refactor: Follow Hugo leaf vs branch conventions

content/tools/os/_index.md

@@ -8,7 +8,7 @@ weight: 50
 
 <div class="pg-card-logos">
 {{< cards >}}
-  {{< card link="android/distributions/_index.md#grapheneos" title="GrapheneOS" image="android/distributions/grapheneos.svg" subtitle="GrapheneOS hardens the Android stack on supported Pixels with verified boot, firmware updates, and sandboxed Play." >}}
+  {{< card link="android/distributions/index.md#grapheneos" title="GrapheneOS" image="android/distributions/grapheneos.svg" subtitle="GrapheneOS hardens the Android stack on supported Pixels with verified boot, firmware updates, and sandboxed Play." >}}
 {{< /cards >}}
 </div>
 
@@ -16,9 +16,9 @@ weight: 50
 
 <div class="pg-card-logos">
 {{< cards >}}
-  {{< card link="android/general-apps/_index.md#shelter" title="Shelter" image="android/general-apps/shelter.svg" subtitle="Shelter uses a managed work profile to isolate or duplicate apps with optional cross-profile controls." >}}
-  {{< card link="android/general-apps/_index.md#secure-camera" title="Secure Camera" image="android/general-apps/secure_camera.svg" subtitle="Secure Camera captures media with minimal metadata and modern Android storage APIs." >}}
-  {{< card link="android/general-apps/_index.md#secure-pdf-viewer" title="Secure PDF Viewer" image="android/general-apps/secure_pdf_viewer.svg" subtitle="Secure PDF Viewer renders PDFs in a sandboxed WebView without broad file permissions." >}}
+  {{< card link="android/general-apps/index.md#shelter" title="Shelter" image="android/general-apps/shelter.svg" subtitle="Shelter uses a managed work profile to isolate or duplicate apps with optional cross-profile controls." >}}
+  {{< card link="android/general-apps/index.md#secure-camera" title="Secure Camera" image="android/general-apps/secure_camera.svg" subtitle="Secure Camera captures media with minimal metadata and modern Android storage APIs." >}}
+  {{< card link="android/general-apps/index.md#secure-pdf-viewer" title="Secure PDF Viewer" image="android/general-apps/secure_pdf_viewer.svg" subtitle="Secure PDF Viewer renders PDFs in a sandboxed WebView without broad file permissions." >}}
 {{< /cards >}}
 </div>
 
@@ -26,10 +26,10 @@ weight: 50
 
 <div class="pg-card-logos">
 {{< cards >}}
-  {{< card link="android/obtaining-apps/_index.md#obtainium" title="Obtainium" image="android/obtaining-apps/obtainium.svg" subtitle="Obtainium is an app manager which allows you to install and update apps directly from the developer’s own releases page (i.e. GitHub, GitLab, the developer’s website, etc.), rather than a centralized app store/repository." >}}
-  {{< card link="android/obtaining-apps/_index.md#grapheneos-app-store" title="GrapheneOS App Store" subtitle="GrapheneOS’s app store is available on GitHub. It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the Auditor, Camera, and PDF Viewer." >}}
-  {{< card link="android/obtaining-apps/_index.md#aurora-store" title="Aurora Store" image="android/obtaining-apps/aurora-store.webp" subtitle="Aurora Store is a Google Play Store client which does not require a Google account, Google Play Services, or microG to download apps." >}}
-  {{< card link="android/obtaining-apps/_index.md#f-droid" title="F-Droid" image="android/obtaining-apps/f-droid.svg" subtitle="We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above. F-Droid is often recommended as an alternative to Google Play, particularly within the privacy community. The option to add third-party repositories and not be confined to Google’s walled garden has led to its popularity." >}}
+  {{< card link="android/obtaining-apps/index.md#obtainium" title="Obtainium" image="android/obtaining-apps/obtainium.svg" subtitle="Obtainium is an app manager which allows you to install and update apps directly from the developer’s own releases page (i.e. GitHub, GitLab, the developer’s website, etc.), rather than a centralized app store/repository." >}}
+  {{< card link="android/obtaining-apps/index.md#grapheneos-app-store" title="GrapheneOS App Store" subtitle="GrapheneOS’s app store is available on GitHub. It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the Auditor, Camera, and PDF Viewer." >}}
+  {{< card link="android/obtaining-apps/index.md#aurora-store" title="Aurora Store" image="android/obtaining-apps/aurora-store.webp" subtitle="Aurora Store is a Google Play Store client which does not require a Google account, Google Play Services, or microG to download apps." >}}
+  {{< card link="android/obtaining-apps/index.md#f-droid" title="F-Droid" image="android/obtaining-apps/f-droid.svg" subtitle="We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above. F-Droid is often recommended as an alternative to Google Play, particularly within the privacy community. The option to add third-party repositories and not be confined to Google’s walled garden has led to its popularity." >}}
 {{< /cards >}}
 </div>
 
@@ -37,16 +37,16 @@ weight: 50
 
 <div class="pg-card-logos">
 {{< cards >}}
-  {{< card link="desktop/_index.md#fedora-linux" title="Fedora Linux" image="desktop/fedora.svg" subtitle="Fedora Linux is our recommended desktop distribution for people new to Linux. Fedora generally adopts newer technologies (e.g., Wayland and PipeWire) before other distributions. These new technologies often come with improvements in security, privacy, and usability in general." >}}
-  {{< card link="desktop/_index.md#opensuse-tumbleweed" title="openSUSE Tumbleweed" image="desktop/opensuse-tumbleweed.svg" subtitle="openSUSE Tumbleweed is a stable rolling release distribution. openSUSE Tumbleweed uses Btrfs and Snapper to ensure that snapshots can be rolled back should there be a problem." >}}
-  {{< card link="desktop/_index.md#arch-linux" title="Arch Linux" image="desktop/archlinux.svg" subtitle="Arch Linux is a lightweight, do-it-yourself (DIY) distribution, meaning that you only get what you install. For more information see their FAQ." >}}
-  {{< card link="desktop/_index.md#fedora-atomic-desktops" title="Fedora Atomic Desktops" image="desktop/fedora.svg" subtitle="Fedora Atomic Desktops are variants of Fedora which use the rpm-ostree package manager and have a strong focus on containerized workflows and Flatpak for desktop applications. All of these variants follow the same release schedule as Fedora Workstation, benefiting from the same fast updates and staying very close to upstream." >}}
-  {{< card link="desktop/_index.md#nixos" title="NixOS" image="desktop/nixos.svg" subtitle="NixOS is an independent distribution based on the Nix package manager with a focus on reproducibility and reliability." >}}
-  {{< card link="desktop/_index.md#whonix" title="Whonix" image="desktop/whonix.svg" subtitle="Whonix is based on Kicksecure, a security-focused fork of Debian. It aims to provide privacy, security, and anonymity on the internet. Whonix is best used in conjunction with Qubes OS." >}}
-  {{< card link="desktop/_index.md#tails" title="Tails" image="desktop/tails.svg" subtitle="Tails is a live operating system based on Debian that routes all communications through Tor, which can boot on on almost any computer from a DVD, USB stick, or SD card installation. It uses Tor to preserve privacy and anonymity while circumventing censorship, and it leaves no trace of itself on the computer it is used on after it is powered off." >}}
-  {{< card link="desktop/_index.md#qubes-os" title="Qubes OS" image="desktop/qubes_os.svg" subtitle="Qubes OS is an open-source operating system designed to provide strong security for desktop computing through secure virtual machines (or “qubes”). Qubes is based on Xen, the X Window System, and Linux. It can run most Linux applications and use most of the Linux drivers." >}}
-  {{< card link="desktop/_index.md#secureblue" title="Secureblue" image="desktop/secureblue.svg" subtitle="Secureblue is a security-focused operating system based on Fedora Atomic Desktops. It includes a number of security features intended to proactively defend against the exploitation of both known and unknown vulnerabilities, and ships with Trivalent, their hardened, Chromium-based web browser." >}}
-  {{< card link="desktop/_index.md#kicksecure" title="Kicksecure" image="desktop/kicksecure.svg" subtitle="Kicksecure—in oversimplified terms—is a set of scripts, configurations, and packages that substantially reduce the attack surface of Debian. It covers a lot of privacy and hardening recommendations by default. It also serves as the base OS for Whonix." >}}
+  {{< card link="desktop/index.md#fedora-linux" title="Fedora Linux" image="desktop/fedora.svg" subtitle="Fedora Linux is our recommended desktop distribution for people new to Linux. Fedora generally adopts newer technologies (e.g., Wayland and PipeWire) before other distributions. These new technologies often come with improvements in security, privacy, and usability in general." >}}
+  {{< card link="desktop/index.md#opensuse-tumbleweed" title="openSUSE Tumbleweed" image="desktop/opensuse-tumbleweed.svg" subtitle="openSUSE Tumbleweed is a stable rolling release distribution. openSUSE Tumbleweed uses Btrfs and Snapper to ensure that snapshots can be rolled back should there be a problem." >}}
+  {{< card link="desktop/index.md#arch-linux" title="Arch Linux" image="desktop/archlinux.svg" subtitle="Arch Linux is a lightweight, do-it-yourself (DIY) distribution, meaning that you only get what you install. For more information see their FAQ." >}}
+  {{< card link="desktop/index.md#fedora-atomic-desktops" title="Fedora Atomic Desktops" image="desktop/fedora.svg" subtitle="Fedora Atomic Desktops are variants of Fedora which use the rpm-ostree package manager and have a strong focus on containerized workflows and Flatpak for desktop applications. All of these variants follow the same release schedule as Fedora Workstation, benefiting from the same fast updates and staying very close to upstream." >}}
+  {{< card link="desktop/index.md#nixos" title="NixOS" image="desktop/nixos.svg" subtitle="NixOS is an independent distribution based on the Nix package manager with a focus on reproducibility and reliability." >}}
+  {{< card link="desktop/index.md#whonix" title="Whonix" image="desktop/whonix.svg" subtitle="Whonix is based on Kicksecure, a security-focused fork of Debian. It aims to provide privacy, security, and anonymity on the internet. Whonix is best used in conjunction with Qubes OS." >}}
+  {{< card link="desktop/index.md#tails" title="Tails" image="desktop/tails.svg" subtitle="Tails is a live operating system based on Debian that routes all communications through Tor, which can boot on on almost any computer from a DVD, USB stick, or SD card installation. It uses Tor to preserve privacy and anonymity while circumventing censorship, and it leaves no trace of itself on the computer it is used on after it is powered off." >}}
+  {{< card link="desktop/index.md#qubes-os" title="Qubes OS" image="desktop/qubes_os.svg" subtitle="Qubes OS is an open-source operating system designed to provide strong security for desktop computing through secure virtual machines (or “qubes”). Qubes is based on Xen, the X Window System, and Linux. It can run most Linux applications and use most of the Linux drivers." >}}
+  {{< card link="desktop/index.md#secureblue" title="Secureblue" image="desktop/secureblue.svg" subtitle="Secureblue is a security-focused operating system based on Fedora Atomic Desktops. It includes a number of security features intended to proactively defend against the exploitation of both known and unknown vulnerabilities, and ships with Trivalent, their hardened, Chromium-based web browser." >}}
+  {{< card link="desktop/index.md#kicksecure" title="Kicksecure" image="desktop/kicksecure.svg" subtitle="Kicksecure—in oversimplified terms—is a set of scripts, configurations, and packages that substantially reduce the attack surface of Debian. It covers a lot of privacy and hardening recommendations by default. It also serves as the base OS for Whonix." >}}
 {{< /cards >}}
 </div>
 
@@ -54,7 +54,7 @@ weight: 50
 
 <div class="pg-card-logos">
 {{< cards >}}
-  {{< card link="router-firmware/_index.md#openwrt" title="OpenWrt" image="router-firmware/openwrt.svg" subtitle="OpenWrt is a Linux-based operating system; it’s primarily used on embedded devices to route network traffic. It includes util-linux, uClibc, and BusyBox. All the components have been optimized for home routers." >}}
-  {{< card link="router-firmware/_index.md#opnsense" title="OPNsense" image="router-firmware/opnsense.svg" subtitle="OPNsense is an open-source, FreeBSD-based firewall and routing platform which incorporates many advanced features such as traffic shaping, load balancing, and VPN capabilities, with many more features available in the form of plugins." >}}
+  {{< card link="router-firmware/index.md#openwrt" title="OpenWrt" image="router-firmware/openwrt.svg" subtitle="OpenWrt is a Linux-based operating system; it’s primarily used on embedded devices to route network traffic. It includes util-linux, uClibc, and BusyBox. All the components have been optimized for home routers." >}}
+  {{< card link="router-firmware/index.md#opnsense" title="OPNsense" image="router-firmware/opnsense.svg" subtitle="OPNsense is an open-source, FreeBSD-based firewall and routing platform which incorporates many advanced features such as traffic shaping, load balancing, and VPN capabilities, with many more features available in the form of plugins." >}}
 {{< /cards >}}
 </div>

content/tools/os/android/_index.md

@@ -13,7 +13,7 @@ description: Our advice for replacing privacy-invasive default Android features
 
 The **Android Open Source Project** (AOSP) is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
 
-[General Android Overview](../../../wiki/os/android/_index.md)
+[General Android Overview](../../../wiki/os/android/index.md)
 { .md-button .md-button--primary }
 
 ## Our Advice
@@ -22,12 +22,12 @@ The **Android Open Source Project** (AOSP) is an open-source mobile operating sy
 
 There are many methods of obtaining apps on Android while avoiding Google Play. Whenever possible, try using one of these methods before getting your apps from non-private sources:
 
-[Obtaining Applications](./obtaining-apps/_index.md)
+[Obtaining Applications](./obtaining-apps/index.md)
 { .md-button }
 
 There are also many private alternatives to the apps that come pre-installed on your phone, such as the camera app. Besides the Android apps we recommend throughout this site in general, we've created a list of system utilities specific to Android which you might find useful.
 
-[General App Recommendations](./general-apps/_index.md)
+[General App Recommendations](./general-apps/index.md)
 { .md-button }
 
 ### Install a Custom Distribution
@@ -38,14 +38,14 @@ This problem could be solved by using an alternative Android distribution, commo
 
 Ideally, when choosing a custom Android distribution, you should make sure that it upholds the Android security model. At the very least, the distribution should have production builds, support for AVB, rollback protection, timely firmware and operating system updates, and SELinux in [enforcing mode](https://source.android.com/security/selinux/concepts#enforcement_levels). All of our recommended Android distributions satisfy these criteria:
 
-[Recommended Distributions](distributions/_index.md)
+[Recommended Distributions](distributions/index.md)
 { .md-button }
 
 ### Avoid Root
 
 [Rooting](https://en.wikipedia.org/wiki/Rooting_(Android)) Android phones can decrease security significantly as it weakens the complete [Android security model](https://en.wikipedia.org/wiki/Android_(operating_system)#Security_and_privacy). This can decrease privacy should there be an exploit that is assisted by the decreased security. Common rooting methods involve directly tampering with the boot partition, making it impossible to perform successful Verified Boot. Apps that require root will also modify the system partition, meaning that Verified Boot would have to remain disabled. Having root exposed directly in the user interface also increases the attack surface of your device and may assist in [privilege escalation](https://en.wikipedia.org/wiki/Privilege_escalation) vulnerabilities and SELinux policy bypasses.
 
-Content blockers which modify the [hosts file](https://en.wikipedia.org/wiki/Hosts_(file)) (like AdAway) and firewalls which require root access persistently (like AFWall+) are dangerous and should not be used. They are also not the correct way to solve their intended purposes. For content blocking, we suggest encrypted [DNS](../../services/dns/_index.md) or content blocking functionality provided by a VPN instead. TrackerControl and AdAway in non-root mode will take up the VPN slot (by using a local loopback VPN), preventing you from using privacy-enhancing services such as [Orbot](../../advanced/alternative-networks/_index.md#orbot) or a [real VPN provider](../../services/vpn/_index.md).
+Content blockers which modify the [hosts file](https://en.wikipedia.org/wiki/Hosts_(file)) (like AdAway) and firewalls which require root access persistently (like AFWall+) are dangerous and should not be used. They are also not the correct way to solve their intended purposes. For content blocking, we suggest encrypted [DNS](../../services/dns/index.md) or content blocking functionality provided by a VPN instead. TrackerControl and AdAway in non-root mode will take up the VPN slot (by using a local loopback VPN), preventing you from using privacy-enhancing services such as [Orbot](../../advanced/alternative-networks/index.md#orbot) or a [real VPN provider](../../services/vpn/index.md).
 
 AFWall+ works based on the [packet filtering](https://en.wikipedia.org/wiki/Firewall_(computing)#Packet_filter) approach and may be bypassable in some situations.
 

content/tools/os/android/distributions/index.md

@@ -3,8 +3,8 @@ title: Alternative Distributions
 description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
 ---
 <small>Protects against the following threat(s):</small>
-[{{< badge content="Targeted Attacks" color="red" >}}](../../../../wiki/basics/common-threats/_index.md#attacks-against-specific-individuals)
-[{{< badge content="Passive Attacks" color="amber" >}}](../../../../wiki/basics/common-threats/_index.md#security-and-privacy)
+[{{< badge content="Targeted Attacks" color="red" >}}](../../../../wiki/basics/common-threats/index.md#attacks-against-specific-individuals)
+[{{< badge content="Passive Attacks" color="amber" >}}](../../../../wiki/basics/common-threats/index.md#security-and-privacy)
 
 A **custom Android-based operating system** (sometimes referred to as a **custom ROM**) can be a way to achieve a higher level of privacy and security on your device. This is in contrast to the "stock" version of Android which comes with your phone from the factory, and is often deeply integrated with Google Play Services as well as other vendor software.
 
@@ -33,15 +33,15 @@ GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wik
 
 GrapheneOS supports [sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs Google Play Services fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as push notifications, while giving you full control over their permissions and access, and while containing them to a specific [work profile](../_index.md#work-profile) or [user profile](../_index.md#user-profiles) of your choice.
 
-[Google Pixel phones](../../../hardware/mobile-phones/_index.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). The Pixel 8 and later support ARM's Memory Tagging Extension (MTE), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. GrapheneOS greatly expands the coverage of MTE on supported devices. Whereas the stock OS only allows you to opt in to a limited implementation of MTE via a developer option or Google's Advanced Protection Program, GrapheneOS features a more robust implementation of MTE by default in the system kernel, default system components, and their Vanadium web browser and its WebView.
+[Google Pixel phones](../../../hardware/mobile-phones/index.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). The Pixel 8 and later support ARM's Memory Tagging Extension (MTE), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. GrapheneOS greatly expands the coverage of MTE on supported devices. Whereas the stock OS only allows you to opt in to a limited implementation of MTE via a developer option or Google's Advanced Protection Program, GrapheneOS features a more robust implementation of MTE by default in the system kernel, default system components, and their Vanadium web browser and its WebView.
 
 GrapheneOS also provides a global toggle for enabling MTE on all user-installed apps at :gear: **Settings** → **Security & privacy** → **Exploit protection** → **Memory tagging** → **Enable by default**. The OS also features per-app toggles to opt out of MTE for apps which may crash due to compatibility issues.
 
 ### Connectivity Checks
 
-By default, Android makes many network connections to Google to perform DNS connectivity checks, to sync with current network time, to check your network connectivity, and for many other background tasks. GrapheneOS replaces these with connections to servers operated by GrapheneOS and subject to their privacy policy. This hides information like your IP address [from Google](../../../../wiki/basics/common-threats/_index.md#privacy-from-service-providers), but means it is trivial for an admin on your network or ISP to see you are making connections to `grapheneos.network`, `grapheneos.org`, etc. and deduce what operating system you are using.
+By default, Android makes many network connections to Google to perform DNS connectivity checks, to sync with current network time, to check your network connectivity, and for many other background tasks. GrapheneOS replaces these with connections to servers operated by GrapheneOS and subject to their privacy policy. This hides information like your IP address [from Google](../../../../wiki/basics/common-threats/index.md#privacy-from-service-providers), but means it is trivial for an admin on your network or ISP to see you are making connections to `grapheneos.network`, `grapheneos.org`, etc. and deduce what operating system you are using.
 
-If you want to hide information like this from an adversary on your network or ISP, you **must** use a [trusted VPN](../../../services/vpn/_index.md) in addition to changing the connectivity check setting to **Standard (Google)**. It can be found in :gear: **Settings** → **Network & internet** → **Internet connectivity checks**. This option allows you to connect to Google's servers for connectivity checks, which, alongside the usage of a VPN, helps you blend in with a larger pool of Android devices.
+If you want to hide information like this from an adversary on your network or ISP, you **must** use a [trusted VPN](../../../services/vpn/index.md) in addition to changing the connectivity check setting to **Standard (Google)**. It can be found in :gear: **Settings** → **Network & internet** → **Internet connectivity checks**. This option allows you to connect to Google's servers for connectivity checks, which, alongside the usage of a VPN, helps you blend in with a larger pool of Android devices.
 
 ## Criteria
 

content/tools/os/android/general-apps/index.md

@@ -3,7 +3,7 @@ title: "General Apps"
 description: The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
 ---
 <small>Protects against the following threat(s):</small>
-[{{< badge content="Passive Attacks" color="amber" >}}](../../../../wiki/basics/common-threats/_index.md#security-and-privacy)
+[{{< badge content="Passive Attacks" color="amber" >}}](../../../../wiki/basics/common-threats/index.md#security-and-privacy)
 
 We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
 
@@ -37,7 +37,7 @@ Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) a
 ## Secure Camera
 
 <small>Protects against the following threat(s):</small>
-[{{< badge content="Public Exposure" color="green" >}}](../../../../wiki/basics/common-threats/_index.md#limiting-public-information)
+[{{< badge content="Public Exposure" color="green" >}}](../../../../wiki/basics/common-threats/index.md#limiting-public-information)
 
 **Secure Camera** is a camera app focused on privacy and security which can capture images, videos, and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
 
@@ -59,13 +59,13 @@ Main privacy features include:
 > [!NOTE]
 > Metadata is not currently deleted from video files, but that is planned.
 > 
-> The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../../../software/data-redaction/_index.md#exiferaser-android).
+> The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../../../software/data-redaction/index.md#exiferaser-android).
 
 
 ## Secure PDF Viewer
 
 <small>Protects against the following threat(s):</small>
-[{{< badge content="Targeted Attacks" color="red" >}}](../../../../wiki/basics/common-threats/_index.md#attacks-against-specific-individuals)
+[{{< badge content="Targeted Attacks" color="red" >}}](../../../../wiki/basics/common-threats/index.md#attacks-against-specific-individuals)
 
 **Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_(software_development)) [WebView](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
 

content/tools/os/android/obtaining-apps/index.md

@@ -28,7 +28,7 @@ Obtainium allows you to download APK installer files from a wide variety of sour
 
 ## GrapheneOS App Store
 
-GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](../../../advanced/device-integrity/_index.md#auditor-android), [Camera](../general-apps/_index.md#secure-camera), and [PDF Viewer](../general-apps/_index.md#secure-pdf-viewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
+GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](../../../advanced/device-integrity/index.md#auditor-android), [Camera](../general-apps/index.md#secure-camera), and [PDF Viewer](../general-apps/index.md#secure-pdf-viewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
 
 ## Aurora Store
 
@@ -47,13 +47,13 @@ Aurora Store does not allow you to download paid apps with their anonymous accou
 
 ## Manually with RSS Notifications
 
-For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](../../../software/news-aggregators/_index.md) that will help you keep track of new releases.
+For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](../../../software/news-aggregators/index.md) that will help you keep track of new releases.
 
 ![RSS APK](./rss-apk-light.png#only-light) ![RSS APK](./rss-apk-dark.png#only-dark) ![APK Changes](./rss-changes-light.png#only-light) ![APK Changes](./rss-changes-dark.png#only-dark)
 
 ### GitHub
 
-On GitHub, using [Secure Camera](../general-apps/_index.md#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
+On GitHub, using [Secure Camera](../general-apps/index.md#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
 
 `https://github.com/GrapheneOS/Camera/releases.atom`
 
@@ -107,4 +107,4 @@ Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https:/
 The [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be useful places to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgment when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
 
 > [!NOTE]
-> In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](../../../software/health-and-wellness/_index.md#gadgetbridge) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
+> In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](../../../software/health-and-wellness/index.md#gadgetbridge) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).

content/tools/os/desktop/index.md

@@ -3,11 +3,11 @@ title: "Desktop/PC"
 description: Linux distributions are commonly recommended for privacy protection and software freedom.
 ---
 <small>Protects against the following threat(s):</small>
-[{{< badge content="Surveillance Capitalism" color="purple" >}}](../../../wiki/basics/common-threats/_index.md#surveillance-as-a-business-model)
+[{{< badge content="Surveillance Capitalism" color="purple" >}}](../../../wiki/basics/common-threats/index.md#surveillance-as-a-business-model)
 
 Linux distributions are commonly recommended for privacy protection and software freedom. If you don't already use Linux, below are some distributions we suggest trying out, as well as some general privacy and security improvement tips that are applicable to many Linux distributions.
 
-- [General Linux Overview](../../../wiki/os/linux/_index.md)
+- [General Linux Overview](../../../wiki/os/linux/index.md)
 
 <div class="pg-card-logos">
 {{< cards >}}
@@ -63,13 +63,13 @@ Tumbleweed follows a rolling release model where each update is released as a sn
 
 Arch Linux has a rolling release cycle. There is no fixed release schedule and packages are updated very frequently.
 
-Being a DIY distribution, you are [expected to set up and maintain](../../../wiki/os/linux/_index.md#arch-based-distributions) your system on your own. Arch has an [official installer](https://wiki.archlinux.org/title/Archinstall) to make the installation process a little easier.
+Being a DIY distribution, you are [expected to set up and maintain](../../../wiki/os/linux/index.md#arch-based-distributions) your system on your own. Arch has an [official installer](https://wiki.archlinux.org/title/Archinstall) to make the installation process a little easier.
 
 A large portion of [Arch Linux’s packages](https://reproducible.archlinux.org) are [reproducible](https://reproducible-builds.org)[^1].
 
 ## Atomic Distributions
 
-**Atomic distributions** (sometimes also referred to as **immutable distributions**) are operating systems which handle package installation and updates by layering changes atop your core system image, rather than by directly modifying the system. Advantages of atomic distros include increased stability and the ability to easily roll back updates. See [*Traditional vs. Atomic Updates*](../../../wiki/os/linux/_index.md#traditional-vs-atomic-updates) for more info.
+**Atomic distributions** (sometimes also referred to as **immutable distributions**) are operating systems which handle package installation and updates by layering changes atop your core system image, rather than by directly modifying the system. Advantages of atomic distros include increased stability and the ability to easily roll back updates. See [*Traditional vs. Atomic Updates*](../../../wiki/os/linux/index.md#traditional-vs-atomic-updates) for more info.
 
 ### Fedora Atomic Desktops
 
@@ -113,7 +113,7 @@ Nix is a source-based package manager; if there’s no pre-built available in th
 
 ### Whonix
 
-**Whonix** is based on [Kicksecure](#kicksecure), a security-focused fork of Debian. It aims to provide privacy, security, and [anonymity](../../../wiki/basics/common-threats/_index.md#anonymity-vs-privacy) on the internet. Whonix is best used in conjunction with [Qubes OS](#qubes-os).
+**Whonix** is based on [Kicksecure](#kicksecure), a security-focused fork of Debian. It aims to provide privacy, security, and [anonymity](../../../wiki/basics/common-threats/index.md#anonymity-vs-privacy) on the internet. Whonix is best used in conjunction with [Qubes OS](#qubes-os).
 
 {{< cards >}}
   {{< card link="https://whonix.org" title="Homepage" icon="home" >}}
@@ -124,11 +124,11 @@ Whonix is meant to run as two virtual machines: a “Workstation” and a Tor
 
 Some of its features include Tor Stream Isolation, [keystroke anonymization](https://whonix.org/wiki/Keystroke_Deanonymization#Kloak), [encrypted swap](https://github.com/Whonix/swap-file-creator), and a hardened memory allocator. Future versions of Whonix will likely include [full system AppArmor policies](https://github.com/roddhjav/apparmor.d) and a [sandboxed app launcher](https://whonix.org/wiki/Sandbox-app-launcher) to fully confine all processes on the system.
 
-Whonix is best used [in conjunction with Qubes](https://whonix.org/wiki/Qubes/Why_use_Qubes_over_other_Virtualizers). We have a [recommended guide](../../../wiki/os/qubes/_index.md#connecting-to-tor-via-a-vpn) on configuring Whonix in conjunction with a VPN ProxyVM in Qubes to hide your Tor activities from your ISP.
+Whonix is best used [in conjunction with Qubes](https://whonix.org/wiki/Qubes/Why_use_Qubes_over_other_Virtualizers). We have a [recommended guide](../../../wiki/os/qubes/index.md#connecting-to-tor-via-a-vpn) on configuring Whonix in conjunction with a VPN ProxyVM in Qubes to hide your Tor activities from your ISP.
 
 ### Tails
 
-**Tails** is a live operating system based on Debian that routes all communications through Tor, which can boot on on almost any computer from a DVD, USB stick, or SD card installation. It uses [Tor](../../software/tor/_index.md) to preserve privacy and [anonymity](../../../wiki/basics/common-threats/_index.md#anonymity-vs-privacy) while circumventing censorship, and it leaves no trace of itself on the computer it is used on after it is powered off.
+**Tails** is a live operating system based on Debian that routes all communications through Tor, which can boot on on almost any computer from a DVD, USB stick, or SD card installation. It uses [Tor](../../software/tor/index.md) to preserve privacy and [anonymity](../../../wiki/basics/common-threats/index.md#anonymity-vs-privacy) while circumventing censorship, and it leaves no trace of itself on the computer it is used on after it is powered off.
 
 {{< cards >}}
   {{< card link="https://tails.net" title="Homepage" icon="home" >}}
@@ -141,14 +141,14 @@ Whonix is best used [in conjunction with Qubes](https://whonix.org/wiki/Qubes/Wh
 
 Tails is great for counter forensics due to amnesia (meaning nothing is written to the disk); however, it is not a hardened distribution like Whonix. It lacks many anonymity and security features that Whonix has and gets updated much less often (only once every six weeks). A Tails system that is compromised by malware may potentially bypass the transparent proxy, allowing for the user to be deanonymized.
 
-Tails includes [uBlock Origin](../../software/browser-extensions/_index.md#ublock-origin) in Tor Browser by default, which may potentially make it easier for adversaries to fingerprint Tails users. [Whonix](#whonix) virtual machines may be more leak-proof, however they are not amnesic, meaning data may be recovered from your storage device.
+Tails includes [uBlock Origin](../../software/browser-extensions/index.md#ublock-origin) in Tor Browser by default, which may potentially make it easier for adversaries to fingerprint Tails users. [Whonix](#whonix) virtual machines may be more leak-proof, however they are not amnesic, meaning data may be recovered from your storage device.
 
 By design, Tails is meant to completely reset itself after each reboot. Encrypted [persistent storage](https://tails.net/doc/persistent_storage/index.en.html) can be configured to store some data between reboots.
 
 ## Security-focused Distributions
 
 <small>Protects against the following threat(s):</small>
-[{{< badge content="Passive Attacks" color="amber" >}}](../../../wiki/basics/common-threats/_index.md#security-and-privacy)
+[{{< badge content="Passive Attacks" color="amber" >}}](../../../wiki/basics/common-threats/index.md#security-and-privacy)
 
 ### Qubes OS
 
@@ -159,9 +159,9 @@ By design, Tails is meant to completely reset itself after each reboot. Encrypte
   {{< card link="https://qubes-os.org/privacy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}
 
-Qubes OS secures the computer by isolating subsystems (e.g., networking, USB, etc.) and applications in separate *qubes*. Should one part of the system be compromised via an exploit in a [targeted attack](../../../wiki/basics/common-threats/_index.md#attacks-against-specific-individuals), the extra isolation is likely to protect the rest of the *qubes* and the core system.
+Qubes OS secures the computer by isolating subsystems (e.g., networking, USB, etc.) and applications in separate *qubes*. Should one part of the system be compromised via an exploit in a [targeted attack](../../../wiki/basics/common-threats/index.md#attacks-against-specific-individuals), the extra isolation is likely to protect the rest of the *qubes* and the core system.
 
-For further information about how Qubes works, read our full [Qubes OS overview](../../../wiki/os/qubes/_index.md) page.
+For further information about how Qubes works, read our full [Qubes OS overview](../../../wiki/os/qubes/index.md) page.
 
 ### Secureblue
 
@@ -172,13 +172,13 @@ For further information about how Qubes works, read our full [Qubes OS overview]
   {{< card link="https://secureblue.dev/install" title="Documentation" icon="document-text" >}}
 {{< /cards >}}
 
-**Trivalent** is Secureblue's hardened Chromium for desktop Linux inspired by [GrapheneOS](../android/distributions.md#grapheneos)'s Vanadium browser.
+**Trivalent** is Secureblue's hardened Chromium for desktop Linux inspired by [GrapheneOS](../android/distributions/index.md#grapheneos)'s Vanadium browser.
 
 Secureblue also provides GrapheneOS's [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc) and enables it globally (including for Flatpaks).
 
 ### Kicksecure
 
-While we [recommend against](../../../wiki/os/linux/_index.md#release-cycle) "perpetually outdated" distributions like Debian for desktop use in most cases, Kicksecure is a Debian-based operating system which has been hardened to be much more than a typical Linux install.
+While we [recommend against](../../../wiki/os/linux/index.md#release-cycle) "perpetually outdated" distributions like Debian for desktop use in most cases, Kicksecure is a Debian-based operating system which has been hardened to be much more than a typical Linux install.
 
 **Kicksecure**—in oversimplified terms—is a set of scripts, configurations, and packages that substantially reduce the attack surface of Debian. It covers a lot of privacy and hardening recommendations by default. It also serves as the base OS for [Whonix](#whonix).
 
@@ -189,7 +189,7 @@ While we [recommend against](../../../wiki/os/linux/_index.md#release-cycle) "pe
 
 ## Criteria
 
-Choosing a Linux distro that is right for you will come down to a huge variety of personal preferences, and this page is **not** meant to be an exhaustive list of every viable distribution. Our Linux overview page has some advice on [choosing a distro](../../../wiki/os/linux/_index.md#choosing-your-distribution) in more detail. The distros on *this* page do all generally follow the guidelines we covered there, and all meet these standards:
+Choosing a Linux distro that is right for you will come down to a huge variety of personal preferences, and this page is **not** meant to be an exhaustive list of every viable distribution. Our Linux overview page has some advice on [choosing a distro](../../../wiki/os/linux/index.md#choosing-your-distribution) in more detail. The distros on *this* page do all generally follow the guidelines we covered there, and all meet these standards:
 
 - Free and open source.
 - Receives regular software and kernel updates.
@@ -197,11 +197,11 @@ Choosing a Linux distro that is right for you will come down to a huge variety o
     - The notable exception here is Qubes, but the [isolation issues](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation) which X11 typically has are avoided by virtualization. This isolation only applies to apps *running in different qubes* (virtual machines); apps running in the *same* qube are not protected from each other.
 - Supports full-disk encryption during installation.
 - Doesn't freeze regular releases for more than 1 year.
-    - We [recommend against](../../../wiki/os/linux/_index.md#release-cycle) "Long Term Support" or "stable" distro releases for desktop usage.
+    - We [recommend against](../../../wiki/os/linux/index.md#release-cycle) "Long Term Support" or "stable" distro releases for desktop usage.
 - Supports a wide variety of hardware.
 - Preference towards larger projects.
     - Maintaining an operating system is a major challenge, and smaller projects have a tendency to make more avoidable mistakes, or delay critical updates (or worse, disappear entirely). We lean towards projects which will likely be around 10 years from now (whether that's due to corporate backing or very significant community support), and away from projects which are hand-built or have a small number of maintainers.
 
 In addition, [our standard criteria](../../../about/criteria.md) for recommended projects still applies. **Please note we are not affiliated with any of the projects we recommend.**
 
-[^1]: Reproducibility entails the ability to verify that packages and binaries made available to the end user match the source code, which can be useful against potential [:material-package-variant-closed-remove: Supply Chain Attacks](../../../wiki/basics/common-threats/_index.md#attacks-against-certain-organizations){ .pg-viridian }.
+[^1]: Reproducibility entails the ability to verify that packages and binaries made available to the end user match the source code, which can be useful against potential [:material-package-variant-closed-remove: Supply Chain Attacks](../../../wiki/basics/common-threats/index.md#attacks-against-certain-organizations){ .pg-viridian }.

content/tools/os/router-firmware/index.md

@@ -3,8 +3,8 @@ title: "Router Firmware"
 description: Alternative operating systems for securing your router or Wi-Fi access point.
 ---
 <small>Protects against the following threat(s):</small>
-[{{< badge content="Surveillance Capitalism" color="purple" >}}](../../../wiki/basics/common-threats/_index.md#surveillance-as-a-business-model)
-[{{< badge content="Passive Attacks" color="amber" >}}](../../../wiki/basics/common-threats/_index.md#security-and-privacy)
+[{{< badge content="Surveillance Capitalism" color="purple" >}}](../../../wiki/basics/common-threats/index.md#surveillance-as-a-business-model)
+[{{< badge content="Passive Attacks" color="amber" >}}](../../../wiki/basics/common-threats/index.md#security-and-privacy)
 
 Below are a few alternative operating systems that can be used on routers, Wi-Fi access points, etc.