From b28b103d4fca49be775ade45734a4d4491e249f4 Mon Sep 17 00:00:00 2001
From: Mikaela Suomalainen <mikaela+git@mikaela.info>
Date: Mon, 26 Aug 2019 22:39:17 +0300
Subject: [PATCH 01/22] about:config: delete geo.enabled (#1217)

Ref: https://github.com/privacytoolsIO/privacytools.io/issues/1212#issuecomment-524598044
---
 _includes/sections/browser-tweaks.html | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/_includes/sections/browser-tweaks.html b/_includes/sections/browser-tweaks.html
index 277bbd57..fee1830a 100644
--- a/_includes/sections/browser-tweaks.html
+++ b/_includes/sections/browser-tweaks.html
@@ -52,9 +52,6 @@
   <dt>dom.event.clipboardevents.enabled = false</dt>
   <dd>Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected.</dd>
 
-  <dt>geo.enabled = false</dt>
-  <dd>Disables geolocation.</dd>
-
   <dt>media.eme.enabled = false</dt>
   <dd>
   <p>Disables playback of DRM-controlled HTML5 content, which, if enabled, automatically downloads the Widevine Content Decryption Module provided by Google Inc. <a href="https://support.mozilla.org/kb/enable-drm#w_opt-out-of-cdm-playback-uninstall-cdms-and-stop-all-cdm-downloads">Details</a></p>

From 229b2058979796e397d684b45ef7ba9f1303d814 Mon Sep 17 00:00:00 2001
From: Mikaela Suomalainen <mikaela+git@mikaela.info>
Date: Mon, 26 Aug 2019 23:20:34 +0300
Subject: [PATCH 02/22] dns: document enabling Firefox TRR (#1220)

* dns: document enabling Firefox TRR

* browser-tweaks: rm/note that TRR/DoH/ESNI have moved

* dns: fix formatting

* browser-tweaks: fix embarassing typo

* browser-tweaks & dns: apply @nitrohorse's suggestions (and fix link)
---
 _includes/sections/browser-tweaks.html | 19 ++-----------------
 _includes/sections/dns.html            | 11 +++++++++++
 2 files changed, 13 insertions(+), 17 deletions(-)

diff --git a/_includes/sections/browser-tweaks.html b/_includes/sections/browser-tweaks.html
index fee1830a..62b2ec4e 100644
--- a/_includes/sections/browser-tweaks.html
+++ b/_includes/sections/browser-tweaks.html
@@ -115,23 +115,8 @@
   </ul>
   </dd>
 
-  <dt>network.trr.mode = 2</dt>
-  <dd>
-  Use Trusted Recursive Resolver (DNS-over-HTTPS) first and if it fails, use the system resolver <a href="https://wiki.mozilla.org/Trusted_Recursive_Resolver">Source</a>
-  <ul>
-    <li>0 = disabled by default, may change in the future</li>
-    <li>1 = use the faster resolver</li>
-    <li>2 = use DoH first, fallback to system resolver</li>
-    <li>3 = only use DoH. This may require <code>network.trr.bootstrapAddress</code> or using an IP address in <code>network.trr.uri</code>.</li>
-    <li>5 = explicitly disable DoH</li>
-  </ul>
-  </dd>
-
-  <dt>network.trr.uri = CHANGEME</dt>
-  <dd>The address of your DNS-over-HTTPS provider, if you don't have one, <a href="/providers/dns/#icanndns">check our encrypted DNS recommendations</a>. It can also be changed in <em>Settings, Network Settings, Enable DNS over HTTPS, Use Provider, Custom</em>.</dd>
-
-  <dt>network.security.esni.enabled = true</dt>
-  <dd>Hide the address which you are requesting SSL certificate for if the server supports it. This <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1500289">requires DoH/TRR to be enabled</a> even <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1542754">on Android 9+ when Private DNS is enabled</a>.</dd>
+  <dt>Looking for TRR, DoH or ESNI?</dt>
+  <dd>They have moved to <a href="/providers/dns/#icanndns">our DNS page</a>.</dd>
 
   <dt>webgl.disabled = true</dt>
   <dd>WebGL is a potential security risk. <a href="https://security.stackexchange.com/questions/13799/is-webgl-a-security-concern">Source</a></dd>
diff --git a/_includes/sections/dns.html b/_includes/sections/dns.html
index 219f170c..19c3e777 100644
--- a/_includes/sections/dns.html
+++ b/_includes/sections/dns.html
@@ -307,6 +307,10 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
     <li><strong>Encrypted DNS clients for desktop:</strong>
       <ul>
         <li><em>Firefox</em> comes with built-in DoH support with Cloudflare set as the default resolver, but can be configured to use any DoH resolver. <span class="badge badge-warning" data-toggle="tooltip" data-placement="bottom" data-original-title='"Cloudflare has agreed to collect only a limited amount of data about the DNS requests that are sent to the Cloudflare Resolver for Firefox via the Firefox browser."'><a href="https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/firefox/"><i class="fas fa-exclamation-triangle"></i></a></span> Currently Mozilla is <a href="https://blog.mozilla.org/futurereleases/2019/07/31/dns-over-https-doh-update-detecting-managed-networks-and-user-choice/">conducting studies</a> before enabling DoH by default for all US-based Firefox users.</li>
+            <ul>
+                <li>DNS over HTTPS can be enabled in Menu -> Preferences (<code>about:preferences</code>) -> Network Settings -> Enable DNS over HTTPS. Set "Use Provider" to "Custom," and enter your DoH provider's address.</li>
+                <li>Advanced users may enable it in <code>about:config</code> by setting <code>network.trr.custom_uri</code> and <code>network.trr.uri</code> as the address you find from the documentation of your DoH provider and <code>network.trr.mode</code> as <code>2</code>. It may also be desirable to set <code>network.esni.enabled</code> to <code>True</code> in order to enable encrypted SNI and make sites supporting ESNI a bit more difficult to track.</li>
+            </ul>
       </ul>
     </li>
     <li><strong>Encrypted DNS clients for mobile:</strong>
@@ -330,6 +334,13 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
     </li>
     <li><strong>Further reading:</strong>
       <ul>
+        <li>On Firefox, DoH and ESNI</li>
+            <ul>
+                <li><a href="https://wiki.mozilla.org/Trusted_Recursive_Resolver">Trusted Recursive Resolver (DoH) on MozillaWiki</a></li>
+                <li><a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1500289">Firefox bug report requesting the ability to use ESNI without DoH</a></li>
+                <li><a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1542754">Firefox bug report requesting the ability to use Android 9+'s Private DNS (DoT) and benefit from encrypted SNI without having to enable DoH</a></li>
+                <li><a href="https://blog.cloudflare.com/encrypted-sni/">Encrypt it or lose it: how encrypted SNI works on Cloudflare blog</a></li>
+            </ul>
         <li><a href="https://www.isc.org/blogs/qname-minimization-and-privacy/">QNAME Minimization and Your Privacy</a> by the Internet Systems Consortium (ISC)</li>
         <li><a href="https://www.isc.org/dnssec/">DNSSEC and BIND 9</a> by the ISC</li>
       </ul>

From 4cb3fc18ba0be180cc9cf822e0ea66d060663d75 Mon Sep 17 00:00:00 2001
From: Jonah <jonah@triplebit.net>
Date: Mon, 26 Aug 2019 15:32:46 -0500
Subject: [PATCH 03/22] Add Gemfile.lock

---
 .gitignore   |   2 -
 Gemfile.lock | 249 +++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 249 insertions(+), 2 deletions(-)
 create mode 100644 Gemfile.lock

diff --git a/.gitignore b/.gitignore
index af408d27..2d2eb810 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,3 @@
 _site/
-Gemfile
-Gemfile.lock
 .sass-cache/
 .DS_Store
diff --git a/Gemfile.lock b/Gemfile.lock
new file mode 100644
index 00000000..5240d6f2
--- /dev/null
+++ b/Gemfile.lock
@@ -0,0 +1,249 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    activesupport (4.2.10)
+      i18n (~> 0.7)
+      minitest (~> 5.1)
+      thread_safe (~> 0.3, >= 0.3.4)
+      tzinfo (~> 1.1)
+    addressable (2.5.2)
+      public_suffix (>= 2.0.2, < 4.0)
+    coffee-script (2.4.1)
+      coffee-script-source
+      execjs
+    coffee-script-source (1.11.1)
+    colorator (1.1.0)
+    commonmarker (0.17.13)
+      ruby-enum (~> 0.5)
+    concurrent-ruby (1.1.5)
+    dnsruby (1.61.2)
+      addressable (~> 2.5)
+    em-websocket (0.5.1)
+      eventmachine (>= 0.12.9)
+      http_parser.rb (~> 0.6.0)
+    ethon (0.12.0)
+      ffi (>= 1.3.0)
+    eventmachine (1.2.7)
+    execjs (2.7.0)
+    faraday (0.15.4)
+      multipart-post (>= 1.2, < 3)
+    ffi (1.11.1)
+    forwardable-extended (2.6.0)
+    gemoji (3.0.0)
+    github-pages (197)
+      activesupport (= 4.2.10)
+      github-pages-health-check (= 1.16.1)
+      jekyll (= 3.7.4)
+      jekyll-avatar (= 0.6.0)
+      jekyll-coffeescript (= 1.1.1)
+      jekyll-commonmark-ghpages (= 0.1.5)
+      jekyll-default-layout (= 0.1.4)
+      jekyll-feed (= 0.11.0)
+      jekyll-gist (= 1.5.0)
+      jekyll-github-metadata (= 2.12.1)
+      jekyll-mentions (= 1.4.1)
+      jekyll-optional-front-matter (= 0.3.0)
+      jekyll-paginate (= 1.1.0)
+      jekyll-readme-index (= 0.2.0)
+      jekyll-redirect-from (= 0.14.0)
+      jekyll-relative-links (= 0.6.0)
+      jekyll-remote-theme (= 0.3.1)
+      jekyll-sass-converter (= 1.5.2)
+      jekyll-seo-tag (= 2.5.0)
+      jekyll-sitemap (= 1.2.0)
+      jekyll-swiss (= 0.4.0)
+      jekyll-theme-architect (= 0.1.1)
+      jekyll-theme-cayman (= 0.1.1)
+      jekyll-theme-dinky (= 0.1.1)
+      jekyll-theme-hacker (= 0.1.1)
+      jekyll-theme-leap-day (= 0.1.1)
+      jekyll-theme-merlot (= 0.1.1)
+      jekyll-theme-midnight (= 0.1.1)
+      jekyll-theme-minimal (= 0.1.1)
+      jekyll-theme-modernist (= 0.1.1)
+      jekyll-theme-primer (= 0.5.3)
+      jekyll-theme-slate (= 0.1.1)
+      jekyll-theme-tactile (= 0.1.1)
+      jekyll-theme-time-machine (= 0.1.1)
+      jekyll-titles-from-headings (= 0.5.1)
+      jemoji (= 0.10.2)
+      kramdown (= 1.17.0)
+      liquid (= 4.0.0)
+      listen (= 3.1.5)
+      mercenary (~> 0.3)
+      minima (= 2.5.0)
+      nokogiri (>= 1.8.5, < 2.0)
+      rouge (= 2.2.1)
+      terminal-table (~> 1.4)
+    github-pages-health-check (1.16.1)
+      addressable (~> 2.3)
+      dnsruby (~> 1.60)
+      octokit (~> 4.0)
+      public_suffix (~> 3.0)
+      typhoeus (~> 1.3)
+    html-pipeline (2.10.0)
+      activesupport (>= 2)
+      nokogiri (>= 1.4)
+    http_parser.rb (0.6.0)
+    i18n (0.9.5)
+      concurrent-ruby (~> 1.0)
+    jekyll (3.7.4)
+      addressable (~> 2.4)
+      colorator (~> 1.0)
+      em-websocket (~> 0.5)
+      i18n (~> 0.7)
+      jekyll-sass-converter (~> 1.0)
+      jekyll-watch (~> 2.0)
+      kramdown (~> 1.14)
+      liquid (~> 4.0)
+      mercenary (~> 0.3.3)
+      pathutil (~> 0.9)
+      rouge (>= 1.7, < 4)
+      safe_yaml (~> 1.0)
+    jekyll-avatar (0.6.0)
+      jekyll (~> 3.0)
+    jekyll-coffeescript (1.1.1)
+      coffee-script (~> 2.2)
+      coffee-script-source (~> 1.11.1)
+    jekyll-commonmark (1.3.1)
+      commonmarker (~> 0.14)
+      jekyll (>= 3.7, < 5.0)
+    jekyll-commonmark-ghpages (0.1.5)
+      commonmarker (~> 0.17.6)
+      jekyll-commonmark (~> 1)
+      rouge (~> 2)
+    jekyll-default-layout (0.1.4)
+      jekyll (~> 3.0)
+    jekyll-feed (0.11.0)
+      jekyll (~> 3.3)
+    jekyll-gist (1.5.0)
+      octokit (~> 4.2)
+    jekyll-github-metadata (2.12.1)
+      jekyll (~> 3.4)
+      octokit (~> 4.0, != 4.4.0)
+    jekyll-mentions (1.4.1)
+      html-pipeline (~> 2.3)
+      jekyll (~> 3.0)
+    jekyll-optional-front-matter (0.3.0)
+      jekyll (~> 3.0)
+    jekyll-paginate (1.1.0)
+    jekyll-readme-index (0.2.0)
+      jekyll (~> 3.0)
+    jekyll-redirect-from (0.14.0)
+      jekyll (~> 3.3)
+    jekyll-relative-links (0.6.0)
+      jekyll (~> 3.3)
+    jekyll-remote-theme (0.3.1)
+      jekyll (~> 3.5)
+      rubyzip (>= 1.2.1, < 3.0)
+    jekyll-sass-converter (1.5.2)
+      sass (~> 3.4)
+    jekyll-seo-tag (2.5.0)
+      jekyll (~> 3.3)
+    jekyll-sitemap (1.2.0)
+      jekyll (~> 3.3)
+    jekyll-swiss (0.4.0)
+    jekyll-theme-architect (0.1.1)
+      jekyll (~> 3.5)
+      jekyll-seo-tag (~> 2.0)
+    jekyll-theme-cayman (0.1.1)
+      jekyll (~> 3.5)
+      jekyll-seo-tag (~> 2.0)
+    jekyll-theme-dinky (0.1.1)
+      jekyll (~> 3.5)
+      jekyll-seo-tag (~> 2.0)
+    jekyll-theme-hacker (0.1.1)
+      jekyll (~> 3.5)
+      jekyll-seo-tag (~> 2.0)
+    jekyll-theme-leap-day (0.1.1)
+      jekyll (~> 3.5)
+      jekyll-seo-tag (~> 2.0)
+    jekyll-theme-merlot (0.1.1)
+      jekyll (~> 3.5)
+      jekyll-seo-tag (~> 2.0)
+    jekyll-theme-midnight (0.1.1)
+      jekyll (~> 3.5)
+      jekyll-seo-tag (~> 2.0)
+    jekyll-theme-minimal (0.1.1)
+      jekyll (~> 3.5)
+      jekyll-seo-tag (~> 2.0)
+    jekyll-theme-modernist (0.1.1)
+      jekyll (~> 3.5)
+      jekyll-seo-tag (~> 2.0)
+    jekyll-theme-primer (0.5.3)
+      jekyll (~> 3.5)
+      jekyll-github-metadata (~> 2.9)
+      jekyll-seo-tag (~> 2.0)
+    jekyll-theme-slate (0.1.1)
+      jekyll (~> 3.5)
+      jekyll-seo-tag (~> 2.0)
+    jekyll-theme-tactile (0.1.1)
+      jekyll (~> 3.5)
+      jekyll-seo-tag (~> 2.0)
+    jekyll-theme-time-machine (0.1.1)
+      jekyll (~> 3.5)
+      jekyll-seo-tag (~> 2.0)
+    jekyll-titles-from-headings (0.5.1)
+      jekyll (~> 3.3)
+    jekyll-watch (2.2.1)
+      listen (~> 3.0)
+    jemoji (0.10.2)
+      gemoji (~> 3.0)
+      html-pipeline (~> 2.2)
+      jekyll (~> 3.0)
+    kramdown (1.17.0)
+    liquid (4.0.0)
+    listen (3.1.5)
+      rb-fsevent (~> 0.9, >= 0.9.4)
+      rb-inotify (~> 0.9, >= 0.9.7)
+      ruby_dep (~> 1.2)
+    mercenary (0.3.6)
+    mini_portile2 (2.4.0)
+    minima (2.5.0)
+      jekyll (~> 3.5)
+      jekyll-feed (~> 0.9)
+      jekyll-seo-tag (~> 2.1)
+    minitest (5.11.3)
+    multipart-post (2.0.0)
+    nokogiri (1.10.2)
+      mini_portile2 (~> 2.4.0)
+    octokit (4.13.0)
+      sawyer (~> 0.8.0, >= 0.5.3)
+    pathutil (0.16.2)
+      forwardable-extended (~> 2.6)
+    public_suffix (3.1.1)
+    rb-fsevent (0.10.3)
+    rb-inotify (0.10.0)
+      ffi (~> 1.0)
+    rouge (2.2.1)
+    ruby-enum (0.7.2)
+      i18n
+    ruby_dep (1.5.0)
+    rubyzip (1.2.2)
+    safe_yaml (1.0.5)
+    sass (3.7.4)
+      sass-listen (~> 4.0.0)
+    sass-listen (4.0.0)
+      rb-fsevent (~> 0.9, >= 0.9.4)
+      rb-inotify (~> 0.9, >= 0.9.7)
+    sawyer (0.8.1)
+      addressable (>= 2.3.5, < 2.6)
+      faraday (~> 0.8, < 1.0)
+    terminal-table (1.8.0)
+      unicode-display_width (~> 1.1, >= 1.1.1)
+    thread_safe (0.3.6)
+    typhoeus (1.3.1)
+      ethon (>= 0.9.0)
+    tzinfo (1.2.5)
+      thread_safe (~> 0.1)
+    unicode-display_width (1.5.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  github-pages
+  tzinfo-data
+
+BUNDLED WITH
+   2.0.2

From cc4dde6a0a5583f426b779894dacb7706a3ad7e7 Mon Sep 17 00:00:00 2001
From: Jonah <jonah@triplebit.net>
Date: Mon, 26 Aug 2019 16:30:37 -0500
Subject: [PATCH 04/22] Upgrade some packages

---
 Gemfile.lock | 36 ++++++++++++++++++------------------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 5240d6f2..05594934 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,12 +1,12 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    activesupport (4.2.10)
+    activesupport (4.2.11.1)
       i18n (~> 0.7)
       minitest (~> 5.1)
       thread_safe (~> 0.3, >= 0.3.4)
       tzinfo (~> 1.1)
-    addressable (2.5.2)
+    addressable (2.6.0)
       public_suffix (>= 2.0.2, < 4.0)
     coffee-script (2.4.1)
       coffee-script-source
@@ -16,7 +16,7 @@ GEM
     commonmarker (0.17.13)
       ruby-enum (~> 0.5)
     concurrent-ruby (1.1.5)
-    dnsruby (1.61.2)
+    dnsruby (1.61.3)
       addressable (~> 2.5)
     em-websocket (0.5.1)
       eventmachine (>= 0.12.9)
@@ -29,11 +29,11 @@ GEM
       multipart-post (>= 1.2, < 3)
     ffi (1.11.1)
     forwardable-extended (2.6.0)
-    gemoji (3.0.0)
-    github-pages (197)
-      activesupport (= 4.2.10)
+    gemoji (3.0.1)
+    github-pages (198)
+      activesupport (= 4.2.11.1)
       github-pages-health-check (= 1.16.1)
-      jekyll (= 3.7.4)
+      jekyll (= 3.8.5)
       jekyll-avatar (= 0.6.0)
       jekyll-coffeescript (= 1.1.1)
       jekyll-commonmark-ghpages (= 0.1.5)
@@ -81,13 +81,13 @@ GEM
       octokit (~> 4.0)
       public_suffix (~> 3.0)
       typhoeus (~> 1.3)
-    html-pipeline (2.10.0)
+    html-pipeline (2.12.0)
       activesupport (>= 2)
       nokogiri (>= 1.4)
     http_parser.rb (0.6.0)
     i18n (0.9.5)
       concurrent-ruby (~> 1.0)
-    jekyll (3.7.4)
+    jekyll (3.8.5)
       addressable (~> 2.4)
       colorator (~> 1.0)
       em-websocket (~> 0.5)
@@ -204,10 +204,10 @@ GEM
       jekyll-feed (~> 0.9)
       jekyll-seo-tag (~> 2.1)
     minitest (5.11.3)
-    multipart-post (2.0.0)
-    nokogiri (1.10.2)
+    multipart-post (2.1.1)
+    nokogiri (1.10.4)
       mini_portile2 (~> 2.4.0)
-    octokit (4.13.0)
+    octokit (4.14.0)
       sawyer (~> 0.8.0, >= 0.5.3)
     pathutil (0.16.2)
       forwardable-extended (~> 2.6)
@@ -219,16 +219,16 @@ GEM
     ruby-enum (0.7.2)
       i18n
     ruby_dep (1.5.0)
-    rubyzip (1.2.2)
+    rubyzip (1.2.3)
     safe_yaml (1.0.5)
     sass (3.7.4)
       sass-listen (~> 4.0.0)
     sass-listen (4.0.0)
       rb-fsevent (~> 0.9, >= 0.9.4)
       rb-inotify (~> 0.9, >= 0.9.7)
-    sawyer (0.8.1)
-      addressable (>= 2.3.5, < 2.6)
-      faraday (~> 0.8, < 1.0)
+    sawyer (0.8.2)
+      addressable (>= 2.3.5)
+      faraday (> 0.8, < 2.0)
     terminal-table (1.8.0)
       unicode-display_width (~> 1.1, >= 1.1.1)
     thread_safe (0.3.6)
@@ -236,7 +236,7 @@ GEM
       ethon (>= 0.9.0)
     tzinfo (1.2.5)
       thread_safe (~> 0.1)
-    unicode-display_width (1.5.0)
+    unicode-display_width (1.6.0)
 
 PLATFORMS
   ruby
@@ -246,4 +246,4 @@ DEPENDENCIES
   tzinfo-data
 
 BUNDLED WITH
-   2.0.2
+   2.0.1

From 3d0dd9d6030ac29c3b9b85bf3f5ad3d837ff238e Mon Sep 17 00:00:00 2001
From: nitrohorse <1514352+nitrohorse@users.noreply.github.com>
Date: Mon, 26 Aug 2019 22:53:10 -0700
Subject: [PATCH 05/22] Remove text wrapping for DNS providers table server
 locations column (#1222)

---
 _includes/sections/dns.html | 114 +++++++++++++++++++++++++++++++-----
 assets/css/style.scss       |   4 ++
 2 files changed, 104 insertions(+), 14 deletions(-)

diff --git a/_includes/sections/dns.html b/_includes/sections/dns.html
index 19c3e777..3fc98d78 100644
--- a/_includes/sections/dns.html
+++ b/_includes/sections/dns.html
@@ -54,7 +54,12 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
         <td data-value="AdGuard">
           <a href="https://adguard.com/en/adguard-dns/overview.html">AdGuard</a>
         </td>
-        <td>Anycast (based in <span class="flag-icon flag-icon-cy"></span> Cyprus)</td>
+        <td>Anycast (based in
+          <span class="no-text-wrap">
+            <span class="flag-icon flag-icon-cy"></span>
+              Cyprus)
+          </span>
+        </td>
         <td>
           <a data-toggle="tooltip" data-placement="bottom" data-original-title="https://adguard.com/en/privacy/dns.html" href="https://adguard.com/en/privacy/dns.html">
             <img alt="WWW" src="/assets/img/layout/www.png" width="35" height="35">
@@ -77,7 +82,20 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
         <td data-value="BlahDNS">
           <a href="https://blahdns.com/">BlahDNS</a>
         </td>
-        <td><span class="flag-icon flag-icon-ch"></span> Switzerland, <span class="flag-icon flag-icon-jp"></span> Japan, <span class="flag-icon flag-icon-de"></span> Germany</td>
+        <td>
+          <span class="no-text-wrap">
+            <span class="flag-icon flag-icon-ch"></span>
+            Switzerland,
+          </span>
+          <span class="no-text-wrap">
+            <span class="flag-icon flag-icon-jp"></span>
+            Japan,
+          </span>
+          <span class="no-text-wrap">
+            <span class="flag-icon flag-icon-de"></span>
+            Germany
+          </span>
+        </td>
         <td>
           <a data-toggle="tooltip" data-placement="bottom" data-original-title='"No logs."'>
             <img alt="WWW" src="/assets/img/layout/www.png" width="35" height="35">
@@ -85,7 +103,15 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
         </td>
         <td>Hobby Project</td>
         <td>No</td>
-        <td data-value="dot/443">DoH, <span data-toggle="tooltip" data-placement="bottom" data-original-title="Supports port 443 in addition to 853"><strong>DoT</strong></span>, DNSCrypt</td>
+        <td data-value="dot/443">
+          <span class="no-text-wrap">
+            DoH,
+            <span data-toggle="tooltip" data-placement="bottom" data-original-title="Supports port 443 in addition to 853">
+              <strong>DoT</strong>,
+            </span>
+          </span>
+          DNSCrypt
+        </td>
         <td>Yes</td>
         <td>Yes</td>
         <td>Ads, trackers, malicious domains <span class="badge badge-warning" data-toggle="tooltip" data-original-title="And some wildcard, IDN, and non-ASCII domains."><a href="https://github.com/ookangzheng/blahdns#default-blocked-wildcard-domain"><i class="fas fa-exclamation-triangle"></i></a></span></td>
@@ -100,7 +126,12 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
         <td data-value="Cloudflare">
           <a href="https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/">Cloudflare</a> <span class="badge badge-warning" data-toggle="tooltip" title="Cloudflare is one of the world's largest networks, and a problem considering anonymity and decentralization."><a href="https://codeberg.org/crimeflare/cloudflare-tor/"><i class="fas fa-exclamation-triangle"></i></a></span>
         </td>
-        <td>Anycast (based in <span class="flag-icon flag-icon-us"></span> US)</td>
+        <td>Anycast (based in
+          <span class="no-text-wrap">
+            <span class="flag-icon flag-icon-us"></span>
+            US)
+          </span>
+        </td>
         <td>
           <a data-toggle="tooltip" data-placement="bottom" data-original-title="https://www.cloudflare.com/privacypolicy/" href="https://www.cloudflare.com/privacypolicy/">
             <img alt="WWW" src="/assets/img/layout/www.png" width="35" height="35">
@@ -123,7 +154,12 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
         <td data-value="CZ.NIC">
           <a href="https://www.nic.cz/odvr/">CZ.NIC</a>
         </td>
-        <td><span class="flag-icon flag-icon-cz"></span> Czech Republic</td>
+        <td>
+          <span class="no-text-wrap">
+            <span class="flag-icon flag-icon-cz"></span>
+            Czech Republic
+          </span>
+        </td>
         <td>
           <a data-toggle="tooltip" data-placement="bottom" data-original-title='"CZ.NIC resolvers neither collect any personal data nor gather information on pages where your computer sends personal data."'>
             <img alt="WWW" src="/assets/img/layout/www.png" width="35" height="35">
@@ -142,7 +178,12 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
         <td data-value="dnswarden">
           <a href="https://github.com/bhanupratapys/dnswarden/blob/master/README.md">dnswarden</a>
         </td>
-        <td><span class="flag-icon flag-icon-de"></span> Germany</td>
+        <td>
+          <span class="no-text-wrap">
+            <span class="flag-icon flag-icon-de"></span>
+            Germany
+          </span>
+        </td>
         <td>
           <a data-toggle="tooltip" data-placement="bottom" data-original-title="https://github.com/bhanupratapys/dnswarden/blob/master/README.md#privacy-policy-and-tc" href="https://github.com/bhanupratapys/dnswarden/blob/master/README.md#privacy-policy-and-tc">
             <img alt="WWW" src="/assets/img/layout/www.png" width="35" height="35">
@@ -150,7 +191,15 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
         </td>
         <td>Hobby Project</td>
         <td>No</td>
-        <td data-value="dot/443">DoH, <span data-toggle="tooltip" data-placement="bottom" data-original-title="Supports port 443 in addition to 853"><strong>DoT</strong></span>, DNSCrypt</td>
+        <td data-value="dot/443">
+          <span class="no-text-wrap">
+            DoH,
+            <span data-toggle="tooltip" data-placement="bottom" data-original-title="Supports port 443 in addition to 853">
+              <strong>DoT</strong>,
+            </span>
+          </span>
+          DNSCrypt
+        </td>
         <td>Yes</td>
         <td>Yes</td>
         <td>Based on server choice</td>
@@ -161,7 +210,12 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
         <td data-value="Foundation for Applied Privacy">
           <a href="https://appliedprivacy.net/services/dns/">Foundation for Applied Privacy</a>
         </td>
-        <td><span class="flag-icon flag-icon-at"></span> Austria</td>
+        <td>
+          <span class="no-text-wrap">
+            <span class="flag-icon flag-icon-at"></span>
+            Austria
+          </span>
+        </td>
         <td>
           <a data-toggle="tooltip" data-placement="bottom" data-original-title="https://appliedprivacy.net/privacy-policy" href="https://appliedprivacy.net/privacy-policy">
             <img alt="WWW" src="/assets/img/layout/www.png" width="35" height="35">
@@ -169,7 +223,14 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
         </td>
         <td>Non-Profit</td>
         <td><a data-toggle="tooltip" data-placement="bottom" data-original-title='"We do NOT log your IP address or DNS queries during normal operations. We do NOT share query data with third parties that are not directly involved with resolving the query (i.e. sending queries to authoritative nameservers for resolution)."' href="https://appliedprivacy.net/privacy-policy/">Some</a></td>
-        <td data-value="dot/443">DoH, <span data-toggle="tooltip" data-placement="bottom" data-original-title="Supports port 443 in addition to 853"><strong>DoT</strong></span></td>
+        <td data-value="dot/443">
+          <span class="no-text-wrap">
+            DoH,
+            <span data-toggle="tooltip" data-placement="bottom" data-original-title="Supports port 443 in addition to 853">
+              <strong>DoT</strong>
+            </span>
+          </span>
+        </td>
         <td>Yes</td>
         <td>Yes</td>
         <td>No</td>
@@ -180,7 +241,12 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
         <td data-value="nextdns">
           <a href="https://www.nextdns.io/">nextdns</a>
         </td>
-        <td>Anycast (based in <span class="flag-icon flag-icon-us"></span> US)</td>
+        <td>Anycast (based in
+          <span class="no-text-wrap">
+            <span class="flag-icon flag-icon-us"></span>
+            US)
+          </span>
+        </td>
         <td>
           <a data-toggle="tooltip" data-placement="bottom" data-original-title="https://www.nextdns.io/privacy" href="https://www.nextdns.io/privacy">
             <img alt="WWW" src="/assets/img/layout/www.png" width="35" height="35">
@@ -199,7 +265,12 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
         <td data-value="PowerDNS">
           <a href="https://powerdns.org/">PowerDNS</a>
         </td>
-        <td><span class="flag-icon flag-icon-nl"></span> The Netherlands</td>
+        <td>
+          <span class="no-text-wrap">
+            <span class="flag-icon flag-icon-nl"></span>
+            The Netherlands
+          </span>
+        </td>
         <td>
           <a data-toggle="tooltip" data-placement="bottom" data-original-title="https://powerdns.org/doh/privacy.html" href="https://powerdns.org/doh/privacy.html">
             <img alt="WWW" src="/assets/img/layout/www.png" width="35" height="35">
@@ -222,7 +293,12 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
         <td data-value="Quad9">
           <a href="https://quad9.net/">Quad9</a> <span class="badge badge-warning" data-toggle="tooltip" title="Founders include the Global Cyber Alliance, comprised of the City of London Police and Manhattan District Attorney's Office"><i class="fas fa-exclamation-triangle"></i></span>
         </td>
-        <td>Anycast (based in <span class="flag-icon flag-icon-us"></span> US)</td>
+        <td>Anycast (based in
+          <span class="no-text-wrap">
+            <span class="flag-icon flag-icon-us"></span>
+            US)
+          </span>
+        </td>
         <td>
           <a data-toggle="tooltip" data-placement="bottom" data-original-title="https://quad9.net/policy/" href="https://quad9.net/policy/">
             <img alt="WWW" src="/assets/img/layout/www.png" width="35" height="35">
@@ -241,7 +317,12 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
         <td data-value="SecureDNS">
           <a href="https://securedns.eu/">SecureDNS</a>
         </td>
-        <td><span class="flag-icon flag-icon-nl"></span> The Netherlands</td>
+        <td>
+          <span class="no-text-wrap">
+            <span class="flag-icon flag-icon-nl"></span>
+            The Netherlands
+          </span>
+        </td>
         <td>
           <a data-toggle="tooltip" data-placement="bottom" data-original-title="https://securedns.eu/#privacy" href="https://securedns.eu/#privacy">
             <img alt="WWW" src="/assets/img/layout/www.png" width="35" height="35">
@@ -260,7 +341,12 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
         <td data-value="UncensoredDNS">
           <a href="https://blog.uncensoreddns.org/">UncensoredDNS</a>
         </td>
-        <td>Anycast (based in <span class="flag-icon flag-icon-dk"></span> Denmark)</td>
+        <td>Anycast (based in
+          <span class="no-text-wrap">
+            <span class="flag-icon flag-icon-dk"></span>
+            Denmark)
+          </span>
+        </td>
         <td>
           <a data-toggle="tooltip" data-placement="bottom" data-original-title='"Absolutely nothing is being logged, neither about the users nor the usage of this service. I do keep graphs of the total number of queries, but no personally identifiable information is saved. The data that is saved will never be sold or used for anything except capacity planning of the service."'>
             <img alt="WWW" src="/assets/img/layout/www.png" width="35" height="35">
diff --git a/assets/css/style.scss b/assets/css/style.scss
index c2ab51f4..0cd336a8 100644
--- a/assets/css/style.scss
+++ b/assets/css/style.scss
@@ -335,3 +335,7 @@ input#nav-toggle,
     max-height: 8em;
   }
 }
+
+.no-text-wrap {
+  white-space: nowrap;
+}

From d85ae256e2570e868cc53917f7b00bdbdbf998b8 Mon Sep 17 00:00:00 2001
From: Mikaela Suomalainen <mikaela+git@mikaela.info>
Date: Tue, 27 Aug 2019 22:05:58 +0300
Subject: [PATCH 06/22] paste-services: fix PrivateBin website (#1228)

---
 _includes/sections/paste-services.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_includes/sections/paste-services.html b/_includes/sections/paste-services.html
index 788d8210..3cb3b676 100644
--- a/_includes/sections/paste-services.html
+++ b/_includes/sections/paste-services.html
@@ -4,7 +4,7 @@
 title="PrivateBin"
 image="/assets/img/tools/PrivateBin.png"
 description="PrivateBin is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256bit AES. It is the improved version of ZeroBin."
-website="https://bin.privacytools.io/"
+website="https://privatebin.info/"
 forum="https://forum.privacytools.io/t/discussion-privatebin/296"
 github="https://github.com/PrivateBin/PrivateBin"
 %}

From e79a97719a81c15f9890d4401e5f44607d6d3776 Mon Sep 17 00:00:00 2001
From: Alberto <strappazzon@protonmail.com>
Date: Tue, 27 Aug 2019 23:05:52 +0200
Subject: [PATCH 07/22] Fix typos (#1229)

---
 _includes/sections/dns.html               | 4 ++--
 _includes/sections/privacy-resources.html | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/_includes/sections/dns.html b/_includes/sections/dns.html
index 3fc98d78..3fd69f7f 100644
--- a/_includes/sections/dns.html
+++ b/_includes/sections/dns.html
@@ -394,7 +394,7 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
       <ul>
         <li><em>Firefox</em> comes with built-in DoH support with Cloudflare set as the default resolver, but can be configured to use any DoH resolver. <span class="badge badge-warning" data-toggle="tooltip" data-placement="bottom" data-original-title='"Cloudflare has agreed to collect only a limited amount of data about the DNS requests that are sent to the Cloudflare Resolver for Firefox via the Firefox browser."'><a href="https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/firefox/"><i class="fas fa-exclamation-triangle"></i></a></span> Currently Mozilla is <a href="https://blog.mozilla.org/futurereleases/2019/07/31/dns-over-https-doh-update-detecting-managed-networks-and-user-choice/">conducting studies</a> before enabling DoH by default for all US-based Firefox users.</li>
             <ul>
-                <li>DNS over HTTPS can be enabled in Menu -> Preferences (<code>about:preferences</code>) -> Network Settings -> Enable DNS over HTTPS. Set "Use Provider" to "Custom," and enter your DoH provider's address.</li>
+                <li>DNS over HTTPS can be enabled in Menu -> Preferences (<code>about:preferences</code>) -> Network Settings -> Enable DNS over HTTPS. Set "Use Provider" to "Custom", and enter your DoH provider's address.</li>
                 <li>Advanced users may enable it in <code>about:config</code> by setting <code>network.trr.custom_uri</code> and <code>network.trr.uri</code> as the address you find from the documentation of your DoH provider and <code>network.trr.mode</code> as <code>2</code>. It may also be desirable to set <code>network.esni.enabled</code> to <code>True</code> in order to enable encrypted SNI and make sites supporting ESNI a bit more difficult to track.</li>
             </ul>
       </ul>
@@ -432,4 +432,4 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
       </ul>
     </li>
   </ul>
-</div>
\ No newline at end of file
+</div>
diff --git a/_includes/sections/privacy-resources.html b/_includes/sections/privacy-resources.html
index a6c51b07..421c3bf2 100644
--- a/_includes/sections/privacy-resources.html
+++ b/_includes/sections/privacy-resources.html
@@ -22,7 +22,7 @@
   <li><a href="https://www.grc.com/securitynow.htm"><strong>Security Now!</strong></a> - Weekly Internet Security Podcast by Steve Gibson and Leo Laporte.</li>
   <li><a href="https://www.jupiterbroadcasting.com/show/techsnap/"><strong>TechSNAP</strong></a> - Weekly Systems, Network, and Administration Podcast. Every week TechSNAP covers the stories that impact those of us in the tech industry.</li>
   <li><a href="https://tosdr.org/"><strong>Terms of Service; Didn't Read</strong></a> - "I have read and agree to the Terms" is the biggest lie on the web. We aim to fix that.</li>
-  <li><a href="https://codeberg.org/crimeflare/cloudflare-tor"><strong>The Great Cloudwall</strong></a> - Critique and information on why to avoid Cloudflare, a big company with a huge portition of the internet behind it.</li>
+  <li><a href="https://codeberg.org/crimeflare/cloudflare-tor"><strong>The Great Cloudwall</strong></a> - Critique and information on why to avoid Cloudflare, a big company with a huge portion of the internet behind it.</li>
 </ul>
 
 <h3>Tools</h3>

From 6c7cc2100ed23d6b831bf2fa5f685264b218212c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cl=C3=A1udio=20J=C3=BAlio=20Ferraz?=
 <claudiojulioferraz@users.noreply.github.com>
Date: Tue, 27 Aug 2019 21:49:58 +0000
Subject: [PATCH 08/22] Firefox "esni" configuration fix (#1230)

The correct configuration name is "network.security.esni.enabled"
---
 _includes/sections/dns.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_includes/sections/dns.html b/_includes/sections/dns.html
index 3fd69f7f..ce9b0747 100644
--- a/_includes/sections/dns.html
+++ b/_includes/sections/dns.html
@@ -395,7 +395,7 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
         <li><em>Firefox</em> comes with built-in DoH support with Cloudflare set as the default resolver, but can be configured to use any DoH resolver. <span class="badge badge-warning" data-toggle="tooltip" data-placement="bottom" data-original-title='"Cloudflare has agreed to collect only a limited amount of data about the DNS requests that are sent to the Cloudflare Resolver for Firefox via the Firefox browser."'><a href="https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/firefox/"><i class="fas fa-exclamation-triangle"></i></a></span> Currently Mozilla is <a href="https://blog.mozilla.org/futurereleases/2019/07/31/dns-over-https-doh-update-detecting-managed-networks-and-user-choice/">conducting studies</a> before enabling DoH by default for all US-based Firefox users.</li>
             <ul>
                 <li>DNS over HTTPS can be enabled in Menu -> Preferences (<code>about:preferences</code>) -> Network Settings -> Enable DNS over HTTPS. Set "Use Provider" to "Custom", and enter your DoH provider's address.</li>
-                <li>Advanced users may enable it in <code>about:config</code> by setting <code>network.trr.custom_uri</code> and <code>network.trr.uri</code> as the address you find from the documentation of your DoH provider and <code>network.trr.mode</code> as <code>2</code>. It may also be desirable to set <code>network.esni.enabled</code> to <code>True</code> in order to enable encrypted SNI and make sites supporting ESNI a bit more difficult to track.</li>
+                <li>Advanced users may enable it in <code>about:config</code> by setting <code>network.trr.custom_uri</code> and <code>network.trr.uri</code> as the address you find from the documentation of your DoH provider and <code>network.trr.mode</code> as <code>2</code>. It may also be desirable to set <code>network.security.esni.enabled</code> to <code>True</code> in order to enable encrypted SNI and make sites supporting ESNI a bit more difficult to track.</li>
             </ul>
       </ul>
     </li>

From 1d9cedc7fa331ec7171dadc9557564f6916d1f78 Mon Sep 17 00:00:00 2001
From: nitrohorse <1514352+nitrohorse@users.noreply.github.com>
Date: Wed, 28 Aug 2019 04:37:28 -0700
Subject: [PATCH 09/22] Add NixNet DNS (#1226)

* Add NixNet DNS

* No text wrap update

* Add source + state filtering
---
 _includes/sections/dns.html | 41 +++++++++++++++++++++++++++++++++++++
 source_code.md              |  2 ++
 2 files changed, 43 insertions(+)

diff --git a/_includes/sections/dns.html b/_includes/sections/dns.html
index ce9b0747..fd1c308e 100644
--- a/_includes/sections/dns.html
+++ b/_includes/sections/dns.html
@@ -261,6 +261,47 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
         <td>?</td>
       </tr>
 
+      <tr>
+        <td data-value="NixNet">
+          <a href="https://nixnet.xyz/dns/">NixNet</a>
+        </td>
+        <td>
+          <span class="no-text-wrap">
+            Anycast (based in
+            <span class="flag-icon flag-icon-us"></span>
+            US),
+          </span>
+          <span class="no-text-wrap">
+            <span class="flag-icon flag-icon-us"></span>
+            US,
+          </span>
+          <span class="no-text-wrap">
+            <span class="flag-icon flag-icon-lu"></span>
+            Luxembourg
+          </span>
+        </td>
+        <td>
+          <a data-toggle="tooltip" data-placement="bottom" data-original-title="https://nixnet.xyz/privacy/" href="https://nixnet.xyz/privacy/">
+            <img alt="WWW" src="/assets/img/layout/www.png" width="35" height="35">
+          </a>
+        </td>
+        <td>
+          <a data-toggle="tooltip" data-placement="bottom" data-original-title='Part of LibreHosters, "a network of cooperation and solidarity that uses free software to encourage decentralisation through federation and distributed platforms."' href="https://libreho.st/">
+            Informal collective
+          </a>
+        </td>
+        <td>No</td>
+        <td>DoT</td>
+        <td>Yes</td>
+        <td>Yes</td>
+        <td>Based on server choice</td>
+        <td>
+          <a data-toggle="tooltip" data-placement="bottom" data-original-title="https://git.nixnet.xyz/NixNet/dns" href="https://git.nixnet.xyz/NixNet/dns">
+            <img alt="WWW" src="/assets/img/layout/www.png" width="35" height="35">
+          </a>
+        </td>
+      </tr>
+
       <tr>
         <td data-value="PowerDNS">
           <a href="https://powerdns.org/">PowerDNS</a>
diff --git a/source_code.md b/source_code.md
index 749ef7fb..cfda0ba3 100644
--- a/source_code.md
+++ b/source_code.md
@@ -299,6 +299,8 @@ BlahDNS: https://github.com/ookangzheng/blahdns/
 
 CloudFlare DNS: https://github.com/cloudflare/dns
 
+NixNet DNS: https://git.nixnet.xyz/NixNet/dns
+
 PowerDNS: https://github.com/PowerDNS/pdns
 
 ### Worth Mentioning and Additional Information

From 4684647d4333f9d4580e1a1c2be2d83320a030cc Mon Sep 17 00:00:00 2001
From: Dawid Potocki <dpot@disroot.org>
Date: Wed, 28 Aug 2019 19:19:28 +0000
Subject: [PATCH 10/22] Indicate that there is information on DoT hover (#1232)

Fixes #1199
---
 _includes/sections/dns.html | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/_includes/sections/dns.html b/_includes/sections/dns.html
index fd1c308e..37815afb 100644
--- a/_includes/sections/dns.html
+++ b/_includes/sections/dns.html
@@ -107,7 +107,7 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
           <span class="no-text-wrap">
             DoH,
             <span data-toggle="tooltip" data-placement="bottom" data-original-title="Supports port 443 in addition to 853">
-              <strong>DoT</strong>,
+              DoT <span class="fas fa-info-circle fa-sm text-secondary"></span>,
             </span>
           </span>
           DNSCrypt
@@ -195,7 +195,7 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
           <span class="no-text-wrap">
             DoH,
             <span data-toggle="tooltip" data-placement="bottom" data-original-title="Supports port 443 in addition to 853">
-              <strong>DoT</strong>,
+              DoT <span class="fas fa-info-circle fa-sm text-secondary"></span>,
             </span>
           </span>
           DNSCrypt
@@ -227,7 +227,7 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
           <span class="no-text-wrap">
             DoH,
             <span data-toggle="tooltip" data-placement="bottom" data-original-title="Supports port 443 in addition to 853">
-              <strong>DoT</strong>
+              DoT <span class="fas fa-info-circle fa-sm text-secondary"></span>
             </span>
           </span>
         </td>

From eb040508e6e180658e79fe056a11616b5d76a730 Mon Sep 17 00:00:00 2001
From: nitrohorse <1514352+nitrohorse@users.noreply.github.com>
Date: Thu, 29 Aug 2019 07:52:07 -0700
Subject: [PATCH 11/22] Center table row values (#1235)

---
 assets/css/style.scss | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/assets/css/style.scss b/assets/css/style.scss
index 0cd336a8..db658de1 100644
--- a/assets/css/style.scss
+++ b/assets/css/style.scss
@@ -339,3 +339,8 @@ input#nav-toggle,
 .no-text-wrap {
   white-space: nowrap;
 }
+
+.table td, .table th {
+  vertical-align: middle;
+}
+

From 09e1d8593387acdfd5bd637fdd403a2253a5296c Mon Sep 17 00:00:00 2001
From: Dawid Potocki <dpot@disroot.org>
Date: Thu, 29 Aug 2019 14:52:56 +0000
Subject: [PATCH 12/22] Fix DNS table, it did contain text under it (#1236)

---
 _includes/sections/dns.html | 140 ++++++++++++++++++------------------
 1 file changed, 70 insertions(+), 70 deletions(-)

diff --git a/_includes/sections/dns.html b/_includes/sections/dns.html
index 37815afb..0b802dc9 100644
--- a/_includes/sections/dns.html
+++ b/_includes/sections/dns.html
@@ -403,74 +403,74 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
       </tr>
     </tbody>
   </table>
-
-  <h4>Terms</h4>
-
-  <ul>
-    <li>DNS-over-TLS (DoT) - A security protocol for encrypted DNS on a dedicated port 853. Some providers support port 443 which generally works everywhere while port 853 is often blocked by restrictive firewalls.</li>
-    <li>DNS-over-HTTPS (DoH) - Similar to DoT, but uses HTTPS instead, being indistinguishable from "normal" HTTPS traffic on port 443. <span class="badge badge-warning" data-toggle="tooltip" data-original-title="DoH contains metadata such as user-agent (which may include system information) that is sent to the DNS server."><a href="https://tools.ietf.org/html/rfc8484#section-8.2"><i class="fas fa-exclamation-triangle"></i></a></span></li>
-    <li>DNSCrypt - An older yet robust method of encrypting DNS.</li>
-  </ul>
-
-  <h4>How to verify DNS is encrypted</h4>
-
-  <ul>
-    <li>DoH / DoT
-      <ul>
-        <li>Check <a href="https://www.dnsleaktest.com/">DNSLeakTest.com</a>. <span class="badge badge-warning" data-toggle="tooltip" data-placement="bottom" data-original-title="Your DNS provider may not appear with their own name, so compare the responses to what you know or can find about your DNS provider. Just ensure you don't see your ISP or old unencrypted DNS provider."><i class="fas fa-exclamation-triangle"></i></span></li>
-        <li>Check the website of your DNS provider. They may have a page for telling "you are using our DNS." Examples include <a href="https://adguard.com/en/adguard-dns/overview.html">AdGuard</a> and <a href="https://1.1.1.1/help">Cloudflare</a>.</li>
-        <li>If using Firefox's trusted recursive resolver (TRR), navigate to <code>about:networking#dns</code>. If the TRR column says "true" for some fields, you are using DoH. <span class="badge badge-warning" data-toggle="tooltip" data-placement="bottom" data-original-title='Some fields will say "false" depending on the the value of network.trr.mode in about:config'><a href="https://wiki.mozilla.org/Trusted_Recursive_Resolver"><i class="fas fa-exclamation-triangle"></i></a></span></li>
-      </ul>
-    </li>
-    <li>dnscrypt-proxy - Check <a href="https://github.com/jedisct1/dnscrypt-proxy/wiki/Checking">dnscrypt-proxy's wiki on how to verify that your DNS is encrypted</a>.
-    </li>
-    <li>DNSSEC - Check <a href="https://dnssec.vs.uni-due.de/">DNSSEC Resolver Test by Matthäus Wander</a>.</li>
-    <li>QNAME Minimization - Run <code><a href="https://en.wikipedia.org/wiki/Dig_(command)">dig</a> +short txt qnamemintest.internet.nl</code> from the command-line (taken from <a href="https://nlnetlabs.nl/downloads/presentations/unbound_qnamemin_oarc24.pdf">this NLnet Labs presentation</a>). You should see this display: <code>"HOORAY - QNAME minimisation is enabled on your resolver :)!"</code></li>
-  </ul>
-
-  <h3>Worth Mentioning and Additional Information</h3>
-
-  <ul>
-    <li><strong>Encrypted DNS clients for desktop:</strong>
-      <ul>
-        <li><em>Firefox</em> comes with built-in DoH support with Cloudflare set as the default resolver, but can be configured to use any DoH resolver. <span class="badge badge-warning" data-toggle="tooltip" data-placement="bottom" data-original-title='"Cloudflare has agreed to collect only a limited amount of data about the DNS requests that are sent to the Cloudflare Resolver for Firefox via the Firefox browser."'><a href="https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/firefox/"><i class="fas fa-exclamation-triangle"></i></a></span> Currently Mozilla is <a href="https://blog.mozilla.org/futurereleases/2019/07/31/dns-over-https-doh-update-detecting-managed-networks-and-user-choice/">conducting studies</a> before enabling DoH by default for all US-based Firefox users.</li>
-            <ul>
-                <li>DNS over HTTPS can be enabled in Menu -> Preferences (<code>about:preferences</code>) -> Network Settings -> Enable DNS over HTTPS. Set "Use Provider" to "Custom", and enter your DoH provider's address.</li>
-                <li>Advanced users may enable it in <code>about:config</code> by setting <code>network.trr.custom_uri</code> and <code>network.trr.uri</code> as the address you find from the documentation of your DoH provider and <code>network.trr.mode</code> as <code>2</code>. It may also be desirable to set <code>network.security.esni.enabled</code> to <code>True</code> in order to enable encrypted SNI and make sites supporting ESNI a bit more difficult to track.</li>
-            </ul>
-      </ul>
-    </li>
-    <li><strong>Encrypted DNS clients for mobile:</strong>
-      <ul>
-        <li><em>Android 9</em> comes with a DoT client by <a href="https://support.google.com/android/answer/9089903">default</a>. <span class="badge badge-warning" data-toggle="tooltip" data-original-title="...but with some caveats"><a href="https://www.quad9.net/private-dns-quad9-android9/"><i class="fas fa-exclamation-triangle"></i></a></span></li>
-        <li><em><a href="https://apps.apple.com/app/id1452162351">DNSCloak</a></em> - An <a href="https://github.com/s-s/dnscloak">open-source</a> DNSCrypt and DoH client for iOS by <td><a data-toggle="tooltip" data-placement="bottom" data-original-title='"A charitable non-profit host organization for international Free Software projects."' href="https://techcultivation.org/">the Center for the Cultivation of Technology gemeinnuetzige GmbH</a>.</li>
-        <li><em><a href="https://git.frostnerd.com/PublicAndroidApps/smokescreen/blob/master/README.md">Nebulo</a></em> - An open-source application for Android supporting DoH and DoT. It also supports caching DNS responses and locally logging DNS queries.</li>
-      </ul>
-    </li>
-    <li><strong>Local DNS servers:</strong>
-      <ul>
-        <li><em><a href="https://namecoin.info/">Namecoin</a></em> - A decentralized DNS open-source information registration and transfer system based on the Bitcoin cryptocurrency.</li>
-        <li><em><a href="https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby">Stubby</a></em> - An open-source application for Linux, macOS, and Windows that acts as a local DNS Privacy stub resolver using DoT.</li>
-      </ul>
-    </li>
-    <li><strong>Network wide DNS servers:</strong>
-      <ul>
-        <li><em><a href="https://pi-hole.net/">Pi-hole</a></em> - A network-wide DNS server mainly for the Raspberry Pi. Blocks ads, tracking, and malicious domains for all devices on your network.</li>
-        <li><em><a href="https://gitlab.com/quidsup/notrack">NoTrack</a></em> - A network-wide DNS server like Pi-hole for blocking ads, tracking, and malicious domains.</li>
-      </ul>
-    </li>
-    <li><strong>Further reading:</strong>
-      <ul>
-        <li>On Firefox, DoH and ESNI</li>
-            <ul>
-                <li><a href="https://wiki.mozilla.org/Trusted_Recursive_Resolver">Trusted Recursive Resolver (DoH) on MozillaWiki</a></li>
-                <li><a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1500289">Firefox bug report requesting the ability to use ESNI without DoH</a></li>
-                <li><a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1542754">Firefox bug report requesting the ability to use Android 9+'s Private DNS (DoT) and benefit from encrypted SNI without having to enable DoH</a></li>
-                <li><a href="https://blog.cloudflare.com/encrypted-sni/">Encrypt it or lose it: how encrypted SNI works on Cloudflare blog</a></li>
-            </ul>
-        <li><a href="https://www.isc.org/blogs/qname-minimization-and-privacy/">QNAME Minimization and Your Privacy</a> by the Internet Systems Consortium (ISC)</li>
-        <li><a href="https://www.isc.org/dnssec/">DNSSEC and BIND 9</a> by the ISC</li>
-      </ul>
-    </li>
-  </ul>
 </div>
+
+<h4>Terms</h4>
+
+<ul>
+  <li>DNS-over-TLS (DoT) - A security protocol for encrypted DNS on a dedicated port 853. Some providers support port 443 which generally works everywhere while port 853 is often blocked by restrictive firewalls.</li>
+  <li>DNS-over-HTTPS (DoH) - Similar to DoT, but uses HTTPS instead, being indistinguishable from "normal" HTTPS traffic on port 443. <span class="badge badge-warning" data-toggle="tooltip" data-original-title="DoH contains metadata such as user-agent (which may include system information) that is sent to the DNS server."><a href="https://tools.ietf.org/html/rfc8484#section-8.2"><i class="fas fa-exclamation-triangle"></i></a></span></li>
+  <li>DNSCrypt - An older yet robust method of encrypting DNS.</li>
+</ul>
+
+<h4>How to verify DNS is encrypted</h4>
+
+<ul>
+  <li>DoH / DoT
+    <ul>
+      <li>Check <a href="https://www.dnsleaktest.com/">DNSLeakTest.com</a>. <span class="badge badge-warning" data-toggle="tooltip" data-placement="bottom" data-original-title="Your DNS provider may not appear with their own name, so compare the responses to what you know or can find about your DNS provider. Just ensure you don't see your ISP or old unencrypted DNS provider."><i class="fas fa-exclamation-triangle"></i></span></li>
+      <li>Check the website of your DNS provider. They may have a page for telling "you are using our DNS." Examples include <a href="https://adguard.com/en/adguard-dns/overview.html">AdGuard</a> and <a href="https://1.1.1.1/help">Cloudflare</a>.</li>
+      <li>If using Firefox's trusted recursive resolver (TRR), navigate to <code>about:networking#dns</code>. If the TRR column says "true" for some fields, you are using DoH. <span class="badge badge-warning" data-toggle="tooltip" data-placement="bottom" data-original-title='Some fields will say "false" depending on the the value of network.trr.mode in about:config'><a href="https://wiki.mozilla.org/Trusted_Recursive_Resolver"><i class="fas fa-exclamation-triangle"></i></a></span></li>
+    </ul>
+  </li>
+  <li>dnscrypt-proxy - Check <a href="https://github.com/jedisct1/dnscrypt-proxy/wiki/Checking">dnscrypt-proxy's wiki on how to verify that your DNS is encrypted</a>.
+  </li>
+  <li>DNSSEC - Check <a href="https://dnssec.vs.uni-due.de/">DNSSEC Resolver Test by Matthäus Wander</a>.</li>
+  <li>QNAME Minimization - Run <code><a href="https://en.wikipedia.org/wiki/Dig_(command)">dig</a> +short txt qnamemintest.internet.nl</code> from the command-line (taken from <a href="https://nlnetlabs.nl/downloads/presentations/unbound_qnamemin_oarc24.pdf">this NLnet Labs presentation</a>). You should see this display: <code>"HOORAY - QNAME minimisation is enabled on your resolver :)!"</code></li>
+</ul>
+
+<h3>Worth Mentioning and Additional Information</h3>
+
+<ul>
+  <li><strong>Encrypted DNS clients for desktop:</strong>
+    <ul>
+      <li><em>Firefox</em> comes with built-in DoH support with Cloudflare set as the default resolver, but can be configured to use any DoH resolver. <span class="badge badge-warning" data-toggle="tooltip" data-placement="bottom" data-original-title='"Cloudflare has agreed to collect only a limited amount of data about the DNS requests that are sent to the Cloudflare Resolver for Firefox via the Firefox browser."'><a href="https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/firefox/"><i class="fas fa-exclamation-triangle"></i></a></span> Currently Mozilla is <a href="https://blog.mozilla.org/futurereleases/2019/07/31/dns-over-https-doh-update-detecting-managed-networks-and-user-choice/">conducting studies</a> before enabling DoH by default for all US-based Firefox users.</li>
+          <ul>
+              <li>DNS over HTTPS can be enabled in Menu -> Preferences (<code>about:preferences</code>) -> Network Settings -> Enable DNS over HTTPS. Set "Use Provider" to "Custom", and enter your DoH provider's address.</li>
+              <li>Advanced users may enable it in <code>about:config</code> by setting <code>network.trr.custom_uri</code> and <code>network.trr.uri</code> as the address you find from the documentation of your DoH provider and <code>network.trr.mode</code> as <code>2</code>. It may also be desirable to set <code>network.security.esni.enabled</code> to <code>True</code> in order to enable encrypted SNI and make sites supporting ESNI a bit more difficult to track.</li>
+          </ul>
+    </ul>
+  </li>
+  <li><strong>Encrypted DNS clients for mobile:</strong>
+    <ul>
+      <li><em>Android 9</em> comes with a DoT client by <a href="https://support.google.com/android/answer/9089903">default</a>. <span class="badge badge-warning" data-toggle="tooltip" data-original-title="...but with some caveats"><a href="https://www.quad9.net/private-dns-quad9-android9/"><i class="fas fa-exclamation-triangle"></i></a></span></li>
+      <li><em><a href="https://apps.apple.com/app/id1452162351">DNSCloak</a></em> - An <a href="https://github.com/s-s/dnscloak">open-source</a> DNSCrypt and DoH client for iOS by <td><a data-toggle="tooltip" data-placement="bottom" data-original-title='"A charitable non-profit host organization for international Free Software projects."' href="https://techcultivation.org/">the Center for the Cultivation of Technology gemeinnuetzige GmbH</a>.</li>
+      <li><em><a href="https://git.frostnerd.com/PublicAndroidApps/smokescreen/blob/master/README.md">Nebulo</a></em> - An open-source application for Android supporting DoH and DoT. It also supports caching DNS responses and locally logging DNS queries.</li>
+    </ul>
+  </li>
+  <li><strong>Local DNS servers:</strong>
+    <ul>
+      <li><em><a href="https://namecoin.info/">Namecoin</a></em> - A decentralized DNS open-source information registration and transfer system based on the Bitcoin cryptocurrency.</li>
+      <li><em><a href="https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby">Stubby</a></em> - An open-source application for Linux, macOS, and Windows that acts as a local DNS Privacy stub resolver using DoT.</li>
+    </ul>
+  </li>
+  <li><strong>Network wide DNS servers:</strong>
+    <ul>
+      <li><em><a href="https://pi-hole.net/">Pi-hole</a></em> - A network-wide DNS server mainly for the Raspberry Pi. Blocks ads, tracking, and malicious domains for all devices on your network.</li>
+      <li><em><a href="https://gitlab.com/quidsup/notrack">NoTrack</a></em> - A network-wide DNS server like Pi-hole for blocking ads, tracking, and malicious domains.</li>
+    </ul>
+  </li>
+  <li><strong>Further reading:</strong>
+    <ul>
+      <li>On Firefox, DoH and ESNI</li>
+          <ul>
+              <li><a href="https://wiki.mozilla.org/Trusted_Recursive_Resolver">Trusted Recursive Resolver (DoH) on MozillaWiki</a></li>
+              <li><a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1500289">Firefox bug report requesting the ability to use ESNI without DoH</a></li>
+              <li><a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1542754">Firefox bug report requesting the ability to use Android 9+'s Private DNS (DoT) and benefit from encrypted SNI without having to enable DoH</a></li>
+              <li><a href="https://blog.cloudflare.com/encrypted-sni/">Encrypt it or lose it: how encrypted SNI works on Cloudflare blog</a></li>
+          </ul>
+      <li><a href="https://www.isc.org/blogs/qname-minimization-and-privacy/">QNAME Minimization and Your Privacy</a> by the Internet Systems Consortium (ISC)</li>
+      <li><a href="https://www.isc.org/dnssec/">DNSSEC and BIND 9</a> by the ISC</li>
+    </ul>
+  </li>
+</ul>

From f09d6c316533894da3943f648a4270f84a266d5c Mon Sep 17 00:00:00 2001
From: Dawid Potocki <dpot@disroot.org>
Date: Thu, 29 Aug 2019 20:03:04 +0000
Subject: [PATCH 13/22] Add dark theme (#1204)

Fixes #1151
---
 _includes/head.html   |   1 +
 _includes/nav.html    |   3 +
 assets/css/dark.scss  | 174 ++++++++++++++++++++++++++++++++++++++++++
 assets/css/style.scss |  20 ++++-
 assets/js/main.js     |  41 ++++++++++
 5 files changed, 236 insertions(+), 3 deletions(-)
 create mode 100644 assets/css/dark.scss

diff --git a/_includes/head.html b/_includes/head.html
index d2fb0f51..0580dc35 100644
--- a/_includes/head.html
+++ b/_includes/head.html
@@ -44,4 +44,5 @@
 
   <!-- CSS stylesheets -->
   <link href="/assets/css/style.css?v=5" rel="stylesheet">
+  <link id="dark-css" href="/assets/css/dark.css?v=1" rel="stylesheet" media="(prefers-color-scheme: dark)">
 </head>
diff --git a/_includes/nav.html b/_includes/nav.html
index 28427425..5434b7ab 100644
--- a/_includes/nav.html
+++ b/_includes/nav.html
@@ -143,6 +143,9 @@
         <a href="/donate/" class="nav-anchor">
           Donate <span class="fas fa-heart text-danger"></span>
         </a>
+        <a id="nav-switch-theme" class="nav-anchor" href="javascript:void(0)" onClick="changeColorScheme()">
+          Theme <span class="nav-theme-icon fas"></span>
+        </a>
       </div>
     </div>
   </nav>
diff --git a/assets/css/dark.scss b/assets/css/dark.scss
new file mode 100644
index 00000000..d7133452
--- /dev/null
+++ b/assets/css/dark.scss
@@ -0,0 +1,174 @@
+---
+---
+$dark-400: #181b21;
+$dark-300: #22262e;
+$dark-200: #343a46;
+$dark-100: #464f60;
+$light: #d8d8d8;
+$primary: #345e8e;
+$danger: #b63f4a;
+$secondary: $dark-100;
+$success: #2c7f40;
+$warning: #c6a339;
+$info: #218899;
+
+
+/*
+ * HTML
+ */
+
+body {
+  background: $dark-400;
+  color: $light;
+}
+a {
+  color: lighten($primary, 25%);
+}
+a:hover {
+  color: lighten($primary, 10%);
+}
+img {
+  filter: saturate(80%);
+}
+
+
+/*
+ * Bootstrap
+ */
+
+.alert a {
+  color: #214D97;
+}
+
+.bg-secondary, .btn-secondary, .badge-secondary { background-color: $secondary !important; }
+.btn-secondary, .card-secondary .card-header { border-color: $secondary !important; }
+.text-secondary { color: $secondary !important; }
+.alert-secondary, .btn-secondary:hover {
+  color: $light;
+  background-color: darken($secondary, 10%);
+  border-color: darken($secondary, 10%);
+}
+
+.bg-primary, .btn-primary, .badge-primary { background-color: $primary !important; }
+.btn-primary, .card-primary .card-header { border-color: $primary !important; }
+.text-primary { color: $primary !important; }
+.alert-primary, .btn-primary:hover {
+  color: $light;
+  background-color: darken($primary, 10%);
+  border-color: darken($primary, 10%);
+}
+
+.bg-warning, .btn-warning, .badge-warning { background-color: $warning !important; }
+.btn-warning, .card-warning .card-header { border-color: $warning !important; }
+.text-warning { color: $warning !important; }
+.card-warning > .text-dark { color: $dark-400 !important; }
+.alert-warning, .btn-warning:hover {
+  color: $light;
+  background-color: darken($warning, 10%);
+  border-color: darken($warning, 10%);
+}
+
+.bg-info, .btn-info, .badge-info { background-color: $info !important; }
+.btn-info, .card-info .card-header { border-color: $info !important; }
+.text-info { color: $info !important; }
+.alert-info, .btn-info:hover {
+  color: $light;
+  background-color: darken($info, 10%);
+  border-color: darken($info, 10%);
+}
+
+.bg-success, .btn-success, .badge-success { background-color: $success !important; }
+.btn-success, .card-success .card-header { border-color: $success !important; }
+.text-success { color: $success !important; }
+.alert-success, .btn-success {
+  color: $light;
+  background-color: darken($success, 10%);
+  border-color: darken($success, 10%);
+}
+
+.bg-danger, .btn-danger, .badge-danger { background-color: $danger !important; }
+.btn-danger, .card-danger .card-header { border-color: $danger !important; }
+.text-danger { color: $danger !important; }
+.alert-danger, .btn-danger:hover {
+  color: $light;
+  background-color: darken($danger, 10%);
+  border-color: darken($danger, 10%);
+}
+
+.card {
+  box-shadow: none !important;
+}
+
+.dropdown-item:hover {
+  color: $light;
+  background-color: $dark-300;
+}
+
+.form-control,
+.form-control:focus {
+  color: $light;
+  background: $dark-300;
+  border-color: $dark-300;
+}
+
+.card,
+.jumbotron,
+.list-group-item {
+  background: $dark-300;
+}
+
+.blockquote {
+  border-color: $dark-300;
+}
+
+.bg-dark {
+  background-color: $dark-300 !important;
+}
+
+.dropdown-item {
+  color: $light;
+}
+
+.list-group-item {
+  border-color: $dark-200;
+}
+
+.text-dark {
+  color: $light !important;
+}
+
+table[data-sortable].sortable-theme-bootstrap {
+  color: $light;
+  background-color: $dark-300;
+}
+table[data-sortable].sortable-theme-bootstrap th,
+table[data-sortable].sortable-theme-bootstrap td {
+  border-color: $dark-100 !important;
+}
+table[data-sortable].sortable-theme-bootstrap th[data-sorted="true"] {
+  color: $light;
+  background: $dark-200;
+}
+table[data-sortable].sortable-theme-bootstrap th[data-sorted="true"][data-sorted-direction="ascending"]::after, {
+  border-bottom-color: $light;
+}
+table[data-sortable].sortable-theme-bootstrap th[data-sorted="true"][data-sorted-direction="descending"]::after {
+  border-top-color: $light;
+}
+
+
+/*
+ * Other
+ */
+
+.nav-dropdown {
+  color: $light;
+  background-color: $dark-400;
+  border-color: $dark-300;
+}
+
+.nav-theme-icon:before {
+  color: $warning;
+  font-size: 1em;
+  content: "\f185";
+}
diff --git a/assets/css/style.scss b/assets/css/style.scss
index db658de1..1591b926 100644
--- a/assets/css/style.scss
+++ b/assets/css/style.scss
@@ -177,6 +177,10 @@ h2, h3:not(.h5), h4, h5 {
   text-align: justify;
 }
 
+.no-text-wrap {
+  white-space: nowrap;
+}
+
 footer {
   img,
   i {
@@ -184,6 +188,7 @@ footer {
   }
 }
 
+
 /*
  * Navbar
  */
@@ -272,8 +277,15 @@ input#nav-toggle,
   display: none;
 }
 
+#nav-switch-theme {
+  /* We will make it visible with JavaScript
+   * as it does not work without it */
+  display: none;
+}
 
-/* Mobile hamburger menu */
+/*
+ * Mobile hamburger menu
+ */
 
 @media only screen and (max-width: 992px) {
   .menu,
@@ -336,8 +348,10 @@ input#nav-toggle,
   }
 }
 
-.no-text-wrap {
-  white-space: nowrap;
+.nav-theme-icon:before {
+  color: var(--warning);
+  font-size: 0.875em;
+  content: "\f186";
 }
 
 .table td, .table th {
diff --git a/assets/js/main.js b/assets/js/main.js
index f2925aad..9e04c387 100644
--- a/assets/js/main.js
+++ b/assets/js/main.js
@@ -27,6 +27,47 @@ function navSectionsClose(event) {
   });
 }
 
+
+// Dark/Light color scheme switch button
+document.querySelector("#nav-switch-theme").style.display = "inline"
+
+if (localStorage.getItem("colorScheme") === "dark") {
+  document.querySelector("#dark-css").removeAttribute("media"); // Set dark theme
+}
+else if (localStorage.getItem("colorScheme") === "light") {
+  document.querySelector("#dark-css").setAttribute("media", "invalid"); // Set light theme
+}
+
+function changeColorScheme() {
+
+  // Use whatever users want
+  if (localStorage.getItem("colorScheme") === "dark") {
+    // Change to light theme
+    // by setting invalid media it will just not apply CSS for anyone
+    document.querySelector("#dark-css").setAttribute("media", "invalid");
+    localStorage.setItem("colorScheme", "light");
+  }
+  else if (localStorage.getItem("colorScheme") === "light") {
+    // Change to dark theme
+    // media was set to prefers-color-scheme: dark
+    document.querySelector("#dark-css").removeAttribute("media");
+    localStorage.setItem("colorScheme", "dark");;
+  }
+
+  // Just use whatever browsers want
+  else if (window.matchMedia("(prefers-color-scheme: dark)").matches === true) {
+    // Change to light Theme
+    document.querySelector("#dark-css").setAttribute("media", "invalid");
+    localStorage.setItem("colorScheme", "light");
+  }
+  else {
+    // Change to dark theme
+    document.querySelector("#dark-css").removeAttribute("media");
+    localStorage.setItem("colorScheme", "dark");;
+  }
+}
+
+
 // Matomo
 var _paq = window._paq || [];
 /* tracker methods like "setCustomDimension" should be called before "trackPageView" */

From 07d20054289f5dba5b430a33d4dfe3c77aa4d237 Mon Sep 17 00:00:00 2001
From: Alberto <strappazzon@protonmail.com>
Date: Fri, 30 Aug 2019 18:50:11 +0200
Subject: [PATCH 14/22] Fix dark theme's input forms colors (#1237)

* Fix readonly and disabled input forms colors

* Fix the fix
---
 _includes/head.html  | 2 +-
 assets/css/dark.scss | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/_includes/head.html b/_includes/head.html
index 0580dc35..771c4e48 100644
--- a/_includes/head.html
+++ b/_includes/head.html
@@ -44,5 +44,5 @@
 
   <!-- CSS stylesheets -->
   <link href="/assets/css/style.css?v=5" rel="stylesheet">
-  <link id="dark-css" href="/assets/css/dark.css?v=1" rel="stylesheet" media="(prefers-color-scheme: dark)">
+  <link id="dark-css" href="/assets/css/dark.css?v=2" rel="stylesheet" media="(prefers-color-scheme: dark)">
 </head>
diff --git a/assets/css/dark.scss b/assets/css/dark.scss
index d7133452..d982475b 100644
--- a/assets/css/dark.scss
+++ b/assets/css/dark.scss
@@ -111,6 +111,11 @@ img {
   border-color: $dark-300;
 }
 
+.form-control[readonly],
+.form-control:disabled {
+  background: $dark-300;
+}
+
 .card,
 .jumbotron,
 .list-group-item {

From 5b20d9a1e4b021d5412ea1c4f7389f3e6f8d3dd3 Mon Sep 17 00:00:00 2001
From: Jonah Aragon <jonah@triplebit.net>
Date: Fri, 30 Aug 2019 12:01:48 -0500
Subject: [PATCH 15/22] Fullwidth icons in navbar (#1243)

---
 _includes/nav.html | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/_includes/nav.html b/_includes/nav.html
index 5434b7ab..e7f6c2e8 100644
--- a/_includes/nav.html
+++ b/_includes/nav.html
@@ -11,7 +11,7 @@
 
       <div id="nav-left" class="position-relative flex-col">
         <a class="nav-anchor" href="/index.html">
-          <span id="nav-home" class="fas fa-home"></span>
+          <span id="nav-home" class="fas fa-home fa-fw"></span>
         </a>
 
         <!-- Provider -->
@@ -103,7 +103,7 @@
         <details class="nav-details">
           <summary>
             <span class="nav-summary">
-              <span class="fas fa-language text-danger"></span>
+              <span class="fas fa-language text-danger fa-fw"></span>
               Language
               <span class="dropdown-toggle"></span>
             </span>
@@ -141,10 +141,10 @@
 
         <a href="https://blog.privacytools.io/" class="nav-anchor">Blog </a>
         <a href="/donate/" class="nav-anchor">
-          Donate <span class="fas fa-heart text-danger"></span>
+          Donate <span class="fas fa-heart text-danger fa-fw"></span>
         </a>
         <a id="nav-switch-theme" class="nav-anchor" href="javascript:void(0)" onClick="changeColorScheme()">
-          Theme <span class="nav-theme-icon fas"></span>
+          Theme <span class="nav-theme-icon fas fa-fw"></span>
         </a>
       </div>
     </div>

From ec1a5d2a934cf4818f7c6b3349de1fea33845a19 Mon Sep 17 00:00:00 2001
From: nitrohorse <1514352+nitrohorse@users.noreply.github.com>
Date: Fri, 30 Aug 2019 10:12:25 -0700
Subject: [PATCH 16/22] Fix LessPass GitHub link (#1238)

---
 _includes/sections/password-managers.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_includes/sections/password-managers.html b/_includes/sections/password-managers.html
index 14c153b4..c0f79ae6 100644
--- a/_includes/sections/password-managers.html
+++ b/_includes/sections/password-managers.html
@@ -44,7 +44,7 @@
   description="<strong>LessPass</strong> is a free and open source password manager that generates unique passwords for websites, email accounts, or anything else based on a master password and information you know. No sync needed. Uses PBKDF2 and SHA-256. It's advised to use the browser addons for more security."
   website="https://lesspass.com/"
   forum="https://forum.privacytools.io/t/discussion-keepassxc/1344/2"
-  github="https://github.com/keepassxreboot/keepassxc"
+  github="https://github.com/lesspass/lesspass"
   firefox="https://addons.mozilla.org/en-US/firefox/addon/lesspass/"
   chrome="https://chrome.google.com/webstore/detail/lesspass/lcmbpoclaodbgkbjafnkbbinogcbnjih"
   android="https://play.google.com/store/apps/details?id=com.lesspass.android&hl=en"

From 0b92029f238d7aeac98e3d507b63a05ce0e2da8b Mon Sep 17 00:00:00 2001
From: Mikaela Suomalainen <mikaela+git@mikaela.info>
Date: Sat, 31 Aug 2019 19:17:39 +0300
Subject: [PATCH 17/22] browser-tweaks: remove pyllyukko & add an anchor
 (#1245)

* browser-tweaks: remove pyllyukko & add an anchor

Resolves: #1240
Resolves: #1244
---
 _includes/sections/browser-tweaks.html | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/_includes/sections/browser-tweaks.html b/_includes/sections/browser-tweaks.html
index 62b2ec4e..2fa29e1e 100644
--- a/_includes/sections/browser-tweaks.html
+++ b/_includes/sections/browser-tweaks.html
@@ -144,10 +144,9 @@
   </dd>
 </dl>
 
-<h3>Firefox user.js Templates</h3>
+<h3 id="user.js">Firefox user.js Templates</h3>
 <ul>
 	<li><a href="https://github.com/ghacksuserjs/ghacks-user.js">ghacks-user.js</a> - An ongoing comprehensive user.js template for configuring and hardening Firefox privacy, security and anti-fingerprinting.</li>
-	<li><a href="https://github.com/pyllyukko/user.js">pyllyukko/user.js</a> - This is a user.js configuration file to harden Firefox's settings and make it more secure.</li>
 </ul>
 
 

From a88adcc3bfa2b7585d926bda8ee8fdfd2bc40f53 Mon Sep 17 00:00:00 2001
From: blacklight447 <blacklight447@privacytools.io>
Date: Sat, 31 Aug 2019 16:24:03 +0000
Subject: [PATCH 18/22] Change "for Experts only" to " For Power Users only" in
 the addons section. (#1251)

* Update browser-addons.html

* Update browser-addons.html
---
 _includes/sections/browser-addons.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_includes/sections/browser-addons.html b/_includes/sections/browser-addons.html
index 7fb4028e..6bba6c32 100644
--- a/_includes/sections/browser-addons.html
+++ b/_includes/sections/browser-addons.html
@@ -94,7 +94,7 @@ chrome=""
 %}
 
 
-<h2>For Experts Only</h2>
+<h2>For Power Users Only</h2>
 
 <div class="alert alert-warning" role="alert">
   <strong>These addons require quite a lot of interaction from the user. Some sites will not work properly until you have configured the add-ons.</strong>

From 0276f52ed234446ecbf84d9d2b1e32fa4468133d Mon Sep 17 00:00:00 2001
From: Mikaela Suomalainen <mikaela+git@mikaela.info>
Date: Sat, 31 Aug 2019 20:05:36 +0300
Subject: [PATCH 19/22] operating-systems.html: add a warning for Linux/CPU
 vulns (#1231)

* operating-systemd.html: add a warning for Linux/CPU vulns

* operating-systems: expand the Linux instructions for MDS mitigation

* operating-systems: s/multithreading/hyperthreading/

* operating-systems: address feedback, fix typo

* operating-systems: remove update-grub, close li tags

* operating-systems: @nitrohorse's first feedback

Doing this in a separate commit in case I misunderstood, so I can revert

* operating-systems: address feedback

* operating-systems: dd a duplicate paragraph

* operating-systems: add missing "grub" word

* operating-systems: fix the last step of nosmt

* operating-systems: mention macOS link

* operating-systems: address feedback

* operating-systems: add a dot

* operating-systems: fix link
---
 _includes/sections/operating-systems.html | 27 +++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/_includes/sections/operating-systems.html b/_includes/sections/operating-systems.html
index 17700fbf..9dc6d511 100644
--- a/_includes/sections/operating-systems.html
+++ b/_includes/sections/operating-systems.html
@@ -41,6 +41,33 @@ tor="http://sejnfjrq6szgca7v.onion"
   <li><a href="#win10"><i class="fas fa-link"></i> Don't use Windows 10 - It's a privacy nightmare</a></li>
 </ul>
 
+<h4 id="cpuvulns">Remember to check CPU vulnerability mitigations</h4>
+
+<p><em><a href="https://support.microsoft.com/en-us/help/4073757/protect-windows-devices-from-speculative-execution-side-channel-attack">This also affects Windows 10</a>, but it doesn't expose this information or mitigation instructions as easily. MacOS users check <a href="https://support.apple.com/en-us/HT210108">How to enable full mitigation for Microarchitectural Data Sampling (MDS) vulnerabilities on Apple Support</a>.</em></p>
+
+<p>When running a enough recent kernel, you can check the CPU vulnerabilities it detects by <code>tail -n +1 /sys/devices/system/cpu/vulnerabilities/*</code>. By using <code>tail -n +1</code> instead of <code>cat</code>, the file names are also visible.</p>
+
+<p>
+    In case you have an Intel CPU, you may notice "SMT vulnerable" display after running the <code>tail</code> command. To mitigate this, disable <a href="https://en.wikipedia.org/wiki/Hyper-threading">hyper-threading</a> from the UEFI/BIOS. You can also take the following mitigation steps below if your system/distribution uses GRUB and supports <code>/etc/default/grub.d/</code>:
+</p>
+
+<ol>
+  <li><code>sudo mkdir /etc/default/grub.d/</code> to create a directory for additional grub configuration</li>
+  <li><code>echo GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT mds=full,nosmt" | sudo tee /etc/default/grub.d/mds.conf</code> to create a new grub config file source with the echoed content</li>
+  <li><code>sudo grub-mkconfig -o /boot/grub/grub.cfg</code> to generate a new grub config file including this new kernel boot flag</li>
+  <li><code>sudo reboot</code> to reboot</li>
+  <li>after the reboot, check <code>tail -n +1 /sys/devices/system/cpu/vulnerabilities/*</code> again to see that MDS now says "SMT disabled."</li>
+</ol>
+
+<h5>Further reading</h5>
+
+<ul>
+  <li><a href="https://cpu.fail/">CPU.fail</a></li>
+  <li><a href="https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html">MDS - Microarchitectural Data Sampling on The Linux kernel user's and administrator's guide</a></li>
+  <li><a href="https://mdsattacks.com/">RIDL and Fallout: MDS attacks on mdsattacks.com</a></li>
+  <li><a href="https://en.wikipedia.org/wiki/Simultaneous_multithreading">Simultaneous multithreading on Wikipedia</a></li>
+</ul>
+
 <h3>Worth Mentioning</h3>
 
 <ul>

From 24412dcf8fa8c1cdf44a620309ee8b5c05017f21 Mon Sep 17 00:00:00 2001
From: Dawid Potocki <dpot@disroot.org>
Date: Sat, 31 Aug 2019 22:30:53 +0000
Subject: [PATCH 20/22] Reduce flickering with dark/light theme (#1241)

---
 _includes/scripts.html  |  2 +-
 _layouts/minimal.html   |  1 +
 assets/js/applytheme.js |  6 ++++++
 assets/js/main.js       | 39 ++++++++++++++++++++-------------------
 4 files changed, 28 insertions(+), 20 deletions(-)
 create mode 100644 assets/js/applytheme.js

diff --git a/_includes/scripts.html b/_includes/scripts.html
index d55f2c76..b5ed2d18 100644
--- a/_includes/scripts.html
+++ b/_includes/scripts.html
@@ -2,7 +2,7 @@
 <script src="/assets/js/popper.min.js?v=4"></script>
 <script src="/assets/js/bootstrap.min.js?v=4"></script>
 <script src="/assets/js/sortable.min.js?v=4"></script>
-<script src="/assets/js/main.js?v=2"></script>
+<script src="/assets/js/main.js?v=3"></script>
 
 <!--
   Matomo is the leading open-source analytics platform:
diff --git a/_layouts/minimal.html b/_layouts/minimal.html
index 1061dc36..470aa55f 100644
--- a/_layouts/minimal.html
+++ b/_layouts/minimal.html
@@ -2,6 +2,7 @@
 <html lang="en">
 {% include head.html %}
 <body data-spy="scroll" data-target="#navbar">
+  <script src="/assets/js/applytheme.js?v=1"></script>
   <header>
   {% include nav.html %}
   <div id="top" class="py-4"></div>
diff --git a/assets/js/applytheme.js b/assets/js/applytheme.js
new file mode 100644
index 00000000..1392dd66
--- /dev/null
+++ b/assets/js/applytheme.js
@@ -0,0 +1,6 @@
+if (localStorage.getItem("colorScheme") === "dark") {
+  document.querySelector("#dark-css").removeAttribute("media"); // Set dark theme
+}
+else if (localStorage.getItem("colorScheme") === "light") {
+  document.querySelector("#dark-css").setAttribute("media", "invalid"); // Set light theme
+}
diff --git a/assets/js/main.js b/assets/js/main.js
index 9e04c387..67738c1a 100644
--- a/assets/js/main.js
+++ b/assets/js/main.js
@@ -29,29 +29,31 @@ function navSectionsClose(event) {
 
 
 // Dark/Light color scheme switch button
-document.querySelector("#nav-switch-theme").style.display = "inline"
-
-if (localStorage.getItem("colorScheme") === "dark") {
-  document.querySelector("#dark-css").removeAttribute("media"); // Set dark theme
-}
-else if (localStorage.getItem("colorScheme") === "light") {
-  document.querySelector("#dark-css").setAttribute("media", "invalid"); // Set light theme
-}
+document.querySelector("#nav-switch-theme").style.display = "inline";
 
 function changeColorScheme() {
-
   // Use whatever users want
   if (localStorage.getItem("colorScheme") === "dark") {
     // Change to light theme
-    // by setting invalid media it will just not apply CSS for anyone
-    document.querySelector("#dark-css").setAttribute("media", "invalid");
-    localStorage.setItem("colorScheme", "light");
+    if (window.matchMedia("(prefers-color-scheme: dark)").matches === false) {
+      document.querySelector("#dark-css").setAttribute("media", "(prefers-color-scheme: dark)");
+      localStorage.removeItem("colorScheme");
+    } else {
+      // by setting invalid media it will just not apply CSS for anyone
+      document.querySelector("#dark-css").setAttribute("media", "invalid");
+      localStorage.setItem("colorScheme", "light");
+    }
   }
+  // Change to dark theme
   else if (localStorage.getItem("colorScheme") === "light") {
-    // Change to dark theme
-    // media was set to prefers-color-scheme: dark
-    document.querySelector("#dark-css").removeAttribute("media");
-    localStorage.setItem("colorScheme", "dark");;
+    if (window.matchMedia("(prefers-color-scheme: dark)").matches === true) {
+      document.querySelector("#dark-css").setAttribute("media", "(prefers-color-scheme: dark)");
+      localStorage.removeItem("colorScheme");
+    } else {
+      // media was set to prefers-color-scheme: dark
+      document.querySelector("#dark-css").removeAttribute("media");
+      localStorage.setItem("colorScheme", "dark");
+    }
   }
 
   // Just use whatever browsers want
@@ -59,11 +61,10 @@ function changeColorScheme() {
     // Change to light Theme
     document.querySelector("#dark-css").setAttribute("media", "invalid");
     localStorage.setItem("colorScheme", "light");
-  }
-  else {
+  } else {
     // Change to dark theme
     document.querySelector("#dark-css").removeAttribute("media");
-    localStorage.setItem("colorScheme", "dark");;
+    localStorage.setItem("colorScheme", "dark");
   }
 }
 

From 964b7e85acf08472e1e1d7254a1cb033a419175b Mon Sep 17 00:00:00 2001
From: Mikaela Suomalainen <mikaela+git@mikaela.info>
Date: Sun, 1 Sep 2019 14:53:32 +0300
Subject: [PATCH 21/22] dns: document usage profiles & Android automatic mode
 (#1242)

* dns: document usage profiles & Android automatic mode

Resolves: #1239

* dns: fix typo, sslstrip

* dns: add space between SSL and strip
---
 _includes/sections/dns.html | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/_includes/sections/dns.html b/_includes/sections/dns.html
index 0b802dc9..9930c910 100644
--- a/_includes/sections/dns.html
+++ b/_includes/sections/dns.html
@@ -408,7 +408,11 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
 <h4>Terms</h4>
 
 <ul>
-  <li>DNS-over-TLS (DoT) - A security protocol for encrypted DNS on a dedicated port 853. Some providers support port 443 which generally works everywhere while port 853 is often blocked by restrictive firewalls.</li>
+  <li>DNS-over-TLS (DoT) - A security protocol for encrypted DNS on a dedicated port 853. Some providers support port 443 which generally works everywhere while port 853 is often blocked by restrictive firewalls. DoT has two modes:</li>
+    <ul>
+        <li>Oppurtunistic mode: the client attempts to form a DNS-over-TLS connection to the server on port 853 without performing certificate validation. If it fails, it will use unencrypted DNS. <span class="badge badge-warning" data-toggle="tooltip" data-original-title="In other words automatic mode leaves your DNS traffic vulnerable to SSL strip and MITM attacks"><i class="fas fa-exclamation-triangle"></i></span></li>
+        <li>Strict mode: the client connects to a specific hostname and performs certificate validation for it. If it fails, no DNS queries are made until it succeeds.</li>
+    </ul>
   <li>DNS-over-HTTPS (DoH) - Similar to DoT, but uses HTTPS instead, being indistinguishable from "normal" HTTPS traffic on port 443. <span class="badge badge-warning" data-toggle="tooltip" data-original-title="DoH contains metadata such as user-agent (which may include system information) that is sent to the DNS server."><a href="https://tools.ietf.org/html/rfc8484#section-8.2"><i class="fas fa-exclamation-triangle"></i></a></span></li>
   <li>DNSCrypt - An older yet robust method of encrypting DNS.</li>
 </ul>
@@ -444,6 +448,9 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
   <li><strong>Encrypted DNS clients for mobile:</strong>
     <ul>
       <li><em>Android 9</em> comes with a DoT client by <a href="https://support.google.com/android/answer/9089903">default</a>. <span class="badge badge-warning" data-toggle="tooltip" data-original-title="...but with some caveats"><a href="https://www.quad9.net/private-dns-quad9-android9/"><i class="fas fa-exclamation-triangle"></i></a></span></li>
+        <ul>
+          <li>We recommend selecting <em>Private DNS provider hostname</em> and entering the DoT address from documentation of your DoT provider to enable strict mode (see Terms above). <span class="badge badge-warning" data-toggle="tooltip" data-original-title="If you are on a network blocking access to port 853, Android will error about the network not having internet connectivity."><i class="fas fa-exclamation-triangle"></i></span></li>
+        </ul>
       <li><em><a href="https://apps.apple.com/app/id1452162351">DNSCloak</a></em> - An <a href="https://github.com/s-s/dnscloak">open-source</a> DNSCrypt and DoH client for iOS by <td><a data-toggle="tooltip" data-placement="bottom" data-original-title='"A charitable non-profit host organization for international Free Software projects."' href="https://techcultivation.org/">the Center for the Cultivation of Technology gemeinnuetzige GmbH</a>.</li>
       <li><em><a href="https://git.frostnerd.com/PublicAndroidApps/smokescreen/blob/master/README.md">Nebulo</a></em> - An open-source application for Android supporting DoH and DoT. It also supports caching DNS responses and locally logging DNS queries.</li>
     </ul>

From 3048d0b0f278ee593bdd555539795c09c69615f2 Mon Sep 17 00:00:00 2001
From: nitrohorse <1514352+nitrohorse@users.noreply.github.com>
Date: Sun, 1 Sep 2019 04:54:28 -0700
Subject: [PATCH 22/22] Add Onion service URL for Keybase (#1255)

---
 _includes/sections/teamchat.html | 57 +++++++++++++++++---------------
 1 file changed, 30 insertions(+), 27 deletions(-)

diff --git a/_includes/sections/teamchat.html b/_includes/sections/teamchat.html
index 345b8d0c..8196eba3 100644
--- a/_includes/sections/teamchat.html
+++ b/_includes/sections/teamchat.html
@@ -4,35 +4,38 @@
         <strong>If your project or organization currently uses a platform like <a href="https://web.archive.org/web/20171029114027/https://feedback.discordapp.com/forums/326712-discord-dream-land/suggestions/17094256-implement-whispersystems-encryption-for-voice-and">Discord</a> or <a href="https://drewdevault.com/2015/11/01/Please-stop-using-slack.html">Slack</a> you should pick an alternative here.</strong>
 </div>
 
-{% include cardv2.html
-title="Rocket.chat"
-image="/assets/img/tools/rocket.chat.png"
-description="Rocket.chat is an self-hostable open source platform for team communication. It has optional federation and experimental E2EE."
-labels="warning:<a href=//rocket.chat/docs/user-guides/end-to-end-encryption/>Experimental</a>:Regarding E2EE their documentation states 'This feature is currently in alpha. It's also not yet supported on mobile'. There is no forward secrecy so compromised decryption password would leak all messages. The federation was also added afterwards potentially causing room for mistakes."
-website="https://rocket.chat/"
-forum="https://forum.privacytools.io/t/discussion-rocket-chat/1223"
-github="https://github.com/rocketchat/"
-android=""
-ios=""
-mac=""
-windows=""
-linux=""
+{%
+  include cardv2.html
+  title="Rocket.chat"
+  image="/assets/img/tools/rocket.chat.png"
+  description="Rocket.chat is an self-hostable open source platform for team communication. It has optional federation and experimental E2EE."
+  labels="warning:<a href=//rocket.chat/docs/user-guides/end-to-end-encryption/>Experimental</a>:Regarding E2EE their documentation states 'This feature is currently in alpha. It's also not yet supported on mobile'. There is no forward secrecy so compromised decryption password would leak all messages. The federation was also added afterwards potentially causing room for mistakes."
+  website="https://rocket.chat/"
+  forum="https://forum.privacytools.io/t/discussion-rocket-chat/1223"
+  github="https://github.com/rocketchat/"
+  android=""
+  ios=""
+  mac=""
+  windows=""
+  linux=""
 %}
 
-{% include cardv2.html
-title="Keybase"
-image="/assets/img/tools/keybase.png"
-description='Keybase provides a hosted team chat with end-to-end encryption. It has also been <a href="https://keybase.io/docs-assets/blog/NCC_Group_Keybase_KB2018_Public_Report_2019-02-27_v1.3.pdf">indepedently audited (PDF)</a>.'
-labels="warning:<a href=//github.com/keybase/client/issues/6374>Warning</a>:The server side of Keybase runs on proprietary code and is centralized."
-website="https://keybase.io/"
-forum="https://forum.privacytools.io/t/discussion-keybase/1224"
-github="https://github.com/Keybase"
-android=""
-ios=""
-mac=""
-windows=""
-linux=""
-web=""
+{%
+  include cardv2.html
+  title="Keybase"
+  image="/assets/img/tools/keybase.png"
+  description='Keybase provides a hosted team chat with end-to-end encryption. It has also been <a href="https://keybase.io/docs-assets/blog/NCC_Group_Keybase_KB2018_Public_Report_2019-02-27_v1.3.pdf">indepedently audited (PDF)</a>.'
+  labels="warning:<a href=//github.com/keybase/client/issues/6374>Warning</a>:The server side of Keybase runs on proprietary code and is centralized."
+  website="https://keybase.io/"
+  forum="https://forum.privacytools.io/t/discussion-keybase/1224"
+  tor="http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion/"
+  github="https://github.com/Keybase"
+  android=""
+  ios=""
+  mac=""
+  windows=""
+  linux=""
+  web=""
 %}