Deploy website to IPFS (#2502)

Signed-off-by: Daniel Gray <dngray@privacyguides.org>

.devcontainer/devcontainer.json

@@ -0,0 +1,8 @@
+// For format details, see https://aka.ms/devcontainer.json. For config options, see the
+// README at: https://github.com/devcontainers/templates/tree/main/src/python
+{
+	"name": "Privacy Guides",
+	"image": "ghcr.io/squidfunk/mkdocs-material:9.5.17",
+	"forwardPorts": [8000],
+  "postCreateCommand": "git submodule init; git submodule update theme/assets/brand; mkdocs serve --dev-addr=0.0.0.0:8000 --config-file config/mkdocs.en.yml"
+}

.devcontainer/team/devcontainer.json

@@ -0,0 +1,8 @@
+// For format details, see https://aka.ms/devcontainer.json. For config options, see the
+// README at: https://github.com/devcontainers/templates/tree/main/src/python
+{
+	"name": "Privacy Guides Team",
+	"image": "ghcr.io/privacyguides/privacyguides.org:main",
+	"forwardPorts": [8000],
+  "postCreateCommand": "git submodule init; git submodule update theme/assets/brand; MKDOCS_INHERIT=mkdocs-production.yml mkdocs serve --dev-addr=0.0.0.0:8000 --config-file config/mkdocs.en.yml"
+}

.github/CODEOWNERS

@@ -1,27 +1,5 @@
-# Copyright (c) 2019-2023 Jonah Aragon <jonah@triplebit.net>
-
-# Permission is hereby granted, free of charge, to any person obtaining a copy
-# of this software and associated documentation files (the "Software"), to
-# deal in the Software without restriction, including without limitation the
-# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
-# sell copies of the Software, and to permit persons to whom the Software is
-# furnished to do so, subject to the following conditions:
-
-# The above copyright notice and this permission notice shall be included in
-# all copies or substantial portions of the Software.
-
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
-# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
-# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
-# IN THE SOFTWARE.
-
-# Additional Co-Owners are added to the TOP of this file
-
 # High-traffic pages
-/docs/index.en.md @jonaharagon @dngray
+/docs/index.md @jonaharagon @dngray
 /theme/overrides/ @jonaharagon
 
 # Org
@@ -35,4 +13,3 @@ README.md @jonaharagon @dngray
 /Pipfile @jonaharagon
 /Pipfile.lock @jonaharagon
 /.github/ @jonaharagon
-/.well-known/ @jonaharagon

.github/dependabot.yml

@@ -49,6 +49,16 @@ updates:
       interval: "monthly"
     labels:
       - "fix:submodules"
+
+  - package-ecosystem: "devcontainers"
+    directory: "/"
+    schedule:
+      interval: weekly
+
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: weekly
 # Disabled because some updates tend to remove needed dependencies for some reason
 
 #  # Maintain dependencies for pipenv

.github/workflows/build-container.yml

@@ -0,0 +1,93 @@
+#
+name: ☁️ Build Container
+
+# Configures this workflow to run every time a change is pushed to the branch called `release`.
+on:
+  push:
+    branches: ['main']
+  release:
+    types: [published]
+  workflow_dispatch:
+
+concurrency:
+  group: container-build
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+  packages: write
+
+# Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds.
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+# There is a single job in this workflow. It's configured to run on the latest available version of Ubuntu.
+jobs:
+  submodule:
+    strategy:
+      matrix:
+        repo: [mkdocs-material-insiders, brand]
+    uses: privacyguides/.github/.github/workflows/download-repo.yml@main
+    with:
+      repo: ${{ matrix.repo }}
+    secrets:
+      ACTIONS_SSH_KEY: ${{ secrets.ACTIONS_SSH_KEY }}
+
+  build-and-push-image:
+    needs: submodule
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - uses: actions/download-artifact@v4
+        with:
+          pattern: repo-*
+          path: modules
+
+      - run: |
+          rm -rf modules/mkdocs-material
+          mv modules/repo-mkdocs-material-insiders modules/mkdocs-material
+          rm -rf theme/assets/brand
+          mv modules/repo-brand theme/assets/brand
+
+      # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here.
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3.1.0
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels.
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5.5.1
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=tag
+            type=ref,event=pr
+            type=sha
+          flavor: |
+            latest=${{ github.event_name == 'release' }}
+
+      # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages.
+      # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository.
+      # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step.
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5.3.0
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+  cleanup:
+    if: ${{ always() }}
+    needs: build-and-push-image
+    uses: privacyguides/.github/.github/workflows/cleanup.yml@main

.github/workflows/build.yml

@@ -0,0 +1,171 @@
+name: Build Website
+
+on:
+  workflow_call:
+    inputs:
+      config:
+        type: string
+        default: build
+      ref:
+        required: true
+        type: string
+      repo:
+        required: true
+        type: string
+      lang:
+        type: string
+        default: en
+      context:
+        type: string
+        default: deploy-preview
+      continue-on-error:
+        type: boolean
+        default: true
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    continue-on-error: ${{ inputs.continue-on-error }}
+    permissions:
+      contents: read
+
+    steps:
+      - run: |
+          echo "GH_TOKEN=${{ secrets.GITHUB_TOKEN }}" >> $GITHUB_ENV
+
+      - if: inputs.config == 'build'
+        run: |
+          echo "MKDOCS_INHERIT=mkdocs-production.yml" >> $GITHUB_ENV
+          echo "PRODUCTION=true" >> $GITHUB_ENV
+          echo "CONTEXT=${{ inputs.context }}" >> $GITHUB_ENV
+
+      - if: inputs.config == 'offline'
+        run: |
+          echo "MKDOCS_INHERIT=mkdocs-offline.yml" >> $GITHUB_ENV
+          echo "CARDS=false" >> $GITHUB_ENV
+
+      - uses: actions/checkout@v4
+        with:
+          repository: ${{ inputs.repo }}
+          ref: ${{ inputs.ref }}
+          persist-credentials: "false"
+          fetch-depth: 0
+
+      - uses: actions/download-artifact@v4
+        with:
+          pattern: repo-*
+          path: modules
+
+      - run: |
+          rmdir modules/mkdocs-material
+          mv modules/repo-mkdocs-material-insiders modules/mkdocs-material
+          rmdir theme/assets/brand
+          mv modules/repo-brand theme/assets/brand
+
+      - if: inputs.lang != 'en'
+        run: |
+          cp -rl modules/repo-i18n/i18n .
+          cp -rl modules/repo-i18n/includes .
+          cp -rl modules/repo-i18n/theme .
+
+      - uses: actions/setup-python@v5
+        with:
+          cache: "pipenv"
+
+      - uses: actions/cache/restore@v4.0.2
+        with:
+          key: site-cache-${{ inputs.repo }}-${{ inputs.ref }}-${{ hashfiles('.cache/**') }}
+          path: .cache
+          restore-keys: |
+            site-cache-${{ inputs.repo }}-${{ inputs.ref }}-
+            site-cache-${{ inputs.repo }}-
+
+      - uses: actions/cache/restore@v4.0.2
+        with:
+          key: card-cache-${{ inputs.repo }}-${{ inputs.lang }}-${{ inputs.ref }}-${{ hashfiles('config/.cache/plugin/social/manifest.json') }}
+          path: |
+            config/.cache/plugin/social/manifest.json
+            config/.cache/plugin/social/assets
+          restore-keys: |
+            card-cache-${{ inputs.repo }}-${{ inputs.lang }}-${{ inputs.ref }}-
+            card-cache-${{ inputs.repo }}-${{ inputs.lang }}-
+
+      - run: |
+          pip install pipenv
+          pipenv install
+          sudo apt install pngquant
+
+      - uses: falti/dotenv-action@v1.1
+        with:
+          path: includes/strings.${{ inputs.lang }}.env
+          export-variables: true
+          keys-case: bypass
+
+      - run: |
+          pipenv run mkdocs build --config-file config/mkdocs.${{ inputs.lang }}.yml
+          pipenv run mkdocs --version
+          tar -czvf site-${{ inputs.config }}-${{ inputs.lang }}.tar.gz site
+
+      - uses: actions/cache/save@v4.0.2
+        with:
+          key: site-cache-${{ inputs.repo }}-${{ inputs.ref }}-${{ hashfiles('.cache/**') }}
+          path: .cache
+
+      - uses: actions/cache/save@v4.0.2
+        with:
+          key: card-cache-${{ inputs.repo }}-${{ inputs.lang }}-${{ inputs.ref }}-${{ hashfiles('config/.cache/plugin/social/manifest.json') }}
+          path: |
+            config/.cache/plugin/social/manifest.json
+            config/.cache/plugin/social/assets
+
+      - uses: actions/upload-artifact@v4
+        with:
+          name: site-${{ inputs.config }}-${{ inputs.lang }}.tar.gz
+          path: site-${{ inputs.config }}-${{ inputs.lang }}.tar.gz
+
+  offline_package:
+    if: inputs.config == 'offline' && inputs.lang == 'en'
+    needs: build
+    runs-on: ubuntu-latest
+    continue-on-error: ${{ inputs.continue-on-error }}
+    permissions:
+      contents: read
+
+    steps:
+      - uses: actions/download-artifact@v4
+        with:
+          name: site-offline-en.tar.gz
+
+      - run: |
+          tar -xzvf site-offline-en.tar.gz
+          tar -czvf offline.tar.gz site/en
+          zip -r -q offline.zip site/en
+
+      - name: Upload tar.gz file
+        uses: actions/upload-artifact@v4
+        with:
+          name: offline.tar.gz
+          path: offline.tar.gz
+
+      - name: Upload zip file
+        uses: actions/upload-artifact@v4
+        with:
+          name: offline.zip
+          path: offline.zip
+
+      - name: Create ZIM File
+        uses: addnab/docker-run-action@v3
+        with:
+          image: ghcr.io/openzim/zim-tools:3.1.3
+          options: -v ${{ github.workspace }}:/data
+          run: |
+            zimwriterfs -w index.html -I assets/brand/logos/png/square/pg-yellow.png -l eng -t "Privacy Guides" -d "Your central privacy and security resource to protect yourself online." -c "Privacy Guides" -p "Jonah Aragon" -n "Privacy Guides" -e "https://github.com/privacyguides/privacyguides.org" /data/site/en /data/offline-privacy_guides.zim
+
+      - name: Upload ZIM file
+        uses: actions/upload-artifact@v4
+        with:
+          name: offline-privacy_guides.zim
+          path: offline-privacy_guides.zim

.github/workflows/deploy-all.yml

@@ -1,51 +0,0 @@
-name: Deploy Website Build
-
-permissions:
-  contents: read
-  pages: write
-  id-token: write
-
-on:
-  workflow_call:
-    inputs:
-      netlify_production:
-        type: boolean
-        default: true
-      github_pages:
-        type: boolean
-        default: true
-      minio_production:
-        type: boolean
-        default: true
-    outputs:
-      netlify_preview_address:
-        value: ${{ jobs.netlify.outputs.address }}
-    secrets:
-      NETLIFY_TOKEN:
-      PROD_MINIO_KEY_ID:
-      PROD_MINIO_SECRET_KEY:
-
-jobs:
-  netlify:
-    if: inputs.netlify_production
-    uses: privacyguides/.github/.github/workflows/deploy-netlify.yml@main
-    with:
-      netlify_site_id: ${{ vars.PROD_NETLIFY_SITE }}
-      environment: production
-    secrets:
-      NETLIFY_TOKEN: ${{ secrets.NETLIFY_TOKEN }}
-
-  minio:
-    if: inputs.minio_production
-    uses: privacyguides/.github/.github/workflows/deploy-minio.yml@main
-    with:
-      environment: production
-    secrets:
-      PROD_MINIO_KEY_ID: ${{ secrets.PROD_MINIO_KEY_ID }}
-      PROD_MINIO_SECRET_KEY: ${{ secrets.PROD_MINIO_SECRET_KEY }}
-
-  pages:
-    if: inputs.github_pages
-    uses: privacyguides/.github/.github/workflows/deploy-pages.yml@main
-    with:
-      environment: github-pages

.github/workflows/publish-pr.yml

@@ -60,7 +60,7 @@ jobs:
       fail-fast: false
     permissions:
       contents: read
-    uses: privacyguides/.github/.github/workflows/build.yml@main
+    uses: ./.github/workflows/build.yml
     with:
       ref: ${{github.event.pull_request.head.ref}}
       repo: ${{github.event.pull_request.head.repo.full_name}}
@@ -71,7 +71,7 @@ jobs:
     needs: build
     permissions:
       contents: read
-    uses: privacyguides/.github/.github/workflows/deploy-netlify-preview.yml@main
+    uses: privacyguides/webserver/.github/workflows/deploy-netlify-preview.yml@main
     with:
       netlify_alias: ${{ github.event.pull_request.head.sha }}
       netlify_site_id: ${{ vars.NETLIFY_SITE }}
@@ -84,7 +84,7 @@ jobs:
     needs: deploy
     runs-on: ubuntu-latest
     env:
-      address: ${{ needs.deploy.outputs.netlify_preview_address }}
+      address: ${{ needs.deploy.outputs.address }}
     steps:
       - uses: thollander/actions-comment-pull-request@v2.5.0
         with:

.github/workflows/publish-release.yml

@@ -25,10 +25,15 @@ on:
     tags:
       - "*"
 
+concurrency:
+  group: release-deployment
+  cancel-in-progress: true
+
 permissions:
   contents: write
   pages: write
   id-token: write
+  deployments: write
 
 jobs:
   submodule:
@@ -46,25 +51,21 @@ jobs:
     strategy:
       matrix:
         lang: [en, es, fr, he, it, nl, ru, zh-Hant]
+        build: [build, offline]
     permissions:
       contents: read
-    uses: privacyguides/.github/.github/workflows/build.yml@main
+    uses: ./.github/workflows/build.yml
     with:
+      config: ${{ matrix.build }}
       ref: ${{ github.ref }}
       repo: ${{ github.repository }}
       lang: ${{ matrix.lang }}
       context: production
       continue-on-error: false
 
-  buildoffline:
-    needs: submodule
-    permissions:
-      contents: read
-    uses: privacyguides/.github/.github/workflows/build-offline.yml@main
-
   release:
     name: Create release notes
-    needs: buildoffline
+    needs: build
     runs-on: ubuntu-latest
     permissions:
       contents: write
@@ -84,17 +85,19 @@ jobs:
 
   deploy:
     needs: build
-    uses: ./.github/workflows/deploy-all.yml
-    with:
-      netlify_production: true
-      github_pages: true
-      minio_production: true
+    uses: privacyguides/webserver/.github/workflows/deploy-all.yml@main
     secrets:
       NETLIFY_TOKEN: ${{ secrets.NETLIFY_TOKEN }}
       PROD_MINIO_KEY_ID: ${{ secrets.PROD_MINIO_KEY_ID }}
       PROD_MINIO_SECRET_KEY: ${{ secrets.PROD_MINIO_SECRET_KEY }}
+      CF_API_TOKEN: ${{ secrets.CF_API_TOKEN }}
+      CF_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }}
+      CLUSTER_USERNAME: ${{ secrets.CLUSTER_USERNAME }}
+      CLUSTER_PASSWORD: ${{ secrets.CLUSTER_PASSWORD }}
+      CLOUDFLARE_ZONE: ${{ secrets.CLOUDFLARE_ZONE }}
+      CLOUDFLARE_TOKEN: ${{ secrets.CLOUDFLARE_TOKEN }}
 
   cleanup:
     if: ${{ always() }}
-    needs: [build, buildoffline]
+    needs: build
     uses: privacyguides/.github/.github/workflows/cleanup.yml@main

.github/workflows/test-build.yml

@@ -45,7 +45,7 @@ jobs:
       fail-fast: false
     permissions:
       contents: read
-    uses: privacyguides/.github/.github/workflows/build.yml@main
+    uses: ./.github/workflows/build.yml
     with:
       ref: ${{ github.ref }}
       repo: ${{ github.repository }}
@@ -56,7 +56,7 @@ jobs:
     needs: submodule
     permissions:
       contents: read
-    uses: privacyguides/.github/.github/workflows/build-offline.yml@main
+    uses: ./.github/workflows/build-offline.yml
 
   cleanup:
     if: ${{ always() }}

.github/workflows/test-lint.yml

@@ -35,7 +35,7 @@ concurrency:
   cancel-in-progress: true
 
 env:
-  MAIN_BRANCH: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
+  MAIN_BRANCH: ${{ github.event_name == 'push' }}
 
 jobs:
   megalinter:
@@ -45,7 +45,7 @@ jobs:
       - if: ${{ env.MAIN_BRANCH }}
         uses: actions/checkout@v4
 
-      - if: ${{ !env.MAIN_BRANCH }}
+      - if: ${{ env.MAIN_BRANCH == 0 }}
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
@@ -63,7 +63,7 @@ jobs:
           # ADD YOUR CUSTOM ENV VARIABLES HERE OR DEFINE THEM IN A FILE .mega-linter.yml AT THE ROOT OF YOUR REPOSITORY
           DISABLE: COPYPASTE,SPELL,HTML
           DISABLE_LINTERS: JSON_JSONLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER
-          DISABLE_ERRORS_LINTERS: CSS_STYLELINT,MARKDOWN_MARKDOWN_LINK_CHECK,YAML_YAMLLINT
+          DISABLE_ERRORS_LINTERS: CSS_STYLELINT,MARKDOWN_MARKDOWN_LINK_CHECK,YAML_YAMLLINT,DOCKERFILE_HADOLINT,REPOSITORY_TRIVY,REPOSITORY_CHECKOV
           EDITORCONFIG_EDITORCONFIG_CHECKER_ARGUMENTS: -disable-indentation
           ENV_DOTENV_LINTER_ARGUMENTS: "--skip QuoteCharacter"
           MARKDOWN_MARKDOWN_LINK_CHECK_FILTER_REGEX_INCLUDE: (docs)

.github/workflows/upload-crowdin.yml

@@ -41,7 +41,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: crowdin action
-        uses: crowdin/github-action@v1.20.1
+        uses: crowdin/github-action@v1.20.2
         with:
           upload_sources: true
           upload_sources_args: "--auto-update --delete-obsolete"

.gitignore

@@ -2,10 +2,8 @@ site
 /i18n/
 /includes/*
 !/includes/*.en.*
-/static/i18n/*
-!/static/i18n/*.en.*
-/theme/overrides/*
-!/theme/overrides/*.en.*
+/static/i18n/
+/theme/overrides/*.*.*
 
 # commit social card fonts to repo
 # see: https://github.com/squidfunk/mkdocs-material/issues/6983
@@ -22,3 +20,6 @@ site
 # Local Netlify folder
 .netlify
 node_modules
+
+# Python
+.venv

.vscode/extensions.json

@@ -24,7 +24,6 @@
     "DavidAnson.vscode-markdownlint",
     "wholroyd.jinja",
     "mikestead.dotenv",
-    "matthewpi.caddyfile-support",
     "redhat.vscode-yaml",
     "ecmel.vscode-html-css",
     "yzhang.markdown-all-in-one"

.vscode/settings.json

@@ -21,20 +21,9 @@
 {
     "git.ignoreLimitWarning": true,
     "ltex.diagnosticSeverity": "hint",
-    "[markdown]": {
-      "editor.unicodeHighlight.ambiguousCharacters": true,
-      "editor.unicodeHighlight.invisibleCharacters": true
-    },
-    "[caddyfile]": {
-      "editor.defaultFormatter": "matthewpi.caddyfile-support",
-      "editor.formatOnSave": true
-    },
-    "files.associations": {
-      "*.caddy": "caddyfile",
-      "*.example-caddy": "caddyfile"
-    },
-      "editor.unicodeHighlight.invisibleCharacters": true,
-      "editor.defaultFormatter": "DavidAnson.vscode-markdownlint",
+    "editor.unicodeHighlight.ambiguousCharacters": true,
+    "editor.unicodeHighlight.invisibleCharacters": true,
+    "editor.defaultFormatter": "DavidAnson.vscode-markdownlint",
     "[yaml]": {
       "editor.defaultFormatter": "redhat.vscode-yaml",
       "editor.quickSuggestions": {

Dockerfile

@@ -0,0 +1,71 @@
+FROM python:3.12-alpine as base
+
+LABEL org.opencontainers.image.source="https://github.com/privacyguides/privacyguides.org"
+
+# Setup env
+ENV LANG C.UTF-8
+ENV LC_ALL C.UTF-8
+ENV PYTHONDONTWRITEBYTECODE 1
+ENV PYTHONFAULTHANDLER 1
+
+FROM base AS python-deps
+
+# Install pipenv and compilation dependencies
+RUN pip install pipenv
+RUN \
+  apk upgrade --update-cache -a \
+&& \
+  apk add --no-cache \
+    gcc \
+    libffi-dev \
+    musl-dev
+
+# Install python dependencies in /.venv
+COPY modules/mkdocs-material ./modules/mkdocs-material
+COPY Pipfile .
+COPY Pipfile.lock .
+RUN PIPENV_VENV_IN_PROJECT=1 pipenv install --deploy
+
+FROM base AS runtime
+
+# Install runtime dependencies
+RUN \
+  apk upgrade --update-cache -a \
+&& \
+  apk add --no-cache \
+    cairo \
+    freetype-dev \
+    git \
+    git-fast-import \
+    jpeg-dev \
+    openssh \
+    pngquant \
+    tini \
+    zlib-dev \
+    libffi-dev \
+    musl-dev
+
+# Copy virtual env from python-deps stage
+COPY --from=python-deps /.venv /.venv
+COPY --from=python-deps /modules/mkdocs-material /modules/mkdocs-material
+ENV PATH="/.venv/bin:$PATH"
+
+# Create and switch to a new user
+RUN mkdir /site
+WORKDIR /site
+
+COPY docs docs
+COPY theme theme
+COPY includes includes
+COPY config/*.yml config/
+COPY config/layouts config/layouts
+COPY config/.cache/plugin/social/fonts config/.cache/plugin/social/fonts
+
+EXPOSE 8000
+
+ENV MKDOCS_INHERIT mkdocs-production.yml
+
+HEALTHCHECK NONE
+
+ENTRYPOINT ["mkdocs"]
+CMD ["serve", "--dev-addr=0.0.0.0:8000", "--config-file=config/mkdocs.en.yml"]

Pipfile.lock

@@ -45,7 +45,6 @@
                 "sha256:432531d72347291b9a9ebfb6777026b607563fd8719c46ee742db0aef7271ba0",
                 "sha256:8a5222d4e6c3f86f1f7046b63246877a63b49923a1cd202184c3a634ef546b3b"
             ],
-            "markers": "python_version >= '3.5'",
             "version": "==2.7.1"
         },
         "certifi": {
@@ -290,122 +289,164 @@
         },
         "lxml": {
             "hashes": [
-                "sha256:0382e6a3eefa3f6699b14fa77c2eb32af2ada261b75120eaf4fc028a20394975",
-                "sha256:03e3962d6ad13a862dacd5b3a3ea60b4d092a550f36465234b8639311fd60989",
-                "sha256:05fc3720250d221792b6e0d150afc92d20cb10c9cdaa8c8f93c2a00fbdd16015",
-                "sha256:06036d60fccb21e22dd167f6d0e422b9cbdf3588a7e999a33799f9cbf01e41a5",
-                "sha256:0947d1114e337dc2aae2fa14bbc9ed5d9ca1a0acd6d2f948df9926aef65305e9",
-                "sha256:0e95ae029396382a0d2e8174e4077f96befcd4a2184678db363ddc074eb4d3b2",
-                "sha256:11acfcdf5a38cf89c48662123a5d02ae0a7d99142c7ee14ad90de5c96a9b6f06",
-                "sha256:11e41ffd3cd27b0ca1c76073b27bd860f96431d9b70f383990f1827ca19f2f52",
-                "sha256:1459a998c10a99711ac532abe5cc24ba354e4396dafef741c7797f8830712d56",
-                "sha256:16e65223f34fd3d65259b174f0f75a4bb3d9893698e5e7d01e54cd8c5eb98d85",
-                "sha256:1cce2eaad7e38b985b0f91f18468dda0d6b91862d32bec945b0e46e2ffe7222e",
-                "sha256:1eace37a9f4a1bef0bb5c849434933fd6213008ec583c8e31ee5b8e99c7c8500",
-                "sha256:1ede2a7a86a977b0c741654efaeca0af7860a9b1ae39f9268f0936246a977ee0",
-                "sha256:1effc10bf782f0696e76ecfeba0720ea02c0c31d5bffb7b29ba10debd57d1c3d",
-                "sha256:200f70b5d95fc79eb9ed7f8c4888eef4e274b9bf380b829d3d52e9ed962e9231",
-                "sha256:21dc490cdb33047bc7f7ad76384f3366fa8f5146b86cc04c4af45de901393b90",
-                "sha256:246c93e2503c710cf02c7e9869dc0258223cbefe5e8f9ecded0ac0aa07fd2bf8",
-                "sha256:25fef8794f0dc89f01bdd02df6a7fec4bcb2fbbe661d571e898167a83480185e",
-                "sha256:27877732946843f4b6bfc56eb40d865653eef34ad2edeed16b015d5c29c248df",
-                "sha256:281ee1ffeb0ab06204dfcd22a90e9003f0bb2dab04101ad983d0b1773bc10588",
-                "sha256:2a34e74ffe92c413f197ff4967fb1611d938ee0691b762d062ef0f73814f3aa4",
-                "sha256:2ad364026c2cebacd7e01d1138bd53639822fefa8f7da90fc38cd0e6319a2699",
-                "sha256:2bbe335f0d1a86391671d975a1b5e9b08bb72fba6b567c43bdc2e55ca6e6c086",
-                "sha256:32d44af078485c4da9a7ec460162392d49d996caf89516fa0b75ad0838047122",
-                "sha256:347ec08250d5950f5b016caa3e2e13fb2cb9714fe6041d52e3716fb33c208663",
-                "sha256:356f8873b1e27b81793e30144229adf70f6d3e36e5cb7b6d289da690f4398953",
-                "sha256:35e39c6fd089ad6674eb52d93aa874d6027b3ae44d2381cca6e9e4c2e102c9c8",
-                "sha256:3603a8a41097daf7672cae22cc4a860ab9ea5597f1c5371cb21beca3398b8d6a",
-                "sha256:371aab9a397dcc76625ad3b02fa9b21be63406d69237b773156e7d1fc2ce0cae",
-                "sha256:3ac7c8a60b8ad51fe7bca99a634dd625d66492c502fd548dc6dc769ce7d94b6a",
-                "sha256:3cefb133c859f06dab2ae63885d9f405000c4031ec516e0ed4f9d779f690d8e3",
-                "sha256:3f06e4460e76468d99cc36d5b9bc6fc5f43e6662af44960e13e3f4e040aacb35",
-                "sha256:4add722393c99da4d51c8d9f3e1ddf435b30677f2d9ba9aeaa656f23c1b7b580",
-                "sha256:4c232726f7b6df5143415a06323faaa998ef8abbe1c0ed00d718755231d76f08",
-                "sha256:4d16b44ad0dd8c948129639e34c8d301ad87ebc852568ace6fe9a5ad9ce67ee1",
-                "sha256:50a26f68d090594477df8572babac64575cd5c07373f7a8319c527c8e56c0f99",
-                "sha256:5188f22c00381cb44283ecb28c8d85c2db4a3035774dd851876c8647cb809c27",
-                "sha256:5261c858c390ae9a19aba96796948b6a2d56649cbd572968970dc8da2b2b2a42",
-                "sha256:52d6cdea438eb7282c41c5ac00bd6d47d14bebb6e8a8d2a1c168ed9e0cacfbab",
-                "sha256:53c0e56f41ef68c1ce4e96f27ecdc2df389730391a2fd45439eb3facb02d36c8",
-                "sha256:56591e477bea531e5e1854f5dfb59309d5708669bc921562a35fd9ca5182bdcd",
-                "sha256:56835b9e9a7767202fae06310c6b67478963e535fe185bed3bf9af5b18d2b67e",
-                "sha256:57402d6cdd8a897ce21cf8d1ff36683583c17a16322a321184766c89a1980600",
-                "sha256:57cbadf028727705086047994d2e50124650e63ce5a035b0aa79ab50f001989f",
-                "sha256:5810fa80e64a0c689262a71af999c5735f48c0da0affcbc9041d1ef5ef3920be",
-                "sha256:59ec2948385336e9901008fdf765780fe30f03e7fdba8090aafdbe5d1b7ea0cd",
-                "sha256:5f6e4e5a62114ae76690c4a04c5108d067442d0a41fd092e8abd25af1288c450",
-                "sha256:60847dfbdfddf08a56c4eefe48234e8c1ab756c7eda4a2a7c1042666a5516564",
-                "sha256:60a3983d32f722a8422c01e4dc4badc7a307ca55c59e2485d0e14244a52c482f",
-                "sha256:641a8da145aca67671205f3e89bfec9815138cf2fe06653c909eab42e486d373",
-                "sha256:6a7e0935f05e1cf1a3aa1d49a87505773b04f128660eac2a24a5594ea6b1baa7",
-                "sha256:6e45fd5213e5587a610b7e7c8c5319a77591ab21ead42df46bb342e21bc1418d",
-                "sha256:6f0d2b97a5a06c00c963d4542793f3e486b1ed3a957f8c19f6006ed39d104bb0",
-                "sha256:703d60e59ab45c17485c2c14b11880e4f7f0eab07134afa9007573fa5a779a5a",
-                "sha256:7250030a7835bfd5ba6ca7d1ad483ec90f9cbc29978c5e75c1cc3e031d3c4160",
-                "sha256:73e69762cf740ac3ae81137ef9d6f15f93095f50854e233d50b29e7b8a91dbc6",
-                "sha256:75a4117b43694c72a0d89f6c18a28dc57407bde4650927d4ef5fd384bdf6dcc7",
-                "sha256:7a1611fb9de0a269c05575c024e6d8cdf2186e3fa52b364e3b03dcad82514d57",
-                "sha256:7c556bbf88a8b667c849d326dd4dd9c6290ede5a33383ffc12b0ed17777f909d",
-                "sha256:7c61ce3cdd6e6c9f4003ac118be7eb3036d0ce2afdf23929e533e54482780f74",
-                "sha256:7efbce96719aa275d49ad5357886845561328bf07e1d5ab998f4e3066c5ccf15",
-                "sha256:7fac15090bb966719df06f0c4f8139783746d1e60e71016d8a65db2031ca41b8",
-                "sha256:80cc2b55bb6e35d3cb40936b658837eb131e9f16357241cd9ba106ae1e9c5ecb",
-                "sha256:883e382695f346c2ea3ad96bdbdf4ca531788fbeedb4352be3a8fcd169fc387d",
-                "sha256:8aa11638902ac23f944f16ce45c9f04c9d5d57bb2da66822abb721f4efe5fdbb",
-                "sha256:92bb37c96215c4b2eb26f3c791c0bf02c64dd251effa532b43ca5049000c4478",
-                "sha256:931a3a13e0f574abce8f3152b207938a54304ccf7a6fd7dff1fdb2f6691d08af",
-                "sha256:93eede9bcc842f891b2267c7f0984d811940d1bc18472898a1187fe560907a99",
-                "sha256:947fa8bf15d1c62c6db36c6ede9389cac54f59af27010251747f05bddc227745",
-                "sha256:a00f5931b7cccea775123c3c0a2513aee58afdad8728550cc970bff32280bdd2",
-                "sha256:a3c39def0965e8fb5c8d50973e0c7b4ce429a2fa730f3f9068a7f4f9ce78410b",
-                "sha256:a9b67b850ab1d304cb706cf71814b0e0c3875287083d7ec55ee69504a9c48180",
-                "sha256:ada8ce9e6e1d126ef60d215baaa0c81381ba5841c25f1d00a71cdafdc038bd27",
-                "sha256:ae550cbd7f229cdf2841d9b01406bcca379a5fb327b9efb53ba620a10452e835",
-                "sha256:ae69524fd6a68b288574013f8fadac23cacf089c75cd3fc5b216277a445eb736",
-                "sha256:af64df85fecd3cf3b2e792f0b5b4d92740905adfa8ce3b24977a55415f1a0c40",
-                "sha256:b0181c22fdb89cc19e70240a850e5480817c3e815b1eceb171b3d7a3aa3e596a",
-                "sha256:b03531f6cd6ce4b511dcece060ca20aa5412f8db449274b44f4003f282e6272f",
-                "sha256:b3b4bb89a785f4fd60e05f3c3a526c07d0d68e3536f17f169ca13bf5b5dd75a5",
-                "sha256:b7150e630b879390e02121e71ceb1807f682b88342e2ea2082e2c8716cf8bd93",
-                "sha256:b8f842df9ba26135c5414e93214e04fe0af259bb4f96a32f756f89467f7f3b45",
-                "sha256:ba3a86b0d5a5c93104cb899dff291e3ae13729c389725a876d00ef9696de5425",
-                "sha256:ba4d02aed47c25be6775a40d55c5774327fdedba79871b7c2485e80e45750cb2",
-                "sha256:bc2259243ee734cc736e237719037efb86603c891fd363cc7973a2d0ac8a0e3f",
-                "sha256:be5c8e776ecbcf8c1bce71a7d90e3a3680c9ceae516cac0be08b47e9fac0ca43",
-                "sha256:be5faa2d5c8c8294d770cfd09d119fb27b5589acc59635b0cf90f145dbe81dca",
-                "sha256:c53164f29ed3c3868787144e8ea8a399ffd7d8215f59500a20173593c19e96eb",
-                "sha256:c54f8d6160080831a76780d850302fdeb0e8d0806f661777b0714dfb55d9a08a",
-                "sha256:c74e77df9e36c8c91157853e6cd400f6f9ca7a803ba89981bfe3f3fc7e5651ef",
-                "sha256:c84dce8fb2e900d4fb094e76fdad34a5fd06de53e41bddc1502c146eb11abd74",
-                "sha256:ca3236f31d565555139d5b00b790ed2a98ac6f0c4470c4032f8b5e5a5dba3c1a",
-                "sha256:d2b339fb790fc923ae2e9345c8633e3d0064d37ea7920c027f20c8ae6f65a91f",
-                "sha256:d46df6f0b1a0cda39d12c5c4615a7d92f40342deb8001c7b434d7c8c78352e58",
-                "sha256:da12b4efc93d53068888cb3b58e355b31839f2428b8f13654bd25d68b201c240",
-                "sha256:dc7b630c4fb428b8a40ddd0bfc4bc19de11bb3c9b031154f77360e48fe8b4451",
-                "sha256:dd0f25a431cd16f70ec1c47c10b413e7ddfe1ccaaddd1a7abd181e507c012374",
-                "sha256:ddbea6e58cce1a640d9d65947f1e259423fc201c9cf9761782f355f53b7f3097",
-                "sha256:ddda5ba8831f258ac7e6364be03cb27aa62f50c67fd94bc1c3b6247959cc0369",
-                "sha256:df7dfbdef11702fd22c2eaf042d7098d17edbc62d73f2199386ad06cbe466f6d",
-                "sha256:e08784288a179b59115b5e57abf6d387528b39abb61105fe17510a199a277a40",
-                "sha256:e283b24c14361fe9e04026a1d06c924450415491b83089951d469509900d9f32",
-                "sha256:e4366e58c0508da4dee4c7c70cee657e38553d73abdffa53abbd7d743711ee11",
-                "sha256:e6cb8f7a332eaa2d876b649a748a445a38522e12f2168e5e838d1505a91cdbb7",
-                "sha256:e8359fb610c8c444ac473cfd82dae465f405ff807cabb98a9b9712bbd0028751",
-                "sha256:eaf5e308a5e50bc0548c4fdca0117a31ec9596f8cfc96592db170bcecc71a957",
-                "sha256:ed1fe80e1fcdd1205a443bddb1ad3c3135bb1cd3f36cc996a1f4aed35960fbe8",
-                "sha256:f1f164e4cc6bc646b1fc86664c3543bf4a941d45235797279b120dc740ee7af5",
-                "sha256:f2cb157e279d28c66b1c27e0948687dc31dc47d1ab10ce0cd292a8334b7de3d5",
-                "sha256:f354d62345acdf22aa3e171bd9723790324a66fafe61bfe3873b86724cf6daaa",
-                "sha256:f46f8033da364bacc74aca5e319509a20bb711c8a133680ca5f35020f9eaf025",
-                "sha256:f90c36ca95a44d2636bbf55a51ca30583b59b71b6547b88d954e029598043551",
-                "sha256:f9e27841cddfaebc4e3ffbe5dbdff42891051acf5befc9f5323944b2c61cef16",
-                "sha256:fadda215e32fe375d65e560b7f7e2a37c7f9c4ecee5315bb1225ca6ac9bf5838"
+                "sha256:04ab5415bf6c86e0518d57240a96c4d1fcfc3cb370bb2ac2a732b67f579e5a04",
+                "sha256:057cdc6b86ab732cf361f8b4d8af87cf195a1f6dc5b0ff3de2dced242c2015e0",
+                "sha256:058a1308914f20784c9f4674036527e7c04f7be6fb60f5d61353545aa7fcb739",
+                "sha256:08802f0c56ed150cc6885ae0788a321b73505d2263ee56dad84d200cab11c07a",
+                "sha256:0a15438253b34e6362b2dc41475e7f80de76320f335e70c5528b7148cac253a1",
+                "sha256:0c3f67e2aeda739d1cc0b1102c9a9129f7dc83901226cc24dd72ba275ced4218",
+                "sha256:0e7259016bc4345a31af861fdce942b77c99049d6c2107ca07dc2bba2435c1d9",
+                "sha256:0ed777c1e8c99b63037b91f9d73a6aad20fd035d77ac84afcc205225f8f41188",
+                "sha256:0f5d65c39f16717a47c36c756af0fb36144069c4718824b7533f803ecdf91138",
+                "sha256:0f8c09ed18ecb4ebf23e02b8e7a22a05d6411911e6fabef3a36e4f371f4f2585",
+                "sha256:11a04306fcba10cd9637e669fd73aa274c1c09ca64af79c041aa820ea992b637",
+                "sha256:1ae67b4e737cddc96c99461d2f75d218bdf7a0c3d3ad5604d1f5e7464a2f9ffe",
+                "sha256:1c5bb205e9212d0ebddf946bc07e73fa245c864a5f90f341d11ce7b0b854475d",
+                "sha256:1f7785f4f789fdb522729ae465adcaa099e2a3441519df750ebdccc481d961a1",
+                "sha256:200e63525948e325d6a13a76ba2911f927ad399ef64f57898cf7c74e69b71095",
+                "sha256:21c2e6b09565ba5b45ae161b438e033a86ad1736b8c838c766146eff8ceffff9",
+                "sha256:2213afee476546a7f37c7a9b4ad4d74b1e112a6fafffc9185d6d21f043128c81",
+                "sha256:27aa20d45c2e0b8cd05da6d4759649170e8dfc4f4e5ef33a34d06f2d79075d57",
+                "sha256:2a66bf12fbd4666dd023b6f51223aed3d9f3b40fef06ce404cb75bafd3d89536",
+                "sha256:2c9d147f754b1b0e723e6afb7ba1566ecb162fe4ea657f53d2139bbf894d050a",
+                "sha256:2ddfe41ddc81f29a4c44c8ce239eda5ade4e7fc305fb7311759dd6229a080052",
+                "sha256:31e9a882013c2f6bd2f2c974241bf4ba68c85eba943648ce88936d23209a2e01",
+                "sha256:3249cc2989d9090eeac5467e50e9ec2d40704fea9ab72f36b034ea34ee65ca98",
+                "sha256:3545039fa4779be2df51d6395e91a810f57122290864918b172d5dc7ca5bb433",
+                "sha256:394ed3924d7a01b5bd9a0d9d946136e1c2f7b3dc337196d99e61740ed4bc6fe1",
+                "sha256:3a6b45da02336895da82b9d472cd274b22dc27a5cea1d4b793874eead23dd14f",
+                "sha256:3a74c4f27167cb95c1d4af1c0b59e88b7f3e0182138db2501c353555f7ec57f4",
+                "sha256:3d0c3dd24bb4605439bf91068598d00c6370684f8de4a67c2992683f6c309d6b",
+                "sha256:3dbe858ee582cbb2c6294dc85f55b5f19c918c2597855e950f34b660f1a5ede6",
+                "sha256:3dc773b2861b37b41a6136e0b72a1a44689a9c4c101e0cddb6b854016acc0aa8",
+                "sha256:3e183c6e3298a2ed5af9d7a356ea823bccaab4ec2349dc9ed83999fd289d14d5",
+                "sha256:3f7765e69bbce0906a7c74d5fe46d2c7a7596147318dbc08e4a2431f3060e306",
+                "sha256:417d14450f06d51f363e41cace6488519038f940676ce9664b34ebf5653433a5",
+                "sha256:44f6c7caff88d988db017b9b0e4ab04934f11e3e72d478031efc7edcac6c622f",
+                "sha256:491755202eb21a5e350dae00c6d9a17247769c64dcf62d8c788b5c135e179dc4",
+                "sha256:4951e4f7a5680a2db62f7f4ab2f84617674d36d2d76a729b9a8be4b59b3659be",
+                "sha256:52421b41ac99e9d91934e4d0d0fe7da9f02bfa7536bb4431b4c05c906c8c6919",
+                "sha256:530e7c04f72002d2f334d5257c8a51bf409db0316feee7c87e4385043be136af",
+                "sha256:533658f8fbf056b70e434dff7e7aa611bcacb33e01f75de7f821810e48d1bb66",
+                "sha256:5670fb70a828663cc37552a2a85bf2ac38475572b0e9b91283dc09efb52c41d1",
+                "sha256:56c22432809085b3f3ae04e6e7bdd36883d7258fcd90e53ba7b2e463efc7a6af",
+                "sha256:58278b29cb89f3e43ff3e0c756abbd1518f3ee6adad9e35b51fb101c1c1daaec",
+                "sha256:588008b8497667f1ddca7c99f2f85ce8511f8f7871b4a06ceede68ab62dff64b",
+                "sha256:59565f10607c244bc4c05c0c5fa0c190c990996e0c719d05deec7030c2aa8289",
+                "sha256:59689a75ba8d7ffca577aefd017d08d659d86ad4585ccc73e43edbfc7476781a",
+                "sha256:5aea8212fb823e006b995c4dda533edcf98a893d941f173f6c9506126188860d",
+                "sha256:5c670c0406bdc845b474b680b9a5456c561c65cf366f8db5a60154088c92d102",
+                "sha256:5ca1e8188b26a819387b29c3895c47a5e618708fe6f787f3b1a471de2c4a94d9",
+                "sha256:5d077bc40a1fe984e1a9931e801e42959a1e6598edc8a3223b061d30fbd26bbc",
+                "sha256:5d5792e9b3fb8d16a19f46aa8208987cfeafe082363ee2745ea8b643d9cc5b45",
+                "sha256:5dd1537e7cc06efd81371f5d1a992bd5ab156b2b4f88834ca852de4a8ea523fa",
+                "sha256:5ea7b6766ac2dfe4bcac8b8595107665a18ef01f8c8343f00710b85096d1b53a",
+                "sha256:622020d4521e22fb371e15f580d153134bfb68d6a429d1342a25f051ec72df1c",
+                "sha256:627402ad8dea044dde2eccde4370560a2b750ef894c9578e1d4f8ffd54000461",
+                "sha256:644df54d729ef810dcd0f7732e50e5ad1bd0a135278ed8d6bcb06f33b6b6f708",
+                "sha256:64641a6068a16201366476731301441ce93457eb8452056f570133a6ceb15fca",
+                "sha256:64c2baa7774bc22dd4474248ba16fe1a7f611c13ac6123408694d4cc93d66dbd",
+                "sha256:6588c459c5627fefa30139be4d2e28a2c2a1d0d1c265aad2ba1935a7863a4913",
+                "sha256:66bc5eb8a323ed9894f8fa0ee6cb3e3fb2403d99aee635078fd19a8bc7a5a5da",
+                "sha256:68a2610dbe138fa8c5826b3f6d98a7cfc29707b850ddcc3e21910a6fe51f6ca0",
+                "sha256:6935bbf153f9a965f1e07c2649c0849d29832487c52bb4a5c5066031d8b44fd5",
+                "sha256:6992030d43b916407c9aa52e9673612ff39a575523c5f4cf72cdef75365709a5",
+                "sha256:6a014510830df1475176466b6087fc0c08b47a36714823e58d8b8d7709132a96",
+                "sha256:6ab833e4735a7e5533711a6ea2df26459b96f9eec36d23f74cafe03631647c41",
+                "sha256:6cc6ee342fb7fa2471bd9b6d6fdfc78925a697bf5c2bcd0a302e98b0d35bfad3",
+                "sha256:6cf58416653c5901e12624e4013708b6e11142956e7f35e7a83f1ab02f3fe456",
+                "sha256:70a9768e1b9d79edca17890175ba915654ee1725975d69ab64813dd785a2bd5c",
+                "sha256:70ac664a48aa64e5e635ae5566f5227f2ab7f66a3990d67566d9907edcbbf867",
+                "sha256:71e97313406ccf55d32cc98a533ee05c61e15d11b99215b237346171c179c0b0",
+                "sha256:7221d49259aa1e5a8f00d3d28b1e0b76031655ca74bb287123ef56c3db92f213",
+                "sha256:74b28c6334cca4dd704e8004cba1955af0b778cf449142e581e404bd211fb619",
+                "sha256:764b521b75701f60683500d8621841bec41a65eb739b8466000c6fdbc256c240",
+                "sha256:78bfa756eab503673991bdcf464917ef7845a964903d3302c5f68417ecdc948c",
+                "sha256:794f04eec78f1d0e35d9e0c36cbbb22e42d370dda1609fb03bcd7aeb458c6377",
+                "sha256:79bd05260359170f78b181b59ce871673ed01ba048deef4bf49a36ab3e72e80b",
+                "sha256:7a7efd5b6d3e30d81ec68ab8a88252d7c7c6f13aaa875009fe3097eb4e30b84c",
+                "sha256:7c17b64b0a6ef4e5affae6a3724010a7a66bda48a62cfe0674dabd46642e8b54",
+                "sha256:804f74efe22b6a227306dd890eecc4f8c59ff25ca35f1f14e7482bbce96ef10b",
+                "sha256:853e074d4931dbcba7480d4dcab23d5c56bd9607f92825ab80ee2bd916edea53",
+                "sha256:857500f88b17a6479202ff5fe5f580fc3404922cd02ab3716197adf1ef628029",
+                "sha256:865bad62df277c04beed9478fe665b9ef63eb28fe026d5dedcb89b537d2e2ea6",
+                "sha256:88e22fc0a6684337d25c994381ed8a1580a6f5ebebd5ad41f89f663ff4ec2885",
+                "sha256:8b9c07e7a45bb64e21df4b6aa623cb8ba214dfb47d2027d90eac197329bb5e94",
+                "sha256:8de8f9d6caa7f25b204fc861718815d41cbcf27ee8f028c89c882a0cf4ae4134",
+                "sha256:8e77c69d5892cb5ba71703c4057091e31ccf534bd7f129307a4d084d90d014b8",
+                "sha256:9123716666e25b7b71c4e1789ec829ed18663152008b58544d95b008ed9e21e9",
+                "sha256:958244ad566c3ffc385f47dddde4145088a0ab893504b54b52c041987a8c1863",
+                "sha256:96323338e6c14e958d775700ec8a88346014a85e5de73ac7967db0367582049b",
+                "sha256:9676bfc686fa6a3fa10cd4ae6b76cae8be26eb5ec6811d2a325636c460da1806",
+                "sha256:9b0ff53900566bc6325ecde9181d89afadc59c5ffa39bddf084aaedfe3b06a11",
+                "sha256:9b9ec9c9978b708d488bec36b9e4c94d88fd12ccac3e62134a9d17ddba910ea9",
+                "sha256:9c6ad0fbf105f6bcc9300c00010a2ffa44ea6f555df1a2ad95c88f5656104817",
+                "sha256:9ca66b8e90daca431b7ca1408cae085d025326570e57749695d6a01454790e95",
+                "sha256:9e2addd2d1866fe112bc6f80117bcc6bc25191c5ed1bfbcf9f1386a884252ae8",
+                "sha256:a0af35bd8ebf84888373630f73f24e86bf016642fb8576fba49d3d6b560b7cbc",
+                "sha256:a2b44bec7adf3e9305ce6cbfa47a4395667e744097faed97abb4728748ba7d47",
+                "sha256:a2dfe7e2473f9b59496247aad6e23b405ddf2e12ef0765677b0081c02d6c2c0b",
+                "sha256:a55ee573116ba208932e2d1a037cc4b10d2c1cb264ced2184d00b18ce585b2c0",
+                "sha256:a7baf9ffc238e4bf401299f50e971a45bfcc10a785522541a6e3179c83eabf0a",
+                "sha256:a8d5c70e04aac1eda5c829a26d1f75c6e5286c74743133d9f742cda8e53b9c2f",
+                "sha256:a91481dbcddf1736c98a80b122afa0f7296eeb80b72344d7f45dc9f781551f56",
+                "sha256:ab31a88a651039a07a3ae327d68ebdd8bc589b16938c09ef3f32a4b809dc96ef",
+                "sha256:abc25c3cab9ec7fcd299b9bcb3b8d4a1231877e425c650fa1c7576c5107ab851",
+                "sha256:adfb84ca6b87e06bc6b146dc7da7623395db1e31621c4785ad0658c5028b37d7",
+                "sha256:afbbdb120d1e78d2ba8064a68058001b871154cc57787031b645c9142b937a62",
+                "sha256:afd5562927cdef7c4f5550374acbc117fd4ecc05b5007bdfa57cc5355864e0a4",
+                "sha256:b070bbe8d3f0f6147689bed981d19bbb33070225373338df755a46893528104a",
+                "sha256:b0b58fbfa1bf7367dde8a557994e3b1637294be6cf2169810375caf8571a085c",
+                "sha256:b560e3aa4b1d49e0e6c847d72665384db35b2f5d45f8e6a5c0072e0283430533",
+                "sha256:b6241d4eee5f89453307c2f2bfa03b50362052ca0af1efecf9fef9a41a22bb4f",
+                "sha256:b6787b643356111dfd4032b5bffe26d2f8331556ecb79e15dacb9275da02866e",
+                "sha256:bcbf4af004f98793a95355980764b3d80d47117678118a44a80b721c9913436a",
+                "sha256:beb72935a941965c52990f3a32d7f07ce869fe21c6af8b34bf6a277b33a345d3",
+                "sha256:bf2e2458345d9bffb0d9ec16557d8858c9c88d2d11fed53998512504cd9df49b",
+                "sha256:c2d35a1d047efd68027817b32ab1586c1169e60ca02c65d428ae815b593e65d4",
+                "sha256:c38d7b9a690b090de999835f0443d8aa93ce5f2064035dfc48f27f02b4afc3d0",
+                "sha256:c6f2c8372b98208ce609c9e1d707f6918cc118fea4e2c754c9f0812c04ca116d",
+                "sha256:c817d420c60a5183953c783b0547d9eb43b7b344a2c46f69513d5952a78cddf3",
+                "sha256:c8ba129e6d3b0136a0f50345b2cb3db53f6bda5dd8c7f5d83fbccba97fb5dcb5",
+                "sha256:c94e75445b00319c1fad60f3c98b09cd63fe1134a8a953dcd48989ef42318534",
+                "sha256:cc4691d60512798304acb9207987e7b2b7c44627ea88b9d77489bbe3e6cc3bd4",
+                "sha256:cc518cea79fd1e2f6c90baafa28906d4309d24f3a63e801d855e7424c5b34144",
+                "sha256:cd53553ddad4a9c2f1f022756ae64abe16da1feb497edf4d9f87f99ec7cf86bd",
+                "sha256:cf22b41fdae514ee2f1691b6c3cdeae666d8b7fa9434de445f12bbeee0cf48dd",
+                "sha256:d38c8f50ecf57f0463399569aa388b232cf1a2ffb8f0a9a5412d0db57e054860",
+                "sha256:d3be9b2076112e51b323bdf6d5a7f8a798de55fb8d95fcb64bd179460cdc0704",
+                "sha256:d4f2cc7060dc3646632d7f15fe68e2fa98f58e35dd5666cd525f3b35d3fed7f8",
+                "sha256:d7520db34088c96cc0e0a3ad51a4fd5b401f279ee112aa2b7f8f976d8582606d",
+                "sha256:d793bebb202a6000390a5390078e945bbb49855c29c7e4d56a85901326c3b5d9",
+                "sha256:da052e7962ea2d5e5ef5bc0355d55007407087392cf465b7ad84ce5f3e25fe0f",
+                "sha256:dae0ed02f6b075426accbf6b2863c3d0a7eacc1b41fb40f2251d931e50188dad",
+                "sha256:ddc678fb4c7e30cf830a2b5a8d869538bc55b28d6c68544d09c7d0d8f17694dc",
+                "sha256:df2e6f546c4df14bc81f9498bbc007fbb87669f1bb707c6138878c46b06f6510",
+                "sha256:e02c5175f63effbd7c5e590399c118d5db6183bbfe8e0d118bdb5c2d1b48d937",
+                "sha256:e196a4ff48310ba62e53a8e0f97ca2bca83cdd2fe2934d8b5cb0df0a841b193a",
+                "sha256:e233db59c8f76630c512ab4a4daf5a5986da5c3d5b44b8e9fc742f2a24dbd460",
+                "sha256:e32be23d538753a8adb6c85bd539f5fd3b15cb987404327c569dfc5fd8366e85",
+                "sha256:e3d30321949861404323c50aebeb1943461a67cd51d4200ab02babc58bd06a86",
+                "sha256:e89580a581bf478d8dcb97d9cd011d567768e8bc4095f8557b21c4d4c5fea7d0",
+                "sha256:e998e304036198b4f6914e6a1e2b6f925208a20e2042563d9734881150c6c246",
+                "sha256:ec42088248c596dbd61d4ae8a5b004f97a4d91a9fd286f632e42e60b706718d7",
+                "sha256:efa7b51824aa0ee957ccd5a741c73e6851de55f40d807f08069eb4c5a26b2baa",
+                "sha256:f0a1bc63a465b6d72569a9bba9f2ef0334c4e03958e043da1920299100bc7c08",
+                "sha256:f18a5a84e16886898e51ab4b1d43acb3083c39b14c8caeb3589aabff0ee0b270",
+                "sha256:f2a9efc53d5b714b8df2b4b3e992accf8ce5bbdfe544d74d5c6766c9e1146a3a",
+                "sha256:f3bbbc998d42f8e561f347e798b85513ba4da324c2b3f9b7969e9c45b10f6169",
+                "sha256:f42038016852ae51b4088b2862126535cc4fc85802bfe30dea3500fdfaf1864e",
+                "sha256:f443cdef978430887ed55112b491f670bba6462cea7a7742ff8f14b7abb98d75",
+                "sha256:f51969bac61441fd31f028d7b3b45962f3ecebf691a510495e5d2cd8c8092dbd",
+                "sha256:f8aca2e3a72f37bfc7b14ba96d4056244001ddcc18382bd0daa087fd2e68a354",
+                "sha256:f9737bf36262046213a28e789cc82d82c6ef19c85a0cf05e75c670a33342ac2c",
+                "sha256:fd6037392f2d57793ab98d9e26798f44b8b4da2f2464388588f48ac52c489ea1",
+                "sha256:feaa45c0eae424d3e90d78823f3828e7dc42a42f21ed420db98da2c4ecf0a2cb",
+                "sha256:ff097ae562e637409b429a7ac958a20aab237a0378c42dabaa1e3abf2f896e5f",
+                "sha256:ff46d772d5f6f73564979cd77a4fffe55c916a05f3cb70e7c9c0590059fb29ef"
             ],
             "markers": "python_version >= '3.6'",
-            "version": "==5.2.0"
+            "version": "==5.2.1"
         },
         "markdown": {
             "hashes": [
@@ -528,6 +569,7 @@
             "extras": [
                 "imaging"
             ],
+            "markers": "python_version >= '3.8'",
             "path": "./modules/mkdocs-material"
         },
         "mkdocs-material-extensions": {
@@ -562,77 +604,77 @@
         },
         "pillow": {
             "hashes": [
-                "sha256:0304004f8067386b477d20a518b50f3fa658a28d44e4116970abfcd94fac34a8",
-                "sha256:0689b5a8c5288bc0504d9fcee48f61a6a586b9b98514d7d29b840143d6734f39",
-                "sha256:0eae2073305f451d8ecacb5474997c08569fb4eb4ac231ffa4ad7d342fdc25ac",
-                "sha256:0fb3e7fc88a14eacd303e90481ad983fd5b69c761e9e6ef94c983f91025da869",
-                "sha256:11fa2e5984b949b0dd6d7a94d967743d87c577ff0b83392f17cb3990d0d2fd6e",
-                "sha256:127cee571038f252a552760076407f9cff79761c3d436a12af6000cd182a9d04",
-                "sha256:154e939c5f0053a383de4fd3d3da48d9427a7e985f58af8e94d0b3c9fcfcf4f9",
-                "sha256:15587643b9e5eb26c48e49a7b33659790d28f190fc514a322d55da2fb5c2950e",
-                "sha256:170aeb00224ab3dc54230c797f8404507240dd868cf52066f66a41b33169bdbe",
-                "sha256:1b5e1b74d1bd1b78bc3477528919414874748dd363e6272efd5abf7654e68bef",
-                "sha256:1da3b2703afd040cf65ec97efea81cfba59cdbed9c11d8efc5ab09df9509fc56",
-                "sha256:1e23412b5c41e58cec602f1135c57dfcf15482013ce6e5f093a86db69646a5aa",
-                "sha256:2247178effb34a77c11c0e8ac355c7a741ceca0a732b27bf11e747bbc950722f",
-                "sha256:257d8788df5ca62c980314053197f4d46eefedf4e6175bc9412f14412ec4ea2f",
-                "sha256:3031709084b6e7852d00479fd1d310b07d0ba82765f973b543c8af5061cf990e",
-                "sha256:322209c642aabdd6207517e9739c704dc9f9db943015535783239022002f054a",
-                "sha256:322bdf3c9b556e9ffb18f93462e5f749d3444ce081290352c6070d014c93feb2",
-                "sha256:33870dc4653c5017bf4c8873e5488d8f8d5f8935e2f1fb9a2208c47cdd66efd2",
-                "sha256:35bb52c37f256f662abdfa49d2dfa6ce5d93281d323a9af377a120e89a9eafb5",
-                "sha256:3c31822339516fb3c82d03f30e22b1d038da87ef27b6a78c9549888f8ceda39a",
-                "sha256:3eedd52442c0a5ff4f887fab0c1c0bb164d8635b32c894bc1faf4c618dd89df2",
-                "sha256:3ff074fc97dd4e80543a3e91f69d58889baf2002b6be64347ea8cf5533188213",
-                "sha256:47c0995fc4e7f79b5cfcab1fc437ff2890b770440f7696a3ba065ee0fd496563",
-                "sha256:49d9ba1ed0ef3e061088cd1e7538a0759aab559e2e0a80a36f9fd9d8c0c21591",
-                "sha256:51f1a1bffc50e2e9492e87d8e09a17c5eea8409cda8d3f277eb6edc82813c17c",
-                "sha256:52a50aa3fb3acb9cf7213573ef55d31d6eca37f5709c69e6858fe3bc04a5c2a2",
-                "sha256:54f1852cd531aa981bc0965b7d609f5f6cc8ce8c41b1139f6ed6b3c54ab82bfb",
-                "sha256:609448742444d9290fd687940ac0b57fb35e6fd92bdb65386e08e99af60bf757",
-                "sha256:69ffdd6120a4737710a9eee73e1d2e37db89b620f702754b8f6e62594471dee0",
-                "sha256:6fad5ff2f13d69b7e74ce5b4ecd12cc0ec530fcee76356cac6742785ff71c452",
-                "sha256:7049e301399273a0136ff39b84c3678e314f2158f50f517bc50285fb5ec847ad",
-                "sha256:70c61d4c475835a19b3a5aa42492409878bbca7438554a1f89d20d58a7c75c01",
-                "sha256:716d30ed977be8b37d3ef185fecb9e5a1d62d110dfbdcd1e2a122ab46fddb03f",
-                "sha256:753cd8f2086b2b80180d9b3010dd4ed147efc167c90d3bf593fe2af21265e5a5",
-                "sha256:773efe0603db30c281521a7c0214cad7836c03b8ccff897beae9b47c0b657d61",
-                "sha256:7823bdd049099efa16e4246bdf15e5a13dbb18a51b68fa06d6c1d4d8b99a796e",
-                "sha256:7c8f97e8e7a9009bcacbe3766a36175056c12f9a44e6e6f2d5caad06dcfbf03b",
-                "sha256:823ef7a27cf86df6597fa0671066c1b596f69eba53efa3d1e1cb8b30f3533068",
-                "sha256:8373c6c251f7ef8bda6675dd6d2b3a0fcc31edf1201266b5cf608b62a37407f9",
-                "sha256:83b2021f2ade7d1ed556bc50a399127d7fb245e725aa0113ebd05cfe88aaf588",
-                "sha256:870ea1ada0899fd0b79643990809323b389d4d1d46c192f97342eeb6ee0b8483",
-                "sha256:8d12251f02d69d8310b046e82572ed486685c38f02176bd08baf216746eb947f",
-                "sha256:9c23f307202661071d94b5e384e1e1dc7dfb972a28a2310e4ee16103e66ddb67",
-                "sha256:9d189550615b4948f45252d7f005e53c2040cea1af5b60d6f79491a6e147eef7",
-                "sha256:a086c2af425c5f62a65e12fbf385f7c9fcb8f107d0849dba5839461a129cf311",
-                "sha256:a2b56ba36e05f973d450582fb015594aaa78834fefe8dfb8fcd79b93e64ba4c6",
-                "sha256:aebb6044806f2e16ecc07b2a2637ee1ef67a11840a66752751714a0d924adf72",
-                "sha256:b1b3020d90c2d8e1dae29cf3ce54f8094f7938460fb5ce8bc5c01450b01fbaf6",
-                "sha256:b4b6b1e20608493548b1f32bce8cca185bf0480983890403d3b8753e44077129",
-                "sha256:b6f491cdf80ae540738859d9766783e3b3c8e5bd37f5dfa0b76abdecc5081f13",
-                "sha256:b792a349405fbc0163190fde0dc7b3fef3c9268292586cf5645598b48e63dc67",
-                "sha256:b7c2286c23cd350b80d2fc9d424fc797575fb16f854b831d16fd47ceec078f2c",
-                "sha256:babf5acfede515f176833ed6028754cbcd0d206f7f614ea3447d67c33be12516",
-                "sha256:c365fd1703040de1ec284b176d6af5abe21b427cb3a5ff68e0759e1e313a5e7e",
-                "sha256:c4225f5220f46b2fde568c74fca27ae9771536c2e29d7c04f4fb62c83275ac4e",
-                "sha256:c570f24be1e468e3f0ce7ef56a89a60f0e05b30a3669a459e419c6eac2c35364",
-                "sha256:c6dafac9e0f2b3c78df97e79af707cdc5ef8e88208d686a4847bab8266870023",
-                "sha256:c8de2789052ed501dd829e9cae8d3dcce7acb4777ea4a479c14521c942d395b1",
-                "sha256:cb28c753fd5eb3dd859b4ee95de66cc62af91bcff5db5f2571d32a520baf1f04",
-                "sha256:cb4c38abeef13c61d6916f264d4845fab99d7b711be96c326b84df9e3e0ff62d",
-                "sha256:d1b35bcd6c5543b9cb547dee3150c93008f8dd0f1fef78fc0cd2b141c5baf58a",
-                "sha256:d8e6aeb9201e655354b3ad049cb77d19813ad4ece0df1249d3c793de3774f8c7",
-                "sha256:d8ecd059fdaf60c1963c58ceb8997b32e9dc1b911f5da5307aab614f1ce5c2fb",
-                "sha256:da2b52b37dad6d9ec64e653637a096905b258d2fc2b984c41ae7d08b938a67e4",
-                "sha256:e87f0b2c78157e12d7686b27d63c070fd65d994e8ddae6f328e0dcf4a0cd007e",
-                "sha256:edca80cbfb2b68d7b56930b84a0e45ae1694aeba0541f798e908a49d66b837f1",
-                "sha256:f379abd2f1e3dddb2b61bc67977a6b5a0a3f7485538bcc6f39ec76163891ee48",
-                "sha256:fe4c15f6c9285dc54ce6553a3ce908ed37c8f3825b5a51a15c91442bb955b868"
+                "sha256:048ad577748b9fa4a99a0548c64f2cb8d672d5bf2e643a739ac8faff1164238c",
+                "sha256:048eeade4c33fdf7e08da40ef402e748df113fd0b4584e32c4af74fe78baaeb2",
+                "sha256:0ba26351b137ca4e0db0342d5d00d2e355eb29372c05afd544ebf47c0956ffeb",
+                "sha256:0ea2a783a2bdf2a561808fe4a7a12e9aa3799b701ba305de596bc48b8bdfce9d",
+                "sha256:1530e8f3a4b965eb6a7785cf17a426c779333eb62c9a7d1bbcf3ffd5bf77a4aa",
+                "sha256:16563993329b79513f59142a6b02055e10514c1a8e86dca8b48a893e33cf91e3",
+                "sha256:19aeb96d43902f0a783946a0a87dbdad5c84c936025b8419da0a0cd7724356b1",
+                "sha256:1a1d1915db1a4fdb2754b9de292642a39a7fb28f1736699527bb649484fb966a",
+                "sha256:1b87bd9d81d179bd8ab871603bd80d8645729939f90b71e62914e816a76fc6bd",
+                "sha256:1dfc94946bc60ea375cc39cff0b8da6c7e5f8fcdc1d946beb8da5c216156ddd8",
+                "sha256:2034f6759a722da3a3dbd91a81148cf884e91d1b747992ca288ab88c1de15999",
+                "sha256:261ddb7ca91fcf71757979534fb4c128448b5b4c55cb6152d280312062f69599",
+                "sha256:2ed854e716a89b1afcedea551cd85f2eb2a807613752ab997b9974aaa0d56936",
+                "sha256:3102045a10945173d38336f6e71a8dc71bcaeed55c3123ad4af82c52807b9375",
+                "sha256:339894035d0ede518b16073bdc2feef4c991ee991a29774b33e515f1d308e08d",
+                "sha256:412444afb8c4c7a6cc11a47dade32982439925537e483be7c0ae0cf96c4f6a0b",
+                "sha256:4203efca580f0dd6f882ca211f923168548f7ba334c189e9eab1178ab840bf60",
+                "sha256:45ebc7b45406febf07fef35d856f0293a92e7417ae7933207e90bf9090b70572",
+                "sha256:4b5ec25d8b17217d635f8935dbc1b9aa5907962fae29dff220f2659487891cd3",
+                "sha256:4c8e73e99da7db1b4cad7f8d682cf6abad7844da39834c288fbfa394a47bbced",
+                "sha256:4e6f7d1c414191c1199f8996d3f2282b9ebea0945693fb67392c75a3a320941f",
+                "sha256:4eaa22f0d22b1a7e93ff0a596d57fdede2e550aecffb5a1ef1106aaece48e96b",
+                "sha256:50b8eae8f7334ec826d6eeffaeeb00e36b5e24aa0b9df322c247539714c6df19",
+                "sha256:50fd3f6b26e3441ae07b7c979309638b72abc1a25da31a81a7fbd9495713ef4f",
+                "sha256:51243f1ed5161b9945011a7360e997729776f6e5d7005ba0c6879267d4c5139d",
+                "sha256:5d512aafa1d32efa014fa041d38868fda85028e3f930a96f85d49c7d8ddc0383",
+                "sha256:5f77cf66e96ae734717d341c145c5949c63180842a545c47a0ce7ae52ca83795",
+                "sha256:6b02471b72526ab8a18c39cb7967b72d194ec53c1fd0a70b050565a0f366d355",
+                "sha256:6fb1b30043271ec92dc65f6d9f0b7a830c210b8a96423074b15c7bc999975f57",
+                "sha256:7161ec49ef0800947dc5570f86568a7bb36fa97dd09e9827dc02b718c5643f09",
+                "sha256:72d622d262e463dfb7595202d229f5f3ab4b852289a1cd09650362db23b9eb0b",
+                "sha256:74d28c17412d9caa1066f7a31df8403ec23d5268ba46cd0ad2c50fb82ae40462",
+                "sha256:78618cdbccaa74d3f88d0ad6cb8ac3007f1a6fa5c6f19af64b55ca170bfa1edf",
+                "sha256:793b4e24db2e8742ca6423d3fde8396db336698c55cd34b660663ee9e45ed37f",
+                "sha256:798232c92e7665fe82ac085f9d8e8ca98826f8e27859d9a96b41d519ecd2e49a",
+                "sha256:81d09caa7b27ef4e61cb7d8fbf1714f5aec1c6b6c5270ee53504981e6e9121ad",
+                "sha256:8ab74c06ffdab957d7670c2a5a6e1a70181cd10b727cd788c4dd9005b6a8acd9",
+                "sha256:8eb0908e954d093b02a543dc963984d6e99ad2b5e36503d8a0aaf040505f747d",
+                "sha256:90b9e29824800e90c84e4022dd5cc16eb2d9605ee13f05d47641eb183cd73d45",
+                "sha256:9797a6c8fe16f25749b371c02e2ade0efb51155e767a971c61734b1bf6293994",
+                "sha256:9d2455fbf44c914840c793e89aa82d0e1763a14253a000743719ae5946814b2d",
+                "sha256:9d3bea1c75f8c53ee4d505c3e67d8c158ad4df0d83170605b50b64025917f338",
+                "sha256:9e2ec1e921fd07c7cda7962bad283acc2f2a9ccc1b971ee4b216b75fad6f0463",
+                "sha256:9e91179a242bbc99be65e139e30690e081fe6cb91a8e77faf4c409653de39451",
+                "sha256:a0eaa93d054751ee9964afa21c06247779b90440ca41d184aeb5d410f20ff591",
+                "sha256:a2c405445c79c3f5a124573a051062300936b0281fee57637e706453e452746c",
+                "sha256:aa7e402ce11f0885305bfb6afb3434b3cd8f53b563ac065452d9d5654c7b86fd",
+                "sha256:aff76a55a8aa8364d25400a210a65ff59d0168e0b4285ba6bf2bd83cf675ba32",
+                "sha256:b09b86b27a064c9624d0a6c54da01c1beaf5b6cadfa609cf63789b1d08a797b9",
+                "sha256:b14f16f94cbc61215115b9b1236f9c18403c15dd3c52cf629072afa9d54c1cbf",
+                "sha256:b50811d664d392f02f7761621303eba9d1b056fb1868c8cdf4231279645c25f5",
+                "sha256:b7bc2176354defba3edc2b9a777744462da2f8e921fbaf61e52acb95bafa9828",
+                "sha256:c78e1b00a87ce43bb37642c0812315b411e856a905d58d597750eb79802aaaa3",
+                "sha256:c83341b89884e2b2e55886e8fbbf37c3fa5efd6c8907124aeb72f285ae5696e5",
+                "sha256:ca2870d5d10d8726a27396d3ca4cf7976cec0f3cb706debe88e3a5bd4610f7d2",
+                "sha256:ccce24b7ad89adb5a1e34a6ba96ac2530046763912806ad4c247356a8f33a67b",
+                "sha256:cd5e14fbf22a87321b24c88669aad3a51ec052eb145315b3da3b7e3cc105b9a2",
+                "sha256:ce49c67f4ea0609933d01c0731b34b8695a7a748d6c8d186f95e7d085d2fe475",
+                "sha256:d33891be6df59d93df4d846640f0e46f1a807339f09e79a8040bc887bdcd7ed3",
+                "sha256:d3b2348a78bc939b4fed6552abfd2e7988e0f81443ef3911a4b8498ca084f6eb",
+                "sha256:d886f5d353333b4771d21267c7ecc75b710f1a73d72d03ca06df49b09015a9ef",
+                "sha256:d93480005693d247f8346bc8ee28c72a2191bdf1f6b5db469c096c0c867ac015",
+                "sha256:dc1a390a82755a8c26c9964d457d4c9cbec5405896cba94cf51f36ea0d855002",
+                "sha256:dd78700f5788ae180b5ee8902c6aea5a5726bac7c364b202b4b3e3ba2d293170",
+                "sha256:e46f38133e5a060d46bd630faa4d9fa0202377495df1f068a8299fd78c84de84",
+                "sha256:e4b878386c4bf293578b48fc570b84ecfe477d3b77ba39a6e87150af77f40c57",
+                "sha256:f0d0591a0aeaefdaf9a5e545e7485f89910c977087e7de2b6c388aec32011e9f",
+                "sha256:fdcbb4068117dfd9ce0138d068ac512843c52295ed996ae6dd1faf537b6dbc27",
+                "sha256:ff61bfd9253c3915e6d41c651d5f962da23eda633cf02262990094a18a55371a"
             ],
-            "markers": "python_version >= '3.8'",
-            "version": "==10.2.0"
+            "version": "==10.3.0"
         },
         "platformdirs": {
             "hashes": [

README.md

@@ -86,7 +86,14 @@ When you contribute to this repository you are doing so under the above licenses
 
 Committing to this repository requires [signing your commits](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits) (`git config commit.gpgsign true`) unless you are making edits via the GitHub.com text editor interface. As of August 2022 the preferred signing method is [SSH commit signatures](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification#ssh-commit-signature-verification), but GPG signing is also acceptable. You should add your signing key to your GitHub profile.
 
-This website uses [`mkdocs-material-insiders`](https://squidfunk.github.io/mkdocs-material/insiders) which offers additional functionality over the open-source `mkdocs-material` project. For obvious reasons we cannot distribute access to the insiders repository. Running this website locally without access to insiders is unsupported. If you are submitting a PR, please ensure the automatic preview generated for your PR looks correct, as that site will be built with the production insiders build.
+### With `mkdocs-material`
+
+1. Install required packages: `pip install mkdocs-material`
+2. Run a local preview of the English site: `mkdocs serve --config-file config/mkdocs.en.yml`
+
+### With `mkdocs-material-insiders`
+
+This website uses [`mkdocs-material-insiders`](https://squidfunk.github.io/mkdocs-material/insiders) which offers additional functionality over the open-source `mkdocs-material` project. For obvious reasons we cannot distribute access to the insiders repository. If you are submitting a PR, please ensure the automatic preview generated for your PR looks correct, as that site will be built with the production insiders build.
 
 **Team members** should clone the repository with `mkdocs-material-insiders` directly. This method is identical to production:
 
@@ -95,9 +102,9 @@ This website uses [`mkdocs-material-insiders`](https://squidfunk.github.io/mkdoc
 3. Install Python **3.12**.
 4. Install **pipenv**: `pip install pipenv`
 5. Install dependencies: `pipenv install --dev` (install [Pillow and CairoSVG](https://squidfunk.github.io/mkdocs-material/setup/setting-up-social-cards/#dependencies) as well to generate social cards)
-6. Serve the site locally: `pipenv run mkdocs serve --config-file config/mkdocs.en.yml` (set `CARDS=true` to generate social cards)
+6. Serve the site locally: `MKDOCS_INHERIT=mkdocs-production.yml pipenv run mkdocs serve --config-file config/mkdocs.en.yml` (set `CARDS=true` to generate social cards)
     - The site will be available at `http://localhost:8000`
-    - You can build the site locally with `pipenv run mkdocs build --config-file config/mkdocs.en.yml`
+    - You can build the site locally with `MKDOCS_INHERIT=mkdocs-production.yml pipenv run mkdocs build --config-file config/mkdocs.en.yml`
     - This version of the site should be identical to the live, production version
 
 If you commit to `main` with commits signed with your SSH key, you should add your SSH key to [`.allowed_signers`](/.allowed_signers) in this repo.

config/caddy/Caddyfile

@@ -1,50 +0,0 @@
-(pg-umami-config) {
-	umami {
-		event_endpoint https://stats.jonaharagon.net/api/send
-		website_uuid 30b92047-7cbb-4800-9815-2e075a293e0a
-		# bit of a hack to get umami working properly, nothing to do with cloudflare
-		client_ip_header CF-Connecting-IP
-		trusted_ip_header X-Real-IP
-		cookie_consent umami
-		cookie_resolution resolution
-		debug
-	}
-}
-
-www.privacyguides.org {
-	import vars
-	import common/*.caddy
-	import production/*.caddy
-}
-
-http://www.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion {
-	import vars
-	import common/*.caddy
-	import production/minio.caddy
-}
-
-http://*.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion {
-	@hostnames header_regexp hostname Host (\S+)\.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd\.onion
-	handle @hostnames {
-		reverse_proxy {re.hostname.1}.privacyguides.org:443 {
-			header_up Host {re.hostname.1}.privacyguides.org
-			transport http {
-				tls
-			}
-		}
-	}
-}
-
-privacyguides.org {
-	import vars
-	import production/matrix.caddy
-
-	handle {
-		import production/https.caddy
-		redir https://www.privacyguides.org{uri}
-	}
-}
-
-http://xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion {
-	redir http://www.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion{uri}
-}

config/caddy/README.md

@@ -1,13 +0,0 @@
-# Caddy Webserver Config
-
-Requires a build of Caddy with [jonaharagon/caddy-umami](https://github.com/jonaharagon/caddy-umami) installed.
-
-## Variables
-
-These variables are set on the server, and can be accessed like `{vars.variable_name}`:
-
-- `minio_hostname`
-- `pg_minio_bucket`
-- `pg_matrix_webserver`
-- `pg_umami_website_uuid`
-- `umami_hostname`

config/caddy/common/00-matchers.caddy

@@ -1,34 +0,0 @@
-@static {
-	path *.ico *.css *.js *.gif *.webp *.avif *.jpg *.jpeg *.png *.svg *.woff *.woff2
-}
-
-@en path /en/*
-@es path /es/*
-@fr path /fr/*
-@he path /he/*
-@it path /it/*
-@nl path /nl/*
-@ru path /ru/*
-@zh-Hant path /zh-Hant/*
-
-@es-header {
-	header Accept-Language es*
-}
-@fr-header {
-	header Accept-Language fr*
-}
-@he-header {
-	header Accept-Language he*
-}
-@it-header {
-	header Accept-Language it*
-}
-@nl-header {
-	header Accept-Language nl*
-}
-@ru-header {
-	header Accept-Language ru*
-}
-@zh-Hant-header {
-	header Accept-Language zh-Hant*
-}

config/caddy/common/30-errors.caddy

@@ -1,42 +0,0 @@
-handle_errors {
-	@errors `{err.status_code} in [404]`
-	handle @errors {
-		handle @es {
-			try_files /i18n/{err.status_code}.es.html i18n/{err.status_code}.en.html
-			file_server
-		}
-		handle @fr {
-			try_files i18n/{err.status_code}.fr.html i18n/{err.status_code}.en.html
-			file_server
-		}
-		handle @he {
-			try_files i18n/{err.status_code}.he.html i18n/{err.status_code}.en.html
-			file_server
-		}
-		handle @it {
-			try_files i18n/{err.status_code}.it.html i18n/{err.status_code}.en.html
-			file_server
-		}
-		handle @nl {
-			try_files i18n/{err.status_code}.nl.html i18n/{err.status_code}.en.html
-			file_server
-		}
-		handle @ru {
-			try_files i18n/{err.status_code}.ru.html i18n/{err.status_code}.en.html
-			file_server
-		}
-		handle @zh-Hant {
-			try_files i18n/{err.status_code}.zh-Hant.html i18n/{err.status_code}.en.html
-			file_server
-		}
-		handle {
-			try_files i18n/{err.status_code}.en.html
-			file_server
-		}
-	}
-
-	# Handle all other webserver errors with a simple text response
-	handle {
-		respond "{err.status_code} {err.status_text}"
-	}
-}

config/caddy/common/30-headers.caddy

@@ -1,16 +0,0 @@
-header X-Frame-Options SAMEORIGIN
-header X-Content-Type-Options nosniff
-header X-XSS-Protection 0
-
-vars pg_csp_self "https://www.privacyguides.org https://cdn.privacyguides.org 'self'"
-# You can check whether a CSP directive will fall back to default-src on MDN.
-# Add CSP directives WITH a default-src fallback here:
-header +Content-Security-Policy "default-src 'none'; script-src {vars.pg_csp_self} 'unsafe-inline'; style-src {vars.pg_csp_self} 'unsafe-inline'; font-src {vars.pg_csp_self} data:; img-src data: {vars.pg_csp_self}; connect-src https://api.github.com https://*.privacyguides.net {vars.pg_csp_self}; frame-src https://*.privacyguides.net https://snowflake.torproject.org {vars.pg_csp_self}"
-# Add CSP directives WITHOUT a default-src fallback here:
-header +Content-Security-Policy "form-action 'self'; frame-ancestors 'none'; base-uri 'none'; sandbox allow-scripts allow-popups allow-same-origin;"
-
-header Permissions-Policy "browsing-topics=(), conversion-measurement=(), interest-cohort=(), accelerometer=(), ambient-light-sensor=(), battery=(), camera=(), display-capture=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), usb=()"
-
-header Access-Control-Allow-Origin "*"
-
-header @static Cache-Control max-age=2592000

config/caddy/common/50-redirect.caddy

@@ -1,4 +0,0 @@
-redir /kb* /en/basics/why-privacy-matters/
-redir /license* https://github.com/privacyguides/privacyguides.org/tree/main/README.md#license
-redir /coc* /en/CODE_OF_CONDUCT/
-redir /team* /en/about/

config/caddy/common/55-redirect-lang.caddy

@@ -1,30 +0,0 @@
-route / {
-	header Cache-Control no-store
-
-	redir @es-header /es
-	redir @fr-header /fr
-	redir @he-header /he
-	redir @it-header /it
-	redir @nl-header /nl
-	redir @ru-header /ru
-	redir @zh-Hant-header /zh-Hant
-
-	# default case
-	handle {
-		redir * /en/
-	}
-}
-
-@kb {
-	path */kb */kb/*
-}
-route @kb {
-	redir @es /es/basics/why-privacy-matters/
-	redir @fr /fr/basics/why-privacy-matters/
-	redir @he /he/basics/why-privacy-matters/
-	redir @it /it/basics/why-privacy-matters/
-	redir @nl /nl/basics/why-privacy-matters/
-	redir @ru /ru/basics/why-privacy-matters/
-	redir @zh-Hant /zh-Hant/basics/why-privacy-matters/
-	redir * /en/basics/why-privacy-matters/
-}

config/caddy/common/55-redirect-outdated.caddy

@@ -1,50 +0,0 @@
-redir /browsers /en/desktop-browsers/
-redir /blog https://blog.privacyguides.org
-redir /basics/dns-overview /en/advanced/dns-overview/
-redir /basics/tor-overview /en/advanced/tor-overview/
-redir /real-time-communication/communication-network-types /en/advanced/communication-network-types
-redir /advanced/real-time-communication /en/advanced/communication-network-types
-redir /android/overview /en/os/android-overview/
-redir /linux-desktop/overview /en/os/linux-overview/
-redir /android/grapheneos-vs-calyxos https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/
-redir /ios/configuration https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/
-redir /linux-desktop/hardening https://blog.privacyguides.org/2022/04/22/linux-system-hardening/
-redir /linux-desktop/sandboxing https://blog.privacyguides.org/2022/04/22/linux-application-sandboxing/
-redir /advanced/signal-configuration-hardening https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/
-redir /real-time-communication/signal-configuration-hardening https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/
-redir /advanced/integrating-metadata-removal https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/
-redir /advanced/erasing-data https://blog.privacyguides.org/2022/05/25/secure-data-erasure/
-redir /operating-systems /en/desktop/
-redir /threat-modeling /en/basics/threat-modeling/
-redir /self-contained-networks /en/tor/
-redir /privacy-policy /en/about/privacy-policy/
-redir /metadata-removal-tools /en/data-redaction/
-redir /basics /en/kb
-redir /software/file-encryption /en/encryption/
-redir /providers /en/tools/#service-providers
-redir /software/calendar-contacts /en/calendar/
-redir /calendar-contacts /en/calendar/
-redir /software/metadata-removal-tools /en/data-redaction/
-redir /contact /en/about/
-redir /welcome-to-privacy-guides https://blog.privacyguides.org/2021/09/14/welcome-to-privacy-guides/
-redir /software/email /en/email-clients/
-redir /providers/paste /en/tools/
-redir /blog/2019/10/05/understanding-vpns https://www.jonaharagon.com/posts/understanding-vpns/
-redir /terms-and-notices /en/about/notices/
-redir /software/networks /en/tor/
-redir /social-news-aggregator /en/news-aggregators/
-redir /basics/erasing-data https://blog.privacyguides.org/2022/05/25/secure-data-erasure/
-redir /linux-desktop /en/desktop/
-
-handle_path /providers/* {
-	redir * /en/{uri}
-}
-handle_path /software/* {
-	redir * /en/{uri}
-}
-handle_path /blog/* {
-	redir * https://blog.privacyguides.org/{uri}
-}
-handle_path /assets/* {
-	redir * /en/assets/{uri}
-}

config/caddy/common/80-canonical.caddy

@@ -1,6 +0,0 @@
-@canonicalPath {
-	path */
-}
-route @canonicalPath {
-	rewrite @canonicalPath {http.request.orig_uri.path}index.html
-}

config/caddy/production/https.caddy

@@ -1,2 +0,0 @@
-header ?Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
-header +Content-Security-Policy upgrade-insecure-requests;

config/caddy/production/matrix.caddy

@@ -1,13 +0,0 @@
-@matrix {
-	path /.well-known/matrix/*
-}
-
-handle @matrix {
-	reverse_proxy 10.163.5.51:81 {
-		header_up Host matrix.privacyguides.org
-		header_up X-Forwarded-Port {http.request.port}
-		header_up X-Forwarded-TlsProto {tls_protocol}
-		header_up X-Forwarded-TlsCipher {tls_cipher}
-		header_up X-Forwarded-HttpsProto {proto}
-	}
-}

config/caddy/production/minio.caddy

@@ -1,31 +0,0 @@
-cache
-encode zstd gzip
-reverse_proxy http://10.163.3.10:9000 {
-	header_up Host privacyguides-org-production.stor1-minio.jonaharagon.net
-	header_down -Server
-	header_down -Vary
-	header_down -X-*
-
-	@200ok status 2xx 304
-	handle_response @200ok {
-		import pg-umami-config
-		copy_response
-		copy_response_headers
-	}
-
-	@error404 status 404
-	handle_response @error404 {
-		@addSlash {
-			expression !{path}.endsWith("/")
-		}
-		redir @addSlash {http.request.orig_uri.path}/
-	}
-
-	@error400 status 400
-	handle_response @error400 {
-		@real404 {
-			path *//index.html
-		}
-		respond @real404 404
-	}
-}

config/layouts/home.yml

@@ -24,7 +24,7 @@ definitions:
     {{ page.meta.get("title", page.title) }}
 
   - &page_description >-
-    {{ config.extra.homepage_description }}
+    {{ config.extra.privacy_guides.homepage.description }}
 
   - &og_description >-
     {{ page.meta.get("description", config.site_description) or "" }}

config/mkdocs-common.yml

@@ -28,22 +28,139 @@ site_description:
     SITE_DESCRIPTION,
     "Privacy Guides is your central privacy and security resource to protect yourself online.",
   ]
-copyright:
-  !ENV [FOOTER_COPYRIGHT, "© 2019 Privacy Guides and contributors."]
-edit_uri: edit/main/docs/
+edit_uri_template: blob/main/docs/{path}?plain=1
 
 extra:
   generator: false
   context: !ENV [CONTEXT, "production"]
   deploy: !ENV DEPLOY_ID
-  homepage_description:
-    !ENV [
-      DESCRIPTION_HOMEPAGE,
-      "A socially motivated website which provides information about protecting your online data privacy and security.",
-    ]
-  translation_notice: !ENV DESCRIPTION_TRANSLATION
-  translation_notice_cta: !ENV [DESCRIPTION_TRANSLATION_CTA, "Visit Crowdin"]
-  translation_notice_language: !ENV LANG_ENGLISH
+  privacy_guides:
+    footer:
+      intro:
+        !ENV [
+          FOOTER_INTRO,
+          "Privacy Guides is a non-profit, socially motivated website that provides information for protecting your data security and privacy.",
+        ]
+      note:
+        !ENV [
+          FOOTER_NOTE,
+          "We do not make money from recommending certain products, and we do not use affiliate links.",
+        ]
+      copyright:
+        author:
+          !ENV [FOOTER_COPYRIGHT_AUTHOR, "Privacy Guides and contributors."]
+        date: !ENV [FOOTER_COPYRIGHT_DATE, "2019-2024"]
+      license:
+        - fontawesome/brands/creative-commons
+        - fontawesome/brands/creative-commons-by
+        - fontawesome/brands/creative-commons-nd
+      analytics: !ENV [FOOTER_ANALYTICS, "Anonymous statistics preferences."]
+    homepage:
+      description:
+        !ENV [
+          HOMEPAGE_DESCRIPTION,
+          "A socially motivated website which provides information about protecting your online data privacy and security.",
+        ]
+      hero:
+        header:
+          !ENV [HOMEPAGE_HEADER, "The guide to restoring your online privacy."]
+        subheader:
+          !ENV [
+            HOMEPAGE_SUBHEADER,
+            "Massive organizations are monitoring your online activities. Privacy Guides is your central privacy and security resource to protect yourself online.",
+          ]
+        buttons:
+          - name:
+              !ENV [
+                HOMEPAGE_BUTTON_GET_STARTED_NAME,
+                "Start Your Privacy Journey",
+              ]
+            title:
+              !ENV [
+                HOMEPAGE_BUTTON_GET_STARTED_TITLE,
+                "The first step of your privacy journey",
+              ]
+            link: basics/why-privacy-matters/
+            class: md-button md-button--primary
+          - name: !ENV [HOMEPAGE_BUTTON_TOOLS_NAME, "Recommended Tools"]
+            title:
+              !ENV [
+                HOMEPAGE_BUTTON_TOOLS_TITLE,
+                "Recommended privacy tools, services, and knowledge",
+              ]
+            link: tools/
+            class: md-button
+      cta:
+        - title:
+            !ENV [
+              HOMEPAGE_CTA_TITLE,
+              "We need you! Here's how to get involved:",
+            ]
+          links:
+            - icon: simple/discourse
+              name: !ENV [HOMEPAGE_CTA_FORUM_NAME, "Join the forum"]
+              link: https://discuss.privacyguides.net/
+            - icon: simple/mastodon
+              name: !ENV [HOMEPAGE_CTA_MASTODON_NAME, "Follow us on Mastodon"]
+              link: https://mastodon.neat.computer/@privacyguides
+            - icon: simple/github
+              name: !ENV [HOMEPAGE_CTA_GITHUB_NAME, "Contribute on GitHub"]
+              link: https://github.com/privacyguides/privacyguides.org
+            - icon: material/translate
+              name: !ENV [HOMEPAGE_CTA_TRANSLATE_NAME, "Help translate"]
+              link: https://crowdin.com/project/privacyguides
+            - icon: simple/matrix
+              name: !ENV [HOMEPAGE_CTA_MATRIX_NAME, "Join the Matrix chat"]
+              link: https://matrix.to/#/#privacyguides:matrix.org
+            - icon: material/information-outline
+              name: !ENV [HOMEPAGE_CTA_ABOUT_NAME, "Learn more about us"]
+              link: about/
+            - icon: material/hand-coin
+              name: !ENV [HOMEPAGE_CTA_DONATE_NAME, "Donate to Privacy Guides"]
+              link: about/donate/
+          description:
+            !ENV [
+              HOMEPAGE_CTA_DESCRIPTION,
+              "If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know.",
+            ]
+      rss:
+        - title:
+            !ENV [
+              HOMEPAGE_RSS_CHANGELOG_TITLE,
+              "Privacy Guides release changelog",
+            ]
+          link:
+            !ENV [
+              HOMEPAGE_RSS_CHANGELOG_LINK,
+              "https://discuss.privacyguides.net/c/site-development/changelog/9.rss",
+            ]
+        - title: !ENV [HOMEPAGE_RSS_BLOG_TITLE, "Privacy Guides blog feed"]
+          link:
+            !ENV [
+              HOMEPAGE_RSS_BLOG_LINK,
+              "https://blog.privacyguides.org/feed_rss_created.xml",
+            ]
+        - title:
+            !ENV [HOMEPAGE_RSS_STORIES_TITLE, "Privacy Guides Web Stories feed"]
+          link:
+            !ENV [
+              HOMEPAGE_RSS_STORIES_LINK,
+              "https://share.privacyguides.org/web-stories/feed/",
+            ]
+        - title:
+            !ENV [
+              HOMEPAGE_RSS_FORUM_TITLE,
+              "Latest Privacy Guides forum topics",
+            ]
+          link:
+            !ENV [
+              HOMEPAGE_RSS_FORUM_LINK,
+              "https://discuss.privacyguides.net/latest.rss",
+            ]
+    translation_notice:
+      notice: !ENV TRANSLATION_NOTICE
+      cta: !ENV [TRANSLATION_NOTICE_CTA, "Visit Crowdin"]
+      language: !ENV LANG_ENGLISH
   social:
     - icon: simple/mastodon
       link: https://mastodon.neat.computer/@privacyguides
@@ -93,6 +210,24 @@ extra:
       link: /ru/
       lang: ru
       icon: https://raw.githubusercontent.com/twitter/twemoji/master/assets/svg/1f1f7-1f1fa.svg
+  analytics:
+    feedback:
+      title: !ENV [ANALYTICS_FEEDBACK_TITLE, "Was this page helpful?"]
+      ratings:
+        - icon: material/emoticon-happy-outline
+          name: !ENV [ANALYTICS_FEEDBACK_POSITIVE_NAME, "This page was helpful"]
+          data: 1
+          note:
+            !ENV [ANALYTICS_FEEDBACK_POSITIVE_NOTE, "Thanks for your feedback!"]
+        - icon: material/emoticon-sad-outline
+          name:
+            !ENV [
+              ANALYTICS_FEEDBACK_NEGATIVE_NAME,
+              "This page could be improved",
+            ]
+          data: 0
+          note:
+            !ENV [ANALYTICS_FEEDBACK_NEGATIVE_NOTE, "Thanks for your feedback!"]
   consent:
     title: !ENV [ANALYTICS_CONSENT_TITLE, "Contribute anonymous statistics"]
     description:
@@ -101,12 +236,12 @@ extra:
         "We use cookies to collect anonymous usage statistics. You can opt out if you wish.",
       ]
     cookies:
-      umami:
-        name: Self-Hosted Analytics
+      analytics:
+        name: !ENV [ANALYTICS_COOKIE_UMAMI, "Self-Hosted Analytics"]
         checked: true
       github:
-        name: GitHub
-        checked: false
+        name: !ENV [ANALYTICS_COOKIE_GITHUB, "GitHub API"]
+        checked: true
     actions:
       - reject
       - accept
@@ -152,16 +287,17 @@ theme:
     - navigation.expand
     - navigation.path
     - navigation.indexes
+    - content.action.edit
     - content.tabs.link
     - content.tooltips
     - search.highlight
 
 extra_css:
-  - assets/stylesheets/extra.css?v=3.17.0
+  - assets/stylesheets/extra.css?v=1
 extra_javascript:
-  - assets/javascripts/mathjax.js
-  - assets/javascripts/randomize-element.js
-  - assets/javascripts/resolution.js
+  - assets/javascripts/randomize-element.js?v=1
+  - assets/javascripts/resolution.js?v=1
+  - assets/javascripts/feedback.js?v=1
 
 watch:
   - ../theme
@@ -171,29 +307,7 @@ watch:
 plugins:
   tags: {}
   search: {}
-  macros: {}
-  meta: {}
-  git-committers:
-    enabled: !ENV [GITCOMMITTERS, PRODUCTION, NETLIFY, false]
-    repository: privacyguides/privacyguides.org
-    branch: main
-  git-revision-date-localized:
-    enabled: !ENV [GITREVISIONDATE, PRODUCTION, NETLIFY, false]
-    exclude:
-      - index.md
-    fallback_to_build_date: true
-  privacy:
-    assets_exclude:
-      - cdn.jsdelivr.net/npm/mathjax@3/*
-  optimize:
-    enabled: !ENV [OPTIMIZE, PRODUCTION, NETLIFY, false]
-  typeset: {}
-  social:
-    cards: !ENV [CARDS, PRODUCTION, NETLIFY, true]
-    cards_dir: assets/img/social
-    cards_layout_dir: config/layouts
-    cards_layout: page
-    # cards_layout: pride
+  privacy: {}
 
 markdown_extensions:
   admonition: {}
@@ -263,6 +377,7 @@ nav:
           - "tor.md"
           - "desktop-browsers.md"
           - "mobile-browsers.md"
+          - "browser-extensions.md"
       - !ENV [NAV_PROVIDERS, "Providers"]:
           - "cloud.md"
           - "dns.md"

config/mkdocs-offline.yml

@@ -22,15 +22,38 @@ INHERIT: mkdocs-common.yml
 
 # Disable any GitHub integrations
 repo_url: ""
+edit_uri_template: ""
 
 extra:
   # Disable language switcher
   alternate: false
   offline: true
+  privacy_guides:
+    homepage:
+      hero:
+        buttons:
+          - name:
+              !ENV [
+                HOMEPAGE_BUTTON_GET_STARTED_NAME,
+                "Start Your Privacy Journey",
+              ]
+            title:
+              !ENV [
+                HOMEPAGE_BUTTON_GET_STARTED_TITLE,
+                "The first step of your privacy journey",
+              ]
+            link: basics/why-privacy-matters.html
+            class: md-button md-button--primary
+          - name: !ENV [HOMEPAGE_BUTTON_TOOLS_NAME, "Recommended Tools"]
+            title:
+              !ENV [
+                HOMEPAGE_BUTTON_TOOLS_TITLE,
+                "Recommended privacy tools, services, and knowledge",
+              ]
+            link: tools.html
+            class: md-button
 
 theme:
-  # OFFLINE ONLY: this logo needs to be set separately because the relative path is different
-  logo: ../theme/assets/brand/logos/svg/logo/privacy-guides-logo-notext-colorbg.svg
   features:
     - navigation.tabs
     - navigation.sections

config/mkdocs-production.yml

@@ -0,0 +1,29 @@
+INHERIT: mkdocs-common.yml
+
+plugins:
+  macros: {}
+  meta: {}
+  git-committers:
+    enabled: !ENV [GITCOMMITTERS, PRODUCTION, NETLIFY, false]
+    repository: privacyguides/privacyguides.org
+    branch: main
+  git-revision-date-localized:
+    enabled: !ENV [GITREVISIONDATE, PRODUCTION, NETLIFY, false]
+    exclude:
+      - index.md
+    fallback_to_build_date: true
+  optimize:
+    enabled: !ENV [OPTIMIZE, PRODUCTION, NETLIFY, false]
+  typeset: {}
+  social:
+    cards: !ENV [CARDS, PRODUCTION, NETLIFY, true]
+    cards_dir: assets/img/social
+    cards_layout_dir: config/layouts
+    cards_layout: page
+    # cards_layout: pride
+
+markdown_extensions:
+  material.extensions.preview:
+    sources:
+      exclude:
+        - tools.md

config/mkdocs.en.yml

@@ -18,7 +18,7 @@
 # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
 # IN THE SOFTWARE.
 
-INHERIT: mkdocs-common.yml
+INHERIT: !ENV [MKDOCS_INHERIT, mkdocs-common.yml]
 site_url: "https://www.privacyguides.org/en/"
 site_dir: "../site/en"
 

config/mkdocs.es.yml

@@ -18,12 +18,12 @@
 # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
 # IN THE SOFTWARE.
 
-INHERIT: mkdocs-common.yml
+INHERIT: !ENV [MKDOCS_INHERIT, mkdocs-common.yml]
 docs_dir: "../i18n/es"
 site_url: "https://www.privacyguides.org/es/"
 site_dir: "../site/es"
 
-edit_uri: edit/main/i18n/es/
+edit_uri_template: https://github.com/privacyguides/i18n/blob/main/i18n/es/{path}?plain=1
 
 theme:
   language: es

config/mkdocs.fr.yml

@@ -18,12 +18,12 @@
 # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
 # IN THE SOFTWARE.
 
-INHERIT: mkdocs-common.yml
+INHERIT: !ENV [MKDOCS_INHERIT, mkdocs-common.yml]
 docs_dir: "../i18n/fr"
 site_url: "https://www.privacyguides.org/fr/"
 site_dir: "../site/fr"
 
-edit_uri: edit/main/i18n/fr/
+edit_uri_template: https://github.com/privacyguides/i18n/blob/main/i18n/fr/{path}?plain=1
 
 theme:
   language: fr

config/mkdocs.he.yml

@@ -18,12 +18,12 @@
 # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
 # IN THE SOFTWARE.
 
-INHERIT: mkdocs-common.yml
+INHERIT: !ENV [MKDOCS_INHERIT, mkdocs-common.yml]
 docs_dir: "../i18n/he"
 site_url: "https://www.privacyguides.org/he/"
 site_dir: "../site/he"
 
-edit_uri: edit/main/i18n/he/
+edit_uri_template: https://github.com/privacyguides/i18n/blob/main/i18n/he/{path}?plain=1
 
 extra_css:
   - assets/stylesheets/extra.css?v=3.2.0

config/mkdocs.it.yml

@@ -18,12 +18,12 @@
 # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
 # IN THE SOFTWARE.
 
-INHERIT: mkdocs-common.yml
+INHERIT: !ENV [MKDOCS_INHERIT, mkdocs-common.yml]
 docs_dir: "../i18n/it"
 site_url: "https://www.privacyguides.org/it/"
 site_dir: "../site/it"
 
-edit_uri: edit/main/i18n/it/
+edit_uri_template: https://github.com/privacyguides/i18n/blob/main/i18n/it/{path}?plain=1
 
 theme:
   language: it

config/mkdocs.nl.yml

@@ -18,12 +18,12 @@
 # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
 # IN THE SOFTWARE.
 
-INHERIT: mkdocs-common.yml
+INHERIT: !ENV [MKDOCS_INHERIT, mkdocs-common.yml]
 docs_dir: "../i18n/nl"
 site_url: "https://www.privacyguides.org/nl/"
 site_dir: "../site/nl"
 
-edit_uri: edit/main/i18n/nl/
+edit_uri_template: https://github.com/privacyguides/i18n/blob/main/i18n/nl/{path}?plain=1
 
 theme:
   language: nl

config/mkdocs.ru.yml

@@ -18,12 +18,12 @@
 # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
 # IN THE SOFTWARE.
 
-INHERIT: mkdocs-common.yml
+INHERIT: !ENV [MKDOCS_INHERIT, mkdocs-common.yml]
 docs_dir: "../i18n/ru"
 site_url: "https://www.privacyguides.org/ru/"
 site_dir: "../site/ru"
 
-edit_uri: edit/main/docs/
+edit_uri_template: https://github.com/privacyguides/i18n/blob/main/i18n/ru/{path}?plain=1
 
 extra_css:
   - assets/stylesheets/extra.css?v=3.2.0

config/mkdocs.zh-Hant.yml

@@ -18,12 +18,12 @@
 # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
 # IN THE SOFTWARE.
 
-INHERIT: mkdocs-common.yml
+INHERIT: !ENV [MKDOCS_INHERIT, mkdocs-common.yml]
 docs_dir: "../i18n/zh-Hant"
 site_url: "https://www.privacyguides.org/zh-Hant/"
 site_dir: "../site/zh-Hant"
 
-edit_uri: edit/main/i18n/zh-Hant/
+edit_uri_template: https://github.com/privacyguides/i18n/blob/main/i18n/zh-Hant/{path}?plain=1
 
 extra_css:
   - assets/stylesheets/extra.css?v=3.2.0

crowdin.yml

@@ -26,18 +26,8 @@ files:
   - source: "/docs/**/*.*"
     translation: "/i18n/%two_letters_code%/**/%file_name%.%file_extension%"
     skip_untranslated_files: false
-  - source: "/theme/overrides/*.en.html"
-    translation: "/theme/overrides/%file_name%.%two_letters_code%.html"
-    translation_replace:
-      "en.": ""
-    skip_untranslated_files: false
   - source: "/includes/*.en.*"
     translation: "/includes/%file_name%.%two_letters_code%.%file_extension%"
     translation_replace:
       "en.": ""
     skip_untranslated_files: false
-  - source: "/static/i18n/*.en.*"
-    translation: "/static/i18n/%file_name%.%two_letters_code%.%file_extension%"
-    translation_replace:
-      "en.": ""
-    skip_untranslated_files: false

docs/CODE_OF_CONDUCT.md

@@ -12,11 +12,11 @@ What we expect from members of our communities:
 
 1. **Do not spread misinformation**
 
-      We are creating an evidence-based educational community around information privacy and security, not an information home for conspiracy theories. For example, when making a claim that a certain piece of software is malicious or that certain telemetry data is privacy invasive; explain in detail what is collected and how it collected. Claims of this nature must be backed by technical evidence.
+      We are creating an evidence-based educational community around information privacy and security, not an information home for conspiracy theories. For example, when making a claim that a certain piece of software is malicious or that certain telemetry data is privacy invasive, explain in detail what is collected and how it collected. Claims of this nature must be backed by technical evidence.
 
 2. **Do not abuse our willingness to help**
 
-      Our community members are not free tech support. We are happy to help with specific steps for individual's, privacy journey, if they are willing to put in effort. We are not obligated to answer endless, repetitive questions, about general computer problems solvable with a simple internet search. **Do not** become a [help vampire](https://slash7.com/2006/12/22/vampires).
+      Our community members are not free tech support. We are happy to help with specific steps for your privacy journey, if you are willing to put in effort. We are not obligated to answer endless, repetitive questions about general computer problems solvable with a simple internet search. **Do not** become a [help vampire](https://slash7.com/2006/12/22/vampires).
 
 3. **Behave in a positive and constructive manner**
 
@@ -25,7 +25,7 @@ What we expect from members of our communities:
       - Being respectful of differing opinions, viewpoints, and experiences.
       - Demonstrating empathy and kindness toward others.
       - Focusing on what is best not just for us as overseers, but for the overall community.
-      - Giving and gracefully accepting constructive feedback within' our community while growing and improving.
+      - Giving and gracefully accepting constructive feedback within our community while growing and improving.
       - Operating with a communal mindset at all times.
 
 ## Unacceptable Behavior
@@ -34,7 +34,7 @@ The following behaviors are considered harassment and are unacceptable within ou
 
 - Any other conduct which would reasonably be considered inappropriate in a professional setting.
 - Public and/or private harassment of any kind.
-- Publishing others' private information, such as a physical address and/or email address, without a persons explicit permission.
+- Publishing others' private information, such as a physical address and/or an email address, without their explicit permission.
 - The use of sexualized language or imagery, and sexual attention or advances of any kind.
 - Trolling, insulting and/or derogatory comments, including personal or political attacks.
 

docs/about/criteria.md

@@ -2,30 +2,19 @@
 title: General Criteria
 ---
 
-<div class="admonition example" markdown>
-<p class="admonition-title">Work in Progress</p>
+Below are some general priorities we consider for all submissions to Privacy Guides. Each category will have additional requirements for inclusion.
 
-The following page is a work in progress, and does not reflect the full criteria for our recommendations at this time. Past discussion on this topic: [#24](https://github.com/privacyguides/privacyguides.org/discussions/24)
-
-</div>
-
-Below are some things that must apply to all submissions to Privacy Guides. Each category will have additional requirements for inclusion.
+- **Security**: Tools should follow security best-practices wherever applicable.
+- **Source Availability**: Open-source projects are generally preferred over equivalent proprietary alternatives.
+- **Cross-Platform Availability**: We typically prefer recommendations to be cross-platform, to avoid vendor lock-in.
+- **Active Development**: The tools that we recommend should be actively developed, unmaintained projects will be removed in most cases.
+- **Usability**: Tools should be accessible to most computer users, an overly technical background should not be required.
+- **Documentation**: Tools should have clear and extensive documentation for use.
 
 ## Financial Disclosure
 
 We do not make money from recommending certain products, we do not use affiliate links, and we do not provide special consideration to project donors.
 
-## General Guidelines
-
-We apply these priorities when considering new recommendations:
-
-- **Secure**: Tools should follow security best-practices wherever applicable.
-- **Source Availability**: Open-source projects are generally preferred over equivalent proprietary alternatives.
-- **Cross-Platform**: We typically prefer recommendations to be cross-platform, to avoid vendor lock-in.
-- **Active Development**: The tools that we recommend should be actively developed, unmaintained projects will be removed in most cases.
-- **Usability**: Tools should be accessible to most computer users, an overly technical background should not be required.
-- **Documented**: Tools should have clear and extensive documentation for use.
-
 ## Developer Self-Submissions
 
 We have these requirements in regard to developers which wish to submit their project or software for consideration.

docs/about/notices.md

@@ -24,10 +24,9 @@ Unless otherwise noted, all **content** on this website is made available under
 
 This does not include third-party code embedded in this repository, or code where a superseding license is otherwise noted. The following are notable examples, but this list may not be all-inclusive:
 
-* [MathJax](https://github.com/privacyguides/privacyguides.org/blob/main/theme/assets/javascripts/mathjax.js) is licensed under the [Apache License 2.0](https://github.com/privacyguides/privacyguides.org/blob/main/docs/assets/javascripts/LICENSE.mathjax.txt).
-* The [Bagnard](https://github.com/privacyguides/brand/tree/main/WOFF/bagnard) heading font is licensed under the [SIL Open Font License 1.1](https://github.com/privacyguides/brand/blob/main/WOFF/bagnard/LICENSE.txt).
-* The [Public Sans](https://github.com/privacyguides/brand/tree/main/WOFF/public_sans) font used for most text on the site is licensed under the terms detailed [here](https://github.com/privacyguides/brand/blob/main/WOFF/public_sans/LICENSE.txt).
-* The [DM Mono](https://github.com/privacyguides/brand/tree/main/WOFF/dm_mono) font used for monospaced text on the site is licensed under the [SIL Open Font License 1.1](https://github.com/privacyguides/brand/blob/main/WOFF/dm_mono/LICENSE.txt).
+* The [Bagnard](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Bagnard) heading font is licensed under the [SIL Open Font License 1.1](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Bagnard/LICENSE.txt).
+* The [Public Sans](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans) font used for most text on the site is licensed under the terms detailed [here](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans/LICENSE.txt).
+* The [DM Mono](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono) font used for monospaced text on the site is licensed under the [SIL Open Font License 1.1](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono/LICENSE.txt).
 
 This means that you can use the human-readable content in this repository for your own project, per the terms outlined in the Creative Commons Attribution-NoDerivatives 4.0 International Public License text. You may do so in any reasonable manner, but not in any way that suggests Privacy Guides endorses you or your use. You **may not** use the Privacy Guides branding in your own project without express approval from this project. Privacy Guides's brand trademarks include the "Privacy Guides" wordmark and shield logo.
 

docs/about/privacy-policy.md

@@ -15,7 +15,7 @@ The privacy of our website visitors is important to us, so we do not track any i
 
 You can view the data we collect on our [statistics](statistics.md) page.
 
-We run a self-hosted installation of [Umami](https://umami.is/) to collect some anonymous usage data for statistical purposes. The goal is to track overall trends in our website traffic, it is not to track individual visitors. All the data is in aggregate only, and no personal data is stored.
+We run a self-hosted installation of [Umami](https://umami.is) to collect some anonymous usage data for statistical purposes. The goal is to track overall trends in our website traffic, it is not to track individual visitors. All the data is in aggregate only, and no personal data is stored.
 
 The only data which is collected is data sent in a standard web request, which includes referral sources, the page you're visiting, your user agent, your IP address, and your screen resolution. The raw data is immediately discarded after statistics have been generated, for example if we collect your screen resolution as `1125x2436`, the only data we retain is "mobile device" and not your specific resolution.
 

docs/about/statistics.md

@@ -2,7 +2,7 @@
 title: Traffic Statistics
 ---
 
-We self-host [Umami](https://umami.is/) to create a nice visualization of our traffic statistics, which are public at the link below. With this process:
+We self-host [Umami](https://umami.is) to create a nice visualization of our traffic statistics, which are public at the link below. With this process:
 
 - Your information is never shared with a third-party, it stays on servers we control
 - Your personal data is never saved, we only collect data in aggregate

docs/android.md

@@ -123,7 +123,7 @@ GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wik
 
 GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice.
 
-Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#device-support).
+Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
 
 [Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos){ .md-button }
 
@@ -202,7 +202,18 @@ A few more tips for purchasing a Google Pixel:
 - If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
 - Consider price beating options and specials offered at physical stores.
 - Look at online community bargain sites in your country. These can alert you to good sales.
-- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: $\text{Cost} \over \text {EOL Date}-\text{Current Date}$, meaning that the longer use of the device the lower cost per day.
+- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as:
+    <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;">
+      <mfrac>
+        <mtext>Cost</mtext>
+        <mrow>
+          <mtext>End of Life Date</mtext>
+          <mo>−</mo>
+          <mtext>Current Date</mtext>
+        </mrow>
+      </mfrac>
+    </math>
+    , meaning that the longer use of the device the lower cost per day.
 - If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
 
 ## General Apps
@@ -270,7 +281,7 @@ Main privacy features include:
 
 Metadata is not currently deleted from video files but that is planned.
 
-The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](data-redaction.md#exiferaser).
+The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](data-redaction.md#exiferaser-android).
 
 </div>
 
@@ -311,6 +322,7 @@ The image orientation metadata is not deleted. If you enable location (in Secure
 **Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
 
 [:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
 [:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
 [:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
 
@@ -352,7 +364,7 @@ The Google Play Store requires a Google account to login which is not great for
 
 </div>
 
-Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google, however you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
+Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
 
 ### Manually with RSS Notifications
 
@@ -418,7 +430,7 @@ That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](http
 <div class="admonition note" markdown>
 <p class="admonition-title">F-Droid Basic</p>
 
-In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic can do unattended updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
+In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
 
 </div>
 

docs/basics/account-deletion.md

@@ -39,13 +39,13 @@ When attempting to regain access, if the site returns an error message saying th
 
 ### GDPR (EEA residents only)
 
-Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr.org/regulation/article-17.html) of the GDPR. If it's applicable to you, read the privacy policy for any given service to find information on how to exercise your right to erasure. Reading the privacy policy can prove important, as some services have a "Delete Account" option that only disables your account and for real deletion you have to take additional action. Sometimes actual deletion may involve filling out surveys, emailing the data protection officer of the service or even proving your residence in the EEA. If you plan to go this way, do **not** overwrite account information—your identity as an EEA resident may be required. Note that the location of the service does not matter; GDPR applies to anyone serving European users. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and you may be entitled to monetary compensation.
+Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. If it's applicable to you, read the privacy policy for any given service to find information on how to exercise your right to erasure. Reading the privacy policy can prove important, as some services have a "Delete Account" option that only disables your account and for real deletion you have to take additional action. Sometimes actual deletion may involve filling out surveys, emailing the data protection officer of the service or even proving your residence in the EEA. If you plan to go this way, do **not** overwrite account information—your identity as an EEA resident may be required. Note that the location of the service does not matter; GDPR applies to anyone serving European users. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and you may be entitled to monetary compensation.
 
 ### Overwriting Account information
 
 In some situations where you plan to abandon an account, it may make sense to overwrite the account information with fake data. Once you've made sure you can log in, change all the information in your account to falsified information. The reason for this is that many sites will retain information you previously had even after account deletion. The hope is that they will overwrite the previous information with the newest data you entered. However, there is no guarantee that there won't be backups with the prior information.
 
-For the account email, either create a new alternate email account via your provider of choice or create an alias using an [email aliasing service](../email.md#email-aliasing-services). You can then delete your alternate email address once you are done. We recommend against using temporary email providers, as oftentimes it is possible to reactivate temporary emails.
+For the account email, either create a new alternate email account via your provider of choice or create an alias using an [email aliasing service](../email-aliasing.md). You can then delete your alternate email address once you are done. We recommend against using temporary email providers, as oftentimes it is possible to reactivate temporary emails.
 
 ### Delete
 

docs/basics/passwords-overview.md

@@ -82,11 +82,62 @@ We recommend using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_l
 
 To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
 
-One metric to determine the strength of a diceware passphrase is how much entropy it has. The entropy per word in a diceware passphrase is calculated as $\text{log}_2(\text{WordsInList})$ and the overall entropy of the passphrase is calculated as $\text{log}_2(\text{WordsInList}^\text{WordsInPhrase})$.
+One metric to determine the strength of a diceware passphrase is how much entropy it has. The entropy per word in a diceware passphrase is calculated as <math>
+  <mrow>
+    <msub>
+      <mtext>log</mtext>
+      <mn>2</mn>
+    </msub>
+    <mo form="prefix" stretchy="false">(</mo>
+    <mtext>WordsInList</mtext>
+    <mo form="postfix" stretchy="false">)</mo>
+  </mrow>
+</math> and the overall entropy of the passphrase is calculated as: <math>
+  <mrow>
+    <msub>
+      <mtext>log</mtext>
+      <mn>2</mn>
+    </msub>
+    <mo form="prefix" stretchy="false">(</mo>
+    <msup>
+      <mtext>WordsInList</mtext>
+      <mtext>WordsInPhrase</mtext>
+    </msup>
+    <mo form="postfix" stretchy="false">)</mo>
+  </mrow>
+</math>
 
-Therefore, each word in the aforementioned list results in ~12.9 bits of entropy ($\text{log}_2(7776)$), and a seven word passphrase derived from it has ~90.47 bits of entropy ($\text{log}_2(7776^7)$).
+Therefore, each word in the aforementioned list results in ~12.9 bits of entropy (<math>
+  <mrow>
+    <msub>
+      <mtext>log</mtext>
+      <mn>2</mn>
+    </msub>
+    <mo form="prefix" stretchy="false">(</mo>
+    <mn>7776</mn>
+    <mo form="postfix" stretchy="false">)</mo>
+  </mrow>
+</math>), and a seven word passphrase derived from it has ~90.47 bits of entropy (<math>
+  <mrow>
+    <msub>
+      <mtext>log</mtext>
+      <mn>2</mn>
+    </msub>
+    <mo form="prefix" stretchy="false">(</mo>
+    <msup>
+      <mn>7776</mn>
+      <mn>7</mn>
+    </msup>
+    <mo form="postfix" stretchy="false">)</mo>
+  </mrow>
+</math>).
 
-The [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is $\text{WordsInList}^\text{WordsInPhrase}$, or in our case, $7776^7$.
+The [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is <math>
+  <msup>
+    <mtext>WordsInList</mtext>
+    <mtext>WordsInPhrase</mtext>
+  </msup>
+</math>, or in our case, <math><msup><mn>7776</mn><mn>7</mn></msup></math>.
 
 Let's put all of this in perspective: A seven word passphrase using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
 

docs/browser-extensions.md

@@ -0,0 +1,115 @@
+---
+title: Browser Extensions
+icon: material/puzzle-outline
+description: These browser extensions can enhance your browsing experience and protect your privacy.
+cover: browser-extensions.webp
+---
+
+In general, we recommend keeping your browser extensions to a minimum to decrease your attack surface. They have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation.
+
+However, some provide functionality which can outweigh these downsides in certain situations, particularly when it comes to [content blocking](basics/common-threats.md#mass-surveillance-programs).
+
+Don't install extensions which you don't immediately have a need for, or ones that duplicate the functionality of your browser. For example, [Brave](desktop-browsers.md#brave) users don't need to install uBlock Origin, because Brave Shields already provides the same functionality.
+
+## Content Blockers
+
+### uBlock Origin
+
+<div class="admonition recommendation" markdown>
+
+![uBlock Origin logo](assets/img/browsers/ublock_origin.svg){ align=right }
+
+**uBlock Origin** is a popular content blocker that could help you block ads, trackers, and fingerprinting scripts.
+
+[:octicons-repo-16: Repository](https://github.com/gorhill/uBlock#readme){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://github.com/gorhill/uBlock/wiki/Privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://github.com/gorhill/uBlock/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/gorhill/uBlock){ .card-link title="Source Code" }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/ublock-origin)
+- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm)
+- [:simple-microsoftedge: Edge](https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak)
+
+</details>
+
+</div>
+
+We suggest following the [developer's documentation](https://github.com/gorhill/uBlock/wiki/Blocking-mode) and picking one of the "modes". Additional filter lists can impact performance and [may increase attack surface](https://portswigger.net/research/ublock-i-exfiltrate-exploiting-ad-blockers-with-css).
+
+These are some other [filter lists](https://github.com/gorhill/uBlock/wiki/Dashboard:-Filter-lists) that you may want to consider adding:
+
+- [x] Check **Privacy** > **AdGuard URL Tracking Protection**
+- Add [Actually Legitimate URL Shortener Tool](https://raw.githubusercontent.com/DandelionSprout/adfilt/master/LegitimateURLShortener.txt)
+
+### uBlock Origin Lite
+
+uBlock Origin also has a "Lite" version of their extension, which offers a very limited feature-set compared to the original extension. However, it has a few distinct advantages over its full-fledged sibling, so you may want to consider it if...
+
+- ...you don't want to grant full "read/modify website data" permissions to any extensions (even a trusted one like uBlock Origin)
+- ...you want a more resource (memory/CPU) efficient content blocker[^1]
+- ...your browser only supports Manifest V3 extensions
+
+<div class="admonition recommendation" markdown>
+
+![uBlock Origin Lite logo](assets/img/browsers/ublock_origin_lite.svg){ align=right }
+
+**uBlock Origin Lite** is a Manifest V3 compatible content blocker. Compared to the original *uBlock Origin*, this extension does not require broad "read/modify data" permissions to function.
+
+[:octicons-repo-16: Repository](https://github.com/uBlockOrigin/uBOL-home#readme){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://github.com/uBlockOrigin/uBOL-home/wiki/Privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://github.com/uBlockOrigin/uBOL-home/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/gorhill/uBlock/tree/master/platform/mv3){ .card-link title="Source Code" }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/addon/ublock-origin-lite)
+- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/ublock-origin-lite/ddkjiahejlhfcafbddmgiahcphecmpfh)
+
+</details>
+
+</div>
+
+We only recommend this version of uBlock Origin if you never want to make any changes to your filter lists, because it only supports a few pre-selected lists and offers no additional customization options, including the ability to select elements to block manually. These restrictions are due to limitations in Manifest V3's design.
+
+This version offers three levels of blocking: "Basic" works without requiring any special privileges to view and modify site content, while the "Optimal" and "Complete" levels do require that broad permission, but offer a better filtering experience with additional cosmetic rules and scriptlet injections.
+
+If you set the default filtering mode to "Optimal" or "Complete" the extension will request read/modify access to **all** websites you visit. However, you also have the option to change the setting to "Optimal" or "Complete" on a **per-site** basis by adjusting the slider in the extension's pop-up panel on any given site. When you do so, the extension will request read/modify access to that site only. Therefore, if you want to take advantage of uBlock Origin Lite's "permission-less" configuration, you should probably leave the default setting as "Basic" and only adjust it higher on sites where that level is not adequate.
+
+uBlock Origin Lite only receives block list updates whenever the extension is updated from your browser's extension marketplace, as opposed to on demand. This means that you may miss out on new threats being blocked for weeks until a full extension release is published.
+
+### AdGuard
+
+We recommend [Safari](mobile-browsers.md#safari) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, Adguard provides an adequate alternative:
+
+<div class="admonition recommendation" markdown>
+
+![AdGuard logo](assets/img/browsers/adguard.svg){ align=right }
+
+**AdGuard for iOS** is a free and open-source content-blocking extension for Safari that uses the native [Content Blocker API](https://developer.apple.com/documentation/safariservices/creating_a_content_blocker).
+
+[:octicons-home-16: Homepage](https://adguard.com/en/adguard-ios/overview.html){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://adguard.com/privacy/ios.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://kb.adguard.com/ios){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/AdguardTeam/AdguardForiOS){ .card-link title="Source Code" }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-appstore: App Store](https://apps.apple.com/app/id1047223162)
+
+</details>
+
+</div>
+
+Additional filter lists do slow things down and may increase your attack surface, so only apply what you need. AdGuard for iOS has some premium features; however, standard Safari content blocking is free of charge.
+
+## Criteria
+
+- Must not replicate built-in browser or OS functionality.
+- Must directly impact user privacy, i.e. must not simply provide information.
+
+[^1]: uBlock Origin Lite *itself* will consume no resources, because it uses newer APIs which make the browser process the filter lists natively, instead of running JavaScript code within the extension to handle the filtering. However, this resource advantage is only [theoretical](https://github.com/uBlockOrigin/uBOL-home/wiki/Frequently-asked-questions-(FAQ)#is-ubol-more-efficient-cpu--and-memory-wise-than-ubo), because it's possible that standard uBlock Origin's filtering code is more efficient than your browser's native filtering code. This has not yet been benchmarked.

docs/calendar.md

@@ -18,7 +18,7 @@ Multiple calendars and extended sharing functionality is limited to paid subscri
 
 [:octicons-home-16: Homepage](https://tuta.com/calendar){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://tuta.com/faq){ .card-link title=Documentation}
+[:octicons-info-16:](https://tuta.com/support){ .card-link title=Documentation}
 [:octicons-code-16:](https://github.com/tutao/tutanota){ .card-link title="Source Code" }
 [:octicons-heart-16:](https://tuta.com/community){ .card-link title=Contribute }
 
@@ -43,11 +43,11 @@ Multiple calendars and extended sharing functionality is limited to paid subscri
 
 ![Proton](assets/img/calendar/proton-calendar.svg){ align=right }
 
-**Proton Calendar** is an encrypted calendar service available to Proton members via web or mobile clients. Features include: automatic E2EE of all data, sharing features, import/export functionality, and [more](https://proton.me/support/proton-calendar-guide). Those on the free tier get access to 3 calendars, whereas paid subscribers can create up to 25 calendars. Extended sharing functionality is also limited to paid subscribers.
+**Proton Calendar** is an encrypted calendar service available to Proton members via web or mobile clients. Features include: automatic E2EE of all data, sharing features, import/export functionality, and [more](https://proton.me/support/proton-calendar-guide). Those on the free tier gain access to 3 calendars, whereas paid subscribers can create up to 25 calendars. Extended sharing functionality is also limited to paid subscribers.
 
 [:octicons-home-16: Homepage](https://proton.me/calendar){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://proton.me/support/proton-calendar-guide){ .card-link title=Documentation}
+[:octicons-info-16:](https://proton.me/support/calendar){ .card-link title=Documentation}
 [:octicons-code-16:](https://github.com/ProtonMail/WebClients){ .card-link title="Source Code" }
 
 <details class="downloads" markdown>

docs/cloud.md

@@ -86,6 +86,39 @@ Tresorit has received a number of independent security audits:
 
 They have also received the Digital Trust Label, a certification from the [Swiss Digital Initiative](https://www.efd.admin.ch/efd/en/home/digitalisierung/swiss-digital-initiative.html) which requires passing [35 criteria](https://digitaltrust-label.swiss/criteria) related to security, privacy, and reliability.
 
+## Peergos
+
+<div class="admonition recommendation" markdown>
+
+![Peergos logo](assets/img/cloud/peergos.svg){ align=right }
+
+**Peergos** is a decentralized protocol and open-source platform for storage, social media, and applications. It provides a secure and private space where users can store, share, and view their photos, videos, documents, etc. Peergos secures your files with quantum-resistant end-to-end encryption and ensures all data about your files remains private. It is built on top of [IPFS (InterPlanetary File System)](https://ipfs.tech).
+
+[:octicons-home-16: Homepage](https://peergos.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://peergos.net/privacy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://book.peergos.net){ .card-link title="Documentation" }
+[:octicons-code-16:](https://github.com/Peergos/Peergos){ .card-link title="Source Code" }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:octicons-globe-16: Web](https://peergos.net)
+- [:simple-windows11: Windows](https://github.com/Peergos/web-ui/releases)
+- [:simple-apple: macOS](https://github.com/Peergos/web-ui/releases)
+- [:simple-linux: Linux](https://github.com/Peergos/web-ui/releases)
+
+</details>
+
+</div>
+
+Peergos is primarily a web app, but you can self-host the server either as a local cache for your remote Peergos account, or as a standalone storage server negating the need to register for a remote account and subscription. The Peergos server is a `.jar` file, which means the Java 17+ Runtime Environment ([OpenJDK download](https://azul.com/downloads)) should be installed on your machine to get it working.
+
+Running a local version of Peergos alongside a registered account on their paid, hosted service allows you to access your Peergos storage without any reliance on DNS or TLS certificate authorities, and keep a copy of your data backed up to their cloud. The user experience should be the same whether you run their desktop server or just use their hosted web interface.
+
+Peergos was [audited](https://cure53.de/pentest-report_peergos.pdf) by Cure53 in September 2019, and all found issues were subsequently fixed.
+
+Also, the Android app is not available but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
+
 ## Criteria
 
 **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.

docs/desktop-browsers.md

@@ -94,7 +94,7 @@ Like [Tor Browser](tor.md), Mullvad Browser is designed to prevent fingerprintin
 
 Note that while you can use Mullvad Browser with any VPN provider, other people on that VPN must also be using Mullvad Browser for this "crowd" to exist, something which is more likely on Mullvad VPN compared to other providers, particularly this close to the launch of Mullvad Browser. Mullvad Browser does not have built-in VPN connectivity, nor does it check whether you are using a VPN before browsing; your VPN connection has to be configured and managed separately.
 
-Mullvad Browser comes with the *uBlock Origin* and *NoScript* browser extensions pre-installed. While we typically [don't recommend](#extensions) adding *additional* browser extensions, these extensions that come pre-installed with the browser should **not** be removed or configured outside their default values, because doing so would noticeably make your browser fingerprint distinct from other Mullvad Browser users. It also comes pre-installed with the Mullvad Browser Extension, which *can* be safely removed without impacting your browser fingerprint if you would like, but is also safe to keep even if you don't use Mullvad VPN.
+Mullvad Browser comes with the *uBlock Origin* and *NoScript* browser extensions pre-installed. While we typically discourage adding *additional* [browser extensions](browser-extensions.md), these extensions that come pre-installed with the browser should **not** be removed or configured outside their default values, because doing so would noticeably make your browser fingerprint distinct from other Mullvad Browser users. It also comes pre-installed with the Mullvad Browser Extension, which *can* be safely removed without impacting your browser fingerprint if you would like, but is also safe to keep even if you don't use Mullvad VPN.
 
 ### Private Browsing Mode
 
@@ -104,7 +104,7 @@ This is required to prevent advanced forms of tracking, but does come at the cos
 
 ### Mullvad Leta
 
-Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes preinstalled with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. Mullvad Leta queries Google's paid search API directly (which is why it is limited to paying subscribers), however because of this limitation it is possible for Mullvad to correlate search queries and Mullvad VPN accounts. For this reason we discourage the use of Mullvad Leta, even though Mullvad collects very little information about their VPN subscribers.
+Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes preinstalled with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. Mullvad Leta queries Google's paid search API directly, which is why it is limited to paying subscribers. However, it is possible for Mullvad to correlate search queries and Mullvad VPN accounts because of this limitation. For this reason we discourage the use of Mullvad Leta, even though Mullvad collects very little information about their VPN subscribers.
 
 ## Firefox
 
@@ -116,7 +116,7 @@ Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-
 
 [:octicons-home-16: Homepage](https://firefox.com){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://mozilla.org/privacy/firefox){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://firefox-source-docs.mozilla.org){ .card-link title=Documentation}
+[:octicons-info-16:](https://support.mozilla.org/products/firefox){ .card-link title=Documentation}
 [:octicons-code-16:](https://hg.mozilla.org/mozilla-central){ .card-link title="Source Code" }
 [:octicons-heart-16:](https://donate.mozilla.org){ .card-link title=Contribute }
 
@@ -135,7 +135,7 @@ Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-
 <div class="admonition warning" markdown>
 <p class="admonition-title">Warning</p>
 
-Firefox includes a unique [download token](https://bugzilla.mozilla.org/show_bug.cgi?id=1677497#c0) in downloads from Mozilla's website and uses telemetry in Firefox to send the token. The token is **not** included in releases from the [Mozilla FTP](https://ftp.mozilla.org/pub/firefox/releases).
+Firefox includes a unique [download token](https://bugzilla.mozilla.org/show_bug.cgi?id=1677497#c0) in downloads from Mozilla's website and uses telemetry in Firefox to send the token. The token is **not** included in releases from the [Mozilla FTP](https://ftp.mozilla.org/pub/firefox/releases/).
 
 </div>
 
@@ -145,12 +145,19 @@ These options can be found in :material-menu: → **Settings**
 
 #### Search
 
-- [ ] Uncheck **Provide search suggestions**
+- [ ] Uncheck **Show search suggestions**
 
 Search suggestion features may not be available in your region.
 
 Search suggestions send everything you type in the address bar to the default search engine, regardless of whether you submit an actual search. Disabling search suggestions allows you to more precisely control what data you send to your search engine provider.
 
+##### Firefox Suggest (US only)
+
+[Firefox Suggest](https://support.mozilla.org/kb/firefox-suggest) is a feature similar to search suggestions which is only available in the US. We recommend disabling it for the same reason we recommend disabling search suggestions. If you don't see these options under the **Address Bar** header, you do not have the new experience and can ignore these changes.
+
+- [ ] Uncheck **Suggestions from Firefox**
+- [ ] Uncheck **Suggestions from sponsors**
+
 #### Privacy & Security
 
 ##### Enhanced Tracking Protection
@@ -159,13 +166,6 @@ Search suggestions send everything you type in the address bar to the default se
 
 This protects you by blocking social media trackers, fingerprinting scripts (note that this does not protect you from *all* fingerprinting), cryptominers, cross-site tracking cookies, and some other tracking content. ETP protects against many common threats, but it does not block all tracking avenues because it is designed to have minimal to no impact on site usability.
 
-##### Firefox Suggest (US only)
-
-[Firefox Suggest](https://support.mozilla.org/kb/firefox-suggest) is a feature similar to search suggestions which is only available in the US. We recommend disabling it for the same reason we recommend disabling search suggestions. If you don't see these options under the **Address Bar** header, you do not have the new experience and can ignore these changes.
-
-- [ ] Uncheck **Suggestions from the web**
-- [ ] Uncheck **Suggestions from sponsors**
-
 ##### Sanitize on Close
 
 If you want to stay logged in to particular sites, you can allow exceptions in **Cookies and Site Data** → **Manage Exceptions...**
@@ -182,7 +182,7 @@ This protects you from persistent cookies, but does not protect you against cook
 
 > Firefox sends data about your Firefox version and language; device operating system and hardware configuration; memory, basic information about crashes and errors; outcome of automated processes like updates, safebrowsing, and activation to us. When Firefox sends data to us, your IP address is temporarily collected as part of our server logs.
 
-Additionally, the Firefox Accounts service collects [some technical data](https://mozilla.org/privacy/firefox/#firefox-accounts). If you use a Firefox Account you can opt-out:
+Additionally, the Mozilla Accounts service collects [some technical data](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt-out:
 
 1. Open your [profile settings on accounts.firefox.com](https://accounts.firefox.com/settings#data-collection)
 2. Uncheck **Data Collection and Use** > **Help improve Firefox Accounts**
@@ -288,7 +288,7 @@ Brave allows you to select additional content filters within the internal `brave
 
 </div>
 
-1. This option provides functionality similar to uBlock Origin's advanced [blocking modes](https://github.com/gorhill/uBlock/wiki/Blocking-mode) or the [NoScript](https://noscript.net) extension.
+1. This option provides functionality similar to uBlock Origin's advanced [blocking modes](https://github.com/gorhill/uBlock/wiki/Blocking-mode).
 2. If you wish to stay logged in to a particular site you visit often, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar.
 
 ##### Privacy and security
@@ -351,76 +351,6 @@ Brave's Web3 features can potentially add to your browser fingerprint and attack
 
 ## Additional Resources
 
-In general, we recommend keeping your browser extensions to a minimum to decrease your attack surface; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. However, uBlock Origin may prove useful if you value content blocking functionality.
-
-### uBlock Origin
-
-<div class="admonition recommendation" markdown>
-
-![uBlock Origin logo](assets/img/browsers/ublock_origin.svg){ align=right }
-
-**uBlock Origin** is a popular content blocker that could help you block ads, trackers, and fingerprinting scripts.
-
-[:octicons-repo-16: Repository](https://github.com/gorhill/uBlock#readme){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://github.com/gorhill/uBlock/wiki/Privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://github.com/gorhill/uBlock/wiki){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/gorhill/uBlock){ .card-link title="Source Code" }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/ublock-origin)
-- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm)
-- [:simple-microsoftedge: Edge](https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak)
-
-</details>
-
-</div>
-
-We suggest following the [developer's documentation](https://github.com/gorhill/uBlock/wiki/Blocking-mode) and picking one of the "modes". Additional filter lists can impact performance and [may increase attack surface](https://portswigger.net/research/ublock-i-exfiltrate-exploiting-ad-blockers-with-css).
-
-These are some other [filter lists](https://github.com/gorhill/uBlock/wiki/Dashboard:-Filter-lists) that you may want to consider adding:
-
-- [x] Check **Privacy** > **AdGuard URL Tracking Protection**
-- Add [Actually Legitimate URL Shortener Tool](https://raw.githubusercontent.com/DandelionSprout/adfilt/master/LegitimateURLShortener.txt)
-
-### uBlock Origin Lite
-
-uBlock Origin also has a "Lite" version of their extension, which offers a very limited feature-set compared to the original extension. However, it has a few distinct advantages over its full-fledged sibling, so you may want to consider it if...
-
-- ...you don't want to grant full "read/modify website data" permissions to any extensions (even a trusted one like uBlock Origin)
-- ...you want a more resource (memory/CPU) efficient content blocker[^1]
-- ...your browser only supports Manifest V3 extensions
-
-<div class="admonition recommendation" markdown>
-
-![uBlock Origin Lite logo](assets/img/browsers/ublock_origin_lite.svg){ align=right }
-
-**uBlock Origin Lite** is a Manifest V3 compatible content blocker. Compared to the original *uBlock Origin*, this extension does not require broad "read/modify data" permissions to function.
-
-[:octicons-repo-16: Repository](https://github.com/uBlockOrigin/uBOL-home#readme){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://github.com/gorhill/uBlock/wiki/Privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://github.com/uBlockOrigin/uBOL-home/wiki){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/gorhill/uBlock/tree/master/platform/mv3){ .card-link title="Source Code" }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/addon/ublock-origin-lite)
-- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/ublock-origin-lite/ddkjiahejlhfcafbddmgiahcphecmpfh)
-
-</details>
-
-</div>
-
-We only recommend this version of uBlock Origin if you never want to make any changes to your filter lists, because it only supports a few pre-selected lists and offers no additional customization options, including the ability to select elements to block manually. These restrictions are due to limitations in Manifest V3's design.
-
-This version offers three levels of blocking: "Basic" works without requiring any special privileges to view and modify site content, while the "Optimal" and "Complete" levels do require that broad permission, but offer a better filtering experience with additional cosmetic rules and scriptlet injections.
-
-If you set the default filtering mode to "Optimal" or "Complete" the extension will request read/modify access to **all** websites you visit. However, you also have the option to change the setting to "Optimal" or "Complete" on a **per-site** basis by adjusting the slider in the extension's pop-up panel on any given site. When you do so, the extension will request read/modify access to that site only. Therefore, if you want to take advantage of uBlock Origin Lite's "permission-less" configuration, you should probably leave the default setting as "Basic" and only adjust it higher on sites where that level is not adequate.
-
-uBlock Origin Lite only receives block list updates whenever the extension is updated from your browser's extension marketplace, as opposed to on demand. This means that you may miss out on new threats being blocked for weeks until a full extension release is published.
-
 ## Criteria
 
 **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
@@ -433,7 +363,7 @@ uBlock Origin Lite only receives block list updates whenever the extension is up
 - Available on Linux, macOS, and Windows.
 - Any changes required to make the browser more privacy-respecting should not negatively impact user experience.
 - Blocks third-party cookies by default.
-- Supports [state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning) to mitigate cross-site tracking.[^2]
+- Supports [state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning) to mitigate cross-site tracking.[^1]
 
 ### Best-Case
 
@@ -448,10 +378,4 @@ Our best-case criteria represents what we would like to see from the perfect pro
 - Provides open-source sync server implementation.
 - Defaults to a [private search engine](search-engines.md).
 
-### Extension Criteria
-
-- Must not replicate built-in browser or OS functionality.
-- Must directly impact user privacy, i.e. must not simply provide information.
-
-[^1]: uBlock Origin Lite *itself* will consume no resources, because it uses newer APIs which make the browser process the filter lists natively, instead of running JavaScript code within the extension to handle the filtering. However, this resource advantage is only [theoretical](https://github.com/uBlockOrigin/uBOL-home/wiki/Frequently-asked-questions-(FAQ)#is-ubol-more-efficient-cpu--and-memory-wise-than-ubo), because it's possible that standard uBlock Origin's filtering code is more efficient than your browser's native filtering code. This has not yet been benchmarked.
-[^2]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state).
+[^1]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state).

docs/desktop.md

@@ -83,6 +83,7 @@ A large portion of [Arch Linux’s packages](https://reproducible.archlinux.org)
 **Fedora Atomic Desktops** are variants of Fedora which use the `rpm-ostree` package manager and have a strong focus on containerized workflows and Flatpak for desktop applications. All of these variants follow the same release schedule as Fedora Workstation, benefiting from the same fast updates and staying very close to upstream.
 
 [:octicons-home-16: Homepage](https://fedoraproject.org/atomic-desktops){ .md-button .md-button--primary }
+[:octicons-info-16:](https://docs.fedoraproject.org/en-US/emerging){ .card-link title=Documentation}
 [:octicons-heart-16:](https://whatcanidoforfedora.org){ .card-link title=Contribute }
 
 </details>
@@ -175,7 +176,7 @@ Tails [doesn't erase](https://gitlab.tails.boum.org/tails/tails/-/issues/5356) t
 
 Tails is great for counter forensics due to amnesia (meaning nothing is written to the disk); however, it is not a hardened distribution like Whonix. It lacks many anonymity and security features that Whonix has and gets updated much less often (only once every six weeks). A Tails system that is compromised by malware may potentially bypass the transparent proxy allowing for the user to be deanonymized.
 
-Tails includes [uBlock Origin](desktop-browsers.md#ublock-origin) in Tor Browser by default, which may potentially make it easier for adversaries to fingerprint Tails users. [Whonix](desktop.md#whonix) virtual machines may be more leak-proof, however they are not amnesic, meaning data may be recovered from your storage device.
+Tails includes [uBlock Origin](browser-extensions.md#ublock-origin) in Tor Browser by default, which may potentially make it easier for adversaries to fingerprint Tails users. [Whonix](desktop.md#whonix) virtual machines may be more leak-proof, however they are not amnesic, meaning data may be recovered from your storage device.
 
 By design, Tails is meant to completely reset itself after each reboot. Encrypted [persistent storage](https://tails.net/doc/persistent_storage/index.en.html) can be configured to store some data between reboots.
 

docs/dns.md

@@ -20,7 +20,7 @@ These are our favorite public DNS resolvers based on their privacy and security
 | [**AdGuard Public DNS**](https://adguard-dns.io/en/public-dns.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Cleartext   DoH/3   DoT   DoQ   DNSCrypt | Some[^1] | Anonymized | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS) | Yes [:octicons-link-external-24:](https://adguard.com/en/blog/encrypted-dns-ios-14.html) |
 | [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setup) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver) | Cleartext   DoH/3   DoT | Some[^2] | No | Based on server choice. | No [:octicons-link-external-24:](https://community.cloudflare.com/t/requesting-1-1-1-1-signed-profiles-for-apple/571846) |
 | [**Control D Free DNS**](https://controld.com/free-dns) | [:octicons-link-external-24:](https://controld.com/privacy) | Cleartext   DoH/3   DoT   DoQ | Optional[^3] | No | Based on server choice. | Yes [:octicons-link-external-24:](https://docs.controld.com/docs/macos-platform) |
-| [**dns0.eu**](https://dns0.eu) | [:octicons-link-external-24:](https://dns0.eu/privacy) | Cleartext   DoH/3   DoH   DoT   DoQ | No | Anonymized | Based on server choice. | Yes [:octicons-link-external-24:](https://www.dns0.eu/zero.dns0.eu.mobileconfig) |
+| [**dns0.eu**](https://dns0.eu) | [:octicons-link-external-24:](https://dns0.eu/privacy) | Cleartext   DoH/3   DoH   DoT   DoQ | No | Anonymized | Based on server choice. | Yes [:octicons-link-external-24:](https://dns0.eu/zero.dns0.eu.mobileconfig) |
 | [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy) | DoH   DoT | No[^4] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) | Yes [:octicons-link-external-24:](https://mullvad.net/en/blog/profiles-to-configure-our-encrypted-dns-on-apple-devices) |
 | [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy) | Cleartext   DoH   DoT   DNSCrypt | Some[^5] | Optional | Based on server choice, malware blocking by default. | Yes [:octicons-link-external-24:](https://quad9.net/news/blog/ios-mobile-provisioning-profiles) |
 

docs/email-aliasing.md

@@ -8,8 +8,8 @@ An email aliasing service allows you to easily generate a new email address for
 
 <div class="grid cards" markdown>
 
-- ![addy.io logo](assets/img/email-aliasing/addy.svg){ .twemoji } [addy.io](email.md#addyio)
-- ![SimpleLogin logo](assets/img/email-aliasing/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin)
+- ![addy.io logo](assets/img/email-aliasing/addy.svg){ .twemoji } [addy.io](email-aliasing.md#addyio)
+- ![SimpleLogin logo](assets/img/email-aliasing/simplelogin.svg){ .twemoji } [SimpleLogin](email-aliasing.md#simplelogin)
 
 </div>
 
@@ -24,7 +24,7 @@ They also have a number of benefits over "temporary email" services:
 
 - Aliases are permanent and can be turned on again if you need to receive something like a password reset.
 - Emails are sent to your trusted mailbox rather than stored by the alias provider.
-- Temporary email services typically have public mailboxes which can be accessed by anyone who knows the address, aliases are private to you.
+- Temporary email services typically have public mailboxes which can be accessed by anyone who knows the address, while aliases are private to you.
 
 Our email aliasing recommendations are providers that allow you to create aliases on domains they control, as well as your own custom domain(s) for a modest yearly fee. They can also be self-hosted if you want maximum control. However, using a custom domain can have privacy-related drawbacks: If you are the only person using your custom domain, your actions can be easily tracked across websites simply by looking at the domain name in the email address and ignoring everything before the at (@) sign.
 
@@ -40,7 +40,7 @@ Using an aliasing service requires trusting both your email provider and your al
 
 [:octicons-home-16: Homepage](https://addy.io){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://addy.io/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://app.addy.io/docs){ .card-link title=Documentation}
+[:octicons-info-16:](https://addy.io/faq){ .card-link title=Documentation}
 [:octicons-code-16:](https://github.com/anonaddy){ .card-link title="Source Code" }
 [:octicons-heart-16:](https://addy.io/donate){ .card-link title=Contribute }
 
@@ -56,7 +56,7 @@ Using an aliasing service requires trusting both your email provider and your al
 
 </div>
 
-The number of shared aliases (which end in a shared domain like @addy.io) that you can create is limited to 10 on addy.io's free plan, 50 on their $1/month plan and unlimited on the $4/month plan (billed $3 for a year). You can create unlimited standard aliases (which end in a domain like @[username].addy.io or a custom domain on paid plans), however, as previously mentioned, this can be detrimental to privacy because people can trivially tie your standard aliases together based on the domain name alone. They are useful where a shared domain might be blocked by a service. Securitum [audited](https://addy.io/blog/addy-io-passes-independent-security-audit) addy.io in September 2023 and no significant vulnerabilities [were identified](https://addy.io/addy-io-security-audit.pdf).
+The number of shared aliases (which end in a shared domain like @addy.io) that you can create is limited to 10 on addy.io's free plan, 50 on their $1/month plan and unlimited on the $4/month plan (billed $3 for a year). You can create unlimited standard aliases which end in a domain like @[username].addy.io or a custom domain on paid plans. However, as previously mentioned, this can be detrimental to privacy because people can trivially tie your standard aliases together based on the domain name alone. They are useful where a shared domain might be blocked by a service. Securitum [audited](https://addy.io/blog/addy-io-passes-independent-security-audit) addy.io in September 2023 and no significant vulnerabilities [were identified](https://addy.io/addy-io-security-audit.pdf).
 
 Notable free features:
 

docs/email-clients.md

@@ -9,7 +9,7 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
 <details class="warning" markdown>
 <summary>Email does not provide forward secrecy</summary>
 
-When using end-to-end encryption (E2EE) technology like OpenPGP, email will still have [some metadata](email.md#email-metadata-overview) that is not encrypted in the header of the email.
+When using end-to-end encryption (E2EE) technology like OpenPGP, email will still have [some metadata](basics/email-security.md#email-metadata-overview) that is not encrypted in the header of the email.
 
 OpenPGP also does not support [forward secrecy](https://en.wikipedia.org/wiki/Forward_secrecy), which means if either your or the recipient's private key is ever stolen, all previous messages encrypted with it will be exposed: [How do I protect my private keys?](basics/email-security.md) Consider using a medium that provides forward secrecy:
 
@@ -61,7 +61,7 @@ These options can be found in :material-menu: → **Settings** → **Privacy & S
 
 #### Thunderbird-user.js (advanced)
 
-[`thunderbird-user.js`](https://github.com/HorlogeSkynet/thunderbird-user.js), is a set of configurations options that aims to disable as many of the web-browsing features within Thunderbird as possible in order to reduce surface area and maintain privacy. Some of the changes are backported from the [Arkenfox project](https://github.com/arkenfox/user.js).
+[`thunderbird-user.js`](https://github.com/HorlogeSkynet/thunderbird-user.js) is a set of configurations options that aims to disable as many of the web-browsing features within Thunderbird as possible in order to reduce attack surface and maintain privacy. Some of the changes are backported from the [Arkenfox project](https://github.com/arkenfox/user.js).
 
 ## Platform Specific
 
@@ -93,7 +93,7 @@ Apple Mail has the ability to load remote content in the background or block it
 
 [:octicons-home-16: Homepage](https://canarymail.io){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://canarymail.io/privacy.html){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://canarymail.zendesk.com){ .card-link title=Documentation}
+[:octicons-info-16:](https://canarymail.io/help){ .card-link title=Documentation}
 
 <details class="downloads" markdown>
 <summary>Downloads</summary>

docs/email.md

@@ -71,7 +71,7 @@ OpenPGP also does not support Forward secrecy, which means if either your or the
 
 Free accounts have some limitations, such as not being able to search body text and not having access to [Proton Mail Bridge](https://proton.me/mail/bridge), which is required to use a [recommended desktop email client](email-clients.md) (e.g. Thunderbird). Paid accounts include features like Proton Mail Bridge, additional storage, and custom domain support. A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton Mail's apps on 9th November 2021 by [Securitum](https://research.securitum.com).
 
-If you have the Proton Unlimited, Business, or Visionary Plan, you also get [SimpleLogin](email-aliasing.md#simplelogin) Premium for free.
+If you have the Proton Unlimited, Business, Family, or Visionary Plan, you also get [SimpleLogin](email-aliasing.md#simplelogin) Premium for free.
 
 Proton Mail has internal crash reports that they **do not** share with third parties. This can be disabled in: **Settings** > **Go to Settings** > **Account** > **Security and privacy** > **Send crash reports**.
 
@@ -136,7 +136,7 @@ Mailbox.org lets you use your own domain, and they support [catch-all](https://k
 
 #### :material-check:{ .pg-green } Private Payment Methods
 
-Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung.
+Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung.
 
 #### :material-check:{ .pg-green } Account Security
 
@@ -156,7 +156,7 @@ Mailbox.org also supports the discovery of public keys via HTTP from their [Web
 
 #### :material-information-outline:{ .pg-blue } Account Termination
 
-Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract).
+Your account will be set to a restricted user account when your contract ends. It will be irrevocably deleted after [30 days](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract).
 
 #### :material-information-outline:{ .pg-blue } Additional Functionality
 
@@ -186,7 +186,7 @@ These providers store your emails with zero-knowledge encryption, making them gr
 
 [:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://tuta.com/faq){ .card-link title=Documentation}
+[:octicons-info-16:](https://tuta.com/support){ .card-link title=Documentation}
 [:octicons-code-16:](https://github.com/tutao/tutanota){ .card-link title="Source Code" }
 [:octicons-heart-16:](https://tuta.com/community){ .card-link title=Contribute }
 
@@ -205,11 +205,11 @@ These providers store your emails with zero-knowledge encryption, making them gr
 
 </div>
 
-Tuta doesn't support the [IMAP protocol](https://tuta.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tuta app. [Email import](https://github.com/tutao/tutanota/issues/630) is not currently supported either, though this is [due to be changed](https://tuta.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tuta.com/howto#generalMail) per folder, which may be inconvenient if you have many folders.
+Tuta doesn't support the [IMAP protocol](https://tuta.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tuta app. [Email import](https://github.com/tutao/tutanota/issues/630) is not currently supported either, though this is [due to be changed](https://tuta.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tuta.com/support#generalMail) per folder, which may be inconvenient if you have many folders.
 
 #### :material-check:{ .pg-green } Custom Domains and Aliases
 
-Paid Tuta accounts can use either 15 or 30 aliases depending on their plan and unlimited aliases on [custom domains](https://tuta.com/faq#custom-domain). Tuta doesn't allow for [sub-addressing (plus addresses)](https://tuta.com/faq#plus), but you can use a [catch-all](https://tuta.com/howto#settings-global) with a custom domain.
+Paid Tuta accounts can use either 15 or 30 aliases depending on their plan and unlimited aliases on [custom domains](https://tuta.com/support#custom-domain). Tuta doesn't allow for [sub-addressing (plus addresses)](https://tuta.com/support#plus), but you can use a [catch-all](https://tuta.com/support#settings-global) with a custom domain.
 
 #### :material-information-outline:{ .pg-blue } Private Payment Methods
 
@@ -217,11 +217,11 @@ Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cry
 
 #### :material-check:{ .pg-green } Account Security
 
-Tuta supports [two factor authentication](https://tuta.com/faq#2fa) with either TOTP or U2F.
+Tuta supports [two factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
 
 #### :material-check:{ .pg-green } Data Security
 
-Tuta has [zero access encryption at rest](https://tuta.com/faq#what-encrypted) for your emails, [address book contacts](https://tuta.com/faq#encrypted-address-book), and [calendars](https://tuta.com/faq#calendar). This means the messages and other data stored in your account are only readable by you.
+Tuta has [zero access encryption at rest](https://tuta.com/support#what-encrypted) for your emails, [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar). This means the messages and other data stored in your account are only readable by you.
 
 #### :material-information-outline:{ .pg-blue } Email Encryption
 
@@ -229,14 +229,12 @@ Tuta [does not use OpenPGP](https://tuta.com/support/#pgp). Tuta accounts can on
 
 #### :material-information-outline:{ .pg-blue } Account Termination
 
-Tuta will [delete inactive free accounts](https://tuta.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay.
+Tuta will [delete inactive free accounts](https://tuta.com/support#inactive-accounts) after six months. You can reuse a deactivated free account if you pay.
 
 #### :material-information-outline:{ .pg-blue } Additional Functionality
 
 Tuta offers the business version of [Tuta to non-profit organizations](https://tuta.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount.
 
-Tuta also has a business feature called [Secure Connect](https://tuta.com/secure-connect). This ensures customer contact to the business uses E2EE. The feature costs €240/y.
-
 Tuta doesn't offer a digital legacy feature.
 
 ## Self-Hosting Email
@@ -277,7 +275,7 @@ For a more manual approach we've picked out these two articles:
 
 ## Criteria
 
-**Please note we are not affiliated with any of the providers we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements for any Email provider wishing to be recommended, including implementing industry best practices, modern technology and more. We suggest you familiarize yourself with this list before choosing an Email provider, and conduct your own research to ensure the Email provider you choose is the right choice for you.
+**Please note we are not affiliated with any of the providers we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements for any email provider wishing to be recommended, including implementing industry best practices, modern technology and more. We suggest you familiarize yourself with this list before choosing an email provider, and conduct your own research to ensure the email provider you choose is the right choice for you.
 
 ### Technology
 

docs/frontends.md

@@ -122,10 +122,11 @@ By default, Yattee blocks all YouTube advertisements. In addition, Yattee option
 
 LibreTube allows you to store your subscription list and playlists locally on your Android device, or to an account on your Piped instance of choice, which allows you to access them seamlessly on other devices as well.
 
-[:octicons-home-16: Homepage](https://libre-tube.github.io){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://github.com/libre-tube/LibreTube#privacy-policy-and-disclaimer){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://github.com/libre-tube/LibreTube#readme){ .card-link title=Documentation}
+[:octicons-home-16: Homepage](https://libretube.dev){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://github.com/libre-tube/LibreTube/blob/master/PRIVACY_POLICY.md){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://libretube.dev/#faq){ .card-link title=Documentation}
 [:octicons-code-16:](https://github.com/libre-tube/LibreTube){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://github.com/libre-tube/LibreTube#donate){ .card-link title=Contribute }
 
 <details class="downloads" markdown>
 <summary>Downloads</summary>
@@ -143,7 +144,7 @@ When using LibreTube, your IP address will be visible to the [Piped](https://git
 
 </div>
 
-By default, LibreTube blocks all YouTube advertisements. Additionally, Libretube uses [SponsorBlock](https://sponsor.ajay.app) to help you skip sponsored video segments. You are able to fully configure the types of segments that SponsorBlock will skip, or disable it completely. There is also a button on the video player itself to disable it for a specific video if desired.
+By default, LibreTube blocks all YouTube advertisements. Additionally, LibreTube uses [SponsorBlock](https://sponsor.ajay.app) to help you skip sponsored video segments. You are able to fully configure the types of segments that SponsorBlock will skip, or disable it completely. There is also a button on the video player itself to disable it for a specific video if desired.
 
 ### NewPipe (Android)
 
@@ -157,7 +158,7 @@ Your subscription list and playlists are saved locally on your Android device.
 
 [:octicons-home-16: Homepage](https://newpipe.net){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://newpipe.net/legal/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://teamnewpipe.github.io/documentation){ .card-link title=Documentation}
+[:octicons-info-16:](https://newpipe.net/FAQ){ .card-link title=Documentation}
 [:octicons-code-16:](https://github.com/TeamNewPipe/NewPipe){ .card-link title="Source Code" }
 [:octicons-heart-16:](https://newpipe.net/donate){ .card-link title=Contribute }
 
@@ -225,8 +226,8 @@ Invidious is useful if you want to disable JavaScript in your browser, such as [
 Piped requires JavaScript in order to function and there are a number of public instances.
 
 [:octicons-repo-16: Repository](https://github.com/TeamPiped/Piped){ .md-button .md-button--primary }
-[:octicons-server-16:](https://piped.kavin.rocks/preferences#ddlInstanceSelection){ .card-link title="Public Instances"}
-[:octicons-info-16:](https://piped-docs.kavin.rocks){ .card-link title=Documentation}
+[:octicons-server-16:](https://github.com/TeamPiped/Piped/wiki/Instances){ .card-link title="Public Instances"}
+[:octicons-info-16:](https://docs.piped.video/docs){ .card-link title=Documentation}
 [:octicons-code-16:](https://github.com/TeamPiped/Piped){ .card-link title="Source Code" }
 [:octicons-heart-16:](https://github.com/TeamPiped/Piped#donations){ .card-link title=Contribute }
 

docs/index.md

@@ -1,6 +1,6 @@
 ---
 meta_title: "Privacy Guides: Your Independent Privacy and Security Resource"
-template: overrides/home.en.html
+template: home.html
 social:
   cards_layout: home
 hide:
@@ -56,17 +56,3 @@ Trying to protect all your data from everyone all the time is impractical, expen
 ==This process of identifying threats and defining countermeasures is called **threat modeling**==, and it forms the basis of every good security and privacy plan.
 
 [:material-book-outline: Learn More About Threat Modeling](basics/threat-modeling.md){ class="md-button md-button--primary" }
-
----
-
-## We need you! Here's how to get involved:
-
-[:simple-discourse:](https://discuss.privacyguides.net){ title="Join our Forum" }
-[:simple-mastodon:](https://mastodon.neat.computer/@privacyguides){ rel=me title="Follow us on Mastodon" }
-[:material-book-edit:](https://github.com/privacyguides/privacyguides.org){ title="Contribute to this website" }
-[:material-translate:](https://matrix.to/#/#pg-i18n:aragon.sh){ title="Help translate this website" }
-[:simple-matrix:](https://matrix.to/#/#privacyguides:matrix.org){ title="Chat with us on Matrix" }
-[:material-information-outline:](about/index.md){ title="Learn more about us" }
-[:material-hand-coin-outline:](about/donate.md){ title="Support the project" }
-
-It's important for a website like Privacy Guides to always stay up-to-date. We need our audience to keep an eye on software updates for the applications listed on our site and follow recent news about providers that we recommend. It's hard to keep up with the fast pace of the internet, but we try our best. If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know.

docs/mobile-browsers.md

@@ -150,7 +150,7 @@ On iOS, any app that can browse the web is [restricted](https://developer.apple.
 
 </div>
 
-#### Recommended Firefox Configuration
+#### Recommended Safari Configuration
 
 These options can be found in :gear: **Settings** → **Safari**
 
@@ -208,32 +208,6 @@ You can enable E2EE for your Safari bookmarks and downloads by enabling [Advance
 
 If you use iCloud with Advanced Data Protection disabled, we also recommend checking to ensure Safari's default download location is set to locally on your device. This option can be found in :gear: **Settings** → **Safari** → **General** → **Downloads**.
 
-### AdGuard
-
-<div class="admonition recommendation" markdown>
-
-![AdGuard logo](assets/img/browsers/adguard.svg){ align=right }
-
-**AdGuard for iOS** is a free and open-source content-blocking extension for Safari that uses the native [Content Blocker API](https://developer.apple.com/documentation/safariservices/creating_a_content_blocker).
-
-AdGuard for iOS has some premium features; however, standard Safari content blocking is free of charge.
-
-[:octicons-home-16: Homepage](https://adguard.com/en/adguard-ios/overview.html){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://adguard.com/privacy/ios.html){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://kb.adguard.com/ios){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/AdguardTeam/AdguardForiOS){ .card-link title="Source Code" }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-appstore: App Store](https://apps.apple.com/app/id1047223162)
-
-</details>
-
-</div>
-
-Additional filter lists do slow things down and may increase your attack surface, so only apply what you need.
-
 ## Criteria
 
 **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
@@ -246,8 +220,3 @@ Additional filter lists do slow things down and may increase your attack surface
 - Android browsers must use the Chromium engine.
     - Unfortunately, Mozilla GeckoView is still less secure than Chromium on Android.
     - iOS browsers are limited to WebKit.
-
-### Extension Criteria
-
-- Must not replicate built-in browser or OS functionality.
-- Must directly impact user privacy, i.e. must not simply provide information.

docs/passwords.md

@@ -337,17 +337,13 @@ KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-se
 
 Additionally, there is an offline-only version offered: [Strongbox Zero](https://apps.apple.com/app/id1581589638). This version is stripped down in an attempt to reduce attack surface.
 
-### Command-line
-
-These products are minimal password managers that can be used within scripting applications.
-
-#### gopass
+### gopass (CLI)
 
 <div class="admonition recommendation" markdown>
 
 ![gopass logo](assets/img/password-management/gopass.svg){ align=right }
 
-**gopass** is a password manager for the command line written in Go. It works on all major desktop and server operating systems (Linux, macOS, BSD, Windows).
+**gopass** is a minimal password manager for the command line written in Go. It can be used within scripting applications and works on all major desktop and server operating systems (Linux, macOS, BSD, Windows).
 
 [:octicons-home-16: Homepage](https://gopass.pw){ .md-button .md-button--primary }
 [:octicons-info-16:](https://github.com/gopasspw/gopass/tree/master/docs){ .card-link title=Documentation}

docs/search-engines.md

@@ -89,6 +89,7 @@ When you are using a SearXNG instance, be sure to go read their privacy policy.
 **Startpage** is a private search engine known for serving [Google and Bing](https://support.startpage.com/hc/articles/4522435533844-What-is-the-relationship-between-Startpage-and-your-search-partners-like-Google-and-Microsoft-Bing) search results.  One of Startpage's unique features is the [Anonymous View](https://startpage.com/en/anonymous-view), which puts forth efforts to standardize user activity to make it more difficult to be uniquely identified. The feature can be useful for hiding [some](https://support.startpage.com/hc/articles/4455540212116-The-Anonymous-View-Proxy-technical-details) network and browser properties. Unlike the name suggests, the feature should not be relied upon for anonymity. If you are looking for anonymity, use the [Tor Browser](tor.md#tor-browser) instead.
 
 [:octicons-home-16: Homepage](https://startpage.com){ .md-button .md-button--primary }
+[:simple-torbrowser:](http://startpagel6srwcjlue4zgq3zevrujfaow726kjytqbbjyrswwmjzcqd.onion){ .card-link title="Onion Service" }
 [:octicons-eye-16:](https://startpage.com/en/privacy-policy){ .card-link title="Privacy Policy" }
 [:octicons-info-16:](https://support.startpage.com/hc/categories/4481917470356-Startpage-Search-Engine){ .card-link title=Documentation}
 
@@ -96,16 +97,11 @@ When you are using a SearXNG instance, be sure to go read their privacy policy.
 
 </div>
 
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warning</p>
-
-Startpage regularly limits service access to certain IP addresses, such as IPs reserved for VPNs or Tor. [DuckDuckGo](#duckduckgo) and [Brave Search](#brave-search) are friendlier options if your threat model requires hiding your IP address from the search provider.
-
-</div>
-
 Startpage is based in the Netherlands. According to their [privacy policy](https://startpage.com/en/privacy-policy), they log details such as: operating system, type of browser, and language. They do not log your IP address, search queries, or other personally identifying information.
 
-Startpage's majority shareholder is System1 who is an adtech company. We don't believe that to be an issue as they have a distinctly separate [privacy policy](https://system1.com/terms/privacy-policy). The Privacy Guides team reached out to Startpage [back in 2020](https://web.archive.org/web/20210118031008/https://blog.privacytools.io/relisting-startpage) to clear up any concerns with System1's sizeable investment into the service. We were satisfied with the answers we received.
+Startpage's majority shareholder is System1 who is an adtech company. We don't believe that to be an issue as they have a distinctly separate [privacy policy](https://system1.com/terms/privacy-policy). The Privacy Guides team reached out to Startpage [back in 2020](https://blog.privacyguides.org/2020/05/03/relisting-startpage/) to clear up any concerns with System1's sizeable investment into the service, and we were satisfied with the answers we received.
+
+Startpage previously placed limitations on VPN and [Tor](tor.md) users, but they recently created an [official](https://support.startpage.com/hc/en-us/articles/24786602537364-Startpage-s-Tor-onion-service) Tor hidden service, and as of April 2024 we have no longer noticed extra roadblocks for Tor or [VPN](vpn.md) users.
 
 ## Criteria
 

docs/tools.md

@@ -40,17 +40,6 @@ For more details about each project, why they were chosen, and additional tips o
 
 [Learn more :material-arrow-right-drop-circle:](desktop-browsers.md)
 
-### Additional Resources
-
-<div class="grid cards" markdown>
-
-- ![uBlock Origin logo](assets/img/browsers/ublock_origin.svg){ .twemoji } [uBlock Origin](desktop-browsers.md#ublock-origin)
-- ![uBlock Origin Lite logo](assets/img/browsers/ublock_origin_lite.svg){ .twemoji } [uBlock Origin Lite](desktop-browsers.md#ublock-origin-lite)
-
-</div>
-
-[Learn more :material-arrow-right-drop-circle:](desktop-browsers.md#additional-resources)
-
 ## Mobile Web Browsers
 
 <div class="grid cards" markdown>
@@ -62,16 +51,17 @@ For more details about each project, why they were chosen, and additional tips o
 
 [Learn more :material-arrow-right-drop-circle:](mobile-browsers.md)
 
-<!-- markdownlint-disable-next-line -->
-### Additional Resources
+## Browser Extensions
 
-<div class="grid cards annotate" markdown>
+<div class="grid cards" markdown>
 
-- ![AdGuard logo](assets/img/browsers/adguard.svg){ .twemoji } [AdGuard for iOS](mobile-browsers.md#adguard)
+- ![uBlock Origin logo](assets/img/browsers/ublock_origin.svg){ .twemoji } [uBlock Origin](browser-extensions.md#ublock-origin)
+- ![uBlock Origin Lite logo](assets/img/browsers/ublock_origin_lite.svg){ .twemoji } [uBlock Origin Lite](browser-extensions.md#ublock-origin-lite)
+- ![AdGuard logo](assets/img/browsers/adguard.svg){ .twemoji } [AdGuard for iOS](browser-extensions.md#adguard)
 
 </div>
 
-[Learn more :material-arrow-right-drop-circle:](mobile-browsers.md#adguard)
+[Learn more :material-arrow-right-drop-circle:](browser-extensions.md)
 
 ## Service Providers
 
@@ -81,6 +71,7 @@ For more details about each project, why they were chosen, and additional tips o
 
 - ![Proton Drive logo](assets/img/cloud/protondrive.svg){ .twemoji } [Proton Drive](cloud.md#proton-drive)
 - ![Tresorit logo](assets/img/cloud/tresorit.svg){ .twemoji } [Tresorit](cloud.md#tresorit)
+- ![Peergos logo](assets/img/cloud/peergos.svg){ .twemoji } [Peergos](cloud.md#peergos)
 
 </div>
 

docs/vpn.md

@@ -4,27 +4,19 @@ title: "VPN Services"
 icon: material/vpn
 description: These are the best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you.
 cover: vpn.webp
+global:
+ - [randomize-element, "table tbody"]
 ---
 <!-- markdownlint-disable MD024 -->
 
-If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. We think these providers are a cut above the rest:
-
-<div class="grid cards" markdown>
-
-- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn)
-- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn)
-- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad)
-
-</div>
+If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you.
 
 <div class="admonition danger" markdown>
 <p class="admonition-title">VPNs do not provide anonymity</p>
 
 Using a VPN will **not** keep your browsing habits anonymous, nor will it add additional security to non-secure (HTTP) traffic.
 
-If you are looking for **anonymity**, you should use the Tor Browser.
-
-If you're looking for added **security**, you should always ensure you're connecting to websites using HTTPS. A VPN is not a replacement for good security practices.
+If you are looking for **anonymity**, you should use the Tor Browser. If you're looking for added **security**, you should always ensure you're connecting to websites using HTTPS. A VPN is not a replacement for good security practices.
 
 [Download Tor](https://torproject.org){ .md-button .md-button--primary } [Tor Myths & FAQ](advanced/tor-overview.md){ .md-button }
 
@@ -34,7 +26,13 @@ If you're looking for added **security**, you should always ensure you're connec
 
 ## Recommended Providers
 
-Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#criteria) for more information.
+Our recommended providers use encryption, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#criteria) for more information.
+
+| Provider | Countries | WireGuard | Port Forwarding | IPv6 | Anonymous Payments
+|---|---|---|---|---|---
+| [Proton](#proton-vpn) | 91+ | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Partial Support | :material-alert-outline:{ .pg-orange } | Cash
+| [IVPN](#ivpn) | 37+ | :material-check:{ .pg-green } | :material-alert-outline:{ .pg-orange } | :material-information-outline:{ .pg-blue } Outgoing Only | Monero, Cash
+| [Mullvad](#mullvad) | 41+ | :material-check:{ .pg-green } | :material-alert-outline:{ .pg-orange } | :material-check:{ .pg-green } | Monero, Cash
 
 ### Proton VPN
 
@@ -62,12 +60,12 @@ Our recommended providers use encryption, accept Monero, support WireGuard & Ope
 
 </div>
 
-#### :material-check:{ .pg-green } 88 Countries
+#### :material-check:{ .pg-green } 91 Countries
 
-Proton VPN has [servers in 88 countries](https://protonvpn.com/vpn-servers) [or 5 if you use their free plan](https://protonvpn.com/free-vpn).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
+Proton VPN has [servers in 91 countries](https://protonvpn.com/vpn-servers) or [5](https://protonvpn.com/support/how-to-create-free-vpn-account) if you use their [free plan](https://protonvpn.com/free-vpn/server).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
 { .annotate }
 
-1. Last checked: 2024-03-23
+1. Last checked: 2024-04-02
 
 We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).
 
@@ -89,11 +87,15 @@ Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://wiregua
 
 Proton VPN [recommends](https://protonvpn.com/blog/wireguard) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols) for the protocol is not present in their Linux app.
 
-#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding
+#### :material-alert-outline:{ .pg-orange } No IPv6 Support
+
+Proton VPN's servers are only compatible with IPv4. The Proton VPN applications will block all outgoing IPv6 traffic, so you don't have to worry about your IPv6 address being leaked, but you will not be able to connect to any IPv6-only sites, and you will not be able to connect to Proton VPN from an IPv6-only network.
+
+#### :material-information-outline:{ .pg-info } Remote Port Forwarding
 
 Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy to access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Torrent applications often support NAT-PMP natively.
 
-#### :material-information-outline:{ .pg-orange } Censorship Circumvention
+#### :material-information-outline:{ .pg-blue } Anti-Censorship
 
 Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or Wireguard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
 
@@ -103,11 +105,11 @@ Unfortunately it does not work very well in countries where sophisticated filter
 
 In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/app/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers.
 
-#### :material-information-outline:{ .pg-blue } Additional Functionality
+#### :material-alert-outline:{ .pg-orange } Additional Notes
 
 Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://torproject.org) for this purpose.
 
-#### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs
+##### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs
 
 System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service.
 
@@ -143,7 +145,7 @@ System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-swit
 IVPN has [servers in 37 countries](https://ivpn.net/status).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
 { .annotate }
 
-1. Last checked: 2023-12-21
+1. Last checked: 2024-04-02
 
 We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).
 
@@ -165,11 +167,15 @@ IVPN supports the WireGuard® protocol. [WireGuard](https://wireguard.com) is a
 
 IVPN [recommends](https://ivpn.net/wireguard) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://wireguard.com/install).
 
+#### :material-information-outline:{ .pg-blue } IPv6 Support
+
+IVPN allows you to [connect to services using IPv6](https://ivpn.net/knowledgebase/general/do-you-support-ipv6) but doesn't allow you to connect from a device using an IPv6 address.
+
 #### :material-alert-outline:{ .pg-orange } Remote Port Forwarding
 
 IVPN previously supported port forwarding, but removed the option in [June 2023](https://ivpn.net/blog/gradual-removal-of-port-forwarding). Missing this feature could negatively impact certain applications, especially peer-to-peer applications like torrent clients.
 
-#### :material-check:{ .pg-green } Censorship Circumvention
+#### :material-check:{ .pg-green } Anti-Censorship
 
 IVPN has obfuscation modes using the [v2ray](https://v2ray.com/en/index.html) project which helps in situations where VPN protocols like OpenVPN or Wireguard are blocked. Currently this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
 
@@ -177,7 +183,7 @@ IVPN has obfuscation modes using the [v2ray](https://v2ray.com/en/index.html) pr
 
 In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/app/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers.
 
-#### :material-information-outline:{ .pg-blue } Additional Functionality
+#### :material-information-outline:{ .pg-blue } Additional Notes
 
 IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
 
@@ -214,7 +220,7 @@ IVPN clients support two factor authentication (Mullvad's clients do not). IVPN
 Mullvad has [servers in 41 countries](https://mullvad.net/servers).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
 { .annotate }
 
-1. Last checked: 2024-03-23
+1. Last checked: 2024-04-02
 
 We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).
 
@@ -246,13 +252,13 @@ Mullvad [recommends](https://mullvad.net/en/help/why-wireguard) the use of WireG
 
 #### :material-check:{ .pg-green } IPv6 Support
 
-Mullvad allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support), as opposed to other providers which block IPv6 connections.
+Mullvad allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support) and connect from a device using an IPv6 address.
 
 #### :material-alert-outline:{ .pg-orange } Remote Port Forwarding
 
 Mullvad previously supported port forwarding, but removed the option in [May 2023](https://mullvad.net/en/blog/2023/5/29/removing-the-support-for-forwarded-ports). Missing this feature could negatively impact certain applications, especially peer-to-peer applications like torrent clients.
 
-#### :material-check:{ .pg-green } Censorship Circumvention
+#### :material-check:{ .pg-green } Anti-Censorship
 
 Mullvad has obfuscation an mode using [Shadowsocks with v2ray](https://mullvad.net/en/help/shadowsocks-with-v2ray) which may be useful in situations where VPN protocols like OpenVPN or Wireguard are blocked.
 
@@ -260,7 +266,7 @@ Mullvad has obfuscation an mode using [Shadowsocks with v2ray](https://mullvad.n
 
 Mullvad has published [App Store](https://apps.apple.com/app/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases).
 
-#### :material-information-outline:{ .pg-blue } Additional Functionality
+#### :material-information-outline:{ .pg-blue } Additional Notes
 
 Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers). They use [ShadowSocks](https://shadowsocks.org) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion).
 

includes/strings.en.env

@@ -1,15 +1,27 @@
 ANALYTICS_CONSENT_BODY="We collect anonymous statistics about your visits to help us improve the site. We do not track you across other websites. If you disable this, we will not know when you have visited our site. We will save a single cookie in your browser to remember your preference."
 ANALYTICS_CONSENT_TITLE="Contribute anonymous statistics"
+ANALYTICS_COOKIE_GITHUB="GitHub API"
+ANALYTICS_COOKIE_UMAMI="Self-Hosted Analytics"
+ANALYTICS_FEEDBACK_NEGATIVE_NAME="This page could be improved"
+ANALYTICS_FEEDBACK_NEGATIVE_NOTE='Thanks for your feedback! If you want to let us know more, please leave a post on our <a href="https://discuss.privacyguides.net/c/site-development/7" target="_blank" rel="noopener">forum</a>.'
+ANALYTICS_FEEDBACK_POSITIVE_NAME="This page was helpful"
+ANALYTICS_FEEDBACK_POSITIVE_NOTE="Thanks for your feedback!"
+ANALYTICS_FEEDBACK_TITLE="Was this page helpful?"
 DESCRIPTION_HOMEPAGE="A socially motivated website which provides information about protecting your online data privacy and security."
-DESCRIPTION_TRANSLATION="You're viewing the $LANG copy of Privacy Guides, translated by our fantastic language team on Crowdin. If you notice an error, or see any untranslated sections on this page, please consider helping out!"
-DESCRIPTION_TRANSLATION_CTA="Visit Crowdin"
-FOOTER_COPYRIGHT_AFFILIATE="We do not make money from recommending certain products, and we do not use affiliate links."
-FOOTER_COPYRIGHT_ANALYTICS="Anonymous statistics preferences."
-FOOTER_COPYRIGHT_DATE="2019 - 2024 Privacy Guides and contributors."
-FOOTER_COPYRIGHT_ICON='<span class="twemoji"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><!--! Font Awesome Free 6.2.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2022 Fonticons, Inc.--><path d="m245.83 214.87-33.22 17.28c-9.43-19.58-25.24-19.93-27.46-19.93-22.13 0-33.22 14.61-33.22 43.84 0 23.57 9.21 43.84 33.22 43.84 14.47 0 24.65-7.09 30.57-21.26l30.55 15.5c-6.17 11.51-25.69 38.98-65.1 38.98-22.6 0-73.96-10.32-73.96-77.05 0-58.69 43-77.06 72.63-77.06 30.72-.01 52.7 11.95 65.99 35.86zm143.05 0-32.78 17.28c-9.5-19.77-25.72-19.93-27.9-19.93-22.14 0-33.22 14.61-33.22 43.84 0 23.55 9.23 43.84 33.22 43.84 14.45 0 24.65-7.09 30.54-21.26l31 15.5c-2.1 3.75-21.39 38.98-65.09 38.98-22.69 0-73.96-9.87-73.96-77.05 0-58.67 42.97-77.06 72.63-77.06 30.71-.01 52.58 11.95 65.56 35.86zM247.56 8.05C104.74 8.05 0 123.11 0 256.05c0 138.49 113.6 248 247.56 248 129.93 0 248.44-100.87 248.44-248 0-137.87-106.62-248-248.44-248zm.87 450.81c-112.54 0-203.7-93.04-203.7-202.81 0-105.42 85.43-203.27 203.72-203.27 112.53 0 202.82 89.46 202.82 203.26-.01 121.69-99.68 202.82-202.84 202.82z"></path></svg></span><span class="twemoji"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><!--! Font Awesome Free 6.2.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2022 Fonticons, Inc.--><path d="M314.9 194.4v101.4h-28.3v120.5h-77.1V295.9h-28.3V194.4c0-4.4 1.6-8.2 4.6-11.3 3.1-3.1 6.9-4.7 11.3-4.7H299c4.1 0 7.8 1.6 11.1 4.7 3.1 3.2 4.8 6.9 4.8 11.3zm-101.5-63.7c0-23.3 11.5-35 34.5-35s34.5 11.7 34.5 35c0 23-11.5 34.5-34.5 34.5s-34.5-11.5-34.5-34.5zM247.6 8C389.4 8 496 118.1 496 256c0 147.1-118.5 248-248.4 248C113.6 504 0 394.5 0 256 0 123.1 104.7 8 247.6 8zm.8 44.7C130.2 52.7 44.7 150.6 44.7 256c0 109.8 91.2 202.8 203.7 202.8 103.2 0 202.8-81.1 202.8-202.8.1-113.8-90.2-203.3-202.8-203.3z"></path></svg></span><span class="twemoji"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><!--! Font Awesome Free 6.2.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2022 Fonticons, Inc.--><path d="M247.6 8C389.4 8 496 118.1 496 256c0 147.1-118.5 248-248.4 248C113.6 504 0 394.5 0 256 0 123.1 104.7 8 247.6 8zm.8 44.7C130.2 52.7 44.7 150.6 44.7 256c0 109.8 91.2 202.8 203.7 202.8 103.2 0 202.8-81.1 202.8-202.8.1-113.8-90.2-203.3-202.8-203.3zm94 144.3v42.5H162.1V197h180.3zm0 79.8v42.5H162.1v-42.5h180.3z"></path></svg></span>'
-FOOTER_COPYRIGHT_INTRO="<b>Privacy Guides</b> is a non-profit, socially motivated website that provides information for protecting your data security and privacy."
-FOOTER_COPYRIGHT_LICENSE="Content license:"
-FOOTER_COPYRIGHT="$FOOTER_COPYRIGHT_INTRO <br> $FOOTER_COPYRIGHT_AFFILIATE <br> &copy; $FOOTER_COPYRIGHT_DATE $FOOTER_COPYRIGHT_ICON $FOOTER_COPYRIGHT_LICENSE <a href='/license'><strong>CC BY-ND 4.0</strong></a>. <a href='#__consent'>$FOOTER_COPYRIGHT_ANALYTICS</a>"
+FOOTER_ANALYTICS="Anonymous statistics preferences."
+FOOTER_COPYRIGHT_AUTHOR="Privacy Guides and contributors."
+FOOTER_INTRO="<b>Privacy Guides</b> is a non-profit, socially motivated website that provides information for protecting your data security and privacy."
+FOOTER_NOTE="We do not make money from recommending certain products, and we do not use affiliate links."
+HOMEPAGE_CTA_DESCRIPTION="It's important for a website like Privacy Guides to always stay up-to-date. We need our audience to keep an eye on software updates for the applications listed on our site and follow recent news about providers that we recommend. It's hard to keep up with the fast pace of the internet, but we try our best. If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know."
+HOMEPAGE_DESCRIPTION="A socially motivated website which provides information about protecting your online data privacy and security."
+HOMEPAGE_RSS_CHANGELOG_LINK="https://discuss.privacyguides.net/c/site-development/changelog/9.rss"
+HOMEPAGE_RSS_CHANGELOG_TITLE="Privacy Guides release changelog"
+HOMEPAGE_RSS_BLOG_LINK="https://blog.privacyguides.org/feed_rss_created.xml"
+HOMEPAGE_RSS_BLOG_TITLE="Privacy Guides blog feed"
+HOMEPAGE_RSS_STORIES_LINK="https://share.privacyguides.org/web-stories/feed/"
+HOMEPAGE_RSS_STORIES_TITLE="Privacy Guides web stories feed"
+HOMEPAGE_RSS_FORUM_LINK="https://discuss.privacyguides.net/latest.rss"
+HOMEPAGE_RSS_FORUM_TITLE="Latest Privacy Guides forum topics"
 LANG="English"
 LANG_ENGLISH="English"
 NAV_ABOUT="About"
@@ -42,3 +54,5 @@ SOCIAL_TOR_SITE="Hidden service"
 THEME_AUTO="Switch to system theme"
 THEME_DARK="Switch to dark mode"
 THEME_LIGHT="Switch to light mode"
+TRANSLATION_NOTICE="You're viewing the $LANG copy of Privacy Guides, translated by our fantastic language team on Crowdin. If you notice an error, or see any untranslated sections on this page, please consider helping out!"
+TRANSLATION_NOTICE_CTA="Visit Crowdin"

netlify.toml

@@ -1,104 +0,0 @@
-# Copyright (c) 2022-2024 Jonah Aragon <jonah@triplebit.net>
-
-# Permission is hereby granted, free of charge, to any person obtaining a copy
-# of this software and associated documentation files (the "Software"), to
-# deal in the Software without restriction, including without limitation the
-# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
-# sell copies of the Software, and to permit persons to whom the Software is
-# furnished to do so, subject to the following conditions:
-
-# The above copyright notice and this permission notice shall be included in
-# all copies or substantial portions of the Software.
-
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
-# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
-# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
-# IN THE SOFTWARE.
-
-[build]
-    publish = "site/"
-    command = "mkdocs build --config-file config/mkdocs.en.yml && cp -r static/* site/"
-
-    [context.production]
-        command = "rm -rf i18n-download  || true && git clone https://github.com/privacyguides/i18n i18n-download && cp -rl i18n-download/i18n . && cp -rl i18n-download/includes . && cp -rl i18n-download/theme . && mkdocs build --config-file config/mkdocs.en.yml && mkdocs build --config-file config/mkdocs.es.yml && mkdocs build --config-file config/mkdocs.fr.yml && mkdocs build --config-file config/mkdocs.he.yml && mkdocs build --config-file config/mkdocs.it.yml && mkdocs build --config-file config/mkdocs.nl.yml && mkdocs build --config-file config/mkdocs.zh-Hant.yml && mkdocs build --config-file config/mkdocs.ru.yml && cp -r static/* site/"
-
-    [context.branch-deploy]
-        command = "crowdin download && for i in config/mkdocs.*.yml; do mkdocs build --config-file $i; done && cp -r static/* site/"
-
-[[headers]]
-  for = "/*"
-  [headers.values]
-    X-Frame-Options = "DENY"
-    X-XSS-Protection = "0"
-    X-Content-Type-Options = "nosniff"
-    Strict-Transport-Security = "max-age=63072000; includeSubDomains; preload"
-    Content-Security-Policy = "default-src 'none'; script-src https://www.privacyguides.org 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src data: 'self'; connect-src https://api.github.com https://*.privacyguides.net 'self'; frame-src https://*.privacyguides.net; frame-ancestors 'none'"
-    Permissions-Policy = "browsing-topics=(), conversion-measurement=(), interest-cohort=(), accelerometer=(), ambient-light-sensor=(), battery=(), camera=(), display-capture=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), usb=()"
-
-[[headers]]
-  for = "/:lang/about/donate/"
-  [headers.values]
-    Content-Security-Policy = "default-src 'none'; script-src https://opencollective.com https://www.privacyguides.org 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src https://opencollective.com data: 'self'; connect-src https://api.github.com https://*.privacyguides.net 'self'; frame-src https://opencollective.com; frame-ancestors 'none'"
-
-[[headers]]
-  for = "/:lang/tor/"
-  [headers.values]
-    Content-Security-Policy = "default-src 'none'; script-src https://www.privacyguides.org 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src data: 'self'; connect-src https://api.github.com https://*.privacyguides.net 'self'; frame-src https://snowflake.torproject.org; frame-ancestors 'none'"
-
-[[redirects]]
-    from = "/es/*"
-    to = "/i18n/404.es.html"
-    status = 404
-
-[[redirects]]
-    from = "/fr/*"
-    to = "/i18n/404.fr.html"
-    status = 404
-
-[[redirects]]
-    from = "/he/*"
-    to = "/i18n/404.he.html"
-    status = 404
-
-[[redirects]]
-    from = "/it/*"
-    to = "/i18n/404.it.html"
-    status = 404
-
-[[redirects]]
-    from = "/nl/*"
-    to = "/i18n/404.nl.html"
-    status = 404
-
-[[redirects]]
-    from = "/zh-hant/*"
-    to = "/i18n/404.zh-Hant.html"
-    status = 404
-
-[[redirects]]
-    from = "/ru/*"
-    to = "/i18n/404.ru.html"
-    status = 404
-
-[[redirects]]
-    from = "/*"
-    to = "/i18n/404.en.html"
-    status = 404
-
-[[plugins]]
-  package = "@netlify/plugin-lighthouse"
-
-    [[plugins.inputs.audits]]
-        path = "en"
-
-    [[plugins.inputs.audits]]
-        path = "en/tools"
-
-    [[plugins.inputs.audits]]
-        path = "en/basics/why-privacy-matters"
-
-    [[plugins.inputs.audits]]
-        path = "en/vpn"

static/_redirects

@@ -1,89 +0,0 @@
-# Copyright (c) 2023 Jonah Aragon <jonah@triplebit.net>
-
-# Permission is hereby granted, free of charge, to any person obtaining a copy
-# of this software and associated documentation files (the "Software"), to
-# deal in the Software without restriction, including without limitation the
-# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
-# sell copies of the Software, and to permit persons to whom the Software is
-# furnished to do so, subject to the following conditions:
-
-# The above copyright notice and this permission notice shall be included in
-# all copies or substantial portions of the Software.
-
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
-# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
-# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
-# IN THE SOFTWARE.
-
-/  /en/       302  Language=en
-/  /es/       302  Language=es
-/  /fr/       302  Language=fr
-/  /he/       302  Language=he
-/  /it/       302  Language=it
-/  /nl/       302  Language=nl
-/  /zh-hant/  302  Language=zh-Hant
-/  /ru/       302  Language=ru
-/  /en/       302
-
-/.well-known/matrix/* https://matrix.privacyguides.org/.well-known/matrix/:splat 200
-/.well-known/* /well-known/:splat 200
-
-/kb /en/basics/why-privacy-matters/
-/:lang/kb /:lang/basics/why-privacy-matters/
-
-/coc /en/CODE_OF_CONDUCT/
-/license https://github.com/privacyguides/privacyguides.org/tree/main/README.md#license
-
-/team /en/about/
-/browsers /en/desktop-browsers/
-/blog https://blog.privacyguides.org
-/basics/dns-overview /en/advanced/dns-overview/
-/basics/tor-overview /en/advanced/tor-overview/
-/real-time-communication/communication-network-types /en/advanced/communication-network-types
-/advanced/real-time-communication /en/advanced/communication-network-types
-/android/overview /en/os/android-overview/
-/linux-desktop/overview /en/os/linux-overview/
-/android/grapheneos-vs-calyxos https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/
-/ios/configuration https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/
-/linux-desktop/hardening https://blog.privacyguides.org/2022/04/22/linux-system-hardening/
-/linux-desktop/sandboxing https://blog.privacyguides.org/2022/04/22/linux-application-sandboxing/
-/advanced/signal-configuration-hardening https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/
-/real-time-communication/signal-configuration-hardening https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/
-/advanced/integrating-metadata-removal https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/
-/advanced/erasing-data https://blog.privacyguides.org/2022/05/25/secure-data-erasure/
-/operating-systems /en/desktop/
-/threat-modeling /en/basics/threat-modeling/
-/self-contained-networks /en/tor/
-/privacy-policy /en/about/privacy-policy/
-/metadata-removal-tools /en/data-redaction/
-/basics /en/kb
-/software/file-encryption /en/encryption/
-/providers /en/tools/#service-providers
-/software/calendar-contacts /en/calendar/
-/calendar-contacts /en/calendar/
-/software/metadata-removal-tools /en/data-redaction/
-/contact /en/about/
-/welcome-to-privacy-guides https://blog.privacyguides.org/2021/09/14/welcome-to-privacy-guides/
-/software/email /en/email-clients/
-/providers/paste /en/tools/
-/blog/2019/10/05/understanding-vpns https://www.jonaharagon.com/posts/understanding-vpns/
-/terms-and-notices /en/about/notices/
-/software/networks /en/tor/
-/social-news-aggregator /en/news-aggregators/
-/basics/erasing-data https://blog.privacyguides.org/2022/05/25/secure-data-erasure/
-/linux-desktop /en/desktop/
-
-/providers/:slug /en/:slug/
-/software/:slug /en/:slug/
-/blog/* https://blog.privacyguides.org/:splat
-/assets/* /en/assets/:splat
-
-/:slug/ /en/:slug/
-/about/:slug/ /en/about/:slug/
-/advanced/:slug/ /en/advanced/:slug/
-/basics/:slug/ /en/basics/:slug/
-/meta/:slug/ /en/meta/:slug/
-/os/:slug/ /en/os/:slug/

static/well-known/security.txt

@@ -1,5 +0,0 @@
-Contact: mailto:jonah@triplebit.net
-Expires: 2024-01-01T18:00:00.000Z
-Preferred-Languages: en
-Canonical: https://www.privacyguides.org/.well-known/security.txt
-Policy: https://github.com/privacyguides/privacyguides.org/security/policy

theme/assets/img/cloud/peergos.svg

@@ -0,0 +1 @@
+<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><g fill="#26b99a"><rect class="cls-2" x="6.0734" y="30.393" width="21.72" height="3.4742" stroke-width="1.2679"/><polygon class="cls-2" transform="matrix(1.2679 0 0 1.2679 -6.7708 -10.511)" points="13.73 13.61 23.67 13.61 25.36 31.59 12.03 31.59"/><polygon class="cls-2" transform="matrix(1.2679 0 0 1.2679 -6.7708 -10.511)" points="21.68 9.2 21.68 8.29 19.7 8.29 19.7 9.2 17.7 9.2 17.7 8.29 15.72 8.29 15.72 9.2 13.72 9.2 13.72 8.29 11.74 8.29 11.74 9.2 11.74 10.27 11.74 11.61 25.66 11.61 25.66 10.27 25.66 9.2 25.66 8.29 23.68 8.29 23.68 9.2"/></g><g fill="#209e84"><polygon class="cls-3" transform="matrix(1.2679 0 0 1.2679 -6.7708 -10.511)" points="23.67 13.61 25.66 11.61 11.74 11.61 13.73 13.61"/><polygon class="cls-3" transform="matrix(1.2679 0 0 1.2679 -6.7708 -10.511)" points="25.36 30.91 27.26 32.26 10.13 32.26 12.03 30.91"/><g stroke-width="1.2679"><path class="cls-3" d="m20.186 17.269-0.90024-0.19019a2.3837 2.3837 0 0 0 0-0.48182v-0.97631a2.371 2.371 0 1 0-4.7421 0v0.97631 0.15215l-0.9256 0.0634v-0.21555-0.97631a3.2966 3.2966 0 1 1 6.5933 0v0.97631a3.2966 3.2966 0 0 1-0.02536 0.67201z"/><circle class="cls-3" cx="16.94" cy="18.55" r=".60861"/><path class="cls-3" d="m21.048 18.55a3.9687 3.9687 0 0 1-4.1081 3.9053 3.9306 3.9306 0 1 1 0-7.8359 3.9433 3.9433 0 0 1 4.1081 3.9306zm-6.8849 0a2.7768 2.7768 0 0 0 2.7895 2.7514 2.7514 2.7514 0 1 0-2.7895-2.7514z"/></g><polygon class="cls-3" transform="matrix(1.2679 0 0 1.2679 -6.7708 -10.511)" points="19.03 23.96 18.81 23.24 18.56 23.24 18.36 23.96"/></g></svg>

theme/assets/javascripts/LICENSE.mathjax.txt

@@ -1,202 +0,0 @@
-
-                                 Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "[]"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright [yyyy] [name of copyright owner]
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.

theme/assets/javascripts/feedback.js

@@ -0,0 +1,51 @@
+var feedback = document.forms.feedback
+feedback.hidden = false
+
+feedback.addEventListener("submit", function(ev) {
+  ev.preventDefault()
+
+  var data = ev.submitter.getAttribute("data-md-value")
+
+  if (data == 1) {
+    var umamiEventName = "feedback-positive"
+  } else if (data == 0) {
+    var umamiEventName = "feedback-negative"
+  }
+
+  var umamiEvent = {
+    payload: {
+      hostname: window.location.hostname,
+      language: navigator.language,
+      referrer: document.referrer,
+      screen: `${window.screen.width}x${window.screen.height}`,
+      url: window.location.pathname,
+      website: '30b92047-7cbb-4800-9815-2e075a293e0a',
+      name: umamiEventName,
+    },
+    type: 'event',
+  };
+
+  // remove trailing slash from path
+  if (umamiEvent.payload.url.slice(-1) === '/') {
+    umamiEvent.payload.url = umamiEvent.payload.url.slice(0, -1);
+  }
+
+  console.log(umamiEvent)
+
+  fetch("https://stats.jonaharagon.net/api/send", {
+    method: "POST",
+    body: JSON.stringify(umamiEvent),
+    headers: {
+      "Content-type": "application/json",
+    }
+  })
+    .then((response) => console.log(response));
+
+  feedback.firstElementChild.disabled = true
+
+  var note = feedback.querySelector(
+    ".md-feedback__note [data-md-value='" + data + "']"
+  )
+  if (note)
+    note.hidden = false
+})

theme/assets/javascripts/resolution.js

@@ -22,14 +22,14 @@ function getCookie(cname) {
 
 var consent = __md_get("__consent")
 if (!consent) {
-  __md_set("__consent", {umami: true});
+  __md_set("__consent", {"analytics":true,"github":true});
   if (getCookie('resolution') == '') {
     const resolution = `${window.screen.width}x${window.screen.height}`;
     setCookie('resolution', resolution, 30);
   }
 }
 
-if (consent && consent.umami) {
+if (consent && consent.analytics) {
   if (getCookie('resolution') == '') {
     const resolution = `${window.screen.width}x${window.screen.height}`;
     setCookie('resolution', resolution, 30);

theme/assets/stylesheets/extra.css

@@ -22,7 +22,7 @@
 
 @font-face {
     font-family: 'Bagnard';
-    src: url("/en/assets/brand/fonts/Bagnard/Bold.woff") format("woff");
+    src: url("../brand/fonts/Bagnard/Bold.woff") format("woff");
     font-display: swap;
 }
 
@@ -484,7 +484,7 @@ path[d="M20.71 7.04c.39-.39.39-1.04 0-1.41l-2.34-2.34c-.37-.39-1.02-.39-1.41 0l-
 }
 
 /* Cover images */
-.center-cropped {
+.cover.center-cropped {
     width: 100%;
     height: 200px;
     background-position: center center;
@@ -497,19 +497,15 @@ path[d="M20.71 7.04c.39-.39.39-1.04 0-1.41l-2.34-2.34c-.37-.39-1.02-.39-1.41 0l-
 }
 
 /* Set the image to fill its parent and make transparent */
-.center-cropped img {
-    min-height: 100%;
-    min-width: 100%;
-    opacity: 0;
+.cover.center-cropped img {
+    height: 100%;
+    width: 100%;
+    object-fit: cover;
 }
 
-.center-cropped h1 {
-    position: absolute;
-    top: 50%;
-    left: 50%;
-    transform: translate(-50%, -50%);
-    color: white;
-    z-index: 1;
+.cover ~ h1 {
+    margin: 1.25em 0 0;
+    text-align: center;
 }
 
 /* Social share button */

theme/assets/stylesheets/home.css

@@ -109,23 +109,28 @@ article.md-content__inner {
 article.md-content__inner > * {
     max-width: 38rem;
 }
-article.md-content__inner > *:nth-child(n+7):nth-child(-n+12) {
+/* article.md-content__inner > *:nth-child(n+8):nth-child(-n+12) {
     margin-left: auto;
     margin-right: 0;
     text-align: right;
+} */
+#what-should-i-do, #what-should-i-do ~ :not( .mdx-cat ~ * ):not( .mdx-cta ) {
+  margin-left: auto;
+  margin-right: 0;
+  text-align: right;
 }
 article.md-content__inner > hr {
     margin: 3rem;
 }
-article.md-content__inner > *:nth-child(n+13) {
+.pg-end-right-align, .mdx-cta {
     margin-left: auto;
     margin-right: auto;
     text-align: center;
 }
-article.md-content__inner > *:nth-child(n+13) a:has(.twemoji) {
+.mdx-cta a:has(.twemoji) {
     display: inline-block;
 }
-article.md-content__inner > *:nth-child(n+13) .twemoji {
+.mdx-cta .twemoji {
     --md-icon-size: 1.8em;
     margin: 0.4rem;
 }

theme/home.html

@@ -21,12 +21,12 @@
   IN THE SOFTWARE.
 #} -->
 {% extends "main.html" %}
+{% set homepage = config.extra.privacy_guides.homepage %}
 {% block extrahead %}
   <link rel="stylesheet" href="{{ 'assets/stylesheets/home.css?v=3.3.0' | url }}">
-  <link rel="alternate" type="application/rss+xml" title="Privacy Guides Release Changelog" href="https://discuss.privacyguides.net/c/site-development/changelog/9.rss">
-  <link rel="alternate" type="application/rss+xml" title="Privacy Guides Blog Feed" href="https://blog.privacyguides.org/feed_rss_created.xml">
-  <link rel="alternate" type="application/rss+xml" title="Privacy Guides Web Stories Feed" href="https://share.privacyguides.org/web-stories/feed/">
-  <link rel="alternate" type="application/rss+xml" title="Latest Privacy Guides Forum Topics" href="https://discuss.privacyguides.net/latest.rss" />
+  {% for feed in homepage.rss %}
+    <link rel="alternate" type="application/rss+xml" title="{{ feed.title }}" href="{{ feed.link }}">
+  {% endfor %}
   {{ super() }}
 {% endblock %}
 {% block tabs %}
@@ -36,16 +36,30 @@
     <div class="md-grid md-typeset">
       <div class="mdx-hero">
         <div class="mdx-hero__content">
-          <h1>The guide to restoring your online privacy.</h1>
-          <p>Massive organizations are monitoring your online activities. Privacy Guides is your central privacy and security resource to protect yourself online.</p>
-          <a href="{% if config.extra.offline %}basics/why-privacy-matters.html{% else %}kb/{% endif %}" title="The first step of your privacy journey" class="md-button md-button--primary">
-            Start Your Privacy Journey
-          </a>
-          <a href="{% if config.extra.offline %}tools.html{% else %}tools/{% endif %}" title="Recommended privacy tools, services, and knowledge" class="md-button">
-            Recommended Tools
-          </a>
+          <h1>{{ homepage.hero.header }}</h1>
+          <p>{{ homepage.hero.subheader }}</p>
+          {% for button in homepage.hero.buttons %}
+            <a href="{{ button.link }}" title="{{ button.title }}" class="{{ button.class }}">
+              {{ button.name }}
+            </a>
+          {% endfor %}
         </div>
       </div>
     </div>
   </section>
 {% endblock %}
+{% block content %}
+  {{ page.content }}
+  <div class="mdx-cta">
+    <hr />
+    {% for cta in homepage.cta %}
+      <h2>{{ cta.title }}</h2>
+      {% for icon in cta.links %}
+        <a href="{{ icon.link }}" title="{{ icon.name }}">
+          <span class="twemoji">{% include ".icons/" ~ icon.icon ~ ".svg" %}</span>
+        </a>
+      {% endfor %}
+      <p>{{ cta.description }}</p>
+    {% endfor %}
+  </div>
+{% endblock %}

theme/main.html

@@ -69,65 +69,17 @@
     <title>{{ config.site_name }}</title>
     {% endif %}
 {% endblock %}
-{% block announce %}{% if config.extra.offline %}
-    You're viewing an offline copy of Privacy Guides built on {{ build_date_utc }}.
-    <a href="https://www.privacyguides.org/">
-    <strong>Visit privacyguides.org for the latest version.</strong>
-    </a>
-{% elif config.extra.context == "deploy-preview" %}
-    You're viewing an <strong>unreviewed preview</strong> of Privacy Guides built on {{ build_date_utc }}.
-    These previews are <strong>user-submitted</strong> and may not necessarily reflect the opinion of the site.
-    <a href="https://www.privacyguides.org/">
-    <strong>Visit privacyguides.org for current advice.</strong>
-    </a>
-{% elif config.extra.context == "branch-deploy" %}
-    You're viewing a <strong>staging branch</strong> of Privacy Guides built on {{ build_date_utc }}.
-    The information on this page may be incomplete or otherwise not yet meet our editorial release standards.
-    <a href="https://www.privacyguides.org/">
-    <strong>Visit privacyguides.org for current advice.</strong>
-    </a>
-{% else %}{% endif %}{% endblock %}
+
 {% block extrahead %}
-<meta name="robots" content="max-snippet:-1, max-image-preview:large">
-{% if config.extra.context == "production" %}
-<meta http-equiv="onion-location" content="{{ "http://www.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion/" ~ config.theme.language ~ "/" ~ page.url }}" />
-{% elif config.extra.deploy %}
-<meta http-equiv="onion-location" content="{{ "http://" ~ config.extra.deploy ~ ".netlify.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion/" ~ config.theme.language ~ "/" ~ page.url }}" />
-{% endif %}
-{% if page and page.meta and page.meta.schema %}
-<script type="application/ld+json">
-{{ page.meta.schema|tojson }}
-</script>
-{% endif %}{% endblock %}
-{% block content %}
-    {% if page and page.meta and page.meta.cover %}
-    <div class="center-cropped" style="background-image:linear-gradient(rgba(0, 0, 0, 0.6), rgba(0, 0, 0, 0.6)), url('/en/assets/img/cover/{{ page.meta.cover }}');">
-        <h1>{{ page.title | d(config.site_name, true)}}</h1>
-        <img src="/en/assets/img/cover/{{ page.meta.cover }}" alt="">
-    </div>
-    {% endif %}
-    {% if "material/tags" in config.plugins %}
-    {% include "partials/tags.html" %}
-    {% endif %}
-    {% include "partials/actions.html" %}
-    {% if "\x3ch1" not in page.content and not page.meta.cover %}
-    <h1>{{ page.title | d(config.site_name, true)}}</h1>
-    {% endif %}
-    {{ page.content }}
-    {% include "partials/source-file.html" %}
-
-    {% if config.theme.language == "en" %}
-    <hr>
-    <h2>Share this website and spread privacy knowledge</h2>
-    <p><input class="admonition quote social-share-text" id="share" type="text" value="Privacy Guides: https://www.privacyguides.org - Cybersecurity resources and privacy-focused tools to protect yourself online" onclick="select()" readonly=""></p>
-    <p><em>Copy this text to easily share Privacy Guides with your friends and family on any social network!</em></p>
-    {% elif config.extra.translation_notice %}
-    <div class="admonition info">
-    <p>{{ config.extra.translation_notice }} <strong><a href="https://crowdin.com/project/privacyguides">{{ config.extra.translation_notice_cta }}</a></strong></p>
-    <p>You're viewing the {{ config.extra.translation_notice_language }} copy of Privacy Guides, translated by our fantastic language team on <a href="https://crowdin.com/project/privacyguides">Crowdin</a>. If you notice an error, or see any untranslated sections on this page, please consider <a href="https://matrix.to/#/#pg-i18n:aragon.sh">helping out!</a></p>
-    </div>
-    {% endif %}
-
-    {% include "partials/feedback.html" %}
-    {% include "partials/comments.html" %}
+  <meta name="robots" content="max-snippet:-1, max-image-preview:large">
+  {% if config.extra.context == "production" %}
+  <meta http-equiv="onion-location" content="{{ "http://www.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion/" ~ config.theme.language ~ "/" ~ page.url }}" />
+  {% elif config.extra.deploy %}
+  <meta http-equiv="onion-location" content="{{ "http://" ~ config.extra.deploy ~ ".netlify.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion/" ~ config.theme.language ~ "/" ~ page.url }}" />
+  {% endif %}
+  {% if page and page.meta and page.meta.schema %}
+  <script type="application/ld+json">
+  {{ page.meta.schema|tojson }}
+  </script>
+  {% endif %}
 {% endblock %}

theme/partials/content.html

@@ -0,0 +1,64 @@
+<!--
+  Copyright (c) 2016-2024 Martin Donath <martin.donath@squidfunk.com>
+  Copyright (c) 2024 Jonah Aragon <jonah@triplebit.net>
+
+  Permission is hereby granted, free of charge, to any person obtaining a copy
+  of this software and associated documentation files (the "Software"), to
+  deal in the Software without restriction, including without limitation the
+  rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+  sell copies of the Software, and to permit persons to whom the Software is
+  furnished to do so, subject to the following conditions:
+
+  The above copyright notice and this permission notice shall be included in
+  all copies or substantial portions of the Software.
+
+  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+  FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
+  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+  FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+  IN THE SOFTWARE.
+-->
+
+{% if page and page.meta and page.meta.cover %}
+  <div class="cover center-cropped">
+      <img src="/en/assets/img/cover/{{ page.meta.cover }}" alt="">
+  </div>
+  <h1>{{ page.title | d(config.site_name, true)}}</h1>
+{% endif %}
+
+<!-- Tags -->
+{% include "partials/tags.html" %}
+
+<!-- Actions -->
+{% include "partials/actions.html" %}
+
+{% if "\x3ch1" not in page.content and not page.meta.cover %}
+  <h1>{{ page.title | d(config.site_name, true)}}</h1>
+{% endif %}
+
+<!-- Page content -->
+{{ page.content }}
+
+<!-- Source file information -->
+{% include "partials/source-file.html" %}
+
+<!-- Was this page helpful? -->
+{% include "partials/feedback.html" %}
+
+{% set translation_notice = config.extra.privacy_guides.translation_notice %}
+{% if config.theme.language == "fr" %}
+  <hr>
+  <h2 class="md-feedback__title">Share this website and spread privacy knowledge</h2>
+  <p><input class="admonition quote social-share-text" id="share" type="text" value="Privacy Guides: https://www.privacyguides.org - Cybersecurity resources and privacy-focused tools to protect yourself online" onclick="select()" readonly=""></p>
+  <p><em>Copy this text to easily share Privacy Guides with your friends and family on any social network!</em></p>
+{% elif translation_notice %}
+  <div class="admonition info">
+    <p>{{ translation_notice.notice }} <strong><a href="https://crowdin.com/project/privacyguides">{{ translation_notice.cta }}</a></strong></p>
+    <p>You're viewing the {{ translation_notice.language }} copy of Privacy Guides, translated by our fantastic language team on <a href="https://crowdin.com/project/privacyguides">Crowdin</a>. If you notice an error, or see any untranslated sections on this page, please consider <a href="https://matrix.to/#/#pg-i18n:aragon.sh">helping out!</a></p>
+  </div>
+{% endif %}
+
+<!-- Comment system -->
+{% include "partials/comments.html" %}

theme/partials/copyright.html

@@ -1,6 +1,5 @@
-<!-- {#
-  Copyright (c) 2016-2023 Martin Donath <martin.donath@squidfunk.com>
-  Copyright (c) 2023 Jonah Aragon <jonah@triplebit.net>
+<!--
+  Copyright (c) 2024 Jonah Aragon <jonah@triplebit.net>
 
   Permission is hereby granted, free of charge, to any person obtaining a copy
   of this software and associated documentation files (the "Software"), to
@@ -19,16 +18,26 @@
   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
   FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
   IN THE SOFTWARE.
-#} -->
-<footer class="md-footer">
-  <div class="md-footer-meta md-typeset">
-    <div class="md-footer-meta__inner md-grid">
-      {% include "partials/copyright.html" %}
+-->
+{% set copyright = config.extra.privacy_guides.footer %}
 
-      <!-- Social links -->
-      {% if config.extra.social %}
-        {% include "partials/social.html" %}
-      {% endif %}
+<!-- Copyright information -->
+<div class="md-copyright">
+  {% if copyright %}
+    <div class="md-copyright__highlight" title="This version of Privacy Guides was built on {{ build_date_utc.strftime('%B %d, %Y at %I:%M%p') }}">
+      {{ copyright.intro }}
+      <br />
+      {{ copyright.note }}
+      <br />
+      <a href='/license'>
+        {% for icon in copyright.license %}
+          <span class="twemoji">{% include ".icons/" ~ icon ~ ".svg" %}</span>
+        {% endfor %}
+      </a>
+      {{ copyright.copyright.date }} {{ copyright.copyright.author }}
+      <a href='#__consent'>
+        {{ copyright.analytics }}
+      </a>
     </div>
-  </div>
-</footer>
+  {% endif %}
+</div>

theme/partials/header.html

@@ -21,6 +21,35 @@
   IN THE SOFTWARE.
 -->
 
+{% macro notice() %}{% if config.extra.offline %}
+    You're viewing an offline copy of Privacy Guides built on {{ build_date_utc.strftime('%B %d, %Y at %I:%M%p') }}.
+    <a href="https://www.privacyguides.org/">
+    <strong>Visit privacyguides.org for the latest version.</strong>
+    </a>
+{% elif config.extra.context == "deploy-preview" %}
+    You're viewing an <strong>unreviewed preview</strong> of Privacy Guides built on {{ build_date_utc.strftime('%B %d, %Y at %I:%M%p') }}.
+    These previews are <strong>user-submitted</strong> and may not necessarily reflect the opinion of the site.
+    <a href="https://www.privacyguides.org/">
+    <strong>Visit privacyguides.org for current advice.</strong>
+    </a>
+{% elif config.extra.context == "branch-deploy" %}
+    You're viewing a <strong>staging branch</strong> of Privacy Guides built on {{ build_date_utc.strftime('%B %d, %Y at %I:%M%p') }}.
+    The information on this page may be incomplete or otherwise not yet meet our editorial release standards.
+    <a href="https://www.privacyguides.org/">
+    <strong>Visit privacyguides.org for current advice.</strong>
+    </a>
+{% else %}{% endif %}{% endmacro %}
+
+{% if notice() %}
+<div data-md-color-scheme="default" data-md-component="outdated">
+  <aside class="md-banner md-banner--warning">
+    <div class="md-banner__inner md-grid md-typeset">
+      {{ notice() }}
+    </div>
+  </aside>
+</div>
+{% endif %}
+
 <!-- Determine classes -->
 {% set class = "md-header" %}
 {% if "navigation.tabs.sticky" in features %}