Minor updates to email aliasing section (#1161)

Signed-off-by: Daniel Gray <dng@disroot.org>

.allowed_signers

@@ -0,0 +1 @@
+jonah@privacyguides.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJUp+Gi8ZpTDDbZC+GY+3QnFfxkI9rAu07bceyoHDp9O

.github/workflows/crowdin.yml

@@ -1,4 +1,4 @@
-name: Crowdin Upload
+name: 💬 Crowdin Upload
 
 on:
   push:

.github/workflows/deploy.yml

@@ -1,4 +1,5 @@
-name: Deploy Website
+name: 📦 Deploy Website
+
 on:
   workflow_dispatch:
   release:
@@ -17,11 +18,15 @@ jobs:
         uses: actions/checkout@v3
         with:
           fetch-depth: '0'
+          ref: ${{github.event.pull_request.head.ref}}
+          repository: ${{github.event.pull_request.head.repo.full_name}}
+          ssh-key: ${{ secrets.ACTIONS_SSH_KEY }}
+          submodules: 'true'
 
       - name: Set up Python runtime
         uses: actions/setup-python@v3
         with:
-          python-version: ${{ env.PYTHON_VERSION }}
+          python-version: '3.7'
       
       - name: Cache files
         uses: actions/cache@v3.0.2
@@ -31,24 +36,15 @@ jobs:
 
       - name: Install Python dependencies
         run: |
-          pip install 'mkdocs>=1.3.0'
-          pip install mkdocs-static-i18n
-          pip install mkdocs-git-revision-date-localized-plugin
-
-      - name: Install mkdocs-material Insiders build
-        if: github.event.repository.fork == false
-        env:
-          GH_TOKEN: ${{ secrets.GH_TOKEN }}
-        run: |
-          git clone --depth 1 https://${GH_TOKEN}@github.com/privacyguides/mkdocs-material-insiders.git
-          pip install -e mkdocs-material-insiders
+          pip install pipenv
+          pipenv install
 
       - name: Build website
         run: |
-          mkdocs build
+          pipenv run mkdocs build
           mv .well-known site/
           tar cvf site.tar site
-          mkdocs --version
+          pipenv run mkdocs --version
 
       - name: Package website
         uses: actions/upload-artifact@v3

.github/workflows/mirror.yml

@@ -0,0 +1,31 @@
+name: 🪞 Push to Mirrors
+
+on: [ push, delete, create ]
+
+# Ensures that only one mirror task will run at a time.
+concurrency:
+  group: git-mirror
+
+jobs:
+  git-mirror:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Mirror to GitLab
+        uses: wearerequired/git-mirror-action@v1
+        env:
+          SSH_PRIVATE_KEY: ${{ secrets.ACTIONS_SSH_KEY }}
+        with:
+          source-repo: "git@github.com:privacyguides/privacyguides.org.git"
+          destination-repo: "git@gitlab.com:privacyguides/privacyguides.org.git"
+
+      - name: Cleanup
+        run: |
+          sudo rm -rf privacyguides.org.git
+
+      - name: Mirror to Codeberg
+        uses: wearerequired/git-mirror-action@v1
+        env:
+          SSH_PRIVATE_KEY: ${{ secrets.ACTIONS_SSH_KEY }}
+        with:
+          source-repo: "git@github.com:privacyguides/privacyguides.org.git"
+          destination-repo: "git@codeberg.org:privacyguides/privacyguides.org.git"

.github/workflows/preview.yml

@@ -0,0 +1,44 @@
+name: 🔂 Surge PR Preview
+
+on:
+  pull_request_target:
+    types: [opened, synchronize, reopened]
+  
+# Ensures that only one mirror task will run at a time.
+concurrency:
+  group: surge-sh
+
+jobs:
+  preview:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+      contents: write
+    environment: preview
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: '0'
+          ref: ${{github.event.pull_request.head.ref}}
+          repository: ${{github.event.pull_request.head.repo.full_name}}
+          ssh-key: ${{ secrets.ACTIONS_SSH_KEY }}
+          submodules: 'true'
+
+      - name: Set up Python runtime
+        uses: actions/setup-python@v3
+        with:
+          python-version: '3.7'
+
+      - name: Deploy to surge.sh
+        uses: afc163/surge-preview@v1
+        with:
+          surge_token: ${{ secrets.SURGE_TOKEN }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          dist: site
+          failOnError: 'true'
+          build: |
+            pip install pipenv
+            pipenv install
+            pipenv run mkdocs build

Pipfile

@@ -8,9 +8,10 @@ mkdocs = "*"
 mkdocs-material = {path = "./mkdocs-material"}
 mkdocs-static-i18n = "*"
 mkdocs-git-revision-date-localized-plugin = "*"
+typing-extensions = "*"
 
 [dev-packages]
 scour = "*"
 
 [requires]
-python_version = "3.8"
+python_version = "3.7"

Pipfile.lock

@@ -1,11 +1,11 @@
 {
     "_meta": {
         "hash": {
-            "sha256": "417ce9a8799680d98bc8933ac6f592b68dda2e97429d2671290c112bdba09d91"
+            "sha256": "2d68765ce86bf264f0a29d6b9f31202a71615d6aad4653cffc874bd095267d29"
         },
         "pipfile-spec": 6,
         "requires": {
-            "python_version": "3.8"
+            "python_version": "3.7"
         },
         "sources": [
             {
@@ -111,11 +111,11 @@
         },
         "click": {
             "hashes": [
-                "sha256:24e1a4a9ec5bf6299411369b208c1df2188d9eb8d916302fe6bf03faed227f1e",
-                "sha256:479707fe14d9ec9a0757618b7a100a0ae4c4e236fac5b7f80ca68028141a1a72"
+                "sha256:7682dc8afb30297001674575ea00d1814d808d6a36af415a82bd481d37ba7b8e",
+                "sha256:bb4d8133cb15a609f44e8213d9b391b0809795062913b383c62be0ee95b1db48"
             ],
             "markers": "python_version >= '3.7'",
-            "version": "==8.1.2"
+            "version": "==8.1.3"
         },
         "cssselect2": {
             "hashes": [
@@ -327,7 +327,7 @@
         },
         "mkdocs-material": {
             "path": "./mkdocs-material",
-            "version": "==8.2.8+insiders.4.12.0"
+            "version": "==8.2.12+insiders.4.13.2"
         },
         "mkdocs-material-extensions": {
             "hashes": [
@@ -339,10 +339,10 @@
         },
         "mkdocs-static-i18n": {
             "hashes": [
-                "sha256:0d97df64b5be7b34dc112d4ccfba28352b9fccd1b7a3babf229f30d25f6ebb36"
+                "sha256:5d69b4eb284931bd048a36f923367f2a7bd0dc7b0438008dce8ca1a8feee99e2"
             ],
             "index": "pypi",
-            "version": "==0.44"
+            "version": "==0.45"
         },
         "packaging": {
             "hashes": [
@@ -405,19 +405,19 @@
         },
         "pygments": {
             "hashes": [
-                "sha256:44238f1b60a76d78fc8ca0528ee429702aae011c265fe6a8dd8b63049ae41c65",
-                "sha256:4e426f72023d88d03b2fa258de560726ce890ff3b630f88c21cbb8b2503b8c6a"
+                "sha256:5eb116118f9612ff1ee89ac96437bb6b49e8f04d8a13b514ba26f620208e26eb",
+                "sha256:dc9c10fb40944260f6ed4c688ece0cd2048414940f1cea51b8b226318411c519"
             ],
-            "markers": "python_version >= '3.5'",
-            "version": "==2.11.2"
+            "markers": "python_version >= '3.6'",
+            "version": "==2.12.0"
         },
         "pymdown-extensions": {
             "hashes": [
-                "sha256:a80553b243d3ed2d6c27723bcd64ca9887e560e6f4808baa96f36e93061eaf90",
-                "sha256:b37461a181c1c8103cfe1660081726a0361a8294cbfda88e5b02cefe976f0546"
+                "sha256:1baa22a60550f731630474cad28feb0405c8101f1a7ddc3ec0ed86ee510bcc43",
+                "sha256:5b7432456bf555ce2b0ab3c2439401084cda8110f24f6b3ecef952b8313dfa1b"
             ],
             "markers": "python_version >= '3.7'",
-            "version": "==9.3"
+            "version": "==9.4"
         },
         "pyparsing": {
             "hashes": [
@@ -521,6 +521,14 @@
             "markers": "python_version >= '3.6'",
             "version": "==1.1.1"
         },
+        "typing-extensions": {
+            "hashes": [
+                "sha256:6657594ee297170d19f67d55c05852a874e7eb634f4f753dbd667855e07c1708",
+                "sha256:f1c24655a0da0d1b67f07e17a5e6b2a105894e6824b92096378bb3668ef02376"
+            ],
+            "index": "pypi",
+            "version": "==4.2.0"
+        },
         "urllib3": {
             "hashes": [
                 "sha256:44ece4d53fb1706f667c9bd1c648f5469a2ec925fcf3a776667042d645472c14",

README.md

@@ -1,3 +1,4 @@
+<!-- markdownlint-disable MD041 -->
 <div align="center">
   <a href="https://privacyguides.org#gh-light-mode-only">
     <img src="/docs/assets/img/layout/privacy-guides-logo.svg" width="500px" alt="Privacy Guides" />
@@ -16,6 +17,9 @@
   <p><a href="https://www.reddit.com/r/PrivacyGuides/">
     <img src="https://img.shields.io/reddit/subreddit-subscribers/PrivacyGuides?label=Subscribe%20to%20r%2FPrivacyGuides&style=social">
   </a>
+  <a href="https://mastodon.social/@privacyguides">
+    <img src="https://img.shields.io/mastodon/follow/107604420394178246?style=social">
+  </a>
   <a href="https://twitter.com/privacy_guides">
     <img src="https://img.shields.io/twitter/follow/privacy_guides?style=social">
   </a>
@@ -55,6 +59,13 @@ Our current list of team members can be found [here](https://github.com/orgs/pri
   - Browse our [open issues](https://github.com/privacyguides/privacyguides.org/issues) to see what needs to be updated
   - View some contribution tips on our [contributor's wiki](https://github.com/privacyguides/privacyguides.org/wiki)
 
+## Mirrors
+
+[![GitHub](https://img.shields.io/static/v1?logo=github&label=&message=GitHub&color=000&style=for-the-badge)](https://github.com/privacyguides/privacyguides.org)
+[![Gitea](https://img.shields.io/static/v1?logo=gitea&label=&message=Gitea&color=000&style=for-the-badge)](https://code.privacyguides.dev/privacyguides/privacyguides.org)
+[![GitLab](https://img.shields.io/static/v1?logo=gitlab&label=&message=GitLab&color=000&style=for-the-badge)](https://gitlab.com/privacyguides/privacyguides.org)
+[![Codeberg](https://img.shields.io/static/v1?logo=codeberg&label=&message=Codeberg&color=000&style=for-the-badge)](https://codeberg.org/privacyguides/privacyguides.org)
+
 ## Developing
 
 1. Clone this repository and submodules: `git clone --recurse-submodules https://github.com/privacyguides/privacyguides.org`
@@ -62,9 +73,9 @@ Our current list of team members can be found [here](https://github.com/orgs/pri
 3. Install **pipenv**: `pip install pipenv`
 4. Start a pipenv shell: `pipenv shell`
 5. Install dependencies: `pipenv install --dev`
-6. Serve the site locally: `mkdocs serve --config-file mkdocs.production.yml`
+6. Serve the site locally: `mkdocs serve`
     - The site will be available at `http://localhost:8000`
-    - You can build the site locally with `mkdocs build --config-file mkdocs.production.yml`
+    - You can build the site locally with `mkdocs build`
     - This version of the site should be identical to the live, production version
 
 ## Releasing

docs/about.en.md

@@ -1,6 +1,5 @@
 ---
 title: "About Privacy Guides"
-icon: pg/privacyguides
 ---
 
 **Privacy Guides** is a socially motivated website that provides information for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer team members and contributors.

docs/about/donate.en.md

@@ -0,0 +1,45 @@
+---
+title: Supporting Us
+---
+<!-- markdownlint-disable MD036 -->
+It takes a lot of [people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) and [work](https://github.com/privacyguides/privacyguides.org/pulse/monthly) to keep Privacy Guides up to date and spreading the word about privacy and mass surveillance. If you like what we do, the best way to help out is by getting involved by [editing the site](https://github.com/privacyguides/privacyguides.org) or [contributing translations](https://crowdin.com/project/privacyguides).
+
+If you want to support us financially, the most convenient method for us is contributing via Open Collective, a website operated by our fiscal host. Open Collective accepts payments via credit/debit card, PayPal, and bank transfers.
+
+[Donate on OpenCollective.com](https://opencollective.com/privacyguides/donate){ .md-button .md-button--primary }
+
+Donations made directly to us Open Collective are generally tax-deductible in the US, because our fiscal host (the Open Collective Foundation) is a registered 501(c)3 organization. You will receive a receipt from the Open Collective Foundation after donating. Privacy Guides does not provide financial advice, and you should contact your tax advisor to find out whether this is applicable to you.
+
+If you already make use of GitHub sponsorships, you can also sponsor our organization there.
+
+[Sponsor us on GitHub](https://github.com/sponsors/privacyguides){ .md-button }
+
+## Backers
+
+A special thanks to all those who support our mission! :heart:
+
+*Please note: This section loads a widget directly from Open Collective. This section does not reflect donations made outside of Open Collective, and we have no control over the specific donors featured in this section.*
+
+<script src="https://opencollective.com/privacyguides/banner.js"></script>
+
+## How We Use Donations
+
+Privacy Guides is a **non-profit** organization. We use donations for a variety of purposes, including:
+
+**Domain Registrations**
+
+:   We have a few domain names like `privacyguides.org` which cost us around $10 yearly to maintain their registration.
+
+**Web Hosting**
+
+:   Traffic to this website uses hundreds of gigabytes of data per month, we use a variety of service providers to keep up with this traffic.
+
+**Online Services**
+
+:   We host [internet services](https://privacyguides.net) for testing and showcasing different privacy-products we like and [recommend](../tools.md). Some of which are made publicly available for our community's use (SearXNG, Tor, etc.), and some are provided for our team members (email, etc.).
+
+**Product Purchases**
+
+:   We occasionally purchase products and services for the purposes of testing our [recommended tools](../tools.md).
+
+We are still working with our fiscal host (the Open Collective Foundation) to receive cryptocurrency donations, at the moment the accounting is unfeasible for many smaller transactions, but this should change in the future. In the meantime, if you wish to make a sizable (> $100) cryptocurrency donation please reach out to [jonah@privacyguides.org](mailto:jonah@privacyguides.org).

docs/about/notices.en.md

@@ -1,6 +1,5 @@
 ---
 title: "Notices and Disclaimers"
-icon: material/message-alert
 hide:
     - toc
 ---
@@ -27,7 +26,7 @@ Portions of this notice itself were adopted from [opensource.guide](https://gith
 
 This means that you can use the human-readable content in this repository for your own project, per the terms outlined in the CC0 1.0 Universal text. You **may not** use the Privacy Guides branding in your own project without express approval from this project. Privacy Guides's brand trademarks include the "Privacy Guides" wordmark and shield logo.
 
-We believe that the logos and other images in `assets` obtained from third-party providers are either in the public domain or **fair use**. In a nutshell, legal [fair use doctrine](https://en.wikipedia.org/wiki/Fair_use) allows the use of copyrighted images in order to identify the subject matter for purposes of public comment. However, these logos and other images may still be subject to trademark laws in one or more jurisdictions. Before using this content, please ensure that it is used to identify the entity or organization that owns the trademark and that you have the right to use it under the laws which apply in the circumstances of your intended use. *When copying content from this website, you are solely responsible for ensuring that you do not infringe someone else's trademark or copyright.*
+We believe that the logos and other images in `assets` obtained from third-party providers are either in the public domain or **fair use**. In a nutshell, legal [fair use doctrine](https://www.copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject matter for purposes of public comment. However, these logos and other images may still be subject to trademark laws in one or more jurisdictions. Before using this content, please ensure that it is used to identify the entity or organization that owns the trademark and that you have the right to use it under the laws which apply in the circumstances of your intended use. *When copying content from this website, you are solely responsible for ensuring that you do not infringe someone else's trademark or copyright.*
 
 When you contribute to this repository you are doing so under the above licenses.
 

docs/about/privacy-policy.en.md

@@ -1,42 +1,26 @@
 ---
 title: "Privacy Policy"
-icon: material/file-search
 ---
-
-## Who is Privacy Guides?
-
 Privacy Guides is a community project operated by a number of active volunteer contributors. The public list of team members [can be found on GitHub](https://github.com/orgs/privacyguides/people).
 
-## How does Privacy Guides collect data about me?
+## Data We Collect From Visitors
 
-We collect data:
+The privacy of our website visitors is important to us, so we do not track any individual people. As a visitor to our website:
 
-* When you browse a website, forum, or other Privacy Guides service.
-* When you create an account on a Privacy Guides service.
-* When you post, send private messages, or otherwise participate on a Privacy Guides service.
+- No personal information is collected
+- No information such as cookies is stored in the browser
+- No information is shared with, sent to or sold to third-parties
+- No information is shared with advertising companies
+- No information is mined and harvested for personal and behavioral trends
+- No information is monetized
 
-This data will be collected regardless of browser, device, or app used to access our services. We do not buy or otherwise receive data from data brokers.
+You can view the data we collect at [stats.privacyguides.net/privacyguides.org](https://stats.privacyguides.net/privacyguides.org).
 
-## What data do you collect and why?
+We run a self-hosted installation of [Plausible Analytics](https://plausible.io) to collect some anonymous usage data for statistical purposes. The goal is to track overall trends in our website traffic, it is not to track individual visitors. All the data is in aggregate only. No personal data is collected.
 
-### We collect data about visits to our websites
+Data collected includes referral sources, top pages, visit duration, information from the devices (device type, operating system, country and browser) used during the visit and more. You can learn more about how Plausible works and collects information in a privacy-respecting manner [here](https://plausible.io/data-policy).
 
-When you visit a Privacy Guides website or service, regardless of whether you have an account or not, the website may use cookies, server logs, and other methods to collect the following data:
-
-* What pages you visit,
-* Your anonymized IP address: We anonymize the last 3 bytes of your IP, e.g. 192.xxx.xxx.xxx.
-
-We use this data to:
-
-* Optimize websites and services, so that they are quick and easy to use,
-* Diagnose and debug technical errors,
-* Defend websites and services from abuse and technical attacks.
-
-This data is processed under our [Legitimate Interest](https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/legitimate-interests/when-can-we-rely-on-legitimate-interests/) to provide our services to you in a an efficient and secure manner and to ensure the legal compliance and proper administration of our business.
-
-Raw data such as pages visited, anonymized visitor IPs, and visitor actions will be retained for 60 days. In special circumstances—such as extended investigations regarding a technical attack—we may preserve logged data for longer periods for analysis. We store aggregate statistics about use of the websites and services we host indefinitely, but those statistics do not include data identifiable to you personally.
-
-### We collect account data
+## Data We Collect From Account Holders
 
 On some websites and services we provide, many features may require an account. For example, an account may be required to post and reply to topics on a forum platform.
 
@@ -46,57 +30,30 @@ We use your account data to identify you on the website and to create pages spec
 
 We use your email to:
 
-* Notify you about posts and other activity on the websites or services.
-* Reset your password and help keep your account secure.
-* Contact you in special circumstances related to your account.
-* Contact you about legal requests, such as DMCA takedown requests.
+- Notify you about posts and other activity on the websites or services.
+- Reset your password and help keep your account secure.
+- Contact you in special circumstances related to your account.
+- Contact you about legal requests, such as DMCA takedown requests.
 
 On some websites and services you may provide additional information for your account, such as a short biography, avatar, your location, or your birthday. We make that information available to everyone who can access the website or service in question. This information is not required to use any of our services and can be erased at any time.
 
 We will store your account data as long as your account remains open. After closing an account, we may retain some or all of your account data in the form of backups or archives for up to 90 days.
 
-## Who is my data shared with?
+## Contacting Us
 
-When you use services provided by Privacy Guides your data is processed by our web hosting provider, Aragon Ventures LLC, in order to facilitate their hosting obligations. Aragon Ventures LLC may collect and use your data as described in their privacy statement at [https://aragon.ventures/privacy](https://aragon.ventures/privacy/).
-
-Your account data, posts, and other activities on Privacy Guides services is shared with others as mentioned in the section about account data.
-
-## Where is my data stored?
-
-The primary datacenter for Privacy Guides is located in Finland. Some websites, services, or backups may reside in datacenters in multiple jurisdictions, including the United States and the European Union.
-
-## Is Privacy Guides GDPR compliant?
-
-We respect privacy rights under [Regulation (EU) 2016/679](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01.ENG), the European Union’s General Data Protection Regulation (GDPR). Information that GDPR requires us to give can be found throughout this document.
-
-## What are my data protection rights?
-
-We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:
-
-* **The right to access** – You have the right to request access to your personal data or copies of your personal data from us. We may charge you a small fee for providing a copy of your data.
-* **The right to rectification** – You have the right to request that we correct any information you believe is inaccurate or incomplete.
-* **The right to erasure** – You have the right to request that we erase your personal data, under certain conditions.
-* **The right to restrict processing** – You have the right to request that we restrict the processing of your personal data, under certain conditions.
-* **The right to object to processing** – You have the right to object to our processing of your personal data, under certain conditions.
-* **The right to data portability** – You have the right to request that we transfer the data that we have collected to another organization or directly to you under certain conditions.
-
-## How can I contact the Privacy Guides team about privacy?
-
-The Privacy Guides team generally does not have access to personal data outside of limited access granted via some moderation panels. Inquiries regarding your personal information should be sent directly to the data controller for these services, Aragon Ventures LLC:
+The Privacy Guides team generally does not have access to personal data outside of limited access granted via some moderation panels. Inquiries regarding your personal information should be sent directly to:
 
 ```
 Jonah Aragon
-Services Administrator, Aragon Ventures LLC
+Services Administrator
 jonah@privacyguides.org
 ```
 
 For all other inquiries, you can contact any member of our team.
 
-For complaints under GDPR more generally, European Union users may lodge complaints with their local data protection supervisory authorities.
+For complaints under GDPR more generally, you may lodge complaints with your local data protection supervisory authorities.
 
-## How can I find out about changes to this document?
-
-This version of our privacy statement took effect April 4th, 2022.
+## About This Policy
 
 We will post any new versions of this statement [here](privacy-policy.en.md). We may change how we announce changes in future versions of this document. In the meantime we may update our contact information at any time without announcing a change. Please refer to the [Privacy Policy](privacy-policy.en.md) for the latest contact information at any time.
 

docs/android.en.md

@@ -27,9 +27,9 @@ We recommend installing one of these custom Android operating systems on your de
 
     GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_(computing)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
 
-    [Visit grapheneos.org](https://grapheneos.org/){ .md-button .md-button--primary } [Privacy Policy](https://grapheneos.org/faq#privacy-policy){ .md-button }
+    [Homepage](https://grapheneos.org/){ .md-button .md-button--primary } [Privacy Policy](https://grapheneos.org/faq#privacy-policy){ .md-button }
 
-GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like a regular user app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging/), while having full user control over their permissions and access, and while containing them to a specific work profile or user [profile](android/overview.md#user-profiles) of your choice.
+GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging/), while giving you full control over their permissions and access, and while containing them to a specific work profile or user [profile](android/overview.md#user-profiles) of your choice.
 
 Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#device-support).
 
@@ -41,9 +41,9 @@ Google Pixel phones are the only devices that currently meet GrapheneOS's [hardw
 
     **CalyxOS** is a system with some privacy features on top of AOSP, including [Datura](https://calyxos.org/docs/tech/datura-details) firewall, [Signal](https://signal.org) integration in the dialer app, and a built in panic button. CalyxOS also comes with firmware updates and signed builds, so verified boot is fully supported.
 
-    [Visit calyxos.org](https://calyxos.org/){ .md-button .md-button--primary } [Privacy Policy](https://calyxinstitute.org/legal/privacy-policy){ .md-button }
+    [Homepage](https://calyxos.org/){ .md-button .md-button--primary } [Privacy Policy](https://calyxinstitute.org/legal/privacy-policy){ .md-button }
 
-To accomodate users who need Google Play Services, CalyxOS optionally includes [microG](https://microg.org/). CalyxOS also includes alternate location services, [Mozilla](https://location.services.mozilla.com/) and [DejaVu](https://github.com/n76/DejaVu).
+For people who need Google Play Services, CalyxOS optionally includes [microG](https://microg.org/). CalyxOS also includes alternate location services, [Mozilla](https://location.services.mozilla.com/) and [DejaVu](https://github.com/n76/DejaVu).
 
 CalyxOS only [supports](https://calyxos.org/docs/guide/device-support/) Google Pixel phones. However, support for the OnePlus 8T/9 and Fairphone 4 is [currently in beta](https://calyxos.org/news/2022/04/01/fairphone4-oneplus8t-oneplus9-test-builds/).
 
@@ -56,7 +56,7 @@ CalyxOS only [supports](https://calyxos.org/docs/guide/device-support/) Google P
     **DivestOS** is a soft-fork of [LineageOS](https://lineageos.org/).
     DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
 
-    [Visit divestos.org](https://divestos.org){ .md-button .md-button--primary } [Privacy Policy](https://divestos.org/index.php?page=privacy_policy){ .md-button }
+    [Homepage](https://divestos.org){ .md-button .md-button--primary } [Privacy Policy](https://divestos.org/index.php?page=privacy_policy){ .md-button }
 
 DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, a custom [hosts](https://divested.dev/index.php?page=dnsbl) file, and [F-Droid](https://www.f-droid.org) as the app store. It includes [UnifiedNlp](https://github.com/microg/UnifiedNlp) for network location. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and includes [network state partitioning](https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning).
 
@@ -92,7 +92,7 @@ A few more tips regarding Android devices and operating system compatibility:
 
     Beginning with the **Pixel 6** and **6 Pro**, Pixel devices receive a minimum of 5 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-4 years competing OEMs typically offer.
 
-    [Visit store.google.com](https://store.google.com/category/phones){ .md-button .md-button--primary }
+    [Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
 
 Unless you have a need for specific [CalyxOS features](https://calyxos.org/features/) that are unavailable on GrapheneOS, we strongly recommend GrapheneOS over other operating system choices on Pixel devices.
 
@@ -145,7 +145,7 @@ Fairphone markets their devices as receiving 6 years of support. However, the So
 
     **Orbot** is a free proxy app that routes your connections through the Tor Network.
 
-    [Visit orbot.app](https://orbot.app/){ .md-button .md-button--primary }
+    [Homepage](https://orbot.app/){ .md-button .md-button--primary }
 
     ??? downloads
 
@@ -174,14 +174,13 @@ For resistance against traffic analysis attacks, consider enabling *Isolate Dest
 
     Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
 
-    [Visit gitea.angry.im](https://gitea.angry.im/PeterCxy/Shelter){ .md-button .md-button--primary }
+    [Project Info](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
 
     ??? downloads
 
         - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=net.typeblog.shelter)
         - [:pg-f-droid: F-Droid](https://f-droid.org/en/packages/net.typeblog.shelter)
         - [:fontawesome-brands-github: GitHub](https://github.com/PeterCxy/Shelter)
-        - [:fontawesome-brands-git-alt: Source](https://gitea.angry.im/PeterCxy/Shelter)
 
 !!! attention
 
@@ -200,7 +199,7 @@ For resistance against traffic analysis attacks, consider enabling *Isolate Dest
 
     **Auditor** is an app which leverages hardware security features to provide device integrity monitoring for [supported devices](https://attestation.app/about#device-support). Currently it works with GrapheneOS and the device's stock operating system.
 
-    [Visit attestation.app](https://attestation.app){ .md-button .md-button--primary }
+    [Website](https://attestation.app){ .md-button .md-button--primary }
 
     ??? downloads
 
@@ -213,7 +212,7 @@ Auditor performs attestation and intrusion detection by:
 - The *auditor* can either be another instance of the Auditor app or the [Remote Attestation Service](https://attestation.app).
 - The *auditor* records the current state and configuration of the *auditee*.
 - Should tampering with the operating system of the *auditee* after the pairing is complete, the auditor will be aware of the change in the device state and configurations.
-- The user will be alerted to the change.
+- You will be alerted to the change.
 
 No personally identifiable information is submitted to the attestation service. We recommend that you sign up with an anonymous account and enable remote attestation for continuous monitoring.
 
@@ -229,7 +228,7 @@ To make sure that your hardware and operating system is genuine, [perform local
 
       **Secure Camera** is an camera app focused on privacy and security which can capture images, videos, and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
 
-    [Visit github.com](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
+    [Source Code](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
 
     ??? downloads
 
@@ -259,7 +258,7 @@ Main privacy features include:
 
     [Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
 
-    [Visit github.com](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
+    [App Info](https://github.com/GrapheneOS/PdfViewer#readme){ .md-button .md-button--primary }
 
     ??? downloads
 
@@ -274,7 +273,7 @@ Main privacy features include:
 
     **PrivacyBlur** is a free app which can blur sensitive portions of pictures before sharing them online.
 
-    [Visit privacyblur.app](https://privacyblur.app/){ .md-button .md-button--primary }
+    [Website](https://privacyblur.app/){ .md-button .md-button--primary }
 
     ??? downloads
 

docs/android/grapheneos-vs-calyxos.en.md

@@ -12,7 +12,7 @@ GrapheneOS extends the user profile feature, allowing you to end a current sessi
 
 When Google Play services are used on GrapheneOS, they run as a user app and are contained within a user or work profile.
 
-Sandboxed Google Play is confined using the highly restrictive, default [`untrusted_app`](https://source.android.com/security/selinux/concepts) domain provided by [SELinux](https://en.wikipedia.org/wiki/Security-Enhanced_Linux). Permissions for apps to use Google Play Services can be revoked at any time by the user.
+Sandboxed Google Play is confined using the highly restrictive, default [`untrusted_app`](https://source.android.com/security/selinux/concepts) domain provided by [SELinux](https://en.wikipedia.org/wiki/Security-Enhanced_Linux). Permissions for apps to use Google Play Services can be revoked at any time.
 
 microG is an open-source re-implementation of Google Play Services. This means it needs to be updated every time Android has a major version update (or the Android API changes). It also needs to run in the highly privileged [`system_app`](https://source.android.com/security/selinux/concepts) SELinux domain like regular Google Play Services, and it requires an operating system that allows [signature spoofing](https://github.com/microg/GmsCore/wiki/Signature-Spoofing), which allows system apps to insecurely masquerade as other apps. This is less secure than Sandboxed Google Play's approach, which does not need access to sensitive system APIs.
 
@@ -30,7 +30,7 @@ In terms of application compatibility, Sandboxed Google Play outperforms microG
 
 Android 12 comes with special support for seamless app updates with [third party app stores](https://android-developers.googleblog.com/2020/09/listening-to-developer-feedback-to.html). The popular Free and Open Source Software (FOSS) repository [F-Droid](https://f-droid.org) doesn't implement this feature and requires a [privileged extension](https://f-droid.org/en/packages/org.fdroid.fdroid.privileged) to be included with the Android distribution in order to have unattended app installation.
 
-GrapheneOS doesn't compromise on security; therefore, they do not include the F-Droid extension. Users have to confirm all updates manually if they want to use F-Droid. Alternatively, they can use the Droid-ify client which does support seamless app updates in Android 12. GrapheneOS officially recommends [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play) instead. Many FOSS Android apps are also in Google Play but sometimes they are not (like [NewPipe](../video-streaming.md)).
+GrapheneOS does not include F-Droid, because all updates have to be manually installed, which poses a security risk. However, you can use the [Droid-ify](../android.md#droid-ify) client for F-Droid which does support seamless (background) app updates in Android 12. GrapheneOS officially recommends [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play) instead. Many FOSS Android apps are also in Google Play but sometimes they are not (like [NewPipe](../video-streaming.md)).
 
 CalyxOS includes the [privileged extension](https://f-droid.org/en/packages/org.fdroid.fdroid.privileged), which may lower device security. Seamless app updates should be possible with [Aurora Store](https://auroraoss.com) in Android 12.
 
@@ -38,7 +38,7 @@ CalyxOS includes the [privileged extension](https://f-droid.org/en/packages/org.
 
 GrapheneOS improves upon [AOSP](https://source.android.com/) security with:
 
-- **Hardened WebView:** Vanadium WebView requires [64-bit](https://en.wikipedia.org/wiki/64-bit_computing) processes on the [WebView](https://developer.android.com/reference/android/webkit/WebView) process and disables legacy [32-bit](https://en.wikipedia.org/wiki/32-bit_computing) processes. It uses hardened compiler options such as [`-fwrapv`](https://gcc.gnu.org/onlinedocs/gcc/Code-Gen-Options.html) and [`-fstack-protector-strong`](https://gcc.gnu.org/onlinedocs/gcc-4.9.3/gcc/Optimize-Options.html), which can help protect against [stack buffer overflows](https://en.wikipedia.org/wiki/Stack_buffer_overflow). [API](https://en.wikipedia.org/wiki/API)s such as the [battery status API](https://chromestatus.com/feature/4537134732017664) are disabled for privacy reasons. All system apps on GrapheneOS use the Vanadium WebView which means user installed apps that use WebView will also benefit from Vanadium's hardening. The [Vanadium patch set](https://github.com/GrapheneOS/Vanadium/tree/12/patches) is a lot more comprehensive than CalyxOS's [Chromium patch set](https://gitlab.com/CalyxOS/chromium-patches) which is derived from it.
+- **Hardened WebView:** Vanadium WebView requires [64-bit](https://en.wikipedia.org/wiki/64-bit_computing) processes on the [WebView](https://developer.android.com/reference/android/webkit/WebView) process and disables legacy [32-bit](https://en.wikipedia.org/wiki/32-bit_computing) processes. It uses hardened compiler options such as [`-fwrapv`](https://gcc.gnu.org/onlinedocs/gcc/Code-Gen-Options.html) and [`-fstack-protector-strong`](https://gcc.gnu.org/onlinedocs/gcc-4.9.3/gcc/Optimize-Options.html), which can help protect against [stack buffer overflows](https://en.wikipedia.org/wiki/Stack_buffer_overflow). [API](https://en.wikipedia.org/wiki/API)s such as the [battery status API](https://chromestatus.com/feature/4537134732017664) are disabled for privacy reasons. All system apps on GrapheneOS use the Vanadium WebView which means that apps which use WebView will also benefit from Vanadium's hardening. The [Vanadium patch set](https://github.com/GrapheneOS/Vanadium/tree/12/patches) is a lot more comprehensive than CalyxOS's [Chromium patch set](https://gitlab.com/CalyxOS/chromium-patches) which is derived from it.
 - **Hardened Kernel:** GrapheneOS kernel includes some hardening from the [linux-hardened](https://github.com/GrapheneOS/linux-hardened) project and the [Kernel Self Protection Project (KSPP)](https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project). CalyxOS uses the [same kernel](https://calyxos.org/docs/development/build/kernel/) as regular Android with some minor modifications.
 - **Hardened Memory Allocator:** GrapheneOS uses the [hardened malloc](https://github.com/GrapheneOS/hardened_malloc) subproject as its memory allocator. This focuses on hardening against [memory heap corruption](https://en.wikipedia.org/wiki/Memory_corruption). CalyxOS uses the default AOSP [Scudo Malloc](https://source.android.com/devices/tech/debug/scudo), which is generally [less effective](https://twitter.com/danielmicay/status/1033671709197398016). Hardened Malloc has uncovered vulnerabilities in AOSP which have been [fixed](https://github.com/GrapheneOS/platform_system_core/commit/be11b59725aa6118b0e1f0712572e835c3d50746) by GrapheneOS such as [CVE-2021-0703](https://nvd.nist.gov/vuln/detail/CVE-2021-0703).
 - **Secure Exec Spawning:** GrapheneOS [spawns](https://en.wikipedia.org/wiki/Spawn_(computing)) fresh processes as opposed to using the [Zygote model](https://ayusch.com/android-internals-the-android-os-boot-process) used by AOSP and CalyxOS. The Zygote model weakens [Address Space Layout Randomization](https://en.wikipedia.org/wiki/Address_space_layout_randomization) (ASLR) and is considered [less secure](https://wenke.gtisc.gatech.edu/papers/morula.pdf). Creating [fresh processes](https://grapheneos.org/usage#exec-spawning) is safer but will have some performance penalty when launching a new application. These penalties are not really noticeable unless you have an [old device](https://support.google.com/nexus/answer/4457705) with slow storage such as the Pixel 3a/3a XL as it has [eMMC](https://en.wikipedia.org/wiki/MultiMediaCard#eMMC).

docs/android/overview.en.md

@@ -28,7 +28,7 @@ We do not believe that the security sacrifices made by rooting a phone are worth
 
 [Verified Boot](https://source.android.com/security/verifiedboot) is an important part of the Android security model. It provides protection against [evil maid](https://en.wikipedia.org/wiki/Evil_maid_attack) attacks, malware persistence, and ensures security updates cannot be downgraded with [rollback protection](https://source.android.com/security/verifiedboot/verified-boot#rollback-protection).
 
-Android 10 and above has moved away from full-disk encryption to more flexible [file-based encryption](https://source.android.com/security/encryption/file-based). Each user's data is encrypted using their own unique encryption key, and the operating system files are left unencrypted.
+Android 10 and above has moved away from full-disk encryption to more flexible [file-based encryption](https://source.android.com/security/encryption/file-based). Your data is encrypted using unique encryption keys, and the operating system files are left unencrypted.
 
 Verified Boot ensures the integrity of the operating system files, thereby preventing an adversary with physical access from tampering or installing malware on the device. In the unlikely case that malware is able to exploit other parts of the system and gain higher privileged access, Verified Boot will prevent and revert changes to the system partition upon rebooting device.
 
@@ -44,17 +44,19 @@ EOL devices which are no longer supported by the SoC manufacturer cannot receive
 
 ## Android Versions
 
-It's important to not use an [end-of-life](https://endoflife.date/android) version of Android. Newer versions of Android not only receive security updates for the operating system but also important privacy enhancing updates too. For example, [prior to Android 10](https://developer.android.com/about/versions/10/privacy/changes), any user apps with the [`READ_PHONE_STATE`](https://developer.android.com/reference/android/Manifest.permission#READ_PHONE_STATE) permission could access sensitive and unique serial numbers of your phone such as [IMEI](https://en.wikipedia.org/wiki/International_Mobile_Equipment_Identity), [MEID](https://en.wikipedia.org/wiki/Mobile_equipment_identifier), your SIM card's [IMSI](https://en.wikipedia.org/wiki/International_mobile_subscriber_identity), whereas now they must be system apps to do so. System apps are only provided by the OEM or Android distribution.
+It's important to not use an [end-of-life](https://endoflife.date/android) version of Android. Newer versions of Android not only receive security updates for the operating system but also important privacy enhancing updates too. For example, [prior to Android 10](https://developer.android.com/about/versions/10/privacy/changes), any apps with the [`READ_PHONE_STATE`](https://developer.android.com/reference/android/Manifest.permission#READ_PHONE_STATE) permission could access sensitive and unique serial numbers of your phone such as [IMEI](https://en.wikipedia.org/wiki/International_Mobile_Equipment_Identity), [MEID](https://en.wikipedia.org/wiki/Mobile_equipment_identifier), your SIM card's [IMSI](https://en.wikipedia.org/wiki/International_mobile_subscriber_identity), whereas now they must be system apps to do so. System apps are only provided by the OEM or Android distribution.
 
 ## Android Permissions
 
-[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant users control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All user installed apps are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore there is no need to install any antivirus apps. The savings you make from not purchasing or subscribing to security apps is better spent on paying for a supported device in the future.
+[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore there is no need to install any antivirus apps. The savings you make from not purchasing or subscribing to security apps is better spent on paying for a supported device in the future.
 
 Should you want to run an app that you're unsure about, consider using a user or work [profile](android/#android-security-privacy).
 
 ## User Profiles
 
-Multiple user profiles can be found in **Settings** → **System** → **Multiple users** and are the simplest way to isolate in Android. With user profiles you can limit a user from making calls, SMS or installing apps on the device. Each profile is encrypted using its own encryption key and cannot access the data of any other profiles. Even the device owner cannot view the data of other profiles without knowing their password. Multiple user profiles is a more secure method of isolation.
+Multiple user profiles can be found in **Settings** → **System** → **Multiple users** and are the simplest way to isolate in Android.
+
+With user profiles, you can impose restrictions on a specific profile, such as: making calls, using SMS, or installing apps on the device. Each profile is encrypted using its own encryption key and cannot access the data of any other profiles. Even the device owner cannot view the data of other profiles without knowing their password. Multiple user profiles is a more secure method of isolation.
 
 ## Work Profile
 
@@ -62,7 +64,7 @@ Multiple user profiles can be found in **Settings** → **System** → **Multipl
 
 A **device controller** such as [Shelter](#recommended-apps) is required, unless you're using CalyxOS which includes one.
 
-The work profile is dependent on a device controller to function. Features such as *File Shuttle* and *contact search blocking* or any kind of isolation features must be implemented by the controller. The user must also fully trust the device controller app, as it has full access to the data inside of the work profile.
+The work profile is dependent on a device controller to function. Features such as *File Shuttle* and *contact search blocking* or any kind of isolation features must be implemented by the controller. You must also fully trust the device controller app, as it has full access to your data inside of the work profile.
 
 This method is generally less secure than a secondary user profile; however, it does allow you the convenience of running apps in both the work and personal profiles simultaneously.
 
@@ -90,11 +92,11 @@ The Advanced Protection Program provides enhanced threat monitoring and enables:
 - Stricter [safe browser scanning](https://www.google.com/chrome/privacy/whitepaper.html#malware) with Google Chrome
 - Stricter recovery process for accounts with lost credentials
 
- For users that are using the privileged Google Play Services (common on stock operating systems), the Advanced Protection Program also comes with [additional benefits](https://support.google.com/accounts/answer/9764949?hl=en) such as:
+ If you use non-sandboxed Google Play Services (common on stock operating systems), the Advanced Protection Program also comes with [additional benefits](https://support.google.com/accounts/answer/9764949?hl=en) such as:
 
 - Not allowing app installation outside of the Google Play Store, the OS vendor's app store, or via [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge)
 - Mandatory automatic device scanning with [Play Protect](https://support.google.com/googleplay/answer/2812853?hl=en#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work)
-- Warning the user about unverified applications
+- Warning you about unverified applications
 
 ### Google Play System Updates
 

docs/assets/img/multi-factor-authentication/mini/nitrokey.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 124 140"><g fill="#D0013B" fill-rule="nonzero"><path d="m72.37 84.938-28.68 16.6a4.1 4.1 0 0 1-5.58-1.5l-15.34-26.57a4.09 4.09 0 0 1 1.5-5.53L53 51.338l19.37 33.6ZM57.48 54.188 72 79.368l28.75-16.61-14.51-25.17-28.76 16.6Zm14.36-3a1 1 0 0 1 .35-1.34l2.81-1.66a1 1 0 0 1 1.34.35l2.41 4.14a1 1 0 0 1-.36 1.34l-2.84 1.65a1 1 0 0 1-1.34-.35l-2.41-4.14.04.01Zm14.22 15.93-2.84 1.66a1 1 0 0 1-1.34-.35l-2.41-4.14a1 1 0 0 1 .35-1.34l2.85-1.65a1 1 0 0 1 1.34.35l2.4 4.13a1 1 0 0 1-.35 1.34Z"/><path d="M61.66 139.798c-1.528 0-3.041-.292-4.46-.86-37.79-15.12-53.52-50.44-56.29-57.37a12.392 12.392 0 0 1-.91-4.71v-43.49a12.4 12.4 0 0 1 7.5-11.43l49.5-21a12 12 0 0 1 9.3 0l49.51 21a12.361 12.361 0 0 1 7.52 11.48v43.44a12.75 12.75 0 0 1-.91 4.69c-2.78 7-18.51 42.27-56.3 57.39-1.418.568-2.932.86-4.46.86Zm0-128.77a1 1 0 0 0-.37.08L11.8 32.018a1.472 1.472 0 0 0-.8 1.35v43.49c0 .198.036.395.11.58 2.49 6.25 16.55 37.83 50.18 51.29a1 1 0 0 0 .75 0c33.62-13.46 47.68-45 50.16-51.24.08-.201.125-.414.13-.63v-43.49a1.44 1.44 0 0 0-.78-1.34L62 11.108a.903.903 0 0 0-.37-.08h.03Z"/></g></svg>

docs/assets/img/multi-factor-authentication/mini/yubico.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 111 110"><g fill="none" fill-rule="evenodd" transform="translate(.5)"><path fill="#84BD00" fill-rule="nonzero" d="m56.265 58.307 10.687-30.266H82.39l-26.02 64H40.076l7.444-17.536-18.209-46.464h15.763z"/><circle cx="55" cy="55" r="48.5" stroke="#84BD00" stroke-width="13"/></g></svg>

docs/assets/img/search-engines/duckduckgo-dark.svg

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><g transform="matrix(.16306 0 0 .16306 -7.3167e-8 3.5791)" fill="none" fill-rule="evenodd"><g transform="translate(42.5)"><circle cx="60" cy="60" r="60" fill="#de5833" fill-rule="nonzero"/><path d="m110.8 38.5c-2.8-6.6-6.8-12.5-11.8-17.5-5.1-5.1-11-9-17.5-11.8-6.8-2.9-14-4.3-21.5-4.3-7.4 0-14.7 1.5-21.5 4.3-6.6 2.7-12.5 6.7-17.5 11.8-5.1 5.1-9 11-11.8 17.5-2.9 6.8-4.3 14-4.3 21.5s1.5 14.7 4.3 21.5c2.8 6.6 6.8 12.5 11.8 17.5 5.1 5.1 11 9 17.5 11.8 6.8 2.9 14 4.3 21.5 4.3 7.4 0 14.7-1.5 21.5-4.3 6.5-2.8 12.4-6.8 17.5-11.8 5.1-5.1 9-11 11.8-17.5 2.9-6.8 4.3-14 4.3-21.5s-1.4-14.7-4.3-21.5zm-38.8 71c-3.2-5.4-11.6-20.5-11.6-31.7 0-25.8 17.3-3.7 17.3-24.3 0-4.9-2.4-22.1-17.4-25.7-3.7-4.9-12.4-9.6-26.2-7.7 0 0 2.3 0.7 4.9 2 0 0-5 0.7-5.2 4.1 0 0 9.9-0.5 15.5 1.3-12.9 1.7-19.5 8.5-18.3 20.8 1.7 17.5 9.1 48.7 11.7 59.6-19.6-7-33.7-25.8-33.7-47.9 0-28.1 22.8-51 51-51s51 22.8 51 51c-0.1 24-16.7 44.1-39 49.5z" fill="#fff" fill-rule="nonzero"/><path d="m57.2 68.3c0-6.6 9-8.7 12.4-8.7 9.2 0 22.2-5.9 25.4-5.8 3.3 0.1 5.4 1.4 5.4 2.9 0 2.2-18.4 10.5-25.5 9.8-6.8-0.6-8.4 0.1-8.4 2.9 0 2.4 4.9 4.6 10.3 4.6 8.1 0 16-3.6 18.4-1.9 2.1 1.5-5.5 6.9-14.2 6.9s-23.8-4.1-23.8-10.7z" fill="#fed30a"/><g fill-rule="nonzero"><g fill="#2d4f8d"><path d="m73.2 40.3c-2.4-3.1-6.7-3.2-8.2 0.4 2.3-1.8 5.1-2.2 8.2-0.4zm-26.7 0.1c-3.3-2-8.8-2.2-8.5 4.1 1.6-3.9 3.8-4.6 8.5-4.1zm24.7 5.8c-1.8 0-3.3 1.5-3.3 3.3s1.5 3.3 3.3 3.3 3.3-1.5 3.3-3.3-1.5-3.3-3.3-3.3zm1.2 3.1c-0.5 0-1-0.4-1-1 0-0.5 0.4-1 1-1s1 0.4 1 1c-0.1 0.5-0.5 1-1 1zm-26.8-1.3c-2.1 0-3.8 1.7-3.8 3.8s1.7 3.8 3.8 3.8 3.8-1.7 3.8-3.8-1.7-3.8-3.8-3.8zm1.4 3.5c-0.6 0-1.1-0.5-1.1-1.1s0.5-1.1 1.1-1.1 1.1 0.5 1.1 1.1-0.5 1.1-1.1 1.1z"/></g><g fill="#d5d7d8"><path d="m37.3 31.8c-4.8 3.5-7 8.9-6.3 16.5 1.7 17.5 9.1 48.8 11.7 59.7l2.7 0.9c-1.6-6.6-9.3-38.8-12.7-63.5-0.9-6.6 1.7-10.5 4.6-13.6zm11.9-4.3c0.4 0 0.7-0.1 0.7-0.1-5.2-2.5-13.4-2.6-15.6-2.6-0.2 0.4-0.4 0.9-0.4 1.4-0.1 0.1 9.6-0.5 15.3 1.3zm-9.4-5.4c-1.6-1.1-2.9-1.8-3.7-2.2-0.7 0.1-1.3 0.1-2 0.2 0 0 2.3 0.7 4.9 2h-0.2z"/></g><path d="m80.1 88.6c-1.7-0.4-8.3 4.3-10.8 6.1-0.1-0.5-0.2-0.9-0.3-1.1-0.3-1-6.7-0.4-8.2 1.2-4-1.9-12-5.6-12.1-3.3-0.3 3 0 15.5 1.6 16.4 1.2 0.7 8-3 11.4-4.9h0.1c2.1 0.5 6 0 7.4-0.9 0.2-0.1 0.3-0.3 0.4-0.5 3.1 1.2 9.8 3.6 11.2 3.1 1.8-0.5 1.4-15.6-0.7-16.1z" fill="#67bd47"/><path d="m61.8 103c-2.1-0.4-1.4-2.5-1.4-7.4-0.5 0.3-0.9 0.7-0.9 1.1 0 4.9-0.8 7.1 1.4 7.4 2.1 0.5 6 0 7.6-0.9 0.3-0.2 0.4-0.5 0.5-1-1.5 0.9-5.2 1.3-7.2 0.8z" fill="#43a347"/></g></g><g fill="#fff" fill-rule="nonzero"><path d="m0 161.6v-24.6h8.9c8.5 0 12.4 6.2 12.4 12 0 6.3-3.8 12.6-12.4 12.6zm2.8-2.9h6.1c6.6 0 9.5-4.9 9.5-9.8 0-4.5-3-9.3-9.5-9.3h-6.1zm29.7 3.2c-4.6 0-7.5-3.1-7.5-8v-9.6h2.7v9.5c0 3.5 2 5.6 5.4 5.6 3.2 0 5.5-2.5 5.5-5.8v-9.3h2.7v17.3h-2.4l-0.2-3-0.4 0.5c-1.5 1.8-3.4 2.7-5.8 2.8zm21.7 0c-4.5 0-9-2.8-9-8.9 0-5.4 3.6-8.9 9-8.9 2.4 0 4.4 0.8 6.2 2.5l-1.7 1.7c-1.2-1.1-2.8-1.7-4.4-1.7-3.8 0-6.4 2.6-6.4 6.4 0 4.4 3.2 6.4 6.4 6.4 1.8 0 3.4-0.6 4.6-1.8l1.7 1.7c-1.8 1.7-4 2.6-6.4 2.6zm20.9-0.3-8.5-8.5v8.5h-2.6v-24.6h2.6v14.9l7.4-7.6h3.5l-8.2 8.1 9.2 9.1v0.1zm6.6 0v-24.6h8.9c8.5 0 12.4 6.2 12.4 12 0 6.3-3.8 12.6-12.4 12.6zm2.9-2.9h6.1c6.6 0 9.5-4.9 9.5-9.8 0-4.5-3-9.3-9.5-9.3h-6.1zm29.6 3.2c-4.6 0-7.5-3.1-7.5-8v-9.6h2.7v9.5c0 3.5 2 5.6 5.4 5.6 3.2 0 5.5-2.5 5.5-5.8v-9.3h2.7v17.3h-2.4l-0.1-3-0.4 0.5c-1.5 1.8-3.5 2.7-5.9 2.8zm21.7 0c-4.5 0-9-2.8-9-8.9 0-5.4 3.6-8.9 9-8.9 2.4 0 4.4 0.8 6.2 2.5l-1.7 1.7c-1.2-1.1-2.8-1.7-4.4-1.7-3.8 0-6.4 2.6-6.4 6.4 0 4.4 3.2 6.4 6.4 6.4 1.8 0 3.4-0.6 4.6-1.8l1.7 1.7-0.1 0.1c-1.7 1.7-3.8 2.5-6.3 2.5zm20.9-0.3-8.4-8.5v8.5h-2.6v-24.6h2.6v14.9l7.4-7.6h3.4l-8.1 8.1 9.1 9.1v0.1zm17.3 0.4c-9.5 0-12.8-6.8-12.8-12.5 0-3.8 1.3-7.1 3.6-9.5 2.3-2.3 5.5-3.5 9.2-3.5 3.4 0 6.5 1.3 8.9 3.6l-1.6 1.9c-1.9-1.8-4.7-2.9-7.3-2.9-6.9 0-10 5.4-10 10.4 0 4.9 3.1 9.9 10.1 9.9 2.5 0 4.9-0.9 6.8-2.5l0.1-0.1v-6.1h-7.7v-2.5h10.3v9.6c-2.7 2.9-5.8 4.2-9.6 4.2zm21.8-0.1c-5.2 0-8.9-3.7-8.9-8.9s3.8-9.1 8.9-9.1c5.3 0 9 3.7 9 9.1-0.1 5.1-3.8 8.9-9 8.9zm0-15.6c-3.7 0-6.3 2.7-6.3 6.6 0 3.7 2.6 6.4 6.3 6.4s6.3-2.6 6.4-6.4c-0.1-3.8-2.7-6.6-6.4-6.6z"/><path d="m206.4 162.2c0.2-0.1 0.3-0.2 0.3-0.4s-0.1-0.3-0.2-0.4-0.3-0.1-0.6-0.1-0.5 0-0.6 0.1v1.6h0.4v-0.7h0.2c0.2 0 0.3 0.1 0.3 0.3 0.1 0.2 0.1 0.3 0.1 0.4h0.4c0-0.1-0.1-0.2-0.1-0.4s-0.1-0.3-0.2-0.4zm-0.5-0.1h-0.2v-0.5h0.2c0.2 0 0.3 0.1 0.3 0.2 0.1 0.2 0 0.3-0.3 0.3z"/><path d="m206 160.5c-0.9 0-1.7 0.7-1.7 1.6s0.7 1.7 1.7 1.7c0.9 0 1.7-0.7 1.7-1.7 0-0.9-0.7-1.6-1.7-1.6zm0 3c-0.7 0-1.3-0.6-1.3-1.3s0.5-1.3 1.3-1.3c0.7 0 1.3 0.6 1.3 1.3s-0.6 1.3-1.3 1.3z"/></g></g></svg>

docs/assets/img/search-engines/duckduckgo.svg

@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><g transform="translate(0 -263.13)"><g transform="matrix(.072143 0 0 .072143 -44.234 303.31)"><g transform="matrix(3.912 0 0 3.912 351.05 -631.3)"><circle cx="127" cy="79" r="60" fill="#de5833"/><path d="m177.8 57.5c-2.8-6.6-6.8-12.5-11.8-17.5-5.1-5.1-11-9-17.5-11.8-6.8-2.9-14-4.3-21.5-4.3-7.4 0-14.7 1.5-21.5 4.3-6.6 2.7-12.5 6.7-17.5 11.8-5.1 5.1-9 11-11.8 17.5-2.9 6.8-4.3 14-4.3 21.5s1.5 14.7 4.3 21.5c2.8 6.6 6.8 12.5 11.8 17.5 5.1 5.1 11 9 17.5 11.8 6.8 2.9 14 4.3 21.5 4.3 7.4 0 14.7-1.5 21.5-4.3 6.5-2.8 12.4-6.8 17.5-11.8 5.1-5.1 9-11 11.8-17.5 2.9-6.8 4.3-14 4.3-21.5s-1.4-14.7-4.3-21.5zm-38.8 71c-3.2-5.4-11.6-20.5-11.6-31.7 0-25.8 17.3-3.7 17.3-24.3 0-4.9-2.4-22.1-17.4-25.7-3.7-4.9-12.4-9.6-26.2-7.7 0 0 2.3 0.7 4.9 2 0 0-5 0.7-5.2 4.1 0 0 9.9-0.5 15.5 1.3-12.9 1.7-19.5 8.5-18.3 20.8 1.7 17.5 9.1 48.7 11.7 59.6-19.6-7-33.7-25.8-33.7-47.9 0-28.1 22.8-51 51-51s51 22.8 51 51c-0.1 24-16.7 44.1-39 49.5z" fill="#fff"/><path d="m124.2 87.3c0-6.6 9-8.7 12.4-8.7 9.2 0 22.2-5.9 25.4-5.8 3.3 0.1 5.4 1.4 5.4 2.9 0 2.2-18.4 10.5-25.5 9.8-6.8-0.6-8.4 0.1-8.4 2.9 0 2.4 4.9 4.6 10.3 4.6 8.1 0 16-3.6 18.4-1.9 2.1 1.5-5.5 6.9-14.2 6.9s-23.8-4.1-23.8-10.7z" clip-rule="evenodd" fill="#fed30a" fill-rule="evenodd"/><g fill="#2d4f8d"><path d="m140.2 59.3c-2.4-3.1-6.7-3.2-8.2 0.4 2.3-1.8 5.1-2.2 8.2-0.4z"/><path d="m113.5 59.4c-3.3-2-8.8-2.2-8.5 4.1 1.6-3.9 3.8-4.6 8.5-4.1z"/><path d="m138.2 65.2c-1.8 0-3.3 1.5-3.3 3.3s1.5 3.3 3.3 3.3 3.3-1.5 3.3-3.3-1.5-3.3-3.3-3.3zm1.2 3.1c-0.5 0-1-0.4-1-1 0-0.5 0.4-1 1-1s1 0.4 1 1c-0.1 0.5-0.5 1-1 1z"/><path d="m112.6 67c-2.1 0-3.8 1.7-3.8 3.8s1.7 3.8 3.8 3.8 3.8-1.7 3.8-3.8-1.7-3.8-3.8-3.8zm1.4 3.5c-0.6 0-1.1-0.5-1.1-1.1s0.5-1.1 1.1-1.1 1.1 0.5 1.1 1.1-0.5 1.1-1.1 1.1z"/></g><g fill="#d5d7d8"><path d="m104.3 50.8c-4.8 3.5-7 8.9-6.3 16.5 1.7 17.5 9.1 48.8 11.7 59.7 0.9 0.3 1.8 0.6 2.7 0.9-1.6-6.6-9.3-38.8-12.7-63.5-0.9-6.6 1.7-10.5 4.6-13.6z"/><path d="m116.2 46.5c0.4 0 0.7-0.1 0.7-0.1-5.2-2.5-13.4-2.6-15.6-2.6-0.2 0.4-0.4 0.9-0.4 1.4-0.1 0.1 9.6-0.5 15.3 1.3z"/><path d="m106.8 41.1c-1.6-1.1-2.9-1.8-3.7-2.2-0.7 0.1-1.3 0.1-2 0.2 0 0 2.3 0.7 4.9 2h-0.2z"/></g><path d="m147.1 107.6c-1.7-0.4-8.3 4.3-10.8 6.1-0.1-0.5-0.2-0.9-0.3-1.1-0.3-1-6.7-0.4-8.2 1.2-4-1.9-12-5.6-12.1-3.3-0.3 3 0 15.5 1.6 16.4 1.2 0.7 8-3 11.4-4.9h0.1c2.1 0.5 6 0 7.4-0.9 0.2-0.1 0.3-0.3 0.4-0.5 3.1 1.2 9.8 3.6 11.2 3.1 1.8-0.5 1.4-15.6-0.7-16.1z" fill="#67bd47"/><path d="m128.8 122c-2.1-0.4-1.4-2.5-1.4-7.4-0.5 0.3-0.9 0.7-0.9 1.1 0 4.9-0.8 7.1 1.4 7.4 2.1 0.5 6 0 7.6-0.9 0.3-0.2 0.4-0.5 0.5-1-1.5 0.9-5.2 1.3-7.2 0.8z" fill="#43a347"/></g></g></g></svg>
+<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><g transform="matrix(.16306 0 0 .16306 -6.7576e-5 3.579)" fill="none" fill-rule="evenodd"><g transform="translate(42.5)"><circle cx="60" cy="60" r="60" fill="#de5833" fill-rule="nonzero"/><path d="m110.8 38.5c-2.8-6.6-6.8-12.5-11.8-17.5-5.1-5.1-11-9-17.5-11.8-6.8-2.9-14-4.3-21.5-4.3-7.4 0-14.7 1.5-21.5 4.3-6.6 2.7-12.5 6.7-17.5 11.8-5.1 5.1-9 11-11.8 17.5-2.9 6.8-4.3 14-4.3 21.5s1.5 14.7 4.3 21.5c2.8 6.6 6.8 12.5 11.8 17.5 5.1 5.1 11 9 17.5 11.8 6.8 2.9 14 4.3 21.5 4.3 7.4 0 14.7-1.5 21.5-4.3 6.5-2.8 12.4-6.8 17.5-11.8 5.1-5.1 9-11 11.8-17.5 2.9-6.8 4.3-14 4.3-21.5s-1.4-14.7-4.3-21.5zm-38.8 71c-3.2-5.4-11.6-20.5-11.6-31.7 0-25.8 17.3-3.7 17.3-24.3 0-4.9-2.4-22.1-17.4-25.7-3.7-4.9-12.4-9.6-26.2-7.7 0 0 2.3 0.7 4.9 2 0 0-5 0.7-5.2 4.1 0 0 9.9-0.5 15.5 1.3-12.9 1.7-19.5 8.5-18.3 20.8 1.7 17.5 9.1 48.7 11.7 59.6-19.6-7-33.7-25.8-33.7-47.9 0-28.1 22.8-51 51-51s51 22.8 51 51c-0.1 24-16.7 44.1-39 49.5z" fill="#fff" fill-rule="nonzero"/><path d="m57.2 68.3c0-6.6 9-8.7 12.4-8.7 9.2 0 22.2-5.9 25.4-5.8 3.3 0.1 5.4 1.4 5.4 2.9 0 2.2-18.4 10.5-25.5 9.8-6.8-0.6-8.4 0.1-8.4 2.9 0 2.4 4.9 4.6 10.3 4.6 8.1 0 16-3.6 18.4-1.9 2.1 1.5-5.5 6.9-14.2 6.9s-23.8-4.1-23.8-10.7z" fill="#fed30a"/><g fill-rule="nonzero"><g fill="#2d4f8d"><path d="m73.2 40.3c-2.4-3.1-6.7-3.2-8.2 0.4 2.3-1.8 5.1-2.2 8.2-0.4zm-26.7 0.1c-3.3-2-8.8-2.2-8.5 4.1 1.6-3.9 3.8-4.6 8.5-4.1zm24.7 5.8c-1.8 0-3.3 1.5-3.3 3.3s1.5 3.3 3.3 3.3 3.3-1.5 3.3-3.3-1.5-3.3-3.3-3.3zm1.2 3.1c-0.5 0-1-0.4-1-1 0-0.5 0.4-1 1-1s1 0.4 1 1c-0.1 0.5-0.5 1-1 1zm-26.8-1.3c-2.1 0-3.8 1.7-3.8 3.8s1.7 3.8 3.8 3.8 3.8-1.7 3.8-3.8-1.7-3.8-3.8-3.8zm1.4 3.5c-0.6 0-1.1-0.5-1.1-1.1s0.5-1.1 1.1-1.1 1.1 0.5 1.1 1.1-0.5 1.1-1.1 1.1z"/></g><g fill="#d5d7d8"><path d="m37.3 31.8c-4.8 3.5-7 8.9-6.3 16.5 1.7 17.5 9.1 48.8 11.7 59.7l2.7 0.9c-1.6-6.6-9.3-38.8-12.7-63.5-0.9-6.6 1.7-10.5 4.6-13.6zm11.9-4.3c0.4 0 0.7-0.1 0.7-0.1-5.2-2.5-13.4-2.6-15.6-2.6-0.2 0.4-0.4 0.9-0.4 1.4-0.1 0.1 9.6-0.5 15.3 1.3zm-9.4-5.4c-1.6-1.1-2.9-1.8-3.7-2.2-0.7 0.1-1.3 0.1-2 0.2 0 0 2.3 0.7 4.9 2h-0.2z"/></g><path d="m80.1 88.6c-1.7-0.4-8.3 4.3-10.8 6.1-0.1-0.5-0.2-0.9-0.3-1.1-0.3-1-6.7-0.4-8.2 1.2-4-1.9-12-5.6-12.1-3.3-0.3 3 0 15.5 1.6 16.4 1.2 0.7 8-3 11.4-4.9h0.1c2.1 0.5 6 0 7.4-0.9 0.2-0.1 0.3-0.3 0.4-0.5 3.1 1.2 9.8 3.6 11.2 3.1 1.8-0.5 1.4-15.6-0.7-16.1z" fill="#67bd47"/><path d="m61.8 103c-2.1-0.4-1.4-2.5-1.4-7.4-0.5 0.3-0.9 0.7-0.9 1.1 0 4.9-0.8 7.1 1.4 7.4 2.1 0.5 6 0 7.6-0.9 0.3-0.2 0.4-0.5 0.5-1-1.5 0.9-5.2 1.3-7.2 0.8z" fill="#43a347"/></g></g><g fill="#4c4c4c" fill-rule="nonzero"><path d="m0 161.6v-24.6h8.9c8.5 0 12.4 6.2 12.4 12 0 6.3-3.8 12.6-12.4 12.6zm2.8-2.9h6.1c6.6 0 9.5-4.9 9.5-9.8 0-4.5-3-9.3-9.5-9.3h-6.1zm29.7 3.2c-4.6 0-7.5-3.1-7.5-8v-9.6h2.7v9.5c0 3.5 2 5.6 5.4 5.6 3.2 0 5.5-2.5 5.5-5.8v-9.3h2.7v17.3h-2.4l-0.2-3-0.4 0.5c-1.5 1.8-3.4 2.7-5.8 2.8zm21.7 0c-4.5 0-9-2.8-9-8.9 0-5.4 3.6-8.9 9-8.9 2.4 0 4.4 0.8 6.2 2.5l-1.7 1.7c-1.2-1.1-2.8-1.7-4.4-1.7-3.8 0-6.4 2.6-6.4 6.4 0 4.4 3.2 6.4 6.4 6.4 1.8 0 3.4-0.6 4.6-1.8l1.7 1.7c-1.8 1.7-4 2.6-6.4 2.6zm20.9-0.3-8.5-8.5v8.5h-2.6v-24.6h2.6v14.9l7.4-7.6h3.5l-8.2 8.1 9.2 9.1v0.1zm6.6 0v-24.6h8.9c8.5 0 12.4 6.2 12.4 12 0 6.3-3.8 12.6-12.4 12.6zm2.9-2.9h6.1c6.6 0 9.5-4.9 9.5-9.8 0-4.5-3-9.3-9.5-9.3h-6.1zm29.6 3.2c-4.6 0-7.5-3.1-7.5-8v-9.6h2.7v9.5c0 3.5 2 5.6 5.4 5.6 3.2 0 5.5-2.5 5.5-5.8v-9.3h2.7v17.3h-2.4l-0.1-3-0.4 0.5c-1.5 1.8-3.5 2.7-5.9 2.8zm21.7 0c-4.5 0-9-2.8-9-8.9 0-5.4 3.6-8.9 9-8.9 2.4 0 4.4 0.8 6.2 2.5l-1.7 1.7c-1.2-1.1-2.8-1.7-4.4-1.7-3.8 0-6.4 2.6-6.4 6.4 0 4.4 3.2 6.4 6.4 6.4 1.8 0 3.4-0.6 4.6-1.8l1.7 1.7-0.1 0.1c-1.7 1.7-3.8 2.5-6.3 2.5zm20.9-0.3-8.4-8.5v8.5h-2.6v-24.6h2.6v14.9l7.4-7.6h3.4l-8.1 8.1 9.1 9.1v0.1zm17.3 0.4c-9.5 0-12.8-6.8-12.8-12.5 0-3.8 1.3-7.1 3.6-9.5 2.3-2.3 5.5-3.5 9.2-3.5 3.4 0 6.5 1.3 8.9 3.6l-1.6 1.9c-1.9-1.8-4.7-2.9-7.3-2.9-6.9 0-10 5.4-10 10.4 0 4.9 3.1 9.9 10.1 9.9 2.5 0 4.9-0.9 6.8-2.5l0.1-0.1v-6.1h-7.7v-2.5h10.3v9.6c-2.7 2.9-5.8 4.2-9.6 4.2zm21.8-0.1c-5.2 0-8.9-3.7-8.9-8.9s3.8-9.1 8.9-9.1c5.3 0 9 3.7 9 9.1-0.1 5.1-3.8 8.9-9 8.9zm0-15.6c-3.7 0-6.3 2.7-6.3 6.6 0 3.7 2.6 6.4 6.3 6.4s6.3-2.6 6.4-6.4c-0.1-3.8-2.7-6.6-6.4-6.6z"/><path d="m206.4 162.2c0.2-0.1 0.3-0.2 0.3-0.4s-0.1-0.3-0.2-0.4-0.3-0.1-0.6-0.1-0.5 0-0.6 0.1v1.6h0.4v-0.7h0.2c0.2 0 0.3 0.1 0.3 0.3 0.1 0.2 0.1 0.3 0.1 0.4h0.4c0-0.1-0.1-0.2-0.1-0.4s-0.1-0.3-0.2-0.4zm-0.5-0.1h-0.2v-0.5h0.2c0.2 0 0.3 0.1 0.3 0.2 0.1 0.2 0 0.3-0.3 0.3z"/><path d="m206 160.5c-0.9 0-1.7 0.7-1.7 1.6s0.7 1.7 1.7 1.7c0.9 0 1.7-0.7 1.7-1.7 0-0.9-0.7-1.6-1.7-1.6zm0 3c-0.7 0-1.3-0.6-1.3-1.3s0.5-1.3 1.3-1.3c0.7 0 1.3 0.6 1.3 1.3s-0.6 1.3-1.3 1.3z"/></g></g></svg>

docs/assets/img/search-engines/mini/duckduckgo.svg

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><g transform="matrix(.28222 0 0 .28222 -18.909 -5.3622)"><circle cx="127" cy="79" r="60" fill="#de5833"/><path d="m177.8 57.5c-2.8-6.6-6.8-12.5-11.8-17.5-5.1-5.1-11-9-17.5-11.8-6.8-2.9-14-4.3-21.5-4.3-7.4 0-14.7 1.5-21.5 4.3-6.6 2.7-12.5 6.7-17.5 11.8-5.1 5.1-9 11-11.8 17.5-2.9 6.8-4.3 14-4.3 21.5s1.5 14.7 4.3 21.5c2.8 6.6 6.8 12.5 11.8 17.5 5.1 5.1 11 9 17.5 11.8 6.8 2.9 14 4.3 21.5 4.3 7.4 0 14.7-1.5 21.5-4.3 6.5-2.8 12.4-6.8 17.5-11.8 5.1-5.1 9-11 11.8-17.5 2.9-6.8 4.3-14 4.3-21.5s-1.4-14.7-4.3-21.5zm-38.8 71c-3.2-5.4-11.6-20.5-11.6-31.7 0-25.8 17.3-3.7 17.3-24.3 0-4.9-2.4-22.1-17.4-25.7-3.7-4.9-12.4-9.6-26.2-7.7 0 0 2.3 0.7 4.9 2 0 0-5 0.7-5.2 4.1 0 0 9.9-0.5 15.5 1.3-12.9 1.7-19.5 8.5-18.3 20.8 1.7 17.5 9.1 48.7 11.7 59.6-19.6-7-33.7-25.8-33.7-47.9 0-28.1 22.8-51 51-51s51 22.8 51 51c-0.1 24-16.7 44.1-39 49.5z" fill="#fff"/><path d="m124.2 87.3c0-6.6 9-8.7 12.4-8.7 9.2 0 22.2-5.9 25.4-5.8 3.3 0.1 5.4 1.4 5.4 2.9 0 2.2-18.4 10.5-25.5 9.8-6.8-0.6-8.4 0.1-8.4 2.9 0 2.4 4.9 4.6 10.3 4.6 8.1 0 16-3.6 18.4-1.9 2.1 1.5-5.5 6.9-14.2 6.9s-23.8-4.1-23.8-10.7z" clip-rule="evenodd" fill="#fed30a" fill-rule="evenodd"/><g fill="#2d4f8d"><path d="m140.2 59.3c-2.4-3.1-6.7-3.2-8.2 0.4 2.3-1.8 5.1-2.2 8.2-0.4zm-26.7 0.1c-3.3-2-8.8-2.2-8.5 4.1 1.6-3.9 3.8-4.6 8.5-4.1zm24.7 5.8c-1.8 0-3.3 1.5-3.3 3.3s1.5 3.3 3.3 3.3 3.3-1.5 3.3-3.3-1.5-3.3-3.3-3.3zm1.2 3.1c-0.5 0-1-0.4-1-1 0-0.5 0.4-1 1-1s1 0.4 1 1c-0.1 0.5-0.5 1-1 1zm-26.8-1.3c-2.1 0-3.8 1.7-3.8 3.8s1.7 3.8 3.8 3.8 3.8-1.7 3.8-3.8-1.7-3.8-3.8-3.8zm1.4 3.5c-0.6 0-1.1-0.5-1.1-1.1s0.5-1.1 1.1-1.1 1.1 0.5 1.1 1.1-0.5 1.1-1.1 1.1z"/></g><g fill="#d5d7d8"><path d="m104.3 50.8c-4.8 3.5-7 8.9-6.3 16.5 1.7 17.5 9.1 48.8 11.7 59.7l2.7 0.9c-1.6-6.6-9.3-38.8-12.7-63.5-0.9-6.6 1.7-10.5 4.6-13.6zm11.9-4.3c0.4 0 0.7-0.1 0.7-0.1-5.2-2.5-13.4-2.6-15.6-2.6-0.2 0.4-0.4 0.9-0.4 1.4-0.1 0.1 9.6-0.5 15.3 1.3zm-9.4-5.4c-1.6-1.1-2.9-1.8-3.7-2.2-0.7 0.1-1.3 0.1-2 0.2 0 0 2.3 0.7 4.9 2h-0.2z"/></g><path d="m147.1 107.6c-1.7-0.4-8.3 4.3-10.8 6.1-0.1-0.5-0.2-0.9-0.3-1.1-0.3-1-6.7-0.4-8.2 1.2-4-1.9-12-5.6-12.1-3.3-0.3 3 0 15.5 1.6 16.4 1.2 0.7 8-3 11.4-4.9h0.1c2.1 0.5 6 0 7.4-0.9 0.2-0.1 0.3-0.3 0.4-0.5 3.1 1.2 9.8 3.6 11.2 3.1 1.8-0.5 1.4-15.6-0.7-16.1z" fill="#67bd47"/><path d="m128.8 122c-2.1-0.4-1.4-2.5-1.4-7.4-0.5 0.3-0.9 0.7-0.9 1.1 0 4.9-0.8 7.1 1.4 7.4 2.1 0.5 6 0 7.6-0.9 0.3-0.2 0.4-0.5 0.5-1-1.5 0.9-5.2 1.3-7.2 0.8z" fill="#43a347"/></g></svg>

docs/assets/img/search-engines/mini/searxng-wordmark.svg

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><g transform="matrix(.36928 0 0 .36928 -15.111 -6.7595)"><circle cx="75" cy="92" r="0" style="fill:none;stroke-width:12;stroke:#000"/><circle cx="75.921" cy="53.903" r="30" style="fill:none;stroke-width:10;stroke:#3050ff"/><path d="m67.515 37.915a18 18 0 0 1 21.051 3.3124 18 18 0 0 1 3.1373 21.078" style="fill:none;stroke-width:5;stroke:#3050ff"/><rect transform="rotate(-46.235)" x="3.7064" y="122.09" width="18.846" height="39.963" ry="1.8669e-13" style="fill:#3050ff"/></g></svg>

docs/assets/img/search-engines/mini/startpage-dark.svg

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><g transform="matrix(.19188 0 0 .19188 1.8154 -.041429)"><path d="m0 66c9.1-1.689 18.762-2.603 28-3 1.3-6.296 2.83-12.681 6.637-18 12.41-17.336 35.46-21.755 52.348-8.18 4.758 3.824 8.195 8.636 10.702 14.18 1.25 2.766 1.778 7.917 4.743 9.397 2.391 1.193 5.985 0.603 8.57 0.603h18c-0.765-9.68-3.251-18.41-7.746-27-3.625-6.928-8.506-12.621-14.254-17.907-27.108-24.928-71.206-19.409-93.482 8.907-9.2 11.694-13.516 26.28-13.518 41z" fill="#6573ff"/><path d="m31 78-28 4c4.827 28.032 34.279 46.374 61 46.985 6.392 0.147 12.879-0.875 19-2.706 3.615-1.082 7.401-3.328 10.91-0.857 4.873 3.431 8.736 9.974 12.479 14.578 8.384 10.313 16.507 21.03 25.415 30.895 5.86 6.49 16.56 8.54 22.624 0.997 6.851-8.522 1.213-16.864-4.429-23.892-7.829-9.752-15.941-19.274-23.802-29-2.905-3.594-8.756-8.367-9.754-13-0.773-3.585 3.251-7.965 4.8-11 3.582-7.016 6.129-14.106 6.757-22h-18c-2.679 0-6.219-0.551-8.722 0.603-2.735 1.262-3.591 4.968-4.958 7.397-2.422 4.304-5.475 8.37-9.335 11.482-19.184 15.47-45.75 7.058-55.985-14.482z" fill="#e5e8ff"/></g></svg>

docs/assets/img/search-engines/mini/startpage.svg

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><g transform="matrix(.19188 0 0 .19188 1.8154 -.041429)"><path d="m0 66c9.1-1.689 18.762-2.603 28-3 1.3-6.296 2.83-12.681 6.637-18 12.41-17.336 35.46-21.755 52.348-8.18 4.758 3.824 8.195 8.636 10.702 14.18 1.25 2.766 1.778 7.917 4.743 9.397 2.391 1.193 5.985 0.603 8.57 0.603h18c-0.765-9.68-3.251-18.41-7.746-27-3.625-6.928-8.506-12.621-14.254-17.907-27.108-24.928-71.206-19.409-93.482 8.907-9.2 11.694-13.516 26.28-13.518 41z" fill="#6573ff"/><path d="m31 78-28 4c4.827 28.032 34.279 46.374 61 46.985 6.392 0.147 12.879-0.875 19-2.706 3.615-1.082 7.401-3.328 10.91-0.857 4.873 3.431 8.736 9.974 12.479 14.578 8.384 10.313 16.507 21.03 25.415 30.895 5.86 6.49 16.56 8.54 22.624 0.997 6.851-8.522 1.213-16.864-4.429-23.892-7.829-9.752-15.941-19.274-23.802-29-2.905-3.594-8.756-8.367-9.754-13-0.773-3.585 3.251-7.965 4.8-11 3.582-7.016 6.129-14.106 6.757-22h-18c-2.679 0-6.219-0.551-8.722 0.603-2.735 1.262-3.591 4.968-4.958 7.397-2.422 4.304-5.475 8.37-9.335 11.482-19.184 15.47-45.75 7.058-55.985-14.482z" fill="#202945"/></g></svg>

docs/assets/img/search-engines/mojeek.svg

@@ -1,13 +1,2 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
-<svg width="100%" height="100%" viewBox="0 0 1892 567" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linejoin:round;stroke-miterlimit:2;">
-    <g transform="matrix(4.16667,0,0,4.16667,0,0)">
-        <path d="M120.727,100.075C117.839,100.075 116.235,98.151 116.235,93.819C116.235,89.488 118.907,71.017 119.938,62.546C121.854,46.813 112.784,35.412 99.628,35.412C89.206,35.412 81.253,39.533 75.016,46.171C70.785,39.774 66.032,35.412 56.787,35.412C47.783,35.412 42.2,38.711 36.702,43.997C33.746,38.19 28.476,35.412 20.597,35.412C14.058,35.412 5.274,38.691 0,41.936L5.875,55.235C9.876,53.009 13.157,51.325 15.976,51.325C19.063,51.325 20.897,53.551 20.384,58.207C19.89,62.699 14.445,114.193 14.445,114.193L32.169,114.193C32.169,114.193 35.647,81.141 36.873,71.198C38.309,59.545 43.953,52.167 51.995,52.167C59.053,52.167 61.458,57.722 60.951,64.217C60.509,69.874 55.363,114.193 55.363,114.193L73.187,114.193C73.187,114.193 77.12,77.451 78.35,68.345C79.946,56.519 87.575,52.167 92.361,52.167C100.23,52.167 102.623,58.604 101.886,64.703C101.287,69.67 99.155,87.157 98.506,96.234C97.705,107.455 102.999,115.798 113.026,115.798C119.604,115.798 126.176,113.923 130.862,111.245L127.022,98.089C124.793,99.053 122.68,100.075 120.727,100.075Z" style="fill:#79ba3a;fill-rule:nonzero;"/>
-        <path d="M210.352,109.031C209.685,115.597 207.559,118.885 202.593,118.885C200.159,118.885 197.141,117.883 194.404,116.76L187.786,131.99C191.417,134.221 199.778,136.001 205.073,136.001C222.239,136.001 226.57,122.936 228.496,105.289C229.779,92.777 235.478,36.384 235.478,36.384L217.34,41.529C217.34,41.529 211.457,98.155 210.352,109.031Z" style="fill:#79ba3a;fill-rule:nonzero;"/>
-        <path d="M229.774,0.53C222.893,0.53 217.991,6.293 217.553,12.387C217.114,18.481 221.187,24.245 228.068,24.245C234.346,24.245 239.851,18.481 240.29,12.387C240.728,6.293 236.052,0.53 229.774,0.53Z" style="fill:#79ba3a;fill-rule:nonzero;"/>
-        <path d="M281.513,50.816C286.487,50.816 289.114,54.032 289.114,58.05C289.114,68.636 276.099,73.186 262.486,72.549C264.702,60.989 272.887,50.816 281.513,50.816ZM277.683,100.075C269.054,100.075 264.006,93.736 262.433,84.92C290.833,86.885 306.541,75.114 306.541,57.802C306.541,43.845 293.666,35.582 281.995,35.582C259.374,35.582 243.542,54.273 243.542,79.059C243.542,101.078 255.142,115.798 275.152,115.798C287.89,115.798 298.439,110.022 306.649,99.582L297.215,88.986C291.404,94.746 285.604,100.075 277.683,100.075Z" style="fill:#79ba3a;fill-rule:nonzero;"/>
-        <path d="M351.969,50.816C356.943,50.816 359.57,54.032 359.57,58.05C359.57,68.636 346.555,73.186 332.943,72.549C335.158,60.989 343.343,50.816 351.969,50.816ZM348.139,100.075C339.51,100.075 334.462,93.736 332.889,84.92C361.29,86.885 376.997,75.114 376.997,57.802C376.997,43.845 364.123,35.582 352.451,35.582C329.831,35.582 313.999,54.273 313.999,79.059C313.999,101.078 325.599,115.798 345.608,115.798C358.346,115.798 368.895,110.022 377.106,99.582L367.671,88.986C361.86,94.746 356.06,100.075 348.139,100.075Z" style="fill:#79ba3a;fill-rule:nonzero;"/>
-        <path d="M449.367,98.788C447.277,99.612 445.44,100.075 443.291,100.075C437.144,100.075 434.424,94.931 431.903,88.926C429.94,84.25 426.33,74.478 423.329,65.984L451.235,37.187L429.686,37.187C424.784,41.99 412.145,54.663 405.7,61.134C408.604,32.539 411.577,3.256 411.577,3.256L393.684,8.4C393.684,8.4 384.042,102.887 382.937,113.764L400.346,113.764C400.716,110.157 401.807,99.444 403.17,86.028L409.921,79.014C412.005,84.352 414.296,90.798 415.826,94.665C421.035,107.837 426.555,115.798 438.57,115.798C443.254,115.798 448.914,114.397 453.234,112.202L449.367,98.788Z" style="fill:#79ba3a;fill-rule:nonzero;"/>
-        <path d="M164.417,99.966C156.828,99.966 150.956,93.398 150.956,80.262C150.956,63.176 159.114,51.305 169.342,51.305C178.807,51.305 182.735,62.676 182.735,73.284C182.735,89.568 173.673,99.966 164.417,99.966ZM201.796,72.241C201.796,53.59 190.438,35.6 169.342,35.6C147.56,35.6 132.02,54.623 132.02,79.139C132.02,102.8 144.715,115.798 163.646,115.798C188.234,115.798 201.796,94.409 201.796,72.241Z" style="fill:#79ba3a;fill-rule:nonzero;"/>
-    </g>
-</svg>
+<?xml version="1.0" encoding="UTF-8"?>
+<svg width="384" height="128" version="1.1" viewBox="0 0 101.6 33.867" xmlns="http://www.w3.org/2000/svg"><g transform="matrix(.22417 0 0 .22417 -9.1709e-7 1.6305)" style="clip-rule:evenodd;fill-rule:evenodd;stroke-linejoin:round;stroke-miterlimit:2"><path d="m120.73 100.08c-2.888 0-4.492-1.924-4.492-6.256 0-4.331 2.672-22.802 3.703-31.273 1.916-15.733-7.154-27.134-20.31-27.134-10.422 0-18.375 4.121-24.612 10.759-4.231-6.397-8.984-10.759-18.229-10.759-9.004 0-14.587 3.299-20.085 8.585-2.956-5.807-8.226-8.585-16.105-8.585-6.539 0-15.323 3.279-20.597 6.524l5.875 13.299c4.001-2.226 7.282-3.91 10.101-3.91 3.087 0 4.921 2.226 4.408 6.882-0.494 4.492-5.939 55.986-5.939 55.986h17.724s3.478-33.052 4.704-42.995c1.436-11.653 7.08-19.031 15.122-19.031 7.058 0 9.463 5.555 8.956 12.05-0.442 5.657-5.588 49.976-5.588 49.976h17.824s3.933-36.742 5.163-45.848c1.596-11.826 9.225-16.178 14.011-16.178 7.869 0 10.262 6.437 9.525 12.536-0.599 4.967-2.731 22.454-3.38 31.531-0.801 11.221 4.493 19.564 14.52 19.564 6.578 0 13.15-1.875 17.836-4.553l-3.84-13.156c-2.229 0.964-4.342 1.986-6.295 1.986z" style="fill-rule:nonzero;fill:#79ba3a"/><path d="m210.35 109.03c-0.667 6.566-2.793 9.854-7.759 9.854-2.434 0-5.452-1.002-8.189-2.125l-6.618 15.23c3.631 2.231 11.992 4.011 17.287 4.011 17.166 0 21.497-13.065 23.423-30.712 1.283-12.512 6.982-68.905 6.982-68.905l-18.138 5.145s-5.883 56.626-6.988 67.502z" style="fill-rule:nonzero;fill:#79ba3a"/><path d="m229.77 0.53c-6.881 0-11.783 5.763-12.221 11.857-0.439 6.094 3.634 11.858 10.515 11.858 6.278 0 11.783-5.764 12.222-11.858 0.438-6.094-4.238-11.857-10.516-11.857z" style="fill-rule:nonzero;fill:#79ba3a"/><path d="m281.51 50.816c4.974 0 7.601 3.216 7.601 7.234 0 10.586-13.015 15.136-26.628 14.499 2.216-11.56 10.401-21.733 19.027-21.733zm-3.83 49.259c-8.629 0-13.677-6.339-15.25-15.155 28.4 1.965 44.108-9.806 44.108-27.118 0-13.957-12.875-22.22-24.546-22.22-22.621 0-38.453 18.691-38.453 43.477 0 22.019 11.6 36.739 31.61 36.739 12.738 0 23.287-5.776 31.497-16.216l-9.434-10.596c-5.811 5.76-11.611 11.089-19.532 11.089z" style="fill-rule:nonzero;fill:#79ba3a"/><path d="m351.97 50.816c4.974 0 7.601 3.216 7.601 7.234 0 10.586-13.015 15.136-26.627 14.499 2.215-11.56 10.4-21.733 19.026-21.733zm-3.83 49.259c-8.629 0-13.677-6.339-15.25-15.155 28.401 1.965 44.108-9.806 44.108-27.118 0-13.957-12.874-22.22-24.546-22.22-22.62 0-38.452 18.691-38.452 43.477 0 22.019 11.6 36.739 31.609 36.739 12.738 0 23.287-5.776 31.498-16.216l-9.435-10.596c-5.811 5.76-11.611 11.089-19.532 11.089z" style="fill-rule:nonzero;fill:#79ba3a"/><path d="m449.37 98.788c-2.09 0.824-3.927 1.287-6.076 1.287-6.147 0-8.867-5.144-11.388-11.149-1.963-4.676-5.573-14.448-8.574-22.942l27.906-28.797h-21.549c-4.902 4.803-17.541 17.476-23.986 23.947 2.904-28.595 5.877-57.878 5.877-57.878l-17.893 5.144s-9.642 94.487-10.747 105.36h17.409c0.37-3.607 1.461-14.32 2.824-27.736l6.751-7.014c2.084 5.338 4.375 11.784 5.905 15.651 5.209 13.172 10.729 21.133 22.744 21.133 4.684 0 10.344-1.401 14.664-3.596z" style="fill-rule:nonzero;fill:#79ba3a"/><path d="m164.42 99.966c-7.589 0-13.461-6.568-13.461-19.704 0-17.086 8.158-28.957 18.386-28.957 9.465 0 13.393 11.371 13.393 21.979 0 16.284-9.062 26.682-18.318 26.682zm37.379-27.725c0-18.651-11.358-36.641-32.454-36.641-21.782 0-37.322 19.023-37.322 43.539 0 23.661 12.695 36.659 31.626 36.659 24.588 0 38.15-21.389 38.15-43.557z" style="fill-rule:nonzero;fill:#79ba3a"/></g></svg>

docs/assets/img/search-engines/searx.svg

@@ -1,2 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<svg width="128" height="128" version="1.1" viewBox="0 0 33.866 33.866" xmlns="http://www.w3.org/2000/svg"><defs><radialGradient id="radialGradient3798" cx="294.46" cy="208.38" r="107.58" gradientUnits="userSpaceOnUse"><stop stop-color="#a9a9a9" offset="0"/><stop offset="1"/></radialGradient><linearGradient id="linearGradient3865" x1="120.69" x2="120.69" y1="239.62" y2="602.18" gradientUnits="userSpaceOnUse"><stop stop-color="#fff" offset="0"/><stop stop-color="#fff" stop-opacity="0" offset="1"/></linearGradient><filter id="filter4024-6-4" x="-.12997" y="-.14709" width="1.2599" height="1.2942" color-interpolation-filters="sRGB"><feGaussianBlur stdDeviation="6.4759344"/></filter></defs><g transform="matrix(.090361 0 0 .090361 -5.5773 -.077823)"><g transform="matrix(1.1338 0 0 1.1338 -8.2538 -22.845)"><path d="m70.523 34.871c-7.1196 15.243-10.178 31.779-8.2256 48.815 5.0168 43.774 41.675 79.325 91.536 95.163-6.6258-22.408-5.3409-44.936 2.6395-65.844-47.737-14.183-81.645-42.808-85.95-78.133z"/><path d="m303.78 36.214c7.1196 15.243 10.178 31.779 8.2256 48.815-5.0168 43.774-41.675 79.325-91.536 95.163 6.6258-22.408 5.3409-44.936-2.6395-65.844 47.737-14.183 81.645-42.808 85.95-78.133z"/><path transform="rotate(-49.03)" d="m-5.0906 259.06h18.417c6.2205 0 11.228 16.682 11.228 37.403v172.84c0 20.722-5.0078 37.403-11.228 37.403h-18.417c-6.2205 0-11.228-16.682-11.228-37.403v-172.84c0-20.722 5.0078-37.403 11.228-37.403z"/></g><g transform="matrix(1.1338 0 0 1.1338 -8.2538 -22.845)"><circle transform="translate(-107.08,-60.609)" cx="294.46" cy="208.38" r="107.58" fill="url(#radialGradient3798)"/><circle transform="matrix(.76866 0 0 .76866 85.803 -82.536)" cx="131.82" cy="299.29" r="101.52" fill="url(#linearGradient3865)"/><circle transform="translate(5,-7.1429)" cx="183.34" cy="156.36" r="27.274" fill="#1a1a1a"/><circle transform="translate(1.4848,-63.565)" cx="197.99" cy="203.33" r="5.5558" fill="#fff"/></g><rect transform="matrix(.74464 -.84315 .84315 .74464 -4.5478 -12.237)" x="19.526" y="337.84" width="2.2393" height="159.44" rx="2.8667" ry="9.0007" fill="#fff" fill-opacity=".82212" filter="url(#filter4024-6-4)"/></g></svg>

docs/browsers.en.md

@@ -1,6 +1,9 @@
 ---
 title: "Web Browsers"
 icon: octicons/browser-16
+tags:
+  - HTML5
+  - JavaScript
 ---
 These are our current web browser recommendations and settings. We recommend keeping extensions to a minimum: they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation.
 
@@ -14,7 +17,7 @@ These are our current web browser recommendations and settings. We recommend kee
 
     **Tor Browser** is the choice if you need anonymity. This browser provides you with access to the Tor Bridges and [Tor Network](https://en.wikipedia.org/wiki/Tor_(network)), along with extensions that can be automatically configured to fit its three security levels - *Standard*, *Safer* and *Safest*. We recommend that you do not change any of Tor Browser's default configurations outside of the standard security levels.
 
-    [Visit torproject.org](https://www.torproject.org){ .md-button .md-button--primary } [:pg-tor:](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion){ .md-button } [Privacy Policy](https://support.torproject.org/tbb/tbb-3/){ .md-button }
+    [Homepage](https://www.torproject.org){ .md-button .md-button--primary } [:pg-tor:](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion){ .md-button } [Privacy Policy](https://support.torproject.org/tbb/tbb-3/){ .md-button }
 
     ??? downloads
 
@@ -27,7 +30,7 @@ These are our current web browser recommendations and settings. We recommend kee
         - [:fontawesome-brands-git: Source](https://trac.torproject.org/projects/tor)
 
 !!! warning
-    You should **never** install any additional extensions on Tor Browser, including the ones we suggest for Firefox. Browser extensions make you stand out from other Tor users and your browser easier to [fingerprint](https://support.torproject.org/glossary/browser-fingerprinting).
+    You should **never** install any additional extensions on Tor Browser, including the ones we suggest for Firefox. Browser extensions make you stand out from other people on the Tor network, and make your browser easier to [fingerprint](https://support.torproject.org/glossary/browser-fingerprinting).
 
 ## Desktop Browser Recommendations
 
@@ -39,7 +42,7 @@ These are our current web browser recommendations and settings. We recommend kee
 
     **Firefox** provides strong privacy settings such as [Enhanced Tracking Protection](https://support.mozilla.org/kb/enhanced-tracking-protection-firefox-desktop), which can help block various [types of tracking](https://support.mozilla.org/kb/enhanced-tracking-protection-firefox-desktop#w_what-enhanced-tracking-protection-blocks).
 
-    [Visit firefox.com](https://firefox.com){ .md-button .md-button--primary } [Privacy Policy](https://www.mozilla.org/privacy/firefox){ .md-button }
+    [Homepage](https://firefox.com){ .md-button .md-button--primary } [Privacy Policy](https://www.mozilla.org/privacy/firefox){ .md-button }
 
     ??? downloads
 
@@ -98,7 +101,7 @@ The [Arkenfox project](https://github.com/arkenfox/user.js) provides a set of ca
 
 ## Mobile Browser Recommendations
 
-On Android, Mozilla's engine [GeckoView](https://mozilla.github.io/geckoview/) has yet to support [site isolation](https://hacks.mozilla.org/2021/05/introducing-firefox-new-site-isolation-security-architecture) or enable [isolatedProcess](https://bugzilla.mozilla.org/show_bug.cgi?id=1565196). Firefox on Android also doesn't yet have [HTTPS-Only mode](https://github.com/mozilla-mobile/fenix/issues/16952#issuecomment-907960218) built-in. We do not recommend Firefox or any Gecko based browsers at this time.
+Firefox on Android is still less secure than Chromium-based alternatives: Mozilla's engine [GeckoView](https://mozilla.github.io/geckoview/) has yet to support [site isolation](https://hacks.mozilla.org/2021/05/introducing-firefox-new-site-isolation-security-architecture) or enable [isolatedProcess](https://bugzilla.mozilla.org/show_bug.cgi?id=1565196).
 
 On iOS, any app that can browse the web is [restricted](https://developer.apple.com/app-store/review/guidelines) to using an Apple-provided [WebKit framework](https://developer.apple.com/documentation/webkit), so there is little reason to use a third-party web browser.
 
@@ -110,7 +113,7 @@ On iOS, any app that can browse the web is [restricted](https://developer.apple.
 
     **Bromite** is a Chromium-based browser with privacy and security enhancements, built-in ad blocking, and some fingerprinting randomization.
 
-    [Visit bromite.org](https://www.bromite.org){ .md-button .md-button--primary } [Privacy Policy](https://www.bromite.org/privacy){ .md-button }
+    [Homepage](https://www.bromite.org){ .md-button .md-button--primary } [Privacy Policy](https://www.bromite.org/privacy){ .md-button }
 
     ??? downloads
 
@@ -139,7 +142,7 @@ These options can be found in :material-menu: → :gear: **Settings** → **Priv
 
     **Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/15.0/ios/15.0) such as Intelligent Tracking Protection, Privacy Report, isolated Private Browsing tabs, iCloud Private Relay, and automatic HTTPS upgrades.
 
-    [Visit apple.com](https://www.apple.com/safari/){ .md-button .md-button--primary } [Privacy Policy](https://www.apple.com/legal/privacy/data/en/safari/){ .md-button }
+    [Website](https://www.apple.com/safari/){ .md-button .md-button--primary } [Privacy Policy](https://www.apple.com/legal/privacy/data/en/safari/){ .md-button }
 
 #### Recommended Configuration
 
@@ -197,7 +200,7 @@ We generally do not recommend installing [any extensions](https://www.sentinelon
 
     We suggest enabling all of the [filter lists](https://github.com/gorhill/uBlock/wiki/Dashboard:-Filter-lists) under the "Ads," "Privacy," and "Malware domains". The "Annoyances" and "Multipurpose" lists can also be enabled, but they may break some social media functions. The *AdGuard URL Tracking Protection* filter list makes extensions like CleanURLs and NeatURLs redundant.
 
-    [Visit github.com](https://github.com/gorhill/uBlock){ .md-button .md-button--primary }
+    [Extension Info](https://github.com/gorhill/uBlock#readme){ .md-button .md-button--primary }
 
     ??? downloads
 
@@ -223,7 +226,7 @@ uBlock Origin also has different [blocking modes](https://github.com/gorhill/uBl
 
     We suggest enabling the filters labled *#recommended* under the "Ad Blocking" and "Privacy" [content blockers](https://kb.adguard.com/en/safari/overview#content-blockers). The *#recommended* filters can also be enabled for the "Social Widgets" and "Annoyances" content blockers, but they may break some social media functions.
 
-    [Visit adguard.com](https://adguard.com/en/adguard-safari/overview.html){ .md-button .md-button--primary } [Privacy Policy](https://adguard.com/en/privacy/safari.html){ .md-button }
+    [Website](https://adguard.com/en/adguard-safari/overview.html){ .md-button .md-button--primary } [Privacy Policy](https://adguard.com/en/privacy/safari.html){ .md-button }
 
     ??? downloads
 
@@ -243,7 +246,7 @@ There is also [AdGuard for iOS](https://adguard.com/en/adguard-ios/overview.html
 
     **Terms of Service; Didn't Read** grades websites based on their terms of service agreements and privacy policies. It also gives short summaries of those agreements. The analyses and ratings are published transparently by a community of reviewers.
 
-    [Visit tosdr.org](https://tosdr.org){ .md-button .md-button--primary } [Privacy Policy](https://addons.mozilla.org/firefox/addon/terms-of-service-didnt-read/privacy){ .md-button }
+    [Website](https://tosdr.org){ .md-button .md-button--primary } [Privacy Policy](https://addons.mozilla.org/firefox/addon/terms-of-service-didnt-read/privacy){ .md-button }
 
 We do not recommend installing ToS;DR as a browser extension. The same information is provided on their website.
 

docs/calendar-contacts.en.md

@@ -15,12 +15,13 @@ These products are included with an subscription with their respective [email pr
     ![Tutanota logo](assets/img/calendar-contacts/tutanota.svg#only-light){ align=right }
     ![Tutanota logo](assets/img/calendar-contacts/tutanota-dark.svg#only-dark){ align=right }
 
-    **Tutanota** has an [encrypted calendar](https://tutanota.com/blog/posts/free-encrypted-calendar/) in their desktop and mobile clients.
+    **Tutanota** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, and [more](https://tutanota.com/calendar-app-comparison/). Multiple calendars and extended sharing functionality is limited to paid subscribers.
 
-    [Visit tutanota.com](https://tutanota.com/calendar){ .md-button .md-button--primary } [Privacy Policy](https://tutanota.com/privacy){ .md-button }
+    [Website](https://tutanota.com/calendar){ .md-button .md-button--primary } [Privacy Policy](https://tutanota.com/privacy){ .md-button }
 
     ??? downloads
 
+        - [:fontawesome-solid-earth-americas: Web](https://mail.tutanota.com/)
         - [:fontawesome-brands-windows: Windows](https://tutanota.com/blog/posts/desktop-clients/)
         - [:fontawesome-brands-apple: macOS](https://tutanota.com/blog/posts/desktop-clients/)
         - [:fontawesome-brands-linux: Linux](https://tutanota.com/blog/posts/desktop-clients/)
@@ -36,12 +37,13 @@ These products are included with an subscription with their respective [email pr
 
     ![Proton Calendar logo](assets/img/calendar-contacts/proton-calendar.svg){ align=right }
 
-    **Proton Calendar** is an calendar app that is available to ProtonMail users. All data stored within it is end-to-end encrypted when stored on ProtonMail's servers.
+    **Proton Calendar** is an encrypted calendar serivce available to ProtonMail members. Features include: automatic E2EE of all data, sharing features, import/export functionality, and [more](https://protonmail.com/support/knowledge-base/proton-calendar-guide/). Those on the free tier get access to a single calendar, whereas paid subscribers can create up to 20 calendars. Extended sharing functionality is also limited to paid subscribers. Proton Calendar is currently only available for the web and Android.
 
-    [Visit calendar.protonmail.com](https://calendar.protonmail.com){ .md-button .md-button--primary } [Privacy Policy](https://protonmail.com/privacy-policy){ .md-button }
+    [Website](https://calendar.protonmail.com){ .md-button .md-button--primary } [Privacy Policy](https://protonmail.com/privacy-policy){ .md-button }
 
     ??? downloads
 
+        - [:fontawesome-solid-earth-americas: Web](https://calendar.protonmail.com)
         - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.calendar)
         - [:fontawesome-brands-github: Source](https://github.com/ProtonMail/WebClients)
 
@@ -59,7 +61,7 @@ Some of these options are self-hostable, but could be offered by third party Saa
 
     EteSync also offers optional software as a service for [$24 per year](https://dashboard.etebase.com/user/partner/pricing/) to use, or you can host the server yourself for free.
 
-    [Visit etesync.com](https://www.etesync.com){ .md-button .md-button--primary } [Privacy Policy](https://www.etesync.com/tos/#privacy){ .md-button }
+    [Website](https://www.etesync.com){ .md-button .md-button--primary } [Privacy Policy](https://www.etesync.com/tos/#privacy){ .md-button }
 
     ??? downloads
 
@@ -79,7 +81,7 @@ Some of these options are self-hostable, but could be offered by third party Saa
 
     You can self host Nextcloud or pay for service from a [provider](https://nextcloud.com/signup/).
 
-    [Visit nextcloud.com](https://nextcloud.com/){ .md-button .md-button--primary }
+    [Homepage](https://nextcloud.com/){ .md-button .md-button--primary }
 
     ??? downloads
 
@@ -102,12 +104,11 @@ Some of these options are self-hostable, but could be offered by third party Saa
 
     There are [plugins](https://github.com/39aldo39/DecSync#rss) to sync other types of data such as [RSS](news-aggregators.md).
 
-    [Visit github.com](https://github.com/39aldo39/DecSync){ .md-button .md-button--primary }
+    [Project Info](https://github.com/39aldo39/DecSync#readme){ .md-button .md-button--primary }
 
     ??? downloads
 
         - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.decsync.cc)
         - [:pg-f-droid: F-Droid](https://f-droid.org/packages/org.decsync.cc)
-        - [:fontawesome-brands-github: Source](https://github.com/39aldo39/DecSync)
 
 --8<-- "includes/abbreviations.en.md"

docs/cloud.en.md

@@ -14,7 +14,7 @@ Trust your provider by using an alternative below that supports E2EE.
 
     **Nextcloud** is a suite of free and open-source client-server software for creating your own file hosting services on a private server you control. It also comes with experimental E2EE.
 
-    [Visit nextcloud.com](https://nextcloud.com){ .md-button .md-button--primary } [Privacy Policy](https://nextcloud.com/privacy){ .md-button }
+    [Homepage](https://nextcloud.com){ .md-button .md-button--primary } [Privacy Policy](https://nextcloud.com/privacy){ .md-button }
 
     ??? downloads
 
@@ -41,7 +41,7 @@ When self hosting Nextcloud, you should also remember to enable E2EE to protect
 
     **Proton Drive** is an E2EE general file storage service by the popular encrypted email provider [ProtonMail](https://protonmail.com).
 
-    [Visit drive.protonmail.com](https://drive.protonmail.com){ .md-button .md-button--primary } [Privacy Policy](https://protonmail.com/privacy-policy){ .md-button }
+    [Website](https://drive.protonmail.com){ .md-button .md-button--primary } [Privacy Policy](https://protonmail.com/privacy-policy){ .md-button }
 
     ??? downloads
 
@@ -60,7 +60,7 @@ When using a web client, you are placing trust in the server to send you proper
 
     **Cryptee** is an encrypted, secure photo storage service, and an encrypted documents editor to write personal docs, notes, journals, store files & more.
 
-    [Visit crypt.ee](https://crypt.ee){ .md-button .md-button--primary } [Privacy Policy](https://crypt.ee/privacy){ .md-button }
+    [Website](https://crypt.ee){ .md-button .md-button--primary } [Privacy Policy](https://crypt.ee/privacy){ .md-button }
 
     ??? downloads
 
@@ -80,7 +80,7 @@ When using a web client, you are placing trust in the server to send you proper
 
     **Tahoe-LAFS** is a free and open decentralized cloud storage system. It distributes your data across multiple servers. Even if some of the servers fail or are taken over by an attacker, the entire file store continues to function correctly, preserving your privacy and security. The servers used as storage pools do not have access to your data.
 
-    [Visit tahoe-lafs.org](https://www.tahoe-lafs.org){ .md-button .md-button--primary }
+    [Homepage](https://www.tahoe-lafs.org){ .md-button .md-button--primary }
 
     ??? downloads
 

docs/dns.en.md

@@ -22,9 +22,9 @@ icon: material/dns
 
 [^1]: AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested in within last 24 hours. "We need this information to identify and block new trackers and threats." "We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html)
 [^2]: Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver. The 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is stored only for 25 hours. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/)
-[^3]: Neither free nor premium users of ControlD have logging enabled by default. Premium users can enable logging/analytics at will. [https://controld.com/privacy](https://controld.com/privacy)
+[^3]: Neither ControlD's free nor premium plans have logging enabled by default. Premium subscribers can enable logging/analytics at will. [https://controld.com/privacy](https://controld.com/privacy)
 [^4]: Mullvad's DNS service is available to both subscribers and non-subscribers of Mullvad VPN. Their privacy policy explicitly claims they do not log DNS requests in any way. [https://mullvad.net/en/help/no-logging-data-policy/](https://mullvad.net/en/help/no-logging-data-policy/)
-[^5]: NextDNS can provide insights and logging features on an opt-in basis. Users can choose retention times and log storage locations for any logs they choose to keep. If not specifically requested by the user, no data is logged. [https://nextdns.io/privacy](https://nextdns.io/privacy)
+[^5]: NextDNS can provide insights and logging features on an opt-in basis. You can choose retention times and log storage locations for any logs you choose to keep. If it's not specifically requested, no data is logged. [https://nextdns.io/privacy](https://nextdns.io/privacy)
 [^6]: Quad9 collects some data for the purposes of threat monitoring and response. That data may then be remixed and shared, such as for the purpose of security research. Quad9 does not collect or record IP addresses or other data they deem personally identifiable. [https://www.quad9.net/privacy/policy/](https://www.quad9.net/privacy/policy/)
 
 The criteria for the servers listed above are:
@@ -64,7 +64,7 @@ Select **Settings** → **General** → **Privacy** → **Share Apple T
 
 ### Windows
 
-Windows users can [turn on DoH](https://docs.microsoft.com/en-us/windows-server/networking/dns/doh-client-support) by accessing Windows settings in the control panel.
+You can [turn on DoH](https://docs.microsoft.com/en-us/windows-server/networking/dns/doh-client-support) by accessing Windows settings in the control panel.
 
 Select **Settings** → **Network & Internet** → **Ethernet or WiFi**, → **Edit DNS Settings** → **Preferred DNS encryption** → **Encrypted only (DNS over HTTPS)**.
 
@@ -85,7 +85,7 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](te
 
     **RethinkDNS** is an open-source Android client supporting [DNS-over-HTTPS](technology/dns.md#dns-over-https-doh), [DNS-over-TLS](technology/dns.md#dns-over-tls-dot), [DNSCrypt](technology/dns.md#dnscrypt) and DNS Proxy along with caching DNS responses, locally logging DNS queries and can be used as a firewall too.
 
-    [Visit rethinkdns.com](https://rethinkdns.com){ .md-button .md-button--primary } [Privacy Policy](https://rethinkdns.com/privacy){ .md-button }
+    [Website](https://rethinkdns.com){ .md-button .md-button--primary } [Privacy Policy](https://rethinkdns.com/privacy){ .md-button }
 
     ??? downloads
 
@@ -99,9 +99,9 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](te
 
     ![DNSCloak logo](assets/img/ios/dnscloak.png){ align=right }
 
-    **DNSCloak** is an open-source iOS client supporting [DNS-over-HTTPS](technology/dns.md#dns-over-https-doh), [DNSCrypt](technology/dns.md#dnscrypt), and [dnscrypt-proxy](https://github.com/DNSCrypt/dnscrypt-proxy/wiki) options such as caching DNS responses, locally logging DNS queries, and custom block lists. Users can [add custom resolvers by DNS stamp](https://medium.com/privacyguides/adding-custom-dns-over-https-resolvers-to-dnscloak-20ff5845f4b5).
+    **DNSCloak** is an open-source iOS client supporting [DNS-over-HTTPS](technology/dns.md#dns-over-https-doh), [DNSCrypt](technology/dns.md#dnscrypt), and [dnscrypt-proxy](https://github.com/DNSCrypt/dnscrypt-proxy/wiki) options such as caching DNS responses, locally logging DNS queries, and custom block lists. You can [add custom resolvers by DNS stamp](https://medium.com/privacyguides/adding-custom-dns-over-https-resolvers-to-dnscloak-20ff5845f4b5).
 
-    [Visit github.com](https://github.com/s-s/dnscloak/blob/master/README.md){ .md-button .md-button--primary } [Privacy Policy](https://drive.google.com/file/d/1050No_pU74CAWUS5-BwQWyO2x_aiMzWc/view){ .md-button }
+    [Project Info](https://github.com/s-s/dnscloak/blob/master/README.md){ .md-button .md-button--primary } [Privacy Policy](https://drive.google.com/file/d/1050No_pU74CAWUS5-BwQWyO2x_aiMzWc/view){ .md-button }
 
     ??? downloads
 
@@ -118,10 +118,13 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](te
 
     !!! warning "The anonymized DNS feature does [**not**](technology/dns.md#why-shouldnt-i-use-encrypted-dns) anonymize other network traffic."
 
-    [Visit github.com](https://github.com/DNSCrypt/dnscrypt-proxy/wiki){ .md-button .md-button--primary } [Privacy Policy](https://www.libreoffice.org/about-us/privacy/privacy-policy-en/){ .md-button }
+    [Wiki](https://github.com/DNSCrypt/dnscrypt-proxy/wiki){ .md-button .md-button--primary } [Privacy Policy](https://www.libreoffice.org/about-us/privacy/privacy-policy-en/){ .md-button }
 
     ??? downloads
-
+    
+        - [:fontawesome-brands-windows: Windows](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-Windows)
+        - [:fontawesome-brands-apple: macOS](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-macOS)
+        - [:fontawesome-brands-linux: Linux](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-linux)
         - [:fontawesome-brands-github: Source](https://github.com/DNSCrypt/dnscrypt-proxy)
 
 --8<-- "includes/abbreviations.en.md"

docs/email-clients.en.md

@@ -19,7 +19,7 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
 
     **Thunderbird** is a free, open source, cross-platform email, newsgroup, news feed, and chat (XMPP, IRC, Twitter) client developed by the Thunderbird community, and previously by the Mozilla Foundation.
 
-    [Visit thunderbird.net](https://www.thunderbird.net){ .md-button .md-button--primary } [Privacy Policy](https://www.mozilla.org/privacy/thunderbird){ .md-button }
+    [Homepage](https://www.thunderbird.net){ .md-button .md-button--primary } [Privacy Policy](https://www.mozilla.org/privacy/thunderbird){ .md-button }
 
     ??? downloads
 
@@ -39,9 +39,9 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
 
     ![Apple Mail logo](assets/img/email-clients/applemail.png){ align=right }
 
-    **Apple Mail** is included in macOS and can be extended to have OpenPGP support with [GPG Suite](encryption/#gpg-suite), which adds the ability to send encrypted email.
+    **Apple Mail** is included in macOS and can be extended to have OpenPGP support with [GPG Suite](/encryption/#gpg-suite), which adds the ability to send encrypted email.
 
-    [Visit apple.com](https://support.apple.com/guide/mail/welcome/mac){ .md-button .md-button--primary } [Privacy Policy](https://www.apple.com/legal/privacy/en-ww/){ .md-button }
+    [Website](https://support.apple.com/guide/mail/welcome/mac){ .md-button .md-button--primary } [Privacy Policy](https://www.apple.com/legal/privacy/en-ww/){ .md-button }
 
 ### GNOME Evolution
 
@@ -51,7 +51,7 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
 
     **Evolution** is a personal information management application that provides integrated mail, calendaring and address book functionality. Evolution has extensive [documentation](https://help.gnome.org/users/evolution/stable/) to help you get started.
 
-    [Visit gnome.org](https://wiki.gnome.org/Apps/Evolution){ .md-button .md-button--primary } [Privacy Policy](https://wiki.gnome.org/Apps/Evolution/PrivacyPolicy){ .md-button }
+    [Website](https://wiki.gnome.org/Apps/Evolution){ .md-button .md-button--primary } [Privacy Policy](https://wiki.gnome.org/Apps/Evolution/PrivacyPolicy){ .md-button }
 
     ??? downloads
 
@@ -66,7 +66,7 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
 
     **Kontact** is a personal information manager (PIM) application from the [KDE](https://kde.org) project. It provides a mail client, address book, organizer and RSS client.
 
-    [Visit kontact.kde.org](https://kontact.kde.org){ .md-button .md-button--primary } [Privacy Policy](https://kde.org/privacypolicy-apps){ .md-button }
+    [Website](https://kontact.kde.org){ .md-button .md-button--primary } [Privacy Policy](https://kde.org/privacypolicy-apps){ .md-button }
 
     ??? downloads
 
@@ -82,7 +82,7 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
 
     **Mailvelope** is a browser extension that enables the exchange of encrypted emails following the OpenPGP encryption standard.
 
-    [Visit mailvelope.com](https://www.mailvelope.com){ .md-button .md-button--primary } [Privacy Policy](https://www.mailvelope.com/en/privacy-policy){ .md-button }
+    [Homepage](https://www.mailvelope.com){ .md-button .md-button--primary } [Privacy Policy](https://www.mailvelope.com/en/privacy-policy){ .md-button }
 
     ??? downloads
 
@@ -99,7 +99,7 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
 
     **K-9 Mail** is an independent mail application that supports both POP3 and IMAP mailboxes, but only supports push mail for IMAP.
 
-    [Visit k9mail.app](https://k9mail.app){ .md-button .md-button--primary } [Privacy Policy](https://k9mail.app/privacy){ .md-button }
+    [Homepage](https://k9mail.app){ .md-button .md-button--primary } [Privacy Policy](https://k9mail.app/privacy){ .md-button }
 
     ??? downloads
 
@@ -115,7 +115,7 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
 
     **FairEmail** is a minimal, open source email app, using open standards (IMAP, SMTP, OpenPGP) with a low data and battery usage.
 
-    [Visit email.faircode.eu](https://email.faircode.eu){ .md-button .md-button--primary } [Privacy Policy](https://github.com/M66B/FairEmail/blob/master/PRIVACY.md){ .md-button }
+    [Homepage](https://email.faircode.eu){ .md-button .md-button--primary } [Privacy Policy](https://github.com/M66B/FairEmail/blob/master/PRIVACY.md){ .md-button }
 
     ??? downloads
 
@@ -131,7 +131,7 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
 
     **Canary Mail** is a paid email client designed to make end-to-end encryption seamless with security features such as a biometric app lock.
 
-    [Visit canarymail.io](https://canarymail.io){ .md-button .md-button--primary } [Privacy Policy](https://canarymail.io/privacy.html){ .md-button }
+    [Homepage](https://canarymail.io){ .md-button .md-button--primary } [Privacy Policy](https://canarymail.io/privacy.html){ .md-button }
 
     ??? downloads
 
@@ -156,7 +156,7 @@ Canary Mail is closed source. We recommend it, due to the few choices there are
 
     NeoMutt is a text-based client that has a steep learning curve. It is however, very customizable.
 
-    [Visit neomutt.org](https://neomutt.org){ .md-button .md-button--primary }
+    [Homepage](https://neomutt.org){ .md-button .md-button--primary }
 
     ??? downloads
 

docs/email.en.md

@@ -1,9 +1,9 @@
 ---
-title: "Private Email Providers"
+title: "Email Services"
 icon: material/email
 ---
 
-Find a secure email provider that will keep your privacy in mind. Don’t settle for ad-supported platforms. Never trust any company with your privacy, always encrypt.
+Find a secure email service provider that will keep your privacy in mind. Don’t settle for ad-supported platforms. Never trust any company with your privacy, always encrypt.
 
 !!! warning
 
@@ -17,7 +17,7 @@ Find a secure email provider that will keep your privacy in mind. Don’t settle
 
     [Recommended Instant Messengers](real-time-communication.md){ .md-button }
 
-## Recommended Email Services
+## Recommended Email Providers
 
 ### ProtonMail
 
@@ -31,11 +31,11 @@ Find a secure email provider that will keep your privacy in mind. Don’t settle
 
     **Free**
 
-    [Visit ProtonMail.com](https://protonmail.com){ .md-button .md-button--primary }
+    [Website](https://protonmail.com){ .md-button .md-button--primary } [Privacy Policy](https://protonmail.com/privacy-policy){ .md-button }
 
 ??? check "Custom Domains and Aliases"
 
-    Paid ProtonMail users can use their own domain with the service. [Catch-all](https://protonmail.com/support/knowledge-base/catch-all/) addresses are supported with custom domains for Professional and Visionary plans. ProtonMail also supports [subaddressing](https://protonmail.com/support/knowledge-base/creating-aliases/), which is useful for users who don't want to purchase a domain.
+    Paid ProtonMail subscribers can use their own domain with the service. [Catch-all](https://protonmail.com/support/knowledge-base/catch-all/) addresses are supported with custom domains for Professional and Visionary plans. ProtonMail also supports [subaddressing](https://protonmail.com/support/knowledge-base/creating-aliases/), which is useful for people who don't want to purchase a domain.
 
 ??? check "Private Payment Methods"
 
@@ -51,16 +51,14 @@ Find a secure email provider that will keep your privacy in mind. Don’t settle
 
 ??? check "Email Encryption"
 
-    ProtonMail has [integrated OpenPGP encryption](https://protonmail.com/support/knowledge-base/how-to-use-pgp) in their webmail. Emails to other ProtonMail users are encrypted automatically, and encryption to non-ProtonMail users with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-ProtonMail users](https://protonmail.com/support/knowledge-base/encrypt-for-outside-users) without the need for them to sign up for a ProtonMail account or use software like OpenPGP.
+    ProtonMail has [integrated OpenPGP encryption](https://protonmail.com/support/knowledge-base/how-to-use-pgp) in their webmail. Emails to other ProtonMail accounts are encrypted automatically, and encryption to non-ProtonMail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-ProtonMail addresses](https://protonmail.com/support/knowledge-base/encrypt-for-outside-users) without the need for them to sign up for a ProtonMail account or use software like OpenPGP.
 
-    ProtonMail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows users outside of ProtonMail to find the OpenPGP keys of ProtonMail users easily, for cross-provider E2EE.
-
-??? check ".onion Service"
-
-    ProtonMail's login and services are accessible over Tor, [protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion/)
+    ProtonMail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use ProtonMail to find the OpenPGP keys of ProtonMail accounts easily, for cross-provider E2EE.
 
 ??? info "Additional Functionality"
 
+    ProtonMail's login and services are accessible over Tor, [protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion/)
+
     ProtonMail offers a "Visionary" account for €24/Month, which also enables access to ProtonVPN in addition to providing multiple accounts, domains, aliases, and extra storage.
 
 ### Mailbox.org
@@ -73,11 +71,11 @@ Find a secure email provider that will keep your privacy in mind. Don’t settle
 
     **EUR €12/year**
 
-    [Visit Mailbox.org](https://mailbox.org){ .md-button .md-button--primary }
+    [Website](https://mailbox.org){ .md-button .md-button--primary } [Privacy Policy](https://mailbox.org/en/data-protection-privacy-policy){ .md-button }
 
 ??? check "Custom Domains and Aliases"
 
-    Mailbox.org lets users use their own domain and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful for users who don't want to purchase a domain.
+    Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain.
 
 ??? info "Private Payment Methods"
 
@@ -95,16 +93,14 @@ Find a secure email provider that will keep your privacy in mind. Don’t settle
 
 ??? check "Email Encryption"
 
-    Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to users with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox.
+    Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox.
 
-    Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows users outside of Mailbox.org to find the OpenPGP keys of Mailbox.org users easily, for cross-provider E2EE.
-
-??? info ".onion Service"
-
-    You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service, and users may experience TLS certificate errors.
+    Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE.
 
 ??? info "Additional Functionality"
 
+    You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service, and you may experience TLS certificate errors.
+
     All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3.
 
 ### Disroot
@@ -114,15 +110,15 @@ Find a secure email provider that will keep your privacy in mind. Don’t settle
     ![Disroot logo](assets/img/email/disroot.svg#only-light){ align=right }
     ![Disroot logo](assets/img/email/disroot-dark.svg#only-dark){ align=right }
 
-    **Disroot** offers email amongst [other services](https://disroot.org/en/#services). The service is maintained by volunteers and its community. They have been in operation since 2015. Disroot is based in Amsterdam. Disroot is free and uses open source software such as Rainloop to provide service. Users support the service through donations and buying extra storage. The mailbox limit is 1 GB, but extra storage can be purchased 0.15€ per GB per month paid yearly.
+    **Disroot** offers email amongst [other services](https://disroot.org/en/#services). The service is maintained by volunteers and its community. They have been in operation since 2015. Disroot is based in Amsterdam. Disroot is free and uses open source software such as Rainloop to provide service. You can support the service through donations and buying extra storage. The mailbox limit is 1 GB, but extra storage can be purchased 0.15€ per GB per month paid yearly.
 
     **Free**
 
-    [Visit Disroot.org](https://disroot.org){ .md-button .md-button--primary }
+    [Website](https://disroot.org){ .md-button .md-button--primary } [Privacy Policy](https://disroot.org/en/privacy_policy){ .md-button }
 
 ??? check "Custom Domains and Aliases"
 
-    Disroot lets users use their own domain. They have aliases, however you must [manually apply](https://disroot.org/en/forms/alias-request-form) for them.
+    Disroot lets you use your own domain. They have aliases, however you must [manually apply](https://disroot.org/en/forms/alias-request-form) for them.
 
 ??? check "Private Payment Methods"
 
@@ -140,11 +136,7 @@ Find a secure email provider that will keep your privacy in mind. Don’t settle
 
 ??? check "Email Encryption"
 
-    Disroot allows for encrypted emails to be sent from their webmail application using OpenPGP. However, Disroot has not integrated a Web Key Directory (WKD) for users on their platform.
-
-??? missing ".onion Service"
-
-    Disroot does not operate a .onion service.
+    Disroot allows for encrypted emails to be sent from their webmail application using OpenPGP. However, Disroot has not integrated a Web Key Directory (WKD) for email accounts on their platform.
 
 ??? info "Additional Functionality"
 
@@ -161,7 +153,7 @@ Find a secure email provider that will keep your privacy in mind. Don’t settle
 
     **Free**
 
-    [Visit Tutanota.com](https://tutanota.com){ .md-button .md-button--primary }
+    [Website](https://tutanota.com){ .md-button .md-button--primary } [Privacy Policy](https://tutanota.com/privacy){ .md-button }
 
 Tutanota [doesn't allow](https://tutanota.com/faq/#imap) the use of third-party [email clients](email-clients.md). Tutanota has no plans pull email from [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) using the IMAP protocol. [Email import](https://github.com/tutao/tutanota/issues/630) is currently not possible.
 
@@ -179,7 +171,7 @@ Tutanota is working on a [desktop client](https://tutanota.com/blog/posts/deskto
 
 ??? check "Account Security"
 
-    Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa). Users can either use TOTP or U2F. U2F support is [not yet available on Android](https://github.com/tutao/tutanota/issues/443).
+    Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. U2F support is [not yet available on Android](https://github.com/tutao/tutanota/issues/443).
 
 ??? check "Data Security"
 
@@ -187,13 +179,9 @@ Tutanota is working on a [desktop client](https://tutanota.com/blog/posts/deskto
 
 ??? warning "Email Encryption"
 
-    Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota users can only receive encrypted emails when external users send them through a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external).
+    Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external).
 
-    Tutanota [does have plans](https://github.com/tutao/tutanota/issues/198) to support [AutoCrypt](https://autocrypt.org). This would allow for external users to send encrypted emails to Tutanota users as long as their email client supports the AutoCrypt headers.
-
-??? missing ".onion Service"
-
-    Tutanota does not operate a .onion service but [may consider](https://github.com/tutao/tutanota/issues/528) it in the future.
+    Tutanota [does have plans](https://github.com/tutao/tutanota/issues/198) to support [AutoCrypt](https://autocrypt.org). This would allow for non-Tutanota emails to send encrypted emails to Tutanota accounts as long as their email client supports the AutoCrypt headers.
 
 ??? info "Additional Functionality"
 
@@ -201,6 +189,8 @@ Tutanota is working on a [desktop client](https://tutanota.com/blog/posts/deskto
 
     Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y.
 
+    Tutanota does not operate a .onion service but [may consider](https://github.com/tutao/tutanota/issues/528) it in the future.
+
 ### StartMail
 
 !!! recommendation
@@ -212,7 +202,7 @@ Tutanota is working on a [desktop client](https://tutanota.com/blog/posts/deskto
 
     **USD $59.95/year**
 
-    [Visit StartMail.com](https://startmail.com/){ .md-button .md-button--primary }
+    [Website](https://startmail.com/){ .md-button .md-button--primary } [Privacy Policy](https://www.startmail.com/en/privacy/){ .md-button }
 
 ??? check "Custom Domains and Aliases"
 
@@ -228,68 +218,119 @@ Tutanota is working on a [desktop client](https://tutanota.com/blog/posts/deskto
 
 ??? info "Data Security"
 
-    StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When a user logs in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key.
+    StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key.
 
     StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption, so a [standalone option](calendar-contacts.md) may be more appropriate.
 
 ??? check "Email Encryption"
 
-    StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending messages to users with public OpenPGP keys.
-
-??? missing ".onion Service"
-
-    StartMail does not operate a .onion service.
+    StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys.
 
 ??? info "Additional Functionality"
 
-    StartMail allows for proxying of images within emails. If a user allows the remote image to be loaded, the sender won't know what the user's IP address is.
+    StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is.
 
-### CTemplar
+## Email Aliasing Services
+
+An email aliasing service allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your email provider. True email aliasing is better than plus addressing commonly used and supported by many providers, which allows you to create aliases like yourname+[anythinghere]@example.com, because websites, advertisers, and tracking networks can trivially remove anything after the + sign to know your true email address.
+
+Email aliasing can act as a safeguard in case your email provider ever ceases operation. In that scenario, you can easily re-route your aliases to a new email address. In turn, however, you are placing trust in the aliasing service to continue functioning.
+
+Using a dedicated email aliasing service also has a number of benefits over a catch-all alias on a custom domain:
+
+- Aliases can be turned on and off individually when you need them, preventing websites from emailing you randomly.
+- Replies are sent from the alias address, shielding your real email address.
+
+They also have a number of benefits over "temporary email" services:
+
+- Aliases are permanent, and can be turned on again if you need to receive something like a password reset.
+- Emails are sent to your trusted mailbox rather than stored by the alias provider.
+- Temporary email services typically have public mailboxes which can be accessed by anyone who knows the address, aliases are private to you.
+
+Our email aliasing recommendations are providers that allow you to create aliases on domains they control, as well as your own custom domain(s) for a modest yearly fee. They can also be self-hosted on your custom domain if you want maximum control. However, using a custom domain can have privacy-related drawbacks: If you are the only user on your custom domain your actions can be easily tracked across websites simply by looking at the domain name in the email, ignoring everything before the at (@) sign.
+
+Using an aliasing service requires trusting both your email provider and your aliasing provider with your unencrypted messages. Some providers mitigate this slightly with automatic PGP encryption, which reduces the number of parties you need to trust from 2 to 1 by encrypting incoming emails before they are delivered to your final mailbox provider.
+
+### SimpleLogin
 
 !!! recommendation
 
-    ![CTemplar Logo](assets/img/email/ctemplar.svg#only-light){ align=right }
-    ![CTemplar Logo](assets/img/email/ctemplar-dark.svg#only-dark){ align=right }
+    ![Simplelogin logo](assets/img/email/simplelogin.svg){ align=right }
 
-    **CTemplar** is an email service with a focus on security and privacy through the use of standard OpenPGP encryption. CTemplar has been in operation since **2018** and is run from Iceland. Paid accounts start with 5GB. They offer free accounts by [invitation](https://ctemplar.com/email-creation-restriction/).
+    **[SimpleLogin](https://simplelogin.io)** (now owned by ProtonMail) is a free service which provides email aliases on a variety of shared domain names, and optionally provides features like unlimited aliases and custom domains for $30/year. [Source code on GitHub](https://github.com/simple-login/app).
 
-    **USD $96/year**
+    [Website](https://simplelogin.io){ .md-button .md-button--primary } [Privacy Policy](https://simplelogin.io/privacy/){ .md-button }
 
-    [Visit CTemplar.com](https://ctemplar.com){ .md-button .md-button--primary }
+    ??? downloads
+        - [:fontawesome-brands-firefox: Firefox](https://addons.mozilla.org/en-US/firefox/addon/simplelogin/)
+        - [:fontawesome-brands-chrome: Chrome](https://chrome.google.com/webstore/detail/dphilobhebphkdjbpfohgikllaljmgbn)
+        - [:fontawesome-brands-edge: Edge](https://microsoftedge.microsoft.com/addons/detail/simpleloginreceive-sen/diacfpipniklenphgljfkmhinphjlfff)
+        - [:fontawesome-brands-safari: Safari](https://apps.apple.com/app/id1494051017)
+        - [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/id1494359858)
+        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=io.simplelogin.android)
+        - [:pg-f-droid: F-Droid](https://f-droid.org/en/packages/io.simplelogin.android.fdroid/)
+        - [:fontawesome-brands-github: Source](https://github.com/simple-login)
 
-??? check "Custom Domains and Aliases"
+SimpleLogin [is owned by ProtonMail](https://protonmail.com/blog/proton-and-simplelogin-join-forces/) as of April 8, 2022. If you use ProtonMail for your primary mailbox, this makes SimpleLogin a great choice: you now only have to trust a single email provider and SimpleLogin will be more tightly integrated with ProtonMail's offerings in the future. Nonetheless, SimpleLogin continues to support forwarding to any email provider of your chosing.
 
-    Paid accounts can use [Custom Domains](https://ctemplar.com/help/answer/add-a-domain/) and [aliases](https://ctemplar.com/help/answer/how-to-create-aliases/).
+Notable free features:
 
-??? check "Private Payment Methods"
+- [x] 15 Shared Aliases
+- [x] Unlimited Replies
+- [x] 1 Recepient Mailbox
 
-    CTemplar [payment options](https://ctemplar.com/help/answer/payment-options/) include Credit cards via Stripe, Bitcoin and Monero.
+### AnonAddy
 
-??? check "Account Security"
+!!! recommendation
 
-    CTemplar supports TOTP two factor authentication [for webmail only](https://ctemplar.com/help/answer/setting-up-two-factor-authentication-2fa/). They do not allow U2F security key authentication.
+    ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ align=right }
+    ![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ align=right }
 
-??? check "Data Security"
+    **[AnonAddy](https://anonaddy.com)** lets you create 20 domain aliases on a shared domain for free, or unlimited "standard" aliases which are less anonymous. It has two premium plans at $12/year and $36/year which provide additional features. [Source code on GitHub](https://github.com/anonaddy/anonaddy).
 
-    CTemplar has [zero access encryption at rest](https://ctemplar.com/help/answer/what-encryption-method-is-used/), using PGP. They support [protected headers](https://datatracker.ietf.org/doc/html/draft-autocrypt-lamps-protected-headers-02/) and therefore there is [subject encryption](https://ctemplar.com/help/answer/subject-encryption/).
+    [Website](https://anonaddy.com){ .md-button .md-button--primary } [Privacy Policy](https://anonaddy.com/privacy/){ .md-button }
 
-    CTemplar supports importing [contacts](https://ctemplar.com/help/answer/importing-contacts/) and [contacts are encrypted](https://ctemplar.com/help/answer/contact-encryption/) at rest however, they are only accessible in the webmail and apps.
+    ??? downloads
+        - [:fontawesome-brands-firefox: Firefox](https://addons.mozilla.org/en-GB/firefox/addon/anonaddy/)
+        - [:fontawesome-brands-chrome: Chrome](https://chrome.google.com/webstore/detail/anonaddy-anonymous-email/iadbdpnoknmbdeolbapdackdcogdmjpe)
+        - [:material-apple-ios: iOS](https://anonaddy.com/faq/#is-there-an-ios-app)
+        - [:fontawesome-brands-android: Android](https://anonaddy.com/faq/#is-there-an-android-app)
+        - [:fontawesome-brands-github: Source](https://github.com/anonaddy)
 
-??? check "Email Encryption"
+AnonAddy differentiates between "shared aliases" and "standard aliases": The number of shared aliases (e.g., @anonaddy.me which is shared by other users) that you can create is limited to 20 on AnonAddy's free plan and 50 on their $12/month plan. You can create unlimited standard aliases (which end in a domain like @[username].anonaddy.com or a custom domain on paid plans), however, as previously mentioned, this can be detrimental to privacy because people can trivially tie your standard aliases together based on the domain name alone. Unlimited shared alias are available for $36/year.
 
-    CTemplar has [integrated encryption](https://ctemplar.com/help/answer/how-does-encryption-decryption-work-in-ctemplar/) in their webmail, which simplifies sending messages to users with public OpenPGP keys.
+Notable free features:
 
-??? warning ".onion Service"
+- [x] 20 Shared Aliases
+- [x] Unlimited Standard Aliases
+- [ ] No Outgoing Replies
+- [x] 2 Receipent Mailboxes
+- [x] Automatic PGP Encryption
 
-    CTemplar's .onion service [ctemplarpizuduxk3fkwrieizstx33kg5chlvrh37nz73pv5smsvl6ad.onion](http://ctemplarpizuduxk3fkwrieizstx33kg5chlvrh37nz73pv5smsvl6ad.onion /) is [currently disabled](https://twitter.com/RealCTemplar/status/1458775445202157570) for webmail access, due to a Tor Browser [bug](https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/32865).
+*[Automatic PGP Encryption]: Allows you to encrypt non-encrypted incoming emails before they are forwarded to your mailbox, making sure your primary mailbox provider never sees unencrypted email content.
 
-??? info "Additional Functionality"
+## Self-Hosting Email
 
-    CTemplar has a [dead man timer](https://ctemplar.com/help/answer/setting-up-a-dead-mans-timer/) feature that will automatically send a specific message that you've set after a given period of time.
+Advanced system administrators may consider setting up their own email server. Mailservers require attention and continuous maintenance in order to keep things secure and mail delivery reliable.
 
-    CTemplar also has a feature that allows users verify [checksums](https://ctemplar.com/ctemplar-checksum-implementation/) of production pages with a public copy on Github.
+### Combined software solutions
 
-    Electron clients exist for Windows, Mac and Linux. Official clients also exist for iOS and Android ([including F-Droid](https://f-droid.org/en/packages/com.ctemplar.app.fdroid).) All of these clients are [open source](https://github.com/orgs/CTemplar/repositories).
+!!! recommendation
+
+    ![Mail-in-a-Box logo](assets/img/email/mail-in-a-box.svg){ align=right }
+
+    **[Mail-in-a-Box](https://mailinabox.email)** is an automated setup script for deploying a mail server on Ubuntu. Its goal is to make it easier for people to set up their own mail server.
+
+!!! recommendation
+
+    ![Mailcow logo](assets/img/email/mailcow.svg){ align=right }
+
+    **[Mailcow](https://mailcow.email)** is a more advanced mail server perfect for those with a bit more Linux experience. It has everything you need in a Docker container: A mailserver with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. **[Mailcow Dockerized docs](https://mailcow.github.io/mailcow-dockerized-docs/)**
+
+For a more manual approach we've picked out these two articles.
+
+- [Setting up a mail server with OpenSMTPD, Dovecot and Rspamd](https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/) (2019)
+- [How To Run Your Own Mail Server](https://www.c0ffee.net/blog/mail-server-guide/) (August 2017)
 
 ## Our Criteria
 
@@ -310,23 +351,23 @@ Operating outside the five/nine/fourteen-eyes countries is not necessarily a gua
 
 ### Technology
 
-We regard these features as important in order to provide a safe and optimal service to users. Users should consider the provider which has the features they require.
+We regard these features as important in order to provide a safe and optimal service. You should consider whether the provider which has the features you require.
 
 **Minimum to Qualify:**
 
 - Encrypts account data at rest.
-- Integrated webmail encryption provides convenience to users who want improve on having no E2EE.
+- Integrated webmail encryption provides convenience to those who want an improvement on having no E2EE.
 
 **Best Case:**
 
 - Encrypts account data at rest with zero-access encryption.
-- Allow users to use their own [domain name](https://en.wikipedia.org/wiki/Domain_name). Custom domain names are important to users because it allows them to maintain their agency from the service, should it turn bad, be acquired by another company which doesn't prioritize privacy etc.
+- Allow you to use your own [domain name](https://en.wikipedia.org/wiki/Domain_name). Custom domain names are important, because they allow you to maintain your agency from the service, should it turn bad or be acquired by another company which doesn't prioritize privacy, etc.
 - Support for [WKD](https://wiki.gnupg.org/WKD) to allow improved discovery of public OpenPGP keys via HTTP.  
-    GnuPG users can get a key by typing: `gpg --locate-key example_user@example.com`
-- Support for a temporary mailbox for external users. This is useful when you want to send an encrypted email, without sending an actual copy to your recipient. These emails usually have a limited lifespan and then are automatically deleted. They also don't require the recipient to configure any cryptography like OpenPGP.
+    You can get a key by typing: `gpg --locate-key example_user@example.com`
+- Support for a temporary mailbox for outside accounts. This is useful when you want to send an encrypted email, without sending an actual copy to your recipient. These emails usually have a limited lifespan and then are automatically deleted. They also don't require the recipient to configure any cryptography like OpenPGP.
 - Availability of the email provider's services via an [onion service](https://en.wikipedia.org/wiki/.onion).
 - [Subaddressing](https://en.wikipedia.org/wiki/Email_address#Subaddressing) support.
-- Catch-all or alias functionality for users who own their own domains.
+- Catch-all or alias functionality for those who own their own domains.
 - Use of standard email access protocols such as IMAP, SMTP or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider.
 
 ### Privacy
@@ -345,7 +386,7 @@ We prefer our recommended providers to collect as little data as possible.
 
 ### Security
 
-Email servers deal with a lot of very sensitive data. We expect that providers will adopt best industry practices in order to protect their users.
+Email servers deal with a lot of very sensitive data. We expect that providers will adopt best industry practices in order to protect their members.
 
 **Minimum to Qualify:**
 
@@ -366,10 +407,10 @@ Email servers deal with a lot of very sensitive data. We expect that providers w
 
 **Best Case:**
 
-- Support for hardware authentication, ie U2F and [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn). U2F and WebAuthn are more secure as they use a private key stored on a client-side hardware device to authenticate users, as opposed to a shared secret that is stored on the web server and on the client side when using TOTP. Furthermore, U2F and WebAuthn are more resistant to phishing as their authentication response is based on the authenticated [domain name](https://en.wikipedia.org/wiki/Domain_name).
+- Support for hardware authentication, ie U2F and [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn). U2F and WebAuthn are more secure as they use a private key stored on a client-side hardware device to authenticate people, as opposed to a shared secret that is stored on the web server and on the client side when using TOTP. Furthermore, U2F and WebAuthn are more resistant to phishing as their authentication response is based on the authenticated [domain name](https://en.wikipedia.org/wiki/Domain_name).
 - Zero access encryption, builds on encryption at rest. The difference being the provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
 - [DNS Certification Authority Authorization (CAA) Resource Record](https://tools.ietf.org/html/rfc6844) in addition to DANE support.
-- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), this is useful for users who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617).
+- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), this is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617).
 - Bug-bounty programs and/or a coordinated vulnerability-disclosure process.
 - Website security standards such as:
 
@@ -395,12 +436,12 @@ With the email providers we recommend we like to see responsible marketing.
 
 **Minimum to Qualify:**
 
-- Must self host analytics (no Google Analytics etc). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those users who want to opt-out.
+- Must self host analytics (no Google Analytics etc). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt-out.
 
 Must not have any marketing which is irresponsible:
 
 - Claims of "unbreakable encryption". Encryption should be used with the intention that it may not be secret in the future when the technology exists to crack it.
-- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know users can quite easily deanonymize themselves in a number of ways, e.g.:
+- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily deanonymize themselves in a number of ways, e.g.:
 
 - Reusing personal information e.g. (email accounts, unique pseudonyms etc) that they accessed without anonymity software (Tor, VPN etc)
 - [Browser fingerprinting](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint)
@@ -447,7 +488,7 @@ Email software will often show some visible headers that you may have seen such
 
 ### When is email metadata used?
 
-Client software may use it to show who a message is from and what time it was received. Servers may use it to determine where an email message must be sent, among [other purposes](https://en.wikipedia.org/wiki/Email#Message_header) not transparent to the user.
+Client software may use it to show who a message is from and what time it was received. Servers may use it to determine where an email message must be sent, among [other purposes](https://en.wikipedia.org/wiki/Email#Message_header) which are not always transparent.
 
 ### Where is the email metadata?
 
@@ -461,44 +502,6 @@ Email metadata is crucial to the most basic functionality of email (where it cam
 
 When emails travel between email providers an encrypted connection is negotiated using [Opportunistic TLS](https://en.wikipedia.org/wiki/Opportunistic_TLS). This protects the metadata from outside observers, but as it is not E2EE, server administrators can snoop on the metadata of an email.
 
-## Email Cloaking Services
-
-!!! recommendation
-
-    ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ align=right }
-    ![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ align=right }
-
-    **[AnonAddy](https://anonaddy.com)** lets users create aliases that forward to their email address. Can be self-hosted. [Source code on GitHub](https://github.com/anonaddy/anonaddy). 
-
-!!! recommendation
-
-    ![Simplelogin logo](assets/img/email/simplelogin.svg){ align=right }
-
-    **[SimpleLogin](https://simplelogin.io)** allows you to easily create aliases for your email. Can be self-hosted. [Source code on GitHub](https://github.com/simple-login/app).
-
-## Self-Hosting Email
-
-Advanced users may consider setting up their own email server. Mailservers require attention and continuous maintenance in order to keep things secure and mail delivery reliable.
-
-### Combined software solutions
-
-!!! recommendation
-
-    ![Mail-in-a-Box logo](assets/img/email/mail-in-a-box.svg){ align=right }
-
-    **[Mail-in-a-Box](https://mailinabox.email)** is an automated setup script for deploying a mail server on Ubuntu. Its goal is to make it easier for users to set up their own mail server.
-
-!!! recommendation
-
-    ![Mailcow logo](assets/img/email/mailcow.svg){ align=right }
-
-    **[Mailcow](https://mailcow.email)** is a more advanced mail server perfect for those with a bit more Linux experience. It has everything you need in a Docker container: A mailserver with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. **[Mailcow Dockerized docs](https://mailcow.github.io/mailcow-dockerized-docs/)**
-
-For a more manual approach we've picked out these two articles.
-
-- [Setting up a mail server with OpenSMTPD, Dovecot and Rspamd](https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/) (2019)
-- [How To Run Your Own Mail Server](https://www.c0ffee.net/blog/mail-server-guide/) (August 2017)
-
 ## Additional Reading
 
 - [An NFC PGP SmartCard For Android](https://www.grepular.com/An_NFC_PGP_SmartCard_For_Android)

docs/encryption.en.md

@@ -17,7 +17,7 @@ The options listed here are multi-platform and great for creating encrypted back
 
     **VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication.
 
-    [Visit veracrypt.fr](https://veracrypt.fr){ .md-button .md-button--primary }
+    [Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
 
     ??? downloads
 
@@ -28,7 +28,7 @@ The options listed here are multi-platform and great for creating encrypted back
 
 VeraCrypt is a fork of the discontinued TrueCrypt project. According to its developers, security improvements have been implemented and issues raised by the initial TrueCrypt code audit have been addressed.
 
-When encrypting with VeraCrypt, the user has the option to select from different [hash functions](https://en.wikipedia.org/wiki/VeraCrypt#Encryption_scheme). We suggest users **only** select [SHA-512](https://en.wikipedia.org/wiki/SHA-512) and should stick to the [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) block cipher.
+When encrypting with VeraCrypt, you have the option to select from different [hash functions](https://en.wikipedia.org/wiki/VeraCrypt#Encryption_scheme). We suggest you **only** select [SHA-512](https://en.wikipedia.org/wiki/SHA-512) and stick to the [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) block cipher.
 
 Truecrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits) and VeraCrypt has also been [audited seperately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
 
@@ -40,7 +40,7 @@ Truecrypt has been [audited a number of times](https://en.wikipedia.org/wiki/Tru
 
     **Cryptomator** makes it easy for you to upload files to the cloud in a virtual encrypted file system.
 
-    [Visit cryptomator.org](https://cryptomator.org){ .md-button .md-button--primary } [Privacy Policy](https://cryptomator.org/privacy){ .md-button }
+    [Homepage](https://cryptomator.org){ .md-button .md-button--primary } [Privacy Policy](https://cryptomator.org/privacy){ .md-button }
 
     ??? downloads
 
@@ -63,7 +63,7 @@ Some of the Cryptomator Crypto Libraries have been [audited](https://cryptomator
 
     **Picocrypt** is a small and simple encryption tool that provides modern encryption. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security. It uses Go's standard x/crypto modules for its encryption features.
 
-    [Visit github.com](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
+    [Project Info](https://github.com/HACKERALERT/Picocrypt#readme){ .md-button .md-button--primary }
 
     ??? downloads
 
@@ -84,7 +84,7 @@ Modern operating systems include [FDE](https://en.wikipedia.org/wiki/Disk_encryp
 
     **BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). [ElcomSoft](https://en.wikipedia.org/wiki/ElcomSoft), a forensics company, has written about it in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
 
-    [Visit microsoft.com](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .md-button .md-button--primary }
+    [Overview](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .md-button .md-button--primary }
 
 BitLocker is [only supported](https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) on Pro, Enterprise, and Education editions of Windows. It can be enabled on Home editions provided that they meet the prerequisites.
 
@@ -129,7 +129,7 @@ BitLocker is [only supported](https://support.microsoft.com/en-us/windows/turn-o
 
     **FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip.
 
-    [Visit support.apple.com](https://support.apple.com/en-us/HT204837){ .md-button .md-button--primary }
+    [Article](https://support.apple.com/en-us/HT204837){ .md-button .md-button--primary }
 
 We recommend storing a local recovery key in a secure place as opposed to utilizing iCloud FileVault recovery. As well, FileVault should be enabled **after** a complete macOS installation as more pseudorandom number generator ([PRNG](https://support.apple.com/guide/security/random-number-generation-seca0c73a75b/web)) [entropy](https://en.wikipedia.org/wiki/Entropy_(computing)) will be available.
 
@@ -141,7 +141,7 @@ We recommend storing a local recovery key in a secure place as opposed to utiliz
 
     **LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers.
 
-    [Visit gitlab.com](https://gitlab.com/cryptsetup/cryptsetup){ .md-button .md-button--primary }
+    [Project Wiki](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .md-button .md-button--primary }
 
 ??? example "Creating and opening encrypted containers"
 
@@ -178,7 +178,7 @@ Browser-based encryption can be useful when you need to encrypt a file but canno
 
     **Hat.sh** is a web application that provides secure client-side file encryption in your browser. It can also be self-hosted and is useful if you need to encrypt a file but cannot install any software on your device due to organizational policies.
 
-    [Visit hat.sh](https://hat.sh){ .md-button .md-button--primary }
+    [Homepage](https://hat.sh){ .md-button .md-button--primary }
 
     ??? downloads
 
@@ -194,9 +194,9 @@ Tools with command-line interfaces are useful for intergrating [shell scripts](h
 
     ![Kryptor logo](assets/img/encryption-software/kryptor.png){ align=right }
 
-    **Kryptor** is a free and open source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/) to provide a simple, user friendly alternative to GPG.
+    **Kryptor** is a free and open source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/) to provide a simple, easier alternative to GPG.
 
-    [Visit kryptor.co.uk](https://www.kryptor.co.uk){ .md-button .md-button--primary } [Privacy Policy](https://www.kryptor.co.uk/features#privacy){ .md-button }
+    [Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary } [Privacy Policy](https://www.kryptor.co.uk/features#privacy){ .md-button }
 
     ??? downloads
 
@@ -213,7 +213,7 @@ Tools with command-line interfaces are useful for intergrating [shell scripts](h
 
     **Tomb** is an is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work).
 
-    [Visit dyne.org](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
+    [Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
 
     ??? downloads
 
@@ -223,7 +223,7 @@ Tools with command-line interfaces are useful for intergrating [shell scripts](h
 
 OpenPGP is sometimes needed for specific tasks such as digitally signing and encrypting email. PGP has many features and is [complex](https://latacora.micro.blog/2019/07/16/the-pgp-problem.html) as it has been around a long time. For tasks such as signing or encrypting files, we suggest the above options.
 
-When encrypting with PGP, the user has the option to configure different options in their `gpg.conf` file. We recommend staying with the standard options specified in the [GnuPG user FAQ](https://www.gnupg.org/faq/gnupg-faq.html#new_user_gpg_conf).
+When encrypting with PGP, you have the option to configure different options in your `gpg.conf` file. We recommend staying with the standard options specified in the [GnuPG user FAQ](https://www.gnupg.org/faq/gnupg-faq.html#new_user_gpg_conf).
 
 !!! tip "Use future defaults when generating a key"
 
@@ -241,7 +241,7 @@ When encrypting with PGP, the user has the option to configure different options
 
     **GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government.
 
-    [Visit gnupg.org](https://gnupg.org){ .md-button .md-button--primary } [Privacy Policy](https://gnupg.org/privacy-policy.html){ .md-button }
+    [Homepage](https://gnupg.org){ .md-button .md-button--primary } [Privacy Policy](https://gnupg.org/privacy-policy.html){ .md-button }
 
     ??? downloads
 
@@ -257,9 +257,9 @@ When encrypting with PGP, the user has the option to configure different options
 
     ![GPG4win logo](assets/img/encryption-software/gpg4win.svg){ align=right }
 
-    **GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that assist PGP users on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005.
+    **GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005.
 
-    [Visit gpg4win.org](https://gpg4win.org){ .md-button .md-button--primary } [Privacy Policy](https://gpg4win.org/privacy-policy.html){ .md-button }
+    [Homepage](https://gpg4win.org){ .md-button .md-button--primary } [Privacy Policy](https://gpg4win.org/privacy-policy.html){ .md-button }
 
     ??? downloads
 
@@ -270,17 +270,17 @@ When encrypting with PGP, the user has the option to configure different options
 
 !!! note
 
-    We suggest [Canary Mail](email-clients/#canary-mail) for using PGP with email on iOS devices.
+    We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices.
 
 !!! recommendation
 
     ![GPG Suite logo](assets/img/encryption-software/gpgsuite.png){ align=right }
 
-    **GPG Suite** provides OpenPGP support for [Apple Mail](email-clients.md#apple-mail) and macOS. GPGTools GmbH costs $24€ yearly for their support plan and includes a 30-day trial.
+    **GPG Suite** provides OpenPGP support for [Apple Mail](email-clients.md#apple-mail) and macOS. GPG Mail costs $24€ yearly for their support plan and includes a 30-day trial. For more details see the [FAQ](https://gpgtools.org/faq).
 
     We recommend taking a look at their [First steps](https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email) and [Knowledge base](https://gpgtools.tenderapp.com/kb) for support.
 
-    [Visit gpgtools.org](https://gpgtools.org){ .md-button .md-button--primary } [Privacy Policy](https://gpgtools.org/privacy){ .md-button }
+    [Homepage](https://gpgtools.org){ .md-button .md-button--primary } [Privacy Policy](https://gpgtools.org/privacy){ .md-button }
 
     ??? downloads
 
@@ -295,7 +295,7 @@ When encrypting with PGP, the user has the option to configure different options
 
     **OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
 
-    [Visit openkeychain.org](https://www.openkeychain.org){ .md-button .md-button--primary } [Privacy Policy](https://www.openkeychain.org/help/privacy-policy){ .md-button }
+    [Homepage](https://www.openkeychain.org){ .md-button .md-button--primary } [Privacy Policy](https://www.openkeychain.org/help/privacy-policy){ .md-button }
 
     ??? downloads
 

docs/file-sharing.en.md

@@ -14,7 +14,7 @@ Discover how to privately share your files between your devices, with your frien
 
     **OnionShare** is an open-source tool that lets you securely and anonymously share a file of any size. It works by starting a web server accessible as a Tor onion service, with an unguessable URL that you can share with the recipients to download or send files.
 
-    [Visit onionshare.org](https://onionshare.org){ .md-button .md-button--primary } [:pg-tor:](http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion){ .md-button }
+    [Homepage](https://onionshare.org){ .md-button .md-button--primary } [:pg-tor:](http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion){ .md-button }
 
     ??? downloads
 
@@ -31,7 +31,7 @@ Discover how to privately share your files between your devices, with your frien
 
     Magic Wormhole is a package that provides a library and a command-line tool named wormhole, which makes it possible to get arbitrary-sized files and directories (or short pieces of text) from one computer to another. Their motto: "Get things from one computer to another, safely.
 
-    [Visit magic-wormhole.readthedocs.io](https://magic-wormhole.readthedocs.io){ .md-button .md-button--primary }
+    [Homepage](https://magic-wormhole.readthedocs.io){ .md-button .md-button--primary }
 
     ??? downloads
 
@@ -48,7 +48,7 @@ Discover how to privately share your files between your devices, with your frien
 
     **FreedomBox** is a operating system designed to be run on a [single-board computer (SBC)](https://en.wikipedia.org/wiki/Single-board_computer). The purpose is to make it easy to set up server applications that you might want to selfhost.
 
-    [Visit freedombox.org](https://freedombox.org){ .md-button .md-button--primary }
+    [Homepage](https://freedombox.org){ .md-button .md-button--primary }
 
     ??? downloads
 
@@ -64,13 +64,15 @@ Discover how to privately share your files between your devices, with your frien
 
     **Syncthing** replaces proprietary sync and cloud services with something open, trustworthy, and decentralized. Your data is your data alone and you deserve to choose where it is stored, if it is shared with some third-party, and how it is transmitted over the Internet.
 
-    [Visit syncthing.net](https://syncthing.net){ .md-button .md-button--primary }
+    [Homepage](https://syncthing.net){ .md-button .md-button--primary }
 
     ??? downloads
 
         - [:fontawesome-brands-windows: Windows](https://syncthing.net/downloads)
         - [:fontawesome-brands-apple: macOS](https://syncthing.net/downloads)
         - [:fontawesome-brands-linux: Linux](https://syncthing.net/downloads)
+        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.nutomic.syncthingandroid)
+        - [:pg-f-droid: F-Droid](https://f-droid.org/packages/com.nutomic.syncthingandroid/)
         - [:fontawesome-brands-github: Source](https://github.com/syncthing)
 
 ### git-annex
@@ -81,7 +83,7 @@ Discover how to privately share your files between your devices, with your frien
 
     **git-annex** allows managing files with git, without checking the file contents into git. While that may seem paradoxical, it is useful when dealing with files larger than git can currently easily handle, whether due to limitations in memory, time, or disk space.
 
-    [Visit git-annex.branchable.com](https://git-annex.branchable.com){ .md-button .md-button--primary } [Privacy Policy](https://git-annex.branchable.com/privacy){ .md-button }
+    [Homepage](https://git-annex.branchable.com){ .md-button .md-button--primary } [Privacy Policy](https://git-annex.branchable.com/privacy){ .md-button }
 
     ??? downloads
 

docs/index.en.md

@@ -3,6 +3,7 @@ template: overrides/home.en.html
 hide:
   - navigation
   - toc
+  - feedback
 ---
 <!-- markdownlint-disable-next-line -->
 <div style="max-width:50rem;margin:auto;" markdown>
@@ -37,9 +38,9 @@ It's important for a website like Privacy Guides to always stay up-to-date. We n
 <div class="grid cards" style="margin:auto;max-width:800px;text-align:center;" markdown>
 
 - [:fontawesome-brands-reddit: Join the r/PrivacyGuides Subreddit](https://www.reddit.com/r/privacyguides)
-- [:fontawesome-brands-twitter: Follow @Privacy_Guides on Twitter](https://twitter.com/privacy_guides)
+- [:fontawesome-brands-mastodon: Follow us on Mastodon](https://mastodon.social/@privacyguides){ rel=me }
 - [:material-book-edit: Contribute to this website](https://github.com/privacyguides/privacyguides.org)
-- [:material-chat: Chat with us on Matrix](https://matrix.to/#/#privacyguides:matrix.org)
+- [:pg-matrix: Chat with us on Matrix](https://matrix.to/#/#privacyguides:matrix.org)
 
 </div>
 <div style="padding:3em;text-align:center;" markdown>
@@ -47,5 +48,11 @@ It's important for a website like Privacy Guides to always stay up-to-date. We n
 
 **Privacy Guides** is a non-profit, socially motivated website that provides information for protecting your data security and privacy.
 
-We do not make money from recommending certain products, and we do not utilize affiliate links. [Learn more :material-arrow-right:](about.md)
+We do not make money from recommending certain products, and we do not utilize affiliate links.
+<div class="grid cards" style="margin:auto;max-width:800px;text-align:center;" markdown>
+
+- [:material-information-outline: Learn More About Us](about/)
+- [:material-hand-coin-outline: Donation Info & Project Backers](about/donate/)
+
+</div>
 </div>

docs/javascripts/feedback.js

@@ -0,0 +1,23 @@
+var feedback = document.forms.feedback
+/* Show feedback */
+feedback.hidden = false
+feedback.addEventListener("submit", function(ev) {
+  ev.preventDefault()
+
+  /* Retrieve page and feedback value */
+  var page = document.location.pathname
+  var data = ev.submitter.getAttribute("data-md-value")
+
+  /* Send feedback value */
+  console.log(page, data)
+  plausible(data)
+
+  /* Disable form and show note, if given */
+  feedback.firstElementChild.disabled = true
+  var note = feedback.querySelector(
+    ".md-feedback__note [data-md-value='" + data + "']"
+  )
+
+  if (note)
+    note.hidden = false
+})

docs/linux-desktop.en.md

@@ -2,7 +2,7 @@
 title: "Linux"
 icon: fontawesome/brands/linux
 ---
-Linux distributions are commonly recommended for privacy protection and user freedom.
+Linux distributions are commonly recommended for privacy protection and software freedom.
 
 - [General Linux Overview :material-arrow-right:](linux-desktop/overview.md)
 
@@ -16,9 +16,9 @@ If you don't already use Linux, below are some distributions we suggest trying o
 
     ![Fedora logo](assets/img/linux-desktop/fedora-workstation.svg){ align=right }
 
-    **Fedora Workstation** is our recommended distribution for users new to Linux. Fedora generally adopts newer technologies before other distributions e.g., [Wayland](https://wayland.freedesktop.org/), [PipeWire](https://pipewire.org), and soon, [FS-Verity](https://fedoraproject.org/wiki/Changes/FsVerityRPM). These new technologies often come with improvements in security, privacy, and usability in general.
+    **Fedora Workstation** is our recommended distribution for people new to Linux. Fedora generally adopts newer technologies before other distributions e.g., [Wayland](https://wayland.freedesktop.org/), [PipeWire](https://pipewire.org), and soon, [FS-Verity](https://fedoraproject.org/wiki/Changes/FsVerityRPM). These new technologies often come with improvements in security, privacy, and usability in general.
 
-    [Visit getfedora.org](https://getfedora.org/){ .md-button .md-button--primary }
+    [Homepage](https://getfedora.org/){ .md-button .md-button--primary }
 
 Fedora has a semi-rolling release cycle. While some packages like [GNOME](https://www.gnome.org) are frozen until the next Fedora release, most packages (including the kernel) are updated frequently throughout the lifespan of the release. Each Fedora release is supported for one year, with a new version released every 6 months.
 
@@ -32,9 +32,9 @@ Fedora has a semi-rolling release cycle. While some packages like [GNOME](https:
 
     openSUSE Tumbleweed has a [transactional update](https://kubic.opensuse.org/blog/2018-04-04-transactionalupdates/) system that uses [Btrfs](https://en.wikipedia.org/wiki/Btrfs) and [Snapper](https://en.opensuse.org/openSUSE:Snapper_Tutorial) to ensure that snapshots can be rolled back should there be a problem.
 
-    [Visit get.opensuse.org](https://get.opensuse.org/tumbleweed/){ .md-button .md-button--primary }
+    [Homepage](https://get.opensuse.org/tumbleweed/){ .md-button .md-button--primary }
 
-Tumbleweed follows a rolling release model where each update is released as a snapshot of the distribution. When the user upgrades their system, a new snapshot is downloaded. Each snapshot is run through a series of automated tests by [openQA](https://openqa.opensuse.org) to ensure its quality.
+Tumbleweed follows a rolling release model where each update is released as a snapshot of the distribution. When you upgrade your system, a new snapshot is downloaded. Each snapshot is run through a series of automated tests by [openQA](https://openqa.opensuse.org) to ensure its quality.
 
 ### Arch Linux
 
@@ -44,11 +44,11 @@ Tumbleweed follows a rolling release model where each update is released as a sn
 
     **Arch Linux** is a lightweight, do-it-yourself (DIY) distribution meaning that you only get what you install. For more information see their [FAQ](https://wiki.archlinux.org/title/Frequently_asked_questions).
 
-    [Visit archlinux.org](https://archlinux.org/){ .md-button .md-button--primary }
+    [Homepage](https://archlinux.org/){ .md-button .md-button--primary }
 
 Arch Linux has a rolling release cycle. There is no fixed release schedule and packages are updated very frequently.
 
-Being a DIY distribution, the user is [expected to set up and maintain](#arch-based-distributions) their system. Arch has an [official installer](https://wiki.archlinux.org/title/Archinstall) to make the installation process a little easier.
+Being a DIY distribution, you are [expected to set up and maintain](#arch-based-distributions) your system on your own. Arch has an [official installer](https://wiki.archlinux.org/title/Archinstall) to make the installation process a little easier.
 
 A large portion of [Arch Linux’s packages](https://reproducible.archlinux.org) are [reproducible](https://reproducible-builds.org).
 
@@ -62,11 +62,11 @@ A large portion of [Arch Linux’s packages](https://reproducible.archlinux.org)
 
     **Fedora Silverblue** and **Fedora Kinoite** are immutable variants of Fedora with a strong focus on container workflows. Silverblue comes with the [GNOME](https://www.gnome.org/) desktop environment while Kinoite comes with [KDE](https://kde.org/). Silverblue and Kinoite follow the same release schedule as Fedora Workstation, benefiting from the same fast updates and staying very close to upstream.
 
-    [Visit silverblue.fedoraproject.org](https://silverblue.fedoraproject.org/){ .md-button .md-button--primary }
+    [Homepage](https://silverblue.fedoraproject.org/){ .md-button .md-button--primary }
 
 Silverblue (and Kinoite) differ from Fedora Workstation as they replace the [DNF](https://fedoraproject.org/wiki/DNF) package manager with a much more advanced alternative called [`rpm-ostree`](https://docs.fedoraproject.org/en-US/fedora/rawhide/system-administrators-guide/package-management/rpm-ostree/). The `rpm-ostree` package manager works by downloading a base image for the system, then overlaying packages over it in a [git](https://en.wikipedia.org/wiki/Git)-like commit tree. When the system is updated, a new base image is downloaded and the overlays will be applied to that new image.
 
-After the update is complete the user will reboot the system into the new deployment. `rpm-ostree` keeps two deployments of the system so that a user can easily rollback if something breaks in the new deployment. There is also the option to pin more deployments as needed.
+After the update is complete you will reboot the system into the new deployment. `rpm-ostree` keeps two deployments of the system so that you can easily rollback if something breaks in the new deployment. There is also the option to pin more deployments as needed.
 
 [Flatpak](https://www.flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside of a container on top of the base image.
 
@@ -80,7 +80,7 @@ As an alternative to Flatpaks, there is the option of [Toolbox](https://docs.fed
 
     NixOS is an independent distribution based on the Nix package manager with a focus on reproducibility and reliability.
 
-    [Visit nixos.org](https://nixos.org/){ .md-button .md-button--primary }
+    [Homepage](https://nixos.org/){ .md-button .md-button--primary }
 
 NixOS’s package manager keeps every version of every package in a different folder in the **Nix store**. Due to this you can have different versions of the same package installed on your system. After the package contents have been written to the folder, the folder is made read-only.
 
@@ -102,7 +102,7 @@ Nix is a source-based package manager; if there’s no pre-built available in th
 
     **Whonix** is based on [Kicksecure](https://www.whonix.org/wiki/Kicksecure), a security-focused fork of Debian. It aims to provide privacy, security, and anonymity on the internet.
 
-    [Visit whonix.org](https://www.whonix.org/){ .md-button .md-button--primary }
+    [Homepage](https://www.whonix.org/){ .md-button .md-button--primary }
 
 Whonix is meant to run as two virtual machines: a “Workstation” and a Tor “Gateway”. All communications from the Workstation has to go through the Tor gateway, and will be routed through the Tor Network.
 
@@ -122,7 +122,7 @@ Whonix is best used [in conjunction with Qubes](https://www.whonix.org/wiki/Qube
 
     It can boot on almost any computer from a DVD, USB stick, or SD card. It aims to preserve privacy and anonymity while circumventing censorship and leaving no trace of itself on the computer it is used on.
 
-    [Visit tails.boum.org](https://tails.boum.org/){ .md-button .md-button--primary }
+    [Homepage](https://tails.boum.org/){ .md-button .md-button--primary }
 
 By design, Tails is meant to completely reset itself after each reboot. Encrypted [persistent storage](https://tails.boum.org/doc/first_steps/persistence/index.en.html) can be configured to store some data.
 
@@ -132,7 +132,7 @@ By design, Tails is meant to completely reset itself after each reboot. Encrypte
 
 Most Linux distributions have an installer option for enabling LUKS FDE upon installation.
 
-If this option isn’t set at installation time, the user will have to backup their data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted.
+If this option isn’t set at installation time, you will have to backup your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted.
 
 When securely erasing storage devices such as a Solid-state drive (SSD) you should use the [ATA Secure Erase](https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase) command. This command can be issued from your UEFI setup. If the storage device is a regular hard drive (HDD), consider using [`nwipe`](https://en.wikipedia.org/wiki/Nwipe).
 

docs/linux-desktop/hardening.en.md

@@ -44,7 +44,7 @@ The [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc) f
 
 ## Umask
 
-If you are not using openSUSE, consider changing the default [umask](https://en.wikipedia.org/wiki/Umask) for both regular users and root to 077. Changing umask to 077 can break snapper on openSUSE and is **not** recommended.
+If you are not using openSUSE, consider changing the default [umask](https://en.wikipedia.org/wiki/Umask) for both regular user accounts and root to 077. Changing umask to 077 can break snapper on openSUSE and is **not** recommended.
 
 ## Mountpoint hardening
 

docs/linux-desktop/overview.en.md

@@ -60,13 +60,13 @@ There is often some confusion about “security-focused” distributions and “
 
 ## Arch-based distributions
 
-Arch based distributions are not recommended for new users, regardless of the distribution. Arch does not have an distribution update mechanism for the underlying software choices. As a result the user of the system must stay aware with current trends and adopt technologies as they supersede older practices.
+Arch based distributions are not recommended for those new to Linux, regardless of the distribution. Arch does not have an distribution update mechanism for the underlying software choices. As a result you have to stay aware with current trends and adopt technologies as they supersede older practices on your own.
 
-For a secure system, the user is also expected to have sufficient Linux knowledge to properly set up security for their system such as adopting a [mandatory access control](https://en.wikipedia.org/wiki/Mandatory_access_control) system, setting up [kernel module](https://en.wikipedia.org/wiki/Loadable_kernel_module#Security) blacklists, hardening boot parameters, manipulating [sysctl](https://en.wikipedia.org/wiki/Sysctl) parameters, and knowing what components they need such as [Polkit](https://en.wikipedia.org/wiki/Polkit).
+For a secure system, you are also expected to have sufficient Linux knowledge to properly set up security for their system such as adopting a [mandatory access control](https://en.wikipedia.org/wiki/Mandatory_access_control) system, setting up [kernel module](https://en.wikipedia.org/wiki/Loadable_kernel_module#Security) blacklists, hardening boot parameters, manipulating [sysctl](https://en.wikipedia.org/wiki/Sysctl) parameters, and knowing what components they need such as [Polkit](https://en.wikipedia.org/wiki/Polkit).
 
-Any user using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository), **must** be comfortable in auditing PKGBUILDs that they install from that service. AUR packages are user-produced content and are not vetted in any way and therefore are vulnerable to software supply chain attacks, which has in fact happened [in the past](https://www.bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository/). AUR should always be used sparingly and often there is a lot of bad advice on various pages which direct users to blindly use [AUR helpers](https://wiki.archlinux.org/title/AUR_helpers) without sufficient warning. Similar warnings apply to using third party Personal Package Archives (PPAs) on Debian based distributions or Community Projects (COPR) on Fedora.
+Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository), **must** be comfortable in auditing PKGBUILDs that they install from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software supply chain attacks, which has in fact happened [in the past](https://www.bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository/). AUR should always be used sparingly and often there is a lot of bad advice on various pages which direct people to blindly use [AUR helpers](https://wiki.archlinux.org/title/AUR_helpers) without sufficient warning. Similar warnings apply to using third party Personal Package Archives (PPAs) on Debian based distributions or Community Projects (COPR) on Fedora.
 
-For advanced users, we only recommend Arch Linux, not any of its derivatives. We recommend against these two Arch derivatives specifically:
+If you are experienced with Linux and wish to use an Arch-based distribution, we only recommend Arch Linux proper, not any of its derivatives. We recommend against these two Arch derivatives specifically:
 
 - **Manjaro**: This distribution holds packages back for 2 weeks to make sure that their own changes don’t break, not to make sure that upstream is stable. When AUR packages are used, they are often built against the latest [libraries](https://en.wikipedia.org/wiki/Library_(computing)) from Arch’s repositories.
 - **Garuda**: They use [Chaotic-AUR](https://aur.chaotic.cx/) which automatically and blindly compiles packages from the AUR. There is no verification process to make sure that the AUR packages don’t suffer from supply chain attacks.

docs/linux-desktop/sandboxing.en.md

@@ -8,7 +8,7 @@ Some sandboxing solutions for desktop Linux distributions do exist, however they
 
 [Flatpak](https://flatpak.org) aims to be a universal package manager for Linux. One of its main goals is to provide a universal package format which can be used in most Linux distributions. It provides some [permission control](https://docs.flatpak.org/en/latest/sandbox-permissions.html). It has been [pointed out](https://madaidans-insecurities.github.io/linux.html#flatpak) that Flatpak sandboxing could be improved as particular Flatpaks often have greater permission than required. There does seem to be [some agreement](https://theevilskeleton.gitlab.io/2021/02/11/response-to-flatkill-org.html) that this is the case.
 
-Users can restrict applications further by issuing [Flatpak overrides](https://docs.flatpak.org/en/latest/flatpak-command-reference.html#flatpak-override). This can be done with the command-line or by using [Flatseal](https://flathub.org/apps/details/com.github.tchx84.Flatseal). Some sample overrides are provided by [tommytran732](https://github.com/tommytran732/Flatpak-Overrides) and [rusty-snake](https://github.com/rusty-snake/kyst/tree/main/flatpak).
+You can restrict applications further by issuing [Flatpak overrides](https://docs.flatpak.org/en/latest/flatpak-command-reference.html#flatpak-override). This can be done with the command-line or by using [Flatseal](https://flathub.org/apps/details/com.github.tchx84.Flatseal). Some sample overrides are provided by [tommytran732](https://github.com/tommytran732/Flatpak-Overrides) and [rusty-snake](https://github.com/rusty-snake/kyst/tree/main/flatpak).
 
 We generally recommend revoking access to:
 
@@ -18,9 +18,9 @@ We generally recommend revoking access to:
 
 If an application works natively with Wayland (and not running through the [XWayland](https://wayland.freedesktop.org/xserver.html) compatibility layer), consider revoking its access to the X11 (`socket=x11`) and [Inter-process communications (IPC)](https://en.wikipedia.org/wiki/Unix_domain_socket) socket (`share=ipc`) as well.
 
-We also recommend restricting broad filesystem permissions such as `filesystem=home` and `filesystem=host` which should be revoked and replaced with just the directories that the app needs to access. Some applications like [VLC](https://www.flathub.org/apps/details/org.videolan.VLC) implement the [Portals](https://docs.flatpak.org/en/latest/portal-api-reference.html) [API](https://en.wikipedia.org/wiki/API), which allows a file manager to pass files to the Flatpak application (e.g. VLC) without specific filesystem access privileges. VLC is only able to access the specific file that the user wants to open, rather than requiring privileges to particular locations.
+We also recommend restricting broad filesystem permissions such as `filesystem=home` and `filesystem=host` which should be revoked and replaced with just the directories that the app needs to access. Some applications like [VLC](https://www.flathub.org/apps/details/org.videolan.VLC) implement the [Portals](https://docs.flatpak.org/en/latest/portal-api-reference.html) [API](https://en.wikipedia.org/wiki/API), which allows a file manager to pass files to the Flatpak application (e.g. VLC) without specific filesystem access privileges. VLC is only able to access the specific file that you want to open, rather than requiring privileges to particular locations.
 
-Hard-coded access to some kernel interfaces like [`/sys`](https://en.wikipedia.org/wiki/Sysfs) and [`/proc`](https://en.wikipedia.org/wiki/Procfs#Linux) and weak [seccomp](https://en.wikipedia.org/wiki/Seccomp) filters unfortunately cannot be secured by the user with Flatpak.
+Hard-coded access to some kernel interfaces like [`/sys`](https://en.wikipedia.org/wiki/Sysfs) and [`/proc`](https://en.wikipedia.org/wiki/Procfs#Linux) and weak [seccomp](https://en.wikipedia.org/wiki/Seccomp) filters unfortunately cannot be secured with Flatpak.
 
 ### Firejail
 
@@ -44,7 +44,7 @@ Linux desktops don't usually include individual app confinement rules, unlike An
 
 ### Making your own policies/profiles
 
-For advanced users, you can make your own AppArmor profiles, SELinux policies, Bubblewrap profiles, and [seccomp](https://en.wikipedia.org/wiki/Seccomp) blacklist to have better confinement of applications. This is quite a tedious and complicated task so we won’t go into detail about how to do it here, but we do have a few projects that you could use as reference.
+You can make your own AppArmor profiles, SELinux policies, Bubblewrap profiles, and [seccomp](https://en.wikipedia.org/wiki/Seccomp) blacklist to have better confinement of applications. This is an advanced and sometimes tedious task, so we won’t go into detail about how to do it here, but we do have a few projects that you could use as reference.
 
 - Whonix’s [AppArmor Everything](https://github.com/Whonix/apparmor-profile-everything)
 - Krathalan’s [AppArmor profiles](https://github.com/krathalan/apparmor-profiles)
@@ -61,6 +61,6 @@ Red Hat develops [Podman](https://docs.podman.io/en/latest/) and secures it with
 
 Another option is [Kata containers](https://katacontainers.io/), where virtual machines masquerade as containers. Each Kata container has its own Linux kernel and is isolated from the host.
 
-These container technologies can be useful even for enthusiastic home users who may want to run certain web app software on their local area network (LAN) such as [Vaultwarden](https://github.com/dani-garcia/vaultwarden) or images provided by [linuxserver.io](https://www.linuxserver.io) to increase privacy by decreasing dependence on various web services.
+These container technologies can be useful for those who may want to run certain web app software on their local area network (LAN) such as [Vaultwarden](https://github.com/dani-garcia/vaultwarden) or images provided by [linuxserver.io](https://www.linuxserver.io) to increase privacy by decreasing dependence on various web services.
 
 --8<-- "includes/abbreviations.en.md"

docs/metadata-removal-tools.en.md

@@ -14,9 +14,9 @@ When sharing files, be sure to remove associated metadata. Image files commonly
 
     **MAT2** is free software, which allows the metadata to be removed from image, audio, torrent, and document file types. It provides both a command line tool and a graphical user interface via an [extension for Nautilus](https://0xacab.org/jvoisin/mat2/-/tree/master/nautilus), the default file manager of [GNOME](https://www.gnome.org), and [Dolphin](https://0xacab.org/jvoisin/mat2/-/tree/master/dolphin), the default file manager of [KDE](https://kde.org).
 
-    For Linux users, a third party graphical tool [Metadata Cleaner](https://gitlab.com/rmnvgr/metadata-cleaner) powered by MAT2 exists and is [available on Flathub](https://flathub.org/apps/details/fr.romainvigier.MetadataCleaner).
+    On Linux, a third party graphical tool [Metadata Cleaner](https://gitlab.com/rmnvgr/metadata-cleaner) powered by MAT2 exists and is [available on Flathub](https://flathub.org/apps/details/fr.romainvigier.MetadataCleaner).
 
-    [Visit 0xacab.org](https://0xacab.org/jvoisin/mat2){ .md-button .md-button--primary }
+    [Homepage](https://0xacab.org/jvoisin/mat2){ .md-button .md-button--primary }
 
     ??? downloads
 
@@ -34,7 +34,7 @@ When sharing files, be sure to remove associated metadata. Image files commonly
 
     **ExifCleaner** is a freeware, open source graphical app that uses [ExifTool](https://exiftool.org) to remove Exif metadata from images, videos, and PDF documents using a simple drag and drop interface. It supports multi-core batch processing and dark mode.
 
-    [Visit exifcleaner.com](https://exifcleaner.com){ .md-button .md-button--primary }
+    [Homepage](https://exifcleaner.com){ .md-button .md-button--primary }
 
     ??? downloads
 
@@ -53,7 +53,7 @@ When sharing files, be sure to remove associated metadata. Image files commonly
 
     **Scrambled Exif** is a metadata removal tool for Android. It can remove Exif data for many file formats and has been translated into [many](https://gitlab.com/juanitobananas/scrambled-exif/-/tree/master/app/src/main/res) languages.
 
-    [Visit gitlab.com](https://gitlab.com/juanitobananas/scrambled-exif){ .md-button .md-button--primary }
+    [Project Info](https://gitlab.com/juanitobananas/scrambled-exif#scrambled-exif){ .md-button .md-button--primary }
 
     ??? downloads
 
@@ -69,7 +69,7 @@ When sharing files, be sure to remove associated metadata. Image files commonly
 
     **Imagepipe** is a a paint app for Android that can be used to redact photos and also delete Exif metadata. It has been translated into [many](https://codeberg.org/Starfish/Imagepipe#translations) languages.
 
-    [Visit codeberg.org](https://codeberg.org/Starfish/Imagepipe){ .md-button .md-button--primary }
+    [Project Info](https://codeberg.org/Starfish/Imagepipe#imagepipe){ .md-button .md-button--primary }
 
     ??? downloads
 
@@ -90,7 +90,7 @@ Imagepipe is only available from F-Droid and not in Google Play. If you're looki
 
     Metapho is a simple and clean viewer for photo metadata such as date, file name, size, camera model, shutter speed, and location.
 
-    [Visit zininworks.com](https://zininworks.com/metapho){ .md-button .md-button--primary } [Privacy Policy](https://zininworks.com/privacy/){ .md-button }
+    [Homepage](https://zininworks.com/metapho){ .md-button .md-button--primary } [Privacy Policy](https://zininworks.com/privacy/){ .md-button }
 
     ??? downloads
 
@@ -108,7 +108,7 @@ Imagepipe is only available from F-Droid and not in Google Play. If you're looki
 
     It's often a component of other Exif removal applications and is in most Linux distribution repositories.
 
-    [Visit exiftool.org](https://exiftool.org){ .md-button .md-button--primary }
+    [Homepage](https://exiftool.org){ .md-button .md-button--primary }
 
     ??? downloads
 

docs/multi-factor-authentication.en.md

@@ -14,7 +14,7 @@ icon: 'material/two-factor-authentication'
 
     One of the benefits of the YubiKey is that one key can do almost everything (YubiKey 5), you could expect from a hardware security key. We do encourage you to take the [quiz](https://www.yubico.com/quiz/) before purchasing in order to make sure you make the right choice.
 
-    [Visit yubico.com](https://www.yubico.com){ .md-button .md-button--primary } [Privacy Policy](https://www.yubico.com/support/terms-conditions/privacy-notice){ .md-button }
+    [Website](https://www.yubico.com){ .md-button .md-button--primary } [Privacy Policy](https://www.yubico.com/support/terms-conditions/privacy-notice){ .md-button }
 
 The [comparison table](https://www.yubico.com/store/compare/) shows the features and how the YubiKeys compare. We highly recommend that you select keys from the YubiKey 5 Series.
 
@@ -33,7 +33,7 @@ For models which support HOTP and TOTP, there are 2 slots in the OTP interface w
 
     **Nitrokey** has a security key capable of [FIDO2 and WebAuthn](security/multi-factor-authentication.md#fido-fast-identity-online) called the **Nitrokey FIDO2**. For PGP support, you need to purchase one of their other keys such as the **Nitrokey Start**, **Nitrokey Pro 2** or the **Nitrokey Storage 2**.
 
-    [Visit nitrokey.com](https://www.nitrokey.com){ .md-button .md-button--primary } [Privacy Policy](https://www.nitrokey.com/data-privacy-policy){ .md-button }
+    [Website](https://www.nitrokey.com){ .md-button .md-button--primary } [Privacy Policy](https://www.nitrokey.com/data-privacy-policy){ .md-button }
 
 The [comparison table](https://www.nitrokey.com/#comparison) shows the features and how the Nitrokey models compare. The **Nitrokey 3** listed will have a combined feature set.
 
@@ -71,7 +71,7 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative
 
     **Aegis Authenticator** is a free, secure and open source app to manage your 2-step verification tokens for your online services.
 
-    [Visit getaegis.app](https://getaegis.app){ .md-button .md-button--primary } [Privacy Policy](https://getaegis.app/aegis/privacy.html){ .md-button }
+    [Homepage](https://getaegis.app){ .md-button .md-button--primary } [Privacy Policy](https://getaegis.app/aegis/privacy.html){ .md-button }
 
     ??? downloads
 
@@ -87,7 +87,7 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative
 
     **Raivo OTP** is a native, lightweight and secure time-based (TOTP) & counter-based (HOTP) password client for iOS. Raivo OTP offers optional iCloud backup & sync. Raivo OTP is also available for macOS in the form of a status bar application, however the Mac app does not work independently of the iOS app.
 
-    [Visit github.com](https://github.com/raivo-otp/ios-application){ .md-button .md-button--primary } [Privacy Policy](https://github.com/raivo-otp/ios-application/blob/master/PRIVACY.md){ .md-button }
+    [Project Info](https://github.com/raivo-otp/ios-application#readme){ .md-button .md-button--primary } [Privacy Policy](https://github.com/raivo-otp/ios-application/blob/master/PRIVACY.md){ .md-button }
 
     ??? downloads
 

docs/news-aggregators.en.md

@@ -15,7 +15,7 @@ A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to k
 
     **Fluent Reader** is a secure cross-platform news aggregator that has useful privacy features such as deletion of cookies on exit, strict [content security policies (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) and proxy support, meaning you can use it over [Tor](self-contained-networks.md#tor).
 
-    [Visit hyliu.me](https://hyliu.me/fluent-reader){ .md-button .md-button--primary } [Privacy Policy](https://github.com/yang991178/fluent-reader/wiki/Privacy){ .md-button }
+    [Homepage](https://hyliu.me/fluent-reader){ .md-button .md-button--primary } [Privacy Policy](https://github.com/yang991178/fluent-reader/wiki/Privacy){ .md-button }
 
     ??? downloads
 
@@ -31,7 +31,7 @@ A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to k
 
     **GNOME Feeds** is an [RSS](https://en.wikipedia.org/wiki/RSS) and [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)) news reader for [GNOME](https://www.gnome.org). It has a simple interface and is quite fast.
 
-    [Visit gfeeds.gabmus.org](https://gfeeds.gabmus.org){ .md-button .md-button--primary }
+    [Homepage](https://gfeeds.gabmus.org){ .md-button .md-button--primary }
 
     ??? downloads
 
@@ -47,7 +47,7 @@ A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to k
 
     **Akregator** is a news feed reader that is a part of the [KDE](https://kde.org) project. It comes with a fast search, advanced archiving functionality and an internal browser for easy news reading.
 
-    [Visit kde.org](https://apps.kde.org/akregator){ .md-button .md-button--primary } [Privacy Policy](https://kde.org/privacypolicy-apps){ .md-button }
+    [Website](https://apps.kde.org/akregator){ .md-button .md-button--primary } [Privacy Policy](https://kde.org/privacypolicy-apps){ .md-button }
 
     ??? downloads
 
@@ -62,7 +62,7 @@ A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to k
 
     **Handy News Reader** is a fork of [Flym](https://github.com/FredJul/Flym) that has many [features](https://github.com/yanus171/Handy-News-Reader#features) and works well with folders of RSS feeds. It supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)) and [RDF](https://en.wikipedia.org/wiki/RDF%2FXML).
 
-    [Visit yanus171.github.io](https://yanus171.github.io/Handy-News-Reader/){ .md-button .md-button--primary }
+    [Homepage](https://yanus171.github.io/Handy-News-Reader/){ .md-button .md-button--primary }
 
     ??? downloads
 
@@ -78,7 +78,7 @@ A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to k
 
     **NetNewsWire** a free and open-source feed reader for macOS and iOS with a focus on a native design and feature set. It supports the typical feed formats alongside built-in support for Twitter and Reddit feeds.
 
-    [Visit netnewswire.com](https://netnewswire.com/){ .md-button .md-button--primary } [Privacy Policy](https://netnewswire.com/privacypolicy){ .md-button }
+    [Homepage](https://netnewswire.com/){ .md-button .md-button--primary } [Privacy Policy](https://netnewswire.com/privacypolicy){ .md-button }
 
     ??? downloads
 
@@ -95,7 +95,7 @@ A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to k
 
     **Miniflux** is a web-based news aggregator that you can self-host. It supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)), [RDF](https://en.wikipedia.org/wiki/RDF%2FXML) and [JSON Feed](https://en.wikipedia.org/wiki/JSON_Feed).
 
-    [Visit miniflux.app](https://miniflux.app){ .md-button .md-button--primary }
+    [Homepage](https://miniflux.app){ .md-button .md-button--primary }
 
     ??? downloads
 
@@ -109,7 +109,7 @@ A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to k
 
     **Newsboat** is an RSS/Atom feed reader for the text console. It's an actively maintained fork of [Newsbeuter](https://en.wikipedia.org/wiki/Newsbeuter). It is very lightweight, and ideal for use over [Secure Shell](https://en.wikipedia.org/wiki/Secure_Shell).
 
-    [Visit newsboat.org](https://newsboat.org){ .md-button .md-button--primary }
+    [Homepage](https://newsboat.org){ .md-button .md-button--primary }
 
     ??? downloads
 
@@ -122,6 +122,7 @@ Some social media services also support RSS although it's not often advertised.
 ### YouTube
 
 You can subscribe YouTube channels without logging in and associating usage information with your Google Account.
+
 !!! example
 
     To subscribe to a YouTube channel with an RSS client, first look for your [channel code](https://support.google.com/youtube/answer/6180214), replace `channel_id` below:

docs/notebooks.en.md

@@ -17,7 +17,7 @@ If you are currently using an application like Evernote, Google Keep, or Microso
 
     **Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle a large number of markdown notes organized into notebooks and tags. It offers E2EE and can sync through Nextcloud, Dropbox, and more. It also offers easy import from Evernote and plain-text notes.
 
-    [Visit joplinapp.org](https://joplinapp.org/){ .md-button .md-button--primary }
+    [Website](https://joplinapp.org/){ .md-button .md-button--primary }
 
     ??? downloads
 
@@ -41,7 +41,7 @@ Joplin does not support password/pin protection for the [application itself or i
 
     Standard Notes is a simple and private notes app that makes your notes easy and available everywhere you are. It features E2EE on every platform, and a powerful desktop experience with themes and custom editors. It has also been [independently audited (PDF)](https://s3.amazonaws.com/standard-notes/security/Report-SN-Audit.pdf).
 
-    [Visit standardnotes.com](https://standardnotes.com){ .md-button .md-button--primary }
+    [Website](https://standardnotes.com){ .md-button .md-button--primary }
 
     ??? downloads
 
@@ -64,7 +64,7 @@ Joplin does not support password/pin protection for the [application itself or i
 
     [etebase](https://docs.etebase.com), which is the foundation of EteSync, can also be used by other apps as a backend to store data end-to-end encrypted (E2EE).
 
-    [Visit etesync.com](https://www.etesync.com){ .md-button .md-button--primary }  [Privacy Policy](https://www.etesync.com/tos/#privacy){ .md-button }
+    [Website](https://www.etesync.com){ .md-button .md-button--primary }  [Privacy Policy](https://www.etesync.com/tos/#privacy){ .md-button }
 
     ??? downloads
 
@@ -84,7 +84,7 @@ Joplin does not support password/pin protection for the [application itself or i
 
     **Org-mode** is a [major mode](https://www.gnu.org/software/emacs/manual/html_node/elisp/Major-Modes.html) for GNU Emacs. Org-mode is for keeping notes, maintaining TODO lists, planning projects, and authoring documents with a fast and effective plain-text system. Synchronization is possible with [file synchronization](/software/file-sharing/#sync) tools.
 
-    [Visit orgmode.org](https://orgmode.org){ .md-button .md-button--primary }
+    [Homepage](https://orgmode.org){ .md-button .md-button--primary }
 
     ??? downloads
 

docs/passwords.en.md

@@ -22,7 +22,7 @@ These password managers store the password database locally.
 
     **KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal to extend and improve it with new features and bugfixes to provide a feature-rich, fully cross-platform and modern open-source password manager.
 
-    [Visit keepassxc.org](https://keepassxc.org){ .md-button .md-button--primary } [Privacy Policy](https://keepassxc.org/privacy){ .md-button }
+    [Homepage](https://keepassxc.org){ .md-button .md-button--primary } [Privacy Policy](https://keepassxc.org/privacy){ .md-button }
 
     ??? downloads
 
@@ -46,7 +46,7 @@ KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-se
 
     For more details, we recommend looking at their [FAQ](https://github.com/Kunzisoft/KeePassDX/wiki/FAQ).
 
-    [Visit keepassdx.com](https://www.keepassdx.com){ .md-button .md-button--primary }
+    [Homepage](https://www.keepassdx.com){ .md-button .md-button--primary }
 
     ??? downloads
 
@@ -66,7 +66,7 @@ These password managers sync up to a cloud server that may be self-hostable.
 
     **Bitwarden** is a free and open-source password manager. It aims to solve password management problems for individuals, teams, and business organizations. Bitwarden is among the easiest and safest solutions to store all of your logins and passwords while conveniently keeping them synced between all of your devices. If you don't want to use the Bitwarden cloud, you can easily host your own Bitwarden server.
 
-    [Visit bitwarden.com](https://bitwarden.com){ .md-button .md-button--primary } [Privacy Policy](https://bitwarden.com/privacy){ .md-button }
+    [Website](https://bitwarden.com){ .md-button .md-button--primary } [Privacy Policy](https://bitwarden.com/privacy){ .md-button }
 
     ??? downloads
 
@@ -90,7 +90,7 @@ These password managers sync up to a cloud server that may be self-hostable.
 
     **Psono** is a free and open source password manager from Germany, with a focus on password management for teams. It can be [self-hosted](#password-management-servers). Psono supports secure sharing of passwords, files, bookmarks, and emails. All secrets are protected by a master password.
 
-    [Visit psono.com](https://psono.com){ .md-button .md-button--primary } [Privacy Policy](https://psono.com/privacy-policy){ .md-button }
+    [Website](https://psono.com){ .md-button .md-button--primary } [Privacy Policy](https://psono.com/privacy-policy){ .md-button }
 
     ??? downloads
 
@@ -114,7 +114,7 @@ These products are self-hostable synchronization for cloud based password manage
 
     **Vaultwarden** is an alternative implementation of the Bitwarden server API written in Rust and compatible with upstream Bitwarden clients, perfect for self-hosted deployment where running the official resource-heavy service might not be ideal.
 
-    [Visit github.com](https://github.com/dani-garcia/vaultwarden){ .md-button .md-button--primary }
+    [Project Info](https://github.com/dani-garcia/vaultwarden#readme){ .md-button .md-button--primary }
 
     ??? downloads
 
@@ -129,7 +129,7 @@ These products are self-hostable synchronization for cloud based password manage
 
     Psono provides [extensive documentation](https://doc.psono.com/) for their product. The [web-client](https://doc.psono.com/admin/installation/install-webclient.html#installation-with-docker) for Psono can be self hosted; alternatively, you can choose the the full [Community Edition](https://doc.psono.com/admin/installation/install-server-ce.html) or the [Enterprise Edition](https://doc.psono.com/admin/installation/install-server-ee.html) with additional features.
 
-    [Visit gitlab.com](https://gitlab.com/psono/psono-server){ .md-button .md-button--primary } [Privacy Policy](https://psono.com/privacy-policy){ .md-button }
+    [Source Code](https://gitlab.com/psono/psono-server){ .md-button .md-button--primary } [Privacy Policy](https://psono.com/privacy-policy){ .md-button }
 
     ??? downloads
 
@@ -148,7 +148,7 @@ These products are minimal password managers that can be used within scripting a
 
     **gopass** is a password manager for the command line written in Go. It works on all major desktop and server operating systems (Linux, MacOS, BSD, Windows).
 
-    [Visit gopass.pw](https://www.gopass.pw){ .md-button .md-button--primary }
+    [Homepage](https://www.gopass.pw){ .md-button .md-button--primary }
 
     ??? downloads
 

docs/productivity.en.md

@@ -14,7 +14,7 @@ Get working and collaborating without sharing your documents with a middleman or
 
     **LibreOffice** is a free and open-source office suite with extensive functionality.
 
-    [Visit libreoffice.org](https://www.libreoffice.org){ .md-button .md-button--primary } [Privacy Policy](https://www.libreoffice.org/about-us/privacy/privacy-policy-en/){ .md-button }
+    [Homepage](https://www.libreoffice.org){ .md-button .md-button--primary } [Privacy Policy](https://www.libreoffice.org/about-us/privacy/privacy-policy-en/){ .md-button }
 
     ??? downloads
 
@@ -35,18 +35,18 @@ Get working and collaborating without sharing your documents with a middleman or
 
     ![OnlyOffice logo](assets/img/productivity/onlyoffice.svg){ align=right }
 
-    **OnlyOffice** is alternative, it is free and open-source office suite with extensive functionality.
+    **OnlyOffice** is a cloud-based free and open-source office suite with extensive functionality, including integration with Nextcloud.
 
-    [Visit onlyoffice.com](https://www.onlyoffice.com){ .md-button .md-button--primary } [Privacy Policy](https://help.onlyoffice.com/products/files/doceditor.aspx?fileid=5048502&doc=SXhWMEVzSEYxNlVVaXJJeUVtS0kyYk14YWdXTEFUQmRWL250NllHNUFGbz0_IjUwNDg1MDIi0){ .md-button }
+    [Homepage](https://www.onlyoffice.com){ .md-button .md-button--primary } [Privacy Policy](https://help.onlyoffice.com/products/files/doceditor.aspx?fileid=5048502&doc=SXhWMEVzSEYxNlVVaXJJeUVtS0kyYk14YWdXTEFUQmRWL250NllHNUFGbz0_IjUwNDg1MDIi0){ .md-button }
 
     ??? downloads
 
-        - [:fontawesome-brands-windows: Windows](https://www.onlyoffice.com/download-desktop.aspx?from=default)
-        - [:fontawesome-brands-apple: macOS](https://www.onlyoffice.com/download-desktop.aspx?from=default)
-        - [:fontawesome-brands-linux: Linux](https://www.libreoffice.org/download/download/)
+        - [:fontawesome-brands-windows: Windows](https://www.onlyoffice.com/download-desktop.aspx)
+        - [:fontawesome-brands-apple: macOS](https://www.onlyoffice.com/download-desktop.aspx)
+        - [:fontawesome-brands-linux: Linux](https://www.onlyoffice.com/download-desktop.aspx)
         - [:fontawesome-brands-freebsd: FreeBSD](https://www.freshports.org/www/onlyoffice-documentserver/)
         - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.onlyoffice.documents)
-        - [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/onlyoffice-documents/id944896972)
+        - [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/id944896972)
         - [:fontawesome-brands-github: Source](https://github.com/ONLYOFFICE)
 
 ## Planning
@@ -59,7 +59,7 @@ Get working and collaborating without sharing your documents with a middleman or
 
     **Framadate** is a free and open-source online service for planning an appointment or making a decision quickly and easily. No registration is required.
 
-    [Visit framadate.org](https://framadate.org){ .md-button .md-button--primary }
+    [Homepage](https://framadate.org){ .md-button .md-button--primary }
 
     ??? downloads
 
@@ -73,9 +73,9 @@ Get working and collaborating without sharing your documents with a middleman or
 
     ![PrivateBin logo](assets/img/productivity/privatebin.svg){ align=right }
 
-    **PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
+    **PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin. There is a [list of instances](https://privatebin.info/directory/).
 
-    [Visit privatebin.info](https://privatebin.info){ .md-button .md-button--primary }
+    [Website](https://privatebin.info){ .md-button .md-button--primary }
 
     ??? downloads
 
@@ -92,7 +92,7 @@ Get working and collaborating without sharing your documents with a middleman or
 
     **CryptPad** is a private-by-design alternative to popular office tools. All content is end-to-end encrypted.
 
-    [Visit cryptpad.fr](https://cryptpad.fr){ .md-button .md-button--primary } [Privacy Policy](https://cryptpad.fr/pad/#/2/pad/view/GcNjAWmK6YDB3EO2IipRZ0fUe89j43Ryqeb4fjkjehE/){ .md-button }
+    [Website](https://cryptpad.fr){ .md-button .md-button--primary } [Privacy Policy](https://cryptpad.fr/pad/#/2/pad/view/GcNjAWmK6YDB3EO2IipRZ0fUe89j43Ryqeb4fjkjehE/){ .md-button }
 
     ??? downloads
 
@@ -112,7 +112,7 @@ Get working and collaborating without sharing your documents with a middleman or
 
     **Write.as** is a cross-platform, privacy-oriented blogging platform. It's anonymous by default, letting you publish without signing up. If you create an account, it doesn't require any personal information. No ads, distraction-free, and built on a sustainable business model.
 
-    [Visit write.as](https://write.as){ .md-button .md-button--primary } [:pg-tor:](http://writeasw4b635r4o3vec6mu45s47ohfyro5vayzx2zjwod4pjswyovyd.onion){ .md-button } [Privacy Policy](https://write.as/privacy){ .md-button }
+    [Website](https://write.as){ .md-button .md-button--primary } [:pg-tor:](http://writeasw4b635r4o3vec6mu45s47ohfyro5vayzx2zjwod4pjswyovyd.onion){ .md-button } [Privacy Policy](https://write.as/privacy){ .md-button }
 
     ??? downloads
 
@@ -134,7 +134,7 @@ Get working and collaborating without sharing your documents with a middleman or
 
     **VSCodium** is a free and open-source project featuring binaries of [Visual Studio Code](https://code.visualstudio.com) without Microsoft's branding/telemetry/licensing.
 
-    [Visit vscodium.com](https://vscodium.com){ .md-button .md-button--primary }
+    [Homepage](https://vscodium.com){ .md-button .md-button--primary }
 
     ??? downloads
 

docs/qubes.en.md

@@ -12,8 +12,9 @@ Qubes OS is a distribution of Linux that uses [Xen](https://en.wikipedia.org/wik
 
     **Qubes** is an open-source operating system designed to provide strong security for desktop computing. Qubes is based on Xen, the X Window System, and Linux, and can run most Linux applications and utilize most of the Linux drivers.
 
-    [Visit qubes-os.org](https://www.qubes-os.org/){ .md-button .md-button--primary } [:pg-tor:](http://qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion){ .md-button } [Privacy Policy](https://www.qubes-os.org/privacy){ .md-button }
+    [Homepage](https://www.qubes-os.org/){ .md-button .md-button--primary } [:pg-tor:](http://qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion){ .md-button } [Privacy Policy](https://www.qubes-os.org/privacy){ .md-button }
 
     ??? downloads
 
+        - [:fontawesome-solid-compact-disc: Disc image](https://www.qubes-os.org/downloads/)
         - [:fontawesome-brands-github: Source](https://github.com/QubesOS)

docs/real-time-communication.en.md

@@ -14,7 +14,7 @@ icon: material/chat-processing
 
     All communications are E2EE. Contact lists are encrypted using your login PIN and the server does not have access to them. Personal profiles are also encrypted and only shared with contacts who add you.
 
-    [Visit signal.org](https://signal.org/){ .md-button .md-button--primary }
+    [Homepage](https://signal.org/){ .md-button .md-button--primary } [Privacy Policy](https://signal.org/legal/#privacy-policy){ .md-button }
 
     ??? downloads
 
@@ -29,7 +29,7 @@ Signal has minimal metadata when [Sealed Sender](https://signal.org/blog/sealed-
 
 Signal requires your phone number as a personal identifier.
 
-[Sealed Sender](https://signal.org/blog/sealed-sender/) is only enabled for users on your contact list but can be enabled for all recipients with the increased risk of receiving spam.
+[Sealed Sender](https://signal.org/blog/sealed-sender/) is only enabled for people in your contacts list, but can be enabled for all recipients with the increased risk of receiving spam.
 
 The protocol was independently [audited](https://eprint.iacr.org/2016/1013.pdf) in 2016. The specification for the Signal protocol can be found in their [documentation](https://signal.org/docs/).
 
@@ -43,13 +43,14 @@ The protocol was independently [audited](https://eprint.iacr.org/2016/1013.pdf)
 
     Messages and files shared in private rooms (those which require an invite) are by default E2EE as are 1 to 1 voice and video calls.
 
-    [Visit element.io](https://element.io/){ .md-button .md-button--primary }
+    [Website](https://element.io/){ .md-button .md-button--primary } [Privacy Policy](https://element.io/privacy){ .md-button }
 
     ??? downloads
 
         - [:fontawesome-brands-windows: Windows](https://element.io/get-started)
         - [:fontawesome-brands-apple: macOS](https://element.io/get-started)
         - [:fontawesome-brands-linux: Linux](https://element.io/get-started)
+        - [:octicons-browser-16: Browser](https://app.element.io)
         - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=im.vector.app)
         - [:pg-f-droid: F-Droid](https://f-droid.org/packages/im.vector.app/)
         - [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/vector/id1083446067)
@@ -71,7 +72,7 @@ The protocol was independently [audited](https://matrix.org/blog/2016/11/21/matr
 
     **Briar** is an encrypted instant messenger that [connects](https://briarproject.org/how-it-works/) to other clients using the Tor Network. Briar can also connect via Wi-Fi or Bluetooth when in local proximity. Briar’s local mesh mode can be useful when internet availability is a problem.
 
-    [Visit briarproject.org](https://briarproject.org/){ .md-button .md-button--primary }
+    [Homepage](https://briarproject.org/){ .md-button .md-button--primary } [Privacy Policy](https://briarproject.org/privacy-policy/){ .md-button }
 
     ??? downloads
 
@@ -93,30 +94,33 @@ Briar supports perfect forward secrecy by using the Bramble [Handshake](https://
 
     ![Session logo](assets/img/messengers/session.svg){ align=right }
 
-    **Session** is an encrypted instant messenger that uses three random [service nodes](https://getsession.org/blog/onion-requests-session-new-message-routing-solution) to route messages anonymously on the [Oxen Network](https://oxen.io).
+    **Session** is a decentralized messenger with a focus on private, secure, and anonymous communications. Session offers support for direct messages, group chats, and voice calls.
 
-    [Visit getsession.org](https://getsession.org/){ .md-button .md-button--primary }
+    Session utilizes the decentralized [Oxen Service Node Network](https://oxen.io/) to store and route messages. Every encrypted message is routed through three nodes in the Oxen Service Node Network, making it virtually impossible for the nodes to compile meaningful information on those using the network.
+
+    [Homepage](https://getsession.org/){ .md-button .md-button--primary } [Privacy Policy](https://getsession.org/privacy-policy){ .md-button }
 
     ??? downloads
 
-        - [:fontawesome-brands-windows: Windows](https://getsession.org/windows)
-        - [:fontawesome-brands-apple: macOS](https://getsession.org/mac)
+        - [:fontawesome-brands-windows: Windows](https://getsession.org/download)
+        - [:fontawesome-brands-apple: macOS](https://getsession.org/download)
         - [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/id1470168868)
-        - [:fontawesome-brands-linux: Linux](https://www.getsession.org/linux)
-        - [:fontawesome-brands-android: Android](https://fdroid.getsession.org/)
+        - [:fontawesome-brands-linux: Linux](https://getsession.org/download)
         - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=network.loki.messenger)
         - [:pg-f-droid: F-Droid](https://fdroid.getsession.org)
-        - [:fontawesome-brands-github: Source](https://github.com/oxen-io/session-desktop)
+        - [:fontawesome-brands-github: Source](https://github.com/oxen-io)
 
-Session allows for E2EE in one-to-one or closed rooms that allow up to 100 members. Open rooms have no restriction on the number of members, but anyone can join.
+Session allows for E2EE in one-on-one chats or closed groups which allow for up to 100 members. Open groups have no restriction on the number of members, but are open by design.
 
-Session does [not](https://getsession.org/blog/session-protocol-technical-information) support forward secrecy. The key pair for each conversation is not rotated.
+Session does [not](https://getsession.org/blog/session-protocol-technical-information) support perfect forward secrecy, which is when an encryption system automatically and frequently changes the keys it uses to encrypt and decrypt information, such that if the latest key is compromised it exposes a smaller portion of sensitive information.
 
-Session was independently audited in 2020. The protocol is described in a whitepaper.
+Oxen requested an independent audit for Session in March of 2020. The audit [concluded](https://getsession.org/session-code-audit) in April of 2021, “The overall security level of this application is good and makes it usable for privacy-concerned people.”
+
+Session has a [whitepaper](https://arxiv.org/pdf/2002.04609.pdf) describing the technicals of the app and protocol.
 
 ## Types of Communication Networks
 
-There are several network architectures commonly used to relay messages between users. These networks can provide different different privacy guarantees, which is why it's worth considering your [threat model](https://en.wikipedia.org/wiki/Threat_model) when making a decision about which app to use.
+There are several network architectures commonly used to relay messages between people. These networks can provide different different privacy guarantees, which is why it's worth considering your [threat model](https://en.wikipedia.org/wiki/Threat_model) when making a decision about which app to use.
 
 ### Centralized Networks
 
@@ -136,7 +140,7 @@ Some self-hosted messengers allow you to set up your own server. Self-hosting ca
 **Disadvantages:**
 
 - Can include [restricted control or access](https://drewdevault.com/2018/08/08/Signal.html). This can include things like:
-- Being [forbidden from connecting third-party clients](https://github.com/LibreSignal/LibreSignal/issues/37#issuecomment-217211165) to the centralized network that might provide for greater customization or better user experience. Often defined in Terms and Conditions of usage.
+- Being [forbidden from connecting third-party clients](https://github.com/LibreSignal/LibreSignal/issues/37#issuecomment-217211165) to the centralized network that might provide for greater customization or a better experience. Often defined in Terms and Conditions of usage.
 - Poor or no documentation for third-party developers.
 - The [ownership](https://web.archive.org/web/20210729191953/https://blog.privacytools.io/delisting-wire/), privacy policy, and operations of the service can change easily when a single entity controls it, potentially compromising the service later on.
 - Self hosting requires effort and knowledge of how to set up a service.
@@ -147,7 +151,7 @@ Some self-hosted messengers allow you to set up your own server. Self-hosting ca
 
 Federated messengers use multiple, independent, decentralized servers that are able to talk to each other (email is one example of a federated service). Federation allows system administrators to control their own server and still be a part of the larger communications network.
 
-When self-hosted, users of a federated server can discover and communicate with users of other servers, although some servers may choose to remain private by being non-federated (e.g., work team server).
+When self-hosted, members of a federated server can discover and communicate with members of other servers, although some servers may choose to remain private by being non-federated (e.g., work team server).
 
 **Advantages:**
 
@@ -162,7 +166,7 @@ When self-hosted, users of a federated server can discover and communicate with
 - Due to the previous point, features can be lacking, or incomplete or working in unexpected ways compared to centralized platforms, such as message relay when offline or message deletion.
 - Some metadata may be available (e.g., information like "who is talking to whom," but not actual message content if E2EE is used).
 - Federated servers generally require trusting your server's administrator. They may be a hobbyist or otherwise not a "security professional," and may not serve standard documents like a privacy policy or terms of service detailing how your data is utilized.
-- Server administrators sometimes choose to block other servers, which are a source of unmoderated abuse or break general rules of accepted behavior. This will hinder your ability to communicate with users on those servers.
+- Server administrators sometimes choose to block other servers, which are a source of unmoderated abuse or break general rules of accepted behavior. This will hinder your ability to communicate with members of those servers.
 
 ### Peer-to-Peer Networks
 
@@ -174,7 +178,7 @@ Clients (peers) usually find each other through the use of a [distributed comput
 
 Once a peer has found a route to its contact via any of these methods, a direct connection between them is made. Although messages are usually encrypted, an observer can still deduce the location and identity of the sender and recipient.
 
-P2P networks do not use servers, as users communicate directly between each others, and hence cannot be self-hosted. However, some additional services may rely on centralized servers, such as users discovery or offline messages relaying, which can benefit from self-hosting.
+P2P networks do not use servers, as peers communicate directly between each other, and hence cannot be self-hosted. However, some additional services may rely on centralized servers, such as user discovery or relaying offline messages, which can benefit from self-hosting.
 
 **Advantages:**
 

docs/router.en.md

@@ -13,7 +13,7 @@ Below are a few alternative operating systems, that can be used on routers, Wi-F
 
     **OpenWrt** is an operating system (in particular, an embedded operating system) based on the Linux kernel, primarily used on embedded devices to route network traffic. The main components are the Linux kernel, util-linux, uClibc, and BusyBox. All components have been optimized for size, to be small enough for fitting into the limited storage and memory available in home routers.
 
-    [Visit openwrt.org](https://openwrt.org){ .md-button .md-button--primary }
+    [Homepage](https://openwrt.org){ .md-button .md-button--primary }
 
     ??? downloads
 
@@ -30,7 +30,7 @@ You can consult OpenWrt's [table of hardware](https://openwrt.org/toh/start) to
 
     pfSense is an open source firewall/router computer software distribution based on FreeBSD. It is installed on a computer to make a dedicated firewall/router for a network and is noted for its reliability and offering features often only found in expensive commercial firewalls. pfSense is commonly deployed as a perimeter firewall, router, wireless access point, DHCP server, DNS server, and VPN endpoint.
 
-    [Visit pfsense.org](https://www.pfsense.org){ .md-button .md-button--primary } [Privacy Policy](https://www.pfsense.org/privacy.html){ .md-button }
+    [Homepage](https://www.pfsense.org){ .md-button .md-button--primary } [Privacy Policy](https://www.pfsense.org/privacy.html){ .md-button }
 
     ??? downloads
 

docs/search-engines.en.md

@@ -12,27 +12,31 @@ Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org/) if your thr
 
 !!! recommendation
 
-    ![DuckDuckGo logo](assets/img/search-engines/duckduckgo.svg){ align=right }
+    ![DuckDuckGo logo](assets/img/search-engines/duckduckgo.svg#only-light){ align=right }
+    ![DuckDuckGo logo](assets/img/search-engines/duckduckgo-dark.svg#only-dark){ align=right }
 
-    **DuckDuckGo** is a popular search engine and is the default for the Tor Browser.
+    **DuckDuckGo** is one of the more mainstream private search engine options. Notable DuckDuckGo search features include [bangs](https://duckduckgo.com/bang) and many [instant answers](https://help.duckduckgo.com/duckduckgo-help-pages/features/instant-answers-and-other-features/). The search engine relies on a commercial Bing API to serve most results, but it does use numerous [other sources](https://help.duckduckgo.com/results/sources/) for instant answers and other non-primary results.
 
-    DuckDuckGo uses a commercial Bing API and various [other sources](https://help.duckduckgo.com/results/sources) to provide its search data.
+    While DuckDuckGo’s primary service is its search engine, the company has recently been branching out by offering various other services and products. This includes their web browsers, email relay service, etc.
 
-    [Visit duckduckgo.com](https://duckduckgo.com){ .md-button .md-button--primary } [:pg-tor:](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion){ .md-button } [Privacy Policy](https://duckduckgo.com/privacy){ .md-button }
+    DuckDuckGo is the default search engine for the Tor Browser and is one of the few available options on Apple’s Safari browser.
 
-DuckDuckGo is based in the :flag_us: US. Their [Privacy Policy](https://duckduckgo.com/privacy) states they **do** log your search query, but not your IP or any other identifying information.
+    [Website](https://duckduckgo.com){ .md-button .md-button--primary } [:pg-tor:](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion){ .md-button } [Privacy Policy](https://duckduckgo.com/privacy){ .md-button }
 
-DuckDuckGo has a [lite](https://duckduckgo.com/lite) and [html](https://duckduckgo.com/html) only version, both of which [do not require JavaScript](https://help.duckduckgo.com/features/non-javascript) and can be used with their [Tor onion address](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion) (append [/lite](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/lite) or [/html](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/html) for the respective version).
+DuckDuckGo is based in the :flag_us: United States. Their [privacy policy](https://duckduckgo.com/privacy) states they **do** log your searches for product improvement purposes, but not your IP address or any other personally identifying information.
+
+DuckDuckGo offers two other [versions](https://help.duckduckgo.com/features/non-javascript/) of their search engine, both of which do not require JavaScript. These versions do lack features, however. These versions can also be used in conjunction with their [Tor onion address](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/) by appending [/lite](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/lite) or [/html](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/html) for the respective version.
 
 ### Startpage
 
 !!! recommendation
 
-    ![Startpage logo](assets/img/search-engines/startpage.svg){ align=right }
+    ![Startpage logo](assets/img/search-engines/startpage.svg#only-light){ align=right }
+    ![Startpage logo](assets/img/search-engines/startpage-dark.svg#only-dark){ align=right }
 
     **Startpage** is a search engine that provides Google search results. It is a very convenient way to get Google search results without experiencing dark patterns such as difficult captchas or being refused access because you used a [VPN](vpn.md) or [Tor](https://www.torproject.org/download/).
 
-    [Visit startpage.com](https://www.startpage.com){ .md-button .md-button--primary } [Privacy Policy](https://www.startpage.com/en/privacy-policy){ .md-button }
+    [Website](https://www.startpage.com){ .md-button .md-button--primary } [Privacy Policy](https://www.startpage.com/en/privacy-policy){ .md-button }
 
 Startpage is based in the :flag_nl: Netherlands. According to their [Privacy Policy](https://www.startpage.com/en/privacy-policy/), they only log details such as: operating system, type of browser and language. They do not log your IP address, search queries or other identifying information. Startpage proxies Google Search so Google does have access to your search queries.
 
@@ -46,28 +50,27 @@ Startpage's majority shareholder is System1 who is an adtech company. We don't t
 
     **Mojeek** is another privacy friendly search engine. They use their own crawler to provide search data.
 
-    [Visit mojeek.com](https://www.mojeek.com){ .md-button .md-button--primary } [Privacy Policy](https://www.mojeek.com/about/privacy){ .md-button }
+    [Website](https://www.mojeek.com){ .md-button .md-button--primary } [Privacy Policy](https://www.mojeek.com/about/privacy){ .md-button }
 
 The company is based in the :flag_gb: UK. According to their [Privacy Policy](https://www.mojeek.com/about/privacy/), they log the originating country, time, page requested, and referral data of each query. IP addresses are not logged.
 
-### Searx
+### SearXNG
 
 !!! recommendation
 
-    ![Searx logo](assets/img/search-engines/searx.svg){ align=right }
+    ![SearXNG logo](assets/img/search-engines/searxng.svg){ align=right }
 
-    **Searx** is an open-source, self-hostable, metasearch engine, aggregating the results of other search engines while not storing information about its users. There is a [list of public instances](https://searx.space/).
-
-    [Visit searx.github.io](https://searx.github.io/searx){ .md-button .md-button--primary } [:pg-tor:](http://searxspbitokayvkhzhsnljde7rqmn7rvoga6e4waeub3h7ug3nghoad.onion){ .md-button }
+    **SearXNG** is an open-source, self-hostable, metasearch engine, aggregating the results of other search engines while not storing any information itself. It is an actively maintained fork of [SearX](https://github.com/searx/searx). There is a [list of public instances](https://searx.space/).
 
+    [Homepage](https://searxng.org){ .md-button .md-button--primary }
     ??? downloads
 
-        - [:fontawesome-brands-github: Source](https://github.com/asciimoo/searx)
+        - [:fontawesome-brands-github: Source](https://github.com/searxng/searxng)
 
-Searx is a proxy between the user and the search engines it aggregates from. Your search queries will still be sent to the search engines that Searx gets its results from.
+SearXNG is a proxy between you and the search engines it aggregates from. Your search queries will still be sent to the search engines that SearXNG gets its results from.
 
-When self-hosting, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting Searx, as other people looking up illegal content on your instance could draw unwanted attention from authorities.
+When self-hosting, it is important that you have other people using your instance so that the queries would blend in. You should be careful with where and how you are hosting SearXNG, as people looking up illegal content on your instance could draw unwanted attention from authorities.
 
-When you are using a Searx instance, be sure to go read the Privacy Policy of that specific instance. Searx instances can be modified by their owners and therefore may not reflect their associated privacy policy. Some instances have Tor .onion addresses which may grant some privacy as long as your search queries don't contain PII (Personally Identifiable Information).
+When you are using a SearXNG instance, be sure to go read their privacy policy. Since SearXNG instances may be modified by their owners, they do not necessarily reflect their privacy policy. Some instances run as a Tor hidden service, which may grant some privacy as long as your search queries does not contain PII.
 
 --8<-- "includes/abbreviations.en.md"

docs/security/multi-factor-authentication.en.md

@@ -18,13 +18,13 @@ Receiving OTP codes via SMS or email are one of the weaker ways to secure your a
 
 Push notification MFA takes the form of a message being sent to an app on your phone asking you to confirm new account logins. This method is a lot better than SMS or email, since an attacker typically wouldn't be able to get these push notifications without having an already logged-in device, which means they would need to compromise one of your other devices first.
 
-We all make mistakes, and there is the risk that a user may accept the login attempt by accident. Push notification login authorizations are typically sent to *all* your devices at once, widening the availability of the MFA code if you have many devices.
+We all make mistakes, and there is the risk that you might accept the login attempt by accident. Push notification login authorizations are typically sent to *all* your devices at once, widening the availability of the MFA code if you have many devices.
 
 The security of push notification MFA is dependent on both the quality of the app, the server component and the trust of the developer who produces it. Installing an app may also require you to accept invasive privileges that grant access to other data on your device. An individual app also requires that you have a specific app for each service which may not require a password to open, unlike a good TOTP generator app.
 
 ### Time-based One-time Password (TOTP)
 
-TOTP is one of the most commons form of MFA available. When a user sets up TOTP they are generally required to scan a [QR Code](https://en.wikipedia.org/wiki/QR_code) which establishes a "[shared secret](https://en.wikipedia.org/wiki/Shared_secret)" with the service that they intend to use. The shared secret is secured inside of the authenticator app's data, and is sometimes protected by a password.
+TOTP is one of the most commons form of MFA available. When you set up TOTP you are generally required to scan a [QR Code](https://en.wikipedia.org/wiki/QR_code) which establishes a "[shared secret](https://en.wikipedia.org/wiki/Shared_secret)" with the service that you intend to use. The shared secret is secured inside of the authenticator app's data, and is sometimes protected by a password.
 
 The time-limited code is then derived from the shared secret and the current time. As the code is only valid for a short time, without access to the shared secret an adversary cannot generate new codes.
 
@@ -44,9 +44,9 @@ These keys are generally multi-function and provide a number of methods to authe
 
 #### Yubico OTP
 
-Yubico OTP is an authentication protocol typically implemented in hardware security keys. When a user decides to use Yubico OTP, the key will generate a public ID, private ID, and a Secret Key which is then uploaded to the Yubico OTP server.
+Yubico OTP is an authentication protocol typically implemented in hardware security keys. When you decide to use Yubico OTP, the key will generate a public ID, private ID, and a Secret Key which is then uploaded to the Yubico OTP server.
 
-When logging into a website, all a user needs to do is to physically touch the security key. The security key will emulate a keyboard and print out a one-time password into the password field.
+When logging into a website, all you need to do is to physically touch the security key. The security key will emulate a keyboard and print out a one-time password into the password field.
 
 The service will then forward the one-time password to the Yubico OTP server for validation. A counter is incremented both on the key and Yubico's validation server. The OTP can only only be used once, and when a successful authentication occurs the counter is increased which prevents reuse of the OTP. Yubico provides a [detailed document](https://developers.yubico.com/OTP/OTPs_Explained.html) about the process.
 
@@ -56,7 +56,7 @@ The service will then forward the one-time password to the Yubico OTP server for
 
 There are some benefits and disadvantages to using Yubico OTP when compared to TOTP.
 
-The Yubico validation server is a cloud based service, and users place trust in Yubico that they are storing data securely and not profiling users. The public ID associated with Yubico OTP is reused on every website and could be another avenue for third parties to profile the user. Like TOTP, Yubico OTP does not provide phishing resistance.
+The Yubico validation server is a cloud based service, and you're placing trust in Yubico that they are storing data securely and not profiling you. The public ID associated with Yubico OTP is reused on every website and could be another avenue for third parties to profile you. Like TOTP, Yubico OTP does not provide phishing resistance.
 
 If your threat model requires you to have different identities on different websites, **do not** use Yubico OTP with the same hardware security key across those websites as public ID is unique to each security key.
 
@@ -66,13 +66,13 @@ If your threat model requires you to have different identities on different webs
 
 U2F and FIDO2 refer to the [Client to Authenticator Protocol](https://en.wikipedia.org/wiki/Client_to_Authenticator_Protocol), which is the protocol between the security key and the computer, such as a laptop or phone. It complements WebAuthn which is the component used to authenticate with the website (the "Relying Party") you're trying to log in on.
 
-WebAuthn is the most secure and private form of second factor authentication. While the user experience is similar to Yubico OTP, the key does not print out a one-time password and validate with a third party server. Instead it uses [public key cryptography](https://en.wikipedia.org/wiki/Public-key_cryptography) for authentication.
+WebAuthn is the most secure and private form of second factor authentication. While the authentication experience is similar to Yubico OTP, the key does not print out a one-time password and validate with a third party server. Instead it uses [public key cryptography](https://en.wikipedia.org/wiki/Public-key_cryptography) for authentication.
 
 <figure markdown>
   ![FIDO](../assets/img/multi-factor-authentication/fido.png)
 </figure>
 
-When a user creates an account the public key is sent to the service, then when the user logs in, the service will require the user to "sign" some data with their private key. The benefit of this is that no password data is ever stored by the service, so there is nothing for an adversary to steal.
+When you create an account the public key is sent to the service, then when you log in, the service will require you to "sign" some data with your private key. The benefit of this is that no password data is ever stored by the service, so there is nothing for an adversary to steal.
 
 This presentation discusses the history of password authentication, the pitfalls (such as password reuse), and discussion of FIDO2 and [WebAuthn](https://webauthn.guide) standards.
 
@@ -86,9 +86,9 @@ This presentation discusses the history of password authentication, the pitfalls
 
 FIDO2 and WebAuthn have superior security and privacy properties when compared to any MFA methods.
 
-Typically for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). It uses public key authentication and is more secure than shared secrets used in Yubico OTP and TOTP methods, as it includes the origin name (usually, the domain name) during authentication. Attestation is provided to protect the user from phishing, as it helps them to determine that they are using the authentic service and not a fake copy.
+Typically for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). It uses public key authentication and is more secure than shared secrets used in Yubico OTP and TOTP methods, as it includes the origin name (usually, the domain name) during authentication. Attestation is provided to protect you from phishing attacks, as it helps you to determine that you are using the authentic service and not a fake copy.
 
-Unlike Yubico OTP, WebAuthn does not use any public ID, so the key is **not** identifiable across different websites. It also does not use any third party cloud server for authentication. All communication is completed between the key and the website the user is logging into. FIDO also uses a counter which is incremented upon use in order to prevent session reuse and cloned keys.
+Unlike Yubico OTP, WebAuthn does not use any public ID, so the key is **not** identifiable across different websites. It also does not use any third party cloud server for authentication. All communication is completed between the key and the website you are logging into. FIDO also uses a counter which is incremented upon use in order to prevent session reuse and cloned keys.
 
 If a website or service supports WebAuthn for the authentication, it is highly recommended that you use it over any other form of MFA.
 
@@ -146,7 +146,7 @@ The command will prevent an adversary from bypassing MFA when the computer boots
 
     If the hostname of your system changes (such as due to DHCP), you would be unable to login. It is vital that you set up a proper hostname for your computer before following this guide.
 
-The `pam_u2f` module on Linux can provide two factor authentication for user login on most popular Linux distributions. If you have a hardware security key that supports U2F, you can set up MFA authentication for your login. Yubico has a guide [Ubuntu Linux Login Guide - U2F](https://support.yubico.com/hc/en-us/articles/360016649099-Ubuntu-Linux-Login-Guide-U2F) which should work on any distribution. The package manager commands—such as `apt-get`—and package names may however differ. This guide does **not** apply to Qubes OS.
+The `pam_u2f` module on Linux can provide two factor authentication for logging in on most popular Linux distributions. If you have a hardware security key that supports U2F, you can set up MFA authentication for your login. Yubico has a guide [Ubuntu Linux Login Guide - U2F](https://support.yubico.com/hc/en-us/articles/360016649099-Ubuntu-Linux-Login-Guide-U2F) which should work on any distribution. The package manager commands—such as `apt-get`—and package names may however differ. This guide does **not** apply to Qubes OS.
 
 ### Qubes OS
 

docs/self-contained-networks.en.md

@@ -12,9 +12,9 @@ If you are currently browsing clearnet and want to access the dark web, this sec
 
     ![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right }
 
-    The **Tor** network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than making a direct connection, thus allowing both organizations and individuals to share information over public networks without compromising their privacy. Tor is an effective censorship circumvention tool.
+    The **Tor** network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. You use the Tor network by connecting through a series of virtual tunnels rather than making a direct connection to the site you're trying to visit, thus allowing both organizations and individuals to share information over public networks without compromising their privacy. Tor is an effective censorship circumvention tool.
 
-    [Visit torproject.org](https://www.torproject.org){ .md-button .md-button--primary } [:pg-tor:](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion){ .md-button }
+    [Homepage](https://www.torproject.org){ .md-button .md-button--primary } [:pg-tor:](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion){ .md-button }
 
     ??? downloads
 
@@ -38,7 +38,7 @@ If you are currently browsing clearnet and want to access the dark web, this sec
 
     **I2P** is a computer network layer that allows applications to send messages to each other pseudonymously and securely. Uses include anonymous Web surfing, chatting, blogging, and file transfers. The software that implements this layer is called an I2P router and a computer running I2P is called an I2P node. The software is free and open-source and is published under multiple licenses.
 
-    [Visit geti2p.net](https://geti2p.net){ .md-button .md-button--primary } [:pg-i2p:](http://i2p-projekt.i2p){ .md-button }
+    [Homepage](https://geti2p.net){ .md-button .md-button--primary } [:pg-i2p:](http://i2p-projekt.i2p){ .md-button }
 
     ??? downloads
 
@@ -48,9 +48,9 @@ If you are currently browsing clearnet and want to access the dark web, this sec
         - [:fontawesome-brands-freebsd: FreeBSD](https://www.freshports.org/security/i2p)
         - [:pg-openbsd: OpenBSD](https://openports.se/net/i2pd)
         - [:pg-netbsd: NetBSD](https://pkgsrc.se/wip/i2pd)
+        - [:fontawesome-brands-android: Android](https://geti2p.net/en/download#android)
         - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=net.i2p.android)
         - [:pg-f-droid: F-Droid](https://f-droid.org/app/net.i2p.android.router)
-        - [:fontawesome-brands-android: Android](https://download.i2p2.de/android/current/)
         - [:fontawesome-brands-git: Source](https://geti2p.net/en/get-involved/guides/new-developers#getting-the-i2p-code)
 
 ### The Freenet Project
@@ -61,7 +61,7 @@ If you are currently browsing clearnet and want to access the dark web, this sec
 
     **Freenet** is a peer-to-peer platform for censorship-resistant communication. It uses a decentralized distributed data store to keep and deliver information, and has a suite of free software for publishing and communicating on the Web without fear of censorship. Both Freenet and some of its associated tools were originally designed by Ian Clarke, who defined Freenet's goal as providing freedom of speech on the Internet with strong anonymity protection.
 
-    [Visit freenetproject.org/](https://freenetproject.org){ .md-button .md-button--primary }
+    [Homepage](https://freenetproject.org){ .md-button .md-button--primary }
 
     ??? downloads
 

docs/setup/integrating-metadata-removal.en.md

@@ -120,7 +120,7 @@ The lack of *good* metadata removal apps on the App Store is what makes this sol
 
 ## Windows
 
-Windows allows users to place files in a **SendTo** folder which then appear in the *Send to* context menu. This guide will show you how to add an [ExifTool](../metadata-removal-tools.md#exiftool) batch script to this menu.
+Windows allows you to place files in a **SendTo** folder which then appear in the *Send to* context menu. This guide will show you how to add an [ExifTool](../metadata-removal-tools.md#exiftool) batch script to this menu.
 
 ![Send to metadata removal shortcut](../assets/img/integrating-metadata-removal/preview-windows.jpg)
 

docs/stylesheets/extra.css

@@ -61,7 +61,7 @@
 }
 
 /* Define brand */
-:root {
+:root, [data-md-color-scheme="default"] {
     --md-primary-fg-color:        #FFD06F;
     --md-primary-fg-color--light: #ffdd98;
     --md-primary-fg-color--dark:  #db9d21;
@@ -78,7 +78,7 @@
 }
 
 /* Better contrast link colors */
-[data-md-color-scheme="default"] {
+[data-md-color-scheme="default"] > * {
     --md-typeset-a-color: #3C00E0;
 }
 

docs/technology/dns.en.md

@@ -11,7 +11,7 @@ When you visit a website, a numerical address is returned. For example, when you
 
 DNS has existed since the [early days](https://en.wikipedia.org/wiki/Domain_Name_System#History) of the Internet. DNS requests made to and from DNS servers are **not** generally encrypted. In a residential setting, a customer is given servers by the ISP via [DHCP](https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol).
 
-Unencrypted DNS requests are able to be easily **surveilled** and **modified** in transit. In some parts of the world, ISPs are ordered to do primitive [DNS filtering](https://en.wikipedia.org/wiki/DNS_blocking). When a user requests the IP address of a domain that is blocked, the server may not respond or may respond with a different IP address. As the DNS protocol is not encrypted, the ISP (or any network operator) can use [DPI](https://en.wikipedia.org/wiki/Deep_packet_inspection) to monitor requests. ISPs can also block requests based on common characteristics, regardless of which DNS server is used. Unencrypted DNS always uses [port](https://en.wikipedia.org/wiki/Port_(computer_networking)) 53 and always uses UDP.
+Unencrypted DNS requests are able to be easily **surveilled** and **modified** in transit. In some parts of the world, ISPs are ordered to do primitive [DNS filtering](https://en.wikipedia.org/wiki/DNS_blocking). When you request the IP address of a domain that is blocked, the server may not respond or may respond with a different IP address. As the DNS protocol is not encrypted, the ISP (or any network operator) can use [DPI](https://en.wikipedia.org/wiki/Deep_packet_inspection) to monitor requests. ISPs can also block requests based on common characteristics, regardless of which DNS server is used. Unencrypted DNS always uses [port](https://en.wikipedia.org/wiki/Port_(computer_networking)) 53 and always uses UDP.
 
 Below, we discuss and provide a tutorial to prove what an outside observer may see using regular unencrypted DNS and [encrypted DNS](#what-is-encrypted-dns).
 
@@ -131,7 +131,7 @@ Server Name Indication is typically used when a IP address hosts many websites.
 
 2. Then we visit [https://privacyguides.org](https://privacyguides.org).
 
-3. After visiting the website, we what to stop the packet capture with <kbd>CTRL</kbd> + <kbd>C</kbd>.
+3. After visiting the website, we want to stop the packet capture with <kbd>CTRL</kbd> + <kbd>C</kbd>.
 
 4. Next we want to analyze the results:
 

docs/tools.en.md

@@ -125,7 +125,6 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 - ![Disroot logo](assets/img/email/mini/disroot.svg#only-light){ .twemoji }![Disroot logo](assets/img/email/mini/disroot-dark.svg#only-dark){ .twemoji } [Disroot](https://disroot.org/)
 - ![Tutanota logo](assets/img/email/mini/tutanota.svg){ .twemoji } [Tutanota](https://tutanota.com/)
 - ![StartMail logo](assets/img/email/mini/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/mini/startmail-dark.svg#only-dark){ .twemoji } [StartMail](https://startmail.com/)
-- ![CTemplar logo](assets/img/email/mini/ctemplar.svg#only-light){ .twemoji }![CTemplar logo](assets/img/email/mini/ctemplar-dark.svg#only-dark){ .twemoji } [CTemplar](https://ctemplar.com/)
 
 </div>
 
@@ -153,10 +152,10 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 <div class="grid cards" markdown>
 
-- ![DuckDuckGo logo](assets/img/search-engines/duckduckgo.svg){ .twemoji } [DuckDuckGo](https://duckduckgo.com/)
-- ![Startpage logo](assets/img/search-engines/startpage.svg){ .twemoji } [Startpage](https://www.startpage.com/)
-- ![Mojeek logo](assets/img/search-engines//mini/mojeek.svg){ .twemoji } [Mojeek](https://www.mojeek.com/)
-- ![Searx logo](assets/img/search-engines/searx.svg){ .twemoji } [Searx](https://searx.me/)
+- ![DuckDuckGo logo](assets/img/search-engines/mini/duckduckgo.svg){ .twemoji } [DuckDuckGo](https://duckduckgo.com/)
+- ![Startpage logo](assets/img/search-engines/mini/startpage.svg#only-light){ .twemoji }![Startpage logo](assets/img/search-engines/mini/startpage-dark.svg#only-dark){ .twemoji } [Startpage](https://www.startpage.com/)
+- ![Mojeek logo](assets/img/search-engines/mini/mojeek.svg){ .twemoji } [Mojeek](https://www.mojeek.com/)
+- ![SearXNG logo](assets/img/search-engines/mini/searxng-wordmark.svg){ .twemoji } [SearXNG](https://searxng.org)
 
 </div>
 
@@ -296,8 +295,8 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 <div class="grid cards" markdown>
 
-- ![YubiKeys](assets/img/multi-factor-authentication/yubikey.png){ .twemoji } [YubiKey](https://www.yubico.com/)
-- ![Nitrokey](assets/img/multi-factor-authentication/nitrokey.jpg){ .twemoji } [Nitrokey](https://www.nitrokey.com/)
+- ![YubiKeys](assets/img/multi-factor-authentication/mini/yubico.svg){ .twemoji } [YubiKey](https://www.yubico.com/)
+- ![Nitrokey](assets/img/multi-factor-authentication/mini/nitrokey.svg){ .twemoji } [Nitrokey](https://www.nitrokey.com/)
 - ![Aegis logo](assets/img/multi-factor-authentication/aegis.png){ .twemoji } [Aegis Authenticator](https://getaegis.app/)
 - ![Raivo OTP logo](assets/img/multi-factor-authentication/raivo-otp.png){ .twemoji } [Raivo OTP](https://github.com/raivo-otp/ios-application)
 

docs/video-streaming.en.md

@@ -16,7 +16,7 @@ The primary threat when using a video streaming platform is that your streaming
 
     By default, FreeTube blocks all YouTube advertisements. In addition, FreeTube optionally integrates with [SponsorBlock](https://sponsor.ajay.app) to help you skip sponsored video segments.
 
-    [Visit freetubeapp.io](https://freetubeapp.io){ .md-button .md-button--primary } [Privacy Policy](https://freetubeapp.io/privacy.php){ .md-button }
+    [Homepage](https://freetubeapp.io){ .md-button .md-button--primary } [Privacy Policy](https://freetubeapp.io/privacy.php){ .md-button }
 
     ??? downloads
 
@@ -40,7 +40,7 @@ The primary threat when using a video streaming platform is that your streaming
 
     **The LBRY desktop client** helps you stream videos from the LBRY network and stores your subscription list in your own LBRY wallet.
 
-    [Visit lbry.com](https://lbry.com){ .md-button .md-button--primary } [Privacy Policy](https://lbry.com/privacypolicy){ .md-button }
+    [Website](https://lbry.com){ .md-button .md-button--primary } [Privacy Policy](https://lbry.com/privacypolicy){ .md-button }
 
     ??? downloads
 
@@ -71,7 +71,7 @@ You can disable *Save hosting data to help the LBRY network* option in :gear: **
 
     Your subscription list and playlists are saved locally on your Android device.
 
-    [Visit newpipe.net](https://newpipe.net){ .md-button .md-button--primary } [Privacy Policy](https://newpipe.net/legal/privacy){ .md-button }
+    [Homepage](https://newpipe.net){ .md-button .md-button--primary } [Privacy Policy](https://newpipe.net/legal/privacy){ .md-button }
 
     ??? downloads
 
@@ -103,7 +103,7 @@ This fork is not endorsed by or affiliated with the upstream project. The NewPip
 
     **Invidious** is a free and open source front end for YouTube that is also self-hostable. There are list of [public instances](https://instances.invidious.io). Some instances have [Tor](https://www.torproject.org) onion services support.
 
-    [Visit invidious.io](https://invidious.io){ .md-button .md-button--primary } [Privacy Policy](){ .md-button }
+    [Website](https://invidious.io){ .md-button .md-button--primary } [Privacy Policy](){ .md-button }
 
     ??? downloads
 
@@ -132,7 +132,7 @@ When you are using an Invidious instance, be sure to go read the Privacy Policy
 
     Piped requires JavaScript in order to function.
 
-    [Visit piped.kavin.rocks](https://piped.kavin.rocks/){ .md-button .md-button--primary }
+    [Website](https://piped.kavin.rocks/){ .md-button .md-button--primary }
 
     ??? downloads
 

docs/vpn.en.md

@@ -38,7 +38,7 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic.
 
     **EUR €60/year**
 
-    [Visit Mullvad.net](https://mullvad.net){ .md-button .md-button--primary }
+    [Website](https://mullvad.net){ .md-button .md-button--primary } [:pg-tor:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .md-button }
 
 ??? check "35 Countries"
 
@@ -62,27 +62,27 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic.
 
     Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app).
 
-??? check "Accepts Cash"
+??? check "Accepts Cash and Monero"
 
-    Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers.
+    Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers.
 
 ??? check "WireGuard Support"
 
     Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that utilizes state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant.
 
-    Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, whereas Windows users have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/).
+    Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/).
 
 ??? check "IPv6 Support"
 
-    Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows users to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections.
+    Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections.
 
 ??? check "Remote Port Forwarding"
 
-    Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for users who make one-time payments, and not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify port users based on stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information.
+    Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information.
 
 ??? check "Mobile Clients"
 
-    Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to use interface as opposed to requiring users to manual configure their WireGuard connections. The mobile client on Android is also available in [F-Droid](https://f-droid.org/packages/net.mullvad.mullvadvpn), which ensures that it is compiled with [reproducible builds](https://www.f-droid.org/en/2019/05/05/trust-privacy-and-free-software.html).
+    Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to use interface as opposed to requiring you to manually configure your WireGuard connection. The mobile client on Android is also available in [F-Droid](https://f-droid.org/packages/net.mullvad.mullvadvpn), which ensures that it is compiled with [reproducible builds](https://www.f-droid.org/en/2019/05/05/trust-privacy-and-free-software.html).
 
 ??? info "Additional Functionality"
 
@@ -98,7 +98,7 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic.
 
     **Free** - **Basic Plan USD $48/year** - **Plus Plan USD $96/year**
 
-    [Visit ProtonVPN.com](https://protonvpn.com/){ .md-button .md-button--primary }
+    [Website](https://protonvpn.com/){ .md-button .md-button--primary }
 
 ??? check "44 Countries"
 
@@ -108,7 +108,7 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic.
 
 ??? check "Independently Audited"
 
-    As of January 2020 ProtonVPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in ProtonVPN's Windows, Android, and iOS applications, all of which were "properly fixed" by ProtonVPN before the reports were published. None of the issues identified would have provided an attacker remote access to a user's device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/).
+    As of January 2020 ProtonVPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in ProtonVPN's Windows, Android, and iOS applications, all of which were "properly fixed" by ProtonVPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/).
 
 ??? check "Open Source Clients"
 
@@ -146,7 +146,7 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic.
 
     **Standard USD $60/year** - **Pro USD $100/year**
 
-    [Visit IVPN.net](https://www.ivpn.net/){ .md-button .md-button--primary }
+    [Website](https://www.ivpn.net/){ .md-button .md-button--primary }
 
 ??? check "32 Countries"
 
@@ -214,14 +214,14 @@ We require all our recommended VPN providers to provide OpenVPN configuration fi
 - Support for strong protocols such as WireGuard & OpenVPN.
 - Killswitch built in to clients.
 - Multihop support. Multihopping is important to keep data private in case of a single node compromise.
-- If VPN clients are provided, they should be [open source](https://en.wikipedia.org/wiki/Open_source), like the VPN software they generally have built into them. We believe that [source code](https://en.wikipedia.org/wiki/Source_code) availability provides greater transparency to the user about what their device is actually doing. We like to see these applications [available in F-Droid](https://www.f-droid.org/en/2019/05/05/trust-privacy-and-free-software.html).
+- If VPN clients are provided, they should be [open source](https://en.wikipedia.org/wiki/Open_source), like the VPN software they generally have built into them. We believe that [source code](https://en.wikipedia.org/wiki/Source_code) availability provides greater transparency about what your device is actually doing. We like to see these applications [available in F-Droid](https://www.f-droid.org/en/2019/05/05/trust-privacy-and-free-software.html).
 
 **Best Case:**
 
 - WireGuard and OpenVPN support.
 - Killswitch with highly configurable options (enable/disable on certain networks, on boot, etc.)
 - Easy-to-use VPN clients
-- Supports [IPv6](https://en.wikipedia.org/wiki/IPv6). We expect that servers will allow incoming connections via IPv6 and allow users to access services hosted on IPv6 addresses.
+- Supports [IPv6](https://en.wikipedia.org/wiki/IPv6). We expect that servers will allow incoming connections via IPv6 and allow you to access services hosted on IPv6 addresses.
 - Capability of [remote port forwarding](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) assists in creating connections when using P2P ([Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer)) filesharing software, Freenet, or hosting a server (e.g., Mumble).
 
 ### Privacy
@@ -274,21 +274,21 @@ With the VPN providers we recommend we like to see responsible marketing.
 
 **Minimum to Qualify:**
 
-- Must self host analytics (no Google Analytics etc). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those users who want to opt-out.
+- Must self host analytics (no Google Analytics etc). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt-out.
 
 Must not have any marketing which is irresponsible:
 
-- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know users can quite easily deanonymize themselves in a number of ways, eg:
-- Reusing personal information eg. (email accounts, unique pseudonyms etc) that they accessed without anonymity software (Tor, VPN etc)
-- [Browser fingerprinting](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint)
+- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily deanonymize themselves in a number of ways, eg:
+  - Reusing personal information eg. (email accounts, unique pseudonyms etc) that they accessed without anonymity software (Tor, VPN etc)
+  - [Browser fingerprinting](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint)
 - Claim that a single circuit VPN is "more anonymous" than Tor, which is a circuit of 3 or more hops that regularly changes.
-- Use responsible language, eg it is okay to say that a VPN is "disconnected" or "not connected", however claiming that a user is "exposed", "vulnerable" or "compromised" is needless use of alarming language that may be incorrect. For example the visiting user might be on another VPN provider's service or using Tor.
+- Use responsible language, eg it is okay to say that a VPN is "disconnected" or "not connected", however claiming that someone is "exposed", "vulnerable" or "compromised" is needless use of alarming language that may be incorrect. For example, that person might simply be on another VPN provider's service or using Tor.
 
 **Best Case:**
 
 Responsible marketing that is both educational and useful to the consumer could include:
 
-- An accurate comparison to when Tor or other [self-contained networks.md](self-contained-networks) should be used.
+- An accurate comparison to when Tor or other [self-contained networks](self-contained-networks.md) should be used.
 - Availability of the VPN provider's website over a .onion [Hidden Service](https://en.wikipedia.org/wiki/.onion)
 
 ### Additional Functionality
@@ -350,7 +350,7 @@ For use cases like these, or if you have another compelling reason, the VPN prov
 3. [Slicing Onions: Part 1 – Myth-busting Tor](https://medium.com/privacyguides/slicing-onions-part-1-myth-busting-tor-9ec188ae1904) by blacklight447
 4. [Slicing Onions: Part 2 – Onion recipes; VPN not required](https://web.archive.org/web/20210116140725/https://write.privacytools.io/my-thoughts-on-security/slicing-onions-part-2-onion-recipes-vpn-not-required) by blacklight447
 5. [IVPN Privacy Guides](https://www.ivpn.net/privacy-guides)
-6. ["Do I need a VPN?"](https://www.doineedavpn.com), a tool developed by IVPN to challenge aggressive VPN marketing and help individuals decide if a VPN is right for them.
+6. ["Do I need a VPN?"](https://www.doineedavpn.com), a tool developed by IVPN to challenge aggressive VPN marketing by helping individuals decide if a VPN is right for them.
 
 ## Related VPN information
 

includes/abbreviations.en.md

@@ -2,7 +2,6 @@
 *[2FA]: 2-Factor Authentication
 *[ADB]: Android Debug Bridge
 *[AOSP]: Android Open Source Project
-*[attack surface]: The attack surface of software or hardware is the sum of the different places an unauthorized user (the "attacker") can try to enter data to or extract data from.
 *[AVB]: Android Verified Boot
 *[CLI]: Command Line Interface
 *[CSV]: Comma-Separated Values
@@ -17,7 +16,6 @@
 *[Exif]: Exchangeable image file format
 *[FDE]: Full Disk Encryption
 *[FIDO]: Fast IDentity Online
-*[fork]: In software development, a fork is created when developers take a copy of source code from one software package and start independent development on it, creating a distinct and separate piece of software.
 *[GPG]: GNU Privacy Guard (PGP implementation)
 *[GPS]: Global Positioning System
 *[GUI]: Graphical User Interface
@@ -49,8 +47,8 @@
 *[OpenPGP]: Open-source implementation of Pretty Good Privacy (PGP)
 *[P2P]: Peer-to-Peer
 *[PGP]: Pretty Good Privacy (see OpenPGP)
+*[PII]: Personally Identifiable Information
 *[QNAME]: Qualified Name
-*[rolling release]: An update release cycle in which updates are released very frequently, instead of at set intervals.
 *[RSS]: Really Simple Syndication
 *[SELinux]: Security-Enhanced Linux
 *[SIM]: Subscriber Identity Module
@@ -71,4 +69,7 @@
 *[VoIP]: Voice over IP (Internet Protocol)
 *[W3C]: World Wide Web Consortium
 *[XMPP]: Extensible Messaging and Presence Protocol
+*[attack surface]: The attack surface of software or hardware is the sum of the different places an attacker can try to enter data to or extract data from.
 *[cgroups]: Control Groups
+*[fork]: In software development, a fork is created when developers take a copy of source code from one software package and start independent development on it, creating a distinct and separate piece of software.
+*[rolling release]: An update release cycle in which updates are released very frequently, instead of at set intervals.

mkdocs.yml

@@ -12,15 +12,36 @@ copyright: |
 
 extra:
   generator: false
+  analytics:
+    provider: plausible
+    property: privacyguides.org
+    feedback:
+      title: Was this page helpful?
+      ratings:
+        - icon: material/emoticon-happy-outline
+          name: This page was helpful
+          data: Helpful
+          note: Thanks for your feedback!
+        - icon: material/emoticon-sad-outline
+          name: This page could be improved
+          data: Needs Improvement
+          note: Thanks for your feedback! Help us improve this page by opening a <a href="https://github.com/orgs/privacyguides/discussions" target=_blank>discusson on GitHub</a>.
   social:
-    - icon: fontawesome/brands/mastodon
-      link: https://mastodon.social/@privacyguides
-    - icon: fontawesome/brands/twitter
-      link: https://twitter.com/privacy_guides
-    - icon: fontawesome/brands/github
-      link: https://github.com/privacyguides
+    - icon: pg/matrix
+      link: https://matrix.to/#/#privacyguides:matrix.org
+      name: Matrix
     - icon: fontawesome/brands/reddit-alien
       link: https://reddit.com/r/PrivacyGuides
+      name: Reddit
+    - icon: fontawesome/brands/mastodon
+      link: https://mastodon.social/@privacyguides
+      name: Mastodon
+    - icon: fontawesome/brands/twitter
+      link: https://twitter.com/privacy_guides
+      name: Twitter
+    - icon: fontawesome/brands/github
+      link: https://github.com/privacyguides
+      name: GitHub
 repo_url: https://github.com/privacyguides/privacyguides.org
 repo_name: privacyguides.org
 edit_uri: edit/main/docs/
@@ -69,7 +90,8 @@ plugins:
         - index.en.md
   - privacy:
       externals_exclude:
-        - cdn.jsdelivr.net/npm/mathjax@3/* 
+        - cdn.jsdelivr.net/npm/mathjax@3/*
+        - api.privacyguides.net/*
 extra_css:
   - stylesheets/extra.css
 markdown_extensions:
@@ -90,7 +112,10 @@ markdown_extensions:
   - pymdownx.mark
   - pymdownx.tilde
   - pymdownx.snippets
+  - pymdownx.tasklist:
+      custom_checkbox: true
   - attr_list
+  - def_list
   - md_in_html
   - meta
   - abbr
@@ -108,6 +133,7 @@ markdown_extensions:
 
 extra_javascript:
   - javascripts/mathjax.js
+  - javascripts/feedback.js
 
 nav:
   - Home: 'index.md'
@@ -154,9 +180,13 @@ nav:
       - 'news-aggregators.md'
       - 'self-contained-networks.md'
       - 'video-streaming.md'
-  - 'About Us':
+  - 'About':
     - 'about.md'
+    - 'about/donate.md'
+    - 'Online Services': 'https://privacyguides.net'
+    - 'Website Statistics': 'https://stats.privacyguides.net/privacyguides.org'
     - 'about/notices.md'
     - 'about/privacy-policy.md'
+  - 'Donate': '/about/donate/'
   - 'Discussions': 'https://github.com/orgs/privacyguides/discussions'
   - 'Blog': 'https://blog.privacyguides.org/'

theme/.icons/pg/matrix.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1536 1792"><path d="M40.467 163.152v1465.696H145.92V1664H0V128h145.92v35.152zm450.757 464.64v74.14h2.069c19.79-28.356 43.717-50.215 71.483-65.575 27.765-15.656 59.963-23.336 96-23.336 34.56 0 66.165 6.795 94.818 20.086 28.652 13.293 50.216 37.22 65.28 70.893 16.246-23.926 38.4-45.194 66.166-63.507 27.766-18.314 60.848-27.472 98.954-27.472 28.948 0 55.828 3.545 80.64 10.635 24.812 7.088 45.785 18.314 63.508 33.968 17.722 15.656 31.31 35.742 41.354 60.85 9.747 25.107 14.768 55.236 14.768 90.683v366.573h-150.35V865.28c0-18.314-.59-35.741-2.068-51.987-1.476-16.247-5.316-30.426-11.52-42.24-6.499-12.112-15.656-21.563-28.062-28.653-12.405-7.088-29.242-10.634-50.214-10.634-21.268 0-38.4 4.135-51.397 12.112-12.997 8.27-23.336 18.608-30.72 31.901-7.386 12.997-12.407 27.765-14.77 44.602-2.363 16.542-3.84 33.379-3.84 50.216v305.133H692.971v-307.2c0-16.247-.294-32.197-1.18-48.149-.591-15.95-3.84-30.424-9.157-44.011-5.317-13.293-14.178-24.223-26.585-32.197-12.406-7.976-30.425-12.112-54.646-12.112-7.088 0-16.542 1.478-28.062 4.726-11.52 3.25-23.04 9.157-33.968 18.02-10.93 8.86-20.383 21.563-28.063 38.103-7.68 16.543-11.52 38.4-11.52 65.28v317.834H349.44V627.792zm1004.309 1001.056V163.152H1390.08V128H1536v1536h-145.92v-35.152z"/></svg>

theme/.icons/pg/privacyguides.svg

@@ -1,7 +0,0 @@
-<svg clip-rule="evenodd" fill-rule="evenodd" stroke-linejoin="round" stroke-miterlimit="2" version="1.1" viewBox="0 0 9600 9600" xml:space="preserve" xmlns="http://www.w3.org/2000/svg">
-<title>privacyguides</title>
-<g transform="matrix(173.35 0 0 173.35 -1732.7 -1580.4)">
-<path d="m18.466 16.31c-0.187 0.628-0.082 1.363 0.128 2.831l2.659 18.614c0.46 3.216 0.689 4.823 1.298 6.26 0.539 1.274 1.294 2.445 2.232 3.461 1.059 1.147 2.429 2.018 5.169 3.762l3.896 2.479c1.868 1.189 2.802 1.783 3.806 2.015 0.772 0.178 1.57 0.201 2.349 0.069-0.644-1.471-1.001-3.095-1.001-4.804 0-6.627 5.373-12 12-12 1.934 0 3.761 0.458 5.379 1.27 0.113-0.717 0.231-1.541 0.37-2.512l2.659-18.614c0.21-1.468 0.315-2.203 0.128-2.831-0.164-0.554-0.485-1.049-0.923-1.425-0.498-0.427-1.212-0.63-2.638-1.038l-15.656-4.473c-0.491-0.14-0.736-0.21-0.986-0.238-0.221-0.025-0.444-0.025-0.666 0-0.249 0.028-0.495 0.098-0.985 0.238l-15.657 4.473c-1.426 0.408-2.14 0.611-2.637 1.038-0.439 0.376-0.76 0.871-0.924 1.425z" fill-opacity=".31"/>
-<path d="m32.836 13.626c0.11-0.012 0.222-0.012 0.333 0 0.096 0.011 0.202 0.037 0.74 0.19l15.656 4.473c0.735 0.211 1.206 0.346 1.558 0.476 0.335 0.125 0.455 0.207 0.515 0.259 0.22 0.188 0.38 0.435 0.462 0.712 0.023 0.077 0.049 0.22 0.026 0.577-0.024 0.375-0.092 0.859-0.201 1.616l-2.233 15.631c-6.841 0.659-12.19 6.423-12.19 13.437 0 1.385 0.209 2.721 0.596 3.979l-0.747 0.476c-1.963 1.249-2.645 1.658-3.337 1.818-0.666 0.154-1.357 0.154-2.023 0-0.693-0.16-1.375-0.569-3.337-1.818l-3.896-2.479c-2.808-1.787-3.977-2.545-4.872-3.515-0.821-0.889-1.482-1.913-1.954-3.028-0.514-1.215-0.723-2.593-1.194-5.887l-2.659-18.614c-0.108-0.757-0.176-1.241-0.201-1.616-0.023-0.357 3e-3 -0.5 0.026-0.577 0.082-0.277 0.243-0.524 0.462-0.712 0.061-0.052 0.181-0.134 0.515-0.259 0.353-0.13 0.823-0.265 1.558-0.476l15.657-4.473c0.537-0.153 0.644-0.179 0.74-0.19zm22.067 8.675-2.187 15.304c6.647 0.842 11.786 6.517 11.786 13.392 0 7.456-6.044 13.5-13.5 13.5-4.992 0-9.351-2.71-11.687-6.739l-0.353 0.225-0.223 0.141c-1.651 1.053-2.792 1.779-4.051 2.07-1.109 0.255-2.262 0.255-3.371 0-1.259-0.291-2.4-1.017-4.052-2.07l-0.222-0.141-4.089-2.602c-2.556-1.627-4.081-2.597-5.273-3.888-1.055-1.143-1.905-2.46-2.511-3.893-0.686-1.618-0.941-3.407-1.369-6.406l-2.699-18.893c-0.099-0.69-0.184-1.289-0.217-1.793-0.035-0.535-0.021-1.073 0.143-1.625 0.246-0.831 0.728-1.573 1.386-2.137 0.437-0.374 0.922-0.607 1.425-0.794 0.473-0.175 1.056-0.341 1.725-0.533l0.051-0.014 15.656-4.473 0.083-0.024c0.41-0.117 0.771-0.221 1.148-0.263 0.333-0.037 0.668-0.037 1 0 0.378 0.042 0.739 0.146 1.148 0.263l0.083 0.024 15.707 4.487c0.67 0.192 1.252 0.358 1.726 0.533 0.502 0.187 0.988 0.42 1.425 0.794 0.658 0.564 1.139 1.306 1.386 2.137 0.163 0.552 0.178 1.09 0.143 1.625-0.033 0.504-0.119 1.103-0.217 1.792v1e-3zm-3.901 18.196c-5.799 0-10.5 4.701-10.5 10.5s4.701 10.5 10.5 10.5 10.5-4.701 10.5-10.5-4.701-10.5-10.5-10.5zm7.152 6.961c0.531-0.637 0.445-1.583-0.192-2.113-0.636-0.53-1.582-0.445-2.112 0.192l-6.449 7.738-3.338-3.339c-0.586-0.585-1.536-0.585-2.121 0-0.586 0.586-0.586 1.536 0 2.122l4.5 4.5c0.298 0.298 0.707 0.457 1.128 0.438s0.815-0.215 1.084-0.538l7.5-9zm-32.652-17.461c0-4.142 3.358-7.5 7.5-7.5s7.5 3.358 7.5 7.5c0 2.454-1.178 4.632-3 6.001v5.999c0 2.486-2.014 4.5-4.5 4.5-2.485 0-4.5-2.014-4.5-4.5v-5.999c-1.821-1.369-3-3.547-3-6.001zm9 7.5h-3v4.5c0 0.829 0.672 1.5 1.5 1.5 0.829 0 1.5-0.671 1.5-1.5v-4.5zm-1.5-3c2.486 0 4.5-2.014 4.5-4.5 0-2.485-2.014-4.5-4.5-4.5-2.485 0-4.5 2.015-4.5 4.5 0 2.486 2.015 4.5 4.5 4.5z"/>
-</g>
-</svg>

theme/overrides/home.en.html

@@ -23,4 +23,14 @@
   </section>
 {% endblock %}
 {% block footer %}
+<footer class="md-footer">
+  <div class="md-footer-meta md-typeset">
+    <div class="md-footer-meta__inner md-grid">
+      {% include "partials/copyright.html" %}
+      {% if config.extra.social %}
+        {% include "partials/social.html" %}
+      {% endif %}
+    </div>
+  </div>
+</footer>
 {% endblock %}

theme/partials/integrations/analytics/plausible.html

@@ -0,0 +1,2 @@
+<script defer data-domain="{{ config.extra.analytics.property }}" src="https://api.privacyguides.net/js/script.js"></script>
+<script>window.plausible = window.plausible || function() { (window.plausible.q = window.plausible.q || []).push(arguments) }</script>