style: Update internal link

Signed-off-by: redoomed1 <redoomed1@privacyguides.org>

blog/posts/chat-control-must-be-stopped.md

@@ -0,0 +1,308 @@
+---
+date:
+    created: 2025-09-08T18:00:00Z
+categories:
+    - News
+authors:
+    - em
+description:
+    Chat Control is back to undermine everyone's privacy. There's an important deadline this Friday on September 12th. We must act now to stop it!
+schema_type: ReportageNewsArticle
+preview:
+  cover: blog/assets/images/chat-control-must-be-stopped/chatcontrol-cover.webp
+---
+
+# Chat Control Must Be Stopped, Act Now!
+
+![Filtered photo of a protest with a protestor holding a sign in first plan. The background is a red monochrome and the sign is in turquoise. The sign says "You won't make me live this 1984 sh*t".](../assets/images/chat-control-must-be-stopped/chatcontrol-cover.webp)
+
+<small aria-hidden="true">Illustration: Em / Privacy Guides | Photo: Ramaz Bluashvili / Pexels</small>
+
+If you've heard of [Chat Control](the-future-of-privacy.md) already, bad news: **it's back**. If you haven't, this is a pressing issue you should urgently learn more about if you value privacy, democracy, and human rights. This is happening **this week**, and **we must act to stop it right now**.<!-- more -->
+
+Take a minute to visualize this: Every morning you wake up with a police officer entering your home to inspect it, and staying with you all day long.
+
+The agent checks your bathroom, your medicine cabinet, your bedroom, your closets, your drawers, your fridge, and takes photos and notes to document everything. Then, this report is uploaded to the police's cloud. It's "[for a good cause](encryption-is-not-a-crime.md)" you know, it's to make sure you aren't hiding any child sexual abuse material under your bed.
+
+Every morning. Even if you're naked in bed. Even while you're having a call with your doctor or your lover. Even when you're on a date. Even while you're working and discussing your client's confidential information with their attorney. This police officer is there, listening to you and reporting on everything you do.
+
+This is the in-person equivalent of Chat Control, a piece of legislation that would mandate **all** services to scan **all** private digital communications of **everyone** residing in the European Union.
+
+This is an Orwellian nightmare.
+
+## Act now!
+
+This is happening **this week**. European governments will be finalizing their positions on the regulation proposal on **Friday, September 12th, 2025**.
+
+- ==If you are not located in Europe==: Keep reading, this will affect you too.
+
+- If you are still unconvinced: Keep reading, we discuss Chat Control in [more details](#why-is-this-bad) below.
+
+- If you are located in Europe: You must **act now** to stop it.
+
+<div class="admonition question" markdown>
+<p class="admonition-title">How to stop this? Contact your MEPs before September 12th</p>
+
+Use this [**website**](https://fightchatcontrol.eu/) to easily contact your government representatives before September 12th, and tell them they should **oppose Chat Control**. Even if your country already opposes Chat Control, contact your representatives to tell them you are relieved they oppose, and support them in this decision to protect human rights. This will help reinforce their position.
+
+But if your country *supports* Chat Control, or is *undecided*, **it is vital that you contact your representatives before this deadline**. To support your point, you can share this article with them or one of the many great [resources](#resources-to-learn-more-and-fight-for-human-rights) listed at the end.
+
+At the time of this writing, the list of countries to contact is:
+
+| **Supporting (15)**                |                                     | **Undecided (6)**    |
+| ---------------------------------- | ----------------------------------- | -------------------- |
+| :triangular_flag_on_post: Bulgaria | :triangular_flag_on_post: Latvia    | :warning: Estonia    |
+| :triangular_flag_on_post: Croatia  | :triangular_flag_on_post: Lithuania | :warning: Germany    |
+| :triangular_flag_on_post: Cyprus   | :triangular_flag_on_post: Malta     | :warning: Greece     |
+| :triangular_flag_on_post: Denmark  | :triangular_flag_on_post: Portugal  | :warning: Luxembourg |
+| :triangular_flag_on_post: France   | :triangular_flag_on_post: Slovakia  | :warning: Romania    |
+| :triangular_flag_on_post: Hungary  | :triangular_flag_on_post: Spain     | :warning: Slovenia   |
+| :triangular_flag_on_post: Ireland  | :triangular_flag_on_post: Sweden    |                      |
+| :triangular_flag_on_post: Italy    |                                     |                      |
+
+</div>
+
+![A map of countries part of the European Union. Countries opposing Chat Control are represented in green, countries undecided in blue, and countries in favor are in red. Below there is text saying "Act now! www.chatcontrol.eu".](../assets/images/chat-control-must-be-stopped/chatcontrol-map-chatcontroleu-20250903.webp)
+<small aria-hidden="true">Image: Patrick Breyer / [chatcontrol.eu](https://www.chatcontrol.eu)</small>
+
+## What is Chat Control?
+
+"Chat Control" refers to a series of legislative proposals that would make it mandatory for *all* service providers (text messaging, email, social media, cloud storage, hosting services, etc.) to scan *all* communications and *all* files (including end-to-end encrypted ones), in order to supposedly detect whatever the government deems "abusive material."
+
+The push for Chat Control started in 2021 with the approval of a [derogation](https://www.patrick-breyer.de/en/chatcontrol-european-parliament-approves-mass-surveillance-of-private-communications/) to the ePrivacy Directive by the European Parliament. This derogation escalated to a second proposal for *mandatory* scanning a year later, which was [rejected](https://fortune.com/europe/2023/10/26/eu-chat-control-csam-encryption-privacy-european-commission-parliament-johansson-breyer-zarzalejos-ernst/) in 2023. Nevertheless, lawmakers and lobbyists determined to undermine our safety and civil liberties are bringing it back again two years later, **literally trying to wear you down**.
+
+We cannot let authoritarians wear us down until we lose all our privacy rights. Our privacy rights are fundamental to so many other human rights, to civil liberties, to public safety, and to functioning democracies.
+
+Chat Control undermines all of this.
+
+Cryptography professor and cybersecurity expert Matthew Green described the 2022 proposal document for Chat Control as "[**the most terrifying thing I've ever seen**](https://fortune.com/2022/05/12/europe-phone-surveillance-crackdown-child-sexual-abuse-material-sparks-outrage-among-cybersecurity-experts-privacy-activists/)".
+
+And terrifying, it is.
+
+The [most recent proposal for Chat Control](https://tuta.com/blog/chat-control-criticism) comes from the EU Council Danish presidency pushing for regulation misleadingly called the **Child Sexual Abuse Regulation** (CSAR). Despite its seemingly caring name, this regulation will **not** help fight child abuse, and will even likely worsen it, impacting negatively what is already being done to fight child abuse (more on this in the [next section](#would-this-protect-the-children)).
+
+The CSAR proposal (which *is* the latest iteration of Chat Control) could be implemented as early as *next month*, if we do not stop it.
+
+**The problem is this: Chat Control will not work, it is unreliable, it will escalate in scope, and it will endanger everyone (including the children).**
+
+Even if you are not in Europe, know that Chat Control will affect everyone inside *and* outside of Europe one way or another. Regardless of where you are, you should be concerned and pay attention, and there are things you can do to fight back. This is important.
+
+![Still image from a video showing an illustration of three cellphones being scanned by a red light, with lines leading to a law enforcement icon.](../assets/images/chat-control-must-be-stopped/chatcontrol-stopscanningme-video.webp)
+<small aria-hidden="true">Still image from [video](https://stopscanningme.eu/video/csar-explainer.mp4): Stop Scanning Me / EDRi</small>
+
+## Why is this bad?
+
+The idea that it's possible to somehow [magically protect](encryption-is-not-a-crime.md/#magical-backdoor-only-for-the-good-guys-is-a-complete-fantasy) information properly while giving access to unquestionably well-intended law enforcement comes from either extreme naivety, lack of information, and plain dishonesty.
+
+This proposal would effectively break any end-to-end encryption protections, and potentially expose all your files and communications to not only law enforcement, but eventually also to criminals of all sorts (with the data breaches, data leaks, and corruption that will inevitably follow).
+
+Here's a summary of some dangers this regulation would create if approved:
+
+- **Breaking end-to-end encryption**: Removing crucial protections for all sensitive files and communications of vulnerable populations, victims, whistleblowers, journalists, activists, and everyone else.
+
+- **Mission creep**: Once this mass surveillance system is in place, authorities can decide to add more criteria such as searching all communications for references to drug use, protest attendances, political dissidence, or even [negative comments](https://www.lemonde.fr/en/international/article/2025/03/22/how-a-french-researcher-being-refused-entry-to-the-us-turned-into-a-diplomatic-mess_6739415_4.html) about a leader. Europol (the EU law enforcement agency) has already called for [expanding the program](https://www.youtube.com/watch?v=L933xDcSS3o&t=2016s).
+
+![A cartoon illustration explaining that chat control is planning to monitor all chats, emails, and messenger conversations, and use artificial intelligence to automatically report flagged content to the police.](../assets/images/chat-control-must-be-stopped/chatcontrol-LornaSchutte-chatcontroleu-1.webp)
+<small aria-hidden="true">Image: Lorna Schütte / [chatcontrol.eu](https://www.chatcontrol.eu)</small>
+
+- **Criminal attacks**: Each time a backdoor exists, it doesn't take long for criminals to find access and steal our information. This could include criminals finding access to each service independently or to the entire database authorities would keep. A database that would be filled with material tagged as sexually explicit text or photos of children. This could even *create* new Child Sexual Abuse Material (CSAM) for criminals. For example, consenting teenagers innocently sexting together could have their photos collected in this database, after being wrongly flagged by the automated system. Then, criminals could steal their intimate photos from the governments.
+
+- **False positives**: With a mass surveillance system this large, moreover a system with no transparency and little oversight, false positives are inevitable. Despite marketing promises from the [organizations lobbying government officials](https://www.patrick-breyer.de/en/chat-control-eu-ombudsman-criticises-revolving-door-between-europol-and-chat-control-tech-lobbyist-thorn/), we all know AI technologies regularly misfire and cannot be reliable for anything of such importance. Loving parents could get flagged as pedophiles just for innocently uploading a photo of their child in the bathtub on their *private* cloud. Teenagers exploring their sexuality consensually with each other could get tagged as sexual predators (a label that might stick on them decades later). The police could receive reports for breastfeeding mothers. The list is infinite.
+
+![A cartoon illustration summarizing why chat control is dangerous.](../assets/images/chat-control-must-be-stopped/chatcontrol-LornaSchutte-chatcontroleu-3.webp)
+<small aria-hidden="true">Image: Lorna Schütte / [chatcontrol.eu](https://www.chatcontrol.eu)</small>
+
+- **Overwhelming resources**: The inevitable false positives will completely overwhelm the agencies responsible for investigating flagged material. This will cost them precious time they will not have to investigate *actual* abuse cases. Organizations fighting child sexual abuse are already overwhelmed and lack resources to prosecute real criminals.
+
+- **Hurting victims**: Such system of mass surveillance could prevent victims of child sexual abuse (and other crimes) to reach out for help. Knowing that all their communications would be scanned, they would lose all confidentiality while reporting crimes. The evidences they share could even be tagged by Chat Control, as if they were the perpetrator rather than the victim. Sadly, many will likely decide it's safer not to report at all.
+
+- **Self-censorship**: With Chat Control in place, not only victims might censor themselves and stop reaching out for help, but everyone else as well. When people know they are being observed, they feel less free to be themselves and to share openly. This is doubly true for anyone who is part of a marginalized group, such as [LGBTQ+ people](importance-of-privacy-for-the-queer-community.md), or anyone who is being victimized or at risk of victimization.
+
+![A cartoon illustration explaining how chat control does not protect the victims and might silence them due to loss of confidentiality.](../assets/images/chat-control-must-be-stopped/chatcontrol-LornaSchutte-chatcontroleu-2.webp)
+<small aria-hidden="true">Image: Lorna Schütte / [chatcontrol.eu](https://www.chatcontrol.eu)</small>
+
+- **Undermining democracy**: This surveillance system would allow governments to spy on opposition. Chat logs from opposing candidates, activists, and journalists could all be accessed by authorities in order to silence opponents or blackmail candidates. Even if you trust your government to not do this now, this doesn't mean it could not be used in this way by the next government. We have all seen how fast the political landscape can change.
+
+- **Violating the GDPR (and other laws)**: The General Data Protection Regulation (GDPR) offers wonderful protections to Europeans. Sadly, Chat Control would make a complete farce of it. The Right to Erasure (right to delete) could be reduced to ashes by Chat Control, including for any highly sensitive information wrongly caught in the CSAR net. Moreover, it would [violate Article 7 and Article 8](https://tuta.com/blog/chat-control-criticism) of the EU Charter of Fundamental Rights.
+
+Protecting the children is only the excuse used in hope of convincing a misinformed public. **Chat Control is authoritarian mass surveillance.**
+
+Authorities understand well how important protecting communication and information is. This is why they included an exemption to protect *their own* communications, but not yours.
+
+## Would this protect the children?
+
+No.
+
+This cannot be stressed enough: **This regulation would not protect the children, it would *harm* the children**, and everyone else too, worldwide. Claiming otherwise is either naivety, or misinformation.
+
+Last year, the civil and human rights association European Digital Rights (EDRi) put together a [joint statement from 48 organizations](https://edri.org/our-work/joint-statement-on-the-future-of-the-csa-regulation/) for children's protection, digital rights, and human rights, demanding that the European Parliament invest instead in proven strategies to fight child abuse. This appeal to reason does not seem to have been heard by most EU Member States.
+
+There are many things we can do as a society to increase protections for children and fight abusers and criminals, but Chat Control is far from it all. Protection of the children is clearly only an excuse here, and a very misleading one.
+
+![A popular No Yes meme, with the face replaced with the European Commission logo. In the No-part is: "Invest in: social workers, help for victims, support hotlines, prevention, education, targeted police work, IT-security", and in the Yes-part below is: "Buy Chat Control filter technology that doesn't solve the problem".](../assets/images/chat-control-must-be-stopped/chatcontrol-stopscanningme-meme-4.webp)
+<small aria-hidden="true">[Image](https://stopscanningme.eu/en/organise-now.html): Stop Scanning Me / EDRi</small>
+
+### Mislabelling children as criminals
+
+First, this automated system is flawed in many ways, and the false-positive rate would likely be high. But let's imagine that, magically, the system could flag CSAM at an accuracy rate of 99%. This still means 1% of reports would be false. Expanded to the size of Europe Union's population of approximately 450 million people, exchanging likely billions of messages and files every day, this still means millions could be falsely tagged as sexual predators, with all the [consequences](https://www.republik.ch/2022/12/08/die-dunklen-schatten-der-chatkontrolle) this implies.
+
+Worse, the Swiss federal police reported that currently about 80% of all automated reports received were [false-positives](https://www.patrick-breyer.de/en/posts/chat-control/#WhatYouCanDo). This means in reality, the error rate is likely far higher than 1%, and actually closer to an **80% error rate**. Of the approximate 20% of positive reports, in Germany, over 40% of investigations initiated [targeted children](https://www.polizei-beratung.de/aktuelles/detailansicht/straftat-verbreitung-kinderpornografie-pks-2022/) themselves.
+
+Sometimes, flagged content is simply teenagers innocently sexting each other consensually. Not only would they be wrongly tagged as criminals under Chat Control, but they'd be triggering an investigation that would expose their intimate photos to others.
+
+Even in a magical world where Chat Control AI is 99% accurate, it would still wrongly tag and **expose sensitive data from millions of children**. In reality, no AI system is even remotely close to this accuracy level, and proprietary algorithms are usually opaque black boxes impossible to audit transparently. The number of children Chat Control would harm, and likely traumatize for life, would be disastrous.
+
+### Exposing children's sensitive and sexual information
+
+Any content that could be deemed suspicious or explicit by the system, accurately or not, would be flagged and reported.
+
+When this content is reported, it will likely be uploaded to a database for human review. This means that if a teenager was sending an intimate photo of themselves to another consenting teenager, they could be flagged as sharing CSAM, even if it's their own photo. Then, their photo would be sent to the police for review. Information that should very much have stayed protected and private between these two teenagers is now exposed to strangers. This is wrong, and dangerous.
+
+Even innocuous communications such as daily conversations, teenagers chatting with each other, parents reporting information about their child to a [doctor](https://www.nytimes.com/2022/08/21/technology/google-surveillance-toddler-photo.html), and therapists talking with their patients, could all inadvertently expose children sensitive information. This is information that should have remained *private*, and would now be uploaded to a police database, likely [stored there forever](https://www.iccl.ie/news/an-garda-siochana-unlawfully-retains-files-on-innocent-people-who-it-has-already-cleared-of-producing-or-sharing-of-child-sex-abuse-material/) with few recourses to remove it.
+
+The more we collect sensitive information about children (photos, faces, locations, identifications, medical information, private chats, experiences, etc.), the more we risk exposing children to harm. This includes systems used by authorities and governments. Even if everyone with legitimate access to this data is miraculously 100% exemplary and incorruptible citizens, the databases and scanning systems will still be vulnerable to attacks from criminals and hostile governments alike.
+
+The only way to protect children's information properly is to **1) not collect it**, and **2) use end-to-end encryption to protect it** when we cannot avoid collecting it. Spying on everyone and every child is the opposite of that.
+
+### Authorities' databases will be attacked
+
+It's impossible to perfectly secure information online. There is a lot we can do to improve security (much more than is done now), but data breaches will happen.
+
+If governments mandate a backdoor to have access to all our online communication and stored files, it's inevitable that at least some criminals will eventually get access to it as well. This is even truer if this system is closed-source, [privatized](https://fortune.com/europe/2023/09/26/thorn-ashton-kutcher-ylva-johansson-csam-csa-regulation-european-commission-encryption-privacy-surveillance/), and isn't subjected to frequent independent audits with strong accountability.
+
+Once a vulnerability is found by criminals, they will have the same access as authorities have to our data. With Chat Control, this means pretty much all our data.
+
+In addition, Chat Control could facilitate the proliferation of even more spyware and [stalkerware](https://stopstalkerware.org/) on the market, thriving on the vulnerabilities found in the powerful system. This would allow *anyone* to purchase access to spy on *anyone*, including databases of identified children. It could give a direct backdoor-access to pedophiles. How could *this* be helping to protect the children?
+
+### The danger is inside
+
+Even if the idea of online strangers accessing children's sensitive data is terrifying, the worse danger in often much closer.
+
+Sadly, we already know that the [vast majority](https://content.c3p.ca/pdfs/C3P_SurvivorsSurveyFullReport2017.pdf) of child sexual abuse is perpetrated by adults close to the child, not strangers, and that two-thirds of CSAM images appear to have been [produced at home](https://theconversation.com/new-research-shows-parents-are-major-producers-of-child-sexual-abuse-material-153722). Chat Control would do nothing to fight this. In fact, it could facilitate it.
+
+Child abuse is an incredibly important topic to discuss and to fight against as a society. Utilizing this issue as an excuse to pass a surveillance law that would endanger everyone, including the victims, is despicable.
+
+When children are living with the abuser, the only escape is outside the home, and sometimes this means *online*. Abusers often use spying technologies to control and restrict access to help for their victims. If we make mass surveillance mandatory and normalized, this risks aggravating the stalkerware problem by obligating providers to implement backdoors in their systems. We would effectively be helping abusers at home to restrict access to help for their victims, including victims of CSAM. This is completely unacceptable.
+
+### How to actually help the children
+
+Despite the politicization of this issue to manipulate the public opinion in accepting mass surveillance, there are actually *proven* solutions to help to protect the children, online and offline.
+
+First, governments should [listen](https://mogis.info/static/media/uploads/eu-libe-mogis-hahne-07032023_en.pdf) to [organizations already doing the work](https://edri.org/our-work/most-criticised-eu-law-of-all-time/). Most are understaffed and under-resourced to properly support the victims and prosecute the criminals. Thousands of more reports every day would not help them do any effective work. More capacity to conduct *targeted* investigation and arrest criminals, and more capacity to create safe spaces to support the victims and witnesses will help.
+
+Privacy should be the default, for everyone.
+
+If all our services were using end-to-end encryption when possible, and implemented proper security and privacy features and practices, this would effectively help to protect the children as well. Abusers and criminals are looking for leaked and stolen data all the time. When a cloud photo storage gets hacked, your photos are up for grabs online, including the photos of your children. When parents upload photos of their children and their address online, and this data gets exposed (leaked, breached, AI-scraped, etc.), this data then becomes accessible to criminals.
+
+**Better privacy protections also means better protections for the children.**
+
+Children themselves should receive better education on how their data is used online and how to protect it. Additionally, it is vital to provide better education on what behaviors aren't normal coming from an adult, and how to reach out for help when it happens. Children should have access to safe and confidential resources to report abuse, whether it's happening outside or inside their home.
+
+Parents should be careful when sharing information about their children. And when they have to, they should benefit from complete confidentiality, knowing their communication is fully end-to-end encrypted and not shared with anyone else.
+
+There is so much we can do to help to protect better the children online, surveillance is the opposite of it all.
+
+## How would this affect me?
+
+If this regulation is approved on **October 14th, 2025** (the date for the final vote), the consequences would be devastating for everyone, even outside the European Union.
+
+We have seen how platforms implemented better privacy practices and features after the GDPR became effective in 2018, features that often benefited people worldwide. This could have the same effect in reverse.
+
+Every platform potentially handling data of people located in the EU would be subjected to the law. Platforms would be obligated to scan all communications and all files of (at least) data subjects located in the EU, even data currently protected with end-to-end encryption. This would affect popular apps and services like Signal, Tuta, Proton, WhatsApp, Telegram, and much more.
+
+### Outside of Europe
+
+This would not only affect Europeans' data, but also the data of anyone outside communicating with someone located in the European Union. Because end-to-end encryption can only work if **both** ends are protected.
+
+If Chat Control gets approved and applied, it will become very difficult to communicate with anyone located in the EU while keeping strong protections for your data. Many people might just accept the surveillance passively, and as a result lose their rights, their protections, and compromise their democratic processes. Overtime, this will likely lead to a slippery slope towards dystopian authoritarianism.
+
+Outside of Europe, you could expect to see services removing some privacy-protective features, downgrading encryption, blocking European countries that are subjected to the law, or moving outside of Europe entirely. If localization-based scanning is too complicated to handle for an application, some companies might just decide it's simpler to scan communications for all users, worldwide.
+
+Additionally, Five Eyes countries (Australia, Canada, New Zealand, the United Kingdom, and the United States) have already [expressed support](https://www.youtube.com/watch?v=L933xDcSS3o&t=2163s) for Chat Control, and might be keen to try the same at home, if this gets approved and tested in Europe first.
+
+### Inside of Europe
+
+Without using tools that would be now deemed illegal, you would lose any protections currently granted by end-to-end encryption. It would become impossible for you to send an email, a text message, or a photo without being observed by your government, and potentially also by criminals and foreign governments, following the inevitable data breaches.
+
+You would have to constantly self-censor to avoid triggering the system and getting reported to the authorities. At first, you would probably just have to stop sending nudes, sexting, or sending photos of naked children in the bathtub or playing at the beach. Then, this would escalate to never mentioning drug or anything that could sound like drug, even as a joke. Later, you might have to stop texting about going to a protest, and stop organizing protests online. Further down the line, you might even have to self-censor to make sure you are not saying anything negative about a leader, or a [foreign politician](https://www.reuters.com/world/us/trump-administration-resuming-student-visa-appointments-state-dept-official-says-2025-06-18/) even. This isn't that hypothetical, this sort of [oppressive surveillance](https://www.hrw.org/news/2017/11/19/china-police-big-data-systems-violate-privacy-target-dissent) already exists in some countries.
+
+Many services you currently rely on right now would simply shut down, or move away from Europe entirely. Businesses might also move outside of Europe if they worry about protecting their proprietary information. This could cause massive layoffs, while organizations move to jurisdictions where they are allowed to keep their data protected and unobserved.
+
+Finally, even if this doesn't affect you personally, or you don't believe it will, [**this isn't just about you**](the-privacy-of-others.md).
+
+The data of vulnerable people would be exposed and their safety put at risk. Victims might decide to stop reaching out for help or reporting crimes. Sources requiring anonymity might decide the risk isn't worth reporting valuable information to journalists. Opponents of governments in power could be silenced. Every democracy in the European Union would suffer greatly from it.
+
+Chat Control is completely antithetical to the values the European Union has been presenting to the world in recent years.
+
+![The popular Red Dress meme, with the offended woman overlaid with the words "Fundamental Rights", the whistling man the words "European Commission", and woman wearing the red dress the words "Scanning private messages and controlling how citizens use the internet".](../assets/images/chat-control-must-be-stopped/chatcontrol-stopscanningme-meme-2.webp)
+<small aria-hidden="true">[Image](https://stopscanningme.eu/en/organise-now.html): Stop Scanning Me / EDRi</small>
+
+## What can I do about it?
+
+Even if the landscape seems dismal, **the battle isn't over**. There are many things you can do, right now, to fight against this authoritarian dystopia.
+
+### For Europeans, specifically
+
+- Contact your country representatives **TODAY**. Contact them before this Friday, September 12th, 2025. The group Fight Chat Control has put together an [**easy tool**](https://fightchatcontrol.eu/#contact-tool) making this quick with only a few clicks.
+
+- After September 12th, the battle isn't over. Although governments will finalize their positions on that day, the final vote happens on **October 14th, 2025**. If you missed the September 12th deadline, keep contacting your representatives anyway.
+
+- Tell your family and friends to contact their representatives as well, talk about it, make noise.
+
+### For Everyone, including Europeans
+
+- Talk about Chat Control on social media often, especially this week. Make noise online. Use the hashtags #ChatControl and #StopScanningMe to help others learn more about the opposition movement.
+
+- Share informative [videos and memes](#resources-to-learn-more-and-fight-for-human-rights) about Chat Control. Spread the word in various forms.
+
+- Contact your European friends in impacted countries and tell them to contact their representatives NOW.
+
+- Even outside the EU, you can contact your own representatives as well, to let them know regulations like Chat Control are horrible for human rights, and you hope your country will never fall for such repressive laws. Tell your political representatives that privacy rights are important to you. **Your voice matters.**
+
+We need your help to fight this. For democracy, for privacy, and for all other human rights, we cannot afford to lose this battle.
+
+![Screenshot of the Fight Chat Control website in a browser.](../assets/images/chat-control-must-be-stopped/chatcontrol-fightchatcontrol-website.webp)
+<small aria-hidden="true">Screenshot: [fightchatcontrol.eu](https://fightchatcontrol.eu/)</small>
+
+## Resources to learn more, and fight for human rights
+
+### Videos about Chat Control
+
+- [**Stop Scanning Me**: Short video that summarizes perfectly the issues with Chat Control](https://stopscanningme.eu/video/csar-explainer.mp4)
+
+- [**Stop Scanning Me**: German-language version of the same short video](https://www.patrick-breyer.de/posts/chat-control/)
+
+- [**Louis Rossmann**: Video discussing why privacy matters, and the impact of Chat Control from a perspective outside of Europe](https://www.youtube.com/watch?v=3NyUgv6dpJc)
+
+- [**Shaping Opinion**: Excellent interview with Chat Control expert Patrick Breyer (recommended)](https://www.youtube.com/watch?v=L933xDcSS3o)
+
+- [**Patrick Breyer**: PeerTube channel with numerous videos related to Chat Control (German & English)](https://peertube.european-pirates.eu/c/patrick_breyer_mep_channel)
+
+### Memes about Chat Control
+
+- [**Stop Scanning Me**: Memes, banners, and other graphics](https://stopscanningme.eu/en/organise-now.html)
+
+- [**Patrick Breyer**: Memes, explainers, maps, and other graphics](https://www.patrick-breyer.de/posts/chat-control/#WhatYouCanDo)
+
+### Websites with more information
+
+- [**Fight Chat Control** (Contact your representatives here **TODAY**!)](https://fightchatcontrol.eu/)
+
+- [**Stop Scanning Me** (from EDRi)](https://stopscanningme.eu)
+
+- [**Patrick Breyer** (expert and former Member of the European Parliament)](https://www.patrick-breyer.de/posts/chat-control/)
+
+- [**European Crypto Initiative**](https://eu.ci/eu-chat-control-regulation/)
+
+- [Follow **Fight Chat Control** on Mastodon for updates](https://mastodon.social/@chatcontrol)
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Important Note: If you are reading this article after September 12th</p>
+
+Regardless of the outcome on Friday, the fight isn't over after September 12th. The next deadline will be the **final vote on October 14th, 2025**.
+
+If you've missed September 12th, make sure to contact your representatives **right now** to tell them to **oppose Chat Control** on October 14th.
+
+</div>
+
+Update (9/8): Added clarification about what Chat Control is for readers unfamiliar with it.

docs/about.md

@@ -182,6 +182,7 @@ However, Privacy Guides *does* have social media accounts on a wide variety of p
 - [:simple-reddit: Reddit](https://reddit.com/r/PrivacyGuides)
 - [:simple-x: X (Twitter)](https://x.com/privacy_guides)
 - [:simple-youtube: YouTube](https://youtube.com/@privacyguides)
+- [:simple-tiktok: TikTok](https://www.tiktok.com/@privacyguides)
 
 </div>
 

docs/advanced/payments.md

@@ -3,7 +3,7 @@ title: Private Payments
 icon: material/hand-coin
 description: Your buying habits are the holy grail of ad targeting, but you still have plenty of options when it comes to making payments privately.
 ---
-Data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately.
+Data about your buying habits is considered the holy grail of ad targeting: Your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately.
 
 ## Cash
 
@@ -17,7 +17,7 @@ Despite the above, cash is typically the best option when available.
 
 You can easily purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually don’t have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout in an effort to reduce fraud.
 
-Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (e.g.: from Visa or Mastercard) usually have limits of up to $1,000 per card.
+Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (e.g. from Visa or Mastercard) usually have limits of up to $1,000 per card.
 
 Gift cards have the downside of being subject to merchant policies, which can have terrible terms and restrictions. For example, some merchants don’t accept payment in gift cards exclusively, or they may cancel the value of the card if they consider you to be a high-risk user. Once you have merchant credit, the merchant has a strong degree of control over this credit.
 
@@ -43,7 +43,7 @@ These tend to be good options for recurring/subscription payments online, while
 
 ## Cryptocurrency
 
-Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a transparent blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose.
+Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a transparent blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only purchase amounts which would not be disastrous to lose.
 
 <div class="admonition danger" markdown>
 <p class="admonition-title">Danger</p>
@@ -72,7 +72,7 @@ Anonymous transactions on a transparent blockchain are *theoretically* possible,
 
 ### Wallet Custody
 
-With cryptocurrency there are two forms of wallets: custodial wallets and self-custody wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Self-custody wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, self-custody wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies.
+With cryptocurrency there are two forms of wallets: custodial wallets and self-custody wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Self-custody wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, self-custody wallets provide greater security and censorship resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies.
 
 ### Acquisition
 
@@ -84,7 +84,7 @@ If you go this route, make sure to purchase Monero at different times and in dif
 
 ## Additional Considerations
 
-When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself.
+When you're making a payment in person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself.
 
 When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address.
 

docs/cloud.md

@@ -1,6 +1,6 @@
 ---
 meta_title: "The Best Private and Secure Cloud Storage Providers - Privacy Guides"
-title: "Cloud Storage"
+title: Cloud Storage
 icon: material/file-cloud
 description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives!
 cover: cloud.webp
@@ -17,7 +17,7 @@ If these alternatives do not fit your needs, we suggest you look into using encr
 <details class="admonition info" markdown>
 <summary>Looking for Nextcloud?</summary>
 
-Nextcloud is [still a recommended tool](document-collaboration.md#nextcloud) for self-hosting a file management suite, however we do not recommend third-party Nextcloud storage providers at the moment, because we do [not recommend](https://discuss.privacyguides.net/t/dont-recommend-nextcloud-e2ee/10352/29) Nextcloud's built-in E2EE functionality for home users.
+For more technical readers, Nextcloud is [still a recommended tool](self-hosting/file-management.md#nextcloud) for self-hosting a file management suite, however we do not recommend third-party Nextcloud storage providers at the moment, because we do [not recommend](https://discuss.privacyguides.net/t/dont-recommend-nextcloud-e2ee/10352/29) Nextcloud's built-in E2EE functionality for home users.
 
 </details>
 
@@ -97,7 +97,7 @@ They have also received the Digital Trust Label, a certification from the [Swiss
 
 ![Peergos logo](assets/img/cloud/peergos.svg){ align=right }
 
-**Peergos** is a decentralized protocol and open-source platform for storage, social media, and applications. It provides a secure and private space where users can store, share, and view their photos, videos, documents, etc. Peergos secures your files with quantum-resistant end-to-end encryption and ensures all data about your files remains private.
+**Peergos** is a decentralized protocol and open-source platform for storage, social media, and applications. It provides a secure and private space where users can store, share, and view their photos, videos, documents, etc. Peergos secures your files with quantum-resistant E2EE and ensures all data about your files remains private.
 
 [:octicons-home-16: Homepage](https://peergos.org){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://peergos.net/privacy.html){ .card-link title="Privacy Policy" }

docs/dns.md

@@ -1,5 +1,5 @@
 ---
-title: "DNS Resolvers"
+title: DNS Resolvers
 icon: material/dns
 description: We recommend choosing these encrypted DNS providers to replace your ISP's default configuration.
 cover: dns.webp
@@ -10,7 +10,7 @@ global:
 
 - [:material-account-cash: Surveillance Capitalism](basics/common-threats.md#surveillance-as-a-business-model){ .pg-brown }
 
-Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity.
+Encrypted **DNS** with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity.
 
 [Learn more about DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md){ .md-button }
 
@@ -54,52 +54,9 @@ These are our favorite public DNS resolvers based on their privacy and security
 
     Quad9: [*Data and Privacy Policy*](https://quad9.net/privacy/policy)
 
-## Self-Hosted DNS Filtering
-
-A self-hosted DNS solution is useful for providing filtering on controlled platforms, such as Smart TVs and other IoT devices, as no client-side software is needed.
-
-### Pi-hole
-
-<div class="admonition recommendation" markdown>
-
-![Pi-hole logo](assets/img/dns/pi-hole.svg){ align=right }
-
-**Pi-hole** is an open-source [DNS-sinkhole](https://en.wikipedia.org/wiki/DNS_sinkhole) which uses [DNS filtering](https://cloudflare.com/learning/access-management/what-is-dns-filtering) to block unwanted web content, such as advertisements.
-
-Pi-hole is designed to be hosted on a Raspberry Pi, but it is not limited to such hardware. The software features a friendly web interface to view insights and manage blocked content.
-
-[:octicons-home-16: Homepage](https://pi-hole.net){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://pi-hole.net/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://docs.pi-hole.net){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute }
-
-</details>
-
-</div>
-
-### AdGuard Home
-
-<div class="admonition recommendation" markdown>
-
-![AdGuard Home logo](assets/img/dns/adguard-home.svg){ align=right }
-
-**AdGuard Home** is an open-source [DNS-sinkhole](https://en.wikipedia.org/wiki/DNS_sinkhole) which uses [DNS filtering](https://cloudflare.com/learning/access-management/what-is-dns-filtering) to block unwanted web content, such as advertisements.
-
-AdGuard Home features a polished web interface to view insights and manage blocked content.
-
-[:octicons-home-16: Homepage](https://adguard.com/adguard-home/overview.html){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://adguard.com/privacy/home.html){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://github.com/AdguardTeam/AdGuardHome/wiki){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/AdguardTeam/AdGuardHome){ .card-link title="Source Code" }
-
-</details>
-
-</div>
-
 ## Cloud-Based DNS Filtering
 
-These DNS filtering solutions offer a web dashboard where you can customize the block lists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
+These DNS filtering solutions offer a web dashboard where you can customize the block lists to your exact needs. These services can be used easily across multiple networks.
 
 ### Control D
 
@@ -107,7 +64,9 @@ These DNS filtering solutions offer a web dashboard where you can customize the
 
 ![Control D logo](assets/img/dns/control-d.svg){ align=right }
 
-**Control D** is a customizable DNS service which lets you block security threats, unwanted content, and advertisements on a DNS level. In addition to their paid plans, they offer a number of preconfigured DNS resolvers you can use for free.
+**Control D** is a customizable DNS service which lets you block security threats, unwanted content, and advertisements on a DNS level.
+
+In addition to their paid plans, they offer a number of preconfigured DNS resolvers you can use for free.
 
 [:octicons-home-16: Homepage](https://controld.com){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://controld.com/privacy){ .card-link title="Privacy Policy" }
@@ -134,7 +93,9 @@ These DNS filtering solutions offer a web dashboard where you can customize the
 
 ![NextDNS logo](assets/img/dns/nextdns.svg){ align=right }
 
-**NextDNS** is a customizable DNS service which lets you block security threats, unwanted content, and advertisements on a DNS level. They offer a fully functional free plan for limited use.
+**NextDNS** is a customizable DNS service which lets you block security threats, unwanted content, and advertisements on a DNS level.
+
+They offer a fully functional free plan for limited use.
 
 [:octicons-home-16: Homepage](https://nextdns.io){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://nextdns.io/privacy){ .card-link title="Privacy Policy" }

docs/document-collaboration.md

@@ -1,77 +1,41 @@
 ---
-title: "Document Collaboration"
+title: Document Collaboration
 icon: material/account-group
-description: Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do.
+description: Most online office suites do not support end-to-end encryption, meaning the cloud provider has access to everything you do.
 cover: document-collaboration.webp
 ---
 <small>Protects against the following threat(s):</small>
 
 - [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers){ .pg-teal }
 
-Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. The provider's privacy policy may legally protect your rights, but it does not provide technical access constraints.
+Most online **document collaboration** platforms like Google Drive do not support end-to-end encryption, meaning the cloud provider has access to everything you do. The provider's privacy policy may legally protect your rights, but it does not provide technical access constraints.
 
-## Collaboration Platforms
-
-### Nextcloud
-
-<div class="admonition recommendation" markdown>
-
-![Nextcloud logo](assets/img/document-collaboration/nextcloud.svg){ align=right }
-
-**Nextcloud** is a suite of free and open-source client-server software for creating your own file hosting services on a private server you control.
-
-[:octicons-home-16: Homepage](https://nextcloud.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://nextcloud.com/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://nextcloud.com/support){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/nextcloud){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://nextcloud.com/contribute){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.nextcloud.client)
-- [:simple-appstore: App Store](https://apps.apple.com/app/id1125420102)
-- [:simple-github: GitHub](https://github.com/nextcloud/android/releases)
-- [:fontawesome-brands-windows: Windows](https://nextcloud.com/install/#install-clients)
-- [:simple-apple: macOS](https://nextcloud.com/install/#install-clients)
-- [:simple-linux: Linux](https://nextcloud.com/install/#install-clients)
-
-</details>
-
-</div>
-
-<div class="admonition danger" markdown>
-<p class="admonition-title">Danger</p>
-
-We don't recommend using the [E2EE App](https://apps.nextcloud.com/apps/end_to_end_encryption) for Nextcloud as it may lead to data loss; it is highly experimental and not production quality. For this reason, we don't recommend third-party Nextcloud providers.
-
-</div>
-
-### CryptPad
+## CryptPad
 
 <div class="admonition recommendation" markdown>
 
 ![CryptPad logo](assets/img/document-collaboration/cryptpad.svg){ align=right }
 
-**CryptPad** is a private-by-design alternative to popular office tools. All content on this web service is end-to-end encrypted and can be shared with other users easily. [:material-star-box: Read our latest CryptPad review.](https://www.privacyguides.org/articles/2025/02/07/cryptpad-review)
+**CryptPad** is a private-by-design alternative to popular, full-fledged office suites. All content on this web service is E2EE and can be shared with other users easily.
+
+[:material-star-box: Read our latest CryptPad review.](https://www.privacyguides.org/articles/2025/02/07/cryptpad-review)
 
 [:octicons-home-16: Homepage](https://cryptpad.fr){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://cryptpad.fr/pad/#/2/pad/view/GcNjAWmK6YDB3EO2IipRZ0fUe89j43Ryqeb4fjkjehE){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://docs.cryptpad.fr){ .card-link title=Documentation}
+[:octicons-server-16:](https://cryptpad.org/instances){ .card-link title="Public Instances" }
+[:octicons-info-16:](https://docs.cryptpad.fr){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/xwiki-labs/cryptpad){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://opencollective.com/cryptpad){ .card-link title=Contribute }
+[:octicons-heart-16:](https://opencollective.com/cryptpad){ .card-link title="Contribute" }
 
 </details>
 
 </div>
 
-### Criteria
+## Criteria
 
 **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
 
-#### Minimum Requirements
-
-In general, we define collaboration platforms as full-fledged suites which could reasonably act as a replacement to Google Drive.
+### Minimum Requirements
 
 - Must be open source.
 - Must make files accessible via WebDAV unless it is impossible due to E2EE.
@@ -80,7 +44,7 @@ In general, we define collaboration platforms as full-fledged suites which could
 - Must support real-time document collaboration.
 - Must support exporting documents to standard document formats (e.g. ODF).
 
-#### Best-Case
+### Best-Case
 
 Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
 

docs/file-sharing.md

@@ -1,5 +1,5 @@
 ---
-title: "File Sharing and Sync"
+title: File Sharing and Sync
 icon: material/share-variant
 description: Discover how to privately share your files between your devices, with your friends and family, or anonymously online.
 cover: file-sharing.webp
@@ -24,9 +24,9 @@ If you already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarde
 
 [:octicons-home-16: Homepage](https://send.vis.ee){ .md-button .md-button--primary }
 [:octicons-server-16:](https://github.com/timvisee/send-instances){ .card-link title="Public Instances"}
-[:octicons-info-16:](https://github.com/timvisee/send#readme){ .card-link title=Documentation}
+[:octicons-info-16:](https://github.com/timvisee/send#readme){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/timvisee/send){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://github.com/sponsors/timvisee){ .card-link title=Contribute }
+[:octicons-heart-16:](https://github.com/sponsors/timvisee){ .card-link title="Contribute" }
 
 </details>
 
@@ -48,7 +48,7 @@ ffsend upload --host https://send.vis.ee/ FILE
 
 [:octicons-home-16: Homepage](https://onionshare.org){ .md-button .md-button--primary }
 [:simple-torbrowser:](http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion){ .card-link title="Onion Service" }
-[:octicons-info-16:](https://docs.onionshare.org){ .card-link title=Documentation}
+[:octicons-info-16:](https://docs.onionshare.org){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/onionshare/onionshare){ .card-link title="Source Code" }
 
 <details class="downloads" markdown>
@@ -73,60 +73,8 @@ OnionShare provides the option to connect via [Tor bridges](https://docs.onionsh
 - Must be open-source software.
 - Must either have clients for Linux, macOS, and Windows; or have a web interface.
 
-## FreedomBox
-
-<div class="admonition recommendation" markdown>
-
-![FreedomBox logo](assets/img/file-sharing-sync/freedombox.svg){ align=right }
-
-**FreedomBox** is an operating system designed to be run on a [single-board computer (SBC)](https://en.wikipedia.org/wiki/Single-board_computer). The purpose is to make it easy to set up server applications that you might want to self-host.
-
-[:octicons-home-16: Homepage](https://freedombox.org){ .md-button .md-button--primary }
-[:octicons-info-16:](https://wiki.debian.org/FreedomBox/Manual){ .card-link title=Documentation}
-[:octicons-code-16:](https://salsa.debian.org/freedombox-team/freedombox){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://freedomboxfoundation.org/donate){ .card-link title=Contribute }
-
-</details>
-
-</div>
-
 ## File Sync
 
-### Nextcloud (Client-Server)
-
-<div class="admonition recommendation" markdown>
-
-![Nextcloud logo](assets/img/document-collaboration/nextcloud.svg){ align=right }
-
-**Nextcloud** is a suite of free and open-source client-server software for creating your own file hosting services on a private server you control.
-
-[:octicons-home-16: Homepage](https://nextcloud.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://nextcloud.com/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://nextcloud.com/support){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/nextcloud){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://nextcloud.com/contribute){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.nextcloud.client)
-- [:simple-appstore: App Store](https://apps.apple.com/app/id1125420102)
-- [:simple-github: GitHub](https://github.com/nextcloud/android/releases)
-- [:fontawesome-brands-windows: Windows](https://nextcloud.com/install/#install-clients)
-- [:simple-apple: macOS](https://nextcloud.com/install/#install-clients)
-- [:simple-linux: Linux](https://nextcloud.com/install/#install-clients)
-
-</details>
-
-</div>
-
-<div class="admonition danger" markdown>
-<p class="admonition-title">Danger</p>
-
-We don't recommend using the [E2EE App](https://apps.nextcloud.com/apps/end_to_end_encryption) for Nextcloud as it may lead to data loss; it is highly experimental and not production quality.
-
-</div>
-
 ### Syncthing (P2P)
 
 <div class="admonition recommendation" markdown>

docs/health-and-wellness.md

@@ -66,21 +66,20 @@ Popular menstrual trackers like [Flo](https://techcrunch.com/2021/01/13/flo-gets
 
 These general purpose apps can do everything from counting steps and tracking sleep to measuring your heartbeat.
 
-### Apple Health
+### Apple Fitness
 
 <div class="admonition recommendation" markdown>
 
-![Apple logo](assets/img/health-and-wellness/apple-health.svg#only-light){ align=right }![Apple logo](assets/img/health-and-wellness/apple-health-dark.svg#only-dark){ align=right }
+![Apple Fitness logo](assets/img/health-and-wellness/apple-fitness.webp){ align=right }
 
-**Apple Health** is the default health and fitness app for iOS. Apple Health always uses end-to-end encryption when syncing across multiple devices. Additionally, almost all measured data is processed on your device.
+**Apple Fitness** is the default fitness app for iOS. Apple Fitness always uses end-to-end encryption when syncing across multiple devices. Additionally, almost all measured data is processed on your device.
 
-[:octicons-home-16: Homepage](https://apple.com/health){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://apple.com/legal/privacy/consumer-health-personal-data/en-ww){ .card-link title="Privacy Policy" }
 
 <details class="downloads" markdown>
 <summary>Downloads</summary>
 
-- [:simple-appstore: App Store](https://apps.apple.com/app/apple-health/id1242545199)
+- [:simple-appstore: App Store](https://apps.apple.com/app/id1208224953)
 
 </details>
 
@@ -120,9 +119,9 @@ These apps help you collect and manage personal health data and share it with he
 
 <div class="admonition recommendation" markdown>
 
-![Apple logo](assets/img/health-and-wellness/apple-health.svg#only-light){ align=right }![Apple logo](assets/img/health-and-wellness/apple-health-dark.svg#only-dark){ align=right }
+![Apple logo](assets/img/health-and-wellness/apple-health.webp#only-light){ align=right }![Apple logo](assets/img/health-and-wellness/apple-health-dark.webp#only-dark){ align=right }
 
-**Apple Health Records** is a built-in feature within [Apple Health](#apple-health) that allows you to view, store, and share your health records. It shares the security and privacy features of Apple Health.
+**Apple Health Records** is a built-in feature within [Apple Health](https://apple.com/health) that allows you to view, store, and share your health records. It shares the security and privacy features of [Apple Fitness](#apple-fitness).
 
 [:octicons-home-16: Homepage](https://apple.com/health){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://apple.com/legal/privacy/consumer-health-personal-data/en-ww){ .card-link title="Privacy Policy" }

docs/maps.md

@@ -25,14 +25,14 @@ Features include cycling routes, hiking trails and walking paths, turn-by-turn n
 
 [:octicons-home-16: Homepage](https://organicmaps.app){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://organicmaps.app/privacy){ .card-link title="Privacy Policy" }
-[:octicons-code-16:](https://git.omaps.dev/organicmaps/organicmaps){ .card-link title="Source Code" }
+[:octicons-code-16:](https://github.com/organicmaps/organicmaps){ .card-link title="Source Code" }
 
 <details class="downloads" markdown>
 <summary>Downloads</summary>
 
 - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.organicmaps)
 - [:simple-appstore: App Store](https://apps.apple.com/app/organic-maps/id1567437057)
-- [:simple-forgejo: Forgejo](https://git.omaps.dev/organicmaps/organicmaps/releases)
+- [:simple-github: GitHub](https://github.com/organicmaps/organicmaps/releases)
 - [:simple-linux: Linux](https://flathub.org/apps/app.organicmaps.desktop)
 
 </details>

docs/meta/admonitions.md

@@ -164,7 +164,7 @@ This format is used to generate recommendation cards. Notably it is missing the
 ``` markdown title="Recommendation Card"
 <div class="admonition recommendation" markdown>
 
-![PhotoPrism logo](assets/img/photo-management/photoprism.svg){ align=right }
+![PhotoPrism logo](assets/img/self-hosting/photoprism.svg){ align=right }
 
 **PhotoPrism** is a self-hostable platform for managing photos. It supports album syncing and sharing as well as a variety of other [features](https://photoprism.app/features). It does not include end-to-end encryption, so it's best hosted on a server that you trust and is under your control.
 
@@ -173,13 +173,6 @@ This format is used to generate recommendation cards. Notably it is missing the
 [:octicons-info-16:](https://photoprism.app/kb){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/photoprism){ .card-link title="Source Code" }
 
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-github: GitHub](https://github.com/photoprism)
-
-</details>
-
 </div>
 ```
 
@@ -187,7 +180,7 @@ This format is used to generate recommendation cards. Notably it is missing the
 
 <div class="admonition recommendation" markdown>
 
-![PhotoPrism logo](../assets/img/photo-management/photoprism.svg){ align=right }
+![PhotoPrism logo](../assets/img/self-hosting/photoprism.svg){ align=right }
 
 **PhotoPrism** is a self-hostable platform for managing photos. It supports album syncing and sharing as well as a variety of other [features](https://photoprism.app/features). It does not include end-to-end encryption, so it's best hosted on a server that you trust and is under your control.
 
@@ -196,13 +189,6 @@ This format is used to generate recommendation cards. Notably it is missing the
 [:octicons-info-16:](https://photoprism.app/kb){ .card-link title="Documentation" }
 [:octicons-code-16:](https://github.com/photoprism){ .card-link title="Source Code" }
 
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-github: GitHub](https://github.com/photoprism)
-
-</details>
-
 </div>
 
 </div>

docs/passwords.md

@@ -1,6 +1,6 @@
 ---
 meta_title: "The Best Password Managers to Protect Your Privacy and Security - Privacy Guides"
-title: "Password Managers"
+title: Password Managers
 icon: material/form-textbox-password
 description: Password managers allow you to securely store and manage passwords and other credentials.
 cover: passwords.webp
@@ -176,17 +176,10 @@ These password managers sync your passwords to a cloud server for easy accessibi
 
 Bitwarden uses [PBKDF2](https://bitwarden.com/help/kdf-algorithms/#pbkdf2) as its key derivation function (KDF) algorithm by default. It also offers [Argon2](https://bitwarden.com/help/kdf-algorithms/#argon2id), which is more secure, as an alternative. You can change your account's KDF algorithm in the web vault:
 
-- [x] Select **Settings > Security > Keys > KDF algorithm > Argon2id**
+- [x] Select **Settings → Security → Keys → KDF algorithm → Argon2id**
 
 Bitwarden's server-side code is [open source](https://github.com/bitwarden/server), so if you don't want to use the Bitwarden cloud, you can easily host your own Bitwarden sync server.
 
-**Vaultwarden** is an alternative implementation of Bitwarden's sync server written in Rust and compatible with official Bitwarden clients, perfect for self-hosted deployment where running the resource-heavy official service might not be ideal. If you are looking to self-host Bitwarden on your own server, you almost certainly want to use Vaultwarden over Bitwarden's official server code.
-
-[:octicons-repo-16: Vaultwarden Repository](https://github.com/dani-garcia/vaultwarden){ .md-button }
-[:octicons-info-16:](https://github.com/dani-garcia/vaultwarden/wiki){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/dani-garcia/vaultwarden){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://github.com/sponsors/dani-garcia){ .card-link title="Contribute" }
-
 ### Proton Pass
 
 <div class="admonition recommendation" markdown>

docs/photo-management.md

@@ -44,28 +44,6 @@ The free plan offers 10 GB of storage as long as you use the service at least o
 
 Ente Photos underwent an audit by [Cure53](https://ente.io/blog/cryptography-audit) in March 2023 and by [Fallible](https://ente.io/reports/Fallible-Audit-Report-19-04-2023.pdf) in April 2023.
 
-## PhotoPrism
-
-<div class="admonition recommendation" markdown>
-
-![PhotoPrism logo](assets/img/photo-management/photoprism.svg){ align=right }
-
-**PhotoPrism** is a self-hostable platform for managing photos. It supports album syncing and sharing as well as a variety of other [features](https://photoprism.app/features). It does not include E2EE, so it's best hosted on a server that you trust and is under your control.
-
-[:octicons-home-16: Homepage](https://photoprism.app){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://photoprism.app/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://photoprism.app/kb){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/photoprism){ .card-link title="Source Code" }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-github: GitHub](https://github.com/photoprism)
-
-</details>
-
-</div>
-
 ## Criteria
 
 **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.

docs/security-keys.md

@@ -85,7 +85,7 @@ The firmware of YubiKey is not updatable. If you want features in newer firmware
   ![Nitrokey](assets/img/security-keys/nitrokey.jpg){ width="300" }
 </figure>
 
-**Nitrokey** has a security key capable of [FIDO2 and WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online) called the **Nitrokey FIDO2**. For PGP support, you need to purchase one of their other keys such as the **Nitrokey Start**, **Nitrokey Pro 2**, or the **Nitrokey Storage 2**.
+The **Nitrokey 3A Mini** [has FIDO Authenticator Level 1 Certification](https://www.nitrokey.com/news/2024/nitrokey-3a-mini-receives-official-fido2-certification). The Nitrokey 3 Series in general has a wide range of features such as [Universal 2nd Factor (U2F)](https://en.wikipedia.org/wiki/Universal_2nd_Factor), [FIDO2 and WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online), Personal Identity Verification (PIV), OpenPGP, and TOTP and HOTP authentication.
 
 [:octicons-home-16: Homepage](https://nitrokey.com){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://nitrokey.com/data-privacy-policy){ .card-link title="Privacy Policy" }
@@ -95,23 +95,26 @@ The firmware of YubiKey is not updatable. If you want features in newer firmware
 
 </div>
 
-The [comparison table](https://nitrokey.com/products/nitrokeys) shows how the different Nitrokey models compare to each other in terms of features and other specifications. The **Nitrokey 3** listed will have a combined feature set.
+The [comparison table](https://nitrokey.com/products/nitrokeys) shows how the different Nitrokey models compare to each other in terms of features and other specifications.
 
 Nitrokey models can be configured using the [Nitrokey app](https://nitrokey.com/download).
 
-For the models which support HOTP and TOTP, there are 3 slots for HOTP and 15 for TOTP. Some Nitrokeys can act as a password manager. They can store 16 different credentials and encrypt them using the same password as the OpenPGP interface.
+The Nitrokey 3 Series can act as a password manager. They can store up to 50 different entries, and each entry can contain login, password, comment and OTP.
 
 <div class="admonition warning" markdown>
 <p class="admonition-title">Warning</p>
 
-While Nitrokeys do not release the HOTP/TOTP secrets to the device they are plugged into, the HOTP and TOTP storage is **not** encrypted and is vulnerable to physical attacks. If you are looking to store HOTP or TOTP secrets, we highly recommend that you use a YubiKey instead.
+Excluding the Nitrokey 3, Nitrokeys with HOTP and TOTP storage do not have it encrypted, making them vulnerable to physical attacks.
 
 </div>
 
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warning</p>
+**Nitrokey** also has the **Nitrokey Passkey**, a lower-price security key capable of [FIDO2 and WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online). This key provides only basic FIDO2 functionality, but for most people that is all you will need. Some notable features the Security Key series does **not** have include:
 
-Resetting the OpenPGP interface on a Nitrokey [Pro 2](https://docs.nitrokey.com/nitrokeys/pro/factory-reset) or Nitrokey [Start 2](https://docs.nitrokey.com/nitrokeys/storage/factory-reset) will also make the password database inaccessible.
+- Password Manager
+- PIV
+- OpenPGP
+- Tamper-resistant smart card
+- TOTP and HOTP
 
 </div>
 

docs/self-hosting/dns-filtering.md

@@ -0,0 +1,48 @@
+---
+title: DNS Filtering
+meta_title: "Self-Hosting DNS Solutions - Privacy Guides"
+icon: material/dns
+description: For our more technical readers, self-hosting a DNS solution can provide filtering for devices not covered by cloud-based DNS solutions.
+cover: dns.webp
+---
+<small>Protects against the following threat(s):</small>
+
+- [:material-server-network: Service Providers](../basics/common-threats.md#privacy-from-service-providers){ .pg-teal }
+- [:material-account-cash: Surveillance Capitalism](../basics/common-threats.md#surveillance-as-a-business-model){ .pg-brown }
+
+**Self-hosting DNS** is useful for providing [DNS filtering](https://cloudflare.com/learning/access-management/what-is-dns-filtering) on controlled platforms, such as smart TVs and other IoT devices, as no client-side software is needed. Keep in mind that the DNS solutions below are typically restricted to your home or local network unless you set up a more advanced configuration.
+
+## DNS Sinkholes
+
+[**DNS sinkholes**](https://en.wikipedia.org/wiki/DNS_sinkhole) use DNS filtering to block unwanted web content such as advertisements.
+
+### Pi-Hole
+
+<div class="admonition recommendation" markdown>
+
+![Pi-hole logo](../assets/img/self-hosting/pi-hole.svg){ align=right }
+
+**Pi-hole** is an open-source DNS sinkhole which features a friendly web interface to view insights and manage blocked content. Pi-hole is designed to be hosted on a Raspberry Pi, but it is not limited to such hardware.
+
+[:octicons-home-16: Homepage](https://pi-hole.net){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://pi-hole.net/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://docs.pi-hole.net){ .card-link title="Documentation" }
+[:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title="Contribute" }
+
+</div>
+
+### AdGuard Home
+
+<div class="admonition recommendation" markdown>
+
+![AdGuard Home logo](../assets/img/self-hosting/adguard-home.svg){ align=right }
+
+**AdGuard Home** is an open-source DNS sinkhole which features a polished web interface to view insights and manage blocked content.
+
+[:octicons-home-16: Homepage](https://adguard.com/adguard-home/overview.html){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://adguard.com/privacy/home.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://github.com/AdguardTeam/AdGuardHome/wiki){ .card-link title="Documentation" }
+[:octicons-code-16:](https://github.com/AdguardTeam/AdGuardHome){ .card-link title="Source Code" }
+
+</div>

docs/self-hosting/email-servers.md

@@ -1,6 +1,6 @@
 ---
 title: Email Servers
-meta_title: "Self-Hosted Email - Privacy Guides"
+meta_title: "Self-Hosting Email - Privacy Guides"
 icon: material/email
 description: For our more technical readers, self-hosting your own email can provide additional privacy assurances by having maximum control over your data.
 cover: email.webp
@@ -9,7 +9,7 @@ cover: email.webp
 
 - [:material-server-network: Service Providers](../basics/common-threats.md#privacy-from-service-providers){ .pg-teal }
 
-Advanced system administrators may consider setting up their own email server. Mail servers require attention and continuous maintenance in order to keep things secure and mail delivery reliable. In addition to the "all-in-one" solutions below, we've picked out a few articles that cover a more manual approach:
+Advanced system administrators may consider setting up their own **email server**. Mail servers require attention and continuous maintenance in order to keep things secure and mail delivery reliable. In addition to the "all-in-one" solutions below, we've picked out a few articles that cover a more manual approach:
 
 - [Setting up a mail server with OpenSMTPD, Dovecot and Rspamd](https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd) (2019)
 - [How To Run Your Own Mail Server](https://www.c0ffee.net/blog/mail-server-guide) (August 2017)

docs/self-hosting/file-management.md

@@ -0,0 +1,81 @@
+---
+title: File Management
+meta_title: "Self-Hosting File Management Tools - Privacy Guides"
+icon: material/file-multiple-outline
+description: For our more technical readers, self-hosting file management tools can provide additional privacy assurances by having maximum control over your data.
+cover: cloud.webp
+---
+<small>Protects against the following threat(s):</small>
+
+- [:material-server-network: Service Providers](../basics/common-threats.md#privacy-from-service-providers){ .pg-teal }
+
+Self-hosting your own **file management** tools may be a good idea to reduce the risk of encryption flaws in a cloud provider's native clients.
+
+## Photo Management
+
+### PhotoPrism
+
+<div class="admonition recommendation" markdown>
+
+![PhotoPrism logo](../assets/img/self-hosting/photoprism.svg){ align=right }
+
+**PhotoPrism** is a platform for managing photos. It supports album syncing and sharing as well as a variety of other [features](https://photoprism.app/features). It does not include end-to-end encryption, so it's best hosted on a server that you trust and is under your control.
+
+[:octicons-home-16: Homepage](https://photoprism.app){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://photoprism.app/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://photoprism.app/kb){ .card-link title="Documentation" }
+[:octicons-code-16:](https://github.com/photoprism){ .card-link title="Source Code" }
+
+</div>
+
+## File Sharing and Sync
+
+### FreedomBox
+
+<div class="admonition recommendation" markdown>
+
+![FreedomBox logo](../assets/img/self-hosting/freedombox.svg){ align=right }
+
+**FreedomBox** is an operating system designed to be run on a [single-board computer (SBC)](https://en.wikipedia.org/wiki/Single-board_computer). The purpose is to make it easy to set up server applications for use cases like sharing files.
+
+[:octicons-home-16: Homepage](https://freedombox.org){ .md-button .md-button--primary }
+[:octicons-info-16:](https://wiki.debian.org/FreedomBox/Manual){ .card-link title="Documentation" }
+[:octicons-code-16:](https://salsa.debian.org/freedombox-team/freedombox){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://freedomboxfoundation.org/donate){ .card-link title="Contribute" }
+
+</div>
+
+### Nextcloud
+
+<div class="admonition recommendation" markdown>
+
+![Nextcloud logo](../assets/img/self-hosting/nextcloud.svg){ align=right }
+
+**Nextcloud** is a suite of free and open-source client-server software for creating your own file hosting services on a private server you control.
+
+[:octicons-home-16: Homepage](https://nextcloud.com){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://nextcloud.com/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://nextcloud.com/support){ .card-link title="Documentation" }
+[:octicons-code-16:](https://github.com/nextcloud){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://nextcloud.com/contribute){ .card-link title="Contribute" }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.nextcloud.client)
+- [:simple-appstore: App Store](https://apps.apple.com/app/id1125420102)
+- [:simple-github: GitHub](https://github.com/nextcloud/android/releases)
+- [:fontawesome-brands-windows: Windows](https://nextcloud.com/install/#install-clients)
+- [:simple-apple: macOS](https://nextcloud.com/install/#install-clients)
+- [:simple-linux: Linux](https://nextcloud.com/install/#install-clients)
+
+</details>
+
+</div>
+
+<div class="admonition danger" markdown>
+<p class="admonition-title">Danger</p>
+
+We don't recommend using the [E2EE App](https://apps.nextcloud.com/apps/end_to_end_encryption) for Nextcloud as it may lead to data loss; it is highly experimental and not production quality. For this reason, we don't recommend third-party Nextcloud providers.
+
+</div>

docs/self-hosting/index.md

@@ -1,17 +1,28 @@
 ---
 title: Self-Hosting
-meta_title: "Self-Hosted Software and Services - Privacy Guides"
-description: For our more technical readers, self-hosted software and services can provide additional privacy assurances since you have maximum control over your data.
+meta_title: "Self-Hosting Software and Services - Privacy Guides"
+description: For our more technical readers, self-hosting software and services can provide additional privacy assurances since you have maximum control over your data.
 cover: router.webp
 ---
 <small>Protects against the following threat(s):</small>
 
 - [:material-server-network: Service Providers](../basics/common-threats.md#privacy-from-service-providers){ .pg-teal }
 
-Using **self-hosted software and services** can be a way to achieve a higher level of privacy through digital sovereignty, particularly independence from cloud servers controlled by product developers or vendors. By self-hosting, we mean hosting applications and data on your own hardware.
+**Self-hosting** software and services can be a way to achieve a higher level of privacy through digital sovereignty, particularly independence from cloud servers controlled by product developers or vendors. By self-hosting, we mean hosting applications and data on your own hardware.
 
 Self-hosting your own solutions requires advanced technical knowledge and a deep understanding of the associated risks. By becoming the host for yourself and possibly others, you take on responsibilities you might not otherwise have. Self-hosting privacy software improperly can leave you worse off than using e.g. an end-to-end encrypted service provider, so it is best avoided if you are not already comfortable doing so.
 
+## :material-dns: DNS Filtering
+
+<div class="grid cards" markdown>
+
+- ![AdGuard Home logo](../assets/img/self-hosting/adguard-home.svg){ .twemoji loading=lazy } [AdGuard Home](dns-filtering.md#adguard-home)
+- ![Pi-Hole logo](../assets/img/self-hosting/pi-hole.svg){ .twemoji loading=lazy } [Pi-Hole](dns-filtering.md#pi-hole)
+
+</div>
+
+[Learn more :material-arrow-right-drop-circle:](dns-filtering.md)
+
 ## :material-email: Email Servers
 
 <div class="grid cards" markdown>
@@ -24,6 +35,36 @@ Self-hosting your own solutions requires advanced technical knowledge and a deep
 
 [Learn more :material-arrow-right-drop-circle:](email-servers.md)
 
+## :material-file-multiple-outline: File Management
+
+<div class="grid cards" markdown>
+
+- ![PhotoPrism logo](../assets/img/self-hosting/photoprism.svg){ .twemoji loading=lazy } [PhotoPrism](file-management.md#photoprism)
+- ![FreedomBox logo](../assets/img/self-hosting/freedombox.svg){ .twemoji loading=lazy } [FreedomBox](file-management.md#freedombox)
+- ![Nextcloud logo](../assets/img/self-hosting/nextcloud.svg){ .twemoji loading=lazy } [Nextcloud](file-management.md#nextcloud)
+
+</div>
+
+[Learn more :material-arrow-right-drop-circle:](file-management.md)
+
+## :material-form-textbox-password: Password Management
+
+### Vaultwarden
+
+<div class="admonition recommendation" markdown>
+
+![Vaultwarden logo](../assets/img/self-hosting/vaultwarden.svg#only-light){ align=right }
+![Vaultwarden logo](../assets/img/self-hosting/vaultwarden-dark.svg#only-dark){ align=right }
+
+**Vaultwarden** is an alternative implementation of [Bitwarden](../passwords.md#bitwarden)'s sync server written in Rust and compatible with official Bitwarden clients, perfect for self-hosted deployment where running the resource-heavy, [official service](https://github.com/bitwarden/server) might not be ideal.
+
+[:octicons-repo-16: Repository](https://github.com/dani-garcia/vaultwarden#readme){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/dani-garcia/vaultwarden/wiki){ .card-link title="Documentation" }
+[:octicons-code-16:](https://github.com/dani-garcia/vaultwarden){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://github.com/sponsors/dani-garcia){ .card-link title="Contribute" }
+
+</div>
+
 ## :material-account-supervisor-circle-outline: Social Networks
 
 Self-hosting your own instance of a social network software can help circumvent potential [censorship on a server level](../social-networks.md#censorship-resistance) by a public server's administrator or admin team.
@@ -102,6 +143,14 @@ Tool recommendations in other categories of the website also provide a self-host
 
 <div class="grid cards" markdown>
 
+- ![Peergos logo](../assets/img/cloud/peergos.svg){ .twemoji } [**Peergos**](../cloud.md#peergos)
+
+    ---
+
+    [:octicons-home-16:](https://peergos.org){ .card-link title="Homepage" }
+    [:octicons-info-16:](https://github.com/peergos/peergos#usage---running-locally-to-log-in-to-another-instance){ .card-link title="Admin Documentation" }
+    [:octicons-code-16:](https://github.com/Peergos/Peergos){ .card-link title="Source Code" }
+
 - ![Addy.io logo](../assets/img/email-aliasing/addy.svg){ .twemoji } [**Addy.io**](../email-aliasing.md#addyio)
 
     ---
@@ -118,6 +167,14 @@ Tool recommendations in other categories of the website also provide a self-host
     [:octicons-info-16:](https://github.com/simple-login/app#prerequisites){ .card-link title="Admin Documentation" }
     [:octicons-code-16:](https://github.com/simple-login){ .card-link title="Source Code" }
 
+- ![Ente logo](../assets/img/photo-management/ente.svg){ .twemoji } [**Ente Photos**](../photo-management.md#ente-photos)
+
+    ---
+
+    [:octicons-home-16:](https://ente.io){ .card-link title="Homepage" }
+    [:octicons-info-16:](https://help.ente.io/self-hosting){ .card-link title="Admin Documentation" }
+    [:octicons-code-16:](https://github.com/ente-io/ente){ .card-link title="Source Code" }
+
 - ![CryptPad logo](../assets/img/document-collaboration/cryptpad.svg){ .twemoji } [**CryptPad**](../document-collaboration.md#cryptpad)
 
     ---
@@ -126,6 +183,14 @@ Tool recommendations in other categories of the website also provide a self-host
     [:octicons-info-16:](https://docs.cryptpad.org/en/admin_guide/index.html){ .card-link title="Admin Documentation" }
     [:octicons-code-16:](https://github.com/xwiki-labs/cryptpad){ .card-link title="Source Code" }
 
+- ![Send logo](../assets/img/file-sharing-sync/send.svg){ .twemoji } [**Send**](../file-sharing.md#send)
+
+    ---
+
+    [:octicons-home-16:](https://send.vis.ee){ .card-link title="Homepage" }
+    [:octicons-info-16:](https://github.com/timvisee/send/blob/master/docs/deployment.md){ .card-link title="Admin Documentation" }
+    [:octicons-code-16:](https://github.com/timvisee/send){ .card-link title="Source Code" }
+
 - ![Miniflux logo](../assets/img/news-aggregators/miniflux.svg#only-light){ .twemoji }![Miniflux logo](../assets/img/news-aggregators/miniflux-dark.svg#only-dark){ .twemoji } [**Miniflux**](../news-aggregators.md#miniflux)
 
     ---

docs/tools.md

@@ -299,17 +299,6 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 [Learn more :material-arrow-right-drop-circle:](dns.md#encrypted-dns-proxies)
 
-#### Self-hosted Solutions
-
-<div class="grid cards" markdown>
-
-- ![AdGuard Home logo](assets/img/dns/adguard-home.svg){ .twemoji loading=lazy } [AdGuard Home](dns.md#adguard-home)
-- ![Pi-hole logo](assets/img/dns/pi-hole.svg){ .twemoji loading=lazy } [Pi-hole](dns.md#pi-hole)
-
-</div>
-
-[Learn more :material-arrow-right-drop-circle:](dns.md#self-hosted-dns-filtering)
-
 ### Financial Services
 
 #### Payment Masking Services
@@ -338,7 +327,6 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 <div class="grid cards" markdown>
 
 - ![Ente logo](assets/img/photo-management/ente.svg){ .twemoji loading=lazy } [Ente Photos](photo-management.md#ente-photos)
-- ![PhotoPrism logo](assets/img/photo-management/photoprism.svg){ .twemoji loading=lazy } [PhotoPrism](photo-management.md#photoprism)
 
 </div>
 
@@ -409,7 +397,6 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 <div class="grid cards" markdown>
 
-- ![Nextcloud logo](assets/img/document-collaboration/nextcloud.svg){ .twemoji loading=lazy } [Nextcloud (Self-Hostable)](document-collaboration.md#nextcloud)
 - ![CryptPad logo](assets/img/document-collaboration/cryptpad.svg){ .twemoji loading=lazy } [CryptPad](document-collaboration.md#cryptpad)
 
 </div>
@@ -460,8 +447,6 @@ For encrypting your OS drive, we typically recommend using the encryption tool y
 
 - ![Send logo](assets/img/file-sharing-sync/send.svg){ .twemoji loading=lazy } [Send](file-sharing.md#send)
 - ![OnionShare logo](assets/img/file-sharing-sync/onionshare.svg){ .twemoji loading=lazy } [OnionShare](file-sharing.md#onionshare)
-- ![FreedomBox logo](assets/img/file-sharing-sync/freedombox.svg){ .twemoji loading=lazy } [FreedomBox](file-sharing.md#freedombox)
-- ![Nextcloud logo](assets/img/document-collaboration/nextcloud.svg){ .twemoji loading=lazy } [Nextcloud (Self-Hostable)](file-sharing.md#nextcloud-client-server)
 - ![Syncthing logo](assets/img/file-sharing-sync/syncthing.svg){ .twemoji loading=lazy } [Syncthing](file-sharing.md#syncthing-p2p)
 
 </div>
@@ -491,9 +476,9 @@ For encrypting your OS drive, we typically recommend using the encryption tool y
 
 - ![Drip logo](assets/img/health-and-wellness/drip.png){ .twemoji loading=lazy } [Drip](health-and-wellness.md#drip)
 - ![Euki logo](assets/img/health-and-wellness/euki.svg){ .twemoji loading=lazy } [Euki](health-and-wellness.md#euki)
-- ![Apple Health logo](assets/img/health-and-wellness/apple-health.svg#only-light){ .twemoji loading=lazy } ![Apple Health logo](assets/img/health-and-wellness/apple-health-dark.svg#only-dark){ .twemoji loading=lazy } [Apple Health](health-and-wellness.md#apple-health)
+- ![Apple Fitness logo](assets/img/health-and-wellness/apple-fitness.webp){ .twemoji loading=lazy } [Apple Fitness](health-and-wellness.md#apple-fitness)
 - ![Gadgetbridge logo](assets/img/health-and-wellness/gadgetbridge.svg#only-light){ .twemoji loading=lazy }![Gadgetbridge logo](assets/img/health-and-wellness/gadgetbridge-dark.svg#only-dark){ .twemoji loading=lazy } [Gadgetbridge](health-and-wellness.md#gadgetbridge)
-- ![Apple Health logo](assets/img/health-and-wellness/apple-health.svg#only-light){ .twemoji loading=lazy } ![Apple Health logo](assets/img/health-and-wellness/apple-health-dark.svg#only-dark){ .twemoji loading=lazy } [Apple Health Records](health-and-wellness.md#apple-health-records)
+- ![Apple Health logo](assets/img/health-and-wellness/apple-health.webp#only-light){ .twemoji loading=lazy } ![Apple Health logo](assets/img/health-and-wellness/apple-health-dark.webp#only-dark){ .twemoji loading=lazy } [Apple Health Records](health-and-wellness.md#apple-health-records)
 - ![CommonHealth logo](assets/img/health-and-wellness/commonhealth.png){ .twemoji loading=lazy } [CommonHealth](health-and-wellness.md#commonhealth)
 
 </div>

docs/vpn.md

@@ -340,7 +340,6 @@ A VPN is pointless if it can't even provide adequate security. We require all ou
 
 - Strongest Encryption: RSA-4096.
 - Optional quantum-resistant encryption.
-- Forward Secrecy.
 - Comprehensive published security audits from a reputable third-party firm.
 - Bug-bounty programs and/or a coordinated vulnerability-disclosure process.
 - RAM-only VPN servers.

mkdocs.yml

@@ -395,7 +395,9 @@ nav:
       - "tools.md"
       - !ENV [NAV_SELF_HOSTING, "Self-Hosting"]:
           - "self-hosting/index.md"
+          - "self-hosting/dns-filtering.md"
           - "self-hosting/email-servers.md"
+          - "self-hosting/file-management.md"
       - !ENV [NAV_INTERNET_BROWSING, "Internet Browsing"]:
           - "tor.md"
           - "desktop-browsers.md"

theme/assets/img/health-and-wellness/apple-health-dark.svg

@@ -1 +0,0 @@
-<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><defs><linearGradient id="SVGID_1_" x1="166.22" x2="166.22" y1="758.59" y2="757.09" gradientTransform="matrix(28 0 0 -24.5 -4594.5 18606)" gradientUnits="userSpaceOnUse"><stop stop-color="#FF61AD" offset="0"/><stop stop-color="#FF2719" offset="1"/></linearGradient></defs><g id="Symbols_1_" transform="matrix(.3763 0 0 .3763 -1.8815 -1.8815)"><path id="Background" class="st3" d="m63.6 5c9 0 13.5 0 18.4 1.5 5.3 1.9 9.5 6.1 11.4 11.4 1.6 4.9 1.6 9.5 1.6 18.5v27.2c0 9 0 13.5-1.5 18.4-1.9 5.3-6.1 9.5-11.4 11.4-5 1.6-9.5 1.6-18.5 1.6h-27.2c-9 0-13.5 0-18.4-1.5-5.4-2-9.5-6.1-11.5-11.5-1.5-4.8-1.5-9.3-1.5-18.4v-27.2c0-9 0-13.5 1.5-18.4 2-5.3 6.1-9.5 11.5-11.4 4.8-1.6 9.3-1.6 18.4-1.6z" fill="#fff"/><path class="st5" d="m80.7 32c0-6.8-5.2-12-11.2-12-4.2 0-7.6 1.4-9.7 4.5-2.1-3.1-5.5-4.5-9-4.5-6.8 0-12 5.2-12 12v0 0c0 10.1 9.7 20.3 21 24.7 8.8-2.9 20.9-14.6 20.9-24.7v0 0z" fill="url(#SVGID_1_)"/></g></svg>

theme/assets/img/health-and-wellness/apple-health.svg

@@ -1 +0,0 @@
-<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><defs><linearGradient id="c-5" x1="512" x2="512" y2="1024" gradientUnits="userSpaceOnUse"><stop stop-color="#313131" offset="0"/><stop stop-color="#141414" offset="1"/></linearGradient><linearGradient id="d-9" x1="674.52" x2="674.52" y1="160.14" y2="596.75" gradientTransform="matrix(.98167 0 0 .98167 -32.187 2.9351)" gradientUnits="userSpaceOnUse"><stop stop-color="#ff5fa9" offset="0"/><stop stop-color="#ff281d" offset="1"/></linearGradient></defs><g transform="matrix(.033073 0 0 .033073 2.25e-6 3.75e-7)"><path d="m1024 703.67c0 12.244 0 24.466-0.092 36.687-0.061 10.307-0.1779 20.614-0.4453 30.9-0.2837 22.534-2.2629 45.016-5.9213 67.253-3.8067 22.262-10.908 43.811-21.081 63.958-20.619 40.481-53.528 73.391-94.007 94.012-20.138 10.16-41.678 17.258-63.911 21.06-22.261 3.6732-44.744 5.6545-67.272 5.9217-10.297 0.2661-20.597 0.4218-30.898 0.4669-12.244 0.0714-24.465 0.0714-36.686 0.0714h-383.37c-12.221 0-24.442 0-36.686-0.061-10.301-0.04-20.6-0.1866-30.898-0.4453-22.541-0.2877-45.029-2.2745-67.272-5.944-22.238-3.7846-43.787-10.908-63.911-21.06-40.474-20.616-73.383-53.518-94.007-93.99-10.17-20.159-17.275-41.724-21.081-63.981-3.6583-22.23-5.6377-44.704-5.9213-67.231-0.26726-10.307-0.40038-20.614-0.44544-30.922-0.092159-12.244-0.092159-24.444-0.092159-36.688v-383.35c0-12.244 0-24.488 0.092159-36.732 0.04096-10.285 0.17817-20.592 0.44544-30.877 0.28365-22.527 2.2633-45.001 5.9213-67.231 3.8066-22.262 10.908-43.811 21.081-63.98 20.619-40.481 53.528-73.391 94.007-94.012 20.132-10.154 41.664-17.252 63.888-21.06 22.261-3.651 44.744-5.6322 67.272-5.9216 10.307-0.26726 20.614-0.40038 30.898-0.44544 12.243-0.07168 24.487-0.07168 36.686-0.07168h383.37c12.243 0 24.487 0 36.708 0.07168 10.301 0.04096 20.6 0.18637 30.898 0.44544 22.528 0.28979 45.011 2.2706 67.25 5.9216 22.261 3.8068 43.787 10.908 63.933 21.06 40.489 20.614 73.407 53.526 94.029 94.012 10.161 20.153 17.259 41.71 21.059 63.958 3.6587 22.237 5.638 44.718 5.9214 67.253 0.2674 10.307 0.4002 20.614 0.4453 30.899 0.092 12.244 0.092 24.466 0.092 36.687z" fill="url(#c-5)"/><path d="m532.07 160.24c-20.075 0-37.294 3.9892-53.083 11.074-15.904 7.1368-29.621 17.248-40.67 28.916-12.332 12.867-21.89 28.307-28.873 46.203-13.486 34.728-13.972 77.488-0.79062 117.4 3.9359 11.918 9.1299 24.125 15.652 36.362 16.713 31.207 40.352 61.701 70.671 91.281 15.16 14.716 31.48 29.03 49.227 43.093 17.748 14.063 36.975 27.775 57.311 41.086 5.0286 3.4017 10.179 6.4335 15.355 9.0957s9.079 3.9922 13.212 3.9922c3.6975 0 7.9349-1.33 13.111-3.9922s10.329-5.694 15.357-9.0957c20.336-13.311 39.528-27.023 57.275-41.086 17.748-14.063 34.202-28.477 49.361-43.193 30.319-29.58 53.934-60.174 70.646-91.381 6.5225-12.237 11.718-24.244 15.654-36.162 6.4458-19.517 9.5156-39.73 9.5156-58.445 0-20.898-3.1513-40.59-10.283-58.955-6.9834-17.896-16.541-33.336-28.873-46.203-11.048-11.668-24.764-21.779-40.668-28.916-15.789-7.0852-33.21-11.129-53.285-11.129-23.268 0-42.45 6.0435-58.867 17.432-6.8489 4.732-14.992 11.847-21.328 19.045-7.5867 8.6189-12.591 16.046-17.617 25.338-5.0266-9.2916-10.029-16.719-17.615-25.338-6.336-7.198-14.681-14.313-21.53-19.045-16.417-11.388-35.599-17.377-58.867-17.377z" fill="url(#d-9)"/></g></svg>

theme/assets/img/self-hosting/adguard-home.svg

@@ -1 +1 @@
-<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 33.867 33.867"><g fill="none"><path fill="#68bc71" d="M16.933 0C11.703 0 5.393 1.214.2 3.887c0 5.773-.071 20.154 16.734 29.98C33.74 24.041 33.668 9.66 33.668 3.887 28.474 1.214 22.164 0 16.933 0z"/><path fill="#67b279" d="M16.916 33.857C.128 24.031.199 9.658.199 3.887 5.388 1.217 11.69.003 16.916 0z"/><path fill="#fff" d="m16.323 22.597 10.12-13.465c-.742-.586-1.393-.172-1.75.148l-.014.001-8.437 8.666-3.18-3.777c-1.516-1.73-3.577-.41-4.06-.062l7.32 8.49"/></g></svg>
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 33.867 33.867"><g fill="none"><path fill="#68bc71" d="M16.933 0C11.703 0 5.393 1.214.2 3.887c0 5.773-.071 20.154 16.734 29.98C33.74 24.041 33.668 9.66 33.668 3.887 28.474 1.214 22.164 0 16.933 0z"/><path fill="#67b279" d="M16.916 33.857C.128 24.031.199 9.658.199 3.887 5.388 1.217 11.69.003 16.916 0z"/><path fill="#fff" d="m16.323 22.597 10.12-13.465c-.742-.586-1.393-.172-1.75.148l-.014.001-8.437 8.666-3.18-3.777c-1.516-1.73-3.577-.41-4.06-.062l7.32 8.49"/></g></svg>

theme/assets/img/self-hosting/pi-hole.svg

@@ -1 +1 @@
-<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 89 130"><defs><linearGradient id="a" x1="0%" x2="100%" y1="49.975%" y2="49.975%"><stop offset="0%" stop-color="#12B212"/><stop offset="100%" stop-color="#0F0"/></linearGradient></defs><g fill="none" fill-rule="nonzero"><path fill="url(#a)" d="M36.56 39.93C20.34 38.2 4 25.94 2.71 0c25.17 0 38.63 14.9 39.93 38.51 4.76-28.32 27.07-25 27.07-25 1.06 16.05-12.12 25.78-27.07 26.59-4.2-8.85-29.36-30.56-29.36-30.56a.07.07 0 0 0-.11.08s24.28 21.15 23.39 30.31"/><path fill="#980200" d="M44.16 129.93c-1.57-.09-16.22-.65-17.11-17.11-.72-10 7.18-17.37 7.18-27.08C32.44 61.53 0 64.53 0 85.74a19.94 19.94 0 0 0 5.83 14.14L30 124.06a19.94 19.94 0 0 0 14.14 5.83"/><path fill="red" d="M88.32 85.75c-.09 1.57-.65 16.22-17.11 17.11-10 .72-17.38-7.18-27.08-7.18-24.21 1.79-21.21 34.22 0 34.22a19.94 19.94 0 0 0 14.14-5.83L82.46 99.9a19.94 19.94 0 0 0 5.83-14.14"/><path fill="#980200" d="M44.16 41.59c1.57.09 16.22.65 17.11 17.11.72 10-7.18 17.37-7.18 27.08 1.79 24.21 34.22 21.21 34.22 0a19.94 19.94 0 0 0-5.83-14.14L58.3 47.45a19.94 19.94 0 0 0-14.14-5.83"/><path fill="red" d="M.08 85.75c.09-1.57.65-16.22 17.11-17.11 10-.72 17.38 7.18 27.08 7.18 24.21-1.82 21.21-34.22 0-34.22a19.94 19.94 0 0 0-14.14 5.83L5.94 71.61A19.94 19.94 0 0 0 .11 85.75"/></g></svg>
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 89 130"><defs><linearGradient id="a" x1="0%" x2="100%" y1="49.975%" y2="49.975%"><stop offset="0%" stop-color="#12B212"/><stop offset="100%" stop-color="#0F0"/></linearGradient></defs><g fill="none" fill-rule="nonzero"><path fill="url(#a)" d="M36.56 39.93C20.34 38.2 4 25.94 2.71 0c25.17 0 38.63 14.9 39.93 38.51 4.76-28.32 27.07-25 27.07-25 1.06 16.05-12.12 25.78-27.07 26.59-4.2-8.85-29.36-30.56-29.36-30.56a.07.07 0 0 0-.11.08s24.28 21.15 23.39 30.31"/><path fill="#980200" d="M44.16 129.93c-1.57-.09-16.22-.65-17.11-17.11-.72-10 7.18-17.37 7.18-27.08C32.44 61.53 0 64.53 0 85.74a19.94 19.94 0 0 0 5.83 14.14L30 124.06a19.94 19.94 0 0 0 14.14 5.83"/><path fill="red" d="M88.32 85.75c-.09 1.57-.65 16.22-17.11 17.11-10 .72-17.38-7.18-27.08-7.18-24.21 1.79-21.21 34.22 0 34.22a19.94 19.94 0 0 0 14.14-5.83L82.46 99.9a19.94 19.94 0 0 0 5.83-14.14"/><path fill="#980200" d="M44.16 41.59c1.57.09 16.22.65 17.11 17.11.72 10-7.18 17.37-7.18 27.08 1.79 24.21 34.22 21.21 34.22 0a19.94 19.94 0 0 0-5.83-14.14L58.3 47.45a19.94 19.94 0 0 0-14.14-5.83"/><path fill="red" d="M.08 85.75c.09-1.57.65-16.22 17.11-17.11 10-.72 17.38 7.18 27.08 7.18 24.21-1.82 21.21-34.22 0-34.22a19.94 19.94 0 0 0-14.14 5.83L5.94 71.61A19.94 19.94 0 0 0 .11 85.75"/></g></svg>

theme/assets/img/self-hosting/vaultwarden-dark.svg

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><defs><mask id="holes"><rect x="-60" y="-60" width="120" height="120" fill="#fff"/><circle id="hole" cy="-40" r="3"/><use transform="rotate(72)" xlink:href="#hole"/><use transform="rotate(144)" xlink:href="#hole"/><use transform="rotate(216)" xlink:href="#hole"/><use transform="rotate(-72)" xlink:href="#hole"/></mask></defs><g id="logo" transform="matrix(.32254 0 0 .32254 16.933 16.933)"><g id="gear" mask="url(#holes)" stroke="#fff"><path d="m-31.172-33.813 26.496 74.189h9.3515l26.496-74.189h-9.7672l-16.729 47.589q-1.6625 4.5719-2.8055 8.6242-1.143 3.9484-1.8703 7.5851-0.72734-3.6367-1.8703-7.689-1.143-4.0523-2.8055-8.7281l-16.625-47.381z" fill="#fff" stroke-width="4.5117"/><circle transform="scale(-1,1)" r="43" fill="none" stroke-width="9"/><g id="cogs" transform="scale(-1,1)"><polygon id="cog" points="46 3 51 0 46 -3" fill="#fff" stroke="#fff" stroke-linejoin="round" stroke-width="3"/><g fill="#fff" stroke="#fff"><use transform="rotate(11.25)" xlink:href="#cog"/><use transform="rotate(22.5)" xlink:href="#cog"/><use transform="rotate(33.75)" xlink:href="#cog"/><use transform="rotate(45)" xlink:href="#cog"/><use transform="rotate(56.25)" xlink:href="#cog"/><use transform="rotate(67.5)" xlink:href="#cog"/><use transform="rotate(78.75)" xlink:href="#cog"/><use transform="rotate(90)" xlink:href="#cog"/><use transform="rotate(101.25)" xlink:href="#cog"/><use transform="rotate(112.5)" xlink:href="#cog"/><use transform="rotate(123.75)" xlink:href="#cog"/><use transform="rotate(135)" xlink:href="#cog"/><use transform="rotate(146.25)" xlink:href="#cog"/><use transform="rotate(157.5)" xlink:href="#cog"/><use transform="rotate(168.75)" xlink:href="#cog"/><use transform="scale(-1)" xlink:href="#cog"/><use transform="rotate(191.25)" xlink:href="#cog"/><use transform="rotate(202.5)" xlink:href="#cog"/><use transform="rotate(213.75)" xlink:href="#cog"/><use transform="rotate(225)" xlink:href="#cog"/><use transform="rotate(236.25)" xlink:href="#cog"/><use transform="rotate(247.5)" xlink:href="#cog"/><use transform="rotate(258.75)" xlink:href="#cog"/><use transform="rotate(-90)" xlink:href="#cog"/><use transform="rotate(-78.75)" xlink:href="#cog"/><use transform="rotate(-67.5)" xlink:href="#cog"/><use transform="rotate(-56.25)" xlink:href="#cog"/><use transform="rotate(-45)" xlink:href="#cog"/><use transform="rotate(-33.75)" xlink:href="#cog"/><use transform="rotate(-22.5)" xlink:href="#cog"/><use transform="rotate(-11.25)" xlink:href="#cog"/></g></g><g id="mounts" transform="scale(-1,1)"><polygon id="mount" points="-7 -42 0 -35 7 -42" fill="#fff" stroke="#fff" stroke-linejoin="round" stroke-width="6"/><g fill="#fff" stroke="#fff"><use transform="rotate(72)" xlink:href="#mount"/><use transform="rotate(144)" xlink:href="#mount"/><use transform="rotate(216)" xlink:href="#mount"/><use transform="rotate(-72)" xlink:href="#mount"/></g></g></g><mask><rect x="-60" y="-60" width="120" height="120" fill="#fff"/><circle cy="-40" r="3"/><use transform="rotate(72)" xlink:href="#hole"/><use transform="rotate(144)" xlink:href="#hole"/><use transform="rotate(216)" xlink:href="#hole"/><use transform="rotate(-72)" xlink:href="#hole"/></mask></g></svg>

theme/assets/img/self-hosting/vaultwarden.svg

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><defs><mask id="holes"><rect x="-60" y="-60" width="120" height="120" fill="#fff"/><circle id="hole" cy="-40" r="3"/><use transform="rotate(72)" xlink:href="#hole"/><use transform="rotate(144)" xlink:href="#hole"/><use transform="rotate(216)" xlink:href="#hole"/><use transform="rotate(-72)" xlink:href="#hole"/></mask></defs><g id="logo" transform="matrix(.32254 0 0 .32254 16.933 16.933)"><g id="gear" mask="url(#holes)"><path d="m-31.172-33.813 26.496 74.189h9.3515l26.496-74.189h-9.7672l-16.729 47.589q-1.6625 4.5719-2.8055 8.6242-1.143 3.9484-1.8703 7.5851-0.72734-3.6367-1.8703-7.689-1.143-4.0523-2.8055-8.7281l-16.625-47.381z" stroke="#000" stroke-width="4.5117"/><circle transform="scale(-1,1)" r="43" fill="none" stroke="#000" stroke-width="9"/><g id="cogs" transform="scale(-1,1)"><polygon id="cog" points="46 -3 46 3 51 0" stroke="#000" stroke-linejoin="round" stroke-width="3"/><use transform="rotate(11.25)" xlink:href="#cog"/><use transform="rotate(22.5)" xlink:href="#cog"/><use transform="rotate(33.75)" xlink:href="#cog"/><use transform="rotate(45)" xlink:href="#cog"/><use transform="rotate(56.25)" xlink:href="#cog"/><use transform="rotate(67.5)" xlink:href="#cog"/><use transform="rotate(78.75)" xlink:href="#cog"/><use transform="rotate(90)" xlink:href="#cog"/><use transform="rotate(101.25)" xlink:href="#cog"/><use transform="rotate(112.5)" xlink:href="#cog"/><use transform="rotate(123.75)" xlink:href="#cog"/><use transform="rotate(135)" xlink:href="#cog"/><use transform="rotate(146.25)" xlink:href="#cog"/><use transform="rotate(157.5)" xlink:href="#cog"/><use transform="rotate(168.75)" xlink:href="#cog"/><use transform="scale(-1)" xlink:href="#cog"/><use transform="rotate(191.25)" xlink:href="#cog"/><use transform="rotate(202.5)" xlink:href="#cog"/><use transform="rotate(213.75)" xlink:href="#cog"/><use transform="rotate(225)" xlink:href="#cog"/><use transform="rotate(236.25)" xlink:href="#cog"/><use transform="rotate(247.5)" xlink:href="#cog"/><use transform="rotate(258.75)" xlink:href="#cog"/><use transform="rotate(-90)" xlink:href="#cog"/><use transform="rotate(-78.75)" xlink:href="#cog"/><use transform="rotate(-67.5)" xlink:href="#cog"/><use transform="rotate(-56.25)" xlink:href="#cog"/><use transform="rotate(-45)" xlink:href="#cog"/><use transform="rotate(-33.75)" xlink:href="#cog"/><use transform="rotate(-22.5)" xlink:href="#cog"/><use transform="rotate(-11.25)" xlink:href="#cog"/></g><g id="mounts" transform="scale(-1,1)"><polygon id="mount" points="7 -42 -7 -42 0 -35" stroke="#000" stroke-linejoin="round" stroke-width="6"/><use transform="rotate(72)" xlink:href="#mount"/><use transform="rotate(144)" xlink:href="#mount"/><use transform="rotate(216)" xlink:href="#mount"/><use transform="rotate(-72)" xlink:href="#mount"/></g></g><mask><rect x="-60" y="-60" width="120" height="120" fill="#fff"/><circle cy="-40" r="3"/><use transform="rotate(72)" xlink:href="#hole"/><use transform="rotate(144)" xlink:href="#hole"/><use transform="rotate(216)" xlink:href="#hole"/><use transform="rotate(-72)" xlink:href="#hole"/></mask></g></svg>

theme/main.html

@@ -84,6 +84,7 @@
   {% endif %}
 
   {% if config.extra.context == "production" %}
+  <link href="https://www.privacyguides.org/webmentions/receive/" rel="webmention">
   <meta http-equiv="onion-location" content="{{ page.canonical_url | replace("https://www.privacyguides.org", "http://www.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion") }}" />
   {% endif %}
   {% if page and page.meta and page.meta.schema %}