whonix](#whonix) virtual machines may be more leak-proof, however they are not amnesic, meaning data may be recovered from your storage device.
By design, Tails is meant to completely reset itself after each reboot. Encrypted [persistent storage](https://tails.net/doc/persistent_storage/index.en.html) can be configured to store some data between reboots.
@@ -192,69 +157,44 @@ By design, Tails is meant to completely reset itself after each reboot. Encrypte
### Qubes OS
-
-
-{ align=right }
-
**Qubes OS** is an open-source operating system designed to provide strong security for desktop computing through secure virtual machines (or "qubes"). Qubes is based on Xen, the X Window System, and Linux. It can run most Linux applications and use most of the Linux drivers.
-[:octicons-home-16: Homepage](https://qubes-os.org){ .md-button .md-button--primary }
-[:simple-torbrowser:](http://qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion){ .card-link title="Onion Service" }
-[:octicons-eye-16:](https://qubes-os.org/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://qubes-os.org/doc){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/QubesOS){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://qubes-os.org/donate){ .card-link title="Contribute" }
+{{< cards >}}
+ {{< card link="https://qubes-os.org" title="Homepage" icon="home" >}}
+ {{< card link="https://qubes-os.org/privacy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
+Qubes OS secures the computer by isolating subsystems (e.g., networking, USB, etc.) and applications in separate *qubes*. Should one part of the system be compromised via an exploit in a [targeted attack](../../../wiki/basics/common-threats.md#attacks-against-specific-individuals), the extra isolation is likely to protect the rest of the *qubes* and the core system.
-
-
-Qubes OS secures the computer by isolating subsystems (e.g., networking, USB, etc.) and applications in separate *qubes*. Should one part of the system be compromised via an exploit in a [:material-target-account: Targeted Attack](../../../wiki/basics/common-threats.md#attacks-against-specific-individuals){ .pg-red }, the extra isolation is likely to protect the rest of the *qubes* and the core system.
-
-For further information about how Qubes works, read our full [Qubes OS overview](os/qubes-overview.md) page.
+For further information about how Qubes works, read our full [Qubes OS overview](../qubes-overview.md) page.
### Secureblue
-
-
-{ align=right }
-
**Secureblue** is a security-focused operating system based on [Fedora Atomic Desktops](#fedora-atomic-desktops). It includes a number of [security features](https://secureblue.dev/features) intended to proactively defend against the exploitation of both known and unknown vulnerabilities, and ships with [Trivalent](https://github.com/secureblue/Trivalent), their hardened, Chromium-based web browser.
-[:octicons-home-16: Homepage](https://secureblue.dev){ .md-button .md-button--primary }
-[:octicons-info-16:](https://secureblue.dev/install){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/secureblue/secureblue){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://secureblue.dev/donate){ .card-link title="Contribute" }
+{{< cards >}}
+ {{< card link="https://secureblue.dev" title="Homepage" icon="home" >}}
+ {{< card link="https://secureblue.dev/install" title="Documentation" icon="document-text" >}}
+{{< /cards >}}
-
-
-**Trivalent** is Secureblue's hardened Chromium for desktop Linux inspired by [GrapheneOS](android/distributions.md#grapheneos)'s Vanadium browser.
+**Trivalent** is Secureblue's hardened Chromium for desktop Linux inspired by [GrapheneOS](../android/distributions.md#grapheneos)'s Vanadium browser.
Secureblue also provides GrapheneOS's [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc) and enables it globally (including for Flatpaks).
### Kicksecure
-While we [recommend against](os/linux-overview.md#release-cycle) "perpetually outdated" distributions like Debian for desktop use in most cases, Kicksecure is a Debian-based operating system which has been hardened to be much more than a typical Linux install.
-
-
-
-{ align=right }
+While we [recommend against](../linux-overview.md#release-cycle) "perpetually outdated" distributions like Debian for desktop use in most cases, Kicksecure is a Debian-based operating system which has been hardened to be much more than a typical Linux install.
**Kicksecure**—in oversimplified terms—is a set of scripts, configurations, and packages that substantially reduce the attack surface of Debian. It covers a lot of privacy and hardening recommendations by default. It also serves as the base OS for [Whonix](#whonix).
-[:octicons-home-16: Homepage](https://kicksecure.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://kicksecure.com/wiki/Privacy_Policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://kicksecure.com/wiki/Documentation){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/Kicksecure){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://kicksecure.com/wiki/Donate){ .card-link title="Contribute" }
-
-
-
-
+{{< cards >}}
+ {{< card link="https://kicksecure.com" title="Homepage" icon="home" >}}
+ {{< card link="https://kicksecure.com/wiki/Privacy_Policy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
## Criteria
-Choosing a Linux distro that is right for you will come down to a huge variety of personal preferences, and this page is **not** meant to be an exhaustive list of every viable distribution. Our Linux overview page has some advice on [choosing a distro](os/linux-overview.md#choosing-your-distribution) in more detail. The distros on *this* page do all generally follow the guidelines we covered there, and all meet these standards:
+Choosing a Linux distro that is right for you will come down to a huge variety of personal preferences, and this page is **not** meant to be an exhaustive list of every viable distribution. Our Linux overview page has some advice on [choosing a distro](../linux-overview.md#choosing-your-distribution) in more detail. The distros on *this* page do all generally follow the guidelines we covered there, and all meet these standards:
- Free and open source.
- Receives regular software and kernel updates.
@@ -262,11 +202,11 @@ Choosing a Linux distro that is right for you will come down to a huge variety o
- The notable exception here is Qubes, but the [isolation issues](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation) which X11 typically has are avoided by virtualization. This isolation only applies to apps *running in different qubes* (virtual machines); apps running in the *same* qube are not protected from each other.
- Supports full-disk encryption during installation.
- Doesn't freeze regular releases for more than 1 year.
- - We [recommend against](os/linux-overview.md#release-cycle) "Long Term Support" or "stable" distro releases for desktop usage.
+ - We [recommend against](../linux-overview.md#release-cycle) "Long Term Support" or "stable" distro releases for desktop usage.
- Supports a wide variety of hardware.
- Preference towards larger projects.
- Maintaining an operating system is a major challenge, and smaller projects have a tendency to make more avoidable mistakes, or delay critical updates (or worse, disappear entirely). We lean towards projects which will likely be around 10 years from now (whether that's due to corporate backing or very significant community support), and away from projects which are hand-built or have a small number of maintainers.
-In addition, [our standard criteria](about/criteria.md) for recommended projects still applies. **Please note we are not affiliated with any of the projects we recommend.**
+In addition, [our standard criteria](../../../about/criteria.md) for recommended projects still applies. **Please note we are not affiliated with any of the projects we recommend.**
[^1]: Reproducibility entails the ability to verify that packages and binaries made available to the end user match the source code, which can be useful against potential [:material-package-variant-closed-remove: Supply Chain Attacks](../../../wiki/basics/common-threats.md#attacks-against-certain-organizations){ .pg-viridian }.
diff --git a/content/tools/os/router-firmware/_index.md b/content/tools/os/router-firmware/_index.md
index b0fe75cb7..2b5951ba4 100644
--- a/content/tools/os/router-firmware/_index.md
+++ b/content/tools/os/router-firmware/_index.md
@@ -9,48 +9,38 @@ description: Alternative operating systems for securing your router or Wi-Fi acc
Below are a few alternative operating systems that can be used on routers, Wi-Fi access points, etc.
+
+{{< cards >}}
+ {{< card link="#openwrt" title="OpenWrt" image="./openwrt.svg" subtitle="OpenWrt is a Linux-based operating system; it’s primarily used on embedded devices to route network traffic. It includes util-linux, uClibc, and BusyBox. All the components have been optimized for home routers." >}}
+ {{< card link="#opnsense" title="OPNsense" image="./opnsense.svg" subtitle="OPNsense is an open-source, FreeBSD-based firewall and routing platform which incorporates many advanced features such as traffic shaping, load balancing, and VPN capabilities, with many more features available in the form of plugins." >}}
+{{< /cards >}}
+
+
## OpenWrt
-
-
-{ align=right }
-{ align=right }
-
**OpenWrt** is a Linux-based operating system; it's primarily used on embedded devices to route network traffic. It includes util-linux, uClibc, and BusyBox. All the components have been optimized for home routers.
-[:octicons-home-16: Homepage](https://openwrt.org){ .md-button .md-button--primary }
-[:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/openwrt/openwrt){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://openwrt.org/donate){ .card-link title=Contribute }
-
-
-
-
+{{< cards >}}
+ {{< card link="https://openwrt.org" title="Homepage" icon="home" >}}
+ {{< card link="https://openwrt.org/docs/start" title="Documentation" icon="document-text" >}}
+{{< /cards >}}
You can consult OpenWrt's [table of hardware](https://openwrt.org/toh/start) to check if your device is supported.
## OPNsense
-
-
-{ align=right }
-
**OPNsense** is an open-source, FreeBSD-based firewall and routing platform which incorporates many advanced features such as traffic shaping, load balancing, and VPN capabilities, with many more features available in the form of plugins. OPNsense is commonly deployed as a perimeter firewall, router, wireless access point, DHCP server, DNS server, and VPN endpoint.
-[:octicons-home-16: Homepage](https://opnsense.org){ .md-button .md-button--primary }
-[:octicons-info-16:](https://docs.opnsense.org/index.html){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/opnsense){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://opnsense.org/donate){ .card-link title=Contribute }
-
-
-
-
+{{< cards >}}
+ {{< card link="https://opnsense.org" title="Homepage" icon="home" >}}
+ {{< card link="https://docs.opnsense.org/index.html" title="Documentation" icon="document-text" >}}
+{{< /cards >}}
OPNsense was originally developed as a fork of [pfSense](https://en.wikipedia.org/wiki/PfSense), and both projects are noted for being free and reliable firewall distributions which offer features often only found in expensive commercial firewalls. Launched in 2015, the developers of OPNsense [cited](https://docs.opnsense.org/history/thefork.html) a number of security and code-quality issues with pfSense which they felt necessitated a fork of the project, as well as concerns about Netgate's majority acquisition of pfSense and the future direction of the pfSense project.
## Criteria
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../../../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
- Must be open source.
- Must receive regular updates.
diff --git a/content/tools/self-hosting/_index.md b/content/tools/self-hosting/_index.md
index a601c30f3..7a654d7bc 100644
--- a/content/tools/self-hosting/_index.md
+++ b/content/tools/self-hosting/_index.md
@@ -50,19 +50,12 @@ Self-hosting your own solutions requires advanced technical knowledge and a deep
### Vaultwarden
-
+**Vaultwarden** is an alternative implementation of [Bitwarden](../services/passwords/_index.md#bitwarden)'s sync server written in Rust and compatible with official Bitwarden clients, perfect for self-hosted deployment where running the resource-heavy, [official service](https://github.com/bitwarden/server) might not be ideal.
-{ align=right }
-{ align=right }
-
-**Vaultwarden** is an alternative implementation of [Bitwarden](../passwords.md#bitwarden)'s sync server written in Rust and compatible with official Bitwarden clients, perfect for self-hosted deployment where running the resource-heavy, [official service](https://github.com/bitwarden/server) might not be ideal.
-
-[:octicons-repo-16: Repository](https://github.com/dani-garcia/vaultwarden#readme){ .md-button .md-button--primary }
-[:octicons-info-16:](https://github.com/dani-garcia/vaultwarden/wiki){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/dani-garcia/vaultwarden){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://github.com/sponsors/dani-garcia){ .card-link title="Contribute" }
-
-
+{{< cards >}}
+ {{< card link="https://github.com/dani-garcia/vaultwarden#readme" title="Repository" icon="code" >}}
+ {{< card link="https://github.com/dani-garcia/vaultwarden/wiki" title="Documentation" icon="document-text" >}}
+{{< /cards >}}
## :material-account-supervisor-circle-outline: Social Networks
@@ -70,16 +63,12 @@ Self-hosting your own instance of a social network software can help circumvent
### Mastodon
-
-
-{ align=right }
-
**Mastodon** is a social network based on open web protocols and free, open-source software. It uses the decentralized **:simple-activitypub: ActivityPub** protocol.
-[:octicons-home-16:](https://joinmastodon.org){ .card-link title="Homepage" }
-[:octicons-info-16:](https://docs.joinmastodon.org/admin/prerequisites){ .card-link title="Admin Documentation" }
-
-
+{{< cards >}}
+ {{< card link="https://joinmastodon.org" title="Homepage" icon="home" >}}
+ {{< card link="https://docs.joinmastodon.org/admin/prerequisites" title="Admin documentation" icon="document-text" >}}
+{{< /cards >}}
Mastodon [integrates with the Tor network](https://docs.joinmastodon.org/admin/optional/tor) for more extreme scenarios where even your underlying hosting provider is subject to censorship, but this may limit who can access your content to only other servers which integrate with Tor (like most other hidden services).
@@ -87,17 +76,12 @@ Mastodon benefits greatly from a large and active self-hosting community, and it
### Element
-
-
-{ align=right }
-
**Element** is the flagship client for the **:simple-matrix: Matrix** protocol, an open standard that enables decentralized communication by way of federated chat rooms.
-[:octicons-home-16:](https://element.io){ .card-link title="Homepage" }
-[:octicons-info-16:](https://element-hq.github.io/synapse/latest){ .card-link title="Admin Documentation" }
-[:octicons-code-16:](https://github.com/element-hq){ .card-link title="Source Code" }
-
-
+{{< cards >}}
+ {{< card link="https://element.io" title="Homepage" icon="home" >}}
+ {{< card link="https://element-hq.github.io/synapse/latest" title="Admin documentation" icon="document-text" >}}
+{{< /cards >}}
## :material-flip-to-front: Frontends
diff --git a/content/tools/self-hosting/dns-filtering/_index.md b/content/tools/self-hosting/dns-filtering/_index.md
index e0c126b83..a5c1af3ab 100644
--- a/content/tools/self-hosting/dns-filtering/_index.md
+++ b/content/tools/self-hosting/dns-filtering/_index.md
@@ -9,37 +9,27 @@ description: For our more technical readers, self-hosting a DNS solution can pro
**Self-hosting DNS** is useful for providing [DNS filtering](https://cloudflare.com/learning/access-management/what-is-dns-filtering) on controlled platforms, such as smart TVs and other IoT devices, as no client-side software is needed. Keep in mind that the DNS solutions below are typically restricted to your home or local network unless you set up a more advanced configuration.
-## DNS Sinkholes
+
+{{< cards >}}
+ {{< card link="#pi-hole" title="Pi-hole" image="./pi-hole.svg" subtitle="Pi-hole is an open-source DNS sinkhole which features a friendly web interface to view insights and manage blocked content. Pi-hole is designed to be hosted on a Raspberry Pi, but it is not limited to such hardware." >}}
+ {{< card link="#adguard-home" title="AdGuard Home" image="./adguard-home.svg" subtitle="AdGuard Home is an open-source DNS sinkhole which features a polished web interface to view insights and manage blocked content." >}}
+{{< /cards >}}
+
-[**DNS sinkholes**](https://en.wikipedia.org/wiki/DNS_sinkhole) use DNS filtering to block unwanted web content such as advertisements.
-
-### Pi-Hole
-
-
-
-{ align=right }
+## Pi-hole
**Pi-hole** is an open-source DNS sinkhole which features a friendly web interface to view insights and manage blocked content. Pi-hole is designed to be hosted on a Raspberry Pi, but it is not limited to such hardware.
-[:octicons-home-16: Homepage](https://pi-hole.net){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://pi-hole.net/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://docs.pi-hole.net){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title="Contribute" }
+{{< cards >}}
+ {{< card link="https://pi-hole.net" title="Homepage" icon="home" >}}
+ {{< card link="https://pi-hole.net/privacy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-
-### AdGuard Home
-
-
-
-{ align=right }
+## AdGuard Home
**AdGuard Home** is an open-source DNS sinkhole which features a polished web interface to view insights and manage blocked content.
-[:octicons-home-16: Homepage](https://adguard.com/adguard-home/overview.html){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://adguard.com/privacy/home.html){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://github.com/AdguardTeam/AdGuardHome/wiki){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/AdguardTeam/AdGuardHome){ .card-link title="Source Code" }
-
-
+{{< cards >}}
+ {{< card link="https://adguard.com/adguard-home/overview.html" title="Homepage" icon="home" >}}
+ {{< card link="https://adguard.com/privacy/home.html" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
diff --git a/content/tools/self-hosting/email-servers/_index.md b/content/tools/self-hosting/email-servers/_index.md
index fae0e2b69..d76b9e123 100644
--- a/content/tools/self-hosting/email-servers/_index.md
+++ b/content/tools/self-hosting/email-servers/_index.md
@@ -11,52 +11,43 @@ Advanced system administrators may consider setting up their own **email server*
- [Setting up a mail server with OpenSMTPD, Dovecot and Rspamd](https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd) (2019)
- [How To Run Your Own Mail Server](https://www.c0ffee.net/blog/mail-server-guide) (August 2017)
+
+{{< cards >}}
+ {{< card link="#stalwart" title="Stalwart" image="./stalwart.svg" subtitle="Stalwart is a newer mail server written in Rust which supports JMAP in addition to the standard IMAP, POP3, and SMTP. It has a wide variety of configuration options, but also defaults to very reasonable settings in terms of both security and features, making it easy to use immediately." >}}
+ {{< card link="#mailcow" title="Mailcow" image="./mailcow.svg" subtitle="Mailcow is an advanced mail server perfect for those with Linux experience. It has everything you need in a Docker container: a mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support." >}}
+ {{< card link="#mail-in-a-box" title="Mail-in-a-Box" image="./mail-in-a-box.svg" subtitle="Mail-in-a-Box is an automated setup script for deploying a mail server on Ubuntu. Its goal is to make it easier for people to set up their own mail server." >}}
+{{< /cards >}}
+
+
## Stalwart
-
-
-{ align=right }
-
**Stalwart** is a newer mail server written in Rust which supports JMAP in addition to the standard IMAP, POP3, and SMTP. It has a wide variety of configuration options, but also defaults to very reasonable settings in terms of both security and features, making it easy to use immediately. It has web-based administration with TOTP 2FA support and allows you to enter your public PGP key to encrypt **all** incoming messages.
-[:octicons-home-16: Homepage](https://stalw.art){ .md-button .md-button--primary }
-[:octicons-info-16:](https://stalw.art/docs/get-started){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/stalwartlabs){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://github.com/sponsors/stalwartlabs){ .card-link title="Contribute" }
+{{< cards >}}
+ {{< card link="https://stalw.art" title="Homepage" icon="home" >}}
+ {{< card link="https://stalw.art/docs/get-started" title="Documentation" icon="document-text" >}}
+{{< /cards >}}
-
+Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with encrypted message storage, lessening the risk of unauthorized access to your emails. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../../services/email/_index.md#proton-mail) users.
-Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with encrypted message storage, lessening the risk of unauthorized access to your emails. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
-
-Stalwart does **not** have an integrated webmail, so you will need to use it with a [dedicated email client](../email-clients.md) or find an open-source webmail to self-host, like Nextcloud's Mail app.
+Stalwart does **not** have an integrated webmail, so you will need to use it with a [dedicated email client](../../software/email-clients/_index.md) or find an open-source webmail to self-host, like Nextcloud's Mail app.
We use Stalwart for our own internal email at *Privacy Guides*.
## Mailcow
-
-
-{ align=right }
-
**Mailcow** is an advanced mail server perfect for those with Linux experience. It has everything you need in a Docker container: a mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support.
-[:octicons-home-16: Homepage](https://mailcow.email){ .md-button .md-button--primary }
-[:octicons-info-16:](https://docs.mailcow.email){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/mailcow/mailcow-dockerized){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://servercow.de/mailcow?lang=en#sal){ .card-link title="Contribute" }
-
-
-
-{ align=right }
-
**Mail-in-a-Box** is an automated setup script for deploying a mail server on Ubuntu. Its goal is to make it easier for people to set up their own mail server.
-[:octicons-home-16: Homepage](https://mailinabox.email){ .md-button .md-button--primary }
-[:octicons-info-16:](https://mailinabox.email/guide.html){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/mail-in-a-box/mailinabox){ .card-link title="Source Code" }
-
-
+{{< cards >}}
+ {{< card link="https://mailinabox.email" title="Homepage" icon="home" >}}
+ {{< card link="https://mailinabox.email/guide.html" title="Documentation" icon="document-text" >}}
+{{< /cards >}}
diff --git a/content/tools/self-hosting/file-management/_index.md b/content/tools/self-hosting/file-management/_index.md
index dbb2d6dd2..eeddb353c 100644
--- a/content/tools/self-hosting/file-management/_index.md
+++ b/content/tools/self-hosting/file-management/_index.md
@@ -8,67 +8,51 @@ description: For our more technical readers, self-hosting file management tools
Self-hosting your own **file management** tools may be a good idea to reduce the risk of encryption flaws in a cloud provider's native clients.
+
+{{< cards >}}
+ {{< card link="#photoprism" title="PhotoPrism" image="./photoprism.svg" subtitle="PhotoPrism is a platform for managing photos. It supports album syncing and sharing as well as a variety of other features. It does not include end-to-end encryption, so it’s best hosted on a server that you trust and is under your control." >}}
+ {{< card link="#freedombox" title="FreedomBox" image="./freedombox.svg" subtitle="FreedomBox is an operating system designed to be run on a single-board computer (SBC). The purpose is to make it easy to set up server applications for use cases like sharing files." >}}
+ {{< card link="#nextcloud" title="Nextcloud" image="./nextcloud.svg" subtitle="Nextcloud is a suite of free and open-source client-server software for creating your own file hosting services on a private server you control." >}}
+{{< /cards >}}
+
+
## Photo Management
### PhotoPrism
-
-
-{ align=right }
-
**PhotoPrism** is a platform for managing photos. It supports album syncing and sharing as well as a variety of other [features](https://photoprism.app/features). It does not include end-to-end encryption, so it's best hosted on a server that you trust and is under your control.
-[:octicons-home-16: Homepage](https://photoprism.app){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://photoprism.app/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://photoprism.app/kb){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/photoprism){ .card-link title="Source Code" }
-
-
-
-{ align=right }
-
**FreedomBox** is an operating system designed to be run on a [single-board computer (SBC)](https://en.wikipedia.org/wiki/Single-board_computer). The purpose is to make it easy to set up server applications for use cases like sharing files.
-[:octicons-home-16: Homepage](https://freedombox.org){ .md-button .md-button--primary }
-[:octicons-info-16:](https://wiki.debian.org/FreedomBox/Manual){ .card-link title="Documentation" }
-[:octicons-code-16:](https://salsa.debian.org/freedombox-team/freedombox){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://freedomboxfoundation.org/donate){ .card-link title="Contribute" }
-
-
diff --git a/content/tools/services/calendar/_index.md b/content/tools/services/calendar/_index.md
index d0e8e3059..10aec6ab1 100644
--- a/content/tools/services/calendar/_index.md
+++ b/content/tools/services/calendar/_index.md
@@ -2,77 +2,61 @@
title: Calendar Sync
description: Calendars contain some of your most sensitive data; use products that implement encryption at rest.
---
+
Protects against the following threat(s):
[{{< badge content="Passive Attacks" color="amber" >}}](../../../wiki/basics/common-threats.md#security-and-privacy)
[{{< badge content="Service Providers" color="indigo" >}}](../../../wiki/basics/common-threats.md#privacy-from-service-providers)
+
+{{< cards >}}
+ {{< card link="#tuta" title="Tuta" image="../email/tuta.svg" subtitle="Tuta offers a free and encrypted calendar across their supported platforms. Features include automatic E2EE of all data, sharing features, import/export functionality, multifactor authentication, and more." >}}
+ {{< card link="#proton-calendar" title="Proton Calendar" image="./proton-calendar.svg" subtitle="Proton Calendar is an encrypted calendar service available to Proton members via its web or mobile clients. Features include automatic E2EE of all data, sharing features, import/export functionality, and more." >}}
+{{< /cards >}}
+
+
**Calendars** contain some of your most sensitive data; use products that implement end-to-end encryption at rest to prevent a provider from reading them.
## Tuta
-
-
-{ align=right }
-{ align=right }
-
**Tuta** offers a free and encrypted calendar across their supported platforms. Features include automatic E2EE of all data, sharing features, import/export functionality, multifactor authentication, and [more](https://tuta.com/calendar-app-comparison).
Multiple calendars and extended sharing functionality are limited to paid subscribers.
-[:octicons-home-16: Homepage](https://tuta.com/calendar){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://tuta.com/support){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/tutao/tutanota){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://tuta.com/community#donate){ .card-link title="Contribute" }
+{{< cards >}}
+ {{< card link="https://tuta.com/calendar" title="Homepage" icon="home" >}}
+ {{< card link="https://tuta.com/privacy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=de.tutao.calendar)
-- [:simple-appstore: App Store](https://apps.apple.com/app/id6657977811)
-- [:simple-github: GitHub](https://github.com/tutao/tutanota/releases?q=Calendar)
-- [:fontawesome-brands-windows: Windows](https://tuta.com/blog/desktop-clients)
-- [:simple-apple: macOS](https://tuta.com/blog/desktop-clients)
-- [:simple-linux: Linux](https://tuta.com/blog/desktop-clients)
-- [:simple-flathub: Flathub](https://flathub.org/apps/com.tutanota.Tutanota)
-- [:octicons-browser-16: Web](https://app.tuta.com)
-
-
-
-
-
-{ align=right }
-
**Proton Calendar** is an encrypted calendar service available to Proton members via its web or mobile clients. Features include automatic E2EE of all data, sharing features, import/export functionality, and [more](https://proton.me/support/proton-calendar-guide).
Those on the free tier have access to 3 calendars, whereas paid subscribers can create up to 25 calendars. Extended sharing functionality is also limited to paid subscribers.
-[:octicons-home-16: Homepage](https://proton.me/calendar){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://proton.me/calendar/privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://proton.me/support/calendar){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/orgs/ProtonMail/repositories?q=calendar){ .card-link title="Source Code" }
+{{< cards >}}
+ {{< card link="https://proton.me/calendar" title="Homepage" icon="home" >}}
+ {{< card link="https://proton.me/calendar/privacy-policy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.calendar)
-- [:simple-appstore: App Store](https://apps.apple.com/app/id1514709943)
-- [:octicons-browser-16: Web](https://calendar.proton.me)
-
-
-
-
+[{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=me.proton.android.calendar)
+[{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/app/id1514709943)
+[{{< badge content="Web" >}}](https://calendar.proton.me)
In 2021, Securitum [audited](https://proton.me/community/open-source#:~:text=Proton%20Calendar) Proton Calendar's web client and provided a [letter of attestation](https://res.cloudinary.com/dbulfrlrz/images/v1714639870/wp-pme/letter-of-attestation-proton-calendar-20211109_3138998f9b/letter-of-attestation-proton-calendar-20211109_3138998f9b.pdf) for the Android app.
## Criteria
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../../../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
### Minimum Qualifications
diff --git a/content/tools/services/cloud/_index.md b/content/tools/services/cloud/_index.md
index a6211e14c..0b198d2eb 100644
--- a/content/tools/services/cloud/_index.md
+++ b/content/tools/services/cloud/_index.md
@@ -9,7 +9,7 @@ description: Many cloud storage providers require your trust that they will not
{{< cards >}}
- {{< card link="#proton-drive" title="Proton Drive" image="./protondrive.svg" subtitle="Proton Drive is an encrypted cloud storage provider from the popular encrypted email provider Proton Mail." >}}
+ {{< card link="#proton-drive" title="Proton Drive" image="./protondrive.svg" subtitle="Proton Drive is an encrypted cloud storage provider from the popular encrypted email provider Proton Mail. The initial free storage is limited to 2 GB, but with the completion of certain steps, additional storage can be obtained up to 5 GB." >}}
{{< card link="#tresorit" title="Tresorit" image="./tresorit.svg" subtitle="Tresorit is a Swiss-Hungarian encrypted cloud storage provider founded in 2011. Tresorit is owned by the Swiss Post, the national postal service of Switzerland." >}}
{{< card link="#peergos" title="Peergos" image="./peergos.svg" subtitle="Peergos is a decentralized protocol and open-source platform for storage, social media, and applications. It provides a secure and private space where users can store, share, view, and edit their photos, videos, documents, etc." >}}
{{< /cards >}}
@@ -49,7 +49,7 @@ The Proton Drive web application has been independently audited by Securitum in
{{< card link="https://tresorit.com/legal/privacy-policy" title="Privacy Policy" icon="eye" >}}
{{< /cards >}}
-[{{< badge content="Linux" color="amber" >}}](https://tresorit.com/download)
+[{{< badge content="Linux" color="yellow" >}}](https://tresorit.com/download)
[{{< badge content="macOS" color="indigo" >}}](https://tresorit.com/download)
[{{< badge content="Windows" color="red" >}}](https://tresorit.com/download)
[{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=com.tresorit.mobile)
@@ -81,12 +81,12 @@ Peergos secures your files with quantum-resistant E2EE and ensures all data abou
{{< card link="https://peergos.net/privacy.html" title="Privacy Policy" icon="eye" >}}
{{< /cards >}}
-[{{< badge content="Linux" color="amber" >}}](https://peergos.org/download#linux)
-[{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=net.peergos.android)
+[{{< badge content="Linux" color="yellow" >}}](https://peergos.org/download#linux)
[{{< badge content="macOS" color="indigo" >}}](https://peergos.org/download#macos)
[{{< badge content="Windows" color="red" >}}](https://peergos.org/download#windows)
-[{{< badge content="Web" color="gray" >}}](https://peergos.net)
-[{{< badge content="GitHub" color="gray" >}}](https://github.com/Peergos/web-ui/releases)
+[{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=net.peergos.android)
+[{{< badge content="GitHub" >}}](https://github.com/Peergos/web-ui/releases)
+[{{< badge content="Web" >}}](https://peergos.net)
Peergos is built on top of the [InterPlanetary File System (IPFS)](https://ipfs.tech), a peer-to-peer architecture that protects against [Censorship](../../../wiki/basics/common-threats.md#avoiding-censorship).
diff --git a/content/tools/services/data-broker-removals/_index.md b/content/tools/services/data-broker-removals/_index.md
index 2d7e253aa..7ede3ca2d 100644
--- a/content/tools/services/data-broker-removals/_index.md
+++ b/content/tools/services/data-broker-removals/_index.md
@@ -2,10 +2,18 @@
title: Data Removal Services
description: Our recommended methods for removing your personal information from data brokers and people search sites.
---
+
Protects against the following threat(s):
[{{< badge content="Public Exposure" color="green" >}}](../../../wiki/basics/common-misconceptions.md)
+
+{{< cards >}}
+ {{< card link="#easyoptouts-paid" title="EasyOptOuts" image="./easyoptouts.svg" subtitle="EasyOptOuts is a $20/year service which will search a number of different data broker sites and automatically submit opt-out requests on your behalf. They will perform the first search and removal process immediately, and then re-run the process every 4 months in case your data shows up on new sites over time." >}}
+ {{< card link="#google-results-about-you-free" title="Google Results about you" image="./google.svg" subtitle="Results about you is a free tool which helps you discover whether your personal contact information, including your home address, phone number, and email address, appears in Google search results. If any personal information is found, you can request its removal." >}}
+{{< /cards >}}
+
+
"People search sites" operated by data brokers represent an immense privacy risk to the majority of Americans. For many, sensitive personal information such as your address, phone number, email, and age is a simple internet search away. While there is unfortunately no federal regulation in place to protect your data, many of these companies will remove your information from their *public* databases upon request.
:flag_us: **Note:** Many of these tools are only available in the United States, and data brokers collecting, sharing, and selling information from public records and other resources is largely a US-centric issue. In many other regions, your data is already protected via regulations like the GDPR. We will always advocate for similarly strong privacy protections in the United States, but those affected today may still benefit from these "stop-gap" solutions.
@@ -15,7 +23,7 @@ Counterintuitively, removing your personal data on these sites from the internet
Try it out
-Use your favorite [search engine](search-engines.md) to see if your data is trivially exposed by searching for your name in quotes, plus your general location. For example, search for `"Jane Smith" Chicago IL`. In many cases, you may find your personal information makes up many of the first results. Even if results about you aren't readily available though, you may still be affected. The list of data brokers linked below will provide more places to check whether your data is in any public databases.
+Use your favorite [search engine](../search-engines/_index.md) to see if your data is trivially exposed by searching for your name in quotes, plus your general location. For example, search for `"Jane Smith" Chicago IL`. In many cases, you may find your personal information makes up many of the first results. Even if results about you aren't readily available though, you may still be affected. The list of data brokers linked below will provide more places to check whether your data is in any public databases.
@@ -60,16 +68,12 @@ If you don't use an automatic scanner to find results about you, consider settin
## EasyOptOuts Paid
-
-
-{ align=right }
-
**EasyOptOuts** is a $20/year service which will search a number of different data broker sites and automatically submit opt-out requests on your behalf. They will perform the first search and removal process immediately, and then re-run the process every 4 months in case your data shows up on new sites over time.
-[:octicons-home-16: Homepage](https://easyoptouts.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://easyoptouts.com/privacy){ .card-link title="Privacy Policy" }
-
-
+{{< cards >}}
+ {{< card link="https://easyoptouts.com" title="Homepage" icon="home" >}}
+ {{< card link="https://easyoptouts.com/privacy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
Some websites supported by EasyOptOuts are publicly searchable. In those cases EasyOptOuts will perform a search and only submit an opt-out request if your personal data is already found, to prevent sending your data in an opt-out request to sites that didn't have it already. However, they do support some sites which are not publicly searchable, and in those cases your data will be sent to them in an opt-out request regardless, in case you are in their private databases.
@@ -96,16 +100,14 @@ While Google is not a data broker themselves *per se*, as they don't sell or sha
-
-
-{ align=right }
-
**Results about you** is a free tool which helps you discover whether your personal contact information, including your home address, phone number, and email address, appears in Google search results. If any personal information is found, you can request its removal.
-[:octicons-globe-16: Open Web Tool](https://myactivity.google.com/results-about-you){ .md-button .md-button--primary }
-[:octicons-info-16:](https://support.google.com/websearch/answer/12719076){ .card-link title=Documentation}
+{{< cards >}}
+ {{< card link="https://myactivity.google.com/results-about-you" title="Web Tool" icon="external-link" >}}
+ {{< card link="https://policies.google.com/privacy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
+Google publishes [help documentation](https://support.google.com/websearch/answer/12719076) for this tool.
In many cases, a Google search is the first place a potential stalker or abuser would look to find your personal information, which could make using it a worthwhile trade-off. However, this tool does not remove your information from the discovered websites themselves, only their listings on Google. You should still consider manually opting out from the results which are discovered, or using another service which automatically opts you out from those sites directly.
@@ -117,7 +119,7 @@ In our testing, this tool worked to reliably remove people search sites from Goo
## Criteria
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing a data removal service, and conduct your own research to ensure it's the right choice for you.
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../../../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing a data removal service, and conduct your own research to ensure it's the right choice for you.
Our picks for removal services are primarily based on independent professional testing from third-parties as noted in the sections above, our own internal testing, and aggregated reviews from our community.
diff --git a/content/tools/services/dns/_index.md b/content/tools/services/dns/_index.md
index 2cb49f937..d9078d80c 100644
--- a/content/tools/services/dns/_index.md
+++ b/content/tools/services/dns/_index.md
@@ -6,9 +6,18 @@ description: We recommend choosing these encrypted DNS providers to replace your
[{{< badge content="Surveillance Capitalism" color="purple" >}}](../../../wiki/basics/common-threats.md#surveillance-as-a-business-model)
+
+{{< cards >}}
+ {{< card link="#control-d" title="Control D" image="./control-d.svg" subtitle="Control D is a customizable DNS service which lets you block security threats, unwanted content, and advertisements on a DNS level. In addition to their paid plans, they offer a number of preconfigured DNS resolvers you can use for free." >}}
+ {{< card link="#nextdns" title="NextDNS" image="./nextdns.svg" subtitle="NextDNS is a customizable DNS service which lets you block security threats, unwanted content, and advertisements on a DNS level. They offer a fully functional free plan for limited use." >}}
+ {{< card link="#rethinkdns" title="RethinkDNS" image="./rethinkdns.svg" subtitle="RethinkDNS is an open-source Android client that supports DoH, DoT, DNSCrypt and DNS Proxy. It also provides additional functionality such as caching DNS responses, locally logging DNS queries, and using the app as a firewall." >}}
+ {{< card link="#dnscrypt-proxy" title="DNSCrypt-Proxy" image="./dnscrypt-proxy.svg" subtitle="DNSCrypt-Proxy is a DNS proxy with support for DNSCrypt, DoH, and Anonymized DNS." >}}
+{{< /cards >}}
+
+
Encrypted **DNS** with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity.
-[Learn more about DNS :material-arrow-right-drop-circle:](../../../wiki/advanced/dns-overview.md){ .md-button }
+[Learn more about DNS](../../../wiki/advanced/dns-overview.md)
## Recommended Providers
@@ -51,60 +60,38 @@ These DNS filtering solutions offer a web dashboard where you can customize the
### Control D
-
-
-{ align=right }
-
**Control D** is a customizable DNS service which lets you block security threats, unwanted content, and advertisements on a DNS level.
In addition to their paid plans, they offer a number of preconfigured DNS resolvers you can use for free.
-[:octicons-home-16: Homepage](https://controld.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://controld.com/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://docs.controld.com/docs/getting-started){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/Control-D-Inc/ctrld){ .card-link title="Source Code" }
+{{< cards >}}
+ {{< card link="https://controld.com" title="Homepage" icon="home" >}}
+ {{< card link="https://controld.com/privacy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.controld.setuputility)
-- [:simple-appstore: App Store](https://apps.apple.com/app/1518799460)
-- [:simple-github: GitHub](https://github.com/Control-D-Inc/ctrld/releases)
-- [:fontawesome-brands-windows: Windows](https://docs.controld.com/docs/gui-setup-utility)
-- [:simple-apple: macOS](https://docs.controld.com/docs/gui-setup-utility)
-- [:simple-linux: Linux](https://docs.controld.com/docs/ctrld)
-
-
-
-
-
-{ align=right }
-
**NextDNS** is a customizable DNS service which lets you block security threats, unwanted content, and advertisements on a DNS level.
They offer a fully functional free plan for limited use.
-[:octicons-home-16: Homepage](https://nextdns.io){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://nextdns.io/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://help.nextdns.io){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/nextdns/nextdns){ .card-link title="Source Code" }
+{{< cards >}}
+ {{< card link="https://nextdns.io" title="Homepage" icon="home" >}}
+ {{< card link="https://nextdns.io/privacy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-appstore: App Store](https://apps.apple.com/app/nextdns/id1463342498)
-- [:simple-github: GitHub](https://github.com/nextdns/nextdns/releases)
-- [:fontawesome-brands-windows: Windows](https://github.com/nextdns/nextdns/wiki/Windows)
-- [:simple-apple: macOS](https://apps.apple.com/us/app/nextdns/id1464122853)
-- [:simple-linux: Linux](https://github.com/nextdns/nextdns/wiki)
-
-
-
-
+[{{< badge content="Linux" color="yellow" >}}](https://github.com/nextdns/nextdns/wiki)
+[{{< badge content="macOS" color="indigo" >}}](https://apps.apple.com/us/app/nextdns/id1464122853)
+[{{< badge content="Windows" color="red" >}}](https://github.com/nextdns/nextdns/wiki/Windows)
+[{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/app/nextdns/id1463342498)
+[{{< badge content="GitHub" >}}](https://github.com/nextdns/nextdns/releases)
When used with an account, NextDNS will enable insights and logging features by default (as some features require it). You can choose retention time and log storage location for any logs you choose to keep, or disable logs altogether.
@@ -118,53 +105,30 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](..
### RethinkDNS
-
-
-{ align=right }
-{ align=right }
-
**RethinkDNS** is an open-source Android client that supports [DoH](../../../wiki/advanced/dns-overview.md#dns-over-https-doh), [DoT](../../../wiki/advanced/dns-overview.md#dns-over-tls-dot), [DNSCrypt](../../../wiki/advanced/dns-overview.md#dnscrypt) and DNS Proxy. It also provides additional functionality such as caching DNS responses, locally logging DNS queries, and using the app as a firewall.
-[:octicons-home-16: Homepage](https://rethinkdns.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://rethinkdns.com/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://docs.rethinkdns.com){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/celzero/rethink-app){ .card-link title="Source Code" }
+{{< cards >}}
+ {{< card link="https://rethinkdns.com" title="Homepage" icon="home" >}}
+ {{< card link="https://rethinkdns.com/privacy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.celzero.bravedns)
-- [:simple-github: GitHub](https://github.com/celzero/rethink-app/releases)
-
-
-
-
+[{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=com.celzero.bravedns)
+[{{< badge content="GitHub" >}}](https://github.com/celzero/rethink-app/releases)
While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a WireGuard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
### DNSCrypt-Proxy
-
diff --git a/content/tools/services/email-aliasing/_index.md b/content/tools/services/email-aliasing/_index.md
index 3f423d129..663187a87 100644
--- a/content/tools/services/email-aliasing/_index.md
+++ b/content/tools/services/email-aliasing/_index.md
@@ -2,12 +2,20 @@
title: "Email Aliasing"
description: An email aliasing service allows you to easily generate a new email address for every website you register for.
---
+
Protects against the following threat(s):
[{{< badge content="Surveillance Capitalism" color="purple" >}}](../../../wiki/basics/common-threats.md#surveillance-as-a-business-model)
[{{< badge content="Public Exposure" color="green" >}}](../../../wiki/basics/common-threats.md#limiting-public-information)
-An **email aliasing service** allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your [email provider](email.md).
+
+{{< cards >}}
+ {{< card link="#addyio" title="Addy.io" image="./addy.svg" subtitle="Addy.io lets you create 10 domain aliases on a shared domain for free, or unlimited standard aliases. The number of shared aliases (which end in a shared domain like @addy.io) that you can create depends on the plan you are subscribed to." >}}
+ {{< card link="#simplelogin" title="SimpleLogin" image="./simplelogin.svg" subtitle="SimpleLogin is a free service which provides email aliases on a variety of shared domain names, and optionally provides paid features like unlimited aliases and custom domains." >}}
+{{< /cards >}}
+
+
+An **email aliasing service** allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your [email provider](../email/_index.md).
Email aliasing can also act as a safeguard in case your email provider ever ceases operation. In that scenario, you can easily re-route your aliases to a new email address. In turn, however, you are placing trust in the aliasing service to continue functioning.
@@ -36,42 +44,23 @@ Email aliasing services also have a number of benefits over "temporary email" se
## Recommended Providers
-
-
Our email aliasing recommendations are providers that allow you to create aliases on domains they control, as well as on your own custom domain(s) for a modest yearly fee. They can also be self-hosted if you want maximum control. However, using a custom domain can have privacy-related drawbacks: If you are the only person using your custom domain, your actions can be easily tracked across websites simply by looking at the domain name in the email address and ignoring everything before the `@` symbol.
Using an aliasing service requires trusting both your email provider and your aliasing provider with your unencrypted messages. Some providers mitigate this slightly with automatic PGP encryption[^1], which reduces the number of parties you need to trust from two to one by encrypting incoming emails before they are delivered to your final mailbox provider.
### Addy.io
-
+[{{< badge content="Google Play" color="green" >}}](https://addy.io/faq/#is-there-an-android-app)
+[{{< badge content="App Store" color="blue" >}}](https://addy.io/faq/#is-there-an-ios-app)
+[{{< badge content="Chrome" >}}](https://chrome.google.com/webstore/detail/iadbdpnoknmbdeolbapdackdcogdmjpe)
+[{{< badge content="Firefox" >}}](https://addons.mozilla.org/firefox/addon/addy_io)
The number of shared aliases (which end in a shared domain like `@addy.io`) that you can create depends on the [plan](https://addy.io/#pricing) you are subscribed to. You can pay for these plans using [cryptocurrency](https://addy.io/help/subscribing-with-cryptocurrency) or purchase a voucher code from [ProxyStore](https://addy.io/help/voucher-codes), Addy.io's official reseller.
@@ -91,31 +80,20 @@ If you cancel your subscription, you will still enjoy the features of your paid
### SimpleLogin
-
-
-{ align=right }
-
**SimpleLogin** is a free service which provides email aliases on a variety of shared domain names, and optionally provides paid features like unlimited aliases and custom domains.
-[:octicons-home-16: Homepage](https://simplelogin.io){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://simplelogin.io/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://simplelogin.io/docs){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/simple-login){ .card-link title="Source Code" }
+{{< cards >}}
+ {{< card link="https://simplelogin.io" title="Homepage" icon="home" >}}
+ {{< card link="https://simplelogin.io/privacy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=io.simplelogin.android)
-- [:simple-appstore: App Store](https://apps.apple.com/app/id1494359858)
-- [:simple-github: GitHub](https://github.com/simple-login/Simple-Login-Android/releases)
-- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/simplelogin)
-- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/dphilobhebphkdjbpfohgikllaljmgbn)
-- [:fontawesome-brands-edge: Edge](https://microsoftedge.microsoft.com/addons/detail/diacfpipniklenphgljfkmhinphjlfff)
-- [:simple-safari: Safari](https://apps.apple.com/app/id6475835429)
-
-
-
-
+[{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=io.simplelogin.android)
+[{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/app/id1494359858)
+[{{< badge content="Chrome" >}}](https://chrome.google.com/webstore/detail/dphilobhebphkdjbpfohgikllaljmgbn)
+[{{< badge content="Edge" >}}](https://microsoftedge.microsoft.com/addons/detail/diacfpipniklenphgljfkmhinphjlfff)
+[{{< badge content="Firefox" >}}](https://addons.mozilla.org/firefox/addon/simplelogin)
+[{{< badge content="GitHub" >}}](https://github.com/simple-login/Simple-Login-Android/releases)
+[{{< badge content="Safari" >}}](https://apps.apple.com/app/id6475835429)
SimpleLogin was [acquired by Proton AG](https://proton.me/news/proton-and-simplelogin-join-forces) as of April 8, 2022. If you use Proton Mail for your primary mailbox, SimpleLogin is a great choice. As both products are now owned by the same company you now only have to trust a single entity. We also expect that SimpleLogin will be more tightly integrated with Proton's offerings in the future. SimpleLogin continues to support forwarding to any email provider of your choosing.
@@ -134,6 +112,6 @@ When your subscription ends, all aliases you created will still be able to recei
## Criteria
-**Please note we are not affiliated with any of the providers we recommend.** In addition to [our standard criteria](about/criteria.md), we evaluate email aliasing providers to the same standard as our regular [email provider criteria](email.md#criteria) where applicable. We suggest you familiarize yourself with this list before choosing an email aliasing service, and conduct your own research to ensure the provider you choose is the right choice for you.
+**Please note we are not affiliated with any of the providers we recommend.** In addition to [our standard criteria](../../../about/criteria.md), we evaluate email aliasing providers to the same standard as our regular [email provider criteria](../email/_index.md#criteria) where applicable. We suggest you familiarize yourself with this list before choosing an email aliasing service, and conduct your own research to ensure the provider you choose is the right choice for you.
[^1]: Automatic PGP encryption allows you to encrypt non-encrypted incoming emails before they are forwarded to your mailbox, making sure your primary mailbox provider never sees unencrypted email content.
diff --git a/content/tools/services/email/_index.md b/content/tools/services/email/_index.md
index a2608a789..b887c64f2 100644
--- a/content/tools/services/email/_index.md
+++ b/content/tools/services/email/_index.md
@@ -6,9 +6,17 @@ description: These email providers offer a great place to store your emails secu
[{{< badge content="Service Providers" color="indigo" >}}](../../../wiki/basics/common-threats.md#privacy-from-service-providers)
+
+{{< cards >}}
+ {{< card link="#proton-mail" title="Proton Mail" image="./protonmail.svg" subtitle="Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland." >}}
+ {{< card link="#mailbox-mail" title="Mailbox Mail" image="./mailbox-mail.svg" subtitle="Mailbox Mail (formerly Mailbox.org) is an email service with a focus on being secure, ad-free, and powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox Mail is based in Berlin, Germany." >}}
+ {{< card link="#tuta" title="Tuta" image="./tuta.svg" subtitle="Tuta (formerly Tutanota) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany." >}}
+{{< /cards >}}
+
+
Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy.
-[Recommended Instant Messengers](../messengers/_index.md){ .md-button }
+[Recommended Instant Messengers](../messengers/_index.md)
## Recommended Providers
@@ -30,8 +38,8 @@ These providers natively support OpenPGP encryption/decryption and the [Web Key
-- { .twemoji } [Proton Mail](#proton-mail)
-- { .twemoji } [Mailbox Mail](#mailbox-mail)
+- { .twemoji } [Proton Mail](#proton-mail)
+- { .twemoji } [Mailbox Mail](#mailbox-mail)
@@ -48,34 +56,22 @@ OpenPGP also does not support forward secrecy, which means if the private key of
### Proton Mail
-
-
-{ align=right }
-
**Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland.
The Proton Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
-[:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary }
-[:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" }
-[:octicons-eye-16:](https://proton.me/mail/privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://proton.me/support/mail){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/ProtonMail){ .card-link title="Source Code" }
+{{< cards >}}
+ {{< card link="https://proton.me/mail" title="Homepage" icon="home" >}}
+ {{< card link="https://proton.me/mail/privacy-policy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonmail.android)
-- [:simple-appstore: App Store](https://apps.apple.com/app/id979659905)
-- [:simple-github: GitHub](https://github.com/ProtonMail/android-mail/releases)
-- [:fontawesome-brands-windows: Windows](https://proton.me/mail/bridge#download)
-- [:simple-apple: macOS](https://proton.me/mail/bridge#download)
-- [:simple-linux: Linux](https://proton.me/mail/bridge#download)
-- [:octicons-browser-16: Web](https://mail.proton.me)
-
-
-
-
+[{{< badge content="Linux" color="yellow" >}}](https://proton.me/mail/bridge#download)
+[{{< badge content="macOS" color="indigo" >}}](https://proton.me/mail/bridge#download)
+[{{< badge content="Windows" color="red" >}}](https://proton.me/mail/bridge#download)
+[{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=ch.protonmail.android)
+[{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/app/id979659905)
+[{{< badge content="GitHub" >}}](https://github.com/ProtonMail/android-mail/releases)
+[{{< badge content="Web" >}}](https://mail.proton.me)
Free accounts have some limitations, such as not being able to search body text and not having access to [Proton Mail Bridge](https://proton.me/mail/bridge), which is required to use a [recommended desktop email client](../../software/email-clients/_index.md) such as Thunderbird. Paid accounts include features like Proton Mail Bridge, additional storage, and custom domain support. The Proton Unlimited plan or any multi-user Proton plan includes access to [SimpleLogin](../email-aliasing/_index.md#simplelogin) Premium.
@@ -103,7 +99,7 @@ Paid Proton Mail subscribers can use their own domain with the service or a [cat
#### :material-check:{ .pg-green } Private Payment Methods
-Proton Mail [accepts](https://proton.me/support/payment-options) **cash** by mail in addition to standard credit/debit card, [Bitcoin](../../../wiki/advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments. Additionally, you can use [**Monero**](../cryptocurrency/_index.md#monero) to purchase vouchers for Proton Mail Plus or Proton Unlimited via their [official](https://discuss.privacyguides.net/t/add-monero-as-an-anonymous-payment-method-for-proton-services/31058/15) reseller [ProxyStore](https://dys2p.com/en/2025-09-09-proton.html).
+Proton Mail [accepts](https://proton.me/support/payment-options) **cash** by mail in addition to standard credit/debit card, [Bitcoin](../../../wiki/advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments. Additionally, you can use [**Monero**](../../software/cryptocurrency/_index.md#monero) to purchase vouchers for Proton Mail Plus or Proton Unlimited via their [official](https://discuss.privacyguides.net/t/add-monero-as-an-anonymous-payment-method-for-proton-services/31058/15) reseller [ProxyStore](https://dys2p.com/en/2025-09-09-proton.html).
#### :material-check:{ .pg-green } Account Security
@@ -131,26 +127,16 @@ Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimite
### Mailbox Mail
-
-
-{ align=right }
-
**Mailbox Mail** (formerly *Mailbox.org*) is an email service with a focus on being secure, ad-free, and powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox Mail is based in Berlin, Germany.
Accounts start with up to 2 GB storage, which can be upgraded as needed.
-[:octicons-home-16: Homepage](https://mailbox.org){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://kb.mailbox.org/en/private){ .card-link title="Documentation" }
+{{< cards >}}
+ {{< card link="https://mailbox.org" title="Homepage" icon="home" >}}
+ {{< card link="https://mailbox.org/en/data-protection-privacy-policy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:octicons-browser-16: Web](https://login.mailbox.org)
-
-
-
-
+[{{< badge content="Web" >}}](https://login.mailbox.org)
#### :material-check:{ .pg-green } Custom Domains and Aliases
@@ -194,41 +180,28 @@ These providers encrypt your emails in a way that only you can read them later,
-
-{ align=right }
-{ align=right }
-
**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany.
Free accounts start with 1 GB of storage.
-[:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://tuta.com/support){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/tutao/tutanota){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://tuta.com/community){ .card-link title="Contribute" }
+{{< cards >}}
+ {{< card link="https://tuta.com" title="Homepage" icon="home" >}}
+ {{< card link="https://tuta.com/privacy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=de.tutao.tutanota)
-- [:simple-appstore: App Store](https://apps.apple.com/app/id922429609)
-- [:simple-github: GitHub](https://github.com/tutao/tutanota/releases)
-- [:fontawesome-brands-windows: Windows](https://tuta.com/#download)
-- [:simple-apple: macOS](https://tuta.com/#download)
-- [:simple-linux: Linux](https://tuta.com/#download)
-- [:octicons-browser-16: Web](https://app.tuta.com)
-
-
-
-
+[{{< badge content="Linux" color="yellow" >}}](https://tuta.com/#download)
+[{{< badge content="macOS" color="indigo" >}}](https://tuta.com/#download)
+[{{< badge content="Windows" color="red" >}}](https://tuta.com/#download)
+[{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=de.tutao.tutanota)
+[{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/app/id922429609)
+[{{< badge content="GitHub" >}}](https://github.com/tutao/tutanota/releases)
+[{{< badge content="Web" >}}](https://app.tuta.com)
Tuta doesn't support the [IMAP protocol](https://tuta.com/support#imap) or the use of third-party [email clients](../../software/email-clients/_index.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tuta app. [Email import](https://github.com/tutao/tutanota/issues/630) is not currently supported either, though this is [due to be changed](https://tuta.com/blog/kickoff-import). Emails can be exported [individually or by bulk selection](https://tuta.com/support#generalMail) per folder, which may be inconvenient if you have many folders.
@@ -238,7 +211,7 @@ Paid Tuta accounts can use either 15 or 30 aliases depending on their plan and u
#### :material-information-outline:{ .pg-blue } Private Payment Methods
-Tuta only directly accepts credit cards and PayPal, however you can use [**cryptocurrency**](../cryptocurrency/_index.md) to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with ProxyStore.
+Tuta only directly accepts credit cards and PayPal, however you can use [**cryptocurrency**](../../software/cryptocurrency/_index.md) to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with ProxyStore.
#### :material-check:{ .pg-green } Account Security
@@ -262,7 +235,7 @@ Tuta offers the business version of [Tuta to non-profit organizations](https://t
## Criteria
-**Please note we are not affiliated with any of the providers we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements for any email provider wishing to be recommended, including implementing industry best practices, modern technology and more. We suggest you familiarize yourself with this list before choosing an email provider, and conduct your own research to ensure the email provider you choose is the right choice for you.
+**Please note we are not affiliated with any of the providers we recommend.** In addition to [our standard criteria](../../../about/criteria.md), we have developed a clear set of requirements for any email provider wishing to be recommended, including implementing industry best practices, modern technology and more. We suggest you familiarize yourself with this list before choosing an email provider, and conduct your own research to ensure the email provider you choose is the right choice for you.
### Technology
@@ -299,7 +272,7 @@ We prefer our recommended providers to collect as little data as possible.
**Best Case:**
-- Should accept [anonymous payment options](../../../wiki/advanced/payments.md) ([cryptocurrency](../cryptocurrency/_index.md), cash, gift cards, etc.)
+- Should accept [anonymous payment options](../../../wiki/advanced/payments.md) ([cryptocurrency](../../software/cryptocurrency/_index.md), cash, gift cards, etc.)
- Should be hosted in a jurisdiction with strong email privacy protection laws.
### Security
diff --git a/content/tools/services/financial-services/_index.md b/content/tools/services/financial-services/_index.md
index e5b34b45a..a82a72600 100644
--- a/content/tools/services/financial-services/_index.md
+++ b/content/tools/services/financial-services/_index.md
@@ -8,7 +8,7 @@ description: These services can assist you in protecting your privacy from merch
Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases:
-[Making Private Payments :material-arrow-right-drop-circle:](../../../wiki/advanced/payments.md){ .md-button }
+[Making Private Payments](../../../wiki/advanced/payments.md)
## Payment Masking Services
@@ -16,6 +16,13 @@ Making payments online is one of the biggest challenges to privacy. These servic
[{{< badge content="Public Exposure" color="green" >}}](../../../wiki/basics/common-threats.md#limiting-public-information)
+
+{{< cards >}}
+ {{< card link="#privacycom-us" title="Privacy.com (US)" image="./privacy_com.svg" subtitle="Privacy.com's free plan allows you to create up to 12 virtual cards per month, set spend limits on those cards, and shut off cards instantly. Their paid plans provide higher limits on the number of cards that can be created each month." >}}
+ {{< card link="#mysudo-us-paid" title="MySudo (US, Paid)" image="./mysudo.svg" subtitle="MySudo provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other email aliasing providers for extensive email aliasing use." >}}
+{{< /cards >}}
+
+
There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously.
@@ -27,45 +34,29 @@ Many banks and credit card providers offer native virtual card functionality. If
### Privacy.com (US)
-
-
-{ align=right }
-{ align=right }
-
**Privacy.com**'s free plan allows you to create up to 12 virtual cards per month, set spend limits on those cards, and shut off cards instantly. Their paid plans provide higher limits on the number of cards that can be created each month.
-[:octicons-home-16: Homepage](https://privacy.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://support.privacy.com){ .card-link title=Documentation}
-
-
-
-
+{{< cards >}}
+ {{< card link="https://privacy.com" title="Homepage" icon="home" >}}
+ {{< card link="https://privacy.com/privacy-policy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
Privacy.com gives information about the merchants you purchase from to your bank by [default](https://support.privacy.com/hc/en-us/articles/360012407533-What-will-I-see-on-my-bank-statement-when-I-make-a-purchase-with-Privacy). Their "[private spend mode](https://support.privacy.com/hc/en-us/articles/26732314558487-What-is-Private-Spend-Mode)" feature hides merchant information from your bank, so your bank only sees that a purchase was made with Privacy.com, but not where that money was spent. However, that is not foolproof, and of course, Privacy.com still has knowledge about the merchants you are spending money with.
### MySudo (US, Paid)
-
+**MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](../email-aliasing/_index.md) for extensive email aliasing use.
-{ align=right }
-{ align=right }
-
-**MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](email-aliasing.md) for extensive email aliasing use.
-
-[:octicons-home-16: Homepage](https://mysudo.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://anonyome.com/privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://support.mysudo.com){ .card-link title=Documentation}
-
-
-
-
+{{< cards >}}
+ {{< card link="https://mysudo.com" title="Homepage" icon="home" >}}
+ {{< card link="https://anonyome.com/privacy-policy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
MySudo's virtual cards are currently only available via their iOS app.
### Criteria
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../../../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
- Allows the creation of multiple cards which function as a shield between the merchant and your personal finances.
- Cards must not require you to provide accurate billing address information to the merchant.
@@ -76,34 +67,33 @@ MySudo's virtual cards are currently only available via their iOS app.
[{{< badge content="Mass Surveillance" color="blue" >}}](../../../wiki/basics/common-threats.md#mass-surveillance-programs)
-These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](cryptocurrency.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, with significantly higher limits for ID verified accounts (if offered).
+
+{{< cards >}}
+ {{< card link="#coincards" title="Coincards" image="./coincards.svg" subtitle="Coincards allows you to purchase gift cards for a large variety of merchants. Their homepage has a complete listing of the various countries where their service is available." >}}
+{{< /cards >}}
+
+
+These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](../../software/cryptocurrency/_index.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, with significantly higher limits for ID verified accounts (if offered).
### Coincards
-
-
-{ align=right }
-
**Coincards** allows you to purchase gift cards for a large variety of merchants. Their homepage has a complete listing of the various countries where their service is available.
-[:octicons-home-16: Homepage](https://coincards.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://coincards.com/privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://coincards.com/frequently-asked-questions){ .card-link title=Documentation}
-
-
-
-
+{{< cards >}}
+ {{< card link="https://coincards.com" title="Homepage" icon="home" >}}
+ {{< card link="https://coincards.com/privacy-policy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
### Criteria
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../../../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-- Accepts payment in [a recommended cryptocurrency](cryptocurrency.md).
+- Accepts payment in [a recommended cryptocurrency](../../software/cryptocurrency/_index.md).
- No ID requirement.
Important notices
-The content here is not legal or financial advice. We do not endorse or encourage illicit activities, and we do not endorse or encourage anything which violates a company's terms of service. Check with a professional to confirm that these recommendations are legal and available in your jurisdiction. [See all notices](about/notices.md).
+The content here is not legal or financial advice. We do not endorse or encourage illicit activities, and we do not endorse or encourage anything which violates a company's terms of service. Check with a professional to confirm that these recommendations are legal and available in your jurisdiction. [See all notices](../../../about/notices.md).
diff --git a/content/tools/services/messengers/_index.md b/content/tools/services/messengers/_index.md
index c68436903..7f65d98a1 100644
--- a/content/tools/services/messengers/_index.md
+++ b/content/tools/services/messengers/_index.md
@@ -9,38 +9,35 @@ description: Encrypted messengers like Signal and SimpleX keep your sensitive co
[{{< badge content="Mass Surveillance" color="blue" >}}](../../../wiki/basics/common-threats.md#mass-surveillance-programs)
[{{< badge content="Surveillance Capitalism" color="purple" >}}](../../../wiki/basics/common-threats.md#surveillance-as-a-business-model)
+
+{{< cards >}}
+ {{< card link="#signal" title="Signal" image="./signal.svg" subtitle="Signal is a mobile app developed by Signal Messenger LLC. The app provides instant messaging and calls secured with the Signal protocol, an extremely secure encryption protocol which supports forward secrecy and post-compromise security." >}}
+ {{< card link="#molly-android" title="Molly (Android)" image="./molly.svg" subtitle="If you use Android and your threat model requires protecting against targeted attacks you may consider using this alternative app, which features a number of security and usability improvements, to access the Signal network. Molly is an alternative Signal client for Android which allows you to encrypt the local database with a passphrase at rest, to have unused RAM data securely shredded, to route your connection via Tor, and more." >}}
+ {{< card link="#simplex-chat" title="SimpleX Chat" image="./simplex.svg" subtitle="SimpleX Chat is an instant messenger that doesn't depend on any unique identifiers such as phone numbers or usernames. Its decentralized network makes SimpleX Chat an effective tool against censorship." >}}
+ {{< card link="#briar" title="Briar" image="./briar.svg" subtitle="Briar is an encrypted instant messenger that connects to other clients using the Tor network, making it an effective tool at circumventing censorship. Briar can also connect via Wi-Fi or Bluetooth when in local proximity." >}}
+{{< /cards >}}
+
+
These recommendations for encrypted **real-time communication** are great for securing your sensitive communications. These instant messengers come in the form of many [types of communication networks](../../../wiki/advanced/communication-network-types.md).
-[:material-movie-open-play-outline: Video: It's time to stop using SMS](https://www.privacyguides.org/videos/2025/01/24/its-time-to-stop-using-sms-heres-why){ .md-button }
+[Video: It's time to stop using SMS](https://www.privacyguides.org/videos/2025/01/24/its-time-to-stop-using-sms-heres-why)
## Signal
-
-
-{ align=right }
-
**Signal** is a mobile app developed by Signal Messenger LLC. The app provides instant messaging and calls secured with the Signal protocol, an extremely secure encryption protocol which supports forward secrecy[^1] and post-compromise security.[^2]
-[:octicons-home-16: Homepage](https://signal.org){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://signal.org/legal/#privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://support.signal.org){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/signalapp){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://signal.org/donate){ .card-link title="Contribute" }
+{{< cards >}}
+ {{< card link="https://signal.org" title="Homepage" icon="home" >}}
+ {{< card link="https://signal.org/legal/#privacy-policy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms)
-- [:simple-appstore: App Store](https://apps.apple.com/app/id874139669)
-- [:simple-github: GitHub](https://github.com/signalapp/Signal-Android/releases)
-- [:simple-android: Android](https://signal.org/android/apk)
-- [:fontawesome-brands-windows: Windows](https://signal.org/download/windows)
-- [:simple-apple: macOS](https://signal.org/download/macos)
-- [:simple-linux: Linux](https://signal.org/download/linux)
-
-
-
-
+[{{< badge content="Linux" color="yellow" >}}](https://signal.org/download/linux)
+[{{< badge content="macOS" color="indigo" >}}](https://signal.org/download/macos)
+[{{< badge content="Windows" color="red" >}}](https://signal.org/download/windows)
+[{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms)
+[{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/app/id874139669)
+[{{< badge content="Android" >}}](https://signal.org/android/apk)
+[{{< badge content="GitHub" >}}](https://github.com/signalapp/Signal-Android/releases)
Signal requires your phone number for registration, however you should create a username to hide your phone number from your contacts:
@@ -54,7 +51,7 @@ Signal requires your phone number for registration, however you should create a
We have some additional tips on configuring and hardening your Signal installation:
-[Signal Configuration and Hardening :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening)
+[Signal Configuration and Hardening](https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening)
Contact lists on Signal are encrypted using your Signal PIN and the server does not have access to them. Personal profiles are also encrypted and only shared with contacts you chat with.
@@ -66,28 +63,16 @@ The protocol was independently [audited](https://eprint.iacr.org/2016/1013.pdf)
If you use Android and your threat model requires protecting against [:material-target-account: Targeted Attacks](../../../wiki/basics/common-threats.md#attacks-against-specific-individuals){ .pg-red } you may consider using this alternative app, which features a number of security and usability improvements, to access the Signal network.
-
-
-{ align=right }
-
**Molly** is an alternative Signal client for Android which allows you to encrypt the local database with a passphrase at rest, to have unused RAM data securely shredded, to route your connection via Tor, and [more](https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening#privacy-and-security-features). It also has usability improvements including scheduled backups, automatic locking, and the ability to use your Android phone as a linked device instead of the primary device for a Signal account.
-[:octicons-home-16: Homepage](https://molly.im){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://signal.org/legal/#privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://github.com/mollyim/mollyim-android/wiki){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/mollyim/mollyim-android){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://opencollective.com/mollyim){ .card-link title="Contribute" }
+{{< cards >}}
+ {{< card link="https://molly.im" title="Homepage" icon="home" >}}
+ {{< card link="https://signal.org/legal/#privacy-policy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-fdroid: F-Droid](https://molly.im/fdroid)
-- [:octicons-moon-16: Accrescent](https://accrescent.app/app/im.molly.app)
-- [:simple-github: GitHub](https://github.com/mollyim/mollyim-android/releases)
-
-
-
-
+[{{< badge content="Accrescent" >}}](https://accrescent.app/app/im.molly.app)
+[{{< badge content="F-Droid" >}}](https://molly.im/fdroid)
+[{{< badge content="GitHub" >}}](https://github.com/mollyim/mollyim-android/releases)
Molly is updated every two weeks to include the latest features and bug fixes from Signal. The exception is security issues, which are patched as soon as possible. That said, you should be aware that there might be a slight delay compared to upstream, which may affect actions such as [migrating from Signal to Molly](https://github.com/mollyim/mollyim-android/wiki/Migrating-From-Signal#migrating-from-signal).
@@ -99,31 +84,20 @@ Both versions of Molly provide the same security improvements and support [repro
## SimpleX Chat
-
-
-{ align=right }
-
**SimpleX Chat** is an instant messenger that doesn't depend on any unique identifiers such as phone numbers or usernames. Its decentralized network makes SimpleX Chat an effective tool against [:material-close-outline: Censorship](../../../wiki/basics/common-threats.md#avoiding-censorship){ .pg-blue-gray }.
-[:octicons-home-16: Homepage](https://simplex.chat){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://simplex.chat/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://simplex.chat/docs/simplex.html){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/simplex-chat){ .card-link title="Source Code" }
+{{< cards >}}
+ {{< card link="https://simplex.chat" title="Homepage" icon="home" >}}
+ {{< card link="https://simplex.chat/privacy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=chat.simplex.app)
-- [:simple-appstore: App Store](https://apps.apple.com/app/id1605771084)
-- [:simple-github: GitHub](https://github.com/simplex-chat/simplex-chat/releases)
-- [:fontawesome-brands-windows: Windows](https://simplex.chat/downloads/#desktop-app)
-- [:simple-apple: macOS](https://simplex.chat/downloads/#desktop-app)
-- [:simple-linux: Linux](https://simplex.chat/downloads/#desktop-app)
-- [:simple-flathub: Flathub](https://flathub.org/en/apps/chat.simplex.simplex)
-
-
-
-
+[{{< badge content="Linux" color="yellow" >}}](https://simplex.chat/downloads/#desktop-app)
+[{{< badge content="macOS" color="indigo" >}}](https://simplex.chat/downloads/#desktop-app)
+[{{< badge content="Windows" color="red" >}}](https://simplex.chat/downloads/#desktop-app)
+[{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=chat.simplex.app)
+[{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/app/id1605771084)
+[{{< badge content="Flathub" >}}](https://flathub.org/en/apps/chat.simplex.simplex)
+[{{< badge content="GitHub" >}}](https://github.com/simplex-chat/simplex-chat/releases)
SimpleX Chat provides direct messaging, group chats, and E2EE calls secured with the [SimpleX Messaging Protocol](https://github.com/simplex-chat/simplexmq/blob/stable/protocol/simplex-messaging.md), which uses double ratchet encryption with quantum resistance. Additionally, SimpleX Chat provides metadata protection by using unidirectional ["simplex queues"](https://github.com/simplex-chat/simplexmq/blob/stable/protocol/simplex-messaging.md#simplex-queue) to deliver messages.
@@ -135,29 +109,17 @@ SimpleX Chat was independently audited in [July 2024](https://simplex.chat/blog/
## Briar
-
+**Briar** is an encrypted instant messenger that [connects](https://briarproject.org/how-it-works) to other clients using the [Tor network](../../advanced/alternative-networks/_index.md#tor), making it an effective tool at circumventing [:material-close-outline: Censorship](../../../wiki/basics/common-threats.md#avoiding-censorship){ .pg-blue-gray }. Briar can also connect via Wi-Fi or Bluetooth when in local proximity. Briar’s local mesh mode can be useful when internet availability is a problem.
-{ align=right }
+{{< cards >}}
+ {{< card link="https://briarproject.org" title="Homepage" icon="home" >}}
+ {{< card link="https://briarproject.org/privacy-policy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-**Briar** is an encrypted instant messenger that [connects](https://briarproject.org/how-it-works) to other clients using the [Tor network](alternative-networks.md#tor), making it an effective tool at circumventing [:material-close-outline: Censorship](../../../wiki/basics/common-threats.md#avoiding-censorship){ .pg-blue-gray }. Briar can also connect via Wi-Fi or Bluetooth when in local proximity. Briar’s local mesh mode can be useful when internet availability is a problem.
-
-[:octicons-home-16: Homepage](https://briarproject.org){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://briarproject.org/privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://code.briarproject.org/briar/briar/-/wikis/home){ .card-link title="Documentation" }
-[:octicons-code-16:](https://code.briarproject.org/briar/briar){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://code.briarproject.org/briar/briar#donate){ .card-link title="Contribute" }
-
-
-Downloads
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.briarproject.briar.android)
-- [:fontawesome-brands-windows: Windows](https://briarproject.org/download-briar-desktop)
-- [:simple-linux: Linux](https://briarproject.org/download-briar-desktop)
-- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.briarproject.Briar)
-
-
-
-
+[{{< badge content="Linux" color="yellow" >}}](https://briarproject.org/download-briar-desktop)
+[{{< badge content="Windows" color="red" >}}](https://briarproject.org/download-briar-desktop)
+[{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=org.briarproject.briar.android)
+[{{< badge content="Flathub" >}}](https://flathub.org/apps/details/org.briarproject.Briar)
To add a contact on Briar, you must both add each other first. You can either exchange `briar://` links or scan a contact’s QR code if they are nearby.
@@ -167,7 +129,7 @@ The client software was independently [audited](https://briarproject.org/news/20
## Criteria
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../../../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
### Minimum Requirements
diff --git a/content/tools/services/passwords/_index.md b/content/tools/services/passwords/_index.md
index 18f2fdc7d..20d9c9c89 100644
--- a/content/tools/services/passwords/_index.md
+++ b/content/tools/services/passwords/_index.md
@@ -8,9 +8,18 @@ description: Password managers allow you to securely store and manage passwords
[{{< badge content="Passive Attacks" color="amber" >}}](../../../wiki/basics/common-threats.md#security-and-privacy)
[{{< badge content="Service Providers" color="indigo" >}}](../../../wiki/basics/common-threats.md#privacy-from-service-providers)
+
+{{< cards >}}
+ {{< card link="#bitwarden" title="Bitwarden" image="./bitwarden.svg" subtitle="Bitwarden is a free and open-source password and passkey manager. It aims to solve password management problems for individuals, teams, and business organizations." >}}
+ {{< card link="#proton-pass" title="Proton Pass" image="./protonpass.svg" subtitle="Proton Pass is an open-source, end-to-end encrypted password manager developed by Proton, the team behind Proton Mail. It securely stores your login credentials, generates unique email aliases, and supports and stores passkeys." >}}
+ {{< card link="#1password" title="1Password" image="./1password.svg" subtitle="1Password is a password manager with a strong focus on security and ease-of-use that allows you to store passwords, passkeys, credit cards, software licenses, and any other sensitive information in a secure digital vault. Your vault is hosted on 1Password's servers for a monthly fee." >}}
+ {{< card link="#psono" title="Psono" image="./psono.svg" subtitle="Psono is a free and open-source password manager from Germany, with a focus on password management for teams. Psono supports secure sharing of passwords, files, bookmarks, and emails." >}}
+{{< /cards >}}
+
+
**Password managers** allow you to securely store and manage passwords and other credentials with the use of a master password.
-[Introduction to Passwords :material-arrow-right-drop-circle:](../../../wiki/basics/passwords-overview.md)
+[Introduction to Passwords](../../../wiki/basics/passwords-overview.md)
Info
@@ -27,35 +36,24 @@ These password managers sync your passwords to a cloud server for easy accessibi
### Bitwarden
-
-
-{ align=right }
-
**Bitwarden** is a free and open-source password and passkey manager. It aims to solve password management problems for individuals, teams, and business organizations. Bitwarden is among the best and safest solutions to store all of your logins and passwords while conveniently keeping them synced between all of your devices.
-[:octicons-home-16: Homepage](https://bitwarden.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://bitwarden.com/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://bitwarden.com/help){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/bitwarden){ .card-link title="Source Code" }
+{{< cards >}}
+ {{< card link="https://bitwarden.com" title="Homepage" icon="home" >}}
+ {{< card link="https://bitwarden.com/privacy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.x8bit.bitwarden)
-- [:simple-appstore: App Store](https://apps.apple.com/app/id1137397744)
-- [:simple-github: GitHub](https://github.com/bitwarden/android/releases)
-- [:fontawesome-brands-windows: Windows](https://bitwarden.com/download)
-- [:simple-apple: macOS](https://bitwarden.com/download)
-- [:simple-linux: Linux](https://bitwarden.com/download)
-- [:simple-flathub: Flathub](https://flathub.org/apps/details/com.bitwarden.desktop)
-- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/bitwarden-password-manager)
-- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/nngceckbapebfimnlniiiahkandclblb)
-- [:fontawesome-brands-edge: Edge](https://microsoftedge.microsoft.com/addons/detail/jbkfoedolllekgbhcbcoahefnbanhhlh)
-- [:simple-safari: Safari](https://apps.apple.com/app/id1352778147)
-
-
-
-
+[{{< badge content="Linux" color="yellow" >}}](https://bitwarden.com/download)
+[{{< badge content="macOS" color="indigo" >}}](https://bitwarden.com/download)
+[{{< badge content="Windows" color="red" >}}](https://bitwarden.com/download)
+[{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=com.x8bit.bitwarden)
+[{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/app/id1137397744)
+[{{< badge content="Chrome" >}}](https://chrome.google.com/webstore/detail/nngceckbapebfimnlniiiahkandclblb)
+[{{< badge content="Edge" >}}](https://microsoftedge.microsoft.com/addons/detail/jbkfoedolllekgbhcbcoahefnbanhhlh)
+[{{< badge content="Firefox" >}}](https://addons.mozilla.org/firefox/addon/bitwarden-password-manager)
+[{{< badge content="Flathub" >}}](https://flathub.org/apps/details/com.bitwarden.desktop)
+[{{< badge content="GitHub" >}}](https://github.com/bitwarden/android/releases)
+[{{< badge content="Safari" >}}](https://apps.apple.com/app/id1352778147)
Bitwarden uses [PBKDF2](https://bitwarden.com/help/kdf-algorithms/#pbkdf2) as its key derivation function (KDF) algorithm by default. It also offers [Argon2](https://bitwarden.com/help/kdf-algorithms/#argon2id), which is more secure, as an alternative. You can change your account's KDF algorithm in the web vault:
@@ -65,31 +63,20 @@ Bitwarden's server-side code is [open source](https://github.com/bitwarden/serve
### Proton Pass
-
+**Proton Pass** is an open-source, end-to-end encrypted password manager developed by Proton, the team behind [Proton Mail](../email/_index.md#proton-mail). It securely stores your login credentials, generates unique email aliases, and supports and stores passkeys.
-{ align=right }
+{{< cards >}}
+ {{< card link="https://proton.me/pass" title="Homepage" icon="home" >}}
+ {{< card link="https://proton.me/pass/privacy-policy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-**Proton Pass** is an open-source, end-to-end encrypted password manager developed by Proton, the team behind [Proton Mail](email.md#proton-mail). It securely stores your login credentials, generates unique email aliases, and supports and stores passkeys.
-
-[:octicons-home-16: Homepage](https://proton.me/pass){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://proton.me/pass/privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://proton.me/support/pass){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/protonpass){ .card-link title="Source Code" }
-
-
-Downloads
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=proton.android.pass)
-- [:simple-appstore: App Store](https://apps.apple.com/app/id6443490629)
-- [:fontawesome-brands-windows: Windows](https://proton.me/pass/download)
-- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/proton-pass)
-- [:simple-googlechrome: Chrome](https://chromewebstore.google.com/detail/ghmbeldphafepmbegfdlkpapadhbakde)
-- [:fontawesome-brands-edge: Edge](https://microsoftedge.microsoft.com/addons/detail/gcllgfdnfnllodcaambdaknbipemelie)
-- [:octicons-browser-16: Web](https://pass.proton.me)
-
-
-
-
+[{{< badge content="Windows" color="red" >}}](https://proton.me/pass/download)
+[{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=proton.android.pass)
+[{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/app/id6443490629)
+[{{< badge content="Chrome" >}}](https://chromewebstore.google.com/detail/ghmbeldphafepmbegfdlkpapadhbakde)
+[{{< badge content="Edge" >}}](https://microsoftedge.microsoft.com/addons/detail/gcllgfdnfnllodcaambdaknbipemelie)
+[{{< badge content="Firefox" >}}](https://addons.mozilla.org/firefox/addon/proton-pass)
+[{{< badge content="Web" >}}](https://pass.proton.me)
With the acquisition of SimpleLogin in April 2022, Proton has offered a "hide-my-email" feature that lets you create 10 aliases (free plan) or unlimited aliases (paid plans).
@@ -101,35 +88,25 @@ All issues were addressed and fixed shortly after the [report](https://res.cloud
### 1Password
-
-
-{ align=right }
-
**1Password** is a password manager with a strong focus on security and ease-of-use that allows you to store passwords, passkeys, credit cards, software licenses, and any other sensitive information in a secure digital vault. Your vault is hosted on 1Password's servers for a [monthly fee](https://1password.com/sign-up).
1Password is [audited](https://support.1password.com/security-assessments) on a regular basis and provides exceptional customer support. 1Password is closed source; however, the security of the product is thoroughly documented in their [security white paper](https://1passwordstatic.com/files/security/1password-white-paper.pdf).
-[:octicons-home-16: Homepage](https://1password.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://1password.com/legal/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://support.1password.com){ .card-link title="Documentation" }
+{{< cards >}}
+ {{< card link="https://1password.com" title="Homepage" icon="home" >}}
+ {{< card link="https://1password.com/legal/privacy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.onepassword.android)
-- [:simple-appstore: App Store](https://apps.apple.com/app/id1511601750)
-- [:fontawesome-brands-windows: Windows](https://1password.com/downloads/windows)
-- [:simple-apple: macOS](https://1password.com/downloads/mac)
-- [:simple-linux: Linux](https://1password.com/downloads/linux)
-- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/1password-x-password-manager)
-- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/aeblfdkhhhdcdjpifhhbdiojplfjncoa)
-- [:fontawesome-brands-edge: Edge](https://microsoftedge.microsoft.com/addons/detail/dppgmdbiimibapkepcbdbmkaabgiofem)
-- [:simple-safari: Safari](https://apps.apple.com/app/id1569813296)
-- [:octicons-browser-16: Web](https://my.1password.com/signin)
-
-
-
-
+[{{< badge content="Linux" color="yellow" >}}](https://1password.com/downloads/linux)
+[{{< badge content="macOS" color="indigo" >}}](https://1password.com/downloads/mac)
+[{{< badge content="Windows" color="red" >}}](https://1password.com/downloads/windows)
+[{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=com.onepassword.android)
+[{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/app/id1511601750)
+[{{< badge content="Chrome" >}}](https://chrome.google.com/webstore/detail/aeblfdkhhhdcdjpifhhbdiojplfjncoa)
+[{{< badge content="Edge" >}}](https://microsoftedge.microsoft.com/addons/detail/dppgmdbiimibapkepcbdbmkaabgiofem)
+[{{< badge content="Firefox" >}}](https://addons.mozilla.org/firefox/addon/1password-x-password-manager)
+[{{< badge content="Safari" >}}](https://apps.apple.com/app/id1569813296)
+[{{< badge content="Web" >}}](https://my.1password.com/signin)
Traditionally, 1Password has offered the best password manager user experience for people using macOS and iOS; however, it has now achieved feature parity across all platforms. 1Password's clients boast many features geared towards families and less technical people, such as an intuitive UI for ease-of-use and navigation, as well as advanced functionality. Notably, nearly every feature of 1Password is available within its native mobile or desktop clients.
@@ -137,29 +114,18 @@ Your 1Password vault is secured with both your master password and a randomized
### Psono
-
-
-{ align=right }
-
**Psono** is a free and open-source password manager from Germany, with a focus on password management for teams. Psono supports secure sharing of passwords, files, bookmarks, and emails. All secrets are protected by a master password.
-[:octicons-home-16: Homepage](https://psono.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://psono.com/privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://doc.psono.com){ .card-link title="Documentation" }
-[:octicons-code-16:](https://gitlab.com/psono){ .card-link title="Source Code" }
+{{< cards >}}
+ {{< card link="https://psono.com" title="Homepage" icon="home" >}}
+ {{< card link="https://psono.com/privacy-policy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.psono.psono)
-- [:simple-appstore: App Store](https://apps.apple.com/app/id1545581224)
-- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/psono-pw-password-manager)
-- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/eljmjmgjkbmpmfljlmklcfineebidmlo)
-- [:simple-docker: Docker Hub](https://hub.docker.com/r/psono/psono-client)
-
-
-
-
+[{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=com.psono.psono)
+[{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/app/id1545581224)
+[{{< badge content="Chrome" >}}](https://chrome.google.com/webstore/detail/eljmjmgjkbmpmfljlmklcfineebidmlo)
+[{{< badge content="Docker Hub" >}}](https://hub.docker.com/r/psono/psono-client)
+[{{< badge content="Firefox" >}}](https://addons.mozilla.org/firefox/addon/psono-pw-password-manager)
Psono provides extensive documentation for their product. The web-client for Psono can be self-hosted; alternatively, you can choose the full Community Edition or the Enterprise Edition with additional features.
@@ -167,7 +133,7 @@ In April 2024, Psono added [support for passkeys](https://psono.com/blog/psono-i
### Criteria
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../../../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
#### Minimum Requirements
diff --git a/content/tools/services/photo-backups/_index.md b/content/tools/services/photo-backups/_index.md
index ef40fafe8..e00bf3d2f 100644
--- a/content/tools/services/photo-backups/_index.md
+++ b/content/tools/services/photo-backups/_index.md
@@ -2,49 +2,45 @@
title: Photo Management
description: These photo management tools keep your personal photos safe from the prying eyes of cloud storage providers and other unauthorized parties.
---
+
Protects against the following threat(s):
[{{< badge content="Passive Attacks" color="amber" >}}](../../../wiki/basics/common-threats.md#security-and-privacy)
[{{< badge content="Service Providers" color="indigo" >}}](../../../wiki/basics/common-threats.md#privacy-from-service-providers)
+
+{{< cards >}}
+ {{< card link="#ente-photos" title="Ente Photos" image="./ente.svg" subtitle="Ente Photos is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open source, both on the client side and on the server side." >}}
+{{< /cards >}}
+
+
Most cloud **photo management solutions** like Google Photos, Flickr, and Amazon Photos don't secure your photos against being accessed by the cloud storage provider themselves. These options keep your personal photos private, while allowing you to share them only with family and trusted people.
## Ente Photos
-
-
-{ align=right }
-
**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting).
The free plan offers 10 GB of storage as long as you use the service at least once a year.
-[:octicons-home-16: Homepage](https://ente.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://ente.com/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://ente.com/faq){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/ente-io/ente){ .card-link title="Source Code" }
+{{< cards >}}
+ {{< card link="https://ente.com" title="Homepage" icon="home" >}}
+ {{< card link="https://ente.com/privacy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=io.ente.photos)
-- [:simple-appstore: App Store](https://apps.apple.com/app/id1542026904)
-- [:simple-github: GitHub](https://github.com/ente-io/ente/releases?q=photos)
-- [:simple-android: Android](https://ente.com/download)
-- [:fontawesome-brands-windows: Windows](https://ente.com/download)
-- [:simple-apple: macOS](https://ente.com/download)
-- [:simple-linux: Linux](https://ente.com/download)
-- [:octicons-browser-16: Web](https://web.ente.io)
-
-
-
-
+[{{< badge content="Linux" color="yellow" >}}](https://ente.com/download)
+[{{< badge content="macOS" color="indigo" >}}](https://ente.com/download)
+[{{< badge content="Windows" color="red" >}}](https://ente.com/download)
+[{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=io.ente.photos)
+[{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/app/id1542026904)
+[{{< badge content="Android" >}}](https://ente.com/download)
+[{{< badge content="GitHub" >}}](https://github.com/ente-io/ente/releases?q=photos)
+[{{< badge content="Web" >}}](https://web.ente.io)
The server-side source code and infrastructure which underpins Ente Photos underwent an audit by [Cure53](https://ente.com/blog/cern-audit) in October 2025. Previous audits were completed by [Cure53](https://ente.com/blog/cryptography-audit) in March 2023 and by [Fallible](https://ente.com/reports/Fallible-Audit-Report-19-04-2023.pdf) in April 2023.
## Criteria
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../../../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
### Minimum Requirements
diff --git a/content/tools/services/search-engines/_index.md b/content/tools/services/search-engines/_index.md
index 2bbf2cc05..ee9a42bd7 100644
--- a/content/tools/services/search-engines/_index.md
+++ b/content/tools/services/search-engines/_index.md
@@ -2,17 +2,27 @@
title: Search Engines
description: Use privacy-respecting search engines which don't build an advertising profile based on your searches.
---
+
Protects against the following threat(s):
[{{< badge content="Surveillance Capitalism" color="purple" >}}](../../../wiki/basics/common-threats.md#surveillance-as-a-business-model)
+
+{{< cards >}}
+ {{< card link="#brave-search" title="Brave Search" image="./brave-search.svg" subtitle="Brave Search is a search engine developed by Brave. It includes unique features such as Discussions, which highlights conversation-focused results such as forum posts." >}}
+ {{< card link="#duckduckgo" title="DuckDuckGo" image="./duckduckgo.svg" subtitle="DuckDuckGo is one of the more mainstream private search engine options. Notable DuckDuckGo search features include bangs and a variety of instant answers." >}}
+ {{< card link="#startpage" title="Startpage" image="./startpage.svg" subtitle="Startpage is a private search engine. One of Startpage's unique features is the Anonymous View, which puts forth efforts to standardize user activity to make it more difficult to be uniquely identified." >}}
+ {{< card link="#searxng" title="SearXNG" image="./searxng.svg" subtitle="SearXNG is an open-source, self-hostable, metasearch engine. It is an actively maintained fork of SearX." >}}
+{{< /cards >}}
+
+
Use a **search engine** that doesn't build an advertising profile based on your searches.
## Recommended Providers
The recommendations here do not collect personally identifying information (PII) based on each service's privacy policy. There is **no guarantee** that these privacy policies are honored.
-Consider using a [VPN](vpn.md) or [Tor](tor.md) if your threat model requires hiding your IP address from the search provider.
+Consider using a [VPN](../vpn/_index.md) or [Tor](../../software/tor/_index.md) if your threat model requires hiding your IP address from the search provider.
| Provider | Search Index | Tor Hidden Service | Logging / Privacy Policy | Country of Operation |
|---|---|---|---|---|
@@ -35,61 +45,42 @@ Consider using a [VPN](vpn.md) or [Tor](tor.md) if your threat model requires hi
### Brave Search
-
-
-{ align=right }
-
**Brave Search** is a search engine developed by Brave. It includes unique features such as [Discussions](https://search.brave.com/help/discussions), which highlights conversation-focused results such as forum posts.
-Brave Search is the default search engine for the [Brave Browser](desktop-browsers.md#brave).
+Brave Search is the default search engine for the [Brave Browser](../../software/desktop-browsers/_index.md#brave).
-[:octicons-home-16: Homepage](https://search.brave.com){ .md-button .md-button--primary }
-[:simple-torbrowser:](https://search.brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title="Onion Service" }
-[:octicons-eye-16:](https://search.brave.com/help/privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://search.brave.com/help){ .card-link title="Documentation" }
-
-
+{{< cards >}}
+ {{< card link="https://search.brave.com" title="Homepage" icon="home" >}}
+ {{< card link="https://search.brave.com/help/privacy-policy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
We recommend you disable [Anonymous usage metrics](https://search.brave.com/help/usage-metrics) as it is enabled by default and can be disabled within settings.
### DuckDuckGo
-
-
-{ align=right }
-
**DuckDuckGo** is one of the more mainstream private search engine options. Notable DuckDuckGo search features include [bangs](https://duckduckgo.com/bang) and a variety of [instant answers](https://help.duckduckgo.com/duckduckgo-help-pages/features/instant-answers-and-other-features). The search engine uses numerous [sources](https://help.duckduckgo.com/results/sources) other than Bing for instant answers and other non-primary results.
-DuckDuckGo is the default search engine for the [Tor Browser](tor.md#tor-browser) and is one of the few available options on Apple’s [Safari](mobile-browsers.md#safari-ios) browser.
+DuckDuckGo is the default search engine for the [Tor Browser](../../software/tor/_index.md#tor-browser) and is one of the few available options on Apple’s [Safari](../../software/mobile-browsers/_index.md#safari-ios) browser.
-[:octicons-home-16: Homepage](https://duckduckgo.com){ .md-button .md-button--primary }
-[:simple-torbrowser:](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion){ .card-link title="Onion Service" }
-[:octicons-eye-16:](https://duckduckgo.com/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://help.duckduckgo.com){ .card-link title="Documentation" }
-
-
+{{< cards >}}
+ {{< card link="https://duckduckgo.com" title="Homepage" icon="home" >}}
+ {{< card link="https://duckduckgo.com/privacy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
DuckDuckGo offers two [other versions](https://help.duckduckgo.com/features/non-javascript) of their search engine, both of which do not require JavaScript. These versions do lack features, however. These versions can also be used in conjunction with their Tor hidden address by appending [/lite](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/lite) or [/html](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/html) for the respective version.
### Startpage
-
+**Startpage** is a private search engine. One of Startpage's unique features is the [Anonymous View](https://startpage.com/en/anonymous-view), which puts forth efforts to standardize user activity to make it more difficult to be uniquely identified. The feature can be useful for hiding [some](https://support.startpage.com/hc/articles/4455540212116-The-Anonymous-View-Proxy-technical-details) network and browser properties. Unlike the name suggests, the feature should not be relied upon for anonymity. If you are looking for anonymity, use the [Tor Browser](../../software/tor/_index.md#tor-browser) instead.
-{ align=right }
-{ align=right }
-
-**Startpage** is a private search engine. One of Startpage's unique features is the [Anonymous View](https://startpage.com/en/anonymous-view), which puts forth efforts to standardize user activity to make it more difficult to be uniquely identified. The feature can be useful for hiding [some](https://support.startpage.com/hc/articles/4455540212116-The-Anonymous-View-Proxy-technical-details) network and browser properties. Unlike the name suggests, the feature should not be relied upon for anonymity. If you are looking for anonymity, use the [Tor Browser](tor.md#tor-browser) instead.
-
-[:octicons-home-16: Homepage](https://startpage.com){ .md-button .md-button--primary }
-[:simple-torbrowser:](http://startpagel6srwcjlue4zgq3zevrujfaow726kjytqbbjyrswwmjzcqd.onion){ .card-link title="Onion Service" }
-[:octicons-eye-16:](https://startpage.com/en/privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://support.startpage.com/hc/categories/4481917470356-Startpage-Search-Engine){ .card-link title="Documentation" }
-
-
+{{< cards >}}
+ {{< card link="https://startpage.com" title="Homepage" icon="home" >}}
+ {{< card link="https://startpage.com/en/privacy-policy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
Startpage's majority shareholder is System1 who is an adtech company. We don't believe that to be an issue as they have a distinctly separate [privacy policy](https://system1.com/terms/privacy-policy). The Privacy Guides team reached out to Startpage [back in 2020](https://blog.privacyguides.org/2020/05/03/relisting-startpage) to clear up any concerns with System1's sizeable investment into the service, and we were satisfied with the answers we received.
-Startpage previously placed limitations on VPN and [Tor](tor.md) users, but they recently created an [official](https://support.startpage.com/hc/en-us/articles/24786602537364-Startpage-s-Tor-onion-service) Tor hidden service, and as of April 2024 we have no longer noticed extra roadblocks for Tor or [VPN](vpn.md) users.
+Startpage previously placed limitations on VPN and [Tor](../../software/tor/_index.md) users, but they recently created an [official](https://support.startpage.com/hc/en-us/articles/24786602537364-Startpage-s-Tor-onion-service) Tor hidden service, and as of April 2024 we have no longer noticed extra roadblocks for Tor or [VPN](../vpn/_index.md) users.
## Metasearch Engines
@@ -97,17 +88,14 @@ A [metasearch engine](https://en.wikipedia.org/wiki/Metasearch_engine) aggregate
### SearXNG
-
-
-{ align=right }
-
**SearXNG** is an open-source, self-hostable, metasearch engine. It is an actively maintained fork of [SearX](https://github.com/searx/searx).
-[:octicons-home-16: Homepage](https://searxng.org){ .md-button .md-button--primary }
-[:octicons-server-16:](https://searx.space){ .card-link title="Public Instances" }
-[:octicons-code-16:](https://github.com/searxng/searxng){ .card-link title="Source Code" }
+{{< cards >}}
+ {{< card link="https://searxng.org" title="Homepage" icon="home" >}}
+ {{< card link="https://docs.searxng.org/user/about.html" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
+A directory of public instances is available at [searx.space](https://searx.space), and the source code is on [GitHub](https://github.com/searxng/searxng).
SearXNG is a proxy between you and the search engines it aggregates from. Your search queries will still be sent to the search engines that SearXNG gets its results from.
@@ -117,7 +105,7 @@ When you are using a SearXNG instance, be sure to go read their privacy policy.
## Criteria
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../../../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
### Minimum Requirements
diff --git a/content/tools/services/vpn/_index.md b/content/tools/services/vpn/_index.md
index 4d096f39f..f8e644d1b 100644
--- a/content/tools/services/vpn/_index.md
+++ b/content/tools/services/vpn/_index.md
@@ -6,6 +6,14 @@ description: The best VPN services for protecting your privacy and security onli
[{{< badge content="Surveillance Capitalism" color="purple" >}}](../../../wiki/basics/common-threats.md#surveillance-as-a-business-model)
+
+{{< cards >}}
+ {{< card link="#proton-vpn" title="Proton VPN" image="./protonvpn.svg" subtitle="Proton VPN is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option." >}}
+ {{< card link="#ivpn" title="IVPN" image="./ivpn.svg" subtitle="IVPN is another premium VPN provider, and they have been in operation since 2009. IVPN is based in Gibraltar and does not offer a free trial." >}}
+ {{< card link="#mullvad" title="Mullvad" image="./mullvad.svg" subtitle="Mullvad is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since 2009. Mullvad is based in Sweden and offers a 14-day money-back guarantee for payment methods that allow it." >}}
+{{< /cards >}}
+
+
If you're looking for additional *privacy* from your ISP, on a public Wi-Fi network, or while torrenting files, a **VPN** may be the solution for you.
@@ -15,11 +23,11 @@ Using a VPN will **not** keep your browsing habits anonymous, nor will it add ad
If you are looking for **anonymity**, you should use the Tor Browser. If you're looking for added **security**, you should always ensure you're connecting to websites using HTTPS. A VPN is not a replacement for good security practices.
-[Introduction to the Tor Browser](tor.md#tor-browser){ .md-button .md-button--primary } [Tor Myths & FAQ](../../../wiki/advanced/tor-overview.md){ .md-button }
+[Introduction to the Tor Browser](../../software/tor/_index.md#tor-browser) · [Tor Myths & FAQ](../../../wiki/advanced/tor-overview.md)
-[Detailed VPN Overview :material-arrow-right-drop-circle:](../../../wiki/basics/vpn-overview.md){ .md-button }
+[Detailed VPN Overview](../../../wiki/basics/vpn-overview.md)
## Recommended Providers
@@ -33,30 +41,19 @@ Our recommended providers use encryption, support WireGuard & OpenVPN, and have
### Proton VPN
-
-
-{ align=right }
-
**Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option.
-[:octicons-home-16: Homepage](https://protonvpn.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://protonvpn.com/support){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" }
+{{< cards >}}
+ {{< card link="https://protonvpn.com" title="Homepage" icon="home" >}}
+ {{< card link="https://protonvpn.com/privacy-policy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android)
-- [:simple-appstore: App Store](https://apps.apple.com/app/id1437005085)
-- [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases)
-- [:fontawesome-brands-windows: Windows](https://protonvpn.com/download-windows)
-- [:simple-apple: macOS](https://protonvpn.com/download-macos)
-- [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup)
-
-
-
-
+[{{< badge content="Linux" color="yellow" >}}](https://protonvpn.com/support/linux-vpn-setup)
+[{{< badge content="macOS" color="indigo" >}}](https://protonvpn.com/download-macos)
+[{{< badge content="Windows" color="red" >}}](https://protonvpn.com/download-windows)
+[{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=ch.protonvpn.android)
+[{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/app/id1437005085)
+[{{< badge content="GitHub" >}}](https://github.com/ProtonVPN/android-app/releases)
#### :material-check:{ .pg-green } 127 Countries
@@ -117,7 +114,7 @@ We are noting this because while we don't necessarily recommend against sharing
#### :material-alert-outline:{ .pg-orange } Additional Notes
-Proton VPN clients support two-factor authentication on all platforms. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
+Proton VPN clients support two-factor authentication on all platforms. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](../../software/tor/_index.md#tor-browser) for this purpose.
##### Kill switch feature provides poor protections on macOS
@@ -127,31 +124,20 @@ Additionally, system crashes [may occur](https://protonvpn.com/support/macos-t2-
### IVPN
-
-
-{ align=right }
-
**IVPN** is another premium VPN provider, and they have been in operation since 2009. IVPN is based in Gibraltar and does not offer a free trial.
-[:octicons-home-16: Homepage](https://ivpn.net){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://ivpn.net/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://ivpn.net/knowledgebase/general){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/ivpn){ .card-link title="Source Code" }
+{{< cards >}}
+ {{< card link="https://ivpn.net" title="Homepage" icon="home" >}}
+ {{< card link="https://ivpn.net/privacy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client)
-- [:simple-appstore: App Store](https://apps.apple.com/app/id1193122683)
-- [:octicons-moon-16: Accrescent](https://accrescent.app/app/net.ivpn.client)
-- [:simple-github: GitHub](https://github.com/ivpn/android-app/releases)
-- [:fontawesome-brands-windows: Windows](https://ivpn.net/apps-windows)
-- [:simple-apple: macOS](https://ivpn.net/apps-macos)
-- [:simple-linux: Linux](https://ivpn.net/apps-linux)
-
-
-
-
-
-{ align=right }
-
**Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since 2009. Mullvad is based in Sweden and offers a 14-day money-back guarantee for [payment methods](https://mullvad.net/en/help/refunds) that allow it.
-[:octicons-home-16: Homepage](https://mullvad.net){ .md-button .md-button--primary }
-[:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Service" }
-[:octicons-eye-16:](https://mullvad.net/en/help/privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://mullvad.net/en/help){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/mullvad){ .card-link title="Source Code" }
+{{< cards >}}
+ {{< card link="https://mullvad.net" title="Homepage" icon="home" >}}
+ {{< card link="https://mullvad.net/en/help/privacy-policy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn)
-- [:simple-appstore: App Store](https://apps.apple.com/app/id1488466513)
-- [:simple-github: GitHub](https://github.com/mullvad/mullvadvpn-app/releases)
-- [:fontawesome-brands-windows: Windows](https://mullvad.net/en/download/windows)
-- [:simple-apple: macOS](https://mullvad.net/en/download/macos)
-- [:simple-linux: Linux](https://mullvad.net/en/download/linux)
-
-
-
-
+[{{< badge content="Linux" color="yellow" >}}](https://mullvad.net/en/download/linux)
+[{{< badge content="macOS" color="indigo" >}}](https://mullvad.net/en/download/macos)
+[{{< badge content="Windows" color="red" >}}](https://mullvad.net/en/download/windows)
+[{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn)
+[{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/app/id1488466513)
+[{{< badge content="GitHub" >}}](https://github.com/mullvad/mullvadvpn-app/releases)
#### :material-check:{ .pg-green } 49 Countries
@@ -290,7 +264,7 @@ It is important to note that using a VPN provider will not make you anonymous, b
-**Please note we are not affiliated with any of the providers we recommend. This allows us to provide completely objective recommendations.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements for any VPN provider wishing to be recommended, including strong encryption, independent security audits, modern technology, and more. We suggest you familiarize yourself with this list before choosing a VPN provider, and conduct your own research to ensure the VPN provider you choose is as trustworthy as possible.
+**Please note we are not affiliated with any of the providers we recommend. This allows us to provide completely objective recommendations.** In addition to [our standard criteria](../../../about/criteria.md), we have developed a clear set of requirements for any VPN provider wishing to be recommended, including strong encryption, independent security audits, modern technology, and more. We suggest you familiarize yourself with this list before choosing a VPN provider, and conduct your own research to ensure the VPN provider you choose is as trustworthy as possible.
### Technology
@@ -300,7 +274,7 @@ We require our recommended providers to support modern technologies currently av
- Must provide standard configuration files which can be used in a generic, open-source client such as the WireGuard apps.
- Support for strong protocols such as WireGuard.
-- Functional kill switch built in to service-provided clients on our recommended [desktop](desktop.md) and [mobile](android/distributions.md) platforms. This kill switch should be able to block all internet traffic when the VPN connection drops unexpectedly.
+- Functional kill switch built in to service-provided clients on our recommended [desktop](../../os/desktop/_index.md) and [mobile](../../os/android/distributions.md) platforms. This kill switch should be able to block all internet traffic when the VPN connection drops unexpectedly.
- Multi-hop support. Multi-hopping is important to keep data private in case of a single node compromise.
- If VPN clients are provided, they should be [open source](https://en.wikipedia.org/wiki/Open_source), like the VPN software they generally have built into them. We believe that [source code](https://en.wikipedia.org/wiki/Source_code) availability provides greater transparency about what the program is actually doing.
- Censorship resistance features designed to bypass firewalls without DPI.
@@ -319,7 +293,7 @@ We prefer our recommended providers to collect as little data as possible. Not c
**Minimum to Qualify:**
-- [Anonymous cryptocurrency](cryptocurrency.md) **or** cash payment option.
+- [Anonymous cryptocurrency](../../software/cryptocurrency/_index.md) **or** cash payment option.
- No personal information required to register: Only username, password, and email at most.
**Best Case:**
@@ -380,7 +354,7 @@ Must not have any marketing which is irresponsible:
Responsible marketing that is both educational and useful to the consumer could include:
-- An accurate comparison to when [Tor](tor.md) should be used instead.
+- An accurate comparison to when [Tor](../../software/tor/_index.md) should be used instead.
- Availability of the VPN provider's website over a [.onion service](https://en.wikipedia.org/wiki/.onion)
### Additional Functionality
diff --git a/content/tools/software/ai-chat/_index.md b/content/tools/software/ai-chat/_index.md
index 83796e0b0..caee4f611 100755
--- a/content/tools/software/ai-chat/_index.md
+++ b/content/tools/software/ai-chat/_index.md
@@ -44,6 +44,14 @@ To help you choose a model that fits your needs, you can look at leaderboards an
## AI Chat Clients
+
+{{< cards >}}
+ {{< card link="#koboldcpp" title="Kobold.cpp" image="./kobold.png" subtitle="Kobold.cpp is an AI client that runs locally on your Windows, Mac, or Linux computer. It's an excellent choice if you are looking for heavy customization and tweaking, such as for role-playing purposes." >}}
+ {{< card link="#ollama-cli" title="Ollama" image="./ollama.png" subtitle="Ollama is a command-line AI assistant that is available on macOS, Linux, and Windows. Ollama is a great choice if you're looking for an AI client that's easy-to-use, widely compatible, and fast due to its use of inference and other techniques." >}}
+ {{< card link="#llamafile" title="Llamafile" image="./llamafile.webp" subtitle="Llamafile is a lightweight, single-file executable that allows users to run LLMs locally on their own computers without any setup involved. It is backed by Mozilla and available on Linux, macOS, and Windows." >}}
+{{< /cards >}}
+
+
| Feature | [Kobold.cpp](#koboldcpp) | [Ollama](#ollama-cli) | [Llamafile](#llamafile) |
|---|---|---|---|
| GPU Support | :material-check:{ .pg-green } | :material-check:{ .pg-green } | :material-check:{ .pg-green } |
@@ -55,29 +63,18 @@ To help you choose a model that fits your needs, you can look at leaderboards an
### Kobold.cpp
-
-
-{align=right}
-
**Kobold.cpp** is an AI client that runs locally on your Windows, Mac, or Linux computer. It's an excellent choice if you are looking for heavy customization and tweaking, such as for role-playing purposes.
In addition to supporting a large range of text models, Kobold.cpp also supports image generators such as [Stable Diffusion](https://stability.ai/stable-image) and automatic speech recognition tools such as [Whisper](https://github.com/ggerganov/whisper.cpp).
-[:octicons-repo-16: Repository](https://github.com/LostRuins/koboldcpp#readme){ .md-button .md-button--primary }
-[:octicons-info-16:](https://github.com/LostRuins/koboldcpp/wiki){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/LostRuins/koboldcpp){ .card-link title="Source Code" }
-[:octicons-lock-16:](https://github.com/LostRuins/koboldcpp/blob/2f3597c29abea8b6da28f21e714b6b24a5aca79b/SECURITY.md){ .card-link title="Security Policy" }
+{{< cards >}}
+ {{< card link="https://github.com/LostRuins/koboldcpp#readme" title="Repository" icon="code" >}}
+ {{< card link="https://github.com/LostRuins/koboldcpp/wiki" title="Documentation" icon="document-text" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:fontawesome-brands-windows: Windows](https://github.com/LostRuins/koboldcpp/releases)
-- [:simple-apple: macOS](https://github.com/LostRuins/koboldcpp/releases)
-- [:simple-linux: Linux](https://github.com/LostRuins/koboldcpp/releases)
-
-
-
-
@@ -90,57 +87,35 @@ Kobold.cpp allows you to modify parameters such as the AI model temperature and
### Ollama (CLI)
-
-
-{align=right}
-
**Ollama** is a command-line AI assistant that is available on macOS, Linux, and Windows. Ollama is a great choice if you're looking for an AI client that's easy-to-use, widely compatible, and fast due to its use of inference and other techniques. It also doesn't involve any manual setup.
In addition to supporting a wide range of text models, Ollama also supports [LLaVA](https://github.com/haotian-liu/LLaVA) models and has experimental support for Meta's [Llama vision capabilities](https://huggingface.co/blog/llama32#what-is-llama-32-vision).
-[:octicons-home-16: Homepage](https://ollama.com){ .md-button .md-button--primary }
-[:octicons-info-16:](https://github.com/ollama/ollama#readme){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/ollama/ollama){ .card-link title="Source Code" }
-[:octicons-lock-16:](https://github.com/ollama/ollama/blob/a14f76491d694b2f5a0dec6473514b7f93beeea0/SECURITY.md){ .card-link title="Security Policy" }
+{{< cards >}}
+ {{< card link="https://ollama.com" title="Homepage" icon="home" >}}
+ {{< card link="https://github.com/ollama/ollama#readme" title="Documentation" icon="document-text" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:fontawesome-brands-windows: Windows](https://ollama.com/download/windows)
-- [:simple-apple: macOS](https://ollama.com/download/mac)
-- [:simple-linux: Linux](https://ollama.com/download/linux)
-
-
-
-
+[{{< badge content="Linux" color="yellow" >}}](https://ollama.com/download/linux)
+[{{< badge content="macOS" color="indigo" >}}](https://ollama.com/download/mac)
+[{{< badge content="Windows" color="red" >}}](https://ollama.com/download/windows)
Ollama simplifies the process of setting up a local AI chat by downloading the AI model you want to use automatically. For example, running `ollama run llama3.2` will automatically download and run the Llama 3.2 model. Furthermore, Ollama maintains their own [model library](https://ollama.com/library) where they host the files of various AI models. This ensures that models are vetted for both performance and security, eliminating the need to manually verify model authenticity.
### Llamafile
-
-
-{align=right}
-
**Llamafile** is a lightweight, single-file executable that allows users to run LLMs locally on their own computers without any setup involved. It is [backed by Mozilla](https://hacks.mozilla.org/2023/11/introducing-llamafile) and available on Linux, macOS, and Windows.
Llamafile also supports LLaVA. However, it doesn't support speech recognition or image generation.
-[:octicons-repo-16: Repository](https://github.com/Mozilla-Ocho/llamafile#readme){ .md-button .md-button--primary }
-[:octicons-info-16:](https://github.com/Mozilla-Ocho/llamafile#quickstart){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/Mozilla-Ocho/llamafile){ .card-link title="Source Code" }
-[:octicons-lock-16:](https://github.com/Mozilla-Ocho/llamafile#security){ .card-link title="Security Policy" }
+{{< cards >}}
+ {{< card link="https://github.com/Mozilla-Ocho/llamafile#readme" title="Repository" icon="code" >}}
+ {{< card link="https://github.com/Mozilla-Ocho/llamafile#quickstart" title="Documentation" icon="document-text" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:fontawesome-brands-windows: Windows](https://github.com/Mozilla-Ocho/llamafile#quickstart)
-- [:simple-apple: macOS](https://github.com/Mozilla-Ocho/llamafile#quickstart)
-- [:simple-linux: Linux](https://github.com/Mozilla-Ocho/llamafile#quickstart)
-
-
-
-
+[{{< badge content="Linux" color="yellow" >}}](https://github.com/Mozilla-Ocho/llamafile#quickstart)
+[{{< badge content="macOS" color="indigo" >}}](https://github.com/Mozilla-Ocho/llamafile#quickstart)
+[{{< badge content="Windows" color="red" >}}](https://github.com/Mozilla-Ocho/llamafile#quickstart)
Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4 GB, and most models are larger than that.
@@ -165,7 +140,7 @@ A downloaded model is generally safe if it satisfies all the above checks.
## Criteria
-Please note we are not affiliated with any of the projects we recommend. In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project and conduct your own research to ensure it's the right choice for you.
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../../../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project and conduct your own research to ensure it's the right choice for you.
### Minimum Requirements
diff --git a/content/tools/software/browser-extensions/_index.md b/content/tools/software/browser-extensions/_index.md
index f1cd129c5..e23c0a2a9 100644
--- a/content/tools/software/browser-extensions/_index.md
+++ b/content/tools/software/browser-extensions/_index.md
@@ -10,33 +10,30 @@ In general, we recommend keeping your browser extensions to a minimum to decreas
However, some provide functionality which can outweigh these downsides in certain situations, particularly when it comes to [content blocking](../../../wiki/basics/common-threats.md#mass-surveillance-programs).
-Don't install extensions which you don't immediately have a need for, or ones that duplicate the functionality of your browser. For example, [Brave](desktop-browsers.md#brave) users don't need to install uBlock Origin, because Brave Shields already provides the same functionality.
+Don't install extensions which you don't immediately have a need for, or ones that duplicate the functionality of your browser. For example, [Brave](../desktop-browsers/_index.md#brave) users don't need to install uBlock Origin, because Brave Shields already provides the same functionality.
+
+
+{{< cards >}}
+ {{< card link="#ublock-origin" title="uBlock Origin" image="./ublock_origin.svg" subtitle="uBlock Origin is a popular content blocker that could help you block ads, trackers, and fingerprinting scripts." >}}
+ {{< card link="#ublock-origin-lite" title="uBlock Origin Lite" image="./ublock_origin_lite.svg" subtitle="uBlock Origin Lite is a Manifest V3 compatible content blocker. Compared to the original uBlock Origin, this extension does not require broad read/modify data permissions to function, which lowers the risk of Passive Attacks on your browser if a malicious rule is added to a filter list." >}}
+ {{< card link="#adguard" title="AdGuard for iOS" image="./adguard.svg" subtitle="AdGuard for iOS is a free and open-source content-blocking extension for Safari that uses the native Content Blocker API." >}}
+{{< /cards >}}
+
## Content Blockers
### uBlock Origin
-
-
-{ align=right }
-
**uBlock Origin** is a popular content blocker that could help you block ads, trackers, and fingerprinting scripts.
-[:octicons-repo-16: Repository](https://github.com/gorhill/uBlock#readme){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://github.com/gorhill/uBlock/wiki/Privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://github.com/gorhill/uBlock/wiki){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/gorhill/uBlock){ .card-link title="Source Code" }
+{{< cards >}}
+ {{< card link="https://github.com/gorhill/uBlock#readme" title="Repository" icon="code" >}}
+ {{< card link="https://github.com/gorhill/uBlock/wiki/Privacy-policy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/ublock-origin)
-- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm)
-- [:fontawesome-brands-edge: Edge](https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak)
-
-
-
-
+[{{< badge content="Firefox" >}}](https://addons.mozilla.org/firefox/addon/ublock-origin)
+[{{< badge content="Chrome" >}}](https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm)
+[{{< badge content="Edge" >}}](https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak)
We suggest following the [developer's documentation](https://github.com/gorhill/uBlock/wiki/Blocking-mode) and picking one of the "modes". Additional filter lists can impact performance and [may increase attack surface](https://portswigger.net/research/ublock-i-exfiltrate-exploiting-ad-blockers-with-css).
@@ -53,27 +50,16 @@ uBlock Origin also has a "Lite" version of their extension, which offers a limit
- ...you want a more resource (memory/CPU) efficient content blocker[^1]
- ...your browser only supports Manifest V3 extensions. This is the case for Chrome [^2] , Edge and most Chromium browsers.
-
-
-{ align=right }
-
**uBlock Origin Lite** is a Manifest V3 compatible content blocker. Compared to the original *uBlock Origin*, this extension does not require broad "read/modify data" permissions to function, which lowers the risk of [:material-bug-outline: Passive Attacks](../../../wiki/basics/common-threats.md#security-and-privacy){ .pg-orange } on your browser if a malicious rule is added to a filter list.
-[:octicons-repo-16: Repository](https://github.com/uBlockOrigin/uBOL-home#readme){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://github.com/uBlockOrigin/uBOL-home/wiki/Privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://github.com/uBlockOrigin/uBOL-home/wiki){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/gorhill/uBlock/tree/master/platform/mv3){ .card-link title="Source Code" }
+{{< cards >}}
+ {{< card link="https://github.com/uBlockOrigin/uBOL-home#readme" title="Repository" icon="code" >}}
+ {{< card link="https://github.com/uBlockOrigin/uBOL-home/wiki/Privacy-policy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/ublock-origin-lite/ddkjiahejlhfcafbddmgiahcphecmpfh)
-- [:fontawesome-brands-edge: Edge](https://microsoftedge.microsoft.com/addons/detail/cimighlppcgcoapaliogpjjdehbnofhn)
-- [:simple-safari: Safari](https://apps.apple.com/app/id6745342698)
-
-
-
-
+[{{< badge content="Chrome" >}}](https://chrome.google.com/webstore/detail/ublock-origin-lite/ddkjiahejlhfcafbddmgiahcphecmpfh)
+[{{< badge content="Edge" >}}](https://microsoftedge.microsoft.com/addons/detail/cimighlppcgcoapaliogpjjdehbnofhn)
+[{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/app/id6745342698)
We only recommend this version of uBlock Origin if you never want to add any filter lists not included by default, or need advanced options such as [dynamic filtering](https://github.com/gorhill/ublock/wiki/dynamic-filtering:-quick-guide) and the network logger. These restrictions are due to limitations in Manifest V3's design, notably the hard limit on the number of filtering rules, and the fact that extensions generally cannot fetch remote resources.[^3]
@@ -85,27 +71,16 @@ uBlock Origin Lite only receives block list updates whenever the extension is up
### AdGuard
-We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is only supported by uBlock Origin **Lite**. Luckily, AdGuard provides an adequate alternative:
-
-
-
-{ align=right }
+We recommend [Safari](../mobile-browsers/_index.md#safari-ios) for iOS users, which unfortunately is only supported by uBlock Origin **Lite**. Luckily, AdGuard provides an adequate alternative:
**AdGuard for iOS** is a free and open-source content-blocking extension for Safari that uses the native [Content Blocker API](https://developer.apple.com/documentation/safariservices/creating_a_content_blocker).
-[:octicons-home-16: Homepage](https://adguard.com/en/adguard-ios/overview.html){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://adguard.com/privacy/ios.html){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://kb.adguard.com/ios){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/AdguardTeam/AdguardForiOS){ .card-link title="Source Code" }
+{{< cards >}}
+ {{< card link="https://adguard.com/en/adguard-ios/overview.html" title="Homepage" icon="home" >}}
+ {{< card link="https://adguard.com/privacy/ios.html" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-appstore: App Store](https://apps.apple.com/app/id1047223162)
-
-
-
-
+[{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/app/id1047223162)
Additional filter lists do slow things down and may increase your attack surface, so only apply what you need. AdGuard for iOS has some premium features; however, standard Safari content blocking is free of charge.
diff --git a/content/tools/software/desktop-browsers/adguard.svg b/content/tools/software/browser-extensions/adguard.svg
similarity index 100%
rename from content/tools/software/desktop-browsers/adguard.svg
rename to content/tools/software/browser-extensions/adguard.svg
diff --git a/content/tools/software/desktop-browsers/ublock_origin.svg b/content/tools/software/browser-extensions/ublock_origin.svg
similarity index 100%
rename from content/tools/software/desktop-browsers/ublock_origin.svg
rename to content/tools/software/browser-extensions/ublock_origin.svg
diff --git a/content/tools/software/desktop-browsers/ublock_origin_lite.svg b/content/tools/software/browser-extensions/ublock_origin_lite.svg
similarity index 100%
rename from content/tools/software/desktop-browsers/ublock_origin_lite.svg
rename to content/tools/software/browser-extensions/ublock_origin_lite.svg
diff --git a/content/tools/software/cryptocurrency/_index.md b/content/tools/software/cryptocurrency/_index.md
index aa597ac80..fa26e5731 100644
--- a/content/tools/software/cryptocurrency/_index.md
+++ b/content/tools/software/cryptocurrency/_index.md
@@ -7,9 +7,16 @@ title: Cryptocurrency
[{{< badge content="Mass Surveillance" color="blue" >}}](../../../wiki/basics/common-threats.md#mass-surveillance-programs)
[{{< badge content="Censorship" >}}](../../../wiki/basics/common-threats.md#avoiding-censorship)
+
+{{< cards >}}
+ {{< card link="#monero" title="Monero" image="./monero.svg" subtitle="Monero uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve Anonymity. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices." >}}
+{{< /cards >}}
+
+
Making payments online is one of the biggest challenges to privacy. These cryptocurrencies provide transaction privacy by default (something which is **not** guaranteed by the majority of cryptocurrencies), provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases:
-[Making Private Payments :material-arrow-right-drop-circle:](../../../wiki/advanced/payments.md){ .md-button }
+[Making Private Payments](../../../wiki/advanced/payments.md)
+{ .md-button }
Danger
@@ -20,20 +27,12 @@ Many if not most cryptocurrency projects are scams. Make transactions carefully
## Monero
-
-
-{ align=right }
-
**Monero** uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve [:material-incognito: Anonymity](../../../wiki/basics/common-threats.md#anonymity-vs-privacy){ .pg-purple }. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices.
-[:octicons-home-16: Homepage](https://getmonero.org){ .md-button .md-button--primary }
-[:octicons-info-16:](https://getmonero.org/resources/user-guides){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://getmonero.org/get-started/contributing){ .card-link title=Contribute }
-
-
-
-
+{{< cards >}}
+ {{< card link="https://getmonero.org" title="Homepage" icon="home" >}}
+ {{< card link="https://getmonero.org/resources/user-guides" title="Documentation" icon="document-text" >}}
+{{< /cards >}}
With Monero, outside observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories.
@@ -60,11 +59,12 @@ For optimal privacy, make sure to use a self-custody wallet where the [view key]
### Monero nodes
-For maximum privacy (even with a self-custody wallet), you should run your own Monero node called the [Monero daemon](https://docs.getmonero.org/interacting/monerod-reference), which is included in the [CLI wallet](https://getmonero.org/downloads/#cli). Using another person’s node will expose some information to them, such as the IP address that you connect to it from, the timestamps that you sync your wallet, and the transactions that you send from your wallet (though no other details about those transactions). Alternatively, you can connect to someone else’s Monero node over [Tor](alternative-networks.md#tor), [I2P](alternative-networks.md#i2p-the-invisible-internet-project), or a [VPN](vpn.md).
+For maximum privacy (even with a self-custody wallet), you should run your own Monero node called the [Monero daemon](https://docs.getmonero.org/interacting/monerod-reference), which is included in the [CLI wallet](https://getmonero.org/downloads/#cli). Using another person’s node will expose some information to them, such as the IP address that you connect to it from, the timestamps that you sync your wallet, and the transactions that you send from your wallet (though no other details about those transactions). Alternatively, you can connect to someone else’s Monero node over [Tor](../../advanced/alternative-networks/_index.md#tor), [I2P](../../advanced/alternative-networks/_index.md#i2p-the-invisible-internet-project), or a [VPN](../../services/vpn/_index.md).
### Buying Monero
-[General tips for acquiring Monero](../../../wiki/advanced/payments.md#acquisition){ .md-button }
+[General tips for acquiring Monero](../../../wiki/advanced/payments.md#acquisition)
+{ .md-button }
There are numerous centralized exchanges (CEX) as well as P2P marketplaces where you can buy and sell Monero. Some of them require identifying yourself (KYC) to comply with anti-money laundering regulations. However, due to Monero's privacy features, the only thing known to the seller is *that* you bought Monero, but not how much you own or where you spend it (after it leaves the exchange). Some reputable places to buy Monero include:
@@ -75,16 +75,16 @@ There are numerous centralized exchanges (CEX) as well as P2P marketplaces where
## Criteria
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../../../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
- Cryptocurrency must provide private/untraceable transactions by default.
Important notices
-The content here is not legal or financial advice. We do not endorse or encourage illicit activities, and we do not endorse or encourage anything which violates a company's terms of service. Check with a professional to confirm that these recommendations are legal and available in your jurisdiction. [See all notices](about/notices.md).
+The content here is not legal or financial advice. We do not endorse or encourage illicit activities, and we do not endorse or encourage anything which violates a company's terms of service. Check with a professional to confirm that these recommendations are legal and available in your jurisdiction. [See all notices](../../../about/notices.md).
[^1]: You may refer to the following pages for up-to-date information on countries in which Kraken does **not** allow the purchase of Monero: [Where is Kraken licensed or regulated?](https://support.kraken.com/hc/en-us/articles/where-is-kraken-licensed-or-regulated) and [Support for Monero (XMR) in Europe](https://support.kraken.com/hc/en-us/articles/support-for-monero-xmr-in-europe).
-[^2]: You may refer to the following pages for up-to-date information on countries in which Cake Wallet and Monero.com **only** allow the direct purchase of Monero (through third-party providers): [Which countries are served by DFX?](https://docs.dfx.swiss/en/faq.html#which-countries-are-served-by-dfx) and [What are the supported countries/regions? (Guardarian)](https://guardarian.freshdesk.com/support/solutions/articles/80001151826-what-are-the-supported-countries-regions).
+[^2]: You may refer to the following pages for up-to-date information on countries in which Cake Wallet and Monero.com **only** allow the direct purchase of Monero (through third-party providers): [Which countries are served by DFX?](https://docs.dfx.swiss/en/faq.html#which-countries-are-served-by-dfx) and [What are the supported countries/regions? (Guardarian)](https://guardarian.freshdesk.com/support/solutions/articles/80001151826-what-are-the-supported-countries-regions-).
diff --git a/content/tools/software/data-redaction/_index.md b/content/tools/software/data-redaction/_index.md
index 81f0c70a5..e7475d7b6 100644
--- a/content/tools/software/data-redaction/_index.md
+++ b/content/tools/software/data-redaction/_index.md
@@ -15,54 +15,42 @@ You should **never** use blur to redact [text in images](https://bishopfox.com/b
+
+{{< cards >}}
+ {{< card link="#mat2" title="MAT2" image="./mat2.svg" subtitle="MAT2 is free, cross-platform software which allows you to remove metadata from image, audio, torrent, and document file types. It provides both a command line tool and a graphical user interface via an extension for Dolphin, the default file manager of KDE." >}}
+ {{< card link="#exiferaser-android" title="ExifEraser" image="./exiferaser.svg" subtitle="ExifEraser is a modern, permissionless image metadata erasing application for Android." >}}
+ {{< card link="#exiftool-cli" title="ExifTool" image="./exiftool.png" subtitle="ExifTool is the original Perl library and command-line application for reading, writing, and editing meta information (Exif, IPTC, XMP, and more) in a wide variety of file formats (JPEG, TIFF, PNG, PDF, RAW, and more)." >}}
+{{< /cards >}}
+
+
## MAT2
-
-
-{ align=right }
-
**MAT2** is free, cross-platform software which allows you to remove metadata from image, audio, torrent, and document file types. It provides both a command line tool and a graphical user interface via an extension for [Dolphin](https://github.com/jvoisin/mat2/tree/master/dolphin), the default file manager of [KDE](https://kde.org).
-[:octicons-repo-16: Repository](https://github.com/jvoisin/mat2#readme){ .md-button .md-button--primary }
-[:octicons-info-16:](https://github.com/jvoisin/mat2#how-to-use-mat2){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/jvoisin/mat2){ .card-link title="Source Code" }
+{{< cards >}}
+ {{< card link="https://github.com/jvoisin/mat2#readme" title="Repository" icon="code" >}}
+ {{< card link="https://github.com/jvoisin/mat2#how-to-use-mat2" title="Documentation" icon="document-text" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:fontawesome-brands-windows: Windows](https://pypi.org/project/mat2)
-- [:simple-apple: macOS](https://github.com/jvoisin/mat2#requirements-setup-on-macos-os-x-using-homebrew)
-- [:simple-linux: Linux](https://pypi.org/project/mat2)
-- [:octicons-browser-16: Web](https://github.com/jvoisin/mat2#web-interface)
-
-
-
-
+[{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=com.none.tom.exiferaser)
+[{{< badge content="Accrescent" >}}](https://accrescent.app/app/com.none.tom.exiferaser)
+[{{< badge content="GitHub" >}}](https://github.com/Tommy-Geenexus/exif-eraser/releases)
The metadata that is erased depends on the image's file type:
@@ -84,7 +72,8 @@ The app offers multiple ways to erase metadata from images. Namely:
On iOS and macOS, you can remove image metadata without using any third-party apps by creating a [**shortcut**](https://apps.apple.com/app/id915249334) for this purpose. Here is an example shortcut you can download to use as is:
-[:material-tag-minus: Clean Image Metadata](https://icloud.com/shortcuts/fb774ddb7b5b4296871776c67ac0fff9){ .md-button }
+[:material-tag-minus: Clean Image Metadata](https://icloud.com/shortcuts/fb774ddb7b5b4296871776c67ac0fff9)
+{ .md-button }
You can also use it as a model for your own shortcut; just make sure that the **Preserve Metadata** option under the **Convert** action is unchecked. Once added, you can access the shortcut in the share sheet that appears when you select the :octicons-share-24: Share button. You can select multiple images and invoke the shortcut to remove their metadata all at once.
@@ -92,29 +81,18 @@ This shortcut removes metadata such as location, device model, lens model, and o
## ExifTool (CLI)
-
-
-{ align=right }
-
**ExifTool** is the original Perl library and command-line application for reading, writing, and editing meta information (Exif, IPTC, XMP, and more) in a wide variety of file formats (JPEG, TIFF, PNG, PDF, RAW, and more).
It is often a component of other Exif removal applications and in most Linux distribution repositories.
-[:octicons-home-16: Homepage](https://exiftool.org){ .md-button .md-button--primary }
-[:octicons-info-16:](https://exiftool.org/faq.html){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/exiftool/exiftool){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://exiftool.org/#donate){ .card-link title="Contribute" }
+{{< cards >}}
+ {{< card link="https://exiftool.org" title="Homepage" icon="home" >}}
+ {{< card link="https://exiftool.org/faq.html" title="Documentation" icon="document-text" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:fontawesome-brands-windows: Windows](https://exiftool.org)
-- [:simple-apple: macOS](https://exiftool.org)
-- [:simple-linux: Linux](https://exiftool.org)
-
-
-
-
@@ -127,7 +105,7 @@ exiftool -all= *.file_extension
## Criteria
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../../../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
- Apps developed for open-source operating systems must be open source.
- Apps must be free and should not include ads or other limitations.
diff --git a/content/tools/software/desktop-browsers/_index.md b/content/tools/software/desktop-browsers/_index.md
index 688d93806..dd5a9c2f6 100644
--- a/content/tools/software/desktop-browsers/_index.md
+++ b/content/tools/software/desktop-browsers/_index.md
@@ -8,33 +8,30 @@ description: These privacy-protecting browsers are what we currently recommend f
These are our currently recommended **desktop web browsers** and configurations for standard/non-anonymous browsing. We recommend [Mullvad Browser](#mullvad-browser) if you are focused on strong privacy protections and anti-fingerprinting out of the box, [Firefox](#firefox) for casual internet browsers looking for a good alternative to Google Chrome, and [Brave](#brave) if you need Chromium browser compatibility.
-If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. We make some configuration recommendations on this page, but all browsers other than Tor Browser will be traceable by *somebody* in some manner or another.
+
+{{< cards >}}
+ {{< card link="#mullvad-browser" title="Mullvad Browser" image="./mullvad_browser.svg" subtitle="Mullvad Browser is a version of Tor Browser with Tor network integrations removed. It aims to provide to VPN users Tor Browser's anti-fingerprinting browser technologies, which are key protections against Mass Surveillance." >}}
+ {{< card link="#firefox" title="Firefox" image="./firefox.svg" subtitle="Firefox provides strong privacy settings such as Enhanced Tracking Protection, which can help block various types of tracking." >}}
+ {{< card link="#brave" title="Brave" image="./brave.svg" subtitle="Brave Browser includes a built-in content blocker and privacy features, many of which are enabled by default. Brave is built upon the Chromium web browser project, so it should feel familiar and have minimal website compatibility issues." >}}
+{{< /cards >}}
+
+
+If you need to browse the internet anonymously, you should use [Tor](../tor/_index.md) instead. We make some configuration recommendations on this page, but all browsers other than Tor Browser will be traceable by *somebody* in some manner or another.
## Mullvad Browser
-
+**Mullvad Browser** is a version of [Tor Browser](../tor/_index.md#tor-browser) with Tor network integrations removed. It aims to provide to VPN users Tor Browser's anti-fingerprinting browser technologies, which are key protections against [:material-eye-outline: Mass Surveillance](../../../wiki/basics/common-threats.md#mass-surveillance-programs){ .pg-blue }. It is developed by the Tor Project and distributed by [Mullvad](../../services/vpn/_index.md#mullvad), and does **not** require the use of Mullvad's VPN.
-{ align=right }
+{{< cards >}}
+ {{< card link="https://mullvad.net/en/browser" title="Homepage" icon="home" >}}
+ {{< card link="https://mullvad.net/en/help/privacy-policy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-**Mullvad Browser** is a version of [Tor Browser](tor.md#tor-browser) with Tor network integrations removed. It aims to provide to VPN users Tor Browser's anti-fingerprinting browser technologies, which are key protections against [:material-eye-outline: Mass Surveillance](../../../wiki/basics/common-threats.md#mass-surveillance-programs){ .pg-blue }. It is developed by the Tor Project and distributed by [Mullvad](vpn.md#mullvad), and does **not** require the use of Mullvad's VPN.
+[{{< badge content="Linux" color="yellow" >}}](https://mullvad.net/en/download/browser/linux)
+[{{< badge content="macOS" color="indigo" >}}](https://mullvad.net/en/download/browser/macos)
+[{{< badge content="Windows" color="red" >}}](https://mullvad.net/en/download/browser/windows)
-[:octicons-home-16: Homepage](https://mullvad.net/en/browser){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://mullvad.net/en/help/privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://mullvad.net/en/help/tag/mullvad-browser){ .card-link title="Documentation" }
-[:octicons-code-16:](https://gitlab.torproject.org/tpo/applications/mullvad-browser){ .card-link title="Source Code" }
-
-
-Downloads
-
-- [:fontawesome-brands-windows: Windows](https://mullvad.net/en/download/browser/windows)
-- [:simple-apple: macOS](https://mullvad.net/en/download/browser/macos)
-- [:simple-linux: Linux](https://mullvad.net/en/download/browser/linux)
-
-
-
-
-
-Like [Tor Browser](tor.md), Mullvad Browser is designed to prevent fingerprinting by making your browser fingerprint identical to all other Mullvad Browser users, and it includes default settings and extensions that are automatically configured by the default security levels: *Standard*, *Safer* and *Safest*.
+Like [Tor Browser](../tor/_index.md), Mullvad Browser is designed to prevent fingerprinting by making your browser fingerprint identical to all other Mullvad Browser users, and it includes default settings and extensions that are automatically configured by the default security levels: *Standard*, *Safer* and *Safest*.
Therefore, it is imperative that you do not modify the browser at all outside adjusting the default [security levels](https://tb-manual.torproject.org/security-settings). When adjusting the security level, you **must** always restart the browser before continuing to use it. Otherwise, [the security settings may not be fully applied](https://www.privacyguides.org/articles/2025/05/02/tor-security-slider-flaw), putting you at a higher risk of fingerprinting and exploits than you may expect based on the setting chosen.
@@ -42,13 +39,13 @@ Modifications other than adjusting this setting would make your fingerprint uniq
### Anti-Fingerprinting
-**Without** using a [VPN](vpn.md), Mullvad Browser provides protections against [naive fingerprinting scripts](https://github.com/arkenfox/user.js/wiki/3.3-Overrides-%5BTo-RFP-or-Not%5D#-fingerprinting) similar to other private browsers like Firefox+[Arkenfox](#arkenfox-advanced) or [Brave](#brave). Mullvad Browser provides these protections out of the box, at the expense of some flexibility and convenience that other private browsers can provide.
+**Without** using a [VPN](../../services/vpn/_index.md), Mullvad Browser provides protections against [naive fingerprinting scripts](https://github.com/arkenfox/user.js/wiki/3.3-Overrides-%5BTo-RFP-or-Not%5D#-fingerprinting) similar to other private browsers like Firefox+[Arkenfox](#arkenfox-advanced) or [Brave](#brave). Mullvad Browser provides these protections out of the box, at the expense of some flexibility and convenience that other private browsers can provide.
==For the strongest anti-fingerprinting protection, we recommend using Mullvad Browser in conjunction **with** a VPN==, whether that is Mullvad or another recommended VPN provider. When using a VPN with Mullvad Browser, you will share a fingerprint and a pool of IP addresses with many other users, giving you a "crowd" to blend in with. This strategy is the only way to thwart advanced tracking scripts, and is the same anti-fingerprinting technique used by Tor Browser.
Note that while you can use Mullvad Browser with any VPN provider, other people on that VPN must also be using Mullvad Browser for this "crowd" to exist, something which is more likely on Mullvad VPN compared to other providers. Mullvad Browser does not have built-in VPN connectivity, nor does it check whether you are using a VPN before browsing; your VPN connection has to be configured and managed separately.
-Mullvad Browser comes with the *uBlock Origin* and *NoScript* browser extensions pre-installed. While we typically discourage adding *additional* [browser extensions](browser-extensions.md), these extensions that come pre-installed with the browser should **not** be removed or configured outside their default values, because doing so would noticeably make your browser fingerprint distinct from other Mullvad Browser users. It also comes pre-installed with the Mullvad Browser Extension, which *can* be safely removed without impacting your browser fingerprint if you would like, but is also safe to keep even if you don't use Mullvad VPN.
+Mullvad Browser comes with the *uBlock Origin* and *NoScript* browser extensions pre-installed. While we typically discourage adding *additional* [browser extensions](../browser-extensions/_index.md), these extensions that come pre-installed with the browser should **not** be removed or configured outside their default values, because doing so would noticeably make your browser fingerprint distinct from other Mullvad Browser users. It also comes pre-installed with the Mullvad Browser Extension, which *can* be safely removed without impacting your browser fingerprint if you would like, but is also safe to keep even if you don't use Mullvad VPN.
### Private Browsing Mode
@@ -58,29 +55,17 @@ This is required to prevent advanced forms of tracking, but does come at the cos
## Firefox
-
@@ -155,7 +140,7 @@ This prevents you from unintentionally connecting to a website in plain-text HTT
##### DNS over HTTPS
-If you use a [DNS over HTTPS provider](dns.md):
+If you use a [DNS over HTTPS provider](../../services/dns/_index.md):
- [x] Select **Max Protection** and choose a suitable provider
@@ -180,32 +165,20 @@ Arkenfox only aims to thwart basic or naive tracking scripts through canvas rand
## Brave
-
-
-{ align=right }
-
**Brave Browser** includes a built-in content blocker and [privacy features](https://brave.com/privacy-features), many of which are enabled by default.
Brave is built upon the Chromium web browser project, so it should feel familiar and have minimal website compatibility issues.
-[:octicons-home-16: Homepage](https://brave.com){ .md-button .md-button--primary }
-[:simple-torbrowser:](https://brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title="Onion Service" }
-[:octicons-eye-16:](https://brave.com/privacy/browser){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://support.brave.com){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/brave/brave-browser){ .card-link title="Source Code" }
+{{< cards >}}
+ {{< card link="https://brave.com" title="Homepage" icon="home" >}}
+ {{< card link="https://brave.com/privacy/browser" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-github: GitHub](https://github.com/brave/brave-browser/releases)
-- [:fontawesome-brands-windows: Windows](https://brave.com/download)
-- [:simple-apple: macOS](https://brave.com/download)
-- [:simple-linux: Linux](https://brave.com/linux)
-- [:simple-flathub: Flathub](https://flathub.org/apps/com.brave.Browser)
-
-
-
-
@@ -265,7 +238,7 @@ Brave allows you to select additional content filters within the internal `brave
##### Tor windows
-[**Private Window with Tor**](https://support.brave.com/hc/articles/360018121491-What-is-a-Private-Window-with-Tor-Connectivity) allows you to route your traffic through the Tor network in Private Windows and access .onion services, which may be useful in some cases. However, Brave is **not** as resistant to fingerprinting as the Tor Browser is, and far fewer people use Brave with Tor, so you will stand out. If your threat model requires strong anonymity, use the [Tor Browser](tor.md#tor-browser).
+[**Private Window with Tor**](https://support.brave.com/hc/articles/360018121491-What-is-a-Private-Window-with-Tor-Connectivity) allows you to route your traffic through the Tor network in Private Windows and access .onion services, which may be useful in some cases. However, Brave is **not** as resistant to fingerprinting as the Tor Browser is, and far fewer people use Brave with Tor, so you will stand out. If your threat model requires strong anonymity, use the [Tor Browser](../tor/_index.md#tor-browser).
##### Data Collection
@@ -306,13 +279,13 @@ We recommend disabling search suggestions in Brave for the same reason we recomm
#### Brave Rewards and Wallet
-**Brave Rewards** lets you receive Basic Attention Token (BAT) cryptocurrency for performing certain actions within Brave. It relies on a custodial account and KYC from a select number of providers. We do not recommend BAT as a [private cryptocurrency](cryptocurrency.md), nor do we recommend using a [custodial wallet](../../../wiki/advanced/payments.md#wallet-custody), so we would discourage using this feature.
+**Brave Rewards** lets you receive Basic Attention Token (BAT) cryptocurrency for performing certain actions within Brave. It relies on a custodial account and KYC from a select number of providers. We do not recommend BAT as a [private cryptocurrency](../cryptocurrency/_index.md), nor do we recommend using a [custodial wallet](../../../wiki/advanced/payments.md#wallet-custody), so we would discourage using this feature.
**Brave Wallet** operates locally on your computer, but does not support any private cryptocurrencies, so we would discourage using this feature as well.
## Criteria
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../../../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
### Minimum Requirements
@@ -334,6 +307,6 @@ Our best-case criteria represents what we would like to see from the perfect pro
- Should not include add-on functionality (bloatware) that does not impact user privacy.
- Should not collect telemetry by default.
- Should provide an open-source sync server implementation.
-- Should default to a [private search engine](search-engines.md).
+- Should default to a [private search engine](../../services/search-engines/_index.md).
[^1]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state).
diff --git a/content/tools/software/document-collaboration/_index.md b/content/tools/software/document-collaboration/_index.md
index f825e3a8f..b3c824c47 100644
--- a/content/tools/software/document-collaboration/_index.md
+++ b/content/tools/software/document-collaboration/_index.md
@@ -6,32 +6,28 @@ description: Most online office suites do not support end-to-end encryption, mea
[{{< badge content="Service Providers" color="indigo" >}}](../../../wiki/basics/common-threats.md#privacy-from-service-providers)
+
+{{< cards >}}
+ {{< card link="#cryptpad" title="CryptPad" image="./cryptpad.svg" subtitle="CryptPad is a private-by-design alternative to popular, full-fledged office suites. All content on this web service is E2EE and can be shared with other users easily." >}}
+{{< /cards >}}
+
+
Most online **document collaboration** platforms like Google Drive do not support end-to-end encryption, meaning the cloud provider has access to everything you do. The provider's privacy policy may legally protect your rights, but it does not provide technical access constraints.
## CryptPad
-
-
-{ align=right }
-
**CryptPad** is a private-by-design alternative to popular, full-fledged office suites. All content on this web service is E2EE and can be shared with other users easily.
[:material-star-box: Read our latest CryptPad review.](https://www.privacyguides.org/articles/2025/02/07/cryptpad-review)
-[:octicons-home-16: Homepage](https://cryptpad.fr){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://cryptpad.fr/pad/#/2/pad/view/GcNjAWmK6YDB3EO2IipRZ0fUe89j43Ryqeb4fjkjehE){ .card-link title="Privacy Policy" }
-[:octicons-server-16:](https://cryptpad.org/instances){ .card-link title="Public Instances" }
-[:octicons-info-16:](https://docs.cryptpad.fr){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/xwiki-labs/cryptpad){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://opencollective.com/cryptpad){ .card-link title="Contribute" }
-
-
-
-
+{{< cards >}}
+ {{< card link="https://cryptpad.fr" title="Homepage" icon="home" >}}
+ {{< card link="https://cryptpad.fr/pad/#/2/pad/view/GcNjAWmK6YDB3EO2IipRZ0fUe89j43Ryqeb4fjkjehE" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
## Criteria
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../../../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
### Minimum Requirements
diff --git a/content/tools/software/email-clients/_index.md b/content/tools/software/email-clients/_index.md
index d2d61527e..a78d36aa7 100644
--- a/content/tools/software/email-clients/_index.md
+++ b/content/tools/software/email-clients/_index.md
@@ -16,38 +16,40 @@ When using end-to-end encryption (E2EE) technology like OpenPGP, email will stil
OpenPGP also does not support [forward secrecy](https://en.wikipedia.org/wiki/Forward_secrecy), which means if either your or the recipient's private key is ever stolen, all previous messages encrypted with it will be exposed: [How do I protect my private keys?](../../../wiki/basics/email-security.md#how-do-i-protect-my-private-keys) Consider using a medium that provides forward secrecy:
-[Real-time Communication](../../services/messengers/_index.md){ .md-button }
+[Real-time Communication](../../services/messengers/_index.md)
+{ .md-button }
+
+{{< cards >}}
+ {{< card link="#thunderbird" title="Thunderbird" image="./thunderbird.svg" subtitle="Thunderbird is a free, open-source, cross-platform email, newsgroup, news feed, and chat (XMPP, IRC, Matrix) client developed by the Thunderbird community, and previously by the Mozilla Foundation." >}}
+ {{< card link="#apple-mail-macos" title="Apple Mail" image="./applemail.png" subtitle="Apple Mail is included in macOS and can be extended to have OpenPGP support with GPG Suite, which adds the ability to send PGP-encrypted email." >}}
+ {{< card link="#fairemail-android" title="FairEmail" image="./fairemail.svg" subtitle="FairEmail is a minimal, open-source email app which uses open standards (IMAP, SMTP, OpenPGP) and minimizes data and battery usage." >}}
+ {{< card link="#gnome-evolution-gnome" title="GNOME Evolution" image="./evolution.svg" subtitle="Evolution is a personal information management application that provides integrated mail, calendaring, and address book functionality. Evolution has extensive documentation to help you get started." >}}
+ {{< card link="#kontact-kde" title="Kontact" image="./kontact.svg" subtitle="Kontact is a personal information manager (PIM) application from the KDE project. It provides a mail client, address book, RSS client, and an organizer." >}}
+ {{< card link="#mailvelope-browser" title="Mailvelope" image="./mailvelope.svg" subtitle="Mailvelope is a browser extension that enables the exchange of encrypted emails following the OpenPGP encryption standard." >}}
+ {{< card link="#neomutt-cli" title="NeoMutt" image="./mutt.svg" subtitle="NeoMutt is an open-source command line email reader for Linux and BSD. It's a fork of Mutt) with added features." >}}
+{{< /cards >}}
+
+
## Cross-Platform
### Thunderbird
-
-
-{ align=right }
-
**Thunderbird** is a free, open-source, cross-platform email, newsgroup, news feed, and chat (XMPP, IRC, Matrix) client developed by the Thunderbird community, and previously by the Mozilla Foundation.
-[:octicons-home-16: Homepage](https://thunderbird.net){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://mozilla.org/privacy/thunderbird){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://support.mozilla.org/products/thunderbird){ .card-link title="Documentation" }
-[:octicons-code-16:](https://hg.mozilla.org/comm-central){ .card-link title="Source Code" }
+{{< cards >}}
+ {{< card link="https://thunderbird.net" title="Homepage" icon="home" >}}
+ {{< card link="https://mozilla.org/privacy/thunderbird" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=net.thunderbird.android)
-- [:simple-github: GitHub](https://github.com/thunderbird/thunderbird-android/releases)
-- [:fontawesome-brands-windows: Windows](https://thunderbird.net)
-- [:simple-apple: macOS](https://thunderbird.net)
-- [:simple-linux: Linux](https://thunderbird.net)
-- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.mozilla.Thunderbird)
-
-
-
-
@@ -79,25 +81,18 @@ These options can be found in :material-menu: → **Settings** → **Privacy & S
#### Thunderbird-user.js (advanced)
-[`thunderbird-user.js`](https://github.com/HorlogeSkynet/thunderbird-user.js) is a set of configuration options that aims to disable as many of the web-browsing features within Thunderbird Desktop as possible in order to reduce attack surface and maintain privacy. Some of the changes are backported from the [Arkenfox project](desktop-browsers.md#arkenfox-advanced).
+[`thunderbird-user.js`](https://github.com/HorlogeSkynet/thunderbird-user.js) is a set of configuration options that aims to disable as many of the web-browsing features within Thunderbird Desktop as possible in order to reduce attack surface and maintain privacy. Some of the changes are backported from the [Arkenfox project](../desktop-browsers/_index.md#arkenfox-advanced).
## Platform Specific
### Apple Mail (macOS)
-
-
-{ align=right }
-
**Apple Mail** is included in macOS and can be extended to have OpenPGP support with [GPG Suite](../encryption/_index.md#gpg-suite), which adds the ability to send PGP-encrypted email.
-[:octicons-home-16: Homepage](https://support.apple.com/guide/mail/welcome/mac){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://apple.com/legal/privacy/en-ww){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://support.apple.com/mail){ .card-link title=Documentation}
-
-
-
-
-
-{ align=right }
-
**NeoMutt** is an open-source command line email reader for Linux and BSD. It's a fork of [Mutt](https://en.wikipedia.org/wiki/Mutt_(email_client)) with added features.
NeoMutt is a text-based client that has a steep learning curve. It is, however, very customizable.
-[:octicons-home-16: Homepage](https://neomutt.org){ .md-button .md-button--primary }
-[:octicons-info-16:](https://neomutt.org/guide){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/neomutt/neomutt){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://paypal.com/paypalme/russon){ .card-link title=Contribute }
+{{< cards >}}
+ {{< card link="https://neomutt.org" title="Homepage" icon="home" >}}
+ {{< card link="https://neomutt.org/guide" title="Documentation" icon="document-text" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-apple: macOS](https://neomutt.org/distro)
-- [:simple-linux: Linux](https://neomutt.org/distro)
-
-
-
-
+[{{< badge content="Linux" color="yellow" >}}](https://neomutt.org/distro)
+[{{< badge content="macOS" color="indigo" >}}](https://neomutt.org/distro)
## Criteria
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../../../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
### Minimum Qualifications
diff --git a/content/tools/software/encryption/_index.md b/content/tools/software/encryption/_index.md
index 63a039437..d21c2bd9a 100644
--- a/content/tools/software/encryption/_index.md
+++ b/content/tools/software/encryption/_index.md
@@ -4,6 +4,22 @@ description: Encryption of data is the only way to control who can access it. Th
---
**Encryption** is the only secure way to control who can access your data. If you are currently not using encryption software for your hard disk, emails, or files, you should pick an option here.
+
+{{< cards >}}
+ {{< card link="#cryptomator-cloud" title="Cryptomator" image="./cryptomator.svg" subtitle="Cryptomator is an encryption solution designed for privately saving files to any cloud Service Provider, eliminating the need to trust that they won't access your files. It allows you to create vaults that are stored on a virtual drive, the contents of which are encrypted and synced with your cloud storage provider." >}}
+ {{< card link="#veracrypt-disk" title="VeraCrypt" image="./veracrypt.svg" subtitle="VeraCrypt is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication." >}}
+ {{< card link="#bitlocker" title="BitLocker" image="./bitlocker.png" subtitle="BitLocker is the full volume encryption solution bundled with Microsoft Windows that uses the Trusted Platform Module (TPM) for hardware-based security." >}}
+ {{< card link="#filevault" title="FileVault" image="./filevault.png" subtitle="FileVault is the on-the-fly volume encryption solution built into macOS. FileVault takes advantage of the hardware security capabilities present on an Apple Silicon SoC or T2 Security Chip." >}}
+ {{< card link="#linux-unified-key-setup" title="LUKS" image="./luks.png" subtitle="LUKS is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers." >}}
+ {{< card link="#kryptor" title="Kryptor" image="./kryptor.png" subtitle="Kryptor is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of age and Minisign to provide a simple, easier alternative to GPG." >}}
+ {{< card link="#tomb" title="Tomb" image="./tomb.png" subtitle="Tomb is a command-line shell wrapper for LUKS. It supports steganography via third-party tools." >}}
+ {{< card link="#gnu-privacy-guard" title="GnuPG" image="./gnupg.svg" subtitle="GnuPG is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with RFC 4880, which is the current IETF specification of OpenPGP." >}}
+ {{< card link="#gpg4win" title="GPG4win" image="./gpg4win.svg" subtitle="GPG4win is a package for Windows from Intevation and g10 Code. It includes various tools that can assist you in using GPG on Microsoft Windows." >}}
+ {{< card link="#gpg-suite" title="GPG Suite" image="./gpgsuite.png" subtitle="GPG Suite provides OpenPGP support for Apple Mail and other email clients on macOS." >}}
+ {{< card link="#openkeychain" title="OpenKeychain" image="./openkeychain.svg" subtitle="OpenKeychain is an implementation of GnuPG for Android. It's commonly required by mail clients such as Thunderbird, FairEmail, and other Android apps to provide encryption support." >}}
+{{< /cards >}}
+
+
## Multi-platform
The options listed here are available on multiple platforms and great for creating encrypted backups of your data.
@@ -14,32 +30,20 @@ The options listed here are available on multiple platforms and great for creati
[{{< badge content="Passive Attacks" color="amber" >}}](../../../wiki/basics/common-threats.md#security-and-privacy)
-
-
-{ align=right }
-
**Cryptomator** is an encryption solution designed for privately saving files to any cloud [:material-server-network: Service Provider](../../../wiki/basics/common-threats.md#privacy-from-service-providers){ .pg-teal }, eliminating the need to trust that they won't access your files. It allows you to create vaults that are stored on a virtual drive, the contents of which are encrypted and synced with your cloud storage provider.
-[:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://docs.cryptomator.org){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://cryptomator.org/donate){ .card-link title="Contribute" }
+{{< cards >}}
+ {{< card link="https://cryptomator.org" title="Homepage" icon="home" >}}
+ {{< card link="https://cryptomator.org/privacy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
-- [:simple-appstore: App Store](https://apps.apple.com/app/id1560822163)
-- [:simple-android: Android](https://cryptomator.org/android)
-- [:fontawesome-brands-windows: Windows](https://cryptomator.org/downloads)
-- [:simple-apple: macOS](https://cryptomator.org/downloads)
-- [:simple-linux: Linux](https://cryptomator.org/downloads)
-- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
-
-
-
-
+[{{< badge content="Linux" color="yellow" >}}](https://cryptomator.org/downloads)
+[{{< badge content="macOS" color="indigo" >}}](https://cryptomator.org/downloads)
+[{{< badge content="Windows" color="red" >}}](https://cryptomator.org/downloads)
+[{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=org.cryptomator)
+[{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/app/id1560822163)
+[{{< badge content="Android" >}}](https://cryptomator.org/android)
+[{{< badge content="Flathub" >}}](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
Cryptomator uses AES-256 encryption to encrypt both files and filenames. Cryptomator cannot encrypt metadata such as access, modification, and creation timestamps, nor the number and size of files and folders.
@@ -55,28 +59,16 @@ Cryptomator's documentation details its intended [security target](https://docs.
[{{< badge content="Targeted Attacks" color="red" >}}](../../../wiki/basics/common-threats.md#attacks-against-specific-individuals)
-
-
-{ align=right }
-{ align=right }
-
**VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication.
-[:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
-[:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title="Documentation" }
-[:octicons-code-16:](https://veracrypt.fr/code){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title="Contribute" }
+{{< cards >}}
+ {{< card link="https://veracrypt.fr" title="Homepage" icon="home" >}}
+ {{< card link="https://veracrypt.fr/en/Documentation.html" title="Documentation" icon="document-text" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:fontawesome-brands-windows: Windows](https://veracrypt.fr/en/Downloads.html)
-- [:simple-apple: macOS](https://veracrypt.fr/en/Downloads.html)
-- [:simple-linux: Linux](https://veracrypt.fr/en/Downloads.html)
-
-
-
-
+[{{< badge content="Linux" color="yellow" >}}](https://veracrypt.fr/en/Downloads.html)
+[{{< badge content="macOS" color="indigo" >}}](https://veracrypt.fr/en/Downloads.html)
+[{{< badge content="Windows" color="red" >}}](https://veracrypt.fr/en/Downloads.html)
VeraCrypt is a fork of the discontinued TrueCrypt project. According to its developers, security improvements have been implemented and issues raised by the initial TrueCrypt code audit have been addressed.
@@ -102,55 +94,36 @@ Powering off your devices when they’re not in use provides the highest level o
### BitLocker
-
-
-{ align=right }
-
**BitLocker** is the full volume encryption solution bundled with Microsoft Windows that uses the Trusted Platform Module ([TPM](https://learn.microsoft.com/windows/security/information-protection/tpm/how-windows-uses-the-tpm)) for hardware-based security.
-[:octicons-info-16:](https://learn.microsoft.com/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title="Documentation" }
-
-
-
-
+{{< cards >}}
+ {{< card link="https://support.microsoft.com/en-us/windows/bitlocker-overview-44c0c61c-989d-4a69-8822-b95cd49b1bbf" title="Overview" icon="home" >}}
+ {{< card link="https://learn.microsoft.com/windows/security/information-protection/BitLocker/BitLocker-overview" title="Documentation" icon="document-text" >}}
+{{< /cards >}}
BitLocker is [officially supported](https://support.microsoft.com/en-us/windows/bitlocker-overview-44c0c61c-989d-4a69-8822-b95cd49b1bbf) on the Pro, Enterprise, and Education editions of Windows. The Home edition only supports automatic [Device Encryption](https://support.microsoft.com/en-us/windows/device-encryption-in-windows-cf7e2b6f-3e70-4882-9532-18633605b7df) and must meet specific hardware requirements. If you’re using the Home edition, we recommend [upgrading to Pro](https://support.microsoft.com/en-us/windows/upgrade-windows-home-to-windows-pro-ef34d520-e73f-3198-c525-d1a218cc2818), which can be done without reinstalling Windows or losing your files.
-Pro and higher editions also support the more secure pre-boot [TPM+PIN](https://learn.microsoft.com/en-us/windows/security/operating-system-security/data-protection/bitlocker/faq#what-is-the-difference-between-a-tpm-owner-password--recovery-password--recovery-key--pin--enhanced-pin--and-startup-key) feature, configured through the appropriate [group policy](os/windows/group-policies.md#bitlocker-drive-encryption) settings. The PIN is rate limited and the TPM will panic and lock access to the encryption key either permanently or for a period of time if someone attempts to brute force access.
-
-
+Pro and higher editions also support the more secure pre-boot [TPM+PIN](https://learn.microsoft.com/en-us/windows/security/operating-system-security/data-protection/bitlocker/faq#what-is-the-difference-between-a-tpm-owner-password--recovery-password--recovery-key--pin--enhanced-pin--and-startup-key) feature, configured through the appropriate [group policy](../../os/windows/group-policies.md#bitlocker-drive-encryption) settings. The PIN is rate limited and the TPM will panic and lock access to the encryption key either permanently or for a period of time if someone attempts to brute force access.
### FileVault
-
+**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault takes advantage of the [hardware security capabilities](../../os/macos-overview.md#hardware-security) present on an Apple Silicon SoC or T2 Security Chip.
-{ align=right }
-
-**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple Silicon SoC or T2 Security Chip.
-
-[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title="Documentation" }
-
-
-
-
+{{< cards >}}
+ {{< card link="https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac" title="Documentation" icon="document-text" >}}
+ {{< card link="https://support.apple.com/guide/security/welcome/web" title="Platform Security" icon="home" >}}
+{{< /cards >}}
We advise against using your iCloud account for recovery; instead, you should securely store a local recovery key on a separate storage device.
### Linux Unified Key Setup
-
-
-{ align=right }
-
**LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers.
-[:octicons-repo-16: Repository](https://gitlab.com/cryptsetup/cryptsetup#what-the-){ .md-button .md-button--primary }
-[:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title="Documentation" }
-[:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup){ .card-link title="Source Code" }
-
-
-
-
-
-{ align=right }
-
**Kryptor** is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign) to provide a simple, easier alternative to GPG.
-[:octicons-home-16: Homepage](https://kryptor.co.uk){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://kryptor.co.uk/tutorial){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://kryptor.co.uk/#donate){ .card-link title="Contribute" }
+{{< cards >}}
+ {{< card link="https://kryptor.co.uk" title="Homepage" icon="home" >}}
+ {{< card link="https://kryptor.co.uk/features#privacy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:fontawesome-brands-windows: Windows](https://kryptor.co.uk)
-- [:simple-apple: macOS](https://kryptor.co.uk)
-- [:simple-linux: Linux](https://kryptor.co.uk)
-
-
-
-
-
-{ align=right }
-
**GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government.
-[:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title="Documentation" }
-[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
+{{< cards >}}
+ {{< card link="https://gnupg.org" title="Homepage" icon="home" >}}
+ {{< card link="https://gnupg.org/privacy-policy.html" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
-- [:fontawesome-brands-windows: Windows](https://gpg4win.org/download.html)
-- [:simple-apple: macOS](https://gpgtools.org)
-- [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
-
-
-
-
-
-{ align=right }
-
**GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005.
-[:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title="Documentation" }
-[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title="Contribute" }
+{{< cards >}}
+ {{< card link="https://gpg4win.org" title="Homepage" icon="home" >}}
+ {{< card link="https://gpg4win.org/privacy-policy.html" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:fontawesome-brands-windows: Windows](https://gpg4win.org/download.html)
-
-
-
-
+[{{< badge content="Windows" color="red" >}}](https://gpg4win.org/download.html)
### GPG Suite
-
-
-{ align=right }
-
-**GPG Suite** provides OpenPGP support for [Apple Mail](email-clients.md#apple-mail-macos) and other email clients on macOS.
+**GPG Suite** provides OpenPGP support for [Apple Mail](../email-clients/_index.md#apple-mail-macos) and other email clients on macOS.
We recommend taking a look at their [First steps](https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email) and [Knowledge Base](https://gpgtools.tenderapp.com/kb) for support.
-[:octicons-home-16: Homepage](https://gpgtools.org){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://gpgtools.org/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://gpgtools.tenderapp.com/kb){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/GPGTools){ .card-link title="Source Code" }
+{{< cards >}}
+ {{< card link="https://gpgtools.org" title="Homepage" icon="home" >}}
+ {{< card link="https://gpgtools.org/privacy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-apple: macOS](https://gpgtools.org)
-
-
-
-
+[{{< badge content="macOS" color="indigo" >}}](https://gpgtools.org)
Currently, GPG Suite does [not yet](https://gpgtools.com/sequoia) have a stable release for macOS Sonoma and later.
### OpenKeychain
-
+**OpenKeychain** is an implementation of GnuPG for Android. It's commonly required by mail clients such as [Thunderbird](../email-clients/_index.md#thunderbird), [FairEmail](../email-clients/_index.md#fairemail-android), and other Android apps to provide encryption support.
-{ align=right }
+{{< cards >}}
+ {{< card link="https://openkeychain.org" title="Homepage" icon="home" >}}
+ {{< card link="https://openkeychain.org/help/privacy-policy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-**OpenKeychain** is an implementation of GnuPG for Android. It's commonly required by mail clients such as [Thunderbird](email-clients.md#thunderbird), [FairEmail](email-clients.md#fairemail-android), and other Android apps to provide encryption support.
-
-[:octicons-home-16: Homepage](https://openkeychain.org){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://openkeychain.org/faq){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
-
-
-Downloads
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
-
-
-
-
+[{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
Cure53 completed a [security audit](https://openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. The published audit and OpenKeychain's solutions to the issues raised in the audit can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
## Criteria
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../../../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
### Minimum Qualifications
diff --git a/content/tools/software/file-sharing/_index.md b/content/tools/software/file-sharing/_index.md
index e94b6057e..8749ed8c6 100644
--- a/content/tools/software/file-sharing/_index.md
+++ b/content/tools/software/file-sharing/_index.md
@@ -8,27 +8,26 @@ description: Discover how to privately share your files between your devices, wi
Discover how to privately share your files between your devices, with your friends and family, or anonymously online.
+
+{{< cards >}}
+ {{< card link="#send" title="Send" image="./send.svg" subtitle="Send is a fork of Mozilla's discontinued Firefox Send service which allows you to send files to others with a link. Files are encrypted on your device so that they cannot be read by the server, and they can be optionally password-protected as well." >}}
+ {{< card link="#onionshare" title="OnionShare" image="./onionshare.svg" subtitle="OnionShare is an open-source tool that lets you securely and anonymously share a file of any size. It works by starting a web server accessible as a Tor onion service, with an unguessable URL that you can share with the recipients to download or send files." >}}
+ {{< card link="#syncthing-p2p" title="Syncthing" image="./syncthing.svg" subtitle="Syncthing is an open-source peer-to-peer continuous file synchronization utility. It is used to synchronize files between two or more devices over the local network or the internet." >}}
+{{< /cards >}}
+
+
## File Sharing
-If you already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
+If you already use [Proton Drive](../../services/cloud/_index.md#proton-drive)[^1] or have a [Bitwarden](../../services/passwords/_index.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
### Send
-
-
-{ align=right }
-
**Send** is a fork of Mozilla's discontinued Firefox Send service which allows you to send files to others with a link. Files are encrypted on your device so that they cannot be read by the server, and they can be optionally password-protected as well. The maintainer of Send hosts a [public instance](https://send.vis.ee). You can use other public instances, or you can host Send yourself.
-[:octicons-home-16: Homepage](https://send.vis.ee){ .md-button .md-button--primary }
-[:octicons-server-16:](https://github.com/timvisee/send-instances){ .card-link title="Public Instances"}
-[:octicons-info-16:](https://github.com/timvisee/send#readme){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/timvisee/send){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://github.com/sponsors/timvisee){ .card-link title="Contribute" }
-
-
-
-
+{{< cards >}}
+ {{< card link="https://send.vis.ee" title="Homepage" icon="home" >}}
+ {{< card link="https://github.com/timvisee/send-instances" title="Public Instances" icon="server" >}}
+{{< /cards >}}
Send can be used via its web interface or via the [ffsend](https://github.com/timvisee/ffsend) CLI. If you are familiar with the command-line and send files frequently, we recommend using the CLI client to avoid JavaScript-based encryption. You can specify the `--host` flag to use a specific server:
@@ -38,34 +37,23 @@ ffsend upload --host https://send.vis.ee/ FILE
### OnionShare
-
-
-{ align=right }
-
**OnionShare** is an open-source tool that lets you securely and [:material-incognito: anonymously](../../../wiki/basics/common-threats.md#anonymity-vs-privacy){ .pg-purple } share a file of any size. It works by starting a web server accessible as a Tor onion service, with an unguessable URL that you can share with the recipients to download or send files.
-[:octicons-home-16: Homepage](https://onionshare.org){ .md-button .md-button--primary }
-[:simple-torbrowser:](http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion){ .card-link title="Onion Service" }
-[:octicons-info-16:](https://docs.onionshare.org){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/onionshare/onionshare){ .card-link title="Source Code" }
+{{< cards >}}
+ {{< card link="https://onionshare.org" title="Homepage" icon="home" >}}
+ {{< card link="http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion" title="Onion Service" icon="link" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:fontawesome-brands-windows: Windows](https://onionshare.org/#download)
-- [:simple-apple: macOS](https://onionshare.org/#download)
-- [:simple-linux: Linux](https://onionshare.org/#download)
-- [:simple-flathub: Flathub](https://flathub.org/apps/org.onionshare.OnionShare)
-
-
-
-
+[{{< badge content="Linux" color="yellow" >}}](https://onionshare.org/#download)
+[{{< badge content="macOS" color="indigo" >}}](https://onionshare.org/#download)
+[{{< badge content="Windows" color="red" >}}](https://onionshare.org/#download)
+[{{< badge content="Flathub" >}}](https://flathub.org/apps/org.onionshare.OnionShare)
OnionShare provides the option to connect via [Tor bridges](https://docs.onionshare.org/2.6.2/en/tor.html#automatic-censorship-circumvention) to circumvent [:material-close-outline: Censorship](../../../wiki/basics/common-threats.md#avoiding-censorship){ .pg-blue-gray }.
### Criteria
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../../../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
- Must not store decrypted data on a remote server.
- Must be open-source software.
@@ -75,32 +63,21 @@ OnionShare provides the option to connect via [Tor bridges](https://docs.onionsh
### Syncthing (P2P)
-
-
-{ align=right }
-
**Syncthing** is an open-source peer-to-peer continuous file synchronization utility. It is used to synchronize files between two or more devices over the local network or the internet. Syncthing does not use a centralized server; it uses the [Block Exchange Protocol](https://docs.syncthing.net/specs/bep-v1.html#bep-v1) to transfer data between devices. All data is encrypted using TLS.
-[:octicons-home-16: Homepage](https://syncthing.net){ .md-button .md-button--primary }
-[:octicons-info-16:](https://docs.syncthing.net){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/syncthing){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://syncthing.net/donations){ .card-link title=Contribute }
+{{< cards >}}
+ {{< card link="https://syncthing.net" title="Homepage" icon="home" >}}
+ {{< card link="https://docs.syncthing.net" title="Documentation" icon="document-text" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:fontawesome-brands-windows: Windows](https://syncthing.net/downloads)
-- [:simple-apple: macOS](https://syncthing.net/downloads)
-- [:simple-linux: Linux](https://syncthing.net/downloads)
-- [:simple-freebsd: FreeBSD](https://syncthing.net/downloads)
-
-
-
-
+[{{< badge content="Linux" color="yellow" >}}](https://syncthing.net/downloads)
+[{{< badge content="macOS" color="indigo" >}}](https://syncthing.net/downloads)
+[{{< badge content="Windows" color="red" >}}](https://syncthing.net/downloads)
+[{{< badge content="FreeBSD" >}}](https://syncthing.net/downloads)
### Criteria
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../../../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
#### Minimum Requirements
diff --git a/content/tools/software/frontends/_index.md b/content/tools/software/frontends/_index.md
index d269ec471..0bf7c3774 100644
--- a/content/tools/software/frontends/_index.md
+++ b/content/tools/software/frontends/_index.md
@@ -10,36 +10,42 @@ Sometimes services will try to force you to sign up for an account by blocking a
If you choose to self-host these frontends, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting, as other peoples' usage will be linked to your hosting.
-When you are using an instance run by someone else, make sure to read the privacy policy of that specific instance (if available). They can be modified by their owners and therefore may not reflect the default policy. Some instances have [Tor](tor.md) .onion addresses, which may grant some privacy as long as your search queries don't contain personally identifiable information.
+When you are using an instance run by someone else, make sure to read the privacy policy of that specific instance (if available). They can be modified by their owners and therefore may not reflect the default policy. Some instances have [Tor](../tor/_index.md) .onion addresses, which may grant some privacy as long as your search queries don't contain personally identifiable information.
+
+
+{{< cards >}}
+ {{< card link="#redlib" title="Redlib" image="./redlib.svg" subtitle="Redlib is an open-source frontend to the Reddit website that is also self-hostable. You can access Redlib through a number of public instances." >}}
+ {{< card link="#proxitok" title="ProxiTok" image="./proxitok.svg" subtitle="ProxiTok is an open-source frontend to the TikTok website that is also self-hostable." >}}
+ {{< card link="#invidious" title="Invidious" image="./invidious.svg" subtitle="Invidious is a free and open-source frontend for YouTube that is also self-hostable." >}}
+ {{< card link="#piped" title="Piped" image="./piped.svg" subtitle="Piped is a free and open-source frontend for YouTube that is also self-hostable." >}}
+ {{< card link="#freetube" title="FreeTube" image="./freetube.svg" subtitle="FreeTube is a free and open-source desktop application for YouTube. FreeTube extracts data from YouTube using its built-in API based on YouTube.js or the Invidious API." >}}
+ {{< card link="#libretube-android" title="LibreTube" image="./libretube.svg" subtitle="LibreTube is a free and open-source Android application for YouTube which uses the Piped API." >}}
+ {{< card link="#newpipe-android" title="NewPipe" image="./newpipe.svg" subtitle="NewPipe is a free and open-source Android application for YouTube, SoundCloud, media.ccc.de, Bandcamp, and PeerTube (1)." >}}
+{{< /cards >}}
+
## Reddit
### Redlib
-
-
-{ align=right }
-
**Redlib** is an open-source frontend to the [Reddit](https://reddit.com) website that is also self-hostable. You can access Redlib through a number of public instances.
-[:octicons-repo-16: Repository](https://github.com/redlib-org/redlib){ .md-button .md-button--primary }
-[:octicons-server-16:](https://github.com/redlib-org/redlib-instances/blob/main/instances.md){ .card-link title="Public Instances" }
-[:octicons-info-16:](https://github.com/redlib-org/redlib?tab=readme-ov-file#table-of-contents){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/redlib-org/redlib){ .card-link title="Source Code" }
-
-
-The [Old Reddit](https://old.reddit.com) website doesn't require as much JavaScript as the new Reddit website does, but it has recently blocked access to IP addresses reserved for public VPNs. You can use Old Reddit in conjunction with the [Tor](tor.md) Onion that was [launched in October 2022](https://forum.torproject.org/t/reddit-onion-service-launch/5305) at [https://old.reddittorjg6rue252oqsxryoxengawnmo46qy4kyii5wtqnwfj4ooad.onion](https://old.reddittorjg6rue252oqsxryoxengawnmo46qy4kyii5wtqnwfj4ooad.onion).
+The [Old Reddit](https://old.reddit.com) website doesn't require as much JavaScript as the new Reddit website does, but it has recently blocked access to IP addresses reserved for public VPNs. You can use Old Reddit in conjunction with the [Tor](../tor/_index.md) Onion that was [launched in October 2022](https://forum.torproject.org/t/reddit-onion-service-launch/5305) at [https://old.reddittorjg6rue252oqsxryoxengawnmo46qy4kyii5wtqnwfj4ooad.onion](https://old.reddittorjg6rue252oqsxryoxengawnmo46qy4kyii5wtqnwfj4ooad.onion).
Tip
-Redlib is useful if you want to disable JavaScript in your browser, such as [Tor Browser](tor.md#tor-browser) on the Safest security level.
+Redlib is useful if you want to disable JavaScript in your browser, such as [Tor Browser](../tor/_index.md#tor-browser) on the Safest security level.
@@ -47,27 +53,19 @@ Redlib is useful if you want to disable JavaScript in your browser, such as [Tor
### ProxiTok
-
-
-{ align=right }
-
**ProxiTok** is an open-source frontend to the [TikTok](https://tiktok.com) website that is also self-hostable.
-There are a number of public instances, with some that offer a [Tor](tor.md) onion service or an [I2P](alternative-networks.md#i2p-the-invisible-internet-project) eepsite.
+There are a number of public instances, with some that offer a [Tor](../tor/_index.md) onion service or an [I2P](../../advanced/alternative-networks/_index.md#i2p-the-invisible-internet-project) eepsite.
-[:octicons-repo-16: Repository](https://github.com/pablouser1/ProxiTok){ .md-button .md-button--primary }
-[:octicons-server-16:](https://github.com/pablouser1/ProxiTok/wiki/Public-instances){ .card-link title="Public Instances" }
-[:octicons-info-16:](https://github.com/pablouser1/ProxiTok/wiki){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/pablouser1/ProxiTok){ .card-link title="Source Code" }
-
-
-
-
-ProxiTok is useful if you want to disable JavaScript in your browser, such as [Tor Browser](tor.md#tor-browser) on the Safest security level.
+ProxiTok is useful if you want to disable JavaScript in your browser, such as [Tor Browser](../tor/_index.md#tor-browser) on the Safest security level.
@@ -77,24 +75,14 @@ ProxiTok is useful if you want to disable JavaScript in your browser, such as [T
### Invidious
-
-
-{ align=right }
-{ align=right }
-
**Invidious** is a free and open-source frontend for [YouTube](https://youtube.com) that is also self-hostable.
-There are a number of public instances, with some that offer a [Tor](tor.md) onion service or an [I2P](alternative-networks.md#i2p-the-invisible-internet-project) eepsite.
+There are a number of public instances, with some that offer a [Tor](../tor/_index.md) onion service or an [I2P](../../advanced/alternative-networks/_index.md#i2p-the-invisible-internet-project) eepsite.
-[:octicons-home-16: Homepage](https://invidious.io){ .md-button .md-button--primary }
-[:octicons-server-16:](https://docs.invidious.io/instances){ .card-link title="Public Instances" }
-[:octicons-info-16:](https://docs.invidious.io){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/iv-org/invidious){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://invidious.io/donate){ .card-link title="Contribute" }
-
-
-
-
@@ -106,29 +94,20 @@ Invidious does not proxy video streams by default. Videos watched through Invidi
Tip
-Invidious is useful if you want to disable JavaScript in your browser, such as [Tor Browser](tor.md#tor-browser) on the Safest security level. It does not provide privacy by itself, and we don’t recommend logging into any accounts.
+Invidious is useful if you want to disable JavaScript in your browser, such as [Tor Browser](../tor/_index.md#tor-browser) on the Safest security level. It does not provide privacy by itself, and we don’t recommend logging into any accounts.
### Piped
-
-
-{ align=right }
-
**Piped** is a free and open-source frontend for [YouTube](https://youtube.com) that is also self-hostable.
Piped requires JavaScript in order to function and there are a number of public instances.
-[:octicons-repo-16: Repository](https://github.com/TeamPiped/Piped){ .md-button .md-button--primary }
-[:octicons-server-16:](https://github.com/TeamPiped/documentation/blob/main/content/docs/public-instances/index.md){ .card-link title="Public Instances" }
-[:octicons-info-16:](https://docs.piped.video/docs){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/TeamPiped/Piped){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://github.com/TeamPiped/Piped#donations){ .card-link title="Contribute" }
-
-
-
-
@@ -139,36 +118,24 @@ Piped is useful if you want to use [SponsorBlock](https://sponsor.ajay.app) with
### FreeTube
-
-
-{ align=right }
-
**FreeTube** is a free and open-source desktop application for [YouTube](https://youtube.com). FreeTube extracts data from YouTube using its built-in API based on [YouTube.js](https://github.com/LuanRT/YouTube.js) or the [Invidious](#invidious) API. You can configure either as the default, with the other serving as a fallback.
When using FreeTube, your subscription list, playlists, watch history and search history are saved locally on your device.
-[:octicons-home-16: Homepage](https://freetubeapp.io){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://freetubeapp.io/privacy.php){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://docs.freetubeapp.io){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/FreeTubeApp/FreeTube){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://liberapay.com/FreeTube){ .card-link title="Contribute" }
+{{< cards >}}
+ {{< card link="https://freetubeapp.io" title="Homepage" icon="home" >}}
+ {{< card link="https://freetubeapp.io/privacy.php" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:fontawesome-brands-windows: Windows](https://freetubeapp.io/#download)
-- [:simple-apple: macOS](https://freetubeapp.io/#download)
-- [:simple-linux: Linux](https://freetubeapp.io/#download)
-- [:simple-flathub: Flathub](https://flathub.org/apps/details/io.freetubeapp.FreeTube)
-
-
-
-
-When using FreeTube, your IP address may still be known to YouTube, [Invidious](https://instances.invidious.io), or [SponsorBlock](https://sponsor.ajay.app) depending on your configuration. Consider using a [VPN](vpn.md) or [Tor](tor.md) if your [threat model](../../../wiki/basics/threat-modeling.md requires hiding your IP address.
+When using FreeTube, your IP address may still be known to YouTube, [Invidious](https://instances.invidious.io), or [SponsorBlock](https://sponsor.ajay.app) depending on your configuration. Consider using a [VPN](../../services/vpn/_index.md) or [Tor](../tor/_index.md) if your [threat model](../../../wiki/basics/threat-modeling.md) requires hiding your IP address.
@@ -176,34 +143,21 @@ By default, FreeTube blocks all YouTube advertisements. In addition, FreeTube op
### LibreTube (Android)
-
-
-{ align=right }
-{ align=right }
-
**LibreTube** is a free and open-source Android application for [YouTube](https://youtube.com) which uses the [Piped](#piped) API.
Your subscription list and playlists are saved locally on your Android device.
-[:octicons-home-16: Homepage](https://libretube.dev){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://github.com/libre-tube/LibreTube/blob/master/PRIVACY_POLICY.md){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://libretube.dev/#faq){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/libre-tube/LibreTube){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://github.com/libre-tube/LibreTube#donate){ .card-link title="Contribute" }
+{{< cards >}}
+ {{< card link="https://libretube.dev" title="Homepage" icon="home" >}}
+ {{< card link="https://github.com/libre-tube/LibreTube/blob/master/PRIVACY_POLICY.md" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-github: GitHub](https://github.com/libre-tube/LibreTube/releases)
-
-
-
-
-When using LibreTube, your IP address will be visible to YouTube, [Piped](https://github.com/TeamPiped/Piped/wiki/Instances), or [SponsorBlock](https://sponsor.ajay.app) depending on your configuration. Consider using a [VPN](vpn.md) or [Tor](tor.md) if your [threat model](../../../wiki/basics/threat-modeling.md requires hiding your IP address.
+When using LibreTube, your IP address will be visible to YouTube, [Piped](https://github.com/TeamPiped/Piped/wiki/Instances), or [SponsorBlock](https://sponsor.ajay.app) depending on your configuration. Consider using a [VPN](../../services/vpn/_index.md) or [Tor](../tor/_index.md) if your [threat model](../../../wiki/basics/threat-modeling.md) requires hiding your IP address.
@@ -211,47 +165,35 @@ By default, LibreTube blocks all YouTube advertisements. Additionally, LibreTube
### NewPipe (Android)
-
-
-{ align=right }
-
**NewPipe** is a free and open-source Android application for [YouTube](https://youtube.com), [SoundCloud](https://soundcloud.com), [media.ccc.de](https://media.ccc.de), [Bandcamp](https://bandcamp.com), and [PeerTube](https://joinpeertube.org) (1).
Your subscription list and playlists are saved locally on your Android device.
-[:octicons-home-16: Homepage](https://newpipe.net){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://newpipe.net/legal/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://newpipe.net/FAQ){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/TeamNewPipe/NewPipe){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://newpipe.net/donate){ .card-link title="Contribute" }
+{{< cards >}}
+ {{< card link="https://newpipe.net" title="Homepage" icon="home" >}}
+ {{< card link="https://newpipe.net/legal/privacy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-github: GitHub](https://github.com/TeamNewPipe/NewPipe/releases)
-
-
-
-
+[{{< badge content="GitHub" >}}](https://github.com/TeamNewPipe/NewPipe/releases)
1. The default instance is [FramaTube](https://framatube.org), however more can be added via **Settings** → **Content** → **PeerTube instances**.
Warning
-When using NewPipe, your IP address will be visible to the video providers used. Consider using a [VPN](vpn.md) or [Tor](tor.md) if your [threat model](../../../wiki/basics/threat-modeling.md requires hiding your IP address.
+When using NewPipe, your IP address will be visible to the video providers used. Consider using a [VPN](../../services/vpn/_index.md) or [Tor](../tor/_index.md) if your [threat model](../../../wiki/basics/threat-modeling.md) requires hiding your IP address.
## Criteria
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../../../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
We only consider frontends if one of the following is true for a platform:
- Normally only accessible with JavaScript enabled.
- Normally only accessible with an account.
-- Blocks access from commercial [VPNs](vpn.md).
+- Blocks access from commercial [VPNs](../../services/vpn/_index.md).
Recommended frontends...
diff --git a/content/tools/software/health-and-wellness/_index.md b/content/tools/software/health-and-wellness/_index.md
index 08d34f159..039b71530 100644
--- a/content/tools/software/health-and-wellness/_index.md
+++ b/content/tools/software/health-and-wellness/_index.md
@@ -8,76 +8,57 @@ description: These applications are what we currently recommend for all health-
Keep track of your health and fitness-related goals with these apps. Unlike their mainstream alternatives, your personal health information will be kept private.
+
+{{< cards >}}
+ {{< card link="#drip" title="Drip" image="./drip.png" subtitle="Drip is a gender-inclusive and open source menstrual cycle tracker available on all mobile platforms. It relies on the 'sympto-thermal method' to predict ovulation." >}}
+ {{< card link="#euki" title="Euki" image="./euki.svg" subtitle="Euki is a nonprofit-backed menstrual cycle tracker that also doubles as a medication tracker and sexual wellness knowledge base. It allows you to schedule the automatic deletion of your personal data in the app." >}}
+ {{< card link="#apple-health" title="Apple Health" image="./apple-health.webp" subtitle="Apple Health is one of the default apps installed on iOS devices. It includes many health and wellness features (see Health Records), including menstrual cycle tracking." >}}
+ {{< card link="#apple-fitness" title="Apple Fitness" image="./apple-fitness.webp" subtitle="Apple Fitness is the default fitness app for iOS. Apple Fitness always uses end-to-end encryption when syncing across multiple devices." >}}
+ {{< card link="#gadgetbridge" title="Gadgetbridge" image="./gadgetbridge.svg" subtitle="Gadgetbridge is an open-source Android application which allows you to pair and manage your Bluetooth device without relying on the vendor’s application. When paired with a compatible smartwatch, it can mimic the health and wellness functionality of these watches without third-party data collection." >}}
+ {{< card link="#apple-health-records" title="Apple Health Records" image="./apple-health.webp" subtitle="Apple Health Records is a built-in feature within Apple Health that allows you to view, store, and share your health records." >}}
+ {{< card link="#commonhealth" title="CommonHealth" image="./commonhealth.png" subtitle="CommonHealth is a privacy-respecting Android app that allows people to access their electronic health records and securely share it to providers. All health data is stored on your device and can be protected with a passcode or biometric authentication." >}}
+{{< /cards >}}
+
+
## Menstrual Cycle Tracking
Popular menstrual trackers like [Flo](https://techcrunch.com/2021/01/13/flo-gets-ftc-slap-for-sharing-user-data-when-it-promised-privacy) are notorious for collecting and sharing your user data. Depending on your jurisdiction, this may lead to [legal consequences](https://forbes.com/sites/abigaildubiniecki/2024/11/14/post-roe-your-period-app-data-could-be-used-against-you) affecting your reproductive autonomy.
### Drip
-
-
-{ align=right }
-
**Drip** is a gender-inclusive and open source menstrual cycle tracker available on all mobile platforms. It relies on the "sympto-thermal method" to predict ovulation. All user data is stored locally on your device and can be protected with a password.
-[:octicons-home-16: Homepage](https://bloodyhealth.gitlab.io){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://bloodyhealth.gitlab.io/privacy-policy.html){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://bloodyhealth.gitlab.io/faq){ .card-link title="Documentation" }
-[:octicons-code-16:](https://gitlab.com/bloodyhealth/drip){ .card-link title="Source Code" }
+{{< cards >}}
+ {{< card link="https://bloodyhealth.gitlab.io" title="Homepage" icon="home" >}}
+ {{< card link="https://bloodyhealth.gitlab.io/privacy-policy.html" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.drip)
-- [:simple-appstore: App Store](https://apps.apple.com/us/app/drip/id1584564949)
-- [:simple-android: Android](https://bloodyhealth.gitlab.io)
-
-
-
-
-
-{ align=right }
-
**Euki** is a nonprofit-backed menstrual cycle tracker that also doubles as a medication tracker and sexual wellness knowledge base. It allows you to schedule the automatic deletion of your personal data in the app. All user data is stored locally on your device and can be protected with a password.
-[:octicons-home-16: Homepage](https://eukiapp.org){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://eukiapp.org/privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-code-16:](https://github.com/Euki-Inc/Euki-Android){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://every.org/euki-app){ .card-link title="Contribute" }
+{{< cards >}}
+ {{< card link="https://eukiapp.org" title="Homepage" icon="home" >}}
+ {{< card link="https://eukiapp.org/privacy-policy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.kollectivemobile.euki)
-- [:simple-appstore: App Store](https://apps.apple.com/app/euki/id1469213846)
-
-
-
-
+[{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=com.kollectivemobile.euki)
+[{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/app/euki/id1469213846)
### Apple Health
-
-
-{ align=right }{ align=right }
-
Apple Health is one of the default apps installed on iOS devices. It includes many health and wellness features (see [Health Records](#apple-health-records)), including menstrual cycle tracking. It also uses gender-neutral language. Apple Health always uses end-to-end encryption when syncing across multiple devices.
-[:octicons-home-16: Homepage](https://apple.com/health){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://apple.com/legal/privacy/consumer-health-personal-data/en-ww){ .card-link title="Privacy Policy" }
+{{< cards >}}
+ {{< card link="https://apple.com/health" title="Homepage" icon="home" >}}
+ {{< card link="https://apple.com/legal/privacy/consumer-health-personal-data/en-ww" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-appstore: App Store](https://apps.apple.com/app/apple-health/id1242545199)
-
-
-
-
+[{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/app/apple-health/id1242545199)
## Fitness Trackers
@@ -85,44 +66,25 @@ These general purpose apps can do everything from counting steps and tracking sl
### Apple Fitness
-
-
-{ align=right }
-
**Apple Fitness** is the default fitness app for iOS. Apple Fitness always uses end-to-end encryption when syncing across multiple devices. Additionally, almost all measured data is processed on your device.
-[:octicons-eye-16:](https://apple.com/legal/privacy/consumer-health-personal-data/en-ww){ .card-link title="Privacy Policy" }
+{{< cards >}}
+ {{< card link="https://apple.com/fitness" title="Homepage" icon="home" >}}
+ {{< card link="https://apple.com/legal/privacy/consumer-health-personal-data/en-ww" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-appstore: App Store](https://apps.apple.com/app/id1208224953)
-
-
-
-
-
-{ align=right }{ align=right }
-
**Gadgetbridge** is an open-source Android application which allows you to pair and manage your Bluetooth device without relying on the vendor’s application. When paired with a compatible smartwatch, it can mimic the health and wellness functionality of these watches without third-party data collection.
-[:octicons-home-16: Homepage](https://gadgetbridge.org){ .md-button .md-button--primary }
-[:octicons-info-16:](https://gadgetbridge.org/basics){ .card-link title="Documentation" }
-[:octicons-code-16:](https://codeberg.org/Freeyourgadget/Gadgetbridge){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://liberapay.com/Gadgetbridge/donate){ .card-link title="Contribute" }
+{{< cards >}}
+ {{< card link="https://gadgetbridge.org" title="Homepage" icon="home" >}}
+ {{< card link="https://gadgetbridge.org/basics" title="Documentation" icon="document-text" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-fdroid: F-Droid](https://f-droid.org/packages/nodomain.freeyourgadget.gadgetbridge)
-
-
-
-
+[{{< badge content="F-Droid" >}}](https://f-droid.org/packages/nodomain.freeyourgadget.gadgetbridge)
Gadgetbridge's app functionality includes, but is not limited to: step counting, sleep tracking, heart rate monitoring, etc.
@@ -134,49 +96,31 @@ These apps help you collect and manage personal health data and share it with he
### Apple Health Records
-
-
-{ align=right }{ align=right }
-
**Apple Health Records** is a built-in feature within [Apple Health](#apple-health) that allows you to view, store, and share your health records.
-[:octicons-home-16: Homepage](https://apple.com/health){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://apple.com/legal/privacy/consumer-health-personal-data/en-ww){ .card-link title="Privacy Policy" }
+{{< cards >}}
+ {{< card link="https://apple.com/health" title="Homepage" icon="home" >}}
+ {{< card link="https://apple.com/legal/privacy/consumer-health-personal-data/en-ww" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-appstore: App Store](https://apps.apple.com/app/apple-health/id1242545199)
-
-
-
-
-
-{ align=right }
-
**CommonHealth** is a privacy-respecting Android app that allows people to access their electronic health records and securely share it to providers. All health data is stored on your device and can be protected with a passcode or biometric authentication.
-[:octicons-home-16: Homepage](https://commonhealth.org){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://commonhealth.org/privacy){ .card-link title="Privacy Policy" }
+{{< cards >}}
+ {{< card link="https://commonhealth.org" title="Homepage" icon="home" >}}
+ {{< card link="https://commonhealth.org/privacy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.thecommonsproject.android.phr)
-
-
-
-
+[{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=org.thecommonsproject.android.phr)
CommonHealth is only available in the United States. Although the app itself is closed source, the [developer SDK is open source](https://github.com/the-commons-project).
## Criteria
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../../../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
### Minimum Requirements
diff --git a/content/tools/software/language-tools/_index.md b/content/tools/software/language-tools/_index.md
index a1369352e..3ba5aee04 100644
--- a/content/tools/software/language-tools/_index.md
+++ b/content/tools/software/language-tools/_index.md
@@ -7,38 +7,32 @@ description: These language tools do not send your input text to a server and ca
[{{< badge content="Service Providers" color="indigo" >}}](../../../wiki/basics/common-threats.md#privacy-from-service-providers)
[{{< badge content="Surveillance Capitalism" color="purple" >}}](../../../wiki/basics/common-threats.md#surveillance-as-a-business-model)
+
+{{< cards >}}
+ {{< card link="#languagetool" title="LanguageTool" image="./languagetool.svg" subtitle="LanguageTool is a multilingual grammar, style, and spell checker that supports more than 20 languages. According to their privacy policy, they do not store any content sent to their service for review, but for higher assurance the software is self-hostable." >}}
+ {{< card link="#libretranslate" title="LibreTranslate" image="./libretranslate.png" subtitle="LibreTranslate is a free and open-source machine translation web interface and API server. It uses Argos Translate models on the backend for translations." >}}
+{{< /cards >}}
+
+
Text inputted to grammar, spelling, and style checkers, as well as translation services, can contain sensitive information which may be stored on their servers for an indefinite amount of time and sold to third parties. The language tools listed on this page do not store your submitted text on a server and can be self-hosted and used offline for maximum control of your data.
## Grammar & Spelling
### LanguageTool
-
-
-{ align=right }
-{ align=right }
-
**LanguageTool** is a multilingual grammar, style, and spell checker that supports more than 20 languages. According to their privacy policy, they do not store any content sent to their service for review, but for higher assurance the software is [self-hostable](https://dev.languagetool.org/http-server).
-[:octicons-home-16: Homepage](https://languagetool.org){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://languagetool.org/legal/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://languagetooler.freshdesk.com/en/support/solutions){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/languagetool-org){ .card-link title="Source Code" }
+{{< cards >}}
+ {{< card link="https://languagetool.org" title="Homepage" icon="home" >}}
+ {{< card link="https://languagetool.org/legal/privacy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-appstore: App Store](https://apps.apple.com/app/id1534275760)
-- [:fontawesome-brands-windows: Windows](https://languagetool.org/windows-desktop)
-- [:simple-apple: macOS](https://languagetool.org/mac-desktop)
-- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/languagetool)
-- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/oldceeleldhonbafppcapldpdifcinji)
-- [:fontawesome-brands-edge: Edge](https://microsoftedge.microsoft.com/addons/detail/hfjadhjooeceemgojogkhlppanjkbobc)
-- [:simple-safari: Safari](https://apps.apple.com/app/id1534275760)
-
-
-
-
+[{{< badge content="macOS" color="indigo" >}}](https://languagetool.org/mac-desktop)
+[{{< badge content="Windows" color="red" >}}](https://languagetool.org/windows-desktop)
+[{{< badge content="Firefox" >}}](https://addons.mozilla.org/firefox/addon/languagetool)
+[{{< badge content="Chrome" >}}](https://chrome.google.com/webstore/detail/oldceeleldhonbafppcapldpdifcinji)
+[{{< badge content="Edge" >}}](https://microsoftedge.microsoft.com/addons/detail/hfjadhjooeceemgojogkhlppanjkbobc)
+[{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/app/id1534275760)
LanguageTool offers integration with a variety of [office suites](https://languagetool.org/services#text_editors) and [email clients](https://languagetool.org/services#mail_clients).
@@ -46,25 +40,20 @@ LanguageTool offers integration with a variety of [office suites](https://langua
### LibreTranslate
-
-
-{ align=right }
-
**LibreTranslate** is a free and open-source machine translation web interface and API server. It uses [Argos Translate](https://github.com/argosopentech/argos-translate) models on the backend for translations.
-[:octicons-home-16: Homepage](https://libretranslate.com){ .md-button .md-button--primary }
-[:octicons-server-16:](https://github.com/LibreTranslate/LibreTranslate#mirrors){ .card-link title="Public Instances" }
-[:octicons-code-16:](https://github.com/LibreTranslate/LibreTranslate){ .card-link title="Source Code" }
+{{< cards >}}
+ {{< card link="https://libretranslate.com" title="Homepage" icon="home" >}}
+ {{< card link="https://github.com/LibreTranslate/LibreTranslate#mirrors" title="Public Instances" icon="server" >}}
+{{< /cards >}}
-
-
-You can use LibreTranslate through a number of public instances, with some that offer a [Tor](tor.md) onion service or an [I2P](alternative-networks.md#i2p-the-invisible-internet-project) eepsite. You can also host the software yourself for maximum control over the text submitted for translation.
+You can use LibreTranslate through a number of public instances, with some that offer a [Tor](tor.md) onion service or an [I2P](../../advanced/alternative-networks/_index.md#i2p-the-invisible-internet-project) eepsite. You can also host the software yourself for maximum control over the text submitted for translation.
We use a self-hosted instance of LibreTranslate to automatically translate posts on our [forum](https://discuss.privacyguides.net) to multiple languages.
## Criteria
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../../../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
- Must be open source.
- Must be possible to self-host.
diff --git a/content/tools/software/maps/_index.md b/content/tools/software/maps/_index.md
index 78fca82e2..98e65b45e 100644
--- a/content/tools/software/maps/_index.md
+++ b/content/tools/software/maps/_index.md
@@ -6,61 +6,47 @@ description: Privacy-respecting map providers and navigation apps which don't bu
[{{< badge content="Surveillance Capitalism" color="purple" >}}](../../../wiki/basics/common-threats.md#surveillance-as-a-business-model)
+
+{{< cards >}}
+ {{< card link="#organic-maps" title="Organic Maps" image="./organic-maps.svg" subtitle="Organic Maps is an open-source, community-developed map display and satnav-style navigation app for walkers, drivers, and cyclists. The app offers worldwide, offline maps based on OpenStreetMap data, and navigation with privacy — no location tracking, no data collection, and no ads." >}}
+ {{< card link="#osmand" title="OsmAnd" image="./osmand.svg" subtitle="OsmAnd is an open-source, offline map and navigation application based on OpenStreetMap that offers turn-by-turn navigation for walking, cycling, driving, as well as public transport. You can find a detailed overview of OsmAnd's supported features on the OpenStreet Map Wiki." >}}
+{{< /cards >}}
+
+
Use a **map and navigation app** that doesn't build an advertising profile based on your searches and location history. Instead of using Google Maps, Apple Maps, or Waze, we recommend these privacy-respecting alternatives.
The recommendations here do not collect personally identifying information (PII) based on each application's privacy policy. There is **no guarantee** that these privacy policies are honored.
## Organic Maps
-
-
-{ align=right }
-
**Organic Maps** is an open-source, community-developed map display and satnav-style navigation app for walkers, drivers, and cyclists. The app offers worldwide, offline maps based on OpenStreetMap data, and navigation with privacy — no location tracking, no data collection, and no ads. The app can be used completely offline.
Features include cycling routes, hiking trails and walking paths, turn-by-turn navigation with voice guidance, and public transport route planning (only available in supported regions and cities).
-[:octicons-home-16: Homepage](https://organicmaps.app){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://organicmaps.app/privacy){ .card-link title="Privacy Policy" }
-[:octicons-code-16:](https://github.com/organicmaps/organicmaps){ .card-link title="Source Code" }
+{{< cards >}}
+ {{< card link="https://organicmaps.app" title="Homepage" icon="home" >}}
+ {{< card link="https://organicmaps.app/privacy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.organicmaps)
-- [:simple-appstore: App Store](https://apps.apple.com/app/organic-maps/id1567437057)
-- [:simple-github: GitHub](https://github.com/organicmaps/organicmaps/releases)
-- [:simple-linux: Linux](https://flathub.org/apps/app.organicmaps.desktop)
-
-
-
-
+[{{< badge content="Linux" color="yellow" >}}](https://flathub.org/apps/app.organicmaps.desktop)
+[{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=app.organicmaps)
+[{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/app/organic-maps/id1567437057)
+[{{< badge content="GitHub" >}}](https://github.com/organicmaps/organicmaps/releases)
Please note that Organic Maps is a simple, basic app that lacks certain features many users might expect, such as satellite images, street view images, and real-time traffic information.
## OsmAnd
-
-
-{ align=right }
-
**OsmAnd** is an open-source, offline map and navigation application based on OpenStreetMap that offers turn-by-turn navigation for walking, cycling, driving, as well as public transport. You can find a detailed overview of OsmAnd's supported [features](https://wiki.openstreetmap.org/wiki/OsmAnd#Features) on the OpenStreet Map Wiki.
-[:octicons-home-16: Homepage](https://osmand.net){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://osmand.net/docs/legal/privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://osmand.net/docs/intro){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/osmandapp){ .card-link title="Source Code" }
+{{< cards >}}
+ {{< card link="https://osmand.net" title="Homepage" icon="home" >}}
+ {{< card link="https://osmand.net/docs/legal/privacy-policy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=net.osmand)
-- [:simple-appstore: App Store](https://apps.apple.com/us/app/id934850257)
-- [:simple-android: Android](https://osmand.net/docs/versions/free-versions)
-
-
-
-
@@ -81,7 +67,7 @@ OsmAnd allows you to overlay or underlay external map data, such as satellite im
## Criteria
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../../../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
### Minimum Requirements
diff --git a/content/tools/software/mobile-browsers/_index.md b/content/tools/software/mobile-browsers/_index.md
index 0e03b1e42..db6ea51fd 100644
--- a/content/tools/software/mobile-browsers/_index.md
+++ b/content/tools/software/mobile-browsers/_index.md
@@ -6,35 +6,31 @@ description: These browsers are what we currently recommend for standard/non-ano
[{{< badge content="Surveillance Capitalism" color="purple" >}}](../../../wiki/basics/common-threats.md#surveillance-as-a-business-model)
+
+{{< cards >}}
+ {{< card link="#brave" title="Brave" image="./brave.svg" subtitle="Brave Browser includes a built-in content blocker and privacy features, many of which are enabled by default. Brave is built upon the Chromium web browser project, so it should feel familiar and have minimal website compatibility issues." >}}
+ {{< card link="#cromite-android" title="Cromite" image="./cromite.svg" subtitle="Cromite is a Chromium-based browser with built-in ad blocking, fingerprinting protections, and other privacy and security enhancements. It is a fork of the discontinued Bromite browser." >}}
+ {{< card link="#safari-ios" title="Safari (iOS)" image="./safari.svg" subtitle="On iOS, any app that can browse the web is restricted to using an Apple-provided WebKit framework, so a browser like Brave does not use the Blink engine (the core component of Chromium) like its counterparts on other operating systems. Safari is the default browser in iOS." >}}
+{{< /cards >}}
+
+
These are our currently recommended **mobile web browsers** and configurations for standard/non-anonymous internet browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead.
## Brave
-
-
-{ align=right }
-
**Brave Browser** includes a built-in content blocker and [privacy features](https://brave.com/privacy-features), many of which are enabled by default.
Brave is built upon the Chromium web browser project, so it should feel familiar and have minimal website compatibility issues.
-[:octicons-home-16: Homepage](https://brave.com){ .md-button .md-button--primary }
-[:simple-torbrowser:](https://brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title="Onion Service" }
-[:octicons-eye-16:](https://brave.com/privacy/browser){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://support.brave.com){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/brave/brave-browser){ .card-link title="Source Code" }
+{{< cards >}}
+ {{< card link="https://brave.com" title="Homepage" icon="home" >}}
+ {{< card link="https://brave.com/privacy/browser" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.brave.browser)
-- [:simple-appstore: App Store](https://apps.apple.com/app/id1052879175)
-- [:simple-github: GitHub](https://github.com/brave/brave-browser/releases)
-- [:simple-fdroid: F-Droid](https://brave-browser-apk-release.s3.brave.com/fdroid/repo/index.html)
-
-
-
-
+[{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=com.brave.browser)
+[{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/app/id1052879175)
+[{{< badge content="F-Droid" >}}](https://brave-browser-apk-release.s3.brave.com/fdroid/repo/index.html)
+[{{< badge content="GitHub" >}}](https://github.com/brave/brave-browser/releases)
### Recommended Brave Configuration
@@ -159,26 +155,15 @@ These options can be found in :material-menu:/:fontawesome-solid-ellipsis: → *
## Cromite (Android)
-
-
-{ align=right }
-
**Cromite** is a Chromium-based browser with built-in ad blocking, fingerprinting protections, and other [privacy and security enhancements](https://github.com/uazo/cromite/blob/master/docs/FEATURES.md). It is a fork of the discontinued **Bromite** browser.
-[:octicons-home-16: Homepage](https://cromite.org){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://github.com/uazo/cromite/blob/master/docs/PRIVACY_POLICY.md){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://github.com/uazo/cromite?tab=readme-ov-file#docs){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/uazo/cromite){ .card-link title="Source Code" }
+{{< cards >}}
+ {{< card link="https://cromite.org" title="Homepage" icon="home" >}}
+ {{< card link="https://github.com/uazo/cromite/blob/master/docs/PRIVACY_POLICY.md" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-android: F-Droid](https://cromite.org/fdroid/repo/?fingerprint=49F37E74DEE483DCA2B991334FB5A0200787430D0B5F9A783DD5F13695E9517B)
-- [:simple-github: GitHub](https://github.com/uazo/cromite/releases/latest)
-
-
-
-
+[{{< badge content="F-Droid" >}}](https://cromite.org/fdroid/repo/?fingerprint=49F37E74DEE483DCA2B991334FB5A0200787430D0B5F9A783DD5F13695E9517B)
+[{{< badge content="GitHub" >}}](https://github.com/uazo/cromite/releases/latest)
### Recommended Configuration
@@ -222,19 +207,12 @@ This disables update checks for the unmaintained Bromite adblock filter.
On iOS, any app that can browse the web is [restricted](https://developer.apple.com/app-store/review/guidelines) to using an Apple-provided [WebKit framework](https://developer.apple.com/documentation/webkit), so a browser like [Brave](#brave) does not use the Blink engine (the core component of Chromium) like its counterparts on other operating systems.
-
-
-{ align=right }
-
**Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites, so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
-[:octicons-home-16: Homepage](https://apple.com/safari){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://apple.com/legal/privacy/data/en/safari){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://support.apple.com/guide/iphone/browse-the-web-iph1fbef4daa/ios){ .card-link title="Documentation" }
-
-
-
-
+{{< cards >}}
+ {{< card link="https://apple.com/safari" title="Homepage" icon="home" >}}
+ {{< card link="https://apple.com/legal/privacy/data/en/safari" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
### Recommended Safari Configuration
@@ -341,7 +319,7 @@ If you use iCloud with Advanced Data Protection disabled, we also recommend sett
## Criteria
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../../../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
### Minimum Requirements
diff --git a/content/tools/software/mobile-browsers/brave.svg b/content/tools/software/mobile-browsers/brave.svg
new file mode 100644
index 000000000..780eb49ff
--- /dev/null
+++ b/content/tools/software/mobile-browsers/brave.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/content/tools/software/desktop-browsers/cromite.svg b/content/tools/software/mobile-browsers/cromite.svg
similarity index 100%
rename from content/tools/software/desktop-browsers/cromite.svg
rename to content/tools/software/mobile-browsers/cromite.svg
diff --git a/content/tools/software/desktop-browsers/safari.svg b/content/tools/software/mobile-browsers/safari.svg
similarity index 100%
rename from content/tools/software/desktop-browsers/safari.svg
rename to content/tools/software/mobile-browsers/safari.svg
diff --git a/content/tools/software/multi-factor-authentication/_index.md b/content/tools/software/multi-factor-authentication/_index.md
index 20f68e6f8..65b75af43 100644
--- a/content/tools/software/multi-factor-authentication/_index.md
+++ b/content/tools/software/multi-factor-authentication/_index.md
@@ -9,7 +9,7 @@ description: These tools assist you with securing your internet accounts with mu
Hardware Keys
-[Hardware security key recommendations](security-keys.md) have been moved to their own category.
+[Hardware security key recommendations](../../hardware/security-keys/_index.md) have been moved to their own category.
@@ -17,59 +17,44 @@ description: These tools assist you with securing your internet accounts with mu
We highly recommend that you use mobile TOTP apps instead of desktop alternatives as Android and iOS have better security and app isolation than most desktop operating systems.
+
+{{< cards >}}
+ {{< card link="#ente-auth" title="Ente Auth" image="./ente-auth.svg" subtitle="Ente Auth is a free and open-source app which stores and generates TOTP tokens. It can be used with an online account to back up and sync your tokens across your devices (and access them via a web interface) in a secure, end-to-end encrypted fashion." >}}
+ {{< card link="#aegis-authenticator-android" title="Aegis Authenticator" image="./aegis.png" subtitle="Aegis Authenticator is a free and open-source app for Android to manage your 2-step verification tokens for your online services. Aegis Authenticator operates completely offline/locally, but includes the option to export your tokens for backup unlike many alternatives." >}}
+{{< /cards >}}
+
+
## Ente Auth
-
-
-{ align=right }
-
**Ente Auth** is a free and open-source app which stores and generates TOTP tokens. It can be used with an online account to back up and sync your tokens across your devices (and access them via a web interface) in a secure, end-to-end encrypted fashion. It can also be used offline on a single device with no account necessary.
-[:octicons-home-16: Homepage](https://ente.com/auth){ .md-button .md-button--primary } [:octicons-eye-16:](https://ente.com/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://ente.com/help/auth){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/ente-io/ente/tree/main/auth#readme){ .card-link title="Source Code" }
+{{< cards >}}
+ {{< card link="https://ente.com/auth" title="Homepage" icon="home" >}}
+ {{< card link="https://ente.com/privacy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=io.ente.auth)
-- [:simple-appstore: App Store](https://apps.apple.com/app/id6444121398)
-- [:simple-github: GitHub](https://github.com/ente-io/ente/releases?q=auth)
-- [:octicons-browser-16: Web](https://auth.ente.io)
-
-
-
-
+[{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=io.ente.auth)
+[{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/app/id6444121398)
+[{{< badge content="GitHub" >}}](https://github.com/ente-io/ente/releases?q=auth)
+[{{< badge content="Web" >}}](https://auth.ente.io)
The server-side source code and infrastructure which underpins Ente Auth (if used with an online account) underwent an audit by [Cure53](https://ente.com/blog/cern-audit) in October 2025.
## Aegis Authenticator (Android)
-
-
-{ align=right }
-
**Aegis Authenticator** is a free and open-source app for Android to manage your 2-step verification tokens for your online services. Aegis Authenticator operates completely offline/locally, but includes the option to export your tokens for backup unlike many alternatives.
-[:octicons-home-16: Homepage](https://getaegis.app){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://getaegis.app/aegis/privacy.html){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://github.com/beemdevelopment/Aegis/wiki){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/beemdevelopment/Aegis){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://buymeacoffee.com/beemdevelopment){ .card-link title="Contribute" }
+{{< cards >}}
+ {{< card link="https://getaegis.app" title="Homepage" icon="home" >}}
+ {{< card link="https://getaegis.app/aegis/privacy.html" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.beemdevelopment.aegis)
-- [:simple-github: GitHub](https://github.com/beemdevelopment/Aegis/releases)
-
-
-
-
+[{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=com.beemdevelopment.aegis)
+[{{< badge content="GitHub" >}}](https://github.com/beemdevelopment/Aegis/releases)
## Criteria
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../../../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
- Source code must be publicly available.
- Must not require internet connectivity.
diff --git a/content/tools/software/news-aggregators/_index.md b/content/tools/software/news-aggregators/_index.md
index b5ddefe7c..6fb6179ed 100644
--- a/content/tools/software/news-aggregators/_index.md
+++ b/content/tools/software/news-aggregators/_index.md
@@ -8,135 +8,92 @@ description: These news aggregator clients let you keep up with your favorite bl
A **news aggregator** is software which aggregates digital content from online newspapers, blogs, podcasts, and other resources to one location for easy viewing. Using one can be a great way to keep up with your favorite content.
+
+{{< cards >}}
+ {{< card link="#akregator" title="Akregator" image="./akregator.svg" subtitle="Akregator is a news feed reader that is a part of the KDE project. It comes with a fast search, advanced archiving functionality, and an internal browser for easy news reading." >}}
+ {{< card link="#newsflash" title="NewsFlash" image="./newsflash.png" subtitle="NewsFlash is an open-source, modern, and easy-to-use news feed reader for Linux. It can be used offline or with services like Inoreader or Nextcloud News." >}}
+ {{< card link="#feeder" title="Feeder" image="./feeder.png" subtitle="Feeder is a modern RSS client for Android that has many features and works well with folders of RSS feeds." >}}
+ {{< card link="#miniflux" title="Miniflux" image="./miniflux.svg" subtitle="Miniflux is a web-based news aggregator that you can self-host." >}}
+ {{< card link="#netnewswire" title="NetNewsWire" image="./netnewswire.png" subtitle="NetNewsWire is a free and open-source feed reader for macOS and iOS with a focus on a native design and feature set." >}}
+ {{< card link="#newsboat" title="Newsboat" image="./newsboat.svg" subtitle="Newsboat is an RSS/Atom feed reader for the text console. It's an actively maintained fork of Newsbeuter." >}}
+{{< /cards >}}
+
+
## Aggregator clients
### Akregator
-
-
-{ align=right }
-
**Akregator** is a news feed reader that is a part of the [KDE](https://kde.org) project. It comes with a fast search, advanced archiving functionality, and an internal browser for easy news reading.
-[:octicons-home-16: Homepage](https://apps.kde.org/akregator){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://kde.org/privacypolicy-apps){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://docs.kde.org/?application=akregator){ .card-link title="Documentation" }
-[:octicons-code-16:](https://invent.kde.org/pim/akregator){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://kde.org/community/donations){ .card-link title="Contribute" }
+{{< cards >}}
+ {{< card link="https://apps.kde.org/akregator" title="Homepage" icon="home" >}}
+ {{< card link="https://kde.org/privacypolicy-apps" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.kde.akregator)
-
-
-
-
-
-{ align=right }
-
**NewsFlash** is an open-source, modern, and easy-to-use news feed reader for Linux. It can be used offline or with services like [Inoreader](https://inoreader.com) or [Nextcloud News](https://apps.nextcloud.com/apps/news). It has a search feature and a pre-defined list of sources that you can add directly.
-[:octicons-repo-16: Repository](https://gitlab.com/news-flash/news_flash_gtk#newsflash){ .md-button .md-button--primary }
-[:octicons-code-16:](https://gitlab.com/news-flash/news_flash_gtk){ .card-link title="Source Code" }
+{{< cards >}}
+ {{< card link="https://gitlab.com/news-flash/news_flash_gtk#newsflash" title="Repository" icon="code" >}}
+ {{< card link="https://gitlab.com/news-flash/news_flash_gtk/-/wikis/home" title="Documentation" icon="document-text" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-flathub: Flathub](https://flathub.org/apps/io.gitlab.news_flash.NewsFlash)
-
-
-
-
-
-{ align=right }
-
**Newsboat** is an RSS/Atom feed reader for the text console. It's an actively maintained fork of [Newsbeuter](https://en.wikipedia.org/wiki/Newsbeuter). It is very lightweight and ideal for use over [Secure Shell](https://en.wikipedia.org/wiki/Secure_Shell).
-[:octicons-home-16: Homepage](https://newsboat.org){ .md-button .md-button--primary }
-[:octicons-info-16:](https://newsboat.org/releases/2.38/docs/newsboat.html){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/newsboat/newsboat){ .card-link title="Source Code" }
-
-
+{{< cards >}}
+ {{< card link="https://newsboat.org" title="Homepage" icon="home" >}}
+ {{< card link="https://newsboat.org/releases/2.38/docs/newsboat.html" title="Documentation" icon="document-text" >}}
+{{< /cards >}}
## Criteria
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../../../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
- Must be open-source software.
- Must operate locally, i.e. must not be a cloud service.
diff --git a/content/tools/software/notebooks/_index.md b/content/tools/software/notebooks/_index.md
index 0e1cfa75a..bab951db3 100644
--- a/content/tools/software/notebooks/_index.md
+++ b/content/tools/software/notebooks/_index.md
@@ -10,133 +10,95 @@ Keep track of your notes and journals without giving them to a third party.
If you are currently using an application like Evernote, Google Keep, or Microsoft OneNote, we suggest you pick an alternative here that supports end-to-end encryption.
+
+{{< cards >}}
+ {{< card link="#standard-notes" title="Standard Notes" image="./standard-notes.svg" subtitle="Standard Notes is a simple and private notes app that features cross-platform sync for seamless use. It features E2EE on every platform, and a powerful desktop experience with themes and custom editors." >}}
+ {{< card link="#notesnook" title="Notesnook" image="./notesnook.svg" subtitle="Notesnook is a free (as in speech), open-source, and easy-to-use E2EE note-taking app focused on user privacy." >}}
+ {{< card link="#joplin" title="Joplin" image="./joplin.svg" subtitle="Joplin is a free, open-source, and fully-featured E2EE note-taking and to-do application which can handle numerous Markdown notes organized into notebooks and tags." >}}
+ {{< card link="#cryptee" title="Cryptee" image="./cryptee.svg" subtitle="Cryptee is an open-source, web-based E2EE document editor and photo storage application." >}}
+ {{< card link="#org-mode" title="Org-mode" image="./org-mode.svg" subtitle="Org-mode is a major mode for GNU Emacs. Org-mode is for keeping notes, maintaining to-do lists, planning projects, and authoring documents with a fast and effective plain-text system." >}}
+{{< /cards >}}
+
+
## Cloud-based
### Standard Notes
-
-
-{ align=right }
-
**Standard Notes** is a simple and private notes app that features cross-platform sync for seamless use. It features E2EE on every platform, and a powerful desktop experience with themes and custom editors.
Standard Notes has also undergone multiple [independent audits](https://standardnotes.com/help/2/has-standard-notes-completed-a-third-party-security-audit).
-[:octicons-home-16: Homepage](https://standardnotes.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://standardnotes.com/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://standardnotes.com/help){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/standardnotes){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://standardnotes.com/donate){ .card-link title="Contribute" }
+{{< cards >}}
+ {{< card link="https://standardnotes.com" title="Homepage" icon="home" >}}
+ {{< card link="https://standardnotes.com/privacy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.standardnotes)
-- [:simple-appstore: App Store](https://apps.apple.com/app/id1285392450)
-- [:simple-github: GitHub](https://github.com/standardnotes/app/releases)
-- [:fontawesome-brands-windows: Windows](https://standardnotes.com)
-- [:simple-apple: macOS](https://standardnotes.com)
-- [:simple-linux: Linux](https://standardnotes.com)
-- [:octicons-browser-16: Web](https://app.standardnotes.com)
-
-
-
-
+[{{< badge content="Linux" color="yellow" >}}](https://standardnotes.com)
+[{{< badge content="macOS" color="indigo" >}}](https://standardnotes.com)
+[{{< badge content="Windows" color="red" >}}](https://standardnotes.com)
+[{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=com.standardnotes)
+[{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/app/id1285392450)
+[{{< badge content="GitHub" >}}](https://github.com/standardnotes/app/releases)
+[{{< badge content="Web" >}}](https://app.standardnotes.com)
Standard Notes has [joined Proton AG](https://standardnotes.com/blog/joining-forces-with-proton) as of April 10, 2024.
### Notesnook
-
-
-{ align=right }
-
**Notesnook** is a free (as in speech), open-source, and easy-to-use E2EE note-taking app focused on user privacy.
It features sync functionality that allows you to access your notes on multiple platforms. You can easily import your notes from Evernote, OneNote, and other apps using their [official importer](https://importer.notesnook.com).
-[:octicons-home-16: Homepage](https://notesnook.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://notesnook.com/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://help.notesnook.com){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/streetwriters/notesnook){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://opencollective.com/notesnook){ .card-link title="Contribute" }
+{{< cards >}}
+ {{< card link="https://notesnook.com" title="Homepage" icon="home" >}}
+ {{< card link="https://notesnook.com/privacy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.streetwriters.notesnook)
-- [:simple-appstore: App Store](https://apps.apple.com/app/id1544027013)
-- [:simple-github: GitHub](https://github.com/streetwriters/notesnook/releases)
-- [:fontawesome-brands-windows: Windows](https://notesnook.com/downloads)
-- [:simple-apple: macOS](https://notesnook.com/downloads)
-- [:simple-linux: Linux](https://notesnook.com/downloads)
-- [:simple-flathub: Flathub](https://flathub.org/apps/com.notesnook.Notesnook)
-- [:simple-firefoxbrowser: Firefox](https://notesnook.com/notesnook-web-clipper)
-- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/kljhpemdlcnjohmfmkogahelkcidieaj)
-- [:octicons-browser-16: Web](https://app.notesnook.com)
-
-
-
-
-
-{ align=right }
-
**Joplin** is a free, open-source, and fully-featured E2EE note-taking and to-do application which can handle numerous Markdown notes organized into notebooks and tags.
It can sync through Nextcloud, Dropbox, and more. It also offers easy import from Evernote and plain-text notes.
-[:octicons-home-16: Homepage](https://joplinapp.org){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://joplinapp.org/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://joplinapp.org/help){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/laurent22/joplin){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://joplinapp.org/donate){ .card-link title="Contribute" }
+{{< cards >}}
+ {{< card link="https://joplinapp.org" title="Homepage" icon="home" >}}
+ {{< card link="https://joplinapp.org/privacy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=net.cozic.joplin)
-- [:simple-appstore: App Store](https://apps.apple.com/app/id1315599797)
-- [:simple-github: GitHub](https://github.com/laurent22/joplin-android/releases)
-- [:fontawesome-brands-windows: Windows](https://joplinapp.org/#desktop-applications)
-- [:simple-apple: macOS](https://joplinapp.org/#desktop-applications)
-- [:simple-linux: Linux](https://joplinapp.org/#desktop-applications)
-- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/joplin-web-clipper)
-- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/alofnhikmmkdbbbgpnglcpdollgjjfek)
-
-
-
-
+[{{< badge content="Linux" color="yellow" >}}](https://joplinapp.org/#desktop-applications)
+[{{< badge content="macOS" color="indigo" >}}](https://joplinapp.org/#desktop-applications)
+[{{< badge content="Windows" color="red" >}}](https://joplinapp.org/#desktop-applications)
+[{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=net.cozic.joplin)
+[{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/app/id1315599797)
+[{{< badge content="GitHub" >}}](https://github.com/laurent22/joplin-android/releases)
+[{{< badge content="Firefox" >}}](https://addons.mozilla.org/firefox/addon/joplin-web-clipper)
+[{{< badge content="Chrome" >}}](https://chrome.google.com/webstore/detail/alofnhikmmkdbbbgpnglcpdollgjjfek)
Joplin [does not support](https://github.com/laurent22/joplin/issues/289) password/PIN protection for the application itself or individual notes and notebooks. However, your data is still encrypted in transit and at the sync location using your master key. Since January 2023, Joplin [supports biometrics app lock](https://github.com/laurent22/joplin/commit/f10d9f75b055d84416053fab7e35438f598753e9) for Android and iOS.
### Cryptee
-
-
-{ align=right }
-{ align=right }
-
**Cryptee** is an open-source, web-based E2EE document editor and photo storage application.
Cryptee offers 100 MB of storage for free, with paid options if you need more. Sign-up doesn't require an e-mail or other personally identifiable information.
-[:octicons-home-16: Homepage](https://crypt.ee){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://crypt.ee/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://crypt.ee/help){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/cryptee){ .card-link title="Source Code" }
+{{< cards >}}
+ {{< card link="https://crypt.ee" title="Homepage" icon="home" >}}
+ {{< card link="https://crypt.ee/privacy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:octicons-browser-16: Web](https://crypt.ee/download)
-
-
-
-
+[{{< badge content="Web" >}}](https://crypt.ee/download)
Cryptee is a PWA, which means that it works seamlessly across all modern devices without requiring native apps for each respective platform.
@@ -144,24 +106,16 @@ Cryptee is a PWA, which means that it works seamlessly across all modern devices
### Org-mode
-
+**Org-mode** is a [major mode](https://gnu.org/software/emacs/manual/html_node/elisp/Major-Modes.html) for GNU Emacs. Org-mode is for keeping notes, maintaining to-do lists, planning projects, and authoring documents with a fast and effective plain-text system. File synchronization is possible with tools like [Syncthing](../file-sharing/_index.md#syncthing-p2p).
-{ align=right }
-
-**Org-mode** is a [major mode](https://gnu.org/software/emacs/manual/html_node/elisp/Major-Modes.html) for GNU Emacs. Org-mode is for keeping notes, maintaining to-do lists, planning projects, and authoring documents with a fast and effective plain-text system. File synchronization is possible with tools like [Syncthing](file-sharing.md#syncthing-p2p).
-
-[:octicons-home-16: Homepage](https://orgmode.org){ .md-button .md-button--primary }
-[:octicons-info-16:](https://orgmode.org/manuals.html){ .card-link title="Documentation" }
-[:octicons-code-16:](https://git.savannah.gnu.org/cgit/emacs/org-mode.git){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://liberapay.com/bzg){ .card-link title="Contribute" }
-
-
-
-
+{{< cards >}}
+ {{< card link="https://orgmode.org" title="Homepage" icon="home" >}}
+ {{< card link="https://orgmode.org/manuals.html" title="Documentation" icon="document-text" >}}
+{{< /cards >}}
## Criteria
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../../../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
### Minimum Requirements
diff --git a/content/tools/software/office-suites/_index.md b/content/tools/software/office-suites/_index.md
index 20b63ff13..f4badea1d 100644
--- a/content/tools/software/office-suites/_index.md
+++ b/content/tools/software/office-suites/_index.md
@@ -6,66 +6,50 @@ description: These office suites offer their full functionality without an accou
[{{< badge content="Service Providers" color="indigo" >}}](../../../wiki/basics/common-threats.md#privacy-from-service-providers)
+
+{{< cards >}}
+ {{< card link="#libreoffice" title="LibreOffice" image="./libreoffice.svg" subtitle="LibreOffice is a free and open-source office suite with extensive functionality." >}}
+ {{< card link="#onlyoffice" title="OnlyOffice" image="./onlyoffice.svg" subtitle="OnlyOffice is a cloud-based free and open-source office suite with extensive functionality, including integration with Nextcloud." >}}
+{{< /cards >}}
+
+
Choose an **office suite** that does not require logging in to an account to access its full functionality. The tools listed here can be used offline and could reasonably act as a replacement for Microsoft Office for most needs.
## LibreOffice
-
+[{{< badge content="Linux" color="yellow" >}}](https://onlyoffice.com/download-desktop.aspx)
+[{{< badge content="macOS" color="indigo" >}}](https://onlyoffice.com/download-desktop.aspx)
+[{{< badge content="Windows" color="red" >}}](https://onlyoffice.com/download-desktop.aspx)
+[{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=com.onlyoffice.documents)
+[{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/app/id944896972)
+[{{< badge content="Flathub" >}}](https://flathub.org/apps/details/org.onlyoffice.desktopeditors)
## Criteria
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../../../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
- Must be cross-platform.
- Must be open-source software.
diff --git a/content/tools/software/passwords/_index.md b/content/tools/software/passwords/_index.md
index f119c98f0..a09d9ca22 100644
--- a/content/tools/software/passwords/_index.md
+++ b/content/tools/software/passwords/_index.md
@@ -3,85 +3,59 @@ title: Local Password Managers
---
These options allow you to manage an encrypted password database locally.
+
+{{< cards >}}
+ {{< card link="#keepassxc" title="KeePassXC" image="./keepassxc.svg" subtitle="KeePassXC is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bug fixes to provide a feature-rich, cross-platform, and modern open-source password manager." >}}
+ {{< card link="#keepassdx-android" title="KeePassDX" image="./keepassdx.svg" subtitle="KeePassDX is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms securely." >}}
+ {{< card link="#keepassium-ios-macos" title="KeePassium" image="./keepassium.svg" subtitle="KeePassium is a commercial, open-source password manager made by KeePassium Labs that's compatible with other KeePass applications. It provides autofill support, passkey management, automatic two-way synchronization through most cloud storage providers, and more." >}}
+ {{< card link="#gopass-cli" title="Gopass" image="./gopass.svg" subtitle="Gopass is a minimal password manager for the command line written in Go. It can be used within scripting applications and works on all major desktop and server operating systems." >}}
+{{< /cards >}}
+
+
## KeePassXC
-
-
-{ align=right }
-
**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bug fixes to provide a feature-rich, cross-platform, and modern open-source password manager.
-[:octicons-home-16: Homepage](https://keepassxc.org){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://keepassxc.org/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://keepassxc.org/docs){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/keepassxreboot/keepassxc){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://keepassxc.org/donate){ .card-link title="Contribute" }
+{{< cards >}}
+ {{< card link="https://keepassxc.org" title="Homepage" icon="home" >}}
+ {{< card link="https://keepassxc.org/privacy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:fontawesome-brands-windows: Windows](https://keepassxc.org/download/#windows)
-- [:simple-apple: macOS](https://keepassxc.org/download/#mac)
-- [:simple-linux: Linux](https://keepassxc.org/download/#linux)
-- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.keepassxc.KeePassXC)
-- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/keepassxc-browser)
-- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/oboonakemofpalcgghocfoadofidjkkk)
-
-
-
-
+[{{< badge content="Linux" color="yellow" >}}](https://keepassxc.org/download/#linux)
+[{{< badge content="macOS" color="indigo" >}}](https://keepassxc.org/download/#mac)
+[{{< badge content="Windows" color="red" >}}](https://keepassxc.org/download/#windows)
+[{{< badge content="Flathub" >}}](https://flathub.org/apps/details/org.keepassxc.KeePassXC)
+[{{< badge content="Firefox" >}}](https://addons.mozilla.org/firefox/addon/keepassxc-browser)
+[{{< badge content="Chrome" >}}](https://chrome.google.com/webstore/detail/oboonakemofpalcgghocfoadofidjkkk)
KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-separated_values) files. You may encounter data loss if you import this file into another password manager. We advise you check each record manually.
## KeePassDX (Android)
-
-
-{ align=right }
-
**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms securely.
-[:octicons-home-16: Homepage](https://keepassdx.com){ .md-button .md-button--primary }
-[:octicons-info-16:](https://github.com/Kunzisoft/KeePassDX/wiki){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/Kunzisoft/KeePassDX){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://keepassdx.com/#donation){ .card-link title="Contribute" }
+{{< cards >}}
+ {{< card link="https://keepassdx.com" title="Homepage" icon="home" >}}
+ {{< card link="https://github.com/Kunzisoft/KeePassDX/wiki" title="Documentation" icon="document-text" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.free)
-- [:simple-github: GitHub](https://github.com/Kunzisoft/KeePassDX/releases)
-
-
-
-
+[{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.free)
+[{{< badge content="GitHub" >}}](https://github.com/Kunzisoft/KeePassDX/releases)
The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
## KeePassium (iOS & macOS)
-
+[{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/us/app/id1435127111)
KeePassium offers a [Premium version](https://keepassium.com/pricing) with additional features such as support for multiple databases, YubiKey support, and a password audit tool.
@@ -89,31 +63,20 @@ KeePassium's iOS app has been [audited](https://cure53.de/pentest-report_keepass
## Gopass (CLI)
-
-
-{ align=right }
-
**Gopass** is a minimal password manager for the command line written in Go. It can be used within scripting applications and works on all major desktop and server operating systems.
-[:octicons-home-16: Homepage](https://gopass.pw){ .md-button .md-button--primary }
-[:octicons-info-16:](https://github.com/gopasspw/gopass/tree/master/docs){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/gopasspw/gopass){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://github.com/sponsors/dominikschulz){ .card-link title="Contribute" }
+{{< cards >}}
+ {{< card link="https://gopass.pw" title="Homepage" icon="home" >}}
+ {{< card link="https://github.com/gopasspw/gopass/tree/master/docs" title="Documentation" icon="document-text" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:fontawesome-brands-windows: Windows](https://gopass.pw/#install-windows)
-- [:simple-apple: macOS](https://gopass.pw/#install-macos)
-- [:simple-linux: Linux](https://gopass.pw/#install-linux)
-- [:simple-freebsd: FreeBSD](https://gopass.pw/#install-bsd)
-
-
-
-
+[{{< badge content="Linux" color="yellow" >}}](https://gopass.pw/#install-linux)
+[{{< badge content="macOS" color="indigo" >}}](https://gopass.pw/#install-macos)
+[{{< badge content="Windows" color="red" >}}](https://gopass.pw/#install-windows)
+[{{< badge content="FreeBSD" >}}](https://gopass.pw/#install-bsd)
## Criteria
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../../../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
- Must be cross-platform.
diff --git a/content/tools/software/pastebins/_index.md b/content/tools/software/pastebins/_index.md
index 7aba0ba4b..388447136 100644
--- a/content/tools/software/pastebins/_index.md
+++ b/content/tools/software/pastebins/_index.md
@@ -6,42 +6,36 @@ description: These tools allow you to have full control of any pasted data you s
[{{< badge content="Service Providers" color="indigo" >}}](../../../wiki/basics/common-threats.md#privacy-from-service-providers)
+
+{{< cards >}}
+ {{< card link="#privatebin" title="PrivateBin" image="./privatebin.svg" subtitle="PrivateBin is a minimalist, open-source, online pastebin where the server cannot decrypt and read any pasted data you submit. Data is encrypted/decrypted in the browser using 256-bit AES." >}}
+ {{< card link="#paaster" title="Paaster" image="./paaster.svg" subtitle="Paaster is a secure and user-friendly pastebin application that prioritizes privacy and simplicity. With end-to-end encryption and paste history, Paaster ensures that your pasted code remains confidential and accessible." >}}
+{{< /cards >}}
+
+
[**Pastebins**](https://en.wikipedia.org/wiki/Pastebin) are online services most commonly used to share large blocks of code in a convenient and efficient manner. The pastebins listed here employ client-side encryption and password protection for pasted content; both of these features prevent the website or server operator from reading or accessing the contents of any paste.
## PrivateBin
-
-
-{ align=right }
-
**PrivateBin** is a minimalist, open-source, online pastebin where the server cannot decrypt and read any pasted data you submit. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
-[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
-[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
-[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
-
-
-
-{ align=right }
-
**Paaster** is a secure and user-friendly pastebin application that prioritizes privacy and simplicity. With end-to-end encryption and paste history, Paaster ensures that your pasted code remains confidential and accessible.
-[:octicons-home-16: Homepage](https://paaster.io){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://paaster.io/privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://github.com/WardPearce/paaster#security){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/WardPearce/paaster){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://github.com/sponsors/WardPearce){ .card-link title="Contribute" }
-
-
+{{< cards >}}
+ {{< card link="https://paaster.io" title="Homepage" icon="home" >}}
+ {{< card link="https://paaster.io/privacy-policy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
## Criteria
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../../../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
### Minimum Requirements
diff --git a/content/tools/software/social-networks/_index.md b/content/tools/software/social-networks/_index.md
index 30c12f75c..f78f245cb 100644
--- a/content/tools/software/social-networks/_index.md
+++ b/content/tools/software/social-networks/_index.md
@@ -7,13 +7,20 @@ description: Find a new social network that doesn’t pry into your data or mone
[{{< badge content="Censorship" >}}](../../../wiki/basics/common-threats.md#avoiding-censorship)
[{{< badge content="Surveillance Capitalism" color="purple" >}}](../../../wiki/basics/common-threats.md#surveillance-as-a-business-model)
+
+{{< cards >}}
+ {{< card link="#mastodon" title="Mastodon" image="./mastodon.svg" subtitle="Mastodon is a social network based on open web protocols and free, open-source software. It uses the ActivityPub protocol, which is decentralized like email: Users can exist on different servers or even different platforms but still communicate with each other." >}}
+ {{< card link="#element" title="Element" image="./element.svg" subtitle="Element is the flagship client for the Matrix protocol, an open standard that enables decentralized communication by way of federated chat rooms. Users can exist on different homeservers but still communicate with each other." >}}
+{{< /cards >}}
+
+
These privacy-respecting **social networks** allow you to participate in online communities without giving up your personal information like your full name, phone number, and other data commonly requested by tech companies.
A growing problem among social media platforms is censorship in two different forms. First, they often acquiesce to illegitimate censorship requests, either from malicious governments or their own internal policies. Second, they often require accounts to access walled-off content that would otherwise be published freely on the open internet; this effectively censors the browsing activities of privacy-conscious users who are unable to pay the privacy cost of opening an account on these networks.
The social networks we recommend solve the issue of censorship by operating atop an open and decentralized social networking protocol. They also don't require an account merely to view publicly available content.
-You should note that **no** social networks are appropriate for private or sensitive communications. For chatting directly with others, you should use a recommended [instant messenger](real-time-communication.md) with strong end-to-end encryption, and only use direct messages on social media in order to establish a more private and secure chat platform with your contacts.
+You should note that **no** social networks are appropriate for private or sensitive communications. For chatting directly with others, you should use a recommended [instant messenger](../../services/messengers/_index.md) with strong end-to-end encryption, and only use direct messages on social media in order to establish a more private and secure chat platform with your contacts.
## Decentralization
@@ -39,16 +46,12 @@ If you are greatly concerned about an existing server censoring your content, th
## Mastodon
-
-
-{ align=right }
-
**Mastodon** is a social network based on open web protocols and free, open-source software. It uses the **:simple-activitypub: ActivityPub** protocol, which is decentralized like email: Users can exist on different servers or even different platforms but still communicate with each other.
-[:octicons-home-16: Homepage](https://joinmastodon.org){ .md-button .md-button--primary }
-[:octicons-info-16:](https://docs.joinmastodon.org){ .card-link title="Documentation" }
-
-
+{{< cards >}}
+ {{< card link="https://joinmastodon.org" title="Homepage" icon="home" >}}
+ {{< card link="https://docs.joinmastodon.org" title="Documentation" icon="document-text" >}}
+{{< /cards >}}
There are many software platforms which use ActivityPub as their backend social networking protocol, meaning they can talk to servers even when they are running different software. For example, PeerTube is a video publishing software that uses ActivityPub, meaning you can follow channels on PeerTube either with another PeerTube account, *or* with a Mastodon account because Mastodon also uses ActivityPub.
@@ -111,31 +114,20 @@ If you used our recommended configuration settings above, you should be posting
## Element
-
-
-{ align=right }
-
**Element** is the flagship client for the **:simple-matrix: [Matrix](https://matrix.org/docs/chat_basics/matrix-for-im)** protocol, an [open standard](https://spec.matrix.org/latest) that enables decentralized communication by way of federated chat rooms. Users can exist on different homeservers but still communicate with each other.
-[:octicons-home-16: Homepage](https://element.io){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://element.io/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://element.io/help){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/element-hq){ .card-link title="Source Code" }
+{{< cards >}}
+ {{< card link="https://element.io" title="Homepage" icon="home" >}}
+ {{< card link="https://element.io/privacy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=io.element.android.x)
-- [:simple-appstore: App Store](https://apps.apple.com/app/id1631335820)
-- [:simple-github: GitHub](https://github.com/element-hq/element-x-android/releases)
-- [:fontawesome-brands-windows: Windows](https://element.io/download)
-- [:simple-apple: macOS](https://element.io/download)
-- [:simple-linux: Linux](https://element.io/download)
-- [:octicons-browser-16: Web](https://app.element.io)
-
-
-
-
+[{{< badge content="Linux" color="yellow" >}}](https://element.io/download)
+[{{< badge content="macOS" color="indigo" >}}](https://element.io/download)
+[{{< badge content="Windows" color="red" >}}](https://element.io/download)
+[{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=io.element.android.x)
+[{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/app/id1631335820)
+[{{< badge content="GitHub" >}}](https://github.com/element-hq/element-x-android/releases)
+[{{< badge content="Web" >}}](https://app.element.io)
### Choosing a Homeserver
@@ -187,13 +179,13 @@ With this setting enabled, unverified users (i.e., those who have not used the *
## Criteria
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../../../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
- Must be free and open-source software.
- Must use a federated protocol to communicate with other instances of the social networking software.
- Must not have non-technical restrictions on who can be federated with.
-- Must be usable within a standard [web browser](desktop-browsers.md).
+- Must be usable within a standard [web browser](../desktop-browsers/_index.md).
- Must make public content accessible to visitors without an account.
- Must allow you to limit who can follow your profile.
- Must allow you to post content visible only to your followers.
-- Must support modern web application security standards/features (including [multifactor authentication](multi-factor-authentication.md)).
+- Must support modern web application security standards/features (including [multifactor authentication](../multi-factor-authentication/_index.md)).
diff --git a/content/tools/software/tor/_index.md b/content/tools/software/tor/_index.md
index 67d1e3aef..7f6385372 100644
--- a/content/tools/software/tor/_index.md
+++ b/content/tools/software/tor/_index.md
@@ -10,13 +10,15 @@ description: Protect your internet browsing from prying eyes by using the Tor ne
**Tor** is a group of volunteer-operated servers that allows you to connect for free and improve your privacy and security on the Internet. Individuals and organizations can also share information over the Tor network with ".onion hidden services" without compromising their privacy. Because Tor traffic is difficult to block and trace, Tor is an effective censorship circumvention tool.
-[Detailed Tor Overview :material-arrow-right-drop-circle:](../../../wiki/advanced/tor-overview.md){ .md-button .md-button--primary }
-[:material-movie-open-play-outline: Video: Why You Need Tor](https://www.privacyguides.org/videos/2025/03/02/why-you-need-tor){ .md-button }
+[Detailed Tor Overview :material-arrow-right-drop-circle:](../../../wiki/advanced/tor-overview.md)
+{ .md-button .md-button--primary }
+[:material-movie-open-play-outline: Video: Why You Need Tor](https://www.privacyguides.org/videos/2025/03/02/why-you-need-tor)
+{ .md-button }
Tip
-Before connecting to Tor, please ensure you've read our [overview](../../../wiki/advanced/tor-overview.md on what Tor is and how to connect to it safely. We often recommend connecting to Tor through a trusted [VPN provider](vpn.md), but you have to do so **properly** to avoid decreasing your anonymity.
+Before connecting to Tor, please ensure you've read our [overview](../../../wiki/advanced/tor-overview.md) on what Tor is and how to connect to it safely. We often recommend connecting to Tor through a trusted [VPN provider](../../services/vpn/_index.md), but you have to do so **properly** to avoid decreasing your anonymity.
@@ -24,34 +26,29 @@ There are a variety of ways to connect to the Tor network from your device, the
Some of these apps are better than others; making a determination comes down to your threat model. If you are a casual Tor user who is not worried about your ISP collecting evidence against you, using mobile browser apps like [Onion Browser](#onion-browser-ios) to access the Tor network is probably fine. Increasing the number of people who use Tor on an everyday basis helps reduce the bad stigma of Tor, and lowers the quality of "lists of Tor users" that ISPs and governments may compile.
-If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against deanonymization.
+If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](../../os/desktop/_index.md#whonix) + [Qubes](../../os/desktop/_index.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against deanonymization.
+
+
+{{< cards >}}
+ {{< card link="#tor-browser" title="Tor Browser" image="./tor.svg" subtitle="Tor Browser is the top choice if you need anonymity, as it provides you with access to the Tor network and bridges, and it includes default settings and extensions that are automatically configured by the default security levels: *Standard*, *Safer* and *Safest*." >}}
+ {{< card link="#onion-browser-ios" title="Onion Browser" image="./onion_browser.svg" subtitle="Onion Browser is an open-source browser that lets you browse the web anonymously over the Tor network on iOS devices and is endorsed by the Tor Project." >}}
+{{< /cards >}}
+
## Tor Browser
-
-
-{ align=right }
-
**Tor Browser** is the top choice if you need anonymity, as it provides you with access to the Tor network and bridges, and it includes default settings and extensions that are automatically configured by the default security levels: *Standard*, *Safer* and *Safest*.
-[:octicons-home-16: Homepage](https://torproject.org){ .md-button .md-button--primary }
-[:simple-torbrowser:](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion){ .card-link title="Onion Service" }
-[:octicons-info-16:](https://tb-manual.torproject.org){ .card-link title="Documentation" }
-[:octicons-code-16:](https://gitlab.torproject.org/tpo/applications/tor-browser){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://donate.torproject.org){ .card-link title="Contribute" }
+{{< cards >}}
+ {{< card link="https://torproject.org" title="Homepage" icon="home" >}}
+ {{< card link="http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion" title="Onion Service" icon="link" >}}
+{{< /cards >}}
-
-Downloads
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.torproject.torbrowser)
-- [:simple-android: Android](https://torproject.org/download/#android)
-- [:fontawesome-brands-windows: Windows](https://torproject.org/download)
-- [:simple-apple: macOS](https://torproject.org/download)
-- [:simple-linux: Linux](https://torproject.org/download)
-
-
-
-
@@ -62,33 +59,21 @@ You should **never** install any additional extensions on Tor Browser or edit `a
The Tor Browser is designed to prevent fingerprinting, or identifying you based on your browser configuration. Therefore, it is imperative that you do **not** modify the browser beyond the default [security levels](https://tb-manual.torproject.org/security-settings). When modifying the security level setting, you **must** always restart the browser before continuing to use it. Otherwise, [the security settings may not be fully applied](https://www.privacyguides.org/articles/2025/05/02/tor-security-slider-flaw), putting you at a higher risk of fingerprinting and exploits than you may expect based on the setting chosen.
-In addition to installing Tor Browser on your computer directly, there are also operating systems designed specifically to connect to the Tor network such as [Whonix](desktop.md#whonix) on [Qubes OS](desktop.md#qubes-os), which provide even greater security and protections than the standard Tor Browser alone.
+In addition to installing Tor Browser on your computer directly, there are also operating systems designed specifically to connect to the Tor network such as [Whonix](../../os/desktop/_index.md#whonix) on [Qubes OS](../../os/desktop/_index.md#qubes-os), which provide even greater security and protections than the standard Tor Browser alone.
## Onion Browser (iOS)
-
-
-{ align=right }
+[:material-star-box: Read our latest Onion Browser review.](https://www.privacyguides.org/articles/2024/09/18/onion-browser-review)
**Onion Browser** is an open-source browser that lets you browse the web anonymously over the Tor network on iOS devices and is endorsed by the [Tor Project](https://support.torproject.org/glossary/onion-browser).
-[:material-star-box: Read our latest Onion Browser review.](https://www.privacyguides.org/articles/2024/09/18/onion-browser-review)
+{{< cards >}}
+ {{< card link="https://onionbrowser.com" title="Homepage" icon="home" >}}
+ {{< card link="https://onionbrowser.com/privacy-policy" title="Privacy Policy" icon="eye" >}}
+{{< /cards >}}
-[:octicons-home-16: Homepage](https://onionbrowser.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://onionbrowser.com/privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://onionbrowser.com/faqs){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/OnionBrowser/OnionBrowser){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://onionbrowser.com/donate){ .card-link title="Contribute" }
-
-
-Downloads
-
-- [:simple-appstore: App Store](https://apps.apple.com/app/id519296448)
-
-
-
-
+[{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/app/id519296448)
Onion Browser does not provide the same levels of privacy protections as Tor Browser does on desktop platforms. For casual use it is a perfectly fine way to access hidden services, but if you're concerned about being traced or monitored by advanced adversaries you should not rely on this as an anonymity tool.
-[Notably](https://github.com/privacyguides/privacyguides.org/issues/2929), Onion Browser does not *guarantee* all requests go through Tor. When using the built-in version of Tor, [your real IP **will** be leaked via WebRTC and audio/video streams](https://onionbrowser.com/faqs) due to limitations of WebKit. It is *safer* to use Onion Browser alongside [Orbot](alternative-networks.md#orbot), but this still comes with some limitations on iOS.
+[Notably](https://github.com/privacyguides/privacyguides.org/issues/2929), Onion Browser does not *guarantee* all requests go through Tor. When using the built-in version of Tor, [your real IP **will** be leaked via WebRTC and audio/video streams](https://onionbrowser.com/faqs) due to limitations of WebKit. It is *safer* to use Onion Browser alongside [Orbot](../../advanced/alternative-networks/_index.md#orbot), but this still comes with some limitations on iOS.
diff --git a/content/tools/advanced/alternative-networks/onion_browser.svg b/content/tools/software/tor/onion_browser.svg
similarity index 100%
rename from content/tools/advanced/alternative-networks/onion_browser.svg
rename to content/tools/software/tor/onion_browser.svg
diff --git a/content/tools/software/tor/tor.svg b/content/tools/software/tor/tor.svg
new file mode 100644
index 000000000..5943e96e8
--- /dev/null
+++ b/content/tools/software/tor/tor.svg
@@ -0,0 +1 @@
+