PrivacyTools FAQ (#1808)

Signed-off-by: Daniel Gray <dng@disroot.org>

.github/workflows/crowdin.yml

@@ -14,7 +14,7 @@ jobs:
       uses: actions/checkout@v3
 
     - name: crowdin action
-      uses: crowdin/github-action@1.4.12
+      uses: crowdin/github-action@1.4.14
       with:
         upload_sources: true
         upload_sources_args: '--auto-update --delete-obsolete'

.github/workflows/release.yml

@@ -12,7 +12,7 @@ jobs:
     permissions:
       contents: write
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - uses: ncipollo/release-action@v1
         with:
           generateReleaseNotes: true

Pipfile

@@ -9,7 +9,6 @@ mkdocs-material = {path = "./mkdocs-material"}
 mkdocs-static-i18n = "*"
 mkdocs-git-revision-date-localized-plugin = "*"
 typing-extensions = "*"
-mkdocs-minify-plugin = "*"
 mkdocs-rss-plugin = "*"
 mkdocs-git-committers-plugin-2 = "*"
 mkdocs-macros-plugin = "*"

Pipfile.lock

@@ -1,7 +1,7 @@
 {
     "_meta": {
         "hash": {
-            "sha256": "bc99c3ae97af3b039c20ec5ed0cb345e76d171f08cb8c1e2aface7fad4bab695"
+            "sha256": "cc061d23a1d1965a032daba80bbc3747582c5ce54374e393e09d1d3b4a3d79bf"
         },
         "pipfile-spec": 6,
         "requires": {
@@ -49,11 +49,11 @@
         },
         "certifi": {
             "hashes": [
-                "sha256:84c85a9078b11105f04f3036a9482ae10e4621616db313fe045dd24743a0820d",
-                "sha256:fe86415d55e84719d75f8b69414f6438ac3547d2078ab91b67e779ef69378412"
+                "sha256:43dadad18a7f168740e66944e4fa82c6611848ff9056ad910f8f7a3e46ab89e0",
+                "sha256:cffdcd380919da6137f76633531a5817e3a9f268575c128249fb637e4f9e73fb"
             ],
             "markers": "python_version >= '3.6'",
-            "version": "==2022.6.15"
+            "version": "==2022.6.15.1"
         },
         "cffi": {
             "hashes": [
@@ -140,12 +140,6 @@
             "markers": "python_version >= '3.7'",
             "version": "==8.1.3"
         },
-        "csscompressor": {
-            "hashes": [
-                "sha256:afa22badbcf3120a4f392e4d22f9fff485c044a1feda4a950ecc5eba9dd31a05"
-            ],
-            "version": "==0.9.5"
-        },
         "cssselect2": {
             "hashes": [
                 "sha256:3a83b2a68370c69c9cd3fcb88bbfaebe9d22edeef2c22d1ff3e1ed9c7fa45ed8",
@@ -185,12 +179,6 @@
             "markers": "python_version >= '3.7'",
             "version": "==3.1.27"
         },
-        "htmlmin": {
-            "hashes": [
-                "sha256:50c1ef4630374a5d723900096a961cff426dff46b48f34d194a81bbe14eca178"
-            ],
-            "version": "==0.1.12"
-        },
         "idna": {
             "hashes": [
                 "sha256:84d9dd047ffa80596e0f246e2eab0b391788b0503584e8945f2368256d2735ff",
@@ -215,12 +203,6 @@
             "markers": "python_version >= '3.7'",
             "version": "==3.1.2"
         },
-        "jsmin": {
-            "hashes": [
-                "sha256:c0959a121ef94542e807a674142606f7e90214a2b3d1eb17300244bbb5cc2bfc"
-            ],
-            "version": "==3.0.1"
-        },
         "lxml": {
             "hashes": [
                 "sha256:04da965dfebb5dac2619cb90fcf93efdb35b3c6994fea58a157a834f2f94b318",
@@ -403,14 +385,6 @@
             "markers": "python_version >= '3.6'",
             "version": "==1.0.3"
         },
-        "mkdocs-minify-plugin": {
-            "hashes": [
-                "sha256:32d9e8fbd89327a0f4f648f517297aad344c1bad64cfde110d059bd2f2780a6d",
-                "sha256:487c31ae6b8b3230f56910ce6bcf5c7e6ad9a8c4f51c720a4b989f30c2b0233f"
-            ],
-            "index": "pypi",
-            "version": "==0.5.0"
-        },
         "mkdocs-rss-plugin": {
             "hashes": [
                 "sha256:50671e2030188da4bc01ff421d979903a01cd87b02e2ec5f430fd05d5ed55825",
@@ -593,83 +567,97 @@
         },
         "regex": {
             "hashes": [
-                "sha256:02b6dc102123f5178796dcdb5a90f6e88895607fd1a1d115d8de1af8161ca2b4",
-                "sha256:0843cc977b9cc00eb2299b624db6481d25e7f5b093f7a7c2bb727028d4a26eda",
-                "sha256:085ca3dc9360c0210e0a70e5d34d66454a06077644e7679fef6358b1f053e62e",
-                "sha256:0a9d5a64e974bc5f160f30f76aaf993d49eeddb405676be6bf76a5a2c131e185",
-                "sha256:0de0ce11c0835e1117eacbfe8fa6fa98dc0e8e746b486735cb0fdebe46a02222",
-                "sha256:1418d3506a9582b23a27373f125ea2b0da523c581e7cf678a6f036254d134faa",
-                "sha256:14750172c0a616140a8f496dfef28ed24080e87d06d5838e008f959ad307a8c5",
-                "sha256:1b6d2c579ffdcbb3d93f63b6a7f697364594e1c1b6856958b3e61e3ca22c140a",
-                "sha256:1df31eaf147ecff3665ba861acb8f78221cd5501df072c9151dfa341dd24599f",
-                "sha256:21b6f939916aa61beea56393ebc8a9999060632ac22b8193c2cb67d6fd7cb2c3",
-                "sha256:2240fce3af236e4586a045c1be8bbf16c4f8831e68b7df918b72fc31a80143be",
-                "sha256:242f546fc5e49bb7395624ac3b4fc168bf454e11ace9804c58c4c3a90d84e38f",
-                "sha256:25bffa248b99b53a61b1f20fc7d19f711e38e9f0bc90d44c26670f8dc282ad7d",
-                "sha256:2ada67e02fa3fcca9e3b90cf24c2c6bc77f0abc126209937956aea10eeba40c7",
-                "sha256:2c198921afc811bc0f105c6e5150fbdebf9520c9b7d43cfc0ab156ca97f506d7",
-                "sha256:370b1d7aed26e29915c3fb3e72e327f194824a76cedb60c0b9f6c6af53e89d72",
-                "sha256:3aafbbf5076f2a48bcf31ceb42b410323daaa0ddb42544640592957bc906ace6",
-                "sha256:3d3d769b3d485b28d6a591b46723dbacc696e6503f48a3ef52e6fc2c90edb482",
-                "sha256:3d83fd6dd4263595d0e4f595d4abd54397cbed52c0147f7dd148a7b72910301e",
-                "sha256:45cb798095b886e4df6ff4a1f7661eb70620ccdef127e3c3e00a1aaa22d30e53",
-                "sha256:4bd9443f7ff6e6288dd4496215c5d903f851e55cbc09d5963587af0c6d565a0a",
-                "sha256:4bdfd016ab12c4075ef93f025b3cf4c8962b9b7a5e52bb7039ab64cb7755930c",
-                "sha256:4c6554073e3e554fbb3dff88376ada3da32ca789ea1b9e381f684d49ddb61199",
-                "sha256:4dad9d68574e93e1e23be53b4ecfb0f083bd5cc08cc7f1984a4ee3ebf12aa446",
-                "sha256:4e12a3c2d4781ee5d03f229c940934fa1e4ea4f4995e68ab97a2815b139e0804",
-                "sha256:53c9eca0d6070a8a3de42182ad26daf90ba12132eb74a2f45702332762aff84e",
-                "sha256:5910bb355f9517309f77101238dbacb7151ede3434a2f1fad26ecc62f13d8324",
-                "sha256:5c77eab46f3a2b2cd8bbe06467df783543bf7396df431eb4a144cc4b89e9fb3c",
-                "sha256:5d541bc430a74c787684d1ebcd205a5212a88c3de73848143e77489b2c25b911",
-                "sha256:5e7c8f9f8824143c219dd93cdc733c20d2c12f154034c89bcb4911db8e45bd92",
-                "sha256:5f14430535645712f546f1e07013507d1cc0c8abd851811dacce8c7fb584bf52",
-                "sha256:6059ae91667932d256d9dc03abd3512ebcade322b3a42d1b8354bd1db7f66dcc",
-                "sha256:61f6966371fa1cbf26c6209771a02bef80336cdaca0c0af4dfa33d51019c0b93",
-                "sha256:62d56a9d3c1e5a83076db4da060dad7ea35ac2f3cbd3c53ba5a51fe0caedb500",
-                "sha256:634f090a388351eadf1dcc1d168a190718fb68efb4b8fdc1b119cf837ca01905",
-                "sha256:64ecfcc386420192fbe98fdde777d993f7f2dfec9552e4f4024d3447d3a3e637",
-                "sha256:6af38997f178889d417851bae8fb5c00448f7405cfcab38734d771f1dd5d5973",
-                "sha256:6b30c8d299ba48ee919064628fd8bc296bdc6e4827d315491bea39437130d3e1",
-                "sha256:6f0c8807bac16984901c0573725bad786f2f004f9bd5df8476c6431097b6c5b3",
-                "sha256:6f62c8a59f6b8e608880c61b138ae22668184bc266b025d33200dcf2cebe0872",
-                "sha256:74d4aabd612d32282f3cb3ebb4436046fb840d25c754157a755bc9f66e7cd307",
-                "sha256:7658d2dfc1dabfb008ffe12ae47b98559e2aedd8237bee12f5aafb74d90479e3",
-                "sha256:777ceea2860a48e9e362a4e2a9a691782ea97bd05c24627c92e876fdd2c22e61",
-                "sha256:79f34d5833cd0d53ecf48bc030e4da3216bd4846224d17eeb64509be5cb098fd",
-                "sha256:7a52d547259495a53e61e37ffc6d5cecf8d298aeb1bc0d9b25289d65ddb31183",
-                "sha256:840063aa8eeb1dda07d7d7dee15648838bffef1d415f5f79061854a182a429aa",
-                "sha256:8e8ec94d1b1a0a297c2c69a0bf000baf9a79607ca0c084f577f811a9b447c319",
-                "sha256:95fb62a3980cf43e76c2fe95edab06ec70dc495b8aa660975eb9f0b2ffdae1e1",
-                "sha256:9668da78bcc219542467f51c2cd01894222be6aceec4b5efb806705900b794d8",
-                "sha256:99a7c5786de9e92ff5ffee2e8bed745f5d25495206f3f14656c379031e518334",
-                "sha256:a1e283ad918df44bad3ccf042c2fe283c63d17617570eb91b8c370ef677b0b83",
-                "sha256:a25d251546acb5edb1635631c4ae0e330fa4ec7c6316c01d256728fbfb9bbff2",
-                "sha256:abe1adb32e2535aaa171e8b2b2d3f083f863c9974a3e6e7dae6bf4827fc8b983",
-                "sha256:ae85112da2d826b65aa7c7369c56ca41d9a89644312172979cbee5cf788e0b09",
-                "sha256:b3379a83dc63fe06538c751961f9ed730b5d7f08f96a57bbad8d52db5820df1f",
-                "sha256:b3c7c6c4aac19b964c1d12784aecae7f0315314640b0f41dd6f0d4e2bf439072",
-                "sha256:b7ddecc80e87acf12c2cf12bf3721def47188c403f04e706f104b5e71fed2f31",
-                "sha256:bbaf6785d3f1cd3e617b9d0fb3c5528023ef7bc7cc1356234801dc1941df8ce9",
-                "sha256:be6f5b453f7ed2219a9555bb6840663950b9ab1dc034216f68eac64db66633c2",
-                "sha256:c2b6404631b22617b5127c6de2355393ccda693ca733a098b6802e7dabb3457a",
-                "sha256:c4f6609f6e867a58cdf173e1cbe1f3736d25962108bd5cb01ad5a130875ff2c8",
-                "sha256:c76dd2c0615a28de21c97f9f6862e84faef58ff4d700196b4e395ef6a52291e4",
-                "sha256:c78c72f7878071a78337510ec78ab856d60b4bdcd3a95fd68b939e7cb30434b3",
-                "sha256:cb0c9a1476d279524538ba9a00ecec9eadcef31a6a60b2c8bd2f29f62044a559",
-                "sha256:ccb986e80674c929f198464bce55e995178dea26833421e2479ff04a6956afac",
-                "sha256:cfa62063c5eafb04e4435459ce15746b4ae6c14efeae8f16bd0e3d2895dad698",
-                "sha256:d13bd83284b46c304eb10de93f8a3f2c80361f91f4e8a4e1273caf83e16c4409",
-                "sha256:d76e585368388d99ddd2f95989e6ac80a8fe23115e93931faad99fa34550612f",
-                "sha256:dc32029b9cc784a529f9201289d4f841cc24a2ae3126a112cd467bc41bbc2f10",
-                "sha256:e0b55651db770b4b5a6c7d015f24d1a6ede307296bbdf0c47fc5f6a6adc7abee",
-                "sha256:e37886929ee83a5fa5c73164abada00e7f3cc1cbf3f8f6e1e8cfecae9d6cfc47",
-                "sha256:f7b88bc7306136b123fd1a9beed16ca02900ee31d1c36e73fa33d9e525a5562d",
-                "sha256:fac611bde2609a46fcbd92da7171286faa2f5c191f84d22f61cd7dc27213f51d",
-                "sha256:fafed60103132e74cdfbd651abe94801eb87a9765ce275b3dca9af8f3e06622a"
+                "sha256:003a2e1449d425afc817b5f0b3d4c4aa9072dd5f3dfbf6c7631b8dc7b13233de",
+                "sha256:0385d66e73cdd4462f3cc42c76a6576ddcc12472c30e02a2ae82061bff132c32",
+                "sha256:0394265391a86e2bbaa7606e59ac71bd9f1edf8665a59e42771a9c9adbf6fd4f",
+                "sha256:03ff695518482b946a6d3d4ce9cbbd99a21320e20d94913080aa3841f880abcd",
+                "sha256:079c182f99c89524069b9cd96f5410d6af437e9dca576a7d59599a574972707e",
+                "sha256:091efcfdd4178a7e19a23776dc2b1fafb4f57f4d94daf340f98335817056f874",
+                "sha256:0b664a4d33ffc6be10996606dfc25fd3248c24cc589c0b139feb4c158053565e",
+                "sha256:14216ea15efc13f28d0ef1c463d86d93ca7158a79cd4aec0f9273f6d4c6bb047",
+                "sha256:14a7ab070fa3aec288076eed6ed828587b805ef83d37c9bfccc1a4a7cfbd8111",
+                "sha256:14c71437ffb89479c89cc7022a5ea2075a842b728f37205e47c824cc17b30a42",
+                "sha256:18e503b1e515a10282b3f14f1b3d856194ecece4250e850fad230842ed31227f",
+                "sha256:19a4da6f513045f5ba00e491215bd00122e5bd131847586522463e5a6b2bd65f",
+                "sha256:1a901ce5cd42658ab8f8eade51b71a6d26ad4b68c7cfc86b87efc577dfa95602",
+                "sha256:26df88c9636a0c3f3bd9189dd435850a0c49d0b7d6e932500db3f99a6dd604d1",
+                "sha256:2dda4b096a6f630d6531728a45bd12c67ec3badf44342046dc77d4897277d4f2",
+                "sha256:322bd5572bed36a5b39952d88e072738926759422498a96df138d93384934ff8",
+                "sha256:360ffbc9357794ae41336b681dff1c0463193199dfb91fcad3ec385ea4972f46",
+                "sha256:37e5a26e76c46f54b3baf56a6fdd56df9db89758694516413757b7d127d4c57b",
+                "sha256:3d64e1a7e6d98a4cdc8b29cb8d8ed38f73f49e55fbaa737bdb5933db99b9de22",
+                "sha256:3f3b4594d564ed0b2f54463a9f328cf6a5b2a32610a90cdff778d6e3e561d08b",
+                "sha256:4146cb7ae6029fc83b5c905ec6d806b7e5568dc14297c423e66b86294bad6c39",
+                "sha256:4318f69b79f9f7d84a7420e97d4bfe872dc767c72f891d4fea5fa721c74685f7",
+                "sha256:4cdbfa6d2befeaee0c899f19222e9b20fc5abbafe5e9c43a46ef819aeb7b75e5",
+                "sha256:50e764ffbd08b06aa8c4e86b8b568b6722c75d301b33b259099f237c46b2134e",
+                "sha256:518272f25da93e02af4f1e94985f5042cec21557ef3591027d0716f2adda5d0a",
+                "sha256:592b9e2e1862168e71d9e612bfdc22c451261967dbd46681f14e76dfba7105fd",
+                "sha256:59a786a55d00439d8fae4caaf71581f2aaef7297d04ee60345c3594efef5648a",
+                "sha256:59bac44b5a07b08a261537f652c26993af9b1bbe2a29624473968dd42fc29d56",
+                "sha256:5d0dd8b06896423211ce18fba0c75dacc49182a1d6514c004b535be7163dca0f",
+                "sha256:67a4c625361db04ae40ef7c49d3cbe2c1f5ff10b5a4491327ab20f19f2fb5d40",
+                "sha256:6adfe300848d61a470ec7547adc97b0ccf86de86a99e6830f1d8c8d19ecaf6b3",
+                "sha256:6b32b45433df1fad7fed738fe15200b6516da888e0bd1fdd6aa5e50cc16b76bc",
+                "sha256:6c57d50d4d5eb0c862569ca3c840eba2a73412f31d9ecc46ef0d6b2e621a592b",
+                "sha256:6d43bd402b27e0e7eae85c612725ba1ce7798f20f6fab4e8bc3de4f263294f03",
+                "sha256:6e521d9db006c5e4a0f8acfef738399f72b704913d4e083516774eb51645ad7c",
+                "sha256:6fe1dd1021e0f8f3f454ce2811f1b0b148f2d25bb38c712fec00316551e93650",
+                "sha256:73b985c9fc09a7896846e26d7b6f4d1fd5a20437055f4ef985d44729f9f928d0",
+                "sha256:7681c49da1a2d4b905b4f53d86c9ba4506e79fba50c4a664d9516056e0f7dfcc",
+                "sha256:77c2879d3ba51e5ca6c2b47f2dcf3d04a976a623a8fc8236010a16c9e0b0a3c7",
+                "sha256:7b0c5cc3d1744a67c3b433dce91e5ef7c527d612354c1f1e8576d9e86bc5c5e2",
+                "sha256:7fcf7f94ccad19186820ac67e2ec7e09e0ac2dac39689f11cf71eac580503296",
+                "sha256:83cc32a1a2fa5bac00f4abc0e6ce142e3c05d3a6d57e23bd0f187c59b4e1e43b",
+                "sha256:8418ee2cb857b83881b8f981e4c636bc50a0587b12d98cb9b947408a3c484fe7",
+                "sha256:86df2049b18745f3cd4b0f4c4ef672bfac4b80ca488e6ecfd2bbfe68d2423a2c",
+                "sha256:880dbeb6bdde7d926b4d8e41410b16ffcd4cb3b4c6d926280fea46e2615c7a01",
+                "sha256:8aba0d01e3dfd335f2cb107079b07fdddb4cd7fb2d8c8a1986f9cb8ce9246c24",
+                "sha256:8dcbcc9e72a791f622a32d17ff5011326a18996647509cac0609a7fc43adc229",
+                "sha256:944567bb08f52268d8600ee5bdf1798b2b62ea002cc692a39cec113244cbdd0d",
+                "sha256:995e70bb8c91d1b99ed2aaf8ec44863e06ad1dfbb45d7df95f76ef583ec323a9",
+                "sha256:99945ddb4f379bb9831c05e9f80f02f079ba361a0fb1fba1fc3b267639b6bb2e",
+                "sha256:9a165a05979e212b2c2d56a9f40b69c811c98a788964e669eb322de0a3e420b4",
+                "sha256:9bc8edc5f8ef0ebb46f3fa0d02bd825bbe9cc63d59e428ffb6981ff9672f6de1",
+                "sha256:a1aec4ae549fd7b3f52ceaf67e133010e2fba1538bf4d5fc5cd162a5e058d5df",
+                "sha256:a1c4d17879dd4c4432c08a1ca1ab379f12ab54af569e945b6fc1c4cf6a74ca45",
+                "sha256:a2b39ee3b280e15824298b97cec3f7cbbe6539d8282cc8a6047a455b9a72c598",
+                "sha256:a2effeaf50a6838f3dd4d3c5d265f06eabc748f476e8441892645ae3a697e273",
+                "sha256:a59d0377e58d96a6f11636e97992f5b51b7e1e89eb66332d1c01b35adbabfe8a",
+                "sha256:a926339356fe29595f8e37af71db37cd87ff764e15da8ad5129bbaff35bcc5a6",
+                "sha256:a9eb9558e1d0f78e07082d8a70d5c4d631c8dd75575fae92105df9e19c736730",
+                "sha256:ab07934725e6f25c6f87465976cc69aef1141e86987af49d8c839c3ffd367c72",
+                "sha256:ad75173349ad79f9d21e0d0896b27dcb37bfd233b09047bc0b4d226699cf5c87",
+                "sha256:b7b701dbc124558fd2b1b08005eeca6c9160e209108fbcbd00091fcfac641ac7",
+                "sha256:b7bee775ff05c9d519195bd9e8aaaccfe3971db60f89f89751ee0f234e8aeac5",
+                "sha256:b86548b8234b2be3985dbc0b385e35f5038f0f3e6251464b827b83ebf4ed90e5",
+                "sha256:b9d68eb704b24bc4d441b24e4a12653acd07d2c39940548761e0985a08bc1fff",
+                "sha256:c0b7cb9598795b01f9a3dd3f770ab540889259def28a3bf9b2fa24d52edecba3",
+                "sha256:cab548d6d972e1de584161487b2ac1aa82edd8430d1bde69587ba61698ad1cfb",
+                "sha256:ce331b076b2b013e7d7f07157f957974ef0b0881a808e8a4a4b3b5105aee5d04",
+                "sha256:cfa4c956ff0a977c4823cb3b930b0a4e82543b060733628fec7ab3eb9b1abe37",
+                "sha256:d23ac6b4bf9e32fcde5fcdb2e1fd5e7370d6693fcac51ee1d340f0e886f50d1f",
+                "sha256:d2885ec6eea629c648ecc9bde0837ec6b92208b7f36381689937fe5d64a517e8",
+                "sha256:d2a1371dc73e921f3c2e087c05359050f3525a9a34b476ebc8130e71bec55e97",
+                "sha256:d3102ab9bf16bf541ca228012d45d88d2a567c9682a805ae2c145a79d3141fdd",
+                "sha256:d5b003d248e6f292475cd24b04e5f72c48412231961a675edcb653c70730e79e",
+                "sha256:d5edd3eb877c9fc2e385173d4a4e1d792bf692d79e25c1ca391802d36ecfaa01",
+                "sha256:d7430f041755801b712ec804aaf3b094b9b5facbaa93a6339812a8e00d7bd53a",
+                "sha256:d837ccf3bd2474feabee96cd71144e991472e400ed26582edc8ca88ce259899c",
+                "sha256:dab81cc4d58026861445230cfba27f9825e9223557926e7ec22156a1a140d55c",
+                "sha256:db45016364eec9ddbb5af93c8740c5c92eb7f5fc8848d1ae04205a40a1a2efc6",
+                "sha256:df8fe00b60e4717662c7f80c810ba66dcc77309183c76b7754c0dff6f1d42054",
+                "sha256:e6e6e61e9a38b6cc60ca3e19caabc90261f070f23352e66307b3d21a24a34aaf",
+                "sha256:ee7045623a5ace70f3765e452528b4c1f2ce669ed31959c63f54de64fe2f6ff7",
+                "sha256:f06cc1190f3db3192ab8949e28f2c627e1809487e2cfc435b6524c1ce6a2f391",
+                "sha256:f07373b6e56a6f3a0df3d75b651a278ca7bd357a796078a26a958ea1ce0588fd",
+                "sha256:f6e0321921d2fdc082ef90c1fd0870f129c2e691bfdc4937dcb5cd308aba95c4",
+                "sha256:f6e167d1ccd41d27b7b6655bb7a2dcb1b1eb1e0d2d662043470bd3b4315d8b2b",
+                "sha256:fcbd1edff1473d90dc5cf4b52d355cf1f47b74eb7c85ba6e45f45d0116b8edbd",
+                "sha256:fe428822b7a8c486bcd90b334e9ab541ce6cc0d6106993d59f201853e5e14121"
             ],
             "markers": "python_version >= '3.6'",
-            "version": "==2022.8.17"
+            "version": "==2022.9.13"
         },
         "requests": {
             "hashes": [
@@ -705,9 +693,11 @@
         },
         "termcolor": {
             "hashes": [
-                "sha256:1d6d69ce66211143803fbc56652b41d73b4a400a2891d7bf7a1cdf4c02de613b"
+                "sha256:6b2cf769e93364a2676e1de56a7c0cff2cf5bd07f37e9cc80b0dd6320ebfe388",
+                "sha256:7e597f9de8e001a3208c4132938597413b9da45382b6f1d150cff8d062b7aaa3"
             ],
-            "version": "==1.1.0"
+            "markers": "python_version >= '3.7'",
+            "version": "==2.0.1"
         },
         "tinycss2": {
             "hashes": [

README.md

@@ -9,10 +9,6 @@
 
   <p><em>Your central privacy and security resource to protect yourself online.</em></p>
 
-  <a href="https://opencollective.com/privacyguides">
-    <img src="https://img.shields.io/opencollective/all/privacyguides">
-  </a></p>
-
   <p><a href="https://www.reddit.com/r/PrivacyGuides/">
     <img src="https://img.shields.io/reddit/subreddit-subscribers/PrivacyGuides?label=Subscribe%20to%20r%2FPrivacyGuides&style=social">
   </a>
@@ -38,6 +34,9 @@
   <a href="https://github.com/privacyguides/privacyguides.org/pulls?q=is%3Apr+is%3Aclosed">
     <img src="https://img.shields.io/github/issues-pr-closed-raw/privacyguides/privacyguides.org">
   </a>
+  <a href="https://opencollective.com/privacyguides">
+    <img src="https://img.shields.io/opencollective/all/privacyguides">
+  </a>
   <a href="https://crowdin.com/project/privacyguides">
     <img src="https://badges.crowdin.net/privacyguides/localized.svg">
   </a></p>

docs/about/privacytools.en.md

@@ -0,0 +1,117 @@
+---
+title: "PrivacyTools FAQ"
+---
+# Why we moved on from PrivacyTools
+
+In September 2021, every active contributor unanimously agreed to move from PrivacyTools to work on this site: Privacy Guides. This decision was made because PrivacyTools’ founder and controller of the domain name had disappeared for an extended period of time and could not be contacted.
+
+Having built a reputable site and set of services on PrivacyTools.io, this caused grave concerns for the future of PrivacyTools, as any future disruption could wipe out the entire organization with no recovery method. This transition was communicated to the PrivacyTools community many months in advance via a variety of channels including its blog, Twitter, Reddit, and Mastodon to ensure the entire process went as smoothly as possible. We did this to ensure nobody was kept in the dark, which has been our modus operandi since our team was created, and to make sure Privacy Guides was recognized as the same reliable organization that PrivacyTools was before the transition.
+
+After the organizational move was completed, the founder of PrivacyTools returned and began to spread misinformation about the Privacy Guides project. They continue to spread misinformation in addition to operating a paid link farm on the PrivacyTools domain. We are creating this page to clear up any misconceptions.
+
+## What is PrivacyTools?
+
+PrivacyTools was created in 2015 by "BurungHantu," who wanted to make a privacy information resource - helpful tools following the Snowden revelations. The site grew into a flourishing open-source project with [many contributors](https://github.com/privacytools/privacytools.io/graphs/contributors), some eventually given various organizational responsibilities, such as operating online services like Matrix and Mastodon, managing and reviewing changes to the site on GitHub, finding sponsors for the project, writing blog posts and operating social media outreach platforms like Twitter, etc.
+
+Beginning in 2019, BurungHantu grew more and more distant from the active development of the website and communities, and began delaying payments he was responsible for related to the servers we operated. To avoid having our system administrator pay server costs out of their own pocket, we changed the donation methods listed on the site from BurungHantu's personal PayPal and crypto accounts to a new OpenCollective page on [October 31, 2019](https://web.archive.org/web/20210729184557/https://blog.privacytools.io/privacytools-io-joins-the-open-collective-foundation/). This had the added benefits of making our finances completely transparent, a value we strongly believe in, and tax-deductible in the United States, because they were being held by the Open Collective Foundation 501(c)3. This change was unanimously agreed upon by the team and went uncontested.
+
+## Why We Moved On
+
+In 2020, BurungHantu's absence grew much more noticeable. At one point, we required the domain's nameservers to be changed to nameservers controlled by our system administrator to avoid future disruption, and this change was not completed for over a month after the initial request. He would disappear from the public chat and private team chat rooms on Matrix for months at a time, occasionally popping in to give some small feedback or promise to be more active before disappearing once again.
+
+In October 2020, the PrivacyTools system administrator (Jonah) [left](https://web.archive.org/web/20210729190742/https://blog.privacytools.io/blacklight447-taking-over/) the project because of these difficulties, handing control to another long-time contributor. Jonah had been operating nearly every PrivacyTools service and acting as the *de facto* project lead for website development in BurungHantu's absence, thus his departure was a significant change to the organization. At the time, because of these significant organizational changes, BurungHantu promised the remaining team he would return to take control of the project going forward. ==The PrivacyTools team reached out via several communication methods over the following months, but did not receive any response.==
+
+## Domain Name Reliance
+
+At the beginning of 2021, the PrivacyTools team grew worried about the future of the project, because the domain name was set to expire on 1st March 2021. The domain was ultimately renewed by BurungHantu with no comment.
+
+The team’s concerns were not addressed, and we realized this would be a problem every year: If the domain expired it would have allowed it to be stolen by squatters or spammers, thus ruining the organization's reputation. We also would have had trouble reaching the community to inform them of what took place.
+
+Without being in any contact with BurungHantu, we decided the best course of action would be to move to a new domain name while we still had guaranteed control over the old domain name, sometime before March 2022. This way, we would be able to cleanly redirect all PrivacyTools resources to the new site without any interruption in service. This decision was made many months in advance and communicated to the entire team in the hopes that BurungHantu would reach out and assure his continued support for the project, because with a recognizable brand name and large communities online, moving away from "PrivacyTools" was the least desirable possible outcome.
+
+In mid-2021 the PrivacyTools team reached out to Jonah, who agreed to rejoin the team to help with the transition.
+
+## Community Call to Action
+
+At the end of July 2021, we [informed](https://web.archive.org/web/20210729184422/https://blog.privacytools.io/the-future-of-privacytools/) the PrivacyTools community of our intention to choose a new name and continue the project on a new domain, to be [chosen](https://web.archive.org/web/20210729190935/https://aragon.cloud/apps/forms/cMPxG9KyopapBbcw) on 2nd August 2022. In the end, "Privacy Guides" was selected, with the `privacyguides.org` domain already owned by Jonah for a side-project from 2020 that went undeveloped.
+
+## Control of r/privacytoolsIO
+
+Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the subreddit. The subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep was the only active moderator at the time, and [posted](https://www.reddit.com/r/redditrequest/comments/o9tllh/requesting_rprivacytoolsio_im_only_active_mod_top/) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
+
+Reddit requires that subreddits have active moderators. If the primary moderator is inactive for a lengthy period of time (such as a year) the primary moderation position can be re-appointed to the next moderator in line. For this request to have been granted, BurungHantu had to have been completely absent from all Reddit activity for a long period of time, which was consistent with his behaviors on other platforms.
+
+> If you were removed as moderator from a subreddit through Reddit request it is because your lack of response and lack of activity qualified the subreddit for an r/redditrequest transfer.
+>
+> r/redditrequest is Reddit's way of making sure communities have active moderators and is part of the [Moderator Code of Conduct](https://www.redditinc.com/policies/moderator-code-of-conduct).
+
+## Beginning the Transition
+
+On September 14th, 2021, we [announced](https://www.privacyguides.org/blog/2021/09/14/welcome-to-privacy-guides/) the beginning of our migration to this new domain:
+
+> [...] we found it necessary to make this switch sooner rather than later to ensure people would find out about this transition as soon as possible. This gives us adequate time to transition the domain name, which is currently redirecting to www.privacyguides.org, and it hopefully gives everyone enough time to notice the change, update bookmarks and websites, etc.
+
+This change [entailed:](https://www.reddit.com/r/PrivacyGuides/comments/pnhn4a/rprivacyguides_privacyguidesorg_what_you_need_to/)
+
+- Redirecting www.privacytools.io to [www.privacyguides.org](https://www.privacyguides.org).
+- Archiving the source code on GitHub to preserve our past work and issue tracker, which we continued to use for months of future development of this site.
+- Posting announcements to our subreddit and various other communities informing people of the official change.
+- Formally closing privacytools.io services, like Matrix and Mastodon, and encouraging existing users to migrate as soon as possible.
+
+Things appeared to be going smoothly, and most of our active community made the switch to our new project exactly as we hoped.
+
+## Following Events
+
+Roughly a week following the transition, BurungHantu returned online for the first time in nearly a year, however nobody on our team was willing to return to PrivacyTools because of his historic unreliability. Rather than apologize for his prolonged absence, he immediately went on the offensive and positioned the transition to Privacy Guides as an attack against him and his project. He subsequently [deleted](https://www.reddit.com/r/privacytoolsIO/comments/pp9yie/comment/hd49wbn) many of these posts when it was pointed out by the community that he had been absent and abandoned the project.
+
+At this point, BurungHantu claimed he wanted to continue working on privacytools.io on his own and requested that we remove the redirect from www.privacytools.io to [www.privacyguides.org](https://www.privacyguides.org). We obliged and requested that he keep the subdomains for Matrix, Mastodon, and PeerTube active for us to run as a public service to our community for at least a few months, in order to allow users on those platforms to easily migrate to other accounts. Due to the federated nature of the services we provided, they were tied to specific domain names making it very difficult to migrate (and in some cases impossible).
+
+Unfortunately, because control of the r/privacytoolsIO subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://www.reddit.com/r/PrivacyGuides/comments/pymthv/comment/hexwrps/) at the beginning of October, ending any migration possibilities to any users still using those services.
+
+Following this, BurungHantu made false accusations about Jonah stealing donations from the project. BurungHantu had over a year since the alleged incident occurred, and yet he never made anyone aware of it until after the Privacy Guides migration. BurungHantu has been repeatedly asked for proof and to comment on the reason for his silence by the team [and the community](https://twitter.com/TommyTran732/status/1526153536962281474), and has not done so.
+
+BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim.
+
+## PrivacyTools.io Now
+
+As of September 25th 2022 we are seeing BurungHantu's overall plans come to fruition on privacytools.io, and this is the very reason we decided to create this explainer page today. The website he is operating appears to be a heavily SEO-optimized version of the site which recommends tools in exchange for financial compensation. Very recently, IVPN and Mullvad, two VPN providers near-universally [recommended](../vpn.md) by the privacy community and notable for their stance against affiliate programs were removed from PrivacyTools. In their place? NordVPN, Surfshark, ExpressVPN, and hide.me; Giant VPN corporations with untrustworthy platforms and business practices, notorious for their aggressive marketing and affiliate programs.
+
+==**PrivacyTools has become exactly the type of site we [warned against](https://web.archive.org/web/20210729205249/https://blog.privacytools.io/the-trouble-with-vpn-and-privacy-reviews/) on the PrivacyTools blog in 2019.**== We've tried to keep our distance from PrivacyTools since the transition, but their continued harassment towards our project and now their absurd abuse of the credibility their brand gained over 6 years of open source contributions is extremely troubling to us. Those of us actually fighting for privacy are not fighting against each other, and are not getting our advice from the highest bidder.
+
+## r/privacytoolsIO Now
+
+After the launch of [r/PrivacyGuides](https://www.reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://www.reddit.com/r/privacytoolsIO/comments/qk7qrj/a_new_era_why_rptio_is_now_a_restricted_sub/) a restricted sub in a post on November 1st, 2021:
+
+> [...] The growth of this Sub was the result of great effort, across several years, by the PrivacyGuides.org team. And by every one of you.
+>
+> A Subreddit is a great deal of work to administer and moderate. Like a garden, it requires patient tending and daily care. It’s not a task for dilettantes or commitment-challenged people. It can’t thrive under a gardener who abandons it for several years, then shows up demanding this year’s harvest as their tribute. It’s unfair to the team formed years ago. It’s unfair to you. [...]
+
+Subreddits do not belong to anybody, and they especially do not belong to brand-holders. They belong to their communities, and the community and its moderators made the decision to support the move to r/PrivacyGuides.
+
+In the months since, BurungHantu has threatened and begged for returning subreddit control to his account in [violation](https://www.reddit.com/r/redditrequest/wiki/top_mod_removal/) of Reddit rules:
+
+> Retaliation from any moderator with regards to removal requests is disallowed.
+
+For a community with many thousands of remaining subscribers, we feel that it would be incredibly disrespectful to return control of that massive platform to the person who abandoned it for over a year, and who now operates a website that we feel provides very low-quality information. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.
+
+## OpenCollective Now
+
+Our fundraising platform, OpenCollective, is another source of contention. Our position is that OpenCollective was put in place by our team and managed by our team to fund services we currently operate and which PrivacyTools no longer does. We [reached out](https://opencollective.com/privacyguides/updates/transitioning-to-privacy-guides) to all of our donors regarding our move to Privacy Guides, and we were unanimously supported by our sponsors and community.
+
+Thus, the funds in OpenCollective belong to Privacy Guides, they were given to our project, and not the owner of a well known domain name. In the announcement made to donors on September 17th, 2021, we offered refunds to any donor who disagrees with the stance we took, but nobody has taken us up on this offer:
+
+> If any sponsors or backers disagree with or feel misled by these recent events and would like to request a refund given these highly unusual circumstances, please get in touch with our project admin by emailing jonah@triplebit.net.
+
+## Further Reading
+
+This topic has been discussed extensively within our communities in various locations, and it seems likely that most people reading this page will already be familiar with the events leading up to the move to Privacy Guides. Some of our previous posts on the matter may have extra detail we omitted here for brevity. They have been linked below for the sake of completion.
+
+- [June 28, 2021 request for control of r/privacytoolsIO](https://www.reddit.com/r/redditrequest/comments/o9tllh/requesting_rprivacytoolsio_im_only_active_mod_top/)
+- [July 27, 2021 announcement of our intentions to move on the PrivacyTools blog, written by the team](https://web.archive.org/web/20210729184422/https://blog.privacytools.io/the-future-of-privacytools/)
+- [Sept 13, 2021 announcement of the beginning of our transition to Privacy Guides on r/privacytoolsIO](https://www.reddit.com/r/privacytoolsIO/comments/pnql46/rprivacyguides_privacyguidesorg_what_you_need_to/)
+- [Sept 17, 2021 announcement on OpenCollective from Jonah](https://opencollective.com/privacyguides/updates/transitioning-to-privacy-guides)
+- [Sept 30, 2021 Twitter thread detailing most of the events now described on this page](https://twitter.com/privacy_guides/status/1443633412800225280)
+- [Oct 1, 2021 post by u/dng99 noting subdomain failure](https://www.reddit.com/r/PrivacyGuides/comments/pymthv/comment/hexwrps/)
+- [Apr 2, 2022 response by u/dng99 to PrivacyTools' accusatory blog post](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/)
+- [May 16, 2022 response by @TommyTran732 on Twitter](https://twitter.com/TommyTran732/status/1526153497984618496)
+- [Sep 3, 2022 post on Techlore's forum by @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20)

docs/android.en.md

@@ -3,9 +3,17 @@ title: "Android"
 icon: 'simple/android'
 ---
 
-These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. We also have additional Android-related information:
+![Android logo](assets/img/android/android.svg){ align=right }
 
-- [General Android Overview and Recommendations :material-arrow-right-drop-circle:](android/overview.md)
+The **Android Open Source Project** is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
+
+[:octicons-home-16:](https://source.android.com/){ .card-link title=Homepage }
+[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
+[:octicons-code-16:](https://cs.android.com/android/platform/superproject/){ .card-link title="Source Code" }
+
+These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. To learn more about Android:
+
+- [General Android Overview :material-arrow-right-drop-circle:](android/overview.md)
 - [Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](android/grapheneos-vs-calyxos.md)
 
 ## AOSP Derivatives
@@ -47,7 +55,7 @@ Google Pixel phones are the only devices that currently meet GrapheneOS's [hardw
     DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
 
     [:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
-    [:simple-torproject:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title=Onion }
+    [:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
     [:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
     [:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
     [:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
@@ -166,7 +174,7 @@ Auditor performs attestation and intrusion detection by:
 
 No personally identifiable information is submitted to the attestation service. We recommend that you sign up with an anonymous account and enable remote attestation for continuous monitoring.
 
-If your [threat model](basics/threat-modeling.md) requires privacy, you could consider using [Orbot](self-contained-networks.md#orbot) or a VPN to hide your IP address from the attestation service.
+If your [threat model](basics/threat-modeling.md) requires privacy, you could consider using [Orbot](tor.md#orbot) or a VPN to hide your IP address from the attestation service.
 To make sure that your hardware and operating system is genuine, [perform local attestation](https://grapheneos.org/install/web#verifying-installation) immediately after the device has been installed and prior to any internet connection.
 
 ### Secure Camera

docs/android/grapheneos-vs-calyxos.en.md

@@ -1,51 +1,59 @@
 ---
-title: "Why we recommend GrapheneOS over CalyxOS"
+title: "GrapheneOS or CalyxOS?"
 icon: 'material/cellphone-cog'
 ---
 
-GrapheneOS and CalyxOS are commonly compared as similar options for people looking for an alternative Android OS for their Pixel devices. Below are some of the reasons why we recommend GrapheneOS over CalyxOS.
+GrapheneOS and CalyxOS are often compared as similar options for people looking for an alternative Android OS for their Pixel devices. Below are some of the reasons why we recommend GrapheneOS over CalyxOS.
 
-## Profiles
+## Update Frequency
 
-CalyxOS includes a device controller app so there is no need to install a third-party app like Shelter.
+CalyxOS has a track record of being slower to apply security and feature updates to its OS and core applications than other custom Android operating systems. Timely security updates are one of the most important factors to consider when determining whether an OS is secure enough for regular use, which is a requirement for privacy.
 
-GrapheneOS extends the user profile feature, allowing you to end a current session. To do this, select *End Session* which will clear the encryption key from memory. GrapheneOS also provides [cross-profile notification forwarding](https://grapheneos.org/features#notification-forwarding). GrapheneOS plans to introduce nested profile support with better isolation in the future.
+In contrast to that, GrapheneOS manages to stay close to upstream and in some cases even [deliver updates before the stock OS does](https://grapheneos.org/features#more-complete-patching).
+
+As an example, [GrapheneOS's first Android 12 release](https://grapheneos.org/releases#2021102020) was in October 2021, whereas [CalyxOS moved to Android 12](https://calyxos.org/news/2022/01/19/android-12-changelog/) in January 2022.
 
 ## Sandboxed Google Play vs Privileged microG
 
-When Google Play services are used on GrapheneOS, they run as a user app and are contained within a user or work profile. Sandboxed Google Play is confined using the highly restrictive, default [`untrusted_app`](https://source.android.com/security/selinux/concepts) domain provided by [SELinux](https://en.wikipedia.org/wiki/Security-Enhanced_Linux). Permissions for apps to use Google Play Services can be revoked at any time.
+When Google Play Services are used on GrapheneOS, they are confined using the highly restrictive, default [`untrusted_app`](https://source.android.com/security/selinux/concepts) [SELinux](https://en.wikipedia.org/wiki/Security-Enhanced_Linux) domain. As a result, you have full control as to what these apps can access via permissions, just like any other app you install. Additionally, you can selectively choose which profile(s) to install the Sandboxed Google Play in.
 
 microG is a partially open-source re-implementation of Google Play Services.[^1] On CalyxOS, it runs in the highly privileged [`system_app`](https://source.android.com/security/selinux/concepts) SELinux domain like regular Google Play Services, and it uses [signature spoofing](https://github.com/microg/GmsCore/wiki/Signature-Spoofing) to masquerade as Google Play Services. This is less secure than Sandboxed Google Play's approach, which does not need access to sensitive system APIs.
 
-When using Sandboxed Play Services, you have the option to reroute location requests to the Play Services API back to the OS location API, which uses satellite based location services. With microG, you have the option to choose between different backend location providers, including *shifting trust* to another location backend, like Mozilla; using [DejaVu](https://github.com/n76/DejaVu), a location backend that locally collects and saves RF-based location data to an offline database which can be used when GPS is not available; or to simply not use a network location backend at all.
+When using Sandboxed Google Play, you have the option to reroute location requests to the Play Services API back to the OS location API, which uses satellite based location services. With microG, you have the option to choose between different backend location providers, including *shifting trust* to another location backend, like Mozilla; using [DejaVu](https://github.com/n76/DejaVu), a location backend that locally collects and saves RF-based location data to an offline database which can be used when GPS is not available; or to simply not use a network location backend at all.
 
 Network location providers like Play Services or Mozilla rely the on the MAC addresses of surrounding WiFi access points and Bluetooth devices being submitted for location approximation. Choosing a network location like Mozilla to use with microG provides little to no privacy benefit over Google because you are still submitting the same data and trusting them to not profile you.
 
 Local RF location backends like DejaVu require that the phone has a working GPS first for the local RF data collected to be useful. This makes them less effective as location providers, as the job of a location provider is to assist location approximation when satellite based services are not working.
 
-If your threat model requires protecting your location or the MAC addresses of nearby devices, rerouting location requests to the OS location API is probably the best option. The benefit brought by microG's custom location backend is minimal at best when compared to Sandboxed Play Services.
+If your [threat model](../basics/threat-modeling.md) requires protecting your location or the MAC addresses of nearby devices, rerouting location requests to the OS location API is probably the best option. The benefit brought by microG's custom location backend is minimal at best when compared to Sandboxed Google Play.
 
-In terms of application compatibility, Sandboxed Google Play on GrapheneOS is always going to be more compatible as it is the same code as what is released by Google. microG is a reimplementation of these services. As a result of that it only supports the various parts that have been reimplemented, meaning some things such as [Google Play Games](https://play.google.com/googleplaygames) and [In-app Billing API](https://android-doc.github.io/google/play/billing/api.html) are not yet supported.
+In terms of application compatibility, ==Sandboxed Google Play on GrapheneOS is always going to be more compatible== as it is the same code as what is released by Google. microG is a reimplementation of these services. As a result, it only supports the various parts that have been reimplemented, meaning some things such as [Google Play Games](https://play.google.com/googleplaygames) and [In-app Billing API](https://android-doc.github.io/google/play/billing/api.html) are not yet supported.
 
-Larger apps, especially games, require Play Delivery to be installed, which is currently not implemented in microG. Authentication using [FIDO](../basics/multi-factor-authentication.md#fido-fast-identity-online) with online services on Android also relies on Play Services, and does not currently work with microG.
+Larger apps, especially games, require [Play Asset Delivery](https://android-developers.googleblog.com/2020/06/introducing-google-play-asset-delivery.html) to be installed, which is currently not implemented in microG. Authentication using [FIDO](../basics/multi-factor-authentication.md#fido-fast-identity-online) with online services on Android also relies on Play Services, and does not currently work with microG.
 
-[^1]: It should be noted that microG still uses proprietary Google binaries for some of its components such as DroidGuard. Push notifications, if enabled, still go through Google's servers just like with Play Services. Outside of default microG setups like on CalyxOS, it is possible to run microG in the unprivileged [`untrusted app`](https://source.android.com/security/selinux/concepts) SELinux domain and without the signature spoofing patch. However, microG's functionality and compatibility, which is already not nearly as broad as Sandboxed Play Services, will greatly diminish.
+[^1]: It should be noted that microG still uses proprietary Google binaries for some of its components such as DroidGuard. Push notifications, if enabled, still go through Google's servers just like with Play Services. Outside of default microG setups like on CalyxOS, it is possible to run microG in the unprivileged [`untrusted app`](https://source.android.com/security/selinux/concepts) SELinux domain and without the signature spoofing patch. However, microG's functionality and compatibility, which is already not nearly as broad as Sandboxed Google Play, will greatly diminish.
 
 ## Privileged eSIM Activation Application
 
 Currently, eSIM activation is tied to a privileged proprietary application by Google. The app has the `READ_PRIVILEGED_PHONE_STATE` permission, giving Google access to your hardware identifiers such as the IMEI.
 
-On GrapheneOS, the app comes disabled and can be *optionally* enabled by the user after they have installed Sandboxed Play Services.
+On GrapheneOS, the app comes disabled and you can *optionally* enable it after installing Sandboxed Google Play.
 
-On CalyxOS, the app comes installed by default (regardless of whether you choose to have microG or not) and cannot be opted out. This means Google still has access to your hardware identifiers regardless of whether or not you need eSIM activation and can be accessed persistently.
+On CalyxOS, the app comes installed by default (regardless of whether you choose to have microG or not) and you cannot opt-out. This means that Google still has access to your hardware identifiers regardless of whether or not you need eSIM activation and they can be accessed persistently.
 
 ## Privileged App Extensions
 
-Android 12 comes with special support for seamless app updates with [third-party app stores](https://android-developers.googleblog.com/2020/09/listening-to-developer-feedback-to.html). The popular Free and Open-Source Software (FOSS) repository [F-Droid](https://f-droid.org) doesn't implement this feature and requires a [privileged extension](https://f-droid.org/en/packages/org.fdroid.fdroid.privileged) to be included with the Android distribution in order to have unattended app installation.
+Android 12 comes with special support for seamless app updates with [third-party app stores](https://android-developers.googleblog.com/2020/09/listening-to-developer-feedback-to.html). The popular Free and Open-Source Software (FOSS) repository [F-Droid](https://f-droid.org) doesn't implement this feature and requires a [privileged extension](https://f-droid.org/en/packages/org.fdroid.fdroid.privileged) to be included with the Android distribution in order to have unattended app updates.
 
-GrapheneOS does not include F-Droid, because all updates have to be manually installed, which poses a security risk. However, you can use the [Neo Store](../android.md#neo-store) client for F-Droid which does support seamless (background) app updates in Android 12. GrapheneOS officially recommends [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play) instead. Many FOSS Android apps are also in Google Play but sometimes they are not (like [NewPipe](../video-streaming.md)).
+CalyxOS includes the [privileged extension](https://f-droid.org/en/packages/org.fdroid.fdroid.privileged), which may lower device security.
 
-CalyxOS includes the [privileged extension](https://f-droid.org/en/packages/org.fdroid.fdroid.privileged), which may lower device security. Seamless app updates should be possible with [Aurora Store](https://auroraoss.com) in Android 12.
+On the other hand, GrapheneOS officially recommends [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play) instead. Many FOSS Android apps are also in Google's Play Store but sometimes they are not (like [NewPipe](../frontends.md#newpipe-android)). In those cases, you can [keep up with updates using RSS](../android.md#manually-with-rss-notifications).
+
+## Profiles
+
+GrapheneOS significantly improves [user profiles](overview.md#user-profiles) in [multiple ways](https://grapheneos.org/features#improved-user-profiles), such as increasing the limit of how many profiles you can create (32 instead of the standard 4), allowing you to log out of user profiles, disabling app installation, and notification forwarding. All of these improvements make it so user profiles can be daily driven without sacrificing too much usability.
+
+CalyxOS doesn't feature any improvements to user profiles over AOSP, and instead includes a device controller app so that the [work profile](overview.md#work-profile) can be used without needing to download a third party app such as [Shelter](../android.md#shelter). However, work profiles are not nearly as flexible (as you're limited to only one) and don't provide the same amount of isolation and security.
 
 ## Additional Hardening
 

docs/assets/img/frontends/nitter.svg

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg width="666.67" height="666.67" version="1" viewBox="0 0 500 500" xmlns="http://www.w3.org/2000/svg"><path d="M73.6 33.6L71 36.3v427.4l2.6 2.7 2.7 2.6h87.4l2.7-2.6 2.6-2.7V339.9c0-102.6.2-123.9 1.3-123.9.8 0 41.1 56.1 89.7 124.7 48.5 68.7 89.2 125.6 90.4 126.5 1.9 1.6 5.5 1.8 37.7 1.8h35.6l2.7-2.6 2.6-2.7V36.3l-2.6-2.7-2.7-2.6h-87.4l-2.7 2.6-2.6 2.7v123.8c0 102.6-.2 123.9-1.3 123.9-.8 0-41.1-56.1-89.7-124.8-48.5-68.6-89.2-125.5-90.4-126.4-1.9-1.6-5.5-1.8-37.7-1.8H76.3l-2.7 2.6zm158.9 147.1c51.2 72.3 94.4 133.1 96.1 134.9 2.9 3.1 3.6 3.4 9.1 3.4 5.2 0 6.4-.4 8.7-2.6l2.6-2.7V49h62v402l-25.2-.1h-25.3l-93-131.6c-51.1-72.3-94.4-133.1-96.1-134.9-2.9-3.1-3.6-3.4-9.1-3.4-5.2 0-6.4.4-8.7 2.6l-2.6 2.7V451H89V49l25.3.1h25.2l93 131.6z" fill="#ff6c60" stroke="#ff6c60" stroke-width=".99975"/></svg>

docs/assets/img/password-management/strongbox.svg

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg id="svg" version="1.1" viewBox="0 0 400 400" xmlns="http://www.w3.org/2000/svg"><g id="svgg" fill-rule="evenodd"><path d="m192.97 62.129c-26.656 3.317-47.983 19.882-57.565 44.71-3.853 9.982-4.545 15.747-4.545 37.851v17.306l-6.738 0.232c-14.347 0.494-22.587 5.938-26.729 17.659l-1.103 3.121v29.492c0 32.127 0.031 32.689 2.391 43.3 7.874 35.404 34.139 64.851 68.117 76.367 64.962 22.019 132.51-23.702 137.13-92.819 0.687-10.284 0.297-55.379-0.502-58.008-3.668-12.066-12.845-18.84-25.525-18.84-2.61 0-5.562-0.112-6.558-0.248l-1.813-0.249v-16.507c0-21.046-0.486-25.958-3.516-35.535-9.734-30.76-41.753-51.726-73.046-47.832m15.537 24.046c16.237 2.877 30.363 15.383 35.396 31.336 2.023 6.411 2.192 8.514 2.192 27.267v17.331h-45.899-45.898v-17.331c0-13.608 0.125-18.05 0.582-20.673 4.48-25.69 28.165-42.442 53.627-37.93m-2.898 121.87c16.242 4.187 21.698 24.248 9.976 36.683-4.224 4.481-4.355 4.975-3.637 13.767 0.717 8.774 0.689 10.256-0.241 12.743-3.982 10.643-19.039 10.643-23.021 0-0.93-2.485-0.959-3.97-0.244-12.722 0.716-8.755 0.61-9.191-3.224-13.329-15.541-16.775-1.291-42.732 20.391-37.142" fill="#f4f5f5"/><path d="m66.797 0.623c-34.231 4.974-61.413 32.288-66.186 66.507-0.93 6.668-0.93 259.07 0 265.74 4.796 34.385 32.134 61.723 66.519 66.519 6.668 0.93 259.07 0.93 265.74 0 34.385-4.796 61.723-32.134 66.519-66.519 0.93-6.668 0.93-259.07 0-265.74-4.795-34.376-32.143-61.724-66.519-66.519-6.215-0.867-260.1-0.855-266.07 0.012m147.07 62.252c28.834 6.201 50.351 28.799 55.107 57.871 0.535 3.274 0.698 7.656 0.843 22.669l0.18 18.61 7.091 0.164c13.738 0.317 22.526 6.264 26.147 17.694 1.083 3.416 1.371 60.296 0.341 67.187-9.283 62.11-67.941 102.56-127.69 88.048-42.787-10.389-75.15-47.632-79.396-91.368-0.9-9.268-0.357-61.056 0.672-64.062 3.924-11.473 12.498-17.212 26.144-17.502l7.092-0.15 0.179-18.616c0.281-29.073 2.88-38.928 14.315-54.268 15.529-20.833 43.951-31.661 68.979-26.277m-20.508 23.266c-18.263 2.85-33.014 16.445-37.53 34.59-1.16 4.66-1.519 10.98-1.526 26.828l-6e-3 14.55h45.898 45.899l-6e-3 -14.55c-7e-3 -15.848-0.367-22.168-1.527-26.828-5.762-23.154-28.041-38.204-51.202-34.59m3.259 121.69c-17.389 3.099-23.811 23.765-11.46 36.877 4.079 4.331 4.177 4.691 3.58 13.041-0.882 12.331-0.586 14.057 3.034 17.681 4.868 4.873 11.978 4.873 16.847 0 3.62-3.624 3.916-5.35 3.034-17.681-0.598-8.35-0.499-8.71 3.58-13.041 14.6-15.5 1.959-40.543-18.615-36.877" fill="#1444b4"/><path d="m273.03 307.72-1.346 1.465 1.465-1.346c0.805-0.741 1.464-1.4 1.464-1.465 0-0.299-0.33-0.018-1.583 1.346" fill="#6884c7"/><path d="m150.95 82.129-1.147 1.269 1.269-1.147c1.184-1.069 1.449-1.392 1.148-1.392-0.068 0-0.639 0.572-1.27 1.27m-20.305 64.16c0 8.809 0.051 12.468 0.114 8.132 0.063-4.337 0.063-11.544 0-16.016-0.062-4.472-0.114-0.925-0.114 7.884m139.06 3.32c0 6.983 0.053 9.839 0.118 6.348 0.064-3.491 0.064-9.204 0-12.695-0.065-3.491-0.118-0.635-0.118 6.347" fill="#4c6cc4"/><path d="m274.12 162.4c1.343 0.076 3.54 0.076 4.883 0 1.343-0.077 0.244-0.139-2.441-0.139-2.686 0-3.785 0.062-2.442 0.139m29.892 75.882c0 0.967 0.076 1.363 0.169 0.879 0.093-0.483 0.093-1.274 0-1.758-0.093-0.483-0.169-0.088-0.169 0.879m-109.97 99.495c0.483 0.093 1.274 0.093 1.758 0 0.483-0.093 0.088-0.17-0.879-0.17s-1.362 0.077-0.879 0.17m10.547 0c0.483 0.093 1.274 0.093 1.758 0 0.483-0.093 0.088-0.17-0.879-0.17s-1.363 0.077-0.879 0.17" fill="#8c9ccc"/><path d="m269.67 133.79c-1e-3 1.934 0.065 2.774 0.147 1.867 0.082-0.906 0.083-2.488 2e-3 -3.515s-0.148-0.286-0.149 1.648" fill="#3c62ba"/></g></svg>

docs/assets/img/self-contained-networks/freenet.svg

@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867"><g><g><g><path fill="#fff" stroke="#356ace" stroke-width="1.5" d="m80.03 122.66c14.46-15.6 24.29-8.67 7.5 2.23-5.34 3.47-3.95 4.48-0.36 3.93 5.07-0.77 7.84 0.2 9.07 1.16 2.94 2.3 4.41 0.59 5.4-1.16 1.97-3.47 8.61 0.3 3.75 3.93-3.8 2.83-3.27 6.02 0.18 7.86 6.39 3.4 20.73 10.14 18.57 17.32-0.88 2.93-2.47 5.69-6.07 1.96-6.75-6.97-11.24-12.92-26.79-15.35-10.04-1.58-20.13-4.21-29.82 0.71-4.56 2.42-10.3 3.98-11.52 1.12-1.59-3.73 6.53-6.8 14.38-7.55 5.1-0.49 9.67-3.83 2.68-5.53-8.61-2.65 1.28-10.2 7.5-8.4 4.05 1.18 4.45-1.06 5.53-2.23z" transform="translate(0 -263.13) matrix(.072143 0 0 .072143 -44.234 303.31) matrix(6.1686 0 0 6.1686 310.87 -1171.1)"/></g></g></g></svg>

docs/assets/img/self-contained-networks/i2p-dark.svg

@@ -1,2 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><g transform="translate(0 -263.13)"><g transform="matrix(.072143 0 0 .072143 -44.234 303.31)"><g transform="matrix(4.2693 0 0 4.2693 375.06 -875.07)"><g fill="#fff"><path d="m55.768 116.33h5.6254v26.531h-5.6254z"/><path d="m83.567 142.86h-18.761v-3.9469l6.7371-6.8105c1.9948-2.0436 3.2979-3.4605 3.9102-4.2498 0.61183-0.78977 1.0522-1.5205 1.3217-2.1937 0.26898-0.67315 0.4037-1.3705 0.4037-2.0928 0-1.0769-0.29639-1.8787-0.8901-2.405-0.59371-0.52589-1.3858-0.78929-2.3772-0.78929-1.0406 0-2.0501 0.23877-3.0289 0.71589-0.97976 0.47756-2.0013 1.1568-3.0661 2.0376l-3.0838-3.6528c1.3217-1.1261 2.4167-1.9214 3.2859-2.3865 0.86873-0.46502 1.8174-0.8232 2.8454-1.0741 1.0281-0.25087 2.1783-0.3763 3.4512-0.3763 1.6766 0 3.1576 0.30615 4.4426 0.91798 1.285 0.61229 2.2824 1.4685 2.9922 2.57 0.70938 1.1015 1.0648 2.3623 1.0648 3.7815 0 1.2367-0.21742 2.3958-0.65178 3.4791-0.43437 1.0829-1.1075 2.1936-2.0195 3.3318-0.91147 1.1382-2.5179 2.76-4.8189 4.8644l-3.4512 3.2496v0.2569h11.694z"/><path d="m92.214 128.81h1.8508c1.73 0 3.0243-0.34145 3.8837-1.0253 0.85851-0.68337 1.2882-1.6785 1.2882-2.9853 0-1.3184-0.36003-2.2922-1.0796-2.9216-0.72008-0.62854-1.8485-0.94352-3.3843-0.94352h-2.5588zm12.703-4.2103c0 2.8557-0.89243 5.0391-2.6768 6.5513-1.7848 1.5126-4.3223 2.2684-7.6128 2.2684h-2.4134v9.4362h-5.6254v-26.531h8.4746c3.218 0 5.6644 0.69266 7.3406 2.078 1.6752 1.3853 2.5133 3.4508 2.5133 6.1968"/></g><path d="m121.18 137.1c0-3.4494-2.7962-6.2456-6.2456-6.2456-3.4494 0-6.2456 2.7962-6.2456 6.2456 0 3.4494 2.7962 6.2456 6.2456 6.2456 3.4494 0 6.2456-2.7962 6.2456-6.2456" fill="#ffc434"/><path d="m121.18 122.25c0-3.4494-2.7962-6.2456-6.2456-6.2456-3.4494 0-6.2456 2.7962-6.2456 6.2456 0 3.4494 2.7962 6.2456 6.2456 6.2456 3.4494 0 6.2456-2.7962 6.2456-6.2456" fill="#60ab60"/><path d="m136.03 137.1c0-3.4494-2.7962-6.2456-6.2456-6.2456-3.4494 0-6.2456 2.7962-6.2456 6.2456 0 3.4494 2.7962 6.2456 6.2456 6.2456 3.4494 0 6.2456-2.7962 6.2456-6.2456" fill="#e15647"/><path d="m136.03 122.25c0-3.4494-2.7962-6.2456-6.2456-6.2456-3.4494 0-6.2456 2.7962-6.2456 6.2456 0 3.4494 2.7962 6.2456 6.2456 6.2456 3.4494 0 6.2456-2.7962 6.2456-6.2456" fill="#ffc434"/><path d="m150.88 137.1c0-3.4494-2.7962-6.2456-6.2456-6.2456-3.4494 0-6.2456 2.7962-6.2456 6.2456 0 3.4494 2.7962 6.2456 6.2456 6.2456 3.4494 0 6.2456-2.7962 6.2456-6.2456" fill="#ffc434"/><path d="m150.88 122.25c0-3.4494-2.7962-6.2456-6.2456-6.2456-3.4494 0-6.2456 2.7962-6.2456 6.2456 0 3.4494 2.7962 6.2456 6.2456 6.2456 3.4494 0 6.2456-2.7962 6.2456-6.2456" fill="#60ab60"/><path d="m165.73 137.1c0-3.4494-2.7962-6.2456-6.2456-6.2456-3.4494 0-6.2456 2.7962-6.2456 6.2456 0 3.4494 2.7962 6.2456 6.2456 6.2456 3.4494 0 6.2456-2.7962 6.2456-6.2456" fill="#60ab60"/><path d="m165.73 122.25c0-3.4494-2.7962-6.2456-6.2456-6.2456-3.4494 0-6.2456 2.7962-6.2456 6.2456 0 3.4494 2.7962 6.2456 6.2456 6.2456 3.4494 0 6.2456-2.7962 6.2456-6.2456" fill="#e15647"/></g></g></g></svg>

docs/assets/img/self-contained-networks/i2p.svg

@@ -1,2 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><g transform="translate(0 -263.13)"><g transform="matrix(.072143 0 0 .072143 -44.234 303.31)"><g transform="matrix(4.2693 0 0 4.2693 375.06 -875.07)"><g fill="#231f20"><path d="m55.768 116.33h5.6254v26.531h-5.6254z"/><path d="m83.567 142.86h-18.761v-3.9469l6.7371-6.8105c1.9948-2.0436 3.2979-3.4605 3.9102-4.2498 0.61183-0.78977 1.0522-1.5205 1.3217-2.1937 0.26898-0.67315 0.4037-1.3705 0.4037-2.0928 0-1.0769-0.29639-1.8787-0.8901-2.405-0.59371-0.52589-1.3858-0.78929-2.3772-0.78929-1.0406 0-2.0501 0.23877-3.0289 0.71589-0.97976 0.47756-2.0013 1.1568-3.0661 2.0376l-3.0838-3.6528c1.3217-1.1261 2.4167-1.9214 3.2859-2.3865 0.86873-0.46502 1.8174-0.8232 2.8454-1.0741 1.0281-0.25087 2.1783-0.3763 3.4512-0.3763 1.6766 0 3.1576 0.30615 4.4426 0.91798 1.285 0.61229 2.2824 1.4685 2.9922 2.57 0.70938 1.1015 1.0648 2.3623 1.0648 3.7815 0 1.2367-0.21742 2.3958-0.65178 3.4791-0.43437 1.0829-1.1075 2.1936-2.0195 3.3318-0.91147 1.1382-2.5179 2.76-4.8189 4.8644l-3.4512 3.2496v0.2569h11.694z"/><path d="m92.214 128.81h1.8508c1.73 0 3.0243-0.34145 3.8837-1.0253 0.85851-0.68337 1.2882-1.6785 1.2882-2.9853 0-1.3184-0.36003-2.2922-1.0796-2.9216-0.72008-0.62854-1.8485-0.94352-3.3843-0.94352h-2.5588zm12.703-4.2103c0 2.8557-0.89243 5.0391-2.6768 6.5513-1.7848 1.5126-4.3223 2.2684-7.6128 2.2684h-2.4134v9.4362h-5.6254v-26.531h8.4746c3.218 0 5.6644 0.69266 7.3406 2.078 1.6752 1.3853 2.5133 3.4508 2.5133 6.1968"/></g><path d="m121.18 137.1c0-3.4494-2.7962-6.2456-6.2456-6.2456-3.4494 0-6.2456 2.7962-6.2456 6.2456 0 3.4494 2.7962 6.2456 6.2456 6.2456 3.4494 0 6.2456-2.7962 6.2456-6.2456" fill="#ffc434"/><path d="m121.18 122.25c0-3.4494-2.7962-6.2456-6.2456-6.2456-3.4494 0-6.2456 2.7962-6.2456 6.2456 0 3.4494 2.7962 6.2456 6.2456 6.2456 3.4494 0 6.2456-2.7962 6.2456-6.2456" fill="#60ab60"/><path d="m136.03 137.1c0-3.4494-2.7962-6.2456-6.2456-6.2456-3.4494 0-6.2456 2.7962-6.2456 6.2456 0 3.4494 2.7962 6.2456 6.2456 6.2456 3.4494 0 6.2456-2.7962 6.2456-6.2456" fill="#e15647"/><path d="m136.03 122.25c0-3.4494-2.7962-6.2456-6.2456-6.2456-3.4494 0-6.2456 2.7962-6.2456 6.2456 0 3.4494 2.7962 6.2456 6.2456 6.2456 3.4494 0 6.2456-2.7962 6.2456-6.2456" fill="#ffc434"/><path d="m150.88 137.1c0-3.4494-2.7962-6.2456-6.2456-6.2456-3.4494 0-6.2456 2.7962-6.2456 6.2456 0 3.4494 2.7962 6.2456 6.2456 6.2456 3.4494 0 6.2456-2.7962 6.2456-6.2456" fill="#ffc434"/><path d="m150.88 122.25c0-3.4494-2.7962-6.2456-6.2456-6.2456-3.4494 0-6.2456 2.7962-6.2456 6.2456 0 3.4494 2.7962 6.2456 6.2456 6.2456 3.4494 0 6.2456-2.7962 6.2456-6.2456" fill="#60ab60"/><path d="m165.73 137.1c0-3.4494-2.7962-6.2456-6.2456-6.2456-3.4494 0-6.2456 2.7962-6.2456 6.2456 0 3.4494 2.7962 6.2456 6.2456 6.2456 3.4494 0 6.2456-2.7962 6.2456-6.2456" fill="#60ab60"/><path d="m165.73 122.25c0-3.4494-2.7962-6.2456-6.2456-6.2456-3.4494 0-6.2456 2.7962-6.2456 6.2456 0 3.4494 2.7962 6.2456 6.2456 6.2456 3.4494 0 6.2456-2.7962 6.2456-6.2456" fill="#e15647"/></g></g></g></svg>

docs/assets/stylesheets/extra.css

@@ -186,7 +186,7 @@ h1, h2, h3, .md-header__topic {
 .md-typeset .recommendation > summary::before {
     display: none;
 }
-.md-typeset .recommendation img[align="right"], .md-typeset svg[align="right"] {
+img[align="right"], svg[align="right"] {
     width: 150px;
 }
 

docs/basics/account-deletion.en.md

@@ -44,13 +44,13 @@ Residents of the EEA have additional rights regarding data erasure specified in
 
 In some situations where you plan to abandon an account, it may make sense to overwrite the account information with fake data. Once you've made sure you can log in, change all the information in your account to falsified information. The reason for this is that many sites will retain information you previously had even after account deletion. The hope is that they will overwrite the previous information with the newest data you entered. However, there is no guarantee that there won't be backups with the prior information.
 
-For the account email, either create a new alternate email account via your provider of choice or create an alias using an [email aliasing service](/email/#email-aliasing-services). You can then delete your alternate email address once you are done. We recommend against using temporary email providers, as oftentimes it is possible to reactivate temporary emails.
+For the account email, either create a new alternate email account via your provider of choice or create an alias using an [email aliasing service](../email.md#email-aliasing-services). You can then delete your alternate email address once you are done. We recommend against using temporary email providers, as oftentimes it is possible to reactivate temporary emails.
 
 ### Delete
 
 You can check [JustDeleteMe](https://justdeleteme.xyz) for instructions on deleting the account for a specific service. Some sites will graciously have a "Delete Account" option, while others will go as far as to force you to speak with a support agent. The deletion process can vary from site to site, with account deletion being impossible on some.
 
-For services that don't allow account deletion, the best thing to do is falsify all your information as previously mentioned and strengthen account security. To do so, enable [MFA](multi-factor-authentication.md) and any extra security features offered. As well, change the password to a randomly-generated one that is the maximum allowed size (a [password manager](/passwords/#local-password-managers) can be useful for this).
+For services that don't allow account deletion, the best thing to do is falsify all your information as previously mentioned and strengthen account security. To do so, enable [MFA](multi-factor-authentication.md) and any extra security features offered. As well, change the password to a randomly-generated one that is the maximum allowed size (a [password manager](../passwords.md) can be useful for this).
 
 If you're satisfied that all information you care about is removed, you can safely forget about this account. If not, it might be a good idea to keep the credentials stored with your other passwords and occasionally re-login to reset the password.
 

docs/basics/common-threats.en.md

@@ -60,7 +60,7 @@ The obvious problem with this is that the service provider (or a hacker who has
 
 Thankfully, end-to-end encryption can alleviate this issue by encrypting communications between you and your desired recipients before they are even sent to the server. The confidentiality of your messages is guaranteed, so long as the service provider does not have access to the private keys of either party.
 
-??? note "Note on web-based encryption"
+!!! note "Note on web-based encryption"
 
     In practice, the effectiveness of different end-to-end encryption implementations varies. Applications such as [Signal](../real-time-communication.md#signal) run natively on your device, and every copy of the application is the same across different installations. If the service provider were to backdoor their application in an attempt to steal your private keys, that could later be detected using reverse engineering.
 

docs/basics/email-security.en.md

@@ -17,7 +17,7 @@ Even if you use OpenPGP, it does not support [forward secrecy](https://en.wikipe
 
 ### What Email Clients Support E2EE?
 
-Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multi-factor authentication](/basics/multi-factor-authentication/) is not possible with plain password authentication.
+Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multi-factor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
 
 ### How Do I Protect My Private Keys?
 

docs/basics/multi-factor-authentication.en.md

@@ -34,7 +34,7 @@ Unlike [WebAuthn](#fido-fast-identity-online), TOTP offers no protection against
 
 An adversary could set up a website to imitate an official service in an attempt to trick you into giving out your username, password and current TOTP code. If the adversary then uses those recorded credentials they may be able to log into the real service and hijack the account.
 
-Although not perfect, TOTP is secure enough for most people, and when [hardware security keys](/multi-factor-authentication/#hardware-security-keys) are not supported [authenticator apps](/multi-factor-authentication/#authenticator-apps) are still a good option.
+Although not perfect, TOTP is secure enough for most people, and when [hardware security keys](../multi-factor-authentication.md#hardware-security-keys) are not supported [authenticator apps](../multi-factor-authentication.md#authenticator-apps) are still a good option.
 
 ### Hardware security keys
 

docs/basics/passwords-overview.en.md

@@ -15,7 +15,7 @@ This is called [credential stuffing](https://en.wikipedia.org/wiki/Credential_st
 
 ### Use randomly generated passwords
 
-==You should **never** rely on yourself to come up with a good password.== We recommend using [randomly generated passwords](#passwords) or [diceware passphrases](#diceware) with sufficient entropy to protect your accounts and devices.
+==You should **never** rely on yourself to come up with a good password.== We recommend using [randomly generated passwords](#passwords) or [diceware passphrases](#diceware-passphrases) with sufficient entropy to protect your accounts and devices.
 
 All of our [recommended password managers](../passwords.md) include a built-in password generator that you can use.
 
@@ -27,7 +27,7 @@ When it comes to passwords that you don't have to remember (such as passwords st
 
 !!! Tip "Checking for data breaches"
 
-    If your password manager lets you check for compromised passwords, make sure to do so and promptly change any password that may have been exposed in a data breach.
+    If your password manager lets you check for compromised passwords, make sure to do so and promptly change any password that may have been exposed in a data breach. Alternatively, you could follow [Have I Been Pwned's Latest Breaches feed](https://feeds.feedburner.com/HaveIBeenPwnedLatestBreaches) with the help of a [news aggregator](../news-aggregators.md).
 
 
 ## Creating strong passwords
@@ -36,7 +36,7 @@ When it comes to passwords that you don't have to remember (such as passwords st
 
 A lot of services impose certain criteria when it comes to passwords, including a minimum or maximum length, as well as which special characters, if any, can be used. You should use your password manager's built-in password generator to create passwords that are as long and complex as the service will allow by including capitalized and lowercase letters, numbers and special characters.
 
-If you need a password you can memorize, we recommend a [diceware passphrase](#diceware).
+If you need a password you can memorize, we recommend a [diceware passphrase](#diceware-passphrases).
 
 ### Diceware Passphrases
 
@@ -94,13 +94,17 @@ To sum it up, diceware passphrases are your best option when you need something
 
 The best way to store your passwords is by using a password manager. They allow you to store your passwords in a file or in the cloud and protect them with a single master password. That way, you will only have to remember one strong password, which lets you access the rest of them.
 
-There are many good options to choose from, both cloud-based and local. Choose one of our recommended password managers and use it to establish strong passwords across all of your accounts. We recommend securing your password manager with a [diceware](#diceware) passphrase comprised of at least seven words.
+There are many good options to choose from, both cloud-based and local. Choose one of our recommended password managers and use it to establish strong passwords across all of your accounts. We recommend securing your password manager with a [diceware passphrase](#diceware-passphrases) comprised of at least seven words.
 
 [List of recommended password managers](../passwords.md){ .md-button }
 
 !!! Warning "Don't place your passwords and TOTP tokens inside the same password manager"
 
-    If you're using TOTP as a [multi-factor authentication](../multi-factor-authentication.md) method for any of your accounts, do not store these tokens, any backup codes for them, or the TOTP secrets themselves in your password manager, as that negates the benefit of multi-factor authentication. You should use a dedicated [TOTP app](../multi-factor-authentication.md/#authenticator-apps) instead.
+    When using TOTP codes as [multi-factor authentication](../multi-factor-authentication.md), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md#authenticator-apps).
+
+    Storing your TOTP tokens in the same place as your passwords, while convenient, reduces the accounts to a single factor in the event that an adversary gains access to your password manager.
+
+    Furthermore, we do not recommend storing single-use recovery codes in your password manager. Those should be stored separately such as in an encrypted container on an offline storage device.
 
 ### Backups
 

docs/basics/tor-overview.en.md

@@ -70,7 +70,7 @@ Though Tor does provide strong privacy guarantees, one must be aware that Tor is
 
 If you wish to use Tor for browsing the web, we only recommend the **official** Tor Browser—it is designed to prevent fingerprinting.
 
-- [Browsers: Tor Browser :material-arrow-right-drop-circle:](../desktop-browsers.md#tor-browser)
+- [Tor Browser :material-arrow-right-drop-circle:](../tor.md#tor-browser)
 
 ## Additional Resources
 

docs/basics/vpn-overview.en.md

@@ -50,18 +50,17 @@ Thus, this feature should be viewed as a convenient way to access the Tor Networ
 A VPN may still be useful to you in a variety of scenarios, such as:
 
 1. Hiding your traffic from **only** your Internet Service Provider.
-2. Hiding your downloads (such as torrents) from your ISP and anti-piracy organizations.
-3. Hiding your IP from third-party websites and services, preventing IP based tracking.
+1. Hiding your downloads (such as torrents) from your ISP and anti-piracy organizations.
+1. Hiding your IP from third-party websites and services, preventing IP based tracking.
 
 For use cases like these, or if you have another compelling reason, the VPN providers we listed above are who we think are the most trustworthy. However, using a VPN provider still means you're *trusting* the provider. In pretty much any other scenario you should be using a secure**-by-design** tool such as Tor.
 
 ## Sources and Further Reading
 
 1. [VPN - a Very Precarious Narrative](https://schub.io/blog/2019/04/08/very-precarious-narrative.html) by Dennis Schubert
-2. [The self-contained networks](../self-contained-networks.md) recommended by Privacy Guides are able to replace a VPN that allows access to services on local area network
-3. [Tor Network Overview](tor-overview.md) by blacklight447
-4. [IVPN Privacy Guides](https://www.ivpn.net/privacy-guides)
-5. ["Do I need a VPN?"](https://www.doineedavpn.com), a tool developed by IVPN to challenge aggressive VPN marketing by helping individuals decide if a VPN is right for them.
+1. [Tor Network Overview](tor-overview.md) by blacklight447
+1. [IVPN Privacy Guides](https://www.ivpn.net/privacy-guides)
+1. ["Do I need a VPN?"](https://www.doineedavpn.com), a tool developed by IVPN to challenge aggressive VPN marketing by helping individuals decide if a VPN is right for them.
 
 ## Related VPN Information
 

docs/blog/2021/12/01/firefox-privacy-2021-update.md

@@ -7,7 +7,7 @@ template: overrides/blog.en.html
 ---
 A lot changed between 2019 and now, not least in regards to Firefox. Since our last post, Mozilla has [improved](https://blog.mozilla.org/en/products/firefox/latest-firefox-rolls-out-enhanced-tracking-protection-2-0-blocking-redirect-trackers-by-default/) privacy with [Enhanced Tracking Protection (ETP)](https://blog.mozilla.org/en/products/firefox/firefox-now-available-with-enhanced-tracking-protection-by-default/). Earlier this year Mozilla introduced [Total Cookie Protection](https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/) (Dynamic First Party Isolation dFPI). This was then further tightened with [Enhanced Cookie Clearing](https://blog.mozilla.org/security/2021/08/10/firefox-91-introduces-enhanced-cookie-clearing/). We’re also looking very forward to [Site Isolation](https://blog.mozilla.org/security/2021/05/18/introducing-site-isolation-in-firefox/) (code named Fission) being enabled by default in the coming releases.
 
-Now that so many privacy features are built into the browser, there is little need for extensions made by third-party developers. Accordingly, we have updated our very outdated [browser](https://www.privacyguides.org/browsers) section. If you’ve got an old browser profile we suggest **creating a new one**. Some of the old advice may make your browser _more_ unique.
+Now that so many privacy features are built into the browser, there is little need for extensions made by third-party developers. Accordingly, we have updated our very outdated [browser](../../../../desktop-browsers.md) section. If you’ve got an old browser profile we suggest **creating a new one**. Some of the old advice may make your browser _more_ unique.
 
 #### Privacy Tweaks “about:config”
 

docs/blog/2022/06/09/hide-nothing.md

@@ -21,7 +21,7 @@ In countries were organizing around political dissent is legal, that doesn't mea
 
 And even if you break away from the legal aspects, we all have something to hide. You may not be ready to reveal your sexual or gender identity, but your internet usage could potentially do that for you. You don't want to make your bank account public; you have that information to hide. And you can continue to list things about your life you'd just rather not make public, regardless of potential legality.
 
-In July of 2021, a Catholic priest by the name of Jeffrey Burrill lost his job and was forced to resign after data collected through his cell phone showed that he was active on the Gay dating app Grindr, and that he had visited multiple gay bars in the area. [According](https://www.washingtonpost.com/religion/2021/07/20/bishop-misconduct-resign-burrill/) to the *Washington Post*:
+In July of 2021, a Catholic priest by the name of Jeffrey Burrill lost his job and was forced to resign after data collected through his cell phone showed that he was active on the gay dating app Grindr, and that he had visited multiple gay bars in the area. [According](https://www.washingtonpost.com/religion/2021/07/20/bishop-misconduct-resign-burrill/) to the *Washington Post*:
 
 > “A mobile device correlated to Burrill emitted app data signals from the location-based hookup app Grindr on a near-daily basis during parts of 2018, 2019, and 2020 —– at both his USCCB office and his USCCB-owned residence, as well as during USCCB meetings and events in other cities,” the Pillar reported.
 
@@ -33,7 +33,7 @@ While it was not clear who was tracking Burrill's device, the Post went on to sa
 
 > Privacy experts have long raised concerns about “anonymized” data collected by apps and sold to or shared with aggregators and marketing companies. While the information is typically stripped of obviously identifying fields, like a user's name or phone number, it can contain everything from age and gender to a device ID. It's possible for experts to de-anonymize some of this data and connect it to real people.
 
-While Burrill was without a doubt in violation of his works own code of conduct, he did decide on his own to be a priest. However, his personal life was not harming others and was just that, his personal life. While the question looms about who was tracking him to begin with and why, the fact it was so easy to do is alarming.
+While Burrill was without a doubt in violation of his work's own code of conduct, he did decide on his own to be a priest. However, his personal life was not harming others and was just that, his personal life. While the question looms about who was tracking him to begin with and why, the fact it was so easy to do is alarming.
 
 What if Burrill wasn't a priest, but just happened to work for someone who held anti-homosexual views who used this data to out him, humiliate him, and fire him under false pretenses? This data, which should be private could (and likely did in the real-life circumstance) ruin his life.
 

docs/calendar-contacts.en.md

@@ -1,6 +1,6 @@
 ---
 title: "Calendar and Contact Sync"
-icon: material/calendar
+icon: material/calendar-account
 ---
 Calendars and contacts contain some of your most sensitive data; use products that implement E2EE at rest to prevent a provider from reading them.
 
@@ -40,7 +40,7 @@ Calendars and contacts contain some of your most sensitive data; use products th
 
     **EteSync** is a secure, end-to-end encrypted, and privacy-respecting cloud backup and synchronization software for your personal information, including contacts and calendars. There are native clients for Android, iOS, with a web client and an adapter layer for most desktop clients available too. Etesync does [not](https://www.etesync.com/faq/#2fa) currently support multi-factor authentication.
 
-    EteSync offers a SaaS for [$24/year](https://dashboard.etebase.com/user/partner/pricing/), or you can host the server yourself for free.
+    EteSync offers a [SaaS](https://dashboard.etebase.com/user/partner/pricing/), or you can host the server yourself for free.
 
     [:octicons-home-16: Homepage](https://www.etesync.com){ .md-button .md-button--primary }
     [:octicons-eye-16:](https://www.etesync.com/tos/#privacy){ .card-link title="Privacy Policy" }

docs/cloud.en.md

@@ -67,6 +67,4 @@ When self-hosting, you should also enable E2EE to protect against your hosting p
 
         - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive)
 
-Proton Drive is currently in beta and is only available through a web client and an Android app.
-
-When using a web client, you are placing trust in the server to send you proper JavaScript code to derive the decryption key and authentication token locally in your browser. A compromised server can send you malicious JavaScript code to steal your master password and decrypt your data. If this does not fit your [threat model](basics/threat-modeling.md), consider using an alternative.
+Proton Drive is currently only available through a web client and an Android app.

docs/data-redaction.en.md

@@ -89,7 +89,7 @@ The app offers multiple ways to erase metadata from images. Namely:
 
     ![Metapho logo](assets/img/data-redaction/metapho.jpg){ align=right }
 
-    Metapho is a simple and clean viewer for photo metadata such as date, file name, size, camera model, shutter speed, and location.
+    **Metapho** is a simple and clean viewer for photo metadata such as date, file name, size, camera model, shutter speed, and location.
 
     [:octicons-home-16: Homepage](https://zininworks.com/metapho){ .md-button .md-button--primary }
     [:octicons-eye-16:](https://zininworks.com/privacy/){ .card-link title="Privacy Policy" }
@@ -98,7 +98,7 @@ The app offers multiple ways to erase metadata from images. Namely:
 
         - [:simple-appstore: App Store](https://apps.apple.com/us/app/metapho/id914457352)
 
-### PrivacyBlur (Android)
+### PrivacyBlur
 
 !!! recommendation
 
@@ -115,6 +115,7 @@ The app offers multiple ways to erase metadata from images. Namely:
 
         - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=de.mathema.privacyblur)
         - [:simple-fdroid: F-Droid](https://f-droid.org/en/packages/de.mathema.privacyblur/)
+        - [:simple-appstore: App Store](https://apps.apple.com/us/app/privacyblur/id1536274106)
 
 !!! warning
 

docs/desktop-browsers.en.md

@@ -1,37 +1,8 @@
 ---
 title: "Desktop Browsers"
-icon: octicons/browser-16
+icon: material/laptop
 ---
-These are our currently recommended desktop web browsers and configurations. In general, we recommend keeping extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation.
-
-### Tor Browser
-
-!!! recommendation
-
-    ![Tor Browser logo](assets/img/browsers/tor.svg){ align=right }
-
-    **Tor Browser** is the choice if you need anonymity, as it provides you with access to the Tor Bridges and [Tor Network](https://en.wikipedia.org/wiki/Tor_(network)), along with settings and extensions that are automatically configured by the default security levels: *Standard*, *Safer* and *Safest*.
-
-    The Tor Browser is designed to prevent fingerprinting, or identifying you based on your browser configuration. Therefore, it is imperative that you do **not** modify the browser beyond the default [security levels](https://tb-manual.torproject.org/security-settings/).
-
-    For further information about the Tor Browser, we suggest taking a look at the [manual](https://tb-manual.torproject.org/about/).
-
-    [:octicons-home-16: Homepage](https://www.torproject.org){ .md-button .md-button--primary }
-    [:simple-torproject:](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion){ .card-link title=Onion }
-    [:octicons-info-16:](https://tb-manual.torproject.org/){ .card-link title=Documentation }
-    [:octicons-code-16:](https://gitweb.torproject.org/tor-browser.git/){ .card-link title="Source Code" }
-    [:octicons-heart-16:](https://donate.torproject.org/){ .card-link title=Contribute }
-
-    ??? downloads
-
-        - [:simple-windows11: Windows](https://www.torproject.org/download/)
-        - [:simple-apple: macOS](https://www.torproject.org/download/)
-        - [:simple-linux: Linux](https://www.torproject.org/download/)
-        - [:simple-flathub: Flatpak](https://flathub.org/apps/details/com.github.micahflee.torbrowser-launcher)
-
-!!! danger
-
-    You should **never** install any additional extensions on Tor Browser, including the ones we suggest for Firefox. Nor should you manually enable HTTPS-only mode or edit `about:config` settings. Browser extensions and non-standard settings make you stand out from others on the Tor network, thus making your browser easier to [fingerprint](https://support.torproject.org/glossary/browser-fingerprinting).
+These are our currently recommended desktop web browsers and configurations for standard/non-anonymous browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping your browser extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation.
 
 ### Firefox
 
@@ -59,7 +30,7 @@ These are our currently recommended desktop web browsers and configurations. In
 
 #### Recommended Configuration
 
-Tor Browser is the only way to truly browse the internet anonymously. When you use Firefox, we recommend changing the following settings to protect your privacy from certain parties, but all browsers other than [Tor Browser](#tor-browser) will be traceable by *somebody* in some regard or another.
+Tor Browser is the only way to truly browse the internet anonymously. When you use Firefox, we recommend changing the following settings to protect your privacy from certain parties, but all browsers other than [Tor Browser](tor.md#tor-browser) will be traceable by *somebody* in some regard or another.
 
 These options can be found in :material-menu: → **Settings** → **Privacy & Security**.
 
@@ -120,7 +91,7 @@ The [Arkenfox project](https://github.com/arkenfox/user.js) provides a set of ca
     Brave is built upon the Chromium web browser project, so it should feel familiar and have minimal website compatibility issues.
 
     [:octicons-home-16: Homepage](https://brave.com/){ .md-button .md-button--primary }
-    [:simple-torproject:](https://brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title=Onion }
+    [:simple-torbrowser:](https://brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title="Onion Service" }
     [:octicons-eye-16:](https://brave.com/privacy/browser/){ .card-link title="Privacy Policy" }
     [:octicons-info-16:](https://support.brave.com/){ .card-link title=Documentation}
     [:octicons-code-16:](https://github.com/brave/brave-browser){ .card-link title="Source Code" }
@@ -135,7 +106,7 @@ The [Arkenfox project](https://github.com/arkenfox/user.js) provides a set of ca
 
 #### Recommended Configuration
 
-Tor Browser is the only way to truly browse the internet anonymously. When you use Brave, we recommend changing the following settings to protect your privacy from certain parties, but all browsers other than the [Tor Browser](#tor-browser) will be traceable by *somebody* in some regard or another.
+Tor Browser is the only way to truly browse the internet anonymously. When you use Brave, we recommend changing the following settings to protect your privacy from certain parties, but all browsers other than the [Tor Browser](tor.md#tor-browser) will be traceable by *somebody* in some regard or another.
 
 These options can be found in :material-menu: → **Settings**.
 
@@ -189,7 +160,7 @@ Disable built-in extensions you do not use in **Extensions**
 
 </div>
 
-1. Brave is **not** as resistant to fingerprinting as the Tor Browser and far fewer people use Brave with Tor, so you will stand out. Where [strong anonymity is required](https://support.brave.com/hc/en-us/articles/360018121491-What-is-a-Private-Window-with-Tor-Connectivity-) use the [Tor Browser](#tor-browser).
+1. Brave is **not** as resistant to fingerprinting as the Tor Browser and far fewer people use Brave with Tor, so you will stand out. Where [strong anonymity is required](https://support.brave.com/hc/en-us/articles/360018121491-What-is-a-Private-Window-with-Tor-Connectivity-) use the [Tor Browser](tor.md#tor-browser).
 
 ##### IPFS
 
@@ -233,36 +204,3 @@ We generally do not recommend installing any extensions as they increase your at
         - [:simple-microsoftedge: Edge](https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak)
 
 We suggest following the [developer's documentation](https://github.com/gorhill/uBlock/wiki/Blocking-mode) and picking one of the "modes". Additional filter lists can impact performance and may increase attack surface, so only apply what you need. If there is a [vulnerability in uBlock Origin](https://portswigger.net/research/ublock-i-exfiltrate-exploiting-ad-blockers-with-css) a third-party filter could add malicious rules that can potentially steal user data.
-
-### Snowflake
-
-!!! recommendation
-
-    ![Snowflake logo](assets/img/browsers/snowflake.svg#only-light){ align=right }
-    ![Snowflake logo](assets/img/browsers/snowflake-dark.svg#only-dark){ align=right }
-
-    **Snowflake** allows you to donate bandwidth to the Tor Project by operating a "Snowflake proxy" within your browser.
-
-    People who are censored can use Snowflake proxies to connect to the Tor network. Snowflake is a great way to contribute to the network even if you don't have the technical know-how to run a Tor relay or bridge.
-
-    [:octicons-home-16: Homepage](https://snowflake.torproject.org/){ .md-button .md-button--primary }
-    [:octicons-info-16:](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/Technical%20Overview){ .card-link title=Documentation}
-    [:octicons-code-16:](https://gitweb.torproject.org/pluggable-transports/snowflake.git/){ .card-link title="Source Code" }
-    [:octicons-heart-16:](https://donate.torproject.org/){ .card-link title=Contribute }
-
-    ??? downloads
-
-        - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/en-US/firefox/addon/torproject-snowflake/){ .card-link title=Firefox }
-        - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/snowflake/mafpmfcccpbjnhfhjnllmmalhifmlcie){ .card-link title=Chrome }
-        - [:octicons-browser-16: Web](https://snowflake.torproject.org/embed "Leave this page open to be a Snowflake proxy")
-
-??? tip "Embedded Snowflake"
-
-    You can enable Snowflake in your browser by clicking the switch below and ==leaving this page open==. You can also install Snowflake as a browser extension to have it always run while your browser is open, however adding third-party extensions can increase your attack surface.
-
-    <center><iframe src="https://snowflake.torproject.org/embed.html" width="320" height="240" frameborder="0" scrolling="no"></iframe></center>
-    <small>If the embed does not appear for you, ensure you are not blocking the third-party frame from `torproject.org`. Alternatively, visit [this page](https://snowflake.torproject.org/embed.html).</small>
-
-Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours.
-
-Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.

docs/dns.en.md

@@ -15,7 +15,7 @@ icon: material/dns
 | ------------ | -------------- | --------- | ------- | --- | --------- |
 | [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Cleartext <br> DoH <br> DoT <br> DNSCrypt | Some[^1] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS)
 | [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Cleartext <br> DoH <br> DoT | Some[^2] | No | Based on server choice.|
-| [**Control D**](https://controld.com/free-dns) | [:octicons-link-external-24:](https://controld.com/privacy) | Cleartext <br> DoH <br> DoT <br> DNSCrypt | Optional[^3] | No | Based on server choice. |
+| [**Control D**](https://controld.com/free-dns) | [:octicons-link-external-24:](https://controld.com/privacy) | Cleartext <br> DoH <br> DoT <br> DNSCrypt <br> DoQ <br> DoH3 | Optional[^3] | No | Based on server choice. |
 | [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | DoH <br> DoT | No[^4] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock)
 | [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Cleartext <br> DoH <br> DoT <br> DNSCrypt | Optional[^5] | Optional | Based on server choice. |
 | [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Cleartext <br> DoH <br> DoT <br> DNSCrypt | Some[^6] | Optional |  Based on server choice, Malware blocking by default. |

docs/email-clients.en.md

@@ -41,7 +41,7 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
 
     ![Apple Mail logo](assets/img/email-clients/applemail.png){ align=right }
 
-    **Apple Mail** is included in macOS and can be extended to have OpenPGP support with [GPG Suite](/encryption/#gpg-suite), which adds the ability to send encrypted email.
+    **Apple Mail** is included in macOS and can be extended to have OpenPGP support with [GPG Suite](encryption.md#gpg-suite), which adds the ability to send encrypted email.
 
     [:octicons-home-16: Homepage](https://support.apple.com/guide/mail/welcome/mac){ .md-button .md-button--primary }
     [:octicons-eye-16:](https://www.apple.com/legal/privacy/en-ww/){ .card-link title="Privacy Policy" }
@@ -175,7 +175,7 @@ Canary Mail is closed-source. We recommend it due to the few choices there are f
 
     ![NeoMutt logo](assets/img/email-clients/mutt.svg){ align=right }
 
-    NeoMutt is an open-source command line mail reader (or MUA) for Linux and BSD. It's a fork of [Mutt](https://en.wikipedia.org/wiki/Mutt_(email_client)) with added features.
+    **NeoMutt** is an open-source command line mail reader (or MUA) for Linux and BSD. It's a fork of [Mutt](https://en.wikipedia.org/wiki/Mutt_(email_client)) with added features.
 
     NeoMutt is a text-based client that has a steep learning curve. It is however, very customizable.
 

docs/email.en.md

@@ -28,10 +28,8 @@ For everything else, we recommend a variety of email providers based on sustaina
 
     If you have the Proton Unlimited, Business, or Visionary Plan, you also get [SimpleLogin](#simplelogin) Premium for free.
 
-    **Free**
-
     [:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary }
-    [:simple-torproject:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title=Onion }
+    [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" }
     [:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Privacy Policy" }
     [:octicons-info-16:](https://proton.me/support/mail){ .card-link title=Documentation}
     [:octicons-code-16:](https://github.com/ProtonMail){ .card-link title="Source Code" }
@@ -72,8 +70,6 @@ For everything else, we recommend a variety of email providers based on sustaina
 
     **Mailbox.org** is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with 2 GB of storage, which can be upgraded as needed.
 
-    **EUR €12/year**
-
     [:octicons-home-16: Homepage](https://mailbox.org){ .md-button .md-button--primary }
     [:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Privacy Policy" }
     [:octicons-info-16:](https://kb.mailbox.org/en/private){ .card-link title=Documentation}
@@ -117,8 +113,6 @@ For everything else, we recommend a variety of email providers based on sustaina
 
     **StartMail** is an email service with a focus on security and privacy through the use of standard OpenPGP encryption. StartMail has been in operation since 2014 and is based in Boulevard 11, Zeist Netherlands. Accounts start with 10GB. They offer a 30-day trial.
 
-    **USD $59.95/year**
-
     [:octicons-home-16: Homepage](https://www.startmail.com/){ .md-button .md-button--primary }
     [:octicons-eye-16:](https://www.startmail.com/en/privacy/){ .card-link title="Privacy Policy" }
     [:octicons-info-16:](https://support.startmail.com){ .card-link title=Documentation}
@@ -155,9 +149,7 @@ For everything else, we recommend a variety of email providers based on sustaina
 
     ![Tutanota logo](assets/img/email/tutanota.svg){ align=right }
 
-    **[Tutanota.com](https://tutanota.com)** is an email service with a focus on security and privacy through the use of encryption. Tutanota has been in operation since **2011** and is based in Hanover, Germany. Accounts start with 1GB storage with their free plan.
-
-    **Free**
+    **Tutanota** is an email service with a focus on security and privacy through the use of encryption. Tutanota has been in operation since **2011** and is based in Hanover, Germany. Accounts start with 1GB storage with their free plan.
 
     [:octicons-home-16: Homepage](https://tutanota.com){ .md-button .md-button--primary }
     [:octicons-eye-16:](https://tutanota.com/privacy){ .card-link title="Privacy Policy" }
@@ -227,10 +219,11 @@ Using an aliasing service requires trusting both your email provider and your al
     ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ align=right }
     ![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ align=right }
 
-    **[AnonAddy](https://anonaddy.com)** lets you create 20 domain aliases on a shared domain for free, or unlimited "standard" aliases which are less anonymous. It has two premium plans at $12/year and $36/year which provide additional features. [Source code on GitHub](https://github.com/anonaddy/anonaddy).
+    **AnonAddy** lets you create 20 domain aliases on a shared domain for free, or unlimited "standard" aliases which are less anonymous.
 
     [:octicons-home-16: Homepage](https://anonaddy.com){ .md-button .md-button--primary }
     [:octicons-eye-16:](https://anonaddy.com/privacy/){ .card-link title="Privacy Policy" }
+    [:octicons-info-16:](https://app.anonaddy.com/docs/){ .card-link title=Documentation}
     [:octicons-code-16:](https://github.com/anonaddy){ .card-link title="Source Code" }
     [:octicons-heart-16:](https://anonaddy.com/donate/){ .card-link title=Contribute }
 
@@ -256,7 +249,7 @@ Notable free features:
 
     ![Simplelogin logo](assets/img/email/simplelogin.svg){ align=right }
 
-    **[SimpleLogin](https://simplelogin.io)** is a free service which provides email aliases on a variety of shared domain names, and optionally provides features like unlimited aliases and custom domains for $30/year. [Source code on GitHub](https://github.com/simple-login/app).
+    **SimpleLogin** is a free service which provides email aliases on a variety of shared domain names, and optionally provides paid features like unlimited aliases and custom domains.
 
     [:octicons-home-16: Homepage](https://simplelogin.io){ .md-button .md-button--primary }
     [:octicons-eye-16:](https://simplelogin.io/privacy/){ .card-link title="Privacy Policy" }

docs/encryption.en.md

@@ -300,7 +300,7 @@ When encrypting with PGP, you have the option to configure different options in
 
     ![GPG Suite logo](assets/img/encryption-software/gpgsuite.png){ align=right }
 
-    **GPG Suite** provides OpenPGP support for [Apple Mail](email-clients.md#apple-mail) and macOS. GPG Mail costs $24€ yearly for their support plan and includes a 30-day trial. For more details see the [FAQ](https://gpgtools.org/faq).
+    **GPG Suite** provides OpenPGP support for [Apple Mail](email-clients.md#apple-mail) and macOS.
 
     We recommend taking a look at their [First steps](https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email) and [Knowledge base](https://gpgtools.tenderapp.com/kb) for support.
 

docs/file-sharing.en.md

@@ -15,7 +15,7 @@ Discover how to privately share your files between your devices, with your frien
     **OnionShare** is an open-source tool that lets you securely and anonymously share a file of any size. It works by starting a web server accessible as a Tor onion service, with an unguessable URL that you can share with the recipients to download or send files.
 
     [:octicons-home-16: Homepage](https://onionshare.org){ .md-button .md-button--primary }
-    [:simple-torproject:](http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion){ .card-link title=Onion }
+    [:simple-torbrowser:](http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion){ .card-link title="Onion Service" }
     [:octicons-info-16:](https://docs.onionshare.org/){ .card-link title=Documentation}
     [:octicons-code-16:](https://github.com/onionshare/onionshare){ .card-link title="Source Code" }
 

docs/frontends.en.md

@@ -0,0 +1,176 @@
+---
+title: "Frontends"
+icon: material/flip-to-front
+---
+
+Sometimes services will try to force you to sign up for an account by blocking access to content with annoying popups. They might also break without JavaScript enabled. These frontends can allow you to get around these restrictions.
+
+## LBRY
+
+### Librarian
+
+!!! recommendation
+
+    ![Librarian logo](assets/img/frontends/librarian.svg#only-light){ align=right }
+    ![Librarian logo](assets/img/frontends/librarian-dark.svg#only-dark){ align=right }
+
+    **Librarian** is a free and open-source frontend for [Odysee](https://odysee.com/) (LBRY) that is also self-hostable.
+    
+    There are a number of public instances, with some instances having [Tor](https://www.torproject.org) onion services support.
+
+    [:octicons-repo-16: Repository](https://codeberg.org/librarian/librarian){ .md-button .md-button--primary }
+    [:octicons-server-16:](https://librarian.codeberg.page/){ .card-link title="Public Instances"}
+    [:octicons-info-16:](https://codeberg.org/librarian/librarian/wiki){ .card-link title=Documentation}
+    [:octicons-code-16:](https://codeberg.org/librarian/librarian){ .card-link title="Source Code" }
+
+!!! warning
+
+    Librarian does not proxy video streams by default. Videos watched through Librarian will still make direct connections to Odysee's servers (e.g. `odycdn.com`); however, some instances may enable proxying which would be detailed in the instance's privacy policy.
+
+!!! tip
+
+    Librarian is useful if you want watch LBRY content on mobile without mandatory telemetry and if you want to disable JavaScript in your browser, as is the case with [Tor Browser](https://www.torproject.org/) on the Safest security level.
+
+When self-hosting, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting Librarian, as other peoples' usage will be linked to your hosting.
+
+When you are using a Librarian instance, make sure to read the privacy policy of that specific instance. Librarian instances can be modified by their owners and therefore may not reflect the default policy. Librarian instances feature a "privacy nutrition label" to provide an overview of their policy. Some instances have Tor .onion addresses which may grant some privacy as long as your search queries don't contain PII (Personally Identifiable Information).
+
+## Twitter
+
+### Nitter
+
+!!! recommendation
+
+    ![Nitter logo](assets/img/frontends/nitter.svg){ align=right }
+
+    **Nitter** is a free and open-source frontend for [Twitter](https://twitter.com) that is also self-hostable.
+
+    There are a number of public instances, with some instances having [Tor](https://www.torproject.org) onion services support.
+
+    [:octicons-repo-16: Repository](https://github.com/zedeus/nitter){ .md-button .md-button--primary }
+    [:octicons-server-16:](https://github.com/zedeus/nitter/wiki/Instances){ .card-link title="Public Instances"}
+    [:octicons-info-16:](https://github.com/zedeus/nitter/wiki){ .card-link title=Documentation}
+    [:octicons-code-16:](https://github.com/zedeus/nitter){ .card-link title="Source Code" }
+    [:octicons-heart-16:](https://github.com/zedeus/nitter#nitter){ .card-link title=Contribute }
+
+!!! tip
+
+    Nitter is useful if you want to browser Twitter content without having to log in and if you want to disable JavaScript in your browser, as is the case with [Tor Browser](https://www.torproject.org/) on the Safest security level. It also allows you to [create RSS feeds for Twitter](news-aggregators.md#twitter).
+
+When self-hosting, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting Nitter, as other peoples' usage will be linked to your hosting.
+
+When you are using a Nitter instance, make sure to read the privacy policy of that specific instance. Nitter instances can be modified by their owners and therefore may not reflect the default policy. Some instances have Tor .onion addresses which may grant some privacy as long as your search queries don't contain PII (Personally Identifiable Information).
+
+## YouTube
+
+### FreeTube
+
+!!! recommendation
+
+    ![FreeTube logo](assets/img/frontends/freetube.svg){ align=right }
+
+    **FreeTube** is a free and open-source desktop application for [YouTube](https://youtube.com). When using FreeTube, your subscription list and playlists are saved locally on your device.
+
+    By default, FreeTube blocks all YouTube advertisements. In addition, FreeTube optionally integrates with [SponsorBlock](https://sponsor.ajay.app) to help you skip sponsored video segments.
+
+    [:octicons-home-16: Homepage](https://freetubeapp.io){ .md-button .md-button--primary }
+    [:octicons-eye-16:](https://freetubeapp.io/privacy.php){ .card-link title="Privacy Policy" }
+    [:octicons-info-16:](https://docs.freetubeapp.io/){ .card-link title=Documentation}
+    [:octicons-code-16:](https://github.com/FreeTubeApp/FreeTube){ .card-link title="Source Code" }
+    [:octicons-heart-16:](https://liberapay.com/FreeTube){ .card-link title=Contribute }
+
+    ??? downloads
+
+        - [:simple-windows11: Windows](https://freetubeapp.io/#download)
+        - [:simple-apple: macOS](https://freetubeapp.io/#download)
+        - [:simple-linux: Linux](https://freetubeapp.io/#download)
+        - [:simple-flathub: Flatpak](https://flathub.org/apps/details/io.freetubeapp.FreeTube)
+
+!!! Warning
+
+    When using FreeTube, your IP address may still be known to YouTube, [Invidious](https://instances.invidious.io) or [SponsorBlock](https://sponsor.ajay.app/) depending on your configuration. Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org) if your [threat model](basics/threat-modeling.md) requires hiding your IP address.
+
+
+### NewPipe (Android)
+
+!!! recommendation annotate
+
+    ![Newpipe logo](assets/img/frontends/newpipe.svg){ align=right }
+
+    **NewPipe** is a free and open-source Android application for [YouTube](https://youtube.com), [SoundCloud](https://soundcloud.com), [media.ccc.de](https://media.ccc.de), [Bandcamp](https://bandcamp.com), and [PeerTube](https://joinpeertube.org/) (1).
+
+    Your subscription list and playlists are saved locally on your Android device.
+
+    [:octicons-home-16: Homepage](https://newpipe.net){ .md-button .md-button--primary }
+    [:octicons-eye-16:](https://newpipe.net/legal/privacy){ .card-link title="Privacy Policy" }
+    [:octicons-info-16:](https://teamnewpipe.github.io/documentation/){ .card-link title=Documentation}
+    [:octicons-code-16:](https://github.com/TeamNewPipe/NewPipe){ .card-link title="Source Code" }
+    [:octicons-heart-16:](https://newpipe.net/donate/){ .card-link title=Contribute }
+
+    ??? downloads
+
+        - [:simple-fdroid: F-Droid](https://newpipe.net/FAQ/tutorials/install-add-fdroid-repo)
+        - [:simple-github: GitHub](https://github.com/TeamNewPipe/NewPipe/releases)
+
+1. The default instance is [FramaTube](https://framatube.org/), however more can be added via **Settings** → **Content** → **PeerTube instances**
+
+!!! note
+
+    NewPipe is available on the main [F-Droid](https://www.f-droid.org)'s repository. We recommend that you use NewPipe's own [F-Droid repository](https://newpipe.net/FAQ/tutorials/install-add-fdroid-repo) instead to get faster updates.
+
+!!! Warning
+    
+    When using NewPipe, your IP address will be visible to the video providers used. Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org) if your [threat model](basics/threat-modeling.md) requires hiding your IP address.
+
+### Invidious
+
+!!! recommendation
+
+    ![Invidious logo](assets/img/frontends/invidious.svg#only-light){ align=right }
+    ![Invidious logo](assets/img/frontends/invidious-dark.svg#only-dark){ align=right }
+
+    **Invidious** is a free and open-source frontend for [YouTube](https://youtube.com) that is also self-hostable.
+
+    There are a number of public instances, with some instances having [Tor](https://www.torproject.org) onion services support.
+
+    [:octicons-home-16: Homepage](https://invidious.io){ .md-button .md-button--primary }
+    [:octicons-server-16:](https://instances.invidious.io){ .card-link title="Public Instances"}
+    [:octicons-info-16:](https://docs.invidious.io/){ .card-link title=Documentation}
+    [:octicons-code-16:](https://github.com/iv-org/invidious){ .card-link title="Source Code" }
+    [:octicons-heart-16:](https://invidious.io/donate/){ .card-link title=Contribute }
+
+!!! warning
+
+    Invidious does not proxy video streams by default. Videos watched through Invidious will still make direct connections to Google's servers (e.g. `googlevideo.com`); however, some instances support video proxying—simply enable *Proxy videos* within the instances' settings or add `&local=true` to the URL.
+
+!!! tip
+
+    Invidious is useful if you want to disable JavaScript in your browser, such as [Tor Browser](https://www.torproject.org/) on the Safest security level. It does not provide privacy by itself, and we don’t recommend logging into any accounts.
+
+When self-hosting, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting Invidious, as other peoples' usage will be linked to your hosting.
+
+When you are using an Invidious instance, make sure to read the privacy policy of that specific instance. Invidious instances can be modified by their owners and therefore may not reflect their associated privacy policy. Some instances have Tor .onion addresses which may grant some privacy as long as your search queries don't contain PII (Personally Identifiable Information).
+
+### Piped
+
+!!! recommendation
+
+    ![Piped logo](assets/img/frontends/piped.svg){ align=right }
+
+    **Piped** is a free and open-source frontend for [YouTube](https://youtube.com) that is also self-hostable.
+
+    Piped requires JavaScript in order to function and there are a number of public instances.
+
+    [:octicons-repo-16: Repository](https://github.com/TeamPiped/Piped){ .md-button .md-button--primary }
+    [:octicons-server-16:](https://piped.kavin.rocks/preferences#ddlInstanceSelection){ .card-link title="Public Instances"}
+    [:octicons-info-16:](https://piped-docs.kavin.rocks/){ .card-link title=Documentation}
+    [:octicons-code-16:](https://github.com/TeamPiped/Piped){ .card-link title="Source Code" }
+    [:octicons-heart-16:](https://github.com/TeamPiped/Piped#donations){ .card-link title=Contribute }
+
+!!! tip
+
+    Piped is useful if you want to use [SponsorBlock](https://sponsor.ajay.app) without installing an extension or to access age-restricted content without an account. It does not provide privacy by itself, and we don’t recommend logging into any accounts.
+
+When self-hosting, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting Piped, as other peoples' usage will be linked to your hosting.
+
+When you are using a Piped instance, make sure to read the privacy policy of that specific instance. Piped instances can be modified by their owners and therefore may not reflect their associated privacy policy.

docs/index.en.md

@@ -32,29 +32,19 @@ Trying to protect all your data from everyone all the time is impractical, expen
 </div>
 </div>
 
-<div style="padding-top:5em;max-width:960px;margin:auto;text-align:center;" markdown>
+<div style="padding:3em;max-width:960px;margin:auto;text-align:center;" markdown>
 ## We need you! Here's how to get involved
 
 It's important for a website like Privacy Guides to always stay up-to-date. We need our audience to keep an eye on software updates for the applications listed on our site and follow recent news about providers that we recommend. It's hard to keep up with the fast pace of the internet, but we try our best. If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know.
-</div>
+
 <div class="grid cards" style="margin:auto;max-width:800px;text-align:center;" markdown>
 
 - [:simple-reddit: Join the r/PrivacyGuides Subreddit](https://www.reddit.com/r/privacyguides)
 - [:simple-mastodon: Follow us on Mastodon](https://mastodon.social/@privacyguides){ rel=me }
 - [:material-book-edit: Contribute to this website](https://github.com/privacyguides/privacyguides.org)
 - [:simple-matrix: Chat with us on Matrix](https://matrix.to/#/#privacyguides:matrix.org)
-
-</div>
-<div style="padding:3em;text-align:center;" markdown>
-## About Privacy Guides
-
-**Privacy Guides** is a non-profit, socially motivated website that provides information for protecting your data security and privacy.
-
-We do not make money from recommending certain products, and we do not use affiliate links.
-<div class="grid cards" style="margin:auto;max-width:800px;text-align:center;" markdown>
-
-- [:material-information-outline: Learn More About Us](about/)
-- [:material-hand-coin-outline: Donation Info & Project Backers](about/donate/)
+- [:material-information-outline: Learn More About Us](about.md)
+- [:material-hand-coin-outline: Support the Project](about/donate.md)
 
 </div>
 </div>

docs/linux-desktop.en.md

@@ -110,7 +110,7 @@ Nix is a source-based package manager; if there’s no pre-built available in th
 
     ![Whonix logo](assets/img/linux-desktop/whonix.svg){ align=right }
 
-    **Whonix** is based on [Kicksecure](https://www.whonix.org/wiki/Kicksecure), a security-focused fork of Debian. It aims to provide privacy, security, and anonymity on the internet.
+    **Whonix** is based on [Kicksecure](https://www.whonix.org/wiki/Kicksecure), a security-focused fork of Debian. It aims to provide privacy, security, and anonymity on the internet. Whonix is best used in conjunction with [Qubes OS](qubes.md).
 
     [:octicons-home-16: Homepage](https://www.whonix.org/){ .md-button .md-button--primary }
     [:octicons-info-16:](https://www.whonix.org/wiki/Documentation){ .card-link title=Documentation}
@@ -130,14 +130,14 @@ Whonix is best used [in conjunction with Qubes](https://www.whonix.org/wiki/Qube
 
     ![Tails logo](assets/img/linux-desktop/tails.svg){ align=right }
 
-    **Tails** is a live operating system based on Debian that routes all communications through Tor.
-
-    It can boot on almost any computer from a DVD, USB stick, or SD card. It aims to preserve privacy and anonymity while circumventing censorship and leaving no trace of itself on the computer it is used on.
+    **Tails** is a live operating system based on Debian that routes all communications through Tor, which can boot on on almost any computer from a DVD, USB stick, or SD card installation. It uses [Tor](tor.md) to preserve privacy and anonymity while circumventing censorship, and it leaves no trace of itself on the computer it is used on after it is powered off.
 
     [:octicons-home-16: Homepage](https://tails.boum.org/){ .md-button .md-button--primary }
     [:octicons-info-16:](https://tails.boum.org/doc/index.en.html){ .card-link title=Documentation}
     [:octicons-heart-16:](https://tails.boum.org/donate/){ .card-link title=Contribute }
 
-By design, Tails is meant to completely reset itself after each reboot. Encrypted [persistent storage](https://tails.boum.org/doc/first_steps/persistence/index.en.html) can be configured to store some data.
-
 Tails is great for counter forensics due to amnesia (meaning nothing is written to the disk); however, it is not a hardened distribution like Whonix. It lacks many anonymity and security features that Whonix has and gets updated much less often (only once every six weeks). A Tails system that is compromised by malware may potentially bypass the transparent proxy allowing for the user to be deanonymized.
+
+Tails also installs uBlock Origin in Tor Browser by default, which potentially makes it easier for adversaries to fingerprint Tails users, and increases the attack surface of the browser. For all of these reasons, if your only goal is to browse the internet anonymously, Tails is not as good of a choice as using [Whonix](linux-desktop.md/#whonix) with [Qubes OS](qubes.md), which is much more secure and leakproof. If your goal is to use a computer without leaving any trace afterwards, Tails may be a good solution for you.
+
+By design, Tails is meant to completely reset itself after each reboot. Encrypted [persistent storage](https://tails.boum.org/doc/first_steps/persistence/index.en.html) can be configured to store some data between reboots.

docs/mobile-browsers.en.md

@@ -1,34 +1,13 @@
 ---
 title: "Mobile Browsers"
-icon: octicons/device-mobile-16
+icon: material/cellphone-information
 ---
-These are our currently recommended mobile web browsers and configurations. In general, we recommend keeping extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation.
+These are our currently recommended mobile web browsers and configurations for standard/non-anonymous internet browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation.
 
 ## Android
 
 On Android, Firefox is still less secure than Chromium-based alternatives: Mozilla's engine, [GeckoView](https://mozilla.github.io/geckoview/), has yet to support [site isolation](https://hacks.mozilla.org/2021/05/introducing-firefox-new-site-isolation-security-architecture) or enable [isolatedProcess](https://bugzilla.mozilla.org/show_bug.cgi?id=1565196).
 
-### Tor Browser
-
-!!! recommendation
-
-    ![Tor Browser logo](assets/img/browsers/tor.svg){ align=right }
-
-    **Tor Browser** is the choice if you need anonymity, as it provides you with access to the Tor Bridges and [Tor Network](https://en.wikipedia.org/wiki/Tor_(network)), along with settings and extensions that are automatically configured by the default security levels: *Standard*, *Safer* and *Safest*.
-
-    The Tor Browser is designed to prevent fingerprinting, or identifying you based on your browser configuration. Therefore, it is imperative that you do **not** modify the browser beyond the default [security levels](https://tb-manual.torproject.org/security-settings/).
-
-    [:octicons-home-16: Homepage](https://www.torproject.org){ .md-button .md-button--primary }
-    [:simple-torproject:](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion){ .card-link title=Onion }
-    [:octicons-info-16:](https://tb-manual.torproject.org/mobile-tor/){ .card-link title=Documentation }
-    [:octicons-code-16:](https://gitlab.torproject.org/tpo/applications/fenix){ .card-link title="Source Code" }
-    [:octicons-heart-16:](https://donate.torproject.org/){ .card-link title=Contribute }
-
-    ??? downloads
-
-        - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.torproject.torbrowser)
-        - [:simple-fdroid: F-Droid](https://guardianproject.info/fdroid/)
-
 ### Brave
 
 !!! recommendation
@@ -40,7 +19,7 @@ On Android, Firefox is still less secure than Chromium-based alternatives: Mozil
     Brave is built upon the Chromium web browser project, so it should feel familiar and have minimal website compatibility issues.
 
     [:octicons-home-16: Homepage](https://brave.com/){ .md-button .md-button--primary }
-    [:simple-torproject:](https://brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title=Onion }
+    [:simple-torbrowser:](https://brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title="Onion Service" }
     [:octicons-eye-16:](https://brave.com/privacy/browser/){ .card-link title="Privacy Policy" }
     [:octicons-info-16:](https://support.brave.com/){ .card-link title=Documentation}
     [:octicons-code-16:](https://github.com/brave/brave-browser){ .card-link title="Source Code" }
@@ -51,7 +30,7 @@ On Android, Firefox is still less secure than Chromium-based alternatives: Mozil
 
 #### Recommended Configuration
 
-Tor Browser is the only way to truly browse the internet anonymously. When you use Brave, we recommend changing the following settings to protect your privacy from certain parties, but all browsers other than the [Tor Browser](#tor-browser) will be traceable by *somebody* in some regard or another.
+Tor Browser is the only way to truly browse the internet anonymously. When you use Brave, we recommend changing the following settings to protect your privacy from certain parties, but all browsers other than the [Tor Browser](tor.md#tor-browser) will be traceable by *somebody* in some regard or another.
 
 These options can be found in :material-menu: → **Settings** → **Brave Shields & privacy**
 

docs/multi-factor-authentication.en.md

@@ -65,7 +65,7 @@ Nitrokey's firmware is open-source, unlike the YubiKey. The firmware on modern N
 
 Authenticator Apps implement a security standard adopted by the Internet Engineering Task Force (IETF) called **Time-based One-time Passwords**, or **TOTP**. This is a method where websites share a secret with you which is used by your authenticator app to generate a six (usually) digit code based on the current time, which you enter while logging in for the website to check. Typically these codes are regenerated every 30 seconds, and once a new code is generated the old one becomes useless. Even if a hacker gets one six-digit code, there is no way for them to reverse that code to get the original secret or otherwise be able to predict what any future codes might be.
 
-We highly recommend that you use mobile TOTP apps instead of desktop alternatives as Android and IOS have better security and app isolation than most desktop operating systems.
+We highly recommend that you use mobile TOTP apps instead of desktop alternatives as Android and iOS have better security and app isolation than most desktop operating systems.
 
 ### Aegis Authenticator
 

docs/news-aggregators.en.md

@@ -1,6 +1,6 @@
 ---
 title: "News Aggregators"
-icon: octicons/rss-24
+icon: material/rss
 ---
 
 A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favourite blogs and news sites.
@@ -48,7 +48,7 @@ A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to k
 
     ![Fluent Reader logo](assets/img/news-aggregators/fluent-reader.svg){ align=right }
 
-    **Fluent Reader** is a secure cross-platform news aggregator that has useful privacy features such as deletion of cookies on exit, strict [content security policies (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) and proxy support, meaning you can use it over [Tor](self-contained-networks.md#tor).
+    **Fluent Reader** is a secure cross-platform news aggregator that has useful privacy features such as deletion of cookies on exit, strict [content security policies (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) and proxy support, meaning you can use it over [Tor](tor.md).
 
     [:octicons-home-16: Homepage](https://hyliu.me/fluent-reader){ .md-button .md-button--primary }
     [:octicons-eye-16:](https://github.com/yang991178/fluent-reader/wiki/Privacy){ .card-link title="Privacy Policy" }

docs/notebooks.en.md

@@ -15,7 +15,7 @@ If you are currently using an application like Evernote, Google Keep, or Microso
 
     ![EteSync Notes logo](assets/img/notebooks/etesync-notes.png){ align=right }
 
-    **EteSync Notes** is a secure, end-to-end encrypted, and privacy-respecting note taking app. EteSync also offers optional software as a service for [$24 per year](https://dashboard.etebase.com/user/partner/pricing/), or you can host the server yourself for free.
+    **EteSync Notes** is a secure, end-to-end encrypted, and privacy-respecting note taking app. EteSync also offers optional [software as a service](https://dashboard.etebase.com/user/partner/pricing/), or you can host the server yourself for free.
 
     [etebase](https://docs.etebase.com), which is the foundation of EteSync, can also be used by other apps as a backend to store data end-to-end encrypted (E2EE).
 
@@ -64,7 +64,7 @@ Joplin does not support password/pin protection for the [application itself or i
 
     ![Standard Notes logo](assets/img/notebooks/standard-notes.svg){ align=right }
 
-    Standard Notes is a simple and private notes app that makes your notes easy and available everywhere you are. It features E2EE on every platform, and a powerful desktop experience with themes and custom editors. It has also been [independently audited (PDF)](https://s3.amazonaws.com/standard-notes/security/Report-SN-Audit.pdf).
+    **Standard Notes** is a simple and private notes app that makes your notes easy and available everywhere you are. It features E2EE on every platform, and a powerful desktop experience with themes and custom editors. It has also been [independently audited (PDF)](https://s3.amazonaws.com/standard-notes/security/Report-SN-Audit.pdf).
 
     [:octicons-home-16: Homepage](https://standardnotes.com){ .md-button .md-button--primary }
     [:octicons-eye-16:](https://standardnotes.com/privacy){ .card-link title="Privacy Policy" }
@@ -90,7 +90,7 @@ Joplin does not support password/pin protection for the [application itself or i
 
     ![Org-mode logo](assets/img/notebooks/org-mode.svg){ align=right }
 
-    **Org-mode** is a [major mode](https://www.gnu.org/software/emacs/manual/html_node/elisp/Major-Modes.html) for GNU Emacs. Org-mode is for keeping notes, maintaining TODO lists, planning projects, and authoring documents with a fast and effective plain-text system. Synchronization is possible with [file synchronization](/file-sharing/#file-sync) tools.
+    **Org-mode** is a [major mode](https://www.gnu.org/software/emacs/manual/html_node/elisp/Major-Modes.html) for GNU Emacs. Org-mode is for keeping notes, maintaining TODO lists, planning projects, and authoring documents with a fast and effective plain-text system. Synchronization is possible with [file synchronization](file-sharing.md#file-sync) tools.
 
     [:octicons-home-16: Homepage](https://orgmode.org){ .md-button .md-button--primary }
     [:octicons-info-16:](https://orgmode.org/manuals.html){ .card-link title=Documentation}

docs/passwords.en.md

@@ -138,6 +138,27 @@ KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-se
         - [:simple-fdroid: F-Droid](https://www.f-droid.org/packages/com.kunzisoft.keepass.libre)
         - [:simple-github: GitHub](https://github.com/Kunzisoft/KeePassDX/releases)
 
+### Strongbox (iOS & macOS)
+
+!!! recommendation
+
+    ![Strongbox logo](assets/img/password-management/strongbox.svg){ align=right }
+
+    **Strongbox** is an open-source password manager for iOS and macOS that supports KeePass and Password Safe formats. It offers a [premium version](https://strongboxsafe.com/pricing/) with more features such as TouchID and FaceID unlocking.
+
+    [:octicons-home-16: Homepage](https://strongboxsafe.com){ .md-button .md-button--primary }
+    [:octicons-eye-16:](https://strongboxsafe.com/privacy/){ .card-link title="Privacy Policy" }
+    [:octicons-info-16:](https://strongboxsafe.com/getting-started/){ .card-link title=Documentation}
+    [:octicons-code-16:](https://github.com/strongbox-password-safe/Strongbox){ .card-link title="Source Code" }
+    [:octicons-heart-16:](https://github.com/strongbox-password-safe/Strongbox#supporting-development){ .card-link title=Contribute }
+
+    ??? downloads
+
+        - [:simple-apple: Mac App Store](https://apps.apple.com/app/strongbox-keepass-pwsafe/id897283731)
+        - [:simple-appstore: App Store](https://apps.apple.com/app/strongbox-keepass-pwsafe/id897283731)
+
+There is also an offline-only version available called [Strongbox Zero](https://apps.apple.com/us/app/strongbox-keepass-pwsafe/id1581589638) if you don't need syncing; this version is stripped down so it has less attack surface.
+
 ## Command-line
 
 These products are minimal password managers that can be used within scripting applications.
@@ -160,4 +181,4 @@ These products are minimal password managers that can be used within scripting a
         - [:simple-windows11: Windows](https://www.gopass.pw/#install-windows)
         - [:simple-apple: macOS](https://www.gopass.pw/#install-macos)
         - [:simple-linux: Linux](https://www.gopass.pw/#install-linux)
-        - [:simple-freebsd: FreeBSD](https://www.gopass.pw/#install-bsd)
+        - [:simple-freebsd: FreeBSD](https://www.gopass.pw/#install-bsd)

docs/productivity.en.md

@@ -74,10 +74,6 @@ For other platforms, consider below:
 
 ## Paste services
 
-!!! warning
-
-    Encrypted Pastebin websites like the ones recommended here use JavaScript to handle encryption, so you must trust the provider to the extent that they do not inject any malicious JavaScript to get your private key. Consider self-hosting to mitigate this threat.
-
 ### PrivateBin
 
 !!! recommendation

docs/qubes.en.md

@@ -9,7 +9,7 @@ icon: simple/qubesos
     **Qubes OS** is an open-source operating system designed to provide strong security for desktop computing. Qubes is based on Xen, the X Window System, and Linux, and can run most Linux applications and use most of the Linux drivers.
 
     [:octicons-home-16: Homepage](https://www.qubes-os.org/){ .md-button .md-button--primary }
-    [:simple-torproject:](http://qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion){ .card-link title=Onion }
+    [:simple-torbrowser:](http://qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion){ .card-link title="Onion Service" }
     [:octicons-eye-16:](https://www.qubes-os.org/privacy/){ .card-link title="Privacy Policy" }
     [:octicons-info-16:](https://www.qubes-os.org/doc/){ .card-link title=Documentation}
     [:octicons-heart-16:](https://www.qubes-os.org/donate/){ .card-link title=Contribute }

docs/real-time-communication.en.md

@@ -2,6 +2,11 @@
 title: "Real-Time Communication"
 icon: material/chat-processing
 ---
+
+These are our recommendations for encrypted real-time communication.
+
+[Types of Communication Networks :material-arrow-right-drop-circle:](./real-time-communication/communication-network-types.md)
+
 ## Cross-Platform Messengers
 
 ### Signal
@@ -34,7 +39,7 @@ The protocol was independently [audited](https://eprint.iacr.org/2016/1013.pdf)
 
 We have some additional tips on configuring and hardening your Signal installation:
 
-[Signal Configuration and Hardening :material-arrow-right-drop-circle:](./advanced/signal-configuration-hardening.md)
+[Signal Configuration and Hardening :material-arrow-right-drop-circle:](./real-time-communication/signal-configuration-hardening.md)
 
 ### Element
 
@@ -65,8 +70,6 @@ Profile pictures, reactions, and nicknames are not encrypted.
 
 Group voice and video calls are [not](https://github.com/vector-im/element-web/issues/12878) E2EE, and use Jitsi, but this is expected to change with [Native Group VoIP Signalling](https://github.com/matrix-org/matrix-doc/pull/3401). Group calls have [no authentication](https://github.com/vector-im/element-web/issues/13074) currently, meaning that non-room participants can also join the calls. We recommend that you do not use this feature for private meetings.
 
-When using [element-web](https://github.com/vector-im/element-web), you must trust the server hosting the Element client. If your [threat model](basics/threat-modeling.md) requires stronger protection, then use a desktop or mobile client instead.
-
 The protocol was independently [audited](https://matrix.org/blog/2016/11/21/matrixs-olm-end-to-end-encryption-security-assessment-released-and-implemented-cross-platform-on-riot-at-last) in 2016. The specification for the Matrix protocol can be found in their [documentation](https://spec.matrix.org/latest/). The [Olm](https://matrix.org/docs/projects/other/olm) cryptographic ratchet used by Matrix is an implementation of Signal’s [Double Ratchet algorithm](https://signal.org/docs/specifications/doubleratchet/).
 
 ### Session
@@ -129,102 +132,4 @@ The client software was independently [audited](https://briarproject.org/news/20
 
 Briar has a fully [published specification](https://code.briarproject.org/briar/briar-spec).
 
-Briar supports perfect forward secrecy by using the Bramble [Handshake](https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BHP.md) and [Transport](https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BTP.md) protocol.
-
-## Types of Communication Networks
-
-There are several network architectures commonly used to relay messages between people. These networks can provide different privacy guarantees, which is why it's worth considering your [threat model](https://en.wikipedia.org/wiki/Threat_model) when making a decision about which app to use.
-
-### Centralized Networks
-
-![Centralized networks diagram](assets/img/layout/network-centralized.svg){ align=left }
-
-Centralized messengers are those where all participants are on the same server or network of servers controlled by the same organization.
-
-Some self-hosted messengers allow you to set up your own server. Self-hosting can provide additional privacy guarantees such as no usage logs or limited access to metadata (data about who is talking to whom). Self-hosted centralized messengers are isolated and everyone must be on the same server to communicate.
-
-**Advantages:**
-
-- New features and changes can be implemented more quickly.
-- Easier to get started with and to find contacts.
-- Most mature and stable features ecosystems, as they are easier to program in a centralized software.
-- Privacy issues may be reduced when you trust a server that you're self-hosting.
-
-**Disadvantages:**
-
-- Can include [restricted control or access](https://drewdevault.com/2018/08/08/Signal.html). This can include things like:
-- Being [forbidden from connecting third-party clients](https://github.com/LibreSignal/LibreSignal/issues/37#issuecomment-217211165) to the centralized network that might provide for greater customization or a better experience. Often defined in Terms and Conditions of usage.
-- Poor or no documentation for third-party developers.
-- The [ownership](https://web.archive.org/web/20210729191953/https://blog.privacytools.io/delisting-wire/), privacy policy, and operations of the service can change easily when a single entity controls it, potentially compromising the service later on.
-- Self-hosting requires effort and knowledge of how to set up a service.
-
-### Federated Networks
-
-![Federated networks diagram](assets/img/layout/network-decentralized.svg){ align=left }
-
-Federated messengers use multiple, independent, decentralized servers that are able to talk to each other (email is one example of a federated service). Federation allows system administrators to control their own server and still be a part of the larger communications network.
-
-When self-hosted, members of a federated server can discover and communicate with members of other servers, although some servers may choose to remain private by being non-federated (e.g., work team server).
-
-**Advantages:**
-
-- Allows for greater control over your own data when running your own server.
-- Allows you to choose who to trust your data with by choosing between multiple "public" servers.
-- Often allows for third-party clients which can provide a more native, customized, or accessible experience.
-- Server software can be verified that it matches public source code, assuming you have access to the server or you trust the person who does (e.g., a family member).
-
-**Disadvantages:**
-
-- Adding new features is more complex, because these features need to be standardized and tested to ensure they work with all servers on the network.
-- Due to the previous point, features can be lacking, or incomplete or working in unexpected ways compared to centralized platforms, such as message relay when offline or message deletion.
-- Some metadata may be available (e.g., information like "who is talking to whom," but not actual message content if E2EE is used).
-- Federated servers generally require trusting your server's administrator. They may be a hobbyist or otherwise not a "security professional," and may not serve standard documents like a privacy policy or terms of service detailing how your data is used.
-- Server administrators sometimes choose to block other servers, which are a source of unmoderated abuse or break general rules of accepted behavior. This will hinder your ability to communicate with members of those servers.
-
-### Peer-to-Peer Networks
-
-![P2P diagram](assets/img/layout/network-distributed.svg){ align=left }
-
-P2P messengers connect to a [distributed network](https://en.wikipedia.org/wiki/Distributed_networking) of nodes to relay a message to the recipient without a third-party server.
-
-Clients (peers) usually find each other through the use of a [distributed computing](https://en.wikipedia.org/wiki/Distributed_computing) network. Examples of this include [Distributed Hash Tables](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT), used by [torrents](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) and [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) for example. Another approach is proximity based networks, where a connection is established over WiFi or Bluetooth (for example, Briar or the [Scuttlebutt](https://www.scuttlebutt.nz) social network protocol).
-
-Once a peer has found a route to its contact via any of these methods, a direct connection between them is made. Although messages are usually encrypted, an observer can still deduce the location and identity of the sender and recipient.
-
-P2P networks do not use servers, as peers communicate directly between each other and hence cannot be self-hosted. However, some additional services may rely on centralized servers, such as user discovery or relaying offline messages, which can benefit from self-hosting.
-
-**Advantages:**
-
-- Minimal information is exposed to third-parties.
-- Modern P2P platforms implement E2EE by default. There are no servers that could potentially intercept and decrypt your transmissions, unlike centralized and federated models.
-
-**Disadvantages:**
-
-- Reduced feature set:
-- Messages can only be sent when both peers are online, however, your client may store messages locally to wait for the contact to return online.
-- Generally increases battery usage on mobile devices, because the client must stay connected to the distributed network to learn about who is online.
-- Some common messenger features may not be implemented or incompletely, such as message deletion.
-- Your IP address and that of the contacts you're communicating with may be exposed if you do not use the software in conjunction with a [VPN](vpn.md) or [self-contained network](self-contained-networks.md), such as [Tor](https://www.torproject.org) or [I2P](https://geti2p.net/). Many countries have some form of mass surveillance and/or metadata retention.
-
-### Anonymous Routing
-
-![Anonymous routing diagram](assets/img/layout/network-anonymous-routing.svg){ align=left }
-
-A messenger using [anonymous routing](https://doi.org/10.1007/978-1-4419-5906-5_628) hides either the identity of the sender, the receiver or evidence that they have been communicating. Ideally, a messenger should hide all three.
-
-There are [many](https://doi.org/10.1145/3182658) different ways to implement anonymous routing. One of the most famous is [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (i.e. [Tor](https://en.wikipedia.org/wiki/Tor_(anonymity_network))), which communicates encrypted messages through a virtual [overlay network](https://en.wikipedia.org/wiki/Overlay_network) that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly and only meet through a secret rendezvous node, so that there is no leak of IP addresses nor physical location. Nodes cannot decrypt messages nor the final destination; only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers."
-
-Self-hosting a node in an anonymous routing network does not provide the hoster with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
-
-**Advantages:**
-
-- Minimal to no information is exposed to other parties.
-- Messages can be relayed in a decentralized manner even if one of the parties is offline.
-
-**Disadvantages:**
-
-- Slow message propagation.
-- Often limited to fewer media types, mostly text since the network is slow.
-- Less reliable if nodes are selected by randomized routing, some nodes may be very far from the sender and receiver, adding latency or even failing to transmit messages if one of the nodes goes offline.
-- More complex to get started as the creation and secured backup of a cryptographic private key is required.
-- Just like other decentralized platforms, adding features is more complex for developers than on a centralized platform, hence features may be lacking or incompletely implemented, such as offline message relaying or message deletion.
+Briar supports perfect forward secrecy by using the Bramble [Handshake](https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BHP.md) and [Transport](https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BTP.md) protocol.

docs/real-time-communication/communication-network-types.en.md

@@ -0,0 +1,102 @@
+---
+title: "Types of Communication Networks"
+icon: 'material/transit-connection-variant'
+---
+
+There are several network architectures commonly used to relay messages between people. These networks can provide different privacy guarantees, which is why it's worth considering your [threat model](../basics/threat-modeling.md) when deciding which app to use.
+
+[Recommended Instant Messengers](../real-time-communication.md){ .md-button }
+
+## Centralized Networks
+
+![Centralized networks diagram](../assets/img/layout/network-centralized.svg){ align=left }
+
+Centralized messengers are those where all participants are on the same server or network of servers controlled by the same organization.
+
+Some self-hosted messengers allow you to set up your own server. Self-hosting can provide additional privacy guarantees, such as no usage logs or limited access to metadata (data about who is talking to whom). Self-hosted centralized messengers are isolated and everyone must be on the same server to communicate.
+
+**Advantages:**
+
+- New features and changes can be implemented more quickly.
+- Easier to get started with and to find contacts.
+- Most mature and stable features ecosystems, as they are easier to program in a centralized software.
+- Privacy issues may be reduced when you trust a server that you're self-hosting.
+
+**Disadvantages:**
+
+- Can include [restricted control or access](https://drewdevault.com/2018/08/08/Signal.html). This can include things like:
+- Being [forbidden from connecting third-party clients](https://github.com/LibreSignal/LibreSignal/issues/37#issuecomment-217211165) to the centralized network that might provide for greater customization or a better experience. Often defined in Terms and Conditions of usage.
+- Poor or no documentation for third-party developers.
+- The [ownership](https://web.archive.org/web/20210729191953/https://blog.privacytools.io/delisting-wire/), privacy policy, and operations of the service can change easily when a single entity controls it, potentially compromising the service later on.
+- Self-hosting requires effort and knowledge of how to set up a service.
+
+## Federated Networks
+
+![Federated networks diagram](../assets/img/layout/network-decentralized.svg){ align=left }
+
+Federated messengers use multiple, independent, decentralized servers that are able to talk to each other (email is one example of a federated service). Federation allows system administrators to control their own server and still be a part of the larger communications network.
+
+When self-hosted, members of a federated server can discover and communicate with members of other servers, although some servers may choose to remain private by being non-federated (e.g., work team server).
+
+**Advantages:**
+
+- Allows for greater control over your own data when running your own server.
+- Allows you to choose whom to trust your data with by choosing between multiple "public" servers.
+- Often allows for third-party clients which can provide a more native, customized, or accessible experience.
+- Server software can be verified that it matches public source code, assuming you have access to the server or you trust the person who does (e.g., a family member).
+
+**Disadvantages:**
+
+- Adding new features is more complex because these features need to be standardized and tested to ensure they work with all servers on the network.
+- Due to the previous point, features can be lacking, or incomplete or working in unexpected ways compared to centralized platforms, such as message relay when offline or message deletion.
+- Some metadata may be available (e.g., information like "who is talking to whom," but not actual message content if E2EE is used).
+- Federated servers generally require trusting your server's administrator. They may be a hobbyist or otherwise not a "security professional," and may not serve standard documents like a privacy policy or terms of service detailing how your data is used.
+- Server administrators sometimes choose to block other servers, which are a source of unmoderated abuse or break general rules of accepted behavior. This will hinder your ability to communicate with members of those servers.
+
+## Peer-to-Peer Networks
+
+![P2P diagram](../assets/img/layout/network-distributed.svg){ align=left }
+
+P2P messengers connect to a [distributed network](https://en.wikipedia.org/wiki/Distributed_networking) of nodes to relay a message to the recipient without a third-party server.
+
+Clients (peers) usually find each other through the use of a [distributed computing](https://en.wikipedia.org/wiki/Distributed_computing) network. Examples of this include [Distributed Hash Tables](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT), used by [torrents](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) and [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) for example. Another approach is proximity based networks, where a connection is established over WiFi or Bluetooth (for example, Briar or the [Scuttlebutt](https://www.scuttlebutt.nz) social network protocol).
+
+Once a peer has found a route to its contact via any of these methods, a direct connection between them is made. Although messages are usually encrypted, an observer can still deduce the location and identity of the sender and recipient.
+
+P2P networks do not use servers, as peers communicate directly between each other and hence cannot be self-hosted. However, some additional services may rely on centralized servers, such as user discovery or relaying offline messages, which can benefit from self-hosting.
+
+**Advantages:**
+
+- Minimal information is exposed to third-parties.
+- Modern P2P platforms implement E2EE by default. There are no servers that could potentially intercept and decrypt your transmissions, unlike centralized and federated models.
+
+**Disadvantages:**
+
+- Reduced feature set:
+- Messages can only be sent when both peers are online, however, your client may store messages locally to wait for the contact to return online.
+- Generally increases battery usage on mobile devices, because the client must stay connected to the distributed network to learn about who is online.
+- Some common messenger features may not be implemented or incompletely, such as message deletion.
+- Your IP address and that of the contacts you're communicating with may be exposed if you do not use the software in conjunction with a [VPN](../vpn.md) or [Tor](../tor.md). Many countries have some form of mass surveillance and/or metadata retention.
+
+## Anonymous Routing
+
+![Anonymous routing diagram](../assets/img/layout/network-anonymous-routing.svg){ align=left }
+
+A messenger using [anonymous routing](https://doi.org/10.1007/978-1-4419-5906-5_628) hides either the identity of the sender, the receiver, or evidence that they have been communicating. Ideally, a messenger should hide all three.
+
+There are [many](https://doi.org/10.1145/3182658) different ways to implement anonymous routing. One of the most famous is [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (i.e. [Tor](../basics/tor-overview.md)), which communicates encrypted messages through a virtual [overlay network](https://en.wikipedia.org/wiki/Overlay_network) that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly and only meet through a secret rendezvous node so that there is no leak of IP addresses nor physical location. Nodes cannot decrypt messages, nor the final destination; only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers."
+
+Self-hosting a node in an anonymous routing network does not provide the hoster with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
+
+**Advantages:**
+
+- Minimal to no information is exposed to other parties.
+- Messages can be relayed in a decentralized manner even if one of the parties is offline.
+
+**Disadvantages:**
+
+- Slow message propagation.
+- Often limited to fewer media types, mostly text, since the network is slow.
+- Less reliable if nodes are selected by randomized routing, some nodes may be very far from the sender and receiver, adding latency or even failing to transmit messages if one of the nodes goes offline.
+- More complex to get started, as the creation and secured backup of a cryptographic private key is required.
+- Just like other decentralized platforms, adding features is more complex for developers than on a centralized platform. Hence, features may be lacking or incompletely implemented, such as offline message relaying or message deletion.

docs/real-time-communication/signal-configuration-hardening.en.md

@@ -21,14 +21,14 @@ Additionally, your Signal PIN can also double as a registration lock that preven
 
 If you haven't set up a Signal PIN, or have previously opted out of setting one up, follow these steps on Android/iOS:
 
-- Select :material-dots-vertical: **Settings** > **Account** > **Signal PIN**
+- Select :material-dots-vertical: > **Settings** > **Account** > **Signal PIN**
 - Select **Create new PIN**
 
 Signal will prompt you to enter a PIN. We suggest using a strong alphanumeric PIN that can be stored in a [password manager](../passwords.md).
 
 Once you have done that, or if you already have set up a PIN, make sure that **Registration Lock** is also enabled.
 
-- Select :material-dots-vertical: **Settings** > **Account** > **Signal PIN**
+- Select :material-dots-vertical: > **Settings** > **Account** > **Signal PIN**
 - [x] Turn on **Registration Lock**
 
 !!! Important
@@ -75,7 +75,7 @@ It is good practice to set up disappearing messages in Signal's settings so that
 
 On Android/iOS:
 
-- Select :material-dots-vertical: **Settings** > **Privacy**
+- Select :material-dots-vertical: > **Settings** > **Privacy**
 - Under **Disappearing messages**, select **Default timer for new chats**
 - Select the desired amount of time and select **Save**
 
@@ -102,7 +102,7 @@ Your recipient doesn't make any requests unless they open the link on their end.
 
 On Android/iOS:
 
-- Select :material-dots-vertical: **Settings** > **Chats**
+- Select :material-dots-vertical: > **Settings** > **Chats**
 - [ ] Turn off **Generate link previews**
 
 ### Screen Security
@@ -111,12 +111,12 @@ Signal allows you to prevent a preview of the app being shown (i.e., in the app
 
 On Android:
 
-- Select :material-dots-vertical: **Settings** > **Privacy**
+- Select :material-dots-vertical: > **Settings** > **Privacy**
 - [x] Turn on **Screen Security**
 
 On iOS:
 
-- Select :material-dots-vertical: **Settings** > **Privacy**
+- Select :material-dots-vertical: > **Settings** > **Privacy**
 - [x] Turn on **Hide Screen in App Switcher**
 
 ### Screen Lock
@@ -127,7 +127,7 @@ To mitigate this, you can leverage the Screen Lock option to require additional
 
 On Android/iOS:
 
-- Select :material-dots-vertical: **Settings** > **Privacy**
+- Select :material-dots-vertical: > **Settings** > **Privacy**
 - [x] Turn on **Screen Lock**
 
 ### Notification Privacy
@@ -138,13 +138,13 @@ On Signal, you have the ability to hide message content and sender name, or just
 
 On Android:
 
-- Select :material-dots-vertical: **Settings** > **Notifications**
+- Select :material-dots-vertical: > **Settings** > **Notifications**
 - Select **Show**
 - Select **No name or message** or **Name only** respectively.
 
 On iOS:
 
-- Select :material-dots-vertical: **Settings** > **Notifications**
+- Select :material-dots-vertical: > **Settings** > **Notifications**
 - Select **Show**
 - Select **No name or Content** or **Name Only** respectively.
 
@@ -154,7 +154,7 @@ Signal allows you to relay all calls (including video calls) through the Signal
 
 On Android/iOS:
 
-- Select :material-dots-vertical: **Settings** > **Privacy** > **Advanced**
+- Select :material-dots-vertical: > **Settings** > **Privacy** > **Advanced**
 - [x] Turn on **Always Relay Calls**
 
 For incoming calls from people who are not in your Contacts app, the call will be relayed through the Signal server regardless of how you've set it up.
@@ -175,7 +175,7 @@ Signal allows you to see your call history from your regular phone app. This all
 
 If you use iCloud and you don’t want to share call history on Signal, confirm it’s turned off:
 
-- Select :material-dots-vertical: **Settings** > **Privacy**
+- Select :material-dots-vertical: > **Settings** > **Privacy**
 - [ ] Turn off **Show Calls in Recents**
 
 ## Signal Hardening
@@ -192,7 +192,7 @@ Signal takes security very seriously, however there is only so much an app can d
 
 It is very important to take device security on both ends into account to ensure that your conversations are kept private.
 
-We recommend an up-to-date [GrapheneOS](/android/#grapheneos) or iOS device.
+We recommend an up-to-date [GrapheneOS](../android.md#grapheneos) or iOS device.
 
 ### Molly (Android)
 
@@ -244,7 +244,7 @@ To supplement the database encryption feature, Molly securely wipes your device'
 
 While Molly is running, your data is kept in RAM. When any app closes, its data remains in RAM until another app takes the same physical memory pages. That can take seconds or days, depending on many factors. To prevent anyone from dumping the RAM to disk and extracting your data after Molly is locked, the app overrides all free RAM memory with random data when you lock the database.
 
-There is also the ability to configure a SOCKS proxy in Molly to route its traffic through the proxy or Tor (via [Orbot](../self-contained-networks.md#orbot)). When enabled, all traffic is routed through the proxy and there are no known IP or DNS leaks. When using this feature, [call relaying](#call-relaying) will always be enabled, regardless of the setting.
+There is also the ability to configure a SOCKS proxy in Molly to route its traffic through the proxy or [Tor via Orbot](../tor.md#orbot). When enabled, all traffic is routed through the proxy and there are no known IP or DNS leaks. When using this feature, [call relaying](#call-relaying) will always be enabled, regardless of the setting.
 
 Signal adds everyone who you have communicated with to its database. Molly allows you to delete those contacts and stop sharing your profile with them.
 
@@ -255,6 +255,6 @@ You can find a full list of Molly's [features](https://github.com/mollyim/mollyi
 #### Caveats
 
 - Molly does not support SMS messages within the app, unlike the official Signal app.
-- Molly removes Signal's Mobilecoin integration.
-- Molly is updated every two weeks to include the latest features and bug fixes from Signal. The exception is security issues, that are patched as soon as possible. That said, you should be aware that there might be a slight delay compared to upstream.
+- Molly removes Signal's MobileCoin integration.
+- Molly is updated every two weeks to include the latest features and bug fixes from Signal. The exception is security issues, which are patched as soon as possible. That said, you should be aware that there might be a slight delay compared to upstream.
 - By using Molly, you are extending your trust to another party, as you now need to trust the Signal team, as well as the Molly team.

docs/search-engines.en.md

@@ -21,7 +21,7 @@ Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org/) if your thr
     We recommend you disable [Anonymous usage metrics](https://search.brave.com/help/usage-metrics) as it is enabled by default and can be disabled within settings.
 
     [:octicons-home-16: Homepage](https://search.brave.com/){ .md-button .md-button--primary }
-    [:simple-torproject:](https://search.brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title=Onion }
+    [:simple-torbrowser:](https://search.brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title="Onion Service" }
     [:octicons-eye-16:](https://search.brave.com/help/privacy-policy){ .card-link title="Privacy Policy" }
     [:octicons-info-16:](https://search.brave.com/help){ .card-link title=Documentation}
 
@@ -38,7 +38,7 @@ Brave Search is based in the United States. Their [privacy policy](https://searc
     DuckDuckGo is the default search engine for the Tor Browser and is one of the few available options on Apple’s Safari browser.
 
     [:octicons-home-16: Homepage](https://duckduckgo.com){ .md-button .md-button--primary }
-    [:simple-torproject:](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion){ .card-link title=Onion }
+    [:simple-torbrowser:](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion){ .card-link title="Onion Service" }
     [:octicons-eye-16:](https://duckduckgo.com/privacy){ .card-link title="Privacy Policy" }
     [:octicons-info-16:](https://help.duckduckgo.com/){ .card-link title=Documentation}
 
@@ -71,7 +71,7 @@ When you are using a SearXNG instance, be sure to go read their privacy policy.
     ![Startpage logo](assets/img/search-engines/startpage.svg#only-light){ align=right }
     ![Startpage logo](assets/img/search-engines/startpage-dark.svg#only-dark){ align=right }
 
-    **Startpage** is a private search engine known for serving Google search results.  One of Startpage's unique features is the [Anonymous View](https://www.startpage.com/en/anonymous-view/), which puts forth efforts to standardize user activity to make it more difficult to be uniquely identified. The feature can be useful for hiding [some](https://support.startpage.com/hc/en-us/articles/4455540212116-The-Anonymous-View-Proxy-technical-details) network and browser properties. Unlike the name suggests, the feature should not be relied upon for anonymity. If you are looking for anonymity, use the [Tor Browser](desktop-browsers.md#tor-browser) instead.
+    **Startpage** is a private search engine known for serving Google search results.  One of Startpage's unique features is the [Anonymous View](https://www.startpage.com/en/anonymous-view/), which puts forth efforts to standardize user activity to make it more difficult to be uniquely identified. The feature can be useful for hiding [some](https://support.startpage.com/hc/en-us/articles/4455540212116-The-Anonymous-View-Proxy-technical-details) network and browser properties. Unlike the name suggests, the feature should not be relied upon for anonymity. If you are looking for anonymity, use the [Tor Browser](tor.md#tor-browser) instead.
 
     [:octicons-home-16: Homepage](https://www.startpage.com){ .md-button .md-button--primary }
     [:octicons-eye-16:](https://www.startpage.com/en/privacy-policy){ .card-link title="Privacy Policy" }

docs/self-contained-networks.en.md

@@ -1,109 +0,0 @@
----
-title: "Self-Contained Networks"
-icon: material/security-network
----
-These networks are designed to keep your traffic anonymous.
-
-## Freenet
-
-!!! recommendation
-
-    ![Freenet logo](assets/img/self-contained-networks/freenet.svg){ align=right }
-
-    **Freenet** is a peer-to-peer platform for censorship-resistant communication. It uses a decentralized distributed data store to keep and deliver information, and has a suite of free software for publishing and communicating on the Web without fear of censorship. Both Freenet and some of its associated tools were originally designed by Ian Clarke, who defined Freenet's goal as providing freedom of speech on the Internet with strong anonymity protection.
-
-    [:octicons-home-16: Homepage](https://freenetproject.org){ .md-button .md-button--primary }
-    [:octicons-info-16:](https://freenetproject.org/pages/documentation.html){ .card-link title=Documentation}
-    [:octicons-code-16:](https://github.com/freenet/){ .card-link title="Source Code" }
-    [:octicons-heart-16:](https://freenetproject.org/pages/donate.html){ .card-link title=Contribute }
-
-    ??? downloads
-
-        - [:simple-windows11: Windows](https://freenetproject.org/pages/download.html#windows)
-        - [:simple-apple: macOS](https://freenetproject.org/pages/download.html#os-x)
-        - [:simple-linux: Linux](https://freenetproject.org/pages/download.html#gnulinux-posix)
-        - [:simple-freebsd: FreeBSD](https://freenetproject.org/pages/download.html#gnulinux-posix)
-        - [:simple-openbsd: OpenBSD](https://freenetproject.org/pages/download.html#gnulinux-posix)
-        - [:simple-netbsd: NetBSD](https://freenetproject.org/pages/download.html#gnulinux-posix)
-
-## Invisible Internet Project
-
-!!! recommendation
-
-    ![I2P logo](assets/img/self-contained-networks/i2p.svg#only-light){ align=right }
-    ![I2P logo](assets/img/self-contained-networks/i2p-dark.svg#only-dark){ align=right }
-
-    **I2P** is a computer network layer that allows applications to send messages to each other pseudonymously and securely. Uses include anonymous Web surfing, chatting, blogging, and file transfers. The software that implements this layer is called an I2P router and a computer running I2P is called an I2P node. The software is free and open-source and is published under multiple licenses.
-
-    [:octicons-home-16: Homepage](https://geti2p.net){ .md-button .md-button--primary }
-    [:octicons-info-16:](https://geti2p.net/en/faq){ .card-link title=Documentation}
-    [:octicons-code-16:](https://geti2p.net/en/get-involved/guides/new-developers#getting-the-i2p-code){ .card-link title="Source Code" }
-    [:octicons-heart-16:](https://geti2p.net/en/get-involved){ .card-link title=Contribute }
-
-    ??? downloads
-
-        - [:simple-windows11: Windows](https://geti2p.net/en/download#windows)
-        - [:simple-apple: macOS](https://geti2p.net/en/download#mac)
-        - [:simple-linux: Linux](https://geti2p.net/en/download#unix)
-        - [:simple-freebsd: FreeBSD](https://www.freshports.org/security/i2p)
-        - [:simple-openbsd: OpenBSD](https://openports.se/net/i2pd)
-        - [:simple-netbsd: NetBSD](https://pkgsrc.se/wip/i2pd)
-        - [:simple-android: Android](https://geti2p.net/en/download#android)
-        - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=net.i2p.android)
-        - [:simple-fdroid: F-Droid](https://f-droid.org/app/net.i2p.android.router)
-
-## Tor
-
-!!! recommendation
-
-    ![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right }
-
-    The **Tor** network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. You use the Tor network by connecting through a series of virtual tunnels rather than making a direct connection to the site you're trying to visit, thus allowing both organizations and individuals to share information over public networks without compromising their privacy. Tor is an effective censorship circumvention tool.
-
-    [:octicons-home-16: Homepage](https://www.torproject.org){ .md-button .md-button--primary }
-    [:simple-torproject:](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion){ .card-link title=Onion }
-    [:octicons-info-16:](https://tb-manual.torproject.org/){ .card-link title=Documentation}
-    [:octicons-code-16:](https://gitweb.torproject.org/tor.git){ .card-link title="Source Code" }
-    [:octicons-heart-16:](https://donate.torproject.org/){ .card-link title=Contribute }
-
-    ??? downloads
-
-        - [:simple-windows11: Windows](https://www.torproject.org/download/)
-        - [:simple-apple: macOS](https://www.torproject.org/download/)
-        - [:simple-linux: Linux](https://www.torproject.org/download/)
-        - [:simple-freebsd: FreeBSD](https://www.freshports.org/security/tor)
-        - [:simple-openbsd: OpenBSD](https://openports.se/net/tor)
-        - [:simple-netbsd: NetBSD](https://pkgsrc.se/net/tor)
-        - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.torproject.torbrowser)
-        - [:simple-fdroid: F-Droid](https://support.torproject.org/tormobile/tormobile-7/)
-        - [:simple-android: Android](https://www.torproject.org/download/#android)
-
-### Orbot
-
-!!! recommendation
-
-    ![Orbot logo](assets/img/self-contained-networks/orbot.svg){ align=right }
-
-    **Orbot** is a free Tor VPN for smartphones which routes traffic from any app on your device through the Tor network.
-
-    [:octicons-home-16: Homepage](https://orbot.app/){ .md-button .md-button--primary }
-    [:octicons-eye-16:](https://orbot.app/privacy-policy){ .card-link title="Privacy Policy" }
-    [:octicons-info-16:](https://orbot.app/faqs){ .card-link title=Documentation}
-    [:octicons-code-16:](https://orbot.app/code){ .card-link title="Source Code" }
-    [:octicons-heart-16:](https://orbot.app/donate){ .card-link title=Contribute }
-
-    ??? downloads
-
-        - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.torproject.android)
-        - [:simple-fdroid: F-Droid](https://guardianproject.info/fdroid)
-        - [:simple-appstore: App Store](https://apps.apple.com/us/app/orbot/id1609461599)
-
-For resistance against traffic analysis attacks, consider enabling *Isolate Destination Address* in :material-menu: → **Settings** → **Connectivity**. This will use a completely different Tor Circuit (different middle relay and exit nodes) for every domain you connect to.
-
-!!! tip "Tips for Android"
-
-    Orbot can proxy individual apps if they support SOCKS or HTTP proxying. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN killswitch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
-
-    Orbot is often outdated on the Guardian Project's [F-Droid repository](https://guardianproject.info/fdroid) and [Google Play](https://play.google.com/store/apps/details?id=org.torproject.android), so consider downloading directly from the [GitHub repository](https://github.com/guardianproject/orbot) instead.
-
-    All versions are signed using the same signature so they should be compatible with each other.

docs/tools.en.md

@@ -11,11 +11,23 @@ If you want assistance figuring out the best privacy tools and alternative progr
 
 For more details about each project, why they were chosen, and additional tips or tricks we recommend, click the "Learn more" link in each section, or click on the recommendation itself to be taken to that specific section of the page.
 
+## Tor Network
+
+<div class="grid cards annotate" markdown>
+
+- ![Tor Browser logo](assets/img/browsers/tor.svg){ .twemoji } [Tor Browser](tor.md#tor-browser)
+- ![Orbot logo](assets/img/self-contained-networks/orbot.svg){ .twemoji } [Orbot (Smartphone Tor Proxy)](tor.md#orbot)
+- ![Snowflake logo](assets/img/browsers/snowflake.svg#only-light){ .twemoji }![Snowflake logo](assets/img/browsers/snowflake-dark.svg#only-dark){ .twemoji } [Snowflake](tor.md#snowflake) (1)
+
+</div>
+
+1. Snowflake does not increase privacy, however it allows you to easily contribute to the Tor network and help people in censored networks achieve better privacy.
+
+[Learn more :material-arrow-right-drop-circle:](tor.md)
 ## Desktop Web Browsers
 
 <div class="grid cards" markdown>
 
-- ![Tor Browser logo](assets/img/browsers/tor.svg){ .twemoji } [Tor Browser](desktop-browsers.md#tor-browser)
 - ![Firefox logo](assets/img/browsers/firefox.svg){ .twemoji } [Firefox](desktop-browsers.md#firefox)
 - ![Brave logo](assets/img/browsers/brave.svg){ .twemoji } [Brave](desktop-browsers.md#brave)
 
@@ -25,22 +37,18 @@ For more details about each project, why they were chosen, and additional tips o
 
 ### Additional Resources
 
-<div class="grid cards annotate" markdown>
+<div class="grid cards" markdown>
 
 - ![uBlock Origin logo](assets/img/browsers/ublock_origin.svg){ .twemoji } [uBlock Origin](desktop-browsers.md#ublock-origin)
-- ![Snowflake logo](assets/img/browsers/snowflake.svg#only-light){ .twemoji }![Snowflake logo](assets/img/browsers/snowflake-dark.svg#only-dark){ .twemoji } [Snowflake](desktop-browsers.md#snowflake) (1)
 
 </div>
 
-1. Snowflake does not increase privacy, however it allows you to easily contribute to the Tor network and help people in censored networks achieve better privacy.
-
 [Learn more :material-arrow-right-drop-circle:](desktop-browsers.md#additional-resources)
 
 ## Mobile Web Browsers
 
 <div class="grid cards" markdown>
 
-- ![Tor Browser logo](assets/img/browsers/tor.svg){ .twemoji } [Tor Browser (Android)](mobile-browsers.md#tor-browser)
 - ![Brave logo](assets/img/browsers/brave.svg){ .twemoji } [Brave (Android)](mobile-browsers.md#brave)
 - ![Safari logo](assets/img/browsers/safari.svg){ .twemoji } [Safari (iOS)](mobile-browsers.md#safari)
 
@@ -244,18 +252,20 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 [Learn more :material-arrow-right-drop-circle:](calendar-contacts.md)
 
-### Notebooks
+### Data and Metadata Redaction
 
 <div class="grid cards" markdown>
 
-- ![EteSync Notes logo](assets/img/notebooks/etesync-notes.png){ .twemoji } [EteSync Notes](notebooks.md#etesync-notes)
-- ![Joplin logo](assets/img/notebooks/joplin.svg){ .twemoji } [Joplin](notebooks.md#joplin)
-- ![Standard Notes logo](assets/img/notebooks/standard-notes.svg){ .twemoji } [Standard Notes](notebooks.md#standard-notes)
-- ![Org-mode logo](assets/img/notebooks/org-mode.svg){ .twemoji } [Org-mode](notebooks.md#org-mode)
+- ![ExifCleaner logo](assets/img/data-redaction/exifcleaner.svg){ .twemoji } [ExifCleaner](data-redaction.md#exifcleaner)
+- ![MAT2 logo](assets/img/data-redaction/mat2.svg){ .twemoji } [MAT2](data-redaction.md#mat2)
+- ![ExifEraser logo](assets/img/data-redaction/exiferaser.svg){ .twemoji } [ExifEraser (Android)](data-redaction.md#exiferaser-android)
+- ![Metapho logo](assets/img/data-redaction/metapho.jpg){ .twemoji } [Metapho (iOS)](data-redaction.md#metapho-ios)
+- ![PrivacyBlur logo](assets/img/data-redaction/privacyblur.svg){ .twemoji } [PrivacyBlur](data-redaction.md#privacyblur)
+- ![ExifTool logo](assets/img/data-redaction/exiftool.png){ .twemoji } [ExifTool (CLI)](data-redaction.md#exiftool)
 
 </div>
 
-[Learn more :material-arrow-right-drop-circle:](notebooks.md)
+[Learn more :material-arrow-right-drop-circle:](data-redaction.md)
 
 ### Email Clients
 
@@ -309,7 +319,7 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 [Learn more :material-arrow-right-drop-circle:](encryption.md#openpgp)
 
-### File Sharing
+### File Sharing and Sync
 
 <div class="grid cards" markdown>
 
@@ -321,20 +331,20 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 [Learn more :material-arrow-right-drop-circle:](file-sharing.md)
 
-### Data and Metadata Redaction
+### Frontends
 
 <div class="grid cards" markdown>
 
-- ![ExifCleaner logo](assets/img/data-redaction/exifcleaner.svg){ .twemoji } [ExifCleaner](data-redaction.md#exifcleaner)
-- ![MAT2 logo](assets/img/data-redaction/mat2.svg){ .twemoji } [MAT2](data-redaction.md#mat2)
-- ![ExifEraser logo](assets/img/data-redaction/exiferaser.svg){ .twemoji } [ExifEraser (Android)](data-redaction.md#exiferaser-android)
-- ![Metapho logo](assets/img/data-redaction/metapho.jpg){ .twemoji } [Metapho (iOS)](data-redaction.md#metapho-ios)
-- ![PrivacyBlur logo](assets/img/data-redaction/privacyblur.svg){ .twemoji } [PrivacyBlur](data-redaction.md#privacyblur)
-- ![ExifTool logo](assets/img/data-redaction/exiftool.png){ .twemoji } [ExifTool (CLI)](data-redaction.md#exiftool)
+- ![Librarian logo](assets/img/frontends/librarian.svg#only-light){ .twemoji }![Librarian logo](assets/img/frontends/librarian-dark.svg#only-dark){ .twemoji } [Librarian (LBRY, Web)](frontends.md#librarian)
+- ![Nitter logo](assets/img/frontends/nitter.svg){ .twemoji } [Nitter (Twitter, Web)](frontends.md#nitter)
+- ![FreeTube logo](assets/img/frontends/freetube.svg){ .twemoji } [FreeTube (YouTube, Desktop)](frontends.md#freetube)
+- ![NewPipe logo](assets/img/frontends/newpipe.svg){ .twemoji } [NewPipe (YouTube, Android)](frontends.md#newpipe-android)
+- ![Invidious logo](assets/img/frontends/invidious.svg#only-light){ .twemoji }![Invidious logo](assets/img/frontends/invidious-dark.svg#only-dark){ .twemoji } [Invidious (YouTube, Web)](frontends.md#invidious)
+- ![Piped logo](assets/img/frontends/piped.svg){ .twemoji } [Piped (YouTube, Web)](frontends.md#piped)
 
 </div>
 
-[Learn more :material-arrow-right-drop-circle:](data-redaction.md)
+[Learn more :material-arrow-right-drop-circle:](frontends.md)
 
 ### Multi-Factor Authentication Tools
 
@@ -349,6 +359,35 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 [Learn more :material-arrow-right-drop-circle:](multi-factor-authentication.md)
 
+### News Aggregators
+
+<div class="grid cards" markdown>
+
+- ![Akregator logo](assets/img/news-aggregators/akregator.svg){ .twemoji } [Akregator](news-aggregators.md#akregator)
+- ![Feeder logo](assets/img/news-aggregators/feeder.png){ .twemoji} [Feeder](news-aggregators.md#feeder)
+- ![Fluent Reader logo](assets/img/news-aggregators/fluent-reader.svg){ .twemoji } [Fluent Reader](news-aggregators.md#fluent-reader)
+- ![GNOME Feeds logo](assets/img/news-aggregators/gfeeds.svg){ .twemoji } [GNOME Feeds](news-aggregators.md#gnome-feeds)
+- ![Miniflux logo](assets/img/news-aggregators/miniflux.svg#only-light){ .twemoji }![Miniflux logo](assets/img/news-aggregators/miniflux-dark.svg#only-dark){ .twemoji } [Miniflux](news-aggregators.md#miniflux)
+- ![NetNewsWire logo](assets/img/news-aggregators/netnewswire.png){ .twemoji } [NetNewsWire](news-aggregators.md#netnewswire)
+- ![Newsboat logo](assets/img/news-aggregators/newsboat.svg){ .twemoji } [Newsboat](news-aggregators.md#newsboat)
+
+</div>
+
+[Learn more :material-arrow-right-drop-circle:](news-aggregators.md)
+
+### Notebooks
+
+<div class="grid cards" markdown>
+
+- ![EteSync Notes logo](assets/img/notebooks/etesync-notes.png){ .twemoji } [EteSync Notes](notebooks.md#etesync-notes)
+- ![Joplin logo](assets/img/notebooks/joplin.svg){ .twemoji } [Joplin](notebooks.md#joplin)
+- ![Standard Notes logo](assets/img/notebooks/standard-notes.svg){ .twemoji } [Standard Notes](notebooks.md#standard-notes)
+- ![Org-mode logo](assets/img/notebooks/org-mode.svg){ .twemoji } [Org-mode](notebooks.md#org-mode)
+
+</div>
+
+[Learn more :material-arrow-right-drop-circle:](notebooks.md)
+
 ### Password Managers
 
 <div class="grid cards" markdown>
@@ -358,6 +397,7 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 - ![Psono logo](assets/img/password-management/psono.svg){ .twemoji } [Psono](passwords.md#psono)
 - ![KeePassXC logo](assets/img/password-management/keepassxc.svg){ .twemoji } [KeePassXC](passwords.md#keepassxc)
 - ![KeePassDX logo](assets/img/password-management/keepassdx.svg){ .twemoji } [KeePassDX (Android)](passwords.md#keepassdx-android)
+- ![Strongbox logo](assets/img/password-management/strongbox.svg){ .twemoji } [Strongbox (iOS & macOS)](passwords.md#strongbox-ios-macos)
 - ![gopass logo](assets/img/password-management/gopass.svg){ .twemoji } [gopass](passwords.md#gopass)
 
 </div>
@@ -390,45 +430,11 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 [Learn more :material-arrow-right-drop-circle:](real-time-communication.md)
 
-### News Aggregators
-
-<div class="grid cards" markdown>
-
-- ![Akregator logo](assets/img/news-aggregators/akregator.svg){ .twemoji } [Akregator](news-aggregators.md#akregator)
-- ![Feeder logo](assets/img/news-aggregators/feeder.png){ .twemoji} [Feeder](news-aggregators.md#feeder)
-- ![Fluent Reader logo](assets/img/news-aggregators/fluent-reader.svg){ .twemoji } [Fluent Reader](news-aggregators.md#fluent-reader)
-- ![GNOME Feeds logo](assets/img/news-aggregators/gfeeds.svg){ .twemoji } [GNOME Feeds](news-aggregators.md#gnome-feeds)
-- ![Miniflux logo](assets/img/news-aggregators/miniflux.svg#only-light){ .twemoji }![Miniflux logo](assets/img/news-aggregators/miniflux-dark.svg#only-dark){ .twemoji } [Miniflux](news-aggregators.md#miniflux)
-- ![NetNewsWire logo](assets/img/news-aggregators/netnewswire.png){ .twemoji } [NetNewsWire](news-aggregators.md#netnewswire)
-- ![Newsboat logo](assets/img/news-aggregators/newsboat.svg){ .twemoji } [Newsboat](news-aggregators.md#newsboat)
-
-</div>
-
-[Learn more :material-arrow-right-drop-circle:](news-aggregators.md)
-
-### Self-Contained Networks
-
-<div class="grid cards" markdown>
-
-- ![Freenet logo](./assets/img/self-contained-networks/freenet.svg){ .twemoji } [Freenet](self-contained-networks.md#freenet)
-- ![I2P logo](./assets/img/self-contained-networks/i2p.svg#only-light){ .twemoji } ![I2P logo](./assets/img/self-contained-networks/i2p-dark.svg#only-dark){ .twemoji } [I2P](self-contained-networks.md#invisible-internet-project)
-- ![Tor logo](./assets/img/self-contained-networks/tor.svg){ .twemoji } [Tor](self-contained-networks.md#tor)
-- ![Orbot logo](assets/img/self-contained-networks/orbot.svg){ .twemoji } [Orbot (Smartphone Tor Proxy)](self-contained-networks.md#orbot)
-
-</div>
-
-[Learn more :material-arrow-right-drop-circle:](self-contained-networks.md)
-
 ### Video Streaming Clients
 
 <div class="grid cards" markdown>
 
-- ![FreeTube logo](assets/img/video-streaming/freetube.svg){ .twemoji } [FreeTube (YouTube, Desktop)](video-streaming.md#freetube)
 - ![LBRY logo](assets/img/video-streaming/lbry.svg){ .twemoji } [LBRY](video-streaming.md#lbry)
-- ![NewPipe logo](assets/img//video-streaming/newpipe.svg){ .twemoji } [NewPipe (YouTube, Android)](video-streaming.md#newpipe)
-- ![Invidious logo](assets/img/video-streaming/invidious.svg#only-light){ .twemoji }![Invidious logo](assets/img/video-streaming/invidious-dark.svg#only-dark){ .twemoji } [Invidious (YouTube, Web)](video-streaming.md#invidious)
-- ![Librarian logo](assets/img/video-streaming/librarian.svg#only-light){ .twemoji }![Librarian logo](assets/img/video-streaming/librarian-dark.svg#only-dark){ .twemoji } [Librarian (LBRY, Web)](video-streaming.md#librarian)
-- ![Piped logo](assets/img/video-streaming/piped.svg){ .twemoji } [Piped (YouTube, Web)](video-streaming.md#piped)
 
 </div>
 

docs/tor.en.md

@@ -0,0 +1,126 @@
+---
+title: "Tor Network"
+icon: simple/torproject
+---
+
+![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right }
+
+The **Tor** network is a group of volunteer-operated servers that allows you to connect for free and improve your privacy and security on the Internet. Individuals and organizations can also share information over the Tor network with ".onion hidden services" without compromising their privacy. Because Tor traffic is difficult to block and trace, Tor is an effective censorship circumvention tool.
+
+[:octicons-home-16:](https://www.torproject.org){ .card-link title=Homepage }
+[:simple-torbrowser:](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion){ .card-link title="Onion Service" }
+[:octicons-info-16:](https://tb-manual.torproject.org/){ .card-link title=Documentation}
+[:octicons-code-16:](https://gitweb.torproject.org/tor.git){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://donate.torproject.org/){ .card-link title=Contribute }
+
+Tor works by routing your internet traffic through those volunteer-operated servers, instead of making a direct connection to the site you're trying to visit. This obfuscates where the traffic is coming from, and no server in the connection path is able to see the full path of where the traffic is coming from and going to, meaning even the servers you are using to connect cannot break your anonymity.
+
+<figure markdown>
+  ![Tor path](assets/img/how-tor-works/tor-path.svg#only-light)
+  ![Tor path](assets/img/how-tor-works/tor-path-dark.svg#only-dark)
+  <figcaption>Tor circuit pathway - Nodes in the path can only see the servers they are directly connected to, for example the "Entry" node shown can see your IP address, and the address of the "Middle" node, but has no way to see which website you are visiting.</figcaption>
+</figure>
+
+- [More information about how Tor works :material-arrow-right-drop-circle:](basics/tor-overview.md)
+
+## Connecting to Tor
+
+There are a variety of ways to connect to the Tor network from your device, the most commonly used being the **Tor Browser**, a fork of Firefox designed for anonymous browsing for desktop computers and Android. In addition to the apps listed below, there are also operating systems designed specifically to connect to the Tor network such as [Whonix](linux-desktop.md/#whonix) on [Qubes OS](qubes.md), which provide even greater security and protections than the standard Tor Browser.
+
+### Tor Browser
+
+!!! recommendation
+
+    ![Tor Browser logo](assets/img/browsers/tor.svg){ align=right }
+
+    **Tor Browser** is the choice if you need anonymity, as it provides you with access to the Tor network and bridges, and it includes default settings and extensions that are automatically configured by the default security levels: *Standard*, *Safer* and *Safest*.
+
+    [:octicons-home-16: Homepage](https://www.torproject.org){ .md-button .md-button--primary }
+    [:simple-torbrowser:](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion){ .card-link title="Onion Service" }
+    [:octicons-info-16:](https://tb-manual.torproject.org/){ .card-link title=Documentation }
+    [:octicons-code-16:](https://gitweb.torproject.org/tor-browser.git/){ .card-link title="Source Code" }
+    [:octicons-heart-16:](https://donate.torproject.org/){ .card-link title=Contribute }
+
+    ??? downloads
+
+        - [:simple-windows11: Windows](https://www.torproject.org/download/)
+        - [:simple-apple: macOS](https://www.torproject.org/download/)
+        - [:simple-linux: Linux](https://www.torproject.org/download/)
+        - [:simple-freebsd: FreeBSD](https://www.freshports.org/security/tor)
+        - [:simple-openbsd: OpenBSD](https://openports.se/net/tor)
+        - [:simple-netbsd: NetBSD](https://pkgsrc.se/net/tor)
+        - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.torproject.torbrowser)
+        - [:simple-fdroid: F-Droid](https://support.torproject.org/tormobile/tormobile-7/)
+        - [:simple-android: Android](https://www.torproject.org/download/#android)
+
+!!! danger
+
+    You should **never** install any additional extensions on Tor Browser, including the ones we suggest for Firefox. Nor should you manually enable HTTPS-only mode or edit `about:config` settings. Browser extensions and non-standard settings make you stand out from others on the Tor network, thus making your browser easier to [fingerprint](https://support.torproject.org/glossary/browser-fingerprinting).
+
+The Tor Browser is designed to prevent fingerprinting, or identifying you based on your browser configuration. Therefore, it is imperative that you do **not** modify the browser beyond the default [security levels](https://tb-manual.torproject.org/security-settings/).
+
+### Orbot
+
+!!! recommendation
+
+    ![Orbot logo](assets/img/self-contained-networks/orbot.svg){ align=right }
+
+    **Orbot** is a free Tor VPN for smartphones which routes traffic from any app on your device through the Tor network.
+
+    [:octicons-home-16: Homepage](https://orbot.app/){ .md-button .md-button--primary }
+    [:octicons-eye-16:](https://orbot.app/privacy-policy){ .card-link title="Privacy Policy" }
+    [:octicons-info-16:](https://orbot.app/faqs){ .card-link title=Documentation}
+    [:octicons-code-16:](https://orbot.app/code){ .card-link title="Source Code" }
+    [:octicons-heart-16:](https://orbot.app/donate){ .card-link title=Contribute }
+
+    ??? downloads
+
+        - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.torproject.android)
+        - [:simple-fdroid: F-Droid](https://guardianproject.info/fdroid)
+        - [:simple-github: GitHub](https://github.com/guardianproject/orbot/releases)
+        - [:simple-appstore: App Store](https://apps.apple.com/us/app/orbot/id1609461599)
+
+For resistance against traffic analysis attacks, consider enabling *Isolate Destination Address* in :material-menu: → **Settings** → **Connectivity**. This will use a completely different Tor Circuit (different middle relay and exit nodes) for every domain you connect to.
+
+!!! tip "Tips for Android"
+
+    Orbot can proxy individual apps if they support SOCKS or HTTP proxying. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN killswitch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
+
+    Orbot is often outdated on the Guardian Project's [F-Droid repository](https://guardianproject.info/fdroid) and [Google Play](https://play.google.com/store/apps/details?id=org.torproject.android), so consider downloading directly from the [GitHub repository](https://github.com/guardianproject/orbot/releases) instead.
+
+    All versions are signed using the same signature so they should be compatible with each other.
+
+## Relays and Bridges
+
+### Snowflake
+
+!!! recommendation
+
+    ![Snowflake logo](assets/img/browsers/snowflake.svg#only-light){ align=right }
+    ![Snowflake logo](assets/img/browsers/snowflake-dark.svg#only-dark){ align=right }
+
+    **Snowflake** allows you to donate bandwidth to the Tor Project by operating a "Snowflake proxy" within your browser.
+
+    People who are censored can use Snowflake proxies to connect to the Tor network. Snowflake is a great way to contribute to the network even if you don't have the technical know-how to run a Tor relay or bridge.
+
+    [:octicons-home-16: Homepage](https://snowflake.torproject.org/){ .md-button .md-button--primary }
+    [:octicons-info-16:](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/Technical%20Overview){ .card-link title=Documentation}
+    [:octicons-code-16:](https://gitweb.torproject.org/pluggable-transports/snowflake.git/){ .card-link title="Source Code" }
+    [:octicons-heart-16:](https://donate.torproject.org/){ .card-link title=Contribute }
+
+    ??? downloads
+
+        - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/en-US/firefox/addon/torproject-snowflake/)
+        - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/snowflake/mafpmfcccpbjnhfhjnllmmalhifmlcie)
+        - [:octicons-browser-16: Web](https://snowflake.torproject.org/embed "Leave this page open to be a Snowflake proxy")
+
+??? tip "Embedded Snowflake"
+
+    You can enable Snowflake in your browser by clicking the switch below and ==leaving this page open==. You can also install Snowflake as a browser extension to have it always run while your browser is open, however adding third-party extensions can increase your attack surface.
+
+    <center><iframe src="https://snowflake.torproject.org/embed.html" width="320" height="240" frameborder="0" scrolling="no"></iframe></center>
+    <small>If the embed does not appear for you, ensure you are not blocking the third-party frame from `torproject.org`. Alternatively, visit [this page](https://snowflake.torproject.org/embed.html).</small>
+
+Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours.
+
+Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.

docs/video-streaming.en.md

@@ -6,33 +6,6 @@ The primary threat when using a video streaming platform is that your streaming
 
 ## Clients
 
-### FreeTube
-
-!!! recommendation
-
-    ![FreeTube logo](assets/img/video-streaming/freetube.svg){ align=right }
-
-    **FreeTube** is a free and open-source desktop application for [YouTube](https://youtube.com). When using FreeTube, your subscription list and playlists are saved locally on your device.
-
-    By default, FreeTube blocks all YouTube advertisements. In addition, FreeTube optionally integrates with [SponsorBlock](https://sponsor.ajay.app) to help you skip sponsored video segments.
-
-    [:octicons-home-16: Homepage](https://freetubeapp.io){ .md-button .md-button--primary }
-    [:octicons-eye-16:](https://freetubeapp.io/privacy.php){ .card-link title="Privacy Policy" }
-    [:octicons-info-16:](https://docs.freetubeapp.io/){ .card-link title=Documentation}
-    [:octicons-code-16:](https://github.com/FreeTubeApp/FreeTube){ .card-link title="Source Code" }
-    [:octicons-heart-16:](https://liberapay.com/FreeTube){ .card-link title=Contribute }
-
-    ??? downloads
-
-        - [:simple-windows11: Windows](https://freetubeapp.io/#download)
-        - [:simple-apple: macOS](https://freetubeapp.io/#download)
-        - [:simple-linux: Linux](https://freetubeapp.io/#download)
-        - [:simple-flathub: Flatpak](https://flathub.org/apps/details/io.freetubeapp.FreeTube)
-
-!!! Warning
-
-    When using FreeTube, your IP address may still be known to YouTube, [Invidious](https://instances.invidious.io) or [SponsorBlock](https://sponsor.ajay.app/) depending on your configuration. Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org) if your [threat model](basics/threat-modeling.md) requires hiding your IP address.
-
 ### LBRY
 
 !!! recommendation
@@ -64,118 +37,4 @@ The primary threat when using a video streaming platform is that your streaming
 
 We recommend **against** synchronizing your wallet with LBRY Inc., as synchronizing encrypted wallets is not supported yet. If you synchronize your wallet with LBRY Inc., you have to trust them to not look at your subscription list, [LBC](https://lbry.com/faq/earn-credits) funds, or take control of your channel.
 
-You can disable *Save hosting data to help the LBRY network* option in :gear: **Settings** → **Advanced Settings**, to avoid exposing your IP address and watched videos when using LBRY for a prolonged period of time.
-
-### NewPipe
-
-!!! recommendation annotate
-
-    ![Newpipe logo](assets/img//video-streaming/newpipe.svg){ align=right }
-
-    **NewPipe** is a free and open-source Android application for [YouTube](https://youtube.com), [SoundCloud](https://soundcloud.com), [media.ccc.de](https://media.ccc.de), [Bandcamp](https://bandcamp.com), and [PeerTube](https://joinpeertube.org/) (1).
-
-    Your subscription list and playlists are saved locally on your Android device.
-
-    [:octicons-home-16: Homepage](https://newpipe.net){ .md-button .md-button--primary }
-    [:octicons-eye-16:](https://newpipe.net/legal/privacy){ .card-link title="Privacy Policy" }
-    [:octicons-info-16:](https://teamnewpipe.github.io/documentation/){ .card-link title=Documentation}
-    [:octicons-code-16:](https://github.com/TeamNewPipe/NewPipe){ .card-link title="Source Code" }
-    [:octicons-heart-16:](https://newpipe.net/donate/){ .card-link title=Contribute }
-
-    ??? downloads
-
-        - [:simple-fdroid: F-Droid](https://newpipe.net/FAQ/tutorials/install-add-fdroid-repo)
-        - [:simple-github: GitHub](https://github.com/TeamNewPipe/NewPipe/releases)
-
-1. The default instance is [FramaTube](https://framatube.org/), however more can be added via **Settings** → **Content** → **PeerTube instances**
-
-!!! note
-
-    NewPipe is available on the main [F-Droid](https://www.f-droid.org)'s repository. We recommend that you use NewPipe's own [F-Droid repository](https://newpipe.net/FAQ/tutorials/install-add-fdroid-repo) instead to get faster updates.
-
-!!! Warning
-    
-    When using NewPipe, your IP address will be visible to the video providers used. Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org) if your [threat model](basics/threat-modeling.md) requires hiding your IP address.
-
-## Web-based frontends
-
-### Invidious
-
-!!! recommendation
-
-    ![Invidious logo](assets/img/video-streaming/invidious.svg#only-light){ align=right }
-    ![Invidious logo](assets/img/video-streaming/invidious-dark.svg#only-dark){ align=right }
-
-    **Invidious** is a free and open-source frontend for YouTube that is also self-hostable.
-
-    There are a number of public instances, with some instances having [Tor](https://www.torproject.org) onion services support.
-
-    [:octicons-home-16: Homepage](https://invidious.io){ .md-button .md-button--primary }
-    [:octicons-server-16:](https://instances.invidious.io){ .card-link title="Public Instances"}
-    [:octicons-info-16:](https://docs.invidious.io/){ .card-link title=Documentation}
-    [:octicons-code-16:](https://github.com/iv-org/invidious){ .card-link title="Source Code" }
-    [:octicons-heart-16:](https://invidious.io/donate/){ .card-link title=Contribute }
-
-!!! warning
-
-    Invidious does not proxy video streams by default. Videos watched through Invidious will still make direct connections to Google's servers (e.g. `googlevideo.com`); however, some instances support video proxying—simply enable *Proxy videos* within the instances' settings or add `&local=true` to the URL.
-
-!!! tip
-
-    Invidious is useful if you want to disable JavaScript in your browser, such as [Tor Browser](https://www.torproject.org/) on the Safest security level. It does not provide privacy by itself, and we don’t recommend logging into any accounts.
-
-When self-hosting, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting Invidious, as other peoples' usage will be linked to your hosting.
-
-When you are using an Invidious instance, make sure to read the privacy policy of that specific instance. Invidious instances can be modified by their owners and therefore may not reflect their associated privacy policy. Some instances have Tor .onion addresses which may grant some privacy as long as your search queries don't contain PII (Personally Identifiable Information).
-
-### Librarian
-
-!!! recommendation
-
-    ![Librarian logo](assets/img/video-streaming/librarian.svg#only-light){ align=right }
-    ![Librarian logo](assets/img/video-streaming/librarian-dark.svg#only-dark){ align=right }
-
-    **Librarian** is a free and open-source frontend for the LBRY/Odysee video sharing network that is also self-hostable.
-    
-    There are a number of public instances, with some instances having [Tor](https://www.torproject.org) onion services support.
-
-    [:octicons-repo-16: Repository](https://codeberg.org/librarian/librarian){ .md-button .md-button--primary }
-    [:octicons-server-16:](https://librarian.codeberg.page/){ .card-link title="Public Instances"}
-    [:octicons-info-16:](https://codeberg.org/librarian/librarian/wiki){ .card-link title=Documentation}
-    [:octicons-code-16:](https://codeberg.org/librarian/librarian){ .card-link title="Source Code" }
-
-!!! warning
-
-    Librarian does not proxy video streams by default. Videos watched through Librarian will still make direct connections to Odysee's servers (e.g. `odycdn.com`); however, some instances may enable proxying which would be detailed in the instance's privacy policy.
-
-!!! tip
-
-    Librarian is useful if you want watch LBRY content on mobile without mandatory telemetry and if you want to disable JavaScript in your browser, as is the case with [Tor Browser](https://www.torproject.org/) on the Safest security level.
-
-When self-hosting, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting Librarian, as other peoples' usage will be linked to your hosting.
-
-When you are using a Librarian instance, make sure to read the privacy policy of that specific instance. Librarian instances can be modified by their owners and therefore may not reflect the default policy. Librarian instances feature a "privacy nutrition label" to provide an overview of their policy. Some instances have Tor .onion addresses which may grant some privacy as long as your search queries don't contain PII (Personally Identifiable Information).
-
-### Piped
-
-!!! recommendation
-
-    ![Piped logo](assets/img/video-streaming/piped.svg){ align=right }
-
-    **Piped** is a free and open-source frontend for YouTube that is also self-hostable.
-
-    Piped requires JavaScript in order to function and there are a number of public instances.
-
-    [:octicons-repo-16: Repository](https://github.com/TeamPiped/Piped){ .md-button .md-button--primary }
-    [:octicons-server-16:](https://piped.kavin.rocks/preferences#ddlInstanceSelection){ .card-link title="Public Instances"}
-    [:octicons-info-16:](https://piped-docs.kavin.rocks/){ .card-link title=Documentation}
-    [:octicons-code-16:](https://github.com/TeamPiped/Piped){ .card-link title="Source Code" }
-    [:octicons-heart-16:](https://github.com/TeamPiped/Piped#donations){ .card-link title=Contribute }
-
-!!! tip
-
-    Piped is useful if you want to use [SponsorBlock](https://sponsor.ajay.app) without installing an extension or to access age-restricted content without an account. It does not provide privacy by itself, and we don’t recommend logging into any accounts.
-
-When self-hosting, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting Piped, as other peoples' usage will be linked to your hosting.
-
-When you are using a Piped instance, make sure to read the privacy policy of that specific instance. Piped instances can be modified by their owners and therefore may not reflect their associated privacy policy.
+You can disable *Save hosting data to help the LBRY network* option in :gear: **Settings** → **Advanced Settings**, to avoid exposing your IP address and watched videos when using LBRY for a prolonged period of time.

docs/vpn.en.md

@@ -35,22 +35,18 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic.
 
     **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option.
 
-    **Free** — **Plus Plan USD $71.88/year** (1)
-
     [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary }
     [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" }
     [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation}
     [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" }
 
-1. A further 10% is discounted with a 2-year subscription ($119.76).
-
 ??? check annotate "64 Countries"
 
     Proton VPN has [servers in 64 countries](https://protonvpn.com/vpn-servers) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
 
     We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).
 
-1. As of 2022/05/17
+1. Last checked: 2022-09-16
 
 ??? check "Independently Audited"
 
@@ -90,20 +86,18 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic.
 
     **IVPN** is another premium VPN provider, and they have been in operation since 2009. IVPN is based in Gibraltar.
 
-    **Standard USD $60/year** — **Pro USD $100/year**
-
     [:octicons-home-16: Homepage](https://www.ivpn.net/){ .md-button .md-button--primary }
     [:octicons-eye-16:](https://www.ivpn.net/privacy/){ .card-link title="Privacy Policy" }
     [:octicons-info-16:](https://www.ivpn.net/knowledgebase/general/){ .card-link title=Documentation}
     [:octicons-code-16:](https://github.com/ivpn){ .card-link title="Source Code" }
 
-??? check annotate "32 Countries"
+??? check annotate "34 Countries"
 
-    IVPN has [servers in 32 countries](https://www.ivpn.net/server-locations) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
+    IVPN has [servers in 34 countries](https://www.ivpn.net/server-locations) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
 
     We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).
 
-1. As of 2022/05/17
+1. Last checked: 2022-09-16
 
 ??? check "Independently Audited"
 
@@ -143,21 +137,19 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic.
 
     **Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since **2009**. Mullvad is based in Sweden and does not have a free trial.
 
-    **EUR €60/year**
-
     [:octicons-home-16: Homepage](https://mullvad.net){ .md-button .md-button--primary }
-    [:simple-torproject:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title=Onion }
+    [:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Service" }
     [:octicons-eye-16:](https://mullvad.net/en/help/privacy-policy/){ .card-link title="Privacy Policy" }
     [:octicons-info-16:](https://mullvad.net/en/help/){ .card-link title=Documentation}
     [:octicons-code-16:](https://github.com/mullvad){ .card-link title="Source Code" }
 
-??? check annotate "38 Countries"
+??? check annotate "39 Countries"
 
-    Mullvad has [servers in 38 countries](https://mullvad.net/servers/) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
+    Mullvad has [servers in 39 countries](https://mullvad.net/servers/) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
 
     We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).
 
-1. As of 2022/05/17
+1. Last checked: 2022-09-16
 
 ??? check "Independently Audited"
 
@@ -218,7 +210,7 @@ We require all our recommended VPN providers to provide OpenVPN configuration fi
 - Support for strong protocols such as WireGuard & OpenVPN.
 - Killswitch built in to clients.
 - Multihop support. Multihopping is important to keep data private in case of a single node compromise.
-- If VPN clients are provided, they should be [open-source](https://en.wikipedia.org/wiki/Open_source), like the VPN software they generally have built into them. We believe that [source code](https://en.wikipedia.org/wiki/Source_code) availability provides greater transparency about what your device is actually doing. We like to see these applications [available in F-Droid](https://www.f-droid.org/en/2019/05/05/trust-privacy-and-free-software.html).
+- If VPN clients are provided, they should be [open-source](https://en.wikipedia.org/wiki/Open_source), like the VPN software they generally have built into them. We believe that [source code](https://en.wikipedia.org/wiki/Source_code) availability provides greater transparency about what your device is actually doing.
 
 **Best Case:**
 
@@ -226,7 +218,7 @@ We require all our recommended VPN providers to provide OpenVPN configuration fi
 - Killswitch with highly configurable options (enable/disable on certain networks, on boot, etc.)
 - Easy-to-use VPN clients
 - Supports [IPv6](https://en.wikipedia.org/wiki/IPv6). We expect that servers will allow incoming connections via IPv6 and allow you to access services hosted on IPv6 addresses.
-- Capability of [remote port forwarding](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) assists in creating connections when using P2P ([Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer)) file sharing software, Freenet, or hosting a server (e.g., Mumble).
+- Capability of [remote port forwarding](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) assists in creating connections when using P2P ([Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer)) file sharing software or hosting a server (e.g., Mumble).
 
 ### Privacy
 
@@ -292,8 +284,8 @@ Must not have any marketing which is irresponsible:
 
 Responsible marketing that is both educational and useful to the consumer could include:
 
-- An accurate comparison to when Tor or other [self-contained networks](self-contained-networks.md) should be used.
-- Availability of the VPN provider's website over a .onion [Hidden Service](https://en.wikipedia.org/wiki/.onion)
+- An accurate comparison to when [Tor](tor.md) should be used instead.
+- Availability of the VPN provider's website over a .onion [Onion Service](https://en.wikipedia.org/wiki/.onion)
 
 ### Additional Functionality
 

includes/abbreviations.en.md

@@ -10,6 +10,8 @@
 *[DNSSEC]: Domain Name System Security Extensions
 *[DNS]: Domain Name System
 *[DoH]: DNS over HTTPS
+*[DoQ]: DNS over QUIC
+*[DoH3]: DNS over HTTP/3
 *[DoT]: DNS over TLS
 *[E2EE]: End-to-End Encryption/Encrypted
 *[ECS]: EDNS Client Subnet
@@ -28,7 +30,6 @@
 *[HOTP]: HMAC (Hash-based Message Authentication Code) based One-Time Password
 *[HTTPS]: Hypertext Transfer Protocol Secure
 *[HTTP]: Hypertext Transfer Protocol
-*[I2P]: Invisible Internet Project
 *[ICCID]: Integrated Circuit Card Identifier
 *[IMAP]: Internet Message Access Protocol
 *[IMEI]: International Mobile Equipment Identity

mkdocs.production.yml

@@ -1,9 +1,5 @@
 INHERIT: mkdocs.yml
 plugins:
-  minify:
-    minify_html: true
-    htmlmin_opts:
-        remove_comments: true
   privacy:
     externals_exclude:
       - cdn.jsdelivr.net/npm/mathjax@3/*
@@ -44,7 +40,7 @@ extra:
         - icon: material/robot-confused
           name: This page could be improved
           data: Needs Improvement
-          note: Thanks for your feedback! Help us improve this page by opening a <a href="https://github.com/orgs/privacyguides/discussions" target=_blank>discusson on GitHub</a>.
+          note: Thanks for your feedback! Help us improve this page by opening a <a href="https://github.com/privacyguides/privacyguides.org/discussions" target=_blank>discussion on GitHub</a>.
 
 theme:
   features:

mkdocs.yml

@@ -139,13 +139,16 @@ nav:
       - 'linux-desktop/overview.md'
       - 'linux-desktop/hardening.md'
       - 'linux-desktop/sandboxing.md'
+    - 'Real-Time Communication':
+      - 'real-time-communication/communication-network-types.md'
+      - 'real-time-communication/signal-configuration-hardening.md'
     - 'Advanced':
       - 'advanced/integrating-metadata-removal.md'
       - 'advanced/erasing-data.md'
-      - 'advanced/signal-configuration-hardening.md'
   - 'Recommendations':
     - 'tools.md'
-    - 'Browsers':
+    - 'Internet Browsing':
+      - 'tor.md'
       - 'desktop-browsers.md'
       - 'mobile-browsers.md'
     - 'Operating Systems':
@@ -165,19 +168,20 @@ nav:
       - 'email-clients.md'
       - 'encryption.md'
       - 'file-sharing.md'
+      - 'frontends.md'
       - 'multi-factor-authentication.md'
       - 'news-aggregators.md'
       - 'notebooks.md'
       - 'passwords.md'
       - 'productivity.md'
       - 'real-time-communication.md'
-      - 'self-contained-networks.md'
       - 'video-streaming.md'
   - 'About':
     - 'about.md'
     - 'coc.md'
     - 'about/donate.md'
     - 'Online Services': 'https://privacyguides.net'
+    - 'about/privacytools.md'
     - 'Website Statistics': 'https://stats.privacyguides.net/privacyguides.org'
     - 'about/notices.md'
     - 'about/privacy-policy.md'