Update windows-overview.md

Signed-off-by: oppressor1761 <163018825+oppressor1761@users.noreply.github.com>

.editorconfig

@@ -31,8 +31,3 @@ indent_size = 2
 end_of_line = lf
 insert_final_newline = true
 trim_trailing_whitespace = true
-
-[{*.caddy,*.example-caddy,Caddyfile}]
-charset = utf-8
-indent_style = tab
-tab_width = 4

.github/ISSUE_TEMPLATE/1_Content_Correction.yml

@@ -22,6 +22,7 @@ name: "Content Correction"
 description: Report any inaccurate, incorrect, or outdated information on the website.
 labels: ["t:correction"]
 body:
+
   - type: markdown
     attributes:
       value: |

.github/ISSUE_TEMPLATE/2_Website_Issues.yml

@@ -24,6 +24,7 @@ labels: ["t:bug"]
 assignees:
   - jonaharagon
 body:
+
   - type: markdown
     attributes:
       value: |

.github/dependabot.yml

@@ -21,6 +21,7 @@
 version: 2
 
 registries:
+
   github-privacyguides:
     type: git
     url: https://github.com
@@ -28,6 +29,7 @@ registries:
     password: ${{secrets.REPO_PAT}}
 
 updates:
+
   # Maintain dependencies for GitHub Actions
   - package-ecosystem: "github-actions"
     directory: "/"
@@ -49,6 +51,7 @@ updates:
       interval: "monthly"
     labels:
       - "fix:submodules"
+
 # Disabled because some updates tend to remove needed dependencies for some reason
 
 #  # Maintain dependencies for pipenv

.github/workflows/build-offline.yml

@@ -0,0 +1,113 @@
+# Copyright (c) 2024 Jonah Aragon <jonah@triplebit.net>
+
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+# IN THE SOFTWARE.
+
+name: Build Offline Website
+
+on:
+  workflow_call:
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: 'false'
+
+      - uses: actions/download-artifact@v4
+        with:
+          pattern: repo-*
+          path: modules
+
+      - run: |
+          rmdir modules/mkdocs-material
+          mv modules/repo-mkdocs-material-insiders modules/mkdocs-material
+          rmdir theme/assets/brand
+          mv modules/repo-brand theme/assets/brand
+
+      - name: Python setup
+        uses: actions/setup-python@v5
+        with:
+          cache: 'pipenv'
+
+      - uses: actions/cache/restore@v4.0.2
+        with:
+          key: site-cache-${{ github.repository }}-en-${{ github.ref }}-${{ hashfiles('.cache/**') }}
+          path: .cache
+          restore-keys: |
+            site-cache-${{ github.repository }}-en-${{ github.ref }}-
+            site-cache-${{ github.repository }}-en-
+
+      - name: Install Python dependencies
+        run: |
+          pip install pipenv
+          pipenv install
+          sudo apt install pngquant
+
+      - name: Build website
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          CARDS: false
+        run: |
+          pipenv run mkdocs build --config-file config/mkdocs-offline.yml
+          pipenv run mkdocs --version
+
+      - name: Package website
+        run: |
+          tar -czvf offline.tar.gz site
+          zip -r -q offline.zip site
+
+      - uses: actions/cache/save@v4.0.2
+        with:
+          key: site-cache-${{ github.repository }}-en-${{ github.ref }}-${{ hashfiles('.cache/**') }}
+          path: .cache
+
+      - name: Upload tar.gz file
+        uses: actions/upload-artifact@v4
+        with:
+          name: offline.tar.gz
+          path: offline.tar.gz
+
+      - name: Upload zip file
+        uses: actions/upload-artifact@v4
+        with:
+          name: offline.zip
+          path: offline.zip
+
+      - name: Create ZIM File
+        uses: addnab/docker-run-action@v3
+        with:
+          image: ghcr.io/openzim/zim-tools:3.1.3
+          options: -v ${{ github.workspace }}:/data
+          run: |
+            zimwriterfs -w index.html -I assets/brand/logos/png/square/pg-yellow.png -l eng -t "Privacy Guides" -d "Your central privacy and security resource to protect yourself online." -c "Privacy Guides" -p "Jonah Aragon" -n "Privacy Guides" -e "https://github.com/privacyguides/privacyguides.org" /data/site /data/offline-privacy_guides.zim
+
+      - name: Upload ZIM file
+        uses: actions/upload-artifact@v4
+        with:
+          name: offline-privacy_guides.zim
+          path: offline-privacy_guides.zim

.github/workflows/build.yml

@@ -0,0 +1,136 @@
+# Copyright (c) 2024 Jonah Aragon <jonah@triplebit.net>
+
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+# IN THE SOFTWARE.
+
+name: Build Website
+
+on:
+  workflow_call:
+    inputs:
+      ref:
+        required: true
+        type: string
+      repo:
+        required: true
+        type: string
+      lang:
+        type: string
+        default: en
+      context:
+        type: string
+        default: deploy-preview
+      continue-on-error:
+        type: boolean
+        default: true
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    continue-on-error: ${{ inputs.continue-on-error }}
+    permissions:
+      contents: read
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          repository: ${{ inputs.repo }}
+          ref: ${{ inputs.ref }}
+          persist-credentials: 'false'
+          fetch-depth: 0
+
+      - uses: actions/download-artifact@v4
+        with:
+          pattern: repo-*
+          path: modules
+
+      - run: |
+          rmdir modules/mkdocs-material
+          mv modules/repo-mkdocs-material-insiders modules/mkdocs-material
+          rmdir theme/assets/brand
+          mv modules/repo-brand theme/assets/brand
+
+      - if: inputs.lang != 'en'
+        run: |
+          cp -rl modules/repo-i18n/i18n .
+          cp -rl modules/repo-i18n/includes .
+          cp -rl modules/repo-i18n/theme .
+
+      - uses: actions/setup-python@v5
+        with:
+          cache: 'pipenv'
+
+      - uses: actions/cache/restore@v4.0.2
+        with:
+          key: site-cache-${{ inputs.repo }}-${{ inputs.ref }}-${{ hashfiles('.cache/**') }}
+          path: .cache
+          restore-keys: |
+            site-cache-${{ inputs.repo }}-${{ inputs.ref }}-
+            site-cache-${{ inputs.repo }}-
+
+      - uses: actions/cache/restore@v4.0.2
+        with:
+          key: card-cache-${{ inputs.repo }}-${{ inputs.lang }}-${{ inputs.ref }}-${{ hashfiles('config/.cache/plugin/social/manifest.json') }}
+          path: |
+            config/.cache/plugin/social/manifest.json
+            config/.cache/plugin/social/assets
+          restore-keys: |
+            card-cache-${{ inputs.repo }}-${{ inputs.lang }}-${{ inputs.ref }}-
+            card-cache-${{ inputs.repo }}-${{ inputs.lang }}-
+
+      - run: |
+          pip install pipenv
+          pipenv install
+          sudo apt install pngquant
+
+      - if: inputs.lang != 'en'
+        uses: falti/dotenv-action@v1.1
+        with:
+          path: includes/strings.${{ inputs.lang }}.env
+          export-variables: true
+          keys-case: bypass
+
+      - env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          CONTEXT: ${{ inputs.context }}
+          PRODUCTION: true
+        run: |
+          pipenv run mkdocs build --config-file config/mkdocs.${{ inputs.lang }}.yml
+          cp -r static/* site/
+          pipenv run mkdocs --version
+          tar -czvf site-build-${{ inputs.lang }}.tar.gz site
+
+      - uses: actions/cache/save@v4.0.2
+        with:
+          key: site-cache-${{ inputs.repo }}-${{ inputs.ref }}-${{ hashfiles('.cache/**') }}
+          path: .cache
+
+      - uses: actions/cache/save@v4.0.2
+        with:
+          key: card-cache-${{ inputs.repo }}-${{ inputs.lang }}-${{ inputs.ref }}-${{ hashfiles('config/.cache/plugin/social/manifest.json') }}
+          path: |
+            config/.cache/plugin/social/manifest.json
+            config/.cache/plugin/social/assets
+
+      - uses: actions/upload-artifact@v4
+        with:
+          name: site-build-${{ inputs.lang }}.tar.gz
+          path: site-build-${{ inputs.lang }}.tar.gz

.github/workflows/cleanup.yml

@@ -0,0 +1,33 @@
+# Copyright (c) 2024 Jonah Aragon <jonah@triplebit.net>
+
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+# IN THE SOFTWARE.
+
+name: Cleanup Artifacts
+
+on:
+  workflow_call:
+
+jobs:
+  cleanup:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: geekyeggo/delete-artifact@v5
+        with:
+          name: repo-*
+          failOnError: false

.github/workflows/deploy-all.yml

@@ -1,51 +0,0 @@
-name: Deploy Website Build
-
-permissions:
-  contents: read
-  pages: write
-  id-token: write
-
-on:
-  workflow_call:
-    inputs:
-      netlify_production:
-        type: boolean
-        default: true
-      github_pages:
-        type: boolean
-        default: true
-      minio_production:
-        type: boolean
-        default: true
-    outputs:
-      netlify_preview_address:
-        value: ${{ jobs.netlify.outputs.address }}
-    secrets:
-      NETLIFY_TOKEN:
-      PROD_MINIO_KEY_ID:
-      PROD_MINIO_SECRET_KEY:
-
-jobs:
-  netlify:
-    if: inputs.netlify_production
-    uses: privacyguides/.github/.github/workflows/deploy-netlify.yml@main
-    with:
-      netlify_site_id: ${{ vars.PROD_NETLIFY_SITE }}
-      environment: production
-    secrets:
-      NETLIFY_TOKEN: ${{ secrets.NETLIFY_TOKEN }}
-
-  minio:
-    if: inputs.minio_production
-    uses: privacyguides/.github/.github/workflows/deploy-minio.yml@main
-    with:
-      environment: production
-    secrets:
-      PROD_MINIO_KEY_ID: ${{ secrets.PROD_MINIO_KEY_ID }}
-      PROD_MINIO_SECRET_KEY: ${{ secrets.PROD_MINIO_SECRET_KEY }}
-
-  pages:
-    if: inputs.github_pages
-    uses: privacyguides/.github/.github/workflows/deploy-pages.yml@main
-    with:
-      environment: github-pages

.github/workflows/deploy.yml

@@ -0,0 +1,237 @@
+# Copyright (c) 2024 Jonah Aragon <jonah@triplebit.net>
+
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+# IN THE SOFTWARE.
+
+name: Deploy Website Build
+
+on:
+  workflow_call:
+    inputs:
+      netlify_preview:
+        type: boolean
+      netlify_alias:
+        type: string
+      netlify_production:
+        type: boolean
+      github_pages:
+        type: boolean
+      bunnycdn_production:
+        type: boolean
+      minio_production:
+        type: boolean
+    outputs:
+      netlify_preview_address:
+        value: ${{ jobs.netlify_preview.outputs.address }}
+    secrets:
+      NETLIFY_TOKEN:
+      PROD_BUNNYCDN_API_KEY:
+      PROD_BUNNYCDN_PASSWORD:
+      PROD_MINIO_KEY_ID:
+      PROD_MINIO_SECRET_KEY:
+
+jobs:
+  netlify_preview:
+    if: inputs.netlify_preview
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+
+    outputs:
+      address: ${{ steps.address.outputs.address }}
+
+    steps:
+      - uses: actions/download-artifact@v4
+        with:
+          pattern: site-build-*
+          merge-multiple: true
+
+      - run: |
+          for file in *.tar.gz; do tar -zxf "$file"; done
+          wget https://raw.githubusercontent.com/privacyguides/privacyguides.org/main/netlify.toml
+          ls -la site/
+
+      - uses: actions/setup-node@v4
+
+      - run: |
+          npm install netlify-cli -g
+
+      - if: inputs.netlify_preview
+        name: Limit length of Netlify alias to 12
+        run: echo "SHORT_ALIAS=`echo ${{ inputs.netlify_alias }} | cut -c1-12`" >> $GITHUB_ENV
+
+      - if: inputs.netlify_preview
+        id: deployment
+        env:
+          NETLIFY_SITE_ID: ${{ vars.NETLIFY_SITE }}
+          NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_TOKEN }}
+        run: |
+          netlify deploy --dir=site --alias=${{ env.SHORT_ALIAS }}
+          echo "DEPLOYED_ADDRESS=https://${{ env.SHORT_ALIAS }}--${{ vars.NETLIFY_SITE }}.netlify.app/" >> "$GITHUB_ENV"
+
+      - id: address
+        run: |
+          echo "address=$DEPLOYED_ADDRESS" >> "$GITHUB_OUTPUT"
+
+  netlify_production:
+    if: inputs.netlify_production
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+
+    environment:
+      name: production
+      url: https://illustrious-bavarois-56cf30.netlify.app/
+
+    steps:
+      - uses: actions/download-artifact@v4
+        with:
+          pattern: site-build-*
+          merge-multiple: true
+
+      - run: |
+          for file in *.tar.gz; do tar -zxf "$file"; done
+          wget https://raw.githubusercontent.com/privacyguides/privacyguides.org/main/netlify.toml
+          ls -la site/
+
+      - uses: actions/setup-node@v4
+
+      - run: |
+          npm install netlify-cli -g
+
+      - id: prod_deployment
+        env:
+          NETLIFY_SITE_ID: ${{ vars.PROD_NETLIFY_SITE }}
+          NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_TOKEN }}
+        run: |
+          netlify deploy --dir=site --prod-if-unlocked
+
+  github_pages:
+    if: inputs.github_pages
+    runs-on: ubuntu-latest
+
+    concurrency:
+      group: "pages"
+
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+
+    # Grant GITHUB_TOKEN the permissions required to make a Pages deployment
+    permissions:
+      contents: read
+      pages: write      # to deploy to Pages
+      id-token: write   # to verify the deployment originates from an appropriate source
+
+    steps:
+      - uses: actions/configure-pages@v5
+
+      - uses: actions/download-artifact@v4
+        with:
+          pattern: site-build-*
+          merge-multiple: true
+
+      - run: |
+          for file in *.tar.gz; do tar -zxf "$file"; done
+          ls -la site/
+
+      - uses: 1arp/create-a-file-action@0.4.4
+        with:
+          path: site
+          file: index.html
+          content: |
+            <html lang="en">
+              <head>
+                <title>Redirecting to English site...</title>
+                <meta
+                  http-equiv="refresh"
+                  content="0; URL=./en/"
+                />
+              </head>
+            </html>
+
+      - uses: actions/upload-pages-artifact@v3
+        with:
+          path: site
+
+      - id: deployment
+        uses: actions/deploy-pages@main
+
+  bunnycdn_production:
+    if: inputs.bunnycdn_production
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+
+    environment:
+      name: production
+      url: https://privacyguides-org-production.b-cdn.net
+
+    steps:
+      - uses: actions/download-artifact@v4
+        with:
+          pattern: site-build-*
+          merge-multiple: true
+
+      - run: |
+          for file in *.tar.gz; do tar -zxf "$file"; done
+          ls -la site/
+
+      - uses: own3d/bunny-action@bfaa5c6bc8b7a7ebd599ddd4912347d7c3847e78
+        env:
+          BUNNY_API_ACCESS_KEY: ${{ secrets.PROD_BUNNYCDN_API_KEY }}
+          BUNNY_STORAGE_HOSTNAME: storage.bunnycdn.com
+          BUNNY_STORAGE_USERNAME: ${{ vars.PROD_BUNNYCDN_USER }}
+          BUNNY_STORAGE_PASSWORD: ${{ secrets.PROD_BUNNYCDN_PASSWORD }}
+          BUNNY_PULL_ZONE_ID: 2117106
+        with:
+          args: deploy --dir=site
+
+  minio_production:
+    if: inputs.minio_production
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+
+    environment:
+      name: production
+      url: https://privacyguides-org-production.stor1-minio.jonaharagon.net
+
+    steps:
+      - uses: actions/download-artifact@v4
+        with:
+          pattern: site-build-*
+          merge-multiple: true
+
+      - run: |
+          for file in *.tar.gz; do tar -zxf "$file"; done
+          ls -la site/
+
+      - uses: jakejarvis/s3-sync-action@master
+        with:
+          args: --acl public-read --follow-symlinks --delete
+        env:
+          SOURCE_DIR: "site/"
+          AWS_S3_BUCKET: ${{ vars.PROD_MINIO_BUCKET }}
+          AWS_S3_ENDPOINT: ${{ vars.PROD_MINIO_HOSTNAME }}
+          AWS_ACCESS_KEY_ID: ${{ secrets.PROD_MINIO_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.PROD_MINIO_SECRET_KEY }}

.github/workflows/download-repo.yml

@@ -0,0 +1,48 @@
+# Copyright (c) 2024 Jonah Aragon <jonah@triplebit.net>
+
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+# IN THE SOFTWARE.
+
+name: Download Repository
+
+on:
+  workflow_call:
+    inputs:
+      repo:
+        required: true
+        type: string
+    secrets:
+      ACTIONS_SSH_KEY:
+        required: true
+
+jobs:
+  download:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          repository: 'privacyguides/${{ inputs.repo }}'
+          path: repo-${{ inputs.repo }}
+          ssh-key: ${{ secrets.ACTIONS_SSH_KEY }}
+
+      - uses: actions/upload-artifact@v4
+        with:
+          name: repo-${{ inputs.repo }}
+          path: repo-${{ inputs.repo }}
+          retention-days: 1

.github/workflows/publish-mirror.yml

@@ -20,10 +20,7 @@
 
 name: 🪞 Push to Mirrors
 
-permissions:
-  contents: read
-
-on: [push, delete, create]
+on: [ push, delete, create ]
 
 # Ensures that only one mirror task will run at a time.
 concurrency:

.github/workflows/publish-pr.yml

@@ -18,7 +18,7 @@
 # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
 # IN THE SOFTWARE.
 
-name: 📦 PR Preview
+name: 📦 Publish Pull Request Preview
 
 on:
   pull_request_target:
@@ -30,21 +30,17 @@ concurrency:
 permissions:
   pull-requests: write
   contents: read
+  pages: write
+  id-token: write
 
 jobs:
   submodule:
     strategy:
       matrix:
-        repo:
-          - name: mkdocs-material-insiders
-            ref: main
-          - name: brand
-            ref: main
-          - name: i18n
-            ref: main
-    uses: privacyguides/.github/.github/workflows/download-repo.yml@main
+        repo: [mkdocs-material-insiders, brand, i18n]
+    uses: ./.github/workflows/download-repo.yml
     with:
-      repo: ${{ matrix.repo.name }}
+      repo: ${{ matrix.repo }}
     secrets:
       ACTIONS_SSH_KEY: ${{ secrets.ACTIONS_SSH_KEY }}
 
@@ -60,7 +56,7 @@ jobs:
       fail-fast: false
     permissions:
       contents: read
-    uses: privacyguides/.github/.github/workflows/build.yml@main
+    uses: ./.github/workflows/build.yml
     with:
       ref: ${{github.event.pull_request.head.ref}}
       repo: ${{github.event.pull_request.head.repo.full_name}}
@@ -71,10 +67,12 @@ jobs:
     needs: build
     permissions:
       contents: read
-    uses: privacyguides/.github/.github/workflows/deploy-netlify-preview.yml@main
+      pages: write
+      id-token: write
+    uses: ./.github/workflows/deploy.yml
     with:
+      netlify_preview: true
       netlify_alias: ${{ github.event.pull_request.head.sha }}
-      netlify_site_id: ${{ vars.NETLIFY_SITE }}
     secrets:
       NETLIFY_TOKEN: ${{ secrets.NETLIFY_TOKEN }}
 
@@ -86,6 +84,7 @@ jobs:
     env:
       address: ${{ needs.deploy.outputs.netlify_preview_address }}
     steps:
+
       - uses: thollander/actions-comment-pull-request@v2.5.0
         with:
           message: |
@@ -100,4 +99,4 @@ jobs:
   cleanup:
     if: ${{ always() }}
     needs: build
-    uses: privacyguides/.github/.github/workflows/cleanup.yml@main
+    uses: ./.github/workflows/cleanup.yml

.github/workflows/publish-release.yml

@@ -18,12 +18,12 @@
 # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
 # IN THE SOFTWARE.
 
-name: 📦 Release
+name: 📦 Publish Release
 
 on:
   push:
     tags:
-      - "*"
+      - '*'
 
 permissions:
   contents: write
@@ -35,7 +35,7 @@ jobs:
     strategy:
       matrix:
         repo: [mkdocs-material-insiders, brand, i18n]
-    uses: privacyguides/.github/.github/workflows/download-repo.yml@main
+    uses: ./.github/workflows/download-repo.yml
     with:
       repo: ${{ matrix.repo }}
     secrets:
@@ -48,7 +48,7 @@ jobs:
         lang: [en, es, fr, he, it, nl, ru, zh-Hant]
     permissions:
       contents: read
-    uses: privacyguides/.github/.github/workflows/build.yml@main
+    uses: ./.github/workflows/build.yml
     with:
       ref: ${{ github.ref }}
       repo: ${{ github.repository }}
@@ -60,7 +60,7 @@ jobs:
     needs: submodule
     permissions:
       contents: read
-    uses: privacyguides/.github/.github/workflows/build-offline.yml@main
+    uses: ./.github/workflows/build-offline.yml
 
   release:
     name: Create release notes
@@ -84,17 +84,20 @@ jobs:
 
   deploy:
     needs: build
-    uses: ./.github/workflows/deploy-all.yml
+    uses: ./.github/workflows/deploy.yml
     with:
       netlify_production: true
       github_pages: true
+      bunnycdn_production: true
       minio_production: true
     secrets:
       NETLIFY_TOKEN: ${{ secrets.NETLIFY_TOKEN }}
+      PROD_BUNNYCDN_API_KEY: ${{ secrets.PROD_BUNNYCDN_API_KEY }}
+      PROD_BUNNYCDN_PASSWORD: ${{ secrets.PROD_BUNNYCDN_PASSWORD }}
       PROD_MINIO_KEY_ID: ${{ secrets.PROD_MINIO_KEY_ID }}
       PROD_MINIO_SECRET_KEY: ${{ secrets.PROD_MINIO_SECRET_KEY }}
 
   cleanup:
     if: ${{ always() }}
     needs: [build, buildoffline]
-    uses: privacyguides/.github/.github/workflows/cleanup.yml@main
+    uses: ./.github/workflows/cleanup.yml

.github/workflows/test-build.yml

@@ -31,7 +31,7 @@ jobs:
     strategy:
       matrix:
         repo: [mkdocs-material-insiders, brand, i18n]
-    uses: privacyguides/.github/.github/workflows/download-repo.yml@main
+    uses: ./.github/workflows/download-repo.yml
     with:
       repo: ${{ matrix.repo }}
     secrets:
@@ -45,7 +45,7 @@ jobs:
       fail-fast: false
     permissions:
       contents: read
-    uses: privacyguides/.github/.github/workflows/build.yml@main
+    uses: ./.github/workflows/build.yml
     with:
       ref: ${{ github.ref }}
       repo: ${{ github.repository }}
@@ -56,9 +56,9 @@ jobs:
     needs: submodule
     permissions:
       contents: read
-    uses: privacyguides/.github/.github/workflows/build-offline.yml@main
+    uses: ./.github/workflows/build-offline.yml
 
   cleanup:
     if: ${{ always() }}
     needs: [build, buildoffline]
-    uses: privacyguides/.github/.github/workflows/cleanup.yml@main
+    uses: ./.github/workflows/cleanup.yml

.github/workflows/test-lint.yml

@@ -1,81 +0,0 @@
-# Copyright (c) 2024 Jonah Aragon <jonah@triplebit.net>
-
-# Permission is hereby granted, free of charge, to any person obtaining a copy
-# of this software and associated documentation files (the "Software"), to
-# deal in the Software without restriction, including without limitation the
-# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
-# sell copies of the Software, and to permit persons to whom the Software is
-# furnished to do so, subject to the following conditions:
-
-# The above copyright notice and this permission notice shall be included in
-# all copies or substantial portions of the Software.
-
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
-# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
-# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
-# IN THE SOFTWARE.
-
-name: 🤖 Linting
-
-permissions:
-  contents: read
-
-on:
-  workflow_dispatch:
-  pull_request:
-    branches:
-      - main
-  push:
-
-concurrency:
-  group: ${{ github.ref }}-${{ github.workflow }}
-  cancel-in-progress: true
-
-env:
-  MAIN_BRANCH: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
-
-jobs:
-  megalinter:
-    name: MegaLinter
-    runs-on: ubuntu-latest
-    steps:
-      - if: ${{ env.MAIN_BRANCH }}
-        uses: actions/checkout@v4
-
-      - if: ${{ !env.MAIN_BRANCH }}
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - id: ml
-        # You can override MegaLinter flavor used to have faster performances
-        # More info at https://megalinter.io/flavors/
-        uses: oxsecurity/megalinter/flavors/documentation@v7.10.0
-        env:
-          # All available variables are described in documentation
-          # https://megalinter.io/configuration/
-          # Validates all source when push on main, else just the git diff with main.
-          VALIDATE_ALL_CODEBASE: ${{ env.MAIN_BRANCH }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          # ADD YOUR CUSTOM ENV VARIABLES HERE OR DEFINE THEM IN A FILE .mega-linter.yml AT THE ROOT OF YOUR REPOSITORY
-          DISABLE: COPYPASTE,SPELL,HTML
-          DISABLE_LINTERS: JSON_JSONLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER
-          DISABLE_ERRORS_LINTERS: CSS_STYLELINT,MARKDOWN_MARKDOWN_LINK_CHECK,YAML_YAMLLINT
-          EDITORCONFIG_EDITORCONFIG_CHECKER_ARGUMENTS: -disable-indentation
-          ENV_DOTENV_LINTER_ARGUMENTS: "--skip QuoteCharacter"
-          MARKDOWN_MARKDOWN_LINK_CHECK_FILTER_REGEX_INCLUDE: (docs)
-          MARKDOWN_MARKDOWNLINT_CONFIG_FILE: .markdownlint.yml
-          MARKDOWN_MARKDOWNLINT_FILTER_REGEX_EXCLUDE: (PULL_REQUEST_TEMPLATE\.md)
-
-      # Upload MegaLinter artifacts
-      - name: Archive production artifacts
-        if: success() || failure()
-        uses: actions/upload-artifact@v4
-        with:
-          name: MegaLinter reports
-          path: |
-            megalinter-reports
-            mega-linter.log

.github/workflows/upload-crowdin.yml

@@ -20,13 +20,10 @@
 
 name: 💬 Crowdin Upload
 
-permissions:
-  contents: read
-
 on:
   workflow_dispatch:
   push:
-    branches: [main]
+    branches: [ main ]
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
@@ -37,17 +34,18 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - name: Checkout
-        uses: actions/checkout@v4
 
-      - name: crowdin action
-        uses: crowdin/github-action@v1.20.1
-        with:
-          upload_sources: true
-          upload_sources_args: "--auto-update --delete-obsolete"
-          download_translations: false
-          config: crowdin.yml
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          CROWDIN_PROJECT_ID: ${{ secrets.CROWDIN_PROJECT_ID }}
-          CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_PERSONAL_TOKEN }}
+    - name: Checkout
+      uses: actions/checkout@v4
+
+    - name: crowdin action
+      uses: crowdin/github-action@v1.20.1
+      with:
+        upload_sources: true
+        upload_sources_args: '--auto-update --delete-obsolete'
+        download_translations: false
+        config: crowdin.yml
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        CROWDIN_PROJECT_ID: ${{ secrets.CROWDIN_PROJECT_ID }}
+        CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_PERSONAL_TOKEN }}

.gitignore

@@ -6,7 +6,6 @@ site
 !/static/i18n/*.en.*
 /theme/overrides/*
 !/theme/overrides/*.en.*
-
 # commit social card fonts to repo
 # see: https://github.com/squidfunk/mkdocs-material/issues/6983
 # ridiculous hide-and-seek https://stackoverflow.com/a/72380673
@@ -19,6 +18,11 @@ site
 /config/.cache/plugin/social/*
 !/config/.cache/plugin/social/fonts
 
+# Editor settings
+.vscode/*
+!.vscode/extensions.json
+!.vscode/settings.json
+
 # Local Netlify folder
 .netlify
 node_modules

.markdownlint.yml

@@ -24,7 +24,8 @@ ul-indent:
   indent: 4
 no-inline-html: false
 code-block-style: false
-no-hard-tabs: true
+no-hard-tabs:
+  spaces-per-tab: 4
 emphasis-style:
   style: "asterisk"
 no-duplicate-header: false

.vscode/.empty-schema.json

@@ -1 +0,0 @@
-{}

.vscode/extensions.json

@@ -23,10 +23,6 @@
     "EditorConfig.EditorConfig",
     "DavidAnson.vscode-markdownlint",
     "wholroyd.jinja",
-    "mikestead.dotenv",
-    "matthewpi.caddyfile-support",
-    "redhat.vscode-yaml",
-    "ecmel.vscode-html-css",
-    "yzhang.markdown-all-in-one"
+    "mikestead.dotenv"
   ]
 }

.vscode/settings.json

@@ -20,40 +20,8 @@
 
 {
     "git.ignoreLimitWarning": true,
-    "ltex.diagnosticSeverity": "hint",
     "[markdown]": {
       "editor.unicodeHighlight.ambiguousCharacters": true,
       "editor.unicodeHighlight.invisibleCharacters": true
-    },
-    "[caddyfile]": {
-      "editor.defaultFormatter": "matthewpi.caddyfile-support",
-      "editor.formatOnSave": true
-    },
-    "files.associations": {
-      "*.caddy": "caddyfile",
-      "*.example-caddy": "caddyfile"
-    },
-      "editor.unicodeHighlight.invisibleCharacters": true,
-      "editor.defaultFormatter": "DavidAnson.vscode-markdownlint",
-    "[yaml]": {
-      "editor.defaultFormatter": "redhat.vscode-yaml",
-      "editor.quickSuggestions": {
-        "other": true,
-        "comments": false,
-        "strings": true
-      }
-    },
-    "yaml.schemas": {
-      "https://raw.githubusercontent.com/DavidAnson/markdownlint/main/schema/markdownlint-config-schema.json": ".markdownlint.yml",
-      "https://json.schemastore.org/github-issue-config.json": ".github/ISSUE_TEMPLATE/config.yml",
-      ".vscode/.empty-schema.json": "config/*.yml"
-    },
-    "yaml.customTags": [
-      "!ENV sequence",
-      "!ENV",
-      "tag:yaml.org,2002:python/name:pymdownx.superfences.fence_code_format",
-      "tag:yaml.org,2002:python/name:material.extensions.emoji.twemoji",
-      "tag:yaml.org,2002:python/name:material.extensions.emoji.to_svg"
-    ],
-    "editor.formatOnSave": true
+    }
 }

README.md

@@ -1,4 +1,4 @@
-<!-- markdownlint-disable MD041 MD045 -->
+<!-- markdownlint-disable MD041 -->
 <div align="center">
   <a href="https://www.privacyguides.org">
     <picture>
@@ -50,9 +50,9 @@ The current list of team members can be found [here](https://www.privacyguides.o
 - 💖 [Sponsor the project](https://github.com/sponsors/privacyguides)
 - 🈴 [Help translate the site](https://crowdin.com/project/privacyguides) [[Matrix chat](https://matrix.to/#/#pg-i18n:aragon.sh)]
 - 📝 Edit the site, everything's accessible in this repo
-    - Browse our [open issues](https://github.com/privacyguides/privacyguides.org/issues) to see what needs to be updated
-    - View the list of [approved topics waiting for a PR](https://discuss.privacyguides.net/tag/approved)
-    - Read some writing tips in our [style guide](https://www.privacyguides.org/en/meta/writing-style)
+  - Browse our [open issues](https://github.com/privacyguides/privacyguides.org/issues) to see what needs to be updated
+  - View the list of [approved topics waiting for a PR](https://discuss.privacyguides.net/tag/approved)
+  - Read some writing tips in our [style guide](https://www.privacyguides.org/en/meta/writing-style)
 
 All contributors to the site are listed [here](https://github.com/privacyguides/privacyguides.org/graphs/contributors). If you make a substantial (i.e. copyright eligible) contribution to the project and would like to be formally credited, you are welcome to include your information in the appropriate `authors` section in [`CITATION.cff`](/CITATION.cff) as well, just submit a PR or ask @jonaharagon to make the change.
 

config/caddy/Caddyfile

@@ -1,50 +0,0 @@
-(pg-umami-config) {
-	umami {
-		event_endpoint https://stats.jonaharagon.net/api/send
-		website_uuid 30b92047-7cbb-4800-9815-2e075a293e0a
-		# bit of a hack to get umami working properly, nothing to do with cloudflare
-		client_ip_header CF-Connecting-IP
-		trusted_ip_header X-Real-IP
-		cookie_consent umami
-		cookie_resolution resolution
-		debug
-	}
-}
-
-www.privacyguides.org {
-	import vars
-	import common/*.caddy
-	import production/*.caddy
-}
-
-http://www.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion {
-	import vars
-	import common/*.caddy
-	import production/minio.caddy
-}
-
-http://*.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion {
-	@hostnames header_regexp hostname Host (\S+)\.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd\.onion
-	handle @hostnames {
-		reverse_proxy {re.hostname.1}.privacyguides.org:443 {
-			header_up Host {re.hostname.1}.privacyguides.org
-			transport http {
-				tls
-			}
-		}
-	}
-}
-
-privacyguides.org {
-	import vars
-	import production/matrix.caddy
-
-	handle {
-		import production/https.caddy
-		redir https://www.privacyguides.org{uri}
-	}
-}
-
-http://xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion {
-	redir http://www.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion{uri}
-}

config/caddy/README.md

@@ -1,13 +0,0 @@
-# Caddy Webserver Config
-
-Requires a build of Caddy with [jonaharagon/caddy-umami](https://github.com/jonaharagon/caddy-umami) installed.
-
-## Variables
-
-These variables are set on the server, and can be accessed like `{vars.variable_name}`:
-
-- `minio_hostname`
-- `pg_minio_bucket`
-- `pg_matrix_webserver`
-- `pg_umami_website_uuid`
-- `umami_hostname`

config/caddy/common/00-matchers.caddy

@@ -1,34 +0,0 @@
-@static {
-	path *.ico *.css *.js *.gif *.webp *.avif *.jpg *.jpeg *.png *.svg *.woff *.woff2
-}
-
-@en path /en/*
-@es path /es/*
-@fr path /fr/*
-@he path /he/*
-@it path /it/*
-@nl path /nl/*
-@ru path /ru/*
-@zh-Hant path /zh-Hant/*
-
-@es-header {
-	header Accept-Language es*
-}
-@fr-header {
-	header Accept-Language fr*
-}
-@he-header {
-	header Accept-Language he*
-}
-@it-header {
-	header Accept-Language it*
-}
-@nl-header {
-	header Accept-Language nl*
-}
-@ru-header {
-	header Accept-Language ru*
-}
-@zh-Hant-header {
-	header Accept-Language zh-Hant*
-}

config/caddy/common/30-errors.caddy

@@ -1,42 +0,0 @@
-handle_errors {
-	@errors `{err.status_code} in [404]`
-	handle @errors {
-		handle @es {
-			try_files /i18n/{err.status_code}.es.html i18n/{err.status_code}.en.html
-			file_server
-		}
-		handle @fr {
-			try_files i18n/{err.status_code}.fr.html i18n/{err.status_code}.en.html
-			file_server
-		}
-		handle @he {
-			try_files i18n/{err.status_code}.he.html i18n/{err.status_code}.en.html
-			file_server
-		}
-		handle @it {
-			try_files i18n/{err.status_code}.it.html i18n/{err.status_code}.en.html
-			file_server
-		}
-		handle @nl {
-			try_files i18n/{err.status_code}.nl.html i18n/{err.status_code}.en.html
-			file_server
-		}
-		handle @ru {
-			try_files i18n/{err.status_code}.ru.html i18n/{err.status_code}.en.html
-			file_server
-		}
-		handle @zh-Hant {
-			try_files i18n/{err.status_code}.zh-Hant.html i18n/{err.status_code}.en.html
-			file_server
-		}
-		handle {
-			try_files i18n/{err.status_code}.en.html
-			file_server
-		}
-	}
-
-	# Handle all other webserver errors with a simple text response
-	handle {
-		respond "{err.status_code} {err.status_text}"
-	}
-}

config/caddy/common/30-headers.caddy

@@ -1,16 +0,0 @@
-header X-Frame-Options SAMEORIGIN
-header X-Content-Type-Options nosniff
-header X-XSS-Protection 0
-
-vars pg_csp_self "https://www.privacyguides.org https://cdn.privacyguides.org 'self'"
-# You can check whether a CSP directive will fall back to default-src on MDN.
-# Add CSP directives WITH a default-src fallback here:
-header +Content-Security-Policy "default-src 'none'; script-src {vars.pg_csp_self} 'unsafe-inline'; style-src {vars.pg_csp_self} 'unsafe-inline'; font-src {vars.pg_csp_self} data:; img-src data: {vars.pg_csp_self}; connect-src https://api.github.com https://*.privacyguides.net {vars.pg_csp_self}; frame-src https://*.privacyguides.net https://snowflake.torproject.org {vars.pg_csp_self}"
-# Add CSP directives WITHOUT a default-src fallback here:
-header +Content-Security-Policy "form-action 'self'; frame-ancestors 'none'; base-uri 'none'; sandbox allow-scripts allow-popups allow-same-origin;"
-
-header Permissions-Policy "browsing-topics=(), conversion-measurement=(), interest-cohort=(), accelerometer=(), ambient-light-sensor=(), battery=(), camera=(), display-capture=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), usb=()"
-
-header Access-Control-Allow-Origin "*"
-
-header @static Cache-Control max-age=2592000

config/caddy/common/50-redirect.caddy

@@ -1,4 +0,0 @@
-redir /kb* /en/basics/why-privacy-matters/
-redir /license* https://github.com/privacyguides/privacyguides.org/tree/main/README.md#license
-redir /coc* /en/CODE_OF_CONDUCT/
-redir /team* /en/about/

config/caddy/common/55-redirect-lang.caddy

@@ -1,30 +0,0 @@
-route / {
-	header Cache-Control no-store
-
-	redir @es-header /es
-	redir @fr-header /fr
-	redir @he-header /he
-	redir @it-header /it
-	redir @nl-header /nl
-	redir @ru-header /ru
-	redir @zh-Hant-header /zh-Hant
-
-	# default case
-	handle {
-		redir * /en/
-	}
-}
-
-@kb {
-	path */kb */kb/*
-}
-route @kb {
-	redir @es /es/basics/why-privacy-matters/
-	redir @fr /fr/basics/why-privacy-matters/
-	redir @he /he/basics/why-privacy-matters/
-	redir @it /it/basics/why-privacy-matters/
-	redir @nl /nl/basics/why-privacy-matters/
-	redir @ru /ru/basics/why-privacy-matters/
-	redir @zh-Hant /zh-Hant/basics/why-privacy-matters/
-	redir * /en/basics/why-privacy-matters/
-}

config/caddy/common/55-redirect-outdated.caddy

@@ -1,50 +0,0 @@
-redir /browsers /en/desktop-browsers/
-redir /blog https://blog.privacyguides.org
-redir /basics/dns-overview /en/advanced/dns-overview/
-redir /basics/tor-overview /en/advanced/tor-overview/
-redir /real-time-communication/communication-network-types /en/advanced/communication-network-types
-redir /advanced/real-time-communication /en/advanced/communication-network-types
-redir /android/overview /en/os/android-overview/
-redir /linux-desktop/overview /en/os/linux-overview/
-redir /android/grapheneos-vs-calyxos https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/
-redir /ios/configuration https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/
-redir /linux-desktop/hardening https://blog.privacyguides.org/2022/04/22/linux-system-hardening/
-redir /linux-desktop/sandboxing https://blog.privacyguides.org/2022/04/22/linux-application-sandboxing/
-redir /advanced/signal-configuration-hardening https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/
-redir /real-time-communication/signal-configuration-hardening https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/
-redir /advanced/integrating-metadata-removal https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/
-redir /advanced/erasing-data https://blog.privacyguides.org/2022/05/25/secure-data-erasure/
-redir /operating-systems /en/desktop/
-redir /threat-modeling /en/basics/threat-modeling/
-redir /self-contained-networks /en/tor/
-redir /privacy-policy /en/about/privacy-policy/
-redir /metadata-removal-tools /en/data-redaction/
-redir /basics /en/kb
-redir /software/file-encryption /en/encryption/
-redir /providers /en/tools/#service-providers
-redir /software/calendar-contacts /en/calendar/
-redir /calendar-contacts /en/calendar/
-redir /software/metadata-removal-tools /en/data-redaction/
-redir /contact /en/about/
-redir /welcome-to-privacy-guides https://blog.privacyguides.org/2021/09/14/welcome-to-privacy-guides/
-redir /software/email /en/email-clients/
-redir /providers/paste /en/tools/
-redir /blog/2019/10/05/understanding-vpns https://www.jonaharagon.com/posts/understanding-vpns/
-redir /terms-and-notices /en/about/notices/
-redir /software/networks /en/tor/
-redir /social-news-aggregator /en/news-aggregators/
-redir /basics/erasing-data https://blog.privacyguides.org/2022/05/25/secure-data-erasure/
-redir /linux-desktop /en/desktop/
-
-handle_path /providers/* {
-	redir * /en/{uri}
-}
-handle_path /software/* {
-	redir * /en/{uri}
-}
-handle_path /blog/* {
-	redir * https://blog.privacyguides.org/{uri}
-}
-handle_path /assets/* {
-	redir * /en/assets/{uri}
-}

config/caddy/common/80-canonical.caddy

@@ -1,6 +0,0 @@
-@canonicalPath {
-	path */
-}
-route @canonicalPath {
-	rewrite @canonicalPath {http.request.orig_uri.path}index.html
-}

config/caddy/production/https.caddy

@@ -1,2 +0,0 @@
-header ?Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
-header +Content-Security-Policy upgrade-insecure-requests;

config/caddy/production/matrix.caddy

@@ -1,13 +0,0 @@
-@matrix {
-	path /.well-known/matrix/*
-}
-
-handle @matrix {
-	reverse_proxy 10.163.5.51:81 {
-		header_up Host matrix.privacyguides.org
-		header_up X-Forwarded-Port {http.request.port}
-		header_up X-Forwarded-TlsProto {tls_protocol}
-		header_up X-Forwarded-TlsCipher {tls_cipher}
-		header_up X-Forwarded-HttpsProto {proto}
-	}
-}

config/caddy/production/minio.caddy

@@ -1,31 +0,0 @@
-cache
-encode zstd gzip
-reverse_proxy http://10.163.3.10:9000 {
-	header_up Host privacyguides-org-production.stor1-minio.jonaharagon.net
-	header_down -Server
-	header_down -Vary
-	header_down -X-*
-
-	@200ok status 2xx 304
-	handle_response @200ok {
-		import pg-umami-config
-		copy_response
-		copy_response_headers
-	}
-
-	@error404 status 404
-	handle_response @error404 {
-		@addSlash {
-			expression !{path}.endsWith("/")
-		}
-		redir @addSlash {http.request.orig_uri.path}/
-	}
-
-	@error400 status 400
-	handle_response @error400 {
-		@real404 {
-			path *//index.html
-		}
-		respond @real404 404
-	}
-}

config/layouts/home.yml

@@ -1,4 +1,5 @@
 definitions:
+
   - &background_color >-
     #FFD06F
 
@@ -34,6 +35,7 @@ definitions:
 
 # Meta tags
 tags:
+
   # Open Graph
   og:type: website
   og:title: *page_title_with_site_name
@@ -57,6 +59,7 @@ tags:
 # Card size and layers
 size: { width: 1200, height: 630 }
 layers:
+
   # Background
   - background:
       color: *background_color

config/layouts/page.yml

@@ -1,4 +1,5 @@
 definitions:
+
   - &background_image >-
     {%- if page.meta.cover -%}
       theme/assets/img/cover/{{ page.meta.cover }}
@@ -69,6 +70,7 @@ definitions:
 
 # Meta tags
 tags:
+
   # Open Graph
   og:type: website
   og:title: *page_title_with_site_name
@@ -92,6 +94,7 @@ tags:
 # Card size and layers
 size: { width: 1200, height: 630 }
 layers:
+
   # Background
   - background:
       image: *background_image

config/layouts/pride.yml

@@ -1,4 +1,5 @@
 definitions:
+
   - &background_image >-
     {%- if page.meta.cover -%}
       theme/assets/img/cover/{{ page.meta.cover }}
@@ -54,6 +55,7 @@ definitions:
 
 # Meta tags
 tags:
+
   # Open Graph
   og:type: website
   og:title: *page_title_with_site_name
@@ -77,6 +79,7 @@ tags:
 # Card size and layers
 size: { width: 1200, height: 630 }
 layers:
+
   # Background
   - background:
       image: *background_image

config/mkdocs-common.yml

@@ -18,29 +18,20 @@
 # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
 # IN THE SOFTWARE.
 
-docs_dir: "../docs"
+docs_dir: '../docs'
 site_url: "https://www.privacyguides.org/"
-site_dir: "../site"
+site_dir: '../site'
 
 site_name: Privacy Guides
-site_description:
-  !ENV [
-    SITE_DESCRIPTION,
-    "Privacy Guides is your central privacy and security resource to protect yourself online.",
-  ]
-copyright:
-  !ENV [FOOTER_COPYRIGHT, "© 2019 Privacy Guides and contributors."]
+site_description: !ENV [SITE_DESCRIPTION, "Privacy Guides is your central privacy and security resource to protect yourself online."]
+copyright: !ENV [FOOTER_COPYRIGHT, "© 2019 Privacy Guides and contributors."]
 edit_uri: edit/main/docs/
 
 extra:
   generator: false
   context: !ENV [CONTEXT, "production"]
   deploy: !ENV DEPLOY_ID
-  homepage_description:
-    !ENV [
-      DESCRIPTION_HOMEPAGE,
-      "A socially motivated website which provides information about protecting your online data privacy and security.",
-    ]
+  homepage_description: !ENV [DESCRIPTION_HOMEPAGE, "A socially motivated website which provides information about protecting your online data privacy and security."]
   translation_notice: !ENV DESCRIPTION_TRANSLATION
   translation_notice_cta: !ENV [DESCRIPTION_TRANSLATION_CTA, "Visit Crowdin"]
   translation_notice_language: !ENV LANG_ENGLISH
@@ -93,27 +84,10 @@ extra:
       link: /ru/
       lang: ru
       icon: https://raw.githubusercontent.com/twitter/twemoji/master/assets/svg/1f1f7-1f1fa.svg
-  consent:
-    title: !ENV [ANALYTICS_CONSENT_TITLE, "Contribute anonymous statistics"]
-    description:
-      !ENV [
-        ANALYTICS_CONSENT_BODY,
-        "We use cookies to collect anonymous usage statistics. You can opt out if you wish.",
-      ]
-    cookies:
-      umami:
-        name: Self-Hosted Analytics
-        checked: true
-      github:
-        name: GitHub
-        checked: false
-    actions:
-      - reject
-      - accept
-      - manage
 
 repo_url: https://github.com/privacyguides/privacyguides.org
 repo_name: ""
+edit_uri: edit/main/docs/
 
 theme:
   name: material
@@ -161,7 +135,6 @@ extra_css:
 extra_javascript:
   - assets/javascripts/mathjax.js
   - assets/javascripts/randomize-element.js
-  - assets/javascripts/resolution.js
 
 watch:
   - ../theme
@@ -232,87 +205,86 @@ markdown_extensions:
     toc_depth: 4
 
 nav:
-  - !ENV [NAV_HOME, "Home"]: "index.md"
-  - !ENV [NAV_KNOWLEDGE_BASE, "Knowledge Base"]:
-      - "basics/why-privacy-matters.md"
-      - "basics/threat-modeling.md"
-      - "basics/common-threats.md"
-      - "basics/common-misconceptions.md"
-      - "basics/account-creation.md"
-      - "basics/account-deletion.md"
-      - !ENV [NAV_TECHNOLOGY_ESSENTIALS, "Technology Essentials"]:
-          - "basics/passwords-overview.md"
-          - "basics/multi-factor-authentication.md"
-          - "basics/email-security.md"
-          - "basics/vpn-overview.md"
-      - !ENV [NAV_ADVANCED_TOPICS, "Advanced Topics"]:
-          - "advanced/dns-overview.md"
-          - "advanced/tor-overview.md"
-          - "advanced/payments.md"
-          - "advanced/communication-network-types.md"
-      - !ENV [NAV_OPERATING_SYSTEMS, "Operating Systems"]:
-          - "os/android-overview.md"
-          - "os/ios-overview.md"
-          - "os/linux-overview.md"
-          - "os/macos-overview.md"
-          - "os/qubes-overview.md"
-      - kb-archive.md
-  - !ENV [NAV_RECOMMENDATIONS, "Recommendations"]:
-      - "tools.md"
-      - !ENV [NAV_INTERNET_BROWSING, "Internet Browsing"]:
-          - "tor.md"
-          - "desktop-browsers.md"
-          - "mobile-browsers.md"
-      - !ENV [NAV_PROVIDERS, "Providers"]:
-          - "cloud.md"
-          - "dns.md"
-          - "email-aliasing.md"
-          - "email.md"
-          - "financial-services.md"
-          - "photo-management.md"
-          - "search-engines.md"
-          - "vpn.md"
-      - !ENV [NAV_SOFTWARE, "Software"]:
-          - "calendar.md"
-          - "cryptocurrency.md"
-          - "data-redaction.md"
-          - "email-clients.md"
-          - "encryption.md"
-          - "file-sharing.md"
-          - "frontends.md"
-          - "multi-factor-authentication.md"
-          - "news-aggregators.md"
-          - "notebooks.md"
-          - "passwords.md"
-          - "productivity.md"
-          - "real-time-communication.md"
-      - !ENV [NAV_OPERATING_SYSTEMS, "Operating Systems"]:
-          - "android.md"
-          - "desktop.md"
-          - "router.md"
-      - !ENV [NAV_ADVANCED, "Advanced"]:
-          - "device-integrity.md"
-  - !ENV [NAV_ABOUT, "About"]:
-      - "about/index.md"
-      - "about/criteria.md"
-      - "about/notices.md"
-      - "about/privacy-policy.md"
-      - "about/statistics.md"
-      - !ENV [NAV_COMMUNITY, "Community"]:
-          - "about/donate.md"
-          - !ENV [NAV_ONLINE_SERVICES, "Online Services"]: "about/services.md"
-          - !ENV [NAV_CODE_OF_CONDUCT, "Code of Conduct"]: "CODE_OF_CONDUCT.md"
-          - "about/privacytools.md"
-      - !ENV [NAV_CONTRIBUTING, "Contributing"]:
-          - !ENV [NAV_WRITING_GUIDE, "Writing Guide"]:
-              - "meta/writing-style.md"
-              - "meta/admonitions.md"
-              - "meta/brand.md"
-              - "meta/translations.md"
-          - !ENV [NAV_TECHNICAL_GUIDES, "Technical Guides"]:
-              - "meta/uploading-images.md"
-              - "meta/git-recommendations.md"
-  - !ENV [NAV_CHANGELOG, "Changelog"]:
-      "https://github.com/privacyguides/privacyguides.org/releases"
-  - !ENV [NAV_FORUM, "Forum"]: "https://discuss.privacyguides.net/"
-  - !ENV [NAV_BLOG, "Blog"]: "https://blog.privacyguides.org/"
+  - !ENV [NAV_HOME, 'Home']: 'index.md'
+  - !ENV [NAV_KNOWLEDGE_BASE, 'Knowledge Base']:
+    - 'basics/why-privacy-matters.md'
+    - 'basics/threat-modeling.md'
+    - 'basics/common-threats.md'
+    - 'basics/common-misconceptions.md'
+    - 'basics/account-creation.md'
+    - 'basics/account-deletion.md'
+    - !ENV [NAV_TECHNOLOGY_ESSENTIALS, 'Technology Essentials']:
+      - 'basics/passwords-overview.md'
+      - 'basics/multi-factor-authentication.md'
+      - 'basics/email-security.md'
+      - 'basics/vpn-overview.md'
+    - !ENV [NAV_ADVANCED_TOPICS, 'Advanced Topics']:
+      - 'advanced/dns-overview.md'
+      - 'advanced/tor-overview.md'
+      - 'advanced/payments.md'
+      - 'advanced/communication-network-types.md'
+    - !ENV [NAV_OPERATING_SYSTEMS, 'Operating Systems']:
+      - 'os/android-overview.md'
+      - 'os/ios-overview.md'
+      - 'os/linux-overview.md'
+      - 'os/macos-overview.md'
+      - 'os/qubes-overview.md'
+      - 'os/windows-overview.md'
+    - kb-archive.md
+  - !ENV [NAV_RECOMMENDATIONS, 'Recommendations']:
+    - 'tools.md'
+    - !ENV [NAV_INTERNET_BROWSING, 'Internet Browsing']:
+      - 'tor.md'
+      - 'desktop-browsers.md'
+      - 'mobile-browsers.md'
+    - !ENV [NAV_PROVIDERS, 'Providers']:
+      - 'cloud.md'
+      - 'dns.md'
+      - 'email-aliasing.md'
+      - 'email.md'
+      - 'financial-services.md'
+      - 'photo-management.md'
+      - 'search-engines.md'
+      - 'vpn.md'
+    - !ENV [NAV_SOFTWARE, 'Software']:
+      - 'calendar.md'
+      - 'cryptocurrency.md'
+      - 'data-redaction.md'
+      - 'email-clients.md'
+      - 'encryption.md'
+      - 'file-sharing.md'
+      - 'frontends.md'
+      - 'multi-factor-authentication.md'
+      - 'news-aggregators.md'
+      - 'notebooks.md'
+      - 'passwords.md'
+      - 'productivity.md'
+      - 'real-time-communication.md'
+    - !ENV [NAV_OPERATING_SYSTEMS, 'Operating Systems']:
+      - 'android.md'
+      - 'desktop.md'
+      - 'router.md'
+    - !ENV [NAV_ADVANCED, 'Advanced']:
+      - 'device-integrity.md'
+  - !ENV [NAV_ABOUT, 'About']:
+    - 'about/index.md'
+    - 'about/criteria.md'
+    - 'about/notices.md'
+    - 'about/privacy-policy.md'
+    - !ENV [NAV_COMMUNITY, 'Community']:
+      - 'about/donate.md'
+      - !ENV [NAV_ONLINE_SERVICES, 'Online Services']: 'about/services.md'
+      - !ENV [NAV_CODE_OF_CONDUCT, 'Code of Conduct']: 'CODE_OF_CONDUCT.md'
+      - 'about/privacytools.md'
+    - !ENV [NAV_CONTRIBUTING, 'Contributing']:
+      - !ENV [NAV_WRITING_GUIDE, 'Writing Guide']:
+        - 'meta/writing-style.md'
+        - 'meta/admonitions.md'
+        - 'meta/brand.md'
+        - 'meta/translations.md'
+      - !ENV [NAV_TECHNICAL_GUIDES, 'Technical Guides']:
+        - 'meta/uploading-images.md'
+        - 'meta/git-recommendations.md'
+  - !ENV [NAV_CHANGELOG, 'Changelog']: 'https://github.com/privacyguides/privacyguides.org/releases'
+  - !ENV [NAV_FORUM, 'Forum']: 'https://discuss.privacyguides.net/'
+  - !ENV [NAV_BLOG, 'Blog']: 'https://blog.privacyguides.org/'

config/mkdocs-offline.yml

@@ -44,4 +44,5 @@ plugins:
     enabled: true
   social:
     enabled: false
+
 # Edit the offline-mode navbar in mkdocs-common.yml

config/mkdocs.en.yml

@@ -20,7 +20,7 @@
 
 INHERIT: mkdocs-common.yml
 site_url: "https://www.privacyguides.org/en/"
-site_dir: "../site/en"
+site_dir: '../site/en'
 
 theme:
   # ENGLISH ONLY: this logo needs to be set separately because the relative path is different

config/mkdocs.es.yml

@@ -19,9 +19,9 @@
 # IN THE SOFTWARE.
 
 INHERIT: mkdocs-common.yml
-docs_dir: "../i18n/es"
+docs_dir: '../i18n/es'
 site_url: "https://www.privacyguides.org/es/"
-site_dir: "../site/es"
+site_dir: '../site/es'
 
 edit_uri: edit/main/i18n/es/
 

config/mkdocs.fr.yml

@@ -19,9 +19,9 @@
 # IN THE SOFTWARE.
 
 INHERIT: mkdocs-common.yml
-docs_dir: "../i18n/fr"
+docs_dir: '../i18n/fr'
 site_url: "https://www.privacyguides.org/fr/"
-site_dir: "../site/fr"
+site_dir: '../site/fr'
 
 edit_uri: edit/main/i18n/fr/
 

config/mkdocs.he.yml

@@ -19,9 +19,9 @@
 # IN THE SOFTWARE.
 
 INHERIT: mkdocs-common.yml
-docs_dir: "../i18n/he"
+docs_dir: '../i18n/he'
 site_url: "https://www.privacyguides.org/he/"
-site_dir: "../site/he"
+site_dir: '../site/he'
 
 edit_uri: edit/main/i18n/he/
 

config/mkdocs.it.yml

@@ -19,9 +19,9 @@
 # IN THE SOFTWARE.
 
 INHERIT: mkdocs-common.yml
-docs_dir: "../i18n/it"
+docs_dir: '../i18n/it'
 site_url: "https://www.privacyguides.org/it/"
-site_dir: "../site/it"
+site_dir: '../site/it'
 
 edit_uri: edit/main/i18n/it/
 

config/mkdocs.nl.yml

@@ -19,9 +19,9 @@
 # IN THE SOFTWARE.
 
 INHERIT: mkdocs-common.yml
-docs_dir: "../i18n/nl"
+docs_dir: '../i18n/nl'
 site_url: "https://www.privacyguides.org/nl/"
-site_dir: "../site/nl"
+site_dir: '../site/nl'
 
 edit_uri: edit/main/i18n/nl/
 

config/mkdocs.ru.yml

@@ -19,9 +19,9 @@
 # IN THE SOFTWARE.
 
 INHERIT: mkdocs-common.yml
-docs_dir: "../i18n/ru"
+docs_dir: '../i18n/ru'
 site_url: "https://www.privacyguides.org/ru/"
-site_dir: "../site/ru"
+site_dir: '../site/ru'
 
 edit_uri: edit/main/docs/
 

config/mkdocs.zh-Hant.yml

@@ -19,9 +19,9 @@
 # IN THE SOFTWARE.
 
 INHERIT: mkdocs-common.yml
-docs_dir: "../i18n/zh-Hant"
+docs_dir: '../i18n/zh-Hant'
 site_url: "https://www.privacyguides.org/zh-Hant/"
-site_dir: "../site/zh-Hant"
+site_dir: '../site/zh-Hant'
 
 edit_uri: edit/main/i18n/zh-Hant/
 

crowdin.yml

@@ -18,26 +18,25 @@
 # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
 # IN THE SOFTWARE.
 
-#checkov:skip=CKV_SECRET_6:obviously a variable name and not a secret
 api_token_env: CROWDIN_PERSONAL_TOKEN
 project_id: "509862"
 "preserve_hierarchy": true
 files:
-  - source: "/docs/**/*.*"
-    translation: "/i18n/%two_letters_code%/**/%file_name%.%file_extension%"
-    skip_untranslated_files: false
-  - source: "/theme/overrides/*.en.html"
-    translation: "/theme/overrides/%file_name%.%two_letters_code%.html"
-    translation_replace:
-      "en.": ""
-    skip_untranslated_files: false
-  - source: "/includes/*.en.*"
-    translation: "/includes/%file_name%.%two_letters_code%.%file_extension%"
-    translation_replace:
-      "en.": ""
-    skip_untranslated_files: false
-  - source: "/static/i18n/*.en.*"
-    translation: "/static/i18n/%file_name%.%two_letters_code%.%file_extension%"
-    translation_replace:
-      "en.": ""
-    skip_untranslated_files: false
+- source: "/docs/**/*.*"
+  translation: "/i18n/%two_letters_code%/**/%file_name%.%file_extension%"
+  skip_untranslated_files: false
+- source: "/theme/overrides/*.en.html"
+  translation: "/theme/overrides/%file_name%.%two_letters_code%.html"
+  translation_replace:
+    "en.": ""
+  skip_untranslated_files: false
+- source: "/includes/*.en.*"
+  translation: "/includes/%file_name%.%two_letters_code%.%file_extension%"
+  translation_replace:
+    "en.": ""
+  skip_untranslated_files: false
+- source: "/static/i18n/*.en.*"
+  translation: "/static/i18n/%file_name%.%two_letters_code%.%file_extension%"
+  translation_replace:
+    "en.": ""
+  skip_untranslated_files: false

docs/about/index.md

@@ -48,12 +48,12 @@ So far in 2023 we've launched international translations of our website in [Fren
 <!-- markdownlint-disable MD030 -->
 
 <div class="grid cards" markdown>
-<!--  Every team member should have a unique emoji.
-      Team member cards should include ONLY the following links:
-      - Discourse Profile
-      - ONE Link of team member's choice
-      - Email if applicable
-      This is to keep it fair and not spammy, especially as we grow.
+<!-- Every team member should have a unique emoji.
+     Team member cards should include ONLY the following links:
+     - Discourse Profile
+     - ONE Link of team member's choice
+     - Email if applicable
+     This is to keep it fair and not spammy, especially as we grow.
 -->
 
 -   :robot:{ .lg .middle } **@jonah**

docs/about/privacy-policy.md

@@ -7,18 +7,13 @@ Privacy Guides is a community project operated by a number of active volunteer c
 
 The privacy of our website visitors is important to us, so we do not track any individual people. As a visitor to our website:
 
-- No personal information is stored
+- No personal information is collected
+- No information such as cookies are stored in the browser
 - No information is shared with, sent to or sold to third-parties
 - No information is shared with advertising companies
 - No information is mined and harvested for personal and behavioral trends
 - No information is monetized
 
-You can view the data we collect on our [statistics](statistics.md) page.
-
-We run a self-hosted installation of [Umami](https://umami.is/) to collect some anonymous usage data for statistical purposes. The goal is to track overall trends in our website traffic, it is not to track individual visitors. All the data is in aggregate only, and no personal data is stored.
-
-The only data which is collected is data sent in a standard web request, which includes referral sources, the page you're visiting, your user agent, your IP address, and your screen resolution. The raw data is immediately discarded after statistics have been generated, for example if we collect your screen resolution as `1125x2436`, the only data we retain is "mobile device" and not your specific resolution.
-
 ## Data We Collect From Account Holders
 
 If you register for an account on one of our services, we may collect any information you provide us (such as your email, password, profile information, etc.) and use that information to provide you with the service. We never share or sell this data.

docs/about/privacytools.md

@@ -1,6 +1,8 @@
 ---
 title: "PrivacyTools FAQ"
 ---
+# Why we moved on from PrivacyTools
+
 In September 2021, every active contributor unanimously agreed to move from PrivacyTools to work on this site: Privacy Guides. This decision was made because PrivacyTools’ founder and controller of the domain name had disappeared for an extended period of time and could not be contacted.
 
 Having built a reputable site and set of services on PrivacyTools.io, this caused grave concerns for the future of PrivacyTools, as any future disruption could wipe out the entire organization with no recovery method. This transition was communicated to the PrivacyTools community many months in advance via a variety of channels including its blog, Twitter, Reddit, and Mastodon to ensure the entire process went as smoothly as possible. We did this to ensure nobody was kept in the dark, which has been our modus operandi since our team was created, and to make sure Privacy Guides was recognized as the same reliable organization that PrivacyTools was before the transition.
@@ -47,11 +49,11 @@ Reddit requires that subreddits have active moderators. If the primary moderator
 
 On September 14th, 2021, we [announced](https://blog.privacyguides.org/2021/09/14/welcome-to-privacy-guides) the beginning of our migration to this new domain:
 
-> [...] we found it necessary to make this switch sooner rather than later to ensure people would find out about this transition as soon as possible. This gives us adequate time to transition the domain name, which is currently redirecting to `www.privacyguides.org`, and it hopefully gives everyone enough time to notice the change, update bookmarks and websites, etc.
+> [...] we found it necessary to make this switch sooner rather than later to ensure people would find out about this transition as soon as possible. This gives us adequate time to transition the domain name, which is currently redirecting to www.privacyguides.org, and it hopefully gives everyone enough time to notice the change, update bookmarks and websites, etc.
 
 This change [entailed:](https://reddit.com/comments/pnhn4a)
 
-- Redirecting `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org).
+- Redirecting www.privacytools.io to [www.privacyguides.org](https://www.privacyguides.org).
 - Archiving the source code on GitHub to preserve our past work and issue tracker, which we continued to use for months of future development of this site.
 - Posting announcements to our subreddit and various other communities informing people of the official change.
 - Formally closing privacytools.io services, like Matrix and Mastodon, and encouraging existing users to migrate as soon as possible.
@@ -62,7 +64,7 @@ Things appeared to be going smoothly, and most of our active community made the
 
 Roughly a week following the transition, BurungHantu returned online for the first time in nearly a year, however nobody on our team was willing to return to PrivacyTools because of his historic unreliability. Rather than apologize for his prolonged absence, he immediately went on the offensive and positioned the transition to Privacy Guides as an attack against him and his project. He subsequently [deleted](https://reddit.com/comments/pp9yie/comment/hd49wbn) many of these posts when it was pointed out by the community that he had been absent and abandoned the project.
 
-At this point, BurungHantu claimed he wanted to continue working on privacytools.io on his own and requested that we remove the redirect from `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org). We obliged and requested that he keep the subdomains for Matrix, Mastodon, and PeerTube active for us to run as a public service to our community for at least a few months, in order to allow users on those platforms to easily migrate to other accounts. Due to the federated nature of the services we provided, they were tied to specific domain names making it very difficult to migrate (and in some cases impossible).
+At this point, BurungHantu claimed he wanted to continue working on privacytools.io on his own and requested that we remove the redirect from www.privacytools.io to [www.privacyguides.org](https://www.privacyguides.org). We obliged and requested that he keep the subdomains for Matrix, Mastodon, and PeerTube active for us to run as a public service to our community for at least a few months, in order to allow users on those platforms to easily migrate to other accounts. Due to the federated nature of the services we provided, they were tied to specific domain names making it very difficult to migrate (and in some cases impossible).
 
 Unfortunately, because control of the r/privacytoolsIO subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
 
@@ -82,7 +84,7 @@ After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it wa
 
 > [...] The growth of this Sub was the result of great effort, across several years, by the PrivacyGuides.org team. And by every one of you.
 >
-> A Subreddit is a great deal of work to administer and moderate. Like a garden, it requires patient tending and daily care. It's not a task for dilettantes or commitment-challenged people. It can’t thrive under a gardener who abandons it for several years, then shows up demanding this year’s harvest as their tribute. It's unfair to the team formed years ago. It’s unfair to you. [...]
+> A Subreddit is a great deal of work to administer and moderate. Like a garden, it requires patient tending and daily care. It’s not a task for dilettantes or commitment-challenged people. It can’t thrive under a gardener who abandons it for several years, then shows up demanding this year’s harvest as their tribute. It’s unfair to the team formed years ago. It’s unfair to you. [...]
 
 Subreddits do not belong to anybody, and they especially do not belong to brand-holders. They belong to their communities, and the community and its moderators made the decision to support the move to r/PrivacyGuides.
 
@@ -98,7 +100,7 @@ Our fundraising platform, OpenCollective, is another source of contention. Our p
 
 Thus, the funds in OpenCollective belong to Privacy Guides, they were given to our project, and not the owner of a well known domain name. In the announcement made to donors on September 17th, 2021, we offered refunds to any donor who disagrees with the stance we took, but nobody has taken us up on this offer:
 
-> If any sponsors or backers disagree with or feel misled by these recent events and would like to request a refund given these highly unusual circumstances, please get in touch with our project admin by emailing `jonah@triplebit.net`.
+> If any sponsors or backers disagree with or feel misled by these recent events and would like to request a refund given these highly unusual circumstances, please get in touch with our project admin by emailing jonah@triplebit.net.
 
 ## Further Reading
 

docs/about/services.md

@@ -13,14 +13,14 @@ We run a number of web services to test out features and promote cool decentrali
 ## Gitea
 
 - Domain: [code.privacyguides.dev](https://code.privacyguides.dev)
-- Availability: Invite-Only
+- Availability: Invite-Only  
 Access may be granted upon request to any team working on *Privacy Guides*-related development or content.
 - Source: [snapcraft.io/gitea](https://snapcraft.io/gitea)
 
 ## Matrix
 
 - Domain: [matrix.privacyguides.org](https://matrix.privacyguides.org)
-- Availability: Invite-Only
+- Availability: Invite-Only  
 Access may be granted upon request to Privacy Guides team members, Matrix moderators, third-party Matrix community administrators, Matrix bot operators, and other individuals in need of a reliable Matrix presence.
 - Source: [github.com/spantaleev/matrix-docker-ansible-deploy](https://github.com/spantaleev/matrix-docker-ansible-deploy)
 
@@ -33,6 +33,6 @@ Access may be granted upon request to Privacy Guides team members, Matrix modera
 ## Invidious
 
 - Domain: [invidious.privacyguides.net](https://invidious.privacyguides.net)
-- Availability: Semi-Public
+- Availability: Semi-Public  
 We host Invidious primarily to serve embedded YouTube videos on our website, this instance is not intended for general-purpose use and may be limited at any time.
 - Source: [github.com/iv-org/invidious](https://github.com/iv-org/invidious)

docs/about/statistics.md

@@ -1,14 +0,0 @@
----
-title: Traffic Statistics
----
-
-We self-host [Umami](https://umami.is/) to create a nice visualization of our traffic statistics, which are public at the link below. With this process:
-
-- Your information is never shared with a third-party, it stays on servers we control
-- Your personal data is never saved, we only collect data in aggregate
-- No client-side JavaScript is required
-
-Because of these facts, keep in mind our statistics may be inaccurate. It is a useful tool to compare different dates with each other and analyze overall trends, but the actual numbers may be far off from reality. They're *precise* statistics, but not *accurate* statistics.
-
-[View Statistics](https://stats.privacyguides.net/share/nVWjyd2QfgOPBhMF/www.privacyguides.org){ .md-button .md-button--primary }
-[Opt-Out](#__consent){ .md-button }

docs/advanced/dns-overview.md

@@ -354,8 +354,8 @@ dig +nocmd @9.9.9.11 -t txt o-o.myaddr.l.google.com +nocomments +noall +answer +
 If the results include a second edns0-client-subnet TXT record (like shown below), then your DNS server is passing along EDNS information. The IP or network shown after is the precise information which was shared with Google by your DNS provider.
 
 ```text
-o-o.myaddr.l.google.com. 60 IN TXT "198.51.100.32"
-o-o.myaddr.l.google.com. 60 IN TXT "edns0-client-subnet 198.51.100.0/24"
+o-o.myaddr.l.google.com. 60	IN	TXT	"198.51.100.32"
+o-o.myaddr.l.google.com. 60	IN	TXT	"edns0-client-subnet 198.51.100.0/24"
 ;; Query time: 64 msec
 ;; SERVER: 9.9.9.11#53(9.9.9.11)
 ;; WHEN: Wed Mar 13 10:23:08 CDT 2024

docs/basics/common-misconceptions.md

@@ -77,21 +77,21 @@ One of the clearest threat models is one where people *know who you are* and one
 
 1. **Known identity** - A known identity is used for things where you must declare your name. There are many legal documents and contracts where a legal identity is required. This could range from opening a bank account, signing a property lease, obtaining a passport, customs declarations when importing items, or otherwise dealing with your government. These things will usually lead to credentials such as credit cards, credit rating checks, account numbers, and possibly physical addresses.
 
-    We don't suggest using a VPN or Tor for any of these things, as your identity is already known through other means.
+We don't suggest using a VPN or Tor for any of these things, as your identity is already known through other means.
 
-    <div class="admonition tip" markdown>
-    <p class="admonition-title">Tip</p>
+<div class="admonition tip" markdown>
+<p class="admonition-title">Tip</p>
 
-    When shopping online, the use of a [parcel locker](https://en.wikipedia.org/wiki/Parcel_locker) can help keep your physical address private.
+When shopping online, the use of a [parcel locker](https://en.wikipedia.org/wiki/Parcel_locker) can help keep your physical address private.
 
-    </div>
+</div>
 
 2. **Unknown identity** - An unknown identity could be a stable pseudonym that you regularly use. It is not anonymous because it doesn't change. If you're part of an online community, you may wish to retain a persona that others know. This pseudonym isn't anonymous because—if monitored for long enough—details about the owner can reveal further information, such as the way they write, their general knowledge about topics of interest, etc.
 
-    You may wish to use a VPN for this, to mask your IP address. Financial transactions are more difficult to mask: You could consider using anonymous cryptocurrencies, such as [Monero](https://getmonero.org). Employing altcoin shifting may also help to disguise where your currency originated. Typically, exchanges require KYC (know your customer) to be completed before they'll allow you to exchange fiat currency into any kind of cryptocurrency. Local meet-up options may also be a solution; however, those are often more expensive and sometimes also require KYC.
+You may wish to use a VPN for this, to mask your IP address. Financial transactions are more difficult to mask: You could consider using anonymous cryptocurrencies, such as [Monero](https://getmonero.org). Employing altcoin shifting may also help to disguise where your currency originated. Typically, exchanges require KYC (know your customer) to be completed before they'll allow you to exchange fiat currency into any kind of cryptocurrency. Local meet-up options may also be a solution; however, those are often more expensive and sometimes also require KYC.
 
 3. **Anonymous identity** - Even with experience, anonymous identities are difficult to maintain over long periods of time. They should be short-term and short-lived identities which are rotated regularly.
 
-    Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.)
+Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.)
 
 [^1]: One notable example of this is the [2021 incident in which University of Minnesota researchers introduced three vulnerabilities into the Linux kernel development project](https://cse.umn.edu/cs/linux-incident).

docs/basics/multi-factor-authentication.md

@@ -158,7 +158,7 @@ Qubes OS has support for Challenge-Response authentication with YubiKeys. If you
 
 SSH MFA could be set up using multiple different authentication methods that are popular with hardware security keys. We recommend that you check out Yubico's [documentation](https://developers.yubico.com/SSH) on how to set this up.
 
-#### TOTP
+#### Time-based One-time Password (TOTP)
 
 SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How To Set Up Multi-Factor Authentication for SSH on Ubuntu 20.04](https://digitalocean.com/community/tutorials/how-to-set-up-multi-factor-authentication-for-ssh-on-ubuntu-20-04). Most things should be the same regardless of distribution, however the package manager commands—such as `apt-get`—and package names may differ.
 

docs/basics/why-privacy-matters.md

@@ -10,19 +10,16 @@ Privacy is ultimately about human information, and this is important because we
 
 Many people get the concepts of **privacy**, **security**, and **anonymity** confused. You'll see people criticize various products as "not private" when really they mean it doesn't provide anonymity, for example. On this website, we cover all three of these topics, but it is important you understand the difference between them, and when each one comes into play.
 
-<!-- markdownlint-disable-next-line -->
 **Privacy**
 
 :   ==Privacy is the assurance that your data is only seen by the parties you intend to view it.== In the context of an instant messenger, for example, end-to-end encryption provides privacy by keeping your message visible only to yourself and the recipient.
 
-<!-- markdownlint-disable-next-line -->
 **Security**
 
 :   Security is the ability to trust the applications you use—that the parties involved are who they say they are—and keep those applications safe. In the context of browsing the web, for example, security can be provided by HTTPS certificates.
 
 :   Certificates prove you are talking directly to the website you're visiting, and keep attackers on your network from reading or modifying the data sent to or from the website.
 
-<!-- markdownlint-disable-next-line -->
 **Anonymity**
 
 :   Anonymity is the ability to act without a persistent identifier. You might achieve this online with [Tor](../tor.md), which allows you to browse the internet with a random IP address and network connection instead of your own.

docs/cloud.md

@@ -45,7 +45,7 @@ The Proton Drive web application has been independently audited by Securitum in
 
 > Auditors identified two low-severity vulnerabilities. Additionally, five general recommendations were reported. At the same time, we confirm that no important security issues were identified during the pentest.
 
-Proton Drive's brand new mobile clients have not yet been publicly audited by a third party.
+Proton Drive's brand new mobile clients have not yet been publicly audited by a third-party.
 
 ## Tresorit
 

docs/desktop-browsers.md

@@ -139,7 +139,7 @@ Firefox includes a unique [download token](https://bugzilla.mozilla.org/show_bug
 
 </div>
 
-### Recommended Firefox Configuration
+### Recommended Configuration
 
 These options can be found in :material-menu: → **Settings**
 
@@ -256,7 +256,7 @@ Brave adds a "[referral code](https://github.com/brave/brave-browser/wiki/Brave%
 
 </div>
 
-### Recommended Brave Configuration
+### Recommended Configuration
 
 These options can be found in :material-menu: → **Settings**.
 
@@ -339,7 +339,7 @@ Brave's Web3 features can potentially add to your browser fingerprint and attack
 
 1. This option is not present on all platforms.
 
-#### Brave Sync
+#### Sync
 
 [Brave Sync](https://support.brave.com/hc/articles/360059793111-Understanding-Brave-Sync) allows your browsing data (history, bookmarks, etc.) to be accessible on all your devices without requiring an account and protects it with E2EE.
 

docs/email.md

@@ -5,7 +5,6 @@ icon: material/email
 description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers.
 cover: email.webp
 ---
-<!-- markdownlint-disable MD024 -->
 Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy.
 
 [Recommended Instant Messengers](real-time-communication.md){ .md-button }
@@ -71,7 +70,7 @@ OpenPGP also does not support Forward secrecy, which means if either your or the
 
 Free accounts have some limitations, such as not being able to search body text and not having access to [Proton Mail Bridge](https://proton.me/mail/bridge), which is required to use a [recommended desktop email client](email-clients.md) (e.g. Thunderbird). Paid accounts include features like Proton Mail Bridge, additional storage, and custom domain support. A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton Mail's apps on 9th November 2021 by [Securitum](https://research.securitum.com).
 
-If you have the Proton Unlimited, Business, or Visionary Plan, you also get [SimpleLogin](email-aliasing.md#simplelogin) Premium for free.
+If you have the Proton Unlimited, Business, or Visionary Plan, you also get [SimpleLogin](#simplelogin) Premium for free.
 
 Proton Mail has internal crash reports that they **do not** share with third parties. This can be disabled in: **Settings** > **Go to Settings** > **Account** > **Security and privacy** > **Send crash reports**.
 

docs/encryption.md

@@ -126,32 +126,28 @@ BitLocker is [only supported](https://support.microsoft.com/windows/turn-on-devi
 To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
 
 1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
-
-    ```powershell
-    powershell Get-Disk
-    ```
+   ```powershell
+   powershell Get-Disk
+   ```
 
 2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`:
-
-    ```powershell
-    powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
-    ```
+   ```powershell
+   powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
+   ```
 
 3. Access [Advanced Startup Options](https://support.microsoft.com/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
 4. Login with your admin account and type this in the command prompt to start encryption:
-
-    ```powershell
-    manage-bde -on c: -used
-    ```
+   ```powershell
+   manage-bde -on c: -used
+   ```
 
 5. Close the command prompt and continue booting to regular Windows.
 6. Open an admin command prompt and run the following commands:
-
-    ```powershell
-    manage-bde c: -protectors -add -rp -tpm
-    manage-bde -protectors -enable c:
-    manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt
-    ```
+   ```powershell
+   manage-bde c: -protectors -add -rp -tpm
+   manage-bde -protectors -enable c:
+   manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt
+   ```
 
 <div class="admonition tip" markdown>
 <p class="admonition-title">Tip</p>

docs/file-sharing.md

@@ -14,7 +14,7 @@ Discover how to privately share your files between your devices, with your frien
 
 ![Send logo](assets/img/file-sharing-sync/send.svg){ align=right }
 
-**Send** is a fork of Mozilla's discontinued Firefox Send service which allows you to send files to others with a link. Files are encrypted on your device so that they cannot be read by the server, and they can be optionally password-protected as well. The maintainer of Send hosts a [public instance](https://send.vis.ee). You can use other public instances, or you can host Send yourself.
+**Send** is a fork of Mozilla’s discontinued Firefox Send service which allows you to send files to others with a link. Files are encrypted on your device so that they cannot be read by the server, and they can be optionally password-protected as well. The maintainer of Send hosts a [public instance](https://send.vis.ee). You can use other public instances, or you can host Send yourself.
 
 [:octicons-home-16: Homepage](https://send.vis.ee){ .md-button .md-button--primary }
 [:octicons-server-16:](https://github.com/timvisee/send-instances){ .card-link title="Public Instances"}
@@ -144,7 +144,6 @@ We don't recommend using the [E2EE App](https://apps.nextcloud.com/apps/end_to_e
 
 </div>
 
-<!-- markdownlint-disable-next-line -->
 ### Criteria
 
 **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.

docs/financial-services.md

@@ -84,7 +84,6 @@ These services allow you to purchase gift cards for a variety of merchants onlin
 
 </div>
 
-<!-- markdownlint-disable-next-line -->
 ### Criteria
 
 **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.

docs/index.md

@@ -36,7 +36,7 @@ schema:
         urlTemplate: "https://www.privacyguides.org/?q={search_term_string}"
       query-input: required name=search_term_string
 ---
-<!-- markdownlint-disable -->
+<!-- markdownlint-disable-next-line -->
 ## Why should I care?
 
 ##### “I have nothing to hide. Why should I care about my privacy?”

docs/kb-archive.md

@@ -3,6 +3,8 @@ title: KB Archive
 icon: material/archive
 description: Some pages that used to be in our knowledge base can now be found on our blog.
 ---
+# Pages Moved to Blog
+
 Some pages that used to be in our knowledge base can now be found on our blog:
 
 - [GrapheneOS vs. CalyxOS](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos)

docs/meta/brand.md

@@ -19,4 +19,4 @@ Additional branding guidelines can be found at [github.com/privacyguides/brand](
 
 "Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project.
 
-Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at `jonah@privacyguides.org`. Consult your legal counsel if you have questions.
+Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at jonah@privacyguides.org. Consult your legal counsel if you have questions.

docs/meta/git-recommendations.md

@@ -8,18 +8,15 @@ If you make changes to this website on GitHub.com's web editor directly, you sho
 You can use an existing SSH key for signing, or [create a new one](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent).
 
 1. Configure your Git client to sign commits and tags by default (remove `--global` to only sign by default for this repo):
-
-    ```bash
-    git config --global commit.gpgsign true
-    git config --global gpg.format ssh
-    git config --global tag.gpgSign true
-    ```
-
+   ```
+   git config --global commit.gpgsign true
+   git config --global gpg.format ssh
+   git config --global tag.gpgSign true
+   ```
 2. Set your SSH key for signing in Git with the following command, substituting `/PATH/TO/.SSH/KEY.PUB` with the path to the public key you'd like to use, e.g. `/home/user/.ssh/id_ed25519.pub`:
-
-    ```bash
-    git config --global user.signingkey /PATH/TO/.SSH/KEY.PUB
-    ```
+   ```
+   git config --global user.signingkey /PATH/TO/.SSH/KEY.PUB
+   ```
 
 Ensure you [add your SSH key to your GitHub account](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account#adding-a-new-ssh-key-to-your-account) **as a Signing Key** (as opposed to or in addition to as an Authentication Key).
 
@@ -29,7 +26,7 @@ Use `git pull --rebase` instead of `git pull` when pulling in changes from GitHu
 
 You can set this to be the default behavior:
 
-```bash
+```
 git config --global pull.rebase true
 ```
 
@@ -37,7 +34,7 @@ git config --global pull.rebase true
 
 If you are working on your own branch, run these commands before submitting a PR:
 
-```bash
+```
 git fetch origin
 git rebase origin/main
 ```

docs/mobile-browsers.md

@@ -68,7 +68,7 @@ Brave is built upon the Chromium web browser project, so it should feel familiar
 
 </div>
 
-#### Recommended Brave Configuration
+#### Recommended Configuration
 
 Tor Browser is the only way to truly browse the internet anonymously. When you use Brave, we recommend changing the following settings to protect your privacy from certain parties, but all browsers other than the [Tor Browser](tor.md#tor-browser) will be traceable by *somebody* in some regard or another.
 
@@ -150,7 +150,7 @@ On iOS, any app that can browse the web is [restricted](https://developer.apple.
 
 </div>
 
-#### Recommended Firefox Configuration
+#### Recommended Configuration
 
 These options can be found in :gear: **Settings** → **Safari**
 

docs/multi-factor-authentication.md

@@ -151,7 +151,6 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative
 
 </div>
 
-<!-- markdownlint-disable-next-line -->
 ### Criteria
 
 **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.

docs/os/windows-overview.md

@@ -0,0 +1,411 @@
+---
+title: Windows Overview
+icon: simple/windows
+description: Windows is a traditonal operating system developed by Microsoft that provides a platform for running software applications and managing computer hardware.
+---
+
+Windows, a renowned desktop operating system developed by Microsoft, made its debut in 1985. It boasts a broad user base across various hardware manufacturers. Nonetheless, it grapples with issues such as bloatware, intrusive tracking, and security vulnerabilities. This guide aims to address and mitigate these concerns to enhance your Windows experience, though complete elimination may not be achievable.
+
+## Hardware and Firmware Security
+
+### Choosing a Secure Hardware
+
+- Choose a secured-core PC that has long-term lifetime support. The Microsoft Surface for Business series is the best option in this regard.
+- Choose a PC with Microsoft Pluton.
+
+<details class="note" markdown>
+<summary>Secure Launch and Secure Boot</summary>
+
+TBC
+
+</details>
+
+### Firmware Settings
+
+- Enable Secure Boot and, if applicable, disable the third-party Microsoft UEFI CA. 
+- Enable Virtualization settings.
+- Enable Dynamic Root of Trust for Measurement (DRTM).
+- If available, set Thunderbolt Security Settings to the highest level.
+- Be sure to set a firmware password.
+- Configure Boot Sequence to exclusively boot from your hard drive while disabling all other items, if accessible.
+- Enable Trusted Platform Module (TPM) and designate Microsoft Pluton as default if applicable.
+
+## Operating System Security
+
+### Choose the Correct Version and Edition
+
+Use Windows 11 Enterprise, version 23H2 as your operating system. 
+
+### Out-of-Box-Experience (OOBE)
+
+- Select your region to European Union (EU) and allow optional diagnostic data.
+- Use a local account instead of a Microsoft account.
+- After OOBE, enable Smart App Control in Start → Windows Security → App & Browser Control → Smart App Control.
+
+<details class="note" markdown>
+<summary>Activate Windows Enterprise</summary>
+
+For Key Management Service (KMS) activation, execute the following command from an elevated command prompt:
+
+```
+cd "c:\windows\system32"
+cscript slmgr.vbs /skms input.your.kms.server.here
+cscript slmgr.vbs /ato
+```
+
+For Multiple Activation Key (MAK) activation, execute the following command from an elevated command prompt:
+
+```
+cd "c:\windows\system32"
+cscript slmgr.vbs /ipk input-your-mak-key-here
+cscript slmgr.vbs /ato
+```
+
+</details>
+
+<details class="note" markdown>
+<summary>Upgrade Windows</summary>
+
+To upgrade from Windows Home to Windows Pro, enter your product key in Sttings → System → Activation → Change product key.
+
+To upgrade from Windows Pro to Windows Enterprise, execute the following command from an elevated command prompt:
+
+```
+cd "c:\windows\system32"
+cscript slmgr.vbs /ipk NPPR9-FWDCX-D2C8J-H872K-2YT43
+cscript slmgr.vbs /ato
+```
+
+Please note that the above command will not activate Windows Enterprise.
+</details>
+
+<details class="info" markdown>
+<summary>Command Prompt and Group Policy</summary>
+
+TBC
+
+</details>
+
+### Install Updates
+
+Installing updates is crucial. Windows Update delivers updates to Windows automatically. You can also manually check for updates in Start → Settings → Windows Update → Check for Updates. You should [update](https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/add-update-to-winre?view=windows-11#apply-the-update-to-a-running-pc) Windows Recovery Environment (Windows RE) by yourself. If you have other Windows installation media, such as Windows Preinstallation Environment (Windows PE) or Windows RE that is not recognized by the current Windows operating system, you should [update](https://learn.microsoft.com/en-us/windows/deployment/update/media-dynamic-update) them manually. 
+
+You can track update packages for Windows operating system, Windows RE and Windows PE using [this](https://support.microsoft.com/en-us/feed/rss/4ec863cc-2ecd-e187-6cb3-b50c6545db92) RSS feed. *Compatibility update for installing and recovering Windows* denotes updates for Windows RE. *Setup Dynamic Update for Windows* denotes updates for Windows PE. You can download update packages from the [Microsoft Update Catalog](https://www.catalog.update.microsoft.com/Home.aspx).
+
+You should also enable automatic updates in Microsoft Store in Start → Microsoft Store → Personal Profile → Settings → App Updates. You can also obtain drivers and firmware updates from original equipment manufacturers (OEMs).
+
+<details class="info" markdown>
+<summary>Types of Windows updates</summary>
+
+**Feature updates** are released annually to add new features and functionality to Windows.
+
+**Quality updates**, which encompass security and non-security fixes such as security updates, critical updates, servicing stack updates, and driver updates, are typically released on the second Tuesday of each month but can be released at any time.
+
+</details>
+
+### Security Baselines
+
+A security baseline is a group of Microsoft-recommended configuration settings that explains their security implication.
+
+- [Download](https://www.microsoft.com/en-us/download/details.aspx?id=55319) the following files: `Windows 11 v23H2 Security Baseline.zip` and `LGPO.zip`.
+- Unzip both files. In `LGPO\LGPO_30`, copy `LGPO.exe` to `Windows 11 v23H2 Security Baseline\Scripts\Tools`.
+- In `Windows 11 v23H2 Security Baseline\Scripts`, execute the following command from an elevated command prompt:
+  ```
+  Set-ExecutionPolicy -Scope Process Unrestricted
+  .\Baseline-LocalInstall.ps1 -Win11NonDomainJoined
+  ```
+
+You can track security baseline updates using [this](https://techcommunity.microsoft.com/gxcuf89792/rss/board?board.id=Microsoft-Security-Baselines) RSS feed.
+
+### Application Security
+
+Most applications on Windows are not sandboxed. In Microsoft Store, only the apps without the permission "This app can access all your files, peripheral devices, apps, programs, and registry" are sandboxed. If you sideload apps, only those with the file extensions `.msix`, `.msixbundle`, `.appx`, `.appxbundle`, and without the permission "This app can access all your files, peripheral devices, apps, programs, and registry" are sandboxed.
+
+Smart App Control can check the security of apps while they are running. You should enable Smart App Control in Start → Windows Security → App & Browser Control → Smart App Control.
+
+You can also use Windows Sandbox to run untrusted apps. Enable Windows Sandbox in Start → Settings → System → Optional Fetures → More Windows Features. Open Windows Sandbox in Start → Windows Sandbox. You can transfer files and apps into Windows Sandbox by copying them.
+
+### Device Encryption
+
+BitLocker is a disk encryption feature. Before enabling Bitlocker, you should configure it to use stronger encryption methods as well as allow for more secure unlocking methods:
+
+- Enable the Group Policy `Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)` and set the options to `XTS-AES 256-bit`, `XTS-AES 256-bit`, `AES-CBC 256-bit` respectively.
+- Enable the Group Policy `Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\Require additional authentication at startup` and set the options to unchecked, `Allow TPM`, `Allow startup PIN with TPM`, `Allow startup key with TPM` and `Allow startup key and PIN with TPM` respectively.
+- Enable the Group Policy `Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\Allow enhanced PINs for startup`.
+
+You should enable Bitlocker in Start → Windows Security → Device Security → Data Encryption. You should set a strong PIN for BitLocker and encrypt the entire disk space.
+
+### Antivirus Protection
+
+Windows include Windows Security, which provides the latest antivirus protection.
+
+- Enable all options in Start → Windows Security → App & Browser Control → Reputation Based Protection.
+- Enable all options in Start → Windows Security → App & Browser Control → Exploit Protection → System Settings.
+- Enable all options in Start → Windows Security → Virus & Threat Protection → Virus & Threat Protection Settings.
+- Enable the option in Start → Windows Security → Virus & Threat Protection → Ransomware Protection → Controlled Folder Access.
+- Enable `Block all inbound connections` options in Start → Windows Security → Firewall and Network Protection → Public Network/Private Network/Domain Network.
+- Check if `Memory access protection` is displayed in Start → Windows Security → Device Security → Core Isolation. If not, enable the Group Policy `Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Disable new DMA devices when this computer is locked`.
+- Enable the Group Policy `Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Scan\Turn on e-mail scanning`.
+- Enable the Group Policy `Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Scan\Scan removable drives`.
+- Enable the Group Policy `Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Scan\Scan network files`.
+- Enable the Group Policy `Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Scan\Run full scan on mapped network drives`.
+- Execute `setx /M MP_FORCE_USE_SANDBOX 1` from an elevated command prompt.
+
+### Account Security
+
+You should use a local user account for daily tasks. Use complex passwords for your accounts. You can create a local user account in Start → Settings → Accounts → Other users → Add account → I don't have this person's sign-in information → Add a user without a Microsoft account. You should add security questions to your local account in case you forget your password in Start  → Settings → Accounts → Sign-in options → Update your security questions. You can also create a password reset disk for your local account. In the search box on the taskbar, type `Control Panel`, and then choose it from the list of results. In the Control Panel search box, type `create password reset`. Select `Create a password reset disk`, and follow the remaining instructions.
+
+You can hide your account info when logging in by enabling the Group Policy `Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Don’t display last signed-in` and `Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Don’t display username at sign-in`. You can also find the related option in Start → Settings → Accounts → Sign-in Options → Show account details such as my email address on the sign-in screen.
+
+### Network & Bluetooth Security
+
+- Disable all options in Start → Settings → Network & Internet → Advanced Network Setings → Advanced Sharing Setings → Private Networks/Public Networks. Set options in Start → Settings → Network & Internet → Advanced Network Setings → Advanced Sharing Setings → All Networks to disable public folder sharing, use 128-bit encryption and enable password protected sharing.
+- Enable MAC Address Randomization in Start → Settings → Network & Internet → Wi-Fi → Random Hardware Addresses and set the option in Start → Settings → Network & Internet → Wi-Fi → (Your Network Display Name) → Random Hardware Addresses to `Change every day`.
+- Turn off Bluetooth when not in use. Disable device discovery in Start → Settings → Devices → Devices → More Bluetooth Settings.
+- Set your encrypted DNS in Start → Settings → Network & Internet → Wi-Fi → (Your Network Properties) → DNS Server Assignment → Edit → Manual.
+
+### Developer Mode
+
+- Disable Developer Mode in Start → Settings → System → For Developers → Developer Mode.
+- Disable Remote Desktop in Start → Settings → System → For Developers → Remote Desktop.
+- Enable all options in Start → Settings → System → For Developers → File Explorer.
+
+### Additional Attack Surface Reduction Measures
+
+In addition to the security baselines, there are some additional attack surface reduction measures.
+
+- Disable Remote Assistance. In the search box on the taskbar, type `remote assistance`, and then select `Allow Remote Assistance invitations to be sent from this computer` from the list of results. Then, on the `Remote` tab, unselect the Allow Remote Assistance connections to this computer check box, and then select OK.
+- Uninstall features you won't use like Internet Explorer mode in Start → Settings → System → Optional Fetures and Start → Settings → System → Optional Fetures → More Windows Features.
+- Enable the Group Policy `Computer Configuration\Administrative Templates\MS Security Guide\Enable Certificate Padding`.
+- Add additional attack surface reduction rules and set them to warn mode. Enable the Group Policy `Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Attack surface reduction\Configure Attack Surface Reduction rules`. Select `Show...` and add the following [rule IDs](https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide#asr-rule-to-guid-matrix) in the Value Name column. Then change the status of all rules to 6 in the Value column.
+  ```
+  56a863a9-875e-4185-98a7-b882c64b5ce5
+  d1e49aac-8f56-4280-b9ba-993a6d77406c
+  01443614-cd74-433a-b99e-2ecdc07bfc25
+  ```
+- Execute the following command from an elevated command prompt:
+  ```
+  reg add "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa" /v DisableRestrictedAdmin /t REG_DWORD /d 0 /f
+  reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\OLELinkConversionFromOLESTREAMToIStorage" /v Disabled /t REG_DWORD /d 1 /f
+  ```
+- Enable [additional mitigations](https://support.microsoft.com/en-us/topic/kb4073119-windows-client-guidance-for-it-pros-to-protect-against-silicon-based-microarchitectural-and-speculative-execution-side-channel-vulnerabilities-35820a8a-ae13-1299-88cc-357f104f5b11) against silicon-based microarchitectural and speculative execution side-channel vulnerabilities without disabling Hyper-Threading (also known as Simultaneous Multi Threading (SMT)) in Intel processors by executing the following command from an elevated command prompt.
+  ```
+  reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0x00800048 /f 
+  reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
+  reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v MinVmVersionForCpuBasedMitigations /t REG_SZ /d "1.0" /f
+  reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v RetsPredictedFromRsbOnly /t REG_DWORD /d 1 /f
+  ```
+  Enable additional mitigations against silicon-based microarchitectural and speculative execution side-channel vulnerabilities with Hyper-Threading disabled in Intel processors by executing the following command from an elevated command prompt.
+  ```
+  reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0x00802048 /f 
+  reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
+  reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v MinVmVersionForCpuBasedMitigations /t REG_SZ /d "1.0" /f
+  reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v RetsPredictedFromRsbOnly /t REG_DWORD /d 1 /f
+  ```
+  Enable additional mitigations against silicon-based microarchitectural and speculative execution side-channel vulnerabilities in AMD processors by executing the following command from an elevated command prompt. To be fully protected, you might also need to disable Hyper-Threading (also known as Simultaneous Multi Threading (SMT)).
+  ```
+  reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 16842760 /f 
+  reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
+  reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v MinVmVersionForCpuBasedMitigations /t REG_SZ /d "1.0" /f
+  reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v RetsPredictedFromRsbOnly /t REG_DWORD /d 1 /f
+  ```
+  Enable additional mitigations against silicon-based microarchitectural and speculative execution side-channel vulnerabilities in ARM processors by executing the following command from an elevated command prompt. To be fully protected, you might also need to disable Hyper-Threading (also known as Simultaneous Multi Threading (SMT)).
+  ```
+  reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 64 /f 
+  reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
+  reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v MinVmVersionForCpuBasedMitigations /t REG_SZ /d "1.0" /f
+  reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v RetsPredictedFromRsbOnly /t REG_DWORD /d 1 /f
+  ```
+  
+## Privacy Settings
+
+Windows collects [three categories](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RW1iLkl) of personal data to send to Microsoft: Windows Diagnostic Data, Account Data, and Windows Required Service Data. 
+
+### Windows Diagnostic Data
+
+Enable the Group Policy `Computer Configuration\Administrative Templates\Windows Components\Data Collection And Preview Builds\Allow Diagnostic Data` and set it to `Diagnostic data off (not recommended)`.
+
+### Account Data
+
+Use local accounts instead of online accounts like Microsoft accounts to sign in to your devices and enable the Group Policy `Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Accounts: Block Microsoft accounts` and set it to `Users can’t add Microsoft accounts`. You can still log on apps likw Microsoft Store with Microsoft accounts. If you have logged on apps using a Microsoft account, you can limit its use in Start → Settings → Accounts → Email & accounts → (Your Microsoft Account) → Sign-in Options and select the option to `Apps need to ask me to use this account`.
+
+<details class="warning" markdown>
+<summary>Warning</summary>
+
+If the Group Policy `Accounts: Block Microsoft accounts` is set to `Users can’t add or log on with Microsoft accounts`, attempting to restore the System in Windows Recovery Environment (Windows RE) will [fail](https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-recovery-environment--windows-re--technical-reference?view=windows-11#known-issue) with the error message "You need to sign in as an administrator to continue, but there aren't any administrator accounts on this PC."
+
+</details>
+
+### Windows Required Service Data
+
+Some Required Service Data is necessary for Windows security and should be retained.
+
+- Uninstall pre-installed apps you won't use in Start → Settings → Apps → Installed Apps and Start → Settings → System → System Components.
+- Disable all options in Start → Settings → Privacy & Security → Windows Permissions.
+- Do not join the Windows Insider Program in Start → Settings → Windows Update → Windows Insider Program.
+- Disable suggestions and recommendations in Start → Settings → Personalization → Start.
+- Disable the Group Policy `Computer Configuration\Administrative Templates\Windows Components\Search\Allow Cortana`.
+- Disable the Group Policy `Computer Configuration\Administrative Templates\Windows Components\Search\Allow Cloud Search`.
+- Disable the Group Policy `Computer Configuration\Administrative Templates\Windows Components\Search\Allow search and Cortana to use location`.
+- Enable the Group Policy `Computer Configuration\Administrative Templates\Windows Components\Search\Do not allow web search`.
+- Enable the Group Policy `Computer Configuration\Administrative Templates\Windows Components\Search\Don't search the web or display web results in Search`.
+- Enable all Group Policy objects under `Computer Configuration\Administrative Templates\Windows Components\Cloud Content`.
+- Enable the Group Policy `User Configuration\Administrative Templates\Windows Components\Cloud Content\Do not use diagnostic data for tailored experiences`.
+- Enable the Group Policy `User Configuration\Administrative Templates\Windows Components\Cloud Content\Do not suggest third-party content in Windows spotlight`.
+- Enable the Group Policy `User Configuration\Administrative Templates\Windows Components\Cloud Content\Turn off cloud optimized content`.
+- Enable the Group Policy `Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting\Disable Windows Error Reporting`.
+- Enable the Group Policy `Computer Configuration\Administrative Templates\Windows Components\Software Protection Platform\Turn off KMS Client Online AVS Validation`.
+- Disable the Group Policy `Computer Configuration\Administrative Templates\Windows Components\Messaging\Allow Message Service Cloud Sync`.
+- Execute `reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Messaging" /v CloudServiceSyncEnabled /t REG_DWORD /d 0 /f` from an elevated command prompt.
+- Execute `reg add "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\MRT" /v DontReportInfectionInformation /t REG_DWORD /d 1 /f` from an elevated command prompt.
+- Disable the Group Policy `Computer Configuration\Administrative Templates\Windows Components\Windows Defender Antivirus\Reporting\Configure Watson events`.
+- In Start → Settings → Apps → Advanced app settings, set `Choose where to get apps` to `Anywhere`.
+- Enable the Group Policy `Computer Configuration\Administrative Templates\Windows Components\Delivery Optimization\Download Mode` and set it to `Simple (99)`.
+- Execute `reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Feeds" /v "EnableFeeds" /t REG_DWORD /d 0 /f` from an elevated command prompt.
+- Execute `setx /M DOTNET_CLI_TELEMETRY_OPTOUT 1` from an elevated command prompt.
+- Execute `setx /M POWERSHELL_TELEMETRY_OPTOUT 1` from an elevated command prompt.
+- Execute `setx /M MSEDGEDRIVER_TELEMETRY_OPTOUT 1` from an elevated command prompt.
+- Disable the Group Policy `Computer Configuration\Administrative Templates\Windows Components\Widgets\Allow Widgets`.
+- If you are using a Input Method Editors (IME), disable the option in Start → Settings → Time & Language → Language & Region → (Your Language) → Language Options → (Your IME) → Keyboard Options → Lexicon and Self-Learning → Try text suggestions from Bing.
+- You can manage Copilot in Windows by configuring the Group Policy `User Configuration\Administrative Templates\Windows Components\Windows Copilot\Turn off Windows Copilot`.
+- Enable the Group Policy `Computer Configuration\Administrative Templates\Windows Components\OneDrive\Prevent OneDrive from generating network traffic until the user signs in to OneDrive`.
+
+## Microsoft Edge
+
+- [Download](https://www.microsoft.com/en-us/edge/business/download) the Microsoft Edge policy and unzip the file.
+- Copy `MicrosoftEdgePolicyTemplates.cab\MicrosoftEdgePolicyTemplates.zip\windows\admx\msedge.admx` to `C:\Windows\PolicyDefinitions`. Copy `MicrosoftEdgePolicyTemplates.cab\MicrosoftEdgePolicyTemplates.zip\windows\admx\msedge.admx\(Your locale ID)\msedge.adml` to `C:\Windows\PolicyDefinitions\(Your locale ID)`.
+- You can track security baseline updates using [this](https://techcommunity.microsoft.com/gxcuf89792/rss/board?board.id=Microsoft-Security-Baselines) RSS feed.
+
+### Microsoft Edge Security
+
+- [Download](https://www.microsoft.com/en-us/download/details.aspx?id=55319) the following files: `Microsoft Edge v117 Security Baseline.zip` and `LGPO.zip`.Unzip both files. In `LGPO\LGPO_30`, copy `LGPO.exe` to `Microsoft Edge v117 Security Baseline\Scripts\Tools`. In `Microsoft Edge v117 Security Baseline\Scripts`, execute the following command from an elevated command prompt:
+  ```
+  Set-ExecutionPolicy -Scope Process Unrestricted
+  .\Baseline-LocalInstall.ps1
+  ```
+- Microsoft Edge automatically updates itself. You can also update it manually in `edge://settings/help`.
+- Enable the option(s) `Microsoft Defender SmartScreen` in `edge://settings/privacy`.
+- Enable the option(s) `Block potentially unwanted apps` in `edge://settings/privacy`.
+- Enable the option(s) `Website typo protection` in `edge://settings/privacy`.
+- Enable the option(s) `Enhance your security on the web` in `edge://settings/privacy` and set it to `Strict`.
+- Enable the option(s) `Allow extensions from other stores` in `edge://extensions/`. Prioritize installing extensions from Chrome Web Store, as Chrome Web Store more aggressively uses Manifest V3.
+- Enable the Group Policy `Computer Configuration\Administrative Templates\Microsoft Edge\Configure browser process code integrity guard setting` and set it to `Enable code integrity guard enforcement in the browser process`.
+- Enable the Group Policy `Computer Configuration\Administrative Templates\Microsoft Edge\Enable online OCSP/CRL checks`.
+- Enable the Group Policy `Computer Configuration\Administrative Templates\Microsoft Edge\Enable the network service sandbox`.
+- Enable the Group Policy `Computer Configuration\Administrative Templates\Microsoft Edge\Restrict exposure of local IP address by WebRTC` and set it to `Use TCP unless proxy server supports UDP`.
+- Enable the Group Policy `Computer Configuration\Administrative Templates\Microsoft Edge\Configure Automatic HTTPS` and set it to `All navigations delivered over HTTP are switched to HTTPS`.
+- Enable the Group Policy `Computer Configuration\Administrative Templates\Microsoft Edge\Control the mode of DNS-over-HTTPS` and set it to `Enable DNS-over-HTTPS without insecure fallback`. Configure the Group Policy `Computer Configuration\Administrative Templates\Microsoft Edge\Specify URI template of desired DNS-over-HTTPS resolver` according to your needs.
+
+### Microsoft Edge Privacy
+
+For diagnostic data, enable the Group Policy `Computer Configuration\Administrative Templates\Microsoft Edge\Send required and optional diagnostic data about browser usage` and set the option to `off`.
+
+For account data, use local profiles instead of online accounts like Microsoft accounts to sign in to Microsoft Edge. Enable the Group Policy `Computer Configuration\Administrative Templates\Microsoft Edge\Browser sign-in settings` and set the option to `Disable browser sign-in`. Then disable the Group Policy `Computer Configuration\Administrative Templates\Microsoft Edge\Configure whether a user always has a default profile automatically signed in with their work or school account`.
+
+For required service data:
+
+- Disable the option(s) in `edge://settings/profiles/rewards`.
+- Disable the option(s) in `edge://settings/profiles/multiProfileSettings`.
+- Disable the option(s) in `edge://settings/profiles/localBrowserDataShare`.
+- Disable the option(s) in `edge://wallet/settings`.
+- Enable the option(s) `Tracking Prevention` in `edge://settings/privacy` and set the option to `Strict`.
+- Enable the option(s) in `edge://settings/clearBrowsingDataOnClose`.
+- Enable the option(s) `Send "Do Not Track" requests` in `edge://settings/privacy`.
+- Disable the option(s) `Allow sites to check if you have payment methods saved` in `edge://settings/privacy`.
+- Disable the option(s) `Allow sites to check if you have payment methods saved` in `edge://settings/privacy`.
+- Disable the option(s) `Help improve Microsoft products by sending the results from searches on the web` in `edge://settings/privacy`.
+- Disable the option(s) `Allow Microsoft to save your browsing activity including history, usage, favorites, web content, and other browsing data to personalize Microsoft Edge and Microsoft services like ads, search, shopping and news.` in `edge://settings/privacy`.
+- Disable all option(s) under the `Services` section in `edge://settings/privacy`.
+- Disable the option(s) `Show me search and site suggestions using my typed characters` in `edge://settings/searchFilters`.
+- Disable the option(s) `Show me suggestions from history, favorites and other data on this device using my typed characters` in `edge://settings/searchFilters`.
+- Disable the option(s) `Personalize my top sites in customize sidebar` in `edge://settings/sidebar`.
+- Disable the option(s) `Allow Microsoft to access page content` and `Show shopping notifications` in `edge://settings/sidebar/appSettings?hubApp=cd4688a9-e888-48ea-ad81-76193d56b1be`.
+- Disable the option(s) `Allow access to page URLs` in `edge://settings/sidebar/appSettings?hubApp=96defd79-4015-4a32-bd09-794ff72183ef`.
+- Disable the option(s) `Preload your new tab page for a faster experience` in `edge://settings/startHomeNTP`.
+- Configure the option(s) `Customize your new tab page layout and content` in `edge://settings/startHomeNTP` according to your needs.
+- Enable the option(s) `Block third-party cookies` in `edge://settings/content/cookies`.
+- Disable the option(s) `Preload pages for faster browsing and searching` in `edge://settings/content/cookies`.
+- Disable the option(s) `Use text prediction` in `edge://settings/languages`.
+- Disable the option(s) `Enable grammar and spellcheck assistance` or enable it with `Basic` in `edge://settings/languages`.
+- Configure the option(s) `Share additional operating system region` to `Never` in `edge://settings/languages`.
+- Disable the option(s) `Get image descriptions from Microsoft for screen readers` in `edge://settings/accessibility`.
+- Disable the option(s) `Allow identifiers for protected content (computer restart may be required)` in `edge://settings/content/protectedContent`.
+- Configure `edge://flags/#edge-widevine-drm` according to your needs.
+- Disable the Group Policy `Computer Configuration\Administrative Templates\Microsoft Edge\Enables default browser settings campaigns`.
+- Disable the Group Policy `Computer Configuration\Administrative Templates\Microsoft Edge\Edge 3P SERP Telemetry Enabled`.
+- Enable the Group Policy `Computer Configuration\Administrative Templates\Microsoft Edge\Enable network prediction` and set it to `Don’t predict network actions on any network connection`.
+- Enable the Group Policy `Computer Configuration\Administrative Templates\Microsoft Edge\Secure mode and Certificate-based Digital Signature validation in native PDF reader`.
+- Disable the Group Policy `Computer Configuration\Administrative Templates\Microsoft Edge\Content settings\Choose whether users can receive customized background images and text, suggestions, notifications, and tips for Microsoft services`.
+- Enable the Group Policy `Computer Configuration\Administrative Templates\Microsoft Edge\Configure InPrivate mode availability` and set it to `Forced`.
+
+  <details class="warning" markdown>
+  <summary>Warning</summary>
+
+  Setting ```Configure InPrivate mode availability``` to ```Forced``` will prevent you from accessing `edge://settings`.
+
+  </details>
+
+- If you are using others’ PC, use Guest mode in Start → Microsoft Edge → Personal Profile icon → Other Profiles → Browse as Guest.
+- You can manage Copilot in Windows by configuring the Group Policy `Computer Configuration\Administrative Templates\Microsoft Edge\Show Hubs Sidebar`.
+
+## Office
+
+- The advice in this guide does not apply to Office downloaded from the Microsoft Store.
+- [Download](https://www.microsoft.com/en-us/download/details.aspx?id=49030) the corresponding Office policy and execute it to extract the files.
+- Copy `(Extracted Files)\admx\(Your Office Apps).admx` to `C:\Windows\PolicyDefinitions`. Copy `(Extracted Files)\admx\(Your locale ID)\(Your Office Apps).adml` to `C:\Windows\PolicyDefinitions\(Your locale ID)`.
+- You can track security baseline updates using [this](https://techcommunity.microsoft.com/gxcuf89792/rss/board?board.id=Microsoft-Security-Baselines) RSS feed.
+
+<details class="note" markdown>
+<summary>Install and Activate Office 2021</summary>
+
+You can buy and download [Office Home & Student 2021](https://go.microsoft.com/fwlink/?linkid=2022066), [Office Home & Business 2021](https://go.microsoft.com/fwlink/?linkid=2022187) or [Office Professional 2021](https://go.microsoft.com/fwlink/?linkid=2022071) online.
+
+To install Office LTSC 2021, download the [Office Deployment Tool](https://www.microsoft.com/en-us/download/details.aspx?id=49117) and execute it to extract the files. Create and download a configuration file using the [Office Customization Tool](https://config.office.com/deploymentsettings). Copy `your-created-config-file.xml` to `(Extracted Files Folder)`. In `(Extracted Files Folder)`, execute the following command from an elevated command prompt:
+
+```
+setup /download your-created-config-file.xml
+```
+
+For Key Management Service (KMS) activation, execute the following command from an elevated command prompt:
+
+```
+cd "c:\Program Files\Microsoft Office\Office16"
+cscript ospp.vbs /sethst:your.kms.server.here
+cscript ospp.vbs /act
+```
+
+For Multiple Activation Key (MAK) activation, execute the following command from an elevated command prompt:
+
+```
+cd "c:\Program Files\Microsoft Office\Office16"
+cscript ospp.vbs /inpkey:input-your-mak-key-here
+cscript ospp.vbs /act
+```
+
+</details>
+
+### Office Security
+
+- [Download](https://www.microsoft.com/en-us/download/details.aspx?id=55319) the following files: `Microsoft 365 Apps for Enterprise 2306.zip` and `LGPO.zip`.Unzip both files. In `LGPO\LGPO_30`, copy `LGPO.exe` to `Microsoft 365 Apps for Enterprise 2306\Scripts\Tools`. In `Microsoft 365 Apps for Enterprise 2306\Scripts`, execute the following command from an elevated command prompt:
+  
+  ```
+  Set-ExecutionPolicy -Scope Process Unrestricted
+  .\Baseline-LocalInstall.ps1
+  ```
+  
+- Office automatically updates itself. You can also update it manually in Start → (Your Office Apps) → File → Account → Update Options.
+  
+### Office Privacy
+
+For diagnostic data, enable the Group Policy `User Configuration\Administrative Templates\Microsoft Office 2016\Privacy\Trust Center\Configure the level of client software diagnostic data sent by Office to Microsoft` and set the option to `Neither`.
+
+For account data, enable the Group Policy `User Configuration\Administrative Templates\Microsoft Office 2016\Miscellaneous\Block signing into Office`.
+
+<details class="info" markdown>
+<summary>Microsoft 365</summary>
+
+You cannot disable the subscription version of Office, Microsoft 365.
+
+</details>
+
+For required service data, disable the Group Policy `User Configuration\Administrative Templates\Microsoft Office 2016\Privacy\Trust Center\Allow the use of connected experiences in Office` and `User Configuration\Administrative Templates\Microsoft Office 2016\Privacy\Trust Center\Enable Customer Experience Improvement Program`.

docs/passwords.md

@@ -366,7 +366,6 @@ These products are minimal password managers that can be used within scripting a
 
 </div>
 
-<!-- markdownlint-disable-next-line -->
 ### Criteria
 
 **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.

docs/productivity.md

@@ -4,7 +4,6 @@ icon: material/file-sign
 description: Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do.
 cover: productivity.webp
 ---
-<!-- markdownlint-disable MD024 -->
 Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. The privacy policy may legally protect your rights, but it does not provide technical access constraints.
 
 ## Collaboration Platforms

docs/tools.md

@@ -62,7 +62,6 @@ For more details about each project, why they were chosen, and additional tips o
 
 [Learn more :material-arrow-right-drop-circle:](mobile-browsers.md)
 
-<!-- markdownlint-disable-next-line -->
 ### Additional Resources
 
 <div class="grid cards annotate" markdown>

docs/vpn.md

@@ -5,7 +5,6 @@ icon: material/vpn
 description: These are the best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you.
 cover: vpn.webp
 ---
-<!-- markdownlint-disable MD024 -->
 
 If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. We think these providers are a cut above the rest:
 

includes/strings.en.env

@@ -1,44 +1,41 @@
-ANALYTICS_CONSENT_BODY="We collect anonymous statistics about your visits to help us improve the site. We do not track you across other websites. If you disable this, we will not know when you have visited our site. We will save a single cookie in your browser to remember your preference."
-ANALYTICS_CONSENT_TITLE="Contribute anonymous statistics"
+LANG="English"
+LANG_ENGLISH="English"
+SITE_NAME="Privacy Guides"
+SITE_DESCRIPTION="Privacy Guides is your central privacy and security resource to protect yourself online."
+FOOTER_COPYRIGHT_INTRO="<b>Privacy Guides</b> is a non-profit, socially motivated website that provides information for protecting your data security and privacy."
+FOOTER_COPYRIGHT_AFFILIATE="We do not make money from recommending certain products, and we do not use affiliate links."
+FOOTER_COPYRIGHT_DATE="2019 - 2024 Privacy Guides and contributors."
+FOOTER_COPYRIGHT_ICON='<span class="twemoji"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><!--! Font Awesome Free 6.2.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2022 Fonticons, Inc.--><path d="m245.83 214.87-33.22 17.28c-9.43-19.58-25.24-19.93-27.46-19.93-22.13 0-33.22 14.61-33.22 43.84 0 23.57 9.21 43.84 33.22 43.84 14.47 0 24.65-7.09 30.57-21.26l30.55 15.5c-6.17 11.51-25.69 38.98-65.1 38.98-22.6 0-73.96-10.32-73.96-77.05 0-58.69 43-77.06 72.63-77.06 30.72-.01 52.7 11.95 65.99 35.86zm143.05 0-32.78 17.28c-9.5-19.77-25.72-19.93-27.9-19.93-22.14 0-33.22 14.61-33.22 43.84 0 23.55 9.23 43.84 33.22 43.84 14.45 0 24.65-7.09 30.54-21.26l31 15.5c-2.1 3.75-21.39 38.98-65.09 38.98-22.69 0-73.96-9.87-73.96-77.05 0-58.67 42.97-77.06 72.63-77.06 30.71-.01 52.58 11.95 65.56 35.86zM247.56 8.05C104.74 8.05 0 123.11 0 256.05c0 138.49 113.6 248 247.56 248 129.93 0 248.44-100.87 248.44-248 0-137.87-106.62-248-248.44-248zm.87 450.81c-112.54 0-203.7-93.04-203.7-202.81 0-105.42 85.43-203.27 203.72-203.27 112.53 0 202.82 89.46 202.82 203.26-.01 121.69-99.68 202.82-202.84 202.82z"></path></svg></span><span class="twemoji"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><!--! Font Awesome Free 6.2.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2022 Fonticons, Inc.--><path d="M314.9 194.4v101.4h-28.3v120.5h-77.1V295.9h-28.3V194.4c0-4.4 1.6-8.2 4.6-11.3 3.1-3.1 6.9-4.7 11.3-4.7H299c4.1 0 7.8 1.6 11.1 4.7 3.1 3.2 4.8 6.9 4.8 11.3zm-101.5-63.7c0-23.3 11.5-35 34.5-35s34.5 11.7 34.5 35c0 23-11.5 34.5-34.5 34.5s-34.5-11.5-34.5-34.5zM247.6 8C389.4 8 496 118.1 496 256c0 147.1-118.5 248-248.4 248C113.6 504 0 394.5 0 256 0 123.1 104.7 8 247.6 8zm.8 44.7C130.2 52.7 44.7 150.6 44.7 256c0 109.8 91.2 202.8 203.7 202.8 103.2 0 202.8-81.1 202.8-202.8.1-113.8-90.2-203.3-202.8-203.3z"></path></svg></span><span class="twemoji"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><!--! Font Awesome Free 6.2.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2022 Fonticons, Inc.--><path d="M247.6 8C389.4 8 496 118.1 496 256c0 147.1-118.5 248-248.4 248C113.6 504 0 394.5 0 256 0 123.1 104.7 8 247.6 8zm.8 44.7C130.2 52.7 44.7 150.6 44.7 256c0 109.8 91.2 202.8 203.7 202.8 103.2 0 202.8-81.1 202.8-202.8.1-113.8-90.2-203.3-202.8-203.3zm94 144.3v42.5H162.1V197h180.3zm0 79.8v42.5H162.1v-42.5h180.3z"></path></svg></span>'
+FOOTER_COPYRIGHT_LICENSE="Content license:"
+FOOTER_COPYRIGHT="$FOOTER_COPYRIGHT_INTRO <br> $FOOTER_COPYRIGHT_AFFILIATE <br> &copy; $FOOTER_COPYRIGHT_DATE $FOOTER_COPYRIGHT_ICON $FOOTER_COPYRIGHT_LICENSE <a href='/license'><strong>CC BY-ND 4.0</strong></a>."
+THEME_LIGHT="Switch to light mode"
+THEME_DARK="Switch to dark mode"
+THEME_AUTO="Switch to system theme"
 DESCRIPTION_HOMEPAGE="A socially motivated website which provides information about protecting your online data privacy and security."
 DESCRIPTION_TRANSLATION="You're viewing the $LANG copy of Privacy Guides, translated by our fantastic language team on Crowdin. If you notice an error, or see any untranslated sections on this page, please consider helping out!"
 DESCRIPTION_TRANSLATION_CTA="Visit Crowdin"
-FOOTER_COPYRIGHT_AFFILIATE="We do not make money from recommending certain products, and we do not use affiliate links."
-FOOTER_COPYRIGHT_ANALYTICS="Anonymous statistics preferences."
-FOOTER_COPYRIGHT_DATE="2019 - 2024 Privacy Guides and contributors."
-FOOTER_COPYRIGHT_ICON='<span class="twemoji"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><!--! Font Awesome Free 6.2.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2022 Fonticons, Inc.--><path d="m245.83 214.87-33.22 17.28c-9.43-19.58-25.24-19.93-27.46-19.93-22.13 0-33.22 14.61-33.22 43.84 0 23.57 9.21 43.84 33.22 43.84 14.47 0 24.65-7.09 30.57-21.26l30.55 15.5c-6.17 11.51-25.69 38.98-65.1 38.98-22.6 0-73.96-10.32-73.96-77.05 0-58.69 43-77.06 72.63-77.06 30.72-.01 52.7 11.95 65.99 35.86zm143.05 0-32.78 17.28c-9.5-19.77-25.72-19.93-27.9-19.93-22.14 0-33.22 14.61-33.22 43.84 0 23.55 9.23 43.84 33.22 43.84 14.45 0 24.65-7.09 30.54-21.26l31 15.5c-2.1 3.75-21.39 38.98-65.09 38.98-22.69 0-73.96-9.87-73.96-77.05 0-58.67 42.97-77.06 72.63-77.06 30.71-.01 52.58 11.95 65.56 35.86zM247.56 8.05C104.74 8.05 0 123.11 0 256.05c0 138.49 113.6 248 247.56 248 129.93 0 248.44-100.87 248.44-248 0-137.87-106.62-248-248.44-248zm.87 450.81c-112.54 0-203.7-93.04-203.7-202.81 0-105.42 85.43-203.27 203.72-203.27 112.53 0 202.82 89.46 202.82 203.26-.01 121.69-99.68 202.82-202.84 202.82z"></path></svg></span><span class="twemoji"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><!--! Font Awesome Free 6.2.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2022 Fonticons, Inc.--><path d="M314.9 194.4v101.4h-28.3v120.5h-77.1V295.9h-28.3V194.4c0-4.4 1.6-8.2 4.6-11.3 3.1-3.1 6.9-4.7 11.3-4.7H299c4.1 0 7.8 1.6 11.1 4.7 3.1 3.2 4.8 6.9 4.8 11.3zm-101.5-63.7c0-23.3 11.5-35 34.5-35s34.5 11.7 34.5 35c0 23-11.5 34.5-34.5 34.5s-34.5-11.5-34.5-34.5zM247.6 8C389.4 8 496 118.1 496 256c0 147.1-118.5 248-248.4 248C113.6 504 0 394.5 0 256 0 123.1 104.7 8 247.6 8zm.8 44.7C130.2 52.7 44.7 150.6 44.7 256c0 109.8 91.2 202.8 203.7 202.8 103.2 0 202.8-81.1 202.8-202.8.1-113.8-90.2-203.3-202.8-203.3z"></path></svg></span><span class="twemoji"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><!--! Font Awesome Free 6.2.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2022 Fonticons, Inc.--><path d="M247.6 8C389.4 8 496 118.1 496 256c0 147.1-118.5 248-248.4 248C113.6 504 0 394.5 0 256 0 123.1 104.7 8 247.6 8zm.8 44.7C130.2 52.7 44.7 150.6 44.7 256c0 109.8 91.2 202.8 203.7 202.8 103.2 0 202.8-81.1 202.8-202.8.1-113.8-90.2-203.3-202.8-203.3zm94 144.3v42.5H162.1V197h180.3zm0 79.8v42.5H162.1v-42.5h180.3z"></path></svg></span>'
-FOOTER_COPYRIGHT_INTRO="<b>Privacy Guides</b> is a non-profit, socially motivated website that provides information for protecting your data security and privacy."
-FOOTER_COPYRIGHT_LICENSE="Content license:"
-FOOTER_COPYRIGHT="$FOOTER_COPYRIGHT_INTRO <br> $FOOTER_COPYRIGHT_AFFILIATE <br> &copy; $FOOTER_COPYRIGHT_DATE $FOOTER_COPYRIGHT_ICON $FOOTER_COPYRIGHT_LICENSE <a href='/license'><strong>CC BY-ND 4.0</strong></a>. <a href='#__consent'>$FOOTER_COPYRIGHT_ANALYTICS</a>"
-LANG="English"
-LANG_ENGLISH="English"
-NAV_ABOUT="About"
-NAV_ADVANCED="Advanced"
-NAV_ADVANCED_TOPICS="Advanced Topics"
-NAV_BLOG="Blog"
-NAV_CHANGELOG="Changelog"
-NAV_CODE_OF_CONDUCT="Code of Conduct"
-NAV_COMMUNITY="Community"
-NAV_CONTRIBUTING="Contributing"
-NAV_FORUM="Forum"
-NAV_HOME="Home"
-NAV_INTERNET_BROWSING="Internet Browsing"
-NAV_KNOWLEDGE_BASE="Knowledge Base"
-NAV_ONLINE_SERVICES="Online Services"
-NAV_OPERATING_SYSTEMS="Operating Systems"
-NAV_PROVIDERS="Providers"
-NAV_RECOMMENDATIONS="Recommendations"
-NAV_SOFTWARE="Software"
-NAV_TECHNICAL_GUIDES="Technical Guides"
-NAV_TECHNOLOGY_ESSENTIALS="Technology Essentials"
-NAV_WRITING_GUIDE="Writing Guide"
-SITE_DESCRIPTION="Privacy Guides is your central privacy and security resource to protect yourself online."
-SITE_NAME="Privacy Guides"
-SOCIAL_FORUM="Forum"
-SOCIAL_GITHUB="GitHub"
 SOCIAL_MASTODON="Mastodon"
 SOCIAL_MATRIX="Matrix"
+SOCIAL_FORUM="Forum"
+SOCIAL_GITHUB="GitHub"
 SOCIAL_TOR_SITE="Hidden service"
-THEME_AUTO="Switch to system theme"
-THEME_DARK="Switch to dark mode"
-THEME_LIGHT="Switch to light mode"
+NAV_HOME="Home"
+NAV_KNOWLEDGE_BASE="Knowledge Base"
+NAV_TECHNOLOGY_ESSENTIALS="Technology Essentials"
+NAV_OPERATING_SYSTEMS="Operating Systems"
+NAV_ADVANCED_TOPICS="Advanced Topics"
+NAV_RECOMMENDATIONS="Recommendations"
+NAV_INTERNET_BROWSING="Internet Browsing"
+NAV_PROVIDERS="Providers"
+NAV_SOFTWARE="Software"
+NAV_ADVANCED="Advanced"
+NAV_ABOUT="About"
+NAV_COMMUNITY="Community"
+NAV_ONLINE_SERVICES="Online Services"
+NAV_CODE_OF_CONDUCT="Code of Conduct"
+NAV_CONTRIBUTING="Contributing"
+NAV_WRITING_GUIDE="Writing Guide"
+NAV_TECHNICAL_GUIDES="Technical Guides"
+NAV_CHANGELOG="Changelog"
+NAV_FORUM="Forum"
+NAV_BLOG="Blog"

theme/assets/javascripts/resolution.js

@@ -1,78 +0,0 @@
-function setCookie(cname, cvalue, exdays) {
-  const d = new Date();
-  d.setTime(d.getTime() + (exdays * 24 * 60 * 60 * 1000));
-  let expires = "expires="+d.toUTCString();
-  document.cookie = cname + "=" + cvalue + ";" + expires + ";path=/";
-}
-
-function getCookie(cname) {
-  let name = cname + "=";
-  let ca = document.cookie.split(';');
-  for(let i = 0; i < ca.length; i++) {
-    let c = ca[i];
-    while (c.charAt(0) == ' ') {
-      c = c.substring(1);
-    }
-    if (c.indexOf(name) == 0) {
-      return c.substring(name.length, c.length);
-    }
-  }
-  return "";
-}
-
-var consent = __md_get("__consent")
-if (!consent) {
-  __md_set("__consent", {umami: true});
-  if (getCookie('resolution') == '') {
-    const resolution = `${window.screen.width}x${window.screen.height}`;
-    setCookie('resolution', resolution, 30);
-  }
-}
-
-if (consent && consent.umami) {
-  if (getCookie('resolution') == '') {
-    const resolution = `${window.screen.width}x${window.screen.height}`;
-    setCookie('resolution', resolution, 30);
-  }
-  setCookie('umami', 'true', 0);
-} else {
-  setCookie('umami', 'false', 365);
-  setCookie('resolution', "0x0", 0);
-}
-
-var consent = __md_get("__consent")
-if (consent) {
-  for (var input of document.forms.consent.elements)
-    if (input.name)
-      input.checked = consent[input.name] || false
-
-/* Show consent with a small delay, but not if browsing locally */
-} else if (location.protocol !== "file:") {
-setTimeout(function() {
-  var el = document.querySelector("[data-md-component=consent]")
-  el.hidden = false
-}, 250)
-}
-
-/* Intercept submission of consent form */
-var form = document.forms.consent
-for (var action of ["submit", "reset"])
-form.addEventListener(action, function(ev) {
-  ev.preventDefault()
-
-  /* Reject all cookies */
-  if (ev.type === "reset")
-    for (var input of document.forms.consent.elements)
-      if (input.name)
-        input.checked = false
-
-  /* Grab and serialize form data */
-  __md_set("__consent", Object.fromEntries(
-    Array.from(new FormData(form).keys())
-      .map(function(key) { return [key, true] })
-  ))
-
-  /* Remove anchor to omit consent from reappearing and reload */
-  location.hash = '';
-  location.reload()
-})

theme/assets/stylesheets/home.css

@@ -109,7 +109,7 @@ article.md-content__inner {
 article.md-content__inner > * {
     max-width: 38rem;
 }
-article.md-content__inner > *:nth-child(n+7):nth-child(-n+12) {
+article.md-content__inner > *:nth-child(n+8):nth-child(-n+12) {
     margin-left: auto;
     margin-right: 0;
     text-align: right;

theme/assets/stylesheets/lang-he.css

@@ -26,7 +26,7 @@
     font-style: normal;
     font-weight: 400;
     font-display: swap;
-    src: url(https://fonts.bunny.net/suez-one/files/suez-one-hebrew-400-normal.woff2) format('woff2');
+    src: url(https://fonts.bunny.net/suez-one/files/suez-one-hebrew-400-normal.woff2) format('woff2'); 
     unicode-range: U+0590-05FF,U+200C-2010,U+20AA,U+25CC,U+FB1D-FB4F;
 }
 
@@ -36,7 +36,7 @@
     font-style: normal;
     font-weight: 400;
     font-display: swap;
-    src: url(https://fonts.bunny.net/suez-one/files/suez-one-latin-400-normal.woff2) format('woff2');
+    src: url(https://fonts.bunny.net/suez-one/files/suez-one-latin-400-normal.woff2) format('woff2'); 
     unicode-range: U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+2000-206F,U+2074,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD;
 }
 
@@ -46,10 +46,10 @@
     font-style: normal;
     font-weight: 400;
     font-display: swap;
-    src: url(https://fonts.bunny.net/suez-one/files/suez-one-latin-ext-400-normal.woff2) format('woff2');
+    src: url(https://fonts.bunny.net/suez-one/files/suez-one-latin-ext-400-normal.woff2) format('woff2'); 
     unicode-range: U+0100-024F,U+0259,U+1E00-1EFF,U+2020,U+20A0-20AB,U+20AD-20CF,U+2113,U+2C60-2C7F,U+A720-A7FF;
 }
-
+  
 h1, h2, h3, .md-header__topic {
     font-family: "Bagnard", "Suez One", serif;
 }

theme/assets/stylesheets/lang-ru.css

@@ -27,7 +27,7 @@
   font-weight: 700;
   font-stretch: 100%;
   font-display: swap;
-  src: url(https://fonts.bunny.net/playfair-display/files/playfair-display-cyrillic-700-normal.woff2) format('woff2'), url(https://fonts.bunny.net/playfair-display/files/playfair-display-cyrillic-700-normal.woff) format('woff');
+  src: url(https://fonts.bunny.net/playfair-display/files/playfair-display-cyrillic-700-normal.woff2) format('woff2'), url(https://fonts.bunny.net/playfair-display/files/playfair-display-cyrillic-700-normal.woff) format('woff'); 
   unicode-range: U+0301,U+0400-045F,U+0490-0491,U+04B0-04B1,U+2116;
 }
 
@@ -38,7 +38,7 @@
   font-weight: 700;
   font-stretch: 100%;
   font-display: swap;
-  src: url(https://fonts.bunny.net/playfair-display/files/playfair-display-latin-700-normal.woff2) format('woff2'), url(https://fonts.bunny.net/playfair-display/files/playfair-display-latin-700-normal.woff) format('woff');
+  src: url(https://fonts.bunny.net/playfair-display/files/playfair-display-latin-700-normal.woff2) format('woff2'), url(https://fonts.bunny.net/playfair-display/files/playfair-display-latin-700-normal.woff) format('woff'); 
   unicode-range: U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+0300-0301,U+0303-0304,U+0308-0309,U+0323,U+0329,U+2000-206F,U+2074,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD;
 }
 
@@ -49,7 +49,7 @@
   font-weight: 700;
   font-stretch: 100%;
   font-display: swap;
-  src: url(https://fonts.bunny.net/playfair-display/files/playfair-display-latin-ext-700-normal.woff2) format('woff2'), url(https://fonts.bunny.net/playfair-display/files/playfair-display-latin-ext-700-normal.woff) format('woff');
+  src: url(https://fonts.bunny.net/playfair-display/files/playfair-display-latin-ext-700-normal.woff2) format('woff2'), url(https://fonts.bunny.net/playfair-display/files/playfair-display-latin-ext-700-normal.woff) format('woff'); 
   unicode-range: U+0100-02AF,U+0300-0301,U+0303-0304,U+0308-0309,U+0323,U+0329,U+1E00-1EFF,U+2020,U+20A0-20AB,U+20AD-20CF,U+2113,U+2C60-2C7F,U+A720-A7FF;
 }
 

theme/assets/stylesheets/lang-zh-Hant.css

@@ -25,7 +25,7 @@
   font-family: 'Noto Serif TC';
   font-style: normal;
   font-weight: 400;
-  src: url(https://fonts.bunny.net/noto-serif-tc/files/noto-serif-tc-chinese-traditional-400-normal.woff2) format('woff2'), url(https://fonts.bunny.net/noto-serif-tc/files/noto-serif-tc-chinese-traditional-400-normal.woff) format('woff');
+  src: url(https://fonts.bunny.net/noto-serif-tc/files/noto-serif-tc-chinese-traditional-400-normal.woff2) format('woff2'), url(https://fonts.bunny.net/noto-serif-tc/files/noto-serif-tc-chinese-traditional-400-normal.woff) format('woff'); 
 }
 
 /* latin */
@@ -33,7 +33,7 @@
   font-family: 'Noto Serif TC';
   font-style: normal;
   font-weight: 400;
-  src: url(https://fonts.bunny.net/noto-serif-tc/files/noto-serif-tc-latin-400-normal.woff2) format('woff2'), url(https://fonts.bunny.net/noto-serif-tc/files/noto-serif-tc-latin-400-normal.woff) format('woff');
+  src: url(https://fonts.bunny.net/noto-serif-tc/files/noto-serif-tc-latin-400-normal.woff2) format('woff2'), url(https://fonts.bunny.net/noto-serif-tc/files/noto-serif-tc-latin-400-normal.woff) format('woff'); 
 }
 
 /* chinese-traditional */
@@ -41,7 +41,7 @@
   font-family: 'Noto Serif TC';
   font-style: normal;
   font-weight: 700;
-  src: url(https://fonts.bunny.net/noto-serif-tc/files/noto-serif-tc-chinese-traditional-700-normal.woff2) format('woff2'), url(https://fonts.bunny.net/noto-serif-tc/files/noto-serif-tc-chinese-traditional-700-normal.woff) format('woff');
+  src: url(https://fonts.bunny.net/noto-serif-tc/files/noto-serif-tc-chinese-traditional-700-normal.woff2) format('woff2'), url(https://fonts.bunny.net/noto-serif-tc/files/noto-serif-tc-chinese-traditional-700-normal.woff) format('woff'); 
 }
 
 /* latin */
@@ -49,7 +49,7 @@
   font-family: 'Noto Serif TC';
   font-style: normal;
   font-weight: 700;
-  src: url(https://fonts.bunny.net/noto-serif-tc/files/noto-serif-tc-latin-700-normal.woff2) format('woff2'), url(https://fonts.bunny.net/noto-serif-tc/files/noto-serif-tc-latin-700-normal.woff) format('woff');
+  src: url(https://fonts.bunny.net/noto-serif-tc/files/noto-serif-tc-latin-700-normal.woff2) format('woff2'), url(https://fonts.bunny.net/noto-serif-tc/files/noto-serif-tc-latin-700-normal.woff) format('woff'); 
 }
 
 h1, h2, h3, .md-header__topic {

theme/partials/javascripts/consent.html

@@ -1 +0,0 @@
-<!-- moved to assets/javascripts/resolution.js -->