Add account deletion guide (#1224)

Co-Authored-By: Daniel Nathan Gray <dng@disroot.org>

docs/assets/img/browsers/brave.svg

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg version="1.1" viewBox="0 0 128 128" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><defs><linearGradient id="a" x2="235.8" y1="119.6" y2="119.6" gradientTransform="scale(.9229 1.084)" gradientUnits="userSpaceOnUse"><stop stop-color="#F50" offset="0"/><stop stop-color="#F50" offset=".4099"/><stop stop-color="#FF2000" offset=".582"/><stop stop-color="#FF2000" offset="1"/></linearGradient><linearGradient id="c" x1="11.3" x2="100.5" y1="46.23" y2="46.23" gradientTransform="scale(1.981 .5049)" gradientUnits="userSpaceOnUse"><stop stop-color="#FF452A" offset="0"/><stop stop-color="#FF2000" offset="1"/></linearGradient><path id="b" d="m170.3 25.34-22.3-25.34h-78.34l-22.3 25.34s-19.58-5.447-28.83 3.813c0 0 26.11-2.36 35.09 12.26 0 0 24.21 4.63 27.47 4.63s10.34-2.724 16.86-4.902c6.528-2.179 10.88-2.195 10.88-2.195s4.352 0.016 10.88 2.195c6.528 2.178 13.6 4.902 16.86 4.902s27.47-4.63 27.47-4.63c8.976-14.62 35.09-12.26 35.09-12.26-9.248-9.26-28.83-3.813-28.83-3.813"/></defs><g transform="matrix(.50101 0 0 .50101 9.4745 .0060121)" fill-rule="evenodd"><path d="m210 61.28 5.984-14.71s-7.616-8.17-16.86-17.43c-9.248-9.259-28.83-3.812-28.83-3.812l-22.3-25.34h-78.34l-22.3 25.34s-19.58-5.447-28.83 3.813-16.86 17.43-16.86 17.43l5.984 14.71-7.616 21.79s22.4 84.95 25.02 95.32c5.168 20.42 8.704 28.32 23.39 38.67s41.34 28.32 45.7 31.05c4.352 2.724 9.792 7.363 14.69 7.363s10.34-4.64 14.69-7.363 31.01-20.7 45.7-31.05 18.22-18.25 23.39-38.67c2.624-10.37 25.02-95.32 25.02-95.32z" fill="url(#a)"/><path d="m164 41.4s28.69 34.72 28.69 42.14c0 7.421-3.608 9.38-7.237 13.24l-21.51 22.87c-2.036 2.164-6.273 5.445-3.78 11.35 2.492 5.905 6.168 13.42 2.08 21.04-4.089 7.62-11.09 12.71-15.58 11.87-4.489-0.842-15.03-6.357-18.9-8.876-3.876-2.52-16.16-12.66-16.16-16.54s12.7-10.85 15.04-12.43c2.347-1.583 13.05-7.712 13.27-10.12 0.219-2.406 0.136-3.111-3.022-9.055s-8.845-13.88-7.898-19.15c0.946-5.277 10.12-8.02 16.66-10.5 6.545-2.474 19.15-7.148 20.72-7.875 1.575-0.727 1.168-1.42-3.601-1.872-4.768-0.452-18.3-2.251-24.4-0.548-6.1 1.702-16.52 4.293-17.37 5.667-0.844 1.373-1.589 1.42-0.722 6.158 0.867 4.739 5.33 27.48 5.764 31.52 0.433 4.039 1.28 6.709-3.068 7.705-4.35 0.995-11.67 2.724-14.19 2.724s-9.838-1.729-14.19-2.724c-4.35-0.996-3.503-3.666-3.07-7.705 0.434-4.039 4.898-26.78 5.765-31.52s0.122-4.785-0.722-6.158c-0.844-1.374-11.27-3.965-17.37-5.667-6.1-1.703-19.63 0.096-24.4 0.548-4.769 0.453-5.176 1.145-3.602 1.872 1.575 0.727 14.18 5.4 20.72 7.875 6.546 2.475 15.72 5.22 16.66 10.5 0.946 5.278-4.741 13.21-7.899 19.15-3.158 5.944-3.241 6.65-3.022 9.055s10.92 8.534 13.27 10.12 15.04 8.552 15.04 12.43c0 3.882-12.28 14.03-16.16 16.54-3.876 2.52-14.42 8.034-18.9 8.876-4.488 0.84-11.49-4.246-15.58-11.87-4.089-7.621-0.412-15.14 2.08-21.04 2.491-5.905-1.745-9.186-3.78-11.35l-21.51-22.87c-3.629-3.858-7.237-5.817-7.237-13.24 0-7.422 28.69-42.14 28.69-42.14s24.21 4.63 27.47 4.63 10.34-2.724 16.86-4.902c6.528-2.179 10.88-2.195 10.88-2.195s4.352 0.016 10.88 2.195c6.528 2.178 13.6 4.902 16.86 4.902s27.47-4.63 27.47-4.63zm-21.51 132.8c1.775 1.113 0.692 3.212-0.925 4.357-1.618 1.145-23.36 18-25.47 19.86-2.11 1.864-5.21 4.94-7.318 4.94s-5.209-3.076-7.318-4.94c-2.11-1.863-23.85-18.72-25.47-19.86s-2.7-3.244-0.925-4.357c1.777-1.113 7.333-3.922 15-7.894 7.665-3.972 17.22-7.349 18.71-7.349s11.04 3.377 18.71 7.349 13.22 6.781 15 7.894z" fill="#fff"/><use width="100%" height="100%" fill="url(#c)" xlink:href="#b"/></g></svg>

docs/browsers.en.md

@@ -106,7 +106,72 @@ We generally do not recommend installing any extensions as they increase your at
 
 #### Arkenfox (advanced)
 
-The [Arkenfox project](https://github.com/arkenfox/user.js) provides a set of carefully considered options for Firefox. These options are quite strict but a few are subjective and may cause some websites to not work properly. You can easily change these settings to suit your needs. We **strongly recommend** reading through their [wiki](https://github.com/arkenfox/user.js/wiki). Arkenfox also enables [container](https://support.mozilla.org/en-US/kb/containers#w_for-advanced-users) support.
+The [Arkenfox project](https://github.com/arkenfox/user.js) provides a set of carefully considered options for Firefox. If you [decide](https://github.com/arkenfox/user.js/wiki/1.1-To-Arkenfox-or-Not) to use Arkenfox, a [few options](https://github.com/arkenfox/user.js/wiki/3.2-Overrides-[Common]) are subjectively strict and/or may cause some websites to not work properly - [which you can easily change](https://github.com/arkenfox/user.js/wiki/3.1-Overrides) to suit your needs. We **strongly recommend** reading through their full [wiki](https://github.com/arkenfox/user.js/wiki). Arkenfox also enables [container](https://support.mozilla.org/en-US/kb/containers#w_for-advanced-users) support.
+
+### Brave
+
+!!! recommendation
+
+    ![Brave logo](assets/img/browsers/brave.svg){ align=right }
+
+    **Brave** is built upon the Chromium browser, featuring a built in ad blocker and some [privacy features](https://brave.com/privacy-features/) enabled by default.
+
+    We only recommend Brave as a desktop browser. There are better [alternatives](#mobile-browser-recommendations) on mobile platforms.
+
+    [Visit Homepage](https://brave.com/){ .md-button .md-button--primary } [Privacy Policy](https://brave.com/privacy/browser/){ .md-button }
+
+    ??? downloads
+
+        - [:fontawesome-brands-windows: Windows](https://laptop-updates.brave.com/latest/winx64)
+        - [:fontawesome-brands-apple: macOS](https://laptop-updates.brave.com/latest/osxarm64)
+        - [:fontawesome-brands-linux: Linux](https://brave.com/linux/#linux)
+        - [:pg-flathub: Flatpak](https://flathub.org/apps/details/com.brave.Browser)
+        - [:fontawesome-brands-github: Source](https://github.com/brave/brave-browse)
+
+#### Recommended Configuration
+
+##### Shields
+
+Brave has privacy options such as ad and tracker blocking. It also includes some anti fingerprinting features in the [Shields](https://support.brave.com/hc/en-us/articles/360022973471-What-is-Shields-) component. We suggest configuring these options [globally](https://support.brave.com/hc/en-us/articles/360023646212-How-do-I-configure-global-and-site-specific-Shields-settings-) across all pages that you visit.
+
+We recommend setting *Aggressive* which can be found in :material-menu: **Settings** → **Shields** → **Trackers & ads blocking**.
+
+We also suggest changing the fingerprinting blocker to *Strict* in :material-menu: **Settings** → **Shields** → **Fingerprint blocking**. You can always downgrade it if you need to on a per-site basis.
+
+##### Social media blocking
+
+Disable social media components in :material-menu: **Settings** → **Social media blocking**.
+
+##### Privacy and Security
+
+There are a few options in here you may want to change:
+
+- Set the [*WebRTC IP Handling Policy*](https://support.brave.com/hc/en-us/articles/360017989132-How-do-I-change-my-Privacy-Settings-#webrtc) to *Disable Non-Proxied UDP* in :material-menu: **Settings** → **Privacy and Security**.
+- [ ] Uncheck **Allow privacy-preserving product analytics (P3A)**
+- [ ] Uncheck **Automatically send daily usage ping to Brave**
+- Enable *Always use secure connections* in :material-menu: **Settings** → **Privacy and Security** → **Security**.
+
+##### Sanitizing on close
+
+Select all items in *Clear browsing data* except for *Site and Shields Settings* in :material-menu: **Settings** → **Privacy and Security** → **Clear browsing data** → **On exit**.
+
+##### Extensions
+
+Disable the extensions you do not use in :material-menu: **Settings** → **Extensions**
+
+- [ ] Uncheck **Hangouts**
+- [ ] Uncheck **Private window with Tor**
+- [ ] Uncheck **WebTorrent**
+
+Brave is **not** as resistant to fingerprinting as the Tor Browser and far fewer people use Brave with Tor, so you will stand out. Where [strong anonymity is required](https://support.brave.com/hc/en-us/articles/360018121491-What-is-a-Private-Window-with-Tor-Connectivity-) use the [Tor Browser](#tor-browser).
+
+##### IPFS
+
+InterPlanetary File System (IPFS) is a decentralized peer-to-peer network for storing and sharing data in a distributed filesystem. Unless you use it set *Method to resolve IPFS resources* to *Disabled* in :material-menu: **Settings** → **IPFS**.
+
+##### Background apps
+
+Disable background apps in :material-menu: **Settings** → **Additional settings** → **System** → **Continue running apps when Brave is closed**.
 
 ## Mobile Browser Recommendations
 
@@ -126,7 +191,7 @@ On iOS, any app that can browse the web is [restricted](https://developer.apple.
 
     ??? downloads
 
-        - [:fontawesome-brands-android: Android](https://www.bromite.org/fdroid)
+        - [:pg-f-droid: F-Droid](https://www.bromite.org/fdroid) ([Neo Store](/android/#neo-store) users can enable the *Bromite repository* in :material-dots-vertical: → **Repositories**)
         - [:fontawesome-brands-github: Source](https://github.com/bromite/bromite)
 
 These options can be found in :material-menu: → :gear: **Settings** → **Privacy and Security**.
@@ -169,7 +234,7 @@ This enables WebKit's [Intelligent Tracking Protection](https://webkit.org/track
 
 Privacy Report provides a snapshot of cross-site trackers currently prevented from profiling you on the website you're visiting. It can also display a weekly report to show which trackers have been blocked over time.
 
-Privacy Report is accessible through the "**Aa**" icon in the URL bar.
+Privacy Report is accessible through the "**aA**" icon in the URL bar.
 
 ##### Privacy Preserving Ad Measurement
 
@@ -280,6 +345,6 @@ Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or b
 
     [Website](https://tosdr.org){ .md-button .md-button--primary } [Privacy Policy](https://addons.mozilla.org/firefox/addon/terms-of-service-didnt-read/privacy){ .md-button }
 
-We do not recommend installing ToS;DR as a browser extension. The same information is provided on their website.
+We do not recommend installing ToS;DR as a browser extension; the same information is also provided on their website.
 
 --8<-- "includes/abbreviations.en.md"

docs/dns.en.md

@@ -15,7 +15,6 @@ icon: material/dns
 | ------------ | -------------- | --------- | ------- | --- | --------- |
 | [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Cleartext <br> DoH <br> DoT <br> DNSCrypt | Some[^1] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS)
 | [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Cleartext <br> DoH <br> DoT | Some[^2] | No | Based on server choice.|
-| [**ControlD**](https://controld.com) | [:octicons-link-external-24:](https://controld.com/privacy) | Cleartext <br> DoH <br> DoT | Optional[^3] | No |  Based on server choice.  |
 | [**MullvadDNS**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | DoH <br> DoT | No[^4] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock)
 | [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Cleartext <br> DoH <br> DoT <br> DNSCrypt | Optional[^5] | Optional | Based on server choice. |
 | [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Cleartext <br> DoH <br> DoT <br> DNSCrypt | Some[^6] | Optional |  Based on server choice, Malware blocking by default. |
@@ -48,7 +47,7 @@ After installation of either a configuration profile or an app that utilizes the
 
 #### Signed Profiles
 
-Apple does not provide a native interface for creating encrypted DNS profiles. [Secure DNS profile creator](https://dns.notjakob.com/tool.html) is an unofficial tool for creating your own encrypted DNS profiles, however they will not be signed. Signed profiles are preferred; signing validates a profile's origin and helps to ensure the integrity of the profiles. A green "Verified" label is given to signed configuration profiles. For more information on code signing, see [About Code Signing](https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html). **Signed profiles** are offered by [AdGuard](https://adguard.com/en/blog/encrypted-dns-ios-14.html), [ControlD](https://kb.controld.com/en/tutorials), [NextDNS](https://apple.nextdns.io), [Quad9](https://www.quad9.net/news/blog/ios-mobile-provisioning-profiles/).
+Apple does not provide a native interface for creating encrypted DNS profiles. [Secure DNS profile creator](https://dns.notjakob.com/tool.html) is an unofficial tool for creating your own encrypted DNS profiles, however they will not be signed. Signed profiles are preferred; signing validates a profile's origin and helps to ensure the integrity of the profiles. A green "Verified" label is given to signed configuration profiles. For more information on code signing, see [About Code Signing](https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html). **Signed profiles** are offered by [AdGuard](https://adguard.com/en/blog/encrypted-dns-ios-14.html), [NextDNS](https://apple.nextdns.io), and [Quad9](https://www.quad9.net/news/blog/ios-mobile-provisioning-profiles/).
 
 #### iOS/iPadOS
 

docs/file-sharing.en.md

@@ -29,7 +29,7 @@ Discover how to privately share your files between your devices, with your frien
 
     ![Magic Wormhole logo](assets/img/file-sharing-sync/magic_wormhole.png){ align=right }
 
-    Magic Wormhole is a package that provides a library and a command-line tool named wormhole, which makes it possible to get arbitrary-sized files and directories (or short pieces of text) from one computer to another. Their motto: "Get things from one computer to another, safely.
+    **Magic Wormhole** is a package that provides a library and a command-line tool named wormhole, which makes it possible to get arbitrary-sized files and directories (or short pieces of text) from one computer to another. Their motto: "Get things from one computer to another, safely.
 
     [Homepage](https://magic-wormhole.readthedocs.io){ .md-button .md-button--primary }
 

docs/linux-desktop/overview.en.md

@@ -7,7 +7,7 @@ It is often believed that [open source](https://en.wikipedia.org/wiki/Open-sourc
 At the moment, desktop GNU/Linux does have some areas that could be better improved when compared to their proprietary counterparts, e.g:
 
 - A verified boot chain, unlike Apple’s [Secure Boot](https://support.apple.com/guide/security/startup-security-utility-secc7b34e5b5/web) (with [Secure Enclave](https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/1/web/1)), Android’s [Verified Boot](https://source.android.com/security/verifiedboot) or Microsoft Windows’s [boot process](https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process) with [TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). These features and hardware technologies can all help prevent persistent tampering by malware or [evil maid attacks](https://en.wikipedia.org/wiki/Evil_Maid_attack)
-- Strong sandboxing solution such as that found in [MacOS](https://developer.apple.com/library/archive/documentation/Security/Conceptual/AppSandboxDesignGuide/AboutAppSandbox/AboutAppSandbox.html), [ChromeOS](https://chromium.googlesource.com/chromiumos/docs/+/HEAD/sandboxing.md), and [Android](https://source.android.com/security/app-sandbox). Commonly used Linux sandboxing solutions such as [Flatpak](https://docs.flatpak.org/en/latest/sandbox-permissions.html) and [Firejail](https://firejail.wordpress.com/) still have a long way to go
+- Strong sandboxing solution such as that found in [macOS](https://developer.apple.com/library/archive/documentation/Security/Conceptual/AppSandboxDesignGuide/AboutAppSandbox/AboutAppSandbox.html), [ChromeOS](https://chromium.googlesource.com/chromiumos/docs/+/HEAD/sandboxing.md), and [Android](https://source.android.com/security/app-sandbox). Commonly used Linux sandboxing solutions such as [Flatpak](https://docs.flatpak.org/en/latest/sandbox-permissions.html) and [Firejail](https://firejail.wordpress.com/) still have a long way to go
 - Strong [exploit mitigations](https://madaidans-insecurities.github.io/linux.html#exploit-mitigations)
 
 Despite these drawbacks, desktop GNU/Linux distributions are great if you want to:
@@ -28,13 +28,9 @@ For frozen distributions, package maintainers are expected to backport patches t
 
 We don’t believe holding packages back and applying interim patches is a good idea, as it diverges from the way the developer might have intended the software to work. [Richard Brown](https://rootco.de/aboutme/) has a presentation about this:
 
-<iframe width="100%" style="height:50vh"
-  src="https://www.youtube-nocookie.com/embed/i8c0mg_mS7U"
-  title="Regular Releases are Wrong, Roll for your life"
-  frameborder="0"
-  allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture"
-  allowfullscreen>
-</iframe>
+<div class="yt-embed">
+  <iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/i8c0mg_mS7U" title="Regular Releases are Wrong, Roll for your life" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
+</div>
 
 ## Traditional vs Atomic updates
 
@@ -46,13 +42,9 @@ A transactional update system creates a snapshot that is made before and after a
 
 The Atomic update method is used for immutable distributions like Silverblue, Tumbleweed, and NixOS and can achieve reliability with this model. [Adam Šamalík](https://twitter.com/adsamalik) provided a presentation on how `rpm-ostree` works with Silverblue:
 
-<iframe width="100%" style="height:50vh"
-  src="https://www.youtube-nocookie.com/embed/-hpV5l-gJnQ"
-  title="Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalik"
-  frameborder="0"
-  allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture"
-  allowfullscreen>
-</iframe>
+<div class="yt-embed">
+  <iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/-hpV5l-gJnQ" title="Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalik" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
+</div>
 
 ## “Security-focused” distributions
 

docs/linux-desktop/sandboxing.en.md

@@ -2,7 +2,7 @@
 title: Application Sandboxing
 icon: octicons/apps-16
 ---
-Some sandboxing solutions for desktop Linux distributions do exist, however they are not as strict as those found in MacOS or ChromeOS. Applications installed from the package manager (`dnf`, `apt`, etc.) typically have **no** sandboxing or confinement whatsoever. Below are a few projects that aim to solve this problem:
+Some sandboxing solutions for desktop Linux distributions do exist, however they are not as strict as those found in macOS or ChromeOS. Applications installed from the package manager (`dnf`, `apt`, etc.) typically have **no** sandboxing or confinement whatsoever. Below are a few projects that aim to solve this problem:
 
 ### Flatpak
 

docs/passwords.en.md

@@ -146,7 +146,7 @@ These products are minimal password managers that can be used within scripting a
 
     ![gopass logo](assets/img/password-management/gopass.svg){ align=right }
 
-    **gopass** is a password manager for the command line written in Go. It works on all major desktop and server operating systems (Linux, MacOS, BSD, Windows).
+    **gopass** is a password manager for the command line written in Go. It works on all major desktop and server operating systems (Linux, macOS, BSD, Windows).
 
     [Homepage](https://www.gopass.pw){ .md-button .md-button--primary }
 

docs/security/account-deletion.en.md

@@ -0,0 +1,59 @@
+---
+title: "Account Deletion"
+icon: 'material/account-remove'
+---
+It can be easy to accumulate a number of online accounts over time, many of which you may no longer use. Deleting these unused accounts is an important step in reclaiming your privacy, as dormant accounts are vulnerable to having their credentials stolen and for abuse to occur without your knowledge. A data breach is when a service's security is breached by hackers and they are able to exfiltrate a copy of the user database. Data breaches are unfortunately all [too common](https://haveibeenpwned.com/PwnedWebsites) these days; practicing good digital hygiene is the best way to minimize the impact these have on your life. [Deceptive design](https://www.deceptive.design/) patterns can often introduce inconveniences along the way, this guide aims to help you navigate through the account deletion process.
+
+## Finding Old Accounts
+
+### Password Manager
+
+If you have a password manager that you've used for your entire digital life, this part will be very easy. They often include built-in functionality for detecting if your credentials were exposed in a data breach, such as Bitwarden's [Data Breach Report](https://bitwarden.com/blog/have-you-been-pwned/).
+
+<figure markdown>
+  ![Bitwarden's Data Breach Report feature](../assets/img/account-deletion/exposed_passwords.png)
+</figure>
+
+Even if you don't think you've used a password manager before, you may have used the one in your browser or your phone without even realizing it, for example: [Firefox Password Manager](https://support.mozilla.org/kb/password-manager-remember-delete-edit-logins), [Google Password Manager](https://passwords.google.com/intro)
+and [Edge Password Manager](https://support.microsoft.com/en-us/microsoft-edge/save-or-forget-passwords-in-microsoft-edge-b4beecb0-f2a8-1ca0-f26f-9ec247a3f336).
+
+Desktop platforms also often have a password manager which may help you recover passwords you've forgotten about:
+
+- Windows [Credential Manager](https://support.microsoft.com/en-us/windows/accessing-credential-manager-1b5c916a-6a16-889f-8581-fc16e8165ac0)
+- macOS [Keychain](https://support.apple.com/en-md/guide/mac-help/mchlf375f392/mac)
+- iOS [Passwords](https://support.apple.com/en-us/HT211146)
+- Linux, Gnome Keyring, which can be accessed through [Seahorse](https://help.gnome.org/users/seahorse/stable/passwords-view.html.en), or [KDE Wallet Manager](https://userbase.kde.org/KDE_Wallet_Manager)
+
+### Email
+
+If you didn't use a password manager in the past or you think you have accounts that you never added to your password manager, another option is to log in to the email account(s) that you believe you signed up on. Go to the search bar on your email client and type "verify" or "welcome". Almost every time you make an online account, the service will send a verification link or a welcome message to your email. This can be a good way to find old, forgotten accounts.
+
+## Deleting Old Accounts
+
+### Log In
+
+In order to delete your old accounts, you'll need to first make sure you can log in to them. Again, if the account was in your password manager, this step is easy. If not, you can try to guess your password. Failing that, there is usually a "forgot password?" link toward the bottom of the login screen. It may also be possible that accounts you've abandoned have already been deleted, sometimes services prune all old accounts.
+
+When you click it, it will most likely ask you for your email that you signed up with. Type in the email you think you used and see if you are sent a reset link. If the site returns an error message saying that email is not associated with an account, or you never receive a reset link after multiple attempts, then you do not have an account under that email address; try a different one. If you can't figure out which email address you used, or you no longer have access to that email, you can try contacting the service's support. Unfortunately there is no guarantee that you will be able to reclaim access your account.
+
+### Overwriting Account information
+
+In some situations where you plan to abandon an account it may make sense to overwrite the account information with fake data. Once you've made sure you can log in, change all the information in your account to fake information. The reason you want to do this is many sites will retain information you previously had even after account deletion. The hope is that they will overwrite the previous information with the newest data you entered. Once again though, there is no guarantee that there won't be old backups.
+
+For the account email, either create a new burner email account via your provider of choice or create an alias using an [email aliasing service](/email/#email-aliasing-services). Do not use temporary email providers, as many sites will give a period of time in which your account can be reactivated. Delete your burner email account after this period expires.
+
+### Delete
+
+After replacing all your info, you can check [JustDeleteMe](https://justdeleteme.xyz) for instructions on deleting the account for a specific service. Some sites will graciously have a "Delete Account" option, while others will force you to speak with a support agent. Overall, the process can vary quite a bit for different sites, and for some it may be impossible to delete.
+
+For services that don't allow account deletion, the best thing to do is fake all your info as mentioned above. Then, enable MFA and any extra security features you can and change the password to a randomly-generated one that is the maximum allowed size (a [password manager](/passwords/#local-password-managers) can be useful for this).
+
+If you're satisfied that all information you care about is removed, you can safely forget about this account. If not, it might be a good idea to keep the credentials stored with your other passwords and occasionally re-login to reset the password.
+
+Even when you are able to delete an account, there is no guarantee that all your information will be removed. In fact, some companies are required by law to keep certain information, particularly when related to financial transactions. It's mostly out of your control what happens to your data when it comes to websites and cloud services.
+
+## Avoid New Accounts
+
+As the old saying goes, "an ounce of prevention is worth a pound of cure." Whenever you feel tempted to sign up for a new account, ask yourself "Do I really need this? Can I accomplish what I need to without an account?" It can often be much harder to delete an account than to create one and even after deleting or changing the info on your account, there might be a cached version from a third party like archive.org. Avoid the temptation when you're able to; your future self will thank you!
+
+--8<-- "includes/abbreviations.en.md"

docs/security/multi-factor-authentication.en.md

@@ -24,7 +24,7 @@ The security of push notification MFA is dependent on both the quality of the ap
 
 ### Time-based One-time Password (TOTP)
 
-TOTP is one of the most commons form of MFA available. When you set up TOTP you are generally required to scan a [QR Code](https://en.wikipedia.org/wiki/QR_code) which establishes a "[shared secret](https://en.wikipedia.org/wiki/Shared_secret)" with the service that you intend to use. The shared secret is secured inside of the authenticator app's data, and is sometimes protected by a password.
+TOTP is one of the most common forms of MFA available. When you set up TOTP you are generally required to scan a [QR Code](https://en.wikipedia.org/wiki/QR_code) which establishes a "[shared secret](https://en.wikipedia.org/wiki/Shared_secret)" with the service that you intend to use. The shared secret is secured inside of the authenticator app's data, and is sometimes protected by a password.
 
 The time-limited code is then derived from the shared secret and the current time. As the code is only valid for a short time, without access to the shared secret an adversary cannot generate new codes.
 
@@ -76,13 +76,9 @@ When you create an account the public key is sent to the service, then when you
 
 This presentation discusses the history of password authentication, the pitfalls (such as password reuse), and discussion of FIDO2 and [WebAuthn](https://webauthn.guide) standards.
 
-<iframe width="100%" style="height:50vh"
-  src="https://www.youtube-nocookie.com/embed/aMo4ZlWznao"
-  title="How FIDO2 and WebAuthn Stop Account Takeovers"
-  frameborder="0"
-  allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture"
-  allowfullscreen>
-</iframe>
+<div class="yt-embed">
+  <iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/aMo4ZlWznao" title="How FIDO2 and WebAuthn Stop Account Takeovers" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
+</div>
 
 FIDO2 and WebAuthn have superior security and privacy properties when compared to any MFA methods.
 

docs/stylesheets/extra.css

@@ -155,3 +155,19 @@ h1, h2, h3, .md-header__topic {
 .no-js .md-sidebar {
     align-self: auto;
 }
+
+/* Maintain 16:9 aspect ratio on embedded YT videos */
+.yt-embed {
+    position: relative;
+    width: 100%;
+    padding-bottom: 56.25%; 
+    height: 0;
+}
+
+.yt-embed iframe {
+    position: absolute;
+    top:0;
+    left: 0;
+    width: 100%;
+    height: 100%;
+}

docs/technology/dns.en.md

@@ -25,7 +25,7 @@ Below, we discuss and provide a tutorial to prove what an outside observer may s
 
 2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, MacOS etc) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Software such as web browsers do these lookups automatically, unless they are configured to use encrypted DNS.
 
-    === "Linux, MacOS"
+    === "Linux, macOS"
 
         ```
         dig +noall +answer privacyguides.org @1.1.1.1
@@ -279,9 +279,17 @@ Encrypted DNS with a 3rd party should only be used to get around redirects and b
 
 [List of recommended DNS servers](../dns.md){ .md-button }
 
-## What is DNSSEC and when is it used?
+## What is DNSSEC?
 
-[Domain Name System Security Extensions](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) (DNSSEC) is used to provide authenticity to the records being fetched from upstream DNS servers. It doesn't provide confidentiality, for that we use one of the [encrypted DNS](#what-is-encrypted-dns) protocols discussed above.
+[Domain Name System Security Extensions](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) (DNSSEC) is a feature of DNS that authenticates responses to domain name lookups. It does not provide privacy protections for those lookups, but rather prevents attackers from manipulating or poisoning the responses to DNS requests.
+
+In other words, DNSSEC digitally signs data to help ensure its validity. In order to ensure a secure lookup, the signing occurs at every level in the DNS lookup process. As a result, all answers from DNS can be trusted.
+
+The DNSSEC signing process is similar to someone signing a legal document with a pen; that person signs with a unique signature that no one else can create, and a court expert can look at that signature and verify that the document was signed by that person. These digital signatures ensure that data has not been tampered with.
+
+DNSSEC implements a hierarchical digital signing policy across all layers of DNS. For example, in the case of a `privacyguides.org` lookup, a root DNS server would sign a key for the `.org` nameserver, and the `.org` nameserver would then sign a key for `privacyguides.org`’s authoritative nameserver.
+
+<small>Adapted from [DNS Security Extensions (DNSSEC) overview](https://cloud.google.com/dns/docs/dnssec) by Google and [DNSSEC: An Introduction](https://blog.cloudflare.com/dnssec-an-introduction/) by Cloudflare, both licensed under [CC BY 4.0](https://creativecommons.org/licenses/by/4.0/).</small>
 
 ## What is QNAME minimization?
 

docs/tools.en.md

@@ -17,6 +17,7 @@ For your convenience, everything we recommend is listed below with a link to the
 
 - ![Tor Browser logo](assets/img/browsers/tor.svg){ .twemoji } [Tor Browser](https://www.torproject.org/)
 - ![Firefox logo](assets/img/browsers/firefox.svg){ .twemoji } [Firefox (Desktop)](https://firefox.com/)
+- ![Brave logo](assets/img/browsers/brave.svg){ .twemoji } [Brave (Desktop)](https://brave.com/)
 - ![Bromite logo](assets/img/browsers/bromite.svg){ .twemoji } [Bromite (Android)](https://www.bromite.org/)
 - ![Safari logo](assets/img/browsers/safari.svg){ .twemoji } [Safari (iOS)](https://www.apple.com/safari/)
 

mkdocs.yml

@@ -142,6 +142,7 @@ nav:
       - 'threat-modeling.md'
       - 'technology/dns.md'
       - 'security/multi-factor-authentication.md'
+      - 'security/account-deletion.md'
     - 'Android':
       - 'android/overview.md'
       - 'android/grapheneos-vs-calyxos.md'