Update browser-fingerprinting.md

docs/about/donate.md

@@ -4,20 +4,19 @@ title: Supporting Us
 <!-- markdownlint-disable MD036 -->
 It takes a lot of [people](contributors.md) and [work](https://github.com/privacyguides/privacyguides.org/pulse/monthly) to keep Privacy Guides up to date and spreading the word about privacy and mass surveillance. If you like what we do, consider getting involved by [editing the site](https://github.com/privacyguides/privacyguides.org) or [contributing translations](https://crowdin.com/project/privacyguides).
 
-## Donate
+<div class="admonition failure" markdown>
+<p class="admonition-title">Donation Information</p>
 
-Currently, the best way to support our work is to send a monthly or one-time contribution via GitHub Sponsors. We will be able to accept donations via alternate payment platforms very soon.
+Unfortunately, Open Collective Foundation (our long-time fiscal host) announced they are dissolving their operations and can no longer support us or any project they host. Thus, we have no way to accept donations at this time. We are looking into ways to move forward from a legal perspective, but in the meantime any non-monetary contribution you can provide would be greatly appreciated.
 
-[:material-heart:{ .pg-red } Sponsor us on GitHub](https://github.com/sponsors/privacyguides){ class="md-button md-button--primary" }
-
-We are also working with our fiscal host to receive cryptocurrency donations, at the moment the accounting is unfeasible for many smaller transactions, but this should change in the near future. In the meantime, if you still wish to make a cryptocurrency donation, please reach out to [jonah@privacyguides.org](mailto:jonah@privacyguides.org) to arrange a transaction.
-
-## Merchandise
+</div>
 
 Another option to support us is by buying our merchandise from HelloTux. We get a small commission for each item sold, and you get a quality product to show for it.
 
 [Buy on HelloTux.com](https://hellotux.com/privacyguides){ class="md-button" }
 
+Thank you to all those who support our mission! :heart:
+
 ## How We Use Donations
 
 Privacy Guides is a **non-profit** organization. We use donations for a variety of purposes, including:
@@ -38,6 +37,4 @@ Privacy Guides is a **non-profit** organization. We use donations for a variety
 
 :   We occasionally purchase products and services for the purposes of testing our [recommended tools](../tools.md).
 
-Your donation will go to a dedicated fund within [MAGIC Grants](https://magicgrants.org/), a 501(c)(3) organization. The funds will only be used for this project specifically. You may qualify for a tax deduction. If you need a donation receipt, please email <info@magicgrants.org>.
-
-Thank you to all those who support our mission! :material-heart:{ .pg-red }
+We are still working with our fiscal host (the Open Collective Foundation) to receive cryptocurrency donations, at the moment the accounting is unfeasible for many smaller transactions, but this should change in the future. In the meantime, if you wish to make a sizable (> $100) cryptocurrency donation, please reach out to [jonah@privacyguides.org](mailto:jonah@privacyguides.org).

docs/about/statistics.md

@@ -2,14 +2,13 @@
 title: Traffic Statistics
 ---
 <!-- markdownlint-disable MD051 -->
-We self-host [Umami](https://umami.is) to create a nice visualization of our traffic statistics, which are public at the link below.
-
-[View Statistics](https://stats.privacyguides.net/share/nVWjyd2QfgOPBhMF/www.privacyguides.org){ .md-button .md-button--primary }
-
-With this process:
+We self-host [Umami](https://umami.is) to create a nice visualization of our traffic statistics, which are public at the link below. With this process:
 
 - Your information is never shared with a third-party, it stays on servers we control
 - Your personal data is never saved, we only collect data in aggregate
-- No client-side JavaScript is used
+- No client-side JavaScript is required
 
-Because of these facts, keep in mind our statistics may be inaccurate. It is a useful tool to compare different dates with each other and analyze overall trends, but the actual numbers may be far off from reality. In other words they're *precise* statistics, but not *accurate* statistics.
+Because of these facts, keep in mind our statistics may be inaccurate. It is a useful tool to compare different dates with each other and analyze overall trends, but the actual numbers may be far off from reality. They're *precise* statistics, but not *accurate* statistics.
+
+[View Statistics](https://stats.privacyguides.net/share/nVWjyd2QfgOPBhMF/www.privacyguides.org){ .md-button .md-button--primary }
+[Opt-Out](#__consent){ .md-button }

docs/advanced/browser-fingerprinting.md

@@ -0,0 +1,81 @@
+---
+title: "Browser Fingerprinting"
+icon: material/fingerprint
+description: Browser fingerprinting is a method of tracking users across sites regardless of their network.
+---
+
+**Fingerprinting** refers to a service collecting metadata about whatever connects to it, for the purposes of identifying a user. In this overview we are largely going to cover **browser fingerprinting**, specifically how websites try to uniquely identify your web browser outside the standard identifiers most people think of, like your IP address or user agent.
+
+<div class="admonition abstract" markdown>
+<p class="admonition-title">TL;DR</p>
+
+The **only** reliable way to thwart all fingerprinting scripts and be anonymous is to use [Tor Browser](../tor.md). Other browsers can only confidently fool certain tracking scripts, and will never be completely unidentifiable despite any claims otherwise. However, the anti-fingerprinting approaches used by other browsers and described here are still useful in protecting your privacy.
+
+</div>
+
+Many people think their browser fingerprint is a single thing, like your actual fingerprints, a string of characters like `XP2urbkhQIaHyMQYXYv4` that uniquely identifies their browser, and if they can get theirs to match everyone else's they are safe. However, browser fingerprinting actually refers to the broad collection of all the different metrics which websites can use to track you.
+
+While many websites or fingerprinting scripts do take all those metrics and hash them into a single identifying string with a fingerprinting algorithm, the algorithms and the metrics they use to create that fingerprint varies between different trackers. In other words, just because one fingerprinting test says your browser's fingerprint is non-unique, or randomized, or any certain thing; doesn't necessarily mean that it will be for every other fingerprinting test or tracker out there, because every method of fingerprinting your browser is different.
+
+Many non-experts will claim that using Firefox or enabling its fingerprinting resistance preferences will make you *more* unique, give you *less* privacy, and make you "stand out in the crowd." However, if you instead do nothing at all then your browser will *already* be uniquely identifiable. Thus, the "crowd" of Google Chrome or Safari users these people will claim exists in fact does not, because you can't blend in to a crowd filled with completely unique browsers. A [study](https://www.ndss-symposium.org/ndss2017/ndss-2017-programme/cross-browser-fingerprinting-os-and-hardware-level-features/) published in 2017 demonstrated an approach that could uniquely identify 99.24% of users, without even taking into account their IP address.
+
+==When you are already completely unique, becoming "more unique" is impossible.== In reality, these fingerprint resistance features are generally not meant to make your browser unidentifiable at all, they merely block tracker scripts from collecting certain metrics, which in turn *can* make your browser unidentifiable to certain—but not all—tracking scripts which rely on those metrics.
+
+## Common metrics
+
+Your browser sends lots of data to the websites you visit, and even more data can be detected by clever tracking scripts. Some data points which—when combined—can be used to identify you include:
+
+- Your time zone
+- The fonts you have installed
+- The size of your browser window (or screen size)
+- Your language
+- Your timezone
+- Extensions you have installed[^1]
+- How fast your computer is[^2]
+- And much more...
+
+Some of these metrics are stronger or weaker than others, your browser window size is a weak tracking metric because it is easily changed, while your fonts or timezone are a stronger identifier because they are relatively static, for example. Combined with—or even without—the tracking factors people typically think of, such as your IP address, tracking cookies, and user agent; metrics like these can easily pinpoint particular browsers across the web.
+
+Another common fingerprinting technique is "canvas fingerprinting," which uses WebGL to determine information about your graphics drivers and GPU (or CPU).[^3] In 2022 this was expanded upon in a [research paper](https://www.ndss-symposium.org/wp-content/uploads/2022-93-paper.pdf) which described methods of using canvas fingerprinting in a way which could effectively identify users with "similar hardware and software configurations, even when they are considered identical by current state-of-the-art fingerprinting algorithms." Tor [considers](https://2019.www.torproject.org/projects/torbrowser/design/#fingerprinting-linkability) canvas fingerprinting to be "the single largest fingerprinting threat browsers face today."
+
+[^1]: In some cases the extensions you have installed can be [directly detected](https://z0ccc.github.io/extension-fingerprints/) by websites. In other cases, the behavior of your installed extensions can be observed to fingerprint you. A website can detect whether your ad blocker blocks certain domains for example, which can give it an idea of the ad blocking lists you have installed.
+[^2]: Browser benchmark tests can be used to determine CPU features, such as whether it supports hardware AES encryption or Intel Turbo Boost by finding the time it takes for your computer to perform a simple calculation or cryptographic algorithm. Browser hardware APIs such as Chromium's [Battery API](https://developer.mozilla.org/en-US/docs/Web/API/Battery_Status_API) can also be used to detect short-term information about your system like its current battery life.
+[^3]: A 2012 paper "[Pixel Perfect: Fingerprinting Canvas in HTML5](https://hovav.net/ucsd/dist/canvas.pdf)" demonstrated that canvas fingerprinting produces 5.73 bits of entropy, based on the browser, operating system, and GPU hardware configuration of the computer.
+
+## Types of tracking scripts
+
+In general, we can classify fingerprinting software into two categories: **naive** and **advanced**.
+
+**Naive** trackers can be fooled by standard anti-fingerprinting techniques like Firefox's "resist fingerprinting" or Brave's fingerprint randomization features, because they only look for a few predetermined metrics and will blindly accept whatever values your browser provides.
+
+On the other hand, **advanced** fingerprinting scripts can detect randomized values created by your browser (this is always possible) with varying levels of sophistication, going to greater lengths to fingerprint you than most anti-fingerprinting methods can protect against. The only way to defeat advanced scripts is by blending in with a crowd of other identical looking browsers, which is no easy feat.
+
+==The good news is that most fingerprinting scripts you will encounter on the internet are naive==. They don't bother trying to detect and bypass anti-fingerprinting methods, because they are relatively uncommon, so **any** anti-fingerprinting measures you can implement will work effectively towards thwarting those trackers. This is not to say that fingerprinting cannot or will not become more sophisticated and widespread in the future, but for now most standard anti-fingerprinting approaches are enough.
+
+## Anti-fingerprinting approaches
+
+Broadly speaking, there are three ways that browsers usually try to deal with fingerprinting. In increasing levels of protection:
+
+1. Blocking known fingerprinting scripts.
+2. Randomizing your fingerprint.
+3. Presenting a uniform fingerprint.
+
+There are advantages and disadvantages to each of these approaches, and generally they cover distinct threat models, but all approaches ultimately try to make it more difficult for websites to track you across the internet.
+
+[Firefox](../desktop-browsers.md#firefox) out of the box takes the first approach, which is to simply block third-party requests to "companies that are known to participate in fingerprinting." This is the *safest* approach, because it results in almost no website breakage, but it also provides the least protection, because it relies on identifying trackers in advance. It also does little to block first-party tracking. You can generally achieve similar results in any browser with an extension that blocks known trackers, like [uBlock Origin](../browser-extensions.md#ublock-origin).
+
+Firefox is *capable* of much stronger fingerprinting protections, although those settings are typically not easily accessible and are not enabled by default. You can use a tool like [Arkenfox](../desktop-browsers.md#arkenfox-advanced) to increase your protections closer to what is provided by Tor Browser (explained below), but it requires more technical effort on your end.
+
+[Brave](../desktop-browsers.md#brave) largely takes the **randomization** approach, by changing fingerprintable metrics in ways which are imperceptible to the person using the browser, but confusing for machines on the other end. This approach gives your browser a completely unique fingerprint, **but** that fingerprint *changes* for each website you visit, so those metrics can't be used to track you across different sites. The benefit of this approach is that website breakage is minimized, because the browser can keep a lot of features enabled and simply randomize their outputs a bit.
+
+However, randomizing your fingerprint does not provide complete protection. Artificial randomization can be detected by websites, and the original entropy from the raw source data still exists. In some cases the randomization implementation has been reversible in practice. Brave's Web Audio API's randomization was at one point [reversible](https://fingerprint.com/blog/audio-fingerprinting/#reverting-brave-standard-farbling) for example. There may also be other indirect ways of learning about the original non-randomized data. Bypassing or de-randomizing these randomized outputs are all techniques which could be utilized by *advanced* tracking scripts.
+
+[Tor Browser](../tor.md#tor-browser) and [Mullvad Browser](../desktop-browsers.md#mullvad-browser) take the more extreme approach of **blocking** access to fingerprintable metrics in the first place, and making other fingerprintable metrics non-unique, so that your browser is as similar as possible to other browsers. Because this is generally achieved by locking down the browser to as minimal a feature-set as possible—in order to make a large plethora of users look identical—it does generally come at the cost of frequent website breakage. However, it is the only way to thwart *advanced* tracking scripts.
+
+Many other browsers do use similar techniques to protect your privacy, but to a far lesser extent. Safari, for example, only makes a select list of system fonts available for websites to access regardless of the fonts you actually have installed.
+
+## Further Reading
+
+Browser fingerprinting is a very complex topic. These resources may be useful in obtaining more technical background information:
+
+- The [Arkenfox](../desktop-browsers.md#arkenfox-advanced) user.js [documentation](https://github.com/arkenfox/user.js/wiki) is a very comprehensive resource about fingerprinting and Firefox's anti-fingerprinting protections, which was used extensively while writing this article.

docs/basics/multi-factor-authentication.md

@@ -101,7 +101,7 @@ When configuring your MFA method, keep in mind that it is only as secure as your
 
 You should always have backups for your MFA method. Hardware security keys can get lost, stolen or simply stop working over time. It is recommended that you have a pair of hardware security keys with the same access to your accounts instead of just one.
 
-When using TOTP with an authenticator app, be sure to back up your recovery keys or the app itself, or copy the "shared secrets" to another instance of the app on a different phone or to an encrypted container (e.g. [VeraCrypt](../encryption.md#veracrypt-disk)).
+When using TOTP with an authenticator app, be sure to back up your recovery keys or the app itself, or copy the "shared secrets" to another instance of the app on a different phone or to an encrypted container (e.g. [VeraCrypt](../encryption.md#veracrypt)).
 
 ### Initial Set Up
 
@@ -119,6 +119,10 @@ If you use SMS MFA, use a carrier who will not switch your phone number to a new
 
 Beyond just securing your website logins, multi-factor authentication can be used to secure your local logins, SSH keys or even password databases as well.
 
+### Windows
+
+Yubico has a dedicated [Credential Provider](https://learn.microsoft.com/windows/win32/secauthn/credential-providers-in-windows) that adds Challenge-Response authentication for the username + password login flow for local Windows accounts. If you have a YubiKey with Challenge-Response authentication support, take a look at the [Yubico Login for Windows Configuration Guide](https://support.yubico.com/hc/articles/360013708460-Yubico-Login-for-Windows-Configuration-Guide), which will allow you to set up MFA on your Windows computer.
+
 ### macOS
 
 macOS has [native support](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) for authentication with smart cards (PIV). If you have a smartcard or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smartcard/hardware security vendor's documentation and set up second factor authentication for your macOS computer.

docs/calendar.md

@@ -10,8 +10,7 @@ Calendars contain some of your most sensitive data; use products that implement
 
 <div class="admonition recommendation" markdown>
 
-![Tuta logo](assets/img/email/tuta.svg#only-light){ align=right }
-![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ align=right }
+![Tuta logo](assets/img/calendar/tuta.svg){ align=right }
 
 **Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multi-factor authentication, and [more](https://tuta.com/calendar-app-comparison).
 
@@ -28,9 +27,9 @@ Multiple calendars and extended sharing functionality is limited to paid subscri
 
 - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=de.tutao.tutanota)
 - [:simple-appstore: App Store](https://apps.apple.com/app/id922429609)
-- [:simple-windows11: Windows](https://tuta.com/blog/desktop-clients)
-- [:simple-apple: macOS](https://tuta.com/blog/desktop-clients)
-- [:simple-linux: Linux](https://tuta.com/blog/desktop-clients)
+- [:simple-windows11: Windows](https://tuta.com/blog/posts/desktop-clients)
+- [:simple-apple: macOS](https://tuta.com/blog/posts/desktop-clients)
+- [:simple-linux: Linux](https://tuta.com/blog/posts/desktop-clients)
 - [:simple-flathub: Flathub](https://flathub.org/apps/com.tutanota.Tutanota)
 - [:octicons-browser-16: Web](https://app.tuta.com)
 

docs/desktop-browsers.md

@@ -345,7 +345,7 @@ Brave's Web3 features can potentially add to your browser fingerprint and attack
 
 #### Brave Rewards and Wallet
 
-**Brave Rewards** lets you recieve Basic Attention Token (BAT) cryptocurrency for performing certain actions within Brave. It relies on a custodial account and KYC from a select number of providers. We do not recommend BAT as a [private cryptocurrency](cryptocurrency.md), nor do we recommend using a [custodial wallet](advanced/payments.md#wallet-custody), so we would discourage using this feature.
+**Brave Rewards** lets you recieve Basic Attention Token (BAT) cryptocurrency for performing certain actions within Brave. It relies on a custodial account and KYC from a select number of providers. We do not recommend BAT as a [private cryptocurrency](cryptocurrency.md), nor do we recommend using a [custodial wallet](advanced/payments.md#other-coins-bitcoin-ethereum-etc), so we would discourage using this feature.
 
 **Brave Wallet** operates locally on your computer, but does not support any private cryptocurrencies, so we would discourage using this feature as well.
 

docs/device-integrity.md

@@ -214,13 +214,13 @@ Using these apps is insufficient to determine that a device is "clean", and not
 
 Hypatia is particularly good at detecting common stalkerware: If you suspect you are a victim of stalkerware, you should [visit this page](https://stopstalkerware.org/information-for-survivors) for advice.
 
-### iVerify Basic (iOS)
+### iVerify (iOS)
 
 <div class="admonition recommendation" markdown>
 
 ![iVerify logo](assets/img/device-integrity/iverify.webp){ align=right }
 
-**iVerify Basic** is an iOS app which can scan your device to check configuration settings, patch level, and other areas of security. It also checks your device for indicators of compromise by jailbreak tools or spyware such as Pegasus.
+**iVerify** is an iOS app which automatically scans your device to check configuration settings, patch level, and other areas of security. It also checks your device for indicators of compromise by jailbreak tools or spyware such as Pegasus.
 
 [:octicons-home-16: Homepage](https://iverify.io/consumer){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://iverify.io/privacy-policy){ .card-link title="Privacy Policy" }
@@ -235,10 +235,8 @@ Hypatia is particularly good at detecting common stalkerware: If you suspect you
 
 </div>
 
-Previously, iVerify would scan your device for threats automatically in the background and notify you if one is found, but this is [no longer the case](https://discuss.privacyguides.net/t/iverify-basic-is-now-available-on-android/18458/11) following their rebrand of the consumer app to *iVerify Basic* in May 2024. You can still run manual scans within the app. Automatic background scanning is now only available in iVerify's enterprise product which is unavailable to consumers.
+Like all iOS apps, iVerify is restricted to what it can observe about your device from within the iOS App Sandbox. It will not provide nearly as robust analysis as a full-system analysis tool like [MVT](#mobile-verification-toolkit). Its primary function is to detect whether your device is jailbroken, which it is effective at, however a hypothetical threat which is *specifically* designed to bypass iVerify's checks would likely succeed at doing so.
 
-Like all iOS apps, iVerify Basic is restricted to what it can observe about your device from within the iOS App Sandbox. It will not provide nearly as robust analysis as a full-system analysis tool like [MVT](#mobile-verification-toolkit). Its primary function is to detect whether your device is jailbroken, which it is effective at, however a hypothetical threat which is *specifically* designed to bypass iVerify's checks would likely succeed at doing so.
+iVerify is **not** an "antivirus" tool, and will not detect non-system-level malware such as malicious custom keyboards or malicious Wi-Fi Sync configurations, for example.
 
-iVerify Basic is **not** an "antivirus" tool, and will not detect non-system-level malware such as malicious custom keyboards or malicious Wi-Fi Sync configurations, for example.
-
-In addition to device scanning, iVerify Basic also includes a number of additional security utilities which you may find useful, including device [reboot reminders](os/ios-overview.md#before-first-unlock), iOS update notifications (which are often faster than Apple's staggered update notification rollout), and some basic privacy and security guides.
+In addition to device scanning, iVerify also includes a number of additional security utilities which you may find useful, including device reboot reminders, iOS update notifications (which are often faster than Apple's staggered update notification rollout), some basic privacy and security guides, and a DNS over HTTPS tool which can connect your device's [DNS](dns.md) queries securely to Quad9, Cloudflare, or Google.

docs/email.md

@@ -178,7 +178,7 @@ These providers store your emails with zero-knowledge encryption, making them gr
 
 <div class="grid cards" markdown>
 
-- ![Tuta logo](assets/img/email/tuta.svg#only-light){ .twemoji loading=lazy }![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ .twemoji loading=lazy } [Tuta](email.md#tuta)
+- ![Tuta logo](assets/img/email/tuta.svg){ .twemoji } [Tuta](email.md#tuta)
 
 </div>
 
@@ -186,8 +186,7 @@ These providers store your emails with zero-knowledge encryption, making them gr
 
 <div class="admonition recommendation" markdown>
 
-![Tuta logo](assets/img/email/tuta.svg#only-light){ align=right }
-![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ align=right }
+![Tuta logo](assets/img/email/tuta.svg){ align=right }
 
 **Tuta** is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since **2011** and is based in Hanover, Germany. Free accounts start with 1GB of storage.
 
@@ -212,7 +211,7 @@ These providers store your emails with zero-knowledge encryption, making them gr
 
 </div>
 
-Tuta doesn't support the [IMAP protocol](https://tuta.com/support#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tuta app. [Email import](https://github.com/tutao/tutanota/issues/630) is not currently supported either, though this is [due to be changed](https://tuta.com/blog/kickoff-import). Emails can be exported [individually or by bulk selection](https://tuta.com/support#generalMail) per folder, which may be inconvenient if you have many folders.
+Tuta doesn't support the [IMAP protocol](https://tuta.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tuta app. [Email import](https://github.com/tutao/tutanota/issues/630) is not currently supported either, though this is [due to be changed](https://tuta.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tuta.com/support#generalMail) per folder, which may be inconvenient if you have many folders.
 
 #### :material-check:{ .pg-green } Custom Domains and Aliases
 
@@ -220,7 +219,7 @@ Paid Tuta accounts can use either 15 or 30 aliases depending on their plan and u
 
 #### :material-information-outline:{ .pg-blue } Private Payment Methods
 
-Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with Proxystore.
+Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/faq/#cryptocurrency) with Proxystore.
 
 #### :material-check:{ .pg-green } Account Security
 
@@ -240,7 +239,7 @@ Tuta will [delete inactive free accounts](https://tuta.com/support#inactive-acco
 
 #### :material-information-outline:{ .pg-blue } Additional Functionality
 
-Tuta offers the business version of [Tuta to non-profit organizations](https://tuta.com/blog/secure-email-for-non-profit) for free or with a heavy discount.
+Tuta offers the business version of [Tuta to non-profit organizations](https://tuta.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount.
 
 Tuta doesn't offer a digital legacy feature.
 

docs/encryption.md

@@ -340,7 +340,7 @@ gpg --quick-gen-key alice@example.com future-default
 <div class="admonition note" markdown>
 <p class="admonition-title">Note</p>
 
-We suggest [Canary Mail](email-clients.md#canary-mail-ios) for using PGP with email on iOS devices.
+We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices.
 
 </div>
 
@@ -348,7 +348,7 @@ We suggest [Canary Mail](email-clients.md#canary-mail-ios) for using PGP with em
 
 ![GPG Suite logo](assets/img/encryption-software/gpgsuite.png){ align=right }
 
-**GPG Suite** provides OpenPGP support for [Apple Mail](email-clients.md#apple-mail-macos) and macOS.
+**GPG Suite** provides OpenPGP support for [Apple Mail](email-clients.md#apple-mail) and macOS.
 
 We recommend taking a look at their [First steps](https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email) and [Knowledge base](https://gpgtools.tenderapp.com/kb) for support.
 
@@ -372,7 +372,7 @@ We recommend taking a look at their [First steps](https://gpgtools.tenderapp.com
 
 ![OpenKeychain logo](assets/img/encryption-software/openkeychain.svg){ align=right }
 
-**OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail-android) and [FairEmail](email-clients.md#fairemail-android) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
+**OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
 
 [:octicons-home-16: Homepage](https://openkeychain.org){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }

docs/multi-factor-authentication.md

@@ -103,13 +103,13 @@ Authenticator Apps implement a security standard adopted by the Internet Enginee
 
 We highly recommend that you use mobile TOTP apps instead of desktop alternatives as Android and iOS have better security and app isolation than most desktop operating systems.
 
-### Ente Auth
+### ente Auth
 
 <div class="admonition recommendation" markdown>
 
-![Ente Auth logo](assets/img/multi-factor-authentication/ente-auth.png){ align=right }
+![ente Auth logo](assets/img/multi-factor-authentication/ente-auth.png){ align=right }
 
-**Ente Auth** is a free and open-source app which stores and generates TOTP tokens. It can be used with an online account to backup and sync your tokens across your devices (and access them via a web interface) in a secure, end-to-end encrypted fashion. It can also be used offline on a single device with no account necessary.
+**ente Auth** is a free and open-source app which stores and generates TOTP tokens. It can be used with an online account to backup and sync your tokens across your devices (and access them via a web interface) in a secure, end-to-end encrypted fashion. It can also be used offline on a single device with no account necessary.
 
 [:octicons-home-16: Homepage](https://ente.io/auth){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://ente.io/privacy){ .card-link title="Privacy Policy" }

docs/os/linux-overview.md

@@ -3,7 +3,7 @@ title: Linux Overview
 icon: simple/linux
 description: Linux is an open-source, privacy-focused desktop operating system alternative, but not all distribitions are created equal.
 ---
-**Linux** is an open-source, privacy-focused desktop operating system alternative. In the face of pervasive telemetry and other privacy-encroaching technologies in mainstream operating systems, desktop Linux has remained the clear choice for people looking for total control over their computers from the ground up.
+**Linux** is an open-source, privacy-focused desktop operating system alternative. In the face of pervasive telemetry and other privacy-encroaching technologies in mainstream operating systems, Linux desktop has remained the clear choice for people looking for total control over their computers from the ground up.
 
 Our website generally uses the term “Linux” to describe **desktop** Linux distributions. Other operating systems which also use the Linux kernel such as ChromeOS, Android, and Qubes OS are not discussed on this page.
 
@@ -15,7 +15,7 @@ There are some notable privacy concerns with Linux which you should be aware of.
 
 - Avoid telemetry that often comes with proprietary operating systems
 - Maintain [software freedom](https://gnu.org/philosophy/free-sw.en.html#four-freedoms)
-- Use privacy-focused systems such as [Whonix](../desktop.md#whonix) or [Tails](../desktop.md#tails)
+- Use privacy focused systems such as [Whonix](https://whonix.org) or [Tails](https://tails.net)
 
 ### Open-Source Security
 
@@ -41,7 +41,7 @@ Not all Linux distributions are created equal. Our [Linux recommendation page](.
 
 We highly recommend that you choose distributions which stay close to the stable upstream software releases, often referred to as rolling release distributions. This is because frozen release cycle distributions often don’t update package versions and fall behind on security updates.
 
-For frozen distributions such as [Debian](https://debian.org/security/faq#handling), package maintainers are expected to backport patches to fix vulnerabilities rather than bump the software to the “next version” released by the upstream developer. Some security fixes [do not](https://arxiv.org/abs/2105.14565) receive a [CVE ID](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures) (particularly less popular software) at all and therefore do not make it into the distribution with this patching model. As a result, minor security fixes are sometimes held back until the next major release.
+For frozen distributions such as [Debian](https://debian.org/security/faq#handling), package maintainers are expected to backport patches to fix vulnerabilities rather than bump the software to the “next version” released by the upstream developer. Some security fixes [do not](https://arxiv.org/abs/2105.14565) receive a [CVE ID](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures) (particularly less popular software) at all and therefore do not make it into the distribution with this patching model. As a result minor security fixes are sometimes held back until the next major release.
 
 We don’t believe holding packages back and applying interim patches is a good idea, as it diverges from the way the developer might have intended the software to work. [Richard Brown](https://rootco.de/aboutme) has a presentation about this:
 
@@ -106,7 +106,7 @@ If you require suspend-to-disk (hibernation) functionality, you will still need
 
 We recommend using a desktop environment that supports the [Wayland](https://en.wikipedia.org/wiki/Wayland_(display_server_protocol)) display protocol, as it was developed with security [in mind](https://lwn.net/Articles/589147). Its predecessor ([X11](https://en.wikipedia.org/wiki/X_Window_System)) does not support GUI isolation, which allows any window to [record, log, and inject inputs in other windows](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation.html), making any attempt at sandboxing futile. While there are options to do nested X11 such as [Xpra](https://en.wikipedia.org/wiki/Xpra) or [Xephyr](https://en.wikipedia.org/wiki/Xephyr), they often come with negative performance consequences, and are neither convenient to set up nor preferable over Wayland.
 
-Fortunately, [Wayland compositors](https://en.wikipedia.org/wiki/Wayland_(protocol)#Wayland_compositors) such as those included with [GNOME](https://gnome.org) and [KDE Plasma](https://kde.org) now have good support for Wayland along with some other compositors that use [wlroots](https://gitlab.freedesktop.org/wlroots/wlroots/-/wikis/Projects-which-use-wlroots), (e.g. [Sway](https://swaywm.org)). Some distributions like Fedora and Tumbleweed use it by default, and some others may do so in the future as X11 is in [hard maintenance mode](https://phoronix.com/news/X.Org-Maintenance-Mode-Quickly). If you’re using one of those environments it is as easy as selecting the “Wayland” session at the desktop display manager ([GDM](https://en.wikipedia.org/wiki/GNOME_Display_Manager), [SDDM](https://en.wikipedia.org/wiki/Simple_Desktop_Display_Manager)).
+Fortunately, [wayland compositors](https://en.wikipedia.org/wiki/Wayland_(protocol)#Wayland_compositors) such as those included with [GNOME](https://gnome.org) and [KDE Plasma](https://kde.org) now have good support for Wayland along with some other compositors that use [wlroots](https://gitlab.freedesktop.org/wlroots/wlroots/-/wikis/Projects-which-use-wlroots), (e.g. [Sway](https://swaywm.org)). Some distributions like Fedora and Tumbleweed use it by default, and some others may do so in the future as X11 is in [hard maintenance mode](https://phoronix.com/news/X.Org-Maintenance-Mode-Quickly). If you’re using one of those environments it is as easy as selecting the “Wayland” session at the desktop display manager ([GDM](https://en.wikipedia.org/wiki/GNOME_Display_Manager), [SDDM](https://en.wikipedia.org/wiki/Simple_Desktop_Display_Manager)).
 
 We recommend **against** using desktop environments or window managers that do not have Wayland support, such as Cinnamon (default on Linux Mint), Pantheon (default on Elementary OS), MATE, Xfce, and i3.
 
@@ -122,7 +122,7 @@ Most Linux distributions will automatically install updates or remind you to do
 
 Some distributions (particularly those aimed at advanced users) are more bare bones and expect you to do things yourself (e.g. Arch or Debian). These will require running the "package manager" (`apt`, `pacman`, `dnf`, etc.) manually in order to receive important security updates.
 
-Additionally, some distributions will not download firmware updates automatically. For that, you will need to install [`fwupd`](https://wiki.archlinux.org/title/Fwupd).
+Additionally, some distributions will not download firmware updates automatically. For that you will need to install [`fwupd`](https://wiki.archlinux.org/title/Fwupd).
 
 ## Privacy Tweaks
 
@@ -144,7 +144,7 @@ There are other system identifiers which you may wish to be careful about. You s
 
 - **Hostnames:** Your system's hostname is shared with the networks you connect to. You should avoid including identifying terms like your name or operating system in your hostname, instead sticking to generic terms or random strings.
 - **Usernames:** Similarly, your username is used in a variety of ways across your system. Consider using generic terms like "user" rather than your actual name.
-- **Machine ID:** During installation, a unique machine ID is generated and stored on your device. Consider [setting it to a generic ID](https://madaidans-insecurities.github.io/guides/linux-hardening.html#machine-id).
+- **Machine ID:**: During installation a unique machine ID is generated and stored on your device. Consider [setting it to a generic ID](https://madaidans-insecurities.github.io/guides/linux-hardening.html#machine-id).
 
 ### System Counting
 
@@ -152,4 +152,4 @@ The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Co
 
 This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
 
-openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by emptying the `/var/lib/zypp/AnonymousUniqueId` file.
+openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file.

docs/photo-management.md

@@ -6,14 +6,14 @@ cover: photo-management.webp
 ---
 Most cloud photo management solutions like Google Photos, Flickr, and Amazon Photos don't secure your photos against being accessed by the cloud storage provider themselves. These options keep your personal photos private, while allowing you to share them only with family and trusted people.
 
-## Ente Photos
+## ente
 
 <div class="admonition recommendation" markdown>
 
-![Ente logo](assets/img/photo-management/ente.svg#only-light){ align=right }
-![Ente logo](assets/img/photo-management/ente-dark.svg#only-dark){ align=right }
+![ente logo](assets/img/photo-management/ente.svg#only-light){ align=right }
+![ente logo](assets/img/photo-management/ente-dark.svg#only-dark){ align=right }
 
-**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). It underwent an [audit by Cure53](https://ente.io/blog/cryptography-audit) in March 2023 and by [Fallible](https://ente.io/reports/Fallible-Audit-Report-19-04-2023.pdf) in April 2023. The free trial offers 5GB of storage, for a year.
+**ente** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). It underwent an [audit by Cure53](https://ente.io/blog/cryptography-audit) in March 2023 and by [Fallible](https://ente.io/reports/Fallible-Audit-Report-19-04-2023.pdf) in April 2023. The free trial offers 1GB of storage, for a year.
 
 [:octicons-home-16: Homepage](https://ente.io){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://ente.io/privacy){ .card-link title="Privacy Policy" }

docs/search-engines.md

@@ -33,7 +33,7 @@ Consider using a [VPN](vpn.md) or [Tor](tor.md) if your threat model requires hi
 
 **Brave Search** is a search engine developed by Brave. The index is optimized against Google Search and therefore may provide more contextually accurate results compared to other alternatives.
 
-Brave Search includes unique features such as [Discussions](https://search.brave.com/help/discussions), which highlights conversation-focused results such as forum posts.
+Brave Search includes unique features such as [Discussions](https://search.brave.com/help/discussions), which highlights conversation-focused results—such as forum posts.
 
 [:octicons-home-16: Homepage](https://search.brave.com){ .md-button .md-button--primary }
 [:simple-torbrowser:](https://search.brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title="Onion Service" }
@@ -44,8 +44,6 @@ Brave Search includes unique features such as [Discussions](https://search.brave
 
 </div>
 
-Note that if you use Brave Search while logged in to a Premium account, it may make it easier for Brave to correlate queries with specific users.
-
 We recommend you disable [Anonymous usage metrics](https://search.brave.com/help/usage-metrics) as it is enabled by default and can be disabled within settings.
 
 ### DuckDuckGo
@@ -124,7 +122,7 @@ When you are using a SearXNG instance, be sure to go read their privacy policy.
 ### Minimum Requirements
 
 - Must not collect PII per their privacy policy.
-- Must not require users to create an account with them.
+- Must not allow users to create an account with them.
 
 ### Best-Case
 

docs/tools.md

@@ -103,7 +103,7 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 </div>
 
-[Learn more :material-arrow-right-drop-circle:](dns.md#self-hosted-dns-filtering)
+[Learn more :material-arrow-right-drop-circle:](dns.md#self-hosted-solutions)
 
 ### Email
 
@@ -111,7 +111,7 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 - ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji loading=lazy } [Proton Mail](email.md#proton-mail)
 - ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji loading=lazy } [Mailbox.org](email.md#mailboxorg)
-- ![Tuta logo](assets/img/email/tuta.svg#only-light){ .twemoji loading=lazy }![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ .twemoji loading=lazy } [Tuta](email.md#tuta)
+- ![Tuta logo](assets/img/email/tuta.svg){ .twemoji loading=lazy } [Tuta](email.md#tuta)
 
 </div>
 
@@ -166,7 +166,7 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 <div class="grid cards" markdown>
 
-- ![Ente logo](assets/img/photo-management/ente.svg#only-light){ .twemoji loading=lazy }![Ente logo](assets/img/photo-management/ente.svg#only-dark){ .twemoji loading=lazy } [Ente Photos](photo-management.md#ente)
+- ![Ente logo](assets/img/photo-management/ente.svg#only-light){ .twemoji loading=lazy }![Ente logo](assets/img/photo-management/ente.svg#only-dark){ .twemoji loading=lazy } [Ente](photo-management.md#ente)
 - ![Stingle logo](assets/img/photo-management/stingle.png#only-light){ .twemoji loading=lazy }![Stingle logo](assets/img/photo-management/stingle-dark.png#only-dark){ .twemoji loading=lazy } [Stingle](photo-management.md#stingle)
 - ![PhotoPrism logo](assets/img/photo-management/photoprism.svg){ .twemoji loading=lazy } [PhotoPrism](photo-management.md#photoprism)
 
@@ -218,7 +218,7 @@ If you're looking for added **security**, you should always ensure you're connec
 
 <div class="grid cards" markdown>
 
-- ![Tuta logo](assets/img/email/tuta.svg#only-light){ .twemoji loading=lazy }![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ .twemoji loading=lazy } [Tuta](calendar.md#tuta)
+- ![Tuta logo](assets/img/calendar/tuta.svg){ .twemoji loading=lazy } [Tuta](calendar.md#tuta)
 - ![Proton Calendar logo](assets/img/calendar/proton-calendar.svg){ .twemoji loading=lazy } [Proton Calendar](calendar.md#proton-calendar)
 
 </div>
@@ -274,7 +274,7 @@ If you're looking for added **security**, you should always ensure you're connec
 
 For encrypting your operating system drive, we typically recommend using whichever encryption tool your operating system provides, whether that is **BitLocker** on Windows, **FileVault** on macOS, or **LUKS** on Linux. These tools are included with the operating system and typically use hardware encryption elements such as a TPM that other full-disk encryption software like VeraCrypt do not. VeraCrypt is still suitable for non-operating system disks such as external drives, especially drives that may be accessed from multiple operating systems.
 
-[Learn more :material-arrow-right-drop-circle:](encryption.md#os-full-disk-encryption)
+[Learn more :material-arrow-right-drop-circle:](encryption.md##operating-system-included-full-disk-encryption-fde)
 
 </details>
 
@@ -338,7 +338,7 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 - ![YubiKeys](assets/img/multi-factor-authentication/mini/yubico.svg){ .twemoji loading=lazy } [YubiKey](multi-factor-authentication.md#yubikey)
 - ![Nitrokey](assets/img/multi-factor-authentication/mini/nitrokey.svg){ .twemoji loading=lazy } [Nitrokey](multi-factor-authentication.md#nitrokey)
-- ![Ente Auth logo](assets/img/multi-factor-authentication/ente-auth.png){ .twemoji loading=lazy } [Ente Auth](multi-factor-authentication.md#ente-auth)
+- ![ente Auth logo](assets/img/multi-factor-authentication/ente-auth.png){ .twemoji loading=lazy } [ente Auth](multi-factor-authentication.md#ente-auth)
 - ![Aegis logo](assets/img/multi-factor-authentication/aegis.png){ .twemoji loading=lazy } [Aegis Authenticator (Android)](multi-factor-authentication.md#aegis-authenticator-android)
 
 </div>
@@ -501,7 +501,7 @@ These tools may provide utility for certain individuals. They provide functional
 - ![iMazing logo](assets/img/device-integrity/imazing.png){ .twemoji loading=lazy } [iMazing (iOS)](device-integrity.md#imazing-ios)
 - ![Auditor logo](assets/img/device-integrity/auditor.svg#only-light){ .twemoji loading=lazy }![Auditor logo](assets/img/device-integrity/auditor-dark.svg#only-dark){ .twemoji loading=lazy } [Auditor (Android)](device-integrity.md#auditor-android)
 - ![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ .twemoji loading=lazy }![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ .twemoji loading=lazy } [Hypatia (Android)](device-integrity.md#hypatia-android)
-- ![iVerify logo](assets/img/device-integrity/iverify.webp){ .twemoji loading=lazy } [iVerify Basic (iOS)](device-integrity.md#iverify-basic-ios)
+- ![iVerify logo](assets/img/device-integrity/iverify.webp){ .twemoji loading=lazy } [iVerify (iOS)](device-integrity.md#iverify-ios)
 
 </div>
 

docs/vpn.md

@@ -71,7 +71,7 @@ We also think it's better for the security of the VPN provider's private keys if
 
 #### :material-check:{ .pg-green } Independently Audited
 
-As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com).
+As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com).
 
 #### :material-check:{ .pg-green } Open-Source Clients
 

includes/strings.en.env

@@ -1,9 +1,14 @@
+ANALYTICS_CONSENT_BODY="We collect anonymous statistics about your visits to help us improve the site. We do not track you across other websites. If you disable this, we will not know when you have visited our site. We will save a single cookie in your browser to remember your preference."
+ANALYTICS_CONSENT_TITLE="Contribute anonymous statistics"
+ANALYTICS_COOKIE_GITHUB="GitHub API"
+ANALYTICS_COOKIE_UMAMI="Self-Hosted Analytics"
 ANALYTICS_FEEDBACK_NEGATIVE_NAME="This page could be improved"
 ANALYTICS_FEEDBACK_NEGATIVE_NOTE='Thanks for your feedback! If you want to let us know more, please leave a post on our <a href="https://discuss.privacyguides.net/c/site-development/7" target="_blank" rel="noopener">forum</a>.'
 ANALYTICS_FEEDBACK_POSITIVE_NAME="This page was helpful"
 ANALYTICS_FEEDBACK_POSITIVE_NOTE="Thanks for your feedback!"
 ANALYTICS_FEEDBACK_TITLE="Was this page helpful?"
 DESCRIPTION_HOMEPAGE="A socially motivated website which provides information about protecting your online data privacy and security."
+FOOTER_ANALYTICS="Anonymous statistics preferences."
 FOOTER_COPYRIGHT_AUTHOR="Privacy Guides and contributors."
 FOOTER_INTRO="<b>Privacy Guides</b> is a non-profit, socially motivated website that provides information for protecting your data security and privacy."
 FOOTER_NOTE="We do not make money from recommending certain products, and we do not use affiliate links."

mkdocs.yml

@@ -56,6 +56,7 @@ extra:
         - fontawesome/brands/creative-commons
         - fontawesome/brands/creative-commons-by
         - fontawesome/brands/creative-commons-sa
+      analytics: !ENV [FOOTER_ANALYTICS, "Anonymous statistics preferences."]
     homepage:
       description:
         !ENV [
@@ -234,6 +235,24 @@ extra:
           data: 0
           note:
             !ENV [ANALYTICS_FEEDBACK_NEGATIVE_NOTE, "Thanks for your feedback!"]
+  consent:
+    title: !ENV [ANALYTICS_CONSENT_TITLE, "Contribute anonymous statistics"]
+    description:
+      !ENV [
+        ANALYTICS_CONSENT_BODY,
+        "We use cookies to collect anonymous usage statistics. You can opt out if you wish.",
+      ]
+    cookies:
+      analytics:
+        name: !ENV [ANALYTICS_COOKIE_UMAMI, "Self-Hosted Analytics"]
+        checked: true
+      github:
+        name: !ENV [ANALYTICS_COOKIE_GITHUB, "GitHub API"]
+        checked: true
+    actions:
+      - reject
+      - accept
+      - manage
 
 repo_url:
   !ENV [BUILD_REPO_URL, "https://github.com/privacyguides/privacyguides.org"]
@@ -284,6 +303,7 @@ extra_css:
   - assets/stylesheets/extra.css?v=2
 extra_javascript:
   - assets/javascripts/randomize-element.js?v=1
+  - assets/javascripts/resolution.js?v=1
   - assets/javascripts/feedback.js?v=1
 
 watch:
@@ -373,6 +393,7 @@ nav:
           - "basics/email-security.md"
           - "basics/vpn-overview.md"
       - !ENV [NAV_ADVANCED_TOPICS, "Advanced Topics"]:
+          - "advanced/browser-fingerprinting.md"
           - "advanced/dns-overview.md"
           - "advanced/tor-overview.md"
           - "advanced/payments.md"
@@ -442,12 +463,7 @@ nav:
           - !ENV [NAV_TECHNICAL_GUIDES, "Technical Guides"]:
               - "meta/uploading-images.md"
               - "meta/git-recommendations.md"
-  - !ENV [NAV_DONATE, "Donate"]: "about/donate/"
   - !ENV [NAV_CHANGELOG, "Changelog"]:
       "https://github.com/privacyguides/privacyguides.org/releases"
   - !ENV [NAV_FORUM, "Forum"]: "https://discuss.privacyguides.net/"
   - !ENV [NAV_BLOG, "Blog"]: "https://blog.privacyguides.org/"
-
-validation:
-  nav:
-    not_found: info

run.sh

@@ -128,9 +128,6 @@ markdown_extensions:
     sources:
       exclude:
         - tools.md
-    targets:
-      exclude:
-        - about/contributors.md
 EOT
   trap 'rm $PWD/.mkdocs-insiders-$random_num.yml' EXIT
 fi

theme/assets/img/email/tuta-dark.svg

@@ -1 +0,0 @@
-<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><g fill="#00d2a7" stroke-width=".91795"><path d="m2.6793 0.33879 5.7992 5.8589c0.13565 0.13531 0.27131 0.16931 0.47479 0.16931h24.451c0.16955 0 0.27134-0.20331 0.10172-0.37254l-5.7313-5.7911c-0.13565-0.13565-0.27134-0.20331-0.5426-0.20331h-24.418c-0.23741 0-0.27131 0.20331-0.13565 0.33861z"/><path d="m1.8315 33.596c-0.034 0.13565 0.034 0.27096 0.20348 0.27096h24.112c0.23738 0 0.3391-0.10165 0.40693-0.30461l7.2913-23.503c0.06783-0.23696-0.034-0.30461-0.23738-0.30461h-24.18c-0.20341 0-0.27127 0.067653-0.3391 0.23696z"/><path d="m1.5914e-4 26.822c0 0.27096 0.33913 0.27096 0.40696 0l5.5279-17.983c0.067827-0.20331 0.067827-0.33861-0.10172-0.50802l-5.4939-5.4525c-0.13565-0.13565-0.33913-0.067653-0.33913 0.10165z"/></g></svg>

theme/assets/img/email/tuta.svg

@@ -1 +1 @@
-<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><g fill="#850122" stroke-width=".91795"><path d="m2.6792 0.33866 5.7992 5.8589c0.13565 0.13548 0.27131 0.16934 0.47479 0.16934h24.452c0.16955 0 0.27134-0.2032 0.10172-0.37253l-5.7313-5.7912c-0.13565-0.13548-0.27134-0.2032-0.5426-0.2032h-24.418c-0.23741 0-0.27131 0.2032-0.13565 0.33865z"/><path d="m1.8314 33.596c-0.034 0.13548 0.034 0.27089 0.20348 0.27089h24.113c0.23738 0 0.3391-0.10152 0.40693-0.30476l7.2914-23.503c0.06783-0.23703-0.034-0.30475-0.23738-0.30475h-24.18c-0.20341 0-0.27127 0.067758-0.3391 0.23703z"/><path d="m5.3925e-5 26.822c0 0.27089 0.33914 0.27089 0.40696 0l5.5279-17.983c0.067827-0.2032 0.067827-0.33865-0.10172-0.508l-5.494-5.4525c-0.13565-0.13548-0.33914-0.067723-0.33914 0.10158z"/></g></svg>
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 257 237"><defs><path id="a" d="M22.875.003C10.235.003 0 10.249 0 22.875v211.23c0 .801.046 1.608.123 2.388 8.5-3.167 17.524-6.629 27.054-10.436 66.336-26.48 120.57-48.994 120.62-74.415 0-.814-.056-1.636-.172-2.458-3.43-25.098-63.407-32.879-63.324-44.381.007-.611.18-1.25.548-1.889 7.205-12.619 35.743-12.015 46.253-12.907 10.519-.913 35.206-.724 36.399-8.244.035-.232.057-.463.057-.695.028-6.987-16.977-9.726-16.977-9.726s20.635 3.083 20.579 11.11c0 .393-.048.8-.158 1.214-2.222 8.624-20.379 10.246-32.386 10.835-11.356.569-28.648 1.861-28.707 7.408-.007.323.049.66.165 1.004 2.71 8.11 66.09 12.015 106.64 33.061 23.335 12.099 34.94 32.422 40.263 53.418V22.872C256.977 10.246 246.734 0 234.108 0H22.878l-.003.003Z"/></defs><use xlink:href="#a" fill="#A01E20" fill-rule="evenodd"/></svg>

theme/assets/javascripts/resolution.js

@@ -0,0 +1,78 @@
+function setCookie(cname, cvalue, exdays) {
+  const d = new Date();
+  d.setTime(d.getTime() + (exdays * 24 * 60 * 60 * 1000));
+  let expires = "expires="+d.toUTCString();
+  document.cookie = cname + "=" + cvalue + ";" + expires + ";path=/";
+}
+
+function getCookie(cname) {
+  let name = cname + "=";
+  let ca = document.cookie.split(';');
+  for(let i = 0; i < ca.length; i++) {
+    let c = ca[i];
+    while (c.charAt(0) == ' ') {
+      c = c.substring(1);
+    }
+    if (c.indexOf(name) == 0) {
+      return c.substring(name.length, c.length);
+    }
+  }
+  return "";
+}
+
+var consent = __md_get("__consent")
+if (!consent) {
+  __md_set("__consent", {"analytics":true,"github":true});
+  if (getCookie('resolution') == '') {
+    const resolution = `${window.screen.width}x${window.screen.height}`;
+    setCookie('resolution', resolution, 30);
+  }
+}
+
+if (consent && consent.analytics) {
+  if (getCookie('resolution') == '') {
+    const resolution = `${window.screen.width}x${window.screen.height}`;
+    setCookie('resolution', resolution, 30);
+  }
+  setCookie('umami', 'true', 0);
+} else {
+  setCookie('umami', 'false', 365);
+  setCookie('resolution', "0x0", 0);
+}
+
+var consent = __md_get("__consent")
+if (consent) {
+  for (var input of document.forms.consent.elements)
+    if (input.name)
+      input.checked = consent[input.name] || false
+
+/* Show consent with a small delay, but not if browsing locally */
+} else if (location.protocol !== "file:") {
+setTimeout(function() {
+  var el = document.querySelector("[data-md-component=consent]")
+  el.hidden = false
+}, 250)
+}
+
+/* Intercept submission of consent form */
+var form = document.forms.consent
+for (var action of ["submit", "reset"])
+form.addEventListener(action, function(ev) {
+  ev.preventDefault()
+
+  /* Reject all cookies */
+  if (ev.type === "reset")
+    for (var input of document.forms.consent.elements)
+      if (input.name)
+        input.checked = false
+
+  /* Grab and serialize form data */
+  __md_set("__consent", Object.fromEntries(
+    Array.from(new FormData(form).keys())
+      .map(function(key) { return [key, true] })
+  ))
+
+  /* Remove anchor to omit consent from reappearing and reload */
+  location.hash = '';
+  location.reload()
+})

theme/partials/copyright.html

@@ -35,6 +35,9 @@
         {% endfor %}
       </a>
       {{ copyright.copyright.date }} {{ copyright.copyright.author }}
+      <a href='#__consent'>
+        {{ copyright.analytics }}
+      </a>
     </div>
   {% endif %}
 </div>

theme/partials/javascripts/consent.html

@@ -0,0 +1 @@
+<!-- moved to assets/javascripts/resolution.js -->