docs!: Move most documentation to forum

blog/posts/keepassium-review.md

@@ -1,696 +0,0 @@
----
-title: "KeePassium Review: A Flexible Password Manager for iOS and macOS"
-template: review-article.html
-schema_type: ReviewNewsArticle
-date:
-    created: 2025-05-13T16:30:00Z
-categories:
-    - Reviews
-authors:
-    - em
-description: "If you need a password manager for iOS or macOS that gives you full control over your data, KeePassium is a fantastic option. KeePassium offers some synchronization features, but keeps your password database offline by default. You choose who to trust to store your passwords, and you can change it whenever you want."
-preview:
-  logo: blog/assets/images/keepassium-review/keepassium.svg
-review:
-  type: SoftwareApplication
-  category: SecurityApplication
-  subcategory: Password Manager
-  name: KeePassium
-  price: 0
-  website: https://keepassium.com/
-  rating: 4.5
-  pros:
-    - Open source.
-    - Free basic plan.
-    - Data portability.
-    - Offline-only option.
-    - No account or personal data required.
-    - Easy to use, beautiful, and customizable.
-    - Excellent documentation.
-  cons:
-    - AutoFill might not work for some websites and browsers.
-    - Some important features only available on paid plans.
-    - No app for Linux, Android, or Windows.
----
-
-![The KeePassium logo over a yellow background showing Apple devices.](../assets/images/keepassium-review/keepassium-cover.webp)
-
-<small aria-hidden="true">Illustration: Em / Privacy Guides | Photo: PicJumbo / Pexels</small>
-
-If you have been looking for a password manager giving you full control over your data, KeePassium is a fantastic option. The application available for iOS and macOS keeps your password database offline by default. KeePassium still offers synchronization and backup options, but allows you to choose which storage provider to trust with your database, and change it whenever you want.<!-- more -->
-
-![KeePassium logo](../assets/images/keepassium-review/keepassium.svg){align=right itemprop="image"}
-
-[KeePassium](https://keepassium.com/) is a commercial open-source application made by KeePassium Labs, based in Luxembourg.
-
-Because it's open-source, anyone can inspect and download its [code](https://github.com/keepassium/KeePassium) if they wish. Anyone could even [build](https://github.com/keepassium/KeePassium?tab=readme-ov-file#is-it-free) the entire application by themselves, and use the advanced features completely for free.
-
-However, if you do not want to bother with code, you can use either the basic plan for free, or pay for a premium plan to access advanced features and to support the project.
-
-KeePassium is a [KeePass](https://keepass.info/)-compatible project. If you are already familiar with any software from the [KeePass ecosystem](https://github.com/lgg/awesome-keepass), you will feel right at home with KeePassium.
-
-KeePassium's strength resides in how it integrates KeePass' security and features into a well-rounded and well-designed application, that is very instinctive to use, while not compromising on flexibility and customizability.
-
-<div class="admonition abstract" markdown>
-<p class="admonition-title">The KeePassium application</p>
-
-For this review, the words "KeePassium" and "application" refer to both the KeePassium iOS and macOS applications simultaneously, unless otherwise specified. The mobile application was tested first and will be more prominent in the examples and screenshots.
-
-</div>
-
-## :material-apple: Platforms and Compatibility
-
-KeePassium is written in Apple's Swift programming language and is available for Apple devices.
-
-### Mobile
-
-- For iPhone and iPad, KeePassium works on iOS 17.0 or later.
-
-### Desktop
-
-- For Mac computers, KeePassium works on macOS 14.0 (Sonoma) or later.
-- KeePassium is compatible with both Apple Silicon and Intel hardware.
-- The desktop application is new and was [released](https://keepassium.com/blog/2024/12/keepassium-2.0/) on December 17th, 2024.
-
-### Apple Vision
-
-- For Apple Vision, KeePassium works on visionOS 1.0 or later.
-
-### Languages
-
-The KeePassium application is available in the following languages: English, Arabic, Czech, Dutch, French, German, Italian, Japanese, Korean, Polish, Portuguese, Russian, Simplified Chinese, Slovak, Spanish, Swedish, Thai, Traditional Chinese, Turkish, and Ukrainian.
-
-### Cross-compatibility
-
-One great strength of any applications derivative of KeePass is compatibility with other KeePass applications. This is due to implementing of the same `.kdbx` file format for password databases, and often sharing similar features as well.
-
-If you use KeePassium to store your passwords, you will be able to easily transfer your password database to other KeePass-compatible applications, and vice versa. This offers powerful portability for your password database.
-
-<div class="admonition info" markdown>
-<p class="admonition-title">File formats and encryption</p>
-
-KeePassium supports the KDB, KDBX3, and KDBX4 file formats, and implements AES, ChaCha20, Twofish, and Argon2 for encryption algorithms.
-
-Even if compatibility with older database formats is available, it is recommended to use the more recent and [more secure](https://keepass.info/help/kb/kdbx_4.html) KDBX4 format. This latest format will be the default when you create a new database in KeePassium.
-
-</div>
-
-This cross-compatibility is so versatile that you could, for example, use KeePassium on mobile but sync it with [KeePassXC](installing-keepassxc-and-yubikey.md) on desktop.
-
-Similarly, if you have a Mac computer but an Android phone, you could use KeePassium on desktop but KeePassDX on mobile, and so on and so forth. You can consult KeePassium's documentation for a list of all [compatible apps](https://support.keepassium.com/kb/compatible-apps/).
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Testing compatibility</p>
-
-If you plan on using KeePassium with cloud storage and synchronization between devices, make sure to test your settings well before adding all your passwords to it.
-
-</div>
-
-Depending on your usage and settings, glitches in synchronization *could* corrupt your database file. This has more chances to happen if you use a cloud storage that isn't fully supported, or a KeePass-compatible application that isn't listed in KeePassium's documentation.
-
-Ideally, if you use synchronization, create a dummy database at first to test that synchronization works properly with your specific cloud configuration and between all the devices you use.
-
-It's also advisable to enable the backup feature and even keep a backup copy of your database file in a different directory. That way, if your main synced file were to get corrupted or lost somehow, you could always rely on this secondary backup.
-
-This is important because there is no remote database management done by KeePassium. **You are fully in control of your own data, but you are also fully responsible to protect it.**
-
-## :material-wallet-bifold-outline: Pricing
-
-KeePassium can be used completely for free!
-
-That being said, if you need advanced features, you might want to [pay](https://keepassium.com/pricing/) for a [Premium](https://keepassium.com/articles/why-upgrade-to-premium/) plan (monthly or yearly), or a Pro or Business plan. Fortunately, the monthly Premium plan is very affordable, allowing users to test the Premium features one month at the time before committing to a longer subscription.
-
-Alternatively, if you do not need any advanced features but would like to support the project, you could use the free plan and [donate](https://keepassium.com/donate/) a fix amount to KeePassium.
-
-#### Rent-to-own
-
-Something interesting about KeePassium Premium's plan is that it offers a "[rent-to-own](https://support.keepassium.com/kb/license-rent-own/)" license. This means that if you pay for a KeePassium subscription for 12 months or more, you will always "own" the features you've paid for, even if you stop paying.
-
-For example, if you pay for Premium for only one year then stop, you will keep access to all the Premium features that were available while you paid for Premium, but will not have access to new features added after your stopped paying. This is an excellent model that more applications should adopt.
-
-![Screenshot from the KeePassium website's Pricing page with a description of which features are included in each plan.](../assets/images/keepassium-review/keepassium-pricing.webp)
-
-## :octicons-shield-check-16: Security and Trust
-
-Security and trust are without a doubt the most important characteristics of a good password manager.
-
-While functionality and features are also important, there is no point in having a pretty application that doesn't safeguard your passwords properly. It would defeat the whole purpose of the password manager.
-
-KeePassium does not neglect security for convenience, and has done its homework to earn its users' trust. The database format it uses, its transparency with open source, and its independent security audit, are all factors contributing to build trust in KeePassium.
-
-### Trusted database format
-
-The application is using an encrypted database file format developed by [KeePass](https://en.wikipedia.org/wiki/KeePass), an open-source project with a good reputation in the security and privacy community. KeePass' code and formats are trusted by many other KeePass-compatible projects, including KeePassXC, KeeWeb, OneKeePass, ModernKeePass, MacPass, Keepass2Android, and [more](https://github.com/lgg/awesome-keepass).
-
-Even if the KeePassium application is relatively recent with its first [launch](https://keepassium.com/blog/2019/07/introducing-keepassium-for-ios/) in 2019, the formats it uses to secure password databases had many eyes on since the initial KeePass release in 2003. The fact that so many people have inspected, used, tested, and improved the security foundation of this file format through the years contributes to KeePassium's security as well.
-
-### Open-source code
-
-KeePassium was [created](https://keepassium.com/articles/who-created-keepassium/) by [Dr. Andrei Popleteev](https://popleteev.com/), who founded KeePassium Labs, and continues as its director to develop and maintain the app with a small team of [contributors](https://github.com/keepassium/KeePassium/graphs/contributors). Like KeePass, KeePassium's code is open-source under a [GNU General Public License](https://github.com/keepassium/KeePassium/blob/master/LICENSE.txt).
-
-Open-source code isn't magical, but it helps to build trust by providing full transparency. Because all of KeePassium's code is publicly accessible, anyone could inspect it. This can help to detect and reporting potential vulnerabilities early on, and quickly verifying any claims made. Of course, at least *some* independent qualified people have to inspect the code in order to make this meaningful at all. But this is true for any open-source projects.
-
-#### A note on KeePassium's open-source commercial model
-
-More precisely, KeePassium is a *commercial* open-source application. This means its code is fully open and available to inspect, download, and use (within its license's limits). However, users can also purchase paid plans to access advanced features, without having to build and manage the code themselves.
-
-Paid plans provide a source of revenue to KeePassium, which helps to maintain the application adequately to keep it compatible and secure, providing support to customers, and adding new features down the line.
-
-This commercial model can actually add stability to a project, making it more likely to survive long term. This is reassuring considering all the other KeePass-compatible projects that have stopped getting maintained and are unfortunately no longer usable.
-
-Furthermore, there is some [conflict](https://www.engadget.com/2011-01-09-the-gpl-the-app-store-and-you.html) between certain open-source licenses and publication on Apple's App Store. Because it isn't possible to download an iOS app outside of Apple's App Store (unless you adventure in the perilous waters of [jailbreaking](https://en.wikipedia.org/wiki/IOS_jailbreaking)), KeePassium and all other iOS apps are confined to operate within the App Store's requirements.
-
-Also for this reason, the KeePassium projects cannot accept external contributions to its code, but can still [accept contributions](https://github.com/keepassium/KeePassium?tab=readme-ov-file#how-to-contribute) for bug reports, feature suggestions, and translations.
-
-### Independent security audit (iOS)
-
-Perhaps one of the most compelling argument for trusting KeePassium is the [independent security audit](https://support.keepassium.com/kb/security-audits/) the iOS application went through last year.
-
-The Berlin-based cybersecurity firm [Cure53](https://en.wikipedia.org/wiki/Cure53) conducted a full evaluation and professional pentest of the mobile application in November 2024.
-
-The review included an audit of the source code, application, network communications, and the implemented cryptography. The few vulnerabilities found were all fixed following reception of the report.
-
-It's important to note that only KeePassium for iOS was audited, and not KeePassium for macOS, which was released after the audit. However, many aspects of KeePassium for iOS that were included in the audit are likely to be similar for KeePassium for macOS.
-
-Interestingly, Cure53 has [audited](https://cure53.de/) many other well-known security and privacy-focused or open-source applications such as Proton Pass, 1Password, Bitwarden, Obsidian, Mullvad VPN, Onion Browser, Threema, Briar, SecureDrop, Mastodon, and much [more](https://github.com/cure53/Publications).
-
-### Recommended by other applications
-
-Finally, if you already trust KeePassXC for your desktop password manager, know that KeePassium is one of the apps [suggested](https://keepassxc.org/docs/) by KeePassXC to use on iOS.
-
-## :octicons-lock-16: Privacy and Encryption
-
-Data privacy and encryption are fundamental aspects of any password managers. Because pretty much all data stored in a password manager is highly sensitive data, all data should be protected by strong end-to-end encryption.
-
-### Data collection
-
-On this point, KeePassium delivers. First, a quick look at Apple's privacy label indicates that "the developer does not collect any data from this app". This is a good start, and this description is true for both the iOS and macOS applications.
-
-![Screenshot from Apple's App Store for KeePassium's App Privacy label. The label states that the "developer does not collect any data from this app".](../assets/images/keepassium-review/keepassium-applelabel.webp)
-
-Second, in its current version, KeePassium's [Privacy Policy](https://keepassium.com/privacy/app/) is excellent. This is never a guarantee of course, but the app's [security audit](#independent-security-audit-ios) shows the Privacy Policy statements are likely founded.
-
-KeePassium separates its privacy policies for the application and the website. This is an excellent practice way too rarely adopted by companies. This approach provides much more clarity for what data is collected from where, and is a positive sign that an organization understands well data privacy legal requirements.
-
-The Privacy Policy for the app is detailed and thorough, which are essential qualities to any respectable privacy policies.
-
-It starts by stating clearly that KeePassium does not send any personal data to KeePassium Labs, the company developing the app. Then, it lists all instances where data *could* be collected through the purchase or use of KeePassium, and gives clear instructions on how to opt out for each. This is the kind of privacy policy that shows an organization genuinely values and understands data privacy. I highly encourage you to have a look at it from the link above.
-
-Worth noting as well, KeePassium's Privacy Policy for its *website* states it [does not use any cookies](https://keepassium.com/privacy/website/#our-use-of-cookies-and-tracking). This is certainly refreshing to read.
-
-### Encryption
-
-Although the application is compatible with older formats, KeePassium by default will use the newer KDBX4 file format to encrypt password databases.
-
-This is important because the KDBX4 format offers [significant security improvements](https://keepass.info/help/kb/kdbx_4.html) over the previous KDBX3 format. If you import an older database in KeePassium, it is recommended to upgrade it to KDBX4 and use a different main password for the upgraded database if you keep a backup of the previous one.
-
-<div class="admonition success" markdown>
-<p class="admonition-title">Upgrade from KDB to KDBX</p>
-
-If you need to upgrade an older database file to the newest file format to benefit from better security and KeePassium's full functionality, you can follow KeePassium's [instructions](https://support.keepassium.com/kb/convert-kdb-kdbx/).
-
-</div>
-
-To secure the database, and all the content included in it, KeePassium uses AES256, ChaCha20, Twofish, HMAC, and Argon2 (for KDBX4 only). Because the [KeePass database file format](https://keepass.info/help/kb/kdbx.html) (and so KeePassium's as well) encrypts the whole database, this means that not only passwords are encrypted but also usernames, website URLs, notes, attachments, etc.
-
-<div class="admonition info" markdown>
-<p class="admonition-title">Encrypting all data, not just passwords</p>
-
-Encrypting all user data contained in a password manager entry is *extremely* important, because encrypting passwords only just isn't enough.
-
-In August 2022, the password manager [LastPass suffered a security breach](https://blog.lastpass.com/posts/notice-of-recent-security-incident) where users' password vaults (databases) were stolen from LastPass' servers.
-
-This is bad enough even with end-to-end encrypted data (because vaults with a weak main password could get cracked), but even worse than this, some important data like website URLs were *not encrypted at all*, so this information was [stolen in plain text](https://www.pwndefend.com/2022/12/24/lastpass-breach-the-danger-of-metadata/).
-
-This is the perfect example of why **encrypting all data *and* metadata** input by the user is *crucial* for data privacy and security.
-
-Additionally, the LastPass' breach is a great argument in favor of keeping one's password database *offline,* whenever possible. Something that KeePassium makes possible even by default.
-
-</div>
-
-#### Encryption algorithms used by KeePassium
-
-[AES256](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard): The Advanced Encryption Standard (AES) is a trusted and commonly used block cipher symmetric-key algorithm. It was established in 2001 by NIST, the American National Institute of Standards and Technology. The number following the acronym describes the key size in bits (128, 192, or 256 bits).
-
-[Twofish](https://en.wikipedia.org/wiki/Twofish): Twofish is another block cipher symmetric-key algorithm, which KeePassium can use to secure databases, in 256-bit key size as well. Famous cryptographer Bruce Schneier was part of the team who designed Twofish.
-
-[ChaCha20](https://en.wikipedia.org/wiki/Salsa20#ChaCha_variant) (KDBX4 only): The ChaCha20 algorithm is a variant of Salsa20, both stream ciphers that encrypt and decrypt data in continuous stream instead of blocks. The number refers to the number of rounds in its structure.
-
-[HMAC](https://en.wikipedia.org/wiki/HMAC) (Key Derivative Function): Hash-based Message Authentication Code (HMAC) is a robust hash function. In KeePass-compatible apps, it is used to [verify](https://keepass.info/help/kb/kdbx.html#hbs) the integrity and authenticity of the database before decryption.
-
-[Argon2](https://en.wikipedia.org/wiki/Argon2) (Key Derivative Function, for KDBX4 only): Argon2 is a memory-hard function that offers better resistance against GPU cracking attacks compared to AES-KDF. Argon2 was the winner of the Password Hashing Competition in 2015.
-
-[AES-KDF](https://keepass.info/help/kb/kdbx_4.html#intro) (Key Derivative Function, for KDBX3 only): AES-KDF is a key derivative function based on AES. This method was previously used for the KDBX3 database format, but has since been replaced by Argon2 for KDBX4. This is partly because AES-KDF is not memory-hard, which makes it easier to crack for an attacker using modern technologies.
-
-![Screenshot from the iOS app showing the Encryption Settings.](../assets/images/keepassium-review/keepassium-encryptionoptions.webp){width="400"}
-
-## :octicons-apps-16: Usage and Features
-
-Once solid security and privacy protections have been confirmed, the second important part of a good password manager is how easy it is to use and the features it offers.
-
-In this regard, KeePassium excels again. Not only does KeePassium offer the features users familiar with KeePass-compatible applications will recognize, but importantly, it implements these features with a polished user interface and obvious consideration for accessibility and user experience.
-
-### Starting with KeePassium on iOS
-
-Installing the app from the App Store is a smooth process. Once installed, make sure to go in Apple's "Settings" > "KeePassium" > "Siri & Search" and disable the Siri options you are not using. Apple very annoyingly puts them all on by default for each new app installed.
-
-Additionally, you can follow KeePassium's [instructions](https://keepassium.com/privacy/app/) from its Privacy Policy to opt out of other Apple settings related to KeePassium.
-
-After installing the app, KeePassium will guide you step-by-step to set up an application PIN (you can also enable application lock with biometrics), and import or create a new database.
-
-If you are not familiar with it already, it's a good idea to read each popup from the welcome screen.
-
-<div class="grid" markdown>
-
-![Screenshot from the iOS app showing the Welcome page after installation.](../assets/images/keepassium-review/keepassium-startwelcome.webp)
-
-![Screenshot from the iOS app showing the page giving options to either create a new database, add an existing database, or connect to a server.](../assets/images/keepassium-review/keepassium-startdatabase.webp)
-
-</div>
-
-<div class="admonition tip" markdown>
-<p class="admonition-title">Secure the application properly</p>
-
-When prompted to select a Passcode to lock the application (which is different from the main password to secure your database), you will have the option to switch from the numeric keypad to a full alphanumeric keyboard. This is recommended to set up a stronger Passcode to protect the application, where your database(s) might be kept unlocked if you choose this option.
-
-</div>
-
-If you create a new database to store your passwords, make sure to choose a [strong main password](https://www.privacyguides.org/en/basics/passwords-overview/#passwords) (or "Master Key") that is *unique*, *complex*, and *long*.
-
-KeePassium will guide you to determine if your main password is sufficiently strong. However, the app cannot know if you have used this password before, so you should make sure that you haven't and this main password is unique.
-
-<div class="admonition danger" markdown>
-<p class="admonition-title">Be careful to remember your main password!</p>
-
-This is the only password that cannot be stored in your password manager, so it's important to secure it properly and also ensure you can **remember it well**.
-
-Due to the nature of end-to-end encryption, there is no way for KeePassium to recover a lost password. Not remembering your main password could mean **getting locked out of your password database permanently**.
-
-</div>
-
-After creating a new database, you will be prompted to unlock it with your new main password ("Master Key").
-
-![Screenshot from the iOS app showing the New Database section.](../assets/images/keepassium-review/keepassium-newdatabase.webp){width="400"}
-
-After you have either created or imported a database, you are ready to explore KeePassium's features.
-
-### Starting with KeePassium on macOS
-
-To download KeePassium on macOS, you will need to go through Apple's App Store. Alternatively, you could also [build](https://github.com/keepassium/KeePassium) the application from the source code, but that is an entirely different process.
-
-![Screenshot from Apple's App Store on macOS showing the KeePassium page.](../assets/images/keepassium-review/keepassium-appstoremac.webp)
-
-Installing the application is a breeze, and the macOS app shares the same welcome sections and features the iOS version has, with a slightly different format.
-
-![Screenshot from the macOS app showing the Welcome page after installation.](../assets/images/keepassium-review/keepassium-startwelcomemac.webp)
-
-The application will guide you to either create or import a database, then you will recognize the same features described below for the iOS version.
-
-![Screenshot from the macOS app showing the New Database section.](../assets/images/keepassium-review/keepassium-newdatabasemac.webp)
-
-### Accessibility
-
-There are a few great accessibility features with KeePassium. First, KeePassium fully works with Apple's VoiceOver. To enable it on iPhone, you can go in the iOS "Settings" > "Accessibility" > "VoiceOver" and enable "VoiceOver".
-
-Second, from the KeePassium app you can tap on the "Settings" gear button on the lower-right to access the "Appearance" menu. From there, you will see a sliding option to adjust the entry's text size. This will change the size of the text in all entries' sections. You also have the option to change the font type from there.
-
-Additionally, when tapping on a Password in an entry section, you can quickly tap on the magnified "a" button (while the blue "Copied" overlay appears) to display the password in large font, with each character separated in an indexed table.
-
-<div class="grid" markdown>
-
-![Screenshot from the iOS app showing the Appearance page from the Settings with the Text Size option.](../assets/images/keepassium-review/keepassium-textsize.webp)
-
-![Screenshot from the iOS app showing an entry's password selected with the large font option, which displays each character from a password in a separate indexed box.](../assets/images/keepassium-review/keepassium-largeindexedfont.webp)
-
-</div>
-
-### Security features
-
-In the "Access Control" category of "Settings", there are some important options to customize the app's security features:
-
-#### App Protection
-
-This section gives options to secure the application itself. It includes using the device's biometric lock instead of the app's Passcode, changing the app's Passcode, and choosing when the app gets locked.
-
-#### Data Protection
-
-This section gives options to enable or disable if the database(s)' main password(s) is remembered locally in the device's secure keychain, or if it must be re-entered each time to unlock a database. It also allows you to choose when (if remembered) the database will lock itself again, how long to keep data (including copied passwords) in the device's clipboard, and other security preferences.
-
-A fun (and useful) feature you will find there is that you can decide what happens when the device is "shaken". This can be an important security feature for people in sensitive situations.
-
-<div class="grid" markdown>
-
-![Screenshot from the iOS app showing the App Protection page from the Settings.](../assets/images/keepassium-review/keepassium-appprotection.webp)
-
-![Screenshot from the iOS app showing the Data Protection page from the Settings.](../assets/images/keepassium-review/keepassium-dataprotection.webp)
-
-</div>
-
-#### Protection against weak passwords
-
-When first creating a database, KeePassium will indicate if the main password chosen is too weak and display a warning.
-
-This is an important security feature because **a database is only as protected as the strength of its main password**. It goes without saying the main password for a database should always be *unique* (has never been used elsewhere), *complex* (uses a variety of character types), and *long* (is long enough to not be vulnerable to brute-force attacks).
-
-Passwords chosen for each entry will also display an indicator of strength under each field.
-
-#### YubiKey support (Premium)
-
-For users with Premium plans, KeePassium offers [support for YubiKey](https://www.yubico.com/works-with-yubikey/catalog/keepassium/) to add extra protection to a database using the challenge-response implementation.
-
-The same feature is available on KeePassXC on desktop. For more details on this, you can check our [tutorial for KeePassXC](installing-keepassxc-and-yubikey.md), or our tutorial on [how to set up and back up a YubiKey](yubikey-reset-and-backup.md)'s challenge-response.
-
-#### Passwords audit (Premium)
-
-KeePassium offers to audit database's passwords for potential leaks. This feature works by comparing an obfuscated version of a password with the [Have I Been Pwned](https://haveibeenpwned.com/) service. The password is never shared externally during this process. This is helpful information to get an early warning and change a compromised password before the exposed account is attacked.
-
-### Groups and Smart Groups
-
-Before starting to add entries to a new database, it's a good idea to explore the Groups and Smart Groups features. Groups are directories that can be created inside a database to separate categories of passwords.
-
-Smart Groups are simply Groups created from a search query. If you imported a database already full of passwords, you might not feel like sorting them manually. Smart Groups will help to create Groups using queries to [categorize](https://support.keepassium.com/docs/smart-groups/) entries automatically. This can be very convenient to organize larger databases.
-
-When creating a new database, KeePassium will suggest some Groups, which you can be used as provided, changed, or deleted. To add a new Group or Smart Group, tap on the 3-dot button on the upper-right from inside a database and select "New Group" or "New Smart Group".
-
-![Screenshot from the iOS app showing different groups created within a database.](../assets/images/keepassium-review/keepassium-groups.webp){width="400"}
-
-<div class="admonition info" markdown>
-<p class="admonition-title">Separate databases vs Groups</p>
-
-Using separate databases for different categories of passwords, for example one database for personal passwords, work-related passwords, and family-shared passwords is a good idea because it takes advantage of compartmentalization to add extra security and privacy.
-
-Each database will have its own main password, and if one database were to get compromised, the others might still be protected. KeePassium's free plan only allow to use *one* database at the time, however.
-
-Groups mainly serve to organize passwords and do not provide any additional security, privacy, or portability like separate databases do. For free plan users, Groups can still be a great feature to separate passwords when it isn't a security issue to encrypt them all together using a same main password.
-
-</div>
-
-### Entry options
-
-Once inside a database, users can add a new entry there or first create/enter a Group directory. To create a new entry, tap on the 3-dot menu on the upper-right, then select "New Entry".
-
-Each New Entry section will include a field for the entry's name, choice of icon (or option to download the service's favicon), "User Name", "Password", "URL", "Tags", "Notes", and option to "Set up one-time password (OTP)".
-
-Tapping the plus-sign button at the top will create a new custom text field for an entry. Enabling the "Protected Field" option on the lower-right will hide this field as if it was a password field. That being said, all fields from an entry will be fully encrypted with the database.
-
-<div class="grid" markdown>
-
-![Screenshot from the iOS app showing a New Entry page with various empty fields.](../assets/images/keepassium-review/keepassium-newentry.webp)
-
-![Screenshot from the iOS app showing the page within a Group with four different entries.](../assets/images/keepassium-review/keepassium-entries.webp)
-
-</div>
-
-An entry section from macOS:
-
-![Screenshot from the macOS app showing an entry section with the "User Name", "Password", "URL", "Tags", and "Notes" fields filled.](../assets/images/keepassium-review/keepassium-entrymac.webp)
-
-Finally, to edit, move, copy or delete an entry on iOS, a long press over its name from the directory will show these options. Swiping left on a password entry will also show the edit and delete options.
-
-![Screenshot from the iOS app showing the options Edit, Move, Copy, and Delete when long-pressing on a listed entry.](../assets/images/keepassium-review/keepassium-moveentry.webp){width="400"}
-
-### Password generator
-
-Conveniently, KeePassium includes a password generator. This is a common feature for password managers, and KeePassium implements this feature very well.
-
-The generator can be used from either the die-shaped button on the right of every password field, the tool-shaped button menu on the lower-left from inside a database selecting "Random Generator", or the die-shaped button on the lower-left from the "Databases" section. The latter is a nice touch if you ever need to generate a random string while your database is locked.
-
-Each time you open the Random Generator, it will automatically generate new random strings for all 3 modes: Basic, Expert, and Passphrase.
-
-<div class="grid" markdown>
-
-![Screenshot from the iOS app showing the tool menu from within a database. The menu shows options for "Random Generator", "Password Audit", "Download Favicons", "Print", "Change Master Key", "Encryption Settings", and "Lock Database".](../assets/images/keepassium-review/keepassium-databaseoptions.webp)
-
-![Screenshot from the iOS app showing the Random Generator page that displays three random passwords for "Basic", "Expert", and "Passphrase".](../assets/images/keepassium-review/keepassium-generator.webp)
-
-</div>
-
-The Random Generator can also be customized. To customize each mode, tap on the gears-shaped button on the upper-right of the generator and change the mode to adjust the parameters for each. The app will remember the parameters every time it is used.
-
-The customization for Passphrase does not include the options for "MIXED" case at this time, however, considering this option was just added to KeePassXC last month, maybe it will be added to KeePassium as well in the near future.
-
-![Screenshot from the macOS app showing the Random Generator page that displays the options to adjust for generated passphrase.](../assets/images/keepassium-review/keepassium-generatormac.webp)
-
-### One-Time Password (OTP)
-
-KeePassium offers the option to store one-time password codes with each entry. This can be a convenient way to manage second-factor of authentication, and keep these codes stored locally only.
-
-However, this can also introduce additional risks. If a database file was to get compromised at some point, it would also compromise all the OTP codes within it, making this second-factor protection useless against an attack of the whole database.
-
-If this isn't a risk you are concerned with, then KeePassium's OTP can be a useful feature.
-
-OTP codes are easy to set up and can be entered manually or using a QR code. Once set up, the code will be displayed as a field in the entry. Tap on it to copy it.
-
-<div class="grid" markdown>
-
-![Screenshot from the iOS app showing an entry for Mastodon Social with all credential fields filled, and an arrow pointing at a One-Time Password code.](../assets/images/keepassium-review/keepassium-otp.webp)
-
-![Screenshot from the iOS app showing an Entry page with the option to "Set up one-time password (OTP)" selected at the bottom and displaying a menu with the options "Scan QR code" and "Enter manually".](../assets/images/keepassium-review/keepassium-otpentry.webp)
-
-</div>
-
-### AutoFill
-
-Depending on your usage, AutoFill can be an important feature for a password manager. AutoFill will allow KeePassium to recognize a login page and automatically fill all in the login credentials.
-
-To ensure AutoFill works smoothly, it's important to enter the correct website URL for each entry, specifically the page's URL where the credentials will be required.
-
-Ultimately, it's possible some websites will just not work with KeePassium's AutoFill. Some [issues](https://github.com/keepassium/KeePassium/issues/405) have been experienced while testing the app for this review. If you experience the same issue with a website, you can simply copy-paste the credentials manually in each corresponding field.
-
-<div class="admonition failure" markdown>
-<p class="admonition-title">AutoFill issues for some websites</p>
-
-A possible cause of AutoFill issues can be an incorrect entry URL that isn't the proper "Caller ID". To troubleshoot this, you can consult KeePassium's helpful [instructions](https://support.keepassium.com/kb/autofill-matching/) here.
-
-</div>
-
-#### AutoFill for iOS
-
-When set up correctly on iOS, a "Passwords" button should appear above the keyboard for websites where credentials have been stored in your database. If it doesn't, this could mean AutoFill was not set up properly from the [iOS Settings](https://support.keepassium.com/kb/autofill-setup-ios/).
-
-![Screenshot from a mobile browser with the login page for mastodon.social displaying empty credential fields and iOS showing a "Passwords" button over the keyboard.](../assets/images/keepassium-review/keepassium-autofill.webp){width="400"}
-
-#### AutoFill for macOS
-
-There isn't a browser extension available for KeePassium on macOS. The desktop AutoFill feature integrates with the system as a [credential provider](https://www.reddit.com/r/KeePassium/comments/1isvjjd/comment/mdsbwwc/). Browser implementation depends on how each browser integrates this function. The desktop AutoFill feature does work flawlessly with Safari.
-
-To set up AutoFill for KeePassium, you will have to enable it from the [macOS Settings](https://support.keepassium.com/kb/autofill-setup-macos/). KeePassium will guide you through the process with clear instructions to follow:
-
-![Screenshot from the macOS app showing a setting popup to "Uncheck Keychain" with the option to enable KeePassium instead.](../assets/images/keepassium-review/keepassium-autofillmac.webp)
-
-Once enabled, every website with a corresponding URL in your database will display a small key icon on the right of the credential fields.
-
-![Screenshot from Safari showing the cryptpad.fr login page and a key icon on the right of the Username empty field, with the option on the left to select either KeePassium or Keychain to fill the credentials.](../assets/images/keepassium-review/keepassium-loginsafarimac.webp)
-
-Despite lacking a browser extension, integration with Safari and the macOS ecosystem works smoothly, and it will work with applications that aren't browsers as well.
-
-![Screenshot from the ProtonDrive login popup in macOS showing a menu over the Password field to select either KeePassium or Keychain to fill the credentials.](../assets/images/keepassium-review/keepassium-loginappmac.webp)
-
-### Backups
-
-Backing up your database is essential with any KeePass-compatible app. Because there is no remote backup automatically stored by the application, you become responsible for protecting this data properly.
-
-KeePassium offers many options to help users back up their databases.
-
-#### Enable backup copies
-
-The option to back up local copies automatically will be enabled by default. You can disable it if you prefer (ideally not), or enable the option to "Show Backup Files" in "Settings" > "Database Backup". You can also adjust for how long you wish to keep the local backups (the default value is 2 months).
-
-#### Exclude from iCloud/iTunes
-
-There is an important feature to exclude your database file and KeePassium's backups of your database from your device's iCloud or iTunes backups. If you do not trust Apple with your encrypted database, you should enable this everywhere (excluding from iCloud/iTunes is disabled by default).
-
-If your database is stored locally (you might not see the option otherwise): From the "Databases" page, tap on the 3-dot button right to your database name (not the *circled* 3-dot button at the top, the one below). Then tap on "File Info" and *enable* the option "Exclude From iCloud/iTunes Backup" to make sure your database file stays outside your device's iCloud or iTunes backups.
-
-Secondly, to also exclude the backups created by KeePassium, inside a database tap on the "Settings" gear button on the lower-right, then "Database Backup", and *enable* "Exclude Backup Files from System Backup".
-
-<div class="grid" markdown>
-
-![Screenshot from the iOS app showing the File Info page for a database, with the "Exclude From iCloud/iTunes Backup" option enabled in green.](../assets/images/keepassium-review/keepassium-fileinfo.webp)
-
-![Screenshot from the iOS app showing the Database backup page from Settings with the "Exclude Backup Files from System Backup" option enabled in green.](../assets/images/keepassium-review/keepassium-backup.webp)
-
-</div>
-
-You will find the same option on macOS:
-
-![Screenshot from the macOS app showing the File Info for a database, with the "Exclude From iCloud/iTunes Backup" option enabled in yellow.](../assets/images/keepassium-review/keepassium-fileinfomac.webp)
-
-#### Auto-delete backup files
-
-You can choose the backup files to get deleted automatically after a certain period of time. For this, go to "Settings" then the "Database Backup" again, and scroll down to "Keep Backup Files". Select a retention period that is secure for your threat model. You can also tap on "Delete ALL Backup Files" below to delete all backups at any time.
-
-#### Manual backups
-
-Finally, you can simply back up your database `.kdbx` file manually. For this you have the options to transfer the file from KeePassium via cable, cloud storage, local network, AirDrop, email, or even Signal's [Note to Self](https://support.signal.org/hc/en-us/articles/360043272451-Note-to-Self)!
-
-To [transfer](https://support.keepassium.com/kb/database-transfer/) your database file entirely offline to another Apple device, connect your device together via USB cable and follow these [instructions](https://support.apple.com/en-gb/guide/mac-help/mchl4bd77d3a/mac).
-
-If you stored your database locally on iPhone, you will find the file in Apple's "Files" > "On My iPhone" > "KeePassium". From there, you can long press the file to see options to move or share it.
-
-![Screenshot from the iOS Files showing the menu from a long-press over the local database file with the option to "Move" the file circled.](../assets/images/keepassium-review/keepassium-movedatabase.webp){width="400"}
-
-#### Restore database from backup
-
-If you encounter any errors while managing your database, you can always restore it from a backup. Keeping multiple backup versions is a good idea to ensure you always have a functional file. Glitches and bugs are more likely to happen if you handle your database in unusual ways, with other software that may not have been tested for this usage yet.
-
-Restoring a database in KeePassium is a very straightforward operation. In the "Databases" section, tap on the 3-dot button on the upper-right, then select "Show Backup Files", if it isn't already on. Follow KeePassium's [instructions to restore](https://support.keepassium.com/kb/restore-backup/) a previous version.
-
-### Synchronization and direct connection
-
-While you can use KeePassium entirely offline, the app also offers options to synchronize your database with other KeePassium installations or other KeePass-compatible applications.
-
-There are two ways to do this. You can either simply store your database file in a cloud service of your choice and let KeePassium access this file, or you can use KeePassium's direct connection with certain cloud providers.
-
-You can see these two options from the app in "Settings" > "Network Access". From there, you have the option to select "Stay Offline", for maximum privacy, or "Allow Network Access", for maximum functionality.
-
-Whether you choose simple file synchronization or a direct connection, you can consult [this list](https://support.keepassium.com/kb/sync/) of cloud storage providers that have been tested by the KeePassium team and users to determine if your provider is supported.
-
-#### Stay offline, and synchronize through a cloud provider (recommended)
-
-This is KeePassium's [recommended method](https://keepassium.com/articles/cloud-sync-sandboxing/) to synchronize your database file(s) while maximizing privacy and minimizing external accesses. By default, KeePassium will remain offline, but you can store your database file with a cloud provider of your choice.
-
-This way, your cloud provider will manage the network communication, and KeePassium will only take care of decrypting your database. Because of system-enforced sandboxing, KeePassium will not have access to anything else on your cloud storage, only the database file(s) your have granted it access to.
-
-For example, you can store your database file on a cloud storage of your choice, then open it from KeePassium for iOS and also from KeePassXC on desktop. Both applications will access and manage the same file, therefore synchronizing your database.
-
-Be careful however when modifying your database. If synchronization isn't handled properly, this could cause errors that could corrupt your file. This is why it's important to test your setting first, and a good practice to keep a backup in a secure secondary location.
-
-![Screenshot from the iOS app showing the Network Access page with the option "Stay Offline" selected.](../assets/images/keepassium-review/keepassium-offline.webp){width="400"}
-
-<details class="example" markdown>
-<summary>Synchronization through Proton Drive</summary>
-
-Proton Drive isn't part of the recommended and tested list of cloud providers for KeePassium. However, it was briefly tested during this review.
-
-Between KeePassium iOS and KeePassXC on desktop, some synchronization was possible through Proton Drive, but with mixed results.
-
-To make it work, first the Proton Drive app needed to stay unprotected by a PIN or biometrics, which isn't ideal if you have other sensitive files on this drive. There was also some delay to sync the database between mobile and desktop, and a few bugs occurred while testing.
-
-That being said, synchronization was *possible* through Proton Drive between KeePassium for iOS and KeePassXC on desktop, but maybe not recommended. If you choose this setup for yourself, it is *strongly* recommended to conduct adequate testing first using a dummy database, and once set up with your actual database, to keep a secondary backup in a separate location.
-
-Testing couldn't make synchronization work between KeePassium iOS and KeePassium macOS through Proton Drive. Issues seem to come from conflict resolutions on the Proton Drive side. Of course, because Proton Drive isn't even listed by KeePassium as a supported storage, this was simply conducted as an experiment and not an expectation.
-
-Because many of our readers might use Proton Drive as a cloud provider, just be aware it probably isn't a usable synchronization solution at this time.
-
-Using Proton Drive to simply back up a password database file manually without synchronization is still a viable option, however.
-
-</details>
-
-#### Allow network access, to connect directly from KeePassium
-
-In 2022, KeePassium added direct connection options for certain cloud storage providers as a workaround solution for providers that were not integrating well with the system. This should however be a secondary choice only, as it will have some downsides for your data privacy.
-
-You can find this option from the "Data Encryption" welcome window at the start where you can either create a database, import a database, or "Connect to Server".
-
-Although KeePassium will only use what is necessary for this functionality, it [will access](https://keepassium.com/privacy/app/#direct-connections) more data than with the "Stay Offline" synchronization option. The data used for this functionality will however remain between your device and the cloud provider.
-
-#### Supported cloud storage providers
-
-KeePassium offers full support for iCloud Drive, Box, Dropbox, Google Drive, OneDrive, Resilio Sync, Nextcloud, SFTP / WebDAV, and limited support for Mega and Cryptomator.
-
-You might be able to make it work with cloud providers that aren't listed here. However, if you decide to use a provider that isn't fully supported, make sure to properly test your setup with a dummy database first.
-
-### Additional features
-
-This review focused testing on the most commonly used features that are accessible from a free plan. Nonetheless, KeePassium offers many more features, and additional ones for paid plans. Here's a summary of some other interesting features that have not been covered yet:
-
-#### Passkeys
-
-Since December 2024, KeePassium added [support](https://keepassium.com/blog/2024/12/keepassium-2.0/#passkey-support) for passkeys with its 2.0 release.
-
-#### Family sharing (Premium)
-
-You can use Apple's Family Sharing feature to [share](https://support.keepassium.com/kb/family-sharing/) your KeePassium paid license with your family members.
-
-#### Multiple databases (Premium)
-
-With a paid plan, it's possible to create or import multiple databases with KeePassium. This can be very convenient if you use a separate database for work and for your personal life, for example.
-
-#### Printing database
-
-KeePassium has a quick option to print an entire database in plain text, in an easy-to-read format. If this is secure for you, it can be a convenient way to keep a backup paper copy of all your passwords in case of emergency (or for inheritance purposes).
-
-To do this, while inside your database tap on the tool-shaped button on the lower-left, then select "Print". Of course make sure to secure this printed data *very well*, as it could be your weakest link.
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Important security warning!</p>
-
-Depending on your printer's settings, you should be *very careful* when using the print function. This data will be sent in plain text to your printer, and even perhaps through a network (depending on your printer's settings).
-
-This **can represent a very high security risk**, depending on your printer setup and situation. The file with your plain text passwords could also remain stored in the printer's queue!
-
-The print function can be [disabled](https://support.keepassium.com/docs/mdm-appconfig/#allowDatabasePrint) for users with a Business license.
-
-</div>
-
-![Screenshot from the iOS app showing a preview to print a database file in plain text. The file lists the database name at the top, then each group, and within each group all entries' credentials including usernames, passwords in plain text, URL, and notes.](../assets/images/keepassium-review/keepassium-print.webp)
-
-#### Read-only database
-
-You can protect a database from accidental changes by enabling this option. This will prevent any entries from being added, removed, or modified.
-
-It can be very useful if you have installed the app for someone who isn't comfortable with technology and want to make sure they cannot inadvertently delete an entry, for example.
-
-To enable it from KeePassium on iOS, go to the "Databases" section, long press on your database file, select "Database Settings", then enable "Read Only" at the top.
-
-#### File storage (attachments)
-
-You can use your database to store files!
-
-It's probably best to stay reasonable with this because files will quickly make your database very heavy. This could significantly slow down the encryption and decryption processes.
-
-That being said, it's a great way to store more sensitive files securely. The files will be encrypted with your database.
-
-You can either add files to an entry already created, or create a new entry named "Files" (or anything else you wish) to store all of your files together.
-
-To add a file, select the paperclip-icon tab at the top of an entry, then tap the plus-sign button at the bottom. Your files (attachments) will be accessible from any other KeePass-compatible application, like KeePassXC for example.
-
-![Screenshot from the macOS app showing the section tab within an Entry to add and view attachment files.](../assets/images/keepassium-review/keepassium-attachmentmac.webp)
-
-Interestingly, KeePassium even uses a quite decent PDF viewer on iOS:
-
-![Screenshot from the iOS app showing a preview for a PDF file, in this case the document for Privacy by Design by Ann Cavoukian.](../assets/images/keepassium-review/keepassium-pdfviewer.webp){width="400"}
-
-## :material-thumb-up-outline: Nice to have
-
-- You can see what was added, changed, or fixed for each KeePassium version from "Settings" in the "What's New" section.
-
-- You can change the KeePassium and database icons from "Settings" > "Appearance" > in "App Icon" and "Database Icons".
-
-- KeePassium has [excellent documentation](https://support.keepassium.com/)! This is handy to learn about features or to troubleshoot if you encounter any errors.
-
-- You can see the full credits for the app from "Settings" in the "About KeePassium" section.
-
-<div class="admonition question" markdown>
-<p class="admonition-title">Check the credits!</p>
-
-KeePassium not only credits its direct contributors but also lists credits for each graphics, code, and encryption algorithms used. You will find the same list of credits on KeePassium's GitHub [page](https://github.com/keepassium/KeePassium?tab=readme-ov-file#author-and-credits). This is a wonderful idea that more software should get inspired by.
-
-</div>
-
-## :material-thumb-down-outline: Downsides
-
-Even if KeePassium is a great secure application that is easy and pleasant to use, there are still a few downsides that should be mentioned:
-
-- People with older versions of iOS or macOS will unfortunately not be able to use the application at all.
-
-- KeePassium only works in the Apple ecosystem, and there are no versions for other systems at this time.
-
-- If you are using a cloud provider that doesn't work smoothly with KeePassium and you need synchronization, you will unfortunately need to synchronize your database manually or change your cloud storage provider.
-
-- AutoFill on iOS might not work for every account. This can be an inconvenience depending on your usage and which of your accounts (if any) are impacted.
-
-- AutoFill on macOS might not work with your favorite browser (if it isn't Safari).
-
-## :octicons-key-16: Conclusion
-
-Overall, KeePassium is a privacy-focused, offline-first application, that has clearly prioritized user experience and user interface, while not neglecting security and privacy.
-
-When used with the basic and supported settings, it works fairly smoothly and allows enough customization to adapt to a variety of user needs and situations.
-
-The fact that KeePassium allows full compatibility with most other KeePass-compatible applications is an immense benefit compared to proprietary password managers.
-
-If you already keep your database in the KeePass file format, there are no downsides in trying KeePassium. If you aren't using this database format yet, this is a great opportunity to start and free yourself from locked-in systems that secure your precious passwords with obscurity rather than with openness.
-
-<small aria-hidden="true">Unless credited otherwise, all screenshots from: Privacy Guides</small>

blog/posts/privacy-guides-hires-three-staff-members.md

@@ -17,7 +17,7 @@ At Privacy Guides, we are always looking for ways to be more effective at our mi
 
 ## Em – Journalist
 
-![](https://forum-cdn.privacyguides.net/user_avatar/discuss.privacyguides.net/em/288/8211_2.png){ align=right }
+![](https://forum-cdn.privacyguides.net/user_avatar/discuss.privacyguides.net/ematprivacyguides/288/8211_2.png){ align=right }
 
 We’re excited to welcome Em (she/her), our new journalist, who will play an important role in taking our [articles](https://www.privacyguides.org/articles/) to the next level. She will be focusing on creating in-depth, interesting posts that explore the most important topics in the world of online privacy, security, and digital rights. Em will also conduct interviews with experts in the industry, analyze reports and studies, and produce investigative news stories to keep our readers informed.
 

blog/posts/private-european-alternatives.md

@@ -226,7 +226,7 @@ Element is based in the United Kingdom, which is of course no longer in the Euro
 
 <div class="admonition recommendation" markdown>
 
-![Element logo](../assets/img/social-networks/element.svg){ align=right }
+![Element logo](../assets/img/messengers/element.svg){ align=right }
 
 **Element** is the flagship client for the [Matrix](https://matrix.org/docs/chat_basics/matrix-for-im) protocol, an [open standard](https://spec.matrix.org/latest) for secure decentralized real-time communication.
 

blog/posts/sam-altman-wants-your-eyeball.md

@@ -1,383 +0,0 @@
----
-date:
-    created: 2025-05-10T15:00:00Z
-    updated: 2025-05-10T15:45:00Z
-categories:
-    - News
-authors:
-    - em
-description: Last week, OpenAI's CEO Sam Altman announced in San Francisco that the World project he co-founded, formerly known as Worldcoin, is opening six stores across the United States, allowing users of the project's app to scan their eyeballs.
-schema_type: AnalysisNewsArticle
-preview:
-  color: "#c0322f"
-  text_color: "#ffffff"
-  site_logo: privacy-guides-logo-notext-colorbg-white.svg
-  icon: material/eye-circle
----
-
-
-# Sam Altman Wants Your Eyeball
-
-![Image of a red circle of light that resembles a human iris over a black background.](../assets/images/sam-altman-wants-your-eyeball/orb-cover.webp)
-
-<small aria-hidden="true">Photo: Flyd / Unsplash</small>
-
-Last week, OpenAI's CEO Sam Altman announced in San Francisco that the World project he co-founded, formerly known as Worldcoin, is opening six stores across the United States, allowing users of the project's app to scan their eyeballs.
-
-Simply put, the premise is this: scan your eyeball, get a biometric tag, verify yourself, buy our apps (and cryptocurrency). The scary part is the for-profit company developing the project has now gathered millions in venture capital investment, powerful partners, and is ready to expand and impose its [Minority Report](https://en.wikipedia.org/wiki/Minority_Report_(film)) style technology everywhere. **Welcome to Dystopialand.**<!-- more -->
-
-The World(coin) project is an initiative from the startup Tools for Humanity, co-founded by its CEO Alex Blania. Despite its friendly name, the for-profit corporation has been on the radar of many critics through the years already. From experts to journalists to privacy commissioners around the world, not everyone shares Blania's enthusiasm for his biometric-based technology.
-
-## What is the World App?
-
-The World project, recently rebranded from the Worldcoin project (possibly to convey better its expansionist ambitions) presented its plan for the World App to Americans this week. The project is now expanding well beyond the cryptocurrency it started from.
-
-The World App is an everything app, providing users with a *World ID*, that can be verified through the collection of biometric data in the form of an iris scan.
-
-The scan is then filtered and hashed to create a unique identifier that is stored as a so-called "proof of personhood" on the *World Network*, a blockchain-based protocol.
-
-The World App itself contains a collection of "Mini Apps", where users can manage their cryptocurrencies, chat together, play games, receive their pay check even, and ultimately live their whole life within the closed "verified" ecosystem of the app.
-
-For a company constantly praising decentralization, it sure looks like they want to make sure they are the center of it all.
-
-To obtain this coveted verification code, users *must* be ready to share their precious eyeball data with the Orb.
-
-The Orb is a piece of hardware designed by Tools for Humanity to perform iris scans. It is available to access in the United States at one of the currently six locations in Austin, Atlanta, Los Angeles, Miami, Nashville and San Francisco (more to come soon), like some sort of biometrics collection ATM.
-
-The World project has for ambition to expand its reach across the United States to install 7,500 Orbs by the end of this year, so be prepared to see this dystopian technology everywhere soon.
-
-The San Francisco [presentation last week](https://www.theregister.com/2025/05/04/sam_altman_startup_world/) was clearly prepared to impress investors with its Apple announcement vibe. The promise of a quickly growing startup that everyone will soon want to work with, was repeated over and over in different flavors.
-
-Tools for Humanity bragged about many large partnerships that should make any privacy advocates shiver in dread: the Match Group dating apps conglomerate (Tinder, OkCupid, Hinge, Plenty of Fish), Stripe, and Visa are some of them.
-
-If they succeed in convincing enough people, many of us could soon have little choice but to unwillingly have to enroll.
-
-## World(coin) isn't new, you might have heard of its unethical practices already
-
-The project [claims](https://techcrunch.com/2025/04/30/sam-altmans-world-unveils-a-mobile-verification-device/) to have onboarded 26 million people already, including 12 millions "users" who are verified (had their biometric data collected).
-
-These "users" are largely located in Latin America, Africa, and Asia. This is because the company started testing for its project there a few years ago, in regions where people often have fewer legal protections.
-
-In 2022, MIT Technology Review produced [an extensive investigation](https://www.technologyreview.com/2022/04/06/1048981/worldcoin-cryptocurrency-biometrics-web3/) on the startup's debut in an article titled: *Deception, exploited workers, and cash handouts: How Worldcoin recruited its first half a million test users.*
-
-The investigation revealed a collection of unethical practices to pressure the most vulnerable populations in signing up for Worldcoin, and **have their eyeball scanned in exchange for money** they desperately needed.
-
-Some participants had to provide much more personal information than the company says is required, such as emails, phone numbers, and even photos of official ID. Many people who gave their biometric data to Worldcoin were rushed and misinformed. Some who signed up didn't even have an email and had to create one. The "Orb operators" hired to perform the scans locally were often poorly trained, poorly informed, and unable to answer the questions asked by participants.
-
-So much so that [Kenya suspended the company's operations](https://techcrunch.com/2023/08/02/kenya-suspends-worldcoin-scans-over-security-privacy-and-financial-concerns/) in 2023 over concerns for privacy, security, and financial service practices.
-
-Some people who signed up never received the promised money. Some officials were bribed to give the impression to participants these operations were official and supported by the government.
-
-As Ruswandi, one of the person targeted by this early campaign [remarked](https://www.technologyreview.com/2022/04/06/1048981/worldcoin-cryptocurrency-biometrics-web3/): "why did Worldcoin target lower-income communities in the first place, instead of crypto enthusiasts or communities?"
-
-Exploiting people in situation of poverty in order to test a biometric identification technology isn't a great way to start a project developed by a company called "Tools for Humanity".
-
-## Creating the problem, selling the solution
-
-Why developing such a technology in the first place?
-
-Sam Altman himself have [expressed concern](https://www.wired.com/story/sam-altman-orb-eyeball-scan-launch-us/) about the problem this alleged solution solves: the avalanche of fake accounts and pretend persons online caused by the new AI tools unleashed everywhere.
-
-The proposed use of a "proof of personhood" claims to solve this problem by allocating a unique identifier to each human, a personal code supposedly impossible to duplicate or cheat. Of course, this has [already been proven wrong](https://gizmodo.com/worldcoin-black-market-iris-data-identity-orb-1850454037).
-
-No one will miss the irony of the CEO of OpenAI, responsible for creating the largest share of this problem, expressing such concern **while continuing to feed the fire**.
-
-This is a classic case of creating a problem and selling the solution. Well, in this case it is more like ***selling* the problem and selling the solution**. As researcher and cryptocurrency critic [Molly White pointed out](https://www.citationneeded.news/worldcoin-a-solution-in-search-of/) in 2023:
-
-"That's right, the guy who's going to sell us all the solution to a worsening AI-powered bot infestation of the Internet and to AI-induced mass unemployment is the same guy who's making the AI in question."
-
-Sadly, this proposed solution also isn't really a solution, or at least it isn't a *good* solution. Indeed, this will **create a whole collection of new problems**, many much worse than a bot infestation.
-
-## The risks of sharing biometric data
-
-Biometric data is incredibly sensitive data, because it's irrevocably attached to a person. Whether it's from a face scan, palm scan, fingerprint, keystroke pattern, or iris scan, this data is part of our bodies and **cannot be changed like a password** if it gets compromised.
-
-For this reason, a growing number of legislations around the world now include special categories for such data collection, and require extra protections and supervision for it.
-
-There are many dangers in collecting and potentially endangering biometric data. First, if this data gets stolen, criminals can impersonate a victim much more convincingly, because they will have the "proof" to "verify" this is really you.
-
-While straight-up stealing your eyeball or face might still belong to science-fiction, the risk of getting the data produced *from* the scan stolen is very real.
-
-When the World project claims it is secure because biometric data isn't stored anywhere, even if that was true, the iris *code* derivative of this data is indeed stored and processed somewhere, and this can potentially be stolen.
-
-How hard will it be for a victim to recover an account from a biometric thief when everything is reinforcing the false narrative shared with investors that this technology can't be cheated?
-
-Then, there is the loss of pseudonymity protections online.
-
-If every social media account becomes tied to a unique biometric-based identifier, whether directly or indirectly, there is no pseudonymity anymore.
-
-Further, if only one account is allowed by "verified human", then no one can create separate accounts for their work life and personal life anymore. Creating separate accounts for separate purposes is an excellent privacy-preserving practice.
-
-Even if the identifier isn't tied to a legal name directly, accounts on different platforms using the same identifier could potentially get liked together. To be fair, it does seem Tools for Humanity worked to prevent different platforms from having access to the same code, but how well will this hold the test of time? Will platforms increasingly escalate privacy-invasive requests from this point, like they often do?
-
-**Pseudonymity saves lives.** It is an essential tool for the safety of the most vulnerable online. Killing pseudonymity by requiring unique biometric identification could endanger millions.
-
-This is a serious problem coming up with [age verification](age-verification-wants-your-face.md) processes as well, which World ID will soon also be a part of when [testing](https://www.engadget.com/cybersecurity/sam-altmans-eyeball-scanning-id-technology-debuts-in-the-us-130032856.html) its implementation for Tinder in Japan.
-
-Biometric data should never be used lightly. It should be reserved for the most extreme cases only.
-
-The regions who have adopted stronger regulations for biometric data collection are moving in the right direction. But will protective legislation be enough to resist the pressure from a for-profit VC-backed corporation with a valuation at billions?
-
-## Flipping the coin
-
-Tools for Humanity seems to be well aware of its creepiness factor, and of the criticisms brought by privacy commissioners around the world.
-
-Its recent Orb redesign from the previous cold (Black)mirror finish clearly tries hard to replace creepiness with cuteness.
-
-The company has also evidently invested a lot in presenting a pro-privacy image, likely in an attempt to reassure users (and investors).
-
-Unfortunately, many of these privacy-preserving claims are inaccurate. Some claims promoting "features" that might sound impressive to a neophyte's ear are actually just the baseline, and others sadly are misleading *at best*.
-
-While a few privacy-preserving efforts are indeed positive, most of the focus on privacy relates to marketing much more than any serious protections.
-
-## How privacy-preserving is it?
-
-Most people are still put off by the idea of having their eyeball scanned, and the company has evidently invested a lot in promoting a "privacy-preserving" image, possibly as an attempt to reassure unconvinced humans and [privacy commissioners](#privacy-legislators-arent-on-board) alike.
-
-But how much can we trust those claims?
-
-### Flawed assumption about what constitutes personal data
-
-The largest assumption about why this technology is "privacy-preserving" seems to come from the fact that the World App doesn't collect names, official IDs ([unless it does](https://www.toolsforhumanity.com/legal/privacy-notice#6-2-credentials-)), emails ([unless it does](https://www.toolsforhumanity.com/legal/privacy-notice#annex-i-%E2%80%93-legal-grounds/purposes-for-tools-for-humanity-data-processing-activities-)), phone numbers ([unless it does](https://www.toolsforhumanity.com/legal/privacy-notice#5-1-data-you-provide-to-us)), date of birth ([unless it does](https://world.org/blog/announcements/worldcoin-new-world-id-unverify-option-increases-personal-control-over-data)), or other identifiers.
-
-This assumption however neglects the fact that 1) even data that isn't attached to a legal name can be personal data, and 2) the iris code it produces from the iris scan *is* indeed personal data.
-
-While there are variations, most privacy regulations have similar definitions of what constitute personal data. The European General Data Protection Regulation (GDPR) [defines](https://gdpr-info.eu/art-4-gdpr/) it as "any information relating to an identified or identifiable natural person". An iris code derived from an iris scan of course fits this definition.
-
-Moreover, to create a World ID, the company also collects a face image. Together, the original iris scan and face photo are referred to as *Image Data*. For "privacy-preserving" purposes, Image Data of course never leaves the Orb device ([unless it does](https://world.org/legal/biometric-data-consent-form)).
-
-While it seems some effort has been made to protect the Image Data in some ways, the idea that derivative data from the scans isn't still sensitive personal information anymore is wrong.
-
-If there is a way for a person to scan their iris again and generate the same code, then this data relates to their identifiable person. This also means that *someone else* could scan their iris and generate the same code.
-
-As whistleblower [Edward Snowden rightfully pointed out](https://x.com/Snowden/status/1451990496537088000) in a 2021 tweet:
-
-“This looks like it produces a global (hash) database of people's iris scans (for 'fairness'), and waves away the implications by saying 'we deleted the scans!' Yeah, but you save the *hashes* produced by the scans. Hashes that match *future* scans. Don't catalogue eyeballs.”
-
-### Questionable reassurance about local data
-
-One of the biggest reassurance relates to the claim that sensitive biometric data (Image Data) is only stored locally. But this isn't completely accurate either, and there seems to be conflicting information about it from the company's own documentation.
-
-The World [white paper](https://whitepaper.world.org/#enrollment-process) specifies that:
-
-"The Orb verifies that it sees a human, runs local fraud prevention checks, and takes pictures of both irises. The iris images are converted on the Orb hardware into the iris code. Raw biometric data does not leave the device (unless explicitly approved by the user for training purposes)."
-
-However, according to the [Biometric Data Consent Form](https://world.org/legal/biometric-data-consent-form) users have to sign prior to data collection, if a user needs a fully verified World ID, inevitably this sensitive biometric data will be sent to their phone, therefore leaving the Orb.
-
-After a user agrees to the form, they can keep the option for *Data Custody* disabled to have their biometric data deleted from the Orb "later", and have it uploaded to their phone (with all the risk that this entails).
-
-The other option users have is to enable Data Custody (if allowed in the user's country) and have this sensitive data sent to both their phone *and* to Tools for Humanity.
-
-This means the Orb inevitably sends this sensitive data to a mobile device. Then, this data is only as secure as the mobile device is. Which isn't so reassuring.
-
-The documentation does maintain this biometric data is sent as an "end-to-end encrypted data bundle", but this doesn't mean the data never leaves the Orb, it just means it leaves it while encrypted (which is really just the basics), and copies it to the user's device.
-
-Furthermore, future users are *strongly* incentivized to share their Image Data with Tools for Humanity, for algorithm improvement purposes. Pressure to opt in is even presented as a *convenience* option, because it would be cumbersome to have to come over for another scan after every update.
-
-As [stated](https://world.org/legal/biometric-data-consent-form) in the Biometric Data Consent Form:
-
-"This will likely help you avoid some inconvenience because, if we have your Image Data, then you will not need to return to an Orb to re-verify your digital identity when we update the software."
-
-The company continues to repeat they have a "privacy by default and by design approach". But **you can't keep your privacy-preserving cake and eat it, too**.
-
-### What does the white paper say
-
-In tech, a white paper is usually a research-based document produced by the developers that presents more technical details on an application, product, or process. It is especially valuable for products like the Orb and the World App, where security and privacy *should* be paramount, and therefore examined closer.
-
-Because it isn't an independent review, a white paper can also not be worth much more than a marketing pamphlet.
-
-To its credit, Tools for Humanity does [warn](https://whitepaper.world.org/#nature-of-the-whitepaper) in its white paper that this information is "intended for general informational purposes and community discussion only and do not constitute a prospectus, an offer document, an offer of securities, a solicitation for investment, or any offer to sell any product, item or asset (whether digital or otherwise)."
-
-Furthermore, the company makes sure to specify that "circumstances may change and that the Whitepaper or the Website may become outdated as a result; and the [World] Foundation is not under any obligation to update or correct this document in connection therewith."
-
-The document is also described as a "crypto-asset white paper".
-
-We have been warned.
-
-In its Privacy section, the white paper [states](https://whitepaper.world.org/#image-custody-opt-in) that "no data collected, including images taken by the Orb has or will ever be sold. Nor will it be used for any other intent than to improve World ID."
-
-However, its [Privacy Notice also states](https://world.org/legal/privacy-notice#8--when-we-share-your-data) that they may "share your personal information in connection with, or during negotiations concerning, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company."
-
-If this happens, many regretful users might find themselves in [the same shoes as 23andMe users this year](https://www.techradar.com/health-fitness/23andme-is-bankrupt-and-about-to-sell-your-dna-heres-how-to-stop-that-from-happening), where the DNA collecting company started to look for buyers of its biometric data assets after filling for bankruptcy.
-
-Additionally, the Face Authentication section of the white paper [describes](https://whitepaper.world.org/#face-authentication) a process where encrypted facial biometrics collected from the Orb are used for authentication in the World App.
-
-Even if this data is stored on-device, it is still biometric data getting collected by the Orb then processed by the phone app. There is no question this is sensitive and personal biometric data, and it is indeed kept outside the orb.
-
-Tools for Humanity lacks consistency in the various claims and statements found through its documentation and promotion material. It becomes difficult to know which version to trust, and if it is to be trusted at all.
-
-### No deletion on the blockchain
-
-Tools for Humanity's Privacy Policy declares that the company will delete all account data (when laws allow it) one month after it is closed, this is good. They also state they will delete entirely any inactive account after 2 years, and this is actually a great policy.
-
-But what happens to the World ID, transactions, and other data stored on the blockchain?
-
-While some thoughts have been put into deletion and some good mechanisms seem to have been implemented, unfortunately data stored on the blockchain might be "deletion-resistant".
-
-There's a possibility that **what happens on the blockchain stays on the blockchain, forever**.
-
-The policy [notes](https://www.toolsforhumanity.com/legal/privacy-notice#11--how-long-do-we-keep-your-data-) that:
-
-"Due to the public and immutable nature of blockchain technology, we cannot amend, erase, or control the disclosure of data that is stored on blockchains."
-
-So that is something to keep in mind if you value your right to delete.
-
-## Data security considerations
-
-Even if some thoughtful security features seem to have been implemented for the World App and its Orbs, nothing processing sensitive data at such a large scale should be left in the hands of a single for-profit, largely unregulated, organization.
-
-This would be like putting 8 billion eggs in a very fragile basket, held by someone paid to make the basket pretty and convince as many people as possible to put their precious single egg in it, with no incentive whatsoever to ensure the basket doesn't break. I would not want to put my egg in there, especially with how much it costs now.
-
-The idea of using one single *for-profit* app worldwide for "human verification", identity verification, age verification, money transactions, and storing official IDs (and so on and so forth) makes this application a *huge* target for criminals and hostile governments alike.
-
-It's good that the app had [security audits](https://github.com/trailofbits/publications/blob/master/reviews/2023-08-worldcoin-orb-securityreview.pdf), made some [code available](https://github.com/worldcoin) as open source, and reportedly [plans](https://whitepaper.world.org/#why-custom-hardware-is-needed) to open a bug bounty program.
-
-However, there are still problems that remain. For example, the phone in this case becomes a single point of failure. The easiest way to steal someone's identity and money (all at once) will be to steal their phone data (whether physically or remotely). Even without criminal intent, what happens when someone just loses their phone? Or accidentally drop it in the pool? Or step on it?
-
-With **everything relying on a single app and a single device**, risk is greatly amplified.
-
-Outside the user's responsibility, Orb operators and Orb stores are susceptible to various attacks. This will increase exponentially with the number of users of course, as the target becomes bigger. In fact, Orb operators have [already been hacked](https://techcrunch.com/2023/05/12/hackers-stole-passwords-of-worldcoin-orb-operators/).
-
-Then, there is the appeal of fake identities and money fraud for criminals. Already, there is a [black market](https://gizmodo.com/worldcoin-black-market-iris-data-identity-orb-1850454037) for iris data in China, where people buy iris data (or verified World ID according to World) from people in Cambodia, Kenya, and other countries for a few dollars only. The vulnerability allowing this was reportedly fixed, but it is doubtful this is the last one we hear about.
-
-The Orb itself is also an important potential attack surface. With Tools for Humanity's ambition to fill the world with Orbs everywhere, will Orbs become the next version of the sketchy ATM? Where you might wonder if this funny-looking Orb is trustworthy enough to pay your bar tab without risking emptying your crypto wallet?
-
-## Privacy legislators aren't on board
-
-Despite all its privacy promotion material, the World project has failed to convince privacy commissioners around the world of their supposedly good intentions. Perhaps in this case actions speak louder than words, and privacy commissioners aren't so gullible.
-
-With the expansion the project plans this year, we can expect even more experts will examine the company's claims and challenge its "privacy-preserving" assumptions
-
-There are many reasons to remain skeptical about these promises of privacy. Indeed, numerous countries have already suspended, fined, or called for investigation on the company's (mal)practices.
-
-### The company was fined for personal data violation
-
-In 2024, the company was [fined](https://cointelegraph.com/news/south-korea-fines-worldcoin-personal-data-violations) 1.1 billion Korean won for violating South Korea's Personal Information Protection Act (PIPA). The Worldcoin Foundation was also imposed corrective orders and recommendations. Organizations that are truly "privacy-first" rarely reach this point.
-
-The Data Custody feature, which allows (and encourages) users to share their biometric data with Tools for Humanity is now unavailable in South Korea.
-
-### Brazil has banned Worldcoin in the country
-
-In January this year, the National Data Protection Authority (ANPD) [banned](https://decrypt.co/305639/brazilian-regulator-denies-worldcoin-appeal-ban) Worldcoin's operations in Brazil, after the company's appeal was rejected.
-
-The ban comes from regulation stating that consent to process biometric data must be "free, informed, and unequivocal", which cannot be the case with the World project paying users in cryptocurrency in exchange for their iris scans. Data deletion concerns were also raised by the regulator.
-
-The World project tried again to appeal the decision, in vain.
-
-### Kenya and Indonesia suspended its operations
-
-In 2023, Kenya, one of the first country where Worldcoin was available, [suspended](https://techcrunch.com/2023/08/02/kenya-suspends-worldcoin-scans-over-security-privacy-and-financial-concerns/) Worldcoin's operations citing concerns over the "authenticity and legality" of its activities related to privacy, security, and financial services.
-
-The worse part is, months before the Office of the Data Protection Commissioner (ODPC) of the country had ordered Tools for Humanity to stop collecting personal information from its citizens. The company simply [ignored the ODPC order](https://techcrunch.com/2023/08/15/worldcoin-in-kenya/) and continued to collect biometric data from Kenyans. It only stopped after Kenya's ministry of interior and administration gave the suspension order later on.
-
-This again is quite far from the behavior of a company who genuinely values privacy.
-
-More recently on May 4th 2025, Indonesia also [suspended](https://en.antaranews.com/news/353861/indonesia-suspends-worldcoin-world-id-operations-over-public-concerns) the World project's operation in the country over concerns related to user privacy and security. The Ministry of Communication and Digital will be summoning the project's local operators to clarify the operations and determine potential violation of the Indonesia's electronic system regulation.
-
-### German regulator ordered GDPR compliance following investigation
-
-In December 2024, the German regulator, the Bavarian State Office for Data Protection Supervision (BayLDA), [issued an order](https://decrypt.co/298090/german-watchdog-cracks-down-on-worldcoin-over-biometric-data) to obligate proving deletion procedures that comply with the GDPR within one month. Additionally, the BayLDA ordered the complete deletion of certain data records that were previously collected without sufficient legal basis.
-
-Again, the World Foundation is fighting the order and will [appeal](https://cointelegraph.com/news/german-watchdog-order-worldcoin-delete-data) the decision. The company tries to argue the data collected was "anonymized", a common strategy to try evading GDPR compliance, which does not regulate anonymized data.
-
-### Data protection authorities around the world are investigating
-
-In 2023, France's data protection authority the CNIL [investigated](https://www.reuters.com/technology/worldcoin-paris-office-checked-by-french-data-watchdog-2023-08-31/) Worldcoin's activities in the country. The same year, UK's privacy watchdog started its own [inquiry](https://www.reuters.com/technology/uk-data-watchdog-make-enquiries-worldcoin-crypto-project-2023-07-25/) into the company's operations.
-
-In 2024, Hong Kong's Office of the Privacy Commissioner for Personal Data [raided](https://www.scmp.com/news/hong-kong/law-and-crime/article/3250480/hong-kong-eye-scan-cryptocurrency-scheme-probed-citys-privacy-watchdog) six Worldcoin offices citing personal information privacy and security concerns.
-
-There is no doubt more countries and regions will follow with similar investigations and bans as the World project expands to its ambition.
-
-### In the United States, the app is restricted in some states
-
-Even in the US where the company is headquartered, the app is [restricted](https://www.wired.com/story/sam-altman-orb-eyeball-scan-launch-us/) in some states. The announcement for its event this month carried a warning the World is “not available for distribution via World App to people, companies or organizations who are residents of, or are located or incorporated in the State of New York or other restricted territories.”
-
-We can also expect the project will encounter roadblocks in states that have passed [regulations specific to the collection of biometric data](https://www.huschblackwell.com/2024-state-biometric-privacy-law-tracker). This includes states like Illinois, Texas, Washington, and Colorado.
-
-### Some regions have special regulations for biometric data
-
-Around the world the number of biometric-specific regulations is growing. Even without a regulation specific to this type of data, many privacy laws have started to include special categories and requirements to govern the collection and processing of sensitive biometric data. As companies are increasingly requesting such collection, legislations to protect users are essential.
-
-For example, the province of Quebec in Canada has recently implemented [strong protections for biometric data](https://www.cai.gouv.qc.ca/protection-renseignements-personnels/sujets-et-domaines-dinteret/biometrie?%2F) with its new privacy law, the Law 25. Consent isn't sufficient to collect biometric data, as the law requires organizations to explicitly justify the necessity for such collection in the first place. Importantly, any violation of Law 25 comes with fines as hefty as the GDPR's.
-
-More privacy laws should implement such protections quickly, as corporations collecting biometric information carelessly are multiplying fast.
-
-## Welcome to full dystopia
-
-The most concerning part of the World project's recent expansion isn't its cryptocurrency grift as much as stepping out of it.
-
-If cryptocurrency enthusiasts wish to share their personal data to get into a special cryptocurrency club, they might (although privacy regulations should still protect them). But using financial coercion to get new users by exploiting vulnerable communities living in poverty is **absolutely despicable**.
-
-Further, the fact that the World project has partnered with powerful players in the financial, gaming, and even dating sectors *should terrify everyone*.
-
-Beyond cryptocurrency, if platforms start to demand users everywhere to verify they are a human and verify they are an adult through the World ID system, then **everyone will soon be subjected to this**.
-
-The amount of money invested in the project means there will be an incredible pressure to spread it everywhere soon, and *monetize* it. There will be a *strong* incentive to monetize our data and to monetize our proof of humanity. This isn't trivial.
-
-The well-known dating app Tinder has already partnered with World ID to verify the age of users in Japan. If this experiment works well, and if users comply without objection, this could be soon mandatory for *all* dating apps.
-
-Let's not stop at dating apps, the World project has already announced last week they will also be working with Razer to verify humanity of online gamers. How far can this go in the age of age verification? Will every online games with mature content soon require a World ID to play?
-
-What about social media? Tools for Humanity's team have insisted the age of AI made us incapable of detecting if we are interacting with bots online. Therefore, they must valiantly come to our rescue to verify our humanity scanning our eyeballs (which bots tragically lack). What if this human verification is expanded to all our social media accounts? Certainly, regulators pushing for authoritarian age verification online would be delighted by such a product.
-
-Then, it comes for our money. The everything app of course offers payment and money management features. This is the app where you can keep your whole wallet, containing all your official IDs, your cryptocurrencies of all kind, and even connect with your less hyped regular bank accounts.
-
-Imagine a single app, owned by a single for-profit corporation, that collects and processes all the data from all your transactions online, all your communications online, that you absolutely have to continue using for your other social media accounts, your gaming life, and your dating life.
-
-There could soon be no way to escape the grasp of World's everything app. Actually, [some governments](https://www.theregister.com/2025/05/04/sam_altman_startup_world/) (Taiwan and Malesia) have already started using it for official services, because why not.
-
-**The ways this could degenerate fast into full dystopia are infinite**, and very real.
-
-The company even plans to ship next year the Orb Mini, a pocket-size personal spy-device with which users will be able to scan their own eyeballs on the go!
-
-But why stop there? Why not scan other people's eyeballs as well? Maybe all government officials could carry one? Maybe every payment terminal could have one too?
-
-We will find out soon, in one or two years.
-
-Tools for Humanity also bragged about the numerous utilities its new technology could make possible. For example, for event tickets! Order a concert ticket with your "proof of personhood" then maybe confirm you are the owner by having your eyeballs scanned to assist to a Rage Against the Machine concert?
-
-The only fun part in this is the irony.
-
-Tools for Humanity with its expansionist dream is without a doubt hungry enough to eat the whole World™️.
-
-### A new world of wealth inequalities
-
-The company brings up a few times the mention of Universal Basic Income (UBI) in its documentation, it even mentions it briefly in its [white paper](https://whitepaper.world.org/#ubi).
-
-While puzzling, it appears Tools for Humanity might consider its cryptocurrency bribe to sign up and subsequent token giveaways as some form of UBI? Or perhaps this is only one of its other ambition to control all the financial systems in the entire world. Why UBI is even mentioned at all in this context is unclear.
-
-Regardless, it's worth mentioning a for-profit company giving cash back in exchange for biometric data isn't UBI at all, it's just a **creepy membership card points**, at best.
-
-While the World project works hard to present the idea this is a tool for the people, where everyone is equal, wealth will definitely [not be distributed evenly](https://whitepaper.world.org/#wld-token-allocation) in this new World order.
-
-Already, 11.1% of World's cryptocurrency tokens (WLD) have been distributed to the World's team, 13.6% to investors, and 0.3% are reserved for Tools for Humanity. This means these entities would share together 25% of the wealth, while 75% of the world's population (according the Tools for Humanity's ambition) would have to share 75% of what's left.
-
-In the new "human" world this corporation envisions, Tools for Humanity and its investors would own 1 quarter of the entire world's wealth. There is nothing equitable or communal in a system like this.
-
-It's important not to forget this everything app will do everything to pressure its users in eventually using Worldcoins, its ultimate goal.
-
-From Tinder's mandatory age verification to cryptocurrency financial ruin in one single move.
-
-## The normalization of surveillance
-
-Even if this process was perfectly secure and perfectly private (which it is definitely not), the problem remains the normalization of surveillance.
-
-This isn't limited to Tools for Humanity, although the way the company tries to advertise itself as a privacy-first organization makes it even more important to scrutinize.
-
-But anyone else with a similar approach to biometric data collection for verifying humanity or age or legal names should be on our radar. Moreover, if it's a for-profit corporation with the power to impose this technology on us everywhere in the world.
-
-One company should never have such power.
-
-Further, biometric data should never be used for trivial purposes like "proof of personhood" or age verification. No amount of supposedly "privacy-preserving" features can change this.
-
-The premise itself is flawed from the start to respect privacy rights.
-
-While the problem of proving identify can still be an important one to solve in *some* context, the solution to this can never be monopolized by for-profit corporations.
-
-Regardless of Tools for Humanity's intentions and efforts to convince us to trust them, any similar technology is just another step towards a global system of mass surveillance, where ultimately privacy rights and human rights are lost.
-
-So, should you scan your eyeball to get a verified World ID?
-
-**No.**
-
-**No, you really shouldn't.**

docs/about/donate.md

@@ -21,7 +21,7 @@ MAGIC Grants is our fiscal host, and their custom, open-source donation platform
     Thank you to these organizations who significantly support Privacy Guides. (1)
     { .annotate }
 
-    1. Please contact <info@magicgrants.org> to inquire about giving. Privacy Guides reserves the right to rescind the membership of those who are unaligned with our mission or organization at any time. Organizational members have no ability to influence what content is recommended on the Privacy Guides website. Learn more about our [donation acceptance policy](donation-acceptance-policy.md).
+    1. Please contact <info@magicgrants.org> to inquire about giving. Privacy Guides reserves the right to rescind the membership of those who are unaligned with our mission or organization at any time. Organizational members have no ability to influence what content is recommended on the Privacy Guides website. Learn more about our [donation acceptance policy](https://discuss.privacyguides.net/t/ep2-donation-acceptance-policy/27360/1).
 
     <div class="mdx-specialthanks" markdown>
 
@@ -82,7 +82,7 @@ You can become an organizational member by reaching out to <info@magicgrants.org
 
 Organizational members that choose to be recognized publicly are included in our organizational members section (above), and occasionally at other opportunities where appropriate. Organizational member links include the `rel="nofollow"` attribute: We adopted this policy to screen out potential abuse of our program and site to raise the rank of third parties in search algorithms. Unfortunately, this is a growing problem for nonprofits. This was a complex decision since we know many of the sincere supporters behind these companies, but we decided that it was the best choice for us.
 
-Organizational members have no ability to influence what content is recommended on the Privacy Guides website. Learn more about our [donation acceptance policy](donation-acceptance-policy.md).
+Organizational members have no ability to influence what content is recommended on the Privacy Guides website. Learn more about our [donation acceptance policy](https://discuss.privacyguides.net/t/ep2-donation-acceptance-policy/27360/1).
 
 ### What is an active membership?
 
@@ -110,7 +110,7 @@ We use donations for a variety of purposes, including:
 
 **Online Services**
 
-:   We host [internet services](services.md) for testing and showcasing different privacy-products we like and [recommend](../tools.md). Some of them are made publicly available for our community's use (SearXNG, Tor, etc.), and some are provided for our team members (email, etc.).
+:   We host internet services for testing and showcasing different privacy-products we like and [recommend](../tools.md). Some of them are made publicly available for our community's use (SearXNG, Tor, etc.), and some are provided for our team members (email, etc.).
 
 **Product Purchases**
 

docs/about/donation-acceptance-policy.md

@@ -1,58 +0,0 @@
----
-title: Donation Acceptance Policy
-description: Privacy Guides aspires to obtain funding from a wide variety of sources to reduce our dependency on any single donor. Please consider donating!
----
-
-Privacy Guides takes the ethical responsibility of making unbiased recommendations on its website very seriously.
-
-Privacy Guides aspires to obtain funding from a wide variety of sources to reduce our dependency on any single donor. Please consider [donating](donate.md)!
-
-## What we **can** accept
-
-In the course of our regular fundraising activities...
-
-- Donations and other forms of support will generally be accepted from individuals, corporations, foundations, or other entities, without limitations.
-    - This includes cash, cash equivalents (checks, money orders, credit/debit card payments), and cryptocurrency.
-- Gifts of Real Property, Personal Property, or Securities may only be accepted upon approval of the MAGIC Grants board of directors.
-
-Privacy Guides will only accept such gifts that are legal and consistent with our policies. Gifts must not interfere with Privacy Guides' mission, purpose, and procedures.
-
-## Things we do **not** do
-
-- Accept sponsorships.
-- Offer to recommend a product or service in exchange for a donation or other incentive.
-- Threaten to remove a recommendation for a product or service unless we receive a donation or other incentive.
-- Offer to expedite a review of a product or service in exchange for a donation or other incentive.
-- Write sponsored content or feature sponsored components in our content.
-
-## Things we **may** do
-
-- Accept donations from privacy-related companies and non-profits.
-- Apply for grant programs.
-- Accept free versions of software or hardware to test and review, while being mindful of possible differences in versions that could differ from a regular customer experience. ([More details](executive-policy.md#ep1-freely-provided-product-samples))
-- Accept discounted versions of software or hardware that assist our operations (for example, discounted software costs made available to non-profits).
-
-## Restrictions on gifts
-
-Privacy Guides accepts unrestricted gifts, and we appreciate the flexibility to apply your gift to our programs where they are most needed.
-
-We also accept and appreciate gifts for specified programs or purposes, provided that such gifts are consistent with our program's stated mission, purpose, and priority. Privacy Guides will not accept gifts which are too restrictive in purpose.
-
-Examples of gifts which are too restrictive include:
-
-- Those which fund the research and review of a specific product category or specific product.
-- Those which violate our existing policies.
-- Those which are too difficult for us to administer.
-- Those that are for purposes outside our general mission.
-
-An example of an acceptable restriction could be a gift towards funding our [video](https://www.privacyguides.org/videos) production, or hosting our website and forum.
-
-Final decisions on the restrictive nature of a gift and its acceptance or refusal will be made by our executive committee.
-
-## Additional terms
-
-Privacy Guides generally does not pay "finder's fees" or commissions to third parties in connection with any gift to Privacy Guides. We may, however, pay commissions and fees to properly negotiate and receive assets when appropriate.
-
-No officer, committee member, employee, or other agent of Privacy Guides will be compensated in a manner which is dependent on the size or nature of gifts made to Privacy Guides by any person. If we engage with legal, accounting, or other professionals, their fees and expenses will be determined by the time they spend engaged with our work, and not by reference to any particular gift in connection to their retainer.
-
-Privacy Guides always follows the MAGIC Grants Gift Acceptance Policy, available on their website: <https://magicgrants.org/about/documentation/>

docs/about/executive-policy.md

@@ -1,26 +0,0 @@
----
-title: Executive Policy
-description: These are policies formally adopted by our executive committee, and take precedence over all other statements expressed on this website.
----
-
-These are policies formally adopted by Privacy Guides' executive committee, and take precedence over all other statements expressed on this website.
-
-The keywords **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
-
-## EP1: Freely-Provided Product Samples
-
-*Our policy on accepting product samples for review was adopted September 7, 2024.*
-
-=== "Current Version (1)"
-
-    - Privacy Guides **shall not** proactively reach out to vendors asking for product samples or review accounts.
-    - Privacy Guides **shall not** accept test/review accounts for subscription cloud services.
-    - Privacy Guides **may** accept freely-provided product samples for one-time purchase software applications which run locally, given they don't require a subscription for continued operation.
-    - Privacy Guides **may** accept freely-provided samples of hardware products.
-        - Privacy Guides **may** accept a freely-provided subscription service associated with a hardware product, if such a subscription/license is necessary to use the product.
-    - Privacy Guides **must not** enter into an agreement pertaining to our editorial opinion with the vendor in order to receive a sample or publish a review. All freely-provided items must be strictly "no strings attached."
-        - We **may** agree to return the product to the vendor following the review if requested.
-        - We **may** agree to a reasonable NDA, provided it has a clear embargo date that is lifted no more than 6 months in the future where the NDA completely no longer applies.
-        - We **should not** enter into any other agreement with the vendor not described here. Potential agreements not described here **must** be approved by the executive committee beforehand.
-
-    In all cases, whether we paid for the product independently or received a free sample from a vendor, how we obtained the product **must** be clearly documented in the background section of every article associated with the product.

docs/about/services.md

@@ -1,33 +0,0 @@
----
-description: We run a number of web services to test out features and promote cool decentralized, federated, and/or open-source projects.
----
-
-# Privacy Guides Services
-
-We run a number of web services to test out features and promote cool decentralized, federated, and/or open-source projects. Many of these services are available to the public and are detailed below.
-
-[:material-comment-alert: Report an issue](https://discuss.privacyguides.net/c/services/2){ class="md-button md-button--primary" }
-
-## Discourse
-
-- Domain: [discuss.privacyguides.net](https://discuss.privacyguides.net)
-- Availability: Public
-- Source: [github.com/discourse/discourse](https://github.com/discourse/discourse)
-
-## Gitea
-
-- Domain: [code.privacyguides.dev](https://code.privacyguides.dev)
-- Availability: Invite-Only. Access may be granted upon request to any team working on *Privacy Guides*-related development or content.
-- Source: [snapcraft.io/gitea](https://snapcraft.io/gitea)
-
-## Matrix
-
-- Domain: [matrix.privacyguides.org](https://matrix.privacyguides.org)
-- Availability: Invite-Only. Access may be granted upon request to Privacy Guides team members, Matrix moderators, third-party Matrix community administrators, Matrix bot operators, and other individuals in need of a reliable Matrix presence.
-- Source: [github.com/spantaleev/matrix-docker-ansible-deploy](https://github.com/spantaleev/matrix-docker-ansible-deploy)
-
-## SearXNG
-
-- Domain: [search.privacyguides.net](https://search.privacyguides.net)
-- Availability: Public
-- Source: [github.com/searxng/searxng-docker](https://github.com/searxng/searxng-docker)

docs/advanced/communication-network-types.md

@@ -7,7 +7,7 @@ description: An overview of several network architectures commonly used by insta
 There are several network architectures commonly used to relay messages between people. These networks can provide different privacy guarantees, which is why it's worth considering your [threat model](../basics/threat-modeling.md) when deciding which app to use.
 
 [Recommended Instant Messengers](../real-time-communication.md){ .md-button }
-[:material-movie-open-play-outline: Video: It's time to stop using SMS](https://www.privacyguides.org/videos/2025/01/24/its-time-to-stop-using-sms-heres-why){ .md-button }
+[:material-movie-open-play-outline: Video: It's time to stop using SMS](https://www.privacyguides.org/videos/2025/01/24/its-time-to-stop-using-sms-heres-why/){ .md-button }
 
 ## Centralized Networks
 

docs/advanced/tor-overview.md

@@ -8,9 +8,9 @@ description: Tor is a free to use, decentralized network designed for using the
 
 [**Tor**](../alternative-networks.md#tor) is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications. Because Tor traffic is difficult to block and trace, Tor is an effective censorship circumvention tool.
 
-[:material-movie-open-play-outline: Video: Why You Need Tor](https://www.privacyguides.org/videos/2025/03/02/why-you-need-tor){ .md-button }
+[:material-movie-open-play-outline: Video: Why You Need Tor](https://www.privacyguides.org/videos/2025/03/02/why-you-need-tor/){ .md-button }
 
-Tor works by routing your internet traffic through volunteer-operated servers instead of making a direct connection to the site you're trying to visit. This obfuscates where the traffic is coming from, and no server in the connection path is able to see the full path of where the traffic is coming from and going to, meaning even the servers you are using to connect cannot break your anonymity.
+Tor works by routing your internet traffic through volunteer-operated servers, instead of making a direct connection to the site you're trying to visit. This obfuscates where the traffic is coming from, and no server in the connection path is able to see the full path of where the traffic is coming from and going to, meaning even the servers you are using to connect cannot break your anonymity.
 
 [:octicons-home-16:](https://torproject.org){ .card-link title=Homepage }
 [:simple-torbrowser:](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion){ .card-link title="Onion Service" }
@@ -35,13 +35,13 @@ Because we already [generally recommend](../basics/vpn-overview.md) that the vas
 
 Connecting directly to Tor will make your connection stand out to any local network administrators or your ISP. Detecting and correlating this traffic [has been done](https://edition.cnn.com/2013/12/17/justice/massachusetts-harvard-hoax) in the past by network administrators to identify and deanonymize specific Tor users on their network. On the other hand, connecting to a VPN is almost always less suspicious, because commercial VPN providers are used by everyday consumers for a variety of mundane tasks like bypassing geo-restrictions, even in countries with heavy internet restrictions.
 
-Therefore, you should make an effort to hide your IP address **before** connecting to the Tor network. You can do this by simply connecting to a VPN (through a client installed on your computer) and then accessing [Tor](../tor.md) as normal (e.g., through Tor Browser). This creates a connection chain like so:
+Therefore, you should make an effort to hide your IP address **before** connecting to the Tor network. You can do this by simply connecting to a VPN (through a client installed on your computer) and then accessing [Tor](../tor.md) as normal, through Tor Browser for example. This creates a connection chain like:
 
 - [x] You → VPN → Tor → Internet
 
 From your ISP's perspective, it looks like you're accessing a VPN normally (with the associated cover that provides you). From your VPN's perspective, they can see that you are connecting to the Tor network, but nothing about what websites you're accessing. From Tor's perspective, you're connecting normally, but in the unlikely event of some sort of Tor network compromise, only your VPN's IP would be exposed, and your VPN would *additionally* have to be compromised to deanonymize you.
 
-This is **not** censorship circumvention advice because if Tor is blocked entirely by your ISP, your VPN likely is as well. Rather, this recommendation aims to make your traffic blend in better with commonplace VPN user traffic, and provide you with some level of plausible deniability by obscuring the fact that you're connecting to Tor from your ISP.
+This is **not** censorship circumvention advice, because if Tor is blocked entirely by your ISP, your VPN likely is as well. Rather, this recommendation aims to make your traffic blend in better with commonplace VPN user traffic, and provide you with some level of plausible deniability by obscuring the fact that you're connecting to Tor from your ISP.
 
 ---
 
@@ -51,7 +51,7 @@ We **very strongly discourage** combining Tor with a VPN in any other manner. Do
 - You → VPN → Tor → VPN → Internet
 - Any other configuration
 
-Some VPN providers and other publications will occasionally recommend these **bad** configurations to evade Tor bans (i.e., exit nodes being blocked by websites) in some places. [Normally](https://support.torproject.org/#about_change-paths), Tor frequently changes your circuit path through the network. When you choose a permanent *destination* VPN (connecting to a VPN server *after* Tor), you're eliminating this advantage and drastically harming your anonymity.
+Some VPN providers and other publications will occasionally recommend these **bad** configurations to evade Tor bans (exit nodes being blocked by websites) in some places. [Normally](https://support.torproject.org/#about_change-paths), Tor frequently changes your circuit path through the network. When you choose a permanent *destination* VPN (connecting to a VPN server *after* Tor), you're eliminating this advantage and drastically harming your anonymity.
 
 Setting up bad configurations like these is difficult to do accidentally, because it usually involves either setting up custom proxy settings inside Tor Browser, or setting up custom proxy settings inside your VPN client which routes your VPN traffic through the Tor Browser. As long as you avoid these non-default configurations, you're probably fine.
 
@@ -60,7 +60,7 @@ Setting up bad configurations like these is difficult to do accidentally, becaus
 <div class="admonition info" markdown>
 <p class="admonition-title">VPN/SSH Fingerprinting</p>
 
-The Tor Project [notes](https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorPlusVPN#vpnssh-fingerprinting) that *theoretically* using a VPN to hide Tor activities from your ISP may not be foolproof. VPNs have been found to be vulnerable to website traffic fingerprinting, where an adversary can still guess what website is being visited because all websites have specific traffic patterns.
+The Tor Project [notes](https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorPlusVPN#vpnssh-fingerprinting) that *theoretically* using a VPN to hide Tor activities from your ISP may not be foolproof. VPNs have been found to be vulnerable to website traffic fingerprinting, where an adversary can still guess what website is being visited, because all websites have specific traffic patterns.
 
 Therefore, it's not unreasonable to believe that encrypted Tor traffic hidden by a VPN could also be detected via similar methods. There are no research papers on this subject, and we still consider the benefits of using a VPN to far outweigh these risks, but it is something to keep in mind.
 
@@ -68,11 +68,11 @@ If you still believe that pluggable transports (bridges) provide additional prot
 
 </div>
 
-Determining whether you should first use a VPN to connect to the Tor network will require some common sense and knowledge of your own government's and ISP's policies relating to what you're connecting to. To reiterate, though, you will be better off being seen as connecting to a commercial VPN network than directly to the Tor network in most cases. If VPN providers are censored in your area, then you can also consider using Tor pluggable transports (e.g., Snowflake or meek bridges) as an alternative, but using these bridges may arouse more suspicion than standard WireGuard/OpenVPN tunnels.
+Determining whether you should first use a VPN to connect to the Tor network will require some common sense and knowledge of your own government's and ISP's policies relating to what you're connecting to. However, again in most cases you will be better off being seen as connecting to a commercial VPN network than directly to the Tor network. If VPN providers are censored in your area, then you can also consider using Tor pluggable transports (e.g. Snowflake or meek bridges) as an alternative, but using these bridges may arouse more suspicion than standard WireGuard/OpenVPN tunnels.
 
 ## What Tor is Not
 
-The Tor network is not the perfect privacy protection tool in all cases and has a number of drawbacks which should be carefully considered. These things should not discourage you from using Tor if it is appropriate for your needs, but they are still things to think about when deciding which solution is most appropriate for you.
+The Tor network is not the perfect privacy protection tool in all cases, and has a number of drawbacks which should be carefully considered. These things should not discourage you from using Tor if it is appropriate for your needs, but they are still things to think about when deciding which solution is most appropriate for you.
 
 ### Tor is not a free VPN
 
@@ -80,26 +80,26 @@ The release of the *Orbot* mobile app has lead many people to describe Tor as a
 
 Unlike Tor exit nodes, VPN providers are usually not *actively* [malicious](#caveats). Because Tor exit nodes can be created by anybody, they are hotspots for network logging and modification. In 2020, many Tor exit nodes were documented to be downgrading HTTPS traffic to HTTP in order to [hijack cryptocurrency transactions](https://therecord.media/thousands-of-tor-exit-nodes-attacked-cryptocurrency-users-over-the-past-year). Other exit node attacks such as replacing downloads via unencrypted channels with malware have also been observed. HTTPS does mitigate these threats to an extent.
 
-As we've alluded to already, Tor is also easily identifiable on the network. Unlike an actual VPN provider, using Tor will make you stick out as a person likely attempting to evade authorities. In a perfect world, Tor would be seen by network administrators and authorities as a tool with many uses (like how VPNs are viewed), but in reality the perception of Tor is still far less legitimate than the perception of commercial VPNs. As such, using a real VPN provides you with plausible deniability, e.g. "I was just using it to watch Netflix," etc.
+As we've alluded to already, Tor is also easily identifiable on the network. Unlike an actual VPN provider, using Tor will make you stick out as a person likely attempting to evade authorities. In a perfect world, Tor would be seen by network administrators and authorities as a tool with many uses (like how VPNs are viewed), but in reality the perception of Tor is still far less legitimate than the perception of commercial VPNs, so using a real VPN provides you with plausible deniability, e.g. "I was just using it to watch Netflix," etc.
 
 ### Tor usage is not undetectable
 
-**Even if you use bridges and pluggable transports,** the Tor Project doesn't provide any tools to hide the fact that you are using Tor from your ISP. Even using obfuscated "pluggable transports" or non-public bridges do not hide the fact that you are using a private communications channel. The most popular pluggable transports like obfs4 (which obfuscates your traffic to "look like nothing") and meek (which uses domain fronting to camouflage your traffic) can be [detected](https://hackerfactor.com/blog/index.php?/archives/889-Tor-0day-Burning-Bridges.html) with fairly standard traffic analysis techniques. Snowflake has similar issues, and can be [easily detected](https://hackerfactor.com/blog/index.php?/archives/944-Tor-0day-Snowflake.html) *before* a Tor connection is even established.
+**Even if you use bridges and pluggable transports,** the Tor Project provides no tools to hide the fact that you are using Tor from your ISP. Even using obfuscated "pluggable transports" or non-public bridges do not hide the fact that you are using a private communications channel. The most popular pluggable transports like obfs4 (which obfuscates your traffic to "look like nothing") and meek (which uses domain fronting to camouflage your traffic) can be [detected](https://hackerfactor.com/blog/index.php?/archives/889-Tor-0day-Burning-Bridges.html) with fairly standard traffic analysis techniques. Snowflake has similar issues, and can be [easily detected](https://hackerfactor.com/blog/index.php?/archives/944-Tor-0day-Snowflake.html) *before* a Tor connection is even established.
 
-Pluggable transports other than these three do exist, but typically rely on security through obscurity to evade detection. They aren't impossible to detect—they are just used by so few people that it's not worth the effort building detectors for them. They shouldn't be relied upon if you specifically are being monitored.
+Pluggable transports other than these three do exist, but typically rely on security through obscurity to evade detection. They aren't impossible to detect, they are just used by so few people that it's not worth the effort building detectors for them. They shouldn't be relied upon if you specifically are being monitored.
 
 It is critical to understand the difference between bypassing censorship and evading detection. It is easier to accomplish the former because of the many real-world limitations on what network censors can realistically do en masse, but these techniques do not hide the fact that you—*specifically* you—are using Tor from an interested party monitoring your network.
 
 ### Tor Browser is not the most *secure* browser
 
-Anonymity can often be at odds with security: Tor's anonymity requires every user to be identical, which creates a monoculture (e.g., the same bugs are present across all Tor Browser users). As a cybersecurity rule of thumb, monocultures are generally regarded as bad: Security through diversity (which Tor lacks) provides natural segmentation by limiting vulnerabilities to smaller groups, and is therefore usually desirable, but this diversity is also less good for anonymity.
+Anonymity can often be at odds with security: Tor's anonymity requires every user to be identical, which creates a monoculture (the same bugs are present across all Tor Browser users). As a cybersecurity rule of thumb, monocultures are generally regarded as bad: Security through diversity (which Tor lacks) provides natural segmentation by limiting vulnerabilities to smaller groups, and is therefore usually desirable, but this diversity is also less good for anonymity.
 
 Additionally, Tor Browser is based on Firefox's Extended Support Release builds, which only receives patches for vulnerabilities considered *Critical* and *High* (not *Medium* and *Low*). This means that attackers could (for example):
 
 1. Look for new Critical/High vulnerabilities in Firefox nightly or beta builds, then check if they are exploitable in Tor Browser (this vulnerability period can last weeks).
 2. Chain *multiple* Medium/Low vulnerabilities together until they get the level of access they're looking for (this vulnerability period can last months or longer).
 
-Those at risk of browser vulnerabilities should consider additional protections to defend against Tor Browser exploits, such as using Whonix in [Qubes](../os/qubes-overview.md) to contain your Tor browsing in a secure virtual machine and protect against leaks.
+Those at risk of browser vulnerabilities should consider additional protections to defend against Tor Browser exploits, such as using Whonix in [Qubes](../os/qubes-overview.md) to contain your Tor browsing in a secure VM and protect against leaks.
 
 ## Path Building to Clearnet Services
 
@@ -121,7 +121,7 @@ The entry node, often called the guard node, is the first node to which your Tor
 
 Unlike the other nodes, the Tor client will randomly select an entry node and stick with it for two to three months to protect you from certain attacks.[^1]
 
-[^1]: The first relay in your circuit is called an "entry guard" or "guard". It is a fast and stable relay that remains the first one in your circuit for 2-3 months in order to protect against a known anonymity-breaking attack. The rest of your circuit changes with every new website you visit, and all together these relays provide the full privacy protections of Tor. For more information on how guard relays work, see this [blog post](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) and [paper](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) on entry guards. ([https://support.torproject.org/tbb/tbb-2](https://support.torproject.org/tbb/tbb-2))
+[^1]: The first relay in your circuit is called an "entry guard" or "guard". It is a fast and stable relay that remains the first one in your circuit for 2-3 months in order to protect against a known anonymity-breaking attack. The rest of your circuit changes with every new website you visit, and all together these relays provide the full privacy protections of Tor. For more information on how guard relays work, see this [blog post](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) and [paper](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) on entry guards. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2))
 
 ### The Middle Node
 
@@ -135,13 +135,13 @@ The exit node is the point in which your web traffic leaves the Tor network and
 
 The exit node will be chosen at random from all available Tor nodes ran with an exit relay flag.[^2]
 
-[^2]: Relay flag: a special (dis-)qualification of relays for circuit positions (for example, "Guard", "Exit", "BadExit"), circuit properties (for example, "Fast", "Stable"), or roles (for example, "Authority", "HSDir"), as assigned by the directory authorities and further defined in the directory protocol specification. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html#relay-flag))
+[^2]: Relay flag: a special (dis-)qualification of relays for circuit positions (for example, "Guard", "Exit", "BadExit"), circuit properties (for example, "Fast", "Stable"), or roles (for example, "Authority", "HSDir"), as assigned by the directory authorities and further defined in the directory protocol specification. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html))
 
 ## Path Building to Onion Services
 
 "Onion Services" (also commonly referred to as "hidden services") are websites which can only be accessed by the Tor browser. These websites have a long randomly generated domain name ending with `.onion`.
 
-Connecting to an Onion Service in Tor works very similarly to connecting to a clearnet service, but your traffic is routed through a total of **six** nodes before reaching the destination server. Just like before, however, only three of these nodes are contributing to *your* anonymity, the other three nodes protect *the Onion Service's* anonymity, hiding the website's true IP and location in the same manner that Tor Browser is hiding yours.
+Connecting to an Onion Service in Tor works very similarly to connecting to a clearnet service, but your traffic is routed through a total of **six** nodes before reaching the destination server. Just like before however, only three of these nodes are contributing to *your* anonymity, the other three nodes protect *the Onion Service's* anonymity, hiding the website's true IP and location in the same manner that Tor Browser is hiding yours.
 
 <figure style="width:100%" markdown>
   ![Tor path showing your traffic being routed through your three Tor nodes plus three additional Tor nodes which hide the website's identity](../assets/img/how-tor-works/tor-path-hidden-service.svg#only-light)
@@ -151,15 +151,15 @@ Connecting to an Onion Service in Tor works very similarly to connecting to a cl
 
 ## Encryption
 
-Tor encrypts each packet (a block of transmitted data) three times with the keys from the exit, middle, and entry node in that order.
+Tor encrypts each packet (a block of transmitted data) three times with the keys from the exit, middle, and entry node—in that order.
 
 Once Tor has built a circuit, data transmission is done as follows:
 
-1. Firstly: When the packet arrives at the entry node, the first layer of encryption is removed. In this encrypted packet, the entry node will find another encrypted packet with the middle node’s address. The entry node will then forward the packet to the middle node.
+1. Firstly: when the packet arrives at the entry node, the first layer of encryption is removed. In this encrypted packet, the entry node will find another encrypted packet with the middle node’s address. The entry node will then forward the packet to the middle node.
 
-2. Secondly: When the middle node receives the packet from the entry node, it too will remove a layer of encryption with its key, and this time finds an encrypted packet with the exit node's address. The middle node will then forward the packet to the exit node.
+2. Secondly: when the middle node receives the packet from the entry node, it too will remove a layer of encryption with its key, and this time finds an encrypted packet with the exit node's address. The middle node will then forward the packet to the exit node.
 
-3. Lastly: When the exit node receives its packet, it will remove the last layer of encryption with its key. The exit node will see the destination address and forward the packet to that address.
+3. Lastly: when the exit node receives its packet, it will remove the last layer of encryption with its key. The exit node will see the destination address and forward the packet to that address.
 
 Below is an alternative diagram showing the process. Each node removes its own layer of encryption, and when the destination server returns data, the same process happens entirely in reverse. For example, the exit node does not know who you are, but it does know which node it came from, and so it adds its own layer of encryption and sends it back.
 
@@ -189,7 +189,7 @@ If you wish to use Tor for browsing the web, we only recommend the **official**
 
 Tor bridges are commonly touted as an alternative method to hiding Tor usage from an ISP, instead of a VPN (as we suggest using if possible). Something to consider is that while bridges may provide adequate censorship circumvention, this is only a *transient* benefit. They do not adequately protect you from your ISP discovering you connected to Tor in the *past* with historical traffic log analysis.
 
-To illustrate this point, consider the following scenario: You connect to Tor via a bridge, and your ISP doesn’t detect it because they are not doing sophisticated analysis of your traffic, so things are working as intended. Now, 4 months go by, and the IP of your bridge has been made public. This is a very common occurrence with bridges; they are discovered and blocked relatively frequently, just not immediately.
+To illustrate this point, consider the following scenario: You connect to Tor via a bridge, and your ISP doesn’t detect it because they are not doing sophisticated analysis of your traffic, so things are working as intended. Now, 4 months go by, and the IP of your bridge has been made public. This is a very common occurrence with bridges, they are discovered and blocked relatively frequently, just not immediately.
 
 Your ISP wants to identify Tor users 4 months ago, and with their limited metadata logging they can see that you connected to an IP address which was later revealed to be a Tor bridge. You have virtually no other excuse to be making such a connection, so the ISP can say with very high confidence that you were a Tor user at that time.
 
@@ -197,7 +197,7 @@ Contrast this with our recommended scenario, where you connect to Tor via a VPN.
 
 Because your ISP almost certainly is not capturing all packet-level data and storing it forever, they have no way of determining what you connected to with that VPN *after* the fact with an advanced technique like deep packet inspection, and therefore you have plausible deniability.
 
-Therefore, bridges provide the most benefit when circumventing internet censorship *in the moment*, but they are not an adequate substitute for **all** the benefits that using a VPN alongside Tor can provide. Again, this is not advice *against* using Tor bridges—you should just be aware of these limitations while making your decision. In some cases bridges may be the *only* option (if all VPN providers are blocked, for instance), so you can still use them in those circumstances with this limitation in mind.
+Therefore, bridges provide the most benefit when circumventing internet censorship *in the moment*, but they are not an adequate substitute for **all** the benefits that using a VPN alongside Tor can provide. Again, this is not advice *against* using Tor bridges, you should just be aware of these limitations while making your decision. In some cases bridges may be the *only* option (if all VPN providers are blocked, for instance), so you can still use them in those circumstances with this limitation in mind.
 
 If you think that a bridge can aid in defending against fingerprinting or other advanced network analysis more than a VPN's encrypted tunnel already can, you always have the option to use a bridge in conjunction with a VPN as well. That way you are still protected by the pluggable transport's obfuscation techniques even if an adversary gains some level of visibility into your VPN tunnel. If you decide to go this route, we recommend connecting to an obfs4 bridge behind your VPN for optimal fingerprinting protection, rather than meek or Snowflake.
 

docs/ai-chat.md

@@ -43,7 +43,7 @@ To run AI locally, you need both an AI model and an AI client.
 
 There are many permissively licensed models available to download. [Hugging Face](https://huggingface.co/models) is a platform that lets you browse, research, and download models in common formats like [GGUF](https://huggingface.co/docs/hub/en/gguf). Companies that provide good open-weights models include big names like Mistral, Meta, Microsoft, and Google. However, there are also many community models and [fine-tuned](https://en.wikipedia.org/wiki/Fine-tuning_(deep_learning)) models available. As mentioned above, quantized models offer the best balance between model quality and performance for those using consumer-grade hardware.
 
-To help you choose a model that fits your needs, you can look at leaderboards and benchmarks. The most widely-used leaderboard is the community-driven [LM Arena](https://lmarena.ai). Additionally, the [OpenLLM Leaderboard](https://huggingface.co/spaces/open-llm-leaderboard/open_llm_leaderboard) focuses on the performance of open-weights models on common benchmarks like [MMLU-Pro](https://arxiv.org/abs/2406.01574).  There are also specialized benchmarks which measure factors like [emotional intelligence](https://eqbench.com), ["uncensored general intelligence"](https://huggingface.co/spaces/DontPlanToEnd/UGI-Leaderboard), and [many others](https://nebuly.com/blog/llm-leaderboards).
+To help you choose a model that fits your needs, you can look at leaderboards and benchmarks. The most widely-used leaderboard is the community-driven [LM Arena](https://lmarena.ai). Additionally, the [OpenLLM Leaderboard](https://huggingface.co/spaces/open-llm-leaderboard/open_llm_leaderboard) focuses on the performance of open-weights models on common benchmarks like [MMLU-Pro](https://arxiv.org/abs/2406.01574).  There are also specialized benchmarks which measure factors like [emotional intelligence](https://eqbench.com), ["uncensored general intelligence"](https://huggingface.co/spaces/DontPlanToEnd/UGI-Leaderboard), and [many others](https://www.nebuly.com/blog/llm-leaderboards).
 
 ## AI Chat Clients
 
@@ -66,7 +66,7 @@ To help you choose a model that fits your needs, you can look at leaderboards an
 
 In addition to supporting a large range of text models, Kobold.cpp also supports image generators such as [Stable Diffusion](https://stability.ai/stable-image) and automatic speech recognition tools such as [Whisper](https://github.com/ggerganov/whisper.cpp).
 
-[:octicons-repo-16: Repository](https://github.com/LostRuins/koboldcpp#readme){ .md-button .md-button--primary }
+[:octicons-home-16: Homepage](https://github.com/LostRuins/koboldcpp){ .md-button .md-button--primary }
 [:octicons-info-16:](https://github.com/LostRuins/koboldcpp/wiki){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/LostRuins/koboldcpp){ .card-link title="Source Code" }
 [:octicons-lock-16:](https://github.com/LostRuins/koboldcpp/blob/2f3597c29abea8b6da28f21e714b6b24a5aca79b/SECURITY.md){ .card-link title="Security Policy" }
@@ -123,14 +123,14 @@ Ollama simplifies the process of setting up a local AI chat by downloading the A
 
 <div class="admonition recommendation" markdown>
 
-![Llamafile Logo](assets/img/ai-chat/llamafile.webp){align=right}
+![Llamafile Logo](assets/img/ai-chat/llamafile.png){align=right}
 
 **Llamafile** is a lightweight, single-file executable that allows users to run LLMs locally on their own computers without any setup involved. It is [backed by Mozilla](https://hacks.mozilla.org/2023/11/introducing-llamafile) and available on Linux, macOS, and Windows.
 
 Llamafile also supports LLaVA. However, it doesn't support speech recognition or image generation.
 
-[:octicons-repo-16: Repository](https://github.com/Mozilla-Ocho/llamafile#readme){ .md-button .md-button--primary }
-[:octicons-info-16:](https://github.com/Mozilla-Ocho/llamafile#quickstart){ .card-link title="Documentation" }
+[:octicons-home-16: Homepage](https://github.com/Mozilla-Ocho/llamafile){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/Mozilla-Ocho/llamafile#llamafile){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/Mozilla-Ocho/llamafile){ .card-link title="Source Code" }
 [:octicons-lock-16:](https://github.com/Mozilla-Ocho/llamafile#security){ .card-link title="Security Policy" }
 

docs/alternative-networks.md

@@ -149,6 +149,5 @@ Also, unlike Tor, every I2P node will relay traffic for other users by default,
 
 There are downsides to I2P's approach, however. Tor relying on dedicated exit nodes means more people in less safe environments can use it, and the relays that do exist on Tor are likely to be more performant and stable, as they generally aren't run on residential connections. Tor is also far more focused on **browser privacy** (i.e. anti-fingerprinting), with a dedicated [Tor Browser](tor.md) to make browsing activity as anonymous as possible. I2P is used via your [regular web browser](desktop-browsers.md), and while you can configure your browser to be more privacy-protecting, you probably still won't have the same browser fingerprint as other I2P users (there's no "crowd" to blend in with in that regard).
 
-Tor is likely to be more resistant to censorship, due to their robust network of bridges and varying [pluggable transports](https://tb-manual.torproject.org/circumvention). On the other hand, I2P uses directory servers for the initial connection which are varying/untrusted and run by volunteers, compared to the hard-coded/trusted ones Tor uses which are likely easier to block.
-
 [^1]: The `IsolateDestAddr` setting is discussed on the [Tor mailing list](https://lists.torproject.org/pipermail/tor-talk/2012-May/024403) and [Whonix's Stream Isolation documentation](https://whonix.org/wiki/Stream_Isolation), where both projects suggest that it is usually not a good approach for most people.
+Tor is likely to be more resistant to censorship, due to their robust network of bridges and varying [pluggable transports](https://tb-manual.torproject.org/circumvention). On the other hand, I2P uses directory servers for the initial connection which are varying/untrusted and run by volunteers, compared to the hard-coded/trusted ones Tor uses which are likely easier to block.

docs/android/general-apps.md

@@ -73,7 +73,7 @@ Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) a
 
 **Secure Camera** is a camera app focused on privacy and security which can capture images, videos, and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
 
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera#readme){ .md-button .md-button--primary }
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
 [:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
 [:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
 [:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
@@ -119,7 +119,7 @@ The image orientation metadata is not deleted. If you enable location (in Secure
 
 [Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
 
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer#readme){ .md-button .md-button--primary }
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
 [:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
 [:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
 

docs/basics/common-threats.md

@@ -202,7 +202,7 @@ Censorship online can be carried out (to varying degrees) by actors including to
 
 Censorship on corporate platforms is increasingly common, as platforms like Twitter and Facebook give in to public demand, market pressures, and pressures from government agencies. Government pressures can be covert requests to businesses, such as the White House [requesting the takedown](https://nytimes.com/2012/09/17/technology/on-the-web-a-fine-line-on-free-speech-across-globe.html) of a provocative YouTube video, or overt, such as the Chinese government requiring companies to adhere to a strict regime of censorship.
 
-People concerned with the threat of censorship can use technologies like [Tor](../advanced/tor-overview.md) to circumvent it, and support censorship-resistant communication platforms like [Matrix](../social-networks.md#element), which doesn't have a centralized account authority that can close accounts arbitrarily.
+People concerned with the threat of censorship can use technologies like [Tor](../advanced/tor-overview.md) to circumvent it, and support censorship-resistant communication platforms like [Matrix](../real-time-communication.md#element), which doesn't have a centralized account authority that can close accounts arbitrarily.
 
 <div class="admonition tip" markdown>
 <p class="admonition-title">Tip</p>

docs/basics/vpn-overview.md

@@ -7,7 +7,7 @@ description: Virtual Private Networks shift risk away from your ISP to a third-p
 
 Virtual Private Networks are a way of extending the end of your network to exit somewhere else in the world.
 
-[:material-movie-open-play-outline: Video: Do you need a VPN?](https://www.privacyguides.org/videos/2024/12/12/do-you-need-a-vpn){ .md-button }
+[:material-movie-open-play-outline: Video: Do you need a VPN?](https://www.privacyguides.org/videos/2024/12/12/do-you-need-a-vpn/){ .md-button }
 
 Normally, an ISP can see the flow of internet traffic entering and exiting your network termination device (i.e. modem). Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns).
 

docs/basics/why-privacy-matters.md

@@ -11,7 +11,7 @@ Privacy is ultimately about human information, and this is important because we
 
 Many people get the concepts of **privacy**, **security**, and **anonymity** confused. You'll see people criticize various products as "not private" when really they mean it doesn't provide anonymity, for example. On this website, we cover all three of these topics, but it is important you understand the difference between them, and when each one comes into play.
 
-[:material-movie-open-play-outline: Video: Stop Confusing Privacy, Anonymity, and Security](https://www.privacyguides.org/videos/2025/03/14/stop-confusing-privacy-anonymity-and-security){ .md-button }
+[:material-movie-open-play-outline: Video: Stop Confusing Privacy, Anonymity, and Security](https://www.privacyguides.org/videos/2025/03/14/stop-confusing-privacy-anonymity-and-security/){ .md-button }
 
 <!-- markdownlint-disable-next-line -->
 **Privacy**
@@ -52,7 +52,7 @@ Take cookie consent forms, for example. You may encounter these dozens of times
 
 Privacy is something we need to have baked into the [software and services](../tools.md) we use by default, you can't bend most apps into being private on your own.
 
-[:material-movie-open-play-outline: Video: 5 Steps to Improve Your Privacy](https://www.privacyguides.org/videos/2025/02/14/5-easy-steps-to-protect-yourself-online){ class="md-button" }
+[:material-movie-open-play-outline: Video: 5 Steps to Improve Your Privacy](https://www.privacyguides.org/videos/2025/02/14/5-easy-steps-to-protect-yourself-online/){ class="md-button" }
 
 ## Sources
 

docs/cloud.md

@@ -10,7 +10,7 @@ cover: cloud.webp
 - [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange }
 - [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers){ .pg-teal }
 
-Many **cloud storage providers** require your full trust that they will not look at your files. The alternatives listed below eliminate the need for trust by implementing secure end-to-end encryption.
+Many **cloud storage providers** require your full trust that they will not look at your files. The alternatives listed below eliminate the need for trust by implementing secure E2EE.
 
 If these alternatives do not fit your needs, we suggest you look into using encryption software like [Cryptomator](encryption.md#cryptomator-cloud) with another cloud provider. Using Cryptomator in conjunction with **any** cloud provider (including these) may be a good idea to reduce the risk of encryption flaws in a provider's native clients.
 
@@ -27,9 +27,7 @@ Nextcloud is [still a recommended tool](document-collaboration.md#nextcloud) for
 
 ![Proton Drive logo](assets/img/cloud/protondrive.svg){ align=right }
 
-**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail).
-
-The initial free storage is limited to 2 GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5 GB.
+**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2 GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5 GB.
 
 [:octicons-home-16: Homepage](https://proton.me/drive){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://proton.me/drive/privacy-policy){ .card-link title="Privacy Policy" }
@@ -48,7 +46,9 @@ The initial free storage is limited to 2 GB, but with the completion of [certai
 
 </div>
 
-The Proton Drive web application has been independently audited by Securitum in [2021](https://proton.me/community/open-source), but the brand new mobile clients have not yet been publicly audited by a third party.
+The Proton Drive web application has been independently audited by Securitum in [2021](https://proton.me/community/open-source).
+
+Proton Drive's brand new mobile clients have not yet been publicly audited by a third party.
 
 ## Tresorit
 
@@ -83,9 +83,7 @@ Tresorit has received a number of independent security audits:
     - Computest discovered two vulnerabilities which have been resolved.
 - [2019](https://tresorit.com/blog/ernst-young-review-verifies-tresorits-security-architecture): Penetration Testing by Ernst & Young.
     - This review analyzed the full source code of Tresorit and validated that the implementation matches the concepts described in Tresorit's [white paper](https://prodfrontendcdn.azureedge.net/202208011608/tresorit-encryption-whitepaper.pdf).
-    - Ernst & Young additionally tested the web, mobile, and desktop clients. They concluded:
-
-        > Test results found no deviation from Tresorit’s data confidentiality claims.
+    - Ernst & Young additionally tested the web, mobile, and desktop clients: "Test results found no deviation from Tresorit’s data confidentiality claims."
 
 [^1]: [ISO/IEC 27001](https://en.wikipedia.org/wiki/ISO/IEC_27001):2013 compliance relates to the company's [information security management system](https://en.wikipedia.org/wiki/Information_security_management) and covers the sales, development, maintenance and support of their cloud services.
 
@@ -133,7 +131,7 @@ Peergos was [audited](https://peergos.org/posts/security-audit-2024) in November
 
 ### Minimum Requirements
 
-- Must enforce E2EE.
+- Must enforce end-to-end encryption.
 - Must offer a free plan or trial period for testing.
 - Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
 - Must offer a web interface which supports basic file management functionality.
@@ -144,8 +142,8 @@ Peergos was [audited](https://peergos.org/posts/security-audit-2024) in November
 Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
 
 - Clients should be open source.
-- Clients should be audited in their entirety by an independent third party.
+- Clients should be audited in their entirety by an independent third-party.
 - Should offer native clients for Linux, Android, Windows, macOS, and iOS.
     - These clients should integrate with native OS tools for cloud storage providers, such as Files app integration on iOS, or DocumentsProvider functionality on Android.
-- Should support easy file sharing with other users.
+- Should support easy file-sharing with other users.
 - Should offer at least basic file preview and editing functionality on the web interface.

docs/data-redaction.md

@@ -33,7 +33,7 @@ You should **never** use blur to redact [text in images](https://bishopfox.com/b
 <details class="downloads" markdown>
 <summary>Downloads</summary>
 
-- [:fontawesome-brands-windows: Windows](https://pypi.org/project/mat2#metadata-and-privacy)
+- [:fontawesome-brands-windows: Windows](https://pypi.org/project/mat2)
 - [:simple-apple: macOS](https://0xacab.org/jvoisin/mat2#requirements-setup-on-macos-os-x-using-homebrew)
 - [:simple-linux: Linux](https://pypi.org/project/mat2)
 - [:octicons-globe-16: Web](https://0xacab.org/jvoisin/mat2#web-interface)
@@ -50,10 +50,10 @@ You should **never** use blur to redact [text in images](https://bishopfox.com/b
 
 **ExifEraser** is a modern, permissionless image metadata erasing application for Android.
 
-It currently supports JPEG, PNG, and WebP files.
+It currently supports JPEG, PNG and WebP files.
 
-[:octicons-repo-16: Repository](https://github.com/Tommy-Geenexus/exif-eraser#readme){ .md-button .md-button--primary }
-[:octicons-info-16:](https://github.com/Tommy-Geenexus/exif-eraser#description){ .card-link title="Documentation" }
+[:octicons-repo-16: Repository](https://github.com/Tommy-Geenexus/exif-eraser){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/Tommy-Geenexus/exif-eraser#readme){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/Tommy-Geenexus/exif-eraser){ .card-link title="Source Code" }
 
 <details class="downloads" markdown>

docs/desktop-browsers.md

@@ -90,7 +90,7 @@ If you need to browse the internet anonymously, you should use [Tor](tor.md) ins
 
 Like [Tor Browser](tor.md), Mullvad Browser is designed to prevent fingerprinting by making your browser fingerprint identical to all other Mullvad Browser users, and it includes default settings and extensions that are automatically configured by the default security levels: *Standard*, *Safer* and *Safest*.
 
-Therefore, it is imperative that you do not modify the browser at all outside adjusting the default [security levels](https://tb-manual.torproject.org/security-settings). When adjusting the security level, you **must** always restart the browser before continuing to use it. Otherwise, [the security settings may not be fully applied](https://www.privacyguides.org/articles/2025/05/02/tor-security-slider-flaw), putting you at a higher risk of fingerprinting and exploits than you may expect based on the setting chosen.
+Therefore, it is imperative that you do not modify the browser at all outside adjusting the default [security levels](https://tb-manual.torproject.org/security-settings). When adjusting the security level, you **must** always restart the browser before continuing to use it. Otherwise, [the security settings may not be fully applied](https://www.privacyguides.org/articles/2025/05/02/tor-security-slider-flaw/), putting you at a higher risk of fingerprinting and exploits than you may expect based on the setting chosen.
 
 Modifications other than adjusting this setting would make your fingerprint unique, defeating the purpose of using this browser. If you want to configure your browser more heavily and fingerprinting is not a concern for you, we recommend [Firefox](#firefox) instead.
 

docs/desktop.md

@@ -23,8 +23,8 @@ Linux distributions are commonly recommended for privacy protection and software
 **Fedora Linux** is our recommended desktop distribution for people new to Linux. Fedora generally adopts newer technologies (e.g., [Wayland](https://wayland.freedesktop.org) and [PipeWire](https://pipewire.org)) before other distributions. These new technologies often come with improvements in security, privacy, and usability in general.
 
 [:octicons-home-16: Homepage](https://fedoraproject.org){ .md-button .md-button--primary }
-[:octicons-info-16:](https://docs.fedoraproject.org/en-US/docs){ .card-link title="Documentation" }
-[:octicons-heart-16:](https://whatcanidoforfedora.org){ .card-link title="Contribute" }
+[:octicons-info-16:](https://docs.fedoraproject.org/en-US/docs){ .card-link title=Documentation}
+[:octicons-heart-16:](https://whatcanidoforfedora.org){ .card-link title=Contribute }
 
 </details>
 
@@ -45,8 +45,8 @@ Fedora has a semi-rolling release cycle. While some packages like the desktop en
 openSUSE Tumbleweed uses [Btrfs](https://en.wikipedia.org/wiki/Btrfs) and [Snapper](https://en.opensuse.org/openSUSE:Snapper_Tutorial) to ensure that snapshots can be rolled back should there be a problem.
 
 [:octicons-home-16: Homepage](https://get.opensuse.org/tumbleweed){ .md-button .md-button--primary }
-[:octicons-info-16:](https://doc.opensuse.org){ .card-link title="Documentation" }
-[:octicons-heart-16:](https://shop.opensuse.org){ .card-link title="Contribute" }
+[:octicons-info-16:](https://doc.opensuse.org){ .card-link title=Documentation}
+[:octicons-heart-16:](https://shop.opensuse.org){ .card-link title=Contribute }
 
 </details>
 
@@ -63,8 +63,8 @@ Tumbleweed follows a rolling release model where each update is released as a sn
 **Arch Linux** is a lightweight, do-it-yourself (DIY) distribution, meaning that you only get what you install. For more information see their [FAQ](https://wiki.archlinux.org/title/Frequently_asked_questions).
 
 [:octicons-home-16: Homepage](https://archlinux.org){ .md-button .md-button--primary }
-[:octicons-info-16:](https://wiki.archlinux.org){ .card-link title="Documentation" }
-[:octicons-heart-16:](https://archlinux.org/donate){ .card-link title="Contribute" }
+[:octicons-info-16:](https://wiki.archlinux.org){ .card-link title=Documentation}
+[:octicons-heart-16:](https://archlinux.org/donate){ .card-link title=Contribute }
 
 </details>
 
@@ -89,8 +89,8 @@ A large portion of [Arch Linux’s packages](https://reproducible.archlinux.org)
 **Fedora Atomic Desktops** are variants of Fedora which use the `rpm-ostree` package manager and have a strong focus on containerized workflows and Flatpak for desktop applications. All of these variants follow the same release schedule as Fedora Workstation, benefiting from the same fast updates and staying very close to upstream.
 
 [:octicons-home-16: Homepage](https://fedoraproject.org/atomic-desktops){ .md-button .md-button--primary }
-[:octicons-info-16:](https://docs.fedoraproject.org/en-US/emerging){ .card-link title="Documentation" }
-[:octicons-heart-16:](https://whatcanidoforfedora.org){ .card-link title="Contribute" }
+[:octicons-info-16:](https://docs.fedoraproject.org/en-US/emerging){ .card-link title=Documentation}
+[:octicons-heart-16:](https://whatcanidoforfedora.org){ .card-link title=Contribute }
 
 </details>
 
@@ -115,8 +115,8 @@ As an alternative to Flatpaks, there is the option of [Toolbx](https://docs.fedo
 NixOS is an independent distribution based on the Nix package manager with a focus on reproducibility and reliability.
 
 [:octicons-home-16: Homepage](https://nixos.org){ .md-button .md-button--primary }
-[:octicons-info-16:](https://nixos.org/learn.html){ .card-link title="Documentation" }
-[:octicons-heart-16:](https://nixos.org/donate.html){ .card-link title="Contribute" }
+[:octicons-info-16:](https://nixos.org/learn.html){ .card-link title=Documentation}
+[:octicons-heart-16:](https://nixos.org/donate.html){ .card-link title=Contribute }
 
 </details>
 
@@ -144,8 +144,8 @@ Nix is a source-based package manager; if there’s no pre-built available in th
 
 [:octicons-home-16: Homepage](https://whonix.org){ .md-button .md-button--primary }
 [:simple-torbrowser:](http://dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion){ .card-link title="Onion Service" }
-[:octicons-info-16:](https://whonix.org/wiki/Documentation){ .card-link title="Documentation" }
-[:octicons-heart-16:](https://whonix.org/wiki/Donate){ .card-link title="Contribute" }
+[:octicons-info-16:](https://whonix.org/wiki/Documentation){ .card-link title=Documentation}
+[:octicons-heart-16:](https://whonix.org/wiki/Donate){ .card-link title=Contribute }
 
 </details>
 
@@ -166,8 +166,8 @@ Whonix is best used [in conjunction with Qubes](https://whonix.org/wiki/Qubes/Wh
 **Tails** is a live operating system based on Debian that routes all communications through Tor, which can boot on on almost any computer from a DVD, USB stick, or SD card installation. It uses [Tor](tor.md) to preserve privacy and [:material-incognito: Anonymity](basics/common-threats.md#anonymity-vs-privacy){ .pg-purple } while circumventing censorship, and it leaves no trace of itself on the computer it is used on after it is powered off.
 
 [:octicons-home-16: Homepage](https://tails.net){ .md-button .md-button--primary }
-[:octicons-info-16:](https://tails.net/doc/index.en.html){ .card-link title="Documentation" }
-[:octicons-heart-16:](https://tails.net/donate){ .card-link title="Contribute" }
+[:octicons-info-16:](https://tails.net/doc/index.en.html){ .card-link title=Documentation}
+[:octicons-heart-16:](https://tails.net/donate){ .card-link title=Contribute }
 
 </details>
 
@@ -203,9 +203,9 @@ By design, Tails is meant to completely reset itself after each reboot. Encrypte
 [:octicons-home-16: Homepage](https://qubes-os.org){ .md-button .md-button--primary }
 [:simple-torbrowser:](http://qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion){ .card-link title="Onion Service" }
 [:octicons-eye-16:](https://qubes-os.org/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://qubes-os.org/doc){ .card-link title="Documentation" }
+[:octicons-info-16:](https://qubes-os.org/doc){ .card-link title=Documentation }
 [:octicons-code-16:](https://github.com/QubesOS){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://qubes-os.org/donate){ .card-link title="Contribute" }
+[:octicons-heart-16:](https://qubes-os.org/donate){ .card-link title=Contribute }
 
 </details>
 
@@ -246,9 +246,9 @@ While we [recommend against](os/linux-overview.md#release-cycle) "perpetually ou
 
 [:octicons-home-16: Homepage](https://kicksecure.com){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://kicksecure.com/wiki/Privacy_Policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://kicksecure.com/wiki/Documentation){ .card-link title="Documentation" }
+[:octicons-info-16:](https://kicksecure.com/wiki/Documentation){ .card-link title=Documentation }
 [:octicons-code-16:](https://github.com/Kicksecure){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://kicksecure.com/wiki/Donate){ .card-link title="Contribute" }
+[:octicons-heart-16:](https://kicksecure.com/wiki/Donate){ .card-link title=Contribute }
 
 </details>
 

docs/dns.md

@@ -111,7 +111,7 @@ These DNS filtering solutions offer a web dashboard where you can customize the
 
 [:octicons-home-16: Homepage](https://controld.com){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://controld.com/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://docs.controld.com/docs/getting-started){ .card-link title="Documentation" }
+[:octicons-info-16:](https://docs.controld.com/docs/getting-started){ .card-link title=Documentation}
 [:octicons-code-16:](https://github.com/Control-D-Inc/ctrld){ .card-link title="Source Code" }
 
 <details class="downloads" markdown>
@@ -138,7 +138,7 @@ These DNS filtering solutions offer a web dashboard where you can customize the
 
 [:octicons-home-16: Homepage](https://nextdns.io){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://nextdns.io/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://help.nextdns.io){ .card-link title="Documentation" }
+[:octicons-info-16:](https://help.nextdns.io){ .card-link title=Documentation}
 [:octicons-code-16:](https://github.com/nextdns/nextdns){ .card-link title="Source Code" }
 
 <details class="downloads" markdown>
@@ -175,7 +175,7 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](ad
 
 [:octicons-home-16: Homepage](https://rethinkdns.com){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://rethinkdns.com/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://docs.rethinkdns.com){ .card-link title="Documentation" }
+[:octicons-info-16:](https://docs.rethinkdns.com){ .card-link title=Documentation}
 [:octicons-code-16:](https://github.com/celzero/rethink-app){ .card-link title="Source Code" }
 
 <details class="downloads" markdown>
@@ -198,10 +198,10 @@ While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot
 
 **DNSCrypt-Proxy** is a DNS proxy with support for [DNSCrypt](advanced/dns-overview.md#dnscrypt), [DoH](advanced/dns-overview.md#dns-over-https-doh), and [Anonymized DNS](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Anonymized-DNS).
 
-[:octicons-repo-16: Repository](https://github.com/DNSCrypt/dnscrypt-proxy#readme){ .md-button .md-button--primary }
-[:octicons-info-16:](https://github.com/DNSCrypt/dnscrypt-proxy/wiki){ .card-link title="Documentation" }
+[:octicons-repo-16: Repository](https://github.com/DNSCrypt/dnscrypt-proxy){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/DNSCrypt/dnscrypt-proxy/wiki){ .card-link title=Documentation}
 [:octicons-code-16:](https://github.com/DNSCrypt/dnscrypt-proxy){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://opencollective.com/dnscrypt/contribute){ .card-link title="Contribute" }
+[:octicons-heart-16:](https://opencollective.com/dnscrypt/contribute){ .card-link title=Contribute }
 
 <details class="downloads" markdown>
 <summary>Downloads</summary>

docs/document-collaboration.md

@@ -1,16 +1,18 @@
 ---
-title: Document Collaboration
+title: "Document Collaboration"
 icon: material/account-group
-description: Most online office suites do not support end-to-end encryption, meaning the cloud provider has access to everything you do.
+description: Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do.
 cover: document-collaboration.webp
 ---
 <small>Protects against the following threat(s):</small>
 
 - [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers){ .pg-teal }
 
-Most online office suites do not support end-to-end encryption, meaning the cloud provider has access to everything you do. The provider's privacy policy may legally protect your rights, but it does not provide technical access constraints.
+Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. The provider's privacy policy may legally protect your rights, but it does not provide technical access constraints.
 
-## Nextcloud
+## Collaboration Platforms
+
+### Nextcloud
 
 <div class="admonition recommendation" markdown>
 
@@ -45,29 +47,24 @@ We don't recommend using the [E2EE App](https://apps.nextcloud.com/apps/end_to_e
 
 </div>
 
-## CryptPad
+### CryptPad
 
 <div class="admonition recommendation" markdown>
 
 ![CryptPad logo](assets/img/document-collaboration/cryptpad.svg){ align=right }
 
-**CryptPad** is a private-by-design alternative to popular office tools. All content on this web service is E2EE and can be shared with other users easily.
-
-[:material-star-box: Read our latest CryptPad review.](https://www.privacyguides.org/articles/2025/02/07/cryptpad-review)
+**CryptPad** is a private-by-design alternative to popular office tools. All content on this web service is end-to-end encrypted and can be shared with other users easily. [:material-star-box: Read our latest CryptPad review.](https://www.privacyguides.org/articles/2025/02/07/cryptpad-review/)
 
 [:octicons-home-16: Homepage](https://cryptpad.fr){ .md-button .md-button--primary }
-[:octicons-server-16:](https://cryptpad.org/instances){ .card-link title="Public Instances" }
 [:octicons-eye-16:](https://cryptpad.fr/pad/#/2/pad/view/GcNjAWmK6YDB3EO2IipRZ0fUe89j43Ryqeb4fjkjehE){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://docs.cryptpad.fr){ .card-link title="Documentation" }
+[:octicons-info-16:](https://docs.cryptpad.fr){ .card-link title=Documentation}
 [:octicons-code-16:](https://github.com/xwiki-labs/cryptpad){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://opencollective.com/cryptpad){ .card-link title="Contribute" }
+[:octicons-heart-16:](https://opencollective.com/cryptpad){ .card-link title=Contribute }
 
 </details>
 
 </div>
 
-The CryptPad team hosts a [public instance](https://cryptpad.fr). You can also use other public instances.
-
 ### Criteria
 
 **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
@@ -81,7 +78,7 @@ In general, we define collaboration platforms as full-fledged suites which could
 - Must have sync clients for Linux, macOS, and Windows.
 - Must support document and spreadsheet editing.
 - Must support real-time document collaboration.
-- Must support exporting documents to standard document formats (e.g., ODF).
+- Must support exporting documents to standard document formats (e.g. ODF).
 
 #### Best-Case
 

docs/encryption.md

@@ -64,7 +64,7 @@ Cryptomator's documentation details its intended [security target](https://docs.
 
 **Picocrypt** is a small and simple encryption tool that provides modern encryption. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security. It uses Go's standard x/crypto modules for its encryption features.
 
-[:octicons-repo-16: Repository](https://github.com/Picocrypt/Picocrypt#readme){ .md-button .md-button--primary }
+[:octicons-repo-16: Repository](https://github.com/Picocrypt/Picocrypt){ .md-button .md-button--primary }
 [:octicons-code-16:](https://github.com/Picocrypt/Picocrypt){ .card-link title="Source Code" }
 [:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title="Contribute" }
 
@@ -206,7 +206,7 @@ We advise against using your iCloud account for recovery; instead, you should se
 
 **LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers.
 
-[:octicons-repo-16: Repository](https://gitlab.com/cryptsetup/cryptsetup#what-the-){ .md-button .md-button--primary }
+[:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
 [:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title="Documentation" }
 [:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup){ .card-link title="Source Code" }
 

docs/file-sharing.md

@@ -1,5 +1,5 @@
 ---
-title: File Sharing and Sync
+title: "File Sharing and Sync"
 icon: material/share-variant
 description: Discover how to privately share your files between your devices, with your friends and family, or anonymously online.
 cover: file-sharing.webp
@@ -20,24 +20,22 @@ If you already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarde
 
 ![Send logo](assets/img/file-sharing-sync/send.svg){ align=right }
 
-**Send** is a fork of Mozilla's discontinued Firefox Send service which allows you to send files to others with a link. Files are encrypted on your device so that they cannot be read by the server, and they can be optionally password-protected as well.
+**Send** is a fork of Mozilla's discontinued Firefox Send service which allows you to send files to others with a link. Files are encrypted on your device so that they cannot be read by the server, and they can be optionally password-protected as well. The maintainer of Send hosts a [public instance](https://send.vis.ee). You can use other public instances, or you can host Send yourself.
 
-[:octicons-repo-16: Repository](https://github.com/timvisee/send#readme){ .md-button .md-button--primary }
-[:octicons-server-16:](https://github.com/timvisee/send-instances){ .card-link title="Public Instances" }
-[:octicons-info-16:](https://github.com/timvisee/send/tree/master/docs){ .card-link title="Documentation" }
+[:octicons-home-16: Homepage](https://send.vis.ee){ .md-button .md-button--primary }
+[:octicons-server-16:](https://github.com/timvisee/send-instances){ .card-link title="Public Instances"}
+[:octicons-info-16:](https://github.com/timvisee/send#readme){ .card-link title=Documentation}
 [:octicons-code-16:](https://github.com/timvisee/send){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://github.com/sponsors/timvisee){ .card-link title="Contribute" }
+[:octicons-heart-16:](https://github.com/sponsors/timvisee){ .card-link title=Contribute }
 
 </details>
 
 </div>
 
-You can use Send through a number of public instances, or you can host Send yourself.
-
-You can use Send via its web interface or via the [ffsend](https://github.com/timvisee/ffsend) CLI. If you are familiar with the command line and send files frequently, we recommend using the command line tool to avoid JavaScript-based encryption. You can specify the `--host` flag to use a specific server:
+Send can be used via its web interface or via the [ffsend](https://github.com/timvisee/ffsend) CLI. If you are familiar with the command-line and send files frequently, we recommend using the CLI client to avoid JavaScript-based encryption. You can specify the `--host` flag to use a specific server:
 
 ```bash
-ffsend upload --host https://example.com/ FILE
+ffsend upload --host https://send.vis.ee/ FILE
 ```
 
 ### OnionShare
@@ -50,7 +48,7 @@ ffsend upload --host https://example.com/ FILE
 
 [:octicons-home-16: Homepage](https://onionshare.org){ .md-button .md-button--primary }
 [:simple-torbrowser:](http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion){ .card-link title="Onion Service" }
-[:octicons-info-16:](https://docs.onionshare.org){ .card-link title="Documentation" }
+[:octicons-info-16:](https://docs.onionshare.org){ .card-link title=Documentation}
 [:octicons-code-16:](https://github.com/onionshare/onionshare){ .card-link title="Source Code" }
 
 <details class="downloads" markdown>
@@ -135,12 +133,12 @@ We don't recommend using the [E2EE App](https://apps.nextcloud.com/apps/end_to_e
 
 ![Syncthing logo](assets/img/file-sharing-sync/syncthing.svg){ align=right }
 
-**Syncthing** is an open-source peer-to-peer continuous file synchronization utility. It is used to synchronize files between two or more devices over the local network or the internet.
+**Syncthing** is an open-source peer-to-peer continuous file synchronization utility. It is used to synchronize files between two or more devices over the local network or the internet. Syncthing does not use a centralized server; it uses the [Block Exchange Protocol](https://docs.syncthing.net/specs/bep-v1.html#bep-v1) to transfer data between devices. All data is encrypted using TLS.
 
 [:octicons-home-16: Homepage](https://syncthing.net){ .md-button .md-button--primary }
-[:octicons-info-16:](https://docs.syncthing.net){ .card-link title="Documentation" }
+[:octicons-info-16:](https://docs.syncthing.net){ .card-link title=Documentation}
 [:octicons-code-16:](https://github.com/syncthing){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://syncthing.net/donations){ .card-link title="Contribute" }
+[:octicons-heart-16:](https://syncthing.net/donations){ .card-link title=Contribute }
 
 <details class="downloads" markdown>
 <summary>Downloads</summary>
@@ -154,8 +152,6 @@ We don't recommend using the [E2EE App](https://apps.nextcloud.com/apps/end_to_e
 
 </div>
 
-Syncthing does not use a centralized server; it uses the [Block Exchange Protocol](https://docs.syncthing.net/specs/bep-v1.html#bep-v1) to transfer data between devices. All data is encrypted using TLS.
-
 ### Criteria
 
 **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
@@ -173,5 +169,5 @@ Our best-case criteria represents what we would like to see from the perfect pro
 - Should have mobile clients for iOS and Android which at least support document previews.
 - Should support photo backups from iOS and Android, and optionally support file/folder sync on Android.
 
-[^1]: Proton Drive allows you to [share files or folders](https://proton.me/support/drive-shareable-link) by generating a shareable public link or sending a unique link to a designated email address. Public links can be protected with a password, set to expire, and completely revoked, while links shared via email can have custom permissions and be similarly revoked. Per Proton Drive's [privacy policy](https://proton.me/drive/privacy-policy), file contents, file and folder names, and thumbnail previews are E2EE.
-[^2]: With a [premium](https://bitwarden.com/help/about-bitwarden-plans/#compare-personal-plans) subscription, [Bitwarden Send](https://bitwarden.com/products/send) allows you to share files and text [securely with E2EE](https://bitwarden.com/help/send-encryption). A [password](https://bitwarden.com/help/send-privacy/#send-passwords) can be required along with the Send link. Bitwarden Send also features [automatic deletion](https://bitwarden.com/help/send-lifespan).
+[^1]: Proton Drive allows you to [share files or folders](https://proton.me/support/drive-shareable-link) by generating a shareable public link or sending a unique link to a designated email address. Public links can be protected with a password, set to expire, and completely revoked, while links shared via email can have custom permissions and be similarly revoked. Per Proton Drive's [privacy policy](https://proton.me/drive/privacy-policy), file contents, file and folder names, and thumbnail previews are end-to-end encrypted.
+[^2]: With a [premium](https://bitwarden.com/help/about-bitwarden-plans/#compare-personal-plans) subscription, [Bitwarden Send](https://bitwarden.com/products/send) allows you to share files and text securely with [end-to-end encryption](https://bitwarden.com/help/send-encryption). A [password](https://bitwarden.com/help/send-privacy/#send-passwords) can be required along with the Send link. Bitwarden Send also features [automatic deletion](https://bitwarden.com/help/send-lifespan).

docs/frontends.md

@@ -16,28 +16,28 @@ When you are using an instance run by someone else, make sure to read the privac
 
 ## Reddit
 
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-The [Old Reddit](https://old.reddit.com) website doesn't require as much JavaScript as the new Reddit website does, but it has recently blocked access to IP addresses reserved for public VPNs. You can access Old Reddit through their [Tor](tor.md) onion service [launched in October 2022](https://forum.torproject.org/t/reddit-onion-service-launch/5305) at [https://old.reddittorjg6rue252oqsxryoxengawnmo46qy4kyii5wtqnwfj4ooad.onion](https://old.reddittorjg6rue252oqsxryoxengawnmo46qy4kyii5wtqnwfj4ooad.onion).
-
-</div>
-
 ### Redlib
 
 <div class="admonition recommendation" markdown>
 
 ![Redlib logo](assets/img/frontends/redlib.svg){ align=right }
 
-**Redlib** is an open-source frontend to the [Reddit](https://reddit.com) website that is also self-hostable.
+**Redlib** is an open-source frontend to the [Reddit](https://reddit.com) website that is also self-hostable. You can access Redlib through a number of public instances.
 
-[:octicons-repo-16: Repository](https://github.com/redlib-org/redlib#readme){ .md-button .md-button--primary }
+[:octicons-repo-16: Repository](https://github.com/redlib-org/redlib){ .md-button .md-button--primary }
 [:octicons-server-16:](https://github.com/redlib-org/redlib-instances/blob/main/instances.md){ .card-link title="Public Instances" }
-[:octicons-info-16:](https://github.com/redlib-org/redlib#table-of-contents){ .card-link title="Documentation" }
+[:octicons-info-16:](https://github.com/redlib-org/redlib?tab=readme-ov-file#table-of-contents){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/redlib-org/redlib){ .card-link title="Source Code" }
 
 </div>
 
+<div class="admonition note" markdown>
+<p class="admonition-title">Note</p>
+
+The [Old Reddit](https://old.reddit.com) website doesn't require as much JavaScript as the new Reddit website does, but it has recently blocked access to IP addresses reserved for public VPNs. You can use Old Reddit in conjunction with the [Tor](tor.md) Onion that was [launched in October 2022](https://forum.torproject.org/t/reddit-onion-service-launch/5305) at [https://old.reddittorjg6rue252oqsxryoxengawnmo46qy4kyii5wtqnwfj4ooad.onion](https://old.reddittorjg6rue252oqsxryoxengawnmo46qy4kyii5wtqnwfj4ooad.onion).
+
+</div>
+
 <div class="admonition tip" markdown>
 <p class="admonition-title">Tip</p>
 
@@ -45,8 +45,6 @@ Redlib is useful if you want to disable JavaScript in your browser, such as [Tor
 
 </div>
 
-You can access Redlib through a number of public instances, with some that offer a [Tor](tor.md) onion service.
-
 ## TikTok
 
 ### ProxiTok
@@ -57,7 +55,9 @@ You can access Redlib through a number of public instances, with some that offer
 
 **ProxiTok** is an open-source frontend to the [TikTok](https://tiktok.com) website that is also self-hostable.
 
-[:octicons-repo-16: Repository](https://github.com/pablouser1/ProxiTok#readme){ .md-button .md-button--primary }
+There are a number of public instances, with some that offer a [Tor](tor.md) onion service or an [I2P](alternative-networks.md#i2p-the-invisible-internet-project) eepsite.
+
+[:octicons-repo-16: Repository](https://github.com/pablouser1/ProxiTok){ .md-button .md-button--primary }
 [:octicons-server-16:](https://github.com/pablouser1/ProxiTok/wiki/Public-instances){ .card-link title="Public Instances" }
 [:octicons-info-16:](https://github.com/pablouser1/ProxiTok/wiki){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/pablouser1/ProxiTok){ .card-link title="Source Code" }
@@ -73,8 +73,6 @@ ProxiTok is useful if you want to disable JavaScript in your browser, such as [T
 
 </div>
 
-You can access ProxiTok through a number of public instances, with some that offer a [Tor](tor.md) onion service or an [I2P](alternative-networks.md#i2p-the-invisible-internet-project) eepsite.
-
 ## YouTube
 
 **Note:** YouTube has gradually rolled out changes to its video player and API that have thwarted some of the methods used by third-party frontends for extracting YouTube data. If you experience reliability issues with one YouTube frontend, consider trying out another that uses a different extraction method.
@@ -88,8 +86,10 @@ You can access ProxiTok through a number of public instances, with some that off
 
 **Invidious** is a free and open-source frontend for [YouTube](https://youtube.com) that is also self-hostable.
 
+There are a number of public instances, with some that offer a [Tor](tor.md) onion service or an [I2P](alternative-networks.md#i2p-the-invisible-internet-project) eepsite.
+
 [:octicons-home-16: Homepage](https://invidious.io){ .md-button .md-button--primary }
-[:octicons-server-16:](https://docs.invidious.io/instances){ .card-link title="Public Instances" }
+[:octicons-server-16:](https://instances.invidious.io){ .card-link title="Public Instances" }
 [:octicons-info-16:](https://docs.invidious.io){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/iv-org/invidious){ .card-link title="Source Code" }
 [:octicons-heart-16:](https://invidious.io/donate){ .card-link title="Contribute" }
@@ -112,8 +112,6 @@ Invidious is useful if you want to disable JavaScript in your browser, such as [
 
 </div>
 
-You can access Invidious through a number of public instances, with some that offer a [Tor](tor.md) onion service or an [I2P](alternative-networks.md#i2p-the-invisible-internet-project) eepsite.
-
 ### Piped
 
 <div class="admonition recommendation" markdown>
@@ -122,8 +120,10 @@ You can access Invidious through a number of public instances, with some that of
 
 **Piped** is a free and open-source frontend for [YouTube](https://youtube.com) that is also self-hostable.
 
-[:octicons-repo-16: Repository](https://github.com/TeamPiped/Piped#readme){ .md-button .md-button--primary }
-[:octicons-server-16:](https://github.com/TeamPiped/documentation/blob/main/content/docs/public-instances/index.md){ .card-link title="Public Instances" }
+Piped requires JavaScript in order to function and there are a number of public instances.
+
+[:octicons-repo-16: Repository](https://github.com/TeamPiped/Piped){ .md-button .md-button--primary }
+[:octicons-server-16:](https://github.com/TeamPiped/Piped/wiki/Instances){ .card-link title="Public Instances" }
 [:octicons-info-16:](https://docs.piped.video/docs){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/TeamPiped/Piped){ .card-link title="Source Code" }
 [:octicons-heart-16:](https://github.com/TeamPiped/Piped#donations){ .card-link title="Contribute" }
@@ -139,17 +139,15 @@ Piped is useful if you want to use [SponsorBlock](https://sponsor.ajay.app) with
 
 </div>
 
-You can access Piped through a number of public instances. Piped requires JavaScript in order to function.
-
 ### FreeTube
 
 <div class="admonition recommendation" markdown>
 
 ![FreeTube logo](assets/img/frontends/freetube.svg){ align=right }
 
-**FreeTube** is a free and open-source desktop application for [YouTube](https://youtube.com).
+**FreeTube** is a free and open-source desktop application for [YouTube](https://youtube.com). FreeTube extracts data from YouTube using its built-in API based on [YouTube.js](https://github.com/LuanRT/YouTube.js) or the [Invidious](#invidious) API. You can configure either as the default, with the other serving as a fallback.
 
-Your subscription list and playlists are saved locally on your device.
+When using FreeTube, your subscription list and playlists are saved locally on your device.
 
 [:octicons-home-16: Homepage](https://freetubeapp.io){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://freetubeapp.io/privacy.php){ .card-link title="Privacy Policy" }
@@ -176,8 +174,6 @@ When using FreeTube, your IP address may still be known to YouTube, [Invidious](
 
 </div>
 
-FreeTube extracts data from YouTube using its built-in API based on [YouTube.js](https://github.com/LuanRT/YouTube.js) or the [Invidious](#invidious) API. You can configure either as the default, with the other serving as a fallback.
-
 By default, FreeTube blocks all YouTube advertisements. In addition, FreeTube optionally integrates with [SponsorBlock](https://sponsor.ajay.app) to help you skip sponsored video segments.
 
 ### Yattee
@@ -186,11 +182,11 @@ By default, FreeTube blocks all YouTube advertisements. In addition, FreeTube op
 
 ![Yattee logo](assets/img/frontends/yattee.svg){ align=right }
 
-**Yattee** is a free and open-source, privacy-oriented video player for iOS, tvOS, and macOS for [YouTube](https://youtube.com).
+**Yattee** is a free and open-source privacy oriented video player for iOS, tvOS, and macOS for [YouTube](https://youtube.com). Due to App Store restrictions, you will need to take a few [extra steps](https://web.archive.org/web/20230330122839/https://gonzoknows.com/posts/Yattee) before you can use Yattee to watch YouTube. Yattee allows you to connect to instances of [Invidious](#invidious) or [Piped](#piped).
 
-Your subscription list is saved locally on your device.
+When using Yattee, your subscription list is saved locally on your device.
 
-[:octicons-repo-16: Repository](https://github.com/yattee/yattee#readme){ .md-button .md-button--primary }
+[:octicons-home-16: Homepage](https://github.com/yattee/yattee){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://r.yattee.stream/docs/privacy.html){ .card-link title="Privacy Policy" }
 [:octicons-info-16:](https://github.com/yattee/yattee/wiki){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/yattee/yattee){ .card-link title="Source Code" }
@@ -213,8 +209,6 @@ When using Yattee, your IP address may still be known to YouTube, [Invidious](ht
 
 </div>
 
-Due to App Store restrictions, you will need to take a few [extra steps](https://web.archive.org/web/20230330122839/https://gonzoknows.com/posts/Yattee) before you can use Yattee to watch YouTube. Yattee allows you to connect to instances of [Invidious](#invidious) or [Piped](#piped).
-
 By default, Yattee blocks all YouTube advertisements. In addition, Yattee optionally integrates with [SponsorBlock](https://sponsor.ajay.app) to help you skip sponsored video segments.
 
 ### LibreTube (Android)
@@ -224,7 +218,7 @@ By default, Yattee blocks all YouTube advertisements. In addition, Yattee option
 ![LibreTube logo](assets/img/frontends/libretube.svg#only-light){ align=right }
 ![LibreTube logo](assets/img/frontends/libretube-dark.svg#only-dark){ align=right }
 
-**LibreTube** is a free and open-source Android application for [YouTube](https://youtube.com).
+**LibreTube** is a free and open-source Android application for [YouTube](https://youtube.com) which uses the [Piped](#piped) API.
 
 Your subscription list and playlists are saved locally on your Android device.
 
@@ -250,8 +244,6 @@ When using LibreTube, your IP address will be visible to YouTube, [Piped](https:
 
 </div>
 
-LibreTube extracts data from YouTube using the [Piped](#piped) API.
-
 By default, LibreTube blocks all YouTube advertisements. Additionally, LibreTube uses [SponsorBlock](https://sponsor.ajay.app) to help you skip sponsored video segments. You are able to fully configure the types of segments that SponsorBlock will skip, or disable it completely. There is also a button on the video player itself to disable it for a specific video if desired.
 
 ### NewPipe (Android)
@@ -284,7 +276,7 @@ Your subscription list and playlists are saved locally on your Android device.
 <div class="admonition warning" markdown>
 <p class="admonition-title">Warning</p>
 
-When using NewPipe, your IP address will be visible to the video providers you access. Consider using a [VPN](vpn.md) or [Tor](tor.md) if your [threat model](basics/threat-modeling.md) requires hiding your IP address.
+When using NewPipe, your IP address will be visible to the video providers used. Consider using a [VPN](vpn.md) or [Tor](tor.md) if your [threat model](basics/threat-modeling.md) requires hiding your IP address.
 
 </div>
 

docs/health-and-wellness.md

@@ -1,8 +1,8 @@
 ---
-meta_title: "Privacy-Respecting Health and Wellness apps for Android and iOS - Privacy Guides"
-title: "Health and Wellness"
+meta_title: "Privacy Respecting Health and Wellness apps for Android and iOS - Privacy Guides"
+title: "Health and Wellness Apps"
 icon: material/heart-pulse
-description: These applications are what we currently recommend for all health- and fitness-related activites on your phone.
+description: These applications are what we currently recommend for all health and fitness-related activites on your phone.
 cover: health.webp
 ---
 <small>Protects against the following threat(s):</small>
@@ -102,7 +102,7 @@ These general purpose apps can do everything from counting steps and tracking sl
 <details class="downloads" markdown>
 <summary>Downloads</summary>
 
-- [:simple-fdroid: F-Droid](https://f-droid.org/packages/nodomain.freeyourgadget.gadgetbridge)
+- [:simple-android: F-Droid](https://f-droid.org/packages/nodomain.freeyourgadget.gadgetbridge)
 
 </details>
 

docs/index.md

@@ -113,6 +113,6 @@ In the modern age of digital data exploitation, your privacy has never been more
 
 Many people get the concepts of privacy, security, and anonymity confused. You'll see people criticize various products as "not private" when really they mean it doesn't provide anonymity, for example. On this website, we cover all three of these topics, but it is important you understand the difference between them, and when each one comes into play.
 
-[:material-movie-open-play-outline: Video: 5 Steps to Improve Your Privacy](https://www.privacyguides.org/videos/2025/02/14/5-easy-steps-to-protect-yourself-online){ class="md-button" }
+[:material-movie-open-play-outline: Video: 5 Steps to Improve Your Privacy](https://www.privacyguides.org/videos/2025/02/14/5-easy-steps-to-protect-yourself-online/){ class="md-button" }
 </div>
 </div>

docs/language-tools.md

@@ -9,7 +9,7 @@ cover: language-tools.webp
 - [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers){ .pg-teal }
 - [:material-account-cash: Surveillance Capitalism](basics/common-threats.md#surveillance-as-a-business-model){ .pg-brown }
 
-Text inputted to grammar, spelling, and style checkers, as well as translation services, can contain sensitive information which may be stored on their servers for an indefinite amount of time and sold to third parties. The language tools listed on this page do not store your submitted text on a server and can be self-hosted and used offline for maximum control of your data.
+Text inputted to grammar, spelling, and style checkers, as well as translation services, can contain sensitive information which may be stored on their servers for an indefinite amount of time and sold to third parties. The language tools listed on this page do not store your submitted text to a server, and can be self-hosted and used offline for maximum control of your data.
 
 ## LanguageTool
 
@@ -22,7 +22,7 @@ Text inputted to grammar, spelling, and style checkers, as well as translation s
 
 [:octicons-home-16: Homepage](https://languagetool.org){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://languagetool.org/legal/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://languagetooler.freshdesk.com/en/support/solutions){ .card-link title="Documentation" }
+[:octicons-info-16:](https://languagetooler.freshdesk.com/en/support/solutions){ .card-link title=Documentation}
 [:octicons-code-16:](https://github.com/languagetool-org){ .card-link title="Source Code" }
 
 <details class="downloads" markdown>
@@ -32,7 +32,7 @@ Text inputted to grammar, spelling, and style checkers, as well as translation s
 - [:fontawesome-brands-windows: Windows](https://languagetool.org/windows-desktop)
 - [:simple-apple: macOS](https://languagetool.org/mac-desktop)
 - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/languagetool)
-- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/oldceeleldhonbafppcapldpdifcinji)
+- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/grammar-and-spell-checker/oldceeleldhonbafppcapldpdifcinji)
 - [:fontawesome-brands-edge: Edge](https://microsoftedge.microsoft.com/addons/detail/hfjadhjooeceemgojogkhlppanjkbobc)
 - [:simple-safari: Safari](https://apps.apple.com/app/id1534275760)
 

docs/maps.md

@@ -19,7 +19,7 @@ The recommendations here either do not collect any user data or at least do not
 
 ![Organic Maps logo](assets/img/maps/organic-maps.svg){ align=right }
 
-**Organic Maps** is an open-source, community-developed map display and satnav-style navigation app for walkers, drivers, and cyclists. The app offers worldwide, offline maps based on OpenStreetMap data, and navigation with privacy — no location tracking, no data collection, and no ads. The app can be used completely offline.
+**Organic Maps** is an open source, community-developed map display and satnav-style navigation app for walkers, drivers, and cyclists. The app offers worldwide offline maps based on OpenStreetMap data, and navigation with privacy — no location tracking, no data collection, and no ads. The app can be used completely offline.
 
 Features include cycling routes, hiking trails and walking paths, turn-by-turn navigation with voice guidance, and public transport route planning (only available in supported regions and cities).
 
@@ -47,7 +47,7 @@ Please note that Organic Maps is a simple, basic app that lacks certain features
 
 ![OsmAnd logo](assets/img/maps/osmand.svg){ align=right }
 
-**OsmAnd** is an offline map and navigation application based on OpenStreetMap that offers turn-by-turn navigation for walking, cycling, driving, as well as public transport. It is open source and does not collect any user data.
+**OsmAnd** is an offline map and navigation application based on OpenStreetMap, offering turn-by-turn navigation for walking, cycling, driving, as well as public transport. It is open-source and does not collect any user data.
 
 [:octicons-home-16: Homepage](https://osmand.net){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://osmand.net/docs/legal/privacy-policy){ .card-link title="Privacy Policy" }
@@ -59,15 +59,13 @@ Please note that Organic Maps is a simple, basic app that lacks certain features
 
 - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=net.osmand)
 - [:simple-android: Android](https://osmand.net/docs/versions/free-versions)
-- [:simple-appstore: App Store](https://apps.apple.com/us/app/id934850257)
+- [:simple-appstore: App Store](https://apps.apple.com/us/app/osmand-maps-travel-navigate/id934850257)
 
 </details>
 
 </div>
 
-OsmAnd allows you to overlay or underlay external map data, such as satellite images from Microsoft or [traffic data](https://themm.net/public/osmand_traffic) from Google, although the latter is ignored by the automatic route planning. OsmAnd also has an optional integration of street view images provided by [Mapillary](https://mapillary.com).
-
-You can find a detailed overview of OsmAnd's supported [features](https://wiki.openstreetmap.org/wiki/OsmAnd#Features) on the OpenStreet Map Wiki.
+Compared to Organic Maps, OsmAnd has more [features](https://wiki.openstreetmap.org/wiki/OsmAnd#Features) but is also more complicated to use. One noteworthy feature is the ability to overlay or underlay external map data, such as satellite images from Microsoft or [traffic data](https://web.archive.org/web/20211203063453/http://themm.net/public/osmand_traffic) from Google, although the latter is ignored by the automatic route planning. OsmAnd also has an optional integration of street view images provided by [Mapillary](https://mapillary.com).
 
 ## Criteria
 

docs/meta/admonitions.md

@@ -1,294 +0,0 @@
----
-title: Admonitions
-description: A guide for website contributors on creating admonitions.
----
-
-**Admonitions** (or "call-outs") are tools that writers can use to include side content in an article without interrupting the document flow.
-
-<div class="admonition example" markdown>
-<p class="admonition-title">Example Admonition</p>
-
-This is an example of an admonition. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nulla et euismod nulla. Curabitur feugiat, tortor non consequat finibus, justo purus auctor massa, nec semper lorem quam in massa.
-
-</div>
-
-<details class="example" markdown>
-<summary>Example Collapsible Admonition</summary>
-
-This is an example of a collapsible admonition. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nulla et euismod nulla. Curabitur feugiat, tortor non consequat finibus, justo purus auctor massa, nec semper lorem quam in massa.
-
-</details>
-
-## Formatting
-
-To add an admonition to a page, you can use the following code:
-
-```markdown title="Admonition"
-<div class="admonition TYPE" markdown>
-<p class="admonition-title">TITLE</p>
-
-ENCLOSED TEXT
-
-</div>
-```
-
-```markdown title="Collapsible Admonition"
-<details class="TYPE" markdown>
-<summary>TITLE</summary>
-
-ENCLOSED TEXT
-
-</details>
-```
-
-The `TITLE` must be specified; if you don't want a specific title you can set it to the same text as the `TYPE` (see below) in title case, e.g. `Note`. The `ENCLOSED TEXT` should be Markdown formatted.
-
-### Regular types
-
-Replace `TYPE` in the examples above with one of the following:
-
-#### `note`
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit.
-
-</div>
-
-#### `abstract`
-
-<div class="admonition abstract" markdown>
-<p class="admonition-title">Abstract</p>
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit.
-
-</div>
-
-#### `info`
-
-<div class="admonition info" markdown>
-<p class="admonition-title">Info</p>
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit.
-
-</div>
-
-#### `tip`
-
-<div class="admonition tip" markdown>
-<p class="admonition-title">Tip</p>
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit.
-
-</div>
-
-#### `success`
-
-<div class="admonition success" markdown>
-<p class="admonition-title">Success</p>
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit.
-
-</div>
-
-#### `question`
-
-<div class="admonition question" markdown>
-<p class="admonition-title">Question</p>
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit.
-
-</div>
-
-#### `warning`
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warning</p>
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit.
-
-</div>
-
-#### `failure`
-
-<div class="admonition failure" markdown>
-<p class="admonition-title">Failure</p>
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit.
-
-</div>
-
-#### `danger`
-
-<div class="admonition danger" markdown>
-<p class="admonition-title">Danger</p>
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit.
-
-</div>
-
-#### `bug`
-
-<div class="admonition bug" markdown>
-<p class="admonition-title">Bug</p>
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit.
-
-</div>
-
-#### `example`
-
-<div class="admonition example" markdown>
-<p class="admonition-title">Example</p>
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit.
-
-</div>
-
-#### `quote`
-
-<div class="admonition quote" markdown>
-<p class="admonition-title">Quote</p>
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit.
-
-</div>
-
-### Special Types
-
-#### `recommendation`
-
-This format is used to generate recommendation cards. Notably it is missing the `<p class="admonition-title">` element.
-
-``` markdown title="Recommendation Card"
-<div class="admonition recommendation" markdown>
-
-![PhotoPrism logo](assets/img/photo-management/photoprism.svg){ align=right }
-
-**PhotoPrism** is a self-hostable platform for managing photos. It supports album syncing and sharing as well as a variety of other [features](https://photoprism.app/features). It does not include end-to-end encryption, so it's best hosted on a server that you trust and is under your control.
-
-[:octicons-home-16: Homepage](https://photoprism.app){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://photoprism.app/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://photoprism.app/kb){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/photoprism){ .card-link title="Source Code" }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-github: GitHub](https://github.com/photoprism)
-
-</details>
-
-</div>
-```
-
-<div class="result" markdown>
-
-<div class="admonition recommendation" markdown>
-
-![PhotoPrism logo](../assets/img/photo-management/photoprism.svg){ align=right }
-
-**PhotoPrism** is a self-hostable platform for managing photos. It supports album syncing and sharing as well as a variety of other [features](https://photoprism.app/features). It does not include end-to-end encryption, so it's best hosted on a server that you trust and is under your control.
-
-[:octicons-home-16: Homepage](https://photoprism.app){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://photoprism.app/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://photoprism.app/kb){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/photoprism){ .card-link title="Source Code" }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-github: GitHub](https://github.com/photoprism)
-
-</details>
-
-</div>
-
-</div>
-
-#### `downloads`
-
-This is a special type of collapsible admonition which is used to generate sections containing download links. It is only used within recommendation cards, as shown in the example above.
-
-```markdown title="Downloads Section"
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonmail.android)
-- [:simple-appstore: App Store](https://apps.apple.com/app/id979659905)
-- [:simple-github: GitHub](https://github.com/ProtonMail/android-mail/releases)
-- [:fontawesome-brands-windows: Windows](https://proton.me/mail/bridge#download)
-- [:simple-apple: macOS](https://proton.me/mail/bridge#download)
-- [:simple-linux: Linux](https://proton.me/mail/bridge#download)
-- [:octicons-browser-16: Web](https://mail.proton.me)
-
-</details>
-```
-
-<div class="result" markdown>
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonmail.android)
-- [:simple-appstore: App Store](https://apps.apple.com/app/id979659905)
-- [:simple-github: GitHub](https://github.com/ProtonMail/android-mail/releases)
-- [:fontawesome-brands-windows: Windows](https://proton.me/mail/bridge#download)
-- [:simple-apple: macOS](https://proton.me/mail/bridge#download)
-- [:simple-linux: Linux](https://proton.me/mail/bridge#download)
-- [:octicons-browser-16: Web](https://mail.proton.me)
-
-</details>
-
-</div>
-
-## Old Format
-
-Throughout the site, you may see some admonitions formatted like the following examples:
-
-``` markdown title="Admonition"
-!!! note
-
-    Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nulla et euismod
-    nulla. Curabitur feugiat, tortor non consequat finibus, justo purus auctor
-    massa, nec semper lorem quam in massa.
-```
-
-<div class="result" markdown>
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nulla et euismod
-nulla. Curabitur feugiat, tortor non consequat finibus, justo purus auctor
-massa, nec semper lorem quam in massa.
-
-</div>
-
-</div>
-
-``` markdown title="Collapsible Admonition"
-??? example "Custom Title"
-
-    Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nulla et euismod
-    nulla. Curabitur feugiat, tortor non consequat finibus, justo purus auctor
-    massa, nec semper lorem quam in massa.
-```
-
-<div class="result" markdown>
-
-<details class="example" markdown>
-<summary>Custom Title</summary>
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nulla et euismod
-nulla. Curabitur feugiat, tortor non consequat finibus, justo purus auctor
-massa, nec semper lorem quam in massa.
-
-</details>
-
-</div>
-
-**This format is no longer used going forward** because it is incompatible with newer versions of our translation software at Crowdin. When adding a new page to the site, only the newer, HTML-based format should be used.
-
-There is no rush to convert admonitions with the old format to the new format. Pages currently using this formatting should continue to work, but we will be updating them to use the newer, HTML-based format above over time as we continue to update the site.

docs/meta/brand.md

@@ -1,23 +0,0 @@
----
-title: Branding Guidelines
-description: A guide for journalists and website contributors on proper branding of the Privacy Guides wordmark and logo.
----
-
-The name of the website is **Privacy Guides** and should **not** be changed to:
-
-<div class="pg-red" markdown>
-- PrivacyGuides
-- Privacy guides
-- PG
-- PG.org
-</div>
-
-The name of the Subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**.
-
-Additional branding guidelines can be found at [github.com/privacyguides/brand](https://github.com/privacyguides/brand)
-
-## Trademark
-
-"Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project.
-
-Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at `jonah@privacyguides.org`. Consult your legal counsel if you have questions.

docs/meta/commit-messages.md

@@ -1,78 +0,0 @@
----
-title: Commit Messages
-description: A guide for website contributors on using useful Git commit messages when making website change requests.
----
-
-For our commit messages we follow the style provided by [Conventional Commits](https://conventionalcommits.org). Not all of those suggestions are appropriate for Privacy Guides, so the main ones we use are:
-
-## Update to existing text
-
-This example could be used for an item already on the site, but includes a minor update to the description.
-
-```text
-update: Add mention of security audit (#0000)
-```
-
-## Addition or removal of recommendations/pages
-
-This example is for the addition or removal of an item. You may elaborate why it was removed in the commit paragraph below. Note the extra `!` to draw attention to a major change.
-
-```text
-update!: Remove foobar (#0000)
-
-Foobar was removed due to it having numerious security issues and being unmaintained.
-```
-
-You can actually add a `!` to *any* of the types on this page to denote particularly large changes, but this is generally where it will be most appropriate.
-
-## Feature/enhancement
-
-For new features or enhancements to the site, e.g. things that have the `enhancements` label on GitHub, it may be appropriate to signify these with:
-
-```text
-feat: Add blah blah (#0000)
-
-This change adds the forum topics to the main page
-```
-
-## Minor changes
-
-Small changes that **don't affect the meaning** of the article, e.g. correcting a typo, fixing grammar, changing formatting/whitespace, CSS updates, etc.
-
-```text
-style: Typo correction in VPN overview
-```
-
-## Development-related types
-
-These commit types are typically used for changes that won't be visible to the general audience.
-
-We use `fix:` for changes that fix site related bugs. These things will usually have the `bug` label on GitHub.
-
-```text
-fix: Remove broken Invidious embeds (#0000)
-```
-
-We use `docs:` to denote changes to the developer documentation for this website, including (but not limited to) for example the README file, or most pages in `/docs/about` or `/docs/meta`:
-
-```text
-docs: Update Git commit message guidelines (#0000)
-```
-
-We use `build:` for commits related to our build process, mainly dependency updates.
-
-```text
-build: Bump modules/mkdocs-material from 463e535 to 621a5b8
-```
-
-We use `ci:` for commits related to GitHub Actions, DevContainers, or other automated build platforms.
-
-```text
-ci: Update Netlify config (#0000)
-```
-
-We use `refactor:` for changes which neither fix a bug nor add a feature, e.g. rearranging files, navigation order, etc.
-
-```text
-refactor: Move docs/assets to theme/assets
-```

docs/meta/git-recommendations.md

@@ -1,44 +0,0 @@
----
-title: Git Recommendations
-description: A guide for website contributors on using Git effectively.
----
-If you make changes to this website on GitHub.com's web editor directly, you shouldn't have to worry about this. If you are developing locally and/or are a long-term website editor (who should probably be developing locally!), consider these recommendations.
-
-## Enable SSH Key Commit Signing
-
-You can use an existing SSH key for signing, or [create a new one](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent).
-
-1. Configure your Git client to sign commits and tags by default (remove `--global` to only sign by default for this repo):
-
-    ```bash
-    git config --global commit.gpgsign true
-    git config --global gpg.format ssh
-    git config --global tag.gpgSign true
-    ```
-
-2. Set your SSH key for signing in Git with the following command, substituting `/PATH/TO/.SSH/KEY.PUB` with the path to the public key you'd like to use, e.g. `/home/user/.ssh/id_ed25519.pub`:
-
-    ```bash
-    git config --global user.signingkey /PATH/TO/.SSH/KEY.PUB
-    ```
-
-Ensure you [add your SSH key to your GitHub account](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account#adding-a-new-ssh-key-to-your-account) **as a Signing Key** (as opposed to or in addition to as an Authentication Key).
-
-## Rebase on Git pull
-
-Use `git pull --rebase` instead of `git pull` when pulling in changes from GitHub to your local machine. This way your local changes will always be "on top of" the latest changes on GitHub, and you avoid merge commits (which are disallowed in this repo).
-
-You can set this to be the default behavior:
-
-```bash
-git config --global pull.rebase true
-```
-
-## Rebase from `main` before submitting a PR
-
-If you are working on your own branch, run these commands before submitting a PR:
-
-```bash
-git fetch origin
-git rebase origin/main
-```

docs/meta/pr-comments.md

@@ -1,43 +0,0 @@
----
-title: Commenting on PRs
-description: A guide on participating in Pull Request discussions.
----
-Please refrain from using the general **Add a comment** box in GitHub PRs when leaving a comment or performing a review.
-
-![Do not use the general "Add a comment" box in GitHub](../assets/img/meta/pr-avoid-general-comments.png)
-
-Comments that are left like this are not *threaded*, which makes it difficult to keep track of multiple conversations.
-
-Comments that are instead left in the manner described below will have a built-in reply box to keep conversations in a single thread. These comments can also be marked as resolved afterwards, so that discussion can be tracked more easily.
-
-![A screenshot of a comment in GitHub which has a built-in "reply" box, highlighted in orange.](../assets/img/meta/pr-threaded-comment.png)
-
-## Commenting
-
-To start a threaded comment, you should leave all comments under the :octicons-file-diff-16: **Files changed** tab in a PR.
-
-![Screenshot of the tabs for a pull request. The "Files changed" tab is outlined in dark orange.](https://docs.github.com/assets/cb-23571/mw-1440/images/help/pull_requests/pull-request-tabs-changed-files.webp)
-
-To leave a *general* comment on a PR, click the :octicons-comment-16: comment icon to the right of a file:
-
-![Screenshot of an image file on the "Files changed" page of a pull request. To the right of the file, a comment icon is outlined in orange.](https://docs.github.com/assets/cb-73771/mw-1440/images/help/pull_requests/pull-request-comment-on-file.webp)
-
-If the PR has multiple files changed, comment on the primary or most relevant file changed, or comment on the first file if you can't decide.
-
-To leave a comment *on a specific line* of a PR, hover over the line where you'd like to add a comment, and click the blue comment icon:
-
-![Screenshot of a diff in a pull request. Next to a line number, a blue plus icon is highlighted with an orange outline.](https://docs.github.com/assets/cb-44227/mw-1440/images/help/commits/hover-comment-icon.webp)
-
-(Optionally, you can add a comment on multiple lines. You can click the line number of the first line you want to comment on and drag down to select a range of lines, then click the blue comment icon on the last line you want to comment on. Alternatively, you can click the blue comment icon next to the first line you want to comment on, then drag down to the last line you want to comment on.)
-
-Then, type your comment and click **Add single comment**.
-
-## Reviewing
-
-When performing a review, follow the same steps as above, but click **Start a review** (and subsequently, **Add a review comment**) instead of **Add single comment**.
-
-Then, click the green **Finish your review** button at the top of the page.
-
-Do not leave any discussion comments in the *Leave a comment* box in the review finalization pop-up. You can leave it blank, or leave a short note if it will not require any follow-up. To comment on something that will require further discussion, add a comment on a file as described above instead.
-
-Then, click **Submit review**.

docs/meta/translations.md

@@ -1,34 +0,0 @@
----
-title: Translations
-description: A guide for website contributors on adding translations to our website.
----
-
-Crowdin has good documentation, and we suggest looking at their [Getting Started](https://support.crowdin.com/crowdin-intro) guide. Our site is largely written in [Markdown](https://en.wikipedia.org/wiki/Markdown), so it should be easy to contribute. This page contains some helpful pointers for translating some specific syntax you may encounter on our site.
-
-Please join our localization room on Matrix ([#pg-i18n:aragon.sh](https://matrix.to/#/%23pg-i18n:aragon.sh)) if you have any additional questions, and read our [announcement blog post](https://blog.privacyguides.org/2023/02/26/i18n-announcement) for additional information about the project.
-
-Note that the English version of the site is the primary version, meaning changes occur there first. If you notice a language falling behind the English version, please help out. We cannot guarantee the accuracy of all our translations. If you have a suggestion about content specific to your region, please open an issue or pull request to our [main repository](https://github.com/privacyguides/privacyguides.org).
-
-## Translation output
-
-Translation software gets the translation quite accurate; however, you need to make sure the translated string is correct.
-
-For example:
-
-```text
-![Software logo](assets/img/path/to/image.svg){ align=right }
-```
-
-We have sometimes found that the syntax for inserting an image like above was missing the `![` or an extra space was placed between the text and the path, e.g. `](`. If a translation string is clearly not correct, we encourage you to **delete** it by pressing the trash icon [or vote](https://support.crowdin.com/enterprise/getting-started-for-volunteers/#voting-view) on which one you think sounds best. When invalid strings are deleted, they are removed from the organization's [translation memory](https://support.crowdin.com/enterprise/translation-memory), meaning that when the source string is seen again, it won't suggest the incorrect translation.
-
-## Punctuation
-
-For examples like the above admonitions, quotation marks, e.g.: `" "` must be used to specify string text. MkDocs will not correctly interpret other symbols i.e., `「 」` or `« »`. Other punctuation marks are fine for marking regular quotations within the text otherwise.
-
-## Fullwidth alternatives and Markdown syntax
-
-CJK writing systems tend to use alternative "fullwidth" variants of common symbols. These are different characters and cannot be used for Markdown syntax.
-
-- Links must use regular parenthesis i.e. `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `（` (Fullwidth Left Parenthesis U+FF08) or `）` (Fullwidth Right Parenthesis U+FF09)
-- Indented quoted text must use `:` (Colon U+003A) and not `：` (Fullwidth Colon U+FF1A)
-- Pictures must use `!` (Exclamation Mark U+0021) and not `！` (Fullwidth Exclamation Mark U+FF01)

docs/meta/uploading-images.md

@@ -1,95 +0,0 @@
----
-title: Uploading Images
-description: A guide for website contributors on uploading images in the proper format and location.
----
-
-If you make changes to this website that involve adding new images or replacing existing ones, here are a couple of general recommendations:
-
-## Images
-
-- We **prefer** SVG images, but if those do not exist we can use PNG images. Additionally, for cover images, we prefer that they are obtained from [Unsplash](https://unsplash.com) and are in the WebP format.
-
-Company logos should be square if possible, and at least 200x200px if they are PNGs (non-vector images).
-
-## Optimization
-
-### PNG
-
-Use the [OptiPNG](https://sourceforge.net/projects/optipng) tool to optimize PNG images:
-
-```bash
-optipng -o7 file.png
-```
-
-### SVG
-
-#### Inkscape
-
-[Scour](https://github.com/scour-project/scour) all SVG images.
-
-In Inkscape:
-
-1. File > Save As...
-2. Set type to: Optimized SVG (*.svg)
-
-In the **Options** tab:
-
-- **Number of significant digits for coordinates** > **5**
-- [x] Turn on **Shorten color values**
-- [x] Turn on **Convert CSS attributes to XML attributes**
-- [x] Turn on **Collapse groups**
-- [x] Turn on **Create groups for similar attributes**
-- [ ] Turn off **Keep editor data**
-- [ ] Turn off **Keep unreferenced definitions**
-- [x] Turn on **Work around renderer bugs**
-
-In the **SVG Output** tab under **Document options**:
-
-- [ ] Turn off **Remove the XML declaration**
-- [x] Turn on **Remove metadata**
-- [x] Turn on **Remove comments**
-- [x] Turn on **Embedded raster images**
-- [x] Turn on **Enable viewboxing**
-
-In the **SVG Output** under **Pretty-printing**:
-
-- [ ] Turn off **Format output with line-breaks and indentation**
-- **Indentation characters** > Select **Space**
-- **Depth of indentation** > **1**
-- [ ] Turn off **Strip the "xml:space" attribute from the root SVG element**
-
-In the **IDs** tab:
-
-- [x] Turn on **Remove unused IDs**
-- [ ] Turn off **Shorten IDs**
-- **Prefix shortened IDs with** > `leave blank`
-- [x] Turn on **Preserve manually created IDs not ending with digits**
-- **Preserve the following IDs** > `leave blank`
-- **Preserve IDs starting with** > `leave blank`
-
-#### CLI
-
-The same can be achieved with the [Scour](https://github.com/scour-project/scour) command:
-
-```bash
-scour --set-precision=5 \
-      --create-groups \
-      --renderer-workaround \
-      --remove-descriptive-elements \
-      --enable-comment-stripping \
-      --enable-viewboxing \
-      --indent=space \
-      --nindent=1 \
-      --no-line-breaks \
-      --enable-id-stripping \
-      --protect-ids-noninkscape \
-      input.svg output.svg
-```
-
-### WebP
-
-Use the [`cwebp`](https://developers.google.com/speed/webp/docs/using) command to convert PNG or JPEG image files to WebP format:
-
-```bash
-cwebp -m 6 input_file -o output.webp
-```

docs/meta/writing-style.md

@@ -1,88 +0,0 @@
----
-title: Writing Style
-description: Our official writing style handbook for website contributors.
----
-
-Privacy Guides is written in American English, and you should refer to [APA Style guidelines](https://apastyle.apa.org/style-grammar-guidelines/grammar) when in doubt.
-
-In general the [United States federal plain language guidelines](https://plainlanguage.gov/guidelines) provide a good overview of how to write clearly and concisely. We highlight a few important notes from these guidelines below.
-
-## Writing for our audience
-
-Privacy Guides' intended [audience](https://plainlanguage.gov/guidelines/audience) is primarily adults who use technology. Don't dumb down content as if you are addressing a middle-school class, but don't overuse complicated terminology about concepts average computer users wouldn't be familiar with.
-
-### Address only what people want to know
-
-People don't need overly complex articles with little relevance to them. Figure out what you want people to accomplish when writing an article, and only include those details.
-
-> Tell your audience why the material is important to them. Say, “If you want a research grant, here’s what you have to do.” Or, “If you want to mine federal coal, here’s what you should know.” Or, “If you’re planning a trip to Rwanda, read this first.”
-
-### Address people directly
-
-We're writing *for* a wide variety of people, but we are writing *to* the person who is actually reading it. Use "you" to address the reader directly.
-
-> More than any other single technique, using “you” pulls users into the information and makes it relevant to them.
->
-> When you use “you” to address users, they are more likely to understand what their responsibility is.
-
-Source: [plainlanguage.gov](https://plainlanguage.gov/guidelines/audience/address-the-user)
-
-### Avoid "users"
-
-Avoid calling people "users", in favor of "people", or a more specific description of the group of people you are writing for.
-
-## Organizing content
-
-Organization is key. Content should flow from most to least important information, and use headers as much as needed to logically separate different ideas.
-
-- Limit the document to around five or six sections. Long documents should probably be broken up into separate pages.
-- Mark important ideas with **bold** or *italics*.
-
-Source: [plainlanguage.gov](https://plainlanguage.gov/guidelines/design)
-
-### Begin with a topic sentence
-
-> If you tell your reader what they’re going to read about, they’re less likely to have to read your paragraph again. Headings help, but they’re not enough. Establish a context for your audience before you provide them with the details.
->
-> We often write the way we think, putting our premises first and then our conclusion. It may be the natural way to develop thoughts, but we wind up with the topic sentence at the end of the paragraph. Move it up front and let users know where you’re going. Don’t make readers hold a lot of information in their heads before getting to the point.
-
-Source: [plainlanguage.gov](https://plainlanguage.gov/guidelines/organize/have-a-topic-sentence)
-
-## Choose your words carefully
-
-> Words matter. They are the most basic building blocks of written and spoken communication. Don’t complicate things by using jargon, technical terms, or abbreviations that people won’t understand.
-
-We should try to avoid abbreviations where possible, but technology is full of abbreviations. In general, spell out the abbreviation/acronym the first time it is used on a page, and add the abbreviation to the abbreviation glossary file when it is used repeatedly.
-
-> Kathy McGinty offers tongue-in-cheek instructions for bulking up your simple, direct sentences:
->
-> > There is no escaping the fact that it is considered very important to note that a number of various available applicable studies ipso facto have generally identified the fact that additional appropriate nocturnal employment could usually keep juvenile adolescents off thoroughfares during the night hours, including but not limited to the time prior to midnight on weeknights and/or 2 a.m. on weekends.
->
->And the original, using stronger, simpler words:
->
-> > More night jobs would keep youths off the streets.
-
-## Be concise
-
-> Unnecessary words waste your audience’s time. Great writing is like a conversation. Omit information that the audience doesn’t need to know. This can be difficult as a subject-matter expert, so it’s important to have someone look at the information from the audience’s perspective.
-
-Source: [plainlanguage.gov](https://plainlanguage.gov/guidelines/concise)
-
-## Keep text conversational
-
-> Verbs are the fuel of writing. They give your sentences power and direction. They enliven your writing and make it more interesting.
->
-> Verbs tell your audience what to do. Make sure it’s clear who does what.
-
-### Use active voice
-
-> Active voice makes it clear who is supposed to do what. It eliminates ambiguity about responsibilities. Not “It must be done,” but “You must do it.”
-
-Source: [plainlanguage.gov](https://plainlanguage.gov/guidelines/conversational/use-active-voice)
-
-### Use "must" for requirements
-
-> - “must” for an obligation
-> - “must not” for a prohibition
-> - “may” for a discretionary action
-> - “should” for a recommendation

docs/news-aggregators.md

@@ -41,9 +41,9 @@ A **news aggregator** is software which aggregates digital content from online n
 
 ![NewsFlash logo](assets/img/news-aggregators/newsflash.png){ align=right }
 
-**NewsFlash** is an open-source, modern, and easy-to-use news feed reader for Linux. It can be used offline or with services like [Inoreader](https://inoreader.com) or [Nextcloud News](https://apps.nextcloud.com/apps/news). It has a search feature and a pre-defined list of sources that you can add directly.
+**NewsFlash** is an open-source, modern, and easy-to-use news feed reader for Linux. It can be used offline or used with services like [Nextcloud News](https://apps.nextcloud.com/apps/news) or [Inoreader](https://inoreader.com). It has a search feature and a pre-defined list of sources that you can add directly.
 
-[:octicons-repo-16: Repository](https://gitlab.com/news-flash/news_flash_gtk#newsflash){ .md-button .md-button--primary }
+[:octicons-repo-16: Repository](https://gitlab.com/news-flash/news_flash_gtk){ .md-button .md-button--primary }
 [:octicons-code-16:](https://gitlab.com/news-flash/news_flash_gtk){ .card-link title="Source Code" }
 
 <details class="downloads" markdown>
@@ -61,11 +61,9 @@ A **news aggregator** is software which aggregates digital content from online n
 
 ![Feeder logo](assets/img/news-aggregators/feeder.png){ align=right }
 
-**Feeder** is a modern RSS client for Android that has many [features](https://github.com/spacecowboy/Feeder#features) and works well with folders of RSS feeds.
+**Feeder** is a modern RSS client for Android that has many [features](https://github.com/spacecowboy/Feeder#features) and works well with folders of RSS feeds. It supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)), [RDF](https://en.wikipedia.org/wiki/RDF%2FXML), and [JSON Feed](https://en.wikipedia.org/wiki/JSON_Feed).
 
-It supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)), [RDF](https://en.wikipedia.org/wiki/RDF%2FXML), and [JSON Feed](https://en.wikipedia.org/wiki/JSON_Feed).
-
-[:octicons-repo-16: Repository](https://github.com/spacecowboy/Feeder#readme){ .md-button .md-button--primary }
+[:octicons-repo-16: Repository](https://github.com/spacecowboy/Feeder){ .md-button .md-button--primary }
 [:octicons-code-16:](https://github.com/spacecowboy/Feeder){ .card-link title="Source Code" }
 [:octicons-heart-16:](https://ko-fi.com/spacecowboy){ .card-link title="Contribute" }
 
@@ -86,12 +84,10 @@ It supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedi
 ![Miniflux logo](assets/img/news-aggregators/miniflux.svg#only-light){ align=right }
 ![Miniflux logo](assets/img/news-aggregators/miniflux-dark.svg#only-dark){ align=right }
 
-**Miniflux** is a web-based news aggregator that you can self-host.
-
-It supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)), [RDF](https://en.wikipedia.org/wiki/RDF%2FXML), and [JSON Feed](https://en.wikipedia.org/wiki/JSON_Feed).
+**Miniflux** is a web-based news aggregator that you can self-host. It supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)), [RDF](https://en.wikipedia.org/wiki/RDF%2FXML), and [JSON Feed](https://en.wikipedia.org/wiki/JSON_Feed).
 
 [:octicons-home-16: Homepage](https://miniflux.app){ .md-button .md-button--primary }
-[:octicons-info-16:](https://miniflux.app/docs/index#user-guide){ .card-link title="Documentation" }
+[:octicons-info-16:](https://miniflux.app/docs/index){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/miniflux/v2){ .card-link title="Source Code" }
 [:octicons-heart-16:](https://miniflux.app/#donations){ .card-link title="Contribute" }
 
@@ -103,9 +99,7 @@ It supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedi
 
 ![NetNewsWire logo](assets/img/news-aggregators/netnewswire.png){ align=right }
 
-**NetNewsWire** is a free and open-source feed reader for macOS and iOS with a focus on a native design and feature set.
-
-It supports conventional feed formats and includes built-in support for Reddit feeds.
+**NetNewsWire** is a free and open-source feed reader for macOS and iOS with a focus on a native design and feature set. It supports the typical feed formats alongside built-in support for Reddit feeds.
 
 [:octicons-home-16: Homepage](https://netnewswire.com){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://netnewswire.com/privacypolicy){ .card-link title="Privacy Policy" }
@@ -131,7 +125,7 @@ It supports conventional feed formats and includes built-in support for Reddit f
 **Newsboat** is an RSS/Atom feed reader for the text console. It's an actively maintained fork of [Newsbeuter](https://en.wikipedia.org/wiki/Newsbeuter). It is very lightweight and ideal for use over [Secure Shell](https://en.wikipedia.org/wiki/Secure_Shell).
 
 [:octicons-home-16: Homepage](https://newsboat.org){ .md-button .md-button--primary }
-[:octicons-info-16:](https://newsboat.org/releases/2.38/docs/newsboat.html){ .card-link title="Documentation" }
+[:octicons-info-16:](https://newsboat.org/releases/2.37/docs/newsboat.html){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/newsboat/newsboat){ .card-link title="Source Code" }
 
 </div>
@@ -169,7 +163,7 @@ You can subscribe to YouTube channels without logging in and associating usage i
 <div class="admonition example" markdown>
 <p class="admonition-title">Example</p>
 
-To subscribe to a YouTube channel with an RSS client, first look for its [channel code](https://support.google.com/youtube/answer/6180214). The channel code can be found in the expanded description (i.e., the "About" section) of the YouTube channel you wish to subscribe to: **About** → **Share channel** → **Copy channel ID**. Replace `[CHANNEL ID]` below:
+To subscribe to a YouTube channel with an RSS client, first look for its [channel code](https://support.google.com/youtube/answer/6180214). The channel code can be found on the about page of the YouTube channel you wish to subscribe to, under: **About** → **Share** → **Copy channel ID**. Replace `[CHANNEL ID]` below:
 
 ```text
 https://youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID]

docs/notebooks.md

@@ -1,7 +1,7 @@
 ---
 title: "Notebooks"
 icon: material/notebook-edit-outline
-description: These encrypted note-taking apps let you keep track of your notes without giving them to a third party.
+description: These encrypted note-taking apps let you keep track of your notes without giving them to a third-party.
 cover: notebooks.webp
 ---
 <small>Protects against the following threat(s):</small>
@@ -10,7 +10,7 @@ cover: notebooks.webp
 
 Keep track of your notes and journals without giving them to a third party.
 
-If you are currently using an application like Evernote, Google Keep, or Microsoft OneNote, we suggest you pick an alternative here that supports end-to-end encryption.
+If you are currently using an application like Evernote, Google Keep, or Microsoft OneNote, we suggest you pick an alternative here that supports E2EE.
 
 ## Cloud-based
 
@@ -20,15 +20,13 @@ If you are currently using an application like Evernote, Google Keep, or Microso
 
 ![Standard Notes logo](assets/img/notebooks/standard-notes.svg){ align=right }
 
-**Standard Notes** is a simple and private notes app that features cross-platform sync for seamless use. It features E2EE on every platform, and a powerful desktop experience with themes and custom editors.
-
-Standard Notes has also undergone multiple [independent audits](https://standardnotes.com/help/2/has-standard-notes-completed-a-third-party-security-audit).
+**Standard Notes** is a simple and private notes app that makes your notes easy and available everywhere you are. It features E2EE on every platform, and a powerful desktop experience with themes and custom editors. It has also been [independently audited](https://standardnotes.com/help/2/has-standard-notes-completed-a-third-party-security-audit).
 
 [:octicons-home-16: Homepage](https://standardnotes.com){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://standardnotes.com/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://standardnotes.com/help){ .card-link title="Documentation" }
+[:octicons-info-16:](https://standardnotes.com/help){ .card-link title=Documentation}
 [:octicons-code-16:](https://github.com/standardnotes){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://standardnotes.com/donate){ .card-link title="Contribute" }
+[:octicons-heart-16:](https://standardnotes.com/donate){ .card-link title=Contribute }
 
 <details class="downloads" markdown>
 <summary>Downloads</summary>
@@ -39,7 +37,7 @@ Standard Notes has also undergone multiple [independent audits](https://standard
 - [:fontawesome-brands-windows: Windows](https://standardnotes.com)
 - [:simple-apple: macOS](https://standardnotes.com)
 - [:simple-linux: Linux](https://standardnotes.com)
-- [:octicons-browser-16: Web](https://app.standardnotes.com)
+- [:octicons-globe-16: Web](https://app.standardnotes.com)
 
 </details>
 
@@ -53,15 +51,13 @@ Standard Notes has [joined Proton AG](https://standardnotes.com/blog/joining-for
 
 ![Notesnook logo](assets/img/notebooks/notesnook.svg){ align=right }
 
-**Notesnook** is a free (as in speech), open-source, and easy-to-use E2EE note-taking app focused on user privacy.
-
-It features sync functionality that allows you to access your notes on multiple platforms. You can easily import your notes from Evernote, OneNote, and other apps using their [official importer](https://importer.notesnook.com).
+**Notesnook** is a free (as in speech) & open-source note-taking app focused on user privacy & ease of use. It features end-to-end encryption on all platforms with a powerful sync to take your notes on the go. You can easily import your notes from Evernote, OneNote & a lot of other apps using their [official importer](https://importer.notesnook.com).
 
 [:octicons-home-16: Homepage](https://notesnook.com){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://notesnook.com/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://help.notesnook.com){ .card-link title="Documentation" }
+[:octicons-info-16:](https://help.notesnook.com){ .card-link title=Documentation}
 [:octicons-code-16:](https://github.com/streetwriters/notesnook){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://opencollective.com/notesnook){ .card-link title="Contribute" }
+[:octicons-heart-16:](https://github.com/streetwriters/notesnook/blob/master/CONTRIBUTING.md){ .card-link title=Contribute }
 
 <details class="downloads" markdown>
 <summary>Downloads</summary>
@@ -72,10 +68,10 @@ It features sync functionality that allows you to access your notes on multiple
 - [:fontawesome-brands-windows: Windows](https://notesnook.com/downloads)
 - [:simple-apple: macOS](https://notesnook.com/downloads)
 - [:simple-linux: Linux](https://notesnook.com/downloads)
-- [:simple-flathub: Flathub](https://flathub.org/apps/com.notesnook.Notesnook)
 - [:simple-firefoxbrowser: Firefox](https://notesnook.com/notesnook-web-clipper)
-- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/kljhpemdlcnjohmfmkogahelkcidieaj)
-- [:octicons-browser-16: Web](https://app.notesnook.com)
+- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/notesnook-web-clipper/kljhpemdlcnjohmfmkogahelkcidieaj)
+- [:octicons-globe-16: Web](https://app.notesnook.com)
+- [:simple-flathub: Flathub](https://flathub.org/apps/com.notesnook.Notesnook)
 
 </details>
 
@@ -87,15 +83,13 @@ It features sync functionality that allows you to access your notes on multiple
 
 ![Joplin logo](assets/img/notebooks/joplin.svg){ align=right }
 
-**Joplin** is a free, open-source, and fully-featured E2EE note-taking and to-do application which can handle numerous Markdown notes organized into notebooks and tags.
-
-It can sync through Nextcloud, Dropbox, and more. It also offers easy import from Evernote and plain-text notes.
+**Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle numerous markdown notes organized into notebooks and tags. It offers E2EE and can sync through Nextcloud, Dropbox, and more. It also offers easy import from Evernote and plain-text notes.
 
 [:octicons-home-16: Homepage](https://joplinapp.org){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://joplinapp.org/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://joplinapp.org/help){ .card-link title="Documentation" }
+[:octicons-info-16:](https://joplinapp.org/help){ .card-link title=Documentation}
 [:octicons-code-16:](https://github.com/laurent22/joplin){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://joplinapp.org/donate){ .card-link title="Contribute" }
+[:octicons-heart-16:](https://joplinapp.org/donate){ .card-link title=Contribute }
 
 <details class="downloads" markdown>
 <summary>Downloads</summary>
@@ -107,13 +101,14 @@ It can sync through Nextcloud, Dropbox, and more. It also offers easy import fro
 - [:simple-apple: macOS](https://joplinapp.org/#desktop-applications)
 - [:simple-linux: Linux](https://joplinapp.org/#desktop-applications)
 - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/joplin-web-clipper)
-- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/alofnhikmmkdbbbgpnglcpdollgjjfek)
+- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/joplin-web-clipper/alofnhikmmkdbbbgpnglcpdollgjjfek)
 
 </details>
 
 </div>
 
-Joplin [does not support](https://github.com/laurent22/joplin/issues/289) password/PIN protection for the application itself or individual notes and notebooks. However, your data is still encrypted in transit and at the sync location using your master key. Since January 2023, Joplin [supports biometrics app lock](https://github.com/laurent22/joplin/commit/f10d9f75b055d84416053fab7e35438f598753e9) for Android and iOS.
+Joplin does not [support](https://github.com/laurent22/joplin/issues/289) password/PIN protection for the application itself or individual notes and notebooks. However, your data is still encrypted in transit and at the sync location using your master key.
+Since January 2023, Joplin [supports biometrics](https://github.com/laurent22/joplin/commit/f10d9f75b055d84416053fab7e35438f598753e9) app lock for Android and iOS.
 
 ### Cryptee
 
@@ -122,25 +117,23 @@ Joplin [does not support](https://github.com/laurent22/joplin/issues/289) passwo
 ![Cryptee logo](./assets/img/notebooks/cryptee.svg#only-light){ align=right }
 ![Cryptee logo](./assets/img/notebooks/cryptee-dark.svg#only-dark){ align=right }
 
-**Cryptee** is an open-source, web-based E2EE document editor and photo storage application.
-
-Cryptee offers 100 MB of storage for free, with paid options if you need more. Sign-up doesn't require an e-mail or other personally identifiable information.
+**Cryptee** is an open-source, web-based E2EE document editor and photo storage application. Cryptee is a PWA, which means that it works seamlessly across all modern devices without requiring native apps for each respective platform.
 
 [:octicons-home-16: Homepage](https://crypt.ee){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://crypt.ee/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://crypt.ee/help){ .card-link title="Documentation" }
+[:octicons-info-16:](https://crypt.ee/help){ .card-link title=Documentation}
 [:octicons-code-16:](https://github.com/cryptee){ .card-link title="Source Code" }
 
 <details class="downloads" markdown>
 <summary>Downloads</summary>
 
-- [:octicons-browser-16: Web](https://crypt.ee/download)
+- [:octicons-globe-16: PWA](https://crypt.ee/download)
 
 </details>
 
 </div>
 
-Cryptee is a PWA, which means that it works seamlessly across all modern devices without requiring native apps for each respective platform.
+Cryptee offers 100 MB of storage for free, with paid options if you need more. Sign-up doesn't require an e-mail or other personally identifiable information.
 
 ## Local notebooks
 
@@ -150,12 +143,12 @@ Cryptee is a PWA, which means that it works seamlessly across all modern devices
 
 ![Org-mode logo](assets/img/notebooks/org-mode.svg){ align=right }
 
-**Org-mode** is a [major mode](https://gnu.org/software/emacs/manual/html_node/elisp/Major-Modes.html) for GNU Emacs. Org-mode is for keeping notes, maintaining to-do lists, planning projects, and authoring documents with a fast and effective plain-text system. File synchronization is possible with tools like [Syncthing](file-sharing.md#syncthing-p2p).
+**Org-mode** is a [major mode](https://gnu.org/software/emacs/manual/html_node/elisp/Major-Modes.html) for GNU Emacs. Org-mode is for keeping notes, maintaining to-do lists, planning projects, and authoring documents with a fast and effective plain-text system. Synchronization is possible with [file synchronization](file-sharing.md#file-sync) tools.
 
 [:octicons-home-16: Homepage](https://orgmode.org){ .md-button .md-button--primary }
-[:octicons-info-16:](https://orgmode.org/manuals.html){ .card-link title="Documentation" }
+[:octicons-info-16:](https://orgmode.org/manuals.html){ .card-link title=Documentation}
 [:octicons-code-16:](https://git.savannah.gnu.org/cgit/emacs/org-mode.git){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://liberapay.com/bzg){ .card-link title="Contribute" }
+[:octicons-heart-16:](https://liberapay.com/bzg){ .card-link title=Contribute }
 
 </details>
 

docs/passwords.md

@@ -127,14 +127,14 @@ schema:
 
 **Password managers** allow you to securely store and manage passwords and other credentials with the use of a master password.
 
-[Introduction to Passwords :material-arrow-right-drop-circle:](basics/passwords-overview.md)
+[Introduction to Passwords :material-arrow-right-drop-circle:](./basics/passwords-overview.md)
 
 <div class="admonition info" markdown>
 <p class="admonition-title">Info</p>
 
 Built-in password managers in software like browsers and operating systems are sometimes not as good as dedicated password manager software. The advantage of a built-in password manager is good integration with the software, but it can often be very simple and lack privacy and security features that standalone offerings have.
 
-For example, the password manager in Microsoft Edge doesn't offer end-to-end encryption at all. Google's password manager has [optional](https://support.google.com/accounts/answer/11350823) E2EE, and [Apple's](https://support.apple.com/HT202303) offers E2EE by default.
+For example, the password manager in Microsoft Edge doesn't offer E2EE at all. Google's password manager has [optional](https://support.google.com/accounts/answer/11350823) E2EE, and [Apple's](https://support.apple.com/HT202303) offers E2EE by default.
 
 </div>
 
@@ -166,15 +166,15 @@ These password managers sync your passwords to a cloud server for easy accessibi
 - [:simple-linux: Linux](https://bitwarden.com/download)
 - [:simple-flathub: Flathub](https://flathub.org/apps/details/com.bitwarden.desktop)
 - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/bitwarden-password-manager)
-- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/nngceckbapebfimnlniiiahkandclblb)
+- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/bitwarden-free-password-m/nngceckbapebfimnlniiiahkandclblb)
 - [:fontawesome-brands-edge: Edge](https://microsoftedge.microsoft.com/addons/detail/jbkfoedolllekgbhcbcoahefnbanhhlh)
-- [:simple-safari: Safari](https://apps.apple.com/app/id1352778147)
+- [:simple-safari: Safari](https://apps.apple.com/us/app/bitwarden/id1352778147)
 
 </details>
 
 </div>
 
-Bitwarden uses [PBKDF2](https://bitwarden.com/help/kdf-algorithms/#pbkdf2) as its key derivation function (KDF) algorithm by default. It also offers [Argon2](https://bitwarden.com/help/kdf-algorithms/#argon2id), which is more secure, as an alternative. You can change your account's KDF algorithm in the web vault:
+Bitwarden uses [PBKDF2](https://bitwarden.com/help/kdf-algorithms/#pbkdf2) as its key derivation function (KDF) algorithm by default. It also offers [Argon2](https://bitwarden.com/help/kdf-algorithms/#argon2id), which is more secure, as an alternative. You can change your account's KDF algorithm in the web vault.
 
 - [x] Select **Settings > Security > Keys > KDF algorithm > Argon2id**
 
@@ -204,11 +204,11 @@ Bitwarden's server-side code is [open source](https://github.com/bitwarden/serve
 <summary>Downloads</summary>
 
 - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=proton.android.pass)
-- [:simple-appstore: App Store](https://apps.apple.com/app/id6443490629)
+- [:simple-appstore: App Store](https://apps.apple.com/us/app/proton-pass-password-manager/id6443490629)
 - [:fontawesome-brands-windows: Windows](https://proton.me/pass/download)
 - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/proton-pass)
-- [:simple-googlechrome: Chrome](https://chromewebstore.google.com/detail/ghmbeldphafepmbegfdlkpapadhbakde)
-- [:fontawesome-brands-edge: Edge](https://microsoftedge.microsoft.com/addons/detail/gcllgfdnfnllodcaambdaknbipemelie)
+- [:simple-googlechrome: Chrome](https://chromewebstore.google.com/detail/proton-pass-free-password/ghmbeldphafepmbegfdlkpapadhbakde)
+- [:fontawesome-brands-edge: Edge](https://chromewebstore.google.com/detail/proton-pass-free-password/ghmbeldphafepmbegfdlkpapadhbakde)
 - [:octicons-browser-16: Web](https://pass.proton.me)
 
 </details>
@@ -229,9 +229,7 @@ All issues were addressed and fixed shortly after the [report](https://res.cloud
 
 ![1Password logo](assets/img/password-management/1password.svg){ align=right }
 
-**1Password** is a password manager with a strong focus on security and ease-of-use that allows you to store passwords, passkeys, credit cards, software licenses, and any other sensitive information in a secure digital vault. Your vault is hosted on 1Password's servers for a [monthly fee](https://1password.com/sign-up).
-
-1Password is [audited](https://support.1password.com/security-assessments) on a regular basis and provides exceptional customer support. 1Password is closed source; however, the security of the product is thoroughly documented in their [security white paper](https://1passwordstatic.com/files/security/1password-white-paper.pdf).
+**1Password** is a password manager with a strong focus on security and ease-of-use that allows you to store passwords, passkeys, credit cards, software licenses, and any other sensitive information in a secure digital vault. Your vault is hosted on 1Password's servers for a [monthly fee](https://1password.com/sign-up). 1Password is [audited](https://support.1password.com/security-assessments) on a regular basis and provides exceptional customer support. 1Password is closed source; however, the security of the product is thoroughly documented in their [security white paper](https://1passwordstatic.com/files/security/1password-white-paper.pdf).
 
 [:octicons-home-16: Homepage](https://1password.com){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://1password.com/legal/privacy){ .card-link title="Privacy Policy" }
@@ -246,16 +244,16 @@ All issues were addressed and fixed shortly after the [report](https://res.cloud
 - [:simple-apple: macOS](https://1password.com/downloads/mac)
 - [:simple-linux: Linux](https://1password.com/downloads/linux)
 - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/1password-x-password-manager)
-- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/aeblfdkhhhdcdjpifhhbdiojplfjncoa)
+- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/1password-%E2%80%93-password-mana/aeblfdkhhhdcdjpifhhbdiojplfjncoa)
 - [:fontawesome-brands-edge: Edge](https://microsoftedge.microsoft.com/addons/detail/dppgmdbiimibapkepcbdbmkaabgiofem)
-- [:simple-safari: Safari](https://apps.apple.com/app/id1569813296)
+- [:simple-safari: Safari](https://apps.apple.com/us/app/1password-for-safari/id1569813296)
 - [:octicons-browser-16: Web](https://my.1password.com/signin)
 
 </details>
 
 </div>
 
-Traditionally, 1Password has offered the best password manager user experience for people using macOS and iOS; however, it has now achieved feature parity across all platforms. 1Password's clients boast many features geared towards families and less technical people, such as an intuitive UI for ease-of-use and navigation, as well as advanced functionality. Notably, nearly every feature of 1Password is available within its native mobile or desktop clients.
+Traditionally, 1Password has offered the best password manager user experience for people using macOS and iOS; however, it has now achieved feature parity across all platforms. 1Password's clients boast many features geared towards families and less technical people, such as an intuitive UI for ease of use and navigation, as well as advanced functionality. Notably, nearly every feature of 1Password is available within its native mobile or desktop clients.
 
 Your 1Password vault is secured with both your master password and a randomized 34-character security key to encrypt your data on their servers. This security key adds a layer of protection to your data because your data is secured with high entropy regardless of your master password. Many other password manager solutions are entirely reliant on the strength of your master password to secure your data.
 
@@ -278,7 +276,7 @@ Your 1Password vault is secured with both your master password and a randomized
 - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.psono.psono)
 - [:simple-appstore: App Store](https://apps.apple.com/app/id1545581224)
 - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/psono-pw-password-manager)
-- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/eljmjmgjkbmpmfljlmklcfineebidmlo)
+- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/psonopw-password-manager/eljmjmgjkbmpmfljlmklcfineebidmlo)
 - [:simple-docker: Docker Hub](https://hub.docker.com/r/psono/psono-client)
 
 </details>
@@ -332,9 +330,9 @@ These options allow you to manage an encrypted password database locally.
 - [:fontawesome-brands-windows: Windows](https://keepassxc.org/download/#windows)
 - [:simple-apple: macOS](https://keepassxc.org/download/#mac)
 - [:simple-linux: Linux](https://keepassxc.org/download/#linux)
-- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.keepassxc.KeePassXC)
+- [:simple-flathub: Flatpak](https://flathub.org/apps/details/org.keepassxc.KeePassXC)
 - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/keepassxc-browser)
-- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/oboonakemofpalcgghocfoadofidjkkk)
+- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/keepassxc-browser/oboonakemofpalcgghocfoadofidjkkk)
 
 </details>
 
@@ -348,7 +346,7 @@ KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-se
 
 ![KeePassDX logo](assets/img/password-management/keepassdx.svg){ align=right }
 
-**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms securely.
+**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms securely. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
 
 [:octicons-home-16: Homepage](https://keepassdx.com){ .md-button .md-button--primary }
 [:octicons-info-16:](https://github.com/Kunzisoft/KeePassDX/wiki){ .card-link title="Documentation" }
@@ -365,8 +363,6 @@ KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-se
 
 </div>
 
-The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
-
 ### Gopass (CLI)
 
 <div class="admonition recommendation" markdown>

docs/pastebins.md

@@ -16,11 +16,11 @@ cover: pastebins.webp
 
 ![PrivateBin logo](assets/img/pastebins/privatebin.svg){ align=right }
 
-**PrivateBin** is a minimalist, open-source, online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
+**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
 
 [:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
 [:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
-[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title="Documentation" }
+[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
 [:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
 
 </div>
@@ -48,11 +48,11 @@ cover: pastebins.webp
 ### Minimum Requirements
 
 - Must be open source.
-- Must implement "zero-trust" E2EE.
+- Must implement "zero-trust" end-to-end encryption.
 - Must support password-protected files.
 
 ### Best-Case
 
 Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
 
-- Should have a published audit from a reputable, independent third party.
+- Should have a published audit from a reputable, independent third-party.

docs/photo-management.md

@@ -1,7 +1,7 @@
 ---
 title: "Photo Management"
 icon: material/image
-description: These photo management tools keep your personal photos safe from the prying eyes of cloud storage providers and other unauthorized parties.
+description: Photo management tools to keep your personal photos safe from the prying eyes of cloud storage providers and other unauthorized access.
 cover: photo-management.webp
 ---
 <small>Protects against the following threat(s):</small>
@@ -17,26 +17,24 @@ Most cloud **photo management solutions** like Google Photos, Flickr, and Amazon
 
 ![Ente logo](assets/img/photo-management/ente.svg){ align=right }
 
-**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting).
-
-The free plan offers 5 GB of storage as long as you use the service at least once a year.
+**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 10 GB of storage as long as you use the service at least once a year.
 
 [:octicons-home-16: Homepage](https://ente.io){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://ente.io/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://ente.io/faq){ .card-link title="Documentation" }
+[:octicons-info-16:](https://ente.io/faq){ .card-link title=Documentation}
 [:octicons-code-16:](https://github.com/ente-io/ente){ .card-link title="Source Code" }
 
 <details class="downloads" markdown>
 <summary>Downloads</summary>
 
 - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=io.ente.photos)
+- [:simple-android: Android](https://ente.io/download)
 - [:simple-appstore: App Store](https://apps.apple.com/app/id1542026904)
 - [:simple-github: GitHub](https://github.com/ente-io/ente/releases?q=photos)
-- [:simple-android: Android](https://ente.io/download)
 - [:fontawesome-brands-windows: Windows](https://ente.io/download)
 - [:simple-apple: macOS](https://ente.io/download)
 - [:simple-linux: Linux](https://ente.io/download)
-- [:octicons-browser-16: Web](https://web.ente.io)
+- [:octicons-globe-16: Web](https://web.ente.io)
 
 </details>
 
@@ -51,19 +49,18 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
 ![Stingle logo](assets/img/photo-management/stingle.png#only-light){ align=right }
 ![Stingle logo](assets/img/photo-management/stingle-dark.png#only-dark){ align=right }
 
-**Stingle** is a gallery and camera application with built-in, E2EE backup and sync functionality for your photos and videos.
-
-Storage starts at 1 GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
+**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1 GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
 
 [:octicons-home-16: Homepage](https://stingle.org){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://stingle.org/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://stingle.org/faq){ .card-link title="Documentation" }
+[:octicons-info-16:](https://stingle.org/faq){ .card-link title=Documentation}
 [:octicons-code-16:](https://github.com/stingle){ .card-link title="Source Code" }
 
 <details class="downloads" markdown>
 <summary>Downloads</summary>
 
 - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.stingle.photos)
+- [:simple-android: Android](https://f-droid.org/en/packages/org.stingle.photos)
 - [:simple-appstore: App Store](https://apps.apple.com/app/id1582535448)
 - [:simple-github: GitHub](https://github.com/stingle/stingle-photos-android/releases)
 
@@ -99,7 +96,7 @@ Storage starts at 1 GB for free accounts on their cloud, or you can host your o
 
 ### Minimum Requirements
 
-- Cloud-hosted providers must enforce E2EE.
+- Cloud-hosted providers must enforce end-to-end encryption.
 - Must offer a free plan or trial period for testing.
 - Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
 - Must offer a web interface which supports basic file management functionality.
@@ -108,4 +105,4 @@ Storage starts at 1 GB for free accounts on their cloud, or you can host your o
 
 ### Best Case
 
-- Should have a published audit from a reputable, independent third party.
+- Should have a published audit from a reputable, independent third-party.

docs/privacy.md

@@ -4,7 +4,7 @@ description: We do not sell or share your data with any third-parties.
 ---
 ## What is Privacy Guides?
 
-Privacy Guides is a community project operated by a number of active contributors. The public list of team members [can be found on our forum](https://discuss.privacyguides.net/u?group=team&order=solutions&period=all). Privacy Guides is legally administered by [MAGIC Grants](https://magicgrants.org), a 501(c)(3) public charity acting as our fiscal host.
+Privacy Guides is a community project operated by a number of active contributors. The public list of team members [can be found on our forum](https://discuss.privacyguides.net/u?group=team&order=solutions&period=all). Privacy Guides is legally administered by [MAGIC Grants](https://magicgrants.org/), a 501(c)(3) public charity acting as our fiscal host.
 
 As a project, we make available to the public:
 
@@ -173,7 +173,7 @@ Privacy Guides does not respond to the (now deprecated) [Do Not Track HTTP heade
 
 ## Where does Privacy Guides store data about me?
 
-Most data is hosted by [Triplebit](https://www.triplebit.org) web services in the United States.
+Most data is hosted by [Triplebit](https://www.triplebit.org/) web services in the United States.
 
 Some publicly accessible data may be hosted by Content Delivery Networks with servers in other jurisdictions. For example, your profile picture may be stored on multiple servers around the world in order to improve the performance for visitors to our website.
 
@@ -288,16 +288,16 @@ Privacy Guides uses the following subprocessors, and may share personal data wit
 
 | Subprocessor | Service | Function | Processing | Links |
 | ------------ | ------- | -------- | ---------- | ----- |
-| [Bunny.net](https://bunny.net) (Slovenia) | [Bunny CDN](https://bunny.net/cdn) | Content Delivery Network services for distributing images and other static assets. | Slovenia, Global | [Privacy Notice](https://bunny.net/privacy), [GDPR Center](https://bunny.net/gdpr) |
-| [Cloudflare](https://cloudflare.com) (USA) | [Authoritative DNS](https://cloudflare.com/application-services/products/dns) | Authoritative DNS services for our domain names. | USA, Global | [Privacy Notice](https://cloudflare.com/privacypolicy), [GDPR Center](https://cloudflare.com/trust-hub/gdpr) |
+| [Bunny.net](https://bunny.net/) (Slovenia) | [Bunny CDN](https://bunny.net/cdn/) | Content Delivery Network services for distributing images and other static assets. | Slovenia, Global | [Privacy Notice](https://bunny.net/privacy/), [GDPR Center](https://bunny.net/gdpr/) |
+| [Cloudflare](https://www.cloudflare.com/) (USA) | [Authoritative DNS](https://www.cloudflare.com/application-services/products/dns/) | Authoritative DNS services for our domain names. | USA, Global | [Privacy Notice](https://www.cloudflare.com/privacypolicy/), [GDPR Center](https://www.cloudflare.com/trust-hub/gdpr/) |
 | [Fediverse Communications LLC](https://fediverse.us) (USA) | PeerTube | For hosting public videos produced by Privacy Guides which are shared or embedded on this website. | USA | [More information](https://neat.tube/about/instance) |
-| [GitHub](https://github.com) (USA) | Git Repositories | *For visitors to this website*: sharing information with our visitors about the current release, repo star count, etc. | USA | [Privacy Notice](https://docs.github.com/en/site-policy/privacy-policies/github-general-privacy-statement) |
-| [GitHub](https://github.com) (USA) | Git Repositories, Issues, Pull Requests | *For contributors to this website*: hosting our source code and communications platforms such as our issues tracker. | USA | [Privacy Notice](https://docs.github.com/en/site-policy/privacy-policies/github-general-privacy-statement) |
-| [GitHub](https://github.com) (USA) | [Sponsors](https://github.com/sponsors/privacyguides) | For collecting payments for gifts to Privacy Guides | USA | [Privacy Notice](https://docs.github.com/en/site-policy/privacy-policies/github-general-privacy-statement) |
+| [GitHub](https://github.com/) (USA) | Git Repositories | *For visitors to this website*: sharing information with our visitors about the current release, repo star count, etc. | USA | [Privacy Notice](https://docs.github.com/en/site-policy/privacy-policies/github-general-privacy-statement) |
+| [GitHub](https://github.com/) (USA) | Git Repositories, Issues, Pull Requests | *For contributors to this website*: hosting our source code and communications platforms such as our issues tracker. | USA | [Privacy Notice](https://docs.github.com/en/site-policy/privacy-policies/github-general-privacy-statement) |
+| [GitHub](https://github.com/) (USA) | [Sponsors](https://github.com/sponsors/privacyguides) | For collecting payments for gifts to Privacy Guides | USA | [Privacy Notice](https://docs.github.com/en/site-policy/privacy-policies/github-general-privacy-statement) |
 | [Stripe](https://stripe.com) (USA) | Connect | *For certain donations via GitHub Sponsors*: payment processing for donations | USA | [Privacy Notice](https://stripe.com/privacy), [GDPR Center](https://stripe.com/legal/privacy-center) |
-| [Triplebit](https://www.triplebit.org) (USA) | Object Storage | For hosting static websites and static media content, and distributing static content | USA, Poland | [Privacy Notice](https://www.triplebit.org/privacy) |
-| [Triplebit](https://www.triplebit.org) (USA) | [Umami Statistics](https://stats.triplebit.net/share/S80jBc50hxr5TquS/www.privacyguides.org) | For compiling aggregated statistics of our website visitor data based on server-side visitor info submissions | USA | [Privacy Notice](https://www.triplebit.org/privacy) |
-| [Triplebit](https://www.triplebit.org) (USA) | Virtual Private Servers | For hosting our dynamic websites, storing and processing personal data. | USA | [Privacy Notice](https://www.triplebit.org/privacy) |
+| [Triplebit](https://www.triplebit.org/) (USA) | Object Storage | For hosting static websites and static media content, and distributing static content | USA, Poland | [Privacy Notice](https://www.triplebit.org/privacy/) |
+| [Triplebit](https://www.triplebit.org/) (USA) | [Umami Statistics](https://stats.triplebit.net/share/S80jBc50hxr5TquS/www.privacyguides.org) | For compiling aggregated statistics of our website visitor data based on server-side visitor info submissions | USA | [Privacy Notice](https://www.triplebit.org/privacy/) |
+| [Triplebit](https://www.triplebit.org/) (USA) | Virtual Private Servers | For hosting our dynamic websites, storing and processing personal data. | USA | [Privacy Notice](https://www.triplebit.org/privacy/) |
 
 ## Does Privacy Guides delete inactive accounts?
 

docs/real-time-communication.md

@@ -14,7 +14,7 @@ cover: real-time-communication.webp
 
 These are our recommendations for encrypted **real-time communication**. These come in the form of many [types of communication networks](./advanced/communication-network-types.md).
 
-[:material-movie-open-play-outline: Video: It's time to stop using SMS](https://www.privacyguides.org/videos/2025/01/24/its-time-to-stop-using-sms-heres-why){ .md-button }
+[:material-movie-open-play-outline: Video: It's time to stop using SMS](https://www.privacyguides.org/videos/2025/01/24/its-time-to-stop-using-sms-heres-why/){ .md-button }
 
 ## Encrypted Messengers
 
@@ -183,6 +183,44 @@ These messengers do not have forward secrecy[^1], and while they fulfill certain
 
 </div>
 
+### Element
+
+<div class="admonition recommendation" markdown>
+
+![Element logo](assets/img/messengers/element.svg){ align=right }
+
+**Element** is the flagship client for the [Matrix](https://matrix.org/docs/chat_basics/matrix-for-im) protocol, an [open standard](https://spec.matrix.org/latest) for secure decentralized real-time communication.
+
+Messages and files shared in private rooms (those which require an invite) are by default E2EE, as are one-to-one voice and video calls.
+
+[:octicons-home-16: Homepage](https://element.io){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://element.io/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://element.io/help){ .card-link title="Documentation" }
+[:octicons-code-16:](https://github.com/element-hq){ .card-link title="Source Code" }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=im.vector.app)
+- [:simple-appstore: App Store](https://apps.apple.com/app/id1083446067)
+- [:simple-github: GitHub](https://github.com/element-hq/element-android/releases)
+- [:fontawesome-brands-windows: Windows](https://element.io/download)
+- [:simple-apple: macOS](https://element.io/download)
+- [:simple-linux: Linux](https://element.io/download)
+- [:octicons-globe-16: Web](https://app.element.io)
+
+</details>
+
+</div>
+
+Profile pictures, reactions, and nicknames are not encrypted.
+
+With the integration of [Element Call](https://element.io/blog/we-have-lift-off-element-x-call-and-server-suite-are-ready) into Element's web app, desktop apps, and its [rewritten mobile apps](https://element.io/blog/element-x-experience-the-future-of-element), group VoIP and video calls are E2EE by default.
+
+The Matrix protocol itself [theoretically supports forward secrecy](https://gitlab.matrix.org/matrix-org/olm/blob/master/docs/megolm.md#partial-forward-secrecy)[^1], however this is [not currently supported in Element](https://github.com/vector-im/element-web/issues/7101) due to it breaking some aspects of the user experience such as key backups and shared message history.
+
+The protocol was independently [audited](https://matrix.org/blog/2016/11/21/matrixs-olm-end-to-end-encryption-security-assessment-released-and-implemented-cross-platform-on-riot-at-last) in 2016. The specification for the Matrix protocol can be found in their [documentation](https://spec.matrix.org/latest). The [Olm cryptographic ratchet](https://matrix.org/docs/matrix-concepts/end-to-end-encryption) used by Matrix is an implementation of Signal’s [Double Ratchet algorithm](https://signal.org/docs/specifications/doubleratchet).
+
 ### Session
 
 <div class="admonition recommendation" markdown>

docs/security-keys.md

@@ -1,7 +1,7 @@
 ---
 title: "Security Keys"
-icon: material/key-chain
-description: These security keys provide a form of phishing-immune authentication for accounts that support it.
+icon: 'material/key-chain'
+description: Secure your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party.
 cover: multi-factor-authentication.webp
 ---
 <small>Protects against the following threat(s):</small>
@@ -19,11 +19,11 @@ A physical **security key** adds a very strong layer of protection to your onlin
   ![Security Key Series by Yubico](assets/img/security-keys/yubico-security-key.webp){ width="315" }
 </figure>
 
-The **Yubico Security Key** series is the most cost-effective hardware security key with FIDO Level 2 certification[^1]. It supports FIDO2/WebAuthn and FIDO U2F, and works out of the box with most services that support a security key as a second factor, as well as many password managers.
+The **Yubico Security Key** series is the most cost-effective hardware security key with FIDO Level 2 certification. It supports FIDO2/WebAuthn and FIDO U2F, and works out of the box with most services that support a security key as a second factor, as well as many password managers.
 
 [:octicons-home-16: Homepage](https://yubico.com/products/security-key){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://yubico.com/support/terms-conditions/privacy-notice){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://docs.yubico.com){ .card-link title="Documentation" }
+[:octicons-info-16:](https://docs.yubico.com){ .card-link title=Documentation}
 
 </details>
 
@@ -54,21 +54,23 @@ The firmware of Yubico's Security Keys is not updatable. If you want features in
   ![YubiKeys](assets/img/security-keys/yubikey.png){ width="400" }
 </figure>
 
-The **YubiKey** series from Yubico are among the most popular security keys with FIDO Level 2 Certification[^1]. The YubiKey 5 Series has a wide range of features such as [Universal 2nd Factor (U2F)](https://en.wikipedia.org/wiki/Universal_2nd_Factor), [FIDO2 and WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online), [Yubico OTP](basics/multi-factor-authentication.md#yubico-otp), [Personal Identity Verification (PIV)](https://developers.yubico.com/PIV), [OpenPGP](https://developers.yubico.com/PGP), and [TOTP and HOTP](https://developers.yubico.com/OATH) authentication.
+The **YubiKey** series from Yubico are among the most popular security keys. The YubiKey 5 Series has a wide range of features such as: [Universal 2nd Factor (U2F)](https://en.wikipedia.org/wiki/Universal_2nd_Factor), [FIDO2 and WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online), [Yubico OTP](basics/multi-factor-authentication.md#yubico-otp), [Personal Identity Verification (PIV)](https://developers.yubico.com/PIV), [OpenPGP](https://developers.yubico.com/PGP), [TOTP and HOTP](https://developers.yubico.com/OATH) authentication.
 
 [:octicons-home-16: Homepage](https://yubico.com/products/yubikey-5-overview){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://yubico.com/support/terms-conditions/privacy-notice){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://docs.yubico.com){ .card-link title="Documentation" }
+[:octicons-info-16:](https://docs.yubico.com){ .card-link title=Documentation}
 
 </details>
 
 </div>
 
-The [comparison table](https://yubico.com/store/compare) shows how the YubiKeys compare to each other and to Yubico's [Security Key](#yubico-security-key) series in terms of features and other specifications. One of the benefits of the YubiKey series is that one key can do almost everything you could expect from a hardware security key. We encourage you to take their [quiz](https://yubico.com/quiz) before purchasing in order to make sure you choose the right security key.
+The [comparison table](https://yubico.com/store/compare) shows the features and how the YubiKeys compare to each other and to Yubico's [Security Key](#yubico-security-key) series. One of the benefits of the YubiKey series is that one key can do almost everything you could expect from a hardware security key. We encourage you to take their [quiz](https://yubico.com/quiz) before purchasing in order to make sure you make the right choice.
+
+The YubiKey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [YubiKey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
 
 YubiKeys can be programmed using the [YubiKey Manager](https://yubico.com/support/download/yubikey-manager) or [YubiKey Personalization Tools](https://yubico.com/support/download/yubikey-personalization-tools). For managing TOTP codes, you can use the [Yubico Authenticator](https://yubico.com/products/yubico-authenticator). All of Yubico's clients are open source.
 
-For models which support HOTP and TOTP, there are 2 slots in the OTP interface which could be used for HOTP and 32 slots to store TOTP secrets. These secrets are stored encrypted on the key and never exposed to the devices they are plugged into. Once a seed (shared secret) is given to the Yubico Authenticator, it will only give out the six-digit codes, but never the seed. This security model helps limit what an attacker can do if they compromise one of the devices running the Yubico Authenticator and make the YubiKey resistant to a physical attacker.
+For models which support HOTP and TOTP, there are 2 slots in the OTP interface which could be used for HOTP and 32 slots to store TOTP secrets. These secrets are stored encrypted on the key and never expose them to the devices they are plugged into. Once a seed (shared secret) is given to the Yubico Authenticator, it will only give out the six-digit codes, but never the seed. This security model helps limit what an attacker can do if they compromise one of the devices running the Yubico Authenticator and make the YubiKey resistant to a physical attacker.
 
 <div class="admonition warning" markdown>
 <p class="admonition-title">Warning</p>
@@ -85,17 +87,17 @@ The firmware of YubiKey is not updatable. If you want features in newer firmware
   ![Nitrokey](assets/img/security-keys/nitrokey.jpg){ width="300" }
 </figure>
 
-**Nitrokey** has a security key capable of [FIDO2 and WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online) called the **Nitrokey FIDO2**. For PGP support, you need to purchase one of their other keys such as the **Nitrokey Start**, **Nitrokey Pro 2**, or the **Nitrokey Storage 2**.
+**Nitrokey** has a security key capable of [FIDO2 and WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online) called the **Nitrokey FIDO2**. For PGP support, you need to purchase one of their other keys such as the **Nitrokey Start**, **Nitrokey Pro 2** or the **Nitrokey Storage 2**.
 
 [:octicons-home-16: Homepage](https://nitrokey.com){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://nitrokey.com/data-privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://docs.nitrokey.com){ .card-link title="Documentation" }
+[:octicons-info-16:](https://docs.nitrokey.com){ .card-link title=Documentation}
 
 </details>
 
 </div>
 
-The [comparison table](https://nitrokey.com/products/nitrokeys) shows how the different Nitrokey models compare to each other in terms of features and other specifications. The **Nitrokey 3** listed will have a combined feature set.
+The [comparison table](https://nitrokey.com/#comparison) shows the features and how the Nitrokey models compare. The **Nitrokey 3** listed will have a combined feature set.
 
 Nitrokey models can be configured using the [Nitrokey app](https://nitrokey.com/download).
 
@@ -111,7 +113,7 @@ While Nitrokeys do not release the HOTP/TOTP secrets to the device they are plug
 <div class="admonition warning" markdown>
 <p class="admonition-title">Warning</p>
 
-Resetting the OpenPGP interface on a Nitrokey [Pro 2](https://docs.nitrokey.com/nitrokeys/pro/factory-reset) or Nitrokey [Start 2](https://docs.nitrokey.com/nitrokeys/storage/factory-reset) will also make the password database inaccessible.
+Resetting the OpenPGP interface on a Nitrokey will also make the password database [inaccessible](https://docs.nitrokey.com/pro/linux/factory-reset).
 
 </div>
 
@@ -121,7 +123,7 @@ Resetting the OpenPGP interface on a Nitrokey [Pro 2](https://docs.nitrokey.com/
 
 ### Minimum Requirements
 
-- Must use high-quality, tamper-resistant hardware security modules.
+- Must use high quality, tamper resistant hardware security modules.
 - Must support the latest FIDO2 specification.
 - Must not allow private key extraction.
 - Devices which cost over $35 must support handling OpenPGP and S/MIME.
@@ -130,9 +132,7 @@ Resetting the OpenPGP interface on a Nitrokey [Pro 2](https://docs.nitrokey.com/
 
 Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
 
-- Should be available in USB-C form factor.
+- Should be available in USB-C form-factor.
 - Should be available with NFC.
 - Should support TOTP secret storage.
 - Should support secure firmware updates.
-
-[^1]: Some governments or other organizations may require a key with Level 2 certification, but most people do not have to worry about this distinction.

docs/social-networks.md

@@ -9,43 +9,23 @@ cover: social-networks.webp
 - [:material-close-outline: Censorship](basics/common-threats.md#avoiding-censorship){ .pg-blue-gray }
 - [:material-account-cash: Surveillance Capitalism](basics/common-threats.md#surveillance-as-a-business-model){ .pg-brown }
 
-These privacy-respecting **social networks** allow you to participate in online communities without giving up your personal information like your full name, phone number, and other data commonly requested by tech companies.
+These privacy-respecting **social networks** allow you to participate in online communities without giving up your personal information, like your full name, phone number, and other data commonly requested by tech companies.
 
-A growing problem among social media platforms is censorship in two different forms. First, they often acquiesce to illegitimate censorship requests, either from malicious governments or their own internal policies. Second, they often require accounts to access walled-off content that would otherwise be published freely on the open internet; this effectively censors the browsing activities of privacy-conscious users who are unable to pay the privacy cost of opening an account on these networks.
+A growing problem among social media platforms is censorship in two different forms. First, they often acquiesce to illegitimate censorship requests, either from malicious governments or their own internal policies.
 
-The social networks we recommend solve the issue of censorship by operating atop an open and decentralized social networking protocol. They also don't require an account merely to view publicly available content.
+Second, they often require accounts to access walled-off content that would otherwise be published freely on the open internet. This effectively censors the browsing activities of privacy-conscious users who are unable to pay the privacy cost of opening an account on these networks.
+
+The social networks we recommend solve the issue of censorship by operating atop an open and decentralized social networking protocol. While it is possible for your account to be banned or silenced by an individual server, there is no central authority which can censor your account across the entire network. They also don't require an account merely to view publicly available content.
 
 You should note that **no** social networks are appropriate for private or sensitive communications. For chatting directly with others, you should use a recommended [instant messenger](real-time-communication.md) with strong end-to-end encryption, and only use direct messages on social media in order to establish a more private and secure chat platform with your contacts.
 
-## Decentralization
-
-Decentralized social networks are built on an architecture that is fundamentally different than mainstream social media platforms, yet quite similar to the underlying structure of email. Instead of opening an account under a single, unified service like you would for Facebook or Discord, you instead choose an independent, public server to join. The server you join can communicate with and discover other servers; this aspect of decentralization is also known as *federation*.
-
-A significant benefit of this decentralized model is that there is no central authority which can censor your account across the entire network, though it is possible for your account to be banned or silenced by an individual server.
-
-A caveat of this decentralized model is that each server is its own legal entity, with its own privacy policy, terms of use, administration team, and moderators. While many of these servers are far *less* restrictive and more privacy-respecting than traditional social media platforms, some can be far *more* restrictive or potentially *worse* for your privacy. Typically, the software on which the social network runs does not discriminate between these administrators or place any limitations on their powers.
-
-## Censorship Resistance
-
-While censorship in decentralized social networks does not exist on a network level, it is very possible to experience censorship on a server level depending on a server's administrator. Administrators have the power to *defederate* from other servers, which leads to limiting the content you can view and the people you can interact with.
-
-If you are greatly concerned about an existing server censoring your content, the content available to you, or other servers, you generally have two options:
-
-1. **Host the social network software yourself.** This approach gives you the exact same censorship resistance as any other website you can host yourself, which is fairly high.
-
-2. **Use a managed hosting service.** We don't have any specific recommendations, but there are a variety of hosting services which will create a brand-new server on your own domain (or occasionally a subdomain of their domain, but we recommend against this unless registering your own domain presents too much of a burden to your privacy).
-
-    Typically, hosting providers will handle the *technical* side of your server, but completely leave the *moderation* side up to you. This often represents a better approach than self-hosting for most people because you can benefit from greater control over your own server without worrying about technical problems or unpatched security vulnerabilities.
-
-    You should look closely at your hosting provider's terms of service and acceptable use policies before registering. These are often far more broad than typical hosted server rules, and they are far less likely to be enforced without recourse, but they can still be restrictive in undesirable ways.
-
 ## Mastodon
 
 <div class="admonition recommendation" markdown>
 
 ![Mastodon logo](assets/img/social-networks/mastodon.svg){ align=right }
 
-**Mastodon** is a social network based on open web protocols and free, open-source software. It uses the **:simple-activitypub: ActivityPub** protocol, which is decentralized like email: Users can exist on different servers or even different platforms but still communicate with each other.
+**Mastodon** is a social network based on open web protocols and free, open-source software. It uses the **:simple-activitypub: ActivityPub** protocol, which is decentralized like email: users can exist on different servers or even different platforms but still communicate with each other.
 
 [:octicons-home-16: Homepage](https://joinmastodon.org){ .md-button .md-button--primary }
 [:octicons-info-16:](https://docs.joinmastodon.org){ .card-link title="Documentation" }
@@ -60,11 +40,29 @@ We chose to recommend Mastodon over other ActivityPub software as your primary s
 
 2. Mastodon is largely usable with most content types. While it is primarily a microblogging platform, Mastodon easily handles longer posts, image posts, video posts, and most other posts you might encounter when following ActivityPub users who aren't on Mastodon. This makes your Mastodon account an ideal "central hub" for following anyone regardless of the platform they chose to use. In contrast, if you were only using a PeerTube account, you would *only* be able to follow other video channels, for example.
 
-3. Mastodon has fairly comprehensive privacy controls. It has many built-in features which allow you to limit how and when your data is shared, some of which we'll cover below. They also develop new features with privacy in mind. For example, while other ActivityPub software quickly implemented "quote posts" by merely handling links to other posts with a slightly different embed modal, Mastodon is [developing](https://blog.joinmastodon.org/2025/02/bringing-quote-posts-to-mastodon) a quote post feature which will give you more fine-grained control when your post is quoted.
+3. Mastodon has fairly comprehensive privacy controls. It has many built-in features which allow you to limit how and when your data is shared, some of which we'll cover below. They also develop new features with privacy in mind. For example, while other ActivityPub software quickly implemented "quote posts" by merely handling links to other posts with a slightly different embed modal, Mastodon is [developing](https://blog.joinmastodon.org/2025/02/bringing-quote-posts-to-mastodon/) a quote post feature which will give you more fine-grained control when your post is quoted.
 
 ### Choosing an Instance
 
-To benefit the most from Mastodon, it is critical to choose a server, or "instance," which is well aligned with the type of content you want to post or read about. We do not currently recommend any specific instances, but you may find advice within our communities. We recommend avoiding *mastodon.social* and *mastodon.online* because they are operated by the same company which develops Mastodon itself. From the perspective of decentralization, it is better in the long term to separate software developers and server hosts so that no one party can exert too much control over the network as a whole.
+To benefit the most from Mastodon, it is critical to choose a server, or "instance," which is well aligned with the type of content you want to post or read about. While censorship in Mastodon does not exist on a network level, it is very possible to experience censorship on a server level depending on your server's administrator.
+
+It is critical to understand that Mastodon is not a single, unified service in the way that X (Twitter) or Facebook are. Each server is its own legal entity, with its own privacy policy, terms of use, administration team, and moderators. While many of these servers are far *less* restrictive and more privacy-respecting than traditional social media platforms, some can be far *more* restrictive or potentially *worse* for your privacy. The Mastodon software does not discriminate between these administrators or place any limitations on their powers.
+
+We do not currently recommend any specific instances, but you may find advice within our communities. We recommend avoiding *mastodon.social* and *mastodon.online* because they are operated by the same company which develops Mastodon itself. From the perspective of decentralization, it is better in the long term to separate software developers and server hosts so that no one party can exert too much control over the network as a whole.
+
+If you are greatly concerned about an existing server censoring your content or the content you can view, you generally have two options:
+
+1. **Host Mastodon yourself.** This approach gives you the exact same censorship resistance as any other website you can host yourself, which is fairly high. Mastodon even [integrates with the Tor network](https://docs.joinmastodon.org/admin/optional/tor) for more extreme scenarios where even your underlying hosting provider is subject to censorship, but this may limit who can access your content to only other servers which integrate with Tor, like most other hidden services.
+
+    Mastodon benefits greatly from a large and active self-hosting community, and its administration is comprehensively documented. While many other ActivityPub platforms can require extensive technical knowledge to run and troubleshoot, Mastodon has very stable and tested releases, and it can generally be run securely without issue by anyone who can use the Linux command line and follow [step-by-step instructions](https://docs.joinmastodon.org/admin/prerequisites).
+
+2. **Use a managed hosting service.** We don't have any specific recommendations, but there are a variety of Mastodon hosting services which will create a brand-new Mastodon server on your own domain (or occasionally a subdomain of their domain, but we recommend against this unless registering your own domain presents too much of a burden to your privacy).
+
+    Typically, Mastodon hosting providers will handle the *technical* side of your instance, but they completely leave the *moderation* side up to you. This means that you will be able to follow any content you like, although it may expose you to more spam or unwanted content because you will not have the dedicated moderation team many larger instances will have.
+
+    This often represents a better approach than self-hosting for most people, because you can benefit from greater control over your own instance without worrying about technical problems or unpatched security vulnerabilities.
+
+    You should look closely at your hosting provider's terms of service and acceptable use policies before registering. These are often far more broad than typical hosted instance rules, and they are far less likely to be enforced without recourse, but they can still be restrictive in undesirable ways.
 
 ### Recommended Privacy Settings
 
@@ -76,7 +74,7 @@ There are a number of privacy controls under the **privacy and reach** tab here.
 
 - [ ] **Automatically accept new followers**: You should consider unchecking this box to have a private profile. This will allow you to review who can follow your account before accepting them.
 
-    In contrast to most social media platforms, if you have a private profile you still have the *option* to publish posts which are publicly visible to non-followers and can still be boosted by non-followers. Therefore, unchecking this box is the only way to have the *choice* to publish to either the entire world or a select group of people.
+    In contrast to most social media platforms, if you have a private profile you still have the *option* to publish posts which are publicly visible to non-followers, and which can still be boosted and seen by non-followers. Therefore, unchecking this box is the only way to have the *choice* to publish to either the entire world or a select group of people.
 
 - [ ] **Show follows and followers on profile**: You should uncheck this box to hide your social graph from the public. It is fairly uncommon for the list of people you follow to have some genuine benefit to others, but that information can present a risk to you.
 
@@ -105,93 +103,17 @@ It is very rare for social media posts older than a few weeks to be read or rele
 When publishing a new post, you will have the option to choose from one of these visibility settings:
 
 - **Public**, which publishes your content to anyone on the internet.
-- **Quiet public**, which you should consider equivalent to publicly posting! This is not a technical guarantee, but merely a request you are making to other servers to hide your post from some feeds.
+- **Quiet public**, which you should consider equivalent to publicly posting! This is not a technical guarantee, merely a request you are making to other servers to hide your post from some feeds.
 - **Followers**, which publishes your content only to your followers. If you did not follow our recommendation of restricting your followers, you should consider this equivalent to publicly posting!
-- **Specific people**, which only shares the post with people who are specifically mentioned within the post. This is Mastodon's version of direct messages, but should never be relied on for private communications as we covered earlier since Mastodon has no E2EE.
+- **Specific people**, which only shares the post with people who are specifically mentioned within the post. This is Mastodon's version of direct messages, but should never be relied on for private communications as we covered earlier, since Mastodon has no E2EE.
 
 If you used our recommended configuration settings above, you should be posting to **Followers** by default, and only posting to **Public** on an intentional and case-by-case basis.
 
-## Element
-
-<div class="admonition recommendation" markdown>
-
-![Element logo](assets/img/social-networks/element.svg){ align=right }
-
-**Element** is the flagship client for the **:simple-matrix: [Matrix](https://matrix.org/docs/chat_basics/matrix-for-im)** protocol, an [open standard](https://spec.matrix.org/latest) that enables decentralized communication by way of federated chat rooms. Users can exist on different homeservers but still communicate with each other.
-
-[:octicons-home-16: Homepage](https://element.io){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://element.io/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://element.io/help){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/element-hq){ .card-link title="Source Code" }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=im.vector.app)
-- [:simple-appstore: App Store](https://apps.apple.com/app/id1083446067)
-- [:simple-github: GitHub](https://github.com/element-hq/element-android/releases)
-- [:fontawesome-brands-windows: Windows](https://element.io/download)
-- [:simple-apple: macOS](https://element.io/download)
-- [:simple-linux: Linux](https://element.io/download)
-- [:octicons-browser-16: Web](https://app.element.io)
-
-</details>
-
-</div>
-
-### Choosing a Homeserver
-
-To benefit the most from Matrix, it is critical to choose a homeserver which is well aligned with the subject(s) you want to chat about. We do not currently recommend any specific homeservers, but you may find advice within our communities or third-party resources like [*joinmatrix.org*](https://servers.joinmatrix.org). We recommend avoiding *matrix.org* because they are operated by the same company which develops Matrix itself. From the perspective of decentralization, it is better in the long term to separate software developers and server hosts so that no one party can exert too much control over the network as a whole.
-
-### Recommended Privacy Settings
-
-From Element's web or desktop app, go to :gear: → **All settings** to find these sections:
-
-#### Sessions
-
-By default, when you log in to Element on a new device, the session name will be automatically populated with the Matrix client and platform you used for login. This information may be visible to other users depending on the Matrix client they use.
-
-To prevent revealing information about your personal device to others unnecessarily, consider emptying the session name; this will change the session name to the randomly generated alphanumeric Session ID instead.
-
-#### Preferences
-
-- [ ] Uncheck **Send read receipts**
-- [ ] Uncheck **Send typing notifications**
-
-You should uncheck these options to reduce the exposure of metadata to other users when chatting in a public room.
-
-#### Voice & Video
-
-- [ ] Uncheck **Allow Peer-to-Peer for 1:1 calls**
-- [ ] Uncheck **Allow fallback call assist server (turn.matrix.org)**
-
-If you do decide to use Element for one-to-one communication, we recommend unchecking these settings to prevent the exposure of your IP address to the other party.
-
-#### Security & Privacy
-
-##### Manage integrations (scalar.vector.im)
-
-A Matrix integration manager connects Matrix to third-party services such as bots, bridges, and other enhancements. Element collects information to provide these services to those using an integration manager; you can review its detailed [Privacy Notice](https://element.io/integration-manager-privacy-notice) for the exact information Element collects and the ways it uses such information.
-
-As an end user on a public homeserver, you can consider unchecking the **Enable the integration manager** option, which does not affect the visibility of bots or other third-party services. As a homeserver administrator, consider whether the additional parties with which you share your data are worth the extra functionality.
-
-##### Sessions
-
-- [ ] (Optional) Uncheck **Record the client name, version, and url to recognize sessions for easily in session manager**
-
-Unchecking this option may make it more diffcult to discern your active sessions if you logged in to your Matrix account on multiple devices.
-
-#### Encryption
-
-- [x] (Optional) Check **In encrypted rooms, only send messages to verified users**
-
-With this setting enabled, unverified users (i.e., those who have not used the **Verify User** function) and unverified devices of verified users will not receive your messages in a room with encryption enabled. This may limit the messages you can view and the people you can interact with.
-
 ## Criteria
 
 **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
 
-- Must be free and open-source software.
+- Must be free and open source software.
 - Must use a federated protocol to communicate with other instances of the social networking software.
 - Must not have non-technical restrictions on who can be federated with.
 - Must be usable within a standard [web browser](desktop-browsers.md).

docs/tools.md

@@ -360,7 +360,7 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 <div class="grid cards" markdown>
 
 - ![Kobold logo](assets/img/ai-chat/kobold.png){ .twemoji loading=lazy } [Kobold.cpp](ai-chat.md#koboldcpp)
-- ![Llamafile logo](assets/img/ai-chat/llamafile.webp){ .twemoji loading=lazy } [Llamafile](ai-chat.md#llamafile)
+- ![Llamafile logo](assets/img/ai-chat/llamafile.png){ .twemoji loading=lazy } [Llamafile](ai-chat.md#llamafile)
 - ![Ollama logo](assets/img/ai-chat/ollama.png){ .twemoji loading=lazy } [Ollama (CLI)](ai-chat.md#ollama-cli)
 
 </div>
@@ -603,6 +603,7 @@ For encrypting your OS drive, we typically recommend using the encryption tool y
 - ![Signal logo](assets/img/messengers/signal.svg){ .twemoji loading=lazy } [Signal](real-time-communication.md#signal)
 - ![Briar logo](assets/img/messengers/briar.svg){ .twemoji loading=lazy } [Briar](real-time-communication.md#briar)
 - ![SimpleX Chat logo](assets/img/messengers/simplex.svg){ .twemoji loading=lazy } [SimpleX Chat](real-time-communication.md#simplex-chat)
+- ![Element logo](assets/img/messengers/element.svg){ .twemoji loading=lazy } [Element](real-time-communication.md#element)
 - ![Session logo](assets/img/messengers/session.svg){ .twemoji loading=lazy } [Session](real-time-communication.md#session)
 
 </div>
@@ -614,7 +615,6 @@ For encrypting your OS drive, we typically recommend using the encryption tool y
 <div class="grid cards" markdown>
 
 - ![Mastodon logo](assets/img/social-networks/mastodon.svg){ .twemoji loading=lazy } [Mastodon](social-networks.md#mastodon)
-- ![Element logo](assets/img/social-networks/element.svg){ .twemoji loading=lazy } [Element](social-networks.md#element)
 
 </div>
 

docs/tor.md

@@ -31,7 +31,7 @@ schema:
 **Tor** is a group of volunteer-operated servers that allows you to connect for free and improve your privacy and security on the Internet. Individuals and organizations can also share information over the Tor network with ".onion hidden services" without compromising their privacy. Because Tor traffic is difficult to block and trace, Tor is an effective censorship circumvention tool.
 
 [Detailed Tor Overview :material-arrow-right-drop-circle:](advanced/tor-overview.md){ .md-button .md-button--primary }
-[:material-movie-open-play-outline: Video: Why You Need Tor](https://www.privacyguides.org/videos/2025/03/02/why-you-need-tor){ .md-button }
+[:material-movie-open-play-outline: Video: Why You Need Tor](https://www.privacyguides.org/videos/2025/03/02/why-you-need-tor/){ .md-button }
 
 <div class="admonition tip" markdown>
 <p class="admonition-title">Tip</p>
@@ -42,7 +42,7 @@ Before connecting to Tor, please ensure you've read our [overview](advanced/tor-
 
 There are a variety of ways to connect to the Tor network from your device, the most commonly used being the **Tor Browser**, a fork of Firefox designed for [:material-incognito: anonymous](basics/common-threats.md#anonymity-vs-privacy){ .pg-purple } browsing for desktop computers and Android.
 
-Some of these apps are better than others; making a determination comes down to your threat model. If you are a casual Tor user who is not worried about your ISP collecting evidence against you, using mobile browser apps like [Onion Browser](#onion-browser-ios) to access the Tor network is probably fine. Increasing the number of people who use Tor on an everyday basis helps reduce the bad stigma of Tor, and lowers the quality of "lists of Tor users" that ISPs and governments may compile.
+Some of these apps are better than others, and again making a determination comes down to your threat model. If you are a casual Tor user who is not worried about your ISP collecting evidence against you, using mobile browser apps like [Onion Browser](#onion-browser-ios) to access the Tor network is probably fine. Increasing the number of people who use Tor on an everyday basis helps reduce the bad stigma of Tor, and lowers the quality of "lists of Tor users" that ISPs and governments may compile.
 
 If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against deanonymization.
 
@@ -52,13 +52,13 @@ If more complete anonymity is paramount to your situation, you should **only** b
 
 ![Tor Browser logo](assets/img/browsers/tor.svg){ align=right }
 
-**Tor Browser** is the top choice if you need anonymity, as it provides you with access to the Tor network and bridges, and it includes default settings and extensions that are automatically configured by the default security levels: *Standard*, *Safer* and *Safest*.
+**Tor Browser** is the choice if you need anonymity, as it provides you with access to the Tor network and bridges, and it includes default settings and extensions that are automatically configured by the default security levels: *Standard*, *Safer* and *Safest*.
 
 [:octicons-home-16: Homepage](https://torproject.org){ .md-button .md-button--primary }
 [:simple-torbrowser:](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion){ .card-link title="Onion Service" }
-[:octicons-info-16:](https://tb-manual.torproject.org){ .card-link title="Documentation" }
+[:octicons-info-16:](https://tb-manual.torproject.org){ .card-link title=Documentation }
 [:octicons-code-16:](https://gitlab.torproject.org/tpo/applications/tor-browser){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://donate.torproject.org){ .card-link title="Contribute" }
+[:octicons-heart-16:](https://donate.torproject.org){ .card-link title=Contribute }
 
 <details class="downloads" markdown>
 <summary>Downloads</summary>
@@ -80,7 +80,7 @@ You should **never** install any additional extensions on Tor Browser or edit `a
 
 </div>
 
-The Tor Browser is designed to prevent fingerprinting, or identifying you based on your browser configuration. Therefore, it is imperative that you do **not** modify the browser beyond the default [security levels](https://tb-manual.torproject.org/security-settings). When modifying the security level setting, you **must** always restart the browser before continuing to use it. Otherwise, [the security settings may not be fully applied](https://www.privacyguides.org/articles/2025/05/02/tor-security-slider-flaw), putting you at a higher risk of fingerprinting and exploits than you may expect based on the setting chosen.
+The Tor Browser is designed to prevent fingerprinting, or identifying you based on your browser configuration. Therefore, it is imperative that you do **not** modify the browser beyond the default [security levels](https://tb-manual.torproject.org/security-settings). When modifying the security level setting, you **must** always restart the browser before continuing to use it. Otherwise, [the security settings may not be fully applied](https://www.privacyguides.org/articles/2025/05/02/tor-security-slider-flaw/), putting you at a higher risk of fingerprinting and exploits than you may expect based on the setting chosen.
 
 In addition to installing Tor Browser on your computer directly, there are also operating systems designed specifically to connect to the Tor network such as [Whonix](desktop.md#whonix) on [Qubes OS](desktop.md#qubes-os), which provide even greater security and protections than the standard Tor Browser alone.
 
@@ -90,15 +90,13 @@ In addition to installing Tor Browser on your computer directly, there are also
 
 ![Onion Browser logo](assets/img/self-contained-networks/onion_browser.svg){ align=right }
 
-**Onion Browser** is an open-source browser that lets you browse the web anonymously over the Tor network on iOS devices and is endorsed by the [Tor Project](https://support.torproject.org/glossary/onion-browser).
-
-[:material-star-box: Read our latest Onion Browser review.](https://www.privacyguides.org/articles/2024/09/18/onion-browser-review)
+**Onion Browser** is an open-source browser that lets you browse the web anonymously over the Tor network on iOS devices and is endorsed by the [Tor Project](https://support.torproject.org/glossary/onion-browser). [:material-star-box: Read our latest Onion Browser review.](https://www.privacyguides.org/articles/2024/09/18/onion-browser-review/)
 
 [:octicons-home-16: Homepage](https://onionbrowser.com){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://onionbrowser.com/privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://onionbrowser.com/faqs){ .card-link title="Documentation" }
+[:octicons-info-16:](https://onionbrowser.com/faqs){ .card-link title=Documentation}
 [:octicons-code-16:](https://github.com/OnionBrowser/OnionBrowser){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://onionbrowser.com/donate){ .card-link title="Contribute" }
+[:octicons-heart-16:](https://onionbrowser.com/donate){ .card-link title=Contribute }
 
 <details class="downloads" markdown>
 <summary>Downloads</summary>

docs/vpn.md

@@ -142,9 +142,8 @@ System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-swit
 <summary>Downloads</summary>
 
 - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client)
-- [:simple-appstore: App Store](https://apps.apple.com/app/id1193122683)
 - [:octicons-moon-16: Accrescent](https://accrescent.app/app/net.ivpn.client)
-- [:simple-github: GitHub](https://github.com/ivpn/android-app/releases)
+- [:simple-appstore: App Store](https://apps.apple.com/app/id1193122683)
 - [:fontawesome-brands-windows: Windows](https://ivpn.net/apps-windows)
 - [:simple-apple: macOS](https://ivpn.net/apps-macos)
 - [:simple-linux: Linux](https://ivpn.net/apps-linux)

mkdocs.blog.yml

@@ -131,7 +131,6 @@ plugins:
     post_url_format: "{date}/{file}"
     post_excerpt: required
     post_excerpt_max_authors: 0
-    post_readtime: false
     authors_profiles: true
     authors_profiles_toc: true
     categories_allowed:

mkdocs.videos.yml

@@ -204,7 +204,6 @@ nav:
   - !ENV [NAV_BLOG, "Articles"]: /articles/
   - !ENV [NAV_VIDEOS, "Videos"]:
       - index.md
-      - playlists.md
   - !ENV [NAV_ABOUT, "About"]: /en/about/
   - "Donate": /en/about/donate/
   - !ENV [NAV_FORUM, "Forum"]: "https://discuss.privacyguides.net/"

mkdocs.yml

@@ -449,32 +449,23 @@ nav:
       !ENV [NAV_FORUM_LINK, "https://discuss.privacyguides.net/"]
   - !ENV [NAV_ABOUT, "About"]:
       - "about.md"
+      - "about/criteria.md"
       - "about/donate.md"
-      - !ENV [NAV_ABOUT_TEAM_MEMBERS, "Team Members"]:
-          https://discuss.privacyguides.net/u?group=team&order=solutions&period=all
-      - !ENV [NAV_ABOUT_POLICIES, "Policies"]:
-          - "about/criteria.md"
-          - "about/donation-acceptance-policy.md"
-          - "about/executive-policy.md"
+      - !ENV [NAV_DOCUMENTATION, "Documentation"]:
+          - !ENV [NAV_DOCUMENTATION_ALL, "All Documentation"]:
+              https://discuss.privacyguides.net/c/documentation/9410
+          - !ENV [NAV_DOCUMENTATION_POLICIES, "Policies"]:
+              https://discuss.privacyguides.net/tags/c/documentation/9410/policy
+          - !ENV [NAV_WRITING_GUIDE, "Writing Guide"]:
+              https://discuss.privacyguides.net/tags/c/documentation/9410/writing
+          - !ENV [NAV_TECHNICAL_GUIDES, "Technical Guides"]:
+              https://discuss.privacyguides.net/tags/c/documentation/9410/technical
+      - !ENV [NAV_ABOUT_MISC, "Miscellaneous"]:
           - "privacy.md"
           - "about/notices.md"
-      - !ENV [NAV_COMMUNITY, "Community"]:
+          - "about/statistics.md"
           - "about/jobs.md"
           - "about/contributors.md"
-          - !ENV [NAV_ONLINE_SERVICES, "Online Services"]: "about/services.md"
-          - !ENV [NAV_CODE_OF_CONDUCT, "Code of Conduct"]: "CODE_OF_CONDUCT.md"
-          - "about/statistics.md"
-      - !ENV [NAV_CONTRIBUTING, "Contributing"]:
-          - !ENV [NAV_WRITING_GUIDE, "Writing Guide"]:
-              - "meta/writing-style.md"
-              - "meta/admonitions.md"
-              - "meta/brand.md"
-              - "meta/translations.md"
-          - !ENV [NAV_TECHNICAL_GUIDES, "Technical Guides"]:
-              - "meta/uploading-images.md"
-              - "meta/git-recommendations.md"
-              - "meta/commit-messages.md"
-              - "meta/pr-comments.md"
 
 validation:
   nav:

theme/blog-post.html

@@ -118,7 +118,7 @@
                       <div class="md-nav__link" title="Date published">
                         {% include ".icons/material/calendar.svg" %}
                         <time
-                          datetime="{{ page.config.date.created.strftime('%Y-%m-%dT%H:%M:%S+00:00') }}"
+                          datetime="{{ page.config.date.created }}"
                           class="md-ellipsis"
                           itemprop="datePublished"
                         >
@@ -133,7 +133,7 @@
                         <div class="md-nav__link" title="Date last updated">
                           {% include ".icons/material/calendar-clock.svg" %}
                           <time
-                            datetime="{{ page.config.date.updated.strftime('%Y-%m-%dT%H:%M:%S+00:00') }}"
+                            datetime="{{ page.config.date.updated }}"
                             class="md-ellipsis"
                             itemprop="dateModified"
                           >

theme/layouts/blog.yml

@@ -58,9 +58,9 @@ definitions:
 
   - &updated_time >-
     {% if page.config.date.updated %}
-      {{- page.config.date.updated.strftime('%Y-%m-%dT%H:%M:%S+00:00') -}}
+      {{- page.config.date.updated.strftime('%Y-%m-%d') -}}
     {% else %}
-      {{- page.config.date.created.strftime('%Y-%m-%dT%H:%M:%S+00:00') -}}
+      {{- page.config.date.created.strftime('%Y-%m-%d') -}}
     {% endif %}
 
   - &author_mastodon >-
@@ -85,8 +85,6 @@ definitions:
 # Meta tags
 tags:
   # Open Graph
-  og:site_name: *site_name
-  og:locale: "en_US"
   og:type: article
   og:title: *page_title
   og:description: *page_description
@@ -97,7 +95,7 @@ tags:
   og:url: "{{ page.canonical_url }}"
 
   # Blog
-  article:published_time: "{{ page.config.date.created.strftime('%Y-%m-%dT%H:%M:%S+00:00') }}"
+  article:published_time: "{{ page.config.date.created.strftime('%Y-%m-%d') }}"
   article:modified_time: *updated_time
   article:section: "{{ page.categories[0].title }}"
   article:author: "https://www.privacyguides.org/articles/{{ page.authors[0].url }}"
@@ -112,11 +110,6 @@ tags:
   twitter:title: *page_title
   twitter:description: *page_description
   twitter:image: "{{ image.url }}"
-  twitter:image:width: "{{ image.width }}"
-  twitter:image:height: "{{ image.height }}"
-  twitter:image:alt: "Privacy Guides: Trusted, non-profit privacy and cybersecurity resources."
-  twitter:label1: "Written by"
-  twitter:data1: "{{ page.authors[0].name }}"
 
 # -----------------------------------------------------------------------------
 # Specification

theme/layouts/page.yml

@@ -70,7 +70,6 @@ definitions:
 # Meta tags
 tags:
   # Open Graph
-  og:site_name: *site_name
   og:type: website
   og:title: *page_title_with_site_name
   og:description: *page_description
@@ -89,8 +88,6 @@ tags:
   twitter:title: *page_title_with_site_name
   twitter:description: *page_description
   twitter:image: "{{ image.url }}"
-  twitter:image:width: "{{ image.width }}"
-  twitter:image:height: "{{ image.height }}"
 
 # -----------------------------------------------------------------------------
 # Specification

theme/layouts/video.yml

@@ -44,7 +44,6 @@ tags:
   og:video:type: "text/html"
   og:video:width: "560"
   og:video:height: "315"
-  video:release_date: "{{ page.config.date.created.strftime('%Y-%m-%dT%H:%M:%S+00:00') }}"
 
   # Mastodon
   fediverse:creator: "@privacyguides@neat.computer"

theme/video-post.html

@@ -39,7 +39,7 @@
     "thumbnailUrl": [
       "{{ page.meta.thumbnail }}"
       ],
-    "uploadDate": "{{ page.meta.date.created.strftime('%Y-%m-%dT%H:%M:%S+00:00') }}",
+    "uploadDate": "{{ page.meta.date.created }}",
     "embedUrl": "{{ page.meta.embed }}"
   }
 </script>
@@ -121,7 +121,7 @@
                       <div class="md-nav__link">
                         {% include ".icons/material/calendar.svg" %}
                         <time
-                          datetime="{{ page.config.date.created.strftime('%Y-%m-%dT%H:%M:%S+00:00') }}"
+                          datetime="{{ page.config.date.created }}"
                           class="md-ellipsis"
                         >
                           {{- page.config.date.created | date -}}
@@ -135,7 +135,7 @@
                         <div class="md-nav__link">
                           {% include ".icons/material/calendar-clock.svg" %}
                           <time
-                            datetime="{{ page.config.date.updated.strftime('%Y-%m-%dT%H:%M:%S+00:00') }}"
+                            datetime="{{ page.config.date.updated }}"
                             class="md-ellipsis"
                           >
                             {{- page.config.date.updated | date -}}
@@ -226,7 +226,7 @@
 
         <div>
           <div style="position: relative; padding-top: 56.25%;">
-            <iframe width="100%" height="100%" src="{{ page.meta.embed }}?autoplay=1&title=0&p2p=0" allow="autoplay" frameborder="0" allowfullscreen="" sandbox="allow-same-origin allow-scripts allow-popups allow-forms" style="position: absolute; inset: 0px;"></iframe>
+            <iframe width="100%" height="100%" src="{{ page.meta.embed }}?autoplay=1&title=0" allow="autoplay" frameborder="0" allowfullscreen="" sandbox="allow-same-origin allow-scripts allow-popups allow-forms" style="position: absolute; inset: 0px;"></iframe>
           </div>
         </div>
 

videos/playlists.md

@@ -1,3 +0,0 @@
-# Playlists
-
-<!-- material/tags -->

videos/posts/when-code-became-a-weapon.md

@@ -1,40 +0,0 @@
----
-title: |
-  When Code Became a Weapon
-date:
-  created: 2025-05-08T20:00:00Z
-authors:
-  - jordan
-description: |
-  During the Cold War, the US government tried to stop the export of strong cryptography. In this video we'll dive into the history and explain what happened to cause this and why it was eventually overturned.
-tags:
-  - The History and Future of the Encryption Wars
-readtime: 10
-thumbnail: https://neat.tube/lazy-static/previews/64ffa267-44f4-4780-b283-a620bf856934.jpg
-embed: https://neat.tube/videos/embed/8Yrh3JVFbS3ekG8i2JGzjN
-peertube: https://neat.tube/w/8Yrh3JVFbS3ekG8i2JGzjN
-youtube: https://youtu.be/DtPKBngQcEQ
-links:
-  - Encryption Software: https://www.privacyguides.org/en/encryption/#openpgp
----
-During the Cold War, the US government tried to stop the export of strong cryptography. In this video we'll dive into the history and explain what happened to cause this and why it was eventually overturned. The ability to use strong encryption wasn’t a given; it has been continually fought for throughout history.
-
-## Sources
-
-- <https://hiddenheroes.netguru.com/philip-zimmermann>
-- <https://dubois.com/pgp-case/>
-- <https://www.philzimmermann.com/EN/background/index.html>
-- <https://www.philzimmermann.com/EN/bibliography/index.html>
-- <https://www.philzimmermann.com/multimedia/NPR%20Morning%20Edition%2012%20Jan%201996%20-%20Justice%20Dept%20drops%20Zimmermann%20case.m4a>
-- [158,962,555,217,826,360,000 (Enigma Machine) - Numberphile](https://www.youtube.com/watch?v=G2_Q9FoD-oQ&pp=ygUSbnVtYmVycGhpbGUgZW5pZ21h)
-- [Enigma Code](https://www.youtube.com/watch?v=LU2s28-tN08&pp=ygUbZW5pZ21hIG1hY2hpbmUgZGlzY292ZXJ5IHVr)
-- [Our History](https://www.youtube.com/watch?v=tIDb-rVvHgQ&pp=ygUSb3VyIGhpc3RvcnkgbnNhIHl0)
-- [The cold war, Checkpoint Charlie](https://www.youtube.com/watch?v=-pUmfKX3C04&pp=ygUSY2hlY2twb2ludCBjaGFybGll)
-- [Ordinary Life in the USSR 1961](https://www.youtube.com/watch?v=ExHCAjRsZhA&pp=ygUYbGlmZSBpbiB0aGUgdXNzciBmb290YWdl)
-- [USA: WASHINGTON: ANTI-NUCLEAR PROTESTS](https://www.youtube.com/watch?v=3SbC3EHS04I&pp=ygUZYW50aSBudWtlIHByb3Rlc3QgMTk5MCBhcNIHCQmGCQGHKiGM7w%3D%3D)
-- [DEF CON 11 - Phil Zimmerman - A Conversation with Phil Zimmermann](https://www.youtube.com/watch?v=4ww8AAkWFhM&pp=ygUTcGhpbCB6aW1tZXJtYW5uIHBncA%3D%3D)
-- [The Screen Savers - Phil Zimmerman, creator of Pretty Good Privacy (PGP) Interview](https://www.youtube.com/watch?v=cZD36L3BXXs&pp=ygUdcGhpbCB6aW1tZXJtYW5uIHNjcmVlbiBzYXZlcnM%3D)
-- [Creator of PGP, Phil Zimmermann Talks At Bitcoin Wednesday](https://www.youtube.com/watch?v=M8z0Nx8svC4&pp=ygUXcGhpbCB6aW1tZXJtYW5uIGJpdGNvaW4%3D)
-- [Life On The Internet: Networking (1996 Usenet Documentary)](https://www.youtube.com/watch?v=jNme5DlNaZY&pp=ygUbbGlmZSBvbiB0aGUgaW50ZXJuZXIgdXNlbmV0)
-- [Snooping is in the nature of govts – king of encryption Phil Zimmermann](https://www.youtube.com/watch?v=1eYZ8v_R9jI&pp=ygUdcGhpbCB6aW1tZXJtYW5uIHNjcmVlbiBzYXZlcnM%3D)
-- <https://www.eff.org/cases/bernstein-v-us-dept-justice>