Update the-dangers-of-end-to-end-encryption.md

Signed-off-by: Jonah Aragon <jonah@privacyguides.org>

.vscode/ltex.dictionary.en-US.txt

@@ -545,3 +545,12 @@ Codeberg
 simple-codeberg
 simple-reddit
 fontawesome-brands-linkedin
+simple-keepassxc
+OnlyKey
+fontawesome-solid-unlock-keyhole
+KeeShare
+KeePassium
+MWEB
+Cyd
+Semiphemeral
+Dangerzone

blog/.authors.yml

@@ -1,4 +1,8 @@
 authors:
+  aprilfools:
+    name: Anita Key
+    description: Government Liaison
+    avatar: https://github.com/privacyguides.png
   contributors:
     type: Organization
     name: Privacy Guides

blog/assets/images/private-european-alternatives/eu-alternatives.svg

@@ -0,0 +1,141 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg width="100%" height="100%" viewBox="0 0 1920 1080" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve" xmlns:serif="http://www.serif.com/" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linejoin:round;stroke-miterlimit:2;">
+    <rect x="0" y="0" width="1920" height="1080" style="fill:rgb(0,51,153);"/>
+    <g transform="matrix(2.55845,0,0,2.55845,597.249,537.627)">
+        <g transform="matrix(1,0,0,1,-24,-24)">
+            <g transform="matrix(2,0,0,2,0,0)">
+                <rect x="0" y="0" width="24" height="24" style="fill:none;fill-rule:nonzero;"/>
+            </g>
+            <g transform="matrix(2,0,0,2,0,0)">
+                <path d="M12.65,10C11.83,7.67 9.61,6 7,6C3.69,6 1,8.69 1,12C1,15.31 3.69,18 7,18C9.61,18 11.83,16.33 12.65,14L17,14L17,18L21,18L21,14L23,14L23,10L12.65,10ZM7,14C5.9,14 5,13.1 5,12C5,10.9 5.9,10 7,10C8.1,10 9,10.9 9,12C9,13.1 8.1,14 7,14Z" style="fill:rgb(255,204,0);fill-rule:nonzero;"/>
+            </g>
+        </g>
+    </g>
+    <g transform="matrix(2.55845,0,0,2.55845,1322.75,537.627)">
+        <g transform="matrix(1,0,0,1,-24,-24)">
+            <g transform="matrix(2,0,0,2,0,0)">
+                <rect x="0" y="0" width="24" height="24" style="fill:none;fill-rule:nonzero;"/>
+            </g>
+            <g transform="matrix(2,0,0,2,0,0)">
+                <g>
+                    <path d="M2,17L22,17L22,19L2,19L2,17ZM3.15,12.95L4,11.47L4.85,12.95L6.15,12.2L5.3,10.72L7,10.72L7,9.22L5.3,9.22L6.15,7.75L4.85,7L4,8.47L3.15,7L1.85,7.75L2.7,9.22L1,9.22L1,10.72L2.7,10.72L1.85,12.2L3.15,12.95ZM9.85,12.2L11.15,12.95L12,11.47L12.85,12.95L14.15,12.2L13.3,10.72L15,10.72L15,9.22L13.3,9.22L14.15,7.75L12.85,7L12,8.47L11.15,7L9.85,7.75L10.7,9.22L9,9.22L9,10.72L10.7,10.72L9.85,12.2ZM23,9.22L21.3,9.22L22.15,7.75L20.85,7L20,8.47L19.15,7L17.85,7.75L18.7,9.22L17,9.22L17,10.72L18.7,10.72L17.85,12.2L19.15,12.95L20,11.47L20.85,12.95L22.15,12.2L21.3,10.72L23,10.72L23,9.22Z" style="fill:rgb(255,204,0);fill-rule:nonzero;"/>
+                </g>
+            </g>
+        </g>
+    </g>
+    <g transform="matrix(2.55845,0,0,2.55845,642.604,709.746)">
+        <g transform="matrix(1,0,0,1,-24,-24)">
+            <g transform="matrix(2,0,0,2,0,0)">
+                <rect x="0" y="0" width="24" height="24" style="fill:none;"/>
+            </g>
+            <g transform="matrix(2,0,0,2,0,0)">
+                <g>
+                    <g>
+                        <path d="M20,18C21.1,18 22,17.1 22,16L22,6C22,4.9 21.1,4 20,4L4,4C2.9,4 2,4.9 2,6L2,16C2,17.1 2.9,18 4,18L0,18L0,20L24,20L24,18L20,18ZM4,6L20,6L20,16L4,16L4,6Z" style="fill:rgb(255,204,0);fill-rule:nonzero;"/>
+                    </g>
+                </g>
+            </g>
+        </g>
+    </g>
+    <g transform="matrix(2.55845,0,0,2.55845,1279.34,709.746)">
+        <g transform="matrix(1,0,0,1,-24,-24)">
+            <g transform="matrix(2,0,0,2,0,0)">
+                <rect x="0" y="0" width="24" height="24" style="fill:none;fill-rule:nonzero;"/>
+            </g>
+            <g transform="matrix(2,0,0,2,0,0)">
+                <path d="M20,13L4,13C3.45,13 3,13.45 3,14L3,20C3,20.55 3.45,21 4,21L20,21C20.55,21 21,20.55 21,20L21,14C21,13.45 20.55,13 20,13ZM7,19C5.9,19 5,18.1 5,17C5,15.9 5.9,15 7,15C8.1,15 9,15.9 9,17C9,18.1 8.1,19 7,19ZM20,3L4,3C3.45,3 3,3.45 3,4L3,10C3,10.55 3.45,11 4,11L20,11C20.55,11 21,10.55 21,10L21,4C21,3.45 20.55,3 20,3ZM7,9C5.9,9 5,8.1 5,7C5,5.9 5.9,5 7,5C8.1,5 9,5.9 9,7C9,8.1 8.1,9 7,9Z" style="fill:rgb(255,204,0);fill-rule:nonzero;"/>
+            </g>
+        </g>
+    </g>
+    <g transform="matrix(2.55845,0,0,2.55845,1144.75,858.679)">
+        <g transform="matrix(1,0,0,1,-24,-24)">
+            <g transform="matrix(2,0,0,2,0,0)">
+                <rect x="0" y="0" width="24" height="24" style="fill:none;fill-rule:nonzero;"/>
+            </g>
+            <g transform="matrix(2,0,0,2,0,0)">
+                <path d="M9,17L7,17L7,10L9,10L9,17ZM13,17L11,17L11,7L13,7L13,17ZM17,17L15,17L15,13L17,13L17,17ZM19.5,19.1L4.5,19.1L4.5,5L19.5,5L19.5,19.1ZM19.5,3L4.5,3C3.4,3 2.5,3.9 2.5,5L2.5,19C2.5,20.1 3.4,21 4.5,21L19.5,21C20.6,21 21.5,20.1 21.5,19L21.5,5C21.5,3.9 20.6,3 19.5,3Z" style="fill:rgb(255,204,0);fill-rule:nonzero;"/>
+            </g>
+        </g>
+    </g>
+    <g transform="matrix(2.55845,0,0,2.55845,776.985,858.679)">
+        <g transform="matrix(1,0,0,1,-24,-24)">
+            <g transform="matrix(2,0,0,2,0,0)">
+                <rect x="0" y="0" width="24" height="24" style="fill:none;fill-rule:nonzero;"/>
+            </g>
+            <g transform="matrix(2,0,0,2,0,0)">
+                <path d="M17,12L12,12L12,17L17,17L17,12ZM16,1L16,3L8,3L8,1L6,1L6,3L5,3C3.89,3 3.01,3.9 3.01,5L3,19C3,20.1 3.89,21 5,21L19,21C20.1,21 21,20.1 21,19L21,5C21,3.9 20.1,3 19,3L18,3L18,1L16,1ZM19,19L5,19L5,8L19,8L19,19Z" style="fill:rgb(255,204,0);fill-rule:nonzero;"/>
+            </g>
+        </g>
+    </g>
+    <g transform="matrix(2.55845,0,0,2.55845,960.869,904.116)">
+        <g transform="matrix(1,0,0,1,-24,-24)">
+            <g transform="matrix(2,0,0,2,0,0)">
+                <rect x="0" y="0" width="24" height="24" style="fill:none;fill-rule:nonzero;"/>
+            </g>
+            <g transform="matrix(2,0,0,2,0,0)">
+                <path d="M19,2L14.82,2C14.4,0.84 13.3,0 12,0C10.7,0 9.6,0.84 9.18,2L5,2C3.9,2 3,2.9 3,4L3,20C3,21.1 3.9,22 5,22L19,22C20.1,22 21,21.1 21,20L21,4C21,2.9 20.1,2 19,2ZM12,2C12.55,2 13,2.45 13,3C13,3.55 12.55,4 12,4C11.45,4 11,3.55 11,3C11,2.45 11.45,2 12,2ZM19,20L5,20L5,4L7,4L7,7L17,7L17,4L19,4L19,20Z" style="fill:rgb(255,204,0);fill-rule:nonzero;"/>
+            </g>
+        </g>
+    </g>
+    <g transform="matrix(2.55845,0,0,2.55845,960.869,175.884)">
+        <g transform="matrix(1,0,0,1,-24,-24)">
+            <g transform="matrix(2,0,0,2,0,0)">
+                <rect x="0" y="0" width="24" height="24" style="fill:none;fill-rule:nonzero;"/>
+            </g>
+            <g transform="matrix(2,0,0,2,0,0)">
+                <path d="M20,4L4,4C2.9,4 2.01,4.9 2.01,6L2,18C2,19.1 2.9,20 4,20L20,20C21.1,20 22,19.1 22,18L22,6C22,4.9 21.1,4 20,4ZM20,8L12,13L4,8L4,6L12,11L20,6L20,8Z" style="fill:rgb(255,204,0);fill-rule:nonzero;"/>
+            </g>
+        </g>
+    </g>
+    <g transform="matrix(2.55845,0,0,2.55845,1144.75,223.173)">
+        <g transform="matrix(1,0,0,1,-24,-24)">
+            <g transform="matrix(2,0,0,2,0,0)">
+                <rect x="0" y="0" width="24" height="24" style="fill:none;"/>
+            </g>
+            <g transform="matrix(2,0,0,2,0,0)">
+                <g>
+                    <g>
+                        <path d="M14,19.88L14,22L16.12,22L21.29,16.83L19.17,14.71L14,19.88Z" style="fill:rgb(255,204,0);fill-rule:nonzero;"/>
+                    </g>
+                    <g>
+                        <path d="M20,8L14,2L6,2C4.9,2 4.01,2.9 4.01,4L4,20C4,21.1 4.89,22 5.99,22L12,22L12,19.05L20,11.05L20,8ZM13,9L13,3.5L18.5,9L13,9Z" style="fill:rgb(255,204,0);fill-rule:nonzero;"/>
+                    </g>
+                    <g>
+                        <path d="M22.71,14L22,13.29C21.61,12.9 20.98,12.9 20.59,13.29L19.88,14L22,16.12L22.71,15.41C23.1,15.02 23.1,14.39 22.71,14Z" style="fill:rgb(255,204,0);fill-rule:nonzero;"/>
+                    </g>
+                </g>
+            </g>
+        </g>
+    </g>
+    <g transform="matrix(2.55845,0,0,2.55845,776.985,223.173)">
+        <g transform="matrix(1,0,0,1,-24,-24)">
+            <g transform="matrix(2,0,0,2,0,0)">
+                <rect x="0" y="0" width="24" height="24" style="fill:none;"/>
+            </g>
+            <g transform="matrix(2,0,0,2,0,0)">
+                <path d="M19.3,16.9C19.7,16.2 20,15.4 20,14.5C20,12 18,10 15.5,10C13,10 11,12 11,14.5C11,17 13,19 15.5,19C16.4,19 17.2,18.7 17.9,18.3L21.1,21.5L22.5,20.1L19.3,16.9ZM15.5,17C14.1,17 13,15.9 13,14.5C13,13.1 14.1,12 15.5,12C16.9,12 18,13.1 18,14.5C18,15.9 16.9,17 15.5,17ZM12,20L12,22C6.48,22 2,17.52 2,12C2,6.48 6.48,2 12,2C16.84,2 20.87,5.44 21.8,10L19.73,10C19.09,7.54 17.33,5.53 15,4.59L15,5C15,6.1 14.1,7 13,7L11,7L11,9C11,9.55 10.55,10 10,10L8,10L8,12L10,12L10,15L9,15L4.21,10.21C4.08,10.79 4,11.38 4,12C4,16.41 7.59,20 12,20Z" style="fill:rgb(255,204,0);fill-rule:nonzero;"/>
+            </g>
+        </g>
+    </g>
+    <g transform="matrix(2.55845,0,0,2.55845,1279.34,365.507)">
+        <g transform="matrix(1,0,0,1,-24,-24)">
+            <g transform="matrix(2,0,0,2,0,0)">
+                <rect x="0" y="0" width="24" height="24" style="fill:none;fill-rule:nonzero;"/>
+            </g>
+            <g transform="matrix(2,0,0,2,0,0)">
+                <path d="M20,2L4,2C2.9,2 2.01,2.9 2.01,4L2,22L6,18L20,18C21.1,18 22,17.1 22,16L22,4C22,2.9 21.1,2 20,2ZM6,9L18,9L18,11L6,11L6,9ZM14,14L6,14L6,12L14,12L14,14ZM18,8L6,8L6,6L18,6L18,8Z" style="fill:rgb(255,204,0);fill-rule:nonzero;"/>
+            </g>
+        </g>
+    </g>
+    <g transform="matrix(2.55845,0,0,2.55845,642.604,365.507)">
+        <g transform="matrix(1,0,0,1,-24,-24)">
+            <g transform="matrix(2,0,0,2,0,0)">
+                <rect x="0" y="0" width="24" height="24" style="fill:none;fill-rule:nonzero;"/>
+            </g>
+            <g transform="matrix(2,0,0,2,0,0)">
+                <path d="M20.5,3L20.34,3.03L15,5.1L9,3L3.36,4.9C3.15,4.97 3,5.15 3,5.38L3,20.5C3,20.78 3.22,21 3.5,21L3.66,20.97L9,18.9L15,21L20.64,19.1C20.85,19.03 21,18.85 21,18.62L21,3.5C21,3.22 20.78,3 20.5,3ZM15,19L9,16.89L9,5L15,7.11L15,19Z" style="fill:rgb(255,204,0);fill-rule:nonzero;"/>
+            </g>
+        </g>
+    </g>
+</svg>

blog/assets/images/the-dangers-of-end-to-end-encryption/fire.svg

@@ -0,0 +1,4 @@
+<svg width="72" height="72" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg" data-reactroot="">
+<path stroke-linejoin="round" stroke-linecap="round" stroke-width="0" stroke="#ffffff" fill="#eb7c0f" d="M12 22C9.28 22 4.57 19.33 4.05 14.99C3.69 11.95 5.51 9.6 6.01 8.99C6.42 11.1 7.53 12.7 8.95 12.99C9.21 13.04 9.54 13.06 9.93 12.99C9.82 10.67 10 6.33 12.86 3C13.17 2.63 13.66 2.3 14 2C14.24 4.64 14.98 6.12 15.8 7C16.91 8.19 18.59 9 19.48 11.28C19.52 11.37 19.63 11.65 19.72 12C20.34 14.38 20.04 17.88 17.76 19.99C15.85 21.76 13.35 22 13 22C12.49 22 12.56 22 12 22Z" transform="translate(2,2)"></path><path stroke-linejoin="round" stroke-linecap="round" stroke-width="1" stroke="#ffffff" fill="none" d="M12 22C9.28 22 4.57 19.33 4.05 14.99C3.69 11.95 5.51 9.6 6.01 8.99C6.42 11.1 7.53 12.7 8.95 12.99C9.21 13.04 9.54 13.06 9.93 12.99C9.82 10.67 10 6.33 12.86 3C13.17 2.63 13.66 2.3 14 2C14.24 4.64 14.98 6.12 15.8 7C16.91 8.19 18.59 9 19.48 11.28C19.52 11.37 19.63 11.65 19.72 12C20.34 14.38 20.04 17.88 17.76 19.99C15.85 21.76 13.35 22 13 22C12.49 22 12.56 22 12 22Z"></path>
+<path stroke-linejoin="round" stroke-linecap="round" stroke-miterlimit="10" stroke-width="0" stroke="#ffffff" fill="#FDD17B" d="M14 16C12.96 17.04 11.41 17.43 10 17C11.13 18.09 12.7 18.5 14 18C16.01 17.24 16.83 14.54 16 13C15.74 12.53 15.36 12.21 15 12C15.43 13.41 15.04 14.96 14 16Z" transform="translate(2,2)"></path><path stroke-linejoin="round" stroke-linecap="round" stroke-miterlimit="10" stroke-width="1" stroke="#ffffff" fill="none" d="M14 16C12.96 17.04 11.41 17.43 10 17C11.13 18.09 12.7 18.5 14 18C16.01 17.24 16.83 14.54 16 13C15.74 12.53 15.36 12.21 15 12C15.43 13.41 15.04 14.96 14 16Z"></path>
+</svg>

blog/posts/installing-keepassxc-and-yubikey.md

@@ -0,0 +1,424 @@
+---
+date:
+    created: 2025-03-18T17:00:00Z
+categories:
+    - Tutorials
+authors:
+    - em
+description: This tutorial demonstrates how to install the local-only password manager KeePassXC and secure a password database with YubiKey.
+schema_type: AnalysisNewsArticle
+---
+# KeePassXC + YubiKey: How to set up a local-only password manager
+
+![Illustration showing a laptop computer with the KeePassXC logo on it. On the right is a green plus sign and a photo of a YubiKey.](../assets/images/installing-keepassxc-and-yubikey/keepassxc-cover.webp)
+<small aria-hidden="true">Illustration: Privacy Guides | Graphics: Yubico | Logo: KeePassXC</small>
+
+If you are looking for a good remote password manager you can use from anywhere, there are plenty of excellent [options](https://www.privacyguides.org/en/passwords/) to choose from. However, if you prefer to only store your passwords locally, [KeePassXC](https://www.privacyguides.org/en/passwords/#keepassxc) is what you need. In this tutorial, we will set up KeePassXC to work with [YubiKey](https://www.privacyguides.org/en/security-keys/#yubikey) as an additional factor to secure your local-only password database.<!-- more -->
+
+## :simple-keepassxc: KeePassXC summary
+
+KeePassXC is a free, open-source, and desktop-only password manager. The community-driven project was first released in 2012 and is a fork of both the *KeePass Password Safe* application and *KeePassX*, which is no longer actively maintained.
+
+In addition to having its [code](https://github.com/keepassxreboot/keepassxc) available for all to see, KeePassXC also went through an independent [security review](https://keepassxc.org/blog/2023-04-15-audit-report/) in 2023.
+
+Because it does not automatically sync with any remote cloud service, KeePassXC works offline by default. This offers additional protections for your privacy, and potentially for your security as well, depending on your specific situation.
+
+### Platforms
+
+KeePassXC can run on Linux, macOS, and Windows computers. There is no direct option for a KeePassXC application on mobile. The KeePassXC team [suggests](https://keepassxc.org/docs/#faq-platform-mobile) using [KeePassDX](https://www.keepassdx.com/) or [KeePass2Android](https://play.google.com/store/apps/details?id=keepass2android.keepass2android) on Android phones, and [Strongbox](https://strongboxsafe.com/) or [KeePassium](https://keepassium.com/) on iPhones.
+
+### Database cloud backup
+
+KeePassXC is local-first and will not automatically back up your password database in the cloud. This can be both an advantage for security and privacy, and a disadvantage if something were to happen to your device.
+
+To prevent losing access to your passwords, it is recommended to regularly back up your encrypted database `.kdbx` file in a remote [cloud storage](https://www.privacyguides.org/en/cloud/) of your choice, or on an encrypted external drive or USB stick.
+
+When copying this file to a third-party cloud service, it will [remain fully encrypted](https://keepassxc.org/docs/KeePassXC_UserGuide#_storing_your_database) and only get decrypted locally on your device. That being said, it's still always best to select an end-to-end encrypted cloud storage whenever possible.
+
+### Feature overview
+
+This tutorial only covers the basic installation to get you ready using KeePassXC locally, with a main password secured with a YubiKey. However, KeePassXC offers a lot of features you might also want to have a look at.
+
+In addition to the features we will set up here, KeePassXC offers the following:
+
+- [Passkey support](https://keepassxc.org/docs/KeePassXC_UserGuide#_passkeys)
+
+- [Password generator](https://keepassxc.org/docs/KeePassXC_UserGuide#_password_generator)
+
+- [Command line tool](https://keepassxc.org/docs/KeePassXC_UserGuide#_command_line_tool)
+
+- [SSH agent integration](https://keepassxc.org/docs/KeePassXC_UserGuide#_ssh_agent_integration)
+
+- [KeeShare and groups](https://keepassxc.org/docs/KeePassXC_UserGuide#_database_sharing_with_keeshare)
+
+- [Import password databases from 1Password, Bitwarden, Proton Pass, KeePass, CSV files](https://keepassxc.org/docs/KeePassXC_UserGuide#_importing_databases)
+
+- [Export databases to CSV, HTML, or XML files](https://keepassxc.org/docs/KeePassXC_UserGuide#_exporting_databases)
+
+- [And more](https://keepassxc.org/docs/KeePassXC_GettingStarted#_features)
+
+### What's new with KeePassXC 2.7.10
+
+On March 4th, KeePassXC released its most recent update. This update includes the capacity to import Proton Pass databases, to generate passphrases using *mixed* case (a mix of uppercase and lowercase), and many other [useful features](https://keepassxc.org/blog/2025-03-04-2.7.10-released/).
+
+## :material-toolbox: Requirements and preparation
+
+<div class="admonition info" markdown>
+<p class="admonition-title">Operating systems</p>
+
+This tutorial was completed using macOS, but your experience shouldn't be much different if you are using Linux or Windows.
+
+</div>
+
+For this tutorial you will need:
+
+- [x] Computer running Linux, macOS, or Windows
+- [x] Internet connection
+- [x] Ability to install software on this computer
+- [x] One or two YubiKeys (ideally two)
+
+## :material-download-circle: Setting up KeePassXC
+
+### Step 1: Download and Install KeePassXC
+
+Go to KeePassXC's download page and download the application version for your operating system. If the website doesn't detect your system automatically, you can change it on the top menu, or click on the "See more options" yellow button for previous versions.
+
+![Screenshot of the KeePassXC website download page.](../assets/images/installing-keepassxc-and-yubikey/keepassxc-1-download.webp)
+
+<div class="admonition success" markdown>
+<p class="admonition-title">Verifying signatures</p>
+
+For ideal security, you can verify the authenticity and integrity of the file you just downloaded by verifying the file's signatures. To do this, [follow the instructions](https://keepassxc.org/verifying-signatures/) from the website to guarantee the file you downloaded was created by the KeePassXC Team and has not been tampered with.
+
+</div>
+
+Complete the process for your respective OS to install and open the application once verified.
+
+![Screenshot of the application installation window for KeePassXC on macOS.](../assets/images/installing-keepassxc-and-yubikey/keepassxc-2-install.webp)
+
+On macOS, you will be prompted with a warning message saying "**“KeePassXC.app” is an app downloaded from the Internet. Are you sure you want to open it?**", click "Open".
+
+![Screenshot of a macOS warning popup before opening an application that was downloaded from the Internet.](../assets/images/installing-keepassxc-and-yubikey/keepassxc-3-installwarning.webp)
+
+<div class="admonition info" markdown>
+<p class="admonition-title">KeePassXC blocks screenshots by default</p>
+
+Interestingly, KeePassXC has a security feature that [blocks](https://keepassxc.org/docs/KeePassXC_UserGuide#_screenshot_security) screenshots and recordings of the application window on macOS and Windows.
+
+This is a great feature to prevent accidentally sharing your decrypted password database information during a meeting presentation, for example.
+
+Thankfully for writing this tutorial, there is a way to disable it temporarily, but **you** should definitely keep it on.
+
+</div>
+
+### Step 2: Adjust the settings
+
+Once you have installed and opened KeePassXC, before creating a database for your passwords, click on the "Settings" gear button on the upper-right, on the *toolbar*.
+
+![Screenshot of the KeePassXC application showing the Settings section.](../assets/images/installing-keepassxc-and-yubikey/keepassxc-4-settings.webp)
+
+From there, you will see many options you can adjust to your preferences. The default settings are already good, but you might want to tweak a few things to your specific usage.
+
+#### Keep a previous version backup (recommended)
+
+Scrolling down to the "File Management" section, you might want to enable the option to "Backup database file before saving". This will ensure you always have a backup of the previous version of your database, in case you accidentally delete important information for example.
+
+You can store this backup in the same or a different directory. You can change this backup's name or keep the default that will append `.old` to your database filename.
+
+![Screenshot of the KeePassXC application showing the Settings General section with the Backup database file before saving checkbox checked.](../assets/images/installing-keepassxc-and-yubikey/keepassxc-5-backupprevious.webp)
+
+#### Add icons specific to each service (optional)
+
+If you want to use icons specific to each service for your password entries, you can go to the "Security" subsection on the left-side menu, then in "Privacy" at the bottom *enable* "Use DuckDuckGo service to download website icons". This isn't enabled by default. Then click "OK" on the lower-right.
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Offline only?</p>
+
+Do not enable this if you wish to use KeePassXC offline only. You will still be able to use different default icons for you entries instead of downloading specific icons from the internet.
+
+</div>
+
+![Screenshot of the KeePassXC application showing the Settings Security section with the checkbox for DuckDuckGo checked.](../assets/images/installing-keepassxc-and-yubikey/keepassxc-6-duckduckgo.webp)
+
+### Step 3: Create a database
+
+A database in KeePassXC is an encrypted file that will contain all the passwords you register.
+
+You can use multiple separate databases with KeePassXC. For example, you could have a database for work, a database for your family, and a database for your personal accounts. All stored in separate files with separate main passwords. In the application, each database can be opened in its own tab.
+
+To create a new database, from the Welcome section click on the "Create Database" button on the lower-left.
+
+If you want to create a secondary database, you can also click on the dropdown Database menu on the application menu bar, then select "New Database".
+
+<div class="admonition tip" markdown>
+<p class="admonition-title">Importing an existing database</p>
+
+If you already have a password database file in the format `.kdbx`, you can import it from the Welcome page by clicking on "Import File" on the lower-right.
+
+</div>
+
+You will see a window pop up with "General Database Information". Pick a name and description for your database and click on "Continue" at the bottom.
+
+![Screenshot of the KeePassXC application showing the popup to Create a new KeePassXC database.](../assets/images/installing-keepassxc-and-yubikey/keepassxc-7-databasecreation.webp)
+
+For the second step, an "Encryption Settings" section will pop up. From there, you will be able to change the settings to your preferences. If you are not familiar with encryption algorithms, simply keep the defaults on and click "Continue" again.
+
+![Screenshot of the KeePassXC application showing the popup to Create a new KeePassXC database in the Encryption Settings.](../assets/images/installing-keepassxc-and-yubikey/keepassxc-8-databaseencryption.webp)
+
+For the next step, a "Database Credentials" section will pop up. From there, you will be able to choose a main password to lock your entire password database.
+
+At this step, it is very important to [choose a password](https://www.privacyguides.org/en/basics/passwords-overview/#best-practices) that is **unique, complex, and long**. This is the password that will protect all your other passwords. It should be easy to remember for you, but it must be *unique* and *long*. Ideally, pick a **passphrase**.
+
+#### Generate a main password (optional)
+
+If you do not feel inspired, you can use the "Generate password" dice button on the right to help you pick a strong password.
+
+![Screenshot of the KeePassXC application showing the popup to Generate Password.](../assets/images/installing-keepassxc-and-yubikey/keepassxc-9-passwordgenerate.webp)
+
+No matter if you invent or generate your main password/passphrase, **make sure to remember this main password well**. You cannot rely on your password manager for this one.
+
+<div class="admonition success" markdown>
+<p class="admonition-title">This step isn't over yet!</p>
+
+This is where you will be adding your YubiKey to further secure your database. Keep the "Database Credentials" application window open and **continue with the step below** :material-arrow-down-bold:
+
+</div>
+
+## :material-shield-key: Securing your database with a YubiKey
+
+To add a YubiKey to secure your KeePassXC database, you will first need to prepare your YubiKey(s) for it, if it's not already ready to use with a [Challenge-Response](https://docs.yubico.com/yesdk/users-manual/application-otp/challenge-response.html) application.
+
+<details class="note" markdown>
+<summary>Using a YubiKey will not add authentication per se (read more)</summary>
+
+Technically speaking, adding a YubiKey to your KeePassXC database isn't a second factor of authentication because KeePassXC isn't a service, therefore it cannot "authenticate" you.
+
+However, adding a YubiKey to secure your KeePassXC database will make decryption of your database more secure by enhancing the encryption key of your database.
+
+The Challenge-Response will remain the same each time you decrypt your database, *however*, it will change each time the database is updated (each time there is a change to it, such as adding an entry, removing an entry, adding a note, etc.). Note that the previous versions of your database could get unlocked with your main password + your key's previous Challenge-Response, however.
+
+If your key's Challenge-Response were to become compromised, you could update your database (by adding or changing an entry for example), then fully delete all previous versions of your database. This would effectively make all previous Challenge-Response obsolete to unlock your current database.
+
+You can read more on this in KeePassXC's [documentation](https://keepassxc.org/docs/).
+
+</details>
+
+### Step 4: Prepare your YubiKey(s)
+
+Because you cannot register two YubiKeys for this type of application, you should first make sure that you either have a secure backup for this Challenge-Response, or that you have cloned it to two YubiKeys, or more. This is important in case you were to lose your YubiKey.
+
+If you do have two YubiKeys, we have a [guide on how to reset your YubiKeys entirely and set up multiple keys as a backup](yubikey-reset-and-backup.md) which you may be interested in.
+
+If you only need to learn more about the Challenge-Response YubiKey application, jump to [this section](yubikey-reset-and-backup.md#step-9-create-and-clone-your-keys-challenge-response) of the tutorial directly.
+
+### Step 5: Add your YubiKey
+
+Once your YubiKey's Challenge-Response slot has been properly configured and backed up, return to the KeePassXC's "Database Credentials" window, and click on the "Add additional protection" button in the middle.
+
+This will open a new section with "Key File" and "Challenge-Response" options. Scroll down to "Challenge-Response". Plug in your YubiKey in your computer's port (only plug one key at the time), then click on the "Add Challenge-Response" button.
+
+![Screenshot of the KeePassXC application showing the popup to Create a new KeePassXC database in the Database Credentials section and highlighting the Add Challenge-Response button.](../assets/images/installing-keepassxc-and-yubikey/keepassxc-10-challengeresponse.webp)
+
+<div class="admonition question" markdown>
+<p class="admonition-title">YubiKey or OnlyKey</p>
+
+You can also use an OnlyKey to secure your KeePassXC database in the same way.
+
+</div>
+
+You should see your YubiKey's model and serial number listed, and also which YubiKey slot you have stored your Challenge-Response in. Once the correct key is selected, click on "Done" at the bottom.
+
+![Screenshot of the KeePassXC application showing the popup to Create a new KeePassXC database in the Database Credentials section when a YubiKey is plugged in.](../assets/images/installing-keepassxc-and-yubikey/keepassxc-11-selectyubikey.webp)
+
+A window will pop up to ask where you want to save your password database. Name your database file and save it in a secure directory on your computer. You will then be asked to touch your YubiKey.
+
+Touch the gold part of your YubiKey to save your database file. You will have to touch your YubiKey each time you save this database, and the file will be saved each time you make changes to it.
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Important! Unlocking your database</p>
+
+Each time you unlock your KeePassXC database, make sure to first plug in your YubiKey and verify that the "Use hardware key" checkbox is checked. Then, enter your main password and touch the gold part of your YubiKey when prompted.
+
+If you do not plug in your YubiKey first, an error will be triggered, and you will be unable to unlock your database.
+
+</div>
+
+## :fontawesome-solid-unlock-keyhole: Using KeePassXC
+
+Using KeePassXC is quite simple and resembles most other password manager applications. The biggest difference is that your passwords will remain stored locally, unless you decide to back up your password database to a cloud service of your choice.
+
+All the options to manage and use your entries credentials will be located on the *toolbar* at the top.
+
+![Screenshot of the KeePassXC application showing an empty database section.](../assets/images/installing-keepassxc-and-yubikey/keepassxc-12-databasenew.webp)
+
+<div class="admonition tip" markdown>
+<p class="admonition-title">Locking the database</p>
+
+At all time when the application is open, you can click in the "Lock Database" padlock button on the toolbar to lock your database. You can also adjust the settings to lock your database each time you minimize the application window (this is disabled by default).
+
+Your database will already lock itself automatically when your laptop lid is closed, the session is locked, or if your switch user (unless you disabled these options manually in settings).
+
+</div>
+
+### Step 6: Create a password entry
+
+To create a [new entry](https://keepassxc.org/docs/KeePassXC_GettingStarted#_entry_handling) for a password, click on the "Add a new entry" plus-shaped button on the toolbar.
+
+From this section, you will be able to register a "Title", "Username", "Password" (or generate one), "URL" (this is important if you use the browser extension), "Tags", "Expires" date, "Notes", and more.
+
+![Screenshot of the KeePassXC application showing the Add entry section filled with information.](../assets/images/installing-keepassxc-and-yubikey/keepassxc-13-newentry.webp)
+
+<div class="admonition tip" markdown>
+<p class="admonition-title">Keep your YubiKey plugged in when changing your database</p>
+
+When adding/removing entries or changing your database in any other way, make sure your YubiKey is plugged in. You will have to touch it each time you save changes to your database.
+
+</div>
+
+Before saving your entry by clicking "OK" on the lower-right, explore the options on the left-side menu.
+
+For example, in the "Advanced" section you can add additional attributes and store attachments, in the "Icon" section you can select an icon to represent your password entry (or download one from the web), in the "Auto-type" section you can enable/disable Auto-type, and in the "Properties" section you will see additional metadata for this entry.
+
+![Screenshot of the KeePassXC application showing the Add entry section in the Icon subsection.](../assets/images/installing-keepassxc-and-yubikey/keepassxc-14-entryicons.webp)
+
+Once you have set up all the information you need for this password entry, click "OK" to save it to your database. You will be prompted to touch the gold part of your YubiKey to complete the operation. You should now see your entry listed in your database.
+
+![Screenshot of the KeePassXC application showing the database section with one password entry filled.](../assets/images/installing-keepassxc-and-yubikey/keepassxc-15-entrycreated.webp)
+
+Each time you need this information, you can select an entry and click on the "Copy username to clipboard" character-shaped button, or the "Copy password to clipboard" key-shaped button, or the "Copy URL to clipboard" earth-shaped button on the toolbar.
+
+The data will stay in your computer's clipboard for 10 seconds then will get cleared (unless you changed this from the default setting). Once copied, paste this information in the appropriate field for your service.
+
+![Screenshot of the KeePassXC application showing the database section with all three buttons Username, Password, and URL for entry pointed at with arrows.](../assets/images/installing-keepassxc-and-yubikey/keepassxc-16-useentry.webp)
+
+<div class="admonition danger" markdown>
+<p class="admonition-title">Accidental deletion danger!</p>
+
+Be careful not to mistakenly click on the dangerous "Delete Entry" trash-shaped button left to the "Copy username to clipboard" button on the toolbar!
+
+You would have to touch your YubiKey to confirm deletion, but remain careful. If you click on it accidentally, do NOT touch your YubiKey to confirm!
+
+If this accident happened to you, you might see your entry has been moved to a "Recycle Bin" directory on the left. Right-click on your entry and select "Restore Entry" at the top of the entry menu. Touch your YubiKey when prompted. You should now see your entry back in the "Root" directory on the left-side menu.
+
+</div>
+
+### Step 7: Back up your database
+
+There are many ways to [back up](https://keepassxc.org/docs/KeePassXC_UserGuide#_database_backup_options) your KeePassXC database:
+
+#### Automatic local backup
+
+If you enabled this setting on [Step 2](#step-2-adjust-the-settings), you will see a second file getting saved in the same directory with the same name but with an appended `.old` to it when you make a change to your password database.
+
+This is the previous version of your database. If you delete a password entry by mistake for example, you can easily restore it with this secondary database backup file.
+
+#### Manual backup from the application menu
+
+When your database is unlocked, you can click on the dropdown "Database" menu in the application menu bar (not the toolbar), then select "Save Database Backup".
+
+You will have the option to rename this file and choose a different location. Then, you will be prompted to touch your YubiKey to confirm.
+
+![Screenshot of the KeePassXC application showing the application menu with the Database dropdown menu rolled down and the Save Database Backup option selected.](../assets/images/installing-keepassxc-and-yubikey/keepassxc-17-savedatabase.webp)
+
+#### Manual backup from copying the database file
+
+Another way to keep a backup of your password database is to simply copy the database `.kdbx` file somewhere else.
+
+You can copy this file to another local directory, an external drive (ideally encrypted), or a secure [cloud service](https://www.privacyguides.org/en/cloud/) of your choice (ideally an end-to-end encrypted one). Even if your database will be encrypted, it's always better to choose secure cloud services that offer solid end-to-end encryption.
+
+<div class="admonition info" markdown>
+<p class="admonition-title">Entry history</p>
+
+Within your database, KeePassXC also maintains a history of changes made to each of your entries. You can read more about this feature from KeePassXC's [documentation](https://keepassxc.org/docs/KeePassXC_UserGuide#_history).
+
+</div>
+
+### Step 8: Install the browser extension (optional)
+
+When you need to use KeePassXC to fill credentials in a browser or an app, you can always copy the entry field you need manually, as explained on [Step 6](#step-6-create-a-password-entry). But if you prefer, to facilitate filling credentials for web-based services, you can take advantage of KeePassXC's [browser extension](https://keepassxc.org/docs/KeePassXC_UserGuide#_browser_integration).
+
+To install the extension, go to [this page](https://keepassxc.org/download/#browser) from the KeePassXC website and click on your browser's *category*.
+
+This means that for any Firefox-based browser, you can click on the Firefox logo, and for any Chromium-based browser, you can click on the Chrome logo. Some browsers might not be supported, however.
+
+![Screenshot of the KeePassXC website page to download the browser extension.](../assets/images/installing-keepassxc-and-yubikey/keepassxc-18-downloadextension.webp)
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Privacy warning</p>
+
+Keep in mind that although browser extensions can be very convenient, they can also introduce some risk to your privacy.
+
+Even if the KeePassXC browser extension only [runs locally](https://keepassxc.org/privacy/), it does need to collect some information for its functionalities, and any additional extension installed has the potential to [introduce](https://www.privacyguides.org/en/browser-extensions/) a new attack surface.
+
+Additionally, the more unique your combination of hardware, software, and browser extensions is, the more you are vulnerable to [browser fingerprinting](https://neat.tube/w/fdszTYBKzeoE3ySQUGTzmo). Always be mindful to consider your specific threat model when installing new browser extensions.
+
+</div>
+
+Once you have installed the extension for your browser, go back to the KeePassXC application and click on the "Settings" gear button on toolbar. Click on "Browser Integration" on the left-side menu and check the box for "Enable browser integration" at the top of the section.
+
+![Screenshot of the KeePassXC application showing the Settings section in the Browser Integration subsection with the checkbox for Enable browser integration checked.](../assets/images/installing-keepassxc-and-yubikey/keepassxc-19-browserintegration.webp)
+
+From this [section](https://keepassxc.org/docs/KeePassXC_UserGuide#_configure_keepassxc_browser), check the box for the browser(s) or browser type(s) you have installed the extension on. You can also enable the option "Search in all opened databases for matching credentials" if you are using multiple databases. Then click "OK" on the lower-right to save these options.
+
+Make sure your KeePassXC database is *unlocked*, then **restart your browser**.
+
+#### If you encounter an error while running the extension
+
+<div class="admonition info" markdown>
+<p class="admonition-title">You don't have to use the extension</p>
+
+If you are not able to make the KeePassXC extension work with the browser you use, you can still use KeePassXC by manually copy-pasting your entries' credentials. It can even be a more secure and more private way to use it.
+
+</div>
+
+After installing the extension and enabling it from the KeePassXC settings, you might encounter an error where the KeePassXC icon in a credential field is [marked](https://keepassxc.org/docs/KeePassXC_GettingStarted#_using_the_browser_extension) with a red "**X**", a red "**!**", or a padlock icon.
+
+If this happens, try the following:
+
+1. Make sure your KeePassXC application is open, and your database is *unlocked*.
+
+2. Check if your YubiKey is *plugged* in your computer's port.
+
+3. Verify that your browser is *compatible* and does not use protections that could block the extension from working.
+
+4. Follow KeePassXC's [instructions](https://keepassxc.org/docs/KeePassXC_UserGuide#_using_the_browser_extension) to connect your KeePassXC database to your KeePassXC browser extension.
+
+5. Look for possible solutions from KeePassXC's [troubleshooting guide](https://github.com/keepassxreboot/keepassxc-browser/wiki/Troubleshooting-guide).
+
+![Screenshot of the CryptPad website login page showing in the Username field the KeePassXC logo greyed out and marked with a red "X".](../assets/images/installing-keepassxc-and-yubikey/keepassxc-20-errorconnection.webp)
+
+#### Filling credentials using the extension
+
+<div class="admonition note" markdown>
+<p class="admonition-title">The database is connected but the logo is greyed out</p>
+
+If you do not have an entry for this website, or if you have not registered a URL (or the correct one) for this entry, your will see the KeePassXC logo greyed out. This simply means your database could not find any credentials matching this website's URL.
+
+</div>
+
+Once configured and connected properly, you should see a green KeePassXC logo in the credential fields, when you have a corresponding entry in your database.
+
+Click on the green KeePassXC logo to populate all credential fields automatically.
+
+![Screenshot of the CryptPad website login page showing in the Username field the KeePassXC logo in green and both the credentials for Username and Password are filled.](../assets/images/installing-keepassxc-and-yubikey/keepassxc-21-credentialsextension.webp)
+
+<div class="admonition success" markdown>
+<p class="admonition-title">Congratulation! You're in!</p>
+
+You are now logged in, thanks to KeePassXC!
+
+</div>
+
+## :material-hand-heart: Consider supporting KeePassXC
+
+KeePassXC is a free and open-source project built by the community. If you use and love this application, it's always a great idea to support the project if you can.
+
+Here are a few ways you can help keep KeePassXC thriving:
+
+- [Contributing on GitHub](https://github.com/keepassxreboot/keepassxc/blob/develop/.github/CONTRIBUTING.md)
+- [Following KeePassXC on Mastodon](https://fosstodon.org/@keepassxc)
+- [Donating to KeePassXC to help with the development and maintenance of the application](https://keepassxc.org/donate/)
+
+For more information on KeePassXC and its many features, you can consult the official [Documentation and FAQ](https://keepassxc.org/docs/) or even have a look at KeePassXC's [code](https://github.com/keepassxreboot/keepassxc) on GitHub.
+
+<small aria-hidden="true">Unless credited otherwise, all screenshots from: Privacy Guides</small>

blog/posts/interview-with-micah-lee.md

@@ -0,0 +1,165 @@
+---
+date:
+    created: 2025-03-28T17:00:00Z
+categories:
+    - News
+authors:
+    - em
+description: 'This article is an interview with Micah Lee, the creator of Cyd and OnionShare, founder of Lockdown Systems, and author of Hacks, Leaks, and Revelations: The Art of Analyzing Hacked and Leaked Data.'
+schema_type: NewsArticle
+preview:
+  cover: blog/assets/images/interview-with-micah-lee/social-preview-cover.webp
+---
+# Interview with Micah Lee: Cyd, Lockdown Systems, OnionShare, and more
+
+![Photo of Micah Lee over a yellow and purple graphic background, and with the name Micah Lee written on the right.](../assets/images/interview-with-micah-lee/micah-lee-cover.webp)
+
+<small aria-hidden="true">Illustration: Jonah Aragon / Privacy Guides | Photo: Micah Lee</small>
+
+If you don't know who Micah Lee is yet, here's why you should: Micah is an information security engineer, a software engineer, a journalist, and an author who has built an impressive career developing software for the public good, and working with some of the most respected digital rights organizations in the United States.<!-- more -->
+
+If you have been following software development related to data privacy and security for a while, you probably already know one of Micah's projects such as [OnionShare](https://onionshare.org/), [Dangerzone](https://dangerzone.rocks/), the [Tor Browser Launcher](https://github.com/torproject/torbrowser-launcher), and more recently [Cyd](https://cyd.social/) (a rebirth of Semiphemeral). Additionally, he is also a core contributor to the [Tor Project](https://www.torproject.org/) and a contributor to [Hush Line](https://hushline.app/).
+
+Besides software development, Micah is a board member for [Science & Design](https://scidsg.org/) and [Distributed Denial of Secrets](https://ddosecrets.com/), a former board member and cofounder of [Freedom of the Press Foundation](https://freedom.press), and has been a Staff Technologist for the [Electronic Frontier Foundation](https://www.eff.org/).
+
+You might have already read some of Micah's articles when he worked at [The Intercept](https://theintercept.com/staff/micah-lee/), or even read his new [book](https://hacksandleaks.com/) Hacks, Leaks, and Revelations: The Art of Analyzing Hacked and Leaked Data.
+
+We spoke with Micah over email and are delighted that he decided to talk with us at Privacy Guides. Let's get into it!
+
+***Em:*** *Hi Micah! We're thrilled that you have accepted to give us this interview at Privacy Guides. Thank you for taking time off your busy schedule to talk with us.*
+
+## Cyd: The app to claw back your data from Big Tech
+
+***Em:*** *Let's start with your newest project. [Cyd](https://cyd.social) is an application you have created in 2024 to help people backing up and deleting their tweets on X-(Twitter). This app emerged from the ashes of [Semiphemeral](https://micahflee.com/2024/07/like-a-phoenix-semiphemeral-will-rise-from-the-ashes/), a great tool that was unfortunately rendered unusable when Twitter decided to [shut off its API](https://mashable.com/article/twitter-ending-free-api-tier-elon-musk-worst-decision). I personally loved Semiphemeral and used it to delete thousands of my tweets before eventually deleting my whole Twitter account later on. Can you tell us more about how Cyd works despite not using X's API?*
+
+**Micah:**
+
+APIs make it way simpler for programmers to interact with online services, but they're not the only way. As long as social media platforms like X still run websites, and it's still possible for you, the human, to manually scroll through your tweets and delete them, it's possible to write a program that can do this for you.
+
+This is basically how Cyd works. It's a desktop app that includes an embedded web browser. When you add an X account to it, you login to your account in the browser, and then Cyd takes over. You can tell it that you want to delete your tweets, or likes, or bookmarks, or unfollow everyone, or save a backup of your DMs, or plenty of other things, and it does this by automating the embedded browser on your behalf. No API required.
+
+Cyd uses open APIs when they're available and make sense. For example, if you want to quit X but you don't want your old tweets to disappear forever, Cyd can migrate them to Bluesky using Bluesky's API -- soon we'll add support for migrating to Mastodon too. But for closed platforms that suck (like X, and Facebook too, which we're adding support for right now), we're forced to do it the hard way.
+
+***Em:*** *Talking about openness, recently this year you have decided to [make Cyd open source](https://infosec.exchange/@micahflee/113885066507235250). This is fantastic news! What did you take into consideration before making this decision and what kind of [contributions](https://github.com/lockdown-systems/cyd) or feedback are you hoping to receive from the community?*
+
+**Micah:**
+
+I'm extremely happy that Cyd is now open source. I've open-sourced most code that I've ever written, so it honestly felt kind of weird starting out making Cyd proprietary.
+
+My biggest concern with making it open was that I want Cyd to be a sustainable business, where some of the features are free and some of the features are premium and cost money -- enough so that me, and eventually other people working on it, could get paid a decent wage. And as an open source app, it would be easy for someone to fork it and remove the bits of code that check if you've paid for premium access.
+
+But after talking it through with some other people who are very experienced open source devs, I decided that this isn't that big of a deal, and that the benefits of being open source far outweigh the costs.
+
+Now when you use Cyd, you can now *confirm* that it doesn't have access to your social media accounts or any of the data in it. Having an open issue tracker on GitHub is great too, because people in the community can open issues, post comments, and track the progress of features they're looking forward to. Also being open source means we have the ability to accept grants and donations, in addition to selling premium accounts. You can check out our Open Collective page at [https://opencollective.com/lockdown-systems](https://opencollective.com/lockdown-systems).
+
+I'm hoping that members of the community will discuss features we're making, or even contribute code directly to our project. Right now, Cyd is only available in English, but we're also hoping to translate it into many different languages going forward, so I'm hoping that people will eventually chip in it to help translate Cyd to their native languages.
+
+***Em:*** *Having access to Cyd in multiple languages would really be wonderful. Likewise for multiple social media, when additional ones will be added later on. But at the moment, Cyd definitely seems to be [focusing](https://cyd.social/want-to-quit-x-in-2025-heres-how-to-do-it-the-right-way-with-cyd/) on X. You have personally been on the receiving end of Elon Musk's vengeful whims before when your Twitter account got [banned](https://micahflee.com/2023/05/elon-banned-me-from-twitter-for-doing-journalism-good-riddance/) in 2022 for criticizing him. I would say this qualifies as a badge of honor. Do you think you could still be on his radar with Cyd focusing on [data deletion for X](https://cyd.social/delete-all-your-tweets-for-free-with-cyd/) even though X has shut off its API? Have you taken any specific measures about this?*
+
+**Micah:**
+
+I think it's actually more likely that I'll be on Elon Musk's radar because of my [recent work](https://www.youtube.com/live/APHo7bea_p4?si=stSrkmo1MWy5_iVX&t=3338) with the Tesla Takedown movement than with Cyd... Right now, Musk is spending all of his time purging the US government of critics and consolidating executive power under Trump. So maybe he's too distracted on his fascism project to care about what we're doing with deleting tweets?
+
+But that said, Musk is litigious and we're definitely concerned about legal threats. We've consulted lawyers and we're trying to be as safe as possible.
+
+## Lockdown Systems: The new organization developing Cyd
+
+***Em:*** *Cyd is a project of [Lockdown Systems](https://lockdown.systems), a new organization you have created with colleagues just a few months ago. Can you tell us more about the structure of this organization and who else is involved?*
+
+**Micah:**
+
+We're still finalizing the paperwork, but Lockdown Systems is a new worker-owned collective! At the moment there are five of us:
+
+- me
+- Jen, a former SecureDrop engineer who was the technical editor of my book and, for several years, my Dungeons & Dragons dungeon master
+- Saptak, a talented human-rights-focused open source developer who I work with on OnionShare
+- Yael, an investigative journalist friend who, among other things, broke a story with me about how Zoom had lied about supporting end-to-end encryption just as everyone started using it during the pandemic
+- Akil, a talented newsroom engineer I worked closely with at The Intercept
+
+Most companies are owned by investors who only care about profit. They don't care about the workers, and they definitely don't care about the end-users of the software they make. This is why it's so common for tech companies to end up spying on their users and selling that data: it's an additional way to make a profit for their investors.
+
+We're different. Lockdown Systems is owned by its workers, and we don't have outside investors. We have all agreed to the explicit goals of: ensuring the well-being of our members; making tools that help fight fascism and authoritarianism; and prioritizing impact over profit.
+
+We make decisions by coming to consensus, and everyone in the collective gets paid the same wage. Even though I started Cyd, I don't have more say than anyone else.
+
+***Em:*** *That is such a great organizational structure for software development. Lockdown Systems really has an impressive team of skilled and dedicated people. Presently, it seems from the website and [GitHub page](https://github.com/lockdown-systems) that Lockdown Systems is focusing on developing and growing Cyd only. Are you planning on using Lockdown Systems mainly for Cyd or are you envisaging other applications getting added to Lockdown Systems in the near (or far) future?*
+
+**Micah:**
+
+So far, Cyd is our only product. There are many features we plan on building, and we also need to get it the point where it can fund our continued work. Most likely, this will be our main project for the near future.
+
+That said, we're definitely open to branching out. We make software that directly empowers individuals, helping them reclaim their autonomy and privacy. So if we see an opportunity to build something that will directly help people who are facing fascist threats -- whether it's supporting abortion access, keeping immigrants safe, helping communities organize mutual aid, etc. -- we will absolutely do it.
+
+***Em:*** *If one day some generous millionaire (let's keep it at millionaire, we all know what happens at billionaire) decided to give Lockdown Systems a huge budget bump no string attached, how would you like to grow the organization with this money?*
+
+**Micah:**
+
+One cool thing about being a member of a collective is that if this happened, the whole collective would brainstorm together and we'd come up with ideas that are far better than what I could come up with alone. But that said, I definitely have some thoughts.
+
+Right now, everyone is working part time, between about 10 and 30 hours a week each. If we had the resources, many of us would work on Cyd full-time, and we'd be able to offer benefits like health care and retirement contributions. We could also increase how many people are part of the collective, and build out new features at a much faster rate.
+
+In my mind, future Cyd will be a single app (possible available on mobile devices, not just desktop) where you can have total control over all of your data that's currently stored by tech companies (X, Facebook, Instagram, TikTok, LinkedIn, Reddit, Bluesky, Mastodon, Discord, Slack, Telegram, Amazon, Airbnb, Substack, and on and on). You can backup all your data and then have choice over where you want the rest of it: you can delete *everything*, or you can choose to keep your online presence that you're proud of. You can easily cross-post to multiple platforms, and also automatically delete your older posts from the corporate platforms, while keeping them live on the open ones. Or, however else you choose to do it.
+
+If we had a bigger team to pay for more labor, there's a lot that we could get done.
+
+***Em:*** *In the meantime, I imagine one million $1 donations could also help. If our readers would like to support the development of Lockdown Systems, they can make a [donation on this page](https://opencollective.com/lockdown-systems).*
+
+## OnionShare: The app to share files, host websites, and chat anonymously through Tor
+
+***Em:*** *Our community is likely familiar with this great application included in so many security and privacy-focused projects, including [Tails](https://tails.net/), [Qubes OS](https://www.qubes-os.org/), [Whonix](https://www.whonix.org/), and [Parrot OS](https://parrotsec.org/). What motivated you to create [OnionShare](https://onionshare.org) more than 10 years ago, and what do you think is the best way to use it now?*
+
+**Micah:**
+
+I made OnionShare in 2014 while I was helping journalists report on the Snowden documents. The big motivation was a border search: Glenn Greenwald's partner, David, traveled from Berlin, where he was visiting Laura Poitras, back to his home in Rio de Janeiro. He was carrying an encrypted hard drive, on an assignment for The Guardian. During his layover at Heathrow airport in London, UK authorities detained him and searched him.
+
+None of this was necessary. Using the internet, encryption, and Tor, it's possible to securely move documents around the world without putting anyone at risk at a border crossing. In fact, I was already doing something similar with journalists I was collaborating with on Snowden stories myself. To send someone secret documents, I'd first encrypt them using PGP, and then place them in a folder on my laptop. I'd start up a web server with a simple directory listing for that folder, and then make that web server accessible as a Tor onion service.
+
+While this wasn't too hard for me, an experienced Linux nerd, to set up, it would be very challenging for most people. I made OnionShare basically as a user-friendly way for anyone to be able to securely share files, peer-to-peer, without needing to first upload them to some third party service like Dropbox.
+
+Today, OnionShare has more features. It's basically like a graphical interface to do cool things with Tor onion services -- you can send files, but you can also turn your laptop into an anonymous dropbox so people can upload files to you, and you can quickly host onion websites and spin up temporary chatrooms too. And there are Android and iPhone apps!
+
+The last time I used OnionShare myself was last week. On my personal newsletter, I'm writing a [series of posts](https://micahflee.com/exploring-the-paramilitary-leaks/) exploring the Paramilitary Leaks, 200 GB of data from the American militia movement, obtained by an infiltrator name John Williams. While working on one of my posts, John used OnionShare to send me some additional documents.
+
+## Other projects and thoughts
+
+***Em:*** *You have been a prolific writer as a journalist for [The Intercept](https://theintercept.com/staff/micah-lee/), your own [Blog](https://micahflee.com/), and in January 2024 you [released](https://micahflee.com/2023/12/hacks-leaks-and-revelations-the-art-of-analyzing-hacked-and-leaked-data/) a book called Hacks, Leaks, and Revelations: The Art of Analyzing Hacked and Leaked Data. What is this book about, and who is it written for?*
+
+**Micah:**
+
+I spent many years reporting on hacked and leaked datasets, starting with the Snowden archive. Since then, I've seen the amount of hacked and leaked data grow exponentially. And at the same time, journalists and researchers -- the people who really need to dig through this data and find the good stories -- don't even know where to start.
+
+So that's what my book is, an interactive guide to downloading and exploring datasets. It doesn't require any prior knowledge, but it does get pretty technically, including two chapters teaching Python programming. If you're following along, near the beginning of the book you'll encrypt a USB hard drive and then download a copy of BlueLeaks to it -- hundreds of gigabytes of hacked police documents from the middle of the Black Lives Matter uprising in 2020. You'll use this dataset, along with several others, as examples as you learn how to make sense of data like this.
+
+You should definitely buy the book if you're interested and you can, but information wants to be free, so I also released the whole book under a Creative Commons license. You can read the whole thing online at [hacksandleaks.com](https://hacksandleaks.com/).
+
+***Em:*** *I can see how much of a valuable skill this is to learn for journalists and researchers in this day and age. Even if nothing compares to having a physical paper copy (in my opinion), it's wonderful that you share your book online for people who, for various reasons, cannot order a copy. You have worked or still work with the Electronic Frontier Foundation, Freedom of the Press Foundation, Science & Design, the Tor Project, and Distributed Denial of Secrets. Your contribution and commitment to digital rights is undeniable. From your experience, what are you envisioning for the future of digital rights activism?*
+
+**Micah:**
+
+I don't have all of the answers, but I do think that it's important for digital rights activists to meet the moment. Fascist politicians are gaining power around the world. The gap between the ultra rich and everyone else is wider than it's ever been before. Elon Musk has openly bought the US government, and the Trump-supporting oligarchs control all of our critical tech infrastructure. Climate change deniers and anti-vaxxers are the ones in charge right now, at least in the US. Things are pretty bad.
+
+Whatever we do, we should have the goal of shifting power away from the fascists and billionaires and towards everyone else. We need alternative platforms that are not only open and democratic, but also just as easy to use as the corporate walled gardens. We need digital rights, not to mention digital security, to fully integrate itself into the rest of the mass movements going on now, whether it's to save the planet from climate change, to protect immigrants getting sent to gulags, or to stop the genocide in Gaza.
+
+***Em:*** *Absolutely, and digital rights advocates and organizations undeniably have a crucial role to play in these movements. Finally, is there anything else you would like to share with us that we haven't discussed yet?*
+
+**Micah:**
+
+If you want to support Lockdown Systems and you work for an organization that might be interested in offering Cyd as a benefit to their employees, check out Cyd for Teams! If we can get organizations on board this will go a long way to making sure we can continue to get paid doing this work: [https://docs.cyd.social/docs/cyd-for-teams/intro](https://docs.cyd.social/docs/cyd-for-teams/intro)
+
+***Em:*** *Thank you so much Micah for taking the time to answer our questions today! The new projects you are working on are fascinating, and so important in the current landscape. I'm excited for more people to discover Cyd and Lockdown Systems, and will myself be following their evolution and expansion enthusiastically.*
+
+## Consider supporting Micah Lee's projects
+
+If you would like to follow Micah Lee's work and support his projects, consider:
+
+- [Following Micah Lee on Mastodon](https://infosec.exchange/@micahflee)
+
+- [Reading Micah Lee's Blog](https://micahflee.com/)
+
+- [Donating to Cyd and Lockdown Systems](https://opencollective.com/lockdown-systems)
+
+- [Signing up for Cyd for Teams](https://docs.cyd.social/docs/cyd-for-teams/sign-up)
+
+- [Getting a copy of Hacks, Leaks, and Revelations](https://hacksandleaks.com/)
+
+- [Contributing to one of Micah Lee's software](https://github.com/micahflee)

blog/posts/privacy-means-safety.md

@@ -0,0 +1,223 @@
+---
+date:
+    created: 2025-03-25T20:30:00Z
+categories:
+    - News
+authors:
+    - em
+description: Privacy is a human right that should be granted to everyone, no matter the reason. That being said, it's also important to remember that for millions of people around the world, data privacy is crucial for physical safety. For people in extreme situations, privacy can literally mean life or death.
+schema_type: NewsArticle
+---
+# Privacy Means Safety
+
+![Photo of a padlock with "SOS" written on it and a drawn heart instead of an "O" letter. It is locked on a metal fence.](../assets/images/privacy-means-safety/privacy-means-safety-cover.webp)
+
+<small aria-hidden="true">Photo: Georgy Rudakov / Unsplash</small>
+
+Privacy is a human right that should be granted to everyone, no matter the reason. That being said, it's also important to remember that for millions of people around the world, data privacy is crucial for physical safety. For people in extreme situations, privacy can literally mean life or death.<!-- more -->
+
+Many of us have experienced moments when our privacy concerns have been minimized or even completely dismissed.
+
+This general hostility towards data protection is dangerous. Yes, dangerous. **Data privacy isn't a trivial matter.**
+
+There are many circumstances where inadvertently or maliciously exposed data can put someone in grave danger. Worse, sometimes this danger might not even be known at the time, but might become incredibly important later on.
+
+We should never downplay the serious risk of exposing someone's data, even if this isn't a situation we personally experience, or even understand.
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Content Warning: This article contains mention of sexual assault, violence, and death.</p></div>
+
+## Leaked data can have grave consequences
+
+This isn't a hypothetical situation. There has been many tragic events where people have been harmed and even killed because data about them was leaked, stolen, or otherwise revealed to someone hostile.
+
+### Children
+
+The data of children is something our society should be much more invested in protecting, yet most new legislation [proposed](the-future-of-privacy.md#chat-control-wants-to-break-end-to-end-encryption) or [passed](the-future-of-privacy.md#age-verification-wants-to-collect-your-sensitive-data) to supposedly protect the children are doing the complete *opposite*, endangering everyone's data, *including* the children's.
+
+As for the data protection we already have, they are insufficient to protect most people's data, also including the children's.
+
+In 2020, the Irish child and family agency, Tusla, was fined €75,000 for a breach of the General Data Protection Regulation (GDPR). Investigation [revealed](https://www.irishtimes.com/news/crime-and-law/tusla-becomes-first-organisation-fined-for-gdpr-rule-breach-1.4255692) three instances where data about children had been negligently disclosed to unauthorized parties.
+
+In one case, the location and contact information of a mother and child was revealed to an alleged abuser. In another, the agency neglectfully [provided](https://www.irishtimes.com/ireland/social-affairs/2025/03/04/abusers-using-data-protection-law-to-get-details-on-victims/) the address of a child and the mother's phone number to a man accused of child sexual abuse.
+
+Such data leaks should never be tolerated. Sadly, much stronger fines will be required to stop organizations from being so dangerously careless.
+
+In 2018, an incredibly unfortunate 12-year-old gamer and his mother were both likely [traumatized for life](https://www.pcgamesn.com/fortnite/fortnite-stream-swatting) by a violent [swatting attack](https://en.wikipedia.org/wiki/Swatting) when the child's home address was exposed online. The outcome of this horrible attack could have ended much more tragically. The story doesn't explain how the child's address was found.
+
+Swatting attacks have become such a [problem](#mistaken-identity) in the United States that the Federal Bureau of Investigation (FBI) recently [created](https://www.nbcnews.com/news/us-news/fbi-formed-national-database-track-prevent-swatting-rcna91722) a national database to help track and prevent such attacks.
+
+### Victims of stalkers
+
+Stalking victims are incredibly vulnerable to any data leak. People in such situation can often be gravely endangered by data broker services, data breaches, information they might have shared online recently or decades ago, and information shared about them by friends and family.
+
+Unfortunately, this kind of horrifying situation isn't rare.
+
+The danger to victims of online stalkers should never be minimized. Stalking and harassment are serious crimes that should be reported and severely punished. Overlooking these offenses is being ignorant to how quickly the consequences of such crimes can escalate.
+
+In 2019, a 21-year-old Japanese pop star got stalked and sexually [assaulted](https://www.bbc.co.uk/news/world-asia-50000234) by a man who found her location from a picture she posted online. The photo had such high definition that the perpetrator was able to see and identify a specific train station that was visible *through a reflection in the singer's eyes*.
+
+The aggressor also gathered information about the victim's home by examining the photos she posted from her apartment to determine the exact unit location. He then went to the train station he identified from the photo, waited for her, and followed her home.
+
+In 2023, a podcast host and her husband were [killed](https://www.nbcnews.com/news/us-news/podcast-host-killed-stalker-deep-seated-fear-safety-records-reveal-rcna74842) by an online stalker. Despite having requested a protection order against the murderer, and despite blocking his phone number and social media accounts, after months of intense harassment online, the man eventually found the podcaster's home address, broke in, and fatally shot her and her husband.
+
+### Victims of domestic violence
+
+Victims of domestic violence are at an elevated risk of severe or even fatal repercussions when their data gets leaked or shared. People in this extreme situation often have to take extreme measures to protect data that could allow their abuser to find their new location.
+
+Things as banal as exposing someone's license plate, or posting online a photo taken in a public space could literally get a person in such situation killed.
+
+Moreover, some abusers are [weaponizing](https://www.irishtimes.com/ireland/social-affairs/2025/03/04/abusers-using-data-protection-law-to-get-details-on-victims/) subject access requests in an attempt to find the location of the victims fleeing them.
+
+It is imperative to ensure that data access legislation cannot be misused in such a dangerous way. Data legally shared with a subject should never lead to the harm of someone else.
+
+In another instance, a woman who was raped by a former partner was unable to safely receive counseling care because the notes from her counseling sessions could have been [shared](https://www.irishtimes.com/crime-law/courts/2025/01/17/calls-for-law-to-be-changed-to-end-access-to-rape-victims-counselling-notes/) in court with the perpetrator.
+
+Data privacy regulations should protect such sensitive data from being shared without explicit and free consent from the patient.
+
+### Healthcare seekers
+
+People seeking essential healthcare in adverse jurisdictions can be prosecuted when their private communications or locations are intercepted.
+
+In 2023, a mother from Nebraska (US) was arrested and criminally [charged](https://www.theverge.com/2023/7/11/23790923/facebook-meta-woman-daughter-guilty-abortion-nebraska-messenger-encryption-privacy) after she helped her 17-year-old daughter get an abortion.
+
+The woman was arrested partly based on the Facebook messages she exchanged with her daughter discussing medication for the abortion. Police obtained a copy of the private Facebook conversation by serving a warrant to Meta, which the company quickly complied with.
+
+### Whistleblowers and activists
+
+Whistleblowers and activists are at especially high risk of harm, particularly if they have publicly opposed or exposed oppressive regimes or criminal groups.
+
+Governments around the world, especially more authoritarian ones, have been increasingly [monitoring social media](https://privacyinternational.org/long-read/5337/social-media-monitoring-uk-invisible-surveillance-tool-increasingly-deployed) to track, identify, and persecute critics, activists, and journalists.
+
+Authorities have also been mandating direct collaboration from service providers to arrest activists. In 2021, a French climate activist was [arrested](https://techcrunch.com/2021/09/06/protonmail-logged-ip-address-of-french-activist-after-order-by-swiss-authorities/) after Proton Mail was legally [compelled](https://proton.me/blog/climate-activist-arrest) by Swiss laws to log and share the activist's IP address with authorities.
+
+In 2017, a 25-year-old working for the American National Security Agency (NSA) as a contractor was arrested after she was [identified](https://arstechnica.com/information-technology/2017/06/how-a-few-yellow-dots-burned-the-intercepts-nsa-leaker/) as the whistleblower who leaked a report about Russian electoral interference in the United States.
+
+The whistleblower had mailed the classified document to The Intercept anonymously. However, when the news organization tried to confirm the authenticity of the document with the NSA, the agency was able to determine which printer was used to print this copy, and from there deanonymized [Reality Winner](https://en.wikipedia.org/wiki/Reality_Winner). The technique used to track the document was the reading of almost invisible [printer tracking dots](https://en.wikipedia.org/wiki/Printer_tracking_dots) that many laser printers and photocopiers produce on all printed documents.
+
+This year on March 7th, community activist and whistleblower Pamela Mabini was [shot and killed](https://www.hrw.org/news/2025/03/11/activist-and-whistleblower-killed-south-africa) just outside her home in South Africa. She was an activist working with the [Maro Foundation](https://www.dailydispatch.co.za/local-heroes/2023-07-10-helping-others-is-the-reason-for-pamela-mabinis-smile/), a nonprofit organization dedicated to fighting poverty and gender-based violence.
+
+Mabini's murder has sparked a debate on the importance of protections offered to whistleblowers [exposing criminals](https://www.citizen.co.za/news/another-high-profile-whistleblower-gunned-down-how-safe-speak-out/) to justice. Following the activist's death, organizations have been calling to fast-track the [Whistleblower Protection Bill](https://www.iol.co.za/news/south-africa/calls-for-government-to-fast-track-protection-bill-following-activists-murder-3e8adc20-be58-4f3d-9a55-4a5818171c92) to bring more protections to those fighting for justice in South Africa.
+
+### Trans and queer activists
+
+Trans and queer activists are at elevated risk of harassment online in today's political climate. In 2022, 28-year-old trans activist Clara Sorrenti was victim of a swatting attack after police believed a fake report about violent threats made by her aggressor.
+
+She was arrested at gunpoint by the police, handcuffed, had her electronic devices seized, and her apartment searched for eight hours for non-existent evidence. The aggressor who made the false threats had [provided](https://www.cbc.ca/news/canada/london/trans-twitch-star-arrested-at-gunpoint-fears-for-life-after-someone-sent-police-to-her-london-ont-home-1.6546015) her name and home address to police.
+
+### Journalists
+
+Journalists around the world can become vulnerable to attacks even from governments when they report on oppressive regimes. This kind of situation can be extremely dangerous, considering the almost unlimited resources state-backed attackers can have to identify, track, and persecute their victims.
+
+In 2018, the prominent journalist and critic of Saudi Arabia's government Jamal Khashoggi was [murdered](https://www.bbc.co.uk/news/world-europe-45812399). Despite being based in the United States, the journalist traveled to Istanbul's Saudi consulate in Turkey to pick up official documents. Khashoggi was killed inside the consulate a few days later on October 2nd.
+
+Investigations revealed that people close to Khashoggi had their devices infected by NSO's [Pegasus spyware](https://freedom.press/digisec/blog/journalists-targeted-with-pegasus-yet-again/). This likely allowed the attacker to gather information about Khashoggi traveling outside the United States.
+
+Many other journalists, politicians, and human rights activists have been [targeted](https://www.bbc.co.uk/news/world-57891506) by state-backed spyware such as Pegasus.
+
+In 2022, Human Rights Watch [reported](https://www.hrw.org/news/2022/12/05/iran-state-backed-hacking-activists-journalists-politicians) that two of their staff members and at least 18 other activists, researchers, or journalists working on Middle East issues had been targeted by a phishing campaign coming from a group affiliated with the Iranian government. The entity succeeded in stealing emails and other sensitive data from at least three human rights defenders.
+
+### Targeted harassment
+
+Another danger of leaked data that shouldn't be minimized is targeted harassment. Targeted harassment can have devastating consequences ranging from silencing their victims, to suicide, to death by swatting attack.
+
+A well-known example of targeted harassment is Gamergate. Gamergate was a loosely organized [harassment campaign](https://en.wikipedia.org/wiki/Gamergate_(harassment_campaign)) targeting women in the video game industry. It started in 2014 when Zoë Quinn's ex-partner published a blog post with false insinuation about Quinn, a video game developer.
+
+Quinn was subsequently subjected to an incredibly intrusive [doxxing](https://en.wikipedia.org/wiki/Doxing) campaign, and even received rape threats and death threats. Attackers were able to steal an insecure password and [break into](https://time.com/4927076/zoe-quinn-gamergate-doxxing-crash-override-excerpt/) one of Quinn's account, which resulted in horrible consequences. The harassment campaign later expanded to target others who had defended Quinn online.
+
+In another case, targeted harassment resulted in one death and a five years prison sentence. In 2020, Mark Herring started receiving requests asking him to give up his Twitter handle, which he refused. Herring's "crime" was to have been quick enough to secure the handle "@Tennessee" shortly after Twitter came online.
+
+Over weeks, harassment escalated from sustained text messaging to random food delivery to his house. After Herring's harasser posted his home address in [a Discord chat room used by criminals](https://krebsonsecurity.com/2021/07/serial-swatter-who-caused-death-gets-five-years-in-prison/), someone used this data to direct a swatting attack at Herring's place. Police surrounded his home and demanded he crawl under a back fence, despite his health. After crawling under the fence, 60-year-old Mark Herring stoop up then collapsed from a heart attack, and died soon after.
+
+### Mistaken identity
+
+What is more, everyone can get victimized by exposed data, even people who are not online and even people who are not a whistleblower, a journalist, an activist, a victim of domestic violence, or someone who has committed the "unthinkable crime" of securing a cool Twitter handle.
+
+In 2017, 28-year-old Andrew Finch was [shot and killed](https://edition.cnn.com/2019/09/14/us/swatting-sentence-casey-viner/index.html) by police during a swatting attack in the United States.
+
+The attack was conducted after the perpetrator had an argument online over a multiplayer first-person shooter game. The perpetrator, who was later sentenced, threatened another player he was upset with to "swat" him. The perpetrator then enlisted another man to call the police and conduct the attack on the player, with the home address the player provided. This address turned out to be the previous address of the player, which was now Andrew Finch's address.
+
+When police arrived at Andrew Finch's home and surrounded the place, Finch, completely unaware of what was happening, barely had the time to comply and get outside when the police shot and killed him at the front door.
+
+The man who conducted the swatting attack for the perpetrator got [sentenced](https://en.wikipedia.org/wiki/2017_Wichita_swatting) to 20 years in federal prison.
+
+In 2021, an Australian 15-year-old girl was [mistakenly targeted](https://www.abc.net.au/news/2021-03-26/canberra-family-doxxed-sent-death-threats-after-social-video/100014706) and later doxxed with her real information after she had been wrongly identified online as someone who had participated in a racist social media video posted on Facebook.
+
+A few hours after her name was shared online, the girl started to be inundated by hateful messages and unspeakable threats from all around the world. Her phone number and home address were eventually shared online. Her family received hateful messages from strangers as well.
+
+During the ordeal, her mother had to be hospitalized for heart disease. The girl, who had absolutely nothing to do with the racist video that spawned the attacks, contemplated suicide due to the violence of the harassment. She and her mother no longer felt safe.
+
+Digital traces of the personal data that was exposed during the attacks will likely remain online forever, even if the girl and her family were completely innocent and unrelated to what triggered the cyber-swarming.
+
+The 26-year-old American who incorrectly identified the Australian girl and shared her name and social media accounts online later apologized for his mistake.
+
+## How data finds its way to an aggressor
+
+### Targeted research, attack, and spyware
+
+For targeted attacks, aggressors will often use simple techniques to find a victim's data from what is already leaked online, or openly shared on social media. For more sophisticated attacks, perpetrators might use criminal methods such as impersonation for [SIM swap attacks](https://en.wikipedia.org/wiki/SIM_swap_scam). When attackers have more resources, such as a state-backed attackers, more sophisticated processes might be used, like device infection with [NSO Group's spyware](https://citizenlab.ca/tag/nso-group/).
+
+### Maliciously stolen or negligently leaked
+
+Data can be stolen maliciously in all sort of ways, but even more often and common, data is leaked online from banal *negligence*.
+
+Once data is leaked online, it will likely become accessible to anyone looking for it eventually. Additionally, any data breach happening now has the potential to endanger someone years down the line. Perhaps it's a home address that has not changed in years, a phone number used for a decade, a legal name, a photograph, or even a [medical file](https://krebsonsecurity.com/2024/04/man-who-mass-extorted-psychotherapy-patients-gets-six-years/).
+
+Unfortunately, the data broker industry thrives on bundling up all this data together in neat packages to be sold to anyone looking for it, making any attacker's job much easier.
+
+#### Unencrypted data
+
+When the data leaked or stolen is well encrypted, the [risk is reduced](https://www.maketecheasier.com/how-secure-stolen-encrypted-data/). If the leaked data cannot be decrypted easily, this will greatly mitigate the damage done by a breach. Conversely, unencrypted leaked data will always inflict maximum damage.
+
+This is why we should demand that all the services we use implement strong, *end-to-end* encryption wherever possible.
+
+### Obliviously shared without consent
+
+Sometimes, the data endangering someone isn't leaked negligently or stolen maliciously, but simply shared by a friend or a family member oblivious to the danger.
+
+This is [a cultural problem we all need to work on](the-privacy-of-others.md).
+
+Despite all the technological protections we can put on data, and despite all the regulations we can ask organizations to comply with, if our culture doesn't understand the danger of sharing the data of others, we will fail to protect the most vulnerable people in our society.
+
+## Protecting data for everyone's safety is a societal, communal, and individual responsibility
+
+Protecting data isn't simply a matter of preference, although it can absolutely be. But for so many people around the world, it is vital to understand how *crucial* data privacy is.
+
+As explicitly demonstrated above, data protection can literally mean life or death for people in vulnerable situations. Beyond that, it is unfortunately also true for anyone unlucky enough to get mistakenly targeted when their data is shared.
+
+In all of these situations, **data privacy means safety**.
+
+We must demand that governments, corporations, and organizations of all kinds do better to improve data protection practices and technologies.
+
+As a community, we also have a responsibility to protect the most vulnerable people from harm caused by data leaks.
+
+And finally, as individuals, we share this duty of care and must all work on improving the way we protect our own data, but even more importantly, the data of everyone around us.
+
+**Privacy means safety, for everyone.**
+
+---
+
+<div class="admonition info" markdown>
+<p class="admonition-title">Resources in the United States & Canada</p>
+
+If you or someone you know is in one of the situations described above, these additional resources may help. Make sure to take [appropriate measures](https://www.privacyguides.org/en/basics/threat-modeling/) to protect your privacy if your situation is sensitive. If you are in a high risk situation, you might want to access these resources using [Tor](https://www.privacyguides.org/en/advanced/tor-overview/) or [Tails](installing-and-using-tails.md).
+
+**Suicide & Crisis Support Line** :material-arrow-right-bold: [988 Lifeline](https://988lifeline.org/) Phone number: 988 (US & Canada)
+
+**Trans Peer Support** :material-arrow-right-bold: [Trans Lifeline Hotline](https://translifeline.org/hotline/) Phone number US: 1-877-565-8860 / Canada: 1-877-330-6366
+
+**Stalking Victim Support**  :material-arrow-right-bold: US: [SafeHorizon](https://www.safehorizon.org/get-help/stalking/) / Canada: [The Canadian Resource Centre for Victims of Crime](https://crcvc.ca/wp-content/uploads/2021/09/Cyberstalking-_DISCLAIMER_Revised-Aug-2022_FINAL.pdf)
+
+**Domestic Violence Victim Support** :material-arrow-right-bold: US: [The National Domestic Violence Hotline](https://www.thehotline.org/) Phone number: 1-800-799-7233 / Canada: [Canadian resources by situation and province](https://www.canada.ca/en/public-health/services/health-promotion/stop-family-violence/services.html)
+
+**Reproductive Rights & Healthcare** :material-arrow-right-bold: US: [Planned Parenthood](https://www.plannedparenthood.org/) / Canada: [Action Canada for Sexual Health & Rights](https://www.actioncanadashr.org/resources/services)
+
+**Journalists and Whistleblowers** :material-arrow-right-bold: US: [Freedom or the Press Foundation Guides & Resources](https://freedom.press/digisec/guides/) / Canada: [Canadian Association of Journalists](https://caj.ca/advocacy/digital-security/)
+
+**Protesters** :material-arrow-right-bold: [The Protesters' Guide to Smartphone Security](activists-guide-securing-your-smartphone.md)
+
+</div>
+
+---
+
+**Correction (Mar. 27):** This article was updated to correct a typo in a date. The previous version wrongly described the arrest of a French climate activist happening in 2012, when these events actually happened in 2021. 

blog/posts/private-european-alternatives.md

@@ -0,0 +1,283 @@
+---
+date:
+    created: 2025-03-19T21:00:00Z
+categories:
+    - News
+authors:
+    - jonah
+description: There is a growing sentiment that the US shouldn't be relied upon for the technologies that many people and businesses use every day. These privacy-centric recommendations come from a variety of European-based companies and organizations, that you should definitely consider checking out!
+schema_type: NewsArticle
+preview:
+  color: "#003399"
+  text_color: "#ffffff"
+  site_logo: privacy-guides-logo-notext-colorbg-white.svg
+  icon: simple/europeanunion
+---
+# Privacy-Respecting European Tech Alternatives
+
+![European Union flag and Privacy Guides logo side by side](../assets/images/private-european-alternatives/eu-alternatives.webp)
+
+<small aria-hidden="true">Illustration: Jonah Aragon / Privacy Guides</small>
+
+There is a growing sentiment that the US shouldn't be relied upon for the technologies that many people and businesses use every day. Lately, the US has been unilaterally [cutting off](https://archive.ph/EJ26f) access to critical technologies to European countries, prompting [calls for "radical action"](https://techcrunch.com/2025/03/16/european-tech-industry-coalition-calls-for-radical-action-on-digital-sovereignty-starting-with-buying-local/) to bolster European tech stacks from EU lawmakers.<!-- more -->
+
+At Privacy Guides, we generally value technical guarantees over matters like jurisdiction. There is simply no alternative to privacy technologies like strong *end-to-end encryption* when it comes to protecting your information.
+
+That being said, the United States *certainly* does not have a monopoly on the best technologies, and many of our favorite [recommended tools](https://www.privacyguides.org/en/tools/) come from Europe and all over the world. Tools from the European Union also generally benefit from much stronger data protection laws, thanks to the EU's General Data Protection Regulation (GDPR).
+
+If supporting the European tech industry is something that is important to you, here's a non-exhaustive list of some of our favorites. We have many more recommendations throughout our website if you are interested in learning more about privacy-respecting tech alternatives!
+
+## :material-email: Email Services
+
+Many people and businesses are tied to Google's Gmail or Microsoft's Outlook products, but there are *far* more secure and private [alternative email providers](https://www.privacyguides.org/en/email/) out there!
+
+### Tuta :flag_de:
+
+<div class="admonition recommendation" markdown>
+
+![Tuta logo](../assets/img/email/tuta.svg#only-light){ align=right }
+![Tuta logo](../assets/img/email/tuta-dark.svg#only-dark){ align=right }
+
+Based in Hanover, Germany, **Tuta** is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011.
+
+Free accounts start with 1 GB of storage.
+
+[:octicons-info-16: More Info](https://www.privacyguides.org/en/email/#tuta){ .md-button .md-button--primary }
+[:octicons-home-16:](https://tuta.com){ .card-link title="Homepage" }
+
+</div>
+
+### Proton Mail :flag_ch:
+
+<div class="admonition recommendation" markdown>
+
+![Proton Mail logo](../assets/img/email/protonmail.svg){ align=right }
+
+Based in Geneva, Switzerland, **Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013.
+
+The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
+
+[:octicons-info-16: More Info](https://www.privacyguides.org/en/email/#proton-mail){ .md-button .md-button--primary }
+[:octicons-home-16:](https://proton.me){ .card-link title="Homepage" }
+
+</div>
+
+## :material-file-document-edit: Office Suites
+
+Of course, email isn't the only thing offered by solutions like Google Workspace and Microsoft 365. Many people use their entire suite of [productivity tools](https://www.privacyguides.org/en/document-collaboration/) to manage their businesses and collaborate with others.
+
+Luckily, there are plenty of alternatives that incorporate strong encryption and can even be self-hosted, which will not only decrease your reliance on the traditional Big Tech companies, but keep your data far more secure as well.
+
+### CryptPad :flag_fr:
+
+Developed and hosted by *XWiki* in Paris, France, **CryptPad** is a complete online office suite with applications including Documents, Rich Text, Spreadsheets, Code/Markdown, Kanban, Slides, Whiteboard and Forms.
+
+<div class="admonition recommendation" markdown>
+
+![CryptPad logo](../assets/img/document-collaboration/cryptpad.svg){ align=right }
+
+**CryptPad** is a private-by-design alternative to popular office tools. All content on this web service is end-to-end encrypted and can be shared with other users easily.
+
+[:octicons-info-16: More Info](https://www.privacyguides.org/en/document-collaboration/#cryptpad){ .md-button .md-button--primary }
+[:octicons-home-16:](https://cryptpad.org){ .card-link title="Homepage" }
+
+</div>
+
+:material-star-box: We recently did a [full review of CryptPad](cryptpad-review.md), which you should definitely check out if you might be interested in switching!
+
+### Nextcloud :flag_de:
+
+**Nextcloud** comes from German startup *Nextcloud GmbH*, and offers a complete cloud drive alternative to Google Drive or OneDrive.
+
+<div class="admonition recommendation" markdown>
+
+![Nextcloud logo](../assets/img/document-collaboration/nextcloud.svg){ align=right }
+
+**Nextcloud** is a suite of free and open-source client-server software for creating your own file hosting services on a private server you control.
+
+[:octicons-info-16: More Info](https://www.privacyguides.org/en/document-collaboration/#nextcloud){ .md-button .md-button--primary }
+[:octicons-home-16:](https://nextcloud.com){ .card-link title="Homepage" }
+
+</div>
+
+### LibreOffice :flag_de:
+
+**LibreOffice** is developed by *The Document Foundation* based in Berlin, Germany. It's a free and open-source office suite with extensive functionality.
+
+<div class="admonition recommendation" markdown>
+
+![LibreOffice logo](../assets/img/office-suites/libreoffice.svg){ align=right }
+
+Web-based editors aren't for everyone. If you need a full-fledged office suite that runs locally on your computer, **LibreOffice** is a fantastic alternative to Microsoft Office.
+
+[:octicons-info-16: More Info](https://www.privacyguides.org/en/office-suites/#libreoffice){ .md-button .md-button--primary }
+[:octicons-home-16:](https://libreoffice.org){ .card-link title="Homepage" }
+
+</div>
+
+## :material-search-web: Search Engines
+
+One of the most frequently used tools on the internet is the venerable search engine. Switching from **Google** to an [alternative](https://www.privacyguides.org/en/search-engines/) is one of the biggest impact approaches to improving your privacy that you can make.
+
+### Startpage :flag_nl:
+
+Headquartered and developed in the Netherlands, Startpage is one great alternative to Google you could consider:
+
+<div class="admonition recommendation" markdown>
+
+![Startpage logo](../assets/img/search-engines/startpage.svg#only-light){ align=right }
+![Startpage logo](../assets/img/search-engines/startpage-dark.svg#only-dark){ align=right }
+
+**Startpage** is a private search engine. One of Startpage's unique features is the [Anonymous View](https://startpage.com/en/anonymous-view), which puts forth efforts to standardize user activity to make it more difficult to be uniquely identified. The feature can be useful for hiding [some](https://support.startpage.com/hc/articles/4455540212116-The-Anonymous-View-Proxy-technical-details) network and browser properties. However, unlike the name suggests, the feature should not be relied upon for *total* anonymity.
+
+[:octicons-info-16: Homepage](https://www.privacyguides.org/en/search-engines/#startpage){ .md-button .md-button--primary }
+[:octicons-home-16:](https://startpage.com){ .card-link title="Homepage" }
+
+</div>
+
+It is worth noting that [since 2020](relisting-startpage.md), Startpage has been a subsidiary of American company System1. Their operations and employees remain in the Netherlands, and you can choose to utilize only European servers if you wish.
+
+## :material-earth: Web Browsers
+
+Web browsers are historically very tricky to build, and the three major browser engines, Chromium, Gecko (Firefox), and WebKit (Safari) are all *primarily* developed by American companies. This is a space that could certainly use improvement.
+
+### Mullvad Browser :flag_se:
+
+One of our [recommended browsers](https://www.privacyguides.org/en/desktop-browsers/) is spearheaded by Swedish VPN company *Mullvad*, although it's worth noting that its development is somewhat reliant on American non-profits Mozilla and the Tor Project, being a Tor Browser fork.
+
+<div class="admonition recommendation" markdown>
+
+![Mullvad Browser logo](../assets/img/browsers/mullvad_browser.svg){ align=right }
+
+**Mullvad Browser** is a version of Tor Browser with Tor network integrations removed. It aims to provide to VPN users Tor Browser's anti-fingerprinting browser technologies, which are key protections against mass surveillance programs. It is developed by the Tor Project and distributed by Mullvad, although it does *not* require the use of Mullvad's VPN.
+
+[:octicons-info-16: More Info](https://www.privacyguides.org/en/desktop-browsers/#mullvad-browser){ .md-button .md-button--primary }
+[:octicons-home-16:](https://mullvad.net/en/browser){ .card-link title="Homepage" }
+
+</div>
+
+## :material-map: Maps & Navigation
+
+Mapping and location apps like Google Maps can track your every move, and that data is used by tech companies for a wide variety of purposes, including for military and defense. The best mapping apps for your privacy can be used completely offline:
+
+### Organic Maps :flag_ee:
+
+<div class="admonition recommendation" markdown>
+
+![Organic Maps logo](../assets/img/maps/organic-maps.svg){ align=right }
+
+Based in Estonia, **Organic Maps** is an open source, community-developed map display and satnav-style navigation app for walkers, drivers, and cyclists. The app offers worldwide offline maps based on OpenStreetMap data, and navigation with privacy — no location tracking, no data collection, and no ads. The app can be used completely offline.
+
+[:octicons-info-16: More Info](https://www.privacyguides.org/en/maps/#organic-maps){ .md-button .md-button--primary }
+[:octicons-home-16:](https://organicmaps.app){ .card-link title="Homepage" }
+
+</div>
+
+### OsmAnd :flag_nl:
+
+<div class="admonition recommendation" markdown>
+
+![OsmAnd logo](../assets/img/maps/osmand.svg){ align=right }
+
+Based in the Netherlands, **OsmAnd** is an offline map and navigation application based on OpenStreetMap, offering turn-by-turn navigation for walking, cycling, driving, as well as public transport. It is open-source and does not collect any user data.
+
+[:octicons-home-16: More Info](https://www.privacyguides.org/en/maps/#osmand){ .md-button .md-button--primary }
+[:octicons-home-16:](https://osmand.net){ .card-link title="Homepage" }
+
+</div>
+
+## :material-form-textbox-password: Password Managers
+
+### KeePassXC :flag_de:
+
+<div class="admonition recommendation" markdown>
+
+![KeePassXC logo](../assets/img/password-management/keepassxc.svg){ align=right }
+
+**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bug fixes to provide a feature-rich, cross-platform, and modern open-source password manager.
+
+[:octicons-info-16: More Info](https://www.privacyguides.org/en/passwords/#keepassxc){ .md-button .md-button--primary }
+[:octicons-home-16:](https://keepassxc.org){ .card-link title="Homepage" }
+
+</div>
+
+:material-star-box: We recently published an article on [securely using KeePassXC with a YubiKey](installing-keepassxc-and-yubikey.md)!
+
+### Proton Pass :flag_ch:
+
+<div class="admonition recommendation" markdown>
+
+![Proton Pass logo](../assets/img/password-management/protonpass.svg){ align=right }
+
+**Proton Pass** is an open-source, end-to-end encrypted password manager developed by the Swiss company Proton AG, the team behind Proton Mail. It securely stores your login credentials, generates unique email aliases, and supports and stores passkeys.
+
+[:octicons-home-16: More Info](https://www.privacyguides.org/en/passwords/#proton-pass){ .md-button .md-button--primary }
+[:octicons-home-16:](https://proton.me/pass){ .card-link title="Homepage" }
+
+</div>
+
+## :material-chat-processing: Instant Messengers
+
+Switching off of WhatsApp, Facebook Messenger, or iMessage in favor of a more [private instant messenger](https://www.privacyguides.org/en/real-time-communication/) is an excellent way to safeguard your chats.
+
+### Element :flag_gb:
+
+Element is based in the United Kingdom, which is of course no longer in the European Union. However, it is a trusted messaging platform by the [French government](https://element.io/case-studies/tchap), and the [German military](https://element.io/case-studies/bundeswehr), among many other organizations in Europe and around the world looking for sovereignty from Big Tech messaging platforms like Slack and Google Messages.
+
+<div class="admonition recommendation" markdown>
+
+![Element logo](../assets/img/messengers/element.svg){ align=right }
+
+**Element** is the flagship client for the [Matrix](https://matrix.org/docs/chat_basics/matrix-for-im) protocol, an [open standard](https://spec.matrix.org/latest) for secure decentralized real-time communication.
+
+Messages and files shared in private rooms (those which require an invite) are by default E2EE, as are one-to-one voice and video calls.
+
+[:octicons-info-16: More Info](https://www.privacyguides.org/en/real-time-communication/#element){ .md-button .md-button--primary }
+[:octicons-home-16:](https://element.io){ .card-link title="Homepage" }
+
+</div>
+
+### SimpleX :flag_gb:
+
+Another open-source option from the United Kingdom, SimpleX chat has very strong security features, and can be entirely self-hosted anywhere in the world if you prefer the assurances a [custom server](https://simplex.chat/docs/server.html) can bring.
+
+<div class="admonition recommendation" markdown>
+
+![Simplex logo](../assets/img/messengers/simplex.svg){ align=right }
+
+**SimpleX Chat** is an instant messenger that doesn't depend on any unique identifiers such as phone numbers or usernames. Its decentralized network makes SimpleX Chat an effective tool against censorship.
+
+[:octicons-info-16: More Info](https://www.privacyguides.org/en/real-time-communication/#simplex-chat){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://simplex.chat){ .card-link title="Homepage" }
+
+</div>
+
+### Briar :earth_africa:
+
+Briar is an open source project not legally incorporated in any jurisdiction, although it has received funding from European initiatives like [NGI](https://ngi.eu/) and the [NLnet Foundation](https://nlnet.nl/), and includes many Europeans in their voluntary board and team.
+
+<div class="admonition recommendation" markdown>
+
+![Briar logo](../assets/img/messengers/briar.svg){ align=right }
+
+**Briar** is an encrypted instant messenger that [connects](https://briarproject.org/how-it-works) to other clients using the Tor Network, making it an effective tool at circumventing censorship. Briar can also connect via Wi-Fi or Bluetooth when in local proximity. Briar’s local mesh mode can be useful when internet availability is a problem.
+
+[:octicons-info-16: More Info](https://www.privacyguides.org/en/real-time-communication/#briar){ .md-button .md-button--primary }
+[:octicons-home-16:](https://briarproject.org){ .card-link title="Homepage" }
+
+</div>
+
+## More Services...
+
+Looking for more? Here's a short (and non-exhaustive) list of other recommendations of ours which are based in Europe:
+
+- [**VPN Services**](https://www.privacyguides.org/en/vpn/): :flag_se: [Mullvad](https://www.privacyguides.org/en/vpn/#mullvad) and :flag_ch: [Proton VPN](https://www.privacyguides.org/en/vpn/#proton-vpn)
+- [**DNS Providers**](https://www.privacyguides.org/en/dns/#recommended-providers): :flag_fr: [dns0.eu](https://dns0.eu/), :flag_se: [Mullvad DNS](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls), and :flag_ch: [Quad9](https://quad9.net/)
+- [**Calendars**](https://www.privacyguides.org/en/calendar/): :flag_de: [Tuta](https://tuta.com/calendar) and :flag_ch: [Proton Calendar](https://proton.me/calendar)
+- [**Notes Apps**](https://www.privacyguides.org/en/notebooks/): :flag_gb: [Joplin](https://joplinapp.org/) and :flag_ee: [Crypt.ee](https://crypt.ee/)
+- [**Pastebins**](https://www.privacyguides.org/en/pastebins/): :flag_fr: [PrivateBin](https://privatebin.info/)
+- [**Linux Distros**](https://www.privacyguides.org/en/desktop/): :flag_de: [openSUSE](https://www.opensuse.org/)
+
+If you're in Europe and looking to build or host your *own* European technology, there are also plenty of alternatives to the typical American IT providers. Topics like cloud computing platforms, web analytics services, and content delivery networks are currently out of scope for what we cover here at Privacy Guides, but [European Alternatives](https://european-alternatives.eu/) is one great resource for finding more services like these.
+
+At the end of the day, we trust *all* of our [recommended privacy tools](https://www.privacyguides.org/en/tools/) to keep you safe from prying eyes, but there are many valid reasons you may prefer to stick to the European market.

blog/posts/the-dangers-of-end-to-end-encryption.md

@@ -0,0 +1,99 @@
+---
+date:
+    created: 2025-04-01T05:40:00Z
+categories:
+    - Announcements
+tags:
+    - April Fools
+authors:
+    - aprilfools
+license: BY-SA
+description: Privacy Guides is formally taking a stand against dangerous and frightening technologies.
+schema_type: SatiricalArticle
+preview:
+  logo: blog/assets/images/the-dangers-of-end-to-end-encryption/fire.svg
+---
+# The Dangers of End-to-End Encryption - Happy April fools!
+
+![An image showing a burning car](../assets/images/the-dangers-of-end-to-end-encryption/cover.webp)
+
+<small aria-hidden="true">Photo: Flavio / Unsplash</small>
+
+In the digital age, nothing is more important than convenience and easy access to data. Unfortunately, there has been an alarming trend among technologists to implement **End-to-End Encryption** (E2EE) in their applications, to the detriment of all the important work being done by countless organizations, including the best and brightest intelligence agencies and big tech companies.<!-- more -->
+
+<div class="admonition tip inline" markdown>
+<p class="admonition-title">April Fools!</p>
+
+This article was published on April 1st, 2025.
+
+Privacy Guides supports strong encryption as a cornerstone of digital security and personal freedom. End-to-end encryption ensures that **your** communications remain **yours**, which is a principle worth preserving.
+
+</div>
+
+Security-focused developers and misguided "advocates" have long attempted to convince those involved in privacy and security that E2EE is an advanced security measure designed to protect your sensitive data, and *Privacy Guides* has stood by for far too long not setting the record straight.
+
+In this article, we are going to explore how these "protections" actually endanger you and pose critical threats to society at large. Threats that are so grave that numerous government agencies around the world insist that we immediately limit or eliminate E2EE entirely, before our world as we know it falls apart.
+
+*Privacy Guides* is acutely aware of these serious concerns, and believes privacy should always be a conditional right, used *responsibly*.
+
+## E2EE hampers *legitimate* government surveillance
+
+Every day, intelligence agencies carry out perfectly legitimate surveillance activities against both their own citizens and foreigners. There is no question that these agencies are crucial to the upkeep of our national security, and it is our moral obligation to assist them in these warrantless activities, whether we know it or not.
+
+When services like [Signal](https://www.privacyguides.org/en/real-time-communication/) or [Tuta](https://www.privacyguides.org/en/email/) keep all of their users messages locked in an impenetrable vault, how are they supposed to keep tabs on potential criminals using their services?
+
+The reality is that if the government is not allowed to read *every* message being sent, they might never encounter the *one* that actually warrants suspicion.
+
+It's true that end-to-end encryption also protects the lives of journalists, whistleblowers, and human-rights activists from those few governments which are *actually* oppressive, but these edge-cases should not be used as an excuse to hinder legitimate governments like in the US or the UK.
+
+## E2EE encourages crime
+
+With end-to-end encryption, criminals are granted a free pass for unlimited criminal activity. *Nobody* can read their messages besides them! Shocking, isn't it?
+
+If platforms simply removed all forms of encryption from their services, we could solve cybercrime, illegal drug dealing, dangerous hacking attempts, child exploitation, and terrorism overnight... right?
+
+There is plenty of historical precedent here. Platforms like Snapchat which *don't* utilize end-to-end encryption have bravely been [involved in noble arrests](https://www.bbc.com/news/world-europe-68099669), stopping criminals in their tracks before they had a chance to act.
+
+Users of these platforms who aren't criminals do benefit a bit from end-to-end encryption. It protects them from identity theft, surveillance, and data breaches every day. With any sort of trade-off like this, this is certainly a factor to consider. We believe it is very clear that giving up minor protections like this is a small price to pay to potentially intercept the next dangerous joke in a group text.
+
+## It prevents *helpful* backdoors
+
+Many tech companies have tried to [introduce backdoors into their end-to-end encrypted platforms](https://www.eff.org/deeplinks/2021/08/apples-plan-think-different-about-encryption-opens-backdoor-your-private-life), only to be lambasted by the legion of completely unreasonable "privacy advocates" out there. Our stance on privacy is far more principled, and we believe there is a middle-ground to be found in the laws of mathematics.
+
+The solution proposed by companies like Apple and agencies like the FBI is a sound one. They will protect your messages, *unless* they encounter something suspicious. At that point, keys to decrypt your data will be given **only to the good guys**, so that they can enforce the law.
+
+This approach makes a lot of sense. By carefully controlling access to these skeleton keys, it's trivial for companies to make sure they only fall into the right hands. The notion that they might be leaked, or that someone with enough resources could replicate that access, is so far into slippery slope territory that it borders on nonsense. Let's stick with what we know about the security capabilities of these companies today, instead of imagining ridiculous scenarios where they are breached.
+
+## It harms innovation
+
+Think about all the services you use online every day. The companies behind those services *rely* on collecting as much of your personal data as possible in order to constantly produce exciting new innovations. Without mass data collection, how would you get personalized ads for weeks about different new sneakers, because you bought that pair on Amazon yesterday? How else would companies emulate the real-life experience of constantly being hounded by a salesperson in a store selling you the exact thing you desperately need?
+
+E2EE prevents companies from truly knowing their users, stifling these massive advances in advanced user profiling!
+
+Big tech companies monetizing your personal data in ways that you don't need to understand nor consent to is what makes the internet such a magical place. If your private chats are protected with E2EE, companies won't be able to serve you the moment you even *think* about a new lawnmower. What do you think about that?
+
+## It's challenging for developers
+
+Another way E2EE slows down innovation even in the digital security realm is its complexity. Implementing robust cryptographic libraries and user-friendly key management systems is complicated, and software development is supposed to be a piece of cake.
+
+The problem of digital security has already been solved: simply store that information in a database and protect that database from anyone who isn't approved to see it. Protections beyond this tend to be complexity for the sake of complexity. If we did away with the countless developer hours wasted on protection nobody *really* needs, we'd have more time to add longer animations and innovative features like infinite scrolling to keep users happily using their apps for hours on end.
+
+## E2EE is a slippery slope!
+
+Constantly pushing E2EE sets up consumers with a wildly unreasonable expectation, that privacy should be the default. If people got comfortable communicating without tech companies and governments constantly peeking over their shoulder, it's impossible to imagine what they might start thinking next. Maybe they'd start to believe personal liberty is a right, instead of a *privilege*.
+
+End-to-end encryption is an insidious technology that has crept its way into some of the best instant messengers, [cloud storage providers](https://www.privacyguides.org/en/cloud/), and other apps. It stands in the way of law enforcement, government security agencies, data-collecting corporations, and anyone else who might need to peek into your personal life.
+
+It's time we took a stand against this technology and demand a true solution from our governments: **Sensible** regulations that allow for *partial* protections while keeping the option for these entities to decrypt it when necessary intact. The sense of security is all that truly matters to most people anyway.
+
+[Who needs *complete* privacy](https://www.privacyguides.org/en/basics/why-privacy-matters/) when you can have a half-baked version easily circumvented by the good guys? What is privacy in the first place, if not a convenient cover for wrongdoing? If we can't read all messages (just in case), how are we expected to keep society safe?
+
+---
+
+This article was published on April Fools' Day. If you've made it to the end, and you haven't noticed how we buried the real benefits of end-to-end encryption in our hyperbolic worst-case scenarios, well... surprise! 😄
+
+Privacy Guides supports strong encryption as a cornerstone of digital security and personal freedom. End-to-end encryption ensures that **your** communications remain **yours**, which is a principle worth preserving.
+
+If the "dangers" of E2EE upset you, maybe it is time to reflect on how crucial privacy is to everyone: You, me, whistleblowers, activists, and everyday people who just want to live their lives. Happy April 1st, and stay secure out there!
+
+*Written by: Jonah Aragon*

blog/posts/the-future-of-privacy.md

@@ -2,11 +2,11 @@
 date:
     created: 2025-02-03T19:00:00Z
 categories:
-    - Opinion
+    - News
 authors:
     - em
 description: Privacy is intrinsically intertwined with politics. Each change in governance can have serious effects on privacy rights and privacy tools, for better or for worse. Let's examine with concrete examples how politics affect legislations that can have an immense impact on the privacy tools and features we use.
-schema_type: OpinionNewsArticle
+schema_type: NewsArticle
 ---
 
 # The Future of Privacy: How Governments Shape Your Digital Life

blog/posts/the-privacy-of-others.md

@@ -2,11 +2,11 @@
 date:
     created: 2025-03-10T20:00:00Z
 categories:
-    - Opinion
+    - Explainers
 authors:
     - em
 description: In privacy, we talk a lot about how to protect our own data, but what about our responsibility to protect the data of others? If you care about privacy rights, you must also care for the data of the people around you. Together, we must start building a culture of data privacy where everyone cares for the data of others.
-schema_type: OpinionNewsArticle
+schema_type: NewsArticle
 ---
 # Privacy is Also Protecting the Data of Others
 

docs/about/donate.md

@@ -10,7 +10,7 @@ Support our mission to defend digital rights and spread the word about mass surv
 
 <small markdown>
 
-MAGIC Grants is our fiscal host, and their custom, open-source donation platform allows you to donate to our project with **Monero**, **Bitcoin**, or **debit/credit card**. You can also donate using [:simple-github: GitHub Sponsors](https://github.com/sponsors/privacyguides).
+MAGIC Grants is our fiscal host, and their custom, open-source donation platform allows you to donate to our project with **Monero**, **Litecoin (MWEB)**, **Bitcoin**, or **debit/credit card**. You can also donate using [:simple-github: GitHub Sponsors](https://github.com/sponsors/privacyguides).
 
 </small>
 

docs/document-collaboration.md

@@ -53,7 +53,7 @@ We don't recommend using the [E2EE App](https://apps.nextcloud.com/apps/end_to_e
 
 ![CryptPad logo](assets/img/document-collaboration/cryptpad.svg){ align=right }
 
-**CryptPad** is a private-by-design alternative to popular office tools. All content on this web service is end-to-end encrypted and can be shared with other users easily.
+**CryptPad** is a private-by-design alternative to popular office tools. All content on this web service is end-to-end encrypted and can be shared with other users easily. [:material-star-box: Read our latest CryptPad review.](https://www.privacyguides.org/articles/2025/02/07/cryptpad-review/)
 
 [:octicons-home-16: Homepage](https://cryptpad.fr){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://cryptpad.fr/pad/#/2/pad/view/GcNjAWmK6YDB3EO2IipRZ0fUe89j43Ryqeb4fjkjehE){ .card-link title="Privacy Policy" }

docs/search-engines.md

@@ -44,8 +44,6 @@ Brave Search includes unique features such as [Discussions](https://search.brave
 [:octicons-eye-16:](https://search.brave.com/help/privacy-policy){ .card-link title="Privacy Policy" }
 [:octicons-info-16:](https://search.brave.com/help){ .card-link title=Documentation}
 
-</details>
-
 </div>
 
 Note that if you use Brave Search while logged in to a Premium account, it may make it easier for Brave to correlate queries with specific users.
@@ -67,8 +65,6 @@ DuckDuckGo is the default search engine for the [Tor Browser](tor.md#tor-browser
 [:octicons-eye-16:](https://duckduckgo.com/privacy){ .card-link title="Privacy Policy" }
 [:octicons-info-16:](https://help.duckduckgo.com){ .card-link title=Documentation}
 
-</details>
-
 </div>
 
 DuckDuckGo offers two [other versions](https://help.duckduckgo.com/features/non-javascript) of their search engine, both of which do not require JavaScript. These versions do lack features, however. These versions can also be used in conjunction with their Tor hidden address by appending [/lite](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/lite) or [/html](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/html) for the respective version.
@@ -87,8 +83,6 @@ DuckDuckGo offers two [other versions](https://help.duckduckgo.com/features/non-
 [:octicons-eye-16:](https://startpage.com/en/privacy-policy){ .card-link title="Privacy Policy" }
 [:octicons-info-16:](https://support.startpage.com/hc/categories/4481917470356-Startpage-Search-Engine){ .card-link title=Documentation}
 
-</details>
-
 </div>
 
 Startpage's majority shareholder is System1 who is an adtech company. We don't believe that to be an issue as they have a distinctly separate [privacy policy](https://system1.com/terms/privacy-policy). The Privacy Guides team reached out to Startpage [back in 2020](https://blog.privacyguides.org/2020/05/03/relisting-startpage) to clear up any concerns with System1's sizeable investment into the service, and we were satisfied with the answers we received.
@@ -111,8 +105,6 @@ A [metasearch engine](https://en.wikipedia.org/wiki/Metasearch_engine) aggregate
 [:octicons-server-16:](https://searx.space){ .card-link title="Public Instances"}
 [:octicons-code-16:](https://github.com/searxng/searxng){ .card-link title="Source Code" }
 
-</details>
-
 </div>
 
 SearXNG is a proxy between you and the search engines it aggregates from. Your search queries will still be sent to the search engines that SearXNG gets its results from.

theme/layouts/blog.yml

@@ -14,7 +14,10 @@ definitions:
     {% endif %}
 
   - &page_icon >-
-    {%- if not page.meta.preview or not page.meta.preview.logo -%}
+    {%- if page.meta.preview and page.meta.preview.icon -%}
+      {{- page.meta.preview.icon -}}
+    {%- elif page.meta.preview and page.meta.preview.logo -%}
+    {%- else -%}
       material/book-open-page-variant
     {%- endif -%}
 
@@ -74,6 +77,11 @@ definitions:
       {{- "@privacy_guides" -}}
     {%- endif -%}
 
+  - &replacement_image >-
+    {%- if page.meta.preview and page.meta.preview.cover -%}
+      {{- page.meta.preview.cover -}}
+    {%- endif -%}
+
 # Meta tags
 tags:
   # Open Graph
@@ -158,3 +166,6 @@ layers:
       font:
         family: Bagnard
         style: Bold
+
+  - background:
+      image: *replacement_image