style: Add logos to recommendation cards

2026-05-25 21:01:23 +00:00 · 2026-05-19 14:40:13 -05:00
parent c2e570dfbd
commit 61e9096386
49 changed files with 169 additions and 167 deletions
@@ -269,6 +269,16 @@ html.light {
      .hextra-card {
        background-color: var(--hx-color-gray-50);
      }
+      img {
+        float: right;
+        margin-top: 0;
+        max-width: 100px;
+        max-height: 100px;
+        margin: 0em 0em 1em 2em;
+      }
+      p:first-of-type {
+        margin-top: 0;
+      }
    }
  }
  nav.hextra-toc li:has(~ li a.hextra-toc-active) > a {
@@ -26,7 +26,7 @@ When it comes to anonymizing networks, we want to specially note that [Tor](../.

 ### Tor

-{{< title-card >}}
+{{< title-card logo="./tor.svg" >}}

 The **Tor** network is a group of volunteer-operated servers that allows you to connect for free and improve your privacy and security on the Internet. Individuals and organizations can also share information over the Tor network with ".onion hidden services" without compromising their privacy. Because Tor traffic is difficult to block and trace, Tor is an effective [Censorship](../../../wiki/basics/common-threats/index.md#avoiding-censorship){ .pg-blue-gray } circumvention tool.

@@ -52,7 +52,7 @@ You can access the Tor network using other tools; making this determination come

 #### Orbot

-{{< title-card >}}
+{{< title-card logo="./tor.svg" >}}

 **Orbot** is a mobile application which routes traffic from any app on your device through the Tor network.

@@ -82,7 +82,7 @@ Orbot can proxy individual apps if they support SOCKS or HTTP proxying. It can a

 #### Snowflake

-{{< title-card >}}
+{{< title-card logo="./tor.svg" >}}

 **Snowflake** allows you to donate bandwidth to the Tor Project by operating a "Snowflake proxy" within your browser.

@@ -106,7 +106,7 @@ Running a Snowflake proxy is low-risk, even more so than running a Tor relay or

 ### I2P (The Invisible Internet Project)

-{{< title-card >}}
+{{< title-card logo="./i2p.svg" >}}

 **I2P** is a network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.

@@ -66,7 +66,7 @@ These tools can trigger false-positives. If any of these tools finds indicators

 ### Mobile Verification Toolkit

-{{< title-card >}}
+{{< title-card logo="./mvt.webp" >}}

 **Mobile Verification Toolkit** (**MVT**) is a collection of utilities which simplifies and automates the process of scanning mobile devices for potential traces of targeting or infection by known spyware campaigns. MVT was developed by Amnesty International and released in 2021 in the context of the [Pegasus Project](https://forbiddenstories.org/about-the-pegasus-project).

@@ -99,7 +99,7 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un

 ### iMazing (iOS)

-{{< title-card >}}
+{{< title-card logo="./imazing.png" >}}

 **iMazing** provides a free spyware analyzer tool for iOS devices which acts as a GUI-wrapper for [MVT](#mobile-verification-toolkit). This can be much easier to run compared to MVT itself, which is a command-line tool designed for technologists and forensic investigators.

@@ -129,7 +129,7 @@ These are apps you can install which check your device and operating system for

 ### Auditor (Android)

-{{< title-card >}}
+{{< title-card logo="./auditor.svg" >}}

 **Auditor** is an app which leverages hardware security features to provide device integrity monitoring by actively validating the identity of a device and the integrity of its operating system. Currently, it only works with GrapheneOS or the stock operating system for [supported devices](https://attestation.app/about#device-support).

@@ -47,7 +47,7 @@ A few more tips regarding Android devices and operating system compatibility:

 Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.

-{{< title-card >}}
+{{< title-card logo="./google-pixel.png" >}}

 **Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.

@@ -21,7 +21,7 @@ A physical **security key** adds a very strong layer of protection to your onlin

 ## Yubico Security Key

-{{< title-card >}}
+{{< title-card logo="./yubico-security-key.webp" >}}

 The **Yubico Security Key** series is the most cost-effective hardware security key with FIDO Level 2 certification[^1]. It supports FIDO2/WebAuthn and FIDO Universal 2nd Factor (U2F), and works out of the box with most services that support a security key as a second factor, as well as many password managers.

@@ -48,7 +48,7 @@ If you need any of those features, you should consider their higher-end [YubiKey

 ## YubiKey

-{{< title-card >}}
+{{< title-card logo="./yubikey.png" >}}

 The **YubiKey** series from Yubico are among the most popular security keys with FIDO Level 2 Certification[^1]. The **YubiKey 5 Series** has a wide range of features such as FIDO2/WebAuthn and FIDO U2F, [TOTP and HOTP](https://developers.yubico.com/OATH) authentication, [Personal Identity Verification (PIV)](https://developers.yubico.com/PIV), and [OpenPGP](https://developers.yubico.com/PGP).

@@ -71,7 +71,7 @@ For models which [support HOTP and TOTP](https://support.yubico.com/hc/articles/

 ## Nitrokey

-{{< title-card >}}
+{{< title-card logo="./nitrokey-square.svg" >}}

 **Nitrokey** has a cost-effective security key capable of FIDO2/WebAuthn and FIDO U2F called the **Nitrokey Passkey**. For support for features such as PIV, OpenPGP, and TOTP and HOTP authentication, you need to purchase one of their other keys like the **Nitrokey 3**. Currently, only the **Nitrokey 3A Mini** has [FIDO Level 1 Certification](https://nitrokey.com/news/2024/nitrokey-3a-mini-receives-official-fido2-certification).

@@ -25,7 +25,7 @@ We recommend installing GrapheneOS if you have a Google Pixel as it provides imp

 ## GrapheneOS

-{{< title-card >}}
+{{< title-card logo="./grapheneos.svg" >}}

 **GrapheneOS** is the best choice when it comes to privacy and security.

@@ -22,7 +22,7 @@ We recommend a wide variety of Android apps throughout this site. The apps liste

 If your device is on Android 15 or greater, we recommend using the native [Private Space](../_index.md#private-space) feature instead, which provides nearly the same functionality without needing to place trust in and grant powerful permissions to a third-party app.

-{{< title-card >}}
+{{< title-card logo="./shelter.svg" >}}

 **Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.

@@ -46,7 +46,7 @@ Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) a
 <small>Protects against the following threat(s):</small>
 [{{< badge content="Public Exposure" color="green" >}}](../../../../wiki/basics/common-threats/index.md#limiting-public-information)

-{{< title-card >}}
+{{< title-card logo="./secure_camera.svg" >}}

 **Secure Camera** is a camera app focused on privacy and security which can capture images, videos, and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.

@@ -78,7 +78,7 @@ Main privacy features include:
 <small>Protects against the following threat(s):</small>
 [{{< badge content="Targeted Attacks" color="red" >}}](../../../../wiki/basics/common-threats/index.md#attacks-against-specific-individuals)

-{{< title-card >}}
+{{< title-card logo="./secure_pdf_viewer.svg" >}}

 **Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_(software_development)) [WebView](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.

@@ -18,7 +18,7 @@ There are many ways to obtain Android apps privately, even from the Play Store,

 ## Obtainium

-{{< title-card >}}
+{{< title-card logo="./obtainium.svg" >}}

 **Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.

@@ -41,7 +41,7 @@ GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Ap

 The Google Play Store requires a Google account to log in, which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.

-{{< title-card >}}
+{{< title-card logo="./aurora-store.webp" >}}

 **Aurora Store** is a Google Play Store client which does not require a Google account, Google Play Services, or microG to download apps.

@@ -31,7 +31,7 @@ Linux distributions are commonly recommended for privacy protection and software

 ### Fedora Linux

-{{< title-card >}}
+{{< title-card logo="./fedora.svg" >}}

 **Fedora Linux** is our recommended desktop distribution for people new to Linux. Fedora generally adopts newer technologies (e.g., [Wayland](https://wayland.freedesktop.org) and [PipeWire](https://pipewire.org)) before other distributions. These new technologies often come with improvements in security, privacy, and usability in general.

@@ -48,7 +48,7 @@ Fedora has a semi-rolling release cycle. While some packages like the desktop en

 ### openSUSE Tumbleweed

-{{< title-card >}}
+{{< title-card logo="./opensuse-tumbleweed.svg" >}}

 **openSUSE Tumbleweed** is a stable rolling release distribution.

@@ -67,7 +67,7 @@ Tumbleweed follows a rolling release model where each update is released as a sn

 ### Arch Linux

-{{< title-card >}}
+{{< title-card logo="./archlinux.svg" >}}

 **Arch Linux** is a lightweight, do-it-yourself (DIY) distribution, meaning that you only get what you install. For more information see their [FAQ](https://wiki.archlinux.org/title/Frequently_asked_questions).

@@ -90,7 +90,7 @@ A large portion of [Arch Linux’s packages](https://reproducible.archlinux.org)

 ### Fedora Atomic Desktops

-{{< title-card >}}
+{{< title-card logo="./fedora.svg" >}}

 **Fedora Atomic Desktops** are variants of Fedora which use the `rpm-ostree` package manager and have a strong focus on containerized workflows and Flatpak for desktop applications. All of these variants follow the same release schedule as Fedora Workstation, benefiting from the same fast updates and staying very close to upstream.

@@ -113,7 +113,7 @@ As an alternative to Flatpaks, there is the option of [Toolbx](https://docs.fedo

 ### NixOS

-{{< title-card >}}
+{{< title-card logo="./nixos.svg" >}}

 **NixOS** is an independent distribution based on the Nix package manager with a focus on reproducibility and reliability.

@@ -138,7 +138,7 @@ Nix is a source-based package manager; if there’s no pre-built available in th

 ### Whonix

-{{< title-card >}}
+{{< title-card logo="./whonix.svg" >}}

 **Whonix** is based on [Kicksecure](#kicksecure), a security-focused fork of Debian. It aims to provide privacy, security, and [anonymity](../../../wiki/basics/common-threats/index.md#anonymity-vs-privacy) on the internet. Whonix is best used in conjunction with [Qubes OS](#qubes-os).

@@ -157,7 +157,7 @@ Whonix is best used [in conjunction with Qubes](https://whonix.org/wiki/Qubes/Wh

 ### Tails

-{{< title-card >}}
+{{< title-card logo="./tails.svg" >}}

 **Tails** is a live operating system based on Debian that routes all communications through Tor, which can boot on on almost any computer from a DVD, USB stick, or SD card installation. It uses [Tor](../../software/tor/index.md) to preserve privacy and [anonymity](../../../wiki/basics/common-threats/index.md#anonymity-vs-privacy) while circumventing censorship, and it leaves no trace of itself on the computer it is used on after it is powered off.

@@ -184,7 +184,7 @@ By design, Tails is meant to completely reset itself after each reboot. Encrypte

 ### Qubes OS

-{{< title-card >}}
+{{< title-card logo="./qubes_os.svg" >}}

 **Qubes OS** is an open-source operating system designed to provide strong security for desktop computing through secure virtual machines (or "qubes"). Qubes is based on Xen, the X Window System, and Linux. It can run most Linux applications and use most of the Linux drivers.

@@ -201,7 +201,7 @@ For further information about how Qubes works, read our full [Qubes OS overview]

 ### Secureblue

-{{< title-card >}}
+{{< title-card logo="./secureblue.svg" >}}

 **Secureblue** is a security-focused operating system based on [Fedora Atomic Desktops](#fedora-atomic-desktops). It includes a number of [security features](https://secureblue.dev/features) intended to proactively defend against the exploitation of both known and unknown vulnerabilities, and ships with [Trivalent](https://github.com/secureblue/Trivalent), their hardened, Chromium-based web browser.

@@ -220,7 +220,7 @@ Secureblue also provides GrapheneOS's [hardened memory allocator](https://github

 While we [recommend against](../../../wiki/os/linux/index.md#release-cycle) "perpetually outdated" distributions like Debian for desktop use in most cases, Kicksecure is a Debian-based operating system which has been hardened to be much more than a typical Linux install.

-{{< title-card >}}
+{{< title-card logo="./kicksecure.svg" >}}

 **Kicksecure**—in oversimplified terms—is a set of scripts, configurations, and packages that substantially reduce the attack surface of Debian. It covers a lot of privacy and hardening recommendations by default. It also serves as the base OS for [Whonix](#whonix).

@@ -20,7 +20,7 @@ Below are a few alternative operating systems that can be used on routers, Wi-Fi

 ## OpenWrt

-{{< title-card >}}
+{{< title-card logo="./openwrt.svg" >}}

 **OpenWrt** is a Linux-based operating system; it's primarily used on embedded devices to route network traffic. It includes util-linux, uClibc, and BusyBox. All the components have been optimized for home routers.

@@ -35,7 +35,7 @@ You can consult OpenWrt's [table of hardware](https://openwrt.org/toh/start) to

 ## OPNsense

-{{< title-card >}}
+{{< title-card logo="./opnsense.svg" >}}

 **OPNsense** is an open-source, FreeBSD-based firewall and routing platform which incorporates many advanced features such as traffic shaping, load balancing, and VPN capabilities, with many more features available in the form of plugins. OPNsense is commonly deployed as a perimeter firewall, router, wireless access point, DHCP server, DNS server, and VPN endpoint.

@@ -21,7 +21,7 @@ aliases:

 ## Pi-hole

-{{< title-card >}}
+{{< title-card logo="./pi-hole.svg" >}}

 **Pi-hole** is an open-source DNS sinkhole which features a friendly web interface to view insights and manage blocked content. Pi-hole is designed to be hosted on a Raspberry Pi, but it is not limited to such hardware.

@@ -34,7 +34,7 @@ aliases:

 ## AdGuard Home

-{{< title-card >}}
+{{< title-card logo="./adguard-home.svg" >}}

 **AdGuard Home** is an open-source DNS sinkhole which features a polished web interface to view insights and manage blocked content.

@@ -23,7 +23,7 @@ Advanced system administrators may consider setting up their own **email server*

 ## Stalwart

-{{< title-card >}}
+{{< title-card logo="./stalwart.svg" >}}

 **Stalwart** is a newer mail server written in Rust which supports JMAP in addition to the standard IMAP, POP3, and SMTP. It has a wide variety of configuration options, but also defaults to very reasonable settings in terms of both security and features, making it easy to use immediately. It has web-based administration with TOTP 2FA support and allows you to enter your public PGP key to encrypt **all** incoming messages.

@@ -42,7 +42,7 @@ We use Stalwart for our own internal email at *Privacy Guides*.

 ## Mailcow

-{{< title-card >}}
+{{< title-card logo="./mailcow.svg" >}}

 **Mailcow** is an advanced mail server perfect for those with Linux experience. It has everything you need in a Docker container: a mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support.

@@ -55,7 +55,7 @@ We use Stalwart for our own internal email at *Privacy Guides*.

 ## Mail-in-a-Box

-{{< title-card >}}
+{{< title-card logo="./mail-in-a-box.svg" >}}

 **Mail-in-a-Box** is an automated setup script for deploying a mail server on Ubuntu. Its goal is to make it easier for people to set up their own mail server.

@@ -22,7 +22,7 @@ Self-hosting your own **file management** tools may be a good idea to reduce the

 ### PhotoPrism

-{{< title-card >}}
+{{< title-card logo="./photoprism.svg" >}}

 **PhotoPrism** is a platform for managing photos. It supports album syncing and sharing as well as a variety of other [features](https://photoprism.app/features). It does not include end-to-end encryption, so it's best hosted on a server that you trust and is under your control.

@@ -37,7 +37,7 @@ Self-hosting your own **file management** tools may be a good idea to reduce the

 ### FreedomBox

-{{< title-card >}}
+{{< title-card logo="./freedombox.svg" >}}

 **FreedomBox** is an operating system designed to be run on a [single-board computer (SBC)](https://en.wikipedia.org/wiki/Single-board_computer). The purpose is to make it easy to set up server applications for use cases like sharing files.

@@ -50,7 +50,7 @@ Self-hosting your own **file management** tools may be a good idea to reduce the

 ### Nextcloud

-{{< title-card >}}
+{{< title-card logo="./nextcloud.svg" >}}

 **Nextcloud** is a suite of free and open-source client-server software for creating your own file hosting services on a private server you control.

@@ -4,7 +4,7 @@ title: Password Sync

 ## Vaultwarden

-{{< title-card >}}
+{{< title-card logo="./vaultwarden.svg" >}}

 **Vaultwarden** is an alternative implementation of Bitwarden’s sync server written in Rust and compatible with official Bitwarden clients, perfect for self-hosted deployment where running the resource-heavy, official service might not be ideal.

@@ -54,7 +54,7 @@ If you are greatly concerned about an existing server censoring your content, th

 ## Mastodon

-{{< title-card >}}
+{{< title-card logo="./mastodon.svg" >}}

 **Mastodon** is a social network based on open web protocols and free, open-source software. It uses the **ActivityPub** protocol, which is decentralized like email: Users can exist on different servers or even different platforms but still communicate with each other.

@@ -126,7 +126,7 @@ If you used our recommended configuration settings above, you should be posting

 ## Element

-{{< title-card >}}
+{{< title-card logo="./element.svg" >}}

 **Element** is the flagship client for the **[Matrix](https://matrix.org/docs/chat_basics/matrix-for-im)** protocol, an [open standard](https://spec.matrix.org/latest) that enables decentralized communication by way of federated chat rooms. Users can exist on different homeservers but still communicate with each other.

@@ -22,7 +22,7 @@ aliases:

 ## Tuta

-{{< title-card >}}
+{{< title-card logo="../email/tuta.svg" >}}

 **Tuta** offers a free and encrypted calendar across their supported platforms. Features include automatic E2EE of all data, sharing features, import/export functionality, multifactor authentication, and [more](https://tuta.com/calendar-app-comparison).

@@ -46,7 +46,7 @@ Multiple calendars and extended sharing functionality are limited to paid subscr

 ## Proton Calendar

-{{< title-card >}}
+{{< title-card logo="./proton-calendar.svg" >}}

 **Proton Calendar** is an encrypted calendar service available to Proton members via its web or mobile clients. Features include automatic E2EE of all data, sharing features, import/export functionality, and [more](https://proton.me/support/proton-calendar-guide).

@@ -26,7 +26,7 @@ If these alternatives do not fit your needs, we suggest you look into using encr

 ## Proton Drive

-{{< title-card >}}
+{{< title-card logo="./protondrive.svg" >}}

 **Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](../email/index.md#proton-mail).

@@ -48,7 +48,7 @@ The Proton Drive web application has been independently audited by Securitum in

 ## Tresorit

-{{< title-card >}}
+{{< title-card logo="./tresorit.svg" >}}

 **Tresorit** is a Swiss-Hungarian encrypted cloud storage provider founded in 2011. Tresorit is owned by the Swiss Post, the national postal service of Switzerland.

@@ -82,7 +82,7 @@ They have also received the Digital Trust Label, a certification from the [Swiss

 ## Peergos

-{{< title-card >}}
+{{< title-card logo="./peergos.svg" >}}

 **Peergos** is a decentralized protocol and open-source platform for storage, social media, and applications. It provides a secure and private space where users can store, share, view, and edit their photos, videos, documents, etc.

@@ -63,7 +63,7 @@ If you don't use an automatic scanner to find results about you, consider settin

 ## EasyOptOuts <small>Paid</small>

-{{< title-card >}}
+{{< title-card logo="./easyoptouts.svg" >}}

 **EasyOptOuts** is a $20/year service which will search a number of different data broker sites and automatically submit opt-out requests on your behalf. They will perform the first search and removal process immediately, and then re-run the process every 4 months in case your data shows up on new sites over time.

@@ -91,7 +91,7 @@ Our [testing](https://www.privacyguides.org/articles/2025/02/03/easyoptouts-revi
 > 
 > While Google is not a data broker themselves *per se*, as they don't sell or share your data with outside parties, some may find this relationship unacceptable. You should always decide whether the benefits of this tool outweigh the drawbacks for your individual situation.

-{{< title-card >}}
+{{< title-card logo="./google.svg" >}}

 **Results about you** is a free tool which helps you discover whether your personal contact information, including your home address, phone number, and email address, appears in Google search results. If any personal information is found, you can request its removal.

@@ -60,7 +60,7 @@ These DNS filtering solutions offer a web dashboard where you can customize the

 ### Control D

-{{< title-card >}}
+{{< title-card logo="./control-d.svg" >}}

 **Control D** is a customizable DNS service which lets you block security threats, unwanted content, and advertisements on a DNS level.

@@ -82,7 +82,7 @@ In addition to their paid plans, they offer a number of preconfigured DNS resolv

 ### NextDNS

-{{< title-card >}}
+{{< title-card logo="./nextdns.svg" >}}

 **NextDNS** is a customizable DNS service which lets you block security threats, unwanted content, and advertisements on a DNS level.

@@ -113,7 +113,7 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](..

 ### RethinkDNS

-{{< title-card >}}
+{{< title-card logo="./rethinkdns.svg" >}}

 **RethinkDNS** is an open-source Android client that supports [DoH](../../../wiki/advanced/dns-overview/index.md#dns-over-https-doh), [DoT](../../../wiki/advanced/dns-overview/index.md#dns-over-tls-dot), [DNSCrypt](../../../wiki/advanced/dns-overview/index.md#dnscrypt) and DNS Proxy. It also provides additional functionality such as caching DNS responses, locally logging DNS queries, and using the app as a firewall.

@@ -131,7 +131,7 @@ While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot

 ### DNSCrypt-Proxy

-{{< title-card >}}
+{{< title-card logo="./dnscrypt-proxy.svg" >}}

 **DNSCrypt-Proxy** is a DNS proxy with support for [DNSCrypt](../../../wiki/advanced/dns-overview/index.md#dnscrypt), [DoH](../../../wiki/advanced/dns-overview/index.md#dns-over-https-doh), and [Anonymized DNS](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Anonymized-DNS).

@@ -52,7 +52,7 @@ Using an aliasing service requires trusting both your email provider and your al

 ### Addy.io

-{{< title-card >}}
+{{< title-card logo="./addy.svg" >}}

 **Addy.io** lets you create 10 domain aliases on a shared domain for free, or unlimited ["standard" aliases](https://addy.io/faq/#what-is-a-standard-alias).

@@ -86,7 +86,7 @@ If you cancel your subscription, you will still enjoy the features of your paid

 ### SimpleLogin

-{{< title-card >}}
+{{< title-card logo="./simplelogin.svg" >}}

 **SimpleLogin** is a free service which provides email aliases on a variety of shared domain names, and optionally provides paid features like unlimited aliases and custom domains.

@@ -38,13 +38,6 @@ In addition to (or instead of) an email provider recommended here, you may wish

 These providers natively support OpenPGP encryption/decryption and the [Web Key Directory (WKD) standard](../../../wiki/basics/email-security/index.md#what-is-the-web-key-directory-standard), allowing for provider-agnostic end-to-end encrypted emails. For example, a Proton Mail user could send an E2EE message to a Mailbox Mail user, or you could receive OpenPGP-encrypted notifications from internet services which support it.

-<div class="grid cards" markdown>
-
- ![Proton Mail logo](./protonmail.svg){ .twemoji } [Proton Mail](#proton-mail)
- ![Mailbox Mail logo](./mailbox-mail.svg){ .twemoji } [Mailbox Mail](#mailbox-mail)
-
-</div>
-
 > [!WARNING]
 > When using E2EE technology like OpenPGP your email will still have some metadata that is not encrypted in the header of the email, generally including the subject line! Read more about [email metadata](../../../wiki/basics/email-security/index.md#email-metadata-overview).
 >
@@ -54,7 +47,7 @@ These providers natively support OpenPGP encryption/decryption and the [Web Key

 ### Proton Mail

-{{< title-card >}}
+{{< title-card logo="./protonmail.svg" >}}

 **Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland.

@@ -129,7 +122,7 @@ Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimite

 ### Mailbox Mail

-{{< title-card >}}
+{{< title-card logo="./mailbox-mail.svg" >}}

 **Mailbox Mail** (formerly *Mailbox.org*) is an email service with a focus on being secure, ad-free, and powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox Mail is based in Berlin, Germany.

@@ -184,15 +177,9 @@ Mailbox Mail has a digital legacy feature for all plans. You can choose whether

 These providers encrypt your emails in a way that only you can read them later, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between different providers.

-<div class="grid cards" markdown>
-
- ![Tuta logo](./tuta.svg#only-light){ .twemoji loading=lazy }![Tuta logo](./tuta-dark.svg#only-dark){ .twemoji loading=lazy } [Tuta](#tuta)
-
-</div>
-
 ### Tuta

-{{< title-card >}}
+{{< title-card logo="./tuta.svg" >}}

 **Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany.

@@ -31,7 +31,7 @@ There are a number of services which provide "virtual debit cards" which you can

 ### Privacy.com (US)

-{{< title-card >}}
+{{< title-card logo="./privacy_com.svg" >}}

 **Privacy.com**'s free plan allows you to create up to 12 virtual cards per month, set spend limits on those cards, and shut off cards instantly. Their paid plans provide higher limits on the number of cards that can be created each month.

@@ -46,7 +46,7 @@ Privacy.com gives information about the merchants you purchase from to your bank

 ### MySudo (US, Paid)

-{{< title-card >}}
+{{< title-card logo="./mysudo.svg" >}}

 **MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](../email-aliasing/index.md) for extensive email aliasing use.

@@ -81,7 +81,7 @@ These services allow you to purchase gift cards for a variety of merchants onlin

 ### Coincards

-{{< title-card >}}
+{{< title-card logo="./coincards.svg" >}}

 **Coincards** allows you to purchase gift cards for a large variety of merchants. Their homepage has a complete listing of the various countries where their service is available.

@@ -26,7 +26,7 @@ These recommendations for encrypted **real-time communication** are great for se

 ## Signal

-{{< title-card >}}
+{{< title-card logo="./signal.svg" >}}

 **Signal** is a mobile app developed by Signal Messenger LLC. The app provides instant messaging and calls secured with the Signal protocol, an extremely secure encryption protocol which supports forward secrecy[^1] and post-compromise security.[^2]

@@ -69,7 +69,7 @@ The protocol was independently [audited](https://eprint.iacr.org/2016/1013.pdf)

 If you use Android and your threat model requires protecting against [Targeted Attacks](../../../wiki/basics/common-threats/index.md#attacks-against-specific-individuals){ .pg-red } you may consider using this alternative app, which features a number of security and usability improvements, to access the Signal network.

-{{< title-card >}}
+{{< title-card logo="./molly.svg" >}}

 **Molly** is an alternative Signal client for Android which allows you to encrypt the local database with a passphrase at rest, to have unused RAM data securely shredded, to route your connection via Tor, and [more](https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening#privacy-and-security-features). It also has usability improvements including scheduled backups, automatic locking, and the ability to use your Android phone as a linked device instead of the primary device for a Signal account.

@@ -94,7 +94,7 @@ Both versions of Molly provide the same security improvements and support [repro

 ## SimpleX Chat

-{{< title-card >}}
+{{< title-card logo="./simplex.svg" >}}

 **SimpleX Chat** is an instant messenger that doesn't depend on any unique identifiers such as phone numbers or usernames. Its decentralized network makes SimpleX Chat an effective tool against [Censorship](../../../wiki/basics/common-threats/index.md#avoiding-censorship){ .pg-blue-gray }.

@@ -123,7 +123,7 @@ SimpleX Chat was independently audited in [July 2024](https://simplex.chat/blog/

 ## Briar

-{{< title-card >}}
+{{< title-card logo="./briar.svg" >}}

 **Briar** is an encrypted instant messenger that [connects](https://briarproject.org/how-it-works) to other clients using the [Tor network](../../advanced/alternative-networks/index.md#tor), making it an effective tool at circumventing [Censorship](../../../wiki/basics/common-threats/index.md#avoiding-censorship){ .pg-blue-gray }. Briar can also connect via Wi-Fi or Bluetooth when in local proximity. Briar’s local mesh mode can be useful when internet availability is a problem.

@@ -32,7 +32,7 @@ These password managers sync your passwords to a cloud server for easy accessibi

 ### Bitwarden

-{{< title-card >}}
+{{< title-card logo="./bitwarden.svg" >}}

 **Bitwarden** is a free and open-source password and passkey manager. It aims to solve password management problems for individuals, teams, and business organizations. Bitwarden is among the best and safest solutions to store all of your logins and passwords while conveniently keeping them synced between all of your devices.

@@ -63,7 +63,7 @@ Bitwarden's server-side code is [open source](https://github.com/bitwarden/serve

 ### Proton Pass

-{{< title-card >}}
+{{< title-card logo="./protonpass.svg" >}}

 **Proton Pass** is an open-source, end-to-end encrypted password manager developed by Proton, the team behind [Proton Mail](../email/index.md#proton-mail). It securely stores your login credentials, generates unique email aliases, and supports and stores passkeys.

@@ -92,7 +92,7 @@ All issues were addressed and fixed shortly after the [report](https://res.cloud

 ### 1Password

-{{< title-card >}}
+{{< title-card logo="./1password.svg" >}}

 **1Password** is a password manager with a strong focus on security and ease-of-use that allows you to store passwords, passkeys, credit cards, software licenses, and any other sensitive information in a secure digital vault. Your vault is hosted on 1Password's servers for a [monthly fee](https://1password.com/sign-up).

@@ -122,7 +122,7 @@ Your 1Password vault is secured with both your master password and a randomized

 ### Psono

-{{< title-card >}}
+{{< title-card logo="./psono.svg" >}}

 **Psono** is a free and open-source password manager from Germany, with a focus on password management for teams. Psono supports secure sharing of passwords, files, bookmarks, and emails. All secrets are protected by a master password.

@@ -20,7 +20,7 @@ Most cloud **photo backup** solutions like Google Photos, Flickr, and Amazon Pho

 ## Ente Photos

-{{< title-card >}}
+{{< title-card logo="./ente.svg" >}}

 **Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting).

@@ -47,7 +47,7 @@ Consider using a [VPN](../vpn/index.md) or [Tor](../../software/tor/index.md) if

 ### Brave Search

-{{< title-card >}}
+{{< title-card logo="./brave-search.svg" >}}

 **Brave Search** is a search engine developed by Brave. It includes unique features such as [Discussions](https://search.brave.com/help/discussions), which highlights conversation-focused results such as forum posts.

@@ -64,7 +64,7 @@ We recommend you disable [Anonymous usage metrics](https://search.brave.com/help

 ### DuckDuckGo

-{{< title-card >}}
+{{< title-card logo="./duckduckgo.svg" >}}

 **DuckDuckGo** is one of the more mainstream private search engine options. Notable DuckDuckGo search features include [bangs](https://duckduckgo.com/bang) and a variety of [instant answers](https://help.duckduckgo.com/duckduckgo-help-pages/features/instant-answers-and-other-features). The search engine uses numerous [sources](https://help.duckduckgo.com/results/sources) other than Bing for instant answers and other non-primary results.

@@ -81,7 +81,7 @@ DuckDuckGo offers two [other versions](https://help.duckduckgo.com/features/non-

 ### Startpage

-{{< title-card >}}
+{{< title-card logo="./startpage.svg" >}}

 **Startpage** is a private search engine. One of Startpage's unique features is the [Anonymous View](https://startpage.com/en/anonymous-view), which puts forth efforts to standardize user activity to make it more difficult to be uniquely identified. The feature can be useful for hiding [some](https://support.startpage.com/hc/articles/4455540212116-The-Anonymous-View-Proxy-technical-details) network and browser properties. Unlike the name suggests, the feature should not be relied upon for anonymity. If you are looking for anonymity, use the [Tor Browser](../../software/tor/index.md#tor-browser) instead.

@@ -102,7 +102,7 @@ A [metasearch engine](https://en.wikipedia.org/wiki/Metasearch_engine) aggregate

 ### SearXNG

-{{< title-card >}}
+{{< title-card logo="./searxng.svg" >}}

 **SearXNG** is an open-source, self-hostable, metasearch engine. It is an actively maintained fork of [SearX](https://github.com/searx/searx).

@@ -37,7 +37,7 @@ Our recommended providers use encryption, support WireGuard & OpenVPN, and have

 ## Proton VPN

-{{< title-card >}}
+{{< title-card logo="./protonvpn.svg" >}}

 **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option.

@@ -118,7 +118,7 @@ Additionally, system crashes [may occur](https://protonvpn.com/support/macos-t2-

 ## IVPN

-{{< title-card >}}
+{{< title-card logo="./ivpn.svg" >}}

 **IVPN** is another premium VPN provider, and they have been in operation since 2009. IVPN is based in Gibraltar and does not offer a free trial.

@@ -186,7 +186,7 @@ IVPN clients support two-factor authentication. IVPN also provides "[AntiTracker

 ## Mullvad

-{{< title-card >}}
+{{< title-card logo="./mullvad.svg" >}}

 **Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since 2009. Mullvad is based in Sweden and offers a 14-day money-back guarantee for [payment methods](https://mullvad.net/en/help/refunds) that allow it.

@@ -66,7 +66,7 @@ To help you choose a model that fits your needs, you can look at leaderboards an

 ### Kobold.cpp

-{{< title-card >}}
+{{< title-card logo="./kobold.png" >}}

 **Kobold.cpp** is an AI client that runs locally on your Windows, Mac, or Linux computer. It's an excellent choice if you are looking for heavy customization and tweaking, such as for role-playing purposes.

@@ -90,7 +90,7 @@ Kobold.cpp allows you to modify parameters such as the AI model temperature and

 ### Ollama (CLI)

-{{< title-card >}}
+{{< title-card logo="./ollama.png" >}}

 **Ollama** is a command-line AI assistant that is available on macOS, Linux, and Windows. Ollama is a great choice if you're looking for an AI client that's easy-to-use, widely compatible, and fast due to its use of inference and other techniques. It also doesn't involve any manual setup.

@@ -111,7 +111,7 @@ Ollama simplifies the process of setting up a local AI chat by downloading the A

 ### Llamafile

-{{< title-card >}}
+{{< title-card logo="./llamafile.webp" >}}

 **Llamafile** is a lightweight, single-file executable that allows users to run LLMs locally on their own computers without any setup involved. It is [backed by Mozilla](https://hacks.mozilla.org/2023/11/introducing-llamafile) and available on Linux, macOS, and Windows.

@@ -26,7 +26,7 @@ Don't install extensions which you don't immediately have a need for, or ones th

 ### uBlock Origin

-{{< title-card >}}
+{{< title-card logo="./ublock_origin.svg" >}}

 **uBlock Origin** is a popular content blocker that could help you block ads, trackers, and fingerprinting scripts.

@@ -56,7 +56,7 @@ uBlock Origin also has a "Lite" version of their extension, which offers a limit
 - ...you want a more resource (memory/CPU) efficient content blocker[^1]
 - ...your browser only supports Manifest V3 extensions. This is the case for Chrome [^2] , Edge and most Chromium browsers.

-{{< title-card >}}
+{{< title-card logo="./ublock_origin_lite.svg" >}}

 **uBlock Origin Lite** is a Manifest V3 compatible content blocker. Compared to the original *uBlock Origin*, this extension does not require broad "read/modify data" permissions to function, which lowers the risk of [Passive Attacks](../../../wiki/basics/common-threats/index.md#security-and-privacy){ .pg-orange } on your browser if a malicious rule is added to a filter list.

@@ -83,7 +83,7 @@ uBlock Origin Lite only receives block list updates whenever the extension is up

 We recommend [Safari](../mobile-browsers/index.md#safari-ios) for iOS users, which unfortunately is only supported by uBlock Origin **Lite**. Luckily, AdGuard provides an adequate alternative:

-{{< title-card >}}
+{{< title-card logo="./adguard.svg" >}}

 **AdGuard for iOS** is a free and open-source content-blocking extension for Safari that uses the native [Content Blocker API](https://developer.apple.com/documentation/safariservices/creating_a_content_blocker).

@@ -25,7 +25,7 @@ Making payments online is one of the biggest challenges to privacy. These crypto

 ## Monero

-{{< title-card >}}
+{{< title-card logo="./monero.svg" >}}

 **Monero** uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve [Anonymity](../../../wiki/basics/common-threats/index.md#anonymity-vs-privacy){ .pg-purple }. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices.

@@ -23,7 +23,7 @@ When sharing files, be sure to remove associated metadata. Image files commonly

 ## MAT2

-{{< title-card >}}
+{{< title-card logo="./mat2.svg" >}}

 **MAT2** is free, cross-platform software which allows you to remove metadata from image, audio, torrent, and document file types. It provides both a command line tool and a graphical user interface via an extension for [Dolphin](https://github.com/jvoisin/mat2/tree/master/dolphin), the default file manager of [KDE](https://kde.org).

@@ -41,7 +41,7 @@ When sharing files, be sure to remove associated metadata. Image files commonly

 ## ExifEraser (Android)

-{{< title-card >}}
+{{< title-card logo="./exiferaser.svg" >}}

 **ExifEraser** is a modern, permissionless image metadata erasing application for Android.

@@ -87,7 +87,7 @@ This shortcut removes metadata such as location, device model, lens model, and o

 ## ExifTool (CLI)

-{{< title-card >}}
+{{< title-card logo="./exiftool.png" >}}

 **ExifTool** is the original Perl library and command-line application for reading, writing, and editing meta information (Exif, IPTC, XMP, and more) in a wide variety of file formats (JPEG, TIFF, PNG, PDF, RAW, and more).

@@ -22,7 +22,7 @@ If you need to browse the internet anonymously, you should use [Tor](../tor/inde

 ## Mullvad Browser

-{{< title-card >}}
+{{< title-card logo="./mullvad_browser.svg" >}}

 **Mullvad Browser** is a version of [Tor Browser](../tor/index.md#tor-browser) with Tor network integrations removed. It aims to provide to VPN users Tor Browser's anti-fingerprinting browser technologies, which are key protections against [Mass Surveillance](../../../wiki/basics/common-threats/index.md#mass-surveillance-programs){ .pg-blue }. It is developed by the Tor Project and distributed by [Mullvad](../../services/vpn/index.md#mullvad), and does **not** require the use of Mullvad's VPN.

@@ -61,7 +61,7 @@ This is required to prevent advanced forms of tracking, but does come at the cos

 ## Firefox

-{{< title-card >}}
+{{< title-card logo="./firefox.svg" >}}

 **Firefox** provides strong privacy settings such as [Enhanced Tracking Protection](https://support.mozilla.org/kb/enhanced-tracking-protection-firefox-desktop), which can help block various [types of tracking](https://support.mozilla.org/kb/enhanced-tracking-protection-firefox-desktop#w_what-enhanced-tracking-protection-blocks).

@@ -169,7 +169,7 @@ Arkenfox only aims to thwart basic or naive tracking scripts through canvas rand

 ## Brave

-{{< title-card >}}
+{{< title-card logo="./brave.svg" >}}

 **Brave Browser** includes a built-in content blocker and [privacy features](https://brave.com/privacy-features), many of which are enabled by default.

@@ -18,7 +18,7 @@ Most online **document collaboration** platforms like Google Drive do not suppor

 ## CryptPad

-{{< title-card >}}
+{{< title-card logo="./cryptpad.svg" >}}

 **CryptPad** is a private-by-design alternative to popular, full-fledged office suites. All content on this web service is E2EE and can be shared with other users easily.

@@ -39,7 +39,7 @@ OpenPGP also does not support [forward secrecy](https://en.wikipedia.org/wiki/Fo

 ### Thunderbird

-{{< title-card >}}
+{{< title-card logo="./thunderbird.svg" >}}

 **Thunderbird** is a free, open-source, cross-platform email, newsgroup, news feed, and chat (XMPP, IRC, Matrix) client developed by the Thunderbird community, and previously by the Mozilla Foundation.

@@ -89,7 +89,7 @@ These options can be found in the menu → **Settings** → **Privacy & Security

 ### Apple Mail (macOS)

-{{< title-card >}}
+{{< title-card logo="./applemail.png" >}}

 **Apple Mail** is included in macOS and can be extended to have OpenPGP support with [GPG Suite](../encryption/index.md#gpg-suite), which adds the ability to send PGP-encrypted email.

@@ -104,7 +104,7 @@ Apple Mail has the ability to load remote content in the background or block it

 ### FairEmail (Android)

-{{< title-card >}}
+{{< title-card logo="./fairemail.svg" >}}

 **FairEmail** is a minimal, open-source email app which uses open standards (IMAP, SMTP, OpenPGP) and minimizes data and battery usage.

@@ -120,7 +120,7 @@ Apple Mail has the ability to load remote content in the background or block it

 ### GNOME Evolution (GNOME)

-{{< title-card >}}
+{{< title-card logo="./evolution.svg" >}}

 **Evolution** is a personal information management application that provides integrated mail, calendaring, and address book functionality. Evolution has extensive [documentation](https://gnome.pages.gitlab.gnome.org/evolution/help) to help you get started.

@@ -135,7 +135,7 @@ Apple Mail has the ability to load remote content in the background or block it

 ### Kontact (KDE)

-{{< title-card >}}
+{{< title-card logo="./kontact.svg" >}}

 **Kontact** is a personal information manager (PIM) application from the [KDE](https://kde.org) project. It provides a mail client, address book, RSS client, and an organizer.

@@ -151,7 +151,7 @@ Apple Mail has the ability to load remote content in the background or block it

 ### Mailvelope (Browser)

-{{< title-card >}}
+{{< title-card logo="./mailvelope.svg" >}}

 **Mailvelope** is a browser extension that enables the exchange of encrypted emails following the OpenPGP encryption standard.

@@ -168,7 +168,7 @@ Apple Mail has the ability to load remote content in the background or block it

 ### NeoMutt (CLI)

-{{< title-card >}}
+{{< title-card logo="./mutt.svg" >}}

 **NeoMutt** is an open-source command line email reader for Linux and BSD. It's a fork of [Mutt](https://en.wikipedia.org/wiki/Mutt_(email_client)) with added features.

@@ -32,7 +32,7 @@ The options listed here are available on multiple platforms and great for creati
 <small>Protects against the following threat(s):</small>
 [{{< badge content="Passive Attacks" color="amber" >}}](../../../wiki/basics/common-threats/index.md#security-and-privacy)

-{{< title-card >}}
+{{< title-card logo="./cryptomator.svg" >}}

 **Cryptomator** is an encryption solution designed for privately saving files to any cloud [Service Provider](../../../wiki/basics/common-threats/index.md#privacy-from-service-providers){ .pg-teal }, eliminating the need to trust that they won't access your files. It allows you to create vaults that are stored on a virtual drive, the contents of which are encrypted and synced with your cloud storage provider.

@@ -64,7 +64,7 @@ Cryptomator's documentation details its intended [security target](https://docs.
 <small>Protects against the following threat(s):</small>
 [{{< badge content="Targeted Attacks" color="red" >}}](../../../wiki/basics/common-threats/index.md#attacks-against-specific-individuals)

-{{< title-card >}}
+{{< title-card logo="./veracrypt.svg" >}}

 **VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication.

@@ -102,7 +102,7 @@ Powering off your devices when they’re not in use provides the highest level o

 ### BitLocker

-{{< title-card >}}
+{{< title-card logo="./bitlocker.png" >}}

 **BitLocker** is the full volume encryption solution bundled with Microsoft Windows that uses the Trusted Platform Module ([TPM](https://learn.microsoft.com/windows/security/information-protection/tpm/how-windows-uses-the-tpm)) for hardware-based security.

@@ -119,7 +119,7 @@ Pro and higher editions also support the more secure pre-boot [TPM+PIN](https://

 ### FileVault

-{{< title-card >}}
+{{< title-card logo="./filevault.png" >}}

 **FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault takes advantage of the [hardware security capabilities](../../../wiki/os/macos/index.md#hardware-security) present on an Apple Silicon SoC or T2 Security Chip.

@@ -134,7 +134,7 @@ We advise against using your iCloud account for recovery; instead, you should se

 ### Linux Unified Key Setup

-{{< title-card >}}
+{{< title-card logo="./luks.png" >}}

 **LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers.

@@ -180,7 +180,7 @@ Tools with command-line interfaces are useful for integrating [shell scripts](ht

 ### Kryptor

-{{< title-card >}}
+{{< title-card logo="./kryptor.png" >}}

 **Kryptor** is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign) to provide a simple, easier alternative to GPG.

@@ -197,7 +197,7 @@ Tools with command-line interfaces are useful for integrating [shell scripts](ht

 ### Tomb

-{{< title-card >}}
+{{< title-card logo="./tomb.png" >}}

 **Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://dyne.org/software/tomb/#advanced-usage).

@@ -228,7 +228,7 @@ When encrypting with PGP, you have the option to configure different options in

 ### GNU Privacy Guard

-{{< title-card >}}
+{{< title-card logo="./gnupg.svg" >}}

 **GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government.

@@ -245,7 +245,7 @@ When encrypting with PGP, you have the option to configure different options in

 ### GPG4win

-{{< title-card >}}
+{{< title-card logo="./gpg4win.svg" >}}

 **GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005.

@@ -260,7 +260,7 @@ When encrypting with PGP, you have the option to configure different options in

 ### GPG Suite

-{{< title-card >}}
+{{< title-card logo="./gpgsuite.png" >}}

 **GPG Suite** provides OpenPGP support for [Apple Mail](../email-clients/index.md#apple-mail-macos) and other email clients on macOS.

@@ -279,7 +279,7 @@ Currently, GPG Suite does [not yet](https://gpgtools.com/sequoia) have a stable

 ### OpenKeychain

-{{< title-card >}}
+{{< title-card logo="./openkeychain.svg" >}}

 **OpenKeychain** is an implementation of GnuPG for Android. It's commonly required by mail clients such as [Thunderbird](../email-clients/index.md#thunderbird), [FairEmail](../email-clients/index.md#fairemail-android), and other Android apps to provide encryption support.

@@ -24,7 +24,7 @@ If you already use [Proton Drive](../../services/cloud/index.md#proton-drive)[^1

 ### Send

-{{< title-card >}}
+{{< title-card logo="./send.svg" >}}

 **Send** is a fork of Mozilla's discontinued Firefox Send service which allows you to send files to others with a link. Files are encrypted on your device so that they cannot be read by the server, and they can be optionally password-protected as well. The maintainer of Send hosts a [public instance](https://send.vis.ee). You can use other public instances, or you can host Send yourself.

@@ -43,7 +43,7 @@ ffsend upload --host https://send.vis.ee/ FILE

 ### OnionShare

-{{< title-card >}}
+{{< title-card logo="./onionshare.svg" >}}

 **OnionShare** is an open-source tool that lets you securely and [anonymously](../../../wiki/basics/common-threats/index.md#anonymity-vs-privacy){ .pg-purple } share a file of any size. It works by starting a web server accessible as a Tor onion service, with an unguessable URL that you can share with the recipients to download or send files.

@@ -73,7 +73,7 @@ OnionShare provides the option to connect via [Tor bridges](https://docs.onionsh

 ### Syncthing (P2P)

-{{< title-card >}}
+{{< title-card logo="./syncthing.svg" >}}

 **Syncthing** is an open-source peer-to-peer continuous file synchronization utility. It is used to synchronize files between two or more devices over the local network or the internet. Syncthing does not use a centralized server; it uses the [Block Exchange Protocol](https://docs.syncthing.net/specs/bep-v1.html#bep-v1) to transfer data between devices. All data is encrypted using TLS.

@@ -30,7 +30,7 @@ When you are using an instance run by someone else, make sure to read the privac

 ### Redlib

-{{< title-card >}}
+{{< title-card logo="./redlib.svg" >}}

 **Redlib** is an open-source frontend to the [Reddit](https://reddit.com) website that is also self-hostable. You can access Redlib through a number of public instances.

@@ -53,7 +53,7 @@ When you are using an instance run by someone else, make sure to read the privac

 ### ProxiTok

-{{< title-card >}}
+{{< title-card logo="./proxitok.svg" >}}

 **ProxiTok** is an open-source frontend to the [TikTok](https://tiktok.com) website that is also self-hostable.

@@ -76,7 +76,7 @@ There are a number of public instances, with some that offer a [Tor](../tor/inde

 ### Invidious

-{{< title-card >}}
+{{< title-card logo="./invidious.svg" >}}

 **Invidious** is a free and open-source frontend for [YouTube](https://youtube.com) that is also self-hostable.

@@ -99,7 +99,7 @@ There are a number of public instances, with some that offer a [Tor](../tor/inde

 ### Piped

-{{< title-card >}}
+{{< title-card logo="./piped.svg" >}}

 **Piped** is a free and open-source frontend for [YouTube](https://youtube.com) that is also self-hostable.

@@ -118,7 +118,7 @@ Piped requires JavaScript in order to function and there are a number of public

 ### FreeTube

-{{< title-card >}}
+{{< title-card logo="./freetube.svg" >}}

 **FreeTube** is a free and open-source desktop application for [YouTube](https://youtube.com). FreeTube extracts data from YouTube using its built-in API based on [YouTube.js](https://github.com/LuanRT/YouTube.js) or the [Invidious](#invidious) API. You can configure either as the default, with the other serving as a fallback.

@@ -144,7 +144,7 @@ By default, FreeTube blocks all YouTube advertisements. In addition, FreeTube op

 ### LibreTube (Android)

-{{< title-card >}}
+{{< title-card logo="./libretube.svg" >}}

 **LibreTube** is a free and open-source Android application for [YouTube](https://youtube.com) which uses the [Piped](#piped) API.

@@ -167,7 +167,7 @@ By default, LibreTube blocks all YouTube advertisements. Additionally, LibreTube

 ### NewPipe (Android)

-{{< title-card >}}
+{{< title-card logo="./newpipe.svg" >}}

 **NewPipe** is a free and open-source Android application for [YouTube](https://youtube.com), [SoundCloud](https://soundcloud.com), [media.ccc.de](https://media.ccc.de), [Bandcamp](https://bandcamp.com), and [PeerTube](https://joinpeertube.org) (1).

@@ -28,7 +28,7 @@ Popular menstrual trackers like [Flo](https://techcrunch.com/2021/01/13/flo-gets

 ### Drip

-{{< title-card >}}
+{{< title-card logo="./drip.png" >}}

 **Drip** is a gender-inclusive and open source menstrual cycle tracker available on all mobile platforms. It relies on the "sympto-thermal method" to predict ovulation. All user data is stored locally on your device and can be protected with a password.

@@ -45,7 +45,7 @@ Popular menstrual trackers like [Flo](https://techcrunch.com/2021/01/13/flo-gets

 ### Euki

-{{< title-card >}}
+{{< title-card logo="./euki.svg" >}}

 **Euki** is a nonprofit-backed menstrual cycle tracker that also doubles as a medication tracker and sexual wellness knowledge base. It allows you to schedule the automatic deletion of your personal data in the app. All user data is stored locally on your device and can be protected with a password.

@@ -61,7 +61,7 @@ Popular menstrual trackers like [Flo](https://techcrunch.com/2021/01/13/flo-gets

 ### Apple Health

-{{< title-card >}}
+{{< title-card logo="./apple-health.webp" >}}

 **Apple Health** is one of the default apps installed on iOS devices. It includes many health and wellness features (see [Health Records](#apple-health-records)), including menstrual cycle tracking. It also uses gender-neutral language. Apple Health always uses end-to-end encryption when syncing across multiple devices.

@@ -80,7 +80,7 @@ These general purpose apps can do everything from counting steps and tracking sl

 ### Apple Fitness

-{{< title-card >}}
+{{< title-card logo="./apple-fitness.webp" >}}

 **Apple Fitness** is the default fitness app for iOS. Apple Fitness always uses end-to-end encryption when syncing across multiple devices. Additionally, almost all measured data is processed on your device.

@@ -95,7 +95,7 @@ These general purpose apps can do everything from counting steps and tracking sl

 ### Gadgetbridge

-{{< title-card >}}
+{{< title-card logo="./gadgetbridge.svg" >}}

 **Gadgetbridge** is an open-source Android application which allows you to pair and manage your Bluetooth device without relying on the vendor’s application. When paired with a compatible smartwatch, it can mimic the health and wellness functionality of these watches without third-party data collection.

@@ -118,7 +118,7 @@ These apps help you collect and manage personal health data and share it with he

 ### Apple Health Records

-{{< title-card >}}
+{{< title-card logo="./apple-health.webp" >}}

 **Apple Health Records** is a built-in feature within [Apple Health](#apple-health) that allows you to view, store, and share your health records.

@@ -133,7 +133,7 @@ These apps help you collect and manage personal health data and share it with he

 ### CommonHealth

-{{< title-card >}}
+{{< title-card logo="./commonhealth.png" >}}

 **CommonHealth** is a privacy-respecting Android app that allows people to access their electronic health records and securely share it to providers. All health data is stored on your device and can be protected with a passcode or biometric authentication.

@@ -22,7 +22,7 @@ Text inputted to grammar, spelling, and style checkers, as well as translation s

 ### LanguageTool

-{{< title-card >}}
+{{< title-card logo="./languagetool.svg" >}}

 **LanguageTool** is a multilingual grammar, style, and spell checker that supports more than 20 languages. According to their privacy policy, they do not store any content sent to their service for review, but for higher assurance the software is [self-hostable](https://dev.languagetool.org/http-server).

@@ -46,7 +46,7 @@ LanguageTool offers integration with a variety of [office suites](https://langua

 ### LibreTranslate

-{{< title-card >}}
+{{< title-card logo="./libretranslate.png" >}}

 **LibreTranslate** is a free and open-source machine translation web interface and API server. It uses [Argos Translate](https://github.com/argosopentech/argos-translate) models on the backend for translations.

@@ -21,7 +21,7 @@ The recommendations here do not collect personally identifying information (PII)

 ## Organic Maps

-{{< title-card >}}
+{{< title-card logo="./organic-maps.svg" >}}

 **Organic Maps** is an open-source, community-developed map display and satnav-style navigation app for walkers, drivers, and cyclists. The app offers worldwide, offline maps based on OpenStreetMap data, and navigation with privacy — no location tracking, no data collection, and no ads. The app can be used completely offline.

@@ -43,7 +43,7 @@ Please note that Organic Maps is a simple, basic app that lacks certain features

 ## OsmAnd

-{{< title-card >}}
+{{< title-card logo="./osmand.svg" >}}

 **OsmAnd** is an open-source, offline map and navigation application based on OpenStreetMap that offers turn-by-turn navigation for walking, cycling, driving, as well as public transport. You can find a detailed overview of OsmAnd's supported [features](https://wiki.openstreetmap.org/wiki/OsmAnd#Features) on the OpenStreet Map Wiki.

@@ -20,7 +20,7 @@ These are our currently recommended **mobile web browsers** and configurations f

 ## Brave

-{{< title-card >}}
+{{< title-card logo="./brave.svg" >}}

 **Brave Browser** includes a built-in content blocker and [privacy features](https://brave.com/privacy-features), many of which are enabled by default.

@@ -163,7 +163,7 @@ These options can be found in the menu → **Settings** → **Search engines**.

 On iOS, any app that can browse the web is [restricted](https://developer.apple.com/app-store/review/guidelines) to using an Apple-provided [WebKit framework](https://developer.apple.com/documentation/webkit), so a browser like [Brave](#brave) does not use the Blink engine (the core component of Chromium) like its counterparts on other operating systems.

-{{< title-card >}}
+{{< title-card logo="./safari.svg" >}}

 **Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites, so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.

@@ -24,7 +24,7 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative

 ## Ente Auth

-{{< title-card >}}
+{{< title-card logo="./ente-auth.svg" >}}

 **Ente Auth** is a free and open-source app which stores and generates TOTP tokens. It can be used with an online account to back up and sync your tokens across your devices (and access them via a web interface) in a secure, end-to-end encrypted fashion. It can also be used offline on a single device with no account necessary.

@@ -44,7 +44,7 @@ The server-side source code and infrastructure which underpins Ente Auth (if use

 ## Aegis Authenticator (Android)

-{{< title-card >}}
+{{< title-card logo="./aegis.png" >}}

 **Aegis Authenticator** is a free and open-source app for Android to manage your 2-step verification tokens for your online services. Aegis Authenticator operates completely offline/locally, but includes the option to export your tokens for backup unlike many alternatives.

@@ -25,7 +25,7 @@ A **news aggregator** is software which aggregates digital content from online n

 ### Akregator

-{{< title-card >}}
+{{< title-card logo="./akregator.svg" >}}

 **Akregator** is a news feed reader that is a part of the [KDE](https://kde.org) project. It comes with a fast search, advanced archiving functionality, and an internal browser for easy news reading.

@@ -40,7 +40,7 @@ A **news aggregator** is software which aggregates digital content from online n

 ### NewsFlash

-{{< title-card >}}
+{{< title-card logo="./newsflash.png" >}}

 **NewsFlash** is an open-source, modern, and easy-to-use news feed reader for Linux. It can be used offline or with services like [Inoreader](https://inoreader.com) or [Nextcloud News](https://apps.nextcloud.com/apps/news). It has a search feature and a pre-defined list of sources that you can add directly.

@@ -55,7 +55,7 @@ A **news aggregator** is software which aggregates digital content from online n

 ### Feeder

-{{< title-card >}}
+{{< title-card logo="./feeder.png" >}}

 **Feeder** is a modern RSS client for Android that has many [features](https://github.com/spacecowboy/Feeder#features) and works well with folders of RSS feeds.

@@ -73,7 +73,7 @@ It supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedi

 ### Miniflux

-{{< title-card >}}
+{{< title-card logo="./miniflux.svg" >}}

 **Miniflux** is a web-based news aggregator that you can self-host.

@@ -88,7 +88,7 @@ It supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedi

 ### NetNewsWire

-{{< title-card >}}
+{{< title-card logo="./netnewswire.png" >}}

 **NetNewsWire** is a free and open-source feed reader for macOS and iOS with a focus on a native design and feature set.

@@ -106,7 +106,7 @@ It supports conventional feed formats and includes built-in support for Reddit f

 ### Newsboat

-{{< title-card >}}
+{{< title-card logo="./newsboat.svg" >}}

 **Newsboat** is an RSS/Atom feed reader for the text console. It's an actively maintained fork of [Newsbeuter](https://en.wikipedia.org/wiki/Newsbeuter). It is very lightweight and ideal for use over [Secure Shell](https://en.wikipedia.org/wiki/Secure_Shell).

@@ -26,7 +26,7 @@ If you are currently using an application like Evernote, Google Keep, or Microso

 ### Standard Notes

-{{< title-card >}}
+{{< title-card logo="./standard-notes.svg" >}}

 **Standard Notes** is a simple and private notes app that features cross-platform sync for seamless use. It features E2EE on every platform, and a powerful desktop experience with themes and custom editors.

@@ -51,7 +51,7 @@ Standard Notes has [joined Proton AG](https://standardnotes.com/blog/joining-for

 ### Notesnook

-{{< title-card >}}
+{{< title-card logo="./notesnook.svg" >}}

 **Notesnook** is a free (as in speech), open-source, and easy-to-use E2EE note-taking app focused on user privacy.

@@ -77,7 +77,7 @@ It features sync functionality that allows you to access your notes on multiple

 ### Joplin

-{{< title-card >}}
+{{< title-card logo="./joplin.svg" >}}

 **Joplin** is a free, open-source, and fully-featured E2EE note-taking and to-do application which can handle numerous Markdown notes organized into notebooks and tags.

@@ -103,7 +103,7 @@ Joplin [does not support](https://github.com/laurent22/joplin/issues/289) passwo

 ### Cryptee

-{{< title-card >}}
+{{< title-card logo="./cryptee.svg" >}}

 **Cryptee** is an open-source, web-based E2EE document editor and photo storage application.

@@ -124,7 +124,7 @@ Cryptee is a PWA, which means that it works seamlessly across all modern devices

 ### Org-mode

-{{< title-card >}}
+{{< title-card logo="./org-mode.svg" >}}

 **Org-mode** is a [major mode](https://gnu.org/software/emacs/manual/html_node/elisp/Major-Modes.html) for GNU Emacs. Org-mode is for keeping notes, maintaining to-do lists, planning projects, and authoring documents with a fast and effective plain-text system. File synchronization is possible with tools like [Syncthing](../file-sharing/index.md#syncthing-p2p).

@@ -19,7 +19,7 @@ Choose an **office suite** that does not require logging in to an account to acc

 ## LibreOffice

-{{< title-card >}}
+{{< title-card logo="./libreoffice.svg" >}}

 **LibreOffice** is a free and open-source office suite with extensive functionality.

@@ -39,7 +39,7 @@ Choose an **office suite** that does not require logging in to an account to acc

 ## OnlyOffice

-{{< title-card >}}
+{{< title-card logo="./onlyoffice.svg" >}}

 **OnlyOffice** is a cloud-based free and open-source office suite with extensive functionality, including integration with Nextcloud.

@@ -17,7 +17,7 @@ These options allow you to manage an encrypted password database locally.

 ## KeePassXC

-{{< title-card >}}
+{{< title-card logo="./keepassxc.svg" >}}

 **KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bug fixes to provide a feature-rich, cross-platform, and modern open-source password manager.

@@ -39,7 +39,7 @@ KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-se

 ## KeePassDX (Android)

-{{< title-card >}}
+{{< title-card logo="./keepassdx.svg" >}}

 **KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms securely.

@@ -59,7 +59,7 @@ The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.ke

 [Read our latest KeePassium review.](https://www.privacyguides.org/articles/2025/05/13/keepassium-review)

-{{< title-card >}}
+{{< title-card logo="./keepassium.svg" >}}

 **KeePassium** is a commercial, open-source password manager made by KeePassium Labs that's compatible with other KeePass applications. It provides autofill support, passkey management, automatic two-way synchronization through [most cloud storage providers](https://support.keepassium.com/kb/sync), and more.

@@ -78,7 +78,7 @@ KeePassium's iOS app has been [audited](https://cure53.de/pentest-report_keepass

 ## Gopass (CLI)

-{{< title-card >}}
+{{< title-card logo="./gopass.svg" >}}

 **Gopass** is a minimal password manager for the command line written in Go. It can be used within scripting applications and works on all major desktop and server operating systems.

@@ -19,7 +19,7 @@ aliases:

 ## PrivateBin

-{{< title-card >}}
+{{< title-card logo="./privatebin.svg" >}}

 **PrivateBin** is a minimalist, open-source, online pastebin where the server cannot decrypt and read any pasted data you submit. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.

@@ -32,7 +32,7 @@ aliases:

 ## Paaster

-{{< title-card >}}
+{{< title-card logo="./paaster.svg" >}}

 **Paaster** is a secure and user-friendly pastebin application that prioritizes privacy and simplicity. With end-to-end encryption and paste history, Paaster ensures that your pasted code remains confidential and accessible.

@@ -34,7 +34,7 @@ If more complete anonymity is paramount to your situation, you should **only** b

 ## Tor Browser

-{{< title-card >}}
+{{< title-card logo="./tor.svg" >}}

 **Tor Browser** is the top choice if you need anonymity, as it provides you with access to the Tor network and bridges, and it includes default settings and extensions that are automatically configured by the default security levels: *Standard*, *Safer* and *Safest*.

@@ -62,7 +62,7 @@ In addition to installing Tor Browser on your computer directly, there are also

 [Read our latest Onion Browser review.](https://www.privacyguides.org/articles/2024/09/18/onion-browser-review)

-{{< title-card >}}
+{{< title-card logo="./onion_browser.svg" >}}

 **Onion Browser** is an open-source browser that lets you browse the web anonymously over the Tor network on iOS devices and is endorsed by the [Tor Project](https://support.torproject.org/glossary/onion-browser).

@@ -1,3 +1,8 @@
+{{- $logo := .Get "logo" -}}
+
 <div class="pg:title-card hx:last-of-type:mb-0 hx:rounded-lg hx:p-6 hx:mt-4 hx:group">
-  {{ .InnerDeindent | $.Page.RenderString (dict "display" "block" "markup" "goldmark") }}
+  {{- with $logo -}}
+  <img loading="lazy" decoding="async" src="{{ $logo | safeURL }}" aria-hidden="true" width="100" height="100">
+  {{- end -}}
+  {{ .InnerDeindent | $.Page.RenderString (dict "display" "block") }}
 </div>