Minor fixes to various pages (#1327)

Signed-off-by: Daniel Gray <dng@disroot.org>

.github/dependabot.yml

@@ -1,27 +1,29 @@
 version: 2
 
-registries:
-
-  fortawesome:
-    type: npm-registry
-    url: https://npm.fontawesome.com/
-    token: ${{ secrets.FONTAWESOME_NPM_AUTH_TOKEN }}
-
 updates:
 
+  # Maintain dependencies for GitHub Actions
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
       interval: "daily"
+    assignees:
+      - "jonaharagon"
+    reviewers:
+      - "jonaharagon"
+    labels:
+      - "fix:github_actions"
 
-  - package-ecosystem: "bundler" # See documentation for possible values
-    directory: "/" # Location of package manifests
-    schedule:
-      interval: "daily"
-
-  - package-ecosystem: "npm"
+  # Maintain dependencies for pipenv
+  - package-ecosystem: "pip"
     directory: "/"
-    registries:
-      - fortawesome
+    ignore:
+      - dependency-name: "mkdocs-material"
     schedule:
       interval: "daily"
+    assignees:
+      - "jonaharagon"
+    reviewers:
+      - "jonaharagon"
+    labels:
+      - "fix:python"

.markdownlint.yml

@@ -1,5 +1,7 @@
 default: true
 line-length: false
+ul-indent:
+  indent: 4
 no-inline-html: false
 code-block-style: false
 no-hard-tabs:

README.md

@@ -1,11 +1,10 @@
 <!-- markdownlint-disable MD041 -->
 <div align="center">
-  <a href="https://privacyguides.org#gh-light-mode-only">
-    <img src="/docs/assets/img/layout/privacy-guides-logo.svg" width="500px" alt="Privacy Guides" />
-  </a>
-  
-  <a href="https://privacyguides.org#gh-dark-mode-only">
-    <img src="/docs/assets/img/layout/privacy-guides-logo-dark.svg" width="500px" alt="Privacy Guides" />
+  <a href="https://www.privacyguides.org/">
+    <picture>
+      <source media="(prefers-color-scheme: dark)" srcset="https://privacyguides.org/assets/img/layout/privacy-guides-logo-dark.svg">
+      <img alt="Privacy Guides" width="500px" src="https://privacyguides.org/assets/img/layout/privacy-guides-logo.svg">
+    </picture>
   </a>
 
   <p><em>Your central privacy and security resource to protect yourself online.</em></p>

docs/android.en.md

@@ -311,6 +311,8 @@ Evaluate whether the additional features in the F-Droid build are worth the slow
 
 #### Neo Store
 
+<small><i>Neo Store is a recent rebrand of Droid-ify.</i></small>
+
 The official F-Droid client targets a [low API level](https://wonderfall.dev/fdroid-issues/#3-low-target-api-level-sdk-for-client--apps) and does not utilize the [seamless updates](https://www.androidcentral.com/google-will-finally-bring-seamless-app-updates-alternative-app-stores-android-12) feature introduced in Android 12. Targeting lower API levels means that the F-Droid client cannot take advantage of the new improvements in the application sandboxes that comes with higher API levels. For automatic updates to work, the F-Droid client requires that the [Privileged Extension](https://f-droid.org/en/packages/org.fdroid.fdroid.privileged/) be included in the operating system, granting it more privileges than what a normal app would have, which is not great for security.
 
 To mitigate these problems, we recommend [Neo Store](https://github.com/NeoApplications/Neo-Store) as it supports seamless updates on Android 12 and above without needing any special privileges and targets a higher API level.

docs/assets/img/calendar-contacts/mini/proton-calendar.svg

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><defs><linearGradient id="SVGID_00000094620430057427565900000015311327790582914980_" x1="796.82" x2="203.77" y1="249.42" y2="1067.3" gradientTransform="matrix(.035694 0 0 -.035694 5.0337e-7 30.979)" gradientUnits="userSpaceOnUse"><stop stop-color="#C8E8FF" offset="0"/><stop stop-color="#BDAEFF" offset=".3075"/><stop stop-color="#6D4AFF" offset="1"/></linearGradient><radialGradient id="SVGID_1_" cx="169.05" cy="788.91" r="1" gradientTransform="matrix(-16.88 45.338 60.416 22.494 -44786 -25421)" gradientUnits="userSpaceOnUse"><stop stop-color="#54B7FF" stop-opacity="0" offset=".5561"/><stop stop-color="#54B7FF" offset=".9944"/></radialGradient></defs><g stroke-width=".035694"><path class="st0" d="m5.0337e-7 6.425c0-1.9346 1.567-3.5016 3.5016-3.5016h26.853c1.9346 0 3.5016 1.567 3.5016 3.5016v21.017c0 1.9346-1.567 3.5016-3.5016 3.5016h-26.853c-1.9346 0-3.5016-1.567-3.5016-3.5016z" fill="#6851f6"/><path class="st1" d="m0.0071394 6.425c0-1.9346 1.5705-3.5016 3.5052-3.5016h26.853c1.9346 0 3.5016 1.567 3.5016 3.5016v21.017c0 1.9346-1.567 3.5016-3.5016 3.5016h-26.853c-1.9346 0-3.5016-1.567-3.5016-3.5016v-21.017z" fill="url(#SVGID_1_)"/><path class="st2" d="m15.373 29.312c0-0.83168 0.29626-1.6384 0.83524-2.2702l6.168-7.2388 0.19632 11.14h-7.1995z" fill="#bfd8ff"/><path d="m3.5016 2.9234c-1.9346 0-3.5016 1.567-3.5016 3.5016v0.68176h23.933c1.5063 0 2.7235 1.2207 2.7235 2.7235v13.914h7.1995v-17.319c0-1.9346-1.567-3.5016-3.5016-3.5016z" clip-rule="evenodd" fill="url(#SVGID_00000094620430057427565900000015311327790582914980_)" fill-rule="evenodd"/><path class="st4" d="m21.406 22.38c0-2.1488 1.7419-3.8907 3.8907-3.8907h8.563v12.454h-12.454z" fill="#fff"/><path class="st5" d="m24.811 26.496h1.2315c0.04997 0.21416 0.1749 0.40334 0.35337 0.53541 0.1749 0.13207 0.39264 0.19989 0.61394 0.18918 0.55683 0 0.92448-0.30697 0.92448-0.75672s-0.38193-0.69961-1.1386-0.69961h-0.48901v-1.0137h0.42476c0.73173 0 1.0316-0.26771 1.0316-0.67462 0-0.40334-0.32482-0.68176-0.77456-0.68176-0.19989-0.01071-0.39978 0.05354-0.54969 0.18561-0.15348 0.13207-0.24629 0.31768-0.26414 0.51757h-1.1886c0.04283-0.70674 0.59966-1.7205 1.9953-1.7205 1.1208 0 1.8954 0.63893 1.8954 1.5384 0 0.28912-0.08924 0.57111-0.26057 0.80312-0.17133 0.23201-0.41048 0.40691-0.68533 0.49258v0.01785c0.32125 0.05711 0.61037 0.22844 0.81383 0.48187 0.20346 0.25343 0.31054 0.57111 0.29983 0.89949 0 0.97445-0.89236 1.6169-2.0453 1.6169-1.2243 0.0071-2.0988-0.6889-2.1881-1.7312z" fill="#6d4aff"/><path class="st5" d="m31.197 22.473h0.89592v5.6718h-1.1565v-4.3511l-1.1137 0.75672v-1.1458z" fill="#6d4aff"/></g></svg>

docs/assets/img/cloud/mini/protondrive.svg

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><defs><linearGradient id="SVGID_00000019652434788841659490000008021016220503567533_" x1="-12.632" x2="1173" y1="1195.6" y2="-107.33" gradientTransform="matrix(.035706 0 0 -.035706 -1.6667e-6 30.985)" gradientUnits="userSpaceOnUse"><stop stop-color="#6D4AFF" offset="0"/><stop stop-color="#AE8CFF" offset=".3593"/><stop stop-color="#F8CCFF" offset="1"/></linearGradient><radialGradient id="SVGID_1_" cx="169.06" cy="788.93" r="1" gradientTransform="matrix(-21.468 43.868 68.249 33.399 -50186 -33775)" gradientUnits="userSpaceOnUse"><stop stop-color="#FF62C0" stop-opacity="0" offset=".5561"/><stop stop-color="#FF62C0" offset=".9944"/></radialGradient></defs><g stroke-width=".035705"><path class="st0" d="m-1.6667e-6 27.447v-21.023c0-1.9352 1.5675-3.5027 3.5027-3.5027h6.5698c0.66412 0 1.3104 0.21066 1.8424 0.60342l2.1994 1.6139c0.53559 0.39276 1.1819 0.60343 1.8424 0.60343h14.404c1.9352 0 3.5027 1.5675 3.5027 3.5027v18.199c0 1.9352-1.5675 3.5027-3.5027 3.5027h-26.858c-1.9352 4e-3 -3.5027-1.5639-3.5027-3.4991z" fill="#6851f6"/><path class="st1" d="m-1.6667e-6 27.447v-21.023c0-1.9352 1.5675-3.5027 3.5027-3.5027h6.5698c0.66412 0 1.3104 0.21066 1.8424 0.60342l2.1994 1.6139c0.53559 0.39276 1.1819 0.60343 1.8424 0.60343h14.404c1.9352 0 3.5027 1.5675 3.5027 3.5027v18.199c0 1.9352-1.5675 3.5027-3.5027 3.5027h-26.858c-1.9352 4e-3 -3.5027-1.5639-3.5027-3.4991z" fill="url(#SVGID_1_)"/><path d="m15.96 5.7414h14.404c1.9352 0 3.5027 1.5675 3.5027 3.5027v18.199c0 1.9352-1.5675 3.5027-3.5027 3.5027h-3.6991v-18.278c0-1.5103-1.2283-2.735-2.7422-2.7243l-13.265 0.075c-0.57129 4e-3 -1.1283-0.17138-1.596-0.50344l-2.9528-2.0995c-0.4606-0.32849-1.014-0.50345-1.5782-0.50345h-4.531v-0.48916c0-1.9352 1.5675-3.5027 3.5027-3.5027h6.5698c0.66412 0 1.3104 0.21066 1.8424 0.60342l2.1994 1.6139c0.53559 0.39276 1.1819 0.60343 1.846 0.60343z" clip-rule="evenodd" fill="url(#SVGID_00000019652434788841659490000008021016220503567533_)" fill-rule="evenodd"/></g></svg>

docs/assets/img/dns/pi-hole.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 89 130"><defs><linearGradient id="a" x1="0%" x2="100%" y1="49.975%" y2="49.975%"><stop offset="0%" stop-color="#12B212"/><stop offset="100%" stop-color="#0F0"/></linearGradient></defs><g fill="none" fill-rule="nonzero"><path fill="url(#a)" d="M36.56 39.93C20.34 38.2 4 25.94 2.71 0c25.17 0 38.63 14.9 39.93 38.51 4.76-28.32 27.07-25 27.07-25 1.06 16.05-12.12 25.78-27.07 26.59-4.2-8.85-29.36-30.56-29.36-30.56a.07.07 0 0 0-.11.08s24.28 21.15 23.39 30.31"/><path fill="#980200" d="M44.16 129.93c-1.57-.09-16.22-.65-17.11-17.11-.72-10 7.18-17.37 7.18-27.08C32.44 61.53 0 64.53 0 85.74a19.94 19.94 0 0 0 5.83 14.14L30 124.06a19.94 19.94 0 0 0 14.14 5.83"/><path fill="red" d="M88.32 85.75c-.09 1.57-.65 16.22-17.11 17.11-10 .72-17.38-7.18-27.08-7.18-24.21 1.79-21.21 34.22 0 34.22a19.94 19.94 0 0 0 14.14-5.83L82.46 99.9a19.94 19.94 0 0 0 5.83-14.14"/><path fill="#980200" d="M44.16 41.59c1.57.09 16.22.65 17.11 17.11.72 10-7.18 17.37-7.18 27.08 1.79 24.21 34.22 21.21 34.22 0a19.94 19.94 0 0 0-5.83-14.14L58.3 47.45a19.94 19.94 0 0 0-14.14-5.83"/><path fill="red" d="M.08 85.75c.09-1.57.65-16.22 17.11-17.11 10-.72 17.38 7.18 27.08 7.18 24.21-1.82 21.21-34.22 0-34.22a19.94 19.94 0 0 0-14.14 5.83L5.94 71.61A19.94 19.94 0 0 0 .11 85.75"/></g></svg>

docs/assets/img/email/mini/protonmail.svg

@@ -1 +1,15 @@
-<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 41 57"><g fill="#657ee4" fill-rule="evenodd"><path d="M38.66 34.466a2.976 2.976 0 0 0-3.008 0l-13.954 8.64a2.976 2.976 0 0 1-3.2 0l-13.954-8.64A2.976 2.976 0 0 0 0 36.994v16.77a2.975 2.975 0 0 0 2.976 2.976H37.22a2.976 2.976 0 0 0 2.976-2.976V37.058a2.976 2.976 0 0 0-1.536-2.592Z"/><path d="M40.196 19.296C39.766 8.516 30.902 0 20.114 0S.462 8.517.032 19.296v5.6a2.98 2.98 0 0 0 1.408 2.529l17.122 10.593a2.976 2.976 0 0 0 3.2 0l17.122-10.593a2.976 2.976 0 0 0 1.408-2.528v-5.6h-.096Zm-7.84 0v3.2c0 .725-.588 1.313-1.313 1.313H9.121a1.28 1.28 0 0 1-1.312-1.313v-3.2c0-6.77 5.488-12.257 12.257-12.257 6.77 0 12.257 5.488 12.257 12.257h.032Z"/></g></svg>
+<svg width="979" height="785" viewBox="0 0 979 785" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M0 22.5541C0 3.48617 22.2124 -6.94596 36.8738 5.23613L424.677 327.46C462.177 358.619 516.546 358.619 554.046 327.46L941.85 5.23618C956.511 -6.94591 978.723 3.48621 978.723 22.5541V683.7C978.723 739.646 933.393 785 877.476 785H101.247C45.3299 785 0 739.646 0 683.7V22.5541Z" fill="#6D4AFF"/>
+<path fill-rule="evenodd" clip-rule="evenodd" d="M621.492 271.42L621.546 271.464L426.244 444.071C392.975 473.475 343.246 474.216 309.116 445.817L0 188.604V22.5541C0 3.48617 22.2124 -6.94596 36.8738 5.23613L424.677 327.46C462.177 358.619 516.546 358.619 554.046 327.46L621.492 271.42Z" fill="url(#paint0_linear_6150_150885)"/>
+<path fill-rule="evenodd" clip-rule="evenodd" d="M770.604 147.526V785H877.476C933.393 785 978.723 739.642 978.723 683.699V22.5548C978.723 3.4868 956.51 -6.94715 941.849 5.23724L770.604 147.526Z" fill="url(#paint1_linear_6150_150885)"/>
+<defs>
+<linearGradient id="paint0_linear_6150_150885" x1="738.261" y1="384.02" x2="514.95" y2="-568.829" gradientUnits="userSpaceOnUse">
+<stop stop-color="#E2DBFF"/>
+<stop offset="1" stop-color="#6D4AFF"/>
+</linearGradient>
+<linearGradient id="paint1_linear_6150_150885" x1="1276.84" y1="1301.35" x2="514.868" y2="-325.532" gradientUnits="userSpaceOnUse">
+<stop offset="0.271019" stop-color="#E2DBFF"/>
+<stop offset="1" stop-color="#6D4AFF"/>
+</linearGradient>
+</defs>
+</svg>

docs/assets/img/email/protonmail.svg

@@ -1,2 +1,25 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<svg width="384" height="128" version="1.1" viewBox="0 0 101.6 33.867" xmlns="http://www.w3.org/2000/svg"><g transform="matrix(.84675 0 0 .84675 -.12751 9.4099)" fill="#657ee4" fill-rule="evenodd"><path d="m12.23 10.79a0.93 0.93 0 0 0-0.94 0l-4.36 2.7a0.93 0.93 0 0 1-1 0l-4.36-2.7a0.93 0.93 0 0 0-1.42 0.79v5.24c0 0.514 0.416 0.93 0.93 0.93h10.7a0.93 0.93 0 0 0 0.93-0.93v-5.22a0.93 0.93 0 0 0-0.48-0.81z"/><path d="m12.71 6.05a6.28 6.28 0 0 0-12.55 0v1.75c0 0.322 0.167 0.62 0.44 0.79l5.35 3.31a0.93 0.93 0 0 0 1 0l5.35-3.31a0.93 0.93 0 0 0 0.44-0.79v-1.75zm-2.45 0v1a0.41 0.41 0 0 1-0.41 0.41h-6.85a0.4 0.4 0 0 1-0.41-0.41v-1a3.83 3.83 0 0 1 7.66 0z"/><path d="m29.74 3.38a3.85 3.85 0 0 1 1.43 3.26 4 4 0 0 1-1.49 3.44 6.43 6.43 0 0 1-4 1.13h-1.76v5.18h-1.92v-14.1h3.7a6.56 6.56 0 0 1 4.04 1.09zm-1.53 5.62a2.75 2.75 0 0 0 0.89-2.35 2.57 2.57 0 0 0-0.89-2.19 4.15 4.15 0 0 0-2.55-0.68h-1.74v5.87h1.7a4.33 4.33 0 0 0 2.59-0.65zm10.9-3.52-0.35 1.84a3.87 3.87 0 0 0-0.94-0.12 2 2 0 0 0-1.62 0.74 5.46 5.46 0 0 0-1 2.29v6.16h-1.84v-10.79h1.64l0.18 2.19a4.09 4.09 0 0 1 1.15-1.79 2.61 2.61 0 0 1 1.67-0.64 4.38 4.38 0 0 1 1.11 0.12zm9.12 1.39a6.24 6.24 0 0 1 1.26 4.13 7.17 7.17 0 0 1-0.57 3 4.49 4.49 0 0 1-1.66 2 4.62 4.62 0 0 1-2.58 0.71 4.37 4.37 0 0 1-3.54-1.51 6.2 6.2 0 0 1-1.27-4.2 7.17 7.17 0 0 1 0.57-3 4.49 4.49 0 0 1 1.66-2 4.66 4.66 0 0 1 2.6-0.71 4.34 4.34 0 0 1 3.53 1.58zm-6.34 4.13c0 2.74 0.927 4.11 2.78 4.11s2.783-1.37 2.79-4.11c0-2.74-0.92-4.11-2.76-4.11s-2.777 1.37-2.81 4.11zm16.11 4.9a4.14 4.14 0 0 1-2.42 0.74 2.85 2.85 0 0 1-2.14-0.79 3.14 3.14 0 0 1-0.77-2.28v-6.51h-1.83v-1.46h1.88v-2.43l1.88-0.22v2.65h2.56l-0.16 1.46h-2.4v6.43a2 2 0 0 0 0.3 1.22 1.19 1.19 0 0 0 1 0.38 3.08 3.08 0 0 0 1.43-0.43zm9.26-9.03a6.24 6.24 0 0 1 1.26 4.13 7.17 7.17 0 0 1-0.57 3 4.49 4.49 0 0 1-1.66 2 4.62 4.62 0 0 1-2.58 0.71 4.37 4.37 0 0 1-3.54-1.51 6.2 6.2 0 0 1-1.27-4.2 7.17 7.17 0 0 1 0.57-3 4.49 4.49 0 0 1 1.66-2 4.66 4.66 0 0 1 2.6-0.71 4.34 4.34 0 0 1 3.53 1.58zm-6.33 4.13c0 2.74 0.927 4.11 2.78 4.11s2.78-1.37 2.78-4.11-0.92-4.11-2.76-4.11-2.773 1.37-2.8 4.11zm18.07-4.76a3.38 3.38 0 0 1 0.83 2.42v7.74h-1.83v-7.48a2.39 2.39 0 0 0-0.43-1.62 1.63 1.63 0 0 0-1.27-0.47 2.46 2.46 0 0 0-1.51 0.49 5.09 5.09 0 0 0-1.23 1.41v7.66h-1.93v-10.79h1.62l0.16 1.6a4.25 4.25 0 0 1 1.42-1.35 3.68 3.68 0 0 1 1.87-0.49 3 3 0 0 1 2.3 0.88zm17.34 10.15h-1.88l-0.46-6.39c-0.207-2.5-0.323-4.417-0.35-5.75l-3 10.52h-1.82l-3.21-10.54c0 1.707-0.09 3.68-0.27 5.92l-0.47 6.22h-1.88l1.17-14.1h2.62l3 10.25 2.82-10.25h2.64zm10.66-1.55c0.171 0.227 0.409 0.394 0.68 0.48l-0.43 1.31a2.87 2.87 0 0 1-1.35-0.47 2.15 2.15 0 0 1-0.76-1.15 3.62 3.62 0 0 1-3.14 1.63 3.45 3.45 0 0 1-2.52-0.9 3.15 3.15 0 0 1-0.92-2.35 3.09 3.09 0 0 1 1.24-2.64 5.79 5.79 0 0 1 3.51-0.92h1.66v-0.83a2.09 2.09 0 0 0-0.55-1.64 2.5 2.5 0 0 0-1.7-0.49 9.5 9.5 0 0 0-2.91 0.57l-0.47-1.37a10.85 10.85 0 0 1 3.72-0.74 3.89 3.89 0 0 1 2.84 0.93 3.56 3.56 0 0 1 0.94 2.65v4.93c-0.05 0.342 6e-3 0.69 0.16 1zm-2.11-1.3v-2.47h-1.41c-2 0-3 0.737-3 2.21a2 2 0 0 0 0.47 1.45c0.375 0.35 0.879 0.527 1.39 0.49a2.81 2.81 0 0 0 2.59-1.68zm7.68-12.75c0.245 0.243 0.379 0.575 0.37 0.92a1.21 1.21 0 0 1-0.37 0.91 1.32 1.32 0 0 1-1 0.36 1.29 1.29 0 0 1-0.94-0.36 1.22 1.22 0 0 1-0.37-0.91 1.25 1.25 0 0 1 0.37-0.92c0.25-0.247 0.59-0.38 0.94-0.37a1.3 1.3 0 0 1 1 0.37zm0 4.81v10.79h-1.88v-10.79zm4.43 10.4a2.41 2.41 0 0 1-0.6-1.75v-13l1.88-0.22v13.19a1.1 1.1 0 0 0 0.15 0.66 0.61 0.61 0 0 0 0.52 0.2 1.88 1.88 0 0 0 0.7-0.12l0.49 1.31a3.07 3.07 0 0 1-1.49 0.37 2.18 2.18 0 0 1-1.65-0.64z" fill-rule="nonzero"/></g></svg>
+<svg width="4611" height="785" viewBox="0 0 4611 785" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M3393.77 628.366V148.75H3518.26L3634.96 436.342C3645.32 460.412 3654.25 485.07 3661.71 510.19H3662.9C3670.4 485.085 3679.33 460.429 3689.65 436.342L3806.35 148.75H3930.84V628.366H3840.6V307.01C3840.5 296.426 3841 285.846 3842.09 275.318H3840.6C3837.85 286.656 3834.08 297.724 3829.35 308.392L3700.02 622.739H3625.48L3495.75 308.392C3491.08 297.627 3487.09 286.581 3483.8 275.318H3482.42C3483.42 285.852 3483.88 296.429 3483.8 307.01V628.366H3393.77Z" fill="#6D4AFF"/>
+<path d="M4239.47 311.946C4265.6 325.654 4287.2 346.641 4301.66 372.367C4317.16 400.305 4325 431.846 4324.37 463.788V628.367H4245.39L4239.76 579.003C4229.46 596.899 4214.34 611.54 4196.12 621.258C4176.6 631.406 4154.84 636.465 4132.84 635.969C4104.75 636.251 4077.14 628.732 4053.07 614.249C4028.72 599.465 4008.88 578.296 3995.71 553.038C3981.32 525.239 3974.1 494.293 3974.68 462.999C3974.29 432.197 3982.16 401.855 3997.49 375.131C4012.47 349.157 4034.24 327.756 4060.47 313.23C4087.63 298.137 4118.26 290.379 4149.33 290.72C4180.67 290.176 4211.66 297.473 4239.47 311.946V311.946ZM4210.54 533.391C4227.72 517.002 4236.21 493.9 4236.21 463.097C4237.29 437.923 4228.46 413.327 4211.62 394.581C4203.61 386.204 4193.97 379.537 4183.31 374.982C4172.65 370.428 4161.17 368.079 4149.57 368.079C4137.98 368.079 4126.5 370.428 4115.84 374.982C4105.17 379.537 4095.54 386.204 4087.52 394.581C4071.51 413.783 4062.74 437.995 4062.74 462.999C4062.74 488.002 4071.51 512.214 4087.52 531.417C4095.43 539.974 4105.06 546.75 4115.78 551.295C4126.51 555.84 4138.08 558.05 4149.72 557.777C4160.97 557.965 4172.15 555.905 4182.59 551.718C4193.03 547.53 4202.54 541.299 4210.54 533.391V533.391Z" fill="#6D4AFF"/>
+<path d="M4373.04 229.311C4367.73 224.46 4363.5 218.538 4360.64 211.935C4357.78 205.333 4356.35 198.199 4356.45 191.005C4356.37 183.756 4357.81 176.569 4360.66 169.905C4363.52 163.242 4367.73 157.247 4373.04 152.304C4383.53 141.862 4397.73 136 4412.53 136C4427.33 136 4441.53 141.862 4452.02 152.304C4457.29 157.267 4461.48 163.268 4464.32 169.928C4467.15 176.589 4468.58 183.765 4468.51 191.005C4468.6 198.189 4467.18 205.312 4464.34 211.911C4461.5 218.511 4457.3 224.439 4452.02 229.311C4441.41 239.519 4427.25 245.221 4412.53 245.221C4397.8 245.221 4383.65 239.519 4373.04 229.311ZM4457.05 628.366H4368.2V297.828H4457.05V628.366Z" fill="#6D4AFF"/>
+<path d="M4610.68 628.366H4521.82V148.75H4610.68V628.366Z" fill="#6D4AFF"/>
+<path d="M1549.54 147.559H1328V627.471H1415.77V508.406C1415.77 496.78 1420.39 485.631 1428.61 477.41C1436.83 469.19 1447.98 464.571 1459.6 464.571H1549.54C1591.44 464.571 1631.62 447.929 1661.24 418.305C1690.86 388.681 1707.51 348.502 1707.51 306.608C1707.65 285.773 1703.67 265.115 1695.8 245.824C1687.92 226.534 1676.31 208.992 1661.63 194.208C1646.94 179.425 1629.48 167.692 1610.25 159.686C1591.01 151.68 1570.38 147.558 1549.54 147.559ZM1618.65 305.522C1618.57 325.352 1610.63 344.341 1596.56 358.317C1582.49 372.293 1563.45 380.113 1543.62 380.061H1415.27V230.094H1543.62C1553.46 230.094 1563.2 232.033 1572.3 235.798C1581.39 239.564 1589.65 245.084 1596.61 252.042C1603.56 259 1609.08 267.261 1612.85 276.352C1616.62 285.444 1618.55 295.188 1618.55 305.028L1618.65 305.522Z" fill="#1B1340"/>
+<path d="M1721.33 627.476V437.13C1721.33 359.432 1766.74 297.53 1857.47 297.53C1872.06 297.319 1886.63 298.944 1900.81 302.367V380.757C1890.45 380.066 1881.07 380.066 1877.41 380.066C1829.33 380.066 1808.3 401.983 1808.3 446.707V627.476H1721.33Z" fill="#1B1340"/>
+<path d="M1926.88 465.96C1926.88 370.392 1999.05 297.531 2099.46 297.531C2199.86 297.531 2271.93 370.194 2271.93 465.96C2271.93 561.725 2199.76 635.079 2099.46 635.079C1999.15 635.079 1926.88 561.527 1926.88 465.96ZM2186.04 465.96C2186.04 411.66 2149.61 373.156 2099.46 373.156C2049.3 373.156 2012.77 411.66 2012.77 465.96C2012.77 520.26 2049.2 558.763 2099.46 558.763C2149.71 558.763 2186.04 520.951 2186.04 465.96Z" fill="#1B1340"/>
+<path d="M2524.87 373.845H2430.78V494.094C2430.78 536.053 2445.89 555.305 2489.13 555.305C2493.28 555.305 2503.64 555.305 2516.68 554.614V625.401C2500.15 630.24 2483.05 632.797 2465.83 633.003C2392.97 633.003 2343.41 588.971 2343.41 505.843V373.845H2285.06V304.736H2299.58C2311.2 304.736 2322.35 300.117 2330.57 291.897C2338.79 283.676 2343.41 272.526 2343.41 260.901V195.148H2430.78V304.439H2524.87V373.845Z" fill="#1B1340"/>
+<path d="M2551.03 465.96C2551.03 370.392 2623.2 297.531 2723.51 297.531C2823.81 297.531 2896.08 370.194 2896.08 465.96C2896.08 561.725 2823.91 635.079 2723.51 635.079C2623.1 635.079 2551.03 561.527 2551.03 465.96ZM2810.19 465.96C2810.19 411.66 2773.76 373.156 2723.51 373.156C2673.26 373.156 2636.92 411.66 2636.92 465.96C2636.92 520.26 2673.35 558.763 2723.51 558.763C2773.66 558.763 2810.19 520.951 2810.19 465.96Z" fill="#1B1340"/>
+<path d="M2941.4 627.477V443.944C2941.4 358.742 2995.7 297.531 3092.65 297.531C3189.6 297.531 3243.21 358.742 3243.21 443.944V627.477H3156.63V450.854C3156.63 403.367 3135.3 373.847 3092.65 373.847C3050 373.847 3028.77 403.465 3028.77 450.854V627.477H2941.4Z" fill="#1B1340"/>
+<path d="M0 22.5541C0 3.48617 22.2124 -6.94596 36.8738 5.23613L424.677 327.46C462.177 358.619 516.546 358.619 554.046 327.46L941.85 5.23618C956.511 -6.94591 978.723 3.48621 978.723 22.5541V683.7C978.723 739.646 933.393 785 877.476 785H101.247C45.3299 785 0 739.646 0 683.7V22.5541Z" fill="#6D4AFF"/>
+<path fill-rule="evenodd" clip-rule="evenodd" d="M621.492 271.42L621.546 271.464L426.244 444.071C392.975 473.475 343.246 474.216 309.116 445.817L0 188.604V22.5541C0 3.48617 22.2124 -6.94596 36.8738 5.23613L424.677 327.46C462.177 358.619 516.546 358.619 554.046 327.46L621.492 271.42Z" fill="url(#paint0_linear_6138_150267)"/>
+<path fill-rule="evenodd" clip-rule="evenodd" d="M770.604 147.526V785H877.476C933.393 785 978.723 739.642 978.723 683.699V22.5548C978.723 3.4868 956.51 -6.94715 941.849 5.23724L770.604 147.526Z" fill="url(#paint1_linear_6138_150267)"/>
+<defs>
+<linearGradient id="paint0_linear_6138_150267" x1="738.261" y1="384.02" x2="514.95" y2="-568.829" gradientUnits="userSpaceOnUse">
+<stop stop-color="#E2DBFF"/>
+<stop offset="1" stop-color="#6D4AFF"/>
+</linearGradient>
+<linearGradient id="paint1_linear_6138_150267" x1="1276.84" y1="1301.35" x2="514.868" y2="-325.532" gradientUnits="userSpaceOnUse">
+<stop offset="0.271019" stop-color="#E2DBFF"/>
+<stop offset="1" stop-color="#6D4AFF"/>
+</linearGradient>
+</defs>
+</svg>

docs/assets/img/search-engines/brave-search.svg

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><defs><linearGradient id="a" x1="31.064" x2="45.126" y1="56.825" y2="56.825" gradientTransform="scale(1.0331 .96797)" gradientUnits="userSpaceOnUse"><stop stop-color="#FFF" offset="0"/><stop stop-color="#F4F4F4" offset="1"/></linearGradient></defs><g transform="matrix(.43756 0 0 .43756 1.2096 2.8221)" fill="none" fill-rule="evenodd"><circle cx="32.25" cy="32.25" r="32.25" stroke="#a4a7ad" stroke-width="5.529"/><circle cx="69.106" cy="61.735" r="5.529" fill="#a4a7ad" fill-rule="nonzero"/><path d="m52.142 26.87-1.448-3.855 1.006-2.215a0.747 0.747 0 0 0-0.157-0.84l-2.736-2.715a4.483 4.483 0 0 0-4.591-1.047l-0.765 0.26-3.997-4.48h-14.697l-3.945 4.534-0.744-0.257a4.494 4.494 0 0 0-4.635 1.058l-2.785 2.765a0.592 0.592 0 0 0-0.124 0.67l1.051 2.298-1.44 3.853 0.932 3.474 4.247 15.832a8.055 8.055 0 0 0 3.182 4.519s5.156 3.566 10.244 6.804c0.448 0.285 0.916 0.494 1.418 0.486 0.502 7e-3 0.97-0.201 1.416-0.487a377.05 377.05 0 0 0 10.236-6.817 8.07 8.07 0 0 0 3.177-4.523l4.227-15.84 0.928-3.478z" fill="#fb542b"/><path d="m47.622 27.635-0.066 0.206-0.105 0.37c-0.424 0.502-0.864 0.991-1.319 1.466l-4.082 4.255c-0.444 0.462-0.695 1.043-0.442 1.627l0.551 1.331c0.253 0.584 0.278 1.551 0.035 2.2a3.922 3.922 0 0 1-1.227 1.689l-0.426 0.34c-0.503 0.402-1.393 0.507-1.979 0.234l-1.88-0.874a9.75 9.75 0 0 1-1.941-1.268l-1.779-1.568a0.798 0.798 0 0 1-0.044-1.162l4.333-2.865c0.537-0.355 0.821-1.012 0.516-1.573l-1.54-2.747c-0.306-0.56-0.428-1.305-0.272-1.655s0.78-0.82 1.387-1.045l5.029-1.832c0.606-0.225 0.574-0.457-0.072-0.517l-3.213-0.234c-0.646-0.06-1.12 0.032-1.744 0.203l-2.432 0.59c-0.625 0.171-0.757 0.822-0.64 1.446l1.004 5.334c0.117 0.624 0.175 1.253 0.128 1.398-0.047 0.144-0.603 0.377-1.236 0.518l-0.831 0.184c-0.633 0.141-1.669 0.147-2.303 0.015l-1.006-0.21c-0.635-0.132-1.192-0.359-1.239-0.503-0.048-0.144 9e-3 -0.774 0.127-1.398l0.997-5.335c0.117-0.624-0.016-1.275-0.641-1.445l-2.433-0.587c-0.624-0.17-1.098-0.26-1.744-0.201l-3.213 0.237c-0.646 0.06-0.678 0.292-0.071 0.517l5.031 1.826c0.607 0.224 1.231 0.694 1.388 1.044s0.035 1.094-0.269 1.654l-1.538 2.749c-0.304 0.56-0.019 1.217 0.519 1.572l4.336 2.861a0.799 0.799 0 0 1-0.042 1.162l-1.778 1.57c-0.594 0.5-1.245 0.926-1.94 1.27l-1.878 0.877c-0.586 0.273-1.476 0.169-1.979-0.231l-0.426-0.34a3.98 3.98 0 0 1-1.25-1.741c-0.223-0.596-0.2-1.562 0.052-2.147l0.55-1.331c0.252-0.585 1e-3 -1.165-0.444-1.627l-4.087-4.25a31.971 31.971 0 0 1-1.32-1.464l-0.106-0.37-0.066-0.207c-7e-3 -0.238 0.08-0.995 0.179-1.2 0.098-0.204 0.476-0.802 0.839-1.328l0.874-1.268c0.364-0.526 0.991-1.362 1.395-1.86l1.282-1.574c0.404-0.496 0.749-0.9 0.801-0.897 2e-3 -3e-3 0.525 0.093 1.162 0.212l1.942 0.365c0.636 0.12 1.339 0.251 1.561 0.292 0.221 0.041 0.908-0.085 1.525-0.281l1.396-0.443c0.687-0.216 1.38-0.407 2.08-0.575l0.489 7e-3 0.488-7e-3c0.7 0.166 1.393 0.357 2.08 0.571l1.398 0.442c0.617 0.195 1.303 0.321 1.525 0.28l1.288-0.243 0.272-0.052 1.942-0.367c0.636-0.12 1.159-0.216 1.197-0.213 0.017-3e-3 0.361 0.4 0.766 0.897l1.284 1.572c0.486 0.604 0.952 1.224 1.398 1.858l0.876 1.266c0.363 0.526 0.931 1.482 0.967 1.7 0.036 0.217 0.06 0.59 0.054 0.827zm-15.271 12.696c0.057 0 0.594 0.198 1.193 0.441l0.556 0.226c0.599 0.243 1.563 0.677 2.141 0.964l1.64 0.816c0.578 0.287 0.62 0.825 0.092 1.195l-1.399 0.98c-0.633 0.45-1.247 0.926-1.842 1.426l-0.465 0.397-1.3 1.111c-0.484 0.415-1.269 0.416-1.744 6e-3 -0.58-0.502-1.163-1.001-1.749-1.497a28.88 28.88 0 0 0-1.847-1.414l-1.394-0.964c-0.53-0.367-0.493-0.907 0.082-1.2l1.649-0.841c0.7-0.351 1.412-0.677 2.135-0.977l0.556-0.226c0.598-0.243 1.135-0.443 1.192-0.443z" fill="url(#a)"/></g></svg>

docs/assets/img/search-engines/mini/mojeek.svg

@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve" viewBox="0 0 918.886 564.459"><defs><path id="a" d="M897.19 484.072h841.89v595.276H897.19z"/></defs><clipPath id="b"><use xlink:href="#a" overflow="visible"/></clipPath><path fill="#7AB93C" d="M1209.006 794.563c-2.889 0-4.492-1.925-4.492-6.257 0-4.331 2.672-22.802 3.703-31.273 1.916-15.733-7.154-27.134-20.309-27.134-10.424 0-18.377 4.122-24.612 10.76-4.231-6.398-8.983-10.76-18.229-10.76-9.004 0-14.588 3.299-20.086 8.586-2.955-5.809-8.225-8.586-16.104-8.586-6.538 0-15.322 3.279-20.597 6.525l5.875 13.299c4.002-2.227 7.281-3.91 10.101-3.91 3.087 0 4.921 2.226 4.409 6.881-.494 4.493-5.94 55.987-5.94 55.987h17.724s3.479-33.052 4.705-42.995c1.437-11.653 7.08-19.031 15.121-19.031 7.06 0 9.463 5.555 8.957 12.05-.441 5.656-5.588 49.977-5.588 49.977h17.823s3.935-36.743 5.163-45.849c1.598-11.826 9.227-16.178 14.012-16.178 7.868 0 10.262 6.438 9.524 12.535-.599 4.967-2.729 22.455-3.38 31.531-.801 11.222 4.492 19.564 14.52 19.564 6.578 0 13.15-1.875 17.836-4.553l-3.84-13.156c-2.229.965-4.343 1.987-6.296 1.987M1298.631 803.519c-.667 6.565-2.793 9.854-7.759 9.854-2.435 0-5.452-1.002-8.189-2.125l-6.618 15.23c3.631 2.23 11.992 4.011 17.287 4.011 17.166 0 21.497-13.064 23.424-30.712 1.282-12.513 6.981-68.905 6.981-68.905l-18.138 5.145c.001-.001-5.884 56.626-6.988 67.502M1318.053 695.017c-6.881 0-11.783 5.764-12.221 11.856-.439 6.096 3.634 11.858 10.515 11.858 6.278 0 11.783-5.763 12.222-11.858.438-6.092-4.237-11.856-10.516-11.856M1365.962 794.563c-8.629 0-13.677-6.34-15.25-15.156 28.4 1.965 44.107-9.805 44.107-27.117 0-13.957-12.875-22.22-24.546-22.22-22.621 0-38.452 18.69-38.452 43.478 0 22.019 11.6 36.737 31.609 36.737 12.738 0 23.287-5.774 31.497-16.215l-9.434-10.597c-5.81 5.761-11.61 11.09-19.531 11.09m3.83-49.26c4.974 0 7.601 3.216 7.601 7.234 0 10.586-13.015 15.135-26.628 14.498 2.215-11.558 10.402-21.732 19.027-21.732M1436.418 794.563c-8.629 0-13.677-6.34-15.25-15.156 28.4 1.965 44.107-9.805 44.107-27.117 0-13.957-12.874-22.22-24.547-22.22-22.619 0-38.451 18.69-38.451 43.478 0 22.019 11.601 36.737 31.609 36.737 12.738 0 23.287-5.774 31.498-16.215l-9.435-10.597c-5.81 5.761-11.61 11.09-19.531 11.09m3.831-49.26c4.974 0 7.601 3.216 7.601 7.234 0 10.586-13.015 15.135-26.627 14.498 2.213-11.558 10.4-21.732 19.026-21.732M1537.646 793.276c-2.09.823-3.927 1.287-6.076 1.287-6.146 0-8.866-5.145-11.388-11.149-1.963-4.677-5.573-14.448-8.574-22.942l27.906-28.797h-21.549c-4.902 4.803-17.541 17.477-23.986 23.947l5.877-57.879-17.893 5.144s-9.643 94.489-10.747 105.366h17.409c.37-3.607 1.461-14.322 2.824-27.738l6.751-7.013c2.084 5.337 4.375 11.784 5.904 15.651 5.209 13.172 10.729 21.133 22.744 21.133 4.685 0 10.344-1.401 14.664-3.596l-3.866-13.414zM1290.075 766.729c0-18.651-11.357-36.642-32.453-36.642-21.782 0-37.321 19.022-37.321 43.539 0 23.661 12.694 36.659 31.625 36.659 24.587.001 38.149-21.389 38.149-43.556m-37.379 27.725c-7.588 0-13.461-6.568-13.461-19.704 0-17.086 8.158-28.957 18.387-28.957 9.465 0 13.393 11.371 13.393 21.979-.001 16.283-9.063 26.682-18.319 26.682" clip-path="url(#b)"/><path fill="#7AB93C" d="M847.721 454.06c-20.283 0-31.543-13.517-31.543-43.936 0-30.411 18.762-160.11 26.003-219.596C855.635 80.055 791.945 0 699.579 0 626.385 0 570.54 28.944 526.755 75.553 497.043 30.628 463.676 0 398.751 0c-63.22 0-102.43 23.165-141.037 60.289C236.966 19.505 199.96 0 144.629 0 98.72 0 37.039 23.023 0 45.816l41.259 93.382c28.094-15.63 51.128-27.453 70.921-27.453 21.677 0 34.554 15.628 30.961 48.316-3.469 31.55-41.713 393.131-41.713 393.131h124.455s24.423-232.082 33.032-301.903c10.09-81.827 49.715-133.634 106.184-133.634 49.567 0 66.443 39.001 62.891 84.613-3.1 39.716-39.237 350.924-39.237 350.924h125.152s27.627-258.003 36.253-321.939c11.219-83.044 64.788-113.598 98.388-113.598 55.249 0 72.057 45.201 66.879 88.02-4.203 34.876-19.166 157.676-23.732 221.407-5.624 78.796 31.542 137.377 101.954 137.377 46.188 0 92.339-13.165 125.239-31.969l-26.963-92.379c-15.647 6.769-30.487 13.949-44.202 13.949"/></svg>

docs/assets/img/search-engines/mini/startpage-dark.svg

@@ -1,2 +1 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><g transform="matrix(.19188 0 0 .19188 1.8154 -.041429)"><path d="m0 66c9.1-1.689 18.762-2.603 28-3 1.3-6.296 2.83-12.681 6.637-18 12.41-17.336 35.46-21.755 52.348-8.18 4.758 3.824 8.195 8.636 10.702 14.18 1.25 2.766 1.778 7.917 4.743 9.397 2.391 1.193 5.985 0.603 8.57 0.603h18c-0.765-9.68-3.251-18.41-7.746-27-3.625-6.928-8.506-12.621-14.254-17.907-27.108-24.928-71.206-19.409-93.482 8.907-9.2 11.694-13.516 26.28-13.518 41z" fill="#6573ff"/><path d="m31 78-28 4c4.827 28.032 34.279 46.374 61 46.985 6.392 0.147 12.879-0.875 19-2.706 3.615-1.082 7.401-3.328 10.91-0.857 4.873 3.431 8.736 9.974 12.479 14.578 8.384 10.313 16.507 21.03 25.415 30.895 5.86 6.49 16.56 8.54 22.624 0.997 6.851-8.522 1.213-16.864-4.429-23.892-7.829-9.752-15.941-19.274-23.802-29-2.905-3.594-8.756-8.367-9.754-13-0.773-3.585 3.251-7.965 4.8-11 3.582-7.016 6.129-14.106 6.757-22h-18c-2.679 0-6.219-0.551-8.722 0.603-2.735 1.262-3.591 4.968-4.958 7.397-2.422 4.304-5.475 8.37-9.335 11.482-19.184 15.47-45.75 7.058-55.985-14.482z" fill="#e5e8ff"/></g></svg>
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 109 122"><g fill="none" fill-rule="nonzero"><path fill="#6573FF" d="M19.61 43.202c.468-12.964 10.896-23.35 23.862-23.767 12.966-.417 24.04 9.28 25.338 22.187 6.56.067 13.113.247 19.66.54C87.332 18.182 67.285-.518 43.284.011 19.284.54.08 20.106 0 44.112v.89a577.397 577.397 0 0 1 19.61-1.8Z"/><path fill="#E5E8FF" d="m78.68 71.932.2-.25a43.63 43.63 0 0 0 9.27-21.83c-6.667-.04-13.333.037-20 .23a24.68 24.68 0 0 1-46.8 3.29c-6.6.74-13.193 1.594-19.78 2.56 5.337 19.169 22.792 32.433 42.69 32.44A43.8 43.8 0 0 0 63 84.202l.28-.13.2.24 27.52 33.3a9.76 9.76 0 0 0 7.55 3.55 9.88 9.88 0 0 0 6.24-2.24c4.159-3.453 4.74-9.62 1.3-13.79l-27.41-33.2Z"/></g></svg>

docs/assets/img/search-engines/mini/startpage.svg

@@ -1,2 +1 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><g transform="matrix(.19188 0 0 .19188 1.8154 -.041429)"><path d="m0 66c9.1-1.689 18.762-2.603 28-3 1.3-6.296 2.83-12.681 6.637-18 12.41-17.336 35.46-21.755 52.348-8.18 4.758 3.824 8.195 8.636 10.702 14.18 1.25 2.766 1.778 7.917 4.743 9.397 2.391 1.193 5.985 0.603 8.57 0.603h18c-0.765-9.68-3.251-18.41-7.746-27-3.625-6.928-8.506-12.621-14.254-17.907-27.108-24.928-71.206-19.409-93.482 8.907-9.2 11.694-13.516 26.28-13.518 41z" fill="#6573ff"/><path d="m31 78-28 4c4.827 28.032 34.279 46.374 61 46.985 6.392 0.147 12.879-0.875 19-2.706 3.615-1.082 7.401-3.328 10.91-0.857 4.873 3.431 8.736 9.974 12.479 14.578 8.384 10.313 16.507 21.03 25.415 30.895 5.86 6.49 16.56 8.54 22.624 0.997 6.851-8.522 1.213-16.864-4.429-23.892-7.829-9.752-15.941-19.274-23.802-29-2.905-3.594-8.756-8.367-9.754-13-0.773-3.585 3.251-7.965 4.8-11 3.582-7.016 6.129-14.106 6.757-22h-18c-2.679 0-6.219-0.551-8.722 0.603-2.735 1.262-3.591 4.968-4.958 7.397-2.422 4.304-5.475 8.37-9.335 11.482-19.184 15.47-45.75 7.058-55.985-14.482z" fill="#202945"/></g></svg>
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 109 122"><g fill="none" fill-rule="nonzero"><path fill="#6573FF" d="M19.61 43.202c.468-12.964 10.896-23.35 23.862-23.767 12.966-.417 24.04 9.28 25.338 22.187 6.56.067 13.113.247 19.66.54C87.332 18.182 67.285-.518 43.284.011 19.284.54.08 20.106 0 44.112v.89a577.397 577.397 0 0 1 19.61-1.8Z"/><path fill="#212649" d="m78.68 71.932.2-.25a43.63 43.63 0 0 0 9.27-21.83c-6.667-.04-13.333.037-20 .23a24.68 24.68 0 0 1-46.8 3.29c-6.6.74-13.193 1.594-19.78 2.56 5.337 19.169 22.792 32.433 42.69 32.44A43.8 43.8 0 0 0 63 84.202l.28-.13.2.24 27.52 33.3a9.76 9.76 0 0 0 7.55 3.55 9.88 9.88 0 0 0 6.24-2.24c4.159-3.453 4.74-9.62 1.3-13.79l-27.41-33.2Z"/></g></svg>

docs/assets/img/search-engines/mojeek.svg

@@ -1,2 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<svg width="384" height="128" version="1.1" viewBox="0 0 101.6 33.867" xmlns="http://www.w3.org/2000/svg"><g transform="matrix(.22417 0 0 .22417 -9.1709e-7 1.6305)" style="clip-rule:evenodd;fill-rule:evenodd;stroke-linejoin:round;stroke-miterlimit:2"><path d="m120.73 100.08c-2.888 0-4.492-1.924-4.492-6.256 0-4.331 2.672-22.802 3.703-31.273 1.916-15.733-7.154-27.134-20.31-27.134-10.422 0-18.375 4.121-24.612 10.759-4.231-6.397-8.984-10.759-18.229-10.759-9.004 0-14.587 3.299-20.085 8.585-2.956-5.807-8.226-8.585-16.105-8.585-6.539 0-15.323 3.279-20.597 6.524l5.875 13.299c4.001-2.226 7.282-3.91 10.101-3.91 3.087 0 4.921 2.226 4.408 6.882-0.494 4.492-5.939 55.986-5.939 55.986h17.724s3.478-33.052 4.704-42.995c1.436-11.653 7.08-19.031 15.122-19.031 7.058 0 9.463 5.555 8.956 12.05-0.442 5.657-5.588 49.976-5.588 49.976h17.824s3.933-36.742 5.163-45.848c1.596-11.826 9.225-16.178 14.011-16.178 7.869 0 10.262 6.437 9.525 12.536-0.599 4.967-2.731 22.454-3.38 31.531-0.801 11.221 4.493 19.564 14.52 19.564 6.578 0 13.15-1.875 17.836-4.553l-3.84-13.156c-2.229 0.964-4.342 1.986-6.295 1.986z" style="fill-rule:nonzero;fill:#79ba3a"/><path d="m210.35 109.03c-0.667 6.566-2.793 9.854-7.759 9.854-2.434 0-5.452-1.002-8.189-2.125l-6.618 15.23c3.631 2.231 11.992 4.011 17.287 4.011 17.166 0 21.497-13.065 23.423-30.712 1.283-12.512 6.982-68.905 6.982-68.905l-18.138 5.145s-5.883 56.626-6.988 67.502z" style="fill-rule:nonzero;fill:#79ba3a"/><path d="m229.77 0.53c-6.881 0-11.783 5.763-12.221 11.857-0.439 6.094 3.634 11.858 10.515 11.858 6.278 0 11.783-5.764 12.222-11.858 0.438-6.094-4.238-11.857-10.516-11.857z" style="fill-rule:nonzero;fill:#79ba3a"/><path d="m281.51 50.816c4.974 0 7.601 3.216 7.601 7.234 0 10.586-13.015 15.136-26.628 14.499 2.216-11.56 10.401-21.733 19.027-21.733zm-3.83 49.259c-8.629 0-13.677-6.339-15.25-15.155 28.4 1.965 44.108-9.806 44.108-27.118 0-13.957-12.875-22.22-24.546-22.22-22.621 0-38.453 18.691-38.453 43.477 0 22.019 11.6 36.739 31.61 36.739 12.738 0 23.287-5.776 31.497-16.216l-9.434-10.596c-5.811 5.76-11.611 11.089-19.532 11.089z" style="fill-rule:nonzero;fill:#79ba3a"/><path d="m351.97 50.816c4.974 0 7.601 3.216 7.601 7.234 0 10.586-13.015 15.136-26.627 14.499 2.215-11.56 10.4-21.733 19.026-21.733zm-3.83 49.259c-8.629 0-13.677-6.339-15.25-15.155 28.401 1.965 44.108-9.806 44.108-27.118 0-13.957-12.874-22.22-24.546-22.22-22.62 0-38.452 18.691-38.452 43.477 0 22.019 11.6 36.739 31.609 36.739 12.738 0 23.287-5.776 31.498-16.216l-9.435-10.596c-5.811 5.76-11.611 11.089-19.532 11.089z" style="fill-rule:nonzero;fill:#79ba3a"/><path d="m449.37 98.788c-2.09 0.824-3.927 1.287-6.076 1.287-6.147 0-8.867-5.144-11.388-11.149-1.963-4.676-5.573-14.448-8.574-22.942l27.906-28.797h-21.549c-4.902 4.803-17.541 17.476-23.986 23.947 2.904-28.595 5.877-57.878 5.877-57.878l-17.893 5.144s-9.642 94.487-10.747 105.36h17.409c0.37-3.607 1.461-14.32 2.824-27.736l6.751-7.014c2.084 5.338 4.375 11.784 5.905 15.651 5.209 13.172 10.729 21.133 22.744 21.133 4.684 0 10.344-1.401 14.664-3.596z" style="fill-rule:nonzero;fill:#79ba3a"/><path d="m164.42 99.966c-7.589 0-13.461-6.568-13.461-19.704 0-17.086 8.158-28.957 18.386-28.957 9.465 0 13.393 11.371 13.393 21.979 0 16.284-9.062 26.682-18.318 26.682zm37.379-27.725c0-18.651-11.358-36.641-32.454-36.641-21.782 0-37.322 19.023-37.322 43.539 0 23.661 12.695 36.659 31.626 36.659 24.588 0 38.15-21.389 38.15-43.557z" style="fill-rule:nonzero;fill:#79ba3a"/></g></svg>

docs/assets/img/video-streaming/librarian-dark.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 443 301"><g fill="none" fill-rule="evenodd" transform="translate(7 8)"><path stroke="#FFF" stroke-width="13.479" d="m46.85 153.335 147.023 71.613 200.843-128.54L204.251 0 0 126.961v62.287l194.722 95.724 205.043-128.999"/><ellipse cx="406.752" cy="145.787" fill="#1E88E5" fill-opacity=".997" fill-rule="nonzero" rx="28.441" ry="30.31"/></g></svg>

docs/assets/img/video-streaming/librarian.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 443 301"><g fill="none" fill-rule="evenodd" transform="translate(7 8)"><path stroke="#000007" stroke-width="13.479" d="m46.85 153.335 147.023 71.613 200.843-128.54L204.251 0 0 126.961v62.287l194.722 95.724 205.043-128.999"/><ellipse cx="406.752" cy="145.787" fill="#1E88E5" fill-opacity=".997" fill-rule="nonzero" rx="28.441" ry="30.31"/></g></svg>

docs/assets/img/vpn/mini/protonvpn.svg

@@ -1 +1,2 @@
-<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 59 64"><path fill="#56B366" fill-rule="nonzero" d="M58.45 7.096a7.14 7.14 0 0 0-14.282 0v.222L13.046 17.365a7.14 7.14 0 1 0-5.75 11.153 7.046 7.046 0 0 0 2.18-.38l20.442 25.814a7.14 7.14 0 1 0 11.216-2.623l10.869-37.123a7.109 7.109 0 0 0 6.445-7.11h.001Zm-22.086 42.37a7.077 7.077 0 0 0-3.16.79L13.238 24.98c.555-.902.9-1.917 1.011-2.97l31.785-10.142a7.14 7.14 0 0 0 1.106 1.011L36.396 49.466h-.032Z"/></svg>
+<?xml version="1.0" encoding="UTF-8"?>
+<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><defs><clipPath id="SVGID_00000142168627081468672430000006527680084326249886_"><use xlink:href="#SVGID_1_"/></clipPath><linearGradient id="SVGID_00000088853459014864040730000009902632102805990829_" x1="536.6" x2="292.94" y1="1113.2" y2="64.084" gradientTransform="matrix(1,0,0,-1,0,788)" gradientUnits="userSpaceOnUse"><stop stop-color="#24ECC6" stop-opacity="0" offset=".4799"/><stop stop-color="#24ECC6" offset=".9944"/></linearGradient><linearGradient id="SVGID_00000075863372972845837890000016599907698185993344_" x1="759.68" x2="219.42" y1="79.312" y2="1003.2" gradientTransform="matrix(1,0,0,-1,0,788)" gradientUnits="userSpaceOnUse"><stop stop-color="#ABFFEF" offset=".066012"/><stop stop-color="#CAC9FF" offset=".4499"/><stop stop-color="#6D4AFF" offset="1"/></linearGradient><rect id="SVGID_1_" width="862" height="787"/></defs><g transform="matrix(.039294 0 0 .039294 3.7235e-7 1.4686)"><clipPath><use xlink:href="#SVGID_1_"/></clipPath><g clip-path="url(#SVGID_00000142168627081468672430000006527680084326249886_)"><path class="st1" d="m346.1 740.3c32.8 59.3 116.9 62.6 154 5.9l346.7-528.4c36.8-56 1.6-131.2-65-138.8l-681.4-78.1c-72.7-8.3-124.4 68.9-89.1 132.9z" clip-rule="evenodd" fill="#6851f6" fill-rule="evenodd"/><path d="m346.3 740.3c32.8 59.3 116.9 62.6 154 5.9l346.7-528.4c36.8-56 1.6-131.2-65-138.8l-681.4-78.2c-72.7-8.3-124.4 68.9-89 132.9z" clip-rule="evenodd" fill="url(#SVGID_00000088853459014864040730000009902632102805990829_)" fill-rule="evenodd"/><path d="m396.4 638.7-30.8 46.3c-12.5 18.7-40.4 17.6-51.2-2.1l31.7 57.5c5.7 10.2 12.8 18.8 21.1 25.7 39.3 33 102.2 27.1 133-19.8l346.7-528.4c36.8-56 1.6-131.2-65-138.8l-681.5-78.2c-72.7-8.4-124.4 68.9-89.1 132.9l2.7 4.9 580.1 67.1c37 4.3 56.5 46 36 77.1z" fill="url(#SVGID_00000075863372972845837890000016599907698185993344_)"/></g></g></svg>

docs/assets/img/vpn/protonvpn.svg

@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<svg width="384" height="128" version="1.1" viewBox="0 0 101.6 33.867" xmlns="http://www.w3.org/2000/svg"><g transform="translate(0 -263.13)"><g transform="matrix(.072143 0 0 .072143 -44.234 303.31)" fill="#56b366" stroke-width="11.587"><path class="cls-3" d="m827.51-413.3a26.188 26.188 0 0 0-52.375 0v0.81114l-114.14 36.848a26.187 26.187 0 1 0-21.089 40.903 25.84 25.84 0 0 0 7.9953-1.3905l74.97 94.669a26.187 26.187 0 1 0 41.135-9.6176l39.861-136.15a26.072 26.072 0 0 0 23.638-26.072zm-80.996 155.39a25.956 25.956 0 0 0-11.587 2.8968l-73.232-92.699a25.956 25.956 0 0 0 3.708-10.892l116.57-37.196a26.187 26.187 0 0 0 4.0559 3.708l-39.397 134.18z"/><path class="cls-4" d="m904.22-406.81h62.572c31.981 0 54.113 18.076 54.113 48.088 0 31.981-23.175 49.131-55.503 49.131h-39.05v67.786h-22.016zm22.016 78.678h38.123c22.48 0 33.951-10.892 33.951-30.127 0-19.235-13.789-30.127-33.14-30.127h-38.818z"/><path class="cls-4" d="m1045.5-329.29v-32.676h20.394c0 3.3604 0.6954 12.746 0.6954 24.449a42.062 42.062 0 0 1 40.324-27.23v20.626c-24.681 0.69524-40.324 13.789-40.324 44.148v57.937h-21.089z"/><path class="cls-4" d="m1229.8-302.29c0 34.762-19.93 63.267-56.662 63.267-34.762 0-55.272-26.535-55.272-62.804 0-36.269 20.394-63.035 56.662-63.035 33.14 0 55.272 24.913 55.272 62.572zm-90.614 0c0 26.535 13.325 45.77 34.762 45.77 21.437 0 34.762-18.308 34.762-45.538 0-27.23-12.282-45.77-34.762-45.77-22.48 0-34.646 18.54-34.646 45.77z"/><path class="cls-4" d="m1241.5-362.2h20.857v-35.342h20.626v35.342h26.535v16.802h-26.535v70.451c0 11.587 2.897 17.845 13.789 17.845a54.924 54.924 0 0 0 10.429-0.92699v15.643a55.504 55.504 0 0 1-18.076 2.0857c-18.772 0-26.767-9.7334-26.767-29.664v-75.202h-20.857z"/><path class="cls-4" d="m1434.3-302.29c0 34.762-19.93 63.267-56.662 63.267-34.762 0-55.272-26.535-55.272-62.804 0-36.269 20.394-63.035 56.662-63.035 33.372 0 55.272 24.913 55.272 62.572zm-90.613 0c0 26.535 13.325 45.77 34.762 45.77 21.437 0 34.762-18.308 34.762-45.538 0-27.23-12.283-45.77-34.762-45.77-22.48 0-34.762 18.54-34.762 45.77z"/><path class="cls-4" d="m1461.3-331.61v-30.359h20.162a181.69 181.69 0 0 1 0.927 19.699 37.659 37.659 0 0 1 37.659-22.48c23.175 0 40.324 13.789 40.324 45.77v77.288h-20.858v-74.739c0-18.308-7.0681-30.359-25.376-30.359-23.175 0-31.749 17.265-31.749 41.483v63.499h-20.857z"/><path class="cls-4" d="m1628.1-241.81-60.023-165h23.175l28.969 82.27c8.5745 24.218 17.033 48.551 20.625 63.731 3.592-13.557 12.746-39.165 21.553-63.035l30.359-82.966h22.48l-62.108 165z"/><path class="cls-4" d="m1740.7-406.81h62.572c31.981 0 54.113 18.076 54.113 48.088 0 31.981-23.175 49.131-55.504 49.131h-39.166v67.786h-22.016zm22.016 78.678h38.123c22.479 0 33.951-10.892 33.951-30.127 0-19.235-13.789-30.127-33.256-30.127h-38.934z"/><path class="cls-4" d="m1888.9-241.81v-165h28.968c23.175 38.702 75.202 120.74 84.356 139.05-1.622-21.089-1.3905-47.161-1.3905-73.928v-65.121h20.626v165h-26.999c-21.784-35.805-75.434-123.99-85.631-142.52 1.1586 18.772 1.1586 46.35 1.1586 76.593v65.932z"/></g></g></svg>
+<svg width="384" height="128" version="1.1" viewBox="0 0 101.6 33.867" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><defs><clipPath id="SVGID_00000124143326424118090040000000686822535870151078_"><use xlink:href="#SVGID_1_"/></clipPath><linearGradient id="SVGID_00000083796956185287615240000010885015769944861357_" x1="536.48" x2="292.82" y1="1113.2" y2="64.084" gradientTransform="matrix(1,0,0,-1,0,788)" gradientUnits="userSpaceOnUse"><stop stop-color="#24ECC6" stop-opacity="0" offset=".4799"/><stop stop-color="#24ECC6" offset=".9944"/></linearGradient><linearGradient id="SVGID_00000005978595599017039650000002259067875620926859_" x1="759.68" x2="219.42" y1="79.312" y2="1003.2" gradientTransform="matrix(1,0,0,-1,0,788)" gradientUnits="userSpaceOnUse"><stop stop-color="#ABFFEF" offset=".066012"/><stop stop-color="#CAC9FF" offset=".4499"/><stop stop-color="#6D4AFF" offset="1"/></linearGradient><rect id="SVGID_1_" width="4520" height="787"/></defs><g transform="matrix(.022482 0 0 .022482 -.00026509 8.0851)"><clipPath><use xlink:href="#SVGID_1_"/></clipPath><g clip-path="url(#SVGID_00000124143326424118090040000000686822535870151078_)"><g fill="#6d4aff"><path class="st1" d="m3909.1 150h-223.4v483.9h88.5v-120.5c0-11.7 4.7-23 13-31.3s19.5-12.9 31.2-12.9h90.7c42.2 0 82.7-16.8 112.6-46.6 29.9-29.9 46.7-70.4 46.7-112.6 0.1-21-4-41.8-11.9-61.2-8-19.4-19.7-37-34.5-51.9s-32.4-26.7-51.8-34.7c-19.4-8.1-40.2-12.2-61.1-12.2zm69.6 158.8c0 9.9-1.9 19.7-5.8 28.9-3.8 9.2-9.4 17.5-16.4 24.5s-15.4 12.6-24.5 16.3c-9.2 3.8-19 5.7-28.9 5.7h-129.4v-150.8h129.4c10 0 19.8 2 29 5.8s17.5 9.4 24.5 16.5c7 7 12.6 15.4 16.3 24.6 3.8 9.2 5.7 19.1 5.6 29z"/><path class="st1" d="m3374.9 632.1-178.3-483.5h100.7l117.3 346c4.6 12.4 7.9 25.2 9.9 38.2h1c1.4-13.2 4.8-26 9.9-38.2l117.6-346h101.3l-179.2 483.5z"/><path class="st1" d="m4101.3 632.1v-483.5h77.5l228.3 299.9c8.2 10.3 15.3 21.5 21.3 33.2h1.4c-1.5-14.6-2.3-29.2-2.2-43.9v-289.2h91.5v483.5h-77.5l-228.9-299.9c-8.1-10.4-15.2-21.5-21.2-33.2h-0.8c1.2 14.6 1.7 29.2 1.5 43.9v289.3h-90.9z"/></g><g fill="#1b1340"><path class="st2" d="m1434.2 147.2h-223.4v483.9h88.5v-120.5c0-11.7 4.7-23 12.9-31.3 8.3-8.3 19.5-12.9 31.2-12.9h90.7c42.2 0 82.7-16.8 112.6-46.6s46.6-70.4 46.6-112.6c0.1-21-4-41.8-11.9-61.2-8-19.4-19.7-37-34.5-51.9s-32.4-26.7-51.8-34.7c-19.2-8.1-39.9-12.2-60.9-12.2zm69.7 158.8c0 9.9-1.9 19.7-5.8 28.9-3.8 9.2-9.4 17.5-16.4 24.5s-15.3 12.6-24.5 16.3c-9.2 3.8-19 5.7-28.9 5.7h-129.4v-150.8h129.4c9.9 0 19.8 2 29 5.8s17.5 9.4 24.5 16.5c7 7 12.6 15.4 16.3 24.6 3.8 9.2 5.7 19.1 5.6 29z"/><path class="st2" d="m1607.4 631.3v-192c0-78.3 45.8-140.6 137.3-140.6 14.7-0.2 29.4 1.4 43.7 4.8v79c-10.4-0.7-19.9-0.7-23.6-0.7-48.5 0-69.7 22.2-69.7 67.2v182.4h-87.7z"/><path class="st2" d="m1814.6 468.3c0-96.3 72.8-169.7 174-169.7s173.9 73.5 173.9 169.7c0 96.3-72.8 170.5-173.9 170.5s-174-74.1-174-170.5zm261.3 0c0-54.7-36.7-93.6-87.3-93.6s-87.4 38.8-87.4 93.6c0 54.7 36.7 93.6 87.4 93.6s87.3-38.1 87.3-93.6z"/><path class="st2" d="m2417.5 375.4h-94.9v121.3c0 42.3 15.2 61.6 58.8 61.6 4.2 0 14.6 0 27.8-0.7v71.5c-16.7 4.8-33.9 7.3-51.3 7.6-73.5 0-123.4-44.3-123.4-128.2v-133.1h-58.8v-69.7h14.6c11.7 0 23-4.7 31.2-12.9 8.3-8.3 12.9-19.5 12.9-31.2v-66.3h88.1v110.2h94.9v69.9z"/><path class="st2" d="m2443.9 468.3c0-96.3 72.8-169.7 173.9-169.7s174 73.5 174 169.7c0 96.3-72.8 170.5-174 170.5s-173.9-74.1-173.9-170.5zm261.3 0c0-54.7-36.7-93.6-87.4-93.6s-87.3 38.8-87.3 93.6c0 54.7 36.7 93.6 87.3 93.6s87.4-38.1 87.4-93.6z"/><path class="st2" d="m2837.5 631.3v-185.5c0-86 54.8-147.6 152.5-147.6 97.8 0 151.8 62 151.8 147.6v185h-87.3v-177.7c0-47.8-21.5-77.6-64.5-77.6s-64.4 29.9-64.4 77.6v178.2z"/></g><path class="st3" d="m346.1 740.3c32.8 59.3 116.9 62.6 154 5.9l346.7-528.4c36.8-56 1.6-131.2-65-138.8l-681.4-78.1c-72.7-8.4-124.4 68.9-89.1 132.9z" clip-rule="evenodd" fill="#6d4aff" fill-rule="evenodd"/><path d="m346.1 740.3c32.8 59.3 116.9 62.6 154 5.9l346.7-528.4c36.8-56 1.6-131.2-65-138.8l-681.4-78.2c-72.6-8.3-124.4 68.9-89 132.9z" clip-rule="evenodd" fill="url(#SVGID_00000083796956185287615240000010885015769944861357_)" fill-rule="evenodd"/><path d="m396.4 638.7-30.8 46.3c-12.5 18.7-40.4 17.6-51.2-2.1l31.7 57.5c5.7 10.2 12.8 18.8 21.1 25.7 39.3 33 102.2 27.1 133-19.8l346.7-528.4c36.8-56 1.6-131.2-65-138.8l-681.5-78.2c-72.7-8.4-124.4 68.9-89.1 132.9l2.7 4.9 580.1 67.1c37 4.3 56.5 46 36 77.1z" fill="url(#SVGID_00000005978595599017039650000002259067875620926859_)"/></g></g></svg>

docs/basics/common-threats.en.md

@@ -0,0 +1,163 @@
+---
+title: "Common Threats"
+icon: 'material/eye-outline'
+---
+
+Broadly speaking, we categorize our recommendations into these general categories of [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat imaginable.
+
+- <span class="pg-purple">:material-incognito: Anonymity</span> - Shielding your online activity from your real-life identity, protecting you from people who are trying to uncover *your* identity specifically
+- <span class="pg-red">:material-target-account: Targeted Attacks</span> - Being protected  from dedicated hackers or other malicious agents trying to gain access to *your* data or devices specifically
+- <span class="pg-orange">:material-bug-outline: Passive Attacks</span> - Being protected from things like malware, data breaches, and other attacks that are made against many people at once
+- <span class="pg-teal">:material-server-network: Service Providers</span> - Protecting your data from service providers, e.g. with end-to-end encryption rendering your data unreadable to the server
+- <span class="pg-blue">:material-eye-outline: Mass Surveillance</span> - Protection from government agencies, organizations, websites, and services working together to track your activities
+- <span class="pg-brown">:material-account-cash: Surveillance Capitalism</span> - Protecting yourself from big advertising networks like Google and Facebook, as well as a myriad of other third-party data collectors
+- <span class="pg-green">:material-account-search: Public Exposure</span> - Limiting the information about you online that is accessible to search engines or the general public
+- <span class="pg-blue-gray">:material-close-outline: Censorship</span> - Avoiding censored access to information and being censored yourself when speaking online
+
+Some of these threats may weigh more than others depending on your specific concerns. For example, a software developer with access to valuable or critical data may be primarily concerned with <span class="pg-red">:material-target-account: Targeted Attacks</span>, but beyond that they probably still want to protect their personal data from being swept up in <span class="pg-blue">:material-eye-outline: Mass Surveillance</span> programs. Similarly, an "Average Joe" may be primarily concerned with <span class="pg-green">:material-account-search: Public Exposure</span> of their personal data, but they should still be wary of security-focused issues such as <span class="pg-orange">:material-bug-outline: Passive Attacks</span> like malware affecting their devices.
+
+## Anonymity vs Privacy
+
+<span class="pg-purple">:material-incognito: Anonymity</span>
+
+Anonymity is often confused for privacy, but it's a distinct concept. While privacy is a set of choices you make about how your data is used and shared, anonymity is the complete disassociation of your online activities from your real-life identity.
+
+Whistleblowers and journalists, for example, can have a much more extreme threat model requiring total anonymity. That's not only hiding what they do, what data they have, and not getting hacked by hackers or governments, but also hiding who they are entirely. They will sacrifice any kind of convenience if it means protecting their anonymity, privacy, or security, as their lives could depend on it. Most regular people do not need to go so far.
+
+## Security and Privacy
+
+<span class="pg-orange">:material-bug-outline: Passive Attacks</span>
+
+Security and privacy are often conflated, because you need security to obtain any semblance of privacy: Using tools which appear private is futile if they could easily be exploited by attackers to release your data later. However, the inverse is not necessarily true; the most secure service in the world *isn't necessarily* private. The best example of this is trusting data to Google, who, given their scale, have had minimal security incidents by employing industry-leading security experts to secure their infrastructure. Even though Google provides a very secure service, very few would consider their data private in their hands.
+
+When it comes to application security, we generally do not (and sometimes cannot) know if the software that we use is malicious, or might one day become malicious. Even with the most trustworthy developers, there is generally no guarantee that their software does not have a serious vulnerability that could later be exploited.
+
+To minimize the potential damage that a malicious piece of software can do, you should employ security by compartmentalization. This could come in the form of using different computers for different jobs, using virtual machines to separate different groups of related applications, or using a secure operating system with a strong focus on application sandboxing and mandatory access control.
+
+!!! tip
+
+    Mobile operating systems are generally safer than desktop operating systems when it comes to application sandboxing. Apps cannot obtain root access and only have access to system resources which you grant them.
+
+    Desktop operating systems generally lag behind on proper sandboxing. Chrome OS has similar sandboxing properties to Android, and macOS has full system permission control and opt-in (for developers) sandboxing for applications, however these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make heavy use of VMs or containers, such as Qubes OS.
+
+<span class="pg-red">:material-target-account: Targeted Attacks</span>
+
+Targeted attacks against a specific user are more problematic to deal with. Common avenues of attack include sending malicious documents via emails, exploiting vulnerabilities in the browser and operating systems, and physical attacks. If this is a concern for you, you may have to employ more advanced threat mitigation strategies.
+
+!!! tip
+
+    **Web browsers**, **email clients**, and **office applications** all typically run untrusted code sent to you from third-parties by design. Running multiple virtual machines to separate applications like these from your host system as well as each other is one technique you can use to avoid an exploit in these applications from compromising the rest of your system. Technologies like Qubes OS or Microsoft Defender Application Guard on Windows provide convenient methods to do this seamlessly, for example.
+
+If you are concerned about **physical attacks** you should use an operating system with a secure verified boot implementation, such as Android, iOS, or macOS. You should also make sure that your drive is encrypted, and that the operating system uses a TPM or Secure Element for rate limiting attempts to enter the encryption passphrase. You should avoid sharing your computer with people you don't trust, because most desktop operating systems do not encrypt data separately per-user.
+
+## Privacy From Service Providers
+
+<span class="pg-teal">:material-server-network: Service Providers</span>
+
+We live in a world where almost everything is connected to the internet. Our "private" messages, emails, social interactions are typically stored on a server somewhere. Generally, when you send someone a message, that message is then stored on a server, and when your friend wants to read the message, the server will show it to them.
+
+The obvious problem with this is that the service provider (or a hacker who has compromised the server) can look into your "private" conversations whenever and however they want, without you ever knowing. This applies to many common services like SMS messaging, Telegram, Discord, and so on.
+
+Thankfully, end-to-end encryption can alleviate this issue by encrypting communications between you and your desired recipients before they are even sent to the server. The confidentiality of your messages is guaranteed, so long as the service provider does not have access to the private keys of either party.
+
+??? note "Note on web-based encryption"
+
+    In practice, the effectiveness of different end-to-end encryption implementations varies. Applications such as [Signal](../real-time-communication.md#signal) run natively on your device, and every copy of the application is the same across different installations. If the service provider were to backdoor their application in an attempt to steal your private keys, that could later be detected using reverse engineering.
+
+    On the other hand, web based end-to-end encryption implementations such as Proton Mail's webmail or Bitwarden's web vault rely on the server dynamically serving JavaScript code to the browser to handle cryptographic operations. A malicious server could target a specific user and send them malicious JavaScript code to steal their encryption key, and it would be extremely hard for the user to ever notice such a thing. Even if the user does notice the attempt to steal their key, it would be incredibly hard to prove that it is the provider trying to do so, because the server can choose to serve different web clients to different users.
+
+    Therefore, when relying on end-to-end encryption, you should choose to use native applications over web clients whenever possible.
+
+Even with end-to-end encryption, service providers can still profile you based on **metadata**, which is typically not protected. While the service provider could not read your messages to see what you're saying, they can still observe things like who you're talking to, how often you message them, and what times you're typically active. Protection of metadata is fairly uncommon, and you should pay close attention to the technical documentation of the software you are using to see if there is any metadata minimization or protection at all, if that is a concern for you.
+
+## Mass Surveillance Programs
+
+Mass surveillance is an effort to surveil many or all of a given population. It often refers to government programs such as the ones [disclosed by Edward Snowden in 2013](https://en.wikipedia.org/wiki/Global_surveillance_disclosures_(2013%E2%80%93present)). However, it can also be carried out by corporations, either on behalf of government agencies or by their own initiative.
+
+Online, you can be tracked via a wide variety of methods, including but not limited to:
+
+- Your IP address
+- Browser cookies
+- Data you submit to websites
+- Your browser or device fingerprint
+- Payment method correlation
+
+Therefore your goals could be to segregate your online identities from each other, to blend in with other users, and to simply avoid giving out identifying information to anyone as much as possible.
+
+<span class="pg-blue">:material-eye-outline: Mass Surveillance</span>
+
+Governments often cite mass surveillance programs as necessary to combat terrorism and prevent crime, however it is most often used to disproportionately target minorities, political dissidents, and many other groups to create a chilling effect on free speech.
+
+!!! quote "ACLU: [The Privacy Lesson of 9/11: Mass Surveillance is Not the Way Forward](https://www.aclu.org/news/national-security/the-privacy-lesson-of-9-11-mass-surveillance-is-not-the-way-forward)"
+
+    In the face of [Edward Snowden's disclosures of government programs such as [PRISM](https://en.wikipedia.org/wiki/PRISM) and [Upstream](https://en.wikipedia.org/wiki/Upstream_collection)], intelligence officials also admitted that the NSA had for years been secretly collecting records about virtually every American’s phone calls — who’s calling whom, when those calls are made, and how long they last. This kind of information, when amassed by the NSA day after day, can reveal incredibly sensitive details about people’s lives and associations, such as whether they have called a pastor, an abortion provider, an addiction counselor, or a suicide hotline.
+
+Despite growing mass surveillance in the United States, the government has found that mass surveillance programs like Section 215 have had "little unique value" with respect to stopping actual crimes or terrorist plots, with efforts largely duplicating the FBI's own targeted surveillance programs.[^1]
+
+<span class="pg-brown">:material-account-cash: Surveillance Capitalism</span>
+
+> Surveillance capitalism is an economic system centered around the capture and commodification of personal data for the core purpose of profit-making.[^2]
+
+Tracking and surveillance by private corporations is a growing concern for many as well. Pervasive ad networks like those operated by Google and Facebook span the internet far beyond just the sites they control, tracking your actions along the way. Using tools like content blockers to limit network requests to their servers, and reading the privacy policies of the services you use can help you avoid many basic adversaries, but can never completely protect you from all tracking.[^3]
+
+Additionally, even companies outside of the ad-tech/tracking space can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (like Cambridge Analytica, Experian, or Datalogix) or other parties, so you can't automatically assume your data is safe merely because the service you are using doesn't fall within a typical data sharing/tracking category. The strongest protection against corporate data collection is to always encrypt or obfuscate your data whenever possible to make it as difficult as possible for different providers to correlate data with each other and build a profile on you.
+
+## Limiting Public Information
+
+<span class="pg-green">:material-account-search: Public Exposure</span>
+
+The best way to ensure your data is private is to simply not put it out there in the first place. Deleting information you find about yourself online is one of the best first steps you can take to regain your privacy.
+
+- [View our guide on account deletion :material-arrow-right:](account-deletion.md)
+
+On sites where you do share information, checking the privacy settings of your account to limit how widely that data is spread is very important. For example, if your accounts have a "private mode," enable it to make sure your account isn't being indexed by search engines and can't be viewed by people you don't vet beforehand.
+
+If you have already submitted your real information to a number of sites which shouldn't have it, consider employing disinformation tactics such as submitting fictitious information related to the same online identity to make your real information indistinguishable from the false information.
+
+## Avoiding Censorship
+
+<span class="pg-blue-gray">:material-close-outline: Censorship</span>
+
+Censorship online can be carried out to varying degrees by actors including totalitarian governments, network administrators, and service providers seeking to control the speech of their users and the information they can access. These efforts to filter the internet will always be incompatible with the ideals of free speech.
+
+Censorship on corporate platforms is increasingly common as platforms like Twitter and Facebook give in to public demand, market pressures, and pressures from government agencies. Government pressures can be covert requests to businesses, such as the White House [requesting the takedown](https://www.nytimes.com/2012/09/17/technology/on-the-web-a-fine-line-on-free-speech-across-globe.html) of a provocative YouTube video; or overt, such as the Chinese government requiring companies to adhere to a strict regime of censorship.
+
+People concerned with the threat of censorship can use technologies like Tor to circumvent it, and support platforms which provide censorship-resistant communication such as Matrix, which has no centralized account authority which can close down accounts arbitrarily.
+
+!!! important
+
+    While simply evading censorship itself is relatively easy, hiding the fact that you are evading the censorship system from the censors can be very problematic.
+
+    You should consider what aspects of the network your adversary can observe, and whether you have plausible deniability for your actions. For example, using encrypted DNS can help you bypass rudimentary censorship systems based solely on DNS, but it cannot truly hide what you are visiting from your ISP. A VPN or Tor can help hide what you are visiting from the network administrators, but cannot hide that you are using those networks. Pluggable transports like Obfs4proxy, Meek or Shadowsocks can help you evade firewalls that block common VPN protocols or Tor, but an adversary can still figure out that you are actively trying to bypass their censorship system as opposed to just protecting your privacy through probing or deep packet inspection.
+
+You must always consider the risks involved with trying to bypass censorship, what the potential consequences are, and how sophisticated your adversary may be. Be extra cautious with your software selection, and have a backup plan in case you are caught.
+
+## Common Misconceptions
+
+:material-numeric-1-circle: **Open source software is always secure** or **Proprietary software is more secure**
+
+These myths stem from a number of prejudices, but the source-availability and licensure of a software product does not inherently affect its security in any way. ==Open-source software has the *potential* to be more secure than proprietary software, but there is absolutely no guarantee this is the case.== When you evaluate software, you need to look at the reputation and security of each tool on an individual basis.
+
+Open-source software *can* be audited by third-parties, and is often more transparent regarding potential vulnerabilities than their proprietary counterparts. They can also be more flexible, allowing you to delve into the code and disable any suspicious functionality you find yourself. However, unless you review the code yourself there is no guarantee that code has ever been evaluated, especially with smaller software projects, and the open development process can sometimes be exploited by malicious parties to introduce new vulnerabilities into even large projects.[^4]
+
+On the flip side, proprietary software is less transparent, but that does not imply it is not secure. Major proprietary software projects can be audited internally and by third-party agencies, and independent security researchers can still find vulnerabilities with techniques like reverse engineering.
+
+At the end of the day, it is **vital** that you research and evaluate the privacy and security properties of each piece of software being used, and avoid making decisions based on biases.
+
+:material-numeric-2-circle: **Shifting trust can increase privacy**
+
+We talk about "shifting trust" a lot when discussing solutions like VPNs, which shift the trust you place in your ISP to the VPN provider. While this protects your browsing data from your ISP specifically, the VPN provider you choose still has access to your browsing data: Your data is not yet completely secured from all parties. This means that:
+
+1. You need to exercise caution when choosing a provider to shift trust to, rather than choosing blindly.
+2. You still need to employ other techniques like end-to-end encryption to protect your data completely, merely distrusting one provider to trust another is not hiding your data.
+
+:material-numeric-3-circle: **Privacy-focused solutions are inherently trustworthy**
+
+Focusing solely on the privacy policies and marketing of a tool or provider can blind you to its weaknesses. When you're looking for a privacy solution you should determine what the underlying problem is and find technical solutions to that problem. For example, you may want to avoid Google Drive, which gives Google access to all of your data. The underlying problem in this case is a lack of end-to-end encryption, so you should make sure the provider you switch to actually implements end-to-end encryption, or use a tool like Cryptomator which provides end-to-end encryption on any cloud provider. Blindly switching to a "privacy-focused" provider which does not provide end-to-end encryption does not solve your problem, it merely shifts trust from Google to that provider.
+
+The privacy policies and business practices of a provider you choose are very important, but should be considered secondary to technical guarantees of your privacy: Don't elect to merely shift trust to another provider when trusting a provider isn't a requirement at all.
+
+[^1]: United States Privacy and Civil Liberties Oversight Board: [Report on the Telephone Records Program Conducted under Section 215](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf)
+[^2]: Wikipedia: [Surveillance capitalism](https://en.wikipedia.org/wiki/Surveillance_capitalism)
+[^3]: "[Enumerating badness](https://www.ranum.com/security/computer_security/editorials/dumb/)" (or, "listing all the bad things that we know about") as many adblockers and antivirus programs do, fails to adequately protect you from new and unknown threats because they have not yet been added to the filter list. You need to additionally employ other mitigation techniques to be fully protected.
+[^4]: One notable example of this is the [2021 incident in which University of Minnesota researchers introduced three vulnerabilities into the Linux kernel development project](https://cse.umn.edu/cs/linux-incident).

docs/basics/erasing-data.md

@@ -0,0 +1,38 @@
+---
+title: "Secure Data Erasure"
+icon: 'material/harddisk-remove'
+---
+**Erasing data** from your computer may seem like a simple task, but if you want to make sure the data is truly unrecoverable, there are some things you should consider.
+
+!!! tip
+    You should use [full disk encryption](../encryption.md#os-full-disk-encryption) on your storage devices. If your device is stolen or needs to be returned under warranty your privacy may be at risk.
+
+To erase a storage device **thoroughly**, you should securely erase the whole device and not individual files.
+
+## Erasing Your Entire Drive
+
+When you delete a file, the operating system marks the space where the deleted file was as "empty". That "empty" space can be fairly easily undeleted, yielding the original file.
+
+### Magnetic storage
+
+If the disk is a magnetic storage device such as spinning hard disk we suggest using [`nwipe`](https://en.wikipedia.org/wiki/Nwipe). `nwipe` can be installed in most Linux distributions. If you wish to use a complete boot environment on a system, consider using [ShredOS Disk Eraser](https://github.com/PartialVolume/shredos.x86_64). ShredOS boots straight into `nwipe` and allows you to erase available disks. To install it to a flash USB stick see the [installation methods](https://github.com/PartialVolume/shredos.x86_64/blob/master/README.md#obtaining-and-writing-shredos-to-a-usb-flash-drive-the-easy-way-).
+
+Once you have your boot media, enter your system's UEFI settings and boot from the USB stick. Commonly used keys to access UEFI are ++f2++, ++f12++, or ++del++. Follow the on-screen prompts to wipe your data.
+
+![ShredOS](../assets/img/erasing-data/shredos.png)
+
+### Flash Storage
+
+For [flash memory](https://en.wikipedia.org/wiki/Flash_memory) (SSD, NVMe etc) devices we suggest the ATA Secure Erase command. Methods such as `nwipe` should not be used on flash storage devices as it may damage their performance. The "Secure Erase" feature is often accessible through the UEFI setup menu.
+
+It is also possible to complete a Secure Erase using the [`hdparm`](https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase) command, or [Microsoft Secure Group Commands](https://docs.microsoft.com/en-us/windows-hardware/drivers/storage/security-group-commands).
+
+Physical destruction may be necessary to securely erase devices such as memory cards, USB sticks and unusable hard disks.
+
+## Erasing Specific Files
+
+Securely shredding **individual files** is difficult if not impossible. Copies can exist in a variety of ways such as through manual, or automatic backups, [wear leveling](https://en.wikipedia.org/wiki/Wear_leveling) (on modern [flash storage](https://en.wikipedia.org/wiki/Solid-state_drive)), caching and filesystem [journaling](https://en.wikipedia.org/wiki/Journaling_file_system).
+
+Wear leveled devices do not guarantee a fixed relationship between [logical blocks addressed](https://en.wikipedia.org/wiki/Logical_block_addressing) through the interface. This means that the physical locations in which the data is stored may be different to where it is actually located, therefore shredding may not provide adequate security.
+
+--8<-- "includes/abbreviations.en.md"

docs/basics/threat-modeling.en.md

@@ -5,20 +5,14 @@ icon: 'material/target-account'
 
 Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. Everything is a trade-off: The more secure something is, the more restricting or inconvenient it generally is, et cetera. Often people find that the problem with the tools they see recommended is they're just too hard to start using!
 
-If you wanted to use the **most** secure tools available, you'd have to sacrifice *a lot* of usability. And even then, <mark>nothing is ever fully secure.</mark> There's **high** security, but never **full** security. That's why threat models are important.
+If you wanted to use the **most** secure tools available, you'd have to sacrifice *a lot* of usability. And even then, ==nothing is ever fully secure.== There's **high** security, but never **full** security. That's why threat models are important.
 
 **So, what are these threat models anyways?**
 
-<mark>A threat model is a list of the most probable threats to your security/privacy endeavors.</mark> Since it's impossible to protect yourself against **every** attack(er), you should focus on the **most probable** threats. In computer security, a threat is a potential event that could undermine your efforts to stay private and secure.
+==A threat model is a list of the most probable threats to your security/privacy endeavors.== Since it's impossible to protect yourself against **every** attack(er), you should focus on the **most probable** threats. In computer security, a threat is a potential event that could undermine your efforts to stay private and secure.
 
 By focusing on the threats that matter to you, this narrows down your thinking about the protection you need, so you can choose the tools that are right for the job.
 
-## Examples of threat models
-
-* An investigative journalist's threat model might be <span class="text-muted">(protecting themselves against)</span> a foreign government.
-* A company's manager's threat model might be <span class="text-muted">(protecting themselves against)</span> a hacker hired by competition to do corporate espionage.
-* The average citizen's threat model might be <span class="text-muted">(hiding their data from)</span> large tech corporations.
-
 ## Creating your threat model
 
 To identify what could happen to the things you value and determine from whom you need to protect them, you want to answer these five questions:
@@ -29,45 +23,15 @@ To identify what could happen to the things you value and determine from whom yo
 4. How bad are the consequences if I fail?
 5. How much trouble am I willing to go through to try to prevent potential consequences?
 
-### Example: Protecting your belongings
-
-* To demonstrate how these questions work, let's build a plan to keep your house and possessions safe.
-
-#### What do you want to protect? (Or, *what do you have that is worth protecting?*)
-
-* Your assets might include jewelry, electronics, important documents, or photos.
-
-#### Who do you want to protect it from?
-
-* Your adversaries might include burglars, roommates, or guests.
-
-#### How likely is it that you will need to protect it?
-
-* Does your neighborhood have a history of burglaries? How trustworthy are your roommates/guests? What are the capabilities of your adversaries? What are the risks you should consider?
-
-#### How bad are the consequences if you fail?
-
-* Do you have anything in your house that you cannot replace? Do you have the time or money to replace these things? Do you have insurance that covers goods stolen from your home?
-
-#### How much trouble are you willing to go through to prevent these consequences?
-
-* Are you willing to buy a safe for sensitive documents? Can you afford to buy a high-quality lock? Do you have time to open a security box at your local bank and keep your valuables there?
-
-Only once you have asked yourself these questions will you be in a position to assess what measures to take. If your possessions are valuable, but the probability of a break-in is low, then you may not want to invest too much money in a lock. But, if the probability of a break-in is high, you'll want to get the best lock on the market, and consider adding a security system.
-
-Making a security plan will help you to understand the threats that are unique to you and to evaluate your assets, your adversaries, and your adversaries' capabilities, along with the likelihood of risks you face.
-
-Now, let's take a closer look at the questions in our list:
-
 ### What do I want to protect?
 
-An “asset” is something you value and want to protect. In the context of digital security, <mark>an asset is usually some kind of information.</mark> For example, your emails, contact lists, instant messages, location, and files are all possible assets. Your devices themselves may also be assets.
+An “asset” is something you value and want to protect. In the context of digital security, ==an asset is usually some kind of information.== For example, your emails, contact lists, instant messages, location, and files are all possible assets. Your devices themselves may also be assets.
 
 *Make a list of your assets: data that you keep, where it's kept, who has access to it, and what stops others from accessing it.*
 
 ### Who do I want to protect it from?
 
-To answer this question, it's important to identify who might want to target you or your information. <mark>A person or entity that poses a threat to your assets is an “adversary.”</mark> Examples of potential adversaries are your boss, your former partner, your business competition, your government, or a hacker on a public network.
+To answer this question, it's important to identify who might want to target you or your information. ==A person or entity that poses a threat to your assets is an “adversary.”== Examples of potential adversaries are your boss, your former partner, your business competition, your government, or a hacker on a public network.
 
 *Make a list of your adversaries, or those who might want to get ahold of your assets. Your list may include individuals, a government agency, or corporations.*
 
@@ -75,7 +39,7 @@ Depending on who your adversaries are, under some circumstances this list might
 
 ### How likely is it that I will need to protect it?
 
-<mark>Risk is the likelihood that a particular threat against a particular asset will actually occur.</mark> It goes hand-in-hand with capability. While your mobile phone provider has the capability to access all of your data, the risk of them posting your private data online to harm your reputation is low.
+==Risk is the likelihood that a particular threat against a particular asset will actually occur.== It goes hand-in-hand with capability. While your mobile phone provider has the capability to access all of your data, the risk of them posting your private data online to harm your reputation is low.
 
 It is important to distinguish between what might happen and the probability it may happen. For instance, there is a threat that your building might collapse, but the risk of this happening is far greater in San Francisco (where earthquakes are common) than in Stockholm (where they are not).
 
@@ -87,7 +51,7 @@ Assessing risks is both a personal and a subjective process. Many people find ce
 
 There are many ways that an adversary could gain access to your data. For example, an adversary can read your private communications as they pass through the network, or they can delete or corrupt your data.
 
-<mark>The motives of adversaries differ widely, as do their tactics.</mark> A government trying to prevent the spread of a video showing police violence may be content to simply delete or reduce the availability of that video. In contrast, a political opponent may wish to gain access to secret content and publish that content without you knowing.
+==The motives of adversaries differ widely, as do their tactics.== A government trying to prevent the spread of a video showing police violence may be content to simply delete or reduce the availability of that video. In contrast, a political opponent may wish to gain access to secret content and publish that content without you knowing.
 
 Security planning involves understanding how bad the consequences could be if an adversary successfully gains access to one of your assets. To determine this, you should consider the capability of your adversary. For example, your mobile phone provider has access to all your phone records. A hacker on an open Wi-Fi network can access your unencrypted communications. Your government might have stronger capabilities.
 
@@ -95,23 +59,46 @@ Security planning involves understanding how bad the consequences could be if an
 
 ### How much trouble am I willing to go through to try to prevent potential consequences?
 
-<mark>There is no perfect option for security.</mark> Not everyone has the same priorities, concerns, or access to resources. Your risk assessment will allow you to plan the right strategy for you, balancing convenience, cost, and privacy.
+==There is no perfect option for security.== Not everyone has the same priorities, concerns, or access to resources. Your risk assessment will allow you to plan the right strategy for you, balancing convenience, cost, and privacy.
 
 For example, an attorney representing a client in a national security case may be willing to go to greater lengths to protect communications about that case, such as using encrypted email, than a mother who regularly emails her daughter funny cat videos.
 
 *Write down what options you have available to you to help mitigate your unique threats. Note if you have any financial constraints, technical constraints, or social constraints.*
 
-<div class="row">
-  <div class="col-12 col-lg-6">
-    <h2>Further reading</h2>
-    <ul>
-      <li><a href="https://en.wikipedia.org/wiki/Threat_model">Wikipedia: Threat model</a></li>
-    </ul>
-  </div>
-  <div class="col-12 col-lg-6">
-    <h2>Sources</h2>
-    <ul>
-      <li><a href="https://ssd.eff.org/en/module/your-security-plan">EFF Surveillance Self Defense: Your Security Plan</a></li>
-    </ul>
-  </div>
-</div>
+### Try it yourself: Protecting your belongings
+
+These questions can apply to a wide variety of situations, online and offline. As a generic demonstration of how these questions work, let's build a plan to keep your house and possessions safe.
+
+**What do you want to protect? (Or, *what do you have that is worth protecting?*)**
+
+:   Your assets might include jewelry, electronics, important documents, or photos.
+
+**Who do you want to protect it from?**
+
+:   Your adversaries might include burglars, roommates, or guests.
+
+**How likely is it that you will need to protect it?**
+
+:   Does your neighborhood have a history of burglaries? How trustworthy are your roommates/guests? What are the capabilities of your adversaries? What are the risks you should consider?
+
+**How bad are the consequences if you fail?**
+
+:   Do you have anything in your house that you cannot replace? Do you have the time or money to replace these things? Do you have insurance that covers goods stolen from your home?
+
+**How much trouble are you willing to go through to prevent these consequences?**
+
+:   Are you willing to buy a safe for sensitive documents? Can you afford to buy a high-quality lock? Do you have time to open a security box at your local bank and keep your valuables there?
+
+Only once you have asked yourself these questions will you be in a position to assess what measures to take. If your possessions are valuable, but the probability of a break-in is low, then you may not want to invest too much money in a lock. But, if the probability of a break-in is high, you'll want to get the best lock on the market, and consider adding a security system.
+
+Making a security plan will help you to understand the threats that are unique to you and to evaluate your assets, your adversaries, and your adversaries' capabilities, along with the likelihood of risks you face.
+
+## Further reading
+
+For people looking to increase their privacy and security online, we've compiled a list of common threats our visitors face or goals our visitors have, to give you some inspiration and demonstrate the basis of our recommendations. 
+
+- [Common Goals and Threats :material-arrow-right:](common-threats.md)
+
+## Sources
+
+- [EFF Surveillance Self Defense: Your Security Plan](https://ssd.eff.org/en/module/your-security-plan)

docs/browsers.en.md

@@ -12,7 +12,9 @@ These are our currently recommended web browsers and configurations. In general,
 
     ![Tor Browser logo](assets/img/browsers/tor.svg){ align=right }
 
-    **Tor Browser** is the choice if you need anonymity. This browser provides you with access to the Tor Bridges and [Tor Network](https://en.wikipedia.org/wiki/Tor_(network)), along with extensions that can be automatically configured to fit its three security levels: *Standard*, *Safer* and *Safest*. We recommend that you do not change any of Tor Browser's default configurations outside of the standard security levels.
+    **Tor Browser** is the choice if you need anonymity, as it provides you with access to the Tor Bridges and [Tor Network](https://en.wikipedia.org/wiki/Tor_(network)), along with settings and extensions that are automatically configured by the default security levels: *Standard*, *Safer* and *Safest*.
+
+    The Tor Browser is designed to prevent fingerprinting, or identifying you based on your browser configuration. Therefore, it is imperative that you do **not** modify the browser beyond the default security levels.
 
     [Homepage](https://www.torproject.org){ .md-button .md-button--primary } [:pg-tor:](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion){ .md-button } [Privacy Policy](https://support.torproject.org/tbb/tbb-3/){ .md-button }
 
@@ -100,10 +102,6 @@ This prevents you from unintentionally connecting to a website in plain-text HTT
 
 [Firefox Sync](https://hacks.mozilla.org/2018/11/firefox-sync-privacy/) allows your browsing data (history, bookmarks, etc.) to be accessible on all your devices and protects it with E2EE.
 
-#### Extensions
-
-We generally do not recommend installing any extensions as they increase your attack surface. However, if you want content blocking, [uBlock Origin](#additional-resources) might be useful to you. The extension is also a :trophy: [Recommended Extension](https://support.mozilla.org/kb/add-on-badges#w_recommended-extensions) by Mozilla.
-
 #### Arkenfox (advanced)
 
 The [Arkenfox project](https://github.com/arkenfox/user.js) provides a set of carefully considered options for Firefox. If you [decide](https://github.com/arkenfox/user.js/wiki/1.1-To-Arkenfox-or-Not) to use Arkenfox, a [few options](https://github.com/arkenfox/user.js/wiki/3.2-Overrides-[Common]) are subjectively strict and/or may cause some websites to not work properly - [which you can easily change](https://github.com/arkenfox/user.js/wiki/3.1-Overrides) to suit your needs. We **strongly recommend** reading through their full [wiki](https://github.com/arkenfox/user.js/wiki). Arkenfox also enables [container](https://support.mozilla.org/en-US/kb/containers#w_for-advanced-users) support.
@@ -120,7 +118,7 @@ The [Arkenfox project](https://github.com/arkenfox/user.js) provides a set of ca
 
     We don't recommend Brave's mobile browser offerings as there are better [options](#mobile-recommendations) for mobile platforms.
 
-    [Homepage](https://brave.com/){ .md-button .md-button--primary } [Privacy Policy](https://brave.com/privacy/browser/){ .md-button }
+    [Homepage](https://brave.com/){ .md-button .md-button--primary } [:pg-tor:](https://brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .md-button } [Privacy Policy](https://brave.com/privacy/browser/){ .md-button }
 
     ??? downloads annotate
 
@@ -176,7 +174,7 @@ Shields' options can be downgraded on a per-site basis as needed, but by default
 
 ##### Extensions
 
-Disable the extensions you do not use in **Extensions**
+Disable built-in extensions you do not use in **Extensions**
 
 <div class="annotate" markdown>
 
@@ -184,8 +182,6 @@ Disable the extensions you do not use in **Extensions**
 - [ ] Uncheck **Private window with Tor** (1)
 - [ ] Uncheck **WebTorrent**
 
-In addition, avoid installing third-party extensions.
-
 </div>
 
 1. Brave is **not** as resistant to fingerprinting as the Tor Browser and far fewer people use Brave with Tor, so you will stand out. Where [strong anonymity is required](https://support.brave.com/hc/en-us/articles/360018121491-What-is-a-Private-Window-with-Tor-Connectivity-) use the [Tor Browser](#tor-browser).
@@ -302,12 +298,10 @@ Synchronization of Safari History, Tab Groups, iCloud Tabs, and saved passwords
 
 If you use iCloud, we also recommend checking to ensure Safari's default download location is set to locally on your device. This option can be found in :gear: **Settings** → **Safari** → **General** → **Downloads**.
 
-#### Extensions
-
-We generally do not recommend installing [any extensions](https://www.sentinelone.com/blog/inside-safari-extensions-malware-golden-key-user-data/) as they increase your browser's attack surface; however, if you want content blocking, [AdGuard for Safari](#additional-resources) might be useful to you.
-
 ## Additional Resources
 
+We generally do not recommend installing any extensions as they increase your attack surface. However, uBlock Origin or AdGuard may prove useful if you value content blocking functionality.
+
 ### uBlock Origin
 
 !!! recommendation
@@ -316,8 +310,6 @@ We generally do not recommend installing [any extensions](https://www.sentinelon
 
     **uBlock Origin** is a popular content blocker that could help you block ads, trackers, and fingerprinting scripts.
 
-    We suggest leaving the extension in its default configuration, as extra filter lists can add additional [attack surface](https://portswigger.net/research/ublock-i-exfiltrate-exploiting-ad-blockers-with-css).
-
     [Extension Info](https://github.com/gorhill/uBlock#readme){ .md-button .md-button--primary }
 
     ??? downloads
@@ -328,9 +320,9 @@ We generally do not recommend installing [any extensions](https://www.sentinelon
         - [:fontawesome-brands-opera: Opera](https://addons.opera.com/extensions/details/ublock)
         - [:fontawesome-brands-github: Source](https://github.com/gorhill/uBlock)
 
-!!! warning "Use default filter lists"
+We suggest leaving the extension in its default configuration. Additional filter lists can impact performance and may increase attack surface, so only apply what you need. If there is a [vulnerability in uBlock Origin](https://portswigger.net/research/ublock-i-exfiltrate-exploiting-ad-blockers-with-css) a third party filter could add malicious rules that can potentially steal user data.
 
-    Additional filter lists can impact performance and may increase attack surface, so only apply what you need. If there is a [vulnerability in uBlock Origin](https://portswigger.net/research/ublock-i-exfiltrate-exploiting-ad-blockers-with-css) a third party filter could add malicious rules that can potentially steal user data.
+uBlock Origin is also a Mozilla :trophy: [Recommended Extension](https://support.mozilla.org/kb/add-on-badges#w_recommended-extensions). Recommended extensions are manually reviewed by Mozilla staff security experts to ensure they meet the highest standards of security, functionality, and user experience.
 
 ### AdGuard for Safari
 
@@ -363,13 +355,21 @@ There is also [AdGuard for iOS](https://adguard.com/en/adguard-ios/overview.html
 
     **Snowflake** allows you to donate bandwidth to the Tor Project by operating a "Snowflake proxy" within your browser. People who are censored can use Snowflake proxies to connect to the Tor network. Snowflake is a great way to contribute to the network even if you don't have the technical know-how to run a Tor relay or bridge.
 
-    [Website](https://support.torproject.org/censorship/how-to-help-running-snowflake/){ .md-button .md-button--primary }
+    [Website](https://snowflake.torproject.org/){ .md-button .md-button--primary }
+
+    ??? downloads
+
+        - [:octicons-browser-16: Browser](https://snowflake.torproject.org/embed) (Leave page open to continue being a Snowflake proxy)
+        - [:fontawesome-brands-firefox: Firefox](https://addons.mozilla.org/en-US/firefox/addon/torproject-snowflake/)
+        - [:fontawesome-brands-chrome: Chrome](https://chrome.google.com/webstore/detail/snowflake/mafpmfcccpbjnhfhjnllmmalhifmlcie)
 
 Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours.
 
 Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
 
-We do not recommend installing Snowflake as a browser extension as extensions increase your browser's attack surface.
+You can enable Snowflake in your browser by clicking the switch below and ==leaving this page open==. You can also install Snowflake as a browser extension to have it always run while your browser is open, however adding third-party extensions can increase your attack surface.
+
+<center><iframe src="https://snowflake.torproject.org/embed.html" width="320" height="240" frameborder="0" scrolling="no"></iframe></center>
 
 ### Terms of Service; Didn't Read
 

docs/calendar-contacts.en.md

@@ -21,7 +21,6 @@ These products are included with an subscription with their respective [email pr
 
     ??? downloads
 
-        - [:fontawesome-solid-earth-americas: Web](https://mail.tutanota.com/)
         - [:fontawesome-brands-windows: Windows](https://tutanota.com/blog/posts/desktop-clients/)
         - [:fontawesome-brands-apple: macOS](https://tutanota.com/blog/posts/desktop-clients/)
         - [:fontawesome-brands-linux: Linux](https://tutanota.com/blog/posts/desktop-clients/)
@@ -37,13 +36,12 @@ These products are included with an subscription with their respective [email pr
 
     ![Proton Calendar logo](assets/img/calendar-contacts/proton-calendar.svg){ align=right }
 
-    **Proton Calendar** is an encrypted calendar serivce available to ProtonMail members. Features include: automatic E2EE of all data, sharing features, import/export functionality, and [more](https://protonmail.com/support/knowledge-base/proton-calendar-guide/). Those on the free tier get access to a single calendar, whereas paid subscribers can create up to 20 calendars. Extended sharing functionality is also limited to paid subscribers. Proton Calendar is currently only available for the web and Android.
+    **Proton Calendar** is an encrypted calendar serivce available to Proton Mail members. Features include: automatic E2EE of all data, sharing features, import/export functionality, and [more](https://proton.me/support/proton-calendar-guide). Those on the free tier get access to a single calendar, whereas paid subscribers can create up to 20 calendars. Extended sharing functionality is also limited to paid subscribers. Proton Calendar is currently only available for the web and Android.
 
-    [Website](https://calendar.protonmail.com){ .md-button .md-button--primary } [Privacy Policy](https://protonmail.com/privacy-policy){ .md-button }
+    [Website](https://proton.me/calendar){ .md-button .md-button--primary } [Privacy Policy](https://proton.me/legal/privacy){ .md-button }
 
     ??? downloads
 
-        - [:fontawesome-solid-earth-americas: Web](https://calendar.protonmail.com)
         - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.calendar)
         - [:fontawesome-brands-github: Source](https://github.com/ProtonMail/WebClients)
 

docs/cloud.en.md

@@ -39,9 +39,9 @@ When self hosting Nextcloud, you should also enable E2EE to protect against your
 
     ![Proton Drive logo](assets/img/cloud/protondrive.svg){ align=right }
 
-    **Proton Drive** is an E2EE general file storage service by the popular encrypted email provider [ProtonMail](https://protonmail.com).
+    **Proton Drive** is an E2EE general file storage service by the popular encrypted email provider [Proton Mail](https://proton.me/mail).
 
-    [Website](https://drive.protonmail.com){ .md-button .md-button--primary } [Privacy Policy](https://protonmail.com/privacy-policy){ .md-button }
+    [Website](https://proton.me/drive){ .md-button .md-button--primary } [Privacy Policy](https://proton.me/legal/privacy){ .md-button }
 
     ??? downloads
 

docs/dns.en.md

@@ -15,16 +15,15 @@ icon: material/dns
 | ------------ | -------------- | --------- | ------- | --- | --------- |
 | [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Cleartext <br> DoH <br> DoT <br> DNSCrypt | Some[^1] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS)
 | [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Cleartext <br> DoH <br> DoT | Some[^2] | No | Based on server choice.|
-| [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | DoH <br> DoT | No[^4] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock)
-| [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Cleartext <br> DoH <br> DoT <br> DNSCrypt | Optional[^5] | Optional | Based on server choice. |
-| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Cleartext <br> DoH <br> DoT <br> DNSCrypt | Some[^6] | Optional |  Based on server choice, Malware blocking by default. |
+| [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | DoH <br> DoT | No[^3] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock)
+| [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Cleartext <br> DoH <br> DoT <br> DNSCrypt | Optional[^4] | Optional | Based on server choice. |
+| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Cleartext <br> DoH <br> DoT <br> DNSCrypt | Some[^5] | Optional |  Based on server choice, Malware blocking by default. |
 
 [^1]: AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested in within last 24 hours. "We need this information to identify and block new trackers and threats." "We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html)
 [^2]: Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver. The 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is stored only for 25 hours. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/)
-[^3]: Neither ControlD's free nor premium plans have logging enabled by default. Premium subscribers can enable logging/analytics at will. [https://controld.com/privacy](https://controld.com/privacy)
-[^4]: Mullvad's DNS service is available to both subscribers and non-subscribers of Mullvad VPN. Their privacy policy explicitly claims they do not log DNS requests in any way. [https://mullvad.net/en/help/no-logging-data-policy/](https://mullvad.net/en/help/no-logging-data-policy/)
-[^5]: NextDNS can provide insights and logging features on an opt-in basis. You can choose retention times and log storage locations for any logs you choose to keep. If it's not specifically requested, no data is logged. [https://nextdns.io/privacy](https://nextdns.io/privacy)
-[^6]: Quad9 collects some data for the purposes of threat monitoring and response. That data may then be remixed and shared, such as for the purpose of security research. Quad9 does not collect or record IP addresses or other data they deem personally identifiable. [https://www.quad9.net/privacy/policy/](https://www.quad9.net/privacy/policy/)
+[^3]: Mullvad's DNS service is available to both subscribers and non-subscribers of Mullvad VPN. Their privacy policy explicitly claims they do not log DNS requests in any way. [https://mullvad.net/en/help/no-logging-data-policy/](https://mullvad.net/en/help/no-logging-data-policy/)
+[^4]: NextDNS can provide insights and logging features on an opt-in basis. You can choose retention times and log storage locations for any logs you choose to keep. If it's not specifically requested, no data is logged. [https://nextdns.io/privacy](https://nextdns.io/privacy)
+[^5]: Quad9 collects some data for the purposes of threat monitoring and response. That data may then be remixed and shared, such as for the purpose of security research. Quad9 does not collect or record IP addresses or other data they deem personally identifiable. [https://www.quad9.net/privacy/policy/](https://www.quad9.net/privacy/policy/)
 
 The criteria for the servers listed above are:
 
@@ -126,4 +125,22 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](ba
         - [:fontawesome-brands-linux: Linux](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-linux)
         - [:fontawesome-brands-github: Source](https://github.com/DNSCrypt/dnscrypt-proxy)
 
+## Self-hosted Solutions
+
+### Pi-hole
+
+!!! recommendation
+
+    ![Pi-hole logo](assets/img/dns/pi-hole.svg){ align=right }
+
+    **Pi-hole** is an open-source [DNS-sinkhole](https://wikipedia.org/wiki/DNS_sinkhole) which uses [DNS filtering](https://www.cloudflare.com/learning/access-management/what-is-dns-filtering/) to block unwanted web content, such as advertisements.
+
+    Pi-hole is designed to be hosted on a Raspberry Pi, but it is not limited to such hardware. The software features a friendly web interface to view insights and manage blocked content.
+
+    [Website](https://pi-hole.net/){ .md-button .md-button--primary } [Privacy Policy](https://pi-hole.net/privacy/){ .md-button }
+
+    ??? downloads
+
+        - [:fontawesome-brands-github: Source](https://github.com/pi-hole/pi-hole)
+
 --8<-- "includes/abbreviations.en.md"

docs/email.en.md

@@ -16,47 +16,47 @@ For everything else, we recommend a variety of email providers based on sustaina
 
 ## Recommended Email Providers
 
-### ProtonMail
+### Proton Mail
 
 !!! recommendation
 
-    ![ProtonMail logo](assets/img/email/protonmail.svg){ align=right }
+    ![Proton Mail logo](assets/img/email/protonmail.svg){ align=right }
 
-    **ProtonMail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since **2013**. ProtonMail is based in Genève, Switzerland. Accounts start with 500 MB storage with their free plan.
+    **Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since **2013**. Proton AG is based in Genève, Switzerland. Accounts start with 500 MB storage with their free plan.
 
-    Free accounts have some limitations, such as not being able to search body text and not having access to [ProtonMail Bridge](https://protonmail.com/bridge), which is required to use a [recommended desktop email client](email-clients.md) (e.g. Thunderbird). Paid accounts are available starting at **€48/y** which include features like ProtonMail Bridge, additional storage, and custom domain support.
+    Free accounts have some limitations, such as not being able to search body text and not having access to [Proton Mail Bridge](https://proton.me/mail/bridge), which is required to use a [recommended desktop email client](email-clients.md) (e.g. Thunderbird). Paid accounts are available starting at **€48/y** which include features like Proton Mail Bridge, additional storage, and custom domain support.
+
+    With the [transition to Proton.me](https://proton.me/news/updated-proton), paid plans have changed. Existing users before the 25 May 2022 will get to keep their [existing plan](https://proton.me/support/upgrading-to-new-proton-plan) pricing.
 
     **Free**
 
-    [Website](https://protonmail.com){ .md-button .md-button--primary } [Privacy Policy](https://protonmail.com/privacy-policy){ .md-button }
+    [Website](https://proton.me/){ .md-button .md-button--primary } [:pg-tor:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .md-button } [Privacy Policy](https://proton.me/legal/privacy){ .md-button }
 
 ??? check "Custom Domains and Aliases"
 
-    Paid ProtonMail subscribers can use their own domain with the service. [Catch-all](https://protonmail.com/support/knowledge-base/catch-all/) addresses are supported with custom domains for Professional and Visionary plans. ProtonMail also supports [subaddressing](https://protonmail.com/support/knowledge-base/creating-aliases/), which is useful for people who don't want to purchase a domain.
+    Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain.
 
 ??? check "Private Payment Methods"
 
-    ProtonMail accepts Bitcoin in addition to accepting credit/debit cards and PayPal.
+    Proton Mail accepts Bitcoin in addition to accepting credit/debit cards and PayPal.
 
 ??? check "Account Security"
 
-    ProtonMail supports TOTP [two factor authentication](https://protonmail.com/support/knowledge-base/two-factor-authentication/) only. The use of a U2F security key is not yet supported. ProtonMail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code.
+    Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code.
 
 ??? check "Data Security"
 
-    ProtonMail has [zero access encryption](https://protonmail.com/blog/zero-access-encryption) at rest for your emails, [address book contacts](https://protonmail.com/blog/encrypted-contacts-manager), and [calendars](https://protonmail.com/blog/protoncalendar-security-model). This means the messages and other data stored in your account are only readable by you.
+    Proton Mail has [zero access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails, [address book contacts](https://proton.me/support/proton-contacts), and [calendars](https://proton.me/news/protoncalendar-security-model). This means the messages and other data stored in your account are only readable by you.
 
 ??? check "Email Encryption"
 
-    ProtonMail has [integrated OpenPGP encryption](https://protonmail.com/support/knowledge-base/how-to-use-pgp) in their webmail. Emails to other ProtonMail accounts are encrypted automatically, and encryption to non-ProtonMail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-ProtonMail addresses](https://protonmail.com/support/knowledge-base/encrypt-for-outside-users) without the need for them to sign up for a ProtonMail account or use software like OpenPGP.
+    Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP.
 
-    ProtonMail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use ProtonMail to find the OpenPGP keys of ProtonMail accounts easily, for cross-provider E2EE.
+    Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE.
 
 ??? info "Additional Functionality"
 
-    ProtonMail's login and services are accessible over Tor, [protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion/)
-
-    ProtonMail offers a "Visionary" account for €24/Month, which also enables access to ProtonVPN in addition to providing multiple accounts, domains, aliases, and extra storage.
+    Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage.
 
 ### Mailbox.org
 
@@ -213,7 +213,7 @@ Using an aliasing service requires trusting both your email provider and your al
 
     ![Simplelogin logo](assets/img/email/simplelogin.svg){ align=right }
 
-    **[SimpleLogin](https://simplelogin.io)** (now owned by ProtonMail) is a free service which provides email aliases on a variety of shared domain names, and optionally provides features like unlimited aliases and custom domains for $30/year. [Source code on GitHub](https://github.com/simple-login/app).
+    **[SimpleLogin](https://simplelogin.io)** is a free service which provides email aliases on a variety of shared domain names, and optionally provides features like unlimited aliases and custom domains for $30/year. [Source code on GitHub](https://github.com/simple-login/app).
 
     [Website](https://simplelogin.io){ .md-button .md-button--primary } [Privacy Policy](https://simplelogin.io/privacy/){ .md-button }
 
@@ -227,7 +227,7 @@ Using an aliasing service requires trusting both your email provider and your al
         - [:pg-f-droid: F-Droid](https://f-droid.org/en/packages/io.simplelogin.android.fdroid/)
         - [:fontawesome-brands-github: Source](https://github.com/simple-login)
 
-SimpleLogin [is owned by ProtonMail](https://protonmail.com/blog/proton-and-simplelogin-join-forces/) as of April 8, 2022. If you use ProtonMail for your primary mailbox, this makes SimpleLogin a great choice: You now only have to trust a single email provider and SimpleLogin will be more tightly integrated with ProtonMail's offerings in the future. Nonetheless, SimpleLogin continues to support forwarding to any email provider of your chosing.
+SimpleLogin was [acquired by Proton AG](https://proton.me/news/proton-and-simplelogin-join-forces) as of April 8, 2022. If you use Proton Mail for your primary mailbox, SimpleLogin a great choice. As both products are now owned by the same company you now only have to trust a single entity. We also expect that SimpleLogin will be more tightly integrated with Proton's offerings in the future. SimpleLogin continues to support forwarding to any email provider of your choosing.
 
 Notable free features:
 
@@ -292,19 +292,6 @@ For a more manual approach we've picked out these two articles.
 
 **Please note we are not affiliated with any of the providers we recommend.** This allows us to provide completely objective recommendations. We have developed a clear set of requirements for any Email provider wishing to be recommended, including implementing industry best practices, modern technology and more. We suggest you familiarize yourself with this list before choosing an Email provider, and conduct your own research to ensure the Email provider you choose is the right choice for you.
 
-### Jurisdiction
-
-Operating outside the five/nine/fourteen-eyes countries is not necessarily a guarantee of privacy, and there are other factors to consider.
-
-**Minimum to Qualify:**
-
-- Operating outside the USA or other Five Eyes countries.
-
-**Best Case:**
-
-- Operating outside the USA or other Fourteen Eyes countries.
-- Operating inside a country with strong consumer protection laws.
-
 ### Technology
 
 We regard these features as important in order to provide a safe and optimal service. You should consider whether the provider which has the features you require.

docs/index.en.md

@@ -15,6 +15,8 @@ hide:
 Much like the right to interracial marriage, woman's suffrage, freedom of speech, and many others, we didn't always have the right to privacy. In several dictatorships, many still don't. Generations before ours fought for our right to privacy. ==Privacy is a human right inherent to all of us== that we are entitled to without discrimination.
 
 You shouldn't confuse privacy with secrecy. We know what happens in the bathroom, but you still close the door. That's because you want privacy, not secrecy. **Everyone** has something to hide, privacy is something that makes you human.
+
+[:material-target-account: Common Internet Threats](basics/common-threats.md){ .md-button .md-button--primary }
 </div>
 
 <div style="margin-left:auto;margin-right:0;text-align:right;max-width:38rem;" markdown>

docs/linux-desktop.en.md

@@ -126,62 +126,4 @@ Whonix is best used [in conjunction with Qubes](https://www.whonix.org/wiki/Qube
 
 By design, Tails is meant to completely reset itself after each reboot. Encrypted [persistent storage](https://tails.boum.org/doc/first_steps/persistence/index.en.html) can be configured to store some data.
 
-## General Recommendations
-
-### Drive Encryption
-
-Most Linux distributions have an installer option for enabling LUKS FDE upon installation.
-
-If this option isn’t set at installation time, you will have to backup your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted.
-
-When securely erasing storage devices such as a Solid-state drive (SSD) you should use the [ATA Secure Erase](https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase) command. This command can be issued from your UEFI setup. If the storage device is a regular hard drive (HDD), consider using [`nwipe`](https://en.wikipedia.org/wiki/Nwipe).
-
-### Swap
-
-Consider using [ZRAM](https://wiki.archlinux.org/title/Swap#zram-generator) or [encrypted swap](https://wiki.archlinux.org/title/Dm-crypt/Swap_encryption) instead of unencrypted swap to avoid potential security issues with sensitive data being pushed to [swap space](https://en.wikipedia.org/wiki/Memory_paging). Fedora based distributions [use ZRAM by default](https://fedoraproject.org/wiki/Changes/SwapOnZRAM).
-
-### Wayland
-
-We recommend using a desktop environment that supports the [Wayland](https://en.wikipedia.org/wiki/Wayland_(display_server_protocol)) display protocol as it developed with security [in mind](https://lwn.net/Articles/589147/). Its predecessor, [X11](https://en.wikipedia.org/wiki/X_Window_System), does not support GUI isolation, allowing all windows to [record screen, log and inject inputs in other windows](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation.html), making any attempt at sandboxing futile. While there are options to do nested X11 such as [Xpra](https://en.wikipedia.org/wiki/Xpra) or [Xephyr](https://en.wikipedia.org/wiki/Xephyr), they often come with negative performance consequences and are not convenient to set up and are not preferable over Wayland.
-
-Fortunately, common environments such as [GNOME](https://www.gnome.org), [KDE](https://kde.org), and the window manager [Sway](https://swaywm.org) have support for Wayland. Some distributions like Fedora and Tumbleweed use it by default and some others may do so in the future as X11 is in [hard maintenance mode](https://www.phoronix.com/scan.php?page=news_item&px=X.Org-Maintenance-Mode-Quickly). If you’re using one of those environments it is as easy as selecting the “Wayland” session at the desktop display manager ([GDM](https://en.wikipedia.org/wiki/GNOME_Display_Manager), [SDDM](https://en.wikipedia.org/wiki/Simple_Desktop_Display_Manager)).
-
-We recommend **against** using desktop environments or window managers that do not have Wayland support such as Cinnamon (default on Linux Mint), Pantheon (default on Elementary OS), MATE, Xfce, and i3.
-
-### Proprietary Firmware (Microcode Updates)
-
-Linux distributions such as those which are [Linux-libre](https://en.wikipedia.org/wiki/Linux-libre) or DIY (Arch Linux) don’t come with the proprietary [microcode](https://en.wikipedia.org/wiki/Microcode) updates. Some notable examples of these vulnerabilities include [Spectre](https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)), [Meltdown](https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability)), [SSB](https://en.wikipedia.org/wiki/Speculative_Store_Bypass), [Foreshadow](https://en.wikipedia.org/wiki/Foreshadow), [MDS](https://en.wikipedia.org/wiki/Microarchitectural_Data_Sampling), [SWAPGS](https://en.wikipedia.org/wiki/SWAPGS_(security_vulnerability)), and other [hardware vulnerabilities](https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/index.html).
-
-We **highly recommend** that you install the microcode updates, as your CPU is already running the proprietary microcode from the factory. Fedora and openSUSE both have the microcode updates applied by default.
-
-## Privacy Tweaks
-
-### MAC Address Randomization
-
-Many desktop Linux distributions (Fedora, openSUSE etc) will come with [NetworkManager](https://en.wikipedia.org/wiki/NetworkManager), to configure Ethernet and Wi-Fi settings.
-
-It is possible to [randomize](https://fedoramagazine.org/randomize-mac-address-nm/) the [MAC address](https://en.wikipedia.org/wiki/MAC_address) when using NetworkManager. This provides a bit more privacy on Wi-Fi networks as it makes it harder to track specific devices on the network you’re connected to. It does [**not**](https://papers.mathyvanhoef.com/wisec2016.pdf) make you anonymous.
-
-We recommend changing the setting to **random** instead of **stable**, as suggested in the [article](https://fedoramagazine.org/randomize-mac-address-nm/).
-
-If you are using [systemd-networkd](https://en.wikipedia.org/wiki/Systemd#Ancillary_components), you will need to set [`MACAddressPolicy=random`](https://www.freedesktop.org/software/systemd/man/systemd.link.html#MACAddressPolicy=) which will enable [RFC 7844 (Anonymity Profiles for DHCP Clients)](https://www.freedesktop.org/software/systemd/man/systemd.network.html#Anonymize=).
-
-There isn’t much point in randomizing the MAC address for Ethernet connections as a system administrator can find you by looking at the port you are using on the [network switch](https://en.wikipedia.org/wiki/Network_switch). Randomizing Wi-Fi MAC addresses depends on support from the Wi-Fi’s firmware.
-
-### Other Identifiers
-
-There are other system identifiers which you may wish to be careful about. You should give this some thought to see if it applies to your [threat model](basics/threat-modeling.md):
-
-- **Hostnames:** Your system's hostname is shared with the networks you connect to. You should avoid including identifying terms like your name or operating system in your hostname, instead sticking to generic terms or random strings.
-- **Usernames:** Similarly, your username is used in a variety of ways across your system. Consider using generic terms like "user" rather than your actual name.
-- **Machine ID:**: During installation a unique machine ID is generated and stored on your device. Consider [setting it to a generic ID](https://madaidans-insecurities.github.io/guides/linux-hardening.html#machine-id).
-
-### System Counting
-
-The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting) how many unique systems access its mirrors by using a [`countme`](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting#Detailed_Description) variable instead of a unique ID. Fedora does this to determine load and provision better servers for updates where necessary.
-
-This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer.
-
-openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file.
-
 --8<-- "includes/abbreviations.en.md"

docs/linux-desktop/hardening.en.md

@@ -28,19 +28,29 @@ There are some additional kernel hardening options such as configuring [sysctl](
 - [Recommended boot parameters](https://madaidans-insecurities.github.io/guides/linux-hardening.html#boot-parameters)
 - [Additional recommendations to reduce the kernel's attack surface](https://madaidans-insecurities.github.io/guides/linux-hardening.html#kernel-attack-surface-reduction)
 
-Note that setting `kernel.unprivileged_userns_clone=0` will stop Flatpak, Snap (that depend on browser-sandbox), Electron based AppImages, Podman, Docker, and LXC containers from working. Do **not** set this flag if you are using container products.
+Do **not** disable unprivileged user namespaces if you use software that relies on it, like: Podman, Docker and LXC containers. The option will prevent this software from working.
 
 ## Linux-Hardened
 
 Some distributions like Arch Linux have the [linux-hardened](https://github.com/anthraxx/linux-hardened), kernel package. It includes [hardening patches](https://wiki.archlinux.org/title/security#Kernel_hardening) and more security-conscious defaults. Linux-Hardened has `kernel.unprivileged_userns_clone=0` disabled by default. See the [warning above](#kernel-hardening) about how this might impact you.
 
+## Linux Kernel Runtime Guard (LKRG)
+
+LKRG is a kernel module that performs runtime integrity check on the kernel to help detect detect exploits against the kernel. LKRG works in a *post*-detect fashion, meaning that it attempts to respond to unauthorized modifications to the running Linux kernel. The intention is that it will defeat many pre-existing exploits as well as undiscovered vulnerabilities. Some hardened distributions, such as [Kicksecure](https://www.kicksecure.com/wiki/Linux_Kernel_Runtime_Guard_LKRG), have documentation.
+
+## GRSecurity
+
+GRSecurity is a set of kernel patches that attempt to improve security of the Linux kernel. Open source  access, however, requires [subscription to a paid model](https://grsecurity.net/passing_the_baton).
+
 ## Simultaneous multithreading (SMT)
 
 [SMT](https://en.wikipedia.org/wiki/Simultaneous_multithreading) has been the cause of numerous hardware vulnerabilities, and subsequent patches for those vulnerabilities often come with performance penalties that negate most of the performance gain given by SMT. If you followed the “kernel hardening” section above, some kernel parameters already disable SMT. If the option is available to you, we recommend that you disable it in your firmware as well.
 
 ## Hardened memory allocator
 
-The [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc) from [GrapheneOS](https://grapheneos.org) can be used on Linux distributions. It is available by default on Whonix and is available as an [AUR package](https://wiki.archlinux.org/title/Security#Hardened_malloc) on Arch based distributions. If you are using the AUR package, consider setting up `LD_PRELOAD` as described in the [Arch Wiki](https://wiki.archlinux.org/title/Security#Hardened_malloc).
+The [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc) from [GrapheneOS](https://grapheneos.org) can also be used on general Linux distributions. It is available as an [AUR package](https://wiki.archlinux.org/title/Security#Hardened_malloc) on Arch based distributions, and (though not enabled by default) on Whonix and Kicksecure.
+
+If you are using Whonix, Kicksecure or the AUR package, consider setting up `LD_PRELOAD` as described in the [Kicksecure Documentation](https://www.kicksecure.com/wiki/Hardened_Malloc) or [Arch Wiki](https://wiki.archlinux.org/title/Security#Hardened_malloc).
 
 ## Umask
 

docs/linux-desktop/overview.en.md

@@ -20,7 +20,11 @@ Our website generally uses the term “Linux” to describe desktop GNU/Linux di
 
 [Our Linux Recommendations :material-arrow-right:](../linux-desktop.md){ .md-button }
 
-## Release cycle
+## Choosing your distribution
+
+Not all Linux distributions are created equal. While our Linux recommendation page is not meant to be an authoritative source on which distribution you should use, there are a few things you should keep in mind when choosing which distribution to use.
+
+### Release cycle
 
 We highly recommend that you choose distributions which stay close to the stable upstream software releases, often referred to as rolling release distributions. This is because frozen release cycle distributions often don’t update package versions and fall behind on security updates.
 
@@ -32,7 +36,7 @@ We don’t believe holding packages back and applying interim patches is a good
   <iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/i8c0mg_mS7U" title="Regular Releases are Wrong, Roll for your life" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
 </div>
 
-## Traditional vs Atomic updates
+### Traditional vs Atomic updates
 
 Traditionally, Linux distributions update by sequentially updating the desired packages. Traditional updates such as those used in Fedora, Arch Linux, and Debian based distributions can be less reliable if an error occurs while updating.
 
@@ -46,11 +50,11 @@ The Atomic update method is used for immutable distributions like Silverblue, Tu
   <iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/-hpV5l-gJnQ" title="Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalik" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
 </div>
 
-## “Security-focused” distributions
+### “Security-focused” distributions
 
 There is often some confusion about “security-focused” distributions and “pentesting” distributions. A quick search for “the most secure Linux distribution” will often give results like Kali Linux, Black Arch, and Parrot OS. These distributions are offensive penetration testing distributions that bundle tools for testing other systems. They don’t include any “extra security” or defensive mitigations intended for regular use.
 
-## Arch-based distributions
+### Arch-based distributions
 
 Arch based distributions are not recommended for those new to Linux, regardless of the distribution. Arch does not have an distribution update mechanism for the underlying software choices. As a result you have to stay aware with current trends and adopt technologies as they supersede older practices on your own.
 
@@ -63,8 +67,64 @@ If you are experienced with Linux and wish to use an Arch-based distribution, we
 - **Manjaro**: This distribution holds packages back for 2 weeks to make sure that their own changes don’t break, not to make sure that upstream is stable. When AUR packages are used, they are often built against the latest [libraries](https://en.wikipedia.org/wiki/Library_(computing)) from Arch’s repositories.
 - **Garuda**: They use [Chaotic-AUR](https://aur.chaotic.cx/) which automatically and blindly compiles packages from the AUR. There is no verification process to make sure that the AUR packages don’t suffer from supply chain attacks.
 
-## Linux-libre kernel and “Libre” distributions
+### Linux-libre kernel and “Libre” distributions
 
 We strongly recommend **against** using the Linux-libre kernel, since it [removes security mitigations](https://www.phoronix.com/scan.php?page=news_item&px=GNU-Linux-Libre-5.7-Released) and [suppresses kernel warnings](https://news.ycombinator.com/item?id=29674846) about vulnerable microcode for ideological reasons.
 
+## General Recommendations
+
+### Drive Encryption
+
+Most Linux distributions have an option within its installer for enabling [LUKS](/encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to backup your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device:
+
+- [Secure Data Erasure :material-arrow-right:](../basics/erasing-data.md)
+
+### Swap
+
+Consider using [ZRAM](https://wiki.archlinux.org/title/Swap#zram-generator) or [encrypted swap](https://wiki.archlinux.org/title/Dm-crypt/Swap_encryption) instead of unencrypted swap to avoid potential security issues with sensitive data being pushed to [swap space](https://en.wikipedia.org/wiki/Memory_paging). Fedora based distributions [use ZRAM by default](https://fedoraproject.org/wiki/Changes/SwapOnZRAM).
+
+### Wayland
+
+We recommend using a desktop environment that supports the [Wayland](https://en.wikipedia.org/wiki/Wayland_(display_server_protocol)) display protocol as it developed with security [in mind](https://lwn.net/Articles/589147/). Its predecessor, [X11](https://en.wikipedia.org/wiki/X_Window_System), does not support GUI isolation, allowing all windows to [record screen, log and inject inputs in other windows](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation.html), making any attempt at sandboxing futile. While there are options to do nested X11 such as [Xpra](https://en.wikipedia.org/wiki/Xpra) or [Xephyr](https://en.wikipedia.org/wiki/Xephyr), they often come with negative performance consequences and are not convenient to set up and are not preferable over Wayland.
+
+Fortunately, common environments such as [GNOME](https://www.gnome.org), [KDE](https://kde.org), and the window manager [Sway](https://swaywm.org) have support for Wayland. Some distributions like Fedora and Tumbleweed use it by default and some others may do so in the future as X11 is in [hard maintenance mode](https://www.phoronix.com/scan.php?page=news_item&px=X.Org-Maintenance-Mode-Quickly). If you’re using one of those environments it is as easy as selecting the “Wayland” session at the desktop display manager ([GDM](https://en.wikipedia.org/wiki/GNOME_Display_Manager), [SDDM](https://en.wikipedia.org/wiki/Simple_Desktop_Display_Manager)).
+
+We recommend **against** using desktop environments or window managers that do not have Wayland support such as Cinnamon (default on Linux Mint), Pantheon (default on Elementary OS), MATE, Xfce, and i3.
+
+### Proprietary Firmware (Microcode Updates)
+
+Linux distributions such as those which are [Linux-libre](https://en.wikipedia.org/wiki/Linux-libre) or DIY (Arch Linux) don’t come with the proprietary [microcode](https://en.wikipedia.org/wiki/Microcode) updates. Some notable examples of these vulnerabilities include [Spectre](https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)), [Meltdown](https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability)), [SSB](https://en.wikipedia.org/wiki/Speculative_Store_Bypass), [Foreshadow](https://en.wikipedia.org/wiki/Foreshadow), [MDS](https://en.wikipedia.org/wiki/Microarchitectural_Data_Sampling), [SWAPGS](https://en.wikipedia.org/wiki/SWAPGS_(security_vulnerability)), and other [hardware vulnerabilities](https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/index.html).
+
+We **highly recommend** that you install the microcode updates, as your CPU is already running the proprietary microcode from the factory. Fedora and openSUSE both have the microcode updates applied by default.
+
+## Privacy Tweaks
+
+### MAC Address Randomization
+
+Many desktop Linux distributions (Fedora, openSUSE etc) will come with [NetworkManager](https://en.wikipedia.org/wiki/NetworkManager), to configure Ethernet and Wi-Fi settings.
+
+It is possible to [randomize](https://fedoramagazine.org/randomize-mac-address-nm/) the [MAC address](https://en.wikipedia.org/wiki/MAC_address) when using NetworkManager. This provides a bit more privacy on Wi-Fi networks as it makes it harder to track specific devices on the network you’re connected to. It does [**not**](https://papers.mathyvanhoef.com/wisec2016.pdf) make you anonymous.
+
+We recommend changing the setting to **random** instead of **stable**, as suggested in the [article](https://fedoramagazine.org/randomize-mac-address-nm/).
+
+If you are using [systemd-networkd](https://en.wikipedia.org/wiki/Systemd#Ancillary_components), you will need to set [`MACAddressPolicy=random`](https://www.freedesktop.org/software/systemd/man/systemd.link.html#MACAddressPolicy=) which will enable [RFC 7844 (Anonymity Profiles for DHCP Clients)](https://www.freedesktop.org/software/systemd/man/systemd.network.html#Anonymize=).
+
+There isn’t much point in randomizing the MAC address for Ethernet connections as a system administrator can find you by looking at the port you are using on the [network switch](https://en.wikipedia.org/wiki/Network_switch). Randomizing Wi-Fi MAC addresses depends on support from the Wi-Fi’s firmware.
+
+### Other Identifiers
+
+There are other system identifiers which you may wish to be careful about. You should give this some thought to see if it applies to your [threat model](../basics/threat-modeling.md):
+
+- **Hostnames:** Your system's hostname is shared with the networks you connect to. You should avoid including identifying terms like your name or operating system in your hostname, instead sticking to generic terms or random strings.
+- **Usernames:** Similarly, your username is used in a variety of ways across your system. Consider using generic terms like "user" rather than your actual name.
+- **Machine ID:**: During installation a unique machine ID is generated and stored on your device. Consider [setting it to a generic ID](https://madaidans-insecurities.github.io/guides/linux-hardening.html#machine-id).
+
+### System Counting
+
+The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting) how many unique systems access its mirrors by using a [`countme`](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting#Detailed_Description) variable instead of a unique ID. Fedora does this to determine load and provision better servers for updates where necessary.
+
+This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer.
+
+openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file.
+
 --8<-- "includes/abbreviations.en.md"

docs/linux-desktop/sandboxing.en.md

@@ -61,6 +61,6 @@ Red Hat develops [Podman](https://docs.podman.io/en/latest/) and secures it with
 
 Another option is [Kata containers](https://katacontainers.io/), where virtual machines masquerade as containers. Each Kata container has its own Linux kernel and is isolated from the host.
 
-These container technologies can be useful for those who may want to run certain web app software on their local area network (LAN) such as [Vaultwarden](https://github.com/dani-garcia/vaultwarden) or images provided by [linuxserver.io](https://www.linuxserver.io) to increase privacy by decreasing dependence on various web services.
+The above container technologies can be useful if you want to run certain web app software on your local network, such as [Vaultwarden](https://github.com/dani-garcia/vaultwarden) or images provided by [LinuxServer.io](https://www.linuxserver.io), to increase privacy by decreasing dependence on various web services. A guide on [hardening Docker and OCI](https://wonderfall.dev/docker-hardening) has been written by the author "Wonderfall."
 
 --8<-- "includes/abbreviations.en.md"

docs/news-aggregators.en.md

@@ -54,21 +54,21 @@ A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to k
         - [:pg-flathub: Flatpak](https://flathub.org/apps/details/org.kde.akregator)
         - [:fontawesome-brands-git: Source](https://invent.kde.org/pim/akregator)
 
-### Handy News Reader
+### Feeder
 
 !!! recommendation
 
-    ![Handy News Reader logo](assets/img/news-aggregators/handy-news-reader.svg){ align=right }
+    ![Feeder logo](assets/img/news-aggregators/feeder.png){ align=right }
 
-    **Handy News Reader** is a fork of [Flym](https://github.com/FredJul/Flym) that has many [features](https://github.com/yanus171/Handy-News-Reader#features) and works well with folders of RSS feeds. It supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)) and [RDF](https://en.wikipedia.org/wiki/RDF%2FXML).
+    **Feeder** is a modern RSS client for Android that has many [features](https://gitlab.com/spacecowboy/Feeder#features) and works well with folders of RSS feeds. It supports it supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)) and [RDF](https://en.wikipedia.org/wiki/RDF%2FXML) and [JSON Feed](https://en.wikipedia.org/wiki/JSON_Feed).
 
-    [Homepage](https://yanus171.github.io/Handy-News-Reader/){ .md-button .md-button--primary }
+    [Homepage](https://gitlab.com/spacecowboy/Feeder){ .md-button .md-button--primary }
 
     ??? downloads
 
-        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=ru.yanus171.feedexfork)
-        - [:pg-f-droid: F-Droid](https://f-droid.org/en/packages/ru.yanus171.feedexfork/)
-        - [:fontawesome-brands-github: Source](https://github.com/yanus171/Handy-News-Reader)
+        - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.nononsenseapps.feeder.play)
+        - [:pg-f-droid: F-Droid](https://f-droid.org/en/packages/com.nononsenseapps.feeder/)
+        - [:fontawesome-brands-gitlab: Source](https://gitlab.com/spacecowboy/Feeder)
 
 ### NetNewsWire
 

docs/search-engines.en.md

@@ -40,21 +40,25 @@ DuckDuckGo offers two other [versions](https://help.duckduckgo.com/features/non-
 
     [Website](https://www.startpage.com){ .md-button .md-button--primary } [Privacy Policy](https://www.startpage.com/en/privacy-policy){ .md-button }
 
-Startpage is based in the :flag_nl: Netherlands. According to their [privacy policy](https://www.startpage.com/en/privacy-policy/), they only log details such as: operating system, type of browser, and language. They do not log your IP address, search queries, or other personally identifying information.
+Startpage is based in the :flag_nl: Netherlands. According to their [privacy policy](https://www.startpage.com/en/privacy-policy/), they log details such as: operating system, type of browser, and language. They do not log your IP address, search queries, or other personally identifying information.
 
 Startpage's majority shareholder is System1 who is an adtech company. We don't believe that to be an issue as they have an distinctly separate [privacy policy](https://system1.com/terms/privacy-policy). The Privacy Guides team reached out to Startpage [back in 2020](https://web.archive.org/web/20210118031008/https://blog.privacytools.io/relisting-startpage/) to clear up any concerns with System1's sizeable investment into the service. We were satisfied with the answers we received.
 
-## Mojeek
+## Brave Search
 
 !!! recommendation
 
-    ![Mojeek logo](assets/img/search-engines/mojeek.svg){ align=right }
+    ![Brave Search logo](assets/img/search-engines/brave-search.svg){ align=right }
 
-    **Mojeek** is another privacy friendly search engine. They use their own crawler to provide search data.
+    **Brave Search** is developed by Brave and serves results primarily from its own, independent index. The index is optimized against Google Search and therefore may provide more contextually accurate results compared to other alternatives.
 
-    [Website](https://www.mojeek.com){ .md-button .md-button--primary } [Privacy Policy](https://www.mojeek.com/about/privacy){ .md-button }
+    Brave Search includes unique features such as Discussions, which highlights conversation-focused results—such as forum posts.
 
-The company is based in the :flag_gb: UK. According to their [Privacy Policy](https://www.mojeek.com/about/privacy/), they log the originating country, time, page requested, and referral data of each query. IP addresses are not logged.
+    We recommend you disable [Anonymous usage metrics](https://search.brave.com/help/usage-metrics), this option is enabled by default and can be disabled within settings.
+
+    Brave Search is based in the :flag_us: United States. Their [privacy policy](https://search.brave.com/help/privacy-policy) states they collect aggregated usage metrics, which includes the operating system and browser in use, however no personally identifiable information is collected. IP addresses are temporarily processed, but are not retained.
+
+    [Homepage](https://search.brave.com){ .md-button .md-button--primary } [:pg-tor:](https://search.brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .md-button } [Privacy Policy](https://search.brave.com/help/privacy-policy){ .md-button }
 
 ## SearXNG
 

docs/stylesheets/extra.css

@@ -151,7 +151,7 @@ h1, h2, h3, .md-header__topic {
     width: 22px;
 }
 
-/* Unsticky sidebar without JS */
+/* Un-sticky sidebar without JS */
 .no-js .md-sidebar {
     align-self: auto;
 }
@@ -170,4 +170,59 @@ h1, h2, h3, .md-header__topic {
     left: 0;
     width: 100%;
     height: 100%;
-}
+}
+
+/* Badge colors */
+.pg-purple {
+    color: #603aa0;
+}
+[data-md-color-scheme="slate"] .pg-purple {
+    color: #af94de;
+}
+.pg-red {
+    color: #c0322f;
+}
+[data-md-color-scheme="slate"] .pg-red {
+    color: #ff6c6a;
+}
+.pg-orange {
+    color: #ac2f09;
+}
+[data-md-color-scheme="slate"] .pg-orange {
+    color: #e97b5a;
+}
+.pg-teal {
+    color: #04756a;
+}
+[data-md-color-scheme="slate"] .pg-teal {
+    color: #8dc6c1;
+}
+.pg-brown {
+    color: #8d6e62;
+}
+[data-md-color-scheme="slate"] .pg-brown {
+    color: #b6988c;
+}
+.pg-blue {
+    color: #0e66ae;
+}
+[data-md-color-scheme="slate"] .pg-blue {
+    color: #74b9f1;
+}
+.pg-green {
+    color: #2e7e31;
+}
+[data-md-color-scheme="slate"] .pg-green {
+    color: #72cd75;
+}
+.pg-blue-gray {
+    color: #546d78;
+}
+[data-md-color-scheme="slate"] .pg-blue-gray {
+    color: #9ab2bc;
+
+/* Make light/dark mode icon smaller */
+label[class="md-header__button md-icon"] svg {
+    height: 1rem;
+    width: 1rem;
+}

docs/tools.en.md

@@ -15,11 +15,11 @@ For your convenience, everything we recommend is listed below with a link to the
 
 <div class="grid cards" markdown>
 
-- ![Tor Browser logo](assets/img/browsers/tor.svg){ .twemoji } [Tor Browser](https://www.torproject.org/)
-- ![Firefox logo](assets/img/browsers/firefox.svg){ .twemoji } [Firefox (Desktop)](https://firefox.com/)
-- ![Brave logo](assets/img/browsers/brave.svg){ .twemoji } [Brave (Desktop)](https://brave.com/)
-- ![Bromite logo](assets/img/browsers/bromite.svg){ .twemoji } [Bromite (Android)](https://www.bromite.org/)
-- ![Safari logo](assets/img/browsers/safari.svg){ .twemoji } [Safari (iOS)](https://www.apple.com/safari/)
+- ![Tor Browser logo](assets/img/browsers/tor.svg){ .twemoji } [Tor Browser](browsers.md#tor-browser)
+- ![Firefox logo](assets/img/browsers/firefox.svg){ .twemoji } [Firefox (Desktop)](browsers.md#firefox)
+- ![Brave logo](assets/img/browsers/brave.svg){ .twemoji } [Brave (Desktop)](browsers.md#brave)
+- ![Bromite logo](assets/img/browsers/bromite.svg){ .twemoji } [Bromite (Android)](browsers.md#bromite)
+- ![Safari logo](assets/img/browsers/safari.svg){ .twemoji } [Safari (iOS)](browsers.md#safari)
 
 </div>
 
@@ -29,17 +29,16 @@ For your convenience, everything we recommend is listed below with a link to the
 
 <div class="grid cards annotate" markdown>
 
-- ![uBlock Origin logo](assets/img/browsers/ublock_origin.svg){ .twemoji } [uBlock Origin](https://github.com/gorhill/uBlock)
-- ![AdGuard logo](assets/img/browsers/adguard.svg){ .twemoji } [AdGuard for Safari](https://adguard.com/en/adguard-safari/overview.html)
-- ![Snowflake logo](assets/img/browsers/snowflake.svg#only-light){ .twemoji }![Snowflake logo](assets/img/browsers/snowflake-dark.svg#only-dark){ .twemoji } [Snowflake](https://snowflake.torproject.org/) (1)
-- ![ToS;DR logo](assets/img/browsers/terms_of_service_didnt_read.svg){ .twemoji } [Terms of Service; Didn't Read](https://tosdr.org/) (2)
+- ![uBlock Origin logo](assets/img/browsers/ublock_origin.svg){ .twemoji } [uBlock Origin](browsers.md#ublock-origin)
+- ![AdGuard logo](assets/img/browsers/adguard.svg){ .twemoji } [AdGuard for Safari](browsers.md#adguard-for-safari)
+- ![Snowflake logo](assets/img/browsers/snowflake.svg#only-light){ .twemoji }![Snowflake logo](assets/img/browsers/snowflake-dark.svg#only-dark){ .twemoji } [Snowflake](browsers.md#snowflake) (1)
+- ![ToS;DR logo](assets/img/browsers/terms_of_service_didnt_read.svg){ .twemoji } [Terms of Service; Didn't Read](browsers.md#terms-of-service-didnt-read) (2)
 
 </div>
 
-1. Snowflake does not increase privacy, however it allows you to easily contribute to the Tor network and help people in censored networks achieve better privacy. [Learn more :material-arrow-right:](browsers.md#snowflake)
+1. Snowflake does not increase privacy, however it allows you to easily contribute to the Tor network and help people in censored networks achieve better privacy.
 2. We do not recommend installing ToS;DR as a browser extension. The same information is provided on their website.
 
-
 [Learn more :material-arrow-right:](browsers.md#additional-resources)
 
 ## Operating Systems
@@ -48,9 +47,9 @@ For your convenience, everything we recommend is listed below with a link to the
 
 <div class="grid cards" markdown>
 
-- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji } [GrapheneOS](https://grapheneos.org/)
-- ![CalyxOS logo](assets/img/android/calyxos.svg){ .twemoji } [CalyxOS](https://calyxos.org/)
-- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji } [DivestOS](https://divestos.org/)
+- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji } [GrapheneOS](android.md#grapheneos)
+- ![CalyxOS logo](assets/img/android/calyxos.svg){ .twemoji } [CalyxOS](android.md#calyxos)
+- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji } [DivestOS](android.md#divestos)
 
 </div>
 
@@ -60,13 +59,13 @@ For your convenience, everything we recommend is listed below with a link to the
 
 <div class="grid cards" markdown>
 
-- ![Neo Store logo](assets/img/android/neo-store.png){ .twemoji } [Neo Store (F-Droid Client)](https://github.com/NeoApplications/Neo-Store)
-- ![Orbot logo](assets/img/android/orbot.svg){ .twemoji } [Orbot (Tor Proxy)](https://orbot.app/)
-- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](https://gitea.angry.im/PeterCxy/Shelter)
-- ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](https://attestation.app/)
-- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](https://github.com/GrapheneOS/Camera)
-- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji } [Secure PDF Viewer](https://github.com/GrapheneOS/PdfViewer)
-- ![PrivacyBlur logo](assets/img/android/privacyblur.svg){ .twemoji } [PrivacyBlur](https://privacyblur.app/)
+- ![Neo Store logo](assets/img/android/neo-store.png){ .twemoji } [Neo Store (F-Droid Client)](android.md#neo-store)
+- ![Orbot logo](assets/img/android/orbot.svg){ .twemoji } [Orbot (Tor Proxy)](android.md#orbot)
+- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter)
+- ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor)
+- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera)
+- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji } [Secure PDF Viewer](android.md#secure-pdf-viewer)
+- ![PrivacyBlur logo](assets/img/android/privacyblur.svg){ .twemoji } [PrivacyBlur](android.md#privacyblur)
 
 </div>
 
@@ -76,14 +75,14 @@ For your convenience, everything we recommend is listed below with a link to the
 
 <div class="grid cards annotate" markdown>
 
-- ![Fedora logo](assets/img/linux-desktop/fedora-workstation.svg){ .twemoji } [Fedora Workstation](https://getfedora.org/)
-- ![openSUSE Tumbleweed logo](assets/img/linux-desktop/opensuse-tumbleweed.svg){ .twemoji } [OpenSUSE Tumbleweed](https://get.opensuse.org/tumbleweed/)
-- ![Arch logo](assets/img/linux-desktop/archlinux.svg){ .twemoji } [Arch Linux](https://archlinux.org/)
-- ![Fedora Silverblue logo](assets/img/linux-desktop/fedora-silverblue.svg){ .twemoji } [Fedora Silverblue & Kinoite](https://silverblue.fedoraproject.org/)
-- ![nixOS logo](assets/img/linux-desktop/nixos.svg){ .twemoji } [NixOS](https://nixos.org/)
-- ![Whonix logo](assets/img/linux-desktop/whonix.svg){ .twemoji } [Whonix (Tor)](https://www.whonix.org/)
-- ![Tails logo](assets/img/linux-desktop/tails.svg){ .twemoji } [Tails (Live Boot)](https://tails.boum.org/)
-- ![Qubes OS logo](assets/img/qubes/qubes_os.svg){ .twemoji } [Qubes OS (Xen VM Distribution)](https://www.qubes-os.org/) (1)
+- ![Fedora logo](assets/img/linux-desktop/fedora-workstation.svg){ .twemoji } [Fedora Workstation](linux-desktop.md#fedora-workstation)
+- ![openSUSE Tumbleweed logo](assets/img/linux-desktop/opensuse-tumbleweed.svg){ .twemoji } [OpenSUSE Tumbleweed](linux-desktop.md#opensuse-tumbleweed)
+- ![Arch logo](assets/img/linux-desktop/archlinux.svg){ .twemoji } [Arch Linux](linux-desktop.md#arch-linux)
+- ![Fedora Silverblue logo](assets/img/linux-desktop/fedora-silverblue.svg){ .twemoji } [Fedora Silverblue & Kinoite](linux-desktop.md#fedora-silverblue)
+- ![nixOS logo](assets/img/linux-desktop/nixos.svg){ .twemoji } [NixOS](linux-desktop.md#nixos)
+- ![Whonix logo](assets/img/linux-desktop/whonix.svg){ .twemoji } [Whonix (Tor)](linux-desktop.md#whonix)
+- ![Tails logo](assets/img/linux-desktop/tails.svg){ .twemoji } [Tails (Live Boot)](linux-desktop.md#tails)
+- ![Qubes OS logo](assets/img/qubes/qubes_os.svg){ .twemoji } [Qubes OS (Xen VM Distribution)](qubes.md) (1)
 
 </div>
 
@@ -95,8 +94,8 @@ For your convenience, everything we recommend is listed below with a link to the
 
 <div class="grid cards" markdown>
 
-- ![OpenWrt logo](assets/img/router/openwrt.svg#only-light){ .twemoji }![OpenWrt logo](assets/img/router/openwrt-dark.svg#only-dark){ .twemoji } [OpenWrt](https://openwrt.org/)
-- ![pfSense logo](assets/img/router/pfsense.svg#only-light){ .twemoji }![pfSense logo](assets/img/router/pfsense-dark.svg#only-dark){ .twemoji } [pfSense](https://www.pfsense.org/)
+- ![OpenWrt logo](assets/img/router/openwrt.svg#only-light){ .twemoji }![OpenWrt logo](assets/img/router/openwrt-dark.svg#only-dark){ .twemoji } [OpenWrt](router.md#openwrt)
+- ![pfSense logo](assets/img/router/pfsense.svg#only-light){ .twemoji }![pfSense logo](assets/img/router/pfsense-dark.svg#only-dark){ .twemoji } [pfSense](router.md#pfsense)
 
 </div>
 
@@ -108,10 +107,10 @@ For your convenience, everything we recommend is listed below with a link to the
 
 <div class="grid cards" markdown>
 
-- ![Nextcloud logo](assets/img/cloud/nextcloud.svg){ .twemoji } [Nextcloud (Self-Hostable)](https://nextcloud.com/)
-- ![Proton Drive logo](assets/img/cloud/protondrive.svg){ .twemoji } [Proton Drive](https://drive.protonmail.com/)
-- ![Cryptee logo](assets/img/cloud/cryptee.svg#only-light){ .twemoji }![Cryptee logo](assets/img/cloud/cryptee-dark.svg#only-dark){ .twemoji } [Cryptee](https://crypt.ee/)
-- ![Tahoe-LAFS logo](assets/img/cloud/tahoe-lafs.svg#only-light){ .twemoji }![Tahoe-LAFS logo](assets/img/cloud/tahoe-lafs-dark.svg#only-dark){ .twemoji } [Tahoe-LAFS (Advanced)](https://www.tahoe-lafs.org/)
+- ![Nextcloud logo](assets/img/cloud/nextcloud.svg){ .twemoji } [Nextcloud (Self-Hostable)](cloud.md#nextcloud)
+- ![Proton Drive logo](assets/img/cloud/mini/protondrive.svg){ .twemoji } [Proton Drive](cloud.md#proton-drive)
+- ![Cryptee logo](assets/img/cloud/cryptee.svg#only-light){ .twemoji }![Cryptee logo](assets/img/cloud/cryptee-dark.svg#only-dark){ .twemoji } [Cryptee](cloud.md#cryptee)
+- ![Tahoe-LAFS logo](assets/img/cloud/tahoe-lafs.svg#only-light){ .twemoji }![Tahoe-LAFS logo](assets/img/cloud/tahoe-lafs-dark.svg#only-dark){ .twemoji } [Tahoe-LAFS (Advanced)](cloud.md#tahoe-lafs)
 
 </div>
 
@@ -119,19 +118,42 @@ For your convenience, everything we recommend is listed below with a link to the
 
 ### DNS
 
+**DNS Providers:**
+
 We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers based on a variety of criteria, such as [Mullvad](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) and [Quad9](https://quad9.net/) amongst others. We recommend for you to read our pages on DNS before choosing a provider. In many cases, using an alternative DNS provider is not recommended.
-<br>
-<br>
+
 [Learn more :material-arrow-right:](dns.md)
 
+**Encrypted DNS Proxies:**
+
+<div class="grid cards" markdown>
+
+- ![RethinkDNS logo](assets/img/android/rethinkdns.svg#only-light){ .twemoji }![RethinkDNS logo](assets/img/android/rethinkdns-dark.svg#only-dark){ .twemoji } [RethinkDNS](dns.md#rethinkdns)
+- ![DNSCloak logo](assets/img/ios/dnscloak.png){ .twemoji } [DNSCloak](dns.md#dnscloak)
+- ![dnscrypt-proxy logo](assets/img/dns/dnscrypt-proxy.svg){ .twemoji } [dnscrypt-proxy](dns.md#dnscrypt-proxy)
+
+</div>
+
+[Learn more :material-arrow-right:](dns.md#encrypted-dns-proxies)
+
+**Self-hosted Solutions:**
+
+<div class="grid cards" markdown>
+
+- ![Pi-hole logo](assets/img/dns/pi-hole.svg){ .twemoji } [Pi-hole](dns.md#pi-hole)
+
+</div>
+
+[Learn more :material-arrow-right:](dns.md#self-hosted-solutions)
+
 ### Email
 
 <div class="grid cards" markdown>
 
-- ![ProtonMail logo](assets/img/email/mini/protonmail.svg){ .twemoji } [ProtonMail](https://protonmail.com/)
-- ![Mailbox.org logo](assets/img/email/mini/mailboxorg.svg){ .twemoji } [Mailbox.org](https://mailbox.org/)
-- ![Tutanota logo](assets/img/email/mini/tutanota.svg){ .twemoji } [Tutanota](https://tutanota.com/)
-- ![StartMail logo](assets/img/email/mini/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/mini/startmail-dark.svg#only-dark){ .twemoji } [StartMail](https://startmail.com/)
+- ![Proton Mail logo](assets/img/email/mini/protonmail.svg){ .twemoji } [Proton Mail](email.md#protonmail)
+- ![Mailbox.org logo](assets/img/email/mini/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg)
+- ![Tutanota logo](assets/img/email/mini/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota)
+- ![StartMail logo](assets/img/email/mini/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/mini/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail)
 
 </div>
 
@@ -141,8 +163,8 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 <div class="grid cards" markdown>
 
-- ![SimpleLogin logo](assets/img/email/mini/simplelogin.svg){ .twemoji } [SimpleLogin](https://simplelogin.io/)
-- ![AnonAddy logo](assets/img/email/mini/anonaddy.svg#only-light){ .twemoji }![AnonAddy logo](assets/img/email/mini/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](https://anonaddy.com/)
+- ![SimpleLogin logo](assets/img/email/mini/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin)
+- ![AnonAddy logo](assets/img/email/mini/anonaddy.svg#only-light){ .twemoji }![AnonAddy logo](assets/img/email/mini/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy)
 
 </div>
 
@@ -152,8 +174,8 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 <div class="grid cards" markdown>
 
-- ![Mail-in-a-Box logo](assets/img/email/mail-in-a-box.svg){ .twemoji } [Mail-in-a-Box](https://mailinabox.email/)
-- ![mailcow logo](assets/img/email/mailcow.svg){ .twemoji } [mailcow](https://mailcow.email/)
+- ![Mail-in-a-Box logo](assets/img/email/mail-in-a-box.svg){ .twemoji } [Mail-in-a-Box](email.md#self-hosting-email)
+- ![mailcow logo](assets/img/email/mailcow.svg){ .twemoji } [mailcow](email.md#self-hosting-email)
 
 </div>
 
@@ -163,10 +185,10 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 <div class="grid cards" markdown>
 
-- ![DuckDuckGo logo](assets/img/search-engines/mini/duckduckgo.svg){ .twemoji } [DuckDuckGo](https://duckduckgo.com/)
-- ![Startpage logo](assets/img/search-engines/mini/startpage.svg#only-light){ .twemoji }![Startpage logo](assets/img/search-engines/mini/startpage-dark.svg#only-dark){ .twemoji } [Startpage](https://www.startpage.com/)
-- ![Mojeek logo](assets/img/search-engines/mini/mojeek.svg){ .twemoji } [Mojeek](https://www.mojeek.com/)
-- ![SearXNG logo](assets/img/search-engines/mini/searxng-wordmark.svg){ .twemoji } [SearXNG](https://searxng.org)
+- ![DuckDuckGo logo](assets/img/search-engines/mini/duckduckgo.svg){ .twemoji } [DuckDuckGo](search-engines.md#duckduckgo)
+- ![Startpage logo](assets/img/search-engines/mini/startpage.svg#only-light){ .twemoji }![Startpage logo](assets/img/search-engines/mini/startpage-dark.svg#only-dark){ .twemoji } [Startpage](search-engines.md#startpage)
+- ![Brave Search logo](assets/img/search-engines/brave-search.svg){ .twemoji } [Brave Search](search-engines.md#brave-search)
+- ![SearXNG logo](assets/img/search-engines/mini/searxng-wordmark.svg){ .twemoji } [SearXNG](search-engines.md#searxng)
 
 </div>
 
@@ -186,9 +208,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 <div class="grid cards" markdown>
 
-- ![Mullvad logo](assets/img/vpn/mini/mullvad.svg){ .twemoji } [Mullvad](https://mullvad.net/)
-- ![ProtonVPN logo](assets/img/vpn/mini/protonvpn.svg){ .twemoji } [ProtonVPN](https://protonvpn.com/)
-- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](https://www.ivpn.net/)
+- ![Mullvad logo](assets/img/vpn/mini/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad)
+- ![Proton VPN logo](assets/img/vpn/mini/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#protonvpn)
+- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn)
 
 </div>
 
@@ -200,11 +222,11 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 <div class="grid cards" markdown>
 
-- ![Tutanota logo](assets/img/calendar-contacts/tutanota.svg){ .twemoji } [Tutanota (SaaS)](https://tutanota.com/calendar)
-- ![Proton Calendar logo](assets/img/calendar-contacts/proton-calendar.svg){ .twemoji } [Proton Calendar (SaaS)](https://calendar.protonmail.com/)
-- ![EteSync logo](assets/img/calendar-contacts/etesync.svg){ .twemoji } [EteSync](https://www.etesync.com/)
-- ![Tutanota logo](assets/img/calendar-contacts/nextcloud.svg){ .twemoji } [Nextcloud](https://nextcloud.com/)
-- ![DecSync CC logo](assets/img/calendar-contacts/decsync.svg){ .twemoji } [DecSync CC](https://github.com/39aldo39/DecSync)
+- ![Tutanota logo](assets/img/calendar-contacts/tutanota.svg){ .twemoji } [Tutanota (SaaS)](calendar-contacts.md#tutanota)
+- ![Proton Calendar logo](assets/img/calendar-contacts/mini/proton-calendar.svg){ .twemoji } [Proton Calendar (SaaS)](calendar-contacts.md#proton-calendar)
+- ![EteSync logo](assets/img/calendar-contacts/etesync.svg){ .twemoji } [EteSync](calendar-contacts.md#etesync)
+- ![Tutanota logo](assets/img/calendar-contacts/nextcloud.svg){ .twemoji } [Nextcloud](calendar-contacts.md#nextcloud)
+- ![DecSync CC logo](assets/img/calendar-contacts/decsync.svg){ .twemoji } [DecSync CC](calendar-contacts.md#decsync-cc)
 
 </div>
 
@@ -214,10 +236,10 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 <div class="grid cards" markdown>
 
-- ![Joplin logo](assets/img/notebooks/joplin.svg){ .twemoji } [Joplin](https://joplinapp.org/)
-- ![Standard Notes logo](assets/img/notebooks/standard-notes.svg){ .twemoji } [Standard Notes](https://standardnotes.org/)
-- ![EteSync Notes logo](assets/img/notebooks/etesync-notes.png){ .twemoji } [EteSync Notes](https://www.etesync.com/)
-- ![Org-mode logo](assets/img/notebooks/org-mode.svg){ .twemoji } [Org-mode](https://orgmode.org/)
+- ![Joplin logo](assets/img/notebooks/joplin.svg){ .twemoji } [Joplin](notebooks.md#joplin)
+- ![Standard Notes logo](assets/img/notebooks/standard-notes.svg){ .twemoji } [Standard Notes](notebooks.md#standard-notes)
+- ![EteSync Notes logo](assets/img/notebooks/etesync-notes.png){ .twemoji } [EteSync Notes](notebooks.md#etesync-notes)
+- ![Org-mode logo](assets/img/notebooks/org-mode.svg){ .twemoji } [Org-mode](notebooks.md#org-mode)
 
 </div>
 
@@ -227,14 +249,14 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 <div class="grid cards" markdown>
 
-- ![Thunderbird logo](assets/img/email-clients/thunderbird.svg){ .twemoji } [Thunderbird](https://www.thunderbird.net/)
-- ![Apple Mail logo](assets/img/email-clients/applemail.png){ .twemoji } [Apple Mail](https://support.apple.com/guide/mail/welcome/mac)
-- ![GNOME Evolution logo](assets/img/email-clients/evolution.svg){ .twemoji } [GNOME Evolution (Linux)](https://wiki.gnome.org/Apps/Evolution)
-- ![Kontact logo](assets/img/email-clients/kontact.svg){ .twemoji } [Kontact (Linux)](https://kontact.kde.org/)
-- ![Mailvelope logo](assets/img/email-clients/mailvelope.svg){ .twemoji } [Mailvelope (PGP in standard webmail)](https://www.mailvelope.com/)
-- ![K-9 Mail logo](assets/img/email-clients/k9mail.svg){ .twemoji } [K-9 Mail (Android)](https://k9mail.app/)
-- ![Canary Mail logo](assets/img/email-clients/canarymail.svg){ .twemoji } [Canary Mail (iOS)](https://canarymail.io/)
-- ![NeoMutt logo](assets/img/email-clients/mutt.svg){ .twemoji } [NeoMutt (CLI)](https://neomutt.org/)
+- ![Thunderbird logo](assets/img/email-clients/thunderbird.svg){ .twemoji } [Thunderbird](email-clients.md#thunderbird)
+- ![Apple Mail logo](assets/img/email-clients/applemail.png){ .twemoji } [Apple Mail (macOS)](email-clients.md#apple-mail)
+- ![GNOME Evolution logo](assets/img/email-clients/evolution.svg){ .twemoji } [GNOME Evolution (Linux)](email-clients.md#gnome-evolution)
+- ![Kontact logo](assets/img/email-clients/kontact.svg){ .twemoji } [Kontact (Linux)](email-clients.md#kontact)
+- ![Mailvelope logo](assets/img/email-clients/mailvelope.svg){ .twemoji } [Mailvelope (PGP in standard webmail)](email-clients.md#mailvelope)
+- ![K-9 Mail logo](assets/img/email-clients/k9mail.svg){ .twemoji } [K-9 Mail (Android)](email-clients.md#k-9-mail)
+- ![Canary Mail logo](assets/img/email-clients/canarymail.svg){ .twemoji } [Canary Mail (iOS)](email-clients.md#canary-mail)
+- ![NeoMutt logo](assets/img/email-clients/mutt.svg){ .twemoji } [NeoMutt (CLI)](email-clients.md#neomutt)
 
 </div>
 
@@ -250,39 +272,39 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 <div class="grid cards" markdown>
 
-- ![VeraCrypt logo](assets/img/encryption-software/veracrypt.svg#only-light){ .twemoji }![VeraCrypt logo](assets/img/encryption-software/veracrypt-dark.svg#only-dark){ .twemoji } [VeraCrypt (FDE)](https://veracrypt.fr/)
-- ![Cryptomator logo](assets/img/encryption-software/cryptomator.svg){ .twemoji } [Cryptomator](https://cryptomator.org/)
-- ![Picocrypt logo](assets/img/encryption-software/picocrypt.svg){ .twemoji } [Picocrypt](https://evansu.cc/picocrypt)
-- ![Hat.sh logo](assets/img/encryption-software/hat-sh.png#only-light){ .twemoji }![Hat.sh logo](assets/img/encryption-software/hat-sh-dark.png#only-dark){ .twemoji } [Hat.sh (Browser-based)](https://hat.sh/)
-- ![Kryptor logo](assets/img/encryption-software/kryptor.png){ .twemoji } [Kryptor](https://www.kryptor.co.uk/)
-- ![Tomb logo](assets/img/encryption-software/tomb.png){ .twemoji } [Tomb](https://www.dyne.org/software/tomb)
-
-</div>
-
-[Learn more :material-arrow-right:](encryption.md#openpgp)
-
-**OpenPGP Clients:**
-
-<div class="grid cards" markdown>
-
-- ![GnuPG logo](assets/img/encryption-software/gnupg.svg){ .twemoji } [GnuPG](https://gnupg.org)
-- ![GPG4Win logo](assets/img/encryption-software/gpg4win.svg){ .twemoji } [GPG4Win (Windows)](https://gpg4win.org)
-- ![GPG Suite logo](assets/img/encryption-software/gpgsuite.png){ .twemoji } [GPG Suite (macOS)](https://gpgtools.org)
-- ![OpenKeychain logo](assets/img/encryption-software/openkeychain.svg){ .twemoji } [OpenKeychain](https://www.openkeychain.org/)
+- ![VeraCrypt logo](assets/img/encryption-software/veracrypt.svg#only-light){ .twemoji }![VeraCrypt logo](assets/img/encryption-software/veracrypt-dark.svg#only-dark){ .twemoji } [VeraCrypt (FDE)](encryption.md#veracrypt)
+- ![Cryptomator logo](assets/img/encryption-software/cryptomator.svg){ .twemoji } [Cryptomator](encryption.md#cryptomator)
+- ![Picocrypt logo](assets/img/encryption-software/picocrypt.svg){ .twemoji } [Picocrypt](encryption.md#picocrypt)
+- ![Hat.sh logo](assets/img/encryption-software/hat-sh.png#only-light){ .twemoji }![Hat.sh logo](assets/img/encryption-software/hat-sh-dark.png#only-dark){ .twemoji } [Hat.sh (Browser-based)](encryption.md#hatsh)
+- ![Kryptor logo](assets/img/encryption-software/kryptor.png){ .twemoji } [Kryptor](encryption.md#kryptor)
+- ![Tomb logo](assets/img/encryption-software/tomb.png){ .twemoji } [Tomb](encryption.md#tomb)
 
 </div>
 
 [Learn more :material-arrow-right:](encryption.md)
 
+**OpenPGP Clients:**
+
+<div class="grid cards" markdown>
+
+- ![GnuPG logo](assets/img/encryption-software/gnupg.svg){ .twemoji } [GnuPG](encryption.md#gnu-privacy-guard)
+- ![GPG4Win logo](assets/img/encryption-software/gpg4win.svg){ .twemoji } [GPG4Win (Windows)](encryption.md#gpg4win)
+- ![GPG Suite logo](assets/img/encryption-software/gpgsuite.png){ .twemoji } [GPG Suite (macOS)](encryption.md#gpg-suite)
+- ![OpenKeychain logo](assets/img/encryption-software/openkeychain.svg){ .twemoji } [OpenKeychain](encryption.md#openkeychain)
+
+</div>
+
+[Learn more :material-arrow-right:](encryption.md#openpgp)
+
 ### File Sharing
 
 <div class="grid cards" markdown>
 
-- ![OnionShare logo](assets/img/file-sharing-sync/onionshare.svg){ .twemoji } [OnionShare](https://onionshare.org/)
-- ![Magic Wormhole logo](assets/img/file-sharing-sync/magic_wormhole.png){ .twemoji } [Magic Wormhole](https://magic-wormhole.readthedocs.io/)
-- ![FreedomBox logo](assets/img/file-sharing-sync/freedombox.svg){ .twemoji } [FreedomBox](https://freedombox.org/)
-- ![Syncthing logo](assets/img/file-sharing-sync/syncthing.svg){ .twemoji } [Syncthing](https://syncthing.net/)
-- ![git-annex logo](assets/img/file-sharing-sync/gitannex.svg){ .twemoji } [git-annex](https://git-annex.branchable.com/)
+- ![OnionShare logo](assets/img/file-sharing-sync/onionshare.svg){ .twemoji } [OnionShare](file-sharing.md#onionshare)
+- ![Magic Wormhole logo](assets/img/file-sharing-sync/magic_wormhole.png){ .twemoji } [Magic Wormhole](file-sharing.md#magic-wormhole)
+- ![FreedomBox logo](assets/img/file-sharing-sync/freedombox.svg){ .twemoji } [FreedomBox](file-sharing.md#freedombox)
+- ![Syncthing logo](assets/img/file-sharing-sync/syncthing.svg){ .twemoji } [Syncthing](file-sharing.md#syncthing)
+- ![git-annex logo](assets/img/file-sharing-sync/gitannex.svg){ .twemoji } [git-annex](file-sharing.md#git-annex)
 
 </div>
 
@@ -292,12 +314,12 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 <div class="grid cards" markdown>
 
-- ![MAT2 logo](assets/img/metadata-removal/mat2.svg){ .twemoji } [MAT2](https://0xacab.org/jvoisin/mat2)
-- ![ExifCleaner logo](assets/img/metadata-removal/exifcleaner.svg){ .twemoji } [ExifCleaner](https://exifcleaner.com/)
-- ![Scrambled Exif logo](assets/img/metadata-removal/scrambled-exif.svg){ .twemoji } [Scrambled Exif (Android)](https://gitlab.com/juanitobananas/scrambled-exif)
-- ![Imagepipe logo](assets/img/metadata-removal/imagepipe.svg){ .twemoji } [Imagepipe (Android)](https://codeberg.org/Starfish/Imagepipe)
-- ![Metapho logo](assets/img/metadata-removal/metapho.jpg){ .twemoji } [Metapho (iOS)](https://zininworks.com/metapho)
-- ![ExifTool logo](assets/img/metadata-removal/exiftool.png){ .twemoji } [ExifTool (CLI)](https://exiftool.org/)
+- ![MAT2 logo](assets/img/metadata-removal/mat2.svg){ .twemoji } [MAT2](metadata-removal-tools.md#mat2)
+- ![ExifCleaner logo](assets/img/metadata-removal/exifcleaner.svg){ .twemoji } [ExifCleaner](metadata-removal-tools.md#exifcleaner)
+- ![Scrambled Exif logo](assets/img/metadata-removal/scrambled-exif.svg){ .twemoji } [Scrambled Exif (Android)](metadata-removal-tools.md#scrambled-exif)
+- ![Imagepipe logo](assets/img/metadata-removal/imagepipe.svg){ .twemoji } [Imagepipe (Android)](metadata-removal-tools.md#imagepipe)
+- ![Metapho logo](assets/img/metadata-removal/metapho.jpg){ .twemoji } [Metapho (iOS)](metadata-removal-tools.md#metapho)
+- ![ExifTool logo](assets/img/metadata-removal/exiftool.png){ .twemoji } [ExifTool (CLI)](metadata-removal-tools.md#exiftool)
 
 </div>
 
@@ -307,10 +329,10 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 <div class="grid cards" markdown>
 
-- ![YubiKeys](assets/img/multi-factor-authentication/mini/yubico.svg){ .twemoji } [YubiKey](https://www.yubico.com/)
-- ![Nitrokey](assets/img/multi-factor-authentication/mini/nitrokey.svg){ .twemoji } [Nitrokey](https://www.nitrokey.com/)
-- ![Aegis logo](assets/img/multi-factor-authentication/aegis.png){ .twemoji } [Aegis Authenticator](https://getaegis.app/)
-- ![Raivo OTP logo](assets/img/multi-factor-authentication/raivo-otp.png){ .twemoji } [Raivo OTP](https://github.com/raivo-otp/ios-application)
+- ![YubiKeys](assets/img/multi-factor-authentication/mini/yubico.svg){ .twemoji } [YubiKey](multi-factor-authentication.md#yubikey)
+- ![Nitrokey](assets/img/multi-factor-authentication/mini/nitrokey.svg){ .twemoji } [Nitrokey](multi-factor-authentication.md#nitrokey-librem-key)
+- ![Aegis logo](assets/img/multi-factor-authentication/aegis.png){ .twemoji } [Aegis Authenticator](multi-factor-authentication.md#aegis-authenticator)
+- ![Raivo OTP logo](assets/img/multi-factor-authentication/raivo-otp.png){ .twemoji } [Raivo OTP](multi-factor-authentication.md#raivo-otp)
 
 </div>
 
@@ -320,12 +342,12 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 <div class="grid cards" markdown>
 
-- ![KeePassXC logo](assets/img/password-management/keepassxc.svg){ .twemoji } [KeePassXC](https://keepassxc.org/)
-- ![KeePassDX logo](assets/img/password-management/keepassdx.svg){ .twemoji } [KeePassDX (Android)](https://www.keepassdx.com/)
-- ![Bitwarden logo](assets/img/password-management/bitwarden.svg){ .twemoji } [Bitwarden](https://bitwarden.com/)
-- ![Psono logo](assets/img/password-management/psono.svg){ .twemoji } [Psono](https://psono.com/)
-- ![gopass logo](assets/img/password-management/gopass.svg){ .twemoji } [gopass](https://www.gopass.pw/)
-- ![Vaultwarden logo](assets/img/password-management/vaultwarden.svg#only-light){ .twemoji }![Vaultwarden logo](assets/img/password-management/vaultwarden-dark.svg#only-dark){ .twemoji } [Vaultwarden (Bitwarden Server)](https://github.com/dani-garcia/vaultwarden)
+- ![KeePassXC logo](assets/img/password-management/keepassxc.svg){ .twemoji } [KeePassXC](passwords.md#keepassxc)
+- ![KeePassDX logo](assets/img/password-management/keepassdx.svg){ .twemoji } [KeePassDX (Android)](passwords.md#keepassdx)
+- ![Bitwarden logo](assets/img/password-management/bitwarden.svg){ .twemoji } [Bitwarden](passwords.md#bitwarden)
+- ![Psono logo](assets/img/password-management/psono.svg){ .twemoji } [Psono](passwords.md#psono)
+- ![gopass logo](assets/img/password-management/gopass.svg){ .twemoji } [gopass](passwords.md#gopass)
+- ![Vaultwarden logo](assets/img/password-management/vaultwarden.svg#only-light){ .twemoji }![Vaultwarden logo](assets/img/password-management/vaultwarden-dark.svg#only-dark){ .twemoji } [Vaultwarden (Bitwarden Server)](passwords.md#vaultwarden)
 
 </div>
 
@@ -335,13 +357,13 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 <div class="grid cards" markdown>
 
-- ![LibreOffice logo](assets/img/productivity/libreoffice.svg){ .twemoji } [LibreOffice](https://www.libreoffice.org/)
-- ![OnlyOffice logo](assets/img/productivity/onlyoffice.svg){ .twemoji } [OnlyOffice](https://www.onlyoffice.com/)
-- ![Framadate logo](assets/img/productivity/framadate.svg){ .twemoji } [Framadate (Appointment Planning)](https://framadate.org/)
-- ![PrivateBin logo](assets/img/productivity/privatebin.svg){ .twemoji } [PrivateBin (Pastebin)](https://privatebin.info/)
-- ![CryptPad logo](assets/img/productivity/cryptpad.svg){ .twemoji } [CryptPad](https://cryptpad.fr/)
-- ![Write.as logo](assets/img/productivity/writeas.svg#only-light){ .twemoji }![Write.as logo](assets/img/productivity/writeas-dark.svg#only-dark){ .twemoji } [Write.as (Blogging Platform)](https://write.as/)
-- ![VSCodium logo](assets/img/productivity/vscodium.svg){ .twemoji } [VSCodium (Source-Code Editor)](https://vscodium.com/)
+- ![LibreOffice logo](assets/img/productivity/libreoffice.svg){ .twemoji } [LibreOffice](productivity.md#libreoffice)
+- ![OnlyOffice logo](assets/img/productivity/onlyoffice.svg){ .twemoji } [OnlyOffice](productivity.md#onlyoffice)
+- ![Framadate logo](assets/img/productivity/framadate.svg){ .twemoji } [Framadate (Appointment Planning)](productivity.md#framadate)
+- ![PrivateBin logo](assets/img/productivity/privatebin.svg){ .twemoji } [PrivateBin (Pastebin)](productivity.md#privatebin)
+- ![CryptPad logo](assets/img/productivity/cryptpad.svg){ .twemoji } [CryptPad](productivity.md#cryptpad)
+- ![Write.as logo](assets/img/productivity/writeas.svg#only-light){ .twemoji }![Write.as logo](assets/img/productivity/writeas-dark.svg#only-dark){ .twemoji } [Write.as (Blogging Platform)](productivity.md#writeas)
+- ![VSCodium logo](assets/img/productivity/vscodium.svg){ .twemoji } [VSCodium (Source-Code Editor)](productivity.md#vscodium)
 
 </div>
 
@@ -351,10 +373,10 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 <div class="grid cards" markdown>
 
-- ![Signal logo](assets/img/messengers/signal.svg){ .twemoji } [Signal](https://signal.org/)
-- ![Element logo](assets/img/messengers/element.svg){ .twemoji } [Element](https://element.io/)
-- ![Briar logo](assets/img/messengers/briar.svg){ .twemoji } [Briar (Android)](https://briarproject.org/)
-- ![Session logo](assets/img/messengers/session.svg){ .twemoji } [Session](https://getsession.org/)
+- ![Signal logo](assets/img/messengers/signal.svg){ .twemoji } [Signal](real-time-communication.md#signal)
+- ![Element logo](assets/img/messengers/element.svg){ .twemoji } [Element](real-time-communication.md#element)
+- ![Briar logo](assets/img/messengers/briar.svg){ .twemoji } [Briar (Android)](real-time-communication.md#briar)
+- ![Session logo](assets/img/messengers/session.svg){ .twemoji } [Session](real-time-communication.md#session)
 
 </div>
 
@@ -364,13 +386,13 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 <div class="grid cards" markdown>
 
-- ![Fluent Reader](assets/img/news-aggregators/fluent-reader.svg){ .twemoji } [Fluent Reader](https://hyliu.me/fluent-reader)
-- ![GNOME Feeds](assets/img/news-aggregators/gfeeds.svg){ .twemoji } [GNOME Feeds](https://gfeeds.gabmus.org)
-- ![Akregator](assets/img/news-aggregators/akregator.svg){ .twemoji } [Akregator](https://apps.kde.org/akregator)
-- ![Handy News Reader](assets/img/news-aggregators/handy-news-reader.svg){ .twemoji } [Handy News Reader](https://github.com/yanus171/Handy-News-Reader)
-- ![NetNewsWire](assets/img/news-aggregators/netnewswire.png){ .twemoji } [NetNewsWire](https://netnewswire.com)
-- ![Miniflux](assets/img/news-aggregators/miniflux.svg#only-light){ .twemoji }![Miniflux logo](assets/img/news-aggregators/miniflux-dark.svg#only-dark){ .twemoji } [Miniflux](https://miniflux.app)
-- ![Newsboat](assets/img/news-aggregators/newsboat.svg){ .twemoji } [Newsboat](https://newsboat.org/)
+- ![Fluent Reader logo](assets/img/news-aggregators/fluent-reader.svg){ .twemoji } [Fluent Reader](news-aggregators.md#fluent-reader)
+- ![GNOME Feeds logo](assets/img/news-aggregators/gfeeds.svg){ .twemoji } [GNOME Feeds](news-aggregators.md#gnome-feeds)
+- ![Akregator logo](assets/img/news-aggregators/akregator.svg){ .twemoji } [Akregator](news-aggregators.md#akregator)
+- ![Feeder logo](assets/img/news-aggregators/feeder.png){ .twemoji} [Feeder](news-aggregators.md#feeder)
+- ![NetNewsWire logo](assets/img/news-aggregators/netnewswire.png){ .twemoji } [NetNewsWire](news-aggregators.md#netnewswire)
+- ![Miniflux logo](assets/img/news-aggregators/miniflux.svg#only-light){ .twemoji }![Miniflux logo](assets/img/news-aggregators/miniflux-dark.svg#only-dark){ .twemoji } [Miniflux](news-aggregators.md#miniflux)
+- ![Newsboat logo](assets/img/news-aggregators/newsboat.svg){ .twemoji } [Newsboat](news-aggregators.md#newsboat)
 
 </div>
 
@@ -380,9 +402,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 <div class="grid cards" markdown>
 
-- ![Tor logo](./assets/img/self-contained-networks/tor.svg){ .twemoji } [Tor](https://www.torproject.org/)
-- ![I2P logo](./assets/img/self-contained-networks/i2p.svg#only-light){ .twemoji } ![I2P logo](./assets/img/self-contained-networks/i2p-dark.svg#only-dark){ .twemoji } [I2P](https://geti2p.net/)
-- ![Freenet logo](./assets/img/self-contained-networks/freenet.svg){ .twemoji } [Freenet](https://freenetproject.org/)
+- ![Tor logo](./assets/img/self-contained-networks/tor.svg){ .twemoji } [Tor](self-contained-networks.md#tor)
+- ![I2P logo](./assets/img/self-contained-networks/i2p.svg#only-light){ .twemoji } ![I2P logo](./assets/img/self-contained-networks/i2p-dark.svg#only-dark){ .twemoji } [I2P](self-contained-networks.md#invisible-internet-project)
+- ![Freenet logo](./assets/img/self-contained-networks/freenet.svg){ .twemoji } [Freenet](self-contained-networks.md#the-freenet-project)
 
 </div>
 
@@ -392,12 +414,13 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 <div class="grid cards" markdown>
 
-- ![FreeTube logo](assets/img/video-streaming/freetube.svg){ .twemoji } [FreeTube (YouTube, Desktop)](https://freetubeapp.io/)
-- ![LBRY logo](assets/img/video-streaming/lbry.svg){ .twemoji } [LBRY](https://lbry.com/)
-- ![NewPipe logo](assets/img//video-streaming/newpipe.svg){ .twemoji } [NewPipe (YouTube, Android)](https://newpipe.net/)
-- ![NewPipe x SponsorBlock logo](assets/img/video-streaming/newpipe.svg){ .twemoji } [NewPipe x Sponsorblock](https://github.com/polymorphicshade/NewPipe)
-- ![Invidious logo](assets/img/video-streaming/invidious.svg#only-light){ .twemoji }![Invidious logo](assets/img/video-streaming/invidious-dark.svg#only-dark){ .twemoji } [Invidious (YouTube, Web)](https://invidious.io/)
-- ![Piped logo](assets/img/video-streaming/piped.svg){ .twemoji } [Piped (YouTube, Web)](https://piped.kavin.rocks/)
+- ![FreeTube logo](assets/img/video-streaming/freetube.svg){ .twemoji } [FreeTube (YouTube, Desktop)](video-streaming.md#freetube)
+- ![LBRY logo](assets/img/video-streaming/lbry.svg){ .twemoji } [LBRY](video-streaming.md#lbry)
+- ![NewPipe logo](assets/img//video-streaming/newpipe.svg){ .twemoji } [NewPipe (YouTube, Android)](video-streaming.md#newpipe)
+- ![NewPipe x SponsorBlock logo](assets/img/video-streaming/newpipe.svg){ .twemoji } [NewPipe x Sponsorblock](video-streaming.md#sponsorblock)
+- ![Invidious logo](assets/img/video-streaming/invidious.svg#only-light){ .twemoji }![Invidious logo](assets/img/video-streaming/invidious-dark.svg#only-dark){ .twemoji } [Invidious (YouTube, Web)](video-streaming.md#invidious)
+- ![Piped logo](assets/img/video-streaming/piped.svg){ .twemoji } [Piped (YouTube, Web)](video-streaming.md#piped)
+- ![Librarian logo](assets/img/video-streaming/librarian.svg#only-light){ .twemoji }![Librarian logo](assets/img/video-streaming/librarian-dark.svg#only-dark){ .twemoji } [Librarian (LBRY, Web)](video-streaming.md#librarian)
 
 </div>
 

docs/video-streaming.en.md

@@ -63,11 +63,11 @@ You can disable *Save hosting data to help the LBRY network* option in :gear: **
 
 ### NewPipe
 
-!!! recommendation
+!!! recommendation annotate
 
     ![Newpipe logo](assets/img//video-streaming/newpipe.svg){ align=right }
 
-    **NewPipe** is a free and open source Android application for [YouTube](https://youtube.com), [SoundCloud](https://soundcloud.com), [media.ccc.de](https://media.ccc.de), [FramaTube](https://framatube.org), and [Bandcamp](https://bandcamp.com).
+    **NewPipe** is a free and open source Android application for [YouTube](https://youtube.com), [SoundCloud](https://soundcloud.com), [media.ccc.de](https://media.ccc.de), [Bandcamp](https://bandcamp.com), and [PeerTube](https://joinpeertube.org/) (1).
 
     Your subscription list and playlists are saved locally on your Android device.
 
@@ -78,10 +78,16 @@ You can disable *Save hosting data to help the LBRY network* option in :gear: **
         - [:fontawesome-brands-android: F-Droid repo](https://newpipe.net/FAQ/tutorials/install-add-fdroid-repo)
         - [:fontawesome-brands-github: Source](https://github.com/TeamNewPipe/NewPipe)
 
+1. The default instance is [FramaTube](https://framatube.org/), however more can be added via **Settings** → **Content** → **PeerTube instances**
+
 !!! note
 
     NewPipe is available on the main [F-Droid](https://www.f-droid.org)'s repository. We recommend that you use NewPipe's own [F-Droid repository](https://newpipe.net/FAQ/tutorials/install-add-fdroid-repo) instead to get faster updates.
 
+!!! Warning
+    
+    When using NewPipe, your IP address will be visible to the video providers used. Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org) if your [threat model](basics/threat-modeling.md) requires hiding your IP address.
+
 #### SponsorBlock
 
 *NewPipe x SponsorBlock* is a fork of [NewPipe](https://newpipe.net) with [SponsorBlock](https://sponsor.ajay.app) integrated to help you skip sponsored video segments.
@@ -101,9 +107,11 @@ This fork is not endorsed by or affiliated with the upstream project. The NewPip
     ![Invidious logo](assets/img/video-streaming/invidious.svg#only-light){ align=right }
     ![Invidious logo](assets/img/video-streaming/invidious-dark.svg#only-dark){ align=right }
 
-    **Invidious** is a free and open source front end for YouTube that is also self-hostable. There are list of [public instances](https://instances.invidious.io). Some instances have [Tor](https://www.torproject.org) onion services support.
+    **Invidious** is a free and open source frontend for YouTube that is also self-hostable.
+    
+    There is a list of [public instances](https://instances.invidious.io), with some instances having [Tor](https://www.torproject.org) onion services support.
 
-    [Website](https://invidious.io){ .md-button .md-button--primary } [Privacy Policy](){ .md-button }
+    [Website](https://invidious.io){ .md-button .md-button--primary }
 
     ??? downloads
 
@@ -112,15 +120,15 @@ This fork is not endorsed by or affiliated with the upstream project. The NewPip
 
 !!! warning
 
-    Invidious does not proxy the video stream through its server by default. Videos watched through Invidious will still make direct connections to Google's servers (googlevideo.com); however, some instances support video proxying. This can be enabled by adding `&local=true` to the URL.
+    Invidious does not proxy video streams by default. Videos watched through Invidious will still make direct connections to Google's servers (e.g. `googlevideo.com`); however, some instances support video proxying—simply enable *Proxy videos* within the instances's settings or add `&local=true` to the URL.
 
 !!! tip
 
-    Invidious is useful if you want to disable JavaScript in your browser, such as [Tor Browser](https://www.torproject.org/) on the Safest security setting. It does not provide privacy by itself and we don’t recommend logging into any accounts.
+    Invidious is useful if you want to disable JavaScript in your browser, such as [Tor Browser](https://www.torproject.org/) on the Safest security level. It does not provide privacy by itself and we don’t recommend logging into any accounts.
 
 When self-hosting, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting Invidious, as other peoples' usage will be linked to your hosting.
 
-When you are using an Invidious instance, be sure to go read the Privacy Policy of that specific instance. Invidious instances can be modified by their owners and therefore may not reflect their associated privacy policy. Some instances have Tor .onion addresses which may grant some privacy as long as your search queries don't contain PII (Personally Identifiable Information).
+When you are using an Invidious instance, make sure to read the privacy policy of that specific instance. Invidious instances can be modified by their owners and therefore may not reflect their associated privacy policy. Some instances have Tor .onion addresses which may grant some privacy as long as your search queries don't contain PII (Personally Identifiable Information).
 
 ### Piped
 
@@ -128,7 +136,7 @@ When you are using an Invidious instance, be sure to go read the Privacy Policy
 
     ![Piped logo](assets/img/video-streaming/piped.svg){ align=right }
 
-    **Piped** is a free and open source front end for YouTube that is also self-hostable. Alternative instances can be selected from "Preferences".
+    **Piped** is a free and open source frontend for YouTube that is also self-hostable. Alternative instances can be selected from "Preferences".
 
     Piped requires JavaScript in order to function.
 
@@ -144,6 +152,35 @@ When you are using an Invidious instance, be sure to go read the Privacy Policy
 
 When self-hosting, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting Piped, as other peoples' usage will be linked to your hosting.
 
-When you are using a Piped instance, be sure to go read the Privacy Policy of that specific instance. Piped instances can be modified by their owners and therefore may not reflect their associated privacy policy.
+When you are using a Piped instance, make sure to read the privacy policy of that specific instance. Piped instances can be modified by their owners and therefore may not reflect their associated privacy policy.
+
+### Librarian
+
+!!! recommendation
+
+    ![Librarian logo](assets/img/video-streaming/librarian.svg#only-light){ align=right }
+    ![Librarian logo](assets/img/video-streaming/librarian-dark.svg#only-dark){ align=right }
+
+    **Librarian** is a free and open source frontend for the LBRY/Odysee video sharing network that is also self-hostable.
+    
+    There are a number of public instances, with some instances having [Tor](https://www.torproject.org) onion services support.
+
+    [Website](https://librarian.codeberg.page/){ .md-button .md-button--primary }
+
+    ??? downloads
+
+        - [:fontawesome-brands-git: Source](https://codeberg.org/librarian/librarian)
+
+!!! warning
+
+    Librarian does not proxy video streams by default. Videos watched through Librarian will still make direct connections to Odysee's servers (e.g. `odycdn.com`); however, some instances may enable proxying which would be detailed in the instance's privacy policy.
+
+!!! tip
+
+    Librarian is useful if you want watch LBRY content on mobile without mandatory telemetry and if you want to disable JavaScript in your browser, as is the case with [Tor Browser](https://www.torproject.org/) on the Safest security level.
+
+When self-hosting, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting Librarian, as other peoples' usage will be linked to your hosting.
+
+When you are using a Librarian instance, make sure to read the privacy policy of that specific instance. Librarian instances can be modified by their owners and therefore may not reflect the default policy. Librarian instances feature a "privacy nutrition label" to provide an overview of their policy. Some instances have Tor .onion addresses which may grant some privacy as long as your search queries don't contain PII (Personally Identifiable Information).
 
 --8<-- "includes/abbreviations.en.md"

docs/vpn.en.md

@@ -25,7 +25,7 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic.
 
 !!! summary "Criteria"
 
-    Our recommended providers are outside the US, use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#our-criteria) for more information.
+    Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#our-criteria) for more information.
 
 ### Mullvad
 
@@ -90,13 +90,13 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic.
 
     Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/en/index.html) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion).
 
-### ProtonVPN
+### Proton VPN
 
 !!! recommendation
 
-    ![ProtonVPN logo](assets/img/vpn/protonvpn.svg){ align=right }
+    ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right }
 
-    **ProtonVPN** is a strong contender in the VPN space, and they have been in operation since 2016. ProtonVPN is based in Switzerland and offers a limited free pricing tier, as well as premium options. They offer a further 14% discount for buying a 2 year subscription.
+    **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free pricing tier, as well as premium options. They offer a further 14% discount for buying a 2 year subscription.
 
     **Free** - **Basic Plan USD $48/year** - **Plus Plan USD $96/year**
 
@@ -104,7 +104,7 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic.
 
 ??? check annotate "63 Countries"
 
-    ProtonVPN has [servers in 63 countries](https://protonvpn.com/vpn-servers) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (less hops) to the destination.
+    Proton VPN has [servers in 63 countries](https://protonvpn.com/vpn-servers) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (less hops) to the destination.
 
     We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).
 
@@ -112,33 +112,33 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic.
 
 ??? check "Independently Audited"
 
-    As of January 2020 ProtonVPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in ProtonVPN's Windows, Android, and iOS applications, all of which were "properly fixed" by ProtonVPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/).
+    As of January 2020 Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/).
 
 ??? check "Open Source Clients"
 
-    ProtonVPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN).
+    Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/Proton VPN).
 
 ??? check "Accepts Cash"
 
-    ProtonVPN, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, and **cash/local currency** as anonymous forms of payment.
+    Proton VPN, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, and **cash/local currency** as anonymous forms of payment.
 
 ??? check "WireGuard Support"
 
-    ProtonVPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that utilizes state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant.
+    Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that utilizes state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant.
 
-    ProtonVPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On ProtonVPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app.
+    Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app.
 
 ??? warning "Remote Port Forwarding"
 
-    ProtonVPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-Peer applications like Torrent clients.
+    Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-Peer applications like Torrent clients.
 
 ??? check "Mobile Clients"
 
-    In addition to providing standard OpenVPN configuration files, ProtonVPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085) and [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US) allowing for easy connections to their servers. The mobile client on Android is also available in [F-Droid](https://f-droid.org/en/packages/ch.protonvpn.android), which ensures that it is compiled with [reproducible builds](https://www.f-droid.org/en/2019/05/05/trust-privacy-and-free-software.html).
+    In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085) and [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US) allowing for easy connections to their servers. The mobile client on Android is also available in [F-Droid](https://f-droid.org/en/packages/ch.protonvpn.android), which ensures that it is compiled with [reproducible builds](https://www.f-droid.org/en/2019/05/05/trust-privacy-and-free-software.html).
 
 ??? info "Additional Functionality"
 
-    ProtonVPN have their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, ProtonVPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose.
+    Proton VPN have their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose.
 
 ### IVPN
 
@@ -188,7 +188,7 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic.
 
 ??? info "Additional Functionality"
 
-    IVPN clients support two factor authentication (Mullvad and ProtonVPN clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
+    IVPN clients support two factor authentication (Mullvad and Proton VPN clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
 
 ## Our Criteria
 
@@ -198,19 +198,6 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic.
 
 **Please note we are not affiliated with any of the providers we recommend. This allows us to provide completely objective recommendations.** We have developed a clear set of requirements for any VPN provider wishing to be recommended, including strong encryption, independent security audits, modern technology, and more. We suggest you familiarize yourself with this list before choosing a VPN provider, and conduct your own research to ensure the VPN provider you choose is as trustworthy as possible.
 
-### Jurisdiction
-
-Operating outside the five/nine/fourteen-eyes countries is not a guarantee of privacy necessarily, and there are other factors to consider. However, we believe that avoiding these countries is important if you wish to avoid mass government dragnet surveillance, especially from the United States.
-
-**Minimum to Qualify:**
-
-- Operating outside the USA or other Five Eyes countries.
-
-**Best Case:**
-
-- Operating outside the USA or other Fourteen Eyes countries.
-- Operating inside a country with strong consumer protection laws.
-
 ### Technology
 
 We require all our recommended VPN providers to provide OpenVPN configuration files to be used in any client. **If** a VPN provides their own custom client, we require a killswitch to block network data leaks when disconnected.
@@ -335,7 +322,7 @@ VPNs cannot provide anonymity. Your VPN provider will still see your real IP add
 
 ### What about VPN providers that provides Tor nodes?
 
-Do not use that feature. The point of using Tor is that you do not trust your VPN provider. Currently Tor only supports the [TCP](https://en.wikipedia.org/wiki/Transmission_Control_Protocol) protocol. [UDP](https://en.wikipedia.org/wiki/User_Datagram_Protocol) (used in [WebRTC](https://en.wikipedia.org/wiki/WebRTC) for voice and video sharing, the new [http3/QUIC](https://en.wikipedia.org/wiki/HTTP/3) protocol, etc), [ICMP](https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol) and other packets will be dropped. To compensate for this, VPN providers typically will route all non TCP packets through their VPN server (your first hop). This is the case with [ProtonVPN](https://protonvpn.com/support/tor-vpn/). Additionally, when using this Tor over VPN setup, you do not have control over other important Tor features such as [Isolated Destination Address](https://www.whonix.org/wiki/Stream_Isolation) (using a different Tor circuit for every domain you visit).
+Do not use that feature. The point of using Tor is that you do not trust your VPN provider. Currently Tor only supports the [TCP](https://en.wikipedia.org/wiki/Transmission_Control_Protocol) protocol. [UDP](https://en.wikipedia.org/wiki/User_Datagram_Protocol) (used in [WebRTC](https://en.wikipedia.org/wiki/WebRTC) for voice and video sharing, the new [http3/QUIC](https://en.wikipedia.org/wiki/HTTP/3) protocol, etc), [ICMP](https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol) and other packets will be dropped. To compensate for this, VPN providers typically will route all non TCP packets through their VPN server (your first hop). This is the case with [Proton VPN](https://protonvpn.com/support/tor-vpn/). Additionally, when using this Tor over VPN setup, you do not have control over other important Tor features such as [Isolated Destination Address](https://www.whonix.org/wiki/Stream_Isolation) (using a different Tor circuit for every domain you visit).
 
 Thus, this feature should be viewed as a convenient way to access the Tor Network, not to stay annonymous. For true anonimity, use the Tor Browser Bundle, TorSocks, or a Tor gateway.
 

includes/abbreviations.en.md

@@ -2,6 +2,7 @@
 *[2FA]: 2-Factor Authentication
 *[ADB]: Android Debug Bridge
 *[AOSP]: Android Open Source Project
+*[ATA]: Advanced Technology Attachment
 *[AVB]: Android Verified Boot
 *[CLI]: Command Line Interface
 *[CSV]: Comma-Separated Values
@@ -22,6 +23,7 @@
 *[GPS]: Global Positioning System
 *[GUI]: Graphical User Interface
 *[GnuPG]: GNU Privacy Guard (PGP implementation)
+*[HDD]: Hard Disk Drive
 *[HOTP]: HMAC (Hash-based Message Authentication Code) based One-Time Password
 *[HTTPS]: Hypertext Transfer Protocol Secure
 *[HTTP]: Hypertext Transfer Protocol
@@ -40,6 +42,8 @@
 *[MAC]: Media Access Control
 *[MEID]: Mobile Equipment Identifier
 *[MFA]: Multi-Factor Authentication
+*[NVMe]: Nonvolatile Memory Express
+*[OCI]: Open Container Initiative
 *[OCSP]: Online Certificate Status Protocol
 *[OEM]: Original Equipment Manufacturer
 *[OEMs]: Original Equipment Manufacturers
@@ -57,6 +61,7 @@
 *[SMS]: Short Message Service (standard text messaging)
 *[SMTP]: Simple Mail Transfer Protocol
 *[SNI]: Server Name Indication
+*[SSD]: Solid-State Drive
 *[SSH]: Secure Shell
 *[SaaS]: Software as a Service (cloud software)
 *[SoC]: System on Chip

mkdocs.yml

@@ -64,13 +64,13 @@ theme:
       scheme: default
       accent: deep purple
       toggle:
-        icon: material/toggle-switch-off-outline
+        icon: octicons/moon-16
         name: Switch to dark mode
     - media: "(prefers-color-scheme: dark)"
       scheme: slate
       accent: deep purple
       toggle:
-        icon: material/toggle-switch
+        icon: octicons/sun-16
         name: Switch to light mode
 watch:
   - theme
@@ -141,9 +141,11 @@ nav:
   - 'Knowledge Base':
     - 'The Basics':
       - 'basics/threat-modeling.md'
-      - 'basics/dns.md'
-      - 'basics/multi-factor-authentication.md'
+      - 'basics/common-threats.md'
       - 'basics/account-deletion.md'
+      - 'basics/multi-factor-authentication.md'
+      - 'basics/dns.md'
+      - 'basics/erasing-data.md'
     - 'Android':
       - 'android/overview.md'
       - 'android/grapheneos-vs-calyxos.md'

theme/overrides/home.en.html

@@ -16,11 +16,11 @@
         <div class="mdx-hero__content">
           <h1>The guide to restoring your online privacy.</h1>
           <p>Massive organizations are monitoring your online activities. Privacy Guides is your central privacy and security resource to protect yourself online.</p>
-          <a href="tools/" title="Recommended privacy tools, services, and knowledge" class="md-button md-button--primary">
-            Recommended Tools
+          <a href="basics/threat-modeling/" title="The first step of your privacy journey" class="md-button md-button--primary">
+            Start Your Privacy Journey
           </a>
-          <a href="https://blog.privacyguides.org/" title="Blog posts from Privacy Guides contributors" class="md-button">
-            Read our blog
+          <a href="tools/" title="Recommended privacy tools, services, and knowledge" class="md-button">
+            Recommended Tools
           </a>
         </div>
       </div>