update(blog)!: Proton Wallet review (#2750)

Signed-off-by: Daniel Gray <dngray@privacyguides.org>

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,29 +1,14 @@
-Changes proposed in this PR:
+List of changes proposed in this PR:
 
 -
 
-<!-- SCROLL TO BOTTOM TO AGREE!:
+<!--
 Please use a descriptive title for your PR, it will be included in our changelog!
 
-If you are making changes that you have a conflict of interest with, please
+If you are making changes that you have a conflict of interest with, you MUST
 disclose this as well (this does not disqualify your PR by any means):
 
 Conflict of interest contributions involve contributing about yourself,
 family, friends, clients, employers, or your financial and other relationships.
-Any external relationship can trigger a conflict of interest.
+ANY external relationship can trigger a conflict of interest.
 -->
-
-<summary>
-
-<!-- To agree, place an x in the box below, like: [x] -->
-- [ ] I agree to the terms listed below:
-  <details><summary>Contribution terms (click to expand)</summary>
-  1) I am the sole author of this work.
-  2) I agree to grant Privacy Guides a perpetual, worldwide, non-exclusive, transferable, royalty-free, irrevocable license with the right to sublicense such rights through multiple tiers of sublicensees, to reproduce, modify, display, perform, relicense, and distribute my contribution as part of this project.
-  3) I have disclosed any relevant conflicts of interest in my post.
-  4) I agree to the Community Code of Conduct.
-  </details>
-
-<!-- What's this? When you submit a PR, you keep the Copyright for the work you
-are contributing. We need you to agree to the above terms in order for us to
-publish this contribution to our website. -->

.github/workflows/build-container.yml

@@ -79,7 +79,7 @@ jobs:
       # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository.
       # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step.
       - name: Build and push Docker image
-        uses: docker/build-push-action@v6.5.0
+        uses: docker/build-push-action@v6.7.0
         with:
           context: .
           push: true

.github/workflows/test-lint.yml

@@ -103,7 +103,7 @@ jobs:
       - id: ml
         # You can override MegaLinter flavor used to have faster performances
         # More info at https://megalinter.io/flavors/
-        uses: oxsecurity/megalinter/flavors/documentation@v7.13.0
+        uses: oxsecurity/megalinter/flavors/documentation@v8.0.0
         env:
           # All available variables are described in documentation
           # https://megalinter.io/configuration/

blog/.authors.yml

@@ -25,7 +25,7 @@ authors:
     avatar: https://github.com/freddy-m.png
   jonah:
     name: Jonah Aragon
-    description: Team Member
+    description: Project Director
     avatar: https://github.com/jonaharagon.png
     mastodon:
       username: jonah

blog/author/jonah.md

@@ -7,3 +7,20 @@
 He is also known for his work on the Techlore YouTube channel, including the Techlore Talks podcast he co-hosts.
 
 [:simple-mastodon: @jonah@neat.computer](https://mastodon.neat.computer/@jonah "@jonah@neat.computer"){ .md-button rel=me }
+
+<script type="application/ld+json">
+{
+    "@context": "https://schema.org",
+    "@type": "Person",
+    "name": "Jonah Aragon",
+    "jobTitle": "Project Director",
+    "url": "https://www.privacyguides.org/articles/author/jonah/",
+    "image": "https://www.privacyguides.org/articles/assets/external/github.com/jonaharagon.png.jpg",
+    "sameAs": [
+        "https://www.jonaharagon.com",
+        "https://shop.jonaharagon.com",
+        "https://mastodon.neat.computer/@jonah"
+    ],
+    "description": "Jonah Aragon is the Project Director and staff writer at Privacy Guides."
+}
+</script>

blog/posts/proton-wallet-review.md

@@ -0,0 +1,128 @@
+---
+title: "Proton Wallet Review: Is Proton Losing Touch?"
+date:
+    created: 2024-09-08
+categories:
+    - Reviews
+authors:
+    - jonah
+links:
+    - Cryptocurrency: https://www.privacyguides.org/en/cryptocurrency/
+tags:
+    - Cryptocurrency
+license: BY-SA
+preview:
+  logo: theme/assets/img/cryptocurrency/proton-wallet.svg
+review:
+  type: WebApplication
+  category: FinanceApplication
+  subcategory: Cryptocurrency Wallet
+  name: Proton Wallet
+  price: 0
+  website: https://proton.me/wallet
+  rating: 2
+  pros:
+    - Secure, non-custodial option for Proton users.
+  cons:
+    - Only supports Bitcoin, a non-private cryptocurrency.
+    - No support for Lightning or CoinJoin.
+    - iOS app still in beta.
+---
+![Proton Wallet logo](../assets/img/cryptocurrency/proton-wallet.svg){ align=right itemprop="image" }
+
+Proton, the Swiss creators of privacy-focused products like [Proton Mail](https://www.privacyguides.org/en/email/) and ProtonVPN, recently released the latest product in their ever-growing lineup: **Proton Wallet**. [Announced](https://discuss.privacyguides.net/t/introducing-proton-wallet-a-safer-way-to-hold-bitcoin/19636) at the end of July 2024, it promotes itself as "an easy-to-use, self-custodial" Bitcoin wallet that will ostensibly make financial freedom more attainable for everyone.<!-- more -->
+
+!!! info inline "Side info"
+
+    - Proton Wallet's [Privacy Policy](https://proton.me/wallet/privacy-policy)
+    - This review was conducted with the reviewer's personal Proton Visionary account. Proton was not contacted prior to this publication.
+
+It may well be that Proton Wallet is the easiest way to start using Bitcoin, but is a Bitcoin wallet the solution people need to improve their financial privacy?
+
+## A cryptocurrency primer
+
+Contrary to popular belief, [cryptocurrency](https://www.privacyguides.org/en/cryptocurrency/) is not an inherently private transactional system.
+
+The vast majority of cryptocurrency, including Bitcoin, uses a transparent and public blockchain as the ledger for all transactions. This means that anyone you've transacted with or who knows your wallet's public address can trivially trace all of your past transactions, and monitor all of your future transactions at any time.
+
+This is a huge problem for Proton Wallet, because Bitcoin is the **only** cryptocurrency it supports. Furthermore, Proton Wallet doesn't support the few privacy-enhancing additions to Bitcoin that do exist, like CoinJoin or even the Lightning Network. While these technologies still don't bring Bitcoin close to the levels of privacy attainable with some alternatives like Monero, to see them lacking in a product from a privacy-centric company like Proton is extremely disappointing.
+
+Proton has claimed in a few interviews that they chose Bitcoin because of its mass appeal, and it's certainly true that Bitcoin has the mind share and market share to beat out any other cryptocurrency, but the *most popular* option isn't always the *best* option.
+
+Had Proton Wallet added support for Monero or a similarly private cryptocurrency, they could have single-handedly boosted a financial system that is *actually* private by default by a significant degree. In my eyes, failing to do so in favor of the market leader is an unfortunate step back from their "privacy by default" mantra.
+
+## Using the app
+
+Proton Wallet *is* in beta, like many of Proton's products are when newly released, and available via the web, an Android app, and an iOS [TestFlight](https://testflight.apple.com/join/6OIcXtQN).
+
+![Proton wallet registration page](../assets/images/proton-wallet-review/1.png)
+
+Creating your wallet is a simple process, after registering you'll be asked to choose a name for your wallet and a default currency. You can also optionally set a passphrase to secure your account. Note that this isn't merely a passphrase securing your account on Proton's servers beyond your usual account credentials, it's a [BIP39 extension word](https://en.bitcoin.it/wiki/Seed_phrase#Two-factor_seed_phrases), meaning that if you lose it your wallet will be completely unrecoverable, **even if** you back up your 12 word seed phrase.
+
+![Proton wallet setup page](../assets/images/proton-wallet-review/2.png)
+
+The default currency here isn't the currency being *stored* in Proton Wallet. It is just used to show you the current conversion rate between Bitcoin and your local currency.
+
+Once you're in, Proton Wallet is fairly straightforward. In fact, there's not much to explore beyond finding your wallet address and buying Bitcoin. Clicking the **Recieve** button brings up a panel which shows your address and allows you to generate a new one on the fly. When you generate a new address, all of your previous addresses will continue to work, but are no longer displayed anywhere.
+
+![Proton wallet address QR code and text displayed in sidebar](../assets/images/proton-wallet-review/3.png)
+
+Buying Bitcoin is simple as well. Proton is working with two providers, Banxa and Ramp, and if you're in the United States like I am both are available, so you can choose the one with the best exchange rate to go with. Before you purchase, Proton Wallet asks you for your current country, so that will determine which providers it's possible to use.
+
+There's no private payment methods though, you're stuck with credit card, Google Pay, or Apple Pay. The purchase experience isn't quite seamless either, as it redirects you to either banxa.com or ramp.network to perform the actual transaction. Everything is pre-filled with your Proton Wallet information however, so it isn't a huge problem.
+
+## "Bitcoin via Email"
+
+The flagship feature of Proton Wallet is something they call **Bitcoin via Email**, which integrates with Proton Mail to allow you to send Bitcoin to any email address. Opening your wallet settings lets you enable Proton's *Receive Bitcoin via Email* feature, which allows other Proton Wallet users to send Bitcoin to your account with just your Proton Mail address.
+
+![Proton wallet receive Bitcoin via email settings page](../assets/images/proton-wallet-review/4.png)
+
+If you have multiple addresses on your Proton account, such as aliases or addresses on a custom domain, only one address can be linked to your wallet. This can be a bit annoying for people who have given out different Proton addresses to others in the past, like if you gave out your @protonmail.com address to some people, before later migrating to @proton.me when that domain became available.
+
+On the other hand, if you have aliases for different projects, this is a great way to keep Bitcoin payments to each address separate. If you have your personal email and a business alias for example, you can link your personal email to your primary wallet and create a second wallet to link your business alias to, thus keeping your personal and business transactions separate.
+
+Proton says that you can "create as many wallets as your Proton Wallet plan allows," but the exact limits are not very clear at the moment. This may become clearer as Proton Wallet exits its beta status.
+
+Sending Bitcoin to an email address is as simple as it is in mainstream payment apps like Venmo or CashApp, which is great. You can even include a memo with your transaction, and the transaction appears on the recipient's side very quickly. However, it can take a few hours or more for a transaction to actually complete and be usable by the recipient, so all they'll be able to do is monitor its progress in the meantime. This can be sped up by choosing a higher "network fee" when sending the payment, which costs more Bitcoin as the name would suggest.
+
+I'm not convinced this is particularly revolutionary though. Many Bitcoin wallets have streamlined the process of exchanging address information with other people with methods like QR codes, which are likely going to be more widely used than email in today's mobile-first world. Being able to replace Bitcoin addresses with emails fairly seamlessly *is* nice, but is it nice enough to warrant the entire Proton Wallet product? I'm not so sure.
+
+## What else sets it apart?
+
+There isn't much separating Proton Wallet from the existing options on the market. It is a *non-custodial* wallet, meaning that you control the private keys rather than Proton. This is a huge step-up in security compared to keeping your Bitcoin in an online exchange like Coinbase, but it isn't a big differentiator from other software wallets where non-custodial key storage is typically the norm.
+
+Besides that, and Bitcoin via Email, if you visit Proton's website to see how else they differentiate themselves the best third reason they could muster up is:
+
+> Our business is privacy: Proton isn't a crypto company — we're a privacy company that wants to empower everyone to use Bitcoin securely and privately.
+
+Unfortunately for Proton, this doesn't quite ring true when it comes to Proton Wallet. When it launched in 2014, Proton Mail was revolutionary in the email space. Encrypted email providers already existed, but Proton offered something different: Proton brought a good user experience to an interoperable encryption standard, PGP. While everyone else in the email space was rolling their own password-protected web portals to secure messages or simply delivering emails in plaintext, Proton built a user-friendly platform that actually improved the email ecosystem at large in the process.
+
+Proton's leadership thinks they can do for cryptocurrency what they once did for email, but there's a clear difference between then and now. Proton Mail had privacy and security ready to go from the beginning, but Proton Wallet simply meets the status quo.
+
+## Why does this exist?
+
+Proton Wallet is in a strange position. I've spoken to a few sources who suggest that privacy features like CoinJoin, which can mix Bitcoin in order to better anonymize transactions, were intended to be included at launch. The [crackdown](https://bitcoinmagazine.com/legal/samourai-wallet-breaking-down-dangerous-precedents) on the ill-fated Samouri Wallet project by U.S. authorities last April certainly put a damper on privacy in the Bitcoin space, and likely made Proton wary of introducing such features to the public.
+
+Proton suggests this themselves, stating on their [website](https://proton.me/wallet/bitcoin-guide-for-newcomers):
+
+> Coinjoin is considered the best solution for improving blockchain privacy. It works by mixing your BTC with other users’ BTC in a collaborative self-custodial transaction where you get back the same amount of BTC that you put in but on a different address that cannot be easily linked to your previous address. However, in 2024, in what many consider to be a regulatory overreach and attack on privacy, some of these Coinjoin services have been declared illegal in the US and EU. The future of financial privacy may therefore be decided by ongoing litigation in the next decade and privacy advocates should support these efforts.
+
+This situation likely soured Proton on other privacy-friendly cryptocurrencies like Monero as well. I get it, financial privacy is an extremely challenging task for any company to take on. We can't expect Proton to take on the risk of offering a completely anonymous payment service in the current legal climate, but it begs the question: why enter the financial space at all?
+
+Proton Wallet seems like a product that doesn't know its own place in the world. Is it meant to save us from the tyranny of payment processors like PayPal who can freeze your funds at a whim? Proton certainly thinks so, having faced that exact problem themselves during their original 2014 crowdfunding campaign. But in that case, is Bitcoin the actual solution to this problem, or is it just a stopgap fix that Proton happened to latch on to way back in 2014 when Bitcoin was more *in vogue* and there were few competitors?
+
+Today, there are many alternatives to Bitcoin which are safer to store your money in while remaining protected from intrusive fintech companies like PayPal. Stablecoins like USDC can be traded on multiple cryptocurrency networks without the need for middlemen payment processors, and can be exchanged at a variety of exchanges with the huge benefit of having *significantly* less risk than Bitcoin, theoretically no risk at all. Support for USDC or a similar technology would go a long way towards enabling *usable* cryptocurrency transactions for everyday users, even though USDC doesn't have any additional privacy protections either.
+
+Or, was Bitcoin chosen to give us independence from fiat currency, including stablecoins, entirely? Maybe so, but is that something we actually want? Prepping for a worldwide market collapse is perhaps a bit of a fool's errand. If the US Dollar and other economies failed overnight, I think we would all have a lot more problems than Bitcoin is going to solve for us. Bitcoin is a poor store of value to serve as an alternative to traditional currency anyway. Any asset which can gain or lose half its purchasing power on any given day of the week simply can't function as a viable medium of exchange, meaning it's virtually useless for day-to-day transactions.
+
+However, if Proton Wallet wasn't meant for all that, if it was simply meant to bring privacy to Bitcoin, then it's certainly a failure. Proton hasn't taken any risks with this product, meaning it's really only good for satisfying a singular belief: That Bitcoin is just inherently good, and anything to promote Bitcoin is inherently good as well. I don't share these fanatical beliefs of *Bitcoin maximalists*, however, when Bitcoin is demonstrably lacking in a wide variety of ways.
+
+## Conclusion
+
+Personally, I'm a bit of a cryptocurrency pessimist in general, but I can see some appeal for the technology in very specific areas. Unfortunately, Proton Wallet doesn't seem to fit in to a useful niche in any meaningful way. The functionality it does support is extremely basic, even by Bitcoin standards, and it simply doesn't provide enough value over the existing marketplace.
+
+If you're an existing Proton user simply looking for a place to store some Bitcoin *you already have* sitting around, Proton Wallet might be perfectly adequate. For everyone else, I don't see this product being too useful. Bitcoin is still far too volatile to be a solid investment or used as a safe store of value if you crave financial independence and sovereignty, and Proton Wallet simply isn't adequate for [paying for things privately online](https://www.privacyguides.org/en/advanced/payments/).
+
+There is some potential with Proton Wallet. Personally, I would like to see [support for Monero](https://protonmail.uservoice.com/forums/960668-proton-wallet/suggestions/48672359-support-monero), a cryptocurrency that has privacy features built-in by default. There is also the possibility of Proton expanding into the *traditional* finance space with features like a digital wallet for credit/debit cards, card aliasing à la [privacy.com](https://www.privacyguides.org/en/financial-services/#privacycom-us), and tap to pay within their mobile apps. A third-party alternative to Apple Pay and Google Wallet, and for the first time ever such a product could actually be viable: It's always been possible on Android, but just last month Apple announced the possibility for [iOS developers to use NFC](https://www.apple.com/newsroom/2024/08/developers-can-soon-offer-in-app-nfc-transactions-using-the-secure-element/) to facilitate payments outside of Apple Wallet. This presents a golden opportunity for Proton Wallet to be the first cross-platform digital wallet, if they can deliver.
+
+Alas, none of this is available in Proton Wallet today, and that's all that really counts.

blog/posts/signal-configuration-and-hardening.md

@@ -1,7 +1,7 @@
 ---
 date:
     created: 2022-07-07
-    updated: 2023-05-06
+    updated: 2024-08-23
 authors:
     - contributors
     - matchboxbananasynergy
@@ -199,46 +199,13 @@ If you use iCloud and you don’t want to share call history on Signal, confirm
 
 While it may be tempting to link your Signal account to your desktop device for convenience, keep in mind that this extends your trust to an additional and potentially less secure operating system.
 
-If your threat model calls for it, avoid linking your Signal account to a desktop device to reduce your attack surface.
-
-### Endpoint Security
-
-Signal takes security very seriously, however there is only so much an app can do to protect you.
-
-It is very important to take device security on both ends into account to ensure that your conversations are kept private.
-
-We recommend an up-to-date [GrapheneOS](https://www.privacyguides.org/en/android/distributions#grapheneos) or iOS device.
+Avoid linking your Signal account to a desktop device to reduce your attack surface, if your threat model calls for protecting against [:material-bug-outline: Passive Attacks](https://www.privacyguides.org/en/basics/common-threats/#security-and-privacy){ .pg-orange }.
 
 ### Molly (Android)
 
-On Android you can consider using **Molly**, a fork of the Signal mobile client which aims to provide extensive hardening and anti-forensic features.
+If you use [Molly](https://www.privacyguides.org/en/real-time-communication/#molly-android) on Android to access the Signal network, there are a number of privacy- and security-enhancing features that you may want to explore.
 
-!!! recommendation
-
-    ![Molly logo](../assets/images/signal-configuration/molly.svg){ align=right }
-
-    **Molly** is an independent Signal fork which offers additional security features, including locking the app at rest, securely shredding unused RAM data, routing via Tor, and more.
-
-    [:octicons-home-16: Homepage](https://molly.im/){ .md-button .md-button--primary }
-    [:octicons-eye-16:](https://signal.org/legal/#privacy-policy){ .card-link title="Privacy Policy" }
-    [:octicons-info-16:](https://github.com/mollyim/mollyim-android/wiki){ .card-link title=Documentation}
-    [:octicons-code-16:](https://github.com/mollyim/mollyim-android){ .card-link title="Source Code" }
-    [:octicons-heart-16:](https://opencollective.com/mollyim){ .card-link title=Contribute }
-
-    ??? downloads
-
-         - [:octicons-moon-16: Accrescent](https://accrescent.app/app/im.molly.app)
-         - [:simple-github: GitHub](https://github.com/mollyim/mollyim-android/releases)
-
-Molly offers two variants of the app: **Molly** and **Molly-FOSS**.
-
-The former is identical to Signal with the addition of Molly's improvements and security features. The latter, Molly-FOSS, removes Google's proprietary code, which is used for some key features (e.g., [FCM](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) and Google Maps integration), in an effort to make it fully open-source.
-
-A comparison of the two versions is available in the [project's repository](https://github.com/mollyim/mollyim-android#readme).
-
-Both versions of Molly support [reproducible builds](https://github.com/mollyim/mollyim-android/tree/main/reproducible-builds), meaning it's possible to confirm that the compiled APKs match the source code.
-
-#### Features
+#### Privacy and Security Features
 
 Molly has implemented database encryption at rest, which means that you can encrypt the app's database with a passphrase to ensure that none of its data is accessible without it.
 
@@ -251,7 +218,7 @@ Once enabled, a configurable lock timer can be set, after which point Molly will
 For the database encryption feature to be useful, two conditions must be met:
 
 1. Molly has to be locked at the time an attacker gains access to the device. This can include a physical attack in which the attacker seizes your device and manages to unlock the device itself, or a remote attack, in which the device is compromised and manages to elevate privileges to root.
-1. If you become aware that your device has been compromised, you should not unlock Molly's database.
+2. If you become aware that your device has been compromised, you should not unlock Molly's database.
 
 If both of the above conditions are met, the data within Molly is safe as long as the passphrase is not accessible to the attacker.
 
@@ -266,9 +233,3 @@ Signal adds everyone who you have communicated with to its database. Molly allow
 To supplement the feature above, as well as for additional security and to fight spam, Molly offers the ability to block unknown contacts that you've never been in contact with or those that are not in your contact list without you having to manually block them.
 
 You can find a full list of Molly's [features](https://github.com/mollyim/mollyim-android#features) on the project's repository.
-
-#### Caveats
-
-- Molly removes Signal's MobileCoin integration.
-- Molly is updated every two weeks to include the latest features and bug fixes from Signal. The exception is security issues, which are patched as soon as possible. That said, you should be aware that there might be a slight delay compared to upstream.
-- By using Molly, you are extending your trust to another party, as you now need to trust the Signal team, as well as the Molly team.

docs/about.md

@@ -12,7 +12,6 @@ schema:
     - https://twitter.com/privacy_guides
     - https://github.com/privacyguides
     - https://www.wikidata.org/wiki/Q111710163
-    - https://opencollective.com/privacyguides
     - https://www.youtube.com/@privacyguides
     - https://mastodon.neat.computer/@privacyguides
 ---

docs/about/criteria.md

@@ -5,7 +5,7 @@ title: General Criteria
 Below are some general priorities we consider for all submissions to Privacy Guides. Each category will have additional requirements for inclusion.
 
 - **Security**: Tools should follow security best-practices wherever applicable.
-- **Source Availability**: Open-source projects are generally preferred over equivalent proprietary alternatives. Our definition of Open-source follows the [OSI definition](https://opensource.org/osd). Licenses not under the OSI are allowed as long as they are compatible with the OSI definition. The Open-source part is only mandatory for pages with "Open-source" as a minimum requirement.
+- **Source Availability**: Open-source projects are generally preferred over equivalent proprietary alternatives.
 - **Cross-Platform Availability**: We typically prefer recommendations to be cross-platform, to avoid vendor lock-in.
 - **Active Development**: The tools that we recommend should be actively developed, unmaintained projects will be removed in most cases.
 - **Usability**: Tools should be accessible to most computer users, an overly technical background should not be required.

docs/about/executive-policy.md

@@ -0,0 +1,25 @@
+---
+title: Executive Policy
+---
+
+These are policies formally adopted by Privacy Guides' executive committee, and take precedence over all other statements expressed on this website.
+
+The key words **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
+
+## EP1: Freely-Provided Product Samples
+
+*Our policy on accepting product samples for review was adopted September 7, 2024.*
+
+=== "Current Version (1)"
+
+    - Privacy Guides **shall not** proactively reach out to vendors asking for product samples or review accounts.
+    - Privacy Guides **shall not** accept test/review accounts for subscription cloud services.
+    - Privacy Guides **may** accept freely-provided product samples for one-time purchase software applications which run locally, given they don't require a subscription for continued operation.
+    - Privacy Guides **may** accept freely-provided samples of hardware products.
+        - Privacy Guides **may** accept a freely-provided subscription service associated with a hardware product, if such a subscription/license is necessary to use the product.
+    - Privacy Guides **must not** enter into an agreement pertaining to our editorial opinion with the vendor in order to receive a sample or publish a review. All freely-provided items must be strictly "no strings attached."
+        - We **may** agree to return the product to the vendor following the review if requested.
+        - We **may** agree to a reasonable NDA, provided it has a clear embargo date that is lifted no more than 6 months in the future where the NDA completely no longer applies.
+        - We **should not** enter into any other agreement with the vendor not described here. Potential agreements not described here **must** be approved by the executive committee beforehand.
+
+    In all cases, whether we paid for the product independently or received a free sample from a vendor, how we obtained the product **must** be clearly documented in the background section of every article associated with the product.

docs/android/distributions.md

@@ -68,7 +68,7 @@ GrapheneOS supports [sandboxed Google Play](https://grapheneos.org/usage#sandbox
 
 By default, Android makes many network connections to Google to perform DNS connectivity checks, to sync with current network time, to check your network connectivity, and for many other background tasks. GrapheneOS replaces these with connections to servers operated by GrapheneOS and subject to their privacy policy. This hides information like your IP address [from Google](../basics/common-threats.md#privacy-from-service-providers), but means it is trivial for an admin on your network or ISP to see you are making connections to `grapheneos.network`, `grapheneos.org`, etc. and deduce what operating system you are using.
 
-GrapheneOS provides the option to switch back to connecting to Google's servers for many of these background connections if you prefer, but it is far more robust/foolproof to use a [trusted VPN](../vpn.md) and enable Android's native VPN [kill switch](../os/android-overview.md#vpn-killswitch) to hide information like this from adversaries on your network.
+If you want to hide information like this from an adversary on your network or ISP, you **must** use a [trusted VPN](../vpn.md) in addition to changing the connectivity check setting to **Standard (Google)**. It can be found in :gear: **Settings** → **Network & internet** → **Internet connectivity checks**. This option allows you to connect to Google's servers for connectivity checks, which, alongside the usage of a VPN, helps you blend in with a larger pool of Android devices.
 
 ### DivestOS
 

docs/calendar.md

@@ -24,9 +24,9 @@ Multiple calendars and extended sharing functionality is limited to paid subscri
 
 [:octicons-home-16: Homepage](https://tuta.com/calendar){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://tuta.com/support){ .card-link title=Documentation}
+[:octicons-info-16:](https://tuta.com/support){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/tutao/tutanota){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://tuta.com/community){ .card-link title=Contribute }
+[:octicons-heart-16:](https://tuta.com/community){ .card-link title="Contribute" }
 
 <details class="downloads" markdown>
 <summary>Downloads</summary>
@@ -52,8 +52,8 @@ Multiple calendars and extended sharing functionality is limited to paid subscri
 **Proton Calendar** is an encrypted calendar service available to Proton members via web or mobile clients. Features include: automatic E2EE of all data, sharing features, import/export functionality, and [more](https://proton.me/support/proton-calendar-guide). Those on the free tier gain access to 3 calendars, whereas paid subscribers can create up to 25 calendars. Extended sharing functionality is also limited to paid subscribers.
 
 [:octicons-home-16: Homepage](https://proton.me/calendar){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://proton.me/support/calendar){ .card-link title=Documentation}
+[:octicons-eye-16:](https://proton.me/calendar/privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://proton.me/support/calendar){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/ProtonMail/WebClients){ .card-link title="Source Code" }
 
 <details class="downloads" markdown>
@@ -67,7 +67,7 @@ Multiple calendars and extended sharing functionality is limited to paid subscri
 
 </div>
 
-Unfortunately, as of May 2024 Proton has [still](https://discuss.privacyguides.net/t/proton-calendar-is-not-open-source-mobile/14656/8) not released the source code for their mobile Calendar app on Android or iOS, and only the former has been [audited](https://proton.me/blog/security-audit-all-proton-apps). Proton Calendar's web client is open source, however, and has been [audited](https://proton.me/community/open-source).
+Unfortunately, as of August 2024 Proton has [still](https://discuss.privacyguides.net/t/proton-calendar-is-not-open-source-mobile/14656/8) not released the source code for their mobile Calendar app on Android or iOS, and only the former has been [audited](https://proton.me/blog/security-audit-all-proton-apps). Proton Calendar's web client is open source, however, and has been [audited](https://proton.me/community/open-source).
 
 ## Criteria
 

docs/cloud.md

@@ -29,9 +29,9 @@ Nextcloud is [still a recommended tool](document-collaboration.md#nextcloud) for
 
 **Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2GB, but with the completion of certain steps, additional storage can be obtained up to 5GB.
 
-[:octicons-home-16: Homepage](https://proton.me/drive){ class="md-button md-button--primary" }
-[:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://proton.me/support/drive){ .card-link title=Documentation}
+[:octicons-home-16: Homepage](https://proton.me/drive){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://proton.me/drive/privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://proton.me/support/drive){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/ProtonMail/WebClients){ .card-link title="Source Code" }
 
 <details class="downloads" markdown>
@@ -58,9 +58,9 @@ Proton Drive's brand new mobile clients have not yet been publicly audited by a
 
 **Tresorit** is a Swiss-Hungarian encrypted cloud storage provider founded in 2011. Tresorit is owned by the Swiss Post, the national postal service of Switzerland.
 
-[:octicons-home-16: Homepage](https://tresorit.com){ class="md-button md-button--primary" }
+[:octicons-home-16: Homepage](https://tresorit.com){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://tresorit.com/legal/privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://support.tresorit.com){ .card-link title=Documentation}
+[:octicons-info-16:](https://support.tresorit.com){ .card-link title="Documentation" }
 
 <details class="downloads" markdown>
 <summary>Downloads</summary>
@@ -120,7 +120,7 @@ Running a local version of Peergos alongside a registered account on their paid,
 
 Peergos was [audited](https://cure53.de/pentest-report_peergos.pdf) by Cure53 in September 2019, and all found issues were subsequently fixed.
 
-Also, the Android app is not available but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
+An Android app is not available but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
 
 ## Criteria
 

docs/email-aliasing.md

@@ -31,9 +31,9 @@ They also have a number of benefits over "temporary email" services:
 - Emails are sent to your trusted mailbox rather than stored by the alias provider.
 - Temporary email services typically have public mailboxes which can be accessed by anyone who knows the address, while aliases are private to you.
 
-Our email aliasing recommendations are providers that allow you to create aliases on domains they control, as well as your own custom domain(s) for a modest yearly fee. They can also be self-hosted if you want maximum control. However, using a custom domain can have privacy-related drawbacks: If you are the only person using your custom domain, your actions can be easily tracked across websites simply by looking at the domain name in the email address and ignoring everything before the at (@) sign.
+Our email aliasing recommendations are providers that allow you to create aliases on domains they control, as well as on your own custom domain(s) for a modest yearly fee. They can also be self-hosted if you want maximum control. However, using a custom domain can have privacy-related drawbacks: If you are the only person using your custom domain, your actions can be easily tracked across websites simply by looking at the domain name in the email address and ignoring everything before the at (@) sign.
 
-Using an aliasing service requires trusting both your email provider and your aliasing provider with your unencrypted messages. Some providers mitigate this slightly with Automatic PGP Encryption, which reduces the number of parties you need to trust from two to one by encrypting incoming emails before they are delivered to your final mailbox provider.
+Using an aliasing service requires trusting both your email provider and your aliasing provider with your unencrypted messages. Some providers mitigate this slightly with automatic PGP encryption[^1], which reduces the number of parties you need to trust from two to one by encrypting incoming emails before they are delivered to your final mailbox provider.
 
 ### addy.io
 
@@ -41,7 +41,7 @@ Using an aliasing service requires trusting both your email provider and your al
 
 ![addy.io logo](assets/img/email-aliasing/addy.svg){ align=right }
 
-**addy.io** lets you create 10 domain aliases on a shared domain for free, or unlimited "standard" aliases which are less anonymous.
+**addy.io** lets you create 10 domain aliases on a shared domain for free, or unlimited "standard" aliases.
 
 [:octicons-home-16: Homepage](https://addy.io){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://addy.io/privacy){ .card-link title="Privacy Policy" }
@@ -69,7 +69,9 @@ Notable free features:
 - [x] Unlimited Standard Aliases
 - [ ] No Outgoing Replies
 - [x] 1 Recipient Mailbox
-- [x] Automatic PGP Encryption
+- [x] Automatic PGP Encryption[^1]
+
+If you cancel your subscription, you will still enjoy the features of your paid plan until the billing cycle ends. After the end of your current billing cycle, most paid features (including any custom domains) will be [deactivated](https://addy.io/faq/#what-happens-if-i-have-a-subscription-but-then-cancel-it), paid account settings will be reverted to their defaults, and catch-all will be enabled if it was previously disabled.
 
 ### SimpleLogin
 
@@ -101,17 +103,19 @@ Notable free features:
 
 SimpleLogin was [acquired by Proton AG](https://proton.me/news/proton-and-simplelogin-join-forces) as of April 8, 2022. If you use Proton Mail for your primary mailbox, SimpleLogin is a great choice. As both products are now owned by the same company you now only have to trust a single entity. We also expect that SimpleLogin will be more tightly integrated with Proton's offerings in the future. SimpleLogin continues to support forwarding to any email provider of your choosing. Securitum [audited](https://simplelogin.io/blog/security-audit) SimpleLogin in early 2022 and all issues [were addressed](https://simplelogin.io/audit2022/web.pdf).
 
-You can link your SimpleLogin account in the settings with your Proton account. If you have the Proton Unlimited, Business, or Visionary Plan, you will have SimpleLogin Premium for free.
+You can link your SimpleLogin account in the settings with your Proton account. If you have the Proton Unlimited plan or any multi-user Proton plan, you will have SimpleLogin Premium for free.
 
 Notable free features:
 
 - [x] 10 Shared Aliases
 - [x] Unlimited Replies
 - [x] 1 Recipient Mailbox
-- [ ] Automatic PGP Encryption is only available on paid plans
+- [ ] Automatic PGP Encryption[^1] is only available on paid plans
+
+When your subscription ends, all aliases you created will still be able to receive and send emails. However, you cannot create any new aliases that would exceed the free plan limit, nor can you add a new domain, directory, or mailbox.
 
 ## Criteria
 
 **Please note we are not affiliated with any of the providers we recommend.** In addition to [our standard criteria](about/criteria.md), we evaluate email aliasing providers to the same standard as our regular [email provider criteria](email.md#criteria) where applicable. We suggest you familiarize yourself with this list before choosing an email service, and conduct your own research to ensure the provider you choose is the right choice for you.
 
-*[Automatic PGP Encryption]: Allows you to encrypt non-encrypted incoming emails before they are forwarded to your mailbox, making sure your primary mailbox provider never sees unencrypted email content.
+[^1]: Automatic PGP encryption allows you to encrypt non-encrypted incoming emails before they are forwarded to your mailbox, making sure your primary mailbox provider never sees unencrypted email content.

docs/email-clients.md

@@ -4,7 +4,12 @@ icon: material/email-open
 description: These email clients are privacy-respecting and support OpenPGP email encryption.
 cover: email-clients.webp
 ---
-The **email clients** we recommend support both [OpenPGP](encryption.md#openpgp) and strong authentication such as [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). OAuth allows you to use [Multi-Factor Authentication](basics/multi-factor-authentication.md) and prevent account theft.
+<small>Protects against the following threat(s):</small>
+
+- [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers){ .pg-teal }
+- [:material-target-account: Targeted Attacks](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red }
+
+The **email clients** we recommend support both [OpenPGP](encryption.md#openpgp) and strong authentication such as [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). OAuth allows you to use [Multi-Factor Authentication](basics/multi-factor-authentication.md) to prevent account theft.
 
 <details class="warning" markdown>
 <summary>Email does not provide forward secrecy</summary>
@@ -29,7 +34,7 @@ OpenPGP also does not support [forward secrecy](https://en.wikipedia.org/wiki/Fo
 
 [:octicons-home-16: Homepage](https://thunderbird.net){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://mozilla.org/privacy/thunderbird){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://support.mozilla.org/products/thunderbird){ .card-link title=Documentation}
+[:octicons-info-16:](https://support.mozilla.org/products/thunderbird){ .card-link title="Documentation" }
 [:octicons-code-16:](https://hg.mozilla.org/comm-central){ .card-link title="Source Code" }
 
 <details class="downloads" markdown>
@@ -46,6 +51,8 @@ OpenPGP also does not support [forward secrecy](https://en.wikipedia.org/wiki/Fo
 
 #### Recommended Configuration
 
+<div class="annotate" markdown>
+
 We recommend changing some of these settings to make Thunderbird a little more private.
 
 These options can be found in :material-menu: → **Settings** → **Privacy & Security**.
@@ -53,7 +60,11 @@ These options can be found in :material-menu: → **Settings** → **Privacy & S
 ##### Web Content
 
 - [ ] Uncheck  **Remember websites and links I've visited**
-- [ ] Uncheck  **Accept cookies from sites**
+- [ ] Uncheck  **Accept cookies from sites** (1)
+
+</div>
+
+1. You may need to keep this setting checked when you're logging in to some providers such as Gmail, or via an institution’s SSO. You should uncheck it once you log in successfully.
 
 ##### Telemetry
 
@@ -61,7 +72,7 @@ These options can be found in :material-menu: → **Settings** → **Privacy & S
 
 #### Thunderbird-user.js (advanced)
 
-[`thunderbird-user.js`](https://github.com/HorlogeSkynet/thunderbird-user.js) is a set of configurations options that aims to disable as many of the web-browsing features within Thunderbird as possible in order to reduce attack surface and maintain privacy. Some of the changes are backported from the [Arkenfox project](https://github.com/arkenfox/user.js).
+[`thunderbird-user.js`](https://github.com/HorlogeSkynet/thunderbird-user.js) is a set of configuration options that aims to disable as many of the web-browsing features within Thunderbird as possible in order to reduce attack surface and maintain privacy. Some of the changes are backported from the [Arkenfox project](desktop-browsers.md#arkenfox-advanced).
 
 ## Platform Specific
 
@@ -81,6 +92,13 @@ These options can be found in :material-menu: → **Settings** → **Privacy & S
 
 </div>
 
+<div class="admonition info" markdown>
+<p class="admonition-title">For those using macOS Sonoma</p>
+
+Currently, GPG Suite does [not yet](https://gpgtools.com/sonoma) have a stable release for macOS Sonoma.
+
+</div>
+
 Apple Mail has the ability to load remote content in the background or block it entirely and hide your IP address from senders on [macOS](https://support.apple.com/guide/mail/mlhl03be2866/mac) and [iOS](https://support.apple.com/guide/iphone/iphf084865c7/ios).
 
 ### Canary Mail (iOS)
@@ -93,7 +111,7 @@ Apple Mail has the ability to load remote content in the background or block it
 
 [:octicons-home-16: Homepage](https://canarymail.io){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://canarymail.io/privacy.html){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://canarymail.io/help){ .card-link title=Documentation}
+[:octicons-info-16:](https://canarymail.io/help){ .card-link title="Documentation" }
 
 <details class="downloads" markdown>
 <summary>Downloads</summary>
@@ -122,13 +140,13 @@ Canary Mail is closed-source. We recommend it due to the few choices there are f
 
 ![FairEmail logo](assets/img/email-clients/fairemail.svg){ align=right }
 
-**FairEmail** is a minimal, open-source email app, using open standards (IMAP, SMTP, OpenPGP) with a low data and battery usage.
+**FairEmail** is a minimal, open-source email app which uses open standards (IMAP, SMTP, OpenPGP) and minimizes data and battery usage.
 
 [:octicons-home-16: Homepage](https://email.faircode.eu){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://github.com/M66B/FairEmail/blob/master/PRIVACY.md){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://github.com/M66B/FairEmail/blob/master/FAQ.md){ .card-link title=Documentation}
+[:octicons-info-16:](https://github.com/M66B/FairEmail/blob/master/FAQ.md){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/M66B/FairEmail){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://email.faircode.eu/donate){ .card-link title=Contribute }
+[:octicons-heart-16:](https://email.faircode.eu/donate){ .card-link title="Contribute" }
 
 <details class="downloads" markdown>
 <summary>Downloads</summary>
@@ -150,9 +168,9 @@ Canary Mail is closed-source. We recommend it due to the few choices there are f
 
 [:octicons-home-16: Homepage](https://wiki.gnome.org/Apps/Evolution){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://wiki.gnome.org/Apps/Evolution/PrivacyPolicy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://help.gnome.org/users/evolution/stable){ .card-link title=Documentation}
+[:octicons-info-16:](https://help.gnome.org/users/evolution/stable){ .card-link title="Documentation" }
 [:octicons-code-16:](https://gitlab.gnome.org/GNOME/evolution){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://gnome.org/donate){ .card-link title=Contribute }
+[:octicons-heart-16:](https://gnome.org/donate){ .card-link title="Contribute" }
 
 <details class="downloads" markdown>
 <summary>Downloads</summary>
@@ -175,9 +193,9 @@ In the future, K-9 Mail will be the [officially branded](https://k9mail.app/2022
 
 [:octicons-home-16: Homepage](https://k9mail.app){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://k9mail.app/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://docs.k9mail.app){ .card-link title=Documentation}
+[:octicons-info-16:](https://docs.k9mail.app){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/thundernest/k-9){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://k9mail.app/contribute){ .card-link title=Contribute }
+[:octicons-heart-16:](https://k9mail.app/contribute){ .card-link title="Contribute" }
 
 <details class="downloads" markdown>
 <summary>Downloads</summary>
@@ -192,7 +210,7 @@ In the future, K-9 Mail will be the [officially branded](https://k9mail.app/2022
 <div class="admonition warning" markdown>
 <p class="admonition-title">Warning</p>
 
-When replying to someone on a mailing list the "reply" option may also include the mailing list. For more information see [thundernest/k-9 #3738](https://github.com/thundernest/k-9/issues/3738).
+When replying to someone on a mailing list, the "reply" option may also include the mailing list. For more information see [thundernest/k-9 #3738](https://github.com/thundernest/k-9/issues/3738).
 
 </div>
 
@@ -202,13 +220,13 @@ When replying to someone on a mailing list the "reply" option may also include t
 
 ![Kontact logo](assets/img/email-clients/kontact.svg){ align=right }
 
-**Kontact** is a personal information manager (PIM) application from the [KDE](https://kde.org) project. It provides a mail client, address book, organizer and RSS client.
+**Kontact** is a personal information manager (PIM) application from the [KDE](https://kde.org) project. It provides a mail client, address book, RSS client, and an organizer.
 
 [:octicons-home-16: Homepage](https://kontact.kde.org){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://kde.org/privacypolicy-apps){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://kontact.kde.org/users){ .card-link title=Documentation}
+[:octicons-info-16:](https://kontact.kde.org/users){ .card-link title="Documentation" }
 [:octicons-code-16:](https://invent.kde.org/pim/kmail){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://kde.org/community/donations){ .card-link title=Contribute }
+[:octicons-heart-16:](https://kde.org/community/donations){ .card-link title="Contribute" }
 
 <details class="downloads" markdown>
 <summary>Downloads</summary>
@@ -230,7 +248,7 @@ When replying to someone on a mailing list the "reply" option may also include t
 
 [:octicons-home-16: Homepage](https://mailvelope.com){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://mailvelope.com/privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://mailvelope.com/faq){ .card-link title=Documentation}
+[:octicons-info-16:](https://mailvelope.com/faq){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/mailvelope/mailvelope){ .card-link title="Source Code" }
 
 <details class="downloads" markdown>
@@ -250,9 +268,9 @@ When replying to someone on a mailing list the "reply" option may also include t
 
 ![NeoMutt logo](assets/img/email-clients/mutt.svg){ align=right }
 
-**NeoMutt** is an open-source command line mail reader (or MUA) for Linux and BSD. It's a fork of [Mutt](https://en.wikipedia.org/wiki/Mutt_(email_client)) with added features.
+**NeoMutt** is an open-source command line email reader for Linux and BSD. It's a fork of [Mutt](https://en.wikipedia.org/wiki/Mutt_(email_client)) with added features.
 
-NeoMutt is a text-based client that has a steep learning curve. It is however, very customizable.
+NeoMutt is a text-based client that has a steep learning curve. It is, however, very customizable.
 
 [:octicons-home-16: Homepage](https://neomutt.org){ .md-button .md-button--primary }
 [:octicons-info-16:](https://neomutt.org/guide){ .card-link title=Documentation}

docs/email.md

@@ -7,6 +7,10 @@ cover: email.webp
 global:
  - [randomize-element, "table tbody"]
 ---
+<small>Protects against the following threat(s):</small>
+
+- [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers){ .pg-teal }
+
 Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy.
 
 [Recommended Instant Messengers](real-time-communication.md){ .md-button }
@@ -55,8 +59,8 @@ OpenPGP also does not support Forward secrecy, which means if either your or the
 
 [:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary }
 [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" }
-[:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://proton.me/support/mail){ .card-link title=Documentation}
+[:octicons-eye-16:](https://proton.me/mail/privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://proton.me/support/mail){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/ProtonMail){ .card-link title="Source Code" }
 
 <details class="downloads" markdown>
@@ -76,7 +80,7 @@ OpenPGP also does not support Forward secrecy, which means if either your or the
 
 Free accounts have some limitations, such as not being able to search body text and not having access to [Proton Mail Bridge](https://proton.me/mail/bridge), which is required to use a [recommended desktop email client](email-clients.md) (e.g. Thunderbird). Paid accounts include features like Proton Mail Bridge, additional storage, and custom domain support. A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton Mail's apps on 9th November 2021 by [Securitum](https://research.securitum.com).
 
-If you have the Proton Unlimited, Business, Family, or Visionary plan, you also get [SimpleLogin](email-aliasing.md#simplelogin) Premium for free.
+If you have the Proton Unlimited plan or any multi-user Proton plan, you also get [SimpleLogin](email-aliasing.md#simplelogin) Premium for free.
 
 Proton Mail has internal crash reports that are **not** shared with third parties. This can be disabled in the web app: :gear: → **All Settings** → **Account** → **Security and privacy** → **Privacy and data collection**.
 
@@ -124,7 +128,7 @@ Proton Mail doesn't offer a digital legacy feature.
 
 [:octicons-home-16: Homepage](https://mailbox.org){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://kb.mailbox.org/en/private){ .card-link title=Documentation}
+[:octicons-info-16:](https://kb.mailbox.org/en/private){ .card-link title="Documentation" }
 
 <details class="downloads" markdown>
 <summary>Downloads</summary>
@@ -192,9 +196,9 @@ These providers store your emails with zero-knowledge encryption, making them gr
 
 [:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://tuta.com/support){ .card-link title=Documentation}
+[:octicons-info-16:](https://tuta.com/support){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/tutao/tutanota){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://tuta.com/community){ .card-link title=Contribute }
+[:octicons-heart-16:](https://tuta.com/community){ .card-link title="Contribute" }
 
 <details class="downloads" markdown>
 <summary>Downloads</summary>
@@ -256,9 +260,9 @@ Advanced system administrators may consider setting up their own email server. M
 **Mailcow** is a more advanced mail server perfect for those with a bit more Linux experience. It has everything you need in a Docker container: a mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support.
 
 [:octicons-home-16: Homepage](https://mailcow.email){ .md-button .md-button--primary }
-[:octicons-info-16:](https://docs.mailcow.email){ .card-link title=Documentation}
+[:octicons-info-16:](https://docs.mailcow.email){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/mailcow/mailcow-dockerized){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://servercow.de/mailcow?lang=en#sal){ .card-link title=Contribute }
+[:octicons-heart-16:](https://servercow.de/mailcow?lang=en#sal){ .card-link title="Contribute" }
 
 </div>
 
@@ -269,7 +273,7 @@ Advanced system administrators may consider setting up their own email server. M
 **Mail-in-a-Box** is an automated setup script for deploying a mail server on Ubuntu. Its goal is to make it easier for people to set up their own mail server.
 
 [:octicons-home-16: Homepage](https://mailinabox.email){ .md-button .md-button--primary }
-[:octicons-info-16:](https://mailinabox.email/guide.html){ .card-link title=Documentation}
+[:octicons-info-16:](https://mailinabox.email/guide.html){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/mail-in-a-box/mailinabox){ .card-link title="Source Code" }
 
 </div>

docs/encryption.md

@@ -25,9 +25,9 @@ The options listed here are multi-platform and great for creating encrypted back
 
 [:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://docs.cryptomator.org){ .card-link title=Documentation}
+[:octicons-info-16:](https://docs.cryptomator.org){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://cryptomator.org/donate){ .card-link title=Contribute }
+[:octicons-heart-16:](https://cryptomator.org/donate){ .card-link title="Contribute" }
 
 <details class="downloads" markdown>
 <summary>Downloads</summary>
@@ -64,7 +64,7 @@ Cryptomator's documentation details its intended [security target](https://docs.
 
 [:octicons-repo-16: Repository](https://github.com/Picocrypt/Picocrypt){ .md-button .md-button--primary }
 [:octicons-code-16:](https://github.com/Picocrypt/Picocrypt){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
+[:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title="Contribute" }
 
 <details class="downloads" markdown>
 <summary>Downloads</summary>
@@ -91,9 +91,9 @@ Cryptomator's documentation details its intended [security target](https://docs.
 **VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication.
 
 [:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
-[:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
+[:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title="Documentation" }
 [:octicons-code-16:](https://veracrypt.fr/code){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
+[:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title="Contribute" }
 
 <details class="downloads" markdown>
 <summary>Downloads</summary>
@@ -128,7 +128,7 @@ For encrypting the drive your operating system boots from, we generally recommen
 
 **BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://learn.microsoft.com/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection).
 
-[:octicons-info-16:](https://learn.microsoft.com/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
+[:octicons-info-16:](https://learn.microsoft.com/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title="Documentation" }
 
 </details>
 
@@ -186,7 +186,7 @@ Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device
 
 **FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip.
 
-[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
+[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title="Documentation" }
 
 </details>
 
@@ -203,7 +203,7 @@ We recommend storing a local recovery key in a secure place as opposed to using
 **LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers.
 
 [:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
-[:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation}
+[:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title="Documentation" }
 [:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup){ .card-link title="Source Code" }
 
 </details>
@@ -258,9 +258,9 @@ Tools with command-line interfaces are useful for integrating [shell scripts](ht
 
 [:octicons-home-16: Homepage](https://kryptor.co.uk){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://kryptor.co.uk/tutorial){ .card-link title=Documentation}
+[:octicons-info-16:](https://kryptor.co.uk/tutorial){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://kryptor.co.uk/#donate){ .card-link title=Contribute }
+[:octicons-heart-16:](https://kryptor.co.uk/#donate){ .card-link title="Contribute" }
 
 <details class="downloads" markdown>
 <summary>Downloads</summary>
@@ -282,9 +282,9 @@ Tools with command-line interfaces are useful for integrating [shell scripts](ht
 **Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://dyne.org/software/tomb/#advanced-usage).
 
 [:octicons-home-16: Homepage](https://dyne.org/software/tomb){ .md-button .md-button--primary }
-[:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation}
+[:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://dyne.org/donate){ .card-link title=Contribute }
+[:octicons-heart-16:](https://dyne.org/donate){ .card-link title="Contribute" }
 
 </details>
 
@@ -323,7 +323,7 @@ gpg --quick-gen-key alice@example.com future-default
 
 [:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
+[:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title="Documentation" }
 [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
 
 <details class="downloads" markdown>
@@ -348,9 +348,9 @@ gpg --quick-gen-key alice@example.com future-default
 
 [:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
+[:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title="Documentation" }
 [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
+[:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title="Contribute" }
 
 <details class="downloads" markdown>
 <summary>Downloads</summary>
@@ -376,11 +376,11 @@ We suggest [Canary Mail](email-clients.md#canary-mail-ios) for using PGP with em
 
 **GPG Suite** provides OpenPGP support for [Apple Mail](email-clients.md#apple-mail-macos) and macOS.
 
-We recommend taking a look at their [First steps](https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email) and [Knowledge base](https://gpgtools.tenderapp.com/kb) for support.
+We recommend taking a look at their [First steps](https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email) and [Knowledge Base](https://gpgtools.tenderapp.com/kb) for support.
 
 [:octicons-home-16: Homepage](https://gpgtools.org){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://gpgtools.org/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://gpgtools.tenderapp.com/kb){ .card-link title=Documentation}
+[:octicons-info-16:](https://gpgtools.tenderapp.com/kb){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/GPGTools){ .card-link title="Source Code" }
 
 <details class="downloads" markdown>
@@ -392,6 +392,8 @@ We recommend taking a look at their [First steps](https://gpgtools.tenderapp.com
 
 </div>
 
+Currently, GPG Suite does [not yet](https://gpgtools.com/sonoma) have a stable release for macOS Sonoma.
+
 ### OpenKeychain
 
 <div class="admonition recommendation" markdown>
@@ -402,7 +404,7 @@ We recommend taking a look at their [First steps](https://gpgtools.tenderapp.com
 
 [:octicons-home-16: Homepage](https://openkeychain.org){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://openkeychain.org/faq){ .card-link title=Documentation}
+[:octicons-info-16:](https://openkeychain.org/faq){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
 
 <details class="downloads" markdown>

docs/file-sharing.md

@@ -12,6 +12,8 @@ Discover how to privately share your files between your devices, with your frien
 
 ## File Sharing
 
+If you have already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
+
 ### Send
 
 <div class="admonition recommendation" markdown>
@@ -150,7 +152,6 @@ We don't recommend using the [E2EE App](https://apps.nextcloud.com/apps/end_to_e
 
 </div>
 
-<!-- markdownlint-disable-next-line -->
 ### Criteria
 
 **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
@@ -165,5 +166,8 @@ We don't recommend using the [E2EE App](https://apps.nextcloud.com/apps/end_to_e
 
 Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
 
-- Has mobile clients for iOS and Android, which at least support document previews.
-- Supports photo backup from iOS and Android, and optionally supports file/folder sync on Android.
+- Should have mobile clients for iOS and Android which at least support document previews.
+- Should support photo backups from iOS and Android, and optionally support file/folder sync on Android.
+
+[^1]: Proton Drive allows you to [share files or folders](https://proton.me/support/drive-shareable-link) by generating a shareable public link or sending a unique link to a designated email address. Public links can be protected with a password, set to expire, and completely revoked, while links shared via email can have custom permissions and be similarly revoked. Per Proton Drive's [privacy policy](https://proton.me/drive/privacy-policy), file contents, file and folder names, and thumbnail previews are end-to-end encrypted.
+[^2]: With a [premium](https://bitwarden.com/help/about-bitwarden-plans/#compare-personal-plans) subscription, [Bitwarden Send](https://bitwarden.com/products/send) allows you to share files and text securely with [end-to-end encryption](https://bitwarden.com/help/send-encryption). A [password](https://bitwarden.com/help/send-privacy/#send-passwords) can be required along with the Send link. Bitwarden Send also features [automatic deletion](https://bitwarden.com/help/send-lifespan).

docs/frontends.md

@@ -270,7 +270,7 @@ Piped requires JavaScript in order to function and there are a number of public
 <div class="admonition tip" markdown>
 <p class="admonition-title">Tip</p>
 
-Piped is useful if you want to use [SponsorBlock](https://sponsor.ajay.app) without installing an extension or to access age-restricted content without an account. It does not provide privacy by itself, and we don’t recommend logging into any accounts.
+Piped is useful if you want to use [SponsorBlock](https://sponsor.ajay.app) without installing an extension. It does not provide privacy by itself, and we don’t recommend logging into any accounts.
 
 </div>
 

docs/index.md

@@ -1,6 +1,6 @@
 ---
 meta_title: "Privacy Guides: Independent Privacy & Security Resources"
-description: "The most popular & trustworthy non-profit website to find privacy tools and learn about protecting your digital life. Ad & affiliate free, high quality reviews."
+description: "Privacy Guides is the most popular & trustworthy non-profit resource to find privacy tools and learn about protecting your digital life. Ad & affiliate free, high quality reviews."
 template: home.html
 social:
   cards_layout: home
@@ -14,13 +14,12 @@ schema:
     "@type": Organization
     "@id": https://www.privacyguides.org/
     name: Privacy Guides
-    url: https://www.privacyguides.org/en/about/
+    url: https://www.privacyguides.org/
     logo: https://www.privacyguides.org/en/assets/brand/logos/png/square/pg-yellow.png
     sameAs:
       - https://twitter.com/privacy_guides
       - https://github.com/privacyguides
       - https://www.wikidata.org/wiki/Q111710163
-      - https://opencollective.com/privacyguides
       - https://www.youtube.com/@privacyguides
       - https://mastodon.neat.computer/@privacyguides
   -

docs/passwords.md

@@ -189,10 +189,6 @@ Bitwarden uses [PBKDF2](https://bitwarden.com/help/kdf-algorithms/#pbkdf2) as it
 
 - [x] Select **Settings > Security > Keys > KDF algorithm > Argon2id**
 
-Bitwarden also features [Bitwarden Send](https://bitwarden.com/products/send), which allows you to share text and files securely with [end-to-end encryption](https://bitwarden.com/help/send-encryption). A [password](https://bitwarden.com/help/send-privacy/#send-passwords) can be required along with the send link. Bitwarden Send also features [automatic deletion](https://bitwarden.com/help/send-lifespan).
-
-You need the [Premium Plan](https://bitwarden.com/help/about-bitwarden-plans/#compare-personal-plans) to be able to share files. The free plan only allows text sharing.
-
 Bitwarden's server-side code is [open source](https://github.com/bitwarden/server), so if you don't want to use the Bitwarden cloud, you can easily host your own Bitwarden sync server.
 
 **Vaultwarden** is an alternative implementation of Bitwarden's sync server written in Rust and compatible with official Bitwarden clients, perfect for self-hosted deployment where running the resource-heavy official service might not be ideal. If you are looking to self-host Bitwarden on your own server, you almost certainly want to use Vaultwarden over Bitwarden's official server code.

docs/real-time-communication.md

@@ -67,6 +67,41 @@ We have some additional tips on configuring and hardening your Signal installati
 
 [Signal Configuration and Hardening :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening)
 
+#### Molly (Android)
+
+If you use Android and your threat model requires protecting against [:material-target-account: Targeted Attacks](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red  } you may consider using this alternative app, which features a number of security and usability improvements, to access the Signal network.
+
+<div class="admonition recommendation" markdown>
+
+![Molly logo](assets/img/messengers/molly.svg){ align=right }
+
+**Molly** is an alternative Signal client for Android which allows you to encrypt the local database with a passphrase at rest, to have unused RAM data securely shredded, to route your connection via Tor, and [more](https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening#privacy-and-security-features). It also has usability improvements including scheduled backups, automatic locking, and the ability to use your Android phone as a linked device instead of the primary device for a Signal account.
+
+[:octicons-home-16: Homepage](https://molly.im){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://signal.org/legal/#privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://github.com/mollyim/mollyim-android/wiki){ .card-link title="Documentation"}
+[:octicons-code-16:](https://github.com/mollyim/mollyim-android){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://opencollective.com/mollyim){ .card-link title="Contribute" }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-fdroid: F-Droid](https://molly.im/fdroid)
+- [:octicons-moon-16: Accrescent](https://accrescent.app/app/im.molly.app)
+- [:simple-github: GitHub](https://github.com/mollyim/mollyim-android/releases)
+
+</details>
+
+</div>
+
+Molly is updated every two weeks to include the latest features and bug fixes from Signal. The exception is security issues, which are patched as soon as possible. That said, you should be aware that there might be a slight delay compared to upstream, which may affect actions such as [migrating from Signal to Molly](https://github.com/mollyim/mollyim-android/wiki/Migrating-From-Signal#migrating-from-signal).
+
+Note that you are trusting multiple parties by using Molly, as you now need to trust the Signal team *and* the Molly team to deliver safe and timely updates.
+
+There is a version of Molly called **Molly-FOSS** which removes proprietary code like the Google services used by both Signal and Molly, at the expense of some features like push notifications. There is also a version called [**Molly-UP**](https://github.com/mollyim/mollyim-android#unifiedpush) which is based on Molly-FOSS and adds back support for push notifications with UnifiedPush, but it requires self-hosting a program on a separate computer to function. All three versions of Molly provide the same security improvements.
+
+Molly and Molly-FOSS support [reproducible builds](https://github.com/mollyim/mollyim-android/tree/main/reproducible-builds), meaning it's possible to confirm that the compiled APKs match the source code.
+
 ### SimpleX Chat
 
 <div class="admonition recommendation" markdown>
@@ -234,12 +269,12 @@ Session has a [whitepaper](https://arxiv.org/pdf/2002.04609.pdf) describing the
 
 Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
 
-- Supports Forward Secrecy[^1]
+- Supports forward secrecy[^1]
 - Supports Future Secrecy (Post-Compromise Security)[^2]
 - Has open-source servers.
 - Decentralized, i.e. [federated or P2P](advanced/communication-network-types.md).
 - Uses E2EE for all messages by default.
 - Supports Linux, macOS, Windows, Android, and iOS.
 
-[^1]: [Forward Secrecy](https://en.wikipedia.org/wiki/Forward_secrecy) is where keys are rotated very frequently, so that if the current encryption key is compromised, it does not expose **past** messages as well.
+[^1]: [Forward secrecy](https://en.wikipedia.org/wiki/Forward_secrecy) is where keys are rotated very frequently, so that if the current encryption key is compromised, it does not expose **past** messages as well.
 [^2]: Future Secrecy (or Post-Compromise Security) is a feature where an attacker is prevented from decrypting **future** messages after compromising a private key, unless they compromise more session keys in the future as well. This effectively forces the attacker to intercept all communication between parties, since they lose access as soon as a key exchange occurs that is not intercepted.

mkdocs.blog.yml

@@ -117,7 +117,7 @@ theme:
     - search.highlight
 
 extra_css:
-  - assets/stylesheets/extra.css?v=20240802
+  - assets/stylesheets/extra.css?v=20240829
 
 watch:
   - theme

mkdocs.yml

@@ -445,6 +445,7 @@ nav:
       - "about/donate.md"
       - "about/contributors.md"
       - "about/criteria.md"
+      - "about/executive-policy.md"
       - "about/notices.md"
       - "about/privacy-policy.md"
       - "about/jobs.md"
@@ -452,7 +453,6 @@ nav:
           - !ENV [NAV_ONLINE_SERVICES, "Online Services"]: "about/services.md"
           - !ENV [NAV_CODE_OF_CONDUCT, "Code of Conduct"]: "CODE_OF_CONDUCT.md"
           - "about/statistics.md"
-          - "about/privacytools.md"
       - !ENV [NAV_CONTRIBUTING, "Contributing"]:
           - !ENV [NAV_WRITING_GUIDE, "Writing Guide"]:
               - "meta/writing-style.md"
@@ -471,3 +471,5 @@ nav:
 validation:
   nav:
     not_found: info
+    omitted_files: ignore
+    absolute_links: ignore

theme/assets/img/cryptocurrency/proton-wallet.svg

@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg width="100%" height="100%" viewBox="0 0 128 128" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve" xmlns:serif="http://www.serif.com/" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linejoin:round;stroke-miterlimit:2;">
+    <g transform="matrix(4.57144,0,0,4.57144,0,-18.942)">
+        <path d="M0.004,27.272C0.004,28.904 1.327,30.226 2.958,30.226L25.046,30.226C26.677,30.226 28,28.904 28,27.272L28,17.818C28,11.291 22.709,6 16.182,6L2.958,6C1.327,6 0.004,7.323 0.004,8.954L0.004,18.263L5.84,18.263C7.945,18.263 9.651,20.086 9.651,22.335C9.651,24.583 7.945,26.406 5.84,26.406L0.004,26.406L0.004,27.272Z" style="fill:url(#_Linear1);fill-rule:nonzero;"/>
+        <path d="M5.546,20.181C6.743,20.181 7.713,21.151 7.713,22.348C7.713,23.544 6.743,24.514 5.546,24.514C4.35,24.514 3.38,23.544 3.38,22.348C3.38,21.151 4.35,20.181 5.546,20.181Z" style="fill:url(#_Linear2);fill-rule:nonzero;"/>
+        <path d="M0,27.333C0,28.964 1.323,30.287 2.954,30.287L22.091,30.287L22.091,18.863C22.091,13.968 18.123,10 13.228,10L0,10L0,18.263L5.84,18.263C7.945,18.263 9.651,20.086 9.651,22.335C9.651,24.583 7.945,26.406 5.84,26.406L0,26.406L0,27.333Z" style="fill:rgb(109,74,255);fill-rule:nonzero;"/>
+        <path d="M0,27.333C0,28.964 1.323,30.287 2.954,30.287L22.091,30.287L22.091,18.863C22.091,13.968 18.123,10 13.228,10L0,10L0,18.263L5.84,18.263C7.945,18.263 9.651,20.086 9.651,22.335C9.651,24.583 7.945,26.406 5.84,26.406L0,26.406L0,27.333Z" style="fill:url(#_Linear3);fill-rule:nonzero;"/>
+        <path d="M5.546,20.181C6.743,20.181 7.713,21.151 7.713,22.348C7.713,23.544 6.743,24.514 5.546,24.514C4.35,24.514 3.38,23.544 3.38,22.348C3.38,21.151 4.35,20.181 5.546,20.181Z" style="fill:rgb(109,74,255);fill-rule:nonzero;"/>
+        <path d="M5.546,20.181C6.743,20.181 7.713,21.151 7.713,22.348C7.713,23.544 6.743,24.514 5.546,24.514C4.35,24.514 3.38,23.544 3.38,22.348C3.38,21.151 4.35,20.181 5.546,20.181Z" style="fill:url(#_Linear4);fill-rule:nonzero;"/>
+        <path d="M8.625,25.114C7.929,25.909 6.939,26.406 5.84,26.406L0,26.406L0,27.272C0,28.903 1.323,30.226 2.954,30.226L4.19,30.226L8.698,25.105L8.625,25.114Z" style="fill:rgb(255,187,147);fill-rule:nonzero;"/>
+    </g>
+    <defs>
+        <linearGradient id="_Linear1" x1="0" y1="0" x2="1" y2="0" gradientUnits="userSpaceOnUse" gradientTransform="matrix(34.6373,13.4926,-13.4926,34.6373,-3.51386,8.81943)"><stop offset="0" style="stop-color:rgb(149,122,253);stop-opacity:1"/><stop offset="1" style="stop-color:rgb(255,198,198);stop-opacity:1"/></linearGradient>
+        <linearGradient id="_Linear2" x1="0" y1="0" x2="1" y2="0" gradientUnits="userSpaceOnUse" gradientTransform="matrix(34.6373,13.4926,-13.4926,34.6373,-3.51386,8.81943)"><stop offset="0" style="stop-color:rgb(149,122,253);stop-opacity:1"/><stop offset="1" style="stop-color:rgb(255,198,198);stop-opacity:1"/></linearGradient>
+        <linearGradient id="_Linear3" x1="0" y1="0" x2="1" y2="0" gradientUnits="userSpaceOnUse" gradientTransform="matrix(-10.7436,21.8612,-21.8612,-10.7436,20.8426,13.1146)"><stop offset="0" style="stop-color:rgb(250,82,142);stop-opacity:0"/><stop offset="0.15" style="stop-color:rgb(250,82,142);stop-opacity:0"/><stop offset="0.72" style="stop-color:rgb(255,128,101);stop-opacity:0.9"/><stop offset="1" style="stop-color:rgb(255,165,31);stop-opacity:0.9"/></linearGradient>
+        <linearGradient id="_Linear4" x1="0" y1="0" x2="1" y2="0" gradientUnits="userSpaceOnUse" gradientTransform="matrix(-10.7436,21.8612,-21.8612,-10.7436,20.8426,13.1146)"><stop offset="0" style="stop-color:rgb(250,82,142);stop-opacity:0"/><stop offset="0.15" style="stop-color:rgb(250,82,142);stop-opacity:0"/><stop offset="0.72" style="stop-color:rgb(255,128,101);stop-opacity:0.9"/><stop offset="1" style="stop-color:rgb(255,165,31);stop-opacity:0.9"/></linearGradient>
+    </defs>
+</svg>

theme/assets/stylesheets/extra.css

@@ -522,3 +522,8 @@ path[d="M20.71 7.04c.39-.39.39-1.04 0-1.41l-2.34-2.34c-.37-.39-1.02-.39-1.41 0l-
     width: 100%;
     padding: 1em !important;
 }
+
+.pg-proconlist {
+    list-style-type: disc;
+    padding-inline-start: 1em;
+}

theme/blog-post.html

@@ -0,0 +1,314 @@
+<!--
+  Copyright (c) 2024 Jonah Aragon <jonah@triplebit.net>
+  Copyright (c) 2016-2024 Martin Donath <martin.donath@squidfunk.com>
+
+  Permission is hereby granted, free of charge, to any person obtaining a copy
+  of this software and associated documentation files (the "Software"), to
+  deal in the Software without restriction, including without limitation the
+  rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+  sell copies of the Software, and to permit persons to whom the Software is
+  furnished to do so, subject to the following conditions:
+
+  The above copyright notice and this permission notice shall be included in
+  all copies or substantial portions of the Software.
+
+  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+  FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
+  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+  FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+  IN THE SOFTWARE.
+-->
+
+{% extends "main.html" %}
+
+{% import "partials/nav-item.html" as item with context %}
+
+<!-- Page content -->
+{% block container %}
+  <div class="md-content md-content--post" data-md-component="content" itemscope itemtype="https://schema.org/Article">
+    <meta itemprop="headline" content="{{ page.title | striptags }}" />
+    <meta itemprop="isAccessibleForFree" content="True" />
+    <meta itemprop="isFamilyFriendly" content="True" />
+    {% if config.theme.language == "en" %}
+      <meta itemprop="inLanguage" content="en-US" />
+    {% endif %}
+    <span itemprop="publisher" itemscope itemtype="https://schema.org/Organization">
+      <meta itemprop="name" content="Privacy Guides" />
+      <meta itemprop="url" content="https://www.privacyguides.org/" />
+      <meta itemprop="sameAs" content="https://mastodon.neat.computer/@privacyguides" />
+      <meta itemprop="sameAs" content="https://twitter.com/privacy_guides" />
+      <meta itemprop="sameAs" content="https://github.com/privacyguides" />
+      <span itemprop="logo" itemscope itemtype="https://schema.org/ImageObject">
+        <meta itemprop="url" content="https://www.privacyguides.org/en/assets/brand/logos/png/square/pg-yellow.png" />
+        <meta itemprop="width" content="512" />
+        <meta itemprop="height" content="512" />
+      </span>
+    </span>
+    <link itemprop="publishingPrinciples" href="https://www.privacyguides.org/en/about/criteria/" />
+
+    <!-- Sidebar -->
+    <div
+      class="md-sidebar md-sidebar--post"
+      data-md-component="sidebar"
+      data-md-type="navigation"
+    >
+      <div class="md-sidebar__scrollwrap">
+        <div class="md-sidebar__inner md-post">
+          <nav class="md-nav md-nav--primary">
+
+            <!-- Back to overview link -->
+            <div class="md-post__back">
+              <div class="md-nav__title md-nav__container">
+                <a href="{{ page.parent.url | url }}" class=" md-nav__link">
+                  {% include ".icons/material/arrow-left.svg" %}
+                  <span class="md-ellipsis">
+                    {{ lang.t("blog.index") }}
+                  </span>
+                </a>
+              </div>
+            </div>
+
+            <!-- Post authors -->
+            {% if page.authors %}
+              <div class="md-post__authors md-typeset">
+                {% for author in page.authors %}
+                  <div class="md-profile md-post__profile" itemprop="author" itemscope itemtype="https://schema.org/{{ author.type | default('Person') }}">
+                    <span class="md-author md-author--long">
+                      <img src="{{ author.avatar | url }}" alt="{{ author.name }}" />
+                    </span>
+                    <span class="md-profile__description">
+                      <strong>
+                        {% if author.url %}
+                          <a itemprop="url" href="{{ author.url | url }}"><span itemprop="name">{{ author.name }}</span></a>
+                        {% else %}
+                          <span itemprop="name">{{ author.name }}</span>
+                        {% endif %}
+                      </strong>
+                      <br />
+                      <span {% if author.type is not defined -%}itemprop="jobTitle"{%- endif -%}>{{ author.description }}</span>
+                    </span>
+                  </div>
+                {% endfor %}
+              </div>
+            {% endif %}
+
+            <!-- Post metadata -->
+            <ul class="md-post__meta md-nav__list">
+              <li class="md-nav__item md-nav__item--section">
+                <div class="md-post__title">
+                  <span class="md-ellipsis">
+                    {{ lang.t("blog.meta") }}
+                  </span>
+                </div>
+                <nav class="md-nav">
+                  <ul class="md-nav__list">
+
+                    <!-- Post date -->
+                    <li class="md-nav__item">
+                      <div class="md-nav__link" title="Date published">
+                        {% include ".icons/material/calendar.svg" %}
+                        <time
+                          datetime="{{ page.config.date.created }}"
+                          class="md-ellipsis"
+                          itemprop="datePublished"
+                        >
+                          {{- page.config.date.created | date -}}
+                        </time>
+                      </div>
+                    </li>
+
+                    <!-- Post date updated -->
+                    {% if page.config.date.updated %}
+                      <li class="md-nav__item">
+                        <div class="md-nav__link" title="Date last updated">
+                          {% include ".icons/material/calendar-clock.svg" %}
+                          <time
+                            datetime="{{ page.config.date.updated }}"
+                            class="md-ellipsis"
+                            itemprop="dateModified"
+                          >
+                            {{- page.config.date.updated | date -}}
+                          </time>
+                        </div>
+                      </li>
+                    {% endif %}
+
+                    <!-- Post categories -->
+                    {% if page.categories %}
+                      <li class="md-nav__item">
+                        <div class="md-nav__link">
+                          {% include ".icons/material/bookshelf.svg" %}
+                          <span class="md-ellipsis">
+                            {{ lang.t("blog.categories.in") }}
+                            {% for category in page.categories %}
+                              <a href="{{ category.url | url }}">
+                                {{- category.title -}}
+                              </a>
+                              {%- if loop.revindex > 1 %}, {% endif -%}
+                            {% endfor -%}
+                          </span>
+                        </div>
+                      </li>
+                    {% endif %}
+
+                    <!-- Post readtime -->
+                    {% if page.config.readtime %}
+                      {% set time = page.config.readtime %}
+                      <li class="md-nav__item">
+                        <div class="md-nav__link">
+                          {% include ".icons/material/clock-outline.svg" %}
+                          <span class="md-ellipsis" itemprop="timeRequired">
+                            {% if time == 1 %}
+                              {{ lang.t("readtime.one") }}
+                            {% else %}
+                              {{ lang.t("readtime.other") | replace("#", time) }}
+                            {% endif %}
+                          </span>
+                        </div>
+                      </li>
+                    {% endif %}
+                  </ul>
+                </nav>
+              </li>
+            </ul>
+
+            <!-- Related links -->
+            {% if page.config.links %}
+              <ul class="md-post__meta md-nav__list">
+                <li class="md-nav__item md-nav__item--section">
+                  <div class="md-post__title">
+                    <span class="md-ellipsis">
+                      {{ lang.t("blog.references") }}
+                    </span>
+                  </div>
+
+                  <!-- Render related links -->
+                  <nav class="md-nav">
+                    <ul class="md-nav__list">
+                      {% for nav_item in page.config.links %}
+                        {% set path = "__ref_" ~ loop.index %}
+                        {{ item.render(nav_item, path, 1) }}
+                      {% endfor %}
+                    </ul>
+                  </nav>
+                </li>
+              </ul>
+            {% endif %}
+
+            <!-- Product review information -->
+            {% if page.meta.review %}
+              <ul class="md-post__meta md-nav__list" itemprop="about" itemscope itemtype="https://schema.org/{{ page.meta.review.type }}">
+                <meta itemprop="applicationCategory" content="{{ page.meta.review.category }}" />
+                <meta itemprop="applicationSubCategory" content="{{ page.meta.review.subcategory }}" />
+                <li class="md-nav__item md-nav__item--section">
+                  <div class="md-post__title">
+                    <span class="md-ellipsis">
+                      <span itemprop="name">{{ page.meta.review.name }}</span> summary
+                    </span>
+                    <meta itemprop="alternateName" content="{{ page.meta.review.alternateName }}" />
+                  </div>
+                  <div class="md-nav">
+                    <ul class="md-nav__list" itemprop="review" itemscope itemtype="https://schema.org/Review">
+                      <li class="md-nav__item">
+                        <span itemprop="reviewRating" itemscope itemtype="https://schema.org/Rating">
+                          <meta itemprop="bestRating" content="5" />
+                          <meta itemprop="worstRating" content="0.5" />
+                          <span class="md-nav__link" itemprop="ratingValue" content="{{ page.meta.review.rating }}" title="Rating: {{ page.meta.review.rating }} / 5">
+                            {% for i in range(1, 6) %}
+                              {% if i <= page.meta.review.rating %}
+                                {% include ".icons/material/star.svg" %}
+                              {% else %}
+                                {% if i - 0.5 == page.meta.review.rating %}
+                                  {% include ".icons/material/star-half-full.svg" %}
+                                {% else %}
+                                  {% include ".icons/material/star-outline.svg" %}
+                                {% endif %}
+                              {% endif %}
+                            {% endfor %}
+                          </span>
+                        </span>
+                        {% if page.authors %}
+                          <span itemprop="author" itemscope itemtype="https://schema.org/Person">
+                            {% set reviewAuthor = page.authors[0] %}
+                            <meta itemprop="name" content="{{ reviewAuthor.name }}" />
+                            <meta itemprop="url" content="{{ reviewAuthor.url | url }}" />
+                          </span>
+                        {% endif %}
+                      </li>
+                      <li class="md-nav__item">
+                        <span class="md-nav__link">
+                          <span itemprop="positiveNotes" itemscope itemtype="https://schema.org/ItemList">
+                            <strong itemprop="name">Pros:</strong>
+                            <span>
+                              <ul class="pg-proconlist">
+                                {% for pro in page.meta.review.pros %}
+                                  <li itemprop="itemListElement">{{ pro }}</li>
+                                {% endfor %}
+                              </ul>
+                            </span>
+                          </span>
+                        </span>
+                      </li>
+                      <li class="md-nav__item">
+                        <span class="md-nav__link">
+                          <span itemprop="negativeNotes" itemscope itemtype="https://schema.org/ItemList">
+                            <strong itemprop="name">Cons:</strong>
+                            <span>
+                              <ul class="pg-proconlist">
+                                {% for con in page.meta.review.cons %}
+                                  <li itemprop="itemListElement">{{ con }}</li>
+                                {% endfor %}
+                              </ul>
+                            </span>
+                          </span>
+                        </span>
+                      </li>
+                    </ul>
+                    <ul class="md-nav__list">
+                      <li class="md-nav__item">
+                        <span class="md-nav__link">
+                          <span itemprop="offers" itemscope itemtype="https://schema.org/Offer">
+                            <strong>Price:</strong>
+                            {% if page.meta.review.price == 0 %}
+                              <span itemprop="price" content="0">Free</span>
+                            {% else %}
+                            <span itemprop="priceCurrency" content="USD">$</span><span itemprop="price" content="{{ page.meta.review.price }}">{{ page.meta.review.price }}</span>
+                            {% endif %}
+                            {% if page.meta.review.period %}
+                              / {{ page.meta.review.period }}
+                            {% endif %}
+                          </span>
+                        </span>
+                      </li>
+                      <li class="md-nav__item">
+                        <span class="md-nav__link">
+                          <a itemprop="url" href="{{ page.meta.review.website }}"><em>{{ page.meta.review.website.rpartition("//")[-1].partition("/")[0] }}</em></a>
+                        </span>
+                      </li>
+                    </ul>
+                  </div>
+                </li>
+              </ul>
+            {% endif %}
+          </nav>
+
+
+
+          <!-- Table of contents, if integrated -->
+          {% if "toc.integrate" in features %}
+            {% include "partials/toc.html" %}
+          {% endif %}
+        </div>
+      </div>
+    </div>
+
+    <!-- Page content -->
+    <article class="md-content__inner md-typeset">
+      {% block content %}
+        {% include "partials/content.html" %}
+      {% endblock %}
+    </article>
+  </div>
+{% endblock %}

theme/layouts/blog.yml

@@ -8,6 +8,16 @@ definitions:
   - &page_description >-
     {{ page.meta.get("description", config.site_description) or "" }}
 
+  - &page_logo >-
+    {% if page.meta.preview and page.meta.preview.logo %}
+      {{- page.meta.preview.logo -}}
+    {% endif %}
+
+  - &page_icon >-
+    {%- if not page.meta.preview or not page.meta.preview.logo -%}
+      material/book-open-page-variant
+    {%- endif -%}
+
   - &logo >-
     theme/assets/brand/logos/svg/logo/privacy-guides-logo-notext-colorbg.svg
 
@@ -72,11 +82,19 @@ layers:
   - background:
       color: "#FFD06F"
 
+  - size: { width: 512, height: 512 }
+    offset: { x: 600, y: 59 }
+    background:
+      image: *page_logo
+
+  - background:
+      color: "#FFD06F99"
+
   # Page icon
   - size: { width: 630, height: 630 }
     offset: { x: 570, y: 0 }
     icon:
-      value: material/book-open-page-variant
+      value: *page_icon
       color: "#00000033"
 
   # Logo

theme/main.html

@@ -26,8 +26,6 @@
     <meta name="viewport" content="width=device-width,initial-scale=1">
     {% if page.meta and page.meta.description %}
     <meta name="description" content="{{ page.meta.description }}">
-    {% elif config.site_description %}
-    <meta name="description" content="{{ config.site_description }}">
     {% endif %}
     {% if page.meta and page.meta.author %}
     <meta name="author" content="{{ page.meta.author }}">

theme/partials/content.html

@@ -24,7 +24,7 @@
 
 {% if page and page.meta and page.meta.cover %}
   <div class="cover center-cropped">
-      <img src="{{ 'assets/img/cover/' | url }}{{ page.meta.cover }}" alt="">
+      <img itemprop="image" src="{{ 'assets/img/cover/' | url }}{{ page.meta.cover }}" alt="">
   </div>
   <h1>{{ page.title | d(config.site_name, true)}}</h1>
 {% endif %}
@@ -40,7 +40,9 @@
 {% endif %}
 
 <!-- Page content -->
+<div itemprop="articleBody">
 {{ page.content }}
+</div>
 
 <!-- Source file information -->
 {% include "partials/source-file.html" %}