diff --git a/.gitignore b/.gitignore
index ca204df2..8c1a39c6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,4 @@
 public/
 resources/
 .hugo_build.lock
+/scripts
diff --git a/content/activism/toolbox/tip-refuse-to-participate.md b/content/activism/toolbox/tip-refuse-to-participate.md
index e499c1bc..b11a5380 100644
--- a/content/activism/toolbox/tip-refuse-to-participate.md
+++ b/content/activism/toolbox/tip-refuse-to-participate.md
@@ -56,7 +56,7 @@ There are many ways to refuse to participate in privacy-invasive practices and p
 
 - Inform yourself in advance about potential legal options to opt out of privacy-invasive technologies such as airport facial scanner.
 
-- Refuse to provide an official piece of ID online for purposes that aren't strictly necessary, such as government requests. Do not comply with intrusive [age-verification](https://www.privacyguides.org/articles/2025/05/06/age-verification-wants-your-face/) processes. Leave your account abandoned instead, or [delete it](../../basics/account-deletion.md) if you still can. Additionally, consider contacting your government representatives and the platform's complaint email to voice your privacy concerns about such practice.
+- Refuse to provide an official piece of ID online for purposes that aren't strictly necessary, such as government requests. Do not comply with intrusive [age-verification](https://www.privacyguides.org/articles/2025/05/06/age-verification-wants-your-face/) processes. Leave your account abandoned instead, or [delete it](../../wiki/basics/account-deletion/_index.md) if you still can. Additionally, consider contacting your government representatives and the platform's complaint email to voice your privacy concerns about such practice.
 
 - [Report privacy violations](tip-report-privacy-violations.md) of your local privacy laws whenever you can.
 
diff --git a/content/tools/advanced/alternative-networks/_index.md b/content/tools/advanced/alternative-networks/_index.md
index 54e1ac4f..f6e0e6e9 100644
--- a/content/tools/advanced/alternative-networks/_index.md
+++ b/content/tools/advanced/alternative-networks/_index.md
@@ -9,7 +9,7 @@ description: These tools allow you to access networks other than the World Wide
 
 ## Anonymizing Networks
 
-When it comes to anonymizing networks, we want to specially note that [Tor](../../../wiki/advanced/tor-overview.md) is our top choice. It is by far the most utilized, robustly studied, and actively developed anonymous network. Using other networks could be more likely to endanger your [:material-incognito: Anonymity](../../../wiki/basics/common-threats.md#anonymity-vs-privacy){ .pg-purple }, unless you know what you're doing.
+When it comes to anonymizing networks, we want to specially note that [Tor](../../../wiki/advanced/tor-overview/_index.md) is our top choice. It is by far the most utilized, robustly studied, and actively developed anonymous network. Using other networks could be more likely to endanger your [:material-incognito: Anonymity](../../../wiki/basics/common-threats.md#anonymity-vs-privacy){ .pg-purple }, unless you know what you're doing.
 
 <div class="pg-card-logos">
 {{< cards >}}
@@ -33,7 +33,7 @@ The recommended way to access the Tor network is via the official Tor Browser, w
 
 [Tor Browser Info :material-arrow-right-drop-circle:](../../software/tor/_index.md){ .md-button .md-button--primary }
 
-[Detailed Tor Overview :material-arrow-right-drop-circle:](../../../wiki/advanced/tor-overview.md){ .md-button }
+[Detailed Tor Overview :material-arrow-right-drop-circle:](../../../wiki/advanced/tor-overview/_index.md){ .md-button }
 
 You can access the Tor network using other tools; making this determination comes down to your threat model. If you are a casual Tor user who is not worried about your ISP collecting evidence against you, using apps like [Orbot](#orbot) or mobile browser apps to access the Tor network is probably fine. Increasing the number of people who use Tor on an everyday basis helps reduce the bad stigma of Tor, and lowers the quality of "lists of Tor users" that ISPs and governments may compile.
 
diff --git a/content/tools/hardware/security-keys/_index.md b/content/tools/hardware/security-keys/_index.md
index d851b4f2..02a34107 100644
--- a/content/tools/hardware/security-keys/_index.md
+++ b/content/tools/hardware/security-keys/_index.md
@@ -6,7 +6,7 @@ description: These security keys provide a form of phishing-immune authenticatio
 [{{< badge content="Targeted Attacks" color="red" >}}](../../../wiki/basics/common-threats.md#attacks-against-specific-individuals)
 [{{< badge content="Passive Attacks" color="amber" >}}](../../../wiki/basics/common-threats.md#security-and-privacy)
 
-A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](../../software/multi-factor-authentication/_index.md), the [FIDO2](../../../wiki/basics/multi-factor-authentication.md#fido-fast-identity-online) security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multifactor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
+A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](../../software/multi-factor-authentication/_index.md), the [FIDO2](../../../wiki/basics/multi-factor-authentication/_index.md#fido-fast-identity-online) security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multifactor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
 
 <div class="pg-card-logos">
 {{< cards >}}
diff --git a/content/tools/services/email/_index.md b/content/tools/services/email/_index.md
index 8ca9160a..afdf92e8 100644
--- a/content/tools/services/email/_index.md
+++ b/content/tools/services/email/_index.md
@@ -144,7 +144,7 @@ Mailbox Mail doesn't accept any cryptocurrencies as a result of their payment pr
 
 #### :material-check:{ .pg-green } Account Security
 
-Mailbox Mail supports [two-factor authentication](https://kb.mailbox.org/en/private/security-and-privacy/how-to-use-two-factor-authentication-2fa/) for their webmail only. You can use either TOTP or a [YubiKey](../../hardware/security-keys/_index.md#yubikey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](../../../wiki/basics/multi-factor-authentication.md#fido-fast-identity-online) are not yet supported.
+Mailbox Mail supports [two-factor authentication](https://kb.mailbox.org/en/private/security-and-privacy/how-to-use-two-factor-authentication-2fa/) for their webmail only. You can use either TOTP or a [YubiKey](../../hardware/security-keys/_index.md#yubikey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](../../../wiki/basics/multi-factor-authentication/_index.md#fido-fast-identity-online) are not yet supported.
 
 #### :material-information-outline:{ .pg-blue } Data Security
 
@@ -277,7 +277,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w
 
 **Minimum to Qualify:**
 
-- Protection of webmail with 2FA, such as [TOTP](../../../wiki/basics/multi-factor-authentication.md#time-based-one-time-password-totp).
+- Protection of webmail with 2FA, such as [TOTP](../../../wiki/basics/multi-factor-authentication/_index.md#time-based-one-time-password-totp).
 - Encryption at rest, using asymmetric encryption where the service provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to, or a remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
 - [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) support.
 - No TLS errors or vulnerabilities when being profiled by tools such as [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh), or [Qualys SSL Labs](https://ssllabs.com/ssltest); this includes certificate related errors and weak DH parameters, such as those that led to [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)).
@@ -295,7 +295,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w
 
 **Best Case:**
 
-- Should support hardware authentication, i.e. U2F and [WebAuthn](../../../wiki/basics/multi-factor-authentication.md#fido-fast-identity-online).
+- Should support hardware authentication, i.e. U2F and [WebAuthn](../../../wiki/basics/multi-factor-authentication/_index.md#fido-fast-identity-online).
 - [DNS Certification Authority Authorization (CAA) Resource Record](https://tools.ietf.org/html/rfc6844) in addition to DANE support.
 - Should implement [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), which is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617).
 - Published security audits from a reputable, third-party firm.
diff --git a/content/tools/services/messengers/_index.md b/content/tools/services/messengers/_index.md
index 7fe37cfb..7afb4a57 100644
--- a/content/tools/services/messengers/_index.md
+++ b/content/tools/services/messengers/_index.md
@@ -17,7 +17,7 @@ description: Encrypted messengers like Signal and SimpleX keep your sensitive co
 {{< /cards >}}
 </div>
 
-These recommendations for encrypted **real-time communication** are great for securing your sensitive communications. These instant messengers come in the form of many [types of communication networks](../../../wiki/advanced/communication-network-types.md).
+These recommendations for encrypted **real-time communication** are great for securing your sensitive communications. These instant messengers come in the form of many [types of communication networks](../../../wiki/advanced/communication-networks/_index.md).
 
 [Video: It's time to stop using SMS](https://www.privacyguides.org/videos/2025/01/24/its-time-to-stop-using-sms-heres-why)
 
@@ -145,7 +145,7 @@ Our best-case criteria represents what we would like to see from the perfect pro
 
 - Should support future secrecy (post-compromise security)[^2]
 - Should have open-source servers.
-- Should use a decentralized network, i.e. [federated or P2P](../../../wiki/advanced/communication-network-types.md).
+- Should use a decentralized network, i.e. [federated or P2P](../../../wiki/advanced/communication-networks/_index.md).
 - Should use E2EE for all messages by default.
 - Should support Linux, macOS, Windows, Android, and iOS.
 
diff --git a/content/tools/services/vpn/_index.md b/content/tools/services/vpn/_index.md
index c758035e..3b290ac4 100644
--- a/content/tools/services/vpn/_index.md
+++ b/content/tools/services/vpn/_index.md
@@ -20,7 +20,7 @@ If you're looking for additional *privacy* from your ISP, on a public Wi-Fi netw
 >
 > If you are looking for **anonymity**, you should use the Tor Browser. If you're looking for added **security**, you should always ensure you're connecting to websites using HTTPS. A VPN is not a replacement for good security practices.
 >
-> [Introduction to the Tor Browser](../../software/tor/_index.md#tor-browser) · [Tor Myths & FAQ](../../../wiki/advanced/tor-overview.md)
+> [Introduction to the Tor Browser](../../software/tor/_index.md#tor-browser) · [Tor Myths & FAQ](../../../wiki/advanced/tor-overview/_index.md)
 
 [Detailed VPN Overview](../../../wiki/basics/vpn-overview.md)
 
diff --git a/content/tools/software/email-clients/_index.md b/content/tools/software/email-clients/_index.md
index 377c3496..8071fc51 100644
--- a/content/tools/software/email-clients/_index.md
+++ b/content/tools/software/email-clients/_index.md
@@ -6,7 +6,7 @@ description: These email clients are privacy-respecting and support OpenPGP emai
 [{{< badge content="Service Providers" color="indigo" >}}](../../../wiki/basics/common-threats.md#privacy-from-service-providers)
 [{{< badge content="Targeted Attacks" color="red" >}}](../../../wiki/basics/common-threats.md#attacks-against-specific-individuals)
 
-The **email clients** we recommend support both [OpenPGP](../encryption/_index.md#openpgp) and strong authentication such as [Open Authorization (OAuth)](../../../wiki/basics/account-creation.md#sign-in-with-oauth). OAuth allows you to use [Multi-Factor Authentication](../../../wiki/basics/multi-factor-authentication.md) to prevent account theft.
+The **email clients** we recommend support both [OpenPGP](../encryption/_index.md#openpgp) and strong authentication such as [Open Authorization (OAuth)](../../../wiki/basics/account-creation.md#sign-in-with-oauth). OAuth allows you to use [Multi-Factor Authentication](../../../wiki/basics/multi-factor-authentication/_index.md) to prevent account theft.
 
 <details class="warning" markdown>
 <summary>Email does not provide forward secrecy</summary>
diff --git a/content/tools/software/tor/_index.md b/content/tools/software/tor/_index.md
index 715ae19d..f299513e 100644
--- a/content/tools/software/tor/_index.md
+++ b/content/tools/software/tor/_index.md
@@ -9,13 +9,13 @@ description: Protect your internet browsing from prying eyes by using the Tor ne
 
 **Tor** is a group of volunteer-operated servers that allows you to connect for free and improve your privacy and security on the Internet. Individuals and organizations can also share information over the Tor network with ".onion hidden services" without compromising their privacy. Because Tor traffic is difficult to block and trace, Tor is an effective censorship circumvention tool.
 
-[Detailed Tor Overview :material-arrow-right-drop-circle:](../../../wiki/advanced/tor-overview.md)
+[Detailed Tor Overview :material-arrow-right-drop-circle:](../../../wiki/advanced/tor-overview/_index.md)
 { .md-button .md-button--primary }
 [:material-movie-open-play-outline: Video: Why You Need Tor](https://www.privacyguides.org/videos/2025/03/02/why-you-need-tor)
 { .md-button }
 
 > [!TIP]
-> Before connecting to Tor, please ensure you've read our [overview](../../../wiki/advanced/tor-overview.md) on what Tor is and how to connect to it safely. We often recommend connecting to Tor through a trusted [VPN provider](../../services/vpn/_index.md), but you have to do so **properly** to avoid decreasing your anonymity.
+> Before connecting to Tor, please ensure you've read our [overview](../../../wiki/advanced/tor-overview/_index.md) on what Tor is and how to connect to it safely. We often recommend connecting to Tor through a trusted [VPN provider](../../services/vpn/_index.md), but you have to do so **properly** to avoid decreasing your anonymity.
 
 
 There are a variety of ways to connect to the Tor network from your device, the most commonly used being the **Tor Browser**, a fork of Firefox designed for [:material-incognito: anonymous](../../../wiki/basics/common-threats.md#anonymity-vs-privacy){ .pg-purple } browsing for desktop computers and Android.
diff --git a/content/wiki/advanced/communication-networks/_index.md b/content/wiki/advanced/communication-networks/_index.md
index 3bf5cfe1..01ff973f 100644
--- a/content/wiki/advanced/communication-networks/_index.md
+++ b/content/wiki/advanced/communication-networks/_index.md
@@ -86,7 +86,7 @@ P2P networks do not use servers, as peers communicate directly between each othe
 
 A messenger using [anonymous routing](https://doi.org/10.1007/978-1-4419-5906-5_628) hides either the identity of the sender, the receiver, or evidence that they have been communicating. Ideally, a messenger should hide all three.
 
-There are [many](https://doi.org/10.1145/3182658) ways to implement anonymous routing. One of the most famous is [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (i.e. [Tor](../tor-overview.md)), which communicates encrypted messages through a virtual [overlay network](https://en.wikipedia.org/wiki/Overlay_network) that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly and only meet through a secret rendezvous node so that there is no leak of IP addresses nor physical location. Nodes cannot decrypt messages, nor the final destination; only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers."
+There are [many](https://doi.org/10.1145/3182658) ways to implement anonymous routing. One of the most famous is [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (i.e. [Tor](../tor-overview/_index.md)), which communicates encrypted messages through a virtual [overlay network](https://en.wikipedia.org/wiki/Overlay_network) that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly and only meet through a secret rendezvous node so that there is no leak of IP addresses nor physical location. Nodes cannot decrypt messages, nor the final destination; only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers."
 
 Self-hosting a node in an anonymous routing network does not provide the host with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
 
diff --git a/content/wiki/advanced/dns-overview.md b/content/wiki/advanced/dns-overview.md
index cc713204..c712220e 100644
--- a/content/wiki/advanced/dns-overview.md
+++ b/content/wiki/advanced/dns-overview.md
@@ -131,7 +131,7 @@ We can see the [connection establishment](https://en.wikipedia.org/wiki/Transmis
 
 ## Why **shouldn't** I use encrypted DNS?
 
-In locations where there is internet filtering (or censorship), visiting forbidden resources may have its own consequences which you should consider in your [threat model](../basics/threat-modeling.md). We do **not** suggest the use of encrypted DNS for this purpose. Use [Tor](tor-overview.md) or a [VPN](../../tools/services/vpn/_index.md) instead. If you're using a VPN, you should use your VPN's DNS servers. When using a VPN, you are already trusting them with all your network activity.
+In locations where there is internet filtering (or censorship), visiting forbidden resources may have its own consequences which you should consider in your [threat model](../basics/threat-modeling.md). We do **not** suggest the use of encrypted DNS for this purpose. Use [Tor](tor-overview/_index.md) or a [VPN](../../tools/services/vpn/_index.md) instead. If you're using a VPN, you should use your VPN's DNS servers. When using a VPN, you are already trusting them with all your network activity.
 
 When we do a DNS lookup, it's generally because we want to access a resource. Below, we will discuss some of the methods that may disclose your browsing activities even when using encrypted DNS:
 
diff --git a/content/wiki/advanced/payments.md b/content/wiki/advanced/payments.md
index 2db8102b..6029d275 100644
--- a/content/wiki/advanced/payments.md
+++ b/content/wiki/advanced/payments.md
@@ -87,7 +87,7 @@ If you go this route, make sure to purchase Monero at different times and in dif
 
 When you're making a payment in person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself.
 
-When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../../tools/services/vpn/_index.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address.
+When purchasing online, ideally you should do so over [Tor](tor-overview/_index.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../../tools/services/vpn/_index.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address.
 
 <!-- TODO: Admonition -->
 <div class="admonition tip" markdown>
diff --git a/content/wiki/advanced/tor-overview/_index.md b/content/wiki/advanced/tor-overview/_index.md
index 932cf173..7c3ec184 100644
--- a/content/wiki/advanced/tor-overview/_index.md
+++ b/content/wiki/advanced/tor-overview/_index.md
@@ -4,11 +4,11 @@ weight: 20
 description: Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible.
 ---
 
-![Tor logo](/assets/img/self-contained-networks/tor.svg){ align=right }
+![Tor logo](./tor.svg)
 
 [**Tor**](../../tools/advanced/alternative-networks/_index.md#tor) is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications. Because Tor traffic is difficult to block and trace, Tor is an effective censorship circumvention tool.
 
-[:material-movie-open-play-outline: Video: Why You Need Tor](https://www.privacyguides.org/videos/2025/03/02/why-you-need-tor){ .md-button }
+[:material-movie-open-play-outline: Video: Why You Need Tor](https://www.privacyguides.org/videos/2025/03/02/why-you-need-tor)
 
 Tor works by routing your internet traffic through volunteer-operated servers instead of making a direct connection to the site you're trying to visit. This obfuscates where the traffic is coming from, and no server in the connection path is able to see the full path of where the traffic is coming from and going to, meaning even the servers you are using to connect cannot break your anonymity.
 
@@ -31,7 +31,7 @@ If you have the ability to access a trusted VPN provider and **any** of the foll
 - Your threat model includes your ISP itself as an adversary
 - Your threat model includes local network administrators before your ISP as an adversary
 
-Because we already [generally recommend](../basics/vpn-overview.md) that the vast majority of people use a trusted VPN provider for a variety of reasons, the following recommendation about connecting to Tor via a VPN likely applies to you. <mark>There is no need to disable your VPN before connecting to Tor</mark>, as some online resources would lead you to believe.
+Because we already [generally recommend](../../basics/vpn-overview.md) that the vast majority of people use a trusted VPN provider for a variety of reasons, the following recommendation about connecting to Tor via a VPN likely applies to you. <mark>There is no need to disable your VPN before connecting to Tor</mark>, as some online resources would lead you to believe.
 
 Connecting directly to Tor will make your connection stand out to any local network administrators or your ISP. Detecting and correlating this traffic [has been done](https://edition.cnn.com/2013/12/17/justice/massachusetts-harvard-hoax) in the past by network administrators to identify and deanonymize specific Tor users on their network. On the other hand, connecting to a VPN is almost always less suspicious, because commercial VPN providers are used by everyday consumers for a variety of mundane tasks like bypassing geo-restrictions, even in countries with heavy internet restrictions.
 
@@ -100,7 +100,7 @@ Additionally, Tor Browser is based on Firefox's Extended Support Release builds,
 1. Look for new Critical/High vulnerabilities in Firefox nightly or beta builds, then check if they are exploitable in Tor Browser (this vulnerability period can last weeks).
 2. Chain *multiple* Medium/Low vulnerabilities together until they get the level of access they're looking for (this vulnerability period can last months or longer).
 
-Those at risk of browser vulnerabilities should consider additional protections to defend against Tor Browser exploits, such as using Whonix in [Qubes](../os/qubes/_index.md) to contain your Tor browsing in a secure virtual machine and protect against leaks.
+Those at risk of browser vulnerabilities should consider additional protections to defend against Tor Browser exploits, such as using Whonix in [Qubes](../../os/qubes/_index.md) to contain your Tor browsing in a secure virtual machine and protect against leaks.
 
 ## Path Building to Clearnet Services
 
@@ -109,8 +109,8 @@ Those at risk of browser vulnerabilities should consider additional protections
 Every time you [connect to Tor](../../tools/software/tor/_index.md), it will choose three nodes to build a path to the internet—this path is called a "circuit."
 
 <figure markdown>
-  ![Tor path showing your device connecting to an entry node, middle node, and exit node before reaching the destination website](/assets/img/how-tor-works/tor-path.svg#only-light)
-  ![Tor path showing your device connecting to an entry node, middle node, and exit node before reaching the destination website](/assets/img/how-tor-works/tor-path-dark.svg#only-dark)
+  ![Tor path showing your device connecting to an entry node, middle node, and exit node before reaching the destination website](./tor-path.svg#only-light)
+  ![Tor path showing your device connecting to an entry node, middle node, and exit node before reaching the destination website](./tor-path-dark.svg#only-dark)
   <figcaption>Tor circuit pathway</figcaption>
 </figure>
 
@@ -145,8 +145,8 @@ The exit node will be chosen at random from all available Tor nodes ran with an
 Connecting to an Onion Service in Tor works very similarly to connecting to a clearnet service, but your traffic is routed through a total of **six** nodes before reaching the destination server. Just like before, however, only three of these nodes are contributing to *your* anonymity, the other three nodes protect *the Onion Service's* anonymity, hiding the website's true IP and location in the same manner that Tor Browser is hiding yours.
 
 <figure style="width:100%" markdown>
-  ![Tor path showing your traffic being routed through your three Tor nodes plus three additional Tor nodes which hide the website's identity](/assets/img/how-tor-works/tor-path-hidden-service.svg#only-light)
-  ![Tor path showing your traffic being routed through your three Tor nodes plus three additional Tor nodes which hide the website's identity](/assets/img/how-tor-works/tor-path-hidden-service-dark.svg#only-dark)
+  ![Tor path showing your traffic being routed through your three Tor nodes plus three additional Tor nodes which hide the website's identity](./tor-path-hidden-service.svg#only-light)
+  ![Tor path showing your traffic being routed through your three Tor nodes plus three additional Tor nodes which hide the website's identity](./tor-path-hidden-service-dark.svg#only-dark)
   <figcaption>Tor circuit pathway with Onion Services. Nodes in the <span class="pg-blue">blue</span> fence belong to your browser, while nodes in the <span class="pg-red">red</span> fence belong to the server, so their identity is hidden from you.</figcaption>
 </figure>
 
@@ -165,8 +165,8 @@ Once Tor has built a circuit, data transmission is done as follows:
 Below is an alternative diagram showing the process. Each node removes its own layer of encryption, and when the destination server returns data, the same process happens entirely in reverse. For example, the exit node does not know who you are, but it does know which node it came from, and so it adds its own layer of encryption and sends it back.
 
 <figure markdown>
-  ![Tor encryption](/assets/img/how-tor-works/tor-encryption.svg#only-light)
-  ![Tor encryption](/assets/img/how-tor-works/tor-encryption-dark.svg#only-dark)
+  ![Tor encryption](./tor-encryption.svg#only-light)
+  ![Tor encryption](./tor-encryption-dark.svg#only-dark)
   <figcaption>Sending and receiving data through the Tor Network</figcaption>
 </figure>
 
diff --git a/content/wiki/advanced/tor-overview/tor.svg b/content/wiki/advanced/tor-overview/tor.svg
new file mode 100644
index 00000000..5943e96e
--- /dev/null
+++ b/content/wiki/advanced/tor-overview/tor.svg
@@ -0,0 +1 @@
+<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><defs><linearGradient id="linearGradient9148" x1="256" x2="256" y1="512" gradientUnits="userSpaceOnUse" xlink:href="#linearGradient-1"/><linearGradient id="linearGradient-1" x1=".5" x2=".5" y1="1"><stop stop-color="#420C5D" offset="0"/><stop stop-color="#951AD1" offset="1"/></linearGradient><filter id="filter-3" x="-.13853" y="-.052174" width="1.2424" height="1.1043"><feOffset dx="-8" dy="0" in="SourceAlpha" result="shadowOffsetOuter1"/><feGaussianBlur in="shadowOffsetOuter1" result="shadowBlurOuter1" stdDeviation="10"/><feColorMatrix in="shadowBlurOuter1" values="0 0 0 0 0.250980392 0 0 0 0 0.250980392 0 0 0 0 0.250980392 0 0 0 0.2 0"/></filter><linearGradient id="linearGradient9150" x1="198.27" x2="198.27" y1="346.53" y2="20.551" gradientTransform="scale(.70864 1.4111)" gradientUnits="userSpaceOnUse" xlink:href="#linearGradient-1"/></defs><g id="Assets" transform="matrix(.066017 0 0 .066017 .032876 -.00026436)" fill="none" fill-rule="evenodd"><g id="Group"><g id="tb_icon/Stable"><g id="Stable"><circle id="background" cx="256" cy="256" r="246" fill="#f2e4ff" fill-rule="nonzero"/><path id="center" d="m256.53 465.44v-31.033c98.301-0.28386 177.9-80.042 177.9-178.41 0-98.365-79.595-178.12-177.9-178.41v-31.033c115.44 0.29096 208.92 93.937 208.92 209.44 0 115.51-93.482 209.16-208.92 209.45zm0-108.62c55.445-0.29095 100.32-45.304 100.32-100.83 0-55.516-44.878-100.53-100.32-100.82v-31.026c72.59 0.28386 131.36 59.192 131.36 131.85 0 72.661-58.766 131.57-131.36 131.85zm0-155.1c29.742 0.28386 53.777 24.462 53.777 54.274 0 29.82-24.036 53.997-53.777 54.281zm-256.53 54.274c0 141.39 114.61 256.01 256 256.01 141.38 0 256-114.62 256-256.01 0-141.38-114.62-255.99-256-255.99-141.39 0-256 114.61-256 255.99z" fill="url(#linearGradient9148)"/><g id="half" transform="matrix(-1,0,0,1,281,0)"><path d="m25 29c127.58 0 231 102.97 231 230s-103.42 230-231 230z" fill="#000" filter="url(#filter-3)"/><path d="m25 29c127.58 0 231 102.97 231 230s-103.42 230-231 230z" fill="url(#linearGradient9150)" fill-rule="evenodd"/></g></g></g></g></g></svg>
diff --git a/content/wiki/basics/account-creation.md b/content/wiki/basics/account-creation.md
index 5e0df26b..3417cd2e 100644
--- a/content/wiki/basics/account-creation.md
+++ b/content/wiki/basics/account-creation.md
@@ -9,7 +9,7 @@ Often people sign up for services without thinking. Maybe it's a streaming servi
 
 There are risks associated with every new service that you use. Data breaches; disclosure of customer information to third parties; rogue employees accessing data; all are possibilities that must be considered when giving your information out. You need to be confident that you can trust the service, which is why we don't recommend storing valuable data on anything but the most mature and battle-tested products. That usually means services which provide E2EE and have undergone a cryptographic audit. An audit increases assurance that the product was designed without glaring security issues caused by an inexperienced developer.
 
-It can also be difficult to delete the accounts on some services. Sometimes [overwriting data](account-deletion.md#overwriting-account-information) associated with an account can be possible, but in other cases the service will keep an entire history of changes to the account.
+It can also be difficult to delete the accounts on some services. Sometimes [overwriting data](account-deletion/_index.md#overwriting-account-information) associated with an account can be possible, but in other cases the service will keep an entire history of changes to the account.
 
 ## Terms of Service & Privacy Policy
 
@@ -33,7 +33,7 @@ The most common way to create a new account is by an email address and password.
 > You can use your password manager to organize other authentication methods too! Just add the new entry and fill the appropriate fields, you can add notes for things like security questions or a backup key.
 
 
-You will be responsible for managing your login credentials. For added security, you can set up [MFA](multi-factor-authentication.md) on your accounts.
+You will be responsible for managing your login credentials. For added security, you can set up [MFA](multi-factor-authentication/_index.md) on your accounts.
 
 [Recommended password managers](../../tools/software/passwords/_index.md){ .md-button }
 
@@ -61,7 +61,7 @@ But there are disadvantages:
 - **Privacy**: The OAuth provider you log in with will know the services you use.
 - **Centralization**: If the account you use for OAuth is compromised, or you aren't able to log in to it, all other accounts connected to it are affected.
 
-OAuth can be especially useful in those situations where you could benefit from deeper integration between services. Our recommendation is to limit using OAuth to only where you need it, and always protect the main account with [MFA](multi-factor-authentication.md).
+OAuth can be especially useful in those situations where you could benefit from deeper integration between services. Our recommendation is to limit using OAuth to only where you need it, and always protect the main account with [MFA](multi-factor-authentication/_index.md).
 
 All the services that use OAuth will be as secure as your underlying OAuth provider's account. For example, if you want to secure an account with a hardware key, but that service doesn't support hardware keys, you can secure the account you use with OAuth with a hardware key instead, and now you essentially have hardware MFA on all your accounts. It is worth noting though that weak authentication on your OAuth provider account means that any account tied to that login will also be weak.
 
diff --git a/content/wiki/basics/account-deletion/_index.md b/content/wiki/basics/account-deletion/_index.md
index 14a3f41d..29f8b86b 100644
--- a/content/wiki/basics/account-deletion/_index.md
+++ b/content/wiki/basics/account-deletion/_index.md
@@ -12,7 +12,7 @@ Over time, it can be easy to accumulate a number of online accounts, many of whi
 If you have a password manager that you've used for your entire digital life, this part will be very easy. Oftentimes, they include built-in functionality for detecting if your credentials were exposed in a data breach—such as Bitwarden's [Data Breach Report](https://bitwarden.com/blog/have-you-been-pwned).
 
 <figure markdown>
-  ![Bitwarden's Data Breach Report feature](/assets/img/account-deletion/exposed_passwords.png)
+  ![Bitwarden's Data Breach Report feature](./exposed_passwords.png)
 </figure>
 
 Even if you haven't explicitly used a password manager before, there's a chance you've used the one in your browser ([Firefox](https://support.mozilla.org/kb/password-manager-remember-delete-edit-logins), [Chrome](https://passwords.google.com/intro), [Edge](https://support.microsoft.com/microsoft-edge/save-or-forget-passwords-in-microsoft-edge-b4beecb0-f2a8-1ca0-f26f-9ec247a3f336)) or your phone ([Google](https://passwords.google.com/intro) on stock Android, [Passwords](https://support.apple.com/HT211146) on iOS) without even realizing it.
@@ -49,7 +49,7 @@ For the account email, either create a new alternate email account via your prov
 
 You can check [JustDeleteMe](https://justdeleteme.xyz) for instructions on deleting the account for a specific service. Some sites will graciously have a "Delete Account" option, while others will go as far as to force you to speak with a support agent. The deletion process can vary from site to site, with account deletion being impossible on some.
 
-For services that don't allow account deletion, the best thing to do is falsify all your information as previously mentioned and strengthen account security. To do so, enable [MFA](multi-factor-authentication.md) and any extra security features offered. As well, change the password to a randomly-generated one that is the maximum allowed size (a [password manager](../../tools/software/passwords/_index.md) can be useful for this).
+For services that don't allow account deletion, the best thing to do is falsify all your information as previously mentioned and strengthen account security. To do so, enable [MFA](../multi-factor-authentication/_index.md) and any extra security features offered. As well, change the password to a randomly-generated one that is the maximum allowed size (a [password manager](../../tools/software/passwords/_index.md) can be useful for this).
 
 If you're satisfied that all information you care about is removed, you can safely forget about this account. If not, it might be a good idea to keep the credentials stored with your other passwords and occasionally re-login to reset the password.
 
diff --git a/content/wiki/basics/common-threats.md b/content/wiki/basics/common-threats.md
index 7a553c79..81efd2ac 100644
--- a/content/wiki/basics/common-threats.md
+++ b/content/wiki/basics/common-threats.md
@@ -186,7 +186,7 @@ Additionally, even companies outside the *AdTech* or tracking industry can share
 
 The best way to keep your data private is simply not making it public in the first place. Deleting unwanted information you find about yourself online is one of the best first steps you can take to regain your privacy.
 
-- [View our guide on account deletion :material-arrow-right-drop-circle:](account-deletion.md)
+- [View our guide on account deletion :material-arrow-right-drop-circle:](account-deletion/_index.md)
 
 On sites where you do share information, checking the privacy settings of your account to limit how widely that data is spread is very important. For example, enable "private mode" on your accounts if given the option: This ensures that your account isn't being indexed by search engines, and that it can't be viewed without your permission.
 
@@ -200,7 +200,7 @@ Censorship online can be carried out (to varying degrees) by actors including to
 
 Censorship on corporate platforms is increasingly common, as platforms like Twitter and Facebook give in to public demand, market pressures, and pressures from government agencies. Government pressures can be covert requests to businesses, such as the White House [requesting the takedown](https://nytimes.com/2012/09/17/technology/on-the-web-a-fine-line-on-free-speech-across-globe.html) of a provocative YouTube video, or overt, such as the Chinese government requiring companies to adhere to a strict regime of censorship.
 
-People concerned with the threat of censorship can use technologies like [Tor](../advanced/tor-overview.md) to circumvent it, and support censorship-resistant communication platforms like [Matrix](../../tools/software/social-networks/_index.md#element), which doesn't have a centralized account authority that can close accounts arbitrarily.
+People concerned with the threat of censorship can use technologies like [Tor](../advanced/tor-overview/_index.md) to circumvent it, and support censorship-resistant communication platforms like [Matrix](../../tools/software/social-networks/_index.md#element), which doesn't have a centralized account authority that can close accounts arbitrarily.
 
 > [!TIP]
 > While evading censorship itself can be easy, hiding the fact that you are doing it can be very problematic.
diff --git a/content/wiki/basics/email-security.md b/content/wiki/basics/email-security.md
index f865bc38..94fe22c0 100644
--- a/content/wiki/basics/email-security.md
+++ b/content/wiki/basics/email-security.md
@@ -29,7 +29,7 @@ If you use a shared domain from a provider which doesn't support WKD, like `@gma
 
 ### What Email Clients Support E2EE?
 
-Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../../tools/software/email-clients/_index.md). Depending on the authentication method, this may lead to decreased security if either the provider or the email client does not support [OAuth](account-creation.md#sign-in-with-oauth) or a bridge application as [multifactor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
+Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../../tools/software/email-clients/_index.md). Depending on the authentication method, this may lead to decreased security if either the provider or the email client does not support [OAuth](account-creation.md#sign-in-with-oauth) or a bridge application as [multifactor authentication](multi-factor-authentication/_index.md) is not possible with plain password authentication.
 
 ### How Do I Protect My Private Keys?
 
diff --git a/content/wiki/basics/hardware.md b/content/wiki/basics/hardware.md
index 1fe09121..08341d65 100644
--- a/content/wiki/basics/hardware.md
+++ b/content/wiki/basics/hardware.md
@@ -69,7 +69,7 @@ Some threats can't be protected against by your internal components alone. Many
 
 Hardware keys are devices that use strong cryptography to authenticate you to a device or account. The idea is that because they can not be copied, you can use them to secure accounts in such a way that they can only be accessed with physical possession of the key, eliminating many remote attacks.
 
-[Recommended Hardware Keys :material-arrow-right-drop-circle:](../../tools/hardware/security-keys/_index.md){ .md-button .md-button--primary } [Learn More about Hardware Keys :material-arrow-right-drop-circle:](multi-factor-authentication.md#hardware-security-keys){ .md-button }
+[Recommended Hardware Keys :material-arrow-right-drop-circle:](../../tools/hardware/security-keys/_index.md){ .md-button .md-button--primary } [Learn More about Hardware Keys :material-arrow-right-drop-circle:](multi-factor-authentication/_index.md#hardware-security-keys){ .md-button }
 
 ### Camera/Microphone
 
diff --git a/content/wiki/basics/multi-factor-authentication/_index.md b/content/wiki/basics/multi-factor-authentication/_index.md
index 0b8f8899..66bbcd46 100644
--- a/content/wiki/basics/multi-factor-authentication/_index.md
+++ b/content/wiki/basics/multi-factor-authentication/_index.md
@@ -52,7 +52,7 @@ When logging into a website, all you need to do is to physically touch the secur
 The service will then forward the one-time password to the Yubico OTP server for validation. A counter is incremented both on the key and Yubico's validation server. The OTP can only be used once, and when a successful authentication occurs, the counter is increased which prevents reuse of the OTP. Yubico provides a [detailed document](https://developers.yubico.com/OTP/OTPs_Explained.html) about the process.
 
 <figure markdown>
-  ![Yubico OTP](/assets/img/multi-factor-authentication/yubico-otp.png)
+  ![Yubico OTP](./yubico-otp.png)
 </figure>
 
 There are some benefits and disadvantages to using Yubico OTP when compared to TOTP.
@@ -70,7 +70,7 @@ U2F and FIDO2 refer to the [Client to Authenticator Protocol](https://en.wikiped
 WebAuthn is the most secure and private form of second factor authentication. While the authentication experience is similar to Yubico OTP, the key does not print out a one-time password and validate with a third-party server. Instead, it uses [public key cryptography](https://en.wikipedia.org/wiki/Public-key_cryptography) for authentication.
 
 <figure markdown>
-  ![FIDO](/assets/img/multi-factor-authentication/fido.png)
+  ![FIDO](./fido.png)
 </figure>
 
 When you create an account, the public key is sent to the service, then when you log in, the service will require you to "sign" some data with your private key. The benefit of this is that no password data is ever stored by the service, so there is nothing for an adversary to steal.
diff --git a/content/wiki/basics/passwords-overview.md b/content/wiki/basics/passwords-overview.md
index f81bb160..efdecd2f 100644
--- a/content/wiki/basics/passwords-overview.md
+++ b/content/wiki/basics/passwords-overview.md
@@ -164,7 +164,7 @@ There are many good options to choose from, both cloud-based and local. Choose o
 <div class="admonition warning" markdown>
 <p class="admonition-title">Don't place your passwords and TOTP tokens inside the same password manager</p>
 
-When using [TOTP codes as multifactor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../../tools/software/multi-factor-authentication/_index.md).
+When using [TOTP codes as multifactor authentication](multi-factor-authentication/_index.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../../tools/software/multi-factor-authentication/_index.md).
 
 Storing your TOTP tokens in the same place as your passwords, while convenient, reduces the accounts to a single factor in the event that an adversary gains access to your password manager.
 
diff --git a/content/wiki/basics/vpn-overview.md b/content/wiki/basics/vpn-overview.md
index bc66f21a..5c04d6ec 100644
--- a/content/wiki/basics/vpn-overview.md
+++ b/content/wiki/basics/vpn-overview.md
@@ -48,7 +48,7 @@ VPNs cannot encrypt data outside the connection between your device and the VPN
 
 Using a VPN in cases where you're using your [real-life or well-known identity](common-misconceptions.md#complicated-is-better) online is unlikely to be useful. Doing so may trigger spam and fraud detection systems, such as if you were to log into your bank's website.
 
-It's important to remember that a VPN will not provide you with absolute anonymity because the VPN provider itself will still have access to your real IP address, destination website information, and often a money trail that can be linked directly back to you. "No logging" policies are merely a promise; if you need complete safety from the network itself, consider using [Tor](../advanced/tor-overview.md) in addition to or instead of a VPN.
+It's important to remember that a VPN will not provide you with absolute anonymity because the VPN provider itself will still have access to your real IP address, destination website information, and often a money trail that can be linked directly back to you. "No logging" policies are merely a promise; if you need complete safety from the network itself, consider using [Tor](../advanced/tor-overview/_index.md) in addition to or instead of a VPN.
 
 You also should not trust a VPN to secure your connection to an unencrypted, HTTP destination. In order to keep what you actually do on the websites you visit private and secure, you must use HTTPS. This will keep your passwords, session tokens, and queries safe from the VPN provider and other potential adversaries in between the VPN server and your destination. You should enable HTTPS-only mode in your browser (if it's supported) to mitigate attacks which try to downgrade your connection from HTTPS to HTTP.
 
@@ -62,7 +62,7 @@ Another common reason encrypted DNS is recommended is that it prevents DNS spoof
 
 Maybe, Tor is not necessarily suitable for everybody in the first place. Consider your [threat model](threat-modeling.md), because if your adversary is not capable of extracting information from your VPN provider, using a VPN alone may provide enough protection.
 
-If you do use Tor then you are *probably* best off connecting to the Tor network via a commercial VPN provider. However, this is a complex subject which we've written more about on our [Tor overview](../advanced/tor-overview.md) page.
+If you do use Tor then you are *probably* best off connecting to the Tor network via a commercial VPN provider. However, this is a complex subject which we've written more about on our [Tor overview](../advanced/tor-overview/_index.md) page.
 
 ## Should I access Tor through VPN providers that provide "Tor nodes"?
 
diff --git a/content/wiki/os/android/_index.md b/content/wiki/os/android/_index.md
index 2cb0b624..d0559d84 100644
--- a/content/wiki/os/android/_index.md
+++ b/content/wiki/os/android/_index.md
@@ -4,7 +4,7 @@ icon: simple/android
 description: Android is an open-source operating system with strong security protections, which makes it our top choice for phones.
 robots: nofollow, max-snippet:-1, max-image-preview:large
 ---
-![Android logo](/assets/img/android/android.svg){ align=right }
+![Android logo](./android.svg){ align=right }
 
 The **Android Open Source Project** is a secure mobile operating system featuring strong [app sandboxing](https://source.android.com/security/app-sandbox), [Verified Boot](https://source.android.com/security/verifiedboot) (AVB), and a robust [permission](https://developer.android.com/guide/topics/permissions/overview) control system.
 
@@ -121,11 +121,11 @@ If you are using a device with Google services—whether with the stock operatin
 
 ### Advanced Protection Program
 
-If you have a Google account we suggest enrolling in the [Advanced Protection Program](https://landing.google.com/advancedprotection). It is available at no cost to anyone with two or more hardware security keys with [FIDO](../../basics/multi-factor-authentication.md#fido-fast-identity-online) support. Alternatively, you can use [passkeys](https://fidoalliance.org/passkeys).
+If you have a Google account we suggest enrolling in the [Advanced Protection Program](https://landing.google.com/advancedprotection). It is available at no cost to anyone with two or more hardware security keys with [FIDO](../../basics/multi-factor-authentication/_index.md#fido-fast-identity-online) support. Alternatively, you can use [passkeys](https://fidoalliance.org/passkeys).
 
 The Advanced Protection Program provides enhanced threat monitoring and enables:
 
-- Stricter two-factor authentication; e.g. that [FIDO](../../basics/multi-factor-authentication.md#fido-fast-identity-online) **must** be used and disallows the use of [SMS OTPs](../../basics/multi-factor-authentication.md#sms-or-email-mfa), [TOTP](../../basics/multi-factor-authentication.md#time-based-one-time-password-totp) and [OAuth](../../basics/account-creation.md#sign-in-with-oauth)
+- Stricter two-factor authentication; e.g. that [FIDO](../../basics/multi-factor-authentication/_index.md#fido-fast-identity-online) **must** be used and disallows the use of [SMS OTPs](../../basics/multi-factor-authentication/_index.md#sms-or-email-mfa), [TOTP](../../basics/multi-factor-authentication/_index.md#time-based-one-time-password-totp) and [OAuth](../../basics/account-creation.md#sign-in-with-oauth)
 - Only Google and verified third-party apps can access account data
 - Scanning of incoming emails on Gmail accounts for [phishing](https://en.wikipedia.org/wiki/Phishing#Email_phishing) attempts
 - Stricter [safe browser scanning](https://google.com/chrome/privacy/whitepaper.html#malware) with Google Chrome
diff --git a/content/wiki/os/android/android.svg b/content/wiki/os/android/android.svg
new file mode 100644
index 00000000..23190381
--- /dev/null
+++ b/content/wiki/os/android/android.svg
@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="-147 -70 294 345"><g fill="#a4c639"><use stroke="#FFF" stroke-width="14.4" xlink:href="#b"/><use transform="scale(-1,1)" xlink:href="#a"/><g id="a" stroke="#FFF" stroke-width="7.2"><rect width="13" height="86" x="14" y="-86" rx="6.5" transform="rotate(29)"/><rect id="c" width="48" height="133" x="-143" y="41" rx="24"/><use x="85" y="97" xlink:href="#c"/></g><g id="b"><ellipse cy="41" rx="91" ry="84"/><rect width="182" height="182" x="-91" y="20" rx="22"/></g></g><g fill="#FFF" stroke="#FFF" stroke-width="7.2"><path d="m-95 44.5h190"/><circle cx="-42" r="4"/><circle cx="42" r="4"/></g></svg>
\ No newline at end of file
diff --git a/content/wiki/os/ios/_index.md b/content/wiki/os/ios/_index.md
index 0f70d01a..19e214df 100644
--- a/content/wiki/os/ios/_index.md
+++ b/content/wiki/os/ios/_index.md
@@ -226,11 +226,11 @@ When an app prompts you for access to your device's photo library, iOS provides
 
 Rather than allow an app to access all the photos on your device, you can allow it to only access whichever photos you choose by tapping the "Select Photos..." option in the permission dialog. You can change photo access permissions at any time by navigating to **Settings** → **Privacy & Security** → **Photos**.
 
-![Photo Permissions](/assets/img/ios/photo-permissions-light.png#only-light) ![Photo Permissions](/assets/img/ios/photo-permissions-dark.png#only-dark)
+![Photo Permissions](./photo-permissions-light.png#only-light) ![Photo Permissions](./photo-permissions-dark.png#only-dark)
 
 **Add Photos Only** is a permission that only gives an app the ability to download photos to the photo library. Not all apps which request photo library access provide this option.
 
-![Private Access](/assets/img/ios/private-access-light.png#only-light) ![Private Access](/assets/img/ios/private-access-dark.png#only-dark)
+![Private Access](./private-access-light.png#only-light) ![Private Access](./private-access-dark.png#only-dark)
 
 Some apps also support **Private Access**, which functions similarly to the **Limited Access** permission. However, photos shared to apps using Private Access include their location by default. We recommend unchecking this setting if you do not [remove photo metadata](../../../tools/software/data-redaction/_index.md) beforehand.
 
@@ -238,7 +238,7 @@ Some apps also support **Private Access**, which functions similarly to the **Li
 
 Similarly, rather than allow an app to access all the contacts saved on your device, you can allow it to only access whichever contacts you choose. You can change contact access permissions at any time by navigating to **Settings** → **Privacy & Security** → **Contacts**.
 
-![Contact Permissions](/assets/img/ios/contact-permissions-light.png#only-light) ![Contact Permissions](/assets/img/ios/contact-permissions-dark.png#only-dark)
+![Contact Permissions](./contact-permissions-light.png#only-light) ![Contact Permissions](./contact-permissions-dark.png#only-dark)
 
 ### Require Biometrics and Hide Apps
 
diff --git a/content/wiki/os/qubes/_index.md b/content/wiki/os/qubes/_index.md
index b5fe460d..b3c62186 100644
--- a/content/wiki/os/qubes/_index.md
+++ b/content/wiki/os/qubes/_index.md
@@ -16,12 +16,12 @@ Some of the information here and on the Qubes OS documentation may contain confl
 
 </details>
 
-![Qubes architecture](/assets/img/qubes/qubes-trust-level-architecture.png)
+![Qubes architecture](./qubes-trust-level-architecture.png)
 <figcaption>Qubes Architecture, Credit: What is Qubes OS Intro</figcaption>
 
 Each qube has a [colored border](https://qubes-os.org/screenshots) that can help you keep track of the domain in which it runs. You could, for example, use a specific color for your banking browser, while using a different color for a general untrusted browser.
 
-![Colored border](/assets/img/qubes/r4.0-xfce-three-domains-at-work.png)
+![Colored border](./r4.0-xfce-three-domains-at-work.png)
 <figcaption>Qubes window borders, Credit: Qubes Screenshots</figcaption>
 
 ## Why Should I use Qubes?
@@ -56,7 +56,7 @@ The [qrexec framework](https://qubes-os.org/doc/qrexec) is a core part of Qubes
 
 ## Connecting to Tor via a VPN
 
-We [recommend](../../advanced/tor-overview.md) connecting to the Tor network via a [VPN](../../../tools/services/vpn/_index.md) provider, and luckily Qubes makes this easy to do with a combination of ProxyVMs and Whonix.
+We [recommend](../../advanced/tor-overview/_index.md) connecting to the Tor network via a [VPN](../../../tools/services/vpn/_index.md) provider, and luckily Qubes makes this easy to do with a combination of ProxyVMs and Whonix.
 
 After [creating a new ProxyVM](https://forum.qubes-os.org/t/configuring-a-proxyvm-vpn-gateway/19061) which connects to the VPN of your choice, you can chain your Whonix qubes to that ProxyVM **before** they connect to the Tor network, by setting the NetVM of your Whonix **Gateway** (`sys-whonix`) to the newly-created ProxyVM.