update .all-contributorsrc

update includes/contributors.md
update README.md
2025-10-28 10:12:11 +00:00 · 2024-04-16 11:54:03 +00:00 · 2024-04-16 11:54:02 +00:00 · 2024-04-16 11:54:01 +00:00
66 changed files with 587 additions and 1090 deletions
--- a/.all-contributorsrc
+++ b/.all-contributorsrc
@@ -371,7 +371,7 @@
    {
      "login": "5amm",
      "name": "Sam Howell",
-      "avatar_url": "https://avatars.githubusercontent.com/u/10137?v=4",
+      "avatar_url": "https://www.samhowell.uk/images/avatar-main.png",
      "profile": "https://www.samhowell.uk/",
      "contributions": [
        "blog"
@@ -2706,9 +2706,7 @@
      "avatar_url": "https://avatars.githubusercontent.com/u/49742151?v=4",
      "profile": "https://lamtrinh.dev/",
      "contributions": [
-        "doc",
-        "bug",
-        "question"
+        "doc"
      ]
    },
    {
@@ -2745,15 +2743,6 @@
      "contributions": [
        "translation"
      ]
-    },
-    {
-      "login": "jxtsai",
-      "name": "jx tsai",
-      "avatar_url": "https://avatars.githubusercontent.com/u/8361268?v=4",
-      "profile": "https://jxtsai.info",
-      "contributions": [
-        "translation"
-      ]
    }
  ],
  "contributorsPerLine": 5,
--- a/.github/workflows/build-container.yml
+++ b/.github/workflows/build-container.yml
@@ -55,7 +55,7 @@ jobs:

      # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here.
      - name: Log in to the Container registry
-        uses: docker/login-action@v3.2.0
+        uses: docker/login-action@v3.1.0
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
@@ -79,7 +79,7 @@ jobs:
      # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository.
      # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step.
      - name: Build and push Docker image
-        uses: docker/build-push-action@v6.2.0
+        uses: docker/build-push-action@v5.3.0
        with:
          context: .
          push: true
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -91,6 +91,7 @@ jobs:
        run: |
          cp -rl modules/repo-i18n/i18n .
          cp -rl modules/repo-i18n/includes .
+          cp -rl modules/repo-i18n/theme .

      - name: Install Python (pipenv)
        if: inputs.privileged
--- a/.github/workflows/test-lint.yml
+++ b/.github/workflows/test-lint.yml
@@ -103,7 +103,7 @@ jobs:
      - id: ml
        # You can override MegaLinter flavor used to have faster performances
        # More info at https://megalinter.io/flavors/
-        uses: oxsecurity/megalinter/flavors/documentation@v7.12.0
+        uses: oxsecurity/megalinter/flavors/documentation@v7.10.0
        env:
          # All available variables are described in documentation
          # https://megalinter.io/configuration/
--- a/.github/workflows/upload-crowdin.yml
+++ b/.github/workflows/upload-crowdin.yml
@@ -41,7 +41,7 @@ jobs:
        uses: actions/checkout@v4

      - name: crowdin action
-        uses: crowdin/github-action@v2.0.0
+        uses: crowdin/github-action@v1.20.2
        with:
          upload_sources: true
          upload_sources_args: "--auto-update --delete-obsolete"
--- a/Pipfile.lock
+++ b/Pipfile.lock
@@ -18,19 +18,19 @@
    "default": {
        "babel": {
            "hashes": [
-                "sha256:08706bdad8d0a3413266ab61bd6c34d0c28d6e1e7badf40a2cebe67644e2e1fb",
-                "sha256:8daf0e265d05768bc6c7a314cf1321e9a123afc328cc635c18622a2f30a04413"
+                "sha256:6919867db036398ba21eb5c7a0f6b28ab8cbc3ae7a73a44ebe34ae74a4e7d363",
+                "sha256:efb1a25b7118e67ce3a259bed20545c29cb68be8ad2c784c83689981b7a57287"
            ],
-            "markers": "python_version >= '3.8'",
-            "version": "==2.15.0"
+            "markers": "python_version >= '3.7'",
+            "version": "==2.14.0"
        },
        "cairocffi": {
            "hashes": [
-                "sha256:1f29a8d41dbda4090c0aa33bcdea64f3b493e95f74a43ea107c4a8a7b7f632ef",
-                "sha256:7761863603894305f3160eca68452f373433ca8745ab7dd445bd2c6ce50dcab7"
+                "sha256:78e6bbe47357640c453d0be929fa49cd05cce2e1286f3d2a1ca9cbda7efdb8b7",
+                "sha256:aa78ee52b9069d7475eeac457389b6275aa92111895d78fbaa2202a52dac112e"
            ],
-            "markers": "python_version >= '3.8'",
-            "version": "==1.7.0"
+            "markers": "python_version >= '3.7'",
+            "version": "==1.6.1"
        },
        "cairosvg": {
            "hashes": [
@@ -41,11 +41,11 @@
        },
        "certifi": {
            "hashes": [
-                "sha256:3cd43f1c6fa7dedc5899d69d3ad0398fd018ad1a17fba83ddaf78aa46c747516",
-                "sha256:ddc6c8ce995e6987e7faf5e3f1b02b302836a0e5d98ece18392cb1a36c72ad56"
+                "sha256:0569859f95fc761b18b45ef421b1290a0f65f147e92a1e5eb3e635f9a5e4e66f",
+                "sha256:dc383c07b76109f368f6106eee2b593b04a011ea4d55f652c6ca24a754d1cdd1"
            ],
            "markers": "python_version >= '3.6'",
-            "version": "==2024.6.2"
+            "version": "==2024.2.2"
        },
        "cffi": {
            "hashes": [
@@ -258,11 +258,11 @@
        },
        "idna": {
            "hashes": [
-                "sha256:028ff3aadf0609c1fd278d8ea3089299412a7a8b9bd005dd08b9f8285bcb5cfc",
-                "sha256:82fee1fc78add43492d3a1898bfa6d8a904cc97d8427f683ed8e798d07761aa0"
+                "sha256:9ecdbbd083b06798ae1e86adcbfe8ab1479cf864e4ee30fe4e46a003d12491ca",
+                "sha256:c05567e9c24a6b9faaa835c4821bad0590fbb9d5779e7caa6e1cc4978e7eb24f"
            ],
            "markers": "python_version >= '3.5'",
-            "version": "==3.7"
+            "version": "==3.6"
        },
        "jieba": {
            "hashes": [
@@ -273,11 +273,11 @@
        },
        "jinja2": {
            "hashes": [
-                "sha256:4a3aee7acbbe7303aede8e9648d13b8bf88a429282aa6122a993f0ac800cb369",
-                "sha256:bc5dd2abb727a5319567b7a813e6a2e7318c39f4f487cfe6c89c6f9c7d25197d"
+                "sha256:7d6d50dd97d52cbc355597bd845fabfbac3f551e1f99619e39a35ce8c370b5fa",
+                "sha256:ac8bd6544d4bb2c9792bf3a159e80bba8fda7f07e81bc3aed565432d5925ba90"
            ],
            "markers": "python_version >= '3.7'",
-            "version": "==3.1.4"
+            "version": "==3.1.3"
        },
        "markdown": {
            "hashes": [
@@ -363,37 +363,29 @@
        },
        "mkdocs": {
            "hashes": [
-                "sha256:1eb5cb7676b7d89323e62b56235010216319217d4af5ddc543a91beb8d125ea7",
-                "sha256:a73f735824ef83a4f3bcb7a231dcab23f5a838f88b7efc54a0eef5fbdbc3c512"
+                "sha256:3b3a78e736b31158d64dbb2f8ba29bd46a379d0c6e324c2246c3bc3d2189cfc1",
+                "sha256:eb7c99214dcb945313ba30426c2451b735992c73c2e10838f76d09e39ff4d0e2"
            ],
-            "markers": "python_version >= '3.8'",
-            "version": "==1.6.0"
-        },
-        "mkdocs-get-deps": {
-            "hashes": [
-                "sha256:162b3d129c7fad9b19abfdcb9c1458a651628e4b1dea628ac68790fb3061c60c",
-                "sha256:2bf11d0b133e77a0dd036abeeb06dec8775e46efa526dc70667d8863eefc6134"
-            ],
-            "markers": "python_version >= '3.8'",
-            "version": "==0.2.0"
+            "markers": "python_version >= '3.7'",
+            "version": "==1.5.3"
        },
        "mkdocs-git-authors-plugin": {
            "hashes": [
-                "sha256:380730a05eeb947a7e84be05fdb1c5ae2a7bc70fd9f6eda941f187c87ae37052",
-                "sha256:6161f63b87064481a48d9ad01c23e43c3e758930c3a9cc167fe482909ceb9eac"
+                "sha256:0614f4f87d31eabd0a0d607c9e0532608fc593997ebee282ec564ee6dc1c041e",
+                "sha256:10dfc57fb10d5c3aceb0e5cdea199ac3a7588979f26484eba46d935dc1044c26"
            ],
            "index": "pypi",
            "markers": "python_version >= '3.7'",
-            "version": "==0.9.0"
+            "version": "==0.8.0"
        },
        "mkdocs-git-revision-date-localized-plugin": {
            "hashes": [
-                "sha256:e432942ce4ee8aa9b9f4493e993dee9d2cc08b3ea2b40a3d6b03ca0f2a4bcaa2",
-                "sha256:f015cb0f3894a39b33447b18e270ae391c4e25275cac5a626e80b243784e2692"
+                "sha256:08fd0c6f33c8da9e00daf40f7865943113b3879a1c621b2bbf0fa794ffe997d3",
+                "sha256:1f94eb510862ef94e982a2910404fa17a1657ecf29f45a07b0f438c00767fc85"
            ],
            "index": "pypi",
            "markers": "python_version >= '3.8'",
-            "version": "==1.2.6"
+            "version": "==1.2.4"
        },
        "mkdocs-macros-plugin": {
            "hashes": [
@@ -421,11 +413,11 @@
        },
        "packaging": {
            "hashes": [
-                "sha256:026ed72c8ed3fcce5bf8950572258698927fd1dbda10a5e981cdf0ac37f4f002",
-                "sha256:5b8f2217dbdbd2f7f384c41c628544e6d52f2d0f53c6d0c3ea61aa5d1d7ff124"
+                "sha256:2ddfb553fdf02fb784c234c7ba6ccc288296ceabec964ad2eae3777778130bc5",
+                "sha256:eb82c5e3e56209074766e6885bb04b8c38a0c015d0a30036ebe7ece34c9989e9"
            ],
-            "markers": "python_version >= '3.8'",
-            "version": "==24.1"
+            "markers": "python_version >= '3.7'",
+            "version": "==24.0"
        },
        "paginate": {
            "hashes": [
@@ -517,11 +509,11 @@
        },
        "platformdirs": {
            "hashes": [
-                "sha256:2d7a1657e36a80ea911db832a8a6ece5ee53d8de21edd5cc5879af6530b1bfee",
-                "sha256:38b7b51f512eed9e84a22788b4bce1de17c0adb134d6becb09836e37d8654cd3"
+                "sha256:0614df2a2f37e1a662acbd8e2b25b92ccf8632929bc6d43467e17fe89c75e068",
+                "sha256:ef0cc731df711022c174543cb70a9b5bd22e5a9337c8624ef2c2ceb8ddad8768"
            ],
            "markers": "python_version >= '3.8'",
-            "version": "==4.2.2"
+            "version": "==4.2.0"
        },
        "pycparser": {
            "hashes": [
@@ -533,19 +525,19 @@
        },
        "pygments": {
            "hashes": [
-                "sha256:786ff802f32e91311bff3889f6e9a86e81505fe99f2735bb6d60ae0c5004f199",
-                "sha256:b8e6aca0523f3ab76fee51799c488e38782ac06eafcf95e7ba832985c8e7b13a"
+                "sha256:b27c2826c47d0f3219f29554824c30c5e8945175d888647acd804ddd04af846c",
+                "sha256:da46cec9fd2de5be3a8a784f434e4c4ab670b4ff54d605c4c2717e9d49c4c367"
            ],
-            "markers": "python_version >= '3.8'",
-            "version": "==2.18.0"
+            "markers": "python_version >= '3.7'",
+            "version": "==2.17.2"
        },
        "pymdown-extensions": {
            "hashes": [
-                "sha256:3ab1db5c9e21728dabf75192d71471f8e50f216627e9a1fa9535ecb0231b9940",
-                "sha256:f938326115884f48c6059c67377c46cf631c733ef3629b6eed1349989d1b30cb"
+                "sha256:c70e146bdd83c744ffc766b4671999796aba18842b268510a329f7f64700d584",
+                "sha256:f5cc7000d7ff0d1ce9395d216017fa4df3dde800afb1fb72d1c7d3fd35e710f4"
            ],
            "markers": "python_version >= '3.8'",
-            "version": "==10.8.1"
+            "version": "==10.7.1"
        },
        "python-dateutil": {
            "hashes": [
@@ -630,96 +622,110 @@
        },
        "regex": {
            "hashes": [
-                "sha256:0721931ad5fe0dda45d07f9820b90b2148ccdd8e45bb9e9b42a146cb4f695649",
-                "sha256:10002e86e6068d9e1c91eae8295ef690f02f913c57db120b58fdd35a6bb1af35",
-                "sha256:10e4ce0dca9ae7a66e6089bb29355d4432caed736acae36fef0fdd7879f0b0cb",
-                "sha256:119af6e56dce35e8dfb5222573b50c89e5508d94d55713c75126b753f834de68",
-                "sha256:1337b7dbef9b2f71121cdbf1e97e40de33ff114801263b275aafd75303bd62b5",
-                "sha256:13cdaf31bed30a1e1c2453ef6015aa0983e1366fad2667657dbcac7b02f67133",
-                "sha256:1595f2d10dff3d805e054ebdc41c124753631b6a471b976963c7b28543cf13b0",
-                "sha256:16093f563098448ff6b1fa68170e4acbef94e6b6a4e25e10eae8598bb1694b5d",
-                "sha256:1878b8301ed011704aea4c806a3cadbd76f84dece1ec09cc9e4dc934cfa5d4da",
-                "sha256:19068a6a79cf99a19ccefa44610491e9ca02c2be3305c7760d3831d38a467a6f",
-                "sha256:19dfb1c504781a136a80ecd1fff9f16dddf5bb43cec6871778c8a907a085bb3d",
-                "sha256:1b5269484f6126eee5e687785e83c6b60aad7663dafe842b34691157e5083e53",
-                "sha256:1c1c174d6ec38d6c8a7504087358ce9213d4332f6293a94fbf5249992ba54efa",
-                "sha256:2431b9e263af1953c55abbd3e2efca67ca80a3de8a0437cb58e2421f8184717a",
-                "sha256:287eb7f54fc81546346207c533ad3c2c51a8d61075127d7f6d79aaf96cdee890",
-                "sha256:2b4c884767504c0e2401babe8b5b7aea9148680d2e157fa28f01529d1f7fcf67",
-                "sha256:35cb514e137cb3488bce23352af3e12fb0dbedd1ee6e60da053c69fb1b29cc6c",
-                "sha256:391d7f7f1e409d192dba8bcd42d3e4cf9e598f3979cdaed6ab11288da88cb9f2",
-                "sha256:3ad070b823ca5890cab606c940522d05d3d22395d432f4aaaf9d5b1653e47ced",
-                "sha256:3cd7874d57f13bf70078f1ff02b8b0aa48d5b9ed25fc48547516c6aba36f5741",
-                "sha256:3e507ff1e74373c4d3038195fdd2af30d297b4f0950eeda6f515ae3d84a1770f",
-                "sha256:455705d34b4154a80ead722f4f185b04c4237e8e8e33f265cd0798d0e44825fa",
-                "sha256:4a605586358893b483976cffc1723fb0f83e526e8f14c6e6614e75919d9862cf",
-                "sha256:4babf07ad476aaf7830d77000874d7611704a7fcf68c9c2ad151f5d94ae4bfc4",
-                "sha256:4eee78a04e6c67e8391edd4dad3279828dd66ac4b79570ec998e2155d2e59fd5",
-                "sha256:5397de3219a8b08ae9540c48f602996aa6b0b65d5a61683e233af8605c42b0f2",
-                "sha256:5b5467acbfc153847d5adb21e21e29847bcb5870e65c94c9206d20eb4e99a384",
-                "sha256:5eaa7ddaf517aa095fa8da0b5015c44d03da83f5bd49c87961e3c997daed0de7",
-                "sha256:632b01153e5248c134007209b5c6348a544ce96c46005d8456de1d552455b014",
-                "sha256:64c65783e96e563103d641760664125e91bd85d8e49566ee560ded4da0d3e704",
-                "sha256:64f18a9a3513a99c4bef0e3efd4c4a5b11228b48aa80743be822b71e132ae4f5",
-                "sha256:673b5a6da4557b975c6c90198588181029c60793835ce02f497ea817ff647cb2",
-                "sha256:68811ab14087b2f6e0fc0c2bae9ad689ea3584cad6917fc57be6a48bbd012c49",
-                "sha256:6e8d717bca3a6e2064fc3a08df5cbe366369f4b052dcd21b7416e6d71620dca1",
-                "sha256:71a455a3c584a88f654b64feccc1e25876066c4f5ef26cd6dd711308aa538694",
-                "sha256:72d7a99cd6b8f958e85fc6ca5b37c4303294954eac1376535b03c2a43eb72629",
-                "sha256:7b59138b219ffa8979013be7bc85bb60c6f7b7575df3d56dc1e403a438c7a3f6",
-                "sha256:7dbe2467273b875ea2de38ded4eba86cbcbc9a1a6d0aa11dcf7bd2e67859c435",
-                "sha256:833616ddc75ad595dee848ad984d067f2f31be645d603e4d158bba656bbf516c",
-                "sha256:87e2a9c29e672fc65523fb47a90d429b70ef72b901b4e4b1bd42387caf0d6835",
-                "sha256:8fe45aa3f4aa57faabbc9cb46a93363edd6197cbc43523daea044e9ff2fea83e",
-                "sha256:9e717956dcfd656f5055cc70996ee2cc82ac5149517fc8e1b60261b907740201",
-                "sha256:9efa1a32ad3a3ea112224897cdaeb6aa00381627f567179c0314f7b65d354c62",
-                "sha256:9ff11639a8d98969c863d4617595eb5425fd12f7c5ef6621a4b74b71ed8726d5",
-                "sha256:a094801d379ab20c2135529948cb84d417a2169b9bdceda2a36f5f10977ebc16",
-                "sha256:a0981022dccabca811e8171f913de05720590c915b033b7e601f35ce4ea7019f",
-                "sha256:a0bd000c6e266927cb7a1bc39d55be95c4b4f65c5be53e659537537e019232b1",
-                "sha256:a32b96f15c8ab2e7d27655969a23895eb799de3665fa94349f3b2fbfd547236f",
-                "sha256:a81e3cfbae20378d75185171587cbf756015ccb14840702944f014e0d93ea09f",
-                "sha256:ac394ff680fc46b97487941f5e6ae49a9f30ea41c6c6804832063f14b2a5a145",
-                "sha256:ada150c5adfa8fbcbf321c30c751dc67d2f12f15bd183ffe4ec7cde351d945b3",
-                "sha256:b2b6f1b3bb6f640c1a92be3bbfbcb18657b125b99ecf141fb3310b5282c7d4ed",
-                "sha256:b802512f3e1f480f41ab5f2cfc0e2f761f08a1f41092d6718868082fc0d27143",
-                "sha256:ba68168daedb2c0bab7fd7e00ced5ba90aebf91024dea3c88ad5063c2a562cca",
-                "sha256:bfc4f82cabe54f1e7f206fd3d30fda143f84a63fe7d64a81558d6e5f2e5aaba9",
-                "sha256:c0c18345010870e58238790a6779a1219b4d97bd2e77e1140e8ee5d14df071aa",
-                "sha256:c3bea0ba8b73b71b37ac833a7f3fd53825924165da6a924aec78c13032f20850",
-                "sha256:c486b4106066d502495b3025a0a7251bf37ea9540433940a23419461ab9f2a80",
-                "sha256:c49e15eac7c149f3670b3e27f1f28a2c1ddeccd3a2812cba953e01be2ab9b5fe",
-                "sha256:c6a2b494a76983df8e3d3feea9b9ffdd558b247e60b92f877f93a1ff43d26656",
-                "sha256:cab12877a9bdafde5500206d1020a584355a97884dfd388af3699e9137bf7388",
-                "sha256:cac27dcaa821ca271855a32188aa61d12decb6fe45ffe3e722401fe61e323cd1",
-                "sha256:cdd09d47c0b2efee9378679f8510ee6955d329424c659ab3c5e3a6edea696294",
-                "sha256:cf2430df4148b08fb4324b848672514b1385ae3807651f3567871f130a728cc3",
-                "sha256:d0a3d8d6acf0c78a1fff0e210d224b821081330b8524e3e2bc5a68ef6ab5803d",
-                "sha256:d0c0c0003c10f54a591d220997dd27d953cd9ccc1a7294b40a4be5312be8797b",
-                "sha256:d1f059a4d795e646e1c37665b9d06062c62d0e8cc3c511fe01315973a6542e40",
-                "sha256:d347a741ea871c2e278fde6c48f85136c96b8659b632fb57a7d1ce1872547600",
-                "sha256:d3ee02d9e5f482cc8309134a91eeaacbdd2261ba111b0fef3748eeb4913e6a2c",
-                "sha256:d99ceffa25ac45d150e30bd9ed14ec6039f2aad0ffa6bb87a5936f5782fc1569",
-                "sha256:e38a7d4e8f633a33b4c7350fbd8bad3b70bf81439ac67ac38916c4a86b465456",
-                "sha256:e4682f5ba31f475d58884045c1a97a860a007d44938c4c0895f41d64481edbc9",
-                "sha256:e5bb9425fe881d578aeca0b2b4b3d314ec88738706f66f219c194d67179337cb",
-                "sha256:e64198f6b856d48192bf921421fdd8ad8eb35e179086e99e99f711957ffedd6e",
-                "sha256:e6662686aeb633ad65be2a42b4cb00178b3fbf7b91878f9446075c404ada552f",
-                "sha256:ec54d5afa89c19c6dd8541a133be51ee1017a38b412b1321ccb8d6ddbeb4cf7d",
-                "sha256:f5b1dff3ad008dccf18e652283f5e5339d70bf8ba7c98bf848ac33db10f7bc7a",
-                "sha256:f8ec0c2fea1e886a19c3bee0cd19d862b3aa75dcdfb42ebe8ed30708df64687a",
-                "sha256:f9ebd0a36102fcad2f03696e8af4ae682793a5d30b46c647eaf280d6cfb32796"
+                "sha256:0694219a1d54336fd0445ea382d49d36882415c0134ee1e8332afd1529f0baa5",
+                "sha256:086dd15e9435b393ae06f96ab69ab2d333f5d65cbe65ca5a3ef0ec9564dfe770",
+                "sha256:094ba386bb5c01e54e14434d4caabf6583334090865b23ef58e0424a6286d3dc",
+                "sha256:09da66917262d9481c719599116c7dc0c321ffcec4b1f510c4f8a066f8768105",
+                "sha256:0ecf44ddf9171cd7566ef1768047f6e66975788258b1c6c6ca78098b95cf9a3d",
+                "sha256:0fda75704357805eb953a3ee15a2b240694a9a514548cd49b3c5124b4e2ad01b",
+                "sha256:11a963f8e25ab5c61348d090bf1b07f1953929c13bd2309a0662e9ff680763c9",
+                "sha256:150c39f5b964e4d7dba46a7962a088fbc91f06e606f023ce57bb347a3b2d4630",
+                "sha256:1b9d811f72210fa9306aeb88385b8f8bcef0dfbf3873410413c00aa94c56c2b6",
+                "sha256:1e0eabac536b4cc7f57a5f3d095bfa557860ab912f25965e08fe1545e2ed8b4c",
+                "sha256:22a86d9fff2009302c440b9d799ef2fe322416d2d58fc124b926aa89365ec482",
+                "sha256:22f3470f7524b6da61e2020672df2f3063676aff444db1daa283c2ea4ed259d6",
+                "sha256:263ef5cc10979837f243950637fffb06e8daed7f1ac1e39d5910fd29929e489a",
+                "sha256:283fc8eed679758de38fe493b7d7d84a198b558942b03f017b1f94dda8efae80",
+                "sha256:29171aa128da69afdf4bde412d5bedc335f2ca8fcfe4489038577d05f16181e5",
+                "sha256:298dc6354d414bc921581be85695d18912bea163a8b23cac9a2562bbcd5088b1",
+                "sha256:2aae8101919e8aa05ecfe6322b278f41ce2994c4a430303c4cd163fef746e04f",
+                "sha256:2f4e475a80ecbd15896a976aa0b386c5525d0ed34d5c600b6d3ebac0a67c7ddf",
+                "sha256:34e4af5b27232f68042aa40a91c3b9bb4da0eeb31b7632e0091afc4310afe6cb",
+                "sha256:37f8e93a81fc5e5bd8db7e10e62dc64261bcd88f8d7e6640aaebe9bc180d9ce2",
+                "sha256:3a17d3ede18f9cedcbe23d2daa8a2cd6f59fe2bf082c567e43083bba3fb00347",
+                "sha256:3b1de218d5375cd6ac4b5493e0b9f3df2be331e86520f23382f216c137913d20",
+                "sha256:43f7cd5754d02a56ae4ebb91b33461dc67be8e3e0153f593c509e21d219c5060",
+                "sha256:4558410b7a5607a645e9804a3e9dd509af12fb72b9825b13791a37cd417d73a5",
+                "sha256:4719bb05094d7d8563a450cf8738d2e1061420f79cfcc1fa7f0a44744c4d8f73",
+                "sha256:4bfc2b16e3ba8850e0e262467275dd4d62f0d045e0e9eda2bc65078c0110a11f",
+                "sha256:518440c991f514331f4850a63560321f833979d145d7d81186dbe2f19e27ae3d",
+                "sha256:51f4b32f793812714fd5307222a7f77e739b9bc566dc94a18126aba3b92b98a3",
+                "sha256:531ac6cf22b53e0696f8e1d56ce2396311254eb806111ddd3922c9d937151dae",
+                "sha256:5cd05d0f57846d8ba4b71d9c00f6f37d6b97d5e5ef8b3c3840426a475c8f70f4",
+                "sha256:5dd58946bce44b53b06d94aa95560d0b243eb2fe64227cba50017a8d8b3cd3e2",
+                "sha256:60080bb3d8617d96f0fb7e19796384cc2467447ef1c491694850ebd3670bc457",
+                "sha256:636ba0a77de609d6510235b7f0e77ec494d2657108f777e8765efc060094c98c",
+                "sha256:67d3ccfc590e5e7197750fcb3a2915b416a53e2de847a728cfa60141054123d4",
+                "sha256:68191f80a9bad283432385961d9efe09d783bcd36ed35a60fb1ff3f1ec2efe87",
+                "sha256:7502534e55c7c36c0978c91ba6f61703faf7ce733715ca48f499d3dbbd7657e0",
+                "sha256:7aa47c2e9ea33a4a2a05f40fcd3ea36d73853a2aae7b4feab6fc85f8bf2c9704",
+                "sha256:7d2af3f6b8419661a0c421584cfe8aaec1c0e435ce7e47ee2a97e344b98f794f",
+                "sha256:7e316026cc1095f2a3e8cc012822c99f413b702eaa2ca5408a513609488cb62f",
+                "sha256:88ad44e220e22b63b0f8f81f007e8abbb92874d8ced66f32571ef8beb0643b2b",
+                "sha256:88d1f7bef20c721359d8675f7d9f8e414ec5003d8f642fdfd8087777ff7f94b5",
+                "sha256:89723d2112697feaa320c9d351e5f5e7b841e83f8b143dba8e2d2b5f04e10923",
+                "sha256:8a0ccf52bb37d1a700375a6b395bff5dd15c50acb745f7db30415bae3c2b0715",
+                "sha256:8c2c19dae8a3eb0ea45a8448356ed561be843b13cbc34b840922ddf565498c1c",
+                "sha256:905466ad1702ed4acfd67a902af50b8db1feeb9781436372261808df7a2a7bca",
+                "sha256:9852b76ab558e45b20bf1893b59af64a28bd3820b0c2efc80e0a70a4a3ea51c1",
+                "sha256:98a2636994f943b871786c9e82bfe7883ecdaba2ef5df54e1450fa9869d1f756",
+                "sha256:9aa1a67bbf0f957bbe096375887b2505f5d8ae16bf04488e8b0f334c36e31360",
+                "sha256:9eda5f7a50141291beda3edd00abc2d4a5b16c29c92daf8d5bd76934150f3edc",
+                "sha256:a6d1047952c0b8104a1d371f88f4ab62e6275567d4458c1e26e9627ad489b445",
+                "sha256:a9b6d73353f777630626f403b0652055ebfe8ff142a44ec2cf18ae470395766e",
+                "sha256:a9cc99d6946d750eb75827cb53c4371b8b0fe89c733a94b1573c9dd16ea6c9e4",
+                "sha256:ad83e7545b4ab69216cef4cc47e344d19622e28aabec61574b20257c65466d6a",
+                "sha256:b014333bd0217ad3d54c143de9d4b9a3ca1c5a29a6d0d554952ea071cff0f1f8",
+                "sha256:b43523d7bc2abd757119dbfb38af91b5735eea45537ec6ec3a5ec3f9562a1c53",
+                "sha256:b521dcecebc5b978b447f0f69b5b7f3840eac454862270406a39837ffae4e697",
+                "sha256:b77e27b79448e34c2c51c09836033056a0547aa360c45eeeb67803da7b0eedaf",
+                "sha256:b7a635871143661feccce3979e1727c4e094f2bdfd3ec4b90dfd4f16f571a87a",
+                "sha256:b7fca9205b59c1a3d5031f7e64ed627a1074730a51c2a80e97653e3e9fa0d415",
+                "sha256:ba1b30765a55acf15dce3f364e4928b80858fa8f979ad41f862358939bdd1f2f",
+                "sha256:ba99d8077424501b9616b43a2d208095746fb1284fc5ba490139651f971d39d9",
+                "sha256:c25a8ad70e716f96e13a637802813f65d8a6760ef48672aa3502f4c24ea8b400",
+                "sha256:c3c4a78615b7762740531c27cf46e2f388d8d727d0c0c739e72048beb26c8a9d",
+                "sha256:c40281f7d70baf6e0db0c2f7472b31609f5bc2748fe7275ea65a0b4601d9b392",
+                "sha256:c7ad32824b7f02bb3c9f80306d405a1d9b7bb89362d68b3c5a9be53836caebdb",
+                "sha256:cb3fe77aec8f1995611f966d0c656fdce398317f850d0e6e7aebdfe61f40e1cd",
+                "sha256:cc038b2d8b1470364b1888a98fd22d616fba2b6309c5b5f181ad4483e0017861",
+                "sha256:cc37b9aeebab425f11f27e5e9e6cf580be7206c6582a64467a14dda211abc232",
+                "sha256:cc6bb9aa69aacf0f6032c307da718f61a40cf970849e471254e0e91c56ffca95",
+                "sha256:d126361607b33c4eb7b36debc173bf25d7805847346dd4d99b5499e1fef52bc7",
+                "sha256:d15b274f9e15b1a0b7a45d2ac86d1f634d983ca40d6b886721626c47a400bf39",
+                "sha256:d166eafc19f4718df38887b2bbe1467a4f74a9830e8605089ea7a30dd4da8887",
+                "sha256:d498eea3f581fbe1b34b59c697512a8baef88212f92e4c7830fcc1499f5b45a5",
+                "sha256:d6f7e255e5fa94642a0724e35406e6cb7001c09d476ab5fce002f652b36d0c39",
+                "sha256:d78bd484930c1da2b9679290a41cdb25cc127d783768a0369d6b449e72f88beb",
+                "sha256:d865984b3f71f6d0af64d0d88f5733521698f6c16f445bb09ce746c92c97c586",
+                "sha256:d902a43085a308cef32c0d3aea962524b725403fd9373dea18110904003bac97",
+                "sha256:d94a1db462d5690ebf6ae86d11c5e420042b9898af5dcf278bd97d6bda065423",
+                "sha256:da695d75ac97cb1cd725adac136d25ca687da4536154cdc2815f576e4da11c69",
+                "sha256:db2a0b1857f18b11e3b0e54ddfefc96af46b0896fb678c85f63fb8c37518b3e7",
+                "sha256:df26481f0c7a3f8739fecb3e81bc9da3fcfae34d6c094563b9d4670b047312e1",
+                "sha256:e14b73607d6231f3cc4622809c196b540a6a44e903bcfad940779c80dffa7be7",
+                "sha256:e2610e9406d3b0073636a3a2e80db05a02f0c3169b5632022b4e81c0364bcda5",
+                "sha256:e692296c4cc2873967771345a876bcfc1c547e8dd695c6b89342488b0ea55cd8",
+                "sha256:e693e233ac92ba83a87024e1d32b5f9ab15ca55ddd916d878146f4e3406b5c91",
+                "sha256:e81469f7d01efed9b53740aedd26085f20d49da65f9c1f41e822a33992cb1590",
+                "sha256:e8c7e08bb566de4faaf11984af13f6bcf6a08f327b13631d41d62592681d24fe",
+                "sha256:ed19b3a05ae0c97dd8f75a5d8f21f7723a8c33bbc555da6bbe1f96c470139d3c",
+                "sha256:efb2d82f33b2212898f1659fb1c2e9ac30493ac41e4d53123da374c3b5541e64",
+                "sha256:f44dd4d68697559d007462b0a3a1d9acd61d97072b71f6d1968daef26bc744bd",
+                "sha256:f72cbae7f6b01591f90814250e636065850c5926751af02bb48da94dfced7baa",
+                "sha256:f7bc09bc9c29ebead055bcba136a67378f03d66bf359e87d0f7c759d6d4ffa31",
+                "sha256:ff100b203092af77d1a5a7abe085b3506b7eaaf9abf65b73b7d6905b6cb76988"
            ],
-            "markers": "python_version >= '3.8'",
-            "version": "==2024.5.15"
+            "markers": "python_version >= '3.7'",
+            "version": "==2023.12.25"
        },
        "requests": {
            "hashes": [
-                "sha256:55365417734eb18255590a9ff9eb97e9e1da868d4ccd6402399eaf68af20a760",
-                "sha256:70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6"
+                "sha256:58cd2187c01e70e6e26505bca751777aa9f2ee0b7f4300988b709f44e013003f",
+                "sha256:942c5a758f98d790eaed1a29cb6eefc7ffb0d1cf7af05c3d2791656dbd6ad1e1"
            ],
-            "markers": "python_version >= '3.8'",
-            "version": "==2.32.3"
+            "markers": "python_version >= '3.7'",
+            "version": "==2.31.0"
        },
        "six": {
            "hashes": [
@@ -747,11 +753,11 @@
        },
        "tinycss2": {
            "hashes": [
-                "sha256:152f9acabd296a8375fbca5b84c961ff95971fcfc32e79550c8df8e29118c54d",
-                "sha256:54a8dbdffb334d536851be0226030e9505965bb2f30f21a4a82c55fb2a80fae7"
+                "sha256:2b80a96d41e7c3914b8cda8bc7f705a4d9c49275616e886103dd839dfc847847",
+                "sha256:8cff3a8f066c2ec677c06dbc7b45619804a6938478d9d73c284b29d14ecb0627"
            ],
-            "markers": "python_version >= '3.8'",
-            "version": "==1.3.0"
+            "markers": "python_version >= '3.7'",
+            "version": "==1.2.1"
        },
        "urllib3": {
            "hashes": [
@@ -763,41 +769,38 @@
        },
        "watchdog": {
            "hashes": [
-                "sha256:0144c0ea9997b92615af1d94afc0c217e07ce2c14912c7b1a5731776329fcfc7",
-                "sha256:03e70d2df2258fb6cb0e95bbdbe06c16e608af94a3ffbd2b90c3f1e83eb10767",
-                "sha256:093b23e6906a8b97051191a4a0c73a77ecc958121d42346274c6af6520dec175",
-                "sha256:123587af84260c991dc5f62a6e7ef3d1c57dfddc99faacee508c71d287248459",
-                "sha256:17e32f147d8bf9657e0922c0940bcde863b894cd871dbb694beb6704cfbd2fb5",
-                "sha256:206afc3d964f9a233e6ad34618ec60b9837d0582b500b63687e34011e15bb429",
-                "sha256:4107ac5ab936a63952dea2a46a734a23230aa2f6f9db1291bf171dac3ebd53c6",
-                "sha256:4513ec234c68b14d4161440e07f995f231be21a09329051e67a2118a7a612d2d",
-                "sha256:611be3904f9843f0529c35a3ff3fd617449463cb4b73b1633950b3d97fa4bfb7",
-                "sha256:62c613ad689ddcb11707f030e722fa929f322ef7e4f18f5335d2b73c61a85c28",
-                "sha256:667f3c579e813fcbad1b784db7a1aaa96524bed53437e119f6a2f5de4db04235",
-                "sha256:6e8c70d2cd745daec2a08734d9f63092b793ad97612470a0ee4cbb8f5f705c57",
-                "sha256:7577b3c43e5909623149f76b099ac49a1a01ca4e167d1785c76eb52fa585745a",
-                "sha256:998d2be6976a0ee3a81fb8e2777900c28641fb5bfbd0c84717d89bca0addcdc5",
-                "sha256:a3c2c317a8fb53e5b3d25790553796105501a235343f5d2bf23bb8649c2c8709",
-                "sha256:ab998f567ebdf6b1da7dc1e5accfaa7c6992244629c0fdaef062f43249bd8dee",
-                "sha256:ac7041b385f04c047fcc2951dc001671dee1b7e0615cde772e84b01fbf68ee84",
-                "sha256:bca36be5707e81b9e6ce3208d92d95540d4ca244c006b61511753583c81c70dd",
-                "sha256:c9904904b6564d4ee8a1ed820db76185a3c96e05560c776c79a6ce5ab71888ba",
-                "sha256:cad0bbd66cd59fc474b4a4376bc5ac3fc698723510cbb64091c2a793b18654db",
-                "sha256:d10a681c9a1d5a77e75c48a3b8e1a9f2ae2928eda463e8d33660437705659682",
-                "sha256:d4925e4bf7b9bddd1c3de13c9b8a2cdb89a468f640e66fbfabaf735bd85b3e35",
-                "sha256:d7b9f5f3299e8dd230880b6c55504a1f69cf1e4316275d1b215ebdd8187ec88d",
-                "sha256:da2dfdaa8006eb6a71051795856bedd97e5b03e57da96f98e375682c48850645",
-                "sha256:dddba7ca1c807045323b6af4ff80f5ddc4d654c8bce8317dde1bd96b128ed253",
-                "sha256:e7921319fe4430b11278d924ef66d4daa469fafb1da679a2e48c935fa27af193",
-                "sha256:e93f451f2dfa433d97765ca2634628b789b49ba8b504fdde5837cdcf25fdb53b",
-                "sha256:eebaacf674fa25511e8867028d281e602ee6500045b57f43b08778082f7f8b44",
-                "sha256:ef0107bbb6a55f5be727cfc2ef945d5676b97bffb8425650dadbb184be9f9a2b",
-                "sha256:f0de0f284248ab40188f23380b03b59126d1479cd59940f2a34f8852db710625",
-                "sha256:f27279d060e2ab24c0aa98363ff906d2386aa6c4dc2f1a374655d4e02a6c5e5e",
-                "sha256:f8affdf3c0f0466e69f5b3917cdd042f89c8c63aebdb9f7c078996f607cdb0f5"
+                "sha256:11e12fafb13372e18ca1bbf12d50f593e7280646687463dd47730fd4f4d5d257",
+                "sha256:2895bf0518361a9728773083908801a376743bcc37dfa252b801af8fd281b1ca",
+                "sha256:39cb34b1f1afbf23e9562501673e7146777efe95da24fab5707b88f7fb11649b",
+                "sha256:45cc09cc4c3b43fb10b59ef4d07318d9a3ecdbff03abd2e36e77b6dd9f9a5c85",
+                "sha256:4986db5e8880b0e6b7cd52ba36255d4793bf5cdc95bd6264806c233173b1ec0b",
+                "sha256:5369136a6474678e02426bd984466343924d1df8e2fd94a9b443cb7e3aa20d19",
+                "sha256:557ba04c816d23ce98a06e70af6abaa0485f6d94994ec78a42b05d1c03dcbd50",
+                "sha256:6a4db54edea37d1058b08947c789a2354ee02972ed5d1e0dca9b0b820f4c7f92",
+                "sha256:6a80d5cae8c265842c7419c560b9961561556c4361b297b4c431903f8c33b269",
+                "sha256:6a9c71a0b02985b4b0b6d14b875a6c86ddea2fdbebd0c9a720a806a8bbffc69f",
+                "sha256:6c47bdd680009b11c9ac382163e05ca43baf4127954c5f6d0250e7d772d2b80c",
+                "sha256:6e949a8a94186bced05b6508faa61b7adacc911115664ccb1923b9ad1f1ccf7b",
+                "sha256:73c7a935e62033bd5e8f0da33a4dcb763da2361921a69a5a95aaf6c93aa03a87",
+                "sha256:76ad8484379695f3fe46228962017a7e1337e9acadafed67eb20aabb175df98b",
+                "sha256:8350d4055505412a426b6ad8c521bc7d367d1637a762c70fdd93a3a0d595990b",
+                "sha256:87e9df830022488e235dd601478c15ad73a0389628588ba0b028cb74eb72fed8",
+                "sha256:8f9a542c979df62098ae9c58b19e03ad3df1c9d8c6895d96c0d51da17b243b1c",
+                "sha256:8fec441f5adcf81dd240a5fe78e3d83767999771630b5ddfc5867827a34fa3d3",
+                "sha256:9a03e16e55465177d416699331b0f3564138f1807ecc5f2de9d55d8f188d08c7",
+                "sha256:ba30a896166f0fee83183cec913298151b73164160d965af2e93a20bbd2ab605",
+                "sha256:c17d98799f32e3f55f181f19dd2021d762eb38fdd381b4a748b9f5a36738e935",
+                "sha256:c522392acc5e962bcac3b22b9592493ffd06d1fc5d755954e6be9f4990de932b",
+                "sha256:d0f9bd1fd919134d459d8abf954f63886745f4660ef66480b9d753a7c9d40927",
+                "sha256:d18d7f18a47de6863cd480734613502904611730f8def45fc52a5d97503e5101",
+                "sha256:d31481ccf4694a8416b681544c23bd271f5a123162ab603c7d7d2dd7dd901a07",
+                "sha256:e3e7065cbdabe6183ab82199d7a4f6b3ba0a438c5a512a68559846ccb76a78ec",
+                "sha256:eed82cdf79cd7f0232e2fdc1ad05b06a5e102a43e331f7d041e5f0e0a34a51c4",
+                "sha256:f970663fa4f7e80401a7b0cbeec00fa801bf0287d93d48368fc3e6fa32716245",
+                "sha256:f9b2fdca47dc855516b2d66eef3c39f2672cbf7e7a42e7e67ad2cbfcd6ba107d"
            ],
            "markers": "python_version >= '3.8'",
-            "version": "==4.0.1"
+            "version": "==4.0.0"
        },
        "webencodings": {
            "hashes": [
--- a/README.md
+++ b/README.md
@@ -211,7 +211,7 @@ Privacy Guides wouldn't be possible without these wonderful people ([emoji key](
      <td align="center" valign="top" width="20%"><a rel="nofollow noopener noreferrer" href="https://thenewoil.org/"><img src="https://avatars.githubusercontent.com/u/133825060?v=4" width="100px;" loading=lazy /><br /><sub><b>Nate Bartram</b></sub></a><br /><a href="#blog-tnonate" title="Blogposts">📝</a></td>
    </tr>
    <tr>
-      <td align="center" valign="top" width="20%"><a rel="nofollow noopener noreferrer" href="https://www.samhowell.uk/"><img src="https://avatars.githubusercontent.com/u/10137?v=4" width="100px;" loading=lazy /><br /><sub><b>Sam Howell</b></sub></a><br /><a href="#blog-5amm" title="Blogposts">📝</a></td>
+      <td align="center" valign="top" width="20%"><a rel="nofollow noopener noreferrer" href="https://www.samhowell.uk/"><img src="https://www.samhowell.uk/images/avatar-main.png" width="100px;" loading=lazy /><br /><sub><b>Sam Howell</b></sub></a><br /><a href="#blog-5amm" title="Blogposts">📝</a></td>
      <td align="center" valign="top" width="20%"><a rel="nofollow noopener noreferrer" href="https://github.com/asddsaz"><img src="https://avatars.githubusercontent.com/u/42685606?v=4" width="100px;" loading=lazy /><br /><sub><b>asddsaz</b></sub></a><br /><a href="https://github.com/privacyguides/privacyguides.org/commits?author=asddsaz" title="Documentation">📖</a></td>
      <td align="center" valign="top" width="20%"><a rel="nofollow noopener noreferrer" href="https://github.com/hugoncosta"><img src="https://avatars.githubusercontent.com/u/29380568?v=4" width="100px;" loading=lazy /><br /><sub><b>Hugo Costa</b></sub></a><br /><a href="https://github.com/privacyguides/privacyguides.org/commits?author=hugoncosta" title="Documentation">📖</a></td>
      <td align="center" valign="top" width="20%"><a rel="nofollow noopener noreferrer" href="https://github.com/C-O-M-P-A-R-T-M-E-N-T-A-L-I-Z-A-T-I-O-N"><img src="https://avatars.githubusercontent.com/u/30232065?v=4" width="100px;" loading=lazy /><br /><sub><b>C-O-M-P-A-R-T-M-E-N-T-A-L-I-Z-A-T-I-O-N</b></sub></a><br /><a href="https://github.com/privacyguides/privacyguides.org/commits?author=C-O-M-P-A-R-T-M-E-N-T-A-L-I-Z-A-T-I-O-N" title="Documentation">📖</a></td>
@@ -571,14 +571,13 @@ Privacy Guides wouldn't be possible without these wonderful people ([emoji key](
      <td align="center" valign="top" width="20%"><a rel="nofollow noopener noreferrer" href="https://github.com/FishCoding"><img src="https://avatars.githubusercontent.com/u/16527725?v=4" width="100px;" loading=lazy /><br /><sub><b>Mario</b></sub></a><br /><a href="https://github.com/privacyguides/privacyguides.org/commits?author=FishCoding" title="Documentation">📖</a></td>
      <td align="center" valign="top" width="20%"><a rel="nofollow noopener noreferrer" href="https://skye.sh/"><img src="https://avatars.githubusercontent.com/u/48442092?v=4" width="100px;" loading=lazy /><br /><sub><b>skye</b></sub></a><br /><a href="#question-dioxias" title="Answering Questions">💬</a></td>
      <td align="center" valign="top" width="20%"><a rel="nofollow noopener noreferrer" href="https://github.com/r2fo"><img src="https://avatars.githubusercontent.com/u/50496756?v=4" width="100px;" loading=lazy /><br /><sub><b>r2fo</b></sub></a><br /><a href="#translation-r2fo" title="Translation">🌍</a></td>
-      <td align="center" valign="top" width="20%"><a rel="nofollow noopener noreferrer" href="https://lamtrinh.dev/"><img src="https://avatars.githubusercontent.com/u/49742151?v=4" width="100px;" loading=lazy /><br /><sub><b>LamTrinh.Dev</b></sub></a><br /><a href="https://github.com/privacyguides/privacyguides.org/commits?author=lamtrinhdev" title="Documentation">📖</a> <a href="https://github.com/privacyguides/privacyguides.org/issues?q=author%3Alamtrinhdev" title="Bug reports">🐛</a> <a href="#question-lamtrinhdev" title="Answering Questions">💬</a></td>
+      <td align="center" valign="top" width="20%"><a rel="nofollow noopener noreferrer" href="https://lamtrinh.dev/"><img src="https://avatars.githubusercontent.com/u/49742151?v=4" width="100px;" loading=lazy /><br /><sub><b>LamTrinh.Dev</b></sub></a><br /><a href="https://github.com/privacyguides/privacyguides.org/commits?author=lamtrinhdev" title="Documentation">📖</a></td>
      <td align="center" valign="top" width="20%"><a rel="nofollow noopener noreferrer" href="https://discuss.privacyguides.net/u/frostlike"><img src="https://forum-cdn.privacyguides.net/user_avatar/discuss.privacyguides.net/frostlike/288/3600_2.png" width="100px;" loading=lazy /><br /><sub><b>frostlike</b></sub></a><br /><a href="#question" title="Answering Questions">💬</a></td>
    </tr>
    <tr>
      <td align="center" valign="top" width="20%"><a rel="nofollow noopener noreferrer" href="https://scholz.ruhr/"><img src="https://avatars.githubusercontent.com/u/21988035?v=4" width="100px;" loading=lazy /><br /><sub><b>Merlin Scholz</b></sub></a><br /><a href="#translation-merlinscholz" title="Translation">🌍</a></td>
      <td align="center" valign="top" width="20%"><a rel="nofollow noopener noreferrer" href="https://jordanwarne.net/"><img src="https://avatars.githubusercontent.com/u/154663344?v=4" width="100px;" loading=lazy /><br /><sub><b>jordan warne</b></sub></a><br /><a href="https://github.com/privacyguides/privacyguides.org/commits?author=jordan-warne" title="Documentation">📖</a></td>
      <td align="center" valign="top" width="20%"><a rel="nofollow noopener noreferrer" href="https://github.com/Dzenan"><img src="https://avatars.githubusercontent.com/u/69632324?v=4" width="100px;" loading=lazy /><br /><sub><b>Dženan</b></sub></a><br /><a href="#translation-dzenan" title="Translation">🌍</a></td>
-      <td align="center" valign="top" width="20%"><a rel="nofollow noopener noreferrer" href="https://jxtsai.info"><img src="https://avatars.githubusercontent.com/u/8361268?v=4" width="100px;" loading=lazy /><br /><sub><b>jx tsai</b></sub></a><br /><a href="#translation-jxtsai" title="Translation">🌍</a></td>
    </tr>
  </tbody>
  <tfoot>
--- a/docs/about/donate.md
+++ b/docs/about/donate.md
@@ -4,20 +4,19 @@ title: Supporting Us
 <!-- markdownlint-disable MD036 -->
 It takes a lot of [people](contributors.md) and [work](https://github.com/privacyguides/privacyguides.org/pulse/monthly) to keep Privacy Guides up to date and spreading the word about privacy and mass surveillance. If you like what we do, consider getting involved by [editing the site](https://github.com/privacyguides/privacyguides.org) or [contributing translations](https://crowdin.com/project/privacyguides).

-## Donate
+<div class="admonition failure" markdown>
+<p class="admonition-title">Donation Information</p>

-Currently, the best way to support our work is to send a monthly or one-time contribution via GitHub Sponsors. We will be able to accept donations via alternate payment platforms very soon.
+Unfortunately, Open Collective Foundation (our long-time fiscal host) announced they are dissolving their operations and can no longer support us or any project they host. Thus, we have no way to accept donations at this time. We are looking into ways to move forward from a legal perspective, but in the meantime any non-monetary contribution you can provide would be greatly appreciated.

-[:material-heart:{ .pg-red } Sponsor us on GitHub](https://github.com/sponsors/privacyguides){ class="md-button md-button--primary" }
-
-We are also working with our fiscal host to receive cryptocurrency donations, at the moment the accounting is unfeasible for many smaller transactions, but this should change in the near future. In the meantime, if you still wish to make a cryptocurrency donation, please reach out to [jonah@privacyguides.org](mailto:jonah@privacyguides.org) to arrange a transaction.
-
-## Merchandise
+</div>

 Another option to support us is by buying our merchandise from HelloTux. We get a small commission for each item sold, and you get a quality product to show for it.

 [Buy on HelloTux.com](https://hellotux.com/privacyguides){ class="md-button" }

+Thank you to all those who support our mission! :heart:
+
 ## How We Use Donations

 Privacy Guides is a **non-profit** organization. We use donations for a variety of purposes, including:
@@ -38,6 +37,4 @@ Privacy Guides is a **non-profit** organization. We use donations for a variety

 :   We occasionally purchase products and services for the purposes of testing our [recommended tools](../tools.md).

-Your donation will go to a dedicated fund within [MAGIC Grants](https://magicgrants.org/), a 501(c)(3) organization. The funds will only be used for this project specifically. You may qualify for a tax deduction. If you need a donation receipt, please email <info@magicgrants.org>.
-
-Thank you to all those who support our mission! :material-heart:{ .pg-red }
+We are still working with our fiscal host (the Open Collective Foundation) to receive cryptocurrency donations, at the moment the accounting is unfeasible for many smaller transactions, but this should change in the future. In the meantime, if you wish to make a sizable (> $100) cryptocurrency donation, please reach out to [jonah@privacyguides.org](mailto:jonah@privacyguides.org).
--- a/docs/about/statistics.md
+++ b/docs/about/statistics.md
@@ -2,14 +2,13 @@
 title: Traffic Statistics
 ---
 <!-- markdownlint-disable MD051 -->
-We self-host [Umami](https://umami.is) to create a nice visualization of our traffic statistics, which are public at the link below.
-
-[View Statistics](https://stats.privacyguides.net/share/nVWjyd2QfgOPBhMF/www.privacyguides.org){ .md-button .md-button--primary }
-
-With this process:
+We self-host [Umami](https://umami.is) to create a nice visualization of our traffic statistics, which are public at the link below. With this process:

 - Your information is never shared with a third-party, it stays on servers we control
 - Your personal data is never saved, we only collect data in aggregate
- No client-side JavaScript is used
+- No client-side JavaScript is required

-Because of these facts, keep in mind our statistics may be inaccurate. It is a useful tool to compare different dates with each other and analyze overall trends, but the actual numbers may be far off from reality. In other words they're *precise* statistics, but not *accurate* statistics.
+Because of these facts, keep in mind our statistics may be inaccurate. It is a useful tool to compare different dates with each other and analyze overall trends, but the actual numbers may be far off from reality. They're *precise* statistics, but not *accurate* statistics.
+
+[View Statistics](https://stats.privacyguides.net/share/nVWjyd2QfgOPBhMF/www.privacyguides.org){ .md-button .md-button--primary }
+[Opt-Out](#__consent){ .md-button }
--- a/docs/advanced/dns-overview.md
+++ b/docs/advanced/dns-overview.md
@@ -66,7 +66,7 @@ An observer could modify any of these packets.

 ## What is "encrypted DNS"?

-Encrypted DNS can refer to one of a number of protocols, the most common ones being [DNSCrypt](#dnscrypt), [DNS over TLS](#dns-over-tls-dot), and [DNS over HTTPS](#dns-over-https-doh).
+Encrypted DNS can refer to one of a number of protocols, the most common ones being:

 ### DNSCrypt

@@ -78,7 +78,7 @@ Encrypted DNS can refer to one of a number of protocols, the most common ones be

 ### DNS over HTTPS (DoH)

-[**DNS over HTTPS**](https://en.wikipedia.org/wiki/DNS_over_HTTPS), as defined in [RFC 8484](https://datatracker.ietf.org/doc/html/rfc8484), packages queries in the [HTTP/2](https://en.wikipedia.org/wiki/HTTP/2) protocol and provides security with HTTPS. Support was first added in web browsers such as Firefox 60 and Chrome 83.
+[**DNS over HTTPS**](https://en.wikipedia.org/wiki/DNS_over_HTTPS) as defined in [RFC 8484](https://datatracker.ietf.org/doc/html/rfc8484) packages queries in the [HTTP/2](https://en.wikipedia.org/wiki/HTTP/2) protocol and provides security with HTTPS. Support was first added in web browsers such as Firefox 60 and Chrome 83.

 Native implementation of DoH showed up in iOS 14, macOS 11, Microsoft Windows, and Android 13 (however, it won't be enabled [by default](https://android-review.googlesource.com/c/platform/packages/modules/DnsResolver/+/1833144)). General Linux desktop support is waiting on the systemd [implementation](https://github.com/systemd/systemd/issues/8639) so [installing third-party software is still required](../dns.md#encrypted-dns-proxies).

@@ -98,7 +98,7 @@ Apple does not provide a native interface for creating encrypted DNS profiles. [

 #### Linux

-`systemd-resolved`, which many Linux distributions use to do their DNS lookups, doesn't yet [support DoH](https://github.com/systemd/systemd/issues/8639). If you want to use DoH, you'll need to install a proxy like [dnscrypt-proxy](../dns.md#dnscrypt-proxy) and [configure it](https://wiki.archlinux.org/title/Dnscrypt-proxy) to take all the DNS queries from your system resolver and forward them over HTTPS.
+`systemd-resolved`, which many Linux distributions use to do their DNS lookups, doesn't yet [support DoH](https://github.com/systemd/systemd/issues/8639). If you want to use DoH, you'll need to install a proxy like [dnscrypt-proxy](https://github.com/DNSCrypt/dnscrypt-proxy) and [configure it](https://wiki.archlinux.org/title/Dnscrypt-proxy) to take all the DNS queries from your system resolver and forward them over HTTPS.

 ## What can an outside party see?

@@ -128,7 +128,7 @@ We can see the [connection establishment](https://en.wikipedia.org/wiki/Transmis

 ## Why **shouldn't** I use encrypted DNS?

-In locations where there is internet filtering (or censorship), visiting forbidden resources may have its own consequences which you should consider in your [threat model](../basics/threat-modeling.md). We do **not** suggest the use of encrypted DNS for this purpose. Use [Tor](../advanced/tor-overview.md) or a [VPN](../vpn.md) instead. If you're using a VPN, you should use your VPN's DNS servers. When using a VPN, you are already trusting them with all your network activity.
+In locations where there is internet filtering (or censorship), visiting forbidden resources may have its own consequences which you should consider in your [threat model](../basics/threat-modeling.md). We do **not** suggest the use of encrypted DNS for this purpose. Use [Tor](https://torproject.org) or a [VPN](../vpn.md) instead. If you're using a VPN, you should use your VPN's DNS servers. When using a VPN, you are already trusting them with all your network activity.

 When we do a DNS lookup, it's generally because we want to access a resource. Below, we will discuss some of the methods that may disclose your browsing activities even when using encrypted DNS:

--- a/docs/advanced/payments.md
+++ b/docs/advanced/payments.md
@@ -16,7 +16,7 @@ Despite this, it’s typically the best option.

 It’s relatively simple to purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually don’t have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout to reduce fraud.

-Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (e.g.: from Visa or Mastercard) usually have limits of up to $1,000 per card.
+Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (eg: from Visa or Mastercard) usually have limits of up to $1,000 per card.

 Gift cards have the downside of being subject to merchant policies, which can have terrible terms and restrictions. For example, some merchants don’t accept payment in gift cards exclusively, or they may cancel the value of the card if they consider you to be a high-risk user. Once you have merchant credit, the merchant has a strong degree of control over this credit.

@@ -57,7 +57,7 @@ Additionally, many if not most cryptocurrencies are scams. Make transactions car

 There are a number of cryptocurrency projects which purport to provide privacy by making transactions anonymous. We recommend using one which provides transaction anonymity **by default** to avoid operational errors.

- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../cryptocurrency.md#monero)
+- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../cryptocurrency.md#coins)

 Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can break Bitcoin Lightning Network and/or Monero's transaction privacy. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million for tools which purport to do so (it is unknown which cryptocurrency network these tools target). Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins only succeed in thwarting mass surveillance.

@@ -75,7 +75,7 @@ With cryptocurrency there are two forms of wallets: custodial wallets and noncus

 ### Acquisition

-Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces, platforms which facilitate trades between people, are one option that can be used. If using an exchange which requires KYC is an acceptable risk for you as long as subsequent transactions can't be traced, a much easier option is to purchase Monero on an exchange like [Kraken](https://kraken.com), or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own noncustodial wallet to use privately from that point forward.
+Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces like [LocalMonero](https://localmonero.co), a platform which facilitates trades between people, are one option that can be used. If using an exchange which requires KYC is an acceptable risk for you as long as subsequent transactions can't be traced, a much easier option is to purchase Monero on an exchange like [Kraken](https://kraken.com), or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own noncustodial wallet to use privately from that point forward.

 If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall.

--- a/docs/android.md
+++ b/docs/android.md
@@ -98,7 +98,7 @@ We recommend installing one of these custom Android operating systems on your de
 <div class="admonition note" markdown>
 <p class="admonition-title">Note</p>

-End-of-life devices (such as GrapheneOS's or CalyxOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.
+End-of-life devices (such as GrapheneOS or CalyxOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.

 </div>

--- a/docs/basics/common-misconceptions.md
+++ b/docs/basics/common-misconceptions.md
@@ -88,7 +88,7 @@ One of the clearest threat models is one where people *know who you are* and one

 2. **Unknown identity** - An unknown identity could be a stable pseudonym that you regularly use. It is not anonymous because it doesn't change. If you're part of an online community, you may wish to retain a persona that others know. This pseudonym isn't anonymous because—if monitored for long enough—details about the owner can reveal further information, such as the way they write, their general knowledge about topics of interest, etc.

-    You may wish to use a VPN for this, to mask your IP address. Financial transactions are more difficult to mask: You could consider using anonymous cryptocurrencies, such as [Monero](../cryptocurrency.md#monero). Employing altcoin shifting may also help to disguise where your currency originated. Typically, exchanges require KYC (know your customer) to be completed before they'll allow you to exchange fiat currency into any kind of cryptocurrency. Local meet-up options may also be a solution; however, those are often more expensive and sometimes also require KYC.
+    You may wish to use a VPN for this, to mask your IP address. Financial transactions are more difficult to mask: You could consider using anonymous cryptocurrencies, such as [Monero](https://getmonero.org). Employing altcoin shifting may also help to disguise where your currency originated. Typically, exchanges require KYC (know your customer) to be completed before they'll allow you to exchange fiat currency into any kind of cryptocurrency. Local meet-up options may also be a solution; however, those are often more expensive and sometimes also require KYC.

 3. **Anonymous identity** - Even with experience, anonymous identities are difficult to maintain over long periods of time. They should be short-term and short-lived identities which are rotated regularly.

--- a/docs/basics/common-threats.md
+++ b/docs/basics/common-threats.md
@@ -126,7 +126,7 @@ Governments often justify mass surveillance programs as necessary means to comba
 <div class="admonition quote" markdown>
 <p class="admonition-title">ACLU: <em><a href="https://aclu.org/news/national-security/the-privacy-lesson-of-9-11-mass-surveillance-is-not-the-way-forward">The Privacy Lesson of 9/11: Mass Surveillance is Not the Way Forward</a></em></p>

-In the face of Edward Snowden's disclosures of government programs such as [PRISM](https://en.wikipedia.org/wiki/PRISM) and [Upstream](https://en.wikipedia.org/wiki/Upstream_collection), intelligence officials also admitted that the NSA had for years been secretly collecting records about virtually every American’s phone calls — who’s calling whom, when those calls are made, and how long they last. This kind of information, when amassed by the NSA day after day, can reveal incredibly sensitive details about people’s lives and associations, such as whether they have called a pastor, an abortion provider, an addiction counselor, or a suicide hotline.
+In the face of [Edward Snowden's disclosures of government programs such as [PRISM](https://en.wikipedia.org/wiki/PRISM) and [Upstream](https://en.wikipedia.org/wiki/Upstream_collection)], intelligence officials also admitted that the NSA had for years been secretly collecting records about virtually every American’s phone calls — who’s calling whom, when those calls are made, and how long they last. This kind of information, when amassed by the NSA day after day, can reveal incredibly sensitive details about people’s lives and associations, such as whether they have called a pastor, an abortion provider, an addiction counselor, or a suicide hotline.

 </div>

--- a/docs/basics/email-security.md
+++ b/docs/basics/email-security.md
@@ -33,7 +33,7 @@ Email providers which allow you to use standard access protocols like IMAP and S

 ### How Do I Protect My Private Keys?

-A smartcard (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smartcard and the decrypted content is sent back to the device.
+A smartcard (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](https://nitrokey.com)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smartcard and the decrypted content is sent back to the device.

 It is advantageous for the decryption to occur on the smartcard to avoid possibly exposing your private key to a compromised device.

--- a/docs/basics/multi-factor-authentication.md
+++ b/docs/basics/multi-factor-authentication.md
@@ -35,7 +35,7 @@ Unlike [WebAuthn](#fido-fast-identity-online), TOTP offers no protection against

 An adversary could set up a website to imitate an official service in an attempt to trick you into giving out your username, password and current TOTP code. If the adversary then uses those recorded credentials they may be able to log into the real service and hijack the account.

-Although not perfect, TOTP is secure enough for most people, and when [hardware security keys](../security-keys.md) are not supported [authenticator apps](../multi-factor-authentication.md) are still a good option.
+Although not perfect, TOTP is secure enough for most people, and when [hardware security keys](../multi-factor-authentication.md#hardware-security-keys) are not supported [authenticator apps](../multi-factor-authentication.md#authenticator-apps) are still a good option.

 ### Hardware security keys

@@ -101,7 +101,7 @@ When configuring your MFA method, keep in mind that it is only as secure as your

 You should always have backups for your MFA method. Hardware security keys can get lost, stolen or simply stop working over time. It is recommended that you have a pair of hardware security keys with the same access to your accounts instead of just one.

-When using TOTP with an authenticator app, be sure to back up your recovery keys or the app itself, or copy the "shared secrets" to another instance of the app on a different phone or to an encrypted container (e.g. [VeraCrypt](../encryption.md#veracrypt-disk)).
+When using TOTP with an authenticator app, be sure to back up your recovery keys or the app itself, or copy the "shared secrets" to another instance of the app on a different phone or to an encrypted container (e.g. [VeraCrypt](../encryption.md#veracrypt)).

 ### Initial Set Up

@@ -119,6 +119,10 @@ If you use SMS MFA, use a carrier who will not switch your phone number to a new

 Beyond just securing your website logins, multi-factor authentication can be used to secure your local logins, SSH keys or even password databases as well.

+### Windows
+
+Yubico has a dedicated [Credential Provider](https://learn.microsoft.com/windows/win32/secauthn/credential-providers-in-windows) that adds Challenge-Response authentication for the username + password login flow for local Windows accounts. If you have a YubiKey with Challenge-Response authentication support, take a look at the [Yubico Login for Windows Configuration Guide](https://support.yubico.com/hc/articles/360013708460-Yubico-Login-for-Windows-Configuration-Guide), which will allow you to set up MFA on your Windows computer.
+
 ### macOS

 macOS has [native support](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) for authentication with smart cards (PIV). If you have a smartcard or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smartcard/hardware security vendor's documentation and set up second factor authentication for your macOS computer.
--- a/docs/basics/passwords-overview.md
+++ b/docs/basics/passwords-overview.md
@@ -164,7 +164,7 @@ There are many good options to choose from, both cloud-based and local. Choose o
 <div class="admonition warning" markdown>
 <p class="admonition-title">Don't place your passwords and TOTP tokens inside the same password manager</p>

-When using [TOTP codes as multi-factor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
+When using TOTP codes as [multi-factor authentication](../multi-factor-authentication.md), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md#authenticator-apps).

 Storing your TOTP tokens in the same place as your passwords, while convenient, reduces the accounts to a single factor in the event that an adversary gains access to your password manager.

--- a/docs/calendar.md
+++ b/docs/calendar.md
@@ -10,8 +10,7 @@ Calendars contain some of your most sensitive data; use products that implement

 <div class="admonition recommendation" markdown>

-![Tuta logo](assets/img/email/tuta.svg#only-light){ align=right }
-![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ align=right }
+![Tuta logo](assets/img/calendar/tuta.svg){ align=right }

 **Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multi-factor authentication, and [more](https://tuta.com/calendar-app-comparison).

@@ -28,9 +27,9 @@ Multiple calendars and extended sharing functionality is limited to paid subscri

 - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=de.tutao.tutanota)
 - [:simple-appstore: App Store](https://apps.apple.com/app/id922429609)
- [:simple-windows11: Windows](https://tuta.com/blog/desktop-clients)
- [:simple-apple: macOS](https://tuta.com/blog/desktop-clients)
- [:simple-linux: Linux](https://tuta.com/blog/desktop-clients)
+- [:simple-windows11: Windows](https://tuta.com/blog/posts/desktop-clients)
+- [:simple-apple: macOS](https://tuta.com/blog/posts/desktop-clients)
+- [:simple-linux: Linux](https://tuta.com/blog/posts/desktop-clients)
 - [:simple-flathub: Flathub](https://flathub.org/apps/com.tutanota.Tutanota)
 - [:octicons-browser-16: Web](https://app.tuta.com)

@@ -62,7 +61,7 @@ Multiple calendars and extended sharing functionality is limited to paid subscri

 </div>

-Unfortunately, as of May 2024 Proton has [still](https://discuss.privacyguides.net/t/proton-calendar-is-not-open-source-mobile/14656/8) not released the source code for their mobile Calendar app on Android or iOS, and only the former has been [audited](https://proton.me/blog/security-audit-all-proton-apps). Proton Calendar's web client is open source, however, and has been [audited](https://proton.me/community/open-source).
+Unfortunately, as of January 2024 Proton has [still](https://discuss.privacyguides.net/t/proton-calendar-is-not-open-source-mobile/14656/8) not released the source code for their mobile Calendar app on Android or iOS. Proton Calendar's web client is open source.

 ## Criteria

--- a/docs/cloud.md
+++ b/docs/cloud.md
@@ -41,7 +41,9 @@ Nextcloud is [still a recommended tool](productivity.md) for self-hosting a file

 </div>

-The Proton Drive web application has been independently audited by Securitum in [2021](https://proton.me/community/open-source).
+The Proton Drive web application has been independently audited by Securitum in [2021](https://proton.me/blog/security-audit-all-proton-apps), full details were not made available, but Securitum's letter of attestation states:
+
+> Auditors identified two low-severity vulnerabilities. Additionally, five general recommendations were reported. At the same time, we confirm that no important security issues were identified during the pentest.

 Proton Drive's brand new mobile clients have not yet been publicly audited by a third party.

@@ -125,7 +127,7 @@ Also, the Android app is not available but it is [in the works](https://discuss.

 - Must enforce end-to-end encryption.
 - Must offer a free plan or trial period for testing.
- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multi-factor authentication, or Passkey logins.
 - Must offer a web interface which supports basic file management functionality.
 - Must allow for easy exports of all files/documents.
 - Must use standard, audited encryption.
--- a/docs/desktop-browsers.md
+++ b/docs/desktop-browsers.md
@@ -141,7 +141,7 @@ Firefox includes a unique [download token](https://bugzilla.mozilla.org/show_bug

 ### Recommended Firefox Configuration

-These options can be found in :material-menu: → **Settings**.
+These options can be found in :material-menu: → **Settings**

 #### Search

@@ -271,7 +271,7 @@ Shields' options can be downgraded on a per-site basis as needed, but by default
 <div class="annotate" markdown>

 - [x] Select **Prevent sites from fingerprinting me based on my language preferences**
- [x] Select **Aggressive** under *Trackers & ads blocking*
+- [x] Select **Aggressive** under Trackers & ads blocking

 <details class="warning" markdown>
 <summary>Use default filter lists</summary>
@@ -280,9 +280,9 @@ Brave allows you to select additional content filters within the internal `brave

 </details>

- [x] Select **Strict** under *Upgrade connections to HTTPS*
+- [x] Select **Strict** under **Upgrade connections to HTTPS**
 - [x] (Optional) Select **Block Scripts** (1)
- [x] Select **Strict, may break sites** under *Block fingerprinting*
+- [x] Select **Strict, may break sites** under Block fingerprinting
 - [x] Check **Forget me when I close this site** (2)
 - [ ] Uncheck all social media components

@@ -309,7 +309,7 @@ Brave allows you to select additional content filters within the internal `brave
 <div class="admonition tip" markdown>
 <p class="admonition-title">Sanitizing on close</p>

- [x] In the *Sites and Shields Settings* menu, under Content, after clicking on the *On-device site data* menu, select **Delete data sites have saved to your device when you close all windows**.
+- [x] In the *Sites and Shields Settings* menu, under Content, after clicking on the *On-device site data* menu, select **Delete data sites have saved to your device when you close all windows**

 If you wish to stay logged in to a particular site you visit often, you can set exceptions on a per-site basis under the *Customized behaviors* section.

@@ -317,14 +317,17 @@ If you wish to stay logged in to a particular site you visit often, you can set

 ##### Extensions

- [ ] Uncheck all built-in extensions you do not use
+Disable built-in extensions you do not use in **Extensions**
+
+- [ ] Uncheck **Hangouts**
+- [ ] Uncheck **WebTorrent**

 ##### Web3

 Brave's Web3 features can potentially add to your browser fingerprint and attack surface. Unless you use any of features, they should be disabled.

- Select **Extensions (no fallback)** under *Default Ethereum wallet* and *Default Solana wallet*
- Set *Method to resolve IPFS resources* to **Disabled**
+- Select **Extensions (no fallback)** under Default Ethereum wallet and Default Solana wallet
+- Set **Method to resolve IPFS resources** to **Disabled**

 ##### System

@@ -342,7 +345,7 @@ Brave's Web3 features can potentially add to your browser fingerprint and attack

 #### Brave Rewards and Wallet

-**Brave Rewards** lets you receive Basic Attention Token (BAT) cryptocurrency for performing certain actions within Brave. It relies on a custodial account and KYC from a select number of providers. We do not recommend BAT as a [private cryptocurrency](cryptocurrency.md), nor do we recommend using a [custodial wallet](advanced/payments.md#wallet-custody), so we would discourage using this feature.
+**Brave Rewards** lets you recieve Basic Attention Token (BAT) cryptocurrency for performing certain actions within Brave. It relies on a custodial account and KYC from a select number of providers. We do not recommend BAT as a [private cryptocurrency](cryptocurrency.md), nor do we recommend using a [custodial wallet](advanced/payments.md#other-coins-bitcoin-ethereum-etc), so we would discourage using this feature.

 **Brave Wallet** operates locally on your computer, but does not support any private cryptocurrencies, so we would discourage using this feature as well.

@@ -355,24 +358,24 @@ Brave's Web3 features can potentially add to your browser fingerprint and attack
 ### Minimum Requirements

 - Must be open-source software.
- Must support automatic updates.
- Must receive engine updates in 0-1 days from upstream release.
- Must be available on Linux, macOS, and Windows.
- Any changes required to make the browser more privacy-respecting must not negatively impact user experience.
- Must block third-party cookies by default.
- Must support [state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning) to mitigate cross-site tracking.[^1]
+- Supports automatic updates.
+- Receives engine updates in 0-1 days from upstream release.
+- Available on Linux, macOS, and Windows.
+- Any changes required to make the browser more privacy-respecting should not negatively impact user experience.
+- Blocks third-party cookies by default.
+- Supports [state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning) to mitigate cross-site tracking.[^1]

 ### Best-Case

 Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.

- Should include built-in content blocking functionality.
- Should support cookie compartmentalization (à la [Multi-Account Containers](https://support.mozilla.org/kb/containers)).
- Should support Progressive Web Apps.
-  PWAs enable you to install certain websites as if they were native apps on your computer. This can have advantages over installing Electron-based apps, because PWAs benefit from your browser's regular security updates.
- Should not include add-on functionality (bloatware) that does not impact user privacy.
- Should not collect telemetry by default.
- Should provide an open-source sync server implementation.
- Should default to a [private search engine](search-engines.md).
+- Includes built-in content blocking functionality.
+- Supports cookie compartmentalization (à la [Multi-Account Containers](https://support.mozilla.org/kb/containers)).
+- Supports Progressive Web Apps.
+  PWAs enable you to install certain websites as if they were native apps on your computer. This can have advantages over installing Electron-based apps, because you benefit from your browser's regular security updates.
+- Does not include add-on functionality (bloatware) that does not impact user privacy.
+- Does not collect telemetry by default.
+- Provides open-source sync server implementation.
+- Defaults to a [private search engine](search-engines.md).

 [^1]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state).
--- a/docs/device-integrity.md
+++ b/docs/device-integrity.md
@@ -214,13 +214,13 @@ Using these apps is insufficient to determine that a device is "clean", and not

 Hypatia is particularly good at detecting common stalkerware: If you suspect you are a victim of stalkerware, you should [visit this page](https://stopstalkerware.org/information-for-survivors) for advice.

-### iVerify Basic (iOS)
+### iVerify (iOS)

 <div class="admonition recommendation" markdown>

 ![iVerify logo](assets/img/device-integrity/iverify.webp){ align=right }

-**iVerify Basic** is an iOS app which can scan your device to check configuration settings, patch level, and other areas of security. It also checks your device for indicators of compromise by jailbreak tools or spyware such as Pegasus.
+**iVerify** is an iOS app which automatically scans your device to check configuration settings, patch level, and other areas of security. It also checks your device for indicators of compromise by jailbreak tools or spyware such as Pegasus.

 [:octicons-home-16: Homepage](https://iverify.io/consumer){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://iverify.io/privacy-policy){ .card-link title="Privacy Policy" }
@@ -235,10 +235,8 @@ Hypatia is particularly good at detecting common stalkerware: If you suspect you

 </div>

-Previously, iVerify would scan your device for threats automatically in the background and notify you if one is found, but this is [no longer the case](https://discuss.privacyguides.net/t/iverify-basic-is-now-available-on-android/18458/11) following their rebrand of the consumer app to *iVerify Basic* in May 2024. You can still run manual scans within the app. Automatic background scanning is now only available in iVerify's enterprise product which is unavailable to consumers.
+Like all iOS apps, iVerify is restricted to what it can observe about your device from within the iOS App Sandbox. It will not provide nearly as robust analysis as a full-system analysis tool like [MVT](#mobile-verification-toolkit). Its primary function is to detect whether your device is jailbroken, which it is effective at, however a hypothetical threat which is *specifically* designed to bypass iVerify's checks would likely succeed at doing so.

-Like all iOS apps, iVerify Basic is restricted to what it can observe about your device from within the iOS App Sandbox. It will not provide nearly as robust analysis as a full-system analysis tool like [MVT](#mobile-verification-toolkit). Its primary function is to detect whether your device is jailbroken, which it is effective at, however a hypothetical threat which is *specifically* designed to bypass iVerify's checks would likely succeed at doing so.
+iVerify is **not** an "antivirus" tool, and will not detect non-system-level malware such as malicious custom keyboards or malicious Wi-Fi Sync configurations, for example.

-iVerify Basic is **not** an "antivirus" tool, and will not detect non-system-level malware such as malicious custom keyboards or malicious Wi-Fi Sync configurations, for example.
-
-In addition to device scanning, iVerify Basic also includes a number of additional security utilities which you may find useful, including device [reboot reminders](os/ios-overview.md#before-first-unlock), iOS update notifications (which are often faster than Apple's staggered update notification rollout), and some basic privacy and security guides.
+In addition to device scanning, iVerify also includes a number of additional security utilities which you may find useful, including device reboot reminders, iOS update notifications (which are often faster than Apple's staggered update notification rollout), some basic privacy and security guides, and a DNS over HTTPS tool which can connect your device's [DNS](dns.md) queries securely to Quad9, Cloudflare, or Google.
--- a/docs/dns.md
+++ b/docs/dns.md
@@ -99,7 +99,7 @@ These DNS filtering solutions offer a web dashboard where you can customize the
 - [:simple-linux: Linux](https://docs.controld.com/docs/ctrld)
 - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.controld.setuputility)
 - [:simple-appstore: App Store](https://apps.apple.com/app/1518799460)
- [:simple-github: GitHub](https://github.com/Control-D-Inc/ctrld/releases)
+- [:simple-github: GitHub](https://github.com/Control-D-Inc/ctrld/releases/tag/v1.3.5)

 </details>

@@ -148,7 +148,7 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](ad
 ![RethinkDNS logo](assets/img/android/rethinkdns.svg#only-light){ align=right }
 ![RethinkDNS logo](assets/img/android/rethinkdns-dark.svg#only-dark){ align=right }

-**RethinkDNS** is an open-source Android client that supports [DNS-over-HTTPS](advanced/dns-overview.md#dns-over-https-doh), [DNS-over-TLS](advanced/dns-overview.md#dns-over-tls-dot), [DNSCrypt](advanced/dns-overview.md#dnscrypt) and DNS Proxy. It also provides additional functionality such as caching DNS responses, locally logging DNS queries, and using the app as a firewall.
+**RethinkDNS** is an open-source Android client supporting [DNS-over-HTTPS](advanced/dns-overview.md#dns-over-https-doh), [DNS-over-TLS](advanced/dns-overview.md#dns-over-tls-dot), [DNSCrypt](advanced/dns-overview.md#dnscrypt) and DNS Proxy along with caching DNS responses, locally logging DNS queries and can be used as a firewall too.

 [:octicons-home-16: Homepage](https://rethinkdns.com){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://rethinkdns.com/privacy){ .card-link title="Privacy Policy" }
@@ -165,8 +165,6 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](ad

 </div>

-While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a Wireguard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.  
-
 ### dnscrypt-proxy

 <div class="admonition recommendation" markdown>
--- a/docs/email.md
+++ b/docs/email.md
@@ -65,7 +65,7 @@ OpenPGP also does not support Forward secrecy, which means if either your or the

 - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonmail.android)
 - [:simple-appstore: App Store](https://apps.apple.com/app/id979659905)
- [:simple-github: GitHub](https://github.com/ProtonMail/android-mail/releases)
+- [:simple-github: GitHub](https://github.com/ProtonMail/proton-mail-android/releases)
 - [:simple-windows11: Windows](https://proton.me/mail/bridge#download)
 - [:simple-apple: macOS](https://proton.me/mail/bridge#download)
 - [:simple-linux: Linux](https://proton.me/mail/bridge#download)
@@ -178,7 +178,7 @@ These providers store your emails with zero-knowledge encryption, making them gr

 <div class="grid cards" markdown>

- ![Tuta logo](assets/img/email/tuta.svg#only-light){ .twemoji loading=lazy }![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ .twemoji loading=lazy } [Tuta](email.md#tuta)
+- ![Tuta logo](assets/img/email/tuta.svg){ .twemoji } [Tuta](email.md#tuta)

 </div>

@@ -186,8 +186,7 @@ These providers store your emails with zero-knowledge encryption, making them gr

 <div class="admonition recommendation" markdown>

-![Tuta logo](assets/img/email/tuta.svg#only-light){ align=right }
-![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ align=right }
+![Tuta logo](assets/img/email/tuta.svg){ align=right }

 **Tuta** is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since **2011** and is based in Hanover, Germany. Free accounts start with 1GB of storage.

@@ -212,7 +211,7 @@ These providers store your emails with zero-knowledge encryption, making them gr

 </div>

-Tuta doesn't support the [IMAP protocol](https://tuta.com/support#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tuta app. [Email import](https://github.com/tutao/tutanota/issues/630) is not currently supported either, though this is [due to be changed](https://tuta.com/blog/kickoff-import). Emails can be exported [individually or by bulk selection](https://tuta.com/support#generalMail) per folder, which may be inconvenient if you have many folders.
+Tuta doesn't support the [IMAP protocol](https://tuta.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tuta app. [Email import](https://github.com/tutao/tutanota/issues/630) is not currently supported either, though this is [due to be changed](https://tuta.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tuta.com/support#generalMail) per folder, which may be inconvenient if you have many folders.

 #### :material-check:{ .pg-green } Custom Domains and Aliases

@@ -220,7 +219,7 @@ Paid Tuta accounts can use either 15 or 30 aliases depending on their plan and u

 #### :material-information-outline:{ .pg-blue } Private Payment Methods

-Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with Proxystore.
+Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/faq/#cryptocurrency) with Proxystore.

 #### :material-check:{ .pg-green } Account Security

@@ -240,7 +239,7 @@ Tuta will [delete inactive free accounts](https://tuta.com/support#inactive-acco

 #### :material-information-outline:{ .pg-blue } Additional Functionality

-Tuta offers the business version of [Tuta to non-profit organizations](https://tuta.com/blog/secure-email-for-non-profit) for free or with a heavy discount.
+Tuta offers the business version of [Tuta to non-profit organizations](https://tuta.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount.

 Tuta doesn't offer a digital legacy feature.

--- a/docs/encryption.md
+++ b/docs/encryption.md
@@ -54,16 +54,16 @@ Cryptomator's documentation details its intended [security target](https://docs.

 **Picocrypt** is a small and simple encryption tool that provides modern encryption. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security. It uses Go's standard x/crypto modules for its encryption features.

-[:octicons-repo-16: Repository](https://github.com/Picocrypt/Picocrypt){ .md-button .md-button--primary }
-[:octicons-code-16:](https://github.com/Picocrypt/Picocrypt){ .card-link title="Source Code" }
+[:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
 [:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }

 <details class="downloads" markdown>
 <summary>Downloads</summary>

- [:simple-windows11: Windows](https://github.com/Picocrypt/Picocrypt/releases)
- [:simple-apple: macOS](https://github.com/Picocrypt/Picocrypt/releases)
- [:simple-linux: Linux](https://github.com/Picocrypt/Picocrypt/releases)
+- [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)

 </details>

@@ -340,7 +340,7 @@ gpg --quick-gen-key alice@example.com future-default
 <div class="admonition note" markdown>
 <p class="admonition-title">Note</p>

-We suggest [Canary Mail](email-clients.md#canary-mail-ios) for using PGP with email on iOS devices.
+We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices.

 </div>

@@ -348,7 +348,7 @@ We suggest [Canary Mail](email-clients.md#canary-mail-ios) for using PGP with em

 ![GPG Suite logo](assets/img/encryption-software/gpgsuite.png){ align=right }

-**GPG Suite** provides OpenPGP support for [Apple Mail](email-clients.md#apple-mail-macos) and macOS.
+**GPG Suite** provides OpenPGP support for [Apple Mail](email-clients.md#apple-mail) and macOS.

 We recommend taking a look at their [First steps](https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email) and [Knowledge base](https://gpgtools.tenderapp.com/kb) for support.

@@ -372,7 +372,7 @@ We recommend taking a look at their [First steps](https://gpgtools.tenderapp.com

 ![OpenKeychain logo](assets/img/encryption-software/openkeychain.svg){ align=right }

-**OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail-android) and [FairEmail](email-clients.md#fairemail-android) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
+**OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).

 [:octicons-home-16: Homepage](https://openkeychain.org){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
--- a/docs/kb-archive.md
+++ b/docs/kb-archive.md
@@ -0,0 +1,14 @@
+---
+title: KB Archive
+icon: material/archive
+description: Some pages that used to be in our knowledge base can now be found on our blog.
+---
+Some pages that used to be in our knowledge base can now be found on our blog:
+
+- [GrapheneOS vs. CalyxOS](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos)
+- [Signal Configuration Hardening](https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening)
+- [Linux - System Hardening](https://blog.privacyguides.org/2022/04/22/linux-system-hardening)
+- [Linux - Application Sandboxing](https://blog.privacyguides.org/2022/04/22/linux-application-sandboxing)
+- [Secure Data Erasure](https://blog.privacyguides.org/2022/05/25/secure-data-erasure)
+- [Integrating Metadata Removal](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal)
+- [iOS Configuration Guide](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide)
--- a/docs/meta/commit-messages.md
+++ b/docs/meta/commit-messages.md
@@ -1,49 +0,0 @@
---
-title: Commit Messages
---
-
-For our commit messages we follow the style provided by [Conventional Commits](https://conventionalcommits.org). Not all of those suggestions are appropriate for Privacy Guides, so the main ones we use are:
-
-## Commit message with correction
-
-We use `fix` for simple things like spelling mistakes or site related bugs. These things will usually have the `correction` or `bug` label on GitHub.
-
-```text
-fix: Correct spelling on XYZ page (#0000)
-```
-
-## Update to site
-
-This example is for a removal of an item (but could also be used for an addition); you may elaborate why it was removed in the commit paragraph below. It can also be used for the addition of any new pages.
-
-```text
-update: Remove foobar (#0000)
-
-Foobar was removed due to it having numerious security issues and being unmaintained.
-```
-
-## Update to specific item
-
-This example could be used for an item already on the site, but includes a minor update to the description.
-
-```text
-foobar: Add mention of security audit (#0000)
-```
-
-## Feature/enhancement
-
-For new features or enhancements to the site, e.g. things that have the `enhancements` label on GitHub, it may be appropriate to signify these with:
-
-```text
-feat: Add blah blah (#0000)
-
-This change adds the forum topics to the main page
-```
-
-## Module update
-
-Dependency updates follow the normal recommendations of beginning with:
-
-```text
-chore: Bump modules/mkdocs-material from 463e535 to 621a5b8
-```
--- a/docs/mobile-browsers.md
+++ b/docs/mobile-browsers.md
@@ -130,6 +130,13 @@ Brave allows you to select additional content filters within the internal `brave

 ### Mull

+<div class="admonition danger" markdown>
+<p class="admonition-title">Danger</p>
+
+Firefox (Gecko)-based browsers on Android [lack per-site process isolation](https://bugzilla.mozilla.org/show_bug.cgi?id=1565196), a powerful security feature that offers additional protection against a malicious website exploiting a security vulnerability. Missing this feature likely won't pose an issue for low-risk web browsers who keep their browser up-to-date, but those visiting higher-risk sites or at risk of targeted/0-day attacks should strongly consider a Chromium-based browser like [Brave](#brave) instead.
+
+</div>
+
 <div class="admonition recommendation" markdown>

 ![Mull logo](assets/img/browsers/mull.svg){ align=right }
@@ -150,16 +157,6 @@ Brave allows you to select additional content filters within the internal `brave

 </div>

-<div class="admonition danger" markdown>
-<p class="admonition-title">Danger</p>
-
-Firefox (Gecko)-based browsers on Android [lack](https://bugzilla.mozilla.org/show_bug.cgi?id=1610822) [site isolation](https://wiki.mozilla.org/Project_Fission),[^1] a powerful security feature that protects against a malicious site performing a [Spectre](https://en.wikipedia.org/wiki/Spectre_(security_vulnerability))-like attack to gain access to the memory of another website you have open.[^2] Chromium-based browsers like [Brave](#brave) will provide more robust protection against malicious websites.
-
-</div>
-
-[^1]: This should not be mistaken for [state partitioning](https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning) (or dynamic [first party isolation](https://2019.www.torproject.org/projects/torbrowser/design/#identifier-linkability)), where website data such as cookies and cache is restricted so that a third-party embedded in one top-level site cannot access data stored under another top-level site. This is an important privacy feature to prevent cross-site tracking and **is** supported by Firefox on Android.
-[^2]: GeckoView also [does not](https://bugzilla.mozilla.org/show_bug.cgi?id=1565196) take advantage of Android's native process sandboxing by using the [isolatedProcess](https://developer.android.com/guide/topics/manifest/service-element#isolated) flag, which normally allows an app to safely run less trusted code in a separate process that has no permissions of its own.
-
 Enable DivestOS's [F-Droid Repo](https://divestos.org/fdroid/official) to receive updates directly from the developer. Downloading Mull from the default F-Droid repo will mean your updates could be delayed by a few days or longer.

 Mull enables many features upstreamed by the [Tor uplift project](https://wiki.mozilla.org/Security/Tor_Uplift) using preferences from [Arkenfox](desktop-browsers.md#arkenfox-advanced). Proprietary blobs are removed from Mozilla's code using the scripts developed for Fennec F-Droid.
@@ -170,8 +167,6 @@ We would suggest installing [uBlock Origin](browser-extensions.md#ublock-origin)

 Mull comes with privacy protecting settings configured by default. You might consider configuring the **Delete browsing data on quit** options in Mull's settings if you want to close all your open tabs when quitting the app automatically, or clear other data such as browsing history and cookies automatically.

-Because Mull has more advanced and strict privacy protections enabled by default compared to most browsers, some websites may not load or work properly unless you adjust those settings. You can consult this [list of known issues and workarounds](https://divestos.org/pages/broken#mull) for advice on a potential fix if you do encounter a broken site. Adjusting a setting in order to fix a website could impact your privacy/security, so make sure you fully understand any instructions you follow.
-
 ## iOS

 On iOS, any app that can browse the web is [restricted](https://developer.apple.com/app-store/review/guidelines) to using an Apple-provided [WebKit framework](https://developer.apple.com/documentation/webkit), so there is little reason to use a third-party web browser.
--- a/docs/multi-factor-authentication.md
+++ b/docs/multi-factor-authentication.md
@@ -1,33 +1,119 @@
 ---
-title: "Multi-Factor Authentication"
+title: "Multi-Factor Authenticators"
 icon: 'material/two-factor-authentication'
 description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party.
 cover: multi-factor-authentication.webp
 ---
+## Hardware Security Keys

-<div class="admonition note" markdown>
-<p class="admonition-title">Hardware Keys</p>
-
-[Hardware security key recommendations](security-keys.md) have been moved to their own category.
-
-</div>
-
-**Multi-Factor Authentication Apps** implement a security standard adopted by the Internet Engineering Task Force (IETF) called **Time-based One-time Passwords**, or **TOTP**. This is a method where websites share a secret with you which is used by your authenticator app to generate a six (usually) digit code based on the current time, which you enter while logging in for the website to check. Typically these codes are regenerated every 30 seconds, and once a new code is generated the old one becomes useless. Even if a hacker gets one six-digit code, there is no way for them to reverse that code to get the original secret or otherwise be able to predict what any future codes might be.
-
-We highly recommend that you use mobile TOTP apps instead of desktop alternatives as Android and iOS have better security and app isolation than most desktop operating systems.
-
-## Ente Auth
+### YubiKey

 <div class="admonition recommendation" markdown>

-![Ente Auth logo](assets/img/multi-factor-authentication/ente-auth.png){ align=right }
+![YubiKeys](assets/img/multi-factor-authentication/yubikey.png)

-**Ente Auth** is a free and open-source app which stores and generates TOTP tokens. It can be used with an online account to backup and sync your tokens across your devices (and access them via a web interface) in a secure, end-to-end encrypted fashion. It can also be used offline on a single device with no account necessary.
+The **YubiKeys** are among the most popular security keys. Some YubiKey models have a wide range of features such as: [Universal 2nd Factor (U2F)](https://en.wikipedia.org/wiki/Universal_2nd_Factor), [FIDO2 and WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online), [Yubico OTP](basics/multi-factor-authentication.md#yubico-otp), [Personal Identity Verification (PIV)](https://developers.yubico.com/PIV), [OpenPGP](https://developers.yubico.com/PGP), [TOTP and HOTP](https://developers.yubico.com/OATH) authentication.
+
+One of the benefits of the YubiKey is that one key can do almost everything (YubiKey 5), you could expect from a hardware security key. We do encourage you to take the [quiz](https://yubico.com/quiz) before purchasing in order to make sure you make the right choice.
+
+[:octicons-home-16: Homepage](https://yubico.com){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://yubico.com/support/terms-conditions/privacy-notice){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://docs.yubico.com){ .card-link title=Documentation}
+
+</details>
+
+</div>
+
+The [comparison table](https://yubico.com/store/compare) shows the features and how the YubiKeys compare. We highly recommend that you select keys from the YubiKey 5 Series.
+
+YubiKeys can be programmed using the [YubiKey Manager](https://yubico.com/support/download/yubikey-manager) or [YubiKey Personalization Tools](https://yubico.com/support/download/yubikey-personalization-tools). For managing TOTP codes, you can use the [Yubico Authenticator](https://yubico.com/products/yubico-authenticator). All of Yubico's clients are open source.
+
+For models which support HOTP and TOTP, there are 2 slots in the OTP interface which could be used for HOTP and 32 slots to store TOTP secrets. These secrets are stored encrypted on the key and never expose them to the devices they are plugged into. Once a seed (shared secret) is given to the Yubico Authenticator, it will only give out the six-digit codes, but never the seed. This security model helps limit what an attacker can do if they compromise one of the devices running the Yubico Authenticator and make the YubiKey resistant to a physical attacker.
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+The firmware of YubiKey is not open source and is not updatable. If you want features in newer firmware versions, or if there is a vulnerability in the firmware version you are using, you would need to purchase a new key.
+
+</div>
+
+### Nitrokey
+
+<div class="admonition recommendation" markdown>
+
+![Nitrokey](assets/img/multi-factor-authentication/nitrokey.jpg){ align=right }
+
+**Nitrokey** has a security key capable of [FIDO2 and WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online) called the **Nitrokey FIDO2**. For PGP support, you need to purchase one of their other keys such as the **Nitrokey Start**, **Nitrokey Pro 2** or the **Nitrokey Storage 2**.
+
+[:octicons-home-16: Homepage](https://nitrokey.com){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://nitrokey.com/data-privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://docs.nitrokey.com){ .card-link title=Documentation}
+
+</details>
+
+</div>
+
+The [comparison table](https://nitrokey.com/#comparison) shows the features and how the Nitrokey models compare. The **Nitrokey 3** listed will have a combined feature set.
+
+Nitrokey models can be configured using the [Nitrokey app](https://nitrokey.com/download).
+
+For the models which support HOTP and TOTP, there are 3 slots for HOTP and 15 for TOTP. Some Nitrokeys can act as a password manager. They can store 16 different credentials and encrypt them using the same password as the OpenPGP interface.
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+While Nitrokeys do not release the HOTP/TOTP secrets to the device they are plugged into, the HOTP and TOTP storage is **not** encrypted and is vulnerable to physical attacks. If you are looking to store HOTP or TOTP secrets, we highly recommend that you use a YubiKey instead.
+
+</div>
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+Resetting the OpenPGP interface on a Nitrokey will also make the password database [inaccessible](https://docs.nitrokey.com/pro/linux/factory-reset).
+
+</div>
+
+The Nitrokey Pro 2, Nitrokey Storage 2, and the upcoming Nitrokey 3 supports system integrity verification for laptops with the [Coreboot](https://coreboot.org) + [Heads](https://osresearch.net) firmware.
+
+Nitrokey's firmware is open source, unlike the YubiKey. The firmware on modern NitroKey models (except the **NitroKey Pro 2**) is updatable.
+
+### Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+#### Minimum Requirements
+
+- Must use high quality, tamper resistant hardware security modules.
+- Must support the latest FIDO2 specification.
+- Must not allow private key extraction.
+- Devices which cost over $35 must support handling OpenPGP and S/MIME.
+
+#### Best-Case
+
+Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
+
+- Should be available in USB-C form-factor.
+- Should be available with NFC.
+- Should support TOTP secret storage.
+- Should support secure firmware updates.
+
+## Authenticator Apps
+
+Authenticator Apps implement a security standard adopted by the Internet Engineering Task Force (IETF) called **Time-based One-time Passwords**, or **TOTP**. This is a method where websites share a secret with you which is used by your authenticator app to generate a six (usually) digit code based on the current time, which you enter while logging in for the website to check. Typically these codes are regenerated every 30 seconds, and once a new code is generated the old one becomes useless. Even if a hacker gets one six-digit code, there is no way for them to reverse that code to get the original secret or otherwise be able to predict what any future codes might be.
+
+We highly recommend that you use mobile TOTP apps instead of desktop alternatives as Android and iOS have better security and app isolation than most desktop operating systems.
+
+### ente Auth
+
+<div class="admonition recommendation" markdown>
+
+![ente Auth logo](assets/img/multi-factor-authentication/ente-auth.png){ align=right }
+
+**ente Auth** is a free and open-source app which stores and generates TOTP tokens. It can be used with an online account to backup and sync your tokens across your devices (and access them via a web interface) in a secure, end-to-end encrypted fashion. It can also be used offline on a single device with no account necessary.

 [:octicons-home-16: Homepage](https://ente.io/auth){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://ente.io/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://help.ente.io/auth){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/ente-io/ente/tree/main/auth#readme){ .card-link title="Source Code" }
+[:octicons-code-16:](https://github.com/ente-io/auth){ .card-link title="Source Code" }

 <details class="downloads" markdown>
 <summary>Downloads</summary>
@@ -41,7 +127,7 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative

 </div>

-## Aegis Authenticator (Android)
+### Aegis Authenticator (Android)

 <div class="admonition recommendation" markdown>

@@ -66,10 +152,11 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative
 </div>

 <!-- markdownlint-disable-next-line -->
-## Criteria
+### Criteria

 **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.

 - Source code must be publicly available.
 - Must not require internet connectivity.
- Cloud syncing must be optional, and (if available) sync functionality must be E2EE.
+- Must not sync to a third-party cloud sync/backup service.
+    - **Optional** E2EE sync support with OS-native tools is acceptable, e.g. encrypted sync via iCloud.
--- a/docs/news-aggregators.md
+++ b/docs/news-aggregators.md
@@ -58,7 +58,7 @@ A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to k

 ![Feeder logo](assets/img/news-aggregators/feeder.png){ align=right }

-**Feeder** is a modern RSS client for Android that has many [features](https://github.com/spacecowboy/Feeder#features) and works well with folders of RSS feeds. It supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)), [RDF](https://en.wikipedia.org/wiki/RDF%2FXML) and [JSON Feed](https://en.wikipedia.org/wiki/JSON_Feed).
+**Feeder** is a modern RSS client for Android that has many [features](https://gitlab.com/spacecowboy/Feeder#features) and works well with folders of RSS feeds. It supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)), [RDF](https://en.wikipedia.org/wiki/RDF%2FXML) and [JSON Feed](https://en.wikipedia.org/wiki/JSON_Feed).

 [:octicons-repo-16: Repository](https://github.com/spacecowboy/Feeder){ .md-button .md-button--primary }
 [:octicons-code-16:](https://github.com/spacecowboy/Feeder){ .card-link title="Source Code" }
@@ -68,7 +68,6 @@ A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to k
 <summary>Downloads</summary>

 - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.nononsenseapps.feeder.play)
- [:simple-github: GitHub](https://github.com/spacecowboy/Feeder/releases)

 </details>

@@ -120,7 +119,7 @@ A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to k

 ![NetNewsWire logo](assets/img/news-aggregators/netnewswire.png){ align=right }

-**NetNewsWire** is a free and open-source feed reader for macOS and iOS with a focus on a native design and feature set. It supports the typical feed formats alongside built-in support for Reddit feeds.
+**NetNewsWire** a free and open-source feed reader for macOS and iOS with a focus on a native design and feature set. It supports the typical feed formats alongside built-in support for Reddit feeds.

 [:octicons-home-16: Homepage](https://netnewswire.com){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://netnewswire.com/privacypolicy.html){ .card-link title="Privacy Policy" }
--- a/docs/notebooks.md
+++ b/docs/notebooks.md
@@ -68,12 +68,13 @@ Standard Notes has [joined Proton AG](https://standardnotes.com/blog/joining-for
 - [:simple-firefoxbrowser: Firefox](https://notesnook.com/notesnook-web-clipper)
 - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/notesnook-web-clipper/kljhpemdlcnjohmfmkogahelkcidieaj)
 - [:octicons-globe-16: Web](https://app.notesnook.com)
- [:simple-flathub: Flathub](https://flathub.org/apps/com.notesnook.Notesnook)

 </details>

 </div>

+Notesnook only allows local note encryption with the [private vault](https://help.notesnook.com/lock-notes-with-private-vault) feature on their pro plan, otherwise your notes are not stored encrypted on your device. Your notes are always encrypted before being synced to their servers with keys which only you have access to.
+
 ### Joplin

 <div class="admonition recommendation" markdown>
--- a/docs/os/android-overview.md
+++ b/docs/os/android-overview.md
@@ -21,9 +21,9 @@ Ideally, when choosing a custom Android distribution, you should make sure that

 ### Avoid Rooting

-[Rooting](https://en.wikipedia.org/wiki/Rooting_(Android)) Android phones can decrease security significantly as it weakens the complete [Android security model](https://en.wikipedia.org/wiki/Android_(operating_system)#Security_and_privacy). This can decrease privacy should there be an exploit that is assisted by the decreased security. Common rooting methods involve directly tampering with the boot partition, making it impossible to perform successful Verified Boot. Apps that require root will also modify the system partition, meaning that Verified Boot would have to remain disabled. Having root exposed directly in the user interface also increases the [attack surface](https://en.wikipedia.org/wiki/Attack_surface) of your device and may assist in [privilege escalation](https://en.wikipedia.org/wiki/Privilege_escalation) vulnerabilities and SELinux policy bypasses.
+[Rooting](https://en.wikipedia.org/wiki/Rooting_(Android)) Android phones can decrease security significantly as it weakens the complete [Android security model](https://en.wikipedia.org/wiki/Android_(operating_system)#Security_and_privacy). This can decrease privacy should there be an exploit that is assisted by the decreased security. Common rooting methods involve directly tampering with the boot partition, making it impossible to perform successful Verified Boot. Apps that require root will also modify the system partition meaning that Verified Boot would have to remain disabled. Having root exposed directly in the user interface also increases the [attack surface](https://en.wikipedia.org/wiki/Attack_surface) of your device and may assist in [privilege escalation](https://en.wikipedia.org/wiki/Privilege_escalation) vulnerabilities and SELinux policy bypasses.

-Content blockers which modify the [hosts file](https://en.wikipedia.org/wiki/Hosts_(file)) (AdAway) and firewalls (AFWall+) which require root access persistently are dangerous and should not be used. They are also not the correct way to solve their intended purposes. For content blocking, we suggest encrypted [DNS](../dns.md) or content blocking functionality provided by a VPN instead. TrackerControl and AdAway in non-root mode will take up the VPN slot (by using a local loopback VPN), preventing you from using privacy enhancing services such as [Orbot](../tor.md#orbot) or a [real VPN provider](../vpn.md).
+Content blockers which modify the [hosts file](https://en.wikipedia.org/wiki/Hosts_(file)) (AdAway) and firewalls (AFWall+) which require root access persistently are dangerous and should not be used. They are also not the correct way to solve their intended purposes. For content blocking we suggest encrypted [DNS](../dns.md) or [VPN](../vpn.md) server blocking solutions instead. RethinkDNS, TrackerControl and AdAway in non-root mode will take up the VPN slot (by using a local loopback VPN) preventing you from using privacy enhancing services such as Orbot or a real VPN server.

 AFWall+ works based on the [packet filtering](https://en.wikipedia.org/wiki/Firewall_(computing)#Packet_filter) approach and may be bypassable in some situations.

@@ -31,7 +31,7 @@ We do not believe that the security sacrifices made by rooting a phone are worth

 ### Install Updates

-It's important to not use an [end-of-life](https://endoflife.date/android) version of Android. Newer versions of Android receive not only security updates for the operating system but also important privacy enhancing updates too.
+It's important to not use an [end-of-life](https://endoflife.date/android) version of Android. Newer versions of Android not only receive security updates for the operating system but also important privacy enhancing updates too.

 For example, [prior to Android 10](https://developer.android.com/about/versions/10/privacy/changes) any apps with the [`READ_PHONE_STATE`](https://developer.android.com/reference/android/Manifest.permission#READ_PHONE_STATE) permission could access sensitive and unique serial numbers of your phone such as [IMEI](https://en.wikipedia.org/wiki/International_Mobile_Equipment_Identity), [MEID](https://en.wikipedia.org/wiki/Mobile_equipment_identifier), or your SIM card's [IMSI](https://en.wikipedia.org/wiki/International_mobile_subscriber_identity); whereas now they must be system apps to do so. System apps are only provided by the OEM or Android distribution.

@@ -53,7 +53,7 @@ Verified Boot ensures the integrity of the operating system files, thereby preve

 Unfortunately, OEMs are only obliged to support Verified Boot on their stock Android distribution. Only a few OEMs such as Google support custom AVB key enrollment on their devices. Additionally, some AOSP derivatives such as LineageOS or /e/ OS do not support Verified Boot even on hardware with Verified Boot support for third-party operating systems. We recommend that you check for support **before** purchasing a new device. AOSP derivatives which do not support Verified Boot are **not** recommended.

-Many OEMs also have broken implementation of Verified Boot that you have to be aware of beyond their marketing. For example, the Fairphone 3 and 4 are not secure by default, as the [stock bootloader trusts the public AVB signing key](https://forum.fairphone.com/t/bootloader-avb-keys-used-in-roms-for-fairphone-3-4/83448/11). This breaks verified boot on a stock Fairphone device, as the system will boot alternative Android operating systems (such as /e/) [without any warning](https://source.android.com/security/verifiedboot/boot-flow#locked-devices-with-custom-root-of-trust) about custom operating system usage.
+Many OEMs also have broken implementation of Verified Boot that you have to be aware of beyond their marketing. For example, the Fairphone 3 and 4 are not secure by default, as the [stock bootloader trusts the public AVB signing key](https://forum.fairphone.com/t/bootloader-avb-keys-used-in-roms-for-fairphone-3-4/83448/11). This breaks verified boot on a stock Fairphone device, as the system will boot alternative Android operating systems such (such as /e/) [without any warning](https://source.android.com/security/verifiedboot/boot-flow#locked-devices-with-custom-root-of-trust) about custom operating system usage.

 ### Firmware Updates

@@ -90,7 +90,7 @@ Android 12:

 Android 13:

- A permission for [nearby Wi-Fi access](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). The MAC addresses of nearby Wi-Fi access points were a popular way for apps to track a user's location.
+- A permission for [nearby Wi-Fi access](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). The MAC addresses of nearby Wi-Fi access points was a popular way for apps to track a user's location.
 - More [granular media permissions](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions), meaning you can grant access to images, videos or audio files only.
 - Background use of sensors now requires the [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission) permission.

@@ -136,11 +136,11 @@ Android 7 and above supports a VPN kill switch, and it is available without the

 ### Global Toggles

-Modern Android devices have global toggles for disabling Bluetooth and location services. Android 12 introduced toggles for the camera and microphone. When not in use, we recommend disabling these features. Apps cannot use disabled features (even if granted individual permissions) until re-enabled.
+Modern Android devices have global toggles for disabling Bluetooth and location services. Android 12 introduced toggles for the camera and microphone. When not in use, we recommend disabling these features. Apps cannot use disabled features (even if granted individual permission) until re-enabled.

 ## Google Services

-If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
+If you are using a device with Google services, either your stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS, there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.

 ### Advanced Protection Program

@@ -177,7 +177,7 @@ On Android distributions with privileged Google Play Services (such as stock OSe
 - :gear: **Settings** → **Google** → **Ads**
 - :gear: **Settings** → **Privacy** → **Ads**

-You will either be given the option to delete your advertising ID or to *Opt out of interest-based ads* (this varies between OEM distributions of Android). If presented with the option to delete the advertising ID, that is preferred. If not, then make sure to opt out and reset your advertising ID.
+You will either be given the option to delete your advertising ID or to *Opt out of interest-based ads*, this varies between OEM distributions of Android. If presented with the option to delete the advertising ID that is preferred. If not, then make sure to opt out and reset your advertising ID.

 ### SafetyNet and Play Integrity API

--- a/docs/os/index.md
+++ b/docs/os/index.md
@@ -1,18 +0,0 @@
---
-title: Operating Systems
---
-We publish configuration guides for the major operating systems, because you can generally improve the amount of data that is collected about you on any option, especially if you use [privacy tools](../tools.md) like our recommended web browsers in place of native tools where appropriate. However, some operating systems will be more privacy-respecting inherently, and it will be much harder to achieve an equivalent level of privacy on other choices.
-
-If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
-
-## Mobile Operating Systems
-
- [Android Overview](android-overview.md) :material-star:
- [iOS Overview](ios-overview.md)
-
-## Desktop Operating Systems
-
- [Linux Overview](linux-overview.md) :material-star:
- [macOS Overview](macos-overview.md)
- [Qubes Overview](qubes-overview.md) :material-star:
- [Windows Overview](windows/index.md)
--- a/docs/os/ios-overview.md
+++ b/docs/os/ios-overview.md
@@ -7,9 +7,9 @@ description: iOS is a mobile operating system developed by Apple for the iPhone.

 ## Privacy Notes

-iOS devices are frequently praised by security experts for their robust data protection and adherence to modern best practices. However, the restrictiveness of Apple's ecosystem—particularly with their mobile devices—does still hamper privacy in a number of ways.
+iOS devices are frequently praised by security experts for their robust data protection and adherence to modern best-practices. However, the restrictiveness of Apple's ecosystem—particularly with their mobile devices—does still hamper privacy in a number of ways.

-We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
+We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android.md) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.

 ### Activation Lock

@@ -55,7 +55,7 @@ At the top of the **Settings** app, you'll see your name and profile picture if

 **Find My** is a service that lets you track your Apple devices and share your location with your friends and family. It also allows you to wipe your device remotely in case it is stolen, preventing a thief from accessing your data. Your Find My [location data is E2EE](https://apple.com/legal/privacy/data/en/find-my) when:

- Your location is shared with a family member or friend, and you both use iOS 17 or greater.
+- Your location is shared with a family member or friend, and you both use iOS 15 or greater.
 - Your device is offline and is located by the Find My Network.

 Your location data is not E2EE when your device is online and you use Find My iPhone remotely to locate your device. You will have to make the decision whether these trade-offs are worth the anti-theft benefits of Activation Lock.
@@ -124,11 +124,11 @@ If you use biometrics, you should know how to turn them off quickly in an emerge

 On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID you may just have to hold down the power button and nothing else. Make sure you try this in advance so you know which method works for your device.

-**Stolen Device Protection** is a new feature in iOS 17.3 which adds additional security intended to protect your personal data if your device is stolen while unlocked. If you use biometrics and the Find My Device feature in your Apple ID settings, we recommend enabling this new protection:
+**Stolen Data Protection** is a new feature in iOS 17.3 which adds additional security intended to protect your personal data if your device is stolen while unlocked. If you use biometrics and the Find My Device feature in your Apple ID settings, we recommend enabling this new protection:

 - [x] Select **Turn On Protection**

-After enabling Stolen Device Protection, [certain actions](https://support.apple.com/HT212510) will require biometric authentication without a password fallback (in the event that a shoulder surfer has obtained your PIN), such as using password autofill, accessing payment information, and disabling Lost Mode. It also adds a security delay to certain actions performed away from your home or another "familiar location," such as requiring a 1-hour timer to reset your Apple ID password or sign out of your Apple ID. This delay is intended to give you time to enable Lost Mode and secure your account before a thief can reset your device.
+After enabling stolen data protection, [certain actions](https://support.apple.com/HT212510) will require biometric authentication without a password fallback (in the event that a shoulder surfer has obtained your PIN), such as using password autofill, accessing payment information, and disabling lost mode. It also adds a security delay to certain actions performed away from your home or other "familiar location," such as requiring a 1-hour timer to reset your Apple ID password or sign out of your Apple ID. This delay is intended to give you time to enable Lost Mode and secure your account before a thief can reset your device.

 **Allow Access When Locked** gives you options for what you can allow when your phone is locked. The more of these options you disable, the less someone without your password can do, but the less convenient it will be for you. Pick and choose which of these you don't want someone to have access to if they get their hands on your phone.

@@ -154,29 +154,21 @@ With this setting enabled, someone could intentionally wipe your phone by enteri

 - [x] Turn on **Erase Data**

-#### Privacy & Security
+#### Privacy

 **Location Services** allows you to use features like Find My and Maps. If you don't need these features, you can disable Location Services. Alternatively, you can review and pick which apps can use your location here. Select **Location Services**:

 - [ ] Turn off **Location Services**

-A purple arrow will appear next to an app in these settings that has used your location recently, while a gray arrow indicates that your location has been accessed within the last 24 hours. If you decide to leave Location Services on, Apple will use it for System Services by default. You can review and pick which services can use your location here. However, if you don't want to submit location analytics to Apple, which they use to improve Apple Maps, you can disable this here as well. Select **System Services**:
-
- [ ] Turn off **iPhone Analytics**
- [ ] Turn off **Routing & Traffic**
- [ ] Turn off **Improve Maps**
-
 You can decide to allow apps to request to **track** you here. Disabling this disallows all apps from tracking you with your phone's advertising ID. Select **Tracking**:

 - [ ] Turn off **Allow Apps to Request to Track**

-This is disabled by default and cannot be changed for users under 18.
-
 You should turn off **Research Sensor & Usage Data** if you don't wish to participate in studies. Select **Research Sensor & Usage Data**:

 - [ ] Turn off **Sensor & Usage Data Collection**

-**Safety Check** allows you to quickly view and revoke certain people and apps that might have permission to access your data. Here you can perform an **Emergency Reset**, immediately resetting permissions for all people and apps which might have access to device resources. You can also **Manage Sharing & Access** which allows you to go through and customize who and what has access to your device and account resources.
+**Safety Check** allows you to quickly view and revoke certain people and apps that might have permission to access your data. Here you can perform an **Emergency Reset**, immediately resetting permissions for all people and apps which might have access to device resources, and you can **Manage Sharing & Access** which allows you to go through and customize who and what has access to your device and account resources.

 You should disable analytics if you don't wish to send Apple usage data. Select **Analytics & Improvements**:

@@ -186,7 +178,7 @@ You should disable analytics if you don't wish to send Apple usage data. Select
 - [ ] Turn off **Improve Safety**
 - [ ] Turn off **Improve Siri & Dictation**

-Disable **Personalized Ads** if you don't want targeted ads. Select **Apple Advertising**:
+Disable **Personalized Ads** if you don't want targeted ads. Select **Apple Advertising**

 - [ ] Turn off **Personalized Ads**

@@ -210,7 +202,7 @@ Jailbreaking an iPhone undermines its security and makes you vulnerable. Running

 ### Encrypted iMessage

-The color of the message bubble in the Messages app indicates whether your messages are E2EE or not. A blue bubble indicates that you're using iMessage with E2EE, while a green bubble indicates the other party is using the outdated SMS and MMS protocols. Currently, the only way to get E2EE in Messages is for both parties to be using iMessage on Apple devices.
+The color of the message bubble in the Messages app indicates whether your messages are E2EE or not. A blue bubble indicates that you're using iMessage with E2EE, while a green bubble indicates they're using the outdated SMS and MMS protocols. Currently, the only way to get E2EE in Messages is for both parties to be using iMessage on Apple devices.

 If either you or your messaging partner have iCloud Backup enabled without Advanced Data Protection, the encryption key will be stored on Apple's servers, meaning they can access your messages. Additionally, iMessage's key exchange is not as secure as alternative implementations, like Signal (which allows you to view the recipients key and verify by QR code), so it shouldn't be relied on for particularly sensitive communications.

--- a/docs/os/linux-overview.md
+++ b/docs/os/linux-overview.md
@@ -3,7 +3,7 @@ title: Linux Overview
 icon: simple/linux
 description: Linux is an open-source, privacy-focused desktop operating system alternative, but not all distribitions are created equal.
 ---
-**Linux** is an open-source, privacy-focused desktop operating system alternative. In the face of pervasive telemetry and other privacy-encroaching technologies in mainstream operating systems, desktop Linux has remained the clear choice for people looking for total control over their computers from the ground up.
+**Linux** is an open-source, privacy-focused desktop operating system alternative. In the face of pervasive telemetry and other privacy-encroaching technologies in mainstream operating systems, Linux desktop has remained the clear choice for people looking for total control over their computers from the ground up.

 Our website generally uses the term “Linux” to describe **desktop** Linux distributions. Other operating systems which also use the Linux kernel such as ChromeOS, Android, and Qubes OS are not discussed on this page.

@@ -15,7 +15,7 @@ There are some notable privacy concerns with Linux which you should be aware of.

 - Avoid telemetry that often comes with proprietary operating systems
 - Maintain [software freedom](https://gnu.org/philosophy/free-sw.en.html#four-freedoms)
- Use privacy-focused systems such as [Whonix](../desktop.md#whonix) or [Tails](../desktop.md#tails)
+- Use privacy focused systems such as [Whonix](https://whonix.org) or [Tails](https://tails.net)

 ### Open-Source Security

@@ -41,7 +41,7 @@ Not all Linux distributions are created equal. Our [Linux recommendation page](.

 We highly recommend that you choose distributions which stay close to the stable upstream software releases, often referred to as rolling release distributions. This is because frozen release cycle distributions often don’t update package versions and fall behind on security updates.

-For frozen distributions such as [Debian](https://debian.org/security/faq#handling), package maintainers are expected to backport patches to fix vulnerabilities rather than bump the software to the “next version” released by the upstream developer. Some security fixes [do not](https://arxiv.org/abs/2105.14565) receive a [CVE ID](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures) (particularly less popular software) at all and therefore do not make it into the distribution with this patching model. As a result, minor security fixes are sometimes held back until the next major release.
+For frozen distributions such as [Debian](https://debian.org/security/faq#handling), package maintainers are expected to backport patches to fix vulnerabilities rather than bump the software to the “next version” released by the upstream developer. Some security fixes [do not](https://arxiv.org/abs/2105.14565) receive a [CVE ID](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures) (particularly less popular software) at all and therefore do not make it into the distribution with this patching model. As a result minor security fixes are sometimes held back until the next major release.

 We don’t believe holding packages back and applying interim patches is a good idea, as it diverges from the way the developer might have intended the software to work. [Richard Brown](https://rootco.de/aboutme) has a presentation about this:

@@ -106,7 +106,7 @@ If you require suspend-to-disk (hibernation) functionality, you will still need

 We recommend using a desktop environment that supports the [Wayland](https://en.wikipedia.org/wiki/Wayland_(display_server_protocol)) display protocol, as it was developed with security [in mind](https://lwn.net/Articles/589147). Its predecessor ([X11](https://en.wikipedia.org/wiki/X_Window_System)) does not support GUI isolation, which allows any window to [record, log, and inject inputs in other windows](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation.html), making any attempt at sandboxing futile. While there are options to do nested X11 such as [Xpra](https://en.wikipedia.org/wiki/Xpra) or [Xephyr](https://en.wikipedia.org/wiki/Xephyr), they often come with negative performance consequences, and are neither convenient to set up nor preferable over Wayland.

-Fortunately, [Wayland compositors](https://en.wikipedia.org/wiki/Wayland_(protocol)#Wayland_compositors) such as those included with [GNOME](https://gnome.org) and [KDE Plasma](https://kde.org) now have good support for Wayland along with some other compositors that use [wlroots](https://gitlab.freedesktop.org/wlroots/wlroots/-/wikis/Projects-which-use-wlroots), (e.g. [Sway](https://swaywm.org)). Some distributions like Fedora and Tumbleweed use it by default, and some others may do so in the future as X11 is in [hard maintenance mode](https://phoronix.com/news/X.Org-Maintenance-Mode-Quickly). If you’re using one of those environments it is as easy as selecting the “Wayland” session at the desktop display manager ([GDM](https://en.wikipedia.org/wiki/GNOME_Display_Manager), [SDDM](https://en.wikipedia.org/wiki/Simple_Desktop_Display_Manager)).
+Fortunately, [wayland compositors](https://en.wikipedia.org/wiki/Wayland_(protocol)#Wayland_compositors) such as those included with [GNOME](https://gnome.org) and [KDE Plasma](https://kde.org) now have good support for Wayland along with some other compositors that use [wlroots](https://gitlab.freedesktop.org/wlroots/wlroots/-/wikis/Projects-which-use-wlroots), (e.g. [Sway](https://swaywm.org)). Some distributions like Fedora and Tumbleweed use it by default, and some others may do so in the future as X11 is in [hard maintenance mode](https://phoronix.com/news/X.Org-Maintenance-Mode-Quickly). If you’re using one of those environments it is as easy as selecting the “Wayland” session at the desktop display manager ([GDM](https://en.wikipedia.org/wiki/GNOME_Display_Manager), [SDDM](https://en.wikipedia.org/wiki/Simple_Desktop_Display_Manager)).

 We recommend **against** using desktop environments or window managers that do not have Wayland support, such as Cinnamon (default on Linux Mint), Pantheon (default on Elementary OS), MATE, Xfce, and i3.

@@ -122,7 +122,7 @@ Most Linux distributions will automatically install updates or remind you to do

 Some distributions (particularly those aimed at advanced users) are more bare bones and expect you to do things yourself (e.g. Arch or Debian). These will require running the "package manager" (`apt`, `pacman`, `dnf`, etc.) manually in order to receive important security updates.

-Additionally, some distributions will not download firmware updates automatically. For that, you will need to install [`fwupd`](https://wiki.archlinux.org/title/Fwupd).
+Additionally, some distributions will not download firmware updates automatically. For that you will need to install [`fwupd`](https://wiki.archlinux.org/title/Fwupd).

 ## Privacy Tweaks

@@ -144,7 +144,7 @@ There are other system identifiers which you may wish to be careful about. You s

 - **Hostnames:** Your system's hostname is shared with the networks you connect to. You should avoid including identifying terms like your name or operating system in your hostname, instead sticking to generic terms or random strings.
 - **Usernames:** Similarly, your username is used in a variety of ways across your system. Consider using generic terms like "user" rather than your actual name.
- **Machine ID:** During installation, a unique machine ID is generated and stored on your device. Consider [setting it to a generic ID](https://madaidans-insecurities.github.io/guides/linux-hardening.html#machine-id).
+- **Machine ID:**: During installation a unique machine ID is generated and stored on your device. Consider [setting it to a generic ID](https://madaidans-insecurities.github.io/guides/linux-hardening.html#machine-id).

 ### System Counting

@@ -152,4 +152,4 @@ The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Co

 This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.

-openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by emptying the `/var/lib/zypp/AnonymousUniqueId` file.
+openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file.
--- a/docs/os/qubes-overview.md
+++ b/docs/os/qubes-overview.md
@@ -58,7 +58,7 @@ The [qrexec framework](https://qubes-os.org/doc/qrexec) is a core part of Qubes

 We [recommend](../advanced/tor-overview.md) connecting to the Tor network via a [VPN](../vpn.md) provider, and luckily Qubes makes this easy to do with a combination of ProxyVMs and Whonix.

-After [creating a new ProxyVM](https://forum.qubes-os.org/t/configuring-a-proxyvm-vpn-gateway/19061) which connects to the VPN of your choice, you can chain your Whonix qubes to that ProxyVM **before** they connect to the Tor network, by setting the NetVM of your Whonix **Gateway** (`sys-whonix`) to the newly-created ProxyVM.
+After [creating a new ProxyVM](https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/vpn.md) which connects to the VPN of your choice, you can chain your Whonix qubes to that ProxyVM **before** they connect to the Tor network, by setting the NetVM of your Whonix **Gateway** (`sys-whonix`) to the newly-created ProxyVM.

 Your qubes should be configured in a manner similar to this:

@@ -66,7 +66,7 @@ Your qubes should be configured in a manner similar to this:
 |-----------------|------------------------------------------------------------------------------------------------------------------|-----------------|
 | sys-net         | *Your default network qube (pre-installed)*                                                                      | *n/a*           |
 | sys-firewall    | *Your default firewall qube (pre-installed)*                                                                     | sys-net         |
-| ==sys-proxyvm== | The VPN ProxyVM you [created](https://forum.qubes-os.org/t/configuring-a-proxyvm-vpn-gateway/19061) | sys-firewall    |
+| ==sys-proxyvm== | The VPN ProxyVM you [created](https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/vpn.md) | sys-firewall    |
 | sys-whonix      | Your Whonix Gateway VM                                                                                           | ==sys-proxyvm== |
 | anon-whonix     | Your Whonix Workstation VM                                                                                       | sys-whonix      |

--- a/docs/os/windows/group-policies.md
+++ b/docs/os/windows/group-policies.md
@@ -1,133 +0,0 @@
---
-title: Group Policy Settings
---
-Outside of modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
-
-These settings should be set on a brand new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictible behavior and is done at your own risk.
-
-All of these settings have an explanation attached to them in the Group Policy editor which explains exactly what they do, usually in great detail. Please pay attention to those descriptions as you make changes, so you know exactly what we are recommending here. We've also explained some of our choices below whenever the explanation included with Windows is inadequate.
-
-## Administrative Templates
-
-You can find these settings by opening `gpedit.msc` and navigating to **Local Computer Policy** > **Computer Configuration** > **Administrative Templates** in the left sidebar. The headers on this page correspond to folders/subfolders within Administrative Templates, and the bullet points correspond to individual policies.
-
-To change any group policy, double click it and select Enabled or Disabled at the top of the window that appears depending on the recommendations below. Some group policies have additional settings that can be configured, and if that's the case the appropriate settings are noted below as well.
-
-### System
-
-#### Device Guard
-
- Turn On Virtualization Based Security: **Enabled**
-    - Platform Security Level: **Secure Boot and DMA Protection**
-    - Secure Launch Configuration: **Enabled**
-
-#### Internet Communication Management
-
- Turn off Windows Customer Experience Improvement Program: **Enabled**
- Turn off Windows Error Reporting: **Enabled**
- Turn off the Windows Messenger Customer Experience Improvement Program: **Enabled**
-
-Note that disabling the Windows Customer Experience Improvement Program also disables some other tracking features that can be individually controlled with Group Policy as well. We don't list them all here or disable them because this setting covers that.
-
-#### OS Policies
-
- Allow Clipboard History: **Disabled**
- Allow Clipboard synchronization across devices: **Disabled**
- Enables Activity Feed: **Disabled**
- Allow publishing of User Activities: **Disabled**
- Allow upload of User Activities: **Disabled**
-
-#### User Profiles
-
- Turn off the advertising ID: **Enabled**
-
-### Windows Components
-
-#### AutoPlay Policies
-
-AutoRun and AutoPlay are features which allow Windows to run a script or perform some other task when a device is connected, sometimes avoiding security measures that involve user consent. This could allow untrusted devices to run malicious code without your knowledge. It's a security best practice to disable these features, and simply open files on your external disks manually.
-
- Turn off AutoPlay: **Enabled**
- Disallow Autoplay for nonvolume devices: **Enabled**
- Set the default behavior for AutoRun: **Enabled**
-    - Default AutoRun Behavior: **Do not execute any AutoRun commands**
-
-#### BitLocker Drive Encryption
-
-You may wish to re-encrypt your operating system drive after changing these settings.
-
- Choose drive encryption method and cipher strength (Windows Vista, Windows Server 2008, Windows 7): **Enabled**
-    - Select the encryption method: **AES-256**
-
-Setting the cipher strength for the Windows 7 policy still applies that strength to newer versions of Windows.
-
-##### Operating System Drives
-
- Require additional authentication at startup: **Enabled**
- Allow enhanced PINs for startup: **Enabled**
-
-Despite the names of these policies, this doesn't *require* you to do anything by default, but it will unlock the *option* to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the Bitlocker setup wizard.
-
-#### Cloud Content
-
- Turn off cloud optimized content: **Enabled**
- Turn off cloud consumer account state content: **Enabled**
- Do not show Windows tips: **Enabled**
- Turn off Microsoft consumer experiences: **Enabled**
-
-#### Credential User Interface
-
- Require trusted path for credential entry: **Enabled**
- Prevent the use of security questions for local accounts: **Enabled**
-
-#### Data Collection and Preview Builds
-
- Allow Diagnostic Data: **Enabled**
-    - Options: **Send required diagnostic data** (Pro Edition); or
-    - Options: **Diagnostic data off** (Enterprise or Education Edition)
- Limit Diagnostic Log Collection: **Enabled**
- Limit Dump Collection: **Enabled**
- Limit optional diagnostic data for Desktop Analytics: **Enabled**
-    - Options: **Disable Desktop Analytics collection**
- Do not show feedback notifications: **Enabled**
-
-#### File Explorer
-
- Turn off account-based insights, recent, favorite, and recommended files in File Explorer: **Enabled**
-
-#### MDM
-
- Disable MDM Enrollment: **Enabled**
-
-#### OneDrive
-
- Save documents to OneDrive by default: **Disabled**
- Prevent OneDrive from generating network traffic until the user signs in to OneDrive: **Enabled**
- Prevent the usage of OneDrive for file storage: **Enabled**
-
-This last setting disables OneDrive on your system; make sure to change it to **Disabled** if you use OneDrive.
-
-#### Push To Install
-
- Turn off Push To Install service: **Enabled**
-
-#### Search
-
- Allow Cortana: **Disabled**
- Don't search the web or display web results in Search: **Enabled**
- Set what information is shared in Search: **Enabled**
-    - Type of information: **Anonymous info**
-
-#### Sync your settings
-
- Do not sync: **Enabled**
-
-#### Text input
-
- Improve inking and typing recognition: **Disabled**
-
-#### Windows Error Reporting
-
- Do not send additional data: **Enabled**
- Consent > Configure Default consent: **Enabled**
-    - Consent level: **Always ask before sending data**
--- a/docs/os/windows/index.md
+++ b/docs/os/windows/index.md
@@ -1,61 +0,0 @@
---
-title: Windows Overview
-icon: simple/windows
---
-**Microsoft Windows** is a proprietary operating system in widespread use. Recent versions of Windows, especially Windows 11, are widely considered to be the most privacy-invasive and least secure modern operating systems.
-
-If you have the choice between Windows 10 and Windows 11, we would recommend using Windows 10 for as long as possible. Windows 10 will be supported until October 2025. However, no current version of Windows respects your privacy without extensive modifications that are often undone by future updates from Microsoft. Consider [Linux](../linux-overview.md) if you'd prefer an operating system that respects your privacy and preferences.
-
-Microsoft continually adds new cloud-based features to Windows 11 which are enabled by default without user consent. Most recently (as of May 2024), they've introduced a built-in keylogger called **Recall** (part of their AI features) which records every keystroke on your device, and records your screen by screenshotting at regular intervals. This data is stored unsafely in a local database that is decrypted when your device is powered on, meaning it is an easy target for hackers. It will not redact sensitive information like copied passwords or financial information from the database, but it does protect Hollywood movie studios by not recording copyrighted content. This feature is currently only on certain newer devices, but it serves as an example of how little Microsoft cares about your security and privacy.
-
-## Guides
-
-You can enhance your privacy and security on Windows without downloading any third-party tools with these guides:
-
- Initial Installation (coming soon)
- [Group Policy Settings](group-policies.md)
- Privacy Settings (coming soon)
- Application Sandboxing (coming soon)
- Security Hardening (coming soon)
-
-This section is a work in progress, because it takes considerably more time and effort to make a Windows installation usable compared to other operating systems. Additional guides are coming soon!
-
-## Privacy History
-
-Especially since the release of Windows 8, Microsoft has demonstrated extremely privacy-invasive behavior with their operating system releases, consistently taking advantage of the fact that Windows is the most widely-used desktop operating system. Windows 10 was widely [criticized](https://www.theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings) for having default settings that sent a lot of data and telemetry back to Microsoft, [including](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) "User's contacts and calendar events, location data and history, 'telemetry' (diagnostics data) [...] and 'advertising ID', as well as further data when the Cortana assistant is enabled" (which it is by default). Windows 10 also made it much more challenging to change default applications (such as your web browser) away from Microsoft-provided apps, which is behavior that still persists today.
-
-At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce the teletetry](https://www.extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) sent to them.
-
-Windows 11 has introduced even more privacy-invasive behavior, including:
-
- Being forced to use a Microsoft account instead of a local account on Home editions, and still hiding away local account options on Pro editions and higher.
- Enabling virtually all data collection options by default.
- Heavily integrating Microsoft services like Bing, OneDrive, and Teams in ways which are difficult to remove.
- Adding (cloud-based) AI features to many areas in Windows and various Microsoft Apps.
- Unnecessarily storing massive amounts of sensitive data. Even data which is stored locally and not sent to Microsoft is still a target for hackers or malware on your device.
-
-Microsoft often abuses the automatic updates feature to add new functionality to your device that collects your data and is enabled by default.
-
-Some privacy features in Windows 11 are locked to devices in the European Union. We have not yet found a way to reliably access those settings worldwide.
-
-## Windows Editions
-
-Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows Home Edition. Some features missing from **Windows Home Edition** include Bitlocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be critical.
-
-**Windows Enterprise** provides the most flexibility when it comes to configuring privacy and security settings built in to Windows. For example, they are the only editions that allow you to enable the highest level of restrictions on data sent to Microsoft via telemetry tools. Unfortunately, Enterprise is not available for retail purchase, so it may not be available to you.
-
-The best version available for *retail* purchase is **Windows Pro Edition**. This version does not allow you to set some of the most restrictive limitations on Microsoft's telemetry unfortunately, but does have nearly all of the features you'll want to use to secure your device, including Bitlocker, Hyper-V, etc.
-
-Students and teachers may be able to obtain **Windows Education** (equivalent to Enterprise) or **Windows Pro Education** (equivalent to Pro) for free (including on personal devices) from their educational institution. Many schools partner with Microsoft via OnTheHub or Microsoft Azure for Education, so you can check those sites or your school's benefits page to see if you qualify. Whether or not you are able to get these licenses depends entirely on your institution. This may be the best way for many people to obtain an Enterprise-level edition of Windows for personal use. There are no additional privacy or security risks associated with using an Education license compared to the retail versions.
-
-It is not recommended to use forks or modified versions of Windows such as Windows AME. Since modified versions of Windows like Windows AME don't receive updates, security features and antivirus definitions in Windows Defender will fall behind the current threat landscape, opening you up to attacks.
-
-## Obtaining Windows
-
-Currently, only Windows 11 license keys are available for purchase, but these keys will work on Windows 10 as well, so you can still purchase a Windows 11 Pro key to activate a Windows 10 install.
-
-The official [Media Creation tool](https://www.microsoft.com/software-download/windows10) is the best way to put a Windows installer on a USB flash drive. Third-party tools like Rufus or Etcher may unexpectedly modify the files, which could lead to boot issues or other troubles with installing.
-
-This tool only lets you install a Home or Pro edition installation, as there are no publicly available downloads for Windows Enterprise Edition. However, if you have an Enterprise Edition license key, you can easily upgrade a Pro installation. Just install Windows Pro without entering a license key during setup, then enter your Enterprise key in the Settings app after completing the install. Your Pro Edition install will upgrade to Enterprise Edition automatically after entering a valid license key.
-
-If you are installing an Education edition, typically a private download will be provided alongside your license key when you obtain it from your institution's benefits portal.
--- a/docs/passwords.md
+++ b/docs/passwords.md
@@ -185,7 +185,7 @@ You need the [Premium Plan](https://bitwarden.com/help/about-bitwarden-plans/#co

 Bitwarden's server-side code is [open source](https://github.com/bitwarden/server), so if you don't want to use the Bitwarden cloud, you can easily host your own Bitwarden sync server.

-**Vaultwarden** is an alternative implementation of Bitwarden's sync server written in Rust and compatible with official Bitwarden clients, perfect for self-hosted deployment where running the resource-heavy official service might not be ideal. If you are looking to self-host Bitwarden on your own server, you almost certainly want to use Vaultwarden over Bitwarden's official server code.
+**Vaultwarden** is an alternative implementation of Bitwarden's sync server written in Rust and compatible with official Bitwarden clients, perfect for self-hosted deployment where running the official resource-heavy service might not be ideal. If you are looking to self-host Bitwarden on your own server, you almost certainly want to use Vaultwarden over Bitwarden's official server code.

 [:octicons-repo-16: Vaultwarden Repository](https://github.com/dani-garcia/vaultwarden){ .md-button }
 [:octicons-info-16:](https://github.com/dani-garcia/vaultwarden/wiki){ .card-link title=Documentation}
@@ -198,7 +198,7 @@ Bitwarden's server-side code is [open source](https://github.com/bitwarden/serve

 ![Proton Pass logo](assets/img/password-management/protonpass.svg){ align=right }

-**Proton Pass** is an open-source, end-to-end encrypted password manager developed by Proton, the team behind [Proton Mail](email.md#proton-mail). It securely stores your login credentials, generates unique email aliases, and supports and stores passkeys.
+Proton Pass is an open-source, end-to-end encrypted password manager developed by Proton, the team behind [Proton Mail](email.md#proton-mail). It securely stores your login credentials, generates unique email aliases, supports and stores passkeys, and offers a community-funded, Swiss-based service with strict data privacy laws.

 [:octicons-home-16: Homepage](https://proton.me/pass){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://proton.me/pass/privacy-policy){ .card-link title="Privacy Policy" }
@@ -214,7 +214,7 @@ Bitwarden's server-side code is [open source](https://github.com/bitwarden/serve
 - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/proton-pass)
 - [:simple-googlechrome: Chrome](https://chromewebstore.google.com/detail/proton-pass-free-password/ghmbeldphafepmbegfdlkpapadhbakde)
 - [:simple-microsoftedge: Edge](https://chromewebstore.google.com/detail/proton-pass-free-password/ghmbeldphafepmbegfdlkpapadhbakde)
- [:octicons-browser-16: Web](https://pass.proton.me)
+- [:octicons-globe-16: Web](https://pass.proton.me)

 </details>

@@ -254,16 +254,18 @@ All issues were addressed and fixed shortly after the [report](https://res.cloud
 - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/1password-%E2%80%93-password-mana/aeblfdkhhhdcdjpifhhbdiojplfjncoa)
 - [:simple-microsoftedge: Edge](https://microsoftedge.microsoft.com/addons/detail/dppgmdbiimibapkepcbdbmkaabgiofem)
 - [:simple-safari: Safari](https://apps.apple.com/us/app/1password-for-safari/id1569813296)
- [:octicons-browser-16: Web](https://my.1password.com/signin)
+- [:octicons-globe-16: Web](https://my.1password.com/signin)

 </details>

 </div>

-Traditionally, 1Password has offered the best password manager user experience for people using macOS and iOS; however, it has now achieved feature-parity across all platforms. 1Password's clients boast many features geared towards families and less technical people, such as an intuitive UI for ease of use and navigation, as well as advanced functionality. Notably, nearly every feature of 1Password is available within its native mobile or desktop clients.
+Traditionally, **1Password** has offered the best password manager user experience for people using macOS and iOS; however, it has now achieved feature-parity across all platforms. It boasts many features geared towards families and less technical people, as well as advanced functionality.

 Your 1Password vault is secured with both your master password and a randomized 34-character security key to encrypt your data on their servers. This security key adds a layer of protection to your data because your data is secured with high entropy regardless of your master password. Many other password manager solutions are entirely reliant on the strength of your master password to secure your data.

+One advantage 1Password has over Bitwarden is its first-class support for native clients. While Bitwarden relegates many duties, especially account management features, to their web vault interface, 1Password makes nearly every feature available within its native mobile or desktop clients. 1Password's clients also have a more intuitive UI, which makes them easier to use and navigate.
+
 ### Psono

 <div class="admonition recommendation" markdown>
@@ -292,8 +294,6 @@ Your 1Password vault is secured with both your master password and a randomized

 Psono provides extensive documentation for their product. The web-client for Psono can be self-hosted; alternatively, you can choose the full Community Edition or the Enterprise Edition with additional features.

-In April 2024, Psono added [support for passkeys](https://psono.com/blog/psono-introduces-passkeys) for the browser extension only.
-
 ### Criteria

 **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
@@ -323,7 +323,7 @@ These options allow you to manage an encrypted password database locally.

 ![KeePassXC logo](assets/img/password-management/keepassxc.svg){ align=right }

-**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bugfixes to provide a feature-rich, cross-platform, and modern open-source password manager.
+**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal to extend and improve it with new features and bugfixes to provide a feature-rich, cross-platform and modern open-source password manager.

 [:octicons-home-16: Homepage](https://keepassxc.org){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://keepassxc.org/privacy){ .card-link title="Privacy Policy" }
@@ -353,7 +353,7 @@ KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-se

 ![KeePassDX logo](assets/img/password-management/keepassdx.svg){ align=right }

-**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms in a secure way. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
+**KeePassDX** is a lightweight password manager for Android, allows editing encrypted data in a single file in KeePass format and can fill in the forms in a secure way. [Contributor Pro](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) allows unlocking cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.

 [:octicons-home-16: Homepage](https://keepassdx.com){ .md-button .md-button--primary }
 [:octicons-info-16:](https://github.com/Kunzisoft/KeePassDX/wiki){ .card-link title=Documentation}
@@ -376,7 +376,7 @@ KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-se

 ![Strongbox logo](assets/img/password-management/strongbox.svg){ align=right }

-**Strongbox** is a native, open-source password manager for iOS and macOS. Supporting both KeePass and Password Safe formats, Strongbox can be used in tandem with other password managers, like KeePassXC, on non-Apple platforms. By employing a [freemium model](https://strongboxsafe.com/pricing), Strongbox offers most features under its free tier, with more convenience-oriented [features](https://strongboxsafe.com/comparison)—such as biometric authentication—locked behind a subscription or perpetual license.
+**Strongbox** is a native, open-source password manager for iOS and macOS. Supporting both KeePass and Password Safe formats, Strongbox can be used in tandem with other password managers, like KeePassXC, on non-Apple platforms. By employing a [freemium model](https://strongboxsafe.com/pricing), Strongbox offers most features under its free tier with more convenience-oriented [features](https://strongboxsafe.com/comparison)—such as biometric authentication—locked behind a subscription or perpetual license.

 [:octicons-home-16: Homepage](https://strongboxsafe.com){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://strongboxsafe.com/privacy){ .card-link title="Privacy Policy" }
--- a/docs/photo-management.md
+++ b/docs/photo-management.md
@@ -6,19 +6,19 @@ cover: photo-management.webp
 ---
 Most cloud photo management solutions like Google Photos, Flickr, and Amazon Photos don't secure your photos against being accessed by the cloud storage provider themselves. These options keep your personal photos private, while allowing you to share them only with family and trusted people.

-## Ente Photos
+## ente

 <div class="admonition recommendation" markdown>

-![Ente logo](assets/img/photo-management/ente.svg#only-light){ align=right }
-![Ente logo](assets/img/photo-management/ente-dark.svg#only-dark){ align=right }
+![ente logo](assets/img/photo-management/ente.svg#only-light){ align=right }
+![ente logo](assets/img/photo-management/ente-dark.svg#only-dark){ align=right }

-**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). It underwent an [audit by Cure53](https://ente.io/blog/cryptography-audit) in March 2023 and by [Fallible](https://ente.io/reports/Fallible-Audit-Report-19-04-2023.pdf) in April 2023. The free trial offers 5GB of storage, for a year.
+**ente** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). It underwent an [audit by Cure53](https://ente.io/blog/cryptography-audit) in March 2023 and by [Fallible](https://ente.io/reports/Fallible-Audit-Report-19-04-2023.pdf) in April 2023.

 [:octicons-home-16: Homepage](https://ente.io){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://ente.io/privacy){ .card-link title="Privacy Policy" }
 [:octicons-info-16:](https://ente.io/faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/ente-io/ente){ .card-link title="Source Code" }
+[:octicons-code-16:](https://github.com/ente-io){ .card-link title="Source Code" }

 <details class="downloads" markdown>
 <summary>Downloads</summary>
@@ -26,7 +26,7 @@ Most cloud photo management solutions like Google Photos, Flickr, and Amazon Pho
 - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=io.ente.photos)
 - [:simple-android: Android](https://ente.io/download)
 - [:simple-appstore: App Store](https://apps.apple.com/app/id1542026904)
- [:simple-github: GitHub](https://github.com/ente-io/ente/releases?q=photos)
+- [:simple-github: GitHub](https://github.com/ente-io/ente/releases)
 - [:simple-windows11: Windows](https://ente.io/download)
 - [:simple-apple: macOS](https://ente.io/download)
 - [:simple-linux: Linux](https://ente.io/download)
@@ -56,7 +56,7 @@ Most cloud photo management solutions like Google Photos, Flickr, and Amazon Pho
 - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.stingle.photos)
 - [:simple-android: Android](https://f-droid.org/en/packages/org.stingle.photos)
 - [:simple-appstore: App Store](https://apps.apple.com/app/id1582535448)
- [:simple-github: GitHub](https://github.com/stingle/stingle-photos-android/releases)
+- [:simple-github: GitHub](https://github.com/stingle)

 </details>

@@ -92,7 +92,7 @@ Most cloud photo management solutions like Google Photos, Flickr, and Amazon Pho

 - Cloud-hosted providers must enforce end-to-end encryption.
 - Must offer a free plan or trial period for testing.
- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multi-factor authentication, or Passkey logins.
 - Must offer a web interface which supports basic file management functionality.
 - Must allow for easy exports of all files/documents.
 - Must use standard, audited encryption.
--- a/docs/productivity.md
+++ b/docs/productivity.md
@@ -82,7 +82,7 @@ In general, we define collaboration platforms as full-fledged suites which could
 Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.

 - Should store files in a conventional filesystem.
- Should support TOTP or FIDO2 multi-factor authentication support, or passkey logins.
+- Should support TOTP or FIDO2 multi-factor authentication support, or Passkey logins.

 ## Office Suites

@@ -170,22 +170,6 @@ In general, we define office suites as applications which could reasonably act a

 </div>

-### Criteria
-
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-
-#### Minimum Requirements
-
- Must be open source.
- Must implement "zero-trust" end-to-end encryption.
- Must support password-protected files.
-
-#### Best-Case
-
-Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
-
- Should have a published audit from a reputable, independent third-party.
-
 ## Language services

 ### LanguageTool
@@ -223,5 +207,14 @@ Our best-case criteria represents what we would like to see from the perfect pro

 **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.

+#### Minimum Requirements
+
 - Must be open source.
- Must be possible to self-host.
+- Must implement "zero-trust" end-to-end encryption.
+- Must support password-protected files.
+
+#### Best-Case
+
+Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
+
+- Should have a published audit from a reputable, independent third-party.
--- a/docs/real-time-communication.md
+++ b/docs/real-time-communication.md
@@ -53,15 +53,6 @@ Signal requires your phone number for registration, however you should create a

 You can optionally change the **Who Can Find Me By Number** setting to **Nobody** as well, if you want to prevent people who already have your phone number from discovering your Signal account/username.

-<div class="admonition warning" markdown>
-<p class="admonition-title">Signal Desktop Warning</p>
-
-Signal's desktop client is notably [less secure](https://discuss.privacyguides.net/t/signal-stores-your-decryption-key-in-a-plain-text-file-on-macos/19309/69) against local malware compared to its mobile apps. While no messenger can ever provide complete protection against local malware with sufficient access, Signal Desktop is built on Electron and does not utilize native OS data protection features like strong application sandboxing or database encryption. This could mean that even malware with very limited (read-only user level, instead of full root) privileges could potentially compromise your messages.
-
-For most people this is only a minor concern (if you have malware on your device, you probably have bigger problems). If you are particularly concerned about malware or physical/targeted attacks, you may be better off using the mobile apps exclusively.
-
-</div>
-
 Contact lists on Signal are encrypted using your Signal PIN and the server does not have access to them. Personal profiles are also encrypted and only shared with contacts you chat with. Signal supports [private groups](https://signal.org/blog/signal-private-group-system), where the server has no record of your group memberships, group titles, group avatars, or group attributes. Signal has minimal metadata when [Sealed Sender](https://signal.org/blog/sealed-sender) is enabled. The sender address is encrypted along with the message body, and only the recipient address is visible to the server. Sealed Sender is only enabled for people in your contacts list, but can be enabled for all recipients with the increased risk of receiving spam.

 The protocol was independently [audited](https://eprint.iacr.org/2016/1013.pdf) in 2016. The specification for the Signal protocol can be found in their [documentation](https://signal.org/docs).
--- a/docs/search-engines.md
+++ b/docs/search-engines.md
@@ -33,7 +33,7 @@ Consider using a [VPN](vpn.md) or [Tor](tor.md) if your threat model requires hi

 **Brave Search** is a search engine developed by Brave. The index is optimized against Google Search and therefore may provide more contextually accurate results compared to other alternatives.

-Brave Search includes unique features such as [Discussions](https://search.brave.com/help/discussions), which highlights conversation-focused results such as forum posts.
+Brave Search includes unique features such as [Discussions](https://search.brave.com/help/discussions), which highlights conversation-focused results—such as forum posts.

 [:octicons-home-16: Homepage](https://search.brave.com){ .md-button .md-button--primary }
 [:simple-torbrowser:](https://search.brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title="Onion Service" }
@@ -44,8 +44,6 @@ Brave Search includes unique features such as [Discussions](https://search.brave

 </div>

-Note that if you use Brave Search while logged in to a Premium account, it may make it easier for Brave to correlate queries with specific users.
-
 We recommend you disable [Anonymous usage metrics](https://search.brave.com/help/usage-metrics) as it is enabled by default and can be disabled within settings.

 ### DuckDuckGo
@@ -124,7 +122,7 @@ When you are using a SearXNG instance, be sure to go read their privacy policy.
 ### Minimum Requirements

 - Must not collect PII per their privacy policy.
- Must not require users to create an account with them.
+- Must not allow users to create an account with them.

 ### Best-Case

--- a/docs/security-keys.md
+++ b/docs/security-keys.md
@@ -1,133 +0,0 @@
---
-title: "Security Keys"
-icon: 'material/key-chain'
-description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party.
-cover: multi-factor-authentication.webp
---
-A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multi-factor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
-
-## Yubico Security Key
-
-<div class="admonition recommendation" markdown>
-
-<figure markdown="span">
-  ![Security Key Series by Yubico](assets/img/security-keys/yubico-security-key.webp){ width="315" }
-</figure>
-
-The **Yubico Security Key** series is the most cost-effective hardware security key with FIDO Level 2 certification. It supports FIDO2/WebAuthn and FIDO U2F, and works out of the box with most services that support a security key as a second factor, as well as many password managers.
-
-[:octicons-home-16: Homepage](https://yubico.com/products/security-key){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://yubico.com/support/terms-conditions/privacy-notice){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://docs.yubico.com){ .card-link title=Documentation}
-
-</details>
-
-</div>
-
-These keys are available in both USB-C and USB-A variants, and both options support NFC for use with a mobile device as well.
-
-This key provides only basic FIDO2 functionality, but for most people that is all you will need. Some notable features the Security Key series does **not** have include:
-
- [Yubico Authenticator](https://yubico.com/products/yubico-authenticator)
- CCID Smart Card support (PIV-compatibile)
- OpenPGP
-
-If you need any of those features, you should consider their higher-end [YubiKey](#yubikey) of products instead.
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warning</p>
-
-The firmware of Yubico's Security Keys is not updatable. If you want features in newer firmware versions, or if there is a vulnerability in the firmware version you are using, you would need to purchase a new key.
-
-</div>
-
-## YubiKey
-
-<div class="admonition recommendation" markdown>
-
-<figure markdown="span">
-  ![YubiKeys](assets/img/security-keys/yubikey.png){ width="400" }
-</figure>
-
-The **YubiKey** series from Yubico are among the most popular security keys. The YubiKey 5 Series has a wide range of features such as: [Universal 2nd Factor (U2F)](https://en.wikipedia.org/wiki/Universal_2nd_Factor), [FIDO2 and WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online), [Yubico OTP](basics/multi-factor-authentication.md#yubico-otp), [Personal Identity Verification (PIV)](https://developers.yubico.com/PIV), [OpenPGP](https://developers.yubico.com/PGP), [TOTP and HOTP](https://developers.yubico.com/OATH) authentication.
-
-[:octicons-home-16: Homepage](https://yubico.com/products/yubikey-5-overview){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://yubico.com/support/terms-conditions/privacy-notice){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://docs.yubico.com){ .card-link title=Documentation}
-
-</details>
-
-</div>
-
-The [comparison table](https://yubico.com/store/compare) shows the features and how the YubiKeys compare to each other and to Yubico's [Security Key](#yubico-security-key) series. One of the benefits of the YubiKey series is that one key can do almost everything you could expect from a hardware security key. We encourage you to take their [quiz](https://yubico.com/quiz) before purchasing in order to make sure you make the right choice.
-
-The Yubikey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [Yubikey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
-
-YubiKeys can be programmed using the [YubiKey Manager](https://yubico.com/support/download/yubikey-manager) or [YubiKey Personalization Tools](https://yubico.com/support/download/yubikey-personalization-tools). For managing TOTP codes, you can use the [Yubico Authenticator](https://yubico.com/products/yubico-authenticator). All of Yubico's clients are open source.
-
-For models which support HOTP and TOTP, there are 2 slots in the OTP interface which could be used for HOTP and 32 slots to store TOTP secrets. These secrets are stored encrypted on the key and never expose them to the devices they are plugged into. Once a seed (shared secret) is given to the Yubico Authenticator, it will only give out the six-digit codes, but never the seed. This security model helps limit what an attacker can do if they compromise one of the devices running the Yubico Authenticator and make the YubiKey resistant to a physical attacker.
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warning</p>
-
-The firmware of YubiKey is not updatable. If you want features in newer firmware versions, or if there is a vulnerability in the firmware version you are using, you would need to purchase a new key.
-
-</div>
-
-## Nitrokey
-
-<div class="admonition recommendation" markdown>
-
-<figure markdown="span">
-  ![Nitrokey](assets/img/security-keys/nitrokey.jpg){ width="300" }
-</figure>
-
-**Nitrokey** has a security key capable of [FIDO2 and WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online) called the **Nitrokey FIDO2**. For PGP support, you need to purchase one of their other keys such as the **Nitrokey Start**, **Nitrokey Pro 2** or the **Nitrokey Storage 2**.
-
-[:octicons-home-16: Homepage](https://nitrokey.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://nitrokey.com/data-privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://docs.nitrokey.com){ .card-link title=Documentation}
-
-</details>
-
-</div>
-
-The [comparison table](https://nitrokey.com/#comparison) shows the features and how the Nitrokey models compare. The **Nitrokey 3** listed will have a combined feature set.
-
-Nitrokey models can be configured using the [Nitrokey app](https://nitrokey.com/download).
-
-For the models which support HOTP and TOTP, there are 3 slots for HOTP and 15 for TOTP. Some Nitrokeys can act as a password manager. They can store 16 different credentials and encrypt them using the same password as the OpenPGP interface.
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warning</p>
-
-While Nitrokeys do not release the HOTP/TOTP secrets to the device they are plugged into, the HOTP and TOTP storage is **not** encrypted and is vulnerable to physical attacks. If you are looking to store HOTP or TOTP secrets, we highly recommend that you use a YubiKey instead.
-
-</div>
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warning</p>
-
-Resetting the OpenPGP interface on a Nitrokey will also make the password database [inaccessible](https://docs.nitrokey.com/pro/linux/factory-reset).
-
-</div>
-
-## Criteria
-
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-
-### Minimum Requirements
-
- Must use high quality, tamper resistant hardware security modules.
- Must support the latest FIDO2 specification.
- Must not allow private key extraction.
- Devices which cost over $35 must support handling OpenPGP and S/MIME.
-
-### Best-Case
-
-Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
-
- Should be available in USB-C form-factor.
- Should be available with NFC.
- Should support TOTP secret storage.
- Should support secure firmware updates.
--- a/docs/tools.md
+++ b/docs/tools.md
@@ -103,7 +103,7 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b

 </div>

-[Learn more :material-arrow-right-drop-circle:](dns.md#self-hosted-dns-filtering)
+[Learn more :material-arrow-right-drop-circle:](dns.md#self-hosted-solutions)

 ### Email

@@ -111,7 +111,7 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b

 - ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji loading=lazy } [Proton Mail](email.md#proton-mail)
 - ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji loading=lazy } [Mailbox.org](email.md#mailboxorg)
- ![Tuta logo](assets/img/email/tuta.svg#only-light){ .twemoji loading=lazy }![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ .twemoji loading=lazy } [Tuta](email.md#tuta)
+- ![Tuta logo](assets/img/email/tuta.svg){ .twemoji loading=lazy } [Tuta](email.md#tuta)

 </div>

@@ -166,7 +166,7 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b

 <div class="grid cards" markdown>

- ![Ente logo](assets/img/photo-management/ente.svg#only-light){ .twemoji loading=lazy }![Ente logo](assets/img/photo-management/ente.svg#only-dark){ .twemoji loading=lazy } [Ente Photos](photo-management.md#ente-photos)
+- ![Ente logo](assets/img/photo-management/ente.svg#only-light){ .twemoji loading=lazy }![Ente logo](assets/img/photo-management/ente.svg#only-dark){ .twemoji loading=lazy } [Ente](photo-management.md#ente)
 - ![Stingle logo](assets/img/photo-management/stingle.png#only-light){ .twemoji loading=lazy }![Stingle logo](assets/img/photo-management/stingle-dark.png#only-dark){ .twemoji loading=lazy } [Stingle](photo-management.md#stingle)
 - ![PhotoPrism logo](assets/img/photo-management/photoprism.svg){ .twemoji loading=lazy } [PhotoPrism](photo-management.md#photoprism)

@@ -218,7 +218,7 @@ If you're looking for added **security**, you should always ensure you're connec

 <div class="grid cards" markdown>

- ![Tuta logo](assets/img/email/tuta.svg#only-light){ .twemoji loading=lazy }![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ .twemoji loading=lazy } [Tuta](calendar.md#tuta)
+- ![Tuta logo](assets/img/calendar/tuta.svg){ .twemoji loading=lazy } [Tuta](calendar.md#tuta)
 - ![Proton Calendar logo](assets/img/calendar/proton-calendar.svg){ .twemoji loading=lazy } [Proton Calendar](calendar.md#proton-calendar)

 </div>
@@ -274,7 +274,7 @@ If you're looking for added **security**, you should always ensure you're connec

 For encrypting your operating system drive, we typically recommend using whichever encryption tool your operating system provides, whether that is **BitLocker** on Windows, **FileVault** on macOS, or **LUKS** on Linux. These tools are included with the operating system and typically use hardware encryption elements such as a TPM that other full-disk encryption software like VeraCrypt do not. VeraCrypt is still suitable for non-operating system disks such as external drives, especially drives that may be accessed from multiple operating systems.

-[Learn more :material-arrow-right-drop-circle:](encryption.md#os-full-disk-encryption)
+[Learn more :material-arrow-right-drop-circle:](encryption.md##operating-system-included-full-disk-encryption-fde)

 </details>

@@ -321,8 +321,6 @@ For encrypting your operating system drive, we typically recommend using whichev

 <div class="grid cards" markdown>

- ![Redlib logo](assets/img/frontends/redlib.svg){ .twemoji loading=lazy } [Redlib (Reddit, Web)](frontends.md#redlib)
- ![ProxiTok logo](assets/img/frontends/proxitok.svg){ .twemoji loading=lazy } [ProxiTok (TikTok, Web)](frontends.md#proxitok)
 - ![FreeTube logo](assets/img/frontends/freetube.svg){ .twemoji loading=lazy } [FreeTube (YouTube, Desktop)](frontends.md#freetube)
 - ![Yattee logo](assets/img/frontends/yattee.svg){ .twemoji loading=lazy } [Yattee (YouTube; iOS, tvOS, macOS)](frontends.md#yattee)
 - ![LibreTube logo](assets/img/frontends/libretube.svg#only-light){ .twemoji loading=lazy }![LibreTube logo](assets/img/frontends/libretube-dark.svg#only-dark){ .twemoji loading=lazy } [LibreTube (YouTube, Android)](frontends.md#libretube-android)
@@ -336,11 +334,11 @@ For encrypting your operating system drive, we typically recommend using whichev

 ### Multi-Factor Authentication Tools

-**Note:** [Hardware security keys](#security-keys) have been moved to their own category.
-
 <div class="grid cards" markdown>

- ![Ente Auth logo](assets/img/multi-factor-authentication/ente-auth.png){ .twemoji loading=lazy } [Ente Auth](multi-factor-authentication.md#ente-auth)
+- ![YubiKeys](assets/img/multi-factor-authentication/mini/yubico.svg){ .twemoji loading=lazy } [YubiKey](multi-factor-authentication.md#yubikey)
+- ![Nitrokey](assets/img/multi-factor-authentication/mini/nitrokey.svg){ .twemoji loading=lazy } [Nitrokey](multi-factor-authentication.md#nitrokey)
+- ![ente Auth logo](assets/img/multi-factor-authentication/ente-auth.png){ .twemoji loading=lazy } [ente Auth](multi-factor-authentication.md#ente-auth)
 - ![Aegis logo](assets/img/multi-factor-authentication/aegis.png){ .twemoji loading=lazy } [Aegis Authenticator (Android)](multi-factor-authentication.md#aegis-authenticator-android)

 </div>
@@ -423,20 +421,6 @@ For encrypting your operating system drive, we typically recommend using whichev

 [Learn more :material-arrow-right-drop-circle:](real-time-communication.md)

-## Hardware
-
-### Security Keys
-
-<div class="grid cards" markdown>
-
- ![Yubico logo](assets/img/security-keys/mini/yubico.svg){ .twemoji loading=lazy } [Yubico Security Key](security-keys.md#yubico-security-key)
- ![Yubico logo](assets/img/security-keys/mini/yubico.svg){ .twemoji loading=lazy } [YubiKey](security-keys.md#yubikey)
- ![Nitrokey](assets/img/security-keys/mini/nitrokey.svg){ .twemoji loading=lazy } [Nitrokey](security-keys.md#nitrokey)
-
-</div>
-
-[Learn more :material-arrow-right-drop-circle:](security-keys.md)
-
 ## Operating Systems

 ### Mobile
@@ -517,7 +501,7 @@ These tools may provide utility for certain individuals. They provide functional
 - ![iMazing logo](assets/img/device-integrity/imazing.png){ .twemoji loading=lazy } [iMazing (iOS)](device-integrity.md#imazing-ios)
 - ![Auditor logo](assets/img/device-integrity/auditor.svg#only-light){ .twemoji loading=lazy }![Auditor logo](assets/img/device-integrity/auditor-dark.svg#only-dark){ .twemoji loading=lazy } [Auditor (Android)](device-integrity.md#auditor-android)
 - ![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ .twemoji loading=lazy }![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ .twemoji loading=lazy } [Hypatia (Android)](device-integrity.md#hypatia-android)
- ![iVerify logo](assets/img/device-integrity/iverify.webp){ .twemoji loading=lazy } [iVerify Basic (iOS)](device-integrity.md#iverify-basic-ios)
+- ![iVerify logo](assets/img/device-integrity/iverify.webp){ .twemoji loading=lazy } [iVerify (iOS)](device-integrity.md#iverify-ios)

 </div>

--- a/docs/vpn.md
+++ b/docs/vpn.md
@@ -71,7 +71,7 @@ We also think it's better for the security of the VPN provider's private keys if

 #### :material-check:{ .pg-green } Independently Audited

-As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com).
+As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com).

 #### :material-check:{ .pg-green } Open-Source Clients

@@ -159,7 +159,7 @@ As of February 2020 [IVPN applications are now open source](https://ivpn.net/blo

 #### :material-check:{ .pg-green } Accepts Cash and Monero

-In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. Prepaid cards with redeem codes are [also available](https://ivpn.net/knowledgebase/billing/voucher-cards-faq).
+In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment.

 #### :material-check:{ .pg-green } WireGuard Support

@@ -242,7 +242,7 @@ Mullvad provides the source code for their desktop and mobile clients in their [

 #### :material-check:{ .pg-green } Accepts Cash and Monero

-Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. Prepaid cards with redeem codes are also available. Mullvad also accepts Swish and bank wire transfers.
+Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers.

 #### :material-check:{ .pg-green } WireGuard Support

--- a/includes/contributors.md
+++ b/includes/contributors.md
@@ -48,7 +48,7 @@
      <td align="center" valign="top" width="20%"><a rel="nofollow noopener noreferrer" href="https://thenewoil.org/"><img src="https://avatars.githubusercontent.com/u/133825060?v=4" width="100px;" loading=lazy /><br /><sub><b>Nate Bartram</b></sub></a><br /><a href="#blog-tnonate" title="Blogposts">📝</a></td>
    </tr>
    <tr>
-      <td align="center" valign="top" width="20%"><a rel="nofollow noopener noreferrer" href="https://www.samhowell.uk/"><img src="https://avatars.githubusercontent.com/u/10137?v=4" width="100px;" loading=lazy /><br /><sub><b>Sam Howell</b></sub></a><br /><a href="#blog-5amm" title="Blogposts">📝</a></td>
+      <td align="center" valign="top" width="20%"><a rel="nofollow noopener noreferrer" href="https://www.samhowell.uk/"><img src="https://www.samhowell.uk/images/avatar-main.png" width="100px;" loading=lazy /><br /><sub><b>Sam Howell</b></sub></a><br /><a href="#blog-5amm" title="Blogposts">📝</a></td>
      <td align="center" valign="top" width="20%"><a rel="nofollow noopener noreferrer" href="https://github.com/asddsaz"><img src="https://avatars.githubusercontent.com/u/42685606?v=4" width="100px;" loading=lazy /><br /><sub><b>asddsaz</b></sub></a><br /><a href="https://github.com/privacyguides/privacyguides.org/commits?author=asddsaz" title="Documentation">📖</a></td>
      <td align="center" valign="top" width="20%"><a rel="nofollow noopener noreferrer" href="https://github.com/hugoncosta"><img src="https://avatars.githubusercontent.com/u/29380568?v=4" width="100px;" loading=lazy /><br /><sub><b>Hugo Costa</b></sub></a><br /><a href="https://github.com/privacyguides/privacyguides.org/commits?author=hugoncosta" title="Documentation">📖</a></td>
      <td align="center" valign="top" width="20%"><a rel="nofollow noopener noreferrer" href="https://github.com/C-O-M-P-A-R-T-M-E-N-T-A-L-I-Z-A-T-I-O-N"><img src="https://avatars.githubusercontent.com/u/30232065?v=4" width="100px;" loading=lazy /><br /><sub><b>C-O-M-P-A-R-T-M-E-N-T-A-L-I-Z-A-T-I-O-N</b></sub></a><br /><a href="https://github.com/privacyguides/privacyguides.org/commits?author=C-O-M-P-A-R-T-M-E-N-T-A-L-I-Z-A-T-I-O-N" title="Documentation">📖</a></td>
@@ -408,14 +408,13 @@
      <td align="center" valign="top" width="20%"><a rel="nofollow noopener noreferrer" href="https://github.com/FishCoding"><img src="https://avatars.githubusercontent.com/u/16527725?v=4" width="100px;" loading=lazy /><br /><sub><b>Mario</b></sub></a><br /><a href="https://github.com/privacyguides/privacyguides.org/commits?author=FishCoding" title="Documentation">📖</a></td>
      <td align="center" valign="top" width="20%"><a rel="nofollow noopener noreferrer" href="https://skye.sh/"><img src="https://avatars.githubusercontent.com/u/48442092?v=4" width="100px;" loading=lazy /><br /><sub><b>skye</b></sub></a><br /><a href="#question-dioxias" title="Answering Questions">💬</a></td>
      <td align="center" valign="top" width="20%"><a rel="nofollow noopener noreferrer" href="https://github.com/r2fo"><img src="https://avatars.githubusercontent.com/u/50496756?v=4" width="100px;" loading=lazy /><br /><sub><b>r2fo</b></sub></a><br /><a href="#translation-r2fo" title="Translation">🌍</a></td>
-      <td align="center" valign="top" width="20%"><a rel="nofollow noopener noreferrer" href="https://lamtrinh.dev/"><img src="https://avatars.githubusercontent.com/u/49742151?v=4" width="100px;" loading=lazy /><br /><sub><b>LamTrinh.Dev</b></sub></a><br /><a href="https://github.com/privacyguides/privacyguides.org/commits?author=lamtrinhdev" title="Documentation">📖</a> <a href="https://github.com/privacyguides/privacyguides.org/issues?q=author%3Alamtrinhdev" title="Bug reports">🐛</a> <a href="#question-lamtrinhdev" title="Answering Questions">💬</a></td>
+      <td align="center" valign="top" width="20%"><a rel="nofollow noopener noreferrer" href="https://lamtrinh.dev/"><img src="https://avatars.githubusercontent.com/u/49742151?v=4" width="100px;" loading=lazy /><br /><sub><b>LamTrinh.Dev</b></sub></a><br /><a href="https://github.com/privacyguides/privacyguides.org/commits?author=lamtrinhdev" title="Documentation">📖</a></td>
      <td align="center" valign="top" width="20%"><a rel="nofollow noopener noreferrer" href="https://discuss.privacyguides.net/u/frostlike"><img src="https://forum-cdn.privacyguides.net/user_avatar/discuss.privacyguides.net/frostlike/288/3600_2.png" width="100px;" loading=lazy /><br /><sub><b>frostlike</b></sub></a><br /><a href="#question" title="Answering Questions">💬</a></td>
    </tr>
    <tr>
      <td align="center" valign="top" width="20%"><a rel="nofollow noopener noreferrer" href="https://scholz.ruhr/"><img src="https://avatars.githubusercontent.com/u/21988035?v=4" width="100px;" loading=lazy /><br /><sub><b>Merlin Scholz</b></sub></a><br /><a href="#translation-merlinscholz" title="Translation">🌍</a></td>
      <td align="center" valign="top" width="20%"><a rel="nofollow noopener noreferrer" href="https://jordanwarne.net/"><img src="https://avatars.githubusercontent.com/u/154663344?v=4" width="100px;" loading=lazy /><br /><sub><b>jordan warne</b></sub></a><br /><a href="https://github.com/privacyguides/privacyguides.org/commits?author=jordan-warne" title="Documentation">📖</a></td>
      <td align="center" valign="top" width="20%"><a rel="nofollow noopener noreferrer" href="https://github.com/Dzenan"><img src="https://avatars.githubusercontent.com/u/69632324?v=4" width="100px;" loading=lazy /><br /><sub><b>Dženan</b></sub></a><br /><a href="#translation-dzenan" title="Translation">🌍</a></td>
-      <td align="center" valign="top" width="20%"><a rel="nofollow noopener noreferrer" href="https://jxtsai.info"><img src="https://avatars.githubusercontent.com/u/8361268?v=4" width="100px;" loading=lazy /><br /><sub><b>jx tsai</b></sub></a><br /><a href="#translation-jxtsai" title="Translation">🌍</a></td>
    </tr>
  </tbody>
  <tfoot>
--- a/includes/strings.en.env
+++ b/includes/strings.en.env
@@ -1,9 +1,14 @@
+ANALYTICS_CONSENT_BODY="We collect anonymous statistics about your visits to help us improve the site. We do not track you across other websites. If you disable this, we will not know when you have visited our site. We will save a single cookie in your browser to remember your preference."
+ANALYTICS_CONSENT_TITLE="Contribute anonymous statistics"
+ANALYTICS_COOKIE_GITHUB="GitHub API"
+ANALYTICS_COOKIE_UMAMI="Self-Hosted Analytics"
 ANALYTICS_FEEDBACK_NEGATIVE_NAME="This page could be improved"
 ANALYTICS_FEEDBACK_NEGATIVE_NOTE='Thanks for your feedback! If you want to let us know more, please leave a post on our <a href="https://discuss.privacyguides.net/c/site-development/7" target="_blank" rel="noopener">forum</a>.'
 ANALYTICS_FEEDBACK_POSITIVE_NAME="This page was helpful"
 ANALYTICS_FEEDBACK_POSITIVE_NOTE="Thanks for your feedback!"
 ANALYTICS_FEEDBACK_TITLE="Was this page helpful?"
 DESCRIPTION_HOMEPAGE="A socially motivated website which provides information about protecting your online data privacy and security."
+FOOTER_ANALYTICS="Anonymous statistics preferences."
 FOOTER_COPYRIGHT_AUTHOR="Privacy Guides and contributors."
 FOOTER_INTRO="<b>Privacy Guides</b> is a non-profit, socially motivated website that provides information for protecting your data security and privacy."
 FOOTER_NOTE="We do not make money from recommending certain products, and we do not use affiliate links."
@@ -34,7 +39,6 @@ NAV_OPERATING_SYSTEMS="Operating Systems"
 NAV_PROVIDERS="Providers"
 NAV_RECOMMENDATIONS="Recommendations"
 NAV_SOFTWARE="Software"
-NAV_HARDWARE="Hardware"
 NAV_TECHNICAL_GUIDES="Technical Guides"
 NAV_TECHNOLOGY_ESSENTIALS="Technology Essentials"
 NAV_WRITING_GUIDE="Writing Guide"
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -56,6 +56,7 @@ extra:
        - fontawesome/brands/creative-commons
        - fontawesome/brands/creative-commons-by
        - fontawesome/brands/creative-commons-sa
+      analytics: !ENV [FOOTER_ANALYTICS, "Anonymous statistics preferences."]
    homepage:
      description:
        !ENV [
@@ -234,6 +235,24 @@ extra:
          data: 0
          note:
            !ENV [ANALYTICS_FEEDBACK_NEGATIVE_NOTE, "Thanks for your feedback!"]
+  consent:
+    title: !ENV [ANALYTICS_CONSENT_TITLE, "Contribute anonymous statistics"]
+    description:
+      !ENV [
+        ANALYTICS_CONSENT_BODY,
+        "We use cookies to collect anonymous usage statistics. You can opt out if you wish.",
+      ]
+    cookies:
+      analytics:
+        name: !ENV [ANALYTICS_COOKIE_UMAMI, "Self-Hosted Analytics"]
+        checked: true
+      github:
+        name: !ENV [ANALYTICS_COOKIE_GITHUB, "GitHub API"]
+        checked: true
+    actions:
+      - reject
+      - accept
+      - manage

 repo_url:
  !ENV [BUILD_REPO_URL, "https://github.com/privacyguides/privacyguides.org"]
@@ -284,6 +303,7 @@ extra_css:
  - assets/stylesheets/extra.css?v=2
 extra_javascript:
  - assets/javascripts/randomize-element.js?v=1
+  - assets/javascripts/resolution.js?v=1
  - assets/javascripts/feedback.js?v=1

 watch:
@@ -378,15 +398,12 @@ nav:
          - "advanced/payments.md"
          - "advanced/communication-network-types.md"
      - !ENV [NAV_OPERATING_SYSTEMS, "Operating Systems"]:
-          - "os/index.md"
          - "os/android-overview.md"
          - "os/ios-overview.md"
          - "os/linux-overview.md"
          - "os/macos-overview.md"
          - "os/qubes-overview.md"
-          - !ENV [NAV_OPERATING_SYSTEMS_WINDOWS, "Windows"]:
-              - "os/windows/index.md"
-              - "os/windows/group-policies.md"
+      - kb-archive.md
  - !ENV [NAV_RECOMMENDATIONS, "Recommendations"]:
      - "tools.md"
      - !ENV [NAV_INTERNET_BROWSING, "Internet Browsing"]:
@@ -417,8 +434,6 @@ nav:
          - "passwords.md"
          - "productivity.md"
          - "real-time-communication.md"
-      - !ENV [NAV_HARDWARE, "Hardware"]:
-          - "security-keys.md"
      - !ENV [NAV_OPERATING_SYSTEMS, "Operating Systems"]:
          - "android.md"
          - "desktop.md"
@@ -447,13 +462,7 @@ nav:
          - !ENV [NAV_TECHNICAL_GUIDES, "Technical Guides"]:
              - "meta/uploading-images.md"
              - "meta/git-recommendations.md"
-              - "meta/commit-messages.md"
-  - !ENV [NAV_DONATE, "Donate"]: "about/donate/"
  - !ENV [NAV_CHANGELOG, "Changelog"]:
      "https://github.com/privacyguides/privacyguides.org/releases"
  - !ENV [NAV_FORUM, "Forum"]: "https://discuss.privacyguides.net/"
  - !ENV [NAV_BLOG, "Blog"]: "https://blog.privacyguides.org/"
-
-validation:
-  nav:
-    not_found: info
--- a/modules/mkdocs-material
+++ b/modules/mkdocs-material
--- a/run.sh
+++ b/run.sh
@@ -128,9 +128,6 @@ markdown_extensions:
    sources:
      exclude:
        - tools.md
-    targets:
-      exclude:
-        - about/contributors.md
 EOT
  trap 'rm $PWD/.mkdocs-insiders-$random_num.yml' EXIT
 fi
--- a/theme/assets/img/email/tuta-dark.svg
+++ b/theme/assets/img/email/tuta-dark.svg
@@ -1 +0,0 @@
-<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><g fill="#00d2a7" stroke-width=".91795"><path d="m2.6793 0.33879 5.7992 5.8589c0.13565 0.13531 0.27131 0.16931 0.47479 0.16931h24.451c0.16955 0 0.27134-0.20331 0.10172-0.37254l-5.7313-5.7911c-0.13565-0.13565-0.27134-0.20331-0.5426-0.20331h-24.418c-0.23741 0-0.27131 0.20331-0.13565 0.33861z"/><path d="m1.8315 33.596c-0.034 0.13565 0.034 0.27096 0.20348 0.27096h24.112c0.23738 0 0.3391-0.10165 0.40693-0.30461l7.2913-23.503c0.06783-0.23696-0.034-0.30461-0.23738-0.30461h-24.18c-0.20341 0-0.27127 0.067653-0.3391 0.23696z"/><path d="m1.5914e-4 26.822c0 0.27096 0.33913 0.27096 0.40696 0l5.5279-17.983c0.067827-0.20331 0.067827-0.33861-0.10172-0.50802l-5.4939-5.4525c-0.13565-0.13565-0.33913-0.067653-0.33913 0.10165z"/></g></svg>
--- a/theme/assets/img/email/tuta.svg
+++ b/theme/assets/img/email/tuta.svg
@@ -1 +1 @@
-<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><g fill="#850122" stroke-width=".91795"><path d="m2.6792 0.33866 5.7992 5.8589c0.13565 0.13548 0.27131 0.16934 0.47479 0.16934h24.452c0.16955 0 0.27134-0.2032 0.10172-0.37253l-5.7313-5.7912c-0.13565-0.13548-0.27134-0.2032-0.5426-0.2032h-24.418c-0.23741 0-0.27131 0.2032-0.13565 0.33865z"/><path d="m1.8314 33.596c-0.034 0.13548 0.034 0.27089 0.20348 0.27089h24.113c0.23738 0 0.3391-0.10152 0.40693-0.30476l7.2914-23.503c0.06783-0.23703-0.034-0.30475-0.23738-0.30475h-24.18c-0.20341 0-0.27127 0.067758-0.3391 0.23703z"/><path d="m5.3925e-5 26.822c0 0.27089 0.33914 0.27089 0.40696 0l5.5279-17.983c0.067827-0.2032 0.067827-0.33865-0.10172-0.508l-5.494-5.4525c-0.13565-0.13548-0.33914-0.067723-0.33914 0.10158z"/></g></svg>
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 257 237"><defs><path id="a" d="M22.875.003C10.235.003 0 10.249 0 22.875v211.23c0 .801.046 1.608.123 2.388 8.5-3.167 17.524-6.629 27.054-10.436 66.336-26.48 120.57-48.994 120.62-74.415 0-.814-.056-1.636-.172-2.458-3.43-25.098-63.407-32.879-63.324-44.381.007-.611.18-1.25.548-1.889 7.205-12.619 35.743-12.015 46.253-12.907 10.519-.913 35.206-.724 36.399-8.244.035-.232.057-.463.057-.695.028-6.987-16.977-9.726-16.977-9.726s20.635 3.083 20.579 11.11c0 .393-.048.8-.158 1.214-2.222 8.624-20.379 10.246-32.386 10.835-11.356.569-28.648 1.861-28.707 7.408-.007.323.049.66.165 1.004 2.71 8.11 66.09 12.015 106.64 33.061 23.335 12.099 34.94 32.422 40.263 53.418V22.872C256.977 10.246 246.734 0 234.108 0H22.878l-.003.003Z"/></defs><use xlink:href="#a" fill="#A01E20" fill-rule="evenodd"/></svg>
--- a/theme/assets/img/multi-factor-authentication/mini/nitrokey.svg
+++ b/theme/assets/img/multi-factor-authentication/mini/nitrokey.svg
--- a/theme/assets/img/multi-factor-authentication/mini/yubico.svg
+++ b/theme/assets/img/multi-factor-authentication/mini/yubico.svg
--- a/theme/assets/img/multi-factor-authentication/nitrokey.jpg
+++ b/theme/assets/img/multi-factor-authentication/nitrokey.jpg
--- a/theme/assets/img/multi-factor-authentication/yubikey.png
+++ b/theme/assets/img/multi-factor-authentication/yubikey.png
--- a/theme/assets/img/notebooks/notesnook.svg
+++ b/theme/assets/img/notebooks/notesnook.svg
@@ -1 +1 @@
-<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><defs><clipPath id="a"><rect width="1024" height="1024" rx="200" fill="#fff"/></clipPath></defs><rect x="7.0459e-7" y="6.4966e-7" width="33.867" height="33.867" rx="10.16" ry="10.16" stroke-width=".033867"/><g transform="matrix(.037398 0 0 .037398 -2.2146 -2.2164)"><g clip-path="url(#a)" fill="#fff"><path d="m724.98 682.92c-17.255 50.411-51.835 93.065-97.588 120.37-45.752 27.307-99.71 37.496-152.27 28.753-52.56-8.743-100.31-35.85-134.76-76.498s-53.359-92.199-53.365-145.48v-110.25l79.121 33.053v77.152c-7e-3 20.779 4.434 41.318 13.024 60.237 8.59 18.92 21.131 35.781 36.78 49.451 2.97 2.587 6.053 5.107 9.236 7.459 23.357 17.388 51.402 27.352 80.494 28.597 0.99 0 1.946 0.079 2.925 0.101 0.979 0.023 2.25 0 3.375 0h3.375c1.125 0 1.935 0 2.925-0.101 29.081-1.248 57.116-11.203 80.471-28.575 3.173-2.351 6.255-4.86 9.237-7.447 20.556-17.98 35.656-41.366 43.582-67.5zm12.015-268.92v196.06c0 2.531 0 5.074-0.158 7.605l-78.963-33.019v-170.65c-0.013-37.684-14.607-73.901-40.725-101.07-26.119-27.164-61.735-43.168-99.389-44.66-37.655-1.492-74.426 11.644-102.61 36.657-28.186 25.013-45.6 59.962-48.594 97.526-0.281 3.803-0.439 7.662-0.439 11.543v48.712l-79.121-33.075v-240.64h225c59.674 0 116.9 23.705 159.1 65.901s65.901 99.425 65.901 159.1z"/></g></g></svg>
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 512 512"><defs><linearGradient xlink:href="#a" id="b" x1="188.6123" x2="193.544" y1="165.2058" y2="216.8152" gradientTransform="rotate(5 4448.1558 -4203.82) scale(2.9367)" gradientUnits="userSpaceOnUse"/><linearGradient id="a"><stop offset="0"/><stop offset="1" stop-color="#fff9f9" stop-opacity="0"/></linearGradient><linearGradient xlink:href="#a" id="c" x1="167.8" x2="270.6" y1="76.9" y2="64.2" gradientTransform="rotate(5 465.3093 -2049.9155) scale(1.5008)" gradientUnits="userSpaceOnUse"/></defs><rect width="494.5974" height="494.5974" x="8.7013" y="8.7013" fill="#fff" ry="114.7779"/><g transform="translate(29.1944 81.639) scale(1.3622)"><path fill="url(#b)" d="m160 205 154 42-141 44-155-42Z"/><path fill="url(#c)" d="M160-35v240l154 42 1-253z"/><path fill="none" d="M160 205V-35m0 240L18 249m142-44 154 41"/><path d="m84 109 35 54V98l21-7v91l-27 9-35-54v65l-21 6v-91z"/><rect width="86.1" height="12.6" x="185" y="97" fill="#bebebe" ry="2.3" transform="skewY(15) scale(.9669 1)"/><path fill="#bebebe" d="m181 169 99 26 2 3v8c0 1-1 2-2 1l-99-26-2-3v-7c0-2 1-2 2-2zm0-47 99 27 2 2v8l-2 2-99-27c-1 0-2-1-2-3v-7z"/></g></svg>
--- a/theme/assets/img/notebooks/standard-notes.svg
+++ b/theme/assets/img/notebooks/standard-notes.svg
@@ -1 +1 @@
-<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><defs><linearGradient id="paint0_linear" x1="133.45" x2="142.33" y1="94.216" y2="170.75" gradientUnits="userSpaceOnUse"><stop stop-color="#2173E7" offset="0"/><stop stop-color="#0E5CC9" offset="1"/></linearGradient><linearGradient id="linearGradient1" x1="133.45" x2="142.33" y1="94.216" y2="170.75" gradientTransform="matrix(.43158 0 0 .43158 -40.662 -40.467)" gradientUnits="userSpaceOnUse" xlink:href="#paint0_linear"/></defs><g fill="url(#linearGradient1)" stroke-width=".43158"><path d="m20.511 23.932v-7.8388c0-1.968-1.6551-3.5631-3.6969-3.5631-2.0418 0-3.6969 1.5951-3.6969 3.5631v7.8388h-2.9576v-7.8388c0-3.542 2.9796-6.4133 6.6546-6.4133 3.6754 0 6.6546 2.8713 6.6546 6.4133v7.8388z"/><path d="m6.7732 0.19475c-3.7405 0-6.7732 2.9975-6.7732 6.6953v20.087c0 3.6978 3.0327 6.6951 6.7732 6.6951h20.32c3.7405 0 6.7733-2.9973 6.7733-6.6951v-20.087c0-3.6978-3.0327-6.6953-6.7733-6.6953zm20.32 2.9293h-20.32c-2.104 0-3.81 1.6862-3.81 3.766v20.087c0 2.0798 1.706 3.766 3.81 3.766h20.32c2.104 0 3.81-1.6862 3.81-3.766v-20.087c0-2.0798-1.706-3.766-3.81-3.766z" clip-rule="evenodd" fill-rule="evenodd"/></g></svg>
+<svg xmlns="http://www.w3.org/2000/svg" width="128" height="128" version="1.1" viewBox="0 0 33.866 33.866"><rect width="33.866" height="33.866" x="0" y="0" fill="#086dd6" stroke-width=".37"/><g fill="#fff"><path fill="#fff" d="m2388 3475c-2-2-26-5-55-9-78-9-161-30-231-59-254-102-404-309-438-602-5-45-9-1139-5-1237 1-15 20-16 204-15l202 2 2 597c1 509 4 606 17 659 50 192 187 296 402 304 201 8 343-64 417-212 46-91 48-126 49-757v-594l206 2 207 1-1 600c0 330-3 629-7 665-15 143-80 299-165 399-109 128-290 220-487 247-49 6-311 14-317 9z" transform="matrix(.0068331 0 0 -.0068331 -.22619 34.113)"/></g></svg>
--- a/theme/assets/img/security-keys/yubico-security-key.webp
+++ b/theme/assets/img/security-keys/yubico-security-key.webp
--- a/theme/assets/javascripts/discourse-topics.js
+++ b/theme/assets/javascripts/discourse-topics.js
@@ -1,149 +0,0 @@
-/**
- * @overview Generates a list of topics on a Discourse forum.
- * @author Jonah Aragon <jonah@triplebit.net>
- * @version 3.0.0
- * @license
- * Copyright (c) 2023 - 2024 Jonah Aragon
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */
-
-async function getData(url) {
-  const response = await fetch(url);
-  return response.json()
-}
-
-async function main() {
-  const elements = document.querySelectorAll("div[data-forum]");
-
-  for (let j = 0; j < elements.length; j++) {
-
-    var topics = elements[j];
-    var dataset = topics.dataset;
-
-    console.log("Fetching data from " + dataset.feed)
-    const data = await getData(dataset.feed);
-    var list = data['topic_list']['topics'];
-    var profiles = data['users'];
-    var count = dataset.count;
-
-    for (var i = 0; i < count; i++) {
-
-      if (list[i]['pinned'] == true) {
-        count++;
-        continue;
-      }
-
-      var title = list[i]['title'];
-      var id = list[i]['id'];
-
-      var topic = document.createElement("div");
-      topic.className = "discourse-topic";
-
-      var h3 = document.createElement('p');
-      h3.className = "discourse-title";
-      var a1 = document.createElement('a');
-
-      a1.href = dataset.forum + '/t/' + id;
-
-      a1.innerText = title;
-      h3.appendChild(a1);
-
-      var postinfo = document.createElement('ul');
-      postinfo.className = "discourse-data";
-
-      var date = document.createElement('li');
-      date.className = "discourse-date";
-      var datestring = list[i]['bumped_at'];
-      var dateobject = new Date(datestring);
-      var now = new Date();
-      var diff = now - dateobject;
-      var minutes = Math.floor(diff / 60000);
-      var hours = Math.floor(minutes / 60);
-      var days = Math.floor(hours / 24);
-      if (days > 0) {
-        if (days == 1) {
-          date.innerText = "Last reply 1 day ago";
-        }
-        else {
-          date.innerText = "Last reply " + days + " days ago";
-        }
-      }
-      else if (hours > 0){
-        if (hours == 1) {
-          date.innerText = "Last reply 1 hour ago";
-        }
-        else {
-          date.innerText = "Last reply "+  hours + " hours ago";
-        }
-      }
-      else {
-        if (minutes == 1) {
-          date.innerText = "Last reply 1 minute ago";
-        }
-        else {
-          date.innerText = "Last reply " + minutes + " minutes ago";
-        }
-      }
-      postinfo.appendChild(date);
-
-      var author_id = list[i]['posters'][0]['user_id'];
-      var author_data = profiles.find(profile => profile['id'] == author_id);
-      var author = document.createElement('li');
-      author.className = "discourse-author";
-      var avatar = document.createElement('img');
-      avatar.src = dataset.forum + author_data['avatar_template'].replace("{size}", "40");
-      avatar.width = 20;
-      avatar.height = 20;
-      author.appendChild(avatar);
-      var namespan = document.createElement('span');
-      namespan.innerText = " " + author_data['username'];
-      author.appendChild(namespan);
-      postinfo.appendChild(author);
-
-      var likes = document.createElement('li');
-      likes.className = "discourse-likes";
-      if (list[i]['like_count'] == 1) {
-        likes.innerText = "1 Like";
-      }
-      else {
-        likes.innerText = list[i]['like_count'] + " Likes";
-      }
-      postinfo.appendChild(likes);
-
-      var replies = document.createElement('li');
-      replies.className = "discourse-replies";
-
-      var reply_count = list[i]['posts_count'] - 1;
-      if (reply_count == 1) {
-        replies.innerText = "1 Reply"
-      }
-      else {
-        replies.innerText = reply_count + " Replies"
-      }
-      postinfo.appendChild(replies);
-
-      topic.appendChild(h3);
-      topic.appendChild(postinfo);
-      topics.appendChild(topic);
-    }
-  }
-}
-
-main();
--- a/theme/assets/javascripts/resolution.js
+++ b/theme/assets/javascripts/resolution.js
@@ -0,0 +1,78 @@
+function setCookie(cname, cvalue, exdays) {
+  const d = new Date();
+  d.setTime(d.getTime() + (exdays * 24 * 60 * 60 * 1000));
+  let expires = "expires="+d.toUTCString();
+  document.cookie = cname + "=" + cvalue + ";" + expires + ";path=/";
+}
+
+function getCookie(cname) {
+  let name = cname + "=";
+  let ca = document.cookie.split(';');
+  for(let i = 0; i < ca.length; i++) {
+    let c = ca[i];
+    while (c.charAt(0) == ' ') {
+      c = c.substring(1);
+    }
+    if (c.indexOf(name) == 0) {
+      return c.substring(name.length, c.length);
+    }
+  }
+  return "";
+}
+
+var consent = __md_get("__consent")
+if (!consent) {
+  __md_set("__consent", {"analytics":true,"github":true});
+  if (getCookie('resolution') == '') {
+    const resolution = `${window.screen.width}x${window.screen.height}`;
+    setCookie('resolution', resolution, 30);
+  }
+}
+
+if (consent && consent.analytics) {
+  if (getCookie('resolution') == '') {
+    const resolution = `${window.screen.width}x${window.screen.height}`;
+    setCookie('resolution', resolution, 30);
+  }
+  setCookie('umami', 'true', 0);
+} else {
+  setCookie('umami', 'false', 365);
+  setCookie('resolution', "0x0", 0);
+}
+
+var consent = __md_get("__consent")
+if (consent) {
+  for (var input of document.forms.consent.elements)
+    if (input.name)
+      input.checked = consent[input.name] || false
+
+/* Show consent with a small delay, but not if browsing locally */
+} else if (location.protocol !== "file:") {
+setTimeout(function() {
+  var el = document.querySelector("[data-md-component=consent]")
+  el.hidden = false
+}, 250)
+}
+
+/* Intercept submission of consent form */
+var form = document.forms.consent
+for (var action of ["submit", "reset"])
+form.addEventListener(action, function(ev) {
+  ev.preventDefault()
+
+  /* Reject all cookies */
+  if (ev.type === "reset")
+    for (var input of document.forms.consent.elements)
+      if (input.name)
+        input.checked = false
+
+  /* Grab and serialize form data */
+  __md_set("__consent", Object.fromEntries(
+    Array.from(new FormData(form).keys())
+      .map(function(key) { return [key, true] })
+  ))
+
+  /* Remove anchor to omit consent from reappearing and reload */
+  location.hash = '';
+  location.reload()
+})
--- a/theme/assets/stylesheets/home.css
+++ b/theme/assets/stylesheets/home.css
@@ -114,7 +114,7 @@ article.md-content__inner > * {
    margin-right: 0;
    text-align: right;
 } */
-#what-should-i-do, #what-should-i-do ~ :not( .mdx-cat ~ * ):not( .mdx-cta ):not( .mdx-discourse-topics) {
+#what-should-i-do, #what-should-i-do ~ :not( .mdx-cat ~ * ):not( .mdx-cta ) {
  margin-left: auto;
  margin-right: 0;
  text-align: right;
@@ -134,56 +134,3 @@ article.md-content__inner > hr {
    --md-icon-size: 1.8em;
    margin: 0.4rem;
 }
-
-.mdx-discourse-topics {
-  max-width: 100% !important;
-  margin-left: auto;
-  margin-right: auto;
-  text-align: center;
-}
-.mdx-discourse-topics .topics-list {
-  grid-template-columns: repeat(5, 1fr);
-}
-.mdx-discourse-topics .discourse-title {
-  min-height: 4em;
-}
-.mdx-discourse-topics .topics-list {
-  display: grid;
-  text-align: left;
-}
-.mdx-discourse-topics .topics-list .discourse-title {
-  line-height: 1.2;
-  margin: 0;
-}
-.mdx-discourse-topics .topics-list .discourse-topic {
-  padding: 0.4em;
-  margin-bottom: 1em;
-}
-.mdx-discourse-topics .topics-list .discourse-data {
-  color: var(--md-default-fg-color--light);
-  list-style: none;
-  padding: 0;
-  margin: 0;
-}
-.mdx-discourse-topics .topics-list .discourse-data li {
-  margin: 0;
-}
-.mdx-discourse-topics .topics-list .discourse-data li img {
-  vertical-align: middle;
-}
-@media screen and (max-width: 1000px) {
-  .mdx-discourse-topics .topics-list {
-    grid-template-columns: repeat(3, 1fr);
- }
-  .mdx-discourse-topics .topics-list .discourse-title {
-    min-height: 0;
- }
-}
-@media screen and (max-width: 600px) {
-  .mdx-discourse-topics .topics-list {
-    grid-template-columns: repeat(1, 1fr);
- }
-  .mdx-discourse-topics .topics-list .discourse-title {
-    min-height: 0;
- }
-}
--- a/theme/home.html
+++ b/theme/home.html
@@ -23,7 +23,7 @@
 {% extends "main.html" %}
 {% set homepage = config.extra.privacy_guides.homepage %}
 {% block extrahead %}
-  <link rel="stylesheet" href="{{ 'assets/stylesheets/home.css?v=20240501' | url }}">
+  <link rel="stylesheet" href="{{ 'assets/stylesheets/home.css?v=3.3.0' | url }}">
  {% for feed in homepage.rss %}
    <link rel="alternate" type="application/rss+xml" title="{{ feed.title }}" href="{{ feed.link }}">
  {% endfor %}
@@ -49,24 +49,6 @@
  </section>
 {% endblock %}
 {% block content %}
-  {% if config.theme.language == "en" %}
-    <div class="mdx-discourse-topics">
-      <h2>Top discussions this week</h2>
-      <div
-        class="topics-list"
-        data-forum="https://discuss.privacyguides.net"
-        data-feed="https://discuss.privacyguides.net/top.json?period=weekly"
-        data-count="5">
-      </div>
-      <noscript>
-        <a href="https://discuss.privacyguides.net/" class="md-button md-button--primary">
-          Join the forum
-        </a>
-      </noscript>
-
-      <hr />
-    </div>
-  {% endif %}
  {{ page.content }}
  <div class="mdx-cta">
    <hr />
@@ -80,26 +62,4 @@
      <p>{{ cta.description }}</p>
    {% endfor %}
  </div>
-  {% if config.theme.language == "en" %}
-    <div class="mdx-discourse-topics">
-      <h3>Join a discussion</h3>
-      <div
-        class="topics-list"
-        data-forum="https://discuss.privacyguides.net"
-        data-feed="https://discuss.privacyguides.net/latest.json"
-        data-count="15">
-      </div>
-      <noscript>
-        <a href="https://discuss.privacyguides.net/" class="md-button md-button--primary">
-          Join the forum
-        </a>
-      </noscript>
-
-      <hr />
-    </div>
-  {% endif %}
-{% endblock %}
-{% block scripts %}
-  <script src="{{ 'assets/javascripts/discourse-topics.js' | url }}"></script>
-  {{ super() }}
 {% endblock %}
--- a/theme/main.html
+++ b/theme/main.html
@@ -78,8 +78,6 @@
  {% endif %}

  <meta name="robots" content="max-snippet:-1, max-image-preview:large">
-  <meta name="fediverse:creator" content="privacyguides@neat.computer" />
-
  {% if config.extra.context == "production" %}
  <meta http-equiv="onion-location" content="{{ "http://www.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion/" ~ config.theme.language ~ "/" ~ page.url }}" />
  {% elif config.extra.deploy %}
--- a/theme/partials/copyright.html
+++ b/theme/partials/copyright.html
@@ -35,6 +35,9 @@
        {% endfor %}
      </a>
      {{ copyright.copyright.date }} {{ copyright.copyright.author }}
+      <a href='#__consent'>
+        {{ copyright.analytics }}
+      </a>
    </div>
  {% endif %}
 </div>
--- a/theme/partials/javascripts/consent.html
+++ b/theme/partials/javascripts/consent.html
@@ -0,0 +1 @@
+<!-- moved to assets/javascripts/resolution.js -->
Author	SHA1	Message	Date
allcontributors[bot]	e66fb703bd	update .all-contributorsrc	2024-04-16 11:54:03 +00:00
allcontributors[bot]	ecc15d4124	update includes/contributors.md	2024-04-16 11:54:02 +00:00
allcontributors[bot]	0a6cb1fbcd	update README.md	2024-04-16 11:54:01 +00:00
				`@@ -1 +0,0 @@`
				<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><g fill="#00d2a7" stroke-width=".91795"><path d="m2.6793 0.33879 5.7992 5.8589c0.13565 0.13531 0.27131 0.16931 0.47479 0.16931h24.451c0.16955 0 0.27134-0.20331 0.10172-0.37254l-5.7313-5.7911c-0.13565-0.13565-0.27134-0.20331-0.5426-0.20331h-24.418c-0.23741 0-0.27131 0.20331-0.13565 0.33861z"/><path d="m1.8315 33.596c-0.034 0.13565 0.034 0.27096 0.20348 0.27096h24.112c0.23738 0 0.3391-0.10165 0.40693-0.30461l7.2913-23.503c0.06783-0.23696-0.034-0.30461-0.23738-0.30461h-24.18c-0.20341 0-0.27127 0.067653-0.3391 0.23696z"/><path d="m1.5914e-4 26.822c0 0.27096 0.33913 0.27096 0.40696 0l5.5279-17.983c0.067827-0.20331 0.067827-0.33861-0.10172-0.50802l-5.4939-5.4525c-0.13565-0.13565-0.33913-0.067653-0.33913 0.10165z"/></g></svg>
				`@@ -0,0 +1 @@`
				`<!-- moved to assets/javascripts/resolution.js -->`