Open Collective Foundation dissolution (#2417)

Signed-off-by: Daniel Gray <dngray@privacyguides.org>

.editorconfig

@@ -0,0 +1,33 @@
+# Copyright (c) 2024 Jonah Aragon <jonah@triplebit.net>
+
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+# IN THE SOFTWARE.
+
+# EditorConfig is awesome: https://EditorConfig.org
+
+# top-most EditorConfig file
+root = true
+
+# Unix-style newlines with a newline ending every file
+[*]
+charset = utf-8
+indent_style = space
+indent_size = 2
+end_of_line = lf
+insert_final_newline = true
+trim_trailing_whitespace = true

.github/workflows/crowdin-upload.yml

@@ -39,7 +39,7 @@ jobs:
       uses: actions/checkout@v4
 
     - name: crowdin action
-      uses: crowdin/github-action@v1.18.0
+      uses: crowdin/github-action@v1.19.0
       with:
         upload_sources: true
         upload_sources_args: '--auto-update --delete-obsolete'

.gitignore

@@ -18,6 +18,11 @@ site
 /.cache/plugin/social/fonts/*
 !/.cache/plugin/social/fonts/Bagnard
 
+# Editor settings
+.vscode/*
+!.vscode/extensions.json
+!.vscode/settings.json
+
 # Local Netlify folder
 .netlify
 node_modules

.python-version

@@ -0,0 +1 @@
+3.8

.vscode/extensions.json

@@ -0,0 +1,26 @@
+// Copyright (c) 2024 Jonah Aragon <jonah@triplebit.net>
+
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to
+// deal in the Software without restriction, including without limitation the
+// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+// sell copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+// FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+// IN THE SOFTWARE.
+
+{
+  "recommendations": [
+    "EditorConfig.EditorConfig",
+    "DavidAnson.vscode-markdownlint"
+  ]
+}

.vscode/settings.json

@@ -0,0 +1,27 @@
+// Copyright (c) 2024 Jonah Aragon <jonah@triplebit.net>
+
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to
+// deal in the Software without restriction, including without limitation the
+// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+// sell copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+// FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+// IN THE SOFTWARE.
+
+{
+    "git.ignoreLimitWarning": true,
+    "[markdown]": {
+      "editor.unicodeHighlight.ambiguousCharacters": true,
+      "editor.unicodeHighlight.invisibleCharacters": true
+    }
+}

docs/about/donate.md

@@ -4,27 +4,18 @@ title: Supporting Us
 <!-- markdownlint-disable MD036 -->
 It takes a lot of [people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) and [work](https://github.com/privacyguides/privacyguides.org/pulse/monthly) to keep Privacy Guides up to date and spreading the word about privacy and mass surveillance. If you like what we do, consider getting involved by [editing the site](https://github.com/privacyguides/privacyguides.org) or [contributing translations](https://crowdin.com/project/privacyguides).
 
-If you want to support us financially, the most convenient method for us is contributing via Open Collective, a website operated by our fiscal host. Open Collective accepts payments via credit/debit card, PayPal, and bank transfers.
+<div class="admonition failure" markdown>
+<p class="admonition-title">Donation Information</p>
 
-[Donate on OpenCollective.com](https://opencollective.com/privacyguides/donate){ class="md-button md-button--primary" }
+Unfortunately, Open Collective Foundation (our long-time fiscal host) announced they are dissolving their operations and can no longer support us or any project they host. Thus, we have no way to accept donations at this time. We are looking into ways to move forward from a legal perspective, but in the meantime any non-monetary contribution you can provide would be greatly appreciated.
 
-Donations made directly to us on Open Collective are generally tax-deductible in the US, because our fiscal host (the Open Collective Foundation) is a registered 501(c)3 organization. You will receive a receipt from the Open Collective Foundation after donating. Privacy Guides does not provide financial advice, and you should contact your tax advisor to find out whether this is applicable to you.
+</div>
 
-If you already make use of GitHub sponsorships, you can also sponsor our organization there.
+Another option to support us is by buying our merchandise from HelloTux. We get a small commission for each item sold, and you get a quality product to show for it.
-
-[Sponsor us on GitHub](https://github.com/sponsors/privacyguides){ .md-button }
-
-Another option to support us is by buying our merchandise from HelloTux. We get roughly $4 for every shirt sold, and you get a quality product to show for it.
 
 [Buy on HelloTux.com](https://hellotux.com/privacyguides){ class="md-button" }
 
-## Backers
+Thank you to all those who support our mission! :heart:
-
-A special thanks to all those who support our mission! :heart:
-
-*Please note: This section loads a widget directly from Open Collective. This section does not reflect donations made outside of Open Collective, and we have no control over the specific donors featured in this section.*
-
-<script src="https://opencollective.com/privacyguides/banner.js"></script>
 
 ## How We Use Donations
 

docs/about/index.md

@@ -82,7 +82,7 @@ So far in 2023 we've launched international translations of our website in [Fren
 
 Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open source on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides).
 
-Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax-deductible in the United States.
+Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Donations to Privacy Guides are generally tax-deductible in the United States.
 
 ## Site License
 

docs/cryptocurrency.md

@@ -9,13 +9,16 @@ Making payments online is one of the biggest challenges to privacy. These crypto
 
 [Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md){ .md-button }
 
-!!! danger
+<div class="admonition danger" markdown>
+<p class="admonition-title">Danger</p>
 
 Many if not most cryptocurrency projects are scams. Make transactions carefully with only projects you trust.
 
+</div>
+
 ## Monero
 
-!!! recommendation
+<div class="admonition recommendation" markdown>
 
 ![Monero logo](assets/img/cryptocurrency/monero.svg){ align=right }
 
@@ -26,6 +29,10 @@ Making payments online is one of the biggest challenges to privacy. These crypto
 [:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" }
 [:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribute }
 
+</details>
+
+</div>
+
 With Monero, outside observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories.
 
 For optimal privacy, make sure to use a noncustodial wallet where the view key stays on the device. This means that only you will have the ability to spend your funds and see incoming and outgoing transactions. If you use a custodial wallet, the provider can see **everything** you do; if you use a “lightweight” wallet where the provider retains your private view key, the provider can see almost everything you do. Some noncustodial wallets include:
@@ -48,8 +55,11 @@ Ultimately, Monero is the strongest contender for a privacy-friendly cryptocurre
 
 **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
 
-!!! example "This section is new"
+<div class="admonition example" markdown>
+<p class="admonition-title">This section is new</p>
 
 We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
 
+</div>
+
 - Cryptocurrency must provide private/untraceable transactions by default.

docs/desktop.md

@@ -14,7 +14,7 @@ Linux distributions are commonly recommended for privacy protection and software
 
 <div class="admonition recommendation" markdown>
 
-![Fedora logo](assets/img/linux-desktop/fedora-workstation.svg){ align=right }
+![Fedora logo](assets/img/linux-desktop/fedora.svg){ align=right }
 
 **Fedora Workstation** is our recommended distribution for people new to Linux. Fedora generally adopts newer technologies before other distributions e.g., [Wayland](https://wayland.freedesktop.org/), [PipeWire](https://pipewire.org). These new technologies often come with improvements in security, privacy, and usability in general.
 
@@ -70,7 +70,9 @@ Being a DIY distribution, you are [expected to set up and maintain](os/linux-ove
 
 A large portion of [Arch Linux’s packages](https://reproducible.archlinux.org) are [reproducible](https://reproducible-builds.org).
 
-## Immutable Distributions
+## Atomic Distributions
+
+**Atomic distributions** (sometimes also referred to as **immutable distributions**) are operating systems which handle package installation and updates by layering changes atop your core system image, rather than by directly modifying the system. This has advantages including increased stability and the ability to easily rollback updates. See [*Traditional vs. Atomic Updates*](os/linux-overview.md#traditional-vs-atomic-updates) for more info.
 
 ### Fedora Atomic Desktops
 
@@ -78,7 +80,7 @@ A large portion of [Arch Linux’s packages](https://reproducible.archlinux.org)
 
 ![Fedora logo](assets/img/linux-desktop/fedora.svg){ align=right }
 
-**Fedora Atomic Desktops** are the immutable variants of Fedora with a strong focus on containerized workflows and Flatpak for desktop applications. All of these variants follow the same release schedule as Fedora Workstation, benefiting from the same fast updates and staying very close to upstream.
+**Fedora Atomic Desktops** are variants of Fedora which use the `rpm-ostree` package manager and have a strong focus on containerized workflows and Flatpak for desktop applications. All of these variants follow the same release schedule as Fedora Workstation, benefiting from the same fast updates and staying very close to upstream.
 
 [:octicons-home-16: Homepage](https://fedoraproject.org/atomic-desktops/){ .md-button .md-button--primary }
 [:octicons-heart-16:](https://whatcanidoforfedora.org/){ .card-link title=Contribute }
@@ -164,6 +166,13 @@ Whonix is best used [in conjunction with Qubes](https://www.whonix.org/wiki/Qube
 
 </div>
 
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+Tails [doesn't erase](https://gitlab.tails.boum.org/tails/tails/-/issues/5356) the [video memory](https://en.wikipedia.org/wiki/Dual-ported_video_RAM) when shutting down. When you restart your computer after using Tails, it might briefly display the last screen that was displayed in Tails. If you shut down your computer instead of restarting it, the video memory will erase itself automatically after being unpowered for some time.
+
+</div>
+
 Tails is great for counter forensics due to amnesia (meaning nothing is written to the disk); however, it is not a hardened distribution like Whonix. It lacks many anonymity and security features that Whonix has and gets updated much less often (only once every six weeks). A Tails system that is compromised by malware may potentially bypass the transparent proxy allowing for the user to be deanonymized.
 
 Tails includes [uBlock Origin](desktop-browsers.md#ublock-origin) in Tor Browser by default, which may potentially make it easier for adversaries to fingerprint Tails users. [Whonix](desktop.md#whonix) virtual machines may be more leak-proof, however they are not amnesic, meaning data may be recovered from your storage device.

docs/email-clients.md

@@ -25,7 +25,7 @@ OpenPGP also does not support [forward secrecy](https://en.wikipedia.org/wiki/Fo
 
 ![Thunderbird logo](assets/img/email-clients/thunderbird.svg){ align=right }
 
-**Thunderbird** is a free, open-source, cross-platform email, newsgroup, news feed, and chat (XMPP, IRC, Twitter) client developed by the Thunderbird community, and previously by the Mozilla Foundation.
+**Thunderbird** is a free, open-source, cross-platform email, newsgroup, news feed, and chat (XMPP, IRC, Matrix) client developed by the Thunderbird community, and previously by the Mozilla Foundation.
 
 [:octicons-home-16: Homepage](https://www.thunderbird.net){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://www.mozilla.org/privacy/thunderbird){ .card-link title="Privacy Policy" }

docs/encryption.md

@@ -13,7 +13,7 @@ The options listed here are multi-platform and great for creating encrypted back
 
 ### Cryptomator (Cloud)
 
-!!! recommendation
+<div class="admonition recommendation" markdown>
 
 ![Cryptomator logo](assets/img/encryption-software/cryptomator.svg){ align=right }
 
@@ -25,7 +25,8 @@ The options listed here are multi-platform and great for creating encrypted back
 [:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
 [:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
 
-    ??? downloads
+<details class="downloads" markdown>
+<summary>Downloads</summary>
 
 - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
 - [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
@@ -35,6 +36,10 @@ The options listed here are multi-platform and great for creating encrypted back
 - [:simple-linux: Linux](https://cryptomator.org/downloads)
 - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
 
+</details>
+
+</div>
+
 Cryptomator uses AES-256 encryption to encrypt both files and filenames. Cryptomator cannot encrypt metadata such as access, modification, and creation timestamps, nor the number and size of files and folders.
 
 Some Cryptomator cryptographic libraries have been [audited](https://community.cryptomator.org/t/has-there-been-a-security-review-audit-of-cryptomator/44) by Cure53. The scope of the audited libraries includes: [cryptolib](https://github.com/cryptomator/cryptolib), [cryptofs](https://github.com/cryptomator/cryptofs), [siv-mode](https://github.com/cryptomator/siv-mode) and [cryptomator-objc-cryptor](https://github.com/cryptomator/cryptomator-objc-cryptor). The audit did not extend to [cryptolib-swift](https://github.com/cryptomator/cryptolib-swift), which is a library used by Cryptomator for iOS.
@@ -43,7 +48,7 @@ Cryptomator's documentation details its intended [security target](https://docs.
 
 ### Picocrypt (File)
 
-!!! recommendation
+<div class="admonition recommendation" markdown>
 
 ![Picocrypt logo](assets/img/encryption-software/picocrypt.svg){ align=right }
 
@@ -53,15 +58,20 @@ Cryptomator's documentation details its intended [security target](https://docs.
 [:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
 [:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
 
-    ??? downloads
+<details class="downloads" markdown>
+<summary>Downloads</summary>
 
 - [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
 - [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
 - [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
 
+</details>
+
+</div>
+
 ### VeraCrypt (Disk)
 
-!!! recommendation
+<div class="admonition recommendation" markdown>
 
 ![VeraCrypt logo](assets/img/encryption-software/veracrypt.svg#only-light){ align=right }
 ![VeraCrypt logo](assets/img/encryption-software/veracrypt-dark.svg#only-dark){ align=right }
@@ -73,12 +83,17 @@ Cryptomator's documentation details its intended [security target](https://docs.
 [:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
 [:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
 
-    ??? downloads
+<details class="downloads" markdown>
+<summary>Downloads</summary>
 
 - [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
 - [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
 - [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
 
+</details>
+
+</div>
+
 VeraCrypt is a fork of the discontinued TrueCrypt project. According to its developers, security improvements have been implemented and issues raised by the initial TrueCrypt code audit have been addressed.
 
 When encrypting with VeraCrypt, you have the option to select from different [hash functions](https://en.wikipedia.org/wiki/VeraCrypt#Encryption_scheme). We suggest you **only** select [SHA-512](https://en.wikipedia.org/wiki/SHA-512) and stick to the [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) block cipher.
@@ -91,7 +106,7 @@ For encrypting the drive your operating system boots from, we generally recommen
 
 ### BitLocker
 
-!!! recommendation
+<div class="admonition recommendation" markdown>
 
 ![BitLocker logo](assets/img/encryption-software/bitlocker.png){ align=right }
 
@@ -99,49 +114,53 @@ For encrypting the drive your operating system boots from, we generally recommen
 
 [:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
 
+</details>
+
+</div>
+
 BitLocker is [only supported](https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) on Pro, Enterprise and Education editions of Windows. It can be enabled on Home editions provided that they meet the prerequisites.
 
-??? example "Enabling BitLocker on Windows Home"
+<details class="example" markdown>
+<summary>Enabling BitLocker on Windows Home</summary>
 
 To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
 
 1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
-
+   ```powershell
-        ```
    powershell Get-Disk
    ```
 
 2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`:
-
+   ```powershell
-        ```
    powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
    ```
 
 3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
-
 4. Login with your admin account and type this in the command prompt to start encryption:
-
+   ```powershell
-        ```
    manage-bde -on c: -used
    ```
 
 5. Close the command prompt and continue booting to regular Windows.
-    
 6. Open an admin command prompt and run the following commands:
-
+   ```powershell
-        ```
    manage-bde c: -protectors -add -rp -tpm
    manage-bde -protectors -enable c:
    manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt
    ```
 
-        !!! tip
+<div class="admonition tip" markdown>
+<p class="admonition-title">Tip</p>
 
 Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device. Loss of this recovery code may result in loss of data.
 
+</div>
+
+</details>
+
 ### FileVault
 
-!!! recommendation
+<div class="admonition recommendation" markdown>
 
 ![FileVault logo](assets/img/encryption-software/filevault.png){ align=right }
 
@@ -149,11 +168,15 @@ BitLocker is [only supported](https://support.microsoft.com/en-us/windows/turn-o
 
 [:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
 
+</details>
+
+</div>
+
 We recommend storing a local recovery key in a secure place as opposed to using your iCloud account for recovery.
 
 ### Linux Unified Key Setup
 
-!!! recommendation
+<div class="admonition recommendation" markdown>
 
 ![LUKS logo](assets/img/encryption-software/luks.png){ align=right }
 
@@ -163,35 +186,47 @@ We recommend storing a local recovery key in a secure place as opposed to using
 [:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation}
 [:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" }
 
-??? example "Creating and opening encrypted containers"
+</details>
 
-    ```
+</div>
+
+<details class="example" markdown>
+<summary>Creating and opening encrypted containers</summary>
+
+```bash
 dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
 sudo cryptsetup luksFormat /path-to-file
 ```
 
 #### Opening encrypted containers
+
 We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
-    ```
+
+```bash
 udisksctl loop-setup -f /path-to-file
 udisksctl unlock -b /dev/loop0
 ```
 
-!!! note "Remember to back up volume headers"
+</details>
+
+<div class="admonition note" markdown>
+<p class="admonition-title">Remember to back up volume headers</p>
 
 We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with:
 
-    ```
+```bash
 cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
 ```
 
+</div>
+
 ## Command-line
 
 Tools with command-line interfaces are useful for integrating [shell scripts](https://en.wikipedia.org/wiki/Shell_script).
 
 ### Kryptor
 
-!!! recommendation
+<div class="admonition recommendation" markdown>
 
 ![Kryptor logo](assets/img/encryption-software/kryptor.png){ align=right }
 
@@ -203,15 +238,20 @@ Tools with command-line interfaces are useful for integrating [shell scripts](ht
 [:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
 [:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
 
-    ??? downloads
+<details class="downloads" markdown>
+<summary>Downloads</summary>
 
 - [:simple-windows11: Windows](https://www.kryptor.co.uk)
 - [:simple-apple: macOS](https://www.kryptor.co.uk)
 - [:simple-linux: Linux](https://www.kryptor.co.uk)
 
+</details>
+
+</div>
+
 ### Tomb
 
-!!! recommendation
+<div class="admonition recommendation" markdown>
 
 ![Tomb logo](assets/img/encryption-software/tomb.png){ align=right }
 
@@ -222,13 +262,18 @@ Tools with command-line interfaces are useful for integrating [shell scripts](ht
 [:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" }
 [:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute }
 
+</details>
+
+</div>
+
 ## OpenPGP
 
 OpenPGP is sometimes needed for specific tasks such as digitally signing and encrypting email. PGP has many features and is [complex](https://latacora.micro.blog/2019/07/16/the-pgp-problem.html) as it has been around a long time. For tasks such as signing or encrypting files, we suggest the above options.
 
 When encrypting with PGP, you have the option to configure different options in your `gpg.conf` file. We recommend staying with the standard options specified in the [GnuPG user FAQ](https://www.gnupg.org/faq/gnupg-faq.html#new_user_gpg_conf).
 
-!!! tip "Use future defaults when generating a key"
+<div class="admonition tip" markdown>
+<p class="admonition-title">Use future defaults when generating a key</p>
 
 When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
 
@@ -236,9 +281,11 @@ When encrypting with PGP, you have the option to configure different options in
 gpg --quick-gen-key alice@example.com future-default
 ```
 
+</div>
+
 ### GNU Privacy Guard
 
-!!! recommendation
+<div class="admonition recommendation" markdown>
 
 ![GNU Privacy Guard logo](assets/img/encryption-software/gnupg.svg){ align=right }
 
@@ -249,16 +296,21 @@ When encrypting with PGP, you have the option to configure different options in
 [:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
 [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
 
-    ??? downloads
+<details class="downloads" markdown>
+<summary>Downloads</summary>
 
 - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
 - [:simple-windows11: Windows](https://gpg4win.org/download.html)
 - [:simple-apple: macOS](https://gpgtools.org)
 - [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
 
+</details>
+
+</div>
+
 ### GPG4win
 
-!!! recommendation
+<div class="admonition recommendation" markdown>
 
 ![GPG4win logo](assets/img/encryption-software/gpg4win.svg){ align=right }
 
@@ -270,17 +322,25 @@ When encrypting with PGP, you have the option to configure different options in
 [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
 [:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
 
-    ??? downloads
+<details class="downloads" markdown>
+<summary>Downloads</summary>
 
 - [:simple-windows11: Windows](https://gpg4win.org/download.html)
 
+</details>
+
+</div>
+
 ### GPG Suite
 
-!!! note
+<div class="admonition note" markdown>
+<p class="admonition-title">Note</p>
 
 We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices.
 
-!!! recommendation
+</div>
+
+<div class="admonition recommendation" markdown>
 
 ![GPG Suite logo](assets/img/encryption-software/gpgsuite.png){ align=right }
 
@@ -293,13 +353,18 @@ When encrypting with PGP, you have the option to configure different options in
 [:octicons-info-16:](https://gpgtools.tenderapp.com/kb){ .card-link title=Documentation}
 [:octicons-code-16:](https://github.com/GPGTools){ .card-link title="Source Code" }
 
-    ??? downloads
+<details class="downloads" markdown>
+<summary>Downloads</summary>
 
 - [:simple-apple: macOS](https://gpgtools.org)
 
+</details>
+
+</div>
+
 ### OpenKeychain
 
-!!! recommendation
+<div class="admonition recommendation" markdown>
 
 ![OpenKeychain logo](assets/img/encryption-software/openkeychain.svg){ align=right }
 
@@ -310,18 +375,26 @@ When encrypting with PGP, you have the option to configure different options in
 [:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
 [:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
 
-    ??? downloads
+<details class="downloads" markdown>
+<summary>Downloads</summary>
 
 - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
 
+</details>
+
+</div>
+
 ## Criteria
 
 **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
 
-!!! example "This section is new"
+<div class="admonition example" markdown>
+<p class="admonition-title">This section is new</p>
 
 We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
 
+</div>
+
 ### Minimum Qualifications
 
 - Cross-platform encryption apps must be open source.

docs/file-sharing.md

@@ -10,7 +10,7 @@ Discover how to privately share your files between your devices, with your frien
 
 ### Send
 
-!!! recommendation
+<div class="admonition recommendation" markdown>
 
 ![Send logo](assets/img/file-sharing-sync/send.svg){ align=right }
 
@@ -22,6 +22,10 @@ Discover how to privately share your files between your devices, with your frien
 [:octicons-code-16:](https://github.com/timvisee/send){ .card-link title="Source Code" }
 [:octicons-heart-16:](https://github.com/sponsors/timvisee){ .card-link title=Contribute }
 
+</details>
+
+</div>
+
 Send can be used via its web interface or via the [ffsend](https://github.com/timvisee/ffsend) CLI. If you are familiar with the command-line and send files frequently, we recommend using the CLI client to avoid JavaScript-based encryption. You can specify the `--host` flag to use a specific server:
 
 ```bash
@@ -30,7 +34,7 @@ ffsend upload --host https://send.vis.ee/ FILE
 
 ### OnionShare
 
-!!! recommendation
+<div class="admonition recommendation" markdown>
 
 ![OnionShare logo](assets/img/file-sharing-sync/onionshare.svg){ align=right }
 
@@ -41,27 +45,35 @@ ffsend upload --host https://send.vis.ee/ FILE
 [:octicons-info-16:](https://docs.onionshare.org){ .card-link title=Documentation}
 [:octicons-code-16:](https://github.com/onionshare/onionshare){ .card-link title="Source Code" }
 
-    ??? downloads
+<details class="downloads" markdown>
+<summary>Downloads</summary>
 
 - [:simple-windows11: Windows](https://onionshare.org/#download)
 - [:simple-apple: macOS](https://onionshare.org/#download)
 - [:simple-linux: Linux](https://onionshare.org/#download)
 
+</details>
+
+</div>
+
 ### Criteria
 
 **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
 
-!!! example "This section is new"
+<div class="admonition example" markdown>
+<p class="admonition-title">This section is new</p>
 
 We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
 
+</div>
+
 - Must not store decrypted data on a remote server.
 - Must be open-source software.
 - Must either have clients for Linux, macOS, and Windows; or have a web interface.
 
 ## FreedomBox
 
-!!! recommendation
+<div class="admonition recommendation" markdown>
 
 ![FreedomBox logo](assets/img/file-sharing-sync/freedombox.svg){ align=right }
 
@@ -72,11 +84,15 @@ ffsend upload --host https://send.vis.ee/ FILE
 [:octicons-code-16:](https://salsa.debian.org/freedombox-team/freedombox){ .card-link title="Source Code" }
 [:octicons-heart-16:](https://freedomboxfoundation.org/donate/){ .card-link title=Contribute }
 
+</details>
+
+</div>
+
 ## File Sync
 
 ### Nextcloud (Client-Server)
 
-!!! recommendation
+<div class="admonition recommendation" markdown>
 
 ![Nextcloud logo](assets/img/productivity/nextcloud.svg){ align=right }
 
@@ -88,7 +104,8 @@ ffsend upload --host https://send.vis.ee/ FILE
 [:octicons-code-16:](https://github.com/nextcloud){ .card-link title="Source Code" }
 [:octicons-heart-16:](https://nextcloud.com/contribute/){ .card-link title=Contribute }
 
-    ??? downloads
+<details class="downloads" markdown>
+<summary>Downloads</summary>
 
 - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.nextcloud.client)
 - [:simple-appstore: App Store](https://apps.apple.com/app/id1125420102)
@@ -97,13 +114,20 @@ ffsend upload --host https://send.vis.ee/ FILE
 - [:simple-apple: macOS](https://nextcloud.com/install/#install-clients)
 - [:simple-linux: Linux](https://nextcloud.com/install/#install-clients)
 
-!!! danger
+</details>
+
+</div>
+
+<div class="admonition danger" markdown>
+<p class="admonition-title">Danger</p>
 
 We don't recommend using the [E2EE App](https://apps.nextcloud.com/apps/end_to_end_encryption) for Nextcloud as it may lead to data loss; it is highly experimental and not production quality.
 
+</div>
+
 ### Syncthing (P2P)
 
-!!! recommendation
+<div class="admonition recommendation" markdown>
 
 ![Syncthing logo](assets/img/file-sharing-sync/syncthing.svg){ align=right }
 
@@ -114,7 +138,8 @@ ffsend upload --host https://send.vis.ee/ FILE
 [:octicons-code-16:](https://github.com/syncthing){ .card-link title="Source Code" }
 [:octicons-heart-16:](https://syncthing.net/donations/){ .card-link title=Contribute }
 
-    ??? downloads
+<details class="downloads" markdown>
+<summary>Downloads</summary>
 
 - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.nutomic.syncthingandroid)
 - [:simple-windows11: Windows](https://syncthing.net/downloads/)
@@ -122,14 +147,21 @@ ffsend upload --host https://send.vis.ee/ FILE
 - [:simple-linux: Linux](https://syncthing.net/downloads/)
 - [:simple-freebsd: FreeBSD](https://syncthing.net/downloads/)
 
+</details>
+
+</div>
+
 ### Criteria
 
 **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
 
-!!! example "This section is new"
+<div class="admonition example" markdown>
+<p class="admonition-title">This section is new</p>
 
 We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
 
+</div>
+
 #### Minimum Requirements
 
 - Must not require a third-party remote/cloud server.

docs/frontends.md

@@ -11,28 +11,6 @@ If you choose to self-host these frontends, it is important that you have other
 
 When you are using an instance run by someone else, make sure to read the privacy policy of that specific instance. They can be modified by their owners and therefore may not reflect the default policy. Some instances have Tor .onion addresses which may grant some privacy as long as your search queries don't contain PII.
 
-## Twitter
-
-### Nitter
-
-!!! recommendation
-
-    ![Nitter logo](assets/img/frontends/nitter.svg){ align=right }
-
-    **Nitter** is a free and open-source frontend for [Twitter](https://twitter.com) that is also self-hostable.
-
-    There are a number of public instances, with some instances having [Tor](https://www.torproject.org) onion services support.
-
-    [:octicons-repo-16: Repository](https://github.com/zedeus/nitter){ .md-button .md-button--primary }
-    [:octicons-server-16:](https://github.com/zedeus/nitter/wiki/Instances){ .card-link title="Public Instances"}
-    [:octicons-info-16:](https://github.com/zedeus/nitter/wiki){ .card-link title=Documentation}
-    [:octicons-code-16:](https://github.com/zedeus/nitter){ .card-link title="Source Code" }
-    [:octicons-heart-16:](https://github.com/zedeus/nitter#nitter){ .card-link title=Contribute }
-
-!!! tip
-
-    Nitter is useful if you want to browse Twitter content without having to log in and if you want to disable JavaScript in your browser, as is the case with [Tor Browser](https://www.torproject.org/) on the Safest security level. It also allows you to [create RSS feeds for Twitter](news-aggregators.md#twitter).
-
 ## TikTok
 
 ### ProxiTok

docs/mobile-browsers.md

@@ -44,7 +44,7 @@ On Android, Firefox is still less secure than Chromium-based alternatives: Mozil
 
 ### Brave
 
-!!! recommendation
+<div class="admonition recommendation" markdown>
 
 ![Brave logo](assets/img/browsers/brave.svg){ align=right }
 
@@ -58,11 +58,16 @@ On Android, Firefox is still less secure than Chromium-based alternatives: Mozil
 [:octicons-info-16:](https://support.brave.com/){ .card-link title=Documentation}
 [:octicons-code-16:](https://github.com/brave/brave-browser){ .card-link title="Source Code" }
 
-    ??? downloads annotate
+<details class="downloads" markdown>
+<summary>Downloads</summary>
 
 - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.brave.browser)
 - [:simple-github: GitHub](https://github.com/brave/brave-browser/releases)
 
+</details>
+
+</div>
+
 #### Recommended Configuration
 
 Tor Browser is the only way to truly browse the internet anonymously. When you use Brave, we recommend changing the following settings to protect your privacy from certain parties, but all browsers other than the [Tor Browser](tor.md#tor-browser) will be traceable by *somebody* in some regard or another.
@@ -81,9 +86,13 @@ Shields' options can be downgraded on a per-site basis as needed, but by default
 
 - [x] Select **Aggressive** under **Block trackers & ads**
 
-    ??? warning "Use default filter lists"
+<details class="warning" markdown>
+<summary>Use default filter lists</summary>
+
 Brave allows you to select additional content filters within the internal `brave://adblock` page. We advise against using this feature; instead, keep the default filter lists. Using extra lists will make you stand out from other Brave users and may also increase attack surface if there is an exploit in Brave and a malicious rule is added to one of the lists you use.
 
+</details>
+
 - [x] Select **Upgrade connections to HTTPS**
 - [x] Select **Always use secure connections**
 - [x] (Optional) Select **Block Scripts** (1)
@@ -127,7 +136,7 @@ On iOS, any app that can browse the web is [restricted](https://developer.apple.
 
 ### Safari
 
-!!! recommendation
+<div class="admonition recommendation" markdown>
 
 ![Safari logo](assets/img/browsers/safari.svg){ align=right }
 
@@ -137,6 +146,10 @@ On iOS, any app that can browse the web is [restricted](https://developer.apple.
 [:octicons-eye-16:](https://www.apple.com/legal/privacy/data/en/safari/){ .card-link title="Privacy Policy" }
 [:octicons-info-16:](https://support.apple.com/guide/safari/welcome/mac){ .card-link title=Documentation}
 
+</details>
+
+</div>
+
 #### Recommended Configuration
 
 These options can be found in :gear: **Settings** → **Safari**
@@ -197,7 +210,7 @@ If you use iCloud with Advanced Data Protection disabled, we also recommend chec
 
 ### AdGuard
 
-!!! recommendation
+<div class="admonition recommendation" markdown>
 
 ![AdGuard logo](assets/img/browsers/adguard.svg){ align=right }
 
@@ -210,20 +223,28 @@ If you use iCloud with Advanced Data Protection disabled, we also recommend chec
 [:octicons-info-16:](https://kb.adguard.com/ios){ .card-link title=Documentation}
 [:octicons-code-16:](https://github.com/AdguardTeam/AdguardForiOS){ .card-link title="Source Code" }
 
-    ??? downloads
+<details class="downloads" markdown>
+<summary>Downloads</summary>
 
 - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1047223162)
 
+</details>
+
+</div>
+
 Additional filter lists do slow things down and may increase your attack surface, so only apply what you need.
 
 ## Criteria
 
 **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
 
-!!! example "This section is new"
+<div class="admonition example" markdown>
+<p class="admonition-title">This section is new</p>
 
 We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
 
+</div>
+
 ### Minimum Requirements
 
 - Must support automatic updates.

docs/news-aggregators.md

@@ -188,22 +188,6 @@ https://www.reddit.com/r/[SUBREDDIT]/new/.rss
 
 </div>
 
-### Twitter
-
-Using any of the Nitter [instances](https://status.d420.de/) you can easily subscribe using RSS.
-
-<div class="admonition example" markdown>
-<p class="admonition-title">Example</p>
-
-1. Pick an instance and set `nitter_instance`.
-2. Replace `twitter_account` with the account name.
-
-```text
-https://[nitter_instance]/[twitter_account]/rss
-```
-
-</div>
-
 ### YouTube
 
 You can subscribe YouTube channels without logging in and associating usage information with your Google Account.

docs/os/linux-overview.md

@@ -57,7 +57,7 @@ Atomic updating distributions apply updates in full or not at all. Typically, tr
 
 A transactional update system creates a snapshot that is made before and after an update is applied. If an update fails at any time (perhaps due to a power failure), the update can be easily rolled back to a “last known good state."
 
-The Atomic update method is used for immutable distributions like Silverblue, Tumbleweed, and NixOS and can achieve reliability with this model. [Adam Šamalík](https://twitter.com/adsamalik) provided a presentation on how `rpm-ostree` works with Silverblue:
+The Atomic update method is used for [distributions](../desktop.md#atomic-distributions) like Silverblue, Tumbleweed, and NixOS and can achieve reliability with this model. [Adam Šamalík](https://twitter.com/adsamalik) provided a presentation on how `rpm-ostree` works with Silverblue:
 
 <div class="yt-embed">
   <iframe width="560" height="315" src="https://invidious.privacyguides.net/embed/-hpV5l-gJnQ?local=true" title="Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalik" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>

docs/real-time-communication.md

@@ -20,9 +20,7 @@ These messengers are great for securing your sensitive communications.
 
 ![Signal logo](assets/img/messengers/signal.svg){ align=right }
 
-**Signal** is a mobile app developed by Signal Messenger LLC. The app provides instant messaging, as well as voice and video calling.
+**Signal** is a mobile app developed by Signal Messenger LLC. The app provides instant messaging and calls secured with the Signal Protocol, an extremely secure encryption protocol which supports forward secrecy[^1] and post-compromise security.[^2]
-
-All communications are E2EE. Contact lists are encrypted using your Signal PIN and the server does not have access to them. Personal profiles are also encrypted and only shared with contacts you chat with.
 
 [:octicons-home-16: Homepage](https://signal.org/){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://signal.org/legal/#privacy-policy){ .card-link title="Privacy Policy" }
@@ -44,7 +42,18 @@ All communications are E2EE. Contact lists are encrypted using your Signal PIN a
 
 </div>
 
-Signal supports [private groups](https://signal.org/blog/signal-private-group-system/). The server has no record of your group memberships, group titles, group avatars, or group attributes. Signal has minimal metadata when [Sealed Sender](https://signal.org/blog/sealed-sender/) is enabled. The sender address is encrypted along with the message body, and only the recipient address is visible to the server. Sealed Sender is only enabled for people in your contacts list, but can be enabled for all recipients with the increased risk of receiving spam. Signal requires your phone number as a personal identifier.
+Signal requires your phone number for registration, however you should create a username to hide your phone number from your contacts:
+
+1. In Signal, open the app's settings and tap your account profile at the top.
+2. Tap **Username** and choose **Continue** on the "Set up your Signal username" screen.
+3. Enter a username. Your username will always be paired with a unique set of digits to keep your username unique and prevent people from guessing it, for example if you enter "John" your username might end up being `@john.35`.
+4. Go back to the main app settings page and select **Privacy**.
+5. Select **Phone Number**
+6. Change the **Who Can See My Number** setting to: **Nobody**
+
+You can optionally change the **Who Can Find Me By Number** setting to **Nobody** as well, if you want to prevent people who already have your phone number from discovering your Signal account/username.
+
+Contact lists on Signal are encrypted using your Signal PIN and the server does not have access to them. Personal profiles are also encrypted and only shared with contacts you chat with. Signal supports [private groups](https://signal.org/blog/signal-private-group-system/), where the server has no record of your group memberships, group titles, group avatars, or group attributes. Signal has minimal metadata when [Sealed Sender](https://signal.org/blog/sealed-sender/) is enabled. The sender address is encrypted along with the message body, and only the recipient address is visible to the server. Sealed Sender is only enabled for people in your contacts list, but can be enabled for all recipients with the increased risk of receiving spam.
 
 The protocol was independently [audited](https://eprint.iacr.org/2016/1013.pdf) in 2016. The specification for the Signal protocol can be found in their [documentation](https://signal.org/docs/).
 
@@ -115,14 +124,14 @@ The client software was independently [audited](https://briarproject.org/news/20
 
 Briar has a fully [published specification](https://code.briarproject.org/briar/briar-spec).
 
-Briar supports Forward Secrecy by using the Bramble [Handshake](https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BHP.md) and [Transport](https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BTP.md) protocol.
+Briar supports forward secrecy[^1] by using the Bramble [Handshake](https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BHP.md) and [Transport](https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BTP.md) protocol.
 
 ## Additional Options
 
 <div class="admonition warning" markdown>
 <p class="admonition-title">Warning</p>
 
-These messengers do not have [Forward Secrecy](https://en.wikipedia.org/wiki/Forward_secrecy), and while they fulfill certain needs that our previous recommendations may not, we do not recommend them for long-term or sensitive communications. Any key compromise among message recipients would affect the confidentiality of **all** past communications.
+These messengers do not have forward secrecy[^1], and while they fulfill certain needs that our previous recommendations may not, we do not recommend them for long-term or sensitive communications. Any key compromise among message recipients would affect the confidentiality of **all** past communications.
 
 </div>
 
@@ -160,7 +169,7 @@ Profile pictures, reactions, and nicknames are not encrypted.
 
 Group voice and video calls are [not](https://github.com/vector-im/element-web/issues/12878) E2EE, and use Jitsi, but this is expected to change with [Native Group VoIP Signalling](https://github.com/matrix-org/matrix-doc/pull/3401). Group calls have [no authentication](https://github.com/vector-im/element-web/issues/13074) currently, meaning that non-room participants can also join the calls. We recommend that you do not use this feature for private meetings.
 
-The Matrix protocol itself [theoretically supports PFS](https://gitlab.matrix.org/matrix-org/olm/blob/master/docs/megolm.md#partial-forward-secrecy), however this is [not currently supported in Element](https://github.com/vector-im/element-web/issues/7101) due to it breaking some aspects of the user experience such as key backups and shared message history.
+The Matrix protocol itself [theoretically supports forward secrecy](https://gitlab.matrix.org/matrix-org/olm/blob/master/docs/megolm.md#partial-forward-secrecy)[^1], however this is [not currently supported in Element](https://github.com/vector-im/element-web/issues/7101) due to it breaking some aspects of the user experience such as key backups and shared message history.
 
 The protocol was independently [audited](https://matrix.org/blog/2016/11/21/matrixs-olm-end-to-end-encryption-security-assessment-released-and-implemented-cross-platform-on-riot-at-last) in 2016. The specification for the Matrix protocol can be found in their [documentation](https://spec.matrix.org/latest/). The [Olm cryptographic ratchet](https://matrix.org/docs/matrix-concepts/end-to-end-encryption/) used by Matrix is an implementation of Signal’s [Double Ratchet algorithm](https://signal.org/docs/specifications/doubleratchet/).
 
@@ -195,11 +204,11 @@ Session uses the decentralized [Oxen Service Node Network](https://oxen.io/) to
 
 Session allows for E2EE in one-on-one chats or closed groups which allow for up to 100 members. Open groups have no restriction on the number of members, but are open by design.
 
-Session does [not](https://getsession.org/blog/session-protocol-technical-information) support PFS, which is when an encryption system automatically and frequently changes the keys it uses to encrypt and decrypt information, such that if the latest key is compromised it exposes a smaller portion of sensitive information.
+Session was previously based on Signal Protocol before replacing it with their own in December 2020. Session Protocol does [not](https://getsession.org/blog/session-protocol-technical-information) support forward secrecy.[^1]
 
-Oxen requested an independent audit for Session in March of 2020. The audit [concluded](https://getsession.org/session-code-audit) in April of 2021, “The overall security level of this application is good and makes it usable for privacy-concerned people.”
+Oxen requested an independent audit for Session in March 2020. The audit [concluded](https://getsession.org/session-code-audit) in April 2021, “The overall security level of this application is good and makes it usable for privacy-concerned people.”
 
-Session has a [whitepaper](https://arxiv.org/pdf/2002.04609.pdf) describing the technicals of the app and protocol.
+Session has a [whitepaper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
 
 ## Criteria
 
@@ -212,17 +221,22 @@ We are working on establishing defined criteria for every section of our site, a
 
 </div>
 
-- Must have open-source clients.
+- Has open-source clients.
-- Must use E2EE for private messages by default.
+- Does not require sharing personal identifiers (phone numbers or emails in particular) with contacts.
-- Must support E2EE for all messages.
+- Uses E2EE for private messages by default.
-- Must have been independently audited.
+- Supports E2EE for all messages.
+- Has been independently audited.
 
 ### Best-Case
 
 Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
 
-- Should have Forward Secrecy.
+- Supports Forward Secrecy[^1]
-- Should have open-source servers.
+- Supports Future Secrecy (Post-Compromise Security)[^2]
-- Should be decentralized, i.e. federated or P2P.
+- Has open-source servers.
-- Should use E2EE for all messages by default.
+- Decentralized, i.e. [federated or P2P](advanced/communication-network-types.md).
-- Should support Linux, macOS, Windows, Android, and iOS.
+- Uses E2EE for all messages by default.
+- Supports Linux, macOS, Windows, Android, and iOS.
+
+[^1]: [Forward Secrecy](https://en.wikipedia.org/wiki/Forward_secrecy) is where keys are rotated very frequently, so that if the current encryption key is compromised, it does not expose **past** messages as well.
+[^2]: Future Secrecy (or Post-Compromise Security) is a feature where an attacker is prevented from decrypting **future** messages after compromising a private key, unless they compromise more session keys in the future as well. This effectively forces the attacker to intercept all communication between parties, since they lose access as soon as a key exchange occurs that is not intercepted.

docs/tools.md

@@ -325,7 +325,6 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 <div class="grid cards" markdown>
 
-- ![Nitter logo](assets/img/frontends/nitter.svg){ .twemoji } [Nitter (Twitter, Web)](frontends.md#nitter)
 - ![FreeTube logo](assets/img/frontends/freetube.svg){ .twemoji } [FreeTube (YouTube, Desktop)](frontends.md#freetube)
 - ![Yattee logo](assets/img/frontends/yattee.svg){ .twemoji } [Yattee (YouTube; iOS, tvOS, macOS)](frontends.md#yattee)
 - ![LibreTube logo](assets/img/frontends/libretube.svg#only-light){ .twemoji }![LibreTube logo](assets/img/frontends/libretube-dark.svg#only-dark){ .twemoji } [LibreTube (YouTube, Android)](frontends.md#libretube-android)  

netlify.toml

@@ -36,6 +36,7 @@
     X-Content-Type-Options = "nosniff"
     Strict-Transport-Security = "max-age=63072000; includeSubDomains; preload"
     Content-Security-Policy = "default-src 'none'; script-src https://www.privacyguides.org 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src data: 'self'; connect-src https://api.github.com https://*.privacyguides.net 'self'; frame-src https://*.privacyguides.net; frame-ancestors 'none'"
+    Permissions-Policy = "browsing-topics=(), conversion-measurement=(), interest-cohort=(), accelerometer=(), ambient-light-sensor=(), battery=(), camera=(), display-capture=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), usb=()"
 
 [[headers]]
   for = "/:lang/about/donate/"

theme/assets/img/frontends/nitter.svg

@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="666.67" height="666.67" version="1" viewBox="0 0 500 500"><path fill="#ff6c60" stroke="#ff6c60" stroke-width="1" d="M73.6 33.6L71 36.3v427.4l2.6 2.7 2.7 2.6h87.4l2.7-2.6 2.6-2.7V339.9c0-102.6.2-123.9 1.3-123.9.8 0 41.1 56.1 89.7 124.7 48.5 68.7 89.2 125.6 90.4 126.5 1.9 1.6 5.5 1.8 37.7 1.8h35.6l2.7-2.6 2.6-2.7V36.3l-2.6-2.7-2.7-2.6h-87.4l-2.7 2.6-2.6 2.7v123.8c0 102.6-.2 123.9-1.3 123.9-.8 0-41.1-56.1-89.7-124.8-48.5-68.6-89.2-125.5-90.4-126.4-1.9-1.6-5.5-1.8-37.7-1.8H76.3l-2.7 2.6zm158.9 147.1c51.2 72.3 94.4 133.1 96.1 134.9 2.9 3.1 3.6 3.4 9.1 3.4 5.2 0 6.4-.4 8.7-2.6l2.6-2.7V49h62v402l-25.2-.1h-25.3l-93-131.6c-51.1-72.3-94.4-133.1-96.1-134.9-2.9-3.1-3.6-3.4-9.1-3.4-5.2 0-6.4.4-8.7 2.6l-2.6 2.7V451H89V49l25.3.1h25.2l93 131.6z"/></svg>

theme/main.html

@@ -118,16 +118,6 @@
     <h2>Share this website and spread privacy knowledge</h2>
     <p><input class="admonition quote social-share-text" id="share" type="text" value="Privacy Guides: https://www.privacyguides.org - Cybersecurity resources and privacy-focused tools to protect yourself online" onclick="select()" readonly=""></p>
     <p><em>Copy this text to easily share Privacy Guides with your friends and family on any social network!</em></p>
-    <p>
-        <a class="card-link" href="http://twitter.com/intent/tweet?text=Privacy%20Guides%3A%20https%3A%2F%2Fwww.privacyguides.org%20-%20Cybersecurity%20resources%20and%20privacy-focused%20tools%20to%20protect%20yourself%20online.%20%40privacy_guides" target="_blank" title="Share the site on X (formerly Twitter)" rel="noopener"><span class="twemoji"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M18.901 1.153h3.68l-8.04 9.19L24 22.846h-7.406l-5.8-7.584-6.638 7.584H.474l8.6-9.83L0 1.154h7.594l5.243 6.932ZM17.61 20.644h2.039L6.486 3.24H4.298Z"></path></svg></span></a>
-        <a class="card-link" href="http://www.reddit.com/submit?url=https%3A%2F%2Fwww.privacyguides.org" target="_blank" title="Share the site on Reddit" rel="noopener"><span class="twemoji"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 0A12 12 0 0 0 0 12a12 12 0 0 0 12 12 12 12 0 0 0 12-12A12 12 0 0 0 12 0zm5.01 4.744c.688 0 1.25.561 1.25 1.249a1.25 1.25 0 0 1-2.498.056l-2.597-.547-.8 3.747c1.824.07 3.48.632 4.674 1.488.308-.309.73-.491 1.207-.491.968 0 1.754.786 1.754 1.754 0 .716-.435 1.333-1.01 1.614a3.111 3.111 0 0 1 .042.52c0 2.694-3.13 4.87-7.004 4.87-3.874 0-7.004-2.176-7.004-4.87 0-.183.015-.366.043-.534A1.748 1.748 0 0 1 4.028 12c0-.968.786-1.754 1.754-1.754.463 0 .898.196 1.207.49 1.207-.883 2.878-1.43 4.744-1.487l.885-4.182a.342.342 0 0 1 .14-.197.35.35 0 0 1 .238-.042l2.906.617a1.214 1.214 0 0 1 1.108-.701zM9.25 12C8.561 12 8 12.562 8 13.25c0 .687.561 1.248 1.25 1.248.687 0 1.248-.561 1.248-1.249 0-.688-.561-1.249-1.249-1.249zm5.5 0c-.687 0-1.248.561-1.248 1.25 0 .687.561 1.248 1.249 1.248.688 0 1.249-.561 1.249-1.249 0-.687-.562-1.249-1.25-1.249zm-5.466 3.99a.327.327 0 0 0-.231.094.33.33 0 0 0 0 .463c.842.842 2.484.913 2.961.913.477 0 2.105-.056 2.961-.913a.361.361 0 0 0 .029-.463.33.33 0 0 0-.464 0c-.547.533-1.684.73-2.512.73-.828 0-1.979-.196-2.512-.73a.326.326 0 0 0-.232-.095z"></path></svg></span></a>
-        <a class="card-link" href="http://www.facebook.com/share.php?u=https%3A%2F%2Fwww.privacyguides.org" target="_blank" rel="noopener" title="Share the site on Facebook"><span class="twemoji"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M24 12.073c0-6.627-5.373-12-12-12s-12 5.373-12 12c0 5.99 4.388 10.954 10.125 11.854v-8.385H7.078v-3.47h3.047V9.43c0-3.007 1.792-4.669 4.533-4.669 1.312 0 2.686.235 2.686.235v2.953H15.83c-1.491 0-1.956.925-1.956 1.874v2.25h3.328l-.532 3.47h-2.796v8.385C19.612 23.027 24 18.062 24 12.073z"></path></svg></span></a>
-        <a class="card-link" href="http://www.linkedin.com/shareArticle?mini=true&amp;url=https%3A%2F%2Fwww.privacyguides.org" target="_blank" title="Share the site on LinkedIn" rel="noopener"><span class="twemoji"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20.447 20.452h-3.554v-5.569c0-1.328-.027-3.037-1.852-3.037-1.853 0-2.136 1.445-2.136 2.939v5.667H9.351V9h3.414v1.561h.046c.477-.9 1.637-1.85 3.37-1.85 3.601 0 4.267 2.37 4.267 5.455v6.286zM5.337 7.433a2.062 2.062 0 0 1-2.063-2.065 2.064 2.064 0 1 1 2.063 2.065zm1.782 13.019H3.555V9h3.564v11.452zM22.225 0H1.771C.792 0 0 .774 0 1.729v20.542C0 23.227.792 24 1.771 24h20.451C23.2 24 24 23.227 24 22.271V1.729C24 .774 23.2 0 22.222 0h.003z"></path></svg></span></a>
-        <a class="card-link" href="https://mastodon.neat.computer/@privacyguides" title="Follow us on Mastodon"><span class="twemoji"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M23.268 5.313c-.35-2.578-2.617-4.61-5.304-5.004C17.51.242 15.792 0 11.813 0h-.03c-3.98 0-4.835.242-5.288.309C3.882.692 1.496 2.518.917 5.127.64 6.412.61 7.837.661 9.143c.074 1.874.088 3.745.26 5.611.118 1.24.325 2.47.62 3.68.55 2.237 2.777 4.098 4.96 4.857 2.336.792 4.849.923 7.256.38.265-.061.527-.132.786-.213.585-.184 1.27-.39 1.774-.753a.057.057 0 0 0 .023-.043v-1.809a.052.052 0 0 0-.02-.041.053.053 0 0 0-.046-.01 20.282 20.282 0 0 1-4.709.545c-2.73 0-3.463-1.284-3.674-1.818a5.593 5.593 0 0 1-.319-1.433.053.053 0 0 1 .066-.054c1.517.363 3.072.546 4.632.546.376 0 .75 0 1.125-.01 1.57-.044 3.224-.124 4.768-.422.038-.008.077-.015.11-.024 2.435-.464 4.753-1.92 4.989-5.604.008-.145.03-1.52.03-1.67.002-.512.167-3.63-.024-5.545zm-3.748 9.195h-2.561V8.29c0-1.309-.55-1.976-1.67-1.976-1.23 0-1.846.79-1.846 2.35v3.403h-2.546V8.663c0-1.56-.617-2.35-1.848-2.35-1.112 0-1.668.668-1.67 1.977v6.218H4.822V8.102c0-1.31.337-2.35 1.011-3.12.696-.77 1.608-1.164 2.74-1.164 1.311 0 2.302.5 2.962 1.498l.638 1.06.638-1.06c.66-.999 1.65-1.498 2.96-1.498 1.13 0 2.043.395 2.74 1.164.675.77 1.012 1.81 1.012 3.12z"></path></svg></span></a>
-        <a class="card-link" href="https://matrix.to/#/#privacyguides:matrix.org" title="Chat with us on Matrix"><span class="twemoji"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M.632.55v22.9H2.28V24H0V0h2.28v.55zm7.043 7.26v1.157h.033a3.312 3.312 0 0 1 1.117-1.024c.433-.245.936-.365 1.5-.365.54 0 1.033.107 1.481.314.448.208.785.582 1.02 1.108.254-.374.6-.706 1.034-.992.434-.287.95-.43 1.546-.43.453 0 .872.056 1.26.167.388.11.716.286.993.53.276.245.489.559.646.951.152.392.23.863.23 1.417v5.728h-2.349V11.52c0-.286-.01-.559-.032-.812a1.755 1.755 0 0 0-.18-.66 1.106 1.106 0 0 0-.438-.448c-.194-.11-.457-.166-.785-.166-.332 0-.6.064-.803.189a1.38 1.38 0 0 0-.48.499 1.946 1.946 0 0 0-.231.696 5.56 5.56 0 0 0-.06.785v4.768h-2.35v-4.8c0-.254-.004-.503-.018-.752a2.074 2.074 0 0 0-.143-.688 1.052 1.052 0 0 0-.415-.503c-.194-.125-.476-.19-.854-.19-.111 0-.259.024-.439.074-.18.051-.36.143-.53.282a1.637 1.637 0 0 0-.439.595c-.12.259-.18.6-.18 1.02v4.966H5.46V7.81zm15.693 15.64V.55H21.72V0H24v24h-2.28v-.55z"></path></svg></span></a>
-        <a class="card-link" href="https://discuss.privacyguides.net/" title="Join our Forum"><span class="twemoji"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12.103 0C18.666 0 24 5.485 24 11.997c0 6.51-5.33 11.99-11.9 11.99L0 24V11.79C0 5.28 5.532 0 12.103 0zm.116 4.563a7.395 7.395 0 0 0-6.337 3.57 7.247 7.247 0 0 0-.148 7.22L4.4 19.61l4.794-1.074a7.424 7.424 0 0 0 8.136-1.39 7.256 7.256 0 0 0 1.737-7.997 7.375 7.375 0 0 0-6.84-4.585h-.008z"></path></svg></span></a>
-        <a class="card-link" href="https://blog.privacyguides.org" title="Follow our blog for updates"><span class="twemoji"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19.199 24C19.199 13.467 10.533 4.8 0 4.8V0c13.165 0 24 10.835 24 24h-4.801zM3.291 17.415a3.3 3.3 0 0 1 3.293 3.295A3.303 3.303 0 0 1 3.283 24C1.47 24 0 22.526 0 20.71s1.475-3.294 3.291-3.295zM15.909 24h-4.665c0-6.169-5.075-11.245-11.244-11.245V8.09c8.727 0 15.909 7.184 15.909 15.91z"></path></svg></span></a>
-    </p>
     {% elif config.theme.language == "es" %}
     <div class="admonition info">
     <p>Está viendo la copia en español de Privacy Guides, traducidas por nuestro fantástico equipo lingüístico en <a href="https://crowdin.com/project/privacyguides">Crowdin</a>. Si nota un error o ve alguna sección sin traducir en esta página, ¡<a href="https://matrix.to/#/#pg-i18n:aragon.sh">considere ayudar</a>! Para obtener más información y consejos, consulte nuestra <a href="/meta/translation.md">guía de traducción</a>.</p>