List recommendations in alphabetical order (#1377)

Co-authored-by: Jonah Aragon <jonah@triplebit.net>

.github/workflows/deploy.yml

@@ -29,7 +29,7 @@ jobs:
           python-version: '3.7'
       
       - name: Cache files
-        uses: actions/cache@v3.0.2
+        uses: actions/cache@v3.0.3
         with:
           key: ${{ github.ref }}
           path: .cache

docs/android.en.md

@@ -164,8 +164,8 @@ Fairphone markets their devices as receiving 6 years of support. However, the So
 
     ??? downloads
 
-        [:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=org.torproject.android){ .card-link title="Google Play" }
-        [:pg-f-droid:](https://guardianproject.info/fdroid){ .card-link title=F-Droid }
+        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.torproject.android)
+        - [:pg-f-droid: F-Droid](https://guardianproject.info/fdroid)
 
 Orbot can proxy individual apps if they support SOCKS or HTTP proxying. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN killswitch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
 
@@ -193,8 +193,8 @@ For resistance against traffic analysis attacks, consider enabling *Isolate Dest
 
     ??? downloads
 
-        [:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=net.typeblog.shelter){ .card-link title="Google Play" }
-        [:pg-f-droid:](https://f-droid.org/en/packages/net.typeblog.shelter){ .card-link title=F-Droid }
+        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=net.typeblog.shelter)
+        - [:pg-f-droid: F-Droid](https://f-droid.org/en/packages/net.typeblog.shelter)
 
 !!! warning
 
@@ -221,8 +221,8 @@ For resistance against traffic analysis attacks, consider enabling *Isolate Dest
 
     ??? downloads
 
-        [:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=app.attestation.auditor){ .card-link title="Google Play" }
-        [:fontawesome-brands-github:](https://github.com/GrapheneOS/Auditor/releases){ .card-link title=GitHub }
+        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor)
+        - [:fontawesome-brands-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
 
 Auditor performs attestation and intrusion detection by:
 
@@ -253,8 +253,8 @@ To make sure that your hardware and operating system is genuine, [perform local
 
     ??? downloads
 
-        [:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play){ .card-link title="Google Play" }
-        [:fontawesome-brands-github:](https://github.com/GrapheneOS/Camera/releases){ .card-link title=GitHub }
+        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
+        - [:fontawesome-brands-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
 
 Main privacy features include:
 
@@ -285,8 +285,8 @@ Main privacy features include:
 
     ??? downloads
 
-        [:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play){ .card-link title="Google Play" }
-        [:fontawesome-brands-github:](https://github.com/GrapheneOS/PdfViewer/releases){ .card-link title=GitHub }
+        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
+        - [:fontawesome-brands-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
 
 ### PrivacyBlur
 
@@ -303,8 +303,8 @@ Main privacy features include:
 
     ??? downloads
 
-        [:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=de.mathema.privacyblur){ .card-link title="Google Play" }
-        [:pg-f-droid:](https://f-droid.org/en/packages/de.mathema.privacyblur/){ .card-link title=F-Droid }
+        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=de.mathema.privacyblur)
+        - [:pg-f-droid: F-Droid](https://f-droid.org/en/packages/de.mathema.privacyblur/)
 
 !!! warning
 
@@ -355,8 +355,8 @@ To mitigate these problems, we recommend [Neo Store](https://github.com/NeoAppli
 
     ??? downloads
 
-        [:fontawesome-brands-android:](https://android.izzysoft.de/repo/apk/com.looker.droidify){ .card-link title="IzzyOnDroid (APK)" }
-        [:fontawesome-brands-github:](https://github.com/NeoApplications/Neo-Store/releases){ .card-link title=GitHub }
+        - [:fontawesome-brands-android: IzzyOnDroid (APK)](https://android.izzysoft.de/repo/apk/com.looker.droidify)
+        - [:fontawesome-brands-github: GitHub](https://github.com/NeoApplications/Neo-Store/releases)
 
 ### Manually with RSS Notifications
 

docs/assets/stylesheets/extra.css

@@ -211,13 +211,31 @@ h1, h2, h3, .md-header__topic {
     right:auto;
 }
 
-.downloads p > a {
-    padding-left: 0.5em;
+.downloads > ul > li {
+    padding: 0.5em 0 !important;
 }
+
+.downloads > ul .twemoji {
+    width: .9rem
+}
+
 details[class="downloads annotate"] > p .md-annotation span span::before {
     vertical-align: 0;
 }
 
+.downloads > ul {
+    display: grid!important;
+    grid-template-columns: repeat(4, 1fr);
+    align-items: center;
+    list-style-type: none;
+}
+
+@media screen and (max-width: 600px) {
+  .downloads > ul {
+    grid-template-columns: repeat(2, 1fr);
+  }
+}
+
 /* Card links */
 .md-typeset .card-link {
     color: var(--md-default-fg-color--light);

docs/basics/common-threats.en.md

@@ -28,7 +28,7 @@ Whistleblowers and journalists, for example, can have a much more extreme threat
 
 <span class="pg-orange">:material-bug-outline: Passive Attacks</span>
 
-Security and privacy are often conflated, because you need security to obtain any semblance of privacy: Using tools which appear private is futile if they could easily be exploited by attackers to release your data later. However, the inverse is not necessarily true; the most secure service in the world *isn't necessarily* private. The best example of this is trusting data to Google, who, given their scale, have had minimal security incidents by employing industry-leading security experts to secure their infrastructure. Even though Google provides a very secure service, very few would consider their data private in their hands.
+Security and privacy are often conflated, because you need security to obtain any semblance of privacy: Using tools which appear private is futile if they could easily be exploited by attackers to release your data later. However, the inverse is not necessarily true; the most secure service in the world *isn't necessarily* private. The best example of this is trusting data to Google, who, given their scale, have had minimal security incidents by employing industry-leading security experts to secure their infrastructure. Even though Google provides a very secure service, very few would consider their data private in Google's free consumer products (Gmail, YouTube etc).
 
 When it comes to application security, we generally do not (and sometimes cannot) know if the software that we use is malicious, or might one day become malicious. Even with the most trustworthy developers, there is generally no guarantee that their software does not have a serious vulnerability that could later be exploited.
 
@@ -38,7 +38,7 @@ To minimize the potential damage that a malicious piece of software can do, you
 
     Mobile operating systems are generally safer than desktop operating systems when it comes to application sandboxing. Apps cannot obtain root access and only have access to system resources which you grant them.
 
-    Desktop operating systems generally lag behind on proper sandboxing. Chrome OS has similar sandboxing properties to Android, and macOS has full system permission control and opt-in (for developers) sandboxing for applications, however these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make heavy use of VMs or containers, such as Qubes OS.
+    Desktop operating systems generally lag behind on proper sandboxing. Chrome OS has similar sandboxing properties to Android, and macOS has full system permission control and opt-in (for developers) sandboxing for applications, however these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make heavy use of virtual machines or containers, such as Qubes OS.
 
 <span class="pg-red">:material-target-account: Targeted Attacks</span>
 
@@ -48,7 +48,7 @@ Targeted attacks against a specific user are more problematic to deal with. Comm
 
     **Web browsers**, **email clients**, and **office applications** all typically run untrusted code sent to you from third-parties by design. Running multiple virtual machines to separate applications like these from your host system as well as each other is one technique you can use to avoid an exploit in these applications from compromising the rest of your system. Technologies like Qubes OS or Microsoft Defender Application Guard on Windows provide convenient methods to do this seamlessly, for example.
 
-If you are concerned about **physical attacks** you should use an operating system with a secure verified boot implementation, such as Android, iOS, or macOS. You should also make sure that your drive is encrypted, and that the operating system uses a TPM or Secure Element for rate limiting attempts to enter the encryption passphrase. You should avoid sharing your computer with people you don't trust, because most desktop operating systems do not encrypt data separately per-user.
+If you are concerned about **physical attacks** you should use an operating system with a secure verified boot implementation, such as Android, iOS, macOS, [Windows (with TPM)](https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process). You should also make sure that your drive is encrypted, and that the operating system uses a TPM or Secure [Enclave](https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/1/web/1) or [Element](https://developers.google.com/android/security/android-ready-se) for rate limiting attempts to enter the encryption passphrase. You should avoid sharing your computer with people you don't trust, because most desktop operating systems do not encrypt data separately per-user.
 
 ## Privacy From Service Providers
 
@@ -157,6 +157,36 @@ Focusing solely on the privacy policies and marketing of a tool or provider can
 
 The privacy policies and business practices of a provider you choose are very important, but should be considered secondary to technical guarantees of your privacy: Don't elect to merely shift trust to another provider when trusting a provider isn't a requirement at all.
 
+:material-numeric-4-circle: **Complicated is better**
+
+We often see people describing privacy threat models that are overly complex. Often, these solutions include problems like many different email accounts or complicated setups with a lot of moving parts and conditions. The replies are usually answers to, "What is the best way to do X?".
+
+Finding the "best" solution for yourself doesn't necessarily mean you are after an infallible solution with dozens of conditions—these solutions are often difficult to work with realistically. As we discussed previously, security often comes at the cost of convenience. Below, we provide some tips:
+
+1. <mark>Actions need to serve a particular purpose</mark>, think about how to do what you want with the least amount of actions.
+2. <mark>Remove human failure points</mark> (don't have a bunch of conditions you must remember to do what with which accounts). Humans fail, they get tired, they forget things... don't have many conditions or manual processes you must remember in order to maintain operational security.
+3. <mark>Use the right level of protection for what you intend.</mark> We often see recommendations of so-called law-enforcement, subpoena proof solutions. These require a lot of special case knowledge (knowing about how things truly work under the hood) and are generally not what people want. There is no point in building an intricately anonymous threat model if you can be easily de-anonymized by a simple oversight.
+
+So, how might this look?
+
+One of the clearest threat models is one where people *know who you are* and one where they do not. There will always be situations where you must declare your legal name and places where you can get away without doing so.
+
+1. **Known identity** - A known identity is used for things where you must declare your name. There are many such legal documents and contracts where a legal identity is required. This could range from opening a bank account, signing a property lease, obtaining a passport, a customs declaration when importing an item or otherwise dealing with your Government. These things will usually always lead back credentials such as credit cards, credit rating checks, account numbers and possibly physical addresses.
+
+    We don't suggest using a VPN or Tor for any of these things as your identity is already known through other means.
+
+    !!! tip
+
+        When shopping online, the use of a [parcel locker](https://en.wikipedia.org/wiki/Parcel_locker) can help keep your physical address private.
+
+2. **Unknown identity** - An unknown identity could be a stable pseudonym that you regularly use. It is not anonymous because it doesn't change. If you're a part of an online community you may wish to retain persona that others know. The reason this is not anonymous is because if monitored over a period of time details about the owner may reveal further information, such as the way they write (lingustics), general knowledge about topics of interest etc.
+
+    You may wish to use a VPN for this to mask your IP address. Financial transactions are more difficult and for this we'd suggest using anonymous cryptocurrencies such as Monero. Employing alt-coin shifting may also help disguise where your currency originated. Typically exchanges require KYC (know your customer) to be completed before they will allow you to exchange fiat currency into any kind of cryptocurrency. Local meet-up options may also be a solution, however those often are more expensive and sometimes also require KYC.
+
+3. **Anonymous identity** - Anonymous identities are difficult to maintain over long periods of time for even the most experienced. They should be short-term and short lived identities which are rotated regularly.
+
+    Using Tor can help with this, it's also worth noting greater anonymity is possible through asynchronous (not real time communication). Real time communication is vulnerable to typing analysis patterns more than a slab of text distributed on a forum, email) etc that you've had time to think about, maybe even put through a translator and back again.
+
 [^1]: United States Privacy and Civil Liberties Oversight Board: [Report on the Telephone Records Program Conducted under Section 215](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf)
 [^2]: Wikipedia: [Surveillance capitalism](https://en.wikipedia.org/wiki/Surveillance_capitalism)
 [^3]: "[Enumerating badness](https://www.ranum.com/security/computer_security/editorials/dumb/)" (or, "listing all the bad things that we know about") as many adblockers and antivirus programs do, fails to adequately protect you from new and unknown threats because they have not yet been added to the filter list. You need to additionally employ other mitigation techniques to be fully protected.

docs/basics/tor-overview.md

@@ -0,0 +1,56 @@
+---
+title: "Tor Overview"
+icon: 'pg/tor'
+---
+
+Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications.
+
+## Path Building
+
+Tor works by routing your traffic through a network comprised of thousands of volunteer-run servers called nodes (or relays).
+
+Every time you connect to Tor, it will choose three nodes to build a path to the internet—this path is called a "circuit." Each of these nodes has its own function:
+
+- **The Entry Node**: Often called the guard node, this is the first node your computer connects to. The entry node sees your IP address, but does not see what you are connecting to. Unlike the other nodes, the Tor client will randomly select an entry node, and stick with it for 2 to 3 months to protect you from certain attacks.
+- **The Middle Node**: The second node to which your Tor client connects. This node can see which node traffic came from (the entry node) and which it goes to next. It does not, however, see your IP address, or the domain you are connecting to. This node is randomly picked from all Tor nodes for each circuit.
+- **The Exit Node**: This is where your traffic leaves the Tor network and is forwarded to your desired destination. The exit node does not know your IP (who you are) but it knows what you are connecting to. The exit node will, like the middle node, be chosen at random from the Tor nodes (if it runs with an exit flag).
+
+<figure markdown>
+  ![Tor path](../assets/img/how-tor-works/tor-path.svg#only-light)
+  ![Tor path](../assets/img/how-tor-works/tor-path-dark.svg#only-dark)
+  <figcaption>Tor circuit pathway</figcaption>
+</figure>
+
+## Encryption
+
+Tor encrypts each packet three times, with the keys from the exit, middle, and entry node in that order. Once Tor has built a circuit, browsing is done as follows:
+
+1. When the packet arrives at the entry node the first layer of encryption is removed. In this encrypted packet it will find another encrypted packet with the middle node’s address. The entry node will then forward that to the middle node.
+
+2. When the middle node receives the packet from the entry node, it too will remove a layer of encryption with its key, and find an encrypted packet with the exit nodes address. The middle node will then forward the packet to exit node.
+
+3. When the exit node receives its packet, it will remove the last layer of encryption with its key. The exit node will see the destination address and forward the packet to that address.
+
+Here is an alternative visualization of the process. Note how each node removes its own layer of encryption, and when the destination website returns data, the same process happens entirely in reverse. For example, the exit node does not know who you are, but it does know which node it came from, and so it adds its own layer of encryption and sends it back.
+
+<figure markdown>
+  ![Tor encryption](../assets/img/how-tor-works/tor-encryption.svg#only-light)
+  ![Tor encryption](../assets/img/how-tor-works/tor-encryption-dark.svg#only-dark)
+  <figcaption>Sending and recieving data through the Tor Network</figcaption>
+</figure>
+
+So, what do we learn from this? We learn that Tor allows us to connect to a website without any single party knowing the entire path. The entry node knows who you are, but not where you are going; the middle node doesn’t know who you are or where you are going; and the exit node knows where you are going, but not who you are. Because the exit node makes the connection, the destination website will never know who you are (your IP address).
+
+## Drawbacks
+
+Even with the strong privacy guarantees that Tor provides, one must be aware that Tor is not infallible. Global adversaries with the capability to passively watch most network traffic over the globe have a chance of deanonymizing Tor via advanced traffic analysis. Furthermore, Tor does not protect you from exposing yourself. If you share to much data about your real identity, you may be deanonymized.
+
+Another downside is that exit nodes can watch your traffic, even if they do not know where it came from. This is especially problematic for websites which do not utilize HTTPS, meaning that the exit node can read all data that’s being sent through it. This in turn can lead to deanonymization if the traffic contains personal data.
+
+We recommend using HTTPS over Tor where possible, but do not alter any settings inside Tor Browser aside from the built-in security slider, including not manually enabling HTTPS only mode, as this can be used for browser fingerprinting.
+
+If you are interested in trying out Tor we recommend using the official Tor Browser. Keep in mind that you should expect added network latency and reduced bandwidth because of the multi-hop routing nature of Tor.
+
+## Further Reading
+
+For people who want to know more about the Tor project and the Tor Browser, we recommend reading the [Tor Browser manual](https://tb-manual.torproject.org/about/).

docs/basics/vpn-overview.en.md

@@ -33,7 +33,7 @@ Needless to say, **you shouldn't use encrypted DNS with Tor**. This would direct
 
 ## Should I use Tor *and* a VPN?
 
-By using a VPN with Tor, you're creating essentially a permanent entry node, often with a money trail attached. This provides zero additional benefit to you, while increasing the attack surface of your connection dramatically. If you wish to hide your Tor usage from your ISP or your government, Tor has a built-in solution for that: Tor bridges. [Read more about Tor bridges and why using a VPN is not necessary](https://web.archive.org/web/20210116140725/https://write.privacytools.io/my-thoughts-on-security/slicing-onions-part-2-onion-recipes-vpn-not-required).
+By using a VPN with Tor, you're creating essentially a permanent entry node, often with a money trail attached. This provides zero additional benefit to you, while increasing the attack surface of your connection dramatically. If you wish to hide your Tor usage from your ISP or your government, Tor has a built-in solution for that: Tor bridges. [Read more about Tor bridges and why using a VPN is not necessary](tor-overview.md).
 
 ## What if I need anonymity?
 
@@ -59,28 +59,15 @@ For use cases like these, or if you have another compelling reason, the VPN prov
 
 1. [VPN - a Very Precarious Narrative](https://schub.io/blog/2019/04/08/very-precarious-narrative.html) by Dennis Schubert
 2. [The self-contained networks](../self-contained-networks.md) recommended by Privacy Guides are able to replace a VPN that allows access to services on local area network
-3. [Slicing Onions: Part 1 – Myth-busting Tor](https://medium.com/privacyguides/slicing-onions-part-1-myth-busting-tor-9ec188ae1904) by blacklight447
-4. [Slicing Onions: Part 2 – Onion recipes; VPN not required](https://web.archive.org/web/20210116140725/https://write.privacytools.io/my-thoughts-on-security/slicing-onions-part-2-onion-recipes-vpn-not-required) by blacklight447
-5. [IVPN Privacy Guides](https://www.ivpn.net/privacy-guides)
-6. ["Do I need a VPN?"](https://www.doineedavpn.com), a tool developed by IVPN to challenge aggressive VPN marketing by helping individuals decide if a VPN is right for them.
+3. [Tor Network Overview](tor-overview.md) by blacklight447
+4. [IVPN Privacy Guides](https://www.ivpn.net/privacy-guides)
+5. ["Do I need a VPN?"](https://www.doineedavpn.com), a tool developed by IVPN to challenge aggressive VPN marketing by helping individuals decide if a VPN is right for them.
 
 ## Related VPN Information
 
-- [The Trouble with VPN and Privacy Review Sites](https://medium.com/privacyguides/the-trouble-with-vpn-and-privacy-review-sites-ae9b29eda8fd)
-- [Proxy.sh VPN Provider Sniffed Server Traffic to Catch Hacker](https://torrentfreak.com/proxy-sh-vpn-provider-monitored-traffic-to-catch-hacker-130930/)
-- [blackVPN announced to delete connection logs after disconnection](https://medium.com/@blackVPN/no-logs-6d65d95a3016)
-- [Don't use LT2P IPSec, use other protocols.](https://gist.github.com/kennwhite/1f3bc4d889b02b35d8aa)
+- [The Trouble with VPN and Privacy Review Sites](https://jonaharagon.com/2019/11/the-trouble-with-vpn-and-privacy-review-sites/)
 - [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/)
 - [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/)
 - [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/)
 
-## VPN Security Breaches
-
-Some examples of why external security auditing is important:
-
-- ["Zero logs" VPN exposes millions of logs including user passwords, claims data is anonymous](https://www.comparitech.com/blog/vpn-privacy/ufo-vpn-data-exposure/) July 2020
-- [NordVPN HTTP POST bug exposed customer information, no authentication required](https://www.zdnet.com/article/nordvpn-http-post-bug-exposed-sensitive-customer-information/) March 2020
-- [Row erupts over who to blame after NordVPN says: One of our servers was hacked via remote management tool](https://www.theregister.com/2019/10/21/nordvpn_security_issue/) October 2019
-- [VPN servers seized by Ukrainian authorities weren't encrypted and allowed authorities to impersonate Windscribe servers and capture and decrypt traffic passing through them](https://arstechnica.com/gadgets/2021/07/vpn-servers-seized-by-ukrainian-authorities-werent-encrypted/) July 2021
-
 --8<-- "includes/abbreviations.en.md"

docs/browsers.en.md

@@ -24,12 +24,12 @@ These are our currently recommended web browsers and configurations. In general,
 
     ??? downloads
 
-        [:fontawesome-brands-windows:](https://www.torproject.org/download/){ title=Windows }
-        [:fontawesome-brands-apple:](https://www.torproject.org/download/){ title=macOS }
-        [:fontawesome-brands-linux:](https://www.torproject.org/download/){ title=Linux }
-        [:pg-flathub:](https://flathub.org/apps/details/com.github.micahflee.torbrowser-launcher){ title=Flatpak }
-        [:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=org.torproject.torbrowser){ title="Google Play" }
-        [:pg-f-droid:](https://guardianproject.info/fdroid/){ title=F-Droid }
+        - [:fontawesome-brands-windows: Windows](https://www.torproject.org/download/)
+        - [:fontawesome-brands-apple: macOS](https://www.torproject.org/download/)
+        - [:fontawesome-brands-linux: Linux](https://www.torproject.org/download/)
+        - [:pg-flathub: Flatpak](https://flathub.org/apps/details/com.github.micahflee.torbrowser-launcher)
+        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.torproject.torbrowser)
+        - [:pg-f-droid: F-Droid](https://guardianproject.info/fdroid/)
 
 !!! danger
     You should **never** install any additional extensions on Tor Browser, including the ones we suggest for Firefox. Browser extensions make you stand out from others on the Tor network, thus making your browser easier to [fingerprint](https://support.torproject.org/glossary/browser-fingerprinting).
@@ -52,10 +52,10 @@ These are our currently recommended web browsers and configurations. In general,
 
     ??? downloads
 
-        [:fontawesome-brands-windows:](https://www.mozilla.org/firefox/windows){ title=Windows }
-        [:fontawesome-brands-apple:](https://www.mozilla.org/firefox/mac){ title=macOS }
-        [:fontawesome-brands-linux:](https://www.mozilla.org/firefox/linux){ title=Linux }
-        [:pg-flathub:](https://flathub.org/apps/details/org.mozilla.firefox){ title=Flatpak }
+        - [:fontawesome-brands-windows: Windows](https://www.mozilla.org/firefox/windows)
+        - [:fontawesome-brands-apple: macOS](https://www.mozilla.org/firefox/mac)
+        - [:fontawesome-brands-linux: Linux](https://www.mozilla.org/firefox/linux)
+        - [:pg-flathub: Flatpak](https://flathub.org/apps/details/org.mozilla.firefox)
 
 !!! warning
     Firefox includes a unique [download token](https://bugzilla.mozilla.org/show_bug.cgi?id=1677497#c0) in downloads from Mozilla's website and uses telemetry in Firefox to send the token. The token is **not** included in releases from the [Mozilla FTP](https://ftp.mozilla.org/pub/firefox/releases/).
@@ -132,9 +132,9 @@ The [Arkenfox project](https://github.com/arkenfox/user.js) provides a set of ca
 
     ??? downloads annotate
 
-        [:fontawesome-brands-windows:](https://brave.com/download/){ title=Windows }
-        [:fontawesome-brands-apple:](https://brave.com/download/){ title=macOS }
-        [:fontawesome-brands-linux:](https://brave.com/linux/){ title=Linux } (1)
+        - [:fontawesome-brands-windows: Windows](https://brave.com/download/)
+        - [:fontawesome-brands-apple: macOS](https://brave.com/download/)
+        - [:fontawesome-brands-linux: Linux](https://brave.com/linux/) (1)
 
     1. We advise against using the Flatpak version of Brave, as it replaces Chromium's sandbox with Flatpak's, which is less effective. Additionally, the package is not maintained by Brave Software, Inc.
 
@@ -235,7 +235,7 @@ On iOS, any app that can browse the web is [restricted](https://developer.apple.
 
     ??? downloads annotate
 
-        [:pg-f-droid:](https://www.bromite.org/fdroid){ title=F-Droid } (1)
+        - [:pg-f-droid: F-Droid](https://www.bromite.org/fdroid) (1)
 
     1. If you use [Neo Store](/android/#neo-store), you can enable the *Bromite repository* in:<br> :material-dots-vertical: → **Repositories**
 
@@ -332,9 +332,9 @@ We generally do not recommend installing any extensions as they increase your at
 
     ??? downloads
 
-        [:fontawesome-brands-firefox:](https://addons.mozilla.org/firefox/addon/ublock-origin/){ .card-link title=Firefox }
-        [:fontawesome-brands-chrome:](https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm){ .card-link title=Chrome }
-        [:fontawesome-brands-edge:](https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak){ .card-link title=Edge }
+        - [:fontawesome-brands-firefox: Firefox](https://addons.mozilla.org/firefox/addon/ublock-origin/)
+        - [:fontawesome-brands-chrome: Chrome](https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm)
+        - [:fontawesome-brands-edge: Edge](https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak)
 
 We suggest leaving the extension in its default configuration. Additional filter lists can impact performance and may increase attack surface, so only apply what you need. If there is a [vulnerability in uBlock Origin](https://portswigger.net/research/ublock-i-exfiltrate-exploiting-ad-blockers-with-css) a third party filter could add malicious rules that can potentially steal user data.
 
@@ -355,7 +355,7 @@ We suggest leaving the extension in its default configuration. Additional filter
 
     ??? downloads
 
-        [:fontawesome-brands-app-store-ios:](https://apps.apple.com/app/apple-store/id1047223162){ .card-link title="App Store" }
+        - [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/apple-store/id1047223162)
 
 Additional filter lists do slow things down and may increase your attack surface, so only apply what you need.
 
@@ -379,9 +379,9 @@ There is also [AdGuard for iOS](https://adguard.com/en/adguard-ios/overview.html
 
     ??? downloads
 
-        [:fontawesome-brands-firefox:](https://addons.mozilla.org/en-US/firefox/addon/torproject-snowflake/){ .card-link title=Firefox }
-        [:fontawesome-brands-chrome:](https://chrome.google.com/webstore/detail/snowflake/mafpmfcccpbjnhfhjnllmmalhifmlcie){ .card-link title=Chrome }
-        [:octicons-browser-16:](https://snowflake.torproject.org/embed){ .card-link title="Web (leave this page open to be a Snowflake proxy)" }
+        - [:fontawesome-brands-firefox: Firefox](https://addons.mozilla.org/en-US/firefox/addon/torproject-snowflake/){ .card-link title=Firefox }
+        - [:fontawesome-brands-chrome: Chrome](https://chrome.google.com/webstore/detail/snowflake/mafpmfcccpbjnhfhjnllmmalhifmlcie){ .card-link title=Chrome }
+        - [:octicons-browser-16: Web](https://snowflake.torproject.org/embed "Leave this page open to be a Snowflake proxy")
 
 Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours.
 

docs/calendar-contacts.en.md

@@ -8,6 +8,24 @@ Calendaring and contacts are some of the most sensitive data posess. Use only pr
 
 These products are included with an subscription with their respective [email providers](email.md).
 
+### Proton Calendar
+
+!!! recommendation
+
+    ![Proton Calendar logo](assets/img/calendar-contacts/proton-calendar.svg){ align=right }
+
+    **Proton Calendar** is an encrypted calendar serivce available to Proton Mail members. Features include: automatic E2EE of all data, sharing features, import/export functionality, and [more](https://proton.me/support/proton-calendar-guide). Those on the free tier get access to a single calendar, whereas paid subscribers can create up to 20 calendars. Extended sharing functionality is also limited to paid subscribers. Proton Calendar is currently only available for the web and Android.
+
+    [:octicons-home-16: Homepage](https://proton.me/calendar){ .md-button .md-button--primary }
+    [:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Privacy Policy" }
+    [:octicons-info-16:](https://proton.me/support/proton-calendar-guide){ .card-link title=Documentation}
+    [:octicons-code-16:](https://github.com/ProtonMail/WebClients){ .card-link title="Source Code" }
+
+    ??? downloads
+
+        - [:octicons-browser-16: Web](https://calendar.proton.me)
+        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.calendar)
+
 ### Tutanota
 
 !!! recommendation
@@ -25,37 +43,39 @@ These products are included with an subscription with their respective [email pr
 
     ??? downloads
 
-        [:octicons-browser-16:](https://mail.tutanota.com/){ .card-link title=Web }
-        [:fontawesome-brands-windows:](https://tutanota.com/blog/posts/desktop-clients/){ .card-link title=Windows }
-        [:fontawesome-brands-apple:](https://tutanota.com/blog/posts/desktop-clients/){ .card-link title=macOS }
-        [:fontawesome-brands-linux:](https://tutanota.com/blog/posts/desktop-clients/){ .card-link title=Linux }
-        [:pg-flathub:](https://flathub.org/apps/details/com.tutanota.Tutanota){ .card-link title=Flatpak }
-        [:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=de.tutao.tutanota){ .card-link title="Google Play" }
-        [:pg-f-droid:](https://f-droid.org/en/packages/de.tutao.tutanota){ .card-link title=F-Droid }
-        [:fontawesome-brands-app-store-ios:](https://apps.apple.com/us/app/tutanota/id922429609){ .card-link title="App Store" }
-
-### Proton Calendar
-
-!!! recommendation
-
-    ![Proton Calendar logo](assets/img/calendar-contacts/proton-calendar.svg){ align=right }
-
-    **Proton Calendar** is an encrypted calendar serivce available to Proton Mail members. Features include: automatic E2EE of all data, sharing features, import/export functionality, and [more](https://proton.me/support/proton-calendar-guide). Those on the free tier get access to a single calendar, whereas paid subscribers can create up to 20 calendars. Extended sharing functionality is also limited to paid subscribers. Proton Calendar is currently only available for the web and Android.
-
-    [:octicons-home-16: Homepage](https://proton.me/calendar){ .md-button .md-button--primary }
-    [:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Privacy Policy" }
-    [:octicons-info-16:](https://proton.me/support/proton-calendar-guide){ .card-link title=Documentation}
-    [:octicons-code-16:](https://github.com/ProtonMail/WebClients){ .card-link title="Source Code" }
-
-    ??? downloads
-
-        [:octicons-browser-16:](https://calendar.proton.me){ .card-link title=Web }
-        [:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=me.proton.android.calendar){ .card-link title="Google Play" }
+        - [:octicons-browser-16: Web](https://mail.tutanota.com/)
+        - [:fontawesome-brands-windows: Windows](https://tutanota.com/blog/posts/desktop-clients/)
+        - [:fontawesome-brands-apple: macOS](https://tutanota.com/blog/posts/desktop-clients/)
+        - [:fontawesome-brands-linux: Linux](https://tutanota.com/blog/posts/desktop-clients/)
+        - [:pg-flathub: Flatpak](https://flathub.org/apps/details/com.tutanota.Tutanota)
+        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=de.tutao.tutanota)
+        - [:pg-f-droid: F-Droid](https://f-droid.org/en/packages/de.tutao.tutanota)
+        - [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/tutanota/id922429609)
 
 ## Self-hostable
 
 Some of these options are self-hostable, but could be offered by third party SaaS providers for a fee:
 
+### DecSync CC
+
+!!! recommendation
+
+    ![DecSync logo](assets/img/calendar-contacts/decsync.svg){ align=right }
+
+    **DecSync CC** synchronizes contacts, calendars and tasks using DecSync. It stores this data in a shared directory, using [Syncthing](file-sharing/#syncthing), or any other file synchronization service.
+
+    There are [plugins](https://github.com/39aldo39/DecSync#rss) to sync other types of data such as [RSS](news-aggregators.md).
+
+    [:octicons-repo-16: Repository](https://github.com/39aldo39/DecSync){ .md-button .md-button--primary }
+    [:octicons-info-16:](https://github.com/39aldo39/DecSync/blob/master/design.md){ .card-link title=Documentation}
+    [:octicons-code-16:](https://github.com/39aldo39/DecSync){ .card-link title="Source Code" }
+    [:octicons-heart-16:](https://github.com/39aldo39/DecSync#donations){ .card-link title=Contribute }
+
+    ??? downloads
+
+        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.decsync.cc)
+        - [:pg-f-droid: F-Droid](https://f-droid.org/packages/org.decsync.cc)
+
 ### EteSync
 
 !!! recommendation
@@ -74,10 +94,10 @@ Some of these options are self-hostable, but could be offered by third party Saa
 
     ??? downloads
 
-        [:octicons-device-desktop-16:](https://github.com/etesync/etesync-dav/blob/master/README.md#specific-client-notes-and-instructions){ .card-link title="Client Setup" }
-        [:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=com.etesync.syncadapter){ .card-link title="Google Play" }
-        [:pg-f-droid:](https://f-droid.org/app/com.etesync.syncadapter){ .card-link title=F-Droid }
-        [:fontawesome-brands-app-store-ios:](https://apps.apple.com/us/app/apple-store/id1489574285){ .card-link title="App Store" }
+        - [:octicons-device-desktop-16: Client Setup](https://github.com/etesync/etesync-dav/blob/master/README.md#specific-client-notes-and-instructions)
+        - [:fontawesome-brands-google-play: Google PLay](https://play.google.com/store/apps/details?id=com.etesync.syncadapter)
+        - [:pg-f-droid: F-Droid](https://f-droid.org/app/com.etesync.syncadapter)
+        - [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/apple-store/id1489574285)
 
 ### Nextcloud
 
@@ -97,32 +117,12 @@ Some of these options are self-hostable, but could be offered by third party Saa
 
     ??? downloads
 
-        [:fontawesome-brands-windows:](https://nextcloud.com/install/#install-clients){ .card-link title=Windows }
-        [:fontawesome-brands-apple:](https://nextcloud.com/install/#install-clients){ .card-link title=macOS }
-        [:fontawesome-brands-linux:](https://nextcloud.com/install/#install-clients){ .card-link title=Linux }
-        [:pg-flathub:](https://flathub.org/apps/details/com.nextcloud.desktopclient.nextcloud){ .card-link title=Flatpak }
-        [:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=com.nextcloud.client){ .card-link title="Google Play" }
-        [:pg-f-droid:](https://f-droid.org/packages/com.nextcloud.client){ .card-link title=F-Droid }
-        [:fontawesome-brands-app-store-ios:](https://apps.apple.com/us/app/nextcloud/id1125420102){ .card-link title="App Store" }
-
-### DecSync CC
-
-!!! recommendation
-
-    ![DecSync logo](assets/img/calendar-contacts/decsync.svg){ align=right }
-
-    **DecSync CC** synchronizes contacts, calendars and tasks using DecSync. It stores this data in a shared directory, using [Syncthing](file-sharing/#syncthing), or any other file synchronization service.
-
-    There are [plugins](https://github.com/39aldo39/DecSync#rss) to sync other types of data such as [RSS](news-aggregators.md).
-
-    [:octicons-repo-16: Repository](https://github.com/39aldo39/DecSync){ .md-button .md-button--primary }
-    [:octicons-info-16:](https://github.com/39aldo39/DecSync/blob/master/design.md){ .card-link title=Documentation}
-    [:octicons-code-16:](https://github.com/39aldo39/DecSync){ .card-link title="Source Code" }
-    [:octicons-heart-16:](https://github.com/39aldo39/DecSync#donations){ .card-link title=Contribute }
-
-    ??? downloads
-
-        [:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=org.decsync.cc){ .card-link title="Google Play" }
-        [:pg-f-droid:](https://f-droid.org/packages/org.decsync.cc){ .card-link title=F-Droid }
+        - [:fontawesome-brands-windows: Windows](https://nextcloud.com/install/#install-clients)
+        - [:fontawesome-brands-apple: macOS](https://nextcloud.com/install/#install-clients)
+        - [:fontawesome-brands-linux: Linux](https://nextcloud.com/install/#install-clients)
+        - [:pg-flathub: Flatpak](https://flathub.org/apps/details/com.nextcloud.desktopclient.nextcloud)
+        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.nextcloud.client)
+        - [:pg-f-droid: F-Droid](https://f-droid.org/packages/com.nextcloud.client)
+        - [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/nextcloud/id1125420102)
 
 --8<-- "includes/abbreviations.en.md"

docs/cloud.en.md

@@ -6,6 +6,20 @@ Many cloud storage providers require your full trust that they will not look at
 
 If these alternatives do not fit your needs, we suggest you look into [Encryption Software](encryption.md).
 
+## Cryptee
+
+!!! recommendation
+
+    ![Cryptee logo](./assets/img/cloud/cryptee.svg#only-light){ align=right }
+    ![Cryptee logo](./assets/img/cloud/cryptee-dark.svg#only-dark){ align=right }
+
+    **Cryptee** is a web-based, encrypted, secure photo storage service and documents editor.
+
+    [:octicons-home-16: Homepage](https://crypt.ee){ .md-button .md-button--primary }
+    [:octicons-eye-16:](https://crypt.ee/privacy){ .card-link title="Privacy Policy" }
+    [:octicons-info-16:](https://crypt.ee/help){ .card-link title=Documentation}
+    [:octicons-code-16:](https://github.com/cryptee){ .card-link title="Source Code" }
+
 ## Nextcloud
 
 !!! recommendation
@@ -22,15 +36,15 @@ If these alternatives do not fit your needs, we suggest you look into [Encryptio
 
     ??? downloads
 
-        [:fontawesome-brands-windows:](https://nextcloud.com/install/#install-clients){ .card-link title=Windows }
-        [:fontawesome-brands-apple:](https://nextcloud.com/install/#install-clients){ .card-link title=macOS }
-        [:fontawesome-brands-linux:](https://nextcloud.com/install/#install-clients){ .card-link title=Linux }
-        [:fontawesome-brands-freebsd:](https://www.freshports.org/www/nextcloud){ .card-link title=FreeBSD }
-        [:pg-openbsd:](https://openports.se/www/nextcloud){ .card-link title=OpenBSD }
-        [:pg-netbsd:](https://pkgsrc.se/www/php-nextcloud){ .card-link title=NetBSD }
-        [:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=com.nextcloud.client){ .card-link title="Google Play" }
-        [:pg-f-droid:](https://f-droid.org/packages/com.nextcloud.client){ .card-link title=F-Droid }
-        [:fontawesome-brands-app-store-ios:](https://apps.apple.com/app/id1125420102){ .card-link title=App Store }
+        - [:fontawesome-brands-windows: Windows](https://nextcloud.com/install/#install-clients)
+        - [:fontawesome-brands-apple: macOS](https://nextcloud.com/install/#install-clients)
+        - [:fontawesome-brands-linux: Linux](https://nextcloud.com/install/#install-clients)
+        - [:fontawesome-brands-freebsd: FreeBSD](https://www.freshports.org/www/nextcloud)
+        - [:pg-openbsd: OpenBSD](https://openports.se/www/nextcloud)
+        - [:pg-netbsd: NetBSD](https://pkgsrc.se/www/php-nextcloud)
+        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.nextcloud.client)
+        - [:pg-f-droid: F-Droid](https://f-droid.org/packages/com.nextcloud.client)
+        - [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/id1125420102)
 
 We recommend checking if your Nextcloud provider supports E2EE, otherwise you have to trust the provider to not look at your files.
 
@@ -53,27 +67,12 @@ Proton Drive is currently in beta and only is only available through a web clien
 
 When using a web client, you are placing trust in the server to send you proper JavaScript code to derive the decryption key and authentication token locally in your browser. A compromised server can send you malicious JavaScript code to steal your master password and decrypt your data. If this does not fit your [threat model](basics/threat-modeling.md), consider using an alternative.
 
-## Cryptee
-
-!!! recommendation
-
-    ![Cryptee logo](./assets/img/cloud/cryptee.svg#only-light){ align=right }
-    ![Cryptee logo](./assets/img/cloud/cryptee-dark.svg#only-dark){ align=right }
-
-    **Cryptee** is a web-based, encrypted, secure photo storage service and documents editor.
-
-    [:octicons-home-16: Homepage](https://crypt.ee){ .md-button .md-button--primary }
-    [:octicons-eye-16:](https://crypt.ee/privacy){ .card-link title="Privacy Policy" }
-    [:octicons-info-16:](https://crypt.ee/help){ .card-link title=Documentation}
-    [:octicons-code-16:](https://github.com/cryptee){ .card-link title="Source Code" }
-
 ## Tahoe-LAFS
 
 !!! note
 
     Due to the complexity of the system and the amount of nodes needed to set it up, Tahoe-LAFS is only recommended for seasoned system administrators.
 
-
 !!! recommendation
 
     ![Tahoe-LAFS logo](./assets/img/cloud/tahoe-lafs.svg#only-light){ align=right }
@@ -88,9 +87,9 @@ When using a web client, you are placing trust in the server to send you proper
 
     ??? downloads
 
-        [:fontawesome-brands-windows:](https://tahoe-lafs.readthedocs.io/en/latest/Installation/install-tahoe.html#microsoft-windows){ .card-link title=Windows }
-        [:fontawesome-brands-apple:](https://tahoe-lafs.readthedocs.io/en/latest/Installation/install-tahoe.html#linux-bsd-or-macos){ .card-link title=macOS }
-        [:fontawesome-brands-linux:](https://tahoe-lafs.readthedocs.io/en/latest/Installation/install-tahoe.html#linux-bsd-or-macos){ .card-link title=Linux }
-        [:pg-netbsd:](https://tahoe-lafs.readthedocs.io/en/latest/Installation/install-tahoe.html#linux-bsd-or-macos){ .card-link title=NetBSD }
+        - [:fontawesome-brands-windows: Windows](https://tahoe-lafs.readthedocs.io/en/latest/Installation/install-tahoe.html#microsoft-windows)
+        - [:fontawesome-brands-apple: macOS](https://tahoe-lafs.readthedocs.io/en/latest/Installation/install-tahoe.html#linux-bsd-or-macos)
+        - [:fontawesome-brands-linux: Linux](https://tahoe-lafs.readthedocs.io/en/latest/Installation/install-tahoe.html#linux-bsd-or-macos)
+        - [:pg-netbsd: NetBSD](https://tahoe-lafs.readthedocs.io/en/latest/Installation/install-tahoe.html#linux-bsd-or-macos)
 
 --8<-- "includes/abbreviations.en.md"

docs/dns.en.md

@@ -90,8 +90,8 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](ba
 
     ??? downloads
 
-        [:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=com.celzero.bravedns){ .card-link title="Google Play" }
-        [:pg-f-droid:](https://f-droid.org/packages/com.celzero.bravedns){ .card-link title=F-Droid }
+        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.celzero.bravedns)
+        - [:pg-f-droid: F-Droid](https://f-droid.org/packages/com.celzero.bravedns)
 
 ### DNSCloak
 
@@ -107,7 +107,7 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](ba
 
     ??? downloads
 
-        [:fontawesome-brands-app-store-ios:](https://apps.apple.com/app/id1452162351){ .card-link title="App Store" }
+        - [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/id1452162351)
 
 ### dnscrypt-proxy
 
@@ -126,9 +126,9 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](ba
 
     ??? downloads
 
-        [:fontawesome-brands-windows:](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-Windows){ .card-link title=Windows }
-        [:fontawesome-brands-apple:](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-macOS){ .card-link title=macOS }
-        [:fontawesome-brands-linux:](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-linux){ .card-link title=Linux }
+        - [:fontawesome-brands-windows: Windows](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-Windows)
+        - [:fontawesome-brands-apple: macOS](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-macOS)
+        - [:fontawesome-brands-linux: Linux](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-linux)
 
 ## Self-hosted Solutions
 

docs/email-clients.en.md

@@ -11,7 +11,9 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
 
     [Real-time Communication](real-time-communication.md){ .md-button }
 
-## Thunderbird
+## Cross-Platform
+
+### Thunderbird
 
 !!! recommendation
 
@@ -26,16 +28,14 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
 
     ??? downloads
 
-        [:fontawesome-brands-windows:](https://www.thunderbird.net){ .card-link title=Windows }
-        [:fontawesome-brands-apple:](https://www.thunderbird.net){ .card-link title=macOS }
-        [:fontawesome-brands-linux:](https://www.thunderbird.net){ .card-link title=Linux }
-        [:pg-flathub:](https://flathub.org/apps/details/org.mozilla.Thunderbird){ .card-link title=Flatpak }
+        - [:fontawesome-brands-windows: Windows](https://www.thunderbird.net)
+        - [:fontawesome-brands-apple: macOS](https://www.thunderbird.net)
+        - [:fontawesome-brands-linux: Linux](https://www.thunderbird.net)
+        - [:pg-flathub: Flatpak](https://flathub.org/apps/details/org.mozilla.Thunderbird)
 
-## Apple Mail
+## Platform Specific
 
-!!! note
-
-    For iOS devices we suggest [Canary Mail](#canary-mail) as it has PGP support which means you can send end-to-end encrypted email.
+### Apple Mail (macOS)
 
 !!! recommendation
 
@@ -47,83 +47,32 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
     [:octicons-eye-16:](https://www.apple.com/legal/privacy/en-ww/){ .card-link title="Privacy Policy" }
     [:octicons-info-16:](https://support.apple.com/guide/mail/toc){ .card-link title=Documentation}
 
-## GNOME Evolution
+### Canary Mail (iOS)
 
 !!! recommendation
 
-    ![Evolution logo](assets/img/email-clients/evolution.svg){ align=right }
+    ![Canary Mail logo](assets/img/email-clients/canarymail.svg){ align=right }
 
-    **Evolution** is a personal information management application that provides integrated mail, calendaring and address book functionality. Evolution has extensive [documentation](https://help.gnome.org/users/evolution/stable/) to help you get started.
+    **Canary Mail** is a paid email client designed to make end-to-end encryption seamless with security features such as a biometric app lock.
 
-    [:octicons-home-16: Homepage](https://wiki.gnome.org/Apps/Evolution){ .md-button .md-button--primary }
-    [:octicons-eye-16:](https://wiki.gnome.org/Apps/Evolution/PrivacyPolicy){ .card-link title="Privacy Policy" }
-    [:octicons-info-16:](https://help.gnome.org/users/evolution/stable/){ .card-link title=Documentation}
-    [:octicons-code-16:](https://gitlab.gnome.org/GNOME/evolution/){ .card-link title="Source Code" }
-    [:octicons-heart-16:](https://www.gnome.org/donate/){ .card-link title=Contribute }
+    [:octicons-home-16: Homepage](https://canarymail.io){ .md-button .md-button--primary }
+    [:octicons-eye-16:](https://canarymail.io/privacy.html){ .card-link title="Privacy Policy" }
+    [:octicons-info-16:](https://canarymail.zendesk.com/){ .card-link title=Documentation}
 
     ??? downloads
 
-        [:pg-flathub:](https://flathub.org/apps/details/org.gnome.Evolution){ .card-link title=Flatpak }
+        - [:fontawesome-brands-app-store: Mac App Store](https://apps.apple.com/app/id1236045954)
+        - [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/id1236045954)
+        - [:fontawesome-brands-windows: Windows](https://canarymail.io/downloads.html)
+        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=io.canarymail.android)
 
-## Kontact
+!!! attention
 
-!!! recommendation
+    Canary Mail only recently released a Windows and Android client, though we don't believe they are as stable as their iOS and Mac counterparts.
 
-    ![Kontact logo](assets/img/email-clients/kontact.svg){ align=right }
+Canary Mail is closed source. We recommend it due to the few choices there are for email clients on iOS that support PGP E2EE.
 
-    **Kontact** is a personal information manager (PIM) application from the [KDE](https://kde.org) project. It provides a mail client, address book, organizer and RSS client.
-
-    [:octicons-home-16: Homepage](https://kontact.kde.org){ .md-button .md-button--primary }
-    [:octicons-eye-16:](https://kde.org/privacypolicy-apps){ .card-link title="Privacy Policy" }
-    [:octicons-info-16:](https://kontact.kde.org/users/){ .card-link title=Documentation}
-    [:octicons-code-16:](https://invent.kde.org/pim/kmail){ .card-link title="Source Code" }
-    [:octicons-heart-16:](https://kde.org/community/donations/){ .card-link title=Contribute }
-
-    ??? downloads
-
-        [:fontawesome-brands-linux:](https://kontact.kde.org/download){ .card-link title=Linux }
-        [:pg-flathub:](https://flathub.org/apps/details/org.kde.kontact){ .card-link title=Flatpak }
-
-## Mailvelope
-
-!!! recommendation
-
-    ![Mailvelope logo](assets/img/email-clients/mailvelope.svg){ align=right }
-
-    **Mailvelope** is a browser extension that enables the exchange of encrypted emails following the OpenPGP encryption standard.
-
-    [:octicons-home-16: Homepage](https://www.mailvelope.com){ .md-button .md-button--primary }
-    [:octicons-eye-16:](https://www.mailvelope.com/en/privacy-policy){ .card-link title="Privacy Policy" }
-    [:octicons-info-16:](https://mailvelope.com/faq){ .card-link title=Documentation}
-    [:octicons-code-16:](https://github.com/mailvelope/mailvelope){ .card-link title="Source Code" }
-
-    ??? downloads
-
-        [:fontawesome-brands-firefox:](https://addons.mozilla.org/firefox/addon/mailvelope){ .card-link title=Firefox }
-        [:fontawesome-brands-chrome:](https://chrome.google.com/webstore/detail/mailvelope/kajibbejlbohfaggdiogboambcijhkke){ .card-link title=Chrome }
-        [:fontawesome-brands-edge:](https://microsoftedge.microsoft.com/addons/detail/mailvelope/dgcbddhdhjppfdfjpciagmmibadmoapc){ .card-link title=Edge }
-
-## K-9 Mail
-
-!!! recommendation
-
-    ![K-9 Mail logo](assets/img/email-clients/k9mail.svg){ align=right }
-
-    **K-9 Mail** is an independent mail application that supports both POP3 and IMAP mailboxes, but only supports push mail for IMAP.
-
-    [:octicons-home-16: Homepage](https://k9mail.app){ .md-button .md-button--primary }
-    [:octicons-eye-16:](https://k9mail.app/privacy){ .card-link title="Privacy Policy" }
-    [:octicons-info-16:](https://docs.k9mail.app/){ .card-link title=Documentation}
-    [:octicons-code-16:](https://github.com/k9mail/k-9){ .card-link title="Source Code" }
-    [:octicons-heart-16:](https://k9mail.app/contribute){ .card-link title=Contribute }
-
-    ??? downloads
-
-        [:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=com.fsck.k9){ .card-link title="Google Play" }
-        [:pg-f-droid:](https://f-droid.org/packages/com.fsck.k9){ .card-link title=F-Droid }
-        [:fontawesome-brands-github:](https://github.com/k9mail/k-9/releases){ .card-link title=GitHub }
-
-## FairEmail
+### FairEmail (Android)
 
 !!! recommendation
 
@@ -139,35 +88,86 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
 
     ??? downloads
 
-        [:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=eu.faircode.email){ .card-link title="Google Play" }
-        [:pg-f-droid:](https://f-droid.org/packages/eu.faircode.email/){ .card-link title=F-Droid }
+        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=eu.faircode.email)
+        - [:pg-f-droid: F-Droid](https://f-droid.org/packages/eu.faircode.email/)
 
-## Canary Mail
+### GNOME Evolution (GNOME)
 
 !!! recommendation
 
-    ![Canary Mail logo](assets/img/email-clients/canarymail.svg){ align=right }
+    ![Evolution logo](assets/img/email-clients/evolution.svg){ align=right }
 
-    **Canary Mail** is a paid email client designed to make end-to-end encryption seamless with security features such as a biometric app lock.
+    **Evolution** is a personal information management application that provides integrated mail, calendaring and address book functionality. Evolution has extensive [documentation](https://help.gnome.org/users/evolution/stable/) to help you get started.
 
-    [:octicons-home-16: Homepage](https://canarymail.io){ .md-button .md-button--primary }
-    [:octicons-eye-16:](https://canarymail.io/privacy.html){ .card-link title="Privacy Policy" }
-    [:octicons-info-16:](https://canarymail.zendesk.com/){ .card-link title=Documentation}
+    [:octicons-home-16: Homepage](https://wiki.gnome.org/Apps/Evolution){ .md-button .md-button--primary }
+    [:octicons-eye-16:](https://wiki.gnome.org/Apps/Evolution/PrivacyPolicy){ .card-link title="Privacy Policy" }
+    [:octicons-info-16:](https://help.gnome.org/users/evolution/stable/){ .card-link title=Documentation}
+    [:octicons-code-16:](https://gitlab.gnome.org/GNOME/evolution/){ .card-link title="Source Code" }
+    [:octicons-heart-16:](https://www.gnome.org/donate/){ .card-link title=Contribute }
 
     ??? downloads
 
-        [:fontawesome-brands-app-store:](https://apps.apple.com/app/id1236045954){ .card-link title="Mac App Store" }
-        [:fontawesome-brands-app-store-ios:](https://apps.apple.com/app/id1236045954){ .card-link title="App Store" }
-        [:fontawesome-brands-windows:](https://canarymail.io/downloads.html){ .card-link title=Windows }
-        [:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=io.canarymail.android){ .card-link title="Google Play" }
+        - [:pg-flathub: Flatpak](https://flathub.org/apps/details/org.gnome.Evolution)
 
-!!! attention
+### K-9 Mail (Android)
 
-    Canary Mail only recently released a Windows and Android client, though we don't believe they are as stable as their iOS and Mac counterparts.
+!!! recommendation
 
-Canary Mail is closed source. We recommend it due to the few choices there are for email clients on iOS that support PGP E2EE.
+    ![K-9 Mail logo](assets/img/email-clients/k9mail.svg){ align=right }
 
-## NeoMutt
+    **K-9 Mail** is an independent mail application that supports both POP3 and IMAP mailboxes, but only supports push mail for IMAP.
+
+    [:octicons-home-16: Homepage](https://k9mail.app){ .md-button .md-button--primary }
+    [:octicons-eye-16:](https://k9mail.app/privacy){ .card-link title="Privacy Policy" }
+    [:octicons-info-16:](https://docs.k9mail.app/){ .card-link title=Documentation}
+    [:octicons-code-16:](https://github.com/k9mail/k-9){ .card-link title="Source Code" }
+    [:octicons-heart-16:](https://k9mail.app/contribute){ .card-link title=Contribute }
+
+    ??? downloads
+
+        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.fsck.k9)
+        - [:pg-f-droid: F-Droid](https://f-droid.org/packages/com.fsck.k9)
+        - [:fontawesome-brands-github: GitHub](https://github.com/k9mail/k-9/releases)
+
+### Kontact (KDE)
+
+!!! recommendation
+
+    ![Kontact logo](assets/img/email-clients/kontact.svg){ align=right }
+
+    **Kontact** is a personal information manager (PIM) application from the [KDE](https://kde.org) project. It provides a mail client, address book, organizer and RSS client.
+
+    [:octicons-home-16: Homepage](https://kontact.kde.org){ .md-button .md-button--primary }
+    [:octicons-eye-16:](https://kde.org/privacypolicy-apps){ .card-link title="Privacy Policy" }
+    [:octicons-info-16:](https://kontact.kde.org/users/){ .card-link title=Documentation}
+    [:octicons-code-16:](https://invent.kde.org/pim/kmail){ .card-link title="Source Code" }
+    [:octicons-heart-16:](https://kde.org/community/donations/){ .card-link title=Contribute }
+
+    ??? downloads
+
+        - [:fontawesome-brands-linux: Linux](https://kontact.kde.org/download)
+        - [:pg-flathub: Flatpak](https://flathub.org/apps/details/org.kde.kontact)
+
+### Mailvelope (Browser)
+
+!!! recommendation
+
+    ![Mailvelope logo](assets/img/email-clients/mailvelope.svg){ align=right }
+
+    **Mailvelope** is a browser extension that enables the exchange of encrypted emails following the OpenPGP encryption standard.
+
+    [:octicons-home-16: Homepage](https://www.mailvelope.com){ .md-button .md-button--primary }
+    [:octicons-eye-16:](https://www.mailvelope.com/en/privacy-policy){ .card-link title="Privacy Policy" }
+    [:octicons-info-16:](https://mailvelope.com/faq){ .card-link title=Documentation}
+    [:octicons-code-16:](https://github.com/mailvelope/mailvelope){ .card-link title="Source Code" }
+
+    ??? downloads
+
+        - [:fontawesome-brands-firefox: Firefox](https://addons.mozilla.org/firefox/addon/mailvelope)
+        - [:fontawesome-brands-chrome: Chrome](https://chrome.google.com/webstore/detail/mailvelope/kajibbejlbohfaggdiogboambcijhkke)
+        - [:fontawesome-brands-edge: Edge](https://microsoftedge.microsoft.com/addons/detail/mailvelope/dgcbddhdhjppfdfjpciagmmibadmoapc)
+
+### NeoMutt (CLI)
 
 !!! recommendation
 
@@ -184,7 +184,7 @@ Canary Mail is closed source. We recommend it due to the few choices there are f
 
     ??? downloads
 
-        [:fontawesome-brands-linux:](https://neomutt.org/distro){ .card-link title=Linux }
-        [:fontawesome-brands-apple:](https://neomutt.org/distro){ .card-link title=macOS }
+        - [:fontawesome-brands-linux: Linux](https://neomutt.org/distro)
+        - [:fontawesome-brands-apple: macOS](https://neomutt.org/distro)
 
 --8<-- "includes/abbreviations.en.md"

docs/email.en.md

@@ -16,6 +16,50 @@ For everything else, we recommend a variety of email providers based on sustaina
 
 ## Recommended Email Providers
 
+### Mailbox.org
+
+!!! recommendation
+
+    ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ align=right }
+
+    **Mailbox.org** is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with 2 GB of storage, which can be upgraded as needed.
+
+    **EUR €12/year**
+
+    [:octicons-home-16: Homepage](https://mailbox.org){ .md-button .md-button--primary }
+    [:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Privacy Policy" }
+    [:octicons-info-16:](https://kb.mailbox.org/en/private){ .card-link title=Documentation}
+
+??? check "Custom Domains and Aliases"
+
+    Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain.
+
+??? info "Private Payment Methods"
+
+    Mailbox.org doesn't accept Bitcoin or any other cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung.
+
+??? check "Account Security"
+
+    Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported.
+
+??? info "Data Security"
+
+    Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key.
+
+    However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar-contacts.md) may be more appropriate for that information.
+
+??? check "Email Encryption"
+
+    Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox.
+
+    Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE.
+
+??? info "Additional Functionality"
+
+    You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service, and you may experience TLS certificate errors.
+
+    All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3.
+
 ### Proton Mail
 
 !!! recommendation
@@ -64,49 +108,46 @@ For everything else, we recommend a variety of email providers based on sustaina
 
     Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage.
 
-### Mailbox.org
+### StartMail
 
 !!! recommendation
 
-    ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ align=right }
+    ![StartMail logo](assets/img/email/startmail.svg#only-light){ align=right }
+    ![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ align=right }
 
-    **Mailbox.org** is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with 2 GB of storage, which can be upgraded as needed.
+    **StartMail** is an email service with a focus on security and privacy through the use of standard OpenPGP encryption. StartMail has been in operation since 2014 and is based in Boulevard 11, Zeist Netherlands. Accounts start with 10GB. They offer a 30-day trial.
 
-    **EUR €12/year**
+    **USD $59.95/year**
 
-    [:octicons-home-16: Homepage](https://mailbox.org){ .md-button .md-button--primary }
-    [:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Privacy Policy" }
-    [:octicons-info-16:](https://kb.mailbox.org/en/private){ .card-link title=Documentation}
+    [:octicons-home-16: Homepage](https://startmail.com/){ .md-button .md-button--primary }
+    [:octicons-eye-16:](https://www.startmail.com/en/privacy/){ .card-link title="Privacy Policy" }
+    [:octicons-info-16:](https://support.startmail.com){ .card-link title=Documentation}
 
 ??? check "Custom Domains and Aliases"
 
-    Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain.
+    Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available.
 
-??? info "Private Payment Methods"
+??? warning "Private Payment Methods"
 
-    Mailbox.org doesn't accept Bitcoin or any other cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung.
+    StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as Bitcoin (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year.
 
 ??? check "Account Security"
 
-    Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported.
+    StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication.
 
 ??? info "Data Security"
 
-    Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key.
+    StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key.
 
-    However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar-contacts.md) may be more appropriate for that information.
+    StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption, so a [standalone option](calendar-contacts.md) may be more appropriate.
 
 ??? check "Email Encryption"
 
-    Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox.
-
-    Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE.
+    StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys.
 
 ??? info "Additional Functionality"
 
-    You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service, and you may experience TLS certificate errors.
-
-    All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3.
+    StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is.
 
 ### Tutanota
 
@@ -159,47 +200,6 @@ Tutanota is working on a [desktop client](https://tutanota.com/blog/posts/deskto
 
     Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y.
 
-### StartMail
-
-!!! recommendation
-
-    ![StartMail logo](assets/img/email/startmail.svg#only-light){ align=right }
-    ![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ align=right }
-
-    **StartMail** is an email service with a focus on security and privacy through the use of standard OpenPGP encryption. StartMail has been in operation since 2014 and is based in Boulevard 11, Zeist Netherlands. Accounts start with 10GB. They offer a 30-day trial.
-
-    **USD $59.95/year**
-
-    [:octicons-home-16: Homepage](https://startmail.com/){ .md-button .md-button--primary }
-    [:octicons-eye-16:](https://www.startmail.com/en/privacy/){ .card-link title="Privacy Policy" }
-    [:octicons-info-16:](https://support.startmail.com){ .card-link title=Documentation}
-
-??? check "Custom Domains and Aliases"
-
-    Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available.
-
-??? warning "Private Payment Methods"
-
-    StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as Bitcoin (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year.
-
-??? check "Account Security"
-
-    StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication.
-
-??? info "Data Security"
-
-    StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key.
-
-    StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption, so a [standalone option](calendar-contacts.md) may be more appropriate.
-
-??? check "Email Encryption"
-
-    StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys.
-
-??? info "Additional Functionality"
-
-    StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is.
-
 ## Email Aliasing Services
 
 An email aliasing service allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your email provider. True email aliasing is better than plus addressing commonly used and supported by many providers, which allows you to create aliases like yourname+[anythinghere]@example.com, because websites, advertisers, and tracking networks can trivially remove anything after the + sign to know your true email address.
@@ -221,36 +221,6 @@ Our email aliasing recommendations are providers that allow you to create aliase
 
 Using an aliasing service requires trusting both your email provider and your aliasing provider with your unencrypted messages. Some providers mitigate this slightly with automatic PGP encryption, which reduces the number of parties you need to trust from 2 to 1 by encrypting incoming emails before they are delivered to your final mailbox provider.
 
-### SimpleLogin
-
-!!! recommendation
-
-    ![Simplelogin logo](assets/img/email/simplelogin.svg){ align=right }
-
-    **[SimpleLogin](https://simplelogin.io)** is a free service which provides email aliases on a variety of shared domain names, and optionally provides features like unlimited aliases and custom domains for $30/year. [Source code on GitHub](https://github.com/simple-login/app).
-
-    [:octicons-home-16: Homepage](https://simplelogin.io){ .md-button .md-button--primary }
-    [:octicons-eye-16:](https://simplelogin.io/privacy/){ .card-link title="Privacy Policy" }
-    [:octicons-info-16:](https://simplelogin.io/docs/){ .card-link title=Documentation}
-    [:octicons-code-16:](https://github.com/simple-login){ .card-link title="Source Code" }
-
-    ??? downloads
-        [:fontawesome-brands-firefox:](https://addons.mozilla.org/en-US/firefox/addon/simplelogin/){ .card-link title=Firefox }
-        [:fontawesome-brands-chrome:](https://chrome.google.com/webstore/detail/dphilobhebphkdjbpfohgikllaljmgbn){ .card-link title=Chrome }
-        [:fontawesome-brands-edge:](https://microsoftedge.microsoft.com/addons/detail/simpleloginreceive-sen/diacfpipniklenphgljfkmhinphjlfff){ .card-link title=Edge }
-        [:fontawesome-brands-safari:](https://apps.apple.com/app/id1494051017){ .card-link title=Safari }
-        [:fontawesome-brands-app-store-ios:](https://apps.apple.com/app/id1494359858){ .card-link title="App Store" }
-        [:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=io.simplelogin.android){ .card-link title="Google Play" }
-        [:pg-f-droid:](https://f-droid.org/en/packages/io.simplelogin.android.fdroid/){ .card-link title=F-Droid }
-
-SimpleLogin was [acquired by Proton AG](https://proton.me/news/proton-and-simplelogin-join-forces) as of April 8, 2022. If you use Proton Mail for your primary mailbox, SimpleLogin a great choice. As both products are now owned by the same company you now only have to trust a single entity. We also expect that SimpleLogin will be more tightly integrated with Proton's offerings in the future. SimpleLogin continues to support forwarding to any email provider of your choosing.
-
-Notable free features:
-
-- [x] 15 Shared Aliases
-- [x] Unlimited Replies
-- [x] 1 Recepient Mailbox
-
 ### AnonAddy
 
 !!! recommendation
@@ -266,10 +236,10 @@ Notable free features:
     [:octicons-heart-16:](https://anonaddy.com/donate/){ .card-link title=Contribute }
 
     ??? downloads
-        [:fontawesome-brands-firefox:](https://addons.mozilla.org/en-GB/firefox/addon/anonaddy/){ .card-link title=Firefox }
-        [:fontawesome-brands-chrome:](https://chrome.google.com/webstore/detail/anonaddy-anonymous-email/iadbdpnoknmbdeolbapdackdcogdmjpe){ .card-link title=Chrome }
-        [:material-apple-ios:](https://anonaddy.com/faq/#is-there-an-ios-app){ .card-link title=iOS }
-        [:fontawesome-brands-android:](https://anonaddy.com/faq/#is-there-an-android-app){ .card-link title=Android }
+        - [:fontawesome-brands-firefox: Firefox](https://addons.mozilla.org/en-GB/firefox/addon/anonaddy/)
+        - [:fontawesome-brands-chrome: Chrome](https://chrome.google.com/webstore/detail/anonaddy-anonymous-email/iadbdpnoknmbdeolbapdackdcogdmjpe)
+        - [:material-apple-ios: iOS](https://anonaddy.com/faq/#is-there-an-ios-app)
+        - [:fontawesome-brands-android: Android](https://anonaddy.com/faq/#is-there-an-android-app)
 
 The number of shared aliases (which end in a shared domain like @anonaddy.me) that you can create is limited to 20 on AnonAddy's free plan and 50 on their $12/month plan. You can create unlimited standard aliases (which end in a domain like @[username].anonaddy.com or a custom domain on paid plans), however, as previously mentioned, this can be detrimental to privacy because people can trivially tie your standard aliases together based on the domain name alone. Unlimited shared aliases are available for $36/year.
 
@@ -281,6 +251,36 @@ Notable free features:
 - [x] 2 Receipent Mailboxes
 - [x] Automatic PGP Encryption
 
+### SimpleLogin
+
+!!! recommendation
+
+    ![Simplelogin logo](assets/img/email/simplelogin.svg){ align=right }
+
+    **[SimpleLogin](https://simplelogin.io)** is a free service which provides email aliases on a variety of shared domain names, and optionally provides features like unlimited aliases and custom domains for $30/year. [Source code on GitHub](https://github.com/simple-login/app).
+
+    [:octicons-home-16: Homepage](https://simplelogin.io){ .md-button .md-button--primary }
+    [:octicons-eye-16:](https://simplelogin.io/privacy/){ .card-link title="Privacy Policy" }
+    [:octicons-info-16:](https://simplelogin.io/docs/){ .card-link title=Documentation}
+    [:octicons-code-16:](https://github.com/simple-login){ .card-link title="Source Code" }
+
+    ??? downloads
+        - [:fontawesome-brands-firefox: Firefox](https://addons.mozilla.org/en-US/firefox/addon/simplelogin/)
+        - [:fontawesome-brands-chrome: Chrome](https://chrome.google.com/webstore/detail/dphilobhebphkdjbpfohgikllaljmgbn)
+        - [:fontawesome-brands-edge: Edge](https://microsoftedge.microsoft.com/addons/detail/simpleloginreceive-sen/diacfpipniklenphgljfkmhinphjlfff)
+        - [:fontawesome-brands-safari: Safari](https://apps.apple.com/app/id1494051017)
+        - [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/id1494359858)
+        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=io.simplelogin.android)
+        - [:pg-f-droid: F-Droid](https://f-droid.org/en/packages/io.simplelogin.android.fdroid/)
+
+SimpleLogin was [acquired by Proton AG](https://proton.me/news/proton-and-simplelogin-join-forces) as of April 8, 2022. If you use Proton Mail for your primary mailbox, SimpleLogin a great choice. As both products are now owned by the same company you now only have to trust a single entity. We also expect that SimpleLogin will be more tightly integrated with Proton's offerings in the future. SimpleLogin continues to support forwarding to any email provider of your choosing.
+
+Notable free features:
+
+- [x] 15 Shared Aliases
+- [x] Unlimited Replies
+- [x] 1 Recepient Mailbox
+
 *[Automatic PGP Encryption]: Allows you to encrypt non-encrypted incoming emails before they are forwarded to your mailbox, making sure your primary mailbox provider never sees unencrypted email content.
 
 ## Self-Hosting Email
@@ -289,16 +289,6 @@ Advanced system administrators may consider setting up their own email server. M
 
 ### Combined software solutions
 
-!!! recommendation
-
-    ![Mail-in-a-Box logo](assets/img/email/mail-in-a-box.svg){ align=right }
-
-    **Mail-in-a-Box** is an automated setup script for deploying a mail server on Ubuntu. Its goal is to make it easier for people to set up their own mail server.
-
-    [:octicons-home-16: Homepage](https://mailinabox.email){ .md-button .md-button--primary }
-    [:octicons-info-16:](https://mailinabox.email/guide.html){ .card-link title=Documentation}
-    [:octicons-code-16:](https://github.com/mail-in-a-box/mailinabox){ .card-link title="Source Code" }
-
 !!! recommendation
 
     ![Mailcow logo](assets/img/email/mailcow.svg){ align=right }
@@ -310,6 +300,16 @@ Advanced system administrators may consider setting up their own email server. M
     [:octicons-code-16:](https://github.com/mailcow/mailcow-dockerized){ .card-link title="Source Code" }
     [:octicons-heart-16:](https://www.servercow.de/mailcow?lang=en#sal){ .card-link title=Contribute }
 
+!!! recommendation
+
+    ![Mail-in-a-Box logo](assets/img/email/mail-in-a-box.svg){ align=right }
+
+    **Mail-in-a-Box** is an automated setup script for deploying a mail server on Ubuntu. Its goal is to make it easier for people to set up their own mail server.
+
+    [:octicons-home-16: Homepage](https://mailinabox.email){ .md-button .md-button--primary }
+    [:octicons-info-16:](https://mailinabox.email/guide.html){ .card-link title=Documentation}
+    [:octicons-code-16:](https://github.com/mail-in-a-box/mailinabox){ .card-link title="Source Code" }
+
 For a more manual approach we've picked out these two articles.
 
 - [Setting up a mail server with OpenSMTPD, Dovecot and Rspamd](https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/) (2019)
@@ -424,4 +424,3 @@ Must not have any marketing which is irresponsible:
 While not strictly requirements, there are some other convenience or privacy factors we looked into when determining which providers to recommend.
 
 --8<-- "includes/abbreviations.en.md"
-

docs/encryption.en.md

@@ -8,33 +8,7 @@ Encryption of data is the only way to control who can access it. If you are curr
 
 The options listed here are multi-platform and great for creating encrypted backups of your data.
 
-### VeraCrypt
-
-!!! recommendation
-
-    ![VeraCrypt logo](assets/img/encryption-software/veracrypt.svg#only-light){ align=right }
-    ![VeraCrypt logo](assets/img/encryption-software/veracrypt-dark.svg#only-dark){ align=right }
-
-    **VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication.
-
-    [:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
-    [:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
-    [:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
-    [:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
-
-    ??? downloads
-
-        [:fontawesome-brands-windows:](https://www.veracrypt.fr/en/Downloads.html){ .card-link title=Windows }
-        [:fontawesome-brands-apple:](https://www.veracrypt.fr/en/Downloads.html){ .card-link title=macOS }
-        [:fontawesome-brands-linux:](https://www.veracrypt.fr/en/Downloads.html){ .card-link title=Linux }
-
-VeraCrypt is a fork of the discontinued TrueCrypt project. According to its developers, security improvements have been implemented and issues raised by the initial TrueCrypt code audit have been addressed.
-
-When encrypting with VeraCrypt, you have the option to select from different [hash functions](https://en.wikipedia.org/wiki/VeraCrypt#Encryption_scheme). We suggest you **only** select [SHA-512](https://en.wikipedia.org/wiki/SHA-512) and stick to the [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) block cipher.
-
-Truecrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits) and VeraCrypt has also been [audited seperately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
-
-### Cryptomator
+### Cryptomator (Cloud)
 
 !!! recommendation
 
@@ -50,13 +24,13 @@ Truecrypt has been [audited a number of times](https://en.wikipedia.org/wiki/Tru
 
     ??? downloads
 
-        [:fontawesome-brands-windows:](https://cryptomator.org/downloads){ .card-link title=Windows }
-        [:fontawesome-brands-apple:](https://cryptomator.org/downloads){ .card-link title=macOS }
-        [:fontawesome-brands-linux:](https://cryptomator.org/downloads){ .card-link title=Linux }
-        [:pg-flathub:](https://flathub.org/apps/details/org.cryptomator.Cryptomator){ .card-link title=Flatpak }
-        [:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=org.cryptomator){ .card-link title="Google Play" }
-        [:fontawesome-brands-android:](https://cryptomator.org/android){ .card-link title=Android }
-        [:fontawesome-brands-app-store-ios:](https://apps.apple.com/us/app/cryptomator-2/id1560822163){ .card-link title="App Store" }
+        - [:fontawesome-brands-windows: Windows](https://cryptomator.org/downloads)
+        - [:fontawesome-brands-apple: macOS](https://cryptomator.org/downloads)
+        - [:fontawesome-brands-linux: Linux](https://cryptomator.org/downloads)
+        - [:pg-flathub: Flatpak](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
+        - [:fontawesome-brands-android: Android](https://cryptomator.org/android)
+        - [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
 
 Cryptomator utilizes AES-256 encryption to encrypt both files and filenames. Cryptomator cannot encrypt some metadata such as access, modification, and creation timestamps, nor the number and size of files and folders.
 
@@ -64,7 +38,7 @@ Some Cryptomator cryptographic libraries have been [audited](https://community.c
 
 Cryptomator's documentation details its intended [security target](https://docs.cryptomator.org/en/latest/security/security-target/), [security architecture](https://docs.cryptomator.org/en/latest/security/architecture/), and [best practices](https://docs.cryptomator.org/en/latest/security/best-practices/) for use in further detail.
 
-### Picocrypt
+### Picocrypt (File)
 
 !!! recommendation
 
@@ -78,9 +52,35 @@ Cryptomator's documentation details its intended [security target](https://docs.
 
     ??? downloads
 
-        [:fontawesome-brands-windows:](https://github.com/HACKERALERT/Picocrypt/releases){ .card-link title=Windows }
-        [:fontawesome-brands-apple:](https://github.com/HACKERALERT/Picocrypt/releases){ .card-link title=macOS }
-        [:fontawesome-brands-linux:](https://github.com/HACKERALERT/Picocrypt/releases){ .card-link title=Linux }
+        - [:fontawesome-brands-windows: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
+        - [:fontawesome-brands-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
+        - [:fontawesome-brands-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+
+### VeraCrypt (Disk)
+
+!!! recommendation
+
+    ![VeraCrypt logo](assets/img/encryption-software/veracrypt.svg#only-light){ align=right }
+    ![VeraCrypt logo](assets/img/encryption-software/veracrypt-dark.svg#only-dark){ align=right }
+
+    **VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication.
+
+    [:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
+    [:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
+    [:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
+    [:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
+
+    ??? downloads
+
+        - [:fontawesome-brands-windows: Windows](https://www.veracrypt.fr/en/Downloads.html)
+        - [:fontawesome-brands-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
+        - [:fontawesome-brands-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+
+VeraCrypt is a fork of the discontinued TrueCrypt project. According to its developers, security improvements have been implemented and issues raised by the initial TrueCrypt code audit have been addressed.
+
+When encrypting with VeraCrypt, you have the option to select from different [hash functions](https://en.wikipedia.org/wiki/VeraCrypt#Encryption_scheme). We suggest you **only** select [SHA-512](https://en.wikipedia.org/wiki/SHA-512) and stick to the [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) block cipher.
+
+Truecrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits) and VeraCrypt has also been [audited seperately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
 
 ## OS Full Disk Encryption
 
@@ -216,9 +216,9 @@ Tools with command-line interfaces are useful for integrating [shell scripts](ht
 
     ??? downloads
 
-        [:fontawesome-brands-windows:](https://www.kryptor.co.uk){ .card-link title=Windows }
-        [:fontawesome-brands-apple:](https://www.kryptor.co.uk){ .card-link title=macOS }
-        [:fontawesome-brands-linux:](https://www.kryptor.co.uk){ .card-link title=Linux }
+        - [:fontawesome-brands-windows: Windows](https://www.kryptor.co.uk)
+        - [:fontawesome-brands-apple: macOS](https://www.kryptor.co.uk)
+        - [:fontawesome-brands-linux: Linux](https://www.kryptor.co.uk)
 
 ### Tomb
 
@@ -262,10 +262,10 @@ When encrypting with PGP, you have the option to configure different options in
 
     ??? downloads
 
-        [:fontawesome-brands-windows:](https://gpg4win.org/download.html){ .card-link title=Windows }
-        [:fontawesome-brands-apple:](https://gpgtools.org){ .card-link title=macOS }
-        [:fontawesome-brands-linux:](https://gnupg.org/download/index.html#binary){ .card-link title=Linux }
-        [:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain){ .card-link title="Google Play" }
+        - [:fontawesome-brands-windows: Windows](https://gpg4win.org/download.html)
+        - [:fontawesome-brands-apple: macOS](https://gpgtools.org)
+        - [:fontawesome-brands-linux: Linux](https://gnupg.org/download/index.html#binary)
+        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
 
 ### GPG4win
 
@@ -283,7 +283,7 @@ When encrypting with PGP, you have the option to configure different options in
 
     ??? downloads
 
-        [:fontawesome-brands-windows:](https://gpg4win.org/download.html){ .card-link title=Windows }
+        - [:fontawesome-brands-windows: Windows](https://gpg4win.org/download.html)
 
 ### GPG Suite
 
@@ -306,7 +306,7 @@ When encrypting with PGP, you have the option to configure different options in
 
     ??? downloads
 
-        [:fontawesome-brands-apple:](https://gpgtools.org){ .card-link title=macOS }
+        - [:fontawesome-brands-apple: macOS](https://gpgtools.org)
 
 ### OpenKeychain
 
@@ -324,7 +324,7 @@ When encrypting with PGP, you have the option to configure different options in
 
     ??? downloads
 
-        [:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain){ .card-link title="Google Play" }
-        [:pg-f-droid:](https://f-droid.org/packages/org.sufficientlysecure.keychain/){ .card-link title=F-Droid }
+        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+        - [:pg-f-droid: F-Droid](https://f-droid.org/packages/org.sufficientlysecure.keychain/)
 
 --8<-- "includes/abbreviations.en.md"

docs/file-sharing.en.md

@@ -6,6 +6,24 @@ Discover how to privately share your files between your devices, with your frien
 
 ## File Sharing
 
+### Magic Wormhole
+
+!!! recommendation
+
+    ![Magic Wormhole logo](assets/img/file-sharing-sync/magic_wormhole.png){ align=right }
+
+    **Magic Wormhole** is a package that provides a library and a command-line tool named wormhole, which makes it possible to get arbitrary-sized files and directories (or short pieces of text) from one computer to another. Their motto: "Get things from one computer to another, safely.
+
+    [:octicons-repo-16: Repository](https://github.com/magic-wormhole/magic-wormhole){ .md-button .md-button--primary }
+    [:octicons-info-16:](https://magic-wormhole.readthedocs.io/){ .card-link title=Documentation}
+    [:octicons-code-16:](https://github.com/magic-wormhole/magic-wormhole){ .card-link title="Source Code" }
+
+    ??? downloads
+
+        - [:fontawesome-brands-windows: Windows](https://magic-wormhole.readthedocs.io/en/latest/welcome.html#installation)
+        - [:fontawesome-brands-apple: macOS](https://magic-wormhole.readthedocs.io/en/latest/welcome.html#macos-os-x)
+        - [:fontawesome-brands-linux: Linux](https://magic-wormhole.readthedocs.io/en/latest/welcome.html#installation)
+
 ### OnionShare
 
 !!! recommendation
@@ -21,27 +39,9 @@ Discover how to privately share your files between your devices, with your frien
 
     ??? downloads
 
-        [:fontawesome-brands-windows:](https://onionshare.org/#download){ .card-link title=Windows }
-        [:fontawesome-brands-apple:](https://onionshare.org/#download){ .card-link title=macOS }
-        [:fontawesome-brands-linux:](https://onionshare.org/#download){ .card-link title=Linux }
-
-### Magic Wormhole
-
-!!! recommendation
-
-    ![Magic Wormhole logo](assets/img/file-sharing-sync/magic_wormhole.png){ align=right }
-
-    **Magic Wormhole** is a package that provides a library and a command-line tool named wormhole, which makes it possible to get arbitrary-sized files and directories (or short pieces of text) from one computer to another. Their motto: "Get things from one computer to another, safely.
-
-    [:octicons-repo-16: Repository](https://github.com/magic-wormhole/magic-wormhole){ .md-button .md-button--primary }
-    [:octicons-info-16:](https://magic-wormhole.readthedocs.io/){ .card-link title=Documentation}
-    [:octicons-code-16:](https://github.com/magic-wormhole/magic-wormhole){ .card-link title="Source Code" }
-
-    ??? downloads
-
-        [:fontawesome-brands-windows:](https://magic-wormhole.readthedocs.io/en/latest/welcome.html#installation){ .card-link title=Windows }
-        [:fontawesome-brands-apple:](https://magic-wormhole.readthedocs.io/en/latest/welcome.html#macos-os-x){ .card-link title=macOS }
-        [:fontawesome-brands-linux:](https://magic-wormhole.readthedocs.io/en/latest/welcome.html#installation){ .card-link title=Linux }
+        - [:fontawesome-brands-windows: Windows](https://onionshare.org/#download)
+        - [:fontawesome-brands-apple: macOS](https://onionshare.org/#download)
+        - [:fontawesome-brands-linux: Linux](https://onionshare.org/#download)
 
 ## FreedomBox
 
@@ -58,30 +58,6 @@ Discover how to privately share your files between your devices, with your frien
 
 ## File Sync
 
-### Syncthing
-
-!!! recommendation
-
-    ![Syncthing logo](assets/img/file-sharing-sync/syncthing.svg){ align=right }
-
-    **Syncthing** is an open-source peer-to-peer continuous file synchronization utility. It is used to synchronize files between two or more devices over the local network or the internet. Syncthing does not use a centralized server; it uses the [Block Exchange Protocol](https://docs.syncthing.net/specs/bep-v1.html#bep-v1) to transfer data between devices. All data is encrypted using TLS.
-
-    [:octicons-home-16: Homepage](https://syncthing.net){ .md-button .md-button--primary }
-    [:octicons-info-16:](https://docs.syncthing.net){ .card-link title=Documentation}
-    [:octicons-code-16:](https://github.com/syncthing){ .card-link title="Source Code" }
-    [:octicons-heart-16:](https://syncthing.net/donations/){ .card-link title=Contribute }
-
-    ??? downloads
-
-        [:fontawesome-brands-windows:](https://syncthing.net/downloads/){ .card-link title=Windows }
-        [:fontawesome-brands-apple:](https://syncthing.net/downloads/){ .card-link title=macOS }
-        [:fontawesome-brands-linux:](https://syncthing.net/downloads/){ .card-link title=Linux }
-        [:fontawesome-brands-freebsd:](https://syncthing.net/downloads/){ .card-link title=FreeBSD }
-        [:pg-openbsd:](https://syncthing.net/downloads/){ .card-link title=OpenBSD }
-        [:pg-netbsd:](https://syncthing.net/downloads/){ .card-link title=NetBSD }
-        [:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=com.nutomic.syncthingandroid){ .card-link title="Google Play" }
-        [:pg-f-droid:](https://f-droid.org/packages/com.nutomic.syncthingandroid/){ .card-link title=F-Droid }
-
 ### git-annex
 
 !!! recommendation
@@ -98,6 +74,30 @@ Discover how to privately share your files between your devices, with your frien
 
     ??? downloads
 
-        [:fontawesome-brands-windows:](https://git-annex.branchable.com/install/Windows){ .card-link title=Windows }
-        [:fontawesome-brands-apple:](https://git-annex.branchable.com/install/OSX){ .card-link title=macOS }
-        [:fontawesome-brands-linux:](https://git-annex.branchable.com/install){ .card-link title=Linux }
+        - [:fontawesome-brands-windows: Windows](https://git-annex.branchable.com/install/Windows)
+        - [:fontawesome-brands-apple: macOS](https://git-annex.branchable.com/install/OSX)
+        - [:fontawesome-brands-linux: Linux](https://git-annex.branchable.com/install)
+
+### Syncthing
+
+!!! recommendation
+
+    ![Syncthing logo](assets/img/file-sharing-sync/syncthing.svg){ align=right }
+
+    **Syncthing** is an open-source peer-to-peer continuous file synchronization utility. It is used to synchronize files between two or more devices over the local network or the internet. Syncthing does not use a centralized server; it uses the [Block Exchange Protocol](https://docs.syncthing.net/specs/bep-v1.html#bep-v1) to transfer data between devices. All data is encrypted using TLS.
+
+    [:octicons-home-16: Homepage](https://syncthing.net){ .md-button .md-button--primary }
+    [:octicons-info-16:](https://docs.syncthing.net){ .card-link title=Documentation}
+    [:octicons-code-16:](https://github.com/syncthing){ .card-link title="Source Code" }
+    [:octicons-heart-16:](https://syncthing.net/donations/){ .card-link title=Contribute }
+
+    ??? downloads
+
+        - [:fontawesome-brands-windows: Windows](https://syncthing.net/downloads/)
+        - [:fontawesome-brands-apple: macOS](https://syncthing.net/downloads/)
+        - [:fontawesome-brands-linux: Linux](https://syncthing.net/downloads/)
+        - [:fontawesome-brands-freebsd: FreeBSD](https://syncthing.net/downloads/)
+        - [:pg-openbsd: OpenBSD](https://syncthing.net/downloads/)
+        - [:pg-netbsd: NetBSD](https://syncthing.net/downloads/)
+        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.nutomic.syncthingandroid)
+        - [:pg-f-droid: F-Droid](https://f-droid.org/packages/com.nutomic.syncthingandroid/)

docs/metadata-removal-tools.en.md

@@ -6,6 +6,24 @@ When sharing files, be sure to remove associated metadata. Image files commonly
 
 ## Desktop
 
+### ExifCleaner
+
+!!! recommendation
+
+    ![ExifCleaner logo](assets/img/metadata-removal/exifcleaner.svg){ align=right }
+
+    **ExifCleaner** is a freeware, open source graphical app that uses [ExifTool](https://exiftool.org) to remove Exif metadata from images, videos, and PDF documents using a simple drag and drop interface. It supports multi-core batch processing and dark mode.
+
+    [:octicons-home-16: Homepage](https://exifcleaner.com){ .md-button .md-button--primary }
+    [:octicons-info-16:](https://github.com/szTheory/exifcleaner#readme){ .card-link title=Documentation}
+    [:octicons-code-16:](https://github.com/szTheory/exifcleaner){ .card-link title="Source Code" }
+
+    ??? downloads
+
+        - [:fontawesome-brands-windows: Windows](https://github.com/szTheory/exifcleaner/releases)
+        - [:fontawesome-brands-apple: macOS](https://github.com/szTheory/exifcleaner/releases)
+        - [:fontawesome-brands-linux: Linux](https://github.com/szTheory/exifcleaner/releases)
+
 ### MAT2
 
 !!! recommendation
@@ -22,32 +40,49 @@ When sharing files, be sure to remove associated metadata. Image files commonly
 
     ??? downloads
 
-        [:fontawesome-brands-windows:](https://pypi.org/project/mat2){ .card-link title=Windows }
-        [:fontawesome-brands-apple:](https://0xacab.org/jvoisin/mat2#requirements-setup-on-macos-os-x-using-homebrew){ .card-link title=macOS }
-        [:fontawesome-brands-linux:](https://pypi.org/project/mat2){ .card-link title=Linux }
-        [:octicons-globe-16:](https://0xacab.org/jvoisin/mat2#web-interface){ .card-link title=Web }
-
-### ExifCleaner
-
-!!! recommendation
-
-    ![ExifCleaner logo](assets/img/metadata-removal/exifcleaner.svg){ align=right }
-
-    **ExifCleaner** is a freeware, open source graphical app that uses [ExifTool](https://exiftool.org) to remove Exif metadata from images, videos, and PDF documents using a simple drag and drop interface. It supports multi-core batch processing and dark mode.
-
-    [:octicons-home-16: Homepage](https://exifcleaner.com){ .md-button .md-button--primary }
-    [:octicons-info-16:](https://github.com/szTheory/exifcleaner#readme){ .card-link title=Documentation}
-    [:octicons-code-16:](https://github.com/szTheory/exifcleaner){ .card-link title="Source Code" }
-
-    ??? downloads
-
-        [:fontawesome-brands-windows:](https://github.com/szTheory/exifcleaner/releases){ .card-link title=Windows }
-        [:fontawesome-brands-apple:](https://github.com/szTheory/exifcleaner/releases){ .card-link title=macOS }
-        [:fontawesome-brands-linux:](https://github.com/szTheory/exifcleaner/releases){ .card-link title=Linux }
+        - [:fontawesome-brands-windows: Windows](https://pypi.org/project/mat2)
+        - [:fontawesome-brands-apple: macOS](https://0xacab.org/jvoisin/mat2#requirements-setup-on-macos-os-x-using-homebrew)
+        - [:fontawesome-brands-linux: Linux](https://pypi.org/project/mat2)
+        - [:octicons-globe-16: Web](https://0xacab.org/jvoisin/mat2#web-interface)
 
 ## Mobile
 
-### Scrambled Exif
+### Imagepipe (Android)
+
+!!! recommendation
+
+    ![Imagepipe logo](assets/img/metadata-removal/imagepipe.svg){ align=right }
+
+    **Imagepipe** is a a paint app for Android that can be used to redact photos and also delete Exif metadata. It has been translated into [many](https://codeberg.org/Starfish/Imagepipe#translations) languages.
+
+    [:octicons-repo-16: Repository](https://codeberg.org/Starfish/Imagepipe){ .md-button .md-button--primary }
+    [:octicons-info-16:](https://codeberg.org/Starfish/Imagepipe/src/branch/master/README.md){ .card-link title=Documentation}
+    [:octicons-code-16:](https://codeberg.org/Starfish/Imagepipe){ .card-link title="Source Code" }
+
+    ??? downloads
+
+        - [:pg-f-droid: F-Droid](https://f-droid.org/en/packages/de.kaffeemitkoffein.imagepipe/)
+
+Imagepipe is only available from F-Droid and not in Google Play. If you're looking for a paint app in Google Play we suggest [Pocket Paint](https://play.google.com/store/apps/details?id=org.catrobat.paintroid).
+
+### Metapho (iOS)
+
+!!! recommendation
+
+    ![Metapho logo](assets/img/metadata-removal/metapho.jpg){ align=right }
+
+    Metapho is a simple and clean viewer for photo metadata such as date, file name, size, camera model, shutter speed, and location.
+    
+    Metapho is closed source, however we recommend it due to the few choices there are for iOS.
+
+    [:octicons-home-16: Homepage](https://zininworks.com/metapho){ .md-button .md-button--primary }
+    [:octicons-eye-16:](https://zininworks.com/privacy/){ .card-link title="Privacy Policy" }
+
+    ??? downloads
+
+        - [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/metapho/id914457352)
+
+### Scrambled Exif (Android)
 
 !!! recommendation
 
@@ -63,43 +98,8 @@ When sharing files, be sure to remove associated metadata. Image files commonly
 
     ??? downloads
 
-        [:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=com.jarsilio.android.scrambledeggsif){ .card-link title="Google Play" }
-        [:pg-f-droid:](https://f-droid.org/en/packages/com.jarsilio.android.scrambledeggsif){ .card-link title=F-Droid }
-
-### Imagepipe
-
-!!! recommendation
-
-    ![Imagepipe logo](assets/img/metadata-removal/imagepipe.svg){ align=right }
-
-    **Imagepipe** is a a paint app for Android that can be used to redact photos and also delete Exif metadata. It has been translated into [many](https://codeberg.org/Starfish/Imagepipe#translations) languages.
-
-    [:octicons-repo-16: Repository](https://codeberg.org/Starfish/Imagepipe){ .md-button .md-button--primary }
-    [:octicons-info-16:](https://codeberg.org/Starfish/Imagepipe/src/branch/master/README.md){ .card-link title=Documentation}
-    [:octicons-code-16:](https://codeberg.org/Starfish/Imagepipe){ .card-link title="Source Code" }
-
-    ??? downloads
-
-        [:pg-f-droid:](https://f-droid.org/en/packages/de.kaffeemitkoffein.imagepipe/){ .card-link title=F-Droid }
-
-Imagepipe is only available from F-Droid and not in Google Play. If you're looking for a paint app in Google Play we suggest [Pocket Paint](https://play.google.com/store/apps/details?id=org.catrobat.paintroid).
-
-### Metapho
-
-!!! recommendation
-
-    ![Metapho logo](assets/img/metadata-removal/metapho.jpg){ align=right }
-
-    Metapho is a simple and clean viewer for photo metadata such as date, file name, size, camera model, shutter speed, and location.
-    
-    Metapho is closed source, however we recommend it due to the few choices there are for iOS.
-
-    [:octicons-home-16: Homepage](https://zininworks.com/metapho){ .md-button .md-button--primary }
-    [:octicons-eye-16:](https://zininworks.com/privacy/){ .card-link title="Privacy Policy" }
-
-    ??? downloads
-
-        [:fontawesome-brands-app-store-ios:](https://apps.apple.com/us/app/metapho/id914457352){ .card-link title="App Store" }
+        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.jarsilio.android.scrambledeggsif)
+        - [:pg-f-droid: F-Droid](https://f-droid.org/en/packages/com.jarsilio.android.scrambledeggsif)
 
 ## Command-line
 
@@ -120,10 +120,9 @@ Imagepipe is only available from F-Droid and not in Google Play. If you're looki
 
     ??? downloads
 
-        [:fontawesome-brands-windows:](https://exiftool.org){ .card-link title=Windows }
-        [:fontawesome-brands-apple:](https://exiftool.org){ .card-link title=macOS }
-        [:fontawesome-brands-linux:](https://exiftool.org){ .card-link title=Linux }
-
+        - [:fontawesome-brands-windows: Windows](https://exiftool.org)
+        - [:fontawesome-brands-apple: macOS](https://exiftool.org)
+        - [:fontawesome-brands-linux: Linux](https://exiftool.org)
 
 !!! example "Deleting data from a directory of files"
 

docs/multi-factor-authentication.en.md

@@ -4,29 +4,6 @@ icon: 'material/two-factor-authentication'
 ---
 ## Hardware Security Keys
 
-### YubiKey
-
-!!! recommendation
-
-    ![YubiKeys](assets/img/multi-factor-authentication/yubikey.png)
-
-    The **YubiKeys** are among the most popular security keys. Some YubiKey models have a wide range of features such as: [Universal 2nd Factor (U2F)](https://en.wikipedia.org/wiki/Universal_2nd_Factor), [FIDO2 and WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online), [Yubico OTP](basics/multi-factor-authentication.md#yubico-otp), [Personal Identity Verification (PIV)](https://developers.yubico.com/PIV), [OpenPGP](https://developers.yubico.com/PGP/), [TOTP and HOTP](https://developers.yubico.com/OATH) authentication.
-
-    One of the benefits of the YubiKey is that one key can do almost everything (YubiKey 5), you could expect from a hardware security key. We do encourage you to take the [quiz](https://www.yubico.com/quiz/) before purchasing in order to make sure you make the right choice.
-
-    [:octicons-home-16: Homepage](https://www.yubico.com){ .md-button .md-button--primary }
-    [:octicons-eye-16:](https://www.yubico.com/support/terms-conditions/privacy-notice){ .card-link title="Privacy Policy" }
-    [:octicons-info-16:](https://docs.yubico.com/){ .card-link title=Documentation}
-
-The [comparison table](https://www.yubico.com/store/compare/) shows the features and how the YubiKeys compare. We highly recommend that you select keys from the YubiKey 5 Series.
-
-YubiKeys can be programmed using the [YubiKey Manager](https://www.yubico.com/support/download/yubikey-manager/) or [YubiKey Personalization Tools](https://www.yubico.com/support/download/yubikey-personalization-tools/). For managing TOTP codes, you can use the [Yubico Authenticator](https://www.yubico.com/products/yubico-authenticator/). All of Yubico's clients are open source.
-
-For models which support HOTP and TOTP, there are 2 slots in the OTP interface which could be used for HOTP and 32 slots to store TOTP secrets. These secrets are stored encrypted on the key and never expose them to the devices they are plugged into. Once a seed (shared secret) is given to the Yubico Authenticator, it will only give out the six-digit codes, but never the seed. This security model helps limit what an attacker can do if they compromise one of the devices running the Yubico Authenticator and make the YubiKey resistant to a physical attacker.
-
-!!! warning
-    The firmware of YubiKeys are not open source and are not updatable. If you want features in newer firmware versions, or if there is a vulnerability in the firmware version you are using, you would need to purchase a new key.
-
 ### Nitrokey / Librem Key
 
 !!! recommendation
@@ -61,6 +38,29 @@ For the models which support HOTP and TOTP, there are 3 slots for HOTP and 15 fo
 
     The Nitrokey app, while compatible with Librem Keys, requires `libnitrokey` version 3.6 or above to recognize them. Currently, the package is outdated on Windows, macOS, and most Linux distributions' repository, so you will likely have to compile the Nitrokey app yourself to get it working with the Librem Key. On Linux, you can obtain an up-to-date version from [Flathub](https://flathub.org/apps/details/com.nitrokey.nitrokey-app).
 
+### YubiKey
+
+!!! recommendation
+
+    ![YubiKeys](assets/img/multi-factor-authentication/yubikey.png)
+
+    The **YubiKeys** are among the most popular security keys. Some YubiKey models have a wide range of features such as: [Universal 2nd Factor (U2F)](https://en.wikipedia.org/wiki/Universal_2nd_Factor), [FIDO2 and WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online), [Yubico OTP](basics/multi-factor-authentication.md#yubico-otp), [Personal Identity Verification (PIV)](https://developers.yubico.com/PIV), [OpenPGP](https://developers.yubico.com/PGP/), [TOTP and HOTP](https://developers.yubico.com/OATH) authentication.
+
+    One of the benefits of the YubiKey is that one key can do almost everything (YubiKey 5), you could expect from a hardware security key. We do encourage you to take the [quiz](https://www.yubico.com/quiz/) before purchasing in order to make sure you make the right choice.
+
+    [:octicons-home-16: Homepage](https://www.yubico.com){ .md-button .md-button--primary }
+    [:octicons-eye-16:](https://www.yubico.com/support/terms-conditions/privacy-notice){ .card-link title="Privacy Policy" }
+    [:octicons-info-16:](https://docs.yubico.com/){ .card-link title=Documentation}
+
+The [comparison table](https://www.yubico.com/store/compare/) shows the features and how the YubiKeys compare. We highly recommend that you select keys from the YubiKey 5 Series.
+
+YubiKeys can be programmed using the [YubiKey Manager](https://www.yubico.com/support/download/yubikey-manager/) or [YubiKey Personalization Tools](https://www.yubico.com/support/download/yubikey-personalization-tools/). For managing TOTP codes, you can use the [Yubico Authenticator](https://www.yubico.com/products/yubico-authenticator/). All of Yubico's clients are open source.
+
+For models which support HOTP and TOTP, there are 2 slots in the OTP interface which could be used for HOTP and 32 slots to store TOTP secrets. These secrets are stored encrypted on the key and never expose them to the devices they are plugged into. Once a seed (shared secret) is given to the Yubico Authenticator, it will only give out the six-digit codes, but never the seed. This security model helps limit what an attacker can do if they compromise one of the devices running the Yubico Authenticator and make the YubiKey resistant to a physical attacker.
+
+!!! warning
+    The firmware of YubiKeys are not open source and are not updatable. If you want features in newer firmware versions, or if there is a vulnerability in the firmware version you are using, you would need to purchase a new key.
+
 ## Authenticator Apps
 
 Authenticator Apps implement a security standard adopted by the Internet Engineering Task Force (IETF) called **Time-based One-time Passwords**, or **TOTP**. This is a method where websites share a secret with you which is used by your authenticator app to generate a six (usually) digit code based on the current time, which you enter while logging in for the website to check. Typically these codes are regenerated every 30 seconds, and once a new code is generated the old one becomes useless. Even if a hacker gets one six-digit code, there is no way for them to reverse that code to get the original secret, or otherwise be able to predict what any future codes might be.
@@ -83,9 +83,9 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative
 
     ??? downloads
 
-        [:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=com.beemdevelopment.aegis){ .card-link title="Google Play" }
-        [:pg-f-droid:](https://f-droid.org/en/packages/com.beemdevelopment.aegis){ .card-link title=F-Droid }
-        [:fontawesome-brands-github:](https://github.com/beemdevelopment/Aegis/releases){ .card-link title=GitHub }
+        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.beemdevelopment.aegis)
+        - [:pg-f-droid: F-Droid](https://f-droid.org/en/packages/com.beemdevelopment.aegis)
+        - [:fontawesome-brands-github: GitHub](https://github.com/beemdevelopment/Aegis/releases)
 
 ### Raivo OTP
 
@@ -102,7 +102,7 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative
 
     ??? downloads
 
-        [:fontawesome-brands-app-store-ios:](https://apps.apple.com/us/app/raivo-otp/id1459042137){ .card-link title="App Store" }
-        [:fontawesome-brands-app-store:](https://apps.apple.com/us/app/raivo-otp/id1498497896){ .card-link title="Mac App Store" }
+        - [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/raivo-otp/id1459042137)
+        - [:fontawesome-brands-app-store: Mac App Store](https://apps.apple.com/us/app/raivo-otp/id1498497896)
 
 --8<-- "includes/abbreviations.en.md"

docs/news-aggregators.en.md

@@ -7,42 +7,6 @@ A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to k
 
 ## Aggregator clients
 
-### Fluent Reader
-
-!!! recommendation
-
-    ![Fluent Reader logo](assets/img/news-aggregators/fluent-reader.svg){ align=right }
-
-    **Fluent Reader** is a secure cross-platform news aggregator that has useful privacy features such as deletion of cookies on exit, strict [content security policies (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) and proxy support, meaning you can use it over [Tor](self-contained-networks.md#tor).
-
-    [:octicons-home-16: Homepage](https://hyliu.me/fluent-reader){ .md-button .md-button--primary }
-    [:octicons-eye-16:](https://github.com/yang991178/fluent-reader/wiki/Privacy){ .card-link title="Privacy Policy" }
-    [:octicons-info-16:](https://github.com/yang991178/fluent-reader/wiki/){ .card-link title=Documentation}
-    [:octicons-code-16:](https://github.com/yang991178/fluent-reader){ .card-link title="Source Code" }
-    [:octicons-heart-16:](https://github.com/sponsors/yang991178){ .card-link title=Contribute }
-
-    ??? downloads
-
-        [:fontawesome-brands-windows:](https://hyliu.me/fluent-reader){ .card-link title=Windows }
-        [:fontawesome-brands-app-store:](https://apps.apple.com/app/id1520907427){ .card-link title="Mac App Store" }
-
-### GNOME Feeds
-
-!!! recommendation
-
-    ![GNOME Feeds logo](assets/img/news-aggregators/gfeeds.svg){ align=right }
-
-    **GNOME Feeds** is an [RSS](https://en.wikipedia.org/wiki/RSS) and [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)) news reader for [GNOME](https://www.gnome.org). It has a simple interface and is quite fast.
-
-    [:octicons-home-16: Homepage](https://gfeeds.gabmus.org){ .md-button .md-button--primary }
-    [:octicons-code-16:](https://gitlab.gnome.org/World/gfeeds){ .card-link title="Source Code" }
-    [:octicons-heart-16:](https://liberapay.com/gabmus/){ .card-link title=Contribute }
-
-    ??? downloads
-
-        [:fontawesome-brands-linux:](https://gfeeds.gabmus.org/#install){ .card-link title=Linux }
-        [:pg-flathub:](https://flathub.org/apps/details/org.gabmus.gfeeds){ .card-link title=Flatpak }
-
 ### Akregator
 
 !!! recommendation
@@ -59,7 +23,7 @@ A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to k
 
     ??? downloads
 
-        [:pg-flathub:](https://flathub.org/apps/details/org.kde.akregator){ .card-link title=Flatpak }
+        - [:pg-flathub: Flatpak](https://flathub.org/apps/details/org.kde.akregator)
 
 ### Feeder
 
@@ -75,8 +39,58 @@ A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to k
 
     ??? downloads
 
-        [:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=com.nononsenseapps.feeder.play){ .card-link title="Google Play" }
-        [:pg-f-droid:](https://f-droid.org/en/packages/com.nononsenseapps.feeder/){ .card-link title=F-Droid }
+        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.nononsenseapps.feeder.play)
+        - [:pg-f-droid: F-Droid](https://f-droid.org/en/packages/com.nononsenseapps.feeder/)
+
+### Fluent Reader
+
+!!! recommendation
+
+    ![Fluent Reader logo](assets/img/news-aggregators/fluent-reader.svg){ align=right }
+
+    **Fluent Reader** is a secure cross-platform news aggregator that has useful privacy features such as deletion of cookies on exit, strict [content security policies (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) and proxy support, meaning you can use it over [Tor](self-contained-networks.md#tor).
+
+    [:octicons-home-16: Homepage](https://hyliu.me/fluent-reader){ .md-button .md-button--primary }
+    [:octicons-eye-16:](https://github.com/yang991178/fluent-reader/wiki/Privacy){ .card-link title="Privacy Policy" }
+    [:octicons-info-16:](https://github.com/yang991178/fluent-reader/wiki/){ .card-link title=Documentation}
+    [:octicons-code-16:](https://github.com/yang991178/fluent-reader){ .card-link title="Source Code" }
+    [:octicons-heart-16:](https://github.com/sponsors/yang991178){ .card-link title=Contribute }
+
+    ??? downloads
+
+        - [:fontawesome-brands-windows: Windows](https://hyliu.me/fluent-reader)
+        - [:fontawesome-brands-app-store: Mac App Store](https://apps.apple.com/app/id1520907427)
+
+### GNOME Feeds
+
+!!! recommendation
+
+    ![GNOME Feeds logo](assets/img/news-aggregators/gfeeds.svg){ align=right }
+
+    **GNOME Feeds** is an [RSS](https://en.wikipedia.org/wiki/RSS) and [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)) news reader for [GNOME](https://www.gnome.org). It has a simple interface and is quite fast.
+
+    [:octicons-home-16: Homepage](https://gfeeds.gabmus.org){ .md-button .md-button--primary }
+    [:octicons-code-16:](https://gitlab.gnome.org/World/gfeeds){ .card-link title="Source Code" }
+    [:octicons-heart-16:](https://liberapay.com/gabmus/){ .card-link title=Contribute }
+
+    ??? downloads
+
+        - [:fontawesome-brands-linux: Linux](https://gfeeds.gabmus.org/#install)
+        - [:pg-flathub: Flatpak](https://flathub.org/apps/details/org.gabmus.gfeeds)
+
+### Miniflux
+
+!!! recommendation
+
+    ![Miniflux logo](assets/img/news-aggregators/miniflux.svg#only-light){ align=right }
+    ![Miniflux logo](assets/img/news-aggregators/miniflux-dark.svg#only-dark){ align=right }
+
+    **Miniflux** is a web-based news aggregator that you can self-host. It supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)), [RDF](https://en.wikipedia.org/wiki/RDF%2FXML) and [JSON Feed](https://en.wikipedia.org/wiki/JSON_Feed).
+
+    [:octicons-home-16: Homepage](https://miniflux.app){ .md-button .md-button--primary }
+    [:octicons-info-16:](https://miniflux.app/docs/index.html){ .card-link title=Documentation}
+    [:octicons-code-16:](https://github.com/miniflux/v2){ .card-link title="Source Code" }
+    [:octicons-heart-16:](https://miniflux.app/#donations){ .card-link title=Contribute }
 
 ### NetNewsWire
 
@@ -93,22 +107,8 @@ A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to k
 
     ??? downloads
 
-        [:fontawesome-brands-apple:](https://netnewswire.com){ .card-link title=macOS }
-        [:fontawesome-brands-app-store-ios:](https://apps.apple.com/us/app/netnewswire-rss-reader/id1480640210){ .card-link title="App Store" }
-
-### Miniflux
-
-!!! recommendation
-
-    ![Miniflux logo](assets/img/news-aggregators/miniflux.svg#only-light){ align=right }
-    ![Miniflux logo](assets/img/news-aggregators/miniflux-dark.svg#only-dark){ align=right }
-
-    **Miniflux** is a web-based news aggregator that you can self-host. It supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)), [RDF](https://en.wikipedia.org/wiki/RDF%2FXML) and [JSON Feed](https://en.wikipedia.org/wiki/JSON_Feed).
-
-    [:octicons-home-16: Homepage](https://miniflux.app){ .md-button .md-button--primary }
-    [:octicons-info-16:](https://miniflux.app/docs/index.html){ .card-link title=Documentation}
-    [:octicons-code-16:](https://github.com/miniflux/v2){ .card-link title="Source Code" }
-    [:octicons-heart-16:](https://miniflux.app/#donations){ .card-link title=Contribute }
+        - [:fontawesome-brands-apple: macOS](https://netnewswire.com)
+        - [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/netnewswire-rss-reader/id1480640210)
 
 ### Newsboat
 
@@ -122,24 +122,13 @@ A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to k
     [:octicons-info-16:](https://newsboat.org/releases/2.27/docs/newsboat.html){ .card-link title=Documentation}
     [:octicons-code-16:](https://github.com/newsboat/newsboat){ .card-link title="Source Code" }
 
-## Social media that supports RSS
+## Social Media RSS Support
 
 Some social media services also support RSS although it's not often advertised.
 
-### YouTube
-
-You can subscribe YouTube channels without logging in and associating usage information with your Google Account.
-
-!!! example
-
-    To subscribe to a YouTube channel with an RSS client, first look for your [channel code](https://support.google.com/youtube/answer/6180214), replace `channel_id` below:
-    ```text
-    https://www.youtube.com/feeds/videos.xml?channel_id={{ channel id }}
-    ```
-
 ### Reddit
 
-Reddit also supports subscription via RSS.
+Reddit allows you to subscribe to subreddits via RSS.
 
 !!! example
     Replace `subreddit_name` with the subreddit you wish to subscribe to.
@@ -159,3 +148,14 @@ Using any of the Nitter [instances](https://github.com/zedeus/nitter/wiki/Instan
        ```text
        https://{{ nitter_instance }}/{{ twitter_account }}/rss
        ```
+
+### YouTube
+
+You can subscribe YouTube channels without logging in and associating usage information with your Google Account.
+
+!!! example
+
+    To subscribe to a YouTube channel with an RSS client, first look for your [channel code](https://support.google.com/youtube/answer/6180214), replace `channel_id` below:
+    ```text
+    https://www.youtube.com/feeds/videos.xml?channel_id={{ channel id }}
+    ```

docs/notebooks.en.md

@@ -9,57 +9,6 @@ If you are currently using an application like Evernote, Google Keep, or Microso
 
 ## Cloud based
 
-### Joplin
-
-!!! recommendation
-
-    ![Joplin logo](assets/img/notebooks/joplin.svg){ align=right }
-
-    **Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle a large number of markdown notes organized into notebooks and tags. It offers E2EE and can sync through Nextcloud, Dropbox, and more. It also offers easy import from Evernote and plain-text notes.
-
-    [:octicons-home-16: Homepage](https://joplinapp.org/){ .md-button .md-button--primary }
-    [:octicons-eye-16:](https://joplinapp.org/privacy/){ .card-link title="Privacy Policy" }
-    [:octicons-info-16:](https://joplinapp.org/help/){ .card-link title=Documentation}
-    [:octicons-code-16:](https://github.com/laurent22/joplin){ .card-link title="Source Code" }
-    [:octicons-heart-16:](https://joplinapp.org/donate/){ .card-link title=Contribute }
-
-    ??? downloads
-
-        [:fontawesome-brands-windows:](https://joplinapp.org/#desktop-applications){ .card-link title=Windows }
-        [:fontawesome-brands-apple:](https://joplinapp.org/#desktop-applications){ .card-link title=macOS }
-        [:fontawesome-brands-linux:](https://joplinapp.org/#desktop-applications){ .card-link title=Linux }
-        [:fontawesome-brands-firefox-browser:](https://addons.mozilla.org/firefox/addon/joplin-web-clipper/){ .card-link title=Firefox }
-        [:fontawesome-brands-chrome:](https://chrome.google.com/webstore/detail/joplin-web-clipper/alofnhikmmkdbbbgpnglcpdollgjjfek){ .card-link title=Chrome }
-        [:fontawesome-brands-app-store-ios:](https://apps.apple.com/us/app/joplin/id1315599797){ .card-link title="App Store" }
-        [:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=net.cozic.joplin){ .card-link title="Google Play" }
-        [:pg-f-droid:](https://f-droid.org/en/packages/net.cozic.joplin){ .card-link title=F-Droid }
-
-Joplin does not support password/pin protection for the [application itself or individual notes/notebooks](https://github.com/laurent22/joplin/issues/289). Data is still encrypted in transit and at the sync location using your master key.
-
-### Standard Notes
-
-!!! recommendation
-
-    ![Standard Notes logo](assets/img/notebooks/standard-notes.svg){ align=right }
-
-    Standard Notes is a simple and private notes app that makes your notes easy and available everywhere you are. It features E2EE on every platform, and a powerful desktop experience with themes and custom editors. It has also been [independently audited (PDF)](https://s3.amazonaws.com/standard-notes/security/Report-SN-Audit.pdf).
-
-    [:octicons-home-16: Homepage](https://standardnotes.com){ .md-button .md-button--primary }
-    [:octicons-eye-16:](https://standardnotes.com/privacy){ .card-link title="Privacy Policy" }
-    [:octicons-info-16:](https://standardnotes.com/help){ .card-link title=Documentation}
-    [:octicons-code-16:](https://github.com/standardnotes){ .card-link title="Source Code" }
-    [:octicons-heart-16:](https://standardnotes.com/donate){ .card-link title=Contribute }
-
-    ??? downloads
-
-        [:fontawesome-brands-windows:](https://standardnotes.com){ .card-link title=Windows }
-        [:fontawesome-brands-apple:](https://standardnotes.com){ .card-link title=macOS }
-        [:fontawesome-brands-linux:](https://standardnotes.com){ .card-link title=Linux }
-        [:fontawesome-brands-app-store-ios:](https://apps.apple.com/app/id1285392450){ .card-link title="App Store" }
-        [:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=com.standardnotes){ .card-link title="Google Play" }
-        [:pg-f-droid:](https://f-droid.org/en/packages/com.standardnotes){ .card-link title=F-Droid }
-        [:octicons-globe-16:](https://app.standardnotes.com/){ .card-link title=Web }
-
 ### EteSync Notes
 
 !!! recommendation
@@ -78,10 +27,61 @@ Joplin does not support password/pin protection for the [application itself or i
 
     ??? downloads
 
-        [:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=com.etesync.notes){ .card-link title="Google Play" }
-        [:pg-f-droid:](https://f-droid.org/packages/com.etesync.notes){ .card-link title=F-Droid }
-        [:fontawesome-brands-app-store-ios:](https://apps.apple.com/us/app/etesync-notes/id1533806351){ .card-link title="App Store" }
-        [:octicons-globe-16:](https://notes.etesync.com){ .card-link title=Web }
+        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.etesync.notes)
+        - [:pg-f-droid: F-Droid](https://f-droid.org/packages/com.etesync.notes)
+        - [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/etesync-notes/id1533806351)
+        - [:octicons-globe-16: Web](https://notes.etesync.com)
+
+### Joplin
+
+!!! recommendation
+
+    ![Joplin logo](assets/img/notebooks/joplin.svg){ align=right }
+
+    **Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle a large number of markdown notes organized into notebooks and tags. It offers E2EE and can sync through Nextcloud, Dropbox, and more. It also offers easy import from Evernote and plain-text notes.
+
+    [:octicons-home-16: Homepage](https://joplinapp.org/){ .md-button .md-button--primary }
+    [:octicons-eye-16:](https://joplinapp.org/privacy/){ .card-link title="Privacy Policy" }
+    [:octicons-info-16:](https://joplinapp.org/help/){ .card-link title=Documentation}
+    [:octicons-code-16:](https://github.com/laurent22/joplin){ .card-link title="Source Code" }
+    [:octicons-heart-16:](https://joplinapp.org/donate/){ .card-link title=Contribute }
+
+    ??? downloads
+
+        - [:fontawesome-brands-windows: Windows](https://joplinapp.org/#desktop-applications)
+        - [:fontawesome-brands-apple: macOS](https://joplinapp.org/#desktop-applications)
+        - [:fontawesome-brands-linux: Linux](https://joplinapp.org/#desktop-applications)
+        - [:fontawesome-brands-firefox-browser: Firefox](https://addons.mozilla.org/firefox/addon/joplin-web-clipper/)
+        - [:fontawesome-brands-chrome: Chrome](https://chrome.google.com/webstore/detail/joplin-web-clipper/alofnhikmmkdbbbgpnglcpdollgjjfek)
+        - [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/joplin/id1315599797)
+        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=net.cozic.joplin)
+        - [:pg-f-droid: F-Droid](https://f-droid.org/en/packages/net.cozic.joplin)
+
+Joplin does not support password/pin protection for the [application itself or individual notes/notebooks](https://github.com/laurent22/joplin/issues/289). Data is still encrypted in transit and at the sync location using your master key.
+
+### Standard Notes
+
+!!! recommendation
+
+    ![Standard Notes logo](assets/img/notebooks/standard-notes.svg){ align=right }
+
+    Standard Notes is a simple and private notes app that makes your notes easy and available everywhere you are. It features E2EE on every platform, and a powerful desktop experience with themes and custom editors. It has also been [independently audited (PDF)](https://s3.amazonaws.com/standard-notes/security/Report-SN-Audit.pdf).
+
+    [:octicons-home-16: Homepage](https://standardnotes.com){ .md-button .md-button--primary }
+    [:octicons-eye-16:](https://standardnotes.com/privacy){ .card-link title="Privacy Policy" }
+    [:octicons-info-16:](https://standardnotes.com/help){ .card-link title=Documentation}
+    [:octicons-code-16:](https://github.com/standardnotes){ .card-link title="Source Code" }
+    [:octicons-heart-16:](https://standardnotes.com/donate){ .card-link title=Contribute }
+
+    ??? downloads
+
+        - [:fontawesome-brands-windows: Windows](https://standardnotes.com)
+        - [:fontawesome-brands-apple: macOS](https://standardnotes.com)
+        - [:fontawesome-brands-linux: Linux](https://standardnotes.com)
+        - [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/id1285392450)
+        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.standardnotes)
+        - [:pg-f-droid: F-Droid](https://f-droid.org/en/packages/com.standardnotes)
+        - [:octicons-globe-16: Web](https://app.standardnotes.com/)
 
 ## Local notebooks
 

docs/passwords.en.md

@@ -10,10 +10,29 @@ Stay safe and secure online with an encrypted and open-source password manager.
 - Store an exported backup of your passwords in an [encrypted container](encryption.md) on another storage device. This can be useful if something happens to your device or the service you are using.
 - If possible, store TOTP tokens in a separate [TOTP app](basics/multi-factor-authentication.md#authenticator-apps) and not your password manager. TOTP codes are generated from a "[shared secret](https://en.wikipedia.org/wiki/Time-based_one-time_password#Security)". If the secret is obtained by an adversary they can generate TOTP values. Typically, mobile platforms have better app isolation and more secure methods for storing sensitive credentials.
 
-## Local Password Managers
+## Local Storage
 
 These password managers store the password database locally.
 
+### KeePassDX
+
+!!! recommendation
+
+    ![KeePassDX logo](assets/img/password-management/keepassdx.svg){ align=right }
+
+    **KeePassDX** is a lightweight password manager for Android, allows editing encrypted data in a single file in KeePass format and can fill in the forms in a secure way. [Contributor Pro](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) allows unlocking cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
+
+    [:octicons-home-16: Homepage](https://www.keepassdx.com){ .md-button .md-button--primary }
+    [:octicons-info-16:](https://github.com/Kunzisoft/KeePassDX/wiki){ .card-link title=Documentation}
+    [:octicons-code-16:](https://github.com/Kunzisoft/KeePassDX){ .card-link title="Source Code" }
+    [:octicons-heart-16:](https://www.keepassdx.com/#donation){ .card-link title=Contribute }
+
+    ??? downloads
+
+        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.free)
+        - [:pg-f-droid: F-Droid](https://www.f-droid.org/packages/com.kunzisoft.keepass.libre)
+        - [:fontawesome-brands-github: GitHub](https://github.com/Kunzisoft/KeePassDX/releases)
+
 ### KeePassXC
 
 !!! recommendation
@@ -30,37 +49,18 @@ These password managers store the password database locally.
 
     ??? downloads
 
-        [:fontawesome-brands-windows:](https://keepassxc.org/download/#windows){ .card-link title=Windows }
-        [:fontawesome-brands-apple:](https://keepassxc.org/download/#mac){ .card-link title=macOS }
-        [:fontawesome-brands-linux:](https://keepassxc.org/download/#linux){ .card-link title=Linux }
-        [:pg-flathub:](https://flathub.org/apps/details/org.keepassxc.KeePassXC){ .card-link title=Flatpak }
-        [:fontawesome-brands-firefox:](https://addons.mozilla.org/firefox/addon/keepassxc-browser){ .card-link title=Firefox }
-        [:fontawesome-brands-chrome:](https://chrome.google.com/webstore/detail/keepassxc-browser/oboonakemofpalcgghocfoadofidjkkk){ .card-link title=Chrome }
+        - [:fontawesome-brands-windows: Windows](https://keepassxc.org/download/#windows)
+        - [:fontawesome-brands-apple: macOS](https://keepassxc.org/download/#mac)
+        - [:fontawesome-brands-linux: Linux](https://keepassxc.org/download/#linux)
+        - [:pg-flathub: Flatpak](https://flathub.org/apps/details/org.keepassxc.KeePassXC)
+        - [:fontawesome-brands-firefox: Firefox](https://addons.mozilla.org/firefox/addon/keepassxc-browser)
+        - [:fontawesome-brands-chrome: Chrome](https://chrome.google.com/webstore/detail/keepassxc-browser/oboonakemofpalcgghocfoadofidjkkk)
 
 KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-separated_values) files. This may mean data loss if you import this file into another password manager. We advise you check each record manually.
 
-### KeePassDX
+## Cloud Sync
 
-!!! recommendation
-
-    ![KeePassDX logo](assets/img/password-management/keepassdx.svg){ align=right }
-
-    **KeePassDX** is a lightweight password manager for Android, allows editing encrypted data in a single file in KeePass format and can fill in the forms in a secure way. [Contributor Pro](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) allows unlocking cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
-
-    [:octicons-home-16: Homepage](https://www.keepassdx.com){ .md-button .md-button--primary }
-    [:octicons-info-16:](https://github.com/Kunzisoft/KeePassDX/wiki){ .card-link title=Documentation}
-    [:octicons-code-16:](https://github.com/Kunzisoft/KeePassDX){ .card-link title="Source Code" }
-    [:octicons-heart-16:](https://www.keepassdx.com/#donation){ .card-link title=Contribute }
-
-    ??? downloads
-
-        [:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.free){ .card-link title="Google Play" }
-        [:pg-f-droid:](https://www.f-droid.org/packages/com.kunzisoft.keepass.libre){ .card-link title=F-Droid }
-        [:fontawesome-brands-github:](https://github.com/Kunzisoft/KeePassDX/releases){ .card-link title=GitHub }
-
-## Cloud Syncing Password Managers
-
-These password managers sync up to a cloud server that may be self-hostable.
+These password managers sync your passwords to a cloud server for easy accessibility from all your devices. Our recommendations have open-source server-side code which is optionally self-hostable.
 
 ### Bitwarden
 
@@ -68,7 +68,7 @@ These password managers sync up to a cloud server that may be self-hostable.
 
     ![Bitwarden logo](assets/img/password-management/bitwarden.svg){ align=right }
 
-    **Bitwarden** is a free and open-source password manager. It aims to solve password management problems for individuals, teams, and business organizations. Bitwarden is among the easiest and safest solutions to store all of your logins and passwords while conveniently keeping them synced between all of your devices. If you don't want to use the Bitwarden cloud, you can easily host your own Bitwarden server.
+    **Bitwarden** is a free and open-source password manager. It aims to solve password management problems for individuals, teams, and business organizations. Bitwarden is among the easiest and safest solutions to store all of your logins and passwords while conveniently keeping them synced between all of your devices.
 
     [:octicons-home-16: Homepage](https://bitwarden.com){ .md-button .md-button--primary }
     [:octicons-eye-16:](https://bitwarden.com/privacy){ .card-link title="Privacy Policy" }
@@ -77,16 +77,28 @@ These password managers sync up to a cloud server that may be self-hostable.
 
     ??? downloads
 
-        [:fontawesome-brands-windows:](https://bitwarden.com/download){ .card-link title=Windows }
-        [:fontawesome-brands-app-store:](https://apps.apple.com/app/bitwarden/id1352778147){ .card-link title="Mac App Store" }
-        [:fontawesome-brands-linux:](https://bitwarden.com/download){ .card-link title=Linux }
-        [:pg-flathub:](https://flathub.org/apps/details/com.bitwarden.desktop){ .card-link title=Flatpak }
-        [:fontawesome-brands-app-store-ios:](https://apps.apple.com/app/bitwarden-password-manager/id1137397744){ .card-link title="App Store" }
-        [:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=com.x8bit.bitwarden){ .card-link title="Google Play" }
-        [:pg-f-droid:](https://mobileapp.bitwarden.com/fdroid){ .card-link title=F-Droid }
-        [:fontawesome-brands-firefox:](https://addons.mozilla.org/firefox/addon/bitwarden-password-manager){ .card-link title=Firefox }
-        [:fontawesome-brands-chrome:](https://chrome.google.com/webstore/detail/bitwarden-free-password-m/nngceckbapebfimnlniiiahkandclblb){ .card-link title=Chrome }
-        [:fontawesome-brands-edge:](https://microsoftedge.microsoft.com/addons/detail/jbkfoedolllekgbhcbcoahefnbanhhlh){ .card-link title=Edge }
+        - [:fontawesome-brands-windows: Windows](https://bitwarden.com/download)
+        - [:fontawesome-brands-app-store: Mac App Store](https://apps.apple.com/app/bitwarden/id1352778147)
+        - [:fontawesome-brands-linux: Linux](https://bitwarden.com/download)
+        - [:pg-flathub: Flatpak](https://flathub.org/apps/details/com.bitwarden.desktop)
+        - [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/bitwarden-password-manager/id1137397744)
+        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.x8bit.bitwarden)
+        - [:pg-f-droid: F-Droid](https://mobileapp.bitwarden.com/fdroid)
+        - [:fontawesome-brands-firefox: Firefox](https://addons.mozilla.org/firefox/addon/bitwarden-password-manager)
+        - [:fontawesome-brands-chrome: Chrome](https://chrome.google.com/webstore/detail/bitwarden-free-password-m/nngceckbapebfimnlniiiahkandclblb)
+        - [:fontawesome-brands-edge: Edge](https://microsoftedge.microsoft.com/addons/detail/jbkfoedolllekgbhcbcoahefnbanhhlh)
+
+Bitwarden's server-side code is [open source](https://github.com/bitwarden/server), so if you don't want to use the Bitwarden cloud, you can easily host your own Bitwarden sync server.
+
+![Vaultwarden logo](assets/img/password-management/vaultwarden.svg#only-light){ align=right }
+![Vaultwarden logo](assets/img/password-management/vaultwarden-dark.svg#only-dark){ align=right }
+
+**Vaultwarden** is an alternative implementation of the Bitwarden server API written in Rust and compatible with upstream Bitwarden clients, perfect for self-hosted deployment where running the official resource-heavy service might not be ideal.
+
+[:octicons-repo-16: Vaultwarden Repository](https://github.com/dani-garcia/vaultwarden){ .md-button }
+[:octicons-info-16:](https://github.com/dani-garcia/vaultwarden/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/dani-garcia/vaultwarden){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://github.com/sponsors/dani-garcia){ .card-link title=Contribute }
 
 ### Psono
 
@@ -94,7 +106,7 @@ These password managers sync up to a cloud server that may be self-hostable.
 
     ![Psono logo](assets/img/password-management/psono.svg){ align=right }
 
-    **Psono** is a free and open source password manager from Germany, with a focus on password management for teams. It can be [self-hosted](#password-management-servers). Psono supports secure sharing of passwords, files, bookmarks, and emails. All secrets are protected by a master password.
+    **Psono** is a free and open source password manager from Germany, with a focus on password management for teams. Psono supports secure sharing of passwords, files, bookmarks, and emails. All secrets are protected by a master password.
 
     [:octicons-home-16: Homepage](https://psono.com){ .md-button .md-button--primary }
     [:octicons-eye-16:](https://psono.com/privacy-policy){ .card-link title="Privacy Policy" }
@@ -103,50 +115,13 @@ These password managers sync up to a cloud server that may be self-hostable.
 
     ??? downloads
 
-        [:fontawesome-brands-firefox:](https://addons.mozilla.org/firefox/addon/psono-pw-password-manager){ .card-link title=Firefox }
-        [:fontawesome-brands-chrome:](https://chrome.google.com/webstore/detail/psonopw-password-manager/eljmjmgjkbmpmfljlmklcfineebidmlo){ .card-link title=Chrome }
-        [:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=com.psono.psono){ .card-link title="Google Play" }
-        [:fontawesome-brands-app-store-ios:](https://apps.apple.com/us/app/psono-password-manager/id1545581224){ .card-link title="App Store" }
-        [:fontawesome-brands-docker:](https://hub.docker.com/r/psono/psono-client){ .card-link title="Docker Hub" }
+        - [:fontawesome-brands-firefox: Firefox](https://addons.mozilla.org/firefox/addon/psono-pw-password-manager)
+        - [:fontawesome-brands-chrome: Chrome](https://chrome.google.com/webstore/detail/psonopw-password-manager/eljmjmgjkbmpmfljlmklcfineebidmlo)
+        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.psono.psono)
+        - [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/psono-password-manager/id1545581224)
+        - [:fontawesome-brands-docker: Docker Hub](https://hub.docker.com/r/psono/psono-client)
 
-## Password Management Servers
-
-These products are self-hostable synchronization for cloud based password managers.
-
-### Vaultwarden
-
-!!! recommendation
-
-    ![Vaultwarden logo](assets/img/password-management/vaultwarden.svg#only-light){ align=right }
-    ![Vaultwarden logo](assets/img/password-management/vaultwarden-dark.svg#only-dark){ align=right }
-
-    **Vaultwarden** is an alternative implementation of the Bitwarden server API written in Rust and compatible with upstream Bitwarden clients, perfect for self-hosted deployment where running the official resource-heavy service might not be ideal.
-
-    [:octicons-repo-16: Repository](https://github.com/dani-garcia/vaultwarden){ .md-button .md-button--primary }
-    [:octicons-info-16:](https://github.com/dani-garcia/vaultwarden/wiki){ .card-link title=Documentation}
-    [:octicons-code-16:](https://github.com/dani-garcia/vaultwarden){ .card-link title="Source Code" }
-    [:octicons-heart-16:](https://github.com/sponsors/dani-garcia){ .card-link title=Contribute }
-
-    ??? downloads
-
-        [:fontawesome-brands-docker:](https://hub.docker.com/r/vaultwarden/server){ .card-link title="Docker Hub" }
-
-### Psono Server
-
-!!! recommendation
-
-    ![Psono Server logo](assets/img/password-management/psono.svg){ align=right }
-
-    Psono provides [extensive documentation](https://doc.psono.com/) for their product. The [web-client](https://doc.psono.com/admin/installation/install-webclient.html#installation-with-docker) for Psono can be self-hosted; alternatively, you can choose the the full [Community Edition](https://doc.psono.com/admin/installation/install-server-ce.html) or the [Enterprise Edition](https://doc.psono.com/admin/installation/install-server-ee.html) with additional features.
-
-    [:octicons-repo-16: Repository](https://gitlab.com/psono/psono-server){ .md-button .md-button--primary }
-    [:octicons-eye-16:](https://psono.com/privacy-policy){ .card-link title="Privacy Policy" }
-    [:octicons-info-16:](https://doc.psono.com/){ .card-link title=Documentation}
-    [:octicons-code-16:](https://gitlab.com/psono/psono-server){ .card-link title="Source Code" }
-
-    ??? downloads
-
-        [:fontawesome-brands-docker:](https://hub.docker.com/r/psono/psono-server){ .card-link title="Docker Hub" }
+Psono provides [extensive documentation](https://doc.psono.com/) for their product. The [web-client](https://doc.psono.com/admin/installation/install-webclient.html#installation-with-docker) for Psono can be self-hosted; alternatively, you can choose the the full [Community Edition](https://doc.psono.com/admin/installation/install-server-ce.html) or the [Enterprise Edition](https://doc.psono.com/admin/installation/install-server-ee.html) with additional features.
 
 ## Minimal Password Managers
 
@@ -167,9 +142,9 @@ These products are minimal password managers that can be used within scripting a
 
     ??? downloads
 
-        [:fontawesome-brands-windows:](https://www.gopass.pw/#install-windows){ .card-link title=Windows }
-        [:fontawesome-brands-apple:](https://www.gopass.pw/#install-macos){ .card-link title=macOS }
-        [:fontawesome-brands-linux:](https://www.gopass.pw/#install-linux){ .card-link title=Linux }
-        [:fontawesome-brands-freebsd:](https://www.gopass.pw/#install-bsd){ .card-link title=FreeBSD }
+        - [:fontawesome-brands-windows: Windows](https://www.gopass.pw/#install-windows)
+        - [:fontawesome-brands-apple: macOS](https://www.gopass.pw/#install-macos)
+        - [:fontawesome-brands-linux: Linux](https://www.gopass.pw/#install-linux)
+        - [:fontawesome-brands-freebsd: FreeBSD](https://www.gopass.pw/#install-bsd)
 
 --8<-- "includes/abbreviations.en.md"

docs/productivity.en.md

@@ -22,15 +22,15 @@ Get working and collaborating without sharing your documents with a middleman or
 
     ??? downloads
 
-        [:fontawesome-brands-windows:](https://www.libreoffice.org/download/download/){ .card-link title=Windows }
-        [:fontawesome-brands-apple:](https://www.libreoffice.org/download/download/){ .card-link title=macOS }
-        [:fontawesome-brands-linux:](https://www.libreoffice.org/download/download/){ .card-link title=Linux }
-        [:pg-flathub:](https://www.libreoffice.org/download/download/){ .card-link title=Flatpak }
-        [:fontawesome-brands-freebsd:](https://www.freshports.org/editors/libreoffice/){ .card-link title=FreeBSD }
-        [:pg-openbsd:](https://openports.se/editors/libreoffice){ .card-link title=OpenBSD }
-        [:pg-netbsd:](https://pkgsrc.se/misc/libreoffice){ .card-link title=NetBSD }
-        [:fontawesome-brands-google-play:](https://www.libreoffice.org/download/android-and-ios/){ .card-link title="Google Play" }
-        [:fontawesome-brands-app-store-ios:](https://www.libreoffice.org/download/android-and-ios/){ .card-link title="App Store" }
+        - [:fontawesome-brands-windows: Windows](https://www.libreoffice.org/download/download/)
+        - [:fontawesome-brands-apple: macOS](https://www.libreoffice.org/download/download/)
+        - [:fontawesome-brands-linux: Linux](https://www.libreoffice.org/download/download/)
+        - [:pg-flathub: Flatpak](https://www.libreoffice.org/download/download/)
+        - [:fontawesome-brands-freebsd: FreeBSD](https://www.freshports.org/editors/libreoffice/)
+        - [:pg-openbsd: OpenBSD](https://openports.se/editors/libreoffice)
+        - [:pg-netbsd: NetBSD](https://pkgsrc.se/misc/libreoffice)
+        - [:fontawesome-brands-google-play: Google Play](https://www.libreoffice.org/download/android-and-ios/)
+        - [:fontawesome-brands-app-store-ios: App Store](https://www.libreoffice.org/download/android-and-ios/)
 
 ### OnlyOffice
 
@@ -47,12 +47,12 @@ Get working and collaborating without sharing your documents with a middleman or
 
     ??? downloads
 
-        [:fontawesome-brands-windows:](https://www.onlyoffice.com/download-desktop.aspx){ .card-link title=Windows }
-        [:fontawesome-brands-apple:](https://www.onlyoffice.com/download-desktop.aspx){ .card-link title=macOS }
-        [:fontawesome-brands-linux:](https://www.onlyoffice.com/download-desktop.aspx){ .card-link title=Linux }
-        [:fontawesome-brands-freebsd:](https://www.freshports.org/www/onlyoffice-documentserver/){ .card-link title=FreeBSD }
-        [:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=com.onlyoffice.documents){ .card-link title="Google Play" }
-        [:fontawesome-brands-app-store-ios:](https://apps.apple.com/app/id944896972){ .card-link title="App Store" }
+        - [:fontawesome-brands-windows: Windows](https://www.onlyoffice.com/download-desktop.aspx)
+        - [:fontawesome-brands-apple: macOS](https://www.onlyoffice.com/download-desktop.aspx)
+        - [:fontawesome-brands-linux: Linux](https://www.onlyoffice.com/download-desktop.aspx)
+        - [:fontawesome-brands-freebsd: FreeBSD](https://www.freshports.org/www/onlyoffice-documentserver/)
+        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.onlyoffice.documents)
+        - [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/id944896972)
 
 ## Planning
 
@@ -71,21 +71,9 @@ Get working and collaborating without sharing your documents with a middleman or
 
 ## Paste services
 
-### PrivateBin
-
-!!! recommendation
-
-    ![PrivateBin logo](assets/img/productivity/privatebin.svg){ align=right }
-
-    **PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin. There is a [list of instances](https://privatebin.info/directory/).
-
-    [:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
-    [:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Public Instances"}
-    [:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
-    [:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
-
 !!! warning
-    PrivateBin uses JavaScript to handle encryption, so you must trust the provider to the extent that they do not inject any malicious JavaScript to get your private key. Consider self-hosting to mitigate this threat.
+
+    Encrypted Pastebin websites like the ones recommended here use JavaScript to handle encryption, so you must trust the provider to the extent that they do not inject any malicious JavaScript to get your private key. Consider self-hosting to mitigate this threat.
 
 ### CryptPad
 
@@ -101,8 +89,18 @@ Get working and collaborating without sharing your documents with a middleman or
     [:octicons-code-16:](https://github.com/xwiki-labs/cryptpad){ .card-link title="Source Code" }
     [:octicons-heart-16:](https://opencollective.com/cryptpad){ .card-link title=Contribute }
 
-!!! warning
-    CryptPad uses JavaScript to handle encryption, so you must trust the provider to the extent that they do not inject any malicious JavaScript to get your private key. Consider self-hosting to mitigate this threat.
+### PrivateBin
+
+!!! recommendation
+
+    ![PrivateBin logo](assets/img/productivity/privatebin.svg){ align=right }
+
+    **PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin. There is a [list of instances](https://privatebin.info/directory/).
+
+    [:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
+    [:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Public Instances"}
+    [:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
+    [:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
 
 ## Blogging
 
@@ -122,11 +120,11 @@ Get working and collaborating without sharing your documents with a middleman or
 
     ??? downloads
 
-        [:fontawesome-brands-windows:](https://github.com/writeas/writeas-cli){ .card-link title=Windows }
-        [:fontawesome-brands-apple:](https://github.com/writeas/writeas-cli){ .card-link title=macOS }
-        [:fontawesome-brands-linux:](https://github.com/writeas/writeas-cli){ .card-link title=Linux }
-        [:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=com.abunchtell.writeas){ .card-link title="Google Play" }
-        [:fontawesome-brands-app-store-ios:](https://apps.apple.com/app/id1531530896){ .card-link title="App Store" }
+        - [:fontawesome-brands-windows: Windows](https://github.com/writeas/writeas-cli)
+        - [:fontawesome-brands-apple: macOS](https://github.com/writeas/writeas-cli)
+        - [:fontawesome-brands-linux: Linux](https://github.com/writeas/writeas-cli)
+        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.abunchtell.writeas)
+        - [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/id1531530896)
 
 ## Programming
 
@@ -144,8 +142,8 @@ Get working and collaborating without sharing your documents with a middleman or
 
     ??? downloads
 
-        [:fontawesome-brands-windows:](https://vscodium.com/#install){ .card-link title=Windows }
-        [:fontawesome-brands-apple:](https://vscodium.com/#install){ .card-link title=macOS }
-        [:fontawesome-brands-linux:](https://vscodium.com/#install){ .card-link title=Linux }
+        - [:fontawesome-brands-windows: Windows](https://vscodium.com/#install)
+        - [:fontawesome-brands-apple: macOS](https://vscodium.com/#install)
+        - [:fontawesome-brands-linux: Linux](https://vscodium.com/#install)
 
 --8<-- "includes/abbreviations.en.md"

docs/real-time-communication.en.md

@@ -2,7 +2,72 @@
 title: "Real-Time Communication"
 icon: material/chat-processing
 ---
-## Encrypted Instant Messengers
+## Cross-Platform Messengers
+
+### Element
+
+!!! recommendation
+
+    ![Element logo](assets/img/messengers/element.svg){ align=right }
+
+    **Element** is the reference client for the [Matrix](https://matrix.org/docs/guides/introduction) protocol, an [open standard](https://matrix.org/docs/spec) for secure decentralized real-time communication.
+
+    Messages and files shared in private rooms (those which require an invite) are by default E2EE as are 1 to 1 voice and video calls.
+
+    [:octicons-home-16: Homepage](https://element.io/){ .md-button .md-button--primary }
+    [:octicons-eye-16:](https://element.io/privacy){ .card-link title="Privacy Policy" }
+    [:octicons-info-16:](https://element.io/help){ .card-link title=Documentation}
+    [:octicons-code-16:](https://github.com/vector-im){ .card-link title="Source Code" }
+
+    ??? downloads
+
+        - [:fontawesome-brands-windows: Windows](https://element.io/get-started)
+        - [:fontawesome-brands-apple: macOS](https://element.io/get-started)
+        - [:fontawesome-brands-linux: Linux](https://element.io/get-started)
+        - [:octicons-globe-16: Web](https://app.element.io)
+        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=im.vector.app)
+        - [:pg-f-droid: F-Droid](https://f-droid.org/packages/im.vector.app/)
+        - [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/vector/id1083446067)
+
+Profile pictures, reactions, and nicknames are not encrypted.
+
+Group voice and video calls are [not](https://github.com/vector-im/element-web/issues/12878) E2EE, and use Jitsi, but this is expected to change with [Native Group VoIP Signalling](https://github.com/matrix-org/matrix-doc/pull/3401). Group calls have [no authentication](https://github.com/vector-im/element-web/issues/13074) currently, meaning that non room participants can also join the calls. We recommend that you do not use this feature for private meetings.
+
+When using [element-web](https://github.com/vector-im/element-web), you must trust the server hosting the Element client. If your [threat model](basics/threat-modeling.md) requires stronger protection, then use a desktop or mobile client instead.
+
+The protocol was independently [audited](https://matrix.org/blog/2016/11/21/matrixs-olm-end-to-end-encryption-security-assessment-released-and-implemented-cross-platform-on-riot-at-last) in 2016. The specification for the Matrix protocol can be found in their [documentation](https://spec.matrix.org/latest/). The [Olm](https://matrix.org/docs/projects/other/olm) cryptographic ratchet used by Matrix is an implementation of Signal’s [Double Ratchet algorithm](https://signal.org/docs/specifications/doubleratchet/).
+
+### Session
+
+!!! recommendation
+
+    ![Session logo](assets/img/messengers/session.svg){ align=right }
+
+    **Session** is a decentralized messenger with a focus on private, secure, and anonymous communications. Session offers support for direct messages, group chats, and voice calls.
+
+    Session utilizes the decentralized [Oxen Service Node Network](https://oxen.io/) to store and route messages. Every encrypted message is routed through three nodes in the Oxen Service Node Network, making it virtually impossible for the nodes to compile meaningful information on those using the network.
+
+    [:octicons-home-16: Homepage](https://getsession.org/){ .md-button .md-button--primary }
+    [:octicons-eye-16:](https://getsession.org/privacy-policy){ .card-link title="Privacy Policy" }
+    [:octicons-info-16:](https://getsession.org/faq){ .card-link title=Documentation}
+    [:octicons-code-16:](https://github.com/oxen-io){ .card-link title="Source Code" }
+
+    ??? downloads
+
+        - [:fontawesome-brands-windows: Windows](https://getsession.org/download)
+        - [:fontawesome-brands-apple: macOS](https://getsession.org/download)
+        - [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/id1470168868)
+        - [:fontawesome-brands-linux: Linux](https://getsession.org/download)
+        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=network.loki.messenger)
+        - [:pg-f-droid: F-Droid](https://fdroid.getsession.org)
+
+Session allows for E2EE in one-on-one chats or closed groups which allow for up to 100 members. Open groups have no restriction on the number of members, but are open by design.
+
+Session does [not](https://getsession.org/blog/session-protocol-technical-information) support perfect forward secrecy, which is when an encryption system automatically and frequently changes the keys it uses to encrypt and decrypt information, such that if the latest key is compromised it exposes a smaller portion of sensitive information.
+
+Oxen requested an independent audit for Session in March of 2020. The audit [concluded](https://getsession.org/session-code-audit) in April of 2021, “The overall security level of this application is good and makes it usable for privacy-concerned people.”
+
+Session has a [whitepaper](https://arxiv.org/pdf/2002.04609.pdf) describing the technicals of the app and protocol.
 
 ### Signal
 
@@ -22,11 +87,11 @@ icon: material/chat-processing
 
     ??? downloads
 
-        [:fontawesome-brands-windows:](https://signal.org/download){ .card-link title=Windows }
-        [:fontawesome-brands-apple:](https://signal.org/download){ .card-link title=macOS }
-        [:fontawesome-brands-linux:](https://signal.org/download){ .card-link title=Linux }
-        [:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms){ .card-link title="Google Play" }
-        [:fontawesome-brands-app-store-ios:](https://apps.apple.com/app/id874139669){ .card-link title="App Store" }
+        - [:fontawesome-brands-windows: Windows](https://signal.org/download)
+        - [:fontawesome-brands-apple: macOS](https://signal.org/download)
+        - [:fontawesome-brands-linux: Linux](https://signal.org/download)
+        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms)
+        - [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/id874139669)
 
 Signal has minimal metadata when [Sealed Sender](https://signal.org/blog/sealed-sender/) is enabled. The sender address is encrypted along with the message body, and only the recipient address is visible to the server.
 
@@ -36,40 +101,9 @@ Signal requires your phone number as a personal identifier.
 
 The protocol was independently [audited](https://eprint.iacr.org/2016/1013.pdf) in 2016. The specification for the Signal protocol can be found in their [documentation](https://signal.org/docs/).
 
-### Element
+## Other Messengers
 
-!!! recommendation
-
-    ![Element logo](assets/img/messengers/element.svg){ align=right }
-
-    **Element** is the reference client for the [Matrix](https://matrix.org/docs/guides/introduction) protocol, an [open standard](https://matrix.org/docs/spec) for secure decentralized real-time communication.
-
-    Messages and files shared in private rooms (those which require an invite) are by default E2EE as are 1 to 1 voice and video calls.
-
-    [:octicons-home-16: Homepage](https://element.io/){ .md-button .md-button--primary }
-    [:octicons-eye-16:](https://element.io/privacy){ .card-link title="Privacy Policy" }
-    [:octicons-info-16:](https://element.io/help){ .card-link title=Documentation}
-    [:octicons-code-16:](https://github.com/vector-im){ .card-link title="Source Code" }
-
-    ??? downloads
-
-        [:fontawesome-brands-windows:](https://element.io/get-started){ .card-link title=Windows }
-        [:fontawesome-brands-apple:](https://element.io/get-started){ .card-link title=macOS }
-        [:fontawesome-brands-linux:](https://element.io/get-started){ .card-link title=Linux }
-        [:octicons-globe-16:](https://app.element.io){ .card-link title=Web }
-        [:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=im.vector.app){ .card-link title="Google Play" }
-        [:pg-f-droid:](https://f-droid.org/packages/im.vector.app/){ .card-link title= F-Droid}
-        [:fontawesome-brands-app-store-ios:](https://apps.apple.com/app/vector/id1083446067){ .card-link title="App Store" }
-
-Profile pictures, reactions, and nicknames are not encrypted.
-
-Group voice and video calls are [not](https://github.com/vector-im/element-web/issues/12878) E2EE, and use Jitsi, but this is expected to change with [Native Group VoIP Signalling](https://github.com/matrix-org/matrix-doc/pull/3401). Group calls have [no authentication](https://github.com/vector-im/element-web/issues/13074) currently, meaning that non room participants can also join the calls. We recommend that you do not use this feature for private meetings.
-
-When using [element-web](https://github.com/vector-im/element-web), you must trust the server hosting the Element client. If your [threat model](basics/threat-modeling.md) requires stronger protection, then use a desktop or mobile client instead.
-
-The protocol was independently [audited](https://matrix.org/blog/2016/11/21/matrixs-olm-end-to-end-encryption-security-assessment-released-and-implemented-cross-platform-on-riot-at-last) in 2016. The specification for the Matrix protocol can be found in their [documentation](https://spec.matrix.org/latest/). The [Olm](https://matrix.org/docs/projects/other/olm) cryptographic ratchet used by Matrix is an implementation of Signal’s [Double Ratchet algorithm](https://signal.org/docs/specifications/doubleratchet/).
-
-### Briar
+### Briar (Android)
 
 !!! recommendation
 
@@ -85,9 +119,9 @@ The protocol was independently [audited](https://matrix.org/blog/2016/11/21/matr
 
     ??? downloads
 
-        [:pg-flathub:](https://flathub.org/apps/details/org.briarproject.Briar){ .card-link title=Flatpak }
-        [:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=org.briarproject.briar.android){ .card-link title="Google Play" }
-        [:pg-f-droid:](https://f-droid.org/packages/org.briarproject.briar.android){ .card-link title=F-Droid }
+        - [:pg-flathub: Flatpak](https://flathub.org/apps/details/org.briarproject.Briar)
+        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.briarproject.briar.android)
+        - [:pg-f-droid: F-Droid](https://f-droid.org/packages/org.briarproject.briar.android)
 
 To add a contact on Briar, you must both add each other first. You can either exchange `briar://` links or scan a contact’s QR code if they are nearby.
 
@@ -97,38 +131,6 @@ Briar has a fully [published specification](https://code.briarproject.org/briar/
 
 Briar supports perfect forward secrecy by using the Bramble [Handshake](https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BHP.md) and [Transport](https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BTP.md) protocol.
 
-### Session
-
-!!! recommendation
-
-    ![Session logo](assets/img/messengers/session.svg){ align=right }
-
-    **Session** is a decentralized messenger with a focus on private, secure, and anonymous communications. Session offers support for direct messages, group chats, and voice calls.
-
-    Session utilizes the decentralized [Oxen Service Node Network](https://oxen.io/) to store and route messages. Every encrypted message is routed through three nodes in the Oxen Service Node Network, making it virtually impossible for the nodes to compile meaningful information on those using the network.
-
-    [:octicons-home-16: Homepage](https://getsession.org/){ .md-button .md-button--primary }
-    [:octicons-eye-16:](https://getsession.org/privacy-policy){ .card-link title="Privacy Policy" }
-    [:octicons-info-16:](https://getsession.org/faq){ .card-link title=Documentation}
-    [:octicons-code-16:](https://github.com/oxen-io){ .card-link title="Source Code" }
-
-    ??? downloads
-
-        [:fontawesome-brands-windows:](https://getsession.org/download){ .card-link title=Windows }
-        [:fontawesome-brands-apple:](https://getsession.org/download){ .card-link title=macOS }
-        [:fontawesome-brands-app-store-ios:](https://apps.apple.com/app/id1470168868){ .card-link title="App Store" }
-        [:fontawesome-brands-linux:](https://getsession.org/download){ .card-link title=Linux }
-        [:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=network.loki.messenger){ .card-link title="Google Play" }
-        [:pg-f-droid:](https://fdroid.getsession.org){ .card-link title=F-Droid }
-
-Session allows for E2EE in one-on-one chats or closed groups which allow for up to 100 members. Open groups have no restriction on the number of members, but are open by design.
-
-Session does [not](https://getsession.org/blog/session-protocol-technical-information) support perfect forward secrecy, which is when an encryption system automatically and frequently changes the keys it uses to encrypt and decrypt information, such that if the latest key is compromised it exposes a smaller portion of sensitive information.
-
-Oxen requested an independent audit for Session in March of 2020. The audit [concluded](https://getsession.org/session-code-audit) in April of 2021, “The overall security level of this application is good and makes it usable for privacy-concerned people.”
-
-Session has a [whitepaper](https://arxiv.org/pdf/2002.04609.pdf) describing the technicals of the app and protocol.
-
 ## Types of Communication Networks
 
 There are several network architectures commonly used to relay messages between people. These networks can provide different different privacy guarantees, which is why it's worth considering your [threat model](https://en.wikipedia.org/wiki/Threat_model) when making a decision about which app to use.

docs/search-engines.en.md

@@ -8,6 +8,25 @@ The recommendations here are based on the merits of each service's privacy polic
 
 Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org/) if your threat model requires hiding your IP address from the search provider.
 
+## Brave Search
+
+!!! recommendation
+
+    ![Brave Search logo](assets/img/search-engines/brave-search.svg){ align=right }
+
+    **Brave Search** is developed by Brave and serves results primarily from its own, independent index. The index is optimized against Google Search and therefore may provide more contextually accurate results compared to other alternatives.
+
+    Brave Search includes unique features such as Discussions, which highlights conversation-focused results—such as forum posts.
+
+    We recommend you disable [Anonymous usage metrics](https://search.brave.com/help/usage-metrics), this option is enabled by default and can be disabled within settings.
+
+    [:octicons-home-16: Homepage](https://search.brave.com/){ .md-button .md-button--primary }
+    [:pg-tor:](https://search.brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title=Onion }
+    [:octicons-eye-16:](https://search.brave.com/help/privacy-policy){ .card-link title="Privacy Policy" }
+    [:octicons-info-16:](https://search.brave.com/help){ .card-link title=Documentation}
+
+Brave Search is based in the :flag_us: United States. Their [privacy policy](https://search.brave.com/help/privacy-policy) states they collect aggregated usage metrics, which includes the operating system and browser in use, however no personally identifiable information is collected. IP addresses are temporarily processed, but are not retained.
+
 ## DuckDuckGo
 
 !!! recommendation
@@ -30,6 +49,24 @@ DuckDuckGo is based in the :flag_us: United States. Their [privacy policy](https
 
 DuckDuckGo offers two other [versions](https://help.duckduckgo.com/features/non-javascript/) of their search engine, both of which do not require JavaScript. These versions do lack features, however. These versions can also be used in conjunction with their [Tor onion address](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/) by appending [/lite](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/lite) or [/html](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/html) for the respective version.
 
+## SearXNG
+
+!!! recommendation
+
+    ![SearXNG logo](assets/img/search-engines/searxng.svg){ align=right }
+
+    **SearXNG** is an open-source, self-hostable, metasearch engine, aggregating the results of other search engines while not storing any information itself. It is an actively maintained fork of [SearX](https://github.com/searx/searx).
+
+    [:octicons-home-16: Homepage](https://searxng.org){ .md-button .md-button--primary }
+    [:octicons-server-16:](https://searx.space/){ .card-link title="Public Instances"}
+    [:octicons-code-16:](https://github.com/searxng/searxng){ .card-link title="Source Code" }
+
+SearXNG is a proxy between you and the search engines it aggregates from. Your search queries will still be sent to the search engines that SearXNG gets its results from.
+
+When self-hosting, it is important that you have other people using your instance so that the queries would blend in. You should be careful with where and how you are hosting SearXNG, as people looking up illegal content on your instance could draw unwanted attention from authorities.
+
+When you are using a SearXNG instance, be sure to go read their privacy policy. Since SearXNG instances may be modified by their owners, they do not necessarily reflect their privacy policy. Some instances run as a Tor hidden service, which may grant some privacy as long as your search queries does not contain PII.
+
 ## Startpage
 
 !!! recommendation
@@ -49,41 +86,4 @@ Startpage is based in the :flag_nl: Netherlands. According to their [privacy pol
 
 Startpage's majority shareholder is System1 who is an adtech company. We don't believe that to be an issue as they have an distinctly separate [privacy policy](https://system1.com/terms/privacy-policy). The Privacy Guides team reached out to Startpage [back in 2020](https://web.archive.org/web/20210118031008/https://blog.privacytools.io/relisting-startpage/) to clear up any concerns with System1's sizeable investment into the service. We were satisfied with the answers we received.
 
-## Brave Search
-
-!!! recommendation
-
-    ![Brave Search logo](assets/img/search-engines/brave-search.svg){ align=right }
-
-    **Brave Search** is developed by Brave and serves results primarily from its own, independent index. The index is optimized against Google Search and therefore may provide more contextually accurate results compared to other alternatives.
-
-    Brave Search includes unique features such as Discussions, which highlights conversation-focused results—such as forum posts.
-
-    We recommend you disable [Anonymous usage metrics](https://search.brave.com/help/usage-metrics), this option is enabled by default and can be disabled within settings.
-
-    [:octicons-home-16: Homepage](https://search.brave.com/){ .md-button .md-button--primary }
-    [:pg-tor:](https://search.brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title=Onion }
-    [:octicons-eye-16:](https://search.brave.com/help/privacy-policy){ .card-link title="Privacy Policy" }
-    [:octicons-info-16:](https://search.brave.com/help){ .card-link title=Documentation}
-
-Brave Search is based in the :flag_us: United States. Their [privacy policy](https://search.brave.com/help/privacy-policy) states they collect aggregated usage metrics, which includes the operating system and browser in use, however no personally identifiable information is collected. IP addresses are temporarily processed, but are not retained.
-
-## SearXNG
-
-!!! recommendation
-
-    ![SearXNG logo](assets/img/search-engines/searxng.svg){ align=right }
-
-    **SearXNG** is an open-source, self-hostable, metasearch engine, aggregating the results of other search engines while not storing any information itself. It is an actively maintained fork of [SearX](https://github.com/searx/searx).
-
-    [:octicons-home-16: Homepage](https://searxng.org){ .md-button .md-button--primary }
-    [:octicons-server-16:](https://searx.space/){ .card-link title="Public Instances"}
-    [:octicons-code-16:](https://github.com/searxng/searxng){ .card-link title="Source Code" }
-
-SearXNG is a proxy between you and the search engines it aggregates from. Your search queries will still be sent to the search engines that SearXNG gets its results from.
-
-When self-hosting, it is important that you have other people using your instance so that the queries would blend in. You should be careful with where and how you are hosting SearXNG, as people looking up illegal content on your instance could draw unwanted attention from authorities.
-
-When you are using a SearXNG instance, be sure to go read their privacy policy. Since SearXNG instances may be modified by their owners, they do not necessarily reflect their privacy policy. Some instances run as a Tor hidden service, which may grant some privacy as long as your search queries does not contain PII.
-
 --8<-- "includes/abbreviations.en.md"

docs/self-contained-networks.en.md

@@ -4,31 +4,27 @@ icon: material/security-network
 ---
 These networks are designed to keep your traffic anonymous.
 
-## Tor
+## Freenet
 
 !!! recommendation
 
-    ![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right }
+    ![Freenet logo](assets/img/self-contained-networks/freenet.svg){ align=right }
 
-    The **Tor** network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. You use the Tor network by connecting through a series of virtual tunnels rather than making a direct connection to the site you're trying to visit, thus allowing both organizations and individuals to share information over public networks without compromising their privacy. Tor is an effective censorship circumvention tool.
+    **Freenet** is a peer-to-peer platform for censorship-resistant communication. It uses a decentralized distributed data store to keep and deliver information, and has a suite of free software for publishing and communicating on the Web without fear of censorship. Both Freenet and some of its associated tools were originally designed by Ian Clarke, who defined Freenet's goal as providing freedom of speech on the Internet with strong anonymity protection.
 
-    [:octicons-home-16: Homepage](https://www.torproject.org){ .md-button .md-button--primary }
-    [:pg-tor:](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion){ .card-link title=Onion }
-    [:octicons-info-16:](https://tb-manual.torproject.org/){ .card-link title=Documentation}
-    [:octicons-code-16:](https://gitweb.torproject.org/tor.git){ .card-link title="Source Code" }
-    [:octicons-heart-16:](https://donate.torproject.org/){ .card-link title=Contribute }
+    [:octicons-home-16: Homepage](https://freenetproject.org){ .md-button .md-button--primary }
+    [:octicons-info-16:](https://freenetproject.org/pages/documentation.html){ .card-link title=Documentation}
+    [:octicons-code-16:](https://github.com/freenet/){ .card-link title="Source Code" }
+    [:octicons-heart-16:](https://freenetproject.org/pages/donate.html){ .card-link title=Contribute }
 
     ??? downloads
 
-        [:fontawesome-brands-windows:](https://www.torproject.org/download/){ .card-link title=Windows }
-        [:fontawesome-brands-apple:](https://www.torproject.org/download/){ .card-link title=macOS }
-        [:fontawesome-brands-linux:](https://www.torproject.org/download/){ .card-link title=Linux }
-        [:fontawesome-brands-freebsd:](https://www.freshports.org/security/tor){ .card-link title=FreeBSD }
-        [:pg-openbsd:](https://openports.se/net/tor){ .card-link title=OpenBSD }
-        [:pg-netbsd:](https://pkgsrc.se/net/tor){ .card-link title=NetBSD }
-        [:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=org.torproject.torbrowser){ .card-link title="Google Play" }
-        [:pg-f-droid:](https://support.torproject.org/tormobile/tormobile-7/){ .card-link title=F-Droid }
-        [:fontawesome-brands-android:](https://www.torproject.org/download/#android){ .card-link title=Android }
+        - [:fontawesome-brands-windows: Windows](https://freenetproject.org/pages/download.html#windows)
+        - [:fontawesome-brands-apple: macOS](https://freenetproject.org/pages/download.html#os-x)
+        - [:fontawesome-brands-linux: Linux](https://freenetproject.org/pages/download.html#gnulinux-posix)
+        - [:fontawesome-brands-freebsd: FreeBSD](https://freenetproject.org/pages/download.html#gnulinux-posix)
+        - [:pg-openbsd: OpenBSD](https://freenetproject.org/pages/download.html#gnulinux-posix)
+        - [:pg-netbsd: NetBSD](https://freenetproject.org/pages/download.html#gnulinux-posix)
 
 ## Invisible Internet Project
 
@@ -46,36 +42,40 @@ These networks are designed to keep your traffic anonymous.
 
     ??? downloads
 
-        [:fontawesome-brands-windows:](https://geti2p.net/en/download#windows){ .card-link title=Windows }
-        [:fontawesome-brands-apple:](https://geti2p.net/en/download#mac){ .card-link title=macOS }
-        [:fontawesome-brands-linux:](https://geti2p.net/en/download#unix){ .card-link title=Linux }
-        [:fontawesome-brands-freebsd:](https://www.freshports.org/security/i2p){ .card-link title=FreeBSD }
-        [:pg-openbsd:](https://openports.se/net/i2pd){ .card-link title=OpenBSD }
-        [:pg-netbsd:](https://pkgsrc.se/wip/i2pd){ .card-link title=NetBSD }
-        [:fontawesome-brands-android:](https://geti2p.net/en/download#android){ .card-link title=Android }
-        [:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=net.i2p.android){ .card-link title="Google Play" }
-        [:pg-f-droid:](https://f-droid.org/app/net.i2p.android.router){ .card-link title=F-Droid }
+        - [:fontawesome-brands-windows: Windows](https://geti2p.net/en/download#windows)
+        - [:fontawesome-brands-apple: macOS](https://geti2p.net/en/download#mac)
+        - [:fontawesome-brands-linux: Linux](https://geti2p.net/en/download#unix)
+        - [:fontawesome-brands-freebsd: FreeBSD](https://www.freshports.org/security/i2p)
+        - [:pg-openbsd: OpenBSD](https://openports.se/net/i2pd)
+        - [:pg-netbsd: NetBSD](https://pkgsrc.se/wip/i2pd)
+        - [:fontawesome-brands-android: Android](https://geti2p.net/en/download#android)
+        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=net.i2p.android)
+        - [:pg-f-droid: F-Droid](https://f-droid.org/app/net.i2p.android.router)
 
-## The Freenet Project
+## Tor
 
 !!! recommendation
 
-    ![Freenet logo](assets/img/self-contained-networks/freenet.svg){ align=right }
+    ![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right }
 
-    **Freenet** is a peer-to-peer platform for censorship-resistant communication. It uses a decentralized distributed data store to keep and deliver information, and has a suite of free software for publishing and communicating on the Web without fear of censorship. Both Freenet and some of its associated tools were originally designed by Ian Clarke, who defined Freenet's goal as providing freedom of speech on the Internet with strong anonymity protection.
+    The **Tor** network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. You use the Tor network by connecting through a series of virtual tunnels rather than making a direct connection to the site you're trying to visit, thus allowing both organizations and individuals to share information over public networks without compromising their privacy. Tor is an effective censorship circumvention tool.
 
-    [:octicons-home-16: Homepage](https://freenetproject.org){ .md-button .md-button--primary }
-    [:octicons-info-16:](https://freenetproject.org/pages/documentation.html){ .card-link title=Documentation}
-    [:octicons-code-16:](https://github.com/freenet/){ .card-link title="Source Code" }
-    [:octicons-heart-16:](https://freenetproject.org/pages/donate.html){ .card-link title=Contribute }
+    [:octicons-home-16: Homepage](https://www.torproject.org){ .md-button .md-button--primary }
+    [:pg-tor:](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion){ .card-link title=Onion }
+    [:octicons-info-16:](https://tb-manual.torproject.org/){ .card-link title=Documentation}
+    [:octicons-code-16:](https://gitweb.torproject.org/tor.git){ .card-link title="Source Code" }
+    [:octicons-heart-16:](https://donate.torproject.org/){ .card-link title=Contribute }
 
     ??? downloads
 
-        [:fontawesome-brands-windows:](https://freenetproject.org/pages/download.html#windows){ .card-link title=Windows }
-        [:fontawesome-brands-apple:](https://freenetproject.org/pages/download.html#os-x){ .card-link title=macOS }
-        [:fontawesome-brands-linux:](https://freenetproject.org/pages/download.html#gnulinux-posix){ .card-link title=Linux }
-        [:fontawesome-brands-freebsd:](https://freenetproject.org/pages/download.html#gnulinux-posix){ .card-link title=FreeBSD }
-        [:pg-openbsd:](https://freenetproject.org/pages/download.html#gnulinux-posix){ .card-link title=OpenBSD }
-        [:pg-netbsd:](https://freenetproject.org/pages/download.html#gnulinux-posix){ .card-link title=NetBSD }
+        - [:fontawesome-brands-windows: Windows](https://www.torproject.org/download/)
+        - [:fontawesome-brands-apple: macOS](https://www.torproject.org/download/)
+        - [:fontawesome-brands-linux: Linux](https://www.torproject.org/download/)
+        - [:fontawesome-brands-freebsd: FreeBSD](https://www.freshports.org/security/tor)
+        - [:pg-openbsd: OpenBSD](https://openports.se/net/tor)
+        - [:pg-netbsd: NetBSD](https://pkgsrc.se/net/tor)
+        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.torproject.torbrowser)
+        - [:pg-f-droid: F-Droid](https://support.torproject.org/tormobile/tormobile-7/)
+        - [:fontawesome-brands-android: Android](https://www.torproject.org/download/#android)
 
 --8<-- "includes/abbreviations.en.md"

docs/tools.en.md

@@ -107,9 +107,9 @@ For your convenience, everything we recommend is listed below with a link to the
 
 <div class="grid cards" markdown>
 
+- ![Cryptee logo](assets/img/cloud/cryptee.svg#only-light){ .twemoji }![Cryptee logo](assets/img/cloud/cryptee-dark.svg#only-dark){ .twemoji } [Cryptee](cloud.md#cryptee)
 - ![Nextcloud logo](assets/img/cloud/nextcloud.svg){ .twemoji } [Nextcloud (Self-Hostable)](cloud.md#nextcloud)
 - ![Proton Drive logo](assets/img/cloud/protondrive.svg){ .twemoji } [Proton Drive](cloud.md#proton-drive)
-- ![Cryptee logo](assets/img/cloud/cryptee.svg#only-light){ .twemoji }![Cryptee logo](assets/img/cloud/cryptee-dark.svg#only-dark){ .twemoji } [Cryptee](cloud.md#cryptee)
 - ![Tahoe-LAFS logo](assets/img/cloud/tahoe-lafs.svg#only-light){ .twemoji }![Tahoe-LAFS logo](assets/img/cloud/tahoe-lafs-dark.svg#only-dark){ .twemoji } [Tahoe-LAFS (Advanced)](cloud.md#tahoe-lafs)
 
 </div>
@@ -151,10 +151,10 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 <div class="grid cards" markdown>
 
-- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#protonmail)
 - ![Mailbox.org logo](assets/img/email/mini/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg)
-- ![Tutanota logo](assets/img/email/mini/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota)
+- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#protonmail)
 - ![StartMail logo](assets/img/email/mini/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/mini/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail)
+- ![Tutanota logo](assets/img/email/mini/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota)
 
 </div>
 
@@ -164,8 +164,8 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 <div class="grid cards" markdown>
 
-- ![SimpleLogin logo](assets/img/email/mini/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin)
 - ![AnonAddy logo](assets/img/email/mini/anonaddy.svg#only-light){ .twemoji }![AnonAddy logo](assets/img/email/mini/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy)
+- ![SimpleLogin logo](assets/img/email/mini/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin)
 
 </div>
 
@@ -175,8 +175,8 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 <div class="grid cards" markdown>
 
-- ![Mail-in-a-Box logo](assets/img/email/mail-in-a-box.svg){ .twemoji } [Mail-in-a-Box](email.md#self-hosting-email)
 - ![mailcow logo](assets/img/email/mailcow.svg){ .twemoji } [mailcow](email.md#self-hosting-email)
+- ![Mail-in-a-Box logo](assets/img/email/mail-in-a-box.svg){ .twemoji } [Mail-in-a-Box](email.md#self-hosting-email)
 
 </div>
 
@@ -186,10 +186,10 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 <div class="grid cards" markdown>
 
-- ![DuckDuckGo logo](assets/img/search-engines/mini/duckduckgo.svg){ .twemoji } [DuckDuckGo](search-engines.md#duckduckgo)
-- ![Startpage logo](assets/img/search-engines/mini/startpage.svg#only-light){ .twemoji }![Startpage logo](assets/img/search-engines/mini/startpage-dark.svg#only-dark){ .twemoji } [Startpage](search-engines.md#startpage)
 - ![Brave Search logo](assets/img/search-engines/brave-search.svg){ .twemoji } [Brave Search](search-engines.md#brave-search)
+- ![DuckDuckGo logo](assets/img/search-engines/mini/duckduckgo.svg){ .twemoji } [DuckDuckGo](search-engines.md#duckduckgo)
 - ![SearXNG logo](assets/img/search-engines/mini/searxng-wordmark.svg){ .twemoji } [SearXNG](search-engines.md#searxng)
+- ![Startpage logo](assets/img/search-engines/mini/startpage.svg#only-light){ .twemoji }![Startpage logo](assets/img/search-engines/mini/startpage-dark.svg#only-dark){ .twemoji } [Startpage](search-engines.md#startpage)
 
 </div>
 
@@ -209,9 +209,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 <div class="grid cards" markdown>
 
+- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn)
 - ![Mullvad logo](assets/img/vpn/mini/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad)
 - ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#protonvpn)
-- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn)
 
 </div>
 
@@ -223,11 +223,11 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 <div class="grid cards" markdown>
 
-- ![Tutanota logo](assets/img/calendar-contacts/tutanota.svg){ .twemoji } [Tutanota (SaaS)](calendar-contacts.md#tutanota)
-- ![Proton Calendar logo](assets/img/calendar-contacts/proton-calendar.svg){ .twemoji } [Proton Calendar (SaaS)](calendar-contacts.md#proton-calendar)
-- ![EteSync logo](assets/img/calendar-contacts/etesync.svg){ .twemoji } [EteSync](calendar-contacts.md#etesync)
-- ![Tutanota logo](assets/img/calendar-contacts/nextcloud.svg){ .twemoji } [Nextcloud](calendar-contacts.md#nextcloud)
 - ![DecSync CC logo](assets/img/calendar-contacts/decsync.svg){ .twemoji } [DecSync CC](calendar-contacts.md#decsync-cc)
+- ![EteSync logo](assets/img/calendar-contacts/etesync.svg){ .twemoji } [EteSync](calendar-contacts.md#etesync)
+- ![Nextcloud logo](assets/img/calendar-contacts/nextcloud.svg){ .twemoji } [Nextcloud](calendar-contacts.md#nextcloud)
+- ![Proton Calendar logo](assets/img/calendar-contacts/proton-calendar.svg){ .twemoji } [Proton Calendar (SaaS)](calendar-contacts.md#proton-calendar)
+- ![Tutanota logo](assets/img/calendar-contacts/tutanota.svg){ .twemoji } [Tutanota (SaaS)](calendar-contacts.md#tutanota)
 
 </div>
 
@@ -237,9 +237,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 <div class="grid cards" markdown>
 
+- ![EteSync Notes logo](assets/img/notebooks/etesync-notes.png){ .twemoji } [EteSync Notes](notebooks.md#etesync-notes)
 - ![Joplin logo](assets/img/notebooks/joplin.svg){ .twemoji } [Joplin](notebooks.md#joplin)
 - ![Standard Notes logo](assets/img/notebooks/standard-notes.svg){ .twemoji } [Standard Notes](notebooks.md#standard-notes)
-- ![EteSync Notes logo](assets/img/notebooks/etesync-notes.png){ .twemoji } [EteSync Notes](notebooks.md#etesync-notes)
 - ![Org-mode logo](assets/img/notebooks/org-mode.svg){ .twemoji } [Org-mode](notebooks.md#org-mode)
 
 </div>
@@ -252,12 +252,12 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 - ![Thunderbird logo](assets/img/email-clients/thunderbird.svg){ .twemoji } [Thunderbird](email-clients.md#thunderbird)
 - ![Apple Mail logo](assets/img/email-clients/applemail.png){ .twemoji } [Apple Mail (macOS)](email-clients.md#apple-mail)
+- ![Canary Mail logo](assets/img/email-clients/canarymail.svg){ .twemoji } [Canary Mail (iOS)](email-clients.md#canary-mail)
+- ![FairEmail logo](assets/img/email-clients/fairemail.svg){ .twemoji } [FairEmail (Android)](email-clients.md#fairemail)
 - ![GNOME Evolution logo](assets/img/email-clients/evolution.svg){ .twemoji } [GNOME Evolution (Linux)](email-clients.md#gnome-evolution)
+- ![K-9 Mail logo](assets/img/email-clients/k9mail.svg){ .twemoji } [K-9 Mail (Android)](email-clients.md#k-9-mail)
 - ![Kontact logo](assets/img/email-clients/kontact.svg){ .twemoji } [Kontact (Linux)](email-clients.md#kontact)
 - ![Mailvelope logo](assets/img/email-clients/mailvelope.svg){ .twemoji } [Mailvelope (PGP in standard webmail)](email-clients.md#mailvelope)
-- ![K-9 Mail logo](assets/img/email-clients/k9mail.svg){ .twemoji } [K-9 Mail (Android)](email-clients.md#k-9-mail)
-- ![FairEmail logo](assets/img/email-clients/fairemail.svg){ .twemoji } [FairEmail (Android)](email-clients.md#fairemail)
-- ![Canary Mail logo](assets/img/email-clients/canarymail.svg){ .twemoji } [Canary Mail (iOS)](email-clients.md#canary-mail)
 - ![NeoMutt logo](assets/img/email-clients/mutt.svg){ .twemoji } [NeoMutt (CLI)](email-clients.md#neomutt)
 
 </div>
@@ -274,9 +274,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 <div class="grid cards" markdown>
 
-- ![VeraCrypt logo](assets/img/encryption-software/veracrypt.svg#only-light){ .twemoji }![VeraCrypt logo](assets/img/encryption-software/veracrypt-dark.svg#only-dark){ .twemoji } [VeraCrypt (FDE)](encryption.md#veracrypt)
 - ![Cryptomator logo](assets/img/encryption-software/cryptomator.svg){ .twemoji } [Cryptomator](encryption.md#cryptomator)
 - ![Picocrypt logo](assets/img/encryption-software/picocrypt.svg){ .twemoji } [Picocrypt](encryption.md#picocrypt)
+- ![VeraCrypt logo](assets/img/encryption-software/veracrypt.svg#only-light){ .twemoji }![VeraCrypt logo](assets/img/encryption-software/veracrypt-dark.svg#only-dark){ .twemoji } [VeraCrypt (FDE)](encryption.md#veracrypt)
 - ![Hat.sh logo](assets/img/encryption-software/hat-sh.png#only-light){ .twemoji }![Hat.sh logo](assets/img/encryption-software/hat-sh-dark.png#only-dark){ .twemoji } [Hat.sh (Browser-based)](encryption.md#hatsh)
 - ![Kryptor logo](assets/img/encryption-software/kryptor.png){ .twemoji } [Kryptor](encryption.md#kryptor)
 - ![Tomb logo](assets/img/encryption-software/tomb.png){ .twemoji } [Tomb](encryption.md#tomb)
@@ -302,11 +302,11 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 <div class="grid cards" markdown>
 
-- ![OnionShare logo](assets/img/file-sharing-sync/onionshare.svg){ .twemoji } [OnionShare](file-sharing.md#onionshare)
 - ![Magic Wormhole logo](assets/img/file-sharing-sync/magic_wormhole.png){ .twemoji } [Magic Wormhole](file-sharing.md#magic-wormhole)
+- ![OnionShare logo](assets/img/file-sharing-sync/onionshare.svg){ .twemoji } [OnionShare](file-sharing.md#onionshare)
 - ![FreedomBox logo](assets/img/file-sharing-sync/freedombox.svg){ .twemoji } [FreedomBox](file-sharing.md#freedombox)
-- ![Syncthing logo](assets/img/file-sharing-sync/syncthing.svg){ .twemoji } [Syncthing](file-sharing.md#syncthing)
 - ![git-annex logo](assets/img/file-sharing-sync/gitannex.svg){ .twemoji } [git-annex](file-sharing.md#git-annex)
+- ![Syncthing logo](assets/img/file-sharing-sync/syncthing.svg){ .twemoji } [Syncthing](file-sharing.md#syncthing)
 
 </div>
 
@@ -316,11 +316,11 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 <div class="grid cards" markdown>
 
-- ![MAT2 logo](assets/img/metadata-removal/mat2.svg){ .twemoji } [MAT2](metadata-removal-tools.md#mat2)
 - ![ExifCleaner logo](assets/img/metadata-removal/exifcleaner.svg){ .twemoji } [ExifCleaner](metadata-removal-tools.md#exifcleaner)
-- ![Scrambled Exif logo](assets/img/metadata-removal/scrambled-exif.svg){ .twemoji } [Scrambled Exif (Android)](metadata-removal-tools.md#scrambled-exif)
+- ![MAT2 logo](assets/img/metadata-removal/mat2.svg){ .twemoji } [MAT2](metadata-removal-tools.md#mat2)
 - ![Imagepipe logo](assets/img/metadata-removal/imagepipe.svg){ .twemoji } [Imagepipe (Android)](metadata-removal-tools.md#imagepipe)
 - ![Metapho logo](assets/img/metadata-removal/metapho.jpg){ .twemoji } [Metapho (iOS)](metadata-removal-tools.md#metapho)
+- ![Scrambled Exif logo](assets/img/metadata-removal/scrambled-exif.svg){ .twemoji } [Scrambled Exif (Android)](metadata-removal-tools.md#scrambled-exif)
 - ![ExifTool logo](assets/img/metadata-removal/exiftool.png){ .twemoji } [ExifTool (CLI)](metadata-removal-tools.md#exiftool)
 
 </div>
@@ -331,8 +331,8 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 <div class="grid cards" markdown>
 
-- ![YubiKeys](assets/img/multi-factor-authentication/mini/yubico.svg){ .twemoji } [YubiKey](multi-factor-authentication.md#yubikey)
 - ![Nitrokey](assets/img/multi-factor-authentication/mini/nitrokey.svg){ .twemoji } [Nitrokey](multi-factor-authentication.md#nitrokey-librem-key)
+- ![YubiKeys](assets/img/multi-factor-authentication/mini/yubico.svg){ .twemoji } [YubiKey](multi-factor-authentication.md#yubikey)
 - ![Aegis logo](assets/img/multi-factor-authentication/aegis.png){ .twemoji } [Aegis Authenticator](multi-factor-authentication.md#aegis-authenticator)
 - ![Raivo OTP logo](assets/img/multi-factor-authentication/raivo-otp.png){ .twemoji } [Raivo OTP](multi-factor-authentication.md#raivo-otp)
 
@@ -344,12 +344,12 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 <div class="grid cards" markdown>
 
-- ![KeePassXC logo](assets/img/password-management/keepassxc.svg){ .twemoji } [KeePassXC](passwords.md#keepassxc)
 - ![KeePassDX logo](assets/img/password-management/keepassdx.svg){ .twemoji } [KeePassDX (Android)](passwords.md#keepassdx)
+- ![KeePassXC logo](assets/img/password-management/keepassxc.svg){ .twemoji } [KeePassXC](passwords.md#keepassxc)
 - ![Bitwarden logo](assets/img/password-management/bitwarden.svg){ .twemoji } [Bitwarden](passwords.md#bitwarden)
+- ![Vaultwarden logo](assets/img/password-management/vaultwarden.svg#only-light){ .twemoji }![Vaultwarden logo](assets/img/password-management/vaultwarden-dark.svg#only-dark){ .twemoji } [Vaultwarden (Bitwarden Server)](passwords.md#vaultwarden)
 - ![Psono logo](assets/img/password-management/psono.svg){ .twemoji } [Psono](passwords.md#psono)
 - ![gopass logo](assets/img/password-management/gopass.svg){ .twemoji } [gopass](passwords.md#gopass)
-- ![Vaultwarden logo](assets/img/password-management/vaultwarden.svg#only-light){ .twemoji }![Vaultwarden logo](assets/img/password-management/vaultwarden-dark.svg#only-dark){ .twemoji } [Vaultwarden (Bitwarden Server)](passwords.md#vaultwarden)
 
 </div>
 
@@ -362,8 +362,8 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 - ![LibreOffice logo](assets/img/productivity/libreoffice.svg){ .twemoji } [LibreOffice](productivity.md#libreoffice)
 - ![OnlyOffice logo](assets/img/productivity/onlyoffice.svg){ .twemoji } [OnlyOffice](productivity.md#onlyoffice)
 - ![Framadate logo](assets/img/productivity/framadate.svg){ .twemoji } [Framadate (Appointment Planning)](productivity.md#framadate)
-- ![PrivateBin logo](assets/img/productivity/privatebin.svg){ .twemoji } [PrivateBin (Pastebin)](productivity.md#privatebin)
 - ![CryptPad logo](assets/img/productivity/cryptpad.svg){ .twemoji } [CryptPad](productivity.md#cryptpad)
+- ![PrivateBin logo](assets/img/productivity/privatebin.svg){ .twemoji } [PrivateBin (Pastebin)](productivity.md#privatebin)
 - ![Write.as logo](assets/img/productivity/writeas.svg#only-light){ .twemoji }![Write.as logo](assets/img/productivity/writeas-dark.svg#only-dark){ .twemoji } [Write.as (Blogging Platform)](productivity.md#writeas)
 - ![VSCodium logo](assets/img/productivity/vscodium.svg){ .twemoji } [VSCodium (Source-Code Editor)](productivity.md#vscodium)
 
@@ -375,10 +375,10 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 <div class="grid cards" markdown>
 
-- ![Signal logo](assets/img/messengers/signal.svg){ .twemoji } [Signal](real-time-communication.md#signal)
 - ![Element logo](assets/img/messengers/element.svg){ .twemoji } [Element](real-time-communication.md#element)
-- ![Briar logo](assets/img/messengers/briar.svg){ .twemoji } [Briar (Android)](real-time-communication.md#briar)
 - ![Session logo](assets/img/messengers/session.svg){ .twemoji } [Session](real-time-communication.md#session)
+- ![Signal logo](assets/img/messengers/signal.svg){ .twemoji } [Signal](real-time-communication.md#signal)
+- ![Briar logo](assets/img/messengers/briar.svg){ .twemoji } [Briar (Android)](real-time-communication.md#briar)
 
 </div>
 
@@ -388,12 +388,12 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 <div class="grid cards" markdown>
 
-- ![Fluent Reader logo](assets/img/news-aggregators/fluent-reader.svg){ .twemoji } [Fluent Reader](news-aggregators.md#fluent-reader)
-- ![GNOME Feeds logo](assets/img/news-aggregators/gfeeds.svg){ .twemoji } [GNOME Feeds](news-aggregators.md#gnome-feeds)
 - ![Akregator logo](assets/img/news-aggregators/akregator.svg){ .twemoji } [Akregator](news-aggregators.md#akregator)
 - ![Feeder logo](assets/img/news-aggregators/feeder.png){ .twemoji} [Feeder](news-aggregators.md#feeder)
-- ![NetNewsWire logo](assets/img/news-aggregators/netnewswire.png){ .twemoji } [NetNewsWire](news-aggregators.md#netnewswire)
+- ![Fluent Reader logo](assets/img/news-aggregators/fluent-reader.svg){ .twemoji } [Fluent Reader](news-aggregators.md#fluent-reader)
+- ![GNOME Feeds logo](assets/img/news-aggregators/gfeeds.svg){ .twemoji } [GNOME Feeds](news-aggregators.md#gnome-feeds)
 - ![Miniflux logo](assets/img/news-aggregators/miniflux.svg#only-light){ .twemoji }![Miniflux logo](assets/img/news-aggregators/miniflux-dark.svg#only-dark){ .twemoji } [Miniflux](news-aggregators.md#miniflux)
+- ![NetNewsWire logo](assets/img/news-aggregators/netnewswire.png){ .twemoji } [NetNewsWire](news-aggregators.md#netnewswire)
 - ![Newsboat logo](assets/img/news-aggregators/newsboat.svg){ .twemoji } [Newsboat](news-aggregators.md#newsboat)
 
 </div>
@@ -404,9 +404,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 <div class="grid cards" markdown>
 
-- ![Tor logo](./assets/img/self-contained-networks/tor.svg){ .twemoji } [Tor](self-contained-networks.md#tor)
-- ![I2P logo](./assets/img/self-contained-networks/i2p.svg#only-light){ .twemoji } ![I2P logo](./assets/img/self-contained-networks/i2p-dark.svg#only-dark){ .twemoji } [I2P](self-contained-networks.md#invisible-internet-project)
 - ![Freenet logo](./assets/img/self-contained-networks/freenet.svg){ .twemoji } [Freenet](self-contained-networks.md#the-freenet-project)
+- ![I2P logo](./assets/img/self-contained-networks/i2p.svg#only-light){ .twemoji } ![I2P logo](./assets/img/self-contained-networks/i2p-dark.svg#only-dark){ .twemoji } [I2P](self-contained-networks.md#invisible-internet-project)
+- ![Tor logo](./assets/img/self-contained-networks/tor.svg){ .twemoji } [Tor](self-contained-networks.md#tor)
 
 </div>
 
@@ -419,10 +419,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 - ![FreeTube logo](assets/img/video-streaming/freetube.svg){ .twemoji } [FreeTube (YouTube, Desktop)](video-streaming.md#freetube)
 - ![LBRY logo](assets/img/video-streaming/lbry.svg){ .twemoji } [LBRY](video-streaming.md#lbry)
 - ![NewPipe logo](assets/img//video-streaming/newpipe.svg){ .twemoji } [NewPipe (YouTube, Android)](video-streaming.md#newpipe)
-- ![NewPipe x SponsorBlock logo](assets/img/video-streaming/newpipe.svg){ .twemoji } [NewPipe x Sponsorblock](video-streaming.md#sponsorblock)
 - ![Invidious logo](assets/img/video-streaming/invidious.svg#only-light){ .twemoji }![Invidious logo](assets/img/video-streaming/invidious-dark.svg#only-dark){ .twemoji } [Invidious (YouTube, Web)](video-streaming.md#invidious)
-- ![Piped logo](assets/img/video-streaming/piped.svg){ .twemoji } [Piped (YouTube, Web)](video-streaming.md#piped)
 - ![Librarian logo](assets/img/video-streaming/librarian.svg#only-light){ .twemoji }![Librarian logo](assets/img/video-streaming/librarian-dark.svg#only-dark){ .twemoji } [Librarian (LBRY, Web)](video-streaming.md#librarian)
+- ![Piped logo](assets/img/video-streaming/piped.svg){ .twemoji } [Piped (YouTube, Web)](video-streaming.md#piped)
 
 </div>
 

docs/video-streaming.en.md

@@ -24,10 +24,10 @@ The primary threat when using a video streaming platform is that your streaming
 
     ??? downloads
 
-        [:fontawesome-brands-windows:](https://freetubeapp.io/#download){ .card-link title=Windows }
-        [:fontawesome-brands-apple:](https://freetubeapp.io/#download){ .card-link title=macOS }
-        [:fontawesome-brands-linux:](https://freetubeapp.io/#download){ .card-link title=Linux }
-        [:pg-flathub:](https://flathub.org/apps/details/io.freetubeapp.FreeTube){ .card-link title=Flatpak }
+        - [:fontawesome-brands-windows: Windows](https://freetubeapp.io/#download)
+        - [:fontawesome-brands-apple: macOS](https://freetubeapp.io/#download)
+        - [:fontawesome-brands-linux: Linux](https://freetubeapp.io/#download)
+        - [:pg-flathub: Flatpak](https://flathub.org/apps/details/io.freetubeapp.FreeTube)
 
 !!! Warning
 
@@ -50,9 +50,9 @@ The primary threat when using a video streaming platform is that your streaming
 
     ??? downloads
 
-        [:fontawesome-brands-windows:](https://lbry.com/windows){ .card-link title=Windows }
-        [:fontawesome-brands-apple:](https://lbry.com/osx){ .card-link title=macOS }
-        [:fontawesome-brands-linux:](https://lbry.com/linux){ .card-link title=Linux }
+        - [:fontawesome-brands-windows: Windows](https://lbry.com/windows)
+        - [:fontawesome-brands-apple: macOS](https://lbry.com/osx)
+        - [:fontawesome-brands-linux: Linux](https://lbry.com/linux)
 
 !!! note
 
@@ -84,8 +84,8 @@ You can disable *Save hosting data to help the LBRY network* option in :gear: **
 
     ??? downloads
 
-        [:pg-f-droid:](https://newpipe.net/FAQ/tutorials/install-add-fdroid-repo){ .card-link title=F-Droid}
-        [:fontawesome-brands-github:](https://github.com/TeamNewPipe/NewPipe/releases){ .card-link title=GitHub }
+        - [:pg-f-droid: F-Droid](https://newpipe.net/FAQ/tutorials/install-add-fdroid-repo)
+        - [:fontawesome-brands-github: GitHub](https://github.com/TeamNewPipe/NewPipe/releases)
 
 1. The default instance is [FramaTube](https://framatube.org/), however more can be added via **Settings** → **Content** → **PeerTube instances**
 
@@ -97,13 +97,11 @@ You can disable *Save hosting data to help the LBRY network* option in :gear: **
     
     When using NewPipe, your IP address will be visible to the video providers used. Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org) if your [threat model](basics/threat-modeling.md) requires hiding your IP address.
 
-#### SponsorBlock
-
-*NewPipe x SponsorBlock* is a fork of [NewPipe](https://newpipe.net) with [SponsorBlock](https://sponsor.ajay.app) integrated to help you skip sponsored video segments.
+**NewPipe x SponsorBlock** is a fork of [NewPipe](https://newpipe.net) with [SponsorBlock](https://sponsor.ajay.app) integrated to help you skip sponsored video segments.
 
 It also has integration with [Return YouTube Dislike](https://returnyoutubedislike.com), and some experimental settings such as the ability to use the built-in player for local playback, an option to force fullscreen on landscape mode, and an option to disable error reporting prompts.
 
-- [github.com/polymorphicshade/NewPipe :hero-arrow-circle-right-fill:](https://github.com/polymorphicshade/NewPipe)
+[:octicons-repo-16: "NewPipe x SponsorBlock" on GitHub](https://github.com/polymorphicshade/NewPipe){ .md-button }
 
 This fork is not endorsed by or affiliated with the upstream project. The NewPipe team has [rejected](https://github.com/TeamNewPipe/NewPipe/pull/3205) integration with SponsorBlock and thus this fork is created to provide this functionality.
 
@@ -138,30 +136,6 @@ When self-hosting, it is important that you have other people using your instanc
 
 When you are using an Invidious instance, make sure to read the privacy policy of that specific instance. Invidious instances can be modified by their owners and therefore may not reflect their associated privacy policy. Some instances have Tor .onion addresses which may grant some privacy as long as your search queries don't contain PII (Personally Identifiable Information).
 
-### Piped
-
-!!! recommendation
-
-    ![Piped logo](assets/img/video-streaming/piped.svg){ align=right }
-
-    **Piped** is a free and open source frontend for YouTube that is also self-hostable.
-
-    Piped requires JavaScript in order to function and there are a number of public instances.
-
-    [:octicons-repo-16: Repository](https://github.com/TeamPiped/Piped){ .md-button .md-button--primary }
-    [:octicons-server-16:](https://piped.kavin.rocks/preferences#ddlInstanceSelection){ .card-link title="Public Instances"}
-    [:octicons-info-16:](https://piped-docs.kavin.rocks/){ .card-link title=Documentation}
-    [:octicons-code-16:](https://github.com/TeamPiped/Piped){ .card-link title="Source Code" }
-    [:octicons-heart-16:](https://github.com/TeamPiped/Piped#donations){ .card-link title=Contribute }
-
-!!! tip
-
-    Piped is useful if you want to use [SponsorBlock](https://sponsor.ajay.app) without installing an extension or to access age-restricted content without an account. It does not provide privacy by itself and we don’t recommend logging into any accounts.
-
-When self-hosting, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting Piped, as other peoples' usage will be linked to your hosting.
-
-When you are using a Piped instance, make sure to read the privacy policy of that specific instance. Piped instances can be modified by their owners and therefore may not reflect their associated privacy policy.
-
 ### Librarian
 
 !!! recommendation
@@ -190,4 +164,28 @@ When self-hosting, it is important that you have other people using your instanc
 
 When you are using a Librarian instance, make sure to read the privacy policy of that specific instance. Librarian instances can be modified by their owners and therefore may not reflect the default policy. Librarian instances feature a "privacy nutrition label" to provide an overview of their policy. Some instances have Tor .onion addresses which may grant some privacy as long as your search queries don't contain PII (Personally Identifiable Information).
 
+### Piped
+
+!!! recommendation
+
+    ![Piped logo](assets/img/video-streaming/piped.svg){ align=right }
+
+    **Piped** is a free and open source frontend for YouTube that is also self-hostable.
+
+    Piped requires JavaScript in order to function and there are a number of public instances.
+
+    [:octicons-repo-16: Repository](https://github.com/TeamPiped/Piped){ .md-button .md-button--primary }
+    [:octicons-server-16:](https://piped.kavin.rocks/preferences#ddlInstanceSelection){ .card-link title="Public Instances"}
+    [:octicons-info-16:](https://piped-docs.kavin.rocks/){ .card-link title=Documentation}
+    [:octicons-code-16:](https://github.com/TeamPiped/Piped){ .card-link title="Source Code" }
+    [:octicons-heart-16:](https://github.com/TeamPiped/Piped#donations){ .card-link title=Contribute }
+
+!!! tip
+
+    Piped is useful if you want to use [SponsorBlock](https://sponsor.ajay.app) without installing an extension or to access age-restricted content without an account. It does not provide privacy by itself and we don’t recommend logging into any accounts.
+
+When self-hosting, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting Piped, as other peoples' usage will be linked to your hosting.
+
+When you are using a Piped instance, make sure to read the privacy policy of that specific instance. Piped instances can be modified by their owners and therefore may not reflect their associated privacy policy.
+
 --8<-- "includes/abbreviations.en.md"

docs/vpn.en.md

@@ -13,7 +13,7 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic.
 
     If you're looking for added **security**, you should always ensure you're connecting to websites using HTTPS. A VPN is not a replacement for good security practices.
 
-    [Download Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Tor Myths & FAQ](https://medium.com/privacyguides/slicing-onions-part-1-myth-busting-tor-9ec188ae1904){ .md-button }
+    [Download Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Tor Myths & FAQ](/basics/tor-overview.md){ .md-button }
 
 ??? question "When are VPNs useful?"
 
@@ -27,6 +27,59 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic.
 
     Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#our-criteria) for more information.
 
+### IVPN
+
+!!! recommendation
+
+    ![IVPN logo](assets/img/vpn/ivpn.svg){ align=right }
+
+    **IVPN** is another premium VPN provider, and they have been in operation since 2009. IVPN is based in Gibraltar.
+
+    **Standard USD $60/year** — **Pro USD $100/year**
+
+    [:octicons-home-16: Homepage](https://www.ivpn.net/){ .md-button .md-button--primary }
+    [:octicons-eye-16:](https://www.ivpn.net/privacy/){ .card-link title="Privacy Policy" }
+    [:octicons-info-16:](https://www.ivpn.net/knowledgebase/general/){ .card-link title=Documentation}
+    [:octicons-code-16:](https://github.com/ivpn){ .card-link title="Source Code" }
+
+??? check annotate "32 Countries"
+
+    IVPN has [servers in 32 countries](https://www.ivpn.net/server-locations) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (less hops) to the destination.
+
+    We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).
+
+1. As of 2022/05/17
+
+??? check "Independently Audited"
+
+    IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future.
+
+??? check "Open Source Clients"
+
+    As of Feburary 2020 [IVPN applications are now open source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn).
+
+??? check "Accepts Cash and Monero"
+
+    In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment.
+
+??? check "WireGuard Support"
+
+    IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that utilizes state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant.
+
+    IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/).
+
+??? check "Remote Port Forwarding"
+
+    Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html).
+
+??? check "Mobile Clients"
+
+    In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683) and [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client) allowing for easy connections to their servers. The mobile client on Android is also available in [F-Droid](https://f-droid.org/en/packages/net.ivpn.client), which ensures that it is compiled with [reproducible builds](https://www.f-droid.org/en/2019/05/05/trust-privacy-and-free-software.html).
+
+??? info "Additional Functionality"
+
+    IVPN clients support two factor authentication (Mullvad and Proton VPN clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
+
 ### Mullvad
 
 !!! recommendation
@@ -149,59 +202,6 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic.
 
     Proton VPN have their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose.
 
-### IVPN
-
-!!! recommendation
-
-    ![IVPN logo](assets/img/vpn/ivpn.svg){ align=right }
-
-    **IVPN** is another premium VPN provider, and they have been in operation since 2009. IVPN is based in Gibraltar.
-
-    **Standard USD $60/year** — **Pro USD $100/year**
-
-    [:octicons-home-16: Homepage](https://www.ivpn.net/){ .md-button .md-button--primary }
-    [:octicons-eye-16:](https://www.ivpn.net/privacy/){ .card-link title="Privacy Policy" }
-    [:octicons-info-16:](https://www.ivpn.net/knowledgebase/general/){ .card-link title=Documentation}
-    [:octicons-code-16:](https://github.com/ivpn){ .card-link title="Source Code" }
-
-??? check annotate "32 Countries"
-
-    IVPN has [servers in 32 countries](https://www.ivpn.net/server-locations) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (less hops) to the destination.
-
-    We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).
-
-1. As of 2022/05/17
-
-??? check "Independently Audited"
-
-    IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future.
-
-??? check "Open Source Clients"
-
-    As of Feburary 2020 [IVPN applications are now open source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn).
-
-??? check "Accepts Cash and Monero"
-
-    In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment.
-
-??? check "WireGuard Support"
-
-    IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that utilizes state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant.
-
-    IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/).
-
-??? check "Remote Port Forwarding"
-
-    Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html).
-
-??? check "Mobile Clients"
-
-    In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683) and [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client) allowing for easy connections to their servers. The mobile client on Android is also available in [F-Droid](https://f-droid.org/en/packages/net.ivpn.client), which ensures that it is compiled with [reproducible builds](https://www.f-droid.org/en/2019/05/05/trust-privacy-and-free-software.html).
-
-??? info "Additional Functionality"
-
-    IVPN clients support two factor authentication (Mullvad and Proton VPN clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
-
 ## Our Criteria
 
 !!! danger

mkdocs.yml

@@ -154,10 +154,10 @@ nav:
       - 'basics/common-threats.md'
       - 'basics/account-deletion.md'
       - 'basics/multi-factor-authentication.md'
-      - 'basics/dns.md'
-      - 'basics/erasing-data.md'
-      - 'basics/email-security.md'
       - 'basics/vpn-overview.md'
+      - 'basics/tor-overview.md'
+      - 'basics/dns-overview.md'
+      - 'basics/email-security.md'
     - 'Android':
       - 'android/overview.md'
       - 'android/grapheneos-vs-calyxos.md'
@@ -166,7 +166,8 @@ nav:
       - 'linux-desktop/hardening.md'
       - 'linux-desktop/sandboxing.md'
     - 'Advanced':
-      - 'setup/integrating-metadata-removal.md'
+      - 'advanced/integrating-metadata-removal.md'
+      - 'advanced/erasing-data.md'
   - 'Recommendations':
     - 'tools.md'
     - 'Browsers':