Fix link about profiles (#1690)

Co-authored-by: Jonah Aragon <github@aragon.science>
Signed-off-by: Daniel Gray <dng@disroot.org>

.github/CODEOWNERS

@@ -1,13 +1,16 @@
-# Additional Co-Owners are added to the TOP of this file.
+# Additional Co-Owners are added to the TOP of this file
 
 # High-traffic pages
-/docs/index.md @JonahAragon @dngray
-/theme/overrides/ @JonahAragon
+/docs/index.en.md @jonaharagon @dngray
+/theme/overrides/ @jonaharagon
 
 # Org
-/docs/about/ @JonahAragon
-LICENSE @JonahAragon
+/docs/about/ @jonaharagon
+LICENSE @jonaharagon
+README.md @jonaharagon @dngray
 
 # Ops
-/.github/ @JonahAragon
-/.well-known/ @JonahAragon
+/Pipfile @jonaharagon
+/Pipfile.lock @jonaharagon
+/.github/ @jonaharagon
+/.well-known/ @jonaharagon

.github/ISSUE_TEMPLATE/2_Website_Issues.md

@@ -10,12 +10,6 @@ This is NOT the place to request changes to the content of the website.
 This is NOT the place to report issues with our services like Matrix.
 This is ONLY for reporting bugs or technical issues with www.privacyguides.org, the website.
 
--->
-
-## Description
-
-<!--
-## Screenshots
-
-Please add screenshots if applicable
+Please add screenshots if applicable.
+
 -->

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,14 +1,18 @@
-<!-- Please use a descriptive title for your PR, it will be included in our changelog -->
+<!-- READ ENTIRELY BEFORE SUBMITTING:
+Please use a descriptive title for your PR, it will be included in our changelog!
 
-Resolves: # <!-- Did you solve an open GitHub issue? Put the number here so we mark it complete! -->
+**********
+By submitting a PR, you are agreeing to release your work to the public domain
+persuant to the terms described in our LICENSE file (CC0 1.0 Universal).
+**********
 
-<!--
 Please share with us what you've changed.
 If you are adding a software recommendation, give us a link to its website or
 source code.
 
 If you are making changes that you have a conflict of interest with, please
-disclose this as well:
+disclose this as well (this does not disqualify your PR by any means):
+
 Conflict of interest contributions involve contributing about yourself,
 family, friends, clients, employers, or your financial and other relationships.
 Any external relationship can trigger a conflict of interest.
@@ -16,7 +20,7 @@ Any external relationship can trigger a conflict of interest.
 That someone has a conflict of interest is a description of a situation,
 NOT a judgement about that person's opinions, integrity, or good faith.
 
-If you have a conflict of interest, you must disclose who is paying you for
+If you have a conflict of interest, you MUST disclose who is paying you for
 this contribution, who the client is (if for example, you are being paid by
 an advertising agency), and any other relevant affiliations.
 -->

.github/workflows/pages.yml

@@ -29,15 +29,15 @@ jobs:
           submodules: 'true'
       
       - name: Pages setup
-        uses: actions/configure-pages@v1
+        uses: actions/configure-pages@v2
 
       - name: Python setup
         uses: actions/setup-python@v4
         with:
-          python-version: '3.7'
+          python-version: '3.10'
       
       - name: Cache files
-        uses: actions/cache@v3.0.7
+        uses: actions/cache@v3.0.8
         with:
           key: ${{ github.ref }}
           path: .cache
@@ -50,18 +50,23 @@ jobs:
       - name: Build website
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          CARDS: true
         run: |
           pipenv run mkdocs build --config-file mkdocs.production.yml
           mv .well-known site/
           pipenv run mkdocs --version
+      
+      - name: Matrix homeserver configuration
+        run: |
+          mkdir -p site/.well-known/matrix
+          curl -o site/.well-known/matrix/server https://matrix.privacyguides.org/.well-known/matrix/server
+          curl -o site/.well-known/matrix/client https://matrix.privacyguides.org/.well-known/matrix/client
 
       - name: Package website
         uses: actions/upload-pages-artifact@v1
         with:
           path: site
 
-
-
   deploy:
     name: Deploy
     needs: build

.github/workflows/preview.yml

@@ -29,12 +29,13 @@ jobs:
       - name: Set up Python runtime
         uses: actions/setup-python@v4
         with:
-          python-version: '3.7'
+          python-version: '3.10'
 
       - name: Deploy to surge.sh
         uses: afc163/surge-preview@v1
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          CARDS: true
         with:
           surge_token: ${{ secrets.SURGE_TOKEN }}
           github_token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/release.yml

@@ -0,0 +1,19 @@
+name: 📦 Releases
+
+on: 
+  push:
+    tags:
+      - '*'
+
+jobs:
+  release:
+    name: Create Release
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - uses: actions/checkout@v2
+      - uses: ncipollo/release-action@v1
+        with:
+          generateReleaseNotes: true
+          token: ${{ secrets.REPO_TOKEN }}

.well-known/matrix/client

@@ -1,5 +0,0 @@
-{
-    "m.homeserver": {
-        "base_url": "https://dendrite-client.privacyguides.org"
-    }
-}

.well-known/matrix/server

@@ -1,3 +0,0 @@
-{
-    "m.server": "dendrite-federation.privacyguides.org:443"
-}

CITATION.cff

@@ -0,0 +1,47 @@
+cff-version: 1.2.0
+title: Privacy Guides
+message: 'If you reference this website, please cite it in your work.'
+type: software
+authors:
+  - email: jonah@privacyguides.org
+    given-names: Jonah
+    family-names: Aragon
+    orcid: 'https://orcid.org/0000-0001-6996-4965'
+  - name: The Privacy Guides team
+    website: 'https://github.com/orgs/privacyguides/people'
+repository-code: 'https://github.com/privacyguides/privacyguides.org'
+references:
+  - authors:
+    - family-names: Donath
+      given-names: Martin
+    title: 'mkdocs-material'
+    type: software
+    repository-code: 'https://github.com/squidfunk/mkdocs-material'
+preferred-citation:
+  type: website
+  title: Privacy Guides
+  authors:
+    - email: jonah@privacyguides.org
+      given-names: Jonah
+      family-names: Aragon
+      orcid: 'https://orcid.org/0000-0001-6996-4965'
+    - given-names: Daniel
+      family-names: Gray
+      email: dngray@privacyguides.org
+    - name: The Privacy Guides team
+      website: 'https://github.com/orgs/privacyguides/people'
+    - name: Various project contributors
+  url: 'https://www.privacyguides.org'
+  abstract: >-
+    Privacy Guides is a socially motivated website that
+    provides information for protecting your data
+    security and privacy. We are a non-profit
+    collective operated entirely by volunteer team
+    members and contributors.
+  keywords:
+    - privacy
+    - surveillance
+    - encryption
+    - website
+    - markdown
+  license: CC0-1.0

Pipfile

@@ -17,4 +17,4 @@ mkdocs-git-committers-plugin-2 = "*"
 scour = "*"
 
 [requires]
-python_version = "3.7"
+python_version = "3.10"

Pipfile.lock

@@ -1,11 +1,11 @@
 {
     "_meta": {
         "hash": {
-            "sha256": "ce2630991a262d8ca83cfc13f70347f8fdd9f9d07c281ea753f5fc52f3aebbd6"
+            "sha256": "d3a92aec93d430ec2770963ae2dc2f72ad9f0dd042170dc90ab7a0c07b6dcda6"
         },
         "pipfile-spec": 6,
         "requires": {
-            "python_version": "3.7"
+            "python_version": "3.10"
         },
         "sources": [
             {
@@ -118,11 +118,11 @@
         },
         "charset-normalizer": {
             "hashes": [
-                "sha256:5189b6f22b01957427f35b6a08d9a0bc45b46d3788ef5a92e978433c7a35f8a5",
-                "sha256:575e708016ff3a5e3681541cb9d79312c416835686d054a23accb873b254f413"
+                "sha256:5a3d016c7c547f69d6f81fb0db9449ce888b418b5b9952cc5e6e66843e9dd845",
+                "sha256:83e9a75d1911279afd89352c68b45348559d1fc0506b054b346651b5e7fee29f"
             ],
             "markers": "python_version >= '3.6'",
-            "version": "==2.1.0"
+            "version": "==2.1.1"
         },
         "click": {
             "hashes": [
@@ -196,7 +196,7 @@
                 "sha256:637245b8bab2b6502fcbc752cc4b7a6f6243bb02b31c5c26156ad103d3d45670",
                 "sha256:7401a975809ea1fdc658c3aa4f78cc2195a0e019c5cbc4c06122884e9ae80c23"
             ],
-            "markers": "python_version < '3.10'",
+            "markers": "python_version >= '3.7'",
             "version": "==4.12.0"
         },
         "jinja2": {
@@ -377,7 +377,7 @@
         },
         "mkdocs-material": {
             "path": "./mkdocs-material",
-            "version": "==8.3.9+insiders.4.21.0"
+            "version": "==8.4.0+insiders.4.21.1"
         },
         "mkdocs-material-extensions": {
             "hashes": [
@@ -491,11 +491,11 @@
         },
         "pygments": {
             "hashes": [
-                "sha256:5eb116118f9612ff1ee89ac96437bb6b49e8f04d8a13b514ba26f620208e26eb",
-                "sha256:dc9c10fb40944260f6ed4c688ece0cd2048414940f1cea51b8b226318411c519"
+                "sha256:56a8508ae95f98e2b9bdf93a6be5ae3f7d8af858b43e02c5a2ff083726be40c1",
+                "sha256:f643f331ab57ba3c9d89212ee4a2dabc6e94f117cf4eefde99a0574720d14c42"
             ],
             "markers": "python_version >= '3.6'",
-            "version": "==2.12.0"
+            "version": "==2.13.0"
         },
         "pymdown-extensions": {
             "hashes": [
@@ -523,10 +523,10 @@
         },
         "pytz": {
             "hashes": [
-                "sha256:1e760e2fe6a8163bc0b3d9a19c4f84342afa0a2affebfaa84b01b978a02ecaa7",
-                "sha256:e68985985296d9a66a881eb3193b0906246245294a881e7c8afe623866ac6a5c"
+                "sha256:220f481bdafa09c3955dfbdddb7b57780e9a94f5127e35456a48589b9e0c0197",
+                "sha256:cea221417204f2d1a2aa03ddae3e867921971d0d76f14d87abb4414415bbdcf5"
             ],
-            "version": "==2022.1"
+            "version": "==2022.2.1"
         },
         "pyyaml": {
             "hashes": [
@@ -577,83 +577,83 @@
         },
         "regex": {
             "hashes": [
-                "sha256:03cdd06061426378a83e8a5bdec9cc71b964c35e329f68fb7058d08791780c83",
-                "sha256:03d7ff80e3a276ef460baaa745d425162c19d8ea093d60ecf47f52ffee37aea5",
-                "sha256:0798f6b97c3f8139c95af7b128a60909f5305b2e431a012083063298b2481e5d",
-                "sha256:1228f5a6be5b45ce7b66a69a77682632f0ce64cea1d7da505f33972e01f1f3fe",
-                "sha256:14882770017436aabe4cfa2651a9777f9faa2625bc0f6cdaec362697a8a964c3",
-                "sha256:15bc8cddffe3a9181572c6bcdf45b145691fff1b5712767e7d7a6ef5d32f424f",
-                "sha256:1903a2a6c4463488452e953a49f7e6663cfea9ff5e75b09333cbcc840e727a5b",
-                "sha256:1991348464df42a6bc04601e1241dfa4a9ec4d599338dc64760f2c299e1cb996",
-                "sha256:1dee18c683a0603445ff9e77ffc39f1a3997f43ee07ae04ac80228fc5565fc4d",
-                "sha256:26d6e9a6431626c20821d0165a4c4508acb20a57e4c04ee77c96f01b7fe4c09c",
-                "sha256:39ed69803697f1e1e9f1fb1e0b5a8116c55c130745ecd39485cc6255d3b9f046",
-                "sha256:3ef5a4ced251a501962d1c8797d15978dd97661721e337cbe88d8bcdb9cd0d56",
-                "sha256:3ef700d411b900fcff91f1ef16771bf085a9f9a376d16d8a643e8a20ff6dcb7b",
-                "sha256:3f3de4baf25e960a3048a6ecd0246cedcdfeb462a741d55e9a42e91add5a4a99",
-                "sha256:42702dba0281bcafbcf194770ecb987d60854946071c622777e6d207b3c169bc",
-                "sha256:438b36fbf9446b94325eaeeb1336e2291cd81daeef91b9c728c0946ffbc42ba4",
-                "sha256:4433690ff474fd95a3058085aed5fe12ac4e09d4f4b2b983de35e3a6c899afa0",
-                "sha256:454c2c81d34eb4e1d015acbca0488789c17fc84188e336365eaa31a16c964c04",
-                "sha256:48018c71ce7b2fe80c1eb16b9104d7d04d07567e9333159810a4ae5ef8cdf01f",
-                "sha256:4d4640ab9fd3659378eab2ee6f47c3e04b4a269bf206475652c6d8520a9301cc",
-                "sha256:50497f3d8a1e8d8055c6da1768c98f5b618039e572aacdcccd642704db6077eb",
-                "sha256:50dd20fd10dafd9b697f1c0629285790d86e66946caa2c6a1135f67846d9b495",
-                "sha256:513be18bcf5f27076990dd111f72270d33188653e772023985be92a2c5438382",
-                "sha256:535a2392a0f11f7df80f43e63a5b69c51bb29a10a690e4ae5ad721b9fe50684d",
-                "sha256:55911aba9bae9ad826971d2c80428425625a3dd0c00b94e9bb19361888b983a6",
-                "sha256:609a97626bf310e8cd7c79173e6ed8acab7f01ed4519b7936e998b54b3eb8d31",
-                "sha256:730cc311757153d59bf2bcf06d4026e3c998c1919c06557ad0e382235049b376",
-                "sha256:7378a6fba8a043b3c5fb8cf915044c814ebb2463b0a7137ec09ae0b1b10f5484",
-                "sha256:750b5de7982e568c1bb60388dea1c3abd674d1d579b87ef1b945ba4da53eb5e2",
-                "sha256:76696de39cbbbf976aa85cbd7b1f3ea2d98b3bc9889f6739fdb6cda85a7f05aa",
-                "sha256:89f4c531409ef01aa12b7c15bb489415e219c186725d44bc12a8f279afde3fe2",
-                "sha256:8d928237cf78cfe3b46b608f87e255c45a1e11d04e7dd2c49cb60200cbd6f987",
-                "sha256:8e324436b7f8bbb8e7b3c4593b01d1dce7215befc83a60569ff34a38d6c250ae",
-                "sha256:9163ef45bfebc39838848330cb94f79b563f738c60fc0a20a7f0a30f13ec1573",
-                "sha256:91d2a85a4a134011eb517f2a752f4e488b0a4f6b6ad00ef247f9fac57f9ff4f0",
-                "sha256:933752abc9931cb53eccbd4ab3aedbcd0f1797c0a1b19ed385952e265636b2b6",
-                "sha256:9b8d411a547b47852020242f9c384da35d4c65ccf159ae55a3ba0e50b6220932",
-                "sha256:9eec276e6419de4f93824f9373b28a2a8eaed04f28514000cc6a41b64703d804",
-                "sha256:a06d6ada6bef79aaa550ef37c7d529da60b81c02838d9dd9c5ab788becfc57d4",
-                "sha256:a0c38edcc78556625cbadf48eb87decd5d3c5e82fc4810dd22c19a5498d2329d",
-                "sha256:a23653a18c1d69760a2d8b6793478815cf5dc8c12f3b6e608e50aed49829f0ef",
-                "sha256:a2afa24d06301f4ffcb00244d30df1c12e65cabf30dcb0ba8b871d6b0c54d19e",
-                "sha256:a60840ebd37fe0152b5be50b56e8a958e1430837475311986f867dabad1c7474",
-                "sha256:ab950bbafafe9bf2e0a75b9f17291500fa7794f398834f1f4a71c18dddece130",
-                "sha256:ae6cd6ce16681d345592d74a0a92b25a9530d4055be460af425e654d891cdee4",
-                "sha256:af3d5c74af5ae5d04d597ea61e5e9e0b84e84509e58d1e52aaefbae81cb697bb",
-                "sha256:b131c7c94da56f8f1c59b4540c37c20973119608ec8cf42b3ebb40a94f3afc2c",
-                "sha256:b24133df3d3c57a901f6a63ba3783d6eed1d0561ed1cafd027f0789e76a10615",
-                "sha256:b5f1e598b9b823fb37f2f1baf930bb5f30ae4a3d9b67dfdc63f8f2374f336679",
-                "sha256:bbc0c5b350036ce49a8fd6015a29e4621de725fa99d9e985d3d76b820d44e5a9",
-                "sha256:bd0883e86964cd61360ffc36dbebbc49b928e92a306f886eab02c11dfde5b7aa",
-                "sha256:c942696b541ce6be4e3cc2c963b48671277b38ebd4a28af803b511b2885759b7",
-                "sha256:cc018ce0f1b62df155a5b9c9a81464040a87e97fd9bd05e0febe92568c63e678",
-                "sha256:ccf10d7d0f25a3c5e123c97ffbab8d4b1429a3c25fbd50812010075bd5d844fd",
-                "sha256:d3ce546e54cfafa9dee60b11b7f99b87058d81ab62bd05e366fc5bf6b2c1383a",
-                "sha256:dc49d9c6289df4c7895c85094872ef98ce7f609ba0ecbeb77acdd7f8362cda7d",
-                "sha256:dd0b115c4fab388b1131c89518cdd98db38d88c55cedfffc71de33c92eeee9c6",
-                "sha256:e0c12e5c14eeb5e484c688f2db57ca4a8182d09b40ab69f73147dc32bcdf849d",
-                "sha256:e19695f7b8de8a3b7d940288abedf48dfcfc0cd8d36f360e5b1bc5e1c3f02a72",
-                "sha256:e1b83baa19355c8dd0ec23e725f18450be01bc464ba1f1865cfada03594fa629",
-                "sha256:e2c8f542c5afd36e60237dbbabc95722135047d4c2844b9c4bff74c7177a50a1",
-                "sha256:e4a72f70ad7aa3df8244da55cf21e28b6f0640a8d8e0065dfa7ec477dd2b4ea4",
-                "sha256:ea9f01224c25101c5f2c6dceebd29d1431525637d596241935640e4de0fbb822",
-                "sha256:ed42feff196aaf262db1878d5ac553a3bcef147caf1362e7095f1115b71ae0e1",
-                "sha256:f049a9fdacdbc4e84afcec7a3b14a8309699a7347c95a525d49c4b9a9c353cee",
-                "sha256:f7329e66c6bd9950eb428f225db3982e5f54e53d3d95951da424dce9aa621eae",
-                "sha256:f755fba215ddafa26211e33ac91b48dcebf84ff28590790e5b7711b46fa4095d",
-                "sha256:f86be4e30cf2ffcd67845251c8549d70740cd6eec77bd38d977c4c0640eefc24",
-                "sha256:f898bf0a9613cc8b7f7af6fdcd80cc8e7659787908834c63391f22271fdb1c14",
-                "sha256:fac0dd2f11a165a79e271a04226378a008c83368031c6a9294a6df9cd1c13c05",
-                "sha256:fbbf9858a3043f632c9da2a82e4ce895016dfb401f59ab110900121121ee73b7",
-                "sha256:fddd2ef742f05a18fde1d1c74df12fa6f426945cfb6fefba3fa1c5380e2dd2bf",
-                "sha256:fddd7ddd520661085ffd91f1db74b18e4cf5ed9b6e939aa7d31ca1ea67bc7621",
-                "sha256:ff0e0c3a48c635529a1723d2fea9326da1dacdba5db20be1a4eeaf56580e3949"
+                "sha256:02b6dc102123f5178796dcdb5a90f6e88895607fd1a1d115d8de1af8161ca2b4",
+                "sha256:0843cc977b9cc00eb2299b624db6481d25e7f5b093f7a7c2bb727028d4a26eda",
+                "sha256:085ca3dc9360c0210e0a70e5d34d66454a06077644e7679fef6358b1f053e62e",
+                "sha256:0a9d5a64e974bc5f160f30f76aaf993d49eeddb405676be6bf76a5a2c131e185",
+                "sha256:0de0ce11c0835e1117eacbfe8fa6fa98dc0e8e746b486735cb0fdebe46a02222",
+                "sha256:1418d3506a9582b23a27373f125ea2b0da523c581e7cf678a6f036254d134faa",
+                "sha256:14750172c0a616140a8f496dfef28ed24080e87d06d5838e008f959ad307a8c5",
+                "sha256:1b6d2c579ffdcbb3d93f63b6a7f697364594e1c1b6856958b3e61e3ca22c140a",
+                "sha256:1df31eaf147ecff3665ba861acb8f78221cd5501df072c9151dfa341dd24599f",
+                "sha256:21b6f939916aa61beea56393ebc8a9999060632ac22b8193c2cb67d6fd7cb2c3",
+                "sha256:2240fce3af236e4586a045c1be8bbf16c4f8831e68b7df918b72fc31a80143be",
+                "sha256:242f546fc5e49bb7395624ac3b4fc168bf454e11ace9804c58c4c3a90d84e38f",
+                "sha256:25bffa248b99b53a61b1f20fc7d19f711e38e9f0bc90d44c26670f8dc282ad7d",
+                "sha256:2ada67e02fa3fcca9e3b90cf24c2c6bc77f0abc126209937956aea10eeba40c7",
+                "sha256:2c198921afc811bc0f105c6e5150fbdebf9520c9b7d43cfc0ab156ca97f506d7",
+                "sha256:370b1d7aed26e29915c3fb3e72e327f194824a76cedb60c0b9f6c6af53e89d72",
+                "sha256:3aafbbf5076f2a48bcf31ceb42b410323daaa0ddb42544640592957bc906ace6",
+                "sha256:3d3d769b3d485b28d6a591b46723dbacc696e6503f48a3ef52e6fc2c90edb482",
+                "sha256:3d83fd6dd4263595d0e4f595d4abd54397cbed52c0147f7dd148a7b72910301e",
+                "sha256:45cb798095b886e4df6ff4a1f7661eb70620ccdef127e3c3e00a1aaa22d30e53",
+                "sha256:4bd9443f7ff6e6288dd4496215c5d903f851e55cbc09d5963587af0c6d565a0a",
+                "sha256:4bdfd016ab12c4075ef93f025b3cf4c8962b9b7a5e52bb7039ab64cb7755930c",
+                "sha256:4c6554073e3e554fbb3dff88376ada3da32ca789ea1b9e381f684d49ddb61199",
+                "sha256:4dad9d68574e93e1e23be53b4ecfb0f083bd5cc08cc7f1984a4ee3ebf12aa446",
+                "sha256:4e12a3c2d4781ee5d03f229c940934fa1e4ea4f4995e68ab97a2815b139e0804",
+                "sha256:53c9eca0d6070a8a3de42182ad26daf90ba12132eb74a2f45702332762aff84e",
+                "sha256:5910bb355f9517309f77101238dbacb7151ede3434a2f1fad26ecc62f13d8324",
+                "sha256:5c77eab46f3a2b2cd8bbe06467df783543bf7396df431eb4a144cc4b89e9fb3c",
+                "sha256:5d541bc430a74c787684d1ebcd205a5212a88c3de73848143e77489b2c25b911",
+                "sha256:5e7c8f9f8824143c219dd93cdc733c20d2c12f154034c89bcb4911db8e45bd92",
+                "sha256:5f14430535645712f546f1e07013507d1cc0c8abd851811dacce8c7fb584bf52",
+                "sha256:6059ae91667932d256d9dc03abd3512ebcade322b3a42d1b8354bd1db7f66dcc",
+                "sha256:61f6966371fa1cbf26c6209771a02bef80336cdaca0c0af4dfa33d51019c0b93",
+                "sha256:62d56a9d3c1e5a83076db4da060dad7ea35ac2f3cbd3c53ba5a51fe0caedb500",
+                "sha256:634f090a388351eadf1dcc1d168a190718fb68efb4b8fdc1b119cf837ca01905",
+                "sha256:64ecfcc386420192fbe98fdde777d993f7f2dfec9552e4f4024d3447d3a3e637",
+                "sha256:6af38997f178889d417851bae8fb5c00448f7405cfcab38734d771f1dd5d5973",
+                "sha256:6b30c8d299ba48ee919064628fd8bc296bdc6e4827d315491bea39437130d3e1",
+                "sha256:6f0c8807bac16984901c0573725bad786f2f004f9bd5df8476c6431097b6c5b3",
+                "sha256:6f62c8a59f6b8e608880c61b138ae22668184bc266b025d33200dcf2cebe0872",
+                "sha256:74d4aabd612d32282f3cb3ebb4436046fb840d25c754157a755bc9f66e7cd307",
+                "sha256:7658d2dfc1dabfb008ffe12ae47b98559e2aedd8237bee12f5aafb74d90479e3",
+                "sha256:777ceea2860a48e9e362a4e2a9a691782ea97bd05c24627c92e876fdd2c22e61",
+                "sha256:79f34d5833cd0d53ecf48bc030e4da3216bd4846224d17eeb64509be5cb098fd",
+                "sha256:7a52d547259495a53e61e37ffc6d5cecf8d298aeb1bc0d9b25289d65ddb31183",
+                "sha256:840063aa8eeb1dda07d7d7dee15648838bffef1d415f5f79061854a182a429aa",
+                "sha256:8e8ec94d1b1a0a297c2c69a0bf000baf9a79607ca0c084f577f811a9b447c319",
+                "sha256:95fb62a3980cf43e76c2fe95edab06ec70dc495b8aa660975eb9f0b2ffdae1e1",
+                "sha256:9668da78bcc219542467f51c2cd01894222be6aceec4b5efb806705900b794d8",
+                "sha256:99a7c5786de9e92ff5ffee2e8bed745f5d25495206f3f14656c379031e518334",
+                "sha256:a1e283ad918df44bad3ccf042c2fe283c63d17617570eb91b8c370ef677b0b83",
+                "sha256:a25d251546acb5edb1635631c4ae0e330fa4ec7c6316c01d256728fbfb9bbff2",
+                "sha256:abe1adb32e2535aaa171e8b2b2d3f083f863c9974a3e6e7dae6bf4827fc8b983",
+                "sha256:ae85112da2d826b65aa7c7369c56ca41d9a89644312172979cbee5cf788e0b09",
+                "sha256:b3379a83dc63fe06538c751961f9ed730b5d7f08f96a57bbad8d52db5820df1f",
+                "sha256:b3c7c6c4aac19b964c1d12784aecae7f0315314640b0f41dd6f0d4e2bf439072",
+                "sha256:b7ddecc80e87acf12c2cf12bf3721def47188c403f04e706f104b5e71fed2f31",
+                "sha256:bbaf6785d3f1cd3e617b9d0fb3c5528023ef7bc7cc1356234801dc1941df8ce9",
+                "sha256:be6f5b453f7ed2219a9555bb6840663950b9ab1dc034216f68eac64db66633c2",
+                "sha256:c2b6404631b22617b5127c6de2355393ccda693ca733a098b6802e7dabb3457a",
+                "sha256:c4f6609f6e867a58cdf173e1cbe1f3736d25962108bd5cb01ad5a130875ff2c8",
+                "sha256:c76dd2c0615a28de21c97f9f6862e84faef58ff4d700196b4e395ef6a52291e4",
+                "sha256:c78c72f7878071a78337510ec78ab856d60b4bdcd3a95fd68b939e7cb30434b3",
+                "sha256:cb0c9a1476d279524538ba9a00ecec9eadcef31a6a60b2c8bd2f29f62044a559",
+                "sha256:ccb986e80674c929f198464bce55e995178dea26833421e2479ff04a6956afac",
+                "sha256:cfa62063c5eafb04e4435459ce15746b4ae6c14efeae8f16bd0e3d2895dad698",
+                "sha256:d13bd83284b46c304eb10de93f8a3f2c80361f91f4e8a4e1273caf83e16c4409",
+                "sha256:d76e585368388d99ddd2f95989e6ac80a8fe23115e93931faad99fa34550612f",
+                "sha256:dc32029b9cc784a529f9201289d4f841cc24a2ae3126a112cd467bc41bbc2f10",
+                "sha256:e0b55651db770b4b5a6c7d015f24d1a6ede307296bbdf0c47fc5f6a6adc7abee",
+                "sha256:e37886929ee83a5fa5c73164abada00e7f3cc1cbf3f8f6e1e8cfecae9d6cfc47",
+                "sha256:f7b88bc7306136b123fd1a9beed16ca02900ee31d1c36e73fa33d9e525a5562d",
+                "sha256:fac611bde2609a46fcbd92da7171286faa2f5c191f84d22f61cd7dc27213f51d",
+                "sha256:fafed60103132e74cdfbd651abe94801eb87a9765ce275b3dca9af8f3e06622a"
             ],
             "markers": "python_version >= '3.6'",
-            "version": "==2022.7.25"
+            "version": "==2022.8.17"
         },
         "requests": {
             "hashes": [
@@ -697,11 +697,11 @@
         },
         "urllib3": {
             "hashes": [
-                "sha256:c33ccba33c819596124764c23a97d25f32b28433ba0dedeb77d873a38722c9bc",
-                "sha256:ea6e8fb210b19d950fab93b60c9009226c63a28808bc8386e05301e25883ac0a"
+                "sha256:3fa96cf423e6987997fc326ae8df396db2a8b7c667747d47ddd8ecba91f4a74e",
+                "sha256:b930dd878d5a8afb066a637fbb35144fe7901e3b209d1cd4f524bd0e9deee997"
             ],
             "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5' and python_version < '4'",
-            "version": "==1.26.11"
+            "version": "==1.26.12"
         },
         "watchdog": {
             "hashes": [

README.md

@@ -75,13 +75,16 @@ Submit stories or requests to: `freddy@privacyguides.org`
 
 ## Developing
 
+Committing to this repository requires [signing your commits](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits) (`git config commit.gpgsign true`) unless you are making edits via the GitHub.com text editor interface. As of August 2022 the preferred signing method is [SSH commit signatures](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification#ssh-commit-signature-verification), but GPG signing is also acceptable. You should add your signing key to your GitHub profile.
+
 This website uses [`mkdocs-material-insiders`](https://squidfunk.github.io/mkdocs-material/insiders/) which offers additional functionality over the open-source `mkdocs-material` project. For obvious reasons we cannot distribute access to the insiders repository. You can install the website locally with the open-source version of `mkdocs-material`:
 
-1. Clone this repository: 
-    - `git clone https://github.com/privacyguides/privacyguides.org.git`
+1. Clone this repository:
+    - `git clone https://github.com/privacyguides/privacyguides.org.git` (then `cd privacyguides.org`)
     - `git submodule init`
     - `git submodule update docs/assets/brand`
-2. Install [Python 3.6+](https://www.python.org/downloads/)
+    - `git config gpg.ssh.allowedSignersFile .allowed_signers`
+2. Install [Python 3.6+](https://www.python.org/downloads/) (currently only tested with 3.10)
 3. Install [dependencies](/Pipfile): `pip install mkdocs mkdocs-material mkdocs-static-i18n typing-extensions`
 4. Serve the site locally: `mkdocs serve`
     - The site will be available at `http://localhost:8000`
@@ -91,24 +94,23 @@ This website uses [`mkdocs-material-insiders`](https://squidfunk.github.io/mkdoc
 **Team members** should clone the repository with `mkdocs-material-insiders` directly. This method is identical to production:
 
 1. Clone this repository and submodules: `git clone --recurse-submodules https://github.com/privacyguides/privacyguides.org.git`
-2. Install Python **3.7**
-3. Install **pipenv**: `pip install pipenv`
-4. Install dependencies: `pipenv install --dev`
-5. Serve the site locally: `pipenv run mkdocs serve --config-file mkdocs.production.yml`
+2. Enable SSH commit verification with our local [`.allowed_signers`](/.allowed_signers) file: `git config gpg.ssh.allowedSignersFile .allowed_signers`
+3. Install Python **3.10**
+4. Install **pipenv**: `pip install pipenv`
+5. Install dependencies: `pipenv install --dev` (install [Pillow and CairoSVG](https://squidfunk.github.io/mkdocs-material/setup/setting-up-social-cards/#dependencies) as well to generate social cards)
+6. Serve the site locally: `pipenv run mkdocs serve --config-file mkdocs.production.yml` (set `CARDS=true` to generate social cards)
     - The site will be available at `http://localhost:8000`
     - You can build the site locally with `pipenv run mkdocs build`
     - This version of the site should be identical to the live, production version
 
+If you commit to `main` with commits signed with your SSH key, you should add your SSH key to [`.allowed_signers`](/.allowed_signers) in this repo.
+
 ## Releasing
 
 1. Create a new tag: `git tag -s v2.X.X -m 'Some message'`
     - [View existing tags](https://github.com/privacyguides/privacyguides.org/tags)
     - Tag [numbering](https://semver.org/): Increment the MINOR (2nd) number when making significant changes (adding/deleting pages, etc.), increment the PATCH (3rd) number when making minor changes (typos, bug fixes). Probably leave the MAJOR number at 2 until a massive revamp (v1 -> v2 was the Jekyll to MkDocs transition).
+    - Consider enabling GPG tag signing by default (`git config tag.gpgSign true`) to avoid missing signatures
 2. Push the tag to GitHub: `git push --tags`
-3. [Create a new release](https://github.com/privacyguides/privacyguides.org/releases/new) selecting the new tag
-    - Title the release the same as the tag version number, i.e. `v2.X.X`
-      - For more significant releases, add a **short** title, for example [v2.3.0 - Localization Support](https://github.com/privacyguides/privacyguides.org/releases/tag/v2.3.0) or [v2.2.0 - Removing Social Networks](https://github.com/privacyguides/privacyguides.org/releases/tag/v2.2.0)
-    - GitHub should let you auto-generate release notes based on PR titles
-      - Mark more significant changes in bold, see [v2.12.0](https://github.com/privacyguides/privacyguides.org/releases/tag/v2.12.0) for example
-4. Publish release, it will be deployed to the live site automatically
-    - When publishing more significant releases (generally any with a MINOR version increment) check the "Create a discussion for this release" box to post an announcement
+3. A GitHub Release will be automatically created and deployed to the live site.
+    - You may wish to manually check or edit the release changelog/title after it is published for accuracy.

docs/advanced/integrating-metadata-removal.en.md

@@ -7,11 +7,11 @@ When sharing files, it's important to remove associated metadata. Image files co
 
 While there are plenty of metadata removal tools, they typically aren't convenient to use. The guides featured here aim to detail how to integrate metadata removal tools in a simple fashion by utilizing easy-to-access system features.
 
-- [Recommended metadata removal tools :hero-arrow-circle-right-fill:](../metadata-removal-tools.md)
+- [Recommended metadata removal tools :hero-arrow-circle-right-fill:](../data-redaction.md)
 
 ## macOS
 
-This guide uses the [Shortcuts](https://support.apple.com/guide/shortcuts-mac/intro-to-shortcuts-apdf22b0444c/mac) app to add an [ExifTool](../metadata-removal-tools.md#exiftool) script to the *Quick Actions* context menu within Finder. Shortcuts is developed by Apple and bundled in with macOS by default.
+This guide uses the [Shortcuts](https://support.apple.com/guide/shortcuts-mac/intro-to-shortcuts-apdf22b0444c/mac) app to add an [ExifTool](../data-redaction.md#exiftool) script to the *Quick Actions* context menu within Finder. Shortcuts is developed by Apple and bundled in with macOS by default.
 
 Shortcuts is quite intuitive to work with, so if you don't like the behavior demoed here then experiment with your own solution. For example, you could set the shortcut to take a clipboard input instead. The sky's the limit.
 
@@ -79,7 +79,7 @@ Shortcuts is quite intuitive to work with, so if you don't like the behavior dem
 [Shortcuts](https://support.apple.com/guide/shortcuts/welcome/ios) can be made accessible through the system Share Sheet, making accessing those shortcuts very convenient. This guide will show you how to build a metadata removal shortcut and integrate it into the system *Share Sheet*.
 
 !!! warning
-    This method of metadata removal is not as comprehensive at removing metadata as utilities like [ExifTool](../metadata-removal-tools.md#exiftool) and [mat2](../metadata-removal-tools.md#mat2) are.
+    This method of metadata removal is not as comprehensive at removing metadata as utilities like [ExifTool](../data-redaction.md#exiftool) and [mat2](../data-redaction.md#mat2) are.
 
 The lack of *good* metadata removal apps on the App Store is what makes this solution worthwhile.
 
@@ -120,7 +120,7 @@ The lack of *good* metadata removal apps on the App Store is what makes this sol
 
 ## Windows
 
-Windows allows you to place files in a **SendTo** folder which then appear in the *Send to* context menu. This guide will show you how to add an [ExifTool](../metadata-removal-tools.md#exiftool) batch script to this menu.
+Windows allows you to place files in a **SendTo** folder which then appear in the *Send to* context menu. This guide will show you how to add an [ExifTool](../data-redaction.md#exiftool) batch script to this menu.
 
 ![Send to metadata removal shortcut](../assets/img/integrating-metadata-removal/preview-windows.jpg)
 

docs/advanced/signal-configuration-hardening.en.md

@@ -169,7 +169,7 @@ If Signal is blocked in your country, Signal allows you to set up a proxy to byp
 
 You can learn more about Signal's proxy support on their [website](https://support.signal.org/hc/en-us/articles/360056052052-Proxy-Support).
 
-### Keep Your Signal Call History off iCloud (iOS only)
+### Disable Signal Call History (iOS)
 
 Signal allows you to see your call history from your regular phone app. This allows your iOS device to sync your call history with iCloud, including who you spoke to, when, and for how long.
 
@@ -180,7 +180,7 @@ If you use iCloud and you don’t want to share call history on Signal, confirm
 
 ## Signal Hardening
 
-### Avoid Linking Your Signal Account to a Desktop Device
+### Avoid Device Linking
 
 While it may be tempting to link your Signal account to your desktop device for convenience, keep in mind that this extends your trust to an additional and potentially less secure operating system.
 
@@ -194,13 +194,15 @@ It is very important to take device security on both ends into account to ensure
 
 We recommend an up-to-date [GrapheneOS](/android/#grapheneos) or iOS device.
 
-### Hardening Signal with Molly on Android
+### Molly (Android)
+
+On Android you can consider using **Molly**, a fork of the Signal mobile client which aims to provide extensive hardening and anti-forensic features.
 
 !!! recommendation
 
     ![Molly logo](../assets/img/messengers/molly.svg){ align=right }
 
-    **Molly** is a security-focused [Signal](../real-time-communication/#signal) fork that aims to provide extensive hardening and anti-forensic features to people who use Signal.
+    **Molly** is an independent Signal fork which offers additional security features, including locking the app at rest, securely shredding unused RAM data, routing via Tor, and more.
 
     [:octicons-home-16: Homepage](https://molly.im/){ .md-button .md-button--primary }
     [:octicons-eye-16:](https://signal.org/legal/#privacy-policy){ .card-link title="Privacy Policy" }
@@ -242,7 +244,7 @@ To supplement the database encryption feature, Molly securely wipes your device'
 
 While Molly is running, your data is kept in RAM. When any app closes, its data remains in RAM until another app takes the same physical memory pages. That can take seconds or days, depending on many factors. To prevent anyone from dumping the RAM to disk and extracting your data after Molly is locked, the app overrides all free RAM memory with random data when you lock the database.
 
-There is also the ability to configure a SOCKS proxy in Molly to route its traffic through the proxy or Tor (via [Orbot](/android/#orbot)). When enabled, all traffic is routed through the proxy and there are no known IP or DNS leaks. When using this feature, [call relaying](#call-relaying) will always be enabled, regardless of the setting.
+There is also the ability to configure a SOCKS proxy in Molly to route its traffic through the proxy or Tor (via [Orbot](../self-contained-networks.md#orbot)). When enabled, all traffic is routed through the proxy and there are no known IP or DNS leaks. When using this feature, [call relaying](#call-relaying) will always be enabled, regardless of the setting.
 
 Signal adds everyone who you have communicated with to its database. Molly allows you to delete those contacts and stop sharing your profile with them.
 

docs/android.en.md

@@ -33,7 +33,7 @@ We recommend installing one of these custom Android operating systems on your de
     [:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
     [:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
 
-GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging/), while giving you full control over their permissions and access, and while containing them to a specific work profile or user [profile](android/overview.md#user-profiles) of your choice.
+GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging/), while giving you full control over their permissions and access, and while containing them to a specific [work profile](android/overview.md#work-profile) or [user profile](android/overview.md#user-profiles) of your choice.
 
 Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#device-support).
 
@@ -108,34 +108,7 @@ A few more tips for purchasing a Google Pixel:
 
 ## General Apps
 
-### Orbot
-
-!!! recommendation
-
-    ![Orbot logo](assets/img/android/orbot.svg){ align=right }
-
-    **Orbot** is a free proxy app that routes your connections through the Tor Network.
-
-    [:octicons-home-16: Homepage](https://orbot.app/){ .md-button .md-button--primary }
-    [:octicons-eye-16:](https://orbot.app/privacy-policy){ .card-link title="Privacy Policy" }
-    [:octicons-info-16:](https://orbot.app/faqs){ .card-link title=Documentation}
-    [:octicons-code-16:](https://github.com/guardianproject/orbot){ .card-link title="Source Code" }
-    [:octicons-heart-16:](https://orbot.app/donate){ .card-link title=Contribute }
-
-    ??? downloads
-
-        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.torproject.android)
-        - [:pg-f-droid: F-Droid](https://guardianproject.info/fdroid)
-
-Orbot can proxy individual apps if they support SOCKS or HTTP proxying. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN killswitch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
-
-For resistance against traffic analysis attacks, consider enabling *Isolate Destination Address* in :material-menu: → **Settings** → **Connectivity**. This will use a completely different Tor Circuit (different middle relay and exit nodes) for every domain you connect to.
-
-!!! tip
-
-    Orbot is often outdated on the Guardian Project's [F-Droid repository](https://guardianproject.info/fdroid) and [Google Play](https://play.google.com/store/apps/details?id=org.torproject.android) so consider downloading directly from the [GitHub repository](https://github.com/guardianproject/orbot) instead.
-
-    All versions are signed using the same signature so they should be compatible with each other.
+We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
 
 ### Shelter
 
@@ -143,7 +116,7 @@ For resistance against traffic analysis attacks, consider enabling *Isolate Dest
 
     ![Shelter logo](assets/img/android/shelter.svg){ align=right }
 
-    **Shelter** is an app that helps you leverage the Android work profile to isolate other apps.
+    **Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
 
     Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
 
@@ -158,11 +131,9 @@ For resistance against traffic analysis attacks, consider enabling *Isolate Dest
 
 !!! warning
 
-    As CalyxOS includes a device controller, we recommend using their built-in work profile instead.
-
     Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular/) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
 
-    When using Shelter, you are placing complete trust in its developer as Shelter would be acting as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) for the work profile and has extensive access to the data stored within it.
+    When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
 
 ### Auditor
 
@@ -183,6 +154,7 @@ For resistance against traffic analysis attacks, consider enabling *Isolate Dest
 
         - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor)
         - [:fontawesome-brands-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
+        - [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
 
 Auditor performs attestation and intrusion detection by:
 
@@ -194,7 +166,7 @@ Auditor performs attestation and intrusion detection by:
 
 No personally identifiable information is submitted to the attestation service. We recommend that you sign up with an anonymous account and enable remote attestation for continuous monitoring.
 
-If your [threat model](basics/threat-modeling.md) requires privacy, you could consider using Orbot or a VPN to hide your IP address from the attestation service.
+If your [threat model](basics/threat-modeling.md) requires privacy, you could consider using [Orbot](self-contained-networks.md#orbot) or a VPN to hide your IP address from the attestation service.
 To make sure that your hardware and operating system is genuine, [perform local attestation](https://grapheneos.org/install/web#verifying-installation) immediately after the device has been installed and prior to any internet connection.
 
 ### Secure Camera
@@ -215,6 +187,7 @@ To make sure that your hardware and operating system is genuine, [perform local
 
         - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
         - [:fontawesome-brands-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
+        - [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
 
 Main privacy features include:
 
@@ -226,7 +199,7 @@ Main privacy features include:
 
     Metadata is not currently deleted from video files but that is planned.
 
-    The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [Scrambled Exif](https://gitlab.com/juanitobananas/scrambled-exif/).
+    The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](data-redaction.md#exiferaser).
 
 ### Secure PDF Viewer
 
@@ -247,28 +220,7 @@ Main privacy features include:
 
         - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
         - [:fontawesome-brands-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
-
-### PrivacyBlur
-
-!!! recommendation
-
-    ![PrivacyBlur logo](assets/img/android/privacyblur.svg){ align=right }
-
-    **PrivacyBlur** is a free app which can blur sensitive portions of pictures before sharing them online.
-
-    [:octicons-home-16: Homepage](https://privacyblur.app/){ .md-button .md-button--primary }
-    [:octicons-eye-16:](https://privacyblur.app/privacy.html){ .card-link title="Privacy Policy" }
-    [:octicons-info-16:](https://github.com/MATHEMA-GmbH/privacyblur#readme){ .card-link title=Documentation}
-    [:octicons-code-16:](https://github.com/MATHEMA-GmbH/privacyblur){ .card-link title="Source Code" }
-
-    ??? downloads
-
-        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=de.mathema.privacyblur)
-        - [:pg-f-droid: F-Droid](https://f-droid.org/en/packages/de.mathema.privacyblur/)
-
-!!! warning
-
-    You should **never** use blur to redact [text in images](https://bishopfox.com/blog/unredacter-tool-never-pixelation). If you want to redact text in an image, draw a box over the text. For this we suggest [Pocket Paint](https://github.com/Catrobat/Paintroid) or [Imagepipe](https://codeberg.org/Starfish/Imagepipe).
+        - [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
 
 ## Obtaining Applications
 
@@ -278,10 +230,28 @@ GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Ap
 
 ### Aurora Store
 
-The Google Play Store requires a Google account to login which is not great for privacy. The [Aurora Store](https://auroraoss.com/download/AuroraStore/) (a Google Play Store proxy) does not and works most of the time.
+The Google Play Store requires a Google account to login which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
+
+!!! recommendation
+
+    ![Aurora Store logo](assets/img/android/aurora-store.webp){ align=right }
+
+    **Aurora Store** is a Google Play Store client which does not require a Google Account, Google Play Services, or microG to download apps.
+
+    [:octicons-home-16: Homepage](https://auroraoss.com/){ .md-button .md-button--primary }
+    [:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
+
+    ??? downloads
+
+        - [:pg-f-droid: F-Droid](https://f-droid.org/en/packages/com.aurora.store/)
+        - [:fontawesome-brands-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
+
+Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google, however you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
 
 ### F-Droid
 
+![F-Droid logo](assets/img/android/f-droid.svg){ align=right width=120px }
+
 F-Droid is often recommended as an alternative to Google Play, particularly in the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds/) for some applications and is dedicated to free and open-source software. However, there are problems with the official F-Droid client, their quality control, and how they build, sign and deliver packages, outlined in this [post](https://wonderfall.dev/fdroid-issues/).
 
 Sometimes the official F-Droid repository may fall behind on updates. F-Droid maintainers reuse package IDs while signing apps with their own keys, which is not ideal as it does give the F-Droid team ultimate trust. The Google Play version of some apps may contain unwanted telemetry or lack features that are available in the F-Droid version.
@@ -296,8 +266,6 @@ Evaluate whether the additional features in the F-Droid build are worth the slow
 
 #### Neo Store
 
-<small><i>Neo Store is a recent rebrand of Droid-ify.</i></small>
-
 The official F-Droid client targets a [low API level](https://wonderfall.dev/fdroid-issues/#3-low-target-api-level-sdk-for-client--apps) and does not utilize the [seamless updates](https://www.androidcentral.com/google-will-finally-bring-seamless-app-updates-alternative-app-stores-android-12) feature introduced in Android 12. Targeting lower API levels means that the F-Droid client cannot take advantage of the new improvements in the application sandboxes that comes with higher API levels. For automatic updates to work, the F-Droid client requires that the [Privileged Extension](https://f-droid.org/en/packages/org.fdroid.fdroid.privileged/) be included in the operating system, granting it more privileges than what a normal app would have, which is not great for security.
 
 To mitigate these problems, we recommend [Neo Store](https://github.com/NeoApplications/Neo-Store) as it supports seamless updates on Android 12 and above without needing any special privileges and targets a higher API level.
@@ -315,7 +283,7 @@ To mitigate these problems, we recommend [Neo Store](https://github.com/NeoAppli
 
     ??? downloads
 
-        - [:fontawesome-brands-android: IzzyOnDroid (APK)](https://android.izzysoft.de/repo/apk/com.looker.droidify)
+        - [:fontawesome-brands-android: IzzyOnDroid (APK)](https://android.izzysoft.de/repo/apk/com.machiav3lli.fdroid)
         - [:fontawesome-brands-github: GitHub](https://github.com/NeoApplications/Neo-Store/releases)
 
 ### Manually with RSS Notifications

docs/android/overview.en.md

@@ -57,6 +57,7 @@ It's important to not use an [end-of-life](https://endoflife.date/android) versi
 Should you want to run an app that you're unsure about, consider using a user or work profile.
 
 ## Media Access
+
 Quite a few applications allows you to "share" a file with them for media upload. If you want to, for example, tweet a picture to Twitter, do not grant Twitter access to your "media and photos", because it will have access to all of your pictures then. Instead, go to your file manager (documentsUI), hold onto the picture, then share it with Twitter.
 
 ## User Profiles
@@ -69,7 +70,7 @@ With user profiles, you can impose restrictions on a specific profile, such as:
 
 [Work Profiles](https://support.google.com/work/android/answer/6191949) are another way to isolate individual apps and may be more convenient than separate user profiles.
 
-A **device controller** such as [Shelter](#recommended-apps) is required, unless you're using CalyxOS which includes one.
+A **device controller** app such as [Shelter](#recommended-apps) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
 
 The work profile is dependent on a device controller to function. Features such as *File Shuttle* and *contact search blocking* or any kind of isolation features must be implemented by the controller. You must also fully trust the device controller app, as it has full access to your data inside of the work profile.
 

docs/assets/img/android/f-droid.svg

@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<svg xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cc="http://creativecommons.org/ns#" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:svg="http://www.w3.org/2000/svg" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd" xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape" width="48" height="48" viewBox="0 0 48.000001 48.000001" id="svg4230" version="1.1" inkscape:version="0.91 r13725" sodipodi:docname="fdroid-logo.svg">
+  <defs id="defs4232">
+    <linearGradient inkscape:collect="always" id="linearGradient5212">
+      <stop style="stop-color:#ffffff;stop-opacity:0.09803922" offset="0" id="stop5214"/>
+      <stop style="stop-color:#ffffff;stop-opacity:0" offset="1" id="stop5216"/>
+    </linearGradient>
+    <radialGradient inkscape:collect="always" xlink:href="#linearGradient5212" id="radialGradient5220" cx="-98.23381" cy="3.4695871" fx="-98.23381" fy="3.4695871" r="22.671185" gradientTransform="matrix(0,1.9747624,-2.117225,3.9784049e-8,8.677247,1199.588)" gradientUnits="userSpaceOnUse"/>
+    <filter inkscape:collect="always" style="color-interpolation-filters:sRGB" id="filter4175" x="-0.023846937" width="1.0476939" y="-0.02415504" height="1.0483101">
+      <feGaussianBlur inkscape:collect="always" stdDeviation="0.45053152" id="feGaussianBlur4177"/>
+    </filter>
+  </defs>
+  <sodipodi:namedview id="base" pagecolor="#ffffff" bordercolor="#666666" borderopacity="1.0" inkscape:pageopacity="0.0" inkscape:pageshadow="2" inkscape:zoom="11.313708" inkscape:cx="6.4184057" inkscape:cy="25.737489" inkscape:document-units="px" inkscape:current-layer="layer1" showgrid="true" units="px" inkscape:window-width="1920" inkscape:window-height="1009" inkscape:window-x="0" inkscape:window-y="34" inkscape:window-maximized="1" gridtolerance="10000"/>
+  <metadata id="metadata4235">
+    <rdf:RDF>
+      <cc:Work rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type rdf:resource="http://purl.org/dc/dcmitype/StillImage"/>
+        <dc:title/>
+        <cc:license rdf:resource="http://creativecommons.org/licenses/by-sa/3.0/"/>
+      </cc:Work>
+      <cc:License rdf:about="http://creativecommons.org/licenses/by-sa/3.0/">
+        <cc:permits rdf:resource="http://creativecommons.org/ns#Reproduction"/>
+        <cc:permits rdf:resource="http://creativecommons.org/ns#Distribution"/>
+        <cc:requires rdf:resource="http://creativecommons.org/ns#Notice"/>
+        <cc:requires rdf:resource="http://creativecommons.org/ns#Attribution"/>
+        <cc:permits rdf:resource="http://creativecommons.org/ns#DerivativeWorks"/>
+        <cc:requires rdf:resource="http://creativecommons.org/ns#ShareAlike"/>
+      </cc:License>
+    </rdf:RDF>
+  </metadata>
+  <g inkscape:label="Layer 1" inkscape:groupmode="layer" id="layer1" transform="translate(0,-1004.3622)">
+    <path style="color:#000000;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:medium;line-height:normal;font-family:sans-serif;text-indent:0;text-align:start;text-decoration:none;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000000;letter-spacing:normal;word-spacing:normal;text-transform:none;direction:ltr;block-progression:tb;writing-mode:lr-tb;baseline-shift:baseline;text-anchor:start;white-space:normal;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;fill:#263238;fill-opacity:0.4;fill-rule:evenodd;stroke:none;stroke-width:2.5;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;filter:url(#filter4175);color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate" d="m 2.613462,1006.3488 a 1.250125,1.250125 0 0 0 -1.01172,2.0293 l 3.60351,4.6641 c -0.12699,0.3331 -0.20312,0.6915 -0.20312,1.0703 l 0,4 0,2.8652 0,0.1348 c 0,1.662 1.338,3 3,3 l 32,0 c 1.662,0 3,-1.338 3,-3 l 0,-4 0,-2.8652 0,-0.1348 c 0,-0.3803 -0.0771,-0.74 -0.20508,-1.0742 l 3.60156,-4.6602 a 1.250125,1.250125 0 0 0 -1.04882,-2.0273 1.250125,1.250125 0 0 0 -0.92969,0.498 l -3.43164,4.4414 c -0.31022,-0.1079 -0.63841,-0.1777 -0.98633,-0.1777 l -32,0 c -0.34857,0 -0.67757,0.069 -0.98828,0.1777 l -3.4336,-4.4414 a 1.250125,1.250125 0 0 0 -0.96679,-0.5 z m 5.38867,18.7637 c -0.20775,0 -0.40983,0.021 -0.60547,0.061 -1.36951,0.2761 -2.39453,1.4698 -2.39453,2.9101 l 0,0.029 0,19.7793 0,0.029 0,0.1914 c 0,1.662 1.338,3 3,3 l 32,0 c 1.662,0 3,-1.338 3,-3 l 0,-20 0,-0.029 c 0,-1.4403 -1.02502,-2.634 -2.39453,-2.9101 -0.19565,-0.039 -0.39772,-0.061 -0.60547,-0.061 l -32,0 z" id="path4192" inkscape:connector-curvature="0"/>
+    <g id="g5012">
+      <g id="g4179" transform="matrix(-1,0,0,1,47.999779,0)">
+        <path style="fill:#8ab000;fill-opacity:1;fill-rule:evenodd;stroke:#769616;stroke-width:2.5;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" d="m 2.5889342,1006.8622 4.25,5.5" id="path4181" inkscape:connector-curvature="0" sodipodi:nodetypes="cc"/>
+        <path sodipodi:nodetypes="cccccc" inkscape:connector-curvature="0" id="path4183" d="m 2.6113281,1005.6094 c -0.4534623,0.012 -0.7616975,0.189 -0.9807462,0.4486 2.0269314,2.4089 2.368401,2.7916 5.1354735,6.2214 1.0195329,1.319 2.0816026,0.6373 1.0620696,-0.6817 l -4.25,-5.5 c -0.2289894,-0.3056 -0.5850813,-0.478 -0.9667969,-0.4883 z" style="color:#000000;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:medium;line-height:normal;font-family:sans-serif;text-indent:0;text-align:start;text-decoration:none;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000000;letter-spacing:normal;word-spacing:normal;text-transform:none;direction:ltr;block-progression:tb;writing-mode:lr-tb;baseline-shift:baseline;text-anchor:start;white-space:normal;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;fill:#ffffff;fill-opacity:0.29803923;fill-rule:evenodd;stroke:none;stroke-width:2.5;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate"/>
+        <path sodipodi:nodetypes="ccccc" inkscape:connector-curvature="0" id="path4185" d="m 1.6220992,1006.0705 c -0.1238933,0.1479 -0.561176,0.8046 -0.02249,1.5562 l 4.25,5.5 c 1.0195329,1.319 1.1498748,-0.6123 1.1498748,-0.6123 0,0 -3.7344514,-4.51 -5.3773848,-6.4439 z" style="color:#000000;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:medium;line-height:normal;font-family:sans-serif;text-indent:0;text-align:start;text-decoration:none;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000000;letter-spacing:normal;word-spacing:normal;text-transform:none;direction:ltr;block-progression:tb;writing-mode:lr-tb;baseline-shift:baseline;text-anchor:start;white-space:normal;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;fill:#263238;fill-opacity:0.2;fill-rule:evenodd;stroke:none;stroke-width:2.5;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate"/>
+        <path sodipodi:nodetypes="cscccc" inkscape:connector-curvature="0" id="path4187" d="m 2.3378905,1005.8443 c -0.438175,0 -0.959862,0.1416 -0.8242183,0.7986 0.103561,0.5016 4.6608262,6.0744 4.6608262,6.0744 1.0195329,1.319 2.4934721,0.6763 1.4739391,-0.6425 l -4.234375,-5.4727 c -0.2602394,-0.29 -0.6085188,-0.7436 -1.076172,-0.7578 z" style="color:#000000;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:medium;line-height:normal;font-family:sans-serif;text-indent:0;text-align:start;text-decoration:none;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000000;letter-spacing:normal;word-spacing:normal;text-transform:none;direction:ltr;block-progression:tb;writing-mode:lr-tb;baseline-shift:baseline;text-anchor:start;white-space:normal;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;fill:#8ab000;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:2.5;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate"/>
+      </g>
+      <g id="g4955">
+        <path sodipodi:nodetypes="cc" inkscape:connector-curvature="0" id="path4945" d="m 2.5889342,1006.8622 4.25,5.5" style="fill:#8ab000;fill-opacity:1;fill-rule:evenodd;stroke:#769616;stroke-width:2.5;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"/>
+        <path style="color:#000000;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:medium;line-height:normal;font-family:sans-serif;text-indent:0;text-align:start;text-decoration:none;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000000;letter-spacing:normal;word-spacing:normal;text-transform:none;direction:ltr;block-progression:tb;writing-mode:lr-tb;baseline-shift:baseline;text-anchor:start;white-space:normal;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;fill:#ffffff;fill-opacity:0.29803923;fill-rule:evenodd;stroke:none;stroke-width:2.5;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate" d="m 2.6113281,1005.6094 c -0.4534623,0.012 -0.7616975,0.189 -0.9807462,0.4486 2.0269314,2.4089 2.368401,2.7916 5.1354735,6.2214 1.0195329,1.319 2.0816026,0.6373 1.0620696,-0.6817 l -4.25,-5.5 c -0.2289894,-0.3056 -0.5850813,-0.478 -0.9667969,-0.4883 z" id="path4947" inkscape:connector-curvature="0" sodipodi:nodetypes="cccccc"/>
+        <path style="color:#000000;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:medium;line-height:normal;font-family:sans-serif;text-indent:0;text-align:start;text-decoration:none;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000000;letter-spacing:normal;word-spacing:normal;text-transform:none;direction:ltr;block-progression:tb;writing-mode:lr-tb;baseline-shift:baseline;text-anchor:start;white-space:normal;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;fill:#263238;fill-opacity:0.2;fill-rule:evenodd;stroke:none;stroke-width:2.5;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate" d="m 1.6220992,1006.0705 c -0.1238933,0.1479 -0.561176,0.8046 -0.02249,1.5562 l 4.25,5.5 c 1.0195329,1.319 1.1498748,-0.6123 1.1498748,-0.6123 0,0 -3.7344514,-4.51 -5.3773848,-6.4439 z" id="path4951" inkscape:connector-curvature="0" sodipodi:nodetypes="ccccc"/>
+        <path style="color:#000000;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:medium;line-height:normal;font-family:sans-serif;text-indent:0;text-align:start;text-decoration:none;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000000;letter-spacing:normal;word-spacing:normal;text-transform:none;direction:ltr;block-progression:tb;writing-mode:lr-tb;baseline-shift:baseline;text-anchor:start;white-space:normal;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;fill:#8ab000;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:2.5;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate" d="m 2.3378905,1005.8443 c -0.438175,0 -0.959862,0.1416 -0.8242183,0.7986 0.103561,0.5016 4.6608262,6.0744 4.6608262,6.0744 1.0195329,1.319 2.4934721,0.6763 1.4739391,-0.6425 l -4.234375,-5.4727 c -0.2602394,-0.29 -0.6085188,-0.7436 -1.076172,-0.7578 z" id="path4925" inkscape:connector-curvature="0" sodipodi:nodetypes="cscccc"/>
+      </g>
+      <g transform="translate(42,0)" id="g4967">
+        <rect style="opacity:1;fill:#aeea00;fill-opacity:1;stroke:none;stroke-width:3;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:3;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" id="rect4144" width="38" height="13" x="-37" y="1010.3622" rx="3" ry="3"/>
+        <rect ry="3" rx="3" y="1013.3622" x="-37" height="10" width="38" id="rect4961" style="opacity:1;fill:#263238;fill-opacity:0.2;stroke:none;stroke-width:3;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:3;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"/>
+        <rect ry="3" rx="3" y="1010.3622" x="-37" height="10" width="38" id="rect4963" style="opacity:1;fill:#ffffff;fill-opacity:0.29803923;stroke:none;stroke-width:3;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:3;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"/>
+        <rect ry="2.5384617" rx="3" y="1011.3622" x="-37" height="11" width="38" id="rect4965" style="opacity:1;fill:#aeea00;fill-opacity:1;stroke:none;stroke-width:3;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:3;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"/>
+      </g>
+      <g id="g4979">
+        <rect style="opacity:1;fill:#1976d2;fill-opacity:1;stroke:none;stroke-width:3;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:3;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" id="rect4146" width="38" height="26" x="5" y="1024.3622" rx="3" ry="3"/>
+        <rect ry="3" rx="3" y="1037.3622" x="5" height="13" width="38" id="rect4973" style="opacity:1;fill:#263238;fill-opacity:0.2;stroke:none;stroke-width:3;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:3;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"/>
+        <rect ry="3" rx="3" y="1024.3622" x="5" height="13" width="38" id="rect4975" style="opacity:1;fill:#ffffff;fill-opacity:0.2;stroke:none;stroke-width:3;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:3;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"/>
+        <rect ry="2.7692308" rx="3" y="1025.3622" x="5" height="24" width="38" id="rect4977" style="opacity:1;fill:#1976d2;fill-opacity:1;stroke:none;stroke-width:3;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:3;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"/>
+      </g>
+      <g transform="translate(0,1013.3622)" id="g4211">
+        <path style="color:#000000;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:medium;line-height:normal;font-family:sans-serif;text-indent:0;text-align:start;text-decoration:none;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000000;letter-spacing:normal;word-spacing:normal;text-transform:none;direction:ltr;block-progression:tb;writing-mode:lr-tb;baseline-shift:baseline;text-anchor:start;white-space:normal;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;fill:#0d47a1;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:3;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate" d="m 24,17.75 c -2.880662,0 -5.319789,1.984685 -6.033203,4.650391 l 3.212891,0 C 21.734004,21.415044 22.774798,20.75 24,20.75 c 1.812692,0 3.25,1.437308 3.25,3.25 0,1.812693 -1.437308,3.25 -3.25,3.25 -1.307381,0 -2.411251,-0.75269 -2.929688,-1.849609 l -3.154296,0 C 18.558263,28.166146 21.04791,30.25 24,30.25 c 3.434013,0 6.25,-2.815987 6.25,-6.25 0,-3.434012 -2.815987,-6.25 -6.25,-6.25 z" id="path4161" inkscape:connector-curvature="0"/>
+        <circle style="opacity:1;fill:none;fill-opacity:0.40392157;stroke:#0d47a1;stroke-width:1.89999998;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" id="path4209" cx="24" cy="24" r="9.5500002"/>
+      </g>
+      <g id="g4989" transform="translate(0,0.50001738)">
+        <ellipse cy="1016.4872" cx="14.375" id="circle4985" style="opacity:1;fill:#263238;fill-opacity:0.2;stroke:none;stroke-width:1.89999998;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:0.69721117" rx="3.375" ry="3.875"/>
+        <circle style="opacity:1;fill:#ffffff;fill-opacity:1;stroke:none;stroke-width:1.89999998;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:0.69721117" id="path4859" cx="14.375" cy="1016.9872" r="3.375"/>
+      </g>
+      <g transform="translate(19.5,0.50001738)" id="g4171">
+        <ellipse ry="3.875" rx="3.375" style="opacity:1;fill:#263238;fill-opacity:0.2;stroke:none;stroke-width:1.89999998;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:0.69721117" id="ellipse4175" cx="14.375" cy="1016.4872"/>
+        <circle r="3.375" cy="1016.9872" cx="14.375" id="circle4177" style="opacity:1;fill:#ffffff;fill-opacity:1;stroke:none;stroke-width:1.89999998;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:0.69721117"/>
+      </g>
+    </g>
+    <path inkscape:connector-curvature="0" id="path5128" d="m 2.613462,1005.5987 a 1.250125,1.250125 0 0 0 -1.01172,2.0293 l 3.60351,4.6641 c -0.12699,0.3331 -0.20312,0.6915 -0.20312,1.0703 l 0,4 0,2.8652 0,0.1348 c 0,1.662 1.338,3 3,3 l 32,0 c 1.662,0 3,-1.338 3,-3 l 0,-4 0,-2.8652 0,-0.1348 c 0,-0.3803 -0.0771,-0.74 -0.20508,-1.0742 l 3.60156,-4.6602 a 1.250125,1.250125 0 0 0 -1.04882,-2.0273 1.250125,1.250125 0 0 0 -0.92969,0.498 l -3.43164,4.4414 c -0.31022,-0.1079 -0.63841,-0.1777 -0.98633,-0.1777 l -32,0 c -0.34857,0 -0.67757,0.069 -0.98828,0.1777 l -3.4336,-4.4414 a 1.250125,1.250125 0 0 0 -0.96679,-0.5 z m 5.38867,18.7637 c -0.20775,0 -0.40983,0.021 -0.60547,0.061 -1.36951,0.2761 -2.39453,1.4698 -2.39453,2.9101 l 0,0.029 0,19.7793 0,0.029 0,0.1914 c 0,1.662 1.338,3 3,3 l 32,0 c 1.662,0 3,-1.338 3,-3 l 0,-20 0,-0.029 c 0,-1.4403 -1.02502,-2.634 -2.39453,-2.9101 -0.19565,-0.039 -0.39772,-0.061 -0.60547,-0.061 l -32,0 z" style="color:#000000;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:medium;line-height:normal;font-family:sans-serif;text-indent:0;text-align:start;text-decoration:none;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000000;letter-spacing:normal;word-spacing:normal;text-transform:none;direction:ltr;block-progression:tb;writing-mode:lr-tb;baseline-shift:baseline;text-anchor:start;white-space:normal;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;fill:url(#radialGradient5220);fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:2.5;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate"/>
+  </g>
+</svg>

docs/assets/img/router/opnsense.svg

@@ -0,0 +1,125 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE svg  PUBLIC '-//W3C//DTD SVG 1.1//EN'  'http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd'>
+<svg clip-rule="evenodd" fill-rule="evenodd" stroke-linejoin="round" stroke-miterlimit="2" version="1.1" viewBox="0 0 128 128" xml:space="preserve" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
+    <g transform="matrix(1.0638 0 0 1.0684 -29.885 -16.775)">
+        <clipPath id="_clip1">
+            <path d="m38.8 34.1v-4.8c0-0.4 0.1-1.1 0.1-1.1l0.2-0.5v-0.2l0.2-0.4 0.1-0.1 0.1-0.2 0.1-0.1v-0.1l0.2-0.2v-0.1l0.7-0.7 0.2-0.1h0.1l0.3-0.2h0.3l0.6-0.3c0.4-0.1 0.7-0.1 1.1-0.1h94.6v9.2h9v-18.4h-103.6c-7.3 0-13.3 6.1-13.3 13.6v4.8h9z"/>
+        </clipPath>
+        <g clip-path="url(#_clip1)">
+            <rect x="30.2" y="14.7" width="117.1" height="12" fill="#898b8d"/>
+        </g>
+        <clipPath id="_clip2">
+            <path d="m38.8 34.1v-4.8c0-0.4 0.1-1.1 0.1-1.1l0.2-0.5v-0.2l0.2-0.4 0.1-0.1 0.1-0.2 0.1-0.1v-0.1l0.2-0.2v-0.1l0.7-0.7 0.2-0.1h0.1l0.3-0.2h0.3l0.6-0.3c0.4-0.1 0.7-0.1 1.1-0.1h94.6v9.2h9v-18.4h-103.6c-7.3 0-13.3 6.1-13.3 13.6v4.8h9z"/>
+        </clipPath>
+        <g clip-path="url(#_clip2)">
+            <clipPath id="_clip3">
+                <path d="m133.8 27 13.2-7.1 3.7 7.2-13.2 7.1-3.7-7.2z" clip-rule="nonzero"/>
+            </clipPath>
+            <g clip-path="url(#_clip3)">
+                <g transform="matrix(.93998 -0 -0 .93594 28.091 15.7)">
+                    <use transform="scale(.98026 .94825)" x="114.723" y="4.732" width="13.724px" height="15.172px" xlink:href="#_Image4"/>
+                </g>
+            </g>
+        </g>
+        <clipPath id="_clip5">
+            <path d="m38.8 34.1v-4.8c0-0.4 0.1-1.1 0.1-1.1l0.2-0.5v-0.2l0.2-0.4 0.1-0.1 0.1-0.2 0.1-0.1v-0.1l0.2-0.2v-0.1l0.7-0.7 0.2-0.1h0.1l0.3-0.2h0.3l0.6-0.3c0.4-0.1 0.7-0.1 1.1-0.1h94.6v9.2h9v-18.4h-103.6c-7.3 0-13.3 6.1-13.3 13.6v4.8h9z"/>
+        </clipPath>
+        <g clip-path="url(#_clip5)">
+            <clipPath id="_clip6">
+                <path d="m31.9 21.1 10.7 5.8-3.7 7.2-10.7-5.7 3.7-7.3z" clip-rule="nonzero"/>
+            </clipPath>
+            <g clip-path="url(#_clip6)">
+                <g transform="matrix(.93998 -0 -0 .93594 28.091 15.7)">
+                    <use transform="scale(.97267 .99213)" x="1.869" y="5.815" width="13.617px" height="13.89px" xlink:href="#_Image7"/>
+                </g>
+            </g>
+        </g>
+        <rect x="47.8" y="34.1" width="80.9" height="9.2" fill="#403f41"/>
+        <rect x="47.8" y="108" width="80.9" height="9.2" fill="#403f41"/>
+        <clipPath id="_clip8">
+            <path d="m137.7 117.1v4.9c0 0.4-0.1 1.1-0.1 1.1l-0.2 0.5v0.2l-0.2 0.4-0.1 0.1-0.1 0.2-0.1 0.1v0.1l-0.2 0.2v0.1l-0.5 0.5h-0.1l-0.1 0.1-0.2 0.1-0.1 0.1-0.3 0.2h-0.3l-0.5 0.2c-0.4 0.1-0.7 0.1-1.1 0.1h-94.7v-9.2h-9v18.4h103.6c7.3 0 13.3-6.1 13.3-13.6v-4.8h-9z"/>
+        </clipPath>
+        <g clip-path="url(#_clip8)">
+            <rect x="29.2" y="124.6" width="117.1" height="12" fill="#898b8d"/>
+        </g>
+        <clipPath id="_clip9">
+            <path d="m137.7 117.1v4.9c0 0.4-0.1 1.1-0.1 1.1l-0.2 0.5v0.2l-0.2 0.4-0.1 0.1-0.1 0.2-0.1 0.1v0.1l-0.2 0.2v0.1l-0.5 0.5h-0.1l-0.1 0.1-0.2 0.1-0.1 0.1-0.3 0.2h-0.3l-0.5 0.2c-0.4 0.1-0.7 0.1-1.1 0.1h-94.7v-9.2h-9v18.4h103.6c7.3 0 13.3-6.1 13.3-13.6v-4.8h-9z"/>
+        </clipPath>
+        <g clip-path="url(#_clip9)">
+            <clipPath id="_clip10">
+                <path d="m42.7 124.4-13.2 7.1-3.7-7.3 13.2-7.1 3.7 7.3z" clip-rule="nonzero"/>
+            </clipPath>
+            <g clip-path="url(#_clip10)">
+                <g transform="matrix(.93998 -0 -0 .93594 28.091 15.7)">
+                    <use transform="scale(.98026 .9616)" x="1.854" y="112.667" width="13.724px" height="15.386px" xlink:href="#_Image11"/>
+                </g>
+            </g>
+        </g>
+        <clipPath id="_clip12">
+            <path d="m137.7 117.1v4.9c0 0.4-0.1 1.1-0.1 1.1l-0.2 0.5v0.2l-0.2 0.4-0.1 0.1-0.1 0.2-0.1 0.1v0.1l-0.2 0.2v0.1l-0.5 0.5h-0.1l-0.1 0.1-0.2 0.1-0.1 0.1-0.3 0.2h-0.3l-0.5 0.2c-0.4 0.1-0.7 0.1-1.1 0.1h-94.7v-9.2h-9v18.4h103.6c7.3 0 13.3-6.1 13.3-13.6v-4.8h-9z"/>
+        </clipPath>
+        <g clip-path="url(#_clip12)">
+            <clipPath id="_clip13">
+                <path d="m144.7 130.2-10.8-5.8 3.7-7.2 10.8 5.7-3.7 7.3z" clip-rule="nonzero"/>
+            </clipPath>
+            <g clip-path="url(#_clip13)">
+                <g transform="matrix(.93998 -0 -0 .93594 28.091 15.7)">
+                    <use transform="scale(.97267 .99213)" x="115.728" y="109.308" width="13.617px" height="13.89px" xlink:href="#_Image14"/>
+                </g>
+            </g>
+        </g>
+        <rect x="38.8" y="52.6" width="34.6" height="9.2" fill="#58595b"/>
+        <clipPath id="_clip15">
+            <path d="m69.7 69.2-31.3-16.8 3.7-7.4 31.4 16.8-3.8 7.4z" clip-rule="nonzero"/>
+        </clipPath>
+        <g clip-path="url(#_clip15)">
+            <g transform="matrix(.93998 -0 -0 .93594 28.091 15.7)">
+                <use transform="scale(.98266 .99448)" x="11.16" y="31.479" width="37.341px" height="25.856px" xlink:href="#_Image16"/>
+            </g>
+        </g>
+        <rect x="103.1" y="52.6" width="34.6" height="9.2" fill="#58595b"/>
+        <clipPath id="_clip17">
+            <path d="m106.8 69.2 31.4-16.8-3.8-7.4-31.3 16.8 3.7 7.4z" clip-rule="nonzero"/>
+        </clipPath>
+        <g clip-path="url(#_clip17)">
+            <g transform="matrix(.93998 -0 -0 .93594 28.091 15.7)">
+                <use transform="scale(.98266 .99448)" x="81.206" y="31.479" width="37.341px" height="25.856px" xlink:href="#_Image16"/>
+            </g>
+        </g>
+        <rect x="103.1" y="89.5" width="34.6" height="9.2" fill="#58595b"/>
+        <clipPath id="_clip18">
+            <path d="m106.8 82.1 31.4 16.8-3.8 7.4-31.3-16.8 3.7-7.4z" clip-rule="nonzero"/>
+        </clipPath>
+        <g clip-path="url(#_clip18)">
+            <g transform="matrix(.93998 -0 -0 .93594 28.091 15.7)">
+                <use transform="scale(.98266 .99448)" x="81.206" y="71.339" width="37.341px" height="25.856px" xlink:href="#_Image16"/>
+            </g>
+        </g>
+        <rect x="38.8" y="89.5" width="34.6" height="9.2" fill="#58595b"/>
+        <clipPath id="_clip19">
+            <path d="m69.7 82.1-31.3 16.8 3.7 7.4 31.4-16.8-3.8-7.4z" clip-rule="nonzero"/>
+        </clipPath>
+        <g clip-path="url(#_clip19)">
+            <g transform="matrix(.93998 -0 -0 .93594 28.091 15.7)">
+                <use transform="scale(.98266 .99448)" x="11.16" y="71.339" width="37.341px" height="25.856px" xlink:href="#_Image16"/>
+            </g>
+        </g><g fill-rule="nonzero">
+        <path d="m73.4 52.6v9.2l-43.6-23.3v-9.2l43.6 23.3z" fill="url(#_Linear20)"/>
+        <path d="m103.1 52.6v9.2l43.6-23.3v-9.2l-43.6 23.3z" fill="url(#_Linear21)"/>
+        <path d="m103.1 98.8v-9.3l43.6 23.3v9.3l-43.6-23.3z" fill="url(#_Linear22)"/>
+        <path d="m73.4 98.8v-9.3l-43.6 23.3v9.3l43.6-23.3z" fill="url(#_Linear23)"/>
+        <path d="m103.1 80.3 25.6 13.7v-9.3l-8.3-4.4h26.3v-9.3h-26.3l8.3-4.4v-9.2l-25.6 13.6v9.3z" fill="#e24525"/>
+        <path d="m47.8 94 25.6-13.7v-9.3l-25.6-13.6v9.2l8.4 4.4h-26.4v9.3h26.3l-8.3 4.4v9.3z" fill="#e24525"/>
+    </g></g>
+    <defs>
+        <image id="_Image4" width="14px" height="16px" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAA4AAAAQCAYAAAAmlE46AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAI0lEQVQokWMsLi7+z0AGYCJH00jRyIguQGwoDyE/jmqkhUYAma0EzxtWDhkAAAAASUVORK5CYII="/>
+        <image id="_Image7" width="14px" height="14px" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAA4AAAAOCAYAAAAfSC3RAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAPklEQVQokWNkgILi4uL/DCQARnI0MTAwMDCRqgFuIzm2UWQjC6kaent7GUm2EaaJZI3IgGiNyLbRx8YhrBEAaikMHGN+VycAAAAASUVORK5CYII="/>
+        <image id="_Image11" width="14px" height="16px" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAA4AAAAQCAYAAAAmlE46AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAKUlEQVQokWM0Njb+z0AEOHv2LCMyn4kYTdjAqMbhoZGR2JRDNRtHgkYALcwFtyg+QT8AAAAASUVORK5CYII="/>
+        <image id="_Image14" width="14px" height="14px" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAA4AAAAOCAYAAAAfSC3RAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAP0lEQVQokWNkQAPGxsb/0cWwASZiFI1UjYzIHGJDlDo2kmIbAwMDAyOpGmCAvqF69uxZRvrZePbsWUYGBgYGAL1XC0kWB9UkAAAAAElFTkSuQmCC"/>
+        <image id="_Image16" width="38px" height="26px" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACYAAAAaCAYAAADbhS54AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAPElEQVRIie3OsRGAIAAAMWRKPPefQyagSKXFZ4Jc637e8UPz68BJMVVMFVPFVDFVTBVTxVQxVUwVU8XUBl5UAj8RVzT1AAAAAElFTkSuQmCC"/>
+        <linearGradient id="_Linear20" x2="1" gradientTransform="matrix(43.56,0,0,43.56,29.84,45.5)" gradientUnits="userSpaceOnUse"><stop stop-color="#a6a8ab" offset="0"/><stop stop-color="#a6a8ab" offset=".24"/><stop stop-color="#404040" offset="1"/></linearGradient>
+        <linearGradient id="_Linear21" x2="1" gradientTransform="matrix(-43.6 5.3395e-15 -5.3395e-15 -43.6 146.7 45.5)" gradientUnits="userSpaceOnUse"><stop stop-color="#a6a8ab" offset="0"/><stop stop-color="#a6a8ab" offset=".24"/><stop stop-color="#404040" offset="1"/></linearGradient>
+        <linearGradient id="_Linear22" x2="1" gradientTransform="matrix(-43.56 5.3346e-15 -5.3346e-15 -43.56 146.68 606)" gradientUnits="userSpaceOnUse"><stop stop-color="#a6a8ab" offset="0"/><stop stop-color="#a6a8ab" offset=".24"/><stop stop-color="#404040" offset="1"/></linearGradient>
+        <linearGradient id="_Linear23" x2="1" gradientTransform="matrix(43.53,0,0,43.53,29.9,606)" gradientUnits="userSpaceOnUse"><stop stop-color="#a6a8ab" offset="0"/><stop stop-color="#a6a8ab" offset=".24"/><stop stop-color="#404040" offset="1"/></linearGradient>
+    </defs>
+</svg>

docs/assets/img/router/pfsense-dark.svg

@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867"><g fill="#fff" stroke-width=".437"><path d="m9.7887 23.904c1.2673 0 2.3598-0.3933 3.2775-1.1362 0.91769-0.74289 1.5732-1.748 1.9228-2.9716s0.2622-2.2287-0.2185-2.9716c-0.48069-0.74289-1.3984-1.1362-2.6657-1.1362s-2.3598 0.39329-3.2775 1.1362c-0.91768 0.74289-1.5295 1.748-1.8791 2.9716s-0.3059 2.2287 0.2185 2.9716c0.43699 0.78659 1.311 1.1362 2.622 1.1362" class="pf0"/><path d="m20.626 15.688 1.1362-4.0203h2.0102l0.78659-2.8842c0.2622-0.87399 0.56809-1.748 0.96138-2.5346 0.34959-0.78659 0.87399-1.4858 1.4858-2.0976 0.61179-0.61179 1.3984-1.0925 2.3161-1.4421 0.91769-0.34959 2.0976-0.52439 3.4522-0.52439 0.3496 0 0.65549 0 1.0051 0.0437-0.3059-1.2673-1.4421-2.185-2.7531-2.2287h-28.186c-1.5732 0-2.8405 1.311-2.8405 2.8842v25.083l4.5884-16.3h4.6321l-0.61179 2.1413h0.0874c0.2622-0.3059 0.61179-0.56809 1.0488-0.87399 0.43699-0.3059 0.87399-0.56809 1.3547-0.83029 0.48069-0.2622 1.0051-0.43699 1.5732-0.61179 0.56809-0.1748 1.1362-0.2185 1.7043-0.2185 1.2236 0 2.2287 0.2185 3.1027 0.61179 0.87399 0.3933 1.5295 1.0051 2.0539 1.748 0.43699 0.65549 0.69919 1.4421 0.83029 2.3598l0.34959-0.2622h-0.0874z" class="pf1"/><path d="m33.517 6.5112c-0.2185-0.043702-0.48069-0.087403-0.78659-0.087403-0.78659 0-1.4421 0.1748-1.9665 0.52439-0.48069 0.34959-0.91768 1.0488-1.2236 2.1413l-0.74289 2.5783h2.8405l0.69919 2.2287-1.8354 1.7917h-2.8405l-3.4522 12.236h-4.9817l3.4522-12.236h-1.9228l-0.39329 0.2622c0 0.0874 0.0437 0.2185 0.0437 0.3059 0.0874 1.0051-0.0437 2.1413-0.39329 3.3649-0.3059 1.1362-0.78659 2.2287-1.4421 3.2775-0.65549 1.0488-1.3984 1.9665-2.2287 2.7531-0.87399 0.78659-1.8354 1.4421-2.8842 1.9228-1.0488 0.48069-2.1413 0.69919-3.3212 0.69919-1.0488 0-1.9665-0.1748-2.7968-0.48069-0.83029-0.3059-1.3984-0.87399-1.748-1.6606h-0.0874l-2.185 7.7348h27.662c1.5732 0 2.8842-1.2673 2.8842-2.8842v-24.341c-0.13111-0.043702-0.2622-0.087403-0.3496-0.13111" class="pf2"/></g></svg>

docs/assets/img/router/pfsense.svg

@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867"><g stroke-width=".437"><path fill="#2b40b5" d="m9.7887 23.904c1.2673 0 2.3598-0.3933 3.2775-1.1362 0.91769-0.74289 1.5732-1.748 1.9228-2.9716s0.2622-2.2287-0.2185-2.9716c-0.48069-0.74289-1.3984-1.1362-2.6657-1.1362s-2.3598 0.39329-3.2775 1.1362c-0.91768 0.74289-1.5295 1.748-1.8791 2.9716-0.3496 1.2236-0.3059 2.2287 0.2185 2.9716 0.43699 0.78659 1.311 1.1362 2.622 1.1362" class="pf0"/><path fill="#08c" d="m20.626 15.688 1.1362-4.0203h2.0102l0.78659-2.8842c0.2622-0.87399 0.56809-1.748 0.96138-2.5346 0.34959-0.78659 0.87399-1.4858 1.4858-2.0976 0.61179-0.61179 1.3984-1.0925 2.3161-1.4421 0.91769-0.34959 2.0976-0.52439 3.4522-0.52439 0.3496 0 0.65549 0 1.0051 0.0437-0.3059-1.2673-1.4421-2.185-2.7531-2.2287h-28.186c-1.5732 0-2.8405 1.311-2.8405 2.8842v25.083l4.5884-16.3h4.6321l-0.61179 2.1413h0.0874c0.2622-0.3059 0.61179-0.56809 1.0488-0.87399 0.43699-0.3059 0.87399-0.56809 1.3547-0.83029 0.48069-0.2622 1.0051-0.43699 1.5732-0.61179 0.56809-0.1748 1.1362-0.2185 1.7043-0.2185 1.2236 0 2.2287 0.2185 3.1027 0.61179 0.87399 0.3933 1.5295 1.0051 2.0539 1.748 0.43699 0.65549 0.69919 1.4421 0.83029 2.3598l0.34959-0.2622h-0.0874z" class="pf1"/><path fill="#1c1275" d="m33.517 6.5112c-0.2185-0.043702-0.48069-0.087403-0.78659-0.087403-0.78659 0-1.4421 0.1748-1.9665 0.52439-0.48069 0.34959-0.91768 1.0488-1.2236 2.1413l-0.74289 2.5783h2.8405l0.69919 2.2287-1.8354 1.7917h-2.8405l-3.4522 12.236h-4.9817l3.4522-12.236h-1.9228l-0.39329 0.2622c0 0.0874 0.0437 0.2185 0.0437 0.3059 0.0874 1.0051-0.0437 2.1413-0.39329 3.3649-0.3059 1.1362-0.78659 2.2287-1.4421 3.2775-0.65549 1.0488-1.3984 1.9665-2.2287 2.7531-0.87399 0.78659-1.8354 1.4421-2.8842 1.9228-1.0488 0.48069-2.1413 0.69919-3.3212 0.69919-1.0488 0-1.9665-0.1748-2.7968-0.48069-0.83029-0.3059-1.3984-0.87399-1.748-1.6606h-0.0874l-2.185 7.7348h27.662c1.5732 0 2.8842-1.2673 2.8842-2.8842v-24.341c-0.13111-0.043702-0.2622-0.087403-0.3496-0.13111" class="pf2"/></g></svg>

docs/data-redaction.en.md

@@ -1,5 +1,5 @@
 ---
-title: "Metadata Removal Tools"
+title: "Data and Metadata Redaction"
 icon: material/tag-remove
 ---
 When sharing files, be sure to remove associated metadata. Image files commonly include [Exif](https://en.wikipedia.org/wiki/Exif) data. Photos sometimes even include GPS coordinates in the file metadata.
@@ -10,7 +10,7 @@ When sharing files, be sure to remove associated metadata. Image files commonly
 
 !!! recommendation
 
-    ![ExifCleaner logo](assets/img/metadata-removal/exifcleaner.svg){ align=right }
+    ![ExifCleaner logo](assets/img/data-redaction/exifcleaner.svg){ align=right }
 
     **ExifCleaner** is a freeware, open-source graphical app that uses [ExifTool](https://exiftool.org) to remove Exif metadata from images, videos, and PDF documents using a simple drag and drop interface. It supports multi-core batch processing and dark mode.
 
@@ -28,7 +28,7 @@ When sharing files, be sure to remove associated metadata. Image files commonly
 
 !!! recommendation
 
-    ![MAT2 logo](assets/img/metadata-removal/mat2.svg){ align=right }
+    ![MAT2 logo](assets/img/data-redaction/mat2.svg){ align=right }
 
     **MAT2** is free software, which allows the metadata to be removed from image, audio, torrent, and document file types. It provides both a command line tool and a graphical user interface via an [extension for Nautilus](https://0xacab.org/jvoisin/mat2/-/tree/master/nautilus), the default file manager of [GNOME](https://www.gnome.org), and [Dolphin](https://0xacab.org/jvoisin/mat2/-/tree/master/dolphin), the default file manager of [KDE](https://kde.org).
 
@@ -51,7 +51,7 @@ When sharing files, be sure to remove associated metadata. Image files commonly
 
 !!! recommendation
 
-    ![ExifEraser logo](assets/img/metadata-removal/exiferaser.svg){ align=right }
+    ![ExifEraser logo](assets/img/data-redaction/exiferaser.svg){ align=right }
 
     **ExifEraser** is a modern, permissionless image metadata erasing application for Android.
 
@@ -87,7 +87,7 @@ The app offers multiple ways to erase metadata from images. Namely:
 
 !!! recommendation
 
-    ![Metapho logo](assets/img/metadata-removal/metapho.jpg){ align=right }
+    ![Metapho logo](assets/img/data-redaction/metapho.jpg){ align=right }
 
     Metapho is a simple and clean viewer for photo metadata such as date, file name, size, camera model, shutter speed, and location.
 
@@ -100,13 +100,35 @@ The app offers multiple ways to erase metadata from images. Namely:
 
         - [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/metapho/id914457352)
 
+### PrivacyBlur (Android)
+
+!!! recommendation
+
+    ![PrivacyBlur logo](assets/img/data-redaction/privacyblur.svg){ align=right }
+
+    **PrivacyBlur** is a free app which can blur sensitive portions of pictures before sharing them online.
+
+    [:octicons-home-16: Homepage](https://privacyblur.app/){ .md-button .md-button--primary }
+    [:octicons-eye-16:](https://privacyblur.app/privacy.html){ .card-link title="Privacy Policy" }
+    [:octicons-info-16:](https://github.com/MATHEMA-GmbH/privacyblur#readme){ .card-link title=Documentation}
+    [:octicons-code-16:](https://github.com/MATHEMA-GmbH/privacyblur){ .card-link title="Source Code" }
+
+    ??? downloads
+
+        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=de.mathema.privacyblur)
+        - [:pg-f-droid: F-Droid](https://f-droid.org/en/packages/de.mathema.privacyblur/)
+
+!!! warning
+
+    You should **never** use blur to redact [text in images](https://bishopfox.com/blog/unredacter-tool-never-pixelation). If you want to redact text in an image, draw a box over the text. For this we suggest [Pocket Paint](https://github.com/Catrobat/Paintroid) or [Imagepipe](https://codeberg.org/Starfish/Imagepipe).
+
 ## Command-line
 
 ### ExifTool
 
 !!! recommendation
 
-    ![ExifTool logo](assets/img/metadata-removal/exiftool.png){ align=right }
+    ![ExifTool logo](assets/img/data-redaction/exiftool.png){ align=right }
 
     **ExifTool** is the original perl library and command-line application for reading, writing, and editing meta information (Exif, IPTC, XMP, and more) in a wide variety of file formats (JPEG, TIFF, PNG, PDF, RAW, and more).
 

docs/desktop-browsers.en.md

@@ -211,7 +211,7 @@ Under the *System* menu
 
 ## Additional Resources
 
-We generally do not recommend installing any extensions as they increase your attack surface. However, uBlock Origin or AdGuard may prove useful if you value content blocking functionality.
+We generally do not recommend installing any extensions as they increase your attack surface. However, uBlock Origin may prove useful if you value content blocking functionality.
 
 ### uBlock Origin
 

docs/encryption.en.md

@@ -102,34 +102,39 @@ BitLocker is [only supported](https://support.microsoft.com/en-us/windows/turn-o
 
     To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module.
 
-    1. Open Windows [PowerShell](https://en.wikipedia.org/wiki/PowerShell).
+    1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
 
-    2. Check to see partition table format:
         ```
-        powershell Get-Disk 0 | findstr GPT && echo This is a GPT system disk!
+        powershell Get-Disk
         ```
 
-    3. Check TPM version. The value returned must be "3 True". The spec must be 1.2 or above.
+    2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`:
+
         ```
-        powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm | findstr "IsActivated IsEnabled IsOwned SpecVersion"
+        powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
         ```
 
-    4. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
+    3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
+
+    4. Login with your admin account and type this in the command prompt to start encryption:
 
-    5. Login with your account that has admin privileges and type this to start encryption:
         ```
         manage-bde -on c: -used
         ```
 
-    6. Close the command prompt, and enter into PowerShell:
-    ```
-    manage-bde c: -protectors -add -rp -tpm
-    manage-bde -protectors -enable c:
-    manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt
-    ```
+    5. Close the command prompt and continue booting to regular Windows.
+    
+    6. Open an admin command prompt and run the following commands:
 
-        !!! warning
-            Backup `BitLocker-Recovery-Key.txt` on a separate storage device. Loss of this recovery code, may result in loss of data.
+        ```
+        manage-bde c: -protectors -add -rp -tpm
+        manage-bde -protectors -enable c:
+        manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt
+        ```
+
+        !!! important
+
+            Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device. Loss of this recovery code may result in loss of data.
 
 ### FileVault
 

docs/file-sharing.en.md

@@ -6,20 +6,6 @@ Discover how to privately share your files between your devices, with your frien
 
 ## File Sharing
 
-### Bitwarden Send
-
-!!! recommendation
-
-    ![Bitwarden logo](assets/img/file-sharing-sync/bitwarden.svg){ align=right }
-
-    **Bitwarden Send** is a tool provided by the [Bitwarden](passwords.md#bitwarden) password manager. It allows you to share text and files securely with [end-to-end encryption](https://bitwarden.com/help/send-encryption). A [password](https://bitwarden.com/help/send-privacy/#send-passwords) can be required along with the send link. Bitwarden Send also features [automatic deletion](https://bitwarden.com/help/send-lifespan).
-
-    You need the [Premium Plan](https://bitwarden.com/help/about-bitwarden-plans/#compare-personal-plans) to be able to share files. Free plan only allows text sharing.
-
-    [:octicons-home-16: Homepage](https://bitwarden.com/products/send/){ .md-button .md-button--primary }
-    [:octicons-info-16:](https://bitwarden.com/help/about-send/){ .card-link title=Documentation}
-    [:octicons-code-16:](https://github.com/bitwarden/clients){ .card-link title="Source Code" }
-
 ### OnionShare
 
 !!! recommendation

docs/linux-desktop/hardening.en.md

@@ -131,4 +131,4 @@ The second option is to creating an [EFI Boot Stub](https://wiki.archlinux.org/t
 
 After setting up Secure Boot it is crucial that you set a “firmware password” (also called a “supervisor password”, “BIOS password” or “UEFI password”), otherwise an adversary can simply disable Secure Boot.
 
-These recommendations can make you a little more resistant to [evil maid](https://en.wikipedia.org/wiki/Evil_maid_attack) attacks, but they not good as a proper verified boot process such as that found on [Android](https://source.android.com/security/verifiedboot), [ChromeOS](https://support.google.com/chromebook/answer/3438631) or [Windows](https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process).
+These recommendations can make you a little more resistant to [evil maid](https://en.wikipedia.org/wiki/Evil_maid_attack) attacks, but they not good as a proper verified boot process such as that found on [Android](https://source.android.com/security/verifiedboot), [ChromeOS](https://www.chromium.org/chromium-os/chromiumos-design-docs/security-overview/#verified-boot), [macOS](https://support.apple.com/en-us/HT208198), or [Windows](https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process).

docs/linux-desktop/overview.en.md

@@ -6,15 +6,15 @@ It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-sourc
 
 At the moment, desktop GNU/Linux does have some areas that could be better improved when compared to their proprietary counterparts, e.g.:
 
-- A verified boot chain, unlike Apple’s [Secure Boot](https://support.apple.com/guide/security/startup-security-utility-secc7b34e5b5/web) (with [Secure Enclave](https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/1/web/1)), Android’s [Verified Boot](https://source.android.com/security/verifiedboot) or Microsoft Windows’s [boot process](https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process) with [TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). These features and hardware technologies can all help prevent persistent tampering by malware or [evil maid attacks](https://en.wikipedia.org/wiki/Evil_Maid_attack)
-- Strong sandboxing solution such as that found in [macOS](https://developer.apple.com/library/archive/documentation/Security/Conceptual/AppSandboxDesignGuide/AboutAppSandbox/AboutAppSandbox.html), [ChromeOS](https://chromium.googlesource.com/chromiumos/docs/+/HEAD/sandboxing.md), and [Android](https://source.android.com/security/app-sandbox). Commonly used Linux sandboxing solutions such as [Flatpak](https://docs.flatpak.org/en/latest/sandbox-permissions.html) and [Firejail](https://firejail.wordpress.com/) still have a long way to go
+- A verified boot chain, like Apple’s [Secure Boot](https://support.apple.com/guide/security/startup-security-utility-secc7b34e5b5/web) (with [Secure Enclave](https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/1/web/1)), Android’s [Verified Boot](https://source.android.com/security/verifiedboot), ChromeOS' [Verified boot](https://www.chromium.org/chromium-os/chromiumos-design-docs/security-overview/#verified-boot), or Microsoft Windows’s [boot process](https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process) with [TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). These features and hardware technologies can all help prevent persistent tampering by malware or [evil maid attacks](https://en.wikipedia.org/wiki/Evil_Maid_attack)
+- A strong sandboxing solution such as that found in [macOS](https://developer.apple.com/library/archive/documentation/Security/Conceptual/AppSandboxDesignGuide/AboutAppSandbox/AboutAppSandbox.html), [ChromeOS](https://chromium.googlesource.com/chromiumos/docs/+/HEAD/sandboxing.md), and [Android](https://source.android.com/security/app-sandbox). Commonly used Linux sandboxing solutions such as [Flatpak](https://docs.flatpak.org/en/latest/sandbox-permissions.html) and [Firejail](https://firejail.wordpress.com/) still have a long way to go
 - Strong [exploit mitigations](https://madaidans-insecurities.github.io/linux.html#exploit-mitigations)
 
 Despite these drawbacks, desktop GNU/Linux distributions are great if you want to:
 
 - Avoid telemetry that often comes with proprietary operating systems
 - Maintain [software freedom](https://www.gnu.org/philosophy/free-sw.en.html#four-freedoms)
-- Have purpose built systems such as [Whonix](https://www.whonix.org) or [Tails](https://tails.boum.org/)
+- Have privacy focused systems such as [Whonix](https://www.whonix.org) or [Tails](https://tails.boum.org/)
 
 Our website generally uses the term “Linux” to describe desktop GNU/Linux distributions. Other operating systems which also use the Linux kernel such as ChromeOS, Android, and Qubes OS are not discussed here.
 
@@ -28,7 +28,7 @@ Not all Linux distributions are created equal. While our Linux recommendation pa
 
 We highly recommend that you choose distributions which stay close to the stable upstream software releases, often referred to as rolling release distributions. This is because frozen release cycle distributions often don’t update package versions and fall behind on security updates.
 
-For frozen distributions, package maintainers are expected to backport patches to fix vulnerabilities (Debian is one such [example](https://www.debian.org/security/faq#handling)) rather than bump the software to the “next version” released by the upstream developer. Some security fixes [do not](https://arxiv.org/abs/2105.14565) receive a [CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures) (particularly less popular software) at all and therefore do not make it into the distribution with this patching model. As a result minor security fixes are sometimes held back until the next major release.
+For frozen distributions such as [Debian](https://www.debian.org/security/faq#handling), package maintainers are expected to backport patches to fix vulnerabilities rather than bump the software to the “next version” released by the upstream developer. Some security fixes [do not](https://arxiv.org/abs/2105.14565) receive a [CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures) (particularly less popular software) at all and therefore do not make it into the distribution with this patching model. As a result minor security fixes are sometimes held back until the next major release.
 
 We don’t believe holding packages back and applying interim patches is a good idea, as it diverges from the way the developer might have intended the software to work. [Richard Brown](https://rootco.de/aboutme/) has a presentation about this:
 
@@ -52,7 +52,7 @@ The Atomic update method is used for immutable distributions like Silverblue, Tu
 
 ### “Security-focused” distributions
 
-There is often some confusion about “security-focused” distributions and “pentesting” distributions. A quick search for “the most secure Linux distribution” will often give results like Kali Linux, Black Arch and Parrot OS. These distributions are offensive penetration testing distributions that bundle tools for testing other systems. They don’t include any “extra security” or defensive mitigations intended for regular use.
+There is often some confusion between “security-focused” distributions and “pentesting” distributions. A quick search for “the most secure Linux distribution” will often give results like Kali Linux, Black Arch and Parrot OS. These distributions are offensive penetration testing distributions that bundle tools for testing other systems. They don’t include any “extra security” or defensive mitigations intended for regular use.
 
 ### Arch-based distributions
 
@@ -62,14 +62,14 @@ For a secure system, you are also expected to have sufficient Linux knowledge to
 
 Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository), **must** be comfortable in auditing PKGBUILDs that they install from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software supply chain attacks, which has in fact happened [in the past](https://www.bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository/). AUR should always be used sparingly and often there is a lot of bad advice on various pages which direct people to blindly use [AUR helpers](https://wiki.archlinux.org/title/AUR_helpers) without sufficient warning. Similar warnings apply to use third-party Personal Package Archives (PPAs) on Debian based distributions or Community Projects (COPR) on Fedora.
 
-If you are experienced with Linux and wish to use an Arch-based distribution, we only recommend Arch Linux proper, not any of its derivatives. We recommend against these two Arch derivatives specifically:
+If you are experienced with Linux and wish to use an Arch-based distribution, we only recommend mainline Arch Linux, not any of its derivatives. We recommend against these two Arch derivatives specifically:
 
 - **Manjaro**: This distribution holds packages back for 2 weeks to make sure that their own changes don’t break, not to make sure that upstream is stable. When AUR packages are used, they are often built against the latest [libraries](https://en.wikipedia.org/wiki/Library_(computing)) from Arch’s repositories.
 - **Garuda**: They use [Chaotic-AUR](https://aur.chaotic.cx/) which automatically and blindly compiles packages from the AUR. There is no verification process to make sure that the AUR packages don’t suffer from supply chain attacks.
 
 ### Kicksecure
 
-While we strongly recommend against using outdated distributions like Debian, if you decide to use it, we suggest that you [convert](https://www.kicksecure.com/wiki/Debian) it into [Kicksecure](https://www.kicksecure.com/). Kicksecure, in oversimplified terms, is a set of scripts, configurations, and packages that substantially reduce the attack surface of Debian. It covers a lot of privacy and hardening recommendations by default.
+While we strongly recommend against using outdated distributions like Debian, there is a Debian based operating system that has been hardened to be much more secure than typical Linux distributions: [Kicksecure](https://www.kicksecure.com/). Kicksecure, in oversimplified terms, is a set of scripts, configurations, and packages that substantially reduce the attack surface of Debian. It covers a lot of privacy and hardening recommendations by default.
 
 ### Linux-libre kernel and “Libre” distributions
 
@@ -93,7 +93,7 @@ We recommend using a desktop environment that supports the [Wayland](https://en.
 
 Fortunately, common environments such as [GNOME](https://www.gnome.org), [KDE](https://kde.org), and the window manager [Sway](https://swaywm.org) have support for Wayland. Some distributions like Fedora and Tumbleweed use it by default, and some others may do so in the future as X11 is in [hard maintenance mode](https://www.phoronix.com/scan.php?page=news_item&px=X.Org-Maintenance-Mode-Quickly). If you’re using one of those environments it is as easy as selecting the “Wayland” session at the desktop display manager ([GDM](https://en.wikipedia.org/wiki/GNOME_Display_Manager), [SDDM](https://en.wikipedia.org/wiki/Simple_Desktop_Display_Manager)).
 
-We recommend **against** using desktop environments or window managers that do not have Wayland support such as Cinnamon (default on Linux Mint), Pantheon (default on Elementary OS), MATE, Xfce, and i3.
+We recommend **against** using desktop environments or window managers that do not have Wayland support, such as Cinnamon (default on Linux Mint), Pantheon (default on Elementary OS), MATE, Xfce, and i3.
 
 ### Proprietary Firmware (Microcode Updates)
 

docs/linux-desktop/sandboxing.en.md

@@ -6,7 +6,7 @@ Some sandboxing solutions for desktop Linux distributions do exist, however they
 
 ### Flatpak
 
-[Flatpak](https://flatpak.org) aims to be a universal package manager for Linux. One of its main goals is to provide a universal package format which can be used in most Linux distributions. It provides some [permission control](https://docs.flatpak.org/en/latest/sandbox-permissions.html). It has been [pointed out](https://madaidans-insecurities.github.io/linux.html#flatpak) that Flatpak sandboxing could be improved as particular Flatpaks often have greater permission than required. There does seem to be [some agreement](https://theevilskeleton.gitlab.io/2021/02/11/response-to-flatkill-org.html) that this is the case.
+[Flatpak](https://flatpak.org) aims to be a universal package manager for Linux. One of its main functions is to provide a universal package format which can be used in most Linux distributions. It provides some [permission control](https://docs.flatpak.org/en/latest/sandbox-permissions.html).However, [it is known](https://madaidans-insecurities.github.io/linux.html#flatpak) that Flatpak sandboxing could be improved as particular Flatpaks often have greater permission than required. There does seem to be [some agreement](https://theevilskeleton.gitlab.io/2021/02/11/response-to-flatkill-org.html) that this is the case.
 
 You can restrict applications further by issuing [Flatpak overrides](https://docs.flatpak.org/en/latest/flatpak-command-reference.html#flatpak-override). This can be done with the command-line or by using [Flatseal](https://flathub.org/apps/details/com.github.tchx84.Flatseal). Some sample overrides are provided by [tommytran732](https://github.com/tommytran732/Flatpak-Overrides) and [rusty-snake](https://github.com/rusty-snake/kyst/tree/main/flatpak).
 

docs/multi-factor-authentication.en.md

@@ -95,10 +95,10 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative
 
     **Raivo OTP** is a native, lightweight and secure time-based (TOTP) & counter-based (HOTP) password client for iOS. Raivo OTP offers optional iCloud backup & sync. Raivo OTP is also available for macOS in the form of a status bar application, however the Mac app does not work independently of the iOS app.
 
-    [:octicons-repo-16: Repository](https://github.com/raivo-otp/ios-application){ .md-button .md-button--primary }
-    [:octicons-eye-16:](https://github.com/raivo-otp/ios-application/blob/master/PRIVACY.md){ .card-link title="Privacy Policy" }
+    [:octicons-home-16: Homepage](https://raivo-otp.com){ .md-button .md-button--primary }
+    [:octicons-eye-16:](https://raivo-otp.com/privacy-policy){ .card-link title="Privacy Policy" }
     [:octicons-code-16:](https://github.com/raivo-otp/ios-application){ .card-link title="Source Code" }
-    [:octicons-heart-16:](https://github.com/sponsors/tijme){ .card-link title=Contribute }
+    [:octicons-heart-16:](https://raivo-otp.com/donate){ .card-link title=Contribute }
 
     ??? downloads
 

docs/passwords.en.md

@@ -88,10 +88,11 @@ These password managers sync your passwords to a cloud server for easy accessibi
         - [:fontawesome-brands-chrome: Chrome](https://chrome.google.com/webstore/detail/bitwarden-free-password-m/nngceckbapebfimnlniiiahkandclblb)
         - [:fontawesome-brands-edge: Edge](https://microsoftedge.microsoft.com/addons/detail/jbkfoedolllekgbhcbcoahefnbanhhlh)
 
-Bitwarden's server-side code is [open-source](https://github.com/bitwarden/server), so if you don't want to use the Bitwarden cloud, you can easily host your own Bitwarden sync server.
+Bitwarden also features [Bitwarden Send](https://bitwarden.com/products/send/), which allows you to share text and files securely with [end-to-end encryption](https://bitwarden.com/help/send-encryption). A [password](https://bitwarden.com/help/send-privacy/#send-passwords) can be required along with the send link. Bitwarden Send also features [automatic deletion](https://bitwarden.com/help/send-lifespan).
 
-![Vaultwarden logo](assets/img/password-management/vaultwarden.svg#only-light){ align=right }
-![Vaultwarden logo](assets/img/password-management/vaultwarden-dark.svg#only-dark){ align=right }
+You need the [Premium Plan](https://bitwarden.com/help/about-bitwarden-plans/#compare-personal-plans) to be able to share files. The free plan only allows text sharing.
+
+Bitwarden's server-side code is [open-source](https://github.com/bitwarden/server), so if you don't want to use the Bitwarden cloud, you can easily host your own Bitwarden sync server.
 
 **Vaultwarden** is an alternative implementation of the Bitwarden server API written in Rust and compatible with upstream Bitwarden clients, perfect for self-hosted deployment where running the official resource-heavy service might not be ideal.
 

docs/real-time-communication.en.md

@@ -32,17 +32,7 @@ Signal supports [private groups](https://signal.org/blog/signal-private-group-sy
 
 The protocol was independently [audited](https://eprint.iacr.org/2016/1013.pdf) in 2016. The specification for the Signal protocol can be found in their [documentation](https://signal.org/docs/).
 
-We also suggest Molly as an alternative to the official Signal app.
-
-![Molly logo](/assets/img/messengers/molly.svg){ align=right }
-
-**Molly** is a Signal fork for Android that provides additional hardening and security features to Signal.
-
-[:octicons-home-16: Homepage](https://molly.im/){ .md-button }
-[:octicons-eye-16:](https://signal.org/legal/#privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://github.com/mollyim/mollyim-android#readme){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/mollyim/mollyim-android){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://opencollective.com/mollyim){ .card-link title=Contribute }
+We have some additional tips on configuring and hardening your Signal installation:
 
 [Signal Configuration and Hardening :hero-arrow-circle-right-fill:](./advanced/signal-configuration-hardening.md)
 

docs/router.en.md

@@ -20,16 +20,17 @@ Below are a few alternative operating systems, that can be used on routers, Wi-F
 
 You can consult OpenWrt's [table of hardware](https://openwrt.org/toh/start) to check if your device is supported.
 
-## pfSense
+## OPNsense
 
 !!! recommendation
 
-    ![pfSense logo](assets/img/router/pfsense.svg#only-light){ align=right }
-    ![pfSense logo](assets/img/router/pfsense-dark.svg#only-dark){ align=right }
+    ![pfSense logo](assets/img/router/opnsense.svg){ align=right }
 
-    pfSense is an open-source firewall/router computer software distribution based on FreeBSD. It is installed on a computer to make a dedicated firewall/router for a network and is noted for its reliability and offering features often only found in expensive commercial firewalls. pfSense is commonly deployed as a perimeter firewall, router, wireless access point, DHCP server, DNS server, and VPN endpoint.
+    **OPNsense** is an open source, FreeBSD-based firewall and routing platform which incorporates many advanced features such as traffic shaping, load balancing, and VPN capabilities, with many more features available in the form of plugins. OPNsense is commonly deployed as a perimeter firewall, router, wireless access point, DHCP server, DNS server, and VPN endpoint.
 
-    [:octicons-home-16: Homepage](https://www.pfsense.org){ .md-button .md-button--primary }
-    [:octicons-info-16:](https://docs.netgate.com/pfsense/en/latest/){ .card-link title=Documentation}
-    [:octicons-code-16:](https://github.com/pfsense/pfsense){ .card-link title="Source Code" }
-    [:octicons-heart-16:](https://www.pfsense.org/get-involved/){ .card-link title=Contribute }
+    [:octicons-home-16: Homepage](https://opnsense.org/){ .md-button .md-button--primary }
+    [:octicons-info-16:](https://docs.opnsense.org/index.html){ .card-link title=Documentation}
+    [:octicons-code-16:](https://github.com/opnsense){ .card-link title="Source Code" }
+    [:octicons-heart-16:](https://opnsense.org/donate/){ .card-link title=Contribute }
+
+OPNsense was originally developed as a fork of [pfSense](https://en.wikipedia.org/wiki/PfSense), and both projects are noted for being free and reliable firewall distributions which offer features often only found in expensive commercial firewalls. Launched in 2015, the developers of OPNsense [cited](https://docs.opnsense.org/history/thefork.html) a number of security and code-quality issues with pfSense which they felt necessitated a fork of the project, as well as concerns about Netgate's majority acquisition of pfSense and the future direction of the pfSense project.

docs/self-contained-networks.en.md

@@ -77,3 +77,33 @@ These networks are designed to keep your traffic anonymous.
         - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.torproject.torbrowser)
         - [:pg-f-droid: F-Droid](https://support.torproject.org/tormobile/tormobile-7/)
         - [:fontawesome-brands-android: Android](https://www.torproject.org/download/#android)
+
+### Orbot
+
+!!! recommendation
+
+    ![Orbot logo](assets/img/self-contained-networks/orbot.svg){ align=right }
+
+    **Orbot** is a free Tor VPN for smartphones which routes traffic from any app on your device through the Tor network.
+
+    [:octicons-home-16: Homepage](https://orbot.app/){ .md-button .md-button--primary }
+    [:octicons-eye-16:](https://orbot.app/privacy-policy){ .card-link title="Privacy Policy" }
+    [:octicons-info-16:](https://orbot.app/faqs){ .card-link title=Documentation}
+    [:octicons-code-16:](https://orbot.app/code){ .card-link title="Source Code" }
+    [:octicons-heart-16:](https://orbot.app/donate){ .card-link title=Contribute }
+
+    ??? downloads
+
+        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.torproject.android)
+        - [:pg-f-droid: F-Droid](https://guardianproject.info/fdroid)
+        - [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/orbot/id1609461599)
+
+For resistance against traffic analysis attacks, consider enabling *Isolate Destination Address* in :material-menu: → **Settings** → **Connectivity**. This will use a completely different Tor Circuit (different middle relay and exit nodes) for every domain you connect to.
+
+!!! tip "Tips for Android"
+
+    Orbot can proxy individual apps if they support SOCKS or HTTP proxying. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN killswitch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
+
+    Orbot is often outdated on the Guardian Project's [F-Droid repository](https://guardianproject.info/fdroid) and [Google Play](https://play.google.com/store/apps/details?id=org.torproject.android), so consider downloading directly from the [GitHub repository](https://github.com/guardianproject/orbot) instead.
+
+    All versions are signed using the same signature so they should be compatible with each other.

docs/tools.en.md

@@ -76,12 +76,11 @@ For more details about each project, why they were chosen, and additional tips o
 <div class="grid cards" markdown>
 
 - ![Neo Store logo](assets/img/android/neo-store.png){ .twemoji } [Neo Store (F-Droid Client)](android.md#neo-store)
-- ![Orbot logo](assets/img/android/orbot.svg){ .twemoji } [Orbot (Tor Proxy)](android.md#orbot)
+- ![Aurora Store logo](/assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store)
 - ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter)
 - ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor)
 - ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera)
 - ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji } [Secure PDF Viewer](android.md#secure-pdf-viewer)
-- ![PrivacyBlur logo](assets/img/android/privacyblur.svg){ .twemoji } [PrivacyBlur](android.md#privacyblur)
 
 </div>
 
@@ -111,7 +110,7 @@ For more details about each project, why they were chosen, and additional tips o
 <div class="grid cards" markdown>
 
 - ![OpenWrt logo](assets/img/router/openwrt.svg#only-light){ .twemoji }![OpenWrt logo](assets/img/router/openwrt-dark.svg#only-dark){ .twemoji } [OpenWrt](router.md#openwrt)
-- ![pfSense logo](assets/img/router/pfsense.svg#only-light){ .twemoji }![pfSense logo](assets/img/router/pfsense-dark.svg#only-dark){ .twemoji } [pfSense](router.md#pfsense)
+- ![OPNsense logo](assets/img/router/opnsense.svg){ .twemoji } [OPNsense](router.md#opnsense)
 
 </div>
 
@@ -314,7 +313,6 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 <div class="grid cards" markdown>
 
-- ![Bitwarden logo](assets/img/file-sharing-sync/bitwarden.svg){ .twemoji } [Bitwarden](file-sharing.md#bitwarden-send)
 - ![OnionShare logo](assets/img/file-sharing-sync/onionshare.svg){ .twemoji } [OnionShare](file-sharing.md#onionshare)
 - ![FreedomBox logo](assets/img/file-sharing-sync/freedombox.svg){ .twemoji } [FreedomBox](file-sharing.md#freedombox)
 - ![Syncthing logo](assets/img/file-sharing-sync/syncthing.svg){ .twemoji } [Syncthing](file-sharing.md#syncthing)
@@ -323,19 +321,20 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 [Learn more :hero-arrow-circle-right-fill:](file-sharing.md)
 
-### Metadata Removal Tools
+### Data and Metadata Redaction
 
 <div class="grid cards" markdown>
 
-- ![ExifCleaner logo](assets/img/metadata-removal/exifcleaner.svg){ .twemoji } [ExifCleaner](metadata-removal-tools.md#exifcleaner)
-- ![MAT2 logo](assets/img/metadata-removal/mat2.svg){ .twemoji } [MAT2](metadata-removal-tools.md#mat2)
-- ![ExifEraser logo](assets/img/metadata-removal/exiferaser.svg){ .twemoji } [ExifEraser (Android)](metadata-removal-tools.md#exiferaser-android)
-- ![Metapho logo](assets/img/metadata-removal/metapho.jpg){ .twemoji } [Metapho (iOS)](metadata-removal-tools.md#metapho-ios)
-- ![ExifTool logo](assets/img/metadata-removal/exiftool.png){ .twemoji } [ExifTool (CLI)](metadata-removal-tools.md#exiftool)
+- ![ExifCleaner logo](assets/img/data-redaction/exifcleaner.svg){ .twemoji } [ExifCleaner](data-redaction.md#exifcleaner)
+- ![MAT2 logo](assets/img/data-redaction/mat2.svg){ .twemoji } [MAT2](data-redaction.md#mat2)
+- ![ExifEraser logo](assets/img/data-redaction/exiferaser.svg){ .twemoji } [ExifEraser (Android)](data-redaction.md#exiferaser-android)
+- ![Metapho logo](assets/img/data-redaction/metapho.jpg){ .twemoji } [Metapho (iOS)](data-redaction.md#metapho-ios)
+- ![PrivacyBlur logo](assets/img/data-redaction/privacyblur.svg){ .twemoji } [PrivacyBlur](data-redaction.md#privacyblur)
+- ![ExifTool logo](assets/img/data-redaction/exiftool.png){ .twemoji } [ExifTool (CLI)](data-redaction.md#exiftool)
 
 </div>
 
-[Learn more :hero-arrow-circle-right-fill:](metadata-removal-tools.md)
+[Learn more :hero-arrow-circle-right-fill:](data-redaction.md)
 
 ### Multi-Factor Authentication Tools
 
@@ -357,7 +356,6 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 - ![KeePassDX logo](assets/img/password-management/keepassdx.svg){ .twemoji } [KeePassDX (Android)](passwords.md#keepassdx)
 - ![KeePassXC logo](assets/img/password-management/keepassxc.svg){ .twemoji } [KeePassXC](passwords.md#keepassxc)
 - ![Bitwarden logo](assets/img/password-management/bitwarden.svg){ .twemoji } [Bitwarden](passwords.md#bitwarden)
-- ![Vaultwarden logo](assets/img/password-management/vaultwarden.svg#only-light){ .twemoji }![Vaultwarden logo](assets/img/password-management/vaultwarden-dark.svg#only-dark){ .twemoji } [Vaultwarden (Bitwarden Server)](passwords.md#bitwarden)
 - ![Psono logo](assets/img/password-management/psono.svg){ .twemoji } [Psono](passwords.md#psono)
 - ![gopass logo](assets/img/password-management/gopass.svg){ .twemoji } [gopass](passwords.md#gopass)
 
@@ -383,7 +381,6 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 <div class="grid cards" markdown>
 
 - ![Signal logo](assets/img/messengers/signal.svg){ .twemoji } [Signal](real-time-communication.md#signal)
-- ![Molly logo](assets/img/messengers/molly.svg){ .twemoji } [Molly (Hardened Signal fork for Android)](/advanced/signal-configuration-hardening/#hardening-signal-with-molly-on-android)
 - ![Element logo](assets/img/messengers/element.svg){ .twemoji } [Element](real-time-communication.md#element)
 - ![Session logo](assets/img/messengers/session.svg){ .twemoji } [Session](real-time-communication.md#session)
 - ![Briar logo](assets/img/messengers/briar.svg){ .twemoji } [Briar (Android)](real-time-communication.md#briar-android)
@@ -415,6 +412,7 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 - ![Freenet logo](./assets/img/self-contained-networks/freenet.svg){ .twemoji } [Freenet](self-contained-networks.md#freenet)
 - ![I2P logo](./assets/img/self-contained-networks/i2p.svg#only-light){ .twemoji } ![I2P logo](./assets/img/self-contained-networks/i2p-dark.svg#only-dark){ .twemoji } [I2P](self-contained-networks.md#invisible-internet-project)
 - ![Tor logo](./assets/img/self-contained-networks/tor.svg){ .twemoji } [Tor](self-contained-networks.md#tor)
+- ![Orbot logo](assets/img/self-contained-networks/orbot.svg){ .twemoji } [Orbot (Smartphone Tor Proxy)](self-contained-networks.md#orbot)
 
 </div>
 

docs/video-streaming.en.md

@@ -97,14 +97,6 @@ You can disable *Save hosting data to help the LBRY network* option in :gear: **
     
     When using NewPipe, your IP address will be visible to the video providers used. Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org) if your [threat model](basics/threat-modeling.md) requires hiding your IP address.
 
-**NewPipe x SponsorBlock** is a fork of [NewPipe](https://newpipe.net) with [SponsorBlock](https://sponsor.ajay.app) integrated to help you skip sponsored video segments.
-
-It also has integration with [Return YouTube Dislike](https://returnyoutubedislike.com), and some experimental settings such as the ability to use the built-in player for local playback, an option to force fullscreen on landscape mode, and an option to disable error reporting prompts.
-
-[:octicons-repo-16: "NewPipe x SponsorBlock" on GitHub](https://github.com/polymorphicshade/NewPipe){ .md-button }
-
-This fork is not endorsed by or affiliated with the upstream project. The NewPipe team has [rejected](https://github.com/TeamNewPipe/NewPipe/pull/3205) integration with SponsorBlock and thus this fork is created to provide this functionality.
-
 ## Web-based frontends
 
 ### Invidious

mkdocs.production.yml

@@ -22,6 +22,13 @@ plugins:
     date_from_meta:
       as_creation: "created"
       datetime_format: "%Y-%m-%d"
+  social:
+    cards: !ENV [CARDS, false]
+    cards_color:
+      fill: "#FFD06F"
+      text: "#2d2d2d"
+    cards_dir: assets/img/social
+    cards_font: 'Public Sans'
 
 extra:
   generator: false
@@ -48,6 +55,8 @@ theme:
     - content.tooltips
   palette:
     - media: "(prefers-color-scheme)"
+      scheme: default
+      accent: deep purple
       toggle:
         icon: hero/sparkles
         name: Switch to light mode

mkdocs.yml

@@ -4,7 +4,7 @@ site_dir: 'site'
 
 site_name: Privacy Guides
 site_description: |
-  Massive organizations are monitoring your online activities. Privacy Guides is your central privacy and security resource to protect yourself online.
+  Privacy Guides is your central privacy and security resource to protect yourself online.
 copyright: |
   <b>Privacy Guides</b> is a non-profit, socially motivated website that provides information for protecting your data security and privacy.<br>
   We do not make money from recommending certain products, and we do not utilize affiliate links.<br>
@@ -34,6 +34,7 @@ edit_uri: edit/main/docs/
 theme:
   name: material
   custom_dir: theme
+  logo: assets/brand/SVG/Logo/privacy-guides-logo-notext-colorbg.svg
   favicon: assets/brand/PNG/Favicon/favicon-32x32.png
   icon:
     repo: fontawesome/brands/github
@@ -155,16 +156,16 @@ nav:
       - 'vpn.md'
     - 'Software':
       - 'calendar-contacts.md'
-      - 'notebooks.md'
+      - 'data-redaction.md'
       - 'email-clients.md'
       - 'encryption.md'
       - 'file-sharing.md'
-      - 'metadata-removal-tools.md'
       - 'multi-factor-authentication.md'
+      - 'news-aggregators.md'
+      - 'notebooks.md'
       - 'passwords.md'
       - 'productivity.md'
       - 'real-time-communication.md'
-      - 'news-aggregators.md'
       - 'self-contained-networks.md'
       - 'video-streaming.md'
   - 'About':
@@ -175,7 +176,7 @@ nav:
     - 'about/notices.md'
     - 'about/privacy-policy.md'
   - 'Donate': '/about/donate/'
-  - 'Discussions': 'https://github.com/orgs/privacyguides/discussions'
+  - 'Discussions': 'https://github.com/privacyguides/privacyguides.org/discussions'
   - 'Blog':
     - '2022':
       - '"Hide Nothing"': 'blog/2022/06/09/hide-nothing.md'