refactor: Follow Hugo leaf vs branch conventions

2026-06-01 16:09:23 +00:00 · 2026-05-13 01:14:25 -05:00
parent 757a274ac3
commit 88f1894219
99 changed files with 552 additions and 552 deletions
@@ -11,7 +11,7 @@ Welcome to our **Privacy Wiki**!

 Here, the Privacy Guides community is building *the* comprehensive resource for understanding digital privacy, the threats we face, and the tools we can use to protect ourselves. This wiki is a living document, and we encourage you to contribute if you have something to add.

-This is a selection of featured pages, but you can browse the sidebar for more topics, or use the search bar to find something specific. If you're looking for somewhere to start, start [here](basics/why-privacy-matters/_index.md) to learn about why privacy is important, and then check out our [threat modeling guide](basics/threat-modeling/_index.md) to learn how to make informed decisions about the software and services you use.
+This is a selection of featured pages, but you can browse the sidebar for more topics, or use the search bar to find something specific. If you're looking for somewhere to start, start [here](basics/why-privacy-matters/index.md) to learn about why privacy is important, and then check out our [threat modeling guide](basics/threat-modeling/index.md) to learn how to make informed decisions about the software and services you use.

 ## Getting Started

@@ -4,9 +4,9 @@ weight: 40
 description: An overview of several network architectures commonly used by instant messaging applications.
 ---

-There are several network architectures commonly used to relay messages between people. These networks can provide different privacy guarantees, which is why it's worth considering your [threat model](../../basics/threat-modeling/_index.md) when deciding which app to use.
+There are several network architectures commonly used to relay messages between people. These networks can provide different privacy guarantees, which is why it's worth considering your [threat model](../../basics/threat-modeling/index.md) when deciding which app to use.

- [Recommended Instant Messengers](../../../tools/services/messengers/_index.md)
+- [Recommended Instant Messengers](../../../tools/services/messengers/index.md)
 - [Video: It's time to stop using SMS](https://www.privacyguides.org/videos/2025/01/24/its-time-to-stop-using-sms-heres-why)

 ## Centralized Networks
@@ -78,7 +78,7 @@ P2P networks do not use servers, as peers communicate directly between each othe
 - Messages can only be sent when both peers are online, however, your client may store messages locally to wait for the contact to return online.
 - Generally increases battery usage on mobile devices, because the client must stay connected to the distributed network to learn about who is online.
 - Some common messenger features may not be implemented or incompletely, such as message deletion.
- Your IP address and that of the contacts you're communicating with may be exposed if you do not use the software in conjunction with a [VPN](../../../tools/services/vpn/_index.md) or [Tor](../../../tools/software/tor/_index.md). Many countries have some form of mass surveillance and/or metadata retention.
+- Your IP address and that of the contacts you're communicating with may be exposed if you do not use the software in conjunction with a [VPN](../../../tools/services/vpn/index.md) or [Tor](../../../tools/software/tor/index.md). Many countries have some form of mass surveillance and/or metadata retention.

 ## Anonymous Routing

@@ -86,7 +86,7 @@ P2P networks do not use servers, as peers communicate directly between each othe

 A messenger using [anonymous routing](https://doi.org/10.1007/978-1-4419-5906-5_628) hides either the identity of the sender, the receiver, or evidence that they have been communicating. Ideally, a messenger should hide all three.

-There are [many](https://doi.org/10.1145/3182658) ways to implement anonymous routing. One of the most famous is [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (i.e. [Tor](../tor-overview/_index.md)), which communicates encrypted messages through a virtual [overlay network](https://en.wikipedia.org/wiki/Overlay_network) that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly and only meet through a secret rendezvous node so that there is no leak of IP addresses nor physical location. Nodes cannot decrypt messages, nor the final destination; only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers."
+There are [many](https://doi.org/10.1145/3182658) ways to implement anonymous routing. One of the most famous is [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (i.e. [Tor](../tor-overview/index.md)), which communicates encrypted messages through a virtual [overlay network](https://en.wikipedia.org/wiki/Overlay_network) that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly and only meet through a secret rendezvous node so that there is no leak of IP addresses nor physical location. Nodes cannot decrypt messages, nor the final destination; only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers."

 Self-hosting a node in an anonymous routing network does not provide the host with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.

@@ -83,7 +83,7 @@ Encrypted DNS can refer to one of a number of protocols, the most common ones be

 [**DNS over HTTPS**](https://en.wikipedia.org/wiki/DNS_over_HTTPS), as defined in [RFC 8484](https://datatracker.ietf.org/doc/html/rfc8484), packages queries in the [HTTP/2](https://en.wikipedia.org/wiki/HTTP/2) protocol and provides security with HTTPS. Support was first added in web browsers such as Firefox 60 and Chrome 83.

-Native implementation of DoH showed up in iOS 14, macOS 11, Microsoft Windows, and Android 13 (however, it won't be enabled [by default](https://android-review.googlesource.com/c/platform/packages/modules/DnsResolver/+/1833144)). General Linux desktop support is waiting on the systemd [implementation](https://github.com/systemd/systemd/issues/8639) so [installing third-party software is still required](../../../tools/services/dns/_index.md#encrypted-dns-proxies).
+Native implementation of DoH showed up in iOS 14, macOS 11, Microsoft Windows, and Android 13 (however, it won't be enabled [by default](https://android-review.googlesource.com/c/platform/packages/modules/DnsResolver/+/1833144)). General Linux desktop support is waiting on the systemd [implementation](https://github.com/systemd/systemd/issues/8639) so [installing third-party software is still required](../../../tools/services/dns/index.md#encrypted-dns-proxies).

 ### Native Operating System Support

@@ -101,7 +101,7 @@ Apple does not provide a native interface for creating encrypted DNS profiles. [

 #### Linux

-`systemd-resolved`, which many Linux distributions use to do their DNS lookups, doesn't yet [support DoH](https://github.com/systemd/systemd/issues/8639). If you want to use DoH, you'll need to install a proxy like [dnscrypt-proxy](../../../tools/services/dns/_index.md#dnscrypt-proxy) and [configure it](https://wiki.archlinux.org/title/Dnscrypt-proxy) to take all the DNS queries from your system resolver and forward them over HTTPS.
+`systemd-resolved`, which many Linux distributions use to do their DNS lookups, doesn't yet [support DoH](https://github.com/systemd/systemd/issues/8639). If you want to use DoH, you'll need to install a proxy like [dnscrypt-proxy](../../../tools/services/dns/index.md#dnscrypt-proxy) and [configure it](https://wiki.archlinux.org/title/Dnscrypt-proxy) to take all the DNS queries from your system resolver and forward them over HTTPS.

 ## What can an outside party see?

@@ -131,7 +131,7 @@ We can see the [connection establishment](https://en.wikipedia.org/wiki/Transmis

 ## Why **shouldn't** I use encrypted DNS?

-In locations where there is internet filtering (or censorship), visiting forbidden resources may have its own consequences which you should consider in your [threat model](../../basics/threat-modeling/_index.md). We do **not** suggest the use of encrypted DNS for this purpose. Use [Tor](../tor-overview/_index.md) or a [VPN](../../../tools/services/vpn/_index.md) instead. If you're using a VPN, you should use your VPN's DNS servers. When using a VPN, you are already trusting them with all your network activity.
+In locations where there is internet filtering (or censorship), visiting forbidden resources may have its own consequences which you should consider in your [threat model](../../basics/threat-modeling/index.md). We do **not** suggest the use of encrypted DNS for this purpose. Use [Tor](../tor-overview/index.md) or a [VPN](../../../tools/services/vpn/index.md) instead. If you're using a VPN, you should use your VPN's DNS servers. When using a VPN, you are already trusting them with all your network activity.

 When we do a DNS lookup, it's generally because we want to access a resource. Below, we will discuss some of the methods that may disclose your browsing activities even when using encrypted DNS:

@@ -299,7 +299,7 @@ graph TB

 Encrypted DNS with a third party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences, or you're interested in a provider that does some rudimentary filtering.

-[List of recommended DNS servers](../../../tools/services/dns/_index.md){ .md-button }
+[List of recommended DNS servers](../../../tools/services/dns/index.md){ .md-button }

 ## What is DNSSEC?

@@ -27,17 +27,17 @@ Cash remains the best option for in-person purchases for most people. Gift cards

 ### Online Marketplaces

-If you have [cryptocurrency](../../../tools/software/cryptocurrency/_index.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer high limits (with ID verification), but they usually allow basic, low-limit accounts with just an email address. Expect limits under $10,000 for basic accounts and significantly higher limits for ID verified accounts (if offered).
+If you have [cryptocurrency](../../../tools/software/cryptocurrency/index.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer high limits (with ID verification), but they usually allow basic, low-limit accounts with just an email address. Expect limits under $10,000 for basic accounts and significantly higher limits for ID verified accounts (if offered).

 When buying gift cards online, there is usually a slight discount. Prepaid cards are usually sold online at face value or with a fee. If you buy prepaid cards and gift cards with cryptocurrencies, you should strongly prefer to pay with Monero which provides strong privacy (more on this below). Paying for a gift card with a traceable payment method negates the benefits a gift card can provide when purchased with cash or Monero.

- [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../../../tools/services/financial-services/_index.md#gift-card-marketplaces)
+- [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../../../tools/services/financial-services/index.md#gift-card-marketplaces)

 ## Virtual Cards

 Another way to protect your information from merchants online is to use virtual, single-use cards which mask your actual banking or billing information. This is primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft. They do **not** assist you in making a purchase completely anonymously, nor do they hide any information from the banking institution themselves. Regular financial institutions which offer virtual cards are subject to "Know Your Customer" (KYC) laws, meaning they may require your ID or other identifying information.

- [Recommended Payment Masking Services :material-arrow-right-drop-circle:](../../../tools/services/financial-services/_index.md#payment-masking-services)
+- [Recommended Payment Masking Services :material-arrow-right-drop-circle:](../../../tools/services/financial-services/index.md#payment-masking-services)

 These tend to be good options for recurring/subscription payments online, while prepaid gift cards are preferred for one-time transactions.

@@ -59,7 +59,7 @@ Additionally, many if not most cryptocurrencies are scams. Make transactions car

 There are a number of cryptocurrency projects which purport to provide privacy by making transactions anonymous. We recommend using one which provides transaction anonymity **by default** to avoid operational errors.

- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../../../tools/software/cryptocurrency/_index.md#monero)
+- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../../../tools/software/cryptocurrency/index.md#monero)

 Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can trace (at least to some extent) Bitcoin Lightning Network and/or Monero transactions. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million to further develop tools to do so. Due to the secrecy surrounding tools like these, <mark>none of these methods of tracing cryptocurrencies have been independently confirmed.</mark> However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins in their current form only succeed in thwarting mass surveillance.

@@ -77,9 +77,9 @@ With cryptocurrency there are two forms of wallets: custodial wallets and self-c

 ### Acquisition

-Acquiring [cryptocurrencies](../../../tools/software/cryptocurrency/_index.md) like Monero privately can be difficult. P2P marketplaces (platforms which facilitate trades between people) are one option, though the user experience typically suffers. If using an exchange which requires KYC is acceptable for you as long as subsequent transactions can't be traced, it's much easier to purchase Monero on a centralized exchange or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own self-custody wallet to use privately from that point forward.
+Acquiring [cryptocurrencies](../../../tools/software/cryptocurrency/index.md) like Monero privately can be difficult. P2P marketplaces (platforms which facilitate trades between people) are one option, though the user experience typically suffers. If using an exchange which requires KYC is acceptable for you as long as subsequent transactions can't be traced, it's much easier to purchase Monero on a centralized exchange or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own self-custody wallet to use privately from that point forward.

-[Recommended places to buy Monero](../../../tools/software/cryptocurrency/_index.md#buying-monero){ .md-button }
+[Recommended places to buy Monero](../../../tools/software/cryptocurrency/index.md#buying-monero){ .md-button }

 If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall.

@@ -87,7 +87,7 @@ If you go this route, make sure to purchase Monero at different times and in dif

 When you're making a payment in person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself.

-When purchasing online, ideally you should do so over [Tor](../tor-overview/_index.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../../../tools/services/vpn/_index.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address.
+When purchasing online, ideally you should do so over [Tor](../tor-overview/index.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../../../tools/services/vpn/index.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address.

 <!-- TODO: Admonition -->
 <div class="admonition tip" markdown>
@@ -6,7 +6,7 @@ description: Tor is a free to use, decentralized network designed for using the

 ![Tor logo](tor.svg)

-[**Tor**](../../../tools/advanced/alternative-networks/_index.md#tor) is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications. Because Tor traffic is difficult to block and trace, Tor is an effective censorship circumvention tool.
+[**Tor**](../../../tools/advanced/alternative-networks/index.md#tor) is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications. Because Tor traffic is difficult to block and trace, Tor is an effective censorship circumvention tool.

 [:material-movie-open-play-outline: Video: Why You Need Tor](https://www.privacyguides.org/videos/2025/03/02/why-you-need-tor)

@@ -22,20 +22,20 @@ Tor works by routing your internet traffic through volunteer-operated servers in

 Before connecting to Tor, you should carefully consider what you're looking to accomplish by using Tor in the first place, and who you're trying to hide your network activity from.

-If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [destigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../../../tools/software/tor/_index.md) without worry.
+If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [destigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../../../tools/software/tor/index.md) without worry.

 If you have the ability to access a trusted VPN provider and **any** of the following are true, you almost certainly should connect to Tor through a VPN:

- You already use a [trusted VPN provider](../../../tools/services/vpn/_index.md)
+- You already use a [trusted VPN provider](../../../tools/services/vpn/index.md)
 - Your threat model includes an adversary which is capable of extracting information from your ISP
 - Your threat model includes your ISP itself as an adversary
 - Your threat model includes local network administrators before your ISP as an adversary

-Because we already [generally recommend](../../basics/vpn-overview/_index.md) that the vast majority of people use a trusted VPN provider for a variety of reasons, the following recommendation about connecting to Tor via a VPN likely applies to you. <mark>There is no need to disable your VPN before connecting to Tor</mark>, as some online resources would lead you to believe.
+Because we already [generally recommend](../../basics/vpn-overview/index.md) that the vast majority of people use a trusted VPN provider for a variety of reasons, the following recommendation about connecting to Tor via a VPN likely applies to you. <mark>There is no need to disable your VPN before connecting to Tor</mark>, as some online resources would lead you to believe.

 Connecting directly to Tor will make your connection stand out to any local network administrators or your ISP. Detecting and correlating this traffic [has been done](https://edition.cnn.com/2013/12/17/justice/massachusetts-harvard-hoax) in the past by network administrators to identify and deanonymize specific Tor users on their network. On the other hand, connecting to a VPN is almost always less suspicious, because commercial VPN providers are used by everyday consumers for a variety of mundane tasks like bypassing geo-restrictions, even in countries with heavy internet restrictions.

-Therefore, you should make an effort to hide your IP address **before** connecting to the Tor network. You can do this by simply connecting to a VPN (through a client installed on your computer) and then accessing [Tor](../../../tools/software/tor/_index.md) as normal (e.g., through Tor Browser). This creates a connection chain like so:
+Therefore, you should make an effort to hide your IP address **before** connecting to the Tor network. You can do this by simply connecting to a VPN (through a client installed on your computer) and then accessing [Tor](../../../tools/software/tor/index.md) as normal (e.g., through Tor Browser). This creates a connection chain like so:

 - [x] You → VPN → Tor → Internet

@@ -100,13 +100,13 @@ Additionally, Tor Browser is based on Firefox's Extended Support Release builds,
 1. Look for new Critical/High vulnerabilities in Firefox nightly or beta builds, then check if they are exploitable in Tor Browser (this vulnerability period can last weeks).
 2. Chain *multiple* Medium/Low vulnerabilities together until they get the level of access they're looking for (this vulnerability period can last months or longer).

-Those at risk of browser vulnerabilities should consider additional protections to defend against Tor Browser exploits, such as using Whonix in [Qubes](../../os/qubes/_index.md) to contain your Tor browsing in a secure virtual machine and protect against leaks.
+Those at risk of browser vulnerabilities should consider additional protections to defend against Tor Browser exploits, such as using Whonix in [Qubes](../../os/qubes/index.md) to contain your Tor browsing in a secure virtual machine and protect against leaks.

 ## Path Building to Clearnet Services

 "Clearnet services" are websites which you can access with any browser, like [privacyguides.org](https://www.privacyguides.org). Tor lets you connect to these websites anonymously by routing your traffic through a network comprised of thousands of volunteer-run servers called nodes (or relays).

-Every time you [connect to Tor](../../../tools/software/tor/_index.md), it will choose three nodes to build a path to the internet—this path is called a "circuit."
+Every time you [connect to Tor](../../../tools/software/tor/index.md), it will choose three nodes to build a path to the internet—this path is called a "circuit."

 <figure markdown>
  ![Tor path showing your device connecting to an entry node, middle node, and exit node before reaching the destination website](tor-path.svg#only-light)
@@ -184,7 +184,7 @@ Though Tor does provide strong privacy guarantees, one must be aware that Tor is

 If you wish to use Tor for browsing the web, we only recommend the **official** Tor Browser—it is designed to prevent fingerprinting.

- [Tor Browser :material-arrow-right-drop-circle:](../../../tools/software/tor/_index.md#tor-browser)
+- [Tor Browser :material-arrow-right-drop-circle:](../../../tools/software/tor/index.md#tor-browser)

 ### Protections provided by bridges

@@ -9,7 +9,7 @@ Often people sign up for services without thinking. Maybe it's a streaming servi

 There are risks associated with every new service that you use. Data breaches; disclosure of customer information to third parties; rogue employees accessing data; all are possibilities that must be considered when giving your information out. You need to be confident that you can trust the service, which is why we don't recommend storing valuable data on anything but the most mature and battle-tested products. That usually means services which provide E2EE and have undergone a cryptographic audit. An audit increases assurance that the product was designed without glaring security issues caused by an inexperienced developer.

-It can also be difficult to delete the accounts on some services. Sometimes [overwriting data](../account-deletion/_index.md#overwriting-account-information) associated with an account can be possible, but in other cases the service will keep an entire history of changes to the account.
+It can also be difficult to delete the accounts on some services. Sometimes [overwriting data](../account-deletion/index.md#overwriting-account-information) associated with an account can be possible, but in other cases the service will keep an entire history of changes to the account.

 ## Terms of Service & Privacy Policy

@@ -27,15 +27,15 @@ There are usually multiple ways to sign up for an account, each with their own b

 ### Email and password

-The most common way to create a new account is by an email address and password. When using this method, you should use a password manager and follow [best practices](../passwords-overview/_index.md) regarding passwords.
+The most common way to create a new account is by an email address and password. When using this method, you should use a password manager and follow [best practices](../passwords-overview/index.md) regarding passwords.

 > [!TIP]
 > You can use your password manager to organize other authentication methods too! Just add the new entry and fill the appropriate fields, you can add notes for things like security questions or a backup key.


-You will be responsible for managing your login credentials. For added security, you can set up [MFA](../multi-factor-authentication/_index.md) on your accounts.
+You will be responsible for managing your login credentials. For added security, you can set up [MFA](../multi-factor-authentication/index.md) on your accounts.

-[Recommended password managers](../../../tools/software/passwords/_index.md){ .md-button }
+[Recommended password managers](../../../tools/software/passwords/index.md){ .md-button }

 #### Email aliases

@@ -43,7 +43,7 @@ If you don't want to give your real email address to a service, you have the opt

 Should a service get hacked, you might start receiving phishing or spam emails to the address you used to sign up. Using unique aliases for each service can assist in identifying exactly what service was hacked.

-[Recommended email aliasing services](../../../tools/services/email-aliasing/_index.md){ .md-button }
+[Recommended email aliasing services](../../../tools/services/email-aliasing/index.md){ .md-button }

 ### "Sign in with..." (OAuth)

@@ -61,7 +61,7 @@ But there are disadvantages:
 - **Privacy**: The OAuth provider you log in with will know the services you use.
 - **Centralization**: If the account you use for OAuth is compromised, or you aren't able to log in to it, all other accounts connected to it are affected.

-OAuth can be especially useful in those situations where you could benefit from deeper integration between services. Our recommendation is to limit using OAuth to only where you need it, and always protect the main account with [MFA](../multi-factor-authentication/_index.md).
+OAuth can be especially useful in those situations where you could benefit from deeper integration between services. Our recommendation is to limit using OAuth to only where you need it, and always protect the main account with [MFA](../multi-factor-authentication/index.md).

 All the services that use OAuth will be as secure as your underlying OAuth provider's account. For example, if you want to secure an account with a hardware key, but that service doesn't support hardware keys, you can secure the account you use with OAuth with a hardware key instead, and now you essentially have hardware MFA on all your accounts. It is worth noting though that weak authentication on your OAuth provider account means that any account tied to that login will also be weak.

@@ -43,13 +43,13 @@ Residents of the EEA have additional rights regarding data erasure specified in

 In some situations where you plan to abandon an account, it may make sense to overwrite the account information with fake data. Once you've made sure you can log in, change all the information in your account to falsified information. The reason for this is that many sites will retain information you previously had even after account deletion. The hope is that they will overwrite the previous information with the newest data you entered. However, there is no guarantee that there won't be backups with the prior information.

-For the account email, either create a new alternate email account via your provider of choice or create an alias using an [email aliasing service](../../../tools/services/email-aliasing/_index.md). You can then delete your alternate email address once you are done. We recommend against using temporary email providers, as oftentimes it is possible to reactivate temporary emails.
+For the account email, either create a new alternate email account via your provider of choice or create an alias using an [email aliasing service](../../../tools/services/email-aliasing/index.md). You can then delete your alternate email address once you are done. We recommend against using temporary email providers, as oftentimes it is possible to reactivate temporary emails.

 ### Delete

 You can check [JustDeleteMe](https://justdeleteme.xyz) for instructions on deleting the account for a specific service. Some sites will graciously have a "Delete Account" option, while others will go as far as to force you to speak with a support agent. The deletion process can vary from site to site, with account deletion being impossible on some.

-For services that don't allow account deletion, the best thing to do is falsify all your information as previously mentioned and strengthen account security. To do so, enable [MFA](../multi-factor-authentication/_index.md) and any extra security features offered. As well, change the password to a randomly-generated one that is the maximum allowed size (a [password manager](../../../tools/software/passwords/_index.md) can be useful for this).
+For services that don't allow account deletion, the best thing to do is falsify all your information as previously mentioned and strengthen account security. To do so, enable [MFA](../multi-factor-authentication/index.md) and any extra security features offered. As well, change the password to a randomly-generated one that is the maximum allowed size (a [password manager](../../../tools/software/passwords/index.md) can be useful for this).

 If you're satisfied that all information you care about is removed, you can safely forget about this account. If not, it might be a good idea to keep the credentials stored with your other passwords and occasionally re-login to reset the password.

@@ -8,7 +8,7 @@ description: Privacy isn't a straightforward topic, and it's easy to get caught

 These myths stem from a number of prejudices, but whether the source code is available and how software is licensed does not inherently affect its security in any way. <mark>Open-source software has the *potential* to be more secure than proprietary software, but there is absolutely no guarantee this is the case.</mark> When you evaluate software, you should look at the reputation and security of each tool on an individual basis.

-Open-source software *can* be audited by third-parties, and is often more transparent about potential vulnerabilities than proprietary counterparts. It also allows you to review the code and disable any suspicious functionality you find yourself. However, *unless you do so*, there is no guarantee that code has ever been evaluated, especially with smaller software projects. The open development process has also sometimes been exploited to introduce new vulnerabilities known as [:material-package-variant-closed-remove: Supply Chain Attacks](../common-threats/_index.md#attacks-against-certain-organizations){ .pg-viridian }, which are discussed further in our [Common Threats](../common-threats/_index.md) page.[^1]
+Open-source software *can* be audited by third-parties, and is often more transparent about potential vulnerabilities than proprietary counterparts. It also allows you to review the code and disable any suspicious functionality you find yourself. However, *unless you do so*, there is no guarantee that code has ever been evaluated, especially with smaller software projects. The open development process has also sometimes been exploited to introduce new vulnerabilities known as [:material-package-variant-closed-remove: Supply Chain Attacks](../common-threats/index.md#attacks-against-certain-organizations){ .pg-viridian }, which are discussed further in our [Common Threats](../common-threats/index.md) page.[^1]

 On the flip side, proprietary software is less transparent, but that doesn't imply that it's not secure. Major proprietary software projects can be audited internally and by third-party agencies, and independent security researchers can still find vulnerabilities with techniques like reverse engineering.

@@ -23,7 +23,7 @@ We talk about "shifting trust" a lot when discussing solutions like VPNs (which

 ## "Privacy-focused solutions are inherently trustworthy"

-Focusing solely on the privacy policies and marketing of a tool or provider can blind you to its weaknesses. When you're looking for a more private solution, you should determine what the underlying problem is and find technical solutions to that problem. For example, you may want to avoid Google Drive, which gives Google access to all of your data. The underlying problem in this case is lack of E2EE, so you should make sure that the provider you switch to actually implements E2EE, or use a tool (like [Cryptomator](../../../tools/software/encryption/_index.md#cryptomator-cloud)) which provides E2EE on any cloud provider. Switching to a "privacy-focused" provider (that doesn't implement E2EE) doesn't solve your problem: it just shifts trust from Google to that provider.
+Focusing solely on the privacy policies and marketing of a tool or provider can blind you to its weaknesses. When you're looking for a more private solution, you should determine what the underlying problem is and find technical solutions to that problem. For example, you may want to avoid Google Drive, which gives Google access to all of your data. The underlying problem in this case is lack of E2EE, so you should make sure that the provider you switch to actually implements E2EE, or use a tool (like [Cryptomator](../../../tools/software/encryption/index.md#cryptomator-cloud)) which provides E2EE on any cloud provider. Switching to a "privacy-focused" provider (that doesn't implement E2EE) doesn't solve your problem: it just shifts trust from Google to that provider.

 The privacy policies and business practices of providers you choose are very important, but should be considered secondary to technical guarantees of your privacy: You shouldn't shift trust to another provider when trusting a provider isn't a requirement at all.

@@ -50,7 +50,7 @@ One of the clearest threat models is one where people *know who you are* and one

 2. **Unknown identity** - An unknown identity could be a stable pseudonym that you regularly use. It is not anonymous because it doesn't change. If you're part of an online community, you may wish to retain a persona that others know. This pseudonym isn't anonymous because—if monitored for long enough—details about the owner can reveal further information, such as the way they write, their general knowledge about topics of interest, etc.

-    You may wish to use a VPN for this, to mask your IP address. Financial transactions are more difficult to mask: You could consider using anonymous cryptocurrencies, such as [Monero](../../../tools/software/cryptocurrency/_index.md#monero). Employing altcoin shifting may also help to disguise where your currency originated. Typically, exchanges require KYC (know your customer) to be completed before they'll allow you to exchange fiat currency into any kind of cryptocurrency. Local meet-up options may also be a solution; however, those are often more expensive and sometimes also require KYC.
+    You may wish to use a VPN for this, to mask your IP address. Financial transactions are more difficult to mask: You could consider using anonymous cryptocurrencies, such as [Monero](../../../tools/software/cryptocurrency/index.md#monero). Employing altcoin shifting may also help to disguise where your currency originated. Typically, exchanges require KYC (know your customer) to be completed before they'll allow you to exchange fiat currency into any kind of cryptocurrency. Local meet-up options may also be a solution; however, those are often more expensive and sometimes also require KYC.

 3. **Anonymous identity** - Even with experience, anonymous identities are difficult to maintain over long periods of time. They should be short-term and short-lived identities which are rotated regularly.

@@ -4,7 +4,7 @@ weight: 30
 description: Your threat model is personal to you, but these are some of the things many visitors to this site care about.
 ---

-Broadly speaking, we categorize our recommendations into the [threats](../threat-modeling/_index.md) or goals that apply to most people. <mark>You may be concerned with none, one, a few, or all of these possibilities</mark>, and the tools and services you use depend on what your goals are. You may have specific threats outside these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat.
+Broadly speaking, we categorize our recommendations into the [threats](../threat-modeling/index.md) or goals that apply to most people. <mark>You may be concerned with none, one, a few, or all of these possibilities</mark>, and the tools and services you use depend on what your goals are. You may have specific threats outside these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat.

 <span class="pg-purple">:material-incognito: **Anonymity**</span>

@@ -65,7 +65,7 @@ To minimize the damage that a malicious piece of software *could* do, you should
 > [!TIP]
 > Mobile operating systems generally have better application sandboxing than desktop operating systems: Apps can't obtain root access, and require permission for access to system resources.
 > 
-> Desktop operating systems generally lag behind on proper sandboxing. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt in to sandboxing for applications). However, these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../../../tools/os/desktop/_index.md#qubes-os).
+> Desktop operating systems generally lag behind on proper sandboxing. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt in to sandboxing for applications). However, these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../../../tools/os/desktop/index.md#qubes-os).


 ## Attacks against Specific Individuals
@@ -122,7 +122,7 @@ Thankfully, E2EE can alleviate this issue by encrypting communications between y
 <div class="admonition note" markdown>
 <p class="admonition-title">Note on Web-based Encryption</p>

-In practice, the effectiveness of different E2EE implementations varies. Applications, such as [Signal](../../../tools/services/messengers/_index.md#signal), run natively on your device, and every copy of the application is the same across different installations. If the service provider were to introduce a [backdoor](https://en.wikipedia.org/wiki/Backdoor_(computing)) in their application—in an attempt to steal your private keys—it could later be detected with [reverse engineering](https://en.wikipedia.org/wiki/Reverse_engineering).
+In practice, the effectiveness of different E2EE implementations varies. Applications, such as [Signal](../../../tools/services/messengers/index.md#signal), run natively on your device, and every copy of the application is the same across different installations. If the service provider were to introduce a [backdoor](https://en.wikipedia.org/wiki/Backdoor_(computing)) in their application—in an attempt to steal your private keys—it could later be detected with [reverse engineering](https://en.wikipedia.org/wiki/Reverse_engineering).

 On the other hand, web-based E2EE implementations, such as Proton Mail's web app or Bitwarden's *Web Vault*, rely on the server dynamically serving JavaScript code to the browser to handle cryptography. A malicious server can target you and send you malicious JavaScript code to steal your encryption key (and it would be extremely hard to notice). Because the server can choose to serve different web clients to different people—even if you noticed the attack—it would be incredibly hard to prove the provider's guilt.

@@ -130,7 +130,7 @@ Therefore, you should use native applications over web clients whenever possible

 </div>

-Even with E2EE, service providers can still profile you based on **metadata**, which typically isn't protected. While the service provider can't read your messages, they can still observe important things, such as whom you're talking to, how often you message them, and when you're typically active. Protection of metadata is fairly uncommon, and—if it's within your [threat model](../threat-modeling/_index.md)—you should pay close attention to the technical documentation of the software you're using to see if there's any metadata minimization or protection at all.
+Even with E2EE, service providers can still profile you based on **metadata**, which typically isn't protected. While the service provider can't read your messages, they can still observe important things, such as whom you're talking to, how often you message them, and when you're typically active. Protection of metadata is fairly uncommon, and—if it's within your [threat model](../threat-modeling/index.md)—you should pay close attention to the technical documentation of the software you're using to see if there's any metadata minimization or protection at all.

 ## Mass Surveillance Programs

@@ -186,7 +186,7 @@ Additionally, even companies outside the *AdTech* or tracking industry can share

 The best way to keep your data private is simply not making it public in the first place. Deleting unwanted information you find about yourself online is one of the best first steps you can take to regain your privacy.

- [View our guide on account deletion :material-arrow-right-drop-circle:](../account-deletion/_index.md)
+- [View our guide on account deletion :material-arrow-right-drop-circle:](../account-deletion/index.md)

 On sites where you do share information, checking the privacy settings of your account to limit how widely that data is spread is very important. For example, enable "private mode" on your accounts if given the option: This ensures that your account isn't being indexed by search engines, and that it can't be viewed without your permission.

@@ -200,12 +200,12 @@ Censorship online can be carried out (to varying degrees) by actors including to

 Censorship on corporate platforms is increasingly common, as platforms like Twitter and Facebook give in to public demand, market pressures, and pressures from government agencies. Government pressures can be covert requests to businesses, such as the White House [requesting the takedown](https://nytimes.com/2012/09/17/technology/on-the-web-a-fine-line-on-free-speech-across-globe.html) of a provocative YouTube video, or overt, such as the Chinese government requiring companies to adhere to a strict regime of censorship.

-People concerned with the threat of censorship can use technologies like [Tor](../../advanced/tor-overview/_index.md) to circumvent it, and support censorship-resistant communication platforms like [Matrix](../../../tools/software/social-networks/_index.md#element), which doesn't have a centralized account authority that can close accounts arbitrarily.
+People concerned with the threat of censorship can use technologies like [Tor](../../advanced/tor-overview/index.md) to circumvent it, and support censorship-resistant communication platforms like [Matrix](../../../tools/software/social-networks/index.md#element), which doesn't have a centralized account authority that can close accounts arbitrarily.

 > [!TIP]
 > While evading censorship itself can be easy, hiding the fact that you are doing it can be very problematic.
 > 
-> You should consider which aspects of the network your adversary can observe, and whether you have plausible deniability for your actions. For example, using [encrypted DNS](../../advanced/dns-overview/_index.md#what-is-encrypted-dns) can help you bypass rudimentary, DNS-based censorship systems, but it can't truly hide what you are visiting from your ISP. A VPN or Tor can help hide what you are visiting from network administrators, but can't hide that you're using those networks in the first place. Pluggable transports (such as Obfs4proxy, Meek, or Shadowsocks) can help you evade firewalls that block common VPN protocols or Tor, but your circumvention attempts can still be detected by methods like probing or [deep packet inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection).
+> You should consider which aspects of the network your adversary can observe, and whether you have plausible deniability for your actions. For example, using [encrypted DNS](../../advanced/dns-overview/index.md#what-is-encrypted-dns) can help you bypass rudimentary, DNS-based censorship systems, but it can't truly hide what you are visiting from your ISP. A VPN or Tor can help hide what you are visiting from network administrators, but can't hide that you're using those networks in the first place. Pluggable transports (such as Obfs4proxy, Meek, or Shadowsocks) can help you evade firewalls that block common VPN protocols or Tor, but your circumvention attempts can still be detected by methods like probing or [deep packet inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection).


 You must always consider the risks of trying to bypass censorship, the potential consequences, and how sophisticated your adversary may be. You should be cautious with your software selection, and have a backup plan in case you are caught.
@@ -11,9 +11,9 @@ As a result, email is best used for receiving transactional emails (like notific

 ## Email Encryption Overview

-The standard way to add E2EE to emails between different email providers is by using OpenPGP. There are different implementations of the OpenPGP standard, the most common being [GnuPG](../../../tools/software/encryption/_index.md#gnu-privacy-guard) and [OpenPGP.js](https://openpgpjs.org).
+The standard way to add E2EE to emails between different email providers is by using OpenPGP. There are different implementations of the OpenPGP standard, the most common being [GnuPG](../../../tools/software/encryption/index.md#gnu-privacy-guard) and [OpenPGP.js](https://openpgpjs.org).

-Even if you use OpenPGP, it does not support [forward secrecy](https://en.wikipedia.org/wiki/Forward_secrecy), which means if the private key of either you or the message recipient is ever stolen, all previous messages encrypted with it will be exposed. This is why we recommend [instant messengers](../../../tools/services/messengers/_index.md) which implement forward secrecy over email for person-to-person communications whenever possible.
+Even if you use OpenPGP, it does not support [forward secrecy](https://en.wikipedia.org/wiki/Forward_secrecy), which means if the private key of either you or the message recipient is ever stolen, all previous messages encrypted with it will be exposed. This is why we recommend [instant messengers](../../../tools/services/messengers/index.md) which implement forward secrecy over email for person-to-person communications whenever possible.

 There is another standard which is popular with business called [S/MIME](https://en.wikipedia.org/wiki/S/MIME), however it requires a certificate issued from a [Certificate Authority](https://en.wikipedia.org/wiki/Certificate_authority) (not all of them issue S/MIME certificates, and often a yearly payment is required). In some cases it is more usable than PGP because it has support in popular/mainstream email applications like Apple Mail, [Google Workplace](https://support.google.com/a/topic/9061730), and [Outlook](https://support.office.com/article/encrypt-messages-by-using-s-mime-in-outlook-on-the-web-878c79fc-7088-4b39-966f-14512658f480). However, S/MIME does not solve the issue of lack of forward secrecy, and isn't particularly more secure than PGP.

@@ -21,7 +21,7 @@ There is another standard which is popular with business called [S/MIME](https:/

 The [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD) standard allows email clients to discover the OpenPGP key for other mailboxes, even those hosted on a different provider. Email clients which support WKD will ask the recipient's server for a key based on the email address' domain name. For example, if you emailed `jonah@privacyguides.org`, your email client would ask `privacyguides.org` for Jonah's OpenPGP key, and if `privacyguides.org` has a key for that account, your message would be automatically encrypted.

-In addition to the [email clients we recommend](../../../tools/software/email-clients/_index.md) which support WKD, some webmail providers also support WKD. Whether *your own* key is published to WKD for others to use depends on your domain configuration. If you use an [email provider](../../../tools/services/email/_index.md#openpgp-compatible-services) which supports WKD, such as Proton Mail or Mailbox Mail, they can publish your OpenPGP key on their domain for you.
+In addition to the [email clients we recommend](../../../tools/software/email-clients/index.md) which support WKD, some webmail providers also support WKD. Whether *your own* key is published to WKD for others to use depends on your domain configuration. If you use an [email provider](../../../tools/services/email/index.md#openpgp-compatible-services) which supports WKD, such as Proton Mail or Mailbox Mail, they can publish your OpenPGP key on their domain for you.

 If you use your own custom domain, you will need to configure WKD separately. If you control your domain name, you can set up WKD regardless of your email provider. One easy way to do this is to use the "[WKD as a Service](https://keys.openpgp.org/about/usage#wkd-as-a-service)" feature from the `keys.openpgp.org` server: Set a CNAME record on the `openpgpkey` subdomain of your domain pointed to `wkd.keys.openpgp.org`, then upload your key to [keys.openpgp.org](https://keys.openpgp.org). Alternatively, you can [self-host WKD on your own web server](https://wiki.gnupg.org/WKDHosting).

@@ -29,11 +29,11 @@ If you use a shared domain from a provider which doesn't support WKD, like `@gma

 ### What Email Clients Support E2EE?

-Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../../../tools/software/email-clients/_index.md). Depending on the authentication method, this may lead to decreased security if either the provider or the email client does not support [OAuth](../account-creation/_index.md#sign-in-with-oauth) or a bridge application as [multifactor authentication](../multi-factor-authentication/_index.md) is not possible with plain password authentication.
+Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../../../tools/software/email-clients/index.md). Depending on the authentication method, this may lead to decreased security if either the provider or the email client does not support [OAuth](../account-creation/index.md#sign-in-with-oauth) or a bridge application as [multifactor authentication](../multi-factor-authentication/index.md) is not possible with plain password authentication.

 ### How Do I Protect My Private Keys?

-A smart card (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../../../tools/hardware/security-keys/_index.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smart card and the decrypted content is sent back to the device.
+A smart card (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../../../tools/hardware/security-keys/index.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smart card and the decrypted content is sent back to the device.

 It is advantageous for the decryption to occur on the smart card to avoid possibly exposing your private key to a compromised device.

@@ -16,7 +16,7 @@ Some devices will have a "hardware security program", which is a collaboration b

 - [Windows Secured-core PCs](https://learn.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-highly-secure-11) meet a higher security criteria specified by Microsoft. These protections aren't only applicable to Windows users; Users of other operating systems can still take advantage of features like [DMA protection](https://learn.microsoft.com/en-us/windows/security/information-protection/kernel-dma-protection-for-thunderbolt) and the ability to completely distrust Microsoft certificates.
 - [Android Ready SE](https://developers.google.com/android/security/android-ready-se) is a collaboration between vendors to ensure their devices follow [best practices](https://source.android.com/docs/security/best-practices/hardware) and include tamper resistant hardware backed storage for things like encryption keys.
- macOS running on an Apple SoC takes advantage of [hardware security](../../os/macos/_index.md#hardware-security) which may not be available with third party operating systems.
+- macOS running on an Apple SoC takes advantage of [hardware security](../../os/macos/index.md#hardware-security) which may not be available with third party operating systems.
 - [ChromeOS security](https://chromium.org/chromium-os/developer-library/reference/security/security-whitepaper) is at its best when running on a Chromebook as it is able to make use of available hardware features such as the [hardware root-of-trust](https://chromium.org/chromium-os/developer-library/reference/security/security-whitepaper/#hardware-root-of-trust-and-verified-boot).

 Even if you don't use these operating systems, participation in these programs may indicate that the manufacturer is following best practices when it comes to hardware security and updates.
@@ -57,7 +57,7 @@ Android defines three [security classes](https://source.android.com/docs/securit

 ### Device Encryption

-If your device is [encrypted](../../../tools/software/encryption/_index.md), your data is most secure when your device is completely powered off (as opposed to merely asleep), i.e. before you've entered your encryption key or lock screen password for the first time. On phones, this state of higher security is referred to as "Before First Unlock" (BFU), and "After First Unlock" (AFU) once you enter the correct password after a reboot/power-on. AFU is considerably less secure against digital forensics toolkits and other exploits, compared to BFU. Therefore, if you are concerned about an attacker with physical access to your device, you should turn it off fully whenever you aren't using it.
+If your device is [encrypted](../../../tools/software/encryption/index.md), your data is most secure when your device is completely powered off (as opposed to merely asleep), i.e. before you've entered your encryption key or lock screen password for the first time. On phones, this state of higher security is referred to as "Before First Unlock" (BFU), and "After First Unlock" (AFU) once you enter the correct password after a reboot/power-on. AFU is considerably less secure against digital forensics toolkits and other exploits, compared to BFU. Therefore, if you are concerned about an attacker with physical access to your device, you should turn it off fully whenever you aren't using it.

 This may be impractical, so consider whether it's worth it, but in either case even AFU mode is effective against most threats, given you are using a strong encryption key.

@@ -69,7 +69,7 @@ Some threats can't be protected against by your internal components alone. Many

 Hardware keys are devices that use strong cryptography to authenticate you to a device or account. The idea is that because they can not be copied, you can use them to secure accounts in such a way that they can only be accessed with physical possession of the key, eliminating many remote attacks.

-[Recommended Hardware Keys :material-arrow-right-drop-circle:](../../../tools/hardware/security-keys/_index.md){ .md-button .md-button--primary } [Learn More about Hardware Keys :material-arrow-right-drop-circle:](../multi-factor-authentication/_index.md#hardware-security-keys){ .md-button }
+[Recommended Hardware Keys :material-arrow-right-drop-circle:](../../../tools/hardware/security-keys/index.md){ .md-button .md-button--primary } [Learn More about Hardware Keys :material-arrow-right-drop-circle:](../multi-factor-authentication/index.md#hardware-security-keys){ .md-button }

 ### Camera/Microphone

@@ -135,6 +135,6 @@ The most important thing to think about with routers is keeping them up-to-date.

 If your router does not support automatic updates, you will need to go to the manufacturer's site to download the updates and apply them manually.

-Many consumer-grade routers aren't supported for very long. If your router isn't supported by the manufacturer anymore, you can check if it's supported by [FOSS firmware](../../../tools/os/router-firmware/_index.md). You can also buy routers that come with FOSS firmware installed by default; these tend to be supported longer than most routers.
+Many consumer-grade routers aren't supported for very long. If your router isn't supported by the manufacturer anymore, you can check if it's supported by [FOSS firmware](../../../tools/os/router-firmware/index.md). You can also buy routers that come with FOSS firmware installed by default; these tend to be supported longer than most routers.

 Some ISPs provide a combined router/modem. It can be beneficial for security to purchase a separate router and set your ISP router/modem into modem-only mode. This way, even when your ISP-provided router is no longer getting updates, you can still get security updates and patches. It also means any problems that affect your modem won't affect your router and vice versa.
@@ -35,7 +35,7 @@ Unlike [WebAuthn](#fido-fast-identity-online), TOTP offers no protection against

 An adversary could set up a website to imitate an official service in an attempt to trick you into giving out your username, password and current TOTP code. If the adversary then uses those recorded credentials they may be able to log into the real service and hijack the account.

-Although not perfect, TOTP is secure enough for most people, and when [hardware security keys](../../../tools/hardware/security-keys/_index.md) are not supported [authenticator apps](../../../tools/software/multi-factor-authentication/_index.md) are still a good option.
+Although not perfect, TOTP is secure enough for most people, and when [hardware security keys](../../../tools/hardware/security-keys/index.md) are not supported [authenticator apps](../../../tools/software/multi-factor-authentication/index.md) are still a good option.

 ### Hardware security keys

@@ -99,7 +99,7 @@ When configuring your MFA method, keep in mind that it is only as secure as your

 You should always have backups for your MFA method. Hardware security keys can get lost, stolen or simply stop working over time. It is recommended that you have a pair of hardware security keys with the same access to your accounts instead of just one.

-When using TOTP with an authenticator app, be sure to back up your recovery keys or the app itself, or copy the "shared secrets" to another instance of the app on a different phone or to an encrypted container (e.g. [VeraCrypt](../../../tools/software/encryption/_index.md#veracrypt-disk)).
+When using TOTP with an authenticator app, be sure to back up your recovery keys or the app itself, or copy the "shared secrets" to another instance of the app on a different phone or to an encrypted container (e.g. [VeraCrypt](../../../tools/software/encryption/index.md#veracrypt-disk)).

 ### Initial Set Up

@@ -111,7 +111,7 @@ If you have to use email for MFA, make sure that the email account itself is sec

 If you use SMS MFA, use a carrier who will not switch your phone number to a new SIM card without account access, or use a dedicated VoIP number from a provider with similar security to avoid a [SIM swap attack](https://en.wikipedia.org/wiki/SIM_swap_scam).

-[MFA tools we recommend](../../../tools/software/multi-factor-authentication/_index.md){ .md-button }
+[MFA tools we recommend](../../../tools/software/multi-factor-authentication/index.md){ .md-button }

 ## More Places to Set Up MFA

@@ -18,19 +18,19 @@ This is called [credential stuffing](https://en.wikipedia.org/wiki/Credential_st

 <mark>You should **never** rely on yourself to come up with a good password.</mark> We recommend using [randomly generated passwords](#passwords) or [diceware passphrases](#diceware-passphrases) with sufficient entropy to protect your accounts and devices.

-All of our [recommended password managers](../../../tools/software/passwords/_index.md) include a built-in password generator that you can use.
+All of our [recommended password managers](../../../tools/software/passwords/index.md) include a built-in password generator that you can use.

 ### Rotating Passwords

 You should avoid changing passwords that you have to remember (such as your password manager's master password) too often unless you have reason to believe it has been compromised, as changing it too often exposes you to the risk of forgetting it.

-When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](../threat-modeling/_index.md) calls for it, we recommend going through important accounts (especially accounts that don't use multifactor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Most password managers allow you to set an expiry date for your password to make this easier to manage.
+When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](../threat-modeling/index.md) calls for it, we recommend going through important accounts (especially accounts that don't use multifactor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Most password managers allow you to set an expiry date for your password to make this easier to manage.

 <!-- TODO: Admonition -->
 <div class="admonition tip" markdown>
 <p class="admonition-title">Checking for data breaches</p>

-If your password manager lets you check for compromised passwords, make sure to do so and promptly change any password that may have been exposed in a data breach. Alternatively, you could follow [Have I Been Pwned's Latest Breaches feed](https://feeds.feedburner.com/HaveIBeenPwnedLatestBreaches) with the help of a [news aggregator](../../../tools/software/news-aggregators/_index.md).
+If your password manager lets you check for compromised passwords, make sure to do so and promptly change any password that may have been exposed in a data breach. Alternatively, you could follow [Have I Been Pwned's Latest Breaches feed](https://feeds.feedburner.com/HaveIBeenPwnedLatestBreaches) with the help of a [news aggregator](../../../tools/software/news-aggregators/index.md).

 </div>

@@ -158,13 +158,13 @@ The best way to store your passwords is by using a password manager. They allow

 There are many good options to choose from, both cloud-based and local. Choose one of our recommended password managers and use it to establish strong passwords across all of your accounts. We recommend securing your password manager with a [diceware passphrase](#diceware-passphrases) comprised of at least seven words.

-[List of recommended password managers](../../../tools/software/passwords/_index.md){ .md-button }
+[List of recommended password managers](../../../tools/software/passwords/index.md){ .md-button }

 <!-- TODO: Admonition -->
 <div class="admonition warning" markdown>
 <p class="admonition-title">Don't place your passwords and TOTP tokens inside the same password manager</p>

-When using [TOTP codes as multifactor authentication](../multi-factor-authentication/_index.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../../../tools/software/multi-factor-authentication/_index.md).
+When using [TOTP codes as multifactor authentication](../multi-factor-authentication/index.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../../../tools/software/multi-factor-authentication/index.md).

 Storing your TOTP tokens in the same place as your passwords, while convenient, reduces the accounts to a single factor in the event that an adversary gains access to your password manager.

@@ -174,4 +174,4 @@ Furthermore, we do not recommend storing single-use recovery codes in your passw

 ### Backups

-You should store an [encrypted](../../../tools/software/encryption/_index.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using.
+You should store an [encrypted](../../../tools/software/encryption/index.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using.
@@ -99,7 +99,7 @@ Making a security plan will help you to understand the threats that are unique t

 For people looking to increase their privacy and security online, we've compiled a list of common threats our visitors face or goals our visitors have, to give you some inspiration and demonstrate the basis of our recommendations.

- [Common Goals and Threats :material-arrow-right-drop-circle:](../common-threats/_index.md)
+- [Common Goals and Threats :material-arrow-right-drop-circle:](../common-threats/index.md)

 ## Sources

@@ -9,12 +9,12 @@ Virtual Private Networks are a way of extending the end of your network to exit

 [:material-movie-open-play-outline: Video: Do you need a VPN?](https://www.privacyguides.org/videos/2024/12/12/do-you-need-a-vpn){ .md-button }

-Normally, an ISP can see the flow of internet traffic entering and exiting your network termination device (i.e. modem). Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../../advanced/dns-overview/_index.md#why-shouldnt-i-use-encrypted-dns).
+Normally, an ISP can see the flow of internet traffic entering and exiting your network termination device (i.e. modem). Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../../advanced/dns-overview/index.md#why-shouldnt-i-use-encrypted-dns).

 Using a VPN hides even this information from your ISP, by shifting the trust you place in your network to a server somewhere else in the world. As a result, the ISP then only sees that you are connected to a VPN and nothing about the activity that you're passing through it.

 > [!NOTE]
-> When we refer to "Virtual Private Networks" on this website, we are usually referring to **commercial** [VPN providers](../../../tools/services/vpn/_index.md), who you pay a monthly fee to in exchange for routing your internet traffic securely through their public servers. There are many other forms of VPN, such as ones you host yourself or ones operated by workplaces which allow you to securely connect to internal/employee network resources, however, these VPNs are usually designed for accessing remote networks securely, rather than protecting the privacy of your internet connection.
+> When we refer to "Virtual Private Networks" on this website, we are usually referring to **commercial** [VPN providers](../../../tools/services/vpn/index.md), who you pay a monthly fee to in exchange for routing your internet traffic securely through their public servers. There are many other forms of VPN, such as ones you host yourself or ones operated by workplaces which allow you to securely connect to internal/employee network resources, however, these VPNs are usually designed for accessing remote networks securely, rather than protecting the privacy of your internet connection.


 ## How does a VPN work?
@@ -46,9 +46,9 @@ VPNs cannot encrypt data outside the connection between your device and the VPN

 ## When isn't a VPN suitable?

-Using a VPN in cases where you're using your [real-life or well-known identity](../common-misconceptions/_index.md#complicated-is-better) online is unlikely to be useful. Doing so may trigger spam and fraud detection systems, such as if you were to log into your bank's website.
+Using a VPN in cases where you're using your [real-life or well-known identity](../common-misconceptions/index.md#complicated-is-better) online is unlikely to be useful. Doing so may trigger spam and fraud detection systems, such as if you were to log into your bank's website.

-It's important to remember that a VPN will not provide you with absolute anonymity because the VPN provider itself will still have access to your real IP address, destination website information, and often a money trail that can be linked directly back to you. "No logging" policies are merely a promise; if you need complete safety from the network itself, consider using [Tor](../../advanced/tor-overview/_index.md) in addition to or instead of a VPN.
+It's important to remember that a VPN will not provide you with absolute anonymity because the VPN provider itself will still have access to your real IP address, destination website information, and often a money trail that can be linked directly back to you. "No logging" policies are merely a promise; if you need complete safety from the network itself, consider using [Tor](../../advanced/tor-overview/index.md) in addition to or instead of a VPN.

 You also should not trust a VPN to secure your connection to an unencrypted, HTTP destination. In order to keep what you actually do on the websites you visit private and secure, you must use HTTPS. This will keep your passwords, session tokens, and queries safe from the VPN provider and other potential adversaries in between the VPN server and your destination. You should enable HTTPS-only mode in your browser (if it's supported) to mitigate attacks which try to downgrade your connection from HTTPS to HTTP.

@@ -60,9 +60,9 @@ Another common reason encrypted DNS is recommended is that it prevents DNS spoof

 ## Should I use Tor *and* a VPN?

-Maybe, Tor is not necessarily suitable for everybody in the first place. Consider your [threat model](../threat-modeling/_index.md), because if your adversary is not capable of extracting information from your VPN provider, using a VPN alone may provide enough protection.
+Maybe, Tor is not necessarily suitable for everybody in the first place. Consider your [threat model](../threat-modeling/index.md), because if your adversary is not capable of extracting information from your VPN provider, using a VPN alone may provide enough protection.

-If you do use Tor then you are *probably* best off connecting to the Tor network via a commercial VPN provider. However, this is a complex subject which we've written more about on our [Tor overview](../../advanced/tor-overview/_index.md) page.
+If you do use Tor then you are *probably* best off connecting to the Tor network via a commercial VPN provider. However, this is a complex subject which we've written more about on our [Tor overview](../../advanced/tor-overview/index.md) page.

 ## Should I access Tor through VPN providers that provide "Tor nodes"?

@@ -70,7 +70,7 @@ You should not use that feature: The primary advantage of using Tor is that you

 Currently, Tor only supports the TCP protocol. UDP (used by [WebRTC](https://en.wikipedia.org/wiki/WebRTC), [HTTP3/QUIC](https://en.wikipedia.org/wiki/HTTP/3), and other protocols), [ICMP](https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol), and other packets will be dropped. To compensate for this, VPN providers typically will route all non-TCP packets through their VPN server (your first hop). This is the case with [ProtonVPN](https://protonvpn.com/support/tor-vpn). Additionally, when using this Tor over VPN setup, you do not have control over other important Tor features such as [Isolated Destination Address](https://whonix.org/wiki/Stream_Isolation) (using a different Tor circuit for every domain you visit).

-The feature should be viewed as a *convenient* way to access hidden services on Tor, not to stay anonymous. For proper anonymity, use the actual [Tor Browser](../../../tools/software/tor/_index.md).
+The feature should be viewed as a *convenient* way to access hidden services on Tor, not to stay anonymous. For proper anonymity, use the actual [Tor Browser](../../../tools/software/tor/index.md).

 ## Commercial VPN Ownership

@@ -78,7 +78,7 @@ Most VPN services are owned by the same [few companies](https://vpnpro.com/blog/

 You should also be wary that many VPN review sites are merely advertising vehicles open to the highest bidder. <mark>Privacy Guides does not make money from recommending external products, and never uses affiliate programs.</mark>

-[Our VPN Recommendations](../../../tools/services/vpn/_index.md){ .md-button }
+[Our VPN Recommendations](../../../tools/services/vpn/index.md){ .md-button }

 ## Modern VPN Alternatives

@@ -26,13 +26,13 @@ Many people get the concepts of **privacy**, **security**, and **anonymity** con
 <!-- markdownlint-disable-next-line -->
 **Anonymity**

-:   Anonymity is the ability to act without a persistent identifier. You might achieve this online with [Tor](../../../tools/software/tor/_index.md), which allows you to browse the internet with a random IP address and network connection instead of your own.
+:   Anonymity is the ability to act without a persistent identifier. You might achieve this online with [Tor](../../../tools/software/tor/index.md), which allows you to browse the internet with a random IP address and network connection instead of your own.

 :   **Pseudonymity** is a similar concept, but it allows you to have a persistent identifier without it being tied to your real identity. If everybody knows you as `@GamerGuy12` online, but nobody knows your real name, that is your pseudonym.

 All of these concepts overlap, but it is possible to have any combination of these. The sweet spot for most people is when all three of these concepts overlap. However, it's trickier to achieve than many initially believe. Sometimes, you have to compromise on some of these, and that's okay too. This is where **threat modeling** comes into play, allowing you to make informed decisions about the [software and services](../../../tools/_index.md) you use.

-[:material-book-outline: Learn More About Threat Modeling](../threat-modeling/_index.md){ .md-button }
+[:material-book-outline: Learn More About Threat Modeling](../threat-modeling/index.md){ .md-button }

 ## Privacy vs. Secrecy

@@ -2,10 +2,10 @@
 title: Operating Systems
 description: An overview of our operating system-related recommendations for all major computing hardware.
 ---
-We publish configuration guides for the major operating systems, because you can generally improve the amount of data that is collected about you on any option, especially if you use privacy tools like our [recommended web browsers](../../tools/software/desktop-browsers/_index.md) in place of native tools where appropriate. However, some operating systems will be more privacy-respecting inherently, and it will be much harder to achieve an equivalent level of privacy on other choices.
+We publish configuration guides for the major operating systems, because you can generally improve the amount of data that is collected about you on any option, especially if you use privacy tools like our [recommended web browsers](../../tools/software/desktop-browsers/index.md) in place of native tools where appropriate. However, some operating systems will be more privacy-respecting inherently, and it will be much harder to achieve an equivalent level of privacy on other choices.

 > [!TIP]
-> You may also wish to explore our [recommended linux distros](../../tools/os/desktop/_index.md) and [recommended Android distros](../../tools/os/android/distributions/_index.md).
+> You may also wish to explore our [recommended linux distros](../../tools/os/desktop/index.md) and [recommended Android distros](../../tools/os/android/distributions/index.md).

 ## Mobile Operating Systems

@@ -16,7 +16,7 @@ The **Android Open Source Project** is a secure mobile operating system featurin

 ## Security Protections

-Key components of the Android security model include [verified boot](#verified-boot), [firmware updates](#firmware-updates), and a robust [permission system](#android-permissions). These important security features form the baseline of the minimum criteria for our [mobile phone](../../../tools/hardware/mobile-phones/_index.md) and [custom Android OS](../../../tools/os/android/distributions/_index.md) recommendations.
+Key components of the Android security model include [verified boot](#verified-boot), [firmware updates](#firmware-updates), and a robust [permission system](#android-permissions). These important security features form the baseline of the minimum criteria for our [mobile phone](../../../tools/hardware/mobile-phones/index.md) and [custom Android OS](../../../tools/os/android/distributions/index.md) recommendations.

 ### Verified Boot

@@ -44,7 +44,7 @@ Fairphone, for example, markets their Fairphone 4 device as receiving 6 years of

 [**Permissions on Android**](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps.

-A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a [Google Pixel](../../../tools/hardware/mobile-phones/_index.md#google-pixel).
+A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a [Google Pixel](../../../tools/hardware/mobile-phones/index.md#google-pixel).

 Android 10:

@@ -93,7 +93,7 @@ With user profiles, you can impose restrictions on a specific profile, such as:

 [**Work Profiles**](https://support.google.com/work/android/answer/6191949) are another way to isolate individual apps and may be more convenient than separate user profiles.

-A **device controller** app such as [Shelter](../../../tools/os/android/general-apps/_index.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
+A **device controller** app such as [Shelter](../../../tools/os/android/general-apps/index.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.

 The work profile is dependent on a device controller to function. Features such as *File Shuttle* and *contact search blocking* or any kind of isolation features must be implemented by the controller. You must also fully trust the device controller app, as it has full access to your data inside the work profile.

@@ -121,11 +121,11 @@ If you are using a device with Google services—whether with the stock operatin

 ### Advanced Protection Program

-If you have a Google account we suggest enrolling in the [Advanced Protection Program](https://landing.google.com/advancedprotection). It is available at no cost to anyone with two or more hardware security keys with [FIDO](../../basics/multi-factor-authentication/_index.md#fido-fast-identity-online) support. Alternatively, you can use [passkeys](https://fidoalliance.org/passkeys).
+If you have a Google account we suggest enrolling in the [Advanced Protection Program](https://landing.google.com/advancedprotection). It is available at no cost to anyone with two or more hardware security keys with [FIDO](../../basics/multi-factor-authentication/index.md#fido-fast-identity-online) support. Alternatively, you can use [passkeys](https://fidoalliance.org/passkeys).

 The Advanced Protection Program provides enhanced threat monitoring and enables:

- Stricter two-factor authentication; e.g. that [FIDO](../../basics/multi-factor-authentication/_index.md#fido-fast-identity-online) **must** be used and disallows the use of [SMS OTPs](../../basics/multi-factor-authentication/_index.md#sms-or-email-mfa), [TOTP](../../basics/multi-factor-authentication/_index.md#time-based-one-time-password-totp) and [OAuth](../../basics/account-creation/_index.md#sign-in-with-oauth)
+- Stricter two-factor authentication; e.g. that [FIDO](../../basics/multi-factor-authentication/index.md#fido-fast-identity-online) **must** be used and disallows the use of [SMS OTPs](../../basics/multi-factor-authentication/index.md#sms-or-email-mfa), [TOTP](../../basics/multi-factor-authentication/index.md#time-based-one-time-password-totp) and [OAuth](../../basics/account-creation/index.md#sign-in-with-oauth)
 - Only Google and verified third-party apps can access account data
 - Scanning of incoming emails on Gmail accounts for [phishing](https://en.wikipedia.org/wiki/Phishing#Email_phishing) attempts
 - Stricter [safe browser scanning](https://google.com/chrome/privacy/whitepaper.html#malware) with Google Chrome
@@ -9,7 +9,7 @@ description: iOS is a mobile operating system developed by Apple for the iPhone.

 iOS devices are frequently praised by security experts for their robust data protection and adherence to modern best practices. However, the restrictiveness of Apple's ecosystem—particularly with their mobile devices—does still hamper privacy in a number of ways.

-We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../../../tools/os/android/distributions/_index.md) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
+We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../../../tools/os/android/distributions/index.md) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.

 ### Activation Lock

@@ -41,13 +41,13 @@ The majority of privacy and security concerns with Apple products are related to

 Therefore, if you do use iCloud you should [enable **Advanced Data Protection**](https://support.apple.com/HT212520). This encrypts nearly all of your iCloud data with keys stored on your devices (end-to-end encryption), rather than Apple's servers, so that your iCloud data is secured in the event of a data breach, and otherwise hidden from Apple.

-The encryption used by Advanced Data Protection, while strong, [is not *quite* as robust](https://discuss.privacyguides.net/t/apple-advances-user-security-with-powerful-new-data-protections/10778/4) as the encryption offered by other [cloud services](../../../tools/services/cloud/_index.md), particularly when it comes to iCloud Drive. While we strongly encourage using Advanced Data Protection if you use iCloud, we would also suggest considering finding an alternative to iCloud from a more [privacy-focused service provider](../../../tools/_index.md), although it is unlikely most people would be impacted by these encryption quirks.
+The encryption used by Advanced Data Protection, while strong, [is not *quite* as robust](https://discuss.privacyguides.net/t/apple-advances-user-security-with-powerful-new-data-protections/10778/4) as the encryption offered by other [cloud services](../../../tools/services/cloud/index.md), particularly when it comes to iCloud Drive. While we strongly encourage using Advanced Data Protection if you use iCloud, we would also suggest considering finding an alternative to iCloud from a more [privacy-focused service provider](../../../tools/_index.md), although it is unlikely most people would be impacted by these encryption quirks.

 You can also protect your data by limiting what you sync to iCloud in the first place. At the top of the **Settings** app, you'll see your name and profile picture if you are signed in to iCloud. Select that, then **iCloud**, and turn off the switches for any services you don't want to sync to iCloud. You may see third-party apps listed under **Show All** if they sync to iCloud, which you can disable here.

 #### iCloud+

-A paid **iCloud+** subscription (with any iCloud storage plan) comes with some privacy-protecting functionality. While these may provide adequate service for current iCloud customers, we wouldn't recommend purchasing an iCloud+ plan over a [VPN](../../../tools/services/vpn/_index.md) and [standalone email aliasing service](../../../tools/services/email-aliasing/_index.md) just for these features alone.
+A paid **iCloud+** subscription (with any iCloud storage plan) comes with some privacy-protecting functionality. While these may provide adequate service for current iCloud customers, we wouldn't recommend purchasing an iCloud+ plan over a [VPN](../../../tools/services/vpn/index.md) and [standalone email aliasing service](../../../tools/services/email-aliasing/index.md) just for these features alone.

 [**Private Relay**](https://apple.com/legal/privacy/data/en/icloud-relay) is a proxy service which relays all of your Safari traffic, your DNS queries, and unencrypted traffic on your device through two servers: one owned by Apple and one owned by a third-party provider (including Akamai, Cloudflare, and Fastly). In theory this should prevent any single provider in the chain—including Apple—from having full visibility into which websites you visit while connected. Unlike a VPN, Private Relay does not protect traffic that's already encrypted.

@@ -136,7 +136,7 @@ If you don't want anyone to be able to control your phone with Siri when it is l

 Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make trade-offs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.

-Select **Turn Passcode On** or **Change Passcode** → **Passcode Options** → **Custom Alphanumeric Code**. Make sure that you create a [secure password](../../basics/passwords-overview/_index.md).
+Select **Turn Passcode On** or **Change Passcode** → **Passcode Options** → **Custom Alphanumeric Code**. Make sure that you create a [secure password](../../basics/passwords-overview/index.md).

 If you wish to use Face ID or Touch ID, you can go ahead and set it up now. Your phone will use the password you set up earlier as a fallback in case your biometric verification fails. Biometric unlock methods are primarily a convenience, although they do stop surveillance cameras or people over your shoulder from watching you input your passcode.

@@ -206,7 +206,7 @@ Set wired accessories to ask for permission when you connect them. Select **Wire

 ### E2EE Calls

-Normal phone calls made with the Phone app through your carrier are not E2EE. Both FaceTime Video and FaceTime Audio calls are E2EE. Alternatively, you can use [another app](../../../tools/services/messengers/_index.md) like Signal for E2EE calls.
+Normal phone calls made with the Phone app through your carrier are not E2EE. Both FaceTime Video and FaceTime Audio calls are E2EE. Alternatively, you can use [another app](../../../tools/services/messengers/index.md) like Signal for E2EE calls.

 ### Encrypted iMessage

@@ -232,7 +232,7 @@ Rather than allow an app to access all the photos on your device, you can allow

 ![Private Access](private-access-light.png#only-light) ![Private Access](private-access-dark.png#only-dark)

-Some apps also support **Private Access**, which functions similarly to the **Limited Access** permission. However, photos shared to apps using Private Access include their location by default. We recommend unchecking this setting if you do not [remove photo metadata](../../../tools/software/data-redaction/_index.md) beforehand.
+Some apps also support **Private Access**, which functions similarly to the **Limited Access** permission. However, photos shared to apps using Private Access include their location by default. We recommend unchecking this setting if you do not [remove photo metadata](../../../tools/software/data-redaction/index.md) beforehand.

 ### Contact Permissions

@@ -267,7 +267,7 @@ You can use the [Clean Up](https://support.apple.com/en-us/121429) feature on su
 - Tap the button labeled **Clean Up**
 - Draw a circle around whatever you want to redact. Faces will be pixelated, and it will attempt to delete anything else.

-Our warning [against blurring text](../../../tools/software/data-redaction/_index.md) also applies here, so we recommend to instead add a black shape with 100% opacity over it. In addition to redacting text, you can also black out any face or object using the **Photos** app.
+Our warning [against blurring text](../../../tools/software/data-redaction/index.md) also applies here, so we recommend to instead add a black shape with 100% opacity over it. In addition to redacting text, you can also black out any face or object using the **Photos** app.

 <div class="annotate" markdown>

@@ -294,7 +294,7 @@ Apple always makes beta versions of iOS available early for those that wish to h

 ### Before First Unlock

-If your threat model includes [:material-target-account: Targeted Attacks](../../basics/common-threats/_index.md#attacks-against-specific-individuals){ .pg-red } that involve forensic tools, and you want to minimize the chance of exploits being used to access your phone, you should restart your device frequently. The state *after* a reboot but *before* unlocking your device is referred to as "Before First Unlock" (BFU), and when your device is in that state it makes it [significantly more difficult](https://belkasoft.com/checkm8_glossary) for forensic tools to exploit vulnerabilities to access your data. This BFU state allows you to receive notifications for calls, texts, and alarms, but most of the data on your device is still encrypted and inaccessible. This can be impractical, so consider whether these trade-offs make sense for your situation.
+If your threat model includes [:material-target-account: Targeted Attacks](../../basics/common-threats/index.md#attacks-against-specific-individuals){ .pg-red } that involve forensic tools, and you want to minimize the chance of exploits being used to access your phone, you should restart your device frequently. The state *after* a reboot but *before* unlocking your device is referred to as "Before First Unlock" (BFU), and when your device is in that state it makes it [significantly more difficult](https://belkasoft.com/checkm8_glossary) for forensic tools to exploit vulnerabilities to access your data. This BFU state allows you to receive notifications for calls, texts, and alarms, but most of the data on your device is still encrypted and inaccessible. This can be impractical, so consider whether these trade-offs make sense for your situation.

 iPhones [automatically reboot](https://support.apple.com/guide/security/protecting-user-data-in-the-face-of-attack-secf5549a4f5/1/web/1#:~:text=On%20an%20iPhone%20or%20iPad%20with%20iOS%2018%20and%20iPadOS%2018%20or%20later%2C%20a%20new%20security%20protection%20will%20restart%20devices%20if%20they%20remain%20locked%20for%20a%20prolonged%20period%20of%20time.) if they're not unlocked after a period of time.

@@ -7,7 +7,7 @@ description: Linux is an open-source, privacy-focused desktop operating system a

 Our website generally uses the term “Linux” to describe **desktop** Linux distributions. Other operating systems which also use the Linux kernel such as ChromeOS, Android, and Qubes OS are not discussed on this page.

-[Our Linux Recommendations :material-arrow-right-drop-circle:](../../../tools/os/desktop/_index.md){ .md-button }
+[Our Linux Recommendations :material-arrow-right-drop-circle:](../../../tools/os/desktop/index.md){ .md-button }

 ## Security Notes

@@ -15,11 +15,11 @@ There are some notable security concerns with Linux which you should be aware of

 - Avoid telemetry that often comes with proprietary operating systems
 - Maintain [software freedom](https://gnu.org/philosophy/free-sw.en.html#four-freedoms)
- Use privacy-focused systems such as [Whonix](../../../tools/os/desktop/_index.md#whonix) or [Tails](../../../tools/os/desktop/_index.md#tails)
+- Use privacy-focused systems such as [Whonix](../../../tools/os/desktop/index.md#whonix) or [Tails](../../../tools/os/desktop/index.md#tails)

 ### Open-Source Security

-It is a [common misconception](../../basics/common-misconceptions/_index.md#open-source-software-is-always-secure-or-proprietary-software-is-more-secure) that Linux and other open-source software are inherently secure simply because the source code is available. There is an expectation that community verification occurs regularly, but this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security).
+It is a [common misconception](../../basics/common-misconceptions/index.md#open-source-software-is-always-secure-or-proprietary-software-is-more-secure) that Linux and other open-source software are inherently secure simply because the source code is available. There is an expectation that community verification occurs regularly, but this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security).

 In reality, distro security depends on a number of factors, such as project activity, developer experience, the level of rigor applied to code reviews, and how often attention is given to specific parts of the codebase that may go untouched for years.

@@ -35,7 +35,7 @@ Additionally, Linux falls behind in implementing [exploit mitigations](https://m

 ## Choosing your distribution

-Not all Linux distributions are created equal. Our [Linux recommendation page](../../../tools/os/desktop/_index.md) is not meant to be an authoritative source on which distribution you should use, but our recommendations *are* aligned with the following guidelines. These are a few things you should keep in mind when choosing a distribution:
+Not all Linux distributions are created equal. Our [Linux recommendation page](../../../tools/os/desktop/index.md) is not meant to be an authoritative source on which distribution you should use, but our recommendations *are* aligned with the following guidelines. These are a few things you should keep in mind when choosing a distribution:

 ### Release cycle

@@ -53,7 +53,7 @@ Traditionally, Linux distributions update by sequentially updating the desired p

 Distros which use atomic updates, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.

-The atomic update method can achieve reliability with this model and is used for [distributions](../../../tools/os/desktop/_index.md#atomic-distributions) like Silverblue and NixOS. [Adam Šamalík](https://twitter.com/adsamalik) provides a presentation on how `rpm-ostree` works with Silverblue:
+The atomic update method can achieve reliability with this model and is used for [distributions](../../../tools/os/desktop/index.md#atomic-distributions) like Silverblue and NixOS. [Adam Šamalík](https://twitter.com/adsamalik) provides a presentation on how `rpm-ostree` works with Silverblue:

 - [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalík](https://youtu.be/-hpV5l-gJnQ) <small>(YouTube)</small>

@@ -67,7 +67,7 @@ Arch and Arch-based distributions are not recommended for those new to Linux (re

 For a secure system, you are also expected to have sufficient Linux knowledge to properly set up security for their system such as adopting a [mandatory access control](#mandatory-access-control) system, setting up [kernel module](https://en.wikipedia.org/wiki/Loadable_kernel_module#Security) blacklists, hardening boot parameters, manipulating [sysctl](https://en.wikipedia.org/wiki/Sysctl) parameters, and knowing what components they need such as [Polkit](https://en.wikipedia.org/wiki/Polkit).

-Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software [:material-package-variant-closed-remove: Supply Chain Attacks](../../basics/common-threats/_index.md#attacks-against-certain-organizations){ .pg-viridian }, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository).
+Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software [:material-package-variant-closed-remove: Supply Chain Attacks](../../basics/common-threats/index.md#attacks-against-certain-organizations){ .pg-viridian }, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository).

 The AUR should always be used sparingly, and often there is a lot of bad advice on various pages which direct people to blindly use [AUR helpers](https://wiki.archlinux.org/title/AUR_helpers) without sufficient warning. Similar warnings apply to the use of third-party Personal Package Archives (PPAs) on Debian-based distributions or Community Projects (COPR) on Fedora.

@@ -92,7 +92,7 @@ SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-gett

 ### Drive Encryption

-Most Linux distributions have an option within its installer for enabling [LUKS](../../../tools/software/encryption/_index.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to back up your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device:
+Most Linux distributions have an option within its installer for enabling [LUKS](../../../tools/software/encryption/index.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to back up your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device:

 - [Secure Data Erasure :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/05/25/secure-data-erasure)

@@ -155,7 +155,7 @@ MAC address randomization is primarily beneficial for Wi-Fi connections. For Eth

 ### Other Identifiers

-There are other system identifiers which you may wish to be careful about. You should give this some thought to see if it applies to your [threat model](../../basics/threat-modeling/_index.md):
+There are other system identifiers which you may wish to be careful about. You should give this some thought to see if it applies to your [threat model](../../basics/threat-modeling/index.md):

 - **Hostnames:** Your system's hostname is shared with the networks you connect to. You should avoid including identifying terms like your name or operating system in your hostname, instead sticking to generic terms or random strings.
 - **Usernames:** Similarly, your username is used in a variety of ways across your system. Consider using generic terms like "user" rather than your actual name.
@@ -132,7 +132,7 @@ Decide whether you want personalized ads based on your usage.

 ##### FileVault

-On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple Silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../../../tools/software/encryption/_index.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
+On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple Silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../../../tools/software/encryption/index.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.

 On older Intel-based Mac computers, FileVault is the only form of disk encryption available by default, and should always be enabled.

@@ -180,10 +180,10 @@ System Integrity Protection makes critical file locations read-only to protect a

 ##### App Sandbox

-On macOS, whether an app is sandboxed is determined by the developer when they sign it. The [App Sandbox](https://developer.apple.com/documentation/xcode/configuring-the-macos-app-sandbox) protects against vulnerabilities in the apps you run by limiting what a malicious actor can access in the event that the app is exploited. The App Sandbox *alone* can't protect against [:material-package-variant-closed-remove: Supply Chain Attacks](../../basics/common-threats/_index.md#attacks-against-certain-organizations){ .pg-viridian } by malicious developers. For that, sandboxing needs to be enforced by someone other than the developer themselves, as it is on the [App Store](https://support.apple.com/guide/security/gatekeeper-and-runtime-protection-sec5599b66df/1/web/1#:~:text=All%20apps%20from%20the%20App%20Store%20are%20sandboxed%20to%20restrict%20access%20to%20data%20stored%20by%20other%20apps.).
+On macOS, whether an app is sandboxed is determined by the developer when they sign it. The [App Sandbox](https://developer.apple.com/documentation/xcode/configuring-the-macos-app-sandbox) protects against vulnerabilities in the apps you run by limiting what a malicious actor can access in the event that the app is exploited. The App Sandbox *alone* can't protect against [:material-package-variant-closed-remove: Supply Chain Attacks](../../basics/common-threats/index.md#attacks-against-certain-organizations){ .pg-viridian } by malicious developers. For that, sandboxing needs to be enforced by someone other than the developer themselves, as it is on the [App Store](https://support.apple.com/guide/security/gatekeeper-and-runtime-protection-sec5599b66df/1/web/1#:~:text=All%20apps%20from%20the%20App%20Store%20are%20sandboxed%20to%20restrict%20access%20to%20data%20stored%20by%20other%20apps.).

 > [!WARNING]
-> Software downloaded from outside the official App Store is not required to be sandboxed. If your threat model prioritizes defending against [:material-bug-outline: Passive Attacks](../../basics/common-threats/_index.md#security-and-privacy){ .pg-orange }, then you may want to check if the software you download outside the App Store is sandboxed, which is up to the developer to *opt in*.
+> Software downloaded from outside the official App Store is not required to be sandboxed. If your threat model prioritizes defending against [:material-bug-outline: Passive Attacks](../../basics/common-threats/index.md#security-and-privacy){ .pg-orange }, then you may want to check if the software you download outside the App Store is sandboxed, which is up to the developer to *opt in*.


 You can check if an app uses the App Sandbox in a few ways:
@@ -208,7 +208,7 @@ If an app is sandboxed, you should see the following output:
        [Bool] true
 ```

-If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../../basics/common-threats/_index.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the non-sandboxed app altogether.
+If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../../basics/common-threats/index.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the non-sandboxed app altogether.

 ##### Hardened Runtime

@@ -3,11 +3,11 @@ title: "Qubes Overview"
 icon: simple/qubesos
 description: Qubes is an operating system built around isolating apps within *qubes* (formerly "VMs") for heightened security.
 ---
-[**Qubes OS**](../../../tools/os/desktop/_index.md#qubes-os) is an open-source operating system which uses the [Xen](https://en.wikipedia.org/wiki/Xen) hypervisor to provide strong security for desktop computing through isolated *qubes*, (which are Virtual Machines). You can assign each *qube* a level of trust based on its purpose. Qubes OS provides security by using isolation. It only permits actions on a per-case basis and therefore is the opposite of [badness enumeration](https://ranum.com/security/computer_security/editorials/dumb).
+[**Qubes OS**](../../../tools/os/desktop/index.md#qubes-os) is an open-source operating system which uses the [Xen](https://en.wikipedia.org/wiki/Xen) hypervisor to provide strong security for desktop computing through isolated *qubes*, (which are Virtual Machines). You can assign each *qube* a level of trust based on its purpose. Qubes OS provides security by using isolation. It only permits actions on a per-case basis and therefore is the opposite of [badness enumeration](https://ranum.com/security/computer_security/editorials/dumb).

 ## How does Qubes OS work?

-Qubes uses [compartmentalization](https://qubes-os.org/intro) to keep the system secure. Qubes are created from templates, the defaults being for Fedora, Debian and [Whonix](../../../tools/os/desktop/_index.md#whonix). Qubes OS also allows you to create once-use [disposable](https://qubes-os.org/doc/how-to-use-disposables) *qubes*.
+Qubes uses [compartmentalization](https://qubes-os.org/intro) to keep the system secure. Qubes are created from templates, the defaults being for Fedora, Debian and [Whonix](../../../tools/os/desktop/index.md#whonix). Qubes OS also allows you to create once-use [disposable](https://qubes-os.org/doc/how-to-use-disposables) *qubes*.

 <details class="note" markdown>
 <summary>The term <em>qubes</em> is gradually being updated to avoid referring to them as "virtual machines".</summary>
@@ -26,7 +26,7 @@ Each qube has a [colored border](https://qubes-os.org/screenshots) that can help

 ## Why Should I use Qubes?

-Qubes OS is useful if your [threat model](../../basics/threat-modeling/_index.md) requires strong security and isolation, such as if you think you'll be opening untrusted files from untrusted sources. A typical reason for using Qubes OS is to open documents from unknown sources, but the idea is that if a single qube is compromised it won't affect the rest of the system.
+Qubes OS is useful if your [threat model](../../basics/threat-modeling/index.md) requires strong security and isolation, such as if you think you'll be opening untrusted files from untrusted sources. A typical reason for using Qubes OS is to open documents from unknown sources, but the idea is that if a single qube is compromised it won't affect the rest of the system.

 Qubes OS utilizes [dom0](https://wiki.xenproject.org/wiki/Dom0) Xen VM for controlling other *qubes* on the host OS, all of which display individual application windows within dom0's desktop environment. There are many uses for this type of architecture. Here are some tasks you can perform. You can see just how much more secure these processes are made by incorporating multiple steps.

@@ -56,7 +56,7 @@ The [qrexec framework](https://qubes-os.org/doc/qrexec) is a core part of Qubes

 ## Connecting to Tor via a VPN

-We [recommend](../../advanced/tor-overview/_index.md) connecting to the Tor network via a [VPN](../../../tools/services/vpn/_index.md) provider, and luckily Qubes makes this easy to do with a combination of ProxyVMs and Whonix.
+We [recommend](../../advanced/tor-overview/index.md) connecting to the Tor network via a [VPN](../../../tools/services/vpn/index.md) provider, and luckily Qubes makes this easy to do with a combination of ProxyVMs and Whonix.

 After [creating a new ProxyVM](https://forum.qubes-os.org/t/configuring-a-proxyvm-vpn-gateway/19061) which connects to the VPN of your choice, you can chain your Whonix qubes to that ProxyVM **before** they connect to the Tor network, by setting the NetVM of your Whonix **Gateway** (`sys-whonix`) to the newly-created ProxyVM.

@@ -12,7 +12,7 @@ Unfortunately, this feature was added without too much thought about the privacy
 You can enhance your privacy and security on Windows without downloading any third-party tools with these guides:

 - Initial Installation (coming soon)
- [Group Policy Settings](./group-policies/_index.md)
+- [Group Policy Settings](./group-policies/index.md)
 - Privacy Settings (coming soon)
 - Application Sandboxing (coming soon)
 - Security Hardening (coming soon)