Make headings consistent and remove redundant descriptions (#1207)

Co-authored-by: Jonah Aragon <jonah@triplebit.net>

docs/browsers.en.md

@@ -60,7 +60,7 @@ These options can be found in :material-menu: → **Settings** → **Privacy & S
 
 ##### Enhanced Tracking Protection
 
-- [x] Enable **Strict** Enhanced Tracking Protection
+- [x] Select **Strict** Enhanced Tracking Protection
 
 This protects you by blocking social media trackers, fingerprinting scripts (note that this does not protect you from *all* fingerprinting), cryptominers, cross-site tracking cookies, and some other tracking content. ETP protects against many common threats, but it does not block all tracking avenues because it is designed to have minimal to no impact on site usability.
 
@@ -72,17 +72,17 @@ If you want to stay logged in to particular sites, you can allow exceptions in *
 
 This protects you from persistent cookies, but does not protect you against cookies acquired during any one browsing session. When this is enabled, it becomes possible to easily cleanse your browser cookies by simply restarting Firefox. You can set exceptions on a per-site basis, if you wish to stay logged in to a particular site you visit often.
 
-##### Disable Search Suggestions
+##### Search Suggestions
 
-- [ ] Uncheck **Suggestions from the web**
-- [ ] Uncheck **Suggestions from sponsors**
-- [ ] Uncheck **Improve the Firefox Suggest experience**
+- [ ] Disable **Suggestions from the web**
+- [ ] Disable **Suggestions from sponsors**
+- [ ] Disable **Improve the Firefox Suggest experience**
 
 Search suggestion features may not be available in your region.
 
 Search suggestions send everything you type in the address bar to the default search engine, regardless of whether you submit an actual search. Disabling search suggestions allows you to more precisely control what data you send to your search engine provider.
 
-##### Disable Telemetry
+##### Telemetry
 
 - [ ] Uncheck **Allow Firefox to send technical and interaction data to Mozilla**
 - [ ] Uncheck **Allow Firefox to install and run studies**
@@ -94,11 +94,11 @@ Search suggestions send everything you type in the address bar to the default se
 
 - [x] Select **Enable HTTPS-Only Mode in all windows**
 
-This prevents you from unintentionally connecting to a website in plain-text HTTP. The HTTP protocol is extremely uncommon nowadays, so this should have little to no impact on your day to day browsing.
+This prevents you from unintentionally connecting to a website in plain-text HTTP. Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day to day browsing.
 
 #### Sync
 
-[Firefox Sync](https://hacks.mozilla.org/2018/11/firefox-sync-privacy/) allows your browsing data (history, bookmarks, etc.) to be accessible on all your devices. It is fully E2EE, so it should be safe to use.
+[Firefox Sync](https://hacks.mozilla.org/2018/11/firefox-sync-privacy/) allows your browsing data (history, bookmarks, etc.) to be accessible on all your devices and protects it with E2EE.
 
 #### Extensions
 
@@ -110,7 +110,7 @@ The [Arkenfox project](https://github.com/arkenfox/user.js) provides a set of ca
 
 ## Mobile Browser Recommendations
 
-Firefox on Android is still less secure than Chromium-based alternatives: Mozilla's engine [GeckoView](https://mozilla.github.io/geckoview/) has yet to support [site isolation](https://hacks.mozilla.org/2021/05/introducing-firefox-new-site-isolation-security-architecture) or enable [isolatedProcess](https://bugzilla.mozilla.org/show_bug.cgi?id=1565196).
+Firefox on Android is still less secure than Chromium-based alternatives: Mozilla's engine, [GeckoView](https://mozilla.github.io/geckoview/), has yet to support [site isolation](https://hacks.mozilla.org/2021/05/introducing-firefox-new-site-isolation-security-architecture) or enable [isolatedProcess](https://bugzilla.mozilla.org/show_bug.cgi?id=1565196).
 
 On iOS, any app that can browse the web is [restricted](https://developer.apple.com/app-store/review/guidelines) to using an Apple-provided [WebKit framework](https://developer.apple.com/documentation/webkit), so there is little reason to use a third-party web browser.
 
@@ -173,7 +173,7 @@ Privacy Report is accessible through the "**Aa**" icon in the URL bar.
 
 ##### Privacy Preserving Ad Measurement
 
-- [ ] Uncheck **Privacy Preserving Ad Measurement**
+- [ ] Disable **Privacy Preserving Ad Measurement**
 
 Ad click measurement has traditionally used tracking technology that infringes on user privacy. [Private Click Measurement](https://webkit.org/blog/11529/introducing-private-click-measurement-pcm/) is a WebKit feature and proposed web standard aimed towards allowing advertisers to measure the effectiveness of web campaigns without compromising on user privacy.
 
@@ -183,14 +183,18 @@ The feature has little privacy concerns on its own, so while you can choose to l
 
 If you do not use Apple Pay, you can toggle off the ability for websites to check for it.
 
-- [ ] Uncheck **Allow websites to check for Apple Pay and Apple Card**
+- [ ] Disable **Allow websites to check for Apple Pay and Apple Card**
 
 ##### Always-on Private Browsing
 
-Open Safari and press the tabs icon in the bottom right corner. Open Tab Groups, located in the bottom middle.
+Open Safari and tap the Tabs button, located in the bottom right. Then, expand the Tab Groups list.
 
 - [x] Select **Private**
 
+Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are also other smaller privacy benefits with Private Browsing, such as not sending a webpage’s address to Apple when using Safari's translation feature.
+
+Do note that Private Browsing does not save cookies and website data, so it won't be possible to remain signed into sites. This may be an inconvenience.
+
 ##### iCloud Sync
 
 While synchronization of Safari History, Tab Groups, and iCloud Tabs uses E2EE, bookmarks sync does [not](https://support.apple.com/en-us/HT202303); they are only encrypted in transit and stored in an encrypted format on Apple's servers. Apple may be able to decrypt and access them.

docs/cloud.en.md

@@ -2,11 +2,11 @@
 title: "Cloud Storage"
 icon: material/file-cloud
 ---
-If you are currently using a Cloud Storage Service like Dropbox, Google Drive, Microsoft OneDrive or Apple iCloud, you are putting complete trust in your service provider to not look at your files.
+If you are currently using a Cloud Storage Service like Dropbox, Google Drive, Microsoft OneDrive, or Apple iCloud, you are putting complete trust in your service provider to not look at your files.
 
-Trust your provider by using an alternative below that supports E2EE.
+Eliminate the need for trust in your provider by using an alternative below that supports E2EE.
 
-### Nextcloud
+## Nextcloud
 
 !!! recommendation
 
@@ -31,9 +31,9 @@ Trust your provider by using an alternative below that supports E2EE.
 
 We recommend checking if your Nextcloud provider supports E2EE, otherwise you have to trust the provider to not look at your files.
 
-When self hosting Nextcloud, you should also remember to enable E2EE to protect against your hosting provider from snooping on your data.
+When self hosting Nextcloud, you should also enable E2EE to protect against your hosting provider snooping on your data.
 
-### Proton Drive
+## Proton Drive
 
 !!! recommendation
 
@@ -51,14 +51,14 @@ Proton Drive is currently in beta and only is only available through a web clien
 
 When using a web client, you are placing trust in the server to send you proper JavaScript code to derive the decryption key and authentication token locally in your browser. A compromised server can send you malicious JavaScript code to steal your master password and decrypt your data. If this does not fit your [threat model](threat-modeling.md), consider using an alternative.
 
-### Cryptee
+## Cryptee
 
 !!! recommendation
 
     ![Cryptee logo](./assets/img/cloud/cryptee.svg#only-light){ align=right }
     ![Cryptee logo](./assets/img/cloud/cryptee-dark.svg#only-dark){ align=right }
 
-    **Cryptee** is an encrypted, secure photo storage service, and an encrypted documents editor to write personal docs, notes, journals, store files & more.
+    **Cryptee** is an encrypted, secure photo storage service, and an encrypted documents editor.
 
     [Website](https://crypt.ee){ .md-button .md-button--primary } [Privacy Policy](https://crypt.ee/privacy){ .md-button }
 
@@ -66,7 +66,7 @@ When using a web client, you are placing trust in the server to send you proper
 
         - [:fontawesome-brands-github: Source](https://github.com/cryptee/web-client)
 
-### Tahoe-LAFS
+## Tahoe-LAFS
 
 !!! note
 
@@ -78,7 +78,7 @@ When using a web client, you are placing trust in the server to send you proper
     ![Tahoe-LAFS logo](./assets/img/cloud/tahoe-lafs.svg#only-light){ align=right }
     ![Tahoe-LAFS logo](./assets/img/cloud/tahoe-lafs-dark.svg#only-dark){ align=right }
 
-    **Tahoe-LAFS** is a free and open decentralized cloud storage system. It distributes your data across multiple servers. Even if some of the servers fail or are taken over by an attacker, the entire file store continues to function correctly, preserving your privacy and security. The servers used as storage pools do not have access to your data.
+    **Tahoe-LAFS** is a free, open, and decentralized cloud storage system. It distributes your data across multiple servers. Even if some of the servers fail or are taken over by an attacker, the entire file store continues to function correctly, preserving your privacy and security. The servers used as storage pools do not have access to your data.
 
     [Homepage](https://www.tahoe-lafs.org){ .md-button .md-button--primary }
 

docs/dns.en.md

@@ -11,14 +11,14 @@ icon: material/dns
 
 ## Recommended Providers
 
-| DNS Provider | Privacy Policy | Type | Protocols | Logging | ECS | Filtering |
-| ------------ | -------------- | ---- | --------- | ------- | --- | --------- |
-| [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Commercial | Cleartext <br> DoH <br> DoT <br> DNSCrypt | Some[^1] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS)
-| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Commercial | Cleartext <br> DoH <br> DoT | Some[^2] | No | Based on server choice.|
-| [**ControlD**](https://controld.com) | [:octicons-link-external-24:](https://controld.com/privacy) | Commercial | Cleartext <br> DoH <br> DoT | Optional[^3] | No |  Based on server choice.  |
-| [**MullvadDNS**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | Commercial | DoH <br> DoT | No[^4] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock)
-| [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Commercial | Cleartext <br> DoH <br> DoT <br> DNSCrypt | Optional[^5] | Optional | Based on server choice. |
-| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Non-Profit | Cleartext <br> DoH <br> DoT <br> DNSCrypt | Some[^6] | Optional |  Based on server choice, Malware blocking by default. |
+| DNS Provider | Privacy Policy | Protocols | Logging | ECS | Filtering |
+| ------------ | -------------- | --------- | ------- | --- | --------- |
+| [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Cleartext <br> DoH <br> DoT <br> DNSCrypt | Some[^1] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS)
+| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Cleartext <br> DoH <br> DoT | Some[^2] | No | Based on server choice.|
+| [**ControlD**](https://controld.com) | [:octicons-link-external-24:](https://controld.com/privacy) | Cleartext <br> DoH <br> DoT | Optional[^3] | No |  Based on server choice.  |
+| [**MullvadDNS**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | DoH <br> DoT | No[^4] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock)
+| [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Cleartext <br> DoH <br> DoT <br> DNSCrypt | Optional[^5] | Optional | Based on server choice. |
+| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Cleartext <br> DoH <br> DoT <br> DNSCrypt | Some[^6] | Optional |  Based on server choice, Malware blocking by default. |
 
 [^1]: AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested in within last 24 hours. "We need this information to identify and block new trackers and threats." "We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html)
 [^2]: Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver. The 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is stored only for 25 hours. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/)

docs/email-clients.en.md

@@ -11,7 +11,7 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
 
     [Real-time Communication](real-time-communication.md){ .md-button }
 
-### Thunderbird
+## Thunderbird
 
 !!! recommendation
 
@@ -29,7 +29,7 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
         - [:pg-flathub: Flatpak](https://flathub.org/apps/details/org.mozilla.Thunderbird)
         - [:fontawesome-brands-git: Source](https://hg.mozilla.org/comm-central)
 
-### Apple Mail
+## Apple Mail
 
 !!! note
 
@@ -43,7 +43,7 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
 
     [Website](https://support.apple.com/guide/mail/welcome/mac){ .md-button .md-button--primary } [Privacy Policy](https://www.apple.com/legal/privacy/en-ww/){ .md-button }
 
-### GNOME Evolution
+## GNOME Evolution
 
 !!! recommendation
 
@@ -58,7 +58,7 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
         - [:pg-flathub: Flatpak](https://flathub.org/apps/details/org.gnome.Evolution)
         - [:fontawesome-brands-gitlab: Source](https://gitlab.gnome.org/GNOME/evolution)
 
-### Kontact
+## Kontact
 
 !!! recommendation
 
@@ -74,7 +74,7 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
         - [:pg-flathub: Flatpak](https://flathub.org/apps/details/org.kde.kontact)
         - [:fontawesome-brands-git: Source](https://invent.kde.org/pim/kmail)
 
-### Mailvelope
+## Mailvelope
 
 !!! recommendation
 
@@ -91,7 +91,7 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
         - [:fontawesome-brands-edge: Edge](https://microsoftedge.microsoft.com/addons/detail/mailvelope/dgcbddhdhjppfdfjpciagmmibadmoapc)
         - [:fontawesome-brands-github: Source](https://github.com/mailvelope/mailvelope)
 
-### K-9 Mail
+## K-9 Mail
 
 !!! recommendation
 
@@ -107,7 +107,7 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
         - [:pg-f-droid: F-Droid](https://f-droid.org/packages/com.fsck.k9)
         - [:fontawesome-brands-github: Source](https://github.com/k9mail)
 
-### FairEmail
+## FairEmail
 
 !!! recommendation
 
@@ -123,7 +123,7 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
         - [:pg-f-droid: F-Droid](https://f-droid.org/packages/eu.faircode.email/)
         - [:fontawesome-brands-github: Source](https://github.com/M66B/FairEmail)
 
-### Canary Mail
+## Canary Mail
 
 !!! recommendation
 
@@ -146,7 +146,7 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
 
 Canary Mail is closed source. We recommend it, due to the few choices there are for email clients on iOS that support PGP E2EE.
 
-### NeoMutt
+## NeoMutt
 
 !!! recommendation
 

docs/email.en.md

@@ -13,7 +13,7 @@ For everything else, we recommend a variety of email providers based on sustaina
     When using E2EE technology like OpenPGP, email will still have some metadata that is not encrypted in the header of the email. Read more about email metadata.
 
     OpenPGP also does not support Forward secrecy, which means if either your or the recipient's private key is ever stolen, all previous messages encrypted with it will be exposed. [How do I protect my private keys?](email.md#how-do-i-protect-my-private-keys)
-    
+
 ## Recommended Email Providers
 
 ### ProtonMail

docs/file-sharing.en.md

@@ -46,7 +46,7 @@ Discover how to privately share your files between your devices, with your frien
 
     ![FreedomBox logo](assets/img/file-sharing-sync/freedombox.svg){ align=right }
 
-    **FreedomBox** is a operating system designed to be run on a [single-board computer (SBC)](https://en.wikipedia.org/wiki/Single-board_computer). The purpose is to make it easy to set up server applications that you might want to selfhost.
+    **FreedomBox** is an operating system designed to be run on a [single-board computer (SBC)](https://en.wikipedia.org/wiki/Single-board_computer). The purpose is to make it easy to set up server applications that you might want to selfhost.
 
     [Homepage](https://freedombox.org){ .md-button .md-button--primary }
 
@@ -62,7 +62,7 @@ Discover how to privately share your files between your devices, with your frien
 
     ![Syncthing logo](assets/img/file-sharing-sync/syncthing.svg){ align=right }
 
-    **Syncthing** replaces proprietary sync and cloud services with something open, trustworthy, and decentralized. Your data is your data alone and you deserve to choose where it is stored, if it is shared with some third-party, and how it is transmitted over the Internet.
+    **Syncthing** is an open-source peer-to-peer continuous file synchronization utility. It is used to synchronize files between two or more devices over the local network or the internet. Syncthing does not use a centralized server; it uses the [Block Exchange Protocol](https://docs.syncthing.net/specs/bep-v1.html#bep-v1) to transfer data between devices. All data is encrypted using TLS.
 
     [Homepage](https://syncthing.net){ .md-button .md-button--primary }
 

docs/qubes.en.md

@@ -2,10 +2,6 @@
 title: "Qubes OS"
 icon: pg/qubes-os
 ---
-Qubes OS is a distribution of Linux that uses [Xen](https://en.wikipedia.org/wiki/Xen) to provide app isolation.
-
-### Qubes OS
-
 !!! recommendation
 
     ![Qubes OS logo](assets/img/qubes/qubes_os.svg){ align=right }

docs/router.en.md

@@ -4,7 +4,7 @@ icon: material/router-wireless
 ---
 Below are a few alternative operating systems, that can be used on routers, Wi-Fi access points etc.
 
-### OpenWrt
+## OpenWrt
 
 !!! recommendation
 
@@ -21,7 +21,7 @@ Below are a few alternative operating systems, that can be used on routers, Wi-F
 
 You can consult OpenWrt's [table of hardware](https://openwrt.org/toh/start) to check if your device is supported.
 
-### pfSense
+## pfSense
 
 !!! recommendation
 

docs/search-engines.en.md

@@ -8,7 +8,7 @@ The recommendations here are based on the merits of each service's privacy polic
 
 Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org/) if your threat model requires hiding your IP address from the search provider.
 
-### DuckDuckGo
+## DuckDuckGo
 
 !!! recommendation
 
@@ -27,7 +27,7 @@ DuckDuckGo is based in the :flag_us: United States. Their [privacy policy](https
 
 DuckDuckGo offers two other [versions](https://help.duckduckgo.com/features/non-javascript/) of their search engine, both of which do not require JavaScript. These versions do lack features, however. These versions can also be used in conjunction with their [Tor onion address](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/) by appending [/lite](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/lite) or [/html](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/html) for the respective version.
 
-### Startpage
+## Startpage
 
 !!! recommendation
 
@@ -44,7 +44,7 @@ Startpage is based in the :flag_nl: Netherlands. According to their [privacy pol
 
 Startpage's majority shareholder is System1 who is an adtech company. We don't believe that to be an issue as they have an distinctly separate [privacy policy](https://system1.com/terms/privacy-policy). The Privacy Guides team reached out to Startpage [back in 2020](https://web.archive.org/web/20210118031008/https://blog.privacytools.io/relisting-startpage/) to clear up any concerns with System1's sizeable investment into the service. We were satisfied with the answers we received.
 
-### Mojeek
+## Mojeek
 
 !!! recommendation
 
@@ -56,7 +56,7 @@ Startpage's majority shareholder is System1 who is an adtech company. We don't b
 
 The company is based in the :flag_gb: UK. According to their [Privacy Policy](https://www.mojeek.com/about/privacy/), they log the originating country, time, page requested, and referral data of each query. IP addresses are not logged.
 
-### SearXNG
+## SearXNG
 
 !!! recommendation
 

docs/security/multi-factor-authentication.en.md

@@ -2,7 +2,7 @@
 title: "Multi-factor Authentication"
 icon: 'material/two-factor-authentication'
 ---
-**Multi-factor authentication** is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from an SMS or app.
+**Multi-factor authentication** is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app.
 
 Normally, if a hacker (or adversary) is able to figure out your password then they’d gain access to the account that password belongs to. An account with MFA forces the hacker to have both the password (something you *know*) and a device that you own (something you *have*), like your phone.
 

docs/self-contained-networks.en.md

@@ -2,11 +2,9 @@
 title: "Self-Contained Networks"
 icon: material/security-network
 ---
-If you are currently browsing clearnet and want to access the dark web, this section is for you.
+These networks are designed to keep your traffic anonymous.
 
-## Self-contained Networks
-
-### Tor
+## Tor
 
 !!! recommendation
 
@@ -29,7 +27,7 @@ If you are currently browsing clearnet and want to access the dark web, this sec
         - [:fontawesome-brands-android: Android](https://www.torproject.org/download/#android)
         - [:fontawesome-brands-git: Source](https://gitweb.torproject.org/tor.git)
 
-### Invisible Internet Project
+## Invisible Internet Project
 
 !!! recommendation
 
@@ -53,7 +51,7 @@ If you are currently browsing clearnet and want to access the dark web, this sec
         - [:pg-f-droid: F-Droid](https://f-droid.org/app/net.i2p.android.router)
         - [:fontawesome-brands-git: Source](https://geti2p.net/en/get-involved/guides/new-developers#getting-the-i2p-code)
 
-### The Freenet Project
+## The Freenet Project
 
 !!! recommendation
 

docs/technology/dns.en.md

@@ -109,7 +109,7 @@ We can see the [connection establishment](https://en.wikipedia.org/wiki/Transmis
 
 ## Why **shouldn't** I use encrypted DNS?
 
-In locations where there is internet filtering (or censorship), visiting forbidden resources may have its own consequences which you should consider in your [threat model](../threat-modeling.md). We do **not** suggest the use of encrypted DNS for this purpose. Use [Tor](https://torproject.org) or a [VPN](vpn) instead. If you're using a VPN, you should use your VPN's DNS servers. When using a VPN, you are already trusting them with all your network activity.
+In locations where there is internet filtering (or censorship), visiting forbidden resources may have its own consequences which you should consider in your [threat model](../threat-modeling.md). We do **not** suggest the use of encrypted DNS for this purpose. Use [Tor](https://torproject.org) or a [VPN](../vpn.md) instead. If you're using a VPN, you should use your VPN's DNS servers. When using a VPN, you are already trusting them with all your network activity.
 
 When we do a DNS lookup, it's generally because we want to access a resource. Below, we will discuss some of the methods that may disclose your browsing activities even when using encrypted DNS: