Merge branch 'main' into send-and-instances

Signed-off-by: redoomed1 <redoomed1@privacyguides.org>

.devcontainer/Caddyfile

@@ -1,6 +0,0 @@
-:1337 {
-	reverse_proxy /articles/* http://127.0.0.1:8001
-	reverse_proxy /videos/* http://127.0.0.1:8002
-	reverse_proxy /en/* http://127.0.0.1:8000
-	redir / /en/
-}

.devcontainer/devcontainer.json

@@ -1,131 +1,8 @@
-// For format details, see https://aka.ms/devcontainer.json.
+// For format details, see https://aka.ms/devcontainer.json. For config options, see the
+// README at: https://github.com/devcontainers/templates/tree/main/src/python
 {
-  "name": "Privacy Guides",
-  "image": "ghcr.io/privacyguides/privacyguides.org:sha-750239d",
-  "overrideCommand": true,
-  "portsAttributes": {
-    "1337": {
-      "label": "Website Live Preview",
-      "onAutoForward": "notify"
-    },
-    "8000": {
-      "label": "Main",
-      "onAutoForward": "silent"
-    },
-    "8001": {
-      "label": "Articles",
-      "onAutoForward": "silent"
-    },
-    "8002": {
-      "label": "Videos",
-      "onAutoForward": "silent"
-    }
-  },
-  "otherPortsAttributes": {
-    "onAutoForward": "ignore"
-  },
-  "mounts": [
-    "source=${env:HOME}${env:USERPROFILE}/.config,target=/root/.config,type=bind"
-  ],
-  "updateContentCommand": "git submodule update --init theme/assets/brand",
-  "customizations": {
-    "vscode": {
-      "settings": {
-        "tasks": {
-          "version": "2.0.0",
-          "tasks": [
-            {
-              "label": "Articles",
-              "type": "shell",
-              "command": "mkdocs serve --config-file=mkdocs.blog.yml --dev-addr=localhost:8001",
-              "group": "test",
-              "runOptions": {
-                "runOn": "folderOpen"
-              },
-              "presentation": {
-                "reveal": "always",
-                "panel": "dedicated",
-                "group": "Live server"
-              }
-            },
-            {
-              "label": "Videos",
-              "type": "shell",
-              "command": "mkdocs serve --config-file=mkdocs.videos.yml --dev-addr=localhost:8002",
-              "group": "test",
-              "runOptions": {
-                "runOn": "folderOpen"
-              },
-              "presentation": {
-                "reveal": "always",
-                "panel": "dedicated",
-                "group": "Live server"
-              }
-            },
-            {
-              "label": "Main",
-              "type": "shell",
-              "command": "./run.sh --cmd=mkdocs --insiders --production",
-              "group": "test",
-              "runOptions": {
-                "runOn": "folderOpen"
-              },
-              "presentation": {
-                "reveal": "always",
-                "panel": "dedicated",
-                "group": "Live server",
-                "focus": true
-              }
-            },
-            {
-              "label": "Caddy",
-              "type": "shell",
-              "command": "caddy run --config .devcontainer/Caddyfile",
-              "group": "test",
-              "runOptions": {
-                "runOn": "folderOpen"
-              },
-              "presentation": {
-                "reveal": "never",
-                "panel": "dedicated"
-              }
-            }
-          ]
-        }
-      },
-      "extensions": [
-        "EditorConfig.EditorConfig",
-        "DavidAnson.vscode-markdownlint",
-        "wholroyd.jinja",
-        "mikestead.dotenv",
-        "redhat.vscode-yaml",
-        "ecmel.vscode-html-css",
-        "yzhang.markdown-all-in-one",
-        "bierner.markdown-checkbox",
-        "bierner.markdown-emoji",
-        "bierner.markdown-footnotes",
-        "bierner.markdown-preview-github-styles",
-        "esbenp.prettier-vscode",
-        "ltex-plus.vscode-ltex-plus",
-        "ms-python.python",
-        "github.vscode-github-actions",
-        "matthewpi.caddyfile-support",
-        "ms-vsliveshare.vsliveshare"
-      ]
-    },
-    "codespaces": {
-      "repositories": {
-        "privacyguides/mkdocs-material-insiders": {
-          "permissions": {
-            "content": "read"
-          }
-        },
-        "privacyguides/brand": {
-          "permissions": {
-            "content": "read"
-          }
-        }
-      }
-    }
-  }
+	"name": "Privacy Guides",
+	"image": "ghcr.io/squidfunk/mkdocs-material:9.5.17",
+	"forwardPorts": [8000],
+  "postCreateCommand": "git submodule init; git submodule update theme/assets/brand; apk add bash; /bin/bash run.sh --cmd=mkdocs --cmd_flags=--dev-addr=0.0.0.0:8000"
 }

.devcontainer/team/devcontainer.json

@@ -0,0 +1,8 @@
+// For format details, see https://aka.ms/devcontainer.json. For config options, see the
+// README at: https://github.com/devcontainers/templates/tree/main/src/python
+{
+	"name": "Privacy Guides Team",
+	"image": "ghcr.io/privacyguides/privacyguides.org:main",
+	"forwardPorts": [8000],
+  "postCreateCommand": "git submodule init; git submodule update theme/assets/brand; ./run.sh --cmd=mkdocs --insiders --production --cmd_flags=--dev-addr=0.0.0.0:8000"
+}

.github/workflows/build-blog.yml

@@ -82,18 +82,6 @@ jobs:
           pip install mkdocs-material mkdocs-rss-plugin mkdocs-glightbox mkdocs-macros-plugin
           sudo apt install pngquant
 
-      - name: Set base navigation URLs for production build
-        if: inputs.context == 'production'
-        run: |
-          {
-            echo "MAIN_SITE_BASE_URL=https://www.privacyguides.org/en/"
-            echo "MAIN_SITE_ABOUT_URL=https://www.privacyguides.org/en/about/"
-            echo "MAIN_SITE_RECOMMENDATIONS_URL=https://www.privacyguides.org/en/tools/"
-            echo "MAIN_SITE_KNOWLEDGE_BASE_URL=https://www.privacyguides.org/en/basics/why-privacy-matters/"
-            echo "ARTICLES_SITE_BASE_URL=https://www.privacyguides.org/articles/"
-            echo "VIDEOS_SITE_BASE_URL=https://www.privacyguides.org/videos/"
-          } >> "$GITHUB_ENV"
-
       - name: Build Website (Privileged)
         if: inputs.privileged
         run: |

.github/workflows/build-container.yml

@@ -1,7 +1,9 @@
 name: ☁️ Build Container
 
-# Configures this workflow to run every release.
+# Configures this workflow to run every time a change is pushed to the branch called `release`.
 on:
+  push:
+    branches: ["main"]
   release:
     types: [published]
   workflow_dispatch:
@@ -73,12 +75,6 @@ jobs:
           flavor: |
             latest=${{ github.event_name == 'release' }}
 
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
       # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages.
       # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository.
       # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step.
@@ -89,9 +85,6 @@ jobs:
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
-          platforms: linux/amd64,linux/arm64
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
 
   cleanup:
     if: ${{ always() }}

.github/workflows/build-videos.yml

@@ -82,18 +82,6 @@ jobs:
           pip install mkdocs-material mkdocs-rss-plugin mkdocs-glightbox mkdocs-macros-plugin
           sudo apt install pngquant
 
-      - name: Set base navigation URLs for production build
-        if: inputs.context == 'production'
-        run: |
-          {
-            echo "MAIN_SITE_BASE_URL=https://www.privacyguides.org/en/"
-            echo "MAIN_SITE_ABOUT_URL=https://www.privacyguides.org/en/about/"
-            echo "MAIN_SITE_RECOMMENDATIONS_URL=https://www.privacyguides.org/en/tools/"
-            echo "MAIN_SITE_KNOWLEDGE_BASE_URL=https://www.privacyguides.org/en/basics/why-privacy-matters/"
-            echo "ARTICLES_SITE_BASE_URL=https://www.privacyguides.org/articles/"
-            echo "VIDEOS_SITE_BASE_URL=https://www.privacyguides.org/videos/"
-          } >> "$GITHUB_ENV"
-
       - name: Build Website (Privileged)
         if: inputs.privileged
         run: |

.github/workflows/build.yml

@@ -57,18 +57,6 @@ jobs:
             echo "EXTRA_FLAGS=""$EXTRA_FLAGS" --production""
           } >> "$GITHUB_ENV"
 
-      - name: Set base navigation URLs for production build
-        if: inputs.context == 'production'
-        run: |
-          {
-            echo "MAIN_SITE_BASE_URL=https://www.privacyguides.org/en/"
-            echo "MAIN_SITE_ABOUT_URL=https://www.privacyguides.org/en/about/"
-            echo "MAIN_SITE_RECOMMENDATIONS_URL=https://www.privacyguides.org/en/tools/"
-            echo "MAIN_SITE_KNOWLEDGE_BASE_URL=https://www.privacyguides.org/en/basics/why-privacy-matters/"
-            echo "ARTICLES_SITE_BASE_URL=https://www.privacyguides.org/articles/"
-            echo "VIDEOS_SITE_BASE_URL=https://www.privacyguides.org/videos/"
-          } >> "$GITHUB_ENV"
-
       - name: Set Metadata for Privileged Builds
         if: inputs.privileged
         run: |

.github/workflows/publish-immediate.yml

@@ -59,7 +59,6 @@ jobs:
       repo: ${{ github.repository }}
       ref: ${{ github.ref }}
       continue-on-error: false
-      context: production
 
   build_videos:
     needs: submodule
@@ -70,7 +69,6 @@ jobs:
       repo: ${{ github.repository }}
       ref: ${{ github.ref }}
       continue-on-error: false
-      context: production
 
   deploy:
     needs: [build_blog, build_videos]

.github/workflows/publish-release.yml

@@ -75,7 +75,6 @@ jobs:
       repo: ${{ github.repository }}
       ref: ${{ github.ref }}
       continue-on-error: false
-      context: production
 
   build_videos:
     needs: submodule
@@ -86,7 +85,6 @@ jobs:
       repo: ${{ github.repository }}
       ref: ${{ github.ref }}
       continue-on-error: false
-      context: production
 
   release:
     name: Create release notes

.gitmodules

@@ -3,4 +3,4 @@
 	url = https://github.com/privacyguides/brand.git
 [submodule "modules/mkdocs-material"]
 	path = modules/mkdocs-material
-	url = https://github.com/privacyguides/mkdocs-material-insiders.git
+	url = git@github.com:privacyguides/mkdocs-material-insiders.git

.vscode/extensions.json

@@ -27,15 +27,11 @@
     "redhat.vscode-yaml",
     "ecmel.vscode-html-css",
     "yzhang.markdown-all-in-one",
+    "valentjn.vscode-ltex",
     "bierner.markdown-checkbox",
     "bierner.markdown-emoji",
     "bierner.markdown-footnotes",
     "bierner.markdown-preview-github-styles",
-    "esbenp.prettier-vscode",
-    "ltex-plus.vscode-ltex-plus",
-    "ms-python.python",
-    "github.vscode-github-actions",
-    "ms-vscode-remote.remote-containers",
-    "github.codespaces"
+    "esbenp.prettier-vscode"
   ]
 }

.vscode/ltex.dictionary.en-US.txt

@@ -562,10 +562,3 @@ unlinkability
 Kagi
 Secureblue
 pseudonymity
-TrueNAS
-Arti
-Tailscale
-allowlisted
-MyMonero
-Monero-LWS
-OkCupid

Dockerfile

@@ -1,69 +1,72 @@
-FROM python:3.12-bookworm AS base
+FROM python:3.13-alpine as base
 
 LABEL org.opencontainers.image.source="https://github.com/privacyguides/privacyguides.org"
 
-# Setup environment
-ENV LANG=C.UTF-8
-ENV LC_ALL=C.UTF-8
-ENV PYTHONDONTWRITEBYTECODE=1
-ENV PYTHONFAULTHANDLER=1
+# Setup env
+ENV LANG C.UTF-8
+ENV LC_ALL C.UTF-8
+ENV PYTHONDONTWRITEBYTECODE 1
+ENV PYTHONFAULTHANDLER 1
 
-####################################################
-# Stage: python-deps
-# Install pipenv and compilation dependencies
-####################################################
 FROM base AS python-deps
 
-# Install pipenv
-RUN pip install --no-cache-dir pipenv
+# Install pipenv and compilation dependencies
+RUN pip install pipenv
+RUN \
+  apk upgrade --update-cache -a \
+&& \
+  apk add --no-cache \
+    gcc \
+    libffi-dev \
+    musl-dev
 
-# Install build tools and libraries needed to compile any Python packages
-RUN apt-get update && \
-    apt-get install -y --no-install-recommends \
-      gcc \
-      libffi-dev \
-      build-essential \
-    && rm -rf /var/lib/apt/lists/*
-
-# Copy Pipfile, Pipfile.lock, and any local modules needed for dependency resolution
+# Install python dependencies in /.venv
 COPY modules/mkdocs-material ./modules/mkdocs-material
 COPY Pipfile .
 COPY Pipfile.lock .
-
-# Install all Python dependencies into a project‐local virtual environment at /.venv
 RUN PIPENV_VENV_IN_PROJECT=1 pipenv install --deploy
 
-####################################################
-# Stage: runtime
-# Install runtime dependencies and copy runtime artifacts
-####################################################
 FROM base AS runtime
 
-# Install runtime packages (GTK/Cairo, image processing libraries, Git, etc.)
-RUN apt-get update && \
-    apt-get install -y --no-install-recommends \
-      libcairo2-dev \
-      libfreetype6-dev \
-      git \
-      libjpeg-dev \
-      libpng-dev \
-      openssh-client \
-      pngquant \
-      tini \
-      zlib1g-dev \
-      libffi-dev \
-      bash \
-      caddy \
-    && rm -rf /var/lib/apt/lists/*
+# Install runtime dependencies
+RUN \
+  apk upgrade --update-cache -a \
+&& \
+  apk add --no-cache \
+    cairo \
+    freetype-dev \
+    git \
+    git-fast-import \
+    jpeg-dev \
+    openssh \
+    pngquant \
+    tini \
+    zlib-dev \
+    libffi-dev \
+    musl-dev \
+    bash
 
-# Copy virtual environment and local mkdocs-material module from python-deps stage
+# Copy virtual env from python-deps stage
 COPY --from=python-deps /.venv /.venv
 COPY --from=python-deps /modules/mkdocs-material /modules/mkdocs-material
-
-# Ensure the virtual environment’s bin directory is first in PATH
 ENV PATH="/.venv/bin:$PATH"
 
+# Create and switch to a new user
+RUN mkdir /site
+WORKDIR /site
+
+COPY docs docs
+COPY theme theme
+COPY includes includes
+COPY *.yml .
+COPY .cache/plugin/social/fonts .cache/plugin/social/fonts
+COPY run.sh .
+
+EXPOSE 8000
+
+ENV MKDOCS_INHERIT mkdocs-production.yml
+
 HEALTHCHECK NONE
 
-# Entry point script and default cmd for running mkdocs
-ENTRYPOINT ["/bin/bash"]
+ENTRYPOINT ["./run.sh"]
+CMD ["--cmd=mkdocs", "--insiders", "--cmd_flags=--dev-addr=0.0.0.0:8000"]

Pipfile.lock

@@ -41,11 +41,11 @@
                 "filecache"
             ],
             "hashes": [
-                "sha256:73e7efec4b06b20d9267b441c1f733664f989fb8688391b670ca812d70795d11",
-                "sha256:b35e44a3113f17d2a31c1e6b27b9de6d4405f84ae51baa8c1d3cc5b633010cae"
+                "sha256:7d47d19f866409b98ff6025b6a0fca8e4c791fb31abbd95f622093894ce903a2",
+                "sha256:ebad2091bf12d0d200dfc2464330db638c5deb41d546f6d7aca079e87290f3b0"
             ],
-            "markers": "python_version >= '3.9'",
-            "version": "==0.14.3"
+            "markers": "python_version >= '3.8'",
+            "version": "==0.14.2"
         },
         "cairocffi": {
             "hashes": [
@@ -64,11 +64,11 @@
         },
         "certifi": {
             "hashes": [
-                "sha256:0a816057ea3cdefcef70270d2c515e4506bbc954f417fa5ade2021213bb8f0c6",
-                "sha256:30350364dfe371162649852c63336a15c70c6510c2ad5015b21c2345311805f3"
+                "sha256:3d5da6925056f6f18f119200434a4780a94263f10d1c21d032a6f6b2baa20651",
+                "sha256:ca78db4565a652026a4db2bcdf68f2fb589ea80d0be70e03929ed730746b84fe"
             ],
             "markers": "python_version >= '3.6'",
-            "version": "==2025.4.26"
+            "version": "==2025.1.31"
         },
         "cffi": {
             "hashes": [
@@ -145,109 +145,109 @@
         },
         "charset-normalizer": {
             "hashes": [
-                "sha256:005fa3432484527f9732ebd315da8da8001593e2cf46a3d817669f062c3d9ed4",
-                "sha256:046595208aae0120559a67693ecc65dd75d46f7bf687f159127046628178dc45",
-                "sha256:0c29de6a1a95f24b9a1aa7aefd27d2487263f00dfd55a77719b530788f75cff7",
-                "sha256:0c8c57f84ccfc871a48a47321cfa49ae1df56cd1d965a09abe84066f6853b9c0",
-                "sha256:0f5d9ed7f254402c9e7d35d2f5972c9bbea9040e99cd2861bd77dc68263277c7",
-                "sha256:18dd2e350387c87dabe711b86f83c9c78af772c748904d372ade190b5c7c9d4d",
-                "sha256:1b1bde144d98e446b056ef98e59c256e9294f6b74d7af6846bf5ffdafd687a7d",
-                "sha256:1c95a1e2902a8b722868587c0e1184ad5c55631de5afc0eb96bc4b0d738092c0",
-                "sha256:1cad5f45b3146325bb38d6855642f6fd609c3f7cad4dbaf75549bf3b904d3184",
-                "sha256:21b2899062867b0e1fde9b724f8aecb1af14f2778d69aacd1a5a1853a597a5db",
-                "sha256:24498ba8ed6c2e0b56d4acbf83f2d989720a93b41d712ebd4f4979660db4417b",
-                "sha256:25a23ea5c7edc53e0f29bae2c44fcb5a1aa10591aae107f2a2b2583a9c5cbc64",
-                "sha256:289200a18fa698949d2b39c671c2cc7a24d44096784e76614899a7ccf2574b7b",
-                "sha256:28a1005facc94196e1fb3e82a3d442a9d9110b8434fc1ded7a24a2983c9888d8",
-                "sha256:32fc0341d72e0f73f80acb0a2c94216bd704f4f0bce10aedea38f30502b271ff",
-                "sha256:36b31da18b8890a76ec181c3cf44326bf2c48e36d393ca1b72b3f484113ea344",
-                "sha256:3c21d4fca343c805a52c0c78edc01e3477f6dd1ad7c47653241cf2a206d4fc58",
-                "sha256:3fddb7e2c84ac87ac3a947cb4e66d143ca5863ef48e4a5ecb83bd48619e4634e",
-                "sha256:43e0933a0eff183ee85833f341ec567c0980dae57c464d8a508e1b2ceb336471",
-                "sha256:4a476b06fbcf359ad25d34a057b7219281286ae2477cc5ff5e3f70a246971148",
-                "sha256:4e594135de17ab3866138f496755f302b72157d115086d100c3f19370839dd3a",
-                "sha256:50bf98d5e563b83cc29471fa114366e6806bc06bc7a25fd59641e41445327836",
-                "sha256:5a9979887252a82fefd3d3ed2a8e3b937a7a809f65dcb1e068b090e165bbe99e",
-                "sha256:5baececa9ecba31eff645232d59845c07aa030f0c81ee70184a90d35099a0e63",
-                "sha256:5bf4545e3b962767e5c06fe1738f951f77d27967cb2caa64c28be7c4563e162c",
-                "sha256:6333b3aa5a12c26b2a4d4e7335a28f1475e0e5e17d69d55141ee3cab736f66d1",
-                "sha256:65c981bdbd3f57670af8b59777cbfae75364b483fa8a9f420f08094531d54a01",
-                "sha256:68a328e5f55ec37c57f19ebb1fdc56a248db2e3e9ad769919a58672958e8f366",
-                "sha256:6a0289e4589e8bdfef02a80478f1dfcb14f0ab696b5a00e1f4b8a14a307a3c58",
-                "sha256:6b66f92b17849b85cad91259efc341dce9c1af48e2173bf38a85c6329f1033e5",
-                "sha256:6c9379d65defcab82d07b2a9dfbfc2e95bc8fe0ebb1b176a3190230a3ef0e07c",
-                "sha256:6fc1f5b51fa4cecaa18f2bd7a003f3dd039dd615cd69a2afd6d3b19aed6775f2",
-                "sha256:70f7172939fdf8790425ba31915bfbe8335030f05b9913d7ae00a87d4395620a",
-                "sha256:721c76e84fe669be19c5791da68232ca2e05ba5185575086e384352e2c309597",
-                "sha256:7222ffd5e4de8e57e03ce2cef95a4c43c98fcb72ad86909abdfc2c17d227fc1b",
-                "sha256:75d10d37a47afee94919c4fab4c22b9bc2a8bf7d4f46f87363bcf0573f3ff4f5",
-                "sha256:76af085e67e56c8816c3ccf256ebd136def2ed9654525348cfa744b6802b69eb",
-                "sha256:770cab594ecf99ae64c236bc9ee3439c3f46be49796e265ce0cc8bc17b10294f",
-                "sha256:7a6ab32f7210554a96cd9e33abe3ddd86732beeafc7a28e9955cdf22ffadbab0",
-                "sha256:7c48ed483eb946e6c04ccbe02c6b4d1d48e51944b6db70f697e089c193404941",
-                "sha256:7f56930ab0abd1c45cd15be65cc741c28b1c9a34876ce8c17a2fa107810c0af0",
-                "sha256:8075c35cd58273fee266c58c0c9b670947c19df5fb98e7b66710e04ad4e9ff86",
-                "sha256:8272b73e1c5603666618805fe821edba66892e2870058c94c53147602eab29c7",
-                "sha256:82d8fd25b7f4675d0c47cf95b594d4e7b158aca33b76aa63d07186e13c0e0ab7",
-                "sha256:844da2b5728b5ce0e32d863af26f32b5ce61bc4273a9c720a9f3aa9df73b1455",
-                "sha256:8755483f3c00d6c9a77f490c17e6ab0c8729e39e6390328e42521ef175380ae6",
-                "sha256:915f3849a011c1f593ab99092f3cecfcb4d65d8feb4a64cf1bf2d22074dc0ec4",
-                "sha256:926ca93accd5d36ccdabd803392ddc3e03e6d4cd1cf17deff3b989ab8e9dbcf0",
-                "sha256:982bb1e8b4ffda883b3d0a521e23abcd6fd17418f6d2c4118d257a10199c0ce3",
-                "sha256:98f862da73774290f251b9df8d11161b6cf25b599a66baf087c1ffe340e9bfd1",
-                "sha256:9cbfacf36cb0ec2897ce0ebc5d08ca44213af24265bd56eca54bee7923c48fd6",
-                "sha256:a370b3e078e418187da8c3674eddb9d983ec09445c99a3a263c2011993522981",
-                "sha256:a955b438e62efdf7e0b7b52a64dc5c3396e2634baa62471768a64bc2adb73d5c",
-                "sha256:aa6af9e7d59f9c12b33ae4e9450619cf2488e2bbe9b44030905877f0b2324980",
-                "sha256:aa88ca0b1932e93f2d961bf3addbb2db902198dca337d88c89e1559e066e7645",
-                "sha256:aaeeb6a479c7667fbe1099af9617c83aaca22182d6cf8c53966491a0f1b7ffb7",
-                "sha256:aaf27faa992bfee0264dc1f03f4c75e9fcdda66a519db6b957a3f826e285cf12",
-                "sha256:b2680962a4848b3c4f155dc2ee64505a9c57186d0d56b43123b17ca3de18f0fa",
-                "sha256:b2d318c11350e10662026ad0eb71bb51c7812fc8590825304ae0bdd4ac283acd",
-                "sha256:b33de11b92e9f75a2b545d6e9b6f37e398d86c3e9e9653c4864eb7e89c5773ef",
-                "sha256:b3daeac64d5b371dea99714f08ffc2c208522ec6b06fbc7866a450dd446f5c0f",
-                "sha256:be1e352acbe3c78727a16a455126d9ff83ea2dfdcbc83148d2982305a04714c2",
-                "sha256:bee093bf902e1d8fc0ac143c88902c3dfc8941f7ea1d6a8dd2bcb786d33db03d",
-                "sha256:c72fbbe68c6f32f251bdc08b8611c7b3060612236e960ef848e0a517ddbe76c5",
-                "sha256:c9e36a97bee9b86ef9a1cf7bb96747eb7a15c2f22bdb5b516434b00f2a599f02",
-                "sha256:cddf7bd982eaa998934a91f69d182aec997c6c468898efe6679af88283b498d3",
-                "sha256:cf713fe9a71ef6fd5adf7a79670135081cd4431c2943864757f0fa3a65b1fafd",
-                "sha256:d11b54acf878eef558599658b0ffca78138c8c3655cf4f3a4a673c437e67732e",
-                "sha256:d41c4d287cfc69060fa91cae9683eacffad989f1a10811995fa309df656ec214",
-                "sha256:d524ba3f1581b35c03cb42beebab4a13e6cdad7b36246bd22541fa585a56cccd",
-                "sha256:daac4765328a919a805fa5e2720f3e94767abd632ae410a9062dff5412bae65a",
-                "sha256:db4c7bf0e07fc3b7d89ac2a5880a6a8062056801b83ff56d8464b70f65482b6c",
-                "sha256:dc7039885fa1baf9be153a0626e337aa7ec8bf96b0128605fb0d77788ddc1681",
-                "sha256:dccab8d5fa1ef9bfba0590ecf4d46df048d18ffe3eec01eeb73a42e0d9e7a8ba",
-                "sha256:dedb8adb91d11846ee08bec4c8236c8549ac721c245678282dcb06b221aab59f",
-                "sha256:e45ba65510e2647721e35323d6ef54c7974959f6081b58d4ef5d87c60c84919a",
-                "sha256:e53efc7c7cee4c1e70661e2e112ca46a575f90ed9ae3fef200f2a25e954f4b28",
-                "sha256:e635b87f01ebc977342e2697d05b56632f5f879a4f15955dfe8cef2448b51691",
-                "sha256:e70e990b2137b29dc5564715de1e12701815dacc1d056308e2b17e9095372a82",
-                "sha256:e8082b26888e2f8b36a042a58307d5b917ef2b1cacab921ad3323ef91901c71a",
-                "sha256:e8323a9b031aa0393768b87f04b4164a40037fb2a3c11ac06a03ffecd3618027",
-                "sha256:e92fca20c46e9f5e1bb485887d074918b13543b1c2a1185e69bb8d17ab6236a7",
-                "sha256:eb30abc20df9ab0814b5a2524f23d75dcf83cde762c161917a2b4b7b55b1e518",
-                "sha256:eba9904b0f38a143592d9fc0e19e2df0fa2e41c3c3745554761c5f6447eedabf",
-                "sha256:ef8de666d6179b009dce7bcb2ad4c4a779f113f12caf8dc77f0162c29d20490b",
-                "sha256:efd387a49825780ff861998cd959767800d54f8308936b21025326de4b5a42b9",
-                "sha256:f0aa37f3c979cf2546b73e8222bbfa3dc07a641585340179d768068e3455e544",
-                "sha256:f4074c5a429281bf056ddd4c5d3b740ebca4d43ffffe2ef4bf4d2d05114299da",
-                "sha256:f69a27e45c43520f5487f27627059b64aaf160415589230992cec34c5e18a509",
-                "sha256:fb707f3e15060adf5b7ada797624a6c6e0138e2a26baa089df64c68ee98e040f",
-                "sha256:fcbe676a55d7445b22c10967bceaaf0ee69407fbe0ece4d032b6eb8d4565982a",
-                "sha256:fdb20a30fe1175ecabed17cbf7812f7b804b8a315a25f24678bcdf120a90077f"
+                "sha256:0167ddc8ab6508fe81860a57dd472b2ef4060e8d378f0cc555707126830f2537",
+                "sha256:01732659ba9b5b873fc117534143e4feefecf3b2078b0a6a2e925271bb6f4cfa",
+                "sha256:01ad647cdd609225c5350561d084b42ddf732f4eeefe6e678765636791e78b9a",
+                "sha256:04432ad9479fa40ec0f387795ddad4437a2b50417c69fa275e212933519ff294",
+                "sha256:0907f11d019260cdc3f94fbdb23ff9125f6b5d1039b76003b5b0ac9d6a6c9d5b",
+                "sha256:0924e81d3d5e70f8126529951dac65c1010cdf117bb75eb02dd12339b57749dd",
+                "sha256:09b26ae6b1abf0d27570633b2b078a2a20419c99d66fb2823173d73f188ce601",
+                "sha256:09b5e6733cbd160dcc09589227187e242a30a49ca5cefa5a7edd3f9d19ed53fd",
+                "sha256:0af291f4fe114be0280cdd29d533696a77b5b49cfde5467176ecab32353395c4",
+                "sha256:0f55e69f030f7163dffe9fd0752b32f070566451afe180f99dbeeb81f511ad8d",
+                "sha256:1a2bc9f351a75ef49d664206d51f8e5ede9da246602dc2d2726837620ea034b2",
+                "sha256:22e14b5d70560b8dd51ec22863f370d1e595ac3d024cb8ad7d308b4cd95f8313",
+                "sha256:234ac59ea147c59ee4da87a0c0f098e9c8d169f4dc2a159ef720f1a61bbe27cd",
+                "sha256:2369eea1ee4a7610a860d88f268eb39b95cb588acd7235e02fd5a5601773d4fa",
+                "sha256:237bdbe6159cff53b4f24f397d43c6336c6b0b42affbe857970cefbb620911c8",
+                "sha256:28bf57629c75e810b6ae989f03c0828d64d6b26a5e205535585f96093e405ed1",
+                "sha256:2967f74ad52c3b98de4c3b32e1a44e32975e008a9cd2a8cc8966d6a5218c5cb2",
+                "sha256:2a75d49014d118e4198bcee5ee0a6f25856b29b12dbf7cd012791f8a6cc5c496",
+                "sha256:2bdfe3ac2e1bbe5b59a1a63721eb3b95fc9b6817ae4a46debbb4e11f6232428d",
+                "sha256:2d074908e1aecee37a7635990b2c6d504cd4766c7bc9fc86d63f9c09af3fa11b",
+                "sha256:2fb9bd477fdea8684f78791a6de97a953c51831ee2981f8e4f583ff3b9d9687e",
+                "sha256:311f30128d7d333eebd7896965bfcfbd0065f1716ec92bd5638d7748eb6f936a",
+                "sha256:329ce159e82018d646c7ac45b01a430369d526569ec08516081727a20e9e4af4",
+                "sha256:345b0426edd4e18138d6528aed636de7a9ed169b4aaf9d61a8c19e39d26838ca",
+                "sha256:363e2f92b0f0174b2f8238240a1a30142e3db7b957a5dd5689b0e75fb717cc78",
+                "sha256:3a3bd0dcd373514dcec91c411ddb9632c0d7d92aed7093b8c3bbb6d69ca74408",
+                "sha256:3bed14e9c89dcb10e8f3a29f9ccac4955aebe93c71ae803af79265c9ca5644c5",
+                "sha256:44251f18cd68a75b56585dd00dae26183e102cd5e0f9f1466e6df5da2ed64ea3",
+                "sha256:44ecbf16649486d4aebafeaa7ec4c9fed8b88101f4dd612dcaf65d5e815f837f",
+                "sha256:4532bff1b8421fd0a320463030c7520f56a79c9024a4e88f01c537316019005a",
+                "sha256:49402233c892a461407c512a19435d1ce275543138294f7ef013f0b63d5d3765",
+                "sha256:4c0907b1928a36d5a998d72d64d8eaa7244989f7aaaf947500d3a800c83a3fd6",
+                "sha256:4d86f7aff21ee58f26dcf5ae81a9addbd914115cdebcbb2217e4f0ed8982e146",
+                "sha256:5777ee0881f9499ed0f71cc82cf873d9a0ca8af166dfa0af8ec4e675b7df48e6",
+                "sha256:5df196eb874dae23dcfb968c83d4f8fdccb333330fe1fc278ac5ceeb101003a9",
+                "sha256:619a609aa74ae43d90ed2e89bdd784765de0a25ca761b93e196d938b8fd1dbbd",
+                "sha256:6e27f48bcd0957c6d4cb9d6fa6b61d192d0b13d5ef563e5f2ae35feafc0d179c",
+                "sha256:6ff8a4a60c227ad87030d76e99cd1698345d4491638dfa6673027c48b3cd395f",
+                "sha256:73d94b58ec7fecbc7366247d3b0b10a21681004153238750bb67bd9012414545",
+                "sha256:7461baadb4dc00fd9e0acbe254e3d7d2112e7f92ced2adc96e54ef6501c5f176",
+                "sha256:75832c08354f595c760a804588b9357d34ec00ba1c940c15e31e96d902093770",
+                "sha256:7709f51f5f7c853f0fb938bcd3bc59cdfdc5203635ffd18bf354f6967ea0f824",
+                "sha256:78baa6d91634dfb69ec52a463534bc0df05dbd546209b79a3880a34487f4b84f",
+                "sha256:7974a0b5ecd505609e3b19742b60cee7aa2aa2fb3151bc917e6e2646d7667dcf",
+                "sha256:7a4f97a081603d2050bfaffdefa5b02a9ec823f8348a572e39032caa8404a487",
+                "sha256:7b1bef6280950ee6c177b326508f86cad7ad4dff12454483b51d8b7d673a2c5d",
+                "sha256:7d053096f67cd1241601111b698f5cad775f97ab25d81567d3f59219b5f1adbd",
+                "sha256:804a4d582ba6e5b747c625bf1255e6b1507465494a40a2130978bda7b932c90b",
+                "sha256:807f52c1f798eef6cf26beb819eeb8819b1622ddfeef9d0977a8502d4db6d534",
+                "sha256:80ed5e856eb7f30115aaf94e4a08114ccc8813e6ed1b5efa74f9f82e8509858f",
+                "sha256:8417cb1f36cc0bc7eaba8ccb0e04d55f0ee52df06df3ad55259b9a323555fc8b",
+                "sha256:8436c508b408b82d87dc5f62496973a1805cd46727c34440b0d29d8a2f50a6c9",
+                "sha256:89149166622f4db9b4b6a449256291dc87a99ee53151c74cbd82a53c8c2f6ccd",
+                "sha256:8bfa33f4f2672964266e940dd22a195989ba31669bd84629f05fab3ef4e2d125",
+                "sha256:8c60ca7339acd497a55b0ea5d506b2a2612afb2826560416f6894e8b5770d4a9",
+                "sha256:91b36a978b5ae0ee86c394f5a54d6ef44db1de0815eb43de826d41d21e4af3de",
+                "sha256:955f8851919303c92343d2f66165294848d57e9bba6cf6e3625485a70a038d11",
+                "sha256:97f68b8d6831127e4787ad15e6757232e14e12060bec17091b85eb1486b91d8d",
+                "sha256:9b23ca7ef998bc739bf6ffc077c2116917eabcc901f88da1b9856b210ef63f35",
+                "sha256:9f0b8b1c6d84c8034a44893aba5e767bf9c7a211e313a9605d9c617d7083829f",
+                "sha256:aabfa34badd18f1da5ec1bc2715cadc8dca465868a4e73a0173466b688f29dda",
+                "sha256:ab36c8eb7e454e34e60eb55ca5d241a5d18b2c6244f6827a30e451c42410b5f7",
+                "sha256:b010a7a4fd316c3c484d482922d13044979e78d1861f0e0650423144c616a46a",
+                "sha256:b1ac5992a838106edb89654e0aebfc24f5848ae2547d22c2c3f66454daa11971",
+                "sha256:b7b2d86dd06bfc2ade3312a83a5c364c7ec2e3498f8734282c6c3d4b07b346b8",
+                "sha256:b97e690a2118911e39b4042088092771b4ae3fc3aa86518f84b8cf6888dbdb41",
+                "sha256:bc2722592d8998c870fa4e290c2eec2c1569b87fe58618e67d38b4665dfa680d",
+                "sha256:c0429126cf75e16c4f0ad00ee0eae4242dc652290f940152ca8c75c3a4b6ee8f",
+                "sha256:c30197aa96e8eed02200a83fba2657b4c3acd0f0aa4bdc9f6c1af8e8962e0757",
+                "sha256:c4c3e6da02df6fa1410a7680bd3f63d4f710232d3139089536310d027950696a",
+                "sha256:c75cb2a3e389853835e84a2d8fb2b81a10645b503eca9bcb98df6b5a43eb8886",
+                "sha256:c96836c97b1238e9c9e3fe90844c947d5afbf4f4c92762679acfe19927d81d77",
+                "sha256:d7f50a1f8c450f3925cb367d011448c39239bb3eb4117c36a6d354794de4ce76",
+                "sha256:d973f03c0cb71c5ed99037b870f2be986c3c05e63622c017ea9816881d2dd247",
+                "sha256:d98b1668f06378c6dbefec3b92299716b931cd4e6061f3c875a71ced1780ab85",
+                "sha256:d9c3cdf5390dcd29aa8056d13e8e99526cda0305acc038b96b30352aff5ff2bb",
+                "sha256:dad3e487649f498dd991eeb901125411559b22e8d7ab25d3aeb1af367df5efd7",
+                "sha256:dccbe65bd2f7f7ec22c4ff99ed56faa1e9f785482b9bbd7c717e26fd723a1d1e",
+                "sha256:dd78cfcda14a1ef52584dbb008f7ac81c1328c0f58184bf9a84c49c605002da6",
+                "sha256:e218488cd232553829be0664c2292d3af2eeeb94b32bea483cf79ac6a694e037",
+                "sha256:e358e64305fe12299a08e08978f51fc21fac060dcfcddd95453eabe5b93ed0e1",
+                "sha256:ea0d8d539afa5eb2728aa1932a988a9a7af94f18582ffae4bc10b3fbdad0626e",
+                "sha256:eab677309cdb30d047996b36d34caeda1dc91149e4fdca0b1a039b3f79d9a807",
+                "sha256:eb8178fe3dba6450a3e024e95ac49ed3400e506fd4e9e5c32d30adda88cbd407",
+                "sha256:ecddf25bee22fe4fe3737a399d0d177d72bc22be6913acfab364b40bce1ba83c",
+                "sha256:eea6ee1db730b3483adf394ea72f808b6e18cf3cb6454b4d86e04fa8c4327a12",
+                "sha256:f08ff5e948271dc7e18a35641d2f11a4cd8dfd5634f55228b691e62b37125eb3",
+                "sha256:f30bf9fd9be89ecb2360c7d94a711f00c09b976258846efe40db3d05828e8089",
+                "sha256:fa88b843d6e211393a37219e6a1c1df99d35e8fd90446f1118f4216e307e48cd",
+                "sha256:fc54db6c8593ef7d4b2a331b58653356cf04f67c960f584edb7c3d8c97e8f39e",
+                "sha256:fd4ec41f914fa74ad1b8304bbc634b3de73d2a0889bd32076342a573e0779e00",
+                "sha256:ffc9202a29ab3920fa812879e95a9e78b2465fd10be7fcbd042899695d75e616"
             ],
             "markers": "python_version >= '3.7'",
-            "version": "==3.4.2"
+            "version": "==3.4.1"
         },
         "click": {
             "hashes": [
-                "sha256:27c491cc05d968d271d5a1db13e3b5a184636d9d930f148c50b038f0d0646202",
-                "sha256:61a3265b914e850b85317d0b3109c7f8cd35a670f963866005d6ef1d5175a12b"
+                "sha256:63c132bbbed01578a06712a2d1f497bb62d9c1c0d329b7903a866228027263b2",
+                "sha256:ed53c9d8990d83c2a27deae68e4ee337473f6330c040a31d4225c9574d16096a"
             ],
-            "markers": "python_version >= '3.10'",
-            "version": "==8.2.1"
+            "markers": "python_version >= '3.7'",
+            "version": "==8.1.8"
         },
         "colorama": {
             "hashes": [
@@ -275,11 +275,10 @@
         },
         "filelock": {
             "hashes": [
-                "sha256:adbc88eabb99d2fec8c9c1b229b171f18afa655400173ddc653d5d01501fb9f2",
-                "sha256:c401f4f8377c4464e6db25fff06205fd89bdd83b65eb0488ed1b160f780e21de"
+                "sha256:533dc2f7ba78dc2f0f531fc6c4940addf7b70a481e269a5a3b93be94ffbe8338",
+                "sha256:ee4e77401ef576ebb38cd7f13b9b28893194acc20a8e68e18730ba9c0e54660e"
             ],
-            "markers": "python_version >= '3.9'",
-            "version": "==3.18.0"
+            "version": "==3.17.0"
         },
         "ghp-import": {
             "hashes": [
@@ -336,11 +335,11 @@
         },
         "markdown": {
             "hashes": [
-                "sha256:794a929b79c5af141ef5ab0f2f642d0f7b1872981250230e72682346f7cc90dc",
-                "sha256:7df81e63f0df5c4b24b7d156eb81e4690595239b7d70937d0409f1b0de319c6f"
+                "sha256:2ae2471477cfd02dbbf038d5d9bc226d40def84b4fe2986e49b59b6b472bbed2",
+                "sha256:7eb6df5690b81a1d7942992c97fad2938e956e79df20cbc6186e9c3a77b1c803"
             ],
-            "markers": "python_version >= '3.9'",
-            "version": "==3.8"
+            "markers": "python_version >= '3.8'",
+            "version": "==3.7"
         },
         "markupsafe": {
             "hashes": [
@@ -435,21 +434,21 @@
         },
         "mkdocs-git-authors-plugin": {
             "hashes": [
-                "sha256:acdacc8452db90a94d9c395a230b16965a9f2f51e0a6eef182ac7d3e02e394fb",
-                "sha256:e19f0252ead3d626fd73e15bb56d6675704c3b62aa569ebc363f791291b8f60e"
+                "sha256:77f97c321e08a8757beb866293eb257070b11cd5a080976bc6696b249cbade4f",
+                "sha256:f6cefc4dc832865d26f7f9f944c0a8c7dc852742d79320f3800e0d97814e2a84"
             ],
             "index": "pypi",
             "markers": "python_version >= '3.8'",
-            "version": "==0.9.5"
+            "version": "==0.9.2"
         },
         "mkdocs-git-revision-date-localized-plugin": {
             "hashes": [
-                "sha256:056c0a90242409148f1dc94d5c9d2c25b5b8ddd8de45489fa38f7fa7ccad2bc4",
-                "sha256:10a49eff1e1c3cb766e054b9d8360c904ce4fe8c33ac3f6cc083ac6459c91953"
+                "sha256:364d7c4c45c4f333c750e34bc298ac685a7a8bf9b7b52890d52b2f90f1812c4b",
+                "sha256:bb1eca7f156e0c8a587167662923d76efed7f7e0c06b84471aa5ae72a744a434"
             ],
             "index": "pypi",
             "markers": "python_version >= '3.8'",
-            "version": "==1.4.7"
+            "version": "==1.4.1"
         },
         "mkdocs-glightbox": {
             "hashes": [
@@ -485,12 +484,12 @@
         },
         "mkdocs-rss-plugin": {
             "hashes": [
-                "sha256:0a5b3e03dd68cc6b94feb50fc2e47fd427d39c452affe0fc3135289da9810a6d",
-                "sha256:15b99c6b3370f50503fe189e814600b375e5a0d8f99d19f6d8d9b80c1aa56f5c"
+                "sha256:9371d30afb0eda7288c946a89b419aa7a0b8e212d2219584c2dbd23ece93a991",
+                "sha256:ff81f0ece33befd5a0152c196132e15eb93b4b9f7f53644c6d3db8e9a529e186"
             ],
             "index": "pypi",
             "markers": "python_version >= '3.9' and python_version < '4'",
-            "version": "==1.17.3"
+            "version": "==1.17.1"
         },
         "msgpack": {
             "hashes": [
@@ -564,11 +563,11 @@
         },
         "packaging": {
             "hashes": [
-                "sha256:29572ef2b1f17581046b3a2227d5c611fb25ec70ca1ba8554b24b0e69331a484",
-                "sha256:d443872c98d677bf60f6a1f2f8c1cb748e8fe762d2bf9d3148b5599295b0fc4f"
+                "sha256:09abb1bccd265c01f4a3aa3f7a7db064b36514d2cba19a2f694fe6150451a759",
+                "sha256:c228a6dc5e932d346bc5739379109d49e8853dd8223571c7c5b55260edc0b97f"
             ],
             "markers": "python_version >= '3.8'",
-            "version": "==25.0"
+            "version": "==24.2"
         },
         "paginate": {
             "hashes": [
@@ -672,11 +671,11 @@
         },
         "platformdirs": {
             "hashes": [
-                "sha256:3d512d96e16bcb959a814c9f348431070822a6496326a4be0911c40b5a74c2bc",
-                "sha256:ff7059bb7eb1179e2685604f4aaf157cfd9535242bd23742eadc3c13542139b4"
+                "sha256:357fb2acbc885b0419afd3ce3ed34564c13c9b95c89360cd9563f73aa5e2b907",
+                "sha256:73e575e1408ab8103900836b97580d5307456908a03e92031bab39e4554cc3fb"
             ],
-            "markers": "python_version >= '3.9'",
-            "version": "==4.3.8"
+            "markers": "python_version >= '3.8'",
+            "version": "==4.3.6"
         },
         "pycparser": {
             "hashes": [
@@ -707,15 +706,16 @@
                 "sha256:37dd54208da7e1cd875388217d5e00ebd4179249f90fb72437e91a35459a0ad3",
                 "sha256:a8b2bc7bffae282281c8140a97d3aa9c14da0b136dfe83f850eea9a5f7470427"
             ],
-            "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2'",
+            "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'",
             "version": "==2.9.0.post0"
         },
         "pytz": {
             "hashes": [
-                "sha256:360b9e3dbb49a209c21ad61809c7fb453643e048b38924c765813546746e81c3",
-                "sha256:5ddf76296dd8c44c26eb8f4b6f35488f3ccbf6fbbd7adee0b7262d43f0ec2f00"
+                "sha256:89dd22dca55b46eac6eda23b2d72721bf1bdfef212645d81513ef5d03038de57",
+                "sha256:c2db42be2a2518b28e65f9207c4d05e6ff547d1efa4086469ef855e4ab70178e"
             ],
-            "version": "==2025.2"
+            "markers": "python_version < '3.9'",
+            "version": "==2025.1"
         },
         "pyyaml": {
             "hashes": [
@@ -778,11 +778,11 @@
         },
         "pyyaml-env-tag": {
             "hashes": [
-                "sha256:17109e1a528561e32f026364712fee1264bc2ea6715120891174ed1b980d2e04",
-                "sha256:2eb38b75a2d21ee0475d6d97ec19c63287a7e140231e4214969d0eac923cd7ff"
+                "sha256:70092675bda14fdec33b31ba77e7543de9ddc88f2e5b99160396572d11525bdb",
+                "sha256:af31106dec8a4d68c60207c1886031cbf839b68aa7abccdb19868200532c2069"
             ],
-            "markers": "python_version >= '3.9'",
-            "version": "==1.1"
+            "markers": "python_version >= '3.6'",
+            "version": "==0.1"
         },
         "requests": {
             "hashes": [
@@ -797,7 +797,7 @@
                 "sha256:4721f391ed90541fddacab5acf947aa0d3dc7d27b2e1e8eda2be8970586c3274",
                 "sha256:ff70335d468e7eb6ec65b95b99d3a2836546063f63acc5171de367e834932a81"
             ],
-            "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2'",
+            "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'",
             "version": "==1.17.0"
         },
         "smmap": {
@@ -818,11 +818,11 @@
         },
         "termcolor": {
             "hashes": [
-                "sha256:591dd26b5c2ce03b9e43f391264626557873ce1d379019786f99b0c2bee140aa",
-                "sha256:6a6dd7fbee581909eeec6a756cff1d7f7c376063b14e4a298dc4980309e55970"
+                "sha256:37b17b5fc1e604945c2642c872a3764b5d547a48009871aea3edd3afa180afb8",
+                "sha256:998d8d27da6d48442e8e1f016119076b690d962507531df4890fcd2db2ef8a6f"
             ],
             "markers": "python_version >= '3.9'",
-            "version": "==3.1.0"
+            "version": "==2.5.0"
         },
         "tinycss2": {
             "hashes": [
@@ -834,11 +834,11 @@
         },
         "urllib3": {
             "hashes": [
-                "sha256:414bc6535b787febd7567804cc015fee39daab8ad86268f1310a9250697de466",
-                "sha256:4e16665048960a0900c702d4a66415956a584919c03361cac9f1df5c5dd7e813"
+                "sha256:1cee9ad369867bfdbbb48b7dd50374c0967a0bb7710050facf0dd6911440e3df",
+                "sha256:f8c5449b3cf0861679ce7e0503c7b44b5ec981bec0d1d3795a07f1ba96f0204d"
             ],
             "markers": "python_version >= '3.9'",
-            "version": "==2.4.0"
+            "version": "==2.3.0"
         },
         "watchdog": {
             "hashes": [

README.md

@@ -48,8 +48,6 @@ The current list of team members can be found [here](https://www.privacyguides.o
 
 ## Contributing
 
-[![Open in GitHub Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/privacyguides/privacyguides.org?devcontainer_path=.devcontainer%2Fdevcontainer.json)
-
 - 💬 [Start a discussion or suggest an idea](https://discuss.privacyguides.net)
 - 💖 [Sponsor the project](https://github.com/sponsors/privacyguides)
 - 🈴 [Help translate the site](https://crowdin.com/project/privacyguides) [[Matrix chat](https://matrix.to/#/#pg-i18n:aragon.sh)]
@@ -74,6 +72,18 @@ All contributors to the site are listed [here](#contributors). If you have contr
 
 - **Tor/onion:** [xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion](http://www.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion)
 
+- **IPFS:** `/ipns/ipfs.privacyguides.org` (**not** anonymous)
+    - Please help us out by pinning a copy: [Learn more](https://github.com/privacyguides/webserver/blob/main/ipfs/README.md)
+    - via Cloudflare: [cloudflare-ipfs.com/ipns/ipfs.privacyguides.org](https://cloudflare-ipfs.com/ipns/ipfs.privacyguides.org/en/)
+    - via 4everland: [ipfs-privacyguides-org.ipns.4everland.io](https://ipfs-privacyguides-org.ipns.4everland.io/)
+    - via [@jonaharagon](https://github.com/jonaharagon): [ipfs.jonaharagon.net/ipns/ipfs.privacyguides.org](https://ipfs.jonaharagon.net/ipns/ipfs.privacyguides.org/en/)
+    - via [peer](https://docs.ipfs.tech/how-to/peering-with-content-providers/): `/dnsaddr/node-1.ipfs.jonaharagon.net/p2p/12D3KooWMwqzuApCKxYfo66zq5BrTjCoz9naJ1rrMEBCnwuGGqWB`
+
+- **I2P:** [privacyguides.i2p](http://privacyguides.i2p/?i2paddresshelper=fvbkmooriuqgssrjvbxu7nrwms5zyhf34r3uuppoakwwsm7ysv6q.b32.i2p)
+
+- **Yggdrasil:** [http://[200:f3a6:4922:e067:770d:ac57:fcb1:8dbf]](http://[200:f3a6:4922:e067:770d:ac57:fcb1:8dbf]/en/) (**not** anonymous)
+    - via public peer: `tcp://5.161.245.8:45454`
+
 ### Git Mirrors
 
 [![GitHub](https://img.shields.io/static/v1?logo=github&label=&message=GitHub&color=000&style=for-the-badge)](https://github.com/privacyguides/privacyguides.org)
@@ -100,18 +110,42 @@ When you contribute to this repository you are doing so under the above licenses
 
 ## Developing
 
-The only supported method of building and previewing this website locally is by running the automatic dev container. The easiest way to do this in your web browser without installing any software is to use [GitHub Codespaces](https://codespaces.new/privacyguides/privacyguides.org). To build the website locally, you will need the following software:
-
-- macOS/Windows: [Docker Desktop](https://www.docker.com/products/docker-desktop/)
-- Linux: [Docker CE](https://docs.docker.com/get-started/get-docker/#supported-platforms)
-- [VS Code](https://code.visualstudio.com/)
-- [Dev Containers for VS Code](https://marketplace.visualstudio.com/items?itemName=ms-vscode-remote.remote-containers) extension
-- [GitHub Desktop](https://github.com/apps/desktop) (optional)
-
-You can technically use any IDE which supports [development containers](https://containers.dev/), but YMMV. Docker Desktop has an experimental Dev Environments option which allows you to use any text editor under Settings > Features in development. We are only testing with the combination of software above.
+[![Open in GitHub Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/privacyguides/privacyguides.org?devcontainer_path=.devcontainer%2Fdevcontainer.json)
 
 Committing to this repository requires [signing your commits](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits) (`git config commit.gpgsign true`) unless you are making edits via the GitHub.com text editor interface. As of August 2022 the preferred signing method is [SSH commit signatures](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification#ssh-commit-signature-verification), but GPG signing is also acceptable. You should add your signing key to your GitHub profile.
 
+### With `mkdocs-material`
+
+1. Install required packages: `pip install mkdocs-material`
+2. Run a local preview of the English site: `./run.sh --cmd=mkdocs`
+
+### With `mkdocs-material-insiders`
+
+This website uses [`mkdocs-material-insiders`](https://squidfunk.github.io/mkdocs-material/insiders) which offers additional functionality over the open-source `mkdocs-material` project. For obvious reasons we cannot distribute access to the insiders repository.
+
+**Team members** should clone the repository with `mkdocs-material-insiders` directly. This method is identical to production:
+
+1. Clone this repository and submodules: `git clone --recurse-submodules https://github.com/privacyguides/privacyguides.org.git`
+2. Enable SSH commit verification with our local [`.allowed_signers`](/.allowed_signers) file: `git config gpg.ssh.allowedSignersFile .allowed_signers`
+3. Install Python **3.12**.
+4. Install **pipenv**: `pip install pipenv`
+5. Install dependencies: `pipenv install --dev` (install [Pillow and CairoSVG](https://squidfunk.github.io/mkdocs-material/setup/setting-up-social-cards/#dependencies) as well to generate social cards)
+6. Serve the site locally: `./run.sh --insiders` (set `CARDS=true` to generate social cards)
+    - The site will be available at `http://localhost:8000`
+    - You can build the site locally with `./run.sh --insiders --build`
+    - This version of the site should be identical to the live, production version
+
+If you commit to `main` with commits signed with your SSH key, you should add your SSH key to [`.allowed_signers`](/.allowed_signers) in this repo.
+
+### Local Translated Site Builds
+
+1. Install the [Crowdin CLI Tool](https://developer.crowdin.com/cli-tool) (`brew install crowdin`)
+2. Set the `CROWDIN_PERSONAL_TOKEN` environment variable to your Crowdin personal access token
+3. Run `crowdin download` in the root of this repo
+4. Serve the site locally: `./run.sh --insiders --lang=fr` (replacing fr with the appropriate language in [/config](/config))
+
+Translations downloaded from Crowdin are [.gitignore](/.gitignore)'d, so any local changes to the translated site cannot be committed to this repo. Actual modifications need to be made on Crowdin. As an alternative to steps 1-3, you can copy the folders from [privacyguides/i18n](https://github.com/privacyguides/i18n) to the root of this repo to obtain the translated files.
+
 ## Releasing
 
 It is required to create a GitHub release to publish the current site to privacyguides.org. The current `main` branch can be previewed at [https://main.staging.privacyguides.dev](https://main.staging.privacyguides.dev) prior to release.

blog/.authors.yml

@@ -56,13 +56,6 @@ authors:
       instance: neat.computer
     twitter: jonaharagon
     bluesky: jonaharagon.com
-  justin:
-    name: Justin Ehrenhofer
-    description: Guest Contributor
-    avatar: https://github.com/SamsungGalaxyPlayer.png
-    mastodon:
-      username: sgp
-      instance: neat.computer
   kaitebay:
     name: Kai Tebay
     description: Former Team Member

blog/assets/images/digital-provenance/manifest.svg

@@ -1,40 +0,0 @@
-<svg host="65bd71144e" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="201px" height="301px" viewBox="-0.5 -0.5 201 301" content="&lt;mxfile&gt;&lt;diagram id=&quot;7obOEI9IPgsgN9EZozkg&quot; name=&quot;Page-1&quot;&gt;3ZZNb6MwEEB/Te6YrzjHlED3UmmlHPZsYABrDUbGKWR//ZpgCizOtkipKjWHCL/xgP08Gtg5Qdk9C1IXLzwFtrOttNs5p51te9Ze/ffgOoCD4w0gFzQdEJrAmf4BDS1NLzSFZjFRcs4krZcw4VUFiVwwIgRvl9MyzpZPrUkOK3BOCFvTXzSVxUCxZ038B9C8GJ+MLB0pyThZg6YgKW9nyAl3TiA4l8NV2QXAenejlyEvuhN9W5iASn4kwR4SXgm76L0F9s+jIi+kohk0Ui9TXse9Ny0tGanU6CmjjAWccXGLOKkHOHUVb6Tgv2EWwXbs+H4f0cnRMvPkhfjUZ66Xr3f0CkJCN0N6O8/AS5DiqqaM0VGtri1XD9vpoOzxOIrZITkjJLo48rdbT/7UhVZo1umudB6bRi2d8qrZYBLFBIFtMmlZfniM+gxeyRnPbr/7htHTEYW20bC91fA/ghFeG0a+wTB6hOH9yvDKa1tQCeeaJP24VQ1IbbuQpbrjCalL0tRDT8hoB6mhjAngLDHJ9xMMcWaU6G6ViN6tUteg0H2AQfxNDPpfZvDwTQyirytCb/3eYYSWG3pkhhNIjIpi7LnqVXy3F0Y4CIPgc3oh+mAv9B/g0L/n0DrTvCLyImCLzwx8s890f4it//mMQv+TfBoq8lE61XD6zLrFZt+qTvgX&lt;/diagram&gt;&lt;/mxfile&gt;">
-    <defs/>
-    <g>
-        <path d="M 0 23 L 0 0 L 200 0 L 200 23" fill="#d5e8d4" stroke="#82b366" stroke-miterlimit="10" pointer-events="all"/>
-        <path d="M 0 23 L 0 300 L 200 300 L 200 23" fill="#d5e8d4" stroke="#82b366" stroke-miterlimit="10" pointer-events="all"/>
-        <path d="M 0 23 L 200 23" fill="none" stroke="#82b366" stroke-miterlimit="10" pointer-events="all"/>
-        <g fill="#000000" font-family="Helvetica" font-weight="bold" text-anchor="middle" font-size="12px">
-            <text x="99.5" y="16">
-                C2PA Manifest
-            </text>
-        </g>
-        <path d="M 20 203 L 20 180 L 180 180 L 180 203" fill="#1ba1e2" stroke="#006eaf" stroke-miterlimit="10" pointer-events="all"/>
-        <path d="M 20 203 L 20 280 L 180 280 L 180 203" fill="#1ba1e2" stroke="#006eaf" stroke-miterlimit="10" pointer-events="all"/>
-        <path d="M 20 203 L 180 203" fill="none" stroke="#006eaf" stroke-miterlimit="10" pointer-events="all"/>
-        <g fill="#ffffff" font-family="Helvetica" font-weight="bold" text-anchor="middle" font-size="12px">
-            <text x="99.5" y="196">
-                Assertions
-            </text>
-        </g>
-        <rect x="30" y="220" width="40" height="40" fill="#dae8fc" stroke="#6c8ebf" pointer-events="all"/>
-        <rect x="80" y="220" width="40" height="40" fill="#dae8fc" stroke="#6c8ebf" pointer-events="all"/>
-        <rect x="130" y="220" width="40" height="40" fill="#dae8fc" stroke="#6c8ebf" pointer-events="all"/>
-        <path d="M 20 133 L 20 110 L 180 110 L 180 133" fill="#f8cecc" stroke="#b85450" stroke-miterlimit="10" pointer-events="all"/>
-        <path d="M 20 133 L 20 170 L 180 170 L 180 133" fill="#f8cecc" stroke="#b85450" stroke-miterlimit="10" pointer-events="all"/>
-        <path d="M 20 133 L 180 133" fill="none" stroke="#b85450" stroke-miterlimit="10" pointer-events="all"/>
-        <g fill="#000000" font-family="Helvetica" font-weight="bold" text-anchor="middle" font-size="12px">
-            <text x="99.5" y="126">
-                Claim
-            </text>
-        </g>
-        <path d="M 20 63 L 20 40 L 180 40 L 180 63" fill="#ffe6cc" stroke="#d79b00" stroke-miterlimit="10" pointer-events="all"/>
-        <path d="M 20 63 L 20 100 L 180 100 L 180 63" fill="#ffe6cc" stroke="#d79b00" stroke-miterlimit="10" pointer-events="all"/>
-        <path d="M 20 63 L 180 63" fill="none" stroke="#d79b00" stroke-miterlimit="10" pointer-events="all"/>
-        <g fill="#000000" font-family="Helvetica" font-weight="bold" text-anchor="middle" font-size="12px">
-            <text x="99.5" y="56">
-                Claim Signature
-            </text>
-        </g>
-    </g>
-</svg>

blog/posts/digital-provenance.md

@@ -1,238 +0,0 @@
----
-date:
-    created: 2025-05-19T20:15:00Z
-categories:
-    - Opinion
-authors:
-    - fria
-tags:
-    - AI
-    - Content Credentials
----
-# The Power of Digital Provenance in the Age of AI
-
-![Article cover showing a painterly background with cool colors and the Content Credentials logo](../assets/images/digital-provenance/cover.jpg)
-
-<small aria-hidden="true">Photo: Kseniya Lapteva / Pexels | Logo: Content Credentials</small>
-
-With the popularity of generative AI, it's becoming more and more difficult to [distinguish](https://uwaterloo.ca/news/media/can-you-tell-ai-generated-people-real-ones) reality from fiction. Can this problem be solved using cryptography? What are the privacy implications of the currently proposed systems?<!-- more -->
-
-## The Problem
-
-Can you tell which of these images are AI generated?
-
-<div class="grid" markdown>
-
-![Group of geese by some water](../assets/images/digital-provenance/geese1.jpeg)
-
-![Group of geese by some water](../assets/images/digital-provenance/geese2.jpeg)
-
-![Group of geese by some water](../assets/images/digital-provenance/geese3.jpeg)
-
-![Group of geese by some water](../assets/images/digital-provenance/geese4.jpeg)
-
-</div>
-
-...Have a guess?
-
----
-
-Actually, they're all real. But the fact that you may have believed some of them were AI generated poses a problem: How can we tell where an image came from, if it was AI generated, and whether it was edited?
-
-## Provenance
-
-[Provenance](https://youtu.be/K56EhgfCDjs) is the history of ownership of an object, typically used when referring to antiques or art. Knowing the history of a piece of art can affect the value a lot, but you need a way to prove it's an original piece by the artist instead of a reproduction, or was owned by a famous person.
-
-Provenance can take many [forms](https://artbusiness.com/provwarn.html), from an original receipt or documentation from the artist themselves to stickers from a gallery attached to it. Typically, you want a signed [certificate](https://www.artcertificate.co.uk/?id_article=2267) from an expert on the artist in order to verify its authenticity.
-
-## Hoaxes
-
-It's important for historical preservation as well to know that an object is really from a certain time period. There's no shortage of [historical hoaxes](https://www.history.com/articles/7-historical-hoaxes). These can distort our view of history and make us all a bit dumber.
-
-### Cardiff Giant
-
-One of the most famous hoaxes was that of the [Cardiff Giant](https://www.history.com/articles/the-cardiff-giant-fools-the-nation-145-years-ago).
-
-An atheist named George Hull got into an argument with a preacher. Hull was frustrated with the preacher's literal interpretation of the bible, particularly his belief that giants were real.
-
-Hull devised a plan to trick the religious and make some money at the same time. He would have a statue of a giant man constructed and pass it off as a petrified human.
-
-After securing the materials needed, specifically a soft material called gypsum, he convinced a marble dealer to help him with his scheme. A pair of sculptors carved out the visage of a giant 10-foot man, with Hull posing as a model. They even poured sulfuric acid over it to give it an aged look.
-
-He settled on burying the giant in Cardiff, New York, where he cut a deal with a distant relative and farmer named William "Stub" Newell.
-
-On October 16, 1869, Newell hired an unsuspecting pair of workers to dig a well on his property. After they inevitably uncovered the giant, it wasn't long before the whole town was in a frenzy.
-
-![men surrounding a stone sculpture of a man in a hole in the ground doffing their hats](../assets/images/digital-provenance/cardiff-giant.jpg)
-
-<small aria-hidden="true">Photo: Wikimedia Commons (Public Domain)</small>
-
-Speculation that the sculpture was an ancient, petrified man quickly began to spread. Eventually, a syndicate of businessmen offered Newell $30,000 (worth $[705,438.97](https://www.in2013dollars.com/us/inflation/1869?amount=30000) in today's money) for a three-fourths stake, and he took them up on that offer.
-
-P.T. Barnum even tried to buy the sculpture, and after being turned down, he had a replica built and displayed it in a Manhattan museum. Several other copies were made afterward, and soon, there were petrified giants being exhibited all over the country.
-
-In a way that seems familiar to us now, you couldn't even be sure you were looking at the *real* hoax. Misinformation can so easily mutate and spread when left unchecked.
-
-A famed Yale paleontologist named Othniel Charles Marsh declared it "of very recent origin, and a most decided humbug." Unfortunately, as is so often the case, Hull had already cashed in on the fervor by the time experts had properly debunked his hoax.
-
-### AI Hoaxes
-
-Many modern hoaxes tend to make use of social media and focus on getting views and clicks over selling a physical object.
-
-[Miniminuteman](https://youtu.be/Pc2psN0PFTk) is a great YouTube channel covering misinformation on the internet, specifically about archaeology. Misinformation can spread quickly, especially now with the rise of generative AI that can make convincing fake images and videos.
-
-[Here](https://www.mediamatters.org/media/4016186/embed/embed) you can see an example of AI being used to make a fake Joe Rogan podcast clip. Now, whether or not you view Joe Rogan as a reliable source of information is another topic, but as one of the [most popular podcasts](https://podcastcharts.byspotify.com), his reach could be leveraged to spread dangerous misinformation like that a meteor is going to hit earth and kill everyone.
-
-The effort required is low, and the return is high. With TikTok's [Creator Rewards Program](https://www.tiktok.com/creator-academy/en/article/creator-rewards-program), content that's at least 60 seconds long and has high engagement will be rewarded. That means longer videos with alarming content like conspiracy theory videos will do very well since they will have lots of comments from people either fooled by the content posting about how scared they are or people debunking the claims. The insidious thing is the creators get rewarded either way.
-
-[Several](https://youtu.be/E4I6K8OEyho?si=wbWAUcLsjOA7yDnO) [history](https://youtu.be/cqrHmjGD1ds?si=k60RTO9MH177ASTS) [channels](https://youtu.be/HG1324unhcA?si=MuwglKd52FQ7iKU3) on YouTube have expressed their concerns about misinformation being spread about history through AI generated images and videos and how they can distort our view of the past. There's even the possibility that these AI generated images could end up polluting the historical record.
-
-## Content Authenticity Initiative
-
-In 2019, [Adobe announced](https://contentauthenticity.org/blog/test) that it was partnering with the New York Times and Twitter on a project to develop an industry standard for digital content attribution called the Content Authenticity Initiative.
-
-Twitter has since dropped out of the partnership.
-
-## Project Origin
-
-At the same time, [Project Origin](https://www.originproject.info) was designing their system for content transparency. This started as a partnership between Microsoft and the BBC.
-
-## C2PA
-
-The Coalition for Content Provenance and Authenticity, or [C2PA](https://c2pa.org), combines the efforts of Project Origin and the Content Authenticity Initiative. Together, they created the [C2PA standard](https://c2pa.org/specifications/specifications/2.1/specs/C2PA_Specification.html) used to add verifiable provenance data to files, which they dub "Content Credentials."
-
-## Content Credentials
-
-[Content Credentials](https://contentcredentials.org) are the implementation of digital provenance by the C2PA, the culmination of years of research and development by major tech companies, from camera manufacturers to photo editing software and AI companies to social media sites.
-
-The way Content Credentials work draws on concepts both familiar and alien. The standard is designed to be flexible and cover the myriad ways media is used online.
-
-It's important to note that Content Credentials aren't attempting to determine "truth"; that's a much more complex and philosophical topic. Rather, they're trying to show where an image came from, edits made to it, its constituent parts, etc. so that you can decide for yourself if you trust the source. It's trying to show you that an image came from the BBC, rather than whether you should trust the BBC.
-
-### Manifest
-
-Content Credentials are contained in what's called the **manifest**. The manifest consists of the claim, claim signature, and assertions.
-
-![Example of a Manifest, with the Claim, Claim Signature, and Assertions inside](../assets/images/digital-provenance/manifest.svg)
-
-<small aria-hidden="true">Illustration: [C2PA](https://c2pa.org/specifications/specifications/2.1/specs/C2PA_Specification.html)</small>
-
-The manifest is created by hardware or software called a "claim generator."
-
-Files can have multiple manifests, and the set of manifests comprise its provenance data.
-
-#### Assertions
-
-An assertion is labelled data such as the type of camera used, actions performed on the image such as color corrections, a thumbnail image, or other types of data.
-
-#### Claim
-
-The claim gathers together all the assertions and then hashes and cryptographically signs them. The claim is the part that backs up the assertions with cryptography; without it, there wouldn't be a way to verify the authenticity of the data.
-
-### Signatures
-
-The foundation is based around cryptographic signatures, similar to how you'd cryptographically sign software or text with a PGP signature.
-
-The parts of a file that are cryptographically verified are called "hard bindings." This allows programs to detect tampering.
-
-#### Certificate Authorities
-
-There are certificate authorities similar to how HTTPS works, which allow only signatures from trusted sources. Non-trusted signatures will give a warning in whatever C2PA-enabled software you're using.
-
-Content Credentials allow for each application to provide its own *trust lists*: lists of certificate authorities trusted by the application.
-
-The C2PA gives a few examples to illustrate. A news organization might rely on a non-profit organization that verifies the authenticity of sources through real-world due diligence. An insurance company might operate its own internal CA to verify only its own employees handled the images.
-
-### Ingredients
-
-However, what's interesting is Content Credentials can cover multiple assets being [combined](https://contentcredentials.org/verify?source=https%3A%2F%2Fcontentcredentials.org%2F_app%2Fimmutable%2Fassets%2Fhome2.91ab8f2d.jpg) and still be able to verify each element of the image. Each element is called an "ingredient." When the ingredients come together, the result is called a "composed asset," with "asset" referring to a digital media file or data stream.
-
-### Chain of Provenance
-
-It also supports a chain of provenance, showing all steps in the life cycle of the file that change its contents such as edits. These are referred to as "actions."
-
-The specification supports a list of pre-defined actions such as edits, changing the color, translating to a different language, etc. It's really quite flexible, but the flexibility of information that can be provided allows for more opportunities for errors and means you need to trust the entity providing the information more.
-
-An issue I noticed is when making edits using software that doesn't support Content Credentials, they will be corrupted and can't be read by verification programs. This poses a problem for the "unbroken chain of provenance" that the standard promises.
-
-These verification programs tend to offer a way to check against a database of images with Content Credentials, so you can find an image with unbroken provenance data. They use "soft bindings" or a type of fingerprinting of the image in order to find similar images in the database.
-
-I think this problem will be less and less of an issue when more software supports the standard. It will need to be so ubiquitous that image viewing programs don't trust images without provenance data, similar to how browsers don't trust websites without HTTPS. But for now with its very limited availability, that's not the case.
-
-### Privacy
-
-Since Content Credentials are all about attaching extra data to images, concerns about privacy are reasonable.
-
-However, it's important to remember that metadata has always existed in relation to digital files. Just like the metadata we've always had, Content Credentials are optional.
-
-Of course, it'll be up to programs we use to mediate what data is included. In order for the system to work as intended, certain things like "this photo was edited in Adobe Photoshop" will need to be automatically applied. Clear lines between personal data such as names, location, etc. need to be kept up to the user to add.
-
-Privacy was one of the stated goals when the C2PA was designing Content Credentials, and I think they've done a good job giving users control over their information.
-
-## Support
-
-There are several online verification tools you can use to try out Content Credentials. [ContentCredentials.org](https://contentcredentials.org) offers a [verification tool](https://contentcredentials.org/verify) that lets you upload a media file and check its Content Credentials. They have some example images on their site you can try, or you can upload images from elsewhere and see where Content Credentials are supported, for example you can upload any image generated in ChatGPT.
-
-Content Credentials also offers an official [command line tool](https://github.com/contentauth/c2pa-rs/releases?q=c2patool), so you can view exactly what data is being stored in the image. They provide some samples as well that you can play around with. To view the content credentials, just run
-
-```sh
-c2patool sample/C.jpg
-```
-
-for any image you want to inspect, replacing sample/C.jpg with a path to your image.
-
-### BBC
-
-The BBC is doing a limited trial run of Content Credentials with [BBC Verify](https://www.bbc.com/news/bbcverify). Not all media in these articles have Content Credentials attached. [This article](https://www.bbc.com/news/world-latin-america-68462851) has Content Credentials for the video at the bottom. They also ask for feedback, so feel free to provide some. I'd like to see more Content Credentials show up in news reporting, so please add your voice.
-
-### OpenAI
-
-OpenAI has embraced Content Credentials, with images generated using ChatGPT identifying themselves using Content Credentials. Try [generating an image](https://chatgpt.com) and upload it to the verification tool. You should see it identify the origin as OpenAI.
-
-### TikTok
-
-[TikTok](https://newsroom.tiktok.com/en-us/partnering-with-our-industry-to-advance-ai-transparency-and-literacy) became the first video sharing platform to support Content Credentials. For now, it's limited to being able to read Content Credentials from certain AI platforms. They say in the future they'll start labeling all content from TikTok with Content Credentials, but it seems they haven't enabled that yet, as if you download a video from TikTok, the C2PA verify tool will say it doesn't have any Content Credentials.
-
-### Leica
-
-Leica's [M11-P camera](https://leica-camera.com/en-US/photography/cameras/m/m11-p-black) is the first camera in the world to support Content Credentials. That's a huge step toward adoption; camera manufacturers need to support Content Credentials if they're going to be included from the creation of the image.
-
-### Nikon
-
-Nikon is planning to release a firmware update for their [Z6III](https://www.nikon.co.uk/en_GB/learn-and-explore/magazine/gear/nikon-z6iii-firmware-update-to-feature-content-verification) camera that will support Content Credentials.
-
-### Adobe
-
-Much of Adobe's [software](https://helpx.adobe.com/creative-cloud/help/content-credentials.html) supports Content Credentials, including Photoshop, Lightroom, and Adobe Camera Raw as well as Adobe's Firefly AI.
-
-### Qualcomm
-
-With the Snapdragon 8 Gen 3 chipset, Qualcomm is embedding Content Credential capabilities into the Trusted Execution Environment, allowing for Content Credentials to be added right as the photo is produced.
-
-## Limitations
-
-### Lack of Support
-
-Content Credentials will need widespread support at every level, from hardware OEMs to photo editing software vendors and AI generators to sites that host and display images. The rollout of Content Credentials will be slow, although more and more companies are starting to support them.
-
-There are still major players missing support like Apple and Android, which is a big problem considering how many images are taken, edited, and shared on smartphones. Once photos taken from your phone can be imbued with Content Credentials in the default camera app, we'll see much wider adoption I think.
-
-### Easy to Remove
-
-In my testing, any edits from a program that doesn't support Content Credentials will render them unreadable after that point. This problem won't be as bad if and when support for Content Credentials becomes widespread, since you can just decide not to trust images without them, sort of like not trusting a website without HTTPS. Platforms could even display a warning.
-
-But for now, removing Content Credentials won't be noticed.
-
-### Reliant on Certificate Authorities
-
-The system shares a flaw with HTTPS in that you need to rely on trusted Certificate Authorities to verify the validity of the information, except that Content Credentials are trying to verify a lot more information than just who originally made the image.
-
-Since anyone can add their own Content Credentials to an image, a warning is displayed similar to a certificate warning in your browser that the Content Credentials come from an untrusted entity.
-
-### Complexity
-
-One of the issues I ran into while researching was just how complex the standard is, since it needs to cover so many use cases and situations. This is pure speculation, but I can imagine the sheer complexity makes it unattractive for platforms to implement and maintain, which could be contributing to the very slow and partial rollout we're seeing on the platforms of even founding members of the project like the BBC.
-
-I think this will be less of an issue as it rolls out however, as platforms will likely be able to use each other's implementations, or at least reference them when implementing it on their platform.
-
-The standard is still in early stages and there's plenty of room to shape it and improve it in the future, so make your voice heard about how you want to see it implemented. I think with more awareness about Content Credentials, platforms will feel more pressure to support them, so if you want to see this feature on your favorite platform, speak up and gather support.

blog/posts/importance-of-privacy-for-the-queer-community.md

@@ -1,353 +0,0 @@
----
-date:
-    created: 2025-06-03T17:00:00Z
-categories:
-    - News
-tags:
-    - Pride Month
-authors:
-    - em
-description: Data privacy is important for everyone. But for some marginalized populations, data privacy is indispensable for social connection, access to information, and physical safety. For Pride month this year, we will discuss topics at the intersection of data privacy and experiences specific to the LGBTQ+ community.
-schema_type: AnalysisNewsArticle
-preview:
-  cover: blog/assets/images/importance-of-privacy-for-the-queer-community/pride-cover.webp
----
-# The Importance of Data Privacy For The Queer Community
-
-![Photo of a Progress Pride Flag with a semi-transparent padlock icon over it.](../assets/images/importance-of-privacy-for-the-queer-community/pride-cover.webp)
-
-<small aria-hidden="true">Illustration: Em / Privacy Guides | Photo: Chris Robert / Unsplash</small>
-
-Data privacy is important for everyone. But for some marginalized populations, data privacy is indispensable for social connection, access to information, and physical safety. For [Pride month](../tags.md#tag:pride-month) this year, we will discuss topics at the intersection of data privacy and experiences specific to the LGBTQ+ community.<!-- more -->
-
-While it's difficult to get a complete estimate on this, due to fear of discrimination and other factors, a 2021 [survey](https://www.ipsos.com/sites/default/files/ct/news/documents/2021-06/LGBT%20Pride%202021%20Global%20Survey%20Report_3.pdf) conducted by Ipsos in 27 countries revealed that only 80% of the population surveyed identified as heterosexual. Additionally, about 1% of adults identified as a gender different from the one they were assigned at birth. This percentage is even higher for Gen Z and Millennials.
-
-In the United States alone, it's [estimated](https://www.lgbttech.org/_files/ugd/d77b01_0e1e02c938e94ae3aad4ce21312bdde4.pdf) there are 20 million adults who are part of the LGBTQ+ community. That's a lot of people!
-
-Despite the progress of the past decades, the queer population still faces many challenges to being free and safe from discrimination.
-
-Discrimination online, at work, at school, at the national or even the familial level, can put LGBTQ+ individuals in dangerous situations, where data privacy may be the only shield available for protection.
-
-In this context, it's essential for the queer community to be well-informed on the tools and practices that can help mitigate the risks, so that information, services, and support can still be accessed safely.
-
-## Higher risk when data gets exposed
-
-Unfortunately, LGBTQ+ people are still at a higher risk when their personal data gets exposed.
-
-First, for people living in environments hostile to their sexual orientation or gender identity, keeping personal information private can literally mean life or death. Tragically, even today many countries still criminalize homosexuality and gender identities different from cisgender. When this personal information gets exposed, people might lose support from their family, lose their job, get arrested, or even be [executed](https://en.wikipedia.org/wiki/Capital_punishment_for_homosexuality) in some countries.
-
-People in these very vulnerable situations have to be *extremely* careful about protecting their data in order to stay safe, online and offline.
-
-Moreover, organizations collecting data that could put anyone at risk of getting accidentally or maliciously outed should feel a *strong responsibility* to protect this data fiercely, and be held legally accountable when they fail.
-
-### Being outed against one's will
-
-For a queer person, deciding when, how, and to whom to reveal their sexuality or gender identity is a very important and intimate moment. It *must* be a personal choice, and only on the person's own terms.
-
-Even in countries where queer identities and sexualities are legal and accepted, [being outed against one's will can have devastating consequences](https://www.pridecorner.org/post/how-to-support-someone-who-has-been-outed-against-their-will).
-
-If someone lives with family members who do not accept who they are, getting outed against their will could mean losing their home and familial support. In other situations, perhaps their family is supportive, but their employer isn't, or maybe some of their friends or co-workers are hostile. They might want to keep this information from them in order to avoid conflicts at work, or avoid losing friendships. Further, there is of course the risk for discrimination, online harassment, and worse.
-
-No matter the situation, coming out as queer should always be an individual and intentional choice.
-
-It is an act of violence to out someone against their consent, even when performed by the intermediary of an algorithm or a neglectful data leak.
-
-Each time there is a data breach that includes information about gender identity, sexuality, browsing history, location history, installed applications, or legal names, this data leak risks outing people against their will.
-
-For all these reasons, it is vital that information be safeguarded so that a queer person is empowered to choose when, how, and to whom to come out on their own terms.
-
-In today's political climate, this is unfortunately even truer for trans people, who are at a greater risk of getting outed against their will when data about their gender, sex, or legal name leaks. Sadly, there are still too many online forms and software that needlessly collect gender data when it's completely unnecessary. Similarly, requiring full *legal* name is completely irrelevant in many situations where it is currently asked.
-
-Developers must take responsibility and design software and forms considering these risks. As data scientist and civic technologist Soren Spicknall explains brilliantly, gender data [should never be collected](https://medium.com/@SorenSpicknall/protecting-queer-communities-through-data-4707ae0cb562) unless *absolutely* necessary and *absolutely* protected, which in most instances it really isn't:
-
-> "Is the danger to your LGBT+ users worth the ability to roughly guess whether somebody is buying a purse for themselves or as a gift, or to assume you know what kind of movie they want to watch?"
-
-Algorithms shouldn't be able to target sexuality and gender identity as markers for advertising purposes. Unfortunately, there have already been reported incidents where [people were outed against their will by Facebook](https://www.dailydot.com/irl/facebook-ads-lgbtq/) spitting around rainbow ads everywhere, because of Facebook secretly tying someone's browsing activity back to their profile.
-
-Facebook (and most other commercial platforms) uses cookies and other tracking technologies to follow users online and [build an advertising profile](https://www.makeuseof.com/tag/facebook-tracking-stop/) based on their online activity, even outside of Facebook. Then, it shows ads on Facebook related to that activity, no matter if this information was shared or not on the platform.
-
-This kind of non-consensual outing can have devastating consequences, and should be forbidden by law. Everyone should be able to come out when and how they see fit, and not be aggressively outed by some Facebook or Google ad algorithm, or by some negligent data leak.
-
-### Online harassment and extortion
-
-The risk of having data about one's sexuality or gender identity revealed against one's will can be very dangerous for some people.
-
-With online harassment on the rise, this intimate information can be weaponized by bigots and extortionists to cause severe harm. Unfortunately, this isn't a rare occurrence, even in countries where the LGBTQ+ community is well accepted. Regrettably, some platforms have even started to [roll back previous protections against hate speech](https://apnews.com/article/social-media-lgbtq-tiktok-x-facebook-instagram-glaad-f790bda1bc3f169ef28ca3f441ea8447) and harassment. This will have a severely detrimental impact on the safety of the queer community online.
-
-This year, the LGBTQ advocacy organization GLAAD produced a [Social Media Safety Index](https://glaad.org/smsi/2025/platform-scorecard/) rating six major platforms: TikTok, Facebook, Instagram, YouTube, Threads, and X. X (formerly Twitter) received the worst safety score of them all.
-
-### Seeking health information
-
-People questioning their gender identity or sexuality might seek information online about the health procedures or treatments they need.
-
-This sensitive search history can reveal a lot of personal details that should never be exposed against one's will. Sadly, browsing the internet without any tracking is a task that becomes harder every year, and many people aren't aware of the protections they can use against this tracking.
-
-People can suffer from severe harm when sensitive data related to their gender-affirming care or sexual health is exposed, ranging from non-consensual outing to imprisonment. Discrimination related to this type of health information is still rampant in every country in the world.
-
-### Seeking community online
-
-Seeking the support of online communities is common for queer people who can more easily feel isolated. This is especially true for youth living in hostile or rural environments, where smaller population density often means less supportive local resources and venues.
-
-For people in these situations, finding community online can be essential to survival.
-
-Despite all its flaws, the internet still offers a wonderful way to connect with others regardless of physical distances, and this is doubly true for the queer community.
-
-The need for social connection and support from peers is a fundamental human need. No matter how dangerous this can be, not sharing information online is simply not a viable option for many queer people.
-
-## Privacy-invasive practices that are exponentially worse for queer people
-
-### Real-name policies
-
-Many privacy-invasive practices and policies are significantly more dangerous for LGBTQ+ people. For example, [the "real-name" policies](https://en.wikipedia.org/wiki/Real-name_system) on Facebook and other platforms are absolutely horrendous for transgender people.
-
-If a trans person uses an older account, or has not changed their name on official documentation, a real-name policy could either out them against their will, force them to keep their [deadname](https://en.wikipedia.org/wiki/Deadnaming) online, or even lock them out of their account if official ID is requested for account recovery and doesn't match the name they used for the account.
-
-For many people around the world, the use of pseudonyms or chosen names online means safety, and this is even truer for trans people and other queer people.
-
-### Single-account policies
-
-Thankfully, most platforms aren't using such policies yet. But unfortunately, it does seem there could be a push to implement single-account policies in the near future.
-
-With the multiplication of age verification laws and the proliferation of unregulated AI systems, there has been some talk of using unique identifiers to prevent the creation of multiple accounts. This is **a horrible idea for everyone**, and should never be allowed, but it's even worse for LGBTQ+ people.
-
-Creating multiple accounts for different purposes, for example to separate work life from personal life, is a great privacy practice for anyone.
-
-Multiple accounts on a same platform, or "alt accounts", are regularly used by queer people in order to be their full selves online, when they aren't fully out in their public or personal life, or just because they prefer to keep their queer identity and activities separated.
-
-Sadly, if single-account policies begin to be implemented on platforms, this great privacy protection could soon disappear.
-
-### Facial recognition
-
-Facial recognition is an especially problematic technology for transgender people. Many times, these algorithms will not only create a faceprint from the data, but will also try to infer gender from it.
-
-These systems are deeply flawed and have discrimination biases built-in. They can't even reliably identify the correct gender of cisgender people. Because of the way these algorithms were developed, the use of this technology is [worse for transgender people](https://www.theswaddle.com/how-facial-recognition-ai-reinforces-discrimination-against-trans-people), and [exponentially worse](https://sciencepolicy.hsites.harvard.edu/blog/racial-discrimination-face-recognition-technology) for transgender people of color.
-
-Tragically, privacy legislation is lagging behind at protecting us by regulating this biased, invasive, and inaccurate technology that is spreading faster and further every year.
-
-### Public photos during events
-
-These days, it's pretty much impossible to attend many events without having our photo intrusively taken by a stranger and posted on Instagram without our consent.
-
-This is a generally bad behavior that we should all work on improving culturally. Posting photos of strangers online without their consent can be much more harmful for queer people.
-
-For example, taking photos at a Pride event and posting it online can out people against their will. While it's perhaps fair to assume most people *performing* in a Pride parade or on a stage might implicitly be comfortable with it, this isn't necessarily the case for people in the *audience*.
-
-This non-consensual practice, coupled with the corporate social media tendency to use facial recognition to tag everyone's faces, can cause harm in all sorts of ways.
-
-We should all [develop more respectful practices](the-privacy-of-others.md) when taking photos at events, and be mindful not to post anything online which could identify anyone in the audience who did not give their explicit consent.
-
-### Background checks and algorithmic biases
-
-Even for people who are publicly out and live in regions that are supportive, discrimination and biases are still there. Despite new legislations and a more progressive culture, data remnants of previous oppressive times can still have a severe negative impact on someone's life. Too few efforts are made by institutions to correct records properly after legislation has passed.
-
-This is especially problematic with opaque systems where embedded discrimination might not be obvious. Algorithmic decision-making is a growing danger for this, considering there is often no way to trace back the reasons a decision was made, and no accountability for whomever fed biased data to the black-box algorithm, whether negligently or maliciously.
-
-There are also older systems of decision-making, such as background checks. Last year, a 78-year-old woman from West Sussex [learned](https://www.bbc.co.uk/news/articles/c3v5pwnpnvko) that she had a criminal record for 56 years for being a lesbian in the military (at a time when it was illegal). Completely unaware of this outdated data trail, this woman spent her whole life with this discriminatory tag attached to her records. This likely cost her countless opportunities throughout the decades, without her ever knowing the cause.
-
-Unfortunately, this kind of incident is likely to multiply by millions with the increased use of algorithmic decision-making using closed systems, often impossible to audit.
-
-### Dating apps data
-
-Last but not least, data collected by dating apps is an especially sensitive issue for the queer population.
-
-Regrettably, there have already been numerous data breaches showing this risk is very real. Intimate photos have been leaked, location data has been leaked, health data has been leaked, and even private messages have been [leaked](https://www.pride.com/think-your-privacy-is-safe-on-the-gay-dating-apps-this-data-leak-could-change-your-mind).
-
-The harm caused by these leaks and breaches have consequences ranging from accidental outing, to loss of employment, extortion by criminals, imprisonment, and even *death*.
-
-In countries where homosexuality is criminalized, cruel state authorities and homophobic bigots are [weaponizing dating apps to entrap](https://www.article19.org/resources/apps-traps-dating-apps-must-protect-communities-middle-east-north-africa/) LGBTQ+ people to attack or arrest them. Weighing the need for support, love, and affection, with the very real risk of physical aggression is a dreadful challenge many queer people face.
-
-## Things to keep in mind to stay safe
-
-Despite the increased risks the queer community is exposed to, staying offline and disconnected from the world isn't a viable option.
-
-Indeed, disconnection and isolation can be a *worse* risk for many LGBTQ+ people, especially younger people. Tragically, queer youth are more than four times as likely to attempt suicide. Disconnecting from the internet communities that accept them isn't an option, and would pose dangers of its own.
-
-Thankfully, there are many tools and practices that can be adopted to improve privacy online, and reduce the risk of sensitive data getting exposed. Here are a few ideas that might help yourself or your loved ones to stay safer online:
-
-### Using better social media
-
-Social media usage leaves *a lot* of digital footprints online, and some platforms are worse than others for this. Staying mindful about which platform to choose, and how to use it, can greatly improve one's experience and security.
-
-Favoring alternative social media platforms that do not have a commercial incentive to monetize data can really help.
-
-For example, platforms that are developed and managed by a community of volunteers, rather than a for-profit corporation, tend to keep their users' benefits and safety in mind much more.
-
-If you are ready to make a change, [Mastodon](https://joinmastodon.org/) is a non-profit platform that [we recommend](https://www.privacyguides.org/en/social-networks/#mastodon).
-
-Mastodon is a social media platform that somewhat resembles Twitter prior to its rebranding. It is composed of multiple servers you can choose from, which makes it easier to move your account if you aren't satisfied with the moderation on one particular server.
-
-To get started, you can choose the server administrated by the team who develops the Mastodon software ([mastodon.social](https://mastodon.social/about)), or you can choose a smaller server run by volunteers (you can also self-host, but that's a longer story).
-
-Don't let this choice intimidate you too much though, these servers connect with each other, and you can always move later on. Just pick one you like. Some servers will have a focus on a region, a topic, a hobby, and there are even servers focused on LGBTQ+ communities, such as [tech.lgbt](https://tech.lgbt/about), [lgbtqia.space](https://lgbtqia.space/about), and [more](https://joinmastodon.org/servers).
-
-All the servers listed on the Mastodon website have [committed](https://joinmastodon.org/covenant) to hold active moderation against racism, sexism, homophobia, and transphobia.
-
-Additionally, Mastodon connects with other social media platforms that are also part of the larger [Fediverse](https://fediverse.info/) network.
-
-If you prefer something similar to Instagram, you can replace it with [Pixelfed](https://pixelfed.org/). For something similar to Facebook, look for [Friendica](https://friendi.ca/). For something more like TikTok, try [Loops](https://loops.video/). For a replacement to YouTube, check videos on [PeerTube](https://joinpeertube.org/), and [more](https://fediverse.info/explore/projects)!
-
-These alternative platforms often benefit from stronger moderation and better respect for their users' data. Because they aren't for-profit corporations, they have no interest in collecting your data, tracking you, or imposing invasive "real-name" policies. Additionally, they run **no ads**!
-
-#### Secure any social media you use
-
-No matter what social media platform(s) you choose to use, the first step should always be to make sure you go through all the settings to secure your account ([enable multifactor authentication](https://www.privacyguides.org/en/basics/multi-factor-authentication/)!), and adjust the available privacy options to your needs and preferences (consider [locking](https://www.privacyguides.org/en/social-networks/#public-profile) your account if you wish to restrict visibility to your followers).
-
-This is true for Mastodon as well, but you should make adjusting all the privacy and security options an *absolute priority* for *any* corporate social media, especially [if you stay on Facebook](https://www.digitaltrends.com/social-media/how-to-opt-out-of-targeted-ads-on-facebook/).
-
-Additionally, keep in mind that many platforms, including X, Facebook, and Reddit, will now use all your posted content to train their AI systems, making this information and embedded biases likely impossible to delete in the future.
-
-Developing an awareness of what data is shared, who can access it, how it is secured, and how it is used is very important for staying safe online.
-
-### Securing data when communicating
-
-Outside of social media platforms, many tools are available to help you secure your intimate and private communications.
-
-While chatting on dating apps may be the first step to meeting new people, moving early to end-to-end encrypted channels is likely a good idea for data security and privacy.
-
-That being said, also take into account that because your communications there will be fully end-to-end encrypted (only visible by its intended sender and recipient), there will be no moderation with it. Make sure you trust a person enough before moving the discussion to an end-to-end encrypted, more personal channel.
-
-#### Instant messaging communication
-
-[Signal](https://www.privacyguides.org/en/real-time-communication/#signal) is a wonderful end-to-end encrypted and free-to-use instant messaging app. Signal will collect your phone number to create the account, but nothing else.
-
-When using Signal, you should [enable the username feature](https://support.signal.org/hc/en-us/articles/6712070553754-Phone-Number-Privacy-and-Usernames). That way, you can (and should) share your *username* only, instead of sharing your phone number to connect with others.
-
-Additionally, you should [enable the disappearing messages](https://support.signal.org/hc/en-us/articles/360007320771-Set-and-manage-disappearing-messages) feature from Signal, to help clean up the data you no longer need as time goes, and reduce the risk of leaks.
-
-<div class="admonition danger" markdown>
-<p class="admonition-title">Only send sensitive information to people you genuinely trust!</p>
-
-Keep in mind that even when using end-to-end encrypted apps and a disappearing message features, this will not prevent a malicious person from downloading this data on their device or taking a screenshot of it.
-
-Be especially careful when sending very sensitive information, such as intimate photos for example. No matter how secure the application is, you should only send sensitive information and pictures to people you know and sincerely trust.
-
-</div>
-
-#### Email communication
-
-For email communication, migrating to an end-to-end encrypted alternative can make a big difference for your privacy.
-
-For example, services like Gmail (Google) and Hotmail (Microsoft) could access the content of all your communications, and often use this information in various ways to build advertising profiles. Because email content isn't end-to-end encrypted, this data could get requested by authorities as well, and handed to them in plain text (unencrypted).
-
-For secure and more private end-to-end encrypted email services, we recommend [Proton Mail](https://www.privacyguides.org/en/email/#proton-mail) or [Tuta](https://www.privacyguides.org/en/email/#tuta). These services will not make you anonymous when you email someone (email address, IP address, and subject line, could still identify you), but the content of your communication will be encrypted end-to-end (if used with a compatible service), and only visible to its intended recipient(s).
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Encrypted email service limitations</p>
-
-Stay aware that if you email someone who is not using the same end-to-end encrypted email service as you, and you aren't using any additional measures to encrypt the message, this email will likely be accessible to the service you sent it to.
-
-For example, if you send an email from a Proton Mail address, to someone using a Gmail address, without asking the recipient to use your encryption key or use any additional services, then the email you sent will be stored on Google's servers, and could get accessed by Google.
-
-If you send a Proton Mail email to another Proton Mail user, the *content* of the message will be fully end-to-end encrypted and Proton could not access it.
-
-The same is true for any other email providers. Make sure to verify compatibility fully before sending any sensitive information that way.
-
-</div>
-
-### Securing data when traveling
-
-When traveling, keep in mind that different countries or regions might have different laws related to LGBTQ+ people.
-
-Your marriage might not be recognized in the location you are visiting. Your new legal name might also not get the same recognition, sadly. The first step to take when planning a trip should always be to gather information on the legal and cultural differences between your own region and the one you are visiting.
-
-If you are visiting a country hostile to your sexuality or gender identity, make sure to take the proper precautions to secure your data *before* you cross the border.
-
-This could mean leaving your phone at home and only bringing a burner phone with you. It could also mean bringing additional (or different) types of official ID that are less likely to get you in trouble, and more likely to get accepted by the authorities of your visiting country.
-
-Be extremely careful when connecting to Wi-Fi services from a foreign country. If you were to connect to a service or website that is illegal there, and could accidentally out yourself as queer, you could get in trouble with few recourses. Using a [trustworthy VPN](https://www.privacyguides.org/en/vpn/) can help mitigate some of this risk.
-
-### Securing data when protesting
-
-For this month of Pride, you might feel the need to join a protest more than a parade.
-
-If you decide to join the action, make sure to secure your data properly to stay safe. Prepare your devices adequately to be ready and resist surveillance targeted at protesters. Consult our [Protesters' Guide to Smartphone Security](activists-guide-securing-your-smartphone.md), and make sure you understand well the level of risk of this particular protest. **Different protests in different regions require different levels of data protection.**
-
-If you are organizing actions, try to stay away from corporate platforms who will willingly and quickly share your data with authorities (even private messages). If you must use corporate platforms, then make sure to limit the personal data you share there, and ensure attendees have alternative ways to contact you that do not require them to create an account, to register, or to use their legal name.
-
-Having an independent website, or using a Fediverse-connected platform that will be accessible to everyone even without an account, are better ways to organize.
-
-For example, if you create a Mastodon account for your organization, people will not need to create a Mastodon account to read your posts and event announcements. All your posts will be accessible just like any independent website would be (if you leave your posts' visibility public).
-
-Setting up an end-to-end encrypted email address and using an [alias email address](https://www.privacyguides.org/en/email-aliasing/) are also good ways to stay accessible without requiring attendees to use a Facebook account.
-
-Additionally, there are federated platforms, such as [Mobilizon](https://mobilizon.org/), that can be a great non-commercial way to organize in a safer and more accessible space.
-
-Data shared on federated platforms isn't necessarily end-to-end encrypted, and could also get shared with authorities if requested. But by using non-commercial platforms, this data will not be compiled and attached to an account the same way this would happen on a for-profit corporate platform such as Facebook. Using alternative not-for-profit platforms isn't perfect nor anonymous, but it's still a great improvement from the corporate default.
-
-### Protections for extreme situations
-
-Finally, if you are living in an extreme situation where being yourself is dangerous to your physical safety, caution must be a priority.
-
-There isn't a single solution that can protect all your data at once, and anyone telling you there is one is lying to sell you something. Remain skeptical of such claims.
-
-However, there are a *multitude* of practices and tools that can help *reduce* your data trails, and improve your privacy greatly. The tools and practices you need to adopt will depend on the [threat model](https://www.privacyguides.org/en/basics/threat-modeling/) specific to your situation.
-
-Take the time to evaluate well which data could put you in danger, and focus on protecting this first.
-
-If you are in a situation where someone hostile to you has access to your device, for example because you are living with an unsupportive family and need to browse the internet on a family device, Tails may be a tool that can help you. If you can use this computer unobserved, by [using the live system Tails](installing-and-using-tails.md) installed on a USB stick, you can keep your browsing activity hidden from this device. Your Internet Service Provider (ISP) could still know you have been visiting a special network, however. Make sure to read our tutorial thoroughly if you decide to use Tails.
-
-If the information stored on your computer isn't a risk to you, but visiting LGBTQ+ websites from your country could be dangerous, perhaps [using Tor](in-praise-of-tor.md) with a Bridge or through a [trustworthy VPN](https://www.privacyguides.org/en/vpn/) could be another solution to allow you to access this information in a safer way.
-
-It's impossible to cover every specific situation, but know that there are [many solutions](https://www.privacyguides.org/en/tools/) to reduce the risks greatly, and improve data protection to allow you to **stay connected, stay yourself, and stay safe** 💛
-
-<div class="admonition tip" markdown>
-<p class="admonition-title">Caution: This isn't an exhaustive list!</p>
-
-This is only a short introduction to some practices and tools that *can* improve your privacy online. Not one solution will be enough to be anonymous online.
-
-It's important to stay aware of what data will still be shared and which will be better protected, but nothing will make you 100% anonymous.
-
-For more information on how to improve further your data protection online, you can consult our various guides. If you are just starting in your privacy-improving journey, be patient. Adopt one small improvement at the time, then add another one. Each additional step you take will slowly but surely reduce your data trails, and improve your privacy overtime.
-
-</div>
-
-## Improving data privacy is vital for everyone, but critical for the queer community
-
-Every situation is different and requires different protections. While data privacy is important for everyone, it's also essential to acknowledge that marginalized populations are often at a heightened risk when their data gets exposed.
-
-Protection *cannot* be only an individual responsibility. **Protecting vulnerable and marginalized populations is a societal responsibility that concerns everyone.**
-
-We *all* have a **duty of care** to protect the data of others. Whether it's from the photos we take at public events, or the discussions we have about others on Facebook or X-Twitter's direct messages, *everyone* must improve their practices on this.
-
-Moreover, anyone in a position to improve how data is collected from users *must* be held accountable, and must feel morally liable on the decisions taken that could endanger anyone, but especially marginalized groups like the queer community.
-
-In an ideal world, laws and cultures would protect everyone and particularly the most vulnerable *by default*.
-
-But until we get there, we have to empowered ourselves to bring change and stop predatory data collection, prevent negligent data security, and educate everyone on the tools we can use to help ourselves and the most vulnerable to stay safe.
-
-## Additional resources
-
-### Helplines
-
-- [Mindline Trans+ (UK)](https://www.mindinsomerset.org.uk/our-services/adult-one-to-one-support/mindline-trans/): A confidential emotional, mental health support helpline for people who identify as Trans, Agender, Gender Fluid or Non-Binary.
-
-- [Trans Lifeline Hotline (US and Canada)](https://translifeline.org/hotline/): Trans peer support over the phone.
-
-- [Suicide & Crisis Helpline (US and Canada)](https://988lifeline.org/): General support 24/7 phone number 988.
-
-- [Suicide & Crisis Helpline (International)](https://en.wikipedia.org/wiki/List_of_suicide_crisis_lines): List of suicide crisis lines around the world.
-
-### Supportive organizations
-
-- [Egale (Canada, International)](https://egale.ca/asylum/): Resources for LGBTQ+ asylum and immigration requests from outside and inside Canada.
-
-- [SOS Homophobie (France)](https://www.sos-homophobie.org/international-content): Non-profit, volunteer-run organization committed to combatting hate-motivated violence and discrimination against LGBTI people.
-
-- [The Trevor Project (US)](https://www.thetrevorproject.org/): Suicide prevention and crisis intervention non-profit organization for LGBTQ+ young people.
-
-- [Trans Rescue (International)](https://transrescue.org/): Organization assisting trans and queer individuals in relocating from dangerous areas to safer places.
-
-- [Twenty10 (Australia)](https://twenty10.org.au/): Sydney-based organization providing a broad range of free support programs to the LGBTIQA+ community.
-
-### International advocacy
-
-- [Amnesty International](https://www.amnesty.org/en/what-we-do/discrimination/lgbti-rights/): Human rights organization running campaigns to protect and uphold the rights of LGBTI people globally.
-
-- [Human Rights Watch](https://www.hrw.org/topic/lgbt-rights): Human rights non-profit who documents and exposes abuses based on sexual orientation and gender identity worldwide, and advocate for better protective laws and policies.
-
-<div class="admonition tip" markdown>
-<p class="admonition-title">Stay aware of your data trail</p>
-
-If the traces of this article in your browsing history could put you at risk, visit [our guide](clearing-browsing-data.md) to properly delete this data from your device.
-
-</div>

blog/posts/mastodon-privacy-and-security.md

@@ -1,914 +0,0 @@
----
-date:
-    created: 2025-07-15T17:00:00Z
-categories:
-    - Tutorials
-authors:
-    - em
-description: While most social media rely on commercial models harvesting users' data, Mastodon offers an alternative that doesn't seek profits from your data and attention.
-schema_type: AnalysisNewsArticle
-preview:
-  cover: blog/assets/images/mastodon-privacy-and-security/mastodon-cover.webp
----
-
-# Privacy and Security on Mastodon
-
-![The Mastodon name and logo over a dark purple background with a large purple padlock icon under it.](../assets/images/mastodon-privacy-and-security/mastodon-cover.webp)
-
-<small aria-hidden="true">Illustration: Em / Privacy Guides | Logo: Mastodon gGmbH</small>
-
-Mastodon is an open-source and decentralized social network that has been growing in popularity for the past few years.
-
-While most social media rely on commercial models harvesting users' data to sell to advertisers, Mastodon offers a human-centric alternative that doesn't seek profits from your data and attention. This means better social connections, better controls, and better privacy.<!-- more -->
-
-Mastodon doesn't use your data to make money. This fact alone comes with incredible benefits for data privacy and security. Because the goal isn't to collect as much information as possible on its users, Mastodon embraces data minimization and only requires providing what is truly needed to run the service for you.
-
-If you do not have a Mastodon account yet, but would like to learn more about its privacy and security practices and features before creating one, the first part of this article will give you an overview of what they are.
-
-If you already have a Mastodon account, the second part of this article will guide you to use and understand better the controls it offers. If you are already informed about Mastodon's privacy and security, you may want to [**jump directly to the tutorial**](#tutorial-how-to-adjust-and-improve-privacy-and-security-on-mastodon) part.
-
-This article isn't an onboarding guide to start using Mastodon, but if that's what you seek, take a look at this [short guide](https://docpop.org/2025/02/how-to-get-started-with-mastodon/) from Doc Pop. If you're still unsure about using Mastodon, [this excellent video](https://news.elenarossini.com/fediverse-video/) from Elena Rossini might convince you.
-
-<div class="admonition info" markdown>
-<p class="admonition-title">Mastodon the software vs the network vs the instance</p>
-
-Unless otherwise specified, the word *Mastodon* in this article will refer to the Mastodon *software,* in its default version. The Mastodon *software* is different from the Mastodon.Social original *instance* (server), and is different from the Mastodon *network*.
-
-**Mastodon software**: The software used by people on the Mastodon network, and installed by administrators to run an instance (what you see).
-
-**Mastodon network**: The network of interconnected instances using the Mastodon software (all the different Mastodon instances you interact with). The Mastodon network also connects to the larger Fediverse network.
-
-**Mastodon.Social, the instance**: The largest Mastodon server, managed and moderated by the Mastodon nonprofit organization.
-
-</div>
-
-One of the wonderful possibility Mastodon offers is to [self-host your own Mastodon instance](https://docs.joinmastodon.org/user/run-your-own/). While this is the pinnacle of control, security, and privacy for a skilled administrator, self-hosting also means more responsibilities, where more expertise and resources are required. This isn't realistically accessible to everyone.
-
-For this reason, this article-tutorial will focus on the experience from the **user side**, and not from the administrator side.
-
-## :octicons-home-16: Choosing a Mastodon instance
-
-Another particularity of Mastodon compared to commercial social media is its true decentralization.
-
-The Mastodon network is composed of a [multiplicity of instances](https://joinmastodon.org/servers) that connect with each other, through a protocol called [ActivityPub](https://docs.joinmastodon.org/#fediverse). This collection of connected instances, along with other connected software using the same protocol, is called [the Fediverse](https://jointhefediverse.net/).
-
-![Screenshot of the official Mastodon website from the page presenting various Mastodon instances.](../assets/images/mastodon-privacy-and-security/mastodon-choosing-instance.webp)
-
-This article will not go deep into this topic, but it's important to mention that different instances will offer different degrees of privacy and security. Choosing an instance can have an important impact on this.
-
-This is because the administration team of each instance has the responsibility to configure the software properly, to keep it updated, and to safeguard the server hosting the data. This in itself implies many security duties. It's important to consider the capabilities of the administration team to secure the instance you choose to join.
-
-Moreover, even when the security part of hosting is well managed, the administration team is also responsible for enforcing policies and moderation. The quality of moderation can have a significant impact on the safety and privacy of a community.
-
-Choosing an instance where you trust the administration and moderation team is essential to have a good and secure experience on the network. This is true for any other social media as well, even the ones that sadly don't offer any option to move your account if you aren't happy with management.
-
-To facilitate choosing an instance, the Mastodon official website keeps a list of instances that have all agreed to follow the [Mastodon Server Covenant](https://joinmastodon.org/covenant), committing to the following:
-
-- Enforcing active moderation against racism, sexism, homophobia, and transphobia
-
-- Conducting daily backup to avoid accidental data loss
-
-- Having at least one other person with emergency access to the server
-
-- Giving at least 3 months of advance notice if the server shuts down and users have to move (this isn't frequent)
-
-### Changing instance
-
-Despite these considerations, Mastodon newcomers **shouldn't feel [analysis paralysis](https://en.wikipedia.org/wiki/Analysis_paralysis) over choosing an instance**. This decision isn't permanent, and can be changed later on, once one has acquired a better sense of the platform.
-
-Indeed, as shown later in the tutorial part, Mastodon makes it possible to easily [move an account](#moving-to-another-instance) from one instance to another!
-
-If trust is broken by an instance administration or moderation team, users can easily decide to migrate to another one with better practices. This account portability is quite unique to the Fediverse.
-
-While account content (posts) will unfortunately not get transferred through this process on Mastodon (yet), account followers *and* follows will be moved unharmed during a Mastodon account migration.
-
-Furthermore, this process might get improved soon! There is work currently being done to implement data portability between two ActivityPub servers (even for account content) with the [LOLA protocol](https://swicg.github.io/activitypub-data-portability/lola). This could eventually allow Mastodon's account migration process to include posts migration as well.
-
-<div class="admonition success" markdown>
-<p class="admonition-title">You can always keep a copy of your content!</p>
-
-Even if the Mastodon migration process doesn't allow for automatic posts transfer (yet), you are still able to keep a local copy of all your content, before moving to another instance or for backup purposes. More on this in the tutorial part.
-
-</div>
-
-## :octicons-shield-check-16: How secure is Mastodon
-
-As explained previously, choosing an instance with a competent and trustworthy administration team is fundamental on Mastodon. Due to a plurality of instances, levels of security expertise can greatly vary from one server to another.
-
-### Server security
-
-As for any platform we use online (including commercial social media), it's important to evaluate properly the level of trust we are willing to give before subscribing to a service handling our data.
-
-In this case, it means trusting the administration team of the instance you choose to safeguard the instance's server and data properly.
-
-Additionally, like any other social media, Mastodon isn't immune to software vulnerability. When a problem arises, your server's security will depend on the responsiveness of your administrator(s).
-
-Mastodon's development team has a good track record of acting promptly to fix and transparently inform the community when a critical [vulnerability is found](https://www.theregister.com/2024/02/02/critical_vulnerability_in_mastodon_is/). However, your instance's administration team must also act quickly to implement the fix.
-
-Due to the decentralization of the Mastodon network, software patches cannot be automatically pushed to all instances at once. Administrators' reaction time may vary for each instance.
-
-### Software security
-
-Because the Mastodon software is open-source, anyone can inspect [its code](https://github.com/mastodon/mastodon). This *can* offer the benefit of getting more opportunities to spot and patch potential problems.
-
-It also allows anyone to verify privacy and security claims, which greatly improves transparency and trust. This is something that cannot be done with proprietary closed-source software like most commercial social media use.
-
-But open-source code isn't magically secure either. Experts still have to take the time to actually inspect the code for this to have any significant value.
-
-In 2023, the Mozilla Foundation funded a penetration test for Mastodon that was conducted by the German cybersecurity firm [Cure53](https://cure53.de/). Following the results, the Mastodon development team [promptly fixed](https://arstechnica.com/security/2023/07/mastodon-fixes-critical-tootroot-vulnerability-allowing-node-hijacking/) the critical vulnerabilities found, and informed instance administrators to be ready to patch the software quickly. Mastodon instances updated to the most recent software now benefit from greater security, thanks to the excellent work of Cure53 and the Mastodon development team.
-
-Additionally, anybody detecting a security vulnerability in Mastodon's code can [report it easily](https://github.com/mastodon/mastodon/security/policy) on the project's GitHub page. Known security vulnerabilities are also transparently reported to the public in the [security advisories](https://github.com/mastodon/mastodon/security/advisories) list.
-
-Since April 1st this year, the Nivenly Foundation started the Fediverse Security Fund, a [security bounty program](https://nivenly.org/docs/programs/fediverse-security-fund/) to encourage more people to contribute to securing Mastodon and other Fediverse-connected software.
-
-The experimental program will run **until September 30th, 2025**, and invites individual researchers and contributors to identify or patch vulnerabilities, rewarding them with a one-time sponsorship. If successful, the program could get extended, depending on member votes.
-
-Regarding the software itself, Mastodon [uses](https://docs.joinmastodon.org/spec/security/) public key cryptography to secure HTTP Signatures and Linked Data Signatures. From [version 4.4](https://blog.joinmastodon.org/2025/07/mastodon-4.4/), Mastodon implemented a number of [security improvements](https://blog.joinmastodon.org/2025/07/mastodon-4-4-for-devs/) to authentication and authorization mechanisms. Mastodon 4.4 now [supports](https://docs.joinmastodon.org/spec/security/#http-message-signatures) incoming HTTP requests to be signed with RFC9421-compatible signatures. Additionally, the older (less secure) OAuth password grant type has been removed, and the OAuth Client Auth with HTTP Basic Auth with SSO has been fixed.
-
-On the user side, Mastodon gives options to improve account security with the use of **multifactor authentication**, using an authenticator app or a physical security key. Already, this is better account security than what many (if not most) commercial social media platforms propose.
-
-In addition, Mastodon users can see within their account lists of all sessions open, the authentication history, and all third-party software authorized to access the account. Users can quickly revoke access to any unauthorized or unused sessions or app, as necessary.
-
-### Data security
-
-Finally, because Mastodon only requires **minimal information** to create an account, less personal data risks getting exposed, in the unfortunate eventuality of a data breach. For example, no phone number, legal name, or official ID is required. This is excellent for both privacy and security.
-
-Even if Mastodon has a much smaller security team than larger commercial platforms, its decentralization, transparency, and data minimization gives it significant advantages over for-profit social media.
-
-Users' private data is protected reasonably well at the software level, but again, this protection also relies on the server security for each specific instance.
-
-While security and privacy are related concepts that can enhance each other, they differ in many points. A piece of software could be very secure, yet collect and use a lot of private data, regardless of the user's consent or knowledge. Inversely, a seemingly privacy-respectful software could be collecting very little user data, yet not securing it properly.
-
-Both privacy and security are important to consider for users, and both must be examined when evaluating software.
-
-## :octicons-lock-16: How private is Mastodon
-
-When using social media, there are always two sides to data privacy: The data collected by the service, and the data exposed by the user posting content.
-
-### Data collected by the service
-
-On Mastodon, the platform collects only minimal information from the user. Besides the content you decide to share for your profile and posts, the software only requires an *email address,* a *username,* and a *password* to sign up.
-
-Starting from version 4.4, some instances might also collect a *date of birth,* if the instance implements a minimum age policy. This date of birth is only used to validate age requirements and isn't stored anywhere, but it is [checked](https://blog.joinmastodon.org/2025/07/mastodon-4-4-for-devs/) against the minimum age condition server-side.
-
-Additionally, Mastodon will collect your *IP address(es)*, *applications* used, and the *times* you logged in. This is necessary to provide the service to you. You can increase your account privacy by registering with an [alias email address](https://www.privacyguides.org/en/email-aliasing) (if allowed by your instance), and logging in through a [trustworthy VPN](https://www.privacyguides.org/en/vpn/).
-
-It's worth mentioning that Mastodon.Social, the instance administrated by the Mastodon organization, recently added to their terms of service an additional clause to [explicitly prohibit scraping](https://techcrunch.com/2025/06/17/mastodon-updates-its-terms-to-prohibit-ai-model-training/) users' data for unauthorized purposes, such as to train AI models. Many other instances might soon add similar clauses (or already have them).
-
-While this provides little technical protections, it does provide some interesting *legal* protections. These are protections most commercial social media do not offer, as many already exploit users' content to train their own AI models or sell it to third-parties for this purpose.
-
-This new Mastodon.Social policy is well aligned with the more human-centric values of the Fediverse.
-
-<div class="admonition abstract" markdown>
-<p class="admonition-title">Summary of data collected by Mastodon</p>
-
-- Email address
-- Username
-- Password
-- IP addresses (temporary stored, may vary per instance)
-- Browser and application types (temporary stored, may vary per instance)
-- Login history (temporary stored, may vary per instance)
-- Date of birth (not stored, may vary per instance)
-- Optional: The data you decide to share with the service (profile information, posts, post timestamps, uploaded media, favorites, boosts, followers, follows, bookmarks, lists, blocks, mutes, personal notes)
-
-</div>
-
-### Data you post on the service
-
-Regarding the content of your profile and posts (including private mentions), no matter how much you restrict access to your account, you should always consider that this content *can* technically be accessed by the administration and moderation team of your instance.
-
-Concerning people outside your instance's administration team, the privacy of the data you upload yourself will greatly vary depending on how you use and configure your account.
-
-For more information on how to adjust your account's configuration for better privacy, consult the [tutorial part](#tutorial-how-to-adjust-and-improve-privacy-and-security-on-mastodon) of this article.
-
-### Who can access your private data
-
-As described above, the administration team of your instance *can* always technically access *any* data related to your account, regardless of if you make it public or private. This is true for most commercial platforms as well.
-
-That being said, administration teams are generally much smaller on the Mastodon network, so this might not represent a lot of people. It could even mean only *one* administrator.
-
-This has both benefits and downsides: The benefit is that fewer people have access to your private account data. The downsides are that, due to limited resources, this data *could* get less protection. That said, large commercial platforms aren't immune to data breaches either, despite all the resources they could use in prevention.
-
-### Account configuration
-
-Outside access from the administration team, content privacy will vary per account, depending on configuration. Similarly to any other social media platforms.
-
-Some people might prefer to share openly with everyone, even with people who do not have a Mastodon account. While others might prefer to lock their account entirely, and reduce content visibility to their approved followers only. Both types of usage are possible on Mastodon.
-
-Additionally, Mastodon offers much better controls over your data. You can set up automated post deletion with specific thresholds, adjust post visibility for each post, adjust searchability and discoverability to your preferences, and allow or restrict the upcoming [quote posts](#quote-posts) feature.
-
-All these features are fantastic for data privacy, and often absent from commercial platforms.
-
-### Users tracking and profiling
-
-Most important of all, because Mastodon has no interest in monetizing your data, there is **no tracking, no advertising, and no "Mastodon-AI" profiling you** and scanning all your posts. Mastodon doesn't collect any data from you for a reason other than providing the service *to you*.
-
-This is completely antithesis to commercial social media. And this alone makes Mastodon fundamentally **much more private than any other big tech platforms**.
-
-## :material-lock-check-outline: Privacy benefits of Mastodon
-
-Each Mastodon instance will have a different privacy policy that you should consult before creating an account, like for any other platforms. But unless the software was modified, data collection should be similar to what is described here, and remain minimal for the majority of connected instances.
-
-Here's a summary of some benefits Mastodon can offer for your data privacy:
-
-### Data minimization
-
-Mastodon only collects what's necessary. The information required to create an account is minimal. There are no "real-name" policy and no phone number required. Only the data absolutely necessary to provide the service to you is required.
-
-### Adjustable visibility
-
-While profile information will be visible publicly, post visibility can be adjusted to your preference for each post. The list of who follows you and who you follow can be visible or hidden. Account searchability, discoverability, and quote posts from unmentioned users can all be disabled.
-
-### Your data is yours
-
-On Mastodon, you have full control over accessing and deleting your data. You don't need any third-party software to get your post deleted, and you don't need to wait after a company's customer service to download your data. Those controls are accessible to any user from their own account.
-
-### No data monetization
-
-The Mastodon software is developed and maintained by a nonprofit organization, the German [Mastodon gGmbH](https://joinmastodon.org/about). This software is free and accessible to anyone. There is no incentive to generate profit from your data on Mastodon. This is an *immense* privacy advantage over *any* commercial social platforms. There is nothing tracking you around or building an advertising profile on you. Your data is not for sale.
-
-### Transparency and mobility
-
-Because the Mastodon code is open-source, anyone can inspect it. This helps quickly verifying claims, proposing new features, and allowing other developers to create their own application for Mastodon.
-
-With Mastodon, you are not stuck with only one app. If you don't like the official app, just use [another one](https://joinmastodon.org/apps)! Moreover, you can even move your account from one instance to another. This means you don't have to trust your administration team forever. **You can choose who you trust, and your trust (and consent) is revocable, as it should.**
-
-### Respects your privacy protections
-
-So many services and websites have adopted a hostile stance towards people using privacy protections such as a VPN server, a privacy-focused browser, or running their phone in [Lockdown Mode](https://support.apple.com/en-us/105120). But with Mastodon, you are free to use all the protections you love. **Mastodon isn't hostile to your privacy.**
-
-## :octicons-alert-16: What to stay careful about
-
-While the privacy benefits of Mastodon are numerous, there are also a few things to keep in mind when using the platform:
-
-### Direct messages (private mentions)
-
-Direct messages on Mastodon are better described at private mentions. Private mentions are like any other posts (and will sometimes show up in your feed! Don't panic!), but they will only be visible to the people you *mentioned* in it.
-
-That being said, do **not** type the handle of someone to talk "in private" about them with someone else, because this *mentioned* person *will* also get included in this thread!
-
-Additionally, private mentions on Mastodon, like private messages on other commercial social media, aren't end-to-end encrypted. The Mastodon interface shows this clearly:
-
-![Screenshot of the Mastodon interface showing a warning presented when selecting private mention visibility for a post. The message says: "Posts on Mastodon are not end-to-end encrypted. Do not share any sensitive information over Mastodon. Learn more"](../assets/images/mastodon-privacy-and-security/mastodon-private-mention-encryption.webp){width="400"}
-
-This means that all your private mention posts *could* be accessed by the administration and moderation team of your instance. **Never share any sensitive information using private mentions.** The same advice is applicable to any other social media.
-
-<div class="admonition info" markdown>
-<p class="admonition-title">End-to-end encryption could be coming soon!</p>
-
-That being said, this could change soon! The ActivityPub team is currently [working on integrating end-to-end encryption](https://socialwebfoundation.org/program-protocol-e2ee/) for the protocol. This would be nothing less than revolutionary for platforms using ActivityPub, like Mastodon.
-
-It's difficult to estimate when this feature could be available to Mastodon users however, because implementing end-to-end encryption properly isn't a simple task. Even once the integration is completed for the ActivityPub protocol, it might take some time before the Mastodon development team implements it for the software as well.
-
-Nevertheless, Fediverse users can dare to hope this feature may be available relatively soon, perhaps in the next year or two.
-
-</div>
-
-### The open web is open to all
-
-On Mastodon, you don't need an account to see people's profile page and public (or quiet-public) posts.
-
-This is an **immense benefit for organizations**, to share information with the public without restricting access like on commercial platforms. However, this can also mean more account visibility than some individual users may prefer.
-
-It's important to stay aware that your account *could* be seen by anyone on the internet visiting your Mastodon account's public page. Your account's public page address is your instance's website address followed by your account's username, in the following format:
-
-```html
-https://YOUR_INSTANCE_ADDRESS/@YOUR_USERNAME
-```
-
-For example, for the Privacy Guides Mastodon account hosted on the mastodon.neat.computer Mastodon instance, this account's public page address looks like this:
-
-```html {.copy}
-https://mastodon.neat.computer/@privacyguides
-```
-
-Whether you lock your account (approve followers and use followers-only posts) or not, your display name, biography, profile and header pictures, followers and follows count, date joining the instance, and extra fields will always be visible to anyone from your account's public page.
-
-Your public posts can even be accessed via [RSS feed](https://fedi.tips/following-mastodon-and-fediverse-accounts-through-rss/) on Mastodon. To limit this, you can adjust the settings to [restrict the visibility](#selecting-post-visibility-and-access) of your posts.
-
-### Connection with commercial social media
-
-Some Mastodon instances [connect](https://www.howtogeek.com/threads-now-connects-to-mastodon-and-other-fediverse-platforms/) with larger commercial social media like Threads (from Meta), and Bluesky ([through a bridge](https://techcrunch.com/2024/06/05/bluesky-and-mastodon-users-can-now-talk-to-each-other-with-bridgy-fed/)).
-
-The Fediverse community is quite [divided](https://wedistribute.org/2024/03/block-threads-to-remain-listed/) on this topic. Some people argue that more connectivity is good, while others want to stay away from commercial platforms entirely, partly due to their questionable data privacy, ethics, and [moderation practices](https://www.wired.com/story/meta-immigration-gender-policies-change/).
-
-If this is important to you, you can check your instance's policies to see if it allows connections with these commercial social media. If it does, and you do not want this, you can [block specific instances](#blocking-an-instance) at the account level. This isn't a complete protection for your data, but it does reduce visibility from and to these platforms.
-
-If this isn't enough for you, you can migrate your account to an [instance blocking Threads](https://fedipact.veganism.social/) (or other servers) at the administrator level. This offers stronger protections.
-
-### Connection with other instances
-
-It's important to remember that on Mastodon, there isn't only one centralized entity that receives your data.
-
-For example, if you send a private mention post to someone on a different instance than yours, this person's instance administration team will now have access to your message as well, and your data *for this post* will also be stored on that instance.
-
-This is very similar to how emails work. If you are a Tuta or Proton email user, and you send a message to someone using Gmail, now Google will also have a stored copy of your message.
-
-### Decision paralysis trusting an instance
-
-Finally, probably the biggest block people hit when starting to use Mastodon is *which instance to trust*.
-
-Sadly, this simple decision has discouraged many potential users. Yet, having to choose an instance is indeed a feature and not a bug.
-
-Because yes, this choice does burden you to pick who you trust, but **it also empowers you** to be able to *revoke* this trust at any time. No commercial social media gives you the option to stop trusting Mark Zuckerberg and move to another Facebook server that matches better your values, for example.
-
-Be careful who you trust of course, but don't get paralyzed by this choice. Even if this might feel intimidating at first, this fear of choosing isn't worth staying with possibly even less trustworthy big tech administrators.
-
-***
-
-## :simple-mastodon: Tutorial: How to adjust and improve privacy and security on Mastodon
-
-The second part of this article is a tutorial on how to improve your Mastodon account's security, and how to adjust the different privacy features to your preferences.
-
-<div class="admonition question" markdown>
-<p class="admonition-title">Who is this tutorial for?</p>
-
-- You already have an account on Mastodon
-
-- You are *not* familiar with all the Mastodon settings yet
-
-- You are *not* self-hosting your instance
-
-</div>
-
-Although many variations and versions of the Mastodon software are in use on the Fediverse, for the sake of simplification and universality, this tutorial will focus on its most recently released version (4.4).
-
-If your instance software version is different, you will likely still be able to follow this tutorial, but might notice some variations.
-
-<div class="admonition question" markdown>
-<p class="admonition-title">What software version is your instance running?</p>
-
-To check which version your instance is currently running, from the web interface on desktop, check the information in the lower-left corner of your instance website (e.g. [https://mastodon.social/](https://mastodon.social/)). The very last line should list something similar to `v4.4.1` This is your instance's Mastodon version number.
-
-</div>
-
-Additionally, this tutorial was created from the desktop web interface. Experiences and setting accesses may vary greatly from a mobile app. It is recommended to follow along from the desktop web interface as well.
-
-Screenshots for the tutorial were mostly taken from an account on the Mastodon.Social instance, but you will be able to follow along even if your account is on a different instance.
-
-### Improving account security
-
-Using a [unique email address](https://www.privacyguides.org/en/email-aliasing/) and a unique and [strong password](https://www.privacyguides.org/en/basics/passwords-overview/) are the starting points for good account security, and this is no different for Mastodon accounts.
-
-Additionally, you should enable multifactor authentication for your account as soon as you can. This is one of the most important step you can take to increase your account's security, and its protections against account takeover attacks.
-
-#### Enabling two-factor authentication
-
-For this, go to "Preferences" (in the right-side menu) > "Account" > "Two-factor Auth", then click on the purple "Set up" button at the bottom.
-
-![Screenshot of the Mastodon web interface showing the Two-factor Auth page in Preferences.](../assets/images/mastodon-privacy-and-security/mastodon-multifactor-setup.webp)
-
-#### Authenticator app
-
-Confirm your password when prompted. Then scan the QR code with your [authenticator app](https://www.privacyguides.org/en/multi-factor-authentication/), or enter manually the plain-text secret on the right of the QR code. Confirm with entering the two-factor code from your authenticator app, then click "Enable" at the bottom.
-
-![Screenshot of the Mastodon web interface showing the Two-factor Auth page in Preferences. This shows a QR code to scan or a plain-text secret to register a code for an authenticator app.](../assets/images/mastodon-privacy-and-security/mastodon-multifactor-qrcode.webp)
-
-**Carefully note the recovery codes** provided. You will need to use them if you lose access to your authenticator, for example if you were to lose your phone.
-
-If you need to change your authenticator app later, you can go back to this menu and select "Edit" on the right of "Authenticator app". You can also return to this menu to generate new recovery codes, if you have lost your older ones or if they were compromised. Generating new recovery codes will invalidate your previous ones.
-
-![Screenshot of the Mastodon web interface showing the Two-factor Auth page in Preferences. The page displays a confirmation message that authentication is enabled, and options to "Edit", "Add", or "Disable 2FA" methods.](../assets/images/mastodon-privacy-and-security/mastodon-multifactor-enabled.webp)
-
-#### Security key
-
-Once you have enabled two-factor authentication with an authenticator app, you will see the option to add a [security key](https://www.privacyguides.org/en/security-keys/) as well. You can add one if you want to register multiple second factors of authentication for your account.
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Browser compatibility</p>
-
-Some browsers will not support security key authentication. For example, the Mullvad Browser doesn't support it.
-
-</div>
-
-To add a security key, click on "Add" on the right of the listing. Insert your security key, choose a "Nickname" for it, then click on the "Add new security key" purple button.
-
-![Screenshot of the Mastodon web interface showing the Security keys page in Preferences.](../assets/images/mastodon-privacy-and-security/mastodon-multifactor-securitykey.webp)
-
-On macOS, you might be prompted with an option to "Choose how to manage your passkeys". If you get this pop-up, click on "Other Options" at the bottom.
-
-![Screenshot of the Mastodon web interface showing the Security keys page with a macOS pop-up window over it. The pop-up gives options to "Choose how to manage your passkeys".](../assets/images/mastodon-privacy-and-security/mastodon-multifactor-mac-popup.webp)
-
-On the second pop-up, select "Security key" then "Continue". When prompted with "Set Up Security Key", activate your security key (for some keys, this means touching the metal part of it). This step may differ depending on your operating system type and version.
-
-Once completed, you should see a confirmation that "Your security key was successfully added" on the page.
-
-![Screenshot of the Mastodon web interface showing the Two-factor Auth page in Preferences. The page displays a confirmation message and options to "Edit" both two-factor methods.](../assets/images/mastodon-privacy-and-security/mastodon-multifactor-securitykey-added.webp)
-
-From now, each time you log in your Mastodon account, you will be prompted to select one of your authentication methods after entering your email address and password:
-
-**To log in using your security key**, click on the "Use security key" purple button when prompted by your browser. Your operating system might present you with a pop-up to choose again between your authenticator app or your security key. On macOS, select "Security key", click "Continue", then insert and activate your key. There may be variations depending on your operating system, but it should be similar to this.
-
-**To log in using your authenticator app**, click on the "Enter a two-factor code from your phone or a recovery code" link at the bottom, then enter the code from your authenticator app when prompted by your browser (or recovery code if you've lost your authenticator).
-
-If you try to sign in from a browser that doesn't support security keys after enabling it (or if you lost access to your security key), you can still log in your account using your authenticator app as described above.
-
-![Screenshot of the Mastodon web interface showing the login page for the second factor of authentication. The page gives the option to "Use security key" or "Enter a two-factor code from your phone or a recovery code".](../assets/images/mastodon-privacy-and-security/mastodon-multifactor-securitykey-prompted.webp)
-
-Keep in mind that adding *more* methods of authentication to your account *doesn't* make it more secure, it's the opposite.
-
-If you register both an authenticator app *and* a security key, this means anyone who can access *either* your authenticator app *or* your security key could log into your account (if they already have your password). Different second factors aren't added together here, they simply provide more options to *access* your account.
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">When enabling multifactor authentication with any account</p>
-
-Be careful to choose a method you will have access to easily each time you log in. In addition, make sure to note the recovery codes provided *very carefully* and store them in a secure location (ideally offline). Keep in mind these codes will allow you to recover your account, but could also allow *anyone* to bypass your multifactor authentication.
-
-</div>
-
-#### Verifying account accesses
-
-In "Preferences" > "Account" > "Authorized apps", you can see which applications have access to your account.
-
-There, you will see every application you have granted access to. If you no longer use a mobile app or a service listed there, you should revoke access.
-
-If you do not recognize a listed service, you can ask your instance administrator to know if this is a legitimate application (some administrators might connect legitimate services to your account you may not recognize, such as Matrix).
-
-![Screenshot of the Mastodon web interface showing the "Your authorized applications" page in Preferences.](../assets/images/mastodon-privacy-and-security/mastodon-accesses-authorized-apps.webp)
-
-Additionally, in "Preferences" > "Account" > "Account settings", in the "Sessions" section, you will find a list of authorized browser sessions. Again, you can revoke access to any sessions you no longer use, or do not recognize.
-
-![Screenshot of the Mastodon web interface showing the Account settings page in Preferences.](../assets/images/mastodon-privacy-and-security/mastodon-accesses-sessions-list.webp)
-
-Just above this sessions list, you will see a link labeled "View authentication history of your account". Click on it to see a list of past logins, including applications used and IP addresses.
-
-If you see a login that isn't legitimate, you should *immediately* revoke accesses you aren't using, and consider changing your password.
-
-![Screenshot of the Mastodon web interface showing the Authentication history page from clicking on the "View authentication history of your account" link on the previous Account settings page.](../assets/images/mastodon-privacy-and-security/mastodon-accesses-login-history.webp)
-
-### Adjusting privacy vs discovery
-
-When using social media, there's usually a sliding scale between privacy and discoverability.
-
-You might decide to enable the most restrictions on your account's visibility (more privacy), make it as public as possible (more reach), or anything in between.
-
-**Only you can decide what is best for your unique situation and usage.**
-
-On Mastodon, you have many options to adjust this to your preferences and needs. In "Preferences" > "Public profile", select the "Privacy and reach" tab at the top.
-
-![Screenshot of the Mastodon web interface showing the Public profile page in Preferences, from the "Privacy and reach" tab.](../assets/images/mastodon-privacy-and-security/mastodon-account-privacy-reach.webp)
-
-In the "Reach" section:
-
-- The option "Feature profile and posts in discovery algorithms" allows more people to find your account and public posts (default is unchecked). **Leave it *unchecked* for more privacy.**
-
-- The option "Automatically accept new followers" allows anyone to be able to follow you (default is checked). Approving each follower can increase the privacy of your follower-only posts. **If you prefer to approve each new follower (locking your account), then *uncheck* this option.**
-
-In the "Search" section:
-
-- The option "Include public posts in search results" allows people to be able to find your public posts when searching for keywords in Mastodon (default is unchecked). **Leave it *unchecked* for more privacy.**
-
-- The option "Include profile page in search engines" allows your Mastodon profile to potentially appear in search engine results, like Google and Bing (default is checked). ***Uncheck* this option to increase your account's privacy.**
-
-In the "Privacy" section:
-
-- The option "Show follows and followers on profile" allows anyone to be able to see who you follow and who follows you (default is checked). If you prefer to hide this from the public, ***uncheck* this option for more privacy.**
-
-- The option "Display from which app you sent a post" will display publicly which application you are posting from for each post (default is checked). If you prefer to not show which app(s) you are using, ***uncheck* this option for more privacy.**
-
-Once you have adjusted the account options to your preferences, click on "Save changes" at the bottom to confirm your choices.
-
-![Screenshot of the Mastodon web interface showing the Public profile page in Preferences, from the "Privacy and reach" tab. The page is scrolled down to the "Save changes" button at the very bottom of the six unchecked options.](../assets/images/mastodon-privacy-and-security/mastodon-account-privacy-options.webp)
-
-### Selecting post visibility and access
-
-In addition to your account's privacy preferences, you can also adjust visibility for each post. This is very handy to allow you to pick in a more granular way which information you wish to share more or less openly.
-
-#### Choosing post visibility
-
-On Mastodon, you can choose between 4 types of visibility for each post: Public, Quiet public, Followers, and Private mention.
-
-![Screenshot of the Mastodon web interface showing the post composition window. The image shows the drop-menu from the "Change post privacy" button, with four different post visibility options.](../assets/images/mastodon-privacy-and-security/mastodon-posts-visibility-types.webp){width="400"}
-
-#### Public post
-
-This post is visible to anyone, whether they follow you or not. This post will also be visible from your account's public page, to people who do not necessarily have a Mastodon account.
-
-For example, if you log *out* of your account, then go to `https://YOUR_INSTANCE_ADDRESS/@YOUR_USERNAME`, you will see what someone outside of Mastodon could see from your public page.
-
-![Screenshot of a Mastodon account's public page from a browser. A yellow arrow points at the account's URL, and three red arrows point at information visible to the public such as a public post, a quiet-public post, and the fact that this account is locked.](../assets/images/mastodon-privacy-and-security/mastodon-posts-account-page.webp)
-<small aria-hidden="true">Note: Please do not follow this account. This account is for research purposes only, and is not an official Privacy Guides account.</small>
-
-#### Quiet public post
-
-This post is visible to anyone, and is also visible from your account's public page (like a Public post). However, it will not be featured in the "Trending" or "Live feeds" timelines. Additionally, it will not be searchable. This reduces its public exposure slightly, and is sometimes recommended for replies.
-
-#### Followers post
-
-This post is only visible to your followers. If you enabled the option to approve each follower, then only people you have approved will see this post. Followers-only posts cannot be boosted (re-posted) by others, and will *not* appear on your account's public page.
-
-Your Followers-only posts will have significantly less reach, and potentially less engagement, but will be much more private.
-
-<div class="admonition tip" markdown>
-<p class="admonition-title">Followers-only post and approving followers</p>
-
-An important thing to keep in mind when selecting a post's visibility is who your followers are (or could be).
-
-If you select Followers-only, but anyone could follow you, this restriction will block boosts for this post, and remove visibility from your account's public page, but anyone who decided to follow you can see it.
-
-However, if you *also* enable restrictions on who can follow you, you will have more control over the visibility of your Followers-only posts, by pre-approving who can follow you and see these posts.
-
-</div>
-
-#### Private mention post
-
-This post is only visible to the people mentioned in it. This works like a "Direct message" feature, except that anyone mentioned will be included.
-
-Be careful not to write the handle of someone you do not want included in this conversation! Because this *will* include them.
-
-Additionally, always keep in mind that the administration and moderation team of your instance *could* see all your posts, including your Private mention posts (like it is the case for any other social media). Never share sensitive information in Private mention posts!
-
-![Screenshot of the Mastodon web interface showing the post composition window for a Private mention post. There is a warning message above saying that "Posts on Mastodon are not end-to-end encrypted. Do not share any sensitive information over Mastodon. Learn more".](../assets/images/mastodon-privacy-and-security/mastodon-private-mention.webp){width="400"}
-
-<div class="admonition info" markdown>
-<p class="admonition-title">End-to-end encryption for private mentions</p>
-
-There is currently work being done to [integrate end-to-end encryption](https://socialwebfoundation.org/program-protocol-e2ee/) to the ActivityPub protocol, potentially making end-to-end encrypted private mention on Mastodon possible one day.
-
-Implementing end-to-end encryption properly is no small task, and understandably it could take some time for this to be ready for Mastodon users.
-
-However, it would make your private mentions truly private, being accessible only to its intended sender(s) and recipient(s). This could be groundbreaking for the Fediverse, and for your privacy!
-
-</div>
-
-#### Adjusting default post visibility
-
-Even if you can adjust visibility for each post, you may also want to adjust your account's *default* post visibility.
-
-For example, this can help by preventing accidentally sharing something publicly if posting to followers only is preferred, especially if your account is locked for more privacy.
-
-To adjust the default post visibility, go to "Preferences" > "Preferences" > "Other". In the "Posting privacy" section, select your preference in the "Posting privacy" drop-menu for either "Public - Everyone can see", "Unlisted - Everyone can see, but not listed on public timelines", or "Followers-only - Only show to followers".
-
-Confirm your choice by clicking on "Save changes" on the upper-right.
-
-![Screenshot of the Mastodon web interface showing the "Preferences" page in Preferences.](../assets/images/mastodon-privacy-and-security/mastodon-posts-default.webp)
-
-<div class="admonition tip" markdown>
-<p class="admonition-title">Hide posted media (slighly)</p>
-
-Additionally, you might want to check the "Always mark media as sensitive" option from the same section. This will label the media as "Sensitive content", and require others to click on it to view the image. This will **not stop anyone from clicking to view it**, including people without a Mastodon account from your account's public page, but it might *slightly* reduce the visibility for certain media.
-
-Depending on the content, your instance may have some rules requiring to hide certain type of content. Make sure to consult your instance's Server rules about this.
-
-</div>
-
-#### Quote posts
-
-Mastodon version 4.4 is already preparing for the implementation of a new [Quote Posts feature](https://blog.joinmastodon.org/2025/02/bringing-quote-posts-to-mastodon/) coming up in Mastodon 4.5. Quote posts have been long requested and debated on Mastodon.
-
-Mastodon didn't lack quote posts accidentally, it was a deliberate choice from the development team to [reduce potential abuse](https://techcrunch.com/2025/07/08/mastodons-latest-update-readies-the-app-for-quote-posts-revamps-design/). This is why the team has been very careful, taking the time to implement this new feature properly, and giving options for Mastodon users to opt out.
-
-Again, this shows how Mastodon differs from commercial social media, by prioritizing users' safety and control over monetizing attention.
-
-To give control to the users, important options have been planned out:
-
-1. People will be able to choose if they want their post to be quoted or not
-2. People will be notified when their post is quoted
-3. People will be able to **withdraw their post from being quoted** at any time
-
-These options greatly reduce the potential for abuse when quoting posts, a behavior we have sadly all witnessed on commercial social media with a culture of dunking on others.
-
-From Mastodon version 4.4, you can already decide which permission you want to allow for your posts to be quoted. This is only in preparation for the feature for now, the final implementation should be available in the [next software update](https://blog.joinmastodon.org/2025/07/mastodon-4-4-for-devs/).
-
-To adjust this in preparation, go to "Preferences" > "Preferences" > "Other". From the "Posting defaults" section, find the drop-menu labeled "Who can quote", and select either "Everyone", "Followers and mentioned users", or "Only mentioned users".
-
-Confirm your choice by clicking on "Save changes" on the upper-right.
-
-![Screenshot of the Mastodon web interface showing the "Preferences" page in Preferences.](../assets/images/mastodon-privacy-and-security/mastodon-posts-quote-posts.webp)
-
-### Verifying yourself and others
-
-The account verification process on Mastodon is excellent. Not only is it free, but it doesn't require you to provide any official ID or other intrusive documentation to proof your identity. It is a privacy-respectful verification feature.
-
-The way it functions is very simple: Verification works by providing a *proof of control* over a website, or a web page.
-
-For example, if you are the official Mastodon account for the privacyguides.org website, you can easily add a simple invisible link to this website to confirm that this Mastodon account is official. Once the verification process is completed, the Mastodon account profile page will display a **verified link in green with a checkmark**, confirming this account is authorized by the owner of this website (or web page).
-
-From a profile page, it looks like this:
-
-![Screenshot of the Privacy Guides Mastodon account's public page. The profile page shows multiple verified links in green with a checkmark on the left, including the official Privacy Guides website, forum, articles, videos, and donation pages.](../assets/images/mastodon-privacy-and-security/mastodon-verification-links.webp)
-
-All the links displayed in green with a checkmark have been verified from the listed website.
-
-This is **a feature very important to use for organizations**. It confirms to readers and followers this Mastodon account is authorized and truly belongs to the organization. It's also important for any individuals, writers, and journalists who want to confirm their identity to the public.
-
-Looking for these verified links, other Mastodon users can validate if an account is legitimate, increasing trust and security.
-
-#### Verification for journalists and writers
-
-In addition to the verification process available to anyone, Mastodon recently [added](https://blog.joinmastodon.org/2024/07/highlighting-journalism-on-mastodon/) a feature specifically for writers and journalists!
-
-Since last year, journalists and bloggers alike can link their articles to their Mastodon account. This validates their identity, while also increasing their Mastodon account's discoverability from article links. This is fantastic feature!
-
-Popular websites like TechCrunch, ProPublica, and of course Privacy Guides have already adopted it! You might have noticed this feature previously, for example if you found this article from a Mastodon post.
-
-#### Verifying yourself
-
-If you would like to verify your own account, here's how you can do it yourself.
-
-It's easy, and it's free!
-
-Go to "Preferences" > "Public profile", then select the "Verification" tab at the top. From there, follow the instructions to copy the link to the web page you want to use to verify your account.
-
-![Screenshot of the Mastodon web interface showing the Public profile page in Preferences, from the "Verification" tab. The page shows a link to copy containing the account's address, and a confirmation of links already verified.](../assets/images/mastodon-privacy-and-security/mastodon-verification-link-setup.webp)
-
-If you prefer not to add a Mastodon link to your web page, you can simply add this HTML line in the web page's head section (replacing `https://YOUR_INSTANCE_ADDRESS/@YOUR_USERNAME` with the link to your own Mastodon account):
-
-```html
-<link href="https://YOUR_INSTANCE_ADDRESS/@YOUR_USERNAME" rel="me">
-```
-
-To add author attributions to your articles, scroll down the same page and simply add the provided link to each of your article's HTML page, then lists the website(s) allowed to credit you below:
-
-```html
-<meta property="fediverse:creator" content="@YOUR_USERNAME@YOUR_INSTANCE_ADDRESS">
-```
-
-![Screenshot of the Mastodon web interface showing the Public profile page in Preferences, from the "Verification" tab. The page is scrolled down to the very bottom, showing the option and instructions to add Author attribution to articles.](../assets/images/mastodon-privacy-and-security/mastodon-verification-author-setup.webp)
-
-### Deleting and accessing your data
-
-Data deletion is a fundamental part of data privacy, and a protected right under many privacy laws.
-
-Mastodon makes data deletion effortless. You will never have to battle the insufferable BigTech™️ customer service to request your data to be deleted on Mastodon. You can control most of it just by yourself.
-
-#### Automated post deletion
-
-First, you can easily set up automatic post deletion and adjust it to your precise preferences. This is a rare feature on social media, and demonstrates once again how Mastodon prioritizes users' benefits over data monetization.
-
-To enable it, go to "Preferences" > "Automated post deletion", then check the option "Automatically delete old posts" on the upper-left. Adjust the "Age threshold" on the upper-right to anything between 1 week and 2 years.
-
-In the "Exceptions" section below, you can select a number of variables to customize post deletion. Keeping your pinned posts from being deleted is likely a good idea, for example.
-
-You can also keep the option checked to protect from deletion your own posts that you have favorited. This is very convenient to get a more granular control over automated deletion, purposefully keeping some posts while letting others getting automatically deleted.
-
-![Screenshot of the Mastodon web interface showing the Automated post deletion page in Preferences.](../assets/images/mastodon-privacy-and-security/mastodon-deletion.webp)
-
-In the "Exceptions based on interactions" section, you can select a threshold of favorites and/or boosts to protect posts from automatic deletion.
-
-Once you have adjusted automated deletion to your preferences, click on "Save changes" on the upper-right to confirm your choices.
-
-#### Data access and backups
-
-Another important side of digital rights is access to your own data. Here again, Mastodon makes it easy. You can download a copy of your account data any time you want.
-
-For this, go to "Preferences" > "Import and export" > "Export". From there, you can request a compressed archive of all your posts and uploaded media once every 7 days. This archive will be readable by any ActivityPub-compatible software, or you can open it with any simple text software.
-
-![Screenshot of the Mastodon web interface showing the Export page in Preferences.](../assets/images/mastodon-privacy-and-security/mastodon-export.webp)
-
-Additionally, you can download lists of your Follows, Followers, Lists, Mutes, Blocks, Domain Blocks, and Bookmarks in CSV format any time (also readable with any simple text software).
-
-Keeping a local copy of your data for regular backup purposes is a good idea in general, and also recommended before an account migration.
-
-#### Account deletion
-
-Finally, if you decide to delete your *whole* account, this is again incredibly easy. Simply go to "Preferences" > "Account" > "Account settings", and scroll down to the bottom of this page.
-
-Once you are ready to delete your data (and have downloaded the data you wish to keep), click on the "proceed here" link. Read the information from the "Account deletion" page, and enter your password when you are ready to confirm.
-
-![Screenshot of the Mastodon web interface showing the Account deletion page, from the "proceed here" link on the previous "Account" page.](../assets/images/mastodon-privacy-and-security/mastodon-deletion-account.webp)
-
-### Blocking users and instances
-
-You have a lot of control on which information you show and see on Mastodon. Like for other social media, you can block users individually on Mastodon. But additionally, you can also block a whole instance if you aren't happy interacting with it. This, like an individual block, can benefit your privacy by restricting further who can access your posts.
-
-<div class="admonition info" markdown>
-<p class="admonition-title">Filtering content and muting users</p>
-
-This tutorial will not discuss in details all the Mastodon features, as it focuses on privacy and security. However, it's worth mentioning briefly that there are softer options than blocking, if you simply wish not to see some content on Mastodon.
-
-First, you can use [Filters](https://docs.joinmastodon.org/user/moderating/#filters) to hide specific content or hashtags from your timelines. Second, you can [Mute](https://docs.joinmastodon.org/user/moderating/#mute) a user, temporarily or permanently. However, remember that muting a user will still allow them to see your posts. Since Mastodon 4.4, you can also now use "Remove follower" to simply remove someone from following you, without having to block them.
-
-</div>
-
-If you block a user, this person will not be able to interact with you, and will not see your posts from their account anymore. They could however still see your public and quiet-public posts from your account's public page.
-
-<div class="admonition tip" markdown>
-<p class="admonition-title">Adding a Personal Note</p>
-
-If you want to remember why you blocked (or muted) someone, you can [add a Personal Note](https://fedi.tips/what-are-notes-on-mastodon-what-does-click-to-add-note-mean-on-mastodon-profiles/) on their profile page. They will not be able to see this note, but your notes could be read by your instance's administration or moderation team. Be careful what you write there. Notes cannot be transferred during account migration at this time.
-
-![Screenshot of the Mastodon web interface showing a user's profile page viewed from within a logged-in user interface. A yellow arrow points at the section to add a Personal Note on a user's profile page.](../assets/images/mastodon-privacy-and-security/mastodon-personal-note.webp)
-
-</div>
-
-To block a single user, find their profile and click on the 3-dot "Menu" button on the upper-right. From the drop-menu, select "Block `USER_NAME`".
-
-![Screenshot of the Mastodon web interface showing a user's profile page viewed from within a logged-in user interface. A yellow arrow points at the drop-menu from the profile page's "Menu" button, with the selection to Block that user.](../assets/images/mastodon-privacy-and-security/mastodon-block-user.webp)
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Blocked users can still visit your account's public page</p>
-
-Remember that blocked accounts (and instances) might still be able to see your public and quiet-public posts outside Mastodon, by visiting your account's public page. Although, they will not be able to interact with your posts anymore.
-
-</div>
-
-#### Blocking an instance
-
-If you block an entire instance, *everyone* from this instance will stop seeing your posts, you will stop seeing theirs, and they will be removed from your followers and follows. Nobody from this instance will be able to follow you anymore, and you will not be able to follow them either.
-
-There are two ways to block a whole instance. The simplest way is to find a user from that instance and click on the 3-dot "Menu" button on their profile. From the drop-menu, select "Block domain `DOMAIN_NAME`".
-
-<div class="admonition danger" markdown>
-<p class="admonition-title">This blocks everyone from that instance</p>
-
-Remember this will block *everyone* using this instance at once, and you will lose *all* followers and follows you may have from this instance as well. You might not be able to recover those followers if you change your mind later.
-
-</div>
-
-![Screenshot of the Mastodon web interface showing a user's profile page viewed from within a logged-in user interface. A yellow arrow points at the drop-menu from the profile page's "Menu" button, with the selection to Block domain the whole instance this user is from.](../assets/images/mastodon-privacy-and-security/mastodon-block-instance.webp)
-
-Alternatively, you can even "pre-block" an instance on Mastodon. For example, many people used this method when Meta's Threads announced they would connect to the Fediverse, but didn't have any connected accounts yet.
-
-To do this, go to "Preferences" > "Import and export" > "Export", then download the "CSV" file for your "Domain blocks".
-
-![Screenshot of the Mastodon web interface showing the Export page in Preferences.](../assets/images/mastodon-privacy-and-security/mastodon-block-domains-csv.webp)
-
-Open the `blocked_domains.csv` file as a text file, then type each domain(s) you wish to block. Use one line for each domain (if you want to block more than one). Save this file using the same filename.
-
-![Screenshot of the "blocked domains" CSV file opened with TextEdit. The file contains two different domains written on each a separate line.](../assets/images/mastodon-privacy-and-security/mastodon-block-domains-file.webp)
-
-Back to your account, move to the "Import" section from the left-side menu. From the "Import type", select "Domain blocking list".
-
-Keep the "Merge" option on if you want to *add* new domains to block, or select "Overwrite" to replace your old list with this new list. Browse to upload the file you just modified, then click "Upload".
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Carefully verify the correct type!</p>
-
-Make sure to select "Domain blocking list" in the "Import type" or you could accidentally overwrite other important data! For safety, always save a backup of your existing data before doing any modifications like this.
-
-</div>
-
-![Screenshot of the Mastodon web interface showing the Import page in Preferences.](../assets/images/mastodon-privacy-and-security/mastodon-block-domains-import.webp)
-
-You will be prompted to confirm. Verify the information is correct, then click "Confirm". You should see a confirmation message with "Your data was successfully uploaded and will be processed in due time". You can now leave this page.
-
-#### Reporting users
-
-Reporting users isn't necessarily directly linked to privacy and security (although it can be), but it's still an important mechanism to address the overall safety of the network.
-
-Because moderators have less resources on the Fediverse, they rely on users reporting problematic posts in order to enforce moderation policies.
-
-As a member of your instance's community, it's important to report posts violating your instance's Server rules, but it's also important not to misuse report mechanisms when there are no violations.
-
-To report a post, click on the 3-dot "More" button on the lower-right of the problematic post, then select "Report `USERNAME`".
-
-Answer the form to the best of your knowledge, and **try to be as helpful to your instance's moderation team as you can, without overwhelming them**.
-
-![Screenshot of the Mastodon web interface showing a user's profile page viewed from within a logged-in user interface. A red arrow points at the "More" button of a post, and another red arrow points at the "Report" selection from the drop-menu.](../assets/images/mastodon-privacy-and-security/mastodon-report.webp)
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Do not report if there are no policy violations</p>
-
-People who volunteer to moderate an instance are doing it for the community. It's important to respect their time, to stay kind, and to not abuse reporting mechanisms.
-
-Only report content that violates the policies of your instance, or theirs. Do not report users simply because you dislike their posts. There are better mechanisms to hide the content you simply dislike, such as Filters, Mutes, or Blocks.
-
-</div>
-
-### Opting out with hashtags
-
-Data privacy and user consent are principles strongly valued by the Fediverse community. Sometimes, developers trying to create tools for the Fediverse or utilizing its user data without prior explicit consent have come into conflict with these values.
-
-Unfortunately, despite how illegal it may be, there aren't many technical barriers to stop malicious actors from violating users' consent.
-
-However, many developers creating tools for the Fediverse actually *do care* about respecting these values, and want to build tools the right way.
-
-Some have implemented methods to opt in or opt out the data they collect or the tools they build. This is why you will sometimes see people adding specific hashtags in their profile biography, such as `#noindex`, `#nosearch`, `#nobot`, `#noai`, `#nobridge`, etc.
-
-Ideally, all data collection should be prohibited until users' consent is obtained, and data subjects notified (opt in default). This is obligatory by law for many jurisdictions. Sadly, many developers do not follow sound legal practices in reality, and will not seek users' consent, despite their legal and moral obligations.
-
-Adding these hashtags (and maybe others in the future) to your profile biography *might* help to opt out certain data collection and certain tools built by developers who do respect users' consent. This can effectively *reduce* data scraping, in some situations. If anything, it is at least a public statement against disrespectful (and sometimes illegal) practices.
-
-### Moving to another instance
-
-The freedom to move from one instance to another can greatly contribute to keeping Mastodon a place that puts its users first.
-
-If suddenly your instance were to implement a data scraper for its AI model to train on all your content (like so many commercial social media do now), or drastically drop moderation, you could simply move your account to another instance, one that is more respectful of your values and privacy rights.
-
-This is a feature completely absent from centralized social media. Allowing them to unleash unchecked user exploitation, knowing fully users feel trapped and somehow forced to endure the abuse on their platforms.
-
-Mastodon is protected again such abuse, by design.
-
-When investing your precious time and energy participating in a Fediverse community, you will retain your data and your agency to choose which type of administration you prefer.
-
-If you are unhappy with your Mastodon instance's management, here's how to leave for greener pastures:
-
-#### Planning your move
-
-First, plan your move properly. While moving your account is easy enough to do, there is a 30 days cooldown period in which you will not be able to move your account again. Make sure to choose your new home (instance) carefully, you will be there for *at least* 30 days.
-
-Then, you might want to inform your followers. While moving followers is done automatically, it may take a few hours before completion, and your followers might be wondering what is going on. It can be a good idea to post about it from the account you are moving away from before moving.
-
-<div class="admonition success" markdown>
-<p class="admonition-title">Summary of the steps to follow</p>
-
-1. Save an archive of your posts (if you want)
-2. Save a copy of the six CSV files in "Export" (to import later)
-3. Choose a new instance
-4. Create a new account on your new instance (you can use the same username if available)
-5. Alias your two accounts
-6. Move your old account to the new one
-7. From your new account: Wait that your followers are all transferred
-8. From your new account: Import data and verify that everything is transferred properly
-9. From your old account: Delete your older account (if you want)
-
-</div>
-
-#### Backing up your data
-
-The first step is to back up your data. This is important both for security and to allow you to import it later to your new account (some data isn't transferred automatically).
-
-Go to "Preferences" > "Import and export" > "Export", then click the "Request your archive" purple button at the bottom.
-
-Wait for the archive to be ready (you should receive an email notification within a few minutes), then download your precious archive somewhere secure.
-
-Do not stop there!
-
-You also need to download the CSV files above to import them manually to your new account. For each line with a CSV option on the table below ("Follows", "Lists", "You mute", "You block", "Domain blocks", and "Bookmarks"), download the CSV file in a secure location. Be careful not to forget anything.
-
-![Screenshot of the Mastodon web interface showing the Export page in Preferences. The downloadable CSV files are highlighted.](../assets/images/mastodon-privacy-and-security/mastodon-move-export.webp)
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Your posts will not be moved!</p>
-
-Unfortunately, you will not be able to import your posts to your new Mastodon account (yet).
-
-But this might change soon! The ActivityPub team is currently working on a [live online account portability protocol (LOLA)](https://swicg.github.io/activitypub-data-portability/lola) that could get added to Mastodon relatively soon. This will be a wonderful improvement to this process, and allow even more freedom and agency to Mastodon users!
-
-</div>
-
-#### Moving your account
-
-Once you have backed up your data, informed your followers, and created a new account on your instance of choice, you can start the migration process.
-
-**From your new account:** Go to "Preferences" > "Account" > "Account settings", scroll down to "Moving **from** a different account", and click on "create an account alias".
-
-In the field labeled "Handle of the old account", enter the complete handle (`@YOUR_USERNAME@YOUR_INSTANCE_ADDRESS`) of the *old* account you want to move *from*. Then click on "Create alias" at the bottom to confirm.
-
-This will not initiate the migration yet. It will only create an alias, and it is reversible.
-
-![Screenshot of the Mastodon web interface showing the Account aliases page in Preferences, from the "Moving from a different account" link on the Account settings page.](../assets/images/mastodon-privacy-and-security/mastodon-move-account-alias.webp)
-
-**From your old account:** Go to "Preferences" > "Account" > "Account settings", scroll down to "Move **to** a different account", and click on "configure it here".
-
-Carefully read the information on this page. Enter the *complete handle* (`@YOUR_NEW_USERNAME@YOUR_NEW_INSTANCE_ADDRESS`) of the new account you want to move *to* in "Handle of the new account". Confirm with your current (old) account password on the right, then click on the "Move followers" purple button at the bottom.
-
-**This will initiate the migration process.**
-
-![Screenshot of the Mastodon web interface showing the Account aliases page in Preferences, from the "Move to a different account" link on the Account settings page.](../assets/images/mastodon-privacy-and-security/mastodon-move-account-migration.webp)
-
-Moving all your followers to your new account might take some time, but normally should be fully completed within 24 hours.
-
-Besides waiting for your followers to migrate, you will also need to manually import your "Following list", "Bookmarks", "Lists", "Muting list", "Blocking list", and "Domain blocking list". For this, go to "Preferences" > "Import and export" > "Import".
-
-For **each** of these 6 types of data, select a type in the "Import type" drop-menu, then click on "Browse" to upload the corresponding file you have exported earlier in the [Backing up your data](#backing-up-your-data) step.
-
-Choose "Merge" on the right if you want to *add* this old data to data your already have on your new account, or "Overwrite" if you want to only keep data from your old account. Then click "Upload" below.
-
-![Screenshot of the Mastodon web interface showing the Import page in Preferences.](../assets/images/mastodon-privacy-and-security/mastodon-move-import.webp)
-
-There you go! Your Mastodon account was successfully moved from one Mastodon instance to another!
-
-## :octicons-star-16: Mastodon keeps getting better
-
-This article only presents an overview of Mastodon's features, and focuses on the features related to privacy and security. But Mastodon is so much more. It's a social platform that truly respects its community.
-
-Mastodon is genuinely mindful of its users' experiences. In comparison, commercial social media are far behind in terms of customization and respect for their users.
-
-**On Mastodon, you are not a product, you are a *person*.**
-
-Moreover, the software and community keeps growing and getting even better every year. For the next Mastodon update planned later this year, we can expect Quote Posts to be fully implemented, while respecting users' consent to have their posts quoted or not.
-
-Perhaps next year we can hope for improvement of the migration process, allowing users to also transfer their content to a new instance, thanks to the LOLA protocol. Then, we can dream of fully private direct messaging down the road, with the integration of end-to-end encryption.
-
-Once again, all these features will put Mastodon and other Fediverse software well above any commercial platforms. Keep an eye on the [Mastodon roadmap for more](https://joinmastodon.org/roadmap)!
-
-Mastodon isn't there to exploit your data and sell it to advertisers. There is no incentive to monetize you. On Mastodon, **you are a person who is part of a community**. This makes all the difference to respect your privacy rights 💛
-
-## :material-hand-heart-outline: Consider supporting Mastodon
-
-Mastodon doesn't sell your data, but it still needs money to survive and thrive. Mastodon is supported by its community!
-
-If you enjoy the platform and can contribute, consider supporting the project by:
-
-- [Donating to support Mastodon's development and operations](https://joinmastodon.org/sponsors)
-
-- Donating to your Mastodon instance (ask your administrator)
-
-- [Buying cute merch from the Mastodon organization](https://shop.joinmastodon.org/)
-
-- [Contributing to the Mastodon project on GitHub](https://github.com/mastodon/.github/blob/main/CONTRIBUTING.md)
-
-- [Starting your own Mastodon instance](https://docs.joinmastodon.org/user/run-your-own/)
-
-- [Talking to your friends and family about joining the Fediverse!](https://jointhefediverse.net/join)
-
-<div class="admonition info" markdown>
-<p class="admonition-title">More information</p>
-
-For more information on Mastodon and the Fediverse, you can visit the excellent website [Fedi.Tips](https://fedi.tips/).
-
-</div>
-
-<small aria-hidden="true">Unless credited otherwise, all screenshots from: Privacy Guides</small>

blog/posts/monero-server-using-truenas.md

@@ -1,362 +0,0 @@
----
-date:
-    created: 2025-06-12T18:15:00Z
-categories:
-    - Tutorials
-tags:
-    - Self-Hosting
-    - Cryptocurrency
-    - TrueNAS
-authors:
-    - justin
-description: In this guide, we will walk you through setting up a very powerful Monero server on TrueNAS.
-schema_type: AnalysisNewsArticle
-preview:
-  cover: blog/assets/images/monero-server-using-truenas/cover.webp
----
-# Creating a Tricked-Out Monero Server with TrueNAS
-
-![A cover image for this post showing an illustration of a NAS and stacks of coins imprinted with the Monero logo](../assets/images/monero-server-using-truenas/cover.webp)
-
-<small aria-hidden="true">Illustration: Jonah Aragon / Privacy Guides</small>
-
-In this guide, we will walk you through setting up a very powerful [Monero](https://www.privacyguides.org/en/cryptocurrency/#monero) server on TrueNAS. By completing these steps, you will be able to connect to your own self-hosted Monero node with the official Monero wallet and Cake Wallet, and you will be able to connect to your own self-hosted Monero LWS server with Edge Wallet and MyMonero.<!-- more -->
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Guest Contributor</p>
-
-Please welcome Justin Ehrenhofer as a first-time guest contributor! Justin is the president of MAGIC Grants, a nonprofit which supports public cryptocurrency infrastructure and promotes privacy, and operates as Privacy Guides' [fiscal host](privacy-guides-partners-with-magic-grants-501-c-3.md). Privacy Guides does not publish guest posts in exchange for compensation, and this tutorial was independently reviewed by our editorial team prior to publication.
-
-</div>
-
-This guide assumes that you are using TrueNAS for the first time. TrueNAS is an open-source operating system that is meant to function primarily as a NAS, and it supports running arbitrary Docker apps. [MAGIC Grants](https://magicgrants.org) spent the last few months making dedicated apps on the TrueNAS store to make this setup process simpler than starting from scratch.
-
-## Advantages of Running Your Own Node
-
-Monero is a cryptocurrency with strong privacy properties by default, and it is the only cryptocurrency currently [recommended](https://www.privacyguides.org/en/cryptocurrency/) by Privacy Guides.
-
-Despite Monero's privacy protections, your wallet needs to communicate with the rest of the Monero network. There are two main options:
-
-1. Connecting to someone else's node; or
-2. Connecting to your own node.
-
-By connecting to your own node, you do not need to reveal when you are using your wallet and what transactions you send to the node operator.
-
-By following this guide, your transaction broadcasts will be protected with the Tor and/or I2P [networks](https://www.privacyguides.org/en/alternative-networks/).
-
-In short, if you *can* run your own node, you *should* run your own node.
-
-## Hardware/Software Recommendations
-
-* A spare machine (e.g., an old desktop computer) with:
-    * One or more SSDs with >100 GB of free space
-    * 4+ CPU cores
-    * 4GB+ of RAM
-    * TrueNAS already installed
-* A domain name (optional, for encrypted clearnet connections)
-
-It's possible to undercut these recommendations, but please don't do that to yourself.
-
-## What We Will Set Up
-
-All of these applications are optional. You can set up nearly any combination of these. For example, you can skip just the I2P app if you don't plan to use I2P.
-
-| Software | Description | Purpose |
-| -------- | -------- | -------- |
-| Arti | A [Tor](https://www.privacyguides.org/en/advanced/tor-overview) client written in Rust. | Connect to Tor nodes, broadcast transactions over Tor, and connect to TrueNAS apps over Tor. |
-| Java I2P | The officially distributed app to connect to the [I2P network](https://www.privacyguides.org/en/alternative-networks/#i2p-the-invisible-internet-project). | Connect to I2P nodes, broadcast transactions over I2P, and connect to TrueNAS apps over I2P. |
-| Monero Node | The officially distributed app for communicating with the Monero network. | The app provides the necessary information to send and receive Monero transactions. Most wallets (including the official Monero wallets and Cake Wallet) connect to Monero nodes. |
-| Monero-LWS | A "**L**ight**w**eight **S**erver" that allows "lightweight" wallets to send and receive Monero transactions. | Lightweight Monero wallet apps (including Edge Wallet and MyMonero) can connect to this server so that the wallet itself does not need to scan/sync Monero history; the server handles this scanning/syncing. |
-
-## Configure TrueNAS Storage
-
-We will configure storage for the Monero blockchain, and we will use default storage settings for other purposes. If you are an advanced user, you can configure the storage yourself.
-
-### Create a Monero Pool
-
-In TrueNAS, a pool is a collection of hard drives for a specific use-case. For simplicity, we will configure the entirety of a single SSD for Monero's use.
-
-1. Click **Storage**.
-2. Click **Create Pool**.
-3. Type `monero-pool` for the name. Leave encryption disabled (this will only store public blockchain data). Click **Next**.
-4. Choose the layout that you will be using. We will pick **Stripe** in this guide.
-5. Select the entire storage space for the SSD. Click **Next**.
-6. Skip all the remaining options for metadata, log, cache, spare, and dedup. Keep clicking **Next**.
-7. Finish creating the pool by clicking **Create Pool**.
-
-### Create a Monero Dataset
-
-A dataset is effectively a folder inside a pool. We will make one folder for the Monero blockchain data:
-
-1. Click **Datasets**.
-2. Click on the `monero-pool` pool.
-3. Click **Add Dataset**.
-4. Set the name to `monero-blockchain`
-5. Set the dataset preset to **Apps**.
-6. Click **Save**.
-
-![Screenshot showing the Datasets list in TrueNAS](../assets/images/monero-server-using-truenas/01-datasets.webp)
-
-Next, we will assign the ownership of that folder to the `apps` user:
-
-1. While the `monero-blockchain` dataset is selected, click **Edit** under Permissions.
-2. At the top, change the **Owner** and **Owner Group** from `root` to `apps`.
-3. Check the boxes for **Apply Owner** and **Apply Group**.
-4. Check **Apply permissions recursively**.
-5. Click **Save Access Control List**.
-
-![Screenshot showing the ACL settings for monero-blockchain](../assets/images/monero-server-using-truenas/02-edit-acl.webp)
-
-## Configure Arti (Tor)
-
-<div class="admonition example" markdown>
-<p class="admonition-title">Experimental software</p>
-
-Arti is experimental software. At the time of writing, Arti should not be used for privacy-critical applications. Connecting to your own Monero node is "low risk" in most circumstances. However, if you have very sensitive requirements you should not use Arti until it has been tested further by the community. By using Arti today, you are helping to make Arti better!
-
-</div>
-
-1. Click **Apps**.
-2. Click **Discover Apps**.
-3. Search for `Arti`. Click on the **Arti** app.
-4. Click **Install**. This will pull up a form.
-5. Under **Hidden Services**, click **Add**. For each of the functions below that you want to support, create a new hidden service:
-    1. Monero Node (for incoming P2P connections)
-        1. Name: `monerodp2p`
-        2. App Port: `18084`
-        3. Hidden Service Port: `18084`
-    2. Monero Node (for incoming RPC (wallet) connections)
-        1. Name: `monerodrpc`
-        2. App Port: `18089`
-        3. Hidden Service Port: `18089`
-    3. Monero LWS
-        1. Name: `monerolws`
-        2. App Port: `18090`
-        3. Hidden Service Port: `18090`
-6. Leave the other settings as default. Click **Install**.
-
-You will see the Applications screen after it installs. After the Arti app shows the status as **Running**, click on the shell icon under Workloads and to the right of `arti – Running` (not `config` or `perms`).
-
-![Screenshot showing how to click the Arti shell icon](../assets/images/monero-server-using-truenas/03-arti-shell.webp)
-
-In the shell, type the command `arti hss --nickname monerodp2p onion-address`. This will return a string that ends in `.onion`. In notepad, Excel, or another app, save the `.onion` address and the service it is associated with (`monerodp2p`). You might need to copy from the shell with ++ctrl+ins++.
-
-![Screenshot showing the command and response to get the onion address](../assets/images/monero-server-using-truenas/04-arti-shell.webp)
-
-Do this again for the following two commands as well:
-
-```console
-arti hss --nickname monerodrpc onion-address
-arti hss --nickname monerolws onion-address
-```
-
-You should have three saved and unique `.onion` addresses.
-
-## Configure I2P
-
-1. Click **Apps**.
-2. Click **Discover Apps**.
-3. Search for `I2P`. Click on the **I2P** app.
-4. Click **Install**. This will pull up a form.
-5. Change the **Port Bind Mode** for **I2P HTTP Proxy Port** to `None`.
-6. Change the **Port Bind Mode** for **I2P HTTPS Proxy Port** to `None`.
-7. To the right of **Additional Ports**, click **Add**.
-8. In the newly exposed fields, set the Port Number as `4447`.
-9. In the same newly exposed fields, set the Container Port as `4447`.
-10. Leave the other settings as default. Click **Install**.
-
-![Screenshot showing the I2P installation settings](../assets/images/monero-server-using-truenas/05-i2p-install.webp)
-
-You will see the Applications screen after it installs. After the Arti app shows the status as **Running**, open a browser and direct it to the I2P configuration wizard. This is available at `<hostname>:7657`, for example `192.168.1.100:7657`.
-
-Complete the initial I2P wizard using the default settings.
-
-### Create I2P SOCKS Proxy
-
-1. Click **Local Tunnels**.
-2. Click on the I2P HTTP Proxy.
-3. Uncheck **Automatically start tunnel when router starts**.
-4. Click **Save**.
-5. To the right of the I2P HTTP Proxy, click **Stop**.
-6. Click on the I2P HTTPS Proxy.
-7. Uncheck **Automatically start tunnel when router starts**.
-8. Click **Save**.
-9. To the right of the I2P HTTP Proxy, click **Stop**.
-10. At the bottom and to the right of **New client tunnel:**, change the type in the dropdown from `Standard` to `SOCKS 4/4a/5` and click **Create**.
-    1. Set the name as `monerod`.
-    2. Check **Automatically start tunnel when router starts**.
-    3. Set the Access Point **Port** to `4447`.
-    4. Set **Reachable by** to `0.0.0.0`.
-    5. Click **Save**.
-
-### Create I2P Hidden Services
-
-There is an optional step below to reduce the hidden service tunnel length from the default of 3 to 1. This will substantially increase the reliability of the server at the cost of anonymity.
-
-However, the server's connection to the I2P network for connecting to Monero wallets and the rest of the Monero network is typically not sensitive, unless you want to completely conceal that you are running a Monero node. Thus, most users will prefer the higher performance of the shorter tunnel length.
-
-We do not recommend shortening the tunnel lengths for the I2P SOCKS Proxy (in the previous section above) on the other hand, since transaction broadcasts tend to be sensitive.
-
-1. Under **I2P Hidden Services** and to the right of **New hidden service:**, change the type in the dropdown from `HTTP` to `Standard` and click **Create**.
-    1. Set the name as `monerodp2p`.
-    2. Check **Automatically start tunnel when router starts**.
-    3. Set the target host as the server's hostname, for example `192.168.1.100`.
-    4. Set the target port as `18085`.
-    5. *Optional:* Set the Tunnel Length Option to **1 hop tunnel (low anonymity)** for better performance.
-    6. Click **Save**.
-2. Create another `Standard` hidden service.
-    1. Set the name as `monerodrpc`.
-    2. Check **Automatically start tunnel when router starts**.
-    3. Set the target host as the server's hostname, for example `192.168.1.100`.
-    4. Set the target port as `18089`.
-    5. *Optional:* Set the Tunnel Length Option to **1 hop tunnel (low anonymity)** for better performance.
-    6. Click **Save**.
-3. Create another `Standard` hidden service.
-    1. Set the name as `monerolws`.
-    2. Check **Automatically start tunnel when router starts**.
-    3. Set the target host as the server's hostname, for example `192.168.1.100`.
-    4. Set the target port as `18090`.
-    5. *Optional:* Set the Tunnel Length Option to **1 hop tunnel (low anonymity)** for better performance.
-    6. Click **Save**.
-
-You will see the three I2P Hidden Services that you configured. Under each, you will see a `.b32.i2p` address after **Destination:**. You will need to use the destination `.b32.i2p` addresses in later steps (just like the `.onion` addresses), so keep them handy.
-
-![Screenshot showing I2P Hidden Services settings](../assets/images/monero-server-using-truenas/06-i2p-settings.webp)
-
-## Configure Monero Node
-
-### Initial Setup
-
-1. Click **Apps**.
-2. Click **Discover Apps**.
-3. Search for `Monero Node`. Click on the **Monero Node** app.
-4. Click **Install**. This will pull up a form.
-5. *Optional:* Uncheck **Prune the blockchain**. This will use significantly more storage.
-6. Under **Storage Configuration** and **Blockchain storage location**, change the **Type** from `ixVolume` to `Host Path`.
-7. Under **Host Path**, use the folder picker to select the `monero-blockchain` dataset. This should usually be `/mnt/monero-pool/monero-blockchain`.
-8. *Optional:* Under **Resources Configuration**, increase the CPU resource limits to as high of a value as possible for your system. This will help the node sync faster.
-9. Leave the other settings as default. Click **Install**.
-
-#### Why not configure Tor and I2P settings to begin with?
-
-Some users may be sensitive to a privacy risk where your Tor and I2P addresses could be matched with your public IPV4 address while it is syncing. By waiting to configure these settings until after your node is already fully synced, we minimize this risk.
-
-### Check on the Sync Status
-
-It will take a day or more for most systems to fully sync the Monero blockchain from scratch.
-
-To check the status, go to the app page and click on the `monerod` app. Under Workloads and to the right of `monerod – Running`, click on the shell icon.
-
-![Screenshot showing how to click the Monero Node shell icon](../assets/images/monero-server-using-truenas/07-monero-shell.webp)
-
-Type `monerod status` and press enter.
-
-If the status reports `Height: ####/#### (100.0%) on mainnet`, then your node is fully synced. You can proceed to the next step.
-
-![Screenshot showing the Monero Node sync status command](../assets/images/monero-server-using-truenas/08-monero-shell.webp)
-
-### Add Tor and I2P
-
-After your Monero node is fully synced, click on the `monerod` app and then click **Edit**. This will bring up the same form that you configured when installing the app.
-
-1. Check **Enable Tor connections**.
-2. Set the **Tor IP** as your hostname, for example `192.168.1.100`.
-3. Set the **Tor port** as `9150`.
-4. Check **Enable inbound Tor connections**.
-5. Set the **Inbound onion address** as the `.onion` address for `monerodp2p` that you observed earlier.
-6. Check **Enable inbound I2P connections**.
-7. Set the **I2P IP** as your hostname, for example `192.168.1.100`.
-8. Set the **I2P Port** as `4447`.
-9. Check **Enable inbound I2P connections**.
-10. Set the **Inbound I2P base32 address** as the `.b32.i2p` address for `monerodp2p` that you observed earlier.
-11. If you wish to enable Monero LWS, under **ZMQ RPC Port**, change the **Port Bind Mode** from `None` to `Publish port on the host for external access`.
-12. If you wish to enable Monero LWS, under **ZMQ Pub Port**, change the **Port Bind Mode** from `None` to `Publish port on the host for external access`.
-13. Under **Tor inbound port**, change the **Port Bind Mode** from `None` to `Publish port on the host for external access`.
-14. Under **I2P inbound port**, change the **Port Bind Mode** from `None` to `Publish port on the host for external access`.
-15. Click **Update**.
-
-![Screenshot showing the Monero Node install settings](../assets/images/monero-server-using-truenas/09-monero-install.webp)
-
-## Configure Monero LWS
-
-For security reasons, the Monero LWS app only accepts requests from allowlisted Monero addresses. Requests from other users will be rejected.
-
-1. Click **Apps**.
-2. Click **Discover Apps**.
-3. Search for `Monero LWS`. Click on the **Monero LWS** app.
-4. Click **Install**. This will pull up a form.
-5. Under **Accounts**, you can add sets of allowlisted Monero wallets that will be supported by this server. Click **Add** to add a wallet. For each wallet, include the `Address`, `View Key`, and `Restore Height`. If a restore height is not provided, it will scan the entire blockchain (which is thorough but inefficient).
-6. *Optional:* Under **Resources Configuration**, increase the CPU resource limits to as high of a value as possible for your system. This will help the server scan multiple wallets faster.
-7. After you have added all the wallets, click **Install**.
-
-You can add new Monero wallets in the future by adding them to the list of accounts.
-
-## Configure Secure Clearnet Connections
-
-It is insecure to connect your wallet to your server over an unencrypted connection.
-
-If you only configure your wallet to connect to your server over its I2P or Tor addresses, then you're all set. The connection is already encrypted.
-
-There are different ways to connect to your node over an encrypted clearnet connection, each with their pros and cons:
-
-| Method | Pros | Cons |
-| --- | --- | --- |
-| Tor | No additional configuration necessary. Private. Secure. Reliable. | Slow for non-LWS wallets. |
-| I2P | No additional configuration necessary. Private. Secure. | Slow. Unreliable. |
-| Nginx Proxy Manager | High degree of user control. Secure. Reliable. Fast. | Requires a domain. Requires configuration. |
-| Cloudflare Tunnels | Secure. Reliable. Fast. Easy to set up. Extra security settings. | Requires a domain. Decrypted traffic is shared with Cloudflare. |
-
-### Nginx Proxy Manager (Recommended)
-
-1. Click **Apps**.
-2. Click **Discover Apps**.
-3. Search for `Nginx Proxy Manager`. Click on the **Nginx Proxy Manager** app.
-4. Click **Install**. This will pull up a form.
-5. Leave the settings as default. Click **Install**.
-
-You will see the Applications screen after it installs. After the Nginx Proxy Manager app shows the status as **Running**, open a browser to `<hostname>:30020`, for example `192.168.1.100:30020`.
-
-#### Configure Your Domain and Router
-
-You will need to create A and (optionally) AAAA records with your DNS provider that point to your public IPV4 and IPV6 IP addresses, respectively. You will then need to forward the ports in your router to your TrueNAS hostname. These steps are out of scope for this guide.
-
-#### Add Proxy Hosts to Nginx Proxy Manager
-
-From the Nginx Proxy Manager browser interface, click **Hosts**, **Proxy Hosts**, then **Add Proxy Host**. We recommend creating proxy hosts as follows:
-
-| Domain Name | Scheme | Forward Hostname / IP | Forward Port |
-| --- | --- | --- | --- |
-| `monerod-rpc.<domain>` | `http` | `<hostname>` | `18089` |
-| `monero-lws.<domain>` | `http` | `<hostname>` | `18090` |
-
-For each entry, enable **Block common exploits**.  Configure the SSL settings with **Request a new SSL Certificate**, **Force SSL** enabled, and **HTTP/2 Support** enabled.
-
-Optionally assign an access list.
-
-You should now be able to access these services using your domain!
-
-## A Note About Clearnet Networking
-
-Making clearnet connections without encryption (without SSL/TLS) is insecure. This guide uses the Nginx Proxy Manager app to configure these secure connections, but you can alternatively use another approach such as Cloudflare Tunnels, Tailscale, or WireGuard.
-
-## What About Bitcoin?
-
-Bitcoin is not recommended by Privacy Guides due to its very weak privacy properties by default. Nevertheless, MAGIC Grants has made several Bitcoin oriented applications in the TrueNAS store that you may benefit from if you need to use Bitcoin.
-
-## Test Connections
-
-We will test connections to our node over Tor using [Cake Wallet](https://cakewallet.com), [Edge Wallet](https://edge.app), and [Orbot](https://orbot.app). Make sure you have these apps installed and already have Monero wallets set up.
-
-Use **Full Device VPN** mode with Orbot for this guide.
-
-### Test with Cake Wallet
-
-Cake Wallet will connect to your Monero node. Follow [these steps](https://docs.cakewallet.com/features/advanced/tor-with-orbot/#switch-back-to-cake-wallet) to change the Monero node that Cake Wallet uses. Provide your `monerodrpc` onion address for the Monero Node app as the node address, `18089` as the port, no username, no password, and **Use SSL** unchecked.
-
-You should see a green dot next to this newly added node, and you should notice that your wallet is able to sync. Syncing performance to a Monero node over Tor is slow.
-
-### Test with Edge Wallet
-
-Edge Wallet will connect to your Monero-LWS server. In Edge Wallet, click on the upper right hamburger menu, then **Settings**, then **Asset Settings**, then **Monero**. Select **Custom Light Wallet Server** and provide your `monerolws` onion address with the port. For example, `http://monerolws.onion:18090`, replacing `monerolws.onion` with your correct onion address.
-
-Back in the main wallet overview, you should see that your Monero wallet is fully synced.

blog/posts/privacy-means-safety.md

@@ -155,7 +155,7 @@ The 26-year-old American who incorrectly identified the Australian girl and shar
 
 ### Targeted research, attack, and spyware
 
-For targeted attacks, aggressors will often use simple techniques to find a victim's data from what is already leaked online or openly shared on social media. For more sophisticated attacks, perpetrators might use criminal methods such as impersonation for [SIM swap attacks](https://en.wikipedia.org/wiki/SIM_swap_scam). When attackers have more resources, such as state-backed attackers, more sophisticated processes might be used, like device infection with [NSO Group's spyware](https://citizenlab.ca/tag/nso-group).
+For targeted attacks, aggressors will often use simple techniques to find a victim's data from what is already leaked online, or openly shared on social media. For more sophisticated attacks, perpetrators might use criminal methods such as impersonation for [SIM swap attacks](https://en.wikipedia.org/wiki/SIM_swap_scam). When attackers have more resources, such as a state-backed attackers, more sophisticated processes might be used, like device infection with [NSO Group's spyware](https://citizenlab.ca/tag/nso-group/).
 
 ### Maliciously stolen or negligently leaked
 

blog/posts/queer-dating-apps-beware-who-you-trust.md

@@ -1,572 +0,0 @@
----
-date:
-    created: 2025-06-24T21:00:00Z
-categories:
-    - News
-tags:
-    - Pride Month
-authors:
-    - em
-description: At the intersection of data privacy and LGBTQ+ experiences, it's inevitable to talk about queer dating apps. Unfortunately, most are horrible for data privacy.
-schema_type: AnalysisNewsArticle
-preview:
-  cover: blog/assets/images/queer-dating-apps-beware-who-you-trust/dating-cover.webp
----
-
-# Queer Dating Apps: Beware Who You Trust With Your Intimate Data
-
-![Photo of a hand holding a phone with a rainbow gradient and a white heart on it. The hand holds the phone in front of a vertical rainbow background with an open eye displayed transparently over it, symbolizing surveillance.](../assets/images/queer-dating-apps-beware-who-you-trust/dating-cover.webp)
-
-<small aria-hidden="true">Illustration: Em / Privacy Guides | Photo: Surasak Ch / Unsplash</small>
-
-When discussing the intersection of data privacy and LGBTQ+ experiences, it's inevitable to also talk about queer dating apps. Due to a smaller percentage of the population and a number of factors complicating in-person dating, people part of the queer community are more likely to seek online platforms to meet lovers and friends. Unfortunately, using queer dating apps can be very dangerous for privacy, and even for safety.<!-- more -->
-
-Dating apps are generally horrible for everyone's privacy, but the queer population is at an even higher risk of harm due to discrimination, and even [criminalization in certain regions](https://www.humandignitytrust.org/lgbt-the-law/map-of-criminalisation/).
-
-Despite the risks, LGBTQ+ people still need to fulfill their social and romantic needs like anyone else.
-
-This isn't an easy task outside the online realm either. Discrimination can be much worse in physical environments that aren't specifically catering to the queer community. In some regions, this can even mean a greater risk of physical aggression.
-
-LGBTQ+ people aren't necessarily safe to date in the same ways cisgender heterosexual people are, increasing the need for safe spaces.
-
-Another important factor is that a smaller percentage of the population necessarily creates a smaller dating pool. Even if someone were to avoid entirely online services, if they aren't located in a town large enough to host LGBTQ+ venues and events, or if they live in an environment where revealing their queer identity could be unsafe to them, online spaces might be their only viable option to [find connections](stay-safe-but-stay-connected.md).
-
-Sadly, this isn't ideal. In today's world, it seems very few services (if any) are considering the importance of data privacy for dating apps seriously enough.
-
-For this reason, it is crucial to acknowledge the dangers, and learn about ways to minimize the risks, and to stay safe while looking for romantic or sexual partners online.
-
-## Dating apps are horrible for data privacy
-
-Unfortunately, whether it's dating apps catering to everyone or to a narrower segment of the population, they are pretty much *all horrible for data privacy*.
-
-Some apps might be worse than others, but at this time, there are no good, largely used, *and* privacy-respectful dating apps.
-
-Due to the nature of dating apps, a major problem is that any dating app will unavoidably collect at least some of very sensitive personal data. This can include photos, intimate photos, sexual preferences, intimate conversations, detailed physical descriptions, and likely much more.
-
-Because of this, a good privacy-respectful dating app would need to implement considerably stronger protections for this data, and obviously not share it with any third party. Regrettably, this isn't what is happening *at all*.
-
-### They collect very sensitive information, legally and illegally
-
-Necessarily, most dating apps will collect *at minimum* a nickname, email, photo, and descriptions of your personality and physical appearance. But, the majority of apps do not stop there.
-
-Most dating apps also collect your location, IP address, and phone number (a strong quasi-static identifier that can be linked to your other accounts and legal identity).
-
-Then, you might upload additional sensitive information, such as a detailed physical description, detailed personality description, health condition, religion, political views, sexual preferences, and even intimate photos in private chats. All this information is collected and stored by the dating app, and maybe even shared with third parties.
-
-According to a [report from Mozilla](https://www.mozillafoundation.org/en/privacynotincluded/articles/data-hungry-dating-apps-are-worse-than-ever-for-your-privacy/), about 25% of apps also collect metadata on uploaded content. This means that if you do not [remove metadata](https://www.privacyguides.org/en/data-redaction/) from your photos and videos (or other file types) before uploading them, the dating app could collect it. This can include very precise information on where and when a photo or video was taken, for example.
-
-Additionally, dating apps can collect a scandalous amount of information from your social media accounts if you use them to sign up with the app. Already in 2017 (this is likely much worse 8 years later into surveillance capitalism), The Guardian journalist Judith Duportail [reported](https://www.theguardian.com/technology/2017/sep/26/tinder-personal-data-dating-app-messages-hacked-sold) on her experience with Tinder after requesting a copy of her account data. Tinder had kept 800 pages of information on her, including Facebook likes, number of Facebook friends, Instagram photo links, ages of men she was interested in, and so on. From her experience she wrote:
-
-> What will happen if this treasure trove of data gets hacked, is made public or simply bought by another company? I can almost feel the shame I would experience.
-
-She is not alone in this. Every dating-app user is at risk of having their intimate data exposed if their account or the app's servers gets hacked, or if the company otherwise leaks or shares their data.
-
-Tragically, data breaches and companies acquisitions aren't rare occurrences. It's more a matter of "when" than "if".
-
-#### Identity verification
-
-Moreover, many apps now require to "verify identity" by requesting users to submit a video selfie, official ID, or other means of verification.
-
-This practice is intrusive at best, and straight out *dangerous* at worst. Any verification practice requiring a piece of official ID or a facial scan has the potential of endangering this data, and increases the risk of a data leak exposing your intimate dating information while being strongly linked to your legal identity.
-
-No dating app should be requiring such sensitive information. Fighting bots and fake accounts isn't worth the risk this represents to users.
-
-#### Biometric data
-
-Even for users who might be careful to choose more privacy-respectful apps, or feel protected by stronger local legislation, trust can be broken.
-
-In 2024, Bumble and Badoo settled a [class action lawsuit](https://www.the-sun.com/money/12327292/bumble-settlement-badoo-payment/) for allegedly infringing the privacy rights of users residing in Illinois US, by violating the [Biometric Information Privacy Act](https://en.wikipedia.org/wiki/Biometric_Information_Privacy_Act) (BIPA). The complainants alleged the apps, both owned by Bumble Inc, were capturing and storing users' facial scan biometrics it extracted from profile's content without the users' consent.
-
-While users located in Illinois were entitled to financial compensation from the [settlement](https://topclassactions.com/lawsuit-settlements/closed-settlements/40m-bumble-badoo-bipa-class-action-settlement/), others located in regions with weaker local regulation didn't receive any compensation for this violation of their consent.
-
-#### Artificial intelligence features
-
-Finally, most dating services have now [integrated AI features in their platforms](https://www.platformer.news/grindr-ai-boyfriend-wingman-monetization-paid-taps/). This is dreadful for privacy.
-
-The problem with current AI features is that most will not just generate data but will also *collect* data. Once data is integrated into a model, it's incredibly difficult (if not impossible) to delete it later.
-
-Grindr's terms of service include a section specifying that, when using the platform, [you grant an irrevocable right to Grindr](https://www.grindr.com/terms-of-service) to "exploit Your User Content" to train "AI Technologies". **Your content is up for AI-grabs on Grindr.**
-
-Horrifyingly, most other dating apps aren't better.
-
-While other apps might be careful not to directly name "AI" or "training" in their terms of service, risking scaring users away, OkCupid, Hinge, and Plenty of Fish (all part of the Texas-based dating service conglomerate Match Group), describe a similar clause in their terms of service that could potentially include AI technologies training on users' content (if not already).
-
-For example, OkCupid specifies in clause 7 of their [Terms & Conditions](https://okcupid-app.zendesk.com/hc/en-us/articles/23941864418203-Terms-Conditions) (emphasis added for clarity):
-
-> By creating an account, **you grant to OkCupid a worldwide, perpetual, transferable**, sub-licensable, royalty-free **right and license to** host, store, use, copy, display, reproduce, adapt, edit, publish, translate, modify, reformat, **incorporate into other works, advertise, distribute and otherwise make available to the general public Your Content**, including any information you authorize us to access from Facebook or other third- party sources (if applicable), in whole or in part, and **in any way and in any format or medium currently known or developed in the future.** OkCupid's license to Your Content shall be non-exclusive, except that OkCupid's license shall be exclusive with respect to derivative works created through use of our Services. For example, **OkCupid would have an exclusive license to screenshots of our Services that include Your Content.**
-
-Of course "any medium developed in the future" could include AI technologies, and/or anything else.
-
-OkCupid has already integrated AI features in users' dating experience using OpenAI's ChatGPT for its services. Michael Kaye, OkCupid's head of communications, excitedly [told Mashable](https://mashable.com/article/okcupid-chatgpt-questions) that "daters who think ChatGPT is a lifesaver get almost 40 percent more Matches on OkCupid than those who think it's too big brother".
-
-Well, perhaps users who accurately think "it's too big brother" have simply already left the app...
-
-### They can expose legal identities
-
-Besides the data privacy dangers created by integrating AI features in dating apps, [identity and age verification is another growing problem](age-verification-wants-your-face.md).
-
-Unfortunately, it seems dating apps are more concerned with fighting fake accounts than protecting users' data, and are willing to sacrifice the latter for the former.
-
-Of course, this security measure is only theatrical. Criminals will easily go around identity verification systems, while the inevitable data breaches will endanger and harm all trustworthy users at once.
-
-#### Identity verification endangers the most vulnerable
-
-Each time a dating application asks for a video selfie or an official piece of ID to prove identity or age, this data risks getting leaked and stolen later.
-
-Moreover, requiring official IDs and face scans severely harm the most vulnerable users who need [protective practices to stay safe online](stay-safe-but-stay-connected.md/#practices-and-tools-that-help-in-various-contexts), for example by using a pseudonym. This is true for victims of domestic violence, victims of online stalking, as well as for the LGBTQ+ community.
-
-Exposed legal identities, particularly in conjunction with dating data, can lead to identity theft, online harassment, doxxing, non-consensual outing, extortion, loss of employment, arrest, and even sexual and physical violence.
-
-Pseudonymity can save lives online. Fighting pseudonymity isn't fighting crime, it's [fighting against the safety](https://journals.sagepub.com/doi/full/10.1177/17416590221111827) of the most vulnerable in our society.
-
-#### Biometric data and dystopian third party
-
-Continuing this horrifying trend, Match Group has announced this spring they are partnering with the [dystopian World App](sam-altman-wants-your-eyeball.md) to start testing age verification for Tinder in Japan. The World App generates unique identifiers based on biometric iris scan.
-
-If having to scan your official ID to continue using Tinder is *bad*, having to scan your eyeball from a questionable third party app is even *worse*.
-
-This practice will start for Tinder in Japan, but it's likely the verification process could be expanded to all users of Match Group apps in the near future.  Soon, the only way to avoid having to share biometric data with the World App to continue using your favorite dating app could be to leave the app entirely.
-
-#### Payment information
-
-Finally, payment information can also create a link between your dating account and your legal identity.
-
-If you provide a credit card under your legal name to use a dating app, then this profile is inevitably linked to your legal identity.
-
-It's possible that some application *might* use third-party software to manage payments, and that this data *might* not leak associated with your dating profile. However, this depends on which payment services the dating app works with, and what the company's security practices are.
-
-### They sell users' data to data brokers
-
-Sadly, not only most dating apps collect *way too much data* they don't secure properly, but they also willingly share this data with data brokers.
-
-If you are not familiar with the [data broker industry](https://www.eff.org/deeplinks/2021/07/data-brokers-are-problem), data brokers are usually private for-profit companies that specialize in collecting personal information on everyone, using and scraping public records, social media accounts, various websites, other online sources, and any applications willing to work with them.
-
-They then make this information [available to anyone](https://gizmodo.com/alleged-minnesota-shooter-used-data-brokers-to-find-lawmakers-addresses-2000616975) for sale. They do not care about your consent nor your safety, at all.
-
-**Data brokers are the archenemy of privacy rights.**
-
-And yes, dating apps share your dating data with them. California's Privacy Protection Agency even uses dating apps in its [example](https://cppa.ca.gov/data_broker_registry/) for the Data Broker Registry it keeps:
-
-> For example, if a person signs up for a dating app, a data broker may buy all recent sign ups of that dating app from the app developer and sell the information to a gym that is looking to target potential new customers.
-
-The chosen example of a data broker selling dating app data to a gym is quite mild. As explained in the next section, [what actually happens](#hateful-groups-tracking-users) with this data if often much more grim.
-
-One type of data often [bought by data brokers](https://www.eff.org/issues/location-data-brokers) is location data. Location data can easily be used to precisely identify a user, a user's home address, a user's work address, a user's favorite venues, and a user's connections with others. **Many dating apps share location data.**
-
-In 2022, The Markup [published](https://themarkup.org/privacy/2022/01/27/gay-bi-dating-app-muslim-prayer-apps-sold-data-on-peoples-location-to-a-controversial-data-broker) the results of an investigation from a 2018-2019 sample dataset they obtained from the data broker X-Mode. The dataset compiled location data collected from 107 different apps, including the dating app Bro "for bi, gay, and open-minded men".
-
-While conducting research on apps from the Google app store in 2020, the Yale Privacy Lab uncovered several other queer dating apps selling data to X-Mode. At that time, the dating apps Wapo, Wapa, MEET MARKET, and FEM were all sharing users' location data with the same data broker.
-
-Replying to journalists, Bro App's founder confirmed that the company no longer shares users' location with X-Mode.
-
-But what other data and which other data brokers dating apps might be working with? How many other dating apps similarly share location data?
-
-Seven years after this dataset was examined, and in a world where data is being collected from users exponentially more, how many dating apps have simply normalized this practice entirely?
-
-This isn't a new problem, and this [isn't just about location data](https://www.vice.com/en/article/shady-data-brokers-are-selling-online-dating-profiles-by-the-millions/). But this problem is getting increasingly worse, and users must be properly informed on how their intimate data is used and shared.
-
-With the advancements in computer performance over the years, collecting and storing data is cheaper than ever. Corporations and governments alike are eager to access this data for advertising and surveillance purposes. The same is true for special interest and criminal groups of all kinds.
-
-**The data broker industry is thriving on exploiting our data without consent**, even in our most intimate activities.
-
-### They monetize data for advertising
-
-Data brokers and ad-tech companies are working together in similar ways to extract values from every data point they can find about you online. They feed each other in some sort of twisted exploitative synergy.
-
-Dating apps are working with them as well.
-
-In 2021, [Grindr was fined](https://www.bbc.com/news/technology-59651703) €6.5m by the Norwegian Data Protection Authority for sharing users' data without prior explicit consent. The data shared with advertisers included age, gender, advertising ID, IP address, GPS location, and the fact that someone used Grindr. This makes the data even more sensitive, potentially revealing a user's sexual orientation (which is a special category under the [GDPR Article 9](https://gdpr-info.eu/art-9-gdpr/)).
-
-Last year, Grindr was sued for allegations of [sharing users' HIV status](https://www.bbc.com/news/articles/cj7mxnvz42no) with advertisers, in violation of UK's data privacy laws. Two years before, Grindr was [reprimanded](https://ico.org.uk/media2/migrated/4023128/grindr-reprimand.pdf) by the UK's Information Commissioner's Office (ICO) for its data protection (mal)practices.
-
-In 2020, the CPO Magazine [reported](https://www.cpomagazine.com/data-privacy/many-of-the-major-dating-apps-are-leaking-personal-data-to-advertisers/) about tests conducted by the Norwegian Consumer Council that found some of the most popular dating apps sharing sensitive personal information with advertisers. Tinder, Grindr (again), and OkCupid were all found to share age, gender, device information, IP address, and GPS location with advertising and analytics platforms owned by Google, Facebook, Twitter (X), Amazon, and more.
-
-Worse, it was also found that some of these apps sometime shared users' data related to their sexual orientation and dating interests. OkCupid even shared users data related to drug use and political views.
-
-The same year, Tinder announced a partnership with the app Noonlight to implement a "panic button" feature to connect users with help in case of emergency. This seems great at first, but the problem is, it is yet another app that hasn't done its privacy homework properly to protect users. Gizmodo [found](https://gizmodo.com/tinders-new-panic-button-is-sharing-your-data-with-ad-t-1841184919) the partnering app was sharing users' data with major ad-tech businesses *every minute*, including with Facebook and Google.
-
-Even your safety is being monetized and shared with Facebook.
-
-### They don't safeguard data properly
-
-In addition to collecting and monetizing a *large* amount of very sensitive data on every user, many dating apps have the unfortunate tendency to not take securing this data seriously enough.
-
-Data breaches and leaks of all sorts are rampant with dating apps. Assume all data you upload there might become public, sooner than later. If you are not out publicly, be aware **a dating app data breach could out you against your will**.
-
-Here are a few examples of past incidents:
-
-- 2025: [Grindr, Tinder data breach](https://techcrunch.com/2025/01/13/gravy-analytics-data-broker-breach-trove-of-location-data-threatens-privacy-millions/?guccounter=1)
-
-- 2025: [Translove, Pink, Brish data leak](https://cybernews.com/security/ios-dating-apps-leak-private-photos/)
-
-- 2025: [Gay Daddy data leak](https://cybernews.com/security/gay-daddy-ios-app-exposes-users/)
-
-- 2025: [Raw data leak](https://techcrunch.com/2025/05/02/dating-app-raw-exposed-users-location-data-personal-information/)
-
-- 2025: [Headero data leak](https://beyondmachines.net/event_details/headero-dating-app-leaks-data-exposing-4-million-user-records-5-n-4-z-a/gD2P6Ple2L)
-
-- 2023: [Coffee Meets Bagel data breach](https://www.bleepingcomputer.com/news/security/coffee-meets-bagel-says-recent-outage-caused-by-destructive-cyberattack/)
-
-- 2023: [419 Dating, Meet You, Speed Dating App For American data leak](https://ciso.economictimes.indiatimes.com/news/data-breaches/dating-app-that-claims-50-million-users-suffer-data-breach/101910331)
-
-- 2021: [MeetMindful data breach](https://www.zdnet.com/article/hacker-leaks-data-of-2-28-million-dating-site-users/)
-
-- 2019: [Coffee Meets Bagel data breach](https://www.independent.co.uk/tech/coffee-meets-bagel-dating-app-hack-a8781176.html)
-
-- 2019: [Heyyo data leak](https://www.zdnet.com/article/heyyo-dating-app-leaked-users-personal-data-photos-location-data-more/)
-
-- 2019: [MobiFriends data breach](https://www.infosecurity-magazine.com/news/data-breach-exposes-four-million/)
-
-These are only a few examples, and from all the examples of data exposure out there, it's important to remember these are likely only *a fraction* of the data breaches truly happening. The small fraction that actually gets detected and reported.
-
-While nothing is ever 100% secure, **application developers must do much more** to protect users data adequately.
-
-The constant news about data breaches and leaks is demonstrating how better security and better privacy is urgently needed, especially for such sensitive information.
-
-### They can make deleting data difficult
-
-One excellent practice every dating app should adopt is data minimization. Applications should only require users to *provide the absolute minimum* information necessary to run the service.
-
-Then, as soon as this data is no longer required, data should be *thoroughly and permanently deleted*. For example, data should be *thoroughly deleted* when a user deletes it on their end, officially requests to have their data or their account deleted, or when an account becomes inactive after a certain period of time.
-
-This practices greatly reduces the risk of data breaches and leaks, and releases the company from this legal responsibility. **You cannot endanger the data you do not have.**
-
-Every organization and software developer *should* follow the [wise advice](https://www.schneier.com/blog/archives/2016/03/data_is_a_toxic.html) from renown cryptographer Bruce Schneier, and treat data like it's a toxic asset.
-
-#### Data retention practices
-
-It's difficult to know for sure for how long certain dating apps retain data behind the scene. Many lack transparency about their data retention practices.
-
-Data retention periods should always be the shortest possible to provide the service. Sadly, many businesses might be tempted to retain it for much longer, especially in the age of AI-training datasets.
-
-#### Data deletion practices
-
-Additionally, not all dating apps have adopted proper data deletion practices.
-
-The ideal practice is to empower users to be able to delete the data they wish to delete from within their account (e.g. being able to delete one message or one conversation). But also, companies should provide an option to request a *complete* and *permanent* account and data deletion from within the account, *without requiring additional information* from a user, and without requiring to email the company.
-
-Many applications have implemented data deletion processes similar to the model described above to manage user's requests, but not all of them (yet).
-
-Of course, organizations *must* also follow through, and *properly* delete this data in the *backend* as well as in the frontend.
-
-This has important legal implications, because even for organizations lacking transparency and honesty, users could soon find out the truth in the next data breach. If the data was not fully deleted after a deletion request was made, this could have *severe* legal and financial consequences.
-
-#### Investigating an app's data deletion process *before* creating an account
-
-Unfortunately, some dating apps seem to have neglected this important process in their relationship with users.
-
-Some applications and services are requiring *more* data to submit a data deletion request than what was even required to create the account in the first place. **This is bad.**
-
-Despite being rated the best (or perhaps the "least bad") on [Mozilla's Privacy Not Included chart](https://www.mozillafoundation.org/en/privacynotincluded/categories/dating-apps/), the queer dating app Lex seems to require users to fill a *Google Form* that mandates providing first and last name, date of birth, email, phone number, and even a *home address*. One of the form seems to imply an official piece of ID might also be required. This is *extremely* intrusive.
-
-Moreover, this practice would be directly sharing this personal information *with Google,* outing that this person (with this legal name, and at this home address) is queer and uses or used Lex.
-
-Google Forms aren't a private way to share sensitive data. This isn't a great data privacy practice, to say the least.
-
-It's also [unclear](https://help.lex.lgbt/article/69-how-can-i-delete-my-data) if Lex respond to data deletion requests from users located outside the protection of the GDPR (Europe) or the CCPA (California US) at all. Despite a number of regions worldwide benefiting from privacy laws granting rights similar to the [GDPR's Article 17](https://gdpr-info.eu/art-17-gdpr/).
-
-Even if you have been careful to provide only minimal information when creating your account, it seems a simple data deletion request once you are done using the app would require you to share all this *extremely sensitive and identifying information* with Lex (and Google!).
-
-At the time of this article's publication, Lex's current [privacy policy](https://help.lex.lgbt/article/51-privacy-policy) links to these two forms required from users to fill for [GDPR's Right to Erasure requests](https://docs.google.com/forms/d/e/1FAIpQLSdhK2fkBounO1PeN75s7OU0Ey1tmMpGEQYd9lD8EQWAH8DPKA/viewform) and [CCPA's Right to Delete requests](https://docs.google.com/forms/d/e/1FAIpQLScz7bDrVbjvB4uSiWjJky0JeePyv4Q-g3Cejz6pCCHiXlUEVw/viewform).
-
-It goes without saying that you shouldn't email a copy of your passport to anyone, and you should never have to provide *more* information than the app already has on you to get your data deleted. This is especially true if all the data mentioned above gets shared with a third-party advertising company like Google, through the use of Google Forms.
-
-Privacy Guides has reached out to Lex for clarification on its data deletion practices, but has not received any response at the time of this publication. This article will be updated with new information once we receive an answer.
-
-Before creating an account with a dating app (or any other app for that matter), it's important to find information on what will be the process to delete your data and account once you are done with the app.
-
-That way, you can choose to only use applications that will thoroughly respect your privacy rights, and your rights to delete your own data.
-
-## Queer dating apps can be targeted
-
-At this time, almost all popular dating apps are *horrible* for data privacy. But queer dating apps (or queer people using any dating app) are especially vulnerable targets for malicious actors.
-
-Unfortunately, hateful groups, criminals, and even governments have been weaponizing dating apps to harass, exploit, arrest, or even attack queer people.
-
-Dating app companies are partly responsible for facilitating this harm by selling users' data to data brokers and advertisers, and by repeatedly missing opportunities for improvements to secure their users' data.
-
-Additionally, each time there is a new dating app data leak, whether from negligence, incompetence, greed, or malice, this leak risks [outing people against their will](importance-of-privacy-for-the-queer-community.md/#being-outed-against-ones-will). This alone can have devastating consequences, from feeling violated to getting arrested, or even killed.
-
-In Morocco, where being gay is still illegal, a social media influencer [asked](https://www.levantx.com/series-source/violence-in-lockdown-sofia-talouni-and-gay-male-outings-in-morocco-under-covid) people in 2020 to join dating apps to out gay men around them. This resulted in a violent online harassment campaign with many gay men being outed against their will, chased from their homes, shunned by their family, and horrifyingly even led to some suicides.
-
-Regrettably, even in countries where being queer is legal and generally accepted, [targeted harassment](privacy-means-safety.md/#trans-and-queer-activists) and attacks can happen.
-
-For people who aren't out publicly, data revealed about their dating life could potentially out them immediately. But even for people who are out publicly, making details about their dating life public could trigger online hate, targeted harassment, and endanger them in many ways.
-
-Queer dating apps have an even greater responsibility to protect their users' data.
-
-Data related to one's sexual orientation is categorized as especially sensitive information by many privacy laws, generally requiring additional protections. For example, GDPR's [Article 9](https://gdpr-info.eu/art-9-gdpr/) specifies special conditions for handling data related to a "person's sex life or sexual orientation".
-
-Companies and software developers must take this responsibility much more seriously.
-
-### Hateful groups tracking users
-
-In 2023, the Washington Post [revealed](https://www.pcmag.com/news/a-catholic-group-spent-millions-on-dating-app-data-to-out-gay-priests) that an American Catholic group based in Colorado had bought data brokers datasets from queer dating apps.
-
-The religious group spent millions of dollars to access data from Grindr, Scruff, Growlr, Jack'd, and OkCupid in an attempt to out gay and bisexual priests. The group used these datasets to cross-reference locations with church residences. This level of hate and insidious spying seems quite ungodly.
-
-Tragically, dating apps selling users' data to brokers and advertisers makes this type of targeting by hateful groups easily accessible to anyone willing to pay.
-
-### Governments and authorities prosecuting users
-
-In countries where homosexuality and transgender people are criminalized, even governments are guilty of these cruel practices.
-
-In 2017, Human Rights Watch [reported](https://www.hrw.org/news/2017/05/01/south-koreas-military-sodomy-law-should-go) allegations of the South Korean army cracking down on gay service members using published screenshots from dating app chats. Although homosexuality isn't illegal for civilians in South Korea, same-sex intercourse is illegal in the military. This oppressive rule is aggravated by the fact that South Korean men are [obligated to enroll](https://en.wikipedia.org/wiki/LGBTQ_rights_in_South_Korea) for a mandatory period of service under the conscript system.
-
-In 2018, organization Article 19 [completed](https://www.article19.org/resources/apps-arrests-abuse-egypt-lebanon-iran/) an investigation on the risk of dating apps usage by the LGBTQ+ community in Egypt, Lebanon, and Iran. The report demonstrates how authorities in Egypt used the geolocation feature of dating apps to entrap and arrest gay and transgender users.
-
-In 2022, Article 19 supported another report [focusing](https://www.article19.org/wp-content/uploads/2022/03/Digital-Crime-Scenes-Report-3.pdf) on the persecution of queer people in Egypt, Lebanon, and Tunisia. The report explains how authorities in these regions used dating apps to set up trap meetings with users, and to collect digital "evidences" to charge queer users.
-
-In 2025, Human Rights Watch [published](https://www.hrw.org/news/2025/05/26/uganda-anti-lgbt-law-unleashed-abuse-0) a report documenting the actions of authorities in Uganda following the 2023 enactment of the Anti-Homosexuality Act. In addition to spreading misinformation and hatred against LGBTQ+ people, leading to harassment and attacks, authorities have started to use dating apps to extort, entrap, and arrest queer people.
-
-Sadly, if LGBTQ+ rights continue to regress like we have observed in the past months, this sort of government-sanctioned persecution might even become normalized in the UK and the US as well.
-
-### Criminals blackmailing and attacking users
-
-Along with hateful groups and authoritarian regimes, criminals are also targeting the queer community on dating apps. This type of crime is exponentially worse for users located in regions where being queer is criminalized, but it is still a danger for anyone worldwide.
-
-Criminals have been [targeting](https://www.bleepingcomputer.com/news/security/lgbtq-plus-community-warned-of-extortionists-abusing-dating-apps/) users on queer dating apps for extortion scams. According to a report from the US Federal Trade Commission, criminals pose as potential dates sending explicit photos, then request users to reciprocate. If they get a reply, they blackmail the victim under threat of revealing this information. This type of extortion can have devastating consequences.
-
-Dating apps are worsening this problem when requesting users to provide legal identification such as facial scans, official IDs, or home addresses. If this information leaks in the future, criminals will have an even easier time to extort and attack their victims, regardless of if they're still on the app or not.
-
-## Reducing the risks when using dating apps
-
-Despite how bad dating apps are for your privacy (and maybe also your safety), your social, sexual, and romantic needs are important to consider as well.
-
-The best alternative for your data privacy is probably to favor in-person meetups and venues, whenever possible.
-
-However, if this isn't accessible to you, and you decide using a dating app is worth the risks, here are a few things to keep in mind that can help to improve your privacy and to reduce the dangers when using a dating app.
-
-### Investigating before creating an account
-
-Before creating an account on a dating app (or any other apps), it's a good idea to take a look at its privacy policy (or privacy notice) and terms of service.
-
-#### Researching privacy policy and terms of service
-
-Most people *hate* doing this, but it can really help to discern which apps are better than others.
-
-You don't have to read it all, but make sure to at least check the sections on what data they collect, with whom they share it, and how they use it.
-
-Important pro-tip: Using your browser, search the page for an "@" sign to verify if the privacy policy includes a contact email address. It *should* have one. Sometimes, it will be a link to a contact page instead. If you cannot find any way to contact anyone at this organization by email, be suspicious.
-
-If you decide to use this dating app, keep a local copy of its privacy policy and terms of service using the "Save to PDF" function from your browser. This *can* help legally by keeping a proof in time of what were the terms when you signed up (of course, they might change later, but that's a start).
-
-#### Investigating usage of AI systems
-
-Look in the privacy policy and terms of service for any mention of AI systems. Sometimes, it's not named directly and might be called something else like "automated system" or other expressions.
-
-Be especially vigilant to check if the company **might use your content data to train these systems**. Make sure you have a way to at least opt out, or deactivate of any such training. AI systems training on your data is *atrocious* for your privacy.
-
-#### Confirming data deletion processes and retention periods
-
-Again usually through the app's policies, look at what the process will be when you'll want to get your data and account with this app fully deleted.
-
-This is important because deleting your data once you are done using the app will greatly improve your data privacy and security, by protecting it from potential data breaches and undisclosed usage in the future (if the deletion is done thoroughly).
-
-Additionally, deleting your data and account once you no longer need it minimizes the risk of an abandoned-account takeover by a criminal.
-
-When you abandon an account without closing it and deleting its data properly, criminals might break in and start using your account and data without your knowledge. The longer the account sits there, the greater the risk.
-
-Make sure the app describes a clear process you can manage yourself *from within* the account to fully delete your data and account, and that **it doesn't require more information** to delete your account than you had to provide to create it in the first place.
-
-#### Evaluating reputation from history of data breaches
-
-Finally, conduct a short research on the history of security practices for this dating app.
-
-Look for trustworthy third-party reviews and information about the app. Always assume information and promises from the company itself are biased.
-
-Check the news for reports of data breaches and leaks. Checks what security researchers and privacy professionals have to say about this app. Make sure to find trustworthy sources, and remain vigilant about AI-generated articles and review articles that are advertising in disguise.
-
-### Choosing a dating app
-
-As stated at length in this article, there aren't any *good* dating apps for your privacy, sadly. There are only "slightly less horrible" dating apps.
-
-For more details on each, you can take a look at Mozilla's [Privacy Not Included chart](https://www.mozillafoundation.org/en/privacynotincluded/categories/dating-apps/) for dating apps. Check the details for each app you are interested in, not just the rating. However, keep in mind that even Lex, the first app listed there, doesn't seem to have great practices in regard to [data deletion](#investigating-an-apps-data-deletion-process-before-creating-an-account), and you might be unable to delete your account data fully if you decide to use this app. This might also be the case for some other apps listed there.
-
-Alternatively, there are a few free dating apps that might offer a different approach with open source code. Applications that are open-source have the benefit of full transparency to examine its code, and potentially detecting any undisclosed data collection.
-
-That being said, open-source applications aren't magically secure, and don't necessarily grant better privacy either. But code transparency helps to audit the application, and to detect any false claim related to privacy and security. The German dating app Alovoa is an example of this. You can take a look at its [code](https://github.com/Alovoa/Alovoa/) on GitHub.
-
-However, the downside of any dating app that isn't massively popular is it will have fewer users, possibly making finding matches more difficult.
-
-Nevertheless, using a niche dating app that fits better your values *could* potentially increase the chances of finding a match that also fit better your values.
-
-Specifically to data privacy however, privacy-conscious people looking for a date online might have to wait for a truly privacy-respectful app to be developed, and to get more popular in the future.
-
-### Minimizing the data shared
-
-When using any dating app, you should always be careful with the information you share, not just for data privacy, but also for your physical safety.
-
-Using a dating app still means talking with a lot of strangers online, and these strangers might have different intentions and goals than yours.
-
-Of course, to find genuine matches, you also do need to share at least some information about yourself, and you shouldn't lie to potential partners.
-
-The idea isn't to use fake information, the idea is simply to *minimize* the information you share, to increase your data privacy with the app, and your safety when interacting with strangers.
-
-Once you have developed a certain level of trust with a dating app match, then you can [move to safer channels](stay-safe-but-stay-connected.md/#private-messaging-one-on-one-and-group-chats) to share more with them (if you wish) in a more secure and more private environment. You could share your Signal username with them to chat in an end-to-end encrypted environment, for example.
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warning: Only share when you fully trust!</p>
-
-Remember that there will be no content moderation in this end-to-end encrypted environment, because it is *truly private*. You should **never share any intimate details with someone you do not trust fully**, even on Signal (or any other end-to-end encrypted apps).
-
-</div>
-
-#### Sign up credentials
-
-When signing up for a dating app, **never use a social media account**. Many applications now gives the option to sign up or sign in using your Google, Facebook, or Instagram account.
-
-While this might seem convenient at first, it allows the applications to exchange data, and this is *incredibly bad for your privacy*.
-
-Instead, always sign up for a dating service using new credential information that you have not used anywhere else before (new username, new email, new password). This will reduce the risk of your other accounts being linked with your dating app data, and vice versa.
-
-#### Email address
-
-To use a unique email address, you might want to create a proxy address known as an alias.
-
-Email aliasing is a great technique to improve your privacy online. It allows you to register for services using a unique email address for each. You can also use these unique email addresses to give to your dating prospects to communicate with them. For email aliasing, SimpleLogin is a great service that we [recommend](https://www.privacyguides.org/en/email-aliasing/).
-
-#### Phone number
-
-Using a unique phone number is much more complicated, unfortunately.
-
-From some countries, you might be able to find a trustworthy phone number proxy service, but those aren't always accepted to sign up for new accounts.
-
-Generally, it's much harder to use proxy for a phone number, and account requiring phone numbers to sign up aren't the best for privacy.
-
-A phone number is an identifier that most people rarely change, and that is strongly attached to your legal identity. If this data leaks in the future, your dating data could be linked to your legal identity, and to your other accounts in all sorts of ways.
-
-Additionally, using a phone number or a verification code sent to your phone through SMS to log in makes your account vulnerable to [SIM swap attacks](https://en.wikipedia.org/wiki/SIM_swap_scam). Avoid apps that are requiring a phone number to sign up if you can.
-
-If you absolutely cannot avoid it, then consider getting a secondary phone number on a spare phone that you only use for dating.
-
-#### IP address
-
-Your IP address is an identifier attached to the internet service you use, and can reveal your location (more or less accurately). Additionally, an IP address can potentially reveal your legal identity, and be linked to your other internet activities.
-
-Any online services and websites you use and visit will know your IP address, including dating apps.
-
-To protect from this, you would need to use a [trustworthy Virtual Private Network (VPN)](https://www.privacyguides.org/en/vpn/) provider. However, know that using a VPN is only a transfer of trust, from your Internet Service Provider (ISP) to your VPN provider.
-
-If using a queer dating app could be dangerous in your country, keep in mind that your VPN provider would know you have visited one. You would need additional protections to go around this, such as using a service like [Tor](https://www.privacyguides.org/en/advanced/tor-overview/) (which might not be possible with some services).
-
-Moreover, some dating services might not allow connection from a VPN server at all, or could trigger additional security checks and requirements to log in.
-
-#### Mobile app permissions
-
-After installing a dating app on a mobile device, make sure to go through your phone's settings to disable all the permissions you can.
-
-Keep it at the absolute *minimum* required for you to use the app. **Don't give permissions for the app to access your contacts or photos.**
-
-If enabled by default, disable accesses. Also disable accesses to your location, if you do not use this feature with the app. Ideally, enter your broad location instead (e.g. city only), and never allow precise geolocation from your phone.
-
-#### Privacy settings and opting out
-
-Before adding any information to your dating profile, go through the app's settings to select the strongest options available to protect your privacy.
-
-Sometimes, apps make it hard to find where to opt out data sharing and AI training, but *be persistent* and look everywhere you can. This is worth the effort!
-
-#### Account security
-
-Securing your account is also important to protect your privacy. If you do not use a [strong and unique password](https://www.privacyguides.org/en/basics/passwords-overview/), a criminal could easily snoop in or even takeover your account.
-
-In addition to choosing a long, complex, and unique password, make sure to enable multifactor authentication. Ideally, use an [authenticator app](https://www.privacyguides.org/en/multi-factor-authentication/) or [security key](https://www.privacyguides.org/en/security-keys/) for this.
-
-If the only option you have is to enable multifactor authentication with a phone number, *and you have already signed up for the app using a phone number*, then this is better than nothing. If you have *not* signed up with the app using a phone number, then it might be better to not use this at all. It's preferable to not give your phone number to the app, if you can avoid it.
-
-#### Name, nickname, and full name
-
-Be careful with the name you choose to publish. Avoid sharing your last name with anyone until you have met them, trust them, and are discussing on safer channels with them.
-
-Perhaps only use a nickname on the app, your fist name only, or a shortened version of your name if you can. **Do not lie, but avoid providing your complete legal identity from the app.**
-
-#### Photos and videos
-
-For photos, try to keep an awareness of whom will be able to see them. Some apps make your main profile picture visible to the entire internet!
-
-If this is true for the app you use, perhaps choose a photo hiding your features a little as your main photo. Then, add more detailed photos inside your profile, if photos have more restricted visibility there.
-
-No matter which photos you upload in a dating app, **do not ever use the same photos you have used on social media!**
-
-This could allow *anyone* to cross-reference your dating profile with your social media accounts using this photo (or other accounts and websites where you used the same photo). Depending on your situation, this can be incredibly dangerous.
-
-Ideally, only upload photos on the dating app that are new, or that you have only used with dating services.
-
-Additionally, be extremely careful about which *other* information is visible in the photos you share.
-
-Remain mindful of anything that could identify your home or work location, such as street signs, bus stops, street addresses, city landscapes, etc. Pay special attention to reflections in glasses, windows, mirrors, and other reflective surfaces.
-
-#### Photo metadata
-
-Furthermore, make sure to **[remove the metadata](https://www.privacyguides.org/en/data-redaction/)** from the photos and videos you want to upload, *before* you uploaded them in the dating app.
-
-Photo metadata can reveal a lot about you. This includes device models as well as the precise date, time, and geolocation where a photo was taken, or a video was filmed. Any metadata attached to images and videos uploaded to the app, is likely to be collected by the app.
-
-#### Intimate photos
-
-Finally, if you trust a match enough to start sharing more intimate pictures, consider the dating app might not be the safest space for this.
-
-Dating apps do not use end-to-end encryption, and *all* the data you upload there can be accessed by the company, and could be stolen in a data breach. Some dating apps were already [called out](https://www.techradar.com/pro/security/major-dating-app-data-breach-may-have-exposed-1-5-million-private-user-images-online) for this earlier this year.
-
-Moreover, keep in mind that criminals are regularly hunting for victims on dating apps, requesting intimate pictures for [nefarious purposes](https://www.bbc.co.uk/news/articles/cyvjy0871dqo). Students and younger people are a growing target for extortion, [sextortion](https://www.tandfonline.com/doi/full/10.1080/01639625.2024.2317904), and even [sex trafficking](https://www.investigatewest.org/investigatewest-reports/a-washington-teen-was-trafficked-by-a-man-she-met-on-tinder-she-says-two-years-later-shes-still-waiting-for-justice-17706687) on dating apps.
-
-*Always* keep in mind this risk when sharing intimate photos and videos with someone, *even on end-to-end encrypted platforms*.
-
-#### Private conversations
-
-When chatting in private with matches, remember that this conversation might not be as private as it feels.
-
-As explained above, the company can technically still **read and collect all of your private conversations**, and this data could also leak in a data breach.
-
-Additionally, nothing prevents anyone you are talking with from taking screenshots and publishing this information online. Unfortunately, this despicable practice isn't that uncommon.
-
-Make sure you trust the person you are chatting with enough before sharing any details that strongly identifies you, your location, or your work location. Consider moving to safer encrypted channels when the conversation becomes more personal.
-
-<div class="admonition info" markdown>
-<p class="admonition-title">A note on anonymity</p>
-
-Keep in mind that all these measures will *not* make you completely anonymous on a dating app.
-
-It will only *reduce* the data you expose to the company and its advertisers, to potential data breaches and leaks, as well as to criminal and governmental non-consensual accesses.
-
-Achieving total anonymity online is very difficult. But following these privacy-enhancing practices will effectively help to reduce the risks, and keep you safer online.
-
-</div>
-
-## Let's hope for better dating apps in the future
-
-It's disheartening to discuss a topic such as dating apps when the reality is there **aren't any good alternatives** to propose.
-
-Dating *offline* is the best data privacy-preserving solution so far, but dating apps, moreover queer dating apps, exist for a reason: It's hard to find occasions to meet people to date in-person these days.
-
-Many opportunities for this have slowly disappeared from our society in the past years. Online dating does provide a solution to meet people looking to date as well.
-
-The even sadder truth is, technically, we *could* have great privacy-respectful dating apps.
-
-However, the for-profit business model of most applications (not just dating apps) has incentive everyone to share and monetize users' data in horribly intrusive and abusive ways. This isn't a problem limited to dating apps.
-
-Nonetheless, dating apps should be built with much greater protections for users' privacy. The unavoidable sensitive data they collect warrants exemplary security and privacy measures.
-
-Let's hope that one day we will see a trustworthy dating-app developer come with a *truly* privacy-respectful dating app. One that uses serious security measures, data minimization practices, proper data deletion processes, code transparency, honest and complete policies, fully end-to-end encrypted private chat, and that doesn't sell nor share users' data with anyone.
-
-Until then, stay safe out there. And keep in mind your privacy and safety when using queer dating apps.
-
-## Additional resources
-
-### Helplines
-
-If you are feeling isolated, depressed, or suicidal, do not hesitate to reach out for help. These helplines are here to listen:
-
-- [Mindline Trans+ (UK)](https://www.mindinsomerset.org.uk/our-services/adult-one-to-one-support/mindline-trans/): Confidential support helpline for people who identify as trans, agender, gender-fluid or non-binary.
-
-- [Trans Lifeline Hotline (US and Canada)](https://translifeline.org/hotline/): Trans peer support (Phone number US: 877-565-8860 / Canada: 877-330-6366)
-
-- [Suicide & Crisis Helpline (US and Canada)](https://988lifeline.org/): General support 24/7 (Phone number: 988)
-
-- [Suicide & Crisis Helpline (International)](https://en.wikipedia.org/wiki/List_of_suicide_crisis_lines): List of suicide crisis lines around the world.
-
-### International advocacy
-
-- [Amnesty International](https://www.amnesty.org/en/what-we-do/discrimination/lgbti-rights/): Human rights organization running campaigns to protect and uphold the rights of LGBTI people globally.
-
-- [Human Rights Watch](https://www.hrw.org/topic/lgbt-rights): Human rights non-profit who documents and exposes abuses based on sexual orientation and gender identity worldwide, and advocate for better protective laws and policies.

blog/posts/sam-altman-wants-your-eyeball.md

@@ -36,7 +36,7 @@ The World App is an everything app, providing users with a *World ID*, that can
 
 The scan is then filtered and hashed to create a unique identifier that is stored as a so-called "proof of personhood" on the *World Network*, a blockchain-based protocol.
 
-The World App itself contains a collection of "Mini Apps", where users can manage their cryptocurrencies, chat together, play games, receive their paychecks even, and ultimately live their whole life within the closed "verified" ecosystem of the app.
+The World App itself contains a collection of "Mini Apps", where users can manage their cryptocurrencies, chat together, play games, receive their pay check even, and ultimately live their whole life within the closed "verified" ecosystem of the app.
 
 For a company constantly praising decentralization, it sure looks like they want to make sure they are the center of it all.
 
@@ -54,7 +54,7 @@ If they succeed in convincing enough people, many of us could soon have little c
 
 ## World(coin) isn't new, you might have heard of its unethical practices already
 
-The project [claims](https://techcrunch.com/2025/04/30/sam-altmans-world-unveils-a-mobile-verification-device/) to have onboarded 26 million people already, including 12 million "users" who are verified (had their biometric data collected).
+The project [claims](https://techcrunch.com/2025/04/30/sam-altmans-world-unveils-a-mobile-verification-device/) to have onboarded 26 million people already, including 12 millions "users" who are verified (had their biometric data collected).
 
 These "users" are largely located in Latin America, Africa, and Asia. This is because the company started testing for its project there a few years ago, in regions where people often have fewer legal protections.
 
@@ -68,15 +68,15 @@ So much so that [Kenya suspended the company's operations](https://techcrunch.co
 
 Some people who signed up never received the promised money. Some officials were bribed to give the impression to participants these operations were official and supported by the government.
 
-As Ruswandi, one of the persons targeted by this early campaign [remarked](https://www.technologyreview.com/2022/04/06/1048981/worldcoin-cryptocurrency-biometrics-web3/): "why did Worldcoin target lower-income communities in the first place, instead of crypto enthusiasts or communities?"
+As Ruswandi, one of the person targeted by this early campaign [remarked](https://www.technologyreview.com/2022/04/06/1048981/worldcoin-cryptocurrency-biometrics-web3/): "why did Worldcoin target lower-income communities in the first place, instead of crypto enthusiasts or communities?"
 
-Exploiting people in situations of poverty in order to test a biometric identification technology isn't a great way to start a project developed by a company called "Tools for Humanity".
+Exploiting people in situation of poverty in order to test a biometric identification technology isn't a great way to start a project developed by a company called "Tools for Humanity".
 
 ## Creating the problem, selling the solution
 
-Why develop such a technology in the first place?
+Why developing such a technology in the first place?
 
-Sam Altman himself has [expressed concern](https://www.wired.com/story/sam-altman-orb-eyeball-scan-launch-us/) about the problem this alleged solution solves: the avalanche of fake accounts and pretend persons online caused by the new AI tools unleashed everywhere.
+Sam Altman himself have [expressed concern](https://www.wired.com/story/sam-altman-orb-eyeball-scan-launch-us/) about the problem this alleged solution solves: the avalanche of fake accounts and pretend persons online caused by the new AI tools unleashed everywhere.
 
 The proposed use of a "proof of personhood" claims to solve this problem by allocating a unique identifier to each human, a personal code supposedly impossible to duplicate or cheat. Of course, this has [already been proven wrong](https://gizmodo.com/worldcoin-black-market-iris-data-identity-orb-1850454037).
 
@@ -108,7 +108,7 @@ If every social media account becomes tied to a unique biometric-based identifie
 
 Further, if only one account is allowed by "verified human", then no one can create separate accounts for their work life and personal life anymore. Creating separate accounts for separate purposes is an excellent privacy-preserving practice.
 
-Even if the identifier isn't tied to a legal name directly, accounts on different platforms using the same identifier could potentially get linked together. To be fair, it does seem Tools for Humanity worked to prevent different platforms from having access to the same code, but how well will this hold the test of time? Will platforms increasingly escalate privacy-invasive requests from this point, like they often do?
+Even if the identifier isn't tied to a legal name directly, accounts on different platforms using the same identifier could potentially get liked together. To be fair, it does seem Tools for Humanity worked to prevent different platforms from having access to the same code, but how well will this hold the test of time? Will platforms increasingly escalate privacy-invasive requests from this point, like they often do?
 
 **Pseudonymity saves lives.** It is an essential tool for the safety of the most vulnerable online. Killing pseudonymity by requiring unique biometric identification could endanger millions.
 
@@ -156,13 +156,13 @@ As whistleblower [Edward Snowden rightfully pointed out](https://x.com/Snowden/s
 
 ### Questionable reassurance about local data
 
-One of the biggest reassurances relates to the claim that sensitive biometric data (Image Data) is only stored locally. But this isn't completely accurate either, and there seems to be conflicting information about it from the company's own documentation.
+One of the biggest reassurance relates to the claim that sensitive biometric data (Image Data) is only stored locally. But this isn't completely accurate either, and there seems to be conflicting information about it from the company's own documentation.
 
 The World [white paper](https://whitepaper.world.org/#enrollment-process) specifies that:
 
 "The Orb verifies that it sees a human, runs local fraud prevention checks, and takes pictures of both irises. The iris images are converted on the Orb hardware into the iris code. Raw biometric data does not leave the device (unless explicitly approved by the user for training purposes)."
 
-However, according to the [Biometric Data Consent Form](https://world.org/legal/biometric-data-consent-form) users have to sign prior to data collection, if a user needs a fully verified World ID. Inevitably this sensitive biometric data will be sent to their phone, therefore leaving the Orb.
+However, according to the [Biometric Data Consent Form](https://world.org/legal/biometric-data-consent-form) users have to sign prior to data collection, if a user needs a fully verified World ID, inevitably this sensitive biometric data will be sent to their phone, therefore leaving the Orb.
 
 After a user agrees to the form, they can keep the option for *Data Custody* disabled to have their biometric data deleted from the Orb "later", and have it uploaded to their phone (with all the risk that this entails).
 
@@ -170,7 +170,7 @@ The other option users have is to enable Data Custody (if allowed in the user's
 
 This means the Orb inevitably sends this sensitive data to a mobile device. Then, this data is only as secure as the mobile device is. Which isn't so reassuring.
 
-The documentation does maintain this biometric data is sent as an "end-to-end encrypted data bundle", but this doesn't mean the data never leaves the Orb. It just means it leaves it while encrypted (which is really just the basics), and copies it to the user's device.
+The documentation does maintain this biometric data is sent as an "end-to-end encrypted data bundle", but this doesn't mean the data never leaves the Orb, it just means it leaves it while encrypted (which is really just the basics), and copies it to the user's device.
 
 Furthermore, future users are *strongly* incentivized to share their Image Data with Tools for Humanity, for algorithm improvement purposes. Pressure to opt in is even presented as a *convenience* option, because it would be cumbersome to have to come over for another scan after every update.
 
@@ -202,13 +202,13 @@ If this happens, many regretful users might find themselves in [the same shoes a
 
 Additionally, the Face Authentication section of the white paper [describes](https://whitepaper.world.org/#face-authentication) a process where encrypted facial biometrics collected from the Orb are used for authentication in the World App.
 
-Even if this data is stored on-device, it is still biometric data getting collected by the Orb then processed by the phone app. There is no question this is sensitive and personal biometric data, and it is indeed kept outside the Orb.
+Even if this data is stored on-device, it is still biometric data getting collected by the Orb then processed by the phone app. There is no question this is sensitive and personal biometric data, and it is indeed kept outside the orb.
 
 Tools for Humanity lacks consistency in the various claims and statements found through its documentation and promotion material. It becomes difficult to know which version to trust, and if it is to be trusted at all.
 
 ### No deletion on the blockchain
 
-Tools for Humanity's Privacy Policy declares that the company will delete all account data (when laws allow it) one month after it is closed (this is good). They also state they will delete entirely any inactive account after 2 years, and this is actually a great policy.
+Tools for Humanity's Privacy Policy declares that the company will delete all account data (when laws allow it) one month after it is closed, this is good. They also state they will delete entirely any inactive account after 2 years, and this is actually a great policy.
 
 But what happens to the World ID, transactions, and other data stored on the blockchain?
 
@@ -246,7 +246,7 @@ The Orb itself is also an important potential attack surface. With Tools for Hum
 
 Despite all its privacy promotion material, the World project has failed to convince privacy commissioners around the world of their supposedly good intentions. Perhaps in this case actions speak louder than words, and privacy commissioners aren't so gullible.
 
-With the expansion the project plans this year, we can expect even more experts will examine the company's claims and challenge its "privacy-preserving" assumptions.
+With the expansion the project plans this year, we can expect even more experts will examine the company's claims and challenge its "privacy-preserving" assumptions
 
 There are many reasons to remain skeptical about these promises of privacy. Indeed, numerous countries have already suspended, fined, or called for investigation on the company's (mal)practices.
 
@@ -266,17 +266,17 @@ The World project tried again to appeal the decision, in vain.
 
 ### Kenya and Indonesia suspended its operations
 
-In 2023, Kenya, one of the first countries where Worldcoin was available, [suspended](https://techcrunch.com/2023/08/02/kenya-suspends-worldcoin-scans-over-security-privacy-and-financial-concerns/) Worldcoin's operations citing concerns over the "authenticity and legality" of its activities related to privacy, security, and financial services.
+In 2023, Kenya, one of the first country where Worldcoin was available, [suspended](https://techcrunch.com/2023/08/02/kenya-suspends-worldcoin-scans-over-security-privacy-and-financial-concerns/) Worldcoin's operations citing concerns over the "authenticity and legality" of its activities related to privacy, security, and financial services.
 
-The worse part is that months before, the Office of the Data Protection Commissioner (ODPC) of the country had ordered Tools for Humanity to stop collecting personal information from its citizens. The company simply [ignored the ODPC order](https://techcrunch.com/2023/08/15/worldcoin-in-kenya/) and continued to collect biometric data from Kenyans. It only stopped after Kenya's ministry of interior and administration gave the suspension order later on.
+The worse part is, months before the Office of the Data Protection Commissioner (ODPC) of the country had ordered Tools for Humanity to stop collecting personal information from its citizens. The company simply [ignored the ODPC order](https://techcrunch.com/2023/08/15/worldcoin-in-kenya/) and continued to collect biometric data from Kenyans. It only stopped after Kenya's ministry of interior and administration gave the suspension order later on.
 
 This again is quite far from the behavior of a company who genuinely values privacy.
 
-More recently on May 4th, 2025, Indonesia also [suspended](https://en.antaranews.com/news/353861/indonesia-suspends-worldcoin-world-id-operations-over-public-concerns) the World project's operation in the country over concerns related to user privacy and security. The Ministry of Communication and Digital will be summoning the project's local operators to clarify the operations and determine potential violation of the Indonesia's electronic system regulation.
+More recently on May 4th 2025, Indonesia also [suspended](https://en.antaranews.com/news/353861/indonesia-suspends-worldcoin-world-id-operations-over-public-concerns) the World project's operation in the country over concerns related to user privacy and security. The Ministry of Communication and Digital will be summoning the project's local operators to clarify the operations and determine potential violation of the Indonesia's electronic system regulation.
 
 ### German regulator ordered GDPR compliance following investigation
 
-In December 2024, the German regulator, the Bavarian State Office for Data Protection Supervision (BayLDA), [issued an order](https://decrypt.co/298090/german-watchdog-cracks-down-on-worldcoin-over-biometric-data) to obligate providing deletion procedures that comply with the GDPR within one month. Additionally, the BayLDA ordered the complete deletion of certain data records that were previously collected without sufficient legal basis.
+In December 2024, the German regulator, the Bavarian State Office for Data Protection Supervision (BayLDA), [issued an order](https://decrypt.co/298090/german-watchdog-cracks-down-on-worldcoin-over-biometric-data) to obligate proving deletion procedures that comply with the GDPR within one month. Additionally, the BayLDA ordered the complete deletion of certain data records that were previously collected without sufficient legal basis.
 
 Again, the World Foundation is fighting the order and will [appeal](https://cointelegraph.com/news/german-watchdog-order-worldcoin-delete-data) the decision. The company tries to argue the data collected was "anonymized", a common strategy to try evading GDPR compliance, which does not regulate anonymized data.
 
@@ -290,7 +290,7 @@ There is no doubt more countries and regions will follow with similar investigat
 
 ### In the United States, the app is restricted in some states
 
-Even in the US where the company is headquartered, the app is [restricted](https://www.wired.com/story/sam-altman-orb-eyeball-scan-launch-us/) in some states. The announcement for its event this month carried a warning that the World is “not available for distribution via World App to people, companies or organizations who are residents of, or are located or incorporated in the State of New York or other restricted territories.”
+Even in the US where the company is headquartered, the app is [restricted](https://www.wired.com/story/sam-altman-orb-eyeball-scan-launch-us/) in some states. The announcement for its event this month carried a warning the World is “not available for distribution via World App to people, companies or organizations who are residents of, or are located or incorporated in the State of New York or other restricted territories.”
 
 We can also expect the project will encounter roadblocks in states that have passed [regulations specific to the collection of biometric data](https://www.huschblackwell.com/2024-state-biometric-privacy-law-tracker). This includes states like Illinois, Texas, Washington, and Colorado.
 
@@ -316,7 +316,7 @@ The amount of money invested in the project means there will be an incredible pr
 
 The well-known dating app Tinder has already partnered with World ID to verify the age of users in Japan. If this experiment works well, and if users comply without objection, this could be soon mandatory for *all* dating apps.
 
-Let's not stop at dating apps. The World project has already announced last week they will also be working with Razer to verify humanity of online gamers. How far can this go in the age of age verification? Will every online games with mature content soon require a World ID to play?
+Let's not stop at dating apps, the World project has already announced last week they will also be working with Razer to verify humanity of online gamers. How far can this go in the age of age verification? Will every online games with mature content soon require a World ID to play?
 
 What about social media? Tools for Humanity's team have insisted the age of AI made us incapable of detecting if we are interacting with bots online. Therefore, they must valiantly come to our rescue to verify our humanity scanning our eyeballs (which bots tragically lack). What if this human verification is expanded to all our social media accounts? Certainly, regulators pushing for authoritarian age verification online would be delighted by such a product.
 
@@ -324,7 +324,7 @@ Then, it comes for our money. The everything app of course offers payment and mo
 
 Imagine a single app, owned by a single for-profit corporation, that collects and processes all the data from all your transactions online, all your communications online, that you absolutely have to continue using for your other social media accounts, your gaming life, and your dating life.
 
-There could soon be no way to escape the grasp of World's everything app. Actually, [some governments](https://www.theregister.com/2025/05/04/sam_altman_startup_world/) (Taiwan and Malaysia) have already started using it for official services, because why not.
+There could soon be no way to escape the grasp of World's everything app. Actually, [some governments](https://www.theregister.com/2025/05/04/sam_altman_startup_world/) (Taiwan and Malesia) have already started using it for official services, because why not.
 
 **The ways this could degenerate fast into full dystopia are infinite**, and very real.
 
@@ -364,7 +364,7 @@ Even if this process was perfectly secure and perfectly private (which it is def
 
 This isn't limited to Tools for Humanity, although the way the company tries to advertise itself as a privacy-first organization makes it even more important to scrutinize.
 
-But anyone else with a similar approach to biometric data collection for verifying humanity or age or legal names should be on our radar. Moreover if it's a for-profit corporation with the power to impose this technology on us everywhere in the world.
+But anyone else with a similar approach to biometric data collection for verifying humanity or age or legal names should be on our radar. Moreover, if it's a for-profit corporation with the power to impose this technology on us everywhere in the world.
 
 One company should never have such power.
 
@@ -372,7 +372,7 @@ Further, biometric data should never be used for trivial purposes like "proof of
 
 The premise itself is flawed from the start to respect privacy rights.
 
-While the problem of proving identity can still be an important one to solve in *some* context, the solution to this can never be monopolized by for-profit corporations.
+While the problem of proving identify can still be an important one to solve in *some* context, the solution to this can never be monopolized by for-profit corporations.
 
 Regardless of Tools for Humanity's intentions and efforts to convince us to trust them, any similar technology is just another step towards a global system of mass surveillance, where ultimately privacy rights and human rights are lost.
 

blog/posts/selling-surveillance-as-convenience.md

@@ -1,127 +0,0 @@
----
-date:
-    created: 2025-06-07T17:35:00Z
-categories:
-    - Opinion
-authors:
-    - em
-description: Increasingly, surveillance is being normalized and integrated in our lives. Under the guise of convenience, applications and features are sold to us as being the new better way to do things. While some might be useful, this convenience is a Trojan horse. The cost of it is the continuous degradation of our privacy rights, with all that that entails.
-schema_type: OpinionNewsArticle
-preview:
-  cover: blog/assets/images/selling-surveillance-as-convenience/surveillance-cover.webp
----
-
-# Selling Surveillance as Convenience
-
-![Stylized and colorized photo of a large wooden horse standing over a blue sky.](../assets/images/selling-surveillance-as-convenience/surveillance-cover.webp)
-<small aria-hidden="true">Illustration: Em / Privacy Guides | Photo: Zeki Okur / Unsplash</small>
-
-Increasingly, surveillance is being normalized and integrated in our lives. Under the guise of convenience, applications and features are sold to us as being the new better way to do things. While some might be useful, **this convenience is a Trojan horse**. The cost of it is the continuous degradation of our privacy rights, with all that that entails.<!-- more -->
-
-As appalling as it is, the truth is the vast majority of software companies do not consider privacy rights and data minimization practices strongly enough, if at all. Most fail to implement the principles of [Privacy by Design](https://en.wikipedia.org/wiki/Privacy_by_design) that should guide development from the start.
-
-Whether this comes from ignorance, incompetence, greed, or malicious intent can be debated. It matters little, because the result is the same: Technologies collecting (and monetizing) a shameful amount of data from everyone.
-
-This horrifying trend ends up facilitating and normalizing surveillance in our daily lives. It is the opposite direction of where we should be going.
-
-**The more we accept this normalized surveillance, the harder it becomes to fight back.** It is critical that we firmly and loudly object to this banalized invasion of our privacy.
-
-There are countless examples of this growing issue, but for now let's focus on three of them: Airport face scans, parking apps, and AI assistants.
-
-## Face scans in airports (and elsewhere)
-
-Some airports and airlines around the world have started to [install face scanning stations](https://www.huffpost.com/entry/why-you-can-and-should-opt-out-of-tsa-facial-recognition-right-now-goog_l_680a673ae4b0b1be33560c93) to screen travelers. This is supposedly a quick and *convenient* way to verify your identity when passing through airport security lines.
-
-Facial scans and facial recognition data are biometric data. Biometric data is especially sensitive because once it's collected, there is no way for you to modify it later, ever.
-
-Imagine having a password stolen a thousand times, yet there is no way for you to change it. This is the security system that biometric data collectors are building. When their database eventually leaks, and someone steals it to impersonate you, you cannot simply get a new face like you would generate a new password.
-
-Moreover, facial data is the perfect tool to track you around without your consent. Systems using facial recognition are being installed in schools, sport stadiums, and other venues around the world.
-
-Everyone should be extremely worried about sharing any biometric data with others, and should never do so simply for "convenience".
-
-Sadly, many people do not know they might have a right to refuse.
-
-**Refusing to provide biometric data everywhere we can is crucial.**
-
-If people never refuse and simply accept surveillance without objection, we will soon lose any right we had to refuse. Without changes, this is the dystopia we are running towards.
-
-If everyone said no instead of complying for convenience, these intrusive technologies would stop being imposed on us. We have a duty to **say no** when we can.
-
-## Parking apps
-
-Parking applications might feel like a boring but necessary sacrifice. With the slow disappearance of parking meters and cash money, more parking facilities now require parking apps for registration and payment.
-
-The problem is, these applications collect lots of sensitive information. Necessarily, they collect parking location, parking duration, license plate number, phone number, email, payment information, and often even your full legal name. This information can be shared across multiple applications and organizations (partners) to track a car's location even beyond the parking facility.
-
-Despite how sensitive this data is, it's very likely most applications have not invested the time and effort to protect it properly. Inevitably, [data breaches](https://www.classaction.org/blog/parkmobile-data-breach-class-action-heres-what-you-need-to-know) have already occurred.
-
-Once this data is exposed, it can be challenging or impossible to change or delete it. People in vulnerable situations can be put in grave danger when such data becomes accessible to anyone looking for it.
-
-Even without criminal breaches, security researcher Inti De Ceukelaire [revealed](https://www.dailydot.com/debug/parking-apps-track-car-privacy-gdpr/) in 2022 that some parking apps could allow anybody to track a car around. This is due to poor security practices which allowed anyone to register and track any car's license plate, whether it's their car or not.
-
-Despite repeated [warnings](https://www.cbc.ca/news/canada/hamilton/hamilton-parking-app-privacy-concerns-1.5689209) from privacy experts, parking applications remain largely under-regulated.
-
-## AI assistants and note-takers
-
-Last but not least, AI assistant and note-taking applications have spawned in every corner of our lives for the past few years. Unfortunately, these **AI applications are an absolute nightmare for data privacy**.
-
-Very few AI systems of this type provide data without also *taking in* data.
-
-Most fresh AI startups simply utilize a subscription to OpenAI under the hood. This means it is likely any data you input into an AI assistant or note-taker will be shared back with OpenAI in the end. This includes any personal information you type and any photos you upload.
-
-Some applications offer options to opt out of input sharing, but given the track record of tech companies asking for forgiveness rather than permission, can this really be trusted?
-
-Additionally, regardless of the stated purpose for this data collection, nothing stops these companies from using it for another purpose down the road, or selling it to someone else.
-
-AI note-taking applications that seem to be all the rage in remote meetings these days are no exception.
-
-To provide a transcript then a summary, these applications [will record](https://www.zscaler.com/cxorevolutionaries/insights/privacy-security-concerns-ai-meeting-tools) the whole meeting, often including both audio and video. This data will be stored by the AI note-taking company, and maybe also shared with at least OpenAI, potentially with other third-parties as well.
-
-This is **incredibly intrusive**, not to say straight out *creepy*.
-
-Besides, it can even be *illegal*. If you use this kind of application with someone living in a region with a [two-party consent law](https://acclaws.com/can-you-record-a-conversation-legally/), recording without prior consent of all participants is criminal.
-
-Even without this, any personal information collected by an AI system is still **subject to the privacy regulation protecting its data subject**. Nobody should take lightly the legal and moral obligations they have when using or developing such invasive technology.
-
-Even if you don't care about sending *your own* personal data to these companies, **you are still responsible** for [the data of others](the-privacy-of-others.md) you input in these systems.
-
-For organizations, using AI doesn't remove any legal obligations to **[comply with privacy laws](https://iapp.org/news/a/how-privacy-and-data-protection-laws-apply-to-ai-guidance-from-global-dpas)**. You are still responsible for any personal data collected by your usage of AI systems, even when delegating the task to OpenAI or any other subcontractor.
-
-## How to opt out?
-
-There are multiple ways to opt out of surveillance disguised as convenience. The first thing of course is to avoid using any such technology whenever possible.
-
-Before taking a plane, spend some time researching if your citizenship and the region you are visiting grant you opt-out rights. If it does, print this documentation and be ready to politely ask for a traditional identify verification instead of a face scan.
-
-If you own a car, try to find a parking application that has been more thoughtful regarding security and privacy. Report any parking apps which infringe on your local privacy laws to your local Data Protection Authority or equivalent. If you go somewhere that could put you in danger if tracked — for example, because you are victim of domestic violence or stalking — consider renting a car with a different license plate, sharing a ride with a trusted friend, or parking at another location you can safely walk from.
-
-**Do NOT use any AI note-taker!** This technology might seem *convenient* at first, but it is completely unnecessary (and also unreliable). If you use this technology carelessly without providing proper privacy notice, you could run into serious legal risks. Additionally, you risk eroding the trust of everyone communicating with you when the *inevitable* data breach occurs.
-
-If someone invites you to a meeting using an AI note-taker, do not hesitate to refuse being recorded, and share your discomfort about this technology.
-
-If you must use an AI assistant, try to find one that can run *offline,* and does not upload your inputs back to the company's server. When this isn't possible, make sure at least to never share any personal information with these systems. Be especially vigilant not to share any data related to other people, and especially children. This could lead to severe legal consequences for you down the road.
-
-## Why it is crucial to oppose everywhere we can
-
-If we all do everything we can to opt out every time we can, it will become harder and harder to implement mass surveillance systems in our society.
-
-The response provided when privacy experts raise the alarm is often to minimize concerns saying "it's only optional, and people can opt out".
-
-But for **how long will we keep the right to opt out** if we never exercise this right? How many dark patterns and intimidation techniques are used to pressure people into saying yes, or to make sure they never know about their right to opt out?
-
-Furthermore, write to your representatives about your concerns related to privacy rights and the rise of surveillance systems in our society. Discuss this with your family and your friends. Post about it on social media. Share your experience of surveillance with the press.
-
-The more we are talking about this problem, the stronger the opposition becomes, and the more chances we have to **keep our privacy rights alive**.
-
-If we do not stand firm to defend our rights, even when it's inconvenient to do, we might soon lose them.
-
-## Additional resources
-
-- [Facial scan at airport (United States): Protect Your Face Data](https://www.ajl.org/campaigns/fly)
-
-- [Information on parking apps vulnerabilities: Not My Plate](https://notmyplate.com/)
-
-- [Information on AI note-takers](https://www.fisherphillips.com/en/news-insights/ai-notetaking-tools-should-you-use-them.html)
-
-- [How to remove/disable Microsoft's Windows Recall](https://www.microsoftrecall.com/)

blog/posts/signal-configuration-and-hardening.md

@@ -1,7 +1,7 @@
 ---
 date:
     created: 2022-07-07T19:00:00Z
-    updated: 2025-05-24T14:00:00Z
+    updated: 2025-04-15T04:00:00Z
 authors:
     - contributors
     - matchboxbananasynergy
@@ -18,7 +18,7 @@ schema_type: AnalysisNewsArticle
 ---
 # Signal Configuration and Hardening Guide
 
-[Signal](https://www.privacyguides.org/en/real-time-communication#signal) is a widely regarded instant messaging service that is not only easy to use but is also private and secure. Signal's strong end-to-end encryption implementation and metadata protections provide a level of assurance that only you and your intended recipients are able to read communications.<!-- more -->
+[Signal](https://www.privacyguides.org/en/real-time-communication#signal) is a widely regarded instant messaging service that is not only easy to use but is also private and secure. Signal's strong E2EE implementation and metadata protections provide a level of assurance that only you and your intended recipients are able to read communications.<!-- more -->
 
 This guide details actions you can take to configure and harden Signal in accordance with your [threat model](https://www.privacyguides.org/en/basics/threat-modeling/).
 
@@ -26,7 +26,7 @@ This guide details actions you can take to configure and harden Signal in accord
 
 ### Signal PIN
 
-When you register for Signal with your phone number, you will be asked to set up a Signal PIN. This PIN can be used to recover your profile, settings, contacts, and blocked users in case you ever lose or switch devices.
+When you register for Signal with your phone number, you will be asked to set up a Signal PIN. This PIN can be used to recover your profile, settings, contacts and who you've blocked in case you ever lose or switch devices.
 
 Additionally, your Signal PIN can also double as a registration lock that prevents others from registering with your number.
 
@@ -34,18 +34,18 @@ Additionally, your Signal PIN can also double as a registration lock that preven
 
     The server will not enforce the registration lock after 7 days of inactivity. After that, someone will be able to reset the PIN at registration and register with your phone number. This will wipe the data stored in your Signal account, as it is encrypted by the PIN, but it won't prevent someone from registering with your number provided that they can receive a text on it.
 
-**Important update**: Since this blog post was published, there have been changes to the registration flow for Signal. You should read about this [here](signal-number-registration-update.md).
+**Important update**: since this blog post was published, there have been changes to the registration flow for Signal. You should read about this [here](signal-number-registration-update.md).
 
 If you haven't set up a Signal PIN, or have previously opted out of setting one up, follow these steps on Android/iOS:
 
-- Select :material-dots-vertical: → **Settings** → **Account** → **Signal PIN**
+- Select :material-dots-vertical: > **Settings** > **Account** > **Signal PIN**
 - Select **Create new PIN**
 
-Signal will prompt you to enter a PIN. We suggest using a strong, alphanumeric PIN that can be stored in a [password manager](https://www.privacyguides.org/en/passwords/).
+Signal will prompt you to enter a PIN. We suggest using a strong alphanumeric PIN that can be stored in a [password manager](https://www.privacyguides.org/en/passwords/).
 
 Once you have done that, or if you already have set up a PIN, make sure that **Registration Lock** is also enabled.
 
-- Select :material-dots-vertical: → **Settings** → **Account** → **Signal PIN**
+- Select :material-dots-vertical: > **Settings** > **Account** > **Signal PIN**
 - [x] Turn on **Registration Lock**
 
 !!! Important
@@ -65,12 +65,12 @@ It is best practice to always compare safety numbers with your contacts. This ca
 
 !!! Important
 
-    In order for safety numbers to also verify that the intended recipient has access to the device you're verifying, you need a secondary communication channel where you can authenticate the person that is holding the device. For example, an in-person meeting or a video call.
+    In order for safety numbers to also verify that the intended recipient has access to the device you're verifying, you need a secondary communication channel where you can authenticate the person that is holding the device. For example, an in-person meeting or during a video call.
 
 To view the safety number for a particular contact, you need to follow these steps within Signal:
 
 - Go to a chat with a contact.
-- Select the chat header or :material-dots-vertical: → **View Safety Number**
+- Select the chat header or :material-dots-vertical: > **View Safety Number**
 
 Once you've compared the safety numbers on both devices, you can mark that contact as **Verified**.
 
@@ -78,7 +78,7 @@ A checkmark will appear in the chat header by your contact's name when the safet
 
 After doing that, any time the safety number changes, you'll be notified.
 
-If the safety number with one of your contacts changes, we recommend asking the contact what happened (if they switched to a new device or re-installed Signal, for example) and verifying the safety numbers again.
+If the safety number with one of your contacts changes, we recommend asking the contact what happened (if they switched to a new device or re-installed Signal, for example) and verify the safety numbers again.
 
 For more demanding threat models, you should agree on a protocol with your contacts in advance on what to do in case the safety number ever changes.
 
@@ -92,7 +92,7 @@ It is good practice to set up disappearing messages in Signal's settings so that
 
 On Android/iOS:
 
-- Select :material-dots-vertical: → **Settings** → **Privacy**
+- Select :material-dots-vertical: > **Settings** > **Privacy**
 - Under **Disappearing messages**, select **Default timer for new chats**
 - Select the desired amount of time and select **Save**
 
@@ -119,20 +119,22 @@ Your recipient doesn't make any requests unless they open the link on their end.
 
 On Android/iOS:
 
-- Select :material-dots-vertical: → **Settings** → **Chats**
+- Select :material-dots-vertical: > **Settings** > **Chats**
 - [ ] Turn off **Generate link previews**
 
 ### Screen Security
 
-Signal allows you to prevent a preview of the app being shown (i.e., in the app switcher) unless you explicitly open it. This option can be found in :material-dots-vertical: → **Settings** → **Privacy**.
+Signal allows you to prevent a preview of the app being shown (i.e., in the app switcher) unless you explicitly open it.
 
-=== "Android"
+On Android:
 
-    - [x] Turn on **Screen Security**
+- Select :material-dots-vertical: > **Settings** > **Privacy**
+- [x] Turn on **Screen Security**
 
-=== "iOS"
+On iOS:
 
-    - [x] Turn on **Hide Screen in App Switcher**
+- Select :material-dots-vertical: > **Settings** > **Privacy**
+- [x] Turn on **Hide Screen in App Switcher**
 
 ### Screen Lock
 
@@ -142,22 +144,26 @@ To mitigate this, you can leverage the Screen Lock option to require additional
 
 On Android/iOS:
 
-- Select :material-dots-vertical: → **Settings** → **Privacy**
+- Select :material-dots-vertical: > **Settings** > **Privacy**
 - [x] Turn on **Screen Lock**
 
 ### Notification Privacy
 
 Even when your phone is locked, anyone who can lay eyes on the device can read messages and sender names from your lock screen.
 
-On Signal, you have the ability to hide message content and sender name, or just the message content itself. This option can be found in :material-dots-vertical: → **Settings** → **Notifications** → **Show**.
+On Signal, you have the ability to hide message content and sender name, or just the message content itself.
 
-=== "Android"
+On Android:
 
-    - Select **No name or message** or **Name only**, respectively.
+- Select :material-dots-vertical: > **Settings** > **Notifications**
+- Select **Show**
+- Select **No name or message** or **Name only** respectively.
 
-=== "iOS"
+On iOS:
 
-    - Select **No name or Content** or **Name Only**, respectively.
+- Select :material-dots-vertical: > **Settings** > **Notifications**
+- Select **Show**
+- Select **No name or Content** or **Name Only** respectively.
 
 ### Call Relaying
 
@@ -165,7 +171,7 @@ Signal allows you to relay all calls (including video calls) through the Signal
 
 On Android/iOS:
 
-- Select :material-dots-vertical: → **Settings** → **Privacy** → **Advanced**
+- Select :material-dots-vertical: > **Settings** > **Privacy** > **Advanced**
 - [x] Turn on **Always Relay Calls**
 
 For incoming calls from people who are not in your Contacts app, the call will be relayed through the Signal server regardless of how you've set it up.
@@ -187,13 +193,13 @@ Additionally, Signal allows you to set up a proxy to bypass censorship.
 
 You can learn more about Signal's proxy support on their [website](https://support.signal.org/hc/en-us/articles/360056052052-Proxy-Support).
 
-### Disable Signal Call History (iOS only)
+### Disable Signal Call History (iOS)
 
 Signal allows you to see your call history from your regular phone app. This allows your iOS device to sync your call history with iCloud, including whom you spoke to, when, and for how long.
 
 If you use iCloud and you don’t want to share call history on Signal, confirm it’s turned off:
 
-- Select :material-dots-vertical: → **Settings** → **Privacy**
+- Select :material-dots-vertical: > **Settings** > **Privacy**
 - [ ] Turn off **Show Calls in Recents**
 
 ## Signal Hardening
@@ -202,13 +208,13 @@ If you use iCloud and you don’t want to share call history on Signal, confirm
 
 While it may be tempting to link your Signal account to your desktop device for convenience, keep in mind that this extends your trust to an additional and potentially less secure operating system.
 
-Avoid linking your Signal account to a desktop device to reduce your attack surface if your threat model calls for protecting against [:material-bug-outline: Passive Attacks](https://www.privacyguides.org/en/basics/common-threats/#security-and-privacy){ .pg-orange }.
+Avoid linking your Signal account to a desktop device to reduce your attack surface, if your threat model calls for protecting against [:material-bug-outline: Passive Attacks](https://www.privacyguides.org/en/basics/common-threats/#security-and-privacy){ .pg-orange }.
 
 ### Molly (Android)
 
-If you use [Molly](https://www.privacyguides.org/en/real-time-communication/#molly-android) on Android to access the Signal network, below is an overview of the many privacy- and security-enhancing features that you may want to explore. You can find a full list of Molly's [features](https://github.com/mollyim/mollyim-android#features) on the project's repository.
+If you use [Molly](https://www.privacyguides.org/en/real-time-communication/#molly-android) on Android to access the Signal network, there are many privacy and security-enhancing features that you may want to explore.
 
-#### Data Encryption at Rest
+#### Privacy and Security Features
 
 Molly has implemented database encryption at rest, which means that you can encrypt the app's database with a passphrase to ensure that none of its data is accessible without it.
 
@@ -225,16 +231,14 @@ For the database encryption feature to be useful, two conditions must be met:
 
 If both of the above conditions are met, the data within Molly is safe as long as the passphrase is not accessible to the attacker.
 
-#### RAM Wiper
-
 To supplement the database encryption feature, Molly securely wipes your device's RAM once the database is locked to defend against forensic analysis.
 
 While Molly is running, your data is kept in RAM. When any app closes, its data remains in RAM until another app takes the same physical memory pages. That can take seconds or days, depending on many factors. To prevent anyone from dumping the RAM to disk and extracting your data after Molly is locked, the app overrides all free RAM memory with random data when you lock the database.
 
-#### Calls and Contacts
-
-There is also the ability to configure a SOCKS proxy in Molly to route its traffic through the proxy or [Tor via Orbot](https://www.privacyguides.org/en/alternative-networks/#orbot). When enabled, all traffic is routed through the proxy and there are no known IP or DNS leaks. When using this feature, [call relaying](#call-relaying) will always be enabled, regardless of the setting.
+There is also the ability to configure a SOCKS proxy in Molly to route its traffic through the proxy or [Tor via Orbot](https://www.privacyguides.org/en/tor#orbot). When enabled, all traffic is routed through the proxy and there are no known IP or DNS leaks. When using this feature, [call relaying](#call-relaying) will always be enabled, regardless of the setting.
 
 Signal adds everyone who you have communicated with to its database. Molly allows you to delete those contacts and stop sharing your profile with them.
 
-To supplement the feature above, as well as for additional security and to fight spam, Molly offers the ability to block unknown contacts whom you've never been in contact with or those who are not in your contact list without you having to manually block them.
+To supplement the feature above, as well as for additional security and to fight spam, Molly offers the ability to block unknown contacts that you've never been in contact with or those that are not in your contact list without you having to manually block them.
+
+You can find a full list of Molly's [features](https://github.com/mollyim/mollyim-android#features) on the project's repository.

blog/posts/stay-safe-but-stay-connected.md

@@ -1,357 +0,0 @@
----
-date:
-    created: 2025-06-10T17:00:00Z
-categories:
-    - News
-tags:
-    - Pride Month
-authors:
-    - em
-description: Balancing data protection and online connection can be difficult. Nevertheless, it's an essential skill to be able to stay safe online while staying connected.
-schema_type: AnalysisNewsArticle
-preview:
-  cover: blog/assets/images/stay-safe-but-stay-connected/stay-connected-cover.webp
----
-
-# Stay Safe, but Stay Connected
-
-![Photo of a rainbow heart with each color made of a neon light.](../assets/images/stay-safe-but-stay-connected/stay-connected-cover.webp)
-
-<small aria-hidden="true">Photo: Jiroe Matia Rengel / Unsplash</small>
-
-In data privacy, we often talk about the dangers of data collection and exposed data. It can get overwhelming to learn more about all the information that is collected on us, especially at the beginning. As a coping mechanism, some people react by downplaying concerns, disregarding dangers, and ignoring precautions altogether. Others react the opposite way: by isolating themselves, and no longer sharing anything with anyone. But neither is a viable solution.<!-- more -->
-
-Staying isolated to avoid *all* data exposure risks other dangers. Dangers that might not seem related to data privacy directly, but are nevertheless worth mentioning here: Suicide and depression are very real dangers that we cannot ignore.
-
-Keeping our data safe shouldn't mean staying alone, and isolation is [especially dangerous for LGBTQ+ people](https://www.thetrevorproject.org/resources/article/facts-about-lgbtq-youth-suicide/).
-
-The better approach is to adopt a **segmental perspective on data privacy**.
-
-While not ignoring nor minimizing the risks, it's important to develop an awareness of which exposed data represents the biggest danger to us, which we have no control over, and which we can actually protect better.
-
-This is the balanced way out of this Orwellian nightmare.
-
-There are ways to stay together, to support each other, and to stay connected while also protecting our data and becoming an informed advocate for privacy rights.
-
-## How to stay connected while staying safe
-
-Numerous practices and tools can help to participate in online communities while also protecting one's data. There might be some sacrifices necessary of course, and each sacrifice should be weighted carefully for its benefit.
-
-It's important to remember that the best approach to data privacy isn't an [all-or-nothing mindset](privacy-is-not-dead.md). This only leads to either giving up entirely, or getting disconnected from our communities.
-
-The better mindset is to try to *improve* one's data privacy gradually, to *reduce* digital footprints where possible, and to continue to *advocate* for better legal and technical protections for the things we have no direct control over.
-
-Here are some steps you can take to stay connected, while improving your digital safety:
-
-## Practices and tools that help in various contexts
-
-There are a number of practices that can be applied in various contexts, and will help reduce or separate your digital traces. These practices are all good to keep in mind with any platforms, accounts, and information you share.
-
-If this is new to you, implementing *one* improvement at the time is a great way to avoid getting overwhelmed. Every small improvement will help, and add together over time.
-
-You do not have to do all of this, only pick what works well for you and what you can realistically implement in your life. Remember that this will not make you fully anonymous online, but *reducing* your digital footprints still gives a lot of benefits.
-
-### Pseudonymity
-
-Pseudonymity is the practice of using a fictitious name (a pseudonym) when creating accounts to detach, even slightly, one's online presentation from their full legal identity.
-
-There are different levels to this. It could mean sharing a first name but not a last name, using the name of a fictional character, or using an entirely made up name.
-
-Using a pseudonym and a profile picture that isn't a self-portrait can help significantly to reduce digital footprints and improve online safety. It can also help to detach different accounts from each other, for example by using a certain name for a work account and a pseudonym for a personal alt account.
-
-Remember that that this will not make you anonymous online, however. It will only help hide or separate your legal identity from your public-facing profile.
-
-If you want to use more serious pseudonymity online, you will also need to consider using different email addresses to sign up, different phone numbers if required, different photos of course, but also different IP addresses, and so on and so forth.
-
-### Virtual Private Network (VPN)
-
-Using a [trustworthy VPN](https://www.privacyguides.org/en/vpn/) can also help to reduce the data identifying you online, and improve your pseudonymity.
-
-Regardless of the name you choose for a profile, services (and sometimes other users even) can see your IP address. Your IP address can reveal your location more or less accurately, and can be used to identify the owner of the internet service account you use.
-
-If you do not protect this information, services and authorities have the capacity to link all your accounts and online activities together, regardless of the name and profile picture you use.
-
-You can mitigate this by using a *trustworthy* VPN (yes, trust is crucial here) that will act as a proxy for your IP address (and allow you to use different IP addresses for different accounts).
-
-Your VPN provider however will still know what your real IP address is, this is why trusting your VPN provider is so important. To protect from this, you could use another method, such as the [Tor Network](in-praise-of-tor.md).
-
-<div class="admonition info" markdown>
-<p class="admonition-title">VPN blocks and security checks</p>
-
-Keep in mind that connecting to an account or website while using a VPN could trigger additional security checks, or even trigger blocks for certain websites and services.
-
-Sometimes, it's simply a CAPTCHA to solve, but it could also be an alert or additional check for a social media account you usually connect to without a VPN.
-
-In some situations, this can be resolved by selecting a different VPN server, choosing a server in the same region you are, or you might need to disable your VPN entirely to access some services.
-
-</div>
-
-### Browser fingerprinting
-
-Limiting browser fingerprinting is important to reduce the data capable of identifying who you are from your browsing activity.
-
-Even when using a pseudonym, fictitious profile picture, and trustworthy VPN, your activity could still be linked back to you simply based on how unique your system and browser configurations are.
-
-Some [browsers](https://www.privacyguides.org/en/desktop-browsers/) offer increased protections against this type of tracking, such as Mullvad Browser and Tor Browser.
-
-### File metadata
-
-To protect your privacy online, it's important to remember to [delete metadata](https://www.privacyguides.org/en/data-redaction/) from the photos and files you share online. Even if you take care to not include identifying information in the photos, videos, and documents you share, you can still sometimes be easily re-identified from hidden file metadata alone.
-
-Photos, PDF, images, and files of all sorts usually contain hidden metadata about your device, location, and more. Removing metadata before sharing photos or files is an important consideration to improve your privacy and safety online, especially when sharing files and photos publicly.
-
-### Mobile applications
-
-Limiting the mobile apps you keep on your devices is important, not only to improve privacy but also for device security.
-
-Many mobile app developers use tracking technologies to collect information on users, sometimes well beyond their own app's usage. Additionally, each installed application increases the risk of potential vulnerabilities that could lower your system security.
-
-Whenever possible, choose to use a secure browser instead of the application to access a service (unless this is an application you trust more than your browser application). If you use an Apple device, check the App Privacy section in the App Store to know what data each of your installed apps collects.
-
-Delete all the apps you no longer need, as soon as you do not need them anymore.
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Deleting the app does not delete the account</p>
-
-Remember that just deleting an app from your device will not necessarily delete your account and data. Depending on the service, even after deleting the app, your account might still be accessible through a web browser.
-
-If you no longer need an account, it's important to first delete the data within it, then delete the account through the internal process, and, once this is completed, delete the application.
-
-Otherwise, your abandoned account could still sit there and risk getting taken over by someone else, or expose your data in other ways.
-
-</div>
-
-### Photo sharing
-
-When sharing photos online, especially on social media, it's essential for both privacy and safety to develop an awareness of what the information within this photo can reveal about you.
-
-Even from a well-protected pseudonymous account, posting a photo from your home that reveals outside details could identify your location and identity. Sometimes, even details *inside* your home could pinpoint your location. Be particularly careful about reflections in glasses, mirrors, windows, and other reflective surfaces.
-
-And of course, never share photos of others online without *their* prior consent.
-
-## What to improve in each context
-
-### Social media: Improving, deleting, replacing
-
-While social media now occupies an immense role in our lives, it's unfortunately very difficult to protect one's privacy while using any corporate social media platforms.
-
-Large commercial platforms like Facebook, Instagram, Threads, YouTube, TikTok, and X (Twitter) are fundamentally advertising businesses, and their only goal is to make more money. They achieve this goal by collecting data points on users that they sell as a feature to advertisers.
-
-#### How to improve what you can
-
-If you decide staying on a corporate platform is important to you, then it is crucial to harden all the settings available to improve privacy as much as allowed. Keep in mind however that this isn't a guarantee, and some platforms have already been caught [again](https://www.aa.com.tr/en/economy/facebook-to-pay-5bn-fine-for-violating-users-privacy/1540472) and [again](https://bgr.com/tech/facebook-whatsapp-privacy-fine/) not respecting their users' preferences.
-
-Furthermore, to implement the protections discussed above, some commercial platforms are worse than others. For example, Facebook doesn't allow the use of pseudonyms anymore.
-
-Moderation is also a safety issue to consider. If you want to choose and compare corporate platforms, the non-profit GLAAD has developed a yearly [Social Media Safety Index & Platform Scorecard](https://glaad.org/smsi/social-media-safety-index-2025/) to evaluate six major social platforms for safety for the LGBTQ+ community.
-
-<div class="admonition danger" markdown>
-<p class="admonition-title">AI training on social media platforms</p>
-
-In addition to the privacy settings you should pay attention to, make sure to **turn off or opt out of any AI feature** you can on social media.
-
-Unfortunately, many platforms have started to use and sell users content to train AI algorithms. This is very concerning for data privacy, and could make a lot of information about you impossible to delete from these systems afterward.
-
-Again, remember however that there is no guarantee platforms will respect your preferences on this, and deleting and leaving corporate platforms might be the safest option.
-
-</div>
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Disclaimer for external resources</p>
-
-Privacy Guides does not necessarily endorse these linked websites. Links are provided as suggestions of external guides to follow for this specific purpose. We do not necessarily approve the other recommendations or guides presented on these external resources.
-
-</div>
-
-- [Improving privacy settings on X (formerly Twitter)](https://beconnected.esafety.gov.au/topic-library/social-media-apps/introduction-to-twitter/controlling-your-x-privacy-settings)
-- [Improving privacy settings on Facebook](https://www.consumerreports.org/electronics-computers/privacy/facebook-privacy-settings-a1775535782/)
-- [Improving privacy settings on Instagram](https://www.consumerreports.org/electronics-computers/privacy/instagram-privacy-settings-a3036233134/)
-- [Improving privacy settings on Threads](https://www.myprivacy.blog/threads-privacy-setup-a-2025-technical-guide-for-users-under-25/)
-- [Improving privacy settings on YouTube](https://www.groovypost.com/howto/manage-your-youtube-privacy-settings/)
-- [Improving privacy settings on TikTok](https://www.maketecheasier.com/tiktok-privacy-settings/)
-- [Improving privacy settings on Reddit](https://www.myprivacy.blog/reddit-privacy-guide-securing-your-presence-in-2025/)
-- [Improving privacy settings on LinkedIn](https://www.presencesecure.com/linkedin-privacy-settings-guide/)
-
-Additionally, with [the proliferation of age verification](age-verification-wants-your-face.md) regulations, more commercial platforms might soon not only require a legal name, but also require providing an official ID in order to continue using the platform, severely damaging online privacy for everyone.
-
-In light of this, it might be a better idea to leave these intrusive and data exploitative platforms altogether, while deletion is still an option.
-
-#### How to delete corporate social media accounts
-
-[Deleting the accounts](https://www.privacyguides.org/en/basics/account-deletion/) you no longer use is an essential habit to adopt in order to improve both privacy and security online.
-
-Unused accounts leave a data trail that can get exploited by platforms unchecked, for example with the recent addition of terms of service to allow [using all content for AI-training purposes](https://www.pcworld.com/article/2343263/facebook-wants-to-use-your-posts-for-ai-training-how-to-object.html). Moreover, keeping abandoned accounts increases significantly the risk of account takeover and data leak.
-
-A healthy privacy habit is to request account and data deletion as soon as an account is no longer needed, rather than leaving the account abandoned.
-
-<div class="admonition danger" markdown>
-<p class="admonition-title">Remember before deleting!</p>
-
-Before deleting any account, always make sure to:
-
-1. Deactivate any sign-in option you might have used this account with. For example, if you use the sign in with Google or Facebook option with other accounts, make sure to log in these accounts and select another way to connect that doesn't rely on the account you are about to delete.
-
-2. If you need to keep a copy of your own data, make sure to download and verify it before you delete the account.
-
-3. In some situations, it can help to delete information within the account first. Go through your profile and delete or modify what you can manually.
-
-4. If you want to stay in contact, inform the people you usually contact through this account of an alternative way to contact you.
-
-</div>
-
-- [Deleting X (formerly Twitter) posts](https://cyd.social/download/)
-- [Deleting X (formerly Twitter) account](https://lifehacker.com/how-to-delete-your-x-account)
-- [Deleting Facebook](https://lifehacker.com/tech/how-to-delete-your-facebook-account)
-- [Deleting Instagram](https://lifehacker.com/tech/how-to-deactivate-or-delete-your-instagram)
-- [Deleting Threads](https://www.pcmag.com/how-to/how-to-delete-threads-without-getting-rid-of-your-instagram-account)
-- [Deleting YouTube (Google)](https://www.tech2geek.net/how-to-delete-your-youtube-account-2025-step-by-step-guide/)
-- [Deleting TikTok](https://www.techlifeunity.com/delete-tik-tok-account)
-- [Deleting Reddit](https://lifehacker.com/tech/how-to-delete-your-reddit-account)
-- [Deleting LinkedIn](https://www.maketecheasier.com/how-to-delete-linkedin-account/)
-
-#### Which better platforms to use to stay connected
-
-While any data publicly accessible online can technically be collected by anyone, using alternative platforms that aren't advertising businesses can still greatly improve your data privacy online.
-
-For example, platforms that are part of the Fediverse social network are predominantly non-profit, open-source software using a collection of connected servers generally run by volunteers.
-
-The incentive isn't to monetize users data at all, the goal is simply to support the community. This is a *crucial* difference.
-
-When moving to non-corporate platforms, you should also adopt all the good privacy practices listed above. The good news is you will not encounter resistance to do so there. These platforms will not endlessly exploit your data internally, like big tech social media does.
-
-Fediverse-connected platforms tend to value users privacy and security much more. Because **their goal isn't to make profit from your data**.
-
-You will still need to go through the settings to adjust and harden your privacy preferences, but you'll see already that almost no personal data is required to sign up, and there will be no advertising profile tracking you around (and no ads!).
-
-- [Replacing X and Threads with :material-arrow-right-bold: Mastodon](https://joinmastodon.org/)
-- [Replacing Facebook with :material-arrow-right-bold: Friendica](https://friendi.ca/)
-- [Replacing Instagram with :material-arrow-right-bold: Pixelfed](https://pixelfed.org/)
-- [Replacing YouTube with :material-arrow-right-bold: PeerTube](https://joinpeertube.org/)
-- [Replacing TikTok with :material-arrow-right-bold: Loops](https://joinloops.org/)
-- [Replacing Reddit with :material-arrow-right-bold: Lemmy](https://join-lemmy.org/)
-- [Replacing Meetup or Facebook Groups with :material-arrow-right-bold: Mobilizon](https://mobilizon.org/)
-
-### Private messaging: One-on-one and group chats
-
-Many of the dangers described for social media also exist for messaging services.
-
-When it comes to private messaging, you cannot trust any software that does not protect your communication with solid *end-to-end encryption*.
-
-End-to-end encryption is a protection that will prevent third parties (including the platform itself) from having access to your messages. When well implemented, only the intended sender(s) and recipient(s) will have access to the messages your send using end-to-end encryption.
-
-Popular messaging services and platforms such as [regular SMS](https://www.privacyguides.org/videos/2025/01/24/its-time-to-stop-using-sms-heres-why/), Discord, Slack, and most social media direct messages unfortunately do not offer this protection, and are horrible for data privacy.
-
-Even messaging apps like WhatsApp, Facebook Messenger, Snapchat, and Telegram, that *can* be used with *some* end-to-end encryption, have other important data privacy problems that make them difficult to trust.
-
-#### Signal
-
-One of the best free end-to-end encrypted messenger you can use at this time for one-on-one and group conversations is [Signal](https://signal.org/).
-
-While Signal requires a phone number to sign up, it will not collect any other data from you. Once installed, [activating the usernames feature](https://support.signal.org/hc/en-us/articles/6712070553754-Phone-Number-Privacy-and-Usernames) and adjusting phone number privacy is important to prevent sharing your phone number with others. That way, you will be able to simply share your *username* to start communicating with anyone.
-
-Moreover, the [disappearing messages feature](https://support.signal.org/hc/en-us/articles/360007320771-Set-and-manage-disappearing-messages) will greatly help to reduce your data trail. Remember however that this will not prevent a malicious recipient from downloading or taking screenshots of the sensitive information you share with them. This is true for any service with disappearing messages. Only send sensitive information and photos to people you trust, even when using disappearing messages on encrypted platforms.
-
-#### Other end-to-end encrypted messengers
-
-While Signal might be the most popular and easier to use, there are many other instant messaging apps that offer solid end-to-end encryption features.
-
-Some will not even require a phone number to sign up. However, because they are less popular, it might be more difficult to find other users willing to use them with you to communicate.
-
-They also offer different features and experiences, that you might prefer, or not. If you prefer to use a different application, you can have a look at our other [recommended instant messaging](https://www.privacyguides.org/en/real-time-communication/) applications.
-
-#### Matrix with Element
-
-[Matrix](https://matrix.org/) is an open network for decentralized communication. This network uses a collection of connected servers, and can be accessed using different [client applications](https://matrix.org/ecosystem/clients/). Matrix clients will offer different experiences and features, and be available on different systems.
-
-Using Matrix with the open-source client [Element](https://element.io/) is a good alternative to Slack and Discord's chat rooms. The Matrix protocol allows chat rooms to use end-to-end encryption.
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Not all rooms are end-to-end encrypted</p>
-
-Remember that not every room uses end-to-end encryption on Matrix. You can verify this in Element, from the detailed room information panel, by the "Encrypted" or "Not encrypted" badge under a room's name.
-
-</div>
-
-Again, because this open-source protocol is developed by a non-profit organization, the goal isn't to collect data on users. There is no incentive to monetize users' data, and because of this, choosing these better alternatives will greatly improve your data privacy compared to using commercial platforms.
-
-#### End-to-end encrypted emails
-
-For email communication, moving away from large providers such as Google and Microsoft can improve your communication's privacy immensely.
-
-Large providers of free email services tend to collect a lot of data on their users, sometimes including the content of their communications. Moving to a service that uses end-to-end encryption and better practices around metadata offers significant benefits.
-
-Proton Mail and Tuta are two services implementing end-to-end encryption to protect the content of users' messages. For more details and options, you can look at our recommended [email services providers](https://www.privacyguides.org/en/email/) page.
-
-Of course, when using any of these services, you will still have to take into account to whom you are sending the email. For end-to-end encryption to properly protect data both in transit and at rest, the sender needs to use a service *compatible* with the recipient.
-
-There are methods and third-party applications that can be used to encrypt and decrypt a message from a provider that does not offer end-to-end encryption, but this adds additional steps casual users might not feel comfortable getting into.
-
-That being said, if you use a Proton Mail address to email another Proton Mail user, by default all communication's content will be fully encrypted, and only accessible to you and the intended recipient. Similarly, if you use Tuta to email another Tuta user, communication will be fully end-to-end encrypted.
-
-Communications between different providers will likely require additional steps, however, or will not benefit from end-to-end encryption on the server where the message is sent. For example, when sending an email from a Proton Mail to a Gmail account, if no additional protections are used, the content of this message will still be accessible to Google on the recipient's side.
-
-All of this to say, be mindful when using email communication to exchange sensitive data, and make sure to verify inter-service compatibility to stay fully protected.
-
-Even considering this, using a Tuta or Proton Mail account to communicate even with people using unencrypted services still has the benefit that your communication will at least be stored fully encrypted on *your* side.
-
-### Online dating: Balancing authenticity and caution
-
-Unfortunately, it is still extremely difficult to protect sensitive data while using dating apps. Very few dating apps are careful about protecting user's data properly, and many breaches have already happened to confirm this.
-
-Moreover, using a dating app cannot be done completely anonymously. Inevitably, at least some photos or some personal information need to be shared. Pseudonymity on dating app can come at the cost of authenticity, which is very important when dating.
-
-While not sharing someone's last name and address is certainly a recommended and cautious measure, not sharing any photos or any personal information isn't really an option in this context.
-
-What can be done to improve privacy while not impacting authenticity and truthfulness when dating?
-
-Sharing only a first name is a good start. Remaining mindful of selecting photos that do not reveal someone's exact home location is also a good safety measure.
-
-Additionally, once a partner is trusted enough, moving to a more secure and more private end-to-end encrypted channel before sharing more intimate information or pictures can be a good idea.
-
-Some dating apps might soon require official IDs or other sensitive identifiers for age verification purposes. This can be a dangerous practice if there is a risk of data leak, which, well, there always is. Choosing applications that prioritize their users' privacy and safety, and moving away from the ones who don't, is fundamental.
-
-Before investing time in a dating app, make sure to review properly what personal information will be collected, how it can be deleted after (once you've found the love(s) of your life at last), and what data will remain or be requested for the deletion request.
-
-Make sure to browse trustworthy sources to check which apps have better privacy practices, and which ones have been exposed for their bad behaviors. Then, choose accordingly an application you trust enough to share your intimate details with.
-
-### In person: Groups and events
-
-Many people still use commercial platforms such as Facebook Groups, Eventbrite, and Meetup to organize events and groups.
-
-Regrettably, requiring attendees to provide information to a commercial platform collecting their data can put people at severe risk of harm, and completely exclude the most vulnerable.
-
-When organizing events and groups for your community, select platforms that will *not* collect your attendees' data instead.
-
-Sometimes, a good old static website to advertise an event is enough. Then, link to this page on social media to increase visibility. This method has worked for decades before, when people met in person even more.
-
-The need to collect RSVP from attendees is rarely justified. It negatively impacts data privacy, risks endangering attendees in vulnerable situations (such as victims of domestic violence and stalking), and is usually greatly misleading anyway.
-
-You will significantly improve your event's accessibility and safety by not requiring attendees leave a digital trace of where they will be physically.
-
-If you want a service more structured than a static website, **[Mobilizon](https://mobilizon.org/) is an excellent free and open replacement to commercial platforms for groups and events**.
-
-It was developed by the French non-profit Framasoft, and has no incentive to collect users' data. Accounts can be created from multiple [instances](https://instances.joinmobilizon.org/instances), and instances can even be self-hosted if group and event organizers wish more control over their data.
-
-Finally, do not neglect the power of a good old paper poster for your local events. Posting in the streets, local libraries, and on school billboards is still an excellent and efficient way to invite locals to join your event, without the need for any data collection.
-
-## Stay connected
-
-Reaching out for connection can be difficult at time, but it's essential.
-
-While using measures to protect your privacy and your safety, staying connected with your queer community is vital to find the support you need and to find a space where you can be yourself.
-
-Peer support is a fundamental need for anyone. While protecting our data is also important, using a balanced approach to stay connected *while* staying safe is not just important to survive, but also to live and to thrive.
-
-If you are feeling isolated, reach out for connections. You are not alone 💛
-
-## Resources to help
-
-If you are feeling isolated, depressed, or suicidal, do not hesitate to reach out for help. These helplines are here to listen:
-
-- [Mindline Trans+ (UK)](https://www.mindinsomerset.org.uk/our-services/adult-one-to-one-support/mindline-trans/): Confidential support helpline for people who identify as trans, agender, gender-fluid or non-binary.
-
-- [Trans Lifeline Hotline (US and Canada)](https://translifeline.org/hotline/): Trans peer support (Phone number US: 877-565-8860 / Canada: 877-330-6366)
-
-- [Suicide & Crisis Helpline (US and Canada)](https://988lifeline.org/): General support 24/7 (Phone number: 988)
-
-- [Suicide & Crisis Helpline (International)](https://en.wikipedia.org/wiki/List_of_suicide_crisis_lines): List of suicide crisis lines around the world.

blog/posts/you-can-say-no.md

@@ -1,149 +0,0 @@
----
-date:
-    created: 2025-06-17T18:00:00Z
-categories:
-    - Opinion
-authors:
-    - em
-description: |
-    Sometimes, it can feel like our data is collected completely outside of our control or consent. But we still have a powerful weapon to fight back: The power to say no.
-schema_type: Opinion
-preview:
-  cover: blog/assets/images/you-can-say-no/no-cover.webp
----
-
-# You Can Say NO
-
-![Black and white cutout photos of two hands over a blue background. One hand does an offering gesture and the other one a refusing gesture. The word "No!" is printed in the middle.](../assets/images/you-can-say-no/no-cover.webp)
-
-<small aria-hidden="true">Photo: Gabby K / Pexels</small>
-
-In the age of facial recognition and age verification, it might feel like our data is being harvested left and right, completely outside our control or consent. Yet, we still have a powerful weapon to fight back against surveillance: The power to say no.<!-- more -->
-
-The power to say no is one we severely underutilize. Of course, there are circumstances where it can be difficult (impossible even!) to refuse. Saying no can come at a cost, but this isn't true everywhere, and (more importantly) that cost might be worth paying.
-
-There are many occasions where we could indeed refuse to comply with privacy-invasive requests, but miss the opportunity.
-
-However, it is vital as a community and as individuals that we exercise this right every time we possibly can, if we want to stand a fighting chance against the normalization of mass surveillance.
-
-## Why people surrender
-
-Many people agree to privacy-invasive requests despite feeling uncomfortable about it. They might not necessarily agree as much as *not refuse*, but the result is the same. There are many factors responsible for this:
-
-### Time pressure
-
-Sometimes, when a new request is rushed, people do not have sufficient time to evaluate the consequences of saying yes or no.
-
-It's hard to make an informed decision when we get suddenly asked by a polite cashier "can I have your postal code?", or some airport worker instructing us to "just stand in line here to have your photo taken". We might get caught off guard and simply not process what is really happening.
-
-When we do not have enough time or energy to properly evaluate the consequences of data collection, our default response should always be no. It's much easier to add data later on if needed, than to delete it.
-
-### Default pressure
-
-Other times, we might not even know we have a right to object.
-
-There are so many instances in privacy where data collection is presented to us as just the normal way to proceed, without informing us properly about our other options. Of course, this is often by design, because people might never accept such intrusive practices otherwise.
-
-For privacy consent, like for any other types of consent, it's important to remember that lack of an explicit and informed yes should equal to a no.
-
-When we do not have sufficient information about why this data is collected and how it will be processed, our default response should always be to ask if there is an option to opt out or refuse.
-
-### Peer pressure
-
-Then, there's the peer pressure when everyone else is doing it.
-
-Everyone else is on this platform, it must be okay. Everyone else has agreed to being recorded during this meeting, it must be okay. Everyone else is sharing a photo of their face, it must be okay. Everyone else is scanning their irises, it must be okay.
-
-Do not get duped by popularity. Sometimes, the most popular things people are doing are the worst things to do. Even if it can be really hard to resist peer pressure and to swim against the tide, it's important to make informed decisions free from the influence of trends.
-
-When we know a service, platform, or product doesn't respect our privacy rights, we should feel proud to take a stand and refuse to use it ourselves, even if everyone else uses it (for now).
-
-Whether it's because we have been pressured in time, pressured by peers, or simply because we did not know we could say no, it is crucial we take the time to reflect on this preventively, in order to be prepared to say no the next time we have a chance to.
-
-## There are consequences for saying no, but worse ones for saying yes
-
-Unquestionably, saying no isn't free from consequences.
-
-When refusing to provide an official ID to recover an account, we might lose that account. When refusing to provide biometric data to register, we might lose the opportunity to use this service. When refusing to participate in a privacy-invasive social media, we might lose friends who don't want to contact us using privacy-respectful platforms instead.
-
-But what are the consequences for saying yes?
-
-If we say yes all the time, even when we clearly have an option to object, to report, or to refuse to participate, we will soon lose our right to say no.
-
-If everyone acquiesces to privacy-invasive requests and practices, companies and governments might soon think there is no point in keeping an opt-out option available at all, since most people are subserviently complying without making a fuss.
-
-At the individual level, of course this means our data will be collected, processed, compiled, shared, and monetized in ways we know little about. Each time we say yes, it's a new data point in our tracking history to observe, judge, categorize, and manipulate us.
-
-At the collective level, it's nothing less than the loss of our human rights and democracies.
-
-Collectively, we have the power to tilt the balance in favor of privacy rights when we stand firm for it by refusing to consent to intrusive requests every time we can.
-
-By refusing, we clearly express our rejection of this invasion and demand our right to privacy be respected. This sends a clear message to corporations and governments alike that the population does care about privacy rights.
-
-If we value the right to privacy, it's our collective duty to protect it.
-
-## How to say no?
-
-How can we individually and collectively work to push for privacy rights by saying no everywhere we can?
-
-Here are a few examples of practices you can adopt in your daily life that collectively will help to fight for privacy:
-
-### Stop
-
-Stop using the privacy-invasive platforms and services that you can. Move away and opt for [better social media, products, and services](https://www.privacyguides.org/en/tools/) that do respect your privacy and do not monetize your data.
-
-This will take some time of course. Be patient. Pick one change at the time. Maybe this week [delete your Facebook account](https://www.privacyguides.org/en/social-networks/), and next month [migrate your emails](https://www.privacyguides.org/en/email/) away from Gmail.
-
-Each time you stop using services from software companies that build their wealth on monetizing your data, you are saying no and taking a stand for privacy rights.
-
-### Refuse
-
-Refuse all cookies! It can be a real pain to browse the web with all these cookie banners. Of course, companies are hoping for [decision fatigue](https://en.wikipedia.org/wiki/Decision_fatigue) to manipulate you in clicking "yes, yes, yes, agree, continue, whatever!" But each time you comply in despair, you let them win against what you really want.
-
-Websites are not obligated to have cookie banners if they do not use any privacy-invasive cookies. This annoyance doesn't come from legislation, it comes from the greed and stubbornness of corporations to harvest your data. There would be no cookie banners at all if they simply stopped tracking you and collecting your data.
-
-Sabotage their plans by taking the time to find the "Reject All" button through their disingenuous button labyrinth.
-
-Similarly, many privacy-invasive features maliciously try to present as "ethical" because you can "opt out". But what good is this protection if no one uses it? Put a spoke in their wheel, look for the hidden *opt-out* option, and refuse to participate every single time.
-
-Beyond the digital realm, there are many in-person situations where you might have a right to refuse data collection as well.
-
-For example, you may have the right to refuse face scans in airports and demand a "traditional" human verification instead. Look into your local regulation to find out more about this. If everyone refused to scan their face at the airport every time they can, this practice would soon die.
-
-When you say yes to this, you are unfortunately contributing to the normalization of this invasive practice.
-
-Finally, refuse to be recorded. Depending on your local regulation, it's likely there is a legal requirement to inform you when a meeting or interview will be recorded. It's also likely that you have a right to refuse. Exercise this right every time you can. Additionally, depending on your local regulation, report instances where you couldn't and should have been able to refuse.
-
-### Report
-
-Each time you witness a practice that violates privacy laws, report it to the data protection authority for your location.
-
-Stay aware of which privacy law(s) are applicable in your region, and which official entity is responsible for enforcing the law. Your privacy protections are related to your *own* location, regardless of where the organization is based.
-
-In Europe, this entity is often called a Data Protection Authority (DPA), but outside of Europe it's often called something else. It might be a Privacy Commissioner or a Supervisory Authority, for example (but not always either). Read the law (or summary of) for your region, it will include a description of whom this entity is and how to report non-compliance.
-
-Report every infraction you see when you have the time. Sometimes, it's really as simple as sending a short email to the enforcing entity. One single complaint can trigger a full investigation sometimes. This can make an enormous difference.
-
-If you can, reporting can also mean reporting to the media.
-
-When you experience an invasive practice or witness a serious data protection violation, report it to the media if you are comfortable sharing. Personal accounts of such experience are important for collective awareness. The more people know, the more people talk, the more we stand a chance to keep our privacy rights alive. Make noise!
-
-### Advocate
-
-Talk to your friends, family, co-workers, and acquaintances about their options to opt out data collection, and their right to refuse and to say no.
-
-Tell them about how important this is with the social media, software, and services they use. Tell them about the importance of looking for the rejection options on cookie banners, finding information on how to object to face scans at the airport, and refusing the use of AI note-takers during their medical consultations.
-
-Talk about this topic on social media! Share news about privacy-invasive practices. Inform people on how they can opt out, refuse, and say no in your specific region.
-
-## Saying no is a collective and individual responsibility
-
-**Refusal is a powerful way to protest.** But like any protest, it must gather in numbers to have an impact at the collective level. The larger the number of people opting out and saying no, the stronger the message sent.
-
-That being said, do not minimize the impact your individual actions have. **Every single action matters, even the smallest one.** Movements always start at the individual level. If nobody starts, then nobody follows.
-
-By saying no each time, by stopping, refusing, reporting, and advocating, you are starting a movement. When advocating for the right to refuse privacy-invasive practices, you are growing a movement. Each of these contributions matters.
-
-The consequences for not saying no would be leaving the next generations without any protections for their privacy. It would be disastrous for their individual rights, but also disastrous for democracy, freedom of speech, and so many rights we currently take for granted.
-
-We cannot let our society slip into authoritarian mass surveillance. For ourselves and for the next generations, we must fight by saying no, every time we possibly can.

blog/posts/your-online-life-is-irl.md

@@ -1,67 +0,0 @@
----
-date:
-    created: 2025-05-16T16:00:00Z
-categories:
-    - Opinion
-authors:
-    - em
-description: If you, like myself, have been inhabiting the internet for a few decades, you're probably familiar with the old adage IRL (In Real Life). The acronym was used a lot when the distinction between online life and offline life was much greater than it is now. In today's world, can we really keep referring to our digital life as being somehow disconnected from our real life?
-schema_type: OpinionNewsArticle
-preview:
-  cover: blog/assets/images/your-online-life-is-irl/irl-cover.webp
----
-
-# Your Online Life Is IRL
-
-![Photo of an illuminated red street sign with the word Internet on it.](../assets/images/your-online-life-is-irl/irl-cover.webp)
-<small aria-hidden="true">Leon Seibert / Unsplash</small>
-
-If you, like myself, have been inhabiting the internet for a few decades, you're probably familiar with the old adage IRL: In Real Life.
-
-The acronym was used a lot when the distinction between online life and offline life was much greater than it is now. In today's world, can we really keep referring to our digital life as being somehow disconnected from our "real life"?<!-- more -->
-
-While it's true that pseudo-anonymity online is still alive and well, most people don't hide their real identity online because it's much different from their personality offline, but generally simply as a protection.
-
-Even when using pseudonyms, online life is still part of *real life*.
-
-The proportion of time we spend on the connected world today is also far greater than it was before. We often chat with friends online, work online, communicate with our family online, play games online, assist to events online, go to school online, watch recipe videos online, and so on and so forth.
-
-## Our offline life is happening (and tracked) online too
-
-Another thing that has changed is how much data about what we do offline ends up getting collected and stored *online*.
-
-Maybe it's the places we visit during the day getting [tracked by our phones](https://www.pcmag.com/how-to/how-to-get-google-to-quit-tracking-you) and then stored by Google in our profile.
-
-Maybe it's our [smart speaker recording](https://www.lifewire.com/can-alexa-record-conversations-5205324) an intimate conversation and sending it to Amazon.
-
-Completely outside our control, maybe it's the street cameras, cellular towers, car license readers [tracking our movement](https://www.aclum.org/en/publications/what-you-need-know-about-automatic-license-plate-readers) outside as we go about our day.
-
-Or even more dystopian, maybe it's our [doctor using an AI note-taking app](https://theconversation.com/some-clinicians-are-using-ai-to-write-health-records-what-do-you-need-to-know-237762), sending a copy of our very personal in-person medical consultation to who knows which for-profit company.
-
-## Our digital lives and IRL lives are intertwined
-
-All this data collected on what we do *offline*, can sometimes [get aggregated](https://epic.org/issues/consumer-privacy/data-brokers/) together with the data collected on us *online*, even while using pseudo-anonymity.
-
-The social media account where we use a pseudonym and cat profile picture to stay anonymous can get aggregated from the same IP address we used to log in another account using our legal name.
-
-Our offline data and our online data often get connected and bundled up together. This is especially concerning with the growing practice of [social media monitoring](https://privacyinternational.org/long-read/5337/social-media-monitoring-uk-invisible-surveillance-tool-increasingly-deployed) used by governments and companies.
-
-## What we do online have offline consequences
-
-Taking this into account, there isn't a separation between our *online* life and *offline* life anymore.
-
-What we do online affects what we do offline, and vice versa. All of our life, online and offline, is *In Real Life* now.
-
-Our digital life and communications can affect our employment, our dating life, our family life, our housing situation, and even the capacity we have to visit a country [or not](https://globalnews.ca/news/11090232/french-scientist-denied-us-entry-critical-trump-text-messages/).
-
-## The data collected on us online should be cared for even more
-
-Because there isn't much separation anymore, we should treat all data collected about us online as sensitive data intrinsically attached to our person.
-
-An invasion of online privacy, of our online life, becomes the same as an invasion of our home, our body, our IRL life. Not only because this data can be used to find our IRL location, identify our person, and have important repercussions offline, but also because all data about us is an essential part of who we are.
-
-It's not just data points, it's a part of us.
-
-Considering how the world has evolved in the past decades, and shows no sign of slowing down its greedy appropriation of every single piece of information about us, **we should defend our online lives as fiercely as we would our offline lives**.
-
-We need to fight for a future anchored in human rights, and for this, we need to firmly enforce the principle that **digital rights are fundamental human rights**.

docs/basics/passwords-overview.md

@@ -1,16 +1,16 @@
 ---
-title: Introduction to Passwords
-icon: material/form-textbox-password
+title: "Introduction to Passwords"
+icon: 'material/form-textbox-password'
 description: These are some tips and tricks on how to create the strongest passwords and keep your accounts secure.
 ---
 
-Passwords are an essential part of our everyday digital lives. We use them to protect our accounts, our devices, and our secrets. Despite often being the only thing between us and an adversary who's after our private information, not a lot of thought is put into them, which often leads to people using passwords that can be easily guessed or brute-forced.
+Passwords are an essential part of our everyday digital lives. We use them to protect our accounts, our devices and our secrets. Despite often being the only thing between us and an adversary who's after our private information, not a lot of thought is put into them, which often leads to people using passwords that can be easily guessed or brute-forced.
 
 ## Best Practices
 
 ### Use unique passwords for every service
 
-Imagine this: You sign up for an account with the same e-mail and password on multiple online services. If one of those service providers is malicious, or their service has a data breach that exposes your password in an unencrypted format, all a bad actor would have to do is try that e-mail and password combination across multiple popular services until they get a hit. It doesn't matter how strong that one password is, because they already have it.
+Imagine this; you sign up for an account with the same e-mail and password on multiple online services. If one of those service providers is malicious, or their service has a data breach that exposes your password in an unencrypted format, all a bad actor would have to do is try that e-mail and password combination across multiple popular services until they get a hit. It doesn't matter how strong that one password is, because they already have it.
 
 This is called [credential stuffing](https://en.wikipedia.org/wiki/Credential_stuffing), and it is one of the most common ways that your accounts can be compromised by bad actors. To avoid this, make sure that you never re-use your passwords.
 
@@ -73,9 +73,9 @@ You should **not** re-roll words until you get a combination of words that appea
 
 </div>
 
-If you don't have access to or would prefer to not use real dice, you can use your password manager's built-in password generator, as most of them have the option to generate diceware passphrases in addition to regular passwords. We recommend setting the generated passphrase length to at least 6 words.
+If you don't have access to or would prefer to not use real dice, you can use your password manager's built-in password generator, as most of them have the option to generate diceware passphrases in addition to regular passwords.
 
-We also recommend using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [word lists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
+We recommend using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [word lists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
 
 <details class="note" markdown>
 <summary>Explanation of entropy and strength of diceware passphrases</summary>

docs/data-broker-removals.md

@@ -34,7 +34,7 @@ You should search for your information on these sites first, and submit an opt-o
 - Dataveria ([Search](https://dataveria.com), [Opt-Out](https://dataveria.com/ng/control/privacy))
 - InfoTracer ([Search](https://infotracer.com), [Opt-Out](https://infotracer.com/optout))
 - Intelius ([Search](https://intelius.com), [Opt-Out](https://suppression.peopleconnect.us/login))
-- PeekYou ([Search](https://peekyou.com), [Opt-Out](https://peekyou.com/about/contact/ccpa_optout/do_not_sell))
+- PeekYou ([Search](https://peekyou.com), [Opt-Out](https://peekyou.com/about/contact/optout))
 - PublicDataUSA ([Search](https://publicdatausa.com), [Opt-Out](https://publicdatausa.com/remove.php))
 - Radaris ([Search](https://radaris.com), [Opt-Out](https://radaris.com/page/how-to-remove))
 - Spokeo ([Search](https://spokeo.com/search), [Opt-Out](https://spokeo.com/optout))
@@ -84,7 +84,7 @@ Our [testing](https://www.privacyguides.org/articles/2025/02/03/easyoptouts-revi
 EasyOptOuts does not cover the following sites we consider to be "high priority," so you should still manually opt-out of:
 
 - Intelius ([Search](https://intelius.com), [Opt-Out](https://suppression.peopleconnect.us/login))
-- PeekYou ([Search](https://peekyou.com), [Opt-Out](https://peekyou.com/about/contact/ccpa_optout/do_not_sell))
+- PeekYou ([Search](https://peekyou.com), [Opt-Out](https://peekyou.com/about/contact/optout))
 
 </div>
 

docs/desktop-browsers.md

@@ -352,7 +352,7 @@ We recommend disabling search suggestions in Brave for the same reason we recomm
 
 <div class="annotate" markdown>
 
-- [ ] Uncheck **Continue running background apps when Brave is closed** to disable background apps (1)
+- [ ] Uncheck **Continue running apps when Brave is closed** to disable background apps (1)
 
 </div>
 

docs/document-collaboration.md

@@ -1,18 +1,16 @@
 ---
-title: "Document Collaboration"
+title: Document Collaboration
 icon: material/account-group
-description: Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do.
+description: Most online office suites do not support end-to-end encryption, meaning the cloud provider has access to everything you do.
 cover: document-collaboration.webp
 ---
 <small>Protects against the following threat(s):</small>
 
 - [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers){ .pg-teal }
 
-Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. The provider's privacy policy may legally protect your rights, but it does not provide technical access constraints.
+Most online office suites do not support end-to-end encryption, meaning the cloud provider has access to everything you do. The provider's privacy policy may legally protect your rights, but it does not provide technical access constraints.
 
-## Collaboration Platforms
-
-### Nextcloud
+## Nextcloud
 
 <div class="admonition recommendation" markdown>
 
@@ -47,24 +45,29 @@ We don't recommend using the [E2EE App](https://apps.nextcloud.com/apps/end_to_e
 
 </div>
 
-### CryptPad
+## CryptPad
 
 <div class="admonition recommendation" markdown>
 
 ![CryptPad logo](assets/img/document-collaboration/cryptpad.svg){ align=right }
 
-**CryptPad** is a private-by-design alternative to popular office tools. All content on this web service is end-to-end encrypted and can be shared with other users easily. [:material-star-box: Read our latest CryptPad review.](https://www.privacyguides.org/articles/2025/02/07/cryptpad-review)
+**CryptPad** is a private-by-design alternative to popular office tools. All content on this web service is E2EE and can be shared with other users easily.
+
+[:material-star-box: Read our latest CryptPad review.](https://www.privacyguides.org/articles/2025/02/07/cryptpad-review)
 
 [:octicons-home-16: Homepage](https://cryptpad.fr){ .md-button .md-button--primary }
+[:octicons-server-16:](https://cryptpad.org/instances){ .card-link title="Public Instances" }
 [:octicons-eye-16:](https://cryptpad.fr/pad/#/2/pad/view/GcNjAWmK6YDB3EO2IipRZ0fUe89j43Ryqeb4fjkjehE){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://docs.cryptpad.fr){ .card-link title=Documentation}
+[:octicons-info-16:](https://docs.cryptpad.fr){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/xwiki-labs/cryptpad){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://opencollective.com/cryptpad){ .card-link title=Contribute }
+[:octicons-heart-16:](https://opencollective.com/cryptpad){ .card-link title="Contribute" }
 
 </details>
 
 </div>
 
+The CryptPad team hosts a [public instance](https://cryptpad.fr). You can also use other public instances.
+
 ### Criteria
 
 **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
@@ -78,7 +81,7 @@ In general, we define collaboration platforms as full-fledged suites which could
 - Must have sync clients for Linux, macOS, and Windows.
 - Must support document and spreadsheet editing.
 - Must support real-time document collaboration.
-- Must support exporting documents to standard document formats (e.g. ODF).
+- Must support exporting documents to standard document formats (e.g., ODF).
 
 #### Best-Case
 

docs/email.md

@@ -251,6 +251,61 @@ Tuta will [delete inactive free accounts](https://tuta.com/support#inactive-acco
 
 Tuta offers the business version of [Tuta to non-profit organizations](https://tuta.com/blog/secure-email-for-non-profit) for free or with a heavy discount.
 
+## Self-Hosting Email
+
+Advanced system administrators may consider setting up their own email server. Mail servers require attention and continuous maintenance in order to keep things secure and mail delivery reliable. In addition to the "all-in-one" solutions below, we've picked out a few articles that cover a more manual approach:
+
+- [Setting up a mail server with OpenSMTPD, Dovecot and Rspamd](https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd) (2019)
+- [How To Run Your Own Mail Server](https://www.c0ffee.net/blog/mail-server-guide) (August 2017)
+
+### Stalwart
+
+<div class="admonition recommendation" markdown>
+
+![Stalwart logo](assets/img/email/stalwart.svg){ align=right }
+
+**Stalwart** is a newer mail server written in Rust which supports JMAP in addition to the standard IMAP, POP3, and SMTP. It has a wide variety of configuration options, but it also defaults to very reasonable settings (in terms of both security and features) making it easy to use immediately. It has web-based administration with TOTP 2FA support, and it allows you to enter your public PGP key to encrypt **all** incoming messages.
+
+[:octicons-home-16: Homepage](https://stalw.art){ .md-button .md-button--primary }
+[:octicons-info-16:](https://stalw.art/docs/get-started){ .card-link title="Documentation" }
+[:octicons-code-16:](https://github.com/stalwartlabs){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://github.com/sponsors/stalwartlabs){ .card-link title="Contribute" }
+
+</div>
+
+Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations, and allows you to operate your own mail server with zero-knowledge message storage. If you additionally configure Web Key Directory on your domain, and if you use an email client which supports PGP and Web Key Directory for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](#proton-mail) users.
+
+Stalwart does **not** have an integrated webmail, so you will need to use it with a [dedicated email client](email-clients.md) (or find an open-source webmail to self-host, like Nextcloud's Mail app). We use Stalwart for our own internal email at *Privacy Guides*.
+
+### Mailcow
+
+<div class="admonition recommendation" markdown>
+
+![Mailcow logo](assets/img/email/mailcow.svg){ align=right }
+
+**Mailcow** is a more advanced mail server perfect for those with a bit more Linux experience. It has everything you need in a Docker container: a mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support.
+
+[:octicons-home-16: Homepage](https://mailcow.email){ .md-button .md-button--primary }
+[:octicons-info-16:](https://docs.mailcow.email){ .card-link title="Documentation" }
+[:octicons-code-16:](https://github.com/mailcow/mailcow-dockerized){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://servercow.de/mailcow?lang=en#sal){ .card-link title="Contribute" }
+
+</div>
+
+### Mail-in-a-Box
+
+<div class="admonition recommendation" markdown>
+
+![Mail-in-a-Box logo](assets/img/email/mail-in-a-box.svg){ align=right }
+
+**Mail-in-a-Box** is an automated setup script for deploying a mail server on Ubuntu. Its goal is to make it easier for people to set up their own mail server.
+
+[:octicons-home-16: Homepage](https://mailinabox.email){ .md-button .md-button--primary }
+[:octicons-info-16:](https://mailinabox.email/guide.html){ .card-link title="Documentation" }
+[:octicons-code-16:](https://github.com/mail-in-a-box/mailinabox){ .card-link title="Source Code" }
+
+</div>
+
 ## Criteria
 
 **Please note we are not affiliated with any of the providers we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements for any email provider wishing to be recommended, including implementing industry best practices, modern technology and more. We suggest you familiarize yourself with this list before choosing an email provider, and conduct your own research to ensure the email provider you choose is the right choice for you.

docs/file-sharing.md

@@ -1,5 +1,5 @@
 ---
-title: "File Sharing and Sync"
+title: File Sharing and Sync
 icon: material/share-variant
 description: Discover how to privately share your files between your devices, with your friends and family, or anonymously online.
 cover: file-sharing.webp
@@ -20,22 +20,24 @@ If you already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarde
 
 ![Send logo](assets/img/file-sharing-sync/send.svg){ align=right }
 
-**Send** is a fork of Mozilla's discontinued Firefox Send service which allows you to send files to others with a link. Files are encrypted on your device so that they cannot be read by the server, and they can be optionally password-protected as well. The maintainer of Send hosts a [public instance](https://send.vis.ee). You can use other public instances, or you can host Send yourself.
+**Send** is a fork of Mozilla's discontinued Firefox Send service which allows you to send files to others with a link. Files are encrypted on your device so that they cannot be read by the server, and they can be optionally password-protected as well.
 
-[:octicons-home-16: Homepage](https://send.vis.ee){ .md-button .md-button--primary }
-[:octicons-server-16:](https://github.com/timvisee/send-instances){ .card-link title="Public Instances"}
-[:octicons-info-16:](https://github.com/timvisee/send#readme){ .card-link title=Documentation}
+[:octicons-repo-16: Repository](https://github.com/timvisee/send#readme){ .md-button .md-button--primary }
+[:octicons-server-16:](https://github.com/timvisee/send-instances){ .card-link title="Public Instances" }
+[:octicons-info-16:](https://github.com/timvisee/send/tree/master/docs){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/timvisee/send){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://github.com/sponsors/timvisee){ .card-link title=Contribute }
+[:octicons-heart-16:](https://github.com/sponsors/timvisee){ .card-link title="Contribute" }
 
 </details>
 
 </div>
 
-Send can be used via its web interface or via the [ffsend](https://github.com/timvisee/ffsend) CLI. If you are familiar with the command-line and send files frequently, we recommend using the CLI client to avoid JavaScript-based encryption. You can specify the `--host` flag to use a specific server:
+You can use Send through a number of public instances, or you can host Send yourself.
+
+You can use Send via its web interface or via the [ffsend](https://github.com/timvisee/ffsend) CLI. If you are familiar with the command line and send files frequently, we recommend using the command line tool to avoid JavaScript-based encryption. You can specify the `--host` flag to use a specific server:
 
 ```bash
-ffsend upload --host https://send.vis.ee/ FILE
+ffsend upload --host https://example.com/ FILE
 ```
 
 ### OnionShare
@@ -48,7 +50,7 @@ ffsend upload --host https://send.vis.ee/ FILE
 
 [:octicons-home-16: Homepage](https://onionshare.org){ .md-button .md-button--primary }
 [:simple-torbrowser:](http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion){ .card-link title="Onion Service" }
-[:octicons-info-16:](https://docs.onionshare.org){ .card-link title=Documentation}
+[:octicons-info-16:](https://docs.onionshare.org){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/onionshare/onionshare){ .card-link title="Source Code" }
 
 <details class="downloads" markdown>
@@ -133,12 +135,12 @@ We don't recommend using the [E2EE App](https://apps.nextcloud.com/apps/end_to_e
 
 ![Syncthing logo](assets/img/file-sharing-sync/syncthing.svg){ align=right }
 
-**Syncthing** is an open-source peer-to-peer continuous file synchronization utility. It is used to synchronize files between two or more devices over the local network or the internet. Syncthing does not use a centralized server; it uses the [Block Exchange Protocol](https://docs.syncthing.net/specs/bep-v1.html#bep-v1) to transfer data between devices. All data is encrypted using TLS.
+**Syncthing** is an open-source peer-to-peer continuous file synchronization utility. It is used to synchronize files between two or more devices over the local network or the internet.
 
 [:octicons-home-16: Homepage](https://syncthing.net){ .md-button .md-button--primary }
-[:octicons-info-16:](https://docs.syncthing.net){ .card-link title=Documentation}
+[:octicons-info-16:](https://docs.syncthing.net){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/syncthing){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://syncthing.net/donations){ .card-link title=Contribute }
+[:octicons-heart-16:](https://syncthing.net/donations){ .card-link title="Contribute" }
 
 <details class="downloads" markdown>
 <summary>Downloads</summary>
@@ -152,6 +154,8 @@ We don't recommend using the [E2EE App](https://apps.nextcloud.com/apps/end_to_e
 
 </div>
 
+Syncthing does not use a centralized server; it uses the [Block Exchange Protocol](https://docs.syncthing.net/specs/bep-v1.html#bep-v1) to transfer data between devices. All data is encrypted using TLS.
+
 ### Criteria
 
 **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
@@ -169,5 +173,5 @@ Our best-case criteria represents what we would like to see from the perfect pro
 - Should have mobile clients for iOS and Android which at least support document previews.
 - Should support photo backups from iOS and Android, and optionally support file/folder sync on Android.
 
-[^1]: Proton Drive allows you to [share files or folders](https://proton.me/support/drive-shareable-link) by generating a shareable public link or sending a unique link to a designated email address. Public links can be protected with a password, set to expire, and completely revoked, while links shared via email can have custom permissions and be similarly revoked. Per Proton Drive's [privacy policy](https://proton.me/drive/privacy-policy), file contents, file and folder names, and thumbnail previews are end-to-end encrypted.
-[^2]: With a [premium](https://bitwarden.com/help/about-bitwarden-plans/#compare-personal-plans) subscription, [Bitwarden Send](https://bitwarden.com/products/send) allows you to share files and text securely with [end-to-end encryption](https://bitwarden.com/help/send-encryption). A [password](https://bitwarden.com/help/send-privacy/#send-passwords) can be required along with the Send link. Bitwarden Send also features [automatic deletion](https://bitwarden.com/help/send-lifespan).
+[^1]: Proton Drive allows you to [share files or folders](https://proton.me/support/drive-shareable-link) by generating a shareable public link or sending a unique link to a designated email address. Public links can be protected with a password, set to expire, and completely revoked, while links shared via email can have custom permissions and be similarly revoked. Per Proton Drive's [privacy policy](https://proton.me/drive/privacy-policy), file contents, file and folder names, and thumbnail previews are E2EE.
+[^2]: With a [premium](https://bitwarden.com/help/about-bitwarden-plans/#compare-personal-plans) subscription, [Bitwarden Send](https://bitwarden.com/products/send) allows you to share files and text [securely with E2EE](https://bitwarden.com/help/send-encryption). A [password](https://bitwarden.com/help/send-privacy/#send-passwords) can be required along with the Send link. Bitwarden Send also features [automatic deletion](https://bitwarden.com/help/send-lifespan).

docs/frontends.md

@@ -16,28 +16,28 @@ When you are using an instance run by someone else, make sure to read the privac
 
 ## Reddit
 
+<div class="admonition note" markdown>
+<p class="admonition-title">Note</p>
+
+The [Old Reddit](https://old.reddit.com) website doesn't require as much JavaScript as the new Reddit website does, but it has recently blocked access to IP addresses reserved for public VPNs. You can access Old Reddit through their [Tor](tor.md) onion service [launched in October 2022](https://forum.torproject.org/t/reddit-onion-service-launch/5305) at [https://old.reddittorjg6rue252oqsxryoxengawnmo46qy4kyii5wtqnwfj4ooad.onion](https://old.reddittorjg6rue252oqsxryoxengawnmo46qy4kyii5wtqnwfj4ooad.onion).
+
+</div>
+
 ### Redlib
 
 <div class="admonition recommendation" markdown>
 
 ![Redlib logo](assets/img/frontends/redlib.svg){ align=right }
 
-**Redlib** is an open-source frontend to the [Reddit](https://reddit.com) website that is also self-hostable. You can access Redlib through a number of public instances.
+**Redlib** is an open-source frontend to the [Reddit](https://reddit.com) website that is also self-hostable.
 
-[:octicons-repo-16: Repository](https://github.com/redlib-org/redlib){ .md-button .md-button--primary }
+[:octicons-repo-16: Repository](https://github.com/redlib-org/redlib#readme){ .md-button .md-button--primary }
 [:octicons-server-16:](https://github.com/redlib-org/redlib-instances/blob/main/instances.md){ .card-link title="Public Instances" }
-[:octicons-info-16:](https://github.com/redlib-org/redlib?tab=readme-ov-file#table-of-contents){ .card-link title="Documentation" }
+[:octicons-info-16:](https://github.com/redlib-org/redlib#table-of-contents){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/redlib-org/redlib){ .card-link title="Source Code" }
 
 </div>
 
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-The [Old Reddit](https://old.reddit.com) website doesn't require as much JavaScript as the new Reddit website does, but it has recently blocked access to IP addresses reserved for public VPNs. You can use Old Reddit in conjunction with the [Tor](tor.md) Onion that was [launched in October 2022](https://forum.torproject.org/t/reddit-onion-service-launch/5305) at [https://old.reddittorjg6rue252oqsxryoxengawnmo46qy4kyii5wtqnwfj4ooad.onion](https://old.reddittorjg6rue252oqsxryoxengawnmo46qy4kyii5wtqnwfj4ooad.onion).
-
-</div>
-
 <div class="admonition tip" markdown>
 <p class="admonition-title">Tip</p>
 
@@ -45,6 +45,8 @@ Redlib is useful if you want to disable JavaScript in your browser, such as [Tor
 
 </div>
 
+You can access Redlib through a number of public instances, with some that offer a [Tor](tor.md) onion service.
+
 ## TikTok
 
 ### ProxiTok
@@ -55,9 +57,7 @@ Redlib is useful if you want to disable JavaScript in your browser, such as [Tor
 
 **ProxiTok** is an open-source frontend to the [TikTok](https://tiktok.com) website that is also self-hostable.
 
-There are a number of public instances, with some that offer a [Tor](tor.md) onion service or an [I2P](alternative-networks.md#i2p-the-invisible-internet-project) eepsite.
-
-[:octicons-repo-16: Repository](https://github.com/pablouser1/ProxiTok){ .md-button .md-button--primary }
+[:octicons-repo-16: Repository](https://github.com/pablouser1/ProxiTok#readme){ .md-button .md-button--primary }
 [:octicons-server-16:](https://github.com/pablouser1/ProxiTok/wiki/Public-instances){ .card-link title="Public Instances" }
 [:octicons-info-16:](https://github.com/pablouser1/ProxiTok/wiki){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/pablouser1/ProxiTok){ .card-link title="Source Code" }
@@ -73,6 +73,8 @@ ProxiTok is useful if you want to disable JavaScript in your browser, such as [T
 
 </div>
 
+You can access ProxiTok through a number of public instances, with some that offer a [Tor](tor.md) onion service or an [I2P](alternative-networks.md#i2p-the-invisible-internet-project) eepsite.
+
 ## YouTube
 
 **Note:** YouTube has gradually rolled out changes to its video player and API that have thwarted some of the methods used by third-party frontends for extracting YouTube data. If you experience reliability issues with one YouTube frontend, consider trying out another that uses a different extraction method.
@@ -86,8 +88,6 @@ ProxiTok is useful if you want to disable JavaScript in your browser, such as [T
 
 **Invidious** is a free and open-source frontend for [YouTube](https://youtube.com) that is also self-hostable.
 
-There are a number of public instances, with some that offer a [Tor](tor.md) onion service or an [I2P](alternative-networks.md#i2p-the-invisible-internet-project) eepsite.
-
 [:octicons-home-16: Homepage](https://invidious.io){ .md-button .md-button--primary }
 [:octicons-server-16:](https://docs.invidious.io/instances){ .card-link title="Public Instances" }
 [:octicons-info-16:](https://docs.invidious.io){ .card-link title="Documentation" }
@@ -112,6 +112,8 @@ Invidious is useful if you want to disable JavaScript in your browser, such as [
 
 </div>
 
+You can access Invidious through a number of public instances, with some that offer a [Tor](tor.md) onion service or an [I2P](alternative-networks.md#i2p-the-invisible-internet-project) eepsite.
+
 ### Piped
 
 <div class="admonition recommendation" markdown>
@@ -120,9 +122,7 @@ Invidious is useful if you want to disable JavaScript in your browser, such as [
 
 **Piped** is a free and open-source frontend for [YouTube](https://youtube.com) that is also self-hostable.
 
-Piped requires JavaScript in order to function and there are a number of public instances.
-
-[:octicons-repo-16: Repository](https://github.com/TeamPiped/Piped){ .md-button .md-button--primary }
+[:octicons-repo-16: Repository](https://github.com/TeamPiped/Piped#readme){ .md-button .md-button--primary }
 [:octicons-server-16:](https://github.com/TeamPiped/documentation/blob/main/content/docs/public-instances/index.md){ .card-link title="Public Instances" }
 [:octicons-info-16:](https://docs.piped.video/docs){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/TeamPiped/Piped){ .card-link title="Source Code" }
@@ -139,15 +139,17 @@ Piped is useful if you want to use [SponsorBlock](https://sponsor.ajay.app) with
 
 </div>
 
+You can access Piped through a number of public instances. Piped requires JavaScript in order to function.
+
 ### FreeTube
 
 <div class="admonition recommendation" markdown>
 
 ![FreeTube logo](assets/img/frontends/freetube.svg){ align=right }
 
-**FreeTube** is a free and open-source desktop application for [YouTube](https://youtube.com). FreeTube extracts data from YouTube using its built-in API based on [YouTube.js](https://github.com/LuanRT/YouTube.js) or the [Invidious](#invidious) API. You can configure either as the default, with the other serving as a fallback.
+**FreeTube** is a free and open-source desktop application for [YouTube](https://youtube.com).
 
-When using FreeTube, your subscription list and playlists are saved locally on your device.
+Your subscription list and playlists are saved locally on your device.
 
 [:octicons-home-16: Homepage](https://freetubeapp.io){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://freetubeapp.io/privacy.php){ .card-link title="Privacy Policy" }
@@ -174,6 +176,8 @@ When using FreeTube, your IP address may still be known to YouTube, [Invidious](
 
 </div>
 
+FreeTube extracts data from YouTube using its built-in API based on [YouTube.js](https://github.com/LuanRT/YouTube.js) or the [Invidious](#invidious) API. You can configure either as the default, with the other serving as a fallback.
+
 By default, FreeTube blocks all YouTube advertisements. In addition, FreeTube optionally integrates with [SponsorBlock](https://sponsor.ajay.app) to help you skip sponsored video segments.
 
 ### Yattee
@@ -182,11 +186,11 @@ By default, FreeTube blocks all YouTube advertisements. In addition, FreeTube op
 
 ![Yattee logo](assets/img/frontends/yattee.svg){ align=right }
 
-**Yattee** is a free and open-source privacy oriented video player for iOS, tvOS, and macOS for [YouTube](https://youtube.com). Due to App Store restrictions, you will need to take a few [extra steps](https://web.archive.org/web/20230330122839/https://gonzoknows.com/posts/Yattee) before you can use Yattee to watch YouTube. Yattee allows you to connect to instances of [Invidious](#invidious) or [Piped](#piped).
+**Yattee** is a free and open-source, privacy-oriented video player for iOS, tvOS, and macOS for [YouTube](https://youtube.com).
 
-When using Yattee, your subscription list is saved locally on your device.
+Your subscription list is saved locally on your device.
 
-[:octicons-home-16: Homepage](https://github.com/yattee/yattee){ .md-button .md-button--primary }
+[:octicons-repo-16: Repository](https://github.com/yattee/yattee#readme){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://r.yattee.stream/docs/privacy.html){ .card-link title="Privacy Policy" }
 [:octicons-info-16:](https://github.com/yattee/yattee/wiki){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/yattee/yattee){ .card-link title="Source Code" }
@@ -209,6 +213,8 @@ When using Yattee, your IP address may still be known to YouTube, [Invidious](ht
 
 </div>
 
+Due to App Store restrictions, you will need to take a few [extra steps](https://web.archive.org/web/20230330122839/https://gonzoknows.com/posts/Yattee) before you can use Yattee to watch YouTube. Yattee allows you to connect to instances of [Invidious](#invidious) or [Piped](#piped).
+
 By default, Yattee blocks all YouTube advertisements. In addition, Yattee optionally integrates with [SponsorBlock](https://sponsor.ajay.app) to help you skip sponsored video segments.
 
 ### LibreTube (Android)
@@ -218,7 +224,7 @@ By default, Yattee blocks all YouTube advertisements. In addition, Yattee option
 ![LibreTube logo](assets/img/frontends/libretube.svg#only-light){ align=right }
 ![LibreTube logo](assets/img/frontends/libretube-dark.svg#only-dark){ align=right }
 
-**LibreTube** is a free and open-source Android application for [YouTube](https://youtube.com) which uses the [Piped](#piped) API.
+**LibreTube** is a free and open-source Android application for [YouTube](https://youtube.com).
 
 Your subscription list and playlists are saved locally on your Android device.
 
@@ -244,6 +250,8 @@ When using LibreTube, your IP address will be visible to YouTube, [Piped](https:
 
 </div>
 
+LibreTube extracts data from YouTube using the [Piped](#piped) API.
+
 By default, LibreTube blocks all YouTube advertisements. Additionally, LibreTube uses [SponsorBlock](https://sponsor.ajay.app) to help you skip sponsored video segments. You are able to fully configure the types of segments that SponsorBlock will skip, or disable it completely. There is also a button on the video player itself to disable it for a specific video if desired.
 
 ### NewPipe (Android)
@@ -276,7 +284,7 @@ Your subscription list and playlists are saved locally on your Android device.
 <div class="admonition warning" markdown>
 <p class="admonition-title">Warning</p>
 
-When using NewPipe, your IP address will be visible to the video providers used. Consider using a [VPN](vpn.md) or [Tor](tor.md) if your [threat model](basics/threat-modeling.md) requires hiding your IP address.
+When using NewPipe, your IP address will be visible to the video providers you access. Consider using a [VPN](vpn.md) or [Tor](tor.md) if your [threat model](basics/threat-modeling.md) requires hiding your IP address.
 
 </div>
 

docs/real-time-communication.md

@@ -1,6 +1,6 @@
 ---
 meta_title: "The Best Private Instant Messengers - Privacy Guides"
-title: Real-Time Communication
+title: "Real-Time Communication"
 icon: material/chat-processing
 description: Encrypted messengers like Signal and SimpleX keep your sensitive communications secure from prying eyes.
 cover: real-time-communication.webp
@@ -12,17 +12,21 @@ cover: real-time-communication.webp
 - [:material-eye-outline: Mass Surveillance](basics/common-threats.md#mass-surveillance-programs){ .pg-blue }
 - [:material-account-cash: Surveillance Capitalism](basics/common-threats.md#surveillance-as-a-business-model){ .pg-brown }
 
-These recommendations for encrypted **real-time communication** are great for securing your sensitive communications. These instant messengers come in the form of many [types of communication networks](advanced/communication-network-types.md).
+These are our recommendations for encrypted **real-time communication**. These come in the form of many [types of communication networks](./advanced/communication-network-types.md).
 
 [:material-movie-open-play-outline: Video: It's time to stop using SMS](https://www.privacyguides.org/videos/2025/01/24/its-time-to-stop-using-sms-heres-why){ .md-button }
 
-## Signal
+## Encrypted Messengers
+
+These messengers are great for securing your sensitive communications.
+
+### Signal
 
 <div class="admonition recommendation" markdown>
 
 ![Signal logo](assets/img/messengers/signal.svg){ align=right }
 
-**Signal** is a mobile app developed by Signal Messenger LLC. The app provides instant messaging and calls secured with the Signal protocol, an extremely secure encryption protocol which supports forward secrecy[^1] and post-compromise security.[^2]
+**Signal** is a mobile app developed by Signal Messenger LLC. The app provides instant messaging and calls secured with the Signal Protocol, an extremely secure encryption protocol which supports forward secrecy[^1] and post-compromise security.[^2]
 
 [:octicons-home-16: Homepage](https://signal.org){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://signal.org/legal/#privacy-policy){ .card-link title="Privacy Policy" }
@@ -49,23 +53,22 @@ Signal requires your phone number for registration, however you should create a
 
 1. In Signal, open the app's settings and tap your account profile at the top.
 2. Tap **Username** and choose **Continue** on the "Set up your Signal username" screen.
-3. Enter a username. Your username will always be paired with a unique set of digits to keep your username unique and prevent people from guessing it. For example if you enter "John" your username might end up being `@john.35`. By default, only 2 digits are paired with your username when you create it, but you can add more digits until you reach the username length limit (32 characters).
+3. Enter a username. Your username will always be paired with a unique set of digits to keep your username unique and prevent people from guessing it, for example if you enter "John" your username might end up being `@john.35`. By default, only 2 digits are paired with your username when you create it, but you can add more digits until you reach the username length limit (32 characters).
 4. Go back to the main app settings page and select **Privacy**.
-5. Select **Phone Number**.
-6. Change the **Who Can See My Number** setting to **Nobody**.
-7. (Optional) Change the **Who Can Find Me By Number** setting to **Nobody** as well, if you want to prevent people who already have your phone number from discovering your Signal account/username
+5. Select **Phone Number**
+6. Change the **Who Can See My Number** setting to: **Nobody**
+
+You can optionally change the **Who Can Find Me By Number** setting to **Nobody** as well, if you want to prevent people who already have your phone number from discovering your Signal account/username.
+
+Contact lists on Signal are encrypted using your Signal PIN and the server does not have access to them. Personal profiles are also encrypted and only shared with contacts you chat with. Signal supports [private groups](https://signal.org/blog/signal-private-group-system), where the server has no record of your group memberships, group titles, group avatars, or group attributes. Signal has minimal metadata when [Sealed Sender](https://signal.org/blog/sealed-sender) is enabled. The sender address is encrypted along with the message body, and only the recipient address is visible to the server. Sealed Sender is only enabled for people in your contacts list, but can be enabled for all recipients with the increased risk of receiving spam.
+
+The protocol was independently [audited](https://eprint.iacr.org/2016/1013.pdf) in 2016. The specification for the Signal protocol can be found in their [documentation](https://signal.org/docs).
 
 We have some additional tips on configuring and hardening your Signal installation:
 
 [Signal Configuration and Hardening :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening)
 
-Contact lists on Signal are encrypted using your Signal PIN and the server does not have access to them. Personal profiles are also encrypted and only shared with contacts you chat with.
-
-Signal supports [private groups](https://signal.org/blog/signal-private-group-system), where the server has no record of your group memberships, group titles, group avatars, or group attributes. Signal has minimal metadata when [Sealed Sender](https://signal.org/blog/sealed-sender) is enabled. The sender address is encrypted along with the message body, and only the recipient address is visible to the server. Sealed Sender is only enabled for people in your contacts list, but can be enabled for all recipients with the increased risk of receiving spam.
-
-The protocol was independently [audited](https://eprint.iacr.org/2016/1013.pdf) in 2016. The specification for the Signal protocol can be found in their [documentation](https://signal.org/docs).
-
-### Molly (Android)
+#### Molly (Android)
 
 If you use Android and your threat model requires protecting against [:material-target-account: Targeted Attacks](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red  } you may consider using this alternative app, which features a number of security and usability improvements, to access the Signal network.
 
@@ -73,7 +76,7 @@ If you use Android and your threat model requires protecting against [:material-
 
 ![Molly logo](assets/img/messengers/molly.svg){ align=right }
 
-**Molly** is an alternative Signal client for Android which allows you to encrypt the local database with a passphrase at rest, to have unused RAM data securely shredded, to route your connection via Tor, and [more](https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening#privacy-and-security-features). It also has usability improvements including scheduled backups, automatic locking, and the ability to use your Android phone as a linked device instead of the primary device for a Signal account.
+**Molly** is an alternative Signal client for Android which allows you to encrypt the local database with a passphrase at rest, to have unused RAM data securely shredded, to route your connection via Tor, and [more](https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening#privacy-and-security-features). It also has usability improvements including scheduled backups, automatic locking, [UnifiedPush](https://unifiedpush.org) support, and the ability to use your Android phone as a linked device instead of the primary device for a Signal account.
 
 [:octicons-home-16: Homepage](https://molly.im){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://signal.org/legal/#privacy-policy){ .card-link title="Privacy Policy" }
@@ -96,15 +99,17 @@ Molly is updated every two weeks to include the latest features and bug fixes fr
 
 Note that you are trusting multiple parties by using Molly, as you now need to trust the Signal team *and* the Molly team to deliver safe and timely updates.
 
-**Molly-FOSS** is a version of Molly which removes proprietary code like the Google services used by both Signal and Molly at the expense of some features (like battery-saving push notifications via Google Play Services). You can set up push notifications without Google Play Services in either version of Molly with [UnifiedPush](https://unifiedpush.org). Using this notification delivery method requires access to a [MollySocket](https://github.com/mollyim/mollysocket) server, but you can choose a public MollySocket instance for this.[^3]
+There is a version of Molly called **Molly-FOSS** which removes proprietary code like the Google services used by both Signal and Molly, at the expense of some features like battery-saving push notifications via Google Play Services. You can regain push notifications without Google Play Services in either version of Molly with [UnifiedPush](https://unifiedpush.org), but it requires running a separate program called [Mollysocket](https://github.com/mollyim/mollysocket) on another device to function. Mollysocket can either be self-hosted on a separate computer or server (VPS), or alternatively a public Mollysocket instance can be used ([step-by-step tutorial, in German](https://kuketz-blog.de/messenger-wechsel-von-signal-zu-molly-unifiedpush-mollysocket-ntfy)).
 
-Both versions of Molly provide the same security improvements and support [reproducible builds](https://github.com/mollyim/mollyim-android/tree/main/reproducible-builds), meaning it's possible to confirm that the compiled APKs match the source code.
+All versions of Molly provide the same security improvements.
 
-## SimpleX Chat
+Molly and Molly-FOSS support [reproducible builds](https://github.com/mollyim/mollyim-android/tree/main/reproducible-builds), meaning it's possible to confirm that the compiled APKs match the source code.
+
+### SimpleX Chat
 
 <div class="admonition recommendation" markdown>
 
-![SimpleX Chat logo](assets/img/messengers/simplex.svg){ align=right }
+![Simplex logo](assets/img/messengers/simplex.svg){ align=right }
 
 **SimpleX Chat** is an instant messenger that doesn't depend on any unique identifiers such as phone numbers or usernames. Its decentralized network makes SimpleX Chat an effective tool against [:material-close-outline: Censorship](basics/common-threats.md#avoiding-censorship){ .pg-blue-gray }.
 
@@ -127,27 +132,27 @@ Both versions of Molly provide the same security improvements and support [repro
 
 </div>
 
-SimpleX Chat provides direct messaging, group chats, and E2EE calls secured with the [SimpleX Messaging Protocol](https://github.com/simplex-chat/simplexmq/blob/stable/protocol/simplex-messaging.md), which uses double ratchet encryption with quantum resistance. Additionally, SimpleX Chat provides metadata protection by using unidirectional ["simplex queues"](https://github.com/simplex-chat/simplexmq/blob/stable/protocol/simplex-messaging.md#simplex-queue) to deliver messages.
+SimpleX provides direct messaging, group chats, and E2EE calls secured with the [SimpleX Messaging Protocol](https://github.com/simplex-chat/simplexmq/blob/stable/protocol/simplex-messaging.md), which uses double ratchet encryption with quantum resistance. Additionally, SimpleX Chat provides metadata protection by using unidirectional ["simplex queues"](https://github.com/simplex-chat/simplexmq/blob/stable/protocol/simplex-messaging.md#simplex-queue) to deliver messages.
 
 To participate in conversations on SimpleX Chat, you must scan a QR code or click an invite link. This allows you to verify a contact out-of-band, which protects against man-in-the-middle attacks by network providers. Your data can be exported and imported onto another device, as there are no central servers where this is backed up.
 
-You can find a full list of the privacy and security [features](https://github.com/simplex-chat/simplex-chat#privacy-and-security-technical-details-and-limitations) implemented in SimpleX Chat in the app's repository.
+You can find a full list of the privacy and security [features](https://github.com/simplex-chat/simplex-chat#privacy-and-security-technical-details-and-limitations) implemented in SimpleX Chat on the app's repository.
 
 SimpleX Chat was independently audited in [July 2024](https://simplex.chat/blog/20241014-simplex-network-v6-1-security-review-better-calls-user-experience.html#simplex-cryptographic-design-review-by-trail-of-bits) and in [October 2022](https://simplex.chat/blog/20221108-simplex-chat-v4.2-security-audit-new-website).
 
-## Briar
+### Briar
 
 <div class="admonition recommendation" markdown>
 
 ![Briar logo](assets/img/messengers/briar.svg){ align=right }
 
-**Briar** is an encrypted instant messenger that [connects](https://briarproject.org/how-it-works) to other clients using the [Tor network](alternative-networks.md#tor), making it an effective tool at circumventing [:material-close-outline: Censorship](basics/common-threats.md#avoiding-censorship){ .pg-blue-gray }. Briar can also connect via Wi-Fi or Bluetooth when in local proximity. Briar’s local mesh mode can be useful when internet availability is a problem.
+**Briar** is an encrypted instant messenger that [connects](https://briarproject.org/how-it-works) to other clients using the Tor Network, making it an effective tool at circumventing [:material-close-outline: Censorship](basics/common-threats.md#avoiding-censorship){ .pg-blue-gray }. Briar can also connect via Wi-Fi or Bluetooth when in local proximity. Briar’s local mesh mode can be useful when internet availability is a problem.
 
 [:octicons-home-16: Homepage](https://briarproject.org){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://briarproject.org/privacy-policy){ .card-link title="Privacy Policy" }
 [:octicons-info-16:](https://code.briarproject.org/briar/briar/-/wikis/home){ .card-link title="Documentation" }
 [:octicons-code-16:](https://code.briarproject.org/briar/briar){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://code.briarproject.org/briar/briar#donate){ .card-link title="Contribute" }
+[:octicons-heart-16:](https://briarproject.org){ .card-link title="Donation options are listed on the bottom of the homepage" }
 
 <details class="downloads" markdown>
 <summary>Downloads</summary>
@@ -163,33 +168,82 @@ SimpleX Chat was independently audited in [July 2024](https://simplex.chat/blog/
 
 To add a contact on Briar, you must both add each other first. You can either exchange `briar://` links or scan a contact’s QR code if they are nearby.
 
-Briar has a fully [published specification](https://code.briarproject.org/briar/briar-spec). Briar supports forward secrecy[^1] by using the Bramble [Handshake](https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BHP.md) and [Transport](https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BTP.md) protocol.
-
 The client software was independently [audited](https://briarproject.org/news/2017-beta-released-security-audit), and the anonymous routing protocol uses the Tor network which has also been audited.
 
+Briar has a fully [published specification](https://code.briarproject.org/briar/briar-spec).
+
+Briar supports forward secrecy[^1] by using the Bramble [Handshake](https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BHP.md) and [Transport](https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BTP.md) protocol.
+
+## Additional Options
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+These messengers do not have forward secrecy[^1], and while they fulfill certain needs that our previous recommendations may not, we do not recommend them for long-term or sensitive communications. Any key compromise among message recipients would affect the confidentiality of **all** past communications.
+
+</div>
+
+### Session
+
+<div class="admonition recommendation" markdown>
+
+![Session logo](assets/img/messengers/session.svg){ align=right }
+
+**Session** is a decentralized messenger with a focus on private, secure, and anonymous communications. Session offers support for direct messages, group chats, and voice calls.
+
+Session uses the decentralized [Oxen Service Node Network](https://oxen.io) to store and route messages. Every encrypted message is routed through three nodes in the Oxen Service Node Network, making it virtually impossible for the nodes to compile meaningful information on those using the network.
+
+[:octicons-home-16: Homepage](https://getsession.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://getsession.org/privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://getsession.org/faq){ .card-link title="Documentation" }
+[:octicons-code-16:](https://github.com/oxen-io){ .card-link title="Source Code" }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=network.loki.messenger)
+- [:simple-appstore: App Store](https://apps.apple.com/app/id1470168868)
+- [:simple-github: GitHub](https://github.com/oxen-io/session-android/releases)
+- [:fontawesome-brands-windows: Windows](https://getsession.org/download)
+- [:simple-apple: macOS](https://getsession.org/download)
+- [:simple-linux: Linux](https://getsession.org/download)
+
+</details>
+
+</div>
+
+Session allows for E2EE in one-on-one chats or closed groups which allow for up to 100 members. It is also possible to [set up](https://docs.oxen.io/oxen-docs/products-built-on-oxen/session/guides/open-group-setup) or join open groups which can host thousands of members, but messages in these open groups are **not** end-to-end encrypted between participants.
+
+Session was previously based on Signal Protocol before replacing it with their own in December 2020. Session Protocol does [not](https://getsession.org/blog/session-protocol-technical-information) support forward secrecy.[^1]
+
+Oxen requested an independent audit for Session in March 2020. The audit [concluded](https://getsession.org/session-code-audit) in April 2021:
+
+> The overall security level of this application is good and makes it usable for privacy-concerned people.
+
+Session has a [white paper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
+
 ## Criteria
 
 **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
 
 ### Minimum Requirements
 
-- Must have open-source clients.
-- Must not require sharing personal identifiers (particularly phone numbers or emails) with contacts.
-- Must use E2EE for private messages by default.
-- Must support E2EE for all messages.
-- Must support forward secrecy[^1]
-- Must have a published audit from a reputable, independent third party.
+- Has open-source clients.
+- Does not require sharing personal identifiers (phone numbers or emails in particular) with contacts.
+- Uses E2EE for private messages by default.
+- Supports E2EE for all messages.
+- Has been independently audited.
 
 ### Best-Case
 
 Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
 
-- Should support future secrecy (post-compromise security)[^2]
-- Should have open-source servers.
-- Should use a decentralized network, i.e. [federated or P2P](advanced/communication-network-types.md).
-- Should use E2EE for all messages by default.
-- Should support Linux, macOS, Windows, Android, and iOS.
+- Supports forward secrecy[^1]
+- Supports Future Secrecy (Post-Compromise Security)[^2]
+- Has open-source servers.
+- Decentralized, i.e. [federated or P2P](advanced/communication-network-types.md).
+- Uses E2EE for all messages by default.
+- Supports Linux, macOS, Windows, Android, and iOS.
 
 [^1]: [Forward secrecy](https://en.wikipedia.org/wiki/Forward_secrecy) is where keys are rotated very frequently, so that if the current encryption key is compromised, it does not expose **past** messages as well.
-[^2]: Future secrecy (or [post-compromise security](https://eprint.iacr.org/2016/221.pdf)) is a feature where an attacker is prevented from decrypting **future** messages after compromising a private key, unless they compromise more session keys in the future as well. This effectively forces the attacker to intercept all communication between parties since they lose access as soon as a key exchange occurs that is not intercepted.
-[^3]: You may refer to this step-by-step tutorial in German on how to set up UnifiedPush as the notification provider for Molly: [https://kuketz-blog.de/messenger-wechsel-von-signal-zu-molly-unifiedpush-mollysocket-ntfy](https://kuketz-blog.de/messenger-wechsel-von-signal-zu-molly-unifiedpush-mollysocket-ntfy).
+[^2]: Future Secrecy (or Post-Compromise Security) is a feature where an attacker is prevented from decrypting **future** messages after compromising a private key, unless they compromise more session keys in the future as well. This effectively forces the attacker to intercept all communication between parties, since they lose access as soon as a key exchange occurs that is not intercepted.

docs/self-hosting/email-servers.md

@@ -1,65 +0,0 @@
----
-title: Email Servers
-meta_title: "Self-Hosted Email - Privacy Guides"
-icon: material/email
-description: For our more technical readers, self-hosting your own email can provide additional privacy assurances by having maximum control over your data.
-cover: email.webp
----
-<small>Protects against the following threat(s):</small>
-
-- [:material-server-network: Service Providers](../basics/common-threats.md#privacy-from-service-providers){ .pg-teal }
-
-Advanced system administrators may consider setting up their own email server. Mail servers require attention and continuous maintenance in order to keep things secure and mail delivery reliable. In addition to the "all-in-one" solutions below, we've picked out a few articles that cover a more manual approach:
-
-- [Setting up a mail server with OpenSMTPD, Dovecot and Rspamd](https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd) (2019)
-- [How To Run Your Own Mail Server](https://www.c0ffee.net/blog/mail-server-guide) (August 2017)
-
-## Stalwart
-
-<div class="admonition recommendation" markdown>
-
-![Stalwart logo](../assets/img/self-hosting/stalwart.svg){ align=right }
-
-**Stalwart** is a newer mail server written in Rust which supports JMAP in addition to the standard IMAP, POP3, and SMTP. It has a wide variety of configuration options, but also defaults to very reasonable settings in terms of both security and features, making it easy to use immediately. It has web-based administration with TOTP 2FA support and allows you to enter your public PGP key to encrypt **all** incoming messages.
-
-[:octicons-home-16: Homepage](https://stalw.art){ .md-button .md-button--primary }
-[:octicons-info-16:](https://stalw.art/docs/get-started){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/stalwartlabs){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://github.com/sponsors/stalwartlabs){ .card-link title="Contribute" }
-
-</div>
-
-Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with zero-knowledge message storage. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
-
-Stalwart does **not** have an integrated webmail, so you will need to use it with a [dedicated email client](../email-clients.md) or find an open-source webmail to self-host, like Nextcloud's Mail app.
-
-We use Stalwart for our own internal email at *Privacy Guides*.
-
-## Mailcow
-
-<div class="admonition recommendation" markdown>
-
-![Mailcow logo](../assets/img/self-hosting/mailcow.svg){ align=right }
-
-**Mailcow** is an advanced mail server perfect for those with Linux experience. It has everything you need in a Docker container: a mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support.
-
-[:octicons-home-16: Homepage](https://mailcow.email){ .md-button .md-button--primary }
-[:octicons-info-16:](https://docs.mailcow.email){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/mailcow/mailcow-dockerized){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://servercow.de/mailcow?lang=en#sal){ .card-link title="Contribute" }
-
-</div>
-
-## Mail-in-a-Box
-
-<div class="admonition recommendation" markdown>
-
-![Mail-in-a-Box logo](../assets/img/self-hosting/mail-in-a-box.svg){ align=right }
-
-**Mail-in-a-Box** is an automated setup script for deploying a mail server on Ubuntu. Its goal is to make it easier for people to set up their own mail server.
-
-[:octicons-home-16: Homepage](https://mailinabox.email){ .md-button .md-button--primary }
-[:octicons-info-16:](https://mailinabox.email/guide.html){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/mail-in-a-box/mailinabox){ .card-link title="Source Code" }
-
-</div>

docs/self-hosting/index.md

@@ -1,169 +0,0 @@
----
-title: Self-Hosting
-meta_title: "Self-Hosted Software and Services - Privacy Guides"
-description: For our more technical readers, self-hosted software and services can provide additional privacy assurances since you have maximum control over your data.
-cover: router.webp
----
-<small>Protects against the following threat(s):</small>
-
-- [:material-server-network: Service Providers](../basics/common-threats.md#privacy-from-service-providers){ .pg-teal }
-
-Using **self-hosted software and services** can be a way to achieve a higher level of privacy through digital sovereignty, particularly independence from cloud servers controlled by product developers or vendors. By self-hosting, we mean hosting applications and data on your own hardware.
-
-Self-hosting your own solutions requires advanced technical knowledge and a deep understanding of the associated risks. By becoming the host for yourself and possibly others, you take on responsibilities you might not otherwise have. Self-hosting privacy software improperly can leave you worse off than using e.g. an end-to-end encrypted service provider, so it is best avoided if you are not already comfortable doing so.
-
-## :material-email: Email Servers
-
-<div class="grid cards" markdown>
-
-- ![Stalwart logo](../assets/img/self-hosting/stalwart.svg){ .twemoji loading=lazy } [Stalwart](email-servers.md#stalwart)
-- ![Mailcow logo](../assets/img/self-hosting/mailcow.svg){ .twemoji loading=lazy } [Mailcow](email-servers.md#mailcow)
-- ![Mail-in-a-Box logo](../assets/img/self-hosting/mail-in-a-box.svg){ .twemoji loading=lazy } [Mail-in-a-Box](email-servers.md#mail-in-a-box)
-
-</div>
-
-[Learn more :material-arrow-right-drop-circle:](email-servers.md)
-
-## :material-account-supervisor-circle-outline: Social Networks
-
-Self-hosting your own instance of a social network software can help circumvent potential [censorship on a server level](../social-networks.md#censorship-resistance) by a public server's administrator or admin team.
-
-### Mastodon
-
-<div class="admonition recommendation" markdown>
-
-![Mastodon logo](../assets/img/social-networks/mastodon.svg){ align=right }
-
-**Mastodon** is a social network based on open web protocols and free, open-source software. It uses the decentralized **:simple-activitypub: ActivityPub** protocol.
-
-[:octicons-home-16:](https://joinmastodon.org){ .card-link title="Homepage" }
-[:octicons-info-16:](https://docs.joinmastodon.org/admin/prerequisites){ .card-link title="Admin Documentation" }
-
-</div>
-
-Mastodon [integrates with the Tor network](https://docs.joinmastodon.org/admin/optional/tor) for more extreme scenarios where even your underlying hosting provider is subject to censorship, but this may limit who can access your content to only other servers which integrate with Tor (like most other hidden services).
-
-Mastodon benefits greatly from a large and active self-hosting community, and its administration is comprehensively documented. While many other ActivityPub platforms can require extensive technical knowledge to run and troubleshoot, Mastodon has very stable and tested releases, and it can generally be run securely without issue by anyone who can use the Linux command line and follow step-by-step instructions.
-
-### Element
-
-<div class="admonition recommendation" markdown>
-
-![Element logo](../assets/img/social-networks/element.svg){ align=right }
-
-**Element** is the flagship client for the **:simple-matrix: Matrix** protocol, an open standard that enables decentralized communication by way of federated chat rooms.
-
-[:octicons-home-16:](https://element.io){ .card-link title="Homepage" }
-[:octicons-info-16:](https://element-hq.github.io/synapse/latest){ .card-link title="Admin Documentation" }
-[:octicons-code-16:](https://github.com/element-hq){ .card-link title="Source Code" }
-
-</div>
-
-## :material-flip-to-front: Frontends
-
-Self-hosting your own instance of a web-based frontend can help you circumvent rate limits that you may encounter on high-traffic, public instances. It is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting, as other peoples' usage will be linked to your hosting.
-
-<div class="grid cards" markdown>
-
-- ![Redlib logo](../assets/img/frontends/redlib.svg){ .lg .middle .twemoji } [**Redlib (Reddit)**](../frontends.md#redlib)
-
-    ---
-
-    [:octicons-info-16:](https://github.com/redlib-org/redlib#deployment){ .card-link title="Admin Documentation" }
-    [:octicons-code-16:](https://github.com/redlib-org/redlib){ .card-link title="Source Code" }
-
-- ![ProxiTok logo](../assets/img/frontends/proxitok.svg){ .lg .middle .twemoji } [**ProxiTok (TikTok)**](../frontends.md#proxitok)
-
-    ---
-
-    [:octicons-info-16:](https://github.com/pablouser1/ProxiTok/wiki/Self-hosting){ .card-link title="Admin Documentation" }
-    [:octicons-code-16:](https://github.com/pablouser1/ProxiTok){ .card-link title="Source Code" }
-
-- ![Invidious logo](../assets/img/frontends/invidious.svg#only-light){ .twemoji }![Invidious logo](../assets/img/frontends/invidious-dark.svg#only-dark){ .twemoji } [**Invidious (YouTube)**](../frontends.md#invidious)
-
-    ---
-
-    [:octicons-home-16:](https://invidious.io){ .card-link title="Homepage" }
-    [:octicons-info-16:](https://docs.invidious.io/installation){ .card-link title="Admin Documentation" }
-    [:octicons-code-16:](https://github.com/iv-org/invidious){ .card-link title="Source Code" }
-
-- ![Piped logo](../assets/img/frontends/piped.svg){ .twemoji } [**Piped (YouTube)**](../frontends.md#piped)
-
-    ---
-
-    [:octicons-info-16:](https://docs.piped.video/docs/self-hosting){ .card-link title="Admin Documentation" }
-    [:octicons-code-16:](https://github.com/TeamPiped/Piped){ .card-link title="Source Code" }
-
-</div>
-
-## More Tools...
-
-Tool recommendations in other categories of the website also provide a self-hosted option, so you could consider this if you are confident in your ability to host the software after reading their documentation.
-
-<div class="grid cards" markdown>
-
-- ![Addy.io logo](../assets/img/email-aliasing/addy.svg){ .twemoji } [**Addy.io**](../email-aliasing.md#addyio)
-
-    ---
-
-    [:octicons-home-16:](https://addy.io){ .card-link title="Homepage" }
-    [:octicons-info-16:](https://addy.io/self-hosting){ .card-link title="Admin Documentation" }
-    [:octicons-code-16:](https://github.com/anonaddy){ .card-link title="Source Code" }
-
-- ![SimpleLogin logo](../assets/img/email-aliasing/simplelogin.svg){ .twemoji } [**SimpleLogin**](../email-aliasing.md#simplelogin)
-
-    ---
-
-    [:octicons-home-16:](https://addy.io){ .card-link title="Homepage" }
-    [:octicons-info-16:](https://github.com/simple-login/app#prerequisites){ .card-link title="Admin Documentation" }
-    [:octicons-code-16:](https://github.com/simple-login){ .card-link title="Source Code" }
-
-- ![CryptPad logo](../assets/img/document-collaboration/cryptpad.svg){ .twemoji } [**CryptPad**](../document-collaboration.md#cryptpad)
-
-    ---
-
-    [:octicons-home-16:](https://cryptpad.fr){ .card-link title="Homepage" }
-    [:octicons-info-16:](https://docs.cryptpad.org/en/admin_guide/index.html){ .card-link title="Admin Documentation" }
-    [:octicons-code-16:](https://github.com/xwiki-labs/cryptpad){ .card-link title="Source Code" }
-
-- ![Miniflux logo](../assets/img/news-aggregators/miniflux.svg#only-light){ .twemoji }![Miniflux logo](../assets/img/news-aggregators/miniflux-dark.svg#only-dark){ .twemoji } [**Miniflux**](../news-aggregators.md#miniflux)
-
-    ---
-
-    [:octicons-home-16:](https://miniflux.app){ .card-link title="Homepage" }
-    [:octicons-info-16:](https://miniflux.app/docs/index.html#administration-guide){ .card-link title="Admin Documentation" }
-    [:octicons-code-16:](https://github.com/miniflux/v2){ .card-link title="Source Code" }
-
-- ![Standard Notes logo](../assets/img/notebooks/standard-notes.svg){ .twemoji } [**Standard Notes**](../notebooks.md#standard-notes)
-
-    ---
-
-    [:octicons-home-16:](https://standardnotes.com){ .card-link title="Homepage" }
-    [:octicons-info-16:](https://standardnotes.com/help/47/can-i-self-host-standard-notes){ .card-link title="Admin Documentation" }
-    [:octicons-code-16:](https://github.com/standardnotes){ .card-link title="Source Code" }
-
-- ![PrivateBin logo](../assets/img/pastebins/privatebin.svg){ .twemoji } [**PrivateBin**](../pastebins.md#privatebin)
-
-    ---
-
-    [:octicons-home-16:](https://privatebin.info){ .card-link title="Homepage" }
-    [:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/blob/master/doc/Installation.md){ .card-link title="Admin Documentation" }
-    [:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
-
-- ![Paaster logo](../assets/img/pastebins/paaster.svg){ .twemoji } [**Paaster**](../pastebins.md#paaster)
-
-    ---
-
-    [:octicons-home-16:](https://paaster.io){ .card-link title="Homepage" }
-    [:octicons-info-16:](https://github.com/WardPearce/paaster#deployment){ .card-link title="Admin Documentation" }
-    [:octicons-code-16:](https://github.com/WardPearce/paaster){ .card-link title="Source Code" }
-
-- ![SimpleX Chat logo](../assets/img/messengers/simplex.svg){ .twemoji } [**SimpleX Chat**](../real-time-communication.md#simplex-chat)
-
-    ---
-
-    [:octicons-home-16:](https://simplex.chat){ .card-link title="Homepage" }
-    [:octicons-info-16:](https://simplex.chat/docs/server.html){ .card-link title="Admin Documentation" }
-    [:octicons-code-16:](https://github.com/simplex-chat){ .card-link title="Source Code" }
-
-</div>

docs/tools.md

@@ -9,9 +9,6 @@ description: A complete list of the privacy tools, services, software, and hardw
 
 If you're looking for a specific solution to something, these are the hardware and software tools we recommend in a variety of categories. Our recommended privacy tools are primarily chosen based on security features, with additional emphasis on decentralized and open-source tools. They are applicable to a variety of threat models ranging from protection against global mass surveillance programs and avoiding big tech companies to mitigating attacks, but only you can determine what will work best for your needs.
 
-<div class="grid" markdown>
-
-<div markdown>
 [VPN Providers](vpn.md){ .md-button }
 [Password Managers](passwords.md){ .md-button }
 [Email Providers](email.md){ .md-button }
@@ -19,19 +16,6 @@ If you're looking for a specific solution to something, these are the hardware a
 [DNS Servers](dns.md){ .md-button }
 [Email Aliasing Services](email-aliasing.md){ .md-button }
 [Photo Organization Tools](photo-management.md){ .md-button }
-</div>
-
-</div>
-
-<div markdown>
-
-<div class="admonition info" markdown>
-
-[Self-hosting recommendations](self-hosting/index.md) have been moved to their own category.
-
-</div>
-
-</div>
 
 If you want assistance figuring out the best privacy tools and alternative programs for your needs, start a discussion on our [forum](https://discuss.privacyguides.net) or our [Matrix](https://matrix.to/#/#privacyguides:matrix.org) community!
 
@@ -233,8 +217,19 @@ If you're looking for added **security**, you should always ensure you're connec
 - ![Addy.io logo](assets/img/email-aliasing/addy.svg){ .twemoji loading=lazy } [Addy.io](email-aliasing.md#addyio)
 - ![SimpleLogin logo](assets/img/email-aliasing/simplelogin.svg){ .twemoji loading=lazy } [SimpleLogin](email-aliasing.md#simplelogin)
 
+</div>
 </div>
 
+<div markdown>
+### Self-Hosting Email
+
+<div class="grid cards" markdown>
+
+- ![Stalwart logo](assets/img/email/stalwart.svg){ .twemoji loading=lazy } [Stalwart](email.md#stalwart)
+- ![Mailcow logo](assets/img/email/mailcow.svg){ .twemoji loading=lazy } [Mailcow](email.md#mailcow)
+- ![Mail-in-a-Box logo](assets/img/email/mail-in-a-box.svg){ .twemoji loading=lazy } [Mail-in-a-Box](email.md#mail-in-a-box)
+
+</div>
 </div>
 
 </div>
@@ -427,7 +422,7 @@ For encrypting your OS drive, we typically recommend using the encryption tool y
 
 </details>
 
-#### Cross-Platform Tools
+#### Cross-platform Tools
 
 <div class="grid cards" markdown>
 
@@ -491,9 +486,9 @@ For encrypting your OS drive, we typically recommend using the encryption tool y
 
 - ![Drip logo](assets/img/health-and-wellness/drip.png){ .twemoji loading=lazy } [Drip](health-and-wellness.md#drip)
 - ![Euki logo](assets/img/health-and-wellness/euki.svg){ .twemoji loading=lazy } [Euki](health-and-wellness.md#euki)
-- ![Apple Health logo](assets/img/health-and-wellness/apple-health.svg#only-light){ .twemoji loading=lazy } ![Apple Health logo](assets/img/health-and-wellness/apple-health-dark.svg#only-dark){ .twemoji loading=lazy } [Apple Health](health-and-wellness.md#apple-health)
+- ![Apple Health logo](assets/img/health-and-wellness/apple-health.svg#only-light){ .twemoji loading=lazy } ![Apple Health logo](assets/img/health-and-wellness/apple-health-dark.svg#only-dark){ .twemoji loading=lazy }[Apple Health](health-and-wellness.md#apple-health)
 - ![Gadgetbridge logo](assets/img/health-and-wellness/gadgetbridge.svg#only-light){ .twemoji loading=lazy }![Gadgetbridge logo](assets/img/health-and-wellness/gadgetbridge-dark.svg#only-dark){ .twemoji loading=lazy } [Gadgetbridge](health-and-wellness.md#gadgetbridge)
-- ![Apple Health logo](assets/img/health-and-wellness/apple-health.svg#only-light){ .twemoji loading=lazy } ![Apple Health logo](assets/img/health-and-wellness/apple-health-dark.svg#only-dark){ .twemoji loading=lazy } [Apple Health Records](health-and-wellness.md#apple-health-records)
+- ![Apple Health logo](assets/img/health-and-wellness/apple-health.svg#only-light){ .twemoji loading=lazy } ![Apple Health logo](assets/img/health-and-wellness/apple-health-dark.svg#only-dark){ .twemoji loading=lazy }[Apple Health Records](health-and-wellness.md#apple-health-records)
 - ![CommonHealth logo](assets/img/health-and-wellness/commonhealth.png){ .twemoji loading=lazy } [CommonHealth](health-and-wellness.md#commonhealth)
 
 </div>
@@ -608,6 +603,7 @@ For encrypting your OS drive, we typically recommend using the encryption tool y
 - ![Signal logo](assets/img/messengers/signal.svg){ .twemoji loading=lazy } [Signal](real-time-communication.md#signal)
 - ![Briar logo](assets/img/messengers/briar.svg){ .twemoji loading=lazy } [Briar](real-time-communication.md#briar)
 - ![SimpleX Chat logo](assets/img/messengers/simplex.svg){ .twemoji loading=lazy } [SimpleX Chat](real-time-communication.md#simplex-chat)
+- ![Session logo](assets/img/messengers/session.svg){ .twemoji loading=lazy } [Session](real-time-communication.md#session)
 
 </div>
 

docs/vpn.md

@@ -34,7 +34,7 @@ Our recommended providers use encryption, support WireGuard & OpenVPN, and have
 |---|---|---|---|---|---
 | [Proton](#proton-vpn) | 112+ | :material-check:{ .pg-green } | :material-alert-outline:{ .pg-orange } Partial Support | :material-information-outline:{ .pg-blue } Limited Support | Cash
 | [IVPN](#ivpn) | 37+ | :material-check:{ .pg-green } | :material-alert-outline:{ .pg-orange } | :material-information-outline:{ .pg-blue } Outgoing Only | Monero, Cash
-| [Mullvad](#mullvad) | 49+ | :material-check:{ .pg-green } | :material-alert-outline:{ .pg-orange } | :material-check:{ .pg-green } | Monero, Cash
+| [Mullvad](#mullvad) | 45+ | :material-check:{ .pg-green } | :material-alert-outline:{ .pg-orange } | :material-check:{ .pg-green } | Monero, Cash
 
 ### Proton VPN