style: Replace Element Classic download links with Element X links

Signed-off-by: redoomed1 <redoomed1@privacyguides.org>

.github/workflows/build-blog.yml

@@ -90,7 +90,7 @@ jobs:
             echo "MAIN_SITE_ABOUT_URL=https://www.privacyguides.org/en/about/"
             echo "MAIN_SITE_RECOMMENDATIONS_URL=https://www.privacyguides.org/en/tools/"
             echo "MAIN_SITE_KNOWLEDGE_BASE_URL=https://www.privacyguides.org/en/basics/why-privacy-matters/"
-            echo "ARTICLES_SITE_BASE_URL=https://www.privacyguides.org/articles/"
+            echo "ARTICLES_SITE_BASE_URL=https://www.privacyguides.org/posts/tag/articles/"
             echo "VIDEOS_SITE_BASE_URL=https://www.privacyguides.org/videos/"
           } >> "$GITHUB_ENV"
 

.github/workflows/build-pr.yml

@@ -72,8 +72,6 @@ jobs:
       continue-on-error: false
       privileged: ${{ fromJSON(needs.metadata.outputs.privileged) }}
       strict: true
-    secrets:
-      RO_DISCOURSE_API_KEY: ${{ secrets.RO_DISCOURSE_API_KEY }}
 
   build_i18n:
     if: ${{ contains(github.event.pull_request.labels.*.name, 'ci:build i18n') }}
@@ -108,8 +106,6 @@ jobs:
     with:
       ref: ${{github.event.pull_request.head.ref}}
       repo: ${{github.event.pull_request.head.repo.full_name}}
-    secrets:
-      RO_DISCOURSE_API_KEY: ${{ secrets.RO_DISCOURSE_API_KEY }}
 
   combine_build:
     needs: [build_english, build_i18n, build_blog]

.github/workflows/build-zimfile.yml

@@ -9,9 +9,6 @@ on:
       repo:
         required: true
         type: string
-    secrets:
-      RO_DISCOURSE_API_KEY:
-        required: false
 
 permissions:
   contents: read
@@ -82,8 +79,6 @@ jobs:
 
       - name: Generate Donating Members List
         continue-on-error: true
-        env:
-          DISCOURSE_API_KEY: ${{ secrets.RO_DISCOURSE_API_KEY }}
         run: |
           pip install requests
           python tools/generate-members.py > includes/members.md
@@ -178,7 +173,7 @@ jobs:
 
     env:
       LANGUAGE_SWITCHER: false
-      ARTICLES_SITE_BASE_URL: https://www.privacyguides.org/articles/
+      ARTICLES_SITE_BASE_URL: https://www.privacyguides.org/posts/tag/articles/
 
     steps:
       - name: Add GitHub Token to Environment
@@ -222,8 +217,6 @@ jobs:
 
       - name: Generate Donating Members List
         continue-on-error: true
-        env:
-          DISCOURSE_API_KEY: ${{ secrets.RO_DISCOURSE_API_KEY }}
         run: |
           pip install requests
           python tools/generate-members.py > includes/members.md
@@ -471,8 +464,6 @@ jobs:
 
       - name: Generate Donating Members List
         continue-on-error: true
-        env:
-          DISCOURSE_API_KEY: ${{ secrets.RO_DISCOURSE_API_KEY }}
         run: |
           pip install requests
           python tools/generate-members.py > includes/members.md

.github/workflows/build.yml

@@ -30,9 +30,6 @@ on:
       cache:
         type: boolean
         default: true
-    secrets:
-      RO_DISCOURSE_API_KEY:
-        required: false
 
 permissions:
   contents: read
@@ -65,7 +62,7 @@ jobs:
             echo "MAIN_SITE_ABOUT_URL=https://www.privacyguides.org/en/about/"
             echo "MAIN_SITE_RECOMMENDATIONS_URL=https://www.privacyguides.org/en/tools/"
             echo "MAIN_SITE_KNOWLEDGE_BASE_URL=https://www.privacyguides.org/en/basics/why-privacy-matters/"
-            echo "ARTICLES_SITE_BASE_URL=https://www.privacyguides.org/articles/"
+            echo "ARTICLES_SITE_BASE_URL=https://www.privacyguides.org/posts/tag/articles/"
             echo "VIDEOS_SITE_BASE_URL=https://www.privacyguides.org/videos/"
           } >> "$GITHUB_ENV"
 
@@ -176,8 +173,6 @@ jobs:
 
       - name: Generate Donating Members List
         continue-on-error: true
-        env:
-          DISCOURSE_API_KEY: ${{ secrets.RO_DISCOURSE_API_KEY }}
         run: |
           pip install requests
           python tools/generate-members.py > includes/members.md

.github/workflows/publish-release.yml

@@ -63,8 +63,6 @@ jobs:
       context: production
       continue-on-error: false
       cache: false
-    secrets:
-      RO_DISCOURSE_API_KEY: ${{ secrets.RO_DISCOURSE_API_KEY }}
 
   build_blog:
     needs: submodule
@@ -85,8 +83,6 @@ jobs:
     with:
       repo: ${{ github.repository }}
       ref: ${{ github.ref }}
-    secrets:
-      RO_DISCOURSE_API_KEY: ${{ secrets.RO_DISCOURSE_API_KEY }}
 
   release:
     name: Create release notes

.vscode/ltex.dictionary.en-US.txt

@@ -569,3 +569,4 @@ MyMonero
 Monero-LWS
 OkCupid
 Anom
+misgendering

blog/.authors.yml

@@ -86,6 +86,10 @@ authors:
     mastodon:
       username: blacklight447
       instance: mastodon.social
+  ptrmdn:
+    name: Peter Marsden
+    description: Guest Contributor
+    avatar: https://forum-cdn.privacyguides.net/user_avatar/discuss.privacyguides.net/ptrmdn/288/14291_2.png
   sam-howell:
     name: Sam Howell
     description: Guest Contributor

blog/posts/age-verification-wants-your-face.md

@@ -5,7 +5,7 @@ categories:
     - News
 authors:
     - em
-description: Age verification laws and propositions forcing platforms to restrict content accessed by children and teens have been multiplying in recent years. The problem is, implementing such measure necessarily requires identifying each user accessing this content, one way or another. This is bad news for your privacy.
+description: Age verification laws forcing platforms to restrict access to content online have been multiplying in recent years. The problem is, implementing such measure necessarily requires identifying each user accessing this content, one way or another. This is bad news for your privacy.
 schema_type: AnalysisNewsArticle
 preview:
   cover: blog/assets/images/age-verification-wants-your-face/ageverification-cover.webp

blog/posts/chat-control-must-be-stopped.md

@@ -1,12 +1,13 @@
 ---
 date:
     created: 2025-09-08T18:00:00Z
+    updated: 2025-09-15T16:30:00Z
 categories:
     - News
 authors:
     - em
 description:
-    Chat Control is back to undermine everyone's privacy. There's an important deadline this Friday on September 12th. We must act now to stop it!
+    Chat Control is back to undermine everyone's privacy. There's an important deadline on October 14th, 2025. We must act now to stop it!
 schema_type: ReportageNewsArticle
 preview:
   cover: blog/assets/images/chat-control-must-be-stopped/chatcontrol-cover.webp
@@ -18,7 +19,7 @@ preview:
 
 <small aria-hidden="true">Illustration: Em / Privacy Guides | Photo: Ramaz Bluashvili / Pexels</small>
 
-If you've heard of [Chat Control](the-future-of-privacy.md) already, bad news: **it's back**. If you haven't, this is a pressing issue you should urgently learn more about if you value privacy, democracy, and human rights. This is happening **this week**, and **we must act to stop it right now**.<!-- more -->
+If you've heard of [Chat Control](the-future-of-privacy.md) already, bad news: **it's back**. If you haven't, this is a pressing issue you should urgently learn more about if you value privacy, democracy, and human rights. This is happening **right now**, and **we must act to stop it right now**.<!-- more -->
 
 Take a minute to visualize this: Every morning you wake up with a police officer entering your home to inspect it, and staying with you all day long.
 
@@ -32,7 +33,16 @@ This is an Orwellian nightmare.
 
 ## Act now!
 
-This is happening **this week**. European governments will be finalizing their positions on the regulation proposal on **Friday, September 12th, 2025**.
+This is happening **right now**. European governments will be finalizing their positions on the regulation proposal on September 12th, and there will be a final vote on **October 14th, 2025**.
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Important: If you are reading this article after September 12th</p>
+
+Regardless of the outcome on September 12th, the fight isn't over. The next deadline will be the **final vote on October 14th, 2025**.
+
+If you've missed September 12th, make sure to contact your representatives **right now** to tell them to **oppose Chat Control** on October 14th.
+
+</div>
 
 - ==If you are not located in Europe==: Keep reading, this will affect you too.
 
@@ -41,11 +51,11 @@ This is happening **this week**. European governments will be finalizing their p
 - If you are located in Europe: You must **act now** to stop it.
 
 <div class="admonition question" markdown>
-<p class="admonition-title">How to stop this? Contact your MEPs before September 12th</p>
+<p class="admonition-title">How to stop this? Contact your MEPs today</p>
 
-Use this [**website**](https://fightchatcontrol.eu/) to easily contact your government representatives before September 12th, and tell them they should **oppose Chat Control**. Even if your country already opposes Chat Control, contact your representatives to tell them you are relieved they oppose, and support them in this decision to protect human rights. This will help reinforce their position.
+Use this [**website**](https://fightchatcontrol.eu/) to easily contact your government representatives, and tell them they should **oppose Chat Control**. Even if your country already opposes Chat Control, contact your representatives to tell them you are relieved they oppose, and support them in this decision to protect human rights. This will help reinforce their position.
 
-But if your country *supports* Chat Control, or is *undecided*, **it is vital that you contact your representatives before this deadline**. To support your point, you can share this article with them or one of the many great [resources](#resources-to-learn-more-and-fight-for-human-rights) listed at the end.
+But if your country *supports* Chat Control, or is *undecided*, **it is vital that you contact your representatives as soon as possible**. To support your point, you can share this article with them or one of the many great [resources](#resources-to-learn-more-and-fight-for-human-rights) listed at the end.
 
 At the time of this writing, the list of countries to contact is:
 
@@ -144,11 +154,11 @@ There are many things we can do as a society to increase protections for childre
 
 ### Mislabelling children as criminals
 
-First, this automated system is flawed in many ways, and the false-positive rate would likely be high. But let's imagine that, magically, the system could flag CSAM at an accuracy rate of 99%. This still means 1% of reports would be false. Expanded to the size of Europe Union's population of approximately 450 million people, exchanging likely billions of messages and files every day, this still means millions could be falsely tagged as sexual predators, with all the [consequences](https://www.republik.ch/2022/12/08/die-dunklen-schatten-der-chatkontrolle) this implies.
+First, this automated system is flawed in many ways, and the false-positive rate would likely be high. But let's imagine that, magically, the system could flag CSAM at an accuracy rate of 99%. This still means 1% of reports would be false. Expanded to the size of European Union's population of approximately 450 million people, exchanging likely billions of messages and files every day, this still means millions could be falsely tagged as sexual predators, with all the [consequences](https://www.republik.ch/2022/12/08/die-dunklen-schatten-der-chatkontrolle) this implies.
 
 Worse, the Swiss federal police reported that currently about 80% of all automated reports received were [false-positives](https://www.patrick-breyer.de/en/posts/chat-control/#WhatYouCanDo). This means in reality, the error rate is likely far higher than 1%, and actually closer to an **80% error rate**. Of the approximate 20% of positive reports, in Germany, over 40% of investigations initiated [targeted children](https://www.polizei-beratung.de/aktuelles/detailansicht/straftat-verbreitung-kinderpornografie-pks-2022/) themselves.
 
-Sometimes, flagged content is simply teenagers innocently sexting each other consensually. Not only would they be wrongly tagged as criminals under Chat Control, but they'd be triggering an investigation that would expose their intimate photos to others.
+Sometimes, flagged content is simply teenagers innocently sexting each other consensually. Not only would they be wrongly tagged as criminals under Chat Control, but they'd be triggering an investigation that would expose their intimate photos to some faceless officers or tech employees working on the system.
 
 Even in a magical world where Chat Control AI is 99% accurate, it would still wrongly tag and **expose sensitive data from millions of children**. In reality, no AI system is even remotely close to this accuracy level, and proprietary algorithms are usually opaque black boxes impossible to audit transparently. The number of children Chat Control would harm, and likely traumatize for life, would be disastrous.
 
@@ -243,7 +253,7 @@ Even if the landscape seems dismal, **the battle isn't over**. There are many th
 
 ### For Europeans, specifically
 
-- Contact your country representatives **TODAY**. Contact them before this Friday, September 12th, 2025. The group Fight Chat Control has put together an [**easy tool**](https://fightchatcontrol.eu/#contact-tool) making this quick with only a few clicks.
+- Contact your country representatives **TODAY**. The group Fight Chat Control has put together an [**easy tool**](https://fightchatcontrol.eu/#contact-tool) making this quick with only a few clicks.
 
 - After September 12th, the battle isn't over. Although governments will finalize their positions on that day, the final vote happens on **October 14th, 2025**. If you missed the September 12th deadline, keep contacting your representatives anyway.
 
@@ -251,7 +261,7 @@ Even if the landscape seems dismal, **the battle isn't over**. There are many th
 
 ### For Everyone, including Europeans
 
-- Talk about Chat Control on social media often, especially this week. Make noise online. Use the hashtags #ChatControl and #StopScanningMe to help others learn more about the opposition movement.
+- Talk about Chat Control on social media often, especially this month. Make noise online. Use the hashtags #ChatControl and #StopScanningMe to help others learn more about the opposition movement.
 
 - Share informative [videos and memes](#resources-to-learn-more-and-fight-for-human-rights) about Chat Control. Spread the word in various forms.
 
@@ -296,13 +306,8 @@ We need your help to fight this. For democracy, for privacy, and for all other h
 
 - [Follow **Fight Chat Control** on Mastodon for updates](https://mastodon.social/@chatcontrol)
 
-<div class="admonition warning" markdown>
-<p class="admonition-title">Important Note: If you are reading this article after September 12th</p>
+---
 
-Regardless of the outcome on Friday, the fight isn't over after September 12th. The next deadline will be the **final vote on October 14th, 2025**.
+**Update (9/15):** Added modifications related to the second important deadline for action, on October 14th.
 
-If you've missed September 12th, make sure to contact your representatives **right now** to tell them to **oppose Chat Control** on October 14th.
-
-</div>
-
-Update (9/8): Added clarification about what Chat Control is for readers unfamiliar with it.
+**Update (9/8):** Added clarification about what Chat Control is for readers unfamiliar with it.

blog/posts/cryptpad-review.md

@@ -9,7 +9,7 @@ categories:
     - Reviews
 authors:
     - em
-description: "If you have been looking for a privacy-respectful replacement to Google Docs, now is the time to switch to the end-to-end encrypted office suite CryptPad."
+description: If you've been looking for a privacy-respectful replacement to Google Docs, now is the time to switch to the end-to-end encrypted office suite CryptPad.
 preview:
   logo: theme/assets/img/document-collaboration/cryptpad.svg
 review:

blog/posts/differential-privacy.md

@@ -0,0 +1,250 @@
+---
+date:
+    created: 2025-09-30T16:30:00Z
+categories:
+    - Explainers
+authors:
+    - fria
+tags:
+    - Privacy Enhancing Technologies
+schema_type: BackgroundNewsArticle
+description: Differential privacy is a mathematically rigorous framework for adding a controlled amount of noise to a dataset so that no individual can be reidentified. Learn how this technology is being implemented to protect you.
+preview:
+  cover: blog/assets/images/differential-privacy/cover.webp
+---
+# What is Differential Privacy?
+
+!["Differential Privacy" text with a series of ones and zeros being obscured with a blur filter](../assets/images/differential-privacy/cover.webp)
+<small aria-hidden="true">Image: Privacy Guides / Jordan Warne</small>
+
+Is it possible to collect data from a large group of people but protect each individual's privacy? In this entry of my series on [privacy-enhancing technologies](../tags.md/#tag:privacy-enhancing-technologies), we'll discuss differential privacy and how it can do just that.<!-- more -->
+
+## Problem
+
+It's useful to collect data from a large group of people. You can see trends in a population. But it requires a lot of individual people to give up personally identifiable information. Even things that seem innocuous like your gender can help identify you.
+
+Latanya Sweeney in a [paper](https://dataprivacylab.org/projects/identifiability/paper1.pdf) from 2000 used U.S. Census data to try and re-identify people solely based on the metrics available to her. She found that 87% of Americans could be identified based on only 3 metrics: ZIP code, date of birth, and sex.
+
+Obviously, being able to identify individuals based on publicly available data is a huge privacy issue.
+
+## History
+
+### Before Differential Privacy
+
+Being able to collect aggregate data is essential for research. It's what the U.S. Census does every 10 years.
+
+Usually we're more interested in the data as a whole and not data of individual people as it can show trends and overall patterns in groups of people. However, in order to get that data we must collect it from individuals.
+
+It was thought at first that simply [removing names and other obviously identifying details](https://simons.berkeley.edu/news/differential-privacy-issues-policymakers#:~:text=Prior%20to%20the%20line%20of%20research%20that%20led%20to%20differential%20privacy%2C%20it%20was%20widely%20believed%20that%20anonymizing%20data%20was%20a%20relatively%20straightforward%20and%20sufficient%20solution%20to%20the%20privacy%20challenge.%20Statistical%20aggregates%20could%20be%20released%2C%20many%20people%20thought%2C%20without%20revealing%20underlying%20personally%20identifiable%20data.%20Data%20sets%20could%20be%20released%20to%20researchers%20scrubbed%20of%20names%2C%20but%20otherwise%20with%20rich%20individual%20information%2C%20and%20were%20thought%20to%20have%20been%20anonymized.) from the data was enough to prevent re-identification, but [Latanya Sweeney](https://latanyasweeney.org/JLME.pdf) (a name that will pop up a few more times) proved in 1997 that even without names, a significant portion of individuals can be re-identified from a dataset by cross-referencing external data.
+
+Previous attempts at anonymizing data have relied on been highly vulnerable to re-identification attacks.
+
+#### AOL Search Log Release
+
+A famous example is the AOL search log release. AOL had been logging its users searches for research purposes. When they released the data, they only replaced the users' real names with an identifier. Researchers were able to identify [user 4417749](https://archive.nytimes.com/www.nytimes.com/learning/teachers/featured_articles/20060810thursday.html) as Thelma Arnold based on the identifying details of her searches.
+
+#### Strava Heatmap Incident
+
+In 2018, the fitness app Strava announced a major update to its heatmap, showing the the workout patterns of users of fitness trackers like Fitbit.
+
+Analyst [Nathan Ruser](https://x.com/Nrg8000/status/957318498102865920) indicated that these patterns can reveal military bases and troop movement patterns. This is obviously a huge op-sec problem and can endanger the lives of troops.
+
+It was also possible to [deanonymize](https://steveloughran.blogspot.com/2018/01/advanced-denanonymization-through-strava.html) individual users in some circumstances.
+
+#### Randomized Response
+
+One of the earliest ideas for anonymizing data was [randomized response](https://uvammm.github.io/docs/randomizedresponse.pdf), first introduced all the way back in 1965 in a paper by Stanley L. Warner. The idea behind it is quite clever.
+
+For certain questions like "have you committed tax fraud?" respondents will likely be hesitant to answer truthfully. The solution? Have the respondent flip a coin. If the coin is tails, answer yes. If the coin lands on heads, answer truthfully.
+
+| Respondent | Answer | Coin Flip (not included in the actual dataset just here for illustration) |
+| --- | --- | --- |
+| 1 | Yes | Tails (Answer Yes) |
+| 2 | No | Heads (Answer Truthfully) |
+| 3 | Yes | Tails (Answer Yes) |
+| 4 | Yes | Tails (Answer Yes) |
+| 5| No | Heads (Answer Truthfully) |
+
+Because we know the exact probability that a "Yes" answer is fake, 50%, we can remove it and give a rough estimate of how many respondents answered "Yes" truthfully.
+
+Randomized Response would lay the groundwork for differential privacy, but it wouldn't truly be realized for many decades.
+
+#### Unrelated Question Randomized Response
+
+A variation used later in a [paper](https://www.jstor.org/stable/2283636) by Greenberg et al. called **unrelated question randomized response** would present each respondent with either a sensitive question or a banal question like "is your birthday in January?" to increase the likelihood of people answering honestly, since the researcher doesn't know which question was asked.
+
+| Respondent | Question (not visible to researcher) | Answer |
+| --- | --- | --- |
+| 1 | Have you ever committed tax evasion? | No |
+| 2 | Is your birthday in January? | Yes |
+| 3 | Is your birthday in January? | No |
+| 4 | Have you ever committed tax evasion? | Yes |
+| 5 | Have you ever committed tax evasion? | No |
+
+#### k-Anonymity
+
+Latanya Sweeney and Pierangela Samarati introduced [k-anonymity](https://dataprivacylab.org/dataprivacy/projects/kanonymity/paper3.pdf) to the world back in 1998.
+
+It's interesting that even all the way back in 1998 concerns constant data collection were already relevant.
+
+> Most actions in daily life are recorded on some computer somewhere. That information in turn is often shared, exchanged, and sold. Many people may not care that the local grocer keeps track of which items they purchase, but shared information can be quite sensitive or damaging to individuals and organizations. Improper disclosure of medical information, financial information or matters of national security can have alarming ramifications, and many abuses have been cited.
+
+In a dataset, you might have removed names and other obviously identifying information, but there might be other data such as birthday, ZIP code, etc., that might be unique to one person in the dataset. If someone were to cross-reference this data with outside data, it could be possible to deanonymize individuals.
+
+k-anonymity means that for each row, at least k-1 other rows are identical. So for a k of 2, at least one other row is identical to each row.
+
+##### Generalization
+
+This is achieved through a few techniques, one of which is generalization. Generalization is reducing the precision of data so that it's not as unique.
+
+For example, instead of recording an exact age, you might give a range like 20-30. You've probably noticed this on surveys you've taken before. Data like this that's not directly identifiable but could be used to re-identify someone is referred to as *quasi-identifiers*.
+
+##### Suppression
+
+Sometimes even with generalization, you might have outliers that don't satisfy the k-anonymity requirements.
+
+In these cases, you can simply remove the row entirely.
+
+##### Attacks on k-Anonymity
+
+k-anonymity has been [demonstrated](https://www.usenix.org/system/files/sec22-cohen.pdf) to not prevent re-identification of individuals despite the data in a dataset being properly k-anonymized by "statistical experts".
+
+Researchers were able to deanonymize 3 students from a k-anonymized dataset from Harvard and MIT's EdX platform by cross-referencing data from LinkedIn, putting potentially thousands of students at risk of re-identification.
+
+### Dawn of Differential Privacy
+
+Most of the concepts I write about seem to come from the 70s and 80s, but differential privacy is a relatively new concept. It was first introduced in a paper from 2006 called [*Calibrating Noise to Sensitivity in Private Data Analysis*](https://desfontain.es/PDFs/PhD/CalibratingNoiseToSensitivityInPrivateDataAnalysis.pdf).
+
+The paper introduces the idea of adding noise to data to achieve privacy, similar to randomized response. However, differential privacy is much more mathematically rigorous and provable.
+
+Of course, adding noise to the dataset reduces its accuracy. Ɛ defines the amount of noise added to the dataset, with a small Ɛ meaning more privacy but less accurate data and vice versa. It's also referred to as the "privacy loss parameter" or "privacy budget".
+
+#### Central Differential Privacy
+
+This early form of differential privacy relied on adding noise to the data *after* it was already collected, meaning you still have to trust a central authority with the raw data.
+
+## Google RAPPOR
+
+In 2014, Google introduced [Randomized Aggregatable Privacy-Preserving Ordinal Response](https://arxiv.org/pdf/1407.6981) (RAPPOR), their [open source](https://github.com/google/rappor) implementation of differential privacy.
+
+Google RAPPOR implements and builds on previous techniques such as randomized response and adds significant improvements on top.
+
+### Local Differential Privacy
+
+In Google's implementation, noise is added to data on-device before it's sent off to any server. This removes the need to trust the central authority to handle your raw data, an important step in achieving truly anonymous data collection.
+
+### Bloom Filters
+
+Google RAPPOR makes use of a clever technique called bloom filters that saves space and improves privacy.
+
+Bloom filters work by starting out with an array of all 0's
+
+`[0, 0, 0, 0, 0, 0, 0, 0, 0]`
+
+Then, you run data such as the word "apple" through a hashing algorithm, which will give 1's in specific positions, say position 1, 3, and 5.
+
+`[0, 1, 0, 1, 0, 1, 0, 0, 0]`
+
+When you want to check if data is present, you run the data through the hashing algorithm and check if the corresponding positions are 1's. If they are, the data *might* be present (other data might have flipped those same bits at some point). If any of the 1's are 0's, then you know for sure that the data is not in the set.
+
+### Permanent Randomized Response
+
+A randomization step is performed flipping some of the bits randomly. This response is then "memoized" so that the same random values are used for future reporting. This protects against an "averaging" attack where an attacker sees multiple responses from the same user and can eventually recover the real value by averaging them out over time.
+
+### Instantaneous Randomized Response
+
+On top of the permanent randomized data, another randomization step is performed. This time, different randomness is added on top of the permanent randomness so that every response sent is unique. This prevents an attacker from determining a user from seeing the same randomized pattern over and over again.
+
+Both the permanent and instantaneous randomized response steps can be fine-tuned to for the desired privacy.
+
+### Chrome
+
+Google first used differential privacy in their Chrome browser for detection of [malware](https://blog.chromium.org/2014/10/learning-statistics-with-privacy-aided.html).
+
+Differential privacy is also used in Google's [Privacy Sandbox](https://privacysandbox.google.com/private-advertising/aggregation-service/privacy-protection-report-strategy).
+
+### Maps
+
+Google Maps uses DP for its [place busyness](https://safety.google/privacy/data/#:~:text=To%20offer%20features%20like%20place%20busyness%20in%20Maps%2C%20we%20apply%20an%20advanced%20anonymization%20technology%20called%20differential%20privacy%20that%20adds%20noise%20to%20your%20information%20so%20it%20can%E2%80%99t%20be%20used%20to%20personally%20identify%20you.) feature, allowing Maps to show you how busy an area is without revealing the movements of individual people.
+
+### Google Fi
+
+[Google Fi](https://opensource.googleblog.com/2019/09/enabling-developers-and-organizations.html) uses differential privacy as well to improve the service.
+
+## OpenDP
+
+[OpenDP](https://opendp.org) is a community effort to build open source and trustworthy tools for differential privacy. Their members consist of academics from prestigious universities like Harvard and employees at companies like Microsoft.
+
+There's been an effort from everyone to make differential privacy implementations open source, which is a breath of fresh air from companies that typically stick to closed source for their products.
+
+## Apple
+
+[Apple](https://www.apple.com/privacy/docs/Differential_Privacy_Overview.pdf) uses local differential privacy for much of its services, similar to what Google does. They add noise before sending any data off device, enabling them to collect aggregate data without harming the privacy of any individual user.
+
+They limit the number of contributions any one user can make via a *privacy budget* (this is the same as Ɛ) so you won't have to worry about your own contributions being averaged out over time and revealing your own trends.
+
+This allows them to find new words that people use that aren't included by default in the dictionary, or find which emojis are the most popular.
+
+Some of the things they use differential privacy for include
+
+- QuickType suggestions
+- Emoji suggestions
+- Lookup Hints
+- Safari Energy Draining Domains
+- Safari Autoplay Intent Detection
+- Safari Crashing Domains
+- Health Type Usage
+
+That's just based on their initial white paper, they've likely increased their use of DP since then.
+
+### Sketch Matrix
+
+Apple uses a similar method to Google, with a matrix initialized with all zeros. The input for the matrix is encoded with the SHA-256 hashing algorithm, and then bits are flipped randomly at a probability dependent on the epsilon value.
+
+Apple only sends a random row from this matrix instead of the entire thing in order to stay within their privacy budget.
+
+### See What's Sent
+
+You can see data sent with differential privacy in iOS under Settings > Privacy > Analytics > Analytics Data, it will begin with `DifferentialPrivacy`. On macOS, you can see these logs in the Console.
+
+## U.S. Census
+
+Differential privacy isn't just used by big corporations, in 2020 famously the U.S. Census used DP to protect the data of U.S. citizens for the first time.
+
+As a massive collection of data from numerous U.S. citizens, it's important for the census bureau to protect the privacy of census participants while still preserving the overall aggregate data.
+
+### Impetus
+
+Since the 90s, the U.S. Census used a less formal injection of statistical noise into their data, which they did all the way through 2010.
+
+After the 2010 census, the bureau tried to [re-identify individuals](https://www2.census.gov/library/publications/decennial/2020/census-briefs/c2020br-03.pdf) in the census data.
+
+>The experiment resulted in reconstruction of a dataset of more than 300 million individuals. The Census Bureau then used that dataset to match the reconstructed records to four commercially available data sources, to attempt to identify the age, sex, race, and Hispanic origin of people in more than six million blocks in the 2010 Census.
+
+Considering 309 million people lived in the U.S. in 2010, that's a devastating breach of personal privacy. Clearly more formal frameworks for protecting the privacy of individuals were needed.
+
+>Nationwide, roughly 150 million individuals—almost one-half of the population, have a unique combination of sex and single year of age at the block level.
+
+They could keep adding noise until these attacks are impossible, but that would make the data nigh unusable. Instead, differential privacy offers a mathematically rigorous method to protect the data from future re-identification attacks without ruining the data by adding too much noise. They can be sure thanks to the mathematical guarantees of DP.
+
+## DPrio
+
+Mozilla has been constantly working to make their telemetry more private over the years. Firefox uses [Prio](https://blog.mozilla.org/security/2019/06/06/next-steps-in-privacy-preserving-telemetry-with-prio/), a [Distributed Aggregation Protocol](https://datatracker.ietf.org/doc/html/draft-ietf-ppm-dap)-based telemetry system. It uses Multi-Party Computation to split the processing of user data between multiple parties.
+
+To accomplish this, [Mozilla](https://blog.mozilla.org/en/firefox/partnership-ohttp-prio/) partnered with [Divvi Up](https://divviup.org/blog/divvi-up-in-firefox/) as their DAP provider, and [Fastly](https://www.fastly.com/blog/firefox-fastly-take-another-step-toward-security-upgrade) as their OHTTP provider. OHTTP acts as a multi-hop proxy to separate traffic between two parties when making a connection: neither Mozilla nor Fastly will know both who you are and what you're connecting to.
+
+In 2023 researchers from Mozilla also conducted research into making Prio differentially private. The so-named "[DPrio](https://petsymposium.org/popets/2023/popets-2023-0086.pdf)" would combine multi-party computation, OHTTP, and differential privacy in a very impressive display of privacy protection. Unfortunately I couldn't find any evidence to suggest that DPrio has been implemented, but something to keep a lookout for in the future.
+
+## Future of Differential Privacy
+
+Differential privacy unlocks the potential for data collection with minimal risk of data exposure for any individual. Already, DP has allowed for software developers to improve their software, for new possibilities in research in the health sector and in government organizations.
+
+Adoption of scientifically and mathematically rigorous methods of data collection allows for organizations to collect aggregate data will allow for increased public trust in organizations and subsequently greater potential for research that will result in improvements to our everyday lives.
+
+I think for there to be more public trust there needs to be a bigger public outreach. That's my goal with this series, I'm hoping to at least increase awareness of some of the technology being deployed to protect your data, especially since so much of the news we hear is negative. Armed with the knowledge of what's available, we can also demand companies and organizations use these tools if they aren't already.
+
+It's heartening to see the level of openness and collaboration in the research. You can see a clear improvement over time as each paper takes the previous research and builds on it. I wish we saw the same attitude with all software.
+
+## Further Research
+
+Any programmers interested in learning how to implement differential privacy can check out the book *[Programming Differential Privacy](https://programming-dp.com)* to see Python examples.

blog/posts/encryption-is-not-a-crime.md

@@ -5,7 +5,7 @@ categories:
     - Opinion
 authors:
     - em
-description: Encryption is not a crime, encryption protects all of us. Encryption, and especially end-to-end encryption, is an essential tool to protect everyone online. Attempts to undermine encryption are an attack to our fundamental right to privacy and an attack to our inherent right to security and safety.
+description: Encryption is not a crime, encryption protects us all. Encryption, and especially end-to-end encryption, is an essential tool to protect everyone online. Attempts to undermine encryption are an attack to our fundamental right to privacy and an attack to our inherent right to security and safety.
 schema_type: OpinionNewsArticle
 preview:
   cover: blog/assets/images/encryption-is-not-a-crime/encryption-is-not-a-crime-cover.webp

blog/posts/importance-of-privacy-for-the-queer-community.md

@@ -7,7 +7,7 @@ tags:
     - Pride Month
 authors:
     - em
-description: Data privacy is important for everyone. But for some marginalized populations, data privacy is indispensable for social connection, access to information, and physical safety. For Pride month this year, we will discuss topics at the intersection of data privacy and experiences specific to the LGBTQ+ community.
+description: Data privacy is important for everyone. But for some marginalized populations, data privacy is indispensable for social connection, access to information, and physical safety. For Pride month, we discuss topics at the intersection of data privacy and experiences specific to the LGBTQ+ community.
 schema_type: AnalysisNewsArticle
 preview:
   cover: blog/assets/images/importance-of-privacy-for-the-queer-community/pride-cover.webp

blog/posts/in-praise-of-tor.md

@@ -8,7 +8,7 @@ tags:
     - Tor
 authors:
     - em
-description: You might have heard of Tor in the news a few times, yet never dared to try it yourself. Despite being around for decades, Tor is still a tool too few people know about. Today, Tor is easy to use for anyone. It not only helps journalists and activists, but anybody who seeks greater privacy online or access to information regardless of location. But what is Tor exactly? How can Tor help you? And why is it such an important tool?
+description: You might have heard of Tor already, yet never dared to try it yourself. Despite being around for decades, too few people know about Tor. It isn't only a tool for journalists and activists, but for anyone seeking greater privacy online. What is Tor exactly? And how can Tor help you?
 schema_type: OpinionNewsArticle
 preview:
   cover: blog/assets/images/in-praise-of-tor/tor-cover.webp

blog/posts/keepassium-review.md

@@ -8,7 +8,7 @@ categories:
     - Reviews
 authors:
     - em
-description: "If you need a password manager for iOS or macOS that gives you full control over your data, KeePassium is a fantastic option. KeePassium offers some synchronization features, but keeps your password database offline by default. You choose who to trust to store your passwords, and you can change it whenever you want."
+description: If you need a password manager for iOS or macOS that gives you full control over your data, KeePassium is a fantastic option. With KeePassium, you can keep your password database offline entirely, or choose whomever you trust to store it. You can also change this anytime.
 preview:
   logo: blog/assets/images/keepassium-review/keepassium.svg
 review:

blog/posts/monero-server-using-truenas.md

@@ -66,7 +66,7 @@ All of these applications are optional. You can set up nearly any combination of
 | Arti | A [Tor](https://www.privacyguides.org/en/advanced/tor-overview) client written in Rust. | Connect to Tor nodes, broadcast transactions over Tor, and connect to TrueNAS apps over Tor. |
 | Java I2P | The officially distributed app to connect to the [I2P network](https://www.privacyguides.org/en/alternative-networks/#i2p-the-invisible-internet-project). | Connect to I2P nodes, broadcast transactions over I2P, and connect to TrueNAS apps over I2P. |
 | Monero Node | The officially distributed app for communicating with the Monero network. | The app provides the necessary information to send and receive Monero transactions. Most wallets (including the official Monero wallets and Cake Wallet) connect to Monero nodes. |
-| Monero-LWS | A "**L**ight**w**eight **S**erver" that allows "lightweight" wallets to send and receive Monero transactions. | Lightweight Monero wallet apps (including Edge Wallet and MyMonero) can connect to this server so that the wallet itself does not need to scan/sync Monero history; the server handles this scanning/syncing. |
+| Monero-LWS | A "**L**ight-**W**allet **S**erver" that allows "light-wallets" to send and receive Monero transactions. | Monero light-wallet apps (including Edge Wallet and MyMonero) can connect to this server so that the wallet itself does not need to scan/sync Monero history; the server handles this scanning/syncing. |
 
 ## Configure TrueNAS Storage
 

blog/posts/multi-party-computation.md

@@ -0,0 +1,157 @@
+---
+date:
+    created: 2025-09-15T17:30:00Z
+categories:
+    - Explainers
+authors:
+    - fria
+tags:
+    - Privacy Enhancing Technologies
+schema_type: BackgroundNewsArticle
+description: Learn about Secure Multi-Party Computation and how it can be used to solve real-world privacy problems.
+preview:
+  cover: blog/assets/images/multi-party-computation/cover.webp
+---
+# What is Multi-Party Computation?
+
+![An image of a lock and multiple keys going toward it to unlock it](../assets/images/multi-party-computation/cover.webp)
+
+<small aria-hidden="true">Illustration: Jordan Warne / Privacy Guides</small>
+
+We know how to secure data in storage using E2EE, but is it possible to ensure data privacy even while processing it server-side? This is the first in a [series](../tags.md/#tag:privacy-enhancing-technologies) of articles I'll be writing covering the privacy-enhancing technologies being rolled out.<!-- more -->
+
+## History
+
+In a seminal [paper](https://dspace.mit.edu/bitstream/handle/1721.1/148953/MIT-LCS-TM-125.pdf?sequence=1) called "Mental Poker" by Adi Shamir, Ronald L. Rivest, and Leonard M. Adleman from 1979, the researchers attempt to demonstrate a way of playing poker over a distance using only messages and still have it be a fair game.
+
+To explain, fan favorites Alice and Bob will make a return. First, Bob encrypts all the cards with his key, then sends them to Alice. Alice picks five to deal back to Bob as his hand, then encrypts five with her own key and sends those to Bob as well. Bob removes his encryption from all ten cards and sends Alice's cards back to her.
+
+<div style="position: relative; padding-top: 56.25%;"><iframe title="Mental Poker Animation" width="100%" height="100%" src="https://neat.tube/videos/embed/k5jMvrTPLx5VcgzNq3ej1B?title=0" frameborder="0" allowfullscreen="" sandbox="allow-same-origin allow-scripts allow-popups allow-forms" style="position: absolute; inset: 0px;"></iframe></div>
+
+Notice that Bob needs to be able to remove his encryption *after* Alice has applied hers. This commutative property is important for the scheme to work.
+
+This early scheme is highly specialized for this task and not applicable to different situations.
+
+### Secure Two-Party Computation
+
+Alice and Bob have struck it rich! They're both millionaires, but they want to be able to see who has more money without revealing exactly how much they have to each other.
+
+Luckily, we can use **Multi-Party Computation** (**MPC**) to solve this "Millionaire's Problem," using a method invented by Andrew Yao called *garbled circuits*. Garbled circuits allow us to use MPC for any problem as long as it can be represented as a boolean circuit, i.e. a set of logic gates such as `AND` `OR` `XOR` etc.
+
+### Garbled Circuits
+
+We can split the two parties into an "Evaluator" and a "Generator". The Generator will be responsible for setting up the cryptography that'll be used, and the Evaluator will actually perform the computation.
+
+We start by making the truth table for our inputs. In order to hide the values of the truth table, we assign each input a different label. Importantly, we need to assign a different label for each input, so 1 will not be represented by the same label for each. We also need to shuffle the order of the rows, so the values can't be inferred from that.
+
+We can still tell what the value is based on knowing the type of logic gate. For example, an `AND` gate would only have one different output, so you could infer that output is 1 and the others are 0. To fix this, we can encrypt the rows using the input labels as keys, so only the correct output can be decrypted.
+
+We still have a problem, though: how can the Evaluator put in their inputs? Asking for both labels would allow them to decrypt more than one output, and giving their input would break the whole point. The solution is something called "Oblivious Transfer".
+
+The solution is for the Evaluator to generate two public keys, one of which they have the private key for. The Generator encrypts the two labels for the Evaluator's inputs using the provide public keys and sends them back. Since the Generator only has a private key for one of the labels, they will decrypt the one they want. The Generator puts the labels in order so that the Evaluator can choose which one they want to decrypt. This method relies on the Evaluator not to send multiple keys that can be decrypted. Because some trust is required, this protocol is considered "semi-honest".
+
+There's a good explainer for Yao's garbled circuits [here](https://lcamel.github.io/MPC-Notes/story-en-US.html) if you're interested in a step-by-step walkthrough.
+
+### Birth of Multi-Party Computation
+
+Multi-Party Computation was solidified with the [research](https://dl.acm.org/doi/pdf/10.1145/28395.28420) of Oded Goldreich, Silvio Micali, and Avi Wigderson and the GMW paradigm (named after the researchers, similar to how RSA is named).
+
+#### More Than Two Parties
+
+Yao's protocol was limited to two parties. The GMW paradigm expanded the protocol to be able to handle any number of parties and can handle actively malicious actors as long as the majority are honest.
+
+#### Secret Sharing
+
+The GMW paradigm relies on secret sharing which is a method of splitting private information like a cryptographic key into multiple parts such that it will only reveal the secret if the shares are combined. The GMW protocol uses additive secret sharing, which is quite simple. You come up with a secret number, say 123, and you split it up into however many other numbers you want.
+
+`99 + 24 = 123`
+
+You distribute each number to a participant and add them all together to get the original secret. While simple, it doesn't play well with multiplication operations.
+
+#### Zero-Knowledge Proofs
+
+The GMW paradigm introduced protections against malicious adversaries, powered by zero-knowledge proofs (ZKP). ZKP allow one party to convince another party a statement is true without revealing any other information than the fact that the statement is true. The concept of ZKP was first introduced in a [paper](https://dl.acm.org/doi/pdf/10.1145/22145.22178) from 1985 by Shafi Goldwasser, Silvio Micali, and Charles Rackoff.
+
+A humorous paper titled *[How to Explain Zero-Knowledge Protocols to Your Children](https://pages.cs.wisc.edu/~mkowalcz/628.pdf)* gives a storybook explanation of how they work (who says academic papers can't be fun?).
+
+The main crux revolves around probability: if a party knows the proper way to get a result, they should be able to reliably get the correct answer.
+
+To borrow the cave explanation, imagine Alice and Bob have taken up cave exploration. They've found a cave in the shape of a loop with a magic door connecting each entrance together and Alice claims to know how to open it. However, she doesn't want Bob to know the secret to open the door.
+
+Alice, acting as the "Prover" goes into the cave. Bob, the "Verifier", stays outside and yells which side of the cave Alice should come out of. They repeat this many times. If Alice can reliably make it out of the correct side of the cave, then she must know how to open the magic door.
+
+### BGW Protocol
+
+While the GMW protocol was a huge leap forward for MPC, there were still huge limitations. The garbled circuit protocol is limited to boolean logic gates which makes implementing many different common operations much more difficult. It also requires communication for every single gate, which is highly inefficient.
+
+The researchers Michael Ben-Or, Shafi Goldwassert, and Avi Wigderson in their paper *[Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computation](https://dl.acm.org/doi/pdf/10.1145/62212.62213)* made several advancements in the efficiency and robustness of MPC, moving it closer to being practical to use in the real world.
+
+#### Arithmetic Circuits
+
+Instead of boolean circuits, the BGW protocol uses arithmetic circuits. These allow for easier mathematical operations like multiplication and addition instead of being limited to logic gates on individual bits. This makes a huge difference in the amount of communication between parties and thus the efficiency of the protocol.
+
+#### Shamir's Secret Sharing
+
+The BGW protocol utilizes [Shamir's Secret Sharing](https://web.mit.edu/6.857/OldStuff/Fall03/ref/Shamir-HowToShareASecret.pdf), which relies on polynomials instead of addition. This allows for more efficiency in multiplication and allows for setting a threshold where only a certain number of shares need to be present in order to reconstruct the secret.
+
+#### Less Communication
+
+The BGW protocol doesn't require as much communication between parties, partly thanks to its use of Shamir's secret sharing which works well with arithmetic operations.
+
+Additionally, it doesn't require Oblivious Transfer or zero-knowledge proofs. Its use of Shamir's secret sharing and error correction codes instead provides the same properties in a more efficient way.
+
+### Fairplay
+
+The field was further advanced by the introduction of the [Fairplay](https://www.cs.huji.ac.il/w~noam/FairplayMP.pdf) system.
+
+Up until this paper, MPC was limited to boolean circuits or arithmetic circuits: not exactly friendly if you're a programmer that's used to using higher level languages. Fairplay introduces a compiler, SFDL, which can compile higher level languages to boolean circuits and then securely computes the circuit.
+
+Fairplay also brings some advancements in efficiency. It utilizes constant rounds, with a fixed 8 rounds, reducing the communication overhead. It also uses the free XOR technique so that encryption operations don't have to be performed on XOR gates, improving efficiency.
+
+### Real-World Usage
+
+As MPC saw gradual optimizations and improvements, it grew from an interesting thought experiment to something that could have real-world uses.
+
+#### Danish Sugar Beet Auction
+
+The first instance of MPC being used in a real-world scenario wouldn't occur until 2008.
+
+Denmark's sugar beet industry faced a problem: with the EU significantly reducing its financial support for sugar beet production, they needed to figure out what price the thousands of sugar beet farmers were willing to sell at, and which price the company that bought all the sugar beets would be willing to buy them at, a so-called "double auction" where the buyer and seller figure out the **market clearing price**, or the price at which demand meets supply most effectively.
+
+But who should be in charge of the auction? Farmers don't want to trust Danisco with their bids as it reveals information about each individual farmer's business. The farmers can't be in charge of it because they don't trust each other. They could use an external consulting firm, but then the entire operation would rely on that one firm's confidentiality and the reliability of their tools.
+
+The [solution](https://a.storyblok.com/f/266767/x/e4c85ffa34/mpc-goes-live_whitepaper_2008-068.pdf) was to use a "virtual auctioneer" that relied on MPC to fairly carry the auction out.
+
+It relied on three servers, with one representing each party: Danisco, DKS (the Danish sugar beet growers association), and The SIMAP project (Secure Information Management and Processing, a project sponsored by the Danish National Research Agency).
+
+The solution was so successful that it was used every year until 2015 when it was no longer needed. A survey of the farmers found that the vast majority found the system simplified the process of trading contracts and that they were satisfied with the level of confidentiality it provided.
+
+The first test run of MPC was a massive success and the potential was now proven.
+
+#### The Boston Women's Workforce Council
+
+In 2016, the [Boston Women's Workforce Council](https://www.boston.gov/sites/default/files/document-file-09-2017/bwwcr-2016-new-report.pdf) worked with 69 companies to investigate if women are paid the same as men.
+
+Using MPC, the companies were able to process their data without revealing the actual wages of any employees. The wage data of 112,600 employees was collected, representing about 11% of the Greater Boston workforce.
+
+You can read their detailed findings in the report, but they found that women were indeed being paid less than men: 77 cents for every dollar a man makes on average.
+
+It was reported in 2023 that thanks to this data, the Boston Women's Workforce Council was able to reduce the wage gap by 30%.
+
+#### Allegheny County
+
+In 2018, Allegheny County Department of Human Services partnered with the [Bipartisan Policy Center](https://bipartisanpolicy.org/press-release/bpc-partners-with-allegheny-county-on-new-privacy-preserving-data-project/) to implement MPC, allowing for private and secure sharing of county data on services to the homeless, behavioral health services, causes and incidence of mortality, family interventions, and incarceration.
+
+The experiment was considered a success, with a recommendation from the U.S. Commission on Evidence-Based Policymaking to further explore the use of MPC.
+
+## MPC Today
+
+Today, the [MPC Alliance](https://www.mpcalliance.org) represents a collective of companies that have come together to advance the use of MPC.
+
+MPC is used for everything from [cryptocurrency](https://www.coinbase.com/learn/wallet/what-is-a-multi-party-computation-mpc-wallet) to HIPAA-compliant [medical](https://pmc.ncbi.nlm.nih.gov/articles/PMC6658266/) uses. There are ongoing efforts to [standardize](https://csrc.nist.gov/projects/threshold-cryptography) it from organizations like NIST, although it's a difficult proposition due to the sheer variation in MPC protocols and use cases.
+
+There's been research into using MPC for secure and [verifiably fair](https://eprint.iacr.org/2014/075.pdf) [electronic voting](https://arxiv.org/html/2205.10580v4), something that's much needed as countries move toward [electronic voting](https://worldpopulationreview.com/country-rankings/electronic-voting-by-country). It's important to not completely dismiss the march of technology, but these things should be implemented with the utmost caution and scientific rigor. I feel that implementing black-box electronic voting without open and provably secure technologies like MPC is irresponsible and endangers elections.
+
+MPC acts as an essential privacy tool in the toolbox. It intersects with other PETs like homomorphic encryption, a method of encrypting data in such a way that operations can still be performed on it without revealing the unencrypted data.
+
+MPC is just one tool among many that's reshaping the privacy landscape. I'm excited to see how it's used in the future and what new advancements it unlocks.

blog/posts/private-european-alternatives.md

@@ -91,7 +91,7 @@ Developed and hosted by *XWiki* in Paris, France, **CryptPad** is a complete onl
 
 <div class="admonition recommendation" markdown>
 
-![Nextcloud logo](../assets/img/document-collaboration/nextcloud.svg){ align=right }
+![Nextcloud logo](../assets/img/self-hosting/nextcloud.svg){ align=right }
 
 **Nextcloud** is a suite of free and open-source client-server software for creating your own file hosting services on a private server you control.
 

blog/posts/real-name-policies.md

@@ -0,0 +1,422 @@
+---
+date:
+    created: 2025-10-15T03:50:00Z
+categories:
+    - Explainers
+authors:
+    - em
+    - jordan
+description:
+    Real-name policies have existed for over a decade, but these problems have become exponentially harmful in today's world. It's time to fight back against this unsafe and discriminatory privacy-invasive practice.
+schema_type: AnalysisNewsArticle
+preview:
+  cover: blog/assets/images/real-name-policies/realname-cover.webp
+---
+
+# Real-Name Policies: The War Against Pseudonymity
+
+![Filtered photo of a "Hello my name is" name-tag sticker on a street post. Over the space for the name is a black graffiti tag.](../assets/images/real-name-policies/realname-cover.webp)
+
+<small aria-hidden="true">Illustration: Em / Privacy Guides | Photo: Marija Zaric / Unsplash</small>
+
+Real-name policies have existed for well over a decade already, and the problems they cause aren't new. But these problems have become exponentially harmful in today's world, where real-name policies are coupled with monopolistic platforms, increased mass surveillance, AI technologies, and facial recognition capabilities. It's time to fight back against this unsafe and discriminatory privacy-invasive practice.<!-- more -->
+
+Pseudonymity, or the use of a nickname or fictitious name online, has always been deeply valued on the internet. It grants people protections and freedoms that are often impossible to benefit from offline.
+
+Women, and especially women who are part of male-dominated online communities, have regularly used pseudonyms to hide their gender online in order to protect themselves from sexual harassment, stalking, and physical violence even.
+
+Transgender and gender-diverse people also regularly use pseudonyms for protection, or use new chosen names to explore their gender identity online.
+
+Victims of domestic violence, victims of stalkers, activists, and even journalists often use pseudonyms to protect themselves from aggressors or oppressive regimes.
+
+**Pseudonymity saves lives.** And yet, it is constantly under attack.
+
+## What are real-name policies exactly?
+
+<div class="admonition quote inline end" markdown>
+<p class="admonition-title">Increasingly more platforms demand that users provide their legal name and official identifications in order to keep using a platform.</p></div>
+
+So called "real-name" policies are platform policies requiring users and subscribers to sign up and display their "real name," often equated to a *legal* name.
+
+Facebook for example claims not to require a legal name, but only the "real" name a person uses in their daily life. Yet, the social media giant regularly demands official IDs to verify this "real" name, effectively requiring people associate their account with their *legal* identity.
+
+Facebook has even repeatedly taken the liberty to decide which name was "real", and changed the displayed name of users based on verification processes **without any prior consent from users**. For people in vulnerable situations, this can be a *very* dangerous practice.
+
+Facebook is perhaps the most infamous platform implementing such discriminatory and intrusive policy, but sadly, it's not the only one.
+
+<span class="pullquote-source">Increasingly more platforms demand that users provide their legal name and official identifications in order to keep using a platform.</span> And this will likely be aggravated significantly by the recent trend for [age-verification](https://www.privacyguides.org/videos/2025/08/15/age-verification-is-a-privacy-nightmare/) policies.
+
+### Explicit and implicit policies
+
+There is always two levels of real-name policies: The name displayed publicly to everyone (explicitly required), and the name the platform has associated with the account in its database (implicitly associated).
+
+While a requirement to expose one's legal name publicly has clear privacy risks, storing legal names without displaying it to other users is also problematic.
+
+For explicit requirements, users who are obligated to display their legal name publicly are not only forced to create a permanent association of this account with their legal identity (with all the problems this can bring), but are also potentially exposing their identity and account to current or future attackers.
+
+For example, this can and does enable stalkers to find their victims online (and offline) to cause them harm.
+
+For implicit associations, as soon as a legal name is collected and associated with an account in the backend, whether from providing official documentation for age verification, account recovery, payment, or any other processes; this data is at risk of getting leaked or breached, and eventually shared publicly as well.
+
+Once this data is [exposed](https://discuss.privacyguides.net/t/discord-data-breach-customers-personal-data-and-scanned-photo-ids-leaked/31904), this account now also becomes permanently associated with a legal identity, publicly.
+
+Even without having an openly stated real-name policy, platforms collecting official documentation—or otherwise storing legal names associated with accounts—can effectively end up exposing their users to similar risks.
+
+### What is a real name anyway?
+
+Of course, your true *real* name is whatever you decide others should call you. Only *you* can decide this, and others should be respectful of your choice.
+
+Your *legal* name, however, is a **data marker attached to your person that can be used to trace many of your activities online and offline**, with a high degree of precision going as far back as when you were born.
+
+For everyone, but especially for vulnerable communities, exposing legal names on certain platforms can represent a significant risk. The [use of pseudonymity](https://www.techradar.com/pro/vpn/using-your-real-name-on-social-media-heres-why-you-should-think-twice) is a critical part of online safety, and people should be able to continue using this protective measure without raising suspicion.
+
+## Who is impacted the most by real-name policies?
+
+Everyone is impacted by real-name policies, but groups that are at higher risk of discrimination, violence, and online harassment are disproportionally harmed by them.
+
+Moreover, anyone who for various reasons uses a name that doesn't match their official ID; has a legal name that doesn't match an expected American name pattern; needs to conceal their gender online for safety; or has to protect their identity online due to their work as an activist, journalist, dissident, or whistleblower can be severely impacted, silenced, and even endangered by requirements to provide a legal name online.
+
+### Victims of domestic violence
+
+For many people, using pseudonyms isn't just a good privacy practice, but it can be a matter of life and death.
+
+For anyone who is experiencing or has experienced domestic violence, creating a new online identity hidden from the perpetrator can be essential for survival, to prepare a safe escape, or to keep having access to essential support and resources.
+
+When people are forced to only use one identity online, an identity attached to their legal identity, this empowers aggressors to find their victims, to silence them, to control them, and to harm them.
+
+**Technologies and policies are never neutral.** When policies and features make it difficult or impossible for vulnerable people to use these technologies safely, they are effectively excluding vulnerable people from the platforms.
+
+Even if this might seem minor from the outside, when Big Tech becomes so monopolistic that it's almost impossible to fully avoid it in our daily lives, when someone cannot access social groups and support without a Facebook account, and can't find a new job without LinkedIn, then it's not just a minor problem anymore, it's a major problem.
+
+**Platforms and online services should be safely accessible to everyone.** And this includes allowing the use of protective pseudonymity without requiring legal identification that could put the most vulnerable in life-threatening situations.
+
+### Victims of stalking
+
+Similarly to victims of domestic violence, victims of stalking must protect their identity online to stay safe from their stalkers. When platforms obligate people to use their legal names, explicitly or implicitly, they directly endanger these victims.
+
+If a stalker or an aggressor knows a victim's legal name (which is often the case), then it's trivial to find their account on any platforms and services, regardless of if they have blocked them on one.
+
+A good protection to prevent severe harassment is to create alternative accounts using a different name or different pseudonym unknown to the aggressor. This can give victims the peace of mind of knowing their stalker will not be able to find them there.
+
+For anyone tempted to argue real-name policies reduce the number of perpetrators, this isn't the case.
+
+Stalkers and predators of all kind feel generally quite comfortable using their own legal names, this isn't a problem for them. They feel confident knowing that victims generally have little recourses and support, and that there will be no consequences for them even when their legal name is known.
+
+Despite the claims, removing pseudonymity doesn't remove misbehavior online, this has been demonstrated [again](https://theconversation.com/online-abuse-banning-anonymous-social-media-accounts-is-not-the-answer-170224), and [again](https://theconversation.com/online-anonymity-study-found-stable-pseudonyms-created-a-more-civil-environment-than-real-user-names-171374), and [again](https://allabouteve.co.in/harassment-of-women-on-linkedin/). Real-name policies don't reduce crime, it only restricts the victims' ability to protect themselves from such crime.
+
+### Activists and political dissidents
+
+<div class="admonition quote inline end" markdown>
+<p class="admonition-title">Pseudonyms are hardly modern phenomena, and it's fair to say democracy wouldn't exist without it.</p></div>
+
+For activists and political dissidents around the world, using pseudonymity online can be a way to reclaim freedom of speech and criticize power in a safer way. Under oppressive regimes, online privacy can mean life or death.
+
+This is another example showing how essential privacy rights are to democracy. **Real-name policies facilitate censorship, discrimination, and political repression.**
+
+A Honduran blogger using the pseudonym [La Gringa](https://lagringasblogicito.blogspot.com/2011/10/my-ripples-will-continue.html) used her blog and Facebook page to criticize the Central American government for years.
+
+Protecting her legal identity is essential to allow her to speak freely and stay safe from state repression. This isn't an exaggeration, Honduras is one of the most dangerous country for journalists. The Committee to Protect Journalists (CPJ) [recorded](https://latamjournalismreview.org/articles/almost-five-years-after-murder-of-honduran-journalist-gabriel-hernandez-authorities-still-waiting-for-results-of-their-investigations/) that 37 press workers were killed in the country between 1992 and 2023. Of these murders, 90% were unpunished.
+
+But Facebook silenced La Gringa with its real-name policy, requiring her to provide a copy of her official ID to continue advocating on the platform. Evidently, this request is asking her to put her life in danger and cannot be compromised on.
+
+Facebook's policy is essentially silencing any dissident and marginalized voices in oppressive regimes.
+
+By letting the community report infractions to Facebook's real-name policy, this effectively allows Facebook's rules to be weaponized against marginalized groups already plagued with constant discrimination.
+
+It also empowers abusers to silence their victims, and sides with oppressive regimes around the world to censor any critics they might have.
+
+As reporter Kevin Morris [commented](https://www.dailydot.com/news/la-gringa-facebook-ban-real-id-dangerous-honduras/) in his Daily Dot piece on the topic: <span class="pullquote-source">"Pseudonyms are hardly modern phenomena, and it's fair to say democracy wouldn't exist without it."</span>
+
+### Women
+
+<div class="admonition quote inline end" markdown>
+<p class="admonition-title">A site which requires real/verified names is automatically flagging itself as a potentially/probably unsafe space for women, or for anyone else at risk of harassment, violence, job discrimination, and the like.</p></div>
+
+Women have long used pseudonyms on the internet in order to conceal their gender online, and spare themselves from the sexual harassment and discrimination omnipresent on some platforms. This is even more common in male-dominated communities like online gaming, for example.
+
+It's not rare to hear some people claiming that "there aren't any women in their online community." Well, there probably is.
+
+Platforms allowing pseudonyms foster a culture of inclusivity where everyone can participate free from discrimination, regardless of their gender. Real-name policies encourage the opposite: platforms where participants are forced to either endure the abuse and compromise their physical safety, or be excluded entirely.
+
+As pseudonymous author *skud* [wrote](https://geekfeminismdotorg.wordpress.com/2010/06/10/hacker-news-and-pseudonymity/) for the *Geek Feminism* blog in 2010:
+
+> [...] women online are regularly admonished to use pseudonyms to protect themselves. Many websites with a culture of pseudonymity [...] have a very high proportion of female members, perhaps in part because of the sense of privacy and security that pseudonymity brings. <span class="pullquote-source">A site which requires real/verified names is automatically flagging itself as a potentially/probably unsafe space for women, or for anyone else at risk of harassment, violence, job discrimination, and the like.</span>
+
+Women aren't exactly a minority group. While platforms should be inclusive to everyone of course, including minority groups, enforcing a policy that obligates roughly 50% of the population to lower its safety protections in order to participate should be obviously unacceptable.
+
+### Indigenous people
+
+Notwithstanding its own policy, Facebook has regularly suspended accounts with legal names wrongly targeted as fake, based on criteria rooted in colonialism. Indigenous communities have been exceedingly impacted by Facebook's real-name policy, despite following all the platform's rules as requested.
+
+In 2009, Facebook abruptly [cut off account access](https://ictnews.org/archive/facebook-no-friend-to-american-indian-names/) to an Indigenous American woman named Robin Kills The Enemy, wrongly accusing her of registering under a false name. But her name was authentic, and indeed her *legal* name.
+
+Facebook eventually reinstated her account, but only after a long process where she had to modify the spelling.
+
+The burden shouldn't be on Indigenous people to have to prove their identity just because a US-based corporation can't seem to understand the global diversity of naming conventions.
+
+Following Kills The Enemy's experience, a journalist started a Facebook group called "Facebook: don't discriminate against Native surnames!!!" that was joined by over a thousand people only a few days after its creation. Many users shared similar experiences and questioned the platform's treatment of Indigenous surnames.
+
+Another woman named Melissa Holds The Enemy described a month-long process to recover her account.
+
+An Indigenous man named Oglala Lakota Lance Brown Eyes had his account [suspended](https://colorlines.com/article/native-americans-say-facebook-accusing-them-using-fake-names/) by Facebook demanding his "real" name.
+
+After Brown Eyes sent all the required proofs, Facebook decided without warning to Americanize his displayed name to "Lance Brown." **This is blatant racism.**
+
+His name was eventually corrected and Facebook apologized, but only after Brown Eyes threatened the company with a class action lawsuit.
+
+Dana Lone Hill also got her account suspended because of her Indigenous surname, and was forced to go through Facebook's intrusive verification process in order to recover her account.
+
+The list goes on and on. Indigenous people have been forced by Facebook to modify and Americanize their *actual legal names*.
+
+Many were forced to add hyphens, change the alphabet used, smash words together, or even remove parts of their legal name in order to please Facebook's arbitrary preferences, ignoring its own "real-name" policy.
+
+This is yet another demonstration of systemic racism perpetrated by a monopolistic corporation quick to ignore the human rights and diversity of its users.
+
+### People with non-Anglophone names
+
+In another case, a woman from Japan named Hiroko Yoda [wasn't able to sign up](https://www.telegraph.co.uk/news/newstopics/howaboutthat/2632170/Woman-called-Yoda-blocked-from-Facebook.html) for a Facebook account due to her surname.
+
+Despite being a common surname in Japan, it seems Facebook judged it more important to ban anyone trying to "impersonate" the popular Star Wars character.
+
+Of course, the Star Wars character uses a Japanese name because its creator has drawn [inspiration](https://en.wikipedia.org/wiki/Yoda#Creation) from the Japanese culture. But Facebook still seems to somehow think that Star Wars comes first, and Japanese people must pay the price for daring to share a surname with the American Jedi.
+
+A Facebook user from Hawaii named Chase Nahooikaikakeolamauloaokalani Silva also had his account suspended despite using his legal name.
+
+As a proud Hawaiian, it was important for him to be able to display his Hawaiian given name. But Facebook just didn't like his *legal* name.
+
+Silva reported to [HuffPost](https://www.huffpost.com/entry/facebook-chase-nahooikaikakeolamauloaokalani-silva_n_5833248) that "Facebook should not be able to dictate what your name is, what you go by, what you answer to," and he's right.
+
+More broadly, Facebook's policy [prohibits](https://en.wikipedia.org/wiki/Facebook_real-name_policy_controversy) name with "too many" words, capital letters, or first names with initials. This assumes the default for names is the Americanized format of one first name, one (short) middle name, and one last name.
+
+But this isn't a reality for most of the world. This extremely narrow vision of what a name should look like and how it should be formatted isn't compatible with many if not most cultures.
+
+It's unbelievable (and unacceptable) that a platform with an estimated 2.28 billion active users, who seems to want to eat even more of the world every year, is being so ignorant of non-American cultures and global naming conventions in its policies and practices.
+
+### The transgender community
+
+For transgender and gender-diverse individuals, their legal name may be a "[dead name](https://en.wikipedia.org/wiki/Deadnaming)." A dead name is a name that they were assigned at birth but no longer identify with. Commonly, transgender people change their name as part of their gender transition.
+
+In many countries around the world, there can be many bureaucratic hurdles required to change one's name, meaning that many trans people are unable to update their legal name to reflect their gender identity. Because they no longer identify with their dead name, keeping it private is of great importance for their mental health and safety.
+
+<div class="admonition quote inline end" markdown>
+<p class="admonition-title">23% of LGBTQ+ young people reported that they have been physically threatened or harmed in the past year due to either their sexual orientation or gender identity.</p></div>
+
+Referring to a trans person with their dead name is considered offensive and often involves misgendering someone too. For transgender people, being called a name that they no longer identify with invokes feelings of depression, anxiety, gender dysphoria, and lack of acceptance.
+
+Using someone's dead name signals that you don't respect their identity and that you don't care about them enough to use their new name.
+
+Unfortunately, transgender people still face widespread discrimination, that's why "dead naming" can be incredibly dangerous. Revealing someone's gender identity or sexuality without their consent is called "outing". By calling someone by their dead name, you may be inadvertently revealing someone is transgender. This can be not only traumatizing and frightening for the individual, but can also lead to violence or put this person in a dangerous situation.
+
+The Trevor Project, a non-profit LGBTQ+ organization, conducts a yearly [survey](https://www.thetrevorproject.org/survey-2024/?_hsmi=305272848) on LGBTQ+ youth across the United States. In their 2024 release, they found that <span class="pullquote-source">"23% of LGBTQ+ young people reported that they have been physically threatened or harmed in the past year due to either their sexual orientation or gender identity."</span>
+
+This is why when real-name policies come in, requiring transgender people to use their legal name for their social media accounts, this could force them to "come out" by displaying a name that they no longer identify with, therefore revealing they are transgender. The National LGBTQ Institute on Intimate Partner Violence [describes](https://lgbtqipvinstitute.org/coming-out-safely/) "coming out" as an "ongoing process, by which a person shares aspects of their identity with others."
+
+Having aspects of their identity shared without their consent can put this person in significant physical danger because of unsupportive family members, friends, colleagues, and strangers. This is especially the case with LGBTQ+ youth, who are at heightened risk of online, verbal, physical harassment, or violence due to their identity.
+
+Coming out can be a very daunting and scary process, particularly for transgender and gender-diverse people, and often can be an ongoing process over many years. In many cases, LGBTQ+ people choose instead to [hide their identity](https://www.stonewall.org.uk/news/new-research-shows-almost-40-of-lgbtq-employees-still-hide-their-identity-at-work) at social and work gatherings.
+
+Platforms that enforce real-name policies take away the essential ability to control when and how that process plays out are nothing short of abusive. This might sound hyperbolic, however, "outing" is often used as a mean of control in abusive relationships to coerce an LGBTQ+ individual. The fact that social media platforms are exhibiting similar behavior is alarming.
+
+Unfortunately, many websites don't allow updating the name attached to an account easily, often requiring to provide legal documentation showing proof that the name has been legally changed.
+
+Having to provide your identification documents to use a website is not only terrible for your privacy, as it links your real life identity to your online account, it also puts your identity at risk.
+
+Companies that process and verify identity documents are at a much higher risk of being targeted by malicious actors, because of the sensitive information they store and process.
+
+One of the worst offenders of this is Facebook. They require everyone that signs up to use their legal name for their profile, and claim that this is to ensure safety on the platform so that everyone knows who they are talking to is who they say they are.
+
+Many transgender and gender-diverse people use aliases on social media platforms to protect their identities and the identities of those around them, because they are more likely to be harassed or doxxed. Facebook's real-name policy has unforeseen consequences for these people, as one transgender Facebook user [found out](https://www.dailydot.com/news/facebook-real-names-cracking-down-transgender/):
+
+> I woke up to find my Facebook account deleted. [...] I have had a Facebook since about 2007 or 2008. Other than when I was a kid and was afraid my parents would find out about my account (causing me to use an alias for a little while), my profile always bore my legal name. A week or so ago, however, I changed my display name to "Arc Angel."
+
+Finally, because of the discrimination and danger that transgender people face in the real world, they often find refuge in online and internet communities. According to a report by [Hopelab](https://assets.hopelab.org/wp-content/uploads/2025/03/2025-Without-It-I-Wouldnt-Be-Here.pdf) of LGBTQ+ youth:
+
+> Transgender young people more often agree that their online communities and friendships were important or very important (84%) when they began to explore their sexuality or gender compared to cisgender LGBQ+ young people (71%).
+
+This is why it’s so important that they are able to freely express themselves with a pseudonymous or anonymous identity. If every online platform required these users to use their legal name, this would be extremely dangerous for transgender and gender-diverse people who often rely on online spaces for community, friendship, and support.
+
+### LGBTQ+ people
+
+Moreover, real-name policies disproportionately affect LGBTQ+ people, as they often prefer to not associate their legal name with their online activities. This is especially important for people living in countries where LGBTQ+ identities are [criminalized by law](https://en.wikipedia.org/wiki/Criminalization_of_homosexuality), meaning they can be jailed (or worse) if they associate their online activities with their real life identity.
+
+Unfortunately, it gets even worse: harassers and trolls have weaponized Facebook's real-name policy, and are using it to silence their victims by mass reporting them as using a fake name.
+
+In an [open letter](https://www.eff.org/document/open-letter-facebook-about-its-real-names-policy) to Facebook about its real-name policy in 2015, many LGBTQ+ and digital rights organizations warned Facebook that this was being used to silence LGBTQ+ people:
+
+> Facebook users in the global LGBTQ community, South and Southeast Asia and the Middle East report that groups have deliberately organized (sometimes even coordinating via Facebook) to silence their targets using the "Report Abuse" button.
+
+Despite all the recommendations and warnings by LGBTQ+ organizations and digital rights groups more than ten years ago, Facebook is still standing strong in its intention to keep the platform a "real name" only space.
+
+Their help center still [states](https://www.facebook.com/help/229715077154790/Names+allowed+on+Facebook/) that you can only use a name that appears on your official identification documents:
+
+> The name on your profile should be the name that your friends call you in everyday life. This name should also appear on a form of ID or document from our ID list.
+
+Many platforms have been trying to improve the way they handle this and allow for users to select a preferred name that is displayed instead of their legal name. This is an improvement, however it isn't without issues.
+
+Platforms shouldn't require you to provide your legal name to begin with.
+
+### Stage performers and small businesses
+
+In 2014, Facebook made the news for ramping up its real-name policy and suspending hundreds of accounts from marginalized and vulnerable people (more on this in the [next section](#facebook)). The platform was heavily criticized, and Facebook eventually reinstated many banned accounts.
+
+At the time, drag performers were [severely impacted](https://www.cnn.com/2014/09/16/living/facebook-name-policy/) by the policy purge. Drag queen and activist Sister Roma reported having to change her Facebook profile to a legal name she had not used publicly for 27 years.
+
+Retired burlesque dancer Blissom Booblé explained that using a pen name on Facebook was essential to continue her advocacy for LGBTQ+ homeless youth and to raise HIV awareness while staying free from discrimination at her workplace.
+
+Drag queen Ruby Roo reluctantly complied with Facebook's policy in order to keep contact with his friends, but expressed concerns that people would not recognize him under his legal name. If nobody ever calls you by your legal name, does this still even count as your "real" name?
+
+During an earlier purge in 2009, small-business entrepreneur Alicia Istanbul [suddenly lost access](https://www.sfgate.com/business/article/Real-users-caught-in-Facebook-fake-name-purge-3231397.php) to both her personal Facebook account and her jewelry design business page. Once this happens, the burden falls on users to carry on the lengthy and intrusive verification process to restore their accounts.
+
+**There is no innocent until proven guilty with Big Tech.** This can represent significant losses in time and money for small businesses.
+
+Additionally, many professionals such as teachers, doctors, therapists, and social workers regularly use pseudonyms so that clients and patients will not be able to find their personal accounts.
+
+Everyone should have the right to separate their professional lives from their personal lives, and [using pseudonyms is a great practice](stay-safe-but-stay-connected.md/#pseudonymity) to this effect.
+
+### Everyone else
+
+Finally, everyone can be impacted negatively by real-name policies, not only marginalized or vulnerable groups.
+
+Everyone should be able to choose the protections necessary for themselves, according to their own and unique [threat model](https://www.privacyguides.org/en/basics/threat-modeling/). If someone decides it's safer or more comfortable for them to use a platform under a pseudonymous account, they should be able to do so freely.
+
+Privacy is a basic human right, and it should be accessible to all without requiring any justification.
+
+The normalization of real-name policies online, aggravated by the growing identity and age verification industry, will have devastating consequences for everyone, and for democracies everywhere. **Real-name policies are authoritarian in nature and have a chilling effect on freedom of speech and other civil liberties.**
+
+If we value privacy as a human right, we must push back against real-name policies, especially on social media.
+
+## Where are real-name policies?
+
+About ten years ago, pseudonymity became a heated news topic during the so-called [Nymwars](https://en.wikipedia.org/wiki/Nymwars), the wars against pseudo*nyms*.
+
+The term mostly refers to a series of conflicts related to real-name policies in the 2010s. It emerged in relation to waves of policy enforcement from Facebook, Google, and the video-game giant Blizzard.
+
+With the increasing push for age verification and "human authentication" online, the Nymwars are sadly likely to make a comeback very soon. And for some platforms, the war just never stopped.
+
+Sometimes, your legal name might be required online of course. For example, for governmental and financial services. But way too many platforms and services collect legal names when there really isn't any strong justifications for it.
+
+While Facebook was mentioned abundantly in previous examples, this problem isn't limited to Meta's social media. You've probably encountered real-name policies everywhere already, but here are some platforms (and even countries) that have been infamous for it:
+
+### Facebook
+
+In 2014, Facebook [made the news](https://www.aclunc.org/blog/my-name-why-aclu-facebook-today) (again) for enforcing a [horrible policy](https://www.zdnet.com/article/facebook-nymwars-disproportionately-outing-lgbt-performers-users-furious/) (again) that was [hurting](https://www.eff.org/deeplinks/2014/09/facebooks-real-name-policy-can-cause-real-world-harm-lgbtq-community) marginalized and vulnerable groups the most ([again](https://www.hrc.org/news/metas-new-policies-how-they-endanger-lgbtq-communities-and-our-tips-for-staying-safe-online)).
+
+Several human rights groups, including the Electronic Frontier Foundation, Human Rights Watch, and Access Now even joined the [Nameless Coalition](https://www.accessnow.org/nameless-coalition-calls-on-facebook-to-change-its-real-name-policy/) to demand changes to Facebook's policy.
+
+Facebook presented this ramping up of their real-name policy enforcement as something important for "authenticity" online. Despite this dubitable claim, Facebook was in all likelihood simply worried about protecting its financial assets, as ever.
+
+Back in 2012, Facebook's share price plummeted after a quarterly filing with the Securities and Exchange Commission [revealed](https://www.theguardian.com/technology/2012/aug/02/facebook-share-price-slumps-20-dollars) that an estimated 8.7% of accounts on the platform may be fake, and 5% of active accounts were duplicates (numbers that aren't really that alarming, actually). But this backlash from investors evidently scared Facebook enough to justify intensifying its policy enforcement for accounts using pseudonyms, or suspected of being fake, presumably in an attempt to soothe shareholders.
+
+Despite the unpopularity of these policies, the real customer for Facebook isn't its users, but its advertisers (who demand access to your data, Facebook's true product).
+
+Advertisers want some assurance that they are paying for *real* humans to see their ads, otherwise this diminishes Facebook's value to them. **It's important to remember that Facebook is, and has always been, an advertising company.**
+
+Despicably, Facebook even [encouraged](https://thenextweb.com/news/facebook-now-wants-snitch-friends-arent-using-real-name) people to "snitch on [their] friends if they are not using their real name."
+
+> Please help us understand how people are using Facebook. Your response is anonymous and won't affect your friend's account. Is this your friend's real name?
+
+This kind of prompt fosters mistrust and allows users to weaponize policies against people they simply don't like. Victims of these "report attacks" are often the most vulnerable and the most marginalized in our society. **Real-name policies have nothing to do with safety, in fact, they're horrible for safety.**
+
+A decade later, Facebook still encourages and enforces its real-name policy in order to protect its most valuable asset to sell: Your personal data.
+
+### LinkedIn
+
+LinkedIn is another well-known platform that enforces a real-name policy.
+
+The employment-oriented social media states in its [User Agreement](https://www.linkedin.com/help/linkedin/answer/a1337288/names-allowed-on-profiles) that "LinkedIn does not allow members to use pseudonyms, fake names, business names, associations, groups, email addresses, or special characters that do not reflect your real or preferred professional name."
+
+It's unclear how LinkedIn would enforce or verify what is an allowed "preferred professional name."
+
+Although this might make slightly more sense on a platform focused on employment, the policy still excludes some professionals and industries that regularly work using pseudonyms, such as performers, writers, visual artists, activists, and privacy advocates even.
+
+Additionally, the platform uses the same colonialist discrimination as Facebook, assuming that all names worldwide are composed of "first, middle, and last names" only.
+
+### Google, Quora, and Blizzard abandoned their policies
+
+Google made the news in 2011 when it started implementing and enforcing its own real-name policy for its (now defunct) social media platform Google+, and by proxy for YouTube accounts when Google [migrated](https://www.theguardian.com/technology/2014/jul/16/youtube-trolls-google-real-name-commenter-policy) YouTube comments to a Google+ system in 2013.
+
+The policy was [largely criticized](https://www.eff.org/deeplinks/2011/07/case-pseudonyms) after a wave of account suspensions, where some famous accounts were banned. In July 2014, Google [abandoned](https://en.wikipedia.org/wiki/Nymwars#Google) the policy altogether and removed restrictions on account names.
+
+The question-answering social platform Quora also enforced a real-name policy for a long time.
+
+Verification wasn't required, but names deemed "false" could be reported by the community. Again, this kind of reporting system facilitates abuse by allowing the weaponization of platform policies against marginalized groups.
+
+Thankfully, Quora [eliminated](https://quorablog.quora.com/Allowing-everyone-to-contribute-to-Quora) the requirement to use a "real" name in 2021, and now allows users to register with protective pseudonyms.
+
+The video-game developer Blizzard Entertainment spawned strong criticism online when the company [announced](https://en.wikipedia.org/wiki/Blizzard_Entertainment#Privacy_controversy_and_Real_ID) in 2010 that it would be implementing a real-name policy for Blizzard's forums.
+
+Gamers were not amused. The community came together to fight back in force against the announced policy. Game magazines and forums were inundated with replies and condemnations.
+
+At one point, a Blizzard employee trying to demonstrate that the policy "wasn't a big deal" willingly shared his real name on a public post. After this revelation, forum members started to post the employee's personal information, including his phone number, age, picture, home address, and even information related to his family members.
+
+Other members were quick to share their own experiences and show how [unsafe](https://web.archive.org/web/20100628055329/http://ve3d.ign.com/articles/news/55728/Is-Blizzards-Real-ID-Safe-Or-A-Playground-For-Sexual-Deviants) a real-name policy would be. Following the powerful community backlash, Blizzard decided to cancel its plan for the invasive policy.
+
+### South Korea
+
+<div class="admonition quote inline end" markdown>
+<p class="admonition-title">Despite the enforcement of the system, the number of illegal or malicious postings online has not decreased.</p></div>
+
+Terrifyingly, whole countries have enforced real-name policies online. In 2007, South Korea [implemented](https://www.koreatimes.co.kr/southkorea/20120823/online-real-name-system-unconstitutional) a name registration system for internet users in compliance with the country's Information Communications Law.
+
+The law was initially enforced in an attempt to reduce malicious comments online, but **was later ruled unconstitutional and revoked in 2012**.
+
+The Constitutional Court said in its verdict that "the system does not seem to have been beneficial to the public. <span class="pullquote-source">Despite the enforcement of the system, the number of illegal or malicious postings online has not decreased.</span>"
+
+### China
+
+Sadly, not every country implementing such a system came to the same conclusion.
+
+In China, the [Internet real-name system](https://en.wikipedia.org/wiki/Internet_real-name_system_in_China) obligates all internet service providers and online platforms to collect users' legal names, ID numbers, and more. This affects services such as internet access, phone service, social media, instant messaging, microblogging, and online gaming.
+
+In 2023, large Chinese platforms announced that they would make public the legal names of any accounts with over 500,000 followers.
+
+In July 2025, China centralized this control further with the launch of the [national online identity authentication](https://en.wikipedia.org/wiki/National_online_identity_authentication) system, which requires citizens to submit their personal information in order to receive an "Internet certificate" to access online accounts.
+
+This effectively imposes a real-name policy on *all* internet services in the country, and makes this information accessible at all time by the government.
+
+The new national cyber ID system has been [criticized](https://www.scmp.com/tech/tech-trends/article/3318302/china-rolls-out-voluntary-cyber-id-system-amid-concerns-over-privacy-censorship) over privacy and censorship concerns.
+
+So far, it is not mandatory to share identity through the national online identity authentication (although services are still obligated to identity their users in other ways).
+
+However, in a country where freedom of speech and access to information is increasingly restricted, it's easy to imagine the national real-name system could become obligatory everywhere soon.
+
+## Real-name policies don't make the web safer
+
+It has been demonstrated again and again that real-name policies do not reduce abuse and misbehavior online, and only end up harming the most vulnerable.
+
+Despite the evidence and failed attempts, platform owners and policymakers obstinately continue to push for the implementation of these dangerous, authoritarian systems.
+
+Platforms will often claim these policies are to protect users from harassment, but when action is required to truly protect users they refuse to act. Facebook, the most infamous platform for enforcing its real-name policy, [ranks the *worst* for online harassment](https://www.theverge.com/news/713976/online-harassment-meta-social-media-environmental-activists).
+
+So, who are these real-name policies truly protecting?
+
+It's clear that, as is the case for other oppressive policies such as [Age Verification](age-verification-wants-your-face.md) and [Chat Control](chat-control-must-be-stopped.md), "safety" is only an excuse for people to accept what this is truly about: **Corporate profit and government control.**
+
+Unfortunately, as long as these platforms' business model is to sell users' data to advertisers and other stakeholders, there is no incentive for them to protect our privacy and our right to use protective pseudonyms, as the EFF's Director of Cybersecurity Eva Galperin aptly pointed out in her [talk](https://www.youtube.com/watch?v=d5czLwsa-wE) at the HOPE conference in 2012. **More data just means more money to them.**
+
+When governments impose similar invasive practices, it's a **dangerous and slippery slope towards totalitarianism**.
+
+Citizens need to be able to express their views freely online and criticize their government and its leaders without fear of reprisal. Real-name policies (explicit and implicit) are only a tool for censorship, and there is no democracy and no freedom under government censorship.
+
+Fighting against policies attacking online pseudonymity, such as real-name policies, age-verification policies, and Chat Control proposals, isn't just a banal fight to keep using silly nicknames online. It's a battle for democracy, for civil liberties, and for human rights.
+
+## What you can do about real-name policies
+
+- [**Choose better platforms**](https://news.elenarossini.com/my-fediverse-starter-guide) that do not require you to share your legal name and official IDs, such as [Mastodon](mastodon-privacy-and-security.md) or other platforms connected to the Fediverse.
+
+- [**Inform yourself**](https://safetycrave.com/why-should-not-use-real-names-online/) on the dangers related to using legal names online, and share this information with others.
+
+- [**Say no**](you-can-say-no.md) to sharing official documentation with commercial platforms when it isn't strictly required and when you can avoid it.
+
+- [**Understand the difference**](https://www.privacyguides.org/videos/2025/03/14/stop-confusing-privacy-anonymity-and-security/) between privacy, security, anonymity, and pseudonymity.
+
+- [**Use pseudonyms**](stay-safe-but-stay-connected.md/#practices-and-tools-that-help-in-various-contexts) on platforms where you can. Use a pseudonym persistent across platforms if you want these accounts to be linked together for trust, or use different pseudonyms to keep them separated.
+
+- **Make your voice heard!** Contact your government representatives to let them know that privacy is important to you, and explain to them that pseudonymity is essential for safety, democracy, and free speech online. Complain against platforms using these invasive and exclusionary practices. Citizen action matters, and abusive policies can be reversed.
+
+<div class="admonition info" markdown>
+<p class="admonition-title">Remember that pseudonymity isn't anonymity</p>
+
+Keep in mind that only using a pseudonym isn't enough to make you anonymous online. There are many other ways to tie an identity together, such as IP addresses, [browser fingerprinting](https://www.privacyguides.org/videos/2025/09/12/what-is-browser-fingerprinting-and-how-to-stop-it/), photo comparison, facial recognition, and so on and so forth. Pseudonymity is a great practice to *improve* your privacy and safety online, but alone it does have limitations.
+
+</div>

blog/posts/sam-altman-wants-your-eyeball.md

@@ -6,7 +6,7 @@ categories:
     - News
 authors:
     - em
-description: Last week, OpenAI's CEO Sam Altman announced in San Francisco that the World project he co-founded, formerly known as Worldcoin, is opening six stores across the United States, allowing users of the project's app to scan their eyeballs.
+description: Last week, OpenAI's CEO Sam Altman announced in San Francisco that the World project he co-founded, formerly known as Worldcoin, is opening six stores across the United States, allowing users of the project's app to scan their eyeballs. This is worrisome, to say the least.
 schema_type: AnalysisNewsArticle
 preview:
   cover: blog/assets/images/sam-altman-wants-your-eyeball/orb-cover.webp

blog/posts/selling-surveillance-as-convenience.md

@@ -5,7 +5,7 @@ categories:
     - Opinion
 authors:
     - em
-description: Increasingly, surveillance is being normalized and integrated in our lives. Under the guise of convenience, applications and features are sold to us as being the new better way to do things. While some might be useful, this convenience is a Trojan horse. The cost of it is the continuous degradation of our privacy rights, with all that that entails.
+description: Increasingly, surveillance is being normalized and integrated in our lives. Under the guise of convenience, applications and features are sold to us as being the new better way to do things. But this convenience is a Trojan horse.
 schema_type: OpinionNewsArticle
 preview:
   cover: blog/assets/images/selling-surveillance-as-convenience/surveillance-cover.webp

blog/posts/the-fight-for-privacy-after-death.md

@@ -0,0 +1,94 @@
+---
+date:
+  created: 2025-09-16T18:00:00Z
+categories:
+  - Opinion
+authors:
+  - ptrmdn
+description: In 2020, London police failed to save two sisters in life, then violated their privacy in death. This is a call to arms for posthumous privacy rights.
+schema_type: OpinionNewsArticle
+preview:
+  cover: blog/assets/images/the-fight-for-privacy-after-death/cover.webp
+---
+# Ghosts in the Machine: The Fight for Privacy After Death
+
+![](../assets/images/the-fight-for-privacy-after-death/cover.webp)
+
+<small aria-hidden="true">Photo: Panyawat Auitpol / Unsplash</small>
+
+In the early hours of 6 June 2020, Nicole Smallman and her sister Bibaa Henry had just finished celebrating Bibaa's birthday with friends in a park in London. Alone and in the dark, they were both [fatally and repeatedly stabbed](https://en.wikipedia.org/wiki/Murders_of_Bibaa_Henry_and_Nicole_Smallman) 36 times.<!-- more -->
+
+<div class="admonition note inline end" markdown>
+<p class="admonition-title">Guest Contributor</p>
+
+Please welcome Peter Marsden as a first-time guest contributor! Privacy Guides does not publish guest posts in exchange for compensation, and this tutorial was independently reviewed by our editorial team prior to publication.
+
+</div>
+
+But the police didn’t just fail them in life—they failed them in death too. PC Deniz Jaffer and PC Jamie Lewis, both of the Metropolitan Police, [took selfies](https://www.theguardian.com/uk-news/2021/dec/06/two-met-police-officers-jailed-photos-murdered-sisters-deniz-jaffer-jamie-lewis-nicole-smallman-bibaa-henry) with the dead bodies of the victims, posting them on a WhatsApp group. And no privacy laws prevented them from doing so.
+
+This horrific case is just one in the murky, often sinister realm of posthumous privacy. In the UK, Europe, and across the world, privacy protections for the dead are at best a rarity—and at worst, a deep moral and societal failing that we cannot and must not accept.
+
+Let’s take a step back. The case of the Smallmans starkly draws attention to the denial in death of guarantees to the living.
+
+<div class="admonition quote inline pullquote" markdown>
+<p class="admonition-title">This abrupt collapse in privacy rights leaves the deceased and their families <small>[...]</small> newly vulnerable, and at a time when they are already utterly broken.</p>
+</div>
+
+As a *Privacy Guides* reader, you are no doubt aware that the UK and Europe have firm privacy protections in *The General Data Protection Regulation* (GDPR) and Article 8 of the *European Convention on Human Rights* (ECHR).
+
+However, the picture elsewhere is less clear, with a challenging patchwork of laws and regional statutes being the only protection for those in the US and much of the rest of the world. And once you die? Almost universally, these protections [immediately cease](https://gdpr-info.eu/recitals/no-27/).
+
+Here the problem begins. <span class="pullquote-source">This abrupt collapse in privacy rights leaves the deceased and their families—like the Smallman family—newly vulnerable, and at a time when they are already utterly broken.</span>
+
+In the absence of law comes the pursuit of it, against a backdrop of flagrant privacy violations. What this pursuit means, in practical terms, is that two primary categories of posthumous privacy dominate legal debate: the medical, where the law has intervened tentatively, and the digital, where it simply hasn’t kept up.
+
+Medical protections are tentative because of piecemeal development. Typically involving legal workarounds, they offer rare precedent for what might happen to your digital ghosts now and in the future, with the only clear trend being a reluctance to protect.
+
+That said, the US is one country that has taken measures to protect the medical privacy of the dead. The *Health Insurance Portability and Accountability Act* (HIPAA) dictates that 50 years of protection must be given to your personally identifiable medical information after you die.
+
+Except there’s a catch. State laws also apply, and state laws differ. In Colorado, Louisiana, and many others, its efficacy is severely challenged by laws dictating the mandatory release of information regarded as public—including autopsy reports and even [your genetic information](http://dx.doi.org.ezp.lib.cam.ac.uk/10.1177/1073110516654124).
+
+In lieu of any protections, surviving relatives in Europe have found some success claiming that their own Article 8 rights—that ECHR right to privacy—have been violated through disclosures or inspections related to their deceased.
+
+In one case, Leyla Polat, an Austrian national, suffered the awful death of her son just two days after birth following a cerebral hemorrhage. The family refused a postmortem examination, wanting to bury their child in accordance with Muslim beliefs; but doctors insisted it take place, covertly removing his internal organs and filling the hollows with cotton wool.
+
+When this was discovered during the funeral rites, the boy had to be buried elsewhere, and without ceremony. After several court cases and appeals, The European Court of Human Rights [found](https://hudoc.echr.coe.int/rum#%7B%22itemid%22:%5B%22002-13361%22%5D%7D) that Leyla’s Article 8 and 9 rights had been violated.
+
+As an aside: Stalin’s grandson [tried the same Article 8 route](https://hudoc.echr.coe.int/eng#%7B%22itemid%22:%5B%22001-150568%22%5D%7D) in relation to reputational attacks on his grandfather, reflecting attempts to apply the workaround more widely.
+
+It’s not that there hasn’t been some progress. The fundamental problem is that protections—already sparse—are only as good as their material and geographic scopes, their interactions with other laws, and how they are interpreted in a court.
+
+Nowhere is this more apparent than in the case of the Smallman sisters. Judge Mark Lucraft KC [found](https://www.judiciary.uk/wp-content/uploads/2022/07/R-v-Jaffer-Lewis-sentencing-061221.pdf) that PCs Jaffer and Lewis, in taking selfies with the murdered victims, had:
+
+> *“…wholly disregarded the privacy of the two victims of horrific violence and their families for what can only have been some cheap thrill, kudos, a kick or some form of bragging right by taking images and then passing them to others.”*
+
+Yet this acknowledgement of privacy violation is precisely just that. The crime the officers committed was misconduct in public office; they were not convicted on the basis of privacy law. That sense of progress—that we might be beginning to recognize the importance of posthumous privacy—has all but gone out of the window.
+
+That does not leave your digital privacy in a good place. Whatever little protection you may be able to tease out for our medical privacy far, far exceeds the control you have over your virtual ghosts. And with AI just about everywhere, the prospects for your data after death are terrifying.
+
+<div class="admonition quote inline end pullquote" markdown>
+<p class="admonition-title">Account deleted or not, our ghosts will all be stuck in the machine.</p>
+</div>
+
+We’ve already established that data protections for the living—such as GDPR—expire at death. The simple reality is that dying places your data at the mercy of large technology corporations, and their dubious afterlife tools.
+
+Even if you trust such tools to dispose of or act on our data, there is a disconnect between demand and take-up. A [study of UK nationals](https://www.tandfonline.com/doi/full/10.1080/13600869.2025.2506164#abstract) found a majority that wanted their data deleted at death were unaware of the tools, with large tech companies unwilling to share any details on their uptake. Reassuring stuff.
+
+But the reality is, you shouldn’t. You’ll recall that [deletion doesn’t usually mean deletion](https://www.privacyguides.org/en/basics/account-deletion/), and after death even GDPR can’t force big tech to delete the data of those lucky enough to have benefited from it. <span class="pullquote-source">Account deleted or not, our ghosts will all be stuck in the machine.</span>
+
+Recent reports have acknowledged dire possibilities. Almost worldwide, you can [legally train AI models on the data of a deceased person](https://www.reuters.com/article/world/data-of-the-dead-virtual-immortality-exposes-holes-in-privacy-laws-idUSKBN21Z0NE/) and recreate them in digital form—all without their prior consent. Organizations exist purely to scour your social media profiles and activity for this exact purpose. Your ghost could be used to generate engagement against your will, disclosing what you tried to hide.
+
+You may ask: why should the law care? Why indeed, when it deems we [cannot be harmed](https://doi.org/10.1093/acprof:oso/9780199607860.003.0003) after death. To argue thus is to miss the point. **A lack of privacy after death harms the living, often in ways others cannot see.**
+
+The effect of [postmortem anxiety](https://www.tandfonline.com/doi/full/10.1080/17577632.2024.2438395#d1e120) is a real one that deeply troubles individuals wishing to keep a part of them hidden from public—or even family—view, whether it be it an [illicit affair](https://www.cardozoaelj.com/wp-content/uploads/2011/02/Edwards-Galleyed-FINAL.pdf) or whatever else. Revelation at the point of death can be just as harmful to those still alive.
+
+There is cause for optimism. Article 85 of the *French Data Protection Act* allows you to include [legally enforceable demands concerning your personal data](https://www.cnil.fr/fr/la-loi-informatique-et-libertes#article85) in your will. This is truly a landmark piece of legislation by the French that indicates what the global direction of travel should be, and what we should ultimately demand: protections for the dead, by the dead.
+
+But even more urgently, we must demand that governments across the world introduce even the most basic legal framework for postmortem privacy that protects you, your family, and community from egregious harm.
+
+The Smallmans deserved dignity, and so does everyone else in death. The law must catch up.
+
+---
+
+*This article hasn’t even begun to scratch the surface of the complexity of postmortem privacy, and there are innumerable relevant cases and laws that simply wouldn’t fit. If the topic has caught your interest, and you’d like to dig in more, [this white paper](https://doi.org/10.1016/j.clsr.2022.105737) by Uta Kohl is a good starting point.*

blog/posts/the-future-of-privacy.md

@@ -5,7 +5,7 @@ categories:
     - News
 authors:
     - em
-description: Privacy is intrinsically intertwined with politics. Each change in governance can have serious effects on privacy rights and privacy tools, for better or for worse. Let's examine with concrete examples how politics affect legislations that can have an immense impact on the privacy tools and features we use.
+description: Privacy is intrinsically intertwined with politics. Each change in governance can have substantial effects on privacy rights and privacy tools. Using concrete examples, we examine how politics can impact the tools we use.
 schema_type: NewsArticle
 preview:
   cover: blog/assets/images/the-future-of-privacy/cover.webp

blog/posts/the-privacy-of-others.md

@@ -5,7 +5,7 @@ categories:
     - Explainers
 authors:
     - em
-description: In privacy, we talk a lot about how to protect our own data, but what about our responsibility to protect the data of others? If you care about privacy rights, you must also care for the data of the people around you. Together, we must start building a culture of data privacy where everyone cares for the data of others.
+description: In privacy, we talk a lot about how to protect our own data, but what about our responsibility to protect the data of others? If you care about privacy rights, you must also care for the data of the people around you. Together, we must build a culture where everyone cares for the data of others.
 schema_type: NewsArticle
 preview:
   cover: blog/assets/images/the-privacy-of-others/cover.webp

blog/posts/your-online-life-is-irl.md

@@ -5,7 +5,7 @@ categories:
     - Opinion
 authors:
     - em
-description: If you, like myself, have been inhabiting the internet for a few decades, you're probably familiar with the old adage IRL (In Real Life). The acronym was used a lot when the distinction between online life and offline life was much greater than it is now. In today's world, can we really keep referring to our digital life as being somehow disconnected from our real life?
+description: If you've been on the internet for a while, you're probably familiar with the old adage IRL (In Real Life). The acronym was used a lot when online and offline life was much more separated than it is now. Today, can we truly keep talking about our digital life as being separated from our real life?
 schema_type: OpinionNewsArticle
 preview:
   cover: blog/assets/images/your-online-life-is-irl/irl-cover.webp

docs/about.md

@@ -183,6 +183,7 @@ However, Privacy Guides *does* have social media accounts on a wide variety of p
 - [:simple-x: X (Twitter)](https://x.com/privacy_guides)
 - [:simple-youtube: YouTube](https://youtube.com/@privacyguides)
 - [:simple-tiktok: TikTok](https://www.tiktok.com/@privacyguides)
+- [:simple-facebook: Facebook](https://www.facebook.com/PrivacyGuides.org)
 
 </div>
 

docs/basics/multi-factor-authentication.md

@@ -1,6 +1,6 @@
 ---
-title: "Multifactor Authentication"
-icon: 'material/two-factor-authentication'
+title: Multifactor Authentication
+icon: material/two-factor-authentication
 description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others.
 ---
 **Multifactor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app.
@@ -63,7 +63,7 @@ If your threat model requires you to have different identities on different webs
 
 #### FIDO (Fast IDentity Online)
 
-[FIDO](https://en.wikipedia.org/wiki/FIDO_Alliance) includes a number of standards, first there was U2F and then later [FIDO2](https://en.wikipedia.org/wiki/FIDO2_Project) which includes the web standard [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn).
+[FIDO](https://en.wikipedia.org/wiki/FIDO_Alliance) includes a number of standards, first there was [U2F](https://en.wikipedia.org/wiki/Universal_2nd_Factor) and then later [FIDO2](https://en.wikipedia.org/wiki/FIDO2_Project) which includes the web standard [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn).
 
 U2F and FIDO2 refer to the [Client to Authenticator Protocol](https://en.wikipedia.org/wiki/Client_to_Authenticator_Protocol), which is the protocol between the security key and the computer, such as a laptop or phone. It complements WebAuthn which is the component used to authenticate with the website (the "Relying Party") you're trying to log in on.
 

docs/cloud.md

@@ -1,6 +1,6 @@
 ---
 meta_title: "The Best Private and Secure Cloud Storage Providers - Privacy Guides"
-title: "Cloud Storage"
+title: Cloud Storage
 icon: material/file-cloud
 description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives!
 cover: cloud.webp
@@ -17,7 +17,7 @@ If these alternatives do not fit your needs, we suggest you look into using encr
 <details class="admonition info" markdown>
 <summary>Looking for Nextcloud?</summary>
 
-Nextcloud is [still a recommended tool](document-collaboration.md#nextcloud) for self-hosting a file management suite, however we do not recommend third-party Nextcloud storage providers at the moment, because we do [not recommend](https://discuss.privacyguides.net/t/dont-recommend-nextcloud-e2ee/10352/29) Nextcloud's built-in E2EE functionality for home users.
+For more technical readers, Nextcloud is [still a recommended tool](self-hosting/file-management.md#nextcloud) for self-hosting a file management suite, however we do not recommend third-party Nextcloud storage providers at the moment, because we do [not recommend](https://discuss.privacyguides.net/t/dont-recommend-nextcloud-e2ee/10352/29) Nextcloud's built-in E2EE functionality for home users.
 
 </details>
 
@@ -97,7 +97,9 @@ They have also received the Digital Trust Label, a certification from the [Swiss
 
 ![Peergos logo](assets/img/cloud/peergos.svg){ align=right }
 
-**Peergos** is a decentralized protocol and open-source platform for storage, social media, and applications. It provides a secure and private space where users can store, share, and view their photos, videos, documents, etc. Peergos secures your files with quantum-resistant end-to-end encryption and ensures all data about your files remains private.
+**Peergos** is a decentralized protocol and open-source platform for storage, social media, and applications. It provides a secure and private space where users can store, share, view, and edit their photos, videos, documents, etc.
+
+Peergos secures your files with quantum-resistant E2EE and ensures all data about your files remains private. It is also [self-hostable](https://book.peergos.org/features/self).
 
 [:octicons-home-16: Homepage](https://peergos.org){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://peergos.net/privacy.html){ .card-link title="Privacy Policy" }
@@ -110,9 +112,9 @@ They have also received the Digital Trust Label, a certification from the [Swiss
 
 - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=peergos.android)
 - [:simple-github: GitHub](https://github.com/Peergos/web-ui/releases)
-- [:fontawesome-brands-windows: Windows](https://github.com/Peergos/web-ui/releases)
-- [:simple-apple: macOS](https://github.com/Peergos/web-ui/releases)
-- [:simple-linux: Linux](https://github.com/Peergos/web-ui/releases)
+- [:fontawesome-brands-windows: Windows](https://peergos.org/download#windows)
+- [:simple-apple: macOS](https://peergos.org/download#macos)
+- [:simple-linux: Linux](https://peergos.org/download#linux)
 - [:octicons-browser-16: Web](https://peergos.net)
 
 </details>
@@ -121,9 +123,7 @@ They have also received the Digital Trust Label, a certification from the [Swiss
 
 Peergos is built on top of the [InterPlanetary File System (IPFS)](https://ipfs.tech), a peer-to-peer architecture that protects against [:material-close-outline: Censorship](basics/common-threats.md#avoiding-censorship){ .pg-blue-gray }.
 
-Peergos is primarily a web app, but you can self-host the server either as a local cache for your remote Peergos account, or as a standalone storage server which negates the need to register for a remote account and subscription. The Peergos server is a `.jar` file, which means the Java 17+ Runtime Environment ([OpenJDK download](https://azul.com/downloads)) should be installed on your machine to get it working.
-
-Running a local version of Peergos alongside a registered account on their paid, hosted service allows you to access your Peergos storage without any reliance on DNS or TLS certificate authorities, and keep a copy of your data backed up to their cloud. The user experience should be the same whether you run their desktop server or just use their hosted web interface.
+The client, server, and command line interface for Peergos all run from the same binary. Additionally, Peergos includes a [sync engine](https://book.peergos.org/features/sync) (accessible via the native apps) for bi-directionally synchronizing a local folder with a Peergos folder, and a [webdav bridge](https://book.peergos.org/features/webdav) to allow other applications to access your Peergos storage. You can refer to Peergos's documentation for a full overview of their numerous features.
 
 Peergos was [audited](https://peergos.org/posts/security-audit-2024) in November 2024 by Radically Open Security and all issues were fixed. They were previously [audited](https://cure53.de/pentest-report_peergos.pdf) by Cure53 in June 2019, and all found issues were subsequently fixed.
 

docs/data-redaction.md

@@ -24,19 +24,19 @@ You should **never** use blur to redact [text in images](https://bishopfox.com/b
 
 ![MAT2 logo](assets/img/data-redaction/mat2.svg){ align=right }
 
-**MAT2** is free, cross-platform software which allows you to remove metadata from image, audio, torrent, and document file types. It provides both a command line tool and a graphical user interface via an extension for [Dolphin](https://0xacab.org/jvoisin/mat2/-/tree/master/dolphin), the default file manager of [KDE](https://kde.org).
+**MAT2** is free, cross-platform software which allows you to remove metadata from image, audio, torrent, and document file types. It provides both a command line tool and a graphical user interface via an extension for [Dolphin](https://github.com/jvoisin/mat2/tree/master/dolphin), the default file manager of [KDE](https://kde.org).
 
-[:octicons-repo-16: Repository](https://0xacab.org/jvoisin/mat2){ .md-button .md-button--primary }
-[:octicons-info-16:](https://0xacab.org/jvoisin/mat2/-/blob/master/README.md){ .card-link title="Documentation" }
-[:octicons-code-16:](https://0xacab.org/jvoisin/mat2){ .card-link title="Source Code" }
+[:octicons-repo-16: Repository](https://github.com/jvoisin/mat2#readme){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/jvoisin/mat2#how-to-use-mat2){ .card-link title="Documentation" }
+[:octicons-code-16:](https://github.com/jvoisin/mat2){ .card-link title="Source Code" }
 
 <details class="downloads" markdown>
 <summary>Downloads</summary>
 
-- [:fontawesome-brands-windows: Windows](https://pypi.org/project/mat2#metadata-and-privacy)
-- [:simple-apple: macOS](https://0xacab.org/jvoisin/mat2#requirements-setup-on-macos-os-x-using-homebrew)
+- [:fontawesome-brands-windows: Windows](https://pypi.org/project/mat2)
+- [:simple-apple: macOS](https://github.com/jvoisin/mat2#requirements-setup-on-macos-os-x-using-homebrew)
 - [:simple-linux: Linux](https://pypi.org/project/mat2)
-- [:octicons-globe-16: Web](https://0xacab.org/jvoisin/mat2#web-interface)
+- [:octicons-browser-16: Web](https://github.com/jvoisin/mat2#web-interface)
 
 </details>
 

docs/desktop-browsers.md

@@ -309,7 +309,7 @@ Brave allows you to select additional content filters within the internal `brave
 
 <div class="annotate" markdown>
 
-- [x] Select **Don't allow sites to use the V8 optimizer** under *Security* → *Manage V8 security* (1)
+- [x] Select **Don’t allow sites to use JavaScript optimization** under *Security* → *Manage JavaScript optimization & security* (1)
 - [x] Select **Automatically remove permissions from unused sites** under *Sites and Shields Settings*
 - [x] Select **Disable non-proxied UDP** under [*WebRTC IP Handling Policy*](https://support.brave.com/hc/articles/360017989132-How-do-I-change-my-Privacy-Settings#webrtc)
 - [ ] Uncheck **Use Google services for push messaging**

docs/dns.md

@@ -23,9 +23,8 @@ These are our favorite public DNS resolvers based on their privacy and security
 | [**AdGuard Public DNS**](https://adguard-dns.io/en/public-dns.html) | Cleartext <br>DoH/3 <br>DoT <br>DoQ <br>DNSCrypt | Anonymized[^1] | Anonymized | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardSDNSFilter) | Yes [:octicons-link-external-24:](https://adguard-dns.io/en/blog/encrypted-dns-ios-14.html) |
 | [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setup) | Cleartext <br>DoH/3 <br>DoT | Anonymized[^2] | No | Based on server choice. | No [:octicons-link-external-24:](https://community.cloudflare.com/t/requesting-1-1-1-1-signed-profiles-for-apple/571846) |
 | [**Control D Free DNS**](https://controld.com/free-dns) | Cleartext <br>DoH/3 <br>DoT <br>DoQ | No[^3] | No | Based on server choice. | Yes <br>[:simple-apple: iOS](https://docs.controld.com/docs/ios-platform) <br>[:material-apple-finder: macOS](https://docs.controld.com/docs/macos-platform#manual-setup-profile) |
-| [**DNS0.eu**](https://dns0.eu) | Cleartext <br>DoH/3 <br>DoH <br>DoT <br>DoQ | Anonymized[^4] | Anonymized | Based on server choice. | Yes [:octicons-link-external-24:](https://dns0.eu/zero.dns0.eu.mobileconfig) |
-| [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | DoH <br>DoT | No[^5] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) | Yes [:octicons-link-external-24:](https://github.com/mullvad/encrypted-dns-profiles) |
-| [**Quad9**](https://quad9.net) | Cleartext <br>DoH <br>DoT <br>DNSCrypt | Anonymized[^6] | Optional | Based on server choice. Malware blocking is included by default. | Yes <br>[:simple-apple: iOS](https://docs.quad9.net/Setup_Guides/iOS/iOS_14_and_later_(Encrypted)) <br>[:material-apple-finder: macOS](https://docs.quad9.net/Setup_Guides/MacOS/Big_Sur_and_later_(Encrypted)) |
+| [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | DoH <br>DoT | No[^4] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) | Yes [:octicons-link-external-24:](https://github.com/mullvad/encrypted-dns-profiles) |
+| [**Quad9**](https://quad9.net) | Cleartext <br>DoH <br>DoT <br>DNSCrypt | Anonymized[^5] | Optional | Based on server choice. Malware blocking is included by default. | Yes <br>[:simple-apple: iOS](https://docs.quad9.net/Setup_Guides/iOS/iOS_14_and_later_(Encrypted)) <br>[:material-apple-finder: macOS](https://docs.quad9.net/Setup_Guides/MacOS/Big_Sur_and_later_(Encrypted)) |
 
 [^1]:
     AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested within the last 24 hours.
@@ -42,14 +41,10 @@ These are our favorite public DNS resolvers based on their privacy and security
 
     Control D: [*Privacy Policy*](https://controld.com/privacy)
 [^4]:
-    DNS0.eu collects some data for their threat intelligence feeds to monitor for newly registered/observed/active domains and other bulk data. That data is shared with some [partners](https://docs.dns0.eu/data-feeds/introduction) for e.g. security research. They do not collect any personally identifiable information.
-
-    DNS0.eu: [*Privacy Policy*](https://dns0.eu/privacy)
-[^5]:
     Mullvad's DNS service is available to both subscribers and non-subscribers of Mullvad VPN. Their privacy policy explicitly claims they do not log DNS requests in any way.
 
     Mullvad: [*No-logging of user activity policy*](https://mullvad.net/en/help/no-logging-data-policy)
-[^6]:
+[^5]:
     Quad9 collects some data for the purposes of threat monitoring and response. That data may then be remixed and shared for purposes like furthering their security research. Quad9 does not collect or record IP addresses or other data they deem personally identifiable.
 
     Quad9: [*Data and Privacy Policy*](https://quad9.net/privacy/policy)
@@ -195,5 +190,5 @@ All DNS products...
 Additionally, all public providers...
 
 - Must not log any personal data to disk.
-    - As noted in the footnotes, some providers collect query information for purposes like security research, but in that case the data must not be associated with any PII such as IP address, etc.
+    - As noted in the footnotes, some providers collect query information for purposes like security research, but in such cases, the data must not be associated with any PII such as IP address, etc.
 - Should support [anycast](https://en.wikipedia.org/wiki/Anycast) or geo-steering.

docs/document-collaboration.md

@@ -1,77 +1,41 @@
 ---
-title: "Document Collaboration"
+title: Document Collaboration
 icon: material/account-group
-description: Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do.
+description: Most online office suites do not support end-to-end encryption, meaning the cloud provider has access to everything you do.
 cover: document-collaboration.webp
 ---
 <small>Protects against the following threat(s):</small>
 
 - [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers){ .pg-teal }
 
-Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. The provider's privacy policy may legally protect your rights, but it does not provide technical access constraints.
+Most online **document collaboration** platforms like Google Drive do not support end-to-end encryption, meaning the cloud provider has access to everything you do. The provider's privacy policy may legally protect your rights, but it does not provide technical access constraints.
 
-## Collaboration Platforms
-
-### Nextcloud
-
-<div class="admonition recommendation" markdown>
-
-![Nextcloud logo](assets/img/document-collaboration/nextcloud.svg){ align=right }
-
-**Nextcloud** is a suite of free and open-source client-server software for creating your own file hosting services on a private server you control.
-
-[:octicons-home-16: Homepage](https://nextcloud.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://nextcloud.com/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://nextcloud.com/support){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/nextcloud){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://nextcloud.com/contribute){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.nextcloud.client)
-- [:simple-appstore: App Store](https://apps.apple.com/app/id1125420102)
-- [:simple-github: GitHub](https://github.com/nextcloud/android/releases)
-- [:fontawesome-brands-windows: Windows](https://nextcloud.com/install/#install-clients)
-- [:simple-apple: macOS](https://nextcloud.com/install/#install-clients)
-- [:simple-linux: Linux](https://nextcloud.com/install/#install-clients)
-
-</details>
-
-</div>
-
-<div class="admonition danger" markdown>
-<p class="admonition-title">Danger</p>
-
-We don't recommend using the [E2EE App](https://apps.nextcloud.com/apps/end_to_end_encryption) for Nextcloud as it may lead to data loss; it is highly experimental and not production quality. For this reason, we don't recommend third-party Nextcloud providers.
-
-</div>
-
-### CryptPad
+## CryptPad
 
 <div class="admonition recommendation" markdown>
 
 ![CryptPad logo](assets/img/document-collaboration/cryptpad.svg){ align=right }
 
-**CryptPad** is a private-by-design alternative to popular office tools. All content on this web service is end-to-end encrypted and can be shared with other users easily. [:material-star-box: Read our latest CryptPad review.](https://www.privacyguides.org/articles/2025/02/07/cryptpad-review)
+**CryptPad** is a private-by-design alternative to popular, full-fledged office suites. All content on this web service is E2EE and can be shared with other users easily.
+
+[:material-star-box: Read our latest CryptPad review.](https://www.privacyguides.org/articles/2025/02/07/cryptpad-review)
 
 [:octicons-home-16: Homepage](https://cryptpad.fr){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://cryptpad.fr/pad/#/2/pad/view/GcNjAWmK6YDB3EO2IipRZ0fUe89j43Ryqeb4fjkjehE){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://docs.cryptpad.fr){ .card-link title=Documentation}
+[:octicons-server-16:](https://cryptpad.org/instances){ .card-link title="Public Instances" }
+[:octicons-info-16:](https://docs.cryptpad.fr){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/xwiki-labs/cryptpad){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://opencollective.com/cryptpad){ .card-link title=Contribute }
+[:octicons-heart-16:](https://opencollective.com/cryptpad){ .card-link title="Contribute" }
 
 </details>
 
 </div>
 
-### Criteria
+## Criteria
 
 **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
 
-#### Minimum Requirements
-
-In general, we define collaboration platforms as full-fledged suites which could reasonably act as a replacement to Google Drive.
+### Minimum Requirements
 
 - Must be open source.
 - Must make files accessible via WebDAV unless it is impossible due to E2EE.
@@ -80,7 +44,7 @@ In general, we define collaboration platforms as full-fledged suites which could
 - Must support real-time document collaboration.
 - Must support exporting documents to standard document formats (e.g. ODF).
 
-#### Best-Case
+### Best-Case
 
 Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
 

docs/file-sharing.md

@@ -1,5 +1,5 @@
 ---
-title: "File Sharing and Sync"
+title: File Sharing and Sync
 icon: material/share-variant
 description: Discover how to privately share your files between your devices, with your friends and family, or anonymously online.
 cover: file-sharing.webp
@@ -24,9 +24,9 @@ If you already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarde
 
 [:octicons-home-16: Homepage](https://send.vis.ee){ .md-button .md-button--primary }
 [:octicons-server-16:](https://github.com/timvisee/send-instances){ .card-link title="Public Instances"}
-[:octicons-info-16:](https://github.com/timvisee/send#readme){ .card-link title=Documentation}
+[:octicons-info-16:](https://github.com/timvisee/send#readme){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/timvisee/send){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://github.com/sponsors/timvisee){ .card-link title=Contribute }
+[:octicons-heart-16:](https://github.com/sponsors/timvisee){ .card-link title="Contribute" }
 
 </details>
 
@@ -48,7 +48,7 @@ ffsend upload --host https://send.vis.ee/ FILE
 
 [:octicons-home-16: Homepage](https://onionshare.org){ .md-button .md-button--primary }
 [:simple-torbrowser:](http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion){ .card-link title="Onion Service" }
-[:octicons-info-16:](https://docs.onionshare.org){ .card-link title=Documentation}
+[:octicons-info-16:](https://docs.onionshare.org){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/onionshare/onionshare){ .card-link title="Source Code" }
 
 <details class="downloads" markdown>
@@ -73,60 +73,8 @@ OnionShare provides the option to connect via [Tor bridges](https://docs.onionsh
 - Must be open-source software.
 - Must either have clients for Linux, macOS, and Windows; or have a web interface.
 
-## FreedomBox
-
-<div class="admonition recommendation" markdown>
-
-![FreedomBox logo](assets/img/file-sharing-sync/freedombox.svg){ align=right }
-
-**FreedomBox** is an operating system designed to be run on a [single-board computer (SBC)](https://en.wikipedia.org/wiki/Single-board_computer). The purpose is to make it easy to set up server applications that you might want to self-host.
-
-[:octicons-home-16: Homepage](https://freedombox.org){ .md-button .md-button--primary }
-[:octicons-info-16:](https://wiki.debian.org/FreedomBox/Manual){ .card-link title=Documentation}
-[:octicons-code-16:](https://salsa.debian.org/freedombox-team/freedombox){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://freedomboxfoundation.org/donate){ .card-link title=Contribute }
-
-</details>
-
-</div>
-
 ## File Sync
 
-### Nextcloud (Client-Server)
-
-<div class="admonition recommendation" markdown>
-
-![Nextcloud logo](assets/img/document-collaboration/nextcloud.svg){ align=right }
-
-**Nextcloud** is a suite of free and open-source client-server software for creating your own file hosting services on a private server you control.
-
-[:octicons-home-16: Homepage](https://nextcloud.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://nextcloud.com/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://nextcloud.com/support){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/nextcloud){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://nextcloud.com/contribute){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.nextcloud.client)
-- [:simple-appstore: App Store](https://apps.apple.com/app/id1125420102)
-- [:simple-github: GitHub](https://github.com/nextcloud/android/releases)
-- [:fontawesome-brands-windows: Windows](https://nextcloud.com/install/#install-clients)
-- [:simple-apple: macOS](https://nextcloud.com/install/#install-clients)
-- [:simple-linux: Linux](https://nextcloud.com/install/#install-clients)
-
-</details>
-
-</div>
-
-<div class="admonition danger" markdown>
-<p class="admonition-title">Danger</p>
-
-We don't recommend using the [E2EE App](https://apps.nextcloud.com/apps/end_to_end_encryption) for Nextcloud as it may lead to data loss; it is highly experimental and not production quality.
-
-</div>
-
 ### Syncthing (P2P)
 
 <div class="admonition recommendation" markdown>

docs/meta/admonitions.md

@@ -164,7 +164,7 @@ This format is used to generate recommendation cards. Notably it is missing the
 ``` markdown title="Recommendation Card"
 <div class="admonition recommendation" markdown>
 
-![PhotoPrism logo](assets/img/photo-management/photoprism.svg){ align=right }
+![PhotoPrism logo](assets/img/self-hosting/photoprism.svg){ align=right }
 
 **PhotoPrism** is a self-hostable platform for managing photos. It supports album syncing and sharing as well as a variety of other [features](https://photoprism.app/features). It does not include end-to-end encryption, so it's best hosted on a server that you trust and is under your control.
 
@@ -173,13 +173,6 @@ This format is used to generate recommendation cards. Notably it is missing the
 [:octicons-info-16:](https://photoprism.app/kb){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/photoprism){ .card-link title="Source Code" }
 
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-github: GitHub](https://github.com/photoprism)
-
-</details>
-
 </div>
 ```
 
@@ -187,7 +180,7 @@ This format is used to generate recommendation cards. Notably it is missing the
 
 <div class="admonition recommendation" markdown>
 
-![PhotoPrism logo](../assets/img/photo-management/photoprism.svg){ align=right }
+![PhotoPrism logo](../assets/img/self-hosting/photoprism.svg){ align=right }
 
 **PhotoPrism** is a self-hostable platform for managing photos. It supports album syncing and sharing as well as a variety of other [features](https://photoprism.app/features). It does not include end-to-end encryption, so it's best hosted on a server that you trust and is under your control.
 
@@ -196,13 +189,6 @@ This format is used to generate recommendation cards. Notably it is missing the
 [:octicons-info-16:](https://photoprism.app/kb){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/photoprism){ .card-link title="Source Code" }
 
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-github: GitHub](https://github.com/photoprism)
-
-</details>
-
 </div>
 
 </div>

docs/os/macos-overview.md

@@ -45,7 +45,7 @@ There are a number of built-in settings you should confirm or change to harden y
 
 #### Bluetooth
 
-- [ ] Uncheck **Bluetooth** (unless you are currently using it)
+- [ ] Turn off **Bluetooth** (unless you are currently using it)
 
 #### Network
 
@@ -55,23 +55,23 @@ Click on the "Details" button by your network name:
 
 - [x] Select **Rotating** under **Private Wi-Fi address**
 
-- [x] Check **Limit IP address tracking**
+- [x] Turn on **Limit IP address tracking**
 
 ##### Firewall
 
 Your firewall blocks unwanted network connections. The stricter your firewall settings are, the more secure your Mac is. However, certain services will be blocked. You should configure your firewall to be as strict as you can without blocking services you use.
 
-- [x] Check **Firewall**
+- [x] Turn on **Firewall**
 
 Click the **Options** button:
 
-- [x] Check **Block all incoming connections**
+- [x] Turn on **Block all incoming connections**
 
 If this configuration is too strict, you can come back and uncheck this. However, macOS will typically prompt you to allow incoming connections for an app if the app requests it.
 
 #### General
 
-By default, your device name will be something like "[your name]'s iMac". Because this name is publicly broadcast on your network, you'll want to change your device name to something generic like "Mac".
+By default, your device name will be something like "[your name]'s iMac". Because this name is [publicly broadcast on your network](https://support.apple.com/guide/mac-help/change-computers-local-hostname-mac-mchlp2322/26/mac/26#:~:text=The%20local%20hostname%2C%20or%20local%20network%20name%2C%20is%20displayed%20at%20the%20bottom%20of%20the%20Sharing%20settings%20window.%20It%20identifies%20your%20Mac%20to%20Bonjour%2Dcompatible%20services.), you'll want to change your device name to something generic like "Mac".
 
 Click on **About** and type your desired device name into the **Name** field.
 
@@ -81,15 +81,37 @@ You should automatically install all available updates to make sure your Mac has
 
 Click the small :material-information-outline: icon next to **Automatic Updates**:
 
-- [x] Check **Check for updates**
+- [x] Turn on **Download new updates when available**
 
-- [x] Check **Download new updates when available**
+- [x] Turn on **Install macOS updates**
 
-- [x] Check **Install macOS updates**
+- [x] Turn on **Install Security Responses and system files**
 
-- [x] Check **Install application updates from the App Store**
+#### Apple Intelligence & Siri
 
-- [x] Check **Install Security Responses and system files**
+If you do not use these features on macOS, you should disable them:
+
+- [ ] Turn off **Apple Intelligence**
+- [ ] Turn off **Siri**
+
+**[Apple Intelligence](https://apple.com/legal/privacy/data/en/intelligence-engine)** is only available if your device supports it. Apple Intelligence uses a combination of on-device processing and their [Private Cloud Compute](https://security.apple.com/blog/private-cloud-compute) for things that take more processing power than your device can provide.
+
+To see a report of all the data sent via Apple Intelligence, you can navigate to **Privacy & Security** → **Apple Intelligence Report** and press **Export Activity** to see activity from the either the last 15 minutes or 7 days, depending on what you set it for. Similar to the **App Privacy Report** which shows you the recent permissions accessed by the apps on your phone, the Apple Intelligence Report likewise shows what is being sent to Apple's servers while using Apple Intelligence.
+
+By default, ChatGPT integration is disabled. If you don't want ChatGPT integration anymore, you can navigate to **ChatGPT**:
+
+- [ ] Turn off **Use ChatGPT**
+
+You can also have it ask for confirmation every time if you leave ChatGPT integration on:
+
+- [x] Turn on **Confirm Requests**
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+Any request made with ChatGPT will be sent to ChatGPT's servers, there is no on-device processing and no PCC like with Apple Intelligence.
+
+</div>
 
 #### Privacy & Security
 
@@ -99,25 +121,17 @@ Whenever an application requests a permission, it will show up here. You can dec
 
 You can individually allow location services per-app. If you don't need apps to use your location, turning off location services entirely is the most private option.
 
-- [ ] Uncheck **Location Services**
+- [ ] Turn off **Location Services**
 
 ##### Analytics & Improvements
 
-Decide whether you want to share analytics data with Apple and developers.
-
-- [ ] Uncheck **Share Mac Analytics**
-
-- [ ] Uncheck **Improve Siri & Dictation**
-
-- [ ] Uncheck **Share with app developers**
-
-- [ ] Uncheck **Share iCloud Analytics** (visible if you are signed in to iCloud)
+Decide whether you want to share analytics data with Apple and app developers.
 
 ##### Apple Advertising
 
 Decide whether you want personalized ads based on your usage.
 
-- [ ] Uncheck **Personalized Ads**
+- [ ] Turn off **Personalized Ads**
 
 ##### FileVault
 
@@ -129,19 +143,19 @@ On older Intel-based Mac computers, FileVault is the only form of disk encryptio
 
 ##### Lockdown Mode
 
-[Lockdown Mode](https://blog.privacyguides.org/2022/10/27/macos-ventura-privacy-security-updates/#lockdown-mode) disables some features in order to improve security. Some apps or features won't work the same way they do when it's off, for example, [JIT](https://hacks.mozilla.org/2017/02/a-crash-course-in-just-in-time-jit-compilers) and [WASM](https://developer.mozilla.org/docs/WebAssembly) are disabled in Safari with Lockdown Mode enabled. We recommend enabling Lockdown Mode and seeing whether it significantly impacts your usage, many of the changes it makes are easy to live with.
+**[Lockdown Mode](https://support.apple.com/guide/mac-help/lock-mac-targeted-a-cyberattack-ibrw66f4e191/mac)** disables some features in order to improve security. Some apps or features won't work the same way they do when it's off. For example, Javascript Just-In-Time ([JIT](https://hacks.mozilla.org/2017/02/a-crash-course-in-just-in-time-jit-compilers)) compilation and [WebAssembly](https://developer.mozilla.org/docs/WebAssembly) are disabled in Safari with Lockdown Mode enabled. We recommend enabling Lockdown Mode and seeing whether it significantly impacts daily usage.
 
 - [x] Click **Turn On**
 
 ### MAC Address Randomization
 
-macOS uses a randomized MAC address when performing Wi-Fi scans while disconnected from a network.
+macOS uses a randomized MAC address when [performing Wi-Fi scans](https://support.apple.com/guide/security/privacy-features-connecting-wireless-networks-secb9cb3140c/web) while disconnected from a network.
 
-You can set your MAC address to be randomized per network and rotate occasionally to prevent tracking between networks and on the same network over time.
+You can set your [MAC address to be randomized](https://support.apple.com/en-us/102509) per network and rotate occasionally to prevent tracking between networks and on the same network over time.
 
 Go to **System Settings** → **Network** → **Wi-Fi** → **Details** and set **Private Wi-Fi address** to either **Fixed** if you want a fixed but unique address for the network you're connected to, or **Rotating** if you want it to change over time.
 
-Consider changing your hostname as well, which is another device identifier that's broadcast on the network you're connected to. You may wish to set your hostname to something generic like "MacBook Air", "Laptop", "John's MacBook Pro", or "iPhone" in **System Settings** → **General** → **Sharing**. Some [privacy scripts](https://github.com/sunknudsen/privacy-guides/tree/master/how-to-spoof-mac-address-and-hostname-automatically-at-boot-on-macos#guide) allow you to easily generate hostnames with random names.
+Consider changing your hostname as well, which is another device identifier that's broadcast on the network you're connected to. You may wish to set your hostname to something generic like "MacBook Air", "Laptop", "John's MacBook Pro", or "iPhone" in **System Settings** → **General** → **Sharing**.
 
 ## Security Protections
 
@@ -152,19 +166,19 @@ macOS employs defense in depth by relying on multiple layers of software and har
 <div class="admonition warning" markdown>
 <p class="admonition-title">Warning</p>
 
-macOS allows you to install beta updates. These are unstable and may come with extra telemetry since they're for testing purposes. Because of this, we recommend you avoid beta software in general.
+macOS allows you to install beta updates. These are unstable and may come with [extra telemetry](https://beta.apple.com/privacy) since they're for testing purposes. Because of this, we recommend you avoid beta software in general.
 
 </div>
 
 #### Signed System Volume
 
-macOS's system components are protected in a read-only signed system volume, meaning that neither you nor malware can alter important system files.
+macOS's system components are protected in a read-only [signed system volume](https://support.apple.com/guide/security/signed-system-volume-security-secd698747c9/web), meaning that neither you nor malware can alter important system files.
 
 The system volume is verified while it's running and any data that's not signed with a valid cryptographic signature from Apple will be rejected.
 
 #### System Integrity Protection
 
-macOS sets certain security restrictions that can't be overridden. These are called Mandatory Access Controls, and they form the basis of the sandbox, parental controls, and System Integrity Protection on macOS.
+macOS sets certain security restrictions that can't be overridden. These are called [Mandatory Access Controls](https://support.apple.com/guide/security/system-integrity-protection-secb7ea06b49/1/web/1), and they form the basis of the sandbox, parental controls, and [System Integrity Protection](https://support.apple.com/en-us/102149) on macOS.
 
 System Integrity Protection makes critical file locations read-only to protect against modification from malicious code. This is on top of the hardware-based Kernel Integrity Protection that keeps the kernel from being modified in-memory.
 
@@ -172,7 +186,7 @@ System Integrity Protection makes critical file locations read-only to protect a
 
 ##### App Sandbox
 
-On macOS, whether an app is sandboxed is determined by the developer when they sign it. The App Sandbox protects against vulnerabilities in the apps you run by limiting what a malicious actor can access in the event that the app is exploited. The App Sandbox *alone* can't protect against [:material-package-variant-closed-remove: Supply Chain Attacks](../basics/common-threats.md#attacks-against-certain-organizations){ .pg-viridian } by malicious developers. For that, sandboxing needs to be enforced by someone other than the developer themselves, as it is on the App Store.
+On macOS, whether an app is sandboxed is determined by the developer when they sign it. The [App Sandbox](https://developer.apple.com/documentation/xcode/configuring-the-macos-app-sandbox) protects against vulnerabilities in the apps you run by limiting what a malicious actor can access in the event that the app is exploited. The App Sandbox *alone* can't protect against [:material-package-variant-closed-remove: Supply Chain Attacks](../basics/common-threats.md#attacks-against-certain-organizations){ .pg-viridian } by malicious developers. For that, sandboxing needs to be enforced by someone other than the developer themselves, as it is on the [App Store](https://support.apple.com/guide/security/gatekeeper-and-runtime-protection-sec5599b66df/1/web/1#:~:text=All%20apps%20from%20the%20App%20Store%20are%20sandboxed%20to%20restrict%20access%20to%20data%20stored%20by%20other%20apps.).
 
 <div class="admonition warning" markdown>
 <p class="admonition-title">Warning</p>
@@ -224,7 +238,7 @@ You can enable a column in Activity Monitor called "Restricted" which is a flag
 
 ##### Antivirus
 
-macOS comes with two forms of malware defense:
+macOS comes with two forms of [malware defense](https://support.apple.com/guide/security/protecting-against-malware-sec469d47bd8/1/web/1):
 
 1. Protection against launching malware in the first place is provided by the App Store's review process for App Store applications, or *Notarization* (part of *Gatekeeper*), a process where third-party apps are scanned for known malware by Apple before they are allowed to run. Apps are required to be signed by the developers using a key given to them by Apple. This ensures that you are running software from the real developers. Notarization also requires that developers enable the Hardened Runtime for their apps, which limits methods of exploitation.
 2. Protection against other malware and remediation from existing malware on your system is provided by *XProtect*, a more traditional antivirus software built-in to macOS.
@@ -233,7 +247,7 @@ We recommend against installing third-party antivirus software as they typically
 
 ##### Backups
 
-macOS comes with automatic backup software called [Time Machine](https://support.apple.com/HT201250), so you can create encrypted backups to an external drive or a network drive in the event of corrupted/deleted files.
+macOS comes with automatic backup software called [Time Machine](https://support.apple.com/HT201250), so you can create [encrypted backups](https://support.apple.com/guide/mac-help/keep-your-time-machine-backup-disk-secure-mh21241/mac) to an external drive or a network drive in the event of corrupted/deleted files.
 
 ### Hardware Security
 
@@ -241,21 +255,21 @@ Many modern security features in macOS—such as modern Secure Boot, hardware-le
 
 Some of these modern security features are available on older Intel-based Mac computers with the Apple T2 Security Chip, but that chip is susceptible to the *checkm8* exploit which could compromise its security.
 
-If you use Bluetooth accessories such as a keyboard, we recommend that you use official Apple ones as their firmware will automatically be updated for you by macOS. Using third party accessories is fine, but you should remember to install firmware updates for them regularly.
+If you use Bluetooth accessories such as a keyboard, we recommend that you use official Apple ones as their firmware will [automatically be updated](https://support.apple.com/en-us/120303#:~:text=Firmware%20updates%20are%20automatically%20delivered%20in%20the%20background%20while%20the%20Magic%20Keyboard%20is%20actively%20paired%20to%20a%20device%20running%20macOS%2C%20iOS%2C%20iPadOS%2C%20or%20tvOS.) for you by macOS. Using third party accessories is fine, but you should remember to install firmware updates for them regularly.
 
-Apple's SoCs focus on minimizing attack surface by relegating security functions to dedicated hardware with limited functionality.
+Apple's SoCs focus on [minimizing attack surface](https://support.apple.com/en-vn/guide/security/secf020d1074/web#:~:text=Security%2Dfocused%20hardware%20follows%20the%20principle%20of%20supporting%20limited%20and%20discretely%20defined%20functions%20to%20minimize%20attack%20surface.) by relegating security functions to dedicated hardware with limited functionality.
 
 #### Boot ROM
 
-macOS prevents malware persistence by only allowing official Apple software to run at boot time; this is known as secure boot. Mac computers verify this with a bit of read-only memory on the SoC called the boot ROM, which is laid down during the manufacturing of the chip.
+macOS prevents malware persistence by only allowing official Apple software to run at boot time; this is known as [secure boot](https://support.apple.com/en-vn/guide/security/secac71d5623/1/web/1). Mac computers verify this with a bit of read-only memory on the SoC called the [boot ROM](https://support.apple.com/en-vn/guide/security/aside/sec5240db956/1/web/1), which is [laid down during the manufacturing of the chip](https://support.apple.com/en-vn/guide/security/secf020d1074/1/web/1#:~:text=which%20is%20laid%20down%20during%20Apple%20SoC%20fabrication).
 
-The boot ROM forms the hardware root of trust. This ensures that malware cannot tamper with the boot process. When your Mac boots up, the boot ROM is the first thing that runs, forming the first link in the chain of trust.
+The boot ROM forms the hardware root of trust. This ensures that malware cannot tamper with the boot process, since the boot ROM is immutable. When your Mac boots up, the boot ROM is the first thing that runs, forming the first link in the chain of trust.
 
-Mac computers can be configured to boot in three security modes: *Full Security*, *Reduced Security*, and *Permissive Security*, with the default setting being Full Security. You should ideally be using Full Security mode and avoid things like **kernel extensions** that force you to lower your security mode. Make sure to [check](https://support.apple.com/guide/mac-help/change-security-settings-startup-disk-a-mac-mchl768f7291/mac) that you're using Full Security mode.
+Mac computers can be configured to boot in [three security modes](https://support.apple.com/guide/deployment/startup-security-dep5810e849c/web#dep32fb404e1): *Full Security*, *Reduced Security*, and *Permissive Security*, with the default setting being Full Security. You should ideally be using Full Security mode and avoid things like **[kernel extensions](https://support.apple.com/guide/deployment/system-extensions-in-macos-depa5fb8376f/web#dep51e097f45)** that force you to lower your security mode. Make sure to [check](https://support.apple.com/guide/mac-help/change-security-settings-startup-disk-a-mac-mchl768f7291/mac) that you're using Full Security mode.
 
 #### Secure Enclave
 
-The Secure Enclave is a security chip built into devices with Apple Silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
+The **[Secure Enclave](https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/web)** is a security chip built into devices with Apple Silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own [separate boot ROM](https://support.apple.com/en-vn/guide/security/sec59b0b31ff/web#sec43006c49f).
 
 You can think of the Secure Enclave as your device's security hub: it has an AES encryption engine and a mechanism to securely store your encryption keys, and it's separated from the rest of the system, so even if the main processor is compromised, it should still be safe.
 
@@ -263,17 +277,21 @@ You can think of the Secure Enclave as your device's security hub: it has an AES
 
 Apple's Touch ID feature allows you to securely unlock your devices using biometrics.
 
-Your biometric data never leaves your device; it's stored only in the Secure Enclave.
+Your biometric data [never leaves your device](https://www.apple.com/legal/privacy/data/en/touch-id/#:~:text=Touch%C2%A0ID%20data%20does%20not%20leave%20your%20device%2C%20and%20is%20never%20backed%20up%20to%20iCloud%20or%20anywhere%20else.); it's stored only in the Secure Enclave.
 
 #### Hardware Microphone Disconnect
 
-All laptops with Apple Silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
+All laptops with Apple Silicon or the T2 chip feature a [hardware disconnect](https://support.apple.com/guide/security/hardware-microphone-disconnect-secbbd20b00b/web) for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
 
 Note that the camera does not have a hardware disconnect, since its view is obscured when the lid is closed anyway.
 
+#### Secure Camera Indicator
+
+The built-in camera in a Mac is designed so that the camera can't turn on without the camera indicator light [also turning on](https://support.apple.com/en-us/102177#:~:text=The%20camera%20is%20engineered%20so%20that%20it%20can’t%20activate%20without%20the%20camera%20indicator%20light%20also%20turning%20on.%20This%20is%20how%20you%20can%20tell%20if%20your%20camera%20is%20on.).
+
 #### Peripheral Processor Security
 
-Computers have built-in processors other than the main CPU that handle things like networking, graphics, power management, etc. These processors can have insufficient security and become compromised, therefore Apple tries to minimize the need for these processors in their hardware.
+Computers have [built-in processors](https://support.apple.com/en-vn/guide/security/seca500d4f2b/1/web/1) other than the main CPU that handle things like networking, graphics, power management, etc. These processors can have insufficient security and become compromised, therefore Apple tries to minimize the need for these processors in their hardware.
 
 When it is necessary to use one of these processors, Apple works with the vendor to ensure that the processor
 
@@ -286,8 +304,8 @@ When it is necessary to use one of these processors, Apple works with the vendor
 
 #### Direct Memory Access Protections
 
-Apple Silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
+Apple Silicon separates each component that requires [direct memory access](https://support.apple.com/guide/security/direct-memory-access-protections-seca4960c2b5/1/web/1). For example, a Thunderbolt port can't access memory designated for the kernel.
 
-## Sources
+#### Terminal Secure Keyboard Entry
 
-- [Apple Platform Security](https://support.apple.com/guide/security/welcome/web)
+Enable [Secure Keyboard Entry](https://support.apple.com/guide/terminal/use-secure-keyboard-entry-trml109/mac) to prevent other apps from detecting what you type in the terminal.

docs/photo-management.md

@@ -44,28 +44,6 @@ The free plan offers 10 GB of storage as long as you use the service at least o
 
 Ente Photos underwent an audit by [Cure53](https://ente.io/blog/cryptography-audit) in March 2023 and by [Fallible](https://ente.io/reports/Fallible-Audit-Report-19-04-2023.pdf) in April 2023.
 
-## PhotoPrism
-
-<div class="admonition recommendation" markdown>
-
-![PhotoPrism logo](assets/img/photo-management/photoprism.svg){ align=right }
-
-**PhotoPrism** is a self-hostable platform for managing photos. It supports album syncing and sharing as well as a variety of other [features](https://photoprism.app/features). It does not include E2EE, so it's best hosted on a server that you trust and is under your control.
-
-[:octicons-home-16: Homepage](https://photoprism.app){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://photoprism.app/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://photoprism.app/kb){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/photoprism){ .card-link title="Source Code" }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-github: GitHub](https://github.com/photoprism)
-
-</details>
-
-</div>
-
 ## Criteria
 
 **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.

docs/privacy.md

@@ -16,6 +16,8 @@ This privacy notice covers all Privacy Guides projects authorized and operated b
 
 Please note that when you make a donation to us on [donate.magicgrants.org](https://donate.magicgrants.org/privacyguides), MAGIC Grants has published a [separate privacy policy](https://donate.magicgrants.org/privacy) covering that platform.
 
+Additionally, when you browse or make a purchase on [shop.privacyguides.org](https://shop.privacyguides.org/), this is a third-party service provided by Fourthwall. Fourthwall has published a [separate privacy policy](https://shop.privacyguides.org/pages/privacy-policy) covering that platform.
+
 ## How does Privacy Guides collect data about me?
 
 Privacy Guides collects data about you:
@@ -24,8 +26,9 @@ Privacy Guides collects data about you:
 - When you create and use an account on our websites
 - When you post, send private messages, and otherwise participate in a community that Privacy Guides hosts
 - When you sign up for a mailing list, email notifications, or announcements
+- When you become a donating member
 - When you make a donation to us on GitHub Sponsors
-- When you become a donating member and link your MAGIC Grants account to your Privacy Guides forum account
+- When you link your MAGIC Grants account to your Privacy Guides forum account
 - When you contribute to our website or other open-source projects
 - When you contact us
 
@@ -72,9 +75,9 @@ You may optionally provide additional details about your account, like your name
 
 Privacy Guides stores this account data as long as your account remains open.
 
-### Privacy Guides collects data about posts and other activity on our forum
+### Privacy Guides collects data about posts and other activity
 
-Privacy Guides collects the content of your posts, plus data about bookmarks, likes, and links you follow in order to share that data with others, through the forum. We also publish this activity to the public.
+Privacy Guides collects the content of your posts throughout our websites, plus data about bookmarks, likes, and links you follow in order to share that data with others. We also publish this activity to the public when you request it.
 
 Privacy Guides also collects data about private messages that you send through the forum. Privacy Guides makes private messages available to senders and their recipients, and also to forum moderators and administrators.
 
@@ -98,17 +101,29 @@ Privacy Guides uses this information to maintain the integrity of our website, s
 
 ### Privacy Guides collects data when you donate to us
 
+#### When you subscribe to a membership on privacyguides.org
+
+When you donate to us through our [membership program](#/portal), we collect your email address. Your payment information is also collected by our payment processor Stripe in order to facilitate the transaction. You can also optionally provide your name, which is used to personalize your experience, and can be removed or changed in your [profile settings](#/portal/account/profile) at any time.
+
+If your membership and newsletter subscription matches an email address associated with an account on our forum, we will link your membership status to your forum account. This allows you to receive special perks on the forum, such as a members-only title or flair, and access to members-only categories.
+
+If the Member title or Member flair is enabled on your forum profile, Privacy Guides will share your username and profile picture on our websites for the purposes of acknowledging your donation to the project. You may revoke this consent at any time by removing the title and flair from your public profile, and we will no longer share your donation status publicly. This will not affect your access to members-only benefits. It may take until the next website release for your data to be removed from public visibility.
+
+#### When you donate to us via GitHub Sponsors
+
 When you donate to us on GitHub Sponsors, we collect your GitHub username and profile picture. Your payment information is also collected by our subprocessors GitHub and Stripe in order to facilitate the transaction.
 
 If you choose to make your donation public during or after the checkout process on GitHub, Privacy Guides will share your username and profile picture on our websites for the purposes of fulfilling your request. You may revoke this consent at any time, and we will no longer share your donation status publicly. It may take until the next website release for your data to be removed from public visibility.
 
+#### When you subscribe to a membership or donate to us on donate.magicgrants.org
+
 When you donate to us on [donate.magicgrants.org](https://donate.magicgrants.org/privacyguides), a [separate privacy policy](https://donate.magicgrants.org/privacy) applies as noted at the beginning of this document.
 
 However, if you optionally link your `donate.magicgrants.org` account to your Privacy Guides forum account, our forum collects some personal data which is covered by this notice: namely your forum username and whether you have an active membership.
 
-We process that information in order to grant you special perks on the forum. Additionally, if you choose to make this status public by setting a members-only title or flair, we will share the status of your active membership on our websites.
+We process that information in order to grant you special perks on the forum. Additionally, if you choose to make this status public by setting a members-only title or flair, we will share the status of your active membership on our websites. You may revoke this consent at any time by removing the title and flair from your public profile, and we will no longer share your donation status publicly. This will not affect your access to members-only benefits. It may take until the next website release for your data to be removed from public visibility.
 
-This information is stored for as long as your membership is active, or until you unlink your forum and MAGIC Grants donation accounts in your profile settings. It may take until the next website release for your data to be fully removed from public visibility.
+This information is stored for as long as your membership is active, or until you unlink your forum and MAGIC Grants donation accounts in your profile settings.
 
 ### Privacy Guides collects data when you contact us
 
@@ -124,7 +139,16 @@ Our website uses Local Storage in your browser to store your color scheme prefer
 
 Our website also uses Session Storage to cache the current version number of this website and the number of stars/forks of our GitHub repository. This data is fetched once per session from GitHub, and is only used by client-side JavaScript to display that information at the top of each page.
 
-No locally stored data on this website is transmitted to Privacy Guides, and it can not be used to identify you.
+### The Privacy Guides website uses cookies
+
+Our website uses features from the open-source Ghost content management system to manage your membership experience, which uses the following cookies:
+
+| Name                  | Essential | Expires        | Purpose                                                                       |
+| --------------------- | --------- | -------------- | ----------------------------------------------------------------------------- |
+| ghost-members-ssr     | Yes       | 6 months       | used to identify your membership on the website                               |
+| ghost-members-ssr.sig | Yes       | 6 months       | used to validate your membership on the website                               |
+| __stripe_sid          | Yes       | 1 year         | [Stripe](#subprocessors-used-by-privacy-guides) allows online transactions without storing any credit card information |
+| __stripe_mid          | Yes       | 1 year         | [Stripe](#subprocessors-used-by-privacy-guides) allows online transactions without storing any credit card information |
 
 ### The Privacy Guides forum uses cookies
 
@@ -218,7 +242,7 @@ The lawful basis for our processing determines what rights are available to you
 | [Open source contributions](#privacy-guides-collects-data-about-open-source-contributors) | Email address, name, GitHub profile information, other information provided via Git | **Legitimate interest** | We have a legitimate interest in tracking the provenance of contributions to our open source projects to prevent abuse and ensure intellectual property rights are respected |
 | [Donations](#privacy-guides-collects-data-when-you-donate-to-us) | Payment information including billing address and email, GitHub profile information | **Legitimate interest** | We have a legitimate interest in processing this data to prevent payment abuse and fraud, and for facilitating your transaction |
 | [Donations](#privacy-guides-collects-data-when-you-donate-to-us) | GitHub profile information | **Consent** | We process this information to display your donation status publicly in accordance to your wishes |
-| [Donations](#privacy-guides-collects-data-when-you-donate-to-us) | Forum username and membership status | **Consent** | When you link your forum account to your MAGIC Grants donation account, you can optionally display your membership status to the public |
+| [Donations](#privacy-guides-collects-data-when-you-donate-to-us) | Forum username and membership status | **Consent** | When your membership is linked to your forum account, you can optionally display your membership status to the public |
 | [Contacting us](#privacy-guides-collects-data-when-you-contact-us) | Email address, mail server IP, message content | **Legitimate interest** | We have a legitimate interest in processing incoming email information to prevent spam and network abuse |
 | [Contacting us](#privacy-guides-collects-data-when-you-contact-us) | Email address, message headers and content | **Contract** | We store your messages and process your data in order to provide a response to your communication |
 | [Backups](#privacy-guides-makes-regular-backups-of-all-data) | All personal information we collect | **Legitimate interest** | We store complete backups to ensure organizational continuity and security for up to 30 days |
@@ -294,7 +318,8 @@ Privacy Guides uses the following subprocessors, and may share personal data wit
 | [GitHub](https://github.com) (USA) | Git Repositories | *For visitors to this website*: sharing information with our visitors about the current release, repo star count, etc. | USA | [Privacy Notice](https://docs.github.com/en/site-policy/privacy-policies/github-general-privacy-statement) |
 | [GitHub](https://github.com) (USA) | Git Repositories, Issues, Pull Requests | *For contributors to this website*: hosting our source code and communications platforms such as our issues tracker. | USA | [Privacy Notice](https://docs.github.com/en/site-policy/privacy-policies/github-general-privacy-statement) |
 | [GitHub](https://github.com) (USA) | [Sponsors](https://github.com/sponsors/privacyguides) | For collecting payments for gifts to Privacy Guides | USA | [Privacy Notice](https://docs.github.com/en/site-policy/privacy-policies/github-general-privacy-statement) |
-| [Stripe](https://stripe.com) (USA) | Connect | *For certain donations via GitHub Sponsors*: payment processing for donations | USA | [Privacy Notice](https://stripe.com/privacy), [GDPR Center](https://stripe.com/legal/privacy-center) |
+| [Mailgun](https://www.mailgun.com) (USA) | Email Delivery | For sending newsletters and other email messages to users | USA | [Privacy Notice](https://www.mailgun.com/privacy-policy), [GDPR Center](https://www.mailgun.com/gdpr) |
+| [Stripe](https://stripe.com) (USA) | Connect | Payment processing for donations | USA | [Privacy Notice](https://stripe.com/privacy), [GDPR Center](https://stripe.com/legal/privacy-center) |
 | [Triplebit](https://www.triplebit.org) (USA) | Object Storage | For hosting static websites and static media content, and distributing static content | USA, Poland | [Privacy Notice](https://www.triplebit.org/privacy) |
 | [Triplebit](https://www.triplebit.org) (USA) | [Umami Statistics](https://stats.triplebit.net/share/S80jBc50hxr5TquS/www.privacyguides.org) | For compiling aggregated statistics of our website visitor data based on server-side visitor info submissions | USA | [Privacy Notice](https://www.triplebit.org/privacy) |
 | [Triplebit](https://www.triplebit.org) (USA) | Virtual Private Servers | For hosting our dynamic websites, storing and processing personal data. | USA | [Privacy Notice](https://www.triplebit.org/privacy) |
@@ -313,7 +338,7 @@ For complaints under GDPR more generally, you always have the option to lodge co
 
 ## Where do I find out about changes?
 
-This version of Privacy Guides' privacy notice took effect on March 6, 2025.
+This version of Privacy Guides' privacy notice took effect on September 24, 2025.
 
 Privacy Guides will post the next version here: <https://www.privacyguides.org/en/privacy/>.
 

docs/real-time-communication.md

@@ -122,6 +122,7 @@ Both versions of Molly provide the same security improvements and support [repro
 - [:fontawesome-brands-windows: Windows](https://simplex.chat/downloads/#desktop-app)
 - [:simple-apple: macOS](https://simplex.chat/downloads/#desktop-app)
 - [:simple-linux: Linux](https://simplex.chat/downloads/#desktop-app)
+- [:simple-flathub: Flathub](https://flathub.org/en/apps/chat.simplex.simplex)
 
 </details>
 

docs/security-keys.md

@@ -1,5 +1,5 @@
 ---
-title: "Security Keys"
+title: Security Keys
 icon: material/key-chain
 description: These security keys provide a form of phishing-immune authentication for accounts that support it.
 cover: multi-factor-authentication.webp
@@ -9,7 +9,7 @@ cover: multi-factor-authentication.webp
 - [:material-target-account: Targeted Attacks](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red }
 - [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange }
 
-A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multifactor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
+A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the [FIDO2](basics/multi-factor-authentication.md#fido-fast-identity-online) security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multifactor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
 
 ## Yubico Security Key
 
@@ -19,7 +19,7 @@ A physical **security key** adds a very strong layer of protection to your onlin
   ![Security Key Series by Yubico](assets/img/security-keys/yubico-security-key.webp){ width="315" }
 </figure>
 
-The **Yubico Security Key** series is the most cost-effective hardware security key with FIDO Level 2 certification[^1]. It supports FIDO2/WebAuthn and FIDO U2F, and works out of the box with most services that support a security key as a second factor, as well as many password managers.
+The **Yubico Security Key** series is the most cost-effective hardware security key with FIDO Level 2 certification[^1]. It supports FIDO2/WebAuthn and FIDO Universal 2nd Factor (U2F), and works out of the box with most services that support a security key as a second factor, as well as many password managers.
 
 [:octicons-home-16: Homepage](https://yubico.com/products/security-key){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://yubico.com/support/terms-conditions/privacy-notice){ .card-link title="Privacy Policy" }
@@ -34,10 +34,10 @@ These keys are available in both USB-C and USB-A variants, and both options supp
 This key provides only basic FIDO2 functionality, but for most people that is all you will need. Some notable features the Security Key series does **not** have include:
 
 - [Yubico Authenticator](https://yubico.com/products/yubico-authenticator)
-- CCID Smart Card support (PIV-compatibile)
+- CCID Smart Card support (PIV-compatible)
 - OpenPGP
 
-If you need any of those features, you should consider their higher-end [YubiKey](#yubikey) of products instead.
+If you need any of those features, you should consider their higher-end [YubiKey](#yubikey) series instead.
 
 <div class="admonition warning" markdown>
 <p class="admonition-title">Warning</p>
@@ -54,7 +54,7 @@ The firmware of Yubico's Security Keys is not updatable. If you want features in
   ![YubiKeys](assets/img/security-keys/yubikey.png){ width="400" }
 </figure>
 
-The **YubiKey** series from Yubico are among the most popular security keys with FIDO Level 2 Certification[^1]. The YubiKey 5 Series has a wide range of features such as [Universal 2nd Factor (U2F)](https://en.wikipedia.org/wiki/Universal_2nd_Factor), [FIDO2 and WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online), [Yubico OTP](basics/multi-factor-authentication.md#yubico-otp), [Personal Identity Verification (PIV)](https://developers.yubico.com/PIV), [OpenPGP](https://developers.yubico.com/PGP), and [TOTP and HOTP](https://developers.yubico.com/OATH) authentication.
+The **YubiKey** series from Yubico are among the most popular security keys with FIDO Level 2 Certification[^1]. The **YubiKey 5 Series** has a wide range of features such as FIDO2/WebAuthn and FIDO U2F, [TOTP and HOTP](https://developers.yubico.com/OATH) authentication, [Personal Identity Verification (PIV)](https://developers.yubico.com/PIV), and [OpenPGP](https://developers.yubico.com/PGP).
 
 [:octicons-home-16: Homepage](https://yubico.com/products/yubikey-5-overview){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://yubico.com/support/terms-conditions/privacy-notice){ .card-link title="Privacy Policy" }
@@ -68,7 +68,7 @@ The [comparison table](https://yubico.com/store/compare) shows how the YubiKeys
 
 YubiKeys can be programmed using the [YubiKey Manager](https://yubico.com/support/download/yubikey-manager) or [YubiKey Personalization Tools](https://yubico.com/support/download/yubikey-personalization-tools). For managing TOTP codes, you can use the [Yubico Authenticator](https://yubico.com/products/yubico-authenticator). All of Yubico's clients are open source.
 
-For models which support HOTP and TOTP, there are 2 slots in the OTP interface which could be used for HOTP and 32 slots to store TOTP secrets. These secrets are stored encrypted on the key and never exposed to the devices they are plugged into. Once a seed (shared secret) is given to the Yubico Authenticator, it will only give out the six-digit codes, but never the seed. This security model helps limit what an attacker can do if they compromise one of the devices running the Yubico Authenticator and make the YubiKey resistant to a physical attacker.
+For models which [support HOTP and TOTP](https://support.yubico.com/hc/articles/360013790319-How-many-accounts-can-I-register-my-YubiKey-with), the secrets are stored encrypted on the key and never exposed to the devices they are plugged into. Once a seed (shared secret) is given to the Yubico Authenticator, it will only give out the six-digit codes, but never the seed. This security model helps limit what an attacker can do if they compromise one of the devices running the Yubico Authenticator and make the YubiKey resistant to a physical attacker.
 
 <div class="admonition warning" markdown>
 <p class="admonition-title">Warning</p>
@@ -85,7 +85,7 @@ The firmware of YubiKey is not updatable. If you want features in newer firmware
   ![Nitrokey](assets/img/security-keys/nitrokey.jpg){ width="300" }
 </figure>
 
-The **Nitrokey 3A Mini** [has FIDO Authenticator Level 1 Certification](https://www.nitrokey.com/news/2024/nitrokey-3a-mini-receives-official-fido2-certification). The Nitrokey 3 Series in general has a wide range of features such as [Universal 2nd Factor (U2F)](https://en.wikipedia.org/wiki/Universal_2nd_Factor), [FIDO2 and WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online), Personal Identity Verification (PIV), OpenPGP, and TOTP and HOTP authentication.
+**Nitrokey** has a cost-effective security key capable of FIDO2/WebAuthn and FIDO U2F called the **Nitrokey Passkey**. For support for features such as PIV, OpenPGP, and TOTP and HOTP authentication, you need to purchase one of their other keys like the **Nitrokey 3**. Currently, only the **Nitrokey 3A Mini** has [FIDO Level 1 Certification](https://nitrokey.com/news/2024/nitrokey-3a-mini-receives-official-fido2-certification).
 
 [:octicons-home-16: Homepage](https://nitrokey.com){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://nitrokey.com/data-privacy-policy){ .card-link title="Privacy Policy" }
@@ -95,26 +95,14 @@ The **Nitrokey 3A Mini** [has FIDO Authenticator Level 1 Certification](https://
 
 </div>
 
-The [comparison table](https://nitrokey.com/products/nitrokeys) shows how the different Nitrokey models compare to each other in terms of features and other specifications.
+The [comparison table](https://nitrokey.com/products/nitrokeys#:~:text=The%20Nitrokey%20Family) shows how the different Nitrokey models compare to each other in terms of features and other specifications. Refer to Nitrokey's [documentation](https://docs.nitrokey.com/nitrokeys/features) for more details about the features available on your Nitrokey.
 
 Nitrokey models can be configured using the [Nitrokey app](https://nitrokey.com/download).
 
-The Nitrokey 3 Series can act as a password manager. They can store up to 50 different entries, and each entry can contain login, password, comment and OTP.
-
 <div class="admonition warning" markdown>
 <p class="admonition-title">Warning</p>
 
-Excluding the Nitrokey 3, Nitrokeys with HOTP and TOTP storage do not have it encrypted, making them vulnerable to physical attacks.
-
-</div>
-
-**Nitrokey** also has the **Nitrokey Passkey**, a lower-price security key capable of [FIDO2 and WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online). This key provides only basic FIDO2 functionality, but for most people that is all you will need. Some notable features the Security Key series does **not** have include:
-
-- Password Manager
-- PIV
-- OpenPGP
-- Tamper-resistant smart card
-- TOTP and HOTP
+Excluding the Nitrokey 3, Nitrokeys which support HOTP and TOTP do not have encrypted storage, making them vulnerable to physical attacks.
 
 </div>
 

docs/self-hosting/file-management.md

@@ -0,0 +1,81 @@
+---
+title: File Management
+meta_title: "Self-Hosting File Management Tools - Privacy Guides"
+icon: material/file-multiple-outline
+description: For our more technical readers, self-hosting file management tools can provide additional privacy assurances by having maximum control over your data.
+cover: cloud.webp
+---
+<small>Protects against the following threat(s):</small>
+
+- [:material-server-network: Service Providers](../basics/common-threats.md#privacy-from-service-providers){ .pg-teal }
+
+Self-hosting your own **file management** tools may be a good idea to reduce the risk of encryption flaws in a cloud provider's native clients.
+
+## Photo Management
+
+### PhotoPrism
+
+<div class="admonition recommendation" markdown>
+
+![PhotoPrism logo](../assets/img/self-hosting/photoprism.svg){ align=right }
+
+**PhotoPrism** is a platform for managing photos. It supports album syncing and sharing as well as a variety of other [features](https://photoprism.app/features). It does not include end-to-end encryption, so it's best hosted on a server that you trust and is under your control.
+
+[:octicons-home-16: Homepage](https://photoprism.app){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://photoprism.app/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://photoprism.app/kb){ .card-link title="Documentation" }
+[:octicons-code-16:](https://github.com/photoprism){ .card-link title="Source Code" }
+
+</div>
+
+## File Sharing and Sync
+
+### FreedomBox
+
+<div class="admonition recommendation" markdown>
+
+![FreedomBox logo](../assets/img/self-hosting/freedombox.svg){ align=right }
+
+**FreedomBox** is an operating system designed to be run on a [single-board computer (SBC)](https://en.wikipedia.org/wiki/Single-board_computer). The purpose is to make it easy to set up server applications for use cases like sharing files.
+
+[:octicons-home-16: Homepage](https://freedombox.org){ .md-button .md-button--primary }
+[:octicons-info-16:](https://wiki.debian.org/FreedomBox/Manual){ .card-link title="Documentation" }
+[:octicons-code-16:](https://salsa.debian.org/freedombox-team/freedombox){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://freedomboxfoundation.org/donate){ .card-link title="Contribute" }
+
+</div>
+
+### Nextcloud
+
+<div class="admonition recommendation" markdown>
+
+![Nextcloud logo](../assets/img/self-hosting/nextcloud.svg){ align=right }
+
+**Nextcloud** is a suite of free and open-source client-server software for creating your own file hosting services on a private server you control.
+
+[:octicons-home-16: Homepage](https://nextcloud.com){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://nextcloud.com/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://nextcloud.com/support){ .card-link title="Documentation" }
+[:octicons-code-16:](https://github.com/nextcloud){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://nextcloud.com/contribute){ .card-link title="Contribute" }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.nextcloud.client)
+- [:simple-appstore: App Store](https://apps.apple.com/app/id1125420102)
+- [:simple-github: GitHub](https://github.com/nextcloud/android/releases)
+- [:fontawesome-brands-windows: Windows](https://nextcloud.com/install/#install-clients)
+- [:simple-apple: macOS](https://nextcloud.com/install/#install-clients)
+- [:simple-linux: Linux](https://nextcloud.com/install/#install-clients)
+
+</details>
+
+</div>
+
+<div class="admonition danger" markdown>
+<p class="admonition-title">Danger</p>
+
+We don't recommend using the [E2EE App](https://apps.nextcloud.com/apps/end_to_end_encryption) for Nextcloud as it may lead to data loss; it is highly experimental and not production quality. For this reason, we don't recommend third-party Nextcloud providers.
+
+</div>

docs/self-hosting/index.md

@@ -12,6 +12,17 @@ cover: router.webp
 
 Self-hosting your own solutions requires advanced technical knowledge and a deep understanding of the associated risks. By becoming the host for yourself and possibly others, you take on responsibilities you might not otherwise have. Self-hosting privacy software improperly can leave you worse off than using e.g. an end-to-end encrypted service provider, so it is best avoided if you are not already comfortable doing so.
 
+## :material-dns: DNS Filtering
+
+<div class="grid cards" markdown>
+
+- ![AdGuard Home logo](../assets/img/self-hosting/adguard-home.svg){ .twemoji loading=lazy } [AdGuard Home](dns-filtering.md#adguard-home)
+- ![Pi-Hole logo](../assets/img/self-hosting/pi-hole.svg){ .twemoji loading=lazy } [Pi-Hole](dns-filtering.md#pi-hole)
+
+</div>
+
+[Learn more :material-arrow-right-drop-circle:](dns-filtering.md)
+
 ## :material-email: Email Servers
 
 <div class="grid cards" markdown>
@@ -24,16 +35,17 @@ Self-hosting your own solutions requires advanced technical knowledge and a deep
 
 [Learn more :material-arrow-right-drop-circle:](email-servers.md)
 
-## :material-dns: DNS Filtering
+## :material-file-multiple-outline: File Management
 
 <div class="grid cards" markdown>
 
-- ![AdGuard Home logo](../assets/img/self-hosting/adguard-home.svg){ .twemoji loading=lazy } [AdGuard Home](dns-filtering.md#adguard-home)
-- ![Pi-Hole logo](../assets/img/self-hosting/pi-hole.svg){ .twemoji loading=lazy } [Pi-Hole](dns-filtering.md#pi-hole)
+- ![PhotoPrism logo](../assets/img/self-hosting/photoprism.svg){ .twemoji loading=lazy } [PhotoPrism](file-management.md#photoprism)
+- ![FreedomBox logo](../assets/img/self-hosting/freedombox.svg){ .twemoji loading=lazy } [FreedomBox](file-management.md#freedombox)
+- ![Nextcloud logo](../assets/img/self-hosting/nextcloud.svg){ .twemoji loading=lazy } [Nextcloud](file-management.md#nextcloud)
 
 </div>
 
-[Learn more :material-arrow-right-drop-circle:](dns-filtering.md)
+[Learn more :material-arrow-right-drop-circle:](file-management.md)
 
 ## :material-form-textbox-password: Password Management
 
@@ -131,6 +143,14 @@ Tool recommendations in other categories of the website also provide a self-host
 
 <div class="grid cards" markdown>
 
+- ![Peergos logo](../assets/img/cloud/peergos.svg){ .twemoji } [**Peergos**](../cloud.md#peergos)
+
+    ---
+
+    [:octicons-home-16:](https://peergos.org){ .card-link title="Homepage" }
+    [:octicons-info-16:](https://github.com/peergos/peergos#usage---running-locally-to-log-in-to-another-instance){ .card-link title="Admin Documentation" }
+    [:octicons-code-16:](https://github.com/Peergos/Peergos){ .card-link title="Source Code" }
+
 - ![Addy.io logo](../assets/img/email-aliasing/addy.svg){ .twemoji } [**Addy.io**](../email-aliasing.md#addyio)
 
     ---
@@ -147,6 +167,14 @@ Tool recommendations in other categories of the website also provide a self-host
     [:octicons-info-16:](https://github.com/simple-login/app#prerequisites){ .card-link title="Admin Documentation" }
     [:octicons-code-16:](https://github.com/simple-login){ .card-link title="Source Code" }
 
+- ![Ente logo](../assets/img/photo-management/ente.svg){ .twemoji } [**Ente Photos**](../photo-management.md#ente-photos)
+
+    ---
+
+    [:octicons-home-16:](https://ente.io){ .card-link title="Homepage" }
+    [:octicons-info-16:](https://help.ente.io/self-hosting){ .card-link title="Admin Documentation" }
+    [:octicons-code-16:](https://github.com/ente-io/ente){ .card-link title="Source Code" }
+
 - ![CryptPad logo](../assets/img/document-collaboration/cryptpad.svg){ .twemoji } [**CryptPad**](../document-collaboration.md#cryptpad)
 
     ---
@@ -155,6 +183,22 @@ Tool recommendations in other categories of the website also provide a self-host
     [:octicons-info-16:](https://docs.cryptpad.org/en/admin_guide/index.html){ .card-link title="Admin Documentation" }
     [:octicons-code-16:](https://github.com/xwiki-labs/cryptpad){ .card-link title="Source Code" }
 
+- ![Send logo](../assets/img/file-sharing-sync/send.svg){ .twemoji } [**Send**](../file-sharing.md#send)
+
+    ---
+
+    [:octicons-home-16:](https://send.vis.ee){ .card-link title="Homepage" }
+    [:octicons-info-16:](https://github.com/timvisee/send/blob/master/docs/deployment.md){ .card-link title="Admin Documentation" }
+    [:octicons-code-16:](https://github.com/timvisee/send){ .card-link title="Source Code" }
+
+- ![LibreTranslate logo](../assets/img/language-tools/libretranslate.png){ .twemoji } [**LibreTranslate**](../language-tools.md#libretranslate)
+
+    ---
+
+    [:octicons-home-16:](https://libretranslate.com){ .card-link title="Homepage" }
+    [:octicons-info-16:](https://docs.libretranslate.com){ .card-link title="Admin Documentation" }
+    [:octicons-code-16:](https://github.com/LibreTranslate/LibreTranslate){ .card-link title="Source Code" }
+
 - ![Miniflux logo](../assets/img/news-aggregators/miniflux.svg#only-light){ .twemoji }![Miniflux logo](../assets/img/news-aggregators/miniflux-dark.svg#only-dark){ .twemoji } [**Miniflux**](../news-aggregators.md#miniflux)
 
     ---

docs/social-networks.md

@@ -127,9 +127,9 @@ If you used our recommended configuration settings above, you should be posting
 <details class="downloads" markdown>
 <summary>Downloads</summary>
 
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=im.vector.app)
-- [:simple-appstore: App Store](https://apps.apple.com/app/id1083446067)
-- [:simple-github: GitHub](https://github.com/element-hq/element-android/releases)
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=io.element.android.x)
+- [:simple-appstore: App Store](https://apps.apple.com/app/id1631335820)
+- [:simple-github: GitHub](https://github.com/element-hq/element-x-android/releases)
 - [:fontawesome-brands-windows: Windows](https://element.io/download)
 - [:simple-apple: macOS](https://element.io/download)
 - [:simple-linux: Linux](https://element.io/download)

docs/tools.md

@@ -327,7 +327,6 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 <div class="grid cards" markdown>
 
 - ![Ente logo](assets/img/photo-management/ente.svg){ .twemoji loading=lazy } [Ente Photos](photo-management.md#ente-photos)
-- ![PhotoPrism logo](assets/img/photo-management/photoprism.svg){ .twemoji loading=lazy } [PhotoPrism](photo-management.md#photoprism)
 
 </div>
 
@@ -398,7 +397,6 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 <div class="grid cards" markdown>
 
-- ![Nextcloud logo](assets/img/document-collaboration/nextcloud.svg){ .twemoji loading=lazy } [Nextcloud (Self-Hostable)](document-collaboration.md#nextcloud)
 - ![CryptPad logo](assets/img/document-collaboration/cryptpad.svg){ .twemoji loading=lazy } [CryptPad](document-collaboration.md#cryptpad)
 
 </div>
@@ -448,8 +446,6 @@ For encrypting your OS drive, we typically recommend using the encryption tool y
 
 - ![Send logo](assets/img/file-sharing-sync/send.svg){ .twemoji loading=lazy } [Send](file-sharing.md#send)
 - ![OnionShare logo](assets/img/file-sharing-sync/onionshare.svg){ .twemoji loading=lazy } [OnionShare](file-sharing.md#onionshare)
-- ![FreedomBox logo](assets/img/file-sharing-sync/freedombox.svg){ .twemoji loading=lazy } [FreedomBox](file-sharing.md#freedombox)
-- ![Nextcloud logo](assets/img/document-collaboration/nextcloud.svg){ .twemoji loading=lazy } [Nextcloud (Self-Hostable)](file-sharing.md#nextcloud-client-server)
 - ![Syncthing logo](assets/img/file-sharing-sync/syncthing.svg){ .twemoji loading=lazy } [Syncthing](file-sharing.md#syncthing-p2p)
 
 </div>

mkdocs.blog.yml

@@ -221,6 +221,7 @@ nav:
   - !ENV [NAV_RECOMMENDATIONS, "Recommendations"]:
       !ENV [MAIN_SITE_RECOMMENDATIONS_URL, "/en/tools/"]
   - !ENV [NAV_BLOG, "Articles"]:
+      - Latest Posts: !ENV [ARTICLES_SITE_BASE_URL, "index.md"]
       - index.md
       - editorial.md
       - tags.md

mkdocs.yml

@@ -405,8 +405,9 @@ nav:
       - "tools.md"
       - !ENV [NAV_SELF_HOSTING, "Self-Hosting"]:
           - "self-hosting/index.md"
-          - "self-hosting/email-servers.md"
           - "self-hosting/dns-filtering.md"
+          - "self-hosting/email-servers.md"
+          - "self-hosting/file-management.md"
       - !ENV [NAV_INTERNET_BROWSING, "Internet Browsing"]:
           - "tor.md"
           - "desktop-browsers.md"

theme/layouts/blog.yml

@@ -102,6 +102,10 @@ tags:
   article:section: "{{ page.categories[0].title }}"
   article:author: "https://www.privacyguides.org/articles/{{ page.authors[0].url }}"
 
+  # Facebook
+  article:publisher: "https://www.facebook.com/PrivacyGuides.org"
+  article:tag: "Technology"
+
   # Mastodon
   fediverse:creator: *author_mastodon
 

theme/layouts/home.yml

@@ -44,6 +44,9 @@ tags:
   og:image:height: "{{ image.height }}"
   og:url: "{{ page.canonical_url }}"
 
+  # Facebook
+  article:publisher: "https://www.facebook.com/PrivacyGuides.org"
+
   # Mastodon
   fediverse:creator: "@privacyguides@neat.computer"
 

theme/layouts/page.yml

@@ -80,6 +80,9 @@ tags:
   og:image:height: "{{ image.height }}"
   og:url: "{{ page.canonical_url }}"
 
+  # Facebook
+  article:publisher: "https://www.facebook.com/PrivacyGuides.org"
+
   # Mastodon
   fediverse:creator: "@privacyguides@neat.computer"
 

theme/layouts/pride.yml

@@ -64,6 +64,9 @@ tags:
   og:image:height: "{{ image.height }}"
   og:url: "{{ page.canonical_url }}"
 
+  # Facebook
+  article:publisher: "https://www.facebook.com/PrivacyGuides.org"
+
   # Twitter
   twitter:card: summary_large_image
   twitter:title: *page_title_with_site_name

tools/generate-members.py

@@ -1,102 +1,20 @@
 import requests
 import os
 
-GITHUB_API_URL = "https://api.github.com/graphql"
-GITHUB_TOKEN = os.getenv("GH_TOKEN")
-ORG_NAME = "privacyguides"
-
 # Fetch members from the API
-members_api_url = "https://discuss.privacyguides.net/g/members/members.json?offset=0&order=added_at&asc=true"
-headers = {
-  "Api-Key": os.getenv("DISCOURSE_API_KEY"),
-  "Api-Username": "system"
-}
-members_response = requests.get(members_api_url, headers=headers)
-members_data = members_response.json()
-
-if 'members' not in members_data:
-  raise KeyError("Response JSON does not contain 'members' key")
+members_api_url = os.getenv('MEMBERS_API_URL', 'https://ghost.privacyguides.org/cache/members.json')
+members_response = requests.get(members_api_url)
+members_data = members_response.json()[0]
 
 members = members_data['members']
-public_members_count = 0
-private_members_count = 0
 
 html_output = ""
 for member in members:
-  flair_name = member.get('flair_name')
-  title = member.get('title')
-  if flair_name == "members" or title == "Member":
-    username = member['username']
-    avatar_template = member['avatar_template']
-    avatar_url = f"https://discuss.privacyguides.net{avatar_template.replace('{size}', '128')}"
-    profile_url = f"https://discuss.privacyguides.net/u/{username}"
-    html_output += f'<a href="{profile_url}" target="_blank" title="@{username}" class="mdx-donors__item"><img loading="lazy" src="{avatar_url}"></a>'
-    public_members_count += 1
-
-# print(html_output)
-
-query = """
-{
-  organization(login: "%s") {
-    sponsorshipsAsMaintainer(first: 100) {
-      nodes {
-        sponsorEntity {
-          ... on User {
-            login
-            avatarUrl
-            url
-          }
-          ... on Organization {
-            login
-            avatarUrl
-            url
-          }
-        }
-        createdAt
-      }
-    }
-  }
-}
-""" % ORG_NAME
-
-headers = {
-    "Authorization": f"Bearer {GITHUB_TOKEN}",
-    "Content-Type": "application/json"
-}
-
-response = requests.post(GITHUB_API_URL, json={'query': query}, headers=headers)
-data = response.json()
-
-if 'errors' in data:
-    raise Exception(f"GraphQL query failed with errors: {data['errors']}")
-if 'data' not in data:
-    raise KeyError(f"Response JSON does not contain 'data' key: {data}")
-
-sponsors = data['data']['organization']['sponsorshipsAsMaintainer']['nodes']
-
-# Sort sponsors by the date they began their sponsorship
-sponsors.sort(key=lambda x: x['createdAt'])
-
-for sponsor in sponsors:
-    sponsor_entity = sponsor['sponsorEntity']
-    login = sponsor_entity['login']
-    avatar_url = sponsor_entity['avatarUrl']
-    url = sponsor_entity['url']
-    html_output += f'<a href="{url}" title="@{login}" rel="ugc nofollow" target="_blank" class="mdx-donors__item"><img loading="lazy" src="{avatar_url}&size=120"></a>'
-
-# Fetch the number of active members from the Magic Grants API
-magic_grants_url = "https://donate.magicgrants.org/api/active-members?fund=privacyguides"
-magic_grants_response = requests.get(magic_grants_url)
-magic_grants_data = magic_grants_response.json()
-
-if 'members_count' not in magic_grants_data:
-  raise KeyError("Response JSON does not contain 'members_count' key")
-
-private_members_count += magic_grants_data['members_count']
-private_members_count -= public_members_count
+  username = member['username']
+  html_output += f'<a href="{member['url']}" target="_blank" title="@{member['username']}" class="mdx-donors__item"><img loading="lazy" src="{member['avatar']}"></a>'
 
 # Append the count of private members
-if private_members_count > 0:
-  html_output += f'<a href="https://donate.magicgrants.org/privacyguides" class="mdx-donors__item mdx-donors__item--private">+{private_members_count}</a>'
+if members_data['unaccounted'] > 0:
+  html_output += f'<a href="https://donate.magicgrants.org/privacyguides" class="mdx-donors__item mdx-donors__item--private">+{members_data["unaccounted"]}</a>'
 
 print(html_output)