style: Add title card background color

2026-05-26 13:21:20 +00:00 · 2026-05-19 13:39:48 -05:00
parent 236b62ae02
commit c04418b10e
49 changed files with 630 additions and 3 deletions
@@ -264,6 +264,12 @@ html.light {
    mark {
      background-color: #ffff0080;
    }
+    .pg\:title-card {
+      background-color: var(--hx-color-gray-100);
+      .hextra-card {
+        background-color: var(--hx-color-gray-50);
+      }
+    }
  }
 }

@@ -280,6 +286,12 @@ html.dark {
      background-color: #4287ff4d;
      color: white;
    }
+    .pg\:title-card {
+      background-color: var(--hx-color-gray-800);
+      .hextra-card {
+        background-color: var(--hx-color-gray-900);
+      }
+    }
  }
 }

@@ -26,6 +26,8 @@ When it comes to anonymizing networks, we want to specially note that [Tor](../.

 ### Tor

+{{< title-card >}}
+
 The **Tor** network is a group of volunteer-operated servers that allows you to connect for free and improve your privacy and security on the Internet. Individuals and organizations can also share information over the Tor network with ".onion hidden services" without compromising their privacy. Because Tor traffic is difficult to block and trace, Tor is an effective [Censorship](../../../wiki/basics/common-threats/index.md#avoiding-censorship){ .pg-blue-gray } circumvention tool.

 {{< cards >}}
@@ -33,6 +35,8 @@ The **Tor** network is a group of volunteer-operated servers that allows you to
  {{< card link="https://tb-manual.torproject.org" title="Documentation" icon="document-text" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 The recommended way to access the Tor network is via the official Tor Browser, which we have covered in more detail on a dedicated page:

 [Tor Browser Info](../../software/tor/index.md)
@@ -48,6 +52,8 @@ You can access the Tor network using other tools; making this determination come

 #### Orbot

+{{< title-card >}}
+
 **Orbot** is a mobile application which routes traffic from any app on your device through the Tor network.

 {{< cards >}}
@@ -55,6 +61,8 @@ You can access the Tor network using other tools; making this determination come
  {{< card link="https://orbot.app/privacy-policy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=org.torproject.android)
 [{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/app/id1609461599)
 [{{< badge content="GitHub" >}}](https://github.com/guardianproject/orbot/releases)
@@ -74,6 +82,8 @@ Orbot can proxy individual apps if they support SOCKS or HTTP proxying. It can a

 #### Snowflake

+{{< title-card >}}
+
 **Snowflake** allows you to donate bandwidth to the Tor Project by operating a "Snowflake proxy" within your browser.

 People who are censored can use Snowflake proxies to connect to the Tor network. Snowflake is a great way to contribute to the network even if you don't have the technical know-how to run a Tor relay or bridge.
@@ -83,6 +93,8 @@ People who are censored can use Snowflake proxies to connect to the Tor network.
  {{< card link="https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/Technical%20Overview" title="Documentation" icon="document-text" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 You can enable Snowflake in your browser by opening it in another tab and turning the switch on. You can leave it running in the background while you browse to contribute your connection. We don't recommend installing Snowflake as a browser extension, because adding third-party extensions can increase your attack surface.

 [Run Snowflake in your Browser](https://snowflake.torproject.org/embed.html)
@@ -94,6 +106,8 @@ Running a Snowflake proxy is low-risk, even more so than running a Tor relay or

 ### I2P (The Invisible Internet Project)

+{{< title-card >}}
+
 **I2P** is a network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.

 {{< cards >}}
@@ -101,6 +115,8 @@ Running a Snowflake proxy is low-risk, even more so than running a Tor relay or
  {{< card link="https://geti2p.net/en/about/software" title="Documentation" icon="document-text" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=net.i2p.android)
 [{{< badge content="Android" >}}](https://geti2p.net/en/download#android)
 [{{< badge content="Windows" color="red" >}}](https://geti2p.net/en/download#windows)
@@ -66,6 +66,8 @@ These tools can trigger false-positives. If any of these tools finds indicators

 ### Mobile Verification Toolkit

+{{< title-card >}}
+
 **Mobile Verification Toolkit** (**MVT**) is a collection of utilities which simplifies and automates the process of scanning mobile devices for potential traces of targeting or infection by known spyware campaigns. MVT was developed by Amnesty International and released in 2021 in the context of the [Pegasus Project](https://forbiddenstories.org/about-the-pegasus-project).

 {{< cards >}}
@@ -73,6 +75,8 @@ These tools can trigger false-positives. If any of these tools finds indicators
  {{< card link="https://github.com/mvt-project/mvt" title="Source code" icon="code" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="macOS" color="indigo" >}}](https://docs.mvt.re/en/latest/install)
 [{{< badge content="Linux" color="yellow" >}}](https://docs.mvt.re/en/latest/install)

@@ -95,6 +99,8 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un

 ### iMazing (iOS)

+{{< title-card >}}
+
 **iMazing** provides a free spyware analyzer tool for iOS devices which acts as a GUI-wrapper for [MVT](#mobile-verification-toolkit). This can be much easier to run compared to MVT itself, which is a command-line tool designed for technologists and forensic investigators.

 {{< cards >}}
@@ -102,6 +108,8 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
  {{< card link="https://imazing.com/privacy-policy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Windows" color="red" >}}](https://imazing.com/download)
 [{{< badge content="macOS" color="indigo" >}}](https://imazing.com/download)

@@ -121,6 +129,8 @@ These are apps you can install which check your device and operating system for

 ### Auditor (Android)

+{{< title-card >}}
+
 **Auditor** is an app which leverages hardware security features to provide device integrity monitoring by actively validating the identity of a device and the integrity of its operating system. Currently, it only works with GrapheneOS or the stock operating system for [supported devices](https://attestation.app/about#device-support).

 {{< cards >}}
@@ -128,6 +138,8 @@ These are apps you can install which check your device and operating system for
  {{< card link="https://attestation.app/privacy-policy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
 [{{< badge content="GitHub" >}}](https://github.com/GrapheneOS/Auditor/releases)
 [{{< badge content="GrapheneOS App Store" >}}](https://github.com/GrapheneOS/Apps/releases)
@@ -47,6 +47,8 @@ A few more tips regarding Android devices and operating system compatibility:

 Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.

+{{< title-card >}}
+
 **Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.

 Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
@@ -56,6 +58,8 @@ Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of
  {{< card link="https://support.google.com/pixelphone" title="Documentation" icon="document-text" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 ### Hardware Security

 Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment (TEE) used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for *all* of those functions, resulting in a larger attack surface.
@@ -21,6 +21,8 @@ A physical **security key** adds a very strong layer of protection to your onlin

 ## Yubico Security Key

+{{< title-card >}}
+
 The **Yubico Security Key** series is the most cost-effective hardware security key with FIDO Level 2 certification[^1]. It supports FIDO2/WebAuthn and FIDO Universal 2nd Factor (U2F), and works out of the box with most services that support a security key as a second factor, as well as many password managers.

 {{< cards >}}
@@ -28,6 +30,8 @@ The **Yubico Security Key** series is the most cost-effective hardware security
  {{< card link="https://yubico.com/support/terms-conditions/privacy-notice" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 These keys are available in both USB-C and USB-A variants, and both options support NFC for use with a mobile device as well.

 This key provides only basic FIDO2 functionality, but for most people that is all you will need. Some notable features the Security Key series does **not** have include:
@@ -44,6 +48,8 @@ If you need any of those features, you should consider their higher-end [YubiKey

 ## YubiKey

+{{< title-card >}}
+
 The **YubiKey** series from Yubico are among the most popular security keys with FIDO Level 2 Certification[^1]. The **YubiKey 5 Series** has a wide range of features such as FIDO2/WebAuthn and FIDO U2F, [TOTP and HOTP](https://developers.yubico.com/OATH) authentication, [Personal Identity Verification (PIV)](https://developers.yubico.com/PIV), and [OpenPGP](https://developers.yubico.com/PGP).

 {{< cards >}}
@@ -51,6 +57,8 @@ The **YubiKey** series from Yubico are among the most popular security keys with
  {{< card link="https://yubico.com/support/terms-conditions/privacy-notice" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 The [comparison table](https://yubico.com/store/compare) shows how the YubiKeys compare to each other and to Yubico's [Security Key](#yubico-security-key) series in terms of features and other specifications. One of the benefits of the YubiKey series is that one key can do almost everything you could expect from a hardware security key. We encourage you to take their [quiz](https://yubico.com/quiz) before purchasing in order to make sure you choose the right security key.

 YubiKeys can be programmed using the [YubiKey Manager](https://yubico.com/support/download/yubikey-manager) or [YubiKey Personalization Tools](https://yubico.com/support/download/yubikey-personalization-tools). For managing TOTP codes, you can use the [Yubico Authenticator](https://yubico.com/products/yubico-authenticator). All of Yubico's clients are open source.
@@ -63,6 +71,8 @@ For models which [support HOTP and TOTP](https://support.yubico.com/hc/articles/

 ## Nitrokey

+{{< title-card >}}
+
 **Nitrokey** has a cost-effective security key capable of FIDO2/WebAuthn and FIDO U2F called the **Nitrokey Passkey**. For support for features such as PIV, OpenPGP, and TOTP and HOTP authentication, you need to purchase one of their other keys like the **Nitrokey 3**. Currently, only the **Nitrokey 3A Mini** has [FIDO Level 1 Certification](https://nitrokey.com/news/2024/nitrokey-3a-mini-receives-official-fido2-certification).

 {{< cards >}}
@@ -70,6 +80,8 @@ For models which [support HOTP and TOTP](https://support.yubico.com/hc/articles/
  {{< card link="https://nitrokey.com/data-privacy-policy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 The [comparison table](https://nitrokey.com/products/nitrokeys#:~:text=The%20Nitrokey%20Family) shows how the different Nitrokey models compare to each other in terms of features and other specifications. Refer to Nitrokey's [documentation](https://docs.nitrokey.com/nitrokeys/features) for more details about the features available on your Nitrokey.

 Nitrokey models can be configured using the [Nitrokey app](https://nitrokey.com/download).
@@ -25,6 +25,8 @@ We recommend installing GrapheneOS if you have a Google Pixel as it provides imp

 ## GrapheneOS

+{{< title-card >}}
+
 **GrapheneOS** is the best choice when it comes to privacy and security.

 GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_(computing)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
@@ -34,6 +36,8 @@ GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wik
  {{< card link="https://grapheneos.org/faq#privacy-policy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 GrapheneOS supports [sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs Google Play Services fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as push notifications, while giving you full control over their permissions and access, and while containing them to a specific [work profile](../_index.md#work-profile) or [user profile](../_index.md#user-profiles) of your choice.

 [Google Pixel phones](../../../hardware/mobile-phones/index.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). The Pixel 8 and later support ARM's Memory Tagging Extension (MTE), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. GrapheneOS greatly expands the coverage of MTE on supported devices. Whereas the stock OS only allows you to opt in to a limited implementation of MTE via a developer option or Google's Advanced Protection Program, GrapheneOS features a more robust implementation of MTE by default in the system kernel, default system components, and their Vanadium web browser and its WebView.
@@ -22,6 +22,8 @@ We recommend a wide variety of Android apps throughout this site. The apps liste

 If your device is on Android 15 or greater, we recommend using the native [Private Space](../_index.md#private-space) feature instead, which provides nearly the same functionality without needing to place trust in and grant powerful permissions to a third-party app.

+{{< title-card >}}
+
 **Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.

 Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
@@ -31,6 +33,8 @@ Shelter supports blocking contact search cross profiles and sharing files across
  {{< card link="https://patreon.com/PeterCxy" title="Contribute" icon="heart" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 > [!WARNING]
 > When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.

@@ -42,6 +46,8 @@ Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) a
 <small>Protects against the following threat(s):</small>
 [{{< badge content="Public Exposure" color="green" >}}](../../../../wiki/basics/common-threats/index.md#limiting-public-information)

+{{< title-card >}}
+
 **Secure Camera** is a camera app focused on privacy and security which can capture images, videos, and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.

 {{< cards >}}
@@ -49,6 +55,8 @@ Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) a
  {{< card link="https://grapheneos.org/usage#camera" title="Documentation" icon="document-text" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
 [{{< badge content="GitHub" >}}](https://github.com/GrapheneOS/Camera/releases)
 [{{< badge content="GrapheneOS App Store" >}}](https://github.com/GrapheneOS/Apps/releases)
@@ -70,6 +78,8 @@ Main privacy features include:
 <small>Protects against the following threat(s):</small>
 [{{< badge content="Targeted Attacks" color="red" >}}](../../../../wiki/basics/common-threats/index.md#attacks-against-specific-individuals)

+{{< title-card >}}
+
 **Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_(software_development)) [WebView](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.

 [Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
@@ -79,6 +89,8 @@ Main privacy features include:
  {{< card link="https://grapheneos.org/donate" title="Contribute" icon="heart" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
 [{{< badge content="GitHub" >}}](https://github.com/GrapheneOS/PdfViewer/releases)
 [{{< badge content="GrapheneOS App Store" >}}](https://github.com/GrapheneOS/Apps/releases)
@@ -18,6 +18,8 @@ There are many ways to obtain Android apps privately, even from the Play Store,

 ## Obtainium

+{{< title-card >}}
+
 **Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.

 {{< cards >}}
@@ -25,6 +27,8 @@ There are many ways to obtain Android apps privately, even from the Play Store,
  {{< card link="https://github.com/ImranR98/Obtainium/wiki" title="Documentation" icon="document-text" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="GitHub" >}}](https://github.com/ImranR98/Obtainium/releases)

 Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious *update* is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
@@ -37,6 +41,8 @@ GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Ap

 The Google Play Store requires a Google account to log in, which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.

+{{< title-card >}}
+
 **Aurora Store** is a Google Play Store client which does not require a Google account, Google Play Services, or microG to download apps.

 {{< cards >}}
@@ -44,6 +50,8 @@ The Google Play Store requires a Google account to log in, which is not great fo
  {{< card link="https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="GitLab" >}}](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)

 Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
@@ -31,6 +31,8 @@ Linux distributions are commonly recommended for privacy protection and software

 ### Fedora Linux

+{{< title-card >}}
+
 **Fedora Linux** is our recommended desktop distribution for people new to Linux. Fedora generally adopts newer technologies (e.g., [Wayland](https://wayland.freedesktop.org) and [PipeWire](https://pipewire.org)) before other distributions. These new technologies often come with improvements in security, privacy, and usability in general.

 {{< cards >}}
@@ -38,12 +40,16 @@ Linux distributions are commonly recommended for privacy protection and software
  {{< card link="https://docs.fedoraproject.org/en-US/docs" title="Documentation" icon="document-text" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 Fedora comes in two primary desktop editions, [Fedora Workstation](https://fedoraproject.org/workstation), which uses the GNOME desktop environment, and [Fedora KDE Plasma Desktop](https://fedoraproject.org/kde), which uses KDE. Historically, Fedora Workstation has been more popular and widely recommended, but KDE has been gaining in popularity and provides an experience more similar to Windows, which may make transitioning to Linux easier for some. The security and privacy benefits of both editions are very similar, so it mostly comes down to personal preference.

 Fedora has a semi-rolling release cycle. While some packages like the desktop environment are frozen until the next Fedora release, most packages (including the kernel) are updated frequently throughout the lifespan of the release. Each Fedora release is supported for one year, with a new version released every 6 months.

 ### openSUSE Tumbleweed

+{{< title-card >}}
+
 **openSUSE Tumbleweed** is a stable rolling release distribution.

 openSUSE Tumbleweed uses [Btrfs](https://en.wikipedia.org/wiki/Btrfs) and [Snapper](https://en.opensuse.org/openSUSE:Snapper_Tutorial) to ensure that snapshots can be rolled back should there be a problem.
@@ -53,12 +59,16 @@ openSUSE Tumbleweed uses [Btrfs](https://en.wikipedia.org/wiki/Btrfs) and [Snapp
  {{< card link="https://doc.opensuse.org" title="Documentation" icon="document-text" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 As with the recommendation to avoid X11 in our [criteria](#criteria) for Linux distributions, we recommend avoiding desktop environments that support only the legacy X11 window system (for example, Xfce). Currently, KDE Plasma defaults to X11, but Wayland is supported.

 Tumbleweed follows a rolling release model where each update is released as a snapshot of the distribution. When you upgrade your system, a new snapshot is downloaded. Each snapshot is run through a series of automated tests by [openQA](https://openqa.opensuse.org) to ensure its quality.

 ### Arch Linux

+{{< title-card >}}
+
 **Arch Linux** is a lightweight, do-it-yourself (DIY) distribution, meaning that you only get what you install. For more information see their [FAQ](https://wiki.archlinux.org/title/Frequently_asked_questions).

 {{< cards >}}
@@ -66,6 +76,8 @@ Tumbleweed follows a rolling release model where each update is released as a sn
  {{< card link="https://wiki.archlinux.org" title="Documentation" icon="document-text" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 Arch Linux has a rolling release cycle. There is no fixed release schedule and packages are updated very frequently.

 Being a DIY distribution, you are [expected to set up and maintain](../../../wiki/os/linux/index.md#arch-based-distributions) your system on your own. Arch has an [official installer](https://wiki.archlinux.org/title/Archinstall) to make the installation process a little easier.
@@ -78,6 +90,8 @@ A large portion of [Arch Linux’s packages](https://reproducible.archlinux.org)

 ### Fedora Atomic Desktops

+{{< title-card >}}
+
 **Fedora Atomic Desktops** are variants of Fedora which use the `rpm-ostree` package manager and have a strong focus on containerized workflows and Flatpak for desktop applications. All of these variants follow the same release schedule as Fedora Workstation, benefiting from the same fast updates and staying very close to upstream.

 {{< cards >}}
@@ -85,6 +99,8 @@ A large portion of [Arch Linux’s packages](https://reproducible.archlinux.org)
  {{< card link="https://docs.fedoraproject.org/en-US/emerging" title="Documentation" icon="document-text" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [Fedora Atomic Desktops](https://fedoramagazine.org/introducing-fedora-atomic-desktops) come in a variety of flavors depending on the desktop environment you prefer. As with the recommendation to avoid X11 in our [criteria](#criteria) for Linux distributions, we recommend avoiding flavors that support only the legacy X11 window system.

 These operating systems differ from Fedora Workstation as they replace the [DNF](https://docs.fedoraproject.org/en-US/quick-docs/dnf) package manager with a much more advanced alternative called [`rpm-ostree`](https://coreos.github.io/rpm-ostree). The `rpm-ostree` package manager works by downloading a base image for the system, then overlaying packages over it in a [git](https://en.wikipedia.org/wiki/Git)-like commit tree. When the system is updated, a new base image is downloaded and the overlays will be applied to that new image.
@@ -97,6 +113,8 @@ As an alternative to Flatpaks, there is the option of [Toolbx](https://docs.fedo

 ### NixOS

+{{< title-card >}}
+
 **NixOS** is an independent distribution based on the Nix package manager with a focus on reproducibility and reliability.

 {{< cards >}}
@@ -104,6 +122,8 @@ As an alternative to Flatpaks, there is the option of [Toolbx](https://docs.fedo
  {{< card link="https://nixos.org/learn.html" title="Documentation" icon="document-text" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 NixOS’s package manager keeps every version of every package in a different folder in the **Nix store**. Due to this you can have different versions of the same package installed on your system. After the package contents have been written to the folder, the folder is made read-only.

 NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot, or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
@@ -118,6 +138,8 @@ Nix is a source-based package manager; if there’s no pre-built available in th

 ### Whonix

+{{< title-card >}}
+
 **Whonix** is based on [Kicksecure](#kicksecure), a security-focused fork of Debian. It aims to provide privacy, security, and [anonymity](../../../wiki/basics/common-threats/index.md#anonymity-vs-privacy) on the internet. Whonix is best used in conjunction with [Qubes OS](#qubes-os).

 {{< cards >}}
@@ -125,6 +147,8 @@ Nix is a source-based package manager; if there’s no pre-built available in th
  {{< card link="https://whonix.org/wiki/Documentation" title="Documentation" icon="document-text" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 Whonix is meant to run as two virtual machines: a “Workstation” and a Tor “Gateway.” All communications from the Workstation must go through the Tor gateway. This means that even if the Workstation is compromised by malware of some kind, the true IP address remains hidden.

 Some of its features include Tor Stream Isolation, [keystroke anonymization](https://whonix.org/wiki/Keystroke_Deanonymization#Kloak), [encrypted swap](https://github.com/Whonix/swap-file-creator), and a hardened memory allocator. Future versions of Whonix will likely include [full system AppArmor policies](https://github.com/roddhjav/apparmor.d) and a [sandboxed app launcher](https://whonix.org/wiki/Sandbox-app-launcher) to fully confine all processes on the system.
@@ -133,6 +157,8 @@ Whonix is best used [in conjunction with Qubes](https://whonix.org/wiki/Qubes/Wh

 ### Tails

+{{< title-card >}}
+
 **Tails** is a live operating system based on Debian that routes all communications through Tor, which can boot on on almost any computer from a DVD, USB stick, or SD card installation. It uses [Tor](../../software/tor/index.md) to preserve privacy and [anonymity](../../../wiki/basics/common-threats/index.md#anonymity-vs-privacy) while circumventing censorship, and it leaves no trace of itself on the computer it is used on after it is powered off.

 {{< cards >}}
@@ -140,6 +166,8 @@ Whonix is best used [in conjunction with Qubes](https://whonix.org/wiki/Qubes/Wh
  {{< card link="https://tails.net/doc/index.en.html" title="Documentation" icon="document-text" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 > [!WARNING]
 > Tails [doesn't erase](https://gitlab.tails.boum.org/tails/tails/-/issues/5356) the [video memory](https://en.wikipedia.org/wiki/Dual-ported_video_RAM) when shutting down. When you restart your computer after using Tails, it might briefly display the last screen that was displayed in Tails. If you shut down your computer instead of restarting it, the video memory will erase itself automatically after being unpowered for some time.

@@ -156,6 +184,8 @@ By design, Tails is meant to completely reset itself after each reboot. Encrypte

 ### Qubes OS

+{{< title-card >}}
+
 **Qubes OS** is an open-source operating system designed to provide strong security for desktop computing through secure virtual machines (or "qubes"). Qubes is based on Xen, the X Window System, and Linux. It can run most Linux applications and use most of the Linux drivers.

 {{< cards >}}
@@ -163,12 +193,16 @@ By design, Tails is meant to completely reset itself after each reboot. Encrypte
  {{< card link="https://qubes-os.org/privacy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 Qubes OS secures the computer by isolating subsystems (e.g., networking, USB, etc.) and applications in separate *qubes*. Should one part of the system be compromised via an exploit in a [targeted attack](../../../wiki/basics/common-threats/index.md#attacks-against-specific-individuals), the extra isolation is likely to protect the rest of the *qubes* and the core system.

 For further information about how Qubes works, read our full [Qubes OS overview](../../../wiki/os/qubes/index.md) page.

 ### Secureblue

+{{< title-card >}}
+
 **Secureblue** is a security-focused operating system based on [Fedora Atomic Desktops](#fedora-atomic-desktops). It includes a number of [security features](https://secureblue.dev/features) intended to proactively defend against the exploitation of both known and unknown vulnerabilities, and ships with [Trivalent](https://github.com/secureblue/Trivalent), their hardened, Chromium-based web browser.

 {{< cards >}}
@@ -176,6 +210,8 @@ For further information about how Qubes works, read our full [Qubes OS overview]
  {{< card link="https://secureblue.dev/install" title="Documentation" icon="document-text" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 **Trivalent** is Secureblue's hardened Chromium for desktop Linux inspired by [GrapheneOS](../android/distributions/index.md#grapheneos)'s Vanadium browser.

 Secureblue also provides GrapheneOS's [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc) and enables it globally (including for Flatpaks).
@@ -184,6 +220,8 @@ Secureblue also provides GrapheneOS's [hardened memory allocator](https://github

 While we [recommend against](../../../wiki/os/linux/index.md#release-cycle) "perpetually outdated" distributions like Debian for desktop use in most cases, Kicksecure is a Debian-based operating system which has been hardened to be much more than a typical Linux install.

+{{< title-card >}}
+
 **Kicksecure**—in oversimplified terms—is a set of scripts, configurations, and packages that substantially reduce the attack surface of Debian. It covers a lot of privacy and hardening recommendations by default. It also serves as the base OS for [Whonix](#whonix).

 {{< cards >}}
@@ -191,6 +229,8 @@ While we [recommend against](../../../wiki/os/linux/index.md#release-cycle) "per
  {{< card link="https://kicksecure.com/wiki/Privacy_Policy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 ## Criteria

 Choosing a Linux distro that is right for you will come down to a huge variety of personal preferences, and this page is **not** meant to be an exhaustive list of every viable distribution. Our Linux overview page has some advice on [choosing a distro](../../../wiki/os/linux/index.md#choosing-your-distribution) in more detail. The distros on *this* page do all generally follow the guidelines we covered there, and all meet these standards:
@@ -20,6 +20,8 @@ Below are a few alternative operating systems that can be used on routers, Wi-Fi

 ## OpenWrt

+{{< title-card >}}
+
 **OpenWrt** is a Linux-based operating system; it's primarily used on embedded devices to route network traffic. It includes util-linux, uClibc, and BusyBox. All the components have been optimized for home routers.

 {{< cards >}}
@@ -27,10 +29,14 @@ Below are a few alternative operating systems that can be used on routers, Wi-Fi
  {{< card link="https://openwrt.org/docs/start" title="Documentation" icon="document-text" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 You can consult OpenWrt's [table of hardware](https://openwrt.org/toh/start) to check if your device is supported.

 ## OPNsense

+{{< title-card >}}
+
 **OPNsense** is an open-source, FreeBSD-based firewall and routing platform which incorporates many advanced features such as traffic shaping, load balancing, and VPN capabilities, with many more features available in the form of plugins. OPNsense is commonly deployed as a perimeter firewall, router, wireless access point, DHCP server, DNS server, and VPN endpoint.

 {{< cards >}}
@@ -38,6 +44,8 @@ You can consult OpenWrt's [table of hardware](https://openwrt.org/toh/start) to
  {{< card link="https://docs.opnsense.org/index.html" title="Documentation" icon="document-text" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 OPNsense was originally developed as a fork of [pfSense](https://en.wikipedia.org/wiki/PfSense), and both projects are noted for being free and reliable firewall distributions which offer features often only found in expensive commercial firewalls. Launched in 2015, the developers of OPNsense [cited](https://docs.opnsense.org/history/thefork.html) a number of security and code-quality issues with pfSense which they felt necessitated a fork of the project, as well as concerns about Netgate's majority acquisition of pfSense and the future direction of the pfSense project.

 ## Criteria
@@ -21,6 +21,8 @@ aliases:

 ## Pi-hole

+{{< title-card >}}
+
 **Pi-hole** is an open-source DNS sinkhole which features a friendly web interface to view insights and manage blocked content. Pi-hole is designed to be hosted on a Raspberry Pi, but it is not limited to such hardware.

 {{< cards >}}
@@ -28,11 +30,17 @@ aliases:
  {{< card link="https://pi-hole.net/privacy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 ## AdGuard Home

+{{< title-card >}}
+
 **AdGuard Home** is an open-source DNS sinkhole which features a polished web interface to view insights and manage blocked content.

 {{< cards >}}
  {{< card link="https://adguard.com/adguard-home/overview.html" title="Homepage" icon="home" >}}
  {{< card link="https://adguard.com/privacy/home.html" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}
+
+{{< /title-card >}}
@@ -23,6 +23,8 @@ Advanced system administrators may consider setting up their own **email server*

 ## Stalwart

+{{< title-card >}}
+
 **Stalwart** is a newer mail server written in Rust which supports JMAP in addition to the standard IMAP, POP3, and SMTP. It has a wide variety of configuration options, but also defaults to very reasonable settings in terms of both security and features, making it easy to use immediately. It has web-based administration with TOTP 2FA support and allows you to enter your public PGP key to encrypt **all** incoming messages.

 {{< cards >}}
@@ -30,6 +32,8 @@ Advanced system administrators may consider setting up their own **email server*
  {{< card link="https://stalw.art/docs/get-started" title="Documentation" icon="document-text" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with encrypted message storage, lessening the risk of unauthorized access to your emails. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../../services/email/index.md#proton-mail) users.

 Stalwart does **not** have an integrated webmail, so you will need to use it with a [dedicated email client](../../software/email-clients/index.md) or find an open-source webmail to self-host, like Nextcloud's Mail app.
@@ -38,6 +42,8 @@ We use Stalwart for our own internal email at *Privacy Guides*.

 ## Mailcow

+{{< title-card >}}
+
 **Mailcow** is an advanced mail server perfect for those with Linux experience. It has everything you need in a Docker container: a mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support.

 {{< cards >}}
@@ -45,11 +51,17 @@ We use Stalwart for our own internal email at *Privacy Guides*.
  {{< card link="https://docs.mailcow.email" title="Documentation" icon="document-text" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 ## Mail-in-a-Box

+{{< title-card >}}
+
 **Mail-in-a-Box** is an automated setup script for deploying a mail server on Ubuntu. Its goal is to make it easier for people to set up their own mail server.

 {{< cards >}}
  {{< card link="https://mailinabox.email" title="Homepage" icon="home" >}}
  {{< card link="https://mailinabox.email/guide.html" title="Documentation" icon="document-text" >}}
 {{< /cards >}}
+
+{{< /title-card >}}
@@ -22,6 +22,8 @@ Self-hosting your own **file management** tools may be a good idea to reduce the

 ### PhotoPrism

+{{< title-card >}}
+
 **PhotoPrism** is a platform for managing photos. It supports album syncing and sharing as well as a variety of other [features](https://photoprism.app/features). It does not include end-to-end encryption, so it's best hosted on a server that you trust and is under your control.

 {{< cards >}}
@@ -29,10 +31,14 @@ Self-hosting your own **file management** tools may be a good idea to reduce the
  {{< card link="https://photoprism.app/privacy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 ## File Sharing and Sync

 ### FreedomBox

+{{< title-card >}}
+
 **FreedomBox** is an operating system designed to be run on a [single-board computer (SBC)](https://en.wikipedia.org/wiki/Single-board_computer). The purpose is to make it easy to set up server applications for use cases like sharing files.

 {{< cards >}}
@@ -40,8 +46,12 @@ Self-hosting your own **file management** tools may be a good idea to reduce the
  {{< card link="https://wiki.debian.org/FreedomBox/Manual" title="Documentation" icon="document-text" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 ### Nextcloud

+{{< title-card >}}
+
 **Nextcloud** is a suite of free and open-source client-server software for creating your own file hosting services on a private server you control.

 {{< cards >}}
@@ -49,6 +59,8 @@ Self-hosting your own **file management** tools may be a good idea to reduce the
  {{< card link="https://nextcloud.com/privacy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=com.nextcloud.client)
 [{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/app/id1125420102)
 [{{< badge content="GitHub" >}}](https://github.com/nextcloud/android/releases)
@@ -4,9 +4,13 @@ title: Password Sync

 ## Vaultwarden

-Vaultwarden is an alternative implementation of Bitwarden’s sync server written in Rust and compatible with official Bitwarden clients, perfect for self-hosted deployment where running the resource-heavy, official service might not be ideal.
+{{< title-card >}}
+
+**Vaultwarden** is an alternative implementation of Bitwarden’s sync server written in Rust and compatible with official Bitwarden clients, perfect for self-hosted deployment where running the resource-heavy, official service might not be ideal.

 {{< cards >}}
  {{< card link="https://github.com/dani-garcia/vaultwarden#readme" title="Repository" icon="code" >}}
  {{< card link="https://github.com/dani-garcia/vaultwarden/wiki" title="Documentation" icon="document-text" >}}
 {{< /cards >}}
+
+{{< /title-card >}}
@@ -22,6 +22,8 @@ aliases:

 ## Tuta

+{{< title-card >}}
+
 **Tuta** offers a free and encrypted calendar across their supported platforms. Features include automatic E2EE of all data, sharing features, import/export functionality, multifactor authentication, and [more](https://tuta.com/calendar-app-comparison).

 Multiple calendars and extended sharing functionality are limited to paid subscribers.
@@ -31,6 +33,8 @@ Multiple calendars and extended sharing functionality are limited to paid subscr
  {{< card link="https://tuta.com/privacy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Linux" color="yellow" >}}](https://tuta.com/blog/desktop-clients)
 [{{< badge content="macOS" color="indigo" >}}](https://tuta.com/blog/desktop-clients)
 [{{< badge content="Windows" color="red" >}}](https://tuta.com/blog/desktop-clients)
@@ -42,6 +46,8 @@ Multiple calendars and extended sharing functionality are limited to paid subscr

 ## Proton Calendar

+{{< title-card >}}
+
 **Proton Calendar** is an encrypted calendar service available to Proton members via its web or mobile clients. Features include automatic E2EE of all data, sharing features, import/export functionality, and [more](https://proton.me/support/proton-calendar-guide).

 Those on the free tier have access to 3 calendars, whereas paid subscribers can create up to 25 calendars. Extended sharing functionality is also limited to paid subscribers.
@@ -51,6 +57,8 @@ Those on the free tier have access to 3 calendars, whereas paid subscribers can
  {{< card link="https://proton.me/calendar/privacy-policy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=me.proton.android.calendar)
 [{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/app/id1514709943)
 [{{< badge content="Web" >}}](https://calendar.proton.me)
@@ -26,6 +26,8 @@ If these alternatives do not fit your needs, we suggest you look into using encr

 ## Proton Drive

+{{< title-card >}}
+
 **Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](../email/index.md#proton-mail).

 The initial free storage is limited to 2 GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5 GB.
@@ -35,6 +37,8 @@ The initial free storage is limited to 2 GB, but with the completion of [certai
  {{< card link="https://proton.me/drive/privacy-policy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="macOS" color="indigo" >}}](https://proton.me/drive/download)
 [{{< badge content="Windows" color="red" >}}](https://proton.me/drive/download)
 [{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=me.proton.android.drive)
@@ -44,6 +48,8 @@ The Proton Drive web application has been independently audited by Securitum in

 ## Tresorit

+{{< title-card >}}
+
 **Tresorit** is a Swiss-Hungarian encrypted cloud storage provider founded in 2011. Tresorit is owned by the Swiss Post, the national postal service of Switzerland.

 {{< cards >}}
@@ -51,6 +57,8 @@ The Proton Drive web application has been independently audited by Securitum in
  {{< card link="https://tresorit.com/legal/privacy-policy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Linux" color="yellow" >}}](https://tresorit.com/download)
 [{{< badge content="macOS" color="indigo" >}}](https://tresorit.com/download)
 [{{< badge content="Windows" color="red" >}}](https://tresorit.com/download)
@@ -74,6 +82,8 @@ They have also received the Digital Trust Label, a certification from the [Swiss

 ## Peergos

+{{< title-card >}}
+
 **Peergos** is a decentralized protocol and open-source platform for storage, social media, and applications. It provides a secure and private space where users can store, share, view, and edit their photos, videos, documents, etc.

 Peergos secures your files with quantum-resistant E2EE and ensures all data about your files remains private. It is also [self-hostable](https://book.peergos.org/features/self).
@@ -83,6 +93,8 @@ Peergos secures your files with quantum-resistant E2EE and ensures all data abou
  {{< card link="https://peergos.net/privacy.html" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Linux" color="yellow" >}}](https://peergos.org/download#linux)
 [{{< badge content="macOS" color="indigo" >}}](https://peergos.org/download#macos)
 [{{< badge content="Windows" color="red" >}}](https://peergos.org/download#windows)
@@ -63,6 +63,8 @@ If you don't use an automatic scanner to find results about you, consider settin

 ## EasyOptOuts <small>Paid</small>

+{{< title-card >}}
+
 **EasyOptOuts** is a $20/year service which will search a number of different data broker sites and automatically submit opt-out requests on your behalf. They will perform the first search and removal process immediately, and then re-run the process every 4 months in case your data shows up on new sites over time.

 {{< cards >}}
@@ -70,6 +72,8 @@ If you don't use an automatic scanner to find results about you, consider settin
  {{< card link="https://easyoptouts.com/privacy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 Some websites supported by EasyOptOuts are publicly searchable. In those cases EasyOptOuts will perform a search and only submit an opt-out request if your personal data is already found, to prevent sending your data in an opt-out request to sites that didn't have it already. However, they do support some sites which are not publicly searchable, and in those cases your data will be sent to them in an opt-out request regardless, in case you are in their private databases.

 Our [testing](https://www.privacyguides.org/articles/2025/02/03/easyoptouts-review) indicates that EasyOptOuts provides the best value out of any data removal service we've tested, with a very affordable price and high effectiveness. Independent [findings from Consumer Reports](https://discuss.privacyguides.net/t/consumer-reports-evaluating-people-search-site-removal-services/19948) also indicate that EasyOptOuts is one of the top performing data removal services.
@@ -87,6 +91,8 @@ Our [testing](https://www.privacyguides.org/articles/2025/02/03/easyoptouts-revi
 > 
 > While Google is not a data broker themselves *per se*, as they don't sell or share your data with outside parties, some may find this relationship unacceptable. You should always decide whether the benefits of this tool outweigh the drawbacks for your individual situation.

+{{< title-card >}}
+
 **Results about you** is a free tool which helps you discover whether your personal contact information, including your home address, phone number, and email address, appears in Google search results. If any personal information is found, you can request its removal.

 {{< cards >}}
@@ -94,6 +100,8 @@ Our [testing](https://www.privacyguides.org/articles/2025/02/03/easyoptouts-revi
  {{< card link="https://policies.google.com/privacy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 Google publishes [help documentation](https://support.google.com/websearch/answer/12719076) for this tool.

 In many cases, a Google search is the first place a potential stalker or abuser would look to find your personal information, which could make using it a worthwhile trade-off. However, this tool does not remove your information from the discovered websites themselves, only their listings on Google. You should still consider manually opting out from the results which are discovered, or using another service which automatically opts you out from those sites directly.
@@ -62,6 +62,8 @@ These DNS filtering solutions offer a web dashboard where you can customize the

 ### Control D

+{{< title-card >}}
+
 **Control D** is a customizable DNS service which lets you block security threats, unwanted content, and advertisements on a DNS level.

 In addition to their paid plans, they offer a number of preconfigured DNS resolvers you can use for free.
@@ -71,6 +73,8 @@ In addition to their paid plans, they offer a number of preconfigured DNS resolv
  {{< card link="https://controld.com/privacy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Linux" color="yellow" >}}](https://docs.controld.com/docs/ctrld)
 [{{< badge content="macOS" color="indigo" >}}](https://docs.controld.com/docs/gui-setup-utility)
 [{{< badge content="Windows" color="red" >}}](https://docs.controld.com/docs/gui-setup-utility)
@@ -80,6 +84,8 @@ In addition to their paid plans, they offer a number of preconfigured DNS resolv

 ### NextDNS

+{{< title-card >}}
+
 **NextDNS** is a customizable DNS service which lets you block security threats, unwanted content, and advertisements on a DNS level.

 They offer a fully functional free plan for limited use.
@@ -89,6 +95,8 @@ They offer a fully functional free plan for limited use.
  {{< card link="https://nextdns.io/privacy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Linux" color="yellow" >}}](https://github.com/nextdns/nextdns/wiki)
 [{{< badge content="macOS" color="indigo" >}}](https://apps.apple.com/us/app/nextdns/id1464122853)
 [{{< badge content="Windows" color="red" >}}](https://github.com/nextdns/nextdns/wiki/Windows)
@@ -107,6 +115,8 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](..

 ### RethinkDNS

+{{< title-card >}}
+
 **RethinkDNS** is an open-source Android client that supports [DoH](../../../wiki/advanced/dns-overview/index.md#dns-over-https-doh), [DoT](../../../wiki/advanced/dns-overview/index.md#dns-over-tls-dot), [DNSCrypt](../../../wiki/advanced/dns-overview/index.md#dnscrypt) and DNS Proxy. It also provides additional functionality such as caching DNS responses, locally logging DNS queries, and using the app as a firewall.

 {{< cards >}}
@@ -114,6 +124,8 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](..
  {{< card link="https://rethinkdns.com/privacy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=com.celzero.bravedns)
 [{{< badge content="GitHub" >}}](https://github.com/celzero/rethink-app/releases)

@@ -121,6 +133,8 @@ While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot

 ### DNSCrypt-Proxy

+{{< title-card >}}
+
 **DNSCrypt-Proxy** is a DNS proxy with support for [DNSCrypt](../../../wiki/advanced/dns-overview/index.md#dnscrypt), [DoH](../../../wiki/advanced/dns-overview/index.md#dns-over-https-doh), and [Anonymized DNS](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Anonymized-DNS).

 {{< cards >}}
@@ -128,6 +142,8 @@ While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot
  {{< card link="https://github.com/DNSCrypt/dnscrypt-proxy/wiki" title="Documentation" icon="document-text" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Linux" color="yellow" >}}](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-linux)
 [{{< badge content="macOS" color="indigo" >}}](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-macOS)
 [{{< badge content="Windows" color="red" >}}](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-Windows)
@@ -52,6 +52,8 @@ Using an aliasing service requires trusting both your email provider and your al

 ### Addy.io

+{{< title-card >}}
+
 **Addy.io** lets you create 10 domain aliases on a shared domain for free, or unlimited ["standard" aliases](https://addy.io/faq/#what-is-a-standard-alias).

 {{< cards >}}
@@ -59,6 +61,8 @@ Using an aliasing service requires trusting both your email provider and your al
  {{< card link="https://addy.io/privacy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Google Play" color="green" >}}](https://addy.io/faq/#is-there-an-android-app)
 [{{< badge content="App Store" color="blue" >}}](https://addy.io/faq/#is-there-an-ios-app)
 [{{< badge content="Chrome" >}}](https://chrome.google.com/webstore/detail/iadbdpnoknmbdeolbapdackdcogdmjpe)
@@ -82,6 +86,8 @@ If you cancel your subscription, you will still enjoy the features of your paid

 ### SimpleLogin

+{{< title-card >}}
+
 **SimpleLogin** is a free service which provides email aliases on a variety of shared domain names, and optionally provides paid features like unlimited aliases and custom domains.

 {{< cards >}}
@@ -89,6 +95,8 @@ If you cancel your subscription, you will still enjoy the features of your paid
  {{< card link="https://simplelogin.io/privacy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=io.simplelogin.android)
 [{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/app/id1494359858)
 [{{< badge content="Chrome" >}}](https://chrome.google.com/webstore/detail/dphilobhebphkdjbpfohgikllaljmgbn)
@@ -54,6 +54,8 @@ These providers natively support OpenPGP encryption/decryption and the [Web Key

 ### Proton Mail

+{{< title-card >}}
+
 **Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland.

 The Proton Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
@@ -63,6 +65,8 @@ The Proton Free plan comes with 500 MB of Mail storage, which you can increase u
  {{< card link="https://proton.me/mail/privacy-policy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Linux" color="yellow" >}}](https://proton.me/mail/bridge#download)
 [{{< badge content="macOS" color="indigo" >}}](https://proton.me/mail/bridge#download)
 [{{< badge content="Windows" color="red" >}}](https://proton.me/mail/bridge#download)
@@ -125,6 +129,8 @@ Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimite

 ### Mailbox Mail

+{{< title-card >}}
+
 **Mailbox Mail** (formerly *Mailbox.org*) is an email service with a focus on being secure, ad-free, and powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox Mail is based in Berlin, Germany.

 Accounts start with up to 2 GB storage, which can be upgraded as needed.
@@ -134,6 +140,8 @@ Accounts start with up to 2 GB storage, which can be upgraded as needed.
  {{< card link="https://mailbox.org/en/data-protection-privacy-policy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Web" >}}](https://login.mailbox.org)

 #### Custom Domains and Aliases
@@ -184,6 +192,8 @@ These providers encrypt your emails in a way that only you can read them later,

 ### Tuta

+{{< title-card >}}
+
 **Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany.

 Free accounts start with 1 GB of storage.
@@ -193,6 +203,8 @@ Free accounts start with 1 GB of storage.
  {{< card link="https://tuta.com/privacy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Linux" color="yellow" >}}](https://tuta.com/#download)
 [{{< badge content="macOS" color="indigo" >}}](https://tuta.com/#download)
 [{{< badge content="Windows" color="red" >}}](https://tuta.com/#download)
@@ -31,6 +31,8 @@ There are a number of services which provide "virtual debit cards" which you can

 ### Privacy.com (US)

+{{< title-card >}}
+
 **Privacy.com**'s free plan allows you to create up to 12 virtual cards per month, set spend limits on those cards, and shut off cards instantly. Their paid plans provide higher limits on the number of cards that can be created each month.

 {{< cards >}}
@@ -38,10 +40,14 @@ There are a number of services which provide "virtual debit cards" which you can
  {{< card link="https://privacy.com/privacy-policy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 Privacy.com gives information about the merchants you purchase from to your bank by [default](https://support.privacy.com/hc/en-us/articles/360012407533-What-will-I-see-on-my-bank-statement-when-I-make-a-purchase-with-Privacy). Their "[private spend mode](https://support.privacy.com/hc/en-us/articles/26732314558487-What-is-Private-Spend-Mode)" feature hides merchant information from your bank, so your bank only sees that a purchase was made with Privacy.com, but not where that money was spent. However, that is not foolproof, and of course, Privacy.com still has knowledge about the merchants you are spending money with.

 ### MySudo (US, Paid)

+{{< title-card >}}
+
 **MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](../email-aliasing/index.md) for extensive email aliasing use.

 {{< cards >}}
@@ -49,6 +55,8 @@ Privacy.com gives information about the merchants you purchase from to your bank
  {{< card link="https://anonyome.com/privacy-policy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 MySudo's virtual cards are currently only available via their iOS app.

 ### Criteria
@@ -73,6 +81,8 @@ These services allow you to purchase gift cards for a variety of merchants onlin

 ### Coincards

+{{< title-card >}}
+
 **Coincards** allows you to purchase gift cards for a large variety of merchants. Their homepage has a complete listing of the various countries where their service is available.

 {{< cards >}}
@@ -80,6 +90,8 @@ These services allow you to purchase gift cards for a variety of merchants onlin
  {{< card link="https://coincards.com/privacy-policy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 ### Criteria

 **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../../../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
@@ -26,6 +26,8 @@ These recommendations for encrypted **real-time communication** are great for se

 ## Signal

+{{< title-card >}}
+
 **Signal** is a mobile app developed by Signal Messenger LLC. The app provides instant messaging and calls secured with the Signal protocol, an extremely secure encryption protocol which supports forward secrecy[^1] and post-compromise security.[^2]

 {{< cards >}}
@@ -33,6 +35,8 @@ These recommendations for encrypted **real-time communication** are great for se
  {{< card link="https://signal.org/legal/#privacy-policy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Linux" color="yellow" >}}](https://signal.org/download/linux)
 [{{< badge content="macOS" color="indigo" >}}](https://signal.org/download/macos)
 [{{< badge content="Windows" color="red" >}}](https://signal.org/download/windows)
@@ -65,6 +69,8 @@ The protocol was independently [audited](https://eprint.iacr.org/2016/1013.pdf)

 If you use Android and your threat model requires protecting against [Targeted Attacks](../../../wiki/basics/common-threats/index.md#attacks-against-specific-individuals){ .pg-red } you may consider using this alternative app, which features a number of security and usability improvements, to access the Signal network.

+{{< title-card >}}
+
 **Molly** is an alternative Signal client for Android which allows you to encrypt the local database with a passphrase at rest, to have unused RAM data securely shredded, to route your connection via Tor, and [more](https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening#privacy-and-security-features). It also has usability improvements including scheduled backups, automatic locking, and the ability to use your Android phone as a linked device instead of the primary device for a Signal account.

 {{< cards >}}
@@ -72,6 +78,8 @@ If you use Android and your threat model requires protecting against [Targeted A
  {{< card link="https://signal.org/legal/#privacy-policy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Accrescent" >}}](https://accrescent.app/app/im.molly.app)
 [{{< badge content="F-Droid" >}}](https://molly.im/fdroid)
 [{{< badge content="GitHub" >}}](https://github.com/mollyim/mollyim-android/releases)
@@ -86,6 +94,8 @@ Both versions of Molly provide the same security improvements and support [repro

 ## SimpleX Chat

+{{< title-card >}}
+
 **SimpleX Chat** is an instant messenger that doesn't depend on any unique identifiers such as phone numbers or usernames. Its decentralized network makes SimpleX Chat an effective tool against [Censorship](../../../wiki/basics/common-threats/index.md#avoiding-censorship){ .pg-blue-gray }.

 {{< cards >}}
@@ -93,6 +103,8 @@ Both versions of Molly provide the same security improvements and support [repro
  {{< card link="https://simplex.chat/privacy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Linux" color="yellow" >}}](https://simplex.chat/downloads/#desktop-app)
 [{{< badge content="macOS" color="indigo" >}}](https://simplex.chat/downloads/#desktop-app)
 [{{< badge content="Windows" color="red" >}}](https://simplex.chat/downloads/#desktop-app)
@@ -111,6 +123,8 @@ SimpleX Chat was independently audited in [July 2024](https://simplex.chat/blog/

 ## Briar

+{{< title-card >}}
+
 **Briar** is an encrypted instant messenger that [connects](https://briarproject.org/how-it-works) to other clients using the [Tor network](../../advanced/alternative-networks/index.md#tor), making it an effective tool at circumventing [Censorship](../../../wiki/basics/common-threats/index.md#avoiding-censorship){ .pg-blue-gray }. Briar can also connect via Wi-Fi or Bluetooth when in local proximity. Briar’s local mesh mode can be useful when internet availability is a problem.

 {{< cards >}}
@@ -118,6 +132,8 @@ SimpleX Chat was independently audited in [July 2024](https://simplex.chat/blog/
  {{< card link="https://briarproject.org/privacy-policy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Linux" color="yellow" >}}](https://briarproject.org/download-briar-desktop)
 [{{< badge content="Windows" color="red" >}}](https://briarproject.org/download-briar-desktop)
 [{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=org.briarproject.briar.android)
@@ -32,6 +32,8 @@ These password managers sync your passwords to a cloud server for easy accessibi

 ### Bitwarden

+{{< title-card >}}
+
 **Bitwarden** is a free and open-source password and passkey manager. It aims to solve password management problems for individuals, teams, and business organizations. Bitwarden is among the best and safest solutions to store all of your logins and passwords while conveniently keeping them synced between all of your devices.

 {{< cards >}}
@@ -39,6 +41,8 @@ These password managers sync your passwords to a cloud server for easy accessibi
  {{< card link="https://bitwarden.com/privacy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Linux" color="yellow" >}}](https://bitwarden.com/download)
 [{{< badge content="macOS" color="indigo" >}}](https://bitwarden.com/download)
 [{{< badge content="Windows" color="red" >}}](https://bitwarden.com/download)
@@ -59,6 +63,8 @@ Bitwarden's server-side code is [open source](https://github.com/bitwarden/serve

 ### Proton Pass

+{{< title-card >}}
+
 **Proton Pass** is an open-source, end-to-end encrypted password manager developed by Proton, the team behind [Proton Mail](../email/index.md#proton-mail). It securely stores your login credentials, generates unique email aliases, and supports and stores passkeys.

 {{< cards >}}
@@ -66,6 +72,8 @@ Bitwarden's server-side code is [open source](https://github.com/bitwarden/serve
  {{< card link="https://proton.me/pass/privacy-policy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Windows" color="red" >}}](https://proton.me/pass/download)
 [{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=proton.android.pass)
 [{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/app/id6443490629)
@@ -84,6 +92,8 @@ All issues were addressed and fixed shortly after the [report](https://res.cloud

 ### 1Password

+{{< title-card >}}
+
 **1Password** is a password manager with a strong focus on security and ease-of-use that allows you to store passwords, passkeys, credit cards, software licenses, and any other sensitive information in a secure digital vault. Your vault is hosted on 1Password's servers for a [monthly fee](https://1password.com/sign-up).

 1Password is [audited](https://support.1password.com/security-assessments) on a regular basis and provides exceptional customer support. 1Password is closed source; however, the security of the product is thoroughly documented in their [security white paper](https://1passwordstatic.com/files/security/1password-white-paper.pdf).
@@ -93,6 +103,8 @@ All issues were addressed and fixed shortly after the [report](https://res.cloud
  {{< card link="https://1password.com/legal/privacy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Linux" color="yellow" >}}](https://1password.com/downloads/linux)
 [{{< badge content="macOS" color="indigo" >}}](https://1password.com/downloads/mac)
 [{{< badge content="Windows" color="red" >}}](https://1password.com/downloads/windows)
@@ -110,6 +122,8 @@ Your 1Password vault is secured with both your master password and a randomized

 ### Psono

+{{< title-card >}}
+
 **Psono** is a free and open-source password manager from Germany, with a focus on password management for teams. Psono supports secure sharing of passwords, files, bookmarks, and emails. All secrets are protected by a master password.

 {{< cards >}}
@@ -117,6 +131,8 @@ Your 1Password vault is secured with both your master password and a randomized
  {{< card link="https://psono.com/privacy-policy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=com.psono.psono)
 [{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/app/id1545581224)
 [{{< badge content="Chrome" >}}](https://chrome.google.com/webstore/detail/eljmjmgjkbmpmfljlmklcfineebidmlo)
@@ -20,6 +20,8 @@ Most cloud **photo backup** solutions like Google Photos, Flickr, and Amazon Pho

 ## Ente Photos

+{{< title-card >}}
+
 **Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting).

 The free plan offers 10 GB of storage as long as you use the service at least once a year.
@@ -29,6 +31,8 @@ The free plan offers 10 GB of storage as long as you use the service at least o
  {{< card link="https://ente.com/privacy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Linux" color="yellow" >}}](https://ente.com/download)
 [{{< badge content="macOS" color="indigo" >}}](https://ente.com/download)
 [{{< badge content="Windows" color="red" >}}](https://ente.com/download)
@@ -47,6 +47,8 @@ Consider using a [VPN](../vpn/index.md) or [Tor](../../software/tor/index.md) if

 ### Brave Search

+{{< title-card >}}
+
 **Brave Search** is a search engine developed by Brave. It includes unique features such as [Discussions](https://search.brave.com/help/discussions), which highlights conversation-focused results such as forum posts.

 Brave Search is the default search engine for the [Brave Browser](../../software/desktop-browsers/index.md#brave).
@@ -56,10 +58,14 @@ Brave Search is the default search engine for the [Brave Browser](../../software
  {{< card link="https://search.brave.com/help/privacy-policy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 We recommend you disable [Anonymous usage metrics](https://search.brave.com/help/usage-metrics) as it is enabled by default and can be disabled within settings.

 ### DuckDuckGo

+{{< title-card >}}
+
 **DuckDuckGo** is one of the more mainstream private search engine options. Notable DuckDuckGo search features include [bangs](https://duckduckgo.com/bang) and a variety of [instant answers](https://help.duckduckgo.com/duckduckgo-help-pages/features/instant-answers-and-other-features). The search engine uses numerous [sources](https://help.duckduckgo.com/results/sources) other than Bing for instant answers and other non-primary results.

 DuckDuckGo is the default search engine for the [Tor Browser](../../software/tor/index.md#tor-browser) and is one of the few available options on Apple’s [Safari](../../software/mobile-browsers/index.md#safari-ios) browser.
@@ -69,10 +75,14 @@ DuckDuckGo is the default search engine for the [Tor Browser](../../software/tor
  {{< card link="https://duckduckgo.com/privacy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 DuckDuckGo offers two [other versions](https://help.duckduckgo.com/features/non-javascript) of their search engine, both of which do not require JavaScript. These versions do lack features, however. These versions can also be used in conjunction with their Tor hidden address by appending [/lite](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/lite) or [/html](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/html) for the respective version.

 ### Startpage

+{{< title-card >}}
+
 **Startpage** is a private search engine. One of Startpage's unique features is the [Anonymous View](https://startpage.com/en/anonymous-view), which puts forth efforts to standardize user activity to make it more difficult to be uniquely identified. The feature can be useful for hiding [some](https://support.startpage.com/hc/articles/4455540212116-The-Anonymous-View-Proxy-technical-details) network and browser properties. Unlike the name suggests, the feature should not be relied upon for anonymity. If you are looking for anonymity, use the [Tor Browser](../../software/tor/index.md#tor-browser) instead.

 {{< cards >}}
@@ -80,6 +90,8 @@ DuckDuckGo offers two [other versions](https://help.duckduckgo.com/features/non-
  {{< card link="https://startpage.com/en/privacy-policy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 Startpage's majority shareholder is System1 who is an adtech company. We don't believe that to be an issue as they have a distinctly separate [privacy policy](https://system1.com/terms/privacy-policy). The Privacy Guides team reached out to Startpage [back in 2020](https://blog.privacyguides.org/2020/05/03/relisting-startpage) to clear up any concerns with System1's sizeable investment into the service, and we were satisfied with the answers we received.

 Startpage previously placed limitations on VPN and [Tor](../../software/tor/index.md) users, but they recently created an [official](https://support.startpage.com/hc/en-us/articles/24786602537364-Startpage-s-Tor-onion-service) Tor hidden service, and as of April 2024 we have no longer noticed extra roadblocks for Tor or [VPN](../vpn/index.md) users.
@@ -90,6 +102,8 @@ A [metasearch engine](https://en.wikipedia.org/wiki/Metasearch_engine) aggregate

 ### SearXNG

+{{< title-card >}}
+
 **SearXNG** is an open-source, self-hostable, metasearch engine. It is an actively maintained fork of [SearX](https://github.com/searx/searx).

 {{< cards >}}
@@ -97,6 +111,8 @@ A [metasearch engine](https://en.wikipedia.org/wiki/Metasearch_engine) aggregate
  {{< card link="https://docs.searxng.org/user/about.html" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 A directory of public instances is available at [searx.space](https://searx.space), and the source code is on [GitHub](https://github.com/searxng/searxng).

 SearXNG is a proxy between you and the search engines it aggregates from. Your search queries will still be sent to the search engines that SearXNG gets its results from.
@@ -39,6 +39,8 @@ Our recommended providers use encryption, support WireGuard & OpenVPN, and have

 ### Proton VPN

+{{< title-card >}}
+
 **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option.

 {{< cards >}}
@@ -46,6 +48,8 @@ Our recommended providers use encryption, support WireGuard & OpenVPN, and have
  {{< card link="https://protonvpn.com/privacy-policy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Linux" color="yellow" >}}](https://protonvpn.com/support/linux-vpn-setup)
 [{{< badge content="macOS" color="indigo" >}}](https://protonvpn.com/download-macos)
 [{{< badge content="Windows" color="red" >}}](https://protonvpn.com/download-windows)
@@ -116,6 +120,8 @@ Additionally, system crashes [may occur](https://protonvpn.com/support/macos-t2-

 ### IVPN

+{{< title-card >}}
+
 **IVPN** is another premium VPN provider, and they have been in operation since 2009. IVPN is based in Gibraltar and does not offer a free trial.

 {{< cards >}}
@@ -123,6 +129,8 @@ Additionally, system crashes [may occur](https://protonvpn.com/support/macos-t2-
  {{< card link="https://ivpn.net/privacy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Linux" color="yellow" >}}](https://ivpn.net/apps-linux)
 [{{< badge content="macOS" color="indigo" >}}](https://ivpn.net/apps-macos)
 [{{< badge content="Windows" color="red" >}}](https://ivpn.net/apps-windows)
@@ -180,6 +188,8 @@ IVPN clients support two-factor authentication. IVPN also provides "[AntiTracker

 ### Mullvad

+{{< title-card >}}
+
 **Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since 2009. Mullvad is based in Sweden and offers a 14-day money-back guarantee for [payment methods](https://mullvad.net/en/help/refunds) that allow it.

 {{< cards >}}
@@ -187,6 +197,8 @@ IVPN clients support two-factor authentication. IVPN also provides "[AntiTracker
  {{< card link="https://mullvad.net/en/help/privacy-policy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Linux" color="yellow" >}}](https://mullvad.net/en/download/linux)
 [{{< badge content="macOS" color="indigo" >}}](https://mullvad.net/en/download/macos)
 [{{< badge content="Windows" color="red" >}}](https://mullvad.net/en/download/windows)
@@ -66,6 +66,8 @@ To help you choose a model that fits your needs, you can look at leaderboards an

 ### Kobold.cpp

+{{< title-card >}}
+
 **Kobold.cpp** is an AI client that runs locally on your Windows, Mac, or Linux computer. It's an excellent choice if you are looking for heavy customization and tweaking, such as for role-playing purposes.

 In addition to supporting a large range of text models, Kobold.cpp also supports image generators such as [Stable Diffusion](https://stability.ai/stable-image) and automatic speech recognition tools such as [Whisper](https://github.com/ggerganov/whisper.cpp).
@@ -75,6 +77,8 @@ In addition to supporting a large range of text models, Kobold.cpp also supports
  {{< card link="https://github.com/LostRuins/koboldcpp/wiki" title="Documentation" icon="document-text" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Linux" color="yellow" >}}](https://github.com/LostRuins/koboldcpp/releases)
 [{{< badge content="macOS" color="indigo" >}}](https://github.com/LostRuins/koboldcpp/releases)
 [{{< badge content="Windows" color="red" >}}](https://github.com/LostRuins/koboldcpp/releases)
@@ -86,6 +90,8 @@ Kobold.cpp allows you to modify parameters such as the AI model temperature and

 ### Ollama (CLI)

+{{< title-card >}}
+
 **Ollama** is a command-line AI assistant that is available on macOS, Linux, and Windows. Ollama is a great choice if you're looking for an AI client that's easy-to-use, widely compatible, and fast due to its use of inference and other techniques. It also doesn't involve any manual setup.

 In addition to supporting a wide range of text models, Ollama also supports [LLaVA](https://github.com/haotian-liu/LLaVA) models and has experimental support for Meta's [Llama vision capabilities](https://huggingface.co/blog/llama32#what-is-llama-32-vision).
@@ -95,6 +101,8 @@ In addition to supporting a wide range of text models, Ollama also supports [LLa
  {{< card link="https://github.com/ollama/ollama#readme" title="Documentation" icon="document-text" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Linux" color="yellow" >}}](https://ollama.com/download/linux)
 [{{< badge content="macOS" color="indigo" >}}](https://ollama.com/download/mac)
 [{{< badge content="Windows" color="red" >}}](https://ollama.com/download/windows)
@@ -103,6 +111,8 @@ Ollama simplifies the process of setting up a local AI chat by downloading the A

 ### Llamafile

+{{< title-card >}}
+
 **Llamafile** is a lightweight, single-file executable that allows users to run LLMs locally on their own computers without any setup involved. It is [backed by Mozilla](https://hacks.mozilla.org/2023/11/introducing-llamafile) and available on Linux, macOS, and Windows.

 Llamafile also supports LLaVA. However, it doesn't support speech recognition or image generation.
@@ -112,6 +122,8 @@ Llamafile also supports LLaVA. However, it doesn't support speech recognition or
  {{< card link="https://github.com/Mozilla-Ocho/llamafile#quickstart" title="Documentation" icon="document-text" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Linux" color="yellow" >}}](https://github.com/Mozilla-Ocho/llamafile#quickstart)
 [{{< badge content="macOS" color="indigo" >}}](https://github.com/Mozilla-Ocho/llamafile#quickstart)
 [{{< badge content="Windows" color="red" >}}](https://github.com/Mozilla-Ocho/llamafile#quickstart)
@@ -26,6 +26,8 @@ Don't install extensions which you don't immediately have a need for, or ones th

 ### uBlock Origin

+{{< title-card >}}
+
 **uBlock Origin** is a popular content blocker that could help you block ads, trackers, and fingerprinting scripts.

 {{< cards >}}
@@ -33,6 +35,8 @@ Don't install extensions which you don't immediately have a need for, or ones th
  {{< card link="https://github.com/gorhill/uBlock/wiki/Privacy-policy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Firefox" >}}](https://addons.mozilla.org/firefox/addon/ublock-origin)
 [{{< badge content="Chrome" >}}](https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm)
 [{{< badge content="Edge" >}}](https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak)
@@ -52,6 +56,8 @@ uBlock Origin also has a "Lite" version of their extension, which offers a limit
 - ...you want a more resource (memory/CPU) efficient content blocker[^1]
 - ...your browser only supports Manifest V3 extensions. This is the case for Chrome [^2] , Edge and most Chromium browsers.

+{{< title-card >}}
+
 **uBlock Origin Lite** is a Manifest V3 compatible content blocker. Compared to the original *uBlock Origin*, this extension does not require broad "read/modify data" permissions to function, which lowers the risk of [Passive Attacks](../../../wiki/basics/common-threats/index.md#security-and-privacy){ .pg-orange } on your browser if a malicious rule is added to a filter list.

 {{< cards >}}
@@ -59,6 +65,8 @@ uBlock Origin also has a "Lite" version of their extension, which offers a limit
  {{< card link="https://github.com/uBlockOrigin/uBOL-home/wiki/Privacy-policy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Chrome" >}}](https://chrome.google.com/webstore/detail/ublock-origin-lite/ddkjiahejlhfcafbddmgiahcphecmpfh)
 [{{< badge content="Edge" >}}](https://microsoftedge.microsoft.com/addons/detail/cimighlppcgcoapaliogpjjdehbnofhn)
 [{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/app/id6745342698)
@@ -75,6 +83,8 @@ uBlock Origin Lite only receives block list updates whenever the extension is up

 We recommend [Safari](../mobile-browsers/index.md#safari-ios) for iOS users, which unfortunately is only supported by uBlock Origin **Lite**. Luckily, AdGuard provides an adequate alternative:

+{{< title-card >}}
+
 **AdGuard for iOS** is a free and open-source content-blocking extension for Safari that uses the native [Content Blocker API](https://developer.apple.com/documentation/safariservices/creating_a_content_blocker).

 {{< cards >}}
@@ -82,6 +92,8 @@ We recommend [Safari](../mobile-browsers/index.md#safari-ios) for iOS users, whi
  {{< card link="https://adguard.com/privacy/ios.html" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/app/id1047223162)

 Additional filter lists do slow things down and may increase your attack surface, so only apply what you need. AdGuard for iOS has some premium features; however, standard Safari content blocking is free of charge.
@@ -25,6 +25,8 @@ Making payments online is one of the biggest challenges to privacy. These crypto

 ## Monero

+{{< title-card >}}
+
 **Monero** uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve [Anonymity](../../../wiki/basics/common-threats/index.md#anonymity-vs-privacy){ .pg-purple }. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices.

 {{< cards >}}
@@ -32,6 +34,8 @@ Making payments online is one of the biggest challenges to privacy. These crypto
  {{< card link="https://getmonero.org/resources/user-guides" title="Documentation" icon="document-text" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 With Monero, outside observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories.

 <details class="info" markdown>
@@ -23,6 +23,8 @@ When sharing files, be sure to remove associated metadata. Image files commonly

 ## MAT2

+{{< title-card >}}
+
 **MAT2** is free, cross-platform software which allows you to remove metadata from image, audio, torrent, and document file types. It provides both a command line tool and a graphical user interface via an extension for [Dolphin](https://github.com/jvoisin/mat2/tree/master/dolphin), the default file manager of [KDE](https://kde.org).

 {{< cards >}}
@@ -30,6 +32,8 @@ When sharing files, be sure to remove associated metadata. Image files commonly
  {{< card link="https://github.com/jvoisin/mat2#how-to-use-mat2" title="Documentation" icon="document-text" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Linux" color="yellow" >}}](https://pypi.org/project/mat2)
 [{{< badge content="macOS" color="indigo" >}}](https://github.com/jvoisin/mat2#requirements-setup-on-macos-os-x-using-homebrew)
 [{{< badge content="Windows" color="red" >}}](https://pypi.org/project/mat2)
@@ -37,6 +41,8 @@ When sharing files, be sure to remove associated metadata. Image files commonly

 ## ExifEraser (Android)

+{{< title-card >}}
+
 **ExifEraser** is a modern, permissionless image metadata erasing application for Android.

 It currently supports JPEG, PNG, and WebP files.
@@ -46,6 +52,8 @@ It currently supports JPEG, PNG, and WebP files.
  {{< card link="https://github.com/Tommy-Geenexus/exif-eraser#description" title="Documentation" icon="document-text" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=com.none.tom.exiferaser)
 [{{< badge content="Accrescent" >}}](https://accrescent.app/app/com.none.tom.exiferaser)
 [{{< badge content="GitHub" >}}](https://github.com/Tommy-Geenexus/exif-eraser/releases)
@@ -79,6 +87,8 @@ This shortcut removes metadata such as location, device model, lens model, and o

 ## ExifTool (CLI)

+{{< title-card >}}
+
 **ExifTool** is the original Perl library and command-line application for reading, writing, and editing meta information (Exif, IPTC, XMP, and more) in a wide variety of file formats (JPEG, TIFF, PNG, PDF, RAW, and more).

 It is often a component of other Exif removal applications and in most Linux distribution repositories.
@@ -88,6 +98,8 @@ It is often a component of other Exif removal applications and in most Linux dis
  {{< card link="https://exiftool.org/faq.html" title="Documentation" icon="document-text" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Linux" color="yellow" >}}](https://exiftool.org)
 [{{< badge content="macOS" color="indigo" >}}](https://exiftool.org)
 [{{< badge content="Windows" color="red" >}}](https://exiftool.org)
@@ -22,6 +22,8 @@ If you need to browse the internet anonymously, you should use [Tor](../tor/inde

 ## Mullvad Browser

+{{< title-card >}}
+
 **Mullvad Browser** is a version of [Tor Browser](../tor/index.md#tor-browser) with Tor network integrations removed. It aims to provide to VPN users Tor Browser's anti-fingerprinting browser technologies, which are key protections against [Mass Surveillance](../../../wiki/basics/common-threats/index.md#mass-surveillance-programs){ .pg-blue }. It is developed by the Tor Project and distributed by [Mullvad](../../services/vpn/index.md#mullvad), and does **not** require the use of Mullvad's VPN.

 {{< cards >}}
@@ -29,6 +31,8 @@ If you need to browse the internet anonymously, you should use [Tor](../tor/inde
  {{< card link="https://mullvad.net/en/help/privacy-policy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Linux" color="yellow" >}}](https://mullvad.net/en/download/browser/linux)
 [{{< badge content="macOS" color="indigo" >}}](https://mullvad.net/en/download/browser/macos)
 [{{< badge content="Windows" color="red" >}}](https://mullvad.net/en/download/browser/windows)
@@ -57,6 +61,8 @@ This is required to prevent advanced forms of tracking, but does come at the cos

 ## Firefox

+{{< title-card >}}
+
 **Firefox** provides strong privacy settings such as [Enhanced Tracking Protection](https://support.mozilla.org/kb/enhanced-tracking-protection-firefox-desktop), which can help block various [types of tracking](https://support.mozilla.org/kb/enhanced-tracking-protection-firefox-desktop#w_what-enhanced-tracking-protection-blocks).

 {{< cards >}}
@@ -64,6 +70,8 @@ This is required to prevent advanced forms of tracking, but does come at the cos
  {{< card link="https://mozilla.org/privacy/firefox" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Linux" color="yellow" >}}](https://mozilla.org/firefox/linux)
 [{{< badge content="macOS" color="indigo" >}}](https://mozilla.org/firefox/mac)
 [{{< badge content="Windows" color="red" >}}](https://mozilla.org/firefox/windows)
@@ -161,6 +169,8 @@ Arkenfox only aims to thwart basic or naive tracking scripts through canvas rand

 ## Brave

+{{< title-card >}}
+
 **Brave Browser** includes a built-in content blocker and [privacy features](https://brave.com/privacy-features), many of which are enabled by default.

 Brave is built upon the Chromium web browser project, so it should feel familiar and have minimal website compatibility issues.
@@ -170,6 +180,8 @@ Brave is built upon the Chromium web browser project, so it should feel familiar
  {{< card link="https://brave.com/privacy/browser" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Linux" color="yellow" >}}](https://brave.com/linux)
 [{{< badge content="macOS" color="indigo" >}}](https://brave.com/download)
 [{{< badge content="Windows" color="red" >}}](https://brave.com/download)
@@ -18,6 +18,8 @@ Most online **document collaboration** platforms like Google Drive do not suppor

 ## CryptPad

+{{< title-card >}}
+
 **CryptPad** is a private-by-design alternative to popular, full-fledged office suites. All content on this web service is E2EE and can be shared with other users easily.

 [Read our latest CryptPad review.](https://www.privacyguides.org/articles/2025/02/07/cryptpad-review)
@@ -27,6 +29,8 @@ Most online **document collaboration** platforms like Google Drive do not suppor
  {{< card link="https://cryptpad.fr/pad/#/2/pad/view/GcNjAWmK6YDB3EO2IipRZ0fUe89j43Ryqeb4fjkjehE" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 ## Criteria

 **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../../../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
@@ -39,6 +39,8 @@ OpenPGP also does not support [forward secrecy](https://en.wikipedia.org/wiki/Fo

 ### Thunderbird

+{{< title-card >}}
+
 **Thunderbird** is a free, open-source, cross-platform email, newsgroup, news feed, and chat (XMPP, IRC, Matrix) client developed by the Thunderbird community, and previously by the Mozilla Foundation.

 {{< cards >}}
@@ -46,6 +48,8 @@ OpenPGP also does not support [forward secrecy](https://en.wikipedia.org/wiki/Fo
  {{< card link="https://mozilla.org/privacy/thunderbird" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Linux" color="yellow" >}}](https://thunderbird.net)
 [{{< badge content="macOS" color="indigo" >}}](https://thunderbird.net)
 [{{< badge content="Windows" color="red" >}}](https://thunderbird.net)
@@ -85,6 +89,8 @@ These options can be found in the menu → **Settings** → **Privacy & Security

 ### Apple Mail (macOS)

+{{< title-card >}}
+
 **Apple Mail** is included in macOS and can be extended to have OpenPGP support with [GPG Suite](../encryption/index.md#gpg-suite), which adds the ability to send PGP-encrypted email.

 {{< cards >}}
@@ -92,10 +98,14 @@ These options can be found in the menu → **Settings** → **Privacy & Security
  {{< card link="https://apple.com/legal/privacy/en-ww" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 Apple Mail has the ability to load remote content in the background or block it entirely and hide your IP address from senders on [macOS](https://support.apple.com/guide/mail/mlhl03be2866/mac) and [iOS](https://support.apple.com/guide/iphone/iphf084865c7/ios).

 ### FairEmail (Android)

+{{< title-card >}}
+
 **FairEmail** is a minimal, open-source email app which uses open standards (IMAP, SMTP, OpenPGP) and minimizes data and battery usage.

 {{< cards >}}
@@ -103,11 +113,15 @@ Apple Mail has the ability to load remote content in the background or block it
  {{< card link="https://github.com/M66B/FairEmail/blob/master/PRIVACY.md" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=eu.faircode.email)
 [{{< badge content="GitHub" >}}](https://github.com/M66B/FairEmail/releases)

 ### GNOME Evolution (GNOME)

+{{< title-card >}}
+
 **Evolution** is a personal information management application that provides integrated mail, calendaring, and address book functionality. Evolution has extensive [documentation](https://gnome.pages.gitlab.gnome.org/evolution/help) to help you get started.

 {{< cards >}}
@@ -115,10 +129,14 @@ Apple Mail has the ability to load remote content in the background or block it
  {{< card link="https://gitlab.gnome.org/GNOME/evolution/-/wikis/Privacy-Policy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Flathub" >}}](https://flathub.org/apps/details/org.gnome.Evolution)

 ### Kontact (KDE)

+{{< title-card >}}
+
 **Kontact** is a personal information manager (PIM) application from the [KDE](https://kde.org) project. It provides a mail client, address book, RSS client, and an organizer.

 {{< cards >}}
@@ -126,11 +144,15 @@ Apple Mail has the ability to load remote content in the background or block it
  {{< card link="https://kde.org/privacypolicy-apps" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Linux" color="yellow" >}}](https://kontact.kde.org/download)
 [{{< badge content="Flathub" >}}](https://flathub.org/apps/details/org.kde.kontact)

 ### Mailvelope (Browser)

+{{< title-card >}}
+
 **Mailvelope** is a browser extension that enables the exchange of encrypted emails following the OpenPGP encryption standard.

 {{< cards >}}
@@ -138,12 +160,16 @@ Apple Mail has the ability to load remote content in the background or block it
  {{< card link="https://mailvelope.com/privacy-policy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Firefox" >}}](https://addons.mozilla.org/firefox/addon/mailvelope)
 [{{< badge content="Chrome" >}}](https://chrome.google.com/webstore/detail/mailvelope/kajibbejlbohfaggdiogboambcijhkke)
 [{{< badge content="Edge" >}}](https://microsoftedge.microsoft.com/addons/detail/mailvelope/dgcbddhdhjppfdfjpciagmmibadmoapc)

 ### NeoMutt (CLI)

+{{< title-card >}}
+
 **NeoMutt** is an open-source command line email reader for Linux and BSD. It's a fork of [Mutt](https://en.wikipedia.org/wiki/Mutt_(email_client)) with added features.

 NeoMutt is a text-based client that has a steep learning curve. It is, however, very customizable.
@@ -153,6 +179,8 @@ NeoMutt is a text-based client that has a steep learning curve. It is, however,
  {{< card link="https://neomutt.org/guide" title="Documentation" icon="document-text" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Linux" color="yellow" >}}](https://neomutt.org/distro)
 [{{< badge content="macOS" color="indigo" >}}](https://neomutt.org/distro)

@@ -32,6 +32,8 @@ The options listed here are available on multiple platforms and great for creati
 <small>Protects against the following threat(s):</small>
 [{{< badge content="Passive Attacks" color="amber" >}}](../../../wiki/basics/common-threats/index.md#security-and-privacy)

+{{< title-card >}}
+
 **Cryptomator** is an encryption solution designed for privately saving files to any cloud [Service Provider](../../../wiki/basics/common-threats/index.md#privacy-from-service-providers){ .pg-teal }, eliminating the need to trust that they won't access your files. It allows you to create vaults that are stored on a virtual drive, the contents of which are encrypted and synced with your cloud storage provider.

 {{< cards >}}
@@ -39,6 +41,8 @@ The options listed here are available on multiple platforms and great for creati
  {{< card link="https://cryptomator.org/privacy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Linux" color="yellow" >}}](https://cryptomator.org/downloads)
 [{{< badge content="macOS" color="indigo" >}}](https://cryptomator.org/downloads)
 [{{< badge content="Windows" color="red" >}}](https://cryptomator.org/downloads)
@@ -60,6 +64,8 @@ Cryptomator's documentation details its intended [security target](https://docs.
 <small>Protects against the following threat(s):</small>
 [{{< badge content="Targeted Attacks" color="red" >}}](../../../wiki/basics/common-threats/index.md#attacks-against-specific-individuals)

+{{< title-card >}}
+
 **VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication.

 {{< cards >}}
@@ -67,6 +73,8 @@ Cryptomator's documentation details its intended [security target](https://docs.
  {{< card link="https://veracrypt.fr/en/Documentation.html" title="Documentation" icon="document-text" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Linux" color="yellow" >}}](https://veracrypt.fr/en/Downloads.html)
 [{{< badge content="macOS" color="indigo" >}}](https://veracrypt.fr/en/Downloads.html)
 [{{< badge content="Windows" color="red" >}}](https://veracrypt.fr/en/Downloads.html)
@@ -94,6 +102,8 @@ Powering off your devices when they’re not in use provides the highest level o

 ### BitLocker

+{{< title-card >}}
+
 **BitLocker** is the full volume encryption solution bundled with Microsoft Windows that uses the Trusted Platform Module ([TPM](https://learn.microsoft.com/windows/security/information-protection/tpm/how-windows-uses-the-tpm)) for hardware-based security.

 {{< cards >}}
@@ -101,12 +111,16 @@ Powering off your devices when they’re not in use provides the highest level o
  {{< card link="https://learn.microsoft.com/windows/security/information-protection/BitLocker/BitLocker-overview" title="Documentation" icon="document-text" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 BitLocker is [officially supported](https://support.microsoft.com/en-us/windows/bitlocker-overview-44c0c61c-989d-4a69-8822-b95cd49b1bbf) on the Pro, Enterprise, and Education editions of Windows. The Home edition only supports automatic [Device Encryption](https://support.microsoft.com/en-us/windows/device-encryption-in-windows-cf7e2b6f-3e70-4882-9532-18633605b7df) and must meet specific hardware requirements. If you’re using the Home edition, we recommend [upgrading to Pro](https://support.microsoft.com/en-us/windows/upgrade-windows-home-to-windows-pro-ef34d520-e73f-3198-c525-d1a218cc2818), which can be done without reinstalling Windows or losing your files.

 Pro and higher editions also support the more secure pre-boot [TPM+PIN](https://learn.microsoft.com/en-us/windows/security/operating-system-security/data-protection/bitlocker/faq#what-is-the-difference-between-a-tpm-owner-password--recovery-password--recovery-key--pin--enhanced-pin--and-startup-key) feature, configured through the appropriate [group policy](../../../wiki/os/windows/group-policies/index.md#bitlocker-drive-encryption) settings. The PIN is rate limited and the TPM will panic and lock access to the encryption key either permanently or for a period of time if someone attempts to brute force access.

 ### FileVault

+{{< title-card >}}
+
 **FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault takes advantage of the [hardware security capabilities](../../../wiki/os/macos/index.md#hardware-security) present on an Apple Silicon SoC or T2 Security Chip.

 {{< cards >}}
@@ -114,10 +128,14 @@ Pro and higher editions also support the more secure pre-boot [TPM+PIN](https://
  {{< card link="https://support.apple.com/guide/security/welcome/web" title="Platform Security" icon="home" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 We advise against using your iCloud account for recovery; instead, you should securely store a local recovery key on a separate storage device.

 ### Linux Unified Key Setup

+{{< title-card >}}
+
 **LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers.

 {{< cards >}}
@@ -125,6 +143,8 @@ We advise against using your iCloud account for recovery; instead, you should se
  {{< card link="https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home" title="Documentation" icon="document-text" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 <details class="example" markdown>
 <summary>Creating and opening encrypted containers</summary>

@@ -160,6 +180,8 @@ Tools with command-line interfaces are useful for integrating [shell scripts](ht

 ### Kryptor

+{{< title-card >}}
+
 **Kryptor** is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign) to provide a simple, easier alternative to GPG.

 {{< cards >}}
@@ -167,12 +189,16 @@ Tools with command-line interfaces are useful for integrating [shell scripts](ht
  {{< card link="https://kryptor.co.uk/features#privacy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Linux" color="yellow" >}}](https://kryptor.co.uk)
 [{{< badge content="macOS" color="indigo" >}}](https://kryptor.co.uk)
 [{{< badge content="Windows" color="red" >}}](https://kryptor.co.uk)

 ### Tomb

+{{< title-card >}}
+
 **Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://dyne.org/software/tomb/#advanced-usage).

 {{< cards >}}
@@ -180,6 +206,8 @@ Tools with command-line interfaces are useful for integrating [shell scripts](ht
  {{< card link="https://github.com/dyne/Tomb/wiki" title="Documentation" icon="document-text" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 ## OpenPGP

 <small>Protects against the following threat(s):</small>
@@ -200,6 +228,8 @@ When encrypting with PGP, you have the option to configure different options in

 ### GNU Privacy Guard

+{{< title-card >}}
+
 **GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government.

 {{< cards >}}
@@ -207,12 +237,16 @@ When encrypting with PGP, you have the option to configure different options in
  {{< card link="https://gnupg.org/privacy-policy.html" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Linux" color="yellow" >}}](https://gnupg.org/download/index.html#binary)
 [{{< badge content="macOS" color="indigo" >}}](https://gpgtools.org)
 [{{< badge content="Windows" color="red" >}}](https://gpg4win.org/download.html)

 ### GPG4win

+{{< title-card >}}
+
 **GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005.

 {{< cards >}}
@@ -220,10 +254,14 @@ When encrypting with PGP, you have the option to configure different options in
  {{< card link="https://gpg4win.org/privacy-policy.html" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Windows" color="red" >}}](https://gpg4win.org/download.html)

 ### GPG Suite

+{{< title-card >}}
+
 **GPG Suite** provides OpenPGP support for [Apple Mail](../email-clients/index.md#apple-mail-macos) and other email clients on macOS.

 We recommend taking a look at their [First steps](https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email) and [Knowledge Base](https://gpgtools.tenderapp.com/kb) for support.
@@ -233,12 +271,16 @@ We recommend taking a look at their [First steps](https://gpgtools.tenderapp.com
  {{< card link="https://gpgtools.org/privacy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="macOS" color="indigo" >}}](https://gpgtools.org)

 Currently, GPG Suite does [not yet](https://gpgtools.com/sequoia) have a stable release for macOS Sonoma and later.

 ### OpenKeychain

+{{< title-card >}}
+
 **OpenKeychain** is an implementation of GnuPG for Android. It's commonly required by mail clients such as [Thunderbird](../email-clients/index.md#thunderbird), [FairEmail](../email-clients/index.md#fairemail-android), and other Android apps to provide encryption support.

 {{< cards >}}
@@ -246,6 +288,8 @@ Currently, GPG Suite does [not yet](https://gpgtools.com/sequoia) have a stable
  {{< card link="https://openkeychain.org/help/privacy-policy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)

 Cure53 completed a [security audit](https://openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. The published audit and OpenKeychain's solutions to the issues raised in the audit can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
@@ -24,6 +24,8 @@ If you already use [Proton Drive](../../services/cloud/index.md#proton-drive)[^1

 ### Send

+{{< title-card >}}
+
 **Send** is a fork of Mozilla's discontinued Firefox Send service which allows you to send files to others with a link. Files are encrypted on your device so that they cannot be read by the server, and they can be optionally password-protected as well. The maintainer of Send hosts a [public instance](https://send.vis.ee). You can use other public instances, or you can host Send yourself.

 {{< cards >}}
@@ -31,6 +33,8 @@ If you already use [Proton Drive](../../services/cloud/index.md#proton-drive)[^1
  {{< card link="https://github.com/timvisee/send-instances" title="Public Instances" icon="server" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 Send can be used via its web interface or via the [ffsend](https://github.com/timvisee/ffsend) CLI. If you are familiar with the command-line and send files frequently, we recommend using the CLI client to avoid JavaScript-based encryption. You can specify the `--host` flag to use a specific server:

 ```bash
@@ -39,6 +43,8 @@ ffsend upload --host https://send.vis.ee/ FILE

 ### OnionShare

+{{< title-card >}}
+
 **OnionShare** is an open-source tool that lets you securely and [anonymously](../../../wiki/basics/common-threats/index.md#anonymity-vs-privacy){ .pg-purple } share a file of any size. It works by starting a web server accessible as a Tor onion service, with an unguessable URL that you can share with the recipients to download or send files.

 {{< cards >}}
@@ -46,6 +52,8 @@ ffsend upload --host https://send.vis.ee/ FILE
  {{< card link="http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion" title="Onion Service" icon="link" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Linux" color="yellow" >}}](https://onionshare.org/#download)
 [{{< badge content="macOS" color="indigo" >}}](https://onionshare.org/#download)
 [{{< badge content="Windows" color="red" >}}](https://onionshare.org/#download)
@@ -65,6 +73,8 @@ OnionShare provides the option to connect via [Tor bridges](https://docs.onionsh

 ### Syncthing (P2P)

+{{< title-card >}}
+
 **Syncthing** is an open-source peer-to-peer continuous file synchronization utility. It is used to synchronize files between two or more devices over the local network or the internet. Syncthing does not use a centralized server; it uses the [Block Exchange Protocol](https://docs.syncthing.net/specs/bep-v1.html#bep-v1) to transfer data between devices. All data is encrypted using TLS.

 {{< cards >}}
@@ -72,6 +82,8 @@ OnionShare provides the option to connect via [Tor bridges](https://docs.onionsh
  {{< card link="https://docs.syncthing.net" title="Documentation" icon="document-text" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Linux" color="yellow" >}}](https://syncthing.net/downloads)
 [{{< badge content="macOS" color="indigo" >}}](https://syncthing.net/downloads)
 [{{< badge content="Windows" color="red" >}}](https://syncthing.net/downloads)
@@ -30,6 +30,8 @@ When you are using an instance run by someone else, make sure to read the privac

 ### Redlib

+{{< title-card >}}
+
 **Redlib** is an open-source frontend to the [Reddit](https://reddit.com) website that is also self-hostable. You can access Redlib through a number of public instances.

 {{< cards >}}
@@ -37,6 +39,8 @@ When you are using an instance run by someone else, make sure to read the privac
  {{< card link="https://github.com/redlib-org/redlib-instances/blob/main/instances.md" title="Public Instances" icon="server" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 > [!NOTE]
 > The [Old Reddit](https://old.reddit.com) website doesn't require as much JavaScript as the new Reddit website does, but it has recently blocked access to IP addresses reserved for public VPNs. You can use Old Reddit in conjunction with the [Tor](../tor/index.md) Onion that was [launched in October 2022](https://forum.torproject.org/t/reddit-onion-service-launch/5305) at [https://old.reddittorjg6rue252oqsxryoxengawnmo46qy4kyii5wtqnwfj4ooad.onion](https://old.reddittorjg6rue252oqsxryoxengawnmo46qy4kyii5wtqnwfj4ooad.onion).

@@ -49,6 +53,8 @@ When you are using an instance run by someone else, make sure to read the privac

 ### ProxiTok

+{{< title-card >}}
+
 **ProxiTok** is an open-source frontend to the [TikTok](https://tiktok.com) website that is also self-hostable.

 There are a number of public instances, with some that offer a [Tor](../tor/index.md) onion service or an [I2P](../../advanced/alternative-networks/index.md#i2p-the-invisible-internet-project) eepsite.
@@ -58,6 +64,8 @@ There are a number of public instances, with some that offer a [Tor](../tor/inde
  {{< card link="https://github.com/pablouser1/ProxiTok/wiki/Public-instances" title="Public Instances" icon="server" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 > [!TIP]
 > ProxiTok is useful if you want to disable JavaScript in your browser, such as [Tor Browser](../tor/index.md#tor-browser) on the Safest security level.

@@ -68,6 +76,8 @@ There are a number of public instances, with some that offer a [Tor](../tor/inde

 ### Invidious

+{{< title-card >}}
+
 **Invidious** is a free and open-source frontend for [YouTube](https://youtube.com) that is also self-hostable.

 There are a number of public instances, with some that offer a [Tor](../tor/index.md) onion service or an [I2P](../../advanced/alternative-networks/index.md#i2p-the-invisible-internet-project) eepsite.
@@ -77,6 +87,8 @@ There are a number of public instances, with some that offer a [Tor](../tor/inde
  {{< card link="https://docs.invidious.io/instances" title="Public Instances" icon="server" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 > [!WARNING]
 > Invidious does not proxy video streams by default. Videos watched through Invidious will still make direct connections to Google's servers (e.g. `googlevideo.com`); however, some instances support video proxying—simply enable *Proxy videos* within the instances' settings or add `&local=true` to the URL.

@@ -87,6 +99,8 @@ There are a number of public instances, with some that offer a [Tor](../tor/inde

 ### Piped

+{{< title-card >}}
+
 **Piped** is a free and open-source frontend for [YouTube](https://youtube.com) that is also self-hostable.

 Piped requires JavaScript in order to function and there are a number of public instances.
@@ -96,12 +110,16 @@ Piped requires JavaScript in order to function and there are a number of public
  {{< card link="https://github.com/TeamPiped/documentation/blob/main/content/docs/public-instances/index.md" title="Public Instances" icon="server" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 > [!TIP]
 > Piped is useful if you want to use [SponsorBlock](https://sponsor.ajay.app) without installing an extension. It does not provide privacy by itself, and we don’t recommend logging into any accounts.


 ### FreeTube

+{{< title-card >}}
+
 **FreeTube** is a free and open-source desktop application for [YouTube](https://youtube.com). FreeTube extracts data from YouTube using its built-in API based on [YouTube.js](https://github.com/LuanRT/YouTube.js) or the [Invidious](#invidious) API. You can configure either as the default, with the other serving as a fallback.

 When using FreeTube, your subscription list, playlists, watch history and search history are saved locally on your device.
@@ -111,6 +129,8 @@ When using FreeTube, your subscription list, playlists, watch history and search
  {{< card link="https://freetubeapp.io/privacy.php" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Linux" color="yellow" >}}](https://freetubeapp.io/#download)
 [{{< badge content="macOS" color="indigo" >}}](https://freetubeapp.io/#download)
 [{{< badge content="Windows" color="red" >}}](https://freetubeapp.io/#download)
@@ -124,6 +144,8 @@ By default, FreeTube blocks all YouTube advertisements. In addition, FreeTube op

 ### LibreTube (Android)

+{{< title-card >}}
+
 **LibreTube** is a free and open-source Android application for [YouTube](https://youtube.com) which uses the [Piped](#piped) API.

 Your subscription list and playlists are saved locally on your Android device.
@@ -133,6 +155,8 @@ Your subscription list and playlists are saved locally on your Android device.
  {{< card link="https://github.com/libre-tube/LibreTube/blob/master/PRIVACY_POLICY.md" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="GitHub" >}}](https://github.com/libre-tube/LibreTube/releases)

 > [!WARNING]
@@ -143,6 +167,8 @@ By default, LibreTube blocks all YouTube advertisements. Additionally, LibreTube

 ### NewPipe (Android)

+{{< title-card >}}
+
 **NewPipe** is a free and open-source Android application for [YouTube](https://youtube.com), [SoundCloud](https://soundcloud.com), [media.ccc.de](https://media.ccc.de), [Bandcamp](https://bandcamp.com), and [PeerTube](https://joinpeertube.org) (1).

 Your subscription list and playlists are saved locally on your Android device.
@@ -152,6 +178,8 @@ Your subscription list and playlists are saved locally on your Android device.
  {{< card link="https://newpipe.net/legal/privacy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="GitHub" >}}](https://github.com/TeamNewPipe/NewPipe/releases)

 1. The default instance is [FramaTube](https://framatube.org), however more can be added via **Settings** → **Content** → **PeerTube instances**.
@@ -28,6 +28,8 @@ Popular menstrual trackers like [Flo](https://techcrunch.com/2021/01/13/flo-gets

 ### Drip

+{{< title-card >}}
+
 **Drip** is a gender-inclusive and open source menstrual cycle tracker available on all mobile platforms. It relies on the "sympto-thermal method" to predict ovulation. All user data is stored locally on your device and can be protected with a password.

 {{< cards >}}
@@ -35,12 +37,16 @@ Popular menstrual trackers like [Flo](https://techcrunch.com/2021/01/13/flo-gets
  {{< card link="https://bloodyhealth.gitlab.io/privacy-policy.html" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=com.drip)
 [{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/us/app/drip/id1584564949)
 [{{< badge content="Android" >}}](https://bloodyhealth.gitlab.io)

 ### Euki

+{{< title-card >}}
+
 **Euki** is a nonprofit-backed menstrual cycle tracker that also doubles as a medication tracker and sexual wellness knowledge base. It allows you to schedule the automatic deletion of your personal data in the app. All user data is stored locally on your device and can be protected with a password.

 {{< cards >}}
@@ -48,18 +54,24 @@ Popular menstrual trackers like [Flo](https://techcrunch.com/2021/01/13/flo-gets
  {{< card link="https://eukiapp.org/privacy-policy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=com.kollectivemobile.euki)
 [{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/app/euki/id1469213846)

 ### Apple Health

-Apple Health is one of the default apps installed on iOS devices. It includes many health and wellness features (see [Health Records](#apple-health-records)), including menstrual cycle tracking. It also uses gender-neutral language. Apple Health always uses end-to-end encryption when syncing across multiple devices.
+{{< title-card >}}
+
+**Apple Health** is one of the default apps installed on iOS devices. It includes many health and wellness features (see [Health Records](#apple-health-records)), including menstrual cycle tracking. It also uses gender-neutral language. Apple Health always uses end-to-end encryption when syncing across multiple devices.

 {{< cards >}}
  {{< card link="https://apple.com/health" title="Homepage" icon="home" >}}
  {{< card link="https://apple.com/legal/privacy/consumer-health-personal-data/en-ww" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/app/apple-health/id1242545199)

 ## Fitness Trackers
@@ -68,6 +80,8 @@ These general purpose apps can do everything from counting steps and tracking sl

 ### Apple Fitness

+{{< title-card >}}
+
 **Apple Fitness** is the default fitness app for iOS. Apple Fitness always uses end-to-end encryption when syncing across multiple devices. Additionally, almost all measured data is processed on your device.

 {{< cards >}}
@@ -75,10 +89,14 @@ These general purpose apps can do everything from counting steps and tracking sl
  {{< card link="https://apple.com/legal/privacy/consumer-health-personal-data/en-ww" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/app/id1208224953)

 ### Gadgetbridge

+{{< title-card >}}
+
 **Gadgetbridge** is an open-source Android application which allows you to pair and manage your Bluetooth device without relying on the vendor’s application. When paired with a compatible smartwatch, it can mimic the health and wellness functionality of these watches without third-party data collection.

 {{< cards >}}
@@ -86,6 +104,8 @@ These general purpose apps can do everything from counting steps and tracking sl
  {{< card link="https://gadgetbridge.org/basics" title="Documentation" icon="document-text" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="F-Droid" >}}](https://f-droid.org/packages/nodomain.freeyourgadget.gadgetbridge)

 Gadgetbridge's app functionality includes, but is not limited to: step counting, sleep tracking, heart rate monitoring, etc.
@@ -98,6 +118,8 @@ These apps help you collect and manage personal health data and share it with he

 ### Apple Health Records

+{{< title-card >}}
+
 **Apple Health Records** is a built-in feature within [Apple Health](#apple-health) that allows you to view, store, and share your health records.

 {{< cards >}}
@@ -105,10 +127,14 @@ These apps help you collect and manage personal health data and share it with he
  {{< card link="https://apple.com/legal/privacy/consumer-health-personal-data/en-ww" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/app/apple-health/id1242545199)

 ### CommonHealth

+{{< title-card >}}
+
 **CommonHealth** is a privacy-respecting Android app that allows people to access their electronic health records and securely share it to providers. All health data is stored on your device and can be protected with a passcode or biometric authentication.

 {{< cards >}}
@@ -116,6 +142,8 @@ These apps help you collect and manage personal health data and share it with he
  {{< card link="https://commonhealth.org/privacy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=org.thecommonsproject.android.phr)

 CommonHealth is only available in the United States. Although the app itself is closed source, the [developer SDK is open source](https://github.com/the-commons-project).
@@ -22,6 +22,8 @@ Text inputted to grammar, spelling, and style checkers, as well as translation s

 ### LanguageTool

+{{< title-card >}}
+
 **LanguageTool** is a multilingual grammar, style, and spell checker that supports more than 20 languages. According to their privacy policy, they do not store any content sent to their service for review, but for higher assurance the software is [self-hostable](https://dev.languagetool.org/http-server).

 {{< cards >}}
@@ -29,6 +31,8 @@ Text inputted to grammar, spelling, and style checkers, as well as translation s
  {{< card link="https://languagetool.org/legal/privacy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="macOS" color="indigo" >}}](https://languagetool.org/mac-desktop)
 [{{< badge content="Windows" color="red" >}}](https://languagetool.org/windows-desktop)
 [{{< badge content="Firefox" >}}](https://addons.mozilla.org/firefox/addon/languagetool)
@@ -42,6 +46,8 @@ LanguageTool offers integration with a variety of [office suites](https://langua

 ### LibreTranslate

+{{< title-card >}}
+
 **LibreTranslate** is a free and open-source machine translation web interface and API server. It uses [Argos Translate](https://github.com/argosopentech/argos-translate) models on the backend for translations.

 {{< cards >}}
@@ -49,6 +55,8 @@ LanguageTool offers integration with a variety of [office suites](https://langua
  {{< card link="https://github.com/LibreTranslate/LibreTranslate#mirrors" title="Public Instances" icon="server" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 You can use LibreTranslate through a number of public instances, with some that offer a [Tor](../tor/index.md) onion service or an [I2P](../../advanced/alternative-networks/index.md#i2p-the-invisible-internet-project) eepsite. You can also host the software yourself for maximum control over the text submitted for translation.

 We use a self-hosted instance of LibreTranslate to automatically translate posts on our [forum](https://discuss.privacyguides.net) to multiple languages.
@@ -21,6 +21,8 @@ The recommendations here do not collect personally identifying information (PII)

 ## Organic Maps

+{{< title-card >}}
+
 **Organic Maps** is an open-source, community-developed map display and satnav-style navigation app for walkers, drivers, and cyclists. The app offers worldwide, offline maps based on OpenStreetMap data, and navigation with privacy — no location tracking, no data collection, and no ads. The app can be used completely offline.

 Features include cycling routes, hiking trails and walking paths, turn-by-turn navigation with voice guidance, and public transport route planning (only available in supported regions and cities).
@@ -30,6 +32,8 @@ Features include cycling routes, hiking trails and walking paths, turn-by-turn n
  {{< card link="https://organicmaps.app/privacy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Linux" color="yellow" >}}](https://flathub.org/apps/app.organicmaps.desktop)
 [{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=app.organicmaps)
 [{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/app/organic-maps/id1567437057)
@@ -39,6 +43,8 @@ Please note that Organic Maps is a simple, basic app that lacks certain features

 ## OsmAnd

+{{< title-card >}}
+
 **OsmAnd** is an open-source, offline map and navigation application based on OpenStreetMap that offers turn-by-turn navigation for walking, cycling, driving, as well as public transport. You can find a detailed overview of OsmAnd's supported [features](https://wiki.openstreetmap.org/wiki/OsmAnd#Features) on the OpenStreet Map Wiki.

 {{< cards >}}
@@ -46,6 +52,8 @@ Please note that Organic Maps is a simple, basic app that lacks certain features
  {{< card link="https://osmand.net/docs/legal/privacy-policy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=net.osmand)
 [{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/us/app/id934850257)
 [{{< badge content="Android" >}}](https://osmand.net/docs/versions/free-versions)
@@ -20,6 +20,8 @@ These are our currently recommended **mobile web browsers** and configurations f

 ## Brave

+{{< title-card >}}
+
 **Brave Browser** includes a built-in content blocker and [privacy features](https://brave.com/privacy-features), many of which are enabled by default.

 Brave is built upon the Chromium web browser project, so it should feel familiar and have minimal website compatibility issues.
@@ -29,6 +31,8 @@ Brave is built upon the Chromium web browser project, so it should feel familiar
  {{< card link="https://brave.com/privacy/browser" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=com.brave.browser)
 [{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/app/id1052879175)
 [{{< badge content="F-Droid" >}}](https://brave-browser-apk-release.s3.brave.com/fdroid/repo/index.html)
@@ -159,6 +163,8 @@ These options can be found in the menu → **Settings** → **Search engines**.

 On iOS, any app that can browse the web is [restricted](https://developer.apple.com/app-store/review/guidelines) to using an Apple-provided [WebKit framework](https://developer.apple.com/documentation/webkit), so a browser like [Brave](#brave) does not use the Blink engine (the core component of Chromium) like its counterparts on other operating systems.

+{{< title-card >}}
+
 **Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites, so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.

 {{< cards >}}
@@ -166,6 +172,8 @@ On iOS, any app that can browse the web is [restricted](https://developer.apple.
  {{< card link="https://apple.com/legal/privacy/data/en/safari" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 ### Recommended Safari Configuration

 The following privacy/security-related options can be found in **Settings** → **Apps** → **Safari**.
@@ -24,6 +24,8 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative

 ## Ente Auth

+{{< title-card >}}
+
 **Ente Auth** is a free and open-source app which stores and generates TOTP tokens. It can be used with an online account to back up and sync your tokens across your devices (and access them via a web interface) in a secure, end-to-end encrypted fashion. It can also be used offline on a single device with no account necessary.

 {{< cards >}}
@@ -31,6 +33,8 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative
  {{< card link="https://ente.com/privacy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=io.ente.auth)
 [{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/app/id6444121398)
 [{{< badge content="GitHub" >}}](https://github.com/ente-io/ente/releases?q=auth)
@@ -40,6 +44,8 @@ The server-side source code and infrastructure which underpins Ente Auth (if use

 ## Aegis Authenticator (Android)

+{{< title-card >}}
+
 **Aegis Authenticator** is a free and open-source app for Android to manage your 2-step verification tokens for your online services. Aegis Authenticator operates completely offline/locally, but includes the option to export your tokens for backup unlike many alternatives.

 {{< cards >}}
@@ -47,6 +53,8 @@ The server-side source code and infrastructure which underpins Ente Auth (if use
  {{< card link="https://getaegis.app/aegis/privacy.html" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=com.beemdevelopment.aegis)
 [{{< badge content="GitHub" >}}](https://github.com/beemdevelopment/Aegis/releases)

@@ -25,6 +25,8 @@ A **news aggregator** is software which aggregates digital content from online n

 ### Akregator

+{{< title-card >}}
+
 **Akregator** is a news feed reader that is a part of the [KDE](https://kde.org) project. It comes with a fast search, advanced archiving functionality, and an internal browser for easy news reading.

 {{< cards >}}
@@ -32,10 +34,14 @@ A **news aggregator** is software which aggregates digital content from online n
  {{< card link="https://kde.org/privacypolicy-apps" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Flathub" >}}](https://flathub.org/apps/details/org.kde.akregator)

 ### NewsFlash

+{{< title-card >}}
+
 **NewsFlash** is an open-source, modern, and easy-to-use news feed reader for Linux. It can be used offline or with services like [Inoreader](https://inoreader.com) or [Nextcloud News](https://apps.nextcloud.com/apps/news). It has a search feature and a pre-defined list of sources that you can add directly.

 {{< cards >}}
@@ -43,10 +49,14 @@ A **news aggregator** is software which aggregates digital content from online n
  {{< card link="https://gitlab.com/news-flash/news_flash_gtk/-/wikis/home" title="Documentation" icon="document-text" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Flathub" >}}](https://flathub.org/apps/io.gitlab.news_flash.NewsFlash)

 ### Feeder

+{{< title-card >}}
+
 **Feeder** is a modern RSS client for Android that has many [features](https://github.com/spacecowboy/Feeder#features) and works well with folders of RSS feeds.

 It supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)), [RDF](https://en.wikipedia.org/wiki/RDF%2FXML), and [JSON Feed](https://en.wikipedia.org/wiki/JSON_Feed).
@@ -56,11 +66,15 @@ It supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedi
  {{< card link="https://github.com/spacecowboy/Feeder/wiki" title="Documentation" icon="document-text" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=com.nononsenseapps.feeder.play)
 [{{< badge content="GitHub" >}}](https://github.com/spacecowboy/Feeder/releases)

 ### Miniflux

+{{< title-card >}}
+
 **Miniflux** is a web-based news aggregator that you can self-host.

 It supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)), [RDF](https://en.wikipedia.org/wiki/RDF%2FXML), and [JSON Feed](https://en.wikipedia.org/wiki/JSON_Feed).
@@ -70,8 +84,12 @@ It supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedi
  {{< card link="https://miniflux.app/docs/index#user-guide" title="Documentation" icon="document-text" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 ### NetNewsWire

+{{< title-card >}}
+
 **NetNewsWire** is a free and open-source feed reader for macOS and iOS with a focus on a native design and feature set.

 It supports conventional feed formats and includes built-in support for Reddit feeds.
@@ -81,11 +99,15 @@ It supports conventional feed formats and includes built-in support for Reddit f
  {{< card link="https://netnewswire.com/privacypolicy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="macOS" color="indigo" >}}](https://netnewswire.com)
 [{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/app/id1480640210)

 ### Newsboat

+{{< title-card >}}
+
 **Newsboat** is an RSS/Atom feed reader for the text console. It's an actively maintained fork of [Newsbeuter](https://en.wikipedia.org/wiki/Newsbeuter). It is very lightweight and ideal for use over [Secure Shell](https://en.wikipedia.org/wiki/Secure_Shell).

 {{< cards >}}
@@ -93,6 +115,8 @@ It supports conventional feed formats and includes built-in support for Reddit f
  {{< card link="https://newsboat.org/releases/2.38/docs/newsboat.html" title="Documentation" icon="document-text" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 ## Criteria

 **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../../../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
@@ -26,6 +26,8 @@ If you are currently using an application like Evernote, Google Keep, or Microso

 ### Standard Notes

+{{< title-card >}}
+
 **Standard Notes** is a simple and private notes app that features cross-platform sync for seamless use. It features E2EE on every platform, and a powerful desktop experience with themes and custom editors.

 Standard Notes has also undergone multiple [independent audits](https://standardnotes.com/help/2/has-standard-notes-completed-a-third-party-security-audit).
@@ -35,6 +37,8 @@ Standard Notes has also undergone multiple [independent audits](https://standard
  {{< card link="https://standardnotes.com/privacy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Linux" color="yellow" >}}](https://standardnotes.com)
 [{{< badge content="macOS" color="indigo" >}}](https://standardnotes.com)
 [{{< badge content="Windows" color="red" >}}](https://standardnotes.com)
@@ -47,6 +51,8 @@ Standard Notes has [joined Proton AG](https://standardnotes.com/blog/joining-for

 ### Notesnook

+{{< title-card >}}
+
 **Notesnook** is a free (as in speech), open-source, and easy-to-use E2EE note-taking app focused on user privacy.

 It features sync functionality that allows you to access your notes on multiple platforms. You can easily import your notes from Evernote, OneNote, and other apps using their [official importer](https://importer.notesnook.com).
@@ -56,6 +62,8 @@ It features sync functionality that allows you to access your notes on multiple
  {{< card link="https://notesnook.com/privacy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Linux" color="yellow" >}}](https://notesnook.com/downloads)
 [{{< badge content="macOS" color="indigo" >}}](https://notesnook.com/downloads)
 [{{< badge content="Windows" color="red" >}}](https://notesnook.com/downloads)
@@ -69,6 +77,8 @@ It features sync functionality that allows you to access your notes on multiple

 ### Joplin

+{{< title-card >}}
+
 **Joplin** is a free, open-source, and fully-featured E2EE note-taking and to-do application which can handle numerous Markdown notes organized into notebooks and tags.

 It can sync through Nextcloud, Dropbox, and more. It also offers easy import from Evernote and plain-text notes.
@@ -78,6 +88,8 @@ It can sync through Nextcloud, Dropbox, and more. It also offers easy import fro
  {{< card link="https://joplinapp.org/privacy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Linux" color="yellow" >}}](https://joplinapp.org/#desktop-applications)
 [{{< badge content="macOS" color="indigo" >}}](https://joplinapp.org/#desktop-applications)
 [{{< badge content="Windows" color="red" >}}](https://joplinapp.org/#desktop-applications)
@@ -91,6 +103,8 @@ Joplin [does not support](https://github.com/laurent22/joplin/issues/289) passwo

 ### Cryptee

+{{< title-card >}}
+
 **Cryptee** is an open-source, web-based E2EE document editor and photo storage application.

 Cryptee offers 100 MB of storage for free, with paid options if you need more. Sign-up doesn't require an e-mail or other personally identifiable information.
@@ -100,6 +114,8 @@ Cryptee offers 100 MB of storage for free, with paid options if you need more.
  {{< card link="https://crypt.ee/privacy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Web" >}}](https://crypt.ee/download)

 Cryptee is a PWA, which means that it works seamlessly across all modern devices without requiring native apps for each respective platform.
@@ -108,6 +124,8 @@ Cryptee is a PWA, which means that it works seamlessly across all modern devices

 ### Org-mode

+{{< title-card >}}
+
 **Org-mode** is a [major mode](https://gnu.org/software/emacs/manual/html_node/elisp/Major-Modes.html) for GNU Emacs. Org-mode is for keeping notes, maintaining to-do lists, planning projects, and authoring documents with a fast and effective plain-text system. File synchronization is possible with tools like [Syncthing](../file-sharing/index.md#syncthing-p2p).

 {{< cards >}}
@@ -115,6 +133,8 @@ Cryptee is a PWA, which means that it works seamlessly across all modern devices
  {{< card link="https://orgmode.org/manuals.html" title="Documentation" icon="document-text" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 ## Criteria

 **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../../../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
@@ -19,6 +19,8 @@ Choose an **office suite** that does not require logging in to an account to acc

 ## LibreOffice

+{{< title-card >}}
+
 **LibreOffice** is a free and open-source office suite with extensive functionality.

 {{< cards >}}
@@ -26,6 +28,8 @@ Choose an **office suite** that does not require logging in to an account to acc
  {{< card link="https://libreoffice.org/about-us/privacy/privacy-policy-en" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Linux" color="yellow" >}}](https://libreoffice.org/download/download)
 [{{< badge content="macOS" color="indigo" >}}](https://libreoffice.org/download/download)
 [{{< badge content="Windows" color="red" >}}](https://libreoffice.org/download/download)
@@ -35,6 +39,8 @@ Choose an **office suite** that does not require logging in to an account to acc

 ## OnlyOffice

+{{< title-card >}}
+
 **OnlyOffice** is a cloud-based free and open-source office suite with extensive functionality, including integration with Nextcloud.

 {{< cards >}}
@@ -42,6 +48,8 @@ Choose an **office suite** that does not require logging in to an account to acc
  {{< card link="https://help.onlyoffice.com/products/files/doceditor.aspx?fileid=5048502&doc=SXhWMEVzSEYxNlVVaXJJeUVtS0kyYk14YWdXTEFUQmRWL250NllHNUFGbz0_IjUwNDg1MDIi0" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Linux" color="yellow" >}}](https://onlyoffice.com/download-desktop.aspx)
 [{{< badge content="macOS" color="indigo" >}}](https://onlyoffice.com/download-desktop.aspx)
 [{{< badge content="Windows" color="red" >}}](https://onlyoffice.com/download-desktop.aspx)
@@ -17,6 +17,8 @@ These options allow you to manage an encrypted password database locally.

 ## KeePassXC

+{{< title-card >}}
+
 **KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bug fixes to provide a feature-rich, cross-platform, and modern open-source password manager.

 {{< cards >}}
@@ -24,6 +26,8 @@ These options allow you to manage an encrypted password database locally.
  {{< card link="https://keepassxc.org/privacy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Linux" color="yellow" >}}](https://keepassxc.org/download/#linux)
 [{{< badge content="macOS" color="indigo" >}}](https://keepassxc.org/download/#mac)
 [{{< badge content="Windows" color="red" >}}](https://keepassxc.org/download/#windows)
@@ -35,6 +39,8 @@ KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-se

 ## KeePassDX (Android)

+{{< title-card >}}
+
 **KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms securely.

 {{< cards >}}
@@ -42,6 +48,8 @@ KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-se
  {{< card link="https://github.com/Kunzisoft/KeePassDX/wiki" title="Documentation" icon="document-text" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.free)
 [{{< badge content="GitHub" >}}](https://github.com/Kunzisoft/KeePassDX/releases)

@@ -51,13 +59,17 @@ The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.ke

 [Read our latest KeePassium review.](https://www.privacyguides.org/articles/2025/05/13/keepassium-review)

-KeePassium is a commercial, open-source password manager made by KeePassium Labs that's compatible with other KeePass applications. It provides autofill support, passkey management, automatic two-way synchronization through [most cloud storage providers](https://support.keepassium.com/kb/sync), and more.
+{{< title-card >}}
+
+**KeePassium** is a commercial, open-source password manager made by KeePassium Labs that's compatible with other KeePass applications. It provides autofill support, passkey management, automatic two-way synchronization through [most cloud storage providers](https://support.keepassium.com/kb/sync), and more.

 {{< cards >}}
  {{< card link="https://keepassium.com" title="Homepage" icon="home" >}}
  {{< card link="https://keepassium.com/privacy/app" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/us/app/id1435127111)

 KeePassium offers a [Premium version](https://keepassium.com/pricing) with additional features such as support for multiple databases, YubiKey support, and a password audit tool.
@@ -66,6 +78,8 @@ KeePassium's iOS app has been [audited](https://cure53.de/pentest-report_keepass

 ## Gopass (CLI)

+{{< title-card >}}
+
 **Gopass** is a minimal password manager for the command line written in Go. It can be used within scripting applications and works on all major desktop and server operating systems.

 {{< cards >}}
@@ -73,6 +87,8 @@ KeePassium's iOS app has been [audited](https://cure53.de/pentest-report_keepass
  {{< card link="https://github.com/gopasspw/gopass/tree/master/docs" title="Documentation" icon="document-text" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Linux" color="yellow" >}}](https://gopass.pw/#install-linux)
 [{{< badge content="macOS" color="indigo" >}}](https://gopass.pw/#install-macos)
 [{{< badge content="Windows" color="red" >}}](https://gopass.pw/#install-windows)
@@ -19,6 +19,8 @@ aliases:

 ## PrivateBin

+{{< title-card >}}
+
 **PrivateBin** is a minimalist, open-source, online pastebin where the server cannot decrypt and read any pasted data you submit. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.

 {{< cards >}}
@@ -26,8 +28,12 @@ aliases:
  {{< card link="https://privatebin.info/directory" title="Public Instances" icon="server" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 ## Paaster

+{{< title-card >}}
+
 **Paaster** is a secure and user-friendly pastebin application that prioritizes privacy and simplicity. With end-to-end encryption and paste history, Paaster ensures that your pasted code remains confidential and accessible.

 {{< cards >}}
@@ -35,6 +41,8 @@ aliases:
  {{< card link="https://paaster.io/privacy-policy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 ## Criteria

 **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../../../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
@@ -48,6 +48,8 @@ If you are greatly concerned about an existing server censoring your content, th

 ## Mastodon

+{{< title-card >}}
+
 **Mastodon** is a social network based on open web protocols and free, open-source software. It uses the **ActivityPub** protocol, which is decentralized like email: Users can exist on different servers or even different platforms but still communicate with each other.

 {{< cards >}}
@@ -55,6 +57,8 @@ If you are greatly concerned about an existing server censoring your content, th
  {{< card link="https://docs.joinmastodon.org" title="Documentation" icon="document-text" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 There are many software platforms which use ActivityPub as their backend social networking protocol, meaning they can talk to servers even when they are running different software. For example, PeerTube is a video publishing software that uses ActivityPub, meaning you can follow channels on PeerTube either with another PeerTube account, *or* with a Mastodon account because Mastodon also uses ActivityPub.

 We chose to recommend Mastodon over other ActivityPub software as your primary social media platform for these reasons:
@@ -116,6 +120,8 @@ If you used our recommended configuration settings above, you should be posting

 ## Element

+{{< title-card >}}
+
 **Element** is the flagship client for the **[Matrix](https://matrix.org/docs/chat_basics/matrix-for-im)** protocol, an [open standard](https://spec.matrix.org/latest) that enables decentralized communication by way of federated chat rooms. Users can exist on different homeservers but still communicate with each other.

 {{< cards >}}
@@ -123,6 +129,8 @@ If you used our recommended configuration settings above, you should be posting
  {{< card link="https://element.io/privacy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Linux" color="yellow" >}}](https://element.io/download)
 [{{< badge content="macOS" color="indigo" >}}](https://element.io/download)
 [{{< badge content="Windows" color="red" >}}](https://element.io/download)
@@ -34,6 +34,8 @@ If more complete anonymity is paramount to your situation, you should **only** b

 ## Tor Browser

+{{< title-card >}}
+
 **Tor Browser** is the top choice if you need anonymity, as it provides you with access to the Tor network and bridges, and it includes default settings and extensions that are automatically configured by the default security levels: *Standard*, *Safer* and *Safest*.

 {{< cards >}}
@@ -41,6 +43,8 @@ If more complete anonymity is paramount to your situation, you should **only** b
  {{< card link="http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion" title="Onion Service" icon="link" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="Linux" color="yellow" >}}](https://torproject.org/download)
 [{{< badge content="macOS" color="indigo" >}}](https://torproject.org/download)
 [{{< badge content="Windows" color="red" >}}](https://torproject.org/download)
@@ -58,6 +62,8 @@ In addition to installing Tor Browser on your computer directly, there are also

 [Read our latest Onion Browser review.](https://www.privacyguides.org/articles/2024/09/18/onion-browser-review)

+{{< title-card >}}
+
 **Onion Browser** is an open-source browser that lets you browse the web anonymously over the Tor network on iOS devices and is endorsed by the [Tor Project](https://support.torproject.org/glossary/onion-browser).

 {{< cards >}}
@@ -65,6 +71,8 @@ In addition to installing Tor Browser on your computer directly, there are also
  {{< card link="https://onionbrowser.com/privacy-policy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}

+{{< /title-card >}}
+
 [{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/app/id519296448)

 Onion Browser does not provide the same levels of privacy protections as Tor Browser does on desktop platforms. For casual use it is a perfectly fine way to access hidden services, but if you're concerned about being traced or monitored by advanced adversaries you should not rely on this as an anonymity tool.
@@ -0,0 +1,3 @@
+<div class="pg:title-card hx:last-of-type:mb-0 hx:rounded-lg hx:p-6 hx:mt-4 hx:group">
+  {{ .InnerDeindent | $.Page.RenderString (dict "display" "block" "markup" "goldmark") }}
+</div>