Mention disabling crash reports (#1940)

Signed-off-by: Daniel Gray <dngray@privacyguides.org>

.github/ISSUE_TEMPLATE/config.yml

@@ -1,7 +1,10 @@
 contact_links:
   - name: Suggest a New Provider or Software
-    url: https://discuss.privacyguides.org/c/suggestions
+    url: https://discuss.privacyguides.org/c/site-development/suggestions
     about: Suggest something new for us to look at, or something we should remove.
+  - name: Suggest a Guide
+    url: https://discuss.privacyguides.net/c/site-development/guide-suggestions
+    about: Suggest an area where you think guidance might be required.
   - name: Ask a Question
     url: https://discuss.privacyguides.org/c/questions
     about: Let us know if something doesn't make sense!

.github/workflows/crowdin.yml

@@ -15,7 +15,7 @@ jobs:
       uses: actions/checkout@v3
 
     - name: crowdin action
-      uses: crowdin/github-action@1.5.1
+      uses: crowdin/github-action@1.5.2
       with:
         upload_sources: true
         upload_sources_args: '--auto-update --delete-obsolete'

.github/workflows/pages.yml

@@ -37,7 +37,7 @@ jobs:
           python-version: '3.10'
       
       - name: Cache files
-        uses: actions/cache@v3.0.11
+        uses: actions/cache@v3.2.3
         with:
           key: ${{ github.ref }}
           path: .cache

docs/android.en.md

@@ -308,7 +308,7 @@ If you download APK files to install manually, you can verify their signature wi
 
 ![F-Droid logo](assets/img/android/f-droid.svg){ align=right width=120px }
 
-==We do **not** currently recommend F-Droid as a way to obtain apps.== F-Droid is often recommended as an alternative to Google Play, particularly in the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds/) for some applications and is dedicated to free and open-source software. However, there are [notable problems](https://wonderfall.dev/fdroid-issues/) with the official F-Droid client, their quality control, and how they build, sign, and deliver packages.
+==We do **not** currently recommend F-Droid as a way to obtain apps.== F-Droid is often recommended as an alternative to Google Play, particularly in the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds/) for some applications and is dedicated to free and open-source software. However, there are [notable problems](https://privsec.dev/posts/android/f-droid-security-issues/) with the official F-Droid client, their quality control, and how they build, sign, and deliver packages.
 
 Due to their process of building apps, apps in the official F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust.
 

docs/assets/img/frontends/proxitok.svg

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><g transform="matrix(1.4916 0 0 1.4916 -108.81 -169.4)"><path d="m75.442 117.85c3.3426-0.62057 5.8921-0.31143 8.1139 2.4694 2.9164-2.5188 5.4372-2.8222 9.1722-2.8222-4.1614-5.3918-13.3-5.0479-17.286 0.35278m-2.4694 8.8194h0.35278c0.57274-2.4745 1.4387-4.7979 3.5278-6.35-0.0024 3.6523-2.0171 8.0642-1.0975 11.636 0.49495 1.9227 3.2713 3.1322 4.9781 3.7012 4.9853 1.6617 10.772-0.5401 13.344-5.1071 2.4443-4.3407 2.4887-10.227-3.1135-10.936-0.54247 2.8791-1.2627 5.8902-1.3972 8.8194-0.0545 1.1867 0.16563 2.8529-1.1229 3.4973-1.6634 0.83189-2.0984-1.2819-2.0042-2.439 0.26141-3.2124 1.2561-6.5356 2.4076-9.525-1.338 0.0285-3.3185 0.0732-4.3735 1.0352-0.7456 0.67987-0.64012 1.9754-1.0793 2.8451-1.3627 2.6986-3.871 3.4357-6.5416 2.4697 1.198-0.74525 2.8991-1.1261 3.5245-2.5076 1.8751-4.1413-4.1426-6.0016-6.4428-3.0566-1.2381 1.5851-0.96224 4.037-0.96224 5.9169z" fill="#4343ff"/></g></svg>

docs/basics/account-creation.en.md

@@ -0,0 +1,80 @@
+---
+title: "Account Creation"
+icon: 'material/account-plus'
+---
+
+Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line.
+
+There are risks associated with every new service that you use. Data breaches; disclosure of customer information to third parties; rogue employees accessing data; all are possibilities that must be considered when giving your information out. You need to be confident that you can trust the service, which is why we don't recommend storing valuable data on anything but the most mature and battle-tested products. That usually means services which provide E2EE and have undergone a cryptographic audit. An audit increases assurance that the product was designed without glaring security issues caused by an inexperienced developer.
+
+It can also be difficult to delete the accounts on some services. Sometimes [overwriting data](account-deletion.en.md#overwriting-account-information) associated with an account can be possible, but in other cases the service will keep an entire history of changes to the account.
+
+## Terms of Service & Privacy Policy
+
+The ToS are the rules that you agree to follow when using the service. With larger services these rules are often enforced by automated systems. Sometimes these automated systems can make mistakes. For example, you may be banned or locked out of your account on some services for using a VPN or VOIP number. Appealing such bans is often difficult, and involves an automated process too, which isn't always successful. This would be one of the reasons why we wouldn't suggest using Gmail for email as an example. Email is crucial for access to other services you might have signed up for.
+
+The Privacy Policy is how the service says they will use your data and it is worth reading so that you understand how your data will be used. A company or organization might not be legally obligated to follow everything contained in the policy (it depends on the jurisdiction). We would recommend having some idea what your local laws are and what they permit a provider to collect.
+
+We recommend looking for particular terms such as "data collection", "data analysis", "cookies", "ads" or "3rd-party" services. Sometimes you will be able to opt-out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start.
+
+You also also placing your trust in the company or organization to actually comply with their own privacy policy.
+
+## Authentication methods
+
+There are usually multiple ways to sign up for an account, each with their own benefits and drawbacks.
+
+### Email and password
+
+The most common way to create a new account is by an email address and password. When using this method, you should use a password manager and follow [best practices](passwords-overview.md) regarding passwords.
+
+!!! tip
+
+    You can use your password manager to organize other authentication methods too! Just add the new entry and fill the appropriate fields, you can add notes for things like security questions or a backup key.
+
+You will be responsible for managing your login credentials. For added security, you can set up [MFA](multi-factor-authentication.md) on your accounts.
+
+[Recommended password managers](../passwords.md){ .md-button }
+
+#### Email aliases
+
+If you don't want to give your real email address to a service, you have the option to use an alias. We described them in more detail on our email services recommendation page. Essentially, alias services allow you to generate new email addresses that forward all emails to your main address. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign up process. Those can be filtered automatically based on the alias they are sent to.
+
+Should a service get hacked, you might start receiving phishing or spam emails to the address you used to sign up. Using unique aliases for each service can assist in identifying exactly what service was hacked.
+
+[Recommended email aliasing services](../email.md#email-aliasing-services){ .md-button }
+
+### Single sign-on
+
+!!! note
+  
+    We are discussing Single sign-on for personal use, not enterprise users.
+
+Single sign-on (SSO) is an authentication method that allows you to register for a service without sharing much information, if any. Whenever you see something along the lines of "Sign-in with *provider name*" on a registration form it's SSO.
+
+When you choose single sign-on in a website, it will prompt your SSO provider login page and after that your account will be connected. Your password won't be shared but some basic information will (you can review it during the login request). This process is needed every time you want to log in to the same account.
+
+The main advantages are:
+
+- **Security**: no risk of being involved in a [data breach](https://en.wikipedia.org/wiki/Data_breach) because the website does not store your credentials.
+- **Ease of use**: multiple accounts are managed by a single login.
+
+But there are disadvantages:
+
+- **Privacy**: a SSO provider will know the services you use.
+- **Centralization**: if your SSO account gets compromised or you aren't able to login to it, all other accounts connected to it are affected.
+
+SSO can be especially useful in those situations where you could benefit from deeper integration between services. For example, one of those services may offer SSO for the others. Our recommendation is to limit SSO to only where you need it and protect the main account with [MFA](multi-factor-authentication.md).
+
+All services that use SSO will be as secure as your SSO account. For example, if you want to secure an account with a hardware key but that service doesn't support hardware keys, you can secure your SSO account with a hardware key and now you essentially have hardware MFA on all your accounts. It is worth noting though that weak authentication on your SSO account means that any account tied to that login will also be weak.
+
+### Phone number
+
+We recommend avoiding services that require a phone number for sign up. A phone number can identity you across multiple services and depending on data sharing agreements this will make your usage easier to track, particularly if one of those services is breached as the phone number is often **not** encrypted.
+
+You should avoid giving out your real phone number if you can. Some services will allow the use of VOIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
+
+In many cases you will need to provide a number that you can receive SMS or calls from, particularly when shopping internationally, in case there is a problem with your order at border screening. It's common for services to use your number as a verification method; don't let yourself get locked out of an important account because you wanted to be clever and give a fake number!
+
+### Username and password
+
+Some services allow you to register without using an email address and only require you to set a username and password. These services may provide increased anonymity when combined with a VPN or Tor. Keep in mind that for these accounts there will most likely be **no way to recover your account** in the event you forget your username or password.

docs/basics/vpn-overview.en.md

@@ -70,7 +70,7 @@ For use cases like these, or if you have another compelling reason, the VPN prov
 
 ## Related VPN Information
 
-- [The Trouble with VPN and Privacy Review Sites](https://jonaharagon.com/2019/11/the-trouble-with-vpn-and-privacy-review-sites/)
+- [The Trouble with VPN and Privacy Review Sites](https://blog.privacyguides.org/2019/11/20/the-trouble-with-vpn-and-privacy-review-sites/)
 - [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/)
 - [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/)
 - [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/)

docs/cloud.en.md

@@ -26,13 +26,31 @@ If these alternatives do not fit your needs, we suggest you look into [Encryptio
     
         - [:octicons-globe-16: PWA](https://crypt.ee/download)
 
+## Proton Drive
+
+!!! recommendation
+
+    ![Proton Drive logo](assets/img/cloud/protondrive.svg){ align=right }
+
+    **Proton Drive** is an E2EE general file storage service by the popular encrypted email provider [Proton Mail](https://proton.me/mail).
+
+    [:octicons-home-16: Homepage](https://proton.me/drive){ .md-button .md-button--primary }
+    [:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Privacy Policy" }
+    [:octicons-info-16:](https://proton.me/support/drive){ .card-link title=Documentation}
+    [:octicons-code-16:](https://github.com/ProtonMail/WebClients){ .card-link title="Source Code" }
+
+    ??? downloads
+
+        - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive)
+        - [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851)
+
 ## Nextcloud
 
 !!! recommendation
 
     ![Nextcloud logo](assets/img/cloud/nextcloud.svg){ align=right }
 
-    **Nextcloud** is a suite of free and open-source client-server software for creating your own file hosting services on a private server you control. It also comes with experimental E2EE.
+    **Nextcloud** is a suite of free and open-source client-server software for creating your own file hosting services on a private server you control.
 
     [:octicons-home-16: Homepage](https://nextcloud.com){ .md-button .md-button--primary }
     [:octicons-eye-16:](https://nextcloud.com/privacy){ .card-link title="Privacy Policy" }
@@ -52,25 +70,6 @@ If these alternatives do not fit your needs, we suggest you look into [Encryptio
         - [:simple-openbsd: OpenBSD](https://openports.se/www/nextcloud)
         - [:simple-netbsd: NetBSD](https://pkgsrc.se/www/php-nextcloud)
 
-We recommend checking if your Nextcloud provider supports E2EE, otherwise you have to trust the provider to not look at your files.
+!!! danger
 
-When self-hosting, you should also enable E2EE to protect against your hosting provider snooping on your data.
-
-## Proton Drive
-
-!!! recommendation
-
-    ![Proton Drive logo](assets/img/cloud/protondrive.svg){ align=right }
-
-    **Proton Drive** is an E2EE general file storage service by the popular encrypted email provider [Proton Mail](https://proton.me/mail).
-
-    [:octicons-home-16: Homepage](https://proton.me/drive){ .md-button .md-button--primary }
-    [:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Privacy Policy" }
-    [:octicons-info-16:](https://proton.me/support/drive){ .card-link title=Documentation}
-    [:octicons-code-16:](https://github.com/ProtonMail/WebClients){ .card-link title="Source Code" }
-
-    ??? downloads
-
-        - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive)
-
-Proton Drive is currently only available through a web client and an Android app.
+    We don't recommend using the [E2EE App](https://apps.nextcloud.com/apps/end_to_end_encryption) for Nextcloud as it may lead to data loss; it is highly experimental and not production quality.

docs/desktop-browsers.en.md

@@ -50,9 +50,7 @@ This protects you from persistent cookies, but does not protect you against cook
 
 ##### Search Suggestions
 
-- [ ] Disable **Suggestions from the web**
-- [ ] Disable **Suggestions from sponsors**
-- [ ] Disable **Improve the Firefox Suggest experience**
+- [ ] Uncheck **Provide search suggestions**
 
 Search suggestion features may not be available in your region.
 

docs/dns.en.md

@@ -17,7 +17,7 @@ icon: material/dns
 | [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Cleartext <br> DoH <br> DoT | Some[^2] | No | Based on server choice.|
 | [**Control D**](https://controld.com/free-dns) | [:octicons-link-external-24:](https://controld.com/privacy) | Cleartext <br> DoH <br> DoT <br> DNSCrypt <br> DoQ <br> DoH3 | Optional[^3] | No | Based on server choice. |
 | [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | DoH <br> DoT | No[^4] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock)
-| [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Cleartext <br> DoH <br> DoT <br> DNSCrypt | Optional[^5] | Optional | Based on server choice. |
+| [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Cleartext <br> DoH <br> DoT | Optional[^5] | Optional | Based on server choice. |
 | [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Cleartext <br> DoH <br> DoT <br> DNSCrypt | Some[^6] | Optional |  Based on server choice, Malware blocking by default. |
 
 [^1]: AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested in within last 24 hours. "We need this information to identify and block new trackers and threats." "We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html)
@@ -38,7 +38,7 @@ The criteria for the servers listed above are:
 
 ### Android
 
-Android 9 and above support DNS over TLS. Android 13 will support DNS over HTTPS. The settings can be found in: **Settings** &rarr; **Network & Internet** &rarr; **Private DNS**.
+Android 9 and above support DNS over TLS. The settings can be found in: **Settings** &rarr; **Network & Internet** &rarr; **Private DNS**.
 
 ### Apple Devices
 
@@ -50,27 +50,9 @@ After installation of either a configuration profile or an app that uses the DNS
 
 Apple does not provide a native interface for creating encrypted DNS profiles. [Secure DNS profile creator](https://dns.notjakob.com/tool.html) is an unofficial tool for creating your own encrypted DNS profiles, however they will not be signed. Signed profiles are preferred; signing validates a profile's origin and helps to ensure the integrity of the profiles. A green "Verified" label is given to signed configuration profiles. For more information on code signing, see [About Code Signing](https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html). **Signed profiles** are offered by [AdGuard](https://adguard.com/en/blog/encrypted-dns-ios-14.html), [NextDNS](https://apple.nextdns.io), and [Quad9](https://www.quad9.net/news/blog/ios-mobile-provisioning-profiles/).
 
-#### iOS/iPadOS
+!!! info
 
-Select **Settings** &rarr; **General** &rarr; **VPN, DNS, & Device Management** &rarr; **DNS**
-
-#### macOS
-
-Select **System Preferences &rarr; Profiles** or **System Preferences** &rarr; **Network** &rarr; **Advanced**, (depending on if you have configuration profiles installed).
-
-#### tvOS
-
-Select **Settings** &rarr; **General** &rarr; **Privacy** &rarr; **Share Apple TV Analytics** &rarr; then press the *Play* button on the remote.
-
-### Windows
-
-You can [turn on DoH](https://docs.microsoft.com/en-us/windows-server/networking/dns/doh-client-support) by accessing Windows settings in the control panel.
-
-Select **Settings** &rarr; **Network & Internet** &rarr; **Ethernet or WiFi**, &rarr; **Edit DNS Settings** &rarr; **Preferred DNS encryption** &rarr; **Encrypted only (DNS over HTTPS)**.
-
-### Linux
-
-`systemd-resolved`, which many Linux distributions use to do their DNS lookups, doesn't yet [support DoH](https://github.com/systemd/systemd/issues/8639). If you want to use DoH, you'll need to install a proxy like [dnscrypt-proxy](https://github.com/DNSCrypt/dnscrypt-proxy) and [configure it](https://wiki.archlinux.org/title/Dnscrypt-proxy) to take all the DNS queries from your system resolver and forward them over HTTPS.
+    `systemd-resolved`, which many Linux distributions use to do their DNS lookups, doesn't yet [support DoH](https://github.com/systemd/systemd/issues/8639). If you want to use DoH, you'll need to install a proxy like [dnscrypt-proxy](https://github.com/DNSCrypt/dnscrypt-proxy) and [configure it](https://wiki.archlinux.org/title/Dnscrypt-proxy) to take all the DNS queries from your system resolver and forward them over HTTPS.
 
 ## Encrypted DNS Proxies
 

docs/email.en.md

@@ -28,6 +28,8 @@ For everything else, we recommend a variety of email providers based on sustaina
 
     If you have the Proton Unlimited, Business, or Visionary Plan, you also get [SimpleLogin](#simplelogin) Premium for free.
 
+    Proton Mail has internal crash reports that they **do not** share with third parties. This can be disabled in: **Settings** > **Go to Settings** > **Account** > **Security and privacy** > **Send crash reports**.
+
     [:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary }
     [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" }
     [:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Privacy Policy" }
@@ -68,6 +70,14 @@ For everything else, we recommend a variety of email providers based on sustaina
 
     Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE.
 
+??? warning "Digital Legacy"
+
+    Proton Mail doesn't offer a digital legacy feature.
+
+??? info "Account Termination"
+
+    If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinguent and won't receive incoming mail. You will continue to be billed during this period.
+
 ??? info "Additional Functionality"
 
     Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage.
@@ -112,6 +122,14 @@ For everything else, we recommend a variety of email providers based on sustaina
 
     Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE.
 
+??? check "Digital Legacy"
+
+    Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address.
+
+??? info "Account Termination"
+
+    Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract).
+
 ??? info "Additional Functionality"
 
     You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors.
@@ -157,6 +175,14 @@ For everything else, we recommend a variety of email providers based on sustaina
 
     StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys.
 
+??? warning "Digital Legacy"
+
+    StartMail does not offer a digital legacy feature.
+
+??? info "Account Termination"
+
+    On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration).
+
 ??? info "Additional Functionality"
 
     StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is.
@@ -178,16 +204,14 @@ For everything else, we recommend a variety of email providers based on sustaina
     ??? downloads
 
         - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=de.tutao.tutanota)
-        - [:simple-appstore: App Store](https://itunes.apple.com/de/app/tutanota/id922429609)
+        - [:simple-appstore: App Store](https://apps.apple.com/app/tutanota/id922429609)
         - [:simple-github: GitHub](https://github.com/tutao/tutanota/releases)
         - [:simple-windows11: Windows](https://tutanota.com/#download)
         - [:simple-apple: macOS](https://tutanota.com/#download)
         - [:simple-linux: Linux](https://tutanota.com/#download)
         - [:octicons-browser-16: Web](https://mail.tutanota.com/)
 
-Tutanota [doesn't allow](https://tutanota.com/faq/#imap) the use of third-party [email clients](email-clients.md). Tutanota has no plans pull email from [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) using the IMAP protocol. [Email import](https://github.com/tutao/tutanota/issues/630) is currently not possible.
-
-Emails can be exported [individually or by bulk selection](https://tutanota.com/howto#generalMail). Tutanota does not allow for [subfolders](https://github.com/tutao/tutanota/issues/927) as you might expect with other email providers.
+Tutanota doesn't use the [IMAP protocol](https://tutanota.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tutanota app. Neither [Email import](https://github.com/tutao/tutanota/issues/630) or [subfolders](https://github.com/tutao/tutanota/issues/927) are currently supported, though this is [due to be changed](https://tutanota.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tutanota.com/howto#generalMail) per folder, which may be inconvenient if you have many folders.
 
 ??? check "Custom Domains and Aliases"
 
@@ -199,7 +223,7 @@ Emails can be exported [individually or by bulk selection](https://tutanota.com/
 
 ??? check "Account Security"
 
-    Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. U2F support is [not yet available on Android](https://github.com/tutao/tutanota/issues/443).
+    Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F.
 
 ??? check "Data Security"
 
@@ -211,6 +235,14 @@ Emails can be exported [individually or by bulk selection](https://tutanota.com/
 
     Tutanota [does have plans](https://github.com/tutao/tutanota/issues/198) to support [AutoCrypt](https://autocrypt.org). This would allow for non-Tutanota emails to send encrypted emails to Tutanota accounts as long as their email client supports the AutoCrypt headers.
 
+??? warning "Digital Legacy"
+
+    Tutanota doesn't offer a digital legacy feature.
+
+??? info "Account Termination"
+
+    Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay.
+
 ??? info "Additional Functionality"
 
     Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount.
@@ -348,6 +380,7 @@ We regard these features as important in order to provide a safe and optimal ser
 **Minimum to Qualify:**
 
 - Encrypts email account data at rest with zero-access encryption.
+- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .eml with [RFC5322](https://datatracker.ietf.org/doc/rfc5322/) standard.
 
 **Best Case:**
 
@@ -397,6 +430,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w
 - Website security standards such as:
     - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security)
     - [Subresource Integrity](https://en.wikipedia.org/wiki/Subresource_Integrity) if loading things from external domains.
+- Must support viewing of [Message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt.
 
 **Best Case:**
 

docs/encryption.en.md

@@ -146,7 +146,7 @@ BitLocker is [only supported](https://support.microsoft.com/en-us/windows/turn-o
 
     [:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
 
-We recommend storing a local recovery key in a secure place as opposed to using iCloud FileVault recovery. As well, FileVault should be enabled **after** a complete macOS installation as more pseudorandom number generator ([PRNG](https://support.apple.com/guide/security/random-number-generation-seca0c73a75b/web)) [entropy](https://en.wikipedia.org/wiki/Entropy_(computing)) will be available.
+We recommend storing a local recovery key in a secure place as opposed to using your iCloud account for recovery.
 
 ### Linux Unified Key Setup
 

docs/frontends.en.md

@@ -33,7 +33,7 @@ Sometimes services will try to force you to sign up for an account by blocking a
 
 When self-hosting, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting Librarian, as other peoples' usage will be linked to your hosting.
 
-When you are using a Librarian instance, make sure to read the privacy policy of that specific instance. Librarian instances can be modified by their owners and therefore may not reflect the default policy. Librarian instances feature a "privacy nutrition label" to provide an overview of their policy. Some instances have Tor .onion addresses which may grant some privacy as long as your search queries don't contain PII (Personally Identifiable Information).
+When you are using a Librarian instance, make sure to read the privacy policy of that specific instance. Librarian instances can be modified by their owners and therefore may not reflect the default policy. Librarian instances feature a "privacy nutrition label" to provide an overview of their policy. Some instances have Tor .onion addresses which may grant some privacy as long as your search queries don't contain PII.
 
 ## Twitter
 
@@ -59,7 +59,32 @@ When you are using a Librarian instance, make sure to read the privacy policy of
 
 When self-hosting, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting Nitter, as other peoples' usage will be linked to your hosting.
 
-When you are using a Nitter instance, make sure to read the privacy policy of that specific instance. Nitter instances can be modified by their owners and therefore may not reflect the default policy. Some instances have Tor .onion addresses which may grant some privacy as long as your search queries don't contain PII (Personally Identifiable Information).
+When you are using a Nitter instance, make sure to read the privacy policy of that specific instance. Nitter instances can be modified by their owners and therefore may not reflect the default policy. Some instances have Tor .onion addresses which may grant some privacy as long as your search queries don't contain PII.
+
+## TikTok
+
+### ProxiTok
+
+!!! recommendation
+
+    ![ProxiTok logo](assets/img/frontends/proxitok.svg){ align=right }
+
+    **ProxiTok** is an open source frontend to the [TikTok](https://www.tiktok.com) website that is also self-hostable.
+
+    There are a number of public instances, with some instances having [Tor](https://www.torproject.org) onion services support.
+
+    [:octicons-repo-16: Repository](https://github.com/pablouser1/ProxiTok){ .md-button .md-button--primary }
+    [:octicons-server-16:](https://github.com/pablouser1/ProxiTok/wiki/Public-instances){ .card-link title="Public Instances"}
+    [:octicons-info-16:](https://github.com/pablouser1/ProxiTok/wiki){ .card-link title=Documentation}
+    [:octicons-code-16:](https://github.com/pablouser1/ProxiTok){ .card-link title="Source Code" }
+
+!!! tip
+
+    ProxiTok is useful if you want to disable JavaScript in your browser, such as [Tor Browser](https://www.torproject.org/) on the Safest security level.
+
+When self-hosting, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting ProxiTok, as other peoples' usage will be linked to your hosting.
+
+When you are using a ProxiTok instance, make sure to read the privacy policy of that specific instance. ProxiTok instances can be modified by their owners and therefore may not reflect their associated privacy policy. Some instances have Tor .onion addresses which may grant some privacy as long as your search queries don't contain PII.
 
 ## YouTube
 
@@ -90,7 +115,6 @@ When you are using a Nitter instance, make sure to read the privacy policy of th
 
     When using FreeTube, your IP address may still be known to YouTube, [Invidious](https://instances.invidious.io) or [SponsorBlock](https://sponsor.ajay.app/) depending on your configuration. Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org) if your [threat model](basics/threat-modeling.md) requires hiding your IP address.
 
-
 ### NewPipe (Android)
 
 !!! recommendation annotate
@@ -114,7 +138,7 @@ When you are using a Nitter instance, make sure to read the privacy policy of th
 1. The default instance is [FramaTube](https://framatube.org/), however more can be added via **Settings** → **Content** → **PeerTube instances**
 
 !!! Warning
-    
+
     When using NewPipe, your IP address will be visible to the video providers used. Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org) if your [threat model](basics/threat-modeling.md) requires hiding your IP address.
 
 ### Invidious
@@ -144,7 +168,7 @@ When you are using a Nitter instance, make sure to read the privacy policy of th
 
 When self-hosting, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting Invidious, as other peoples' usage will be linked to your hosting.
 
-When you are using an Invidious instance, make sure to read the privacy policy of that specific instance. Invidious instances can be modified by their owners and therefore may not reflect their associated privacy policy. Some instances have Tor .onion addresses which may grant some privacy as long as your search queries don't contain PII (Personally Identifiable Information).
+When you are using an Invidious instance, make sure to read the privacy policy of that specific instance. Invidious instances can be modified by their owners and therefore may not reflect their associated privacy policy. Some instances have Tor .onion addresses which may grant some privacy as long as your search queries don't contain PII.
 
 ### Piped
 

docs/mobile-browsers.en.md

@@ -131,9 +131,13 @@ Do note that Private Browsing does not save cookies and website data, so it won'
 
 ##### iCloud Sync
 
-Synchronization of Safari History, Tab Groups, iCloud Tabs and saved passwords are E2EE. However, bookmarks are [not](https://support.apple.com/en-us/HT202303). Apple can decrypt and access them in accordance with their [privacy policy](https://www.apple.com/legal/privacy/en-ww/).
+Synchronization of Safari History, Tab Groups, iCloud Tabs and saved passwords are E2EE. However, by default, bookmarks are [not](https://support.apple.com/en-us/HT202303). Apple can decrypt and access them in accordance with their [privacy policy](https://www.apple.com/legal/privacy/en-ww/).
 
-If you use iCloud, we also recommend checking to ensure Safari's default download location is set to locally on your device. This option can be found in :gear: **Settings** → **Safari** → **General** → **Downloads**.
+You can enable E2EE for you Safari bookmarks and downloads by enabling [Advanced Data Protection](https://support.apple.com/en-us/HT212520). Go to your **Apple ID name → iCloud → Advanced Data Protection**.
+
+- [x] Turn On **Advanced Data Protection**
+
+If you use iCloud with Advanced Data Protection disabled, we also recommend checking to ensure Safari's default download location is set to locally on your device. This option can be found in :gear: **Settings** → **Safari** → **General** → **Downloads**.
 
 ### AdGuard
 

docs/passwords.en.md

@@ -6,6 +6,12 @@ Password managers allow you to securely store and manage passwords and other cre
 
 [Introduction to Passwords :material-arrow-right-drop-circle:](./basics/passwords-overview.md)
 
+!!! info
+
+    Built-in password managers in software like browsers and operating systems are sometimes not as good as dedicated password manager software. The advantage of a built-in password manager is good integration with the software, but it can often be very simple and lack privacy and security features standalone offerings have.
+
+    For example, the password manager in Microsoft Edge doesn't offer E2EE at all. Google's password manager has [optional](https://support.google.com/accounts/answer/11350823) E2EE, and [Apple's](https://support.apple.com/en-us/HT202303) offers E2EE by default.
+
 ## Cloud-based
 
 These password managers sync your passwords to a cloud server for easy accessibility from all your devices and safety against device loss.
@@ -67,7 +73,6 @@ Bitwarden's server-side code is [open-source](https://github.com/bitwarden/serve
         - [:simple-windows11: Windows](https://1password.com/downloads/windows/)
         - [:simple-apple: macOS](https://1password.com/downloads/mac/)
         - [:simple-linux: Linux](https://1password.com/downloads/linux/)
-        
 
 Traditionally, **1Password** has offered the best password manager user experience for people using macOS and iOS; however, it has now achieved feature-parity across all platforms. It boasts many features geared towards families and less technical people, as well as advanced functionality.
 
@@ -85,7 +90,7 @@ One advantage 1Password has over Bitwarden is its first-class support for native
 
     [:octicons-home-16: Homepage](https://psono.com){ .md-button .md-button--primary }
     [:octicons-eye-16:](https://psono.com/privacy-policy){ .card-link title="Privacy Policy" }
-    [:octicons-info-16:](https://doc.psono.com/){ .card-link title=Documentation}
+    [:octicons-info-16:](https://doc.psono.com){ .card-link title=Documentation}
     [:octicons-code-16:](https://gitlab.com/psono){ .card-link title="Source Code" }
 
     ??? downloads
@@ -96,7 +101,7 @@ One advantage 1Password has over Bitwarden is its first-class support for native
         - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/psonopw-password-manager/eljmjmgjkbmpmfljlmklcfineebidmlo)
         - [:simple-docker: Docker Hub](https://hub.docker.com/r/psono/psono-client)
 
-Psono provides [extensive documentation](https://doc.psono.com/) for their product. The [web-client](https://doc.psono.com/admin/installation/install-webclient.html#installation-with-docker) for Psono can be self-hosted; alternatively, you can choose the full [Community Edition](https://doc.psono.com/admin/installation/install-server-ce.html) or the [Enterprise Edition](https://doc.psono.com/admin/installation/install-server-ee.html) with additional features.
+Psono provides extensive documentation for their product. The web-client for Psono can be self-hosted; alternatively, you can choose the full Community Edition or the Enterprise Edition with additional features.
 
 ## Local Storage
 

docs/productivity.en.md

@@ -56,6 +56,7 @@ For other platforms, consider below:
         - [:simple-windows11: Windows](https://www.onlyoffice.com/download-desktop.aspx)
         - [:simple-apple: macOS](https://www.onlyoffice.com/download-desktop.aspx)
         - [:simple-linux: Linux](https://www.onlyoffice.com/download-desktop.aspx)
+        - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.onlyoffice.desktopeditors)
         - [:simple-freebsd: FreeBSD](https://www.freshports.org/www/onlyoffice-documentserver/)
 
 ### CryptPad

docs/tools.en.md

@@ -421,6 +421,7 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 - ![Element logo](assets/img/messengers/element.svg){ .twemoji } [Element](real-time-communication.md#element)
 - ![Session logo](assets/img/messengers/session.svg){ .twemoji } [Session](real-time-communication.md#session)
 - ![Briar logo](assets/img/messengers/briar.svg){ .twemoji } [Briar (Android)](real-time-communication.md#briar-android)
+- ![SimpleX Chat logo](assets/img/messengers/simplex.svg){ .twemoji } [SimpleX Chat](real-time-communication.md#simplex-chat)
 
 </div>
 

docs/vpn.en.md

@@ -48,9 +48,9 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic.
         - [:simple-windows11: Windows](https://protonvpn.com/download-windows)
         - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/)
 
-??? check annotate "64 Countries"
+??? check annotate "67 Countries"
 
-    Proton VPN has [servers in 64 countries](https://protonvpn.com/vpn-servers) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
+    Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
 
     We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).
 
@@ -111,9 +111,9 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic.
         - [:simple-apple: macOS](https://www.ivpn.net/apps-macos/)
         - [:simple-linux: Linux](https://www.ivpn.net/apps-linux/)
 
-??? check annotate "34 Countries"
+??? check annotate "35 Countries"
 
-    IVPN has [servers in 34 countries](https://www.ivpn.net/server-locations) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
+    IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
 
     We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).
 
@@ -172,9 +172,9 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic.
         - [:simple-apple: macOS](https://mullvad.net/en/download/macos/)
         - [:simple-linux: Linux](https://mullvad.net/en/download/linux/)
 
-??? check annotate "39 Countries"
+??? check annotate "40 Countries"
 
-    Mullvad has [servers in 39 countries](https://mullvad.net/servers/) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
+    Mullvad has [servers in 40 countries](https://mullvad.net/servers/) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
 
     We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).
 

includes/abbreviations.en.md

@@ -9,6 +9,7 @@
 *[CLI]: Command Line Interface
 *[CSV]: Comma-Separated Values
 *[CVE]: Common Vulnerabilities and Exposures
+*[Digital Legacy]: Digital Legacy refers to features that allow you to give other people access to your data when you die
 *[DNSSEC]: Domain Name System Security Extensions
 *[DNS]: Domain Name System
 *[DoH]: DNS over HTTPS
@@ -77,9 +78,11 @@
 *[SUID]: Set Owner User ID
 *[SaaS]: Software as a Service (cloud software)
 *[SoC]: System on Chip
+*[SSO]: Single sign-on
 *[TCP]: Transmission Control Protocol
 *[TEE]: Trusted Execution Environment
 *[TLS]: Transport Layer Security
+*[ToS]: Terms of Service
 *[TOTP]: Time-based One-Time Password
 *[TPM]: Trusted Platform Module
 *[U2F]: Universal 2nd Factor

mkdocs.yml

@@ -12,18 +12,15 @@ copyright: |
 
 extra:
   social:
+    - icon: simple/mastodon
+      link: https://mastodon.neat.computer/@privacyguides
+      name: Mastodon
     - icon: simple/matrix
       link: https://matrix.to/#/#privacyguides:matrix.org
       name: Matrix
     - icon: simple/discourse
       link: https://discuss.privacyguides.org/
       name: Forum
-    - icon: simple/mastodon
-      link: https://mastodon.neat.computer/@privacyguides
-      name: Mastodon
-    - icon: simple/twitter
-      link: https://twitter.com/privacy_guides
-      name: Twitter
     - icon: simple/github
       link: https://github.com/privacyguides
       name: GitHub
@@ -123,6 +120,7 @@ nav:
     - 'basics/threat-modeling.md'
     - 'basics/common-threats.md'
     - 'basics/common-misconceptions.md'
+    - 'basics/account-creation.md'
     - 'basics/account-deletion.md'
     - 'Technology Essentials':
       - 'basics/passwords-overview.md'