Replace Scrambled Exif with ExifEraser (#1687)

Co-authored-by: Jonah Aragon <github@aragon.science>

.github/CODEOWNERS

@@ -1,13 +1,16 @@
-# Additional Co-Owners are added to the TOP of this file.
+# Additional Co-Owners are added to the TOP of this file
 
 # High-traffic pages
-/docs/index.md @JonahAragon @dngray
-/theme/overrides/ @JonahAragon
+/docs/index.en.md @jonaharagon @dngray
+/theme/overrides/ @jonaharagon
 
 # Org
-/docs/about/ @JonahAragon
-LICENSE @JonahAragon
+/docs/about/ @jonaharagon
+LICENSE @jonaharagon
+README.md @jonaharagon @dngray
 
 # Ops
-/.github/ @JonahAragon
-/.well-known/ @JonahAragon
+/Pipfile @jonaharagon
+/Pipfile.lock @jonaharagon
+/.github/ @jonaharagon
+/.well-known/ @jonaharagon

.github/ISSUE_TEMPLATE/2_Website_Issues.md

@@ -10,12 +10,6 @@ This is NOT the place to request changes to the content of the website.
 This is NOT the place to report issues with our services like Matrix.
 This is ONLY for reporting bugs or technical issues with www.privacyguides.org, the website.
 
--->
-
-## Description
-
-<!--
-## Screenshots
-
-Please add screenshots if applicable
+Please add screenshots if applicable.
+
 -->

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,14 +1,18 @@
-<!-- Please use a descriptive title for your PR, it will be included in our changelog -->
+<!-- READ ENTIRELY BEFORE SUBMITTING:
+Please use a descriptive title for your PR, it will be included in our changelog!
 
-Resolves: # <!-- Did you solve an open GitHub issue? Put the number here so we mark it complete! -->
+**********
+By submitting a PR, you are agreeing to release your work to the public domain
+persuant to the terms described in our LICENSE file (CC0 1.0 Universal).
+**********
 
-<!--
 Please share with us what you've changed.
 If you are adding a software recommendation, give us a link to its website or
 source code.
 
 If you are making changes that you have a conflict of interest with, please
-disclose this as well:
+disclose this as well (this does not disqualify your PR by any means):
+
 Conflict of interest contributions involve contributing about yourself,
 family, friends, clients, employers, or your financial and other relationships.
 Any external relationship can trigger a conflict of interest.
@@ -16,7 +20,7 @@ Any external relationship can trigger a conflict of interest.
 That someone has a conflict of interest is a description of a situation,
 NOT a judgement about that person's opinions, integrity, or good faith.
 
-If you have a conflict of interest, you must disclose who is paying you for
+If you have a conflict of interest, you MUST disclose who is paying you for
 this contribution, who the client is (if for example, you are being paid by
 an advertising agency), and any other relevant affiliations.
 -->

.github/workflows/crowdin.yml

@@ -14,7 +14,7 @@ jobs:
       uses: actions/checkout@v3
 
     - name: crowdin action
-      uses: crowdin/github-action@1.4.9
+      uses: crowdin/github-action@1.4.12
       with:
         upload_sources: true
         upload_sources_args: '--auto-update --delete-obsolete'

.github/workflows/deploy.yml

@@ -1,73 +0,0 @@
-name: 📦 Deploy Website
-
-on:
-  workflow_dispatch:
-  release:
-    types: [published]
-
-env:
-  PYTHON_VERSION: 3.x
-
-jobs:
-  build:
-    name: Build website
-    runs-on: ubuntu-latest
-    steps:
-
-      - name: Checkout repository
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: '0'
-          ref: ${{github.event.pull_request.head.ref}}
-          repository: ${{github.event.pull_request.head.repo.full_name}}
-          ssh-key: ${{ secrets.ACTIONS_SSH_KEY }}
-          submodules: 'true'
-
-      - name: Set up Python runtime
-        uses: actions/setup-python@v4
-        with:
-          python-version: '3.7'
-      
-      - name: Cache files
-        uses: actions/cache@v3.0.4
-        with:
-          key: ${{ github.ref }}
-          path: .cache
-
-      - name: Install Python dependencies
-        run: |
-          pip install pipenv
-          pipenv install
-
-      - name: Build website
-        run: |
-          pipenv run mkdocs build
-          mv .well-known site/
-          tar cvf site.tar site
-          pipenv run mkdocs --version
-
-      - name: Package website
-        uses: actions/upload-artifact@v3
-        with:
-          name: generated-site
-          path: site.tar
-
-  deploy:
-    name: Rsync Deploy
-    runs-on: ubuntu-latest
-    environment: production
-    needs: build
-
-    steps:
-      - name: Download generated Jekyll site
-        uses: actions/download-artifact@v3
-        with:
-          name: generated-site
-      - run: tar xvf site.tar
-      - name: Copy built site to production
-        run: |
-          mkdir -p ~/.ssh
-          echo "${{ secrets.SSH_KEY }}" > ~/.ssh/id_rsa
-          chmod 700 ~/.ssh/id_rsa
-          ssh-keyscan -H ${{ secrets.SSH_HOST }} >> ~/.ssh/known_hosts
-          rsync -azP --delete site/ ${{ secrets.SSH_USERNAME }}@${{ secrets.SSH_HOST }}:${{ secrets.SSH_PATH }}

.github/workflows/pages.yml

@@ -0,0 +1,88 @@
+name: 🛠️ Deploy to GitHub Pages
+
+on:
+  workflow_dispatch:
+  release:
+    types: [published]
+
+# Allow one concurrent deployment
+concurrency:
+  group: "pages"
+  cancel-in-progress: true
+
+env:
+  PYTHON_VERSION: 3.x
+
+jobs:
+  build:
+    name: Build
+
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: '0'
+          ref: ${{github.event.pull_request.head.ref}}
+          repository: ${{github.event.pull_request.head.repo.full_name}}
+          ssh-key: ${{ secrets.ACTIONS_SSH_KEY }}
+          submodules: 'true'
+      
+      - name: Pages setup
+        uses: actions/configure-pages@v2
+
+      - name: Python setup
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.7'
+      
+      - name: Cache files
+        uses: actions/cache@v3.0.8
+        with:
+          key: ${{ github.ref }}
+          path: .cache
+
+      - name: Install Python dependencies
+        run: |
+          pip install pipenv
+          pipenv install
+
+      - name: Build website
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          pipenv run mkdocs build --config-file mkdocs.production.yml
+          mv .well-known site/
+          pipenv run mkdocs --version
+      
+      - name: Matrix homeserver configuration
+        run: |
+          mkdir -p site/.well-known/matrix
+          curl -o site/.well-known/matrix/server https://matrix.privacyguides.org/.well-known/matrix/server
+          curl -o site/.well-known/matrix/client https://matrix.privacyguides.org/.well-known/matrix/client
+
+      - name: Package website
+        uses: actions/upload-pages-artifact@v1
+        with:
+          path: site
+
+
+
+  deploy:
+    name: Deploy
+    needs: build
+
+    # Grant GITHUB_TOKEN the permissions required to make a Pages deployment
+    permissions:
+      pages: write      # to deploy to Pages
+      id-token: write   # to verify the deployment originates from an appropriate source
+
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+
+    runs-on: ubuntu-latest
+    steps:
+      - name: Deploy to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@main

.github/workflows/preview.yml

@@ -3,7 +3,7 @@ name: 🔂 Surge PR Preview
 on:
   pull_request_target:
     types: [opened, synchronize, reopened]
-  
+
 # Ensures that only one mirror task will run at a time.
 concurrency:
   group: surge-sh
@@ -33,6 +33,8 @@ jobs:
 
       - name: Deploy to surge.sh
         uses: afc163/surge-preview@v1
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
           surge_token: ${{ secrets.SURGE_TOKEN }}
           github_token: ${{ secrets.GITHUB_TOKEN }}
@@ -41,4 +43,4 @@ jobs:
           build: |
             pip install pipenv
             pipenv install
-            pipenv run mkdocs build
+            pipenv run mkdocs build --config-file mkdocs.production.yml

.gitmodules

@@ -4,6 +4,3 @@
 [submodule "docs/assets/brand"]
 	path = docs/assets/brand
 	url = https://github.com/privacyguides/brand.git
-[submodule "docs/blog"]
-	path = docs/blog
-	url = https://github.com/privacyguides/blog.git

.well-known/matrix/client

@@ -1,5 +0,0 @@
-{
-    "m.homeserver": {
-        "base_url": "https://dendrite-client.privacyguides.org"
-    }
-}

.well-known/matrix/server

@@ -1,3 +0,0 @@
-{
-    "m.server": "dendrite-federation.privacyguides.org:443"
-}

.well-known/security.txt

@@ -1,5 +1,5 @@
-Contact: jonah@triplebit.net
-Encryption: https://www.jonaharagon.com/keys/
+Contact: mailto:jonah@triplebit.net
+Expires: 2024-01-01T18:00:00.000Z
 Preferred-Languages: en
-Canonical: https://privacyguides.org/.well-known/security.txt
+Canonical: https://www.privacyguides.org/.well-known/security.txt
 Policy: https://github.com/privacyguides/privacyguides.org/security/policy

CITATION.cff

@@ -0,0 +1,47 @@
+cff-version: 1.2.0
+title: Privacy Guides
+message: 'If you reference this website, please cite it in your work.'
+type: software
+authors:
+  - email: jonah@privacyguides.org
+    given-names: Jonah
+    family-names: Aragon
+    orcid: 'https://orcid.org/0000-0001-6996-4965'
+  - name: The Privacy Guides team
+    website: 'https://github.com/orgs/privacyguides/people'
+repository-code: 'https://github.com/privacyguides/privacyguides.org'
+references:
+  - authors:
+    - family-names: Donath
+      given-names: Martin
+    title: 'mkdocs-material'
+    type: software
+    repository-code: 'https://github.com/squidfunk/mkdocs-material'
+preferred-citation:
+  type: website
+  title: Privacy Guides
+  authors:
+    - email: jonah@privacyguides.org
+      given-names: Jonah
+      family-names: Aragon
+      orcid: 'https://orcid.org/0000-0001-6996-4965'
+    - given-names: Daniel
+      family-names: Gray
+      email: dngray@privacyguides.org
+    - name: The Privacy Guides team
+      website: 'https://github.com/orgs/privacyguides/people'
+    - name: Various project contributors
+  url: 'https://www.privacyguides.org'
+  abstract: >-
+    Privacy Guides is a socially motivated website that
+    provides information for protecting your data
+    security and privacy. We are a non-profit
+    collective operated entirely by volunteer team
+    members and contributors.
+  keywords:
+    - privacy
+    - surveillance
+    - encryption
+    - website
+    - markdown
+  license: CC0-1.0

Pipfile

@@ -11,6 +11,7 @@ mkdocs-git-revision-date-localized-plugin = "*"
 typing-extensions = "*"
 mkdocs-minify-plugin = "*"
 mkdocs-rss-plugin = "*"
+mkdocs-git-committers-plugin-2 = "*"
 
 [dev-packages]
 scour = "*"

Pipfile.lock

@@ -1,7 +1,7 @@
 {
     "_meta": {
         "hash": {
-            "sha256": "ce0d93277762e5052d095796291285ed1ff44183570f08ebfa71b76619eee48e"
+            "sha256": "ce2630991a262d8ca83cfc13f70347f8fdd9f9d07c281ea753f5fc52f3aebbd6"
         },
         "pipfile-spec": 6,
         "requires": {
@@ -18,11 +18,11 @@
     "default": {
         "babel": {
             "hashes": [
-                "sha256:3f349e85ad3154559ac4930c3918247d319f21910d5ce4b25d439ed8693b98d2",
-                "sha256:98aeaca086133efb3e1e2aad0396987490c8425929ddbcfe0550184fdc54cd13"
+                "sha256:7614553711ee97490f732126dc077f8d0ae084ebc6a96e23db1482afabdb2c51",
+                "sha256:ff56f4892c1c4bf0d814575ea23471c230d544203c7748e8c68f0089478d48eb"
             ],
             "markers": "python_version >= '3.6'",
-            "version": "==2.10.1"
+            "version": "==2.10.3"
         },
         "cairocffi": {
             "hashes": [
@@ -41,74 +41,88 @@
         },
         "certifi": {
             "hashes": [
-                "sha256:9c5705e395cd70084351dd8ad5c41e65655e08ce46f2ec9cf6c2c08390f71eb7",
-                "sha256:f1d53542ee8cbedbe2118b5686372fb33c297fcd6379b050cca0ef13a597382a"
+                "sha256:84c85a9078b11105f04f3036a9482ae10e4621616db313fe045dd24743a0820d",
+                "sha256:fe86415d55e84719d75f8b69414f6438ac3547d2078ab91b67e779ef69378412"
             ],
             "markers": "python_version >= '3.6'",
-            "version": "==2022.5.18.1"
+            "version": "==2022.6.15"
         },
         "cffi": {
             "hashes": [
-                "sha256:00c878c90cb53ccfaae6b8bc18ad05d2036553e6d9d1d9dbcf323bbe83854ca3",
-                "sha256:0104fb5ae2391d46a4cb082abdd5c69ea4eab79d8d44eaaf79f1b1fd806ee4c2",
-                "sha256:06c48159c1abed75c2e721b1715c379fa3200c7784271b3c46df01383b593636",
-                "sha256:0808014eb713677ec1292301ea4c81ad277b6cdf2fdd90fd540af98c0b101d20",
-                "sha256:10dffb601ccfb65262a27233ac273d552ddc4d8ae1bf93b21c94b8511bffe728",
-                "sha256:14cd121ea63ecdae71efa69c15c5543a4b5fbcd0bbe2aad864baca0063cecf27",
-                "sha256:17771976e82e9f94976180f76468546834d22a7cc404b17c22df2a2c81db0c66",
-                "sha256:181dee03b1170ff1969489acf1c26533710231c58f95534e3edac87fff06c443",
-                "sha256:23cfe892bd5dd8941608f93348c0737e369e51c100d03718f108bf1add7bd6d0",
-                "sha256:263cc3d821c4ab2213cbe8cd8b355a7f72a8324577dc865ef98487c1aeee2bc7",
-                "sha256:2756c88cbb94231c7a147402476be2c4df2f6078099a6f4a480d239a8817ae39",
-                "sha256:27c219baf94952ae9d50ec19651a687b826792055353d07648a5695413e0c605",
-                "sha256:2a23af14f408d53d5e6cd4e3d9a24ff9e05906ad574822a10563efcef137979a",
-                "sha256:31fb708d9d7c3f49a60f04cf5b119aeefe5644daba1cd2a0fe389b674fd1de37",
-                "sha256:3415c89f9204ee60cd09b235810be700e993e343a408693e80ce7f6a40108029",
-                "sha256:3773c4d81e6e818df2efbc7dd77325ca0dcb688116050fb2b3011218eda36139",
-                "sha256:3b96a311ac60a3f6be21d2572e46ce67f09abcf4d09344c49274eb9e0bf345fc",
-                "sha256:3f7d084648d77af029acb79a0ff49a0ad7e9d09057a9bf46596dac9514dc07df",
-                "sha256:41d45de54cd277a7878919867c0f08b0cf817605e4eb94093e7516505d3c8d14",
-                "sha256:4238e6dab5d6a8ba812de994bbb0a79bddbdf80994e4ce802b6f6f3142fcc880",
-                "sha256:45db3a33139e9c8f7c09234b5784a5e33d31fd6907800b316decad50af323ff2",
-                "sha256:45e8636704eacc432a206ac7345a5d3d2c62d95a507ec70d62f23cd91770482a",
-                "sha256:4958391dbd6249d7ad855b9ca88fae690783a6be9e86df65865058ed81fc860e",
-                "sha256:4a306fa632e8f0928956a41fa8e1d6243c71e7eb59ffbd165fc0b41e316b2474",
-                "sha256:57e9ac9ccc3101fac9d6014fba037473e4358ef4e89f8e181f8951a2c0162024",
-                "sha256:59888172256cac5629e60e72e86598027aca6bf01fa2465bdb676d37636573e8",
-                "sha256:5e069f72d497312b24fcc02073d70cb989045d1c91cbd53979366077959933e0",
-                "sha256:64d4ec9f448dfe041705426000cc13e34e6e5bb13736e9fd62e34a0b0c41566e",
-                "sha256:6dc2737a3674b3e344847c8686cf29e500584ccad76204efea14f451d4cc669a",
-                "sha256:74fdfdbfdc48d3f47148976f49fab3251e550a8720bebc99bf1483f5bfb5db3e",
-                "sha256:75e4024375654472cc27e91cbe9eaa08567f7fbdf822638be2814ce059f58032",
-                "sha256:786902fb9ba7433aae840e0ed609f45c7bcd4e225ebb9c753aa39725bb3e6ad6",
-                "sha256:8b6c2ea03845c9f501ed1313e78de148cd3f6cad741a75d43a29b43da27f2e1e",
-                "sha256:91d77d2a782be4274da750752bb1650a97bfd8f291022b379bb8e01c66b4e96b",
-                "sha256:91ec59c33514b7c7559a6acda53bbfe1b283949c34fe7440bcf917f96ac0723e",
-                "sha256:920f0d66a896c2d99f0adbb391f990a84091179542c205fa53ce5787aff87954",
-                "sha256:a5263e363c27b653a90078143adb3d076c1a748ec9ecc78ea2fb916f9b861962",
-                "sha256:abb9a20a72ac4e0fdb50dae135ba5e77880518e742077ced47eb1499e29a443c",
-                "sha256:c2051981a968d7de9dd2d7b87bcb9c939c74a34626a6e2f8181455dd49ed69e4",
-                "sha256:c21c9e3896c23007803a875460fb786118f0cdd4434359577ea25eb556e34c55",
-                "sha256:c2502a1a03b6312837279c8c1bd3ebedf6c12c4228ddbad40912d671ccc8a962",
-                "sha256:d4d692a89c5cf08a8557fdeb329b82e7bf609aadfaed6c0d79f5a449a3c7c023",
-                "sha256:da5db4e883f1ce37f55c667e5c0de439df76ac4cb55964655906306918e7363c",
-                "sha256:e7022a66d9b55e93e1a845d8c9eba2a1bebd4966cd8bfc25d9cd07d515b33fa6",
-                "sha256:ef1f279350da2c586a69d32fc8733092fd32cc8ac95139a00377841f59a3f8d8",
-                "sha256:f54a64f8b0c8ff0b64d18aa76675262e1700f3995182267998c31ae974fbc382",
-                "sha256:f5c7150ad32ba43a07c4479f40241756145a1f03b43480e058cfd862bf5041c7",
-                "sha256:f6f824dc3bce0edab5f427efcfb1d63ee75b6fcb7282900ccaf925be84efb0fc",
-                "sha256:fd8a250edc26254fe5b33be00402e6d287f562b6a5b2152dec302fa15bb3e997",
-                "sha256:ffaa5c925128e29efbde7301d8ecaf35c8c60ffbcd6a1ffd3a552177c8e5e796"
+                "sha256:00a9ed42e88df81ffae7a8ab6d9356b371399b91dbdf0c3cb1e84c03a13aceb5",
+                "sha256:03425bdae262c76aad70202debd780501fabeaca237cdfddc008987c0e0f59ef",
+                "sha256:04ed324bda3cda42b9b695d51bb7d54b680b9719cfab04227cdd1e04e5de3104",
+                "sha256:0e2642fe3142e4cc4af0799748233ad6da94c62a8bec3a6648bf8ee68b1c7426",
+                "sha256:173379135477dc8cac4bc58f45db08ab45d228b3363adb7af79436135d028405",
+                "sha256:198caafb44239b60e252492445da556afafc7d1e3ab7a1fb3f0584ef6d742375",
+                "sha256:1e74c6b51a9ed6589199c787bf5f9875612ca4a8a0785fb2d4a84429badaf22a",
+                "sha256:2012c72d854c2d03e45d06ae57f40d78e5770d252f195b93f581acf3ba44496e",
+                "sha256:21157295583fe8943475029ed5abdcf71eb3911894724e360acff1d61c1d54bc",
+                "sha256:2470043b93ff09bf8fb1d46d1cb756ce6132c54826661a32d4e4d132e1977adf",
+                "sha256:285d29981935eb726a4399badae8f0ffdff4f5050eaa6d0cfc3f64b857b77185",
+                "sha256:30d78fbc8ebf9c92c9b7823ee18eb92f2e6ef79b45ac84db507f52fbe3ec4497",
+                "sha256:320dab6e7cb2eacdf0e658569d2575c4dad258c0fcc794f46215e1e39f90f2c3",
+                "sha256:33ab79603146aace82c2427da5ca6e58f2b3f2fb5da893ceac0c42218a40be35",
+                "sha256:3548db281cd7d2561c9ad9984681c95f7b0e38881201e157833a2342c30d5e8c",
+                "sha256:3799aecf2e17cf585d977b780ce79ff0dc9b78d799fc694221ce814c2c19db83",
+                "sha256:39d39875251ca8f612b6f33e6b1195af86d1b3e60086068be9cc053aa4376e21",
+                "sha256:3b926aa83d1edb5aa5b427b4053dc420ec295a08e40911296b9eb1b6170f6cca",
+                "sha256:3bcde07039e586f91b45c88f8583ea7cf7a0770df3a1649627bf598332cb6984",
+                "sha256:3d08afd128ddaa624a48cf2b859afef385b720bb4b43df214f85616922e6a5ac",
+                "sha256:3eb6971dcff08619f8d91607cfc726518b6fa2a9eba42856be181c6d0d9515fd",
+                "sha256:40f4774f5a9d4f5e344f31a32b5096977b5d48560c5592e2f3d2c4374bd543ee",
+                "sha256:4289fc34b2f5316fbb762d75362931e351941fa95fa18789191b33fc4cf9504a",
+                "sha256:470c103ae716238bbe698d67ad020e1db9d9dba34fa5a899b5e21577e6d52ed2",
+                "sha256:4f2c9f67e9821cad2e5f480bc8d83b8742896f1242dba247911072d4fa94c192",
+                "sha256:50a74364d85fd319352182ef59c5c790484a336f6db772c1a9231f1c3ed0cbd7",
+                "sha256:54a2db7b78338edd780e7ef7f9f6c442500fb0d41a5a4ea24fff1c929d5af585",
+                "sha256:5635bd9cb9731e6d4a1132a498dd34f764034a8ce60cef4f5319c0541159392f",
+                "sha256:59c0b02d0a6c384d453fece7566d1c7e6b7bae4fc5874ef2ef46d56776d61c9e",
+                "sha256:5d598b938678ebf3c67377cdd45e09d431369c3b1a5b331058c338e201f12b27",
+                "sha256:5df2768244d19ab7f60546d0c7c63ce1581f7af8b5de3eb3004b9b6fc8a9f84b",
+                "sha256:5ef34d190326c3b1f822a5b7a45f6c4535e2f47ed06fec77d3d799c450b2651e",
+                "sha256:6975a3fac6bc83c4a65c9f9fcab9e47019a11d3d2cf7f3c0d03431bf145a941e",
+                "sha256:6c9a799e985904922a4d207a94eae35c78ebae90e128f0c4e521ce339396be9d",
+                "sha256:70df4e3b545a17496c9b3f41f5115e69a4f2e77e94e1d2a8e1070bc0c38c8a3c",
+                "sha256:7473e861101c9e72452f9bf8acb984947aa1661a7704553a9f6e4baa5ba64415",
+                "sha256:8102eaf27e1e448db915d08afa8b41d6c7ca7a04b7d73af6514df10a3e74bd82",
+                "sha256:87c450779d0914f2861b8526e035c5e6da0a3199d8f1add1a665e1cbc6fc6d02",
+                "sha256:8b7ee99e510d7b66cdb6c593f21c043c248537a32e0bedf02e01e9553a172314",
+                "sha256:91fc98adde3d7881af9b59ed0294046f3806221863722ba7d8d120c575314325",
+                "sha256:94411f22c3985acaec6f83c6df553f2dbe17b698cc7f8ae751ff2237d96b9e3c",
+                "sha256:98d85c6a2bef81588d9227dde12db8a7f47f639f4a17c9ae08e773aa9c697bf3",
+                "sha256:9ad5db27f9cabae298d151c85cf2bad1d359a1b9c686a275df03385758e2f914",
+                "sha256:a0b71b1b8fbf2b96e41c4d990244165e2c9be83d54962a9a1d118fd8657d2045",
+                "sha256:a0f100c8912c114ff53e1202d0078b425bee3649ae34d7b070e9697f93c5d52d",
+                "sha256:a591fe9e525846e4d154205572a029f653ada1a78b93697f3b5a8f1f2bc055b9",
+                "sha256:a5c84c68147988265e60416b57fc83425a78058853509c1b0629c180094904a5",
+                "sha256:a66d3508133af6e8548451b25058d5812812ec3798c886bf38ed24a98216fab2",
+                "sha256:a8c4917bd7ad33e8eb21e9a5bbba979b49d9a97acb3a803092cbc1133e20343c",
+                "sha256:b3bbeb01c2b273cca1e1e0c5df57f12dce9a4dd331b4fa1635b8bec26350bde3",
+                "sha256:cba9d6b9a7d64d4bd46167096fc9d2f835e25d7e4c121fb2ddfc6528fb0413b2",
+                "sha256:cc4d65aeeaa04136a12677d3dd0b1c0c94dc43abac5860ab33cceb42b801c1e8",
+                "sha256:ce4bcc037df4fc5e3d184794f27bdaab018943698f4ca31630bc7f84a7b69c6d",
+                "sha256:cec7d9412a9102bdc577382c3929b337320c4c4c4849f2c5cdd14d7368c5562d",
+                "sha256:d400bfb9a37b1351253cb402671cea7e89bdecc294e8016a707f6d1d8ac934f9",
+                "sha256:d61f4695e6c866a23a21acab0509af1cdfd2c013cf256bbf5b6b5e2695827162",
+                "sha256:db0fbb9c62743ce59a9ff687eb5f4afbe77e5e8403d6697f7446e5f609976f76",
+                "sha256:dd86c085fae2efd48ac91dd7ccffcfc0571387fe1193d33b6394db7ef31fe2a4",
+                "sha256:e00b098126fd45523dd056d2efba6c5a63b71ffe9f2bbe1a4fe1716e1d0c331e",
+                "sha256:e229a521186c75c8ad9490854fd8bbdd9a0c9aa3a524326b55be83b54d4e0ad9",
+                "sha256:e263d77ee3dd201c3a142934a086a4450861778baaeeb45db4591ef65550b0a6",
+                "sha256:ed9cb427ba5504c1dc15ede7d516b84757c3e3d7868ccc85121d9310d27eed0b",
+                "sha256:fa6693661a4c91757f4412306191b6dc88c1703f780c8234035eac011922bc01",
+                "sha256:fcd131dd944808b5bdb38e6f5b53013c5aa4f334c5cad0c72742f6eba4b73db0"
             ],
-            "version": "==1.15.0"
+            "version": "==1.15.1"
         },
         "charset-normalizer": {
             "hashes": [
-                "sha256:2857e29ff0d34db842cd7ca3230549d1a697f96ee6d3fb071cfa6c7393832597",
-                "sha256:6881edbebdb17b39b4eaaa821b438bf6eddffb4468cf344f09f89def34a8b1df"
+                "sha256:5189b6f22b01957427f35b6a08d9a0bc45b46d3788ef5a92e978433c7a35f8a5",
+                "sha256:575e708016ff3a5e3681541cb9d79312c416835686d054a23accb873b254f413"
             ],
-            "markers": "python_version >= '3.0'",
-            "version": "==2.0.12"
+            "markers": "python_version >= '3.6'",
+            "version": "==2.1.0"
         },
         "click": {
             "hashes": [
@@ -174,24 +188,24 @@
                 "sha256:84d9dd047ffa80596e0f246e2eab0b391788b0503584e8945f2368256d2735ff",
                 "sha256:9d643ff0a55b762d5cdb124b8eaa99c66322e2157b69160bc32796e824360e6d"
             ],
-            "markers": "python_version >= '3.0'",
+            "markers": "python_version >= '3.5'",
             "version": "==3.3"
         },
         "importlib-metadata": {
             "hashes": [
-                "sha256:5d26852efe48c0a32b0509ffbc583fda1a2266545a78d104a6f4aff3db17d700",
-                "sha256:c58c8eb8a762858f49e18436ff552e83914778e50e9d2f1660535ffb364552ec"
+                "sha256:637245b8bab2b6502fcbc752cc4b7a6f6243bb02b31c5c26156ad103d3d45670",
+                "sha256:7401a975809ea1fdc658c3aa4f78cc2195a0e019c5cbc4c06122884e9ae80c23"
             ],
             "markers": "python_version < '3.10'",
-            "version": "==4.11.4"
+            "version": "==4.12.0"
         },
         "jinja2": {
             "hashes": [
-                "sha256:077ce6014f7b40d03b47d1f1ca4b0fc8328a692bd284016f806ed0eaca390ad8",
-                "sha256:611bb273cd68f3b993fabdc4064fc858c5b47a973cb5aa7999ec1ba405c87cd7"
+                "sha256:31351a702a408a9e7595a8fc6150fc3f43bb6bf7e319770cbc0db9df9437e852",
+                "sha256:6088930bfe239f0e6710546ab9c19c9ef35e29792895fed6e6e31a023a182a61"
             ],
-            "markers": "python_version >= '3.6'",
-            "version": "==3.0.3"
+            "markers": "python_version >= '3.7'",
+            "version": "==3.1.2"
         },
         "jsmin": {
             "hashes": [
@@ -201,70 +215,79 @@
         },
         "lxml": {
             "hashes": [
-                "sha256:078306d19a33920004addeb5f4630781aaeabb6a8d01398045fcde085091a169",
-                "sha256:0c1978ff1fd81ed9dcbba4f91cf09faf1f8082c9d72eb122e92294716c605428",
-                "sha256:1010042bfcac2b2dc6098260a2ed022968dbdfaf285fc65a3acf8e4eb1ffd1bc",
-                "sha256:1d650812b52d98679ed6c6b3b55cbb8fe5a5460a0aef29aeb08dc0b44577df85",
-                "sha256:20b8a746a026017acf07da39fdb10aa80ad9877046c9182442bf80c84a1c4696",
-                "sha256:2403a6d6fb61c285969b71f4a3527873fe93fd0abe0832d858a17fe68c8fa507",
-                "sha256:24f5c5ae618395ed871b3d8ebfcbb36e3f1091fd847bf54c4de623f9107942f3",
-                "sha256:28d1af847786f68bec57961f31221125c29d6f52d9187c01cd34dc14e2b29430",
-                "sha256:31499847fc5f73ee17dbe1b8e24c6dafc4e8d5b48803d17d22988976b0171f03",
-                "sha256:31ba2cbc64516dcdd6c24418daa7abff989ddf3ba6d3ea6f6ce6f2ed6e754ec9",
-                "sha256:330bff92c26d4aee79c5bc4d9967858bdbe73fdbdbacb5daf623a03a914fe05b",
-                "sha256:5045ee1ccd45a89c4daec1160217d363fcd23811e26734688007c26f28c9e9e7",
-                "sha256:52cbf2ff155b19dc4d4100f7442f6a697938bf4493f8d3b0c51d45568d5666b5",
-                "sha256:530f278849031b0eb12f46cca0e5db01cfe5177ab13bd6878c6e739319bae654",
-                "sha256:545bd39c9481f2e3f2727c78c169425efbfb3fbba6e7db4f46a80ebb249819ca",
-                "sha256:5804e04feb4e61babf3911c2a974a5b86f66ee227cc5006230b00ac6d285b3a9",
-                "sha256:5a58d0b12f5053e270510bf12f753a76aaf3d74c453c00942ed7d2c804ca845c",
-                "sha256:5f148b0c6133fb928503cfcdfdba395010f997aa44bcf6474fcdd0c5398d9b63",
-                "sha256:5f7d7d9afc7b293147e2d506a4596641d60181a35279ef3aa5778d0d9d9123fe",
-                "sha256:60d2f60bd5a2a979df28ab309352cdcf8181bda0cca4529769a945f09aba06f9",
-                "sha256:6259b511b0f2527e6d55ad87acc1c07b3cbffc3d5e050d7e7bcfa151b8202df9",
-                "sha256:6268e27873a3d191849204d00d03f65c0e343b3bcb518a6eaae05677c95621d1",
-                "sha256:627e79894770783c129cc5e89b947e52aa26e8e0557c7e205368a809da4b7939",
-                "sha256:62f93eac69ec0f4be98d1b96f4d6b964855b8255c345c17ff12c20b93f247b68",
-                "sha256:6d6483b1229470e1d8835e52e0ff3c6973b9b97b24cd1c116dca90b57a2cc613",
-                "sha256:6f7b82934c08e28a2d537d870293236b1000d94d0b4583825ab9649aef7ddf63",
-                "sha256:6fe4ef4402df0250b75ba876c3795510d782def5c1e63890bde02d622570d39e",
-                "sha256:719544565c2937c21a6f76d520e6e52b726d132815adb3447ccffbe9f44203c4",
-                "sha256:730766072fd5dcb219dd2b95c4c49752a54f00157f322bc6d71f7d2a31fecd79",
-                "sha256:74eb65ec61e3c7c019d7169387d1b6ffcfea1b9ec5894d116a9a903636e4a0b1",
-                "sha256:7993232bd4044392c47779a3c7e8889fea6883be46281d45a81451acfd704d7e",
-                "sha256:80bbaddf2baab7e6de4bc47405e34948e694a9efe0861c61cdc23aa774fcb141",
-                "sha256:86545e351e879d0b72b620db6a3b96346921fa87b3d366d6c074e5a9a0b8dadb",
-                "sha256:891dc8f522d7059ff0024cd3ae79fd224752676447f9c678f2a5c14b84d9a939",
-                "sha256:8a31f24e2a0b6317f33aafbb2f0895c0bce772980ae60c2c640d82caac49628a",
-                "sha256:8b99ec73073b37f9ebe8caf399001848fced9c08064effdbfc4da2b5a8d07b93",
-                "sha256:986b7a96228c9b4942ec420eff37556c5777bfba6758edcb95421e4a614b57f9",
-                "sha256:a1547ff4b8a833511eeaceacbcd17b043214fcdb385148f9c1bc5556ca9623e2",
-                "sha256:a2bfc7e2a0601b475477c954bf167dee6d0f55cb167e3f3e7cefad906e7759f6",
-                "sha256:a3c5f1a719aa11866ffc530d54ad965063a8cbbecae6515acbd5f0fae8f48eaa",
-                "sha256:a9f1c3489736ff8e1c7652e9dc39f80cff820f23624f23d9eab6e122ac99b150",
-                "sha256:aa0cf4922da7a3c905d000b35065df6184c0dc1d866dd3b86fd961905bbad2ea",
-                "sha256:ad4332a532e2d5acb231a2e5d33f943750091ee435daffca3fec0a53224e7e33",
-                "sha256:b2582b238e1658c4061ebe1b4df53c435190d22457642377fd0cb30685cdfb76",
-                "sha256:b6fc2e2fb6f532cf48b5fed57567ef286addcef38c28874458a41b7837a57807",
-                "sha256:b92d40121dcbd74831b690a75533da703750f7041b4bf951befc657c37e5695a",
-                "sha256:bbab6faf6568484707acc052f4dfc3802bdb0cafe079383fbaa23f1cdae9ecd4",
-                "sha256:c0b88ed1ae66777a798dc54f627e32d3b81c8009967c63993c450ee4cbcbec15",
-                "sha256:ce13d6291a5f47c1c8dbd375baa78551053bc6b5e5c0e9bb8e39c0a8359fd52f",
-                "sha256:db3535733f59e5605a88a706824dfcb9bd06725e709ecb017e165fc1d6e7d429",
-                "sha256:dd10383f1d6b7edf247d0960a3db274c07e96cf3a3fc7c41c8448f93eac3fb1c",
-                "sha256:e01f9531ba5420838c801c21c1b0f45dbc9607cb22ea2cf132844453bec863a5",
-                "sha256:e11527dc23d5ef44d76fef11213215c34f36af1608074561fcc561d983aeb870",
-                "sha256:e1ab2fac607842ac36864e358c42feb0960ae62c34aa4caaf12ada0a1fb5d99b",
-                "sha256:e1fd7d2fe11f1cb63d3336d147c852f6d07de0d0020d704c6031b46a30b02ca8",
-                "sha256:e9f84ed9f4d50b74fbc77298ee5c870f67cb7e91dcdc1a6915cb1ff6a317476c",
-                "sha256:ec4b4e75fc68da9dc0ed73dcdb431c25c57775383fec325d23a770a64e7ebc87",
-                "sha256:f10ce66fcdeb3543df51d423ede7e238be98412232fca5daec3e54bcd16b8da0",
-                "sha256:f63f62fc60e6228a4ca9abae28228f35e1bd3ce675013d1dfb828688d50c6e23",
-                "sha256:fa56bb08b3dd8eac3a8c5b7d075c94e74f755fd9d8a04543ae8d37b1612dd170",
-                "sha256:fa9b7c450be85bfc6cd39f6df8c5b8cbd76b5d6fc1f69efec80203f9894b885f"
+                "sha256:04da965dfebb5dac2619cb90fcf93efdb35b3c6994fea58a157a834f2f94b318",
+                "sha256:0538747a9d7827ce3e16a8fdd201a99e661c7dee3c96c885d8ecba3c35d1032c",
+                "sha256:0645e934e940107e2fdbe7c5b6fb8ec6232444260752598bc4d09511bd056c0b",
+                "sha256:079b68f197c796e42aa80b1f739f058dcee796dc725cc9a1be0cdb08fc45b000",
+                "sha256:0f3f0059891d3254c7b5fb935330d6db38d6519ecd238ca4fce93c234b4a0f73",
+                "sha256:10d2017f9150248563bb579cd0d07c61c58da85c922b780060dcc9a3aa9f432d",
+                "sha256:1355755b62c28950f9ce123c7a41460ed9743c699905cbe664a5bcc5c9c7c7fb",
+                "sha256:13c90064b224e10c14dcdf8086688d3f0e612db53766e7478d7754703295c7c8",
+                "sha256:1423631e3d51008871299525b541413c9b6c6423593e89f9c4cfbe8460afc0a2",
+                "sha256:1436cf0063bba7888e43f1ba8d58824f085410ea2025befe81150aceb123e345",
+                "sha256:1a7c59c6ffd6ef5db362b798f350e24ab2cfa5700d53ac6681918f314a4d3b94",
+                "sha256:1e1cf47774373777936c5aabad489fef7b1c087dcd1f426b621fda9dcc12994e",
+                "sha256:206a51077773c6c5d2ce1991327cda719063a47adc02bd703c56a662cdb6c58b",
+                "sha256:21fb3d24ab430fc538a96e9fbb9b150029914805d551deeac7d7822f64631dfc",
+                "sha256:27e590352c76156f50f538dbcebd1925317a0f70540f7dc8c97d2931c595783a",
+                "sha256:287605bede6bd36e930577c5925fcea17cb30453d96a7b4c63c14a257118dbb9",
+                "sha256:2aaf6a0a6465d39b5ca69688fce82d20088c1838534982996ec46633dc7ad6cc",
+                "sha256:32a73c53783becdb7eaf75a2a1525ea8e49379fb7248c3eeefb9412123536387",
+                "sha256:41fb58868b816c202e8881fd0f179a4644ce6e7cbbb248ef0283a34b73ec73bb",
+                "sha256:4780677767dd52b99f0af1f123bc2c22873d30b474aa0e2fc3fe5e02217687c7",
+                "sha256:4878e667ebabe9b65e785ac8da4d48886fe81193a84bbe49f12acff8f7a383a4",
+                "sha256:487c8e61d7acc50b8be82bda8c8d21d20e133c3cbf41bd8ad7eb1aaeb3f07c97",
+                "sha256:4beea0f31491bc086991b97517b9683e5cfb369205dac0148ef685ac12a20a67",
+                "sha256:4cfbe42c686f33944e12f45a27d25a492cc0e43e1dc1da5d6a87cbcaf2e95627",
+                "sha256:4d5bae0a37af799207140652a700f21a85946f107a199bcb06720b13a4f1f0b7",
+                "sha256:4e285b5f2bf321fc0857b491b5028c5f276ec0c873b985d58d7748ece1d770dd",
+                "sha256:57e4d637258703d14171b54203fd6822fda218c6c2658a7d30816b10995f29f3",
+                "sha256:5974895115737a74a00b321e339b9c3f45c20275d226398ae79ac008d908bff7",
+                "sha256:5ef87fca280fb15342726bd5f980f6faf8b84a5287fcc2d4962ea8af88b35130",
+                "sha256:603a464c2e67d8a546ddaa206d98e3246e5db05594b97db844c2f0a1af37cf5b",
+                "sha256:6653071f4f9bac46fbc30f3c7838b0e9063ee335908c5d61fb7a4a86c8fd2036",
+                "sha256:6ca2264f341dd81e41f3fffecec6e446aa2121e0b8d026fb5130e02de1402785",
+                "sha256:6d279033bf614953c3fc4a0aa9ac33a21e8044ca72d4fa8b9273fe75359d5cca",
+                "sha256:6d949f53ad4fc7cf02c44d6678e7ff05ec5f5552b235b9e136bd52e9bf730b91",
+                "sha256:6daa662aba22ef3258934105be2dd9afa5bb45748f4f702a3b39a5bf53a1f4dc",
+                "sha256:6eafc048ea3f1b3c136c71a86db393be36b5b3d9c87b1c25204e7d397cee9536",
+                "sha256:830c88747dce8a3e7525defa68afd742b4580df6aa2fdd6f0855481e3994d391",
+                "sha256:86e92728ef3fc842c50a5cb1d5ba2bc66db7da08a7af53fb3da79e202d1b2cd3",
+                "sha256:8caf4d16b31961e964c62194ea3e26a0e9561cdf72eecb1781458b67ec83423d",
+                "sha256:8d1a92d8e90b286d491e5626af53afef2ba04da33e82e30744795c71880eaa21",
+                "sha256:8f0a4d179c9a941eb80c3a63cdb495e539e064f8054230844dcf2fcb812b71d3",
+                "sha256:9232b09f5efee6a495a99ae6824881940d6447debe272ea400c02e3b68aad85d",
+                "sha256:927a9dd016d6033bc12e0bf5dee1dde140235fc8d0d51099353c76081c03dc29",
+                "sha256:93e414e3206779ef41e5ff2448067213febf260ba747fc65389a3ddaa3fb8715",
+                "sha256:98cafc618614d72b02185ac583c6f7796202062c41d2eeecdf07820bad3295ed",
+                "sha256:9c3a88d20e4fe4a2a4a84bf439a5ac9c9aba400b85244c63a1ab7088f85d9d25",
+                "sha256:9f36de4cd0c262dd9927886cc2305aa3f2210db437aa4fed3fb4940b8bf4592c",
+                "sha256:a60f90bba4c37962cbf210f0188ecca87daafdf60271f4c6948606e4dabf8785",
+                "sha256:a614e4afed58c14254e67862456d212c4dcceebab2eaa44d627c2ca04bf86837",
+                "sha256:ae06c1e4bc60ee076292e582a7512f304abdf6c70db59b56745cca1684f875a4",
+                "sha256:b122a188cd292c4d2fcd78d04f863b789ef43aa129b233d7c9004de08693728b",
+                "sha256:b570da8cd0012f4af9fa76a5635cd31f707473e65a5a335b186069d5c7121ff2",
+                "sha256:bcaa1c495ce623966d9fc8a187da80082334236a2a1c7e141763ffaf7a405067",
+                "sha256:bd34f6d1810d9354dc7e35158aa6cc33456be7706df4420819af6ed966e85448",
+                "sha256:be9eb06489bc975c38706902cbc6888f39e946b81383abc2838d186f0e8b6a9d",
+                "sha256:c4b2e0559b68455c085fb0f6178e9752c4be3bba104d6e881eb5573b399d1eb2",
+                "sha256:c62e8dd9754b7debda0c5ba59d34509c4688f853588d75b53c3791983faa96fc",
+                "sha256:c852b1530083a620cb0de5f3cd6826f19862bafeaf77586f1aef326e49d95f0c",
+                "sha256:d9fc0bf3ff86c17348dfc5d322f627d78273eba545db865c3cd14b3f19e57fa5",
+                "sha256:dad7b164905d3e534883281c050180afcf1e230c3d4a54e8038aa5cfcf312b84",
+                "sha256:e5f66bdf0976ec667fc4594d2812a00b07ed14d1b44259d19a41ae3fff99f2b8",
+                "sha256:e8f0c9d65da595cfe91713bc1222af9ecabd37971762cb830dea2fc3b3bb2acf",
+                "sha256:edffbe3c510d8f4bf8640e02ca019e48a9b72357318383ca60e3330c23aaffc7",
+                "sha256:eea5d6443b093e1545ad0210e6cf27f920482bfcf5c77cdc8596aec73523bb7e",
+                "sha256:ef72013e20dd5ba86a8ae1aed7f56f31d3374189aa8b433e7b12ad182c0d2dfb",
+                "sha256:f05251bbc2145349b8d0b77c0d4e5f3b228418807b1ee27cefb11f69ed3d233b",
+                "sha256:f1be258c4d3dc609e654a1dc59d37b17d7fef05df912c01fc2e15eb43a9735f3",
+                "sha256:f9ced82717c7ec65a67667bb05865ffe38af0e835cdd78728f1209c8fffe0cad",
+                "sha256:fe17d10b97fdf58155f858606bddb4e037b805a60ae023c009f760d8361a4eb8",
+                "sha256:fe749b052bb7233fe5d072fcb549221a8cb1a16725c47c37e42b0b9cb3ff2c3f"
             ],
             "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'",
-            "version": "==4.8.0"
+            "version": "==4.9.1"
         },
         "markdown": {
             "hashes": [
@@ -330,23 +353,31 @@
         },
         "mkdocs": {
             "hashes": [
-                "sha256:26bd2b03d739ac57a3e6eed0b7bcc86168703b719c27b99ad6ca91dc439aacde",
-                "sha256:b504405b04da38795fec9b2e5e28f6aa3a73bb0960cb6d5d27ead28952bd35ea"
+                "sha256:a41a2ff25ce3bbacc953f9844ba07d106233cd76c88bac1f59cb1564ac0d87ed",
+                "sha256:fda92466393127d2da830bc6edc3a625a14b436316d1caf347690648e774c4f0"
             ],
             "index": "pypi",
-            "version": "==1.3.0"
+            "version": "==1.3.1"
+        },
+        "mkdocs-git-committers-plugin-2": {
+            "hashes": [
+                "sha256:5da4d790377133d610c0c81fb4989f266b2c9bfaed74866d58af0045926c7753",
+                "sha256:69f38a84bfdc6ecd35778d888b51c40f249f52ed4d1cbc77d5464b6c1c1493f8"
+            ],
+            "index": "pypi",
+            "version": "==0.4.3"
         },
         "mkdocs-git-revision-date-localized-plugin": {
             "hashes": [
-                "sha256:f3e020b445e7b4fb4e58ccd46b07adecbca0f85ac1659e1a63e38b8779c81ba7",
-                "sha256:ffcf206b5108d9f729af6cd42377d2e0e25c080817fdad0119549ac924b526f3"
+                "sha256:38517e2084229da1a1b9460e846c2748d238c2d79efd405d1b9174a87bd81d79",
+                "sha256:4ba0e49abea3e9f6ee26e2623ff7283873da657471c61f1d0cfbb986f403316d"
             ],
             "index": "pypi",
-            "version": "==1.0.1"
+            "version": "==1.1.0"
         },
         "mkdocs-material": {
             "path": "./mkdocs-material",
-            "version": "==8.2.15+insiders.4.15.1"
+            "version": "==8.4.0+insiders.4.21.1"
         },
         "mkdocs-material-extensions": {
             "hashes": [
@@ -374,10 +405,10 @@
         },
         "mkdocs-static-i18n": {
             "hashes": [
-                "sha256:5d69b4eb284931bd048a36f923367f2a7bd0dc7b0438008dce8ca1a8feee99e2"
+                "sha256:9a13987c1a1afdb2b9f532f7c1597c2b6e747b4015f4adc1ebd65843b8bf1378"
             ],
             "index": "pypi",
-            "version": "==0.45"
+            "version": "==0.46"
         },
         "packaging": {
             "hashes": [
@@ -389,47 +420,67 @@
         },
         "pillow": {
             "hashes": [
-                "sha256:088df396b047477dd1bbc7de6e22f58400dae2f21310d9e2ec2933b2ef7dfa4f",
-                "sha256:09e67ef6e430f90caa093528bd758b0616f8165e57ed8d8ce014ae32df6a831d",
-                "sha256:0b4d5ad2cd3a1f0d1df882d926b37dbb2ab6c823ae21d041b46910c8f8cd844b",
-                "sha256:0b525a356680022b0af53385944026d3486fc8c013638cf9900eb87c866afb4c",
-                "sha256:1d4331aeb12f6b3791911a6da82de72257a99ad99726ed6b63f481c0184b6fb9",
-                "sha256:20d514c989fa28e73a5adbddd7a171afa5824710d0ab06d4e1234195d2a2e546",
-                "sha256:2b291cab8a888658d72b575a03e340509b6b050b62db1f5539dd5cd18fd50578",
-                "sha256:3f6c1716c473ebd1649663bf3b42702d0d53e27af8b64642be0dd3598c761fb1",
-                "sha256:42dfefbef90eb67c10c45a73a9bc1599d4dac920f7dfcbf4ec6b80cb620757fe",
-                "sha256:488f3383cf5159907d48d32957ac6f9ea85ccdcc296c14eca1a4e396ecc32098",
-                "sha256:4d45dbe4b21a9679c3e8b3f7f4f42a45a7d3ddff8a4a16109dff0e1da30a35b2",
-                "sha256:53c27bd452e0f1bc4bfed07ceb235663a1df7c74df08e37fd6b03eb89454946a",
-                "sha256:55e74faf8359ddda43fee01bffbc5bd99d96ea508d8a08c527099e84eb708f45",
-                "sha256:59789a7d06c742e9d13b883d5e3569188c16acb02eeed2510fd3bfdbc1bd1530",
-                "sha256:5b650dbbc0969a4e226d98a0b440c2f07a850896aed9266b6fedc0f7e7834108",
-                "sha256:66daa16952d5bf0c9d5389c5e9df562922a59bd16d77e2a276e575d32e38afd1",
-                "sha256:6e760cf01259a1c0a50f3c845f9cad1af30577fd8b670339b1659c6d0e7a41dd",
-                "sha256:7502539939b53d7565f3d11d87c78e7ec900d3c72945d4ee0e2f250d598309a0",
-                "sha256:769a7f131a2f43752455cc72f9f7a093c3ff3856bf976c5fb53a59d0ccc704f6",
-                "sha256:7c150dbbb4a94ea4825d1e5f2c5501af7141ea95825fadd7829f9b11c97aaf6c",
-                "sha256:8844217cdf66eabe39567118f229e275f0727e9195635a15e0e4b9227458daaf",
-                "sha256:8a66fe50386162df2da701b3722781cbe90ce043e7d53c1fd6bd801bca6b48d4",
-                "sha256:9370d6744d379f2de5d7fa95cdbd3a4d92f0b0ef29609b4b1687f16bc197063d",
-                "sha256:937a54e5694684f74dcbf6e24cc453bfc5b33940216ddd8f4cd8f0f79167f765",
-                "sha256:9c857532c719fb30fafabd2371ce9b7031812ff3889d75273827633bca0c4602",
-                "sha256:a4165205a13b16a29e1ac57efeee6be2dfd5b5408122d59ef2145bc3239fa340",
-                "sha256:b3fe2ff1e1715d4475d7e2c3e8dabd7c025f4410f79513b4ff2de3d51ce0fa9c",
-                "sha256:b6617221ff08fbd3b7a811950b5c3f9367f6e941b86259843eab77c8e3d2b56b",
-                "sha256:b761727ed7d593e49671d1827044b942dd2f4caae6e51bab144d4accf8244a84",
-                "sha256:baf3be0b9446a4083cc0c5bb9f9c964034be5374b5bc09757be89f5d2fa247b8",
-                "sha256:c17770a62a71718a74b7548098a74cd6880be16bcfff5f937f900ead90ca8e92",
-                "sha256:c67db410508b9de9c4694c57ed754b65a460e4812126e87f5052ecf23a011a54",
-                "sha256:d78ca526a559fb84faaaf84da2dd4addef5edb109db8b81677c0bb1aad342601",
-                "sha256:e9ed59d1b6ee837f4515b9584f3d26cf0388b742a11ecdae0d9237a94505d03a",
-                "sha256:f054b020c4d7e9786ae0404278ea318768eb123403b18453e28e47cdb7a0a4bf",
-                "sha256:f372d0f08eff1475ef426344efe42493f71f377ec52237bf153c5713de987251",
-                "sha256:f3f6a6034140e9e17e9abc175fc7a266a6e63652028e157750bd98e804a8ed9a",
-                "sha256:ffde4c6fabb52891d81606411cbfaf77756e3b561b566efd270b3ed3791fde4e"
+                "sha256:0030fdbd926fb85844b8b92e2f9449ba89607231d3dd597a21ae72dc7fe26927",
+                "sha256:030e3460861488e249731c3e7ab59b07c7853838ff3b8e16aac9561bb345da14",
+                "sha256:0ed2c4ef2451de908c90436d6e8092e13a43992f1860275b4d8082667fbb2ffc",
+                "sha256:136659638f61a251e8ed3b331fc6ccd124590eeff539de57c5f80ef3a9594e58",
+                "sha256:13b725463f32df1bfeacbf3dd197fb358ae8ebcd8c5548faa75126ea425ccb60",
+                "sha256:1536ad017a9f789430fb6b8be8bf99d2f214c76502becc196c6f2d9a75b01b76",
+                "sha256:15928f824870535c85dbf949c09d6ae7d3d6ac2d6efec80f3227f73eefba741c",
+                "sha256:17d4cafe22f050b46d983b71c707162d63d796a1235cdf8b9d7a112e97b15bac",
+                "sha256:1802f34298f5ba11d55e5bb09c31997dc0c6aed919658dfdf0198a2fe75d5490",
+                "sha256:1cc1d2451e8a3b4bfdb9caf745b58e6c7a77d2e469159b0d527a4554d73694d1",
+                "sha256:1fd6f5e3c0e4697fa7eb45b6e93996299f3feee73a3175fa451f49a74d092b9f",
+                "sha256:254164c57bab4b459f14c64e93df11eff5ded575192c294a0c49270f22c5d93d",
+                "sha256:2ad0d4df0f5ef2247e27fc790d5c9b5a0af8ade9ba340db4a73bb1a4a3e5fb4f",
+                "sha256:2c58b24e3a63efd22554c676d81b0e57f80e0a7d3a5874a7e14ce90ec40d3069",
+                "sha256:2d33a11f601213dcd5718109c09a52c2a1c893e7461f0be2d6febc2879ec2402",
+                "sha256:337a74fd2f291c607d220c793a8135273c4c2ab001b03e601c36766005f36885",
+                "sha256:37ff6b522a26d0538b753f0b4e8e164fdada12db6c6f00f62145d732d8a3152e",
+                "sha256:3d1f14f5f691f55e1b47f824ca4fdcb4b19b4323fe43cc7bb105988cad7496be",
+                "sha256:408673ed75594933714482501fe97e055a42996087eeca7e5d06e33218d05aa8",
+                "sha256:4134d3f1ba5f15027ff5c04296f13328fecd46921424084516bdb1b2548e66ff",
+                "sha256:4ad2f835e0ad81d1689f1b7e3fbac7b01bb8777d5a985c8962bedee0cc6d43da",
+                "sha256:50dff9cc21826d2977ef2d2a205504034e3a4563ca6f5db739b0d1026658e004",
+                "sha256:510cef4a3f401c246cfd8227b300828715dd055463cdca6176c2e4036df8bd4f",
+                "sha256:5aed7dde98403cd91d86a1115c78d8145c83078e864c1de1064f52e6feb61b20",
+                "sha256:69bd1a15d7ba3694631e00df8de65a8cb031911ca11f44929c97fe05eb9b6c1d",
+                "sha256:6bf088c1ce160f50ea40764f825ec9b72ed9da25346216b91361eef8ad1b8f8c",
+                "sha256:6e8c66f70fb539301e064f6478d7453e820d8a2c631da948a23384865cd95544",
+                "sha256:727dd1389bc5cb9827cbd1f9d40d2c2a1a0c9b32dd2261db522d22a604a6eec9",
+                "sha256:74a04183e6e64930b667d321524e3c5361094bb4af9083db5c301db64cd341f3",
+                "sha256:75e636fd3e0fb872693f23ccb8a5ff2cd578801251f3a4f6854c6a5d437d3c04",
+                "sha256:7761afe0126d046974a01e030ae7529ed0ca6a196de3ec6937c11df0df1bc91c",
+                "sha256:7888310f6214f19ab2b6df90f3f06afa3df7ef7355fc025e78a3044737fab1f5",
+                "sha256:7b0554af24df2bf96618dac71ddada02420f946be943b181108cac55a7a2dcd4",
+                "sha256:7c7b502bc34f6e32ba022b4a209638f9e097d7a9098104ae420eb8186217ebbb",
+                "sha256:808add66ea764ed97d44dda1ac4f2cfec4c1867d9efb16a33d158be79f32b8a4",
+                "sha256:831e648102c82f152e14c1a0938689dbb22480c548c8d4b8b248b3e50967b88c",
+                "sha256:93689632949aff41199090eff5474f3990b6823404e45d66a5d44304e9cdc467",
+                "sha256:96b5e6874431df16aee0c1ba237574cb6dff1dcb173798faa6a9d8b399a05d0e",
+                "sha256:9a54614049a18a2d6fe156e68e188da02a046a4a93cf24f373bffd977e943421",
+                "sha256:a138441e95562b3c078746a22f8fca8ff1c22c014f856278bdbdd89ca36cff1b",
+                "sha256:a647c0d4478b995c5e54615a2e5360ccedd2f85e70ab57fbe817ca613d5e63b8",
+                "sha256:a9c9bc489f8ab30906d7a85afac4b4944a572a7432e00698a7239f44a44e6efb",
+                "sha256:ad2277b185ebce47a63f4dc6302e30f05762b688f8dc3de55dbae4651872cdf3",
+                "sha256:b6d5e92df2b77665e07ddb2e4dbd6d644b78e4c0d2e9272a852627cdba0d75cf",
+                "sha256:bc431b065722a5ad1dfb4df354fb9333b7a582a5ee39a90e6ffff688d72f27a1",
+                "sha256:bdd0de2d64688ecae88dd8935012c4a72681e5df632af903a1dca8c5e7aa871a",
+                "sha256:c79698d4cd9318d9481d89a77e2d3fcaeff5486be641e60a4b49f3d2ecca4e28",
+                "sha256:cb6259196a589123d755380b65127ddc60f4c64b21fc3bb46ce3a6ea663659b0",
+                "sha256:d5b87da55a08acb586bad5c3aa3b86505f559b84f39035b233d5bf844b0834b1",
+                "sha256:dcd7b9c7139dc8258d164b55696ecd16c04607f1cc33ba7af86613881ffe4ac8",
+                "sha256:dfe4c1fedfde4e2fbc009d5ad420647f7730d719786388b7de0999bf32c0d9fd",
+                "sha256:ea98f633d45f7e815db648fd7ff0f19e328302ac36427343e4432c84432e7ff4",
+                "sha256:ec52c351b35ca269cb1f8069d610fc45c5bd38c3e91f9ab4cbbf0aebc136d9c8",
+                "sha256:eef7592281f7c174d3d6cbfbb7ee5984a671fcd77e3fc78e973d492e9bf0eb3f",
+                "sha256:f07f1f00e22b231dd3d9b9208692042e29792d6bd4f6639415d2f23158a80013",
+                "sha256:f3fac744f9b540148fa7715a435d2283b71f68bfb6d4aae24482a890aed18b59",
+                "sha256:fa768eff5f9f958270b081bb33581b4b569faabf8774726b283edb06617101dc",
+                "sha256:fac2d65901fb0fdf20363fbd345c01958a742f2dc62a8dd4495af66e3ff502a4"
             ],
             "markers": "python_version >= '3.7'",
-            "version": "==9.1.1"
+            "version": "==9.2.0"
         },
         "pycparser": {
             "hashes": [
@@ -440,19 +491,19 @@
         },
         "pygments": {
             "hashes": [
-                "sha256:5eb116118f9612ff1ee89ac96437bb6b49e8f04d8a13b514ba26f620208e26eb",
-                "sha256:dc9c10fb40944260f6ed4c688ece0cd2048414940f1cea51b8b226318411c519"
+                "sha256:56a8508ae95f98e2b9bdf93a6be5ae3f7d8af858b43e02c5a2ff083726be40c1",
+                "sha256:f643f331ab57ba3c9d89212ee4a2dabc6e94f117cf4eefde99a0574720d14c42"
             ],
             "markers": "python_version >= '3.6'",
-            "version": "==2.12.0"
+            "version": "==2.13.0"
         },
         "pymdown-extensions": {
             "hashes": [
-                "sha256:1baa22a60550f731630474cad28feb0405c8101f1a7ddc3ec0ed86ee510bcc43",
-                "sha256:5b7432456bf555ce2b0ab3c2439401084cda8110f24f6b3ecef952b8313dfa1b"
+                "sha256:3ef2d998c0d5fa7eb09291926d90d69391283561cf6306f85cd588a5eb5befa0",
+                "sha256:ec141c0f4983755349f0c8710416348d1a13753976c028186ed14f190c8061c4"
             ],
             "markers": "python_version >= '3.7'",
-            "version": "==9.4"
+            "version": "==9.5"
         },
         "pyparsing": {
             "hashes": [
@@ -472,10 +523,10 @@
         },
         "pytz": {
             "hashes": [
-                "sha256:1e760e2fe6a8163bc0b3d9a19c4f84342afa0a2affebfaa84b01b978a02ecaa7",
-                "sha256:e68985985296d9a66a881eb3193b0906246245294a881e7c8afe623866ac6a5c"
+                "sha256:220f481bdafa09c3955dfbdddb7b57780e9a94f5127e35456a48589b9e0c0197",
+                "sha256:cea221417204f2d1a2aa03ddae3e867921971d0d76f14d87abb4414415bbdcf5"
             ],
-            "version": "==2022.1"
+            "version": "==2022.2.1"
         },
         "pyyaml": {
             "hashes": [
@@ -526,91 +577,91 @@
         },
         "regex": {
             "hashes": [
-                "sha256:02543d6d5c32d361b7cc468079ba4cddaaf4a6544f655901ba1ff9d8e3f18755",
-                "sha256:036d1c1fbe69eba3ee253c107e71749cdbb4776db93d674bc0d5e28f30300734",
-                "sha256:071bcb625e890f28b7c4573124a6512ea65107152b1d3ca101ce33a52dad4593",
-                "sha256:0f8da3145f4b72f7ce6181c804eaa44cdcea313c8998cdade3d9e20a8717a9cb",
-                "sha256:0fb6cb16518ac7eff29d1e0b0cce90275dfae0f17154165491058c31d58bdd1d",
-                "sha256:0fd464e547dbabf4652ca5fe9d88d75ec30182981e737c07b3410235a44b9939",
-                "sha256:12af15b6edb00e425f713160cfd361126e624ec0de86e74f7cad4b97b7f169b3",
-                "sha256:165cc75cfa5aa0f12adb2ac6286330e7229a06dc0e6c004ec35da682b5b89579",
-                "sha256:1a07e8366115069f26822c47732122ab61598830a69f5629a37ea8881487c107",
-                "sha256:1c2de7f32fa87d04d40f54bce3843af430697aba51c3a114aa62837a0772f219",
-                "sha256:253f858a0255cd91a0424a4b15c2eedb12f20274f85731b0d861c8137e843065",
-                "sha256:275afc7352982ee947fc88f67a034b52c78395977b5fc7c9be15f7dc95b76f06",
-                "sha256:2bde99f2cdfd6db1ec7e02d68cadd384ffe7413831373ea7cc68c5415a0cb577",
-                "sha256:3241db067a7f69da57fba8bca543ac8a7ca415d91e77315690202749b9fdaba1",
-                "sha256:37903d5ca11fa47577e8952d2e2c6de28553b11c70defee827afb941ab2c6729",
-                "sha256:3dfbadb7b74d95f72f9f9dbf9778f7de92722ab520a109ceaf7927461fa85b10",
-                "sha256:3e35c50b27f36176c792738cb9b858523053bc495044d2c2b44db24376b266f1",
-                "sha256:3e9e983fc8e0d4d5ded7caa5aed39ca2cf6026d7e39801ef6f0af0b1b6cd9276",
-                "sha256:3f6bd8178cce5bb56336722d5569d19c50bba5915a69a2050c497fb921e7cb0f",
-                "sha256:43ee0df35925ae4b0cc6ee3f60b73369e559dd2ac40945044da9394dd9d3a51d",
-                "sha256:45b761406777a681db0c24686178532134c937d24448d9e085279b69e9eb7da4",
-                "sha256:46cbc5b23f85e94161b093dba1b49035697cf44c7db3c930adabfc0e6d861b95",
-                "sha256:4f2e2cef324ca9355049ee1e712f68e2e92716eba24275e6767b9bfa15f1f478",
-                "sha256:50b77622016f03989cd06ecf6b602c7a6b4ed2e3ce04133876b041d109c934ee",
-                "sha256:582ea06079a03750b5f71e20a87cd99e646d796638b5894ff85987ebf5e04924",
-                "sha256:58521abdab76583bd41ef47e5e2ddd93b32501aee4ee8cee71dee10a45ba46b1",
-                "sha256:5b9c7b6895a01204296e9523b3e12b43e013835a9de035a783907c2c1bc447f0",
-                "sha256:6165e737acb3bea3271372e8aa5ebe7226c8a8e8da1b94af2d6547c5a09d689d",
-                "sha256:66fb765b2173d90389384708e3e1d3e4be1148bd8d4d50476b1469da5a2f0229",
-                "sha256:68aed3fb0c61296bd6d234f558f78c51671f79ccb069cbcd428c2eea6fee7a5b",
-                "sha256:6a0ef57cccd8089b4249eebad95065390e56c04d4a92c51316eab4131bca96a9",
-                "sha256:709396c0c95b95045fac89b94f997410ff39b81a09863fe21002f390d48cc7d3",
-                "sha256:73ed1b06abadbf6b61f6033a07c06f36ec0ddca117e41ef2ac37056705e46458",
-                "sha256:7a608022f4593fc67518c6c599ae5abdb03bb8acd75993c82cd7a4c8100eff81",
-                "sha256:7c4d9770e579eb11b582b2e2fd19fa204a15cb1589ae73cd4dcbb63b64f3e828",
-                "sha256:7dbc96419ef0fb6ac56626014e6d3a345aeb8b17a3df8830235a88626ffc8d84",
-                "sha256:7f271d0831d8ebc56e17b37f9fa1824b0379221d1238ae77c18a6e8c47f1fdce",
-                "sha256:82b7fc67e49fdce671bdbec1127189fc979badf062ce6e79dc95ef5e07a8bf92",
-                "sha256:85b7ee4d0c7a46296d884f6b489af8b960c4291d76aea4b22fd4fbe05e6ec08e",
-                "sha256:8b747cef8e5dcdaf394192d43a0c02f5825aeb0ecd3d43e63ae500332ab830b0",
-                "sha256:8bf867ba71856414a482e4b683500f946c300c4896e472e51d3db8dfa8dc8f32",
-                "sha256:8e0da7ef160d4f3eb3d4d3e39a02c3c42f7dbcfce62c81f784cc99fc7059765f",
-                "sha256:8e7d33f93cdd01868327d834d0f5bb029241cd293b47d51b96814dec27fc9b4b",
-                "sha256:92183e9180c392371079262879c6532ccf55f808e6900df5d9f03c9ca8807255",
-                "sha256:92ad03f928675ca05b79d3b1d3dfc149e2226d57ed9d57808f82105d511d0212",
-                "sha256:97af238389cb029d63d5f2d931a7e8f5954ad96e812de5faaed373b68e74df86",
-                "sha256:9913bcf730eb6e9b441fb176832eea9acbebab6035542c7c89d90c803f5cd3be",
-                "sha256:9dae5affbb66178dad6c6fd5b02221ca9917e016c75ee3945e9a9563eb1fbb6f",
-                "sha256:a850f5f369f1e3b6239da7fb43d1d029c1e178263df671819889c47caf7e4ff3",
-                "sha256:aa6daa189db9104787ff1fd7a7623ce017077aa59eaac609d0d25ba95ed251a0",
-                "sha256:aabc28f7599f781ddaeac168d0b566d0db82182cc3dcf62129f0a4fc2927b811",
-                "sha256:af1e687ffab18a75409e5e5d6215b6ccd41a5a1a0ea6ce9665e01253f737a0d3",
-                "sha256:b1d53835922cd0f9b74b2742453a444865a70abae38d12eb41c59271da66f38d",
-                "sha256:b2df3ede85d778c949d9bd2a50237072cee3df0a423c91f5514f78f8035bde87",
-                "sha256:b415b82e5be7389ec5ee7ee35431e4a549ea327caacf73b697c6b3538cb5c87f",
-                "sha256:b7ba3c304a4a5d8112dbd30df8b3e4ef59b4b07807957d3c410d9713abaee9a8",
-                "sha256:bcc6f7a3a95119c3568c572ca167ada75f8319890706283b9ba59b3489c9bcb3",
-                "sha256:be392d9cd5309509175a9d7660dc17bf57084501108dbff0c5a8bfc3646048c3",
-                "sha256:bea61de0c688198e3d9479344228c7accaa22a78b58ec408e41750ebafee6c08",
-                "sha256:bedb3d01ad35ea1745bdb1d57f3ee0f996f988c98f5bbae9d068c3bb3065d210",
-                "sha256:c36906a7855ec33a9083608e6cd595e4729dab18aeb9aad0dd0b039240266239",
-                "sha256:c4fdf837666f7793a5c3cfa2f2f39f03eb6c7e92e831bc64486c2f547580c2b3",
-                "sha256:cfad3a770839aa456ff9a9aa0e253d98b628d005a3ccb37da1ff9be7c84fee16",
-                "sha256:d128e278e5e554c5c022c7bed410ca851e00bacebbb4460de546a73bc53f8de4",
-                "sha256:dffd9114ade73137ab2b79a8faf864683dbd2dbbb6b23a305fbbd4cbaeeb2187",
-                "sha256:e2acf5c66fbb62b5fe4c40978ddebafa50818f00bf79d60569d9762f6356336e",
-                "sha256:e65580ae3137bce712f505ec7c2d700aef0014a3878c4767b74aff5895fc454f",
-                "sha256:e944268445b5694f5d41292c9228f0ca46d5a32a67f195d5f8547c1f1d91f4bc",
-                "sha256:ed26c3d2d62c6588e0dad175b8d8cc0942a638f32d07b80f92043e5d73b7db67",
-                "sha256:ed625205f5f26984382b68e4cbcbc08e6603c9e84c14b38457170b0cc71c823b",
-                "sha256:f2a5d9f612091812dee18375a45d046526452142e7b78c4e21ab192db15453d5",
-                "sha256:f86aef546add4ff1202e1f31e9bb54f9268f17d996b2428877283146bf9bc013",
-                "sha256:f89d26e50a4c7453cb8c415acd09e72fbade2610606a9c500a1e48c43210a42d",
-                "sha256:fb7107faf0168de087f62a2f2ed00f9e9da12e0b801582b516ddac236b871cda"
+                "sha256:02b6dc102123f5178796dcdb5a90f6e88895607fd1a1d115d8de1af8161ca2b4",
+                "sha256:0843cc977b9cc00eb2299b624db6481d25e7f5b093f7a7c2bb727028d4a26eda",
+                "sha256:085ca3dc9360c0210e0a70e5d34d66454a06077644e7679fef6358b1f053e62e",
+                "sha256:0a9d5a64e974bc5f160f30f76aaf993d49eeddb405676be6bf76a5a2c131e185",
+                "sha256:0de0ce11c0835e1117eacbfe8fa6fa98dc0e8e746b486735cb0fdebe46a02222",
+                "sha256:1418d3506a9582b23a27373f125ea2b0da523c581e7cf678a6f036254d134faa",
+                "sha256:14750172c0a616140a8f496dfef28ed24080e87d06d5838e008f959ad307a8c5",
+                "sha256:1b6d2c579ffdcbb3d93f63b6a7f697364594e1c1b6856958b3e61e3ca22c140a",
+                "sha256:1df31eaf147ecff3665ba861acb8f78221cd5501df072c9151dfa341dd24599f",
+                "sha256:21b6f939916aa61beea56393ebc8a9999060632ac22b8193c2cb67d6fd7cb2c3",
+                "sha256:2240fce3af236e4586a045c1be8bbf16c4f8831e68b7df918b72fc31a80143be",
+                "sha256:242f546fc5e49bb7395624ac3b4fc168bf454e11ace9804c58c4c3a90d84e38f",
+                "sha256:25bffa248b99b53a61b1f20fc7d19f711e38e9f0bc90d44c26670f8dc282ad7d",
+                "sha256:2ada67e02fa3fcca9e3b90cf24c2c6bc77f0abc126209937956aea10eeba40c7",
+                "sha256:2c198921afc811bc0f105c6e5150fbdebf9520c9b7d43cfc0ab156ca97f506d7",
+                "sha256:370b1d7aed26e29915c3fb3e72e327f194824a76cedb60c0b9f6c6af53e89d72",
+                "sha256:3aafbbf5076f2a48bcf31ceb42b410323daaa0ddb42544640592957bc906ace6",
+                "sha256:3d3d769b3d485b28d6a591b46723dbacc696e6503f48a3ef52e6fc2c90edb482",
+                "sha256:3d83fd6dd4263595d0e4f595d4abd54397cbed52c0147f7dd148a7b72910301e",
+                "sha256:45cb798095b886e4df6ff4a1f7661eb70620ccdef127e3c3e00a1aaa22d30e53",
+                "sha256:4bd9443f7ff6e6288dd4496215c5d903f851e55cbc09d5963587af0c6d565a0a",
+                "sha256:4bdfd016ab12c4075ef93f025b3cf4c8962b9b7a5e52bb7039ab64cb7755930c",
+                "sha256:4c6554073e3e554fbb3dff88376ada3da32ca789ea1b9e381f684d49ddb61199",
+                "sha256:4dad9d68574e93e1e23be53b4ecfb0f083bd5cc08cc7f1984a4ee3ebf12aa446",
+                "sha256:4e12a3c2d4781ee5d03f229c940934fa1e4ea4f4995e68ab97a2815b139e0804",
+                "sha256:53c9eca0d6070a8a3de42182ad26daf90ba12132eb74a2f45702332762aff84e",
+                "sha256:5910bb355f9517309f77101238dbacb7151ede3434a2f1fad26ecc62f13d8324",
+                "sha256:5c77eab46f3a2b2cd8bbe06467df783543bf7396df431eb4a144cc4b89e9fb3c",
+                "sha256:5d541bc430a74c787684d1ebcd205a5212a88c3de73848143e77489b2c25b911",
+                "sha256:5e7c8f9f8824143c219dd93cdc733c20d2c12f154034c89bcb4911db8e45bd92",
+                "sha256:5f14430535645712f546f1e07013507d1cc0c8abd851811dacce8c7fb584bf52",
+                "sha256:6059ae91667932d256d9dc03abd3512ebcade322b3a42d1b8354bd1db7f66dcc",
+                "sha256:61f6966371fa1cbf26c6209771a02bef80336cdaca0c0af4dfa33d51019c0b93",
+                "sha256:62d56a9d3c1e5a83076db4da060dad7ea35ac2f3cbd3c53ba5a51fe0caedb500",
+                "sha256:634f090a388351eadf1dcc1d168a190718fb68efb4b8fdc1b119cf837ca01905",
+                "sha256:64ecfcc386420192fbe98fdde777d993f7f2dfec9552e4f4024d3447d3a3e637",
+                "sha256:6af38997f178889d417851bae8fb5c00448f7405cfcab38734d771f1dd5d5973",
+                "sha256:6b30c8d299ba48ee919064628fd8bc296bdc6e4827d315491bea39437130d3e1",
+                "sha256:6f0c8807bac16984901c0573725bad786f2f004f9bd5df8476c6431097b6c5b3",
+                "sha256:6f62c8a59f6b8e608880c61b138ae22668184bc266b025d33200dcf2cebe0872",
+                "sha256:74d4aabd612d32282f3cb3ebb4436046fb840d25c754157a755bc9f66e7cd307",
+                "sha256:7658d2dfc1dabfb008ffe12ae47b98559e2aedd8237bee12f5aafb74d90479e3",
+                "sha256:777ceea2860a48e9e362a4e2a9a691782ea97bd05c24627c92e876fdd2c22e61",
+                "sha256:79f34d5833cd0d53ecf48bc030e4da3216bd4846224d17eeb64509be5cb098fd",
+                "sha256:7a52d547259495a53e61e37ffc6d5cecf8d298aeb1bc0d9b25289d65ddb31183",
+                "sha256:840063aa8eeb1dda07d7d7dee15648838bffef1d415f5f79061854a182a429aa",
+                "sha256:8e8ec94d1b1a0a297c2c69a0bf000baf9a79607ca0c084f577f811a9b447c319",
+                "sha256:95fb62a3980cf43e76c2fe95edab06ec70dc495b8aa660975eb9f0b2ffdae1e1",
+                "sha256:9668da78bcc219542467f51c2cd01894222be6aceec4b5efb806705900b794d8",
+                "sha256:99a7c5786de9e92ff5ffee2e8bed745f5d25495206f3f14656c379031e518334",
+                "sha256:a1e283ad918df44bad3ccf042c2fe283c63d17617570eb91b8c370ef677b0b83",
+                "sha256:a25d251546acb5edb1635631c4ae0e330fa4ec7c6316c01d256728fbfb9bbff2",
+                "sha256:abe1adb32e2535aaa171e8b2b2d3f083f863c9974a3e6e7dae6bf4827fc8b983",
+                "sha256:ae85112da2d826b65aa7c7369c56ca41d9a89644312172979cbee5cf788e0b09",
+                "sha256:b3379a83dc63fe06538c751961f9ed730b5d7f08f96a57bbad8d52db5820df1f",
+                "sha256:b3c7c6c4aac19b964c1d12784aecae7f0315314640b0f41dd6f0d4e2bf439072",
+                "sha256:b7ddecc80e87acf12c2cf12bf3721def47188c403f04e706f104b5e71fed2f31",
+                "sha256:bbaf6785d3f1cd3e617b9d0fb3c5528023ef7bc7cc1356234801dc1941df8ce9",
+                "sha256:be6f5b453f7ed2219a9555bb6840663950b9ab1dc034216f68eac64db66633c2",
+                "sha256:c2b6404631b22617b5127c6de2355393ccda693ca733a098b6802e7dabb3457a",
+                "sha256:c4f6609f6e867a58cdf173e1cbe1f3736d25962108bd5cb01ad5a130875ff2c8",
+                "sha256:c76dd2c0615a28de21c97f9f6862e84faef58ff4d700196b4e395ef6a52291e4",
+                "sha256:c78c72f7878071a78337510ec78ab856d60b4bdcd3a95fd68b939e7cb30434b3",
+                "sha256:cb0c9a1476d279524538ba9a00ecec9eadcef31a6a60b2c8bd2f29f62044a559",
+                "sha256:ccb986e80674c929f198464bce55e995178dea26833421e2479ff04a6956afac",
+                "sha256:cfa62063c5eafb04e4435459ce15746b4ae6c14efeae8f16bd0e3d2895dad698",
+                "sha256:d13bd83284b46c304eb10de93f8a3f2c80361f91f4e8a4e1273caf83e16c4409",
+                "sha256:d76e585368388d99ddd2f95989e6ac80a8fe23115e93931faad99fa34550612f",
+                "sha256:dc32029b9cc784a529f9201289d4f841cc24a2ae3126a112cd467bc41bbc2f10",
+                "sha256:e0b55651db770b4b5a6c7d015f24d1a6ede307296bbdf0c47fc5f6a6adc7abee",
+                "sha256:e37886929ee83a5fa5c73164abada00e7f3cc1cbf3f8f6e1e8cfecae9d6cfc47",
+                "sha256:f7b88bc7306136b123fd1a9beed16ca02900ee31d1c36e73fa33d9e525a5562d",
+                "sha256:fac611bde2609a46fcbd92da7171286faa2f5c191f84d22f61cd7dc27213f51d",
+                "sha256:fafed60103132e74cdfbd651abe94801eb87a9765ce275b3dca9af8f3e06622a"
             ],
             "markers": "python_version >= '3.6'",
-            "version": "==2022.4.24"
+            "version": "==2022.8.17"
         },
         "requests": {
             "hashes": [
-                "sha256:68d7c56fd5a8999887728ef304a6d12edc7be74f1cfa47714fc8b414525c9a61",
-                "sha256:f22fa1e554c9ddfd16e6e41ac79759e17be9e492b3587efa038054674760e72d"
+                "sha256:7c5599b102feddaa661c826c56ab4fee28bfd17f5abca1ebbe3e7f19d7c97983",
+                "sha256:8fefa2a1a1365bf5520aac41836fbee479da67864514bdb821f31ce07ce65349"
             ],
-            "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5'",
-            "version": "==2.27.1"
+            "markers": "python_version >= '3.7' and python_version < '4'",
+            "version": "==2.28.1"
         },
         "six": {
             "hashes": [
@@ -638,50 +689,50 @@
         },
         "typing-extensions": {
             "hashes": [
-                "sha256:6657594ee297170d19f67d55c05852a874e7eb634f4f753dbd667855e07c1708",
-                "sha256:f1c24655a0da0d1b67f07e17a5e6b2a105894e6824b92096378bb3668ef02376"
+                "sha256:25642c956049920a5aa49edcdd6ab1e06d7e5d467fc00e0506c44ac86fbfca02",
+                "sha256:e6d2677a32f47fc7eb2795db1dd15c1f34eff616bcaf2cfb5e997f854fa1c4a6"
             ],
             "index": "pypi",
-            "version": "==4.2.0"
+            "version": "==4.3.0"
         },
         "urllib3": {
             "hashes": [
-                "sha256:44ece4d53fb1706f667c9bd1c648f5469a2ec925fcf3a776667042d645472c14",
-                "sha256:aabaf16477806a5e1dd19aa41f8c2b7950dd3c746362d7e3223dbe6de6ac448e"
+                "sha256:c33ccba33c819596124764c23a97d25f32b28433ba0dedeb77d873a38722c9bc",
+                "sha256:ea6e8fb210b19d950fab93b60c9009226c63a28808bc8386e05301e25883ac0a"
             ],
-            "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' and python_version < '4'",
-            "version": "==1.26.9"
+            "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5' and python_version < '4'",
+            "version": "==1.26.11"
         },
         "watchdog": {
             "hashes": [
-                "sha256:036ed15f7cd656351bf4e17244447be0a09a61aaa92014332d50719fc5973bc0",
-                "sha256:0c520009b8cce79099237d810aaa19bc920941c268578436b62013b2f0102320",
-                "sha256:0fb60c7d31474b21acba54079ce9ff0136411183e9a591369417cddb1d7d00d7",
-                "sha256:156ec3a94695ea68cfb83454b98754af6e276031ba1ae7ae724dc6bf8973b92a",
-                "sha256:1ae17b6be788fb8e4d8753d8d599de948f0275a232416e16436363c682c6f850",
-                "sha256:1e5d0fdfaa265c29dc12621913a76ae99656cf7587d03950dfeb3595e5a26102",
-                "sha256:24dedcc3ce75e150f2a1d704661f6879764461a481ba15a57dc80543de46021c",
-                "sha256:2962628a8777650703e8f6f2593065884c602df7bae95759b2df267bd89b2ef5",
-                "sha256:47598fe6713fc1fee86b1ca85c9cbe77e9b72d002d6adeab9c3b608f8a5ead10",
-                "sha256:4978db33fc0934c92013ee163a9db158ec216099b69fce5aec790aba704da412",
-                "sha256:5e2e51c53666850c3ecffe9d265fc5d7351db644de17b15e9c685dd3cdcd6f97",
-                "sha256:676263bee67b165f16b05abc52acc7a94feac5b5ab2449b491f1a97638a79277",
-                "sha256:68dbe75e0fa1ba4d73ab3f8e67b21770fbed0651d32ce515cd38919a26873266",
-                "sha256:6d03149126864abd32715d4e9267d2754cede25a69052901399356ad3bc5ecff",
-                "sha256:6ddf67bc9f413791072e3afb466e46cc72c6799ba73dea18439b412e8f2e3257",
-                "sha256:746e4c197ec1083581bb1f64d07d1136accf03437badb5ff8fcb862565c193b2",
-                "sha256:7721ac736170b191c50806f43357407138c6748e4eb3e69b071397f7f7aaeedd",
-                "sha256:88ef3e8640ef0a64b7ad7394b0f23384f58ac19dd759da7eaa9bc04b2898943f",
-                "sha256:aa68d2d9a89d686fae99d28a6edf3b18595e78f5adf4f5c18fbfda549ac0f20c",
-                "sha256:b962de4d7d92ff78fb2dbc6a0cb292a679dea879a0eb5568911484d56545b153",
-                "sha256:ce7376aed3da5fd777483fe5ebc8475a440c6d18f23998024f832134b2938e7b",
-                "sha256:ddde157dc1447d8130cb5b8df102fad845916fe4335e3d3c3f44c16565becbb7",
-                "sha256:efcc8cbc1b43902571b3dce7ef53003f5b97fe4f275fe0489565fc6e2ebe3314",
-                "sha256:f9ee4c6bf3a1b2ed6be90a2d78f3f4bbd8105b6390c04a86eb48ed67bbfa0b0b",
-                "sha256:fed4de6e45a4f16e4046ea00917b4fe1700b97244e5d114f594b4a1b9de6bed8"
+                "sha256:083171652584e1b8829581f965b9b7723ca5f9a2cd7e20271edf264cfd7c1412",
+                "sha256:117ffc6ec261639a0209a3252546b12800670d4bf5f84fbd355957a0595fe654",
+                "sha256:186f6c55abc5e03872ae14c2f294a153ec7292f807af99f57611acc8caa75306",
+                "sha256:195fc70c6e41237362ba720e9aaf394f8178bfc7fa68207f112d108edef1af33",
+                "sha256:226b3c6c468ce72051a4c15a4cc2ef317c32590d82ba0b330403cafd98a62cfd",
+                "sha256:247dcf1df956daa24828bfea5a138d0e7a7c98b1a47cf1fa5b0c3c16241fcbb7",
+                "sha256:255bb5758f7e89b1a13c05a5bceccec2219f8995a3a4c4d6968fe1de6a3b2892",
+                "sha256:43ce20ebb36a51f21fa376f76d1d4692452b2527ccd601950d69ed36b9e21609",
+                "sha256:4f4e1c4aa54fb86316a62a87b3378c025e228178d55481d30d857c6c438897d6",
+                "sha256:5952135968519e2447a01875a6f5fc8c03190b24d14ee52b0f4b1682259520b1",
+                "sha256:64a27aed691408a6abd83394b38503e8176f69031ca25d64131d8d640a307591",
+                "sha256:6b17d302850c8d412784d9246cfe8d7e3af6bcd45f958abb2d08a6f8bedf695d",
+                "sha256:70af927aa1613ded6a68089a9262a009fbdf819f46d09c1a908d4b36e1ba2b2d",
+                "sha256:7a833211f49143c3d336729b0020ffd1274078e94b0ae42e22f596999f50279c",
+                "sha256:8250546a98388cbc00c3ee3cc5cf96799b5a595270dfcfa855491a64b86ef8c3",
+                "sha256:97f9752208f5154e9e7b76acc8c4f5a58801b338de2af14e7e181ee3b28a5d39",
+                "sha256:9f05a5f7c12452f6a27203f76779ae3f46fa30f1dd833037ea8cbc2887c60213",
+                "sha256:a735a990a1095f75ca4f36ea2ef2752c99e6ee997c46b0de507ba40a09bf7330",
+                "sha256:ad576a565260d8f99d97f2e64b0f97a48228317095908568a9d5c786c829d428",
+                "sha256:b530ae007a5f5d50b7fbba96634c7ee21abec70dc3e7f0233339c81943848dc1",
+                "sha256:bfc4d351e6348d6ec51df007432e6fe80adb53fd41183716017026af03427846",
+                "sha256:d3dda00aca282b26194bdd0adec21e4c21e916956d972369359ba63ade616153",
+                "sha256:d9820fe47c20c13e3c9dd544d3706a2a26c02b2b43c993b62fcd8011bcc0adb3",
+                "sha256:ed80a1628cee19f5cfc6bb74e173f1b4189eb532e705e2a13e3250312a62e0c9",
+                "sha256:ee3e38a6cc050a8830089f79cbec8a3878ec2fe5160cdb2dc8ccb6def8552658"
             ],
             "markers": "python_version >= '3.6'",
-            "version": "==2.1.8"
+            "version": "==2.1.9"
         },
         "webencodings": {
             "hashes": [
@@ -692,11 +743,11 @@
         },
         "zipp": {
             "hashes": [
-                "sha256:56bf8aadb83c24db6c4b577e13de374ccfb67da2078beba1d037c17980bf43ad",
-                "sha256:c4f6e5bbf48e74f7a38e7cc5b0480ff42b0ae5178957d564d18932525d5cf099"
+                "sha256:05b45f1ee8f807d0cc928485ca40a07cb491cf092ff587c0df9cb1fd154848d2",
+                "sha256:47c40d7fe183a6f21403a199b3e4192cca5774656965b0a4988ad2f8feb5f009"
             ],
             "markers": "python_version >= '3.7'",
-            "version": "==3.8.0"
+            "version": "==3.8.1"
         }
     },
     "develop": {

README.md

@@ -58,6 +58,14 @@ Our current list of team members can be found [here](https://github.com/orgs/pri
   - Browse our [open issues](https://github.com/privacyguides/privacyguides.org/issues) to see what needs to be updated
   - View some contribution tips on our [contributor's wiki](https://github.com/privacyguides/privacyguides.org/wiki)
 
+### Blog
+
+We aspire to publish the best articles about privacy on the net. From hot-takes to long-form essays, we are looking for stylish and well-written pieces.
+
+This not a place for sponsored content or SEO-obsessed posts. Please do **not** pitch us this, as we don't take kindly to it and your email will be blocked. *Caveat scriptor.*
+
+Submit stories or requests to: `freddy@privacyguides.org`
+
 ## Mirrors
 
 [![GitHub](https://img.shields.io/static/v1?logo=github&label=&message=GitHub&color=000&style=for-the-badge)](https://github.com/privacyguides/privacyguides.org)
@@ -67,14 +75,17 @@ Our current list of team members can be found [here](https://github.com/orgs/pri
 
 ## Developing
 
+Committing to this repository requires [signing your commits](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits) (`git config commit.gpgsign true`) unless you are making edits via the GitHub.com text editor interface. As of August 2022 the preferred signing method is [SSH commit signatures](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification#ssh-commit-signature-verification), but GPG signing is also acceptable. You should add your signing key to your GitHub profile.
+
 This website uses [`mkdocs-material-insiders`](https://squidfunk.github.io/mkdocs-material/insiders/) which offers additional functionality over the open-source `mkdocs-material` project. For obvious reasons we cannot distribute access to the insiders repository. You can install the website locally with the open-source version of `mkdocs-material`:
 
-1. Clone this repository: 
-    - `git clone https://github.com/privacyguides/privacyguides.org.git`
+1. Clone this repository:
+    - `git clone https://github.com/privacyguides/privacyguides.org.git` (then `cd privacyguides.org`)
     - `git submodule init`
     - `git submodule update docs/assets/brand`
+    - `git config gpg.ssh.allowedSignersFile .allowed_signers`
 2. Install [Python 3.6+](https://www.python.org/downloads/)
-3. Install [dependencies](/Pipfile): `pip install mkdocs mkdocs-material mkdocs-static-i18n mkdocs-git-revision-date-localized-plugin mkdocs-minify-plugin mkdocs-rss-plugin typing-extensions`
+3. Install [dependencies](/Pipfile): `pip install mkdocs mkdocs-material mkdocs-static-i18n typing-extensions`
 4. Serve the site locally: `mkdocs serve`
     - The site will be available at `http://localhost:8000`
     - You can build the site locally with `mkdocs build`
@@ -83,24 +94,27 @@ This website uses [`mkdocs-material-insiders`](https://squidfunk.github.io/mkdoc
 **Team members** should clone the repository with `mkdocs-material-insiders` directly. This method is identical to production:
 
 1. Clone this repository and submodules: `git clone --recurse-submodules https://github.com/privacyguides/privacyguides.org.git`
-2. Install [Python 3.6+](https://www.python.org/downloads/)
-3. Install **pipenv**: `pip install pipenv`
-4. Install dependencies: `pipenv install --dev`
-5. Serve the site locally: `pipenv run mkdocs serve`
+2. Enable SSH commit verification with our local [`.allowed_signers`](/.allowed_signers) file: `git config gpg.ssh.allowedSignersFile .allowed_signers`
+3. Install Python **3.7**
+4. Install **pipenv**: `pip install pipenv`
+5. Install dependencies: `pipenv install --dev`
+6. Serve the site locally: `pipenv run mkdocs serve --config-file mkdocs.production.yml`
     - The site will be available at `http://localhost:8000`
     - You can build the site locally with `pipenv run mkdocs build`
     - This version of the site should be identical to the live, production version
 
+If you commit to `main` with commits signed with your SSH key, you should add your SSH key to [`.allowed_signers`](/.allowed_signers) in this repo.
+
 ## Releasing
 
 1. Create a new tag: `git tag -s v2.X.X -m 'Some message'`
     - [View existing tags](https://github.com/privacyguides/privacyguides.org/tags)
-    - Tag [numbering](https://semver.org/): Increment the MINOR (2nd) number when making significant changes (adding/deleting pages, etc.), increment the PATCH (3rd) number when making minor changes (typos, bug fixes). Probably leave the MAJOR number at 2 until a massive redesign (v1 -> v2 was the Jekyll to MkDocs transition).
+    - Tag [numbering](https://semver.org/): Increment the MINOR (2nd) number when making significant changes (adding/deleting pages, etc.), increment the PATCH (3rd) number when making minor changes (typos, bug fixes). Probably leave the MAJOR number at 2 until a massive revamp (v1 -> v2 was the Jekyll to MkDocs transition).
 2. Push the tag to GitHub: `git push --tags`
 3. [Create a new release](https://github.com/privacyguides/privacyguides.org/releases/new) selecting the new tag
-    - Title the release the same as the tag version number without the `v`, i.e. `2.X.X`
-      - For more significant releases, add a **short** title, for example [2.3.0 - Localization Support](https://github.com/privacyguides/privacyguides.org/releases/tag/v2.3.0) or [2.2.0 - Removing Social Networks](https://github.com/privacyguides/privacyguides.org/releases/tag/v2.2.0)
+    - Title the release the same as the tag version number, i.e. `v2.X.X`
+      - For more significant releases, add a **short** title, for example [v2.3.0 - Localization Support](https://github.com/privacyguides/privacyguides.org/releases/tag/v2.3.0) or [v2.2.0 - Removing Social Networks](https://github.com/privacyguides/privacyguides.org/releases/tag/v2.2.0)
     - GitHub should let you auto-generate release notes based on PR titles
-      - Mark more significant changes in bold, see [2.3.0](https://github.com/privacyguides/privacyguides.org/releases/tag/v2.3.0) for example
+      - Mark more significant changes in bold, see [v2.12.0](https://github.com/privacyguides/privacyguides.org/releases/tag/v2.12.0) for example
 4. Publish release, it will be deployed to the live site automatically
     - When publishing more significant releases (generally any with a MINOR version increment) check the "Create a discussion for this release" box to post an announcement

docs/advanced/erasing-data.md

@@ -34,5 +34,3 @@ Physical destruction may be necessary to securely erase devices such as memory c
 Securely shredding **individual files** is difficult if not impossible. Copies can exist in a variety of ways such as through manual, or automatic backups, [wear leveling](https://en.wikipedia.org/wiki/Wear_leveling) (on modern [flash storage](https://en.wikipedia.org/wiki/Solid-state_drive)), caching and filesystem [journaling](https://en.wikipedia.org/wiki/Journaling_file_system).
 
 Wear leveled devices do not guarantee a fixed relationship between [logical blocks addressed](https://en.wikipedia.org/wiki/Logical_block_addressing) through the interface. This means that the physical locations in which the data is stored may be different to where it is actually located, so shredding may not provide adequate security.
-
---8<-- "includes/abbreviations.en.md"

docs/advanced/integrating-metadata-removal.en.md

@@ -7,11 +7,11 @@ When sharing files, it's important to remove associated metadata. Image files co
 
 While there are plenty of metadata removal tools, they typically aren't convenient to use. The guides featured here aim to detail how to integrate metadata removal tools in a simple fashion by utilizing easy-to-access system features.
 
-- [Recommended metadata removal tools :hero-arrow-circle-right-fill:](../metadata-removal-tools.md)
+- [Recommended metadata removal tools :hero-arrow-circle-right-fill:](../data-redaction.md)
 
 ## macOS
 
-This guide uses the [Shortcuts](https://support.apple.com/guide/shortcuts-mac/intro-to-shortcuts-apdf22b0444c/mac) app to add an [ExifTool](../metadata-removal-tools.md#exiftool) script to the *Quick Actions* context menu within Finder. Shortcuts is developed by Apple and bundled in with macOS by default.
+This guide uses the [Shortcuts](https://support.apple.com/guide/shortcuts-mac/intro-to-shortcuts-apdf22b0444c/mac) app to add an [ExifTool](../data-redaction.md#exiftool) script to the *Quick Actions* context menu within Finder. Shortcuts is developed by Apple and bundled in with macOS by default.
 
 Shortcuts is quite intuitive to work with, so if you don't like the behavior demoed here then experiment with your own solution. For example, you could set the shortcut to take a clipboard input instead. The sky's the limit.
 
@@ -78,8 +78,8 @@ Shortcuts is quite intuitive to work with, so if you don't like the behavior dem
 
 [Shortcuts](https://support.apple.com/guide/shortcuts/welcome/ios) can be made accessible through the system Share Sheet, making accessing those shortcuts very convenient. This guide will show you how to build a metadata removal shortcut and integrate it into the system *Share Sheet*.
 
-!!! attention
-    This method of metadata removal is not as comprehensive at removing metadata as utilities like [ExifTool](../metadata-removal-tools.md#exiftool) and [mat2](../metadata-removal-tools.md#mat2) are.
+!!! warning
+    This method of metadata removal is not as comprehensive at removing metadata as utilities like [ExifTool](../data-redaction.md#exiftool) and [mat2](../data-redaction.md#mat2) are.
 
 The lack of *good* metadata removal apps on the App Store is what makes this solution worthwhile.
 
@@ -120,7 +120,7 @@ The lack of *good* metadata removal apps on the App Store is what makes this sol
 
 ## Windows
 
-Windows allows you to place files in a **SendTo** folder which then appear in the *Send to* context menu. This guide will show you how to add an [ExifTool](../metadata-removal-tools.md#exiftool) batch script to this menu.
+Windows allows you to place files in a **SendTo** folder which then appear in the *Send to* context menu. This guide will show you how to add an [ExifTool](../data-redaction.md#exiftool) batch script to this menu.
 
 ![Send to metadata removal shortcut](../assets/img/integrating-metadata-removal/preview-windows.jpg)
 
@@ -160,5 +160,3 @@ Windows allows you to place files in a **SendTo** folder which then appear in th
 ### Using the shortcut
 
 1. Right click a supported file and choose **ExifTool.bat** within the *Send to* context menu.
-
---8<-- "includes/abbreviations.en.md"

docs/advanced/signal-configuration-hardening.en.md

@@ -0,0 +1,260 @@
+---
+title: "Signal Configuration and Hardening"
+icon: 'material/chat-processing'
+---
+
+[Signal](../real-time-communication.md#signal) is a widely regarded instant messaging service that is not only easy to use but is also private and secure. Signal's strong E2EE implementation and metadata protections provide a level of assurance that only you and your intended recipients are able to read communications.
+
+This guide details actions you can take to configure and harden Signal in accordance with your [threat model](../basics/threat-modeling.md).
+
+## Signal Configuration
+
+### Signal PIN
+
+When you register for Signal with your phone number, you will be asked to set up a Signal PIN. This PIN can be used to recover your profile, settings, contacts and who you've blocked in case you ever lose or switch devices.
+
+Additionally, your Signal PIN can also double as a registration lock that prevents others from registering with your number.
+
+!!! attention "Registration Lock"
+
+    The server will not enforce the registration lock after 7 days of inactivity. After that, someone will be able to reset the PIN at registration and register with your phone number. This will wipe the data stored in your Signal account, as it is encrypted by the PIN, but it won't prevent someone from registering with your number provided that they can receive a text on it.
+
+If you haven't set up a Signal PIN, or have previously opted out of setting one up, follow these steps on Android/iOS:
+
+- Select :material-dots-vertical: **Settings** > **Account** > **Signal PIN**
+- Select **Create new PIN**
+
+Signal will prompt you to enter a PIN. We suggest using a strong alphanumeric PIN that can be stored in a [password manager](../passwords.md).
+
+Once you have done that, or if you already have set up a PIN, make sure that **Registration Lock** is also enabled.
+
+- Select :material-dots-vertical: **Settings** > **Account** > **Signal PIN**
+- [x] Turn on **Registration Lock**
+
+!!! Important
+
+    If you forget the PIN and have enabled a registration lock, you may be locked out of your account for up to 7 days.
+
+You can learn more about Signal PIN on [Signal's website](https://support.signal.org/hc/en-us/articles/360007059792-Signal-PIN).
+
+### Safety Numbers
+
+Safety numbers are a feature in Signal that allows you to ensure that messages are delivered securely between verified devices.
+
+It is best practice to always compare safety numbers with your contacts. This can be done in a couple of ways:
+
+- Scanning your contact's QR code while viewing their safety number.
+- Comparing the safety numbers on both ends, be it visually or audibly.
+
+!!! Important
+
+    In order for safety numbers to also verify that the intended recipient has access to the device you're verifying, you need a secondary communication channel where you can authenticate the person that is holding the device. For example, an in-person meeting or during a video call.
+
+To view the safety number for a particular contact, you need to follow these steps within Signal:
+
+- Go to a chat with a contact.
+- Select the chat header or :material-dots-vertical: > **View Safety Number**
+
+Once you've compared the safety numbers on both devices, you can mark that contact as **Verified**.
+
+A checkmark will appear in the chat header by your contact's name when the safety number is marked as verified. It will remain verified unless the safety number changes or you manually change the verification status.
+
+After doing that, any time the safety number changes, you'll be notified.
+
+If the safety number with one of your contacts changes, we recommend asking the contact what happened (if they switched to a new device or re-installed Signal, for example) and verify the safety numbers again.
+
+For more demanding threat models, you should agree on a protocol with your contacts in advance on what to do in case the safety number ever changes.
+
+You can learn more about safety numbers on [Signal's website](https://support.signal.org/hc/en-us/articles/360007060632-What-is-a-safety-number-and-why-do-I-see-that-it-changed-).
+
+### Disappearing Messages
+
+While communication in Signal is E2EE, the messages are still available on the devices, unless they are manually deleted.
+
+It is good practice to set up disappearing messages in Signal's settings so that any chats you start will disappear after a specified amount of time has passed.
+
+On Android/iOS:
+
+- Select :material-dots-vertical: **Settings** > **Privacy**
+- Under **Disappearing messages**, select **Default timer for new chats**
+- Select the desired amount of time and select **Save**
+
+!!! tip "Override the global default for specific contacts"
+
+    - Go to a chat with a contact
+    - Select :material-dots-vertical: on the top right
+    - Select **Disappearing messages**
+    - Select the desired amount of time and select **Save**
+
+We recommend setting up a reasonable timer by default, such as one week, and adjusting it per contact as you see fit.
+
+!!! tip "Snapchat-like Functionality"
+
+    Signal allows you to send "view-once" media that are automatically removed from the conversation after they have been viewed.
+
+### Disable Link Previews
+
+Signal offers the ability to retrieve previews of webpages linked within a conversation.
+
+This means that when you send a link, a request will be sent to that website so that a preview of the website can be displayed alongside the link. Thus, we recommend disabling link previews.
+
+Your recipient doesn't make any requests unless they open the link on their end.
+
+On Android/iOS:
+
+- Select :material-dots-vertical: **Settings** > **Chats**
+- [ ] Turn off **Generate link previews**
+
+### Screen Security
+
+Signal allows you to prevent a preview of the app being shown (i.e., in the app switcher) unless you explicitly open it.
+
+On Android:
+
+- Select :material-dots-vertical: **Settings** > **Privacy**
+- [x] Turn on **Screen Security**
+
+On iOS:
+
+- Select :material-dots-vertical: **Settings** > **Privacy**
+- [x] Turn on **Hide Screen in App Switcher**
+
+### Screen Lock
+
+If someone gets a hold of your device while it is unlocked, you run the risk of them being able to open the Signal app and look at your conversations.
+
+To mitigate this, you can leverage the Screen Lock option to require additional authentication before Signal can be accessed.
+
+On Android/iOS:
+
+- Select :material-dots-vertical: **Settings** > **Privacy**
+- [x] Turn on **Screen Lock**
+
+### Notification Privacy
+
+Even when your phone is locked, anyone who can lay eyes on the device can read messages and sender names from your lock screen.
+
+On Signal, you have the ability to hide message content and sender name, or just the message content itself.
+
+On Android:
+
+- Select :material-dots-vertical: **Settings** > **Notifications**
+- Select **Show**
+- Select **No name or message** or **Name only** respectively.
+
+On iOS:
+
+- Select :material-dots-vertical: **Settings** > **Notifications**
+- Select **Show**
+- Select **No name or Content** or **Name Only** respectively.
+
+### Call Relaying
+
+Signal allows you to relay all calls (including video calls) through the Signal server to avoid revealing your IP address to your contact. This may reduce call quality.
+
+On Android/iOS:
+
+- Select :material-dots-vertical: **Settings** > **Privacy** > **Advanced**
+- [x] Turn on **Always Relay Calls**
+
+For incoming calls from people who are not in your Contacts app, the call will be relayed through the Signal server regardless of how you've set it up.
+
+### Proxy Support
+
+If Signal is blocked in your country, Signal allows you to set up a proxy to bypass it.
+
+!!! Warning
+
+    All traffic remains opaque to the proxy operator. However, the censoring party could learn that you are using Signal through a proxy because the app [fails to route all the IP connections to the proxy](https://community.signalusers.org/t/traffic-not-routed-to-tls-proxies-can-expose-users-to-censors/27479).
+
+You can learn more about Signal's proxy support on their [website](https://support.signal.org/hc/en-us/articles/360056052052-Proxy-Support).
+
+### Disable Signal Call History (iOS)
+
+Signal allows you to see your call history from your regular phone app. This allows your iOS device to sync your call history with iCloud, including who you spoke to, when, and for how long.
+
+If you use iCloud and you don’t want to share call history on Signal, confirm it’s turned off:
+
+- Select :material-dots-vertical: **Settings** > **Privacy**
+- [ ] Turn off **Show Calls in Recents**
+
+## Signal Hardening
+
+### Avoid Device Linking
+
+While it may be tempting to link your Signal account to your desktop device for convenience, keep in mind that this extends your trust to an additional and potentially less secure operating system.
+
+If your threat model calls for it, avoid linking your Signal account to a desktop device to reduce your attack surface.
+
+### Endpoint Security
+
+Signal takes security very seriously, however there is only so much an app can do to protect you.
+
+It is very important to take device security on both ends into account to ensure that your conversations are kept private.
+
+We recommend an up-to-date [GrapheneOS](/android/#grapheneos) or iOS device.
+
+### Molly (Android)
+
+On Android you can consider using **Molly**, a fork of the Signal mobile client which aims to provide extensive hardening and anti-forensic features.
+
+!!! recommendation
+
+    ![Molly logo](../assets/img/messengers/molly.svg){ align=right }
+
+    **Molly** is an independent Signal fork which offers additional security features, including locking the app at rest, securely shredding unused RAM data, routing via Tor, and more.
+
+    [:octicons-home-16: Homepage](https://molly.im/){ .md-button .md-button--primary }
+    [:octicons-eye-16:](https://signal.org/legal/#privacy-policy){ .card-link title="Privacy Policy" }
+    [:octicons-info-16:](https://github.com/mollyim/mollyim-android/wiki){ .card-link title=Documentation}
+    [:octicons-code-16:](https://github.com/mollyim/mollyim-android){ .card-link title="Source Code" }
+    [:octicons-heart-16:](https://opencollective.com/mollyim){ .card-link title=Contribute }
+
+    ??? downloads
+
+         - [:pg-f-droid: F-Droid](https://molly.im/download/fdroid/)
+         - [:fontawesome-brands-github: GitHub](https://github.com/mollyim/mollyim-android/releases)
+
+Molly offers two variants of the app: **Molly** and **Molly-FOSS**.
+
+The former is identical to Signal with the addition of Molly's improvements and security features. The latter, Molly-FOSS, removes Google's proprietary code, which is used for some key features (e.g., [FCM](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) and Google Maps integration), in an effort to make it fully open-source.
+
+A comparison of the two versions is available in the [project's repository](https://github.com/mollyim/mollyim-android#readme).
+
+Both versions of Molly support [reproducible builds](https://github.com/mollyim/mollyim-android/tree/main/reproducible-builds), meaning it's possible to confirm that the compiled APKs match the source code.
+
+#### Features
+
+Molly has implemented database encryption at rest, which means that you can encrypt the app's database with a passphrase to ensure that none of its data is accessible without it.
+
+!!! note
+
+    As long as Molly is locked, you will not receive notifications for any incoming messages or calls until you unlock it again.
+
+Once enabled, a configurable lock timer can be set, after which point Molly will lock itself if you haven't unlocked your device for that specific time period. Alternatively, you can manually lock the app whenever you want.
+
+For the database encryption feature to be useful, two conditions must be met:
+
+1. Molly has to be locked at the time an attacker gains access to the device. This can include a physical attack in which the attacker seizes your device and manages to unlock the device itself, or a remote attack, in which the device is compromised and manages to elevate privileges to root.
+1. If you become aware that your device has been compromised, you should not unlock Molly's database.
+
+If both of the above conditions are met, the data within Molly is safe as long as the passphrase is not accessible to the attacker.
+
+To supplement the database encryption feature, Molly securely wipes your device's RAM once the database is locked to defend against forensic analysis.
+
+While Molly is running, your data is kept in RAM. When any app closes, its data remains in RAM until another app takes the same physical memory pages. That can take seconds or days, depending on many factors. To prevent anyone from dumping the RAM to disk and extracting your data after Molly is locked, the app overrides all free RAM memory with random data when you lock the database.
+
+There is also the ability to configure a SOCKS proxy in Molly to route its traffic through the proxy or Tor (via [Orbot](../self-contained-networks.md#orbot)). When enabled, all traffic is routed through the proxy and there are no known IP or DNS leaks. When using this feature, [call relaying](#call-relaying) will always be enabled, regardless of the setting.
+
+Signal adds everyone who you have communicated with to its database. Molly allows you to delete those contacts and stop sharing your profile with them.
+
+To supplement the feature above, as well as for additional security and to fight spam, Molly offers the ability to block unknown contacts that you've never been in contact with or those that are not in your contact list without you having to manually block them.
+
+You can find a full list of Molly's [features](https://github.com/mollyim/mollyim-android#features) on the project's repository.
+
+#### Caveats
+
+- Molly does not support SMS messages within the app, unlike the official Signal app.
+- Molly removes Signal's Mobilecoin integration.
+- Molly is updated every two weeks to include the latest features and bug fixes from Signal. The exception is security issues, that are patched as soon as possible. That said, you should be aware that there might be a slight delay compared to upstream.
+- By using Molly, you are extending your trust to another party, as you now need to trust the Signal team, as well as the Molly team.

docs/android.en.md

@@ -6,7 +6,7 @@ icon: 'fontawesome/brands/android'
 These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. We also have additional Android-related information:
 
 - [General Android Overview and Recommendations :hero-arrow-circle-right-fill:](android/overview.md)
-- [GrapheneOS vs CalyxOS Comparison :hero-arrow-circle-right-fill:](android/grapheneos-vs-calyxos.md)
+- [Why we recommend GrapheneOS over CalyxOS :hero-arrow-circle-right-fill:](android/grapheneos-vs-calyxos.md)
 
 ## AOSP Derivatives
 
@@ -65,26 +65,6 @@ DivestOS implements some system hardening patches originally developed for Graph
 
     Not all of the supported devices have verified boot, and some perform it better than others.
 
-### CalyxOS
-
-!!! recommendation
-
-    ![CalyxOS logo](assets/img/android/calyxos.svg){ align=right }
-
-    **CalyxOS** is a system with some privacy features on top of AOSP, including [Datura](https://calyxos.org/docs/tech/datura-details) firewall, [Signal](https://signal.org) integration in the dialer app, and a built in panic button. CalyxOS also comes with firmware updates and signed builds, so verified boot is fully supported.
-
-    We only recommend CalyxOS as a harm reduction measure for the OnePlus 8T, OnePlus 9, and especially the Fairphone 4 if you need microG.
-
-    [:octicons-home-16: Homepage](https://calyxos.org/){ .md-button .md-button--primary }
-    [:octicons-eye-16:](https://calyxinstitute.org/legal/privacy-policy){ .card-link title="Privacy Policy" }
-    [:octicons-info-16:](https://calyxos.org/docs/){ .card-link title=Documentation}
-    [:octicons-code-16:](https://github.com/CalyxOS){ .card-link title="Source Code" }
-    [:octicons-heart-16:](https://members.calyxinstitute.org/donate){ .card-link title=Contribute }
-
-CalyxOS optionally includes [microG](https://microg.org/), a partially open-source reimplementation of Play Services which provides broader app compatibility. It also bundles in alternate location services: [Mozilla](https://location.services.mozilla.com/) and [DejaVu](https://github.com/n76/DejaVu).
-
-CalyxOS [supports](https://calyxos.org/docs/guide/device-support/) Google Pixel phones, the OnePlus 8T/9/9 Pro and the Fairphone 4.
-
 ## Android Devices
 
 When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
@@ -126,60 +106,9 @@ A few more tips for purchasing a Google Pixel:
 - Look at online community bargain sites in your country. These can alert you to good sales.
 - Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: $\text{Cost} \over \text {EOL Date }-\text{ Current Date}$, meaning that the longer use of the device the lower cost per day.
 
-### Other Devices
-
-The following OEMs are only mentioned as they have phones compatible with the operating systems recommended by us. If you are purchasing a new device, we only recommend purchasing a Google Pixel.
-
-#### OnePlus
-
-If you are unable to obtain a Google Pixel, recent OnePlus devices are the next best option if you want to run a custom OS without privileged Play Services. OnePlus 8 and later devices will receive 4 years of security updates from their initial launch date. CalyxOS has [experimental support](https://calyxos.org/news/2022/04/01/fairphone4-oneplus8t-oneplus9-test-builds/) for the **OnePlus 8T** and **9**.
-
-DivestOS has support for most OnePlus devices up to the **OnePlus 9 Pro**, with varying levels of support.
-
-#### Fairphone
-
-!!! danger
-
-    The Fairphone 3 and 4 are not secure by default, as the [stock bootloader trusts the public AVB signing key](https://forum.fairphone.com/t/bootloader-avb-keys-used-in-roms-for-fairphone-3-4/83448/11). This breaks verified boot on a stock Fairphone device, as the system will boot alternative Android operating systems such (such as /e/) [without any warning](https://source.android.com/security/verifiedboot/boot-flow#locked-devices-with-custom-root-of-trust) about custom operating system usage.
-
-    This problem is somewhat mitigated when you install a custom operating system such as CalyxOS or DivestOS and trust the developer's signing keys rather than the stock system keys, however a vulnerability in CalyxOS or DivestOS's recovery environments could still potentially allow an attacker to bypass AVB.
-
-    **To reiterate, you must install a custom operating system with custom boot keys to use Fairphone devices in a secure manner.**
-
-CalyxOS has [experimental support](https://calyxos.org/news/2022/04/01/fairphone4-oneplus8t-oneplus9-test-builds/) for the **Fairphone 4**. DivestOS has builds available for the **Fairphone 3**.
-
-Fairphone markets their devices as receiving 6 years of support. However, the SoC (Qualcomm Snapdragon 750G on the Fairphone 4) has a considerably shorter EOL date. This means that firmware security updates from Qualcomm for the Fairphone 4 will end in September 2023, regardless of whether Fairphone continues to release software security updates.
-
 ## General Apps
 
-### Orbot
-
-!!! recommendation
-
-    ![Orbot logo](assets/img/android/orbot.svg){ align=right }
-
-    **Orbot** is a free proxy app that routes your connections through the Tor Network.
-
-    [:octicons-home-16: Homepage](https://orbot.app/){ .md-button .md-button--primary }
-    [:octicons-eye-16:](https://orbot.app/privacy-policy){ .card-link title="Privacy Policy" }
-    [:octicons-info-16:](https://orbot.app/faqs){ .card-link title=Documentation}
-    [:octicons-code-16:](https://github.com/guardianproject/orbot){ .card-link title="Source Code" }
-    [:octicons-heart-16:](https://orbot.app/donate){ .card-link title=Contribute }
-
-    ??? downloads
-
-        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.torproject.android)
-        - [:pg-f-droid: F-Droid](https://guardianproject.info/fdroid)
-
-Orbot can proxy individual apps if they support SOCKS or HTTP proxying. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN killswitch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
-
-For resistance against traffic analysis attacks, consider enabling *Isolate Destination Address* in :material-menu: → **Settings** → **Connectivity**. This will use a completely different Tor Circuit (different middle relay and exit nodes) for every domain you connect to.
-
-!!! tip
-
-    Orbot is often outdated on the Guardian Project's [F-Droid repository](https://guardianproject.info/fdroid) and [Google Play](https://play.google.com/store/apps/details?id=org.torproject.android) so consider downloading directly from the [GitHub repository](https://github.com/guardianproject/orbot) instead.
-
-    All versions are signed using the same signature so they should be compatible with each other.
+We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
 
 ### Shelter
 
@@ -187,7 +116,7 @@ For resistance against traffic analysis attacks, consider enabling *Isolate Dest
 
     ![Shelter logo](assets/img/android/shelter.svg){ align=right }
 
-    **Shelter** is an app that helps you leverage the Android work profile to isolate other apps.
+    **Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
 
     Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
 
@@ -202,11 +131,9 @@ For resistance against traffic analysis attacks, consider enabling *Isolate Dest
 
 !!! warning
 
-    As CalyxOS includes a device controller, we recommend using their built-in work profile instead.
-
     Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular/) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
 
-    When using Shelter, you are placing complete trust in its developer as Shelter would be acting as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) for the work profile and has extensive access to the data stored within it.
+    When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
 
 ### Auditor
 
@@ -227,6 +154,7 @@ For resistance against traffic analysis attacks, consider enabling *Isolate Dest
 
         - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor)
         - [:fontawesome-brands-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
+        - [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
 
 Auditor performs attestation and intrusion detection by:
 
@@ -238,7 +166,7 @@ Auditor performs attestation and intrusion detection by:
 
 No personally identifiable information is submitted to the attestation service. We recommend that you sign up with an anonymous account and enable remote attestation for continuous monitoring.
 
-If your [threat model](basics/threat-modeling.md) requires privacy, you could consider using Orbot or a VPN to hide your IP address from the attestation service.
+If your [threat model](basics/threat-modeling.md) requires privacy, you could consider using [Orbot](self-contained-networks.md#orbot) or a VPN to hide your IP address from the attestation service.
 To make sure that your hardware and operating system is genuine, [perform local attestation](https://grapheneos.org/install/web#verifying-installation) immediately after the device has been installed and prior to any internet connection.
 
 ### Secure Camera
@@ -259,6 +187,7 @@ To make sure that your hardware and operating system is genuine, [perform local
 
         - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
         - [:fontawesome-brands-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
+        - [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
 
 Main privacy features include:
 
@@ -270,7 +199,7 @@ Main privacy features include:
 
     Metadata is not currently deleted from video files but that is planned.
 
-    The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [Scrambled Exif](https://gitlab.com/juanitobananas/scrambled-exif/).
+    The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](data-redaction.md#exiferaser).
 
 ### Secure PDF Viewer
 
@@ -291,28 +220,7 @@ Main privacy features include:
 
         - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
         - [:fontawesome-brands-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
-
-### PrivacyBlur
-
-!!! recommendation
-
-    ![PrivacyBlur logo](assets/img/android/privacyblur.svg){ align=right }
-
-    **PrivacyBlur** is a free app which can blur sensitive portions of pictures before sharing them online.
-
-    [:octicons-home-16: Homepage](https://privacyblur.app/){ .md-button .md-button--primary }
-    [:octicons-eye-16:](https://privacyblur.app/privacy.html){ .card-link title="Privacy Policy" }
-    [:octicons-info-16:](https://github.com/MATHEMA-GmbH/privacyblur#readme){ .card-link title=Documentation}
-    [:octicons-code-16:](https://github.com/MATHEMA-GmbH/privacyblur){ .card-link title="Source Code" }
-
-    ??? downloads
-
-        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=de.mathema.privacyblur)
-        - [:pg-f-droid: F-Droid](https://f-droid.org/en/packages/de.mathema.privacyblur/)
-
-!!! warning
-
-    You should **never** use blur to redact [text in images](https://bishopfox.com/blog/unredacter-tool-never-pixelation). If you want to redact text in an image, draw a box over the text. For this we suggest [Pocket Paint](https://github.com/Catrobat/Paintroid) or [Imagepipe](https://codeberg.org/Starfish/Imagepipe).
+        - [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
 
 ## Obtaining Applications
 
@@ -322,10 +230,28 @@ GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Ap
 
 ### Aurora Store
 
-The Google Play Store requires a Google account to login which is not great for privacy. The [Aurora Store](https://auroraoss.com/download/AuroraStore/) (a Google Play Store proxy) does not and works most of the time.
+The Google Play Store requires a Google account to login which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
+
+!!! recommendation
+
+    ![Aurora Store logo](assets/img/android/aurora-store.webp){ align=right }
+
+    **Aurora Store** is a Google Play Store client which does not require a Google Account, Google Play Services, or microG to download apps.
+
+    [:octicons-home-16: Homepage](https://auroraoss.com/){ .md-button .md-button--primary }
+    [:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
+
+    ??? downloads
+
+        - [:pg-f-droid: F-Droid](https://f-droid.org/en/packages/com.aurora.store/)
+        - [:fontawesome-brands-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
+
+Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google, however you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
 
 ### F-Droid
 
+![F-Droid logo](assets/img/android/f-droid.svg){ align=right width=120px }
+
 F-Droid is often recommended as an alternative to Google Play, particularly in the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds/) for some applications and is dedicated to free and open-source software. However, there are problems with the official F-Droid client, their quality control, and how they build, sign and deliver packages, outlined in this [post](https://wonderfall.dev/fdroid-issues/).
 
 Sometimes the official F-Droid repository may fall behind on updates. F-Droid maintainers reuse package IDs while signing apps with their own keys, which is not ideal as it does give the F-Droid team ultimate trust. The Google Play version of some apps may contain unwanted telemetry or lack features that are available in the F-Droid version.
@@ -340,8 +266,6 @@ Evaluate whether the additional features in the F-Droid build are worth the slow
 
 #### Neo Store
 
-<small><i>Neo Store is a recent rebrand of Droid-ify.</i></small>
-
 The official F-Droid client targets a [low API level](https://wonderfall.dev/fdroid-issues/#3-low-target-api-level-sdk-for-client--apps) and does not utilize the [seamless updates](https://www.androidcentral.com/google-will-finally-bring-seamless-app-updates-alternative-app-stores-android-12) feature introduced in Android 12. Targeting lower API levels means that the F-Droid client cannot take advantage of the new improvements in the application sandboxes that comes with higher API levels. For automatic updates to work, the F-Droid client requires that the [Privileged Extension](https://f-droid.org/en/packages/org.fdroid.fdroid.privileged/) be included in the operating system, granting it more privileges than what a normal app would have, which is not great for security.
 
 To mitigate these problems, we recommend [Neo Store](https://github.com/NeoApplications/Neo-Store) as it supports seamless updates on Android 12 and above without needing any special privileges and targets a higher API level.
@@ -359,17 +283,26 @@ To mitigate these problems, we recommend [Neo Store](https://github.com/NeoAppli
 
     ??? downloads
 
-        - [:fontawesome-brands-android: IzzyOnDroid (APK)](https://android.izzysoft.de/repo/apk/com.looker.droidify)
+        - [:fontawesome-brands-android: IzzyOnDroid (APK)](https://android.izzysoft.de/repo/apk/com.machiav3lli.fdroid)
         - [:fontawesome-brands-github: GitHub](https://github.com/NeoApplications/Neo-Store/releases)
 
 ### Manually with RSS Notifications
 
-If an app is released on a platform like GitHub, you may be able to add an RSS feed to your [news aggregator](/news-aggregators) that will help you be aware of new releases. Using [Secure Camera](#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) on GitHub and append `.atom` to the URL:
+For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](/news-aggregators) that will help you keep track of new releases.
+
+![RSS APK](./assets/img/android/rss-apk-light.png#only-light) ![RSS APK](./assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](./assets/img/android/rss-changes-light.png#only-light) ![APK Changes](./assets/img/android/rss-changes-dark.png#only-dark)
+
+#### GitHub
+
+On GitHub, using [Secure Camera](#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
 
 `https://github.com/GrapheneOS/Camera/releases.atom`
 
-![RSS Feed](./assets/img/android/gfeeds-light.png#only-light)
-![RSS Feed](./assets/img/android/gfeeds-dark.png#only-dark)
+#### GitLab
+
+On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
+
+`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
 
 #### Verifying APK Fingerprints
 
@@ -401,5 +334,3 @@ If you download APK files to install manually, you can verify their signature wi
     Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
     Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
     ```
-
---8<-- "includes/abbreviations.en.md"

docs/android/grapheneos-vs-calyxos.en.md

@@ -1,12 +1,15 @@
 ---
-title: "GrapheneOS vs CalyxOS"
+title: "Why we recommend GrapheneOS over CalyxOS"
 icon: 'material/cellphone-cog'
 ---
+
+GrapheneOS and CalyxOS are commonly compared as similar options for people looking for an alternative Android OS for their Pixel devices. Below are some of the reasons why we recommend GrapheneOS over CalyxOS.
+
 ## Profiles
 
 CalyxOS includes a device controller app so there is no need to install a third-party app like Shelter.
 
-GrapheneOS extends the user profile feature, allowing you to end a current session. To do this, select *End Session* which will clear the encryption key from memory. There are plans to add a [cross profile notifications system](https://github.com/GrapheneOS/os-issue-tracker/issues/88) in the future. GrapheneOS plans to introduce nested profile support with better isolation in the future.
+GrapheneOS extends the user profile feature, allowing you to end a current session. To do this, select *End Session* which will clear the encryption key from memory. GrapheneOS also provides [cross-profile notification forwarding](https://grapheneos.org/features#notification-forwarding). GrapheneOS plans to introduce nested profile support with better isolation in the future.
 
 ## Sandboxed Google Play vs Privileged microG
 
@@ -22,9 +25,11 @@ Local RF location backends like DejaVu require that the phone has a working GPS
 
 If your threat model requires protecting your location or the MAC addresses of nearby devices, rerouting location requests to the OS location API is probably the best option. The benefit brought by microG's custom location backend is minimal at best when compared to Sandboxed Play Services.
 
-In terms of application compatibility, Sandboxed Google Play on GrapheneOS outperforms microG on CalyxOS due to its support for many services which microG has not yet implemented, like [Google Play Games](https://play.google.com/googleplaygames) and [In-app Billing API](https://android-doc.github.io/google/play/billing/api.html). Larger apps, especially games, require Play Delivery to be installed, which is currently not implemented in microG. Authentication using [FIDO](../basics/multi-factor-authentication.md#fido-fast-identity-online) with online services on Android also relies on Play Services, and does not currently work with microG.
+In terms of application compatibility, Sandboxed Google Play on GrapheneOS is always going to be more compatible as it is the same code as what is released by Google. microG is a reimplementation of these services. As a result of that it only supports the various parts that have been reimplemented, meaning some things such as [Google Play Games](https://play.google.com/googleplaygames) and [In-app Billing API](https://android-doc.github.io/google/play/billing/api.html) are not yet supported.
 
-[^1]: It should be noted that microG still uses proprietary Google binaries for some of its components such as DroidGuard. Push notifications, if enabled, still go through Google's servers just like with Play Services. Outside of default microG setups like on CalyxOS, it is possible to run microG in the unprivileged `untrusted app` SELinux domain and without the signature spoofing patch. However, microG's functionality and compatibility, which is already not nearly as broad as Sandboxed Play Services, will greatly diminish.
+Larger apps, especially games, require Play Delivery to be installed, which is currently not implemented in microG. Authentication using [FIDO](../basics/multi-factor-authentication.md#fido-fast-identity-online) with online services on Android also relies on Play Services, and does not currently work with microG.
+
+[^1]: It should be noted that microG still uses proprietary Google binaries for some of its components such as DroidGuard. Push notifications, if enabled, still go through Google's servers just like with Play Services. Outside of default microG setups like on CalyxOS, it is possible to run microG in the unprivileged [`untrusted app`](https://source.android.com/security/selinux/concepts) SELinux domain and without the signature spoofing patch. However, microG's functionality and compatibility, which is already not nearly as broad as Sandboxed Play Services, will greatly diminish.
 
 ## Privileged eSIM Activation Application
 
@@ -32,7 +37,7 @@ Currently, eSIM activation is tied to a privileged proprietary application by Go
 
 On GrapheneOS, the app comes disabled and can be *optionally* enabled by the user after they have installed Sandboxed Play Services.
 
-On CalyxOS, the app comes installed by default (regardless of whether you choose to have microG or not) and cannot be opted out. This is particularly problematic, as it means Google still has access to the user's hardware identifiers regardless of whether they even need the eSIM activation or not, and can access them persistently.
+On CalyxOS, the app comes installed by default (regardless of whether you choose to have microG or not) and cannot be opted out. This means Google still has access to your hardware identifiers regardless of whether or not you need eSIM activation and can be accessed persistently.
 
 ## Privileged App Extensions
 

docs/android/overview.en.md

@@ -34,6 +34,8 @@ Verified Boot ensures the integrity of the operating system files, thereby preve
 
 Unfortunately, OEMs are only obliged to support Verified Boot on their stock Android distribution. Only a few OEMs such as Google support custom AVB key enrollment on their devices. Additionally, some AOSP derivatives such as LineageOS or /e/ OS do not support Verified Boot even on hardware with Verified Boot support for third-party operating systems. We recommend that you check for support **before** purchasing a new device. AOSP derivatives which do not support Verified Boot are **not** recommended.
 
+Many OEMs also have broken implementation of Verified Boot that you have to be aware of beyond their marketing. For example, the Fairphone 3 and 4 are not secure by default, as the [stock bootloader trusts the public AVB signing key](https://forum.fairphone.com/t/bootloader-avb-keys-used-in-roms-for-fairphone-3-4/83448/11). This breaks verified boot on a stock Fairphone device, as the system will boot alternative Android operating systems such (such as /e/) [without any warning](https://source.android.com/security/verifiedboot/boot-flow#locked-devices-with-custom-root-of-trust) about custom operating system usage.
+
 ## Firmware Updates
 
 Firmware updates are critical for maintaining security and without them your device cannot be secure. OEMs have support agreements with their partners to provide the closed-source components for a limited support period. These are detailed in the monthly [Android Security Bulletins](https://source.android.com/security/bulletin).
@@ -42,16 +44,22 @@ As the components of the phone, such as the processor and radio technologies rel
 
 EOL devices which are no longer supported by the SoC manufacturer cannot receive firmware updates from OEM vendors or after market Android distributors. This means that security issues with those devices will remain unfixed.
 
+Fairphone, for example, markets their devices as receiving 6 years of support. However, the SoC (Qualcomm Snapdragon 750G on the Fairphone 4) has a considerably shorter EOL date. This means that firmware security updates from Qualcomm for the Fairphone 4 will end in September 2023, regardless of whether Fairphone continues to release software security updates.
+
 ## Android Versions
 
 It's important to not use an [end-of-life](https://endoflife.date/android) version of Android. Newer versions of Android not only receive security updates for the operating system but also important privacy enhancing updates too. For example, [prior to Android 10](https://developer.android.com/about/versions/10/privacy/changes), any apps with the [`READ_PHONE_STATE`](https://developer.android.com/reference/android/Manifest.permission#READ_PHONE_STATE) permission could access sensitive and unique serial numbers of your phone such as [IMEI](https://en.wikipedia.org/wiki/International_Mobile_Equipment_Identity), [MEID](https://en.wikipedia.org/wiki/Mobile_equipment_identifier), your SIM card's [IMSI](https://en.wikipedia.org/wiki/International_mobile_subscriber_identity), whereas now they must be system apps to do so. System apps are only provided by the OEM or Android distribution.
 
 ## Android Permissions
 
-[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. The savings you make from not purchasing or subscribing to security apps is better spent on paying for a supported device in the future.
+[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel.
 
 Should you want to run an app that you're unsure about, consider using a user or work profile.
 
+## Media Access
+
+Quite a few applications allows you to "share" a file with them for media upload. If you want to, for example, tweet a picture to Twitter, do not grant Twitter access to your "media and photos", because it will have access to all of your pictures then. Instead, go to your file manager (documentsUI), hold onto the picture, then share it with Twitter.
+
 ## User Profiles
 
 Multiple user profiles can be found in **Settings** → **System** → **Multiple users** and are the simplest way to isolate in Android.
@@ -62,7 +70,7 @@ With user profiles, you can impose restrictions on a specific profile, such as:
 
 [Work Profiles](https://support.google.com/work/android/answer/6191949) are another way to isolate individual apps and may be more convenient than separate user profiles.
 
-A **device controller** such as [Shelter](#recommended-apps) is required, unless you're using CalyxOS which includes one.
+A **device controller** app such as [Shelter](#recommended-apps) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
 
 The work profile is dependent on a device controller to function. Features such as *File Shuttle* and *contact search blocking* or any kind of isolation features must be implemented by the controller. You must also fully trust the device controller app, as it has full access to your data inside of the work profile.
 
@@ -70,7 +78,7 @@ This method is generally less secure than a secondary user profile; however, it
 
 ## VPN Killswitch
 
-Android 7 and above supports a VPN killswitch and it is available without the need to install third-party apps. This feature can prevent leaks if the VPN is disconnected. It can be found in (:gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**).
+Android 7 and above supports a VPN killswitch and it is available without the need to install third-party apps. This feature can prevent leaks if the VPN is disconnected. It can be found in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
 
 ## Global Toggles
 
@@ -122,5 +130,3 @@ You will either be given the option to delete your advertising ID or to *Opt out
 [SafetyNet](https://developer.android.com/training/safetynet/attestation) and the [Play Integrity APIs](https://developer.android.com/google/play/integrity) are generally used for [banking apps](https://grapheneos.org/usage#banking-apps). Many banking apps will work fine in GrapheneOS with sandboxed Play services, however some non-financial apps have their own crude anti-tampering mechanisms which might fail. GrapheneOS passes the `basicIntegrity` check, but not the certification check `ctsProfileMatch`. Devices with Android 8 or later have hardware attestation support which cannot be bypassed without leaked keys or serious vulnerabilities.
 
 As for Google Wallet, we don't recommend this due to their [privacy policy](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), which states you must opt-out if you don't want your credit rating and personal information shared with affiliate marketing services.
-
---8<-- "includes/abbreviations.en.md"

docs/assets/img/android/calyxos.svg

@@ -1,2 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><g transform="matrix(.43429 0 0 .43429 -102.24 -35.595)" stroke-width=".26458"><path d="m313.4 119.93c-7.7343 13.52-22.298 22.631-38.991 22.631-16.692 0-31.256-9.1114-38.991-22.631 7.7346-13.521 22.299-22.632 38.991-22.632 16.693 0 31.257 9.1115 38.991 22.632" fill="#9acc01"/><path d="m298.61 144.6-6.8334-12.569c2.364-3.4422 3.7478-7.6102 3.7478-12.101 0-11.819-9.5811-21.4-21.4-21.4-11.819 0-21.4 9.5806-21.4 21.4 0 11.819 9.5811 21.4 21.4 21.4 4.4736 0 8.6265-1.3727 12.061-3.7206l12.422 6.9937z" fill="#231f20"/><path d="m284.91 125.24c0 5.7915-4.7106 10.502-10.502 10.502-5.7915 0-10.502-4.7106-10.502-10.502v-12.917c0-0.80301 0.65352-1.456 1.4565-1.456 0.80275 0 1.456 0.65299 1.456 1.456v7.8192c0 0.4236 0.34263 0.76623 0.76702 0.76623 8e-3 0 0.0167-2e-3 0.0257-2e-3s0.0164 2e-3 0.0251 2e-3c0.4236 0 0.7665-0.34263 0.7665-0.76623v-11.856c0-0.80354 0.65299-1.4571 1.4565-1.4571s1.4565 0.65352 1.4565 1.4571v11.166c0 0.42387 0.34343 0.76624 0.76677 0.76624 0.42254 0 0.76623-0.34264 0.76623-0.76624v-13.875c0-0.80301 0.65378-1.4555 1.4563-1.4555 0.80354 0 1.4568 0.65246 1.4568 1.4555v13.773c0 0.42413 0.34317 0.76703 0.7665 0.76703 0.42307 0 0.7665-0.34317 0.7665-0.76703v-11.37c0-0.80327 0.65352-1.4565 1.4565-1.4565 0.80327 0 1.456 0.65352 1.456 1.4565v14.555c-1.7436 0.16219-5.8518 1.0464-7.543 5.7222-0.14366 0.39793 0.0622 0.83767 0.46038 0.9824 0.0857 0.031 0.1741 0.0455 0.26009 0.0455 0.31379 0 0.60748-0.19474 0.72125-0.50536 1.7732-4.903 6.6273-4.7546 6.8313-4.7464l0.80354 0.0386v-8.0939c0-0.80301 0.7112-1.4565 1.5843-1.4565 0.87392 0 1.5841 0.65352 1.5841 1.4565v9.2625zm-1.5841-12.253c-0.57864 0-1.1192 0.15557-1.5843 0.41963v-5.4277c0-1.6486-1.3409-2.9901-2.9895-2.9901-0.53314 0-1.0327 0.14261-1.4666 0.38761-0.10398-1.555-1.3991-2.789-2.98-2.789-1.6484 0-2.9893 1.3409-2.9893 2.989v0.10001c-0.4318-0.2413-0.92763-0.381-1.4565-0.381-1.6481 0-2.9893 1.3409-2.9893 2.9901v1.4594c-0.44344-0.26035-0.95752-0.41222-1.5079-0.41222-1.6486 0-2.99 1.3404-2.99 2.9893v12.917c0 6.636 5.3991 12.035 12.036 12.035 6.636 0 12.035-5.3991 12.035-12.035v-9.2631c0-1.6484-1.3981-2.9893-3.1171-2.9893" fill="#9acc01"/></g></svg>

docs/assets/img/android/f-droid.svg

@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<svg xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cc="http://creativecommons.org/ns#" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:svg="http://www.w3.org/2000/svg" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd" xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape" width="48" height="48" viewBox="0 0 48.000001 48.000001" id="svg4230" version="1.1" inkscape:version="0.91 r13725" sodipodi:docname="fdroid-logo.svg">
+  <defs id="defs4232">
+    <linearGradient inkscape:collect="always" id="linearGradient5212">
+      <stop style="stop-color:#ffffff;stop-opacity:0.09803922" offset="0" id="stop5214"/>
+      <stop style="stop-color:#ffffff;stop-opacity:0" offset="1" id="stop5216"/>
+    </linearGradient>
+    <radialGradient inkscape:collect="always" xlink:href="#linearGradient5212" id="radialGradient5220" cx="-98.23381" cy="3.4695871" fx="-98.23381" fy="3.4695871" r="22.671185" gradientTransform="matrix(0,1.9747624,-2.117225,3.9784049e-8,8.677247,1199.588)" gradientUnits="userSpaceOnUse"/>
+    <filter inkscape:collect="always" style="color-interpolation-filters:sRGB" id="filter4175" x="-0.023846937" width="1.0476939" y="-0.02415504" height="1.0483101">
+      <feGaussianBlur inkscape:collect="always" stdDeviation="0.45053152" id="feGaussianBlur4177"/>
+    </filter>
+  </defs>
+  <sodipodi:namedview id="base" pagecolor="#ffffff" bordercolor="#666666" borderopacity="1.0" inkscape:pageopacity="0.0" inkscape:pageshadow="2" inkscape:zoom="11.313708" inkscape:cx="6.4184057" inkscape:cy="25.737489" inkscape:document-units="px" inkscape:current-layer="layer1" showgrid="true" units="px" inkscape:window-width="1920" inkscape:window-height="1009" inkscape:window-x="0" inkscape:window-y="34" inkscape:window-maximized="1" gridtolerance="10000"/>
+  <metadata id="metadata4235">
+    <rdf:RDF>
+      <cc:Work rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type rdf:resource="http://purl.org/dc/dcmitype/StillImage"/>
+        <dc:title/>
+        <cc:license rdf:resource="http://creativecommons.org/licenses/by-sa/3.0/"/>
+      </cc:Work>
+      <cc:License rdf:about="http://creativecommons.org/licenses/by-sa/3.0/">
+        <cc:permits rdf:resource="http://creativecommons.org/ns#Reproduction"/>
+        <cc:permits rdf:resource="http://creativecommons.org/ns#Distribution"/>
+        <cc:requires rdf:resource="http://creativecommons.org/ns#Notice"/>
+        <cc:requires rdf:resource="http://creativecommons.org/ns#Attribution"/>
+        <cc:permits rdf:resource="http://creativecommons.org/ns#DerivativeWorks"/>
+        <cc:requires rdf:resource="http://creativecommons.org/ns#ShareAlike"/>
+      </cc:License>
+    </rdf:RDF>
+  </metadata>
+  <g inkscape:label="Layer 1" inkscape:groupmode="layer" id="layer1" transform="translate(0,-1004.3622)">
+    <path style="color:#000000;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:medium;line-height:normal;font-family:sans-serif;text-indent:0;text-align:start;text-decoration:none;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000000;letter-spacing:normal;word-spacing:normal;text-transform:none;direction:ltr;block-progression:tb;writing-mode:lr-tb;baseline-shift:baseline;text-anchor:start;white-space:normal;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;fill:#263238;fill-opacity:0.4;fill-rule:evenodd;stroke:none;stroke-width:2.5;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;filter:url(#filter4175);color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate" d="m 2.613462,1006.3488 a 1.250125,1.250125 0 0 0 -1.01172,2.0293 l 3.60351,4.6641 c -0.12699,0.3331 -0.20312,0.6915 -0.20312,1.0703 l 0,4 0,2.8652 0,0.1348 c 0,1.662 1.338,3 3,3 l 32,0 c 1.662,0 3,-1.338 3,-3 l 0,-4 0,-2.8652 0,-0.1348 c 0,-0.3803 -0.0771,-0.74 -0.20508,-1.0742 l 3.60156,-4.6602 a 1.250125,1.250125 0 0 0 -1.04882,-2.0273 1.250125,1.250125 0 0 0 -0.92969,0.498 l -3.43164,4.4414 c -0.31022,-0.1079 -0.63841,-0.1777 -0.98633,-0.1777 l -32,0 c -0.34857,0 -0.67757,0.069 -0.98828,0.1777 l -3.4336,-4.4414 a 1.250125,1.250125 0 0 0 -0.96679,-0.5 z m 5.38867,18.7637 c -0.20775,0 -0.40983,0.021 -0.60547,0.061 -1.36951,0.2761 -2.39453,1.4698 -2.39453,2.9101 l 0,0.029 0,19.7793 0,0.029 0,0.1914 c 0,1.662 1.338,3 3,3 l 32,0 c 1.662,0 3,-1.338 3,-3 l 0,-20 0,-0.029 c 0,-1.4403 -1.02502,-2.634 -2.39453,-2.9101 -0.19565,-0.039 -0.39772,-0.061 -0.60547,-0.061 l -32,0 z" id="path4192" inkscape:connector-curvature="0"/>
+    <g id="g5012">
+      <g id="g4179" transform="matrix(-1,0,0,1,47.999779,0)">
+        <path style="fill:#8ab000;fill-opacity:1;fill-rule:evenodd;stroke:#769616;stroke-width:2.5;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" d="m 2.5889342,1006.8622 4.25,5.5" id="path4181" inkscape:connector-curvature="0" sodipodi:nodetypes="cc"/>
+        <path sodipodi:nodetypes="cccccc" inkscape:connector-curvature="0" id="path4183" d="m 2.6113281,1005.6094 c -0.4534623,0.012 -0.7616975,0.189 -0.9807462,0.4486 2.0269314,2.4089 2.368401,2.7916 5.1354735,6.2214 1.0195329,1.319 2.0816026,0.6373 1.0620696,-0.6817 l -4.25,-5.5 c -0.2289894,-0.3056 -0.5850813,-0.478 -0.9667969,-0.4883 z" style="color:#000000;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:medium;line-height:normal;font-family:sans-serif;text-indent:0;text-align:start;text-decoration:none;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000000;letter-spacing:normal;word-spacing:normal;text-transform:none;direction:ltr;block-progression:tb;writing-mode:lr-tb;baseline-shift:baseline;text-anchor:start;white-space:normal;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;fill:#ffffff;fill-opacity:0.29803923;fill-rule:evenodd;stroke:none;stroke-width:2.5;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate"/>
+        <path sodipodi:nodetypes="ccccc" inkscape:connector-curvature="0" id="path4185" d="m 1.6220992,1006.0705 c -0.1238933,0.1479 -0.561176,0.8046 -0.02249,1.5562 l 4.25,5.5 c 1.0195329,1.319 1.1498748,-0.6123 1.1498748,-0.6123 0,0 -3.7344514,-4.51 -5.3773848,-6.4439 z" style="color:#000000;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:medium;line-height:normal;font-family:sans-serif;text-indent:0;text-align:start;text-decoration:none;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000000;letter-spacing:normal;word-spacing:normal;text-transform:none;direction:ltr;block-progression:tb;writing-mode:lr-tb;baseline-shift:baseline;text-anchor:start;white-space:normal;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;fill:#263238;fill-opacity:0.2;fill-rule:evenodd;stroke:none;stroke-width:2.5;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate"/>
+        <path sodipodi:nodetypes="cscccc" inkscape:connector-curvature="0" id="path4187" d="m 2.3378905,1005.8443 c -0.438175,0 -0.959862,0.1416 -0.8242183,0.7986 0.103561,0.5016 4.6608262,6.0744 4.6608262,6.0744 1.0195329,1.319 2.4934721,0.6763 1.4739391,-0.6425 l -4.234375,-5.4727 c -0.2602394,-0.29 -0.6085188,-0.7436 -1.076172,-0.7578 z" style="color:#000000;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:medium;line-height:normal;font-family:sans-serif;text-indent:0;text-align:start;text-decoration:none;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000000;letter-spacing:normal;word-spacing:normal;text-transform:none;direction:ltr;block-progression:tb;writing-mode:lr-tb;baseline-shift:baseline;text-anchor:start;white-space:normal;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;fill:#8ab000;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:2.5;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate"/>
+      </g>
+      <g id="g4955">
+        <path sodipodi:nodetypes="cc" inkscape:connector-curvature="0" id="path4945" d="m 2.5889342,1006.8622 4.25,5.5" style="fill:#8ab000;fill-opacity:1;fill-rule:evenodd;stroke:#769616;stroke-width:2.5;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"/>
+        <path style="color:#000000;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:medium;line-height:normal;font-family:sans-serif;text-indent:0;text-align:start;text-decoration:none;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000000;letter-spacing:normal;word-spacing:normal;text-transform:none;direction:ltr;block-progression:tb;writing-mode:lr-tb;baseline-shift:baseline;text-anchor:start;white-space:normal;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;fill:#ffffff;fill-opacity:0.29803923;fill-rule:evenodd;stroke:none;stroke-width:2.5;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate" d="m 2.6113281,1005.6094 c -0.4534623,0.012 -0.7616975,0.189 -0.9807462,0.4486 2.0269314,2.4089 2.368401,2.7916 5.1354735,6.2214 1.0195329,1.319 2.0816026,0.6373 1.0620696,-0.6817 l -4.25,-5.5 c -0.2289894,-0.3056 -0.5850813,-0.478 -0.9667969,-0.4883 z" id="path4947" inkscape:connector-curvature="0" sodipodi:nodetypes="cccccc"/>
+        <path style="color:#000000;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:medium;line-height:normal;font-family:sans-serif;text-indent:0;text-align:start;text-decoration:none;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000000;letter-spacing:normal;word-spacing:normal;text-transform:none;direction:ltr;block-progression:tb;writing-mode:lr-tb;baseline-shift:baseline;text-anchor:start;white-space:normal;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;fill:#263238;fill-opacity:0.2;fill-rule:evenodd;stroke:none;stroke-width:2.5;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate" d="m 1.6220992,1006.0705 c -0.1238933,0.1479 -0.561176,0.8046 -0.02249,1.5562 l 4.25,5.5 c 1.0195329,1.319 1.1498748,-0.6123 1.1498748,-0.6123 0,0 -3.7344514,-4.51 -5.3773848,-6.4439 z" id="path4951" inkscape:connector-curvature="0" sodipodi:nodetypes="ccccc"/>
+        <path style="color:#000000;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:medium;line-height:normal;font-family:sans-serif;text-indent:0;text-align:start;text-decoration:none;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000000;letter-spacing:normal;word-spacing:normal;text-transform:none;direction:ltr;block-progression:tb;writing-mode:lr-tb;baseline-shift:baseline;text-anchor:start;white-space:normal;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;fill:#8ab000;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:2.5;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate" d="m 2.3378905,1005.8443 c -0.438175,0 -0.959862,0.1416 -0.8242183,0.7986 0.103561,0.5016 4.6608262,6.0744 4.6608262,6.0744 1.0195329,1.319 2.4934721,0.6763 1.4739391,-0.6425 l -4.234375,-5.4727 c -0.2602394,-0.29 -0.6085188,-0.7436 -1.076172,-0.7578 z" id="path4925" inkscape:connector-curvature="0" sodipodi:nodetypes="cscccc"/>
+      </g>
+      <g transform="translate(42,0)" id="g4967">
+        <rect style="opacity:1;fill:#aeea00;fill-opacity:1;stroke:none;stroke-width:3;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:3;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" id="rect4144" width="38" height="13" x="-37" y="1010.3622" rx="3" ry="3"/>
+        <rect ry="3" rx="3" y="1013.3622" x="-37" height="10" width="38" id="rect4961" style="opacity:1;fill:#263238;fill-opacity:0.2;stroke:none;stroke-width:3;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:3;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"/>
+        <rect ry="3" rx="3" y="1010.3622" x="-37" height="10" width="38" id="rect4963" style="opacity:1;fill:#ffffff;fill-opacity:0.29803923;stroke:none;stroke-width:3;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:3;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"/>
+        <rect ry="2.5384617" rx="3" y="1011.3622" x="-37" height="11" width="38" id="rect4965" style="opacity:1;fill:#aeea00;fill-opacity:1;stroke:none;stroke-width:3;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:3;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"/>
+      </g>
+      <g id="g4979">
+        <rect style="opacity:1;fill:#1976d2;fill-opacity:1;stroke:none;stroke-width:3;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:3;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" id="rect4146" width="38" height="26" x="5" y="1024.3622" rx="3" ry="3"/>
+        <rect ry="3" rx="3" y="1037.3622" x="5" height="13" width="38" id="rect4973" style="opacity:1;fill:#263238;fill-opacity:0.2;stroke:none;stroke-width:3;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:3;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"/>
+        <rect ry="3" rx="3" y="1024.3622" x="5" height="13" width="38" id="rect4975" style="opacity:1;fill:#ffffff;fill-opacity:0.2;stroke:none;stroke-width:3;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:3;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"/>
+        <rect ry="2.7692308" rx="3" y="1025.3622" x="5" height="24" width="38" id="rect4977" style="opacity:1;fill:#1976d2;fill-opacity:1;stroke:none;stroke-width:3;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:3;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"/>
+      </g>
+      <g transform="translate(0,1013.3622)" id="g4211">
+        <path style="color:#000000;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:medium;line-height:normal;font-family:sans-serif;text-indent:0;text-align:start;text-decoration:none;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000000;letter-spacing:normal;word-spacing:normal;text-transform:none;direction:ltr;block-progression:tb;writing-mode:lr-tb;baseline-shift:baseline;text-anchor:start;white-space:normal;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;fill:#0d47a1;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:3;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate" d="m 24,17.75 c -2.880662,0 -5.319789,1.984685 -6.033203,4.650391 l 3.212891,0 C 21.734004,21.415044 22.774798,20.75 24,20.75 c 1.812692,0 3.25,1.437308 3.25,3.25 0,1.812693 -1.437308,3.25 -3.25,3.25 -1.307381,0 -2.411251,-0.75269 -2.929688,-1.849609 l -3.154296,0 C 18.558263,28.166146 21.04791,30.25 24,30.25 c 3.434013,0 6.25,-2.815987 6.25,-6.25 0,-3.434012 -2.815987,-6.25 -6.25,-6.25 z" id="path4161" inkscape:connector-curvature="0"/>
+        <circle style="opacity:1;fill:none;fill-opacity:0.40392157;stroke:#0d47a1;stroke-width:1.89999998;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" id="path4209" cx="24" cy="24" r="9.5500002"/>
+      </g>
+      <g id="g4989" transform="translate(0,0.50001738)">
+        <ellipse cy="1016.4872" cx="14.375" id="circle4985" style="opacity:1;fill:#263238;fill-opacity:0.2;stroke:none;stroke-width:1.89999998;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:0.69721117" rx="3.375" ry="3.875"/>
+        <circle style="opacity:1;fill:#ffffff;fill-opacity:1;stroke:none;stroke-width:1.89999998;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:0.69721117" id="path4859" cx="14.375" cy="1016.9872" r="3.375"/>
+      </g>
+      <g transform="translate(19.5,0.50001738)" id="g4171">
+        <ellipse ry="3.875" rx="3.375" style="opacity:1;fill:#263238;fill-opacity:0.2;stroke:none;stroke-width:1.89999998;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:0.69721117" id="ellipse4175" cx="14.375" cy="1016.4872"/>
+        <circle r="3.375" cy="1016.9872" cx="14.375" id="circle4177" style="opacity:1;fill:#ffffff;fill-opacity:1;stroke:none;stroke-width:1.89999998;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:0.69721117"/>
+      </g>
+    </g>
+    <path inkscape:connector-curvature="0" id="path5128" d="m 2.613462,1005.5987 a 1.250125,1.250125 0 0 0 -1.01172,2.0293 l 3.60351,4.6641 c -0.12699,0.3331 -0.20312,0.6915 -0.20312,1.0703 l 0,4 0,2.8652 0,0.1348 c 0,1.662 1.338,3 3,3 l 32,0 c 1.662,0 3,-1.338 3,-3 l 0,-4 0,-2.8652 0,-0.1348 c 0,-0.3803 -0.0771,-0.74 -0.20508,-1.0742 l 3.60156,-4.6602 a 1.250125,1.250125 0 0 0 -1.04882,-2.0273 1.250125,1.250125 0 0 0 -0.92969,0.498 l -3.43164,4.4414 c -0.31022,-0.1079 -0.63841,-0.1777 -0.98633,-0.1777 l -32,0 c -0.34857,0 -0.67757,0.069 -0.98828,0.1777 l -3.4336,-4.4414 a 1.250125,1.250125 0 0 0 -0.96679,-0.5 z m 5.38867,18.7637 c -0.20775,0 -0.40983,0.021 -0.60547,0.061 -1.36951,0.2761 -2.39453,1.4698 -2.39453,2.9101 l 0,0.029 0,19.7793 0,0.029 0,0.1914 c 0,1.662 1.338,3 3,3 l 32,0 c 1.662,0 3,-1.338 3,-3 l 0,-20 0,-0.029 c 0,-1.4403 -1.02502,-2.634 -2.39453,-2.9101 -0.19565,-0.039 -0.39772,-0.061 -0.60547,-0.061 l -32,0 z" style="color:#000000;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:medium;line-height:normal;font-family:sans-serif;text-indent:0;text-align:start;text-decoration:none;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000000;letter-spacing:normal;word-spacing:normal;text-transform:none;direction:ltr;block-progression:tb;writing-mode:lr-tb;baseline-shift:baseline;text-anchor:start;white-space:normal;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;fill:url(#radialGradient5220);fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:2.5;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate"/>
+  </g>
+</svg>

docs/assets/img/android/secure_camera-dark.svg

@@ -1,2 +1 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<svg fill="#ffffff" version="1.1" viewBox="0 0 128 128" xmlns="http://www.w3.org/2000/svg"><g transform="scale(5.3333)"><path d="m0 0h24v24h-24z" fill="none"/><circle cx="12" cy="12" r="3"/><path d="m20 4h-3.17l-1.24-1.35c-0.37-0.41-0.91-0.65-1.47-0.65h-4.24c-0.56 0-1.1 0.24-1.48 0.65l-1.23 1.35h-3.17c-1.1 0-2 0.9-2 2v12c0 1.1 0.9 2 2 2h16c1.1 0 2-0.9 2-2v-12c0-1.1-0.9-2-2-2zm-8 13c-2.76 0-5-2.24-5-5s2.24-5 5-5 5 2.24 5 5-2.24 5-5 5z"/></g></svg>
+<svg xmlns="http://www.w3.org/2000/svg" fill="#fff" version="1.1" viewBox="0 0 128 128"><g transform="scale(5.3333)"><path fill="none" d="m0 0h24v24h-24z"/><circle cx="12" cy="12" r="3"/><path d="m20 4h-3.17l-1.24-1.35c-0.37-0.41-0.91-0.65-1.47-0.65h-4.24c-0.56 0-1.1 0.24-1.48 0.65l-1.23 1.35h-3.17c-1.1 0-2 0.9-2 2v12c0 1.1 0.9 2 2 2h16c1.1 0 2-0.9 2-2v-12c0-1.1-0.9-2-2-2zm-8 13c-2.76 0-5-2.24-5-5s2.24-5 5-5 5 2.24 5 5-2.24 5-5 5z"/></g></svg>

docs/assets/img/browsers/brave.svg

@@ -1,2 +1 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<svg version="1.1" viewBox="0 0 128 128" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><defs><linearGradient id="a" x2="235.8" y1="119.6" y2="119.6" gradientTransform="scale(.9229 1.084)" gradientUnits="userSpaceOnUse"><stop stop-color="#F50" offset="0"/><stop stop-color="#F50" offset=".4099"/><stop stop-color="#FF2000" offset=".582"/><stop stop-color="#FF2000" offset="1"/></linearGradient><linearGradient id="c" x1="11.3" x2="100.5" y1="46.23" y2="46.23" gradientTransform="scale(1.981 .5049)" gradientUnits="userSpaceOnUse"><stop stop-color="#FF452A" offset="0"/><stop stop-color="#FF2000" offset="1"/></linearGradient><path id="b" d="m170.3 25.34-22.3-25.34h-78.34l-22.3 25.34s-19.58-5.447-28.83 3.813c0 0 26.11-2.36 35.09 12.26 0 0 24.21 4.63 27.47 4.63s10.34-2.724 16.86-4.902c6.528-2.179 10.88-2.195 10.88-2.195s4.352 0.016 10.88 2.195c6.528 2.178 13.6 4.902 16.86 4.902s27.47-4.63 27.47-4.63c8.976-14.62 35.09-12.26 35.09-12.26-9.248-9.26-28.83-3.813-28.83-3.813"/></defs><g transform="matrix(.50101 0 0 .50101 9.4745 .0060121)" fill-rule="evenodd"><path d="m210 61.28 5.984-14.71s-7.616-8.17-16.86-17.43c-9.248-9.259-28.83-3.812-28.83-3.812l-22.3-25.34h-78.34l-22.3 25.34s-19.58-5.447-28.83 3.813-16.86 17.43-16.86 17.43l5.984 14.71-7.616 21.79s22.4 84.95 25.02 95.32c5.168 20.42 8.704 28.32 23.39 38.67s41.34 28.32 45.7 31.05c4.352 2.724 9.792 7.363 14.69 7.363s10.34-4.64 14.69-7.363 31.01-20.7 45.7-31.05 18.22-18.25 23.39-38.67c2.624-10.37 25.02-95.32 25.02-95.32z" fill="url(#a)"/><path d="m164 41.4s28.69 34.72 28.69 42.14c0 7.421-3.608 9.38-7.237 13.24l-21.51 22.87c-2.036 2.164-6.273 5.445-3.78 11.35 2.492 5.905 6.168 13.42 2.08 21.04-4.089 7.62-11.09 12.71-15.58 11.87-4.489-0.842-15.03-6.357-18.9-8.876-3.876-2.52-16.16-12.66-16.16-16.54s12.7-10.85 15.04-12.43c2.347-1.583 13.05-7.712 13.27-10.12 0.219-2.406 0.136-3.111-3.022-9.055s-8.845-13.88-7.898-19.15c0.946-5.277 10.12-8.02 16.66-10.5 6.545-2.474 19.15-7.148 20.72-7.875 1.575-0.727 1.168-1.42-3.601-1.872-4.768-0.452-18.3-2.251-24.4-0.548-6.1 1.702-16.52 4.293-17.37 5.667-0.844 1.373-1.589 1.42-0.722 6.158 0.867 4.739 5.33 27.48 5.764 31.52 0.433 4.039 1.28 6.709-3.068 7.705-4.35 0.995-11.67 2.724-14.19 2.724s-9.838-1.729-14.19-2.724c-4.35-0.996-3.503-3.666-3.07-7.705 0.434-4.039 4.898-26.78 5.765-31.52s0.122-4.785-0.722-6.158c-0.844-1.374-11.27-3.965-17.37-5.667-6.1-1.703-19.63 0.096-24.4 0.548-4.769 0.453-5.176 1.145-3.602 1.872 1.575 0.727 14.18 5.4 20.72 7.875 6.546 2.475 15.72 5.22 16.66 10.5 0.946 5.278-4.741 13.21-7.899 19.15-3.158 5.944-3.241 6.65-3.022 9.055s10.92 8.534 13.27 10.12 15.04 8.552 15.04 12.43c0 3.882-12.28 14.03-16.16 16.54-3.876 2.52-14.42 8.034-18.9 8.876-4.488 0.84-11.49-4.246-15.58-11.87-4.089-7.621-0.412-15.14 2.08-21.04 2.491-5.905-1.745-9.186-3.78-11.35l-21.51-22.87c-3.629-3.858-7.237-5.817-7.237-13.24 0-7.422 28.69-42.14 28.69-42.14s24.21 4.63 27.47 4.63 10.34-2.724 16.86-4.902c6.528-2.179 10.88-2.195 10.88-2.195s4.352 0.016 10.88 2.195c6.528 2.178 13.6 4.902 16.86 4.902s27.47-4.63 27.47-4.63zm-21.51 132.8c1.775 1.113 0.692 3.212-0.925 4.357-1.618 1.145-23.36 18-25.47 19.86-2.11 1.864-5.21 4.94-7.318 4.94s-5.209-3.076-7.318-4.94c-2.11-1.863-23.85-18.72-25.47-19.86s-2.7-3.244-0.925-4.357c1.777-1.113 7.333-3.922 15-7.894 7.665-3.972 17.22-7.349 18.71-7.349s11.04 3.377 18.71 7.349 13.22 6.781 15 7.894z" fill="#fff"/><use width="100%" height="100%" fill="url(#c)" xlink:href="#b"/></g></svg>
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" viewBox="0 0 128 128"><defs><linearGradient id="a" x2="235.8" y1="119.6" y2="119.6" gradientTransform="scale(.9229 1.084)" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#F50"/><stop offset=".41" stop-color="#F50"/><stop offset=".582" stop-color="#FF2000"/><stop offset="1" stop-color="#FF2000"/></linearGradient><linearGradient id="c" x1="11.3" x2="100.5" y1="46.23" y2="46.23" gradientTransform="scale(1.981 .5049)" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#FF452A"/><stop offset="1" stop-color="#FF2000"/></linearGradient><path id="b" d="m170.3 25.34-22.3-25.34h-78.34l-22.3 25.34s-19.58-5.447-28.83 3.813c0 0 26.11-2.36 35.09 12.26 0 0 24.21 4.63 27.47 4.63s10.34-2.724 16.86-4.902c6.528-2.179 10.88-2.195 10.88-2.195s4.352 0.016 10.88 2.195c6.528 2.178 13.6 4.902 16.86 4.902s27.47-4.63 27.47-4.63c8.976-14.62 35.09-12.26 35.09-12.26-9.248-9.26-28.83-3.813-28.83-3.813"/></defs><g fill-rule="evenodd" transform="matrix(.50101 0 0 .50101 9.4745 .0060121)"><path fill="url(#a)" d="m210 61.28 5.984-14.71s-7.616-8.17-16.86-17.43c-9.248-9.259-28.83-3.812-28.83-3.812l-22.3-25.34h-78.34l-22.3 25.34s-19.58-5.447-28.83 3.813-16.86 17.43-16.86 17.43l5.984 14.71-7.616 21.79s22.4 84.95 25.02 95.32c5.168 20.42 8.704 28.32 23.39 38.67s41.34 28.32 45.7 31.05c4.352 2.724 9.792 7.363 14.69 7.363s10.34-4.64 14.69-7.363 31.01-20.7 45.7-31.05 18.22-18.25 23.39-38.67c2.624-10.37 25.02-95.32 25.02-95.32z"/><path fill="#fff" d="m164 41.4s28.69 34.72 28.69 42.14c0 7.421-3.608 9.38-7.237 13.24l-21.51 22.87c-2.036 2.164-6.273 5.445-3.78 11.35 2.492 5.905 6.168 13.42 2.08 21.04-4.089 7.62-11.09 12.71-15.58 11.87-4.489-0.842-15.03-6.357-18.9-8.876-3.876-2.52-16.16-12.66-16.16-16.54s12.7-10.85 15.04-12.43c2.347-1.583 13.05-7.712 13.27-10.12 0.219-2.406 0.136-3.111-3.022-9.055s-8.845-13.88-7.898-19.15c0.946-5.277 10.12-8.02 16.66-10.5 6.545-2.474 19.15-7.148 20.72-7.875 1.575-0.727 1.168-1.42-3.601-1.872-4.768-0.452-18.3-2.251-24.4-0.548-6.1 1.702-16.52 4.293-17.37 5.667-0.844 1.373-1.589 1.42-0.722 6.158 0.867 4.739 5.33 27.48 5.764 31.52 0.433 4.039 1.28 6.709-3.068 7.705-4.35 0.995-11.67 2.724-14.19 2.724s-9.838-1.729-14.19-2.724c-4.35-0.996-3.503-3.666-3.07-7.705 0.434-4.039 4.898-26.78 5.765-31.52s0.122-4.785-0.722-6.158c-0.844-1.374-11.27-3.965-17.37-5.667-6.1-1.703-19.63 0.096-24.4 0.548-4.769 0.453-5.176 1.145-3.602 1.872 1.575 0.727 14.18 5.4 20.72 7.875 6.546 2.475 15.72 5.22 16.66 10.5 0.946 5.278-4.741 13.21-7.899 19.15-3.158 5.944-3.241 6.65-3.022 9.055s10.92 8.534 13.27 10.12 15.04 8.552 15.04 12.43c0 3.882-12.28 14.03-16.16 16.54-3.876 2.52-14.42 8.034-18.9 8.876-4.488 0.84-11.49-4.246-15.58-11.87-4.089-7.621-0.412-15.14 2.08-21.04 2.491-5.905-1.745-9.186-3.78-11.35l-21.51-22.87c-3.629-3.858-7.237-5.817-7.237-13.24 0-7.422 28.69-42.14 28.69-42.14s24.21 4.63 27.47 4.63 10.34-2.724 16.86-4.902c6.528-2.179 10.88-2.195 10.88-2.195s4.352 0.016 10.88 2.195c6.528 2.178 13.6 4.902 16.86 4.902s27.47-4.63 27.47-4.63zm-21.51 132.8c1.775 1.113 0.692 3.212-0.925 4.357-1.618 1.145-23.36 18-25.47 19.86-2.11 1.864-5.21 4.94-7.318 4.94s-5.209-3.076-7.318-4.94c-2.11-1.863-23.85-18.72-25.47-19.86s-2.7-3.244-0.925-4.357c1.777-1.113 7.333-3.922 15-7.894 7.665-3.972 17.22-7.349 18.71-7.349s11.04 3.377 18.71 7.349 13.22 6.781 15 7.894z"/><use width="100%" height="100%" fill="url(#c)" xlink:href="#b"/></g></svg>

docs/assets/img/browsers/bromite.svg

@@ -1,2 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<svg width="128" height="128" version="1.1" viewBox="0 0 33.866 33.866" xmlns="http://www.w3.org/2000/svg"><g transform="matrix(1.9999 0 0 1.9999 -.00028793 -560.11)"><g transform="matrix(.1411 0 0 .1411 -22.448 274.09)"><g transform="matrix(6.5975,0,0,6.5975,-881.57,-908.75)"><path d="m166.76 148.57v2.8e-4c-0.0731 1e-3 -0.14646 3e-3 -0.21965 6e-3 -2.0814 0.0983-3.9695 1.2488-5.0113 3.0532-0.27591 0.47789-0.47972 0.97776-0.61543 1.4866 1.8658 0.19779 3.5534 0.93382 4.9049 2.0531 2.7603 1.8081 5.5017 1.1662 7.0499 0.51897 0.40336-2.4423-0.70912-4.988-2.9792-6.2988-0.95179-0.54962-2.0328-0.83212-3.1292-0.81971z" fill="#d0f6ed" stroke-width=".14568"/><path d="m166.59 152.15c-1.5641 9.9e-4 -2.9951 0.51259-3.7051 1.324 0.94324 0.3021 1.8146 0.75292 2.5877 1.3259-1.2e-4 -3.9e-4 -1.6e-4 -1e-3 -2.9e-4 -1e-3 1.3493-0.74086 3.1114-1.2154 4.6422-1.5091-0.75982-0.70753-2.0913-1.1376-3.5245-1.1388v-5.6e-4z" fill="#4de564" stroke-width=".27973"/><path d="m172.56 152.93c-1.6055 0.16301-4.8923 0.66396-7.0864 1.8687 0.12815 0.095 0.25361 0.19321 0.37621 0.29474 2.6929 1.7639 5.3671 1.1376 6.8778 0.50616 0.14847-0.89893 0.0864-1.8121-0.16739-2.6696z" fill="#06c23c" stroke-width=".38858"/><path d="m170.2 144.17c-0.297-8e-3 -0.58809 0.14301-0.74764 0.41937l-0.15266 0.26436c-0.23207 0.40197-0.0953 0.91236 0.30665 1.1444l0.0712 0.0411-0.6784 1.175c-0.68491-0.19996-1.3964-0.30489-2.1144-0.30964l-3e-4 -2.9e-4c-0.13829-9.1e-4 -0.27683 2e-3 -0.41545 8e-3 -2.6278 0.12414-5.0122 1.5767-6.3272 3.8551-2.1338 3.6958-0.86761 8.4218 2.8282 10.556 3.696 2.1338 8.4218 0.86727 10.556-2.8288 1.8213-3.155 1.1646-7.0602-1.3656-9.463l0.67518-1.1694 0.0706 0.0407c0.40198 0.23207 0.91244 0.0953 1.1445-0.30665l0.15259-0.26436c0.23207-0.40197 0.0953-0.91243-0.30665-1.1445l-3.2996-1.905c-0.12562-0.0725-0.26181-0.10907-0.3968-0.11272zm-3.434 4.6336c1.0696-0.0121 2.1243 0.26346 3.0528 0.79964 2.2146 1.2787 3.1576 3.6198 2.7641 6.0024-1.5104 0.63142-4.0427 1.1156-6.7355-0.6483-1.3185-1.0919-2.8225-1.6679-4.6427-1.8609 0.13239-0.49643 0.33106-0.98387 0.60022-1.4501 1.0163-1.7604 2.7165-2.7406 4.7469-2.8365 0.0714-3e-3 0.14275-5e-3 0.21406-6e-3z" fill="#25935e" stroke-width=".28021"/></g></g></g></svg>

docs/assets/img/browsers/terms_of_service_didnt_read.svg

@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="128" height="128" version="1.1" viewBox="0 0 33.866 33.866"><path fill="#46a546" stroke-width=".275" d="m3.2563 0.90164h27.353c1.804 0 3.2563 1.4523 3.2563 3.2563v1.001e-4c0 1.804-1.4523 3.2563-3.2563 3.2563h-27.353c-1.804 0-3.2563-1.4523-3.2563-3.2563v-1.001e-4c0-1.804 1.4523-3.2563 3.2563-3.2563z"/><path fill="#f89406" stroke-width=".259" d="m3.2563 9.4185h23.546c1.804 0 3.2563 1.4523 3.2563 3.2563v1e-4c0 1.804-1.4523 3.2563-3.2563 3.2563h-23.546c-1.804 0-3.2563-1.4523-3.2563-3.2563v-1e-4c0-1.804 1.4523-3.2563 3.2563-3.2563z"/><path fill="#c43c35" stroke-width=".269" d="m3.2563 17.935h25.95c1.804 0 3.2563 1.4523 3.2563 3.2563v1.01e-4c0 1.804-1.4523 3.2563-3.2563 3.2563h-25.95c-1.804 0-3.2563-1.4523-3.2563-3.2563v-1.01e-4c0-1.804 1.4523-3.2563 3.2563-3.2563z"/><path fill="#999" stroke-width=".212" d="m3.2563 26.452h13.726c1.804 0 3.2563 1.4523 3.2563 3.2563v1e-4c0 1.804-1.4523 3.2563-3.2563 3.2563h-13.726c-1.804 0-3.2563-1.4523-3.2563-3.2563v-1e-4c0-1.804 1.4523-3.2563 3.2563-3.2563z"/></svg>

docs/assets/img/calendar-contacts/proton-calendar.svg

@@ -1,2 +1 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><defs><linearGradient id="SVGID_00000094620430057427565900000015311327790582914980_" x1="796.82" x2="203.77" y1="249.42" y2="1067.3" gradientTransform="matrix(.035694 0 0 -.035694 5.0337e-7 30.979)" gradientUnits="userSpaceOnUse"><stop stop-color="#C8E8FF" offset="0"/><stop stop-color="#BDAEFF" offset=".3075"/><stop stop-color="#6D4AFF" offset="1"/></linearGradient><radialGradient id="SVGID_1_" cx="169.05" cy="788.91" r="1" gradientTransform="matrix(-16.88 45.338 60.416 22.494 -44786 -25421)" gradientUnits="userSpaceOnUse"><stop stop-color="#54B7FF" stop-opacity="0" offset=".5561"/><stop stop-color="#54B7FF" offset=".9944"/></radialGradient></defs><g stroke-width=".035694"><path class="st0" d="m5.0337e-7 6.425c0-1.9346 1.567-3.5016 3.5016-3.5016h26.853c1.9346 0 3.5016 1.567 3.5016 3.5016v21.017c0 1.9346-1.567 3.5016-3.5016 3.5016h-26.853c-1.9346 0-3.5016-1.567-3.5016-3.5016z" fill="#6851f6"/><path class="st1" d="m0.0071394 6.425c0-1.9346 1.5705-3.5016 3.5052-3.5016h26.853c1.9346 0 3.5016 1.567 3.5016 3.5016v21.017c0 1.9346-1.567 3.5016-3.5016 3.5016h-26.853c-1.9346 0-3.5016-1.567-3.5016-3.5016v-21.017z" fill="url(#SVGID_1_)"/><path class="st2" d="m15.373 29.312c0-0.83168 0.29626-1.6384 0.83524-2.2702l6.168-7.2388 0.19632 11.14h-7.1995z" fill="#bfd8ff"/><path d="m3.5016 2.9234c-1.9346 0-3.5016 1.567-3.5016 3.5016v0.68176h23.933c1.5063 0 2.7235 1.2207 2.7235 2.7235v13.914h7.1995v-17.319c0-1.9346-1.567-3.5016-3.5016-3.5016z" clip-rule="evenodd" fill="url(#SVGID_00000094620430057427565900000015311327790582914980_)" fill-rule="evenodd"/><path class="st4" d="m21.406 22.38c0-2.1488 1.7419-3.8907 3.8907-3.8907h8.563v12.454h-12.454z" fill="#fff"/><path class="st5" d="m24.811 26.496h1.2315c0.04997 0.21416 0.1749 0.40334 0.35337 0.53541 0.1749 0.13207 0.39264 0.19989 0.61394 0.18918 0.55683 0 0.92448-0.30697 0.92448-0.75672s-0.38193-0.69961-1.1386-0.69961h-0.48901v-1.0137h0.42476c0.73173 0 1.0316-0.26771 1.0316-0.67462 0-0.40334-0.32482-0.68176-0.77456-0.68176-0.19989-0.01071-0.39978 0.05354-0.54969 0.18561-0.15348 0.13207-0.24629 0.31768-0.26414 0.51757h-1.1886c0.04283-0.70674 0.59966-1.7205 1.9953-1.7205 1.1208 0 1.8954 0.63893 1.8954 1.5384 0 0.28912-0.08924 0.57111-0.26057 0.80312-0.17133 0.23201-0.41048 0.40691-0.68533 0.49258v0.01785c0.32125 0.05711 0.61037 0.22844 0.81383 0.48187 0.20346 0.25343 0.31054 0.57111 0.29983 0.89949 0 0.97445-0.89236 1.6169-2.0453 1.6169-1.2243 0.0071-2.0988-0.6889-2.1881-1.7312z" fill="#6d4aff"/><path class="st5" d="m31.197 22.473h0.89592v5.6718h-1.1565v-4.3511l-1.1137 0.75672v-1.1458z" fill="#6d4aff"/></g></svg>
+<svg xmlns="http://www.w3.org/2000/svg" width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867"><defs><linearGradient id="SVGID_00000094620430057427565900000015311327790582914980_" x1="796.82" x2="203.77" y1="249.42" y2="1067.3" gradientTransform="matrix(.035694 0 0 -.035694 5.0337e-7 30.979)" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#C8E8FF"/><stop offset=".307" stop-color="#BDAEFF"/><stop offset="1" stop-color="#6D4AFF"/></linearGradient><radialGradient id="SVGID_1_" cx="169.05" cy="788.91" r="1" gradientTransform="matrix(-16.88 45.338 60.416 22.494 -44786 -25421)" gradientUnits="userSpaceOnUse"><stop offset=".556" stop-color="#54B7FF" stop-opacity="0"/><stop offset=".994" stop-color="#54B7FF"/></radialGradient></defs><g stroke-width=".036"><path fill="#6851f6" d="m5.0337e-7 6.425c0-1.9346 1.567-3.5016 3.5016-3.5016h26.853c1.9346 0 3.5016 1.567 3.5016 3.5016v21.017c0 1.9346-1.567 3.5016-3.5016 3.5016h-26.853c-1.9346 0-3.5016-1.567-3.5016-3.5016z" class="st0"/><path fill="url(#SVGID_1_)" d="m0.0071394 6.425c0-1.9346 1.5705-3.5016 3.5052-3.5016h26.853c1.9346 0 3.5016 1.567 3.5016 3.5016v21.017c0 1.9346-1.567 3.5016-3.5016 3.5016h-26.853c-1.9346 0-3.5016-1.567-3.5016-3.5016v-21.017z" class="st1"/><path fill="#bfd8ff" d="m15.373 29.312c0-0.83168 0.29626-1.6384 0.83524-2.2702l6.168-7.2388 0.19632 11.14h-7.1995z" class="st2"/><path fill="url(#SVGID_00000094620430057427565900000015311327790582914980_)" fill-rule="evenodd" d="m3.5016 2.9234c-1.9346 0-3.5016 1.567-3.5016 3.5016v0.68176h23.933c1.5063 0 2.7235 1.2207 2.7235 2.7235v13.914h7.1995v-17.319c0-1.9346-1.567-3.5016-3.5016-3.5016z" clip-rule="evenodd"/><path fill="#fff" d="m21.406 22.38c0-2.1488 1.7419-3.8907 3.8907-3.8907h8.563v12.454h-12.454z" class="st4"/><path fill="#6d4aff" d="m24.811 26.496h1.2315c0.04997 0.21416 0.1749 0.40334 0.35337 0.53541 0.1749 0.13207 0.39264 0.19989 0.61394 0.18918 0.55683 0 0.92448-0.30697 0.92448-0.75672s-0.38193-0.69961-1.1386-0.69961h-0.48901v-1.0137h0.42476c0.73173 0 1.0316-0.26771 1.0316-0.67462 0-0.40334-0.32482-0.68176-0.77456-0.68176-0.19989-0.01071-0.39978 0.05354-0.54969 0.18561-0.15348 0.13207-0.24629 0.31768-0.26414 0.51757h-1.1886c0.04283-0.70674 0.59966-1.7205 1.9953-1.7205 1.1208 0 1.8954 0.63893 1.8954 1.5384 0 0.28912-0.08924 0.57111-0.26057 0.80312-0.17133 0.23201-0.41048 0.40691-0.68533 0.49258v0.01785c0.32125 0.05711 0.61037 0.22844 0.81383 0.48187 0.20346 0.25343 0.31054 0.57111 0.29983 0.89949 0 0.97445-0.89236 1.6169-2.0453 1.6169-1.2243 0.0071-2.0988-0.6889-2.1881-1.7312z" class="st5"/><path fill="#6d4aff" d="m31.197 22.473h0.89592v5.6718h-1.1565v-4.3511l-1.1137 0.75672v-1.1458z" class="st5"/></g></svg>

docs/assets/img/cloud/protondrive.svg

@@ -1,2 +1 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><defs><linearGradient id="SVGID_00000019652434788841659490000008021016220503567533_" x1="-12.632" x2="1173" y1="1195.6" y2="-107.33" gradientTransform="matrix(.035706 0 0 -.035706 -1.6667e-6 30.985)" gradientUnits="userSpaceOnUse"><stop stop-color="#6D4AFF" offset="0"/><stop stop-color="#AE8CFF" offset=".3593"/><stop stop-color="#F8CCFF" offset="1"/></linearGradient><radialGradient id="SVGID_1_" cx="169.06" cy="788.93" r="1" gradientTransform="matrix(-21.468 43.868 68.249 33.399 -50186 -33775)" gradientUnits="userSpaceOnUse"><stop stop-color="#FF62C0" stop-opacity="0" offset=".5561"/><stop stop-color="#FF62C0" offset=".9944"/></radialGradient></defs><g stroke-width=".035705"><path class="st0" d="m-1.6667e-6 27.447v-21.023c0-1.9352 1.5675-3.5027 3.5027-3.5027h6.5698c0.66412 0 1.3104 0.21066 1.8424 0.60342l2.1994 1.6139c0.53559 0.39276 1.1819 0.60343 1.8424 0.60343h14.404c1.9352 0 3.5027 1.5675 3.5027 3.5027v18.199c0 1.9352-1.5675 3.5027-3.5027 3.5027h-26.858c-1.9352 4e-3 -3.5027-1.5639-3.5027-3.4991z" fill="#6851f6"/><path class="st1" d="m-1.6667e-6 27.447v-21.023c0-1.9352 1.5675-3.5027 3.5027-3.5027h6.5698c0.66412 0 1.3104 0.21066 1.8424 0.60342l2.1994 1.6139c0.53559 0.39276 1.1819 0.60343 1.8424 0.60343h14.404c1.9352 0 3.5027 1.5675 3.5027 3.5027v18.199c0 1.9352-1.5675 3.5027-3.5027 3.5027h-26.858c-1.9352 4e-3 -3.5027-1.5639-3.5027-3.4991z" fill="url(#SVGID_1_)"/><path d="m15.96 5.7414h14.404c1.9352 0 3.5027 1.5675 3.5027 3.5027v18.199c0 1.9352-1.5675 3.5027-3.5027 3.5027h-3.6991v-18.278c0-1.5103-1.2283-2.735-2.7422-2.7243l-13.265 0.075c-0.57129 4e-3 -1.1283-0.17138-1.596-0.50344l-2.9528-2.0995c-0.4606-0.32849-1.014-0.50345-1.5782-0.50345h-4.531v-0.48916c0-1.9352 1.5675-3.5027 3.5027-3.5027h6.5698c0.66412 0 1.3104 0.21066 1.8424 0.60342l2.1994 1.6139c0.53559 0.39276 1.1819 0.60343 1.846 0.60343z" clip-rule="evenodd" fill="url(#SVGID_00000019652434788841659490000008021016220503567533_)" fill-rule="evenodd"/></g></svg>
+<svg xmlns="http://www.w3.org/2000/svg" width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867"><defs><linearGradient id="SVGID_00000019652434788841659490000008021016220503567533_" x1="-12.632" x2="1173" y1="1195.6" y2="-107.33" gradientTransform="matrix(.035706 0 0 -.035706 -1.6667e-6 30.985)" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#6D4AFF"/><stop offset=".359" stop-color="#AE8CFF"/><stop offset="1" stop-color="#F8CCFF"/></linearGradient><radialGradient id="SVGID_1_" cx="169.06" cy="788.93" r="1" gradientTransform="matrix(-21.468 43.868 68.249 33.399 -50186 -33775)" gradientUnits="userSpaceOnUse"><stop offset=".556" stop-color="#FF62C0" stop-opacity="0"/><stop offset=".994" stop-color="#FF62C0"/></radialGradient></defs><g stroke-width=".036"><path fill="#6851f6" d="m-1.6667e-6 27.447v-21.023c0-1.9352 1.5675-3.5027 3.5027-3.5027h6.5698c0.66412 0 1.3104 0.21066 1.8424 0.60342l2.1994 1.6139c0.53559 0.39276 1.1819 0.60343 1.8424 0.60343h14.404c1.9352 0 3.5027 1.5675 3.5027 3.5027v18.199c0 1.9352-1.5675 3.5027-3.5027 3.5027h-26.858c-1.9352 4e-3 -3.5027-1.5639-3.5027-3.4991z" class="st0"/><path fill="url(#SVGID_1_)" d="m-1.6667e-6 27.447v-21.023c0-1.9352 1.5675-3.5027 3.5027-3.5027h6.5698c0.66412 0 1.3104 0.21066 1.8424 0.60342l2.1994 1.6139c0.53559 0.39276 1.1819 0.60343 1.8424 0.60343h14.404c1.9352 0 3.5027 1.5675 3.5027 3.5027v18.199c0 1.9352-1.5675 3.5027-3.5027 3.5027h-26.858c-1.9352 4e-3 -3.5027-1.5639-3.5027-3.4991z" class="st1"/><path fill="url(#SVGID_00000019652434788841659490000008021016220503567533_)" fill-rule="evenodd" d="m15.96 5.7414h14.404c1.9352 0 3.5027 1.5675 3.5027 3.5027v18.199c0 1.9352-1.5675 3.5027-3.5027 3.5027h-3.6991v-18.278c0-1.5103-1.2283-2.735-2.7422-2.7243l-13.265 0.075c-0.57129 4e-3 -1.1283-0.17138-1.596-0.50344l-2.9528-2.0995c-0.4606-0.32849-1.014-0.50345-1.5782-0.50345h-4.531v-0.48916c0-1.9352 1.5675-3.5027 3.5027-3.5027h6.5698c0.66412 0 1.3104 0.21066 1.8424 0.60342l2.1994 1.6139c0.53559 0.39276 1.1819 0.60343 1.846 0.60343z" clip-rule="evenodd"/></g></svg>

docs/assets/img/data-redaction/exiferaser.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" id="vector" version="1.1" viewBox="0 0 128 128"><g id="group" transform="matrix(2.5666 0 0 2.5666 -73.625 -74.595)"><path id="path" fill="#fff" d="m28.686 54c0-6.611 2.629-12.958 7.304-17.632 4.674-4.675 11.021-7.304 17.632-7.304s12.958 2.629 17.633 7.304c4.674 4.674 7.303 11.021 7.303 17.632s-2.629 12.958-7.303 17.632c-4.675 4.675-11.022 7.304-17.633 7.304s-12.958-2.629-17.632-7.304c-4.675-4.674-7.304-11.021-7.304-17.632"/><path fill="#009688" d="m48.42 40.201v21.793h21.795v-21.793zm2.8184 2.8184h16.156v11.051l-4.1621-4.0703-4.9883 5.3047-3.1465-3.0469-3.8594 4.1738zm6.4609 1.9727c-1.1964 0.01026-2.4063 1.0128-2.334 2.2812-0.0012 0.186 0.02158 0.37225 0.06641 0.55273 0.27682 1.4976 2.226 2.1821 3.4512 1.3633 1.3815-0.81242 1.3037-3.0455-0.04102-3.8496-0.34791-0.2441-0.74378-0.35108-1.1426-0.34766z"/><path fill="#00675b" d="m43.2 48.735c-0.807 0-1.461-0.654-1.461-1.461v-6.667c0-3.679 2.993-6.673 6.672-6.673s6.7339 2.5864 6.7339 6.2654l-2.9045 0.01627c0-2.068-1.7614-3.3587-3.8294-3.3587s-3.75 1.682-3.75 3.75v6.667c0 0.807-0.654 1.461-1.461 1.461zm0-6.787-7.013 6.818v20.141h14.026v-20.141zm0 7.429c-1.143 0-2.07-0.927-2.07-2.07s0.927-2.07 2.07-2.07 2.07 0.927 2.07 2.07-0.927 2.07-2.07 2.07z"/></g></svg>

docs/assets/img/email/protonmail.svg

@@ -1,15 +1 @@
-<svg width="979" height="785" viewBox="0 0 979 785" fill="none" xmlns="http://www.w3.org/2000/svg">
-<path d="M0 22.5541C0 3.48617 22.2124 -6.94596 36.8738 5.23613L424.677 327.46C462.177 358.619 516.546 358.619 554.046 327.46L941.85 5.23618C956.511 -6.94591 978.723 3.48621 978.723 22.5541V683.7C978.723 739.646 933.393 785 877.476 785H101.247C45.3299 785 0 739.646 0 683.7V22.5541Z" fill="#6D4AFF"/>
-<path fill-rule="evenodd" clip-rule="evenodd" d="M621.492 271.42L621.546 271.464L426.244 444.071C392.975 473.475 343.246 474.216 309.116 445.817L0 188.604V22.5541C0 3.48617 22.2124 -6.94596 36.8738 5.23613L424.677 327.46C462.177 358.619 516.546 358.619 554.046 327.46L621.492 271.42Z" fill="url(#paint0_linear_6150_150885)"/>
-<path fill-rule="evenodd" clip-rule="evenodd" d="M770.604 147.526V785H877.476C933.393 785 978.723 739.642 978.723 683.699V22.5548C978.723 3.4868 956.51 -6.94715 941.849 5.23724L770.604 147.526Z" fill="url(#paint1_linear_6150_150885)"/>
-<defs>
-<linearGradient id="paint0_linear_6150_150885" x1="738.261" y1="384.02" x2="514.95" y2="-568.829" gradientUnits="userSpaceOnUse">
-<stop stop-color="#E2DBFF"/>
-<stop offset="1" stop-color="#6D4AFF"/>
-</linearGradient>
-<linearGradient id="paint1_linear_6150_150885" x1="1276.84" y1="1301.35" x2="514.868" y2="-325.532" gradientUnits="userSpaceOnUse">
-<stop offset="0.271019" stop-color="#E2DBFF"/>
-<stop offset="1" stop-color="#6D4AFF"/>
-</linearGradient>
-</defs>
-</svg>
+<svg xmlns="http://www.w3.org/2000/svg" width="979" height="785" fill="none" viewBox="0 0 979 785"><path fill="#6D4AFF" d="M0 22.5541C0 3.48617 22.2124 -6.94596 36.8738 5.23613L424.677 327.46C462.177 358.619 516.546 358.619 554.046 327.46L941.85 5.23618C956.511 -6.94591 978.723 3.48621 978.723 22.5541V683.7C978.723 739.646 933.393 785 877.476 785H101.247C45.3299 785 0 739.646 0 683.7V22.5541Z"/><path fill="url(#paint0_linear_6150_150885)" fill-rule="evenodd" d="M621.492 271.42L621.546 271.464L426.244 444.071C392.975 473.475 343.246 474.216 309.116 445.817L0 188.604V22.5541C0 3.48617 22.2124 -6.94596 36.8738 5.23613L424.677 327.46C462.177 358.619 516.546 358.619 554.046 327.46L621.492 271.42Z" clip-rule="evenodd"/><path fill="url(#paint1_linear_6150_150885)" fill-rule="evenodd" d="M770.604 147.526V785H877.476C933.393 785 978.723 739.642 978.723 683.699V22.5548C978.723 3.4868 956.51 -6.94715 941.849 5.23724L770.604 147.526Z" clip-rule="evenodd"/><defs><linearGradient id="paint0_linear_6150_150885" x1="738.261" x2="514.95" y1="384.02" y2="-568.829" gradientUnits="userSpaceOnUse"><stop stop-color="#E2DBFF"/><stop offset="1" stop-color="#6D4AFF"/></linearGradient><linearGradient id="paint1_linear_6150_150885" x1="1276.84" x2="514.868" y1="1301.35" y2="-325.532" gradientUnits="userSpaceOnUse"><stop offset=".271" stop-color="#E2DBFF"/><stop offset="1" stop-color="#6D4AFF"/></linearGradient></defs></svg>

docs/assets/img/messengers/molly.svg

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg width="127.99" height="128" version="1.1" viewBox="0 0 33.864 33.867" xmlns="http://www.w3.org/2000/svg"><g transform="translate(-48.383 -89.279)"><g transform="matrix(.083544 0 0 .083551 36.799 77.694)"><path d="m220.51 504.06 120.82 39.937 1.2e-4 4e-5 -143.92-5e-5zm323.49-162.73c0 111.93-90.737 202.67-202.67 202.67-111.93-1e-5 -202.67-90.737-202.67-202.67s90.737-202.67 202.67-202.67c111.93 0 202.67 90.737 202.67 202.67z" fill="#7663f0"/><g transform="translate(-5.1601e-6,-4.0973)"><circle cx="341" cy="433.47" r="23.536" fill="#f9f8fe" stroke-width=".64448"/><circle cx="439.19" cy="375.64" r="23.536" fill="#aaa4ce" stroke-width=".64448"/><circle cx="242.81" cy="375.64" r="23.536" fill="#cba1fe" stroke-width=".64447"/><g stroke-width=".64448"><circle cx="439.19" cy="433.47" r="23.536" fill="#f9f8fe"/><circle cx="439.19" cy="317.82" r="23.536" fill="#aacdf4"/><circle cx="242.81" cy="260" r="23.536" fill="#4b0f9f"/></g><circle cx="242.81" cy="317.82" r="23.536" fill="#aaa4ce" stroke-width=".64447"/><g stroke-width=".64448"><circle cx="242.81" cy="433.47" r="23.536" fill="#f9f8fe"/><circle cx="341" cy="317.82" r="23.536" fill="#4b0f9f"/><circle cx="341" cy="375.64" r="23.536" fill="#aacdf4"/></g><circle cx="439.19" cy="260" r="23.536" fill="#4b0f9f" stroke-width=".64447"/></g></g></g></svg>

docs/assets/img/metadata-removal/exiferaser.svg

@@ -1,8 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<svg id="vector" version="1.1" viewBox="0 0 128 128" xmlns="http://www.w3.org/2000/svg">
- <g id="group" transform="matrix(2.5666 0 0 2.5666 -73.625 -74.595)">
-  <path id="path" d="m28.686 54c0-6.611 2.629-12.958 7.304-17.632 4.674-4.675 11.021-7.304 17.632-7.304s12.958 2.629 17.633 7.304c4.674 4.674 7.303 11.021 7.303 17.632s-2.629 12.958-7.303 17.632c-4.675 4.675-11.022 7.304-17.633 7.304s-12.958-2.629-17.632-7.304c-4.675-4.674-7.304-11.021-7.304-17.632" fill="#fff"/>
-  <path d="m48.42 40.201v21.793h21.795v-21.793zm2.8184 2.8184h16.156v11.051l-4.1621-4.0703-4.9883 5.3047-3.1465-3.0469-3.8594 4.1738zm6.4609 1.9727c-1.1964 0.01026-2.4063 1.0128-2.334 2.2812-0.0012 0.186 0.02158 0.37225 0.06641 0.55273 0.27682 1.4976 2.226 2.1821 3.4512 1.3633 1.3815-0.81242 1.3037-3.0455-0.04102-3.8496-0.34791-0.2441-0.74378-0.35108-1.1426-0.34766z" fill="#009688"/>
-  <path d="m43.2 48.735c-0.807 0-1.461-0.654-1.461-1.461v-6.667c0-3.679 2.993-6.673 6.672-6.673s6.7339 2.5864 6.7339 6.2654l-2.9045 0.01627c0-2.068-1.7614-3.3587-3.8294-3.3587s-3.75 1.682-3.75 3.75v6.667c0 0.807-0.654 1.461-1.461 1.461zm0-6.787-7.013 6.818v20.141h14.026v-20.141zm0 7.429c-1.143 0-2.07-0.927-2.07-2.07s0.927-2.07 2.07-2.07 2.07 0.927 2.07 2.07-0.927 2.07-2.07 2.07z" fill="#00675b"/>
- </g>
-</svg>

docs/assets/img/router/opnsense.svg

@@ -0,0 +1,125 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE svg  PUBLIC '-//W3C//DTD SVG 1.1//EN'  'http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd'>
+<svg clip-rule="evenodd" fill-rule="evenodd" stroke-linejoin="round" stroke-miterlimit="2" version="1.1" viewBox="0 0 128 128" xml:space="preserve" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
+    <g transform="matrix(1.0638 0 0 1.0684 -29.885 -16.775)">
+        <clipPath id="_clip1">
+            <path d="m38.8 34.1v-4.8c0-0.4 0.1-1.1 0.1-1.1l0.2-0.5v-0.2l0.2-0.4 0.1-0.1 0.1-0.2 0.1-0.1v-0.1l0.2-0.2v-0.1l0.7-0.7 0.2-0.1h0.1l0.3-0.2h0.3l0.6-0.3c0.4-0.1 0.7-0.1 1.1-0.1h94.6v9.2h9v-18.4h-103.6c-7.3 0-13.3 6.1-13.3 13.6v4.8h9z"/>
+        </clipPath>
+        <g clip-path="url(#_clip1)">
+            <rect x="30.2" y="14.7" width="117.1" height="12" fill="#898b8d"/>
+        </g>
+        <clipPath id="_clip2">
+            <path d="m38.8 34.1v-4.8c0-0.4 0.1-1.1 0.1-1.1l0.2-0.5v-0.2l0.2-0.4 0.1-0.1 0.1-0.2 0.1-0.1v-0.1l0.2-0.2v-0.1l0.7-0.7 0.2-0.1h0.1l0.3-0.2h0.3l0.6-0.3c0.4-0.1 0.7-0.1 1.1-0.1h94.6v9.2h9v-18.4h-103.6c-7.3 0-13.3 6.1-13.3 13.6v4.8h9z"/>
+        </clipPath>
+        <g clip-path="url(#_clip2)">
+            <clipPath id="_clip3">
+                <path d="m133.8 27 13.2-7.1 3.7 7.2-13.2 7.1-3.7-7.2z" clip-rule="nonzero"/>
+            </clipPath>
+            <g clip-path="url(#_clip3)">
+                <g transform="matrix(.93998 -0 -0 .93594 28.091 15.7)">
+                    <use transform="scale(.98026 .94825)" x="114.723" y="4.732" width="13.724px" height="15.172px" xlink:href="#_Image4"/>
+                </g>
+            </g>
+        </g>
+        <clipPath id="_clip5">
+            <path d="m38.8 34.1v-4.8c0-0.4 0.1-1.1 0.1-1.1l0.2-0.5v-0.2l0.2-0.4 0.1-0.1 0.1-0.2 0.1-0.1v-0.1l0.2-0.2v-0.1l0.7-0.7 0.2-0.1h0.1l0.3-0.2h0.3l0.6-0.3c0.4-0.1 0.7-0.1 1.1-0.1h94.6v9.2h9v-18.4h-103.6c-7.3 0-13.3 6.1-13.3 13.6v4.8h9z"/>
+        </clipPath>
+        <g clip-path="url(#_clip5)">
+            <clipPath id="_clip6">
+                <path d="m31.9 21.1 10.7 5.8-3.7 7.2-10.7-5.7 3.7-7.3z" clip-rule="nonzero"/>
+            </clipPath>
+            <g clip-path="url(#_clip6)">
+                <g transform="matrix(.93998 -0 -0 .93594 28.091 15.7)">
+                    <use transform="scale(.97267 .99213)" x="1.869" y="5.815" width="13.617px" height="13.89px" xlink:href="#_Image7"/>
+                </g>
+            </g>
+        </g>
+        <rect x="47.8" y="34.1" width="80.9" height="9.2" fill="#403f41"/>
+        <rect x="47.8" y="108" width="80.9" height="9.2" fill="#403f41"/>
+        <clipPath id="_clip8">
+            <path d="m137.7 117.1v4.9c0 0.4-0.1 1.1-0.1 1.1l-0.2 0.5v0.2l-0.2 0.4-0.1 0.1-0.1 0.2-0.1 0.1v0.1l-0.2 0.2v0.1l-0.5 0.5h-0.1l-0.1 0.1-0.2 0.1-0.1 0.1-0.3 0.2h-0.3l-0.5 0.2c-0.4 0.1-0.7 0.1-1.1 0.1h-94.7v-9.2h-9v18.4h103.6c7.3 0 13.3-6.1 13.3-13.6v-4.8h-9z"/>
+        </clipPath>
+        <g clip-path="url(#_clip8)">
+            <rect x="29.2" y="124.6" width="117.1" height="12" fill="#898b8d"/>
+        </g>
+        <clipPath id="_clip9">
+            <path d="m137.7 117.1v4.9c0 0.4-0.1 1.1-0.1 1.1l-0.2 0.5v0.2l-0.2 0.4-0.1 0.1-0.1 0.2-0.1 0.1v0.1l-0.2 0.2v0.1l-0.5 0.5h-0.1l-0.1 0.1-0.2 0.1-0.1 0.1-0.3 0.2h-0.3l-0.5 0.2c-0.4 0.1-0.7 0.1-1.1 0.1h-94.7v-9.2h-9v18.4h103.6c7.3 0 13.3-6.1 13.3-13.6v-4.8h-9z"/>
+        </clipPath>
+        <g clip-path="url(#_clip9)">
+            <clipPath id="_clip10">
+                <path d="m42.7 124.4-13.2 7.1-3.7-7.3 13.2-7.1 3.7 7.3z" clip-rule="nonzero"/>
+            </clipPath>
+            <g clip-path="url(#_clip10)">
+                <g transform="matrix(.93998 -0 -0 .93594 28.091 15.7)">
+                    <use transform="scale(.98026 .9616)" x="1.854" y="112.667" width="13.724px" height="15.386px" xlink:href="#_Image11"/>
+                </g>
+            </g>
+        </g>
+        <clipPath id="_clip12">
+            <path d="m137.7 117.1v4.9c0 0.4-0.1 1.1-0.1 1.1l-0.2 0.5v0.2l-0.2 0.4-0.1 0.1-0.1 0.2-0.1 0.1v0.1l-0.2 0.2v0.1l-0.5 0.5h-0.1l-0.1 0.1-0.2 0.1-0.1 0.1-0.3 0.2h-0.3l-0.5 0.2c-0.4 0.1-0.7 0.1-1.1 0.1h-94.7v-9.2h-9v18.4h103.6c7.3 0 13.3-6.1 13.3-13.6v-4.8h-9z"/>
+        </clipPath>
+        <g clip-path="url(#_clip12)">
+            <clipPath id="_clip13">
+                <path d="m144.7 130.2-10.8-5.8 3.7-7.2 10.8 5.7-3.7 7.3z" clip-rule="nonzero"/>
+            </clipPath>
+            <g clip-path="url(#_clip13)">
+                <g transform="matrix(.93998 -0 -0 .93594 28.091 15.7)">
+                    <use transform="scale(.97267 .99213)" x="115.728" y="109.308" width="13.617px" height="13.89px" xlink:href="#_Image14"/>
+                </g>
+            </g>
+        </g>
+        <rect x="38.8" y="52.6" width="34.6" height="9.2" fill="#58595b"/>
+        <clipPath id="_clip15">
+            <path d="m69.7 69.2-31.3-16.8 3.7-7.4 31.4 16.8-3.8 7.4z" clip-rule="nonzero"/>
+        </clipPath>
+        <g clip-path="url(#_clip15)">
+            <g transform="matrix(.93998 -0 -0 .93594 28.091 15.7)">
+                <use transform="scale(.98266 .99448)" x="11.16" y="31.479" width="37.341px" height="25.856px" xlink:href="#_Image16"/>
+            </g>
+        </g>
+        <rect x="103.1" y="52.6" width="34.6" height="9.2" fill="#58595b"/>
+        <clipPath id="_clip17">
+            <path d="m106.8 69.2 31.4-16.8-3.8-7.4-31.3 16.8 3.7 7.4z" clip-rule="nonzero"/>
+        </clipPath>
+        <g clip-path="url(#_clip17)">
+            <g transform="matrix(.93998 -0 -0 .93594 28.091 15.7)">
+                <use transform="scale(.98266 .99448)" x="81.206" y="31.479" width="37.341px" height="25.856px" xlink:href="#_Image16"/>
+            </g>
+        </g>
+        <rect x="103.1" y="89.5" width="34.6" height="9.2" fill="#58595b"/>
+        <clipPath id="_clip18">
+            <path d="m106.8 82.1 31.4 16.8-3.8 7.4-31.3-16.8 3.7-7.4z" clip-rule="nonzero"/>
+        </clipPath>
+        <g clip-path="url(#_clip18)">
+            <g transform="matrix(.93998 -0 -0 .93594 28.091 15.7)">
+                <use transform="scale(.98266 .99448)" x="81.206" y="71.339" width="37.341px" height="25.856px" xlink:href="#_Image16"/>
+            </g>
+        </g>
+        <rect x="38.8" y="89.5" width="34.6" height="9.2" fill="#58595b"/>
+        <clipPath id="_clip19">
+            <path d="m69.7 82.1-31.3 16.8 3.7 7.4 31.4-16.8-3.8-7.4z" clip-rule="nonzero"/>
+        </clipPath>
+        <g clip-path="url(#_clip19)">
+            <g transform="matrix(.93998 -0 -0 .93594 28.091 15.7)">
+                <use transform="scale(.98266 .99448)" x="11.16" y="71.339" width="37.341px" height="25.856px" xlink:href="#_Image16"/>
+            </g>
+        </g><g fill-rule="nonzero">
+        <path d="m73.4 52.6v9.2l-43.6-23.3v-9.2l43.6 23.3z" fill="url(#_Linear20)"/>
+        <path d="m103.1 52.6v9.2l43.6-23.3v-9.2l-43.6 23.3z" fill="url(#_Linear21)"/>
+        <path d="m103.1 98.8v-9.3l43.6 23.3v9.3l-43.6-23.3z" fill="url(#_Linear22)"/>
+        <path d="m73.4 98.8v-9.3l-43.6 23.3v9.3l43.6-23.3z" fill="url(#_Linear23)"/>
+        <path d="m103.1 80.3 25.6 13.7v-9.3l-8.3-4.4h26.3v-9.3h-26.3l8.3-4.4v-9.2l-25.6 13.6v9.3z" fill="#e24525"/>
+        <path d="m47.8 94 25.6-13.7v-9.3l-25.6-13.6v9.2l8.4 4.4h-26.4v9.3h26.3l-8.3 4.4v9.3z" fill="#e24525"/>
+    </g></g>
+    <defs>
+        <image id="_Image4" width="14px" height="16px" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAA4AAAAQCAYAAAAmlE46AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAI0lEQVQokWMsLi7+z0AGYCJH00jRyIguQGwoDyE/jmqkhUYAma0EzxtWDhkAAAAASUVORK5CYII="/>
+        <image id="_Image7" width="14px" height="14px" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAA4AAAAOCAYAAAAfSC3RAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAPklEQVQokWNkgILi4uL/DCQARnI0MTAwMDCRqgFuIzm2UWQjC6kaent7GUm2EaaJZI3IgGiNyLbRx8YhrBEAaikMHGN+VycAAAAASUVORK5CYII="/>
+        <image id="_Image11" width="14px" height="16px" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAA4AAAAQCAYAAAAmlE46AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAKUlEQVQokWM0Njb+z0AEOHv2LCMyn4kYTdjAqMbhoZGR2JRDNRtHgkYALcwFtyg+QT8AAAAASUVORK5CYII="/>
+        <image id="_Image14" width="14px" height="14px" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAA4AAAAOCAYAAAAfSC3RAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAP0lEQVQokWNkQAPGxsb/0cWwASZiFI1UjYzIHGJDlDo2kmIbAwMDAyOpGmCAvqF69uxZRvrZePbsWUYGBgYGAL1XC0kWB9UkAAAAAElFTkSuQmCC"/>
+        <image id="_Image16" width="38px" height="26px" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACYAAAAaCAYAAADbhS54AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAPElEQVRIie3OsRGAIAAAMWRKPPefQyagSKXFZ4Jc637e8UPz68BJMVVMFVPFVDFVTBVTxVQxVUwVU8XUBl5UAj8RVzT1AAAAAElFTkSuQmCC"/>
+        <linearGradient id="_Linear20" x2="1" gradientTransform="matrix(43.56,0,0,43.56,29.84,45.5)" gradientUnits="userSpaceOnUse"><stop stop-color="#a6a8ab" offset="0"/><stop stop-color="#a6a8ab" offset=".24"/><stop stop-color="#404040" offset="1"/></linearGradient>
+        <linearGradient id="_Linear21" x2="1" gradientTransform="matrix(-43.6 5.3395e-15 -5.3395e-15 -43.6 146.7 45.5)" gradientUnits="userSpaceOnUse"><stop stop-color="#a6a8ab" offset="0"/><stop stop-color="#a6a8ab" offset=".24"/><stop stop-color="#404040" offset="1"/></linearGradient>
+        <linearGradient id="_Linear22" x2="1" gradientTransform="matrix(-43.56 5.3346e-15 -5.3346e-15 -43.56 146.68 606)" gradientUnits="userSpaceOnUse"><stop stop-color="#a6a8ab" offset="0"/><stop stop-color="#a6a8ab" offset=".24"/><stop stop-color="#404040" offset="1"/></linearGradient>
+        <linearGradient id="_Linear23" x2="1" gradientTransform="matrix(43.53,0,0,43.53,29.9,606)" gradientUnits="userSpaceOnUse"><stop stop-color="#a6a8ab" offset="0"/><stop stop-color="#a6a8ab" offset=".24"/><stop stop-color="#404040" offset="1"/></linearGradient>
+    </defs>
+</svg>

docs/assets/img/router/pfsense-dark.svg

@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867"><g fill="#fff" stroke-width=".437"><path d="m9.7887 23.904c1.2673 0 2.3598-0.3933 3.2775-1.1362 0.91769-0.74289 1.5732-1.748 1.9228-2.9716s0.2622-2.2287-0.2185-2.9716c-0.48069-0.74289-1.3984-1.1362-2.6657-1.1362s-2.3598 0.39329-3.2775 1.1362c-0.91768 0.74289-1.5295 1.748-1.8791 2.9716s-0.3059 2.2287 0.2185 2.9716c0.43699 0.78659 1.311 1.1362 2.622 1.1362" class="pf0"/><path d="m20.626 15.688 1.1362-4.0203h2.0102l0.78659-2.8842c0.2622-0.87399 0.56809-1.748 0.96138-2.5346 0.34959-0.78659 0.87399-1.4858 1.4858-2.0976 0.61179-0.61179 1.3984-1.0925 2.3161-1.4421 0.91769-0.34959 2.0976-0.52439 3.4522-0.52439 0.3496 0 0.65549 0 1.0051 0.0437-0.3059-1.2673-1.4421-2.185-2.7531-2.2287h-28.186c-1.5732 0-2.8405 1.311-2.8405 2.8842v25.083l4.5884-16.3h4.6321l-0.61179 2.1413h0.0874c0.2622-0.3059 0.61179-0.56809 1.0488-0.87399 0.43699-0.3059 0.87399-0.56809 1.3547-0.83029 0.48069-0.2622 1.0051-0.43699 1.5732-0.61179 0.56809-0.1748 1.1362-0.2185 1.7043-0.2185 1.2236 0 2.2287 0.2185 3.1027 0.61179 0.87399 0.3933 1.5295 1.0051 2.0539 1.748 0.43699 0.65549 0.69919 1.4421 0.83029 2.3598l0.34959-0.2622h-0.0874z" class="pf1"/><path d="m33.517 6.5112c-0.2185-0.043702-0.48069-0.087403-0.78659-0.087403-0.78659 0-1.4421 0.1748-1.9665 0.52439-0.48069 0.34959-0.91768 1.0488-1.2236 2.1413l-0.74289 2.5783h2.8405l0.69919 2.2287-1.8354 1.7917h-2.8405l-3.4522 12.236h-4.9817l3.4522-12.236h-1.9228l-0.39329 0.2622c0 0.0874 0.0437 0.2185 0.0437 0.3059 0.0874 1.0051-0.0437 2.1413-0.39329 3.3649-0.3059 1.1362-0.78659 2.2287-1.4421 3.2775-0.65549 1.0488-1.3984 1.9665-2.2287 2.7531-0.87399 0.78659-1.8354 1.4421-2.8842 1.9228-1.0488 0.48069-2.1413 0.69919-3.3212 0.69919-1.0488 0-1.9665-0.1748-2.7968-0.48069-0.83029-0.3059-1.3984-0.87399-1.748-1.6606h-0.0874l-2.185 7.7348h27.662c1.5732 0 2.8842-1.2673 2.8842-2.8842v-24.341c-0.13111-0.043702-0.2622-0.087403-0.3496-0.13111" class="pf2"/></g></svg>

docs/assets/img/router/pfsense.svg

@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867"><g stroke-width=".437"><path fill="#2b40b5" d="m9.7887 23.904c1.2673 0 2.3598-0.3933 3.2775-1.1362 0.91769-0.74289 1.5732-1.748 1.9228-2.9716s0.2622-2.2287-0.2185-2.9716c-0.48069-0.74289-1.3984-1.1362-2.6657-1.1362s-2.3598 0.39329-3.2775 1.1362c-0.91768 0.74289-1.5295 1.748-1.8791 2.9716-0.3496 1.2236-0.3059 2.2287 0.2185 2.9716 0.43699 0.78659 1.311 1.1362 2.622 1.1362" class="pf0"/><path fill="#08c" d="m20.626 15.688 1.1362-4.0203h2.0102l0.78659-2.8842c0.2622-0.87399 0.56809-1.748 0.96138-2.5346 0.34959-0.78659 0.87399-1.4858 1.4858-2.0976 0.61179-0.61179 1.3984-1.0925 2.3161-1.4421 0.91769-0.34959 2.0976-0.52439 3.4522-0.52439 0.3496 0 0.65549 0 1.0051 0.0437-0.3059-1.2673-1.4421-2.185-2.7531-2.2287h-28.186c-1.5732 0-2.8405 1.311-2.8405 2.8842v25.083l4.5884-16.3h4.6321l-0.61179 2.1413h0.0874c0.2622-0.3059 0.61179-0.56809 1.0488-0.87399 0.43699-0.3059 0.87399-0.56809 1.3547-0.83029 0.48069-0.2622 1.0051-0.43699 1.5732-0.61179 0.56809-0.1748 1.1362-0.2185 1.7043-0.2185 1.2236 0 2.2287 0.2185 3.1027 0.61179 0.87399 0.3933 1.5295 1.0051 2.0539 1.748 0.43699 0.65549 0.69919 1.4421 0.83029 2.3598l0.34959-0.2622h-0.0874z" class="pf1"/><path fill="#1c1275" d="m33.517 6.5112c-0.2185-0.043702-0.48069-0.087403-0.78659-0.087403-0.78659 0-1.4421 0.1748-1.9665 0.52439-0.48069 0.34959-0.91768 1.0488-1.2236 2.1413l-0.74289 2.5783h2.8405l0.69919 2.2287-1.8354 1.7917h-2.8405l-3.4522 12.236h-4.9817l3.4522-12.236h-1.9228l-0.39329 0.2622c0 0.0874 0.0437 0.2185 0.0437 0.3059 0.0874 1.0051-0.0437 2.1413-0.39329 3.3649-0.3059 1.1362-0.78659 2.2287-1.4421 3.2775-0.65549 1.0488-1.3984 1.9665-2.2287 2.7531-0.87399 0.78659-1.8354 1.4421-2.8842 1.9228-1.0488 0.48069-2.1413 0.69919-3.3212 0.69919-1.0488 0-1.9665-0.1748-2.7968-0.48069-0.83029-0.3059-1.3984-0.87399-1.748-1.6606h-0.0874l-2.185 7.7348h27.662c1.5732 0 2.8842-1.2673 2.8842-2.8842v-24.341c-0.13111-0.043702-0.2622-0.087403-0.3496-0.13111" class="pf2"/></g></svg>

docs/assets/img/search-engines/brave-search.svg

@@ -1,2 +1 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><defs><linearGradient id="a" x1="31.064" x2="45.126" y1="56.825" y2="56.825" gradientTransform="scale(1.0331 .96797)" gradientUnits="userSpaceOnUse"><stop stop-color="#FFF" offset="0"/><stop stop-color="#F4F4F4" offset="1"/></linearGradient></defs><g transform="matrix(.43756 0 0 .43756 1.2096 2.8221)" fill="none" fill-rule="evenodd"><circle cx="32.25" cy="32.25" r="32.25" stroke="#a4a7ad" stroke-width="5.529"/><circle cx="69.106" cy="61.735" r="5.529" fill="#a4a7ad" fill-rule="nonzero"/><path d="m52.142 26.87-1.448-3.855 1.006-2.215a0.747 0.747 0 0 0-0.157-0.84l-2.736-2.715a4.483 4.483 0 0 0-4.591-1.047l-0.765 0.26-3.997-4.48h-14.697l-3.945 4.534-0.744-0.257a4.494 4.494 0 0 0-4.635 1.058l-2.785 2.765a0.592 0.592 0 0 0-0.124 0.67l1.051 2.298-1.44 3.853 0.932 3.474 4.247 15.832a8.055 8.055 0 0 0 3.182 4.519s5.156 3.566 10.244 6.804c0.448 0.285 0.916 0.494 1.418 0.486 0.502 7e-3 0.97-0.201 1.416-0.487a377.05 377.05 0 0 0 10.236-6.817 8.07 8.07 0 0 0 3.177-4.523l4.227-15.84 0.928-3.478z" fill="#fb542b"/><path d="m47.622 27.635-0.066 0.206-0.105 0.37c-0.424 0.502-0.864 0.991-1.319 1.466l-4.082 4.255c-0.444 0.462-0.695 1.043-0.442 1.627l0.551 1.331c0.253 0.584 0.278 1.551 0.035 2.2a3.922 3.922 0 0 1-1.227 1.689l-0.426 0.34c-0.503 0.402-1.393 0.507-1.979 0.234l-1.88-0.874a9.75 9.75 0 0 1-1.941-1.268l-1.779-1.568a0.798 0.798 0 0 1-0.044-1.162l4.333-2.865c0.537-0.355 0.821-1.012 0.516-1.573l-1.54-2.747c-0.306-0.56-0.428-1.305-0.272-1.655s0.78-0.82 1.387-1.045l5.029-1.832c0.606-0.225 0.574-0.457-0.072-0.517l-3.213-0.234c-0.646-0.06-1.12 0.032-1.744 0.203l-2.432 0.59c-0.625 0.171-0.757 0.822-0.64 1.446l1.004 5.334c0.117 0.624 0.175 1.253 0.128 1.398-0.047 0.144-0.603 0.377-1.236 0.518l-0.831 0.184c-0.633 0.141-1.669 0.147-2.303 0.015l-1.006-0.21c-0.635-0.132-1.192-0.359-1.239-0.503-0.048-0.144 9e-3 -0.774 0.127-1.398l0.997-5.335c0.117-0.624-0.016-1.275-0.641-1.445l-2.433-0.587c-0.624-0.17-1.098-0.26-1.744-0.201l-3.213 0.237c-0.646 0.06-0.678 0.292-0.071 0.517l5.031 1.826c0.607 0.224 1.231 0.694 1.388 1.044s0.035 1.094-0.269 1.654l-1.538 2.749c-0.304 0.56-0.019 1.217 0.519 1.572l4.336 2.861a0.799 0.799 0 0 1-0.042 1.162l-1.778 1.57c-0.594 0.5-1.245 0.926-1.94 1.27l-1.878 0.877c-0.586 0.273-1.476 0.169-1.979-0.231l-0.426-0.34a3.98 3.98 0 0 1-1.25-1.741c-0.223-0.596-0.2-1.562 0.052-2.147l0.55-1.331c0.252-0.585 1e-3 -1.165-0.444-1.627l-4.087-4.25a31.971 31.971 0 0 1-1.32-1.464l-0.106-0.37-0.066-0.207c-7e-3 -0.238 0.08-0.995 0.179-1.2 0.098-0.204 0.476-0.802 0.839-1.328l0.874-1.268c0.364-0.526 0.991-1.362 1.395-1.86l1.282-1.574c0.404-0.496 0.749-0.9 0.801-0.897 2e-3 -3e-3 0.525 0.093 1.162 0.212l1.942 0.365c0.636 0.12 1.339 0.251 1.561 0.292 0.221 0.041 0.908-0.085 1.525-0.281l1.396-0.443c0.687-0.216 1.38-0.407 2.08-0.575l0.489 7e-3 0.488-7e-3c0.7 0.166 1.393 0.357 2.08 0.571l1.398 0.442c0.617 0.195 1.303 0.321 1.525 0.28l1.288-0.243 0.272-0.052 1.942-0.367c0.636-0.12 1.159-0.216 1.197-0.213 0.017-3e-3 0.361 0.4 0.766 0.897l1.284 1.572c0.486 0.604 0.952 1.224 1.398 1.858l0.876 1.266c0.363 0.526 0.931 1.482 0.967 1.7 0.036 0.217 0.06 0.59 0.054 0.827zm-15.271 12.696c0.057 0 0.594 0.198 1.193 0.441l0.556 0.226c0.599 0.243 1.563 0.677 2.141 0.964l1.64 0.816c0.578 0.287 0.62 0.825 0.092 1.195l-1.399 0.98c-0.633 0.45-1.247 0.926-1.842 1.426l-0.465 0.397-1.3 1.111c-0.484 0.415-1.269 0.416-1.744 6e-3 -0.58-0.502-1.163-1.001-1.749-1.497a28.88 28.88 0 0 0-1.847-1.414l-1.394-0.964c-0.53-0.367-0.493-0.907 0.082-1.2l1.649-0.841c0.7-0.351 1.412-0.677 2.135-0.977l0.556-0.226c0.598-0.243 1.135-0.443 1.192-0.443z" fill="url(#a)"/></g></svg>
+<svg xmlns="http://www.w3.org/2000/svg" width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867"><defs><linearGradient id="a" x1="31.064" x2="45.126" y1="56.825" y2="56.825" gradientTransform="scale(1.0331 .96797)" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#FFF"/><stop offset="1" stop-color="#F4F4F4"/></linearGradient></defs><g fill="none" fill-rule="evenodd" transform="matrix(.43756 0 0 .43756 1.2096 2.8221)"><circle cx="32.25" cy="32.25" r="32.25" stroke="#a4a7ad" stroke-width="5.529"/><circle cx="69.106" cy="61.735" r="5.529" fill="#a4a7ad" fill-rule="nonzero"/><path fill="#fb542b" d="m52.142 26.87-1.448-3.855 1.006-2.215a0.747 0.747 0 0 0-0.157-0.84l-2.736-2.715a4.483 4.483 0 0 0-4.591-1.047l-0.765 0.26-3.997-4.48h-14.697l-3.945 4.534-0.744-0.257a4.494 4.494 0 0 0-4.635 1.058l-2.785 2.765a0.592 0.592 0 0 0-0.124 0.67l1.051 2.298-1.44 3.853 0.932 3.474 4.247 15.832a8.055 8.055 0 0 0 3.182 4.519s5.156 3.566 10.244 6.804c0.448 0.285 0.916 0.494 1.418 0.486 0.502 7e-3 0.97-0.201 1.416-0.487a377.05 377.05 0 0 0 10.236-6.817 8.07 8.07 0 0 0 3.177-4.523l4.227-15.84 0.928-3.478z"/><path fill="url(#a)" d="m47.622 27.635-0.066 0.206-0.105 0.37c-0.424 0.502-0.864 0.991-1.319 1.466l-4.082 4.255c-0.444 0.462-0.695 1.043-0.442 1.627l0.551 1.331c0.253 0.584 0.278 1.551 0.035 2.2a3.922 3.922 0 0 1-1.227 1.689l-0.426 0.34c-0.503 0.402-1.393 0.507-1.979 0.234l-1.88-0.874a9.75 9.75 0 0 1-1.941-1.268l-1.779-1.568a0.798 0.798 0 0 1-0.044-1.162l4.333-2.865c0.537-0.355 0.821-1.012 0.516-1.573l-1.54-2.747c-0.306-0.56-0.428-1.305-0.272-1.655s0.78-0.82 1.387-1.045l5.029-1.832c0.606-0.225 0.574-0.457-0.072-0.517l-3.213-0.234c-0.646-0.06-1.12 0.032-1.744 0.203l-2.432 0.59c-0.625 0.171-0.757 0.822-0.64 1.446l1.004 5.334c0.117 0.624 0.175 1.253 0.128 1.398-0.047 0.144-0.603 0.377-1.236 0.518l-0.831 0.184c-0.633 0.141-1.669 0.147-2.303 0.015l-1.006-0.21c-0.635-0.132-1.192-0.359-1.239-0.503-0.048-0.144 9e-3 -0.774 0.127-1.398l0.997-5.335c0.117-0.624-0.016-1.275-0.641-1.445l-2.433-0.587c-0.624-0.17-1.098-0.26-1.744-0.201l-3.213 0.237c-0.646 0.06-0.678 0.292-0.071 0.517l5.031 1.826c0.607 0.224 1.231 0.694 1.388 1.044s0.035 1.094-0.269 1.654l-1.538 2.749c-0.304 0.56-0.019 1.217 0.519 1.572l4.336 2.861a0.799 0.799 0 0 1-0.042 1.162l-1.778 1.57c-0.594 0.5-1.245 0.926-1.94 1.27l-1.878 0.877c-0.586 0.273-1.476 0.169-1.979-0.231l-0.426-0.34a3.98 3.98 0 0 1-1.25-1.741c-0.223-0.596-0.2-1.562 0.052-2.147l0.55-1.331c0.252-0.585 1e-3 -1.165-0.444-1.627l-4.087-4.25a31.971 31.971 0 0 1-1.32-1.464l-0.106-0.37-0.066-0.207c-7e-3 -0.238 0.08-0.995 0.179-1.2 0.098-0.204 0.476-0.802 0.839-1.328l0.874-1.268c0.364-0.526 0.991-1.362 1.395-1.86l1.282-1.574c0.404-0.496 0.749-0.9 0.801-0.897 2e-3 -3e-3 0.525 0.093 1.162 0.212l1.942 0.365c0.636 0.12 1.339 0.251 1.561 0.292 0.221 0.041 0.908-0.085 1.525-0.281l1.396-0.443c0.687-0.216 1.38-0.407 2.08-0.575l0.489 7e-3 0.488-7e-3c0.7 0.166 1.393 0.357 2.08 0.571l1.398 0.442c0.617 0.195 1.303 0.321 1.525 0.28l1.288-0.243 0.272-0.052 1.942-0.367c0.636-0.12 1.159-0.216 1.197-0.213 0.017-3e-3 0.361 0.4 0.766 0.897l1.284 1.572c0.486 0.604 0.952 1.224 1.398 1.858l0.876 1.266c0.363 0.526 0.931 1.482 0.967 1.7 0.036 0.217 0.06 0.59 0.054 0.827zm-15.271 12.696c0.057 0 0.594 0.198 1.193 0.441l0.556 0.226c0.599 0.243 1.563 0.677 2.141 0.964l1.64 0.816c0.578 0.287 0.62 0.825 0.092 1.195l-1.399 0.98c-0.633 0.45-1.247 0.926-1.842 1.426l-0.465 0.397-1.3 1.111c-0.484 0.415-1.269 0.416-1.744 6e-3 -0.58-0.502-1.163-1.001-1.749-1.497a28.88 28.88 0 0 0-1.847-1.414l-1.394-0.964c-0.53-0.367-0.493-0.907 0.082-1.2l1.649-0.841c0.7-0.351 1.412-0.677 2.135-0.977l0.556-0.226c0.598-0.243 1.135-0.443 1.192-0.443z"/></g></svg>

docs/assets/img/vpn/protonvpn.svg

@@ -1,2 +1 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><defs><clipPath id="SVGID_00000142168627081468672430000006527680084326249886_"><use xlink:href="#SVGID_1_"/></clipPath><linearGradient id="SVGID_00000088853459014864040730000009902632102805990829_" x1="536.6" x2="292.94" y1="1113.2" y2="64.084" gradientTransform="matrix(1,0,0,-1,0,788)" gradientUnits="userSpaceOnUse"><stop stop-color="#24ECC6" stop-opacity="0" offset=".4799"/><stop stop-color="#24ECC6" offset=".9944"/></linearGradient><linearGradient id="SVGID_00000075863372972845837890000016599907698185993344_" x1="759.68" x2="219.42" y1="79.312" y2="1003.2" gradientTransform="matrix(1,0,0,-1,0,788)" gradientUnits="userSpaceOnUse"><stop stop-color="#ABFFEF" offset=".066012"/><stop stop-color="#CAC9FF" offset=".4499"/><stop stop-color="#6D4AFF" offset="1"/></linearGradient><rect id="SVGID_1_" width="862" height="787"/></defs><g transform="matrix(.039294 0 0 .039294 3.7235e-7 1.4686)"><clipPath><use xlink:href="#SVGID_1_"/></clipPath><g clip-path="url(#SVGID_00000142168627081468672430000006527680084326249886_)"><path class="st1" d="m346.1 740.3c32.8 59.3 116.9 62.6 154 5.9l346.7-528.4c36.8-56 1.6-131.2-65-138.8l-681.4-78.1c-72.7-8.3-124.4 68.9-89.1 132.9z" clip-rule="evenodd" fill="#6851f6" fill-rule="evenodd"/><path d="m346.3 740.3c32.8 59.3 116.9 62.6 154 5.9l346.7-528.4c36.8-56 1.6-131.2-65-138.8l-681.4-78.2c-72.7-8.3-124.4 68.9-89 132.9z" clip-rule="evenodd" fill="url(#SVGID_00000088853459014864040730000009902632102805990829_)" fill-rule="evenodd"/><path d="m396.4 638.7-30.8 46.3c-12.5 18.7-40.4 17.6-51.2-2.1l31.7 57.5c5.7 10.2 12.8 18.8 21.1 25.7 39.3 33 102.2 27.1 133-19.8l346.7-528.4c36.8-56 1.6-131.2-65-138.8l-681.5-78.2c-72.7-8.4-124.4 68.9-89.1 132.9l2.7 4.9 580.1 67.1c37 4.3 56.5 46 36 77.1z" fill="url(#SVGID_00000075863372972845837890000016599907698185993344_)"/></g></g></svg>
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867"><defs><clipPath id="SVGID_00000142168627081468672430000006527680084326249886_"><use xlink:href="#SVGID_1_"/></clipPath><linearGradient id="SVGID_00000088853459014864040730000009902632102805990829_" x1="536.6" x2="292.94" y1="1113.2" y2="64.084" gradientTransform="matrix(1,0,0,-1,0,788)" gradientUnits="userSpaceOnUse"><stop offset=".48" stop-color="#24ECC6" stop-opacity="0"/><stop offset=".994" stop-color="#24ECC6"/></linearGradient><linearGradient id="SVGID_00000075863372972845837890000016599907698185993344_" x1="759.68" x2="219.42" y1="79.312" y2="1003.2" gradientTransform="matrix(1,0,0,-1,0,788)" gradientUnits="userSpaceOnUse"><stop offset=".066" stop-color="#ABFFEF"/><stop offset=".45" stop-color="#CAC9FF"/><stop offset="1" stop-color="#6D4AFF"/></linearGradient><rect id="SVGID_1_" width="862" height="787"/></defs><g transform="matrix(.039294 0 0 .039294 3.7235e-7 1.4686)"><clipPath><use xlink:href="#SVGID_1_"/></clipPath><g clip-path="url(#SVGID_00000142168627081468672430000006527680084326249886_)"><path fill="#6851f6" fill-rule="evenodd" d="m346.1 740.3c32.8 59.3 116.9 62.6 154 5.9l346.7-528.4c36.8-56 1.6-131.2-65-138.8l-681.4-78.1c-72.7-8.3-124.4 68.9-89.1 132.9z" class="st1" clip-rule="evenodd"/><path fill="url(#SVGID_00000088853459014864040730000009902632102805990829_)" fill-rule="evenodd" d="m346.3 740.3c32.8 59.3 116.9 62.6 154 5.9l346.7-528.4c36.8-56 1.6-131.2-65-138.8l-681.4-78.2c-72.7-8.3-124.4 68.9-89 132.9z" clip-rule="evenodd"/><path fill="url(#SVGID_00000075863372972845837890000016599907698185993344_)" d="m396.4 638.7-30.8 46.3c-12.5 18.7-40.4 17.6-51.2-2.1l31.7 57.5c5.7 10.2 12.8 18.8 21.1 25.7 39.3 33 102.2 27.1 133-19.8l346.7-528.4c36.8-56 1.6-131.2-65-138.8l-681.5-78.2c-72.7-8.4-124.4 68.9-89.1 132.9l2.7 4.9 580.1 67.1c37 4.3 56.5 46 36 77.1z"/></g></g></svg>

docs/assets/rainbow-brand/privacy-guides-logo-notext.svg

@@ -1,15 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE svg  PUBLIC '-//W3C//DTD SVG 1.1//EN'  'http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd'>
-<svg clip-rule="evenodd" fill-rule="evenodd" stroke-linejoin="round" stroke-miterlimit="2" version="1.1" viewBox="0 0 33 34" xml:space="preserve" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
-    <path d="m4.581 4.337c-0.113 0.379-0.049 0.822 0.077 1.707l1.604 11.224c0.277 1.939 0.415 2.909 0.782 3.775 0.325 0.768 0.781 1.474 1.346 2.087 0.638 0.691 1.465 1.217 3.117 2.269l2.349 1.495c1.126 0.716 1.69 1.075 2.295 1.214 0.465 0.108 0.947 0.121 1.416 0.042-0.388-0.887-0.603-1.867-0.603-2.897 0-3.996 3.24-7.236 7.236-7.236 1.166 0 2.268 0.276 3.243 0.766 0.069-0.432 0.14-0.929 0.223-1.514v-1e-3l1.604-11.224c0.126-0.885 0.19-1.328 0.077-1.707-0.099-0.334-0.292-0.632-0.557-0.859-0.3-0.257-0.73-0.38-1.59-0.626l-9.441-2.697c-0.296-0.085-0.444-0.127-0.594-0.144-0.134-0.015-0.268-0.015-0.402 0-0.15 0.017-0.298 0.059-0.594 0.144l-9.441 2.697c-0.86 0.246-1.29 0.369-1.59 0.626-0.265 0.227-0.458 0.525-0.557 0.859z" fill="#ffd06f"/>
-    <clipPath id="_clip1">
-        <path d="m4.581 4.337c-0.113 0.379-0.049 0.822 0.077 1.707l1.604 11.224c0.277 1.939 0.415 2.909 0.782 3.775 0.325 0.768 0.781 1.474 1.346 2.087 0.638 0.691 1.465 1.217 3.117 2.269l2.349 1.495c1.126 0.716 1.69 1.075 2.295 1.214 0.465 0.108 0.947 0.121 1.416 0.042-0.388-0.887-0.603-1.867-0.603-2.897 0-3.996 3.24-7.236 7.236-7.236 1.166 0 2.268 0.276 3.243 0.766 0.069-0.432 0.14-0.929 0.223-1.514v-1e-3l1.604-11.224c0.126-0.885 0.19-1.328 0.077-1.707-0.099-0.334-0.292-0.632-0.557-0.859-0.3-0.257-0.73-0.38-1.59-0.626l-9.441-2.697c-0.296-0.085-0.444-0.127-0.594-0.144-0.134-0.015-0.268-0.015-0.402 0-0.15 0.017-0.298 0.059-0.594 0.144l-9.441 2.697c-0.86 0.246-1.29 0.369-1.59 0.626-0.265 0.227-0.458 0.525-0.557 0.859z"/>
-    </clipPath>
-    <g clip-path="url(#_clip1)">
-        <use transform="scale(.99533 .97244)" x="4.544" width="24.883px" height="28.201px" xlink:href="#_Image2"/>
-    </g>
-    <path d="m13.246 2.719c0.066-7e-3 0.134-7e-3 0.201 0 0.057 7e-3 0.122 0.022 0.446 0.114l9.44 2.698c0.444 0.126 0.727 0.208 0.94 0.287 0.202 0.075 0.274 0.124 0.311 0.156 0.132 0.113 0.229 0.262 0.278 0.429 0.014 0.047 0.03 0.133 0.016 0.348-0.015 0.226-0.056 0.518-0.122 0.974l-1.346 9.426c-4.125 0.397-7.351 3.873-7.351 8.102 0 0.835 0.126 1.641 0.36 2.4l-0.451 0.286c-1.183 0.753-1.594 1.001-2.012 1.097-0.401 0.092-0.818 0.092-1.22 0-0.417-0.096-0.829-0.344-2.012-1.097l-2.349-1.494c-1.693-1.078-2.398-1.535-2.938-2.12-0.495-0.536-0.894-1.153-1.178-1.825-0.31-0.733-0.436-1.564-0.72-3.551l-1.603-11.224c-0.066-0.456-0.107-0.748-0.121-0.974-0.015-0.215 1e-3 -0.301 0.015-0.348 0.05-0.167 0.146-0.316 0.279-0.429 0.036-0.032 0.109-0.081 0.31-0.156 0.213-0.079 0.496-0.161 0.94-0.287l9.44-2.698c0.324-0.092 0.389-0.107 0.447-0.114zm13.306 5.231-1.318 9.228c4.007 0.508 7.106 3.93 7.106 8.075 0 4.496-3.644 8.141-8.14 8.141-3.01 0-5.639-1.634-7.048-4.064l-0.212 0.136-0.135 0.085c-0.996 0.634-1.683 1.072-2.443 1.248-0.668 0.154-1.364 0.154-2.032 0-0.76-0.176-1.447-0.614-2.443-1.248l-0.134-0.085-2.466-1.57c-1.541-0.98-2.461-1.565-3.179-2.344-0.637-0.689-1.149-1.483-1.515-2.347-0.413-0.976-0.567-2.054-0.825-3.863l-1.628-11.392c-0.059-0.416-0.111-0.778-0.131-1.081-0.021-0.323-0.012-0.648 0.087-0.98 0.148-0.501 0.439-0.949 0.835-1.289 0.264-0.226 0.557-0.366 0.86-0.478 0.285-0.106 0.636-0.206 1.04-0.322l0.031-9e-3 9.44-2.697 0.05-0.014c0.247-0.071 0.465-0.133 0.693-0.159 0.2-0.022 0.402-0.022 0.603 0 0.227 0.026 0.445 0.088 0.692 0.159l0.05 0.014 9.471 2.706c0.404 0.116 0.755 0.216 1.04 0.322 0.304 0.112 0.596 0.252 0.86 0.478 0.397 0.34 0.687 0.788 0.835 1.289 0.099 0.332 0.108 0.657 0.087 0.98-0.02 0.303-0.072 0.665-0.131 1.08v1e-3zm-2.352 10.972c-3.497 0-6.332 2.835-6.332 6.331 0 3.497 2.835 6.332 6.332 6.332s6.331-2.835 6.331-6.332c0-3.496-2.834-6.331-6.331-6.331zm4.313 4.197c0.319-0.384 0.268-0.954-0.116-1.274s-0.954-0.268-1.274 0.116l-3.888 4.666-2.013-2.013c-0.354-0.353-0.926-0.353-1.28 0-0.353 0.353-0.353 0.926 0 1.279l2.714 2.713c0.18 0.18 0.427 0.276 0.68 0.264 0.254-0.011 0.492-0.129 0.654-0.324l4.523-5.427zm-19.689-10.529c0-2.497 2.024-4.522 4.522-4.522s4.522 2.025 4.522 4.522c0 1.48-0.71 2.794-1.809 3.619v3.617c0 1.499-1.214 2.714-2.713 2.714s-2.713-1.215-2.713-2.714v-3.617c-1.099-0.825-1.809-2.139-1.809-3.619zm5.426 4.523h-1.808v2.713c0 0.5 0.405 0.905 0.904 0.905 0.5 0 0.904-0.405 0.904-0.905v-2.713zm-0.904-1.809c1.499 0 2.713-1.215 2.713-2.714 0-1.498-1.214-2.713-2.713-2.713s-2.713 1.215-2.713 2.713c0 1.499 1.214 2.714 2.713 2.714z" fill="#28323f"/>
-    <defs>
-        <image id="_Image2" width="25px" height="29px" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABkAAAAdCAYAAABfeMd1AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAa0lEQVRIiWP8U1b2n4HGgInWFgwvS1gYhOhgCbMp7S0ZPnFCp4gXpYclivSwhA4BNowi/vBzZtpbsuUBK80tGT5xQqcc/y6UDpZ806G5JcMoThj/07xFxMBid+sE7S1h+/ub5pYMn4iniyUAs5sPQ3yZHVsAAAAASUVORK5CYII="/>
-    </defs>
-</svg>

docs/basics/account-deletion.en.md

@@ -59,5 +59,3 @@ Even when you are able to delete an account, there is no guarantee that all your
 ## Avoid New Accounts
 
 As the old saying goes, "an ounce of prevention is worth a pound of cure." Whenever you feel tempted to sign up for a new account, ask yourself, "Do I really need this? Can I accomplish what I need to without an account?" It can often be much harder to delete an account than to create one. And even after deleting or changing the info on your account, there might be a cached version from a third-party—like the [Internet Archive](https://archive.org/). Avoid the temptation when you're able to—your future self will thank you!
-
---8<-- "includes/abbreviations.en.md"

docs/basics/common-threats.en.md

@@ -38,7 +38,7 @@ To minimize the potential damage that a malicious piece of software can do, you
 
     Mobile operating systems are generally safer than desktop operating systems when it comes to application sandboxing. Apps cannot obtain root access and only have access to system resources which you grant them.
 
-    Desktop operating systems generally lag behind on proper sandboxing. Chrome OS has similar sandboxing properties to Android, and macOS has full system permission control and opt-in (for developers) sandboxing for applications, however these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make heavy use of virtual machines or containers, such as Qubes OS.
+    Desktop operating systems generally lag behind on proper sandboxing. ChromeOS has similar sandboxing properties to Android, and macOS has full system permission control and opt-in (for developers) sandboxing for applications, however these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make heavy use of virtual machines or containers, such as Qubes OS.
 
 <span class="pg-red">:material-target-account: Targeted Attacks</span>
 
@@ -171,7 +171,7 @@ So, how might this look?
 
 One of the clearest threat models is one where people *know who you are* and one where they do not. There will always be situations where you must declare your legal name and places where you can get away without doing so.
 
-1. **Known identity** - A known identity is used for things where you must declare your name. There are many such legal documents and contracts where a legal identity is required. This could range from opening a bank account, signing a property lease, obtaining a passport, a customs declaration when importing an item or otherwise dealing with your Government. These things will usually always lead back credentials such as credit cards, credit rating checks, account numbers and possibly physical addresses.
+1. **Known identity** - A known identity is used for things where you must declare your name. There are many such legal documents and contracts where a legal identity is required. This could range from opening a bank account, signing a property lease, obtaining a passport, a customs declaration when importing an item or otherwise dealing with your Government. These things will usually lead back credentials such as credit cards, credit rating checks, account numbers and possibly physical addresses.
 
     We don't suggest using a VPN or Tor for any of these things as your identity is already known through other means.
 

docs/basics/dns-overview.en.md

@@ -304,5 +304,3 @@ The [EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) is a
 It's intended to "speed up" delivery of data by giving the client an answer that belongs to a server that is close to them such as a [content delivery network](https://en.wikipedia.org/wiki/Content_delivery_network), which are often used in video streaming and serving JavaScript web apps.
 
 This feature does come at a privacy cost, as it tells the DNS server some information about the client's location.
-
---8<-- "includes/abbreviations.en.md"

docs/basics/email-security.en.md

@@ -38,5 +38,3 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http
 ### Why Can't Metadata be E2EE?
 
 Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc.
-
---8<-- "includes/abbreviations.en.md"

docs/basics/multi-factor-authentication.en.md

@@ -1,8 +1,8 @@
 ---
-title: "Multifactor Authentication"
+title: "Multi-factor Authentication"
 icon: 'material/two-factor-authentication'
 ---
-**Multifactor authentication** is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app.
+**Multi-factor authentication** is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app.
 
 Normally, if a hacker (or adversary) is able to figure out your password then they’d gain access to the account that password belongs to. An account with MFA forces the hacker to have both the password (something you *know*) and a device that you own (something you *have*), like your phone.
 
@@ -40,7 +40,7 @@ Although not perfect, TOTP is secure enough for most people, and when [hardware
 
 The YubiKey stores data on a tamper-resistant solid-state chip which is [impossible to access](https://security.stackexchange.com/a/245772) non-destructively without an expensive process and a forensics laboratory.
 
-These keys are generally multifunction and provide a number of methods to authenticate. Below are the most common ones.
+These keys are generally multi-function and provide a number of methods to authenticate. Below are the most common ones.
 
 #### Yubico OTP
 
@@ -116,7 +116,7 @@ If you use SMS MFA, use a carrier who will not switch your phone number to a new
 
 ## More Places to Set Up MFA
 
-Beyond just securing your website logins, multifactor authentication can be used to secure your local logins, SSH keys or even password databases as well.
+Beyond just securing your website logins, multi-factor authentication can be used to secure your local logins, SSH keys or even password databases as well.
 
 ### Windows
 
@@ -156,10 +156,8 @@ SSH MFA could be set up using multiple different authentication methods that are
 
 #### Time-based One-time Password (TOTP)
 
-SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How To Set Up MultiFactor Authentication for SSH on Ubuntu 20.04](https://www.digitalocean.com/community/tutorials/how-to-set-up-multi-factor-authentication-for-ssh-on-ubuntu-20-04). Most things should be the same regardless of distribution, however the package manager commands—such as `apt-get`—and package names may differ.
+SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How To Set Up Multi-Factor Authentication for SSH on Ubuntu 20.04](https://www.digitalocean.com/community/tutorials/how-to-set-up-multi-factor-authentication-for-ssh-on-ubuntu-20-04). Most things should be the same regardless of distribution, however the package manager commands—such as `apt-get`—and package names may differ.
 
 ### KeePass (and KeePassXC)
 
 KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
-
---8<-- "includes/abbreviations.en.md"

docs/basics/tor-overview.md

@@ -65,12 +65,12 @@ Tor allows us to connect to a server without any single party knowing the entire
 
 Though Tor does provide strong privacy guarantees, one must be aware that Tor is not perfect:
 
-- Well-funded adversaries with the capability to passively watch most network traffic over the globe have a chance of deanonymizing Tor users by means of advanced traffic analysis. Nor Tor does not protect you from exposing yourself by mistake, such as if you share to much information about your real identity.
+- Well-funded adversaries with the capability to passively watch most network traffic over the globe have a chance of deanonymizing Tor users by means of advanced traffic analysis. Nor does Tor protect you from exposing yourself by mistake, such as if you share too much information about your real identity.
 - Tor exit nodes can also monitor traffic that passes through them. This means traffic which is not encrypted, such as plain HTTP traffic, can be recorded and monitored. If such traffic contains personally identifiable information, then it can deanonymize you to that exit node. Thus, we recommend using HTTPS over Tor where possible.
 
 If you wish to use Tor for browsing the web, we only recommend the **official** Tor Browser—it is designed to prevent fingerprinting.
 
-- [Browsers: Tor Browser :hero-arrow-circle-right-fill:](../browsers.md#tor-browser)
+- [Browsers: Tor Browser :hero-arrow-circle-right-fill:](../desktop-browsers.md#tor-browser)
 
 ## Additional Resources
 

docs/basics/vpn-overview.en.md

@@ -39,7 +39,7 @@ By using a VPN with Tor, you're creating essentially a permanent entry node, oft
 
 VPNs cannot provide anonymity. Your VPN provider will still see your real IP address, and often has a money trail that can be linked directly back to you. You cannot rely on "no logging" policies to protect your data. Use [Tor](https://www.torproject.org/) instead.
 
-## What about VPN providers that provides Tor nodes?
+## What about VPN providers that provide Tor nodes?
 
 Do not use that feature. The point of using Tor is that you do not trust your VPN provider. Currently Tor only supports the [TCP](https://en.wikipedia.org/wiki/Transmission_Control_Protocol) protocol. [UDP](https://en.wikipedia.org/wiki/User_Datagram_Protocol) (used in [WebRTC](https://en.wikipedia.org/wiki/WebRTC) for voice and video sharing, the new [HTTP3/QUIC](https://en.wikipedia.org/wiki/HTTP/3) protocol, etc), [ICMP](https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol) and other packets will be dropped. To compensate for this, VPN providers typically will route all non-TCP packets through their VPN server (your first hop). This is the case with [ProtonVPN](https://protonvpn.com/support/tor-vpn/). Additionally, when using this Tor over VPN setup, you do not have control over other important Tor features such as [Isolated Destination Address](https://www.whonix.org/wiki/Stream_Isolation) (using a different Tor circuit for every domain you visit).
 
@@ -69,5 +69,3 @@ For use cases like these, or if you have another compelling reason, the VPN prov
 - [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/)
 - [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/)
 - [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/)
-
---8<-- "includes/abbreviations.en.md"

docs/blog/2021/09/14/welcome-to-privacy-guides.md

@@ -0,0 +1,56 @@
+---
+title: Welcome to Privacy Guides
+created: "2021-09-14"
+author: 'Jonah'
+template: overrides/blog.en.html
+---
+We are excited to announce the launch of [Privacy Guides](https://www.privacyguides.org/) and [r/PrivacyGuides](https://www.reddit.com/r/PrivacyGuides/), and welcome the privacy community to participate in our crowdsourced software recommendations and share tips and tricks for keeping your data safe online. Our goal is to be a central resource for privacy and security-related tips that are usable by anybody, and to carry on the trusted legacy of PrivacyTools.
+
+As we [announced](https://web.archive.org/web/20210729184422/https://blog.privacytools.io/the-future-of-privacytools/) on the PrivacyTools blog in July, we made the decision to migrate off our former privacytools.io domain for various reasons, including an inability to contact the current domain holder for over a year and [growing](http://www.thedarksideof.io/) [issues](https://fortune.com/2020/08/31/crypto-fraud-io-domain-chagos-islands-uk-colonialism-cryptocurrency/) [with the .IO top-level domain](https://github.com/privacytools/privacytools.io/issues/1324). As attempts to regain ownership of the domain have proven fruitless, we found it necessary to make this switch sooner rather than later to ensure people would find out about this transition as soon as possible. This gives us adequate time to transition the domain name, which is currently redirecting to [www.privacyguides.org](https://www.privacyguides.org/), and it hopefully gives everyone enough time to notice the change, update bookmarks and websites, etc.
+
+We chose the name Privacy Guides because it represents two things for us as an organization: An expansion beyond simple recommendation lists, and a goal of acting as the trusted guides to anyone newly learning about protecting their personal data.
+
+As a name, it moves us past recommendations of various tools and focuses us more on the bigger picture. We want to provide more _education_ — rather than _direction_ — surrounding privacy-related topics. You can see the very beginnings of this work in our new page on [threat modeling](https://www.privacyguides.org/basics/threat-modeling/), or our [VPN](https://www.privacyguides.org/vpn) and [Email Provider](https://www.privacyguides.org/email) recommendations, but this is just the start of what we eventually hope to accomplish.
+
+## Website Development
+
+Our project has always been community-oriented and open-sourced. The source code for PrivacyTools is currently archived at [https://github.com/privacytools/privacytools.io](https://github.com/privacytools/privacytools.io). This repository will remain online as an archive of everything on PrivacyTools up to this transition.
+
+The source code for our new website is available at [https://github.com/privacyguides/privacyguides.org](https://github.com/privacyguides/privacyguides.org). All updates from PrivacyTools have been merged into this new repository, and this is where all future work will take place.
+
+## Services
+
+PrivacyTools also runs a number of online services in use by many users. Some of these services are federated, namely Mastodon, Matrix, and PeerTube. Due to the technical nature of federation, it is impossible for us to change the domain name on these services, and because we cannot guarantee the future of the privacytools.io domain name we will be shutting down these services in the coming months.
+
+We strongly urge users of these services to migrate to alternative providers in the near future. We hope that we will be able to provide enough time to make this as seamless of a transition as possible for our users.
+
+At this time we do not plan on launching public Matrix, Mastodon, or PeerTube instances under the Privacy Guides domain. Any users affected by this transition can get in touch with [@jonah:aragon.sh](https://matrix.to/#/@jonah:aragon.sh) on Matrix if any assistance is needed.
+
+Other services being operated by PrivacyTools currently will be discontinued. This includes Searx, WriteFreely, and GhostBin.
+
+Our future direction for online services is uncertain, but will be a longer-term discussion within our community after our work is complete on this initial transition. We are very aware that whatever direction we move from here will have to be done in a way that is sustainable in the very long term.
+
+## r/PrivacyGuides
+
+PrivacyTools has a sizable community on Reddit, but to ensure a unified image we have created a new Subreddit at [r/PrivacyGuides](https://www.reddit.com/r/PrivacyGuides/) that we encourage all Reddit users to join.
+
+In the coming weeks our current plan is to wind down discussions on r/privacytoolsIO. We will be opening r/PrivacyGuides to lots of the discussions most people are used to shortly, but encouraging general “privacy news” or headline-type posts to be posted on [r/Privacy](https://www.reddit.com/r/privacy/) instead. In our eyes, r/Privacy is the “who/what/when/where” of the privacy community on Reddit, the best place to find the latest news and information; while r/PrivacyGuides is the “how”: a place to share and discuss tools, tips, tricks, and other advice. We think focusing on these strong points will serve to strengthen both communities, and we hope the good moderators of r/Privacy agree 🙂
+
+## Final Thoughts
+
+The former active team at PrivacyTools universally agrees on this direction towards Privacy Guides, and will be working exclusively on Privacy Guides rather than any “PrivacyTools” related projects. We intend to redirect PriavcyTools to new Privacy Guides properties for as long as possible, and archive existing PrivacyTools work as a pre-transition snapshot.
+
+Privacy Guides additionally welcomes back PrivacyTools’ former sysadmin [Jonah](https://twitter.com/JonahAragon), who will be joining the project’s leadership team.
+
+We are not accepting sponsorships or donations at this time, while we work out our financial plan. We will be in touch with existing sponsors on PrivacyTools’ OpenCollective to determine what the best way forward is soon.
+
+We are all very excited about this new brand and direction, and hope to have your continued support through all of this. If you have any questions, concerns, or suggestions, please reach out to us. We are always happy to receive guidance and input from our community! ❤
+
+---
+
+**_Privacy Guides_** _is a socially motivated website that provides information for protecting your data security and privacy._
+
+- [Join r/PrivacyGuides on Reddit](https://www.reddit.com/r/privacyguides)
+- [Follow @privacy_guides on Twitter](https://twitter.com/privacy_guides)
+- [Collaborate with us on GitHub](https://github.com/privacyguides/privacyguides.org)
+- [Join our chat on Matrix](https://matrix.to/#/#privacyguides:aragon.sh)

docs/blog/2021/11/01/virtual-insanity.md

@@ -0,0 +1,30 @@
+---
+title: Virtual Insanity
+image: 'blog/2021/11/01/virtual-insanity.jpg'
+created: "2021-11-01"
+author: 'Freddy'
+template: overrides/blog.en.html
+---
+Not so long ago, the world was predicting the end for Facebook. Now it is no more. Gone from the face of the planet – never to be seen again. Except it isn’t.
+
+Facebook has not disappeared. No, not even the damning ‘Facebook Papers’ can shut it down. Mark Zuckerberg stood up on stage, and announced that it had changed its name to: Meta.
+
+A key part of this new vision for the company is the idea of the metaverse. If it sounds like something out of a sci-fi movie or novel, that’s because it is. The term was first coined by author Neal Stephenson in his 1992 book _Snow Crash_. Zuckerberg’s only problem is that novel was dystopian. Here’s a brief snippet of Stephenson’s description of the metaverse:
+
+> “Your avatar can look any way you want it to, up to the limitations of your equipment. If you’re ugly, you can make your avatar beautiful. If you’ve just gotten out of bed, your avatar can still be wearing beautiful clothes and professionally applied makeup. You can look like a gorilla or a dragon or a giant talking penis in the Metaverse. Spend five minutes walking down the Street and you will see all of these.”
+
+In fairness, that doesn’t seem unlike the sort of content you see on Facebook today. Compare this to what Zuckerberg [wrote](https://about.fb.com/news/2021/10/founders-letter/) in his 2021 Founders Letter:
+
+> “In this future, you will be able to teleport instantly as a hologram to be at the office without a commute, at a concert with friends, or in your parents’ living room to catch up. This will open up more opportunity no matter where you live. You’ll be able to spend more time on what matters to you, cut down time in traffic, and reduce your carbon footprint.”
+
+The similarities are uncanny.
+
+This wouldn’t be the first time that Facebook has been described as dystopian. One _Mashable_ article [called](https://mashable.com/article/facebook-dystopia) the social media giant ‘Orwellian and Huxleyan at the same time.’ Quite a feat.
+
+The ‘Facebook Papers’ have some pretty shocking - though not entirely surprising - revelations as well. The leaked documents demonstrate the extent to which Facebook values engagement above all else (including a good experience). For instance, we learnt that the algorithm is [optimised](https://www.wired.com/story/facebook-transparency-biggest-sites-pages-links/) for low quality content, [prioritises](https://www.washingtonpost.com/technology/2021/10/26/facebook-angry-emoji-algorithm/) rage over happiness for profit, and [promotes](https://www.theatlantic.com/ideas/archive/2021/10/facebook-papers-democracy-election-zuckerberg/620478/) extremist content. Most alarming was that the firm [failed](https://apnews.com/article/the-facebook-papers-covid-vaccine-misinformation-c8bbc569be7cc2ca583dadb4236a0613) to reduce disinformation during the pandemic even when given the opportunity. Zuckerberg said no to this, presumably because it would reduce engagement and, in turn, Facebook’s advertising revenue.
+
+Let’s not forget all Facebook’s previous scandals. From the Cambridge Analytica kerfuffle to [conducting](https://www.theregister.com/2014/06/29/researchers_mess_with_facebook_users_emotions/) manipulative social experiments in secret.
+
+In light of this, the name change makes sense. It deceives you into thinking the company has evolved into a benevolent corporation, when it simply hasn’t. Zuckerberg would much prefer you to think about Meta as a playful universe where you can meet with friends across the globe in virtual reality. Where humans train themselves to sound like heavily discounted robots. Where Facebook is not a Horrid Company.
+
+Despite all this: Meta _is_ Facebook, just worse. It doesn’t matter about the new name, the company has not changed. It will still be violating our privacy, daily, on an unprecedented scale. It will still be as reliably scandalous as a Carry On film. It will still be terrible. Plus it will have all the added claptrap of a sub-par holographic universe attached.

docs/blog/2021/12/01/firefox-privacy-2021-update.md

@@ -0,0 +1,60 @@
+---
+title: 'Firefox Privacy: 2021 Update'
+image: 'blog/2021/12/01/firefox-privacy-2021-update.png'
+created: "2021-12-01"
+author: 'Daniel'
+template: overrides/blog.en.html
+---
+A lot changed between 2019 and now, not least in regards to Firefox. Since our last post, Mozilla has [improved](https://blog.mozilla.org/en/products/firefox/latest-firefox-rolls-out-enhanced-tracking-protection-2-0-blocking-redirect-trackers-by-default/) privacy with [Enhanced Tracking Protection (ETP)](https://blog.mozilla.org/en/products/firefox/firefox-now-available-with-enhanced-tracking-protection-by-default/). Earlier this year Mozilla introduced [Total Cookie Protection](https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/) (Dynamic First Party Isolation dFPI). This was then further tightened with [Enhanced Cookie Clearing](https://blog.mozilla.org/security/2021/08/10/firefox-91-introduces-enhanced-cookie-clearing/). We’re also looking very forward to [Site Isolation](https://blog.mozilla.org/security/2021/05/18/introducing-site-isolation-in-firefox/) (code named Fission) being enabled by default in the coming releases.
+
+Now that so many privacy features are built into the browser, there is little need for extensions made by third-party developers. Accordingly, we have updated our very outdated [browser](https://www.privacyguides.org/browsers) section. If you’ve got an old browser profile we suggest **creating a new one**. Some of the old advice may make your browser _more_ unique.
+
+#### Privacy Tweaks “about:config”
+
+We’re no longer recommending that users set `about:config` switches manually. Those switches need to be up to date and continuously maintained. They should be studied before blindly making modifications. Sometimes their behaviour changes in between Firefox releases, is superseded by other keys or they are removed entirely. We do not see any point in duplicating the efforts of the community [Arkenfox](https://github.com/arkenfox/user.js) project. Arkenfox has very good documentation in their [wiki](https://github.com/arkenfox/user.js/wiki) and we use it ourselves.
+
+#### LocalCDN and Decentraleyes
+
+These extensions aren’t required with Total Cookie Protection (TCP), which is enabled if you’ve set Enhanced Tracking Protection (ETP) to **Strict**.
+
+Replacing scripts on CDNs with local versions is not a comprehensive solution and is a form of [enumeration of badness](https://www.ranum.com/security/computer_security/editorials/dumb/). While it may work with some scripts that are included it doesn’t help with most other third-party connections.
+
+CDN extensions never really improved privacy as far as sharing your IP address was concerned and their usage is fingerprintable as this Tor Project developer [points out](https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/22089#note_2639603). They are the wrong tool for the job and are not a substitute for a good VPN or Tor. Its worth noting the [resources](https://git.synz.io/Synzvato/decentraleyes/-/tree/master/resources) for Decentraleyes are hugely out of date and would not be likely used anyway.
+
+#### NeatURLs and ClearURLS
+
+Previously we recommended ClearURLs to remove tracking parameters from URLs you might visit. These extensions are no longer needed with uBlock Origin’s [`removeparam`](https://github.com/gorhill/uBlock/wiki/Static-filter-syntax#removeparam) feature.
+
+#### HTTPS Everywhere
+
+The EFF announced back in September they were [deprecating HTTPS-Everywhere](https://www.eff.org/deeplinks/2021/09/https-actually-everywhere) as most browsers now have an HTTPS-Only feature. We are pleased to see privacy features built into the browser and Firefox 91 introduced [HTTPS by Default in Private Browsing](https://blog.mozilla.org/security/2021/08/10/firefox-91-introduces-https-by-default-in-private-browsing/).
+
+#### Multi Account Containers and Temporary Containers
+
+Container extensions aren’t as important as they used to be for privacy now that we have [Total Cookie Protection](https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/).
+
+Multi Account Container will still have some use if you use [Mozilla VPN](https://en.wikipedia.org/wiki/Mozilla_VPN) as it is going to be [integrated](https://github.com/mozilla/multi-account-containers/issues/2210) allowing you to configure specified containers to use a particular VPN server. Another use might be if you want to login to multiple accounts on the same domain.
+
+#### Just-In-Time Compilation (JIT)
+
+What is “Disable JIT” in Bromite? This option disables the JavaScript performance feature [JIT](https://en.wikipedia.org/wiki/Just-in-time_compilation). It can increase security but at the cost of performance. Those trade-offs vary wildly and are explored in [this](https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/) publication by Johnathan Norman from the Microsoft Edge team. This option is very much a security vs performance option.
+
+#### Mozilla browsers on Android
+
+We don’t recommend any Mozilla based browsers on Android. This is because we don’t feel that [GeckoView](https://mozilla.github.io/geckoview) is quite as secure as it could be as it doesn’t support [site isolation](https://hacks.mozilla.org/2021/05/introducing-firefox-new-site-isolation-security-architecture), soon to be coming in desktop browsers or [isolated processes](https://bugzilla.mozilla.org/show_bug.cgi?id=1565196).
+
+We also noticed that there isn’t an option for [HTTPS-Only mode](https://github.com/mozilla-mobile/fenix/issues/16952#issuecomment-907960218). The only way to get something similar is to install the [deprecated](https://www.eff.org/deeplinks/2021/09/https-actually-everywhere) extension [HTTPS Everywhere](https://www.eff.org/https-everywhere).
+
+There are places which Firefox on Android shines for example browsing news websites where you may want to _partially_ load some JavaScript (but not all) using medium or hard [blocking mode](https://github.com/gorhill/uBlock/wiki/Blocking-mode). The [reader view](https://support.mozilla.org/en-US/kb/view-articles-reader-view-firefox-android) is also pretty cool. We expect things will change in the future, so we’re keeping a close eye on this.
+
+#### Fingerprinting
+
+Firefox has the ability to block known third party [fingerprinting resources](https://blog.mozilla.org/security/2020/01/07/firefox-72-fingerprinting/). Mozilla has [advanced protection](https://support.mozilla.org/kb/firefox-protection-against-fingerprinting) against fingerprinting (RFP is enabled with Arkenfox).
+
+We do not recommend extensions that promise to change your [browser fingerprint](https://blog.torproject.org/browser-fingerprinting-introduction-and-challenges-ahead/). Some of those extensions [are detectable](https://www.cse.chalmers.se/~andrei/codaspy17.pdf) by websites through JavaScript and [CSS](https://hal.archives-ouvertes.fr/hal-03152176/file/style-fingerprinting-usenix.pdf) methods, particularly those which inject anything into the web content.
+
+This includes **all** extensions that try to change the user agent or other browser behaviour to prevent fingerprinting. We see these often recommended on Reddit and would like to say that they will likely make you more unique and can be circumvented. Arkenfox has [a good list](https://github.com/arkenfox/user.js/wiki/4.1-Extensions#small_orange_diamond-%EF%B8%8F-anti-fingerprinting-extensions-fk-no) of extensions you shouldn’t be using. They also have [another list](https://github.com/arkenfox/user.js/wiki/4.1-Extensions#small_orange_diamond-dont-bother) of extensions you needn’t bother with either. We also like to say testing sites which show you how unique you are in a set of users are often using hugely tainted results that are not indicative of real-world usage.
+
+----------
+
+_Special thanks to [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) and [Tommy](https://tommytran.io) for their help with providing advice and further documentation during the research phase.

docs/blog/2022/04/04/move-fast-and-break-things.md

@@ -0,0 +1,28 @@
+---
+title: '"Move Fast and Break Things"'
+image: 'blog/2022/04/04/move-fast-and-break-things.jpg'
+created: "2022-04-04"
+author: 'Freddy'
+template: overrides/blog.en.html
+---
+Mark Zuckerberg does not look comfortable on stage. Yet, there he was proclaiming that “the future is private”. If someone has to tell you that they care about your privacy, they probably don’t.
+
+For someone trying not to appear like a cartoon villain, Zuckerberg doesn’t do a great job. He gives the impression of some strange cyborg algorithmically attempting to impersonate human life. His movements are not quite robotic, but he lacks the charisma you might expect from one of the most powerful people on the planet. A _New Yorker_ [profile](https://www.newyorker.com/magazine/2018/09/17/can-mark-zuckerberg-fix-facebook-before-it-breaks-democracy) of him revealed that he had an affinity for Emperor Augustus, an ancient Roman tyrant. ‘Through a really harsh approach, [Augustus] established two hundred years of world peace,’ he said.
+
+It’s the first part of that sentence that is worrying.
+
+Is this what Zuckerberg sees himself as: a modern-day emperor hellbent on using any means he can to gain world peace? Probably not, but it would have been reassuring if he just told us he liked doing Sudoku and dad-dancing with his daughter (interestingly named August).
+
+The Zuck once [joked](https://www.esquire.com/uk/latest-news/a19490586/mark-zuckerberg-called-people-who-handed-over-their-data-dumb-f/) to a friend that he could get them ‘info’ about anyone in Harvard. He had email addresses, pictures, real addresses: the lot. When the friend asked how, this was his riposte: ‘People just submitted it. I don’t know why. They trust me. Dumb f*cks.’ We now live in a reality where Zuckerberg can get ‘info’ about almost anyone in the world.
+
+Like a depraved tabloid journalist fishing through a minor celebrity’s trash, Facebook collects everything it can about its users. Even if it means sifting through garbage, they want that data. But Facebook is not technically in the data business. It is in what author and professor Carissa Véliz [terms](https://aeon.co/essays/privacy-matters-because-it-empowers-us-all) ‘the business of power’ – which sounds rather more sinister than flogging off mildly irritating adverts.
+
+Véliz argues that privacy is a form of power. It is the power to influence you, show you adverts and predict your behaviour. In this sense, personal data is being used to make us do things we otherwise would not do: to buy a certain product or to vote a certain way. Filmmaker Laura Poitras [described](https://www.washingtonpost.com/news/the-switch/wp/2014/10/23/snowden-filmmaker-laura-poitras-facebook-is-a-gift-to-intelligence-agencies/) Facebook as ‘a gift to intelligence agencies’. It allows governments to arrest people planning to participate in protests before they have even begun.
+
+The social media giant is tip-toeing ever closer into our personal lives. When Facebook encountered competition it just bought it, adding Instagram and WhatsApp to its roster. The company even tried to make its own cryptocurrency so that one day the Facebook would control all our purchases too. Earlier this year, the project was [killed](https://www.ft.com/content/a88fb591-72d5-4b6b-bb5d-223adfb893f3) by regulators. It is worth noting that when Zuckerberg purchased WhatsApp and Instagram, they had no revenue. Author Tim Wu notes in his book _The Attention Merchants_ that Facebook is ‘a business with an exceedingly low ratio of invention to success’. Perhaps that is a part of Zuck’s genius.
+
+‘Move fast and break things’ was the old company motto. When there were a few too many scandals, they moved fast and [rebranded](https://www.privacyguides.org/blog/2021/11/01/virtual-insanity) to Meta. No one expected online privacy to be the ‘thing’ they broke.
+
+Before it became a global behemoth, Facebook started out as a dorm-room project. Zuckerberg sat at his keyboard after a few drinks and built it mainly because he could. It now has nearly three billion users. In the same way, Facebook [conducted](https://www.theguardian.com/technology/2014/jul/02/facebook-apologises-psychological-experiments-on-users) social experiments seemingly just for fun. Why he did it doesn’t really matter. As John Lanchester [put it](https://www.lrb.co.uk/the-paper/v39/n16/john-lanchester/you-are-the-product): he simply did it _because_.
+
+It is unfair to say that Zuckerberg does not care about privacy – he does. That’s why he [spared](https://www.theguardian.com/technology/2013/oct/11/mark-zuckerberg-facebook-neighbouring-houses) no expense buying the houses that surrounded his home. Zuckerberg knows the power of privacy, which is painfully ironic given he has built his career on exploiting it. For Zuckerberg, at least, the future is private. It’s the rest of us that should be worried.

docs/blog/2022/06/09/hide-nothing.md

@@ -0,0 +1,42 @@
+---
+title: '"Hide Nothing"'
+image: 'blog/2022/06/09/hide-nothing.jpg'
+created: "2022-06-09"
+author: 'Dan Arel'
+template: overrides/blog.en.html
+---
+In the wake of the September 11, 2001, attack on the United States, the US government enacted laws that weakened citizen privacy in the name of national emergency. This sent up many red flags for human rights and privacy advocates.
+
+These concerns were met with “if you have nothing to hide, you have nothing to fear.” The argument goes that if you're not doing anything illegal, then these violations of your privacy shouldn't bother you. If you care about privacy, you clearly can't be up to anything good.
+
+On the surface, this seems true to many people – but the reality is very different. We may not have had anything to hide in the immediate aftermath of 9/11, but that was not the only information being sought after by governments. Indeed, following the passage of the Patriot Act in the US, the FBI issued 192,499 [National Security Letters](https://www.aclu.org/other/national-security-letters), meaning they collected the records and online activity of nearly 200,000 people.
+
+In the end it only convicted one person.
+
+Now, many have argued that stopping one terrorist might be worth giving up some security for, but [according](https://www.aclu.org/issues/national-security/privacy-and-surveillance/surveillance-under-patriot-act) to the ACLU, the conviction would have occurred without the Patriot Act.
+
+Many legal actions you take today could be deemed illegal by future laws or future government. In the US today there is discussion around the possibility of Roe v. Wade being overturned, allowing states to outlaw abortions. You may not currently feel the need to hide internet searches, menstrual cycle apps, or donations to women's health clinics today because it's not illegal, but tomorrow that information could be used against you.
+
+In countries were organizing around political dissent is legal, that doesn't mean the government is tracking those taking part and using that information to create informants or infiltrate such groups. Or worse, when or if laws change, using that surveillance to punish those involved.
+
+And even if you break away from the legal aspects, we all have something to hide. You may not be ready to reveal your sexual or gender identity, but your internet usage could potentially do that for you. You don't want to make your bank account public; you have that information to hide. And you can continue to list things about your life you'd just rather not make public, regardless of potential legality.
+
+In July of 2021, a Catholic priest by the name of Jeffrey Burrill lost his job and was forced to resign after data collected through his cell phone showed that he was active on the Gay dating app Grindr, and that he had visited multiple gay bars in the area. [According](https://www.washingtonpost.com/religion/2021/07/20/bishop-misconduct-resign-burrill/) to the *Washington Post*:
+
+> “A mobile device correlated to Burrill emitted app data signals from the location-based hookup app Grindr on a near-daily basis during parts of 2018, 2019, and 2020 —– at both his USCCB office and his USCCB-owned residence, as well as during USCCB meetings and events in other cities,” the Pillar reported.
+
+> “The data obtained and analyzed by The Pillar conveys mobile app date signals during two 26-week periods, the first in 2018 and the second in 2019 and 2020. The data was obtained from a data vendor and authenticated by an independent data consulting firm contracted by The Pillar,” the site reported. It did not identify who the vendor was or if the site bought the information or got it from a third party.
+
+> The Pillar story says app data “correlated” to Burrill's phone shows the priest visited gay bars, including while traveling for the USCCB.
+
+While it was not clear who was tracking Burrill's device, the Post went on to say that:
+
+> Privacy experts have long raised concerns about “anonymized” data collected by apps and sold to or shared with aggregators and marketing companies. While the information is typically stripped of obviously identifying fields, like a user's name or phone number, it can contain everything from age and gender to a device ID. It's possible for experts to de-anonymize some of this data and connect it to real people.
+
+While Burrill was without a doubt in violation of his works own code of conduct, he did decide on his own to be a priest. However, his personal life was not harming others and was just that, his personal life. While the question looms about who was tracking him to begin with and why, the fact it was so easy to do is alarming.
+
+What if Burrill wasn't a priest, but just happened to work for someone who held anti-homosexual views who used this data to out him, humiliate him, and fire him under false pretenses? This data, which should be private could (and likely did in the real-life circumstance) ruin his life.
+
+That is what makes internet privacy so important. It's not hiding nefarious activity, it's that we all have an innate right to our privacy.
+
+You might not feel today that you have anything to hide, but you might not feel that way tomorrow and once something is public, it cannot be made private again.

docs/calendar-contacts.en.md

@@ -78,5 +78,3 @@ Calendars and contacts contain some of your most sensitive data; use products th
 
 !!! warning
     Proton [does not](https://proton.me/support/proton-contacts#verify) use E2EE for your contact names and email addresses.
-
---8<-- "includes/abbreviations.en.md"

docs/cloud.en.md

@@ -63,8 +63,10 @@ When self-hosting, you should also enable E2EE to protect against your hosting p
     [:octicons-info-16:](https://proton.me/support/drive){ .card-link title=Documentation}
     [:octicons-code-16:](https://github.com/ProtonMail/WebClients){ .card-link title="Source Code" }
 
-Proton Drive is currently in beta and only is only available through a web client.
+    ??? downloads
+
+        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive)
+
+Proton Drive is currently in beta and is only available through a web client and an Android app.
 
 When using a web client, you are placing trust in the server to send you proper JavaScript code to derive the decryption key and authentication token locally in your browser. A compromised server can send you malicious JavaScript code to steal your master password and decrypt your data. If this does not fit your [threat model](basics/threat-modeling.md), consider using an alternative.
-
---8<-- "includes/abbreviations.en.md"

docs/data-redaction.en.md

@@ -1,5 +1,5 @@
 ---
-title: "Metadata Removal Tools"
+title: "Data and Metadata Redaction"
 icon: material/tag-remove
 ---
 When sharing files, be sure to remove associated metadata. Image files commonly include [Exif](https://en.wikipedia.org/wiki/Exif) data. Photos sometimes even include GPS coordinates in the file metadata.
@@ -10,7 +10,7 @@ When sharing files, be sure to remove associated metadata. Image files commonly
 
 !!! recommendation
 
-    ![ExifCleaner logo](assets/img/metadata-removal/exifcleaner.svg){ align=right }
+    ![ExifCleaner logo](assets/img/data-redaction/exifcleaner.svg){ align=right }
 
     **ExifCleaner** is a freeware, open-source graphical app that uses [ExifTool](https://exiftool.org) to remove Exif metadata from images, videos, and PDF documents using a simple drag and drop interface. It supports multi-core batch processing and dark mode.
 
@@ -28,7 +28,7 @@ When sharing files, be sure to remove associated metadata. Image files commonly
 
 !!! recommendation
 
-    ![MAT2 logo](assets/img/metadata-removal/mat2.svg){ align=right }
+    ![MAT2 logo](assets/img/data-redaction/mat2.svg){ align=right }
 
     **MAT2** is free software, which allows the metadata to be removed from image, audio, torrent, and document file types. It provides both a command line tool and a graphical user interface via an [extension for Nautilus](https://0xacab.org/jvoisin/mat2/-/tree/master/nautilus), the default file manager of [GNOME](https://www.gnome.org), and [Dolphin](https://0xacab.org/jvoisin/mat2/-/tree/master/dolphin), the default file manager of [KDE](https://kde.org).
 
@@ -51,7 +51,7 @@ When sharing files, be sure to remove associated metadata. Image files commonly
 
 !!! recommendation
 
-    ![ExifEraser logo](assets/img/metadata-removal/exiferaser.svg){ align=right }
+    ![ExifEraser logo](assets/img/data-redaction/exiferaser.svg){ align=right }
 
     **ExifEraser** is a modern, permissionless image metadata erasing application for Android.
 
@@ -87,7 +87,7 @@ The app offers multiple ways to erase metadata from images. Namely:
 
 !!! recommendation
 
-    ![Metapho logo](assets/img/metadata-removal/metapho.jpg){ align=right }
+    ![Metapho logo](assets/img/data-redaction/metapho.jpg){ align=right }
 
     Metapho is a simple and clean viewer for photo metadata such as date, file name, size, camera model, shutter speed, and location.
 
@@ -100,13 +100,35 @@ The app offers multiple ways to erase metadata from images. Namely:
 
         - [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/metapho/id914457352)
 
+### PrivacyBlur (Android)
+
+!!! recommendation
+
+    ![PrivacyBlur logo](assets/img/data-redaction/privacyblur.svg){ align=right }
+
+    **PrivacyBlur** is a free app which can blur sensitive portions of pictures before sharing them online.
+
+    [:octicons-home-16: Homepage](https://privacyblur.app/){ .md-button .md-button--primary }
+    [:octicons-eye-16:](https://privacyblur.app/privacy.html){ .card-link title="Privacy Policy" }
+    [:octicons-info-16:](https://github.com/MATHEMA-GmbH/privacyblur#readme){ .card-link title=Documentation}
+    [:octicons-code-16:](https://github.com/MATHEMA-GmbH/privacyblur){ .card-link title="Source Code" }
+
+    ??? downloads
+
+        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=de.mathema.privacyblur)
+        - [:pg-f-droid: F-Droid](https://f-droid.org/en/packages/de.mathema.privacyblur/)
+
+!!! warning
+
+    You should **never** use blur to redact [text in images](https://bishopfox.com/blog/unredacter-tool-never-pixelation). If you want to redact text in an image, draw a box over the text. For this we suggest [Pocket Paint](https://github.com/Catrobat/Paintroid) or [Imagepipe](https://codeberg.org/Starfish/Imagepipe).
+
 ## Command-line
 
 ### ExifTool
 
 !!! recommendation
 
-    ![ExifTool logo](assets/img/metadata-removal/exiftool.png){ align=right }
+    ![ExifTool logo](assets/img/data-redaction/exiftool.png){ align=right }
 
     **ExifTool** is the original perl library and command-line application for reading, writing, and editing meta information (Exif, IPTC, XMP, and more) in a wide variety of file formats (JPEG, TIFF, PNG, PDF, RAW, and more).
 
@@ -128,5 +150,3 @@ The app offers multiple ways to erase metadata from images. Namely:
     ```bash
     exiftool -all= *.file_extension
     ```
-
---8<-- "includes/abbreviations.en.md"

docs/desktop-browsers.en.md

@@ -1,10 +1,8 @@
 ---
-title: "Web Browsers"
+title: "Desktop Browsers"
 icon: octicons/browser-16
 ---
-These are our currently recommended web browsers and configurations. In general, we recommend keeping extensions to a minimum: they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation.
-
-## General Recommendations
+These are our currently recommended desktop web browsers and configurations. In general, we recommend keeping extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation.
 
 ### Tor Browser
 
@@ -30,15 +28,11 @@ These are our currently recommended web browsers and configurations. In general,
         - [:fontawesome-brands-apple: macOS](https://www.torproject.org/download/)
         - [:fontawesome-brands-linux: Linux](https://www.torproject.org/download/)
         - [:pg-flathub: Flatpak](https://flathub.org/apps/details/com.github.micahflee.torbrowser-launcher)
-        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.torproject.torbrowser)
-        - [:pg-f-droid: F-Droid](https://guardianproject.info/fdroid/)
 
 !!! danger
 
     You should **never** install any additional extensions on Tor Browser, including the ones we suggest for Firefox. Nor should you manually enable HTTPS-only mode or edit `about:config` settings. Browser extensions and non-standard settings make you stand out from others on the Tor network, thus making your browser easier to [fingerprint](https://support.torproject.org/glossary/browser-fingerprinting).
 
-## Desktop Recommendations
-
 ### Firefox
 
 !!! recommendation
@@ -125,8 +119,6 @@ The [Arkenfox project](https://github.com/arkenfox/user.js) provides a set of ca
 
     Brave is built upon the Chromium web browser project, so it should feel familiar and have minimal website compatibility issues.
 
-    We don't recommend Brave's mobile browser offerings as there are better [options](#mobile-recommendations) for mobile platforms.
-
     [:octicons-home-16: Homepage](https://brave.com/){ .md-button .md-button--primary }
     [:pg-tor:](https://brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title=Onion }
     [:octicons-eye-16:](https://brave.com/privacy/browser/){ .card-link title="Privacy Policy" }
@@ -155,6 +147,7 @@ Shields' options can be downgraded on a per-site basis as needed, but by default
 
 <div class="annotate" markdown>
 
+- [x] Select **Prevent sites from fingerprinting me based on my language preferences**
 - [x] Select **Aggressive** under Trackers & ads blocking
 
     ??? warning "Use default filter lists"
@@ -216,109 +209,9 @@ Under the *System* menu
 
 1. This option is not present on all platforms.
 
-## Mobile Recommendations
-
-On Android, Firefox is still less secure than Chromium-based alternatives: Mozilla's engine, [GeckoView](https://mozilla.github.io/geckoview/), has yet to support [site isolation](https://hacks.mozilla.org/2021/05/introducing-firefox-new-site-isolation-security-architecture) or enable [isolatedProcess](https://bugzilla.mozilla.org/show_bug.cgi?id=1565196).
-
-On iOS, any app that can browse the web is [restricted](https://developer.apple.com/app-store/review/guidelines) to using an Apple-provided [WebKit framework](https://developer.apple.com/documentation/webkit), so there is little reason to use a third-party web browser.
-
-### Bromite
-
-!!! recommendation
-
-    ![Bromite logo](assets/img/browsers/bromite.svg){ align=right }
-
-    **Bromite** is a Chromium-based browser with privacy and security enhancements, built-in ad blocking, and some fingerprinting randomization.
-
-    [:octicons-home-16: Homepage](https://www.bromite.org){ .md-button .md-button--primary }
-    [:octicons-eye-16:](https://www.bromite.org/privacy){ .card-link title="Privacy Policy" }
-    [:octicons-info-16:](https://github.com/bromite/bromite/wiki){ .card-link title=Documentation}
-    [:octicons-code-16:](https://github.com/bromite/bromite){ .card-link title="Source Code" }
-    [:octicons-heart-16:](https://github.com/bromite/bromite#donate){ .card-link title=Contribute }
-
-    ??? downloads annotate
-
-        - [:pg-f-droid: F-Droid](https://www.bromite.org/fdroid) (1)
-
-    1. If you use [Neo Store](/android/#neo-store), you can enable the *Bromite repository* in:<br> :material-dots-vertical: → **Repositories**
-
-These options can be found in :material-menu: → :gear: **Settings** → **Privacy and security**.
-
-#### Recommended Configuration
-
-##### HTTPS-Only Mode
-
-- [x] Select **Always use secure connections**
-
-This prevents you from unintentionally connecting to a website in plain-text HTTP. The HTTP protocol is extremely uncommon nowadays, so this should have little to no impact on your day to day browsing.
-
-##### Always-on Incognito Mode
-
-- [x] Select **Always open links in incognito** in the **Incognito mode** menu
-- [x] Select **Close all open tabs on exit**
-- [x] Select **Open external links in incognito**
-
-### Safari
-
-!!! recommendation
-
-    ![Safari logo](assets/img/browsers/safari.svg){ align=right }
-
-    **Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/15.0/ios/15.0) such as Intelligent Tracking Protection, Privacy Report, isolated Private Browsing tabs, iCloud Private Relay, and automatic HTTPS upgrades.
-
-    [:octicons-home-16: Homepage](https://www.apple.com/safari/){ .md-button .md-button--primary }
-    [:octicons-eye-16:](https://www.apple.com/legal/privacy/data/en/safari/){ .card-link title="Privacy Policy" }
-    [:octicons-info-16:](https://support.apple.com/guide/safari/welcome/mac){ .card-link title=Documentation}
-
-#### Recommended Configuration
-
-These options can be found in :gear: **Settings** → **Safari** → **Privacy and Security**.
-
-##### Cross-Site Tracking Prevention
-
-- [x] Enable **Prevent Cross-Site Tracking**
-
-This enables WebKit's [Intelligent Tracking Protection](https://webkit.org/tracking-prevention/#intelligent-tracking-prevention-itp). The feature helps protect against unwanted tracking by using on-device machine learning to stop trackers. ITP protects against many common threats, but it does not block all tracking avenues because it is designed to not interfere with website usability.
-
-##### Privacy Report
-
-Privacy Report provides a snapshot of cross-site trackers currently prevented from profiling you on the website you're visiting. It can also display a weekly report to show which trackers have been blocked over time.
-
-Privacy Report is accessible via the Page Settings menu (:pg-textformat-size:).
-
-##### Privacy Preserving Ad Measurement
-
-- [ ] Disable **Privacy Preserving Ad Measurement**
-
-Ad click measurement has traditionally used tracking technology that infringes on user privacy. [Private Click Measurement](https://webkit.org/blog/11529/introducing-private-click-measurement-pcm/) is a WebKit feature and proposed web standard aimed towards allowing advertisers to measure the effectiveness of web campaigns without compromising on user privacy.
-
-The feature has little privacy concerns on its own, so while you can choose to leave it on, we consider the fact that it's automatically disabled in Private Browsing to be an indicator for disabling the feature.
-
-##### Apple Pay
-
-If you do not use Apple Pay, you can toggle off the ability for websites to check for it.
-
-- [ ] Disable **Allow websites to check for Apple Pay and Apple Card**
-
-##### Always-on Private Browsing
-
-Open Safari and tap the Tabs button, located in the bottom right. Then, expand the Tab Groups list.
-
-- [x] Select **Private**
-
-Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are also other smaller privacy benefits with Private Browsing, such as not sending a webpage’s address to Apple when using Safari's translation feature.
-
-Do note that Private Browsing does not save cookies and website data, so it won't be possible to remain signed into sites. This may be an inconvenience.
-
-##### iCloud Sync
-
-Synchronization of Safari History, Tab Groups, iCloud Tabs and saved passwords are E2EE. However, bookmarks are [not](https://support.apple.com/en-us/HT202303). Apple can decrypt and access them in accordance with their [privacy policy](https://www.apple.com/legal/privacy/en-ww/).
-
-If you use iCloud, we also recommend checking to ensure Safari's default download location is set to locally on your device. This option can be found in :gear: **Settings** → **Safari** → **General** → **Downloads**.
-
 ## Additional Resources
 
-We generally do not recommend installing any extensions as they increase your attack surface. However, uBlock Origin or AdGuard may prove useful if you value content blocking functionality.
+We generally do not recommend installing any extensions as they increase your attack surface. However, uBlock Origin may prove useful if you value content blocking functionality.
 
 ### uBlock Origin
 
@@ -339,28 +232,7 @@ We generally do not recommend installing any extensions as they increase your at
         - [:fontawesome-brands-chrome: Chrome](https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm)
         - [:fontawesome-brands-edge: Edge](https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak)
 
-We suggest leaving the extension in its default configuration. Additional filter lists can impact performance and may increase attack surface, so only apply what you need. If there is a [vulnerability in uBlock Origin](https://portswigger.net/research/ublock-i-exfiltrate-exploiting-ad-blockers-with-css) a third-party filter could add malicious rules that can potentially steal user data.
-
-### AdGuard for iOS
-
-!!! recommendation
-
-    ![AdGuard logo](assets/img/browsers/adguard.svg){ align=right }
-
-    **AdGuard for iOS** is a free and open-source content-blocking extension for Safari that uses the native [Content Blocker API](https://developer.apple.com/documentation/safariservices/creating_a_content_blocker).
-
-    AdGuard for iOS has some premium features, however standard Safari content blocking is free of charge.
-
-    [:octicons-home-16: Homepage](https://adguard.com/en/adguard-ios/overview.html){ .md-button .md-button--primary }
-    [:octicons-eye-16:](https://adguard.com/privacy/ios.html){ .card-link title="Privacy Policy" }
-    [:octicons-info-16:](https://kb.adguard.com/ios){ .card-link title=Documentation}
-    [:octicons-code-16:](https://github.com/AdguardTeam/AdguardForiOS){ .card-link title="Source Code" }
-
-    ??? downloads
-
-        - [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/apple-store/id1047223162)
-
-Additional filter lists do slow things down and may increase your attack surface, so only apply what you need.
+We suggest following the [developer's documentation](https://github.com/gorhill/uBlock/wiki/Blocking-mode) and picking one of the "modes". Additional filter lists can impact performance and may increase attack surface, so only apply what you need. If there is a [vulnerability in uBlock Origin](https://portswigger.net/research/ublock-i-exfiltrate-exploiting-ad-blockers-with-css) a third-party filter could add malicious rules that can potentially steal user data.
 
 ### Snowflake
 
@@ -393,21 +265,4 @@ Additional filter lists do slow things down and may increase your attack surface
 
 Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours.
 
-Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
-
-### Terms of Service; Didn't Read
-
-!!! recommendation
-
-    ![Terms of Service; Didn't Read logo](assets/img/browsers/terms_of_service_didnt_read.svg){ align=right }
-
-    **Terms of Service; Didn't Read** grades websites based on their terms of service agreements and privacy policies. It also gives short summaries of those agreements. The analyses and ratings are published transparently by a community of reviewers.
-
-    [:octicons-globe-16: Website](https://tosdr.org){ .md-button .md-button--primary }
-    [:octicons-eye-16:](https://docs.tosdr.org/sp/tosdr.org-Privacy-Policy.89456373.html){ .card-link title="Privacy Policy" }
-    [:octicons-info-16:](https://docs.tosdr.org/index.html){ .card-link title=Documentation}
-    [:octicons-heart-16:](https://tosdr.org/donate){ .card-link title=Contribute }
-
-We do not recommend installing ToS;DR as a browser extension; the same information is also provided on their website.
-
---8<-- "includes/abbreviations.en.md"
+Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.

docs/dns.en.md

@@ -95,22 +95,6 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](ba
         - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.celzero.bravedns)
         - [:pg-f-droid: F-Droid](https://f-droid.org/packages/com.celzero.bravedns)
 
-### DNSCloak
-
-!!! recommendation
-
-    ![DNSCloak logo](assets/img/ios/dnscloak.png){ align=right }
-
-    **DNSCloak** is an open-source iOS client supporting [DNS-over-HTTPS](basics/dns-overview.md#dns-over-https-doh), [DNSCrypt](basics/dns-overview.md#dnscrypt), and [dnscrypt-proxy](https://github.com/DNSCrypt/dnscrypt-proxy/wiki) options such as caching DNS responses, locally logging DNS queries, and custom block lists. You can [add custom resolvers by DNS stamp](https://medium.com/privacyguides/adding-custom-dns-over-https-resolvers-to-dnscloak-20ff5845f4b5).
-
-    [:octicons-repo-16: Repository](https://github.com/s-s/dnscloak){ .md-button .md-button--primary }
-    [:octicons-eye-16:](https://drive.google.com/file/d/1050No_pU74CAWUS5-BwQWyO2x_aiMzWc/view){ .card-link title="Privacy Policy" }
-    [:octicons-code-16:](https://github.com/s-s/dnscloak){ .card-link title="Source Code" }
-
-    ??? downloads
-
-        - [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/id1452162351)
-
 ### dnscrypt-proxy
 
 !!! recommendation
@@ -166,5 +150,3 @@ A self-hosted DNS solution is useful for providing filtering on controlled platf
     [:octicons-info-16:](https://docs.pi-hole.net/){ .card-link title=Documentation}
     [:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" }
     [:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute }
-
---8<-- "includes/abbreviations.en.md"

docs/email-clients.en.md

@@ -188,5 +188,3 @@ Canary Mail is closed-source. We recommend it due to the few choices there are f
 
         - [:fontawesome-brands-linux: Linux](https://neomutt.org/distro)
         - [:fontawesome-brands-apple: macOS](https://neomutt.org/distro)
-
---8<-- "includes/abbreviations.en.md"

docs/email.en.md

@@ -240,7 +240,7 @@ Using an aliasing service requires trusting both your email provider and your al
         - [:material-apple-ios: iOS](https://anonaddy.com/faq/#is-there-an-ios-app)
         - [:fontawesome-brands-android: Android](https://anonaddy.com/faq/#is-there-an-android-app)
 
-The number of shared aliases (which end in a shared domain like @anonaddy.me) that you can create is limited to 20 on AnonAddy's free plan and 50 on their $12/month plan. You can create unlimited standard aliases (which end in a domain like @[username].anonaddy.com or a custom domain on paid plans), however, as previously mentioned, this can be detrimental to privacy because people can trivially tie your standard aliases together based on the domain name alone. Unlimited shared aliases are available for $36/year.
+The number of shared aliases (which end in a shared domain like @anonaddy.me) that you can create is limited to 20 on AnonAddy's free plan and 50 on their $12/year plan. You can create unlimited standard aliases (which end in a domain like @[username].anonaddy.com or a custom domain on paid plans), however, as previously mentioned, this can be detrimental to privacy because people can trivially tie your standard aliases together based on the domain name alone. Unlimited shared aliases are available for $36/year.
 
 Notable free features:
 
@@ -274,9 +274,11 @@ Notable free features:
 
 SimpleLogin was [acquired by Proton AG](https://proton.me/news/proton-and-simplelogin-join-forces) as of April 8, 2022. If you use Proton Mail for your primary mailbox, SimpleLogin is a great choice. As both products are now owned by the same company you now only have to trust a single entity. We also expect that SimpleLogin will be more tightly integrated with Proton's offerings in the future. SimpleLogin continues to support forwarding to any email provider of your choosing. Securitum [audited](https://simplelogin.io/blog/security-audit/) SimpleLogin in early 2022 and all issues [were addressed](https://simplelogin.io/audit2022/web.pdf).
 
+You can link your SimpleLogin account in the settings with your Proton account. If you have Proton Unlimited, Business or Visionary Plan, you will have SimpleLogin Premium for free.
+
 Notable free features:
 
-- [x] 15 Shared Aliases
+- [x] 10 Shared Aliases
 - [x] Unlimited Replies
 - [x] 1 Recipient Mailbox
 
@@ -420,5 +422,3 @@ Must not have any marketing which is irresponsible:
 ### Additional Functionality
 
 While not strictly requirements, there are some other convenience or privacy factors we looked into when determining which providers to recommend.
-
---8<-- "includes/abbreviations.en.md"

docs/encryption.en.md

@@ -102,34 +102,39 @@ BitLocker is [only supported](https://support.microsoft.com/en-us/windows/turn-o
 
     To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module.
 
-    1. Open Windows [PowerShell](https://en.wikipedia.org/wiki/PowerShell).
+    1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
 
-    2. Check to see partition table format:
         ```
-        powershell Get-Disk 0 | findstr GPT && echo This is a GPT system disk!
+        powershell Get-Disk
         ```
 
-    3. Check TPM version. The value returned must be "3 True". The spec must be 1.2 or above.
+    2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`:
+
         ```
-        powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm | findstr "IsActivated IsEnabled IsOwned SpecVersion"
+        powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
         ```
 
-    4. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
+    3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
+
+    4. Login with your admin account and type this in the command prompt to start encryption:
 
-    5. Login with your account that has admin privileges and type this to start encryption:
         ```
         manage-bde -on c: -used
         ```
 
-    6. Close the command prompt, and enter into PowerShell:
-    ```
-    manage-bde c: -protectors -add -rp -tpm
-    manage-bde -protectors -enable c:
-    manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt
-    ```
+    5. Close the command prompt and continue booting to regular Windows.
+    
+    6. Open an admin command prompt and run the following commands:
 
-        !!! warning
-            Backup `BitLocker-Recovery-Key.txt` on a separate storage device. Loss of this recovery code, may result in loss of data.
+        ```
+        manage-bde c: -protectors -add -rp -tpm
+        manage-bde -protectors -enable c:
+        manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt
+        ```
+
+        !!! important
+
+            Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device. Loss of this recovery code may result in loss of data.
 
 ### FileVault
 
@@ -226,7 +231,7 @@ Tools with command-line interfaces are useful for integrating [shell scripts](ht
 
     ![Tomb logo](assets/img/encryption-software/tomb.png){ align=right }
 
-    **Tomb** is an is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work).
+    **Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work).
 
     [:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
     [:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation}
@@ -326,5 +331,3 @@ When encrypting with PGP, you have the option to configure different options in
 
         - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
         - [:pg-f-droid: F-Droid](https://f-droid.org/packages/org.sufficientlysecure.keychain/)
-
---8<-- "includes/abbreviations.en.md"

docs/file-sharing.en.md

@@ -6,24 +6,6 @@ Discover how to privately share your files between your devices, with your frien
 
 ## File Sharing
 
-### Magic Wormhole
-
-!!! recommendation
-
-    ![Magic Wormhole logo](assets/img/file-sharing-sync/magic_wormhole.png){ align=right }
-
-    **Magic Wormhole** is a package that provides a library and a command-line tool named wormhole, which makes it possible to get arbitrary-sized files and directories (or short pieces of text) from one computer to another.
-
-    [:octicons-repo-16: Repository](https://github.com/magic-wormhole/magic-wormhole){ .md-button .md-button--primary }
-    [:octicons-info-16:](https://magic-wormhole.readthedocs.io/){ .card-link title=Documentation}
-    [:octicons-code-16:](https://github.com/magic-wormhole/magic-wormhole){ .card-link title="Source Code" }
-
-    ??? downloads
-
-        - [:fontawesome-brands-windows: Windows](https://magic-wormhole.readthedocs.io/en/latest/welcome.html#installation)
-        - [:fontawesome-brands-apple: macOS](https://magic-wormhole.readthedocs.io/en/latest/welcome.html#macos-os-x)
-        - [:fontawesome-brands-linux: Linux](https://magic-wormhole.readthedocs.io/en/latest/welcome.html#installation)
-
 ### Bitwarden Send
 
 !!! recommendation

docs/linux-desktop.en.md

@@ -54,7 +54,7 @@ Tumbleweed follows a rolling release model where each update is released as a sn
 
 Arch Linux has a rolling release cycle. There is no fixed release schedule and packages are updated very frequently.
 
-Being a DIY distribution, you are [expected to set up and maintain](#arch-based-distributions) your system on your own. Arch has an [official installer](https://wiki.archlinux.org/title/Archinstall) to make the installation process a little easier.
+Being a DIY distribution, you are [expected to set up and maintain](linux-desktop/overview.md#arch-based-distributions) your system on your own. Arch has an [official installer](https://wiki.archlinux.org/title/Archinstall) to make the installation process a little easier.
 
 A large portion of [Arch Linux’s packages](https://reproducible.archlinux.org) are [reproducible](https://reproducible-builds.org).
 
@@ -116,13 +116,13 @@ Nix is a source-based package manager; if there’s no pre-built available in th
     [:octicons-info-16:](https://www.whonix.org/wiki/Documentation){ .card-link title=Documentation}
     [:octicons-heart-16:](https://www.whonix.org/wiki/Donate){ .card-link title=Contribute }
 
-Whonix is meant to run as two virtual machines: a “Workstation” and a Tor “Gateway.” All communications from the Workstation has to go through the Tor gateway and will be routed through the Tor Network.
+Whonix is meant to run as two virtual machines: a “Workstation” and a Tor “Gateway.” All communications from the Workstation must go through the Tor gateway. This means that even if the Workstation is compromised by malware of some kind, the true IP address remains hidden.
 
 Some of its features include Tor Stream Isolation, [keystroke anonymization](https://www.whonix.org/wiki/Keystroke_Deanonymization#Kloak), [encrypted swap](https://github.com/Whonix/swap-file-creator), and a hardened memory allocator.
 
 Future versions of Whonix will likely include [full system AppArmor policies](https://github.com/Whonix/apparmor-profile-everything) and a [sandbox app launcher](https://www.whonix.org/wiki/Sandbox-app-launcher) to fully confine all processes on the system.
 
-Whonix is best used [in conjunction with Qubes](https://www.whonix.org/wiki/Qubes/Why_use_Qubes_over_other_Virtualizers).
+Whonix is best used [in conjunction with Qubes](https://www.whonix.org/wiki/Qubes/Why_use_Qubes_over_other_Virtualizers), Qubes-Whonix has various [disadvantages](https://forums.whonix.org/t/qubes-whonix-security-disadvantages-help-wanted/8581) when compared to other hypervisors.
 
 ### Tails
 
@@ -140,4 +140,4 @@ Whonix is best used [in conjunction with Qubes](https://www.whonix.org/wiki/Qube
 
 By design, Tails is meant to completely reset itself after each reboot. Encrypted [persistent storage](https://tails.boum.org/doc/first_steps/persistence/index.en.html) can be configured to store some data.
 
---8<-- "includes/abbreviations.en.md"
+Tails is great for counter forensics due to amnesia (meaning nothing is written to the disk); however, it is not a hardened distribution like Whonix. It lacks many anonymity and security features that Whonix has and gets updated much less often (only once every six weeks). A Tails system that is compromised by malware may potentially bypass the transparent proxy allowing for the user to be deanonymized.

docs/linux-desktop/hardening.en.md

@@ -10,9 +10,14 @@ A [firewall](https://en.wikipedia.org/wiki/Firewall_(computing)) may be used to
 
 Red Hat distributions (such as Fedora) are typically configured through [firewalld](https://en.wikipedia.org/wiki/Firewalld). Red Hat has plenty of [documentation](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_and_managing_networking/using-and-configuring-firewalld_configuring-and-managing-networking) regarding this topic. There is also the [Uncomplicated Firewall](https://en.wikipedia.org/wiki/Uncomplicated_Firewall) which can be used as an alternative.
 
-Consider blocking all ports which are **not** [well-known](https://en.wikipedia.org/wiki/Well-known_port#Well-known_ports) or “privileged ports.” That is, ports from 1025 up to 65535. Block both [TCP](https://en.wikipedia.org/wiki/Transmission_Control_Protocol) and [UDP](https://en.wikipedia.org/wiki/User_Datagram_Protocol) after the operating system is installed.
+You could also set your default firewall zone to drop packets. If you're on a Redhat based distribution, such as Fedora this can be done with the following commands:
 
-If you use Fedora, consider removing the whitelist for [smb](https://en.wikipedia.org/wiki/Server_Message_Block)-client and [mdns](https://en.wikipedia.org/wiki/Multicast_DNS) services if you do not use them.
+!!! Example
+    ```
+    firewall-cmd --set-default-zone=drop;
+    firewall-cmd --add-protocol=ipv6-icmp --permanent;
+    firewall-cmd --add-service=dhcpv6-client --permanent;
+    ```
 
 All these firewalls use the [Netfilter](https://en.wikipedia.org/wiki/Netfilter) framework and therefore cannot protect against malicious programs running on the system. A malicious program could insert its own rules.
 
@@ -22,13 +27,14 @@ If you are using non-classic [Snap](https://en.wikipedia.org/wiki/Snap_(package_
 
 ## Kernel hardening
 
-There are some additional kernel hardening options such as configuring [sysctl](https://en.wikipedia.org/wiki/Sysctl#Linux) keys and [kernel command-line parameters](https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html) which are described in the following pages. We don’t recommend you change these options unless you learn about what they do.
+Kernel hardening options such as configuring [sysctl](https://en.wikipedia.org/wiki/Sysctl#Linux) keys and [kernel command-line parameters](https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html) can help harden your system. We suggest looking at the following [sysctl settings](https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl) and [boot parameters](https://madaidans-insecurities.github.io/guides/linux-hardening.html#boot-parameters).
 
-- [Recommended sysctl settings](https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl)
-- [Recommended boot parameters](https://madaidans-insecurities.github.io/guides/linux-hardening.html#boot-parameters)
-- [Additional recommendations to reduce the kernel's attack surface](https://madaidans-insecurities.github.io/guides/linux-hardening.html#kernel-attack-surface-reduction)
+We **strongly** recommend that you learn what these options do before applying them. There are also some methods of [kernel attack surface reduction](https://madaidans-insecurities.github.io/guides/linux-hardening.html#kernel-attack-surface-reduction) and [access restrictions to sysfs](https://madaidans-insecurities.github.io/guides/linux-hardening.html#restricting-sysfs) that can further improve security.
 
-Do **not** disable unprivileged user namespaces if you use software that relies on it, like: Podman, Docker and LXC containers. The option will prevent this software from working.
+!!! Note
+    Unprivileged [user namespaces](https://madaidans-insecurities.github.io/linux.html#kernel) can be disabled, due to it being responsible for various privileged escalation vulnerabilities. Some software such as Docker, Podman, and LXC require unprivileged user namespaces to function. If you use these tools you should not disable `kernel.unprivileged_userns_clone`.
+
+    Disabling access to `/sys` without a proper whitelist will lead to various applications breaking. This will unfortunately be an extremely tedious process for most users. Kicksecure, and by extension, Whonix, has an experimental [hide hardware info service](https://github.com/Kicksecure/security-misc/blob/master/lib/systemd/system/hide-hardware-info.service) which does just this. From our testing, these work perfectly fine on minimal Kicksecure installations and both Qubes-Whonix Workstation and Gateway. If you are using Kicksecure or Whonix, we recommend that you follow the [Kicksecure Wiki](https://www.kicksecure.com/wiki/Security-misc) to enable hide hardware info service.
 
 ## Linux-Hardened
 
@@ -38,11 +44,13 @@ Some distributions like Arch Linux have the [linux-hardened](https://github.com/
 
 LKRG is a kernel module that performs runtime integrity check on the kernel to help detect exploits against the kernel. LKRG works in a *post*-detect fashion, attempting to respond to unauthorized modifications to the running Linux kernel. While it is [bypassable by design](https://lkrg.org/), it does stop off-the-shelf malware that does not specifically target LKRG itself. This may make exploits harder to develop and execute on vulnerable systems.
 
-If you can get LKRG and maintain module updates it provides a worthwhile improvement to security. Debian based distributions can get the LKRG DKMS from KickSecure's secure repository and the [KickSecure documentation](https://www.kicksecure.com/wiki/Linux_Kernel_Runtime_Guard_LKRG) has instructions on how this can be achieved. There is no LKRG package for Fedora yet, however the Qubes OS project has a COPR repository which [may become](https://github.com/QubesOS/qubes-issues/issues/5461) part of the main distribution in the future. Archlinux based systems provide LKRG DKMS modules via an [AUR package](https://aur.archlinux.org/packages/lkrg-dkms).
+If you can get LKRG and maintain module updates, it provides a worthwhile improvement to security. Debian based distributions can get the LKRG DKMS package from KickSecure's secure repository and the [KickSecure documentation](https://www.kicksecure.com/wiki/Linux_Kernel_Runtime_Guard_LKRG) has instructions.
+
+On Fedora, [fepitre](https://github.com/fepitre), a QubesOS developer has a [COPR repository](https://copr.fedorainfracloud.org/coprs/fepitre/lkrg/) where you can install it. Arch based systems can obtain the LKRG DKMS package via an [AUR package](https://aur.archlinux.org/packages/lkrg-dkms).
 
 ## GRSecurity
 
-GRSecurity is a set of kernel patches that attempt to improve security of the Linux kernel.  It requires [payment to access](https://github.com/QubesOS/qubes-issues/issues/5461) the code.
+GRSecurity is a set of kernel patches that attempt to improve security of the Linux kernel. It requires [payment to access](https://grsecurity.net/purchase) the code and is worth using if you have a subscription.
 
 ## Simultaneous multithreading (SMT)
 
@@ -66,9 +74,25 @@ These flags could also be applied to `/home` and `/root` as well, however, `noex
 
 If you use [Toolbox](https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox/), `/var/log/journal` must not have any of those options. If you are on Arch Linux, do not apply `noexec` to `/var/tmp`.
 
+## Disabling SUID
+
+SUID allows a user to execute an application as the owner of that application, which in many cases, would be the `root` user. Vulnerable SUID executables could lead to privilege escalation vulnerabilities.
+
+It is desirable to remove SUID from as many binaries as possible; however, this takes substantial effort and trial and error on the user's part, as some applications require SUID to function.
+
+Kicksecure, and by extension, Whonix has an experimental [permission hardening service](https://github.com/Kicksecure/security-misc/blob/master/lib/systemd/system/permission-hardening.service) and [application whitelist](https://github.com/Kicksecure/security-misc/tree/master/etc/permission-hardening.d) to automate SUID removal from most binaries and libraries on the system. From our testing, these work perfectly fine on a minimal Kicksecure installation and both Qubes-Whonix Workstation and Gateway.
+
+If you are using Kicksecure or Whonix, we recommend that you follow the [Kicksecure Wiki](https://www.kicksecure.com/wiki/SUID_Disabler_and_Permission_Hardener) to enable the permission hardener.
+
+Users of other distributions can adapt the permission hardener to their own system based on the source code linked above.
+
+## Secure Time Synchronization
+
+Most Linux distributions by default (especially Arch based distributions with `systemd-timesyncd`) use un-encrypted NTP for time synchronization. Securing NTP can be achieved by [configuring NTS with chronyd](https://fedoramagazine.org/secure-ntp-with-nts/) or by using [swdate](https://github.com/Kicksecure/sdwdate) on Debian based distributions.
+
 ## Linux Pluggable Authentication Modules (PAM)
 
-There is also further hardening to [PAM](https://en.wikipedia.org/wiki/Linux_PAM) to secure authentication to your system. [This guide](https://madaidans-insecurities.github.io/guides/linux-hardening.html#pam) has some tips on this.
+The security of [PAM](https://en.wikipedia.org/wiki/Linux_PAM) can be [hardened](https://madaidans-insecurities.github.io/guides/linux-hardening.html#pam) to allow secure authentication to your system.
 
 On Red Hat distributions you can use [`authselect`](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_authentication_and_authorization_in_rhel/configuring-user-authentication-using-authselect_configuring-authentication-and-authorization-in-rhel) to configure this e.g.:
 
@@ -86,27 +110,25 @@ Another alternative option if you’re using the [linux-hardened](#linux-hardene
 
 ## Secure Boot
 
-[Secure Boot](https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface#Secure_Boot) can be used to secure the boot process by preventing the loading of [unsigned](https://en.wikipedia.org/wiki/Public-key_cryptography) [UEFI](https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface) drivers or [boot loaders](https://en.wikipedia.org/wiki/Bootloader). Some guidance for this is provided in [this physical security guide](https://madaidans-insecurities.github.io/guides/linux-hardening.html#physical-security) and [this verified boot guide](https://madaidans-insecurities.github.io/guides/linux-hardening.html#verified-boot).
+[Secure Boot](https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface#Secure_Boot) can be used to secure the boot process by preventing the loading of [unsigned](https://en.wikipedia.org/wiki/Public-key_cryptography) [UEFI](https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface) drivers or [boot loaders](https://en.wikipedia.org/wiki/Bootloader).
 
-For further resources on Secure Boot, we suggest taking a look at the following for instructional advice:
+One of the problems with Secure Boot, particularly on Linux is, that only the [chainloader](https://en.wikipedia.org/wiki/Chain_loading#Chain_loading_in_boot_manager_programs) (shim), the [boot loader](https://en.wikipedia.org/wiki/Bootloader) (GRUB), and the [kernel](https://en.wikipedia.org/wiki/Kernel_(operating_system)) are verified and that's where verification stops. The [initramfs](https://en.wikipedia.org/wiki/Initial_ramdisk) is often left unverified, unencrypted, and open up the window for an [evil maid](https://en.wikipedia.org/wiki/Evil_maid_attack) attack. The firmware on most devices is also configured to trust Microsoft's keys for Windows and its partners, leading to a large attacks surface.
 
-- The Archwiki’s [Secure Boot](https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot) article. There are two main methods, the first is to use a [shim](https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot#shim), the second more complete way is to [use your own keys](https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot#Using_your_own_keys).
+To eliminate the need to trust Microsoft's keys, follow the "Using your own keys" section on the [Arch Wiki](https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot). The important thing that needs to be done here is to replace the OEM's key with your own Platform Key.
 
-For the background of how Secure Boot works on Linux:
+There are several ways to work around the unverified initramfs:
 
-- [The Strange State of Authenticated Boot and Disk Encryption on Generic Linux Distributions](https://0pointer.net/blog/authenticated-boot-and-disk-encryption-on-linux.html)
-- [Rod Smith’s Managing EFI Boot Loaders for Linux](https://www.rodsbooks.com/efi-bootloaders/)
-- [Dealing with Secure Boot](https://www.rodsbooks.com/efi-bootloaders/secureboot.html)
-- [Controlling Secure Boot](https://www.rodsbooks.com/efi-bootloaders/controlling-sb.html)
+The first way is to [encrypt the /boot partition](https://wiki.archlinux.org/title/GRUB#Encrypted_/boot). If you are on Fedora Workstation (not Silverblue), you can follow [this guide](https://mutschler.eu/linux/install-guides/fedora-btrfs-33/) to convert the existing installation to encrypted `/boot`. openSUSE comes with this that by default.
 
-One of the problems with Secure Boot particularly on Linux is that only the [chainloader](https://en.wikipedia.org/wiki/Chain_loading#Chain_loading_in_boot_manager_programs) (shim), the [boot loader](https://en.wikipedia.org/wiki/Bootloader) (GRUB), and the [kernel](https://en.wikipedia.org/wiki/Kernel_(operating_system)) are verified and that’s where verification stops. The [initramfs](https://en.wikipedia.org/wiki/Initial_ramdisk) is often left unverified, unencrypted, and open up the window for an [evil maid](https://en.wikipedia.org/wiki/Evil_maid_attack) attack. There are a few things that can be done to reduce risk such as:
+Encrypting `/boot` however have its own issues, one being that [GRUB](https://en.wikipedia.org/wiki/GNU_GRUB) only supports [LUKS1](https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup) and not the newer default LUKS2 scheme. As the bootloader runs in [protected mode](https://en.wikipedia.org/wiki/Protected_mode) and the encryption module lacks [SSE acceleration](https://en.wikipedia.org/wiki/Streaming_SIMD_Extensions) so the boot process will take minutes to complete. Another problem with this is that you have to type the encryption password twice, which could be solved by following the [openSUSE Wiki](https://en.opensuse.org/SDB:Encrypted_root_file_system#Avoiding_to_type_the_passphrase_twice).
 
-- Creating an [EFI Boot Stub](https://docs.kernel.org/admin-guide/efi-stub.html) that contains the [kernel](https://en.wikipedia.org/wiki/Kernel_(operating_system)), [initramfs](https://en.wikipedia.org/wiki/Initial_ramdisk) and [microcode](https://en.wikipedia.org/wiki/Microcode). This EFI stub can then be signed. If you use [dracut](https://en.wikipedia.org/wiki/Dracut_(software)) this can easily be done with the [`--uefi-stub` switch](https://man7.org/linux/man-pages/man8/dracut.8.html) or the [`uefi_stub` config](https://www.man7.org/linux/man-pages/man5/dracut.conf.5.html) option.
-- [Encrypting the boot partition](https://wiki.archlinux.org/title/GRUB#Encrypted_/boot). However, this has its own issues, the first being that [GRUB](https://en.wikipedia.org/wiki/GNU_GRUB) only supports [LUKS1](https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup) and not the newer default LUKS2 scheme. As the bootloader runs in [protected mode](https://en.wikipedia.org/wiki/Protected_mode) and the encryption module lacks [SSE acceleration](https://en.wikipedia.org/wiki/Streaming_SIMD_Extensions) the boot process will take minutes to complete.
-- Using TPM to perform a [measured boot](https://www.krose.org/~krose/measured_boot).
+There are a few options depending on your configuration:
 
-After setting up Secure Boot it is crucial that you set a “firmware password” (also called a “supervisor password, “BIOS password” or “UEFI password”), otherwise an adversary can simply disable Secure Boot.
+- If you enroll your own keys as described above, and your distribution supports Secure Boot by default, you can add your distribution's EFI Key into the list of trusted keys (db keys). It can then be enrolled into the firmware. Then, you should move all of your keys off your local storage device.
+- If you enroll your own keys as described above, and your distribution does **not** support Secure Boot out of the box (like Arch Linux), you have to leave the keys on the disk and setup automatic signing of the [kernel](https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot#Signing_the_kernel_with_a_pacman_hook) and bootloader. If you are using Grub, you can install it with the `--no-shim-lock` option and remove the need for the chainloader.
 
-These recommendations can make you a little more resistant to [evil maid](https://en.wikipedia.org/wiki/Evil_maid_attack) attacks, but they not good as a proper verified boot process such as that found on [Android](https://source.android.com/security/verifiedboot), [ChromeOS](https://support.google.com/chromebook/answer/3438631) or [Windows](https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process).
+The second option is to creating an [EFI Boot Stub](https://wiki.archlinux.org/title/Unified_kernel_image) that contains the [kernel](https://en.wikipedia.org/wiki/Kernel_(operating_system)), [initramfs](https://en.wikipedia.org/wiki/Initial_ramdisk), and [microcode](https://en.wikipedia.org/wiki/Microcode). This EFI stub can then be signed. If you use [dracut](https://en.wikipedia.org/wiki/Dracut_(software)) this can easily be done with the [`--uefi-stub` switch](https://man7.org/linux/man-pages/man8/dracut.8.html) or the [`uefi_stub` config](https://www.man7.org/linux/man-pages/man5/dracut.conf.5.html) option. This option also requires you to leave the keys on the disk to setup automatic signing, which weakens the security model.
 
---8<-- "includes/abbreviations.en.md"
+After setting up Secure Boot it is crucial that you set a “firmware password” (also called a “supervisor password”, “BIOS password” or “UEFI password”), otherwise an adversary can simply disable Secure Boot.
+
+These recommendations can make you a little more resistant to [evil maid](https://en.wikipedia.org/wiki/Evil_maid_attack) attacks, but they not good as a proper verified boot process such as that found on [Android](https://source.android.com/security/verifiedboot), [ChromeOS](https://www.chromium.org/chromium-os/chromiumos-design-docs/security-overview/#verified-boot), [macOS](https://support.apple.com/en-us/HT208198), or [Windows](https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process).

docs/linux-desktop/overview.en.md

@@ -2,19 +2,19 @@
 title: Linux Overview
 icon: fontawesome/brands/linux
 ---
-It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/2022/02/02/floss-security.html). It does depend on a number of factors, such as project activity, developer experience, level of rigour applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years.
+It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigour applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years.
 
 At the moment, desktop GNU/Linux does have some areas that could be better improved when compared to their proprietary counterparts, e.g.:
 
-- A verified boot chain, unlike Apple’s [Secure Boot](https://support.apple.com/guide/security/startup-security-utility-secc7b34e5b5/web) (with [Secure Enclave](https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/1/web/1)), Android’s [Verified Boot](https://source.android.com/security/verifiedboot) or Microsoft Windows’s [boot process](https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process) with [TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). These features and hardware technologies can all help prevent persistent tampering by malware or [evil maid attacks](https://en.wikipedia.org/wiki/Evil_Maid_attack)
-- Strong sandboxing solution such as that found in [macOS](https://developer.apple.com/library/archive/documentation/Security/Conceptual/AppSandboxDesignGuide/AboutAppSandbox/AboutAppSandbox.html), [ChromeOS](https://chromium.googlesource.com/chromiumos/docs/+/HEAD/sandboxing.md), and [Android](https://source.android.com/security/app-sandbox). Commonly used Linux sandboxing solutions such as [Flatpak](https://docs.flatpak.org/en/latest/sandbox-permissions.html) and [Firejail](https://firejail.wordpress.com/) still have a long way to go
+- A verified boot chain, like Apple’s [Secure Boot](https://support.apple.com/guide/security/startup-security-utility-secc7b34e5b5/web) (with [Secure Enclave](https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/1/web/1)), Android’s [Verified Boot](https://source.android.com/security/verifiedboot), ChromeOS' [Verified boot](https://www.chromium.org/chromium-os/chromiumos-design-docs/security-overview/#verified-boot), or Microsoft Windows’s [boot process](https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process) with [TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). These features and hardware technologies can all help prevent persistent tampering by malware or [evil maid attacks](https://en.wikipedia.org/wiki/Evil_Maid_attack)
+- A strong sandboxing solution such as that found in [macOS](https://developer.apple.com/library/archive/documentation/Security/Conceptual/AppSandboxDesignGuide/AboutAppSandbox/AboutAppSandbox.html), [ChromeOS](https://chromium.googlesource.com/chromiumos/docs/+/HEAD/sandboxing.md), and [Android](https://source.android.com/security/app-sandbox). Commonly used Linux sandboxing solutions such as [Flatpak](https://docs.flatpak.org/en/latest/sandbox-permissions.html) and [Firejail](https://firejail.wordpress.com/) still have a long way to go
 - Strong [exploit mitigations](https://madaidans-insecurities.github.io/linux.html#exploit-mitigations)
 
 Despite these drawbacks, desktop GNU/Linux distributions are great if you want to:
 
 - Avoid telemetry that often comes with proprietary operating systems
 - Maintain [software freedom](https://www.gnu.org/philosophy/free-sw.en.html#four-freedoms)
-- Have purpose built systems such as [Whonix](https://www.whonix.org) or [Tails](https://tails.boum.org/)
+- Have privacy focused systems such as [Whonix](https://www.whonix.org) or [Tails](https://tails.boum.org/)
 
 Our website generally uses the term “Linux” to describe desktop GNU/Linux distributions. Other operating systems which also use the Linux kernel such as ChromeOS, Android, and Qubes OS are not discussed here.
 
@@ -28,7 +28,7 @@ Not all Linux distributions are created equal. While our Linux recommendation pa
 
 We highly recommend that you choose distributions which stay close to the stable upstream software releases, often referred to as rolling release distributions. This is because frozen release cycle distributions often don’t update package versions and fall behind on security updates.
 
-For frozen distributions, package maintainers are expected to backport patches to fix vulnerabilities (Debian is one such [example](https://www.debian.org/security/faq#handling)) rather than bump the software to the “next version” released by the upstream developer. Some security fixes [do not](https://arxiv.org/abs/2105.14565) receive a [CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures) (particularly less popular software) at all and therefore do not make it into the distribution with this patching model. As a result minor security fixes are sometimes held back until the next major release.
+For frozen distributions such as [Debian](https://www.debian.org/security/faq#handling), package maintainers are expected to backport patches to fix vulnerabilities rather than bump the software to the “next version” released by the upstream developer. Some security fixes [do not](https://arxiv.org/abs/2105.14565) receive a [CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures) (particularly less popular software) at all and therefore do not make it into the distribution with this patching model. As a result minor security fixes are sometimes held back until the next major release.
 
 We don’t believe holding packages back and applying interim patches is a good idea, as it diverges from the way the developer might have intended the software to work. [Richard Brown](https://rootco.de/aboutme/) has a presentation about this:
 
@@ -52,21 +52,25 @@ The Atomic update method is used for immutable distributions like Silverblue, Tu
 
 ### “Security-focused” distributions
 
-There is often some confusion about “security-focused” distributions and “pentesting” distributions. A quick search for “the most secure Linux distribution” will often give results like Kali Linux, Black Arch and Parrot OS. These distributions are offensive penetration testing distributions that bundle tools for testing other systems. They don’t include any “extra security” or defensive mitigations intended for regular use.
+There is often some confusion between “security-focused” distributions and “pentesting” distributions. A quick search for “the most secure Linux distribution” will often give results like Kali Linux, Black Arch and Parrot OS. These distributions are offensive penetration testing distributions that bundle tools for testing other systems. They don’t include any “extra security” or defensive mitigations intended for regular use.
 
 ### Arch-based distributions
 
-Arch based distributions are not recommended for those new to Linux, regardless of the distribution. Arch does not have an distribution update mechanism for the underlying software choices. As a result you have to stay aware with current trends and adopt technologies as they supersede older practices on your own.
+Arch based distributions are not recommended for those new to Linux, (regardless of distribution) as they require regular [system maintenance](https://wiki.archlinux.org/title/System_maintenance). Arch does not have an distribution update mechanism for the underlying software choices. As a result you have to stay aware with current trends and adopt technologies as they supersede older practices on your own.
 
 For a secure system, you are also expected to have sufficient Linux knowledge to properly set up security for their system such as adopting a [mandatory access control](https://en.wikipedia.org/wiki/Mandatory_access_control) system, setting up [kernel module](https://en.wikipedia.org/wiki/Loadable_kernel_module#Security) blacklists, hardening boot parameters, manipulating [sysctl](https://en.wikipedia.org/wiki/Sysctl) parameters, and knowing what components they need such as [Polkit](https://en.wikipedia.org/wiki/Polkit).
 
 Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository), **must** be comfortable in auditing PKGBUILDs that they install from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software supply chain attacks, which has in fact happened [in the past](https://www.bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository/). AUR should always be used sparingly and often there is a lot of bad advice on various pages which direct people to blindly use [AUR helpers](https://wiki.archlinux.org/title/AUR_helpers) without sufficient warning. Similar warnings apply to use third-party Personal Package Archives (PPAs) on Debian based distributions or Community Projects (COPR) on Fedora.
 
-If you are experienced with Linux and wish to use an Arch-based distribution, we only recommend Arch Linux proper, not any of its derivatives. We recommend against these two Arch derivatives specifically:
+If you are experienced with Linux and wish to use an Arch-based distribution, we only recommend mainline Arch Linux, not any of its derivatives. We recommend against these two Arch derivatives specifically:
 
 - **Manjaro**: This distribution holds packages back for 2 weeks to make sure that their own changes don’t break, not to make sure that upstream is stable. When AUR packages are used, they are often built against the latest [libraries](https://en.wikipedia.org/wiki/Library_(computing)) from Arch’s repositories.
 - **Garuda**: They use [Chaotic-AUR](https://aur.chaotic.cx/) which automatically and blindly compiles packages from the AUR. There is no verification process to make sure that the AUR packages don’t suffer from supply chain attacks.
 
+### Kicksecure
+
+While we strongly recommend against using outdated distributions like Debian, there is a Debian based operating system that has been hardened to be much more secure than typical Linux distributions: [Kicksecure](https://www.kicksecure.com/). Kicksecure, in oversimplified terms, is a set of scripts, configurations, and packages that substantially reduce the attack surface of Debian. It covers a lot of privacy and hardening recommendations by default.
+
 ### Linux-libre kernel and “Libre” distributions
 
 We strongly recommend **against** using the Linux-libre kernel, since it [removes security mitigations](https://www.phoronix.com/scan.php?page=news_item&px=GNU-Linux-Libre-5.7-Released) and [suppresses kernel warnings](https://news.ycombinator.com/item?id=29674846) about vulnerable microcode for ideological reasons.
@@ -89,7 +93,7 @@ We recommend using a desktop environment that supports the [Wayland](https://en.
 
 Fortunately, common environments such as [GNOME](https://www.gnome.org), [KDE](https://kde.org), and the window manager [Sway](https://swaywm.org) have support for Wayland. Some distributions like Fedora and Tumbleweed use it by default, and some others may do so in the future as X11 is in [hard maintenance mode](https://www.phoronix.com/scan.php?page=news_item&px=X.Org-Maintenance-Mode-Quickly). If you’re using one of those environments it is as easy as selecting the “Wayland” session at the desktop display manager ([GDM](https://en.wikipedia.org/wiki/GNOME_Display_Manager), [SDDM](https://en.wikipedia.org/wiki/Simple_Desktop_Display_Manager)).
 
-We recommend **against** using desktop environments or window managers that do not have Wayland support such as Cinnamon (default on Linux Mint), Pantheon (default on Elementary OS), MATE, Xfce, and i3.
+We recommend **against** using desktop environments or window managers that do not have Wayland support, such as Cinnamon (default on Linux Mint), Pantheon (default on Elementary OS), MATE, Xfce, and i3.
 
 ### Proprietary Firmware (Microcode Updates)
 
@@ -126,5 +130,3 @@ The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Co
 This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer.
 
 openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file.
-
---8<-- "includes/abbreviations.en.md"

docs/linux-desktop/sandboxing.en.md

@@ -6,7 +6,7 @@ Some sandboxing solutions for desktop Linux distributions do exist, however they
 
 ### Flatpak
 
-[Flatpak](https://flatpak.org) aims to be a universal package manager for Linux. One of its main goals is to provide a universal package format which can be used in most Linux distributions. It provides some [permission control](https://docs.flatpak.org/en/latest/sandbox-permissions.html). It has been [pointed out](https://madaidans-insecurities.github.io/linux.html#flatpak) that Flatpak sandboxing could be improved as particular Flatpaks often have greater permission than required. There does seem to be [some agreement](https://theevilskeleton.gitlab.io/2021/02/11/response-to-flatkill-org.html) that this is the case.
+[Flatpak](https://flatpak.org) aims to be a universal package manager for Linux. One of its main functions is to provide a universal package format which can be used in most Linux distributions. It provides some [permission control](https://docs.flatpak.org/en/latest/sandbox-permissions.html).However, [it is known](https://madaidans-insecurities.github.io/linux.html#flatpak) that Flatpak sandboxing could be improved as particular Flatpaks often have greater permission than required. There does seem to be [some agreement](https://theevilskeleton.gitlab.io/2021/02/11/response-to-flatkill-org.html) that this is the case.
 
 You can restrict applications further by issuing [Flatpak overrides](https://docs.flatpak.org/en/latest/flatpak-command-reference.html#flatpak-override). This can be done with the command-line or by using [Flatseal](https://flathub.org/apps/details/com.github.tchx84.Flatseal). Some sample overrides are provided by [tommytran732](https://github.com/tommytran732/Flatpak-Overrides) and [rusty-snake](https://github.com/rusty-snake/kyst/tree/main/flatpak).
 
@@ -62,5 +62,3 @@ Red Hat develops [Podman](https://docs.podman.io/en/latest/) and secures it with
 Another option is [Kata containers](https://katacontainers.io/), where virtual machines masquerade as containers. Each Kata container has its own Linux kernel and is isolated from the host.
 
 The above container technologies can be useful if you want to run certain web app software on your local network, such as [Vaultwarden](https://github.com/dani-garcia/vaultwarden) or images provided by [LinuxServer.io](https://www.linuxserver.io), to increase privacy by decreasing dependence on various web services. A guide on [hardening Docker and OCI](https://wonderfall.dev/docker-hardening) has been written by the author "Wonderfall."
-
---8<-- "includes/abbreviations.en.md"

docs/mobile-browsers.en.md

@@ -0,0 +1,173 @@
+---
+title: "Mobile Browsers"
+icon: octicons/device-mobile-16
+---
+These are our currently recommended mobile web browsers and configurations. In general, we recommend keeping extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation.
+
+## Android
+
+On Android, Firefox is still less secure than Chromium-based alternatives: Mozilla's engine, [GeckoView](https://mozilla.github.io/geckoview/), has yet to support [site isolation](https://hacks.mozilla.org/2021/05/introducing-firefox-new-site-isolation-security-architecture) or enable [isolatedProcess](https://bugzilla.mozilla.org/show_bug.cgi?id=1565196).
+
+### Tor Browser
+
+!!! recommendation
+
+    ![Tor Browser logo](assets/img/browsers/tor.svg){ align=right }
+
+    **Tor Browser** is the choice if you need anonymity, as it provides you with access to the Tor Bridges and [Tor Network](https://en.wikipedia.org/wiki/Tor_(network)), along with settings and extensions that are automatically configured by the default security levels: *Standard*, *Safer* and *Safest*.
+
+    The Tor Browser is designed to prevent fingerprinting, or identifying you based on your browser configuration. Therefore, it is imperative that you do **not** modify the browser beyond the default [security levels](https://tb-manual.torproject.org/security-settings/).
+
+    [:octicons-home-16: Homepage](https://www.torproject.org){ .md-button .md-button--primary }
+    [:pg-tor:](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion){ .card-link title=Onion }
+    [:octicons-info-16:](https://tb-manual.torproject.org/mobile-tor/){ .card-link title=Documentation }
+    [:octicons-code-16:](https://gitlab.torproject.org/tpo/applications/fenix){ .card-link title="Source Code" }
+    [:octicons-heart-16:](https://donate.torproject.org/){ .card-link title=Contribute }
+
+    ??? downloads
+
+        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.torproject.torbrowser)
+        - [:pg-f-droid: F-Droid](https://guardianproject.info/fdroid/)
+
+### Brave
+
+!!! recommendation
+
+    ![Brave logo](assets/img/browsers/brave.svg){ align=right }
+
+    **Brave Browser** includes a built-in content blocker and [privacy features](https://brave.com/privacy-features/), many of which are enabled by default.
+
+    Brave is built upon the Chromium web browser project, so it should feel familiar and have minimal website compatibility issues.
+
+    [:octicons-home-16: Homepage](https://brave.com/){ .md-button .md-button--primary }
+    [:pg-tor:](https://brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title=Onion }
+    [:octicons-eye-16:](https://brave.com/privacy/browser/){ .card-link title="Privacy Policy" }
+    [:octicons-info-16:](https://support.brave.com/){ .card-link title=Documentation}
+    [:octicons-code-16:](https://github.com/brave/brave-browser){ .card-link title="Source Code" }
+
+    ??? downloads annotate
+
+        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.brave.browser)
+
+#### Recommended Configuration
+
+Tor Browser is the only way to truly browse the internet anonymously. When you use Brave, we recommend changing the following settings to protect your privacy from certain parties, but all browsers other than the [Tor Browser](#tor-browser) will be traceable by *somebody* in some regard or another.
+
+These options can be found in :material-menu: → **Settings** → **Brave Shields & privacy**
+
+##### Shields
+
+Brave includes some anti-fingerprinting measures in its [Shields](https://support.brave.com/hc/en-us/articles/360022973471-What-is-Shields-) feature. We suggest configuring these options [globally](https://support.brave.com/hc/en-us/articles/360023646212-How-do-I-configure-global-and-site-specific-Shields-settings-) across all pages that you visit.
+
+Shields' options can be downgraded on a per-site basis as needed, but by default we recommend setting the following:
+
+<div class="annotate" markdown>
+
+- [x] Select **Aggressive** under Block trackers & ads
+
+    ??? warning "Use default filter lists"
+        Brave allows you to select additional content filters within the internal `brave://adblock` page. We advise against using this feature; instead, keep the default filter lists. Using extra lists will make you stand out from other Brave users and may also increase attack surface if there is an exploit in Brave and a malicious rule is added to one of the lists you use.
+
+- [x] (Optional) Select **Block Scripts** (1)
+- [x] Select **Strict, may break sites** under Block fingerprinting
+
+</div>
+
+1. This option provides functionality similar to uBlock Origin's advanced [blocking modes](https://github.com/gorhill/uBlock/wiki/Blocking-mode) or the [NoScript](https://noscript.net/) extension.
+
+##### Social Media Blocking
+
+- [ ] Uncheck all social media components
+
+##### IPFS
+
+InterPlanetary File System (IPFS) is a decentralized, peer-to-peer network for storing and sharing data in a distributed filesystem. Unless you use the feature, disable it.
+
+- [ ] Uncheck **IPFS Gateway**
+
+##### Other privacy settings
+
+- [x] Select **Disable Non-Proxied UDP** under [WebRTC IP Handling Policy](https://support.brave.com/hc/en-us/articles/360017989132-How-do-I-change-my-Privacy-Settings-#webrtc)
+- [ ] Uncheck **Allow privacy-preserving product analytics (P3A)**
+- [ ] Uncheck **Automatically send daily usage ping to Brave**
+- [ ] Uncheck **Automatically send diagnostic reports**
+- [x] Select **Always use secure connections**
+- [x] Select **Close tabs on exit**
+- [x] Select **Clear data on exit**
+
+## iOS
+
+On iOS, any app that can browse the web is [restricted](https://developer.apple.com/app-store/review/guidelines) to using an Apple-provided [WebKit framework](https://developer.apple.com/documentation/webkit), so there is little reason to use a third-party web browser.
+
+### Safari
+
+!!! recommendation
+
+    ![Safari logo](assets/img/browsers/safari.svg){ align=right }
+
+    **Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/15.0/ios/15.0) such as Intelligent Tracking Protection, Privacy Report, isolated Private Browsing tabs, iCloud Private Relay, and automatic HTTPS upgrades.
+
+    [:octicons-home-16: Homepage](https://www.apple.com/safari/){ .md-button .md-button--primary }
+    [:octicons-eye-16:](https://www.apple.com/legal/privacy/data/en/safari/){ .card-link title="Privacy Policy" }
+    [:octicons-info-16:](https://support.apple.com/guide/safari/welcome/mac){ .card-link title=Documentation}
+
+#### Recommended Configuration
+
+These options can be found in :gear: **Settings** → **Safari** → **Privacy and Security**.
+
+##### Cross-Site Tracking Prevention
+
+- [x] Enable **Prevent Cross-Site Tracking**
+
+This enables WebKit's [Intelligent Tracking Protection](https://webkit.org/tracking-prevention/#intelligent-tracking-prevention-itp). The feature helps protect against unwanted tracking by using on-device machine learning to stop trackers. ITP protects against many common threats, but it does not block all tracking avenues because it is designed to not interfere with website usability.
+
+##### Privacy Report
+
+Privacy Report provides a snapshot of cross-site trackers currently prevented from profiling you on the website you're visiting. It can also display a weekly report to show which trackers have been blocked over time.
+
+Privacy Report is accessible via the Page Settings menu (:pg-textformat-size:).
+
+##### Privacy Preserving Ad Measurement
+
+- [ ] Disable **Privacy Preserving Ad Measurement**
+
+Ad click measurement has traditionally used tracking technology that infringes on user privacy. [Private Click Measurement](https://webkit.org/blog/11529/introducing-private-click-measurement-pcm/) is a WebKit feature and proposed web standard aimed towards allowing advertisers to measure the effectiveness of web campaigns without compromising on user privacy.
+
+The feature has little privacy concerns on its own, so while you can choose to leave it on, we consider the fact that it's automatically disabled in Private Browsing to be an indicator for disabling the feature.
+
+##### Always-on Private Browsing
+
+Open Safari and tap the Tabs button, located in the bottom right. Then, expand the Tab Groups list.
+
+- [x] Select **Private**
+
+Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are also other smaller privacy benefits with Private Browsing, such as not sending a webpage’s address to Apple when using Safari's translation feature.
+
+Do note that Private Browsing does not save cookies and website data, so it won't be possible to remain signed into sites. This may be an inconvenience.
+
+##### iCloud Sync
+
+Synchronization of Safari History, Tab Groups, iCloud Tabs and saved passwords are E2EE. However, bookmarks are [not](https://support.apple.com/en-us/HT202303). Apple can decrypt and access them in accordance with their [privacy policy](https://www.apple.com/legal/privacy/en-ww/).
+
+If you use iCloud, we also recommend checking to ensure Safari's default download location is set to locally on your device. This option can be found in :gear: **Settings** → **Safari** → **General** → **Downloads**.
+
+### AdGuard
+
+!!! recommendation
+
+    ![AdGuard logo](assets/img/browsers/adguard.svg){ align=right }
+
+    **AdGuard for iOS** is a free and open-source content-blocking extension for Safari that uses the native [Content Blocker API](https://developer.apple.com/documentation/safariservices/creating_a_content_blocker).
+
+    AdGuard for iOS has some premium features; however, standard Safari content blocking is free of charge.
+
+    [:octicons-home-16: Homepage](https://adguard.com/en/adguard-ios/overview.html){ .md-button .md-button--primary }
+    [:octicons-eye-16:](https://adguard.com/privacy/ios.html){ .card-link title="Privacy Policy" }
+    [:octicons-info-16:](https://kb.adguard.com/ios){ .card-link title=Documentation}
+    [:octicons-code-16:](https://github.com/AdguardTeam/AdguardForiOS){ .card-link title="Source Code" }
+
+    ??? downloads
+
+        - [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/apple-store/id1047223162)
+
+Additional filter lists do slow things down and may increase your attack surface, so only apply what you need.

docs/multi-factor-authentication.en.md

@@ -95,14 +95,12 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative
 
     **Raivo OTP** is a native, lightweight and secure time-based (TOTP) & counter-based (HOTP) password client for iOS. Raivo OTP offers optional iCloud backup & sync. Raivo OTP is also available for macOS in the form of a status bar application, however the Mac app does not work independently of the iOS app.
 
-    [:octicons-repo-16: Repository](https://github.com/raivo-otp/ios-application){ .md-button .md-button--primary }
-    [:octicons-eye-16:](https://github.com/raivo-otp/ios-application/blob/master/PRIVACY.md){ .card-link title="Privacy Policy" }
+    [:octicons-home-16: Homepage](https://raivo-otp.com){ .md-button .md-button--primary }
+    [:octicons-eye-16:](https://raivo-otp.com/privacy-policy){ .card-link title="Privacy Policy" }
     [:octicons-code-16:](https://github.com/raivo-otp/ios-application){ .card-link title="Source Code" }
-    [:octicons-heart-16:](https://github.com/sponsors/tijme){ .card-link title=Contribute }
+    [:octicons-heart-16:](https://raivo-otp.com/donate){ .card-link title=Contribute }
 
     ??? downloads
 
         - [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/raivo-otp/id1459042137)
         - [:fontawesome-brands-app-store: Mac App Store](https://apps.apple.com/us/app/raivo-otp/id1498497896)
-
---8<-- "includes/abbreviations.en.md"

docs/news-aggregators.en.md

@@ -31,7 +31,7 @@ A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to k
 
     ![Feeder logo](assets/img/news-aggregators/feeder.png){ align=right }
 
-    **Feeder** is a modern RSS client for Android that has many [features](https://gitlab.com/spacecowboy/Feeder#features) and works well with folders of RSS feeds. It supports it supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)) and [RDF](https://en.wikipedia.org/wiki/RDF%2FXML) and [JSON Feed](https://en.wikipedia.org/wiki/JSON_Feed).
+    **Feeder** is a modern RSS client for Android that has many [features](https://gitlab.com/spacecowboy/Feeder#features) and works well with folders of RSS feeds. It supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)), [RDF](https://en.wikipedia.org/wiki/RDF%2FXML) and [JSON Feed](https://en.wikipedia.org/wiki/JSON_Feed).
 
     [:octicons-repo-16: Repository](https://gitlab.com/spacecowboy/Feeder){ .md-button .md-button--primary }
     [:octicons-code-16:](https://gitlab.com/spacecowboy/Feeder){ .card-link title="Source Code" }

docs/notebooks.en.md

@@ -96,5 +96,3 @@ Joplin does not support password/pin protection for the [application itself or i
     [:octicons-info-16:](https://orgmode.org/manuals.html){ .card-link title=Documentation}
     [:octicons-code-16:](https://git.savannah.gnu.org/cgit/emacs/org-mode.git){ .card-link title="Source Code" }
     [:octicons-heart-16:](https://liberapay.com/bzg){ .card-link title=Contribute }
-
---8<-- "includes/abbreviations.en.md"

docs/passwords.en.md

@@ -90,9 +90,6 @@ These password managers sync your passwords to a cloud server for easy accessibi
 
 Bitwarden's server-side code is [open-source](https://github.com/bitwarden/server), so if you don't want to use the Bitwarden cloud, you can easily host your own Bitwarden sync server.
 
-![Vaultwarden logo](assets/img/password-management/vaultwarden.svg#only-light){ align=right }
-![Vaultwarden logo](assets/img/password-management/vaultwarden-dark.svg#only-dark){ align=right }
-
 **Vaultwarden** is an alternative implementation of the Bitwarden server API written in Rust and compatible with upstream Bitwarden clients, perfect for self-hosted deployment where running the official resource-heavy service might not be ideal.
 
 [:octicons-repo-16: Vaultwarden Repository](https://github.com/dani-garcia/vaultwarden){ .md-button }
@@ -146,5 +143,3 @@ These products are minimal password managers that can be used within scripting a
         - [:fontawesome-brands-apple: macOS](https://www.gopass.pw/#install-macos)
         - [:fontawesome-brands-linux: Linux](https://www.gopass.pw/#install-linux)
         - [:fontawesome-brands-freebsd: FreeBSD](https://www.gopass.pw/#install-bsd)
-
---8<-- "includes/abbreviations.en.md"

docs/productivity.en.md

@@ -90,5 +90,3 @@ For other platforms, consider below:
     [:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Public Instances"}
     [:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
     [:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
-
---8<-- "includes/abbreviations.en.md"

docs/real-time-communication.en.md

@@ -12,7 +12,7 @@ icon: material/chat-processing
 
     **Signal** is a mobile app developed by Signal Messenger LLC. The app provides instant messaging, as well as voice and video calling.
 
-    All communications are E2EE. Contact lists are encrypted using your login PIN and the server does not have access to them. Personal profiles are also encrypted and only shared with contacts who add you.
+    All communications are E2EE. Contact lists are encrypted using your Signal PIN and the server does not have access to them. Personal profiles are also encrypted and only shared with contacts you chat with.
 
     [:octicons-home-16: Homepage](https://signal.org/){ .md-button .md-button--primary }
     [:octicons-eye-16:](https://signal.org/legal/#privacy-policy){ .card-link title="Privacy Policy" }
@@ -28,14 +28,14 @@ icon: material/chat-processing
         - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms)
         - [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/id874139669)
 
-Signal has minimal metadata when [Sealed Sender](https://signal.org/blog/sealed-sender/) is enabled. The sender address is encrypted along with the message body, and only the recipient address is visible to the server.
-
-Signal requires your phone number as a personal identifier.
-
-[Sealed Sender](https://signal.org/blog/sealed-sender/) is only enabled for people in your contacts list, but can be enabled for all recipients with the increased risk of receiving spam.
+Signal supports [private groups](https://signal.org/blog/signal-private-group-system/). The server has no record of your group memberships, group titles, group avatars, or group attributes. Signal has minimal metadata when [Sealed Sender](https://signal.org/blog/sealed-sender/) is enabled. The sender address is encrypted along with the message body, and only the recipient address is visible to the server. Sealed Sender is only enabled for people in your contacts list, but can be enabled for all recipients with the increased risk of receiving spam. Signal requires your phone number as a personal identifier.
 
 The protocol was independently [audited](https://eprint.iacr.org/2016/1013.pdf) in 2016. The specification for the Signal protocol can be found in their [documentation](https://signal.org/docs/).
 
+We have some additional tips on configuring and hardening your Signal installation:
+
+[Signal Configuration and Hardening :hero-arrow-circle-right-fill:](./advanced/signal-configuration-hardening.md)
+
 ### Element
 
 !!! recommendation
@@ -133,7 +133,7 @@ Briar supports perfect forward secrecy by using the Bramble [Handshake](https://
 
 ## Types of Communication Networks
 
-There are several network architectures commonly used to relay messages between people. These networks can provide different different privacy guarantees, which is why it's worth considering your [threat model](https://en.wikipedia.org/wiki/Threat_model) when making a decision about which app to use.
+There are several network architectures commonly used to relay messages between people. These networks can provide different privacy guarantees, which is why it's worth considering your [threat model](https://en.wikipedia.org/wiki/Threat_model) when making a decision about which app to use.
 
 ### Centralized Networks
 
@@ -228,5 +228,3 @@ Self-hosting a node in an anonymous routing network does not provide the hoster
 - Less reliable if nodes are selected by randomized routing, some nodes may be very far from the sender and receiver, adding latency or even failing to transmit messages if one of the nodes goes offline.
 - More complex to get started as the creation and secured backup of a cryptographic private key is required.
 - Just like other decentralized platforms, adding features is more complex for developers than on a centralized platform, hence features may be lacking or incompletely implemented, such as offline message relaying or message deletion.
-
---8<-- "includes/abbreviations.en.md"

docs/router.en.md

@@ -20,18 +20,17 @@ Below are a few alternative operating systems, that can be used on routers, Wi-F
 
 You can consult OpenWrt's [table of hardware](https://openwrt.org/toh/start) to check if your device is supported.
 
-## pfSense
+## OPNsense
 
 !!! recommendation
 
-    ![pfSense logo](assets/img/router/pfsense.svg#only-light){ align=right }
-    ![pfSense logo](assets/img/router/pfsense-dark.svg#only-dark){ align=right }
+    ![pfSense logo](assets/img/router/opnsense.svg){ align=right }
 
-    pfSense is an open-source firewall/router computer software distribution based on FreeBSD. It is installed on a computer to make a dedicated firewall/router for a network and is noted for its reliability and offering features often only found in expensive commercial firewalls. pfSense is commonly deployed as a perimeter firewall, router, wireless access point, DHCP server, DNS server, and VPN endpoint.
+    **OPNsense** is an open source, FreeBSD-based firewall and routing platform which incorporates many advanced features such as traffic shaping, load balancing, and VPN capabilities, with many more features available in the form of plugins. OPNsense is commonly deployed as a perimeter firewall, router, wireless access point, DHCP server, DNS server, and VPN endpoint.
 
-    [:octicons-home-16: Homepage](https://www.pfsense.org){ .md-button .md-button--primary }
-    [:octicons-info-16:](https://docs.netgate.com/pfsense/en/latest/){ .card-link title=Documentation}
-    [:octicons-code-16:](https://github.com/pfsense/pfsense){ .card-link title="Source Code" }
-    [:octicons-heart-16:](https://www.pfsense.org/get-involved/){ .card-link title=Contribute }
+    [:octicons-home-16: Homepage](https://opnsense.org/){ .md-button .md-button--primary }
+    [:octicons-info-16:](https://docs.opnsense.org/index.html){ .card-link title=Documentation}
+    [:octicons-code-16:](https://github.com/opnsense){ .card-link title="Source Code" }
+    [:octicons-heart-16:](https://opnsense.org/donate/){ .card-link title=Contribute }
 
---8<-- "includes/abbreviations.en.md"
+OPNsense was originally developed as a fork of [pfSense](https://en.wikipedia.org/wiki/PfSense), and both projects are noted for being free and reliable firewall distributions which offer features often only found in expensive commercial firewalls. Launched in 2015, the developers of OPNsense [cited](https://docs.opnsense.org/history/thefork.html) a number of security and code-quality issues with pfSense which they felt necessitated a fork of the project, as well as concerns about Netgate's majority acquisition of pfSense and the future direction of the pfSense project.