update!: Add LTeX for VS Code and remove LanguageTool (#3031 )

update(blog)!: Email Security: Where We Are and What the Future Holds (#3091 )
Signed-off-by: Jonah Aragon <jonah@privacyguides.org>
2026-04-29 08:51:36 +00:00 · 2025-11-18 21:11:01 +10:30 · 2025-11-15 16:36:51 -06:00 · 2025-11-11 05:15:30 +10:30 · 2025-11-11 00:02:02 +10:30 · 2025-11-10 23:34:50 +10:30
98 changed files with 1935 additions and 617 deletions
@@ -51,7 +51,7 @@
            {
              "label": "Main",
              "type": "shell",
-              "command": "./run.sh --cmd=mkdocs --insiders --production",
+              "command": "./run.sh --cmd=mkdocs --insiders",
              "group": "test",
              "runOptions": {
                "runOn": "folderOpen"
@@ -90,7 +90,7 @@ jobs:
            echo "MAIN_SITE_ABOUT_URL=https://www.privacyguides.org/en/about/"
            echo "MAIN_SITE_RECOMMENDATIONS_URL=https://www.privacyguides.org/en/tools/"
            echo "MAIN_SITE_KNOWLEDGE_BASE_URL=https://www.privacyguides.org/en/basics/why-privacy-matters/"
-            echo "ARTICLES_SITE_BASE_URL=https://www.privacyguides.org/articles/"
+            echo "ARTICLES_SITE_BASE_URL=https://www.privacyguides.org/posts/tag/articles/"
            echo "VIDEOS_SITE_BASE_URL=https://www.privacyguides.org/videos/"
          } >> "$GITHUB_ENV"
@@ -72,15 +72,13 @@ jobs:
      continue-on-error: false
      privileged: ${{ fromJSON(needs.metadata.outputs.privileged) }}
      strict: true
    secrets:
      RO_DISCOURSE_API_KEY: ${{ secrets.RO_DISCOURSE_API_KEY }}
  build_i18n:
    if: ${{ contains(github.event.pull_request.labels.*.name, 'ci:build i18n') }}
    needs: [submodule, metadata]
    strategy:
      matrix:
-        lang: [es, fr, he, it, nl, ru, zh-Hant]
+        lang: [es, fr, he, it, nl, ru, zh-Hant, zh-TW]
      fail-fast: false
    uses: ./.github/workflows/build.yml
    with:
@@ -108,8 +106,6 @@ jobs:
    with:
      ref: ${{github.event.pull_request.head.ref}}
      repo: ${{github.event.pull_request.head.repo.full_name}}
    secrets:
      RO_DISCOURSE_API_KEY: ${{ secrets.RO_DISCOURSE_API_KEY }}
  combine_build:
    needs: [build_english, build_i18n, build_blog]
@@ -9,9 +9,6 @@ on:
      repo:
        required: true
        type: string
    secrets:
      RO_DISCOURSE_API_KEY:
        required: false
 permissions:
  contents: read
@@ -82,8 +79,6 @@ jobs:
      - name: Generate Donating Members List
        continue-on-error: true
        env:
          DISCOURSE_API_KEY: ${{ secrets.RO_DISCOURSE_API_KEY }}
        run: |
          pip install requests
          python tools/generate-members.py > includes/members.md
@@ -178,7 +173,7 @@ jobs:
    env:
      LANGUAGE_SWITCHER: false
-      ARTICLES_SITE_BASE_URL: https://www.privacyguides.org/articles/
+      ARTICLES_SITE_BASE_URL: https://www.privacyguides.org/posts/tag/articles/
    steps:
      - name: Add GitHub Token to Environment
@@ -222,8 +217,6 @@ jobs:
      - name: Generate Donating Members List
        continue-on-error: true
        env:
          DISCOURSE_API_KEY: ${{ secrets.RO_DISCOURSE_API_KEY }}
        run: |
          pip install requests
          python tools/generate-members.py > includes/members.md
@@ -471,8 +464,6 @@ jobs:
      - name: Generate Donating Members List
        continue-on-error: true
        env:
          DISCOURSE_API_KEY: ${{ secrets.RO_DISCOURSE_API_KEY }}
        run: |
          pip install requests
          python tools/generate-members.py > includes/members.md
@@ -30,9 +30,6 @@ on:
      cache:
        type: boolean
        default: true
    secrets:
      RO_DISCOURSE_API_KEY:
        required: false
 permissions:
  contents: read
@@ -65,7 +62,7 @@ jobs:
            echo "MAIN_SITE_ABOUT_URL=https://www.privacyguides.org/en/about/"
            echo "MAIN_SITE_RECOMMENDATIONS_URL=https://www.privacyguides.org/en/tools/"
            echo "MAIN_SITE_KNOWLEDGE_BASE_URL=https://www.privacyguides.org/en/basics/why-privacy-matters/"
-            echo "ARTICLES_SITE_BASE_URL=https://www.privacyguides.org/articles/"
+            echo "ARTICLES_SITE_BASE_URL=https://www.privacyguides.org/posts/tag/articles/"
            echo "VIDEOS_SITE_BASE_URL=https://www.privacyguides.org/videos/"
          } >> "$GITHUB_ENV"
@@ -176,8 +173,6 @@ jobs:
      - name: Generate Donating Members List
        continue-on-error: true
        env:
          DISCOURSE_API_KEY: ${{ secrets.RO_DISCOURSE_API_KEY }}
        run: |
          pip install requests
          python tools/generate-members.py > includes/members.md
@@ -89,18 +89,6 @@ jobs:
          echo "sha=$(cat metadata/SHA)" >> "$GITHUB_OUTPUT"
          echo "privileged=$(cat metadata/PRIVILEGED)" >> "$GITHUB_OUTPUT"
  deploy_netlify:
    needs: metadata
    permissions:
      contents: read
    uses: privacyguides/webserver/.github/workflows/deploy-netlify-preview.yml@main
    with:
      netlify_alias: ${{ needs.metadata.outputs.pr_number }}
      netlify_site_id: ${{ vars.NETLIFY_SITE }}
    secrets:
      NETLIFY_TOKEN: ${{ secrets.NETLIFY_TOKEN }}
  deploy_garage:
    needs: metadata
    permissions:
@@ -50,7 +50,7 @@ jobs:
    needs: submodule
    strategy:
      matrix:
-        lang: [en, es, fr, he, it, nl, ru, zh-Hant]
+        lang: [en, es, fr, he, it, nl, ru, zh-Hant, zh-TW]
        build: [build]
    permissions:
      contents: read
@@ -63,8 +63,6 @@ jobs:
      context: production
      continue-on-error: false
      cache: false
    secrets:
      RO_DISCOURSE_API_KEY: ${{ secrets.RO_DISCOURSE_API_KEY }}
  build_blog:
    needs: submodule
@@ -85,8 +83,6 @@ jobs:
    with:
      repo: ${{ github.repository }}
      ref: ${{ github.ref }}
    secrets:
      RO_DISCOURSE_API_KEY: ${{ secrets.RO_DISCOURSE_API_KEY }}
  release:
    name: Create release notes
@@ -112,7 +108,6 @@ jobs:
    needs: [build, build_blog]
    uses: privacyguides/webserver/.github/workflows/deploy-all.yml@main
    secrets:
      NETLIFY_TOKEN: ${{ secrets.NETLIFY_TOKEN }}
      PROD_MINIO_KEY_ID: ${{ secrets.PROD_MINIO_KEY_ID }}
      PROD_MINIO_SECRET_KEY: ${{ secrets.PROD_MINIO_SECRET_KEY }}
      PROD_GARAGE_KEY_ID: ${{ secrets.PROD_GARAGE_KEY_ID }}
@@ -569,3 +569,4 @@ MyMonero
 Monero-LWS
 OkCupid
 Anom
 misgendering
@@ -115,5 +115,6 @@
    "editor.formatOnSave": true,
    "[github-actions-workflow]": {
      "editor.defaultFormatter": "esbenp.prettier-vscode"
-    }
+    },
    "python-envs.pythonProjects": []
 }
@@ -0,0 +1 @@
 https://www.privacyguides.org/funding.json
@@ -42,7 +42,7 @@
 **Privacy Guides** is a socially motivated website that provides information for protecting your data security and privacy. Our mission is to inform the public about the value of digital privacy, and global government initiatives which aim to monitor your online activity. We are a non-profit collective operated entirely by volunteer team members and contributors. Our website is free of advertisements and not affiliated with any of the listed providers.
-The current list of team members can be found [here](https://www.privacyguides.org/en/about/#executive-committee). Additionally, [many people](#contributors) have made contributions to the project, and you can too!
+The current list of team members can be found on [the executive committee page](https://www.privacyguides.org/en/about/#executive-committee). Additionally, [many people](#contributors) have made contributions to the project, and you can too!
 *Featured on: [Tweakers](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html), [The New York Times](https://nytimes.com/wirecutter/guides/online-security-social-media-privacy), [Wired](https://wired.com/story/firefox-mozilla-2022), and [Fast Company](https://www.fastcompany.com/91167564/mozilla-wants-you-to-love-firefox-again).*
@@ -63,9 +63,7 @@ All contributors to the site are listed [here](#contributors). If you have contr
 ## Mirrors
 - **GitHub Pages:** [privacyguides.github.io/privacyguides.org](https://privacyguides.github.io/privacyguides.org/en/)
 - **Netlify (AWS):** [illustrious-bavarois-56cf30.netlify.app](https://illustrious-bavarois-56cf30.netlify.app/en/)
 - **BunnyCDN:** [privacyguides-org-production.b-cdn.net](https://privacyguides-org-production.b-cdn.net/en/)
 - **Hetzner:** [direct.privacyguides.org](https://direct.privacyguides.org/en/) (discouraged!)
 ### Alternative Networks
@@ -117,7 +115,7 @@ Committing to this repository requires [signing your commits](https://docs.githu
 It is required to create a GitHub release to publish the current site to privacyguides.org. The current `main` branch can be previewed at [https://main.staging.privacyguides.dev](https://main.staging.privacyguides.dev) prior to release.
 1. Create a new tag: `git tag -s YYYY.MM.DD -m 'Some message'`
-    - Tag numbering: `YYYY.MM.DD` - if two+ releases are published on the same day, append short commit sha to next release, e.g. `YYYY.MM.DD-6aa14e8`
+    - Tag numbering: `YYYY.MM.DD` - if two+ releases are published on the same day, append short commit to the next release, e.g. `YYYY.MM.DD-6aa14e8`
    - Enable GPG tag signing by default (`git config tag.gpgSign true`) to avoid missing signatures
 2. Push the tag to GitHub: `git push --tags`
 3. A GitHub Release will be automatically created and deployed to the live site.
@@ -614,7 +612,7 @@ Privacy Guides wouldn't be possible without these wonderful people ([emoji key](
 <!-- ALL-CONTRIBUTORS-LIST:END -->
-This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind welcome, including contributions to Privacy Guides outside of this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
+This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind welcome, including contributions to Privacy Guides outside this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
 CLI to generate this table:
@@ -86,6 +86,10 @@ authors:
    mastodon:
      username: blacklight447
      instance: mastodon.social
  ptrmdn:
    name: Peter Marsden
    description: Guest Contributor
    avatar: https://forum-cdn.privacyguides.net/user_avatar/discuss.privacyguides.net/ptrmdn/288/14291_2.png
  sam-howell:
    name: Sam Howell
    description: Guest Contributor
@@ -1,5 +1,6 @@
 ---
 description: Privacy-related news stories, product reviews, opinion pieces, and other important articles from Privacy Guides contributors.
 canonical_url: https://www.privacyguides.org/posts/tag/articles/
 hide:
  - footer
 ---
@@ -5,7 +5,7 @@ categories:
    - News
 authors:
    - em
-description: Age verification laws and propositions forcing platforms to restrict content accessed by children and teens have been multiplying in recent years. The problem is, implementing such measure necessarily requires identifying each user accessing this content, one way or another. This is bad news for your privacy.
+description: Age verification laws forcing platforms to restrict access to content online have been multiplying in recent years. The problem is, implementing such measure necessarily requires identifying each user accessing this content, one way or another. This is bad news for your privacy.
 schema_type: AnalysisNewsArticle
 preview:
  cover: blog/assets/images/age-verification-wants-your-face/ageverification-cover.webp
@@ -1,12 +1,13 @@
 ---
 date:
    created: 2025-09-08T18:00:00Z
    updated: 2025-09-15T16:30:00Z
 categories:
    - News
 authors:
    - em
 description:
-    Chat Control is back to undermine everyone's privacy. There's an important deadline this Friday on September 12th. We must act now to stop it!
+    Chat Control is back to undermine everyone's privacy. There's an important deadline on October 14th, 2025. We must act now to stop it!
 schema_type: ReportageNewsArticle
 preview:
  cover: blog/assets/images/chat-control-must-be-stopped/chatcontrol-cover.webp
@@ -18,7 +19,7 @@ preview:
 <small aria-hidden="true">Illustration: Em / Privacy Guides | Photo: Ramaz Bluashvili / Pexels</small>
-If you've heard of [Chat Control](the-future-of-privacy.md) already, bad news: **it's back**. If you haven't, this is a pressing issue you should urgently learn more about if you value privacy, democracy, and human rights. This is happening **this week**, and **we must act to stop it right now**.<!-- more -->
+If you've heard of [Chat Control](the-future-of-privacy.md) already, bad news: **it's back**. If you haven't, this is a pressing issue you should urgently learn more about if you value privacy, democracy, and human rights. This is happening **right now**, and **we must act to stop it right now**.<!-- more -->
 Take a minute to visualize this: Every morning you wake up with a police officer entering your home to inspect it, and staying with you all day long.
@@ -32,7 +33,16 @@ This is an Orwellian nightmare.
 ## Act now!
-This is happening **this week**. European governments will be finalizing their positions on the regulation proposal on **Friday, September 12th, 2025**.
+This is happening **right now**. European governments will be finalizing their positions on the regulation proposal on September 12th, and there will be a final vote on **October 14th, 2025**.
 <div class="admonition warning" markdown>
 <p class="admonition-title">Important: If you are reading this article after September 12th</p>
 Regardless of the outcome on September 12th, the fight isn't over. The next deadline will be the **final vote on October 14th, 2025**.
 If you've missed September 12th, make sure to contact your representatives **right now** to tell them to **oppose Chat Control** on October 14th.
 </div>
 - ==If you are not located in Europe==: Keep reading, this will affect you too.
@@ -41,11 +51,11 @@ This is happening **this week**. European governments will be finalizing their p
 - If you are located in Europe: You must **act now** to stop it.
 <div class="admonition question" markdown>
-<p class="admonition-title">How to stop this? Contact your MEPs before September 12th</p>
+<p class="admonition-title">How to stop this? Contact your MEPs today</p>
-Use this [**website**](https://fightchatcontrol.eu/) to easily contact your government representatives before September 12th, and tell them they should **oppose Chat Control**. Even if your country already opposes Chat Control, contact your representatives to tell them you are relieved they oppose, and support them in this decision to protect human rights. This will help reinforce their position.
+Use this [**website**](https://fightchatcontrol.eu/) to easily contact your government representatives, and tell them they should **oppose Chat Control**. Even if your country already opposes Chat Control, contact your representatives to tell them you are relieved they oppose, and support them in this decision to protect human rights. This will help reinforce their position.
-But if your country *supports* Chat Control, or is *undecided*, **it is vital that you contact your representatives before this deadline**. To support your point, you can share this article with them or one of the many great [resources](#resources-to-learn-more-and-fight-for-human-rights) listed at the end.
+But if your country *supports* Chat Control, or is *undecided*, **it is vital that you contact your representatives as soon as possible**. To support your point, you can share this article with them or one of the many great [resources](#resources-to-learn-more-and-fight-for-human-rights) listed at the end.
 At the time of this writing, the list of countries to contact is:
@@ -144,11 +154,11 @@ There are many things we can do as a society to increase protections for childre
 ### Mislabelling children as criminals
-First, this automated system is flawed in many ways, and the false-positive rate would likely be high. But let's imagine that, magically, the system could flag CSAM at an accuracy rate of 99%. This still means 1% of reports would be false. Expanded to the size of Europe Union's population of approximately 450 million people, exchanging likely billions of messages and files every day, this still means millions could be falsely tagged as sexual predators, with all the [consequences](https://www.republik.ch/2022/12/08/die-dunklen-schatten-der-chatkontrolle) this implies.
+First, this automated system is flawed in many ways, and the false-positive rate would likely be high. But let's imagine that, magically, the system could flag CSAM at an accuracy rate of 99%. This still means 1% of reports would be false. Expanded to the size of European Union's population of approximately 450 million people, exchanging likely billions of messages and files every day, this still means millions could be falsely tagged as sexual predators, with all the [consequences](https://www.republik.ch/2022/12/08/die-dunklen-schatten-der-chatkontrolle) this implies.
 Worse, the Swiss federal police reported that currently about 80% of all automated reports received were [false-positives](https://www.patrick-breyer.de/en/posts/chat-control/#WhatYouCanDo). This means in reality, the error rate is likely far higher than 1%, and actually closer to an **80% error rate**. Of the approximate 20% of positive reports, in Germany, over 40% of investigations initiated [targeted children](https://www.polizei-beratung.de/aktuelles/detailansicht/straftat-verbreitung-kinderpornografie-pks-2022/) themselves.
-Sometimes, flagged content is simply teenagers innocently sexting each other consensually. Not only would they be wrongly tagged as criminals under Chat Control, but they'd be triggering an investigation that would expose their intimate photos to others.
+Sometimes, flagged content is simply teenagers innocently sexting each other consensually. Not only would they be wrongly tagged as criminals under Chat Control, but they'd be triggering an investigation that would expose their intimate photos to some faceless officers or tech employees working on the system.
 Even in a magical world where Chat Control AI is 99% accurate, it would still wrongly tag and **expose sensitive data from millions of children**. In reality, no AI system is even remotely close to this accuracy level, and proprietary algorithms are usually opaque black boxes impossible to audit transparently. The number of children Chat Control would harm, and likely traumatize for life, would be disastrous.
@@ -243,7 +253,7 @@ Even if the landscape seems dismal, **the battle isn't over**. There are many th
 ### For Europeans, specifically
- Contact your country representatives **TODAY**. Contact them before this Friday, September 12th, 2025. The group Fight Chat Control has put together an [**easy tool**](https://fightchatcontrol.eu/#contact-tool) making this quick with only a few clicks.
+- Contact your country representatives **TODAY**. The group Fight Chat Control has put together an [**easy tool**](https://fightchatcontrol.eu/#contact-tool) making this quick with only a few clicks.
 - After September 12th, the battle isn't over. Although governments will finalize their positions on that day, the final vote happens on **October 14th, 2025**. If you missed the September 12th deadline, keep contacting your representatives anyway.
@@ -251,7 +261,7 @@ Even if the landscape seems dismal, **the battle isn't over**. There are many th
 ### For Everyone, including Europeans
- Talk about Chat Control on social media often, especially this week. Make noise online. Use the hashtags #ChatControl and #StopScanningMe to help others learn more about the opposition movement.
+- Talk about Chat Control on social media often, especially this month. Make noise online. Use the hashtags #ChatControl and #StopScanningMe to help others learn more about the opposition movement.
 - Share informative [videos and memes](#resources-to-learn-more-and-fight-for-human-rights) about Chat Control. Spread the word in various forms.
@@ -296,13 +306,8 @@ We need your help to fight this. For democracy, for privacy, and for all other h
 - [Follow **Fight Chat Control** on Mastodon for updates](https://mastodon.social/@chatcontrol)
-<div class="admonition warning" markdown>
+---
 <p class="admonition-title">Important Note: If you are reading this article after September 12th</p>
-Regardless of the outcome on Friday, the fight isn't over after September 12th. The next deadline will be the **final vote on October 14th, 2025**.
+**Update (9/15):** Added modifications related to the second important deadline for action, on October 14th.
-If you've missed September 12th, make sure to contact your representatives **right now** to tell them to **oppose Chat Control** on October 14th.
+**Update (9/8):** Added clarification about what Chat Control is for readers unfamiliar with it.
 </div>
 Update (9/8): Added clarification about what Chat Control is for readers unfamiliar with it.
@@ -9,7 +9,7 @@ categories:
    - Reviews
 authors:
    - em
-description: "If you have been looking for a privacy-respectful replacement to Google Docs, now is the time to switch to the end-to-end encrypted office suite CryptPad."
+description: If you've been looking for a privacy-respectful replacement to Google Docs, now is the time to switch to the end-to-end encrypted office suite CryptPad.
 preview:
  logo: theme/assets/img/document-collaboration/cryptpad.svg
 review:
@@ -0,0 +1,250 @@
 ---
 date:
    created: 2025-09-30T16:30:00Z
 categories:
    - Explainers
 authors:
    - fria
 tags:
    - Privacy Enhancing Technologies
 schema_type: BackgroundNewsArticle
 description: Differential privacy is a mathematically rigorous framework for adding a controlled amount of noise to a dataset so that no individual can be reidentified. Learn how this technology is being implemented to protect you.
 preview:
  cover: blog/assets/images/differential-privacy/cover.webp
 ---
 # What is Differential Privacy?
 !["Differential Privacy" text with a series of ones and zeros being obscured with a blur filter](../assets/images/differential-privacy/cover.webp)
 <small aria-hidden="true">Image: Privacy Guides / Jordan Warne</small>
 Is it possible to collect data from a large group of people but protect each individual's privacy? In this entry of my series on [privacy-enhancing technologies](../tags.md/#tag:privacy-enhancing-technologies), we'll discuss differential privacy and how it can do just that.<!-- more -->
 ## Problem
 It's useful to collect data from a large group of people. You can see trends in a population. But it requires a lot of individual people to give up personally identifiable information. Even things that seem innocuous like your gender can help identify you.
 Latanya Sweeney in a [paper](https://dataprivacylab.org/projects/identifiability/paper1.pdf) from 2000 used U.S. Census data to try and re-identify people solely based on the metrics available to her. She found that 87% of Americans could be identified based on only 3 metrics: ZIP code, date of birth, and sex.
 Obviously, being able to identify individuals based on publicly available data is a huge privacy issue.
 ## History
 ### Before Differential Privacy
 Being able to collect aggregate data is essential for research. It's what the U.S. Census does every 10 years.
 Usually we're more interested in the data as a whole and not data of individual people as it can show trends and overall patterns in groups of people. However, in order to get that data we must collect it from individuals.
 It was thought at first that simply [removing names and other obviously identifying details](https://simons.berkeley.edu/news/differential-privacy-issues-policymakers#:~:text=Prior%20to%20the%20line%20of%20research%20that%20led%20to%20differential%20privacy%2C%20it%20was%20widely%20believed%20that%20anonymizing%20data%20was%20a%20relatively%20straightforward%20and%20sufficient%20solution%20to%20the%20privacy%20challenge.%20Statistical%20aggregates%20could%20be%20released%2C%20many%20people%20thought%2C%20without%20revealing%20underlying%20personally%20identifiable%20data.%20Data%20sets%20could%20be%20released%20to%20researchers%20scrubbed%20of%20names%2C%20but%20otherwise%20with%20rich%20individual%20information%2C%20and%20were%20thought%20to%20have%20been%20anonymized.) from the data was enough to prevent re-identification, but [Latanya Sweeney](https://latanyasweeney.org/JLME.pdf) (a name that will pop up a few more times) proved in 1997 that even without names, a significant portion of individuals can be re-identified from a dataset by cross-referencing external data.
 Previous attempts at anonymizing data have relied on been highly vulnerable to re-identification attacks.
 #### AOL Search Log Release
 A famous example is the AOL search log release. AOL had been logging its users searches for research purposes. When they released the data, they only replaced the users' real names with an identifier. Researchers were able to identify [user 4417749](https://archive.nytimes.com/www.nytimes.com/learning/teachers/featured_articles/20060810thursday.html) as Thelma Arnold based on the identifying details of her searches.
 #### Strava Heatmap Incident
 In 2018, the fitness app Strava announced a major update to its heatmap, showing the the workout patterns of users of fitness trackers like Fitbit.
 Analyst [Nathan Ruser](https://x.com/Nrg8000/status/957318498102865920) indicated that these patterns can reveal military bases and troop movement patterns. This is obviously a huge op-sec problem and can endanger the lives of troops.
 It was also possible to [deanonymize](https://steveloughran.blogspot.com/2018/01/advanced-denanonymization-through-strava.html) individual users in some circumstances.
 #### Randomized Response
 One of the earliest ideas for anonymizing data was [randomized response](https://uvammm.github.io/docs/randomizedresponse.pdf), first introduced all the way back in 1965 in a paper by Stanley L. Warner. The idea behind it is quite clever.
 For certain questions like "have you committed tax fraud?" respondents will likely be hesitant to answer truthfully. The solution? Have the respondent flip a coin. If the coin is tails, answer yes. If the coin lands on heads, answer truthfully.
 | Respondent | Answer | Coin Flip (not included in the actual dataset just here for illustration) |
 | --- | --- | --- |
 | 1 | Yes | Tails (Answer Yes) |
 | 2 | No | Heads (Answer Truthfully) |
 | 3 | Yes | Tails (Answer Yes) |
 | 4 | Yes | Tails (Answer Yes) |
 | 5| No | Heads (Answer Truthfully) |
 Because we know the exact probability that a "Yes" answer is fake, 50%, we can remove it and give a rough estimate of how many respondents answered "Yes" truthfully.
 Randomized Response would lay the groundwork for differential privacy, but it wouldn't truly be realized for many decades.
 #### Unrelated Question Randomized Response
 A variation used later in a [paper](https://www.jstor.org/stable/2283636) by Greenberg et al. called **unrelated question randomized response** would present each respondent with either a sensitive question or a banal question like "is your birthday in January?" to increase the likelihood of people answering honestly, since the researcher doesn't know which question was asked.
 | Respondent | Question (not visible to researcher) | Answer |
 | --- | --- | --- |
 | 1 | Have you ever committed tax evasion? | No |
 | 2 | Is your birthday in January? | Yes |
 | 3 | Is your birthday in January? | No |
 | 4 | Have you ever committed tax evasion? | Yes |
 | 5 | Have you ever committed tax evasion? | No |
 #### k-Anonymity
 Latanya Sweeney and Pierangela Samarati introduced [k-anonymity](https://dataprivacylab.org/dataprivacy/projects/kanonymity/paper3.pdf) to the world back in 1998.
 It's interesting that even all the way back in 1998 concerns constant data collection were already relevant.
 > Most actions in daily life are recorded on some computer somewhere. That information in turn is often shared, exchanged, and sold. Many people may not care that the local grocer keeps track of which items they purchase, but shared information can be quite sensitive or damaging to individuals and organizations. Improper disclosure of medical information, financial information or matters of national security can have alarming ramifications, and many abuses have been cited.
 In a dataset, you might have removed names and other obviously identifying information, but there might be other data such as birthday, ZIP code, etc., that might be unique to one person in the dataset. If someone were to cross-reference this data with outside data, it could be possible to deanonymize individuals.
 k-anonymity means that for each row, at least k-1 other rows are identical. So for a k of 2, at least one other row is identical to each row.
 ##### Generalization
 This is achieved through a few techniques, one of which is generalization. Generalization is reducing the precision of data so that it's not as unique.
 For example, instead of recording an exact age, you might give a range like 20-30. You've probably noticed this on surveys you've taken before. Data like this that's not directly identifiable but could be used to re-identify someone is referred to as *quasi-identifiers*.
 ##### Suppression
 Sometimes even with generalization, you might have outliers that don't satisfy the k-anonymity requirements.
 In these cases, you can simply remove the row entirely.
 ##### Attacks on k-Anonymity
 k-anonymity has been [demonstrated](https://www.usenix.org/system/files/sec22-cohen.pdf) to not prevent re-identification of individuals despite the data in a dataset being properly k-anonymized by "statistical experts".
 Researchers were able to deanonymize 3 students from a k-anonymized dataset from Harvard and MIT's EdX platform by cross-referencing data from LinkedIn, putting potentially thousands of students at risk of re-identification.
 ### Dawn of Differential Privacy
 Most of the concepts I write about seem to come from the 70s and 80s, but differential privacy is a relatively new concept. It was first introduced in a paper from 2006 called [*Calibrating Noise to Sensitivity in Private Data Analysis*](https://desfontain.es/PDFs/PhD/CalibratingNoiseToSensitivityInPrivateDataAnalysis.pdf).
 The paper introduces the idea of adding noise to data to achieve privacy, similar to randomized response. However, differential privacy is much more mathematically rigorous and provable.
 Of course, adding noise to the dataset reduces its accuracy. Ɛ defines the amount of noise added to the dataset, with a small Ɛ meaning more privacy but less accurate data and vice versa. It's also referred to as the "privacy loss parameter" or "privacy budget".
 #### Central Differential Privacy
 This early form of differential privacy relied on adding noise to the data *after* it was already collected, meaning you still have to trust a central authority with the raw data.
 ## Google RAPPOR
 In 2014, Google introduced [Randomized Aggregatable Privacy-Preserving Ordinal Response](https://arxiv.org/pdf/1407.6981) (RAPPOR), their [open source](https://github.com/google/rappor) implementation of differential privacy.
 Google RAPPOR implements and builds on previous techniques such as randomized response and adds significant improvements on top.
 ### Local Differential Privacy
 In Google's implementation, noise is added to data on-device before it's sent off to any server. This removes the need to trust the central authority to handle your raw data, an important step in achieving truly anonymous data collection.
 ### Bloom Filters
 Google RAPPOR makes use of a clever technique called bloom filters that saves space and improves privacy.
 Bloom filters work by starting out with an array of all 0's
 `[0, 0, 0, 0, 0, 0, 0, 0, 0]`
 Then, you run data such as the word "apple" through a hashing algorithm, which will give 1's in specific positions, say position 1, 3, and 5.
 `[0, 1, 0, 1, 0, 1, 0, 0, 0]`
 When you want to check if data is present, you run the data through the hashing algorithm and check if the corresponding positions are 1's. If they are, the data *might* be present (other data might have flipped those same bits at some point). If any of the 1's are 0's, then you know for sure that the data is not in the set.
 ### Permanent Randomized Response
 A randomization step is performed flipping some of the bits randomly. This response is then "memoized" so that the same random values are used for future reporting. This protects against an "averaging" attack where an attacker sees multiple responses from the same user and can eventually recover the real value by averaging them out over time.
 ### Instantaneous Randomized Response
 On top of the permanent randomized data, another randomization step is performed. This time, different randomness is added on top of the permanent randomness so that every response sent is unique. This prevents an attacker from determining a user from seeing the same randomized pattern over and over again.
 Both the permanent and instantaneous randomized response steps can be fine-tuned to for the desired privacy.
 ### Chrome
 Google first used differential privacy in their Chrome browser for detection of [malware](https://blog.chromium.org/2014/10/learning-statistics-with-privacy-aided.html).
 Differential privacy is also used in Google's [Privacy Sandbox](https://privacysandbox.google.com/private-advertising/aggregation-service/privacy-protection-report-strategy).
 ### Maps
 Google Maps uses DP for its [place busyness](https://safety.google/privacy/data/#:~:text=To%20offer%20features%20like%20place%20busyness%20in%20Maps%2C%20we%20apply%20an%20advanced%20anonymization%20technology%20called%20differential%20privacy%20that%20adds%20noise%20to%20your%20information%20so%20it%20can%E2%80%99t%20be%20used%20to%20personally%20identify%20you.) feature, allowing Maps to show you how busy an area is without revealing the movements of individual people.
 ### Google Fi
 [Google Fi](https://opensource.googleblog.com/2019/09/enabling-developers-and-organizations.html) uses differential privacy as well to improve the service.
 ## OpenDP
 [OpenDP](https://opendp.org) is a community effort to build open source and trustworthy tools for differential privacy. Their members consist of academics from prestigious universities like Harvard and employees at companies like Microsoft.
 There's been an effort from everyone to make differential privacy implementations open source, which is a breath of fresh air from companies that typically stick to closed source for their products.
 ## Apple
 [Apple](https://www.apple.com/privacy/docs/Differential_Privacy_Overview.pdf) uses local differential privacy for much of its services, similar to what Google does. They add noise before sending any data off device, enabling them to collect aggregate data without harming the privacy of any individual user.
 They limit the number of contributions any one user can make via a *privacy budget* (this is the same as Ɛ) so you won't have to worry about your own contributions being averaged out over time and revealing your own trends.
 This allows them to find new words that people use that aren't included by default in the dictionary, or find which emojis are the most popular.
 Some of the things they use differential privacy for include
 - QuickType suggestions
 - Emoji suggestions
 - Lookup Hints
 - Safari Energy Draining Domains
 - Safari Autoplay Intent Detection
 - Safari Crashing Domains
 - Health Type Usage
 That's just based on their initial white paper, they've likely increased their use of DP since then.
 ### Sketch Matrix
 Apple uses a similar method to Google, with a matrix initialized with all zeros. The input for the matrix is encoded with the SHA-256 hashing algorithm, and then bits are flipped randomly at a probability dependent on the epsilon value.
 Apple only sends a random row from this matrix instead of the entire thing in order to stay within their privacy budget.
 ### See What's Sent
 You can see data sent with differential privacy in iOS under Settings > Privacy > Analytics > Analytics Data, it will begin with `DifferentialPrivacy`. On macOS, you can see these logs in the Console.
 ## U.S. Census
 Differential privacy isn't just used by big corporations, in 2020 famously the U.S. Census used DP to protect the data of U.S. citizens for the first time.
 As a massive collection of data from numerous U.S. citizens, it's important for the census bureau to protect the privacy of census participants while still preserving the overall aggregate data.
 ### Impetus
 Since the 90s, the U.S. Census used a less formal injection of statistical noise into their data, which they did all the way through 2010.
 After the 2010 census, the bureau tried to [re-identify individuals](https://www2.census.gov/library/publications/decennial/2020/census-briefs/c2020br-03.pdf) in the census data.
 >The experiment resulted in reconstruction of a dataset of more than 300 million individuals. The Census Bureau then used that dataset to match the reconstructed records to four commercially available data sources, to attempt to identify the age, sex, race, and Hispanic origin of people in more than six million blocks in the 2010 Census.
 Considering 309 million people lived in the U.S. in 2010, that's a devastating breach of personal privacy. Clearly more formal frameworks for protecting the privacy of individuals were needed.
 >Nationwide, roughly 150 million individuals—almost one-half of the population, have a unique combination of sex and single year of age at the block level.
 They could keep adding noise until these attacks are impossible, but that would make the data nigh unusable. Instead, differential privacy offers a mathematically rigorous method to protect the data from future re-identification attacks without ruining the data by adding too much noise. They can be sure thanks to the mathematical guarantees of DP.
 ## DPrio
 Mozilla has been constantly working to make their telemetry more private over the years. Firefox uses [Prio](https://blog.mozilla.org/security/2019/06/06/next-steps-in-privacy-preserving-telemetry-with-prio/), a [Distributed Aggregation Protocol](https://datatracker.ietf.org/doc/html/draft-ietf-ppm-dap)-based telemetry system. It uses Multi-Party Computation to split the processing of user data between multiple parties.
 To accomplish this, [Mozilla](https://blog.mozilla.org/en/firefox/partnership-ohttp-prio/) partnered with [Divvi Up](https://divviup.org/blog/divvi-up-in-firefox/) as their DAP provider, and [Fastly](https://www.fastly.com/blog/firefox-fastly-take-another-step-toward-security-upgrade) as their OHTTP provider. OHTTP acts as a multi-hop proxy to separate traffic between two parties when making a connection: neither Mozilla nor Fastly will know both who you are and what you're connecting to.
 In 2023 researchers from Mozilla also conducted research into making Prio differentially private. The so-named "[DPrio](https://petsymposium.org/popets/2023/popets-2023-0086.pdf)" would combine multi-party computation, OHTTP, and differential privacy in a very impressive display of privacy protection. Unfortunately I couldn't find any evidence to suggest that DPrio has been implemented, but something to keep a lookout for in the future.
 ## Future of Differential Privacy
 Differential privacy unlocks the potential for data collection with minimal risk of data exposure for any individual. Already, DP has allowed for software developers to improve their software, for new possibilities in research in the health sector and in government organizations.
 Adoption of scientifically and mathematically rigorous methods of data collection allows for organizations to collect aggregate data will allow for increased public trust in organizations and subsequently greater potential for research that will result in improvements to our everyday lives.
 I think for there to be more public trust there needs to be a bigger public outreach. That's my goal with this series, I'm hoping to at least increase awareness of some of the technology being deployed to protect your data, especially since so much of the news we hear is negative. Armed with the knowledge of what's available, we can also demand companies and organizations use these tools if they aren't already.
 It's heartening to see the level of openness and collaboration in the research. You can see a clear improvement over time as each paper takes the previous research and builds on it. I wish we saw the same attitude with all software.
 ## Further Research
 Any programmers interested in learning how to implement differential privacy can check out the book *[Programming Differential Privacy](https://programming-dp.com)* to see Python examples.
@@ -0,0 +1,285 @@
 ---
 title: "Email Security: Where We Are and What the Future Holds"
 date:
    created: 2025-11-15T22:45:00Z
 categories:
    - Explainers
 authors:
    - fria
 tags:
    - Email
 license: BY-SA
 schema_type: BackgroundNewsArticle
 description: Email is ubiquitous. If you want to function in modern society, you pretty much have to have an email address. But is it really a good idea to still be relying on the same decades old techology? What can we do about replacing it?
 preview:
  cover: blog/assets/images/email-security/cover.png
 ---
 ![Email icon opening with an alert message inside](../assets/images/email-security/cover.png)
 <small aria-hidden="true">Illustration: fria / Privacy Guides</small>
 Email is ubiquitous. If you want to function in modern society, you pretty much have to have an email address. What was originally just a simple protocol to send messages between machines has morphed beyond what it was originally intended for into the *de facto* authentication, identity, and "secure" communication channel for almost all technology users today. It's been updated many times to fix security issues and there are more updates to come, but is it worth trying to fix a decades-old protocol, or should we scrap it all and start over?<!-- more -->
 ## Current State of Email Security
 The [**Simple Mail Transport Protocol (SMTP)**](https://www.rfc-editor.org/rfc/rfc5321.html) is the standard used to send emails.
 Over the years, multiple protocols have been introduced to fix security issues and improve the usability of email, resulting in a complex mess that we're still feeling the consequences of to this day.
 ### Encryption
 By default, there's no encryption in SMTP. Not transport encryption or end-to-end encryption, it's just a plaintext protocol.
 To remedy this, several solutions have been created.
 #### STARTTLS
 [STARTTLS](https://www.rfc-editor.org/rfc/rfc3207) is a command that allows email clients to negotiate TLS encryption. Importantly, the negotiation phase happens in plaintext which leaves it vulnerable to attackers.
 STARTTLS allows a bit more flexibility at the cost of some security. Since you don't really know if the recipient's email client supports TLS or not, it allows you to continue with the SMTP session anyway if you want to.
 Since it's just using TLS, STARTTLS can't provide E2EE, just transport encryption. The encryption looks something like:
 Encrypted between your email client and your SMTP server → decrypted at your SMTP server → Encrypted between your SMTP server and recipient's SMTP server → decrypted at recipient's SMTP server → encrypted between their SMTP server and their POP3/IMAP server → decrypted at their POP3/IMAP server → encrypted between their POP3/IMAP server and their email client → decrypted by their email client.
 ``` mermaid
 flowchart LR
    A[Email Client] -->|Optional TLS Encryption| B(SMTP Server)
    B --> |Optional TLS Encryption| C(Other SMTP Server)
    C -->|Optional TLS Encryption| D[POP3 or IMAP Server]
    D -->|Optional TLS Encryption| F[Other Party's Email Client]
 ```
 At each point in the process TLS encryption is not guaranteed. Now consider that you can have multiple recipients with their own SMTP servers as well, and you start to see how flimsy this protection can be. And since the initial negotiation is in plaintext, an attacker can simply strip away the STARTTLS command, preventing a secure connection from being established.
 Authentication is left to another protocol to solve, this just handles the transport encryption.
 #### SMTPS
 Also known as "Implicit TLS" (as opposed to the "Explicit TLS" of STARTTLS), SMTPS starts with an encrypted connection, similar to HTTPS, removing the potential for an adversary to downgrade the connection.
 The [current](https://datatracker.ietf.org/doc/html/rfc8314) recommendations are to use port 465 for SMTPS and port 587 for STARTTLS. Unfortunately, these ports aren't standardized and thus there is disagreement and confusion about what port should be used for SMTPS.
 In the past, ports 25, 465, 587, and 2525 have all been used for SMTP at various points. This lack of a standardized port means that you end up with services using different ports and being unable to establish a secure connection. Particularly, there is still confusion in some email providers whether to use port 465 or port 587 for SMTPS, although the current recommendation is port 465.
 #### POP3S
 [Post Office Protocol version 3](https://en.wikipedia.org/wiki/Post_Office_Protocol) or POP3 is a protocol for retrieving mail from a mail server. It's one of the ways your email client can show you your mail.
 POP3 also supports implicit TLS over port 995, so it can be encrypted by default as well.
 #### IMAPS
 [Internet Message Access Protocol](https://en.wikipedia.org/wiki/Internet_Message_Access_Protocol) or IMAP is another protocol for retrieving mail from a mail server.
 Like SMTPS and POP3s, IMAP supports implicit TLS. The implicit TLS port is 993.
 #### OpenPGP
 The above features only protect the email in transit and don't protect against the email providers involved, which is a massive security issue if you don't trust your email provider. On top of that, you as a user have no control over which parts of the chain are encrypted. If you want to be sure that no party in between you and your recipient can read or alter your emails, you need to use end-to-end encryption. Unfortunately, by default, email doesn't support end-to-end encryption.
 [Pretty Good Privacy (PGP)](https://www.openpgp.org/about/) was originally created in 1997 by [Phil Zimmerman](https://www.privacyguides.org/videos/2025/05/08/when-code-became-a-weapon/). While originally proprietary software, an open source version of PGP called OpenPGP has been standardized by the [IETF](https://www.rfc-editor.org/rfc/rfc9580.html). As you can imagine from software originally conceived in the 90s, the user experience isn't the smoothest.
 Unlike modern messengers like [Signal](https://signal.org), OpenPGP requires you to [manually manage your keys](https://dev.to/adityabhuyan/how-to-generate-your-own-public-and-secret-keys-for-pgp-encryption-1joh). This is a problem not only because it's cumbersome, but the security of E2EE rests on protecting the private key. If the private key is compromised, your messages are compromised.
 PGP also lacks [forward secrecy](https://en.wikipedia.org/wiki/Forward_secrecy), meaning that if your private key is ever exposed, all previous messages you've ever sent using that key are also exposed. All it takes is a slight user error for a catastrophic compromise.
 PGP encryption also usually doesn't encrypt important metadata like `To`, `From`, `Cc`, `Date`, and `Subject`, stored in the [email header](https://en.wikipedia.org/wiki/Email#Message_header); usually, only the body of the email is encrypted, which can be a major privacy issue. What the email is about, who you are, and who you're messaging can all be revealed even with E2EE. Some email clients use their hidden headers that can reveal more data about you.
 #### S/MIME
 Another common option for email encryption is [S/MIME](https://www.digicert.com/faq/email-trust/what-is-smime-or-encrypted-email), or Secure/Multipurpose Internet Mail Extensions. S/MIME works a bit like HTTPS, using [X.509 digital certificates](https://www.ssl.com/faqs/what-is-an-x-509-certificate/) and [certificate authorities](https://www.digicert.com/blog/what-is-a-certificate-authority) to encrypt and verify the authenticity of emails.
 While a step up from the manual keys of PGP, S/MIME is still a pain to use, particularly because it usually requires purchasing and managing a certificate from a CA, which can be expensive and annoying. S/MIME also lacks forward secrecy just like PGP, so if there's ever a compromise of your private key, all previously sent messages are also compromised.
 These issues make S/MIME nonviable for most people outside business settings.
 #### Web Key Directory
 A problem with PGP is getting your public key out to people without manually exchanging keys. This problem can be solved with Web Key Directory (WKD), which allows you to upload your public PGP key to a server and clients that want to send E2EE emails to you can ask that server to send you their public key.
 You can read more on our [email security](https://www.privacyguides.org/en/basics/email-security/?h=email#what-is-the-web-key-directory-standard) page.
 ### Authentication
 SMTP by default essentially has no authentication and allows spoofing the `MAIL FROM` header. Your email client will just blindly accept whoever the sender says they are without any authentication. Luckily, there are several solutions for this.
 There are multiple methods that email providers can implement to verify the authenticity of an email sender.
 #### SPF
 The first solution implemented was [Sender Policy Framework (SPF)](https://datatracker.ietf.org/doc/html/rfc7208). SPF uses [DNS TXT records](https://www.cloudflare.com/learning/dns/dns-records/dns-txt-record/).
 Just like the name sounds, a DNS TXT record allows you to store text in a [DNS record](https://www.cloudflare.com/learning/dns/dns-records/). Here's an example of what a DNS TXT record might look like:
 | example.com | record type | value | TTL |
 |-------------|--------------|--------|-----|
 | @           | TXT          | "color=blue" |99999|
 SPF lists all the servers that are authorized to send from a specific domain. When an email is received, it checks the sending server against the list of authorized servers for that domain. An SPF record might look like this:
 | example.com | record type | value | TTL |
 |-------------|--------------|--------|-----|
 | @ | TXT | "v=spf1 ip4:200.56.78.99 ip4:156.67.109.43 include:_spf.google.com -all" |99999|
 The IP addresses are the ones that are authorized to send email from this domain. The `include:` tag denotes what third-party domains are allowed to send email on behalf of `example.com`. The third-party SPF record will be checked and included in the allowed IP addresses.
 While a good start, SPF still has several glaring weaknesses. Since it relies on DNS, an attack on the DNS infrastructure could cause spoofed DNS data to be accepted.
 Since SPF doesn't authenticate individual users, it's still possible for a sender to impersonate another user. SPF does not authenticate the `MAIL FROM` header. If you try to send an email from a gmail.com domain, but the server doesn't match gmail.com, it will fail.
 SPF has a few different modes, allowing for a hard fail, soft fail, or completely ignoring it. `-all` means an email that fails will be rejected, `~all` will mark emails that fail as insecure or spam but still send them, and `+all` will specify that any server is allowed to send emails on behalf of your domain.
 This flexibility, while convenient, allows for the security benefits of SPF to be completely undermined.
 #### DKIM
 [DomainKeys Identified Mail (DKIM)](https://www.cloudflare.com/learning/dns/dns-records/dns-dkim-record/) relies on public key cryptography to verify the domain of an email.
 Example of a DKIM DNS TXT record:
 | name | record type | value | TTL |
 |-------------|--------------|--------|-----|
 | test-email._domainkey.example.com | TXT | "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtY+7sGVwvyS8w+3HgJk7EviazH+C4L8gV4gOJzAq9oKJjZ5En7LDEw3FqAh8C0M59c9sBQcC+Kj8VxMBY9y+E0Pm1fPK9V7sI3Gm7yE7Y9yU4uVZr8R3N+5z+qZ+7V76RU4oZ0mtSvw8m3pX1hZyHd7NZfXaFfKfgd18W5T7YQIDAQAB" | 9999 |
 DKIM records are stored under a specific name following the format
 `[selector]_domainkey.[domain]`
 The public and private keys are generated by the email provider, such as gmail.com. The public key is stored in a publicly available DNS TXT record like the one seen above and is used by the receiver to verify messages. The private key is kept secret by the email provider.
 Emails sent from the email provider contain a DKIM header with a signature generated from the private key and the content of the message. If the email message is altered or signed with the wrong key, when the receiver verifies the signature using the public key it will be obvious it was altered.
 An example of a DKIM header:
 `v=1; a=rsa-sha256; d=example.com; s=test-email; h=from:to:subject bh=uMixy0BsCqhbru4fqPZQdeZY5Pq865sNAnOAxNgUS0s=;b=LiIvJeRyqMo0gngiCygwpiKphJjYezb5kXBKCNj8DqRVcCk7obK6OUg4o+EufEbBtRYQfQhgIkx5m70IqA6dP+DBZUcsJyS9C+vm2xRK7qyHi2hUFpYS5pkeiNVoQk/Wk4wZG4tu/g+OA49mS7VX+64FXr79MPwOMRRmJ3lNwJU=`
 `v=` shows the version of DKIM, currently version one is the latest (we'll come back to that later). `a=` shows the algorithm used. `d=` shows the domain of the sender. `s=` denotes the selector that is used in the TXT record. `h=` shows the headers that were used to create the signature. `bh=` shows a hash of the body of the email. `b=` is the signature computed from the listed headers and the hash of the body listed in `bh`.
 In this way, not only does DKIM provide assurance that the email was sent from the correct domain, it also protects the integrity of the message. However, since the keys are controlled by your email provider, it can't stop your email provider from tampering with your messages.
 Note also that this has nothing to do with encryption of the message, only verifying the authenticity and sender. The message is still sent in plaintext unless another component encrypts it.
 #### DMARC
 [Domain-based Message Authentication Reporting and Conformance (DMARC)](https://www.cloudflare.com/learning/dns/dns-records/dns-dmarc-record/) is an authentication method that builds on SPF and DKIM. DMARC tells a receiving email server what to do after checking the SPF and DKIM. If the email fails, the DMARC policy tells the receiver whether to mark it as spam, block it, or allow it through.
 DMARC also uses TXT records. An example DMARC policy might look like
 `v=DMARC1; p=quarantine; adkim=s; aspf=s;`
 The `v=` shows the version of DMARC to use. The `p=` shows what should be done with emails if they fail, in this case `quarantine` means the receiver should put the email in the user's spam folder. `reject` can be specified as well to show that emails that fail should be outright blocked. `adkim=` tells how DKIM should be enforced, with `s` meaning "strict"; for relaxed, `r` is listed instead. Ditto for `aspf=`.
 #### DNSSEC
 You may have noticed that all of these authentication methods rely on DNS. Unfortunately, DNS wasn't designed to be secure when it was invented in the 1980s. Ironically, there's no authentication built into DNS by default, so by attacking DNS, a malicious actor can [poison](https://www.cloudflare.com/learning/dns/dns-cache-poisoning/) your DNS cache with false information.
 [Researchers at CMU in 2014](https://www.sei.cmu.edu/blog/probable-cache-poisoning-of-mail-handling-domains/) found that emails that were supposedly to be sent by Gmail, Yahoo!, and Outlook.com were actually being sent by a rogue email server. This is disastrous for security and breaks the entire email authentication system. There are many such cases of attacks on DNS infrastructure and many more [possible attacks](https://www.akamai.com/glossary/what-are-dns-attack-vectors) on DNS.
 The solution? [DNSSEC](https://www.cloudflare.com/learning/dns/dnssec/how-dnssec-works/). DNSSEC uses digital signatures to verify the authenticity of the DNS response. Unfortunately, DNSSEC isn't as widely used as it could be so DNS attacks are still a real threat.
 DNSSEC forms a [chain of trust](https://en.wikipedia.org/wiki/Chain_of_trust), with each zone forming a parent/child relationship all the way up to the [root zone](https://www.cloudflare.com/learning/dns/glossary/dns-root-server/).
 The public key infrastructure (PKI) that we rely on for things like HTTPS in browsers similarly relies on a chain of trust, but web PKI relies on many trusted entities whereas DNSSEC effectively reduces it to one: the IANA which signs the root zone key in a [root signing ceremony](https://www.cloudflare.com/learning/dns/dnssec/root-signing-ceremony/).
 Effectively, DNSSEC is designed so that you can be sure the results of a DNS query are accurate.
 #### DANE
 DNS-Based Authentication of Named Entities or DANE applies the security of DNSSEC to email. It forces TLS to be used and binds the TLS certificate to DNS names directly using TLSA, thus allowing email providers to bypass the certificate authority system relied on by HTTPS.
 #### MTA-STS
 [MTA-STS](https://www.mailhardener.com/kb/mta-sts) or Mail Transfer Agent Strict Transport Security is a way to force TLS connections for email and validate that the DNS is correct. Instead of DNSSEC, MTA-STS relies on HTTPS and the web PKI to validate DNS. It's not stored as a DNS record but instead an HTTPS server that serves the file.
 You can think of MTA-STS like HSTS, HTML Strict Transport Security, which forces the use of TLS for websites. It's the same principal, just applied to email.
 The extra reliance on web PKI introduces more trust than with DNSSEC, but it's easier to implement and relies on the already-established infrastructure of the internet.
 Both DANE and MTA-STS can be used together for a multilayered approach to email security.
 ### General Security
 #### Email as a Backdoor into Your Accounts
 Something seldom discussed is the fact that email is the default 2FA method for most accounts and also can be used to bypass your password through the password reset function on the login screen of most services. This essentially means the security of all of your accounts rests on the security of your email, which can be very shaky and lacks E2EE usually. It's most comparable to SMS 2FA which is also used a lot of the time as a method for getting into accounts when you forgot your password.
 I touched on this a bit in my [passkey article](toward-a-passwordless-future.md), but we need to stop relying on email for security critical applications and start using proper recovery methods like recovery codes. Email should be used for what it's intended for: sending messages and updates to people, announcements, etc.
 #### Third-Party Clients
 Many email providers such as Gmail provide their own clients for you to view your inbox, send messages, etc. But many people choose to use third-party clients for their email needs.
 While it's great that email can support that, it does mean you need to trust another party with your sensitive email and essentially the security of all of your accounts. Not to mention that email clients can have [vulnerabilities](https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/), so you need to be very careful about which one you trust.
 #### Email Attack Surface
 A big part of the reason email clients can be so vulnerable to exploits is the vast attack surface afforded by things like JavaScript support in emails. This puts email clients dangerously close to the same territory as browsers in terms of attack surface but without the same level of scrutiny or hardening effort that goes into browsers.
 Since almost anyone can email you at any time, you have to trust that your email client vendor is able to protect you against [vulnerabilities](https://www.csoonline.com/article/1308164/microsoft-outlook-flaw-opens-door-to-1-click-remote-code-execution-attacks.html) and also has timely patches when they're found.
 Luckily, lots of email clients let you disable JavaScript and HTML if you want, but not all do, and email clients can have lots of other vulnerabilities as well not related to JavaScript.
 ## Future of Email Security
 It's been a multi-decade cross-industry effort to bring email up to snuff as a modern communication system, and we still have a long way to go. There's still efforts to improve the state of email security, so look out for these in the future.
 ### Improvements to OpenPGP
 The IETF has a [working group](https://datatracker.ietf.org/wg/openpgp/about/) for OpenPGP that wants to add many improvements to OpenPGP, including post-quantum encryption, forward secrecy, and usability improvements.
 Key transparency is also a planned feature, similar to what apps like [WhatsApp](https://scontent.xx.fbcdn.net/v/t39.8562-6/379264560_846690136905658_6336040801441930900_n.pdf?_nc_cat=108&ccb=1-7&_nc_sid=e280be&_nc_ohc=gNmDlLkE0DMQ7kNvwEyKONi&_nc_oc=AdmucQjSjoTw2nXUszYeZNStyUHGqvM2pj3oRVV7qI4xmLEJMmY2pUV29WcOnKC1KpA&_nc_zt=14&_nc_ht=scontent.xx&_nc_gid=5lSqV7L5iCqeiMSQDCwN0w&oh=00_AfXoxrF8ukQtSVZM_BCBDbveIDviQPfn0kDEV8pSbxX1SQ&oe=68AB9400) have implemented. Key transparency systems use an append-only, auditable and tamper-evident log of keys that allows you to automatically verify the authenticity of whoever you're messaging with.
 There's even a plan to add the ability to verify keys manually using QR codes, similar to how some messengers let you manually verify keys.
 ### Improvements to S/MIME
 The [LAMPS](https://datatracker.ietf.org/wg/lamps/about/) working group is looking at adding post-quantum encryption to S/MIME to protect against future quantum computer threats. This would include "dual-signature" schemes combining traditional encryption with PG encryption, similar to how some messengers handle it.
 ### DKIM2
 [DKIM2](https://www.ietf.org/archive/id/draft-gondwana-dkim2-motivation-00.html) is the planned next version of DKIM.
 An issue with the current version of DKIM is a malicious actor taking emails signed with DKIM from a different domain and replaying them, spamming them out to thousands of people and eroding trust in the original domain. The new DKIM2 specification would force each hop the email takes along its path to sign it, so any issues will be the fault of the previous hop.
 DKIM2 aims to simplify the protocol and make it more standardized. For example, in practice, the vast majority of DKIM is singed using relaxed methods, so DKIM2 will only support relaxed.
 The fact that DKIM relies on an explicit list of headers as part of the signature, there is inconsistent signing of headers and some security-critical headers might not be signed. In order to prevent attackers from adding headers that weren't originally part of the email, providers would sign headers with no information in them. DKIM2 would specify a fixed set of headers in alignment with best practices, so there won't be a need to specify headers.
 ### DMARCbis
 [DMARCbis](https://datatracker.ietf.org/doc/draft-ietf-dmarc-dmarcbis/) is a proposed updated version of DMARC.
 The `pct` tag is going away, which was a tag that would only allow a specified percentage of emails, say 50%, to be sent if they failed. Apparently, this wasn't implemented properly so now it's being replaced with the `t` mode that is a binary pass or fail.
 The new `np` tag adds the ability to define what to do with a non-existent subdomain of a real domain. This will prevent cybercriminals from subverting DMARC by using a fake subdomain.
 They are also adding [requirements](https://datatracker.ietf.org/doc/html/draft-ietf-dmarc-dmarcbis-41#name-conformance-requirements-fo) that mail providers must meet to fully conform to the specification, which should eliminate questions about best practices and how DMARC should be implemented.
 ### Deprecation of Cleartext Email
 Since there are now protocols in place to at least allow for transport encryption at every stage of the email process, providers should work on [removing support](https://datatracker.ietf.org/doc/html/rfc8314#section-4.1) for unencrypted email entirely.
 Transport encryption between servers now should be the minimum expected for email services going into the future.
 ### Passkeys
 The adoption of [passkeys](https://fidoalliance.org/passkeys/) will eliminate the need for email as a recovery method, since users won't have to remember passwords. Email can be used for what it was originally intended for: a method of communication and sending updates and announcements, nothing more. This will take a concerted effort from service providers though, and it seems for now most services that support passkeys still require and email for some reason. Here's hoping this changes in the future.
 The adoption of passkeys will also make email services themselves more secure, since at the moment they act as a sort of de facto recovery method for all of our accounts. They should focus on deprecating passwords for improved security.
 ### Wider Adoption of DNSSEC
 DNSSEC should be universally adopted to prevent DNS poisoning attacks. This would drastically improve the security of email.
 ### Guidance for E2EE
 The usability of E2EE in email is significantly lacking compared to other methods of communication, especially modern messengers like Signal that make the E2EE very seamless and simple. The handling of E2EE by email clients can also vary a lot and leave email users [vulnerable to bypasses](https://efail.de) for the E2EE.
 An [RFC](https://www.ietf.org/archive/id/draft-ietf-lamps-e2e-mail-guidance-17.html) to address usability issues and best practices for email clients exists, hopefully it can lead to a future of improved user experience and security in email.
 ### SMTP End-to-End Encryption
 The biggest obstacle in the way of email privacy is it's not E2EE by default like most modern messengers we use daily. Some providers like Proton Mail will automatically encrypt emails between [Proton Mail](https://proton.me/support/manage-encryption#:~:text=Proton%20Mail%20encrypts%20all%20emails%20sent%20between%20Proton%20accounts%20with%20end%2Dto%2Dend%20encryption%20(E2EE)) users. The obvious next step is to build E2EE into SMTP itself.
 An [RFC proposal](https://dcrubro.com/files/smtp-ee2esign-latest.txt) exists for just such an idea. I'm hopeful something like this can be standardized and widely adopted, and finally bring email into the 21st century.
@@ -5,7 +5,7 @@ categories:
    - Opinion
 authors:
    - em
-description: Encryption is not a crime, encryption protects all of us. Encryption, and especially end-to-end encryption, is an essential tool to protect everyone online. Attempts to undermine encryption are an attack to our fundamental right to privacy and an attack to our inherent right to security and safety.
+description: Encryption is not a crime, encryption protects us all. Encryption, and especially end-to-end encryption, is an essential tool to protect everyone online. Attempts to undermine encryption are an attack to our fundamental right to privacy and an attack to our inherent right to security and safety.
 schema_type: OpinionNewsArticle
 preview:
  cover: blog/assets/images/encryption-is-not-a-crime/encryption-is-not-a-crime-cover.webp
@@ -7,7 +7,7 @@ tags:
    - Pride Month
 authors:
    - em
-description: Data privacy is important for everyone. But for some marginalized populations, data privacy is indispensable for social connection, access to information, and physical safety. For Pride month this year, we will discuss topics at the intersection of data privacy and experiences specific to the LGBTQ+ community.
+description: Data privacy is important for everyone. But for some marginalized populations, data privacy is indispensable for social connection, access to information, and physical safety. For Pride month, we discuss topics at the intersection of data privacy and experiences specific to the LGBTQ+ community.
 schema_type: AnalysisNewsArticle
 preview:
  cover: blog/assets/images/importance-of-privacy-for-the-queer-community/pride-cover.webp
@@ -8,7 +8,7 @@ tags:
    - Tor
 authors:
    - em
-description: You might have heard of Tor in the news a few times, yet never dared to try it yourself. Despite being around for decades, Tor is still a tool too few people know about. Today, Tor is easy to use for anyone. It not only helps journalists and activists, but anybody who seeks greater privacy online or access to information regardless of location. But what is Tor exactly? How can Tor help you? And why is it such an important tool?
+description: You might have heard of Tor already, yet never dared to try it yourself. Despite being around for decades, too few people know about Tor. It isn't only a tool for journalists and activists, but for anyone seeking greater privacy online. What is Tor exactly? And how can Tor help you?
 schema_type: OpinionNewsArticle
 preview:
  cover: blog/assets/images/in-praise-of-tor/tor-cover.webp
@@ -8,7 +8,7 @@ categories:
    - Reviews
 authors:
    - em
-description: "If you need a password manager for iOS or macOS that gives you full control over your data, KeePassium is a fantastic option. KeePassium offers some synchronization features, but keeps your password database offline by default. You choose who to trust to store your passwords, and you can change it whenever you want."
+description: If you need a password manager for iOS or macOS that gives you full control over your data, KeePassium is a fantastic option. With KeePassium, you can keep your password database offline entirely, or choose whomever you trust to store it. You can also change this anytime.
 preview:
  logo: blog/assets/images/keepassium-review/keepassium.svg
 review:
@@ -66,7 +66,7 @@ All of these applications are optional. You can set up nearly any combination of
 | Arti | A [Tor](https://www.privacyguides.org/en/advanced/tor-overview) client written in Rust. | Connect to Tor nodes, broadcast transactions over Tor, and connect to TrueNAS apps over Tor. |
 | Java I2P | The officially distributed app to connect to the [I2P network](https://www.privacyguides.org/en/alternative-networks/#i2p-the-invisible-internet-project). | Connect to I2P nodes, broadcast transactions over I2P, and connect to TrueNAS apps over I2P. |
 | Monero Node | The officially distributed app for communicating with the Monero network. | The app provides the necessary information to send and receive Monero transactions. Most wallets (including the official Monero wallets and Cake Wallet) connect to Monero nodes. |
-| Monero-LWS | A "**L**ight**w**eight **S**erver" that allows "lightweight" wallets to send and receive Monero transactions. | Lightweight Monero wallet apps (including Edge Wallet and MyMonero) can connect to this server so that the wallet itself does not need to scan/sync Monero history; the server handles this scanning/syncing. |
+| Monero-LWS | A "**L**ight-**W**allet **S**erver" that allows "light-wallets" to send and receive Monero transactions. | Monero light-wallet apps (including Edge Wallet and MyMonero) can connect to this server so that the wallet itself does not need to scan/sync Monero history; the server handles this scanning/syncing. |
 ## Configure TrueNAS Storage
@@ -0,0 +1,157 @@
 ---
 date:
    created: 2025-09-15T17:30:00Z
 categories:
    - Explainers
 authors:
    - fria
 tags:
    - Privacy Enhancing Technologies
 schema_type: BackgroundNewsArticle
 description: Learn about Secure Multi-Party Computation and how it can be used to solve real-world privacy problems.
 preview:
  cover: blog/assets/images/multi-party-computation/cover.webp
 ---
 # What is Multi-Party Computation?
 ![An image of a lock and multiple keys going toward it to unlock it](../assets/images/multi-party-computation/cover.webp)
 <small aria-hidden="true">Illustration: Jordan Warne / Privacy Guides</small>
 We know how to secure data in storage using E2EE, but is it possible to ensure data privacy even while processing it server-side? This is the first in a [series](../tags.md/#tag:privacy-enhancing-technologies) of articles I'll be writing covering the privacy-enhancing technologies being rolled out.<!-- more -->
 ## History
 In a seminal [paper](https://dspace.mit.edu/bitstream/handle/1721.1/148953/MIT-LCS-TM-125.pdf?sequence=1) called "Mental Poker" by Adi Shamir, Ronald L. Rivest, and Leonard M. Adleman from 1979, the researchers attempt to demonstrate a way of playing poker over a distance using only messages and still have it be a fair game.
 To explain, fan favorites Alice and Bob will make a return. First, Bob encrypts all the cards with his key, then sends them to Alice. Alice picks five to deal back to Bob as his hand, then encrypts five with her own key and sends those to Bob as well. Bob removes his encryption from all ten cards and sends Alice's cards back to her.
 <div style="position: relative; padding-top: 56.25%;"><iframe title="Mental Poker Animation" width="100%" height="100%" src="https://neat.tube/videos/embed/k5jMvrTPLx5VcgzNq3ej1B?title=0" frameborder="0" allowfullscreen="" sandbox="allow-same-origin allow-scripts allow-popups allow-forms" style="position: absolute; inset: 0px;"></iframe></div>
 Notice that Bob needs to be able to remove his encryption *after* Alice has applied hers. This commutative property is important for the scheme to work.
 This early scheme is highly specialized for this task and not applicable to different situations.
 ### Secure Two-Party Computation
 Alice and Bob have struck it rich! They're both millionaires, but they want to be able to see who has more money without revealing exactly how much they have to each other.
 Luckily, we can use **Multi-Party Computation** (**MPC**) to solve this "Millionaire's Problem," using a method invented by Andrew Yao called *garbled circuits*. Garbled circuits allow us to use MPC for any problem as long as it can be represented as a boolean circuit, i.e. a set of logic gates such as `AND` `OR` `XOR` etc.
 ### Garbled Circuits
 We can split the two parties into an "Evaluator" and a "Generator". The Generator will be responsible for setting up the cryptography that'll be used, and the Evaluator will actually perform the computation.
 We start by making the truth table for our inputs. In order to hide the values of the truth table, we assign each input a different label. Importantly, we need to assign a different label for each input, so 1 will not be represented by the same label for each. We also need to shuffle the order of the rows, so the values can't be inferred from that.
 We can still tell what the value is based on knowing the type of logic gate. For example, an `AND` gate would only have one different output, so you could infer that output is 1 and the others are 0. To fix this, we can encrypt the rows using the input labels as keys, so only the correct output can be decrypted.
 We still have a problem, though: how can the Evaluator put in their inputs? Asking for both labels would allow them to decrypt more than one output, and giving their input would break the whole point. The solution is something called "Oblivious Transfer".
 The solution is for the Evaluator to generate two public keys, one of which they have the private key for. The Generator encrypts the two labels for the Evaluator's inputs using the provide public keys and sends them back. Since the Generator only has a private key for one of the labels, they will decrypt the one they want. The Generator puts the labels in order so that the Evaluator can choose which one they want to decrypt. This method relies on the Evaluator not to send multiple keys that can be decrypted. Because some trust is required, this protocol is considered "semi-honest".
 There's a good explainer for Yao's garbled circuits [here](https://lcamel.github.io/MPC-Notes/story-en-US.html) if you're interested in a step-by-step walkthrough.
 ### Birth of Multi-Party Computation
 Multi-Party Computation was solidified with the [research](https://dl.acm.org/doi/pdf/10.1145/28395.28420) of Oded Goldreich, Silvio Micali, and Avi Wigderson and the GMW paradigm (named after the researchers, similar to how RSA is named).
 #### More Than Two Parties
 Yao's protocol was limited to two parties. The GMW paradigm expanded the protocol to be able to handle any number of parties and can handle actively malicious actors as long as the majority are honest.
 #### Secret Sharing
 The GMW paradigm relies on secret sharing which is a method of splitting private information like a cryptographic key into multiple parts such that it will only reveal the secret if the shares are combined. The GMW protocol uses additive secret sharing, which is quite simple. You come up with a secret number, say 123, and you split it up into however many other numbers you want.
 `99 + 24 = 123`
 You distribute each number to a participant and add them all together to get the original secret. While simple, it doesn't play well with multiplication operations.
 #### Zero-Knowledge Proofs
 The GMW paradigm introduced protections against malicious adversaries, powered by zero-knowledge proofs (ZKP). ZKP allow one party to convince another party a statement is true without revealing any other information than the fact that the statement is true. The concept of ZKP was first introduced in a [paper](https://dl.acm.org/doi/pdf/10.1145/22145.22178) from 1985 by Shafi Goldwasser, Silvio Micali, and Charles Rackoff.
 A humorous paper titled *[How to Explain Zero-Knowledge Protocols to Your Children](https://pages.cs.wisc.edu/~mkowalcz/628.pdf)* gives a storybook explanation of how they work (who says academic papers can't be fun?).
 The main crux revolves around probability: if a party knows the proper way to get a result, they should be able to reliably get the correct answer.
 To borrow the cave explanation, imagine Alice and Bob have taken up cave exploration. They've found a cave in the shape of a loop with a magic door connecting each entrance together and Alice claims to know how to open it. However, she doesn't want Bob to know the secret to open the door.
 Alice, acting as the "Prover" goes into the cave. Bob, the "Verifier", stays outside and yells which side of the cave Alice should come out of. They repeat this many times. If Alice can reliably make it out of the correct side of the cave, then she must know how to open the magic door.
 ### BGW Protocol
 While the GMW protocol was a huge leap forward for MPC, there were still huge limitations. The garbled circuit protocol is limited to boolean logic gates which makes implementing many different common operations much more difficult. It also requires communication for every single gate, which is highly inefficient.
 The researchers Michael Ben-Or, Shafi Goldwassert, and Avi Wigderson in their paper *[Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computation](https://dl.acm.org/doi/pdf/10.1145/62212.62213)* made several advancements in the efficiency and robustness of MPC, moving it closer to being practical to use in the real world.
 #### Arithmetic Circuits
 Instead of boolean circuits, the BGW protocol uses arithmetic circuits. These allow for easier mathematical operations like multiplication and addition instead of being limited to logic gates on individual bits. This makes a huge difference in the amount of communication between parties and thus the efficiency of the protocol.
 #### Shamir's Secret Sharing
 The BGW protocol utilizes [Shamir's Secret Sharing](https://web.mit.edu/6.857/OldStuff/Fall03/ref/Shamir-HowToShareASecret.pdf), which relies on polynomials instead of addition. This allows for more efficiency in multiplication and allows for setting a threshold where only a certain number of shares need to be present in order to reconstruct the secret.
 #### Less Communication
 The BGW protocol doesn't require as much communication between parties, partly thanks to its use of Shamir's secret sharing which works well with arithmetic operations.
 Additionally, it doesn't require Oblivious Transfer or zero-knowledge proofs. Its use of Shamir's secret sharing and error correction codes instead provides the same properties in a more efficient way.
 ### Fairplay
 The field was further advanced by the introduction of the [Fairplay](https://www.cs.huji.ac.il/w~noam/FairplayMP.pdf) system.
 Up until this paper, MPC was limited to boolean circuits or arithmetic circuits: not exactly friendly if you're a programmer that's used to using higher level languages. Fairplay introduces a compiler, SFDL, which can compile higher level languages to boolean circuits and then securely computes the circuit.
 Fairplay also brings some advancements in efficiency. It utilizes constant rounds, with a fixed 8 rounds, reducing the communication overhead. It also uses the free XOR technique so that encryption operations don't have to be performed on XOR gates, improving efficiency.
 ### Real-World Usage
 As MPC saw gradual optimizations and improvements, it grew from an interesting thought experiment to something that could have real-world uses.
 #### Danish Sugar Beet Auction
 The first instance of MPC being used in a real-world scenario wouldn't occur until 2008.
 Denmark's sugar beet industry faced a problem: with the EU significantly reducing its financial support for sugar beet production, they needed to figure out what price the thousands of sugar beet farmers were willing to sell at, and which price the company that bought all the sugar beets would be willing to buy them at, a so-called "double auction" where the buyer and seller figure out the **market clearing price**, or the price at which demand meets supply most effectively.
 But who should be in charge of the auction? Farmers don't want to trust Danisco with their bids as it reveals information about each individual farmer's business. The farmers can't be in charge of it because they don't trust each other. They could use an external consulting firm, but then the entire operation would rely on that one firm's confidentiality and the reliability of their tools.
 The [solution](https://a.storyblok.com/f/266767/x/e4c85ffa34/mpc-goes-live_whitepaper_2008-068.pdf) was to use a "virtual auctioneer" that relied on MPC to fairly carry the auction out.
 It relied on three servers, with one representing each party: Danisco, DKS (the Danish sugar beet growers association), and The SIMAP project (Secure Information Management and Processing, a project sponsored by the Danish National Research Agency).
 The solution was so successful that it was used every year until 2015 when it was no longer needed. A survey of the farmers found that the vast majority found the system simplified the process of trading contracts and that they were satisfied with the level of confidentiality it provided.
 The first test run of MPC was a massive success and the potential was now proven.
 #### The Boston Women's Workforce Council
 In 2016, the [Boston Women's Workforce Council](https://www.boston.gov/sites/default/files/document-file-09-2017/bwwcr-2016-new-report.pdf) worked with 69 companies to investigate if women are paid the same as men.
 Using MPC, the companies were able to process their data without revealing the actual wages of any employees. The wage data of 112,600 employees was collected, representing about 11% of the Greater Boston workforce.
 You can read their detailed findings in the report, but they found that women were indeed being paid less than men: 77 cents for every dollar a man makes on average.
 It was reported in 2023 that thanks to this data, the Boston Women's Workforce Council was able to reduce the wage gap by 30%.
 #### Allegheny County
 In 2018, Allegheny County Department of Human Services partnered with the [Bipartisan Policy Center](https://bipartisanpolicy.org/press-release/bpc-partners-with-allegheny-county-on-new-privacy-preserving-data-project/) to implement MPC, allowing for private and secure sharing of county data on services to the homeless, behavioral health services, causes and incidence of mortality, family interventions, and incarceration.
 The experiment was considered a success, with a recommendation from the U.S. Commission on Evidence-Based Policymaking to further explore the use of MPC.
 ## MPC Today
 Today, the [MPC Alliance](https://www.mpcalliance.org) represents a collective of companies that have come together to advance the use of MPC.
 MPC is used for everything from [cryptocurrency](https://www.coinbase.com/learn/wallet/what-is-a-multi-party-computation-mpc-wallet) to HIPAA-compliant [medical](https://pmc.ncbi.nlm.nih.gov/articles/PMC6658266/) uses. There are ongoing efforts to [standardize](https://csrc.nist.gov/projects/threshold-cryptography) it from organizations like NIST, although it's a difficult proposition due to the sheer variation in MPC protocols and use cases.
 There's been research into using MPC for secure and [verifiably fair](https://eprint.iacr.org/2014/075.pdf) [electronic voting](https://arxiv.org/html/2205.10580v4), something that's much needed as countries move toward [electronic voting](https://worldpopulationreview.com/country-rankings/electronic-voting-by-country). It's important to not completely dismiss the march of technology, but these things should be implemented with the utmost caution and scientific rigor. I feel that implementing black-box electronic voting without open and provably secure technologies like MPC is irresponsible and endangers elections.
 MPC acts as an essential privacy tool in the toolbox. It intersects with other PETs like homomorphic encryption, a method of encrypting data in such a way that operations can still be performed on it without revealing the unencrypted data.
 MPC is just one tool among many that's reshaping the privacy landscape. I'm excited to see how it's used in the future and what new advancements it unlocks.
@@ -91,7 +91,7 @@ Developed and hosted by *XWiki* in Paris, France, **CryptPad** is a complete onl
 <div class="admonition recommendation" markdown>
-![Nextcloud logo](../assets/img/document-collaboration/nextcloud.svg){ align=right }
+![Nextcloud logo](../assets/img/self-hosting/nextcloud.svg){ align=right }
 **Nextcloud** is a suite of free and open-source client-server software for creating your own file hosting services on a private server you control.
@@ -0,0 +1,422 @@
 ---
 date:
    created: 2025-10-15T03:50:00Z
 categories:
    - Explainers
 authors:
    - em
    - jordan
 description:
    Real-name policies have existed for over a decade, but these problems have become exponentially harmful in today's world. It's time to fight back against this unsafe and discriminatory privacy-invasive practice.
 schema_type: AnalysisNewsArticle
 preview:
  cover: blog/assets/images/real-name-policies/realname-cover.webp
 ---
 # Real-Name Policies: The War Against Pseudonymity
 ![Filtered photo of a "Hello my name is" name-tag sticker on a street post. Over the space for the name is a black graffiti tag.](../assets/images/real-name-policies/realname-cover.webp)
 <small aria-hidden="true">Illustration: Em / Privacy Guides | Photo: Marija Zaric / Unsplash</small>
 Real-name policies have existed for well over a decade already, and the problems they cause aren't new. But these problems have become exponentially harmful in today's world, where real-name policies are coupled with monopolistic platforms, increased mass surveillance, AI technologies, and facial recognition capabilities. It's time to fight back against this unsafe and discriminatory privacy-invasive practice.<!-- more -->
 Pseudonymity, or the use of a nickname or fictitious name online, has always been deeply valued on the internet. It grants people protections and freedoms that are often impossible to benefit from offline.
 Women, and especially women who are part of male-dominated online communities, have regularly used pseudonyms to hide their gender online in order to protect themselves from sexual harassment, stalking, and physical violence even.
 Transgender and gender-diverse people also regularly use pseudonyms for protection, or use new chosen names to explore their gender identity online.
 Victims of domestic violence, victims of stalkers, activists, and even journalists often use pseudonyms to protect themselves from aggressors or oppressive regimes.
 **Pseudonymity saves lives.** And yet, it is constantly under attack.
 ## What are real-name policies exactly?
 <div class="admonition quote inline end" markdown>
 <p class="admonition-title">Increasingly more platforms demand that users provide their legal name and official identifications in order to keep using a platform.</p></div>
 So called "real-name" policies are platform policies requiring users and subscribers to sign up and display their "real name," often equated to a *legal* name.
 Facebook for example claims not to require a legal name, but only the "real" name a person uses in their daily life. Yet, the social media giant regularly demands official IDs to verify this "real" name, effectively requiring people associate their account with their *legal* identity.
 Facebook has even repeatedly taken the liberty to decide which name was "real", and changed the displayed name of users based on verification processes **without any prior consent from users**. For people in vulnerable situations, this can be a *very* dangerous practice.
 Facebook is perhaps the most infamous platform implementing such discriminatory and intrusive policy, but sadly, it's not the only one.
 <span class="pullquote-source">Increasingly more platforms demand that users provide their legal name and official identifications in order to keep using a platform.</span> And this will likely be aggravated significantly by the recent trend for [age-verification](https://www.privacyguides.org/videos/2025/08/15/age-verification-is-a-privacy-nightmare/) policies.
 ### Explicit and implicit policies
 There is always two levels of real-name policies: The name displayed publicly to everyone (explicitly required), and the name the platform has associated with the account in its database (implicitly associated).
 While a requirement to expose one's legal name publicly has clear privacy risks, storing legal names without displaying it to other users is also problematic.
 For explicit requirements, users who are obligated to display their legal name publicly are not only forced to create a permanent association of this account with their legal identity (with all the problems this can bring), but are also potentially exposing their identity and account to current or future attackers.
 For example, this can and does enable stalkers to find their victims online (and offline) to cause them harm.
 For implicit associations, as soon as a legal name is collected and associated with an account in the backend, whether from providing official documentation for age verification, account recovery, payment, or any other processes; this data is at risk of getting leaked or breached, and eventually shared publicly as well.
 Once this data is [exposed](https://discuss.privacyguides.net/t/discord-data-breach-customers-personal-data-and-scanned-photo-ids-leaked/31904), this account now also becomes permanently associated with a legal identity, publicly.
 Even without having an openly stated real-name policy, platforms collecting official documentation—or otherwise storing legal names associated with accounts—can effectively end up exposing their users to similar risks.
 ### What is a real name anyway?
 Of course, your true *real* name is whatever you decide others should call you. Only *you* can decide this, and others should be respectful of your choice.
 Your *legal* name, however, is a **data marker attached to your person that can be used to trace many of your activities online and offline**, with a high degree of precision going as far back as when you were born.
 For everyone, but especially for vulnerable communities, exposing legal names on certain platforms can represent a significant risk. The [use of pseudonymity](https://www.techradar.com/pro/vpn/using-your-real-name-on-social-media-heres-why-you-should-think-twice) is a critical part of online safety, and people should be able to continue using this protective measure without raising suspicion.
 ## Who is impacted the most by real-name policies?
 Everyone is impacted by real-name policies, but groups that are at higher risk of discrimination, violence, and online harassment are disproportionally harmed by them.
 Moreover, anyone who for various reasons uses a name that doesn't match their official ID; has a legal name that doesn't match an expected American name pattern; needs to conceal their gender online for safety; or has to protect their identity online due to their work as an activist, journalist, dissident, or whistleblower can be severely impacted, silenced, and even endangered by requirements to provide a legal name online.
 ### Victims of domestic violence
 For many people, using pseudonyms isn't just a good privacy practice, but it can be a matter of life and death.
 For anyone who is experiencing or has experienced domestic violence, creating a new online identity hidden from the perpetrator can be essential for survival, to prepare a safe escape, or to keep having access to essential support and resources.
 When people are forced to only use one identity online, an identity attached to their legal identity, this empowers aggressors to find their victims, to silence them, to control them, and to harm them.
 **Technologies and policies are never neutral.** When policies and features make it difficult or impossible for vulnerable people to use these technologies safely, they are effectively excluding vulnerable people from the platforms.
 Even if this might seem minor from the outside, when Big Tech becomes so monopolistic that it's almost impossible to fully avoid it in our daily lives, when someone cannot access social groups and support without a Facebook account, and can't find a new job without LinkedIn, then it's not just a minor problem anymore, it's a major problem.
 **Platforms and online services should be safely accessible to everyone.** And this includes allowing the use of protective pseudonymity without requiring legal identification that could put the most vulnerable in life-threatening situations.
 ### Victims of stalking
 Similarly to victims of domestic violence, victims of stalking must protect their identity online to stay safe from their stalkers. When platforms obligate people to use their legal names, explicitly or implicitly, they directly endanger these victims.
 If a stalker or an aggressor knows a victim's legal name (which is often the case), then it's trivial to find their account on any platforms and services, regardless of if they have blocked them on one.
 A good protection to prevent severe harassment is to create alternative accounts using a different name or different pseudonym unknown to the aggressor. This can give victims the peace of mind of knowing their stalker will not be able to find them there.
 For anyone tempted to argue real-name policies reduce the number of perpetrators, this isn't the case.
 Stalkers and predators of all kind feel generally quite comfortable using their own legal names, this isn't a problem for them. They feel confident knowing that victims generally have little recourses and support, and that there will be no consequences for them even when their legal name is known.
 Despite the claims, removing pseudonymity doesn't remove misbehavior online, this has been demonstrated [again](https://theconversation.com/online-abuse-banning-anonymous-social-media-accounts-is-not-the-answer-170224), and [again](https://theconversation.com/online-anonymity-study-found-stable-pseudonyms-created-a-more-civil-environment-than-real-user-names-171374), and [again](https://allabouteve.co.in/harassment-of-women-on-linkedin/). Real-name policies don't reduce crime, it only restricts the victims' ability to protect themselves from such crime.
 ### Activists and political dissidents
 <div class="admonition quote inline end" markdown>
 <p class="admonition-title">Pseudonyms are hardly modern phenomena, and it's fair to say democracy wouldn't exist without it.</p></div>
 For activists and political dissidents around the world, using pseudonymity online can be a way to reclaim freedom of speech and criticize power in a safer way. Under oppressive regimes, online privacy can mean life or death.
 This is another example showing how essential privacy rights are to democracy. **Real-name policies facilitate censorship, discrimination, and political repression.**
 A Honduran blogger using the pseudonym [La Gringa](https://lagringasblogicito.blogspot.com/2011/10/my-ripples-will-continue.html) used her blog and Facebook page to criticize the Central American government for years.
 Protecting her legal identity is essential to allow her to speak freely and stay safe from state repression. This isn't an exaggeration, Honduras is one of the most dangerous country for journalists. The Committee to Protect Journalists (CPJ) [recorded](https://latamjournalismreview.org/articles/almost-five-years-after-murder-of-honduran-journalist-gabriel-hernandez-authorities-still-waiting-for-results-of-their-investigations/) that 37 press workers were killed in the country between 1992 and 2023. Of these murders, 90% were unpunished.
 But Facebook silenced La Gringa with its real-name policy, requiring her to provide a copy of her official ID to continue advocating on the platform. Evidently, this request is asking her to put her life in danger and cannot be compromised on.
 Facebook's policy is essentially silencing any dissident and marginalized voices in oppressive regimes.
 By letting the community report infractions to Facebook's real-name policy, this effectively allows Facebook's rules to be weaponized against marginalized groups already plagued with constant discrimination.
 It also empowers abusers to silence their victims, and sides with oppressive regimes around the world to censor any critics they might have.
 As reporter Kevin Morris [commented](https://www.dailydot.com/news/la-gringa-facebook-ban-real-id-dangerous-honduras/) in his Daily Dot piece on the topic: <span class="pullquote-source">"Pseudonyms are hardly modern phenomena, and it's fair to say democracy wouldn't exist without it."</span>
 ### Women
 <div class="admonition quote inline end" markdown>
 <p class="admonition-title">A site which requires real/verified names is automatically flagging itself as a potentially/probably unsafe space for women, or for anyone else at risk of harassment, violence, job discrimination, and the like.</p></div>
 Women have long used pseudonyms on the internet in order to conceal their gender online, and spare themselves from the sexual harassment and discrimination omnipresent on some platforms. This is even more common in male-dominated communities like online gaming, for example.
 It's not rare to hear some people claiming that "there aren't any women in their online community." Well, there probably is.
 Platforms allowing pseudonyms foster a culture of inclusivity where everyone can participate free from discrimination, regardless of their gender. Real-name policies encourage the opposite: platforms where participants are forced to either endure the abuse and compromise their physical safety, or be excluded entirely.
 As pseudonymous author *skud* [wrote](https://geekfeminismdotorg.wordpress.com/2010/06/10/hacker-news-and-pseudonymity/) for the *Geek Feminism* blog in 2010:
 > [...] women online are regularly admonished to use pseudonyms to protect themselves. Many websites with a culture of pseudonymity [...] have a very high proportion of female members, perhaps in part because of the sense of privacy and security that pseudonymity brings. <span class="pullquote-source">A site which requires real/verified names is automatically flagging itself as a potentially/probably unsafe space for women, or for anyone else at risk of harassment, violence, job discrimination, and the like.</span>
 Women aren't exactly a minority group. While platforms should be inclusive to everyone of course, including minority groups, enforcing a policy that obligates roughly 50% of the population to lower its safety protections in order to participate should be obviously unacceptable.
 ### Indigenous people
 Notwithstanding its own policy, Facebook has regularly suspended accounts with legal names wrongly targeted as fake, based on criteria rooted in colonialism. Indigenous communities have been exceedingly impacted by Facebook's real-name policy, despite following all the platform's rules as requested.
 In 2009, Facebook abruptly [cut off account access](https://ictnews.org/archive/facebook-no-friend-to-american-indian-names/) to an Indigenous American woman named Robin Kills The Enemy, wrongly accusing her of registering under a false name. But her name was authentic, and indeed her *legal* name.
 Facebook eventually reinstated her account, but only after a long process where she had to modify the spelling.
 The burden shouldn't be on Indigenous people to have to prove their identity just because a US-based corporation can't seem to understand the global diversity of naming conventions.
 Following Kills The Enemy's experience, a journalist started a Facebook group called "Facebook: don't discriminate against Native surnames!!!" that was joined by over a thousand people only a few days after its creation. Many users shared similar experiences and questioned the platform's treatment of Indigenous surnames.
 Another woman named Melissa Holds The Enemy described a month-long process to recover her account.
 An Indigenous man named Oglala Lakota Lance Brown Eyes had his account [suspended](https://colorlines.com/article/native-americans-say-facebook-accusing-them-using-fake-names/) by Facebook demanding his "real" name.
 After Brown Eyes sent all the required proofs, Facebook decided without warning to Americanize his displayed name to "Lance Brown." **This is blatant racism.**
 His name was eventually corrected and Facebook apologized, but only after Brown Eyes threatened the company with a class action lawsuit.
 Dana Lone Hill also got her account suspended because of her Indigenous surname, and was forced to go through Facebook's intrusive verification process in order to recover her account.
 The list goes on and on. Indigenous people have been forced by Facebook to modify and Americanize their *actual legal names*.
 Many were forced to add hyphens, change the alphabet used, smash words together, or even remove parts of their legal name in order to please Facebook's arbitrary preferences, ignoring its own "real-name" policy.
 This is yet another demonstration of systemic racism perpetrated by a monopolistic corporation quick to ignore the human rights and diversity of its users.
 ### People with non-Anglophone names
 In another case, a woman from Japan named Hiroko Yoda [wasn't able to sign up](https://www.telegraph.co.uk/news/newstopics/howaboutthat/2632170/Woman-called-Yoda-blocked-from-Facebook.html) for a Facebook account due to her surname.
 Despite being a common surname in Japan, it seems Facebook judged it more important to ban anyone trying to "impersonate" the popular Star Wars character.
 Of course, the Star Wars character uses a Japanese name because its creator has drawn [inspiration](https://en.wikipedia.org/wiki/Yoda#Creation) from the Japanese culture. But Facebook still seems to somehow think that Star Wars comes first, and Japanese people must pay the price for daring to share a surname with the American Jedi.
 A Facebook user from Hawaii named Chase Nahooikaikakeolamauloaokalani Silva also had his account suspended despite using his legal name.
 As a proud Hawaiian, it was important for him to be able to display his Hawaiian given name. But Facebook just didn't like his *legal* name.
 Silva reported to [HuffPost](https://www.huffpost.com/entry/facebook-chase-nahooikaikakeolamauloaokalani-silva_n_5833248) that "Facebook should not be able to dictate what your name is, what you go by, what you answer to," and he's right.
 More broadly, Facebook's policy [prohibits](https://en.wikipedia.org/wiki/Facebook_real-name_policy_controversy) name with "too many" words, capital letters, or first names with initials. This assumes the default for names is the Americanized format of one first name, one (short) middle name, and one last name.
 But this isn't a reality for most of the world. This extremely narrow vision of what a name should look like and how it should be formatted isn't compatible with many if not most cultures.
 It's unbelievable (and unacceptable) that a platform with an estimated 2.28 billion active users, who seems to want to eat even more of the world every year, is being so ignorant of non-American cultures and global naming conventions in its policies and practices.
 ### The transgender community
 For transgender and gender-diverse individuals, their legal name may be a "[dead name](https://en.wikipedia.org/wiki/Deadnaming)." A dead name is a name that they were assigned at birth but no longer identify with. Commonly, transgender people change their name as part of their gender transition.
 In many countries around the world, there can be many bureaucratic hurdles required to change one's name, meaning that many trans people are unable to update their legal name to reflect their gender identity. Because they no longer identify with their dead name, keeping it private is of great importance for their mental health and safety.
 <div class="admonition quote inline end" markdown>
 <p class="admonition-title">23% of LGBTQ+ young people reported that they have been physically threatened or harmed in the past year due to either their sexual orientation or gender identity.</p></div>
 Referring to a trans person with their dead name is considered offensive and often involves misgendering someone too. For transgender people, being called a name that they no longer identify with invokes feelings of depression, anxiety, gender dysphoria, and lack of acceptance.
 Using someone's dead name signals that you don't respect their identity and that you don't care about them enough to use their new name.
 Unfortunately, transgender people still face widespread discrimination, that's why "dead naming" can be incredibly dangerous. Revealing someone's gender identity or sexuality without their consent is called "outing". By calling someone by their dead name, you may be inadvertently revealing someone is transgender. This can be not only traumatizing and frightening for the individual, but can also lead to violence or put this person in a dangerous situation.
 The Trevor Project, a non-profit LGBTQ+ organization, conducts a yearly [survey](https://www.thetrevorproject.org/survey-2024/?_hsmi=305272848) on LGBTQ+ youth across the United States. In their 2024 release, they found that <span class="pullquote-source">"23% of LGBTQ+ young people reported that they have been physically threatened or harmed in the past year due to either their sexual orientation or gender identity."</span>
 This is why when real-name policies come in, requiring transgender people to use their legal name for their social media accounts, this could force them to "come out" by displaying a name that they no longer identify with, therefore revealing they are transgender. The National LGBTQ Institute on Intimate Partner Violence [describes](https://lgbtqipvinstitute.org/coming-out-safely/) "coming out" as an "ongoing process, by which a person shares aspects of their identity with others."
 Having aspects of their identity shared without their consent can put this person in significant physical danger because of unsupportive family members, friends, colleagues, and strangers. This is especially the case with LGBTQ+ youth, who are at heightened risk of online, verbal, physical harassment, or violence due to their identity.
 Coming out can be a very daunting and scary process, particularly for transgender and gender-diverse people, and often can be an ongoing process over many years. In many cases, LGBTQ+ people choose instead to [hide their identity](https://www.stonewall.org.uk/news/new-research-shows-almost-40-of-lgbtq-employees-still-hide-their-identity-at-work) at social and work gatherings.
 Platforms that enforce real-name policies take away the essential ability to control when and how that process plays out are nothing short of abusive. This might sound hyperbolic, however, "outing" is often used as a mean of control in abusive relationships to coerce an LGBTQ+ individual. The fact that social media platforms are exhibiting similar behavior is alarming.
 Unfortunately, many websites don't allow updating the name attached to an account easily, often requiring to provide legal documentation showing proof that the name has been legally changed.
 Having to provide your identification documents to use a website is not only terrible for your privacy, as it links your real life identity to your online account, it also puts your identity at risk.
 Companies that process and verify identity documents are at a much higher risk of being targeted by malicious actors, because of the sensitive information they store and process.
 One of the worst offenders of this is Facebook. They require everyone that signs up to use their legal name for their profile, and claim that this is to ensure safety on the platform so that everyone knows who they are talking to is who they say they are.
 Many transgender and gender-diverse people use aliases on social media platforms to protect their identities and the identities of those around them, because they are more likely to be harassed or doxxed. Facebook's real-name policy has unforeseen consequences for these people, as one transgender Facebook user [found out](https://www.dailydot.com/news/facebook-real-names-cracking-down-transgender/):
 > I woke up to find my Facebook account deleted. [...] I have had a Facebook since about 2007 or 2008. Other than when I was a kid and was afraid my parents would find out about my account (causing me to use an alias for a little while), my profile always bore my legal name. A week or so ago, however, I changed my display name to "Arc Angel."
 Finally, because of the discrimination and danger that transgender people face in the real world, they often find refuge in online and internet communities. According to a report by [Hopelab](https://assets.hopelab.org/wp-content/uploads/2025/03/2025-Without-It-I-Wouldnt-Be-Here.pdf) of LGBTQ+ youth:
 > Transgender young people more often agree that their online communities and friendships were important or very important (84%) when they began to explore their sexuality or gender compared to cisgender LGBQ+ young people (71%).
 This is why it’s so important that they are able to freely express themselves with a pseudonymous or anonymous identity. If every online platform required these users to use their legal name, this would be extremely dangerous for transgender and gender-diverse people who often rely on online spaces for community, friendship, and support.
 ### LGBTQ+ people
 Moreover, real-name policies disproportionately affect LGBTQ+ people, as they often prefer to not associate their legal name with their online activities. This is especially important for people living in countries where LGBTQ+ identities are [criminalized by law](https://en.wikipedia.org/wiki/Criminalization_of_homosexuality), meaning they can be jailed (or worse) if they associate their online activities with their real life identity.
 Unfortunately, it gets even worse: harassers and trolls have weaponized Facebook's real-name policy, and are using it to silence their victims by mass reporting them as using a fake name.
 In an [open letter](https://www.eff.org/document/open-letter-facebook-about-its-real-names-policy) to Facebook about its real-name policy in 2015, many LGBTQ+ and digital rights organizations warned Facebook that this was being used to silence LGBTQ+ people:
 > Facebook users in the global LGBTQ community, South and Southeast Asia and the Middle East report that groups have deliberately organized (sometimes even coordinating via Facebook) to silence their targets using the "Report Abuse" button.
 Despite all the recommendations and warnings by LGBTQ+ organizations and digital rights groups more than ten years ago, Facebook is still standing strong in its intention to keep the platform a "real name" only space.
 Their help center still [states](https://www.facebook.com/help/229715077154790/Names+allowed+on+Facebook/) that you can only use a name that appears on your official identification documents:
 > The name on your profile should be the name that your friends call you in everyday life. This name should also appear on a form of ID or document from our ID list.
 Many platforms have been trying to improve the way they handle this and allow for users to select a preferred name that is displayed instead of their legal name. This is an improvement, however it isn't without issues.
 Platforms shouldn't require you to provide your legal name to begin with.
 ### Stage performers and small businesses
 In 2014, Facebook made the news for ramping up its real-name policy and suspending hundreds of accounts from marginalized and vulnerable people (more on this in the [next section](#facebook)). The platform was heavily criticized, and Facebook eventually reinstated many banned accounts.
 At the time, drag performers were [severely impacted](https://www.cnn.com/2014/09/16/living/facebook-name-policy/) by the policy purge. Drag queen and activist Sister Roma reported having to change her Facebook profile to a legal name she had not used publicly for 27 years.
 Retired burlesque dancer Blissom Booblé explained that using a pen name on Facebook was essential to continue her advocacy for LGBTQ+ homeless youth and to raise HIV awareness while staying free from discrimination at her workplace.
 Drag queen Ruby Roo reluctantly complied with Facebook's policy in order to keep contact with his friends, but expressed concerns that people would not recognize him under his legal name. If nobody ever calls you by your legal name, does this still even count as your "real" name?
 During an earlier purge in 2009, small-business entrepreneur Alicia Istanbul [suddenly lost access](https://www.sfgate.com/business/article/Real-users-caught-in-Facebook-fake-name-purge-3231397.php) to both her personal Facebook account and her jewelry design business page. Once this happens, the burden falls on users to carry on the lengthy and intrusive verification process to restore their accounts.
 **There is no innocent until proven guilty with Big Tech.** This can represent significant losses in time and money for small businesses.
 Additionally, many professionals such as teachers, doctors, therapists, and social workers regularly use pseudonyms so that clients and patients will not be able to find their personal accounts.
 Everyone should have the right to separate their professional lives from their personal lives, and [using pseudonyms is a great practice](stay-safe-but-stay-connected.md/#pseudonymity) to this effect.
 ### Everyone else
 Finally, everyone can be impacted negatively by real-name policies, not only marginalized or vulnerable groups.
 Everyone should be able to choose the protections necessary for themselves, according to their own and unique [threat model](https://www.privacyguides.org/en/basics/threat-modeling/). If someone decides it's safer or more comfortable for them to use a platform under a pseudonymous account, they should be able to do so freely.
 Privacy is a basic human right, and it should be accessible to all without requiring any justification.
 The normalization of real-name policies online, aggravated by the growing identity and age verification industry, will have devastating consequences for everyone, and for democracies everywhere. **Real-name policies are authoritarian in nature and have a chilling effect on freedom of speech and other civil liberties.**
 If we value privacy as a human right, we must push back against real-name policies, especially on social media.
 ## Where are real-name policies?
 About ten years ago, pseudonymity became a heated news topic during the so-called [Nymwars](https://en.wikipedia.org/wiki/Nymwars), the wars against pseudo*nyms*.
 The term mostly refers to a series of conflicts related to real-name policies in the 2010s. It emerged in relation to waves of policy enforcement from Facebook, Google, and the video-game giant Blizzard.
 With the increasing push for age verification and "human authentication" online, the Nymwars are sadly likely to make a comeback very soon. And for some platforms, the war just never stopped.
 Sometimes, your legal name might be required online of course. For example, for governmental and financial services. But way too many platforms and services collect legal names when there really isn't any strong justifications for it.
 While Facebook was mentioned abundantly in previous examples, this problem isn't limited to Meta's social media. You've probably encountered real-name policies everywhere already, but here are some platforms (and even countries) that have been infamous for it:
 ### Facebook
 In 2014, Facebook [made the news](https://www.aclunc.org/blog/my-name-why-aclu-facebook-today) (again) for enforcing a [horrible policy](https://www.zdnet.com/article/facebook-nymwars-disproportionately-outing-lgbt-performers-users-furious/) (again) that was [hurting](https://www.eff.org/deeplinks/2014/09/facebooks-real-name-policy-can-cause-real-world-harm-lgbtq-community) marginalized and vulnerable groups the most ([again](https://www.hrc.org/news/metas-new-policies-how-they-endanger-lgbtq-communities-and-our-tips-for-staying-safe-online)).
 Several human rights groups, including the Electronic Frontier Foundation, Human Rights Watch, and Access Now even joined the [Nameless Coalition](https://www.accessnow.org/nameless-coalition-calls-on-facebook-to-change-its-real-name-policy/) to demand changes to Facebook's policy.
 Facebook presented this ramping up of their real-name policy enforcement as something important for "authenticity" online. Despite this dubitable claim, Facebook was in all likelihood simply worried about protecting its financial assets, as ever.
 Back in 2012, Facebook's share price plummeted after a quarterly filing with the Securities and Exchange Commission [revealed](https://www.theguardian.com/technology/2012/aug/02/facebook-share-price-slumps-20-dollars) that an estimated 8.7% of accounts on the platform may be fake, and 5% of active accounts were duplicates (numbers that aren't really that alarming, actually). But this backlash from investors evidently scared Facebook enough to justify intensifying its policy enforcement for accounts using pseudonyms, or suspected of being fake, presumably in an attempt to soothe shareholders.
 Despite the unpopularity of these policies, the real customer for Facebook isn't its users, but its advertisers (who demand access to your data, Facebook's true product).
 Advertisers want some assurance that they are paying for *real* humans to see their ads, otherwise this diminishes Facebook's value to them. **It's important to remember that Facebook is, and has always been, an advertising company.**
 Despicably, Facebook even [encouraged](https://thenextweb.com/news/facebook-now-wants-snitch-friends-arent-using-real-name) people to "snitch on [their] friends if they are not using their real name."
 > Please help us understand how people are using Facebook. Your response is anonymous and won't affect your friend's account. Is this your friend's real name?
 This kind of prompt fosters mistrust and allows users to weaponize policies against people they simply don't like. Victims of these "report attacks" are often the most vulnerable and the most marginalized in our society. **Real-name policies have nothing to do with safety, in fact, they're horrible for safety.**
 A decade later, Facebook still encourages and enforces its real-name policy in order to protect its most valuable asset to sell: Your personal data.
 ### LinkedIn
 LinkedIn is another well-known platform that enforces a real-name policy.
 The employment-oriented social media states in its [User Agreement](https://www.linkedin.com/help/linkedin/answer/a1337288/names-allowed-on-profiles) that "LinkedIn does not allow members to use pseudonyms, fake names, business names, associations, groups, email addresses, or special characters that do not reflect your real or preferred professional name."
 It's unclear how LinkedIn would enforce or verify what is an allowed "preferred professional name."
 Although this might make slightly more sense on a platform focused on employment, the policy still excludes some professionals and industries that regularly work using pseudonyms, such as performers, writers, visual artists, activists, and privacy advocates even.
 Additionally, the platform uses the same colonialist discrimination as Facebook, assuming that all names worldwide are composed of "first, middle, and last names" only.
 ### Google, Quora, and Blizzard abandoned their policies
 Google made the news in 2011 when it started implementing and enforcing its own real-name policy for its (now defunct) social media platform Google+, and by proxy for YouTube accounts when Google [migrated](https://www.theguardian.com/technology/2014/jul/16/youtube-trolls-google-real-name-commenter-policy) YouTube comments to a Google+ system in 2013.
 The policy was [largely criticized](https://www.eff.org/deeplinks/2011/07/case-pseudonyms) after a wave of account suspensions, where some famous accounts were banned. In July 2014, Google [abandoned](https://en.wikipedia.org/wiki/Nymwars#Google) the policy altogether and removed restrictions on account names.
 The question-answering social platform Quora also enforced a real-name policy for a long time.
 Verification wasn't required, but names deemed "false" could be reported by the community. Again, this kind of reporting system facilitates abuse by allowing the weaponization of platform policies against marginalized groups.
 Thankfully, Quora [eliminated](https://quorablog.quora.com/Allowing-everyone-to-contribute-to-Quora) the requirement to use a "real" name in 2021, and now allows users to register with protective pseudonyms.
 The video-game developer Blizzard Entertainment spawned strong criticism online when the company [announced](https://en.wikipedia.org/wiki/Blizzard_Entertainment#Privacy_controversy_and_Real_ID) in 2010 that it would be implementing a real-name policy for Blizzard's forums.
 Gamers were not amused. The community came together to fight back in force against the announced policy. Game magazines and forums were inundated with replies and condemnations.
 At one point, a Blizzard employee trying to demonstrate that the policy "wasn't a big deal" willingly shared his real name on a public post. After this revelation, forum members started to post the employee's personal information, including his phone number, age, picture, home address, and even information related to his family members.
 Other members were quick to share their own experiences and show how [unsafe](https://web.archive.org/web/20100628055329/http://ve3d.ign.com/articles/news/55728/Is-Blizzards-Real-ID-Safe-Or-A-Playground-For-Sexual-Deviants) a real-name policy would be. Following the powerful community backlash, Blizzard decided to cancel its plan for the invasive policy.
 ### South Korea
 <div class="admonition quote inline end" markdown>
 <p class="admonition-title">Despite the enforcement of the system, the number of illegal or malicious postings online has not decreased.</p></div>
 Terrifyingly, whole countries have enforced real-name policies online. In 2007, South Korea [implemented](https://www.koreatimes.co.kr/southkorea/20120823/online-real-name-system-unconstitutional) a name registration system for internet users in compliance with the country's Information Communications Law.
 The law was initially enforced in an attempt to reduce malicious comments online, but **was later ruled unconstitutional and revoked in 2012**.
 The Constitutional Court said in its verdict that "the system does not seem to have been beneficial to the public. <span class="pullquote-source">Despite the enforcement of the system, the number of illegal or malicious postings online has not decreased.</span>"
 ### China
 Sadly, not every country implementing such a system came to the same conclusion.
 In China, the [Internet real-name system](https://en.wikipedia.org/wiki/Internet_real-name_system_in_China) obligates all internet service providers and online platforms to collect users' legal names, ID numbers, and more. This affects services such as internet access, phone service, social media, instant messaging, microblogging, and online gaming.
 In 2023, large Chinese platforms announced that they would make public the legal names of any accounts with over 500,000 followers.
 In July 2025, China centralized this control further with the launch of the [national online identity authentication](https://en.wikipedia.org/wiki/National_online_identity_authentication) system, which requires citizens to submit their personal information in order to receive an "Internet certificate" to access online accounts.
 This effectively imposes a real-name policy on *all* internet services in the country, and makes this information accessible at all time by the government.
 The new national cyber ID system has been [criticized](https://www.scmp.com/tech/tech-trends/article/3318302/china-rolls-out-voluntary-cyber-id-system-amid-concerns-over-privacy-censorship) over privacy and censorship concerns.
 So far, it is not mandatory to share identity through the national online identity authentication (although services are still obligated to identity their users in other ways).
 However, in a country where freedom of speech and access to information is increasingly restricted, it's easy to imagine the national real-name system could become obligatory everywhere soon.
 ## Real-name policies don't make the web safer
 It has been demonstrated again and again that real-name policies do not reduce abuse and misbehavior online, and only end up harming the most vulnerable.
 Despite the evidence and failed attempts, platform owners and policymakers obstinately continue to push for the implementation of these dangerous, authoritarian systems.
 Platforms will often claim these policies are to protect users from harassment, but when action is required to truly protect users they refuse to act. Facebook, the most infamous platform for enforcing its real-name policy, [ranks the *worst* for online harassment](https://www.theverge.com/news/713976/online-harassment-meta-social-media-environmental-activists).
 So, who are these real-name policies truly protecting?
 It's clear that, as is the case for other oppressive policies such as [Age Verification](age-verification-wants-your-face.md) and [Chat Control](chat-control-must-be-stopped.md), "safety" is only an excuse for people to accept what this is truly about: **Corporate profit and government control.**
 Unfortunately, as long as these platforms' business model is to sell users' data to advertisers and other stakeholders, there is no incentive for them to protect our privacy and our right to use protective pseudonyms, as the EFF's Director of Cybersecurity Eva Galperin aptly pointed out in her [talk](https://www.youtube.com/watch?v=d5czLwsa-wE) at the HOPE conference in 2012. **More data just means more money to them.**
 When governments impose similar invasive practices, it's a **dangerous and slippery slope towards totalitarianism**.
 Citizens need to be able to express their views freely online and criticize their government and its leaders without fear of reprisal. Real-name policies (explicit and implicit) are only a tool for censorship, and there is no democracy and no freedom under government censorship.
 Fighting against policies attacking online pseudonymity, such as real-name policies, age-verification policies, and Chat Control proposals, isn't just a banal fight to keep using silly nicknames online. It's a battle for democracy, for civil liberties, and for human rights.
 ## What you can do about real-name policies
 - [**Choose better platforms**](https://news.elenarossini.com/my-fediverse-starter-guide) that do not require you to share your legal name and official IDs, such as [Mastodon](mastodon-privacy-and-security.md) or other platforms connected to the Fediverse.
 - [**Inform yourself**](https://safetycrave.com/why-should-not-use-real-names-online/) on the dangers related to using legal names online, and share this information with others.
 - [**Say no**](you-can-say-no.md) to sharing official documentation with commercial platforms when it isn't strictly required and when you can avoid it.
 - [**Understand the difference**](https://www.privacyguides.org/videos/2025/03/14/stop-confusing-privacy-anonymity-and-security/) between privacy, security, anonymity, and pseudonymity.
 - [**Use pseudonyms**](stay-safe-but-stay-connected.md/#practices-and-tools-that-help-in-various-contexts) on platforms where you can. Use a pseudonym persistent across platforms if you want these accounts to be linked together for trust, or use different pseudonyms to keep them separated.
 - **Make your voice heard!** Contact your government representatives to let them know that privacy is important to you, and explain to them that pseudonymity is essential for safety, democracy, and free speech online. Complain against platforms using these invasive and exclusionary practices. Citizen action matters, and abusive policies can be reversed.
 <div class="admonition info" markdown>
 <p class="admonition-title">Remember that pseudonymity isn't anonymity</p>
 Keep in mind that only using a pseudonym isn't enough to make you anonymous online. There are many other ways to tie an identity together, such as IP addresses, [browser fingerprinting](https://www.privacyguides.org/videos/2025/09/12/what-is-browser-fingerprinting-and-how-to-stop-it/), photo comparison, facial recognition, and so on and so forth. Pseudonymity is a great practice to *improve* your privacy and safety online, but alone it does have limitations.
 </div>
@@ -6,7 +6,7 @@ categories:
    - News
 authors:
    - em
-description: Last week, OpenAI's CEO Sam Altman announced in San Francisco that the World project he co-founded, formerly known as Worldcoin, is opening six stores across the United States, allowing users of the project's app to scan their eyeballs.
+description: Last week, OpenAI's CEO Sam Altman announced in San Francisco that the World project he co-founded, formerly known as Worldcoin, is opening six stores across the United States, allowing users of the project's app to scan their eyeballs. This is worrisome, to say the least.
 schema_type: AnalysisNewsArticle
 preview:
  cover: blog/assets/images/sam-altman-wants-your-eyeball/orb-cover.webp
@@ -5,7 +5,7 @@ categories:
    - Opinion
 authors:
    - em
-description: Increasingly, surveillance is being normalized and integrated in our lives. Under the guise of convenience, applications and features are sold to us as being the new better way to do things. While some might be useful, this convenience is a Trojan horse. The cost of it is the continuous degradation of our privacy rights, with all that that entails.
+description: Increasingly, surveillance is being normalized and integrated in our lives. Under the guise of convenience, applications and features are sold to us as being the new better way to do things. But this convenience is a Trojan horse.
 schema_type: OpinionNewsArticle
 preview:
  cover: blog/assets/images/selling-surveillance-as-convenience/surveillance-cover.webp
@@ -0,0 +1,94 @@
 ---
 date:
  created: 2025-09-16T18:00:00Z
 categories:
  - Opinion
 authors:
  - ptrmdn
 description: In 2020, London police failed to save two sisters in life, then violated their privacy in death. This is a call to arms for posthumous privacy rights.
 schema_type: OpinionNewsArticle
 preview:
  cover: blog/assets/images/the-fight-for-privacy-after-death/cover.webp
 ---
 # Ghosts in the Machine: The Fight for Privacy After Death
 ![](../assets/images/the-fight-for-privacy-after-death/cover.webp)
 <small aria-hidden="true">Photo: Panyawat Auitpol / Unsplash</small>
 In the early hours of 6 June 2020, Nicole Smallman and her sister Bibaa Henry had just finished celebrating Bibaa's birthday with friends in a park in London. Alone and in the dark, they were both [fatally and repeatedly stabbed](https://en.wikipedia.org/wiki/Murders_of_Bibaa_Henry_and_Nicole_Smallman) 36 times.<!-- more -->
 <div class="admonition note inline end" markdown>
 <p class="admonition-title">Guest Contributor</p>
 Please welcome Peter Marsden as a first-time guest contributor! Privacy Guides does not publish guest posts in exchange for compensation, and this tutorial was independently reviewed by our editorial team prior to publication.
 </div>
 But the police didn’t just fail them in life—they failed them in death too. PC Deniz Jaffer and PC Jamie Lewis, both of the Metropolitan Police, [took selfies](https://www.theguardian.com/uk-news/2021/dec/06/two-met-police-officers-jailed-photos-murdered-sisters-deniz-jaffer-jamie-lewis-nicole-smallman-bibaa-henry) with the dead bodies of the victims, posting them on a WhatsApp group. And no privacy laws prevented them from doing so.
 This horrific case is just one in the murky, often sinister realm of posthumous privacy. In the UK, Europe, and across the world, privacy protections for the dead are at best a rarity—and at worst, a deep moral and societal failing that we cannot and must not accept.
 Let’s take a step back. The case of the Smallmans starkly draws attention to the denial in death of guarantees to the living.
 <div class="admonition quote inline pullquote" markdown>
 <p class="admonition-title">This abrupt collapse in privacy rights leaves the deceased and their families <small>[...]</small> newly vulnerable, and at a time when they are already utterly broken.</p>
 </div>
 As a *Privacy Guides* reader, you are no doubt aware that the UK and Europe have firm privacy protections in *The General Data Protection Regulation* (GDPR) and Article 8 of the *European Convention on Human Rights* (ECHR).
 However, the picture elsewhere is less clear, with a challenging patchwork of laws and regional statutes being the only protection for those in the US and much of the rest of the world. And once you die? Almost universally, these protections [immediately cease](https://gdpr-info.eu/recitals/no-27/).
 Here the problem begins. <span class="pullquote-source">This abrupt collapse in privacy rights leaves the deceased and their families—like the Smallman family—newly vulnerable, and at a time when they are already utterly broken.</span>
 In the absence of law comes the pursuit of it, against a backdrop of flagrant privacy violations. What this pursuit means, in practical terms, is that two primary categories of posthumous privacy dominate legal debate: the medical, where the law has intervened tentatively, and the digital, where it simply hasn’t kept up.
 Medical protections are tentative because of piecemeal development. Typically involving legal workarounds, they offer rare precedent for what might happen to your digital ghosts now and in the future, with the only clear trend being a reluctance to protect.
 That said, the US is one country that has taken measures to protect the medical privacy of the dead. The *Health Insurance Portability and Accountability Act* (HIPAA) dictates that 50 years of protection must be given to your personally identifiable medical information after you die.
 Except there’s a catch. State laws also apply, and state laws differ. In Colorado, Louisiana, and many others, its efficacy is severely challenged by laws dictating the mandatory release of information regarded as public—including autopsy reports and even [your genetic information](http://dx.doi.org.ezp.lib.cam.ac.uk/10.1177/1073110516654124).
 In lieu of any protections, surviving relatives in Europe have found some success claiming that their own Article 8 rights—that ECHR right to privacy—have been violated through disclosures or inspections related to their deceased.
 In one case, Leyla Polat, an Austrian national, suffered the awful death of her son just two days after birth following a cerebral hemorrhage. The family refused a postmortem examination, wanting to bury their child in accordance with Muslim beliefs; but doctors insisted it take place, covertly removing his internal organs and filling the hollows with cotton wool.
 When this was discovered during the funeral rites, the boy had to be buried elsewhere, and without ceremony. After several court cases and appeals, The European Court of Human Rights [found](https://hudoc.echr.coe.int/rum#%7B%22itemid%22:%5B%22002-13361%22%5D%7D) that Leyla’s Article 8 and 9 rights had been violated.
 As an aside: Stalin’s grandson [tried the same Article 8 route](https://hudoc.echr.coe.int/eng#%7B%22itemid%22:%5B%22001-150568%22%5D%7D) in relation to reputational attacks on his grandfather, reflecting attempts to apply the workaround more widely.
 It’s not that there hasn’t been some progress. The fundamental problem is that protections—already sparse—are only as good as their material and geographic scopes, their interactions with other laws, and how they are interpreted in a court.
 Nowhere is this more apparent than in the case of the Smallman sisters. Judge Mark Lucraft KC [found](https://www.judiciary.uk/wp-content/uploads/2022/07/R-v-Jaffer-Lewis-sentencing-061221.pdf) that PCs Jaffer and Lewis, in taking selfies with the murdered victims, had:
 > *“…wholly disregarded the privacy of the two victims of horrific violence and their families for what can only have been some cheap thrill, kudos, a kick or some form of bragging right by taking images and then passing them to others.”*
 Yet this acknowledgement of privacy violation is precisely just that. The crime the officers committed was misconduct in public office; they were not convicted on the basis of privacy law. That sense of progress—that we might be beginning to recognize the importance of posthumous privacy—has all but gone out of the window.
 That does not leave your digital privacy in a good place. Whatever little protection you may be able to tease out for our medical privacy far, far exceeds the control you have over your virtual ghosts. And with AI just about everywhere, the prospects for your data after death are terrifying.
 <div class="admonition quote inline end pullquote" markdown>
 <p class="admonition-title">Account deleted or not, our ghosts will all be stuck in the machine.</p>
 </div>
 We’ve already established that data protections for the living—such as GDPR—expire at death. The simple reality is that dying places your data at the mercy of large technology corporations, and their dubious afterlife tools.
 Even if you trust such tools to dispose of or act on our data, there is a disconnect between demand and take-up. A [study of UK nationals](https://www.tandfonline.com/doi/full/10.1080/13600869.2025.2506164#abstract) found a majority that wanted their data deleted at death were unaware of the tools, with large tech companies unwilling to share any details on their uptake. Reassuring stuff.
 But the reality is, you shouldn’t. You’ll recall that [deletion doesn’t usually mean deletion](https://www.privacyguides.org/en/basics/account-deletion/), and after death even GDPR can’t force big tech to delete the data of those lucky enough to have benefited from it. <span class="pullquote-source">Account deleted or not, our ghosts will all be stuck in the machine.</span>
 Recent reports have acknowledged dire possibilities. Almost worldwide, you can [legally train AI models on the data of a deceased person](https://www.reuters.com/article/world/data-of-the-dead-virtual-immortality-exposes-holes-in-privacy-laws-idUSKBN21Z0NE/) and recreate them in digital form—all without their prior consent. Organizations exist purely to scour your social media profiles and activity for this exact purpose. Your ghost could be used to generate engagement against your will, disclosing what you tried to hide.
 You may ask: why should the law care? Why indeed, when it deems we [cannot be harmed](https://doi.org/10.1093/acprof:oso/9780199607860.003.0003) after death. To argue thus is to miss the point. **A lack of privacy after death harms the living, often in ways others cannot see.**
 The effect of [postmortem anxiety](https://www.tandfonline.com/doi/full/10.1080/17577632.2024.2438395#d1e120) is a real one that deeply troubles individuals wishing to keep a part of them hidden from public—or even family—view, whether it be it an [illicit affair](https://www.cardozoaelj.com/wp-content/uploads/2011/02/Edwards-Galleyed-FINAL.pdf) or whatever else. Revelation at the point of death can be just as harmful to those still alive.
 There is cause for optimism. Article 85 of the *French Data Protection Act* allows you to include [legally enforceable demands concerning your personal data](https://www.cnil.fr/fr/la-loi-informatique-et-libertes#article85) in your will. This is truly a landmark piece of legislation by the French that indicates what the global direction of travel should be, and what we should ultimately demand: protections for the dead, by the dead.
 But even more urgently, we must demand that governments across the world introduce even the most basic legal framework for postmortem privacy that protects you, your family, and community from egregious harm.
 The Smallmans deserved dignity, and so does everyone else in death. The law must catch up.
 ---
 *This article hasn’t even begun to scratch the surface of the complexity of postmortem privacy, and there are innumerable relevant cases and laws that simply wouldn’t fit. If the topic has caught your interest, and you’d like to dig in more, [this white paper](https://doi.org/10.1016/j.clsr.2022.105737) by Uta Kohl is a good starting point.*
@@ -5,7 +5,7 @@ categories:
    - News
 authors:
    - em
-description: Privacy is intrinsically intertwined with politics. Each change in governance can have serious effects on privacy rights and privacy tools, for better or for worse. Let's examine with concrete examples how politics affect legislations that can have an immense impact on the privacy tools and features we use.
+description: Privacy is intrinsically intertwined with politics. Each change in governance can have substantial effects on privacy rights and privacy tools. Using concrete examples, we examine how politics can impact the tools we use.
 schema_type: NewsArticle
 preview:
  cover: blog/assets/images/the-future-of-privacy/cover.webp
@@ -5,7 +5,7 @@ categories:
    - Explainers
 authors:
    - em
-description: In privacy, we talk a lot about how to protect our own data, but what about our responsibility to protect the data of others? If you care about privacy rights, you must also care for the data of the people around you. Together, we must start building a culture of data privacy where everyone cares for the data of others.
+description: In privacy, we talk a lot about how to protect our own data, but what about our responsibility to protect the data of others? If you care about privacy rights, you must also care for the data of the people around you. Together, we must build a culture where everyone cares for the data of others.
 schema_type: NewsArticle
 preview:
  cover: blog/assets/images/the-privacy-of-others/cover.webp
@@ -5,7 +5,7 @@ categories:
    - Opinion
 authors:
    - em
-description: If you, like myself, have been inhabiting the internet for a few decades, you're probably familiar with the old adage IRL (In Real Life). The acronym was used a lot when the distinction between online life and offline life was much greater than it is now. In today's world, can we really keep referring to our digital life as being somehow disconnected from our real life?
+description: If you've been on the internet for a while, you're probably familiar with the old adage IRL (In Real Life). The acronym was used a lot when online and offline life was much more separated than it is now. Today, can we truly keep talking about our digital life as being separated from our real life?
 schema_type: OpinionNewsArticle
 preview:
  cover: blog/assets/images/your-online-life-is-irl/irl-cover.webp
@@ -19,7 +19,7 @@ schema:
 **Privacy Guides** is a socially motivated website that provides information for protecting your data security and privacy. We are a non-profit project with a mission to inform the public about the value of digital privacy, and about global government initiatives which aim to monitor your online activity. Our website is free of advertisements and not affiliated with any of the listed providers.
-[:material-heart:{.pg-red} Make a Donation](https://donate.magicgrants.org/privacyguides){ .md-button .md-button--primary }
+[:material-heart:{.pg-red} Become a Member](https://donate.magicgrants.org/privacyguides){ .md-button .md-button--primary data-portal="signup" }
 [:octicons-home-16:](https://www.privacyguides.org){ .card-link title=Homepage }
 [:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" }
@@ -183,6 +183,7 @@ However, Privacy Guides *does* have social media accounts on a wide variety of p
 - [:simple-x: X (Twitter)](https://x.com/privacy_guides)
 - [:simple-youtube: YouTube](https://youtube.com/@privacyguides)
 - [:simple-tiktok: TikTok](https://www.tiktok.com/@privacyguides)
 - [:simple-facebook: Facebook](https://www.facebook.com/PrivacyGuides.org)
 </div>
@@ -5,8 +5,11 @@ description: The charitable mission of Privacy Guides relies on contributions fr
 <!-- markdownlint-disable MD036 -->
 Support our mission to defend digital rights and spread the word about mass surveillance programs and other daily privacy invasions. You can help Privacy Guides researchers, activists, and maintainers create informative content, host private digital services, and protect privacy rights at a time when the world needs it most.
-[:material-heart:{ .pg-red } Become a Member](https://donate.magicgrants.org/privacyguides/membership){ class="md-button md-button--primary" }
+<!-- markdownlint-disable-next-line -->
-[:material-hand-coin: Make a Donation](https://donate.magicgrants.org/privacyguides/donate/privacyguides){ class="md-button md-button--primary" }
+[:material-heart:{ .pg-red } Become a Member](https://donate.magicgrants.org/privacyguides/membership){ class="md-button md-button--primary" data-portal="signup" }
 [Become a Member (Cryptocurrency)](https://donate.magicgrants.org/privacyguides/membership){ class="md-button" }
 [One-Time Donation](https://donate.magicgrants.org/privacyguides/donate/privacyguides){ class="md-button" }
 <small markdown>
@@ -1,6 +1,6 @@
 ---
 meta_title: "The Best Android Operating Systems - Privacy Guides"
-title: "Alternative Distributions"
+title: Alternative Distributions
 description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
 schema:
  -
@@ -47,15 +47,19 @@ GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wik
 [:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
+[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title="Documentation" }
 [:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title="Contribute" }
 </div>
 GrapheneOS supports [sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs Google Play Services fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as push notifications, while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice.
-[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
+[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). The Pixel 8 and later support ARM's Memory Tagging Extension (MTE), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. GrapheneOS greatly expands the coverage of MTE on supported devices. Whereas the stock OS only allows you to opt in to a limited implementation of MTE via a developer option or Google's Advanced Protection Program, GrapheneOS features a more robust implementation of MTE by default in the system kernel, default system components, and their Vanadium web browser and its WebView.
 GrapheneOS also provides a global toggle for enabling MTE on all user-installed apps at :gear: **Settings** → **Security & privacy** → **Exploit protection** → **Memory tagging** → **Enable by default**. The OS also features per-app toggles to opt out of MTE for apps which may crash due to compatibility issues.
 ### Connectivity Checks
 By default, Android makes many network connections to Google to perform DNS connectivity checks, to sync with current network time, to check your network connectivity, and for many other background tasks. GrapheneOS replaces these with connections to servers operated by GrapheneOS and subject to their privacy policy. This hides information like your IP address [from Google](../basics/common-threats.md#privacy-from-service-providers), but means it is trivial for an admin on your network or ISP to see you are making connections to `grapheneos.network`, `grapheneos.org`, etc. and deduce what operating system you are using.
@@ -21,7 +21,7 @@ There is another standard which is popular with business called [S/MIME](https:/
 The [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD) standard allows email clients to discover the OpenPGP key for other mailboxes, even those hosted on a different provider. Email clients which support WKD will ask the recipient's server for a key based on the email address' domain name. For example, if you emailed `jonah@privacyguides.org`, your email client would ask `privacyguides.org` for Jonah's OpenPGP key, and if `privacyguides.org` has a key for that account, your message would be automatically encrypted.
-In addition to the [email clients we recommend](../email-clients.md) which support WKD, some webmail providers also support WKD. Whether *your own* key is published to WKD for others to use depends on your domain configuration. If you use an [email provider](../email.md#openpgp-compatible-services) which supports WKD, such as Proton Mail or Mailbox.org, they can publish your OpenPGP key on their domain for you.
+In addition to the [email clients we recommend](../email-clients.md) which support WKD, some webmail providers also support WKD. Whether *your own* key is published to WKD for others to use depends on your domain configuration. If you use an [email provider](../email.md#openpgp-compatible-services) which supports WKD, such as Proton Mail or Mailbox Mail, they can publish your OpenPGP key on their domain for you.
 If you use your own custom domain, you will need to configure WKD separately. If you control your domain name, you can set up WKD regardless of your email provider. One easy way to do this is to use the "[WKD as a Service](https://keys.openpgp.org/about/usage#wkd-as-a-service)" feature from the `keys.openpgp.org` server: Set a CNAME record on the `openpgpkey` subdomain of your domain pointed to `wkd.keys.openpgp.org`, then upload your key to [keys.openpgp.org](https://keys.openpgp.org). Alternatively, you can [self-host WKD on your own web server](https://wiki.gnupg.org/WKDHosting).
@@ -110,6 +110,12 @@ The best way to prevent a targeted attack against you before a device is in your
 Make sure your device supports secure boot/verified boot, and you have it enabled. Try to avoid leaving your device unattended whenever possible.
 ### Kensington Locks
 Many laptops come equipped with a [Kensington slot](https://www.kensington.com/solutions/product-category/security/?srsltid=AfmBOorQOlRnqRJOAqM-Mvl7wumed0wBdiOgktlvdidpMHNIvGfwj9VI) that can be used to secure your device with a **metal cable** that locks into the slot on your machine. These locks can be combination locks or keyed.
 As with all locks, Kensington locks are vulnerable to [physical attacks](https://youtu.be/vgvCxL7dMJk) so you should mainly use them to deter petty theft. You can secure your laptop at home or even when you're out in public using a table leg or something that won't move easily.
 ## Secure your Network
 ### Compartmentalization
@@ -1,6 +1,6 @@
 ---
-title: "Multifactor Authentication"
+title: Multifactor Authentication
-icon: 'material/two-factor-authentication'
+icon: material/two-factor-authentication
 description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others.
 ---
 **Multifactor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app.
@@ -63,7 +63,7 @@ If your threat model requires you to have different identities on different webs
 #### FIDO (Fast IDentity Online)
-[FIDO](https://en.wikipedia.org/wiki/FIDO_Alliance) includes a number of standards, first there was U2F and then later [FIDO2](https://en.wikipedia.org/wiki/FIDO2_Project) which includes the web standard [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn).
+[FIDO](https://en.wikipedia.org/wiki/FIDO_Alliance) includes a number of standards, first there was [U2F](https://en.wikipedia.org/wiki/Universal_2nd_Factor) and then later [FIDO2](https://en.wikipedia.org/wiki/FIDO2_Project) which includes the web standard [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn).
 U2F and FIDO2 refer to the [Client to Authenticator Protocol](https://en.wikipedia.org/wiki/Client_to_Authenticator_Protocol), which is the protocol between the security key and the computer, such as a laptop or phone. It complements WebAuthn which is the component used to authenticate with the website (the "Relying Party") you're trying to log in on.
@@ -70,6 +70,8 @@ uBlock Origin also has a "Lite" version of their extension, which offers a very
 <summary>Downloads</summary>
 - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/ublock-origin-lite/ddkjiahejlhfcafbddmgiahcphecmpfh)
 - [:fontawesome-brands-edge: Edge](https://microsoftedge.microsoft.com/addons/detail/cimighlppcgcoapaliogpjjdehbnofhn)
 - [:simple-safari: Safari](https://apps.apple.com/app/id6745342698)
 </details>
@@ -50,14 +50,14 @@ Multiple calendars and extended sharing functionality are limited to paid subscr
 ![Proton](assets/img/calendar/proton-calendar.svg){ align=right }
-**Proton Calendar** is an encrypted calendar service available to Proton members via web or mobile clients. Features include automatic E2EE of all data, sharing features, import/export functionality, and [more](https://proton.me/support/proton-calendar-guide).
+**Proton Calendar** is an encrypted calendar service available to Proton members via its web or mobile clients. Features include automatic E2EE of all data, sharing features, import/export functionality, and [more](https://proton.me/support/proton-calendar-guide).
 Those on the free tier have access to 3 calendars, whereas paid subscribers can create up to 25 calendars. Extended sharing functionality is also limited to paid subscribers.
 [:octicons-home-16: Homepage](https://proton.me/calendar){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://proton.me/calendar/privacy-policy){ .card-link title="Privacy Policy" }
 [:octicons-info-16:](https://proton.me/support/calendar){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/ProtonMail/WebClients){ .card-link title="Source Code" }
+[:octicons-code-16:](https://github.com/orgs/ProtonMail/repositories?q=calendar){ .card-link title="Source Code" }
 <details class="downloads" markdown>
 <summary>Downloads</summary>
@@ -70,7 +70,7 @@ Those on the free tier have access to 3 calendars, whereas paid subscribers can
 </div>
-Unfortunately, as of August 2024 Proton has [still](https://discuss.privacyguides.net/t/proton-calendar-is-not-open-source-mobile/14656/8) not released the source code for their mobile Calendar app on Android or iOS, and only the former has been [audited](https://proton.me/blog/security-audit-all-proton-apps). Proton Calendar's web client is open source, however, and has been [audited](https://proton.me/community/open-source).
+In 2021, Securitum [audited](https://proton.me/community/open-source#:~:text=Proton%20Calendar) Proton Calendar's web client and provided a [letter of attestation](https://res.cloudinary.com/dbulfrlrz/images/v1714639870/wp-pme/letter-of-attestation-proton-calendar-20211109_3138998f9b/letter-of-attestation-proton-calendar-20211109_3138998f9b.pdf) for the Android app.
 ## Criteria
@@ -1,6 +1,6 @@
 ---
 meta_title: "The Best Private and Secure Cloud Storage Providers - Privacy Guides"
-title: "Cloud Storage"
+title: Cloud Storage
 icon: material/file-cloud
 description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives!
 cover: cloud.webp
@@ -17,7 +17,7 @@ If these alternatives do not fit your needs, we suggest you look into using encr
 <details class="admonition info" markdown>
 <summary>Looking for Nextcloud?</summary>
-Nextcloud is [still a recommended tool](document-collaboration.md#nextcloud) for self-hosting a file management suite, however we do not recommend third-party Nextcloud storage providers at the moment, because we do [not recommend](https://discuss.privacyguides.net/t/dont-recommend-nextcloud-e2ee/10352/29) Nextcloud's built-in E2EE functionality for home users.
+For more technical readers, Nextcloud is [still a recommended tool](self-hosting/file-management.md#nextcloud) for self-hosting a file management suite, however we do not recommend third-party Nextcloud storage providers at the moment, because we do [not recommend](https://discuss.privacyguides.net/t/dont-recommend-nextcloud-e2ee/10352/29) Nextcloud's built-in E2EE functionality for home users.
 </details>
@@ -97,7 +97,9 @@ They have also received the Digital Trust Label, a certification from the [Swiss
 ![Peergos logo](assets/img/cloud/peergos.svg){ align=right }
-**Peergos** is a decentralized protocol and open-source platform for storage, social media, and applications. It provides a secure and private space where users can store, share, and view their photos, videos, documents, etc. Peergos secures your files with quantum-resistant end-to-end encryption and ensures all data about your files remains private.
+**Peergos** is a decentralized protocol and open-source platform for storage, social media, and applications. It provides a secure and private space where users can store, share, view, and edit their photos, videos, documents, etc.
 Peergos secures your files with quantum-resistant E2EE and ensures all data about your files remains private. It is also [self-hostable](https://book.peergos.org/features/self).
 [:octicons-home-16: Homepage](https://peergos.org){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://peergos.net/privacy.html){ .card-link title="Privacy Policy" }
@@ -110,9 +112,9 @@ They have also received the Digital Trust Label, a certification from the [Swiss
 - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=peergos.android)
 - [:simple-github: GitHub](https://github.com/Peergos/web-ui/releases)
- [:fontawesome-brands-windows: Windows](https://github.com/Peergos/web-ui/releases)
+- [:fontawesome-brands-windows: Windows](https://peergos.org/download#windows)
- [:simple-apple: macOS](https://github.com/Peergos/web-ui/releases)
+- [:simple-apple: macOS](https://peergos.org/download#macos)
- [:simple-linux: Linux](https://github.com/Peergos/web-ui/releases)
+- [:simple-linux: Linux](https://peergos.org/download#linux)
 - [:octicons-browser-16: Web](https://peergos.net)
 </details>
@@ -121,9 +123,7 @@ They have also received the Digital Trust Label, a certification from the [Swiss
 Peergos is built on top of the [InterPlanetary File System (IPFS)](https://ipfs.tech), a peer-to-peer architecture that protects against [:material-close-outline: Censorship](basics/common-threats.md#avoiding-censorship){ .pg-blue-gray }.
-Peergos is primarily a web app, but you can self-host the server either as a local cache for your remote Peergos account, or as a standalone storage server which negates the need to register for a remote account and subscription. The Peergos server is a `.jar` file, which means the Java 17+ Runtime Environment ([OpenJDK download](https://azul.com/downloads)) should be installed on your machine to get it working.
+The client, server, and command line interface for Peergos all run from the same binary. Additionally, Peergos includes a [sync engine](https://book.peergos.org/features/sync) (accessible via the native apps) for bi-directionally synchronizing a local folder with a Peergos folder, and a [webdav bridge](https://book.peergos.org/features/webdav) to allow other applications to access your Peergos storage. You can refer to Peergos's documentation for a full overview of their numerous features.
 Running a local version of Peergos alongside a registered account on their paid, hosted service allows you to access your Peergos storage without any reliance on DNS or TLS certificate authorities, and keep a copy of your data backed up to their cloud. The user experience should be the same whether you run their desktop server or just use their hosted web interface.
 Peergos was [audited](https://peergos.org/posts/security-audit-2024) in November 2024 by Radically Open Security and all issues were fixed. They were previously [audited](https://cure53.de/pentest-report_peergos.pdf) by Cure53 in June 2019, and all found issues were subsequently fixed.
@@ -24,19 +24,19 @@ You should **never** use blur to redact [text in images](https://bishopfox.com/b
 ![MAT2 logo](assets/img/data-redaction/mat2.svg){ align=right }
-**MAT2** is free, cross-platform software which allows you to remove metadata from image, audio, torrent, and document file types. It provides both a command line tool and a graphical user interface via an extension for [Dolphin](https://0xacab.org/jvoisin/mat2/-/tree/master/dolphin), the default file manager of [KDE](https://kde.org).
+**MAT2** is free, cross-platform software which allows you to remove metadata from image, audio, torrent, and document file types. It provides both a command line tool and a graphical user interface via an extension for [Dolphin](https://github.com/jvoisin/mat2/tree/master/dolphin), the default file manager of [KDE](https://kde.org).
-[:octicons-repo-16: Repository](https://0xacab.org/jvoisin/mat2){ .md-button .md-button--primary }
+[:octicons-repo-16: Repository](https://github.com/jvoisin/mat2#readme){ .md-button .md-button--primary }
-[:octicons-info-16:](https://0xacab.org/jvoisin/mat2/-/blob/master/README.md){ .card-link title="Documentation" }
+[:octicons-info-16:](https://github.com/jvoisin/mat2#how-to-use-mat2){ .card-link title="Documentation" }
-[:octicons-code-16:](https://0xacab.org/jvoisin/mat2){ .card-link title="Source Code" }
+[:octicons-code-16:](https://github.com/jvoisin/mat2){ .card-link title="Source Code" }
 <details class="downloads" markdown>
 <summary>Downloads</summary>
- [:fontawesome-brands-windows: Windows](https://pypi.org/project/mat2#metadata-and-privacy)
+- [:fontawesome-brands-windows: Windows](https://pypi.org/project/mat2)
- [:simple-apple: macOS](https://0xacab.org/jvoisin/mat2#requirements-setup-on-macos-os-x-using-homebrew)
+- [:simple-apple: macOS](https://github.com/jvoisin/mat2#requirements-setup-on-macos-os-x-using-homebrew)
 - [:simple-linux: Linux](https://pypi.org/project/mat2)
- [:octicons-globe-16: Web](https://0xacab.org/jvoisin/mat2#web-interface)
+- [:octicons-browser-16: Web](https://github.com/jvoisin/mat2#web-interface)
 </details>
@@ -110,12 +110,6 @@ Mullvad Browser operates in permanent private browsing mode, meaning your histor
 This is required to prevent advanced forms of tracking, but does come at the cost of convenience and some Firefox features, such as Multi-Account Containers. Remember you can always use multiple browsers, for example, you could consider using Firefox+Arkenfox for a few sites that you want to stay logged in on or otherwise don't work properly in Mullvad Browser, and Mullvad Browser for general browsing.
 ### Mullvad Leta
 Mullvad Browser comes with [**Mullvad Leta**](search-engines.md#mullvad-leta) as the default search engine, which functions as a proxy to either Google or Brave search results (configurable on the Mullvad Leta homepage).
 If you are a Mullvad VPN user, there is some risk in using services like Mullvad Leta which are offered by your VPN provider themselves. This is because Mullvad theoretically has access to your true IP address (via their VPN) and your search activity (via Leta); the latter is information a VPN is typically intended to separate. Even though Mullvad collects very little information about their VPN subscribers or Leta users, you should consider a different [search engine](search-engines.md) if this risk concerns you.
 ## Firefox
 <div class="admonition recommendation" markdown>
@@ -309,7 +303,7 @@ Brave allows you to select additional content filters within the internal `brave
 <div class="annotate" markdown>
- [x] Select **Don't allow sites to use the V8 optimizer** under *Security* → *Manage V8 security* (1)
+- [x] Select **Don’t allow sites to use JavaScript optimization** under *Security* → *Manage JavaScript optimization & security* (1)
 - [x] Select **Automatically remove permissions from unused sites** under *Sites and Shields Settings*
 - [x] Select **Disable non-proxied UDP** under [*WebRTC IP Handling Policy*](https://support.brave.com/hc/articles/360017989132-How-do-I-change-my-Privacy-Settings#webrtc)
 - [ ] Uncheck **Use Google services for push messaging**
@@ -23,9 +23,8 @@ These are our favorite public DNS resolvers based on their privacy and security
 | [**AdGuard Public DNS**](https://adguard-dns.io/en/public-dns.html) | Cleartext <br>DoH/3 <br>DoT <br>DoQ <br>DNSCrypt | Anonymized[^1] | Anonymized | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardSDNSFilter) | Yes [:octicons-link-external-24:](https://adguard-dns.io/en/blog/encrypted-dns-ios-14.html) |
 | [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setup) | Cleartext <br>DoH/3 <br>DoT | Anonymized[^2] | No | Based on server choice. | No [:octicons-link-external-24:](https://community.cloudflare.com/t/requesting-1-1-1-1-signed-profiles-for-apple/571846) |
 | [**Control D Free DNS**](https://controld.com/free-dns) | Cleartext <br>DoH/3 <br>DoT <br>DoQ | No[^3] | No | Based on server choice. | Yes <br>[:simple-apple: iOS](https://docs.controld.com/docs/ios-platform) <br>[:material-apple-finder: macOS](https://docs.controld.com/docs/macos-platform#manual-setup-profile) |
-| [**DNS0.eu**](https://dns0.eu) | Cleartext <br>DoH/3 <br>DoH <br>DoT <br>DoQ | Anonymized[^4] | Anonymized | Based on server choice. | Yes [:octicons-link-external-24:](https://dns0.eu/zero.dns0.eu.mobileconfig) |
+| [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | DoH <br>DoT | No[^4] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) | Yes [:octicons-link-external-24:](https://github.com/mullvad/encrypted-dns-profiles) |
-| [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | DoH <br>DoT | No[^5] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) | Yes [:octicons-link-external-24:](https://github.com/mullvad/encrypted-dns-profiles) |
+| [**Quad9**](https://quad9.net) | Cleartext <br>DoH <br>DoT <br>DNSCrypt | Anonymized[^5] | Optional | Based on server choice. Malware blocking is included by default. | Yes <br>[:simple-apple: iOS](https://docs.quad9.net/Setup_Guides/iOS/iOS_14_and_later_(Encrypted)) <br>[:material-apple-finder: macOS](https://docs.quad9.net/Setup_Guides/MacOS/Big_Sur_and_later_(Encrypted)) |
 | [**Quad9**](https://quad9.net) | Cleartext <br>DoH <br>DoT <br>DNSCrypt | Anonymized[^6] | Optional | Based on server choice. Malware blocking is included by default. | Yes <br>[:simple-apple: iOS](https://docs.quad9.net/Setup_Guides/iOS/iOS_14_and_later_(Encrypted)) <br>[:material-apple-finder: macOS](https://docs.quad9.net/Setup_Guides/MacOS/Big_Sur_and_later_(Encrypted)) |
 [^1]:
    AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested within the last 24 hours.
@@ -42,14 +41,10 @@ These are our favorite public DNS resolvers based on their privacy and security
    Control D: [*Privacy Policy*](https://controld.com/privacy)
 [^4]:
    DNS0.eu collects some data for their threat intelligence feeds to monitor for newly registered/observed/active domains and other bulk data. That data is shared with some [partners](https://docs.dns0.eu/data-feeds/introduction) for e.g. security research. They do not collect any personally identifiable information.
    DNS0.eu: [*Privacy Policy*](https://dns0.eu/privacy)
 [^5]:
    Mullvad's DNS service is available to both subscribers and non-subscribers of Mullvad VPN. Their privacy policy explicitly claims they do not log DNS requests in any way.
    Mullvad: [*No-logging of user activity policy*](https://mullvad.net/en/help/no-logging-data-policy)
-[^6]:
+[^5]:
    Quad9 collects some data for the purposes of threat monitoring and response. That data may then be remixed and shared for purposes like furthering their security research. Quad9 does not collect or record IP addresses or other data they deem personally identifiable.
    Quad9: [*Data and Privacy Policy*](https://quad9.net/privacy/policy)
@@ -195,5 +190,5 @@ All DNS products...
 Additionally, all public providers...
 - Must not log any personal data to disk.
-    - As noted in the footnotes, some providers collect query information for purposes like security research, but in that case the data must not be associated with any PII such as IP address, etc.
+    - As noted in the footnotes, some providers collect query information for purposes like security research, but in such cases, the data must not be associated with any PII such as IP address, etc.
 - Should support [anycast](https://en.wikipedia.org/wiki/Anycast) or geo-steering.
@@ -1,77 +1,41 @@
 ---
-title: "Document Collaboration"
+title: Document Collaboration
 icon: material/account-group
-description: Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do.
+description: Most online office suites do not support end-to-end encryption, meaning the cloud provider has access to everything you do.
 cover: document-collaboration.webp
 ---
 <small>Protects against the following threat(s):</small>
 - [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers){ .pg-teal }
-Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. The provider's privacy policy may legally protect your rights, but it does not provide technical access constraints.
+Most online **document collaboration** platforms like Google Drive do not support end-to-end encryption, meaning the cloud provider has access to everything you do. The provider's privacy policy may legally protect your rights, but it does not provide technical access constraints.
-## Collaboration Platforms
+## CryptPad
 ### Nextcloud
 <div class="admonition recommendation" markdown>
 ![Nextcloud logo](assets/img/document-collaboration/nextcloud.svg){ align=right }
 **Nextcloud** is a suite of free and open-source client-server software for creating your own file hosting services on a private server you control.
 [:octicons-home-16: Homepage](https://nextcloud.com){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://nextcloud.com/privacy){ .card-link title="Privacy Policy" }
 [:octicons-info-16:](https://nextcloud.com/support){ .card-link title=Documentation}
 [:octicons-code-16:](https://github.com/nextcloud){ .card-link title="Source Code" }
 [:octicons-heart-16:](https://nextcloud.com/contribute){ .card-link title=Contribute }
 <details class="downloads" markdown>
 <summary>Downloads</summary>
 - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.nextcloud.client)
 - [:simple-appstore: App Store](https://apps.apple.com/app/id1125420102)
 - [:simple-github: GitHub](https://github.com/nextcloud/android/releases)
 - [:fontawesome-brands-windows: Windows](https://nextcloud.com/install/#install-clients)
 - [:simple-apple: macOS](https://nextcloud.com/install/#install-clients)
 - [:simple-linux: Linux](https://nextcloud.com/install/#install-clients)
 </details>
 </div>
 <div class="admonition danger" markdown>
 <p class="admonition-title">Danger</p>
 We don't recommend using the [E2EE App](https://apps.nextcloud.com/apps/end_to_end_encryption) for Nextcloud as it may lead to data loss; it is highly experimental and not production quality. For this reason, we don't recommend third-party Nextcloud providers.
 </div>
 ### CryptPad
 <div class="admonition recommendation" markdown>
 ![CryptPad logo](assets/img/document-collaboration/cryptpad.svg){ align=right }
-**CryptPad** is a private-by-design alternative to popular office tools. All content on this web service is end-to-end encrypted and can be shared with other users easily. [:material-star-box: Read our latest CryptPad review.](https://www.privacyguides.org/articles/2025/02/07/cryptpad-review)
+**CryptPad** is a private-by-design alternative to popular, full-fledged office suites. All content on this web service is E2EE and can be shared with other users easily.
 [:material-star-box: Read our latest CryptPad review.](https://www.privacyguides.org/articles/2025/02/07/cryptpad-review)
 [:octicons-home-16: Homepage](https://cryptpad.fr){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://cryptpad.fr/pad/#/2/pad/view/GcNjAWmK6YDB3EO2IipRZ0fUe89j43Ryqeb4fjkjehE){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://docs.cryptpad.fr){ .card-link title=Documentation}
+[:octicons-server-16:](https://cryptpad.org/instances){ .card-link title="Public Instances" }
 [:octicons-info-16:](https://docs.cryptpad.fr){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/xwiki-labs/cryptpad){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://opencollective.com/cryptpad){ .card-link title=Contribute }
+[:octicons-heart-16:](https://opencollective.com/cryptpad){ .card-link title="Contribute" }
 </details>
 </div>
-### Criteria
+## Criteria
 **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-#### Minimum Requirements
+### Minimum Requirements
 In general, we define collaboration platforms as full-fledged suites which could reasonably act as a replacement to Google Drive.
 - Must be open source.
 - Must make files accessible via WebDAV unless it is impossible due to E2EE.
@@ -80,7 +44,7 @@ In general, we define collaboration platforms as full-fledged suites which could
 - Must support real-time document collaboration.
 - Must support exporting documents to standard document formats (e.g. ODF).
-#### Best-Case
+### Best-Case
 Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
@@ -140,11 +140,11 @@ Apple Mail has the ability to load remote content in the background or block it
 ![Evolution logo](assets/img/email-clients/evolution.svg){ align=right }
-**Evolution** is a personal information management application that provides integrated mail, calendaring and address book functionality. Evolution has extensive [documentation](https://help.gnome.org/users/evolution/stable) to help you get started.
+**Evolution** is a personal information management application that provides integrated mail, calendaring, and address book functionality. Evolution has extensive [documentation](https://gnome.pages.gitlab.gnome.org/evolution/help) to help you get started.
-[:octicons-home-16: Homepage](https://wiki.gnome.org/Apps/Evolution){ .md-button .md-button--primary }
+[:octicons-home-16: Homepage](https://gitlab.gnome.org/GNOME/evolution/-/wikis/home){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://wiki.gnome.org/Apps/Evolution/PrivacyPolicy){ .card-link title="Privacy Policy" }
+[:octicons-eye-16:](https://gitlab.gnome.org/GNOME/evolution/-/wikis/Privacy-Policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://help.gnome.org/users/evolution/stable){ .card-link title="Documentation" }
+[:octicons-info-16:](https://gnome.pages.gitlab.gnome.org/evolution/help){ .card-link title="Documentation" }
 [:octicons-code-16:](https://gitlab.gnome.org/GNOME/evolution){ .card-link title="Source Code" }
 [:octicons-heart-16:](https://gnome.org/donate){ .card-link title="Contribute" }
@@ -1,6 +1,6 @@
 ---
 meta_title: "Encrypted Private Email Recommendations - Privacy Guides"
-title: "Email Services"
+title: Email Services
 icon: material/email
 description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers.
 cover: email.webp
@@ -21,9 +21,9 @@ For everything else, we recommend a variety of email providers based on sustaina
 | Provider | OpenPGP / WKD | IMAP / SMTP | Zero-Access Encryption | Anonymous Payment Methods |
 |---|---|---|---|---|
-| [Proton Mail](#proton-mail) | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Paid plans only | :material-check:{ .pg-green } | Cash |
+| [Proton Mail](#proton-mail) | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Paid plans only | :material-check:{ .pg-green } | Cash <br>Monero via third party |
-| [Mailbox.org](#mailboxorg) | :material-check:{ .pg-green } | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Mail only | Cash |
+| [Mailbox Mail](#mailbox-mail) | :material-check:{ .pg-green } | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Mail only | Cash |
-| [Tuta](#tuta) | :material-alert-outline:{ .pg-orange } | :material-alert-outline:{ .pg-orange } | :material-check:{ .pg-green } | Monero <br>Cash via third party |
+| [Tuta](#tuta) | :material-alert-outline:{ .pg-orange } | :material-alert-outline:{ .pg-orange } | :material-check:{ .pg-green } | Monero via third party <br>Cash via third party |
 In addition to (or instead of) an email provider recommended here, you may wish to consider a dedicated [email aliasing service](email-aliasing.md#recommended-providers) to protect your privacy. Among other things, these services can help protect your real inbox from spam, prevent marketers from correlating your accounts, and encrypt all incoming messages with PGP.
@@ -31,12 +31,12 @@ In addition to (or instead of) an email provider recommended here, you may wish
 ## OpenPGP Compatible Services
-These providers natively support OpenPGP encryption/decryption and the [Web Key Directory (WKD) standard](basics/email-security.md#what-is-the-web-key-directory-standard), allowing for provider-agnostic end-to-end encrypted emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it.
+These providers natively support OpenPGP encryption/decryption and the [Web Key Directory (WKD) standard](basics/email-security.md#what-is-the-web-key-directory-standard), allowing for provider-agnostic end-to-end encrypted emails. For example, a Proton Mail user could send an E2EE message to a Mailbox Mail user, or you could receive OpenPGP-encrypted notifications from internet services which support it.
 <div class="grid cards" markdown>
- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail)
+- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](#proton-mail)
- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg)
+- ![Mailbox Mail logo](assets/img/email/mailbox-mail.svg){ .twemoji } [Mailbox Mail](#mailbox-mail)
 </div>
@@ -82,11 +82,25 @@ The Proton Free plan comes with 500 MB of Mail storage, which you can increase u
 </div>
-Free accounts have some limitations, such as not being able to search body text and not having access to [Proton Mail Bridge](https://proton.me/mail/bridge), which is required to use a [recommended desktop email client](email-clients.md) (e.g., Thunderbird). Paid accounts include features like Proton Mail Bridge, additional storage, and custom domain support. If you have the Proton Unlimited plan or any multi-user Proton plan, you also get [SimpleLogin](email-aliasing.md#simplelogin) Premium for free.
+Free accounts have some limitations, such as not being able to search body text and not having access to [Proton Mail Bridge](https://proton.me/mail/bridge), which is required to use a [recommended desktop email client](email-clients.md) such as Thunderbird. Paid accounts include features like Proton Mail Bridge, additional storage, and custom domain support. The Proton Unlimited plan or any multi-user Proton plan includes access to [SimpleLogin](email-aliasing.md#simplelogin) Premium.
-A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton Mail's apps on 9th November 2021 by [Securitum](https://research.securitum.com).
+A [letter of attestation](https://res.cloudinary.com/dbulfrlrz/images/v1714639878/wp-pme/letter-of-attestation-proton-mail-20211109_3138714c61/letter-of-attestation-proton-mail-20211109_3138714c61.pdf) was provided for Proton Mail's apps in November 2021 by [Securitum](https://research.securitum.com).
-Proton Mail has internal crash reports that are **not** shared with third parties. This can be disabled in the web app: :gear: → **All Settings** → **Account** → **Security and privacy** → **Privacy and data collection**.
+Proton Mail has internal crash reports that are **not** shared with third parties and can be disabled.
 === "Web"
    From your inbox, select :gear: → **All Settings** → **Account** → **Security and privacy** → **Privacy and data collection**.
    - [ ] Disable **Collect usage dignostics**
    - [ ] Disable **Send crash reports**
 === "Mobile"
    From your inbox, select :material-menu: → :gear: **Settings** → select your username.
    - [ ] Disable **Send crash reports**
    - [ ] Disable **Collect usage dignostics**
 #### :material-check:{ .pg-green } Custom Domains and Aliases
@@ -94,7 +108,7 @@ Paid Proton Mail subscribers can use their own domain with the service or a [cat
 #### :material-check:{ .pg-green } Private Payment Methods
-Proton Mail [accepts](https://proton.me/support/payment-options) **cash** by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments.
+Proton Mail [accepts](https://proton.me/support/payment-options) **cash** by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments. Additionally, you can use [**Monero**](cryptocurrency.md#monero) to purchase vouchers for Proton Mail Plus or Proton Unlimited via their [official](https://discuss.privacyguides.net/t/add-monero-as-an-anonymous-payment-method-for-proton-services/31058/15) reseller [ProxyStore](https://dys2p.com/en/2025-09-09-proton.html).
 #### :material-check:{ .pg-green } Account Security
@@ -120,13 +134,13 @@ If you have a paid account and your [bill is unpaid](https://proton.me/support/d
 Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500 GB of storage.
-### Mailbox.org
+### Mailbox Mail
 <div class="admonition recommendation" markdown>
-![Mailbox.org logo](assets/img/email/mailboxorg.svg){ align=right }
+![Mailbox Mail logo](assets/img/email/mailbox-mail.svg){ align=right }
-**Mailbox.org** is an email service with a focus on being secure, ad-free, and powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany.
+**Mailbox Mail** (formerly *Mailbox.org*) is an email service with a focus on being secure, ad-free, and powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox Mail is based in Berlin, Germany.
 Accounts start with up to 2 GB storage, which can be upgraded as needed.
@@ -145,27 +159,27 @@ Accounts start with up to 2 GB storage, which can be upgraded as needed.
 #### :material-check:{ .pg-green } Custom Domains and Aliases
-Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/en/private/custom-domains/how-to-set-up-a-catch-all-alias-with-a-custom-domain-name) addresses. Mailbox.org also supports [sub-addressing](https://kb.mailbox.org/en/private/account-article/what-is-an-alias-and-how-do-i-use-it), which is useful if you don't want to purchase a domain.
+Mailbox Mail lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/en/private/custom-domains/how-to-set-up-a-catch-all-alias-with-a-custom-domain-name) addresses. Mailbox Mail also supports [sub-addressing](https://kb.mailbox.org/en/private/account-article/what-is-an-alias-and-how-do-i-use-it), which is useful if you don't want to purchase a domain.
 #### :material-check:{ .pg-green } Private Payment Methods
-Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept **cash** by mail, **cash** payment to bank account, bank transfer, credit card, PayPal, and a couple of German-specific processors: Paydirekt and Sofortüberweisung.
+Mailbox Mail doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept **cash** by mail, **cash** payment to bank account, bank transfer, credit card, PayPal, and a couple of German-specific processors: Paydirekt and Sofortüberweisung.
 #### :material-check:{ .pg-green } Account Security
-Mailbox.org supports [two-factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online) are not yet supported.
+Mailbox Mail supports [two-factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](security-keys.md#yubikey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online) are not yet supported.
 #### :material-information-outline:{ .pg-blue } Data Security
-Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/en/private/e-mail-article/your-encrypted-mailbox). New messages that you receive will then be immediately encrypted with your public key.
+Mailbox Mail allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/en/private/e-mail-article/your-encrypted-mailbox). New messages that you receive will then be immediately encrypted with your public key.
-However, [Open-Xchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/en/private/security-privacy-article/encryption-of-calendar-and-address-book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that data.
+However, [Open-Xchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox Mail, [does not support](https://kb.mailbox.org/en/private/security-privacy-article/encryption-of-calendar-and-address-book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that data.
 #### :material-check:{ .pg-green } Email Encryption
-Mailbox.org has [integrated encryption](https://kb.mailbox.org/en/private/e-mail-article/send-encrypted-e-mails-with-guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/en/private/e-mail-article/my-recipient-does-not-use-pgp) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox.
+Mailbox Mail has [integrated encryption](https://kb.mailbox.org/en/private/e-mail-article/send-encrypted-e-mails-with-guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/en/private/e-mail-article/my-recipient-does-not-use-pgp) on Mailbox Mail's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox.
-Mailbox.org also supports the discovery of public keys via HTTP from their WKD. This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily for cross-provider E2EE. This only applies to email addresses ending in one of Mailbox.org's own domains, like `@mailbox.org`. If you use a custom domain, you must [configure WKD](basics/email-security.md#what-is-the-web-key-directory-standard) separately.
+Mailbox Mail also supports the discovery of public keys via HTTP from their WKD. This allows people outside of Mailbox Mail to find the OpenPGP keys of Mailbox Mail accounts easily for cross-provider E2EE. This only applies to email addresses ending in one of Mailbox Mail's own domains, like `@mailbox.org`. If you use a custom domain, you must [configure WKD](basics/email-security.md#what-is-the-web-key-directory-standard) separately.
 #### :material-information-outline:{ .pg-blue } Account Termination
@@ -173,11 +187,11 @@ Your account will be set to a restricted user account when your contract ends. I
 #### :material-information-outline:{ .pg-blue } Additional Functionality
-You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). However, their webmail interface cannot be accessed via their .onion service, and you may experience TLS certificate errors.
+You can access your Mailbox Mail account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). However, their webmail interface cannot be accessed via their .onion service, and you may experience TLS certificate errors.
-All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/en/private/drive-article/encrypt-files-on-your-drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/en/private/e-mail-article/ensuring-e-mails-are-sent-securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3.
+All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/en/private/drive-article/encrypt-files-on-your-drive). Mailbox Mail also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/en/private/e-mail-article/ensuring-e-mails-are-sent-securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox Mail also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3.
-Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs, providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address.
+Mailbox Mail has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs, providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address.
 ## More Providers
@@ -185,7 +199,7 @@ These providers store your emails with zero-knowledge encryption, making them gr
 <div class="grid cards" markdown>
- ![Tuta logo](assets/img/email/tuta.svg#only-light){ .twemoji loading=lazy }![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ .twemoji loading=lazy } [Tuta](email.md#tuta)
+- ![Tuta logo](assets/img/email/tuta.svg#only-light){ .twemoji loading=lazy }![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ .twemoji loading=lazy } [Tuta](#tuta)
 </div>
@@ -229,7 +243,7 @@ Paid Tuta accounts can use either 15 or 30 aliases depending on their plan and u
 #### :material-information-outline:{ .pg-blue } Private Payment Methods
-Tuta only directly accepts credit cards and PayPal, however [**cryptocurrency**](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with ProxyStore.
+Tuta only directly accepts credit cards and PayPal, however you can use [**cryptocurrency**](cryptocurrency.md) to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with ProxyStore.
 #### :material-check:{ .pg-green } Account Security
@@ -1,5 +1,5 @@
 ---
-title: "File Sharing and Sync"
+title: File Sharing and Sync
 icon: material/share-variant
 description: Discover how to privately share your files between your devices, with your friends and family, or anonymously online.
 cover: file-sharing.webp
@@ -24,9 +24,9 @@ If you already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarde
 [:octicons-home-16: Homepage](https://send.vis.ee){ .md-button .md-button--primary }
 [:octicons-server-16:](https://github.com/timvisee/send-instances){ .card-link title="Public Instances"}
-[:octicons-info-16:](https://github.com/timvisee/send#readme){ .card-link title=Documentation}
+[:octicons-info-16:](https://github.com/timvisee/send#readme){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/timvisee/send){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://github.com/sponsors/timvisee){ .card-link title=Contribute }
+[:octicons-heart-16:](https://github.com/sponsors/timvisee){ .card-link title="Contribute" }
 </details>
@@ -48,7 +48,7 @@ ffsend upload --host https://send.vis.ee/ FILE
 [:octicons-home-16: Homepage](https://onionshare.org){ .md-button .md-button--primary }
 [:simple-torbrowser:](http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion){ .card-link title="Onion Service" }
-[:octicons-info-16:](https://docs.onionshare.org){ .card-link title=Documentation}
+[:octicons-info-16:](https://docs.onionshare.org){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/onionshare/onionshare){ .card-link title="Source Code" }
 <details class="downloads" markdown>
@@ -73,60 +73,8 @@ OnionShare provides the option to connect via [Tor bridges](https://docs.onionsh
 - Must be open-source software.
 - Must either have clients for Linux, macOS, and Windows; or have a web interface.
 ## FreedomBox
 <div class="admonition recommendation" markdown>
 ![FreedomBox logo](assets/img/file-sharing-sync/freedombox.svg){ align=right }
 **FreedomBox** is an operating system designed to be run on a [single-board computer (SBC)](https://en.wikipedia.org/wiki/Single-board_computer). The purpose is to make it easy to set up server applications that you might want to self-host.
 [:octicons-home-16: Homepage](https://freedombox.org){ .md-button .md-button--primary }
 [:octicons-info-16:](https://wiki.debian.org/FreedomBox/Manual){ .card-link title=Documentation}
 [:octicons-code-16:](https://salsa.debian.org/freedombox-team/freedombox){ .card-link title="Source Code" }
 [:octicons-heart-16:](https://freedomboxfoundation.org/donate){ .card-link title=Contribute }
 </details>
 </div>
 ## File Sync
 ### Nextcloud (Client-Server)
 <div class="admonition recommendation" markdown>
 ![Nextcloud logo](assets/img/document-collaboration/nextcloud.svg){ align=right }
 **Nextcloud** is a suite of free and open-source client-server software for creating your own file hosting services on a private server you control.
 [:octicons-home-16: Homepage](https://nextcloud.com){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://nextcloud.com/privacy){ .card-link title="Privacy Policy" }
 [:octicons-info-16:](https://nextcloud.com/support){ .card-link title=Documentation}
 [:octicons-code-16:](https://github.com/nextcloud){ .card-link title="Source Code" }
 [:octicons-heart-16:](https://nextcloud.com/contribute){ .card-link title=Contribute }
 <details class="downloads" markdown>
 <summary>Downloads</summary>
 - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.nextcloud.client)
 - [:simple-appstore: App Store](https://apps.apple.com/app/id1125420102)
 - [:simple-github: GitHub](https://github.com/nextcloud/android/releases)
 - [:fontawesome-brands-windows: Windows](https://nextcloud.com/install/#install-clients)
 - [:simple-apple: macOS](https://nextcloud.com/install/#install-clients)
 - [:simple-linux: Linux](https://nextcloud.com/install/#install-clients)
 </details>
 </div>
 <div class="admonition danger" markdown>
 <p class="admonition-title">Danger</p>
 We don't recommend using the [E2EE App](https://apps.nextcloud.com/apps/end_to_end_encryption) for Nextcloud as it may lead to data loss; it is highly experimental and not production quality.
 </div>
 ### Syncthing (P2P)
 <div class="admonition recommendation" markdown>
@@ -70,7 +70,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
 <div markdown>
 **Privacy Guides** has a dedicated [community](https://discuss.privacyguides.net) independently reviewing various *privacy tools* and services. Each of our recommendations comply with a strict set of criteria to ensure they provide the most value to most people, and provide the best balance of privacy, security, and convenience. As part of a non-profit **public charity**, Privacy Guides has strict **journalistic standards** and policies to ensure our recommendations are free of conflict of interest, and we do not partner with providers or affiliate programs that could sway our reviews and recommendations.
-[:material-heart:{.pg-red} Support Our Work](about/donate.md){ class="md-button md-button--primary" }
+[:material-heart:{.pg-red} Support Our Work](about/donate.md){ class="md-button md-button--primary" data-portal="signup" }
 </div>
@@ -11,40 +11,51 @@ cover: language-tools.webp
 Text inputted to grammar, spelling, and style checkers, as well as translation services, can contain sensitive information which may be stored on their servers for an indefinite amount of time and sold to third parties. The language tools listed on this page do not store your submitted text on a server and can be self-hosted and used offline for maximum control of your data.
-## LanguageTool
+## Grammar & Spelling
 ### LTeX
 <div class="admonition recommendation" markdown>
-![LanguageTool logo](assets/img/language-tools/languagetool.svg#only-light){ align=right }
+![LTeX logo](assets/img/language-tools/ltex.svg){ align=right }
 ![LanguageTool logo](assets/img/language-tools/languagetool-dark.svg#only-dark){ align=right }
-**LanguageTool** is a multilingual grammar, style, and spell checker that supports more than 20 languages. According to their privacy policy, they do not store any content sent to their service for review, but for higher assurance the software is [self-hostable](https://dev.languagetool.org/http-server).
+**LTeX** is a multilingual grammar, style, and spell checker that supports more than 20 languages. It uses the open-source [LanguageTool](https://languagetool.org) spell checker on the backend to check against not just dictionary spelling, but also thousands of grammar rules and stylistic errors.
-[:octicons-home-16: Homepage](https://languagetool.org){ .md-button .md-button--primary }
+**LTeX CLI** is a standalone command-line application which runs completely offline.
 [:octicons-eye-16:](https://languagetool.org/legal/privacy){ .card-link title="Privacy Policy" }
 [:octicons-info-16:](https://languagetooler.freshdesk.com/en/support/solutions){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/languagetool-org){ .card-link title="Source Code" }
-<details class="downloads" markdown>
+[:octicons-home-16: Homepage](https://valentjn.github.io/ltex){ .md-button .md-button--primary }
-<summary>Downloads</summary>
+[:octicons-info-16:](https://valentjn.github.io/ltex/index){ .card-link title="Documentation" }
-
+[:octicons-code-16:](https://github.com/valentjn/ltex-ls){ .card-link title="Source Code" }
 - [:simple-appstore: App Store](https://apps.apple.com/app/id1534275760)
 - [:fontawesome-brands-windows: Windows](https://languagetool.org/windows-desktop)
 - [:simple-apple: macOS](https://languagetool.org/mac-desktop)
 - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/languagetool)
 - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/oldceeleldhonbafppcapldpdifcinji)
 - [:fontawesome-brands-edge: Edge](https://microsoftedge.microsoft.com/addons/detail/hfjadhjooeceemgojogkhlppanjkbobc)
 - [:simple-safari: Safari](https://apps.apple.com/app/id1534275760)
 </details>
 </div>
-LanguageTool offers integration with a variety of [office suites](https://languagetool.org/services#text_editors) and [email clients](https://languagetool.org/services#mail_clients).
+LTeX comes in multiple forms which may suit different use cases. The LTeX CLI is a standalone, command-line application which runs completely offline. The LTeX extension offers integration with popular code editors and runs completely offline.
 ## Translation Tools
 ### LibreTranslate
 <div class="admonition recommendation" markdown>
 ![LibreTranslate logo](assets/img/language-tools/libretranslate.png){ align=right }
 **LibreTranslate** is a free and open-source machine translation web interface and API server. It uses [Argos Translate](https://github.com/argosopentech/argos-translate) models on the backend for translations.
 [:octicons-home-16: Homepage](https://libretranslate.com){ .md-button .md-button--primary }
 [:octicons-server-16:](https://github.com/LibreTranslate/LibreTranslate#mirrors){ .card-link title="Public Instances" }
 [:octicons-code-16:](https://github.com/LibreTranslate/LibreTranslate){ .card-link title="Source Code" }
 </div>
 You can use LibreTranslate through a number of public instances, with some that offer a [Tor](tor.md) onion service or an [I2P](alternative-networks.md#i2p-the-invisible-internet-project) eepsite. You can also host the software yourself for maximum control over the text submitted for translation.
 We use a self-hosted instance of LibreTranslate to automatically translate posts on our [forum](https://discuss.privacyguides.net) to multiple languages.
 We use the VSCode extension in our GitHub repository configuration to find any grammar and spelling errors on our website and in our articles.
 ## Criteria
 **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
 - Must be open source.
- Must be possible to self-host.
+- Must run completely offline.
@@ -164,7 +164,7 @@ This format is used to generate recommendation cards. Notably it is missing the
 ``` markdown title="Recommendation Card"
 <div class="admonition recommendation" markdown>
-![PhotoPrism logo](assets/img/photo-management/photoprism.svg){ align=right }
+![PhotoPrism logo](assets/img/self-hosting/photoprism.svg){ align=right }
 **PhotoPrism** is a self-hostable platform for managing photos. It supports album syncing and sharing as well as a variety of other [features](https://photoprism.app/features). It does not include end-to-end encryption, so it's best hosted on a server that you trust and is under your control.
@@ -173,13 +173,6 @@ This format is used to generate recommendation cards. Notably it is missing the
 [:octicons-info-16:](https://photoprism.app/kb){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/photoprism){ .card-link title="Source Code" }
 <details class="downloads" markdown>
 <summary>Downloads</summary>
 - [:simple-github: GitHub](https://github.com/photoprism)
 </details>
 </div>
 ```
@@ -187,7 +180,7 @@ This format is used to generate recommendation cards. Notably it is missing the
 <div class="admonition recommendation" markdown>
-![PhotoPrism logo](../assets/img/photo-management/photoprism.svg){ align=right }
+![PhotoPrism logo](../assets/img/self-hosting/photoprism.svg){ align=right }
 **PhotoPrism** is a self-hostable platform for managing photos. It supports album syncing and sharing as well as a variety of other [features](https://photoprism.app/features). It does not include end-to-end encryption, so it's best hosted on a server that you trust and is under your control.
@@ -196,13 +189,6 @@ This format is used to generate recommendation cards. Notably it is missing the
 [:octicons-info-16:](https://photoprism.app/kb){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/photoprism){ .card-link title="Source Code" }
 <details class="downloads" markdown>
 <summary>Downloads</summary>
 - [:simple-github: GitHub](https://github.com/photoprism)
 </details>
 </div>
 </div>
@@ -285,8 +285,6 @@ On iOS, any app that can browse the web is [restricted](https://developer.apple.
 ### Recommended Safari Configuration
 We would suggest installing [AdGuard](browser-extensions.md#adguard) if you want a content blocker in Safari.
 The following privacy/security-related options can be found in :gear: **Settings** → **Apps** → **Safari**.
 #### Allow Safari to Access
@@ -1,5 +1,5 @@
 ---
-title: "Mobile Phones"
+title: Mobile Phones
 icon: material/cellphone-check
 description: These mobile devices provide the best hardware security support for custom Android operating systems.
 cover: android.webp
@@ -43,7 +43,7 @@ End-of-life devices (such as GrapheneOS's "extended support" devices) do not hav
 </div>
-## Purchasing Advice
+## General Purchasing Advice
 When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
@@ -73,11 +73,15 @@ Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of
 </div>
-Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for *all* of those functions, resulting in a larger attack surface.
+### Hardware Security
 Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment (TEE) used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for *all* of those functions, resulting in a larger attack surface.
 Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
-The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
+The Pixel 8 series and later supports ARM's Memory Tagging Extension ([MTE](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension)), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. The stock Pixel OS allows you to enable MTE for supported apps through Google's Advanced Protection Program or via a developer option, but its usability is quite limited. [GrapheneOS](android/distributions.md#grapheneos), an alternative Android OS we recommend, greatly improves the usability and coverage of MTE in its implementation of the feature.
 ### Buying a Google Pixel
 A few more tips for purchasing a Google Pixel:
@@ -98,6 +102,8 @@ A few more tips for purchasing a Google Pixel:
    , meaning that the longer use of the device the lower cost per day.
 - If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
 The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
 ## Criteria
 **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
@@ -1,7 +1,7 @@
 ---
-title: "Multifactor Authentication"
+title: Multifactor Authentication
-icon: 'material/two-factor-authentication'
+icon: material/two-factor-authentication
-description: These tools assist you with securing your internet accounts with Multifactor Authentication without sending your secrets to a third-party.
+description: These tools assist you with securing your internet accounts with multifactor authentication without sending your secrets to a third-party.
 cover: multi-factor-authentication.webp
 ---
 <small>Protects against the following threat(s):</small>
@@ -15,7 +15,7 @@ cover: multi-factor-authentication.webp
 </div>
-**Multifactor Authentication Apps** implement a security standard adopted by the Internet Engineering Task Force (IETF) called **Time-based One-time Passwords**, or **TOTP**. This is a method where websites share a secret with you which is used by your authenticator app to generate a six (usually) digit code based on the current time, which you enter while logging in for the website to check. Typically, these codes are regenerated every 30 seconds, and once a new code is generated the old one becomes useless. Even if a hacker gets one six-digit code, there is no way for them to reverse that code to get the original secret or otherwise be able to predict what any future codes might be.
+**Multifactor authentication apps** implement a security standard adopted by the Internet Engineering Task Force (IETF) called **Time-based One-time Passwords**, or **TOTP**. This is a method where websites share a secret with you which is used by your authenticator app to generate a six (usually) digit code based on the current time, which you enter while logging in for the website to check. Typically, these codes are regenerated every 30 seconds, and once a new code is generated the old one becomes useless. Even if a hacker gets one six-digit code, there is no way for them to reverse that code to get the original secret or otherwise be able to predict what any future codes might be.
 We highly recommend that you use mobile TOTP apps instead of desktop alternatives as Android and iOS have better security and app isolation than most desktop operating systems.
@@ -29,7 +29,7 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative
 [:octicons-home-16: Homepage](https://ente.io/auth){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://ente.io/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://help.ente.io/auth){ .card-link title=Documentation}
+[:octicons-info-16:](https://help.ente.io/auth){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/ente-io/ente/tree/main/auth#readme){ .card-link title="Source Code" }
 <details class="downloads" markdown>
@@ -38,12 +38,14 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative
 - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=io.ente.auth)
 - [:simple-appstore: App Store](https://apps.apple.com/app/id6444121398)
 - [:simple-github: GitHub](https://github.com/ente-io/ente/releases?q=auth)
- [:octicons-globe-16: Web](https://auth.ente.io)
+- [:octicons-browser-16: Web](https://auth.ente.io)
 </details>
 </div>
 The server-side source code and infrastructure which underpins Ente Auth (if used with an online account) underwent an audit by [Cure53](https://ente.io/blog/cern-audit) in October 2025.
 ## Aegis Authenticator (Android)
 <div class="admonition recommendation" markdown>
@@ -54,9 +56,9 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative
 [:octicons-home-16: Homepage](https://getaegis.app){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://getaegis.app/aegis/privacy.html){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://github.com/beemdevelopment/Aegis/wiki){ .card-link title=Documentation}
+[:octicons-info-16:](https://github.com/beemdevelopment/Aegis/wiki){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/beemdevelopment/Aegis){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://buymeacoffee.com/beemdevelopment){ .card-link title=Contribute }
+[:octicons-heart-16:](https://buymeacoffee.com/beemdevelopment){ .card-link title="Contribute" }
 <details class="downloads" markdown>
 <summary>Downloads</summary>
@@ -68,11 +70,10 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative
 </div>
 <!-- markdownlint-disable-next-line -->
 ## Criteria
 **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
 - Source code must be publicly available.
 - Must not require internet connectivity.
- Cloud syncing must be optional, and (if available) sync functionality must be E2EE.
+- Cloud syncing must be optional; sync functionality, if available, must be E2EE.
@@ -142,6 +142,7 @@ The Advanced Protection Program provides enhanced threat monitoring and enables:
 - Not allowing app installation outside the Google Play Store, the OS vendor's app store, or via [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge)
 - Mandatory automatic device scanning with [Play Protect](https://support.google.com/googleplay/answer/2812853?#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work)
 - Warning you about unverified applications
 - Enabling ARM's hardware-based [Memory Tagging Extension (MTE)](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension) for supported apps, which lowers the likelihood of device exploits happening through memory corruption bugs
 ### Google Play System Updates
@@ -118,19 +118,9 @@ Additionally, some distributions will not download firmware updates automaticall
 ### Permission Controls
-Desktop environments (DEs) that support the [Wayland](https://wayland.freedesktop.org) display protocol are [more secure](https://lwn.net/Articles/589147) than those that only support X11. However, not all DEs take full advantage of Wayland's architectural security improvements.
+Desktop environments that support the [Wayland](https://wayland.freedesktop.org) display protocol are [more secure](https://lwn.net/Articles/589147) than those that only support X11. Moreover, we *generally* recommend installing and using applications which are sandboxed such as those obtained via **Flatpak**. Flatpak supports the [`security-context-v1`](https://github.com/flatpak/flatpak/pull/4920) protocol and the ability to filter D-Bus protocols, which allow Flatpak to properly identify apps for the purpose of sandboxing them through permission controls.[^1] Conversely, applications outside sandboxes are free to perform privileged actions such as capturing your screen, either by [overwriting the portal permission store](https://invent.kde.org/plasma/xdg-desktop-portal-kde/-/issues/7#note_1112260), or [making use of privileged Wayland protocols](https://github.com/swaywm/sway/pull/7648#issuecomment-2507730794).
-For example, GNOME has a notable edge in security compared to other DEs by implementing permission controls for third-party software that tries to [capture your screen](https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/3943). That is, when a third-party application attempts to capture your screen, you are prompted for your permission to share your screen with the app.
+[^1]: This exposes a reliable way for Wayland compositors to get identifying information about a client. Compositors can then apply security policies if desirable. [https://github.com/flatpak/flatpak/commit/f0e626a4b60439f211f06d35df74b675a9ef42f4](https://github.com/flatpak/flatpak/commit/f0e626a4b60439f211f06d35df74b675a9ef42f4)
 <figure markdown>
  ![Screenshot permissions](../assets/img/linux/screenshot_permission.png){ width="450" }
  <figcaption>GNOME's screenshot permission dialog</figcaption>
 </figure>
 Many alternatives don't provide these same permission controls yet,[^1] while some are waiting for Wayland to implement these controls upstream.[^2]
 [^1]: KDE currently has an open proposal to add controls for screen captures: <https://invent.kde.org/plasma/xdg-desktop-portal-kde/-/issues/7>
 [^2]: Sway is waiting to add specific security controls until they "know how security as a whole is going to play out" in Wayland: <https://github.com/swaywm/sway/issues/5118#issuecomment-600054496>
 ## Privacy Tweaks
@@ -138,9 +128,26 @@ Many alternatives don't provide these same permission controls yet,[^1] while so
 Many desktop Linux distributions (Fedora, openSUSE, etc.) come with [NetworkManager](https://en.wikipedia.org/wiki/NetworkManager) to configure Ethernet and Wi-Fi settings.
-It is possible to [randomize](https://fedoramagazine.org/randomize-mac-address-nm) the [MAC address](https://en.wikipedia.org/wiki/MAC_address) when using NetworkManager. This provides a bit more privacy on Wi-Fi networks as it makes it harder to track specific devices on the network you’re connected to. It does [**not**](https://papers.mathyvanhoef.com/wisec2016.pdf) make you anonymous.
+It is possible to randomize the [MAC address](https://en.wikipedia.org/wiki/MAC_address) when using NetworkManager. This provides a bit more privacy on Wi-Fi networks as it makes it harder to track specific devices on the network you’re connected to. It does [**not**](https://papers.mathyvanhoef.com/wisec2016.pdf) make you anonymous.
-We recommend changing the setting to **random** instead of **stable**, as suggested in the [article](https://fedoramagazine.org/randomize-mac-address-nm).
+In the terminal, create a new file `/etc/NetworkManager/conf.d/00-macrandomize.conf` and add the following to it:
 ```text
 [device]
 wifi.scan-rand-mac-address=yes
 [connection]
 wifi.cloned-mac-address=random
 ethernet.cloned-mac-address=random
 ```
 Then, restart NetworkManager:
 ```sh
 systemctl restart NetworkManager
 ```
 Optionally, changing the connection parameter from `random` to `stable` will give you a random MAC address *per network*, but keep it stable for that network when you reconnect to it later. Using `random` will give you a random MAC address *per connection*. This may be desirable for networks with captive portals or where you have a static DHCP assignment, at the expense of making you more identifiable by a single network operator you connect to multiple times.
 If you are using [systemd-networkd](https://en.wikipedia.org/wiki/Systemd#Ancillary_components), you will need to set [`MACAddressPolicy=random`](https://freedesktop.org/software/systemd/man/systemd.link.html#MACAddressPolicy=) which will enable [RFC 7844 (Anonymity Profiles for DHCP Clients)](https://freedesktop.org/software/systemd/man/systemd.network.html#Anonymize=).
@@ -45,7 +45,7 @@ There are a number of built-in settings you should confirm or change to harden y
 #### Bluetooth
- [ ] Uncheck **Bluetooth** (unless you are currently using it)
+- [ ] Turn off **Bluetooth** (unless you are currently using it)
 #### Network
@@ -55,23 +55,23 @@ Click on the "Details" button by your network name:
 - [x] Select **Rotating** under **Private Wi-Fi address**
- [x] Check **Limit IP address tracking**
+- [x] Turn on **Limit IP address tracking**
 ##### Firewall
 Your firewall blocks unwanted network connections. The stricter your firewall settings are, the more secure your Mac is. However, certain services will be blocked. You should configure your firewall to be as strict as you can without blocking services you use.
- [x] Check **Firewall**
+- [x] Turn on **Firewall**
 Click the **Options** button:
- [x] Check **Block all incoming connections**
+- [x] Turn on **Block all incoming connections**
 If this configuration is too strict, you can come back and uncheck this. However, macOS will typically prompt you to allow incoming connections for an app if the app requests it.
 #### General
-By default, your device name will be something like "[your name]'s iMac". Because this name is publicly broadcast on your network, you'll want to change your device name to something generic like "Mac".
+By default, your device name will be something like "[your name]'s iMac". Because this name is [publicly broadcast on your network](https://support.apple.com/guide/mac-help/change-computers-local-hostname-mac-mchlp2322/26/mac/26#:~:text=The%20local%20hostname%2C%20or%20local%20network%20name%2C%20is%20displayed%20at%20the%20bottom%20of%20the%20Sharing%20settings%20window.%20It%20identifies%20your%20Mac%20to%20Bonjour%2Dcompatible%20services.), you'll want to change your device name to something generic like "Mac".
 Click on **About** and type your desired device name into the **Name** field.
@@ -81,15 +81,37 @@ You should automatically install all available updates to make sure your Mac has
 Click the small :material-information-outline: icon next to **Automatic Updates**:
- [x] Check **Check for updates**
+- [x] Turn on **Download new updates when available**
- [x] Check **Download new updates when available**
+- [x] Turn on **Install macOS updates**
- [x] Check **Install macOS updates**
+- [x] Turn on **Install Security Responses and system files**
- [x] Check **Install application updates from the App Store**
+#### Apple Intelligence & Siri
- [x] Check **Install Security Responses and system files**
+If you do not use these features on macOS, you should disable them:
 - [ ] Turn off **Apple Intelligence**
 - [ ] Turn off **Siri**
 **[Apple Intelligence](https://apple.com/legal/privacy/data/en/intelligence-engine)** is only available if your device supports it. Apple Intelligence uses a combination of on-device processing and their [Private Cloud Compute](https://security.apple.com/blog/private-cloud-compute) for things that take more processing power than your device can provide.
 To see a report of all the data sent via Apple Intelligence, you can navigate to **Privacy & Security** → **Apple Intelligence Report** and press **Export Activity** to see activity from the either the last 15 minutes or 7 days, depending on what you set it for. Similar to the **App Privacy Report** which shows you the recent permissions accessed by the apps on your phone, the Apple Intelligence Report likewise shows what is being sent to Apple's servers while using Apple Intelligence.
 By default, ChatGPT integration is disabled. If you don't want ChatGPT integration anymore, you can navigate to **ChatGPT**:
 - [ ] Turn off **Use ChatGPT**
 You can also have it ask for confirmation every time if you leave ChatGPT integration on:
 - [x] Turn on **Confirm Requests**
 <div class="admonition warning" markdown>
 <p class="admonition-title">Warning</p>
 Any request made with ChatGPT will be sent to ChatGPT's servers, there is no on-device processing and no PCC like with Apple Intelligence.
 </div>
 #### Privacy & Security
@@ -99,25 +121,17 @@ Whenever an application requests a permission, it will show up here. You can dec
 You can individually allow location services per-app. If you don't need apps to use your location, turning off location services entirely is the most private option.
- [ ] Uncheck **Location Services**
+- [ ] Turn off **Location Services**
 ##### Analytics & Improvements
-Decide whether you want to share analytics data with Apple and developers.
+Decide whether you want to share analytics data with Apple and app developers.
 - [ ] Uncheck **Share Mac Analytics**
 - [ ] Uncheck **Improve Siri & Dictation**
 - [ ] Uncheck **Share with app developers**
 - [ ] Uncheck **Share iCloud Analytics** (visible if you are signed in to iCloud)
 ##### Apple Advertising
 Decide whether you want personalized ads based on your usage.
- [ ] Uncheck **Personalized Ads**
+- [ ] Turn off **Personalized Ads**
 ##### FileVault
@@ -129,19 +143,19 @@ On older Intel-based Mac computers, FileVault is the only form of disk encryptio
 ##### Lockdown Mode
-[Lockdown Mode](https://blog.privacyguides.org/2022/10/27/macos-ventura-privacy-security-updates/#lockdown-mode) disables some features in order to improve security. Some apps or features won't work the same way they do when it's off, for example, [JIT](https://hacks.mozilla.org/2017/02/a-crash-course-in-just-in-time-jit-compilers) and [WASM](https://developer.mozilla.org/docs/WebAssembly) are disabled in Safari with Lockdown Mode enabled. We recommend enabling Lockdown Mode and seeing whether it significantly impacts your usage, many of the changes it makes are easy to live with.
+**[Lockdown Mode](https://support.apple.com/guide/mac-help/lock-mac-targeted-a-cyberattack-ibrw66f4e191/mac)** disables some features in order to improve security. Some apps or features won't work the same way they do when it's off. For example, Javascript Just-In-Time ([JIT](https://hacks.mozilla.org/2017/02/a-crash-course-in-just-in-time-jit-compilers)) compilation and [WebAssembly](https://developer.mozilla.org/docs/WebAssembly) are disabled in Safari with Lockdown Mode enabled. We recommend enabling Lockdown Mode and seeing whether it significantly impacts daily usage.
 - [x] Click **Turn On**
 ### MAC Address Randomization
-macOS uses a randomized MAC address when performing Wi-Fi scans while disconnected from a network.
+macOS uses a randomized MAC address when [performing Wi-Fi scans](https://support.apple.com/guide/security/privacy-features-connecting-wireless-networks-secb9cb3140c/web) while disconnected from a network.
-You can set your MAC address to be randomized per network and rotate occasionally to prevent tracking between networks and on the same network over time.
+You can set your [MAC address to be randomized](https://support.apple.com/en-us/102509) per network and rotate occasionally to prevent tracking between networks and on the same network over time.
 Go to **System Settings** → **Network** → **Wi-Fi** → **Details** and set **Private Wi-Fi address** to either **Fixed** if you want a fixed but unique address for the network you're connected to, or **Rotating** if you want it to change over time.
-Consider changing your hostname as well, which is another device identifier that's broadcast on the network you're connected to. You may wish to set your hostname to something generic like "MacBook Air", "Laptop", "John's MacBook Pro", or "iPhone" in **System Settings** → **General** → **Sharing**. Some [privacy scripts](https://github.com/sunknudsen/privacy-guides/tree/master/how-to-spoof-mac-address-and-hostname-automatically-at-boot-on-macos#guide) allow you to easily generate hostnames with random names.
+Consider changing your hostname as well, which is another device identifier that's broadcast on the network you're connected to. You may wish to set your hostname to something generic like "MacBook Air", "Laptop", "John's MacBook Pro", or "iPhone" in **System Settings** → **General** → **Sharing**.
 ## Security Protections
@@ -152,19 +166,19 @@ macOS employs defense in depth by relying on multiple layers of software and har
 <div class="admonition warning" markdown>
 <p class="admonition-title">Warning</p>
-macOS allows you to install beta updates. These are unstable and may come with extra telemetry since they're for testing purposes. Because of this, we recommend you avoid beta software in general.
+macOS allows you to install beta updates. These are unstable and may come with [extra telemetry](https://beta.apple.com/privacy) since they're for testing purposes. Because of this, we recommend you avoid beta software in general.
 </div>
 #### Signed System Volume
-macOS's system components are protected in a read-only signed system volume, meaning that neither you nor malware can alter important system files.
+macOS's system components are protected in a read-only [signed system volume](https://support.apple.com/guide/security/signed-system-volume-security-secd698747c9/web), meaning that neither you nor malware can alter important system files.
 The system volume is verified while it's running and any data that's not signed with a valid cryptographic signature from Apple will be rejected.
 #### System Integrity Protection
-macOS sets certain security restrictions that can't be overridden. These are called Mandatory Access Controls, and they form the basis of the sandbox, parental controls, and System Integrity Protection on macOS.
+macOS sets certain security restrictions that can't be overridden. These are called [Mandatory Access Controls](https://support.apple.com/guide/security/system-integrity-protection-secb7ea06b49/1/web/1), and they form the basis of the sandbox, parental controls, and [System Integrity Protection](https://support.apple.com/en-us/102149) on macOS.
 System Integrity Protection makes critical file locations read-only to protect against modification from malicious code. This is on top of the hardware-based Kernel Integrity Protection that keeps the kernel from being modified in-memory.
@@ -172,7 +186,7 @@ System Integrity Protection makes critical file locations read-only to protect a
 ##### App Sandbox
-On macOS, whether an app is sandboxed is determined by the developer when they sign it. The App Sandbox protects against vulnerabilities in the apps you run by limiting what a malicious actor can access in the event that the app is exploited. The App Sandbox *alone* can't protect against [:material-package-variant-closed-remove: Supply Chain Attacks](../basics/common-threats.md#attacks-against-certain-organizations){ .pg-viridian } by malicious developers. For that, sandboxing needs to be enforced by someone other than the developer themselves, as it is on the App Store.
+On macOS, whether an app is sandboxed is determined by the developer when they sign it. The [App Sandbox](https://developer.apple.com/documentation/xcode/configuring-the-macos-app-sandbox) protects against vulnerabilities in the apps you run by limiting what a malicious actor can access in the event that the app is exploited. The App Sandbox *alone* can't protect against [:material-package-variant-closed-remove: Supply Chain Attacks](../basics/common-threats.md#attacks-against-certain-organizations){ .pg-viridian } by malicious developers. For that, sandboxing needs to be enforced by someone other than the developer themselves, as it is on the [App Store](https://support.apple.com/guide/security/gatekeeper-and-runtime-protection-sec5599b66df/1/web/1#:~:text=All%20apps%20from%20the%20App%20Store%20are%20sandboxed%20to%20restrict%20access%20to%20data%20stored%20by%20other%20apps.).
 <div class="admonition warning" markdown>
 <p class="admonition-title">Warning</p>
@@ -224,7 +238,7 @@ You can enable a column in Activity Monitor called "Restricted" which is a flag
 ##### Antivirus
-macOS comes with two forms of malware defense:
+macOS comes with two forms of [malware defense](https://support.apple.com/guide/security/protecting-against-malware-sec469d47bd8/1/web/1):
 1. Protection against launching malware in the first place is provided by the App Store's review process for App Store applications, or *Notarization* (part of *Gatekeeper*), a process where third-party apps are scanned for known malware by Apple before they are allowed to run. Apps are required to be signed by the developers using a key given to them by Apple. This ensures that you are running software from the real developers. Notarization also requires that developers enable the Hardened Runtime for their apps, which limits methods of exploitation.
 2. Protection against other malware and remediation from existing malware on your system is provided by *XProtect*, a more traditional antivirus software built-in to macOS.
@@ -233,7 +247,7 @@ We recommend against installing third-party antivirus software as they typically
 ##### Backups
-macOS comes with automatic backup software called [Time Machine](https://support.apple.com/HT201250), so you can create encrypted backups to an external drive or a network drive in the event of corrupted/deleted files.
+macOS comes with automatic backup software called [Time Machine](https://support.apple.com/HT201250), so you can create [encrypted backups](https://support.apple.com/guide/mac-help/keep-your-time-machine-backup-disk-secure-mh21241/mac) to an external drive or a network drive in the event of corrupted/deleted files.
 ### Hardware Security
@@ -241,21 +255,21 @@ Many modern security features in macOS—such as modern Secure Boot, hardware-le
 Some of these modern security features are available on older Intel-based Mac computers with the Apple T2 Security Chip, but that chip is susceptible to the *checkm8* exploit which could compromise its security.
-If you use Bluetooth accessories such as a keyboard, we recommend that you use official Apple ones as their firmware will automatically be updated for you by macOS. Using third party accessories is fine, but you should remember to install firmware updates for them regularly.
+If you use Bluetooth accessories such as a keyboard, we recommend that you use official Apple ones as their firmware will [automatically be updated](https://support.apple.com/en-us/120303#:~:text=Firmware%20updates%20are%20automatically%20delivered%20in%20the%20background%20while%20the%20Magic%20Keyboard%20is%20actively%20paired%20to%20a%20device%20running%20macOS%2C%20iOS%2C%20iPadOS%2C%20or%20tvOS.) for you by macOS. Using third party accessories is fine, but you should remember to install firmware updates for them regularly.
-Apple's SoCs focus on minimizing attack surface by relegating security functions to dedicated hardware with limited functionality.
+Apple's SoCs focus on [minimizing attack surface](https://support.apple.com/en-vn/guide/security/secf020d1074/web#:~:text=Security%2Dfocused%20hardware%20follows%20the%20principle%20of%20supporting%20limited%20and%20discretely%20defined%20functions%20to%20minimize%20attack%20surface.) by relegating security functions to dedicated hardware with limited functionality.
 #### Boot ROM
-macOS prevents malware persistence by only allowing official Apple software to run at boot time; this is known as secure boot. Mac computers verify this with a bit of read-only memory on the SoC called the boot ROM, which is laid down during the manufacturing of the chip.
+macOS prevents malware persistence by only allowing official Apple software to run at boot time; this is known as [secure boot](https://support.apple.com/en-vn/guide/security/secac71d5623/1/web/1). Mac computers verify this with a bit of read-only memory on the SoC called the [boot ROM](https://support.apple.com/en-vn/guide/security/aside/sec5240db956/1/web/1), which is [laid down during the manufacturing of the chip](https://support.apple.com/en-vn/guide/security/secf020d1074/1/web/1#:~:text=which%20is%20laid%20down%20during%20Apple%20SoC%20fabrication).
-The boot ROM forms the hardware root of trust. This ensures that malware cannot tamper with the boot process. When your Mac boots up, the boot ROM is the first thing that runs, forming the first link in the chain of trust.
+The boot ROM forms the hardware root of trust. This ensures that malware cannot tamper with the boot process, since the boot ROM is immutable. When your Mac boots up, the boot ROM is the first thing that runs, forming the first link in the chain of trust.
-Mac computers can be configured to boot in three security modes: *Full Security*, *Reduced Security*, and *Permissive Security*, with the default setting being Full Security. You should ideally be using Full Security mode and avoid things like **kernel extensions** that force you to lower your security mode. Make sure to [check](https://support.apple.com/guide/mac-help/change-security-settings-startup-disk-a-mac-mchl768f7291/mac) that you're using Full Security mode.
+Mac computers can be configured to boot in [three security modes](https://support.apple.com/guide/deployment/startup-security-dep5810e849c/web#dep32fb404e1): *Full Security*, *Reduced Security*, and *Permissive Security*, with the default setting being Full Security. You should ideally be using Full Security mode and avoid things like **[kernel extensions](https://support.apple.com/guide/deployment/system-extensions-in-macos-depa5fb8376f/web#dep51e097f45)** that force you to lower your security mode. Make sure to [check](https://support.apple.com/guide/mac-help/change-security-settings-startup-disk-a-mac-mchl768f7291/mac) that you're using Full Security mode.
 #### Secure Enclave
-The Secure Enclave is a security chip built into devices with Apple Silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
+The **[Secure Enclave](https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/web)** is a security chip built into devices with Apple Silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own [separate boot ROM](https://support.apple.com/en-vn/guide/security/sec59b0b31ff/web#sec43006c49f).
 You can think of the Secure Enclave as your device's security hub: it has an AES encryption engine and a mechanism to securely store your encryption keys, and it's separated from the rest of the system, so even if the main processor is compromised, it should still be safe.
@@ -263,17 +277,21 @@ You can think of the Secure Enclave as your device's security hub: it has an AES
 Apple's Touch ID feature allows you to securely unlock your devices using biometrics.
-Your biometric data never leaves your device; it's stored only in the Secure Enclave.
+Your biometric data [never leaves your device](https://www.apple.com/legal/privacy/data/en/touch-id/#:~:text=Touch%C2%A0ID%20data%20does%20not%20leave%20your%20device%2C%20and%20is%20never%20backed%20up%20to%20iCloud%20or%20anywhere%20else.); it's stored only in the Secure Enclave.
 #### Hardware Microphone Disconnect
-All laptops with Apple Silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
+All laptops with Apple Silicon or the T2 chip feature a [hardware disconnect](https://support.apple.com/guide/security/hardware-microphone-disconnect-secbbd20b00b/web) for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
 Note that the camera does not have a hardware disconnect, since its view is obscured when the lid is closed anyway.
 #### Secure Camera Indicator
 The built-in camera in a Mac is designed so that the camera can't turn on without the camera indicator light [also turning on](https://support.apple.com/en-us/102177#:~:text=The%20camera%20is%20engineered%20so%20that%20it%20can’t%20activate%20without%20the%20camera%20indicator%20light%20also%20turning%20on.%20This%20is%20how%20you%20can%20tell%20if%20your%20camera%20is%20on.).
 #### Peripheral Processor Security
-Computers have built-in processors other than the main CPU that handle things like networking, graphics, power management, etc. These processors can have insufficient security and become compromised, therefore Apple tries to minimize the need for these processors in their hardware.
+Computers have [built-in processors](https://support.apple.com/en-vn/guide/security/seca500d4f2b/1/web/1) other than the main CPU that handle things like networking, graphics, power management, etc. These processors can have insufficient security and become compromised, therefore Apple tries to minimize the need for these processors in their hardware.
 When it is necessary to use one of these processors, Apple works with the vendor to ensure that the processor
@@ -286,8 +304,8 @@ When it is necessary to use one of these processors, Apple works with the vendor
 #### Direct Memory Access Protections
-Apple Silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
+Apple Silicon separates each component that requires [direct memory access](https://support.apple.com/guide/security/direct-memory-access-protections-seca4960c2b5/1/web/1). For example, a Thunderbolt port can't access memory designated for the kernel.
-## Sources
+#### Terminal Secure Keyboard Entry
- [Apple Platform Security](https://support.apple.com/guide/security/welcome/web)
+Enable [Secure Keyboard Entry](https://support.apple.com/guide/terminal/use-secure-keyboard-entry-trml109/mac) to prevent other apps from detecting what you type in the terminal.
@@ -360,6 +360,35 @@ KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-se
 The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
 ### KeePassium (iOS & macOS)
 <div class="admonition recommendation" markdown>
 ![KeePassium logo](assets/img/password-management/keepassium.svg){ align=right }
 KeePassium is a commercial, open-source password manager made by KeePassium Labs that's compatible with other KeePass applications. It provides autofill support, passkey management, automatic two-way synchronization through [most cloud storage providers](https://support.keepassium.com/kb/sync), and more.
 [:material-star-box: Read our latest KeePassium review.](https://www.privacyguides.org/articles/2025/05/13/keepassium-review)
 [:octicons-home-16: Homepage](https://keepassium.com){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://keepassium.com/privacy/app){ .card-link title="Privacy Policy" }
 [:octicons-info-16:](https://support.keepassium.com){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/keepassium/KeePassium){ .card-link title="Source Code" }
 [:octicons-heart-16:](https://keepassium.com/donate){ .card-link title="Contribute" }
 <details class="downloads" markdown>
 <summary>Downloads</summary>
 - [:simple-appstore: App Store](https://apps.apple.com/us/app/id1435127111)
 </details>
 </div>
 KeePassium offers a [Premium version](https://keepassium.com/pricing) with additional features such as support for multiple databases, YubiKey support, and a password audit tool.
 KeePassium's iOS app has been [audited](https://cure53.de/pentest-report_keepassium.pdf) by Cure53 in October 2024, and all [issues](https://keepassium.com/blog/2024/11/independent-security-audit-complete) found in the audit were subsequently fixed.
 ### Gopass (CLI)
 <div class="admonition recommendation" markdown>
@@ -42,29 +42,7 @@ The free plan offers 10 GB of storage as long as you use the service at least o
 </div>
-Ente Photos underwent an audit by [Cure53](https://ente.io/blog/cryptography-audit) in March 2023 and by [Fallible](https://ente.io/reports/Fallible-Audit-Report-19-04-2023.pdf) in April 2023.
+The server-side source code and infrastructure which underpins Ente Photos underwent an audit by [Cure53](https://ente.io/blog/cern-audit) in October 2025. Previous audits were completed by [Cure53](https://ente.io/blog/cryptography-audit) in March 2023 and by [Fallible](https://ente.io/reports/Fallible-Audit-Report-19-04-2023.pdf) in April 2023.
 ## PhotoPrism
 <div class="admonition recommendation" markdown>
 ![PhotoPrism logo](assets/img/photo-management/photoprism.svg){ align=right }
 **PhotoPrism** is a self-hostable platform for managing photos. It supports album syncing and sharing as well as a variety of other [features](https://photoprism.app/features). It does not include E2EE, so it's best hosted on a server that you trust and is under your control.
 [:octicons-home-16: Homepage](https://photoprism.app){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://photoprism.app/privacy){ .card-link title="Privacy Policy" }
 [:octicons-info-16:](https://photoprism.app/kb){ .card-link title=Documentation}
 [:octicons-code-16:](https://github.com/photoprism){ .card-link title="Source Code" }
 <details class="downloads" markdown>
 <summary>Downloads</summary>
 - [:simple-github: GitHub](https://github.com/photoprism)
 </details>
 </div>
 ## Criteria
@@ -16,6 +16,8 @@ This privacy notice covers all Privacy Guides projects authorized and operated b
 Please note that when you make a donation to us on [donate.magicgrants.org](https://donate.magicgrants.org/privacyguides), MAGIC Grants has published a [separate privacy policy](https://donate.magicgrants.org/privacy) covering that platform.
 Additionally, when you browse or make a purchase on [shop.privacyguides.org](https://shop.privacyguides.org/), this is a third-party service provided by Fourthwall. Fourthwall has published a [separate privacy policy](https://shop.privacyguides.org/pages/privacy-policy) covering that platform.
 ## How does Privacy Guides collect data about me?
 Privacy Guides collects data about you:
@@ -24,8 +26,9 @@ Privacy Guides collects data about you:
 - When you create and use an account on our websites
 - When you post, send private messages, and otherwise participate in a community that Privacy Guides hosts
 - When you sign up for a mailing list, email notifications, or announcements
 - When you become a donating member
 - When you make a donation to us on GitHub Sponsors
- When you become a donating member and link your MAGIC Grants account to your Privacy Guides forum account
+- When you link your MAGIC Grants account to your Privacy Guides forum account
 - When you contribute to our website or other open-source projects
 - When you contact us
@@ -72,9 +75,9 @@ You may optionally provide additional details about your account, like your name
 Privacy Guides stores this account data as long as your account remains open.
-### Privacy Guides collects data about posts and other activity on our forum
+### Privacy Guides collects data about posts and other activity
-Privacy Guides collects the content of your posts, plus data about bookmarks, likes, and links you follow in order to share that data with others, through the forum. We also publish this activity to the public.
+Privacy Guides collects the content of your posts throughout our websites, plus data about bookmarks, likes, and links you follow in order to share that data with others. We also publish this activity to the public when you request it.
 Privacy Guides also collects data about private messages that you send through the forum. Privacy Guides makes private messages available to senders and their recipients, and also to forum moderators and administrators.
@@ -98,17 +101,29 @@ Privacy Guides uses this information to maintain the integrity of our website, s
 ### Privacy Guides collects data when you donate to us
 #### When you subscribe to a membership on privacyguides.org
 When you donate to us through our [membership program](#/portal), we collect your email address. Your payment information is also collected by our payment processor Stripe in order to facilitate the transaction. You can also optionally provide your name, which is used to personalize your experience, and can be removed or changed in your [profile settings](#/portal/account/profile) at any time.
 If your membership and newsletter subscription matches an email address associated with an account on our forum, we will link your membership status to your forum account. This allows you to receive special perks on the forum, such as a members-only title or flair, and access to members-only categories.
 If the Member title or Member flair is enabled on your forum profile, Privacy Guides will share your username and profile picture on our websites for the purposes of acknowledging your donation to the project. You may revoke this consent at any time by removing the title and flair from your public profile, and we will no longer share your donation status publicly. This will not affect your access to members-only benefits. It may take until the next website release for your data to be removed from public visibility.
 #### When you donate to us via GitHub Sponsors
 When you donate to us on GitHub Sponsors, we collect your GitHub username and profile picture. Your payment information is also collected by our subprocessors GitHub and Stripe in order to facilitate the transaction.
 If you choose to make your donation public during or after the checkout process on GitHub, Privacy Guides will share your username and profile picture on our websites for the purposes of fulfilling your request. You may revoke this consent at any time, and we will no longer share your donation status publicly. It may take until the next website release for your data to be removed from public visibility.
 #### When you subscribe to a membership or donate to us on donate.magicgrants.org
 When you donate to us on [donate.magicgrants.org](https://donate.magicgrants.org/privacyguides), a [separate privacy policy](https://donate.magicgrants.org/privacy) applies as noted at the beginning of this document.
 However, if you optionally link your `donate.magicgrants.org` account to your Privacy Guides forum account, our forum collects some personal data which is covered by this notice: namely your forum username and whether you have an active membership.
-We process that information in order to grant you special perks on the forum. Additionally, if you choose to make this status public by setting a members-only title or flair, we will share the status of your active membership on our websites.
+We process that information in order to grant you special perks on the forum. Additionally, if you choose to make this status public by setting a members-only title or flair, we will share the status of your active membership on our websites. You may revoke this consent at any time by removing the title and flair from your public profile, and we will no longer share your donation status publicly. This will not affect your access to members-only benefits. It may take until the next website release for your data to be removed from public visibility.
-This information is stored for as long as your membership is active, or until you unlink your forum and MAGIC Grants donation accounts in your profile settings. It may take until the next website release for your data to be fully removed from public visibility.
+This information is stored for as long as your membership is active, or until you unlink your forum and MAGIC Grants donation accounts in your profile settings.
 ### Privacy Guides collects data when you contact us
@@ -124,7 +139,16 @@ Our website uses Local Storage in your browser to store your color scheme prefer
 Our website also uses Session Storage to cache the current version number of this website and the number of stars/forks of our GitHub repository. This data is fetched once per session from GitHub, and is only used by client-side JavaScript to display that information at the top of each page.
-No locally stored data on this website is transmitted to Privacy Guides, and it can not be used to identify you.
+### The Privacy Guides website uses cookies
 Our website uses features from the open-source Ghost content management system to manage your membership experience, which uses the following cookies:
 | Name                  | Essential | Expires        | Purpose                                                                       |
 | --------------------- | --------- | -------------- | ----------------------------------------------------------------------------- |
 | ghost-members-ssr     | Yes       | 6 months       | used to identify your membership on the website                               |
 | ghost-members-ssr.sig | Yes       | 6 months       | used to validate your membership on the website                               |
 | __stripe_sid          | Yes       | 1 year         | [Stripe](#subprocessors-used-by-privacy-guides) allows online transactions without storing any credit card information |
 | __stripe_mid          | Yes       | 1 year         | [Stripe](#subprocessors-used-by-privacy-guides) allows online transactions without storing any credit card information |
 ### The Privacy Guides forum uses cookies
@@ -218,7 +242,7 @@ The lawful basis for our processing determines what rights are available to you
 | [Open source contributions](#privacy-guides-collects-data-about-open-source-contributors) | Email address, name, GitHub profile information, other information provided via Git | **Legitimate interest** | We have a legitimate interest in tracking the provenance of contributions to our open source projects to prevent abuse and ensure intellectual property rights are respected |
 | [Donations](#privacy-guides-collects-data-when-you-donate-to-us) | Payment information including billing address and email, GitHub profile information | **Legitimate interest** | We have a legitimate interest in processing this data to prevent payment abuse and fraud, and for facilitating your transaction |
 | [Donations](#privacy-guides-collects-data-when-you-donate-to-us) | GitHub profile information | **Consent** | We process this information to display your donation status publicly in accordance to your wishes |
-| [Donations](#privacy-guides-collects-data-when-you-donate-to-us) | Forum username and membership status | **Consent** | When you link your forum account to your MAGIC Grants donation account, you can optionally display your membership status to the public |
+| [Donations](#privacy-guides-collects-data-when-you-donate-to-us) | Forum username and membership status | **Consent** | When your membership is linked to your forum account, you can optionally display your membership status to the public |
 | [Contacting us](#privacy-guides-collects-data-when-you-contact-us) | Email address, mail server IP, message content | **Legitimate interest** | We have a legitimate interest in processing incoming email information to prevent spam and network abuse |
 | [Contacting us](#privacy-guides-collects-data-when-you-contact-us) | Email address, message headers and content | **Contract** | We store your messages and process your data in order to provide a response to your communication |
 | [Backups](#privacy-guides-makes-regular-backups-of-all-data) | All personal information we collect | **Legitimate interest** | We store complete backups to ensure organizational continuity and security for up to 30 days |
@@ -294,7 +318,8 @@ Privacy Guides uses the following subprocessors, and may share personal data wit
 | [GitHub](https://github.com) (USA) | Git Repositories | *For visitors to this website*: sharing information with our visitors about the current release, repo star count, etc. | USA | [Privacy Notice](https://docs.github.com/en/site-policy/privacy-policies/github-general-privacy-statement) |
 | [GitHub](https://github.com) (USA) | Git Repositories, Issues, Pull Requests | *For contributors to this website*: hosting our source code and communications platforms such as our issues tracker. | USA | [Privacy Notice](https://docs.github.com/en/site-policy/privacy-policies/github-general-privacy-statement) |
 | [GitHub](https://github.com) (USA) | [Sponsors](https://github.com/sponsors/privacyguides) | For collecting payments for gifts to Privacy Guides | USA | [Privacy Notice](https://docs.github.com/en/site-policy/privacy-policies/github-general-privacy-statement) |
-| [Stripe](https://stripe.com) (USA) | Connect | *For certain donations via GitHub Sponsors*: payment processing for donations | USA | [Privacy Notice](https://stripe.com/privacy), [GDPR Center](https://stripe.com/legal/privacy-center) |
+| [Mailgun](https://www.mailgun.com) (USA) | Email Delivery | For sending newsletters and other email messages to users | USA | [Privacy Notice](https://www.mailgun.com/privacy-policy), [GDPR Center](https://www.mailgun.com/gdpr) |
 | [Stripe](https://stripe.com) (USA) | Connect | Payment processing for donations | USA | [Privacy Notice](https://stripe.com/privacy), [GDPR Center](https://stripe.com/legal/privacy-center) |
 | [Triplebit](https://www.triplebit.org) (USA) | Object Storage | For hosting static websites and static media content, and distributing static content | USA, Poland | [Privacy Notice](https://www.triplebit.org/privacy) |
 | [Triplebit](https://www.triplebit.org) (USA) | [Umami Statistics](https://stats.triplebit.net/share/S80jBc50hxr5TquS/www.privacyguides.org) | For compiling aggregated statistics of our website visitor data based on server-side visitor info submissions | USA | [Privacy Notice](https://www.triplebit.org/privacy) |
 | [Triplebit](https://www.triplebit.org) (USA) | Virtual Private Servers | For hosting our dynamic websites, storing and processing personal data. | USA | [Privacy Notice](https://www.triplebit.org/privacy) |
@@ -313,7 +338,7 @@ For complaints under GDPR more generally, you always have the option to lodge co
 ## Where do I find out about changes?
-This version of Privacy Guides' privacy notice took effect on March 6, 2025.
+This version of Privacy Guides' privacy notice took effect on September 24, 2025.
 Privacy Guides will post the next version here: <https://www.privacyguides.org/en/privacy/>.
@@ -122,6 +122,7 @@ Both versions of Molly provide the same security improvements and support [repro
 - [:fontawesome-brands-windows: Windows](https://simplex.chat/downloads/#desktop-app)
 - [:simple-apple: macOS](https://simplex.chat/downloads/#desktop-app)
 - [:simple-linux: Linux](https://simplex.chat/downloads/#desktop-app)
 - [:simple-flathub: Flathub](https://flathub.org/en/apps/chat.simplex.simplex)
 </details>
@@ -23,8 +23,7 @@ Consider using a [VPN](vpn.md) or [Tor](tor.md) if your threat model requires hi
 |---|---|---|---|---|
 | [Brave Search](#brave-search) | [Independent](https://brave.com/search-independence) | :material-check:{ .pg-green } | Anonymized[^1] | United States |
 | [DuckDuckGo](#duckduckgo) | [Bing](https://help.duckduckgo.com/results/sources) | :material-check:{ .pg-green } | Anonymized[^2] | United States |
-| [Mullvad Leta](#mullvad-leta) | [Brave and Google](https://leta.mullvad.net/faq#what-can-leta-do) | :material-check:{ .pg-green } | Anonymized[^3] | Sweden |
+| [Startpage](#startpage) | [Google and Bing](https://support.startpage.com/hc/articles/4522435533844-What-is-the-relationship-between-Startpage-and-your-search-partners-like-Google-and-Microsoft-Bing) | :material-check:{ .pg-green } | Anonymized[^3] | Netherlands |
 | [Startpage](#startpage) | [Google and Bing](https://support.startpage.com/hc/articles/4522435533844-What-is-the-relationship-between-Startpage-and-your-search-partners-like-Google-and-Microsoft-Bing) | :material-check:{ .pg-green } | Anonymized[^4] | Netherlands |
 [^1]:
    Brave Search collects aggregated usage metrics, which includes the OS and the user agent. However, they do not collect PII. To serve [anonymous local results](https://search.brave.com/help/anonymous-local-results), IP addresses are temporarily processed, but are not retained.
@@ -35,10 +34,6 @@ Consider using a [VPN](vpn.md) or [Tor](tor.md) if your threat model requires hi
    DuckDuckGo Privacy Policy: [*We don't track you.*](https://duckduckgo.com/privacy)
 [^3]:
    Mullvad Leta logs your searches and stores them hashed with a secret in a RAM-based cache. The cache is removed after it reaches 30 days in age, or when the server-side Leta application is restarted. They do not collect any PII.
    Terms of Service: [*Service Usage*](https://leta.mullvad.net/terms-of-service)
 [^4]:
    Startpage logs details such as operating system, user agent, and language. They do not log your IP address, search queries, or other PII.
    Our Privacy Policy: [*How we have implemented truly anonymous analytics*](https://startpage.com/en/privacy-policy#section-4)
@@ -83,32 +78,6 @@ DuckDuckGo is the default search engine for the [Tor Browser](tor.md#tor-browser
 DuckDuckGo offers two [other versions](https://help.duckduckgo.com/features/non-javascript) of their search engine, both of which do not require JavaScript. These versions do lack features, however. These versions can also be used in conjunction with their Tor hidden address by appending [/lite](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/lite) or [/html](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/html) for the respective version.
 ### Mullvad Leta
 <div class="admonition recommendation" markdown>
 ![Mullvad logo](assets/img/vpn/mullvad.svg){ align=right }
 **Mullvad Leta** is a search engine developed by Mullvad. It uses a [shared cache](https://leta.mullvad.net/faq#what-is-cached-search) to fetch search results and limit calls to the search APIs it uses.
 Mullvad Leta currently only provides text search results. It is the default search engine for the [Mullvad Browser](desktop-browsers.md#mullvad-browser).
 [:octicons-home-16: Homepage](https://leta.mullvad.net){ .md-button .md-button--primary }
 [:simple-torbrowser:](http://uxngojcovdcyrmwkmkltyy2q7enzzvgv7vlqac64f2vl6hcrrqtlskqd.onion){ .card-link title="Onion Service" }
 [:octicons-eye-16:](https://leta.mullvad.net/terms-of-service){ .card-link title="Privacy Policy" }
 [:octicons-info-16:](https://leta.mullvad.net/faq){ .card-link title="Documentation" }
 </div>
 <div class="admonition tip" markdown>
 <p class="admonition-title">Tip</p>
 Mullvad Leta is useful if you want to disable JavaScript in your browser, such as [Mullvad Browser](desktop-browsers.md#mullvad-browser) on the Safest security level.
 </div>
 Mullvad Leta was [audited](https://mullvad.net/en/blog/security-audit-of-our-letamullvadnet-search-service) by Assured AB in March 2023. All issues were addressed and fixed shortly after the [report](https://assured.se/publications/Assured_Mullvad_Leta_pentest_report_2023.pdf).
 ### Startpage
 <div class="admonition recommendation" markdown>
@@ -1,5 +1,5 @@
 ---
-title: "Security Keys"
+title: Security Keys
 icon: material/key-chain
 description: These security keys provide a form of phishing-immune authentication for accounts that support it.
 cover: multi-factor-authentication.webp
@@ -9,7 +9,7 @@ cover: multi-factor-authentication.webp
 - [:material-target-account: Targeted Attacks](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red }
 - [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange }
-A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multifactor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
+A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the [FIDO2](basics/multi-factor-authentication.md#fido-fast-identity-online) security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multifactor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
 ## Yubico Security Key
@@ -19,7 +19,7 @@ A physical **security key** adds a very strong layer of protection to your onlin
  ![Security Key Series by Yubico](assets/img/security-keys/yubico-security-key.webp){ width="315" }
 </figure>
-The **Yubico Security Key** series is the most cost-effective hardware security key with FIDO Level 2 certification[^1]. It supports FIDO2/WebAuthn and FIDO U2F, and works out of the box with most services that support a security key as a second factor, as well as many password managers.
+The **Yubico Security Key** series is the most cost-effective hardware security key with FIDO Level 2 certification[^1]. It supports FIDO2/WebAuthn and FIDO Universal 2nd Factor (U2F), and works out of the box with most services that support a security key as a second factor, as well as many password managers.
 [:octicons-home-16: Homepage](https://yubico.com/products/security-key){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://yubico.com/support/terms-conditions/privacy-notice){ .card-link title="Privacy Policy" }
@@ -34,10 +34,10 @@ These keys are available in both USB-C and USB-A variants, and both options supp
 This key provides only basic FIDO2 functionality, but for most people that is all you will need. Some notable features the Security Key series does **not** have include:
 - [Yubico Authenticator](https://yubico.com/products/yubico-authenticator)
- CCID Smart Card support (PIV-compatibile)
+- CCID Smart Card support (PIV-compatible)
 - OpenPGP
-If you need any of those features, you should consider their higher-end [YubiKey](#yubikey) of products instead.
+If you need any of those features, you should consider their higher-end [YubiKey](#yubikey) series instead.
 <div class="admonition warning" markdown>
 <p class="admonition-title">Warning</p>
@@ -54,7 +54,7 @@ The firmware of Yubico's Security Keys is not updatable. If you want features in
  ![YubiKeys](assets/img/security-keys/yubikey.png){ width="400" }
 </figure>
-The **YubiKey** series from Yubico are among the most popular security keys with FIDO Level 2 Certification[^1]. The YubiKey 5 Series has a wide range of features such as [Universal 2nd Factor (U2F)](https://en.wikipedia.org/wiki/Universal_2nd_Factor), [FIDO2 and WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online), [Yubico OTP](basics/multi-factor-authentication.md#yubico-otp), [Personal Identity Verification (PIV)](https://developers.yubico.com/PIV), [OpenPGP](https://developers.yubico.com/PGP), and [TOTP and HOTP](https://developers.yubico.com/OATH) authentication.
+The **YubiKey** series from Yubico are among the most popular security keys with FIDO Level 2 Certification[^1]. The **YubiKey 5 Series** has a wide range of features such as FIDO2/WebAuthn and FIDO U2F, [TOTP and HOTP](https://developers.yubico.com/OATH) authentication, [Personal Identity Verification (PIV)](https://developers.yubico.com/PIV), and [OpenPGP](https://developers.yubico.com/PGP).
 [:octicons-home-16: Homepage](https://yubico.com/products/yubikey-5-overview){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://yubico.com/support/terms-conditions/privacy-notice){ .card-link title="Privacy Policy" }
@@ -68,7 +68,7 @@ The [comparison table](https://yubico.com/store/compare) shows how the YubiKeys
 YubiKeys can be programmed using the [YubiKey Manager](https://yubico.com/support/download/yubikey-manager) or [YubiKey Personalization Tools](https://yubico.com/support/download/yubikey-personalization-tools). For managing TOTP codes, you can use the [Yubico Authenticator](https://yubico.com/products/yubico-authenticator). All of Yubico's clients are open source.
-For models which support HOTP and TOTP, there are 2 slots in the OTP interface which could be used for HOTP and 32 slots to store TOTP secrets. These secrets are stored encrypted on the key and never exposed to the devices they are plugged into. Once a seed (shared secret) is given to the Yubico Authenticator, it will only give out the six-digit codes, but never the seed. This security model helps limit what an attacker can do if they compromise one of the devices running the Yubico Authenticator and make the YubiKey resistant to a physical attacker.
+For models which [support HOTP and TOTP](https://support.yubico.com/hc/articles/360013790319-How-many-accounts-can-I-register-my-YubiKey-with), the secrets are stored encrypted on the key and never exposed to the devices they are plugged into. Once a seed (shared secret) is given to the Yubico Authenticator, it will only give out the six-digit codes, but never the seed. This security model helps limit what an attacker can do if they compromise one of the devices running the Yubico Authenticator and make the YubiKey resistant to a physical attacker.
 <div class="admonition warning" markdown>
 <p class="admonition-title">Warning</p>
@@ -85,7 +85,7 @@ The firmware of YubiKey is not updatable. If you want features in newer firmware
  ![Nitrokey](assets/img/security-keys/nitrokey.jpg){ width="300" }
 </figure>
-The **Nitrokey 3A Mini** [has FIDO Authenticator Level 1 Certification](https://www.nitrokey.com/news/2024/nitrokey-3a-mini-receives-official-fido2-certification). The Nitrokey 3 Series in general has a wide range of features such as [Universal 2nd Factor (U2F)](https://en.wikipedia.org/wiki/Universal_2nd_Factor), [FIDO2 and WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online), Personal Identity Verification (PIV), OpenPGP, and TOTP and HOTP authentication.
+**Nitrokey** has a cost-effective security key capable of FIDO2/WebAuthn and FIDO U2F called the **Nitrokey Passkey**. For support for features such as PIV, OpenPGP, and TOTP and HOTP authentication, you need to purchase one of their other keys like the **Nitrokey 3**. Currently, only the **Nitrokey 3A Mini** has [FIDO Level 1 Certification](https://nitrokey.com/news/2024/nitrokey-3a-mini-receives-official-fido2-certification).
 [:octicons-home-16: Homepage](https://nitrokey.com){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://nitrokey.com/data-privacy-policy){ .card-link title="Privacy Policy" }
@@ -95,26 +95,14 @@ The **Nitrokey 3A Mini** [has FIDO Authenticator Level 1 Certification](https://
 </div>
-The [comparison table](https://nitrokey.com/products/nitrokeys) shows how the different Nitrokey models compare to each other in terms of features and other specifications.
+The [comparison table](https://nitrokey.com/products/nitrokeys#:~:text=The%20Nitrokey%20Family) shows how the different Nitrokey models compare to each other in terms of features and other specifications. Refer to Nitrokey's [documentation](https://docs.nitrokey.com/nitrokeys/features) for more details about the features available on your Nitrokey.
 Nitrokey models can be configured using the [Nitrokey app](https://nitrokey.com/download).
 The Nitrokey 3 Series can act as a password manager. They can store up to 50 different entries, and each entry can contain login, password, comment and OTP.
 <div class="admonition warning" markdown>
 <p class="admonition-title">Warning</p>
-Excluding the Nitrokey 3, Nitrokeys with HOTP and TOTP storage do not have it encrypted, making them vulnerable to physical attacks.
+Excluding the Nitrokey 3, Nitrokeys which support HOTP and TOTP do not have encrypted storage, making them vulnerable to physical attacks.
 </div>
 **Nitrokey** also has the **Nitrokey Passkey**, a lower-price security key capable of [FIDO2 and WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online). This key provides only basic FIDO2 functionality, but for most people that is all you will need. Some notable features the Security Key series does **not** have include:
 - Password Manager
 - PIV
 - OpenPGP
 - Tamper-resistant smart card
 - TOTP and HOTP
 </div>
@@ -0,0 +1,81 @@
 ---
 title: File Management
 meta_title: "Self-Hosting File Management Tools - Privacy Guides"
 icon: material/file-multiple-outline
 description: For our more technical readers, self-hosting file management tools can provide additional privacy assurances by having maximum control over your data.
 cover: cloud.webp
 ---
 <small>Protects against the following threat(s):</small>
 - [:material-server-network: Service Providers](../basics/common-threats.md#privacy-from-service-providers){ .pg-teal }
 Self-hosting your own **file management** tools may be a good idea to reduce the risk of encryption flaws in a cloud provider's native clients.
 ## Photo Management
 ### PhotoPrism
 <div class="admonition recommendation" markdown>
 ![PhotoPrism logo](../assets/img/self-hosting/photoprism.svg){ align=right }
 **PhotoPrism** is a platform for managing photos. It supports album syncing and sharing as well as a variety of other [features](https://photoprism.app/features). It does not include end-to-end encryption, so it's best hosted on a server that you trust and is under your control.
 [:octicons-home-16: Homepage](https://photoprism.app){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://photoprism.app/privacy){ .card-link title="Privacy Policy" }
 [:octicons-info-16:](https://photoprism.app/kb){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/photoprism){ .card-link title="Source Code" }
 </div>
 ## File Sharing and Sync
 ### FreedomBox
 <div class="admonition recommendation" markdown>
 ![FreedomBox logo](../assets/img/self-hosting/freedombox.svg){ align=right }
 **FreedomBox** is an operating system designed to be run on a [single-board computer (SBC)](https://en.wikipedia.org/wiki/Single-board_computer). The purpose is to make it easy to set up server applications for use cases like sharing files.
 [:octicons-home-16: Homepage](https://freedombox.org){ .md-button .md-button--primary }
 [:octicons-info-16:](https://wiki.debian.org/FreedomBox/Manual){ .card-link title="Documentation" }
 [:octicons-code-16:](https://salsa.debian.org/freedombox-team/freedombox){ .card-link title="Source Code" }
 [:octicons-heart-16:](https://freedomboxfoundation.org/donate){ .card-link title="Contribute" }
 </div>
 ### Nextcloud
 <div class="admonition recommendation" markdown>
 ![Nextcloud logo](../assets/img/self-hosting/nextcloud.svg){ align=right }
 **Nextcloud** is a suite of free and open-source client-server software for creating your own file hosting services on a private server you control.
 [:octicons-home-16: Homepage](https://nextcloud.com){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://nextcloud.com/privacy){ .card-link title="Privacy Policy" }
 [:octicons-info-16:](https://nextcloud.com/support){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/nextcloud){ .card-link title="Source Code" }
 [:octicons-heart-16:](https://nextcloud.com/contribute){ .card-link title="Contribute" }
 <details class="downloads" markdown>
 <summary>Downloads</summary>
 - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.nextcloud.client)
 - [:simple-appstore: App Store](https://apps.apple.com/app/id1125420102)
 - [:simple-github: GitHub](https://github.com/nextcloud/android/releases)
 - [:fontawesome-brands-windows: Windows](https://nextcloud.com/install/#install-clients)
 - [:simple-apple: macOS](https://nextcloud.com/install/#install-clients)
 - [:simple-linux: Linux](https://nextcloud.com/install/#install-clients)
 </details>
 </div>
 <div class="admonition danger" markdown>
 <p class="admonition-title">Danger</p>
 We don't recommend using the [E2EE App](https://apps.nextcloud.com/apps/end_to_end_encryption) for Nextcloud as it may lead to data loss; it is highly experimental and not production quality. For this reason, we don't recommend third-party Nextcloud providers.
 </div>
@@ -12,6 +12,17 @@ cover: router.webp
 Self-hosting your own solutions requires advanced technical knowledge and a deep understanding of the associated risks. By becoming the host for yourself and possibly others, you take on responsibilities you might not otherwise have. Self-hosting privacy software improperly can leave you worse off than using e.g. an end-to-end encrypted service provider, so it is best avoided if you are not already comfortable doing so.
 ## :material-dns: DNS Filtering
 <div class="grid cards" markdown>
 - ![AdGuard Home logo](../assets/img/self-hosting/adguard-home.svg){ .twemoji loading=lazy } [AdGuard Home](dns-filtering.md#adguard-home)
 - ![Pi-Hole logo](../assets/img/self-hosting/pi-hole.svg){ .twemoji loading=lazy } [Pi-Hole](dns-filtering.md#pi-hole)
 </div>
 [Learn more :material-arrow-right-drop-circle:](dns-filtering.md)
 ## :material-email: Email Servers
 <div class="grid cards" markdown>
@@ -24,16 +35,17 @@ Self-hosting your own solutions requires advanced technical knowledge and a deep
 [Learn more :material-arrow-right-drop-circle:](email-servers.md)
-## :material-dns: DNS Filtering
+## :material-file-multiple-outline: File Management
 <div class="grid cards" markdown>
- ![AdGuard Home logo](../assets/img/self-hosting/adguard-home.svg){ .twemoji loading=lazy } [AdGuard Home](dns-filtering.md#adguard-home)
+- ![PhotoPrism logo](../assets/img/self-hosting/photoprism.svg){ .twemoji loading=lazy } [PhotoPrism](file-management.md#photoprism)
- ![Pi-Hole logo](../assets/img/self-hosting/pi-hole.svg){ .twemoji loading=lazy } [Pi-Hole](dns-filtering.md#pi-hole)
+- ![FreedomBox logo](../assets/img/self-hosting/freedombox.svg){ .twemoji loading=lazy } [FreedomBox](file-management.md#freedombox)
 - ![Nextcloud logo](../assets/img/self-hosting/nextcloud.svg){ .twemoji loading=lazy } [Nextcloud](file-management.md#nextcloud)
 </div>
-[Learn more :material-arrow-right-drop-circle:](dns-filtering.md)
+[Learn more :material-arrow-right-drop-circle:](file-management.md)
 ## :material-form-textbox-password: Password Management
@@ -131,6 +143,14 @@ Tool recommendations in other categories of the website also provide a self-host
 <div class="grid cards" markdown>
 - ![Peergos logo](../assets/img/cloud/peergos.svg){ .twemoji } [**Peergos**](../cloud.md#peergos)
    ---
    [:octicons-home-16:](https://peergos.org){ .card-link title="Homepage" }
    [:octicons-info-16:](https://github.com/peergos/peergos#usage---running-locally-to-log-in-to-another-instance){ .card-link title="Admin Documentation" }
    [:octicons-code-16:](https://github.com/Peergos/Peergos){ .card-link title="Source Code" }
 - ![Addy.io logo](../assets/img/email-aliasing/addy.svg){ .twemoji } [**Addy.io**](../email-aliasing.md#addyio)
    ---
@@ -147,6 +167,14 @@ Tool recommendations in other categories of the website also provide a self-host
    [:octicons-info-16:](https://github.com/simple-login/app#prerequisites){ .card-link title="Admin Documentation" }
    [:octicons-code-16:](https://github.com/simple-login){ .card-link title="Source Code" }
 - ![Ente logo](../assets/img/photo-management/ente.svg){ .twemoji } [**Ente Photos**](../photo-management.md#ente-photos)
    ---
    [:octicons-home-16:](https://ente.io){ .card-link title="Homepage" }
    [:octicons-info-16:](https://help.ente.io/self-hosting){ .card-link title="Admin Documentation" }
    [:octicons-code-16:](https://github.com/ente-io/ente){ .card-link title="Source Code" }
 - ![CryptPad logo](../assets/img/document-collaboration/cryptpad.svg){ .twemoji } [**CryptPad**](../document-collaboration.md#cryptpad)
    ---
@@ -155,6 +183,22 @@ Tool recommendations in other categories of the website also provide a self-host
    [:octicons-info-16:](https://docs.cryptpad.org/en/admin_guide/index.html){ .card-link title="Admin Documentation" }
    [:octicons-code-16:](https://github.com/xwiki-labs/cryptpad){ .card-link title="Source Code" }
 - ![Send logo](../assets/img/file-sharing-sync/send.svg){ .twemoji } [**Send**](../file-sharing.md#send)
    ---
    [:octicons-home-16:](https://send.vis.ee){ .card-link title="Homepage" }
    [:octicons-info-16:](https://github.com/timvisee/send/blob/master/docs/deployment.md){ .card-link title="Admin Documentation" }
    [:octicons-code-16:](https://github.com/timvisee/send){ .card-link title="Source Code" }
 - ![LibreTranslate logo](../assets/img/language-tools/libretranslate.png){ .twemoji } [**LibreTranslate**](../language-tools.md#libretranslate)
    ---
    [:octicons-home-16:](https://libretranslate.com){ .card-link title="Homepage" }
    [:octicons-info-16:](https://docs.libretranslate.com){ .card-link title="Admin Documentation" }
    [:octicons-code-16:](https://github.com/LibreTranslate/LibreTranslate){ .card-link title="Source Code" }
 - ![Miniflux logo](../assets/img/news-aggregators/miniflux.svg#only-light){ .twemoji }![Miniflux logo](../assets/img/news-aggregators/miniflux-dark.svg#only-dark){ .twemoji } [**Miniflux**](../news-aggregators.md#miniflux)
    ---
@@ -127,9 +127,9 @@ If you used our recommended configuration settings above, you should be posting
 <details class="downloads" markdown>
 <summary>Downloads</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=im.vector.app)
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=io.element.android.x)
- [:simple-appstore: App Store](https://apps.apple.com/app/id1083446067)
+- [:simple-appstore: App Store](https://apps.apple.com/app/id1631335820)
- [:simple-github: GitHub](https://github.com/element-hq/element-android/releases)
+- [:simple-github: GitHub](https://github.com/element-hq/element-x-android/releases)
 - [:fontawesome-brands-windows: Windows](https://element.io/download)
 - [:simple-apple: macOS](https://element.io/download)
 - [:simple-linux: Linux](https://element.io/download)
@@ -205,13 +205,13 @@ If you're looking for added **security**, you should always ensure you're connec
    [Read Full Review :material-arrow-right-drop-circle:](email.md#proton-mail)
- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .lg .middle .twemoji } **Mailbox.org**
+- ![Mailbox Mail logo](assets/img/email/mailbox-mail.svg){ .lg .middle .twemoji } **Mailbox Mail**
    ---
-    Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2 GB storage, which can be upgraded as needed.
+    Mailbox Mail (formerly *Mailbox.org*) is an email service with a focus on being secure, ad-free, and powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox Mail is based in Berlin, Germany. Accounts start with up to 2 GB storage, which can be upgraded as needed.
-    [Read Full Review :material-arrow-right-drop-circle:](email.md#mailboxorg)
+    [Read Full Review :material-arrow-right-drop-circle:](email.md#mailbox-mail)
 - ![Tuta logo](assets/img/email/tuta.svg#only-light){ .lg .middle .twemoji }![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ .lg .middle .twemoji } **Tuta**
@@ -327,7 +327,6 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 <div class="grid cards" markdown>
 - ![Ente logo](assets/img/photo-management/ente.svg){ .twemoji loading=lazy } [Ente Photos](photo-management.md#ente-photos)
 - ![PhotoPrism logo](assets/img/photo-management/photoprism.svg){ .twemoji loading=lazy } [PhotoPrism](photo-management.md#photoprism)
 </div>
@@ -339,7 +338,6 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 - ![Brave Search logo](assets/img/search-engines/brave-search.svg){ .twemoji loading=lazy } [Brave Search](search-engines.md#brave-search)
 - ![DuckDuckGo logo](assets/img/search-engines/duckduckgo.svg){ .twemoji loading=lazy } [DuckDuckGo](search-engines.md#duckduckgo)
 - ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji loading=lazy } [Mullvad Leta](search-engines.md#mullvad-leta)
 - ![SearXNG logo](assets/img/search-engines/searxng.svg){ .twemoji loading=lazy } [SearXNG](search-engines.md#searxng)
 - ![Startpage logo](assets/img/search-engines/startpage.svg#only-light){ .twemoji loading=lazy }![Startpage logo](assets/img/search-engines/startpage-dark.svg#only-dark){ .twemoji loading=lazy } [Startpage](search-engines.md#startpage)
@@ -398,7 +396,6 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 <div class="grid cards" markdown>
 - ![Nextcloud logo](assets/img/document-collaboration/nextcloud.svg){ .twemoji loading=lazy } [Nextcloud (Self-Hostable)](document-collaboration.md#nextcloud)
 - ![CryptPad logo](assets/img/document-collaboration/cryptpad.svg){ .twemoji loading=lazy } [CryptPad](document-collaboration.md#cryptpad)
 </div>
@@ -448,8 +445,6 @@ For encrypting your OS drive, we typically recommend using the encryption tool y
 - ![Send logo](assets/img/file-sharing-sync/send.svg){ .twemoji loading=lazy } [Send](file-sharing.md#send)
 - ![OnionShare logo](assets/img/file-sharing-sync/onionshare.svg){ .twemoji loading=lazy } [OnionShare](file-sharing.md#onionshare)
 - ![FreedomBox logo](assets/img/file-sharing-sync/freedombox.svg){ .twemoji loading=lazy } [FreedomBox](file-sharing.md#freedombox)
 - ![Nextcloud logo](assets/img/document-collaboration/nextcloud.svg){ .twemoji loading=lazy } [Nextcloud (Self-Hostable)](file-sharing.md#nextcloud-client-server)
 - ![Syncthing logo](assets/img/file-sharing-sync/syncthing.svg){ .twemoji loading=lazy } [Syncthing](file-sharing.md#syncthing-p2p)
 </div>
@@ -492,7 +487,8 @@ For encrypting your OS drive, we typically recommend using the encryption tool y
 <div class="grid cards" markdown>
- ![LanguageTool logo](assets/img/language-tools/languagetool.svg#only-light){ .twemoji loading=lazy }![LanguageTool logo](assets/img/language-tools/languagetool-dark.svg#only-dark){ .twemoji loading=lazy } [LanguageTool](language-tools.md#languagetool)
+- ![LTeX logo](assets/img/language-tools/ltex.svg){ .twemoji loading=lazy } [LTeX](language-tools.md#ltex)
 - ![LibreTranslate logo](assets/img/language-tools/libretranslate.png){ .twemoji } [LibreTranslate](language-tools.md#libretranslate)
 </div>
@@ -572,6 +568,7 @@ For encrypting your OS drive, we typically recommend using the encryption tool y
 - ![Psono logo](assets/img/password-management/psono.svg){ .twemoji loading=lazy } [Psono](passwords.md#psono)
 - ![KeePassXC logo](assets/img/password-management/keepassxc.svg){ .twemoji loading=lazy } [KeePassXC](passwords.md#keepassxc)
 - ![KeePassDX logo](assets/img/password-management/keepassdx.svg){ .twemoji loading=lazy } [KeePassDX (Android)](passwords.md#keepassdx-android)
 - ![KeePassium logo](assets/img/password-management/keepassium.svg){ .twemoji loading=lazy } [KeePassium (iOS & macOS)](passwords.md#keepassium-ios-macos)
 - ![Gopass logo](assets/img/password-management/gopass.svg){ .twemoji loading=lazy } [Gopass (CLI)](passwords.md#gopass-cli)
 </div>
@@ -1,12 +1,13 @@
 ---
 meta_title: "Private VPN Service Recommendations and Comparison, No Sponsors or Ads - Privacy Guides"
-title: "VPN Services"
+title: VPN Services
 icon: material/vpn
 description: The best VPN services for protecting your privacy and security online. Find a provider here that isn't out to spy on you.
 cover: vpn.webp
 global:
- - [randomize-element, "table tbody"]
+  - [randomize-element, "table tbody"]
 ---
 <small>Protects against the following threat(s):</small>
 - [:material-account-cash: Surveillance Capitalism](basics/common-threats.md#surveillance-as-a-business-model){ .pg-brown }
@@ -20,7 +21,7 @@ Using a VPN will **not** keep your browsing habits anonymous, nor will it add ad
 If you are looking for **anonymity**, you should use the Tor Browser. If you're looking for added **security**, you should always ensure you're connecting to websites using HTTPS. A VPN is not a replacement for good security practices.
-[Download Tor](https://torproject.org){ .md-button .md-button--primary } [Tor Myths & FAQ](advanced/tor-overview.md){ .md-button }
+[Introduction to the Tor Browser](tor.md#tor-browser){ .md-button .md-button--primary } [Tor Myths & FAQ](advanced/tor-overview.md){ .md-button }
 </div>
@@ -30,11 +31,11 @@ If you are looking for **anonymity**, you should use the Tor Browser. If you're
 Our recommended providers use encryption, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#criteria) for more information.
-| Provider | Countries | WireGuard | Port Forwarding | IPv6 | Anonymous Payments
+| Provider | Countries | WireGuard | Port Forwarding | IPv6 | Anonymous Payments |
-|---|---|---|---|---|---
+|---|---|---|---|---|---|
-| [Proton](#proton-vpn) | 112+ | :material-check:{ .pg-green } | :material-alert-outline:{ .pg-orange } Partial Support | :material-information-outline:{ .pg-blue } Limited Support | Cash
+| [Proton](#proton-vpn) | 127+ | :material-check:{ .pg-green } | :material-alert-outline:{ .pg-orange } Partial Support | :material-information-outline:{ .pg-blue } Limited Support | Cash  Monero via third party |
-| [IVPN](#ivpn) | 37+ | :material-check:{ .pg-green } | :material-alert-outline:{ .pg-orange } | :material-information-outline:{ .pg-blue } Outgoing Only | Monero, Cash
+| [IVPN](#ivpn) | 41+ | :material-check:{ .pg-green } | :material-alert-outline:{ .pg-orange } | :material-information-outline:{ .pg-blue } Outgoing Only | Monero  Cash |
-| [Mullvad](#mullvad) | 49+ | :material-check:{ .pg-green } | :material-alert-outline:{ .pg-orange } | :material-check:{ .pg-green } | Monero, Cash
+| [Mullvad](#mullvad) | 49+ | :material-check:{ .pg-green } | :material-alert-outline:{ .pg-orange } | :material-check:{ .pg-green } | Monero  Cash |
 ### Proton VPN
@@ -46,7 +47,7 @@ Our recommended providers use encryption, support WireGuard & OpenVPN, and have
 [:octicons-home-16: Homepage](https://protonvpn.com){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://protonvpn.com/support){ .card-link title=Documentation}
+[:octicons-info-16:](https://protonvpn.com/support){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" }
 <details class="downloads" markdown>
@@ -63,18 +64,21 @@ Our recommended providers use encryption, support WireGuard & OpenVPN, and have
 </div>
-#### :material-check:{ .pg-green } 112 Countries
+#### :material-check:{ .pg-green } 127 Countries
-Proton VPN has [servers in 112 countries](https://protonvpn.com/vpn-servers) or [5](https://protonvpn.com/support/how-to-create-free-vpn-account) if you use their [free plan](https://protonvpn.com/free-vpn/server).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
+Proton VPN has [servers in 127 countries](https://protonvpn.com/vpn-servers)(1) or [10](https://protonvpn.com/support/how-to-create-free-vpn-account) if you use their [free plan](https://protonvpn.com/blog/product-roadmap-winter-2025-2026).(2) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
 { .annotate }
-1. Last checked: 2024-08-06
+1. Of which at least 71 are virtual servers, meaning your IP will appear from the country but the server is in another. 12 more locations have both hardware and virtual servers. [Source](https://protonvpn.com/support/how-smart-routing-works)
 2. Last checked: 2025-10-28
 We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).
 #### :material-check:{ .pg-green } Independently Audited
-As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com).
+Independent security researcher Ruben Santamarta conducted audits for Proton VPN's [browser extensions](https://drive.proton.me/urls/RWDD2SHT98#v7ZrwNcafkG8) and [apps](https://drive.proton.me/urls/RVW8TXG484#uTXX5Fc9GADo) in September 2024 and January 2025, respectively. Proton VPN's infrastrcture has undergone [annual audits](https://protonvpn.com/blog/no-logs-audit) by Securitum since 2022.
 Previously, Proton VPN underwent an independent audit by SEC Consult in January 2020. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform in their dedicated [blog post](https://web.archive.org/web/20250307041036/https://protonvpn.com/blog/open-source) on the audit.
 #### :material-check:{ .pg-green } Open-Source Clients
@@ -82,7 +86,7 @@ Proton VPN provides the source code for their desktop and mobile clients in thei
 #### :material-check:{ .pg-green } Accepts Cash
-Proton VPN, in addition to accepting credit/debit cards, PayPal, and [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), also accepts **cash/local currency** as an anonymous form of payment.
+Proton VPN, in addition to accepting credit/debit cards, PayPal, and [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), also accepts **cash/local currency** as an anonymous form of payment. You can also use [**Monero**](cryptocurrency.md#monero) to purchase vouchers for Proton VPN Plus and Proton Unlimited via their [official](https://discuss.privacyguides.net/t/add-monero-as-an-anonymous-payment-method-for-proton-services/31058/15) reseller [ProxyStore](https://dys2p.com/en/2025-09-09-proton.html).
 #### :material-check:{ .pg-green } WireGuard Support
@@ -135,7 +139,7 @@ System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-swit
 [:octicons-home-16: Homepage](https://ivpn.net){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://ivpn.net/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://ivpn.net/knowledgebase/general){ .card-link title=Documentation}
+[:octicons-info-16:](https://ivpn.net/knowledgebase/general){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/ivpn){ .card-link title="Source Code" }
 <details class="downloads" markdown>
@@ -153,12 +157,12 @@ System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-swit
 </div>
-#### :material-check:{ .pg-green } 37 Countries
+#### :material-check:{ .pg-green } 41 Countries
-IVPN has [servers in 37 countries](https://ivpn.net/status).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
+IVPN has [servers in 41 countries](https://ivpn.net/status).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
 { .annotate }
-1. Last checked: 2024-08-06
+1. Last checked: 2025-10-28
 We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).
@@ -172,7 +176,7 @@ As of February 2020 [IVPN applications are now open source](https://ivpn.net/blo
 #### :material-check:{ .pg-green } Accepts Cash and Monero
-In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. Prepaid cards with redeem codes are [also available](https://ivpn.net/knowledgebase/billing/voucher-cards-faq).
+In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. You can also purchase [prepaid cards](https://ivpn.net/knowledgebase/billing/voucher-cards-faq) with redeem codes.
 #### :material-check:{ .pg-green } WireGuard Support
@@ -211,7 +215,7 @@ IVPN clients support two-factor authentication. IVPN also provides "[AntiTracker
 [:octicons-home-16: Homepage](https://mullvad.net){ .md-button .md-button--primary }
 [:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Service" }
 [:octicons-eye-16:](https://mullvad.net/en/help/privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://mullvad.net/en/help){ .card-link title=Documentation}
+[:octicons-info-16:](https://mullvad.net/en/help){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/mullvad){ .card-link title="Source Code" }
 <details class="downloads" markdown>
@@ -233,7 +237,7 @@ IVPN clients support two-factor authentication. IVPN also provides "[AntiTracker
 Mullvad has [servers in 49 countries](https://mullvad.net/servers).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
 { .annotate }
-1. Last checked: 2025-03-10
+1. Last checked: 2025-10-28
 We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).
@@ -247,13 +251,14 @@ Mullvad provides the source code for their desktop and mobile clients in their [
 #### :material-check:{ .pg-green } Accepts Cash and Monero
-Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. Prepaid cards with redeem codes are also available. Mullvad also accepts Swish and bank wire transfers, as well as a few European payment systems.
+Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. You can also purchase [prepaid cards](https://mullvad.net/en/help/partnerships-and-resellers) with redeem codes. Mullvad also accepts Swish and bank wire transfers, as well as a few European payment systems.
 #### :material-check:{ .pg-green } WireGuard Support
 Mullvad supports the WireGuard® protocol. [WireGuard](https://wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://wireguard.com/protocol). Additionally, WireGuard aims to be simpler and more performant.
-Mullvad [recommends](https://mullvad.net/en/help/why-wireguard) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://wireguard.com/install).
+Mullvad [recommends](https://mullvad.net/en/help/why-wireguard) the use of WireGuard with their service. It is the only protocol supported on their mobile apps, and their desktop apps will [lose OpenVPN support](https://mullvad.net/en/blog/reminder-that-openvpn-is-being-removed) in 2025. Additionally, their servers will stop accepting OpenVPN connections by January 15, 2026.
 Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://wireguard.com/install).
 #### :material-check:{ .pg-green } IPv6 Support
@@ -28,6 +28,11 @@ edit_uri_template: blob/main/blog/{path}?plain=1
 extra:
  scope: /
  ghost:
    base_url: https://www.privacyguides.org
    admin_url: https://ghost.privacyguides.org/ghost
    tb_site_uuid: 5f3bdb03-a1af-4844-85ca-cbc82c89eb9a
    content_api_key: da9d77deb3e85ee73925167f3a
  privacy_guides:
    footer:
      intro:
@@ -48,7 +53,7 @@ extra:
        - fontawesome/brands/creative-commons
        - fontawesome/brands/creative-commons-by
        - fontawesome/brands/creative-commons-sa
-  homepage: !ENV [MAIN_SITE_BASE_URL, "https://www.privacyguides.org/en/"]
+  homepage: /
  generator: false
  context: !ENV [BUILD_CONTEXT, "production"]
  offline: !ENV [BUILD_OFFLINE, false]
@@ -216,6 +221,7 @@ nav:
  - !ENV [NAV_RECOMMENDATIONS, "Recommendations"]:
      !ENV [MAIN_SITE_RECOMMENDATIONS_URL, "/en/tools/"]
  - !ENV [NAV_BLOG, "Articles"]:
      - Latest Posts: !ENV [ARTICLES_SITE_BASE_URL, "index.md"]
      - index.md
      - editorial.md
      - tags.md
@@ -33,10 +33,16 @@ edit_uri_template:
 extra:
  scope: /
  homepage: /
  generator: false
  context: !ENV [BUILD_CONTEXT, "production"]
  offline: !ENV [BUILD_OFFLINE, false]
  deploy: !ENV DEPLOY_ID
  ghost:
    base_url: https://www.privacyguides.org
    admin_url: https://ghost.privacyguides.org/ghost
    tb_site_uuid: 5f3bdb03-a1af-4844-85ca-cbc82c89eb9a
    content_api_key: da9d77deb3e85ee73925167f3a
  privacy_guides:
    footer:
      intro:
@@ -209,10 +215,14 @@ extra:
      link: /nl/
      lang: nl
      icon: https://raw.githubusercontent.com/twitter/twemoji/master/assets/svg/1f1f3-1f1f1.svg
-    - name: 正體中文
+    - name: 中文 (繁體)
      link: /zh-hant/
      lang: zh-Hant
-      icon: https://raw.githubusercontent.com/twitter/twemoji/master/assets/svg/1f1ed-1f1f0.svg
+      icon: https://raw.githubusercontent.com/jdecked/twemoji/master/assets/svg/1f1ed-1f1f0.svg
    - name: 中文 (繁體，台灣)
      link: /zh-TW/
      lang: zh-TW
      icon: https://raw.githubusercontent.com/jdecked/twemoji/master/assets/svg/1f1f9-1f1fc.svg
    - name: Русский
      link: /ru/
      lang: ru
@@ -395,8 +405,9 @@ nav:
      - "tools.md"
      - !ENV [NAV_SELF_HOSTING, "Self-Hosting"]:
          - "self-hosting/index.md"
          - "self-hosting/email-servers.md"
          - "self-hosting/dns-filtering.md"
          - "self-hosting/email-servers.md"
          - "self-hosting/file-management.md"
      - !ENV [NAV_INTERNET_BROWSING, "Internet Browsing"]:
          - "tor.md"
          - "desktop-browsers.md"
@@ -100,14 +100,14 @@ if [ "$language" == "he" ]; then
  export BUILD_THEME_FONT_TEXT="Open Sans"
 fi
-# Set font if chinese
+# Set font if russian or chinese
-if [ "$language" == "zh-Hant" ]; then
+if [[ "ru zh-Hant zh-TW" =~ $language ]]; then
  export BUILD_THEME_FONT_CODE="Noto Sans TC"
  export BUILD_THEME_FONT_TEXT="Noto Sans TC"
 fi
 # Set stylesheet if hebrew or russian or chinese
-if [[ "he ru zh-Hant" =~ $language ]]; then
+if [[ "he ru zh-Hant zh-TW" =~ $language ]]; then
  export TRANSLATION_STYLESHEET="assets/stylesheets/lang-$language.css?v=20240410"
 fi
@@ -1 +0,0 @@
 <svg xmlns="http://www.w3.org/2000/svg" width="384" height="128" version="1.1" viewBox="0 0 101.6 33.867"><g stroke-width=".068"><g fill="#f3a628"><path d="m-5.0944e-4 11.111c0-0.2299 0.17581-0.43276 0.43277-0.43276h0.52066c0.2299 0 0.43276 0.1961 0.43276 0.43276v5.0647l5.5853-5.3149c0.07443-0.08791 0.2299-0.17581 0.3381-0.17581h0.87904c0.32458 0 0.50039 0.35838 0.21638 0.62886l-5.653 5.2811 5.9234 6.0654c0.12847 0.12848 0.08794 0.55448-0.30428 0.55448h-0.91285c-0.12849 0-0.28401-0.07438-0.32458-0.12848l-5.7476-5.9978v5.6935c0 0.2299-0.1961 0.43276-0.43276 0.43276h-0.52066c-0.25019 0-0.43277-0.1961-0.43277-0.43276z" class="st0"/><path d="m25.106 11.017c0-0.17581 0.142-0.3381 0.3381-0.3381h0.69647c0.17581 0 0.3381 0.16229 0.3381 0.3381v10.988h5.1526c0.1961 0 0.3381 0.16229 0.3381 0.3381v0.52067c0 0.17581-0.142 0.3381-0.3381 0.3381h-6.1939c-0.19609 0-0.3381-0.16229-0.3381-0.3381v-11.847z" class="st0"/><path d="m32.734 22.742 5.4433-12.043c0.05405-0.1082 0.142-0.1961 0.30428-0.1961h0.17581c0.16229 0 0.25018 0.08791 0.30428 0.1961l5.4028 12.043c0.10821 0.22991-0.03378 0.46657-0.30428 0.46657h-0.71676c-0.16229 0-0.27047-0.10818-0.30428-0.1961l-1.3253-2.955h-6.3494l-1.3051 2.955c-0.03378 0.0879-0.142 0.1961-0.30428 0.1961h-0.71676c-0.27047 0-0.41248-0.23667-0.30428-0.46657zm8.4997-3.7934c-0.87905-1.9474-1.7378-3.9219-2.6101-5.8693h-0.142l-2.6101 5.8693z" class="st0"/><path d="m46.312 11.017c0-0.17581 0.142-0.3381 0.33809-0.3381h3.9219c2.1841 0 3.6717 1.4132 3.6717 3.2931 0 1.3794-0.91286 2.3802-1.7513 2.8603 0.94667 0.39219 2.1503 1.2712 2.1503 2.9144 0 2.0015-1.5958 3.4553-3.9016 3.4553h-4.0774c-0.1961 0-0.3381-0.16229-0.3381-0.3381v-11.847zm4.5643 10.988c1.305 0 2.2517-0.98724 2.2517-2.272 0-1.2712-1.163-2.2044-2.556-2.2044h-2.955v4.4764zm-0.3043-5.7071c1.3794 0 2.1503-0.98724 2.1503-2.2382 0-1.2915-0.77086-2.1503-2.1503-2.1503h-2.9144v4.3817h2.9144z" class="st0"/></g><g fill="#e8e8e8"><path d="m59.437 10.821c0-0.17581 0.16229-0.32457 0.3381-0.32457h0.44629l8.0737 10.055h0.03381v-9.5343c0-0.17581 0.142-0.3381 0.3381-0.3381h0.62886c0.17581 0 0.3381 0.16229 0.3381 0.3381v12.043c0 0.17581-0.16229 0.32457-0.3381 0.32457h-0.32457l-8.209-10.251h-0.02027v9.7372c0 0.17581-0.142 0.3381-0.3381 0.3381h-0.62886c-0.1758 0-0.33809-0.16228-0.33809-0.3381z" class="st1"/><path d="m78.803 10.503c3.5771 0 6.4441 2.8806 6.4441 6.4576s-2.8603 6.4238-6.4441 6.4238-6.4238-2.8468-6.4238-6.4238c0-3.5771 2.84-6.4576 6.4238-6.4576zm0 11.63c2.8468 0 5.1864-2.3261 5.1864-5.1729s-2.3464-5.2067-5.1864-5.2067-5.1729 2.3599-5.1729 5.2067 2.3261 5.1729 5.1729 5.1729z" class="st1"/><path d="m86.748 11.111c-0.07438-0.25019 0.07438-0.43276 0.32457-0.43276h0.75057c0.142 0 0.284 0.12848 0.32457 0.25019l2.4884 9.2706h0.07438l2.9888-9.5005c0.0338-0.1082 0.142-0.1961 0.30429-0.1961h0.32457c0.142 0 0.27048 0.08791 0.30429 0.1961l3.0429 9.5005h0.0744l2.4343-9.2706c0.0338-0.12848 0.17581-0.25019 0.32457-0.25019h0.75057c0.25019 0 0.3922 0.17581 0.32457 0.43276l-3.3809 12.023c-0.0338 0.142-0.17581 0.25019-0.32457 0.25019h-0.284c-0.12848 0-0.25019-0.08791-0.30429-0.1961l-3.097-9.6831h-0.0879l-3.0429 9.6831c-0.05409 0.10818-0.17581 0.1961-0.30428 0.1961h-0.284c-0.142 0-0.284-0.1082-0.32457-0.25019z" class="st1"/></g><path fill="#f3a628" d="m17.391 23.121c-0.27047 0-0.52066-0.18257-0.58828-0.45981-0.08119-0.32457 0.11496-0.6559 0.44628-0.73705 2.3126-0.57476 3.9287-2.6507 3.9287-5.0309 0-2.8603-2.3261-5.1864-5.1864-5.1864s-5.1864 2.3261-5.1864 5.1864c0 2.387 1.6161 4.4561 3.9287 5.0309 0.32458 0.08114 0.52743 0.41248 0.44629 0.73705-0.08118 0.32457-0.41248 0.52743-0.73705 0.44629-2.8535-0.71-4.8483-3.2728-4.8483-6.2142 0-3.5297 2.8738-6.4103 6.4103-6.4103s6.4103 2.8738 6.4103 6.4103c0 2.9482-1.9948 5.5042-4.8483 6.2142-0.07443 0.0068-0.12172 0.01352-0.17581 0.01352z" class="st0"/></g></svg>
@@ -1 +0,0 @@
 <svg xmlns="http://www.w3.org/2000/svg" width="384" height="128" version="1.1" viewBox="0 0 101.6 33.867"><g stroke-width=".068"><g fill="#f3a628"><path d="m-5.0944e-4 11.111c0-0.2299 0.17581-0.43276 0.43277-0.43276h0.52066c0.2299 0 0.43276 0.1961 0.43276 0.43276v5.0647l5.5853-5.3149c0.07443-0.08791 0.2299-0.17581 0.3381-0.17581h0.87904c0.32458 0 0.50039 0.35838 0.21638 0.62886l-5.653 5.2811 5.9234 6.0654c0.12847 0.12848 0.08794 0.55448-0.30428 0.55448h-0.91285c-0.12849 0-0.28401-0.07438-0.32458-0.12848l-5.7476-5.9978v5.6935c0 0.2299-0.1961 0.43276-0.43276 0.43276h-0.52066c-0.25019 0-0.43277-0.1961-0.43277-0.43276z" class="st0"/><path d="m25.106 11.017c0-0.17581 0.142-0.3381 0.3381-0.3381h0.69647c0.17581 0 0.3381 0.16229 0.3381 0.3381v10.988h5.1526c0.1961 0 0.3381 0.16229 0.3381 0.3381v0.52067c0 0.17581-0.142 0.3381-0.3381 0.3381h-6.1939c-0.19609 0-0.3381-0.16229-0.3381-0.3381v-11.847z" class="st0"/><path d="m32.734 22.742 5.4433-12.043c0.05405-0.1082 0.142-0.1961 0.30428-0.1961h0.17581c0.16229 0 0.25018 0.08791 0.30428 0.1961l5.4028 12.043c0.10821 0.22991-0.03378 0.46657-0.30428 0.46657h-0.71676c-0.16229 0-0.27047-0.10818-0.30428-0.1961l-1.3253-2.955h-6.3494l-1.3051 2.955c-0.03378 0.0879-0.142 0.1961-0.30428 0.1961h-0.71676c-0.27047 0-0.41248-0.23667-0.30428-0.46657zm8.4997-3.7934c-0.87905-1.9474-1.7378-3.9219-2.6101-5.8693h-0.142l-2.6101 5.8693z" class="st0"/><path d="m46.312 11.017c0-0.17581 0.142-0.3381 0.33809-0.3381h3.9219c2.1841 0 3.6717 1.4132 3.6717 3.2931 0 1.3794-0.91286 2.3802-1.7513 2.8603 0.94667 0.39219 2.1503 1.2712 2.1503 2.9144 0 2.0015-1.5958 3.4553-3.9016 3.4553h-4.0774c-0.1961 0-0.3381-0.16229-0.3381-0.3381v-11.847zm4.5643 10.988c1.305 0 2.2517-0.98724 2.2517-2.272 0-1.2712-1.163-2.2044-2.556-2.2044h-2.955v4.4764zm-0.3043-5.7071c1.3794 0 2.1503-0.98724 2.1503-2.2382 0-1.2915-0.77086-2.1503-2.1503-2.1503h-2.9144v4.3817h2.9144z" class="st0"/></g><g fill="#575756"><path d="m59.437 10.821c0-0.17581 0.16229-0.32457 0.3381-0.32457h0.44629l8.0737 10.055h0.03381v-9.5343c0-0.17581 0.142-0.3381 0.3381-0.3381h0.62886c0.17581 0 0.3381 0.16229 0.3381 0.3381v12.043c0 0.17581-0.16229 0.32457-0.3381 0.32457h-0.32457l-8.209-10.251h-0.02027v9.7372c0 0.17581-0.142 0.3381-0.3381 0.3381h-0.62886c-0.1758 0-0.33809-0.16228-0.33809-0.3381z" class="st1"/><path d="m78.803 10.503c3.5771 0 6.4441 2.8806 6.4441 6.4576s-2.8603 6.4238-6.4441 6.4238-6.4238-2.8468-6.4238-6.4238c0-3.5771 2.84-6.4576 6.4238-6.4576zm0 11.63c2.8468 0 5.1864-2.3261 5.1864-5.1729s-2.3464-5.2067-5.1864-5.2067-5.1729 2.3599-5.1729 5.2067 2.3261 5.1729 5.1729 5.1729z" class="st1"/><path d="m86.748 11.111c-0.07438-0.25019 0.07438-0.43276 0.32457-0.43276h0.75057c0.142 0 0.284 0.12848 0.32457 0.25019l2.4884 9.2706h0.07438l2.9888-9.5005c0.0338-0.1082 0.142-0.1961 0.30429-0.1961h0.32457c0.142 0 0.27048 0.08791 0.30429 0.1961l3.0429 9.5005h0.0744l2.4343-9.2706c0.0338-0.12848 0.17581-0.25019 0.32457-0.25019h0.75057c0.25019 0 0.3922 0.17581 0.32457 0.43276l-3.3809 12.023c-0.0338 0.142-0.17581 0.25019-0.32457 0.25019h-0.284c-0.12848 0-0.25019-0.08791-0.30429-0.1961l-3.097-9.6831h-0.0879l-3.0429 9.6831c-0.05409 0.10818-0.17581 0.1961-0.30428 0.1961h-0.284c-0.142 0-0.284-0.1082-0.32457-0.25019z" class="st1"/></g><path fill="#f3a628" d="m17.391 23.121c-0.27047 0-0.52066-0.18257-0.58828-0.45981-0.08119-0.32457 0.11496-0.6559 0.44628-0.73705 2.3126-0.57476 3.9287-2.6507 3.9287-5.0309 0-2.8603-2.3261-5.1864-5.1864-5.1864s-5.1864 2.3261-5.1864 5.1864c0 2.387 1.6161 4.4561 3.9287 5.0309 0.32458 0.08114 0.52743 0.41248 0.44629 0.73705-0.08118 0.32457-0.41248 0.52743-0.73705 0.44629-2.8535-0.71-4.8483-3.2728-4.8483-6.2142 0-3.5297 2.8738-6.4103 6.4103-6.4103s6.4103 2.8738 6.4103 6.4103c0 2.9482-1.9948 5.5042-4.8483 6.2142-0.07443 0.0068-0.12172 0.01352-0.17581 0.01352z" class="st0"/></g></svg>
@@ -0,0 +1,18 @@
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
 <svg width="100%" height="100%" viewBox="0 0 142 142" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve" xmlns:serif="http://www.serif.com/" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linejoin:round;stroke-miterlimit:2;">
    <g transform="matrix(4.16667,0,0,4.16667,-142.092,-141.896)">
        <g id="b" transform="matrix(1.00006,0,0,1.00006,0,0.00289614)">
            <path d="M47.99,39.69L58.93,47.97C59.61,48.41 59.97,48.35 60.52,47.75C60.65,47.6 60.77,47.46 60.89,47.32C61.21,46.93 61.39,46.68 61.26,46.22C61.25,46.16 57.86,35.79 57.86,35.79C57.54,34.68 56.75,34.07 55.53,34.05L50.5,34.05C49.73,34.05 49.33,34.21 48.88,34.73L47.51,36.55C46.56,37.9 46.67,38.62 47.99,39.7" style="fill:rgb(171,230,89);fill-rule:nonzero;"/>
        </g>
        <g id="c" transform="matrix(1.00006,0,0,1.00006,0,0.00289614)">
            <path d="M62.51,47.93L54.23,58.87C53.79,59.55 53.85,59.91 54.45,60.46C54.6,60.59 54.74,60.71 54.88,60.83C55.27,61.15 55.52,61.33 55.98,61.2C56.04,61.19 66.41,57.8 66.41,57.8C67.52,57.48 68.13,56.69 68.15,55.47L68.15,50.44C68.15,49.67 67.99,49.27 67.47,48.82L65.65,47.45C64.3,46.5 63.58,46.61 62.5,47.93" style="fill:rgb(171,230,89);fill-rule:nonzero;"/>
        </g>
        <g id="d" transform="matrix(1.00006,0,0,1.00006,0,0.00289614)">
            <path d="M39.74,54.19L48.02,43.25C48.46,42.57 48.4,42.21 47.8,41.66C47.65,41.53 47.51,41.41 47.37,41.29C46.98,40.97 46.73,40.79 46.27,40.92C46.21,40.93 35.84,44.32 35.84,44.32C34.73,44.64 34.12,45.43 34.1,46.65L34.1,51.68C34.1,52.45 34.26,52.85 34.78,53.3L36.6,54.67C37.95,55.62 38.67,55.51 39.75,54.19" style="fill:rgb(171,230,89);fill-rule:nonzero;"/>
        </g>
        <g id="e" transform="matrix(1.00006,0,0,1.00006,0,0.00289614)">
            <path d="M54.24,62.43L43.3,54.15C42.62,53.71 42.26,53.77 41.71,54.37C41.58,54.52 41.46,54.66 41.34,54.8C41.02,55.19 40.84,55.44 40.97,55.9C40.98,55.96 44.37,66.33 44.37,66.33C44.69,67.44 45.48,68.05 46.7,68.07L51.73,68.07C52.5,68.07 52.9,67.91 53.35,67.39L54.72,65.57C55.67,64.22 55.56,63.5 54.24,62.42" style="fill:rgb(171,230,89);fill-rule:nonzero;"/>
        </g>
    </g>
 </svg>
@@ -1 +0,0 @@
 <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 86 78"><path fill="#76BC21" fill-rule="nonzero" d="M52.597 44.165 85.369 21.72V0H7.923S-.003 0-.003 7.924v.217l52.6 36.024ZM7.923 77.151h77.446V33.243L54.677 54.168c-2.183 1.487-4.358-.01-4.358-.01L-.003 19.539v49.69s0 7.923 7.926 7.923"/></svg>
@@ -1 +0,0 @@
 <svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><g stroke-width=".39547"><path d="m4.8224 4.1176h3.2876a2.4717 2.4717 0 0 1 2.4717 2.4717v9.5902h6.4264v3.4604h-7.4151a2.4717 2.4717 0 0 1-2.4717-2.4717v-9.5902h-2.2989zm25.137 2.4717v2.5706h-3.4604v-1.5819h-2.7193v12.062h-3.4604v-12.062h-2.7185v1.5819h-3.4604v-2.5706a2.4717 2.4717 0 0 1 2.4717-2.4717h10.876a2.4717 2.4717 0 0 1 2.4717 2.4717z" clip-rule="evenodd" fill="#fff" fill-rule="evenodd"/><path d="m3.2184 28.921-3.2184-2.2985c0.94518-1.3236 1.9208-2.3475 2.9471-3.0661 1.1405-0.79807 2.3523-1.2224 3.6055-1.2224 1.1635 0 2.1711 0.28236 3.072 0.8226a6.969 6.969 0 0 1 1.0342 0.76722c0.23253 0.20485 0.39903 0.3662 0.7522 0.71976 0.53587 0.53546 0.75852 0.73202 1.0251 0.89178 0.28909 0.17362 0.5944 0.25905 1.0373 0.25905 0.44333 0 0.74982-0.0858 1.0405-0.25982 0.26773-0.16017 0.49236-0.35791 1.0282-0.89259l0.0045-0.0045c0.35197-0.35118 0.51926-0.51333 0.75219-0.71858a6.975 6.975 0 0 1 1.0322-0.76445c0.89892-0.53863 1.9038-0.82022 3.0629-0.82022 1.1591 0 2.164 0.28159 3.0625 0.82022 0.36264 0.21751 0.69604 0.46784 1.0326 0.76445 0.23294 0.20485 0.40061 0.3674 0.7522 0.71858l0.0045 0.0045c0.53548 0.53468 0.7601 0.73242 1.0278 0.89259 0.29068 0.174 0.59716 0.25982 1.0405 0.25982 0.39468 0 0.83049-0.15265 1.3379-0.5078 0.62169-0.43502 1.294-1.1413 1.9964-2.1245l3.2184 2.2985c-0.94558 1.3236-1.9208 2.3475-2.9471 3.0661-1.1405 0.79807-2.3523 1.2224-3.6055 1.2224-1.1631 0-2.1712-0.28198-3.0724-0.82179a6.971 6.971 0 0 1-1.0358-0.76644c-0.23332-0.20525-0.4014-0.36779-0.75417-0.71976l-0.0045-0.0045c-0.53428-0.5331-0.75813-0.73043-1.0243-0.88981-0.28791-0.17282-0.59084-0.25745-1.0294-0.25745-0.43859 0-0.74152 0.0846-1.0294 0.25745-0.26616 0.15938-0.48999 0.35671-1.0243 0.88981l-0.0045 0.0045c-0.35276 0.35197-0.52084 0.51451-0.75417 0.71976-0.33813 0.2974-0.6723 0.54892-1.0361 0.76644-0.90089 0.53981-1.9086 0.82179-3.072 0.82179-1.1635 0-2.1711-0.28236-3.072-0.82258a6.9837 6.9837 0 0 1-1.0342-0.76683c-0.23293-0.20525-0.39903-0.36661-0.75258-0.71976-0.53548-0.53587-0.75813-0.73242-1.0247-0.89219-0.28909-0.17361-0.5944-0.25903-1.0373-0.25903-0.39468 0-0.83049 0.15264-1.3379 0.50778-0.62169 0.43502-1.294 1.1413-1.9964 2.1245z" fill="#45a1fc"/></g></svg>
@@ -1 +0,0 @@
 <svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><g stroke-width=".39547"><path d="m4.8224 4.1176h3.2876a2.4717 2.4717 0 0 1 2.4717 2.4717v9.5902h6.4264v3.4604h-7.4151a2.4717 2.4717 0 0 1-2.4717-2.4717v-9.5902h-2.2989zm25.137 2.4717v2.5706h-3.4604v-1.5819h-2.7193v12.062h-3.4604v-12.062h-2.7185v1.5819h-3.4604v-2.5706a2.4717 2.4717 0 0 1 2.4717-2.4717h10.876a2.4717 2.4717 0 0 1 2.4717 2.4717z" clip-rule="evenodd" fill-rule="evenodd"/><path d="m3.2184 28.921-3.2184-2.2985c0.94518-1.3236 1.9208-2.3475 2.9471-3.0661 1.1405-0.79807 2.3523-1.2224 3.6055-1.2224 1.1635 0 2.1711 0.28236 3.072 0.8226a6.969 6.969 0 0 1 1.0342 0.76722c0.23253 0.20485 0.39903 0.3662 0.75219 0.71976 0.53587 0.53546 0.75852 0.73202 1.0251 0.89178 0.28909 0.17362 0.5944 0.25905 1.0373 0.25905 0.44333 0 0.74982-0.0858 1.0405-0.25982 0.26773-0.16017 0.49236-0.35791 1.0282-0.89259l0.0045-0.0045c0.35197-0.35118 0.51926-0.51333 0.7522-0.71858a6.975 6.975 0 0 1 1.0322-0.76445c0.89891-0.53863 1.9038-0.82022 3.0629-0.82022 1.1591 0 2.164 0.28159 3.0625 0.82022 0.36264 0.21751 0.69604 0.46784 1.0326 0.76445 0.23293 0.20485 0.40061 0.3674 0.7522 0.71858l0.0045 0.0045c0.53548 0.53468 0.7601 0.73242 1.0278 0.89259 0.29068 0.174 0.59716 0.25982 1.0405 0.25982 0.39468 0 0.83049-0.15265 1.3379-0.5078 0.62169-0.43502 1.294-1.1413 1.9964-2.1245l3.2184 2.2985c-0.94558 1.3236-1.9208 2.3475-2.9471 3.0661-1.1405 0.79807-2.3523 1.2224-3.6055 1.2224-1.1631 0-2.1712-0.28198-3.0724-0.82179a6.971 6.971 0 0 1-1.0358-0.76644c-0.23332-0.20525-0.4014-0.36779-0.75417-0.71976l-0.0045-0.0045c-0.53428-0.5331-0.75813-0.73043-1.0243-0.88981-0.28791-0.17282-0.59084-0.25745-1.0294-0.25745-0.43859 0-0.74152 0.0846-1.0294 0.25745-0.26616 0.15938-0.48999 0.35671-1.0243 0.88981l-0.0045 0.0045c-0.35276 0.35197-0.52084 0.51451-0.75417 0.71976-0.33813 0.2974-0.6723 0.54892-1.0361 0.76644-0.90089 0.53981-1.9086 0.82179-3.072 0.82179-1.1635 0-2.1711-0.28236-3.072-0.82258a6.9837 6.9837 0 0 1-1.0342-0.76683c-0.23293-0.20525-0.39903-0.36661-0.75258-0.71976-0.53548-0.53587-0.75813-0.73242-1.0247-0.89219-0.28909-0.17361-0.5944-0.25903-1.0373-0.25903-0.39468 0-0.83049 0.15264-1.3379 0.50778-0.62169 0.43502-1.294 1.1413-1.9964 2.1245z" fill="#45a1fc"/></g></svg>
@@ -0,0 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><rect x="6.156e-7" y="2.285e-7" width="33.867" height="33.867" rx="6.0866" fill="#fff" style="paint-order:stroke markers fill"/><g transform="matrix(.50794 0 0 .50794 -.26878 -.26879)" fill="none"><g id="content" transform="matrix(.64219 0 0 -.64219 -289.95 303.69)" fill-rule="evenodd" stroke="#000" stroke-miterlimit="10.433" stroke-width="0" xml:space="preserve"><polygon points="460 437.34 460.85 436.64 460.85 409.18 460 408.5 456.86 408.25 456.86 406.2 480.72 406.2 480.72 415.26 478.14 415.26 477.29 409.29 476.6 408.5 465.33 408.5 465.33 436.64 466.18 437.34 469.02 437.64 469.02 439.64 456.86 439.64 456.86 437.64" fill="#55f"/><polygon points="485.73 406.2 498.73 406.2 498.73 408.25 495.39 408.5 494.5 409.18 494.5 437.34 502.17 437.34 502.88 436.59 503.56 431.95 506.31 431.95 506.31 439.64 478.16 439.64 478.16 431.95 480.89 431.95 481.59 436.59 482.3 437.34 489.97 437.34 489.97 409.18 489.06 408.5 485.73 408.25" fill="#55f"/><polygon points="520.85 424.59 521.56 420.36 524.35 420.36 524.35 427.64 500.48 427.64 500.48 425.64 503.32 425.34 504.17 424.64 504.17 397.18 503.32 396.5 500.48 396.25 500.48 394.2 526.14 394.2 526.14 402.32 523.56 402.32 522.7 397.29 522.01 396.5 508.65 396.5 508.65 410.43 516.82 410.43 517.53 409.7 518.03 406.11 520.35 406.11 520.35 417.07 518.03 417.07 517.53 413.43 516.82 412.73 508.65 412.73 508.65 425.34 520.17 425.34" fill="#000"/><polygon points="551.62 408.25 548.23 408.84 538.56 424.14 547.69 437.14 550.88 437.64 550.88 439.64 540.72 439.64 540.72 437.64 543.59 437.18 544.05 436.54 536.97 426.48 530.45 436.75 530.84 437.34 533.84 437.64 533.84 439.64 521.83 439.64 521.83 437.64 525.12 437 534.14 422.89 524.12 408.89 520.83 408.25 520.83 406.2 531.44 406.2 531.44 408.25 528.11 408.54 527.81 409.43 535.67 420.59 542.7 409.29 542.36 408.59 539.02 408.25 539.02 406.2 551.62 406.2" fill="#000"/></g><g stroke="#55f" stroke-linecap="round" stroke-linejoin="bevel" stroke-width="1.5875"><path d="m4.1031 46.928h3.8701"/><path d="m11.597 46.928h3.8701"/><path d="m19.09 46.928h3.8701"/><path d="m26.584 46.928h3.8701"/></g></g></svg>
@@ -46,6 +46,7 @@
    --pg-green: #2e7e31;
    --pg-blue-gray: #546d78;
    --pg-viridian: #40826d;
    --ghost-accent-color: #4f46e5;
 }
 :root, [data-md-color-scheme="slate"] {
    --md-default-bg-color: rgb(26, 26, 27);
@@ -67,6 +68,7 @@
    --pg-blue-gray: #9ab2bc;
    --pg-viridian: #40826d;
    --md-footer-bg-color--dark: var(--md-default-bg-color);
    --ghost-accent-color: #4f46e5;
 }
 /* Better contrast link colors */
@@ -0,0 +1,58 @@
 /*
 /// Copyright (c) 2023 Jonah Aragon <jonah@triplebit.net>
 ///
 /// Permission is hereby granted, free of charge, to any person obtaining a
 /// copy of this software and associated documentation files (the "Software"),
 /// to deal in the Software without restriction, including without limitation
 /// the rights to use, copy, modify, merge, publish, distribute, sublicense,
 /// and/or sell copies of the Software, and to permit persons to whom the
 /// Software is furnished to do so, subject to the following conditions:
 ///
 /// The above copyright notice and this permission notice shall be included in
 /// all copies or substantial portions of the Software.
 ///
 /// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 /// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 /// FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL
 /// THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 /// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
 /// FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
 /// DEALINGS
 */
 /* chinese-traditional */
@font-face {
  font-family: 'Noto Serif TC';
  font-style: normal;
  font-weight: 400;
  src: url(https://fonts.bunny.net/noto-serif-tc/files/noto-serif-tc-chinese-traditional-400-normal.woff2) format('woff2'), url(https://fonts.bunny.net/noto-serif-tc/files/noto-serif-tc-chinese-traditional-400-normal.woff) format('woff');
 }
 /* latin */
@font-face {
  font-family: 'Noto Serif TC';
  font-style: normal;
  font-weight: 400;
  src: url(https://fonts.bunny.net/noto-serif-tc/files/noto-serif-tc-latin-400-normal.woff2) format('woff2'), url(https://fonts.bunny.net/noto-serif-tc/files/noto-serif-tc-latin-400-normal.woff) format('woff');
 }
 /* chinese-traditional */
@font-face {
  font-family: 'Noto Serif TC';
  font-style: normal;
  font-weight: 700;
  src: url(https://fonts.bunny.net/noto-serif-tc/files/noto-serif-tc-chinese-traditional-700-normal.woff2) format('woff2'), url(https://fonts.bunny.net/noto-serif-tc/files/noto-serif-tc-chinese-traditional-700-normal.woff) format('woff');
 }
 /* latin */
@font-face {
  font-family: 'Noto Serif TC';
  font-style: normal;
  font-weight: 700;
  src: url(https://fonts.bunny.net/noto-serif-tc/files/noto-serif-tc-latin-700-normal.woff2) format('woff2'), url(https://fonts.bunny.net/noto-serif-tc/files/noto-serif-tc-latin-700-normal.woff) format('woff');
 }
 h1, h2, h3, .md-header__topic {
  font-family: "Bagnard", "Noto Serif TC", serif;
  font-weight: 700!important;
 }
@@ -102,6 +102,10 @@ tags:
  article:section: "{{ page.categories[0].title }}"
  article:author: "https://www.privacyguides.org/articles/{{ page.authors[0].url }}"
  # Facebook
  article:publisher: "https://www.facebook.com/PrivacyGuides.org"
  article:tag: "Technology"
  # Mastodon
  fediverse:creator: *author_mastodon
@@ -11,7 +11,7 @@ definitions:
  - &font_family >-
    {%- if config.theme.language == "he" -%}
      Suez One
-    {%- elif config.theme.language == ("zh-Hant" or "ru") -%}
+    {%- elif config.theme.language == ("ru" or "zh-Hant" or "zh-TW") -%}
      Noto Sans TC
    {%- else -%}
      Public Sans
@@ -44,6 +44,9 @@ tags:
  og:image:height: "{{ image.height }}"
  og:url: "{{ page.canonical_url }}"
  # Facebook
  article:publisher: "https://www.facebook.com/PrivacyGuides.org"
  # Mastodon
  fediverse:creator: "@privacyguides@neat.computer"
@@ -19,7 +19,7 @@ definitions:
  - &title_font_family >-
    {%- if config.theme.language == "he" -%}
      Suez One
-    {%- elif config.theme.language == ("zh-Hant" or "ru") -%}
+    {%- elif config.theme.language == ("ru" or "zh-Hant" or "zh-TW") -%}
      Noto Serif TC
    {%- else -%}
      Bagnard
@@ -35,7 +35,7 @@ definitions:
  - &font_family >-
    {%- if config.theme.language == "he" -%}
      Suez One
-    {%- elif config.theme.language == ("zh-Hant" or "ru") -%}
+    {%- elif config.theme.language == ("ru" or "zh-Hant" or "zh-TW") -%}
      Noto Sans TC
    {%- else -%}
      Public Sans
@@ -80,6 +80,9 @@ tags:
  og:image:height: "{{ image.height }}"
  og:url: "{{ page.canonical_url }}"
  # Facebook
  article:publisher: "https://www.facebook.com/PrivacyGuides.org"
  # Mastodon
  fediverse:creator: "@privacyguides@neat.computer"
@@ -15,7 +15,7 @@ definitions:
  - &title_font_family >-
    {%- if config.theme.language == "he" -%}
      Suez One
-    {%- elif config.theme.language == ("zh-Hant" or "ru") -%}
+    {%- elif config.theme.language == ("ru" or "zh-Hant" or "zh-TW") -%}
      Noto Serif TC
    {%- else -%}
      Bagnard
@@ -24,7 +24,7 @@ definitions:
  - &font_family >-
    {%- if config.theme.language == "he" -%}
      Suez One
-    {%- elif config.theme.language == ("zh-Hant" or "ru") -%}
+    {%- elif config.theme.language == ("ru" or "zh-Hant" or "zh-TW") -%}
      Noto Sans TC
    {%- else -%}
      Public Sans
@@ -64,6 +64,9 @@ tags:
  og:image:height: "{{ image.height }}"
  og:url: "{{ page.canonical_url }}"
  # Facebook
  article:publisher: "https://www.facebook.com/PrivacyGuides.org"
  # Twitter
  twitter:card: summary_large_image
  twitter:title: *page_title_with_site_name
@@ -34,7 +34,9 @@
    {% elif config.site_author %}
    <meta name="author" content="{{ config.site_author }}">
    {% endif %}
-    {% if page.canonical_url %}
+    {% if page.meta and page.meta.canonical_url %}
    <link rel="canonical" href="{{ page.meta.canonical_url }}">
    {% elif page.canonical_url %}
    <link rel="canonical" href="{{ page.canonical_url }}">
    {% endif %}
    {% if page.previous_page %}
@@ -87,22 +89,47 @@
    <meta name="robots" content="max-snippet:-1, max-image-preview:large">
  {% endif %}
-  {% if config.extra.context == "production" %}
+  {% if not config.extra.offline %}
-  <link href="https://www.privacyguides.org/webmentions/receive/" rel="webmention">
+  <script defer src="https://cdn.jsdelivr.net/ghost/portal@2.53.2/umd/portal.min.js"
-  <meta http-equiv="onion-location" content="{{ page.canonical_url | replace("https://www.privacyguides.org", "http://www.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion") }}" />
+          data-i18n="true"
          data-ghost="{{ config.extra.ghost.base_url }}/"
          data-key="{{ config.extra.ghost.content_api_key }}"
          data-api="{{ config.extra.ghost.admin_url }}/api/content/"
          data-locale="{{ config.theme.language }}"
          data-members-signin-otc="false"
          crossorigin="anonymous">
  </script>
  <script defer src="https://cdn.jsdelivr.net/ghost/announcement-bar@~1.1/umd/announcement-bar.min.js"
          data-announcement-bar="{{ config.extra.ghost.base_url }}/"
          data-api-url="{{ config.extra.ghost.base_url }}/members/api/announcement/"
          crossorigin="anonymous">
  </script>
  {% endif %}
  {% if config.extra.context == "production" %}
    <link href="{{ config.extra.ghost.base_url }}/webmentions/receive/" rel="webmention">
    <meta http-equiv="onion-location" content="{{ page.canonical_url | replace("https://www.privacyguides.org", "http://www.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion") }}" />
    {% if config.theme.language == "en" %}
      <script defer src="{{ config.extra.ghost.base_url }}/public/ghost-stats.min.js?v=8037af1487"
              data-stringify-payload="false"
              data-datasource="analytics_events"
              data-storage="localStorage"
              data-host="{{ config.extra.ghost.base_url }}/.ghost/analytics/api/v1/page_hit"
              tb_site_uuid="{{ config.extra.ghost.tb_site_uuid }}"
              tb_post_uuid="undefined"
              tb_post_type="null"
              tb_member_uuid="undefined"
              tb_member_status="undefined">
      </script>
    {% endif %}
  {% endif %}
  {% if page and page.meta and page.meta.schema %}
  <script type="application/ld+json">
  {{ page.meta.schema|tojson }}
  </script>
  {% endif %}
  <script defer src="https://cdn.jsdelivr.net/ghost/portal@2.53.2/umd/portal.min.js"
          data-i18n="true"
          data-ghost="https://www.privacyguides.org/"
          data-key="da9d77deb3e85ee73925167f3a"
          data-api="https://ghost.privacyguides.org/ghost/api/content/"
          data-locale="{{ config.theme.language }}"
          data-members-signin-otc="false"
          crossorigin="anonymous">
  </script>
 {% endblock %}
@@ -1,102 +1,20 @@
 import requests
 import os
 GITHUB_API_URL = "https://api.github.com/graphql"
 GITHUB_TOKEN = os.getenv("GH_TOKEN")
 ORG_NAME = "privacyguides"
 # Fetch members from the API
-members_api_url = "https://discuss.privacyguides.net/g/members/members.json?offset=0&order=added_at&asc=true"
+members_api_url = os.getenv('MEMBERS_API_URL', 'https://ghost.privacyguides.org/cache/members.json')
-headers = {
+members_response = requests.get(members_api_url)
-  "Api-Key": os.getenv("DISCOURSE_API_KEY"),
+members_data = members_response.json()[0]
  "Api-Username": "system"
 }
 members_response = requests.get(members_api_url, headers=headers)
 members_data = members_response.json()
 if 'members' not in members_data:
  raise KeyError("Response JSON does not contain 'members' key")
 members = members_data['members']
 public_members_count = 0
 private_members_count = 0
 html_output = ""
 for member in members:
-  flair_name = member.get('flair_name')
+  username = member['username']
-  title = member.get('title')
+  html_output += f'<a href="{member['url']}" target="_blank" title="@{member['username']}" class="mdx-donors__item"><img loading="lazy" src="{member['avatar']}"></a>'
  if flair_name == "members" or title == "Member":
    username = member['username']
    avatar_template = member['avatar_template']
    avatar_url = f"https://discuss.privacyguides.net{avatar_template.replace('{size}', '128')}"
    profile_url = f"https://discuss.privacyguides.net/u/{username}"
    html_output += f'<a href="{profile_url}" target="_blank" title="@{username}" class="mdx-donors__item"><img loading="lazy" src="{avatar_url}"></a>'
    public_members_count += 1
 # print(html_output)
 query = """
 {
  organization(login: "%s") {
    sponsorshipsAsMaintainer(first: 100) {
      nodes {
        sponsorEntity {
          ... on User {
            login
            avatarUrl
            url
          }
          ... on Organization {
            login
            avatarUrl
            url
          }
        }
        createdAt
      }
    }
  }
 }
 """ % ORG_NAME
 headers = {
    "Authorization": f"Bearer {GITHUB_TOKEN}",
    "Content-Type": "application/json"
 }
 response = requests.post(GITHUB_API_URL, json={'query': query}, headers=headers)
 data = response.json()
 if 'errors' in data:
    raise Exception(f"GraphQL query failed with errors: {data['errors']}")
 if 'data' not in data:
    raise KeyError(f"Response JSON does not contain 'data' key: {data}")
 sponsors = data['data']['organization']['sponsorshipsAsMaintainer']['nodes']
 # Sort sponsors by the date they began their sponsorship
 sponsors.sort(key=lambda x: x['createdAt'])
 for sponsor in sponsors:
    sponsor_entity = sponsor['sponsorEntity']
    login = sponsor_entity['login']
    avatar_url = sponsor_entity['avatarUrl']
    url = sponsor_entity['url']
    html_output += f'<a href="{url}" title="@{login}" rel="ugc nofollow" target="_blank" class="mdx-donors__item"><img loading="lazy" src="{avatar_url}&size=120"></a>'
 # Fetch the number of active members from the Magic Grants API
 magic_grants_url = "https://donate.magicgrants.org/api/active-members?fund=privacyguides"
 magic_grants_response = requests.get(magic_grants_url)
 magic_grants_data = magic_grants_response.json()
 if 'members_count' not in magic_grants_data:
  raise KeyError("Response JSON does not contain 'members_count' key")
 private_members_count += magic_grants_data['members_count']
 private_members_count -= public_members_count
 # Append the count of private members
-if private_members_count > 0:
+if members_data['unaccounted'] > 0:
-  html_output += f'<a href="https://donate.magicgrants.org/privacyguides" class="mdx-donors__item mdx-donors__item--private">+{private_members_count}</a>'
+  html_output += f'<a href="https://donate.magicgrants.org/privacyguides" class="mdx-donors__item mdx-donors__item--private">+{members_data["unaccounted"]}</a>'
 print(html_output)
Author	SHA1	Message	Date
jonah	e041559a64	update!: Add LTeX for VS Code and remove LanguageTool (#3031 )	2025-11-18 21:11:01 +10:30
fria	cb2ea5e18c	update(blog)!: Email Security: Where We Are and What the Future Holds (#3091 ) Signed-off-by: Jonah Aragon <jonah@privacyguides.org>	2025-11-15 16:36:51 -06:00
redoomed1	6fe04d10e7	update: Mention MTE in Google Pixel and GrapheneOS recommendations (#3137 ) Signed-off-by: Jonah Aragon <jonah@privacyguides.org> Signed-off-by: fria <fria@privacyguides.org> Signed-off-by: Daniel Gray <dngray@privacyguides.org>	2025-11-11 05:15:30 +10:30
fria	5dc4a15c2f	update: add Kensington locks to hardware (#3103 ) Signed-off-by: Daniel Gray <dngray@privacyguides.org>	2025-11-11 00:02:02 +10:30
redoomed1	da3a3b59f6	update: Mention official ProxyStore vouchers for Proton Mail & VPN (#3135 ) Signed-off-by: Jonah Aragon <jonah@privacyguides.org> Signed-off-by: fria <fria@privacyguides.org> Signed-off-by: Daniel Gray <dngray@privacyguides.org>	2025-11-10 23:34:50 +10:30
Rahul Sandhu	49d627d740	update: screencopy documentation in Linux Overview (#3144 ) Even on Gnome, a single dbus call allows applications outside of sandboxes to overwrite their permissions in the portal permission store. A sandbox that is supported by portals for identifying apps is also required: otherwise, a malicious app could trivially spoof a name on the bus. Currently, only Flatpak and Snap are subclasses of the XdpAppInfo class, required for xdg-desktop-portal to be able to identify a client. Privileged Wayland protocols are also not an issue. KDE's kwin requires that applications have an entry in a system-installed desktop file[1], meaning that random crap can't simply capture the screen, and Flatpak supports the security-context-v1 protocol, which is used to filter access to these privileged protocols[2]. An example of the dbus call for Gnome: dbus-send --session --print-reply=literal --dest=org.freedesktop.impl.portal.PermissionStore /org/freedesktop/impl/portal/PermissionStore org.freedesktop.impl.portal.PermissionStore.SetPermission string:'screenshot' boolean:true string:'screenshot' string:'' array:string:'yes' [1] https://github.com/KDE/kwin/blob/master/src/wayland_server.cpp#L129-L134 [2] https://github.com/flatpak/flatpak/commit/f0e626a4b60439f211f06d35df74b675a9ef42f4 Signed-off-by: redoomed1 <redoomed1@privacyguides.org> Signed-off-by: Daniel Nathan Gray <dngray@privacyguides.org>	2025-11-10 23:32:40 +10:30
jonah	0cc8ce0beb	fix: Canonical URL for articles index (#3154 ) Signed-off-by: fria <fria@privacyguides.org> Signed-off-by: redoomed1 <redoomed1@privacyguides.org> Signed-off-by: Daniel Gray <dngray@privacyguides.org>	2025-11-09 04:11:20 +10:30
n3thshan	100db6c823	style: Update links to GNOME Evolution's documentation and privacy policy (#3157 ) Signed-off-by: fria <fria@privacyguides.org> Signed-off-by: redoomed1 <redoomed1@privacyguides.org> Signed-off-by: Daniel Gray <dngray@privacyguides.org>	2025-11-09 04:06:05 +10:30
redoomed1	f0cc351c6b	update: Remove outdated status of Proton Calendar source code (#3163 ) - Replace Proton Drive link to link with highlight to eliminate confusion - Add direct link to Proton Calendar Android letter of attestation Signed-off-by: fria <fria@privacyguides.org> Signed-off-by: Mare Polaris <ph00lt0@privacyguides.org> Signed-off-by: Daniel Gray <dngray@privacyguides.org>	2025-11-09 01:45:51 +10:30
fria	330ec3a4e1	update: Remove Mullvad Leta (#3165 ) Signed-off-by: Mare Polaris <ph00lt0@privacyguides.org> Signed-off-by: Jordan Warne <contact@jordanwarne.net> Signed-off-by: redoomed1 <redoomed1@privacyguides.org> Signed-off-by: Daniel Gray <dngray@privacyguides.org>	2025-11-09 01:29:38 +10:30
redoomed1	fff721a748	style: Replace Element Classic download links with Element X links (#3158 ) Signed-off-by: fria <fria@privacyguides.org> Signed-off-by: Daniel Gray <dngray@privacyguides.org>	2025-11-09 01:24:36 +10:30
Triple I - Triple T	441c4155ba	update: vpn server counts, Mullvad openvpn depreciation (#3161 ) Signed-off-by: fria <fria@privacyguides.org> Signed-off-by: Daniel Gray <dngray@privacyguides.org>	2025-11-09 01:02:06 +10:30
redoomed1	23f873ac33	update: Mention Oct 2025 audit of Ente's server infrastructure (#3164 ) Signed-off-by: redoomed1 <redoomed1@privacyguides.org>	2025-11-05 15:42:16 +01:00
jonah	be042fe060	docs: Enable funding.json support	2025-10-27 23:32:47 -05:00
redoomed1	6c40408f36	update!: Remove DNS0.eu (#3153 ) Signed-off-by: Jonah Aragon <jonah@privacyguides.org> Signed-off-by: Mare Polaris <ph00lt0@privacyguides.org>	2025-10-17 13:53:28 -05:00
redoomed1	0596b57099	style: Refine Peergos description added in #3127 (#3136 ) Signed-off-by: fria <fria@privacyguides.org> Signed-off-by: Freddy <freddy@privacyguides.org> Signed-off-by: Jonah Aragon <jonah@privacyguides.org>	2025-10-16 14:08:04 -05:00
Justin Ehrenhofer	60e2e901d3	style(blog): Lightweight Wallet -> Light-Wallet (#3145 ) Signed-off-by: fria <fria@privacyguides.org> Signed-off-by: redoomed1 <redoomed1@privacyguides.org> Signed-off-by: Jonah Aragon <jonah@privacyguides.org>	2025-10-16 14:07:20 -05:00
Overwatch	eda031ee4a	style: Add Flatpak link for SimpleX Chat (#3147 ) Signed-off-by: fria <fria@privacyguides.org> Signed-off-by: redoomed1 <redoomed1@privacyguides.org>	2025-10-16 14:04:29 -05:00
aglovewithoutlove	5ad16d7aea	style: Replace mat2 GitLab links with GitHub links (#3148 ) Signed-off-by: fria <fria@privacyguides.org> Co-authored-by: redoomed1 <redoomed1@privacyguides.org>	2025-10-16 14:03:51 -05:00
jonah	d4f8d68610	build: Use Ghost articles landing page (#3151 )	2025-10-16 11:46:17 -07:00
Em	d2dccb6481	update(blog)!: Real-Name Policies The War Against Pseudonymity (#3149 ) Co-authored-by: Jordan Warne <jordan@privacyguides.org> Co-authored-by: Jonah Aragon <jonah@privacyguides.org>	2025-10-14 22:45:32 -05:00
fria	4198b8d3a5	update(blog)!: Privacy-Enhancing Technologies: Differential Privacy (#3068 ) Signed-off-by: Jonah Aragon <jonah@privacyguides.org>	2025-09-30 11:27:09 -05:00
Em	5dedaa7a13	fix(blog): Shorten meta descriptions under 300 characters (#3138 ) Signed-off-by: Jonah Aragon <jonah@privacyguides.org>	2025-09-24 23:09:21 -05:00
jonah	ab2199e9ca	docs: Update privacy policy	2025-09-24 23:07:18 -05:00
fria	78726b4c4a	update: macOS Overview for macOS 26 (#3132 ) Signed-off-by: redoomed1 <redoomed1@privacyguides.org> Signed-off-by: Jonah Aragon <jonah@privacyguides.org> Signed-off-by: Jordan Warne <jordan@privacyguides.org>	2025-09-20 17:26:16 -05:00
efb4f5ff-1298-471a-8973-3d47447115dc	f45720b1be	update: Brave v8-optimizer path to setting (#3131 ) Signed-off-by: redoomed1 <redoomed1@privacyguides.org> Signed-off-by: Daniel Gray <dngray@privacyguides.org>	2025-09-20 09:11:10 -05:00
jonah	a20561f516	feat: Generate member list (#3133 ) Signed-off-by: Daniel Gray <dngray@privacyguides.org> Signed-off-by: Niek de Wilde <niek@privacyguides.org>	2025-09-20 09:09:44 -05:00
jonah	8dd1bade3d	docs: Link to Facebook profile (#3134 ) Signed-off-by: Freddy <freddy@privacyguides.org> Signed-off-by: Daniel Gray <dngray@privacyguides.org>	2025-09-19 23:00:47 -05:00
jonah	14aac5dbdd	update(blog)!: The Fight for Privacy After Death (#3128 ) https://discuss.privacyguides.net/t/article-pitch/29302/6	2025-09-16 12:58:44 -05:00
redoomed1	a7a05a8dd4	style: Fix formatting of Security Keys page and rewrite sections (#3126 ) Signed-off-by: fria <fria@privacyguides.org> Signed-off-by: Daniel Gray <dngray@privacyguides.org>	2025-09-17 02:03:11 +09:30
Dr Ian Preston	373bb1920d	update: Mention Peergos desktop and android apps and sync (#3127 ) Signed-off-by: fria <fria@privacyguides.org> Signed-off-by: Daniel Gray <dngray@privacyguides.org>	2025-09-17 01:59:11 +09:30
jonah	7d3d849474	update(blog): Upload "Mental Poker Animation"	2025-09-15 12:33:36 -05:00
fria	16b3e5e16f	update(blog)!: Multi-Party Computation (#3039 ) Signed-off-by: Jonah Aragon <jonah@privacyguides.org>	2025-09-15 12:25:27 -05:00
Em	2dd653b12f	update(blog): After 2025-09-12 Update for Chat Control article (#3114 ) Signed-off-by: Jonah Aragon <jonah@privacyguides.org>	2025-09-15 11:29:12 -05:00
redoomed1	8089e6483e	update!: Add Self-Hosting File Mgmt page and move appropriate tools there (#3118 ) Signed-off-by: Niek de Wilde <niek@privacyguides.org> Signed-off-by: Daniel Gray <dngray@privacyguides.org>	2025-09-14 22:34:58 +09:30
jonah	2f95961b9e	feat: Add sitewide announcements bar (#3121 ) Signed-off-by: Niek de Wilde <niek@privacyguides.org> Signed-off-by: redoomed1 <redoomed1@privacyguides.org>	2025-09-13 21:31:59 -05:00
redoomed1	008d01db23	style: New mailbox.org logo and product name (#3122 ) Signed-off-by: Niek de Wilde <niek@privacyguides.org> Co-authored-by: Jonah Aragon <jonah@privacyguides.org>	2025-09-14 02:26:51 +00:00
jonah	ee51ff205b	feat: Track page views in Ghost (#3123 )	2025-09-13 21:02:05 -05:00
jonah	f616c94bd6	feat: Add newsletter subscription buttons (#3124 )	2025-09-13 20:25:03 -05:00
William W.	c2a904f2c2	style: Fixed Typos And Clarified Wording in README (#3100 ) Signed-off-by: Daniel Gray <dngray@privacyguides.org>	2025-09-13 14:59:39 +09:30
jonah	c718483844	feat!: Enable zh-TW language (#3119 ) Signed-off-by: blacklight447 <niek@privacyguides.org> Signed-off-by: Daniel Gray <dngray@privacyguides.org>	2025-09-13 14:57:04 +09:30
jonah	9b47e749d5	ci: Disable Netlify releases (#3120 ) Signed-off-by: Daniel Gray <dngray@privacyguides.org>	2025-09-13 14:55:11 +09:30
fria	999c805c4d	update: Remove outdated MAC randomization article. Provide instructions on page (#3085 ) Signed-off-by: Daniel Gray <dngray@privacyguides.org> Signed-off-by: redoomed1 <redoomed1@privacyguides.org>	2025-09-13 12:57:18 +09:30
jonah	047ef27590	update!: Add LibreTranslate (#3032 ) Signed-off-by: Daniel Gray <dngray@privacyguides.org>	2025-09-12 18:16:22 +09:30
rollsicecream	47f4ca1979	update!: Add KeePassium (#3048 ) Signed-off-by: redoomed1 <redoomed1@privacyguides.org> Signed-off-by: Daniel Gray <dngray@privacyguides.org>	2025-09-12 18:10:02 +09:30
fria	dc6f326f96	update: Add download links for uBO Lite on Safari and Edge (#3087 ) Signed-off-by: redoomed1 <redoomed1@privacyguides.org> Signed-off-by: Daniel Gray <dngray@privacyguides.org>	2025-09-12 16:41:16 +09:30
		`@@ -1 +0,0 @@`
			<svg xmlns="http://www.w3.org/2000/svg" width="384" height="128" version="1.1" viewBox="0 0 101.6 33.867"><g stroke-width=".068"><g fill="#f3a628"><path d="m-5.0944e-4 11.111c0-0.2299 0.17581-0.43276 0.43277-0.43276h0.52066c0.2299 0 0.43276 0.1961 0.43276 0.43276v5.0647l5.5853-5.3149c0.07443-0.08791 0.2299-0.17581 0.3381-0.17581h0.87904c0.32458 0 0.50039 0.35838 0.21638 0.62886l-5.653 5.2811 5.9234 6.0654c0.12847 0.12848 0.08794 0.55448-0.30428 0.55448h-0.91285c-0.12849 0-0.28401-0.07438-0.32458-0.12848l-5.7476-5.9978v5.6935c0 0.2299-0.1961 0.43276-0.43276 0.43276h-0.52066c-0.25019 0-0.43277-0.1961-0.43277-0.43276z" class="st0"/><path d="m25.106 11.017c0-0.17581 0.142-0.3381 0.3381-0.3381h0.69647c0.17581 0 0.3381 0.16229 0.3381 0.3381v10.988h5.1526c0.1961 0 0.3381 0.16229 0.3381 0.3381v0.52067c0 0.17581-0.142 0.3381-0.3381 0.3381h-6.1939c-0.19609 0-0.3381-0.16229-0.3381-0.3381v-11.847z" class="st0"/><path d="m32.734 22.742 5.4433-12.043c0.05405-0.1082 0.142-0.1961 0.30428-0.1961h0.17581c0.16229 0 0.25018 0.08791 0.30428 0.1961l5.4028 12.043c0.10821 0.22991-0.03378 0.46657-0.30428 0.46657h-0.71676c-0.16229 0-0.27047-0.10818-0.30428-0.1961l-1.3253-2.955h-6.3494l-1.3051 2.955c-0.03378 0.0879-0.142 0.1961-0.30428 0.1961h-0.71676c-0.27047 0-0.41248-0.23667-0.30428-0.46657zm8.4997-3.7934c-0.87905-1.9474-1.7378-3.9219-2.6101-5.8693h-0.142l-2.6101 5.8693z" class="st0"/><path d="m46.312 11.017c0-0.17581 0.142-0.3381 0.33809-0.3381h3.9219c2.1841 0 3.6717 1.4132 3.6717 3.2931 0 1.3794-0.91286 2.3802-1.7513 2.8603 0.94667 0.39219 2.1503 1.2712 2.1503 2.9144 0 2.0015-1.5958 3.4553-3.9016 3.4553h-4.0774c-0.1961 0-0.3381-0.16229-0.3381-0.3381v-11.847zm4.5643 10.988c1.305 0 2.2517-0.98724 2.2517-2.272 0-1.2712-1.163-2.2044-2.556-2.2044h-2.955v4.4764zm-0.3043-5.7071c1.3794 0 2.1503-0.98724 2.1503-2.2382 0-1.2915-0.77086-2.1503-2.1503-2.1503h-2.9144v4.3817h2.9144z" class="st0"/></g><g fill="#e8e8e8"><path d="m59.437 10.821c0-0.17581 0.16229-0.32457 0.3381-0.32457h0.44629l8.0737 10.055h0.03381v-9.5343c0-0.17581 0.142-0.3381 0.3381-0.3381h0.62886c0.17581 0 0.3381 0.16229 0.3381 0.3381v12.043c0 0.17581-0.16229 0.32457-0.3381 0.32457h-0.32457l-8.209-10.251h-0.02027v9.7372c0 0.17581-0.142 0.3381-0.3381 0.3381h-0.62886c-0.1758 0-0.33809-0.16228-0.33809-0.3381z" class="st1"/><path d="m78.803 10.503c3.5771 0 6.4441 2.8806 6.4441 6.4576s-2.8603 6.4238-6.4441 6.4238-6.4238-2.8468-6.4238-6.4238c0-3.5771 2.84-6.4576 6.4238-6.4576zm0 11.63c2.8468 0 5.1864-2.3261 5.1864-5.1729s-2.3464-5.2067-5.1864-5.2067-5.1729 2.3599-5.1729 5.2067 2.3261 5.1729 5.1729 5.1729z" class="st1"/><path d="m86.748 11.111c-0.07438-0.25019 0.07438-0.43276 0.32457-0.43276h0.75057c0.142 0 0.284 0.12848 0.32457 0.25019l2.4884 9.2706h0.07438l2.9888-9.5005c0.0338-0.1082 0.142-0.1961 0.30429-0.1961h0.32457c0.142 0 0.27048 0.08791 0.30429 0.1961l3.0429 9.5005h0.0744l2.4343-9.2706c0.0338-0.12848 0.17581-0.25019 0.32457-0.25019h0.75057c0.25019 0 0.3922 0.17581 0.32457 0.43276l-3.3809 12.023c-0.0338 0.142-0.17581 0.25019-0.32457 0.25019h-0.284c-0.12848 0-0.25019-0.08791-0.30429-0.1961l-3.097-9.6831h-0.0879l-3.0429 9.6831c-0.05409 0.10818-0.17581 0.1961-0.30428 0.1961h-0.284c-0.142 0-0.284-0.1082-0.32457-0.25019z" class="st1"/></g><path fill="#f3a628" d="m17.391 23.121c-0.27047 0-0.52066-0.18257-0.58828-0.45981-0.08119-0.32457 0.11496-0.6559 0.44628-0.73705 2.3126-0.57476 3.9287-2.6507 3.9287-5.0309 0-2.8603-2.3261-5.1864-5.1864-5.1864s-5.1864 2.3261-5.1864 5.1864c0 2.387 1.6161 4.4561 3.9287 5.0309 0.32458 0.08114 0.52743 0.41248 0.44629 0.73705-0.08118 0.32457-0.41248 0.52743-0.73705 0.44629-2.8535-0.71-4.8483-3.2728-4.8483-6.2142 0-3.5297 2.8738-6.4103 6.4103-6.4103s6.4103 2.8738 6.4103 6.4103c0 2.9482-1.9948 5.5042-4.8483 6.2142-0.07443 0.0068-0.12172 0.01352-0.17581 0.01352z" class="st0"/></g></svg>
		`@@ -1 +0,0 @@`
			`<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 86 78"><path fill="#76BC21" fill-rule="nonzero" d="M52.597 44.165 85.369 21.72V0H7.923S-.003 0-.003 7.924v.217l52.6 36.024ZM7.923 77.151h77.446V33.243L54.677 54.168c-2.183 1.487-4.358-.01-4.358-.01L-.003 19.539v49.69s0 7.923 7.926 7.923"/></svg>`
		`@@ -1 +0,0 @@`
			<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><g stroke-width=".39547"><path d="m4.8224 4.1176h3.2876a2.4717 2.4717 0 0 1 2.4717 2.4717v9.5902h6.4264v3.4604h-7.4151a2.4717 2.4717 0 0 1-2.4717-2.4717v-9.5902h-2.2989zm25.137 2.4717v2.5706h-3.4604v-1.5819h-2.7193v12.062h-3.4604v-12.062h-2.7185v1.5819h-3.4604v-2.5706a2.4717 2.4717 0 0 1 2.4717-2.4717h10.876a2.4717 2.4717 0 0 1 2.4717 2.4717z" clip-rule="evenodd" fill="#fff" fill-rule="evenodd"/><path d="m3.2184 28.921-3.2184-2.2985c0.94518-1.3236 1.9208-2.3475 2.9471-3.0661 1.1405-0.79807 2.3523-1.2224 3.6055-1.2224 1.1635 0 2.1711 0.28236 3.072 0.8226a6.969 6.969 0 0 1 1.0342 0.76722c0.23253 0.20485 0.39903 0.3662 0.7522 0.71976 0.53587 0.53546 0.75852 0.73202 1.0251 0.89178 0.28909 0.17362 0.5944 0.25905 1.0373 0.25905 0.44333 0 0.74982-0.0858 1.0405-0.25982 0.26773-0.16017 0.49236-0.35791 1.0282-0.89259l0.0045-0.0045c0.35197-0.35118 0.51926-0.51333 0.75219-0.71858a6.975 6.975 0 0 1 1.0322-0.76445c0.89892-0.53863 1.9038-0.82022 3.0629-0.82022 1.1591 0 2.164 0.28159 3.0625 0.82022 0.36264 0.21751 0.69604 0.46784 1.0326 0.76445 0.23294 0.20485 0.40061 0.3674 0.7522 0.71858l0.0045 0.0045c0.53548 0.53468 0.7601 0.73242 1.0278 0.89259 0.29068 0.174 0.59716 0.25982 1.0405 0.25982 0.39468 0 0.83049-0.15265 1.3379-0.5078 0.62169-0.43502 1.294-1.1413 1.9964-2.1245l3.2184 2.2985c-0.94558 1.3236-1.9208 2.3475-2.9471 3.0661-1.1405 0.79807-2.3523 1.2224-3.6055 1.2224-1.1631 0-2.1712-0.28198-3.0724-0.82179a6.971 6.971 0 0 1-1.0358-0.76644c-0.23332-0.20525-0.4014-0.36779-0.75417-0.71976l-0.0045-0.0045c-0.53428-0.5331-0.75813-0.73043-1.0243-0.88981-0.28791-0.17282-0.59084-0.25745-1.0294-0.25745-0.43859 0-0.74152 0.0846-1.0294 0.25745-0.26616 0.15938-0.48999 0.35671-1.0243 0.88981l-0.0045 0.0045c-0.35276 0.35197-0.52084 0.51451-0.75417 0.71976-0.33813 0.2974-0.6723 0.54892-1.0361 0.76644-0.90089 0.53981-1.9086 0.82179-3.072 0.82179-1.1635 0-2.1711-0.28236-3.072-0.82258a6.9837 6.9837 0 0 1-1.0342-0.76683c-0.23293-0.20525-0.39903-0.36661-0.75258-0.71976-0.53548-0.53587-0.75813-0.73242-1.0247-0.89219-0.28909-0.17361-0.5944-0.25903-1.0373-0.25903-0.39468 0-0.83049 0.15264-1.3379 0.50778-0.62169 0.43502-1.294 1.1413-1.9964 2.1245z" fill="#45a1fc"/></g></svg>
		`@@ -0,0 +1,2 @@`
							`<?xml version="1.0" encoding="UTF-8"?>`
							<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><rect x="6.156e-7" y="2.285e-7" width="33.867" height="33.867" rx="6.0866" fill="#fff" style="paint-order:stroke markers fill"/><g transform="matrix(.50794 0 0 .50794 -.26878 -.26879)" fill="none"><g id="content" transform="matrix(.64219 0 0 -.64219 -289.95 303.69)" fill-rule="evenodd" stroke="#000" stroke-miterlimit="10.433" stroke-width="0" xml:space="preserve"><polygon points="460 437.34 460.85 436.64 460.85 409.18 460 408.5 456.86 408.25 456.86 406.2 480.72 406.2 480.72 415.26 478.14 415.26 477.29 409.29 476.6 408.5 465.33 408.5 465.33 436.64 466.18 437.34 469.02 437.64 469.02 439.64 456.86 439.64 456.86 437.64" fill="#55f"/><polygon points="485.73 406.2 498.73 406.2 498.73 408.25 495.39 408.5 494.5 409.18 494.5 437.34 502.17 437.34 502.88 436.59 503.56 431.95 506.31 431.95 506.31 439.64 478.16 439.64 478.16 431.95 480.89 431.95 481.59 436.59 482.3 437.34 489.97 437.34 489.97 409.18 489.06 408.5 485.73 408.25" fill="#55f"/><polygon points="520.85 424.59 521.56 420.36 524.35 420.36 524.35 427.64 500.48 427.64 500.48 425.64 503.32 425.34 504.17 424.64 504.17 397.18 503.32 396.5 500.48 396.25 500.48 394.2 526.14 394.2 526.14 402.32 523.56 402.32 522.7 397.29 522.01 396.5 508.65 396.5 508.65 410.43 516.82 410.43 517.53 409.7 518.03 406.11 520.35 406.11 520.35 417.07 518.03 417.07 517.53 413.43 516.82 412.73 508.65 412.73 508.65 425.34 520.17 425.34" fill="#000"/><polygon points="551.62 408.25 548.23 408.84 538.56 424.14 547.69 437.14 550.88 437.64 550.88 439.64 540.72 439.64 540.72 437.64 543.59 437.18 544.05 436.54 536.97 426.48 530.45 436.75 530.84 437.34 533.84 437.64 533.84 439.64 521.83 439.64 521.83 437.64 525.12 437 534.14 422.89 524.12 408.89 520.83 408.25 520.83 406.2 531.44 406.2 531.44 408.25 528.11 408.54 527.81 409.43 535.67 420.59 542.7 409.29 542.36 408.59 539.02 408.25 539.02 406.2 551.62 406.2" fill="#000"/></g><g stroke="#55f" stroke-linecap="round" stroke-linejoin="bevel" stroke-width="1.5875"><path d="m4.1031 46.928h3.8701"/><path d="m11.597 46.928h3.8701"/><path d="m19.09 46.928h3.8701"/><path d="m26.584 46.928h3.8701"/></g></g></svg>