docs!: Move most documentation to forum

Signed-off-by: Jonah Aragon <jonah@privacyguides.org>

.vscode/ltex.dictionary.en-US.txt

@@ -561,3 +561,4 @@ Chaum
 unlinkability
 Kagi
 Secureblue
+pseudonymity

blog/posts/age-verification-wants-your-face.md

@@ -0,0 +1,112 @@
+---
+date:
+    created: 2025-05-06T21:45:00Z
+categories:
+    - News
+authors:
+    - em
+description: Age verification laws and propositions forcing platforms to restrict content accessed by children and teens have been multiplying in recent years. The problem is, implementing such measure necessarily requires identifying each user accessing this content, one way or another. This is bad news for your privacy.
+schema_type: AnalysisNewsArticle
+preview:
+  cover: blog/assets/images/age-verification-wants-your-face/ageverification-cover.webp
+---
+
+# Age Verification Wants Your Face, and Your Privacy
+
+![A stylized photo showing a person holding a printed photo of their face in front of their actual face.](../assets/images/age-verification-wants-your-face/ageverification-cover.webp)
+
+<small aria-hidden="true">Photo: Kyle Glenn / Unsplash</small>
+
+Age verification laws and propositions forcing platforms to restrict content accessed by children and teens have been multiplying in recent years. The problem is, implementing such measures necessarily requires identifying each user accessing this content, one way or another. This is bad news for your privacy.<!-- more -->
+
+For a few years now, several legislators in North America, Europe, and Australia have expressed concern about children and teens accessing certain types of content online. While there is no doubt some online content can be worrisome, implementing a technological solution for this is [extremely problematic](https://www.jonaharagon.com/posts/age-verification-is-incompatible-with-the-internet/).
+
+By mandating platforms to be legally responsible to verify a user's age, regulators effectively force them to identify each user requesting access to content deemed inappropriate under a certain age threshold.
+
+If these regulations continue to proliferate, this could lead to the end of pseudonymity online.
+
+## How can age be verified online
+
+Verifying age online is [difficult](https://www.woodhullfoundation.org/fact-checked/online-age-verification-is-not-the-same-as-flashing-your-id-at-a-liquor-store/). There isn't any magical solution to it, it's either recording how a user looks or scanning official documents.
+
+Conducting verification "on-device" offers only few additional protections considering this information still has to be checked and reported with an external service, somehow.
+
+Moreover, processes used to keep this data "on-device" are often opaque. Taking into account how valuable this information is, it becomes very difficult to trust any for-profit third-party services which such a sensitive task.
+
+Users' faces and official documents are two types of very sensitive information. Who becomes responsible to collect, process, store, and safeguard this data? With whom does this data get shared, and for which other purposes? And how accurate is this data anyway?
+
+### Facial scans
+
+Some platforms and third-party providers of the rapidly growing "[identity verification industry](https://www.businessresearchinsights.com/market-reports/digital-identity-verification-market-118180)" have started to use facial recognition and face scan systems in order to determine a user's age.
+
+The problem is, the systems are [horrible for everyone's privacy](https://www.liberties.eu/en/stories/facial-recognition-privacy-concerns/44518), extremely problematic to use due to [racist and gendered biases](https://www.aclu-mn.org/en/news/biased-technology-automated-discrimination-facial-recognition), [inaccurate](https://www.eff.org/deeplinks/2025/01/face-scans-estimate-our-age-creepy-af-and-harmful) to determine the correct age, and on top of all that, [can be cheated](https://www.theregister.com/2022/05/22/ai_in_brief/).
+
+### Official documents
+
+The second solution is to require users to provide an official piece of ID. Considering an official ID often contain a photo, full legal name, date of birth, home address, and government specific codes, this is even worse.
+
+All this sensitive data then gets collected by either the platform itself or a third-party provider with little oversight or incentive to protect this data at all. Leaks and breaches for this enormous data trove are just around the corner. Unfortunately, this isn't speculative, [data leaks have already occurred](https://www.404media.co/id-verification-service-for-tiktok-uber-x-exposed-driver-licenses-au10tix/).
+
+The more copies of your official documents exist online, the greater the risk this data *will get exposed*, and the less value this document has to actually identify you when it's *truly* needed.
+
+And again, this sort of verification is easy to cheat. Any determined teenager will soon learn how to either create a fake ID, use someone else's ID, or go around this verification system in another way.
+
+Age verification laws will *without a doubt* support a flourishing criminal industry to provide fake or stolen IDs even more easily online.
+
+## Where age verification is (or will be) required
+
+In April this year, [Discord started to test age verification systems](https://www.theverge.com/news/650493/discord-age-verification-face-id-scan-experiment) using facial or ID scans, as a way to comply with [Australia](https://www.bbc.co.uk/news/articles/c89vjj0lxx9o)'s and [UK](https://www.theverge.com/2023/10/26/23922397/uk-online-safety-bill-law-passed-royal-assent-moderation-regulation)'s new laws.
+
+This measure only applies to access certain protected posts for users located in Australia and the United Kingdom and at this time, but don't be surprised if it soon gets implemented at the account level for users everywhere.
+
+In the [United States](https://action.freespeechcoalition.com/age-verification-resources/state-avs-laws/), many states have already passed some types of age verification laws, and several others have proposed such laws. In [Canada](https://www.eff.org/deeplinks/2024/09/canadas-leaders-must-reject-overbroad-age-verification-bill) and [Europe](https://digital-strategy.ec.europa.eu/en/funding/call-tenders-development-consultancy-and-support-age-verification-solution), legislators have also been pushing for similar regulations to block content online subject to age verification.
+
+There is no doubt the more countries pass similar prohibitive laws, the more other countries will soon follow.
+
+Some hope however, this month a US federal judge ruled an age verification [law in Arkansas unconstitutional](https://thehill.com/homenews/state-watch/5228836-judge-blocks-social-media-age-verification-law-in-arkansas/).
+
+## Who decides what is sensitive content
+
+When talking about age verification, most assume this only applies to obvious pornographic content. However, many of these laws have [much wider reach](https://www.eff.org/deeplinks/2025/01/impact-age-verification-measures-goes-beyond-porn-sites).
+
+For example, the Australian law prohibits access to social media altogether for anyone under the age of 16. This means that, once the law comes into full effect after its transitional period, anyone who uses social media in Australia will have to prove they are older than this age. It is likely that all Australian users will have to provide some form of identifying data to continue using their social media accounts. **This is a privacy nightmare.**
+
+When laws target specific content, definition of what is appropriate and what isn't is often too broad. Moreover, this definition is subject to change from one administration to another.
+
+There are also wide differences from one country to another. For example, some countries sadly consider simple discussions of gender identity or sexual orientation to be sensitive content. What is deemed inappropriate to children in one culture might not be the same in another.
+
+Automating this sort of censorship leads to a lot of misfiring. There has already been numerous instances of [breastfeeding photos mislabelled](https://www.cbc.ca/news/world/facebook-clarifies-breastfeeding-pics-ok-updates-rules-1.2997124) for nudity. Important educational material for sex education could get censored and inaccessible to children, who critically need access to it *before* adulthood.
+
+Who will decide which content should be censored and which shouldn't? Will countries hosting the big tech platforms end up having a greater decision power in the matter? Will platforms simply decide to apply the strongest level of restriction worldwide?
+
+## Age verification isn't effective
+
+Even if we could somehow find a global consensus that is perfectly ethical and never misfires on which content children shouldn't access, it will likely fail.
+
+Children, and teenagers especially, are and have always been incredibly effective at going around such limitation to feed their curious minds.
+
+First, there are technical tools such as VPNs and proxies of all sort to go around location-based restrictions. Then, there's the classic fake ID, and its modern evolution: deepfake face. There will also be without a doubt a growing market of pre-verified "adult" accounts up for sale online.
+
+Perhaps age verification measures will work for a couple of months, until products to evade it get the word out, then they'll become useless. Only leaving the ashes of your social media legal consenting adult pseudonymity in its path.
+
+## Why it's bad news for everyone's privacy
+
+Age verification will require all platforms and/or third-party identification service providers to collect an enormous trove of sensitive data on everyone.
+
+This goes against all principles of data minimization, generally a vital part of data protection regulations.
+
+Daily occurrences of data breach incidents have taught us we cannot trust these services to safeguard our data. Data breaches for this sensitive information are only a matter of time.
+
+The concentration of such valuable data will likely be monetized and resold either by the platforms themselves, by the for-profit third-party "age assurance" providers they use, or eventually by the criminals who stole it from them.
+
+This data trove will include face scans of children with their location (trying to pass as adults), and faces and official documents from every adult in the world using social media, if this kind of regulation gets implemented at large.
+
+**The privacy and safety implications of this are absolutely disastrous**.
+
+## Age verification is not the solution
+
+Sadly, age verification legislation will not help safeguard children from harmful content online, but it will effectively remove protection for anyone needing pseudonymity online to [stay safe](privacy-means-safety.md). Moreover, it will put everyone at a much greater risk of victimization by identify theft, impersonation, stalking, and worse.
+
+Despite the perhaps well-intended legislators, technological solutions aren't always adequate to solve every problem we have. Here again, education and content moderation are likely much better ways to deal with this sort of issues.
+
+In the meantime, don't be surprised if you cross a teenager on the street suddenly pointing their phone to scan *your* adult face, or a young relative looking in your wallet. They probably won't be looking for your money, but most likely for your adult ID.

blog/posts/in-praise-of-tor.md

@@ -0,0 +1,420 @@
+---
+date:
+    created: 2025-04-30T20:30:00Z
+    updated: 2025-05-06T18:00:00Z
+categories:
+    - Explainers
+tags:
+    - Tor
+authors:
+    - em
+description: You might have heard of Tor in the news a few times, yet never dared to try it yourself. Despite being around for decades, Tor is still a tool too few people know about. Today, Tor is easy to use for anyone. It not only helps journalists and activists, but anybody who seeks greater privacy online or access to information regardless of location. But what is Tor exactly? How can Tor help you? And why is it such an important tool?
+schema_type: OpinionNewsArticle
+preview:
+  cover: blog/assets/images/in-praise-of-tor/tor-cover.webp
+---
+
+# In Praise of Tor: Why You Should Support and Use Tor
+
+![The Tor Project logo over a series of Tor icons on a purple background.](../assets/images/in-praise-of-tor/tor-cover.webp)
+
+<small aria-hidden="true">Illustration: Em / Privacy Guides | Logo and icons: The Tor Project</small>
+
+You might have heard of Tor in the news a few times, yet never dared to try it yourself. Despite being around for decades, Tor is still a tool too few people know about.
+
+Today, Tor is easy to use for anyone. It helps not only journalists and activists, but anybody who seeks greater privacy online or access to information regardless of location. But what is Tor exactly? How can Tor help you? And why is it such an important tool?<!-- more -->
+
+## :simple-torbrowser: What is Tor
+
+Tor is an overlay network that was specifically designed to protect the privacy of its users. The Tor Network uses multiple layers of encryption and relays in order to protect a person's location and other potential identifiers, such as an IP address.
+
+Its name comes from the acronym for **The Onion Router**, a [routing system](https://en.wikipedia.org/wiki/Onion_routing) using multiple layers that can get peeled off at each step, like an onion 🧅
+
+This special network can be easily accessed by anyone, for free, through the Tor Browser. The Tor Browser is as easy to use as any other browser you are familiar with already.
+
+Both the tools for the Tor Network and the Tor Browser are maintained by a nonprofit organization called the Tor Project.
+
+### The Tor Network
+
+The [Tor Network](https://en.wikipedia.org/wiki/Tor_(network)) was deployed in 2002, although its core principle was developed in the mid 1990s. It was first created at the United States Naval Research Laboratory in order to protect intelligence communication online.
+
+In 2004, the laboratory released the project's code under a free and open source license, and the Electronic Frontier Foundation (EFF) began funding its development. A few years later, the onion routing project officially became the Tor Project.
+
+Today, Tor is one of the [largest](https://metrics.torproject.org/) anonymity networks, with thousands of relays and millions of users worldwide.
+
+#### How does it work
+
+The Tor Network is run by a community of volunteers who operate the relays required for the network to function.
+
+Each time someone uses the Tor Network, the communication passes through at least 3 relays: A Guard Relay, a Middle Relay, and an Exit Relay. Each relay has a different function to protect the communication.
+
+**The Guard Relay** knows where the communication is from (IP address), but doesn't know where it's going (which website is visited, for example). This relay only knows that you want to access the Tor Network. Its task is to send your encrypted communication to a Middle Relay, but it cannot read it.
+
+**The Middle Relay** doesn't really know anything. It doesn't know who you are nor where you are going. It only knows a Guard Relay wants to send encrypted data to an Exit Relay. The Middle Relay transfers this communication from one relay to another, and it cannot read it either.
+
+**The Exit Relay** has no idea who you are. It only knows someone, somewhere, wants to access this website (or other content). The Exit Relay will get the information from the website, then send it back to the Middle Relay, so that you can receive it from the Guard Relay. If you only visit pages using HTTPS, the Exit Relay can know someone is visiting this website, but cannot know what they are doing on it. Visiting *non-onion* websites using HTTPS instead of just HTTP is **[very important](https://support.torproject.org/https/https-1/)** for security and privacy.
+
+<div class="admonition info" markdown>
+<p class="admonition-title">Onion service websites</p>
+
+Onion service websites are special websites that can only be accessed using the Tor Network.
+
+They are easy to recognize because they use the .onion domain at the end, and are often composed of a long string of seemingly random characters. Onion websites offer protections equivalent to HTTPS.
+
+You can see this represented by the [onion padlock icon](https://support.torproject.org/onionservices/onionservices-5/) in the Tor Browser.
+
+</div>
+
+#### How Tor works using a letter and envelopes analogy
+
+Tor works a bit as if you put a letter (request) into an envelope with someone's address. Then, you put this envelope in another envelope addressed to someone else, with instructions. Finally, you put this second envelope in yet another one.
+
+Each envelope protects the content of the other, and can only be opened one at the time by each recipient. In this analogy, each recipient (relay) has a key that can only open the envelope addressed to them, and not the others.
+
+![Graphic representation of a Tor Circuit composed of a Guard Relay, a Middle Relay, and an Exit Relay using a letter and envelopes analogy.](../assets/images/in-praise-of-tor/tor-diagram.webp)
+<small aria-hidden="true">Illustration: Em / Privacy Guides</small>
+
+#### What is a Tor Circuit
+
+The network of randomly selected relays to complete a request on the Tor Network is called a Tor Circuit. This circuit changes each time a new connection is established.
+
+From the Tor Browser, you can see each relay that was selected for a circuit, and even change it manually. To generate a new circuit, click on the "Tor Circuit" button on the upper-left of the browser, then on "New Tor circuit for this site" at the bottom.
+
+![Screenshot from the Tor Browser showing a popup window from the Tor Circuit button.](../assets/images/in-praise-of-tor/tor-torcircuit.webp)
+
+### The Tor Browser
+
+The [Tor Browser](https://www.torproject.org/download/) was created in 2008 to facilitate access to the Tor Network. It is a modified version of Mozilla's Firefox browser, and can be installed on Linux, macOS, Windows, and Android systems.
+
+The Tor Browser start configuration is private by default. No additional extensions are required to make it more secure or more private. Actually, it's even discouraged to install any additional extensions, as this would weaken its [fingerprinting resistance](https://blog.torproject.org/browser-fingerprinting-introduction-and-challenges-ahead/).
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Highest security settings</p>
+
+Even if the Tor Browser is configured to be private by default, if you are in an especially sensitive situation, for example if you are using Tor as a whistleblower or a dissident activist, you might want to adjust the Tor Browser security level to "Safest".
+
+For this, click on the shield icon on the upper-right, then on the "Settings" button in blue, and select "Safest" instead of the default "Standard".
+
+**Important:** Each time you change the security level, you **must** make sure to restart the browser to ensure all changes have taken effect. Otherwise, [some changes](tor-security-slider-flaw.md) might not have been applied yet.
+
+</div>
+
+![Screenshot from the Tor Browser showing a warning from the SecureDrop website to adjust Tor security level to Safest.](../assets/images/in-praise-of-tor/tor-safestsetting.webp)
+
+The default search engine is the privacy-focused [DuckDuckGo](https://www.privacyguides.org/en/search-engines/#duckduckgo). You will not even find Google in the options for the default search engine. More browsers should follow this good practice.
+
+The first page opening with the Tor Browser will give the option to Connect to Tor. From there, you can click on "Connect" to start browsing through Tor, or on "Configure Connection" if you need additional settings. For example, if you need to set up a [Bridge](https://bridges.torproject.org/) because Tor is blocked from your country.
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Only connect to Tor if it is safe for you</p>
+
+Be careful when using Tor from a country where Tor might be blocked or perceived as suspicious. Similarly, be careful if you connect from a location where revealing you have been using Tor [could](#depending-on-where-you-are-using-tor-is-likely-safe) be dangerous to you.
+
+</div>
+
+![Screenshot from the Tor Browser showing the "Connect to Tor" welcome page.](../assets/images/in-praise-of-tor/tor-torbrowser.webp)
+
+Once connected to the Tor Network, you will be directed to the DuckDuckGo welcome page, and you can search or type any URLs in the address bar, like you would with any other browser.
+
+If you know an organization has an onion site (a website that is only accessible through Tor), you can type this onion address directly in the address bar.
+
+If you don't know if an organization has an onion site, you might find it from its regular URL. For example, if you visit privacyguides.org from the Tor Browser, you will notice a purple button on the right informing you that an onion version of this website is available, click on it to get redirected to it.
+
+![Screenshot from the Tor Browser showing the Privacy Guides website with an onion available purple button right to the address bar.](../assets/images/in-praise-of-tor/tor-privacyguides.webp)
+
+<div class="admonition info" markdown>
+<p class="admonition-title">Mullvad Browser and the Tor Project</p>
+
+If you are familiar with the Mullvad Browser, know that the Mullvad Browser was developed by the Tor Project team!
+
+The Mullvad Browser was born of a [collaboration](https://blog.torproject.org/releasing-mullvad-browser/) between Mullvad VPN and the Tor Project, to build a browser that offers similar privacy features to the Tor Browser, but while using it through a VPN instead of through the Tor Network (both offering different benefits).
+
+The Mullvad Browser can also be used without a VPN, and will still provide better privacy protections than most other browsers. It cannot be used to access the Tor Network, however.
+
+</div>
+
+### The Tor Project
+
+The [Tor Project](https://www.torproject.org/) is the US-based nonprofit organization maintaining the software and community for the Tor Network, and developing and maintaining the Tor Browser. It's also a privacy advocacy organization, with a mission to advance human rights and freedoms around the world through the free technology it creates.
+
+The nonprofit was founded in 2006 and gets its funding from [various sources](https://www.torproject.org/about/supporters/) including government grants, independent contributors, and individual [donations](https://donate.torproject.org/).
+
+## :octicons-lock-16: What Tor can do
+
+### Improve Privacy
+
+Tor is not magical, but it's by far one of the best privacy tool we have. Using Tor will not make you perfectly anonymous online, but it will greatly reduce the traces your leave online.
+
+Here are a few benefits Tor can provide for your privacy:
+
+- Tor can prevent the websites you are visiting from collecting your IP address (and your IP address can indeed lead to identifying *you*).
+
+- Tor can prevent your Internet Service Provider (ISP), Virtual Private Network (VPN) provider, or authorities requesting information from them to collect a list of the websites you have visited. They will know however that you have been using Tor.
+
+- The Tor Browser isolates each website you visit. This prevents ads and trackers from following you around, potentially popping up later in your [Facebook ads and accidentally outing you](https://www.intomore.com/culture/you/facebook-ads-outed-me/).
+
+- The Tor Browser is fingerprinting resistant. This reduces the ways you can be tracked and identified online, even without your IP address.
+
+- When keeping the default settings, the Tor Browser only uses private windows and will not keep any traces of your browsing history. It will also delete all cookies and site data when closing.
+
+### Circumvent censorship
+
+Because of how the Tor Network redirects traffic, it's a perfect tool to resist censorship. Using Tor can give access to websites or services that aren't accessible from a country blocking them.
+
+Even from a region where Tor itself is actively blocked, the network can still be accessed using [pluggable transports](https://tb-manual.torproject.org/circumvention/).
+
+Using this type of measures to circumvent government censorship will make Tor accessible even from countries with heavily censored internet, such as [China](https://support.torproject.org/censorship/connecting-from-china/), [Russia](https://blog.torproject.org/call-for-webtunnel-bridges/), [Iran](https://forum.torproject.org/t/iran-circumventing-censorship-with-tor/4590), and many others.
+
+<div class="admonition question" markdown>
+<p class="admonition-title">If you can't download the Tor Browser from your country</p>
+
+If you cannot download the Tor Browser because of your country's censorship, and **if it is safe for you to do**, you can try downloading the browser from a proxy website such as the [EFF website](https://tor.eff.org/), the [Calyx Institute website](https://tor.calyxinstitute.org/).
+
+You can even directly email **<gettor@torproject.org>** and send the name of your operating system (Linux, macOS, Windows) to get a direct link to download the Tor Browser.
+
+</div>
+
+If you want to help people around the world access the internet freely, you can volunteer to run a [Tor Snowflake](https://snowflake.torproject.org/) proxy. For more tech-savvy volunteers, you can also help by running a [Tor Bridge](https://community.torproject.org/relay/setup/bridge/), or even a [WebTunnel Bridge](https://community.torproject.org/relay/setup/webtunnel/).
+
+## :octicons-heart-16: Why Tor is so important
+
+### Tor is vital for human rights and democracy
+
+Tor is an essential tool for journalists, activists, whistleblowers, dissidents, and people in vulnerable situations everywhere. It is one of the best tool we have to increase privacy online, and to resist censorship from oppressive regimes.
+
+Thanks to Tor, activists have a safe way to continue fighting for human rights.
+
+Some of the most respected human rights organizations use Tor to offer safe access to their services and information. This includes organizations such as [Amnesty International](https://www.amnesty.org/en/latest/news/2023/12/global-amnesty-international-website-launches-on-tor-network-to-help-universal-access/), [Electronic Frontier Foundation](https://www.eff.org/deeplinks/2023/04/eff-now-has-tor-onions), Freedom of The Press Foundation, and of course the Tor Project.
+
+Without Tor, journalists would lose invaluable sources of information provided by courageous whistleblowers reporting in the public interest.
+
+Without Tor, brave citizens fighting against authoritarian governments would be at much greater risk when organizing and bringing vital information to the public's attention.
+
+Without Tor, victims of domestic violence and LGBTQ+ people living in hostile environments could be in much greater danger when researching life-saving information online.
+
+Without Tor, people living in oppressive regimes would not have access to the crucial information they need to fight for freedom, democracy, and peace.
+
+<div class="admonition success" markdown>
+<p class="admonition-title">Add an onion service for your organization's website</p>
+
+If you would like to add this service for your website to help more people access it safely, you can [read more](https://blog.torproject.org/more-onions-porfavor/) about onion services on the Tor Project Blog. As of 2021, you can even [get](https://blog.torproject.org/tls-certificate-for-onion-site/) domain-validated certificates for your onion site using HARICA, an operator founded by a nonprofit civil society from Greece.
+
+</div>
+
+### Tor is for everyone to use
+
+Tor is a tool that can help so many people. But Tor isn't *only* for people in highly sensitive situations like whistleblowers and journalists, Tor is for everyone!
+
+Of course, people in more dangerous situations will *need* Tor to stay safe, but everyone can benefit from Tor's privacy protections in their daily lives. I personally use Tor when I am forced to visit Google Map. Not because it's dangerous to me, but just because I greatly dislike the idea of Google tracking my location activities.
+
+Tor can also help fighting surveillance capitalism!
+
+Moreover, you can considerably help people in dangerous situations by using Tor for trivial reasons like I do.
+
+By using Tor for banal activities, when you aren't in any danger worse than a nasty ad-attack, you help to normalize the use of Tor and add more noise to the traffic. The more people do this, the more using Tor becomes just something people do when they care about privacy online, and nothing more.
+
+### Who uses Tor?
+
+- Anyone who cares about privacy!
+- Journalists who need to conduct research and protect their sources.
+- Whistleblowers using special websites to communication information to newspapers anonymously.
+- Democracy activists fighting against authoritarian governments who require anonymity online to stay safe from persecution.
+- People living under oppressive regimes who need to circumvent their country's censorship to access information freely.
+- Victims of domestic violence who need to research safe shelters and supportive resources without raising suspicion from their aggressor.
+- LGBTQ+ people living in hostile environments who need to access information online and stay connected with their community.
+- Generous people who want to [help and support](https://blog.torproject.org/support-tor-project-share-your-story/) all the above 💜
+
+The Tor community has gathered this [wonderful collection of anonymous user stories](https://community.torproject.org/outreach/stories/) from people describing why they use Tor.
+
+### Tor is critical public infrastructure
+
+To keep Tor strong for everyone, it's essential to support and grow the network of volunteer-operated relays forming the Tor Network.
+
+Thousands of journalists and activists rely on the Tor Network every day to stay safe and to continue their important work.
+
+Furthermore, **countless privacy-oriented projects depend on the Tor Network**.
+
+To name only a few, the messaging applications [Briar](https://briarproject.org/), [Cwtch](https://docs.cwtch.im/), and [SimpleX](https://simplex.chat/) all use Tor to harden some of their privacy-preserving features.
+
+For whistleblowers to stay safe, both [SecureDrop](https://securedrop.org/) and [Hush Line](https://hushline.app/) use the Tor Network. Many [newsrooms around the world](https://securedrop.org/directory/) host onion services to protect sources, such as The Guardian in the UK, CBC in Canada, ProPublica in the US, and many more.
+
+There's also all the applications protecting people with the highest needs such as [Tails](https://tails.net/), [OnionShare](https://onionshare.org/), and [more](https://github.com/Polycarbohydrate/awesome-tor).
+
+**Losing the Tor Network would mean losing all the applications and features relying on it.**
+
+This would be disastrous for the privacy community, journalists, activists, dissidents, victims of domestic violence, LGBTQ+ population, and so many worldwide.
+
+From a human rights perspective, **we simply cannot afford to lose Tor**.
+
+## :octicons-question-16: Things to consider when using Tor
+
+### Tor compared to VPN protections
+
+When using a VPN, your ISP will not know which websites you visit online (or other activities). Your ISP will see that you are connecting to a VPN, but will not know what you do from there. Your VPN however *could* know which websites you visit. Using a VPN is a transfer of trust from your ISP. When using a VPN, you should always trust your VPN provider more than your ISP.
+
+The websites you visit will see the IP address of your VPN provider instead of yours. This can help protect your identity and location, but they will know this connection uses a VPN.
+
+VPNs can offer great benefits for your privacy. However, if your VPN provider was compelled by law to provide the logs of the websites you visited (or will visit), it is *technically* possible to do for them.
+
+When using the Tor Network correctly, no one knows which websites *you visited*, or other services you accessed. Your ISP or VPN provider will only know you have accessed Tor, but will not know which websites you have visited from there. Even if compelled by law, they could only share that you have accessed Tor, at this specific time.
+
+The websites you have visited also won't know who you are (unless you tell them). They will only know someone accessed their websites through Tor, at this specific time.
+
+The relays used for a Tor Circuit cannot alone re-recreate the link between your IP address and the websites you visit either. This offers much stronger protection for your privacy than a VPN does.
+
+### Who knows you are using Tor
+
+When using the Tor Network, your ISP and the Guard Relay will both know you (the IP address you are using) are using Tor.
+
+To prevent this, you [could](https://www.privacyguides.org/en/advanced/tor-overview/#safely-connecting-to-tor) use Tor from a [trustworthy VPN](https://www.privacyguides.org/en/vpn/).
+
+If you do so, your VPN provider will know you are using Tor, but your ISP will not. Your ISP will only see you are accessing your VPN, and the Tor Guard Relay will see your VPN's IP address instead of yours.
+
+### HTTPS for non-onion websites
+
+The Exit Relay from the Tor Circuit will see someone is accessing this website (or other service).
+
+If you were to use Tor to visit a non-onion website that isn't protected with HTTPS, and log in with your credentials, this Exit Relay *could* technically read this information. Using HTTPS with non-onion websites is *very* important when using Tor. Onion sites offer protections that are equivalent to HTTPS.
+
+### Be careful with files when using Tor
+
+While it's safe to visit secured websites through Tor, be careful when downloading files or opening documents.
+
+Depending on what kind of files it is, there are a number of problems that could arise. For example, it's a [bad idea](https://blog.torproject.org/blog/bittorrent-over-tor-isnt-good-idea) to download torrent files over Tor. Additionally, Tor will not protect you from downloading malware or exposing metadata with shared files.
+
+If you need to share files through Tor with a *trusted* contact, [OnionShare](https://www.privacyguides.org/en/file-sharing/#onionshare) is a good option.
+
+## :octicons-stop-16: Addressing misconceptions
+
+There has been misconceptions floating around about Tor. Most of them repeat similar misinformation attributed to many other privacy tools: Why using this if you have nothing to hide? But this argument is incredibly flawed and comes from a naive understanding of privacy rights and needs.
+
+Most people use privacy tools for protection, and everyone needs protection. Moreover, [privacy is a fundamental right](https://www.privacyguides.org/videos/2025/04/17/is-privacy-dead/) intrinsically connected to democracy and civil liberties.
+
+### The dark web, the deep web, and the surface web
+
+Some misconceptions have spread from confusion on what the *deep* web and the *dark* web are. Because yes, Tor is part of the dark web.
+
+While using the term "dark web" might make for great sensationalist news title, the dark web isn't anything to fear.
+
+It's not "dark" as in "dark intent" or the "dark side of the Force". It's really just dark as in "it's so dark on this road, I can't read the addresses around".
+
+This dark web needs special software, configuration, or authorization to access it. For example, **the Tor Browser is the streetlight you need to navigate on the Onion roads**.
+
+If you use Tor to visit the Privacy Guides onion site, you will be using the dark web. It's a website (or website version) that can only be accessed using a specialized tool. That's it!
+
+The dark web is part of the deep web, which is simply all the online information that isn't indexed by any standard web search engines. Aren't you happy your bank account is on the deep web?
+
+![Illustration of an iceberg where the tip above water represents the surface web, the part underwater represents the deep web, and the part under the iceberg represents the dark web.](../assets/images/in-praise-of-tor/tor-darkweb.webp)
+<small aria-hidden="true">Illustration: Em / Privacy Guides | Inspired by: [Ranjithsiji](https://commons.wikimedia.org/wiki/File:Iceberg_of_Webs.svg)</small>
+
+### Criminals use envelopes, doors, and clothing too
+
+Some fear that Tor is used by criminals. While that might be true some criminals use Tor, a lot of people who aren't criminals at all also use Tor.
+
+This kind of argument really leads nowhere. Criminals also use Google, Facebook, and Twitter (a lot actually). Criminals use envelopes to hide their ransom letters, closed doors to hide their crimes, and clothing to conceal weapons! Are we going to forbid clothing because some (all?) criminals use clothing to hide their weapons?
+
+**We shouldn't ban clothing, and we shouldn't ban Tor either.** There are other better ways to catch criminals than removing a tool millions use to stay safe online.
+
+### Tor receives government funding
+
+Yes, Tor does receive government funding, and that's a good thing. A lot of nonprofit organizations receive government funding as a stable ([usually](https://www.privacyguides.org/articles/2025/02/03/the-future-of-privacy/#the-tools-you-use-might-depend-on-government-funding)) source of income. Our governments *should* be contributing financially to the tools we all use to improve our security and privacy for free, moreover if they are using it themselves.
+
+While any organization should thrive to diversify its sources of income to reduce its dependency on large contributors, it's not always easy to do.
+
+If you feel uneasy about a privacy tool you use receiving government funding, the best thing you can do to fight this is to [donate](https://donate.torproject.org/) directly to reduce its dependence to it.
+
+### Depending on where you are, using Tor is likely safe
+
+If you are not living under an oppressive regime with heavy censorship, it's likely that using Tor is safe for you, and will not put you on "a list". Even if it was putting you on "a list", it likely is a list full of great people working to defend human rights and privacy rights online.
+
+That being said, **if you are living in a region where using Tor is dangerous**, and could put you on a list of anti-regime dissidents, you *should absolutely* be careful and take special measures to hide your usage of Tor.
+
+Additionally, **if you are in a vulnerable situation** where an aggressor has access to your device or ISP information, and could hurt you if they knew you have used Tor, you should use a Tor Bridge and only [access Tor through Tails](https://www.privacyguides.org/articles/2025/01/29/installing-and-using-tails/).
+
+### Tor is fantastic for your privacy, but is not magical
+
+Tor is a great tool to improve your privacy online and make it much harder to identify you, your location, and the content you access online. However, it will not make you magically anonymous.
+
+If you use Tor with files containing metadata about you, this metadata can still identify you.
+
+If you use Tor to log in your Facebook account, then of course Facebook still knows it's you, and now also knows you are using Tor.
+
+If you use Tor to create a new account, but use an email address, phone number, username, or profile picture you used elsewhere when not connected through Tor, then your Tor activity can get linked to your previous activity.
+
+If you use Tor to reveal information so specific that only you, or only someone at your company, or only someone in this small government department could know, then of course authorities can identify you this way.
+
+You should also consider correlation in time when using Tor. If your activity is so specific that it can be narrowed down to only a few people, and your ISP or VPN knows you have accessed Tor at this specific time (and shares this information with authorities), a correlation in time could be enough to de-anonymize you.
+
+### Misconceptions are very detrimental to Tor, and other privacy tools
+
+We need to be extremely careful when spreading information that could be inaccurate or hasn't been verified when talking about Tor (or any other privacy tools).
+
+Misinformation can create mistaken fears and stop people from using a tool they would greatly benefit from.
+
+If someone is so scared of Tor because of some rumor they heard, that they continue their activism from the surface web instead, they could needlessly put themselves at risk.
+
+Furthermore, unjustified bad reputations can severely hurt funding for tools like Tor. This leads to less resources to continue developing the browser, the network, and to advocate for privacy everywhere.
+
+We all have a responsibility to verify which information we share with others, make sure we stop misinformation at its root, and correct harmful misconceptions everywhere we hear them.
+
+## :material-hand-heart-outline: Tor needs our support
+
+**Tor is at risk, and needs our help.** Despite its strength and history, Tor isn't safe from the same attacks oppressive regimes and misinformed legislators direct at encryption and many other privacy-enhancing technologies.
+
+Moreover, due to its US government funding, Tor has already been on the destruction path of the recent hectic government cuts. Thankfully, the US Agency for Global Media finally [rescinded the grant termination](https://www.theregister.com/2025/03/25/otf_tor_lets_encrypt_funding_lawsuit/?td=rt-3a) it had announced on March 15th to the Open Technology Fund, which the Tor Project benefits from. Sadly, considering the unpredictability of the current US administration, this doesn't mean the Tor Project is safe from cuts later on.
+
+As much as the Tor Network relies on generous volunteers to run it, the nonprofit Tor Project relies on grants and donations to survive.
+
+The good news is, we can help with both!
+
+The more individuals donate to the Tor Project, the less it depends on government funding, and the more stable its donation income becomes.
+
+Similarly, the more people volunteer to run a Tor relay, the more stable and reliable the Tor Network becomes.
+
+Tor is a privacy tool so many people, organizations, and applications need to stay safe and secure. It is **our collective responsibility to contribute what we can** to keep Tor strong and thriving for all of us.
+
+### How to support Tor
+
+There are many ways to help Tor survive and thrive! You can help by:
+
+- [Donating to the Tor Project (includes really neat merch!)](https://donate.torproject.org/)
+
+- [Spreading the word about Tor](https://community.torproject.org/outreach/)
+
+- [Joining the Tor community](https://community.torproject.org/)
+
+- [Making your website accessible as an onion service](https://community.torproject.org/onion-services/setup/)
+
+- [Asking your university to run a Tor relay](https://toruniversity.eff.org/)
+
+- [Running a Tor relay yourself](https://community.torproject.org/relay/)
+
+- [Running a Snowflake proxy to help fight censorship](https://community.torproject.org/relay/setup/snowflake/)
+
+- Using Tor for anything from important to trivial
+
+- Sharing this article 💜
+
+## :octicons-bookmark-16: Onion sites you can visit using the Tor Browser
+
+- [Privacy Guides website](http://www.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion/en/) 💛
+- [Privacy Guides forum](http://discuss.6xotdxvg7pexnean3xu6b7ivs7g52zcwsdbnz4mdm4byivc3yfv65aid.onion/)
+- [Amnesty International](https://www.amnestyl337aduwuvpf57irfl54ggtnuera45ygcxzuftwxjvvmpuzqd.onion)
+- [Electronic Frontier Foundation](https://www.iykpqm7jiradoeezzkhj7c4b33g4hbgfwelht2evxxeicbpjy44c7ead.onion/)
+- [Freedom of the Press Foundation](http://fpfjxcrmw437h6z2xl3w4czl55kvkmxpapg37bbopsafdu7q454byxid.onion/)
+- [Secure Drop directory (for whistleblowers)](http://sdolvtfhatvsysc6l34d65ymdwxcujausv7k5jk4cy5ttzhjoi6fzvyd.onion/directory/)
+- [ProPublica](http://p53lf57qovyuvwsc6xnrppyply3vtqm7l6pcobkmyqsiofyeznfu5uqd.onion/)
+- [Internet Archive](https://archivep75mbjunhxc6x4j5mwjmomyxb573v42baldlqu56ruil2oiad.onion/)
+- [OnionShare (file sharing)](http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion/)
+- [Proton Mail](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion/)
+- [Tor Project](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion)
+
+***
+
+For more in-depth information about Tor, you can consult our [Tor Overview](https://www.privacyguides.org/en/advanced/tor-overview/).
+
+<small aria-hidden="true">Unless credited otherwise, all screenshots from: Privacy Guides</small>
+
+---
+
+**Update (5/6):** This article was updated to note [the importance of restarting Tor Browser](tor-security-slider-flaw.md) when changing security level settings.

blog/posts/taking-advantage-of-android-user-profiles.md

@@ -1,120 +0,0 @@
----
-date:
-    created: 2025-04-23T19:00:00Z
-categories:
-    - Tutorials
-authors:
-    - jonah
-description: Android's ability to support multiple user profiles is one of the simplest ways to isolate applications and data on Android, which can provide you with huge privacy and security advantages.
-schema_type: AnalysisNewsArticle
----
-# How to Take Advantage of Multiple Users on Android
-
-![Article cover photo showing a tablet with 3 user profile icons](../assets/images/taking-advantage-of-android-user-profiles/multiple-users-tablet-cover.webp)
-
-<small aria-hidden="true">Illustration: Jonah Aragon / Privacy Guides</small>
-
-One of the simplest ways to isolate different applications and personal data on an Android device is to use **multiple users**. This is a feature which has been widely available on Android phones since 2014, but goes fairly underutilized by most people.<!-- more -->
-
-Originally, this feature was intended to support multiple physical people sharing the same device, with the AOSP team envisioning a second user being added to a tablet for children to use, or critical response teams sharing a phone for on-call duty.
-
-There are two main types of users on Android:
-
-- The **system user**, which is the first user on the device. This user has special privileges and settings that only it can set. The name of this user defaults to "Owner" on English language devices.
-- **Secondary users**, which are any users added to the device other than the system user. These users can be removed (either by the system user or by themselves) and cannot impact other users set up on the device.
-
-## Advantages
-
-While originally intended for multiple people, there are a number of advantages to setting up secondary users on your phone that will benefit even a single person!
-
-### Isolating Apps
-
-Apps installed in one user profile cannot communicate with apps installed in a different user profile. It is not possible to access the app data or storage of one user from a different user at all. The workspaces are completely isolated.
-
-If you have multiple accounts with any apps that don't support multiple logins, this feature can really come in handy. Using multiple users allows you to have multiple, independent copies of an app installed on your device, one per user. Each app install can be logged in with different credentials and have access to different data.
-
-### Isolating Data
-
-Each user has its own set of files, contacts, and media. Apps installed by that user can only access data owned by that user.
-
-This could come in handy if you have two different sets of contacts, say, a work address book and a personal address book, and you want to sync each one to a different user. It also allows you to have a profile for highly sensitive data that only needs to be accessed by a minimal number of apps.
-
-### Resource Management
-
-It is also possible to end the sessions of secondary users, which puts its data at rest (a more secure state) and stops its apps from running in the background.
-
-This is particularly relevant when using a [custom ROM](https://www.privacyguides.org/en/android/distributions) with non-system Google Play Services, such as sandboxed Google Play on GrapheneOS. For example, you could have a secondary user with Google Play Services, and a primary user without, letting you choose when exactly you are making connections to Google. We'll delve deeper into this example later on.
-
-Additionally, each user makes its own independent [VPN](https://www.privacyguides.org/en/vpn) connections. If you have two user sessions running, they could be connected to different VPN providers or different countries. You could even have one user connected to a VPN and one that doesn't use a VPN at all.
-
-### GrapheneOS Specific
-
-If you use [**GrapheneOS**](https://www.privacyguides.org/en/android/distributions/#grapheneos), you can take advantage of additional [features](https://grapheneos.org/features#improved-user-profiles){rel=nofollow} not available with a standard Android phone:
-
-- **Notification forwarding**: Normally, only the notifications of the currently active user on Android are shown. On GrapheneOS, you can optionally configure secondary users to forward their notifications to the currently active profile, so you can make sure you don't miss anything important occurring in a background user session. Remember that you must unlock secondary user profiles before you can receive notifications from them. Otherwise, you will miss important notifications after your phone reboots.
-
-- **Additional user profiles:** GrapheneOS raises the maximum number of secondary users to 31, which means you have the option to be much more granular with how you isolate apps and data than you normally would (the maximum number is configurable by OEMs, but a stock Google Pixel only supports 3).
-
-## Common Setups
-
-When it comes to juggling multiple users, the best approach will always be highly dependent on your data, the apps you use, and your typical workflows.
-
-It's important to think about how **you** use your device because you might use apps in conjunction with one another in ways that someone else might not. Similarly to [Qubes](https://www.privacyguides.org/en/os/qubes-overview), the correct number of isolated users and the apps you install within them is basically subjective. There's no "best" approach.
-
-This being said, there are a few common or popular setups we see within the *Privacy Guides* [community](https://discuss.privacyguides.net/) which might make sense for you, or at least could help you start thinking about the best ways to isolate your apps and data from each other. You could also certainly use any combination of these approaches. At least within the confines of the maximum number of users available on your device, the sky's the limit!
-
-### Isolating Google Dependencies
-
-To preserve your privacy, the most commonly recommended "minimum" setup for multiple users on Android *with GrapheneOS* is a two-user setup, where only one secondary user has Google Play Services installed.
-
-In this setup, the system user only contains apps that don't require Google Play Services, like open source apps installed with [Obtainium](https://www.privacyguides.org/en/android/obtaining-apps/#obtainium) or [F-Droid](https://www.privacyguides.org/en/android/obtaining-apps/#f-droid). The secondary user would contain apps from [Aurora Store](https://www.privacyguides.org/en/android/obtaining-apps/#aurora-store) or the Google Play Store that rely on Google Play Services, such as some banking apps, social media apps, etc.
-
-This configuration is really only viable with GrapheneOS and sandboxed Google Play (or [another](grapheneos-or-calyxos.md) custom ROM with non-system microG) because that setup doesn't require Google Play Services be integrated with the system. On your typical stock Android device, Google Play Services will be installed with system-level permissions, meaning that it will be present in all user profiles on your phone.
-
-### Minimal Owner Profile
-
-Another frequently utilized configuration is keeping the system user as bare-bones as possible and *only* using (a) secondary user(s) to increase the security of your device.
-
-This is because the system user has a number of special privileges that other users do not, such as the ability to enable ADB or other developer tools, for example. By avoiding regular usage of the system user, these settings become harder to unintentionally access.
-
-An additional advantage of this approach is that it makes cleaning up and erasing portions of your device easier. Secondary users can be erased very easily if the need to do so for any reason arises. Doing so won't affect other users on the device. On the other hand, the system user can only really be erased with a full factory reset, which would also wipe out all users on the device at once.
-
-### Per-Persona
-
-Some people choose to group their apps on a "per-persona" basis, for example, having a user for school, one for work, one for games, one for social media, etc. If you find your time spent on your phone can be easily categorized into different groups of apps, this approach might make the most sense to you.
-
-Not only does this limit the data that each group of apps can access (you can completely avoid accidentally sharing *personal* photos in your work chat, for example), but this approach can be also a huge boon to focus and productivity. Switching users on Android *does* add some friction, so keeping distractions in a separate user that can be disabled when you're not intentionally using them is an approach some find very helpful.
-
-## Alternatives
-
-### No Secondary Users At All
-
-While secondary users can offer substantial privacy and security benefits, they are not necessary for everyone.
-
-From a security perspective, all apps on Android are strongly sandboxed from each other. While this sandbox does not provide the complete isolation of data and interactions between apps, it does prevent apps from exploiting your device or other apps, and interactions that *do* occur between apps are typically gated behind permission prompts and other access controls. This means that for many [threat models](https://www.privacyguides.org/en/basics/threat-modeling/), enhancing app isolation beyond the default may be a bit overkill!
-
-It's perfectly reasonable to decide that the standard sandboxing is all you require, *especially* if you have minimal apps installed in the first place, if you're only using [trustworthy](https://www.privacyguides.org/en/tools/) and open-source apps, or if you simply find managing multiple users too cumbersome for everyday use.
-
-### Users vs. Profiles
-
-Another alternative to multiple users on Android are **profiles**, which are separate workspaces contained within a single user.
-
-The most well known implementation of profiles on Android is the **Work Profile** functionality. In normal usage, a Work Profile might be set up on your phone by your employer in order for them to install work-related apps without giving them full access to your device and personal apps. However, if you don't already have a work profile installed, you can also create a personally-managed one yourself by using an app like [Shelter](https://www.privacyguides.org/en/android/general-apps/#shelter) or Insular.
-
-A big advantage of Work Profiles is that apps installed in the profile are accessible from your regular launcher without having to log out and switch user sessions. It is also very easy to multitask between apps installed in a work profile and personal apps.
-
-Work profiles are much more isolated from your personal apps compared to the typical app sandbox, but they *do* share some underlying resources with the rest of your user profile, making them a bit of a middle-ground between standard app sandboxing and full multi-user isolation.
-
-#### Private Space
-
-In Android 15, a new feature called **Private Space** was introduced, which is very similar to work profiles in function, but does not require a separate management app like Shelter to use. Because this is a built-in feature, we always recommend using private profiles before or instead of using Work Profile functionality whenever possible.
-
-Again, Private Space is a middle-ground between the standard sandboxing and multiple users. One example of a shared resource between the system user and the private profile within is the clipboard. This is a very significant vector to leak information between your standard apps and apps installed in the private space if you do not manage it properly.
-
-Private Space is currently only available for the system user, not by secondary users. You also have the option to enable both a private space *and* a work profile, meaning you could have up to three semi-isolated workspaces contained within a single user.
-
-## Sources
-
-- <https://source.android.com/docs/devices/admin/multi-user>{rel=nofollow}
-- <https://seprand.github.io/articles/best-user-profile-setup>{rel=nofollow}
-- <https://arxiv.org/html/1904.05572v3/#S4.SS3>{rel=nofollow}

blog/posts/tor-security-slider-flaw.md

@@ -0,0 +1,82 @@
+---
+date:
+    created: 2025-05-02T11:20:00Z
+    updated: 2025-05-03T15:00:00Z
+categories:
+    - News
+authors:
+    - jonah
+tags:
+    - PSA
+    - Tor
+description: |
+  PSA: The security level slider in Tor Browser (and Mullvad Browser) does not fully apply until restarting the browser. This presents a high risk to people who switch from Standard to Safer security during a browsing session in order to protect themselves from browser exploits.
+schema_type: ReportageNewsArticle
+preview:
+  cover: blog/assets/images/tor-security-slider-flaw/cover.png
+---
+# A Flaw With the Security Level Slider in Tor Browser
+
+![Illustration showing Tor's security level options with question marks next to the selected Safer level](../assets/images/tor-security-slider-flaw/cover.png)
+
+<small aria-hidden="true">Illustration: Jonah Aragon / Privacy Guides</small>
+
+[Tor Browser](https://www.privacyguides.org/en/tor/#tor-browser) and [Mullvad Browser](https://www.privacyguides.org/en/desktop-browsers/#mullvad-browser) users should be aware of a flaw with the Security Level slider: Not all protections advertised by the browser are properly engaged until the browser is fully restarted.<!-- more -->
+
+This flaw was anonymously reported to *Privacy Guides* by a member of our [community](https://discuss.privacyguides.net/), and I confirmed it via the latest Tor Browser 14.5.1 on macOS. Additionally, I confirmed this behavior in Mullvad Browser 14.5.1 on macOS.
+
+~~I was unable to find any documentation or open GitLab issues with Tor regarding the need to take additional steps before security settings are fully applied, and~~ Tor Browser documentation does not note that a restart is required, nor does it prompt users to restart the browser after security changes are made. (update: see below)
+
+This presents a high risk to people who switch from Standard to Safer security during a browsing session with the goal to protect themselves from browser exploits.
+
+## Demonstration
+
+The effect can be easily demonstrated in your own Tor Browser install by running a JavaScript benchmark such as [JetStream 2.2](https://browserbench.org/JetStream/). These benchmarks rely on a technology called Just-in-Time (JIT) compilation to improve performance, but JIT is linked to numerous security vulnerabilities in modern web browsers. The "Safer" security level normally disables JIT entirely to prevent these issues, however, you can see virtually no performance impact when switching to the Safer security level in Tor Browser and running the benchmark again:
+
+<figure markdown="span">
+  ![JetStream2 benchmark results with a score of 196 and the shield indicator in the browser's toolbar indicating that Standard security level is set](../assets/images/tor-security-slider-flaw/standard-level-jetstream2.png)
+  <figcaption>JetStream 2.2 benchmark results in <strong>Standard</strong> mode</figcaption>
+</figure>
+
+<figure markdown="span">
+  ![JetStream2 benchmark results with a score of 191 and the shield indicator in the browser's toolbar indicating that Safer security level is set](../assets/images/tor-security-slider-flaw/safer-level-before-restart-jetstream2.png)
+  <figcaption>JetStream 2.2 benchmark results in <strong>Safer</strong> mode, <em>without</em> restarting Tor Browser</figcaption>
+</figure>
+
+While the performance is virtually identical between these two runs, *after* restarting Tor Browser and re-running the test, we see drastically lower performance results, in line with what we would expect with JIT properly disabled:
+
+<figure markdown="span">
+  ![JetStream2 benchmark results with a score of 33 and the shield indicator in the browser's toolbar indicating that Safer security level is set](../assets/images/tor-security-slider-flaw/safer-level-after-restart-jetstream2.png)
+  <figcaption>JetStream 2.2 benchmark results in <strong>Safer</strong> mode, <em>after</em> restarting Tor Browser</figcaption>
+</figure>
+
+As you can see, there is no visible indicator that anything is different between the last two runs, and there was no prompt to restart the browser after changing these settings. However, this clearly indicates that JavaScript technologies that are meant to be disabled in Safer mode can still be accessed by websites until the browser is restarted, potentially opening you up to browser exploits if you are unaware of the additional steps required to secure yourself.
+
+## Safest Mode
+
+We have not tested or verified the full extent of security features which require a browser restart. We tested whether JIT remained enabled after switching to Safer mode because it was the easiest feature to test. Safest mode disables JavaScript entirely, so the demonstration above will not demonstrate this problem exists when switching to Safest mode.
+
+However, it is possible that there are *other* features normally disabled by Safest mode which remain enabled until you restart your browser. Out of an abundance of caution, we recommend always restarting your browser after changing this setting, regardless of whether you are switching to Safer or Safest mode.
+
+## Conclusion
+
+The Tor Project advertises the security slider as a way to conveniently adjust the protections that the Tor Browser provides, but does not note additional steps necessary to ensure those settings actually go into effect.
+
+This is our public service announcement to make sure you **always completely restart Tor Browser after adjusting your security settings.** Relying on these indicators can create a false sense of security and potentially expose users relying on this security level slider to greater risk than they expect based on Tor Browser's UI and documentation.
+
+Hopefully, Tor Browser will prompt or force their users to restart the browser after adjusting these settings in a future update.
+
+---
+
+**Update (5/3):** A few hours following the publication of this article, the Tor Project emailed us the following statement:
+
+> The Tor Project is aware of this issue, and it is being tracked and actively
+> addressed. Those interested can follow the discussion and progress here:
+> <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42572>. In
+> addition to a restart prompt, we’re also exploring broader improvements to the
+> security level system, including aligning it more closely with Tor Browser's
+> updated threat model\[1] and possibly delegating even more of its back-end
+> to NoScript for additional flexibility. These improvements may be part of the
+> upcoming 15.0 release cycle.
+>
+> \[1]: <https://gitlab.torproject.org/tpo/applications/wiki/-/wikis/>

docs/about/donate.md

@@ -21,7 +21,7 @@ MAGIC Grants is our fiscal host, and their custom, open-source donation platform
     Thank you to these organizations who significantly support Privacy Guides. (1)
     { .annotate }
 
-    1. Please contact <info@magicgrants.org> to inquire about giving. Privacy Guides reserves the right to rescind the membership of those who are unaligned with our mission or organization at any time. Organizational members have no ability to influence what content is recommended on the Privacy Guides website. Learn more about our [donation acceptance policy](donation-acceptance-policy.md).
+    1. Please contact <info@magicgrants.org> to inquire about giving. Privacy Guides reserves the right to rescind the membership of those who are unaligned with our mission or organization at any time. Organizational members have no ability to influence what content is recommended on the Privacy Guides website. Learn more about our [donation acceptance policy](https://discuss.privacyguides.net/t/ep2-donation-acceptance-policy/27360/1).
 
     <div class="mdx-specialthanks" markdown>
 
@@ -82,7 +82,7 @@ You can become an organizational member by reaching out to <info@magicgrants.org
 
 Organizational members that choose to be recognized publicly are included in our organizational members section (above), and occasionally at other opportunities where appropriate. Organizational member links include the `rel="nofollow"` attribute: We adopted this policy to screen out potential abuse of our program and site to raise the rank of third parties in search algorithms. Unfortunately, this is a growing problem for nonprofits. This was a complex decision since we know many of the sincere supporters behind these companies, but we decided that it was the best choice for us.
 
-Organizational members have no ability to influence what content is recommended on the Privacy Guides website. Learn more about our [donation acceptance policy](donation-acceptance-policy.md).
+Organizational members have no ability to influence what content is recommended on the Privacy Guides website. Learn more about our [donation acceptance policy](https://discuss.privacyguides.net/t/ep2-donation-acceptance-policy/27360/1).
 
 ### What is an active membership?
 
@@ -110,7 +110,7 @@ We use donations for a variety of purposes, including:
 
 **Online Services**
 
-:   We host [internet services](services.md) for testing and showcasing different privacy-products we like and [recommend](../tools.md). Some of them are made publicly available for our community's use (SearXNG, Tor, etc.), and some are provided for our team members (email, etc.).
+:   We host internet services for testing and showcasing different privacy-products we like and [recommend](../tools.md). Some of them are made publicly available for our community's use (SearXNG, Tor, etc.), and some are provided for our team members (email, etc.).
 
 **Product Purchases**
 

docs/about/donation-acceptance-policy.md

@@ -1,58 +0,0 @@
----
-title: Donation Acceptance Policy
-description: Privacy Guides aspires to obtain funding from a wide variety of sources to reduce our dependency on any single donor. Please consider donating!
----
-
-Privacy Guides takes the ethical responsibility of making unbiased recommendations on its website very seriously.
-
-Privacy Guides aspires to obtain funding from a wide variety of sources to reduce our dependency on any single donor. Please consider [donating](donate.md)!
-
-## What we **can** accept
-
-In the course of our regular fundraising activities...
-
-- Donations and other forms of support will generally be accepted from individuals, corporations, foundations, or other entities, without limitations.
-    - This includes cash, cash equivalents (checks, money orders, credit/debit card payments), and cryptocurrency.
-- Gifts of Real Property, Personal Property, or Securities may only be accepted upon approval of the MAGIC Grants board of directors.
-
-Privacy Guides will only accept such gifts that are legal and consistent with our policies. Gifts must not interfere with Privacy Guides' mission, purpose, and procedures.
-
-## Things we do **not** do
-
-- Accept sponsorships.
-- Offer to recommend a product or service in exchange for a donation or other incentive.
-- Threaten to remove a recommendation for a product or service unless we receive a donation or other incentive.
-- Offer to expedite a review of a product or service in exchange for a donation or other incentive.
-- Write sponsored content or feature sponsored components in our content.
-
-## Things we **may** do
-
-- Accept donations from privacy-related companies and non-profits.
-- Apply for grant programs.
-- Accept free versions of software or hardware to test and review, while being mindful of possible differences in versions that could differ from a regular customer experience. ([More details](executive-policy.md#ep1-freely-provided-product-samples))
-- Accept discounted versions of software or hardware that assist our operations (for example, discounted software costs made available to non-profits).
-
-## Restrictions on gifts
-
-Privacy Guides accepts unrestricted gifts, and we appreciate the flexibility to apply your gift to our programs where they are most needed.
-
-We also accept and appreciate gifts for specified programs or purposes, provided that such gifts are consistent with our program's stated mission, purpose, and priority. Privacy Guides will not accept gifts which are too restrictive in purpose.
-
-Examples of gifts which are too restrictive include:
-
-- Those which fund the research and review of a specific product category or specific product.
-- Those which violate our existing policies.
-- Those which are too difficult for us to administer.
-- Those that are for purposes outside our general mission.
-
-An example of an acceptable restriction could be a gift towards funding our [video](https://www.privacyguides.org/videos/) production, or hosting our website and forum.
-
-Final decisions on the restrictive nature of a gift and its acceptance or refusal will be made by our executive committee.
-
-## Additional terms
-
-Privacy Guides generally does not pay "finder's fees" or commissions to third parties in connection with any gift to Privacy Guides. We may, however, pay commissions and fees to properly negotiate and receive assets when appropriate.
-
-No officer, committee member, employee, or other agent of Privacy Guides will be compensated in a manner which is dependent on the size or nature of gifts made to Privacy Guides by any person. If we engage with legal, accounting, or other professionals, their fees and expenses will be determined by the time they spend engaged with our work, and not by reference to any particular gift in connection to their retainer.
-
-Privacy Guides always follows the MAGIC Grants Gift Acceptance Policy, available on their website: <https://magicgrants.org/about/documentation/>

docs/about/executive-policy.md

@@ -1,26 +0,0 @@
----
-title: Executive Policy
-description: These are policies formally adopted by our executive committee, and take precedence over all other statements expressed on this website.
----
-
-These are policies formally adopted by Privacy Guides' executive committee, and take precedence over all other statements expressed on this website.
-
-The keywords **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
-
-## EP1: Freely-Provided Product Samples
-
-*Our policy on accepting product samples for review was adopted September 7, 2024.*
-
-=== "Current Version (1)"
-
-    - Privacy Guides **shall not** proactively reach out to vendors asking for product samples or review accounts.
-    - Privacy Guides **shall not** accept test/review accounts for subscription cloud services.
-    - Privacy Guides **may** accept freely-provided product samples for one-time purchase software applications which run locally, given they don't require a subscription for continued operation.
-    - Privacy Guides **may** accept freely-provided samples of hardware products.
-        - Privacy Guides **may** accept a freely-provided subscription service associated with a hardware product, if such a subscription/license is necessary to use the product.
-    - Privacy Guides **must not** enter into an agreement pertaining to our editorial opinion with the vendor in order to receive a sample or publish a review. All freely-provided items must be strictly "no strings attached."
-        - We **may** agree to return the product to the vendor following the review if requested.
-        - We **may** agree to a reasonable NDA, provided it has a clear embargo date that is lifted no more than 6 months in the future where the NDA completely no longer applies.
-        - We **should not** enter into any other agreement with the vendor not described here. Potential agreements not described here **must** be approved by the executive committee beforehand.
-
-    In all cases, whether we paid for the product independently or received a free sample from a vendor, how we obtained the product **must** be clearly documented in the background section of every article associated with the product.

docs/about/services.md

@@ -1,33 +0,0 @@
----
-description: We run a number of web services to test out features and promote cool decentralized, federated, and/or open-source projects.
----
-
-# Privacy Guides Services
-
-We run a number of web services to test out features and promote cool decentralized, federated, and/or open-source projects. Many of these services are available to the public and are detailed below.
-
-[:material-comment-alert: Report an issue](https://discuss.privacyguides.net/c/services/2){ class="md-button md-button--primary" }
-
-## Discourse
-
-- Domain: [discuss.privacyguides.net](https://discuss.privacyguides.net)
-- Availability: Public
-- Source: [github.com/discourse/discourse](https://github.com/discourse/discourse)
-
-## Gitea
-
-- Domain: [code.privacyguides.dev](https://code.privacyguides.dev)
-- Availability: Invite-Only. Access may be granted upon request to any team working on *Privacy Guides*-related development or content.
-- Source: [snapcraft.io/gitea](https://snapcraft.io/gitea)
-
-## Matrix
-
-- Domain: [matrix.privacyguides.org](https://matrix.privacyguides.org)
-- Availability: Invite-Only. Access may be granted upon request to Privacy Guides team members, Matrix moderators, third-party Matrix community administrators, Matrix bot operators, and other individuals in need of a reliable Matrix presence.
-- Source: [github.com/spantaleev/matrix-docker-ansible-deploy](https://github.com/spantaleev/matrix-docker-ansible-deploy)
-
-## SearXNG
-
-- Domain: [search.privacyguides.net](https://search.privacyguides.net)
-- Availability: Public
-- Source: [github.com/searxng/searxng-docker](https://github.com/searxng/searxng-docker)

docs/desktop-browsers.md

@@ -88,7 +88,11 @@ If you need to browse the internet anonymously, you should use [Tor](tor.md) ins
 
 </div>
 
-Like [Tor Browser](tor.md), Mullvad Browser is designed to prevent fingerprinting by making your browser fingerprint identical to all other Mullvad Browser users, and it includes default settings and extensions that are automatically configured by the default security levels: *Standard*, *Safer* and *Safest*. Therefore, it is imperative that you do not modify the browser at all outside adjusting the default [security levels](https://tb-manual.torproject.org/security-settings). Other modifications would make your fingerprint unique, defeating the purpose of using this browser. If you want to configure your browser more heavily and fingerprinting is not a concern for you, we recommend [Firefox](#firefox) instead.
+Like [Tor Browser](tor.md), Mullvad Browser is designed to prevent fingerprinting by making your browser fingerprint identical to all other Mullvad Browser users, and it includes default settings and extensions that are automatically configured by the default security levels: *Standard*, *Safer* and *Safest*.
+
+Therefore, it is imperative that you do not modify the browser at all outside adjusting the default [security levels](https://tb-manual.torproject.org/security-settings). When adjusting the security level, you **must** always restart the browser before continuing to use it. Otherwise, [the security settings may not be fully applied](https://www.privacyguides.org/articles/2025/05/02/tor-security-slider-flaw/), putting you at a higher risk of fingerprinting and exploits than you may expect based on the setting chosen.
+
+Modifications other than adjusting this setting would make your fingerprint unique, defeating the purpose of using this browser. If you want to configure your browser more heavily and fingerprinting is not a concern for you, we recommend [Firefox](#firefox) instead.
 
 ### Anti-Fingerprinting
 

docs/meta/admonitions.md

@@ -1,294 +0,0 @@
----
-title: Admonitions
-description: A guide for website contributors on creating admonitions.
----
-
-**Admonitions** (or "call-outs") are a choice writers can use to include side content in an article without interrupting the document flow.
-
-<div class="admonition example" markdown>
-<p class="admonition-title">Example Admonition</p>
-
-This is an example of an admonition. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nulla et euismod nulla. Curabitur feugiat, tortor non consequat finibus, justo purus auctor massa, nec semper lorem quam in massa.
-
-</div>
-
-<details class="example" markdown>
-<summary>Example Collapsible Admonition</summary>
-
-This is an example of a collapsible admonition. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nulla et euismod nulla. Curabitur feugiat, tortor non consequat finibus, justo purus auctor massa, nec semper lorem quam in massa.
-
-</details>
-
-## Formatting
-
-To add an admonition to a page, you can use the following code:
-
-```markdown title="Admonition"
-<div class="admonition TYPE" markdown>
-<p class="admonition-title">TITLE</p>
-
-ENCLOSED TEXT
-
-</div>
-```
-
-```markdown title="Collapsible Admonition"
-<details class="TYPE" markdown>
-<summary>TITLE</summary>
-
-ENCLOSED TEXT
-
-</details>
-```
-
-The `TITLE` must be specified, if you don't want a specific title you can set it to the same text as the `TYPE` (see below) in title case, e.g. `Note`. The `ENCLOSED TEXT` should be Markdown formatted.
-
-### Regular types
-
-Replace `TYPE` in the examples above with one of the following:
-
-#### `note`
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit.
-
-</div>
-
-#### `abstract`
-
-<div class="admonition abstract" markdown>
-<p class="admonition-title">Abstract</p>
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit.
-
-</div>
-
-#### `info`
-
-<div class="admonition info" markdown>
-<p class="admonition-title">Info</p>
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit.
-
-</div>
-
-#### `tip`
-
-<div class="admonition tip" markdown>
-<p class="admonition-title">Tip</p>
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit.
-
-</div>
-
-#### `success`
-
-<div class="admonition success" markdown>
-<p class="admonition-title">Success</p>
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit.
-
-</div>
-
-#### `question`
-
-<div class="admonition question" markdown>
-<p class="admonition-title">Question</p>
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit.
-
-</div>
-
-#### `warning`
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warning</p>
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit.
-
-</div>
-
-#### `failure`
-
-<div class="admonition failure" markdown>
-<p class="admonition-title">Failure</p>
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit.
-
-</div>
-
-#### `danger`
-
-<div class="admonition danger" markdown>
-<p class="admonition-title">Danger</p>
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit.
-
-</div>
-
-#### `bug`
-
-<div class="admonition bug" markdown>
-<p class="admonition-title">Bug</p>
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit.
-
-</div>
-
-#### `example`
-
-<div class="admonition example" markdown>
-<p class="admonition-title">Example</p>
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit.
-
-</div>
-
-#### `quote`
-
-<div class="admonition quote" markdown>
-<p class="admonition-title">Quote</p>
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit.
-
-</div>
-
-### Special Types
-
-#### `recommendation`
-
-This format is used to generate recommendation cards. Notably it is missing the `<p class="admonition-title">` element.
-
-``` markdown title="Recommendation Card"
-<div class="admonition recommendation" markdown>
-
-![PhotoPrism logo](assets/img/photo-management/photoprism.svg){ align=right }
-
-**PhotoPrism** is a self-hostable platform for managing photos. It supports album syncing and sharing as well as a variety of other [features](https://photoprism.app/features). It does not include E2EE, so it's best hosted on a server that you trust and is under your control.
-
-[:octicons-home-16: Homepage](https://photoprism.app){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://photoprism.app/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://photoprism.app/kb){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/photoprism){ .card-link title="Source Code" }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-github: GitHub](https://github.com/photoprism)
-
-</details>
-
-</div>
-```
-
-<div class="result" markdown>
-
-<div class="admonition recommendation" markdown>
-
-![PhotoPrism logo](../assets/img/photo-management/photoprism.svg){ align=right }
-
-**PhotoPrism** is a self-hostable platform for managing photos. It supports album syncing and sharing as well as a variety of other [features](https://photoprism.app/features). It does not include E2EE, so it's best hosted on a server that you trust and is under your control.
-
-[:octicons-home-16: Homepage](https://photoprism.app){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://photoprism.app/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://photoprism.app/kb){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/photoprism){ .card-link title="Source Code" }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-github: GitHub](https://github.com/photoprism)
-
-</details>
-
-</div>
-
-</div>
-
-#### `downloads`
-
-This is a special type of collapsible admonition, used to generate the download links section. It is only used within recommendation cards, as shown in the example above.
-
-```markdown title="Downloads Section"
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonmail.android)
-- [:simple-appstore: App Store](https://apps.apple.com/app/id979659905)
-- [:simple-github: GitHub](https://github.com/ProtonMail/proton-mail-android/releases)
-- [:fontawesome-brands-windows: Windows](https://proton.me/mail/bridge#download)
-- [:simple-apple: macOS](https://proton.me/mail/bridge#download)
-- [:simple-linux: Linux](https://proton.me/mail/bridge#download)
-- [:octicons-browser-16: Web](https://mail.proton.me)
-
-</details>
-```
-
-<div class="result" markdown>
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonmail.android)
-- [:simple-appstore: App Store](https://apps.apple.com/app/id979659905)
-- [:simple-github: GitHub](https://github.com/ProtonMail/proton-mail-android/releases)
-- [:fontawesome-brands-windows: Windows](https://proton.me/mail/bridge#download)
-- [:simple-apple: macOS](https://proton.me/mail/bridge#download)
-- [:simple-linux: Linux](https://proton.me/mail/bridge#download)
-- [:octicons-browser-16: Web](https://mail.proton.me)
-
-</details>
-
-</div>
-
-## Old Format
-
-Throughout the site, you may see some admonitions formatted similarly to these examples:
-
-``` markdown title="Admonition"
-!!! note
-
-    Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nulla et euismod
-    nulla. Curabitur feugiat, tortor non consequat finibus, justo purus auctor
-    massa, nec semper lorem quam in massa.
-```
-
-<div class="result" markdown>
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nulla et euismod
-nulla. Curabitur feugiat, tortor non consequat finibus, justo purus auctor
-massa, nec semper lorem quam in massa.
-
-</div>
-
-</div>
-
-``` markdown title="Collapsible Admonition"
-??? example "Custom Title"
-
-    Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nulla et euismod
-    nulla. Curabitur feugiat, tortor non consequat finibus, justo purus auctor
-    massa, nec semper lorem quam in massa.
-```
-
-<div class="result" markdown>
-
-<details class="example" markdown>
-<summary>Custom Title</summary>
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nulla et euismod
-nulla. Curabitur feugiat, tortor non consequat finibus, justo purus auctor
-massa, nec semper lorem quam in massa.
-
-</details>
-
-</div>
-
-**This format is no longer used going forward,** because it is incompatible with newer versions of our translation software at Crowdin. When adding a new page to the site, only the newer HTML-based format should be used.
-
-There is no rush to convert admonitions with the old format to the new format. Pages currently using this formatting should continue to work, but we will be updating them to use the newer HTML-based format above over time as we continue to update the site.

docs/meta/brand.md

@@ -1,23 +0,0 @@
----
-title: Branding Guidelines
-description: A guide for journalists and website contributors on proper branding of the Privacy Guides wordmark and logo.
----
-
-The name of the website is **Privacy Guides** and should **not** be changed to:
-
-<div class="pg-red" markdown>
-- PrivacyGuides
-- Privacy guides
-- PG
-- PG.org
-</div>
-
-The name of the Subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**.
-
-Additional branding guidelines can be found at [github.com/privacyguides/brand](https://github.com/privacyguides/brand)
-
-## Trademark
-
-"Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project.
-
-Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at `jonah@privacyguides.org`. Consult your legal counsel if you have questions.

docs/meta/commit-messages.md

@@ -1,78 +0,0 @@
----
-title: Commit Messages
-description: A guide for website contributors on using useful Git commit messages when making website change requests.
----
-
-For our commit messages we follow the style provided by [Conventional Commits](https://conventionalcommits.org). Not all of those suggestions are appropriate for Privacy Guides, so the main ones we use are:
-
-## Update to existing text
-
-This example could be used for an item already on the site, but includes a minor update to the description.
-
-```text
-update: Add mention of security audit (#0000)
-```
-
-## Addition or removal of recommendations/pages
-
-This example is for the addition or removal of an item. You may elaborate why it was removed in the commit paragraph below. Note the extra `!` to draw attention to a major change.
-
-```text
-update!: Remove foobar (#0000)
-
-Foobar was removed due to it having numerious security issues and being unmaintained.
-```
-
-You can actually add a `!` to *any* of the types on this page to denote particularly large changes, but this is generally where it will be most appropriate.
-
-## Feature/enhancement
-
-For new features or enhancements to the site, e.g. things that have the `enhancements` label on GitHub, it may be appropriate to signify these with:
-
-```text
-feat: Add blah blah (#0000)
-
-This change adds the forum topics to the main page
-```
-
-## Minor changes
-
-Small changes that **don't affect the meaning** of the article, e.g. correcting a typo, fixing grammar, changing formatting/whitespace, CSS updates, etc.
-
-```text
-style: Typo correction in VPN overview
-```
-
-## Development-related types
-
-These commit types are typically used for changes that won't be visible to the general audience.
-
-We use `fix:` for changes that fix site related bugs. These things will usually have the `bug` label on GitHub.
-
-```text
-fix: Remove broken Invidious embeds (#0000)
-```
-
-We use `docs:` to denote changes to the developer documentation for this website, including (but not limited to) for example the README file, or most pages in `/docs/about` or `/docs/meta`:
-
-```text
-docs: Update Git commit message guidelines (#0000)
-```
-
-We use `build:` for commits related to our build process, mainly dependency updates.
-
-```text
-build: Bump modules/mkdocs-material from 463e535 to 621a5b8
-```
-
-We use `ci:` for commits related to GitHub Actions, DevContainers, or other automated build platforms.
-
-```text
-ci: Update Netlify config (#0000)
-```
-
-We use `refactor:` for changes which neither fix a bug nor add a feature, e.g. rearranging files, navigation order, etc.
-
-```text
-refactor: Move docs/assets to theme/assets
-```

docs/meta/git-recommendations.md

@@ -1,44 +0,0 @@
----
-title: Git Recommendations
-description: A guide for website contributors on using Git effectively.
----
-If you make changes to this website on GitHub.com's web editor directly, you shouldn't have to worry about this. If you are developing locally and/or are a long-term website editor (who should probably be developing locally!), consider these recommendations.
-
-## Enable SSH Key Commit Signing
-
-You can use an existing SSH key for signing, or [create a new one](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent).
-
-1. Configure your Git client to sign commits and tags by default (remove `--global` to only sign by default for this repo):
-
-    ```bash
-    git config --global commit.gpgsign true
-    git config --global gpg.format ssh
-    git config --global tag.gpgSign true
-    ```
-
-2. Set your SSH key for signing in Git with the following command, substituting `/PATH/TO/.SSH/KEY.PUB` with the path to the public key you'd like to use, e.g. `/home/user/.ssh/id_ed25519.pub`:
-
-    ```bash
-    git config --global user.signingkey /PATH/TO/.SSH/KEY.PUB
-    ```
-
-Ensure you [add your SSH key to your GitHub account](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account#adding-a-new-ssh-key-to-your-account) **as a Signing Key** (as opposed to or in addition to as an Authentication Key).
-
-## Rebase on Git pull
-
-Use `git pull --rebase` instead of `git pull` when pulling in changes from GitHub to your local machine. This way your local changes will always be "on top of" the latest changes on GitHub, and you avoid merge commits (which are disallowed in this repo).
-
-You can set this to be the default behavior:
-
-```bash
-git config --global pull.rebase true
-```
-
-## Rebase from `main` before submitting a PR
-
-If you are working on your own branch, run these commands before submitting a PR:
-
-```bash
-git fetch origin
-git rebase origin/main
-```

docs/meta/pr-comments.md

@@ -1,43 +0,0 @@
----
-title: Commenting on PRs
-description: A guide on participating in Pull Request discussions.
----
-Please refrain from using the general **Add a comment** box in GitHub PRs when leaving a comment or performing a review.
-
-![Do not use the general "Add a comment" box in GitHub](../assets/img/meta/pr-avoid-general-comments.png)
-
-Comments that are left like this are not *threaded*, which makes it difficult to keep track of multiple conversations.
-
-Comments that are instead left in the manner described below will have a built-in reply box to keep conversations in a single thread. These comments can also be marked as resolved afterwards, so that discussion can be tracked more easily.
-
-![A screenshot of a comment in GitHub which has a built-in "reply" box, highlighted in orange.](../assets/img/meta/pr-threaded-comment.png)
-
-## Commenting
-
-To start a threaded comment, you should leave all comments under the :octicons-file-diff-16: **Files changed** tab in a PR.
-
-![Screenshot of the tabs for a pull request. The "Files changed" tab is outlined in dark orange.](https://docs.github.com/assets/cb-23571/mw-1440/images/help/pull_requests/pull-request-tabs-changed-files.webp)
-
-To leave a *general* comment on a PR, click the :octicons-comment-16: comment icon to the right of a file:
-
-![Screenshot of an image file on the "Files changed" page of a pull request. To the right of the file, a comment icon is outlined in orange.](https://docs.github.com/assets/cb-73771/mw-1440/images/help/pull_requests/pull-request-comment-on-file.webp)
-
-If the PR has multiple files changed, comment on the primary or most relevant file changed, or comment on the first file if you can't decide.
-
-To leave a comment *on a specific line* of a PR, hover over the line where you'd like to add a comment, and click the blue comment icon:
-
-![Screenshot of a diff in a pull request. Next to a line number, a blue plus icon is highlighted with an orange outline.](https://docs.github.com/assets/cb-44227/mw-1440/images/help/commits/hover-comment-icon.webp)
-
-(Optionally, you can add a comment on multiple lines. You can click the line number of the first line you want to comment on and drag down to select a range of lines, then click the blue comment icon on the last line you want to comment on. Alternatively, you can click the blue comment icon next to the first line you want to comment on, then drag down to the last line you want to comment on.)
-
-Then, type your comment and click **Add single comment**.
-
-## Reviewing
-
-When performing a review, follow the same steps as above, but click **Start a review** (and subsequently, **Add a review comment**) instead of **Add single comment**.
-
-Then, click the green **Finish your review** button at the top of the page.
-
-Do not leave any discussion comments in the *Leave a comment* box in the review finalization pop-up. You can leave it blank, or leave a short note if it will not require any follow-up. To comment on something that will require further discussion, add a comment on a file as described above instead.
-
-Then, click **Submit review**.

docs/meta/translations.md

@@ -1,34 +0,0 @@
----
-title: Translations
-description: A guide for website contributors on adding translations to our website.
----
-
-Crowdin has good documentation, and we suggest looking at their [Getting Started](https://support.crowdin.com/crowdin-intro) guide. Our site is largely written in [Markdown](https://en.wikipedia.org/wiki/Markdown), so it should be easy to contribute. This page contains some helpful pointers for translating some specific syntax you may encounter on our site.
-
-Please join our localization room on Matrix ([#pg-i18n:aragon.sh](https://matrix.to/#/%23pg-i18n:aragon.sh)) if you have any additional questions, and read our [announcement blog post](https://blog.privacyguides.org/2023/02/26/i18n-announcement) for additional information about the project.
-
-Note that the English version of the site is the primary version, meaning changes occur there first. If you notice a language falling behind the English version, please help out. We cannot guarantee the accuracy of all our translations. If you have a suggestion about content specific to your region, please open an issue or pull request to our [main repository](https://github.com/privacyguides/privacyguides.org).
-
-## Translation output
-
-Translation software gets the translation quite accurate; however, you need to make sure the translated string is correct.
-
-For example:
-
-```text
-![Software logo](assets/img/path/to/image.svg){ align=right }
-```
-
-We have sometimes found that the syntax for inserting an image like above was missing the `![` or an extra space was placed between the text and the path, e.g. `](`. If a translation string is clearly not correct, we encourage you to **delete** it by pressing the trash icon [or vote](https://support.crowdin.com/enterprise/getting-started-for-volunteers/#voting-view) on which one you think sounds best. When invalid strings are deleted, they are removed from the organization's [translation memory](https://support.crowdin.com/enterprise/translation-memory), meaning that when the source string is seen again, it won't suggest the incorrect translation.
-
-## Punctuation
-
-For examples like the above admonitions, quotation marks, e.g.: `" "` must be used to specify string text. MkDocs will not correctly interpret other symbols i.e., `「 」` or `« »`. Other punctuation marks are fine for marking regular quotations within the text otherwise.
-
-## Fullwidth alternatives and Markdown syntax
-
-CJK writing systems tend to use alternative "fullwidth" variants of common symbols. These are different characters and cannot be used for Markdown syntax.
-
-- Links must use regular parenthesis i.e. `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `（` (Fullwidth Left Parenthesis U+FF08) or `）` (Fullwidth Right Parenthesis U+FF09)
-- Indented quoted text must use `:` (Colon U+003A) and not `：` (Fullwidth Colon U+FF1A)
-- Pictures must use `!` (Exclamation Mark U+0021) and not `！` (Fullwidth Exclamation Mark U+FF01)

docs/meta/uploading-images.md

@@ -1,95 +0,0 @@
----
-title: Uploading Images
-description: A guide for website contributors on uploading images in the proper format and location.
----
-
-If you make changes to this website that involve adding new images or replacing existing ones, here are a couple of general recommendations:
-
-## Images
-
-- We **prefer** SVG images, but if those do not exist we can use PNG images. Additionally, for cover images, we prefer that they are obtained from [Unsplash](https://unsplash.com) and are in the WebP format.
-
-Company logos should be square if possible, and at least 200x200px if they are PNGs (non-vector images).
-
-## Optimization
-
-### PNG
-
-Use the [OptiPNG](https://sourceforge.net/projects/optipng) tool to optimize PNG images:
-
-```bash
-optipng -o7 file.png
-```
-
-### SVG
-
-#### Inkscape
-
-[Scour](https://github.com/scour-project/scour) all SVG images.
-
-In Inkscape:
-
-1. File > Save As...
-2. Set type to: Optimized SVG (*.svg)
-
-In the **Options** tab:
-
-- **Number of significant digits for coordinates** > **5**
-- [x] Turn on **Shorten color values**
-- [x] Turn on **Convert CSS attributes to XML attributes**
-- [x] Turn on **Collapse groups**
-- [x] Turn on **Create groups for similar attributes**
-- [ ] Turn off **Keep editor data**
-- [ ] Turn off **Keep unreferenced definitions**
-- [x] Turn on **Work around renderer bugs**
-
-In the **SVG Output** tab under **Document options**:
-
-- [ ] Turn off **Remove the XML declaration**
-- [x] Turn on **Remove metadata**
-- [x] Turn on **Remove comments**
-- [x] Turn on **Embedded raster images**
-- [x] Turn on **Enable viewboxing**
-
-In the **SVG Output** under **Pretty-printing**:
-
-- [ ] Turn off **Format output with line-breaks and indentation**
-- **Indentation characters** > Select **Space**
-- **Depth of indentation** > **1**
-- [ ] Turn off **Strip the "xml:space" attribute from the root SVG element**
-
-In the **IDs** tab:
-
-- [x] Turn on **Remove unused IDs**
-- [ ] Turn off **Shorten IDs**
-- **Prefix shortened IDs with** > `leave blank`
-- [x] Turn on **Preserve manually created IDs not ending with digits**
-- **Preserve the following IDs** > `leave blank`
-- **Preserve IDs starting with** > `leave blank`
-
-#### CLI
-
-The same can be achieved with the [Scour](https://github.com/scour-project/scour) command:
-
-```bash
-scour --set-precision=5 \
-      --create-groups \
-      --renderer-workaround \
-      --remove-descriptive-elements \
-      --enable-comment-stripping \
-      --enable-viewboxing \
-      --indent=space \
-      --nindent=1 \
-      --no-line-breaks \
-      --enable-id-stripping \
-      --protect-ids-noninkscape \
-      input.svg output.svg
-```
-
-### WebP
-
-Use the [`cwebp`](https://developers.google.com/speed/webp/docs/using) command to convert PNG or JPEG image files to WebP format:
-
-```bash
-cwebp -m 6 input_file -o output.webp
-```

docs/meta/writing-style.md

@@ -1,88 +0,0 @@
----
-title: Writing Style
-description: Our official writing style handbook for website contributors.
----
-
-Privacy Guides is written in American English, and you should refer to [APA Style guidelines](https://apastyle.apa.org/style-grammar-guidelines/grammar) when in doubt.
-
-In general the [United States federal plain language guidelines](https://plainlanguage.gov/guidelines) provide a good overview of how to write clearly and concisely. We highlight a few important notes from these guidelines below.
-
-## Writing for our audience
-
-Privacy Guides' intended [audience](https://plainlanguage.gov/guidelines/audience) is primarily adults who use technology. Don't dumb down content as if you are addressing a middle-school class, but don't overuse complicated terminology about concepts average computer users wouldn't be familiar with.
-
-### Address only what people want to know
-
-People don't need overly complex articles with little relevance to them. Figure out what you want people to accomplish when writing an article, and only include those details.
-
-> Tell your audience why the material is important to them. Say, “If you want a research grant, here’s what you have to do.” Or, “If you want to mine federal coal, here’s what you should know.” Or, “If you’re planning a trip to Rwanda, read this first.”
-
-### Address people directly
-
-We're writing *for* a wide variety of people, but we are writing *to* the person who is actually reading it. Use "you" to address the reader directly.
-
-> More than any other single technique, using “you” pulls users into the information and makes it relevant to them.
->
-> When you use “you” to address users, they are more likely to understand what their responsibility is.
-
-Source: [plainlanguage.gov](https://plainlanguage.gov/guidelines/audience/address-the-user)
-
-### Avoid "users"
-
-Avoid calling people "users", in favor of "people", or a more specific description of the group of people you are writing for.
-
-## Organizing content
-
-Organization is key. Content should flow from most to least important information, and use headers as much as needed to logically separate different ideas.
-
-- Limit the document to around five or six sections. Long documents should probably be broken up into separate pages.
-- Mark important ideas with **bold** or *italics*.
-
-Source: [plainlanguage.gov](https://plainlanguage.gov/guidelines/design)
-
-### Begin with a topic sentence
-
-> If you tell your reader what they’re going to read about, they’re less likely to have to read your paragraph again. Headings help, but they’re not enough. Establish a context for your audience before you provide them with the details.
->
-> We often write the way we think, putting our premises first and then our conclusion. It may be the natural way to develop thoughts, but we wind up with the topic sentence at the end of the paragraph. Move it up front and let users know where you’re going. Don’t make readers hold a lot of information in their heads before getting to the point.
-
-Source: [plainlanguage.gov](https://plainlanguage.gov/guidelines/organize/have-a-topic-sentence)
-
-## Choose your words carefully
-
-> Words matter. They are the most basic building blocks of written and spoken communication. Don’t complicate things by using jargon, technical terms, or abbreviations that people won’t understand.
-
-We should try to avoid abbreviations where possible, but technology is full of abbreviations. In general, spell out the abbreviation/acronym the first time it is used on a page, and add the abbreviation to the abbreviation glossary file when it is used repeatedly.
-
-> Kathy McGinty offers tongue-in-cheek instructions for bulking up your simple, direct sentences:
->
-> > There is no escaping the fact that it is considered very important to note that a number of various available applicable studies ipso facto have generally identified the fact that additional appropriate nocturnal employment could usually keep juvenile adolescents off thoroughfares during the night hours, including but not limited to the time prior to midnight on weeknights and/or 2 a.m. on weekends.
->
->And the original, using stronger, simpler words:
->
-> > More night jobs would keep youths off the streets.
-
-## Be concise
-
-> Unnecessary words waste your audience’s time. Great writing is like a conversation. Omit information that the audience doesn’t need to know. This can be difficult as a subject-matter expert, so it’s important to have someone look at the information from the audience’s perspective.
-
-Source: [plainlanguage.gov](https://plainlanguage.gov/guidelines/concise)
-
-## Keep text conversational
-
-> Verbs are the fuel of writing. They give your sentences power and direction. They enliven your writing and make it more interesting.
->
-> Verbs tell your audience what to do. Make sure it’s clear who does what.
-
-### Use active voice
-
-> Active voice makes it clear who is supposed to do what. It eliminates ambiguity about responsibilities. Not “It must be done,” but “You must do it.”
-
-Source: [plainlanguage.gov](https://plainlanguage.gov/guidelines/conversational/use-active-voice)
-
-### Use "must" for requirements
-
-> - “must” for an obligation
-> - “must not” for a prohibition
-> - “may” for a discretionary action
-> - “should” for a recommendation

docs/os/android-overview.md

@@ -89,13 +89,11 @@ Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/
 
 ## Privacy Features
 
-### Multiple Users
+### User Profiles
 
-The option to enable **multiple users** can be found in :gear: **Settings** → **System** → **Users**, and are the simplest way to isolate in Android.
+Multiple **user profiles** can be found in :gear: **Settings** → **System** → **Users** and are the simplest way to isolate in Android.
 
-Even a single person can take advantage of using multiple user accounts. To limit the applications you run on your phone, you can impose restrictions on a specific account, such as making calls, using SMS, or installing apps. Each account is encrypted using its own encryption key and cannot access the data of any other users. Even the device owner cannot view the data of secondary users without knowing their password. Multiple users are a more secure method of isolation than work profiles or a private space.
-
-[:material-star-box: How to Take Advantage of Multiple Users](/articles/2025/04/23/taking-advantage-of-android-user-profiles/){ .md-button }
+With user profiles, you can impose restrictions on a specific profile, such as: making calls, using SMS, or installing apps. Each profile is encrypted using its own encryption key and cannot access the data of any other profiles. Even the device owner cannot view the data of other profiles without knowing their password. Multiple user profiles are a more secure method of isolation.
 
 ### Work Profile
 

docs/tor.md

@@ -80,7 +80,7 @@ You should **never** install any additional extensions on Tor Browser or edit `a
 
 </div>
 
-The Tor Browser is designed to prevent fingerprinting, or identifying you based on your browser configuration. Therefore, it is imperative that you do **not** modify the browser beyond the default [security levels](https://tb-manual.torproject.org/security-settings).
+The Tor Browser is designed to prevent fingerprinting, or identifying you based on your browser configuration. Therefore, it is imperative that you do **not** modify the browser beyond the default [security levels](https://tb-manual.torproject.org/security-settings). When modifying the security level setting, you **must** always restart the browser before continuing to use it. Otherwise, [the security settings may not be fully applied](https://www.privacyguides.org/articles/2025/05/02/tor-security-slider-flaw/), putting you at a higher risk of fingerprinting and exploits than you may expect based on the setting chosen.
 
 In addition to installing Tor Browser on your computer directly, there are also operating systems designed specifically to connect to the Tor network such as [Whonix](desktop.md#whonix) on [Qubes OS](desktop.md#qubes-os), which provide even greater security and protections than the standard Tor Browser alone.
 
@@ -110,5 +110,3 @@ In addition to installing Tor Browser on your computer directly, there are also
 Onion Browser does not provide the same levels of privacy protections as Tor Browser does on desktop platforms. For casual use it is a perfectly fine way to access hidden services, but if you're concerned about being traced or monitored by advanced adversaries you should not rely on this as an anonymity tool.
 
 [Notably](https://github.com/privacyguides/privacyguides.org/issues/2929), Onion Browser does not *guarantee* all requests go through Tor. When using the built-in version of Tor, [your real IP **will** be leaked via WebRTC and audio/video streams](https://onionbrowser.com/faqs) due to limitations of WebKit. It is *safer* to use Onion Browser alongside [Orbot](alternative-networks.md#orbot), but this still comes with some limitations on iOS.
-
-[^1]: The `IsolateDestAddr` setting is discussed on the [Tor mailing list](https://lists.torproject.org/pipermail/tor-talk/2012-May/024403.html) and [Whonix's Stream Isolation documentation](https://whonix.org/wiki/Stream_Isolation), where both projects suggest that it is usually not a good approach for most people.

mkdocs.blog.yml

@@ -128,7 +128,6 @@ plugins:
   blog:
     blog_dir: .
     blog_toc: true
-    pagination_per_page: 16
     post_url_format: "{date}/{file}"
     post_excerpt: required
     post_excerpt_max_authors: 0

mkdocs.videos.yml

@@ -128,7 +128,6 @@ plugins:
   blog:
     blog_dir: .
     blog_toc: true
-    pagination_per_page: 16
     post_url_format: "{date}/{file}"
     post_excerpt_max_authors: 0
     authors_profiles: false

mkdocs.yml

@@ -449,32 +449,23 @@ nav:
       !ENV [NAV_FORUM_LINK, "https://discuss.privacyguides.net/"]
   - !ENV [NAV_ABOUT, "About"]:
       - "about.md"
+      - "about/criteria.md"
       - "about/donate.md"
-      - !ENV [NAV_ABOUT_TEAM_MEMBERS, "Team Members"]:
-          https://discuss.privacyguides.net/u?group=team&order=solutions&period=all
-      - !ENV [NAV_ABOUT_POLICIES, "Policies"]:
-          - "about/criteria.md"
-          - "about/donation-acceptance-policy.md"
-          - "about/executive-policy.md"
+      - !ENV [NAV_DOCUMENTATION, "Documentation"]:
+          - !ENV [NAV_DOCUMENTATION_ALL, "All Documentation"]:
+              https://discuss.privacyguides.net/c/documentation/9410
+          - !ENV [NAV_DOCUMENTATION_POLICIES, "Policies"]:
+              https://discuss.privacyguides.net/tags/c/documentation/9410/policy
+          - !ENV [NAV_WRITING_GUIDE, "Writing Guide"]:
+              https://discuss.privacyguides.net/tags/c/documentation/9410/writing
+          - !ENV [NAV_TECHNICAL_GUIDES, "Technical Guides"]:
+              https://discuss.privacyguides.net/tags/c/documentation/9410/technical
+      - !ENV [NAV_ABOUT_MISC, "Miscellaneous"]:
           - "privacy.md"
           - "about/notices.md"
-      - !ENV [NAV_COMMUNITY, "Community"]:
+          - "about/statistics.md"
           - "about/jobs.md"
           - "about/contributors.md"
-          - !ENV [NAV_ONLINE_SERVICES, "Online Services"]: "about/services.md"
-          - !ENV [NAV_CODE_OF_CONDUCT, "Code of Conduct"]: "CODE_OF_CONDUCT.md"
-          - "about/statistics.md"
-      - !ENV [NAV_CONTRIBUTING, "Contributing"]:
-          - !ENV [NAV_WRITING_GUIDE, "Writing Guide"]:
-              - "meta/writing-style.md"
-              - "meta/admonitions.md"
-              - "meta/brand.md"
-              - "meta/translations.md"
-          - !ENV [NAV_TECHNICAL_GUIDES, "Technical Guides"]:
-              - "meta/uploading-images.md"
-              - "meta/git-recommendations.md"
-              - "meta/commit-messages.md"
-              - "meta/pr-comments.md"
 
 validation:
   nav: