PrivacyTools FAQ (#1808)

Signed-off-by: Daniel Gray <dng@disroot.org>

.github/workflows/crowdin.yml

@@ -14,7 +14,7 @@ jobs:
       uses: actions/checkout@v3
 
     - name: crowdin action
-      uses: crowdin/github-action@1.4.13
+      uses: crowdin/github-action@1.4.14
       with:
         upload_sources: true
         upload_sources_args: '--auto-update --delete-obsolete'

docs/about/privacytools.en.md

@@ -0,0 +1,117 @@
+---
+title: "PrivacyTools FAQ"
+---
+# Why we moved on from PrivacyTools
+
+In September 2021, every active contributor unanimously agreed to move from PrivacyTools to work on this site: Privacy Guides. This decision was made because PrivacyTools’ founder and controller of the domain name had disappeared for an extended period of time and could not be contacted.
+
+Having built a reputable site and set of services on PrivacyTools.io, this caused grave concerns for the future of PrivacyTools, as any future disruption could wipe out the entire organization with no recovery method. This transition was communicated to the PrivacyTools community many months in advance via a variety of channels including its blog, Twitter, Reddit, and Mastodon to ensure the entire process went as smoothly as possible. We did this to ensure nobody was kept in the dark, which has been our modus operandi since our team was created, and to make sure Privacy Guides was recognized as the same reliable organization that PrivacyTools was before the transition.
+
+After the organizational move was completed, the founder of PrivacyTools returned and began to spread misinformation about the Privacy Guides project. They continue to spread misinformation in addition to operating a paid link farm on the PrivacyTools domain. We are creating this page to clear up any misconceptions.
+
+## What is PrivacyTools?
+
+PrivacyTools was created in 2015 by "BurungHantu," who wanted to make a privacy information resource - helpful tools following the Snowden revelations. The site grew into a flourishing open-source project with [many contributors](https://github.com/privacytools/privacytools.io/graphs/contributors), some eventually given various organizational responsibilities, such as operating online services like Matrix and Mastodon, managing and reviewing changes to the site on GitHub, finding sponsors for the project, writing blog posts and operating social media outreach platforms like Twitter, etc.
+
+Beginning in 2019, BurungHantu grew more and more distant from the active development of the website and communities, and began delaying payments he was responsible for related to the servers we operated. To avoid having our system administrator pay server costs out of their own pocket, we changed the donation methods listed on the site from BurungHantu's personal PayPal and crypto accounts to a new OpenCollective page on [October 31, 2019](https://web.archive.org/web/20210729184557/https://blog.privacytools.io/privacytools-io-joins-the-open-collective-foundation/). This had the added benefits of making our finances completely transparent, a value we strongly believe in, and tax-deductible in the United States, because they were being held by the Open Collective Foundation 501(c)3. This change was unanimously agreed upon by the team and went uncontested.
+
+## Why We Moved On
+
+In 2020, BurungHantu's absence grew much more noticeable. At one point, we required the domain's nameservers to be changed to nameservers controlled by our system administrator to avoid future disruption, and this change was not completed for over a month after the initial request. He would disappear from the public chat and private team chat rooms on Matrix for months at a time, occasionally popping in to give some small feedback or promise to be more active before disappearing once again.
+
+In October 2020, the PrivacyTools system administrator (Jonah) [left](https://web.archive.org/web/20210729190742/https://blog.privacytools.io/blacklight447-taking-over/) the project because of these difficulties, handing control to another long-time contributor. Jonah had been operating nearly every PrivacyTools service and acting as the *de facto* project lead for website development in BurungHantu's absence, thus his departure was a significant change to the organization. At the time, because of these significant organizational changes, BurungHantu promised the remaining team he would return to take control of the project going forward. ==The PrivacyTools team reached out via several communication methods over the following months, but did not receive any response.==
+
+## Domain Name Reliance
+
+At the beginning of 2021, the PrivacyTools team grew worried about the future of the project, because the domain name was set to expire on 1st March 2021. The domain was ultimately renewed by BurungHantu with no comment.
+
+The team’s concerns were not addressed, and we realized this would be a problem every year: If the domain expired it would have allowed it to be stolen by squatters or spammers, thus ruining the organization's reputation. We also would have had trouble reaching the community to inform them of what took place.
+
+Without being in any contact with BurungHantu, we decided the best course of action would be to move to a new domain name while we still had guaranteed control over the old domain name, sometime before March 2022. This way, we would be able to cleanly redirect all PrivacyTools resources to the new site without any interruption in service. This decision was made many months in advance and communicated to the entire team in the hopes that BurungHantu would reach out and assure his continued support for the project, because with a recognizable brand name and large communities online, moving away from "PrivacyTools" was the least desirable possible outcome.
+
+In mid-2021 the PrivacyTools team reached out to Jonah, who agreed to rejoin the team to help with the transition.
+
+## Community Call to Action
+
+At the end of July 2021, we [informed](https://web.archive.org/web/20210729184422/https://blog.privacytools.io/the-future-of-privacytools/) the PrivacyTools community of our intention to choose a new name and continue the project on a new domain, to be [chosen](https://web.archive.org/web/20210729190935/https://aragon.cloud/apps/forms/cMPxG9KyopapBbcw) on 2nd August 2022. In the end, "Privacy Guides" was selected, with the `privacyguides.org` domain already owned by Jonah for a side-project from 2020 that went undeveloped.
+
+## Control of r/privacytoolsIO
+
+Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the subreddit. The subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep was the only active moderator at the time, and [posted](https://www.reddit.com/r/redditrequest/comments/o9tllh/requesting_rprivacytoolsio_im_only_active_mod_top/) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
+
+Reddit requires that subreddits have active moderators. If the primary moderator is inactive for a lengthy period of time (such as a year) the primary moderation position can be re-appointed to the next moderator in line. For this request to have been granted, BurungHantu had to have been completely absent from all Reddit activity for a long period of time, which was consistent with his behaviors on other platforms.
+
+> If you were removed as moderator from a subreddit through Reddit request it is because your lack of response and lack of activity qualified the subreddit for an r/redditrequest transfer.
+>
+> r/redditrequest is Reddit's way of making sure communities have active moderators and is part of the [Moderator Code of Conduct](https://www.redditinc.com/policies/moderator-code-of-conduct).
+
+## Beginning the Transition
+
+On September 14th, 2021, we [announced](https://www.privacyguides.org/blog/2021/09/14/welcome-to-privacy-guides/) the beginning of our migration to this new domain:
+
+> [...] we found it necessary to make this switch sooner rather than later to ensure people would find out about this transition as soon as possible. This gives us adequate time to transition the domain name, which is currently redirecting to www.privacyguides.org, and it hopefully gives everyone enough time to notice the change, update bookmarks and websites, etc.
+
+This change [entailed:](https://www.reddit.com/r/PrivacyGuides/comments/pnhn4a/rprivacyguides_privacyguidesorg_what_you_need_to/)
+
+- Redirecting www.privacytools.io to [www.privacyguides.org](https://www.privacyguides.org).
+- Archiving the source code on GitHub to preserve our past work and issue tracker, which we continued to use for months of future development of this site.
+- Posting announcements to our subreddit and various other communities informing people of the official change.
+- Formally closing privacytools.io services, like Matrix and Mastodon, and encouraging existing users to migrate as soon as possible.
+
+Things appeared to be going smoothly, and most of our active community made the switch to our new project exactly as we hoped.
+
+## Following Events
+
+Roughly a week following the transition, BurungHantu returned online for the first time in nearly a year, however nobody on our team was willing to return to PrivacyTools because of his historic unreliability. Rather than apologize for his prolonged absence, he immediately went on the offensive and positioned the transition to Privacy Guides as an attack against him and his project. He subsequently [deleted](https://www.reddit.com/r/privacytoolsIO/comments/pp9yie/comment/hd49wbn) many of these posts when it was pointed out by the community that he had been absent and abandoned the project.
+
+At this point, BurungHantu claimed he wanted to continue working on privacytools.io on his own and requested that we remove the redirect from www.privacytools.io to [www.privacyguides.org](https://www.privacyguides.org). We obliged and requested that he keep the subdomains for Matrix, Mastodon, and PeerTube active for us to run as a public service to our community for at least a few months, in order to allow users on those platforms to easily migrate to other accounts. Due to the federated nature of the services we provided, they were tied to specific domain names making it very difficult to migrate (and in some cases impossible).
+
+Unfortunately, because control of the r/privacytoolsIO subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://www.reddit.com/r/PrivacyGuides/comments/pymthv/comment/hexwrps/) at the beginning of October, ending any migration possibilities to any users still using those services.
+
+Following this, BurungHantu made false accusations about Jonah stealing donations from the project. BurungHantu had over a year since the alleged incident occurred, and yet he never made anyone aware of it until after the Privacy Guides migration. BurungHantu has been repeatedly asked for proof and to comment on the reason for his silence by the team [and the community](https://twitter.com/TommyTran732/status/1526153536962281474), and has not done so.
+
+BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim.
+
+## PrivacyTools.io Now
+
+As of September 25th 2022 we are seeing BurungHantu's overall plans come to fruition on privacytools.io, and this is the very reason we decided to create this explainer page today. The website he is operating appears to be a heavily SEO-optimized version of the site which recommends tools in exchange for financial compensation. Very recently, IVPN and Mullvad, two VPN providers near-universally [recommended](../vpn.md) by the privacy community and notable for their stance against affiliate programs were removed from PrivacyTools. In their place? NordVPN, Surfshark, ExpressVPN, and hide.me; Giant VPN corporations with untrustworthy platforms and business practices, notorious for their aggressive marketing and affiliate programs.
+
+==**PrivacyTools has become exactly the type of site we [warned against](https://web.archive.org/web/20210729205249/https://blog.privacytools.io/the-trouble-with-vpn-and-privacy-reviews/) on the PrivacyTools blog in 2019.**== We've tried to keep our distance from PrivacyTools since the transition, but their continued harassment towards our project and now their absurd abuse of the credibility their brand gained over 6 years of open source contributions is extremely troubling to us. Those of us actually fighting for privacy are not fighting against each other, and are not getting our advice from the highest bidder.
+
+## r/privacytoolsIO Now
+
+After the launch of [r/PrivacyGuides](https://www.reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://www.reddit.com/r/privacytoolsIO/comments/qk7qrj/a_new_era_why_rptio_is_now_a_restricted_sub/) a restricted sub in a post on November 1st, 2021:
+
+> [...] The growth of this Sub was the result of great effort, across several years, by the PrivacyGuides.org team. And by every one of you.
+>
+> A Subreddit is a great deal of work to administer and moderate. Like a garden, it requires patient tending and daily care. It’s not a task for dilettantes or commitment-challenged people. It can’t thrive under a gardener who abandons it for several years, then shows up demanding this year’s harvest as their tribute. It’s unfair to the team formed years ago. It’s unfair to you. [...]
+
+Subreddits do not belong to anybody, and they especially do not belong to brand-holders. They belong to their communities, and the community and its moderators made the decision to support the move to r/PrivacyGuides.
+
+In the months since, BurungHantu has threatened and begged for returning subreddit control to his account in [violation](https://www.reddit.com/r/redditrequest/wiki/top_mod_removal/) of Reddit rules:
+
+> Retaliation from any moderator with regards to removal requests is disallowed.
+
+For a community with many thousands of remaining subscribers, we feel that it would be incredibly disrespectful to return control of that massive platform to the person who abandoned it for over a year, and who now operates a website that we feel provides very low-quality information. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.
+
+## OpenCollective Now
+
+Our fundraising platform, OpenCollective, is another source of contention. Our position is that OpenCollective was put in place by our team and managed by our team to fund services we currently operate and which PrivacyTools no longer does. We [reached out](https://opencollective.com/privacyguides/updates/transitioning-to-privacy-guides) to all of our donors regarding our move to Privacy Guides, and we were unanimously supported by our sponsors and community.
+
+Thus, the funds in OpenCollective belong to Privacy Guides, they were given to our project, and not the owner of a well known domain name. In the announcement made to donors on September 17th, 2021, we offered refunds to any donor who disagrees with the stance we took, but nobody has taken us up on this offer:
+
+> If any sponsors or backers disagree with or feel misled by these recent events and would like to request a refund given these highly unusual circumstances, please get in touch with our project admin by emailing jonah@triplebit.net.
+
+## Further Reading
+
+This topic has been discussed extensively within our communities in various locations, and it seems likely that most people reading this page will already be familiar with the events leading up to the move to Privacy Guides. Some of our previous posts on the matter may have extra detail we omitted here for brevity. They have been linked below for the sake of completion.
+
+- [June 28, 2021 request for control of r/privacytoolsIO](https://www.reddit.com/r/redditrequest/comments/o9tllh/requesting_rprivacytoolsio_im_only_active_mod_top/)
+- [July 27, 2021 announcement of our intentions to move on the PrivacyTools blog, written by the team](https://web.archive.org/web/20210729184422/https://blog.privacytools.io/the-future-of-privacytools/)
+- [Sept 13, 2021 announcement of the beginning of our transition to Privacy Guides on r/privacytoolsIO](https://www.reddit.com/r/privacytoolsIO/comments/pnql46/rprivacyguides_privacyguidesorg_what_you_need_to/)
+- [Sept 17, 2021 announcement on OpenCollective from Jonah](https://opencollective.com/privacyguides/updates/transitioning-to-privacy-guides)
+- [Sept 30, 2021 Twitter thread detailing most of the events now described on this page](https://twitter.com/privacy_guides/status/1443633412800225280)
+- [Oct 1, 2021 post by u/dng99 noting subdomain failure](https://www.reddit.com/r/PrivacyGuides/comments/pymthv/comment/hexwrps/)
+- [Apr 2, 2022 response by u/dng99 to PrivacyTools' accusatory blog post](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/)
+- [May 16, 2022 response by @TommyTran732 on Twitter](https://twitter.com/TommyTran732/status/1526153497984618496)
+- [Sep 3, 2022 post on Techlore's forum by @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20)

docs/android/grapheneos-vs-calyxos.en.md

@@ -25,7 +25,7 @@ Network location providers like Play Services or Mozilla rely the on the MAC add
 
 Local RF location backends like DejaVu require that the phone has a working GPS first for the local RF data collected to be useful. This makes them less effective as location providers, as the job of a location provider is to assist location approximation when satellite based services are not working.
 
-If your [threat model](threat-modeling.md) requires protecting your location or the MAC addresses of nearby devices, rerouting location requests to the OS location API is probably the best option. The benefit brought by microG's custom location backend is minimal at best when compared to Sandboxed Google Play.
+If your [threat model](../basics/threat-modeling.md) requires protecting your location or the MAC addresses of nearby devices, rerouting location requests to the OS location API is probably the best option. The benefit brought by microG's custom location backend is minimal at best when compared to Sandboxed Google Play.
 
 In terms of application compatibility, ==Sandboxed Google Play on GrapheneOS is always going to be more compatible== as it is the same code as what is released by Google. microG is a reimplementation of these services. As a result, it only supports the various parts that have been reimplemented, meaning some things such as [Google Play Games](https://play.google.com/googleplaygames) and [In-app Billing API](https://android-doc.github.io/google/play/billing/api.html) are not yet supported.
 
@@ -47,11 +47,11 @@ Android 12 comes with special support for seamless app updates with [third-party
 
 CalyxOS includes the [privileged extension](https://f-droid.org/en/packages/org.fdroid.fdroid.privileged), which may lower device security.
 
-On the other hand, GrapheneOS officially recommends [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play) instead. Many FOSS Android apps are also in Google's Play Store but sometimes they are not (like [NewPipe](../video-streaming.md#newpipe)). In those cases, you can [keep up with updates using RSS](../android.md#manually-with-rss-notifications).
+On the other hand, GrapheneOS officially recommends [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play) instead. Many FOSS Android apps are also in Google's Play Store but sometimes they are not (like [NewPipe](../frontends.md#newpipe-android)). In those cases, you can [keep up with updates using RSS](../android.md#manually-with-rss-notifications).
 
 ## Profiles
 
-GrapheneOS significantly improves [user profiles](overview.md#user-profiles) in [multiple ways](https://grapheneos.org/features#improved-user-profiles), such as increasing the limit of how many profiles you can create (32 instead of the standard 4), allowing you to log out of user profiles, disabling app installation, and notification forwarding. All of these improvements make it so user profiles can be daily driven without sacrificng too much usability.
+GrapheneOS significantly improves [user profiles](overview.md#user-profiles) in [multiple ways](https://grapheneos.org/features#improved-user-profiles), such as increasing the limit of how many profiles you can create (32 instead of the standard 4), allowing you to log out of user profiles, disabling app installation, and notification forwarding. All of these improvements make it so user profiles can be daily driven without sacrificing too much usability.
 
 CalyxOS doesn't feature any improvements to user profiles over AOSP, and instead includes a device controller app so that the [work profile](overview.md#work-profile) can be used without needing to download a third party app such as [Shelter](../android.md#shelter). However, work profiles are not nearly as flexible (as you're limited to only one) and don't provide the same amount of isolation and security.
 

docs/assets/img/frontends/nitter.svg

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg width="666.67" height="666.67" version="1" viewBox="0 0 500 500" xmlns="http://www.w3.org/2000/svg"><path d="M73.6 33.6L71 36.3v427.4l2.6 2.7 2.7 2.6h87.4l2.7-2.6 2.6-2.7V339.9c0-102.6.2-123.9 1.3-123.9.8 0 41.1 56.1 89.7 124.7 48.5 68.7 89.2 125.6 90.4 126.5 1.9 1.6 5.5 1.8 37.7 1.8h35.6l2.7-2.6 2.6-2.7V36.3l-2.6-2.7-2.7-2.6h-87.4l-2.7 2.6-2.6 2.7v123.8c0 102.6-.2 123.9-1.3 123.9-.8 0-41.1-56.1-89.7-124.8-48.5-68.6-89.2-125.5-90.4-126.4-1.9-1.6-5.5-1.8-37.7-1.8H76.3l-2.7 2.6zm158.9 147.1c51.2 72.3 94.4 133.1 96.1 134.9 2.9 3.1 3.6 3.4 9.1 3.4 5.2 0 6.4-.4 8.7-2.6l2.6-2.7V49h62v402l-25.2-.1h-25.3l-93-131.6c-51.1-72.3-94.4-133.1-96.1-134.9-2.9-3.1-3.6-3.4-9.1-3.4-5.2 0-6.4.4-8.7 2.6l-2.6 2.7V451H89V49l25.3.1h25.2l93 131.6z" fill="#ff6c60" stroke="#ff6c60" stroke-width=".99975"/></svg>

docs/basics/account-deletion.en.md

@@ -44,13 +44,13 @@ Residents of the EEA have additional rights regarding data erasure specified in
 
 In some situations where you plan to abandon an account, it may make sense to overwrite the account information with fake data. Once you've made sure you can log in, change all the information in your account to falsified information. The reason for this is that many sites will retain information you previously had even after account deletion. The hope is that they will overwrite the previous information with the newest data you entered. However, there is no guarantee that there won't be backups with the prior information.
 
-For the account email, either create a new alternate email account via your provider of choice or create an alias using an [email aliasing service](/email/#email-aliasing-services). You can then delete your alternate email address once you are done. We recommend against using temporary email providers, as oftentimes it is possible to reactivate temporary emails.
+For the account email, either create a new alternate email account via your provider of choice or create an alias using an [email aliasing service](../email.md#email-aliasing-services). You can then delete your alternate email address once you are done. We recommend against using temporary email providers, as oftentimes it is possible to reactivate temporary emails.
 
 ### Delete
 
 You can check [JustDeleteMe](https://justdeleteme.xyz) for instructions on deleting the account for a specific service. Some sites will graciously have a "Delete Account" option, while others will go as far as to force you to speak with a support agent. The deletion process can vary from site to site, with account deletion being impossible on some.
 
-For services that don't allow account deletion, the best thing to do is falsify all your information as previously mentioned and strengthen account security. To do so, enable [MFA](multi-factor-authentication.md) and any extra security features offered. As well, change the password to a randomly-generated one that is the maximum allowed size (a [password manager](/passwords/#local-password-managers) can be useful for this).
+For services that don't allow account deletion, the best thing to do is falsify all your information as previously mentioned and strengthen account security. To do so, enable [MFA](multi-factor-authentication.md) and any extra security features offered. As well, change the password to a randomly-generated one that is the maximum allowed size (a [password manager](../passwords.md) can be useful for this).
 
 If you're satisfied that all information you care about is removed, you can safely forget about this account. If not, it might be a good idea to keep the credentials stored with your other passwords and occasionally re-login to reset the password.
 

docs/basics/common-threats.en.md

@@ -60,7 +60,7 @@ The obvious problem with this is that the service provider (or a hacker who has
 
 Thankfully, end-to-end encryption can alleviate this issue by encrypting communications between you and your desired recipients before they are even sent to the server. The confidentiality of your messages is guaranteed, so long as the service provider does not have access to the private keys of either party.
 
-??? note "Note on web-based encryption"
+!!! note "Note on web-based encryption"
 
     In practice, the effectiveness of different end-to-end encryption implementations varies. Applications such as [Signal](../real-time-communication.md#signal) run natively on your device, and every copy of the application is the same across different installations. If the service provider were to backdoor their application in an attempt to steal your private keys, that could later be detected using reverse engineering.
 

docs/basics/email-security.en.md

@@ -17,7 +17,7 @@ Even if you use OpenPGP, it does not support [forward secrecy](https://en.wikipe
 
 ### What Email Clients Support E2EE?
 
-Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multi-factor authentication](/basics/multi-factor-authentication/) is not possible with plain password authentication.
+Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multi-factor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
 
 ### How Do I Protect My Private Keys?
 

docs/basics/multi-factor-authentication.en.md

@@ -34,7 +34,7 @@ Unlike [WebAuthn](#fido-fast-identity-online), TOTP offers no protection against
 
 An adversary could set up a website to imitate an official service in an attempt to trick you into giving out your username, password and current TOTP code. If the adversary then uses those recorded credentials they may be able to log into the real service and hijack the account.
 
-Although not perfect, TOTP is secure enough for most people, and when [hardware security keys](/multi-factor-authentication/#hardware-security-keys) are not supported [authenticator apps](/multi-factor-authentication/#authenticator-apps) are still a good option.
+Although not perfect, TOTP is secure enough for most people, and when [hardware security keys](../multi-factor-authentication.md#hardware-security-keys) are not supported [authenticator apps](../multi-factor-authentication.md#authenticator-apps) are still a good option.
 
 ### Hardware security keys
 

docs/basics/passwords-overview.en.md

@@ -100,7 +100,11 @@ There are many good options to choose from, both cloud-based and local. Choose o
 
 !!! Warning "Don't place your passwords and TOTP tokens inside the same password manager"
 
-    If you're using TOTP as a [multi-factor authentication](../multi-factor-authentication.md) method for any of your accounts, do not store these tokens, any backup codes for them, or the TOTP secrets themselves in your password manager, as that negates the benefit of multi-factor authentication. You should use a dedicated [TOTP app](../multi-factor-authentication.md#authenticator-apps) instead.
+    When using TOTP codes as [multi-factor authentication](../multi-factor-authentication.md), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md#authenticator-apps).
+
+    Storing your TOTP tokens in the same place as your passwords, while convenient, reduces the accounts to a single factor in the event that an adversary gains access to your password manager.
+
+    Furthermore, we do not recommend storing single-use recovery codes in your password manager. Those should be stored separately such as in an encrypted container on an offline storage device.
 
 ### Backups
 

docs/blog/2021/12/01/firefox-privacy-2021-update.md

@@ -7,7 +7,7 @@ template: overrides/blog.en.html
 ---
 A lot changed between 2019 and now, not least in regards to Firefox. Since our last post, Mozilla has [improved](https://blog.mozilla.org/en/products/firefox/latest-firefox-rolls-out-enhanced-tracking-protection-2-0-blocking-redirect-trackers-by-default/) privacy with [Enhanced Tracking Protection (ETP)](https://blog.mozilla.org/en/products/firefox/firefox-now-available-with-enhanced-tracking-protection-by-default/). Earlier this year Mozilla introduced [Total Cookie Protection](https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/) (Dynamic First Party Isolation dFPI). This was then further tightened with [Enhanced Cookie Clearing](https://blog.mozilla.org/security/2021/08/10/firefox-91-introduces-enhanced-cookie-clearing/). We’re also looking very forward to [Site Isolation](https://blog.mozilla.org/security/2021/05/18/introducing-site-isolation-in-firefox/) (code named Fission) being enabled by default in the coming releases.
 
-Now that so many privacy features are built into the browser, there is little need for extensions made by third-party developers. Accordingly, we have updated our very outdated [browser](https://www.privacyguides.org/browsers) section. If you’ve got an old browser profile we suggest **creating a new one**. Some of the old advice may make your browser _more_ unique.
+Now that so many privacy features are built into the browser, there is little need for extensions made by third-party developers. Accordingly, we have updated our very outdated [browser](../../../../desktop-browsers.md) section. If you’ve got an old browser profile we suggest **creating a new one**. Some of the old advice may make your browser _more_ unique.
 
 #### Privacy Tweaks “about:config”
 

docs/blog/2022/06/09/hide-nothing.md

@@ -21,7 +21,7 @@ In countries were organizing around political dissent is legal, that doesn't mea
 
 And even if you break away from the legal aspects, we all have something to hide. You may not be ready to reveal your sexual or gender identity, but your internet usage could potentially do that for you. You don't want to make your bank account public; you have that information to hide. And you can continue to list things about your life you'd just rather not make public, regardless of potential legality.
 
-In July of 2021, a Catholic priest by the name of Jeffrey Burrill lost his job and was forced to resign after data collected through his cell phone showed that he was active on the Gay dating app Grindr, and that he had visited multiple gay bars in the area. [According](https://www.washingtonpost.com/religion/2021/07/20/bishop-misconduct-resign-burrill/) to the *Washington Post*:
+In July of 2021, a Catholic priest by the name of Jeffrey Burrill lost his job and was forced to resign after data collected through his cell phone showed that he was active on the gay dating app Grindr, and that he had visited multiple gay bars in the area. [According](https://www.washingtonpost.com/religion/2021/07/20/bishop-misconduct-resign-burrill/) to the *Washington Post*:
 
 > “A mobile device correlated to Burrill emitted app data signals from the location-based hookup app Grindr on a near-daily basis during parts of 2018, 2019, and 2020 —– at both his USCCB office and his USCCB-owned residence, as well as during USCCB meetings and events in other cities,” the Pillar reported.
 
@@ -33,7 +33,7 @@ While it was not clear who was tracking Burrill's device, the Post went on to sa
 
 > Privacy experts have long raised concerns about “anonymized” data collected by apps and sold to or shared with aggregators and marketing companies. While the information is typically stripped of obviously identifying fields, like a user's name or phone number, it can contain everything from age and gender to a device ID. It's possible for experts to de-anonymize some of this data and connect it to real people.
 
-While Burrill was without a doubt in violation of his works own code of conduct, he did decide on his own to be a priest. However, his personal life was not harming others and was just that, his personal life. While the question looms about who was tracking him to begin with and why, the fact it was so easy to do is alarming.
+While Burrill was without a doubt in violation of his work's own code of conduct, he did decide on his own to be a priest. However, his personal life was not harming others and was just that, his personal life. While the question looms about who was tracking him to begin with and why, the fact it was so easy to do is alarming.
 
 What if Burrill wasn't a priest, but just happened to work for someone who held anti-homosexual views who used this data to out him, humiliate him, and fire him under false pretenses? This data, which should be private could (and likely did in the real-life circumstance) ruin his life.
 

docs/calendar-contacts.en.md

@@ -40,7 +40,7 @@ Calendars and contacts contain some of your most sensitive data; use products th
 
     **EteSync** is a secure, end-to-end encrypted, and privacy-respecting cloud backup and synchronization software for your personal information, including contacts and calendars. There are native clients for Android, iOS, with a web client and an adapter layer for most desktop clients available too. Etesync does [not](https://www.etesync.com/faq/#2fa) currently support multi-factor authentication.
 
-    EteSync offers a SaaS for [$24/year](https://dashboard.etebase.com/user/partner/pricing/), or you can host the server yourself for free.
+    EteSync offers a [SaaS](https://dashboard.etebase.com/user/partner/pricing/), or you can host the server yourself for free.
 
     [:octicons-home-16: Homepage](https://www.etesync.com){ .md-button .md-button--primary }
     [:octicons-eye-16:](https://www.etesync.com/tos/#privacy){ .card-link title="Privacy Policy" }

docs/cloud.en.md

@@ -67,6 +67,4 @@ When self-hosting, you should also enable E2EE to protect against your hosting p
 
         - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive)
 
-Proton Drive is currently in beta and is only available through a web client and an Android app.
-
-When using a web client, you are placing trust in the server to send you proper JavaScript code to derive the decryption key and authentication token locally in your browser. A compromised server can send you malicious JavaScript code to steal your master password and decrypt your data. If this does not fit your [threat model](basics/threat-modeling.md), consider using an alternative.
+Proton Drive is currently only available through a web client and an Android app.

docs/data-redaction.en.md

@@ -89,7 +89,7 @@ The app offers multiple ways to erase metadata from images. Namely:
 
     ![Metapho logo](assets/img/data-redaction/metapho.jpg){ align=right }
 
-    Metapho is a simple and clean viewer for photo metadata such as date, file name, size, camera model, shutter speed, and location.
+    **Metapho** is a simple and clean viewer for photo metadata such as date, file name, size, camera model, shutter speed, and location.
 
     [:octicons-home-16: Homepage](https://zininworks.com/metapho){ .md-button .md-button--primary }
     [:octicons-eye-16:](https://zininworks.com/privacy/){ .card-link title="Privacy Policy" }

docs/dns.en.md

@@ -15,7 +15,7 @@ icon: material/dns
 | ------------ | -------------- | --------- | ------- | --- | --------- |
 | [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Cleartext <br> DoH <br> DoT <br> DNSCrypt | Some[^1] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS)
 | [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Cleartext <br> DoH <br> DoT | Some[^2] | No | Based on server choice.|
-| [**Control D**](https://controld.com/free-dns) | [:octicons-link-external-24:](https://controld.com/privacy) | Cleartext <br> DoH <br> DoT <br> DNSCrypt | Optional[^3] | No | Based on server choice. |
+| [**Control D**](https://controld.com/free-dns) | [:octicons-link-external-24:](https://controld.com/privacy) | Cleartext <br> DoH <br> DoT <br> DNSCrypt <br> DoQ <br> DoH3 | Optional[^3] | No | Based on server choice. |
 | [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | DoH <br> DoT | No[^4] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock)
 | [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Cleartext <br> DoH <br> DoT <br> DNSCrypt | Optional[^5] | Optional | Based on server choice. |
 | [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Cleartext <br> DoH <br> DoT <br> DNSCrypt | Some[^6] | Optional |  Based on server choice, Malware blocking by default. |

docs/email-clients.en.md

@@ -41,7 +41,7 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
 
     ![Apple Mail logo](assets/img/email-clients/applemail.png){ align=right }
 
-    **Apple Mail** is included in macOS and can be extended to have OpenPGP support with [GPG Suite](/encryption/#gpg-suite), which adds the ability to send encrypted email.
+    **Apple Mail** is included in macOS and can be extended to have OpenPGP support with [GPG Suite](encryption.md#gpg-suite), which adds the ability to send encrypted email.
 
     [:octicons-home-16: Homepage](https://support.apple.com/guide/mail/welcome/mac){ .md-button .md-button--primary }
     [:octicons-eye-16:](https://www.apple.com/legal/privacy/en-ww/){ .card-link title="Privacy Policy" }
@@ -175,7 +175,7 @@ Canary Mail is closed-source. We recommend it due to the few choices there are f
 
     ![NeoMutt logo](assets/img/email-clients/mutt.svg){ align=right }
 
-    NeoMutt is an open-source command line mail reader (or MUA) for Linux and BSD. It's a fork of [Mutt](https://en.wikipedia.org/wiki/Mutt_(email_client)) with added features.
+    **NeoMutt** is an open-source command line mail reader (or MUA) for Linux and BSD. It's a fork of [Mutt](https://en.wikipedia.org/wiki/Mutt_(email_client)) with added features.
 
     NeoMutt is a text-based client that has a steep learning curve. It is however, very customizable.
 

docs/email.en.md

@@ -28,8 +28,6 @@ For everything else, we recommend a variety of email providers based on sustaina
 
     If you have the Proton Unlimited, Business, or Visionary Plan, you also get [SimpleLogin](#simplelogin) Premium for free.
 
-    **Free**
-
     [:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary }
     [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" }
     [:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Privacy Policy" }
@@ -72,8 +70,6 @@ For everything else, we recommend a variety of email providers based on sustaina
 
     **Mailbox.org** is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with 2 GB of storage, which can be upgraded as needed.
 
-    **EUR €12/year**
-
     [:octicons-home-16: Homepage](https://mailbox.org){ .md-button .md-button--primary }
     [:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Privacy Policy" }
     [:octicons-info-16:](https://kb.mailbox.org/en/private){ .card-link title=Documentation}
@@ -117,8 +113,6 @@ For everything else, we recommend a variety of email providers based on sustaina
 
     **StartMail** is an email service with a focus on security and privacy through the use of standard OpenPGP encryption. StartMail has been in operation since 2014 and is based in Boulevard 11, Zeist Netherlands. Accounts start with 10GB. They offer a 30-day trial.
 
-    **USD $59.95/year**
-
     [:octicons-home-16: Homepage](https://www.startmail.com/){ .md-button .md-button--primary }
     [:octicons-eye-16:](https://www.startmail.com/en/privacy/){ .card-link title="Privacy Policy" }
     [:octicons-info-16:](https://support.startmail.com){ .card-link title=Documentation}
@@ -155,9 +149,7 @@ For everything else, we recommend a variety of email providers based on sustaina
 
     ![Tutanota logo](assets/img/email/tutanota.svg){ align=right }
 
-    **[Tutanota.com](https://tutanota.com)** is an email service with a focus on security and privacy through the use of encryption. Tutanota has been in operation since **2011** and is based in Hanover, Germany. Accounts start with 1GB storage with their free plan.
-
-    **Free**
+    **Tutanota** is an email service with a focus on security and privacy through the use of encryption. Tutanota has been in operation since **2011** and is based in Hanover, Germany. Accounts start with 1GB storage with their free plan.
 
     [:octicons-home-16: Homepage](https://tutanota.com){ .md-button .md-button--primary }
     [:octicons-eye-16:](https://tutanota.com/privacy){ .card-link title="Privacy Policy" }
@@ -227,10 +219,11 @@ Using an aliasing service requires trusting both your email provider and your al
     ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ align=right }
     ![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ align=right }
 
-    **[AnonAddy](https://anonaddy.com)** lets you create 20 domain aliases on a shared domain for free, or unlimited "standard" aliases which are less anonymous. It has two premium plans at $12/year and $36/year which provide additional features. [Source code on GitHub](https://github.com/anonaddy/anonaddy).
+    **AnonAddy** lets you create 20 domain aliases on a shared domain for free, or unlimited "standard" aliases which are less anonymous.
 
     [:octicons-home-16: Homepage](https://anonaddy.com){ .md-button .md-button--primary }
     [:octicons-eye-16:](https://anonaddy.com/privacy/){ .card-link title="Privacy Policy" }
+    [:octicons-info-16:](https://app.anonaddy.com/docs/){ .card-link title=Documentation}
     [:octicons-code-16:](https://github.com/anonaddy){ .card-link title="Source Code" }
     [:octicons-heart-16:](https://anonaddy.com/donate/){ .card-link title=Contribute }
 
@@ -256,7 +249,7 @@ Notable free features:
 
     ![Simplelogin logo](assets/img/email/simplelogin.svg){ align=right }
 
-    **[SimpleLogin](https://simplelogin.io)** is a free service which provides email aliases on a variety of shared domain names, and optionally provides features like unlimited aliases and custom domains for $30/year. [Source code on GitHub](https://github.com/simple-login/app).
+    **SimpleLogin** is a free service which provides email aliases on a variety of shared domain names, and optionally provides paid features like unlimited aliases and custom domains.
 
     [:octicons-home-16: Homepage](https://simplelogin.io){ .md-button .md-button--primary }
     [:octicons-eye-16:](https://simplelogin.io/privacy/){ .card-link title="Privacy Policy" }

docs/encryption.en.md

@@ -300,7 +300,7 @@ When encrypting with PGP, you have the option to configure different options in
 
     ![GPG Suite logo](assets/img/encryption-software/gpgsuite.png){ align=right }
 
-    **GPG Suite** provides OpenPGP support for [Apple Mail](email-clients.md#apple-mail) and macOS. GPG Mail costs $24€ yearly for their support plan and includes a 30-day trial. For more details see the [FAQ](https://gpgtools.org/faq).
+    **GPG Suite** provides OpenPGP support for [Apple Mail](email-clients.md#apple-mail) and macOS.
 
     We recommend taking a look at their [First steps](https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email) and [Knowledge base](https://gpgtools.tenderapp.com/kb) for support.
 

docs/frontends.en.md

@@ -0,0 +1,176 @@
+---
+title: "Frontends"
+icon: material/flip-to-front
+---
+
+Sometimes services will try to force you to sign up for an account by blocking access to content with annoying popups. They might also break without JavaScript enabled. These frontends can allow you to get around these restrictions.
+
+## LBRY
+
+### Librarian
+
+!!! recommendation
+
+    ![Librarian logo](assets/img/frontends/librarian.svg#only-light){ align=right }
+    ![Librarian logo](assets/img/frontends/librarian-dark.svg#only-dark){ align=right }
+
+    **Librarian** is a free and open-source frontend for [Odysee](https://odysee.com/) (LBRY) that is also self-hostable.
+    
+    There are a number of public instances, with some instances having [Tor](https://www.torproject.org) onion services support.
+
+    [:octicons-repo-16: Repository](https://codeberg.org/librarian/librarian){ .md-button .md-button--primary }
+    [:octicons-server-16:](https://librarian.codeberg.page/){ .card-link title="Public Instances"}
+    [:octicons-info-16:](https://codeberg.org/librarian/librarian/wiki){ .card-link title=Documentation}
+    [:octicons-code-16:](https://codeberg.org/librarian/librarian){ .card-link title="Source Code" }
+
+!!! warning
+
+    Librarian does not proxy video streams by default. Videos watched through Librarian will still make direct connections to Odysee's servers (e.g. `odycdn.com`); however, some instances may enable proxying which would be detailed in the instance's privacy policy.
+
+!!! tip
+
+    Librarian is useful if you want watch LBRY content on mobile without mandatory telemetry and if you want to disable JavaScript in your browser, as is the case with [Tor Browser](https://www.torproject.org/) on the Safest security level.
+
+When self-hosting, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting Librarian, as other peoples' usage will be linked to your hosting.
+
+When you are using a Librarian instance, make sure to read the privacy policy of that specific instance. Librarian instances can be modified by their owners and therefore may not reflect the default policy. Librarian instances feature a "privacy nutrition label" to provide an overview of their policy. Some instances have Tor .onion addresses which may grant some privacy as long as your search queries don't contain PII (Personally Identifiable Information).
+
+## Twitter
+
+### Nitter
+
+!!! recommendation
+
+    ![Nitter logo](assets/img/frontends/nitter.svg){ align=right }
+
+    **Nitter** is a free and open-source frontend for [Twitter](https://twitter.com) that is also self-hostable.
+
+    There are a number of public instances, with some instances having [Tor](https://www.torproject.org) onion services support.
+
+    [:octicons-repo-16: Repository](https://github.com/zedeus/nitter){ .md-button .md-button--primary }
+    [:octicons-server-16:](https://github.com/zedeus/nitter/wiki/Instances){ .card-link title="Public Instances"}
+    [:octicons-info-16:](https://github.com/zedeus/nitter/wiki){ .card-link title=Documentation}
+    [:octicons-code-16:](https://github.com/zedeus/nitter){ .card-link title="Source Code" }
+    [:octicons-heart-16:](https://github.com/zedeus/nitter#nitter){ .card-link title=Contribute }
+
+!!! tip
+
+    Nitter is useful if you want to browser Twitter content without having to log in and if you want to disable JavaScript in your browser, as is the case with [Tor Browser](https://www.torproject.org/) on the Safest security level. It also allows you to [create RSS feeds for Twitter](news-aggregators.md#twitter).
+
+When self-hosting, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting Nitter, as other peoples' usage will be linked to your hosting.
+
+When you are using a Nitter instance, make sure to read the privacy policy of that specific instance. Nitter instances can be modified by their owners and therefore may not reflect the default policy. Some instances have Tor .onion addresses which may grant some privacy as long as your search queries don't contain PII (Personally Identifiable Information).
+
+## YouTube
+
+### FreeTube
+
+!!! recommendation
+
+    ![FreeTube logo](assets/img/frontends/freetube.svg){ align=right }
+
+    **FreeTube** is a free and open-source desktop application for [YouTube](https://youtube.com). When using FreeTube, your subscription list and playlists are saved locally on your device.
+
+    By default, FreeTube blocks all YouTube advertisements. In addition, FreeTube optionally integrates with [SponsorBlock](https://sponsor.ajay.app) to help you skip sponsored video segments.
+
+    [:octicons-home-16: Homepage](https://freetubeapp.io){ .md-button .md-button--primary }
+    [:octicons-eye-16:](https://freetubeapp.io/privacy.php){ .card-link title="Privacy Policy" }
+    [:octicons-info-16:](https://docs.freetubeapp.io/){ .card-link title=Documentation}
+    [:octicons-code-16:](https://github.com/FreeTubeApp/FreeTube){ .card-link title="Source Code" }
+    [:octicons-heart-16:](https://liberapay.com/FreeTube){ .card-link title=Contribute }
+
+    ??? downloads
+
+        - [:simple-windows11: Windows](https://freetubeapp.io/#download)
+        - [:simple-apple: macOS](https://freetubeapp.io/#download)
+        - [:simple-linux: Linux](https://freetubeapp.io/#download)
+        - [:simple-flathub: Flatpak](https://flathub.org/apps/details/io.freetubeapp.FreeTube)
+
+!!! Warning
+
+    When using FreeTube, your IP address may still be known to YouTube, [Invidious](https://instances.invidious.io) or [SponsorBlock](https://sponsor.ajay.app/) depending on your configuration. Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org) if your [threat model](basics/threat-modeling.md) requires hiding your IP address.
+
+
+### NewPipe (Android)
+
+!!! recommendation annotate
+
+    ![Newpipe logo](assets/img/frontends/newpipe.svg){ align=right }
+
+    **NewPipe** is a free and open-source Android application for [YouTube](https://youtube.com), [SoundCloud](https://soundcloud.com), [media.ccc.de](https://media.ccc.de), [Bandcamp](https://bandcamp.com), and [PeerTube](https://joinpeertube.org/) (1).
+
+    Your subscription list and playlists are saved locally on your Android device.
+
+    [:octicons-home-16: Homepage](https://newpipe.net){ .md-button .md-button--primary }
+    [:octicons-eye-16:](https://newpipe.net/legal/privacy){ .card-link title="Privacy Policy" }
+    [:octicons-info-16:](https://teamnewpipe.github.io/documentation/){ .card-link title=Documentation}
+    [:octicons-code-16:](https://github.com/TeamNewPipe/NewPipe){ .card-link title="Source Code" }
+    [:octicons-heart-16:](https://newpipe.net/donate/){ .card-link title=Contribute }
+
+    ??? downloads
+
+        - [:simple-fdroid: F-Droid](https://newpipe.net/FAQ/tutorials/install-add-fdroid-repo)
+        - [:simple-github: GitHub](https://github.com/TeamNewPipe/NewPipe/releases)
+
+1. The default instance is [FramaTube](https://framatube.org/), however more can be added via **Settings** → **Content** → **PeerTube instances**
+
+!!! note
+
+    NewPipe is available on the main [F-Droid](https://www.f-droid.org)'s repository. We recommend that you use NewPipe's own [F-Droid repository](https://newpipe.net/FAQ/tutorials/install-add-fdroid-repo) instead to get faster updates.
+
+!!! Warning
+    
+    When using NewPipe, your IP address will be visible to the video providers used. Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org) if your [threat model](basics/threat-modeling.md) requires hiding your IP address.
+
+### Invidious
+
+!!! recommendation
+
+    ![Invidious logo](assets/img/frontends/invidious.svg#only-light){ align=right }
+    ![Invidious logo](assets/img/frontends/invidious-dark.svg#only-dark){ align=right }
+
+    **Invidious** is a free and open-source frontend for [YouTube](https://youtube.com) that is also self-hostable.
+
+    There are a number of public instances, with some instances having [Tor](https://www.torproject.org) onion services support.
+
+    [:octicons-home-16: Homepage](https://invidious.io){ .md-button .md-button--primary }
+    [:octicons-server-16:](https://instances.invidious.io){ .card-link title="Public Instances"}
+    [:octicons-info-16:](https://docs.invidious.io/){ .card-link title=Documentation}
+    [:octicons-code-16:](https://github.com/iv-org/invidious){ .card-link title="Source Code" }
+    [:octicons-heart-16:](https://invidious.io/donate/){ .card-link title=Contribute }
+
+!!! warning
+
+    Invidious does not proxy video streams by default. Videos watched through Invidious will still make direct connections to Google's servers (e.g. `googlevideo.com`); however, some instances support video proxying—simply enable *Proxy videos* within the instances' settings or add `&local=true` to the URL.
+
+!!! tip
+
+    Invidious is useful if you want to disable JavaScript in your browser, such as [Tor Browser](https://www.torproject.org/) on the Safest security level. It does not provide privacy by itself, and we don’t recommend logging into any accounts.
+
+When self-hosting, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting Invidious, as other peoples' usage will be linked to your hosting.
+
+When you are using an Invidious instance, make sure to read the privacy policy of that specific instance. Invidious instances can be modified by their owners and therefore may not reflect their associated privacy policy. Some instances have Tor .onion addresses which may grant some privacy as long as your search queries don't contain PII (Personally Identifiable Information).
+
+### Piped
+
+!!! recommendation
+
+    ![Piped logo](assets/img/frontends/piped.svg){ align=right }
+
+    **Piped** is a free and open-source frontend for [YouTube](https://youtube.com) that is also self-hostable.
+
+    Piped requires JavaScript in order to function and there are a number of public instances.
+
+    [:octicons-repo-16: Repository](https://github.com/TeamPiped/Piped){ .md-button .md-button--primary }
+    [:octicons-server-16:](https://piped.kavin.rocks/preferences#ddlInstanceSelection){ .card-link title="Public Instances"}
+    [:octicons-info-16:](https://piped-docs.kavin.rocks/){ .card-link title=Documentation}
+    [:octicons-code-16:](https://github.com/TeamPiped/Piped){ .card-link title="Source Code" }
+    [:octicons-heart-16:](https://github.com/TeamPiped/Piped#donations){ .card-link title=Contribute }
+
+!!! tip
+
+    Piped is useful if you want to use [SponsorBlock](https://sponsor.ajay.app) without installing an extension or to access age-restricted content without an account. It does not provide privacy by itself, and we don’t recommend logging into any accounts.
+
+When self-hosting, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting Piped, as other peoples' usage will be linked to your hosting.
+
+When you are using a Piped instance, make sure to read the privacy policy of that specific instance. Piped instances can be modified by their owners and therefore may not reflect their associated privacy policy.

docs/index.en.md

@@ -32,29 +32,19 @@ Trying to protect all your data from everyone all the time is impractical, expen
 </div>
 </div>
 
-<div style="padding-top:5em;max-width:960px;margin:auto;text-align:center;" markdown>
+<div style="padding:3em;max-width:960px;margin:auto;text-align:center;" markdown>
 ## We need you! Here's how to get involved
 
 It's important for a website like Privacy Guides to always stay up-to-date. We need our audience to keep an eye on software updates for the applications listed on our site and follow recent news about providers that we recommend. It's hard to keep up with the fast pace of the internet, but we try our best. If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know.
-</div>
+
 <div class="grid cards" style="margin:auto;max-width:800px;text-align:center;" markdown>
 
 - [:simple-reddit: Join the r/PrivacyGuides Subreddit](https://www.reddit.com/r/privacyguides)
 - [:simple-mastodon: Follow us on Mastodon](https://mastodon.social/@privacyguides){ rel=me }
 - [:material-book-edit: Contribute to this website](https://github.com/privacyguides/privacyguides.org)
 - [:simple-matrix: Chat with us on Matrix](https://matrix.to/#/#privacyguides:matrix.org)
-
-</div>
-<div style="padding:3em;text-align:center;" markdown>
-## About Privacy Guides
-
-**Privacy Guides** is a non-profit, socially motivated website that provides information for protecting your data security and privacy.
-
-We do not make money from recommending certain products, and we do not use affiliate links.
-<div class="grid cards" style="margin:auto;max-width:800px;text-align:center;" markdown>
-
-- [:material-information-outline: Learn More About Us](about/)
-- [:material-hand-coin-outline: Donation Info & Project Backers](about/donate/)
+- [:material-information-outline: Learn More About Us](about.md)
+- [:material-hand-coin-outline: Support the Project](about/donate.md)
 
 </div>
 </div>

docs/multi-factor-authentication.en.md

@@ -65,7 +65,7 @@ Nitrokey's firmware is open-source, unlike the YubiKey. The firmware on modern N
 
 Authenticator Apps implement a security standard adopted by the Internet Engineering Task Force (IETF) called **Time-based One-time Passwords**, or **TOTP**. This is a method where websites share a secret with you which is used by your authenticator app to generate a six (usually) digit code based on the current time, which you enter while logging in for the website to check. Typically these codes are regenerated every 30 seconds, and once a new code is generated the old one becomes useless. Even if a hacker gets one six-digit code, there is no way for them to reverse that code to get the original secret or otherwise be able to predict what any future codes might be.
 
-We highly recommend that you use mobile TOTP apps instead of desktop alternatives as Android and IOS have better security and app isolation than most desktop operating systems.
+We highly recommend that you use mobile TOTP apps instead of desktop alternatives as Android and iOS have better security and app isolation than most desktop operating systems.
 
 ### Aegis Authenticator
 

docs/notebooks.en.md

@@ -15,7 +15,7 @@ If you are currently using an application like Evernote, Google Keep, or Microso
 
     ![EteSync Notes logo](assets/img/notebooks/etesync-notes.png){ align=right }
 
-    **EteSync Notes** is a secure, end-to-end encrypted, and privacy-respecting note taking app. EteSync also offers optional software as a service for [$24 per year](https://dashboard.etebase.com/user/partner/pricing/), or you can host the server yourself for free.
+    **EteSync Notes** is a secure, end-to-end encrypted, and privacy-respecting note taking app. EteSync also offers optional [software as a service](https://dashboard.etebase.com/user/partner/pricing/), or you can host the server yourself for free.
 
     [etebase](https://docs.etebase.com), which is the foundation of EteSync, can also be used by other apps as a backend to store data end-to-end encrypted (E2EE).
 
@@ -64,7 +64,7 @@ Joplin does not support password/pin protection for the [application itself or i
 
     ![Standard Notes logo](assets/img/notebooks/standard-notes.svg){ align=right }
 
-    Standard Notes is a simple and private notes app that makes your notes easy and available everywhere you are. It features E2EE on every platform, and a powerful desktop experience with themes and custom editors. It has also been [independently audited (PDF)](https://s3.amazonaws.com/standard-notes/security/Report-SN-Audit.pdf).
+    **Standard Notes** is a simple and private notes app that makes your notes easy and available everywhere you are. It features E2EE on every platform, and a powerful desktop experience with themes and custom editors. It has also been [independently audited (PDF)](https://s3.amazonaws.com/standard-notes/security/Report-SN-Audit.pdf).
 
     [:octicons-home-16: Homepage](https://standardnotes.com){ .md-button .md-button--primary }
     [:octicons-eye-16:](https://standardnotes.com/privacy){ .card-link title="Privacy Policy" }
@@ -90,7 +90,7 @@ Joplin does not support password/pin protection for the [application itself or i
 
     ![Org-mode logo](assets/img/notebooks/org-mode.svg){ align=right }
 
-    **Org-mode** is a [major mode](https://www.gnu.org/software/emacs/manual/html_node/elisp/Major-Modes.html) for GNU Emacs. Org-mode is for keeping notes, maintaining TODO lists, planning projects, and authoring documents with a fast and effective plain-text system. Synchronization is possible with [file synchronization](/file-sharing/#file-sync) tools.
+    **Org-mode** is a [major mode](https://www.gnu.org/software/emacs/manual/html_node/elisp/Major-Modes.html) for GNU Emacs. Org-mode is for keeping notes, maintaining TODO lists, planning projects, and authoring documents with a fast and effective plain-text system. Synchronization is possible with [file synchronization](file-sharing.md#file-sync) tools.
 
     [:octicons-home-16: Homepage](https://orgmode.org){ .md-button .md-button--primary }
     [:octicons-info-16:](https://orgmode.org/manuals.html){ .card-link title=Documentation}

docs/productivity.en.md

@@ -74,10 +74,6 @@ For other platforms, consider below:
 
 ## Paste services
 
-!!! warning
-
-    Encrypted Pastebin websites like the ones recommended here use JavaScript to handle encryption, so you must trust the provider to the extent that they do not inject any malicious JavaScript to get your private key. Consider self-hosting to mitigate this threat.
-
 ### PrivateBin
 
 !!! recommendation

docs/real-time-communication.en.md

@@ -70,8 +70,6 @@ Profile pictures, reactions, and nicknames are not encrypted.
 
 Group voice and video calls are [not](https://github.com/vector-im/element-web/issues/12878) E2EE, and use Jitsi, but this is expected to change with [Native Group VoIP Signalling](https://github.com/matrix-org/matrix-doc/pull/3401). Group calls have [no authentication](https://github.com/vector-im/element-web/issues/13074) currently, meaning that non-room participants can also join the calls. We recommend that you do not use this feature for private meetings.
 
-When using [element-web](https://github.com/vector-im/element-web), you must trust the server hosting the Element client. If your [threat model](basics/threat-modeling.md) requires stronger protection, then use a desktop or mobile client instead.
-
 The protocol was independently [audited](https://matrix.org/blog/2016/11/21/matrixs-olm-end-to-end-encryption-security-assessment-released-and-implemented-cross-platform-on-riot-at-last) in 2016. The specification for the Matrix protocol can be found in their [documentation](https://spec.matrix.org/latest/). The [Olm](https://matrix.org/docs/projects/other/olm) cryptographic ratchet used by Matrix is an implementation of Signal’s [Double Ratchet algorithm](https://signal.org/docs/specifications/doubleratchet/).
 
 ### Session

docs/real-time-communication/communication-network-types.en.md

@@ -76,7 +76,7 @@ P2P networks do not use servers, as peers communicate directly between each othe
 - Messages can only be sent when both peers are online, however, your client may store messages locally to wait for the contact to return online.
 - Generally increases battery usage on mobile devices, because the client must stay connected to the distributed network to learn about who is online.
 - Some common messenger features may not be implemented or incompletely, such as message deletion.
-- Your IP address and that of the contacts you're communicating with may be exposed if you do not use the software in conjunction with a [VPN](vpn.md) or [Tor](tor.md). Many countries have some form of mass surveillance and/or metadata retention.
+- Your IP address and that of the contacts you're communicating with may be exposed if you do not use the software in conjunction with a [VPN](../vpn.md) or [Tor](../tor.md). Many countries have some form of mass surveillance and/or metadata retention.
 
 ## Anonymous Routing
 

docs/real-time-communication/signal-configuration-hardening.en.md

@@ -192,7 +192,7 @@ Signal takes security very seriously, however there is only so much an app can d
 
 It is very important to take device security on both ends into account to ensure that your conversations are kept private.
 
-We recommend an up-to-date [GrapheneOS](/android/#grapheneos) or iOS device.
+We recommend an up-to-date [GrapheneOS](../android.md#grapheneos) or iOS device.
 
 ### Molly (Android)
 
@@ -255,6 +255,6 @@ You can find a full list of Molly's [features](https://github.com/mollyim/mollyi
 #### Caveats
 
 - Molly does not support SMS messages within the app, unlike the official Signal app.
-- Molly removes Signal's Mobilecoin integration.
-- Molly is updated every two weeks to include the latest features and bug fixes from Signal. The exception is security issues, that are patched as soon as possible. That said, you should be aware that there might be a slight delay compared to upstream.
+- Molly removes Signal's MobileCoin integration.
+- Molly is updated every two weeks to include the latest features and bug fixes from Signal. The exception is security issues, which are patched as soon as possible. That said, you should be aware that there might be a slight delay compared to upstream.
 - By using Molly, you are extending your trust to another party, as you now need to trust the Signal team, as well as the Molly team.

docs/tools.en.md

@@ -252,18 +252,20 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 [Learn more :material-arrow-right-drop-circle:](calendar-contacts.md)
 
-### Notebooks
+### Data and Metadata Redaction
 
 <div class="grid cards" markdown>
 
-- ![EteSync Notes logo](assets/img/notebooks/etesync-notes.png){ .twemoji } [EteSync Notes](notebooks.md#etesync-notes)
-- ![Joplin logo](assets/img/notebooks/joplin.svg){ .twemoji } [Joplin](notebooks.md#joplin)
-- ![Standard Notes logo](assets/img/notebooks/standard-notes.svg){ .twemoji } [Standard Notes](notebooks.md#standard-notes)
-- ![Org-mode logo](assets/img/notebooks/org-mode.svg){ .twemoji } [Org-mode](notebooks.md#org-mode)
+- ![ExifCleaner logo](assets/img/data-redaction/exifcleaner.svg){ .twemoji } [ExifCleaner](data-redaction.md#exifcleaner)
+- ![MAT2 logo](assets/img/data-redaction/mat2.svg){ .twemoji } [MAT2](data-redaction.md#mat2)
+- ![ExifEraser logo](assets/img/data-redaction/exiferaser.svg){ .twemoji } [ExifEraser (Android)](data-redaction.md#exiferaser-android)
+- ![Metapho logo](assets/img/data-redaction/metapho.jpg){ .twemoji } [Metapho (iOS)](data-redaction.md#metapho-ios)
+- ![PrivacyBlur logo](assets/img/data-redaction/privacyblur.svg){ .twemoji } [PrivacyBlur](data-redaction.md#privacyblur)
+- ![ExifTool logo](assets/img/data-redaction/exiftool.png){ .twemoji } [ExifTool (CLI)](data-redaction.md#exiftool)
 
 </div>
 
-[Learn more :material-arrow-right-drop-circle:](notebooks.md)
+[Learn more :material-arrow-right-drop-circle:](data-redaction.md)
 
 ### Email Clients
 
@@ -317,7 +319,7 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 [Learn more :material-arrow-right-drop-circle:](encryption.md#openpgp)
 
-### File Sharing
+### File Sharing and Sync
 
 <div class="grid cards" markdown>
 
@@ -329,20 +331,20 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 [Learn more :material-arrow-right-drop-circle:](file-sharing.md)
 
-### Data and Metadata Redaction
+### Frontends
 
 <div class="grid cards" markdown>
 
-- ![ExifCleaner logo](assets/img/data-redaction/exifcleaner.svg){ .twemoji } [ExifCleaner](data-redaction.md#exifcleaner)
-- ![MAT2 logo](assets/img/data-redaction/mat2.svg){ .twemoji } [MAT2](data-redaction.md#mat2)
-- ![ExifEraser logo](assets/img/data-redaction/exiferaser.svg){ .twemoji } [ExifEraser (Android)](data-redaction.md#exiferaser-android)
-- ![Metapho logo](assets/img/data-redaction/metapho.jpg){ .twemoji } [Metapho (iOS)](data-redaction.md#metapho-ios)
-- ![PrivacyBlur logo](assets/img/data-redaction/privacyblur.svg){ .twemoji } [PrivacyBlur](data-redaction.md#privacyblur)
-- ![ExifTool logo](assets/img/data-redaction/exiftool.png){ .twemoji } [ExifTool (CLI)](data-redaction.md#exiftool)
+- ![Librarian logo](assets/img/frontends/librarian.svg#only-light){ .twemoji }![Librarian logo](assets/img/frontends/librarian-dark.svg#only-dark){ .twemoji } [Librarian (LBRY, Web)](frontends.md#librarian)
+- ![Nitter logo](assets/img/frontends/nitter.svg){ .twemoji } [Nitter (Twitter, Web)](frontends.md#nitter)
+- ![FreeTube logo](assets/img/frontends/freetube.svg){ .twemoji } [FreeTube (YouTube, Desktop)](frontends.md#freetube)
+- ![NewPipe logo](assets/img/frontends/newpipe.svg){ .twemoji } [NewPipe (YouTube, Android)](frontends.md#newpipe-android)
+- ![Invidious logo](assets/img/frontends/invidious.svg#only-light){ .twemoji }![Invidious logo](assets/img/frontends/invidious-dark.svg#only-dark){ .twemoji } [Invidious (YouTube, Web)](frontends.md#invidious)
+- ![Piped logo](assets/img/frontends/piped.svg){ .twemoji } [Piped (YouTube, Web)](frontends.md#piped)
 
 </div>
 
-[Learn more :material-arrow-right-drop-circle:](data-redaction.md)
+[Learn more :material-arrow-right-drop-circle:](frontends.md)
 
 ### Multi-Factor Authentication Tools
 
@@ -357,6 +359,35 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 [Learn more :material-arrow-right-drop-circle:](multi-factor-authentication.md)
 
+### News Aggregators
+
+<div class="grid cards" markdown>
+
+- ![Akregator logo](assets/img/news-aggregators/akregator.svg){ .twemoji } [Akregator](news-aggregators.md#akregator)
+- ![Feeder logo](assets/img/news-aggregators/feeder.png){ .twemoji} [Feeder](news-aggregators.md#feeder)
+- ![Fluent Reader logo](assets/img/news-aggregators/fluent-reader.svg){ .twemoji } [Fluent Reader](news-aggregators.md#fluent-reader)
+- ![GNOME Feeds logo](assets/img/news-aggregators/gfeeds.svg){ .twemoji } [GNOME Feeds](news-aggregators.md#gnome-feeds)
+- ![Miniflux logo](assets/img/news-aggregators/miniflux.svg#only-light){ .twemoji }![Miniflux logo](assets/img/news-aggregators/miniflux-dark.svg#only-dark){ .twemoji } [Miniflux](news-aggregators.md#miniflux)
+- ![NetNewsWire logo](assets/img/news-aggregators/netnewswire.png){ .twemoji } [NetNewsWire](news-aggregators.md#netnewswire)
+- ![Newsboat logo](assets/img/news-aggregators/newsboat.svg){ .twemoji } [Newsboat](news-aggregators.md#newsboat)
+
+</div>
+
+[Learn more :material-arrow-right-drop-circle:](news-aggregators.md)
+
+### Notebooks
+
+<div class="grid cards" markdown>
+
+- ![EteSync Notes logo](assets/img/notebooks/etesync-notes.png){ .twemoji } [EteSync Notes](notebooks.md#etesync-notes)
+- ![Joplin logo](assets/img/notebooks/joplin.svg){ .twemoji } [Joplin](notebooks.md#joplin)
+- ![Standard Notes logo](assets/img/notebooks/standard-notes.svg){ .twemoji } [Standard Notes](notebooks.md#standard-notes)
+- ![Org-mode logo](assets/img/notebooks/org-mode.svg){ .twemoji } [Org-mode](notebooks.md#org-mode)
+
+</div>
+
+[Learn more :material-arrow-right-drop-circle:](notebooks.md)
+
 ### Password Managers
 
 <div class="grid cards" markdown>
@@ -399,32 +430,11 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 [Learn more :material-arrow-right-drop-circle:](real-time-communication.md)
 
-### News Aggregators
-
-<div class="grid cards" markdown>
-
-- ![Akregator logo](assets/img/news-aggregators/akregator.svg){ .twemoji } [Akregator](news-aggregators.md#akregator)
-- ![Feeder logo](assets/img/news-aggregators/feeder.png){ .twemoji} [Feeder](news-aggregators.md#feeder)
-- ![Fluent Reader logo](assets/img/news-aggregators/fluent-reader.svg){ .twemoji } [Fluent Reader](news-aggregators.md#fluent-reader)
-- ![GNOME Feeds logo](assets/img/news-aggregators/gfeeds.svg){ .twemoji } [GNOME Feeds](news-aggregators.md#gnome-feeds)
-- ![Miniflux logo](assets/img/news-aggregators/miniflux.svg#only-light){ .twemoji }![Miniflux logo](assets/img/news-aggregators/miniflux-dark.svg#only-dark){ .twemoji } [Miniflux](news-aggregators.md#miniflux)
-- ![NetNewsWire logo](assets/img/news-aggregators/netnewswire.png){ .twemoji } [NetNewsWire](news-aggregators.md#netnewswire)
-- ![Newsboat logo](assets/img/news-aggregators/newsboat.svg){ .twemoji } [Newsboat](news-aggregators.md#newsboat)
-
-</div>
-
-[Learn more :material-arrow-right-drop-circle:](news-aggregators.md)
-
 ### Video Streaming Clients
 
 <div class="grid cards" markdown>
 
-- ![FreeTube logo](assets/img/video-streaming/freetube.svg){ .twemoji } [FreeTube (YouTube, Desktop)](video-streaming.md#freetube)
 - ![LBRY logo](assets/img/video-streaming/lbry.svg){ .twemoji } [LBRY](video-streaming.md#lbry)
-- ![NewPipe logo](assets/img//video-streaming/newpipe.svg){ .twemoji } [NewPipe (YouTube, Android)](video-streaming.md#newpipe)
-- ![Invidious logo](assets/img/video-streaming/invidious.svg#only-light){ .twemoji }![Invidious logo](assets/img/video-streaming/invidious-dark.svg#only-dark){ .twemoji } [Invidious (YouTube, Web)](video-streaming.md#invidious)
-- ![Librarian logo](assets/img/video-streaming/librarian.svg#only-light){ .twemoji }![Librarian logo](assets/img/video-streaming/librarian-dark.svg#only-dark){ .twemoji } [Librarian (LBRY, Web)](video-streaming.md#librarian)
-- ![Piped logo](assets/img/video-streaming/piped.svg){ .twemoji } [Piped (YouTube, Web)](video-streaming.md#piped)
 
 </div>
 

docs/video-streaming.en.md

@@ -6,33 +6,6 @@ The primary threat when using a video streaming platform is that your streaming
 
 ## Clients
 
-### FreeTube
-
-!!! recommendation
-
-    ![FreeTube logo](assets/img/video-streaming/freetube.svg){ align=right }
-
-    **FreeTube** is a free and open-source desktop application for [YouTube](https://youtube.com). When using FreeTube, your subscription list and playlists are saved locally on your device.
-
-    By default, FreeTube blocks all YouTube advertisements. In addition, FreeTube optionally integrates with [SponsorBlock](https://sponsor.ajay.app) to help you skip sponsored video segments.
-
-    [:octicons-home-16: Homepage](https://freetubeapp.io){ .md-button .md-button--primary }
-    [:octicons-eye-16:](https://freetubeapp.io/privacy.php){ .card-link title="Privacy Policy" }
-    [:octicons-info-16:](https://docs.freetubeapp.io/){ .card-link title=Documentation}
-    [:octicons-code-16:](https://github.com/FreeTubeApp/FreeTube){ .card-link title="Source Code" }
-    [:octicons-heart-16:](https://liberapay.com/FreeTube){ .card-link title=Contribute }
-
-    ??? downloads
-
-        - [:simple-windows11: Windows](https://freetubeapp.io/#download)
-        - [:simple-apple: macOS](https://freetubeapp.io/#download)
-        - [:simple-linux: Linux](https://freetubeapp.io/#download)
-        - [:simple-flathub: Flatpak](https://flathub.org/apps/details/io.freetubeapp.FreeTube)
-
-!!! Warning
-
-    When using FreeTube, your IP address may still be known to YouTube, [Invidious](https://instances.invidious.io) or [SponsorBlock](https://sponsor.ajay.app/) depending on your configuration. Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org) if your [threat model](basics/threat-modeling.md) requires hiding your IP address.
-
 ### LBRY
 
 !!! recommendation
@@ -64,118 +37,4 @@ The primary threat when using a video streaming platform is that your streaming
 
 We recommend **against** synchronizing your wallet with LBRY Inc., as synchronizing encrypted wallets is not supported yet. If you synchronize your wallet with LBRY Inc., you have to trust them to not look at your subscription list, [LBC](https://lbry.com/faq/earn-credits) funds, or take control of your channel.
 
-You can disable *Save hosting data to help the LBRY network* option in :gear: **Settings** → **Advanced Settings**, to avoid exposing your IP address and watched videos when using LBRY for a prolonged period of time.
-
-### NewPipe
-
-!!! recommendation annotate
-
-    ![Newpipe logo](assets/img//video-streaming/newpipe.svg){ align=right }
-
-    **NewPipe** is a free and open-source Android application for [YouTube](https://youtube.com), [SoundCloud](https://soundcloud.com), [media.ccc.de](https://media.ccc.de), [Bandcamp](https://bandcamp.com), and [PeerTube](https://joinpeertube.org/) (1).
-
-    Your subscription list and playlists are saved locally on your Android device.
-
-    [:octicons-home-16: Homepage](https://newpipe.net){ .md-button .md-button--primary }
-    [:octicons-eye-16:](https://newpipe.net/legal/privacy){ .card-link title="Privacy Policy" }
-    [:octicons-info-16:](https://teamnewpipe.github.io/documentation/){ .card-link title=Documentation}
-    [:octicons-code-16:](https://github.com/TeamNewPipe/NewPipe){ .card-link title="Source Code" }
-    [:octicons-heart-16:](https://newpipe.net/donate/){ .card-link title=Contribute }
-
-    ??? downloads
-
-        - [:simple-fdroid: F-Droid](https://newpipe.net/FAQ/tutorials/install-add-fdroid-repo)
-        - [:simple-github: GitHub](https://github.com/TeamNewPipe/NewPipe/releases)
-
-1. The default instance is [FramaTube](https://framatube.org/), however more can be added via **Settings** → **Content** → **PeerTube instances**
-
-!!! note
-
-    NewPipe is available on the main [F-Droid](https://www.f-droid.org)'s repository. We recommend that you use NewPipe's own [F-Droid repository](https://newpipe.net/FAQ/tutorials/install-add-fdroid-repo) instead to get faster updates.
-
-!!! Warning
-    
-    When using NewPipe, your IP address will be visible to the video providers used. Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org) if your [threat model](basics/threat-modeling.md) requires hiding your IP address.
-
-## Web-based frontends
-
-### Invidious
-
-!!! recommendation
-
-    ![Invidious logo](assets/img/video-streaming/invidious.svg#only-light){ align=right }
-    ![Invidious logo](assets/img/video-streaming/invidious-dark.svg#only-dark){ align=right }
-
-    **Invidious** is a free and open-source frontend for YouTube that is also self-hostable.
-
-    There are a number of public instances, with some instances having [Tor](https://www.torproject.org) onion services support.
-
-    [:octicons-home-16: Homepage](https://invidious.io){ .md-button .md-button--primary }
-    [:octicons-server-16:](https://instances.invidious.io){ .card-link title="Public Instances"}
-    [:octicons-info-16:](https://docs.invidious.io/){ .card-link title=Documentation}
-    [:octicons-code-16:](https://github.com/iv-org/invidious){ .card-link title="Source Code" }
-    [:octicons-heart-16:](https://invidious.io/donate/){ .card-link title=Contribute }
-
-!!! warning
-
-    Invidious does not proxy video streams by default. Videos watched through Invidious will still make direct connections to Google's servers (e.g. `googlevideo.com`); however, some instances support video proxying—simply enable *Proxy videos* within the instances' settings or add `&local=true` to the URL.
-
-!!! tip
-
-    Invidious is useful if you want to disable JavaScript in your browser, such as [Tor Browser](https://www.torproject.org/) on the Safest security level. It does not provide privacy by itself, and we don’t recommend logging into any accounts.
-
-When self-hosting, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting Invidious, as other peoples' usage will be linked to your hosting.
-
-When you are using an Invidious instance, make sure to read the privacy policy of that specific instance. Invidious instances can be modified by their owners and therefore may not reflect their associated privacy policy. Some instances have Tor .onion addresses which may grant some privacy as long as your search queries don't contain PII (Personally Identifiable Information).
-
-### Librarian
-
-!!! recommendation
-
-    ![Librarian logo](assets/img/video-streaming/librarian.svg#only-light){ align=right }
-    ![Librarian logo](assets/img/video-streaming/librarian-dark.svg#only-dark){ align=right }
-
-    **Librarian** is a free and open-source frontend for the LBRY/Odysee video sharing network that is also self-hostable.
-    
-    There are a number of public instances, with some instances having [Tor](https://www.torproject.org) onion services support.
-
-    [:octicons-repo-16: Repository](https://codeberg.org/librarian/librarian){ .md-button .md-button--primary }
-    [:octicons-server-16:](https://librarian.codeberg.page/){ .card-link title="Public Instances"}
-    [:octicons-info-16:](https://codeberg.org/librarian/librarian/wiki){ .card-link title=Documentation}
-    [:octicons-code-16:](https://codeberg.org/librarian/librarian){ .card-link title="Source Code" }
-
-!!! warning
-
-    Librarian does not proxy video streams by default. Videos watched through Librarian will still make direct connections to Odysee's servers (e.g. `odycdn.com`); however, some instances may enable proxying which would be detailed in the instance's privacy policy.
-
-!!! tip
-
-    Librarian is useful if you want watch LBRY content on mobile without mandatory telemetry and if you want to disable JavaScript in your browser, as is the case with [Tor Browser](https://www.torproject.org/) on the Safest security level.
-
-When self-hosting, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting Librarian, as other peoples' usage will be linked to your hosting.
-
-When you are using a Librarian instance, make sure to read the privacy policy of that specific instance. Librarian instances can be modified by their owners and therefore may not reflect the default policy. Librarian instances feature a "privacy nutrition label" to provide an overview of their policy. Some instances have Tor .onion addresses which may grant some privacy as long as your search queries don't contain PII (Personally Identifiable Information).
-
-### Piped
-
-!!! recommendation
-
-    ![Piped logo](assets/img/video-streaming/piped.svg){ align=right }
-
-    **Piped** is a free and open-source frontend for YouTube that is also self-hostable.
-
-    Piped requires JavaScript in order to function and there are a number of public instances.
-
-    [:octicons-repo-16: Repository](https://github.com/TeamPiped/Piped){ .md-button .md-button--primary }
-    [:octicons-server-16:](https://piped.kavin.rocks/preferences#ddlInstanceSelection){ .card-link title="Public Instances"}
-    [:octicons-info-16:](https://piped-docs.kavin.rocks/){ .card-link title=Documentation}
-    [:octicons-code-16:](https://github.com/TeamPiped/Piped){ .card-link title="Source Code" }
-    [:octicons-heart-16:](https://github.com/TeamPiped/Piped#donations){ .card-link title=Contribute }
-
-!!! tip
-
-    Piped is useful if you want to use [SponsorBlock](https://sponsor.ajay.app) without installing an extension or to access age-restricted content without an account. It does not provide privacy by itself, and we don’t recommend logging into any accounts.
-
-When self-hosting, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting Piped, as other peoples' usage will be linked to your hosting.
-
-When you are using a Piped instance, make sure to read the privacy policy of that specific instance. Piped instances can be modified by their owners and therefore may not reflect their associated privacy policy.
+You can disable *Save hosting data to help the LBRY network* option in :gear: **Settings** → **Advanced Settings**, to avoid exposing your IP address and watched videos when using LBRY for a prolonged period of time.

docs/vpn.en.md

@@ -35,22 +35,18 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic.
 
     **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option.
 
-    **Free** — **Plus Plan USD $71.88/year** (1)
-
     [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary }
     [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" }
     [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation}
     [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" }
 
-1. A further 10% is discounted with a 2-year subscription ($119.76).
-
 ??? check annotate "64 Countries"
 
     Proton VPN has [servers in 64 countries](https://protonvpn.com/vpn-servers) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
 
     We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).
 
-1. As of 2022/05/17
+1. Last checked: 2022-09-16
 
 ??? check "Independently Audited"
 
@@ -90,20 +86,18 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic.
 
     **IVPN** is another premium VPN provider, and they have been in operation since 2009. IVPN is based in Gibraltar.
 
-    **Standard USD $60/year** — **Pro USD $100/year**
-
     [:octicons-home-16: Homepage](https://www.ivpn.net/){ .md-button .md-button--primary }
     [:octicons-eye-16:](https://www.ivpn.net/privacy/){ .card-link title="Privacy Policy" }
     [:octicons-info-16:](https://www.ivpn.net/knowledgebase/general/){ .card-link title=Documentation}
     [:octicons-code-16:](https://github.com/ivpn){ .card-link title="Source Code" }
 
-??? check annotate "32 Countries"
+??? check annotate "34 Countries"
 
-    IVPN has [servers in 32 countries](https://www.ivpn.net/server-locations) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
+    IVPN has [servers in 34 countries](https://www.ivpn.net/server-locations) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
 
     We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).
 
-1. As of 2022/05/17
+1. Last checked: 2022-09-16
 
 ??? check "Independently Audited"
 
@@ -143,21 +137,19 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic.
 
     **Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since **2009**. Mullvad is based in Sweden and does not have a free trial.
 
-    **EUR €60/year**
-
     [:octicons-home-16: Homepage](https://mullvad.net){ .md-button .md-button--primary }
     [:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Service" }
     [:octicons-eye-16:](https://mullvad.net/en/help/privacy-policy/){ .card-link title="Privacy Policy" }
     [:octicons-info-16:](https://mullvad.net/en/help/){ .card-link title=Documentation}
     [:octicons-code-16:](https://github.com/mullvad){ .card-link title="Source Code" }
 
-??? check annotate "38 Countries"
+??? check annotate "39 Countries"
 
-    Mullvad has [servers in 38 countries](https://mullvad.net/servers/) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
+    Mullvad has [servers in 39 countries](https://mullvad.net/servers/) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
 
     We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).
 
-1. As of 2022/05/17
+1. Last checked: 2022-09-16
 
 ??? check "Independently Audited"
 

includes/abbreviations.en.md

@@ -10,6 +10,8 @@
 *[DNSSEC]: Domain Name System Security Extensions
 *[DNS]: Domain Name System
 *[DoH]: DNS over HTTPS
+*[DoQ]: DNS over QUIC
+*[DoH3]: DNS over HTTP/3
 *[DoT]: DNS over TLS
 *[E2EE]: End-to-End Encryption/Encrypted
 *[ECS]: EDNS Client Subnet

mkdocs.production.yml

@@ -40,7 +40,7 @@ extra:
         - icon: material/robot-confused
           name: This page could be improved
           data: Needs Improvement
-          note: Thanks for your feedback! Help us improve this page by opening a <a href="https://github.com/orgs/privacyguides/discussions" target=_blank>discusson on GitHub</a>.
+          note: Thanks for your feedback! Help us improve this page by opening a <a href="https://github.com/privacyguides/privacyguides.org/discussions" target=_blank>discussion on GitHub</a>.
 
 theme:
   features:

mkdocs.yml

@@ -168,6 +168,7 @@ nav:
       - 'email-clients.md'
       - 'encryption.md'
       - 'file-sharing.md'
+      - 'frontends.md'
       - 'multi-factor-authentication.md'
       - 'news-aggregators.md'
       - 'notebooks.md'
@@ -180,6 +181,7 @@ nav:
     - 'coc.md'
     - 'about/donate.md'
     - 'Online Services': 'https://privacyguides.net'
+    - 'about/privacytools.md'
     - 'Website Statistics': 'https://stats.privacyguides.net/privacyguides.org'
     - 'about/notices.md'
     - 'about/privacy-policy.md'