update: Mullvad Leta Onion Service

Signed-off-by: redoomed1 <redoomed1@privacyguides.org>

.vscode/ltex.dictionary.en-US.txt

@@ -562,3 +562,9 @@ unlinkability
 Kagi
 Secureblue
 pseudonymity
+TrueNAS
+Arti
+Tailscale
+allowlisted
+MyMonero
+Monero-LWS

blog/.authors.yml

@@ -56,6 +56,13 @@ authors:
       instance: neat.computer
     twitter: jonaharagon
     bluesky: jonaharagon.com
+  justin:
+    name: Justin Ehrenhofer
+    description: Guest Contributor
+    avatar: https://github.com/SamsungGalaxyPlayer.png
+    mastodon:
+      username: sgp
+      instance: neat.computer
   kaitebay:
     name: Kai Tebay
     description: Former Team Member

blog/posts/monero-server-using-truenas.md

@@ -0,0 +1,362 @@
+---
+date:
+    created: 2025-06-12T18:15:00Z
+categories:
+    - Tutorials
+tags:
+    - Self-Hosting
+    - Cryptocurrency
+    - TrueNAS
+authors:
+    - justin
+description: In this guide, we will walk you through setting up a very powerful Monero server on TrueNAS.
+schema_type: AnalysisNewsArticle
+preview:
+  cover: blog/assets/images/monero-server-using-truenas/cover.webp
+---
+# Creating a Tricked-Out Monero Server with TrueNAS
+
+![A cover image for this post showing an illustration of a NAS and stacks of coins imprinted with the Monero logo](../assets/images/monero-server-using-truenas/cover.webp)
+
+<small aria-hidden="true">Illustration: Jonah Aragon / Privacy Guides</small>
+
+In this guide, we will walk you through setting up a very powerful [Monero](https://www.privacyguides.org/en/cryptocurrency/#monero) server on TrueNAS. By completing these steps, you will be able to connect to your own self-hosted Monero node with the official Monero wallet and Cake Wallet, and you will be able to connect to your own self-hosted Monero LWS server with Edge Wallet and MyMonero.<!-- more -->
+
+<div class="admonition note" markdown>
+<p class="admonition-title">Guest Contributor</p>
+
+Please welcome Justin Ehrenhofer as a first-time guest contributor! Justin is the president of MAGIC Grants, a nonprofit which supports public cryptocurrency infrastructure and promotes privacy, and operates as Privacy Guides' [fiscal host](privacy-guides-partners-with-magic-grants-501-c-3.md). Privacy Guides does not publish guest posts in exchange for compensation, and this tutorial was independently reviewed by our editorial team prior to publication.
+
+</div>
+
+This guide assumes that you are using TrueNAS for the first time. TrueNAS is an open-source operating system that is meant to function primarily as a NAS, and it supports running arbitrary Docker apps. [MAGIC Grants](https://magicgrants.org) spent the last few months making dedicated apps on the TrueNAS store to make this setup process simpler than starting from scratch.
+
+## Advantages of Running Your Own Node
+
+Monero is a cryptocurrency with strong privacy properties by default, and it is the only cryptocurrency currently [recommended](https://www.privacyguides.org/en/cryptocurrency/) by Privacy Guides.
+
+Despite Monero's privacy protections, your wallet needs to communicate with the rest of the Monero network. There are two main options:
+
+1. Connecting to someone else's node; or
+2. Connecting to your own node.
+
+By connecting to your own node, you do not need to reveal when you are using your wallet and what transactions you send to the node operator.
+
+By following this guide, your transaction broadcasts will be protected with the Tor and/or I2P [networks](https://www.privacyguides.org/en/alternative-networks/).
+
+In short, if you *can* run your own node, you *should* run your own node.
+
+## Hardware/Software Recommendations
+
+* A spare machine (e.g., an old desktop computer) with:
+    * One or more SSDs with >100 GB of free space
+    * 4+ CPU cores
+    * 4GB+ of RAM
+    * TrueNAS already installed
+* A domain name (optional, for encrypted clearnet connections)
+
+It's possible to undercut these recommendations, but please don't do that to yourself.
+
+## What We Will Set Up
+
+All of these applications are optional. You can set up nearly any combination of these. For example, you can skip just the I2P app if you don't plan to use I2P.
+
+| Software | Description | Purpose |
+| -------- | -------- | -------- |
+| Arti | A [Tor](https://www.privacyguides.org/en/advanced/tor-overview) client written in Rust. | Connect to Tor nodes, broadcast transactions over Tor, and connect to TrueNAS apps over Tor. |
+| Java I2P | The officially distributed app to connect to the [I2P network](https://www.privacyguides.org/en/alternative-networks/#i2p-the-invisible-internet-project). | Connect to I2P nodes, broadcast transactions over I2P, and connect to TrueNAS apps over I2P. |
+| Monero Node | The officially distributed app for communicating with the Monero network. | The app provides the necessary information to send and receive Monero transactions. Most wallets (including the official Monero wallets and Cake Wallet) connect to Monero nodes. |
+| Monero-LWS | A "**L**ight**w**eight **S**erver" that allows "lightweight" wallets to send and receive Monero transactions. | Lightweight Monero wallet apps (including Edge Wallet and MyMonero) can connect to this server so that the wallet itself does not need to scan/sync Monero history; the server handles this scanning/syncing. |
+
+## Configure TrueNAS Storage
+
+We will configure storage for the Monero blockchain, and we will use default storage settings for other purposes. If you are an advanced user, you can configure the storage yourself.
+
+### Create a Monero Pool
+
+In TrueNAS, a pool is a collection of hard drives for a specific use-case. For simplicity, we will configure the entirety of a single SSD for Monero's use.
+
+1. Click **Storage**.
+2. Click **Create Pool**.
+3. Type `monero-pool` for the name. Leave encryption disabled (this will only store public blockchain data). Click **Next**.
+4. Choose the layout that you will be using. We will pick **Stripe** in this guide.
+5. Select the entire storage space for the SSD. Click **Next**.
+6. Skip all the remaining options for metadata, log, cache, spare, and dedup. Keep clicking **Next**.
+7. Finish creating the pool by clicking **Create Pool**.
+
+### Create a Monero Dataset
+
+A dataset is effectively a folder inside a pool. We will make one folder for the Monero blockchain data:
+
+1. Click **Datasets**.
+2. Click on the `monero-pool` pool.
+3. Click **Add Dataset**.
+4. Set the name to `monero-blockchain`
+5. Set the dataset preset to **Apps**.
+6. Click **Save**.
+
+![Screenshot showing the Datasets list in TrueNAS](../assets/images/monero-server-using-truenas/01-datasets.webp)
+
+Next, we will assign the ownership of that folder to the `apps` user:
+
+1. While the `monero-blockchain` dataset is selected, click **Edit** under Permissions.
+2. At the top, change the **Owner** and **Owner Group** from `root` to `apps`.
+3. Check the boxes for **Apply Owner** and **Apply Group**.
+4. Check **Apply permissions recursively**.
+5. Click **Save Access Control List**.
+
+![Screenshot showing the ACL settings for monero-blockchain](../assets/images/monero-server-using-truenas/02-edit-acl.webp)
+
+## Configure Arti (Tor)
+
+<div class="admonition example" markdown>
+<p class="admonition-title">Experimental software</p>
+
+Arti is experimental software. At the time of writing, Arti should not be used for privacy-critical applications. Connecting to your own Monero node is "low risk" in most circumstances. However, if you have very sensitive requirements you should not use Arti until it has been tested further by the community. By using Arti today, you are helping to make Arti better!
+
+</div>
+
+1. Click **Apps**.
+2. Click **Discover Apps**.
+3. Search for `Arti`. Click on the **Arti** app.
+4. Click **Install**. This will pull up a form.
+5. Under **Hidden Services**, click **Add**. For each of the functions below that you want to support, create a new hidden service:
+    1. Monero Node (for incoming P2P connections)
+        1. Name: `monerodp2p`
+        2. App Port: `18084`
+        3. Hidden Service Port: `18084`
+    2. Monero Node (for incoming RPC (wallet) connections)
+        1. Name: `monerodrpc`
+        2. App Port: `18089`
+        3. Hidden Service Port: `18089`
+    3. Monero LWS
+        1. Name: `monerolws`
+        2. App Port: `18090`
+        3. Hidden Service Port: `18090`
+6. Leave the other settings as default. Click **Install**.
+
+You will see the Applications screen after it installs. After the Arti app shows the status as **Running**, click on the shell icon under Workloads and to the right of `arti – Running` (not `config` or `perms`).
+
+![Screenshot showing how to click the Arti shell icon](../assets/images/monero-server-using-truenas/03-arti-shell.webp)
+
+In the shell, type the command `arti hss --nickname monerodp2p onion-address`. This will return a string that ends in `.onion`. In notepad, Excel, or another app, save the `.onion` address and the service it is associated with (`monerodp2p`). You might need to copy from the shell with ++ctrl+ins++.
+
+![Screenshot showing the command and response to get the onion address](../assets/images/monero-server-using-truenas/04-arti-shell.webp)
+
+Do this again for the following two commands as well:
+
+```console
+arti hss --nickname monerodrpc onion-address
+arti hss --nickname monerolws onion-address
+```
+
+You should have three saved and unique `.onion` addresses.
+
+## Configure I2P
+
+1. Click **Apps**.
+2. Click **Discover Apps**.
+3. Search for `I2P`. Click on the **I2P** app.
+4. Click **Install**. This will pull up a form.
+5. Change the **Port Bind Mode** for **I2P HTTP Proxy Port** to `None`.
+6. Change the **Port Bind Mode** for **I2P HTTPS Proxy Port** to `None`.
+7. To the right of **Additional Ports**, click **Add**.
+8. In the newly exposed fields, set the Port Number as `4447`.
+9. In the same newly exposed fields, set the Container Port as `4447`.
+10. Leave the other settings as default. Click **Install**.
+
+![Screenshot showing the I2P installation settings](../assets/images/monero-server-using-truenas/05-i2p-install.webp)
+
+You will see the Applications screen after it installs. After the Arti app shows the status as **Running**, open a browser and direct it to the I2P configuration wizard. This is available at `<hostname>:7657`, for example `192.168.1.100:7657`.
+
+Complete the initial I2P wizard using the default settings.
+
+### Create I2P SOCKS Proxy
+
+1. Click **Local Tunnels**.
+2. Click on the I2P HTTP Proxy.
+3. Uncheck **Automatically start tunnel when router starts**.
+4. Click **Save**.
+5. To the right of the I2P HTTP Proxy, click **Stop**.
+6. Click on the I2P HTTPS Proxy.
+7. Uncheck **Automatically start tunnel when router starts**.
+8. Click **Save**.
+9. To the right of the I2P HTTP Proxy, click **Stop**.
+10. At the bottom and to the right of **New client tunnel:**, change the type in the dropdown from `Standard` to `SOCKS 4/4a/5` and click **Create**.
+    1. Set the name as `monerod`.
+    2. Check **Automatically start tunnel when router starts**.
+    3. Set the Access Point **Port** to `4447`.
+    4. Set **Reachable by** to `0.0.0.0`.
+    5. Click **Save**.
+
+### Create I2P Hidden Services
+
+There is an optional step below to reduce the hidden service tunnel length from the default of 3 to 1. This will substantially increase the reliability of the server at the cost of anonymity.
+
+However, the server's connection to the I2P network for connecting to Monero wallets and the rest of the Monero network is typically not sensitive, unless you want to completely conceal that you are running a Monero node. Thus, most users will prefer the higher performance of the shorter tunnel length.
+
+We do not recommend shortening the tunnel lengths for the I2P SOCKS Proxy (in the previous section above) on the other hand, since transaction broadcasts tend to be sensitive.
+
+1. Under **I2P Hidden Services** and to the right of **New hidden service:**, change the type in the dropdown from `HTTP` to `Standard` and click **Create**.
+    1. Set the name as `monerodp2p`.
+    2. Check **Automatically start tunnel when router starts**.
+    3. Set the target host as the server's hostname, for example `192.168.1.100`.
+    4. Set the target port as `18085`.
+    5. *Optional:* Set the Tunnel Length Option to **1 hop tunnel (low anonymity)** for better performance.
+    6. Click **Save**.
+2. Create another `Standard` hidden service.
+    1. Set the name as `monerodrpc`.
+    2. Check **Automatically start tunnel when router starts**.
+    3. Set the target host as the server's hostname, for example `192.168.1.100`.
+    4. Set the target port as `18089`.
+    5. *Optional:* Set the Tunnel Length Option to **1 hop tunnel (low anonymity)** for better performance.
+    6. Click **Save**.
+3. Create another `Standard` hidden service.
+    1. Set the name as `monerolws`.
+    2. Check **Automatically start tunnel when router starts**.
+    3. Set the target host as the server's hostname, for example `192.168.1.100`.
+    4. Set the target port as `18090`.
+    5. *Optional:* Set the Tunnel Length Option to **1 hop tunnel (low anonymity)** for better performance.
+    6. Click **Save**.
+
+You will see the three I2P Hidden Services that you configured. Under each, you will see a `.b32.i2p` address after **Destination:**. You will need to use the destination `.b32.i2p` addresses in later steps (just like the `.onion` addresses), so keep them handy.
+
+![Screenshot showing I2P Hidden Services settings](../assets/images/monero-server-using-truenas/06-i2p-settings.webp)
+
+## Configure Monero Node
+
+### Initial Setup
+
+1. Click **Apps**.
+2. Click **Discover Apps**.
+3. Search for `Monero Node`. Click on the **Monero Node** app.
+4. Click **Install**. This will pull up a form.
+5. *Optional:* Uncheck **Prune the blockchain**. This will use significantly more storage.
+6. Under **Storage Configuration** and **Blockchain storage location**, change the **Type** from `ixVolume` to `Host Path`.
+7. Under **Host Path**, use the folder picker to select the `monero-blockchain` dataset. This should usually be `/mnt/monero-pool/monero-blockchain`.
+8. *Optional:* Under **Resources Configuration**, increase the CPU resource limits to as high of a value as possible for your system. This will help the node sync faster.
+9. Leave the other settings as default. Click **Install**.
+
+#### Why not configure Tor and I2P settings to begin with?
+
+Some users may be sensitive to a privacy risk where your Tor and I2P addresses could be matched with your public IPV4 address while it is syncing. By waiting to configure these settings until after your node is already fully synced, we minimize this risk.
+
+### Check on the Sync Status
+
+It will take a day or more for most systems to fully sync the Monero blockchain from scratch.
+
+To check the status, go to the app page and click on the `monerod` app. Under Workloads and to the right of `monerod – Running`, click on the shell icon.
+
+![Screenshot showing how to click the Monero Node shell icon](../assets/images/monero-server-using-truenas/07-monero-shell.webp)
+
+Type `monerod status` and press enter.
+
+If the status reports `Height: ####/#### (100.0%) on mainnet`, then your node is fully synced. You can proceed to the next step.
+
+![Screenshot showing the Monero Node sync status command](../assets/images/monero-server-using-truenas/08-monero-shell.webp)
+
+### Add Tor and I2P
+
+After your Monero node is fully synced, click on the `monerod` app and then click **Edit**. This will bring up the same form that you configured when installing the app.
+
+1. Check **Enable Tor connections**.
+2. Set the **Tor IP** as your hostname, for example `192.168.1.100`.
+3. Set the **Tor port** as `9150`.
+4. Check **Enable inbound Tor connections**.
+5. Set the **Inbound onion address** as the `.onion` address for `monerodp2p` that you observed earlier.
+6. Check **Enable inbound I2P connections**.
+7. Set the **I2P IP** as your hostname, for example `192.168.1.100`.
+8. Set the **I2P Port** as `4447`.
+9. Check **Enable inbound I2P connections**.
+10. Set the **Inbound I2P base32 address** as the `.b32.i2p` address for `monerodp2p` that you observed earlier.
+11. If you wish to enable Monero LWS, under **ZMQ RPC Port**, change the **Port Bind Mode** from `None` to `Publish port on the host for external access`.
+12. If you wish to enable Monero LWS, under **ZMQ Pub Port**, change the **Port Bind Mode** from `None` to `Publish port on the host for external access`.
+13. Under **Tor inbound port**, change the **Port Bind Mode** from `None` to `Publish port on the host for external access`.
+14. Under **I2P inbound port**, change the **Port Bind Mode** from `None` to `Publish port on the host for external access`.
+15. Click **Update**.
+
+![Screenshot showing the Monero Node install settings](../assets/images/monero-server-using-truenas/09-monero-install.webp)
+
+## Configure Monero LWS
+
+For security reasons, the Monero LWS app only accepts requests from allowlisted Monero addresses. Requests from other users will be rejected.
+
+1. Click **Apps**.
+2. Click **Discover Apps**.
+3. Search for `Monero LWS`. Click on the **Monero LWS** app.
+4. Click **Install**. This will pull up a form.
+5. Under **Accounts**, you can add sets of allowlisted Monero wallets that will be supported by this server. Click **Add** to add a wallet. For each wallet, include the `Address`, `View Key`, and `Restore Height`. If a restore height is not provided, it will scan the entire blockchain (which is thorough but inefficient).
+6. *Optional:* Under **Resources Configuration**, increase the CPU resource limits to as high of a value as possible for your system. This will help the server scan multiple wallets faster.
+7. After you have added all the wallets, click **Install**.
+
+You can add new Monero wallets in the future by adding them to the list of accounts.
+
+## Configure Secure Clearnet Connections
+
+It is insecure to connect your wallet to your server over an unencrypted connection.
+
+If you only configure your wallet to connect to your server over its I2P or Tor addresses, then you're all set. The connection is already encrypted.
+
+There are different ways to connect to your node over an encrypted clearnet connection, each with their pros and cons:
+
+| Method | Pros | Cons |
+| --- | --- | --- |
+| Tor | No additional configuration necessary. Private. Secure. Reliable. | Slow for non-LWS wallets. |
+| I2P | No additional configuration necessary. Private. Secure. | Slow. Unreliable. |
+| Nginx Proxy Manager | High degree of user control. Secure. Reliable. Fast. | Requires a domain. Requires configuration. |
+| Cloudflare Tunnels | Secure. Reliable. Fast. Easy to set up. Extra security settings. | Requires a domain. Decrypted traffic is shared with Cloudflare. |
+
+### Nginx Proxy Manager (Recommended)
+
+1. Click **Apps**.
+2. Click **Discover Apps**.
+3. Search for `Nginx Proxy Manager`. Click on the **Nginx Proxy Manager** app.
+4. Click **Install**. This will pull up a form.
+5. Leave the settings as default. Click **Install**.
+
+You will see the Applications screen after it installs. After the Nginx Proxy Manager app shows the status as **Running**, open a browser to `<hostname>:30020`, for example `192.168.1.100:30020`.
+
+#### Configure Your Domain and Router
+
+You will need to create A and (optionally) AAAA records with your DNS provider that point to your public IPV4 and IPV6 IP addresses, respectively. You will then need to forward the ports in your router to your TrueNAS hostname. These steps are out of scope for this guide.
+
+#### Add Proxy Hosts to Nginx Proxy Manager
+
+From the Nginx Proxy Manager browser interface, click **Hosts**, **Proxy Hosts**, then **Add Proxy Host**. We recommend creating proxy hosts as follows:
+
+| Domain Name | Scheme | Forward Hostname / IP | Forward Port |
+| --- | --- | --- | --- |
+| `monerod-rpc.<domain>` | `http` | `<hostname>` | `18089` |
+| `monero-lws.<domain>` | `http` | `<hostname>` | `18090` |
+
+For each entry, enable **Block common exploits**.  Configure the SSL settings with **Request a new SSL Certificate**, **Force SSL** enabled, and **HTTP/2 Support** enabled.
+
+Optionally assign an access list.
+
+You should now be able to access these services using your domain!
+
+## A Note About Clearnet Networking
+
+Making clearnet connections without encryption (without SSL/TLS) is insecure. This guide uses the Nginx Proxy Manager app to configure these secure connections, but you can alternatively use another approach such as Cloudflare Tunnels, Tailscale, or WireGuard.
+
+## What About Bitcoin?
+
+Bitcoin is not recommended by Privacy Guides due to its very weak privacy properties by default. Nevertheless, MAGIC Grants has made several Bitcoin oriented applications in the TrueNAS store that you may benefit from if you need to use Bitcoin.
+
+## Test Connections
+
+We will test connections to our node over Tor using [Cake Wallet](https://cakewallet.com), [Edge Wallet](https://edge.app), and [Orbot](https://orbot.app). Make sure you have these apps installed and already have Monero wallets set up.
+
+Use **Full Device VPN** mode with Orbot for this guide.
+
+### Test with Cake Wallet
+
+Cake Wallet will connect to your Monero node. Follow [these steps](https://docs.cakewallet.com/features/advanced/tor-with-orbot/#switch-back-to-cake-wallet) to change the Monero node that Cake Wallet uses. Provide your `monerodrpc` onion address for the Monero Node app as the node address, `18089` as the port, no username, no password, and **Use SSL** unchecked.
+
+You should see a green dot next to this newly added node, and you should notice that your wallet is able to sync. Syncing performance to a Monero node over Tor is slow.
+
+### Test with Edge Wallet
+
+Edge Wallet will connect to your Monero-LWS server. In Edge Wallet, click on the upper right hamburger menu, then **Settings**, then **Asset Settings**, then **Monero**. Select **Custom Light Wallet Server** and provide your `monerolws` onion address with the port. For example, `http://monerolws.onion:18090`, replacing `monerolws.onion` with your correct onion address.
+
+Back in the main wallet overview, you should see that your Monero wallet is fully synced.

docs/desktop-browsers.md

@@ -1,6 +1,6 @@
 ---
 meta_title: "Privacy Respecting Web Browsers for PC and Mac - Privacy Guides"
-title: "Desktop Browsers"
+title: Desktop Browsers
 icon: material/laptop
 description: These privacy-protecting browsers are what we currently recommend for standard/non-anonymous internet browsing on desktop systems.
 cover: desktop-browsers.webp
@@ -112,9 +112,9 @@ This is required to prevent advanced forms of tracking, but does come at the cos
 
 ### Mullvad Leta
 
-Mullvad Browser comes with [**Mullvad Leta**](https://leta.mullvad.net) as the default search engine, which functions as a proxy to either Google or Brave search results (configurable on the Mullvad Leta homepage).
+Mullvad Browser comes with [**Mullvad Leta**](search-engines.md#mullvad-leta) as the default search engine, which functions as a proxy to either Google or Brave search results (configurable on the Mullvad Leta homepage).
 
-If you are a Mullvad VPN user, there is some risk in using services like Mullvad Leta which are offered by your VPN provider themselves. This is because Mullvad theoretically has access to your true IP address (via their VPN) and your search activity (via Leta), which is information a VPN is typically intended to separate. Even though Mullvad collects very little information about their VPN subscribers or Leta users, you should consider a different [search engine](search-engines.md) if this risk concerns you.
+If you are a Mullvad VPN user, there is some risk in using services like Mullvad Leta which are offered by your VPN provider themselves. This is because Mullvad theoretically has access to your true IP address (via their VPN) and your search activity (via Leta); the latter is information a VPN is typically intended to separate. Even though Mullvad collects very little information about their VPN subscribers or Leta users, you should consider a different [search engine](search-engines.md) if this risk concerns you.
 
 ## Firefox
 

docs/dns.md

@@ -1,5 +1,5 @@
 ---
-title: DNS Resolvers
+title: "DNS Resolvers"
 icon: material/dns
 description: We recommend choosing these encrypted DNS providers to replace your ISP's default configuration.
 cover: dns.webp
@@ -10,7 +10,7 @@ global:
 
 - [:material-account-cash: Surveillance Capitalism](basics/common-threats.md#surveillance-as-a-business-model){ .pg-brown }
 
-Encrypted **DNS** with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity.
+Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity.
 
 [Learn more about DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md){ .md-button }
 
@@ -54,9 +54,52 @@ These are our favorite public DNS resolvers based on their privacy and security
 
     Quad9: [*Data and Privacy Policy*](https://quad9.net/privacy/policy)
 
+## Self-Hosted DNS Filtering
+
+A self-hosted DNS solution is useful for providing filtering on controlled platforms, such as Smart TVs and other IoT devices, as no client-side software is needed.
+
+### Pi-hole
+
+<div class="admonition recommendation" markdown>
+
+![Pi-hole logo](assets/img/dns/pi-hole.svg){ align=right }
+
+**Pi-hole** is an open-source [DNS-sinkhole](https://en.wikipedia.org/wiki/DNS_sinkhole) which uses [DNS filtering](https://cloudflare.com/learning/access-management/what-is-dns-filtering) to block unwanted web content, such as advertisements.
+
+Pi-hole is designed to be hosted on a Raspberry Pi, but it is not limited to such hardware. The software features a friendly web interface to view insights and manage blocked content.
+
+[:octicons-home-16: Homepage](https://pi-hole.net){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://pi-hole.net/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://docs.pi-hole.net){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute }
+
+</details>
+
+</div>
+
+### AdGuard Home
+
+<div class="admonition recommendation" markdown>
+
+![AdGuard Home logo](assets/img/dns/adguard-home.svg){ align=right }
+
+**AdGuard Home** is an open-source [DNS-sinkhole](https://en.wikipedia.org/wiki/DNS_sinkhole) which uses [DNS filtering](https://cloudflare.com/learning/access-management/what-is-dns-filtering) to block unwanted web content, such as advertisements.
+
+AdGuard Home features a polished web interface to view insights and manage blocked content.
+
+[:octicons-home-16: Homepage](https://adguard.com/adguard-home/overview.html){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://adguard.com/privacy/home.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://github.com/AdguardTeam/AdGuardHome/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/AdguardTeam/AdGuardHome){ .card-link title="Source Code" }
+
+</details>
+
+</div>
+
 ## Cloud-Based DNS Filtering
 
-These DNS filtering solutions offer a web dashboard where you can customize the block lists to your exact needs. These services can be used easily across multiple networks.
+These DNS filtering solutions offer a web dashboard where you can customize the block lists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
 
 ### Control D
 
@@ -64,9 +107,7 @@ These DNS filtering solutions offer a web dashboard where you can customize the
 
 ![Control D logo](assets/img/dns/control-d.svg){ align=right }
 
-**Control D** is a customizable DNS service which lets you block security threats, unwanted content, and advertisements on a DNS level.
-
-In addition to their paid plans, they offer a number of preconfigured DNS resolvers you can use for free.
+**Control D** is a customizable DNS service which lets you block security threats, unwanted content, and advertisements on a DNS level. In addition to their paid plans, they offer a number of preconfigured DNS resolvers you can use for free.
 
 [:octicons-home-16: Homepage](https://controld.com){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://controld.com/privacy){ .card-link title="Privacy Policy" }
@@ -93,9 +134,7 @@ In addition to their paid plans, they offer a number of preconfigured DNS resolv
 
 ![NextDNS logo](assets/img/dns/nextdns.svg){ align=right }
 
-**NextDNS** is a customizable DNS service which lets you block security threats, unwanted content, and advertisements on a DNS level.
-
-They offer a fully functional free plan for limited use.
+**NextDNS** is a customizable DNS service which lets you block security threats, unwanted content, and advertisements on a DNS level. They offer a fully functional free plan for limited use.
 
 [:octicons-home-16: Homepage](https://nextdns.io){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://nextdns.io/privacy){ .card-link title="Privacy Policy" }

docs/passwords.md

@@ -1,6 +1,6 @@
 ---
 meta_title: "The Best Password Managers to Protect Your Privacy and Security - Privacy Guides"
-title: Password Managers
+title: "Password Managers"
 icon: material/form-textbox-password
 description: Password managers allow you to securely store and manage passwords and other credentials.
 cover: passwords.webp
@@ -176,10 +176,17 @@ These password managers sync your passwords to a cloud server for easy accessibi
 
 Bitwarden uses [PBKDF2](https://bitwarden.com/help/kdf-algorithms/#pbkdf2) as its key derivation function (KDF) algorithm by default. It also offers [Argon2](https://bitwarden.com/help/kdf-algorithms/#argon2id), which is more secure, as an alternative. You can change your account's KDF algorithm in the web vault:
 
-- [x] Select **Settings → Security → Keys → KDF algorithm → Argon2id**
+- [x] Select **Settings > Security > Keys > KDF algorithm > Argon2id**
 
 Bitwarden's server-side code is [open source](https://github.com/bitwarden/server), so if you don't want to use the Bitwarden cloud, you can easily host your own Bitwarden sync server.
 
+**Vaultwarden** is an alternative implementation of Bitwarden's sync server written in Rust and compatible with official Bitwarden clients, perfect for self-hosted deployment where running the resource-heavy official service might not be ideal. If you are looking to self-host Bitwarden on your own server, you almost certainly want to use Vaultwarden over Bitwarden's official server code.
+
+[:octicons-repo-16: Vaultwarden Repository](https://github.com/dani-garcia/vaultwarden){ .md-button }
+[:octicons-info-16:](https://github.com/dani-garcia/vaultwarden/wiki){ .card-link title="Documentation" }
+[:octicons-code-16:](https://github.com/dani-garcia/vaultwarden){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://github.com/sponsors/dani-garcia){ .card-link title="Contribute" }
+
 ### Proton Pass
 
 <div class="admonition recommendation" markdown>

docs/search-engines.md

@@ -1,8 +1,8 @@
 ---
-meta_title: "Recommended Search Engines: Anonymous Google Alternatives - Privacy Guides"
-title: "Search Engines"
+meta_title: "Recommended Search Engines: Anonymous Alternatives to Google - Privacy Guides"
+title: Search Engines
 icon: material/search-web
-description: Privacy-respecting search engines which don't build an advertising profile based on your searches.
+description: Use privacy-respecting search engines which don't build an advertising profile based on your searches.
 cover: search-engines.webp
 global:
  - [randomize-element, "table tbody"]
@@ -23,11 +23,25 @@ Consider using a [VPN](vpn.md) or [Tor](tor.md) if your threat model requires hi
 |---|---|---|---|---|
 | [Brave Search](#brave-search) | [Independent](https://brave.com/search-independence) | :material-check:{ .pg-green } | Anonymized[^1] | United States |
 | [DuckDuckGo](#duckduckgo) | [Bing](https://help.duckduckgo.com/results/sources) | :material-check:{ .pg-green } | Anonymized[^2] | United States |
-| [Startpage](#startpage) | [Google and Bing](https://support.startpage.com/hc/articles/4522435533844-What-is-the-relationship-between-Startpage-and-your-search-partners-like-Google-and-Microsoft-Bing) | :material-check:{ .pg-green } | Anonymized[^3] | Netherlands |
+| [Mullvad Leta](#mullvad-leta) | [Brave and Google](https://leta.mullvad.net/faq#what-can-leta-do) | :material-check:{ .pg-green } | Anonymized[^3] | Sweden |
+| [Startpage](#startpage) | [Google and Bing](https://support.startpage.com/hc/articles/4522435533844-What-is-the-relationship-between-Startpage-and-your-search-partners-like-Google-and-Microsoft-Bing) | :material-check:{ .pg-green } | Anonymized[^4] | Netherlands |
 
-[^1]: Brave Search collects aggregated usage metrics, which includes the OS and the user agent. However, they do not collect PII. To serve [anonymous local results](https://search.brave.com/help/anonymous-local-results), IP addresses are temporarily processed, but are not retained. [https://search.brave.com/help/privacy-policy](https://search.brave.com/help/privacy-policy)
-[^2]: DuckDuckGo **does** log your searches for product improvement purposes, but not your IP address or any other PII. [https://duckduckgo.com/privacy](https://duckduckgo.com/privacy)
-[^3]: Startpage logs details such as operating system, user agent, and language. They do not log your IP address, search queries, or other PII. [https://startpage.com/en/privacy-policy](https://startpage.com/en/privacy-policy)
+[^1]:
+    Brave Search collects aggregated usage metrics, which includes the OS and the user agent. However, they do not collect PII. To serve [anonymous local results](https://search.brave.com/help/anonymous-local-results), IP addresses are temporarily processed, but are not retained.
+    
+    Brave Search: [*Brave Search privacy notice*](https://search.brave.com/help/privacy-policy)
+[^2]:
+    DuckDuckGo **does** log your searches for product improvement purposes, but not your IP address or any other PII.
+    
+    DuckDuckGo Privacy Policy: [*We don't track you.*](https://duckduckgo.com/privacy)
+[^3]:
+    Mullvad Leta logs your searches and stores them hashed with a secret in a RAM-based cache. The cache is removed after it reaches 30 days in age, or when the server-side Leta application is restarted. They do not collect any PII.
+
+    Terms of Service: [*Service Usage*](https://leta.mullvad.net/terms-of-service)
+[^4]:
+    Startpage logs details such as operating system, user agent, and language. They do not log your IP address, search queries, or other PII.
+    
+    Our Privacy Policy: [*How we have implemented truly anonymous analytics*](https://www.startpage.com/en/privacy-policy#section-4)
 
 ### Brave Search
 
@@ -35,18 +49,18 @@ Consider using a [VPN](vpn.md) or [Tor](tor.md) if your threat model requires hi
 
 ![Brave Search logo](assets/img/search-engines/brave-search.svg){ align=right }
 
-**Brave Search** is a search engine developed by Brave. The index is optimized against Google Search and therefore may provide more contextually accurate results compared to other alternatives.
+**Brave Search** is a search engine developed by Brave. It includes unique features such as [Discussions](https://search.brave.com/help/discussions), which highlights conversation-focused results such as forum posts.
 
-Brave Search includes unique features such as [Discussions](https://search.brave.com/help/discussions), which highlights conversation-focused results such as forum posts.
+Brave Search is the default search engine for the [Brave Browser](desktop-browsers.md#brave).
 
 [:octicons-home-16: Homepage](https://search.brave.com){ .md-button .md-button--primary }
 [:simple-torbrowser:](https://search.brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title="Onion Service" }
 [:octicons-eye-16:](https://search.brave.com/help/privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://search.brave.com/help){ .card-link title=Documentation}
+[:octicons-info-16:](https://search.brave.com/help){ .card-link title="Documentation" }
 
 </div>
 
-Note that if you use Brave Search while logged in to a Premium account, it may make it easier for Brave to correlate queries with specific users.
+If you use Brave Search while logged in to a Premium account, there is a risk of Brave correlating search queries with your account.
 
 We recommend you disable [Anonymous usage metrics](https://search.brave.com/help/usage-metrics) as it is enabled by default and can be disabled within settings.
 
@@ -63,12 +77,38 @@ DuckDuckGo is the default search engine for the [Tor Browser](tor.md#tor-browser
 [:octicons-home-16: Homepage](https://duckduckgo.com){ .md-button .md-button--primary }
 [:simple-torbrowser:](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion){ .card-link title="Onion Service" }
 [:octicons-eye-16:](https://duckduckgo.com/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://help.duckduckgo.com){ .card-link title=Documentation}
+[:octicons-info-16:](https://help.duckduckgo.com){ .card-link title="Documentation" }
 
 </div>
 
 DuckDuckGo offers two [other versions](https://help.duckduckgo.com/features/non-javascript) of their search engine, both of which do not require JavaScript. These versions do lack features, however. These versions can also be used in conjunction with their Tor hidden address by appending [/lite](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/lite) or [/html](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/html) for the respective version.
 
+### Mullvad Leta
+
+<div class="admonition recommendation" markdown>
+
+![Mullvad logo](assets/img/vpn/mullvad.svg){ align=right }
+
+**Mullvad Leta** is a search engine developed by Mullvad. It uses a [shared cache](https://leta.mullvad.net/faq#what-is-cached-search) to fetch search results and limit calls to the search APIs it uses.
+
+Mullvad Leta currently only provides text search results. It is the default search engine for the [Mullvad Browser](desktop-browsers.md#mullvad-browser).
+
+[:octicons-home-16: Homepage](https://leta.mullvad.net){ .md-button .md-button--primary }
+[:simple-torbrowser:](http://uxngojcovdcyrmwkmkltyy2q7enzzvgv7vlqac64f2vl6hcrrqtlskqd.onion/){ .card-link title="Onion Service" }
+[:octicons-eye-16:](https://leta.mullvad.net/terms-of-service){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://leta.mullvad.net/faq){ .card-link title="Documentation" }
+
+</div>
+
+<div class="admonition tip" markdown>
+<p class="admonition-title">Tip</p>
+
+Mullvad Leta is useful if you want to disable JavaScript in your browser, such as [Mullvad Browser](desktop-browsers.md#mullvad-browser) on the Safest security level.
+
+</div>
+
+Mullvad Leta was [audited](https://mullvad.net/en/blog/security-audit-of-our-letamullvadnet-search-service) by Assured AB in March 2023. All issues were addressed and fixed shortly after the [report](https://assured.se/publications/Assured_Mullvad_Leta_pentest_report_2023.pdf).
+
 ### Startpage
 
 <div class="admonition recommendation" markdown>
@@ -81,7 +121,7 @@ DuckDuckGo offers two [other versions](https://help.duckduckgo.com/features/non-
 [:octicons-home-16: Homepage](https://startpage.com){ .md-button .md-button--primary }
 [:simple-torbrowser:](http://startpagel6srwcjlue4zgq3zevrujfaow726kjytqbbjyrswwmjzcqd.onion){ .card-link title="Onion Service" }
 [:octicons-eye-16:](https://startpage.com/en/privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://support.startpage.com/hc/categories/4481917470356-Startpage-Search-Engine){ .card-link title=Documentation}
+[:octicons-info-16:](https://support.startpage.com/hc/categories/4481917470356-Startpage-Search-Engine){ .card-link title="Documentation" }
 
 </div>
 
@@ -102,7 +142,7 @@ A [metasearch engine](https://en.wikipedia.org/wiki/Metasearch_engine) aggregate
 **SearXNG** is an open-source, self-hostable, metasearch engine. It is an actively maintained fork of [SearX](https://github.com/searx/searx).
 
 [:octicons-home-16: Homepage](https://searxng.org){ .md-button .md-button--primary }
-[:octicons-server-16:](https://searx.space){ .card-link title="Public Instances"}
+[:octicons-server-16:](https://searx.space){ .card-link title="Public Instances" }
 [:octicons-code-16:](https://github.com/searxng/searxng){ .card-link title="Source Code" }
 
 </div>

docs/self-hosting/dns-filtering.md

@@ -1,48 +0,0 @@
----
-title: DNS Filtering
-meta_title: "Self-Hosting DNS Solutions - Privacy Guides"
-icon: material/dns
-description: For our more technical readers, self-hosting a DNS solution can provide filtering for devices not covered by cloud-based DNS solutions.
-cover: dns.webp
----
-<small>Protects against the following threat(s):</small>
-
-- [:material-server-network: Service Providers](../basics/common-threats.md#privacy-from-service-providers){ .pg-teal }
-- [:material-account-cash: Surveillance Capitalism](../basics/common-threats.md#surveillance-as-a-business-model){ .pg-brown }
-
-**Self-hosting DNS** is useful for providing [DNS filtering](https://cloudflare.com/learning/access-management/what-is-dns-filtering) on controlled platforms, such as smart TVs and other IoT devices, as no client-side software is needed. Keep in mind that the DNS solutions below are typically restricted to your home or local network unless you set up a more advanced configuration.
-
-## DNS Sinkholes
-
-[**DNS sinkholes**](https://en.wikipedia.org/wiki/DNS_sinkhole) use DNS filtering to block unwanted web content such as advertisements.
-
-### Pi-Hole
-
-<div class="admonition recommendation" markdown>
-
-![Pi-hole logo](../assets/img/self-hosting/pi-hole.svg){ align=right }
-
-**Pi-hole** is an open-source DNS sinkhole which features a friendly web interface to view insights and manage blocked content. Pi-hole is designed to be hosted on a Raspberry Pi, but it is not limited to such hardware.
-
-[:octicons-home-16: Homepage](https://pi-hole.net){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://pi-hole.net/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://docs.pi-hole.net){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title="Contribute" }
-
-</div>
-
-### AdGuard Home
-
-<div class="admonition recommendation" markdown>
-
-![AdGuard Home logo](../assets/img/self-hosting/adguard-home.svg){ align=right }
-
-**AdGuard Home** is an open-source DNS sinkhole which features a polished web interface to view insights and manage blocked content.
-
-[:octicons-home-16: Homepage](https://adguard.com/adguard-home/overview.html){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://adguard.com/privacy/home.html){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://github.com/AdguardTeam/AdGuardHome/wiki){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/AdguardTeam/AdGuardHome){ .card-link title="Source Code" }
-
-</div>

docs/self-hosting/email-servers.md

@@ -1,6 +1,6 @@
 ---
 title: Email Servers
-meta_title: "Self-Hosting Email - Privacy Guides"
+meta_title: "Self-Hosted Email - Privacy Guides"
 icon: material/email
 description: For our more technical readers, self-hosting your own email can provide additional privacy assurances by having maximum control over your data.
 cover: email.webp
@@ -9,7 +9,7 @@ cover: email.webp
 
 - [:material-server-network: Service Providers](../basics/common-threats.md#privacy-from-service-providers){ .pg-teal }
 
-Advanced system administrators may consider setting up their own **email server**. Mail servers require attention and continuous maintenance in order to keep things secure and mail delivery reliable. In addition to the "all-in-one" solutions below, we've picked out a few articles that cover a more manual approach:
+Advanced system administrators may consider setting up their own email server. Mail servers require attention and continuous maintenance in order to keep things secure and mail delivery reliable. In addition to the "all-in-one" solutions below, we've picked out a few articles that cover a more manual approach:
 
 - [Setting up a mail server with OpenSMTPD, Dovecot and Rspamd](https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd) (2019)
 - [How To Run Your Own Mail Server](https://www.c0ffee.net/blog/mail-server-guide) (August 2017)

docs/self-hosting/index.md

@@ -1,14 +1,14 @@
 ---
 title: Self-Hosting
-meta_title: "Self-Hosting Software and Services - Privacy Guides"
-description: For our more technical readers, self-hosting software and services can provide additional privacy assurances since you have maximum control over your data.
+meta_title: "Self-Hosted Software and Services - Privacy Guides"
+description: For our more technical readers, self-hosted software and services can provide additional privacy assurances since you have maximum control over your data.
 cover: router.webp
 ---
 <small>Protects against the following threat(s):</small>
 
 - [:material-server-network: Service Providers](../basics/common-threats.md#privacy-from-service-providers){ .pg-teal }
 
-**Self-hosting** software and services can be a way to achieve a higher level of privacy through digital sovereignty, particularly independence from cloud servers controlled by product developers or vendors. By self-hosting, we mean hosting applications and data on your own hardware.
+Using **self-hosted software and services** can be a way to achieve a higher level of privacy through digital sovereignty, particularly independence from cloud servers controlled by product developers or vendors. By self-hosting, we mean hosting applications and data on your own hardware.
 
 Self-hosting your own solutions requires advanced technical knowledge and a deep understanding of the associated risks. By becoming the host for yourself and possibly others, you take on responsibilities you might not otherwise have. Self-hosting privacy software improperly can leave you worse off than using e.g. an end-to-end encrypted service provider, so it is best avoided if you are not already comfortable doing so.
 
@@ -24,35 +24,6 @@ Self-hosting your own solutions requires advanced technical knowledge and a deep
 
 [Learn more :material-arrow-right-drop-circle:](email-servers.md)
 
-## :material-dns: DNS Filtering
-
-<div class="grid cards" markdown>
-
-- ![AdGuard Home logo](../assets/img/self-hosting/adguard-home.svg){ .twemoji loading=lazy } [AdGuard Home](dns-filtering.md#adguard-home)
-- ![Pi-Hole logo](../assets/img/self-hosting/pi-hole.svg){ .twemoji loading=lazy } [Pi-Hole](dns-filtering.md#pi-hole)
-
-</div>
-
-[Learn more :material-arrow-right-drop-circle:](dns-filtering.md)
-
-## :material-form-textbox-password: Password Management
-
-### Vaultwarden
-
-<div class="admonition recommendation" markdown>
-
-![Vaultwarden logo](../assets/img/self-hosting/vaultwarden.svg#only-light){ align=right }
-![Vaultwarden logo](../assets/img/self-hosting/vaultwarden-dark.svg#only-dark){ align=right }
-
-**Vaultwarden** is an alternative implementation of [Bitwarden](../passwords.md#bitwarden)'s sync server written in Rust and compatible with official Bitwarden clients, perfect for self-hosted deployment where running the resource-heavy, [official service](https://github.com/bitwarden/server) might not be ideal.
-
-[:octicons-repo-16: Repository](https://github.com/dani-garcia/vaultwarden#readme){ .md-button .md-button--primary }
-[:octicons-info-16:](https://github.com/dani-garcia/vaultwarden/wiki){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/dani-garcia/vaultwarden){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://github.com/sponsors/dani-garcia){ .card-link title="Contribute" }
-
-</div>
-
 ## :material-account-supervisor-circle-outline: Social Networks
 
 Self-hosting your own instance of a social network software can help circumvent potential [censorship on a server level](../social-networks.md#censorship-resistance) by a public server's administrator or admin team.

docs/tools.md

@@ -299,6 +299,17 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 [Learn more :material-arrow-right-drop-circle:](dns.md#encrypted-dns-proxies)
 
+#### Self-hosted Solutions
+
+<div class="grid cards" markdown>
+
+- ![AdGuard Home logo](assets/img/dns/adguard-home.svg){ .twemoji loading=lazy } [AdGuard Home](dns.md#adguard-home)
+- ![Pi-hole logo](assets/img/dns/pi-hole.svg){ .twemoji loading=lazy } [Pi-hole](dns.md#pi-hole)
+
+</div>
+
+[Learn more :material-arrow-right-drop-circle:](dns.md#self-hosted-dns-filtering)
+
 ### Financial Services
 
 #### Payment Masking Services
@@ -340,6 +351,7 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 - ![Brave Search logo](assets/img/search-engines/brave-search.svg){ .twemoji loading=lazy } [Brave Search](search-engines.md#brave-search)
 - ![DuckDuckGo logo](assets/img/search-engines/duckduckgo.svg){ .twemoji loading=lazy } [DuckDuckGo](search-engines.md#duckduckgo)
+- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji loading=lazy } [Mullvad Leta](search-engines.md#mullvad-leta)
 - ![SearXNG logo](assets/img/search-engines/searxng.svg){ .twemoji loading=lazy } [SearXNG](search-engines.md#searxng)
 - ![Startpage logo](assets/img/search-engines/startpage.svg#only-light){ .twemoji loading=lazy }![Startpage logo](assets/img/search-engines/startpage-dark.svg#only-dark){ .twemoji loading=lazy } [Startpage](search-engines.md#startpage)
 

mkdocs.blog.yml

@@ -134,6 +134,7 @@ plugins:
     post_readtime: false
     authors_profiles: true
     authors_profiles_toc: true
+    pagination_per_page: 20
     categories_allowed:
       - Announcements
       - Opinion

mkdocs.yml

@@ -396,7 +396,6 @@ nav:
       - !ENV [NAV_SELF_HOSTING, "Self-Hosting"]:
           - "self-hosting/index.md"
           - "self-hosting/email-servers.md"
-          - "self-hosting/dns-filtering.md"
       - !ENV [NAV_INTERNET_BROWSING, "Internet Browsing"]:
           - "tor.md"
           - "desktop-browsers.md"

theme/assets/img/dns/adguard-home.svg

@@ -1 +1 @@
-<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 33.867 33.867"><g fill="none"><path fill="#68bc71" d="M16.933 0C11.703 0 5.393 1.214.2 3.887c0 5.773-.071 20.154 16.734 29.98C33.74 24.041 33.668 9.66 33.668 3.887 28.474 1.214 22.164 0 16.933 0z"/><path fill="#67b279" d="M16.916 33.857C.128 24.031.199 9.658.199 3.887 5.388 1.217 11.69.003 16.916 0z"/><path fill="#fff" d="m16.323 22.597 10.12-13.465c-.742-.586-1.393-.172-1.75.148l-.014.001-8.437 8.666-3.18-3.777c-1.516-1.73-3.577-.41-4.06-.062l7.32 8.49"/></g></svg>
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 33.867 33.867"><g fill="none"><path fill="#68bc71" d="M16.933 0C11.703 0 5.393 1.214.2 3.887c0 5.773-.071 20.154 16.734 29.98C33.74 24.041 33.668 9.66 33.668 3.887 28.474 1.214 22.164 0 16.933 0z"/><path fill="#67b279" d="M16.916 33.857C.128 24.031.199 9.658.199 3.887 5.388 1.217 11.69.003 16.916 0z"/><path fill="#fff" d="m16.323 22.597 10.12-13.465c-.742-.586-1.393-.172-1.75.148l-.014.001-8.437 8.666-3.18-3.777c-1.516-1.73-3.577-.41-4.06-.062l7.32 8.49"/></g></svg>

theme/assets/img/dns/pi-hole.svg

@@ -1 +1 @@
-<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 89 130"><defs><linearGradient id="a" x1="0%" x2="100%" y1="49.975%" y2="49.975%"><stop offset="0%" stop-color="#12B212"/><stop offset="100%" stop-color="#0F0"/></linearGradient></defs><g fill="none" fill-rule="nonzero"><path fill="url(#a)" d="M36.56 39.93C20.34 38.2 4 25.94 2.71 0c25.17 0 38.63 14.9 39.93 38.51 4.76-28.32 27.07-25 27.07-25 1.06 16.05-12.12 25.78-27.07 26.59-4.2-8.85-29.36-30.56-29.36-30.56a.07.07 0 0 0-.11.08s24.28 21.15 23.39 30.31"/><path fill="#980200" d="M44.16 129.93c-1.57-.09-16.22-.65-17.11-17.11-.72-10 7.18-17.37 7.18-27.08C32.44 61.53 0 64.53 0 85.74a19.94 19.94 0 0 0 5.83 14.14L30 124.06a19.94 19.94 0 0 0 14.14 5.83"/><path fill="red" d="M88.32 85.75c-.09 1.57-.65 16.22-17.11 17.11-10 .72-17.38-7.18-27.08-7.18-24.21 1.79-21.21 34.22 0 34.22a19.94 19.94 0 0 0 14.14-5.83L82.46 99.9a19.94 19.94 0 0 0 5.83-14.14"/><path fill="#980200" d="M44.16 41.59c1.57.09 16.22.65 17.11 17.11.72 10-7.18 17.37-7.18 27.08 1.79 24.21 34.22 21.21 34.22 0a19.94 19.94 0 0 0-5.83-14.14L58.3 47.45a19.94 19.94 0 0 0-14.14-5.83"/><path fill="red" d="M.08 85.75c.09-1.57.65-16.22 17.11-17.11 10-.72 17.38 7.18 27.08 7.18 24.21-1.82 21.21-34.22 0-34.22a19.94 19.94 0 0 0-14.14 5.83L5.94 71.61A19.94 19.94 0 0 0 .11 85.75"/></g></svg>
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 89 130"><defs><linearGradient id="a" x1="0%" x2="100%" y1="49.975%" y2="49.975%"><stop offset="0%" stop-color="#12B212"/><stop offset="100%" stop-color="#0F0"/></linearGradient></defs><g fill="none" fill-rule="nonzero"><path fill="url(#a)" d="M36.56 39.93C20.34 38.2 4 25.94 2.71 0c25.17 0 38.63 14.9 39.93 38.51 4.76-28.32 27.07-25 27.07-25 1.06 16.05-12.12 25.78-27.07 26.59-4.2-8.85-29.36-30.56-29.36-30.56a.07.07 0 0 0-.11.08s24.28 21.15 23.39 30.31"/><path fill="#980200" d="M44.16 129.93c-1.57-.09-16.22-.65-17.11-17.11-.72-10 7.18-17.37 7.18-27.08C32.44 61.53 0 64.53 0 85.74a19.94 19.94 0 0 0 5.83 14.14L30 124.06a19.94 19.94 0 0 0 14.14 5.83"/><path fill="red" d="M88.32 85.75c-.09 1.57-.65 16.22-17.11 17.11-10 .72-17.38-7.18-27.08-7.18-24.21 1.79-21.21 34.22 0 34.22a19.94 19.94 0 0 0 14.14-5.83L82.46 99.9a19.94 19.94 0 0 0 5.83-14.14"/><path fill="#980200" d="M44.16 41.59c1.57.09 16.22.65 17.11 17.11.72 10-7.18 17.37-7.18 27.08 1.79 24.21 34.22 21.21 34.22 0a19.94 19.94 0 0 0-5.83-14.14L58.3 47.45a19.94 19.94 0 0 0-14.14-5.83"/><path fill="red" d="M.08 85.75c.09-1.57.65-16.22 17.11-17.11 10-.72 17.38 7.18 27.08 7.18 24.21-1.82 21.21-34.22 0-34.22a19.94 19.94 0 0 0-14.14 5.83L5.94 71.61A19.94 19.94 0 0 0 .11 85.75"/></g></svg>

theme/assets/img/self-hosting/vaultwarden-dark.svg

@@ -1,2 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><defs><mask id="holes"><rect x="-60" y="-60" width="120" height="120" fill="#fff"/><circle id="hole" cy="-40" r="3"/><use transform="rotate(72)" xlink:href="#hole"/><use transform="rotate(144)" xlink:href="#hole"/><use transform="rotate(216)" xlink:href="#hole"/><use transform="rotate(-72)" xlink:href="#hole"/></mask></defs><g id="logo" transform="matrix(.32254 0 0 .32254 16.933 16.933)"><g id="gear" mask="url(#holes)" stroke="#fff"><path d="m-31.172-33.813 26.496 74.189h9.3515l26.496-74.189h-9.7672l-16.729 47.589q-1.6625 4.5719-2.8055 8.6242-1.143 3.9484-1.8703 7.5851-0.72734-3.6367-1.8703-7.689-1.143-4.0523-2.8055-8.7281l-16.625-47.381z" fill="#fff" stroke-width="4.5117"/><circle transform="scale(-1,1)" r="43" fill="none" stroke-width="9"/><g id="cogs" transform="scale(-1,1)"><polygon id="cog" points="46 3 51 0 46 -3" fill="#fff" stroke="#fff" stroke-linejoin="round" stroke-width="3"/><g fill="#fff" stroke="#fff"><use transform="rotate(11.25)" xlink:href="#cog"/><use transform="rotate(22.5)" xlink:href="#cog"/><use transform="rotate(33.75)" xlink:href="#cog"/><use transform="rotate(45)" xlink:href="#cog"/><use transform="rotate(56.25)" xlink:href="#cog"/><use transform="rotate(67.5)" xlink:href="#cog"/><use transform="rotate(78.75)" xlink:href="#cog"/><use transform="rotate(90)" xlink:href="#cog"/><use transform="rotate(101.25)" xlink:href="#cog"/><use transform="rotate(112.5)" xlink:href="#cog"/><use transform="rotate(123.75)" xlink:href="#cog"/><use transform="rotate(135)" xlink:href="#cog"/><use transform="rotate(146.25)" xlink:href="#cog"/><use transform="rotate(157.5)" xlink:href="#cog"/><use transform="rotate(168.75)" xlink:href="#cog"/><use transform="scale(-1)" xlink:href="#cog"/><use transform="rotate(191.25)" xlink:href="#cog"/><use transform="rotate(202.5)" xlink:href="#cog"/><use transform="rotate(213.75)" xlink:href="#cog"/><use transform="rotate(225)" xlink:href="#cog"/><use transform="rotate(236.25)" xlink:href="#cog"/><use transform="rotate(247.5)" xlink:href="#cog"/><use transform="rotate(258.75)" xlink:href="#cog"/><use transform="rotate(-90)" xlink:href="#cog"/><use transform="rotate(-78.75)" xlink:href="#cog"/><use transform="rotate(-67.5)" xlink:href="#cog"/><use transform="rotate(-56.25)" xlink:href="#cog"/><use transform="rotate(-45)" xlink:href="#cog"/><use transform="rotate(-33.75)" xlink:href="#cog"/><use transform="rotate(-22.5)" xlink:href="#cog"/><use transform="rotate(-11.25)" xlink:href="#cog"/></g></g><g id="mounts" transform="scale(-1,1)"><polygon id="mount" points="-7 -42 0 -35 7 -42" fill="#fff" stroke="#fff" stroke-linejoin="round" stroke-width="6"/><g fill="#fff" stroke="#fff"><use transform="rotate(72)" xlink:href="#mount"/><use transform="rotate(144)" xlink:href="#mount"/><use transform="rotate(216)" xlink:href="#mount"/><use transform="rotate(-72)" xlink:href="#mount"/></g></g></g><mask><rect x="-60" y="-60" width="120" height="120" fill="#fff"/><circle cy="-40" r="3"/><use transform="rotate(72)" xlink:href="#hole"/><use transform="rotate(144)" xlink:href="#hole"/><use transform="rotate(216)" xlink:href="#hole"/><use transform="rotate(-72)" xlink:href="#hole"/></mask></g></svg>

theme/assets/img/self-hosting/vaultwarden.svg

@@ -1,2 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><defs><mask id="holes"><rect x="-60" y="-60" width="120" height="120" fill="#fff"/><circle id="hole" cy="-40" r="3"/><use transform="rotate(72)" xlink:href="#hole"/><use transform="rotate(144)" xlink:href="#hole"/><use transform="rotate(216)" xlink:href="#hole"/><use transform="rotate(-72)" xlink:href="#hole"/></mask></defs><g id="logo" transform="matrix(.32254 0 0 .32254 16.933 16.933)"><g id="gear" mask="url(#holes)"><path d="m-31.172-33.813 26.496 74.189h9.3515l26.496-74.189h-9.7672l-16.729 47.589q-1.6625 4.5719-2.8055 8.6242-1.143 3.9484-1.8703 7.5851-0.72734-3.6367-1.8703-7.689-1.143-4.0523-2.8055-8.7281l-16.625-47.381z" stroke="#000" stroke-width="4.5117"/><circle transform="scale(-1,1)" r="43" fill="none" stroke="#000" stroke-width="9"/><g id="cogs" transform="scale(-1,1)"><polygon id="cog" points="46 -3 46 3 51 0" stroke="#000" stroke-linejoin="round" stroke-width="3"/><use transform="rotate(11.25)" xlink:href="#cog"/><use transform="rotate(22.5)" xlink:href="#cog"/><use transform="rotate(33.75)" xlink:href="#cog"/><use transform="rotate(45)" xlink:href="#cog"/><use transform="rotate(56.25)" xlink:href="#cog"/><use transform="rotate(67.5)" xlink:href="#cog"/><use transform="rotate(78.75)" xlink:href="#cog"/><use transform="rotate(90)" xlink:href="#cog"/><use transform="rotate(101.25)" xlink:href="#cog"/><use transform="rotate(112.5)" xlink:href="#cog"/><use transform="rotate(123.75)" xlink:href="#cog"/><use transform="rotate(135)" xlink:href="#cog"/><use transform="rotate(146.25)" xlink:href="#cog"/><use transform="rotate(157.5)" xlink:href="#cog"/><use transform="rotate(168.75)" xlink:href="#cog"/><use transform="scale(-1)" xlink:href="#cog"/><use transform="rotate(191.25)" xlink:href="#cog"/><use transform="rotate(202.5)" xlink:href="#cog"/><use transform="rotate(213.75)" xlink:href="#cog"/><use transform="rotate(225)" xlink:href="#cog"/><use transform="rotate(236.25)" xlink:href="#cog"/><use transform="rotate(247.5)" xlink:href="#cog"/><use transform="rotate(258.75)" xlink:href="#cog"/><use transform="rotate(-90)" xlink:href="#cog"/><use transform="rotate(-78.75)" xlink:href="#cog"/><use transform="rotate(-67.5)" xlink:href="#cog"/><use transform="rotate(-56.25)" xlink:href="#cog"/><use transform="rotate(-45)" xlink:href="#cog"/><use transform="rotate(-33.75)" xlink:href="#cog"/><use transform="rotate(-22.5)" xlink:href="#cog"/><use transform="rotate(-11.25)" xlink:href="#cog"/></g><g id="mounts" transform="scale(-1,1)"><polygon id="mount" points="7 -42 -7 -42 0 -35" stroke="#000" stroke-linejoin="round" stroke-width="6"/><use transform="rotate(72)" xlink:href="#mount"/><use transform="rotate(144)" xlink:href="#mount"/><use transform="rotate(216)" xlink:href="#mount"/><use transform="rotate(-72)" xlink:href="#mount"/></g></g><mask><rect x="-60" y="-60" width="120" height="120" fill="#fff"/><circle cy="-40" r="3"/><use transform="rotate(72)" xlink:href="#hole"/><use transform="rotate(144)" xlink:href="#hole"/><use transform="rotate(216)" xlink:href="#hole"/><use transform="rotate(-72)" xlink:href="#hole"/></mask></g></svg>