Make headings consistent and remove redundant descriptions (#1207)

Co-authored-by: Jonah Aragon <jonah@triplebit.net>

.github/workflows/crowdin.yml

@@ -14,7 +14,7 @@ jobs:
       uses: actions/checkout@v3
 
     - name: crowdin action
-      uses: crowdin/github-action@1.4.8
+      uses: crowdin/github-action@1.4.9
       with:
         upload_sources: true
         upload_sources_args: '--auto-update --delete-obsolete'

docs/browsers.en.md

@@ -1,9 +1,6 @@
 ---
 title: "Web Browsers"
 icon: octicons/browser-16
-tags:
-  - HTML5
-  - JavaScript
 ---
 These are our current web browser recommendations and settings. We recommend keeping extensions to a minimum: they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation.
 
@@ -57,43 +54,55 @@ These are our current web browser recommendations and settings. We recommend kee
 
 #### Recommended Configuration
 
+Tor Browser is the only way to truly browse the internet anonymously. When you use Firefox we recommend changing the following settings to protect your privacy from certain parties, but all browsers other than Tor will be traceable by *somebody* in some regard or another.
+
 These options can be found in :material-menu: → **Settings** → **Privacy & Security**.
 
-##### Enhanced Tracking Protection (ETP)
+##### Enhanced Tracking Protection
 
-- Select **Strict**
+- [x] Select **Strict** Enhanced Tracking Protection
+
+This protects you by blocking social media trackers, fingerprinting scripts (note that this does not protect you from *all* fingerprinting), cryptominers, cross-site tracking cookies, and some other tracking content. ETP protects against many common threats, but it does not block all tracking avenues because it is designed to have minimal to no impact on site usability.
 
 ##### Sanitize on Close
 
 If you want to stay logged in to particular sites, you can allow exceptions in **Cookies and Site Data** → **Manage Exceptions...**
 
-- Select **Delete cookies and site data when Firefox is closed**
+- [x] Check **Delete cookies and site data when Firefox is closed**
 
-##### Disable Search Suggestions
+This protects you from persistent cookies, but does not protect you against cookies acquired during any one browsing session. When this is enabled, it becomes possible to easily cleanse your browser cookies by simply restarting Firefox. You can set exceptions on a per-site basis, if you wish to stay logged in to a particular site you visit often.
 
-- Clear **Suggestions from the web**
-- Clear **Suggestions from sponsors**
-- Clear **Improve the Firefox Suggest experience**
+##### Search Suggestions
+
+- [ ] Disable **Suggestions from the web**
+- [ ] Disable **Suggestions from sponsors**
+- [ ] Disable **Improve the Firefox Suggest experience**
 
 Search suggestion features may not be available in your region.
 
-##### Disable Telemetry
+Search suggestions send everything you type in the address bar to the default search engine, regardless of whether you submit an actual search. Disabling search suggestions allows you to more precisely control what data you send to your search engine provider.
 
-- Clear **Allow Firefox to send technical and interaction data to Mozilla**
-- Clear **Allow Firefox to install and run studies**
-- Clear **Allow Firefox to send backlogged crash reports on your behalf**
+##### Telemetry
+
+- [ ] Uncheck **Allow Firefox to send technical and interaction data to Mozilla**
+- [ ] Uncheck **Allow Firefox to install and run studies**
+- [ ] Uncheck **Allow Firefox to send backlogged crash reports on your behalf**
+
+> Firefox sends data about your Firefox version and language; device operating system and hardware configuration; memory, basic information about crashes and errors; outcome of automated processes like updates, safebrowsing, and activation to us. When Firefox sends data to us, your IP address is temporarily collected as part of our server logs.
 
 ##### HTTPS-Only Mode
 
-- Select **Enable HTTPS-Only Mode in all windows**
+- [x] Select **Enable HTTPS-Only Mode in all windows**
+
+This prevents you from unintentionally connecting to a website in plain-text HTTP. Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day to day browsing.
 
 #### Sync
 
-The [Firefox Sync](https://hacks.mozilla.org/2018/11/firefox-sync-privacy/) service uses E2EE.
+[Firefox Sync](https://hacks.mozilla.org/2018/11/firefox-sync-privacy/) allows your browsing data (history, bookmarks, etc.) to be accessible on all your devices and protects it with E2EE.
 
 #### Extensions
 
-We generally do not recommend installing any extensions as they increase your attack surface; however, if you want content blocking, [uBlock Origin](#additional-resources) might be useful to you. The extension is also a :trophy: [Recommended Extension](https://support.mozilla.org/kb/add-on-badges#w_recommended-extensions) by Mozilla.
+We generally do not recommend installing any extensions as they increase your attack surface. However, if you want content blocking, [uBlock Origin](#additional-resources) might be useful to you. The extension is also a :trophy: [Recommended Extension](https://support.mozilla.org/kb/add-on-badges#w_recommended-extensions) by Mozilla.
 
 #### Arkenfox (advanced)
 
@@ -101,7 +110,7 @@ The [Arkenfox project](https://github.com/arkenfox/user.js) provides a set of ca
 
 ## Mobile Browser Recommendations
 
-Firefox on Android is still less secure than Chromium-based alternatives: Mozilla's engine [GeckoView](https://mozilla.github.io/geckoview/) has yet to support [site isolation](https://hacks.mozilla.org/2021/05/introducing-firefox-new-site-isolation-security-architecture) or enable [isolatedProcess](https://bugzilla.mozilla.org/show_bug.cgi?id=1565196).
+Firefox on Android is still less secure than Chromium-based alternatives: Mozilla's engine, [GeckoView](https://mozilla.github.io/geckoview/), has yet to support [site isolation](https://hacks.mozilla.org/2021/05/introducing-firefox-new-site-isolation-security-architecture) or enable [isolatedProcess](https://bugzilla.mozilla.org/show_bug.cgi?id=1565196).
 
 On iOS, any app that can browse the web is [restricted](https://developer.apple.com/app-store/review/guidelines) to using an Apple-provided [WebKit framework](https://developer.apple.com/documentation/webkit), so there is little reason to use a third-party web browser.
 
@@ -126,13 +135,15 @@ These options can be found in :material-menu: → :gear: **Settings** → **Priv
 
 ##### HTTPS-Only Mode
 
-- Select **Always use secure connections**
+- [x] Select **Always use secure connections**
+
+This prevents you from unintentionally connecting to a website in plain-text HTTP. The HTTP protocol is extremely uncommon nowadays, so this should have little to no impact on your day to day browsing.
 
 ##### Always-on Incognito Mode
 
-- Select **Open links in incognito tabs always**
-- Select **Close all open tabs on exit**
-- Select **Open external links in incognito**
+- [x] Select **Open links in incognito tabs always**
+- [x] Select **Close all open tabs on exit**
+- [x] Select **Open external links in incognito**
 
 ### Safari
 
@@ -150,9 +161,9 @@ These options can be found in :gear: **Settings** → **Safari** → **Privacy a
 
 ##### Cross-Site Tracking Prevention
 
-Enable WebKit's [Intelligent Tracking Protection](https://webkit.org/tracking-prevention/#intelligent-tracking-prevention-itp).
+- [x] Enable **Prevent Cross-Site Tracking**
 
-- Select **Prevent Cross-Site Tracking** to enable
+This enables WebKit's [Intelligent Tracking Protection](https://webkit.org/tracking-prevention/#intelligent-tracking-prevention-itp). The feature helps protect against unwanted tracking by using on-device machine learning to stop trackers. ITP protects against many common threats, but it does not block all tracking avenues because it is designed to not interfere with website usability.
 
 ##### Privacy Report
 
@@ -162,21 +173,27 @@ Privacy Report is accessible through the "**Aa**" icon in the URL bar.
 
 ##### Privacy Preserving Ad Measurement
 
-This is WebKit's own [implementation](https://webkit.org/blog/8943/privacy-preserving-ad-click-attribution-for-the-web/) of privacy preserving ad click attribution. If you do not wish to participate, you can disable this feature.
+- [ ] Disable **Privacy Preserving Ad Measurement**
 
-- Select **Privacy Preserving Ad Measurement**
+Ad click measurement has traditionally used tracking technology that infringes on user privacy. [Private Click Measurement](https://webkit.org/blog/11529/introducing-private-click-measurement-pcm/) is a WebKit feature and proposed web standard aimed towards allowing advertisers to measure the effectiveness of web campaigns without compromising on user privacy.
+
+The feature has little privacy concerns on its own, so while you can choose to leave it on, we consider the fact that it's automatically disabled in Private Browsing to be an indicator for disabling the feature.
 
 ##### Apple Pay
 
 If you do not use Apple Pay, you can toggle off the ability for websites to check for it.
 
-- Select **Check for Apple Pay**
+- [ ] Disable **Allow websites to check for Apple Pay and Apple Card**
 
 ##### Always-on Private Browsing
 
-Open Safari and press the tabs icon in the bottom right corner. Open Tab Groups, located in the bottom middle.
+Open Safari and tap the Tabs button, located in the bottom right. Then, expand the Tab Groups list.
 
-- Select **Private**
+- [x] Select **Private**
+
+Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are also other smaller privacy benefits with Private Browsing, such as not sending a webpage’s address to Apple when using Safari's translation feature.
+
+Do note that Private Browsing does not save cookies and website data, so it won't be possible to remain signed into sites. This may be an inconvenience.
 
 ##### iCloud Sync
 

docs/cloud.en.md

@@ -2,11 +2,11 @@
 title: "Cloud Storage"
 icon: material/file-cloud
 ---
-If you are currently using a Cloud Storage Service like Dropbox, Google Drive, Microsoft OneDrive or Apple iCloud, you are putting complete trust in your service provider to not look at your files.
+If you are currently using a Cloud Storage Service like Dropbox, Google Drive, Microsoft OneDrive, or Apple iCloud, you are putting complete trust in your service provider to not look at your files.
 
-Trust your provider by using an alternative below that supports E2EE.
+Eliminate the need for trust in your provider by using an alternative below that supports E2EE.
 
-### Nextcloud
+## Nextcloud
 
 !!! recommendation
 
@@ -31,9 +31,9 @@ Trust your provider by using an alternative below that supports E2EE.
 
 We recommend checking if your Nextcloud provider supports E2EE, otherwise you have to trust the provider to not look at your files.
 
-When self hosting Nextcloud, you should also remember to enable E2EE to protect against your hosting provider from snooping on your data.
+When self hosting Nextcloud, you should also enable E2EE to protect against your hosting provider snooping on your data.
 
-### Proton Drive
+## Proton Drive
 
 !!! recommendation
 
@@ -51,14 +51,14 @@ Proton Drive is currently in beta and only is only available through a web clien
 
 When using a web client, you are placing trust in the server to send you proper JavaScript code to derive the decryption key and authentication token locally in your browser. A compromised server can send you malicious JavaScript code to steal your master password and decrypt your data. If this does not fit your [threat model](threat-modeling.md), consider using an alternative.
 
-### Cryptee
+## Cryptee
 
 !!! recommendation
 
     ![Cryptee logo](./assets/img/cloud/cryptee.svg#only-light){ align=right }
     ![Cryptee logo](./assets/img/cloud/cryptee-dark.svg#only-dark){ align=right }
 
-    **Cryptee** is an encrypted, secure photo storage service, and an encrypted documents editor to write personal docs, notes, journals, store files & more.
+    **Cryptee** is an encrypted, secure photo storage service, and an encrypted documents editor.
 
     [Website](https://crypt.ee){ .md-button .md-button--primary } [Privacy Policy](https://crypt.ee/privacy){ .md-button }
 
@@ -66,7 +66,7 @@ When using a web client, you are placing trust in the server to send you proper
 
         - [:fontawesome-brands-github: Source](https://github.com/cryptee/web-client)
 
-### Tahoe-LAFS
+## Tahoe-LAFS
 
 !!! note
 
@@ -78,7 +78,7 @@ When using a web client, you are placing trust in the server to send you proper
     ![Tahoe-LAFS logo](./assets/img/cloud/tahoe-lafs.svg#only-light){ align=right }
     ![Tahoe-LAFS logo](./assets/img/cloud/tahoe-lafs-dark.svg#only-dark){ align=right }
 
-    **Tahoe-LAFS** is a free and open decentralized cloud storage system. It distributes your data across multiple servers. Even if some of the servers fail or are taken over by an attacker, the entire file store continues to function correctly, preserving your privacy and security. The servers used as storage pools do not have access to your data.
+    **Tahoe-LAFS** is a free, open, and decentralized cloud storage system. It distributes your data across multiple servers. Even if some of the servers fail or are taken over by an attacker, the entire file store continues to function correctly, preserving your privacy and security. The servers used as storage pools do not have access to your data.
 
     [Homepage](https://www.tahoe-lafs.org){ .md-button .md-button--primary }
 

docs/dns.en.md

@@ -11,14 +11,14 @@ icon: material/dns
 
 ## Recommended Providers
 
-| DNS Provider | Privacy Policy | Type | Protocols | Logging | ECS | Filtering |
-| ------------ | -------------- | ---- | --------- | ------- | --- | --------- |
-| [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Commercial | Cleartext <br> DoH <br> DoT <br> DNSCrypt | Some[^1] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS)
-| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Commercial | Cleartext <br> DoH <br> DoT | Some[^2] | No | Based on server choice.|
-| [**ControlD**](https://controld.com) | [:octicons-link-external-24:](https://controld.com/privacy) | Commercial | Cleartext <br> DoH <br> DoT | Optional[^3] | No |  Based on server choice.  |
-| [**MullvadDNS**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | Commercial | DoH <br> DoT | No[^4] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock)
-| [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Commercial | Cleartext <br> DoH <br> DoT <br> DNSCrypt | Optional[^5] | Optional | Based on server choice. |
-| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Non-Profit | Cleartext <br> DoH <br> DoT <br> DNSCrypt | Some[^6] | Optional |  Based on server choice, Malware blocking by default. |
+| DNS Provider | Privacy Policy | Protocols | Logging | ECS | Filtering |
+| ------------ | -------------- | --------- | ------- | --- | --------- |
+| [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Cleartext <br> DoH <br> DoT <br> DNSCrypt | Some[^1] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS)
+| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Cleartext <br> DoH <br> DoT | Some[^2] | No | Based on server choice.|
+| [**ControlD**](https://controld.com) | [:octicons-link-external-24:](https://controld.com/privacy) | Cleartext <br> DoH <br> DoT | Optional[^3] | No |  Based on server choice.  |
+| [**MullvadDNS**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | DoH <br> DoT | No[^4] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock)
+| [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Cleartext <br> DoH <br> DoT <br> DNSCrypt | Optional[^5] | Optional | Based on server choice. |
+| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Cleartext <br> DoH <br> DoT <br> DNSCrypt | Some[^6] | Optional |  Based on server choice, Malware blocking by default. |
 
 [^1]: AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested in within last 24 hours. "We need this information to identify and block new trackers and threats." "We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html)
 [^2]: Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver. The 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is stored only for 25 hours. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/)

docs/email-clients.en.md

@@ -11,7 +11,7 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
 
     [Real-time Communication](real-time-communication.md){ .md-button }
 
-### Thunderbird
+## Thunderbird
 
 !!! recommendation
 
@@ -29,7 +29,7 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
         - [:pg-flathub: Flatpak](https://flathub.org/apps/details/org.mozilla.Thunderbird)
         - [:fontawesome-brands-git: Source](https://hg.mozilla.org/comm-central)
 
-### Apple Mail
+## Apple Mail
 
 !!! note
 
@@ -43,7 +43,7 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
 
     [Website](https://support.apple.com/guide/mail/welcome/mac){ .md-button .md-button--primary } [Privacy Policy](https://www.apple.com/legal/privacy/en-ww/){ .md-button }
 
-### GNOME Evolution
+## GNOME Evolution
 
 !!! recommendation
 
@@ -58,7 +58,7 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
         - [:pg-flathub: Flatpak](https://flathub.org/apps/details/org.gnome.Evolution)
         - [:fontawesome-brands-gitlab: Source](https://gitlab.gnome.org/GNOME/evolution)
 
-### Kontact
+## Kontact
 
 !!! recommendation
 
@@ -74,7 +74,7 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
         - [:pg-flathub: Flatpak](https://flathub.org/apps/details/org.kde.kontact)
         - [:fontawesome-brands-git: Source](https://invent.kde.org/pim/kmail)
 
-### Mailvelope
+## Mailvelope
 
 !!! recommendation
 
@@ -91,7 +91,7 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
         - [:fontawesome-brands-edge: Edge](https://microsoftedge.microsoft.com/addons/detail/mailvelope/dgcbddhdhjppfdfjpciagmmibadmoapc)
         - [:fontawesome-brands-github: Source](https://github.com/mailvelope/mailvelope)
 
-### K-9 Mail
+## K-9 Mail
 
 !!! recommendation
 
@@ -107,7 +107,7 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
         - [:pg-f-droid: F-Droid](https://f-droid.org/packages/com.fsck.k9)
         - [:fontawesome-brands-github: Source](https://github.com/k9mail)
 
-### FairEmail
+## FairEmail
 
 !!! recommendation
 
@@ -123,7 +123,7 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
         - [:pg-f-droid: F-Droid](https://f-droid.org/packages/eu.faircode.email/)
         - [:fontawesome-brands-github: Source](https://github.com/M66B/FairEmail)
 
-### Canary Mail
+## Canary Mail
 
 !!! recommendation
 
@@ -146,7 +146,7 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
 
 Canary Mail is closed source. We recommend it, due to the few choices there are for email clients on iOS that support PGP E2EE.
 
-### NeoMutt
+## NeoMutt
 
 !!! recommendation
 

docs/email.en.md

@@ -12,7 +12,7 @@ For everything else, we recommend a variety of email providers based on sustaina
 
     When using E2EE technology like OpenPGP, email will still have some metadata that is not encrypted in the header of the email. Read more about email metadata.
 
-    OpenPGP also does not support Forward secrecy, which means if either your or the recipient's private key is ever stolen, all previous messages encrypted with it will be exposed. How do I protect my private keys?
+    OpenPGP also does not support Forward secrecy, which means if either your or the recipient's private key is ever stolen, all previous messages encrypted with it will be exposed. [How do I protect my private keys?](email.md#how-do-i-protect-my-private-keys)
 
 ## Recommended Email Providers
 

docs/encryption.en.md

@@ -38,7 +38,7 @@ Truecrypt has been [audited a number of times](https://en.wikipedia.org/wiki/Tru
 
     ![Cryptomator logo](assets/img/encryption-software/cryptomator.svg){ align=right }
 
-    **Cryptomator** makes it easy for you to upload files to the cloud in a virtual encrypted file system.
+    **Cryptomator** is an encryption solution designed for privately saving files to any cloud provider. It allows you to create vaults that are stored on a virtual drive, the contents of which are encrypted and synced with your cloud storage provider.
 
     [Homepage](https://cryptomator.org){ .md-button .md-button--primary } [Privacy Policy](https://cryptomator.org/privacy){ .md-button }
 
@@ -49,11 +49,15 @@ Truecrypt has been [audited a number of times](https://en.wikipedia.org/wiki/Tru
         - [:fontawesome-brands-linux: Linux](https://cryptomator.org/downloads)
         - [:pg-flathub: Flatpak](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
         - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
-        - [:fontawesome-brands-android: F-Droid repo](https://cryptomator.org/android)
+        - [:pg-f-droid: F-Droid](https://cryptomator.org/android)
         - [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
         - [:fontawesome-brands-github: Source](https://github.com/cryptomator)
 
-Some of the Cryptomator Crypto Libraries have been [audited](https://cryptomator.org/open-source/) by [Cure53](https://cryptomator.org/audits/2017-11-27%20crypto%20cure53.pdf). The scope of those libraries included [cryptolib](https://github.com/cryptomator/cryptolib), [cryptofs](https://github.com/cryptomator/cryptofs), [siv-mode](https://github.com/cryptomator/siv-mode) and [cryptomator-objc-cryptor](https://github.com/cryptomator/cryptomator-objc-cryptor). It did not include [cryptolib-swift](https://github.com/cryptomator/cryptolib-swift) which is now used on iOS.
+Cryptomator utilizes AES-256 encryption to encrypt both files and filenames. Cryptomator cannot encrypt some metadata such as access, modification, and creation timestamps, nor the number and size of files and folders.
+
+Some Cryptomator cryptographic libraries have been [audited](https://community.cryptomator.org/t/has-there-been-a-security-review-audit-of-cryptomator/44) by Cure53. The scope of the audited libraries include: [cryptolib](https://github.com/cryptomator/cryptolib), [cryptofs](https://github.com/cryptomator/cryptofs), [siv-mode](https://github.com/cryptomator/siv-mode) and [cryptomator-objc-cryptor](https://github.com/cryptomator/cryptomator-objc-cryptor). The audit did not extend to [cryptolib-swift](https://github.com/cryptomator/cryptolib-swift), which is a library used by Cryptomator for iOS.
+
+Cryptomator's documentation details its intended [security target](https://docs.cryptomator.org/en/latest/security/security-target/), [security architecture](https://docs.cryptomator.org/en/latest/security/architecture/), and [best practices](https://docs.cryptomator.org/en/latest/security/best-practices/) for use in further detail.
 
 ### Picocrypt
 

docs/file-sharing.en.md

@@ -46,7 +46,7 @@ Discover how to privately share your files between your devices, with your frien
 
     ![FreedomBox logo](assets/img/file-sharing-sync/freedombox.svg){ align=right }
 
-    **FreedomBox** is a operating system designed to be run on a [single-board computer (SBC)](https://en.wikipedia.org/wiki/Single-board_computer). The purpose is to make it easy to set up server applications that you might want to selfhost.
+    **FreedomBox** is an operating system designed to be run on a [single-board computer (SBC)](https://en.wikipedia.org/wiki/Single-board_computer). The purpose is to make it easy to set up server applications that you might want to selfhost.
 
     [Homepage](https://freedombox.org){ .md-button .md-button--primary }
 
@@ -62,7 +62,7 @@ Discover how to privately share your files between your devices, with your frien
 
     ![Syncthing logo](assets/img/file-sharing-sync/syncthing.svg){ align=right }
 
-    **Syncthing** replaces proprietary sync and cloud services with something open, trustworthy, and decentralized. Your data is your data alone and you deserve to choose where it is stored, if it is shared with some third-party, and how it is transmitted over the Internet.
+    **Syncthing** is an open-source peer-to-peer continuous file synchronization utility. It is used to synchronize files between two or more devices over the local network or the internet. Syncthing does not use a centralized server; it uses the [Block Exchange Protocol](https://docs.syncthing.net/specs/bep-v1.html#bep-v1) to transfer data between devices. All data is encrypted using TLS.
 
     [Homepage](https://syncthing.net){ .md-button .md-button--primary }
 

docs/notebooks.en.md

@@ -82,7 +82,7 @@ Joplin does not support password/pin protection for the [application itself or i
 
     ![Org-mode logo](assets/img/notebooks/org-mode.svg){ align=right }
 
-    **Org-mode** is a [major mode](https://www.gnu.org/software/emacs/manual/html_node/elisp/Major-Modes.html) for GNU Emacs. Org-mode is for keeping notes, maintaining TODO lists, planning projects, and authoring documents with a fast and effective plain-text system. Synchronization is possible with [file synchronization](/software/file-sharing/#sync) tools.
+    **Org-mode** is a [major mode](https://www.gnu.org/software/emacs/manual/html_node/elisp/Major-Modes.html) for GNU Emacs. Org-mode is for keeping notes, maintaining TODO lists, planning projects, and authoring documents with a fast and effective plain-text system. Synchronization is possible with [file synchronization](/file-sharing/#file-sync) tools.
 
     [Homepage](https://orgmode.org){ .md-button .md-button--primary }
 

docs/qubes.en.md

@@ -2,10 +2,6 @@
 title: "Qubes OS"
 icon: pg/qubes-os
 ---
-Qubes OS is a distribution of Linux that uses [Xen](https://en.wikipedia.org/wiki/Xen) to provide app isolation.
-
-### Qubes OS
-
 !!! recommendation
 
     ![Qubes OS logo](assets/img/qubes/qubes_os.svg){ align=right }

docs/router.en.md

@@ -4,7 +4,7 @@ icon: material/router-wireless
 ---
 Below are a few alternative operating systems, that can be used on routers, Wi-Fi access points etc.
 
-### OpenWrt
+## OpenWrt
 
 !!! recommendation
 
@@ -21,7 +21,7 @@ Below are a few alternative operating systems, that can be used on routers, Wi-F
 
 You can consult OpenWrt's [table of hardware](https://openwrt.org/toh/start) to check if your device is supported.
 
-### pfSense
+## pfSense
 
 !!! recommendation
 

docs/search-engines.en.md

@@ -8,7 +8,7 @@ The recommendations here are based on the merits of each service's privacy polic
 
 Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org/) if your threat model requires hiding your IP address from the search provider.
 
-### DuckDuckGo
+## DuckDuckGo
 
 !!! recommendation
 
@@ -27,7 +27,7 @@ DuckDuckGo is based in the :flag_us: United States. Their [privacy policy](https
 
 DuckDuckGo offers two other [versions](https://help.duckduckgo.com/features/non-javascript/) of their search engine, both of which do not require JavaScript. These versions do lack features, however. These versions can also be used in conjunction with their [Tor onion address](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/) by appending [/lite](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/lite) or [/html](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/html) for the respective version.
 
-### Startpage
+## Startpage
 
 !!! recommendation
 
@@ -44,7 +44,7 @@ Startpage is based in the :flag_nl: Netherlands. According to their [privacy pol
 
 Startpage's majority shareholder is System1 who is an adtech company. We don't believe that to be an issue as they have an distinctly separate [privacy policy](https://system1.com/terms/privacy-policy). The Privacy Guides team reached out to Startpage [back in 2020](https://web.archive.org/web/20210118031008/https://blog.privacytools.io/relisting-startpage/) to clear up any concerns with System1's sizeable investment into the service. We were satisfied with the answers we received.
 
-### Mojeek
+## Mojeek
 
 !!! recommendation
 
@@ -56,7 +56,7 @@ Startpage's majority shareholder is System1 who is an adtech company. We don't b
 
 The company is based in the :flag_gb: UK. According to their [Privacy Policy](https://www.mojeek.com/about/privacy/), they log the originating country, time, page requested, and referral data of each query. IP addresses are not logged.
 
-### SearXNG
+## SearXNG
 
 !!! recommendation
 

docs/security/multi-factor-authentication.en.md

@@ -2,7 +2,7 @@
 title: "Multi-factor Authentication"
 icon: 'material/two-factor-authentication'
 ---
-**Multi-factor authentication** is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from an SMS or app.
+**Multi-factor authentication** is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app.
 
 Normally, if a hacker (or adversary) is able to figure out your password then they’d gain access to the account that password belongs to. An account with MFA forces the hacker to have both the password (something you *know*) and a device that you own (something you *have*), like your phone.
 

docs/self-contained-networks.en.md

@@ -2,11 +2,9 @@
 title: "Self-Contained Networks"
 icon: material/security-network
 ---
-If you are currently browsing clearnet and want to access the dark web, this section is for you.
+These networks are designed to keep your traffic anonymous.
 
-## Self-contained Networks
-
-### Tor
+## Tor
 
 !!! recommendation
 
@@ -29,7 +27,7 @@ If you are currently browsing clearnet and want to access the dark web, this sec
         - [:fontawesome-brands-android: Android](https://www.torproject.org/download/#android)
         - [:fontawesome-brands-git: Source](https://gitweb.torproject.org/tor.git)
 
-### Invisible Internet Project
+## Invisible Internet Project
 
 !!! recommendation
 
@@ -53,7 +51,7 @@ If you are currently browsing clearnet and want to access the dark web, this sec
         - [:pg-f-droid: F-Droid](https://f-droid.org/app/net.i2p.android.router)
         - [:fontawesome-brands-git: Source](https://geti2p.net/en/get-involved/guides/new-developers#getting-the-i2p-code)
 
-### The Freenet Project
+## The Freenet Project
 
 !!! recommendation
 

docs/technology/dns.en.md

@@ -109,7 +109,7 @@ We can see the [connection establishment](https://en.wikipedia.org/wiki/Transmis
 
 ## Why **shouldn't** I use encrypted DNS?
 
-In locations where there is internet filtering (or censorship), visiting forbidden resources may have its own consequences which you should consider in your [threat model](../threat-modeling.md). We do **not** suggest the use of encrypted DNS for this purpose. Use [Tor](https://torproject.org) or a [VPN](vpn) instead. If you're using a VPN, you should use your VPN's DNS servers. When using a VPN, you are already trusting them with all your network activity.
+In locations where there is internet filtering (or censorship), visiting forbidden resources may have its own consequences which you should consider in your [threat model](../threat-modeling.md). We do **not** suggest the use of encrypted DNS for this purpose. Use [Tor](https://torproject.org) or a [VPN](../vpn.md) instead. If you're using a VPN, you should use your VPN's DNS servers. When using a VPN, you are already trusting them with all your network activity.
 
 When we do a DNS lookup, it's generally because we want to access a resource. Below, we will discuss some of the methods that may disclose your browsing activities even when using encrypted DNS:
 

theme/overrides/home.en.html

@@ -1,6 +1,11 @@
 {% extends "base.html" %}
 {% block extrahead %}
   <link rel="stylesheet" href="{{ 'overrides/home.css' | url }}">
+  <link rel="me" href="https://aragon.sh/@jonah">
+  <link rel="me" href="https://fosstodon.org/@freddy">
+  <link rel="me" href="https://mastodon.social/@dngray">
+  <link rel="me" href="https://mastodon.social/@blacklight447">
+  <link rel="me" href="https://fosstodon.org/@hook54321">
 {% endblock %}
 {% block tabs %}
   {{ super() }}