docs!: Move most documentation to forum

Signed-off-by: Jonah Aragon <jonah@privacyguides.org>

.all-contributorsrc

@@ -2986,6 +2986,26 @@
         "promotion",
         "question"
       ]
+    },
+    {
+      "login": "Spirizer",
+      "name": "Spirizer",
+      "avatar_url": "https://avatars.githubusercontent.com/u/51120100?v=4",
+      "profile": "https://github.com/Spirizer",
+      "contributions": [
+        "translation"
+      ]
+    },
+    {
+      "login": "jordbm",
+      "name": "jordbm",
+      "avatar_url": "https://avatars.githubusercontent.com/u/160433264?v=4",
+      "profile": "https://github.com/jordbm",
+      "contributions": [
+        "doc",
+        "maintenance",
+        "security"
+      ]
     }
   ],
   "contributorsPerLine": 5,

.vscode/ltex.dictionary.en-US.txt

@@ -545,3 +545,20 @@ Codeberg
 simple-codeberg
 simple-reddit
 fontawesome-brands-linkedin
+simple-keepassxc
+OnlyKey
+fontawesome-solid-unlock-keyhole
+KeeShare
+KeePassium
+MWEB
+Cyd
+Semiphemeral
+Dangerzone
+simple-activitypub
+ActivityPub
+pseudorandom
+Chaum
+unlinkability
+Kagi
+Secureblue
+pseudonymity

README.md

@@ -611,6 +611,8 @@ Privacy Guides wouldn't be possible without these wonderful people ([emoji key](
       <td align="center" valign="top" width="20%"><a rel="nofollow noopener noreferrer" href="https://github.com/bruch-alex"><img src="https://avatars.githubusercontent.com/u/173354246?v=4" width="100px;" loading=lazy /><br /><sub><b>Alex Bruch</b></sub></a><br /><a href="#translation-bruch-alex" title="Translation">🌍</a></td>
       <td align="center" valign="top" width="20%"><a rel="nofollow noopener noreferrer" href="https://github.com/qiyongzheng"><img src="https://avatars.githubusercontent.com/u/153378707?v=4" width="100px;" loading=lazy /><br /><sub><b>qiyongzheng</b></sub></a><br /><a href="https://github.com/privacyguides/privacyguides.org/commits?author=qiyongzheng" title="Documentation">📖</a></td>
       <td align="center" valign="top" width="20%"><a rel="nofollow noopener noreferrer" href="https://github.com/hashcatHitman"><img src="https://avatars.githubusercontent.com/u/155700084?v=4" width="100px;" loading=lazy /><br /><sub><b>Sam K</b></sub></a><br /><a href="https://github.com/privacyguides/privacyguides.org/commits?author=hashcatHitman" title="Documentation">📖</a> <a href="#promotion-hashcatHitman" title="Promotion">📣</a> <a href="#question-hashcatHitman" title="Answering Questions">💬</a></td>
+      <td align="center" valign="top" width="20%"><a rel="nofollow noopener noreferrer" href="https://github.com/Spirizer"><img src="https://avatars.githubusercontent.com/u/51120100?v=4" width="100px;" loading=lazy /><br /><sub><b>Spirizer</b></sub></a><br /><a href="#translation-Spirizer" title="Translation">🌍</a></td>
+      <td align="center" valign="top" width="20%"><a rel="nofollow noopener noreferrer" href="https://github.com/jordbm"><img src="https://avatars.githubusercontent.com/u/160433264?v=4" width="100px;" loading=lazy /><br /><sub><b>jordbm</b></sub></a><br /><a href="https://github.com/privacyguides/privacyguides.org/commits?author=jordbm" title="Documentation">📖</a> <a href="#maintenance-jordbm" title="Maintenance">🚧</a> <a href="#security-jordbm" title="Security">🛡️</a></td>
     </tr>
   </tbody>
   <tfoot>

blog/.authors.yml

@@ -1,4 +1,8 @@
 authors:
+  aprilfools:
+    name: Anita Key
+    description: Government Liaison
+    avatar: https://github.com/privacyguides.png
   contributors:
     type: Organization
     name: Privacy Guides
@@ -36,6 +40,13 @@ authors:
     name: fria
     description: Team Member
     avatar: https://github.com/friadev.png
+  jordan:
+    name: Jordan Warne
+    description: Video Producer
+    avatar: https://forum-cdn.privacyguides.net/user_avatar/discuss.privacyguides.net/jordan/288/7793_2.png
+    mastodon:
+      username: jw
+      instance: social.lol
   jonah:
     name: Jonah Aragon
     description: Project Director

blog/assets/images/private-european-alternatives/eu-alternatives.svg

@@ -0,0 +1,141 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg width="100%" height="100%" viewBox="0 0 1920 1080" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve" xmlns:serif="http://www.serif.com/" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linejoin:round;stroke-miterlimit:2;">
+    <rect x="0" y="0" width="1920" height="1080" style="fill:rgb(0,51,153);"/>
+    <g transform="matrix(2.55845,0,0,2.55845,597.249,537.627)">
+        <g transform="matrix(1,0,0,1,-24,-24)">
+            <g transform="matrix(2,0,0,2,0,0)">
+                <rect x="0" y="0" width="24" height="24" style="fill:none;fill-rule:nonzero;"/>
+            </g>
+            <g transform="matrix(2,0,0,2,0,0)">
+                <path d="M12.65,10C11.83,7.67 9.61,6 7,6C3.69,6 1,8.69 1,12C1,15.31 3.69,18 7,18C9.61,18 11.83,16.33 12.65,14L17,14L17,18L21,18L21,14L23,14L23,10L12.65,10ZM7,14C5.9,14 5,13.1 5,12C5,10.9 5.9,10 7,10C8.1,10 9,10.9 9,12C9,13.1 8.1,14 7,14Z" style="fill:rgb(255,204,0);fill-rule:nonzero;"/>
+            </g>
+        </g>
+    </g>
+    <g transform="matrix(2.55845,0,0,2.55845,1322.75,537.627)">
+        <g transform="matrix(1,0,0,1,-24,-24)">
+            <g transform="matrix(2,0,0,2,0,0)">
+                <rect x="0" y="0" width="24" height="24" style="fill:none;fill-rule:nonzero;"/>
+            </g>
+            <g transform="matrix(2,0,0,2,0,0)">
+                <g>
+                    <path d="M2,17L22,17L22,19L2,19L2,17ZM3.15,12.95L4,11.47L4.85,12.95L6.15,12.2L5.3,10.72L7,10.72L7,9.22L5.3,9.22L6.15,7.75L4.85,7L4,8.47L3.15,7L1.85,7.75L2.7,9.22L1,9.22L1,10.72L2.7,10.72L1.85,12.2L3.15,12.95ZM9.85,12.2L11.15,12.95L12,11.47L12.85,12.95L14.15,12.2L13.3,10.72L15,10.72L15,9.22L13.3,9.22L14.15,7.75L12.85,7L12,8.47L11.15,7L9.85,7.75L10.7,9.22L9,9.22L9,10.72L10.7,10.72L9.85,12.2ZM23,9.22L21.3,9.22L22.15,7.75L20.85,7L20,8.47L19.15,7L17.85,7.75L18.7,9.22L17,9.22L17,10.72L18.7,10.72L17.85,12.2L19.15,12.95L20,11.47L20.85,12.95L22.15,12.2L21.3,10.72L23,10.72L23,9.22Z" style="fill:rgb(255,204,0);fill-rule:nonzero;"/>
+                </g>
+            </g>
+        </g>
+    </g>
+    <g transform="matrix(2.55845,0,0,2.55845,642.604,709.746)">
+        <g transform="matrix(1,0,0,1,-24,-24)">
+            <g transform="matrix(2,0,0,2,0,0)">
+                <rect x="0" y="0" width="24" height="24" style="fill:none;"/>
+            </g>
+            <g transform="matrix(2,0,0,2,0,0)">
+                <g>
+                    <g>
+                        <path d="M20,18C21.1,18 22,17.1 22,16L22,6C22,4.9 21.1,4 20,4L4,4C2.9,4 2,4.9 2,6L2,16C2,17.1 2.9,18 4,18L0,18L0,20L24,20L24,18L20,18ZM4,6L20,6L20,16L4,16L4,6Z" style="fill:rgb(255,204,0);fill-rule:nonzero;"/>
+                    </g>
+                </g>
+            </g>
+        </g>
+    </g>
+    <g transform="matrix(2.55845,0,0,2.55845,1279.34,709.746)">
+        <g transform="matrix(1,0,0,1,-24,-24)">
+            <g transform="matrix(2,0,0,2,0,0)">
+                <rect x="0" y="0" width="24" height="24" style="fill:none;fill-rule:nonzero;"/>
+            </g>
+            <g transform="matrix(2,0,0,2,0,0)">
+                <path d="M20,13L4,13C3.45,13 3,13.45 3,14L3,20C3,20.55 3.45,21 4,21L20,21C20.55,21 21,20.55 21,20L21,14C21,13.45 20.55,13 20,13ZM7,19C5.9,19 5,18.1 5,17C5,15.9 5.9,15 7,15C8.1,15 9,15.9 9,17C9,18.1 8.1,19 7,19ZM20,3L4,3C3.45,3 3,3.45 3,4L3,10C3,10.55 3.45,11 4,11L20,11C20.55,11 21,10.55 21,10L21,4C21,3.45 20.55,3 20,3ZM7,9C5.9,9 5,8.1 5,7C5,5.9 5.9,5 7,5C8.1,5 9,5.9 9,7C9,8.1 8.1,9 7,9Z" style="fill:rgb(255,204,0);fill-rule:nonzero;"/>
+            </g>
+        </g>
+    </g>
+    <g transform="matrix(2.55845,0,0,2.55845,1144.75,858.679)">
+        <g transform="matrix(1,0,0,1,-24,-24)">
+            <g transform="matrix(2,0,0,2,0,0)">
+                <rect x="0" y="0" width="24" height="24" style="fill:none;fill-rule:nonzero;"/>
+            </g>
+            <g transform="matrix(2,0,0,2,0,0)">
+                <path d="M9,17L7,17L7,10L9,10L9,17ZM13,17L11,17L11,7L13,7L13,17ZM17,17L15,17L15,13L17,13L17,17ZM19.5,19.1L4.5,19.1L4.5,5L19.5,5L19.5,19.1ZM19.5,3L4.5,3C3.4,3 2.5,3.9 2.5,5L2.5,19C2.5,20.1 3.4,21 4.5,21L19.5,21C20.6,21 21.5,20.1 21.5,19L21.5,5C21.5,3.9 20.6,3 19.5,3Z" style="fill:rgb(255,204,0);fill-rule:nonzero;"/>
+            </g>
+        </g>
+    </g>
+    <g transform="matrix(2.55845,0,0,2.55845,776.985,858.679)">
+        <g transform="matrix(1,0,0,1,-24,-24)">
+            <g transform="matrix(2,0,0,2,0,0)">
+                <rect x="0" y="0" width="24" height="24" style="fill:none;fill-rule:nonzero;"/>
+            </g>
+            <g transform="matrix(2,0,0,2,0,0)">
+                <path d="M17,12L12,12L12,17L17,17L17,12ZM16,1L16,3L8,3L8,1L6,1L6,3L5,3C3.89,3 3.01,3.9 3.01,5L3,19C3,20.1 3.89,21 5,21L19,21C20.1,21 21,20.1 21,19L21,5C21,3.9 20.1,3 19,3L18,3L18,1L16,1ZM19,19L5,19L5,8L19,8L19,19Z" style="fill:rgb(255,204,0);fill-rule:nonzero;"/>
+            </g>
+        </g>
+    </g>
+    <g transform="matrix(2.55845,0,0,2.55845,960.869,904.116)">
+        <g transform="matrix(1,0,0,1,-24,-24)">
+            <g transform="matrix(2,0,0,2,0,0)">
+                <rect x="0" y="0" width="24" height="24" style="fill:none;fill-rule:nonzero;"/>
+            </g>
+            <g transform="matrix(2,0,0,2,0,0)">
+                <path d="M19,2L14.82,2C14.4,0.84 13.3,0 12,0C10.7,0 9.6,0.84 9.18,2L5,2C3.9,2 3,2.9 3,4L3,20C3,21.1 3.9,22 5,22L19,22C20.1,22 21,21.1 21,20L21,4C21,2.9 20.1,2 19,2ZM12,2C12.55,2 13,2.45 13,3C13,3.55 12.55,4 12,4C11.45,4 11,3.55 11,3C11,2.45 11.45,2 12,2ZM19,20L5,20L5,4L7,4L7,7L17,7L17,4L19,4L19,20Z" style="fill:rgb(255,204,0);fill-rule:nonzero;"/>
+            </g>
+        </g>
+    </g>
+    <g transform="matrix(2.55845,0,0,2.55845,960.869,175.884)">
+        <g transform="matrix(1,0,0,1,-24,-24)">
+            <g transform="matrix(2,0,0,2,0,0)">
+                <rect x="0" y="0" width="24" height="24" style="fill:none;fill-rule:nonzero;"/>
+            </g>
+            <g transform="matrix(2,0,0,2,0,0)">
+                <path d="M20,4L4,4C2.9,4 2.01,4.9 2.01,6L2,18C2,19.1 2.9,20 4,20L20,20C21.1,20 22,19.1 22,18L22,6C22,4.9 21.1,4 20,4ZM20,8L12,13L4,8L4,6L12,11L20,6L20,8Z" style="fill:rgb(255,204,0);fill-rule:nonzero;"/>
+            </g>
+        </g>
+    </g>
+    <g transform="matrix(2.55845,0,0,2.55845,1144.75,223.173)">
+        <g transform="matrix(1,0,0,1,-24,-24)">
+            <g transform="matrix(2,0,0,2,0,0)">
+                <rect x="0" y="0" width="24" height="24" style="fill:none;"/>
+            </g>
+            <g transform="matrix(2,0,0,2,0,0)">
+                <g>
+                    <g>
+                        <path d="M14,19.88L14,22L16.12,22L21.29,16.83L19.17,14.71L14,19.88Z" style="fill:rgb(255,204,0);fill-rule:nonzero;"/>
+                    </g>
+                    <g>
+                        <path d="M20,8L14,2L6,2C4.9,2 4.01,2.9 4.01,4L4,20C4,21.1 4.89,22 5.99,22L12,22L12,19.05L20,11.05L20,8ZM13,9L13,3.5L18.5,9L13,9Z" style="fill:rgb(255,204,0);fill-rule:nonzero;"/>
+                    </g>
+                    <g>
+                        <path d="M22.71,14L22,13.29C21.61,12.9 20.98,12.9 20.59,13.29L19.88,14L22,16.12L22.71,15.41C23.1,15.02 23.1,14.39 22.71,14Z" style="fill:rgb(255,204,0);fill-rule:nonzero;"/>
+                    </g>
+                </g>
+            </g>
+        </g>
+    </g>
+    <g transform="matrix(2.55845,0,0,2.55845,776.985,223.173)">
+        <g transform="matrix(1,0,0,1,-24,-24)">
+            <g transform="matrix(2,0,0,2,0,0)">
+                <rect x="0" y="0" width="24" height="24" style="fill:none;"/>
+            </g>
+            <g transform="matrix(2,0,0,2,0,0)">
+                <path d="M19.3,16.9C19.7,16.2 20,15.4 20,14.5C20,12 18,10 15.5,10C13,10 11,12 11,14.5C11,17 13,19 15.5,19C16.4,19 17.2,18.7 17.9,18.3L21.1,21.5L22.5,20.1L19.3,16.9ZM15.5,17C14.1,17 13,15.9 13,14.5C13,13.1 14.1,12 15.5,12C16.9,12 18,13.1 18,14.5C18,15.9 16.9,17 15.5,17ZM12,20L12,22C6.48,22 2,17.52 2,12C2,6.48 6.48,2 12,2C16.84,2 20.87,5.44 21.8,10L19.73,10C19.09,7.54 17.33,5.53 15,4.59L15,5C15,6.1 14.1,7 13,7L11,7L11,9C11,9.55 10.55,10 10,10L8,10L8,12L10,12L10,15L9,15L4.21,10.21C4.08,10.79 4,11.38 4,12C4,16.41 7.59,20 12,20Z" style="fill:rgb(255,204,0);fill-rule:nonzero;"/>
+            </g>
+        </g>
+    </g>
+    <g transform="matrix(2.55845,0,0,2.55845,1279.34,365.507)">
+        <g transform="matrix(1,0,0,1,-24,-24)">
+            <g transform="matrix(2,0,0,2,0,0)">
+                <rect x="0" y="0" width="24" height="24" style="fill:none;fill-rule:nonzero;"/>
+            </g>
+            <g transform="matrix(2,0,0,2,0,0)">
+                <path d="M20,2L4,2C2.9,2 2.01,2.9 2.01,4L2,22L6,18L20,18C21.1,18 22,17.1 22,16L22,4C22,2.9 21.1,2 20,2ZM6,9L18,9L18,11L6,11L6,9ZM14,14L6,14L6,12L14,12L14,14ZM18,8L6,8L6,6L18,6L18,8Z" style="fill:rgb(255,204,0);fill-rule:nonzero;"/>
+            </g>
+        </g>
+    </g>
+    <g transform="matrix(2.55845,0,0,2.55845,642.604,365.507)">
+        <g transform="matrix(1,0,0,1,-24,-24)">
+            <g transform="matrix(2,0,0,2,0,0)">
+                <rect x="0" y="0" width="24" height="24" style="fill:none;fill-rule:nonzero;"/>
+            </g>
+            <g transform="matrix(2,0,0,2,0,0)">
+                <path d="M20.5,3L20.34,3.03L15,5.1L9,3L3.36,4.9C3.15,4.97 3,5.15 3,5.38L3,20.5C3,20.78 3.22,21 3.5,21L3.66,20.97L9,18.9L15,21L20.64,19.1C20.85,19.03 21,18.85 21,18.62L21,3.5C21,3.22 20.78,3 20.5,3ZM15,19L9,16.89L9,5L15,7.11L15,19Z" style="fill:rgb(255,204,0);fill-rule:nonzero;"/>
+            </g>
+        </g>
+    </g>
+</svg>

blog/assets/images/the-dangers-of-end-to-end-encryption/fire.svg

@@ -0,0 +1,4 @@
+<svg width="72" height="72" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg" data-reactroot="">
+<path stroke-linejoin="round" stroke-linecap="round" stroke-width="0" stroke="#ffffff" fill="#eb7c0f" d="M12 22C9.28 22 4.57 19.33 4.05 14.99C3.69 11.95 5.51 9.6 6.01 8.99C6.42 11.1 7.53 12.7 8.95 12.99C9.21 13.04 9.54 13.06 9.93 12.99C9.82 10.67 10 6.33 12.86 3C13.17 2.63 13.66 2.3 14 2C14.24 4.64 14.98 6.12 15.8 7C16.91 8.19 18.59 9 19.48 11.28C19.52 11.37 19.63 11.65 19.72 12C20.34 14.38 20.04 17.88 17.76 19.99C15.85 21.76 13.35 22 13 22C12.49 22 12.56 22 12 22Z" transform="translate(2,2)"></path><path stroke-linejoin="round" stroke-linecap="round" stroke-width="1" stroke="#ffffff" fill="none" d="M12 22C9.28 22 4.57 19.33 4.05 14.99C3.69 11.95 5.51 9.6 6.01 8.99C6.42 11.1 7.53 12.7 8.95 12.99C9.21 13.04 9.54 13.06 9.93 12.99C9.82 10.67 10 6.33 12.86 3C13.17 2.63 13.66 2.3 14 2C14.24 4.64 14.98 6.12 15.8 7C16.91 8.19 18.59 9 19.48 11.28C19.52 11.37 19.63 11.65 19.72 12C20.34 14.38 20.04 17.88 17.76 19.99C15.85 21.76 13.35 22 13 22C12.49 22 12.56 22 12 22Z"></path>
+<path stroke-linejoin="round" stroke-linecap="round" stroke-miterlimit="10" stroke-width="0" stroke="#ffffff" fill="#FDD17B" d="M14 16C12.96 17.04 11.41 17.43 10 17C11.13 18.09 12.7 18.5 14 18C16.01 17.24 16.83 14.54 16 13C15.74 12.53 15.36 12.21 15 12C15.43 13.41 15.04 14.96 14 16Z" transform="translate(2,2)"></path><path stroke-linejoin="round" stroke-linecap="round" stroke-miterlimit="10" stroke-width="1" stroke="#ffffff" fill="none" d="M14 16C12.96 17.04 11.41 17.43 10 17C11.13 18.09 12.7 18.5 14 18C16.01 17.24 16.83 14.54 16 13C15.74 12.53 15.36 12.21 15 12C15.43 13.41 15.04 14.96 14 16Z"></path>
+</svg>

blog/posts/age-verification-wants-your-face.md

@@ -0,0 +1,112 @@
+---
+date:
+    created: 2025-05-06T21:45:00Z
+categories:
+    - News
+authors:
+    - em
+description: Age verification laws and propositions forcing platforms to restrict content accessed by children and teens have been multiplying in recent years. The problem is, implementing such measure necessarily requires identifying each user accessing this content, one way or another. This is bad news for your privacy.
+schema_type: AnalysisNewsArticle
+preview:
+  cover: blog/assets/images/age-verification-wants-your-face/ageverification-cover.webp
+---
+
+# Age Verification Wants Your Face, and Your Privacy
+
+![A stylized photo showing a person holding a printed photo of their face in front of their actual face.](../assets/images/age-verification-wants-your-face/ageverification-cover.webp)
+
+<small aria-hidden="true">Photo: Kyle Glenn / Unsplash</small>
+
+Age verification laws and propositions forcing platforms to restrict content accessed by children and teens have been multiplying in recent years. The problem is, implementing such measures necessarily requires identifying each user accessing this content, one way or another. This is bad news for your privacy.<!-- more -->
+
+For a few years now, several legislators in North America, Europe, and Australia have expressed concern about children and teens accessing certain types of content online. While there is no doubt some online content can be worrisome, implementing a technological solution for this is [extremely problematic](https://www.jonaharagon.com/posts/age-verification-is-incompatible-with-the-internet/).
+
+By mandating platforms to be legally responsible to verify a user's age, regulators effectively force them to identify each user requesting access to content deemed inappropriate under a certain age threshold.
+
+If these regulations continue to proliferate, this could lead to the end of pseudonymity online.
+
+## How can age be verified online
+
+Verifying age online is [difficult](https://www.woodhullfoundation.org/fact-checked/online-age-verification-is-not-the-same-as-flashing-your-id-at-a-liquor-store/). There isn't any magical solution to it, it's either recording how a user looks or scanning official documents.
+
+Conducting verification "on-device" offers only few additional protections considering this information still has to be checked and reported with an external service, somehow.
+
+Moreover, processes used to keep this data "on-device" are often opaque. Taking into account how valuable this information is, it becomes very difficult to trust any for-profit third-party services which such a sensitive task.
+
+Users' faces and official documents are two types of very sensitive information. Who becomes responsible to collect, process, store, and safeguard this data? With whom does this data get shared, and for which other purposes? And how accurate is this data anyway?
+
+### Facial scans
+
+Some platforms and third-party providers of the rapidly growing "[identity verification industry](https://www.businessresearchinsights.com/market-reports/digital-identity-verification-market-118180)" have started to use facial recognition and face scan systems in order to determine a user's age.
+
+The problem is, the systems are [horrible for everyone's privacy](https://www.liberties.eu/en/stories/facial-recognition-privacy-concerns/44518), extremely problematic to use due to [racist and gendered biases](https://www.aclu-mn.org/en/news/biased-technology-automated-discrimination-facial-recognition), [inaccurate](https://www.eff.org/deeplinks/2025/01/face-scans-estimate-our-age-creepy-af-and-harmful) to determine the correct age, and on top of all that, [can be cheated](https://www.theregister.com/2022/05/22/ai_in_brief/).
+
+### Official documents
+
+The second solution is to require users to provide an official piece of ID. Considering an official ID often contain a photo, full legal name, date of birth, home address, and government specific codes, this is even worse.
+
+All this sensitive data then gets collected by either the platform itself or a third-party provider with little oversight or incentive to protect this data at all. Leaks and breaches for this enormous data trove are just around the corner. Unfortunately, this isn't speculative, [data leaks have already occurred](https://www.404media.co/id-verification-service-for-tiktok-uber-x-exposed-driver-licenses-au10tix/).
+
+The more copies of your official documents exist online, the greater the risk this data *will get exposed*, and the less value this document has to actually identify you when it's *truly* needed.
+
+And again, this sort of verification is easy to cheat. Any determined teenager will soon learn how to either create a fake ID, use someone else's ID, or go around this verification system in another way.
+
+Age verification laws will *without a doubt* support a flourishing criminal industry to provide fake or stolen IDs even more easily online.
+
+## Where age verification is (or will be) required
+
+In April this year, [Discord started to test age verification systems](https://www.theverge.com/news/650493/discord-age-verification-face-id-scan-experiment) using facial or ID scans, as a way to comply with [Australia](https://www.bbc.co.uk/news/articles/c89vjj0lxx9o)'s and [UK](https://www.theverge.com/2023/10/26/23922397/uk-online-safety-bill-law-passed-royal-assent-moderation-regulation)'s new laws.
+
+This measure only applies to access certain protected posts for users located in Australia and the United Kingdom and at this time, but don't be surprised if it soon gets implemented at the account level for users everywhere.
+
+In the [United States](https://action.freespeechcoalition.com/age-verification-resources/state-avs-laws/), many states have already passed some types of age verification laws, and several others have proposed such laws. In [Canada](https://www.eff.org/deeplinks/2024/09/canadas-leaders-must-reject-overbroad-age-verification-bill) and [Europe](https://digital-strategy.ec.europa.eu/en/funding/call-tenders-development-consultancy-and-support-age-verification-solution), legislators have also been pushing for similar regulations to block content online subject to age verification.
+
+There is no doubt the more countries pass similar prohibitive laws, the more other countries will soon follow.
+
+Some hope however, this month a US federal judge ruled an age verification [law in Arkansas unconstitutional](https://thehill.com/homenews/state-watch/5228836-judge-blocks-social-media-age-verification-law-in-arkansas/).
+
+## Who decides what is sensitive content
+
+When talking about age verification, most assume this only applies to obvious pornographic content. However, many of these laws have [much wider reach](https://www.eff.org/deeplinks/2025/01/impact-age-verification-measures-goes-beyond-porn-sites).
+
+For example, the Australian law prohibits access to social media altogether for anyone under the age of 16. This means that, once the law comes into full effect after its transitional period, anyone who uses social media in Australia will have to prove they are older than this age. It is likely that all Australian users will have to provide some form of identifying data to continue using their social media accounts. **This is a privacy nightmare.**
+
+When laws target specific content, definition of what is appropriate and what isn't is often too broad. Moreover, this definition is subject to change from one administration to another.
+
+There are also wide differences from one country to another. For example, some countries sadly consider simple discussions of gender identity or sexual orientation to be sensitive content. What is deemed inappropriate to children in one culture might not be the same in another.
+
+Automating this sort of censorship leads to a lot of misfiring. There has already been numerous instances of [breastfeeding photos mislabelled](https://www.cbc.ca/news/world/facebook-clarifies-breastfeeding-pics-ok-updates-rules-1.2997124) for nudity. Important educational material for sex education could get censored and inaccessible to children, who critically need access to it *before* adulthood.
+
+Who will decide which content should be censored and which shouldn't? Will countries hosting the big tech platforms end up having a greater decision power in the matter? Will platforms simply decide to apply the strongest level of restriction worldwide?
+
+## Age verification isn't effective
+
+Even if we could somehow find a global consensus that is perfectly ethical and never misfires on which content children shouldn't access, it will likely fail.
+
+Children, and teenagers especially, are and have always been incredibly effective at going around such limitation to feed their curious minds.
+
+First, there are technical tools such as VPNs and proxies of all sort to go around location-based restrictions. Then, there's the classic fake ID, and its modern evolution: deepfake face. There will also be without a doubt a growing market of pre-verified "adult" accounts up for sale online.
+
+Perhaps age verification measures will work for a couple of months, until products to evade it get the word out, then they'll become useless. Only leaving the ashes of your social media legal consenting adult pseudonymity in its path.
+
+## Why it's bad news for everyone's privacy
+
+Age verification will require all platforms and/or third-party identification service providers to collect an enormous trove of sensitive data on everyone.
+
+This goes against all principles of data minimization, generally a vital part of data protection regulations.
+
+Daily occurrences of data breach incidents have taught us we cannot trust these services to safeguard our data. Data breaches for this sensitive information are only a matter of time.
+
+The concentration of such valuable data will likely be monetized and resold either by the platforms themselves, by the for-profit third-party "age assurance" providers they use, or eventually by the criminals who stole it from them.
+
+This data trove will include face scans of children with their location (trying to pass as adults), and faces and official documents from every adult in the world using social media, if this kind of regulation gets implemented at large.
+
+**The privacy and safety implications of this are absolutely disastrous**.
+
+## Age verification is not the solution
+
+Sadly, age verification legislation will not help safeguard children from harmful content online, but it will effectively remove protection for anyone needing pseudonymity online to [stay safe](privacy-means-safety.md). Moreover, it will put everyone at a much greater risk of victimization by identify theft, impersonation, stalking, and worse.
+
+Despite the perhaps well-intended legislators, technological solutions aren't always adequate to solve every problem we have. Here again, education and content moderation are likely much better ways to deal with this sort of issues.
+
+In the meantime, don't be surprised if you cross a teenager on the street suddenly pointing their phone to scan *your* adult face, or a young relative looking in your wallet. They probably won't be looking for your money, but most likely for your adult ID.

blog/posts/encryption-is-not-a-crime.md

@@ -0,0 +1,183 @@
+---
+date:
+    created: 2025-04-11T16:00:00Z
+categories:
+    - Opinion
+authors:
+    - em
+description: Encryption is not a crime, encryption protects all of us. Encryption, and especially end-to-end encryption, is an essential tool to protect everyone online. Attempts to undermine encryption are an attack to our fundamental right to privacy and an attack to our inherent right to security and safety.
+schema_type: OpinionNewsArticle
+preview:
+  cover: blog/assets/images/encryption-is-not-a-crime/encryption-is-not-a-crime-cover.webp
+---
+# Encryption Is Not a Crime
+
+![Photo of a red key on an all black background.](../assets/images/encryption-is-not-a-crime/encryption-is-not-a-crime-cover.webp)
+
+<small aria-hidden="true">Photo: Matt Artz / Unsplash</small>
+
+Contrary to what some policymakers seem to believe, whether naively or maliciously, encryption is not a crime. Anyone asserting encryption is a tool for crime is either painfully misinformed or is attempting to manipulate legislators to gain oppressive power over the people.<!-- more -->
+
+Encryption is not a crime, encryption is a shield.
+
+Encryption is the digital tool that protects us against all sorts of attacks. It is the lock on your digital door preventing harmful intruders from entering your home. Encryption is also the door itself, protecting your privacy and intimacy from creepy eavesdroppers while you go about your life.
+
+It's not a crime to lock your home's door for protection, **why would it be a crime to lock your digital door?**
+
+[Encryption protects you](privacy-means-safety.md) from cyberattack, identity theft, discrimination, doxxing, stalking, sexual violence, physical harm, and much more.
+
+## Who says encryption is a crime
+
+Anyone who is well-informed will find it hard to believe someone could want to sabotage such fantastic protection.
+
+Yet, [year](https://www.wired.com/1993/02/crypto-rebels/) after [year](https://www.wired.com/story/a-new-era-of-attacks-on-encryption-is-starting-to-heat-up/), oppressive regimes and lazy or greedy [law enforcement](https://www.techradar.com/computing/cyber-security/anonymity-is-not-a-fundamental-right-experts-disagree-with-europol-chiefs-request-for-encryption-back-door) entities around the world have attempted to [undermine encryption](https://www.howtogeek.com/544727/what-is-an-encryption-backdoor/) using the pretext this is needed to "solve crime", despite all the experts *repeatedly* warning on how [unnecessary](https://arstechnica.com/tech-policy/2019/08/post-snowden-tech-became-more-secure-but-is-govt-really-at-risk-of-going-dark/) and [dangerous](https://www.globalencryption.org/2020/11/breaking-encryption-myths/) this would be. And this is without accounting for all the countries where encryption is *already* [severely restricted](https://www.gp-digital.org/world-map-of-encryption/), such as Russia, China, India, Iran, Egypt, Cuba, and others.
+
+Whether breaking encryption is brought up naively by misinformed authorities, or as a disguised excuse for mass surveillance is up for debate.
+
+Nevertheless, the result is the same: An attempt to destroy **a tool we all need to stay safe**.
+
+## Encryption is a protective shield
+
+Encryption, moreover end-to-end encryption, is a tool we all use in our digital life to stay safe.
+
+In today's world, the boundary between online and offline life is largely dissolved. Almost everything we do "offline" has a record of it "online". Online life is regular life now. It's not just your browsing history.
+
+Your medical record from a visit at the clinic, your purchase transaction from a trip to the store, your travel photos saved in the cloud, your text conversations with your friends, family, and children, are all likely protected with encryption, perhaps even with *end-to-end* encryption.
+
+Such a large trove of personal data needs to be protected against eavesdropping and malicious attacks for everyone to stay safe.
+
+Encryption offers this protection. End-to-end encryption all the more.
+
+## What is end-to-end encryption, and what is the war against it
+
+End-to-end encryption is a type of encryption where only the intended recipient(s) have the ability to decrypt (read) the encrypted data.
+
+This means that if you send a message through [Signal](https://signal.org/) for example, only the participants to this conversation will be able to read the content of this conversation. Even Signal cannot know what is being discussed on Signal.
+
+This greatly annoys some over-controlling authorities who would like to be granted unlimited power to spy on anyone anytime they wish, for vaguely defined purposes that could change at any moment.
+
+End-to-end encryption can also mean a situation where you are "both ends" of the communication.
+
+For example, when enabling Apple's [Advanced Data Protection for iCloud](https://support.apple.com/en-ca/guide/security/sec973254c5f/web) (ADP), it activates end-to-end encryption protection for almost all of iCloud data, including photos. This means that even Apple could not see your photos, or be forced to share your photos with a governmental entity.
+
+Without ADP, Apple can read or share your photos (or other data) if they are legally compelled to, or if they feel like it. The same is true for Google's services, Microsoft's services, and any other online services that aren't end-to-end encrypted.
+
+This is at the root of the latest attack on encryption:
+
+In February this year, it was reported that [Apple was served with a notice](uk-forced-apple-to-remove-adp.md) from the UK's Home Office to force it to break ADP's end-to-end encryption. In response, Apple removed access to ADP from the UK entirely, making this protection unavailable to UK residents.
+
+Do not mistakenly think this attack is limited to the UK and Apple users, however. If this regulation notice or a similar one gets enforced, it would **impact the whole world.** Other countries would likely soon follow, and other services would likely soon get under attack as well.
+
+Moreover, do not feel unaffected just because you use end-to-end encryption with [Signal](https://www-svt-se.translate.goog/nyheter/inrikes/signal-lamnar-sverige-om-regeringens-forslag-pa-datalagring-klubbas?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp) or [Proton](https://www.techradar.com/vpn/vpn-privacy-security/secure-encryption-and-online-anonymity-are-now-at-risk-in-switzerland-heres-what-you-need-to-know) services instead of Apple, they are both **under attack** as well in this war.
+
+Just in recent years, the war against encryption has affected the [US](https://www.eff.org/deeplinks/2023/04/earn-it-bill-back-again-seeking-scan-our-messages-and-photos), the [UK](https://www.bbc.co.uk/news/articles/cgj54eq4vejo), [Sweden](https://www.globalencryption.org/2025/04/joint-letter-on-swedish-data-storage-and-access-to-electronic-information-legislation/), [France](https://www.laquadrature.net/en/warondrugslaw/), [Australia, New Zealand, Canada, India, Japan](https://www.theverge.com/2020/10/12/21513212/backdoor-encryption-access-us-canada-australia-new-zealand-uk-india-japan), and all the European Union countries with proposals such as [Chat Control](the-future-of-privacy.md/#chat-control-wants-to-break-end-to-end-encryption).
+
+## The arguments given to break encryption make no sense
+
+Authoritarian entities generally use the same populist excuses to justify their senseless demands. "Protecting the children" is always a fashionable disingenuous argument.
+
+Because no one would disagree that protecting the children is important, it is often used as an attempt to deceitfully make an irrefutable argument to justify breaking encryption.
+
+The problem is, **breaking encryption doesn't protect the children**, it [endangers](https://www.theguardian.com/technology/2022/jan/21/end-to-end-encryption-protects-children-says-uk-information-watchdog) them.
+
+When law enforcement officials claim they need to be able to read everyone's messages and see everyone's personal photos to be able to fight child predators, they seem to neglect that:
+
+- This means they will expose the children's messages, contact information, locations, and photos in the process, potentially *endangering the children further*.
+
+- Exposing everyone's data will make this data much more likely to be found and exploited by criminals, making *everyone* more vulnerable to attacks.
+
+- Predators will simply move to underground channels, [unbothered](https://www.schneier.com/blog/archives/2015/07/back_doors_wont.html).
+
+They use the same kind of deceptive argument trying to justify weakening the protections we have to supposedly catch "criminals" and "terrorists".
+
+Of course the exact definition of what is a "criminal" or a "terrorist" is always vague and subject to change. In the past, human rights activists and authoritarian regime dissidents have been labeled as such, climate change activists as well, LGBTQ+ people even in some countries. Maybe next year this label will include "DEI advocates", who knows where they draw the line and what can be considered a "criminal" worth spying on.
+
+You *cannot* remove everyone's right to privacy and protection from harm while pretending it is to protect them. No one who is well-informed and well-intended could possibly consider this a smart thing to do.
+
+**An attack on end-to-end encryption isn't an attack on criminals, it's an attack on all of us.**
+
+## Magical backdoor only for "the good guys" is a complete fantasy
+
+Let's say the strategy is akin to creating a MagicalKey that unlocks every door (a magical key because thinking encryption backdoors would only be used by "the good guys" is a great example of [magical thinking](https://www.britannica.com/science/magical-thinking)).
+
+Imagine, for the sake of this exercise, the MagicalLock for this MagicalKey is impossible to pick, and imagine only police officers have MagicalKeys. Let's say one thousand police officers each have a MagicalKey.
+
+They argue they need to be able to unlock anyone's door if they suspect a crime is happening inside. "It's for safety!"
+
+Overtime, let's say only 1% of the police officers accidentally lose their MagicalKey. This kind of things happen. Now 10 MagicalKeys are lost in the wild and could be used by anyone else, for any purposes, including crime.
+
+Then, let's say only 0.1% of police officers get corrupted by a crime gang. That's just one right? This corrupted "good guy" lets the gang create a double of the MagicalKey. Which crime gang wouldn't want a key that can magically open any door? They pay the police officer good money for this. It's an investment.
+
+Now, the gang creates doubles of the MagicalKey they have. They obfuscate its serial number, so it cannot be traced back to them. They use it subtly at first to avoid detection. They make sure they never leave traces behind, so victims have no idea their door got unlocked.
+
+During this time, they steal your data, they sell it, they use it to impersonate you, they use it to harm you and your loved ones.
+
+Then, another criminal figures out on their own how to emulate a MagicalKey without even having access to one. The criminal creates a reproducible mold for this Emulated-MagicalKey and sells it to other criminals on the criminal market. Now, the MagicalKey™️ is available to any criminals looking for it. Restrictions on the backdoor are off. **Your personal data is up for grabs.**
+
+This is what is going to happen if backdoors are implemented in end-to-end encryption. But don't worry they say, "it's only for the good guys!".
+
+At least, the criminals' data will also be up for grabs, right?
+
+Nope! The criminals knew about this, so they just started using different channels that weren't impacted. Criminals will have their privacy intact, they don't care about using illegal tools, but **your legal privacy protections will be gone**.
+
+*Backdoored* end-to-end encryption isn't end-to-end anymore, it's just open-ended encryption. This offers pretty much no protection at all.
+
+## Ignoring experts doesn't make facts disappear
+
+Where is the opposition to this? Where are the experts pushing against this nightmare? Everywhere.
+
+Thankfully, opposition has been strong, despite the relentless ignorance or malevolence from authoritarian authorities repeatedly pushing against encryption.
+
+Many people and groups have been fighting valiantly to defend our collective right to privacy and security. Countless experts have patiently taken the time to explain [again](https://signal.org/blog/uk-online-safety-bill/) and [again](https://www.globalencryption.org/2020/10/cdt-gpd-and-internet-society-reject-time-worn-argument-for-encryption-backdoors/) and [again](https://www.schneier.com/wp-content/uploads/2016/09/paper-keys-under-doormats-CSAIL.pdf) how an encryption backdoor only for "the good guys" is simply impossible.
+
+Weakening encryption to let "the good guys" enter, lets *anyone* enter, including criminals. There is no way around this.
+
+Seemingly ignoring warnings and advice from the most respected specialists in the field, authoritarian officials continue to push against encryption. So much so that it has become difficult to assume good intent misguided by ignorance at this point.
+
+Unfortunately, ignoring the experts or silencing the debate will not make the facts magically disappear.
+
+In an encouraging development this week, Apple [won a case](https://www.bbc.co.uk/news/articles/cvgn1lz3v4no) fighting an attempt from the UK Home Office to hide from the public details of their latest attack on encryption.
+
+This battle and all battles to protect our privacy rights, *must* be fought is broad daylight, for all to see and to support.
+
+## Fight for encryption rights everywhere you can
+
+The war against encryption isn't anything new, it has been happening for decades. However, the quantity of data, personal and sensitive data, that is collected, stored, and shared about us is much larger today. It is essential we use the proper tools to secure this information.
+
+This is what have changed, and what is making encryption and end-to-end encryption even more indispensable today.
+
+Mass surveillance will not keep us safe, it will endanger us further and damage our democracies and freedoms in irreparable ways.
+
+We must fight to keep our right to privacy, and use of strong end-to-end encryption to protect ourselves, our friends, our family, and yes also to protect the children.
+
+### How can you support the right to encryption?
+
+- [x] Use end-to-end encryption everywhere you can.
+
+- [x] Talk about the benefits of end-to-end encryption to everyone around you, especially your loved ones less knowledgeable about technology. Talk about how it is essential to protect everyone's data, including the children's.
+
+- [x] Use social media to promote the benefits of end-to-end encryption and post about how it protects us all.
+
+- [x] Write or call your government representatives to let them know you care about end-to-end encryption and are worried about dangerous backdoors or chat control proposals.
+
+- [x] Support organizations fighting for encryption, such as:
+
+    - [Global Encryption Coalition](https://www.globalencryption.org/)
+
+    - [Open Rights Group](https://www.openrightsgroup.org/campaign/save-encryption/)
+
+    - [Fight For The Future](https://www.makedmssafe.com/)
+
+    - [Signal app](https://signal.org/donate/)
+
+    - [Internet Society](https://www.internetsociety.org/open-letters/fix-the-take-it-down-act-to-protect-encryption/)
+
+    - [Electronic Frontier Foundation](https://www.eff.org/issues/end-end-encryption)
+
+    - [Privacy Guides](https://www.privacyguides.org/en/about/donate/) 💛
+
+Finally, have a look at our [recommendations](https://www.privacyguides.org/en/tools/) if you want to start using more tools protecting your privacy using end-to-end encryption.
+
+This is a long war, but the importance of it doesn't allow us to give up.
+
+We must continue fighting for the right to protect our data with end-to-end encryption, **we owe it to ourselves, our loved ones, and the future generations.**

blog/posts/hide-nothing.md

@@ -24,7 +24,7 @@ On the surface, this seems true to many people – but the reality is very diffe
 
 In the end it only convicted one person.
 
-Now, many have argued that stopping one terrorist might be worth giving up some security for, but [according](https://www.aclu.org/issues/national-security/privacy-and-surveillance/surveillance-under-patriot-act) to the ACLU, the conviction would have occurred without the Patriot Act.
+Now, many have argued that stopping one terrorist might be worth giving up some security for, but [according](https://web.archive.org/web/20230318132243/https://www.aclu.org/issues/national-security/privacy-and-surveillance/surveillance-under-patriot-act) to the ACLU, the conviction would have occurred without the Patriot Act.
 
 Many legal actions you take today could be deemed illegal by future laws or future government. In the US today there is discussion around the possibility of Roe v. Wade being overturned, allowing states to outlaw abortions. You may not currently feel the need to hide internet searches, menstrual cycle apps, or donations to women's health clinics today because it's not illegal, but tomorrow that information could be used against you.
 

blog/posts/in-praise-of-tor.md

@@ -0,0 +1,420 @@
+---
+date:
+    created: 2025-04-30T20:30:00Z
+    updated: 2025-05-06T18:00:00Z
+categories:
+    - Explainers
+tags:
+    - Tor
+authors:
+    - em
+description: You might have heard of Tor in the news a few times, yet never dared to try it yourself. Despite being around for decades, Tor is still a tool too few people know about. Today, Tor is easy to use for anyone. It not only helps journalists and activists, but anybody who seeks greater privacy online or access to information regardless of location. But what is Tor exactly? How can Tor help you? And why is it such an important tool?
+schema_type: OpinionNewsArticle
+preview:
+  cover: blog/assets/images/in-praise-of-tor/tor-cover.webp
+---
+
+# In Praise of Tor: Why You Should Support and Use Tor
+
+![The Tor Project logo over a series of Tor icons on a purple background.](../assets/images/in-praise-of-tor/tor-cover.webp)
+
+<small aria-hidden="true">Illustration: Em / Privacy Guides | Logo and icons: The Tor Project</small>
+
+You might have heard of Tor in the news a few times, yet never dared to try it yourself. Despite being around for decades, Tor is still a tool too few people know about.
+
+Today, Tor is easy to use for anyone. It helps not only journalists and activists, but anybody who seeks greater privacy online or access to information regardless of location. But what is Tor exactly? How can Tor help you? And why is it such an important tool?<!-- more -->
+
+## :simple-torbrowser: What is Tor
+
+Tor is an overlay network that was specifically designed to protect the privacy of its users. The Tor Network uses multiple layers of encryption and relays in order to protect a person's location and other potential identifiers, such as an IP address.
+
+Its name comes from the acronym for **The Onion Router**, a [routing system](https://en.wikipedia.org/wiki/Onion_routing) using multiple layers that can get peeled off at each step, like an onion 🧅
+
+This special network can be easily accessed by anyone, for free, through the Tor Browser. The Tor Browser is as easy to use as any other browser you are familiar with already.
+
+Both the tools for the Tor Network and the Tor Browser are maintained by a nonprofit organization called the Tor Project.
+
+### The Tor Network
+
+The [Tor Network](https://en.wikipedia.org/wiki/Tor_(network)) was deployed in 2002, although its core principle was developed in the mid 1990s. It was first created at the United States Naval Research Laboratory in order to protect intelligence communication online.
+
+In 2004, the laboratory released the project's code under a free and open source license, and the Electronic Frontier Foundation (EFF) began funding its development. A few years later, the onion routing project officially became the Tor Project.
+
+Today, Tor is one of the [largest](https://metrics.torproject.org/) anonymity networks, with thousands of relays and millions of users worldwide.
+
+#### How does it work
+
+The Tor Network is run by a community of volunteers who operate the relays required for the network to function.
+
+Each time someone uses the Tor Network, the communication passes through at least 3 relays: A Guard Relay, a Middle Relay, and an Exit Relay. Each relay has a different function to protect the communication.
+
+**The Guard Relay** knows where the communication is from (IP address), but doesn't know where it's going (which website is visited, for example). This relay only knows that you want to access the Tor Network. Its task is to send your encrypted communication to a Middle Relay, but it cannot read it.
+
+**The Middle Relay** doesn't really know anything. It doesn't know who you are nor where you are going. It only knows a Guard Relay wants to send encrypted data to an Exit Relay. The Middle Relay transfers this communication from one relay to another, and it cannot read it either.
+
+**The Exit Relay** has no idea who you are. It only knows someone, somewhere, wants to access this website (or other content). The Exit Relay will get the information from the website, then send it back to the Middle Relay, so that you can receive it from the Guard Relay. If you only visit pages using HTTPS, the Exit Relay can know someone is visiting this website, but cannot know what they are doing on it. Visiting *non-onion* websites using HTTPS instead of just HTTP is **[very important](https://support.torproject.org/https/https-1/)** for security and privacy.
+
+<div class="admonition info" markdown>
+<p class="admonition-title">Onion service websites</p>
+
+Onion service websites are special websites that can only be accessed using the Tor Network.
+
+They are easy to recognize because they use the .onion domain at the end, and are often composed of a long string of seemingly random characters. Onion websites offer protections equivalent to HTTPS.
+
+You can see this represented by the [onion padlock icon](https://support.torproject.org/onionservices/onionservices-5/) in the Tor Browser.
+
+</div>
+
+#### How Tor works using a letter and envelopes analogy
+
+Tor works a bit as if you put a letter (request) into an envelope with someone's address. Then, you put this envelope in another envelope addressed to someone else, with instructions. Finally, you put this second envelope in yet another one.
+
+Each envelope protects the content of the other, and can only be opened one at the time by each recipient. In this analogy, each recipient (relay) has a key that can only open the envelope addressed to them, and not the others.
+
+![Graphic representation of a Tor Circuit composed of a Guard Relay, a Middle Relay, and an Exit Relay using a letter and envelopes analogy.](../assets/images/in-praise-of-tor/tor-diagram.webp)
+<small aria-hidden="true">Illustration: Em / Privacy Guides</small>
+
+#### What is a Tor Circuit
+
+The network of randomly selected relays to complete a request on the Tor Network is called a Tor Circuit. This circuit changes each time a new connection is established.
+
+From the Tor Browser, you can see each relay that was selected for a circuit, and even change it manually. To generate a new circuit, click on the "Tor Circuit" button on the upper-left of the browser, then on "New Tor circuit for this site" at the bottom.
+
+![Screenshot from the Tor Browser showing a popup window from the Tor Circuit button.](../assets/images/in-praise-of-tor/tor-torcircuit.webp)
+
+### The Tor Browser
+
+The [Tor Browser](https://www.torproject.org/download/) was created in 2008 to facilitate access to the Tor Network. It is a modified version of Mozilla's Firefox browser, and can be installed on Linux, macOS, Windows, and Android systems.
+
+The Tor Browser start configuration is private by default. No additional extensions are required to make it more secure or more private. Actually, it's even discouraged to install any additional extensions, as this would weaken its [fingerprinting resistance](https://blog.torproject.org/browser-fingerprinting-introduction-and-challenges-ahead/).
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Highest security settings</p>
+
+Even if the Tor Browser is configured to be private by default, if you are in an especially sensitive situation, for example if you are using Tor as a whistleblower or a dissident activist, you might want to adjust the Tor Browser security level to "Safest".
+
+For this, click on the shield icon on the upper-right, then on the "Settings" button in blue, and select "Safest" instead of the default "Standard".
+
+**Important:** Each time you change the security level, you **must** make sure to restart the browser to ensure all changes have taken effect. Otherwise, [some changes](tor-security-slider-flaw.md) might not have been applied yet.
+
+</div>
+
+![Screenshot from the Tor Browser showing a warning from the SecureDrop website to adjust Tor security level to Safest.](../assets/images/in-praise-of-tor/tor-safestsetting.webp)
+
+The default search engine is the privacy-focused [DuckDuckGo](https://www.privacyguides.org/en/search-engines/#duckduckgo). You will not even find Google in the options for the default search engine. More browsers should follow this good practice.
+
+The first page opening with the Tor Browser will give the option to Connect to Tor. From there, you can click on "Connect" to start browsing through Tor, or on "Configure Connection" if you need additional settings. For example, if you need to set up a [Bridge](https://bridges.torproject.org/) because Tor is blocked from your country.
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Only connect to Tor if it is safe for you</p>
+
+Be careful when using Tor from a country where Tor might be blocked or perceived as suspicious. Similarly, be careful if you connect from a location where revealing you have been using Tor [could](#depending-on-where-you-are-using-tor-is-likely-safe) be dangerous to you.
+
+</div>
+
+![Screenshot from the Tor Browser showing the "Connect to Tor" welcome page.](../assets/images/in-praise-of-tor/tor-torbrowser.webp)
+
+Once connected to the Tor Network, you will be directed to the DuckDuckGo welcome page, and you can search or type any URLs in the address bar, like you would with any other browser.
+
+If you know an organization has an onion site (a website that is only accessible through Tor), you can type this onion address directly in the address bar.
+
+If you don't know if an organization has an onion site, you might find it from its regular URL. For example, if you visit privacyguides.org from the Tor Browser, you will notice a purple button on the right informing you that an onion version of this website is available, click on it to get redirected to it.
+
+![Screenshot from the Tor Browser showing the Privacy Guides website with an onion available purple button right to the address bar.](../assets/images/in-praise-of-tor/tor-privacyguides.webp)
+
+<div class="admonition info" markdown>
+<p class="admonition-title">Mullvad Browser and the Tor Project</p>
+
+If you are familiar with the Mullvad Browser, know that the Mullvad Browser was developed by the Tor Project team!
+
+The Mullvad Browser was born of a [collaboration](https://blog.torproject.org/releasing-mullvad-browser/) between Mullvad VPN and the Tor Project, to build a browser that offers similar privacy features to the Tor Browser, but while using it through a VPN instead of through the Tor Network (both offering different benefits).
+
+The Mullvad Browser can also be used without a VPN, and will still provide better privacy protections than most other browsers. It cannot be used to access the Tor Network, however.
+
+</div>
+
+### The Tor Project
+
+The [Tor Project](https://www.torproject.org/) is the US-based nonprofit organization maintaining the software and community for the Tor Network, and developing and maintaining the Tor Browser. It's also a privacy advocacy organization, with a mission to advance human rights and freedoms around the world through the free technology it creates.
+
+The nonprofit was founded in 2006 and gets its funding from [various sources](https://www.torproject.org/about/supporters/) including government grants, independent contributors, and individual [donations](https://donate.torproject.org/).
+
+## :octicons-lock-16: What Tor can do
+
+### Improve Privacy
+
+Tor is not magical, but it's by far one of the best privacy tool we have. Using Tor will not make you perfectly anonymous online, but it will greatly reduce the traces your leave online.
+
+Here are a few benefits Tor can provide for your privacy:
+
+- Tor can prevent the websites you are visiting from collecting your IP address (and your IP address can indeed lead to identifying *you*).
+
+- Tor can prevent your Internet Service Provider (ISP), Virtual Private Network (VPN) provider, or authorities requesting information from them to collect a list of the websites you have visited. They will know however that you have been using Tor.
+
+- The Tor Browser isolates each website you visit. This prevents ads and trackers from following you around, potentially popping up later in your [Facebook ads and accidentally outing you](https://www.intomore.com/culture/you/facebook-ads-outed-me/).
+
+- The Tor Browser is fingerprinting resistant. This reduces the ways you can be tracked and identified online, even without your IP address.
+
+- When keeping the default settings, the Tor Browser only uses private windows and will not keep any traces of your browsing history. It will also delete all cookies and site data when closing.
+
+### Circumvent censorship
+
+Because of how the Tor Network redirects traffic, it's a perfect tool to resist censorship. Using Tor can give access to websites or services that aren't accessible from a country blocking them.
+
+Even from a region where Tor itself is actively blocked, the network can still be accessed using [pluggable transports](https://tb-manual.torproject.org/circumvention/).
+
+Using this type of measures to circumvent government censorship will make Tor accessible even from countries with heavily censored internet, such as [China](https://support.torproject.org/censorship/connecting-from-china/), [Russia](https://blog.torproject.org/call-for-webtunnel-bridges/), [Iran](https://forum.torproject.org/t/iran-circumventing-censorship-with-tor/4590), and many others.
+
+<div class="admonition question" markdown>
+<p class="admonition-title">If you can't download the Tor Browser from your country</p>
+
+If you cannot download the Tor Browser because of your country's censorship, and **if it is safe for you to do**, you can try downloading the browser from a proxy website such as the [EFF website](https://tor.eff.org/), the [Calyx Institute website](https://tor.calyxinstitute.org/).
+
+You can even directly email **<gettor@torproject.org>** and send the name of your operating system (Linux, macOS, Windows) to get a direct link to download the Tor Browser.
+
+</div>
+
+If you want to help people around the world access the internet freely, you can volunteer to run a [Tor Snowflake](https://snowflake.torproject.org/) proxy. For more tech-savvy volunteers, you can also help by running a [Tor Bridge](https://community.torproject.org/relay/setup/bridge/), or even a [WebTunnel Bridge](https://community.torproject.org/relay/setup/webtunnel/).
+
+## :octicons-heart-16: Why Tor is so important
+
+### Tor is vital for human rights and democracy
+
+Tor is an essential tool for journalists, activists, whistleblowers, dissidents, and people in vulnerable situations everywhere. It is one of the best tool we have to increase privacy online, and to resist censorship from oppressive regimes.
+
+Thanks to Tor, activists have a safe way to continue fighting for human rights.
+
+Some of the most respected human rights organizations use Tor to offer safe access to their services and information. This includes organizations such as [Amnesty International](https://www.amnesty.org/en/latest/news/2023/12/global-amnesty-international-website-launches-on-tor-network-to-help-universal-access/), [Electronic Frontier Foundation](https://www.eff.org/deeplinks/2023/04/eff-now-has-tor-onions), Freedom of The Press Foundation, and of course the Tor Project.
+
+Without Tor, journalists would lose invaluable sources of information provided by courageous whistleblowers reporting in the public interest.
+
+Without Tor, brave citizens fighting against authoritarian governments would be at much greater risk when organizing and bringing vital information to the public's attention.
+
+Without Tor, victims of domestic violence and LGBTQ+ people living in hostile environments could be in much greater danger when researching life-saving information online.
+
+Without Tor, people living in oppressive regimes would not have access to the crucial information they need to fight for freedom, democracy, and peace.
+
+<div class="admonition success" markdown>
+<p class="admonition-title">Add an onion service for your organization's website</p>
+
+If you would like to add this service for your website to help more people access it safely, you can [read more](https://blog.torproject.org/more-onions-porfavor/) about onion services on the Tor Project Blog. As of 2021, you can even [get](https://blog.torproject.org/tls-certificate-for-onion-site/) domain-validated certificates for your onion site using HARICA, an operator founded by a nonprofit civil society from Greece.
+
+</div>
+
+### Tor is for everyone to use
+
+Tor is a tool that can help so many people. But Tor isn't *only* for people in highly sensitive situations like whistleblowers and journalists, Tor is for everyone!
+
+Of course, people in more dangerous situations will *need* Tor to stay safe, but everyone can benefit from Tor's privacy protections in their daily lives. I personally use Tor when I am forced to visit Google Map. Not because it's dangerous to me, but just because I greatly dislike the idea of Google tracking my location activities.
+
+Tor can also help fighting surveillance capitalism!
+
+Moreover, you can considerably help people in dangerous situations by using Tor for trivial reasons like I do.
+
+By using Tor for banal activities, when you aren't in any danger worse than a nasty ad-attack, you help to normalize the use of Tor and add more noise to the traffic. The more people do this, the more using Tor becomes just something people do when they care about privacy online, and nothing more.
+
+### Who uses Tor?
+
+- Anyone who cares about privacy!
+- Journalists who need to conduct research and protect their sources.
+- Whistleblowers using special websites to communication information to newspapers anonymously.
+- Democracy activists fighting against authoritarian governments who require anonymity online to stay safe from persecution.
+- People living under oppressive regimes who need to circumvent their country's censorship to access information freely.
+- Victims of domestic violence who need to research safe shelters and supportive resources without raising suspicion from their aggressor.
+- LGBTQ+ people living in hostile environments who need to access information online and stay connected with their community.
+- Generous people who want to [help and support](https://blog.torproject.org/support-tor-project-share-your-story/) all the above 💜
+
+The Tor community has gathered this [wonderful collection of anonymous user stories](https://community.torproject.org/outreach/stories/) from people describing why they use Tor.
+
+### Tor is critical public infrastructure
+
+To keep Tor strong for everyone, it's essential to support and grow the network of volunteer-operated relays forming the Tor Network.
+
+Thousands of journalists and activists rely on the Tor Network every day to stay safe and to continue their important work.
+
+Furthermore, **countless privacy-oriented projects depend on the Tor Network**.
+
+To name only a few, the messaging applications [Briar](https://briarproject.org/), [Cwtch](https://docs.cwtch.im/), and [SimpleX](https://simplex.chat/) all use Tor to harden some of their privacy-preserving features.
+
+For whistleblowers to stay safe, both [SecureDrop](https://securedrop.org/) and [Hush Line](https://hushline.app/) use the Tor Network. Many [newsrooms around the world](https://securedrop.org/directory/) host onion services to protect sources, such as The Guardian in the UK, CBC in Canada, ProPublica in the US, and many more.
+
+There's also all the applications protecting people with the highest needs such as [Tails](https://tails.net/), [OnionShare](https://onionshare.org/), and [more](https://github.com/Polycarbohydrate/awesome-tor).
+
+**Losing the Tor Network would mean losing all the applications and features relying on it.**
+
+This would be disastrous for the privacy community, journalists, activists, dissidents, victims of domestic violence, LGBTQ+ population, and so many worldwide.
+
+From a human rights perspective, **we simply cannot afford to lose Tor**.
+
+## :octicons-question-16: Things to consider when using Tor
+
+### Tor compared to VPN protections
+
+When using a VPN, your ISP will not know which websites you visit online (or other activities). Your ISP will see that you are connecting to a VPN, but will not know what you do from there. Your VPN however *could* know which websites you visit. Using a VPN is a transfer of trust from your ISP. When using a VPN, you should always trust your VPN provider more than your ISP.
+
+The websites you visit will see the IP address of your VPN provider instead of yours. This can help protect your identity and location, but they will know this connection uses a VPN.
+
+VPNs can offer great benefits for your privacy. However, if your VPN provider was compelled by law to provide the logs of the websites you visited (or will visit), it is *technically* possible to do for them.
+
+When using the Tor Network correctly, no one knows which websites *you visited*, or other services you accessed. Your ISP or VPN provider will only know you have accessed Tor, but will not know which websites you have visited from there. Even if compelled by law, they could only share that you have accessed Tor, at this specific time.
+
+The websites you have visited also won't know who you are (unless you tell them). They will only know someone accessed their websites through Tor, at this specific time.
+
+The relays used for a Tor Circuit cannot alone re-recreate the link between your IP address and the websites you visit either. This offers much stronger protection for your privacy than a VPN does.
+
+### Who knows you are using Tor
+
+When using the Tor Network, your ISP and the Guard Relay will both know you (the IP address you are using) are using Tor.
+
+To prevent this, you [could](https://www.privacyguides.org/en/advanced/tor-overview/#safely-connecting-to-tor) use Tor from a [trustworthy VPN](https://www.privacyguides.org/en/vpn/).
+
+If you do so, your VPN provider will know you are using Tor, but your ISP will not. Your ISP will only see you are accessing your VPN, and the Tor Guard Relay will see your VPN's IP address instead of yours.
+
+### HTTPS for non-onion websites
+
+The Exit Relay from the Tor Circuit will see someone is accessing this website (or other service).
+
+If you were to use Tor to visit a non-onion website that isn't protected with HTTPS, and log in with your credentials, this Exit Relay *could* technically read this information. Using HTTPS with non-onion websites is *very* important when using Tor. Onion sites offer protections that are equivalent to HTTPS.
+
+### Be careful with files when using Tor
+
+While it's safe to visit secured websites through Tor, be careful when downloading files or opening documents.
+
+Depending on what kind of files it is, there are a number of problems that could arise. For example, it's a [bad idea](https://blog.torproject.org/blog/bittorrent-over-tor-isnt-good-idea) to download torrent files over Tor. Additionally, Tor will not protect you from downloading malware or exposing metadata with shared files.
+
+If you need to share files through Tor with a *trusted* contact, [OnionShare](https://www.privacyguides.org/en/file-sharing/#onionshare) is a good option.
+
+## :octicons-stop-16: Addressing misconceptions
+
+There has been misconceptions floating around about Tor. Most of them repeat similar misinformation attributed to many other privacy tools: Why using this if you have nothing to hide? But this argument is incredibly flawed and comes from a naive understanding of privacy rights and needs.
+
+Most people use privacy tools for protection, and everyone needs protection. Moreover, [privacy is a fundamental right](https://www.privacyguides.org/videos/2025/04/17/is-privacy-dead/) intrinsically connected to democracy and civil liberties.
+
+### The dark web, the deep web, and the surface web
+
+Some misconceptions have spread from confusion on what the *deep* web and the *dark* web are. Because yes, Tor is part of the dark web.
+
+While using the term "dark web" might make for great sensationalist news title, the dark web isn't anything to fear.
+
+It's not "dark" as in "dark intent" or the "dark side of the Force". It's really just dark as in "it's so dark on this road, I can't read the addresses around".
+
+This dark web needs special software, configuration, or authorization to access it. For example, **the Tor Browser is the streetlight you need to navigate on the Onion roads**.
+
+If you use Tor to visit the Privacy Guides onion site, you will be using the dark web. It's a website (or website version) that can only be accessed using a specialized tool. That's it!
+
+The dark web is part of the deep web, which is simply all the online information that isn't indexed by any standard web search engines. Aren't you happy your bank account is on the deep web?
+
+![Illustration of an iceberg where the tip above water represents the surface web, the part underwater represents the deep web, and the part under the iceberg represents the dark web.](../assets/images/in-praise-of-tor/tor-darkweb.webp)
+<small aria-hidden="true">Illustration: Em / Privacy Guides | Inspired by: [Ranjithsiji](https://commons.wikimedia.org/wiki/File:Iceberg_of_Webs.svg)</small>
+
+### Criminals use envelopes, doors, and clothing too
+
+Some fear that Tor is used by criminals. While that might be true some criminals use Tor, a lot of people who aren't criminals at all also use Tor.
+
+This kind of argument really leads nowhere. Criminals also use Google, Facebook, and Twitter (a lot actually). Criminals use envelopes to hide their ransom letters, closed doors to hide their crimes, and clothing to conceal weapons! Are we going to forbid clothing because some (all?) criminals use clothing to hide their weapons?
+
+**We shouldn't ban clothing, and we shouldn't ban Tor either.** There are other better ways to catch criminals than removing a tool millions use to stay safe online.
+
+### Tor receives government funding
+
+Yes, Tor does receive government funding, and that's a good thing. A lot of nonprofit organizations receive government funding as a stable ([usually](https://www.privacyguides.org/articles/2025/02/03/the-future-of-privacy/#the-tools-you-use-might-depend-on-government-funding)) source of income. Our governments *should* be contributing financially to the tools we all use to improve our security and privacy for free, moreover if they are using it themselves.
+
+While any organization should thrive to diversify its sources of income to reduce its dependency on large contributors, it's not always easy to do.
+
+If you feel uneasy about a privacy tool you use receiving government funding, the best thing you can do to fight this is to [donate](https://donate.torproject.org/) directly to reduce its dependence to it.
+
+### Depending on where you are, using Tor is likely safe
+
+If you are not living under an oppressive regime with heavy censorship, it's likely that using Tor is safe for you, and will not put you on "a list". Even if it was putting you on "a list", it likely is a list full of great people working to defend human rights and privacy rights online.
+
+That being said, **if you are living in a region where using Tor is dangerous**, and could put you on a list of anti-regime dissidents, you *should absolutely* be careful and take special measures to hide your usage of Tor.
+
+Additionally, **if you are in a vulnerable situation** where an aggressor has access to your device or ISP information, and could hurt you if they knew you have used Tor, you should use a Tor Bridge and only [access Tor through Tails](https://www.privacyguides.org/articles/2025/01/29/installing-and-using-tails/).
+
+### Tor is fantastic for your privacy, but is not magical
+
+Tor is a great tool to improve your privacy online and make it much harder to identify you, your location, and the content you access online. However, it will not make you magically anonymous.
+
+If you use Tor with files containing metadata about you, this metadata can still identify you.
+
+If you use Tor to log in your Facebook account, then of course Facebook still knows it's you, and now also knows you are using Tor.
+
+If you use Tor to create a new account, but use an email address, phone number, username, or profile picture you used elsewhere when not connected through Tor, then your Tor activity can get linked to your previous activity.
+
+If you use Tor to reveal information so specific that only you, or only someone at your company, or only someone in this small government department could know, then of course authorities can identify you this way.
+
+You should also consider correlation in time when using Tor. If your activity is so specific that it can be narrowed down to only a few people, and your ISP or VPN knows you have accessed Tor at this specific time (and shares this information with authorities), a correlation in time could be enough to de-anonymize you.
+
+### Misconceptions are very detrimental to Tor, and other privacy tools
+
+We need to be extremely careful when spreading information that could be inaccurate or hasn't been verified when talking about Tor (or any other privacy tools).
+
+Misinformation can create mistaken fears and stop people from using a tool they would greatly benefit from.
+
+If someone is so scared of Tor because of some rumor they heard, that they continue their activism from the surface web instead, they could needlessly put themselves at risk.
+
+Furthermore, unjustified bad reputations can severely hurt funding for tools like Tor. This leads to less resources to continue developing the browser, the network, and to advocate for privacy everywhere.
+
+We all have a responsibility to verify which information we share with others, make sure we stop misinformation at its root, and correct harmful misconceptions everywhere we hear them.
+
+## :material-hand-heart-outline: Tor needs our support
+
+**Tor is at risk, and needs our help.** Despite its strength and history, Tor isn't safe from the same attacks oppressive regimes and misinformed legislators direct at encryption and many other privacy-enhancing technologies.
+
+Moreover, due to its US government funding, Tor has already been on the destruction path of the recent hectic government cuts. Thankfully, the US Agency for Global Media finally [rescinded the grant termination](https://www.theregister.com/2025/03/25/otf_tor_lets_encrypt_funding_lawsuit/?td=rt-3a) it had announced on March 15th to the Open Technology Fund, which the Tor Project benefits from. Sadly, considering the unpredictability of the current US administration, this doesn't mean the Tor Project is safe from cuts later on.
+
+As much as the Tor Network relies on generous volunteers to run it, the nonprofit Tor Project relies on grants and donations to survive.
+
+The good news is, we can help with both!
+
+The more individuals donate to the Tor Project, the less it depends on government funding, and the more stable its donation income becomes.
+
+Similarly, the more people volunteer to run a Tor relay, the more stable and reliable the Tor Network becomes.
+
+Tor is a privacy tool so many people, organizations, and applications need to stay safe and secure. It is **our collective responsibility to contribute what we can** to keep Tor strong and thriving for all of us.
+
+### How to support Tor
+
+There are many ways to help Tor survive and thrive! You can help by:
+
+- [Donating to the Tor Project (includes really neat merch!)](https://donate.torproject.org/)
+
+- [Spreading the word about Tor](https://community.torproject.org/outreach/)
+
+- [Joining the Tor community](https://community.torproject.org/)
+
+- [Making your website accessible as an onion service](https://community.torproject.org/onion-services/setup/)
+
+- [Asking your university to run a Tor relay](https://toruniversity.eff.org/)
+
+- [Running a Tor relay yourself](https://community.torproject.org/relay/)
+
+- [Running a Snowflake proxy to help fight censorship](https://community.torproject.org/relay/setup/snowflake/)
+
+- Using Tor for anything from important to trivial
+
+- Sharing this article 💜
+
+## :octicons-bookmark-16: Onion sites you can visit using the Tor Browser
+
+- [Privacy Guides website](http://www.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion/en/) 💛
+- [Privacy Guides forum](http://discuss.6xotdxvg7pexnean3xu6b7ivs7g52zcwsdbnz4mdm4byivc3yfv65aid.onion/)
+- [Amnesty International](https://www.amnestyl337aduwuvpf57irfl54ggtnuera45ygcxzuftwxjvvmpuzqd.onion)
+- [Electronic Frontier Foundation](https://www.iykpqm7jiradoeezzkhj7c4b33g4hbgfwelht2evxxeicbpjy44c7ead.onion/)
+- [Freedom of the Press Foundation](http://fpfjxcrmw437h6z2xl3w4czl55kvkmxpapg37bbopsafdu7q454byxid.onion/)
+- [Secure Drop directory (for whistleblowers)](http://sdolvtfhatvsysc6l34d65ymdwxcujausv7k5jk4cy5ttzhjoi6fzvyd.onion/directory/)
+- [ProPublica](http://p53lf57qovyuvwsc6xnrppyply3vtqm7l6pcobkmyqsiofyeznfu5uqd.onion/)
+- [Internet Archive](https://archivep75mbjunhxc6x4j5mwjmomyxb573v42baldlqu56ruil2oiad.onion/)
+- [OnionShare (file sharing)](http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion/)
+- [Proton Mail](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion/)
+- [Tor Project](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion)
+
+***
+
+For more in-depth information about Tor, you can consult our [Tor Overview](https://www.privacyguides.org/en/advanced/tor-overview/).
+
+<small aria-hidden="true">Unless credited otherwise, all screenshots from: Privacy Guides</small>
+
+---
+
+**Update (5/6):** This article was updated to note [the importance of restarting Tor Browser](tor-security-slider-flaw.md) when changing security level settings.

blog/posts/installing-keepassxc-and-yubikey.md

@@ -0,0 +1,424 @@
+---
+date:
+    created: 2025-03-18T17:00:00Z
+categories:
+    - Tutorials
+authors:
+    - em
+description: This tutorial demonstrates how to install the local-only password manager KeePassXC and secure a password database with YubiKey.
+schema_type: AnalysisNewsArticle
+---
+# KeePassXC + YubiKey: How to set up a local-only password manager
+
+![Illustration showing a laptop computer with the KeePassXC logo on it. On the right is a green plus sign and a photo of a YubiKey.](../assets/images/installing-keepassxc-and-yubikey/keepassxc-cover.webp)
+<small aria-hidden="true">Illustration: Privacy Guides | Graphics: Yubico | Logo: KeePassXC</small>
+
+If you are looking for a good remote password manager you can use from anywhere, there are plenty of excellent [options](https://www.privacyguides.org/en/passwords/) to choose from. However, if you prefer to only store your passwords locally, [KeePassXC](https://www.privacyguides.org/en/passwords/#keepassxc) is what you need. In this tutorial, we will set up KeePassXC to work with [YubiKey](https://www.privacyguides.org/en/security-keys/#yubikey) as an additional factor to secure your local-only password database.<!-- more -->
+
+## :simple-keepassxc: KeePassXC summary
+
+KeePassXC is a free, open-source, and desktop-only password manager. The community-driven project was first released in 2012 and is a fork of both the *KeePass Password Safe* application and *KeePassX*, which is no longer actively maintained.
+
+In addition to having its [code](https://github.com/keepassxreboot/keepassxc) available for all to see, KeePassXC also went through an independent [security review](https://keepassxc.org/blog/2023-04-15-audit-report/) in 2023.
+
+Because it does not automatically sync with any remote cloud service, KeePassXC works offline by default. This offers additional protections for your privacy, and potentially for your security as well, depending on your specific situation.
+
+### Platforms
+
+KeePassXC can run on Linux, macOS, and Windows computers. There is no direct option for a KeePassXC application on mobile. The KeePassXC team [suggests](https://keepassxc.org/docs/#faq-platform-mobile) using [KeePassDX](https://www.keepassdx.com/) or [KeePass2Android](https://play.google.com/store/apps/details?id=keepass2android.keepass2android) on Android phones, and [Strongbox](https://strongboxsafe.com/) or [KeePassium](https://keepassium.com/) on iPhones.
+
+### Database cloud backup
+
+KeePassXC is local-first and will not automatically back up your password database in the cloud. This can be both an advantage for security and privacy, and a disadvantage if something were to happen to your device.
+
+To prevent losing access to your passwords, it is recommended to regularly back up your encrypted database `.kdbx` file in a remote [cloud storage](https://www.privacyguides.org/en/cloud/) of your choice, or on an encrypted external drive or USB stick.
+
+When copying this file to a third-party cloud service, it will [remain fully encrypted](https://keepassxc.org/docs/KeePassXC_UserGuide#_storing_your_database) and only get decrypted locally on your device. That being said, it's still always best to select an end-to-end encrypted cloud storage whenever possible.
+
+### Feature overview
+
+This tutorial only covers the basic installation to get you ready using KeePassXC locally, with a main password secured with a YubiKey. However, KeePassXC offers a lot of features you might also want to have a look at.
+
+In addition to the features we will set up here, KeePassXC offers the following:
+
+- [Passkey support](https://keepassxc.org/docs/KeePassXC_UserGuide#_passkeys)
+
+- [Password generator](https://keepassxc.org/docs/KeePassXC_UserGuide#_password_generator)
+
+- [Command line tool](https://keepassxc.org/docs/KeePassXC_UserGuide#_command_line_tool)
+
+- [SSH agent integration](https://keepassxc.org/docs/KeePassXC_UserGuide#_ssh_agent_integration)
+
+- [KeeShare and groups](https://keepassxc.org/docs/KeePassXC_UserGuide#_database_sharing_with_keeshare)
+
+- [Import password databases from 1Password, Bitwarden, Proton Pass, KeePass, CSV files](https://keepassxc.org/docs/KeePassXC_UserGuide#_importing_databases)
+
+- [Export databases to CSV, HTML, or XML files](https://keepassxc.org/docs/KeePassXC_UserGuide#_exporting_databases)
+
+- [And more](https://keepassxc.org/docs/KeePassXC_GettingStarted#_features)
+
+### What's new with KeePassXC 2.7.10
+
+On March 4th, KeePassXC released its most recent update. This update includes the capacity to import Proton Pass databases, to generate passphrases using *mixed* case (a mix of uppercase and lowercase), and many other [useful features](https://keepassxc.org/blog/2025-03-04-2.7.10-released/).
+
+## :material-toolbox: Requirements and preparation
+
+<div class="admonition info" markdown>
+<p class="admonition-title">Operating systems</p>
+
+This tutorial was completed using macOS, but your experience shouldn't be much different if you are using Linux or Windows.
+
+</div>
+
+For this tutorial you will need:
+
+- [x] Computer running Linux, macOS, or Windows
+- [x] Internet connection
+- [x] Ability to install software on this computer
+- [x] One or two YubiKeys (ideally two)
+
+## :material-download-circle: Setting up KeePassXC
+
+### Step 1: Download and Install KeePassXC
+
+Go to KeePassXC's download page and download the application version for your operating system. If the website doesn't detect your system automatically, you can change it on the top menu, or click on the "See more options" yellow button for previous versions.
+
+![Screenshot of the KeePassXC website download page.](../assets/images/installing-keepassxc-and-yubikey/keepassxc-1-download.webp)
+
+<div class="admonition success" markdown>
+<p class="admonition-title">Verifying signatures</p>
+
+For ideal security, you can verify the authenticity and integrity of the file you just downloaded by verifying the file's signatures. To do this, [follow the instructions](https://keepassxc.org/verifying-signatures/) from the website to guarantee the file you downloaded was created by the KeePassXC Team and has not been tampered with.
+
+</div>
+
+Complete the process for your respective OS to install and open the application once verified.
+
+![Screenshot of the application installation window for KeePassXC on macOS.](../assets/images/installing-keepassxc-and-yubikey/keepassxc-2-install.webp)
+
+On macOS, you will be prompted with a warning message saying "**“KeePassXC.app” is an app downloaded from the Internet. Are you sure you want to open it?**", click "Open".
+
+![Screenshot of a macOS warning popup before opening an application that was downloaded from the Internet.](../assets/images/installing-keepassxc-and-yubikey/keepassxc-3-installwarning.webp)
+
+<div class="admonition info" markdown>
+<p class="admonition-title">KeePassXC blocks screenshots by default</p>
+
+Interestingly, KeePassXC has a security feature that [blocks](https://keepassxc.org/docs/KeePassXC_UserGuide#_screenshot_security) screenshots and recordings of the application window on macOS and Windows.
+
+This is a great feature to prevent accidentally sharing your decrypted password database information during a meeting presentation, for example.
+
+Thankfully for writing this tutorial, there is a way to disable it temporarily, but **you** should definitely keep it on.
+
+</div>
+
+### Step 2: Adjust the settings
+
+Once you have installed and opened KeePassXC, before creating a database for your passwords, click on the "Settings" gear button on the upper-right, on the *toolbar*.
+
+![Screenshot of the KeePassXC application showing the Settings section.](../assets/images/installing-keepassxc-and-yubikey/keepassxc-4-settings.webp)
+
+From there, you will see many options you can adjust to your preferences. The default settings are already good, but you might want to tweak a few things to your specific usage.
+
+#### Keep a previous version backup (recommended)
+
+Scrolling down to the "File Management" section, you might want to enable the option to "Backup database file before saving". This will ensure you always have a backup of the previous version of your database, in case you accidentally delete important information for example.
+
+You can store this backup in the same or a different directory. You can change this backup's name or keep the default that will append `.old` to your database filename.
+
+![Screenshot of the KeePassXC application showing the Settings General section with the Backup database file before saving checkbox checked.](../assets/images/installing-keepassxc-and-yubikey/keepassxc-5-backupprevious.webp)
+
+#### Add icons specific to each service (optional)
+
+If you want to use icons specific to each service for your password entries, you can go to the "Security" subsection on the left-side menu, then in "Privacy" at the bottom *enable* "Use DuckDuckGo service to download website icons". This isn't enabled by default. Then click "OK" on the lower-right.
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Offline only?</p>
+
+Do not enable this if you wish to use KeePassXC offline only. You will still be able to use different default icons for you entries instead of downloading specific icons from the internet.
+
+</div>
+
+![Screenshot of the KeePassXC application showing the Settings Security section with the checkbox for DuckDuckGo checked.](../assets/images/installing-keepassxc-and-yubikey/keepassxc-6-duckduckgo.webp)
+
+### Step 3: Create a database
+
+A database in KeePassXC is an encrypted file that will contain all the passwords you register.
+
+You can use multiple separate databases with KeePassXC. For example, you could have a database for work, a database for your family, and a database for your personal accounts. All stored in separate files with separate main passwords. In the application, each database can be opened in its own tab.
+
+To create a new database, from the Welcome section click on the "Create Database" button on the lower-left.
+
+If you want to create a secondary database, you can also click on the dropdown Database menu on the application menu bar, then select "New Database".
+
+<div class="admonition tip" markdown>
+<p class="admonition-title">Importing an existing database</p>
+
+If you already have a password database file in the format `.kdbx`, you can import it from the Welcome page by clicking on "Import File" on the lower-right.
+
+</div>
+
+You will see a window pop up with "General Database Information". Pick a name and description for your database and click on "Continue" at the bottom.
+
+![Screenshot of the KeePassXC application showing the popup to Create a new KeePassXC database.](../assets/images/installing-keepassxc-and-yubikey/keepassxc-7-databasecreation.webp)
+
+For the second step, an "Encryption Settings" section will pop up. From there, you will be able to change the settings to your preferences. If you are not familiar with encryption algorithms, simply keep the defaults on and click "Continue" again.
+
+![Screenshot of the KeePassXC application showing the popup to Create a new KeePassXC database in the Encryption Settings.](../assets/images/installing-keepassxc-and-yubikey/keepassxc-8-databaseencryption.webp)
+
+For the next step, a "Database Credentials" section will pop up. From there, you will be able to choose a main password to lock your entire password database.
+
+At this step, it is very important to [choose a password](https://www.privacyguides.org/en/basics/passwords-overview/#best-practices) that is **unique, complex, and long**. This is the password that will protect all your other passwords. It should be easy to remember for you, but it must be *unique* and *long*. Ideally, pick a **passphrase**.
+
+#### Generate a main password (optional)
+
+If you do not feel inspired, you can use the "Generate password" dice button on the right to help you pick a strong password.
+
+![Screenshot of the KeePassXC application showing the popup to Generate Password.](../assets/images/installing-keepassxc-and-yubikey/keepassxc-9-passwordgenerate.webp)
+
+No matter if you invent or generate your main password/passphrase, **make sure to remember this main password well**. You cannot rely on your password manager for this one.
+
+<div class="admonition success" markdown>
+<p class="admonition-title">This step isn't over yet!</p>
+
+This is where you will be adding your YubiKey to further secure your database. Keep the "Database Credentials" application window open and **continue with the step below** :material-arrow-down-bold:
+
+</div>
+
+## :material-shield-key: Securing your database with a YubiKey
+
+To add a YubiKey to secure your KeePassXC database, you will first need to prepare your YubiKey(s) for it, if it's not already ready to use with a [Challenge-Response](https://docs.yubico.com/yesdk/users-manual/application-otp/challenge-response.html) application.
+
+<details class="note" markdown>
+<summary>Using a YubiKey will not add authentication per se (read more)</summary>
+
+Technically speaking, adding a YubiKey to your KeePassXC database isn't a second factor of authentication because KeePassXC isn't a service, therefore it cannot "authenticate" you.
+
+However, adding a YubiKey to secure your KeePassXC database will make decryption of your database more secure by enhancing the encryption key of your database.
+
+The Challenge-Response will remain the same each time you decrypt your database, *however*, it will change each time the database is updated (each time there is a change to it, such as adding an entry, removing an entry, adding a note, etc.). Note that the previous versions of your database could get unlocked with your main password + your key's previous Challenge-Response, however.
+
+If your key's Challenge-Response were to become compromised, you could update your database (by adding or changing an entry for example), then fully delete all previous versions of your database. This would effectively make all previous Challenge-Response obsolete to unlock your current database.
+
+You can read more on this in KeePassXC's [documentation](https://keepassxc.org/docs/).
+
+</details>
+
+### Step 4: Prepare your YubiKey(s)
+
+Because you cannot register two YubiKeys for this type of application, you should first make sure that you either have a secure backup for this Challenge-Response, or that you have cloned it to two YubiKeys, or more. This is important in case you were to lose your YubiKey.
+
+If you do have two YubiKeys, we have a [guide on how to reset your YubiKeys entirely and set up multiple keys as a backup](yubikey-reset-and-backup.md) which you may be interested in.
+
+If you only need to learn more about the Challenge-Response YubiKey application, jump to [this section](yubikey-reset-and-backup.md#step-9-create-and-clone-your-keys-challenge-response) of the tutorial directly.
+
+### Step 5: Add your YubiKey
+
+Once your YubiKey's Challenge-Response slot has been properly configured and backed up, return to the KeePassXC's "Database Credentials" window, and click on the "Add additional protection" button in the middle.
+
+This will open a new section with "Key File" and "Challenge-Response" options. Scroll down to "Challenge-Response". Plug in your YubiKey in your computer's port (only plug one key at the time), then click on the "Add Challenge-Response" button.
+
+![Screenshot of the KeePassXC application showing the popup to Create a new KeePassXC database in the Database Credentials section and highlighting the Add Challenge-Response button.](../assets/images/installing-keepassxc-and-yubikey/keepassxc-10-challengeresponse.webp)
+
+<div class="admonition question" markdown>
+<p class="admonition-title">YubiKey or OnlyKey</p>
+
+You can also use an OnlyKey to secure your KeePassXC database in the same way.
+
+</div>
+
+You should see your YubiKey's model and serial number listed, and also which YubiKey slot you have stored your Challenge-Response in. Once the correct key is selected, click on "Done" at the bottom.
+
+![Screenshot of the KeePassXC application showing the popup to Create a new KeePassXC database in the Database Credentials section when a YubiKey is plugged in.](../assets/images/installing-keepassxc-and-yubikey/keepassxc-11-selectyubikey.webp)
+
+A window will pop up to ask where you want to save your password database. Name your database file and save it in a secure directory on your computer. You will then be asked to touch your YubiKey.
+
+Touch the gold part of your YubiKey to save your database file. You will have to touch your YubiKey each time you save this database, and the file will be saved each time you make changes to it.
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Important! Unlocking your database</p>
+
+Each time you unlock your KeePassXC database, make sure to first plug in your YubiKey and verify that the "Use hardware key" checkbox is checked. Then, enter your main password and touch the gold part of your YubiKey when prompted.
+
+If you do not plug in your YubiKey first, an error will be triggered, and you will be unable to unlock your database.
+
+</div>
+
+## :fontawesome-solid-unlock-keyhole: Using KeePassXC
+
+Using KeePassXC is quite simple and resembles most other password manager applications. The biggest difference is that your passwords will remain stored locally, unless you decide to back up your password database to a cloud service of your choice.
+
+All the options to manage and use your entries credentials will be located on the *toolbar* at the top.
+
+![Screenshot of the KeePassXC application showing an empty database section.](../assets/images/installing-keepassxc-and-yubikey/keepassxc-12-databasenew.webp)
+
+<div class="admonition tip" markdown>
+<p class="admonition-title">Locking the database</p>
+
+At all time when the application is open, you can click in the "Lock Database" padlock button on the toolbar to lock your database. You can also adjust the settings to lock your database each time you minimize the application window (this is disabled by default).
+
+Your database will already lock itself automatically when your laptop lid is closed, the session is locked, or if your switch user (unless you disabled these options manually in settings).
+
+</div>
+
+### Step 6: Create a password entry
+
+To create a [new entry](https://keepassxc.org/docs/KeePassXC_GettingStarted#_entry_handling) for a password, click on the "Add a new entry" plus-shaped button on the toolbar.
+
+From this section, you will be able to register a "Title", "Username", "Password" (or generate one), "URL" (this is important if you use the browser extension), "Tags", "Expires" date, "Notes", and more.
+
+![Screenshot of the KeePassXC application showing the Add entry section filled with information.](../assets/images/installing-keepassxc-and-yubikey/keepassxc-13-newentry.webp)
+
+<div class="admonition tip" markdown>
+<p class="admonition-title">Keep your YubiKey plugged in when changing your database</p>
+
+When adding/removing entries or changing your database in any other way, make sure your YubiKey is plugged in. You will have to touch it each time you save changes to your database.
+
+</div>
+
+Before saving your entry by clicking "OK" on the lower-right, explore the options on the left-side menu.
+
+For example, in the "Advanced" section you can add additional attributes and store attachments, in the "Icon" section you can select an icon to represent your password entry (or download one from the web), in the "Auto-type" section you can enable/disable Auto-type, and in the "Properties" section you will see additional metadata for this entry.
+
+![Screenshot of the KeePassXC application showing the Add entry section in the Icon subsection.](../assets/images/installing-keepassxc-and-yubikey/keepassxc-14-entryicons.webp)
+
+Once you have set up all the information you need for this password entry, click "OK" to save it to your database. You will be prompted to touch the gold part of your YubiKey to complete the operation. You should now see your entry listed in your database.
+
+![Screenshot of the KeePassXC application showing the database section with one password entry filled.](../assets/images/installing-keepassxc-and-yubikey/keepassxc-15-entrycreated.webp)
+
+Each time you need this information, you can select an entry and click on the "Copy username to clipboard" character-shaped button, or the "Copy password to clipboard" key-shaped button, or the "Copy URL to clipboard" earth-shaped button on the toolbar.
+
+The data will stay in your computer's clipboard for 10 seconds then will get cleared (unless you changed this from the default setting). Once copied, paste this information in the appropriate field for your service.
+
+![Screenshot of the KeePassXC application showing the database section with all three buttons Username, Password, and URL for entry pointed at with arrows.](../assets/images/installing-keepassxc-and-yubikey/keepassxc-16-useentry.webp)
+
+<div class="admonition danger" markdown>
+<p class="admonition-title">Accidental deletion danger!</p>
+
+Be careful not to mistakenly click on the dangerous "Delete Entry" trash-shaped button left to the "Copy username to clipboard" button on the toolbar!
+
+You would have to touch your YubiKey to confirm deletion, but remain careful. If you click on it accidentally, do NOT touch your YubiKey to confirm!
+
+If this accident happened to you, you might see your entry has been moved to a "Recycle Bin" directory on the left. Right-click on your entry and select "Restore Entry" at the top of the entry menu. Touch your YubiKey when prompted. You should now see your entry back in the "Root" directory on the left-side menu.
+
+</div>
+
+### Step 7: Back up your database
+
+There are many ways to [back up](https://keepassxc.org/docs/KeePassXC_UserGuide#_database_backup_options) your KeePassXC database:
+
+#### Automatic local backup
+
+If you enabled this setting on [Step 2](#step-2-adjust-the-settings), you will see a second file getting saved in the same directory with the same name but with an appended `.old` to it when you make a change to your password database.
+
+This is the previous version of your database. If you delete a password entry by mistake for example, you can easily restore it with this secondary database backup file.
+
+#### Manual backup from the application menu
+
+When your database is unlocked, you can click on the dropdown "Database" menu in the application menu bar (not the toolbar), then select "Save Database Backup".
+
+You will have the option to rename this file and choose a different location. Then, you will be prompted to touch your YubiKey to confirm.
+
+![Screenshot of the KeePassXC application showing the application menu with the Database dropdown menu rolled down and the Save Database Backup option selected.](../assets/images/installing-keepassxc-and-yubikey/keepassxc-17-savedatabase.webp)
+
+#### Manual backup from copying the database file
+
+Another way to keep a backup of your password database is to simply copy the database `.kdbx` file somewhere else.
+
+You can copy this file to another local directory, an external drive (ideally encrypted), or a secure [cloud service](https://www.privacyguides.org/en/cloud/) of your choice (ideally an end-to-end encrypted one). Even if your database will be encrypted, it's always better to choose secure cloud services that offer solid end-to-end encryption.
+
+<div class="admonition info" markdown>
+<p class="admonition-title">Entry history</p>
+
+Within your database, KeePassXC also maintains a history of changes made to each of your entries. You can read more about this feature from KeePassXC's [documentation](https://keepassxc.org/docs/KeePassXC_UserGuide#_history).
+
+</div>
+
+### Step 8: Install the browser extension (optional)
+
+When you need to use KeePassXC to fill credentials in a browser or an app, you can always copy the entry field you need manually, as explained on [Step 6](#step-6-create-a-password-entry). But if you prefer, to facilitate filling credentials for web-based services, you can take advantage of KeePassXC's [browser extension](https://keepassxc.org/docs/KeePassXC_UserGuide#_browser_integration).
+
+To install the extension, go to [this page](https://keepassxc.org/download/#browser) from the KeePassXC website and click on your browser's *category*.
+
+This means that for any Firefox-based browser, you can click on the Firefox logo, and for any Chromium-based browser, you can click on the Chrome logo. Some browsers might not be supported, however.
+
+![Screenshot of the KeePassXC website page to download the browser extension.](../assets/images/installing-keepassxc-and-yubikey/keepassxc-18-downloadextension.webp)
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Privacy warning</p>
+
+Keep in mind that although browser extensions can be very convenient, they can also introduce some risk to your privacy.
+
+Even if the KeePassXC browser extension only [runs locally](https://keepassxc.org/privacy/), it does need to collect some information for its functionalities, and any additional extension installed has the potential to [introduce](https://www.privacyguides.org/en/browser-extensions/) a new attack surface.
+
+Additionally, the more unique your combination of hardware, software, and browser extensions is, the more you are vulnerable to [browser fingerprinting](https://neat.tube/w/fdszTYBKzeoE3ySQUGTzmo). Always be mindful to consider your specific threat model when installing new browser extensions.
+
+</div>
+
+Once you have installed the extension for your browser, go back to the KeePassXC application and click on the "Settings" gear button on toolbar. Click on "Browser Integration" on the left-side menu and check the box for "Enable browser integration" at the top of the section.
+
+![Screenshot of the KeePassXC application showing the Settings section in the Browser Integration subsection with the checkbox for Enable browser integration checked.](../assets/images/installing-keepassxc-and-yubikey/keepassxc-19-browserintegration.webp)
+
+From this [section](https://keepassxc.org/docs/KeePassXC_UserGuide#_configure_keepassxc_browser), check the box for the browser(s) or browser type(s) you have installed the extension on. You can also enable the option "Search in all opened databases for matching credentials" if you are using multiple databases. Then click "OK" on the lower-right to save these options.
+
+Make sure your KeePassXC database is *unlocked*, then **restart your browser**.
+
+#### If you encounter an error while running the extension
+
+<div class="admonition info" markdown>
+<p class="admonition-title">You don't have to use the extension</p>
+
+If you are not able to make the KeePassXC extension work with the browser you use, you can still use KeePassXC by manually copy-pasting your entries' credentials. It can even be a more secure and more private way to use it.
+
+</div>
+
+After installing the extension and enabling it from the KeePassXC settings, you might encounter an error where the KeePassXC icon in a credential field is [marked](https://keepassxc.org/docs/KeePassXC_GettingStarted#_using_the_browser_extension) with a red "**X**", a red "**!**", or a padlock icon.
+
+If this happens, try the following:
+
+1. Make sure your KeePassXC application is open, and your database is *unlocked*.
+
+2. Check if your YubiKey is *plugged* in your computer's port.
+
+3. Verify that your browser is *compatible* and does not use protections that could block the extension from working.
+
+4. Follow KeePassXC's [instructions](https://keepassxc.org/docs/KeePassXC_UserGuide#_using_the_browser_extension) to connect your KeePassXC database to your KeePassXC browser extension.
+
+5. Look for possible solutions from KeePassXC's [troubleshooting guide](https://github.com/keepassxreboot/keepassxc-browser/wiki/Troubleshooting-guide).
+
+![Screenshot of the CryptPad website login page showing in the Username field the KeePassXC logo greyed out and marked with a red "X".](../assets/images/installing-keepassxc-and-yubikey/keepassxc-20-errorconnection.webp)
+
+#### Filling credentials using the extension
+
+<div class="admonition note" markdown>
+<p class="admonition-title">The database is connected but the logo is greyed out</p>
+
+If you do not have an entry for this website, or if you have not registered a URL (or the correct one) for this entry, your will see the KeePassXC logo greyed out. This simply means your database could not find any credentials matching this website's URL.
+
+</div>
+
+Once configured and connected properly, you should see a green KeePassXC logo in the credential fields, when you have a corresponding entry in your database.
+
+Click on the green KeePassXC logo to populate all credential fields automatically.
+
+![Screenshot of the CryptPad website login page showing in the Username field the KeePassXC logo in green and both the credentials for Username and Password are filled.](../assets/images/installing-keepassxc-and-yubikey/keepassxc-21-credentialsextension.webp)
+
+<div class="admonition success" markdown>
+<p class="admonition-title">Congratulation! You're in!</p>
+
+You are now logged in, thanks to KeePassXC!
+
+</div>
+
+## :material-hand-heart: Consider supporting KeePassXC
+
+KeePassXC is a free and open-source project built by the community. If you use and love this application, it's always a great idea to support the project if you can.
+
+Here are a few ways you can help keep KeePassXC thriving:
+
+- [Contributing on GitHub](https://github.com/keepassxreboot/keepassxc/blob/develop/.github/CONTRIBUTING.md)
+- [Following KeePassXC on Mastodon](https://fosstodon.org/@keepassxc)
+- [Donating to KeePassXC to help with the development and maintenance of the application](https://keepassxc.org/donate/)
+
+For more information on KeePassXC and its many features, you can consult the official [Documentation and FAQ](https://keepassxc.org/docs/) or even have a look at KeePassXC's [code](https://github.com/keepassxreboot/keepassxc) on GitHub.
+
+<small aria-hidden="true">Unless credited otherwise, all screenshots from: Privacy Guides</small>

blog/posts/interview-with-micah-lee.md

@@ -0,0 +1,165 @@
+---
+date:
+    created: 2025-03-28T17:00:00Z
+categories:
+    - News
+authors:
+    - em
+description: 'This article is an interview with Micah Lee, the creator of Cyd and OnionShare, founder of Lockdown Systems, and author of Hacks, Leaks, and Revelations: The Art of Analyzing Hacked and Leaked Data.'
+schema_type: NewsArticle
+preview:
+  cover: blog/assets/images/interview-with-micah-lee/social-preview-cover.webp
+---
+# Interview with Micah Lee: Cyd, Lockdown Systems, OnionShare, and more
+
+![Photo of Micah Lee over a yellow and purple graphic background, and with the name Micah Lee written on the right.](../assets/images/interview-with-micah-lee/micah-lee-cover.webp)
+
+<small aria-hidden="true">Illustration: Jonah Aragon / Privacy Guides | Photo: Micah Lee</small>
+
+If you don't know who Micah Lee is yet, here's why you should: Micah is an information security engineer, a software engineer, a journalist, and an author who has built an impressive career developing software for the public good, and working with some of the most respected digital rights organizations in the United States.<!-- more -->
+
+If you have been following software development related to data privacy and security for a while, you probably already know one of Micah's projects such as [OnionShare](https://onionshare.org/), [Dangerzone](https://dangerzone.rocks/), the [Tor Browser Launcher](https://github.com/torproject/torbrowser-launcher), and more recently [Cyd](https://cyd.social/) (a rebirth of Semiphemeral). Additionally, he is also a core contributor to the [Tor Project](https://www.torproject.org/) and a contributor to [Hush Line](https://hushline.app/).
+
+Besides software development, Micah is a board member for [Science & Design](https://scidsg.org/) and [Distributed Denial of Secrets](https://ddosecrets.com/), a former board member and cofounder of [Freedom of the Press Foundation](https://freedom.press), and has been a Staff Technologist for the [Electronic Frontier Foundation](https://www.eff.org/).
+
+You might have already read some of Micah's articles when he worked at [The Intercept](https://theintercept.com/staff/micah-lee/), or even read his new [book](https://hacksandleaks.com/) Hacks, Leaks, and Revelations: The Art of Analyzing Hacked and Leaked Data.
+
+We spoke with Micah over email and are delighted that he decided to talk with us at Privacy Guides. Let's get into it!
+
+***Em:*** *Hi Micah! We're thrilled that you have accepted to give us this interview at Privacy Guides. Thank you for taking time off your busy schedule to talk with us.*
+
+## Cyd: The app to claw back your data from Big Tech
+
+***Em:*** *Let's start with your newest project. [Cyd](https://cyd.social) is an application you have created in 2024 to help people backing up and deleting their tweets on X-(Twitter). This app emerged from the ashes of [Semiphemeral](https://micahflee.com/2024/07/like-a-phoenix-semiphemeral-will-rise-from-the-ashes/), a great tool that was unfortunately rendered unusable when Twitter decided to [shut off its API](https://mashable.com/article/twitter-ending-free-api-tier-elon-musk-worst-decision). I personally loved Semiphemeral and used it to delete thousands of my tweets before eventually deleting my whole Twitter account later on. Can you tell us more about how Cyd works despite not using X's API?*
+
+**Micah:**
+
+APIs make it way simpler for programmers to interact with online services, but they're not the only way. As long as social media platforms like X still run websites, and it's still possible for you, the human, to manually scroll through your tweets and delete them, it's possible to write a program that can do this for you.
+
+This is basically how Cyd works. It's a desktop app that includes an embedded web browser. When you add an X account to it, you login to your account in the browser, and then Cyd takes over. You can tell it that you want to delete your tweets, or likes, or bookmarks, or unfollow everyone, or save a backup of your DMs, or plenty of other things, and it does this by automating the embedded browser on your behalf. No API required.
+
+Cyd uses open APIs when they're available and make sense. For example, if you want to quit X but you don't want your old tweets to disappear forever, Cyd can migrate them to Bluesky using Bluesky's API -- soon we'll add support for migrating to Mastodon too. But for closed platforms that suck (like X, and Facebook too, which we're adding support for right now), we're forced to do it the hard way.
+
+***Em:*** *Talking about openness, recently this year you have decided to [make Cyd open source](https://infosec.exchange/@micahflee/113885066507235250). This is fantastic news! What did you take into consideration before making this decision and what kind of [contributions](https://github.com/lockdown-systems/cyd) or feedback are you hoping to receive from the community?*
+
+**Micah:**
+
+I'm extremely happy that Cyd is now open source. I've open-sourced most code that I've ever written, so it honestly felt kind of weird starting out making Cyd proprietary.
+
+My biggest concern with making it open was that I want Cyd to be a sustainable business, where some of the features are free and some of the features are premium and cost money -- enough so that me, and eventually other people working on it, could get paid a decent wage. And as an open source app, it would be easy for someone to fork it and remove the bits of code that check if you've paid for premium access.
+
+But after talking it through with some other people who are very experienced open source devs, I decided that this isn't that big of a deal, and that the benefits of being open source far outweigh the costs.
+
+Now when you use Cyd, you can now *confirm* that it doesn't have access to your social media accounts or any of the data in it. Having an open issue tracker on GitHub is great too, because people in the community can open issues, post comments, and track the progress of features they're looking forward to. Also being open source means we have the ability to accept grants and donations, in addition to selling premium accounts. You can check out our Open Collective page at [https://opencollective.com/lockdown-systems](https://opencollective.com/lockdown-systems).
+
+I'm hoping that members of the community will discuss features we're making, or even contribute code directly to our project. Right now, Cyd is only available in English, but we're also hoping to translate it into many different languages going forward, so I'm hoping that people will eventually chip in it to help translate Cyd to their native languages.
+
+***Em:*** *Having access to Cyd in multiple languages would really be wonderful. Likewise for multiple social media, when additional ones will be added later on. But at the moment, Cyd definitely seems to be [focusing](https://cyd.social/want-to-quit-x-in-2025-heres-how-to-do-it-the-right-way-with-cyd/) on X. You have personally been on the receiving end of Elon Musk's vengeful whims before when your Twitter account got [banned](https://micahflee.com/2023/05/elon-banned-me-from-twitter-for-doing-journalism-good-riddance/) in 2022 for criticizing him. I would say this qualifies as a badge of honor. Do you think you could still be on his radar with Cyd focusing on [data deletion for X](https://cyd.social/delete-all-your-tweets-for-free-with-cyd/) even though X has shut off its API? Have you taken any specific measures about this?*
+
+**Micah:**
+
+I think it's actually more likely that I'll be on Elon Musk's radar because of my [recent work](https://www.youtube.com/live/APHo7bea_p4?si=stSrkmo1MWy5_iVX&t=3338) with the Tesla Takedown movement than with Cyd... Right now, Musk is spending all of his time purging the US government of critics and consolidating executive power under Trump. So maybe he's too distracted on his fascism project to care about what we're doing with deleting tweets?
+
+But that said, Musk is litigious and we're definitely concerned about legal threats. We've consulted lawyers and we're trying to be as safe as possible.
+
+## Lockdown Systems: The new organization developing Cyd
+
+***Em:*** *Cyd is a project of [Lockdown Systems](https://lockdown.systems), a new organization you have created with colleagues just a few months ago. Can you tell us more about the structure of this organization and who else is involved?*
+
+**Micah:**
+
+We're still finalizing the paperwork, but Lockdown Systems is a new worker-owned collective! At the moment there are five of us:
+
+- me
+- Jen, a former SecureDrop engineer who was the technical editor of my book and, for several years, my Dungeons & Dragons dungeon master
+- Saptak, a talented human-rights-focused open source developer who I work with on OnionShare
+- Yael, an investigative journalist friend who, among other things, broke a story with me about how Zoom had lied about supporting end-to-end encryption just as everyone started using it during the pandemic
+- Akil, a talented newsroom engineer I worked closely with at The Intercept
+
+Most companies are owned by investors who only care about profit. They don't care about the workers, and they definitely don't care about the end-users of the software they make. This is why it's so common for tech companies to end up spying on their users and selling that data: it's an additional way to make a profit for their investors.
+
+We're different. Lockdown Systems is owned by its workers, and we don't have outside investors. We have all agreed to the explicit goals of: ensuring the well-being of our members; making tools that help fight fascism and authoritarianism; and prioritizing impact over profit.
+
+We make decisions by coming to consensus, and everyone in the collective gets paid the same wage. Even though I started Cyd, I don't have more say than anyone else.
+
+***Em:*** *That is such a great organizational structure for software development. Lockdown Systems really has an impressive team of skilled and dedicated people. Presently, it seems from the website and [GitHub page](https://github.com/lockdown-systems) that Lockdown Systems is focusing on developing and growing Cyd only. Are you planning on using Lockdown Systems mainly for Cyd or are you envisaging other applications getting added to Lockdown Systems in the near (or far) future?*
+
+**Micah:**
+
+So far, Cyd is our only product. There are many features we plan on building, and we also need to get it the point where it can fund our continued work. Most likely, this will be our main project for the near future.
+
+That said, we're definitely open to branching out. We make software that directly empowers individuals, helping them reclaim their autonomy and privacy. So if we see an opportunity to build something that will directly help people who are facing fascist threats -- whether it's supporting abortion access, keeping immigrants safe, helping communities organize mutual aid, etc. -- we will absolutely do it.
+
+***Em:*** *If one day some generous millionaire (let's keep it at millionaire, we all know what happens at billionaire) decided to give Lockdown Systems a huge budget bump no string attached, how would you like to grow the organization with this money?*
+
+**Micah:**
+
+One cool thing about being a member of a collective is that if this happened, the whole collective would brainstorm together and we'd come up with ideas that are far better than what I could come up with alone. But that said, I definitely have some thoughts.
+
+Right now, everyone is working part time, between about 10 and 30 hours a week each. If we had the resources, many of us would work on Cyd full-time, and we'd be able to offer benefits like health care and retirement contributions. We could also increase how many people are part of the collective, and build out new features at a much faster rate.
+
+In my mind, future Cyd will be a single app (possible available on mobile devices, not just desktop) where you can have total control over all of your data that's currently stored by tech companies (X, Facebook, Instagram, TikTok, LinkedIn, Reddit, Bluesky, Mastodon, Discord, Slack, Telegram, Amazon, Airbnb, Substack, and on and on). You can backup all your data and then have choice over where you want the rest of it: you can delete *everything*, or you can choose to keep your online presence that you're proud of. You can easily cross-post to multiple platforms, and also automatically delete your older posts from the corporate platforms, while keeping them live on the open ones. Or, however else you choose to do it.
+
+If we had a bigger team to pay for more labor, there's a lot that we could get done.
+
+***Em:*** *In the meantime, I imagine one million $1 donations could also help. If our readers would like to support the development of Lockdown Systems, they can make a [donation on this page](https://opencollective.com/lockdown-systems).*
+
+## OnionShare: The app to share files, host websites, and chat anonymously through Tor
+
+***Em:*** *Our community is likely familiar with this great application included in so many security and privacy-focused projects, including [Tails](https://tails.net/), [Qubes OS](https://www.qubes-os.org/), [Whonix](https://www.whonix.org/), and [Parrot OS](https://parrotsec.org/). What motivated you to create [OnionShare](https://onionshare.org) more than 10 years ago, and what do you think is the best way to use it now?*
+
+**Micah:**
+
+I made OnionShare in 2014 while I was helping journalists report on the Snowden documents. The big motivation was a border search: Glenn Greenwald's partner, David, traveled from Berlin, where he was visiting Laura Poitras, back to his home in Rio de Janeiro. He was carrying an encrypted hard drive, on an assignment for The Guardian. During his layover at Heathrow airport in London, UK authorities detained him and searched him.
+
+None of this was necessary. Using the internet, encryption, and Tor, it's possible to securely move documents around the world without putting anyone at risk at a border crossing. In fact, I was already doing something similar with journalists I was collaborating with on Snowden stories myself. To send someone secret documents, I'd first encrypt them using PGP, and then place them in a folder on my laptop. I'd start up a web server with a simple directory listing for that folder, and then make that web server accessible as a Tor onion service.
+
+While this wasn't too hard for me, an experienced Linux nerd, to set up, it would be very challenging for most people. I made OnionShare basically as a user-friendly way for anyone to be able to securely share files, peer-to-peer, without needing to first upload them to some third party service like Dropbox.
+
+Today, OnionShare has more features. It's basically like a graphical interface to do cool things with Tor onion services -- you can send files, but you can also turn your laptop into an anonymous dropbox so people can upload files to you, and you can quickly host onion websites and spin up temporary chatrooms too. And there are Android and iPhone apps!
+
+The last time I used OnionShare myself was last week. On my personal newsletter, I'm writing a [series of posts](https://micahflee.com/exploring-the-paramilitary-leaks/) exploring the Paramilitary Leaks, 200 GB of data from the American militia movement, obtained by an infiltrator name John Williams. While working on one of my posts, John used OnionShare to send me some additional documents.
+
+## Other projects and thoughts
+
+***Em:*** *You have been a prolific writer as a journalist for [The Intercept](https://theintercept.com/staff/micah-lee/), your own [Blog](https://micahflee.com/), and in January 2024 you [released](https://micahflee.com/2023/12/hacks-leaks-and-revelations-the-art-of-analyzing-hacked-and-leaked-data/) a book called Hacks, Leaks, and Revelations: The Art of Analyzing Hacked and Leaked Data. What is this book about, and who is it written for?*
+
+**Micah:**
+
+I spent many years reporting on hacked and leaked datasets, starting with the Snowden archive. Since then, I've seen the amount of hacked and leaked data grow exponentially. And at the same time, journalists and researchers -- the people who really need to dig through this data and find the good stories -- don't even know where to start.
+
+So that's what my book is, an interactive guide to downloading and exploring datasets. It doesn't require any prior knowledge, but it does get pretty technically, including two chapters teaching Python programming. If you're following along, near the beginning of the book you'll encrypt a USB hard drive and then download a copy of BlueLeaks to it -- hundreds of gigabytes of hacked police documents from the middle of the Black Lives Matter uprising in 2020. You'll use this dataset, along with several others, as examples as you learn how to make sense of data like this.
+
+You should definitely buy the book if you're interested and you can, but information wants to be free, so I also released the whole book under a Creative Commons license. You can read the whole thing online at [hacksandleaks.com](https://hacksandleaks.com/).
+
+***Em:*** *I can see how much of a valuable skill this is to learn for journalists and researchers in this day and age. Even if nothing compares to having a physical paper copy (in my opinion), it's wonderful that you share your book online for people who, for various reasons, cannot order a copy. You have worked or still work with the Electronic Frontier Foundation, Freedom of the Press Foundation, Science & Design, the Tor Project, and Distributed Denial of Secrets. Your contribution and commitment to digital rights is undeniable. From your experience, what are you envisioning for the future of digital rights activism?*
+
+**Micah:**
+
+I don't have all of the answers, but I do think that it's important for digital rights activists to meet the moment. Fascist politicians are gaining power around the world. The gap between the ultra rich and everyone else is wider than it's ever been before. Elon Musk has openly bought the US government, and the Trump-supporting oligarchs control all of our critical tech infrastructure. Climate change deniers and anti-vaxxers are the ones in charge right now, at least in the US. Things are pretty bad.
+
+Whatever we do, we should have the goal of shifting power away from the fascists and billionaires and towards everyone else. We need alternative platforms that are not only open and democratic, but also just as easy to use as the corporate walled gardens. We need digital rights, not to mention digital security, to fully integrate itself into the rest of the mass movements going on now, whether it's to save the planet from climate change, to protect immigrants getting sent to gulags, or to stop the genocide in Gaza.
+
+***Em:*** *Absolutely, and digital rights advocates and organizations undeniably have a crucial role to play in these movements. Finally, is there anything else you would like to share with us that we haven't discussed yet?*
+
+**Micah:**
+
+If you want to support Lockdown Systems and you work for an organization that might be interested in offering Cyd as a benefit to their employees, check out Cyd for Teams! If we can get organizations on board this will go a long way to making sure we can continue to get paid doing this work: [https://docs.cyd.social/docs/cyd-for-teams/intro](https://docs.cyd.social/docs/cyd-for-teams/intro)
+
+***Em:*** *Thank you so much Micah for taking the time to answer our questions today! The new projects you are working on are fascinating, and so important in the current landscape. I'm excited for more people to discover Cyd and Lockdown Systems, and will myself be following their evolution and expansion enthusiastically.*
+
+## Consider supporting Micah Lee's projects
+
+If you would like to follow Micah Lee's work and support his projects, consider:
+
+- [Following Micah Lee on Mastodon](https://infosec.exchange/@micahflee)
+
+- [Reading Micah Lee's Blog](https://micahflee.com/)
+
+- [Donating to Cyd and Lockdown Systems](https://opencollective.com/lockdown-systems)
+
+- [Signing up for Cyd for Teams](https://docs.cyd.social/docs/cyd-for-teams/sign-up)
+
+- [Getting a copy of Hacks, Leaks, and Revelations](https://hacksandleaks.com/)
+
+- [Contributing to one of Micah Lee's software](https://github.com/micahflee)

blog/posts/privacy-means-safety.md

@@ -0,0 +1,223 @@
+---
+date:
+    created: 2025-03-25T20:30:00Z
+categories:
+    - News
+authors:
+    - em
+description: Privacy is a human right that should be granted to everyone, no matter the reason. That being said, it's also important to remember that for millions of people around the world, data privacy is crucial for physical safety. For people in extreme situations, privacy can literally mean life or death.
+schema_type: NewsArticle
+---
+# Privacy Means Safety
+
+![Photo of a padlock with "SOS" written on it and a drawn heart instead of an "O" letter. It is locked on a metal fence.](../assets/images/privacy-means-safety/privacy-means-safety-cover.webp)
+
+<small aria-hidden="true">Photo: Georgy Rudakov / Unsplash</small>
+
+Privacy is a human right that should be granted to everyone, no matter the reason. That being said, it's also important to remember that for millions of people around the world, data privacy is crucial for physical safety. For people in extreme situations, privacy can literally mean life or death.<!-- more -->
+
+Many of us have experienced moments when our privacy concerns have been minimized or even completely dismissed.
+
+This general hostility towards data protection is dangerous. Yes, dangerous. **Data privacy isn't a trivial matter.**
+
+There are many circumstances where inadvertently or maliciously exposed data can put someone in grave danger. Worse, sometimes this danger might not even be known at the time, but might become incredibly important later on.
+
+We should never downplay the serious risk of exposing someone's data, even if this isn't a situation we personally experience, or even understand.
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Content Warning: This article contains mention of sexual assault, violence, and death.</p></div>
+
+## Leaked data can have grave consequences
+
+This isn't a hypothetical situation. There has been many tragic events where people have been harmed and even killed because data about them was leaked, stolen, or otherwise revealed to someone hostile.
+
+### Children
+
+The data of children is something our society should be much more invested in protecting, yet most new legislation [proposed](the-future-of-privacy.md#chat-control-wants-to-break-end-to-end-encryption) or [passed](the-future-of-privacy.md#age-verification-wants-to-collect-your-sensitive-data) to supposedly protect the children are doing the complete *opposite*, endangering everyone's data, *including* the children's.
+
+As for the data protection we already have, they are insufficient to protect most people's data, also including the children's.
+
+In 2020, the Irish child and family agency, Tusla, was fined €75,000 for a breach of the General Data Protection Regulation (GDPR). Investigation [revealed](https://www.irishtimes.com/news/crime-and-law/tusla-becomes-first-organisation-fined-for-gdpr-rule-breach-1.4255692) three instances where data about children had been negligently disclosed to unauthorized parties.
+
+In one case, the location and contact information of a mother and child was revealed to an alleged abuser. In another, the agency neglectfully [provided](https://www.irishtimes.com/ireland/social-affairs/2025/03/04/abusers-using-data-protection-law-to-get-details-on-victims/) the address of a child and the mother's phone number to a man accused of child sexual abuse.
+
+Such data leaks should never be tolerated. Sadly, much stronger fines will be required to stop organizations from being so dangerously careless.
+
+In 2018, an incredibly unfortunate 12-year-old gamer and his mother were both likely [traumatized for life](https://www.pcgamesn.com/fortnite/fortnite-stream-swatting) by a violent [swatting attack](https://en.wikipedia.org/wiki/Swatting) when the child's home address was exposed online. The outcome of this horrible attack could have ended much more tragically. The story doesn't explain how the child's address was found.
+
+Swatting attacks have become such a [problem](#mistaken-identity) in the United States that the Federal Bureau of Investigation (FBI) recently [created](https://www.nbcnews.com/news/us-news/fbi-formed-national-database-track-prevent-swatting-rcna91722) a national database to help track and prevent such attacks.
+
+### Victims of stalkers
+
+Stalking victims are incredibly vulnerable to any data leak. People in such situation can often be gravely endangered by data broker services, data breaches, information they might have shared online recently or decades ago, and information shared about them by friends and family.
+
+Unfortunately, this kind of horrifying situation isn't rare.
+
+The danger to victims of online stalkers should never be minimized. Stalking and harassment are serious crimes that should be reported and severely punished. Overlooking these offenses is being ignorant to how quickly the consequences of such crimes can escalate.
+
+In 2019, a 21-year-old Japanese pop star got stalked and sexually [assaulted](https://www.bbc.co.uk/news/world-asia-50000234) by a man who found her location from a picture she posted online. The photo had such high definition that the perpetrator was able to see and identify a specific train station that was visible *through a reflection in the singer's eyes*.
+
+The aggressor also gathered information about the victim's home by examining the photos she posted from her apartment to determine the exact unit location. He then went to the train station he identified from the photo, waited for her, and followed her home.
+
+In 2023, a podcast host and her husband were [killed](https://www.nbcnews.com/news/us-news/podcast-host-killed-stalker-deep-seated-fear-safety-records-reveal-rcna74842) by an online stalker. Despite having requested a protection order against the murderer, and despite blocking his phone number and social media accounts, after months of intense harassment online, the man eventually found the podcaster's home address, broke in, and fatally shot her and her husband.
+
+### Victims of domestic violence
+
+Victims of domestic violence are at an elevated risk of severe or even fatal repercussions when their data gets leaked or shared. People in this extreme situation often have to take extreme measures to protect data that could allow their abuser to find their new location.
+
+Things as banal as exposing someone's license plate, or posting online a photo taken in a public space could literally get a person in such situation killed.
+
+Moreover, some abusers are [weaponizing](https://www.irishtimes.com/ireland/social-affairs/2025/03/04/abusers-using-data-protection-law-to-get-details-on-victims/) subject access requests in an attempt to find the location of the victims fleeing them.
+
+It is imperative to ensure that data access legislation cannot be misused in such a dangerous way. Data legally shared with a subject should never lead to the harm of someone else.
+
+In another instance, a woman who was raped by a former partner was unable to safely receive counseling care because the notes from her counseling sessions could have been [shared](https://www.irishtimes.com/crime-law/courts/2025/01/17/calls-for-law-to-be-changed-to-end-access-to-rape-victims-counselling-notes/) in court with the perpetrator.
+
+Data privacy regulations should protect such sensitive data from being shared without explicit and free consent from the patient.
+
+### Healthcare seekers
+
+People seeking essential healthcare in adverse jurisdictions can be prosecuted when their private communications or locations are intercepted.
+
+In 2023, a mother from Nebraska (US) was arrested and criminally [charged](https://www.theverge.com/2023/7/11/23790923/facebook-meta-woman-daughter-guilty-abortion-nebraska-messenger-encryption-privacy) after she helped her 17-year-old daughter get an abortion.
+
+The woman was arrested partly based on the Facebook messages she exchanged with her daughter discussing medication for the abortion. Police obtained a copy of the private Facebook conversation by serving a warrant to Meta, which the company quickly complied with.
+
+### Whistleblowers and activists
+
+Whistleblowers and activists are at especially high risk of harm, particularly if they have publicly opposed or exposed oppressive regimes or criminal groups.
+
+Governments around the world, especially more authoritarian ones, have been increasingly [monitoring social media](https://privacyinternational.org/long-read/5337/social-media-monitoring-uk-invisible-surveillance-tool-increasingly-deployed) to track, identify, and persecute critics, activists, and journalists.
+
+Authorities have also been mandating direct collaboration from service providers to arrest activists. In 2021, a French climate activist was [arrested](https://techcrunch.com/2021/09/06/protonmail-logged-ip-address-of-french-activist-after-order-by-swiss-authorities/) after Proton Mail was legally [compelled](https://proton.me/blog/climate-activist-arrest) by Swiss laws to log and share the activist's IP address with authorities.
+
+In 2017, a 25-year-old working for the American National Security Agency (NSA) as a contractor was arrested after she was [identified](https://arstechnica.com/information-technology/2017/06/how-a-few-yellow-dots-burned-the-intercepts-nsa-leaker/) as the whistleblower who leaked a report about Russian electoral interference in the United States.
+
+The whistleblower had mailed the classified document to The Intercept anonymously. However, when the news organization tried to confirm the authenticity of the document with the NSA, the agency was able to determine which printer was used to print this copy, and from there deanonymized [Reality Winner](https://en.wikipedia.org/wiki/Reality_Winner). The technique used to track the document was the reading of almost invisible [printer tracking dots](https://en.wikipedia.org/wiki/Printer_tracking_dots) that many laser printers and photocopiers produce on all printed documents.
+
+This year on March 7th, community activist and whistleblower Pamela Mabini was [shot and killed](https://www.hrw.org/news/2025/03/11/activist-and-whistleblower-killed-south-africa) just outside her home in South Africa. She was an activist working with the [Maro Foundation](https://www.dailydispatch.co.za/local-heroes/2023-07-10-helping-others-is-the-reason-for-pamela-mabinis-smile/), a nonprofit organization dedicated to fighting poverty and gender-based violence.
+
+Mabini's murder has sparked a debate on the importance of protections offered to whistleblowers [exposing criminals](https://www.citizen.co.za/news/another-high-profile-whistleblower-gunned-down-how-safe-speak-out/) to justice. Following the activist's death, organizations have been calling to fast-track the [Whistleblower Protection Bill](https://www.iol.co.za/news/south-africa/calls-for-government-to-fast-track-protection-bill-following-activists-murder-3e8adc20-be58-4f3d-9a55-4a5818171c92) to bring more protections to those fighting for justice in South Africa.
+
+### Trans and queer activists
+
+Trans and queer activists are at elevated risk of harassment online in today's political climate. In 2022, 28-year-old trans activist Clara Sorrenti was victim of a swatting attack after police believed a fake report about violent threats made by her aggressor.
+
+She was arrested at gunpoint by the police, handcuffed, had her electronic devices seized, and her apartment searched for eight hours for non-existent evidence. The aggressor who made the false threats had [provided](https://www.cbc.ca/news/canada/london/trans-twitch-star-arrested-at-gunpoint-fears-for-life-after-someone-sent-police-to-her-london-ont-home-1.6546015) her name and home address to police.
+
+### Journalists
+
+Journalists around the world can become vulnerable to attacks even from governments when they report on oppressive regimes. This kind of situation can be extremely dangerous, considering the almost unlimited resources state-backed attackers can have to identify, track, and persecute their victims.
+
+In 2018, the prominent journalist and critic of Saudi Arabia's government Jamal Khashoggi was [murdered](https://www.bbc.co.uk/news/world-europe-45812399). Despite being based in the United States, the journalist traveled to Istanbul's Saudi consulate in Turkey to pick up official documents. Khashoggi was killed inside the consulate a few days later on October 2nd.
+
+Investigations revealed that people close to Khashoggi had their devices infected by NSO's [Pegasus spyware](https://freedom.press/digisec/blog/journalists-targeted-with-pegasus-yet-again/). This likely allowed the attacker to gather information about Khashoggi traveling outside the United States.
+
+Many other journalists, politicians, and human rights activists have been [targeted](https://www.bbc.co.uk/news/world-57891506) by state-backed spyware such as Pegasus.
+
+In 2022, Human Rights Watch [reported](https://www.hrw.org/news/2022/12/05/iran-state-backed-hacking-activists-journalists-politicians) that two of their staff members and at least 18 other activists, researchers, or journalists working on Middle East issues had been targeted by a phishing campaign coming from a group affiliated with the Iranian government. The entity succeeded in stealing emails and other sensitive data from at least three human rights defenders.
+
+### Targeted harassment
+
+Another danger of leaked data that shouldn't be minimized is targeted harassment. Targeted harassment can have devastating consequences ranging from silencing their victims, to suicide, to death by swatting attack.
+
+A well-known example of targeted harassment is Gamergate. Gamergate was a loosely organized [harassment campaign](https://en.wikipedia.org/wiki/Gamergate_(harassment_campaign)) targeting women in the video game industry. It started in 2014 when Zoë Quinn's ex-partner published a blog post with false insinuation about Quinn, a video game developer.
+
+Quinn was subsequently subjected to an incredibly intrusive [doxxing](https://en.wikipedia.org/wiki/Doxing) campaign, and even received rape threats and death threats. Attackers were able to steal an insecure password and [break into](https://time.com/4927076/zoe-quinn-gamergate-doxxing-crash-override-excerpt/) one of Quinn's account, which resulted in horrible consequences. The harassment campaign later expanded to target others who had defended Quinn online.
+
+In another case, targeted harassment resulted in one death and a five years prison sentence. In 2020, Mark Herring started receiving requests asking him to give up his Twitter handle, which he refused. Herring's "crime" was to have been quick enough to secure the handle "@Tennessee" shortly after Twitter came online.
+
+Over weeks, harassment escalated from sustained text messaging to random food delivery to his house. After Herring's harasser posted his home address in [a Discord chat room used by criminals](https://krebsonsecurity.com/2021/07/serial-swatter-who-caused-death-gets-five-years-in-prison/), someone used this data to direct a swatting attack at Herring's place. Police surrounded his home and demanded he crawl under a back fence, despite his health. After crawling under the fence, 60-year-old Mark Herring stoop up then collapsed from a heart attack, and died soon after.
+
+### Mistaken identity
+
+What is more, everyone can get victimized by exposed data, even people who are not online and even people who are not a whistleblower, a journalist, an activist, a victim of domestic violence, or someone who has committed the "unthinkable crime" of securing a cool Twitter handle.
+
+In 2017, 28-year-old Andrew Finch was [shot and killed](https://edition.cnn.com/2019/09/14/us/swatting-sentence-casey-viner/index.html) by police during a swatting attack in the United States.
+
+The attack was conducted after the perpetrator had an argument online over a multiplayer first-person shooter game. The perpetrator, who was later sentenced, threatened another player he was upset with to "swat" him. The perpetrator then enlisted another man to call the police and conduct the attack on the player, with the home address the player provided. This address turned out to be the previous address of the player, which was now Andrew Finch's address.
+
+When police arrived at Andrew Finch's home and surrounded the place, Finch, completely unaware of what was happening, barely had the time to comply and get outside when the police shot and killed him at the front door.
+
+The man who conducted the swatting attack for the perpetrator got [sentenced](https://en.wikipedia.org/wiki/2017_Wichita_swatting) to 20 years in federal prison.
+
+In 2021, an Australian 15-year-old girl was [mistakenly targeted](https://www.abc.net.au/news/2021-03-26/canberra-family-doxxed-sent-death-threats-after-social-video/100014706) and later doxxed with her real information after she had been wrongly identified online as someone who had participated in a racist social media video posted on Facebook.
+
+A few hours after her name was shared online, the girl started to be inundated by hateful messages and unspeakable threats from all around the world. Her phone number and home address were eventually shared online. Her family received hateful messages from strangers as well.
+
+During the ordeal, her mother had to be hospitalized for heart disease. The girl, who had absolutely nothing to do with the racist video that spawned the attacks, contemplated suicide due to the violence of the harassment. She and her mother no longer felt safe.
+
+Digital traces of the personal data that was exposed during the attacks will likely remain online forever, even if the girl and her family were completely innocent and unrelated to what triggered the cyber-swarming.
+
+The 26-year-old American who incorrectly identified the Australian girl and shared her name and social media accounts online later apologized for his mistake.
+
+## How data finds its way to an aggressor
+
+### Targeted research, attack, and spyware
+
+For targeted attacks, aggressors will often use simple techniques to find a victim's data from what is already leaked online, or openly shared on social media. For more sophisticated attacks, perpetrators might use criminal methods such as impersonation for [SIM swap attacks](https://en.wikipedia.org/wiki/SIM_swap_scam). When attackers have more resources, such as a state-backed attackers, more sophisticated processes might be used, like device infection with [NSO Group's spyware](https://citizenlab.ca/tag/nso-group/).
+
+### Maliciously stolen or negligently leaked
+
+Data can be stolen maliciously in all sort of ways, but even more often and common, data is leaked online from banal *negligence*.
+
+Once data is leaked online, it will likely become accessible to anyone looking for it eventually. Additionally, any data breach happening now has the potential to endanger someone years down the line. Perhaps it's a home address that has not changed in years, a phone number used for a decade, a legal name, a photograph, or even a [medical file](https://krebsonsecurity.com/2024/04/man-who-mass-extorted-psychotherapy-patients-gets-six-years/).
+
+Unfortunately, the data broker industry thrives on bundling up all this data together in neat packages to be sold to anyone looking for it, making any attacker's job much easier.
+
+#### Unencrypted data
+
+When the data leaked or stolen is well encrypted, the [risk is reduced](https://www.maketecheasier.com/how-secure-stolen-encrypted-data/). If the leaked data cannot be decrypted easily, this will greatly mitigate the damage done by a breach. Conversely, unencrypted leaked data will always inflict maximum damage.
+
+This is why we should demand that all the services we use implement strong, *end-to-end* encryption wherever possible.
+
+### Obliviously shared without consent
+
+Sometimes, the data endangering someone isn't leaked negligently or stolen maliciously, but simply shared by a friend or a family member oblivious to the danger.
+
+This is [a cultural problem we all need to work on](the-privacy-of-others.md).
+
+Despite all the technological protections we can put on data, and despite all the regulations we can ask organizations to comply with, if our culture doesn't understand the danger of sharing the data of others, we will fail to protect the most vulnerable people in our society.
+
+## Protecting data for everyone's safety is a societal, communal, and individual responsibility
+
+Protecting data isn't simply a matter of preference, although it can absolutely be. But for so many people around the world, it is vital to understand how *crucial* data privacy is.
+
+As explicitly demonstrated above, data protection can literally mean life or death for people in vulnerable situations. Beyond that, it is unfortunately also true for anyone unlucky enough to get mistakenly targeted when their data is shared.
+
+In all of these situations, **data privacy means safety**.
+
+We must demand that governments, corporations, and organizations of all kinds do better to improve data protection practices and technologies.
+
+As a community, we also have a responsibility to protect the most vulnerable people from harm caused by data leaks.
+
+And finally, as individuals, we share this duty of care and must all work on improving the way we protect our own data, but even more importantly, the data of everyone around us.
+
+**Privacy means safety, for everyone.**
+
+---
+
+<div class="admonition info" markdown>
+<p class="admonition-title">Resources in the United States & Canada</p>
+
+If you or someone you know is in one of the situations described above, these additional resources may help. Make sure to take [appropriate measures](https://www.privacyguides.org/en/basics/threat-modeling/) to protect your privacy if your situation is sensitive. If you are in a high risk situation, you might want to access these resources using [Tor](https://www.privacyguides.org/en/advanced/tor-overview/) or [Tails](installing-and-using-tails.md).
+
+**Suicide & Crisis Support Line** :material-arrow-right-bold: [988 Lifeline](https://988lifeline.org/) Phone number: 988 (US & Canada)
+
+**Trans Peer Support** :material-arrow-right-bold: [Trans Lifeline Hotline](https://translifeline.org/hotline/) Phone number US: 1-877-565-8860 / Canada: 1-877-330-6366
+
+**Stalking Victim Support**  :material-arrow-right-bold: US: [SafeHorizon](https://www.safehorizon.org/get-help/stalking/) / Canada: [The Canadian Resource Centre for Victims of Crime](https://crcvc.ca/wp-content/uploads/2021/09/Cyberstalking-_DISCLAIMER_Revised-Aug-2022_FINAL.pdf)
+
+**Domestic Violence Victim Support** :material-arrow-right-bold: US: [The National Domestic Violence Hotline](https://www.thehotline.org/) Phone number: 1-800-799-7233 / Canada: [Canadian resources by situation and province](https://www.canada.ca/en/public-health/services/health-promotion/stop-family-violence/services.html)
+
+**Reproductive Rights & Healthcare** :material-arrow-right-bold: US: [Planned Parenthood](https://www.plannedparenthood.org/) / Canada: [Action Canada for Sexual Health & Rights](https://www.actioncanadashr.org/resources/services)
+
+**Journalists and Whistleblowers** :material-arrow-right-bold: US: [Freedom or the Press Foundation Guides & Resources](https://freedom.press/digisec/guides/) / Canada: [Canadian Association of Journalists](https://caj.ca/advocacy/digital-security/)
+
+**Protesters** :material-arrow-right-bold: [The Protesters' Guide to Smartphone Security](activists-guide-securing-your-smartphone.md)
+
+</div>
+
+---
+
+**Correction (Mar. 27):** This article was updated to correct a typo in a date. The previous version wrongly described the arrest of a French climate activist happening in 2012, when these events actually happened in 2021. 

blog/posts/privacy-pass.md

@@ -0,0 +1,245 @@
+---
+date:
+    created: 2025-04-21T17:30:00Z
+categories:
+    - Explainers
+authors:
+    - fria
+tags:
+    - Privacy Pass
+license: BY-SA
+schema_type: BackgroundNewsArticle
+description: |
+  Privacy Pass is a new way to privately authenticate with a service. Let's look at how it could change the way we use services.
+---
+# Privacy Pass: The New Protocol for Private Authentication
+
+![Cover photo of the Privacy Pass logo over a yellow background](../assets/images/privacy-pass/cover.webp)
+
+<small aria-hidden="true">Background Image: Thomas Ensley / Unsplash</small>
+
+Services that require authentication can correlate your activity on that service with your account, and that account is normally linked with payment information that could potentially link back to your real identity. With the Privacy Pass protocol, it doesn't have to be that way.<!-- more -->
+
+## History
+
+The story of Privacy Pass begins with a [paper](https://dl.acm.org/doi/pdf/10.1145/4372.4373) by David Chaum from 1985 (he actually has an earlier paper from [1982](https://chaum.com/wp-content/uploads/2022/02/chaum_dissertation.pdf), but I'll be referencing this one), in which he laments the ever-increasing data collection by companies and government agencies.
+
+It's funny that all the way back in 1985 he talks about the same issues we deal with today: persistent identifiers tied to our real identity for transactions, government IDs, etc.
+
+Chaum proposes three solutions to the state of affairs he describes.
+
+### Pseudorandom Identifiers
+
+Instead of persistent identifiers like we now have with our government IDs, credit cards, etc., Chaum suggests randomly generated identifiers. For example, you could have a one-time unique identifier for each transaction at a shop.
+
+For ongoing relationships such as a bank, you can use a single pseudorandom identifier for that organization that you use continuously.
+
+### Card Computers
+
+One of the more quaint ideas in the paper is the idea of a small "card computer" on which you would perform transactions. Chaum's theoretical device resembles "a credit-card-sized calculator, and [includes] a character display, keyboard, and a limited distance communication capability (like that of a television remote control)".
+
+Nowadays, we carry around credit-card sized computers like it's nothing. The secret "card number" he describes would probably be your device PIN or even biometric authentication, which are already used to authenticate transactions.
+
+We still haven't *quite* reached Chaum's vision yet in some areas. His idea is for these "card computers" to fully replace ATMs and checkout terminals in stores. Essentially, he wants all transactions to be online transactions, with something like Apple Pay or Google Pay on your device mediating the transaction and using your device PIN to prevent fraudulent transactions.
+Making all transactions online transactions is an interesting idea. I think most people can share in the frustration of dealing with checkout terminals, especially the self-checkout ones with cameras pointed at your face.
+
+We're still falling short in a major area though.
+
+> card computers could be purchased or constructed just like any other personal computer, and would have no secrets from or structures unmodifiable by their owners.
+
+Current smartphones are non-upgradeable by their owners and can't be built from scratch like a desktop computer can. They also contain lots of black-box proprietary code. Even a Google Pixel, the gold standard of Android smartphone freedom that allows you to install your own operating system securely, still suffers from the same pitfalls.
+
+### Cryptography
+
+How do we ensure the pseudonyms can't be linked together? We already use cryptography to protect our communications. Chaum presents ways to similarly protect unlinkability using cryptography:
+
+> Simple mathematical proofs show that, with appropriate use of the systems, even conspiracy of all organizations and tapping of all communication lines cannot yield enough information to link the pseudonyms-regardless of how clever the approach is or how much computation is expended.
+
+## Blind Signatures
+
+Digital signatures normally are used to ensure that something like a piece of software or a message comes from the original sender and hasn't been tampered with. You want to know who the signer is for this system to work.
+
+But what if the signer and the one sending a request are different? Say you have a membership to a hypothetical *PrivacyGuides+ subscription service*, and you want to authenticate with it, but don't want to identify yourself. That's where blind signatures come in.
+
+### How it Works
+
+You can imagine blind signatures like an envelope that's been wrapped in [carbon paper](https://en.wikipedia.org/wiki/Carbon_paper) with a window showing your pseudonym for that account, whether it be an account number, username, etc. They never see anything but the account identifier, or whatever they need to verify that you're a valid customer.
+The organization then signs it, indicating you're a valid customer, and you're allowed to access the service.
+
+Later, when you're presented with a request to authenticate as an active subscriber of PrivacyGuides+, you unwrap the envelope and discard it along with the carbon paper. You rewrap it in a new envelope with a window showing the signature and a different pseudonym, and the requester can then be sure that you're allowed to access PrivacyGuides+.
+
+![A diagram showing an envelope being wrapped in carbon paper, transferred to an organization, then passing over a boundary representing the unlinkability between the two transactions. Then the envelope is unwrapped, put in a new envelope with a window showing the signature from the previous organization, and presented to a different organization.](../assets/images/privacy-pass/blind-signatures.webp)
+
+<small aria-hidden="true">Illustration: [David Chaum](https://dl.acm.org/doi/pdf/10.1145/4372.4373)</small>
+
+This system relies on the same strong cryptography that tried and true systems use, with the difference being the unlinkability between the credential issuer and the credential receiver.
+
+## Problems
+
+Services that don't require an account or payment to use are great; you can use them with Tor, clear your browser history, whatever you need to do to keep your activity private.
+
+But logging into an account completely invalidates all of that. Every time you log in or authenticate with a service, you have to identify yourself as the same person, linking all your previous activity together. Increasingly, we're asked to provide personal information in order to be able to use certain websites or services.
+
+### Linkability
+
+As long as you're logged into an account with a service, all your previous and current activity can be linked together, along with any data you provided such as an email address, payment information, etc.
+
+### Data Collection
+
+A lot of websites and services want to — [or are forced to](https://en.wikipedia.org/wiki/Social_media_age_verification_laws_in_the_United_States) — filter out users below a certain age.
+
+We're starting to see a rise in extremely privacy-invasive age verification systems such as submitting a government ID when you want to access a website or invasive facial scans.
+
+### Blocking VPN and Tor Users
+
+Bots are a rampant problem for online services, leading them to sometimes block non-residential IP addresses such as those used for commercial VPNs and Tor.
+
+### CAPTCHAs
+
+When VPN and Tor users aren't blocked, they often have to deal with annoying [CAPTCHAs](http://www.captcha.net) that take up your precious time and use invasive [fingerprinting](https://developers.google.com/recaptcha/docs/v3).
+
+CAPTCHAs aren't even particularly good at detecting bots. With advances in AI, [bots can solve CAPTCHAs better than humans can](https://arxiv.org/pdf/2307.12108).
+
+## Privacy Pass
+
+Several blind signature-based solutions are in various states, some being implemented but not widely used, some being proposed browser APIs, and some being IETF standards.
+
+The landscape is very confusing right now, so I'll try to elucidate what I've found.
+
+[Privacy Pass](https://privacypass.github.io) started out as an attempt at a privacy-preserving way to bypass CAPTCHAs.
+
+It started out and is still an extension that can be installed on the [Chrome](https://chromewebstore.google.com/detail/silk-privacy-pass-client/ajhmfdgkijocedmfjonnpjfojldioehi) or [Firefox](https://addons.mozilla.org/en-US/firefox/addon/privacy-pass/) extension store, but it's since expanded to become an [IETF standard](https://datatracker.ietf.org/wg/privacypass/about/).
+
+The Privacy Pass protocol has massively outgrown its original purpose. It's been updated to support multiple different schemes and purposes.
+
+There are three main roles that need to be played for the authentication mechanism to work. These can be filled by all the same party, by three separate parties, or any combination in between. You'll have increased privacy the more separation there is between each role, so ideally they should all be filled by different parties.
+
+### Origin
+
+The origin is the original website or service that's requesting a token for redemption. The client presents a valid token, or it must request more tokens.
+
+### Attester
+
+The attester is responsible for verifying something about the client. There are several ways it can achieve this, and it can use multiple at the same time if desired.
+
+#### CAPTCHA
+
+The attester can make the client solve a CAPTCHA to prove that it's not a bot. Not the most elegant solution but solving one CAPTCHA instead of multiple is preferable.
+
+#### Client State
+
+The attester can verify something about the client's state like the geographic location, whether the client has a valid account, or the number of issuance protocol invocations.
+
+#### Trusted Device
+
+If your client is running on hardware that's capable of producing device-level attestation, like a device with a secure element, then it can use that to verify that the device is trusted.
+
+For example, in Apple's Private Access Token implementation, they use certificates stored in the Secure Enclave and verify that your Apple account is in good standing.
+
+### Issuer
+
+The issuer is responsible for issuing tokens in response to requests from clients.
+
+The client presents tokens to the Origin once they're provided by the issuer.
+
+![diagram showing the structure of Private Access Tokens. The origin asks the client for a token, the client forwards the request to the attester which then forwards it to the issuer which then generates a token, sends it to the client which then sends it to the origin.](../assets/images/privacy-pass/private-access-tokens.webp)
+
+<small aria-hidden="true">Illustration: [Cloudflare](https://blog.cloudflare.com/eliminating-captchas-on-iphones-and-macs-using-new-standard/)</small>
+
+The tokens need to identify which issuers are trusted.
+
+They can also be interactive or non-interactive. Interactive means that you need a fresh token based on the challenge, whereas a non-interactive token can be stored for later use.
+
+Tokens can also be constrained to one specific Origin, or they can be used across Origins.
+
+### Private State Tokens
+
+[Private State Tokens](https://developers.google.com/privacy-sandbox/protections/private-state-tokens) (PSTs) are a [proposed browser API](https://github.com/WICG/trust-token-api) by Google as part of their [Privacy Sandbox](https://developers.google.com/privacy-sandbox). They're based on the Privacy Pass protocol.
+
+The main benefit of PSTs is that they provide a secure place for websites to store their tokens so that you don't need a separate extension for every service.
+
+A browser-level API, I imagine, would significantly reduce the development burden of browser-based services looking to implement Privacy Pass, but it would leave non-browser apps like VPNs high and dry.
+
+### Private Access Tokens
+
+[Private Access Tokens](https://blog.cloudflare.com/eliminating-captchas-on-iphones-and-macs-using-new-standard/) are based on Privacy Pass as well, but they don't seem to be specifically bound to the browser.
+
+It's unclear to me what really makes Private Access Tokens different from Privacy Pass itself, other than that Private Access Tokens seem to call for separation of the Attester and Issuer while Privacy Pass allows the origin, attester, and issuer to be the same. Delegating each role to a different party adds extra privacy.
+
+The origin website only knows your URL and IP from the initial connection.
+
+The attester only knows the data needed to verify you as a valid user.
+
+The issuer knows the site you visited, but doesn't know any of your device information that the attester used to verify you.
+
+### Kagi
+
+There are scant services actively using Privacy Pass to authenticate users, but a recent and very exciting example is [Kagi](https://blog.kagi.com/kagi-privacy-pass).
+
+With their implementation, you can now install their extension for [Firefox](https://addons.mozilla.org/en-US/firefox/addon/kagi-privacy-pass/) and [Chrome](https://chromewebstore.google.com/detail/kagi-search/cdglnehniifkbagbbombnjghhcihifij). Safari isn't supported at the moment, but their [Orion](https://chromewebstore.google.com/detail/kagi-search/cdglnehniifkbagbbombnjghhcihifij) browser supports it and is WebKit-based.
+
+The need for an extension and lack of support for some platforms highlights the need for widespread support for Privacy Pass in browsers and platforms. It's not reasonable to expect every single platform to implement Privacy Pass themselves and users likely don't want to install a separate extension for every platform either.
+
+That said, I applaud Kagi for their efforts. They went above and beyond to protect their users' privacy. A few notes for future improvements, though.
+
+#### No Account Requirement
+
+Currently, Kagi requires an account in order to use it. Although they allow you to put in a fake email address on account creation since they don't [check it](https://kagifeedback.org/d/3813-enable-anonymous-registration-no-email/16), it's still a persistent identifier that could be eliminated.
+
+Their announcement blog post states that the ability to use Kagi fully without an account is a possibility for the future with an invitation to request the feature on their [forum](https://kagifeedback.org/d/6163-kagi-privacy-pass), so feel free to add your voice. A fully accountless search engine that doesn't rely on ads would be great to see.
+
+#### Separation of Origin, Attester, Issuer
+
+Kagi uses the [Shared Origin, Attester, Issuer](https://www.ietf.org/archive/id/draft-ietf-privacypass-architecture-03.html?_fsi=jKxFixnl#section-4.1) model for their implementation, which leaves the possibility of data being correlated between each step of the process, such as device fingerprinting or IP address being used to correlate a user who is issued tokens with when they redeem them.
+
+Kagi's onion service helps to mitigate this issue, but I think it would be a significant privacy improvement to separate all three entities.
+
+#### Remove Requirement for an Extension
+
+Having to install an extension is annoying as an end user and surely incurs some development cost in both the initial development and upkeep over time. I'm not sure how it would be possible to get rid of the extension as it seems like there's no good way to do so at the moment, but I'm hopeful that the Private State Token API could be used for that in the future if it ever gets fully standardized as a browser API.
+
+## Future Possibilities
+
+Overall, Privacy Pass is an exciting standard that is already improving the privacy of users on a wide scale.
+
+### Easier Adoption
+
+However, for widespread adoption of anonymous authentication for all online services, there needs to be an easier way for developers to implement it. I see Private State Tokens and Private Access Tokens as paths toward that goal, but they have their own limitations.
+
+Private State Tokens seem to be restricted to browsers, which is mostly fine since so many online services are accessed through the browser. It does put services like VPNs that operate outside the browser in a tight spot though.
+
+Private Access Tokens seem like a possible solution for device-wide Privacy Pass authentication, but the only place I've seen them implemented is in Apple's operating systems to identify users as real iOS or macOS users. I'd like to see wider adoption for more use cases than just that. It's unclear what the vision for Private Access Tokens is for the moment.
+
+### Carriers
+
+One of the biggest and most privacy-invasive services is mobile carriers. They take lots of personal information when you sign up, and then you have permanent identifiers, both IMSI identifying you as a subscriber and IMEI identifying your device, tied to that information while you use it. Because of how the cell network works, they also can tie that information to your physical location and all the traffic you send through their network.
+
+[Cape](https://www.cape.co/research) is a privacy-focused carrier that says they're "studying the use of blinded tokens and zero-knowledge proofs to disaggregate subscriber information." This would have a massive impact on user privacy, possibly allowing a KYC'd mobile subscriber to use their carrier at least semi-anonymously (it's unclear how IMSI and IMEI fit into this scheme, as well as location information).
+
+### VPNs
+
+Commercial VPNs typically require some kind of account identifier, even if it's just a randomized number.
+
+Apple's iCloud Private Relay uses RSA blind signatures to anonymously authenticate users to each of the two hops.
+
+Google's former [VPN](https://www.gstatic.com/vpn/google_vpn_white_paper.pdf) service also used blind signatures to protect users.
+
+![Diagram showing Google's blind signature VPN authentication scheme](../assets/images/privacy-pass/google-vpn.webp)
+
+<small aria-hidden="true">Image: [Google](https://www.gstatic.com/vpn/google_vpn_white_paper.pdf)</small>
+
+Hopefully we can see more VPN companies start to use Privacy Pass to authenticate users, I think it would be a massive improvement to user privacy.
+
+### Digital Cash
+
+Part of Chaum's vision was anonymous digital transactions using blind signatures, which he made a reality with his company [DigiCash](https://chaum.com/wp-content/uploads/2022/01/05-27-94-World_s-first-electronic-cash-payment-over-computer-networks.pdf).
+
+For whatever reason, *eCash*, as it was called, never caught on and the company filed for bankruptcy in 1998. We're left with the terrible current system where you need to input your credit card and personal information in order to make a transaction, which is easily traceable back to you. Not to mention the security implications, [credit card fraud](https://www.security.org/digital-safety/credit-card-fraud-report/) is rampant today.
+
+The dream isn't dead, however. Chaum's [eCash 2.0](https://chaum.com/ecash-2-0/) is quantum-resistant and has been built and tested in the Bank for International Settlements' [Project Tourbillon](https://www.bis.org/about/bisih/topics/cbdc/tourbillon.htm).
+
+### Digital ID
+
+Laws are being passed forcing 18+ websites and even [app stores](https://thehill.com/policy/technology/5179865-utah-app-store-age-verification-law/) to collect verify the ID of users. This is a massive slap in the face to the privacy and security of everyone. Data breaches and tracking are inevitable under the current system.
+
+Blind signatures could provide a private and secure way to verify age or other information without having to submit your entire ID or submit invasive face scans.

blog/posts/private-european-alternatives.md

@@ -0,0 +1,283 @@
+---
+date:
+    created: 2025-03-19T21:00:00Z
+categories:
+    - News
+authors:
+    - jonah
+description: There is a growing sentiment that the US shouldn't be relied upon for the technologies that many people and businesses use every day. These privacy-centric recommendations come from a variety of European-based companies and organizations, that you should definitely consider checking out!
+schema_type: NewsArticle
+preview:
+  color: "#003399"
+  text_color: "#ffffff"
+  site_logo: privacy-guides-logo-notext-colorbg-white.svg
+  icon: simple/europeanunion
+---
+# Privacy-Respecting European Tech Alternatives
+
+![European Union flag and Privacy Guides logo side by side](../assets/images/private-european-alternatives/eu-alternatives.webp)
+
+<small aria-hidden="true">Illustration: Jonah Aragon / Privacy Guides</small>
+
+There is a growing sentiment that the US shouldn't be relied upon for the technologies that many people and businesses use every day. Lately, the US has been unilaterally [cutting off](https://archive.ph/EJ26f) access to critical technologies to European countries, prompting [calls for "radical action"](https://techcrunch.com/2025/03/16/european-tech-industry-coalition-calls-for-radical-action-on-digital-sovereignty-starting-with-buying-local/) to bolster European tech stacks from EU lawmakers.<!-- more -->
+
+At Privacy Guides, we generally value technical guarantees over matters like jurisdiction. There is simply no alternative to privacy technologies like strong *end-to-end encryption* when it comes to protecting your information.
+
+That being said, the United States *certainly* does not have a monopoly on the best technologies, and many of our favorite [recommended tools](https://www.privacyguides.org/en/tools/) come from Europe and all over the world. Tools from the European Union also generally benefit from much stronger data protection laws, thanks to the EU's General Data Protection Regulation (GDPR).
+
+If supporting the European tech industry is something that is important to you, here's a non-exhaustive list of some of our favorites. We have many more recommendations throughout our website if you are interested in learning more about privacy-respecting tech alternatives!
+
+## :material-email: Email Services
+
+Many people and businesses are tied to Google's Gmail or Microsoft's Outlook products, but there are *far* more secure and private [alternative email providers](https://www.privacyguides.org/en/email/) out there!
+
+### Tuta :flag_de:
+
+<div class="admonition recommendation" markdown>
+
+![Tuta logo](../assets/img/email/tuta.svg#only-light){ align=right }
+![Tuta logo](../assets/img/email/tuta-dark.svg#only-dark){ align=right }
+
+Based in Hanover, Germany, **Tuta** is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011.
+
+Free accounts start with 1 GB of storage.
+
+[:octicons-info-16: More Info](https://www.privacyguides.org/en/email/#tuta){ .md-button .md-button--primary }
+[:octicons-home-16:](https://tuta.com){ .card-link title="Homepage" }
+
+</div>
+
+### Proton Mail :flag_ch:
+
+<div class="admonition recommendation" markdown>
+
+![Proton Mail logo](../assets/img/email/protonmail.svg){ align=right }
+
+Based in Geneva, Switzerland, **Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013.
+
+The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
+
+[:octicons-info-16: More Info](https://www.privacyguides.org/en/email/#proton-mail){ .md-button .md-button--primary }
+[:octicons-home-16:](https://proton.me){ .card-link title="Homepage" }
+
+</div>
+
+## :material-file-document-edit: Office Suites
+
+Of course, email isn't the only thing offered by solutions like Google Workspace and Microsoft 365. Many people use their entire suite of [productivity tools](https://www.privacyguides.org/en/document-collaboration/) to manage their businesses and collaborate with others.
+
+Luckily, there are plenty of alternatives that incorporate strong encryption and can even be self-hosted, which will not only decrease your reliance on the traditional Big Tech companies, but keep your data far more secure as well.
+
+### CryptPad :flag_fr:
+
+Developed and hosted by *XWiki* in Paris, France, **CryptPad** is a complete online office suite with applications including Documents, Rich Text, Spreadsheets, Code/Markdown, Kanban, Slides, Whiteboard and Forms.
+
+<div class="admonition recommendation" markdown>
+
+![CryptPad logo](../assets/img/document-collaboration/cryptpad.svg){ align=right }
+
+**CryptPad** is a private-by-design alternative to popular office tools. All content on this web service is end-to-end encrypted and can be shared with other users easily.
+
+[:octicons-info-16: More Info](https://www.privacyguides.org/en/document-collaboration/#cryptpad){ .md-button .md-button--primary }
+[:octicons-home-16:](https://cryptpad.org){ .card-link title="Homepage" }
+
+</div>
+
+:material-star-box: We recently did a [full review of CryptPad](cryptpad-review.md), which you should definitely check out if you might be interested in switching!
+
+### Nextcloud :flag_de:
+
+**Nextcloud** comes from German startup *Nextcloud GmbH*, and offers a complete cloud drive alternative to Google Drive or OneDrive.
+
+<div class="admonition recommendation" markdown>
+
+![Nextcloud logo](../assets/img/document-collaboration/nextcloud.svg){ align=right }
+
+**Nextcloud** is a suite of free and open-source client-server software for creating your own file hosting services on a private server you control.
+
+[:octicons-info-16: More Info](https://www.privacyguides.org/en/document-collaboration/#nextcloud){ .md-button .md-button--primary }
+[:octicons-home-16:](https://nextcloud.com){ .card-link title="Homepage" }
+
+</div>
+
+### LibreOffice :flag_de:
+
+**LibreOffice** is developed by *The Document Foundation* based in Berlin, Germany. It's a free and open-source office suite with extensive functionality.
+
+<div class="admonition recommendation" markdown>
+
+![LibreOffice logo](../assets/img/office-suites/libreoffice.svg){ align=right }
+
+Web-based editors aren't for everyone. If you need a full-fledged office suite that runs locally on your computer, **LibreOffice** is a fantastic alternative to Microsoft Office.
+
+[:octicons-info-16: More Info](https://www.privacyguides.org/en/office-suites/#libreoffice){ .md-button .md-button--primary }
+[:octicons-home-16:](https://libreoffice.org){ .card-link title="Homepage" }
+
+</div>
+
+## :material-search-web: Search Engines
+
+One of the most frequently used tools on the internet is the venerable search engine. Switching from **Google** to an [alternative](https://www.privacyguides.org/en/search-engines/) is one of the biggest impact approaches to improving your privacy that you can make.
+
+### Startpage :flag_nl:
+
+Headquartered and developed in the Netherlands, Startpage is one great alternative to Google you could consider:
+
+<div class="admonition recommendation" markdown>
+
+![Startpage logo](../assets/img/search-engines/startpage.svg#only-light){ align=right }
+![Startpage logo](../assets/img/search-engines/startpage-dark.svg#only-dark){ align=right }
+
+**Startpage** is a private search engine. One of Startpage's unique features is the [Anonymous View](https://startpage.com/en/anonymous-view), which puts forth efforts to standardize user activity to make it more difficult to be uniquely identified. The feature can be useful for hiding [some](https://support.startpage.com/hc/articles/4455540212116-The-Anonymous-View-Proxy-technical-details) network and browser properties. However, unlike the name suggests, the feature should not be relied upon for *total* anonymity.
+
+[:octicons-info-16: Homepage](https://www.privacyguides.org/en/search-engines/#startpage){ .md-button .md-button--primary }
+[:octicons-home-16:](https://startpage.com){ .card-link title="Homepage" }
+
+</div>
+
+It is worth noting that [since 2020](relisting-startpage.md), Startpage has been a subsidiary of American company System1. Their operations and employees remain in the Netherlands, and you can choose to utilize only European servers if you wish.
+
+## :material-earth: Web Browsers
+
+Web browsers are historically very tricky to build, and the three major browser engines, Chromium, Gecko (Firefox), and WebKit (Safari) are all *primarily* developed by American companies. This is a space that could certainly use improvement.
+
+### Mullvad Browser :flag_se:
+
+One of our [recommended browsers](https://www.privacyguides.org/en/desktop-browsers/) is spearheaded by Swedish VPN company *Mullvad*, although it's worth noting that its development is somewhat reliant on American non-profits Mozilla and the Tor Project, being a Tor Browser fork.
+
+<div class="admonition recommendation" markdown>
+
+![Mullvad Browser logo](../assets/img/browsers/mullvad_browser.svg){ align=right }
+
+**Mullvad Browser** is a version of Tor Browser with Tor network integrations removed. It aims to provide to VPN users Tor Browser's anti-fingerprinting browser technologies, which are key protections against mass surveillance programs. It is developed by the Tor Project and distributed by Mullvad, although it does *not* require the use of Mullvad's VPN.
+
+[:octicons-info-16: More Info](https://www.privacyguides.org/en/desktop-browsers/#mullvad-browser){ .md-button .md-button--primary }
+[:octicons-home-16:](https://mullvad.net/en/browser){ .card-link title="Homepage" }
+
+</div>
+
+## :material-map: Maps & Navigation
+
+Mapping and location apps like Google Maps can track your every move, and that data is used by tech companies for a wide variety of purposes, including for military and defense. The best mapping apps for your privacy can be used completely offline:
+
+### Organic Maps :flag_ee:
+
+<div class="admonition recommendation" markdown>
+
+![Organic Maps logo](../assets/img/maps/organic-maps.svg){ align=right }
+
+Based in Estonia, **Organic Maps** is an open source, community-developed map display and satnav-style navigation app for walkers, drivers, and cyclists. The app offers worldwide offline maps based on OpenStreetMap data, and navigation with privacy — no location tracking, no data collection, and no ads. The app can be used completely offline.
+
+[:octicons-info-16: More Info](https://www.privacyguides.org/en/maps/#organic-maps){ .md-button .md-button--primary }
+[:octicons-home-16:](https://organicmaps.app){ .card-link title="Homepage" }
+
+</div>
+
+### OsmAnd :flag_nl:
+
+<div class="admonition recommendation" markdown>
+
+![OsmAnd logo](../assets/img/maps/osmand.svg){ align=right }
+
+Based in the Netherlands, **OsmAnd** is an offline map and navigation application based on OpenStreetMap, offering turn-by-turn navigation for walking, cycling, driving, as well as public transport. It is open-source and does not collect any user data.
+
+[:octicons-home-16: More Info](https://www.privacyguides.org/en/maps/#osmand){ .md-button .md-button--primary }
+[:octicons-home-16:](https://osmand.net){ .card-link title="Homepage" }
+
+</div>
+
+## :material-form-textbox-password: Password Managers
+
+### KeePassXC :flag_de:
+
+<div class="admonition recommendation" markdown>
+
+![KeePassXC logo](../assets/img/password-management/keepassxc.svg){ align=right }
+
+**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bug fixes to provide a feature-rich, cross-platform, and modern open-source password manager.
+
+[:octicons-info-16: More Info](https://www.privacyguides.org/en/passwords/#keepassxc){ .md-button .md-button--primary }
+[:octicons-home-16:](https://keepassxc.org){ .card-link title="Homepage" }
+
+</div>
+
+:material-star-box: We recently published an article on [securely using KeePassXC with a YubiKey](installing-keepassxc-and-yubikey.md)!
+
+### Proton Pass :flag_ch:
+
+<div class="admonition recommendation" markdown>
+
+![Proton Pass logo](../assets/img/password-management/protonpass.svg){ align=right }
+
+**Proton Pass** is an open-source, end-to-end encrypted password manager developed by the Swiss company Proton AG, the team behind Proton Mail. It securely stores your login credentials, generates unique email aliases, and supports and stores passkeys.
+
+[:octicons-home-16: More Info](https://www.privacyguides.org/en/passwords/#proton-pass){ .md-button .md-button--primary }
+[:octicons-home-16:](https://proton.me/pass){ .card-link title="Homepage" }
+
+</div>
+
+## :material-chat-processing: Instant Messengers
+
+Switching off of WhatsApp, Facebook Messenger, or iMessage in favor of a more [private instant messenger](https://www.privacyguides.org/en/real-time-communication/) is an excellent way to safeguard your chats.
+
+### Element :flag_gb:
+
+Element is based in the United Kingdom, which is of course no longer in the European Union. However, it is a trusted messaging platform by the [French government](https://element.io/case-studies/tchap), and the [German military](https://element.io/case-studies/bundeswehr), among many other organizations in Europe and around the world looking for sovereignty from Big Tech messaging platforms like Slack and Google Messages.
+
+<div class="admonition recommendation" markdown>
+
+![Element logo](../assets/img/messengers/element.svg){ align=right }
+
+**Element** is the flagship client for the [Matrix](https://matrix.org/docs/chat_basics/matrix-for-im) protocol, an [open standard](https://spec.matrix.org/latest) for secure decentralized real-time communication.
+
+Messages and files shared in private rooms (those which require an invite) are by default E2EE, as are one-to-one voice and video calls.
+
+[:octicons-info-16: More Info](https://www.privacyguides.org/en/real-time-communication/#element){ .md-button .md-button--primary }
+[:octicons-home-16:](https://element.io){ .card-link title="Homepage" }
+
+</div>
+
+### SimpleX :flag_gb:
+
+Another open-source option from the United Kingdom, SimpleX chat has very strong security features, and can be entirely self-hosted anywhere in the world if you prefer the assurances a [custom server](https://simplex.chat/docs/server.html) can bring.
+
+<div class="admonition recommendation" markdown>
+
+![Simplex logo](../assets/img/messengers/simplex.svg){ align=right }
+
+**SimpleX Chat** is an instant messenger that doesn't depend on any unique identifiers such as phone numbers or usernames. Its decentralized network makes SimpleX Chat an effective tool against censorship.
+
+[:octicons-info-16: More Info](https://www.privacyguides.org/en/real-time-communication/#simplex-chat){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://simplex.chat){ .card-link title="Homepage" }
+
+</div>
+
+### Briar :earth_africa:
+
+Briar is an open source project not legally incorporated in any jurisdiction, although it has received funding from European initiatives like [NGI](https://ngi.eu/) and the [NLnet Foundation](https://nlnet.nl/), and includes many Europeans in their voluntary board and team.
+
+<div class="admonition recommendation" markdown>
+
+![Briar logo](../assets/img/messengers/briar.svg){ align=right }
+
+**Briar** is an encrypted instant messenger that [connects](https://briarproject.org/how-it-works) to other clients using the Tor Network, making it an effective tool at circumventing censorship. Briar can also connect via Wi-Fi or Bluetooth when in local proximity. Briar’s local mesh mode can be useful when internet availability is a problem.
+
+[:octicons-info-16: More Info](https://www.privacyguides.org/en/real-time-communication/#briar){ .md-button .md-button--primary }
+[:octicons-home-16:](https://briarproject.org){ .card-link title="Homepage" }
+
+</div>
+
+## More Services...
+
+Looking for more? Here's a short (and non-exhaustive) list of other recommendations of ours which are based in Europe:
+
+- [**VPN Services**](https://www.privacyguides.org/en/vpn/): :flag_se: [Mullvad](https://www.privacyguides.org/en/vpn/#mullvad) and :flag_ch: [Proton VPN](https://www.privacyguides.org/en/vpn/#proton-vpn)
+- [**DNS Providers**](https://www.privacyguides.org/en/dns/#recommended-providers): :flag_fr: [dns0.eu](https://dns0.eu/), :flag_se: [Mullvad DNS](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls), and :flag_ch: [Quad9](https://quad9.net/)
+- [**Calendars**](https://www.privacyguides.org/en/calendar/): :flag_de: [Tuta](https://tuta.com/calendar) and :flag_ch: [Proton Calendar](https://proton.me/calendar)
+- [**Notes Apps**](https://www.privacyguides.org/en/notebooks/): :flag_gb: [Joplin](https://joplinapp.org/) and :flag_ee: [Crypt.ee](https://crypt.ee/)
+- [**Pastebins**](https://www.privacyguides.org/en/pastebins/): :flag_fr: [PrivateBin](https://privatebin.info/)
+- [**Linux Distros**](https://www.privacyguides.org/en/desktop/): :flag_de: [openSUSE](https://www.opensuse.org/)
+
+If you're in Europe and looking to build or host your *own* European technology, there are also plenty of alternatives to the typical American IT providers. Topics like cloud computing platforms, web analytics services, and content delivery networks are currently out of scope for what we cover here at Privacy Guides, but [European Alternatives](https://european-alternatives.eu/) is one great resource for finding more services like these.
+
+At the end of the day, we trust *all* of our [recommended privacy tools](https://www.privacyguides.org/en/tools/) to keep you safe from prying eyes, but there are many valid reasons you may prefer to stick to the European market.

blog/posts/signal-configuration-and-hardening.md

@@ -1,7 +1,7 @@
 ---
 date:
     created: 2022-07-07T19:00:00Z
-    updated: 2024-08-23T19:00:00Z
+    updated: 2025-04-15T04:00:00Z
 authors:
     - contributors
     - matchboxbananasynergy
@@ -176,9 +176,16 @@ On Android/iOS:
 
 For incoming calls from people who are not in your Contacts app, the call will be relayed through the Signal server regardless of how you've set it up.
 
-### Proxy Support
+### Bypass Internet Censorship
 
-If Signal is blocked in your country, Signal allows you to set up a proxy to bypass it.
+If Signal is blocked in your country, it has a built-in "Censorship Circumvention" feature that uses domain fronting to bypass restrictions.
+
+On Android/iOS:
+
+- Select :material-dots-vertical: → **Settings** → **Privacy** → **Advanced**
+- [x] Turn on **Censorship Circumvention**
+
+Additionally, Signal allows you to set up a proxy to bypass censorship.
 
 !!! Warning
 

blog/posts/the-dangers-of-end-to-end-encryption.md

@@ -0,0 +1,99 @@
+---
+date:
+    created: 2025-04-01T05:40:00Z
+categories:
+    - Opinion
+tags:
+    - April Fools
+authors:
+    - aprilfools
+license: BY-SA
+description: Privacy Guides is formally taking a stand against dangerous and frightening technologies.
+schema_type: SatiricalArticle
+preview:
+  logo: blog/assets/images/the-dangers-of-end-to-end-encryption/fire.svg
+---
+# The Dangers of End-to-End Encryption
+
+![An image showing a burning car](../assets/images/the-dangers-of-end-to-end-encryption/cover.webp)
+
+<small aria-hidden="true">Photo: Flavio / Unsplash</small>
+
+In the digital age, nothing is more important than convenience and easy access to data. Unfortunately, there has been an alarming trend among technologists to implement **End-to-End Encryption** (E2EE) in their applications, to the detriment of all the important work being done by countless organizations, including the best and brightest intelligence agencies and big tech companies.<!-- more -->
+
+<div class="admonition tip inline" markdown>
+<p class="admonition-title">April Fools!</p>
+
+This article was published on April 1st, 2025.
+
+Privacy Guides supports strong encryption as a cornerstone of digital security and personal freedom. End-to-end encryption ensures that **your** communications remain **yours**, which is a principle worth preserving.
+
+</div>
+
+Security-focused developers and misguided "advocates" have long attempted to convince those involved in privacy and security that E2EE is an advanced security measure designed to protect your sensitive data, and *Privacy Guides* has stood by for far too long not setting the record straight.
+
+In this article, we are going to explore how these "protections" actually endanger you and pose critical threats to society at large. Threats that are so grave that numerous government agencies around the world insist that we immediately limit or eliminate E2EE entirely, before our world as we know it falls apart.
+
+*Privacy Guides* is acutely aware of these serious concerns, and believes privacy should always be a conditional right, used *responsibly*.
+
+## E2EE hampers *legitimate* government surveillance
+
+Every day, intelligence agencies carry out perfectly legitimate surveillance activities against both their own citizens and foreigners. There is no question that these agencies are crucial to the upkeep of our national security, and it is our moral obligation to assist them in these warrantless activities, whether we know it or not.
+
+When services like [Signal](https://www.privacyguides.org/en/real-time-communication/) or [Tuta](https://www.privacyguides.org/en/email/) keep all of their users messages locked in an impenetrable vault, how are they supposed to keep tabs on potential criminals using their services?
+
+The reality is that if the government is not allowed to read *every* message being sent, they might never encounter the *one* that actually warrants suspicion.
+
+It's true that end-to-end encryption also protects the lives of journalists, whistleblowers, and human-rights activists from those few governments which are *actually* oppressive, but these edge-cases should not be used as an excuse to hinder legitimate governments like in the US or the UK.
+
+## E2EE encourages crime
+
+With end-to-end encryption, criminals are granted a free pass for unlimited criminal activity. *Nobody* can read their messages besides them! Shocking, isn't it?
+
+If platforms simply removed all forms of encryption from their services, we could solve cybercrime, illegal drug dealing, dangerous hacking attempts, child exploitation, and terrorism overnight... right?
+
+There is plenty of historical precedent here. Platforms like Snapchat which *don't* utilize end-to-end encryption have bravely been [involved in noble arrests](https://www.bbc.com/news/world-europe-68099669), stopping criminals in their tracks before they had a chance to act.
+
+Users of these platforms who aren't criminals do benefit a bit from end-to-end encryption. It protects them from identity theft, surveillance, and data breaches every day. With any sort of trade-off like this, this is certainly a factor to consider. We believe it is very clear that giving up minor protections like this is a small price to pay to potentially intercept the next dangerous joke in a group text.
+
+## It prevents *helpful* backdoors
+
+Many tech companies have tried to [introduce backdoors into their end-to-end encrypted platforms](https://www.eff.org/deeplinks/2021/08/apples-plan-think-different-about-encryption-opens-backdoor-your-private-life), only to be lambasted by the legion of completely unreasonable "privacy advocates" out there. Our stance on privacy is far more principled, and we believe there is a middle-ground to be found in the laws of mathematics.
+
+The solution proposed by companies like Apple and agencies like the FBI is a sound one. They will protect your messages, *unless* they encounter something suspicious. At that point, keys to decrypt your data will be given **only to the good guys**, so that they can enforce the law.
+
+This approach makes a lot of sense. By carefully controlling access to these skeleton keys, it's trivial for companies to make sure they only fall into the right hands. The notion that they might be leaked, or that someone with enough resources could replicate that access, is so far into slippery slope territory that it borders on nonsense. Let's stick with what we know about the security capabilities of these companies today, instead of imagining ridiculous scenarios where they are breached.
+
+## It harms innovation
+
+Think about all the services you use online every day. The companies behind those services *rely* on collecting as much of your personal data as possible in order to constantly produce exciting new innovations. Without mass data collection, how would you get personalized ads for weeks about different new sneakers, because you bought that pair on Amazon yesterday? How else would companies emulate the real-life experience of constantly being hounded by a salesperson in a store selling you the exact thing you desperately need?
+
+E2EE prevents companies from truly knowing their users, stifling these massive advances in advanced user profiling!
+
+Big tech companies monetizing your personal data in ways that you don't need to understand nor consent to is what makes the internet such a magical place. If your private chats are protected with E2EE, companies won't be able to serve you the moment you even *think* about a new lawnmower. What do you think about that?
+
+## It's challenging for developers
+
+Another way E2EE slows down innovation even in the digital security realm is its complexity. Implementing robust cryptographic libraries and user-friendly key management systems is complicated, and software development is supposed to be a piece of cake.
+
+The problem of digital security has already been solved: simply store that information in a database and protect that database from anyone who isn't approved to see it. Protections beyond this tend to be complexity for the sake of complexity. If we did away with the countless developer hours wasted on protection nobody *really* needs, we'd have more time to add longer animations and innovative features like infinite scrolling to keep users happily using their apps for hours on end.
+
+## E2EE is a slippery slope!
+
+Constantly pushing E2EE sets up consumers with a wildly unreasonable expectation, that privacy should be the default. If people got comfortable communicating without tech companies and governments constantly peeking over their shoulder, it's impossible to imagine what they might start thinking next. Maybe they'd start to believe personal liberty is a right, instead of a *privilege*.
+
+End-to-end encryption is an insidious technology that has crept its way into some of the best instant messengers, [cloud storage providers](https://www.privacyguides.org/en/cloud/), and other apps. It stands in the way of law enforcement, government security agencies, data-collecting corporations, and anyone else who might need to peek into your personal life.
+
+It's time we took a stand against this technology and demand a true solution from our governments: **Sensible** regulations that allow for *partial* protections while keeping the option for these entities to decrypt it when necessary intact. The sense of security is all that truly matters to most people anyway.
+
+[Who needs *complete* privacy](https://www.privacyguides.org/en/basics/why-privacy-matters/) when you can have a half-baked version easily circumvented by the good guys? What is privacy in the first place, if not a convenient cover for wrongdoing? If we can't read all messages (just in case), how are we expected to keep society safe?
+
+---
+
+This article was published on April Fools' Day. If you've made it to the end, and you haven't noticed how we buried the real benefits of end-to-end encryption in our hyperbolic worst-case scenarios, well... surprise! 😄
+
+Privacy Guides supports strong encryption as a cornerstone of digital security and personal freedom. End-to-end encryption ensures that **your** communications remain **yours**, which is a principle worth preserving.
+
+If the "dangers" of E2EE upset you, maybe it is time to reflect on how crucial privacy is to everyone: You, me, whistleblowers, activists, and everyday people who just want to live their lives. Happy April 1st, and stay secure out there!
+
+*Written by: Jonah Aragon*

blog/posts/the-future-of-privacy.md

@@ -2,11 +2,11 @@
 date:
     created: 2025-02-03T19:00:00Z
 categories:
-    - Opinion
+    - News
 authors:
     - em
 description: Privacy is intrinsically intertwined with politics. Each change in governance can have serious effects on privacy rights and privacy tools, for better or for worse. Let's examine with concrete examples how politics affect legislations that can have an immense impact on the privacy tools and features we use.
-schema_type: OpinionNewsArticle
+schema_type: NewsArticle
 ---
 
 # The Future of Privacy: How Governments Shape Your Digital Life

blog/posts/the-privacy-of-others.md

@@ -2,11 +2,11 @@
 date:
     created: 2025-03-10T20:00:00Z
 categories:
-    - Opinion
+    - Explainers
 authors:
     - em
 description: In privacy, we talk a lot about how to protect our own data, but what about our responsibility to protect the data of others? If you care about privacy rights, you must also care for the data of the people around you. Together, we must start building a culture of data privacy where everyone cares for the data of others.
-schema_type: OpinionNewsArticle
+schema_type: NewsArticle
 ---
 # Privacy is Also Protecting the Data of Others
 

blog/posts/tor-security-slider-flaw.md

@@ -0,0 +1,82 @@
+---
+date:
+    created: 2025-05-02T11:20:00Z
+    updated: 2025-05-03T15:00:00Z
+categories:
+    - News
+authors:
+    - jonah
+tags:
+    - PSA
+    - Tor
+description: |
+  PSA: The security level slider in Tor Browser (and Mullvad Browser) does not fully apply until restarting the browser. This presents a high risk to people who switch from Standard to Safer security during a browsing session in order to protect themselves from browser exploits.
+schema_type: ReportageNewsArticle
+preview:
+  cover: blog/assets/images/tor-security-slider-flaw/cover.png
+---
+# A Flaw With the Security Level Slider in Tor Browser
+
+![Illustration showing Tor's security level options with question marks next to the selected Safer level](../assets/images/tor-security-slider-flaw/cover.png)
+
+<small aria-hidden="true">Illustration: Jonah Aragon / Privacy Guides</small>
+
+[Tor Browser](https://www.privacyguides.org/en/tor/#tor-browser) and [Mullvad Browser](https://www.privacyguides.org/en/desktop-browsers/#mullvad-browser) users should be aware of a flaw with the Security Level slider: Not all protections advertised by the browser are properly engaged until the browser is fully restarted.<!-- more -->
+
+This flaw was anonymously reported to *Privacy Guides* by a member of our [community](https://discuss.privacyguides.net/), and I confirmed it via the latest Tor Browser 14.5.1 on macOS. Additionally, I confirmed this behavior in Mullvad Browser 14.5.1 on macOS.
+
+~~I was unable to find any documentation or open GitLab issues with Tor regarding the need to take additional steps before security settings are fully applied, and~~ Tor Browser documentation does not note that a restart is required, nor does it prompt users to restart the browser after security changes are made. (update: see below)
+
+This presents a high risk to people who switch from Standard to Safer security during a browsing session with the goal to protect themselves from browser exploits.
+
+## Demonstration
+
+The effect can be easily demonstrated in your own Tor Browser install by running a JavaScript benchmark such as [JetStream 2.2](https://browserbench.org/JetStream/). These benchmarks rely on a technology called Just-in-Time (JIT) compilation to improve performance, but JIT is linked to numerous security vulnerabilities in modern web browsers. The "Safer" security level normally disables JIT entirely to prevent these issues, however, you can see virtually no performance impact when switching to the Safer security level in Tor Browser and running the benchmark again:
+
+<figure markdown="span">
+  ![JetStream2 benchmark results with a score of 196 and the shield indicator in the browser's toolbar indicating that Standard security level is set](../assets/images/tor-security-slider-flaw/standard-level-jetstream2.png)
+  <figcaption>JetStream 2.2 benchmark results in <strong>Standard</strong> mode</figcaption>
+</figure>
+
+<figure markdown="span">
+  ![JetStream2 benchmark results with a score of 191 and the shield indicator in the browser's toolbar indicating that Safer security level is set](../assets/images/tor-security-slider-flaw/safer-level-before-restart-jetstream2.png)
+  <figcaption>JetStream 2.2 benchmark results in <strong>Safer</strong> mode, <em>without</em> restarting Tor Browser</figcaption>
+</figure>
+
+While the performance is virtually identical between these two runs, *after* restarting Tor Browser and re-running the test, we see drastically lower performance results, in line with what we would expect with JIT properly disabled:
+
+<figure markdown="span">
+  ![JetStream2 benchmark results with a score of 33 and the shield indicator in the browser's toolbar indicating that Safer security level is set](../assets/images/tor-security-slider-flaw/safer-level-after-restart-jetstream2.png)
+  <figcaption>JetStream 2.2 benchmark results in <strong>Safer</strong> mode, <em>after</em> restarting Tor Browser</figcaption>
+</figure>
+
+As you can see, there is no visible indicator that anything is different between the last two runs, and there was no prompt to restart the browser after changing these settings. However, this clearly indicates that JavaScript technologies that are meant to be disabled in Safer mode can still be accessed by websites until the browser is restarted, potentially opening you up to browser exploits if you are unaware of the additional steps required to secure yourself.
+
+## Safest Mode
+
+We have not tested or verified the full extent of security features which require a browser restart. We tested whether JIT remained enabled after switching to Safer mode because it was the easiest feature to test. Safest mode disables JavaScript entirely, so the demonstration above will not demonstrate this problem exists when switching to Safest mode.
+
+However, it is possible that there are *other* features normally disabled by Safest mode which remain enabled until you restart your browser. Out of an abundance of caution, we recommend always restarting your browser after changing this setting, regardless of whether you are switching to Safer or Safest mode.
+
+## Conclusion
+
+The Tor Project advertises the security slider as a way to conveniently adjust the protections that the Tor Browser provides, but does not note additional steps necessary to ensure those settings actually go into effect.
+
+This is our public service announcement to make sure you **always completely restart Tor Browser after adjusting your security settings.** Relying on these indicators can create a false sense of security and potentially expose users relying on this security level slider to greater risk than they expect based on Tor Browser's UI and documentation.
+
+Hopefully, Tor Browser will prompt or force their users to restart the browser after adjusting these settings in a future update.
+
+---
+
+**Update (5/3):** A few hours following the publication of this article, the Tor Project emailed us the following statement:
+
+> The Tor Project is aware of this issue, and it is being tracked and actively
+> addressed. Those interested can follow the discussion and progress here:
+> <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42572>. In
+> addition to a restart prompt, we’re also exploring broader improvements to the
+> security level system, including aligning it more closely with Tor Browser's
+> updated threat model\[1] and possibly delegating even more of its back-end
+> to NoScript for additional flexibility. These improvements may be part of the
+> upcoming 15.0 release cycle.
+>
+> \[1]: <https://gitlab.torproject.org/tpo/applications/wiki/-/wikis/>

docs/about/donate.md

@@ -10,7 +10,7 @@ Support our mission to defend digital rights and spread the word about mass surv
 
 <small markdown>
 
-MAGIC Grants is our fiscal host, and their custom, open-source donation platform allows you to donate to our project with **Monero**, **Bitcoin**, or **debit/credit card**. You can also donate using [:simple-github: GitHub Sponsors](https://github.com/sponsors/privacyguides).
+MAGIC Grants is our fiscal host, and their custom, open-source donation platform allows you to donate to our project with **Monero**, **Litecoin (MWEB)**, **Bitcoin**, or **debit/credit card**. You can also donate using [:simple-github: GitHub Sponsors](https://github.com/sponsors/privacyguides).
 
 </small>
 
@@ -21,7 +21,7 @@ MAGIC Grants is our fiscal host, and their custom, open-source donation platform
     Thank you to these organizations who significantly support Privacy Guides. (1)
     { .annotate }
 
-    1. Please contact <info@magicgrants.org> to inquire about giving. Privacy Guides reserves the right to rescind the membership of those who are unaligned with our mission or organization at any time. Organizational members have no ability to influence what content is recommended on the Privacy Guides website. Learn more about our [donation acceptance policy](donation-acceptance-policy.md).
+    1. Please contact <info@magicgrants.org> to inquire about giving. Privacy Guides reserves the right to rescind the membership of those who are unaligned with our mission or organization at any time. Organizational members have no ability to influence what content is recommended on the Privacy Guides website. Learn more about our [donation acceptance policy](https://discuss.privacyguides.net/t/ep2-donation-acceptance-policy/27360/1).
 
     <div class="mdx-specialthanks" markdown>
 
@@ -82,7 +82,7 @@ You can become an organizational member by reaching out to <info@magicgrants.org
 
 Organizational members that choose to be recognized publicly are included in our organizational members section (above), and occasionally at other opportunities where appropriate. Organizational member links include the `rel="nofollow"` attribute: We adopted this policy to screen out potential abuse of our program and site to raise the rank of third parties in search algorithms. Unfortunately, this is a growing problem for nonprofits. This was a complex decision since we know many of the sincere supporters behind these companies, but we decided that it was the best choice for us.
 
-Organizational members have no ability to influence what content is recommended on the Privacy Guides website. Learn more about our [donation acceptance policy](donation-acceptance-policy.md).
+Organizational members have no ability to influence what content is recommended on the Privacy Guides website. Learn more about our [donation acceptance policy](https://discuss.privacyguides.net/t/ep2-donation-acceptance-policy/27360/1).
 
 ### What is an active membership?
 
@@ -110,7 +110,7 @@ We use donations for a variety of purposes, including:
 
 **Online Services**
 
-:   We host [internet services](services.md) for testing and showcasing different privacy-products we like and [recommend](../tools.md). Some of them are made publicly available for our community's use (SearXNG, Tor, etc.), and some are provided for our team members (email, etc.).
+:   We host internet services for testing and showcasing different privacy-products we like and [recommend](../tools.md). Some of them are made publicly available for our community's use (SearXNG, Tor, etc.), and some are provided for our team members (email, etc.).
 
 **Product Purchases**
 

docs/about/donation-acceptance-policy.md

@@ -1,58 +0,0 @@
----
-title: Donation Acceptance Policy
-description: Privacy Guides aspires to obtain funding from a wide variety of sources to reduce our dependency on any single donor. Please consider donating!
----
-
-Privacy Guides takes the ethical responsibility of making unbiased recommendations on its website very seriously.
-
-Privacy Guides aspires to obtain funding from a wide variety of sources to reduce our dependency on any single donor. Please consider [donating](donate.md)!
-
-## What we **can** accept
-
-In the course of our regular fundraising activities...
-
-- Donations and other forms of support will generally be accepted from individuals, corporations, foundations, or other entities, without limitations.
-    - This includes cash, cash equivalents (checks, money orders, credit/debit card payments), and cryptocurrency.
-- Gifts of Real Property, Personal Property, or Securities may only be accepted upon approval of the MAGIC Grants board of directors.
-
-Privacy Guides will only accept such gifts that are legal and consistent with our policies. Gifts must not interfere with Privacy Guides' mission, purpose, and procedures.
-
-## Things we do **not** do
-
-- Accept sponsorships.
-- Offer to recommend a product or service in exchange for a donation or other incentive.
-- Threaten to remove a recommendation for a product or service unless we receive a donation or other incentive.
-- Offer to expedite a review of a product or service in exchange for a donation or other incentive.
-- Write sponsored content or feature sponsored components in our content.
-
-## Things we **may** do
-
-- Accept donations from privacy-related companies and non-profits.
-- Apply for grant programs.
-- Accept free versions of software or hardware to test and review, while being mindful of possible differences in versions that could differ from a regular customer experience. ([More details](executive-policy.md#ep1-freely-provided-product-samples))
-- Accept discounted versions of software or hardware that assist our operations (for example, discounted software costs made available to non-profits).
-
-## Restrictions on gifts
-
-Privacy Guides accepts unrestricted gifts, and we appreciate the flexibility to apply your gift to our programs where they are most needed.
-
-We also accept and appreciate gifts for specified programs or purposes, provided that such gifts are consistent with our program's stated mission, purpose, and priority. Privacy Guides will not accept gifts which are too restrictive in purpose.
-
-Examples of gifts which are too restrictive include:
-
-- Those which fund the research and review of a specific product category or specific product.
-- Those which violate our existing policies.
-- Those which are too difficult for us to administer.
-- Those that are for purposes outside our general mission.
-
-An example of an acceptable restriction could be a gift towards funding our [video](https://www.privacyguides.org/videos/) production, or hosting our website and forum.
-
-Final decisions on the restrictive nature of a gift and its acceptance or refusal will be made by our executive committee.
-
-## Additional terms
-
-Privacy Guides generally does not pay "finder's fees" or commissions to third parties in connection with any gift to Privacy Guides. We may, however, pay commissions and fees to properly negotiate and receive assets when appropriate.
-
-No officer, committee member, employee, or other agent of Privacy Guides will be compensated in a manner which is dependent on the size or nature of gifts made to Privacy Guides by any person. If we engage with legal, accounting, or other professionals, their fees and expenses will be determined by the time they spend engaged with our work, and not by reference to any particular gift in connection to their retainer.
-
-Privacy Guides always follows the MAGIC Grants Gift Acceptance Policy, available on their website: <https://magicgrants.org/about/documentation/>

docs/about/executive-policy.md

@@ -1,26 +0,0 @@
----
-title: Executive Policy
-description: These are policies formally adopted by our executive committee, and take precedence over all other statements expressed on this website.
----
-
-These are policies formally adopted by Privacy Guides' executive committee, and take precedence over all other statements expressed on this website.
-
-The keywords **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
-
-## EP1: Freely-Provided Product Samples
-
-*Our policy on accepting product samples for review was adopted September 7, 2024.*
-
-=== "Current Version (1)"
-
-    - Privacy Guides **shall not** proactively reach out to vendors asking for product samples or review accounts.
-    - Privacy Guides **shall not** accept test/review accounts for subscription cloud services.
-    - Privacy Guides **may** accept freely-provided product samples for one-time purchase software applications which run locally, given they don't require a subscription for continued operation.
-    - Privacy Guides **may** accept freely-provided samples of hardware products.
-        - Privacy Guides **may** accept a freely-provided subscription service associated with a hardware product, if such a subscription/license is necessary to use the product.
-    - Privacy Guides **must not** enter into an agreement pertaining to our editorial opinion with the vendor in order to receive a sample or publish a review. All freely-provided items must be strictly "no strings attached."
-        - We **may** agree to return the product to the vendor following the review if requested.
-        - We **may** agree to a reasonable NDA, provided it has a clear embargo date that is lifted no more than 6 months in the future where the NDA completely no longer applies.
-        - We **should not** enter into any other agreement with the vendor not described here. Potential agreements not described here **must** be approved by the executive committee beforehand.
-
-    In all cases, whether we paid for the product independently or received a free sample from a vendor, how we obtained the product **must** be clearly documented in the background section of every article associated with the product.

docs/about/services.md

@@ -1,33 +0,0 @@
----
-description: We run a number of web services to test out features and promote cool decentralized, federated, and/or open-source projects.
----
-
-# Privacy Guides Services
-
-We run a number of web services to test out features and promote cool decentralized, federated, and/or open-source projects. Many of these services are available to the public and are detailed below.
-
-[:material-comment-alert: Report an issue](https://discuss.privacyguides.net/c/services/2){ class="md-button md-button--primary" }
-
-## Discourse
-
-- Domain: [discuss.privacyguides.net](https://discuss.privacyguides.net)
-- Availability: Public
-- Source: [github.com/discourse/discourse](https://github.com/discourse/discourse)
-
-## Gitea
-
-- Domain: [code.privacyguides.dev](https://code.privacyguides.dev)
-- Availability: Invite-Only. Access may be granted upon request to any team working on *Privacy Guides*-related development or content.
-- Source: [snapcraft.io/gitea](https://snapcraft.io/gitea)
-
-## Matrix
-
-- Domain: [matrix.privacyguides.org](https://matrix.privacyguides.org)
-- Availability: Invite-Only. Access may be granted upon request to Privacy Guides team members, Matrix moderators, third-party Matrix community administrators, Matrix bot operators, and other individuals in need of a reliable Matrix presence.
-- Source: [github.com/spantaleev/matrix-docker-ansible-deploy](https://github.com/spantaleev/matrix-docker-ansible-deploy)
-
-## SearXNG
-
-- Domain: [search.privacyguides.net](https://search.privacyguides.net)
-- Availability: Public
-- Source: [github.com/searxng/searxng-docker](https://github.com/searxng/searxng-docker)

docs/ai-chat.md

@@ -11,7 +11,7 @@ cover: ai-chatbots.webp
 - [:material-account-cash: Surveillance Capitalism](basics/common-threats.md#surveillance-as-a-business-model){ .pg-brown }
 - [:material-close-outline: Censorship](basics/common-threats.md#avoiding-censorship){ .pg-blue-gray }
 
-Since the release of ChatGPT in 2022, interactions with Large Language Models (LLMs) have become increasingly common. LLMs can help us write better, understand unfamiliar subjects, or answer a wide range of questions. They can statistically predict the next word based on a vast amount of data scraped from the web.
+The use of **AI chat**, also known as Large Language Models (LLMs), has become increasingly common since the release of ChatGPT in 2022. LLMs can help us write better, understand unfamiliar subjects, or answer a wide range of questions. They work by statistically predicting the next word in their responses based on a vast amount of data scraped from the web.
 
 ## Privacy Concerns About LLMs
 
@@ -41,7 +41,7 @@ To run AI locally, you need both an AI model and an AI client.
 
 ### Choosing a Model
 
-There are many permissively licensed models available to download. [Hugging Face](https://huggingface.co/models) is a platform that lets you browse, research, and download models in common formats like [GGUF](https://huggingface.co/docs/hub/en/gguf). Companies that provide good open-weights models include big names like Mistral, Meta, Microsoft, and Google. However, there are also many community models and 'fine-tunes' available. As mentioned above, quantized models offer the best balance between model quality and performance for those using consumer-grade hardware.
+There are many permissively licensed models available to download. [Hugging Face](https://huggingface.co/models) is a platform that lets you browse, research, and download models in common formats like [GGUF](https://huggingface.co/docs/hub/en/gguf). Companies that provide good open-weights models include big names like Mistral, Meta, Microsoft, and Google. However, there are also many community models and [fine-tuned](https://en.wikipedia.org/wiki/Fine-tuning_(deep_learning)) models available. As mentioned above, quantized models offer the best balance between model quality and performance for those using consumer-grade hardware.
 
 To help you choose a model that fits your needs, you can look at leaderboards and benchmarks. The most widely-used leaderboard is the community-driven [LM Arena](https://lmarena.ai). Additionally, the [OpenLLM Leaderboard](https://huggingface.co/spaces/open-llm-leaderboard/open_llm_leaderboard) focuses on the performance of open-weights models on common benchmarks like [MMLU-Pro](https://arxiv.org/abs/2406.01574).  There are also specialized benchmarks which measure factors like [emotional intelligence](https://eqbench.com), ["uncensored general intelligence"](https://huggingface.co/spaces/DontPlanToEnd/UGI-Leaderboard), and [many others](https://www.nebuly.com/blog/llm-leaderboards).
 
@@ -62,7 +62,7 @@ To help you choose a model that fits your needs, you can look at leaderboards an
 
 ![Kobold.cpp Logo](assets/img/ai-chat/kobold.png){align=right}
 
-Kobold.cpp is an AI client that runs locally on your Windows, Mac, or Linux computer. It's an excellent choice if you are looking for heavy customization and tweaking, such as for role-playing purposes.
+**Kobold.cpp** is an AI client that runs locally on your Windows, Mac, or Linux computer. It's an excellent choice if you are looking for heavy customization and tweaking, such as for role-playing purposes.
 
 In addition to supporting a large range of text models, Kobold.cpp also supports image generators such as [Stable Diffusion](https://stability.ai/stable-image) and automatic speech recognition tools such as [Whisper](https://github.com/ggerganov/whisper.cpp).
 
@@ -82,7 +82,7 @@ In addition to supporting a large range of text models, Kobold.cpp also supports
 
 </div>
 
-<div class="admonition note" markdown>
+<div class="admonition info" markdown>
 <p class="admonition-title">Compatibility Issues</p>
 
 Kobold.cpp might not run on computers without AVX/AVX2 support.
@@ -97,7 +97,7 @@ Kobold.cpp allows you to modify parameters such as the AI model temperature and
 
 ![Ollama Logo](assets/img/ai-chat/ollama.png){align=right}
 
-Ollama is a command-line AI assistant that is available on macOS, Linux, and Windows. Ollama is a great choice if you're looking for an AI client that's easy-to-use, widely compatible, and fast due to its use of inference and other techniques. It also doesn't involve any manual setup.
+**Ollama** is a command-line AI assistant that is available on macOS, Linux, and Windows. Ollama is a great choice if you're looking for an AI client that's easy-to-use, widely compatible, and fast due to its use of inference and other techniques. It also doesn't involve any manual setup.
 
 In addition to supporting a wide range of text models, Ollama also supports [LLaVA](https://github.com/haotian-liu/LLaVA) models and has experimental support for Meta's [Llama vision capabilities](https://huggingface.co/blog/llama32#what-is-llama-32-vision).
 
@@ -123,9 +123,9 @@ Ollama simplifies the process of setting up a local AI chat by downloading the A
 
 <div class="admonition recommendation" markdown>
 
-![Llamafile Logo](assets/img/ai-chat/llamafile.svg){align=right}
+![Llamafile Logo](assets/img/ai-chat/llamafile.png){align=right}
 
-Llamafile is a lightweight single-file executable that allows users to run LLMs locally on their own computers without any setup involved. It is [backed by Mozilla](https://hacks.mozilla.org/2023/11/introducing-llamafile) and available on Linux, macOS, and Windows.
+**Llamafile** is a lightweight, single-file executable that allows users to run LLMs locally on their own computers without any setup involved. It is [backed by Mozilla](https://hacks.mozilla.org/2023/11/introducing-llamafile) and available on Linux, macOS, and Windows.
 
 Llamafile also supports LLaVA. However, it doesn't support speech recognition or image generation.
 
@@ -137,7 +137,9 @@ Llamafile also supports LLaVA. However, it doesn't support speech recognition or
 <details class="downloads" markdown>
 <summary>Downloads</summary>
 
-- [:fontawesome-solid-desktop: Desktop](https://github.com/Mozilla-Ocho/llamafile#quickstart)
+- [:fontawesome-brands-windows: Windows](https://github.com/Mozilla-Ocho/llamafile#quickstart)
+- [:simple-apple: macOS](https://github.com/Mozilla-Ocho/llamafile#quickstart)
+- [:simple-linux: Linux](https://github.com/Mozilla-Ocho/llamafile#quickstart)
 
 </details>
 
@@ -170,11 +172,11 @@ Please note we are not affiliated with any of the projects we recommend. In addi
 
 ### Minimum Requirements
 
-- Must be open-source.
+- Must be open source.
 - Must not transmit personal data, including chat data.
 - Must be multi-platform.
 - Must not require a GPU.
-- Must support GPU-powered fast inference.
+- Must support GPU-powered, fast inference.
 - Must not require an internet connection.
 
 ### Best-Case
@@ -185,4 +187,11 @@ Our best-case criteria represent what we *would* like to see from the perfect pr
 - Should have a built-in model downloader option.
 - The user should be able to modify the LLM parameters, such as its system prompt or temperature.
 
+*[LLaVA]: Large Language and Vision Assistant (multimodal AI model)
+*[LLM]: Large Language Model (AI model such as ChatGPT)
+*[LLMs]: Large Language Models (AI models such as ChatGPT)
+*[open-weights models]: AI models that anyone can download and use, but the underlying training data and/or algorithms for them are proprietary.
+*[system prompt]: The general instructions given by a human to guide how an AI chat should operate.
+*[temperature]: A parameter used in AI models to control the level of randomness and creativity in the generated text.
+
 [^1]: A file checksum is a type of anti-tampering fingerprint. A developer usually provides a checksum in a text file that can be downloaded separately, or on the download page itself. Verifying that the checksum of the file you downloaded matches the one provided by the developer helps ensure that the file is genuine and wasn't tampered with in transit. You can use commands like `sha256sum` on Linux and macOS, or `certutil -hashfile file SHA256` on Windows to generate the downloaded file's checksum.

docs/alternative-networks.md

@@ -34,6 +34,8 @@ The recommended way to access the Tor network is via the official Tor Browser, w
 
 [Tor Browser Info :material-arrow-right-drop-circle:](tor.md){ .md-button .md-button--primary } [Detailed Tor Overview :material-arrow-right-drop-circle:](advanced/tor-overview.md){ .md-button }
 
+You can access the Tor network using other tools; making this determination comes down to your threat model. If you are a casual Tor user who is not worried about your ISP collecting evidence against you, using apps like [Orbot](#orbot) or mobile browser apps to access the Tor network is probably fine. Increasing the number of people who use Tor on an everyday basis helps reduce the bad stigma of Tor, and lowers the quality of "lists of Tor users" that ISPs and governments may compile.
+
 <div class="admonition example" markdown>
 <p class="admonition-title">Try it out!</p>
 
@@ -41,12 +43,50 @@ You can try connecting to *Privacy Guides* via Tor at [xoe4vn5uwdztif6goazfbmogh
 
 </div>
 
+#### Orbot
+
+<div class="admonition recommendation" markdown>
+
+![Orbot logo](assets/img/self-contained-networks/orbot.svg){ align=right }
+
+**Orbot** is a mobile application which routes traffic from any app on your device through the Tor network.
+
+[:octicons-home-16: Homepage](https://orbot.app){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://orbot.app/privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://orbot.app/faqs){ .card-link title="Documentation" }
+[:octicons-code-16:](https://orbot.app/code){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://orbot.app/donate){ .card-link title="Contribute" }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.torproject.android)
+- [:simple-appstore: App Store](https://apps.apple.com/app/id1609461599)
+- [:simple-github: GitHub](https://github.com/guardianproject/orbot/releases)
+- [:simple-fdroid: F-Droid](https://guardianproject.info/fdroid)
+
+</details>
+
+</div>
+
+We previously recommended enabling the *Isolate Destination Address* preference in Orbot settings. While this setting can theoretically improve privacy by enforcing the use of a different circuit for each IP address you connect to, it doesn't provide a practical advantage for most applications (especially web browsing), can come with a significant performance penalty, and increases the load on the Tor network. We no longer recommend adjusting this setting from its default value unless you know you need to.[^1]
+
+=== "Android"
+
+    Orbot can proxy individual apps if they support SOCKS or HTTP proxying. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN kill switch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
+
+    Orbot is often outdated on Google Play and the Guardian Project's F-Droid repository, so consider downloading directly from the GitHub repository instead. All versions are signed using the same signature, so they should be compatible with each other.
+
+=== "iOS"
+
+    On iOS, Orbot has some limitations that could potentially cause crashes or leaks: iOS does not have an effective OS-level feature to block connections without a VPN like Android does, and iOS has an artificial memory limit for network extensions that makes it challenging to run Tor in Orbot without crashes. Currently, it is always safer to use Tor on a desktop computer compared to a mobile device.
+
 #### Snowflake
 
 <div class="admonition recommendation" markdown>
 
-![Snowflake logo](assets/img/browsers/snowflake.svg#only-light){ align=right }
-![Snowflake logo](assets/img/browsers/snowflake-dark.svg#only-dark){ align=right }
+![Snowflake logo](assets/img/self-contained-networks/snowflake.svg#only-light){ align=right }
+![Snowflake logo](assets/img/self-contained-networks/snowflake-dark.svg#only-dark){ align=right }
 
 **Snowflake** allows you to donate bandwidth to the Tor Project by operating a "Snowflake proxy" within your browser.
 
@@ -109,4 +149,5 @@ Also, unlike Tor, every I2P node will relay traffic for other users by default,
 
 There are downsides to I2P's approach, however. Tor relying on dedicated exit nodes means more people in less safe environments can use it, and the relays that do exist on Tor are likely to be more performant and stable, as they generally aren't run on residential connections. Tor is also far more focused on **browser privacy** (i.e. anti-fingerprinting), with a dedicated [Tor Browser](tor.md) to make browsing activity as anonymous as possible. I2P is used via your [regular web browser](desktop-browsers.md), and while you can configure your browser to be more privacy-protecting, you probably still won't have the same browser fingerprint as other I2P users (there's no "crowd" to blend in with in that regard).
 
+[^1]: The `IsolateDestAddr` setting is discussed on the [Tor mailing list](https://lists.torproject.org/pipermail/tor-talk/2012-May/024403) and [Whonix's Stream Isolation documentation](https://whonix.org/wiki/Stream_Isolation), where both projects suggest that it is usually not a good approach for most people.
 Tor is likely to be more resistant to censorship, due to their robust network of bridges and varying [pluggable transports](https://tb-manual.torproject.org/circumvention). On the other hand, I2P uses directory servers for the initial connection which are varying/untrusted and run by volunteers, compared to the hard-coded/trusted ones Tor uses which are likely easier to block.

docs/android/index.md

@@ -50,7 +50,7 @@ Ideally, when choosing a custom Android distribution, you should make sure that
 
 [Rooting](https://en.wikipedia.org/wiki/Rooting_(Android)) Android phones can decrease security significantly as it weakens the complete [Android security model](https://en.wikipedia.org/wiki/Android_(operating_system)#Security_and_privacy). This can decrease privacy should there be an exploit that is assisted by the decreased security. Common rooting methods involve directly tampering with the boot partition, making it impossible to perform successful Verified Boot. Apps that require root will also modify the system partition, meaning that Verified Boot would have to remain disabled. Having root exposed directly in the user interface also increases the attack surface of your device and may assist in [privilege escalation](https://en.wikipedia.org/wiki/Privilege_escalation) vulnerabilities and SELinux policy bypasses.
 
-Content blockers which modify the [hosts file](https://en.wikipedia.org/wiki/Hosts_(file)) (AdAway) and firewalls (AFWall+) which require root access persistently are dangerous and should not be used. They are also not the correct way to solve their intended purposes. For content blocking, we suggest encrypted [DNS](../dns.md) or content blocking functionality provided by a VPN instead. TrackerControl and AdAway in non-root mode will take up the VPN slot (by using a local loopback VPN), preventing you from using privacy enhancing services such as [Orbot](../tor.md#orbot) or a [real VPN provider](../vpn.md).
+Content blockers which modify the [hosts file](https://en.wikipedia.org/wiki/Hosts_(file)) (like AdAway) and firewalls which require root access persistently (like AFWall+) are dangerous and should not be used. They are also not the correct way to solve their intended purposes. For content blocking, we suggest encrypted [DNS](../dns.md) or content blocking functionality provided by a VPN instead. TrackerControl and AdAway in non-root mode will take up the VPN slot (by using a local loopback VPN), preventing you from using privacy-enhancing services such as [Orbot](../alternative-networks.md#orbot) or a [real VPN provider](../vpn.md).
 
 AFWall+ works based on the [packet filtering](https://en.wikipedia.org/wiki/Firewall_(computing)#Packet_filter) approach and may be bypassable in some situations.
 

docs/basics/account-creation.md

@@ -42,7 +42,7 @@ You will be responsible for managing your login credentials. For added security,
 
 #### Email aliases
 
-If you don't want to give your real email address to a service, you have the option to use an alias. We described them in more detail on our email services recommendation page. Essentially, alias services allow you to generate new email addresses that forward all emails to your main address. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign-up process. Those can be filtered automatically based on the alias they are sent to.
+If you don't want to give your real email address to a service, you have the option to use an alias. We describe them in more detail on our email services recommendation page. Essentially, alias services allow you to generate new email addresses that forward all emails to your main address. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign-up process. Those can be filtered automatically based on the alias they are sent to.
 
 Should a service get hacked, you might start receiving phishing or spam emails to the address you used to sign up. Using unique aliases for each service can assist in identifying exactly what service was hacked.
 
@@ -50,19 +50,19 @@ Should a service get hacked, you might start receiving phishing or spam emails t
 
 ### "Sign in with..." (OAuth)
 
-OAuth is an authentication protocol that allows you to register for a service without sharing much information with the service provider, if any, by using an existing account you have with another service instead. Whenever you see something along the lines of "Sign in with *provider name*" on a registration form, it's typically using OAuth.
+[Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth) is an authentication protocol that allows you to register for a service without sharing much information with the service provider, if any, by using an existing account you have with another service instead. Whenever you see something along the lines of "Sign in with *provider name*" on a registration form, it's typically using OAuth.
 
 When you sign in with OAuth, it will open a login page with the provider you choose, and your existing account and new account will be connected. Your password won't be shared, but some basic information typically will (you can review it during the login request). This process is needed every time you want to log in to the same account.
 
 The main advantages are:
 
-- **Security**: you don't have to trust the security practices of the service you're logging into when it comes to storing your login credentials, because they are stored with the external OAuth provider, which when it comes to services like Apple and Google typically follow the best security practices, continuously audit their authentication systems, and don't store credentials inappropriately (such as in plain text).
-- **Ease of use**: multiple accounts are managed by a single login.
+- **Security**: You don't have to trust the security practices of the service you're logging into when it comes to storing your login credentials because they are stored with the external OAuth provider. Common OAuth providers like Apple and Google typically follow the best security practices, continuously audit their authentication systems, and don't store credentials inappropriately (such as in plain text).
+- **Ease-of-use**: Multiple accounts are managed by a single login.
 
 But there are disadvantages:
 
-- **Privacy**: the OAuth provider you log in with will know the services you use.
-- **Centralization**: if the account you use for OAuth is compromised, or you aren't able to log in to it, all other accounts connected to it are affected.
+- **Privacy**: The OAuth provider you log in with will know the services you use.
+- **Centralization**: If the account you use for OAuth is compromised, or you aren't able to log in to it, all other accounts connected to it are affected.
 
 OAuth can be especially useful in those situations where you could benefit from deeper integration between services. Our recommendation is to limit using OAuth to only where you need it, and always protect the main account with [MFA](multi-factor-authentication.md).
 

docs/basics/email-security.md

@@ -2,34 +2,34 @@
 meta_title: "Why Email Isn't the Best Choice for Privacy and Security - Privacy Guides"
 title: Email Security
 icon: material/email
-description: Email is inherently insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications.
+description: Email is insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications.
 ---
 
-Email is an insecure form of communication by default. You can improve your email security with tools such as OpenPGP, which add End-to-End Encryption to your messages, but OpenPGP still has a number of drawbacks compared to encryption in other messaging applications, and some email data can never be encrypted inherently due to how email is designed.
+Email is an insecure form of communication by default. You can improve your email security with tools such as OpenPGP, which add end-to-end encryption to your messages, but OpenPGP still has a number of drawbacks compared to encryption in other messaging applications.
 
 As a result, email is best used for receiving transactional emails (like notifications, verification emails, password resets, etc.) from the services you sign up for online, not for communicating with others.
 
 ## Email Encryption Overview
 
-The standard way to add E2EE to emails between different email providers is by using OpenPGP. There are different implementations of the OpenPGP standard, the most common being [GnuPG](https://en.wikipedia.org/wiki/GNU_Privacy_Guard) and [OpenPGP.js](https://openpgpjs.org).
+The standard way to add E2EE to emails between different email providers is by using OpenPGP. There are different implementations of the OpenPGP standard, the most common being [GnuPG](../encryption.md#gnu-privacy-guard) and [OpenPGP.js](https://openpgpjs.org).
 
-There is another standard which is popular with business called [S/MIME](https://en.wikipedia.org/wiki/S/MIME), however, it requires a certificate issued from a [Certificate Authority](https://en.wikipedia.org/wiki/Certificate_authority) (not all of them issue S/MIME certificates). It has support in [Google Workplace](https://support.google.com/a/topic/9061730) and [Outlook for Web or Exchange Server 2016, 2019](https://support.office.com/article/encrypt-messages-by-using-s-mime-in-outlook-on-the-web-878c79fc-7088-4b39-966f-14512658f480).
+Even if you use OpenPGP, it does not support [forward secrecy](https://en.wikipedia.org/wiki/Forward_secrecy), which means if the private key of either you or the message recipient is ever stolen, all previous messages encrypted with it will be exposed. This is why we recommend [instant messengers](../real-time-communication.md) which implement forward secrecy over email for person-to-person communications whenever possible.
 
-Even if you use OpenPGP, it does not support [forward secrecy](https://en.wikipedia.org/wiki/Forward_secrecy), which means if either your or the recipient's private key is ever stolen, all previous messages encrypted with it will be exposed. This is why we recommend [instant messengers](../real-time-communication.md) which implement forward secrecy over email for person-to-person communications whenever possible.
+There is another standard which is popular with business called [S/MIME](https://en.wikipedia.org/wiki/S/MIME), however it requires a certificate issued from a [Certificate Authority](https://en.wikipedia.org/wiki/Certificate_authority) (not all of them issue S/MIME certificates, and often a yearly payment is required). In some cases it is more usable than PGP because it has support in popular/mainstream email applications like Apple Mail, [Google Workplace](https://support.google.com/a/topic/9061730), and [Outlook](https://support.office.com/article/encrypt-messages-by-using-s-mime-in-outlook-on-the-web-878c79fc-7088-4b39-966f-14512658f480). However, S/MIME does not solve the issue of lack of forward secrecy, and isn't particularly more secure than PGP.
 
 ## What is the Web Key Directory standard?
 
-The Web Key Directory (WKD) standard allows email clients to discover the OpenPGP key for other mailboxes, even those hosted on a different provider. Email clients which support WKD will ask the recipient's server for a key based on the email address' domain name. For example, if you emailed `jonah@privacyguides.org`, your email client would ask `privacyguides.org` for Jonah's OpenPGP key, and if `privacyguides.org` has a key for that account, your message would be automatically encrypted.
+The [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD) standard allows email clients to discover the OpenPGP key for other mailboxes, even those hosted on a different provider. Email clients which support WKD will ask the recipient's server for a key based on the email address' domain name. For example, if you emailed `jonah@privacyguides.org`, your email client would ask `privacyguides.org` for Jonah's OpenPGP key, and if `privacyguides.org` has a key for that account, your message would be automatically encrypted.
 
 In addition to the [email clients we recommend](../email-clients.md) which support WKD, some webmail providers also support WKD. Whether *your own* key is published to WKD for others to use depends on your domain configuration. If you use an [email provider](../email.md#openpgp-compatible-services) which supports WKD, such as Proton Mail or Mailbox.org, they can publish your OpenPGP key on their domain for you.
 
-If you use your own custom domain, you will need to configure WKD separately. If you control your domain name, you can set up WKD regardless of your email provider. One easy way to do this is to use the "[WKD as a Service](https://keys.openpgp.org/about/usage#wkd-as-a-service)" feature from keys.openpgp.org, by setting a CNAME record on the `openpgpkey` subdomain of your domain pointed to `wkd.keys.openpgp.org`, then uploading your key to [keys.openpgp.org](https://keys.openpgp.org). Alternatively, you can [self-host WKD on your own web server](https://wiki.gnupg.org/WKDHosting).
+If you use your own custom domain, you will need to configure WKD separately. If you control your domain name, you can set up WKD regardless of your email provider. One easy way to do this is to use the "[WKD as a Service](https://keys.openpgp.org/about/usage#wkd-as-a-service)" feature from the `keys.openpgp.org` server: Set a CNAME record on the `openpgpkey` subdomain of your domain pointed to `wkd.keys.openpgp.org`, then upload your key to [keys.openpgp.org](https://keys.openpgp.org). Alternatively, you can [self-host WKD on your own web server](https://wiki.gnupg.org/WKDHosting).
 
-If you use a shared domain from a provider which doesn't support WKD, like @gmail.com, you won't be able to share your OpenPGP key with others via this method.
+If you use a shared domain from a provider which doesn't support WKD, like `@gmail.com`, you won't be able to share your OpenPGP key with others via this method.
 
 ### What Email Clients Support E2EE?
 
-Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multifactor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
+Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../email-clients.md). Depending on the authentication method, this may lead to decreased security if either the provider or the email client does not support [OAuth](account-creation.md#sign-in-with-oauth) or a bridge application as [multifactor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
 
 ### How Do I Protect My Private Keys?
 
@@ -39,14 +39,14 @@ It is advantageous for the decryption to occur on the smart card to avoid possib
 
 ## Email Metadata Overview
 
-Email metadata is stored in the [message header](https://en.wikipedia.org/wiki/Email#Message_header) of the email message and includes some visible headers that you may have seen such as: `To`, `From`, `Cc`, `Date`, `Subject`. There are also a number of hidden headers included by many email clients and providers that can reveal information about your account.
+Email metadata is stored in the [message header](https://en.wikipedia.org/wiki/Email#Message_header) of the email message and includes some visible headers that you may have seen such as `To`, `From`, `Cc`, `Date`, and `Subject`. There are also a number of hidden headers included by many email clients and providers that can reveal information about your account.
 
 Client software may use email metadata to show who a message is from and what time it was received. Servers may use it to determine where an email message must be sent, among [other purposes](https://en.wikipedia.org/wiki/Email#Message_header) which are not always transparent.
 
 ### Who Can View Email Metadata?
 
-Email metadata is protected from outside observers with [Opportunistic TLS](https://en.wikipedia.org/wiki/Opportunistic_TLS) protecting it from outside observers, but it is still able to be seen by your email client software (or webmail) and any servers relaying the message from you to any recipients including your email provider. Sometimes email servers will also use third-party services to protect against spam, which generally also have access to your messages.
+Email metadata is protected from outside observers with [opportunistic TLS](https://en.wikipedia.org/wiki/Opportunistic_TLS), but it is still able to be seen by your email client software (or webmail) and any servers relaying the message from you to any recipients including your email provider. Sometimes email servers will also use third-party services to protect against spam, which generally also have access to your messages.
 
 ### Why Can't Metadata be E2EE?
 
-Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as whom you're emailing, the subject lines, when you're emailing, etc.
+Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into standard email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt some of this email metadata required for identifying the parties communicating. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as whom you're emailing, when you're emailing, etc.

docs/basics/vpn-overview.md

@@ -51,7 +51,7 @@ VPNs cannot encrypt data outside the connection between your device and the VPN
 
 Using a VPN in cases where you're using your [real-life or well-known identity](common-misconceptions.md#complicated-is-better) online is unlikely to be useful. Doing so may trigger spam and fraud detection systems, such as if you were to log into your bank's website.
 
-It's important to remember that a VPN will not provide you with absolute anonymity, because the VPN provider itself will still see your real IP address, destination website information, and often has a money trail that can be linked directly back to you. You can't rely on "no logging" policies to protect your data from anyone who is able to protect. If you need complete safety from the network itself, consider using [Tor](../advanced/tor-overview.md) in addition to or instead of a VPN.
+It's important to remember that a VPN will not provide you with absolute anonymity because the VPN provider itself will still have access to your real IP address, destination website information, and often a money trail that can be linked directly back to you. "No logging" policies are merely a promise; if you need complete safety from the network itself, consider using [Tor](../advanced/tor-overview.md) in addition to or instead of a VPN.
 
 You also should not trust a VPN to secure your connection to an unencrypted, HTTP destination. In order to keep what you actually do on the websites you visit private and secure, you must use HTTPS. This will keep your passwords, session tokens, and queries safe from the VPN provider and other potential adversaries in between the VPN server and your destination. You should enable HTTPS-only mode in your browser (if it's supported) to mitigate attacks which try to downgrade your connection from HTTPS to HTTP.
 
@@ -91,7 +91,9 @@ Recently, some attempts have been made by various organizations to address some
 
 Multi-Party Relays (MPRs) use multiple nodes owned by different parties, such that no individual party knows both who you are and what you're connecting to. This is the basic idea behind Tor, but now there are some paid services that try to emulate this model.
 
-MPRs seek to solve a problem inherent to VPNs: the fact that you must trust them completely. They accomplish this goal by segmenting the responsibilities between two or more different companies. For example, Apple's iCloud+ Private Relay routes your traffic through two servers:
+MPRs seek to solve a problem inherent to VPNs: the fact that you must trust them completely. They accomplish this goal by segmenting the responsibilities between two or more different companies.
+
+One example of a commercially available MPR is Apple's iCloud+ Private Relay, which routes your traffic through two servers:
 
 1. Firstly, a server operated by Apple.
 
@@ -101,7 +103,7 @@ MPRs seek to solve a problem inherent to VPNs: the fact that you must trust them
 
     This server actually makes the connection to your destination website, but has no knowledge of your device. The only IP address it knows about is Apple's server's.
 
-Other MPRs run by different companies like Google or INVISV operate in a very similar manner. This protection by segmentation only exists if you trust the two companies to not collude with each other to deanonymize you.
+Other MPRs run by different companies operate in a very similar manner. This protection by segmentation only exists if you trust the two companies to not collude with each other to deanonymize you.
 
 ### Decentralized VPNs
 

docs/cloud.md

@@ -95,33 +95,36 @@ They have also received the Digital Trust Label, a certification from the [Swiss
 
 ![Peergos logo](assets/img/cloud/peergos.svg){ align=right }
 
-**Peergos** is a decentralized protocol and open-source platform for storage, social media, and applications. It provides a secure and private space where users can store, share, and view their photos, videos, documents, etc. Peergos secures your files with quantum-resistant end-to-end encryption and ensures all data about your files remains private. It is built on top of [IPFS (InterPlanetary File System)](https://ipfs.tech), a peer-to-peer architecture that protects against [:material-close-outline: Censorship](basics/common-threats.md#avoiding-censorship){ .pg-blue-gray }.
+**Peergos** is a decentralized protocol and open-source platform for storage, social media, and applications. It provides a secure and private space where users can store, share, and view their photos, videos, documents, etc. Peergos secures your files with quantum-resistant end-to-end encryption and ensures all data about your files remains private.
 
 [:octicons-home-16: Homepage](https://peergos.org){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://peergos.net/privacy.html){ .card-link title="Privacy Policy" }
 [:octicons-info-16:](https://book.peergos.org){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/Peergos/Peergos){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://github.com/peergos/peergos#support){ .card-link title="Contribute" }
 
 <details class="downloads" markdown>
 <summary>Downloads</summary>
 
-- [:octicons-globe-16: Web](https://peergos.net)
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=peergos.android)
+- [:simple-github: GitHub](https://github.com/Peergos/web-ui/releases)
 - [:fontawesome-brands-windows: Windows](https://github.com/Peergos/web-ui/releases)
 - [:simple-apple: macOS](https://github.com/Peergos/web-ui/releases)
 - [:simple-linux: Linux](https://github.com/Peergos/web-ui/releases)
+- [:octicons-browser-16: Web](https://peergos.net)
 
 </details>
 
 </div>
 
+Peergos is built on top of the [InterPlanetary File System (IPFS)](https://ipfs.tech), a peer-to-peer architecture that protects against [:material-close-outline: Censorship](basics/common-threats.md#avoiding-censorship){ .pg-blue-gray }.
+
 Peergos is primarily a web app, but you can self-host the server either as a local cache for your remote Peergos account, or as a standalone storage server which negates the need to register for a remote account and subscription. The Peergos server is a `.jar` file, which means the Java 17+ Runtime Environment ([OpenJDK download](https://azul.com/downloads)) should be installed on your machine to get it working.
 
 Running a local version of Peergos alongside a registered account on their paid, hosted service allows you to access your Peergos storage without any reliance on DNS or TLS certificate authorities, and keep a copy of your data backed up to their cloud. The user experience should be the same whether you run their desktop server or just use their hosted web interface.
 
 Peergos was [audited](https://peergos.org/posts/security-audit-2024) in November 2024 by Radically Open Security and all issues were fixed. They were previously [audited](https://cure53.de/pentest-report_peergos.pdf) by Cure53 in June 2019, and all found issues were subsequently fixed.
 
-An Android app is not available, but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
-
 ## Criteria
 
 **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.

docs/desktop-browsers.md

@@ -88,7 +88,11 @@ If you need to browse the internet anonymously, you should use [Tor](tor.md) ins
 
 </div>
 
-Like [Tor Browser](tor.md), Mullvad Browser is designed to prevent fingerprinting by making your browser fingerprint identical to all other Mullvad Browser users, and it includes default settings and extensions that are automatically configured by the default security levels: *Standard*, *Safer* and *Safest*. Therefore, it is imperative that you do not modify the browser at all outside adjusting the default [security levels](https://tb-manual.torproject.org/security-settings). Other modifications would make your fingerprint unique, defeating the purpose of using this browser. If you want to configure your browser more heavily and fingerprinting is not a concern for you, we recommend [Firefox](#firefox) instead.
+Like [Tor Browser](tor.md), Mullvad Browser is designed to prevent fingerprinting by making your browser fingerprint identical to all other Mullvad Browser users, and it includes default settings and extensions that are automatically configured by the default security levels: *Standard*, *Safer* and *Safest*.
+
+Therefore, it is imperative that you do not modify the browser at all outside adjusting the default [security levels](https://tb-manual.torproject.org/security-settings). When adjusting the security level, you **must** always restart the browser before continuing to use it. Otherwise, [the security settings may not be fully applied](https://www.privacyguides.org/articles/2025/05/02/tor-security-slider-flaw/), putting you at a higher risk of fingerprinting and exploits than you may expect based on the setting chosen.
+
+Modifications other than adjusting this setting would make your fingerprint unique, defeating the purpose of using this browser. If you want to configure your browser more heavily and fingerprinting is not a concern for you, we recommend [Firefox](#firefox) instead.
 
 ### Anti-Fingerprinting
 
@@ -317,15 +321,6 @@ Brave allows you to select additional content filters within the internal `brave
 
 1. Disabling the V8 optimizer reduces your attack surface by disabling [*some*](https://grapheneos.social/@GrapheneOS/112708049232710156) parts of JavaScript Just-In-Time (JIT) compilation.
 
-<div class="admonition tip" markdown>
-<p class="admonition-title">Sanitizing on close</p>
-
-- [x] Select **Delete data sites have saved to your device when you close all windows** under *Sites and Shields Settings* → *Content* → *Additional content settings* → *On-device site data*.
-
-If you wish to stay logged in to a particular site you visit often, you can set exceptions on a per-site basis under the *Customized behaviors* section.
-
-</div>
-
 ##### Tor windows
 
 [**Private Window with Tor**](https://support.brave.com/hc/articles/360018121491-What-is-a-Private-Window-with-Tor-Connectivity) allows you to route your traffic through the Tor network in Private Windows and access .onion services, which may be useful in some cases. However, Brave is **not** as resistant to fingerprinting as the Tor Browser is, and far fewer people use Brave with Tor, so you will stand out. If your threat model requires strong anonymity, use the [Tor Browser](tor.md#tor-browser).

docs/desktop.md

@@ -14,15 +14,15 @@ Linux distributions are commonly recommended for privacy protection and software
 
 ## Traditional Distributions
 
-### Fedora Workstation
+### Fedora Linux
 
 <div class="admonition recommendation" markdown>
 
 ![Fedora logo](assets/img/linux-desktop/fedora.svg){ align=right }
 
-**Fedora Workstation** is our recommended distribution for people new to Linux. Fedora generally adopts newer technologies (e.g., [Wayland](https://wayland.freedesktop.org) and [PipeWire](https://pipewire.org)) before other distributions. These new technologies often come with improvements in security, privacy, and usability in general.
+**Fedora Linux** is our recommended desktop distribution for people new to Linux. Fedora generally adopts newer technologies (e.g., [Wayland](https://wayland.freedesktop.org) and [PipeWire](https://pipewire.org)) before other distributions. These new technologies often come with improvements in security, privacy, and usability in general.
 
-[:octicons-home-16: Homepage](https://fedoraproject.org/workstation){ .md-button .md-button--primary }
+[:octicons-home-16: Homepage](https://fedoraproject.org){ .md-button .md-button--primary }
 [:octicons-info-16:](https://docs.fedoraproject.org/en-US/docs){ .card-link title=Documentation}
 [:octicons-heart-16:](https://whatcanidoforfedora.org){ .card-link title=Contribute }
 
@@ -30,7 +30,9 @@ Linux distributions are commonly recommended for privacy protection and software
 
 </div>
 
-Fedora has a semi-rolling release cycle. While some packages like [GNOME](https://gnome.org) are frozen until the next Fedora release, most packages (including the kernel) are updated frequently throughout the lifespan of the release. Each Fedora release is supported for one year, with a new version released every 6 months.
+Fedora comes in two primary desktop editions, [Fedora Workstation](https://fedoraproject.org/workstation), which uses the GNOME desktop environment, and [Fedora KDE Plasma Desktop](https://fedoraproject.org/kde), which uses KDE. Historically, Fedora Workstation has been more popular and widely recommended, but KDE has been gaining in popularity and provides an experience more similar to Windows, which may make transitioning to Linux easier for some. The security and privacy benefits of both editions are very similar, so it mostly comes down to personal preference.
+
+Fedora has a semi-rolling release cycle. While some packages like the desktop environment are frozen until the next Fedora release, most packages (including the kernel) are updated frequently throughout the lifespan of the release. Each Fedora release is supported for one year, with a new version released every 6 months.
 
 ### openSUSE Tumbleweed
 
@@ -213,6 +215,25 @@ Qubes OS secures the computer by isolating subsystems (e.g., networking, USB, et
 
 For further information about how Qubes works, read our full [Qubes OS overview](os/qubes-overview.md) page.
 
+### Secureblue
+
+<div class="admonition recommendation" markdown>
+
+![Secureblue logo](assets/img/linux-desktop/secureblue.svg){ align=right }
+
+**Secureblue** is a security-focused operating system based on [Fedora Atomic Desktops](#fedora-atomic-desktops). It includes a number of [security features](https://secureblue.dev/features) intended to proactively defend against the exploitation of both known and unknown vulnerabilities, and ships with [Trivalent](https://github.com/secureblue/Trivalent), their hardened, Chromium-based web browser.
+
+[:octicons-home-16: Homepage](https://secureblue.dev){ .md-button .md-button--primary }
+[:octicons-info-16:](https://secureblue.dev/install){ .card-link title="Documentation" }
+[:octicons-code-16:](https://github.com/secureblue/secureblue){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://secureblue.dev/donate){ .card-link title="Contribute" }
+
+</div>
+
+**Trivalent** is Secureblue's hardened Chromium for desktop Linux inspired by [GrapheneOS](android/distributions.md#grapheneos)'s Vanadium browser.
+
+Secureblue also provides GrapheneOS's [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc) and enables it globally (including for Flatpaks).
+
 ### Kicksecure
 
 While we [recommend against](os/linux-overview.md#release-cycle) "perpetually outdated" distributions like Debian for desktop use in most cases, Kicksecure is a Debian-based operating system which has been hardened to be much more than a typical Linux install.

docs/device-integrity.md

@@ -69,7 +69,8 @@ These tools can trigger false-positives. If any of these tools finds indicators
 
 <div class="admonition recommendation" markdown>
 
-![MVT logo](assets/img/device-integrity/mvt.webp){ align=right }
+![MVT logo](assets/img/device-integrity/mvt.webp#only-light){ align=right }
+![MVT logo](assets/img/device-integrity/mvt-dark.png#only-dark){ align=right }
 
 **Mobile Verification Toolkit** (**MVT**) is a collection of utilities which simplifies and automates the process of scanning mobile devices for potential traces of targeting or infection by known spyware campaigns. MVT was developed by Amnesty International and released in 2021 in the context of the [Pegasus Project](https://forbiddenstories.org/about-the-pegasus-project).
 
@@ -186,4 +187,4 @@ It is important to note that Auditor can only effectively detect changes **after
 
 No personally identifiable information is submitted to the attestation service. We recommend that you sign up with an anonymous account and enable remote attestation for continuous monitoring.
 
-If your [threat model](basics/threat-modeling.md) requires privacy, you could consider using [Orbot](tor.md#orbot) or a VPN to hide your IP address from the attestation service.
+If your [threat model](basics/threat-modeling.md) requires hiding your IP address from the attestation service, you could consider using [Orbot](alternative-networks.md#orbot) or a [VPN](vpn.md).

docs/dns.md

@@ -1,7 +1,7 @@
 ---
 title: "DNS Resolvers"
 icon: material/dns
-description: These are some encrypted DNS providers we recommend switching to, to replace your ISP's default configuration.
+description: We recommend choosing these encrypted DNS providers to replace your ISP's default configuration.
 cover: dns.webp
 global:
  - [randomize-element, "table tbody"]
@@ -16,23 +16,43 @@ Encrypted DNS with third-party servers should only be used to get around basic [
 
 ## Recommended Providers
 
-These are our favorite public DNS resolvers based on their privacy and security characteristics, and their worldwide performance. Some of these services offer basic DNS-level blocking of malware or trackers depending on the server you choose, but if you want to be able to see and customize what is blocked you should use a dedicated DNS filtering product instead.
+These are our favorite public DNS resolvers based on their privacy and security characteristics, and their worldwide performance. Some of these services offer basic DNS-level blocking of malware or trackers depending on the server you choose, but if you want to be able to see and customize what is blocked, you should use a dedicated DNS filtering product instead.
 
 | DNS Provider | Protocols | Logging / Privacy Policy | [ECS](advanced/dns-overview.md#what-is-edns-client-subnet-ecs) | Filtering | Signed Apple Profile |
 |---|---|---|---|---|---|
-| [**AdGuard Public DNS**](https://adguard-dns.io/en/public-dns.html) | Cleartext   DoH/3   DoT   DoQ   DNSCrypt | Anonymized[^1] | Anonymized | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS) | Yes [:octicons-link-external-24:](https://adguard-dns.io/en/blog/encrypted-dns-ios-14.html) |
-| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setup) | Cleartext   DoH/3   DoT | Anonymized[^2] | No | Based on server choice. | No [:octicons-link-external-24:](https://community.cloudflare.com/t/requesting-1-1-1-1-signed-profiles-for-apple/571846) |
-| [**Control D Free DNS**](https://controld.com/free-dns) | Cleartext   DoH/3   DoT   DoQ | No[^3] | No | Based on server choice. | Yes [:octicons-link-external-24:](https://docs.controld.com/docs/macos-platform) |
-| [**dns0.eu**](https://dns0.eu) | Cleartext   DoH/3   DoH   DoT   DoQ | Anonymized[^4] | Anonymized | Based on server choice. | Yes [:octicons-link-external-24:](https://dns0.eu/zero.dns0.eu.mobileconfig) |
-| [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | DoH   DoT | No[^5] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) | Yes [:octicons-link-external-24:](https://mullvad.net/en/blog/profiles-to-configure-our-encrypted-dns-on-apple-devices) |
-| [**Quad9**](https://quad9.net) | Cleartext   DoH   DoT   DNSCrypt | Anonymized[^6] | Optional | Based on server choice, malware blocking by default. | Yes [:octicons-link-external-24:](https://quad9.net/news/blog/ios-mobile-provisioning-profiles) |
+| [**AdGuard Public DNS**](https://adguard-dns.io/en/public-dns.html) | Cleartext <br>DoH/3 <br>DoT <br>DoQ <br>DNSCrypt | Anonymized[^1] | Anonymized | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS) | Yes [:octicons-link-external-24:](https://adguard-dns.io/en/blog/encrypted-dns-ios-14.html) |
+| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setup) | Cleartext <br>DoH/3 <br>DoT | Anonymized[^2] | No | Based on server choice. | No [:octicons-link-external-24:](https://community.cloudflare.com/t/requesting-1-1-1-1-signed-profiles-for-apple/571846) |
+| [**Control D Free DNS**](https://controld.com/free-dns) | Cleartext <br>DoH/3 <br>DoT <br>DoQ | No[^3] | No | Based on server choice. | Yes <br>[:simple-apple: iOS](https://docs.controld.com/docs/ios-platform) <br>[:material-apple-finder: macOS](https://docs.controld.com/docs/macos-platform#manual-setup-profile) |
+| [**DNS0.eu**](https://dns0.eu) | Cleartext <br>DoH/3 <br>DoH <br>DoT <br>DoQ | Anonymized[^4] | Anonymized | Based on server choice. | Yes [:octicons-link-external-24:](https://dns0.eu/zero.dns0.eu.mobileconfig) |
+| [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | DoH <br>DoT | No[^5] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) | Yes [:octicons-link-external-24:](https://github.com/mullvad/encrypted-dns-profiles) |
+| [**Quad9**](https://quad9.net) | Cleartext <br>DoH <br>DoT <br>DNSCrypt | Anonymized[^6] | Optional | Based on server choice. Malware blocking is included by default. | Yes <br>[:simple-apple: iOS](https://docs.quad9.net/Setup_Guides/iOS/iOS_14_and_later_(Encrypted)) <br>[:material-apple-finder: macOS](https://docs.quad9.net/Setup_Guides/MacOS/Big_Sur_and_later_(Encrypted)) |
 
-[^1]: AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested in within last 24 hours. "We need this information to identify and block new trackers and threats." "We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters." [https://adguard-dns.io/en/privacy.html](https://adguard-dns.io/en/privacy.html)
-[^2]: Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver. The 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is stored only for 25 hours. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver)
-[^3]: Control D only logs for Premium resolvers with custom DNS profiles. Free resolvers do not log data. [https://controld.com/privacy](https://controld.com/privacy)
-[^4]: dns0.eu collects some data for their threat intelligence feeds, to monitor for newly registered/observed/active domains and other bulk data. That data is shared with some [partners](https://docs.dns0.eu/data-feeds/introduction) for e.g. security research. They do not collect any Personally Identifiable Information. [https://dns0.eu/privacy](https://dns0.eu/privacy)
-[^5]: Mullvad's DNS service is available to both subscribers and non-subscribers of Mullvad VPN. Their privacy policy explicitly claims they do not log DNS requests in any way. [https://mullvad.net/en/help/no-logging-data-policy/](https://mullvad.net/en/help/no-logging-data-policy)
-[^6]: Quad9 collects some data for the purposes of threat monitoring and response. That data may then be remixed and shared, such as for the purpose of security research. Quad9 does not collect or record IP addresses or other data they deem personally identifiable. [https://quad9.net/privacy/policy](https://quad9.net/privacy/policy)
+[^1]:
+    AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested within the last 24 hours.
+    > We need this information to identify and block new trackers and threats.
+    > We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters.
+
+    AdGuard DNS: [*Privacy Policy*](https://adguard-dns.io/en/privacy.html)
+[^2]:
+    Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver. The 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is stored only for 25 hours.
+
+    1.1.1.1 Public DNS Resolver: [*Cloudflare’s commitment to privacy*](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver)
+[^3]:
+    Control D only logs specific account data for Premium resolvers with custom DNS profiles. Free resolvers do not retain any data.
+
+    Control D: [*Privacy Policy*](https://controld.com/privacy)
+[^4]:
+    DNS0.eu collects some data for their threat intelligence feeds to monitor for newly registered/observed/active domains and other bulk data. That data is shared with some [partners](https://docs.dns0.eu/data-feeds/introduction) for e.g. security research. They do not collect any personally identifiable information.
+
+    DNS0.eu: [*Privacy Policy*](https://dns0.eu/privacy)
+[^5]:
+    Mullvad's DNS service is available to both subscribers and non-subscribers of Mullvad VPN. Their privacy policy explicitly claims they do not log DNS requests in any way.
+
+    Mullvad: [*No-logging of user activity policy*](https://mullvad.net/en/help/no-logging-data-policy)
+[^6]:
+    Quad9 collects some data for the purposes of threat monitoring and response. That data may then be remixed and shared for purposes like furthering their security research. Quad9 does not collect or record IP addresses or other data they deem personally identifiable.
+
+    Quad9: [*Data and Privacy Policy*](https://quad9.net/privacy/policy)
 
 ## Self-Hosted DNS Filtering
 
@@ -97,12 +117,12 @@ These DNS filtering solutions offer a web dashboard where you can customize the
 <details class="downloads" markdown>
 <summary>Downloads</summary>
 
-- [:fontawesome-brands-windows: Windows](https://docs.controld.com/docs/gui-setup-utility)
-- [:simple-apple: macOS](https://docs.controld.com/docs/gui-setup-utility)
-- [:simple-linux: Linux](https://docs.controld.com/docs/ctrld)
 - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.controld.setuputility)
 - [:simple-appstore: App Store](https://apps.apple.com/app/1518799460)
 - [:simple-github: GitHub](https://github.com/Control-D-Inc/ctrld/releases)
+- [:fontawesome-brands-windows: Windows](https://docs.controld.com/docs/gui-setup-utility)
+- [:simple-apple: macOS](https://docs.controld.com/docs/gui-setup-utility)
+- [:simple-linux: Linux](https://docs.controld.com/docs/ctrld)
 
 </details>
 
@@ -124,11 +144,11 @@ These DNS filtering solutions offer a web dashboard where you can customize the
 <details class="downloads" markdown>
 <summary>Downloads</summary>
 
+- [:simple-appstore: App Store](https://apps.apple.com/app/nextdns/id1463342498)
+- [:simple-github: GitHub](https://github.com/nextdns/nextdns/releases)
 - [:fontawesome-brands-windows: Windows](https://github.com/nextdns/nextdns/wiki/Windows)
 - [:simple-apple: macOS](https://apps.apple.com/us/app/nextdns/id1464122853)
 - [:simple-linux: Linux](https://github.com/nextdns/nextdns/wiki)
-- [:simple-appstore: App Store](https://apps.apple.com/app/nextdns/id1463342498)
-- [:simple-github: GitHub](https://github.com/nextdns/nextdns/releases)
 
 </details>
 
@@ -136,9 +156,9 @@ These DNS filtering solutions offer a web dashboard where you can customize the
 
 When used with an account, NextDNS will enable insights and logging features by default (as some features require it). You can choose retention time and log storage location for any logs you choose to keep, or disable logs altogether.
 
-NextDNS's free plan is fully functional, but should not be relied upon for security or other critical filtering applications, because after 300,000 DNS queries in a month all filtering, logging, and other account-based functionality is disabled. It can still be used as a regular DNS provider after that point, so your devices will continue to function and make secure queries via DNS-over-HTTPS, just without your filter lists.
+NextDNS's free plan is fully functional, but should not be relied upon for security or other critical filtering applications, because after 300,000 DNS queries in a month all filtering, logging, and other account-based functionality are disabled. It can still be used as a regular DNS provider after that point, so your devices will continue to function and make secure queries via DNS-over-HTTPS (DoH), just without your filter lists.
 
-NextDNS also offers public DNS-over-HTTPS service at `https://dns.nextdns.io` and DNS-over-TLS/QUIC at `dns.nextdns.io`, which are available by default in Firefox and Chromium, and subject to their default no-logging [privacy policy](https://nextdns.io/privacy).
+NextDNS also offers a public DoH service at `https://dns.nextdns.io` and DNS-over-TLS/QUIC (DoT/DoQ) at `dns.nextdns.io`, which are available by default in Firefox and Chromium, and subject to their default, no-logging [privacy policy](https://nextdns.io/privacy).
 
 ## Encrypted DNS Proxies
 
@@ -151,7 +171,7 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](ad
 ![RethinkDNS logo](assets/img/android/rethinkdns.svg#only-light){ align=right }
 ![RethinkDNS logo](assets/img/android/rethinkdns-dark.svg#only-dark){ align=right }
 
-**RethinkDNS** is an open-source Android client that supports [DNS-over-HTTPS](advanced/dns-overview.md#dns-over-https-doh), [DNS-over-TLS](advanced/dns-overview.md#dns-over-tls-dot), [DNSCrypt](advanced/dns-overview.md#dnscrypt) and DNS Proxy. It also provides additional functionality such as caching DNS responses, locally logging DNS queries, and using the app as a firewall.
+**RethinkDNS** is an open-source Android client that supports [DoH](advanced/dns-overview.md#dns-over-https-doh), [DoT](advanced/dns-overview.md#dns-over-tls-dot), [DNSCrypt](advanced/dns-overview.md#dnscrypt) and DNS Proxy. It also provides additional functionality such as caching DNS responses, locally logging DNS queries, and using the app as a firewall.
 
 [:octicons-home-16: Homepage](https://rethinkdns.com){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://rethinkdns.com/privacy){ .card-link title="Privacy Policy" }
@@ -170,13 +190,13 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](ad
 
 While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a WireGuard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
 
-### dnscrypt-proxy
+### DNSCrypt-Proxy
 
 <div class="admonition recommendation" markdown>
 
-![dnscrypt-proxy logo](assets/img/dns/dnscrypt-proxy.svg){ align=right }
+![DNSCrypt-Proxy logo](assets/img/dns/dnscrypt-proxy.svg){ align=right }
 
-**dnscrypt-proxy** is a DNS proxy with support for [DNSCrypt](advanced/dns-overview.md#dnscrypt), [DNS-over-HTTPS](advanced/dns-overview.md#dns-over-https-doh), and [Anonymized DNS](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Anonymized-DNS).
+**DNSCrypt-Proxy** is a DNS proxy with support for [DNSCrypt](advanced/dns-overview.md#dnscrypt), [DoH](advanced/dns-overview.md#dns-over-https-doh), and [Anonymized DNS](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Anonymized-DNS).
 
 [:octicons-repo-16: Repository](https://github.com/DNSCrypt/dnscrypt-proxy){ .md-button .md-button--primary }
 [:octicons-info-16:](https://github.com/DNSCrypt/dnscrypt-proxy/wiki){ .card-link title=Documentation}
@@ -205,14 +225,14 @@ The anonymized DNS feature does [not](advanced/dns-overview.md#why-shouldnt-i-us
 
 **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
 
-All DNS products must support:
+All DNS products...
 
-- [DNSSEC](advanced/dns-overview.md#what-is-dnssec).
-- [QNAME Minimization](advanced/dns-overview.md#what-is-qname-minimization).
-- Anonymize [ECS](advanced/dns-overview.md#what-is-edns-client-subnet-ecs) or disable it by default.
+- Must support [DNSSEC](advanced/dns-overview.md#what-is-dnssec).
+- Must support [QNAME Minimization](advanced/dns-overview.md#what-is-qname-minimization).
+- Must anonymize [ECS](advanced/dns-overview.md#what-is-edns-client-subnet-ecs) or disable it by default.
 
-Additionally, all public providers:
+Additionally, all public providers...
 
-- Prefer [anycast](https://en.wikipedia.org/wiki/Anycast#Addressing_methods) support or geo-steering support.
-- Must not log any personal data to disk
-    - As noted in our footnotes, some providers collect query information for example, for purposes like security research, but in that case that data must not be associated with any PII such as IP address, etc.
+- Must not log any personal data to disk.
+    - As noted in the footnotes, some providers collect query information for purposes like security research, but in that case the data must not be associated with any PII such as IP address, etc.
+- Should support [anycast](https://en.wikipedia.org/wiki/Anycast) or geo-steering.

docs/document-collaboration.md

@@ -53,7 +53,7 @@ We don't recommend using the [E2EE App](https://apps.nextcloud.com/apps/end_to_e
 
 ![CryptPad logo](assets/img/document-collaboration/cryptpad.svg){ align=right }
 
-**CryptPad** is a private-by-design alternative to popular office tools. All content on this web service is end-to-end encrypted and can be shared with other users easily.
+**CryptPad** is a private-by-design alternative to popular office tools. All content on this web service is end-to-end encrypted and can be shared with other users easily. [:material-star-box: Read our latest CryptPad review.](https://www.privacyguides.org/articles/2025/02/07/cryptpad-review/)
 
 [:octicons-home-16: Homepage](https://cryptpad.fr){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://cryptpad.fr/pad/#/2/pad/view/GcNjAWmK6YDB3EO2IipRZ0fUe89j43Ryqeb4fjkjehE){ .card-link title="Privacy Policy" }

docs/email-aliasing.md

@@ -9,61 +9,77 @@ cover: email-aliasing.webp
 - [:material-account-cash: Surveillance Capitalism](basics/common-threats.md#surveillance-as-a-business-model){ .pg-brown }
 - [:material-account-search: Public Exposure](basics/common-threats.md#limiting-public-information){ .pg-green }
 
-An **email aliasing service** allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your [email provider](email.md). True email aliasing is better than plus addressing commonly used and supported by many providers, which allows you to create aliases like `yourname+[anythinghere]@example.com`, because websites, advertisers, and tracking networks can trivially remove anything after the `+` sign. Organizations like the [IAB](https://en.wikipedia.org/wiki/Interactive_Advertising_Bureau) require that advertisers [normalize email addresses](https://shkspr.mobi/blog/2023/01/the-iab-loves-tracking-users-but-it-hates-users-tracking-them) so that they can be correlated and tracked, regardless of users' privacy wishes.
-
-<div class="grid cards" markdown>
-
-- ![addy.io logo](assets/img/email-aliasing/addy.svg){ .twemoji } [addy.io](email-aliasing.md#addyio)
-- ![SimpleLogin logo](assets/img/email-aliasing/simplelogin.svg){ .twemoji } [SimpleLogin](email-aliasing.md#simplelogin)
-
-</div>
+An **email aliasing service** allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your [email provider](email.md).
 
 Email aliasing can also act as a safeguard in case your email provider ever ceases operation. In that scenario, you can easily re-route your aliases to a new email address. In turn, however, you are placing trust in the aliasing service to continue functioning.
 
-Using a dedicated email aliasing service also has a number of benefits over a catch-all alias on a custom domain:
+## Benefits
+
+Using a service which allows you to individually manage email aliases has a number of benefits over conventional mailbox management/filtering methods:
+
+### Over Plus Addressing
+
+True email aliasing is better than plus addressing commonly used and supported by many providers, which allows you to create aliases like `yourname+[anythinghere]@example.com`, because websites, advertisers, and tracking networks can trivially remove anything after the `+` sign. Organizations like the [IAB](https://en.wikipedia.org/wiki/Interactive_Advertising_Bureau) require that advertisers [normalize email addresses](https://shkspr.mobi/blog/2023/01/the-iab-loves-tracking-users-but-it-hates-users-tracking-them) so that they can be correlated and tracked, regardless of users' privacy wishes.
+
+### Over Catch-All Aliases
+
+Using a dedicated email aliasing service has a number of benefits over a catch-all alias on a custom domain:
 
 - Aliases can be turned on and off individually when you need them, preventing websites from emailing you randomly.
 - Replies are sent from the alias address, shielding your real email address.
 
-They also have a number of benefits over "temporary email" services:
+### Over Temporary Email Services
+
+Email aliasing services also have a number of benefits over "temporary email" services:
 
 - Aliases are permanent and can be turned on again if you need to receive something like a password reset.
 - Emails are sent to your trusted mailbox rather than stored by the alias provider.
 - Temporary email services typically have public mailboxes which can be accessed by anyone who knows the address, while aliases are private to you.
 
-Our email aliasing recommendations are providers that allow you to create aliases on domains they control, as well as on your own custom domain(s) for a modest yearly fee. They can also be self-hosted if you want maximum control. However, using a custom domain can have privacy-related drawbacks: If you are the only person using your custom domain, your actions can be easily tracked across websites simply by looking at the domain name in the email address and ignoring everything before the at (@) sign.
+## Recommended Providers
+
+<div class="grid cards" markdown>
+
+- ![Addy.io logo](assets/img/email-aliasing/addy.svg){ .twemoji } [Addy.io](email-aliasing.md#addyio)
+- ![SimpleLogin logo](assets/img/email-aliasing/simplelogin.svg){ .twemoji } [SimpleLogin](email-aliasing.md#simplelogin)
+
+</div>
+
+Our email aliasing recommendations are providers that allow you to create aliases on domains they control, as well as on your own custom domain(s) for a modest yearly fee. They can also be self-hosted if you want maximum control. However, using a custom domain can have privacy-related drawbacks: If you are the only person using your custom domain, your actions can be easily tracked across websites simply by looking at the domain name in the email address and ignoring everything before the `@` symbol.
 
 Using an aliasing service requires trusting both your email provider and your aliasing provider with your unencrypted messages. Some providers mitigate this slightly with automatic PGP encryption[^1], which reduces the number of parties you need to trust from two to one by encrypting incoming emails before they are delivered to your final mailbox provider.
 
-### addy.io
+### Addy.io
 
 <div class="admonition recommendation" markdown>
 
-![addy.io logo](assets/img/email-aliasing/addy.svg){ align=right }
+![Addy.io logo](assets/img/email-aliasing/addy.svg){ align=right }
 
-**addy.io** lets you create 10 domain aliases on a shared domain for free, or unlimited "standard" aliases.
+**Addy.io** lets you create 10 domain aliases on a shared domain for free, or unlimited ["standard" aliases](https://addy.io/faq/#what-is-a-standard-alias).
 
 [:octicons-home-16: Homepage](https://addy.io){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://addy.io/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://addy.io/faq){ .card-link title=Documentation}
+[:octicons-info-16:](https://addy.io/faq){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/anonaddy){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://addy.io/donate){ .card-link title=Contribute }
+[:octicons-heart-16:](https://addy.io/donate){ .card-link title="Contribute" }
 
 <details class="downloads" markdown>
 <summary>Downloads</summary>
 
-- [:simple-android: Android](https://addy.io/faq/#is-there-an-android-app)
-- [:material-apple-ios: iOS](https://addy.io/faq/#is-there-an-ios-app)
+- [:simple-googleplay: Google Play](https://addy.io/faq/#is-there-an-android-app)
+- [:simple-appstore: App Store](https://addy.io/faq/#is-there-an-ios-app)
 - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/addy_io)
-- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/addyio-anonymous-email-fo/iadbdpnoknmbdeolbapdackdcogdmjpe)
+- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/iadbdpnoknmbdeolbapdackdcogdmjpe)
 
 </details>
 
 </div>
 
-The number of shared aliases (which end in a shared domain like @addy.io) that you can create is limited to 10 on addy.io's free plan, 50 on their $1/month plan and unlimited on the $4/month plan (billed $3 for a year). You can pay for these plans using [cryptocurrency](https://addy.io/help/subscribing-with-cryptocurrency) or purchase a voucher code from [ProxyStore](https://addy.io/help/voucher-codes), addy.io's official reseller.
+The number of shared aliases (which end in a shared domain like `@addy.io`) that you can create depends on the [plan](https://addy.io/#pricing) you are subscribed to. You can pay for these plans using [cryptocurrency](https://addy.io/help/subscribing-with-cryptocurrency) or purchase a voucher code from [ProxyStore](https://addy.io/help/voucher-codes), Addy.io's official reseller.
 
-You can create unlimited standard aliases which end in a domain like @[username].addy.io or a custom domain on paid plans. However, as previously mentioned, this can be detrimental to privacy because people can trivially tie your standard aliases together based on the domain name alone. They are useful where a shared domain might be blocked by a service. Securitum [audited](https://addy.io/blog/addy-io-passes-independent-security-audit) addy.io in September 2023 and no significant vulnerabilities [were identified](https://addy.io/addy-io-security-audit.pdf).
+You can create unlimited standard aliases which end in a domain like `@[username].addy.io` or a custom domain on paid plans. However, as previously mentioned, this can be detrimental to privacy because people can trivially tie your standard aliases together based on the domain name alone. They are useful where a shared domain might be blocked by a service.
+
+Securitum [audited](https://addy.io/blog/addy-io-passes-independent-security-audit) Addy.io in September 2023 and no significant vulnerabilities [were identified](https://addy.io/addy-io-security-audit.pdf).
 
 Notable free features:
 
@@ -85,7 +101,7 @@ If you cancel your subscription, you will still enjoy the features of your paid
 
 [:octicons-home-16: Homepage](https://simplelogin.io){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://simplelogin.io/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://simplelogin.io/docs){ .card-link title=Documentation}
+[:octicons-info-16:](https://simplelogin.io/docs){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/simple-login){ .card-link title="Source Code" }
 
 <details class="downloads" markdown>
@@ -96,18 +112,18 @@ If you cancel your subscription, you will still enjoy the features of your paid
 - [:simple-github: GitHub](https://github.com/simple-login/Simple-Login-Android/releases)
 - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/simplelogin)
 - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/dphilobhebphkdjbpfohgikllaljmgbn)
-- [:fontawesome-brands-edge: Edge](https://microsoftedge.microsoft.com/addons/detail/simpleloginreceive-sen/diacfpipniklenphgljfkmhinphjlfff)
+- [:fontawesome-brands-edge: Edge](https://microsoftedge.microsoft.com/addons/detail/diacfpipniklenphgljfkmhinphjlfff)
 - [:simple-safari: Safari](https://apps.apple.com/app/id6475835429)
 
 </details>
 
 </div>
 
-SimpleLogin was [acquired by Proton AG](https://proton.me/news/proton-and-simplelogin-join-forces) as of April 8, 2022. If you use Proton Mail for your primary mailbox, SimpleLogin is a great choice. As both products are now owned by the same company you now only have to trust a single entity. We also expect that SimpleLogin will be more tightly integrated with Proton's offerings in the future. SimpleLogin continues to support forwarding to any email provider of your choosing. Securitum [audited](https://simplelogin.io/blog/security-audit) SimpleLogin in early 2022 and all issues [were addressed](https://simplelogin.io/audit2022/web.pdf).
+SimpleLogin was [acquired by Proton AG](https://proton.me/news/proton-and-simplelogin-join-forces) as of April 8, 2022. If you use Proton Mail for your primary mailbox, SimpleLogin is a great choice. As both products are now owned by the same company you now only have to trust a single entity. We also expect that SimpleLogin will be more tightly integrated with Proton's offerings in the future. SimpleLogin continues to support forwarding to any email provider of your choosing.
 
-You can link your SimpleLogin account in the settings with your Proton account. If you have Proton Pass Plus, Proton Unlimited, or any multi-user Proton plan, you will have SimpleLogin Premium for free.
+You can link your SimpleLogin account in the settings with your Proton account. If you have Proton Pass Plus, Proton Unlimited, or any multi-user Proton plan, you will have SimpleLogin Premium for free. You can also purchase a voucher code for SimpleLogin Premium anonymously via their official reseller [ProxyStore](https://simplelogin.io/faq).
 
-You can also purchase a voucher code for SimpleLogin Premium anonymously via their official reseller, [ProxyStore](https://simplelogin.io/faq).
+Securitum [audited](https://simplelogin.io/blog/security-audit) SimpleLogin in early 2022 and all issues [were addressed](https://simplelogin.io/audit2022/web.pdf).
 
 Notable free features:
 
@@ -120,6 +136,6 @@ When your subscription ends, all aliases you created will still be able to recei
 
 ## Criteria
 
-**Please note we are not affiliated with any of the providers we recommend.** In addition to [our standard criteria](about/criteria.md), we evaluate email aliasing providers to the same standard as our regular [email provider criteria](email.md#criteria) where applicable. We suggest you familiarize yourself with this list before choosing an email service, and conduct your own research to ensure the provider you choose is the right choice for you.
+**Please note we are not affiliated with any of the providers we recommend.** In addition to [our standard criteria](about/criteria.md), we evaluate email aliasing providers to the same standard as our regular [email provider criteria](email.md#criteria) where applicable. We suggest you familiarize yourself with this list before choosing an email aliasing service, and conduct your own research to ensure the provider you choose is the right choice for you.
 
 [^1]: Automatic PGP encryption allows you to encrypt non-encrypted incoming emails before they are forwarded to your mailbox, making sure your primary mailbox provider never sees unencrypted email content.

docs/email-clients.md

@@ -9,7 +9,7 @@ cover: email-clients.webp
 - [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers){ .pg-teal }
 - [:material-target-account: Targeted Attacks](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red }
 
-The **email clients** we recommend support both [OpenPGP](encryption.md#openpgp) and strong authentication such as [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). OAuth allows you to use [Multi-Factor Authentication](basics/multi-factor-authentication.md) to prevent account theft.
+The **email clients** we recommend support both [OpenPGP](encryption.md#openpgp) and strong authentication such as [Open Authorization (OAuth)](basics/account-creation.md#sign-in-with-oauth). OAuth allows you to use [Multi-Factor Authentication](basics/multi-factor-authentication.md) to prevent account theft.
 
 <details class="warning" markdown>
 <summary>Email does not provide forward secrecy</summary>
@@ -110,39 +110,6 @@ Currently, GPG Suite does [not yet](https://gpgtools.com/sonoma) have a stable r
 
 Apple Mail has the ability to load remote content in the background or block it entirely and hide your IP address from senders on [macOS](https://support.apple.com/guide/mail/mlhl03be2866/mac) and [iOS](https://support.apple.com/guide/iphone/iphf084865c7/ios).
 
-### Canary Mail (iOS)
-
-<div class="admonition recommendation" markdown>
-
-![Canary Mail logo](assets/img/email-clients/canarymail.svg){ align=right }
-
-**Canary Mail** is a paid email client designed to make end-to-end encryption seamless with security features such as a biometric app lock.
-
-[:octicons-home-16: Homepage](https://canarymail.io){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://canarymail.io/privacy.html){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://canarymail.io/help){ .card-link title="Documentation" }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=io.canarymail.android)
-- [:simple-appstore: App Store](https://apps.apple.com/app/id1155470386)
-- [:fontawesome-brands-windows: Windows](https://canarymail.io/downloads.html)
-- [:simple-apple: macOS](https://apps.apple.com/app/id1236045954)
-
-</details>
-
-</div>
-
-<details class="warning" markdown>
-<summary>Warning</summary>
-
-Canary Mail only recently released a Windows and Android client, though we don't believe they are as stable as their iOS and Mac counterparts.
-
-</details>
-
-Canary Mail is closed-source. We recommend it due to the few choices there are for email clients on iOS that support PGP E2EE.
-
 ### FairEmail (Android)
 
 <div class="admonition recommendation" markdown>

docs/email.md

@@ -19,19 +19,19 @@ Email is practically a necessity for using any online service, however we do not
 
 For everything else, we recommend a variety of email providers based on sustainable business models and built-in security and privacy features. Read our [full list of criteria](#criteria) for more information.
 
-| Provider | OpenPGP / WKD | IMAP / SMTP | Zero Access Encryption | Anonymous Payments |
+| Provider | OpenPGP / WKD | IMAP / SMTP | Zero-Access Encryption | Anonymous Payment Methods |
 |---|---|---|---|---|
 | [Proton Mail](#proton-mail) | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Paid plans only | :material-check:{ .pg-green } | Cash |
 | [Mailbox.org](#mailboxorg) | :material-check:{ .pg-green } | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Mail only | Cash |
-| [Tuta](#tuta) | :material-alert-outline:{ .pg-orange } | :material-alert-outline:{ .pg-orange } | :material-check:{ .pg-green } | Monero & Cash via third-party |
+| [Tuta](#tuta) | :material-alert-outline:{ .pg-orange } | :material-alert-outline:{ .pg-orange } | :material-check:{ .pg-green } | Monero <br>Cash via third party |
 
-In addition to (or instead of) an email provider recommended here, you may wish to consider a dedicated [email aliasing service](email-aliasing.md) to protect your privacy. Among other things, these services can help protect your real inbox from spam, prevent marketers from correlating your accounts, and encrypt all incoming messages with PGP.
+In addition to (or instead of) an email provider recommended here, you may wish to consider a dedicated [email aliasing service](email-aliasing.md#recommended-providers) to protect your privacy. Among other things, these services can help protect your real inbox from spam, prevent marketers from correlating your accounts, and encrypt all incoming messages with PGP.
 
 - [More Information :material-arrow-right-drop-circle:](email-aliasing.md)
 
 ## OpenPGP Compatible Services
 
-These providers natively support OpenPGP encryption/decryption and the [Web Key Directory standard](basics/email-security.md#what-is-the-web-key-directory-standard), allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it.
+These providers natively support OpenPGP encryption/decryption and the [Web Key Directory (WKD) standard](basics/email-security.md#what-is-the-web-key-directory-standard), allowing for provider-agnostic end-to-end encrypted emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it.
 
 <div class="grid cards" markdown>
 
@@ -45,7 +45,9 @@ These providers natively support OpenPGP encryption/decryption and the [Web Key
 
 When using E2EE technology like OpenPGP your email will still have some metadata that is not encrypted in the header of the email, generally including the subject line! Read more about [email metadata](basics/email-security.md#email-metadata-overview).
 
-OpenPGP also does not support Forward secrecy, which means if either your or the recipient's private key is ever stolen, all previous messages encrypted with it will be exposed. [How do I protect my private keys?](basics/email-security.md#how-do-i-protect-my-private-keys)
+OpenPGP also does not support forward secrecy, which means if the private key of either you or the message recipient is ever stolen, all previous messages encrypted with it will be exposed.
+
+- [How do I protect my private keys?](basics/email-security.md#how-do-i-protect-my-private-keys)
 
 </div>
 
@@ -55,7 +57,9 @@ OpenPGP also does not support Forward secrecy, which means if either your or the
 
 ![Proton Mail logo](assets/img/email/protonmail.svg){ align=right }
 
-**Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
+**Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland.
+
+The Proton Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
 
 [:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary }
 [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" }
@@ -78,9 +82,9 @@ OpenPGP also does not support Forward secrecy, which means if either your or the
 
 </div>
 
-Free accounts have some limitations, such as not being able to search body text and not having access to [Proton Mail Bridge](https://proton.me/mail/bridge), which is required to use a [recommended desktop email client](email-clients.md) (e.g. Thunderbird). Paid accounts include features like Proton Mail Bridge, additional storage, and custom domain support. A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton Mail's apps on 9th November 2021 by [Securitum](https://research.securitum.com).
+Free accounts have some limitations, such as not being able to search body text and not having access to [Proton Mail Bridge](https://proton.me/mail/bridge), which is required to use a [recommended desktop email client](email-clients.md) (e.g., Thunderbird). Paid accounts include features like Proton Mail Bridge, additional storage, and custom domain support. If you have the Proton Unlimited plan or any multi-user Proton plan, you also get [SimpleLogin](email-aliasing.md#simplelogin) Premium for free.
 
-If you have the Proton Unlimited plan or any multi-user Proton plan, you also get [SimpleLogin](email-aliasing.md#simplelogin) Premium for free.
+A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton Mail's apps on 9th November 2021 by [Securitum](https://research.securitum.com).
 
 Proton Mail has internal crash reports that are **not** shared with third parties. This can be disabled in the web app: :gear: → **All Settings** → **Account** → **Security and privacy** → **Privacy and data collection**.
 
@@ -90,7 +94,7 @@ Paid Proton Mail subscribers can use their own domain with the service or a [cat
 
 #### :material-check:{ .pg-green } Private Payment Methods
 
-Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments.
+Proton Mail [accepts](https://proton.me/support/payment-options) **cash** by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments.
 
 #### :material-check:{ .pg-green } Account Security
 
@@ -104,9 +108,9 @@ Certain information stored in [Proton Contacts](https://proton.me/support/proton
 
 #### :material-check:{ .pg-green } Email Encryption
 
-Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. Proton also supports automatic external key discovery with [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This means that emails sent to other providers which use WKD will be automatically encrypted with OpenPGP as well, without the need to manually exchange public PGP keys with your contacts. They also allow you to [encrypt messages to non-Proton Mail addresses without OpenPGP](https://proton.me/support/password-protected-emails), without the need for them to sign up for a Proton Mail account.
+Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. Proton also supports automatic external key discovery with WKD. This means that emails sent to other providers which use WKD will be automatically encrypted with OpenPGP as well, without the need to manually exchange public PGP keys with your contacts. They also allow you to [encrypt messages to non-Proton Mail addresses without OpenPGP](https://proton.me/support/password-protected-emails), without the need for them to sign up for a Proton Mail account.
 
-Proton Mail also publishes the public keys of Proton accounts via HTTP from their WKD. This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. This only applies to email addresses ending in one of Proton's own domains, like @proton.me. If you use a custom domain, you must [configure WKD](./basics/email-security.md#what-is-the-web-key-directory-standard) separately.
+Proton Mail also publishes the public keys of Proton accounts via HTTP from their WKD. This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily for cross-provider E2EE. This only applies to email addresses ending in one of Proton's own domains, like `@proton.me`. If you use a custom domain, you must [configure WKD](basics/email-security.md#what-is-the-web-key-directory-standard) separately.
 
 #### :material-information-outline:{ .pg-blue } Account Termination
 
@@ -114,9 +118,7 @@ If you have a paid account and your [bill is unpaid](https://proton.me/support/d
 
 #### :material-information-outline:{ .pg-blue } Additional Functionality
 
-Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500 GB of storage.
-
-Proton Mail doesn't offer a digital legacy feature.
+Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500 GB of storage.
 
 ### Mailbox.org
 
@@ -124,7 +126,9 @@ Proton Mail doesn't offer a digital legacy feature.
 
 ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ align=right }
 
-**Mailbox.org** is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2 GB storage, which can be upgraded as needed.
+**Mailbox.org** is an email service with a focus on being secure, ad-free, and powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany.
+
+Accounts start with up to 2 GB storage, which can be upgraded as needed.
 
 [:octicons-home-16: Homepage](https://mailbox.org){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Privacy Policy" }
@@ -145,23 +149,23 @@ Mailbox.org lets you use your own domain, and they support [catch-all](https://k
 
 #### :material-check:{ .pg-green } Private Payment Methods
 
-Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and a couple of German-specific processors: paydirekt and Sofortüberweisung.
+Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept **cash** by mail, **cash** payment to bank account, bank transfer, credit card, PayPal, and a couple of German-specific processors: Paydirekt and Sofortüberweisung.
 
 #### :material-check:{ .pg-green } Account Security
 
-Mailbox.org supports [two-factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported.
+Mailbox.org supports [two-factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online) are not yet supported.
 
 #### :material-information-outline:{ .pg-blue } Data Security
 
 Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/en/private/e-mail-article/your-encrypted-mailbox). New messages that you receive will then be immediately encrypted with your public key.
 
-However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/en/private/security-privacy-article/encryption-of-calendar-and-address-book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information.
+However, [Open-Xchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/en/private/security-privacy-article/encryption-of-calendar-and-address-book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that data.
 
 #### :material-check:{ .pg-green } Email Encryption
 
 Mailbox.org has [integrated encryption](https://kb.mailbox.org/en/private/e-mail-article/send-encrypted-e-mails-with-guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/en/private/e-mail-article/my-recipient-does-not-use-pgp) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox.
 
-Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. This only applies to email addresses ending in one of Mailbox.org's own domains, like @mailbox.org. If you use a custom domain, you must [configure WKD](./basics/email-security.md#what-is-the-web-key-directory-standard) separately.
+Mailbox.org also supports the discovery of public keys via HTTP from their WKD. This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily for cross-provider E2EE. This only applies to email addresses ending in one of Mailbox.org's own domains, like `@mailbox.org`. If you use a custom domain, you must [configure WKD](basics/email-security.md#what-is-the-web-key-directory-standard) separately.
 
 #### :material-information-outline:{ .pg-blue } Account Termination
 
@@ -173,7 +177,7 @@ You can access your Mailbox.org account via IMAP/SMTP using their [.onion servic
 
 All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/en/private/drive-article/encrypt-files-on-your-drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/en/private/e-mail-article/ensuring-e-mails-are-sent-securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3.
 
-Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address.
+Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs, providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address.
 
 ## More Providers
 
@@ -192,7 +196,9 @@ These providers store your emails with zero-knowledge encryption, making them gr
 ![Tuta logo](assets/img/email/tuta.svg#only-light){ align=right }
 ![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ align=right }
 
-**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
+**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany.
+
+Free accounts start with 1 GB of storage.
 
 [:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" }
@@ -223,7 +229,7 @@ Paid Tuta accounts can use either 15 or 30 aliases depending on their plan and u
 
 #### :material-information-outline:{ .pg-blue } Private Payment Methods
 
-Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with ProxyStore.
+Tuta only directly accepts credit cards and PayPal, however [**cryptocurrency**](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with ProxyStore.
 
 #### :material-check:{ .pg-green } Account Security
 
@@ -231,7 +237,7 @@ Tuta supports [two-factor authentication](https://tuta.com/support#2fa) with eit
 
 #### :material-check:{ .pg-green } Data Security
 
-Tuta has [zero access encryption at rest](https://tuta.com/support#what-encrypted) for your emails, [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar). This means the messages and other data stored in your account are only readable by you.
+Tuta has [zero-access encryption at rest](https://tuta.com/support#what-encrypted) for your emails, [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar). This means the messages and other data stored in your account are only readable by you.
 
 #### :material-information-outline:{ .pg-blue } Email Encryption
 
@@ -245,8 +251,6 @@ Tuta will [delete inactive free accounts](https://tuta.com/support#inactive-acco
 
 Tuta offers the business version of [Tuta to non-profit organizations](https://tuta.com/blog/secure-email-for-non-profit) for free or with a heavy discount.
 
-Tuta doesn't offer a digital legacy feature.
-
 ## Self-Hosting Email
 
 Advanced system administrators may consider setting up their own email server. Mail servers require attention and continuous maintenance in order to keep things secure and mail delivery reliable. In addition to the "all-in-one" solutions below, we've picked out a few articles that cover a more manual approach:
@@ -312,22 +316,22 @@ We regard these features as important in order to provide a safe and optimal ser
 
 **Minimum to Qualify:**
 
-- Encrypts email account data at rest with zero-access encryption.
-- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .EML with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
+- Must encrypt email account data at rest with zero-access encryption.
+- Must be capable of exporting emails as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .EML with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
 - Allow users to use their own [domain name](https://en.wikipedia.org/wiki/Domain_name). Custom domain names are important to users because it allows them to maintain their agency from the service, should it turn bad or be acquired by another company which doesn't prioritize privacy.
-- Operates on owned infrastructure, i.e. not built upon third-party email service providers.
+- Must operate on owned infrastructure, i.e. not built upon third-party email service providers.
 
 **Best Case:**
 
-- Encrypts all account data (Contacts, Calendars, etc.) at rest with zero-access encryption.
-- Integrated webmail E2EE/PGP encryption provided as a convenience.
-- Support for [WKD](https://wiki.gnupg.org/WKD) to allow improved discovery of public OpenPGP keys via HTTP.
-    GnuPG users can get a key by typing: `gpg --locate-key example_user@example.com`
-- Support for a temporary mailbox for external users. This is useful when you want to send an encrypted email, without sending an actual copy to your recipient. These emails usually have a limited lifespan and then are automatically deleted. They also don't require the recipient to configure any cryptography like OpenPGP.
-- Availability of the email provider's services via an [onion service](https://en.wikipedia.org/wiki/.onion).
-- [Sub-addressing](https://en.wikipedia.org/wiki/Email_address#Sub-addressing) support.
+- Should encrypt all account data (contacts, calendars, etc.) at rest with zero-access encryption.
+- Should provide integrated webmail E2EE/PGP encryption as a convenience.
+- Should support WKD to allow improved discovery of public OpenPGP keys via HTTP. GnuPG users can get a key with this command: `gpg --locate-key example_user@example.com`.
+- Support for a temporary mailbox for external users. This is useful when you want to send an encrypted email without sending an actual copy to your recipient. These emails usually have a limited lifespan and then are automatically deleted. They also don't require the recipient to configure any cryptography like OpenPGP.
+- Should support [sub-addressing](https://en.wikipedia.org/wiki/Email_address#Sub-addressing).
+- Should allow users to use their own [domain name](https://en.wikipedia.org/wiki/Domain_name). Custom domain names are important to users because it allows them to maintain their agency from the service, should it turn bad or be acquired by another company which doesn't prioritize privacy.
 - Catch-all or alias functionality for those who use their own domains.
-- Use of standard email access protocols such as IMAP, SMTP, or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider.
+- Should use standard email access protocols such as IMAP, SMTP, or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider.
+- Email provider's services should be available via an [onion service](https://en.wikipedia.org/wiki/.onion).
 
 ### Privacy
 
@@ -335,30 +339,30 @@ We prefer our recommended providers to collect as little data as possible.
 
 **Minimum to Qualify:**
 
-- Protect sender's IP address, which can involve filtering it from showing in the `Received` header field.
-- Don't require personally identifiable information (PII) besides a username and a password.
-- Privacy policy that meets the requirements defined by the GDPR.
+- Must protect sender's IP address, which can involve filtering it from showing in the `Received` header field.
+- Must not require personally identifiable information (PII) besides a username and a password.
+- Privacy policy must meet the requirements defined by the GDPR.
 
 **Best Case:**
 
-- Accepts [anonymous payment options](advanced/payments.md) ([cryptocurrency](cryptocurrency.md), cash, gift cards, etc.)
-- Hosted in a jurisdiction with strong email privacy protection laws.
+- Should accept [anonymous payment options](advanced/payments.md) ([cryptocurrency](cryptocurrency.md), cash, gift cards, etc.)
+- Should be hosted in a jurisdiction with strong email privacy protection laws.
 
 ### Security
 
-Email servers deal with a lot of very sensitive data. We expect that providers will adopt best industry practices in order to protect their customers.
+Email servers deal with a lot of very sensitive data. We expect that providers will adopt industry best practices in order to protect their customers.
 
 **Minimum to Qualify:**
 
-- Protection of webmail with 2FA, such as TOTP.
-- Zero access encryption, which builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
+- Protection of webmail with 2FA, such as [TOTP](basics/multi-factor-authentication.md#time-based-one-time-password-totp).
+- Zero-access encryption, which builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
 - [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) support.
 - No TLS errors or vulnerabilities when being profiled by tools such as [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh), or [Qualys SSL Labs](https://ssllabs.com/ssltest); this includes certificate related errors and weak DH parameters, such as those that led to [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)).
-- A server suite preference (optional on TLSv1.3) for strong cipher suites which support forward secrecy and authenticated encryption.
+- A server suite preference (optional on TLS 1.3) for strong cipher suites which support forward secrecy and authenticated encryption.
 - A valid [MTA-STS](https://tools.ietf.org/html/rfc8461) and [TLS-RPT](https://tools.ietf.org/html/rfc8460) policy.
 - Valid [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) records.
 - Valid [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) and [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) records.
-- Have a proper [DMARC](https://en.wikipedia.org/wiki/DMARC) record and policy or use [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) for authentication. If DMARC authentication is being used, the policy must be set to `reject` or `quarantine`.
+- Must have a proper [DMARC](https://en.wikipedia.org/wiki/DMARC) record and policy or use [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) for authentication. If DMARC authentication is being used, the policy must be set to `reject` or `quarantine`.
 - A server suite preference of TLS 1.2 or later and a plan for [RFC8996](https://datatracker.ietf.org/doc/rfc8996).
 - [SMTPS](https://en.wikipedia.org/wiki/SMTPS) submission, assuming SMTP is used.
 - Website security standards such as:
@@ -368,10 +372,10 @@ Email servers deal with a lot of very sensitive data. We expect that providers w
 
 **Best Case:**
 
-- Support for hardware authentication, i.e. U2F and [WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online).
+- Should support hardware authentication, i.e. U2F and [WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online).
 - [DNS Certification Authority Authorization (CAA) Resource Record](https://tools.ietf.org/html/rfc6844) in addition to DANE support.
-- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), which is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617).
-- Published security audits from a reputable third-party firm.
+- Should implement [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), which is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617).
+- Published security audits from a reputable, third-party firm.
 - Bug-bounty programs and/or a coordinated vulnerability-disclosure process.
 - Website security standards such as:
     - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy)
@@ -396,18 +400,15 @@ With the email providers we recommend, we like to see responsible marketing.
 **Minimum to Qualify:**
 
 - Must self-host analytics (no Google Analytics, Adobe Analytics, etc.).
-
-Must not have any irresponsible marketing, which can include the following:
-
-- Claims of "unbreakable encryption." Encryption should be used with the intention that it may not be secret in the future when the technology exists to crack it.
-- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily de-anonymize themselves in a number of ways, e.g.:
-
-    - Reusing personal information e.g. (email accounts, unique pseudonyms, etc.) that they accessed without anonymity software (Tor, VPN, etc.)
-    - [Browser fingerprinting](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint)
+- Must not have any irresponsible marketing, which can include the following:
+    - Claims of "unbreakable encryption." Encryption should be used with the intention that it may not be secret in the future when the technology exists to crack it.
+    - Guarantees of protecting anonymity 100%. When someone makes a claim that something is 100%, it means there is no certainty for failure. We know people can quite easily de-anonymize themselves in a number of ways, e.g.:
+        - Reusing personal information e.g. (email accounts, unique pseudonyms, etc.) that they accessed without anonymity software such as Tor
+        - [Browser fingerprinting](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint)
 
 **Best Case:**
 
-- Clear and easy to read documentation for tasks like setting up 2FA, email clients, OpenPGP, etc.
+- Clear and easy-to-read documentation for tasks like setting up 2FA, email clients, OpenPGP, etc.
 
 ### Additional Functionality
 

docs/encryption.md

@@ -367,13 +367,6 @@ gpg --quick-gen-key alice@example.com future-default
 
 ### GPG Suite
 
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-We suggest [Canary Mail](email-clients.md#canary-mail-ios) for using PGP with email on iOS devices.
-
-</div>
-
 <div class="admonition recommendation" markdown>
 
 ![GPG Suite logo](assets/img/encryption-software/gpgsuite.png){ align=right }

docs/health-and-wellness.md

@@ -3,7 +3,7 @@ meta_title: "Privacy Respecting Health and Wellness apps for Android and iOS - P
 title: "Health and Wellness Apps"
 icon: material/heart-pulse
 description: These applications are what we currently recommend for all health and fitness-related activites on your phone.
-cover: health-cover.webp
+cover: health.webp
 ---
 <small>Protects against the following threat(s):</small>
 
@@ -15,13 +15,13 @@ Keep track of your health and fitness-related goals with these apps. Unlike thei
 
 Popular menstrual trackers like [Flo](https://techcrunch.com/2021/01/13/flo-gets-ftc-slap-for-sharing-user-data-when-it-promised-privacy) are notorious for collecting and sharing your user data. Depending on your jurisdiction, this may lead to [legal consequences](https://forbes.com/sites/abigaildubiniecki/2024/11/14/post-roe-your-period-app-data-could-be-used-against-you) affecting your reproductive autonomy.
 
-### drip.
+### Drip
 
 <div class="admonition recommendation" markdown>
 
-![drip logo](assets/img/health-and-wellness/drip.png){ align=right }
+![Drip logo](assets/img/health-and-wellness/drip.png){ align=right }
 
-**drip.** is a gender-inclusive and open source menstrual cycle tracker available on all mobile platforms. It relies on the "sympto-thermal method" to predict ovulation. All user data is stored locally on your device and can be protected with a password.
+**Drip** is a gender-inclusive and open source menstrual cycle tracker available on all mobile platforms. It relies on the "sympto-thermal method" to predict ovulation. All user data is stored locally on your device and can be protected with a password.
 
 [:octicons-home-16: Homepage](https://bloodyhealth.gitlab.io){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://bloodyhealth.gitlab.io/privacy-policy.html){ .card-link title="Privacy Policy" }

docs/maps.md

@@ -25,14 +25,14 @@ Features include cycling routes, hiking trails and walking paths, turn-by-turn n
 
 [:octicons-home-16: Homepage](https://organicmaps.app){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://organicmaps.app/privacy){ .card-link title="Privacy Policy" }
-[:octicons-code-16:](https://github.com/organicmaps/organicmaps){ .card-link title="Source Code" }
+[:octicons-code-16:](https://git.omaps.dev/organicmaps/organicmaps){ .card-link title="Source Code" }
 
 <details class="downloads" markdown>
 <summary>Downloads</summary>
 
-- [:simple-github: GitHub](https://github.com/organicmaps/organicmaps)
 - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.organicmaps)
 - [:simple-appstore: App Store](https://apps.apple.com/app/organic-maps/id1567437057)
+- [:simple-forgejo: Forgejo](https://git.omaps.dev/organicmaps/organicmaps/releases)
 - [:simple-linux: Linux](https://flathub.org/apps/app.organicmaps.desktop)
 
 </details>

docs/meta/admonitions.md

@@ -1,294 +0,0 @@
----
-title: Admonitions
-description: A guide for website contributors on creating admonitions.
----
-
-**Admonitions** (or "call-outs") are a choice writers can use to include side content in an article without interrupting the document flow.
-
-<div class="admonition example" markdown>
-<p class="admonition-title">Example Admonition</p>
-
-This is an example of an admonition. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nulla et euismod nulla. Curabitur feugiat, tortor non consequat finibus, justo purus auctor massa, nec semper lorem quam in massa.
-
-</div>
-
-<details class="example" markdown>
-<summary>Example Collapsible Admonition</summary>
-
-This is an example of a collapsible admonition. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nulla et euismod nulla. Curabitur feugiat, tortor non consequat finibus, justo purus auctor massa, nec semper lorem quam in massa.
-
-</details>
-
-## Formatting
-
-To add an admonition to a page, you can use the following code:
-
-```markdown title="Admonition"
-<div class="admonition TYPE" markdown>
-<p class="admonition-title">TITLE</p>
-
-ENCLOSED TEXT
-
-</div>
-```
-
-```markdown title="Collapsible Admonition"
-<details class="TYPE" markdown>
-<summary>TITLE</summary>
-
-ENCLOSED TEXT
-
-</details>
-```
-
-The `TITLE` must be specified, if you don't want a specific title you can set it to the same text as the `TYPE` (see below) in title case, e.g. `Note`. The `ENCLOSED TEXT` should be Markdown formatted.
-
-### Regular types
-
-Replace `TYPE` in the examples above with one of the following:
-
-#### `note`
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit.
-
-</div>
-
-#### `abstract`
-
-<div class="admonition abstract" markdown>
-<p class="admonition-title">Abstract</p>
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit.
-
-</div>
-
-#### `info`
-
-<div class="admonition info" markdown>
-<p class="admonition-title">Info</p>
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit.
-
-</div>
-
-#### `tip`
-
-<div class="admonition tip" markdown>
-<p class="admonition-title">Tip</p>
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit.
-
-</div>
-
-#### `success`
-
-<div class="admonition success" markdown>
-<p class="admonition-title">Success</p>
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit.
-
-</div>
-
-#### `question`
-
-<div class="admonition question" markdown>
-<p class="admonition-title">Question</p>
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit.
-
-</div>
-
-#### `warning`
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warning</p>
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit.
-
-</div>
-
-#### `failure`
-
-<div class="admonition failure" markdown>
-<p class="admonition-title">Failure</p>
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit.
-
-</div>
-
-#### `danger`
-
-<div class="admonition danger" markdown>
-<p class="admonition-title">Danger</p>
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit.
-
-</div>
-
-#### `bug`
-
-<div class="admonition bug" markdown>
-<p class="admonition-title">Bug</p>
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit.
-
-</div>
-
-#### `example`
-
-<div class="admonition example" markdown>
-<p class="admonition-title">Example</p>
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit.
-
-</div>
-
-#### `quote`
-
-<div class="admonition quote" markdown>
-<p class="admonition-title">Quote</p>
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit.
-
-</div>
-
-### Special Types
-
-#### `recommendation`
-
-This format is used to generate recommendation cards. Notably it is missing the `<p class="admonition-title">` element.
-
-``` markdown title="Recommendation Card"
-<div class="admonition recommendation" markdown>
-
-![PhotoPrism logo](assets/img/photo-management/photoprism.svg){ align=right }
-
-**PhotoPrism** is a self-hostable platform for managing photos. It supports album syncing and sharing as well as a variety of other [features](https://photoprism.app/features). It does not include E2EE, so it's best hosted on a server that you trust and is under your control.
-
-[:octicons-home-16: Homepage](https://photoprism.app){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://photoprism.app/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://photoprism.app/kb){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/photoprism){ .card-link title="Source Code" }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-github: GitHub](https://github.com/photoprism)
-
-</details>
-
-</div>
-```
-
-<div class="result" markdown>
-
-<div class="admonition recommendation" markdown>
-
-![PhotoPrism logo](../assets/img/photo-management/photoprism.svg){ align=right }
-
-**PhotoPrism** is a self-hostable platform for managing photos. It supports album syncing and sharing as well as a variety of other [features](https://photoprism.app/features). It does not include E2EE, so it's best hosted on a server that you trust and is under your control.
-
-[:octicons-home-16: Homepage](https://photoprism.app){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://photoprism.app/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://photoprism.app/kb){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/photoprism){ .card-link title="Source Code" }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-github: GitHub](https://github.com/photoprism)
-
-</details>
-
-</div>
-
-</div>
-
-#### `downloads`
-
-This is a special type of collapsible admonition, used to generate the download links section. It is only used within recommendation cards, as shown in the example above.
-
-```markdown title="Downloads Section"
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonmail.android)
-- [:simple-appstore: App Store](https://apps.apple.com/app/id979659905)
-- [:simple-github: GitHub](https://github.com/ProtonMail/proton-mail-android/releases)
-- [:fontawesome-brands-windows: Windows](https://proton.me/mail/bridge#download)
-- [:simple-apple: macOS](https://proton.me/mail/bridge#download)
-- [:simple-linux: Linux](https://proton.me/mail/bridge#download)
-- [:octicons-browser-16: Web](https://mail.proton.me)
-
-</details>
-```
-
-<div class="result" markdown>
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonmail.android)
-- [:simple-appstore: App Store](https://apps.apple.com/app/id979659905)
-- [:simple-github: GitHub](https://github.com/ProtonMail/proton-mail-android/releases)
-- [:fontawesome-brands-windows: Windows](https://proton.me/mail/bridge#download)
-- [:simple-apple: macOS](https://proton.me/mail/bridge#download)
-- [:simple-linux: Linux](https://proton.me/mail/bridge#download)
-- [:octicons-browser-16: Web](https://mail.proton.me)
-
-</details>
-
-</div>
-
-## Old Format
-
-Throughout the site, you may see some admonitions formatted similarly to these examples:
-
-``` markdown title="Admonition"
-!!! note
-
-    Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nulla et euismod
-    nulla. Curabitur feugiat, tortor non consequat finibus, justo purus auctor
-    massa, nec semper lorem quam in massa.
-```
-
-<div class="result" markdown>
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nulla et euismod
-nulla. Curabitur feugiat, tortor non consequat finibus, justo purus auctor
-massa, nec semper lorem quam in massa.
-
-</div>
-
-</div>
-
-``` markdown title="Collapsible Admonition"
-??? example "Custom Title"
-
-    Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nulla et euismod
-    nulla. Curabitur feugiat, tortor non consequat finibus, justo purus auctor
-    massa, nec semper lorem quam in massa.
-```
-
-<div class="result" markdown>
-
-<details class="example" markdown>
-<summary>Custom Title</summary>
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nulla et euismod
-nulla. Curabitur feugiat, tortor non consequat finibus, justo purus auctor
-massa, nec semper lorem quam in massa.
-
-</details>
-
-</div>
-
-**This format is no longer used going forward,** because it is incompatible with newer versions of our translation software at Crowdin. When adding a new page to the site, only the newer HTML-based format should be used.
-
-There is no rush to convert admonitions with the old format to the new format. Pages currently using this formatting should continue to work, but we will be updating them to use the newer HTML-based format above over time as we continue to update the site.

docs/meta/brand.md

@@ -1,23 +0,0 @@
----
-title: Branding Guidelines
-description: A guide for journalists and website contributors on proper branding of the Privacy Guides wordmark and logo.
----
-
-The name of the website is **Privacy Guides** and should **not** be changed to:
-
-<div class="pg-red" markdown>
-- PrivacyGuides
-- Privacy guides
-- PG
-- PG.org
-</div>
-
-The name of the Subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**.
-
-Additional branding guidelines can be found at [github.com/privacyguides/brand](https://github.com/privacyguides/brand)
-
-## Trademark
-
-"Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project.
-
-Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at `jonah@privacyguides.org`. Consult your legal counsel if you have questions.

docs/meta/commit-messages.md

@@ -1,78 +0,0 @@
----
-title: Commit Messages
-description: A guide for website contributors on using useful Git commit messages when making website change requests.
----
-
-For our commit messages we follow the style provided by [Conventional Commits](https://conventionalcommits.org). Not all of those suggestions are appropriate for Privacy Guides, so the main ones we use are:
-
-## Update to existing text
-
-This example could be used for an item already on the site, but includes a minor update to the description.
-
-```text
-update: Add mention of security audit (#0000)
-```
-
-## Addition or removal of recommendations/pages
-
-This example is for the addition or removal of an item. You may elaborate why it was removed in the commit paragraph below. Note the extra `!` to draw attention to a major change.
-
-```text
-update!: Remove foobar (#0000)
-
-Foobar was removed due to it having numerious security issues and being unmaintained.
-```
-
-You can actually add a `!` to *any* of the types on this page to denote particularly large changes, but this is generally where it will be most appropriate.
-
-## Feature/enhancement
-
-For new features or enhancements to the site, e.g. things that have the `enhancements` label on GitHub, it may be appropriate to signify these with:
-
-```text
-feat: Add blah blah (#0000)
-
-This change adds the forum topics to the main page
-```
-
-## Minor changes
-
-Small changes that **don't affect the meaning** of the article, e.g. correcting a typo, fixing grammar, changing formatting/whitespace, CSS updates, etc.
-
-```text
-style: Typo correction in VPN overview
-```
-
-## Development-related types
-
-These commit types are typically used for changes that won't be visible to the general audience.
-
-We use `fix:` for changes that fix site related bugs. These things will usually have the `bug` label on GitHub.
-
-```text
-fix: Remove broken Invidious embeds (#0000)
-```
-
-We use `docs:` to denote changes to the developer documentation for this website, including (but not limited to) for example the README file, or most pages in `/docs/about` or `/docs/meta`:
-
-```text
-docs: Update Git commit message guidelines (#0000)
-```
-
-We use `build:` for commits related to our build process, mainly dependency updates.
-
-```text
-build: Bump modules/mkdocs-material from 463e535 to 621a5b8
-```
-
-We use `ci:` for commits related to GitHub Actions, DevContainers, or other automated build platforms.
-
-```text
-ci: Update Netlify config (#0000)
-```
-
-We use `refactor:` for changes which neither fix a bug nor add a feature, e.g. rearranging files, navigation order, etc.
-
-```text
-refactor: Move docs/assets to theme/assets
-```

docs/meta/git-recommendations.md

@@ -1,44 +0,0 @@
----
-title: Git Recommendations
-description: A guide for website contributors on using Git effectively.
----
-If you make changes to this website on GitHub.com's web editor directly, you shouldn't have to worry about this. If you are developing locally and/or are a long-term website editor (who should probably be developing locally!), consider these recommendations.
-
-## Enable SSH Key Commit Signing
-
-You can use an existing SSH key for signing, or [create a new one](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent).
-
-1. Configure your Git client to sign commits and tags by default (remove `--global` to only sign by default for this repo):
-
-    ```bash
-    git config --global commit.gpgsign true
-    git config --global gpg.format ssh
-    git config --global tag.gpgSign true
-    ```
-
-2. Set your SSH key for signing in Git with the following command, substituting `/PATH/TO/.SSH/KEY.PUB` with the path to the public key you'd like to use, e.g. `/home/user/.ssh/id_ed25519.pub`:
-
-    ```bash
-    git config --global user.signingkey /PATH/TO/.SSH/KEY.PUB
-    ```
-
-Ensure you [add your SSH key to your GitHub account](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account#adding-a-new-ssh-key-to-your-account) **as a Signing Key** (as opposed to or in addition to as an Authentication Key).
-
-## Rebase on Git pull
-
-Use `git pull --rebase` instead of `git pull` when pulling in changes from GitHub to your local machine. This way your local changes will always be "on top of" the latest changes on GitHub, and you avoid merge commits (which are disallowed in this repo).
-
-You can set this to be the default behavior:
-
-```bash
-git config --global pull.rebase true
-```
-
-## Rebase from `main` before submitting a PR
-
-If you are working on your own branch, run these commands before submitting a PR:
-
-```bash
-git fetch origin
-git rebase origin/main
-```

docs/meta/translations.md

@@ -1,34 +0,0 @@
----
-title: Translations
-description: A guide for website contributors on adding translations to our website.
----
-
-Crowdin has good documentation, and we suggest looking at their [Getting Started](https://support.crowdin.com/crowdin-intro) guide. Our site is largely written in [Markdown](https://en.wikipedia.org/wiki/Markdown), so it should be easy to contribute. This page contains some helpful pointers for translating some specific syntax you may encounter on our site.
-
-Please join our localization room on Matrix ([#pg-i18n:aragon.sh](https://matrix.to/#/%23pg-i18n:aragon.sh)) if you have any additional questions, and read our [announcement blog post](https://blog.privacyguides.org/2023/02/26/i18n-announcement) for additional information about the project.
-
-Note that the English version of the site is the primary version, meaning changes occur there first. If you notice a language falling behind the English version, please help out. We cannot guarantee the accuracy of all our translations. If you have a suggestion about content specific to your region, please open an issue or pull request to our [main repository](https://github.com/privacyguides/privacyguides.org).
-
-## Translation output
-
-Translation software gets the translation quite accurate; however, you need to make sure the translated string is correct.
-
-For example:
-
-```text
-![Software logo](assets/img/path/to/image.svg){ align=right }
-```
-
-We have sometimes found that the syntax for inserting an image like above was missing the `![` or an extra space was placed between the text and the path, e.g. `](`. If a translation string is clearly not correct, we encourage you to **delete** it by pressing the trash icon [or vote](https://support.crowdin.com/enterprise/getting-started-for-volunteers/#voting-view) on which one you think sounds best. When invalid strings are deleted, they are removed from the organization's [translation memory](https://support.crowdin.com/enterprise/translation-memory), meaning that when the source string is seen again, it won't suggest the incorrect translation.
-
-## Punctuation
-
-For examples like the above admonitions, quotation marks, e.g.: `" "` must be used to specify string text. MkDocs will not correctly interpret other symbols i.e., `「 」` or `« »`. Other punctuation marks are fine for marking regular quotations within the text otherwise.
-
-## Fullwidth alternatives and Markdown syntax
-
-CJK writing systems tend to use alternative "fullwidth" variants of common symbols. These are different characters and cannot be used for Markdown syntax.
-
-- Links must use regular parenthesis i.e. `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `（` (Fullwidth Left Parenthesis U+FF08) or `）` (Fullwidth Right Parenthesis U+FF09)
-- Indented quoted text must use `:` (Colon U+003A) and not `：` (Fullwidth Colon U+FF1A)
-- Pictures must use `!` (Exclamation Mark U+0021) and not `！` (Fullwidth Exclamation Mark U+FF01)

docs/meta/uploading-images.md

@@ -1,95 +0,0 @@
----
-title: Uploading Images
-description: A guide for website contributors on uploading images in the proper format and location.
----
-
-If you make changes to this website that involve adding new images or replacing existing ones, here are a couple of general recommendations:
-
-## Images
-
-- We **prefer** SVG images, but if those do not exist we can use PNG images. Additionally, for cover images, we prefer that they are obtained from [Unsplash](https://unsplash.com) and are in the WebP format.
-
-Company logos should be square if possible, and at least 200x200px if they are PNGs (non-vector images).
-
-## Optimization
-
-### PNG
-
-Use the [OptiPNG](https://sourceforge.net/projects/optipng) tool to optimize PNG images:
-
-```bash
-optipng -o7 file.png
-```
-
-### SVG
-
-#### Inkscape
-
-[Scour](https://github.com/scour-project/scour) all SVG images.
-
-In Inkscape:
-
-1. File > Save As...
-2. Set type to: Optimized SVG (*.svg)
-
-In the **Options** tab:
-
-- **Number of significant digits for coordinates** > **5**
-- [x] Turn on **Shorten color values**
-- [x] Turn on **Convert CSS attributes to XML attributes**
-- [x] Turn on **Collapse groups**
-- [x] Turn on **Create groups for similar attributes**
-- [ ] Turn off **Keep editor data**
-- [ ] Turn off **Keep unreferenced definitions**
-- [x] Turn on **Work around renderer bugs**
-
-In the **SVG Output** tab under **Document options**:
-
-- [ ] Turn off **Remove the XML declaration**
-- [x] Turn on **Remove metadata**
-- [x] Turn on **Remove comments**
-- [x] Turn on **Embedded raster images**
-- [x] Turn on **Enable viewboxing**
-
-In the **SVG Output** under **Pretty-printing**:
-
-- [ ] Turn off **Format output with line-breaks and indentation**
-- **Indentation characters** > Select **Space**
-- **Depth of indentation** > **1**
-- [ ] Turn off **Strip the "xml:space" attribute from the root SVG element**
-
-In the **IDs** tab:
-
-- [x] Turn on **Remove unused IDs**
-- [ ] Turn off **Shorten IDs**
-- **Prefix shortened IDs with** > `leave blank`
-- [x] Turn on **Preserve manually created IDs not ending with digits**
-- **Preserve the following IDs** > `leave blank`
-- **Preserve IDs starting with** > `leave blank`
-
-#### CLI
-
-The same can be achieved with the [Scour](https://github.com/scour-project/scour) command:
-
-```bash
-scour --set-precision=5 \
-      --create-groups \
-      --renderer-workaround \
-      --remove-descriptive-elements \
-      --enable-comment-stripping \
-      --enable-viewboxing \
-      --indent=space \
-      --nindent=1 \
-      --no-line-breaks \
-      --enable-id-stripping \
-      --protect-ids-noninkscape \
-      input.svg output.svg
-```
-
-### WebP
-
-Use the [cwebp](https://developers.google.com/speed/webp/docs/using) command to convert PNG or JPEG image files to WebP format:
-
-```bash
-cwebp -q 70 -m 6 input_file -o output.webp
-```

docs/meta/writing-style.md

@@ -1,88 +0,0 @@
----
-title: Writing Style
-description: Our official writing style handbook for website contributors.
----
-
-Privacy Guides is written in American English, and you should refer to [APA Style guidelines](https://apastyle.apa.org/style-grammar-guidelines/grammar) when in doubt.
-
-In general the [United States federal plain language guidelines](https://plainlanguage.gov/guidelines) provide a good overview of how to write clearly and concisely. We highlight a few important notes from these guidelines below.
-
-## Writing for our audience
-
-Privacy Guides' intended [audience](https://plainlanguage.gov/guidelines/audience) is primarily adults who use technology. Don't dumb down content as if you are addressing a middle-school class, but don't overuse complicated terminology about concepts average computer users wouldn't be familiar with.
-
-### Address only what people want to know
-
-People don't need overly complex articles with little relevance to them. Figure out what you want people to accomplish when writing an article, and only include those details.
-
-> Tell your audience why the material is important to them. Say, “If you want a research grant, here’s what you have to do.” Or, “If you want to mine federal coal, here’s what you should know.” Or, “If you’re planning a trip to Rwanda, read this first.”
-
-### Address people directly
-
-We're writing *for* a wide variety of people, but we are writing *to* the person who is actually reading it. Use "you" to address the reader directly.
-
-> More than any other single technique, using “you” pulls users into the information and makes it relevant to them.
->
-> When you use “you” to address users, they are more likely to understand what their responsibility is.
-
-Source: [plainlanguage.gov](https://plainlanguage.gov/guidelines/audience/address-the-user)
-
-### Avoid "users"
-
-Avoid calling people "users", in favor of "people", or a more specific description of the group of people you are writing for.
-
-## Organizing content
-
-Organization is key. Content should flow from most to least important information, and use headers as much as needed to logically separate different ideas.
-
-- Limit the document to around five or six sections. Long documents should probably be broken up into separate pages.
-- Mark important ideas with **bold** or *italics*.
-
-Source: [plainlanguage.gov](https://plainlanguage.gov/guidelines/design)
-
-### Begin with a topic sentence
-
-> If you tell your reader what they’re going to read about, they’re less likely to have to read your paragraph again. Headings help, but they’re not enough. Establish a context for your audience before you provide them with the details.
->
-> We often write the way we think, putting our premises first and then our conclusion. It may be the natural way to develop thoughts, but we wind up with the topic sentence at the end of the paragraph. Move it up front and let users know where you’re going. Don’t make readers hold a lot of information in their heads before getting to the point.
-
-Source: [plainlanguage.gov](https://plainlanguage.gov/guidelines/organize/have-a-topic-sentence)
-
-## Choose your words carefully
-
-> Words matter. They are the most basic building blocks of written and spoken communication. Don’t complicate things by using jargon, technical terms, or abbreviations that people won’t understand.
-
-We should try to avoid abbreviations where possible, but technology is full of abbreviations. In general, spell out the abbreviation/acronym the first time it is used on a page, and add the abbreviation to the abbreviation glossary file when it is used repeatedly.
-
-> Kathy McGinty offers tongue-in-cheek instructions for bulking up your simple, direct sentences:
->
-> > There is no escaping the fact that it is considered very important to note that a number of various available applicable studies ipso facto have generally identified the fact that additional appropriate nocturnal employment could usually keep juvenile adolescents off thoroughfares during the night hours, including but not limited to the time prior to midnight on weeknights and/or 2 a.m. on weekends.
->
->And the original, using stronger, simpler words:
->
-> > More night jobs would keep youths off the streets.
-
-## Be concise
-
-> Unnecessary words waste your audience’s time. Great writing is like a conversation. Omit information that the audience doesn’t need to know. This can be difficult as a subject-matter expert, so it’s important to have someone look at the information from the audience’s perspective.
-
-Source: [plainlanguage.gov](https://plainlanguage.gov/guidelines/concise)
-
-## Keep text conversational
-
-> Verbs are the fuel of writing. They give your sentences power and direction. They enliven your writing and make it more interesting.
->
-> Verbs tell your audience what to do. Make sure it’s clear who does what.
-
-### Use active voice
-
-> Active voice makes it clear who is supposed to do what. It eliminates ambiguity about responsibilities. Not “It must be done,” but “You must do it.”
-
-Source: [plainlanguage.gov](https://plainlanguage.gov/guidelines/conversational/use-active-voice)
-
-### Use "must" for requirements
-
-> - “must” for an obligation
-> - “must not” for a prohibition
-> - “may” for a discretionary action
-> - “should” for a recommendation

docs/os/android-overview.md

@@ -131,7 +131,7 @@ If you have a Google account we suggest enrolling in the [Advanced Protection Pr
 
 The Advanced Protection Program provides enhanced threat monitoring and enables:
 
-- Stricter two-factor authentication; e.g. that [FIDO](../basics/multi-factor-authentication.md#fido-fast-identity-online) **must** be used and disallows the use of [SMS OTPs](../basics/multi-factor-authentication.md#sms-or-email-mfa), [TOTP](../basics/multi-factor-authentication.md#time-based-one-time-password-totp) and [OAuth](https://en.wikipedia.org/wiki/OAuth)
+- Stricter two-factor authentication; e.g. that [FIDO](../basics/multi-factor-authentication.md#fido-fast-identity-online) **must** be used and disallows the use of [SMS OTPs](../basics/multi-factor-authentication.md#sms-or-email-mfa), [TOTP](../basics/multi-factor-authentication.md#time-based-one-time-password-totp) and [OAuth](../basics/account-creation.md#sign-in-with-oauth)
 - Only Google and verified third-party apps can access account data
 - Scanning of incoming emails on Gmail accounts for [phishing](https://en.wikipedia.org/wiki/Phishing#Email_phishing) attempts
 - Stricter [safe browser scanning](https://google.com/chrome/privacy/whitepaper.html#malware) with Google Chrome
@@ -153,7 +153,9 @@ If you have an EOL device shipped with Android 10 or above and are unable to run
 
 All devices with Google Play Services installed automatically generate an [advertising ID](https://support.google.com/googleplay/android-developer/answer/6048248) used for targeted advertising. Disable this feature to limit the data collected about you.
 
-On Android distributions with [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), go to :gear: **Settings** → **Apps** → **Sandboxed Google Play** → **Google Settings** → **Ads**, and select *Delete advertising ID*.
+On Android distributions with [sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), go to :gear: **Settings** → **Apps** → **Sandboxed Google Play** → **Google Settings** → **All services** → **Ads**.
+
+- [x] Select **Delete advertising ID**
 
 On Android distributions with privileged Google Play Services (which includes the stock installation on most devices), the setting may be in one of several locations. Check
 

docs/os/linux-overview.md

@@ -55,7 +55,7 @@ Distros which use atomic updates, on the other hand, apply updates in full or no
 
 The atomic update method can achieve reliability with this model and is used for [distributions](../desktop.md#atomic-distributions) like Silverblue and NixOS. [Adam Šamalík](https://twitter.com/adsamalik) provides a presentation on how `rpm-ostree` works with Silverblue:
 
-- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalík](https://youtu.be/aMo4ZlWznao) <small>(YouTube)</small>
+- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalík](https://youtu.be/-hpV5l-gJnQ) <small>(YouTube)</small>
 
 ### “Security-focused” distributions
 

docs/os/macos-overview.md

@@ -195,7 +195,7 @@ Just because one of an app's processes is sandboxed doesn't mean they all are.
 Alternatively, you can check apps before you run them by running this command in the terminal:
 
 ``` zsh
-% codesign -dvvv --entitlements - <path to your app>
+codesign -dvvv --entitlements - <path to your app>
 ```
 
 If an app is sandboxed, you should see the following output:
@@ -215,7 +215,7 @@ The [Hardened Runtime](https://developer.apple.com/documentation/security/harden
 You can check if an app uses the Hardened Runtime using this command:
 
 ``` zsh
-codesign --display --verbose /path/to/bundle.app
+codesign -dv <path to your app>
 ```
 
 If Hardened Runtime is enabled, you will see `flags=0x10000(runtime)`. The `runtime` output means Hardened Runtime is enabled. There might be other flags, but the runtime flag is what we're looking for here.

docs/passwords.md

@@ -105,7 +105,7 @@ schema:
   -
     "@context": http://schema.org
     "@type": SoftwareApplication
-    name: gopass
+    name: Gopass
     image: /assets/img/password-management/gopass.svg
     url: https://gopass.pw
     applicationCategory: Password Manager
@@ -363,13 +363,13 @@ KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-se
 
 </div>
 
-### gopass (CLI)
+### Gopass (CLI)
 
 <div class="admonition recommendation" markdown>
 
-![gopass logo](assets/img/password-management/gopass.svg){ align=right }
+![Gopass logo](assets/img/password-management/gopass.svg){ align=right }
 
-**gopass** is a minimal password manager for the command line written in Go. It can be used within scripting applications and works on all major desktop and server operating systems.
+**Gopass** is a minimal password manager for the command line written in Go. It can be used within scripting applications and works on all major desktop and server operating systems.
 
 [:octicons-home-16: Homepage](https://gopass.pw){ .md-button .md-button--primary }
 [:octicons-info-16:](https://github.com/gopasspw/gopass/tree/master/docs){ .card-link title="Documentation" }

docs/photo-management.md

@@ -15,10 +15,9 @@ Most cloud **photo management solutions** like Google Photos, Flickr, and Amazon
 
 <div class="admonition recommendation" markdown>
 
-![Ente logo](assets/img/photo-management/ente.svg#only-light){ align=right }
-![Ente logo](assets/img/photo-management/ente-dark.svg#only-dark){ align=right }
+![Ente logo](assets/img/photo-management/ente.svg){ align=right }
 
-**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5 GB of storage as long as you use the service at least once a year.
+**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 10 GB of storage as long as you use the service at least once a year.
 
 [:octicons-home-16: Homepage](https://ente.io){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://ente.io/privacy){ .card-link title="Privacy Policy" }

docs/search-engines.md

@@ -44,8 +44,6 @@ Brave Search includes unique features such as [Discussions](https://search.brave
 [:octicons-eye-16:](https://search.brave.com/help/privacy-policy){ .card-link title="Privacy Policy" }
 [:octicons-info-16:](https://search.brave.com/help){ .card-link title=Documentation}
 
-</details>
-
 </div>
 
 Note that if you use Brave Search while logged in to a Premium account, it may make it easier for Brave to correlate queries with specific users.
@@ -67,8 +65,6 @@ DuckDuckGo is the default search engine for the [Tor Browser](tor.md#tor-browser
 [:octicons-eye-16:](https://duckduckgo.com/privacy){ .card-link title="Privacy Policy" }
 [:octicons-info-16:](https://help.duckduckgo.com){ .card-link title=Documentation}
 
-</details>
-
 </div>
 
 DuckDuckGo offers two [other versions](https://help.duckduckgo.com/features/non-javascript) of their search engine, both of which do not require JavaScript. These versions do lack features, however. These versions can also be used in conjunction with their Tor hidden address by appending [/lite](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/lite) or [/html](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/html) for the respective version.
@@ -87,8 +83,6 @@ DuckDuckGo offers two [other versions](https://help.duckduckgo.com/features/non-
 [:octicons-eye-16:](https://startpage.com/en/privacy-policy){ .card-link title="Privacy Policy" }
 [:octicons-info-16:](https://support.startpage.com/hc/categories/4481917470356-Startpage-Search-Engine){ .card-link title=Documentation}
 
-</details>
-
 </div>
 
 Startpage's majority shareholder is System1 who is an adtech company. We don't believe that to be an issue as they have a distinctly separate [privacy policy](https://system1.com/terms/privacy-policy). The Privacy Guides team reached out to Startpage [back in 2020](https://blog.privacyguides.org/2020/05/03/relisting-startpage) to clear up any concerns with System1's sizeable investment into the service, and we were satisfied with the answers we received.
@@ -111,8 +105,6 @@ A [metasearch engine](https://en.wikipedia.org/wiki/Metasearch_engine) aggregate
 [:octicons-server-16:](https://searx.space){ .card-link title="Public Instances"}
 [:octicons-code-16:](https://github.com/searxng/searxng){ .card-link title="Source Code" }
 
-</details>
-
 </div>
 
 SearXNG is a proxy between you and the search engines it aggregates from. Your search queries will still be sent to the search engines that SearXNG gets its results from.

docs/social-networks.md

@@ -0,0 +1,123 @@
+---
+title: Social Networks
+icon: material/account-supervisor-circle-outline
+description: Find a new social network that doesn’t pry into your data or monetize your profile.
+cover: social-networks.webp
+---
+<small>Protects against the following threat(s):</small>
+
+- [:material-close-outline: Censorship](basics/common-threats.md#avoiding-censorship){ .pg-blue-gray }
+- [:material-account-cash: Surveillance Capitalism](basics/common-threats.md#surveillance-as-a-business-model){ .pg-brown }
+
+These privacy-respecting **social networks** allow you to participate in online communities without giving up your personal information, like your full name, phone number, and other data commonly requested by tech companies.
+
+A growing problem among social media platforms is censorship in two different forms. First, they often acquiesce to illegitimate censorship requests, either from malicious governments or their own internal policies.
+
+Second, they often require accounts to access walled-off content that would otherwise be published freely on the open internet. This effectively censors the browsing activities of privacy-conscious users who are unable to pay the privacy cost of opening an account on these networks.
+
+The social networks we recommend solve the issue of censorship by operating atop an open and decentralized social networking protocol. While it is possible for your account to be banned or silenced by an individual server, there is no central authority which can censor your account across the entire network. They also don't require an account merely to view publicly available content.
+
+You should note that **no** social networks are appropriate for private or sensitive communications. For chatting directly with others, you should use a recommended [instant messenger](real-time-communication.md) with strong end-to-end encryption, and only use direct messages on social media in order to establish a more private and secure chat platform with your contacts.
+
+## Mastodon
+
+<div class="admonition recommendation" markdown>
+
+![Mastodon logo](assets/img/social-networks/mastodon.svg){ align=right }
+
+**Mastodon** is a social network based on open web protocols and free, open-source software. It uses the **:simple-activitypub: ActivityPub** protocol, which is decentralized like email: users can exist on different servers or even different platforms but still communicate with each other.
+
+[:octicons-home-16: Homepage](https://joinmastodon.org){ .md-button .md-button--primary }
+[:octicons-info-16:](https://docs.joinmastodon.org){ .card-link title="Documentation" }
+
+</div>
+
+There are many software platforms which use ActivityPub as their backend social networking protocol, meaning they can talk to servers even when they are running different software. For example, PeerTube is a video publishing software that uses ActivityPub, meaning you can follow channels on PeerTube either with another PeerTube account, *or* with a Mastodon account because Mastodon also uses ActivityPub.
+
+We chose to recommend Mastodon over other ActivityPub software as your primary social media platform for these reasons:
+
+1. Mastodon has a solid history of security updates. In the handful of circumstances where major security vulnerabilities have been found, they coordinate patch releases quickly and cleanly. Historically they have also backported these security patches to older feature branches. This makes it easier for less experienced server hosts who may not feel comfortable upgrading to the latest releases right away to keep their instances secure. Mastodon also has an update notification system built in to the web interface, making it much more likely for server administrators to be aware of critical security patches available for their instance.
+
+2. Mastodon is largely usable with most content types. While it is primarily a microblogging platform, Mastodon easily handles longer posts, image posts, video posts, and most other posts you might encounter when following ActivityPub users who aren't on Mastodon. This makes your Mastodon account an ideal "central hub" for following anyone regardless of the platform they chose to use. In contrast, if you were only using a PeerTube account, you would *only* be able to follow other video channels, for example.
+
+3. Mastodon has fairly comprehensive privacy controls. It has many built-in features which allow you to limit how and when your data is shared, some of which we'll cover below. They also develop new features with privacy in mind. For example, while other ActivityPub software quickly implemented "quote posts" by merely handling links to other posts with a slightly different embed modal, Mastodon is [developing](https://blog.joinmastodon.org/2025/02/bringing-quote-posts-to-mastodon/) a quote post feature which will give you more fine-grained control when your post is quoted.
+
+### Choosing an Instance
+
+To benefit the most from Mastodon, it is critical to choose a server, or "instance," which is well aligned with the type of content you want to post or read about. While censorship in Mastodon does not exist on a network level, it is very possible to experience censorship on a server level depending on your server's administrator.
+
+It is critical to understand that Mastodon is not a single, unified service in the way that X (Twitter) or Facebook are. Each server is its own legal entity, with its own privacy policy, terms of use, administration team, and moderators. While many of these servers are far *less* restrictive and more privacy-respecting than traditional social media platforms, some can be far *more* restrictive or potentially *worse* for your privacy. The Mastodon software does not discriminate between these administrators or place any limitations on their powers.
+
+We do not currently recommend any specific instances, but you may find advice within our communities. We recommend avoiding *mastodon.social* and *mastodon.online* because they are operated by the same company which develops Mastodon itself. From the perspective of decentralization, it is better in the long term to separate software developers and server hosts so that no one party can exert too much control over the network as a whole.
+
+If you are greatly concerned about an existing server censoring your content or the content you can view, you generally have two options:
+
+1. **Host Mastodon yourself.** This approach gives you the exact same censorship resistance as any other website you can host yourself, which is fairly high. Mastodon even [integrates with the Tor network](https://docs.joinmastodon.org/admin/optional/tor) for more extreme scenarios where even your underlying hosting provider is subject to censorship, but this may limit who can access your content to only other servers which integrate with Tor, like most other hidden services.
+
+    Mastodon benefits greatly from a large and active self-hosting community, and its administration is comprehensively documented. While many other ActivityPub platforms can require extensive technical knowledge to run and troubleshoot, Mastodon has very stable and tested releases, and it can generally be run securely without issue by anyone who can use the Linux command line and follow [step-by-step instructions](https://docs.joinmastodon.org/admin/prerequisites).
+
+2. **Use a managed hosting service.** We don't have any specific recommendations, but there are a variety of Mastodon hosting services which will create a brand-new Mastodon server on your own domain (or occasionally a subdomain of their domain, but we recommend against this unless registering your own domain presents too much of a burden to your privacy).
+
+    Typically, Mastodon hosting providers will handle the *technical* side of your instance, but they completely leave the *moderation* side up to you. This means that you will be able to follow any content you like, although it may expose you to more spam or unwanted content because you will not have the dedicated moderation team many larger instances will have.
+
+    This often represents a better approach than self-hosting for most people, because you can benefit from greater control over your own instance without worrying about technical problems or unpatched security vulnerabilities.
+
+    You should look closely at your hosting provider's terms of service and acceptable use policies before registering. These are often far more broad than typical hosted instance rules, and they are far less likely to be enforced without recourse, but they can still be restrictive in undesirable ways.
+
+### Recommended Privacy Settings
+
+From Mastodon's web interface, click the **Administration** link in the right sidebar. Within the administration control panel, you'll find these sections in the left sidebar:
+
+#### Public Profile
+
+There are a number of privacy controls under the **privacy and reach** tab here. Most notably, pay attention to these:
+
+- [ ] **Automatically accept new followers**: You should consider unchecking this box to have a private profile. This will allow you to review who can follow your account before accepting them.
+
+    In contrast to most social media platforms, if you have a private profile you still have the *option* to publish posts which are publicly visible to non-followers, and which can still be boosted and seen by non-followers. Therefore, unchecking this box is the only way to have the *choice* to publish to either the entire world or a select group of people.
+
+- [ ] **Show follows and followers on profile**: You should uncheck this box to hide your social graph from the public. It is fairly uncommon for the list of people you follow to have some genuine benefit to others, but that information can present a risk to you.
+
+- [ ] **Display from which app you sent a post**: You should uncheck this box to prevent revealing information about your personal computing setup to others unnecessarily.
+
+The other privacy controls on this page should be read through, but we would stress that they are **not** technical controls—they are merely requests that you make to others. For example, if you choose to hide your profile from search engines on this page, **nothing** is actually stopping a search engine from reading your profile. You are merely requesting search engine indexes not publish your content to their users.
+
+You will likely still wish to make these requests because they can practically reduce your digital footprint. However, they should not be *relied* upon. The only effective way to hide your posts from search engines and others is to post with non-public (followers only) visibility settings *and* limit who can follow your account.
+
+#### Preferences
+
+You should change your **posting privacy** setting from public to: **Followers-only - Only show to followers**.
+
+Note that this only changes your default settings to prevent accidental over-sharing. You can always adjust your visibility level when composing a new post.
+
+#### Automated post deletion
+
+- [x] Check the **Automatically delete old posts** box.
+
+The default settings here are fine, and will delete any posts you make after 2 weeks, unless you favorite (star) them. This gives you an easy way to control which posts stick around forever, and which ones are only ephemeral. Many settings about how long and when posts are kept can be adjusted here to suit your own needs, however.
+
+It is very rare for social media posts older than a few weeks to be read or relevant to others. These older posts are often ignored because they are challenging to deal with in bulk, but they can build a fairly comprehensive profile about you over time. You should always strive to publish content ephemerally by default, and only keep posts around for longer than that very intentionally.
+
+### Posting Content
+
+When publishing a new post, you will have the option to choose from one of these visibility settings:
+
+- **Public**, which publishes your content to anyone on the internet.
+- **Quiet public**, which you should consider equivalent to publicly posting! This is not a technical guarantee, merely a request you are making to other servers to hide your post from some feeds.
+- **Followers**, which publishes your content only to your followers. If you did not follow our recommendation of restricting your followers, you should consider this equivalent to publicly posting!
+- **Specific people**, which only shares the post with people who are specifically mentioned within the post. This is Mastodon's version of direct messages, but should never be relied on for private communications as we covered earlier, since Mastodon has no E2EE.
+
+If you used our recommended configuration settings above, you should be posting to **Followers** by default, and only posting to **Public** on an intentional and case-by-case basis.
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- Must be free and open source software.
+- Must use a federated protocol to communicate with other instances of the social networking software.
+- Must not have non-technical restrictions on who can be federated with.
+- Must be usable within a standard [web browser](desktop-browsers.md).
+- Must make public content accessible to visitors without an account.
+- Must allow you to limit who can follow your profile.
+- Must allow you to post content visible only to your followers.
+- Must support modern web application security standards/features (including [multifactor authentication](multi-factor-authentication.md)).