Add RemoveMyPhone dark logo

* dns: begin another take at Apple's native encrypted DNS

* dns.html: mention mobileconfigs, versions and where to find them

* dns.html: fix clumsy heading

* dns: remove excess >

* dns: small clarification

open in Safari, others won't work

* Use two spaces, slightly reword.

* Use nice name

Co-authored-by: Daniel Gray <dng@disroot.org>

README.md

@@ -45,15 +45,14 @@ If you want to discuss privacy in general, a new tool, or just something else, f
 
 Like what we're doing? [Become a backer](https://opencollective.com/privacytools) and show your support for our project.
 
-![](https://opencollective.com/privacytools/tiers/sponsor.svg?avatarHeight=64&width=890)
+<a href="https://opencollective.com/privacytools">
+	<img src="https://opencollective.com/privacytools/tiers/sponsor.svg?avatarHeight=64&width=890" height="64px" width="890px" alt="opencollective.com" />
+</a>
 
 ## Sponsors
 
 Are you working with a privacy focused company? Ask your manager or marketing team if your company would be interested in supporting our project. Your support will help us continue to develop this website, promote privacy-respecting tools and services, and reach out to thousands of data privacy newcomers every month. Also, your company's logo will show on GitHub and [our site](https://www.privacytools.io/sponsors/), and who doesn't like a little extra exposure?
 
-[![](https://opencollective.com/privacytools/tiers/gold.svg?avatarHeight=64&width=890&button=false)](https://opencollective.com/privacytools/contribute/gold-12312)
-[![](https://opencollective.com/privacytools/tiers/silver.svg?avatarHeight=64&width=890&button=false)](https://opencollective.com/privacytools/contribute/silver-12311)
-
 ## Community Translations
 - [繁体中文 / Chinese](https://privacytools.twngo.xyz/) - [GitHub](https://github.com/twngo/privacytools-zh)
 - [Español / Spanish](https://victorhck.gitlab.io/privacytools-es/) - [GitLab](https://gitlab.com/victorhck/privacytools-es)

_includes/head.html

@@ -61,5 +61,5 @@
 
   <!-- CSS stylesheets -->
   <link href="/assets/css/style.css?v=9" rel="stylesheet">
-  <link id="dark-css" href="/assets/css/dark.css?v=4" rel="stylesheet" media="(prefers-color-scheme: dark)">
+  {% unless page.url == '/sponsors/' %}<link id="dark-css" href="/assets/css/dark.css?v=4" rel="stylesheet" media="(prefers-color-scheme: dark)">{% endunless %}
 </head>

_includes/nav.html

@@ -113,7 +113,7 @@
         </a>
         <a href="/about/" class="nav-anchor">
           About Us
-        </a>
+        </a>{% unless page.url == '/sponsors/' %}
         <span id="nav-switch-theme" class="nav-anchor">
           <span class="nav-theme-icon fas fa-fw" aria-hidden="true" title="Theme"></span>
           <span class="sr-only">Toggle Theme</span>
@@ -138,7 +138,7 @@
             <a href="https://privacytools.ru" rel="nofollow noopener" class="dropdown-item">Русский</a>
             <a href="https://privacytools.dreads-unlock.fr" rel="nofollow noopener" class="dropdown-item">Français</a>
           </span>
-        </details>
+        </details>{% endunless %}
       </div>
     </div>
   </div>

_includes/scripts.html

@@ -3,12 +3,3 @@
 <script src="/assets/js/bootstrap.min.js?v=4"></script>
 <script src="/assets/js/sortable.min.js?v=4"></script>
 <script src="/assets/js/main.js?v=5"></script>
-
-<!--
-  Matomo is the leading open-source analytics platform:
-  - Free open-source software
-  - 100% data ownership
-  - User privacy protection
--->
-
-<noscript><img src="https://stats.privacytools.io/matomo.php?idsite=1&amp;rec=1" class="border-0" alt=""/></noscript>

_includes/sections/android-addons.html

@@ -18,7 +18,7 @@
     </div>
     <div class="col">
     <h3>Tor for Android with <a href="https://guardianproject.info/apps/orbot/">Orbot</a></h3>
-    <p><strong>Orbot</strong> is a free proxy app that empowers other apps to use the internet more securely. Orbot uses Tor to encrypt your Internet traffic and then hides it by bouncing through a series of computers around the world. <strong>Root Mode:</strong> Orbot can be configured to transparently proxy all of your Internet traffic through Tor. You can also choose which specific apps you wish to use through Tor.</p>
+    <p><strong>Orbot</strong> is a free proxy app that empowers other apps to use the internet more securely. Orbot uses Tor to encrypt your Internet traffic and then hides it by bouncing through a series of computers around the world.</p>
     </div>
   </div>
 
@@ -28,6 +28,6 @@
 
 <ul>
   <li>
-    <a href="/providers/dns#clients">Our DNS client recommendations</a>, which have information on enabling encrypted DNS on Android.
+    <a href="/providers/dns#dns-android-clients">Our DNS client recommendations</a>, which have information on enabling encrypted DNS on Android.
   </li>
 </ul>

_includes/sections/browser-addons.html

@@ -7,7 +7,7 @@
 {% include cardv2.html
   title="uBlock Origin: Block Ads and Trackers"
   image="/assets/img/svg/3rd-party/ublock_origin.svg"
-  description="<strong>uBlock Origin</strong> is an efficient <a href=https://github.com/gorhill/uBlock/wiki/Blocking-mode>wide-spectrum blocker</a> that is easy on memory, and yet can load and enforce thousands more filters than other popular blockers out there. It has no monetization strategy and is completely open source."
+  description="<p><strong>uBlock Origin</strong> is an efficient <a href=https://github.com/gorhill/uBlock/wiki/Blocking-mode>wide-spectrum blocker</a> that is easy on memory, and yet can load and enforce thousands more filters than other popular blockers out there. It has no monetization strategy and is completely open source. <a href=https://github.com/gorhill/uBlock/wiki/Advanced-user-features>Advanced mode</a> allows for <a href=https://github.com/gorhill/uBlock/wiki/Dynamic-filtering:-quick-guide>dynamic filtering</a>. Dynamic filtering allows for extended blocking similar to NoScript and uMatrix (E.g. <a href=https://github.com/gorhill/uBlock/wiki/Blocking-mode:-medium-mode>medium</a> or <a href=https://github.com/gorhill/uBlock/wiki/Blocking-mode:-hard-mode>hard</a>) blocking.</p>"
   website="https://addons.mozilla.org/firefox/addon/ublock-origin/"
   privacy-policy="https://github.com/gorhill/uBlock/wiki/Privacy-policy"
   forum="https://forum.privacytools.io/t/discussion-ublock-origin/266"
@@ -57,6 +57,24 @@
   edge="https://microsoftedge.microsoft.com/addons/detail/mdkdmaickkfdekbjdoojfalpbkgaddei"
 %}
 
+{% include cardv2.html
+  title="xBrowserSync"
+  image="/assets/img/svg/3rd-party/xbrowsersync.svg"
+  description='<strong>xBrowserSync</strong> synchronizes bookmarks across devices and browsers with end-to-end encryption. Data is encrypted and decrypted on the device, no one but you can read it. No registration is needed, just enter a randomly generated id or QR code on all devices. <a href="https://www.xbrowsersync.org/#status">Different servers</a> are available, and it can also be <a href="https://github.com/xbrowsersync/api-docker">self-hosted</a>.'
+  website="https://www.xbrowsersync.org/"
+  privacy-policy="https://www.xbrowsersync.org/privacypolicy"
+  github="https://github.com/xbrowsersync"
+  firefox="https://addons.mozilla.org/firefox/addon/xbs/"
+  chrome="https://chrome.google.com/webstore/detail/xbrowsersync/lcbjdhceifofjlpecfpeimnnphbcjgnc"
+  googleplay="https://play.google.com/store/apps/details?id=com.xBrowserSync.android"
+%}
+
+<h3>Worth Mentioning</h3>
+
+<ul>
+  <li><a href="https://floccus.org/">floccus</a> - Synchronize bookmarks across browsers via Nextcloud, WebDAV or a local file (and thus any file sync solution). For <a href="https://addons.mozilla.org/firefox/addon/floccus/">Firefox</a>, <a href="https://chrome.google.com/webstore/detail/floccus-bookmarks-sync/fnaicdffflnofjppbagibeoednhnbjhg">Chrome</a>, <a href="https://microsoftedge.microsoft.com/addons/detail/gjkddcofhiifldbllobcamllmanombji">Edge</a>.</li>
+</ul>
+
 <h2>Additional Functionality</h2>
 
 <div class="alert alert-secondary" role="alert">
@@ -153,7 +171,7 @@
 {% include cardv2.html
   title="uMatrix: Stop Cross-Site Requests"
   image="/assets/img/png/3rd-party/umatrix.png"
-  description="<strong>uMatrix</strong> gives you control over the requests that websites make to other websites. Many websites integrate features which let other websites track you, such as Facebook Like Buttons or Google Analytics. uMatrix allows 1st party scripts in its default configuration. If you want the default functionality of NoScript consider <a href=https://github.com/gorhill/uMatrix/wiki/How-to-block-1st-party-scripts-everywhere-by-default>blocking 1st party scripts everywhere by default</a>."
+  description="<strong>uMatrix</strong> gives you control over the requests that websites make to other websites. Many websites integrate features which let other websites track you, such as Facebook Like Buttons or Google Analytics. uMatrix allows 1st party scripts in its default configuration. If you want the default functionality of NoScript consider <a href=https://github.com/gorhill/uMatrix/wiki/How-to-block-1st-party-scripts-everywhere-by-default>blocking 1st party scripts everywhere by default</a>. <strong>This addon has been <a href=https://github.com/uBlockOrigin/uMatrix-issues/issues/291#issuecomment-694988696>discontinued</a>.</strong>"
   website="https://addons.mozilla.org/firefox/addon/umatrix/"
   privacy-policy="https://github.com/gorhill/uMatrix/wiki/Privacy-policy"
   forum="https://forum.privacytools.io/t/discussion-umatrix/271"

_includes/sections/browser-recommendation.html

@@ -47,7 +47,7 @@
   website="https://www.mozilla.org/en-US/firefox/mobile/"
   privacy-policy="https://www.mozilla.org/en-US/privacy/firefox/"
   forum="https://forum.privacytools.io/t/discussion-firefox/279"
-  source="https://github.com/mozilla-mobile"
+  github="https://github.com/mozilla-mobile"
   fdroid="https://f-droid.org/en/packages/org.mozilla.fennec_fdroid/"
   googleplay="https://play.google.com/store/apps/details?id=org.mozilla.firefox"
   android="https://www.mozilla.org/firefox/all/#product-android-release"
@@ -104,7 +104,7 @@
   website="https://www.mozilla.org/en-US/firefox/mobile/"
   privacy-policy="https://www.mozilla.org/en-US/privacy/firefox/"
   forum="https://forum.privacytools.io/t/discussion-firefox/279"
-  source="https://github.com/mozilla-mobile/firefox-ios"
+  github="https://github.com/mozilla-mobile/firefox-ios"
   ios="https://apps.apple.com/us/app/firefox-private-safe-browser/id989804926"
 %}
 

_includes/sections/browser-tweaks.html

@@ -7,7 +7,7 @@
 <ol>
   <li>Enter "about:config" in the firefox address bar and press enter.</li>
   <li>Press the button "Accept the Risk and Continue" [FF71+] or "I accept the risk".</li>
-  <li>Follow the instructions below...</li>
+  <li>Copy and paste each of the preferences below (for example "webgl.disabled") into the search bar, and set each of them to the stated value (such as "true").</li>
 </ol>
 
 <h3>Getting started:</h3>
@@ -120,7 +120,7 @@
 
 <h3 id="user.js">Firefox user.js Templates</h3>
 <ul>
-   <li><a href="https://github.com/ghacksuserjs/ghacks-user.js">ghacks-user.js</a> - An ongoing comprehensive user.js template for configuring and hardening Firefox privacy, security and anti-fingerprinting.</li>
+   <li><a href="https://github.com/arkenfox/user.js">arkenfox user.js</a> (formerly ghacks-user.js) - An ongoing comprehensive user.js template for configuring and hardening Firefox privacy, security and anti-fingerprinting.</li>
 </ul>
 
 

_includes/sections/cloud-storage.html

@@ -8,7 +8,6 @@
   title="Nextcloud - Choose your hoster"
   image="/assets/img/svg/3rd-party/nextcloud.svg"
   description="<strong>Nextcloud</strong> is a suite of free and open-source client-server software for creating your own file hosting services on a private server you control. The only limits on storage and bandwidth are the limits on the <a href=\"/providers/hosting\">server provider</a> you choose."
-  labels="color==warning::link==https://github.com/nextcloud/end_to_end_encryption/issues/111::text==Experimental E2EE::tooltip==Regarding E2EE their description states 'End-to-end encryption is still in alpha state, don't use this in production and only with test data!'."
   website="https://nextcloud.com/"
   privacy-policy="https://nextcloud.com/privacy/"
   forum="https://forum.privacytools.io/t/discussion-nextcloud/287"

_includes/sections/dns.html

@@ -87,6 +87,10 @@ We also log how many times this or that tracker has been blocked. We need this i
             <span class="flag-icon flag-icon-jp"></span>
             Japan
           </span>
+          <span class="no-text-wrap">
+            <span class="flag-icon flag-icon-sg"></span>
+            Singapore
+          </span>
         </td>
         <td>
           <div
@@ -116,12 +120,9 @@ We also log how many times this or that tracker has been blocked. We need this i
           </span>
           <span class="no-text-wrap">
             malicious domains
-            {% include badge.html
-            link="https://github.com/ookangzheng/blahdns#default-blocked-wildcard-domain"
-            color="warning"
-            icon="fas fa-exclamation-triangle"
-            tooltip="And some wildcard and IDN domains."
-            %}
+          </span>
+          <span class="no-text-wrap">
+            Based on server choice only for DoH
           </span>
         </td>
         <td>
@@ -135,9 +136,6 @@ We also log how many times this or that tracker has been blocked. We need this i
           <span class="no-text-wrap">
             <a href="https://www.choopa.com/">Choopa, LLC</a>,
           </span>
-          <span class="no-text-wrap">
-            <a href="https://www.datacenterlight.ch/">Data Center Light</a>,
-          </span>
           <span class="no-text-wrap">
             <a href="https://www.hetzner.com/">Hetzner Online GmbH</a>
           </span>
@@ -147,12 +145,6 @@ We also log how many times this or that tracker has been blocked. We need this i
       <tr>
         <td data-value="Cloudflare">
           <a href="https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/">Cloudflare</a>
-          {% include badge.html
-          link="https://codeberg.org/crimeflare/cloudflare-tor/"
-          color="warning"
-          icon="fas fa-exclamation-triangle"
-          tooltip="Cloudflare is one of the world's largest networks, and a problem considering anonymity and decentralization."
-          %}
         </td>
         <td>Anycast (based in
           <span class="no-text-wrap">
@@ -168,7 +160,7 @@ We also log how many times this or that tracker has been blocked. We need this i
           </a>
         </td>
         <td>Commercial</td>
-        <td><a data-toggle="tooltip" data-placement="bottom" data-original-title='"We will collect limited DNS query data that is sent to the resolvers. This data does not contain user IP addresses or any other personally identifiable information, and the bulk of the data is only stored for 24 hours."' href="https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/privacy-policy/">Some</a></td>
+        <td><a data-toggle="tooltip" data-placement="bottom" data-original-title="Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver. The 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is only stored for 25 hours." href="https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/">Some</a></td>
         <td>DoH, DoT</td>
         <td>Yes</td>
         <td>Yes</td>
@@ -420,11 +412,6 @@ We also log how many times this or that tracker has been blocked. We need this i
       <tr>
         <td data-value="Quad9">
           <a href="https://quad9.net/">Quad9</a>
-          {% include badge.html
-          color="warning"
-          icon="fas fa-exclamation-triangle"
-          tooltip="Founders include the Global Cyber Alliance, composed of the City of London Police and Manhattan District Attorney's Office."
-          %}
         </td>
         <td>Anycast (based in
           <span class="no-text-wrap">
@@ -543,3 +530,139 @@ We also log how many times this or that tracker has been blocked. We need this i
     </tbody>
   </table>
 </div>
+
+<h1 id="dns-desktop-clients" class="anchor">
+  <a href="#dns-desktop-clients">
+    <i class="fas fa-link anchor-icon"></i>
+  </a> Encrypted DNS Client Recommendations for Desktop
+</h1>
+
+{%
+  include cardv2.html
+  title="Unbound"
+  image="/assets/img/svg/3rd-party/unbound.svg"
+  description='A validating, recursive, caching DNS resolver, supporting DNS-over-TLS, and has been <a href="https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/">independently audited</a>.'
+  website="https://nlnetlabs.nl/projects/unbound/about/"
+  forum="https://forum.privacytools.io/t/discussion-unbound/3563"
+  github="https://github.com/NLnetLabs/unbound"
+%}
+
+{%
+  include cardv2.html
+  title="dnscrypt-proxy"
+  image="/assets/img/svg/3rd-party/dnscrypt-proxy.svg"
+  description='A DNS proxy with support for DNSCrypt, DNS-over-HTTPS, and <a href="https://github.com/DNSCrypt/dnscrypt-protocol/blob/master/ANONYMIZED-DNSCRYPT.txt">Anonymized DNSCrypt</a>, a <a href="https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Anonymized-DNS">relay-based protocol that the hides client IP address.</a>'
+  website="https://github.com/DNSCrypt/dnscrypt-proxy/wiki"
+  forum="https://forum.privacytools.io/t/discussion-dnscrypt-proxy/1498"
+  github="https://github.com/DNSCrypt/dnscrypt-proxy"
+%}
+
+{%
+  include cardv2.html
+  title="Stubby"
+  image="/assets/img/png/3rd-party/stubby.png"
+  description='An application that acts as a local DNS-over-TLS stub resolver. Stubby can be used in <a href="https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Clients#DNSPrivacyClients-Unbound/Stubbycombination">combination with Unbound</a> by managing the upstream TLS connections (since Unbound cannot yet re-use TCP/TLS connections) with Unbound providing a local cache.'
+  website="https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby"
+  forum="https://forum.privacytools.io/t/discussion-stubby/3582"
+  github="https://github.com/getdnsapi/stubby"
+%}
+
+{%
+  include cardv2.html
+  title="Firefox's built-in DNS-over-HTTPS resolver"
+  image="/assets/img/svg/3rd-party/firefox_browser.svg"
+  description='Firefox comes with built-in DNS-over-HTTPS support for <a href="https://blog.mozilla.org/blog/2020/02/25/firefox-continues-push-to-bring-dns-over-https-by-default-for-us-users/">NextDNS and Cloudflare</a> but users can manually any other DoH resolver.'
+  labels="color==warning::icon==fas fa-exclamation-triangle::link==https://developers.cloudflare.com/1.1.1.1/privacy/firefox::text==Warning::tooltip==Cloudflare logs a limited amount of data about the DNS requests that are sent to their custom resolver for Firefox."
+  website="https://support.mozilla.org/en-US/kb/firefox-dns-over-https"
+  privacy-policy="https://wiki.mozilla.org/Security/DOH-resolver-policy"
+  forum="https://forum.privacytools.io/t/discussion-firefox-s-built-in-dns-over-https-resolver/3564"
+%}
+
+<h1 id="dns-android-clients" class="anchor">
+  <a href="#dns-android-clients">
+    <i class="fas fa-link anchor-icon"></i>
+  </a> Encrypted DNS Client Recommendations for Android
+</h1>
+
+{%
+  include cardv2.html
+  title="Android 9's built-in DNS-over-TLS resolver"
+  image="/assets/img/svg/3rd-party/android.svg"
+  description="Android 9 (Pie) comes with built-in DNS-over-TLS support without the need for a 3rd-party application."
+  labels="color==warning::icon==fas fa-exclamation-triangle::link==https://developers.google.com/speed/public-dns/docs/using#android_9_pie_or_later::text==Warning::tooltip==Android 9's DoT settings have no effect when used concurrently with VPN-based apps which override the DNS."
+  website="https://support.google.com/android/answer/9089903#private_dns"
+  forum="https://forum.privacytools.io/t/discussion-android-9s-built-in-dns-over-tls-resolver/3562"
+%}
+
+{%
+  include cardv2.html
+  title="Nebulo"
+  image="/assets/img/png/3rd-party/nebulo.png"
+  description='An open-source Android client supporting DNS-over-HTTPS and DNS-over-TLS, caching DNS responses, and locally logging DNS queries.'
+  website="https://git.frostnerd.com/PublicAndroidApps/smokescreen/-/blob/master/README.md"
+  privacy-policy="https://smokescreen.app/privacypolicy"
+  forum="https://forum.privacytools.io/t/discussion-nebulo/3565"
+  fdroid="https://git.frostnerd.com/PublicAndroidApps/smokescreen#f-droid"
+  googleplay="https://play.google.com/store/apps/details?id=com.frostnerd.smokescreen"
+  source="https://git.frostnerd.com/PublicAndroidApps/smokescreen"
+%}
+
+<h1 id="dns-ios-clients" class="anchor">
+  <a href="#dns-ios-clients">
+    <i class="fas fa-link anchor-icon"></i>
+  </a> Encrypted DNS Client Recommendations for iOS
+</h1>
+
+{%
+  include cardv2.html
+  title="DNSCloak"
+  image="/assets/img/png/3rd-party/dnscloak.png"
+  description='An open-source iOS client supporting DNS-over-HTTPS, DNSCrypt, and <a href="https://github.com/DNSCrypt/dnscrypt-proxy/wiki">dnscrypt-proxy</a> options such as caching DNS responses, locally logging DNS queries, and custom block lists. Users can <a href="https://blog.privacytools.io/adding-custom-dns-over-https-resolvers-to-dnscloak/">add custom resolvers by DNS stamp</a>.'
+  website="https://github.com/s-s/dnscloak/blob/master/README.md"
+  privacy-policy="https://drive.google.com/file/d/1050No_pU74CAWUS5-BwQWyO2x_aiMzWc/view"
+  forum="https://forum.privacytools.io/t/discussion-dnscloak/3566"
+  ios="https://apps.apple.com/app/id1452162351"
+  github="https://github.com/s-s/dnscloak"
+%}
+
+<h2 id="appledns" class="anchor">
+  <a href="#appledns">
+    <i class="fas fa-link anchor-icon"></i>
+  </a>Apple's native support
+</h2>
+
+<p>
+  In iOS, iPadOS, tvOS 14 and macOS 11, DoT and DoH were introduced. DoT and DoH are supported natively by installation of profiles (through mobileconfig files opened in <em>Safari</em>).
+  After installation, the encrypted DNS server can be selected in <em>Settings &rarr; General &rarr; VPN and Network &rarr; DNS</em>.
+</p>
+
+<ul>
+  <li><strong>Signed profiles</strong> are offered by <a href="https://adguard.com/en/blog/encrypted-dns-ios-14.html">AdGuard</a> and <a href="https://apple.nextdns.io/">NextDNS</a>.</li>
+  <li>User contributed <strong>unsigned profiles</strong> for several DNS providers are hosted by <a href="https://encrypted-dns.party/">encrypted-dns.party</a>.</li>
+</ul>
+
+<h2 id="dns-definitions" class="anchor">
+  <a href="#dns-definitions">
+    <i class="fas fa-link anchor-icon"></i>
+  </a> Definitions
+</h2>
+
+<h4>DNS-over-TLS (DoT)</h4>
+<p>
+  A security protocol for encrypted DNS on a dedicated port 853. Some providers support port 443 which generally works everywhere while port 853 is often blocked by restrictive firewalls.
+</p>
+
+<h4>DNS-over-HTTPS (DoH)</h4>
+<p>
+  Similar to DoT, but uses HTTPS instead, being indistinguishable from "normal" HTTPS traffic on port 443 and more difficult to block. {% include badge.html color="warning" text="Warning" tooltip="DoH contains metadata such as user-agent (which may include system information) that is sent to the DNS server." link="https://tools.ietf.org/html/rfc8484#section-8.2" icon="fas fa-exclamation-triangle" %}
+</p>
+
+<h4>DNSCrypt</h4>
+<p>
+  With an <a href="https://dnscrypt.info/protocol/">open specification</a>, DNSCrypt is an older, yet robust method for encrypting DNS.
+</p>
+
+<h4>Anonymized DNSCrypt</h4>
+<p>
+  A <a href="https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Anonymized-DNS">lightweight protocol</a> that hides the client IP address by using pre-configured relays to forward encrypted DNS data. This is a relatively new protocol created in 2019 currently only supported by <a href="#dns-desktop-clients">dnscrypt-proxy</a> and a limited number of <a href="https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/relays.md">relays</a>.
+</p>

_includes/sections/email-clients.html

@@ -45,7 +45,7 @@
 <h3>Worth Mentioning</h3>
 
 <ul>
-  <li><a href="https://github.com/k9mail/k-9/releases">K-9 Mail</a> - An independent mail application for Android. It supports both POP3 and IMAP mailboxes, but only supports push mail for IMAP.</li>
+  <li><a href="https://k9mail.app/">K-9 Mail</a> - An independent mail application for Android. It supports both POP3 and IMAP mailboxes, but only supports push mail for IMAP.</li>
   <li><a href="https://www.gnupg.org/">GNU Privacy Guard</a> - Email Encryption. GnuPG is a GPL Licensed alternative to the PGP suite of cryptographic software. <a href="https://theprivacyguide.org/tutorials/gpg.html">Tutorial.</a> Use <a href="https://gpgtools.org/">GPGTools for macOS.</a></li>
   <li><a href="https://www.mailpile.is/">Mailpile (Beta)</a> - A modern, fast web-mail client with user-friendly encryption and privacy features.</li>
 </ul>

_includes/sections/email-providers.html

@@ -117,42 +117,6 @@
     <p>Posteo allows users to <a href="https://posteo.de/en/help/does-posteo-offer-mailing-lists">set up their own mailing lists</a>. Each account can create one list for free.</p>
     </div>
   </div>
-  <div class="row mb-2">
-    <div class="col-lg-3 col-sm-12 pt-lg-5">
-      <img
-        src="/assets/img/svg/3rd-party/soverin.svg"
-        height="70"
-        width="200"
-        class="img-fluid d-block mr-auto ml-auto align-middle"
-        alt="Soverin">
-    </div>
-    <div class="col">
-    <h2 id="soverin" class="anchor"><a href="#soverin"><i class="fas fa-link anchor-icon"></i></a> Soverin {% include badge.html color="info" text="€29/y" %}</h2>
-    <p><strong><a href="https://soverin.net">Soverin.net</a></strong> is an email provider which focuses on being private, ad-free, and powered by sustainable energy. They have been in operation since <strong>2015</strong>. Soverin is based in <span class="flag-icon flag-icon-nl"></span> Amsterdam and does not have a free trial. Accounts start at 25 GB.</p>
-
-    <h5>{% include badge.html color="success" text="Domains and Aliases" %}</h5>
-    <p>Soverin lets users use their own domain. Soverin users can also use <a href="https://support.soverin.net/hc/en-us/articles/115004811093-How-can-I-setup-a-catch-all-on-my-domain-">catch-all</a> and <a href="https://support.soverin.net/hc/en-us/articles/115004811073-How-can-I-add-an-alias-to-my-domain-">aliases</a> for domains they own. Soverin also allows for <a href="https://support.soverin.net/hc/en-us/articles/115004811033-Do-support-the-plus-syntax-subaddressing-">subaddressing</a>, which is useful for users who don't want to purchase a domain.</p>
-
-    <h5>{% include badge.html color="success" text="Payment Methods" %}</h5>
-    <p>Soverin accepts Bitcoin as payment. They also accept credit/debit cards, PayPal, and the Netherlands-specific payment gateway iDEAL.</p>
-
-    <h5>{% include badge.html color="success" text="Account Security" %}</h5>
-    <p>Soverin supports <a href="https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm">TOTP</a> two factor authentication <a href="https://support.soverin.net/hc/en-us/articles/360008819553-Setting-up-2-Factor-Authentication-2FA-Webmail-only">for webmail only</a>. They do not allow <a href="https://en.wikipedia.org/wiki/Universal_2nd_Factor">U2F</a> security key authentication.</p>
-
-    <h5>{% include badge.html color="warning" text="Data Security" %}</h5>
-    <p>Soverin has <a href="https://support.soverin.net/hc/en-us/articles/115004810713-Technical-details-about-Soverin">encryption at rest</a> however it doesn't appear to be "zero access", meaning it is technically possible for them to decrypt the data they have.</p>
-    <p>Soverin also uses the standard <a href="https://en.wikipedia.org/wiki/CalDAV">CalDAV</a> and <a href="https://en.wikipedia.org/wiki/CardDAV">CardDAV</a> protocols for calendars and contacts, which do not support E2EE. A <a href="/software/calendar-contacts/">standalone option</a> may be more appropriate.</p>
-
-    <h5>{% include badge.html color="success" text="Email Encryption" %}</h5>
-    <p>Soverin has integrated encryption in their webmail, which simplifies sending messages to users. However, Soverin has not integrated a <a href="https://wiki.gnupg.org/WKD">Web Key Directory (WKD)</a> for users on their platform.<p>
-
-    <h5>{% include badge.html color="danger" text=".onion Service" %}</h5>
-    <p>Soverin does not operate a .onion service.</p>
-
-    <h5>{% include badge.html color="info" text="Extra Functionality" %}</h5>
-    <p>Soverin also providers users with space for a personal webpage.</p>
-    </div>
-  </div>
   <div class="row mb-2">
     <div class="col-lg-3 col-sm-12 pt-lg-5">
       <img

_includes/sections/file-encryption.html

@@ -72,4 +72,10 @@
     link="https://github.com/aonez/Keka#so-where-is-the-source-code"
     tooltip="This software is no longer open source."
     %}</li>
+    <li><a href="https://kryptor.co.uk/">Kryptor</a> is a file encryption program for Windows, MacOS, and Linux.
+      {% include badge.html
+      color="warning"
+      icon="fas fa-exclamation-triangle"
+      tooltip="As Kryptor is still in beta, it may not be stable."
+      %}</li>
 </ul>

_includes/sections/file-sharing.html

@@ -1,18 +1,5 @@
 <h1 id="filesharing" class="anchor"><a href="#filesharing"><i class="fas fa-link anchor-icon"></i></a> File Sharing</h1>
 
-{% include cardv2.html
-  title="Firefox Send"
-  image="/assets/img/svg/3rd-party/firefox_send.svg"
-  labels="color==warning::link==https://send.firefox.com/legal::text==Warning::tooltip==IP addresses are retained in logs for 90 days."
-  description="Firefox Send uses end-to-end encryption to keep your data secure from the moment you share to the moment your file is opened. It also offers security controls that you can set. You can choose when your file link expires, the number of downloads, and whether you would like to add a password for an extra layer of security."
-  website="https://send.firefox.com/"
-  privacy-policy="https://send.firefox.com/legal"
-  forum="https://forum.privacytools.io/t/discussion-firefox-send/755"
-  github="https://github.com/mozilla/send"
-  web="https://send.firefox.com/"
-  googleplay="https://play.google.com/store/apps/details?id=org.mozilla.firefoxsend"
-%}
-
 {% include cardv2.html
   title="OnionShare"
   image="/assets/img/svg/3rd-party/onionshare.svg"

_includes/sections/header.html

@@ -1,7 +1,3 @@
-<div class="alert alert-success" role="alert">
-  <strong>New!</strong> Financial <a href="https://opencollective.com/privacytools" class="alert-link">contributions</a> to {{ site.name }} are now tax deductible in the US! <a href="https://blog.privacytools.io/privacytools-io-joins-the-open-collective-foundation" class="alert-link">Learn more...</a>
-</div>
-
 <div class="jumbotron p-5">
   <h1 class="display-4">
     <a href="{{ site.production_url }}" title="{{ site.name }}">

_includes/sections/hosting-provider.html

@@ -6,7 +6,7 @@
   image-dark="/assets/img/svg/3rd-party/bahnhof-dark.svg"
   description="Bahnhof is one of Sweden’s largest network operators, founded in 1994. They specialize in innovative data center construction: Extreme security coupled with low-cost green energy has made them world famous."
   website="https://www.bahnhof.net/"
-  privacy-policy="https://www.bahnhof.net/page/privacy-policy"
+  privacy-policy="https://bahnhof.se/filestorage/userfiles/file/PrivacyPolicy_Bahnhof.pdf"
   forum="https://forum.privacytools.io/t/discussion-bahnhof-net/341"
 %}
 

_includes/sections/instant-messenger.html

@@ -78,7 +78,7 @@
   website="https://element.io"
   privacy-policy="https://element.io/privacy"
   forum="https://forum.privacytools.io/t/discussion-element-io/665"
-  github="https://github.com/vector-im/riot-web/"
+  github="https://github.com/vector-im/element-web"
   windows="https://element.io/get-started"
   mac="https://element.io/get-started"
   linux="https://element.io/get-started"

_includes/sections/key-disclosure-law.html

@@ -12,7 +12,6 @@
   <ol class="card-ol">
     <li><a href="https://en.wikipedia.org/wiki/Key_disclosure_law#Antigua_and_Barbuda">Antigua and Barbuda</a> <div class="float-right"><span class="flag-icon flag-icon-ag"></span></div></li>
     <li><a href="https://en.wikipedia.org/wiki/Key_disclosure_law#Australia">Australia</a> <div class="float-right"><span class="flag-icon flag-icon-au"></span></div></li>
-    <li><a href="https://en.wikipedia.org/wiki/Key_disclosure_law#Canada">Canada</a> <div class="float-right"><span class="flag-icon flag-icon-ca"></span></div></li>
     <li><a href="https://en.wikipedia.org/wiki/Key_disclosure_law#France">France</a> <div class="float-right"><span class="flag-icon flag-icon-fr"></span></div></li>
     <li><a href="https://en.wikipedia.org/wiki/Key_disclosure_law#India">India</a> <div class="float-right"><span class="flag-icon flag-icon-in"></span></div></li>
     <li><a href="https://en.wikipedia.org/wiki/Key_disclosure_law#Ireland">Ireland</a> <div class="float-right"><span class="flag-icon flag-icon-ie"></span></div></li>
@@ -42,6 +41,7 @@
   title="Key disclosure laws don't apply"
   body='
   <ol class="card-ol">
+    <li><a href="https://en.wikipedia.org/wiki/Key_disclosure_law#Canada">Canada</a> <div class="float-right"><span class="flag-icon flag-icon-ca"></span></div></li>
     <li><a href="https://en.wikipedia.org/wiki/Key_disclosure_law#Czech_Republic">Czech Republic</a> <div class="float-right"><span class="flag-icon flag-icon-cz"></span></div></li>
     <li><a href="https://en.wikipedia.org/wiki/Key_disclosure_law#Germany">Germany</a> <div class="float-right"><span class="flag-icon flag-icon-de"></span></div></li>
     <li><a href="https://en.wikipedia.org/wiki/Key_disclosure_law#Iceland">Iceland</a> <div class="float-right"><span class="flag-icon flag-icon-is"></span></div></li>

_includes/sections/operating-systems.html

@@ -45,7 +45,7 @@
   image="/assets/img/svg/3rd-party/archlinux.svg"
   description='A simple, lightweight Linux distribution. It is composed predominantly of free and open-source software, and supports community involvement.'
   badges="info:Linux"
-  labels="color==success::link==https://tests.reproducible-builds.org/archlinux/archlinux.html::text==Reproducable builds"
+  labels="color==success::link==https://tests.reproducible-builds.org/archlinux/archlinux.html::text==Reproducible builds"
   website="https://www.archlinux.org/"
   privacy-policy="https://wiki.archlinux.org/index.php/ArchWiki:Privacy_policy"
   gitlab="https://gitlab.archlinux.org"
@@ -56,7 +56,7 @@
   image="/assets/img/svg/3rd-party/debian.svg"
   description='Debian is a Unix-like computer operating system and a Linux distribution that is composed entirely of free and open-source software, most of which is under the GNU General Public License, and packaged by a group of individuals known as the Debian project.'
   badges="info:Linux"
-  labels="color==success::link==https://reproducible.debian.net::text==Reproducable builds"
+  labels="color==success::link==https://reproducible.debian.net::text==Reproducible builds"
   website="https://www.debian.org/"
   privacy-policy="https://www.debian.org/legal/privacy"
   tor="http://sejnfjrq6szgca7v.onion"
@@ -68,7 +68,7 @@
   image="/assets/img/svg/3rd-party/nixos.svg"
   description='NixOS is a Linux distribution with a unique approach to package and configuration management. Built on top of the Nix package manager, it is completely declarative, makes upgrading systems reliable, and has many <a href="https://nixos.org/features.html">other advantages</a>.'
   badges="info:Linux"
-  labels="color==success::link==https://r13y.com::text==Reproducable builds"
+  labels="color==success::link==https://r13y.com::text==Reproducible builds"
   website="https://nixos.org"
   privacy-policy="https://nixos.wiki/wiki/NixOS_Wiki:Privacy_policy"
   github="https://github.com/NixOS"

_includes/sections/router-firmware.html

@@ -20,3 +20,13 @@
   privacy-policy="https://www.pfsense.org/privacy.html"
   github="https://github.com/pfsense/"
 %}
+
+{% include cardv2.html
+  title="LibreCMC"
+  image="/assets/img/svg/3rd-party/librecmc.svg"
+  image-dark="/assets/img/svg/3rd-party/librecmc-dark.svg"
+  description="LibreCMC is a GNU/Linux-libre distribution for computers with minimal resources, such as the Ben Nanonote, ath9k-based Wi-Fi routers, and other hardware with emphasis on free software. The project's current goal is to aim for compliance with the GNU Free System Distribution Guidelines (GNU FSDG) and ensure that the project continues to meet these requirements set forth by the Free Software Foundation (FSF)."
+  badges="info:GNU/Linux"
+  website="https://librecmc.org"
+  git="https://gogs.librecmc.org/libreCMC/libreCMC"
+%}

_includes/sections/selfhosted-cloud.html

@@ -8,7 +8,6 @@
   title="Nextcloud"
   image="/assets/img/svg/3rd-party/nextcloud.svg"
   description="<strong>Nextcloud</strong> is a suite of free and open-source client-server software for creating your own file hosting services on a private server you control. The only limits on storage and bandwidth are the limits on the <a href=\"/providers/hosting\">server provider</a> you choose."
-  labels="color==warning::link==https://github.com/nextcloud/end_to_end_encryption/issues/111::text==Experimental E2EE::tooltip==Regarding E2EE their description states 'End-to-end encryption is still in alpha state, don't use this in production and only with test data!'."
   website="https://nextcloud.com/"
   privacy-policy="https://nextcloud.com/privacy/"
   forum="https://forum.privacytools.io/t/discussion-nextcloud/287"

_includes/sections/social-news-aggregator.html

@@ -20,7 +20,7 @@ linux="https://getaether.net/download/"
 {% include cardv2.html
 title="Tildes"
 image="/assets/img/svg/3rd-party/tildes.svg"
-description='Tildes is a web-based self-hostable online bulletin board. It is licensed under <a href="https://gitlab.com/tildes/tildes/blob/master/LICENSE">GPL 3.0</a>.'
+description='Tildes is a web-based self-hostable online bulletin board. It is licensed under <a href="https://gitlab.com/tildes/tildes/blob/master/LICENSE">AGPLv3</a>.'
 website="https://tildes.net"
 privacy-policy="https://docs.tildes.net/policies/privacy-policy"
 forum="https://forum.privacytools.io/t/discussion-tildes/1257"

_includes/sections/teamchat.html

@@ -17,7 +17,7 @@
   website="https://element.io"
   privacy-policy="https://element.io/privacy"
   forum="https://forum.privacytools.io/t/discussion-element-io/665"
-  github="https://github.com/vector-im/riot-web/"
+  github="https://github.com/vector-im/element-web"
   windows="https://element.io/get-started"
   mac="https://element.io/get-started"
   linux="https://element.io/get-started"

_includes/sections/tor-operating-systems.html

@@ -19,5 +19,6 @@
   description='A Debian-based security-focused Linux distribution. It aims to provide privacy, security and anonymity on the internet. The operating system consists of two virtual machines, a "Workstation" and a Tor "Gateway". All communication are forced through the Tor network to accomplish this. <a href="https://www.whonix.org/wiki/Qubes/Why_use_Qubes_over_other_Virtualizers">Whonix is best used in conjunction with Qubes.</a>'
   badges="info:Linux"
   website="https://www.whonix.org/"
+  tor="http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/"
   github="https://github.com/Whonix"
 %}

_includes/sections/voice-video-messenger.html

@@ -17,7 +17,24 @@
   mac="https://www.linphone.org/technical-corner/linphone?qt-technical_corner=2#qt-technical_corner"
   fdroid="https://f-droid.org/packages/org.linphone"
   googleplay="https://play.google.com/store/apps/details?id=org.linphone"
-  ios="https://itunes.apple.com/us/app/linphone/id360065638?mt=8"
+  ios="https://apps.apple.com/us/app/linphone/id360065638"
+%}
+
+{% include cardv2.html
+  title="Jitsi Meet"
+  image="/assets/img/svg/3rd-party/jitsi.svg"
+  website="https://jitsi.org/jitsi-meet/"
+  privacy-policy="https://jitsi.org/security/"
+  description='Jitsi Meet is a free and open-source multiplatform voice (VoIP), video conferencing, and instant messaging application with optional E2EE. It can be used from the browser, in <a href="https://github.com/jitsi/jitsi-meet-electron/releases">desktop applications</a> or on smartphones. Additional features include screen sharing for presentations and an always-on-top floating call window when minimized. See the <a href="https://github.com/jitsi/jitsi-meet/wiki/Jitsi-Meet-Instances">list of public Jitsi Meet instances</a>.'
+  labels="color==warning::text==Requires WebRTC::tooltip==Our Firefox tweaks recommend disabling WebRTC as it can be used to leak your IP address even behind a VPN, which is why Tor Browser disables it.|color==warning::link==https://github.com/jitsi/lib-jitsi-meet/blob/master/doc/e2ee.md::text==Experimental E2EE::tooltip==E2EE in Jitsi Meet is dependent on Insertable Streams, which is currently supported in Chrome but not Firefox. The mobile apps also do not support E2EE for the moment. Prefer to use the desktop apps instead."
+  forum="https://forum.privacytools.io/t/discussion-jitsi-meet/1577"
+  github="https://github.com/jitsi/jitsi-meet"
+  windows="https://github.com/jitsi/jitsi-meet-electron/releases"
+  linux="https://github.com/jitsi/jitsi-meet-electron/releases"
+  mac="https://github.com/jitsi/jitsi-meet-electron/releases"
+  fdroid="https://f-droid.org/en/packages/org.jitsi.meet/"
+  googleplay="https://play.google.com/store/apps/details?id=org.jitsi.meet"
+  ios="https://apps.apple.com/us/app/jitsi-meet/id1165103905"
 %}
 
 {% include cardv2.html
@@ -34,29 +51,6 @@
   ios="https://apps.apple.com/us/app/mumble/id443472808?ls=1"
 %}
 
-<h3>Worth Mentioning</h3>
-
-<ul>
-  <li>
-    <a href="https://jitsi.org/jitsi-meet/">Jitsi Meet</a> - Jitsi Meet is a free and open-source multiplatform voice (VoIP), video conferencing, and instant messaging application.
-
-    {% include badge.html
-    color="warning"
-    icon="fas fa-exclamation-triangle"
-    text="Requires WebRTC"
-    tooltip="Our Firefox tweaks recommend disabling WebRTC as it can be used to leak your IP address even behind a VPN, which is why Tor Browser disables it."
-    %}
-
-    {% include badge.html
-    color="warning"
-    icon="fas fa-exclamation-triangle"
-    link="https://jitsi.org/security"
-    text="Multiparty meetings are not E2EE"
-    %}
-
-    See also <a href="https://github.com/jitsi/jitsi-meet/wiki/Jitsi-Meet-Instances">list of public Jitsi Meet instances</a>.
-  </li>
-</ul>
 <h3>Related Information</h3>
 
 <ul>

_includes/sections/vpn.html

@@ -30,6 +30,7 @@
     <blockquote class="blockquote">
       <p class="mb-0">...Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint.</p>
     </blockquote>
+    <p>In 2020 a second audit <a href="https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/">was announced</a> and the <a href="https://cure53.de/pentest-report_mullvad_2020_v2.pdf">final audit report</a> was made available on Cure53's website.</p>
     <h5>{% include badge.html color="success" text="Open Source Clients" %}</h5>
     <p>Mullvad provides the source code for their desktop and mobile clients in their <a href="https://github.com/mullvad/mullvadvpn-app">GitHub organization</a>.</p>
     <h5>{% include badge.html color="success" text="Accepts Bitcoin" %}</h5>
@@ -41,7 +42,7 @@
     <h5>{% include badge.html color="success" text="Remote Port Forwarding" %}</h5>
     <p>Remote <a href="https://en.wikipedia.org/wiki/Port_forwarding">port forwarding</a> is allowed on Mullvad, see <a href="https://mullvad.net/help/port-forwarding-and-mullvad/">Port forwarding with Mullvad VPN</a>.</p>
     <h5>{% include badge.html color="success" text="Mobile Clients" %}</h5>
-    <p>Mullvad has published <a href ="https://apps.apple.com/app/mullvad-vpn/id1488466513">App Store</a> and <a href="https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn">Google Play</a> clients, both supporting an easy-to use interface as opposed to requiring users to manual configure their WireGuard connections. The mobile client on Android is also available in <a href="https://f-droid.org/packages/net.mullvad.mullvadvpn">F-Droid</a>, which ensures that it is compiled with <a href="https://www.f-droid.org/en/2019/05/05/trust-privacy-and-free-software.html">reproducable builds</a>.</p></p>
+    <p>Mullvad has published <a href ="https://apps.apple.com/app/mullvad-vpn/id1488466513">App Store</a> and <a href="https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn">Google Play</a> clients, both supporting an easy-to use interface as opposed to requiring users to manual configure their WireGuard connections. The mobile client on Android is also available in <a href="https://f-droid.org/packages/net.mullvad.mullvadvpn">F-Droid</a>, which ensures that it is compiled with <a href="https://www.f-droid.org/en/2019/05/05/trust-privacy-and-free-software.html">reproducible builds</a>.</p></p>
     <h5>{% include badge.html color="info" text="Extra Functionality" %}</h5>
     <p>The Mullvad VPN clients have a built-in killswitch to block internet connections outside of the VPN. They also are able to automatically start on boot. The Mullvad website is also accessible via Tor at <a href="http://xcln5hkbriyklr6n.onion/">xcln5hkbriyklr6n.onion</a>.</p>
     </div>
@@ -68,7 +69,7 @@
     <h5>{% include badge.html color="success" text="Accepts Bitcoin" %}</h5>
     <p>ProtonVPN does technically accept Bitcoin payments; however, you either need to have an existing account, or contact their support team in advance to register with Bitcoin.</p>
     <h5>{% include badge.html color="success" text="Mobile Clients" %}</h5>
-    <p>In addition to providing standard OpenVPN configuration files, ProtonVPN has mobile clients for <a href="https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085">App Store</a> and <a href="https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US">Google Play</a> allowing for easy connections to their servers. The mobile client on Android is also available in <a href="https://f-droid.org/en/packages/ch.protonvpn.android">F-Droid</a>, which ensures that it is compiled with <a href="https://www.f-droid.org/en/2019/05/05/trust-privacy-and-free-software.html">reproducable builds</a>.</p>
+    <p>In addition to providing standard OpenVPN configuration files, ProtonVPN has mobile clients for <a href="https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085">App Store</a> and <a href="https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US">Google Play</a> allowing for easy connections to their servers. The mobile client on Android is also available in <a href="https://f-droid.org/en/packages/ch.protonvpn.android">F-Droid</a>, which ensures that it is compiled with <a href="https://www.f-droid.org/en/2019/05/05/trust-privacy-and-free-software.html">reproducible builds</a>.</p>
     <h5>{% include badge.html color="warning" text="No Port Forwarding" %}</h5>
     <p>ProtonVPN does not currently support remote port forwarding, which may impact some applications. Especially Peer-to-Peer applications like Torrent clients.</p>
     <h5>{% include badge.html color="info" text="Extra Functionality" %}</h5>
@@ -100,7 +101,7 @@
     <h5>{% include badge.html color="success" text="Remote Port Forwarding" %}</h5>
     <p>Remote <a href="https://en.wikipedia.org/wiki/Port_forwarding">port forwarding</a> is possible with a Pro plan. Port forwarding <a href="https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html">can be activated</a> via the client area. Port forwarding is only available on IVPN when <a href="https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html">using OpenVPN and is disabled on US servers</a>.</p>
     <h5>{% include badge.html color="success" text="Mobile Clients" %}</h5>
-    <p>In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for <a href="https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683">App Store</a> and <a href="https://play.google.com/store/apps/details?id=net.ivpn.client">Google Play</a> allowing for easy connections to their servers. The mobile client on Android is also available in <a href="https://f-droid.org/en/packages/net.ivpn.client">F-Droid</a>, which ensures that it is compiled with <a href="https://www.f-droid.org/en/2019/05/05/trust-privacy-and-free-software.html">reproducable builds</a>.</p>
+    <p>In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for <a href="https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683">App Store</a> and <a href="https://play.google.com/store/apps/details?id=net.ivpn.client">Google Play</a> allowing for easy connections to their servers. The mobile client on Android is also available in <a href="https://f-droid.org/en/packages/net.ivpn.client">F-Droid</a>, which ensures that it is compiled with <a href="https://www.f-droid.org/en/2019/05/05/trust-privacy-and-free-software.html">reproducible builds</a>.</p>
     <h5>{% include badge.html color="info" text="Extra Functionality" %}</h5>
     <p>The IVPN clients have a built-in killswitch to block internet connections outside of the VPN. They also are able to automatically start on boot. IVPN also provides "<a href="https://www.ivpn.net/antitracker">AntiTracker</a>" functionality, which blocks advertising networks and trackers from the network level.</p>
     </div>

_includes/sponsors/gold.html

@@ -1,10 +1,40 @@
-<div class="d-flex flex-wrap justify-content-center">
+<div class="d-flex flex-wrap justify-content-around">
   <a class="m-3" href="https://safing.io" target="_blank" rel="noreferrer">
     <img
       src="/assets/img/svg/3rd-party/sponsors/safing.svg"
-      data-theme-src="/assets/img/svg/3rd-party/sponsors/safing-dark.svg"
-      width="210rem"
+      {% unless page.url == '/sponsors/' %}data-theme-src="/assets/img/svg/3rd-party/sponsors/safing-dark.svg"{% endunless %}
+      height="70rem"
       title="Safing Privacy Network - Launching on Kickstarter January 2nd, 2020"
       alt="Safing Privacy Network - Safing.io Logo" />
   </a>
+  <a class="m-3" href="https://www.oeck.com" target="_blank" rel="noreferrer">
+    <img
+      src="/assets/img/png/3rd-party/sponsors/oeck.png"
+      {% unless page.url == '/sponsors/' %}data-theme-src="/assets/img/png/3rd-party/sponsors/oeck-dark.png"{% endunless %}
+      height="70rem"
+      title="Oeck - A new type of VPN - Unique, fast and private."
+      alt="Insurgo Logo" />
+  </a>
+  <a class="m-3" href="https://insurgo.ca" target="_blank" rel="noreferrer">
+    <img
+      src="/assets/img/png/3rd-party/sponsors/insurgo.png"
+      height="70rem"
+      title="Insurgo Technologies Libres / Open Technologies — Empower yourself!"
+      alt="Insurgo Logo" />
+  </a>
+  <a class="m-3" href="https://joindeleteme.com" target="_blank" rel="noreferrer">
+    <img
+      src="/assets/img/png/3rd-party/sponsors/deleteme.png"
+      height="70rem"
+      title="DeleteMe is a hands-free subscription service that removes your personal information from data brokers and prevents it from being sold online."
+      alt="DeleteMe Logo" />
+  </a>
+  <a class="m-3" href="https://www.removemyphone.com" target="_blank" rel="noreferrer">
+    <img
+      src="/assets/img/png/3rd-party/sponsors/removemyphone.png"
+      {% unless page.url == '/sponsors/' %}data-theme-src="/assets/img/png/3rd-party/sponsors/removemyphone-dark.png"{% endunless %}
+      height="70rem"
+      title="RemoveMyPhone helps you delete your data from data broker sites and Google, Bing, and Yahoo search results."
+      alt="RemoveMyPhone Logo" />
+  </a>
 </div>

_includes/sponsors/list.html

@@ -1,6 +1,9 @@
 <ul class="d-flex flex-wrap list-group-flush">
+  <li class="list-group-item flex-fill">Alex</li>
   <li class="list-group-item flex-fill">Daw-Ran Liou</li>
+  <li class="list-group-item flex-fill">Greg Werbin</li>
   <li class="list-group-item flex-fill">Michael DeMichillie</li>
+  <li class="list-group-item flex-fill">Nathan Myers</li>
   <li class="list-group-item flex-fill">PablO</li>
   <li class="list-group-item flex-fill">Syfaer</li>
   <li class="list-group-item flex-fill">the0</li>

_includes/sponsors/silver.html

@@ -25,3 +25,12 @@
     </div>
   </div>
 </div>
+<div class="col-6 col-sm-4 col-md-3 my-3">
+  <div class="d-flex justify-content-start">
+    <div><a href="https://www.scams.info"><img src="/assets/img/png/3rd-party/sponsors/scamsinfo.png" class="mx-3" width="64" height="64" title="An Overview of the Safest Online Gambling Sites in the UK" alt="scams.info"></a></div>
+    <div class="d-flex flex-column align-self-center">
+    <p class="my-0"><strong>scams.info</strong></p>
+    <a href="https://www.scams.info" class="my-0">https://www.scams.info</a>
+    </div>
+  </div>
+</div>

assets/img/svg/3rd-party/xbrowsersync.svg

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><g id="XMLID_1_" transform="matrix(.22578 0 0 .22578 3.8879 -1.6667e-7)"><g id="XMLID_44_" fill="#0a323d"><polygon id="XMLID_37_" points="0 41.667 0 58.333 43.334 83.333 43.334 66.667"/><polygon id="XMLID_38_" points="14.445 83.333 14.445 100 57.778 125 57.778 108.33"/><polygon id="XMLID_39_" points="0 108.33 0 125 43.334 150 43.334 133.33"/><polygon id="XMLID_40_" points="43.334 33.333 43.334 50 86.667 75 86.667 58.333"/><polygon id="XMLID_41_" points="57.778 8.333 57.778 25.038 101.11 50 101.11 33.333"/><polygon id="XMLID_42_" points="57.778 74.995 57.778 91.661 101.11 116.66 101.11 99.995"/><polygon id="XMLID_43_" points="28.889 58.333 28.889 75 72.223 100 72.223 83.333"/></g><g id="XMLID_36_" fill="#267d91"><polygon id="XMLID_26_" points="0 41.667 14.445 33.333 57.778 58.333 43.334 66.667"/><polygon id="XMLID_28_" points="14.39 49.971 28.835 41.638 72.168 66.638 57.724 74.971"/><polygon id="XMLID_29_" points="28.889 58.333 43.334 50 86.667 75 72.223 83.333"/><polygon id="XMLID_30_" points="43.333 33.371 57.778 25.038 101.11 50 86.667 58.371"/><polygon id="XMLID_31_" points="57.778 8.333 72.223 0 115.56 25 101.11 33.333"/><polygon id="XMLID_32_" points="43.279 66.638 57.724 58.305 101.06 83.305 86.613 91.638"/><polygon id="XMLID_33_" points="57.778 75 72.223 66.667 115.56 91.667 101.11 100"/><polygon id="XMLID_34_" points="14.445 83.333 28.889 75 72.223 100 57.778 108.33"/><polygon id="XMLID_35_" points="0 108.33 14.445 100 57.778 125 43.334 133.33"/></g><g id="XMLID_17_" fill="#71d2e2"><polygon id="XMLID_18_" points="57.778 58.333 57.778 75 43.334 83.333 43.334 66.667"/><polygon id="XMLID_19_" points="72.223 66.667 72.223 83.333 57.778 91.667 57.778 75"/><polygon id="XMLID_20_" points="86.667 75 86.667 91.667 72.223 100 72.223 83.333"/><polygon id="XMLID_21_" points="101.11 50 101.11 66.667 86.667 75 86.667 58.333"/><polygon id="XMLID_22_" points="115.56 25 115.56 41.667 101.11 50 101.11 33.333"/><polygon id="XMLID_23_" points="101.12 83.328 101.12 99.995 86.677 108.33 86.677 91.661"/><polygon id="XMLID_24_" points="115.56 91.667 115.56 108.33 101.11 116.67 101.11 100"/><polygon id="XMLID_25_" points="72.223 100 72.223 116.67 57.778 125 57.778 108.33"/><polygon id="XMLID_64_" points="57.778 125 57.778 141.67 43.334 150 43.334 133.33"/></g></g></svg>

assets/js/main.js

@@ -94,24 +94,3 @@ if (
 ) {
   fixThemeImages();
 }
-
-
-// Matomo
-var _paq = window._paq || [];
-/* tracker methods like "setCustomDimension" should be called before "trackPageView" */
-_paq.push(["trackPageView"]);
-_paq.push(["enableLinkTracking"]);
-(function() {
-  var u = "https://stats.privacytools.io/";
-  _paq.push(["setTrackerUrl", u + "matomo.php"]);
-  _paq.push(["setSiteId", "1"]);
-  _paq.push(['setSecureCookie', true]);
-  var d = document,
-    g = d.createElement("script"),
-    s = d.getElementsByTagName("script")[0];
-  g.type = "text/javascript";
-  g.async = true;
-  g.defer = true;
-  g.src = u + "matomo.js";
-  s.parentNode.insertBefore(g, s);
-})();

index.html

@@ -7,13 +7,12 @@ layout: default
 {% include sections/resources.html %}
 
 <h1 id="sponsors" class="anchor"><a href="#sponsors"><i class="fas fa-link anchor-icon"></i></a> Sponsors</h1>
-
-<div class="alert alert-success" role="alert">
-  <strong>New!</strong> Showcase your brand as a sponsor of PrivacyTools and support our mission of creating a world free of mass surveillance! <a href="/sponsors/" class="alert-link">Learn more...</a>
-</div>
-<div class="mt-4">
+<div class="mx-4">
   {% include sponsors/gold.html %}
 </div>
+<div class="alert alert-info mt-5" role="alert">
+  Showcase your brand as a sponsor of PrivacyTools and support our mission of creating a world free of mass surveillance! <a href="/sponsors/" class="alert-link">Learn more...</a>
+</div>
 
 {% include sections/quotes.html %}
 {% include sections/privacy-resources.html %}

nginx/010-headers.conf

@@ -1,10 +1,11 @@
 add_header X-Frame-Options DENY always;
 add_header X-XSS-Protection "1; mode=block" always;
 add_header X-Content-Type-Options nosniff always;
-add_header Content-Security-Policy "default-src 'none'; script-src 'self' https://stats.privacytools.io; style-src 'self'; img-src 'self' data: https://*.privacytools.io; object-src 'none'; frame-src https://stats.privacytools.io; font-src 'self'; base-uri 'none'; form-action 'self' https://search.privacytools.io; frame-ancestors 'none'; manifest-src 'self';" always;
+add_header Content-Security-Policy "default-src 'none'; script-src 'self'; style-src 'self'; img-src 'self' data: https://*.privacytools.io; object-src 'none'; frame-src 'none'; font-src 'self'; base-uri 'none'; form-action 'self' https://search.privacytools.io; frame-ancestors 'none'; manifest-src 'self';" always;
 add_header 'Access-Control-Allow-Origin' '*';
 add_header Strict-Transport-Security "max-age=31557600; includeSubDomains; preload";
 add_header Alt-Svc 'h2="privacy2zbidut4m4jyj3ksdqidzkw3uoip2vhvhbvwxbqux5xy5obyd.onion:443"; ma=86400; persist=1';
+add_header Onion-Location http://www.privacy2zbidut4m4jyj3ksdqidzkw3uoip2vhvhbvwxbqux5xy5obyd.onion$request_uri always;
 add_header Expect-CT 'max-age=86400, enforce';
 add_header Referrer-Policy "strict-origin";
 add_header Feature-Policy "geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;";

pages/about/about.html

@@ -27,19 +27,6 @@ hidedesc: true
 </div>
 
 <div class="row">
-{% include team.html
-avatar="jonah.png"
-name="Jonah Aragon"
-role="Administrator"
-bio="I run the website and services for PrivacyTools. My goal is to spread the word about data privacy as widely as possible."
-email="mailto:jonah@privacytools.io"
-website="https://www.jonaharagon.com"
-keys="https://keybase.io/jonaharagon"
-mastodon="https://social.privacytools.io/@jonah"
-twitter="JonahAragon"
-blog="jonah"
-%}
-
 {% include team.html
 avatar="burung.png"
 name="Burung Hantu"
@@ -71,6 +58,27 @@ keys="https://keybase.io/dngray"
 mastodon="https://social.privacytools.io/@dngray"
 %}
 
+{% include team.html
+avatar="freddy.png"
+name="Freddy Marsden"
+nick="Freddy"
+bio="I'm an amateur writer covering privacy, security and open-source development."
+role="Blogging & Education"
+website="https://write.privacytools.io/freddy/"
+email="mailto:freddy@privacytools.io"
+mastodon="https://social.privacytools.io/@freddy"
+blog="freddy"
+%}
+
+{% include team.html
+avatar="lynn.png"
+name="Lynn Stephenson"
+bio="I'm a software developer doing some pentesting on the side, specializing in security, cryptography, networking, web development, and accessibility."
+role="Researcher"
+email="mailto:lynn@privacytools.io"
+mastodon="https://ioc.exchange/@lynn_stephenson"
+%}
+
 {% include team.html
 avatar="trai_dep.png"
 name="trai_dep"
@@ -132,6 +140,17 @@ keys="https://nitrohorse.com/keys"
 blog="nitrohorse"
 emeritus=true
 %}
+
+{% include team.html
+name="Jonah Aragon"
+role="Former Sysadmin"
+website="https://jonaharagon.com"
+keys="https://jonaharagon.com/accounts/"
+mastodon="https://social.privacytools.io/@jonah"
+blog="jonah"
+twitter="JonahAragon"
+emeritus=true
+%}
 </div>
 
 <div class="row">

pages/about/librejs.html

@@ -17,7 +17,7 @@ permalink: /about/javascript/
   </tr>
   <tr>
     <td><a href="/assets/js/bootstrap.min.js">bootstrap.min.js</a></td>
-    <td><a href="https://github.com/twbs/bootstrap/raw/master/LICENSE">Expat</a></td>
+    <td><a href="https://github.com/twbs/bootstrap/raw/main/LICENSE">Expat</a></td>
   </tr>
   <tr>
     <td><a href="/assets/js/jquery-3.3.1.min.js">jquery-3.3.1.min.js</a></td>

pages/privacy.md

@@ -26,27 +26,18 @@ This data will be collected regardless of browser, device, or app used to access
 When you visit a {{ site.name }} website or service, regardless of whether you have an account or not, the website may use cookies, server logs, and other methods to collect the following data:
 
 * What pages you visit,
-* What actions you take on our website,
-* What browser, operating system, and device you use,
-* Search terms you use,
 * Your anonymized IP address: We anonymize the last 3 bytes of your IP, e.g. 192.xxx.xxx.xxx.
 
 We use this data to:
 
 * Optimize websites and services, so that they are quick and easy to use,
 * Diagnose and debug technical errors,
-* Defend websites and services from abuse and technical attacks,
-* Compile statistics on the popularity of a website, page, post, topic, etc., and
-* Compile statistics on the kinds of software and computers visitors use.
+* Defend websites and services from abuse and technical attacks.
 
 This data is processed under our [Legitimate Interest](https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/legitimate-interests/when-can-we-rely-on-legitimate-interests/) to provide our services to you in a an efficient and secure manner and to ensure the legal compliance and proper administration of our business.
 
 Raw data such as pages visited, anonymized visitor IPs, and visitor actions will be retained for 60 days. In special circumstances—such as extended investigations regarding a technical attack—we may preserve logged data for longer periods for analysis. We store aggregate statistics about use of the websites and services we host indefinitely, but those statistics do not include data identifiable to you personally.
 
-You can opt out of some website tracking we do with Matomo using the form below. Our Matomo instance is blocked by most ad-blockers, so users blocking the domain `stats.privacytools.io` will not need to separately opt-out with the form below. Our Matomo instance also respects the Do Not Track (DNT) setting in your browser, so users with DNT enabled will not need to complete this form. Limited data may still be collected via server-side logs after opting out here, but this data cannot be used to identify you.
-
-<iframe style="border: 1; height: 120px; width: 100%;" src="https://stats.privacytools.io/index.php?module=CoreAdminHome&action=optOut&language=en&backgroundColor=ffffff&fontColor=212529&fontSize=1rem&fontFamily=-apple-system%2CBlinkMacSystemFont%2C%22Segoe%20UI%22%2CRoboto%2C%22Helvetica%20Neue%22%2CArial%2Csans-serif%2C%22Apple%20Color%20Emoji%22%2C%22Segoe%20UI%20Emoji%22%2C%22Segoe%20UI%20Symbol%22%2C%22Noto%20Color%20Emoji%22"></iframe>
-
 ### We collect account data.
 
 On some websites and services we provide, many features may require an account. For example, on forum.privacytools.io an account is required to post and reply to topics.

pages/providers/dns.html

@@ -8,122 +8,3 @@ breadcrumb: "DNS"
 
 {% include sections/dns.html %}
 
-<h1 id="dns-desktop-clients" class="anchor">
-  <a href="#dns-desktop-clients">
-    <i class="fas fa-link anchor-icon"></i>
-  </a> Encrypted DNS Client Recommendations for Desktop
-</h1>
-
-{%
-	include cardv2.html
-	title="Unbound"
-	image="/assets/img/svg/3rd-party/unbound.svg"
-	description='A validating, recursive, caching DNS resolver, supporting DNS-over-TLS, and has been <a href="https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/">independently audited</a>.'
-	website="https://nlnetlabs.nl/projects/unbound/about/"
-	forum="https://forum.privacytools.io/t/discussion-unbound/3563"
-	github="https://github.com/NLnetLabs/unbound"
-%}
-
-{%
-	include cardv2.html
-	title="dnscrypt-proxy"
-	image="/assets/img/svg/3rd-party/dnscrypt-proxy.svg"
-	description='A DNS proxy with support for DNSCrypt, DNS-over-HTTPS, and <a href="https://github.com/DNSCrypt/dnscrypt-protocol/blob/master/ANONYMIZED-DNSCRYPT.txt">Anonymized DNSCrypt</a>, a <a href="https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Anonymized-DNS">relay-based protocol that the hides client IP address.</a>'
-	website="https://github.com/DNSCrypt/dnscrypt-proxy/wiki"
-	forum="https://forum.privacytools.io/t/discussion-dnscrypt-proxy/1498"
-	github="https://github.com/DNSCrypt/dnscrypt-proxy"
-%}
-
-{%
-	include cardv2.html
-	title="Stubby"
-	image="/assets/img/png/3rd-party/stubby.png"
-	description='An application that acts as a local DNS-over-TLS stub resolver. Stubby can be used in <a href="https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Clients#DNSPrivacyClients-Unbound/Stubbycombination">combination with Unbound</a> by managing the upstream TLS connections (since Unbound cannot yet re-use TCP/TLS connections) with Unbound providing a local cache.'
-	website="https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby"
-	forum="https://forum.privacytools.io/t/discussion-stubby/3582"
-	github="https://github.com/getdnsapi/stubby"
-%}
-
-{%
-	include cardv2.html
-	title="Firefox's built-in DNS-over-HTTPS resolver"
-	image="/assets/img/svg/3rd-party/firefox_browser.svg"
-	description='Firefox comes with built-in DNS-over-HTTPS support for <a href="https://blog.mozilla.org/blog/2020/02/25/firefox-continues-push-to-bring-dns-over-https-by-default-for-us-users/">NextDNS and Cloudflare</a> but users can manually any other DoH resolver.'
-	labels="color==warning::icon==fas fa-exclamation-triangle::link==https://developers.cloudflare.com/1.1.1.1/privacy/firefox::text==Warning::tooltip==Cloudflare logs a limited amount of data about the DNS requests that are sent to their custom resolver for Firefox."
-	website="https://support.mozilla.org/en-US/kb/firefox-dns-over-https"
-	privacy-policy="https://wiki.mozilla.org/Security/DOH-resolver-policy"
-	forum="https://forum.privacytools.io/t/discussion-firefox-s-built-in-dns-over-https-resolver/3564"
-%}
-
-<h1 id="dns-android-clients" class="anchor">
-	<a href="#dns-android-clients">
-		<i class="fas fa-link anchor-icon"></i>
-	</a> Encrypted DNS Client Recommendations for Android
-</h1>
-
-{%
-	include cardv2.html
-	title="Android 9's built-in DNS-over-TLS resolver"
-	image="/assets/img/svg/3rd-party/android.svg"
-	description="Android 9 (Pie) comes with built-in DNS-over-TLS support without the need for a 3rd-party application."
-	labels="color==warning::icon==fas fa-exclamation-triangle::link==https://developers.google.com/speed/public-dns/docs/using#android_9_pie_or_later::text==Warning::tooltip==Android 9's DoT settings have no effect when used concurrently with VPN-based apps which override the DNS."
-	website="https://support.google.com/android/answer/9089903#private_dns"
-	forum="https://forum.privacytools.io/t/discussion-android-9s-built-in-dns-over-tls-resolver/3562"
-%}
-
-{%
-	include cardv2.html
-	title="Nebulo"
-	image="/assets/img/png/3rd-party/nebulo.png"
-	description='An open-source Android client supporting DNS-over-HTTPS and DNS-over-TLS, caching DNS responses, and locally logging DNS queries.'
-	website="https://git.frostnerd.com/PublicAndroidApps/smokescreen/-/blob/master/README.md"
-	privacy-policy="https://smokescreen.app/privacypolicy"
-	forum="https://forum.privacytools.io/t/discussion-nebulo/3565"
-	fdroid="https://git.frostnerd.com/PublicAndroidApps/smokescreen#f-droid"
-	googleplay="https://play.google.com/store/apps/details?id=com.frostnerd.smokescreen"
-	source="https://git.frostnerd.com/PublicAndroidApps/smokescreen"
-%}
-
-<h1 id="dns-ios-clients" class="anchor">
-	<a href="#dns-ios-clients">
-		<i class="fas fa-link anchor-icon"></i>
-	</a> Encrypted DNS Client Recommendations for iOS
-</h1>
-
-{%
-	include cardv2.html
-	title="DNSCloak"
-	image="/assets/img/png/3rd-party/dnscloak.png"
-	description='An open-source iOS client supporting DNS-over-HTTPS, DNSCrypt, and <a href="https://github.com/DNSCrypt/dnscrypt-proxy/wiki">dnscrypt-proxy</a> options such as caching DNS responses, locally logging DNS queries, and custom block lists. Users can <a href="https://blog.privacytools.io/adding-custom-dns-over-https-resolvers-to-dnscloak/">add custom resolvers by DNS stamp</a>.'
-	website="https://github.com/s-s/dnscloak/blob/master/README.md"
-	privacy-policy="https://drive.google.com/file/d/1050No_pU74CAWUS5-BwQWyO2x_aiMzWc/view"
-	forum="https://forum.privacytools.io/t/discussion-dnscloak/3566"
-	ios="https://apps.apple.com/app/id1452162351"
-	github="https://github.com/s-s/dnscloak"
-%}
-
-<h2 id="dns-definitions" class="anchor">
-	<a href="#dns-definitions">
-		<i class="fas fa-link anchor-icon"></i>
-	</a> Definitions
-</h2>
-
-<h4>DNS-over-TLS (DoT)</h4>
-<p>
-  A security protocol for encrypted DNS on a dedicated port 853. Some providers support port 443 which generally works everywhere while port 853 is often blocked by restrictive firewalls.
-</p>
-
-<h4>DNS-over-HTTPS (DoH)</h4>
-<p>
-  Similar to DoT, but uses HTTPS instead, being indistinguishable from "normal" HTTPS traffic on port 443 and more difficult to block. {% include badge.html color="warning" text="Warning" tooltip="DoH contains metadata such as user-agent (which may include system information) that is sent to the DNS server." link="https://tools.ietf.org/html/rfc8484#section-8.2" icon="fas fa-exclamation-triangle" %}
-</p>
-
-<h4>DNSCrypt</h4>
-<p>
-  With an <a href="https://dnscrypt.info/protocol/">open specification</a>, DNSCrypt is an older, yet robust method for encrypting DNS.
-</p>
-
-<h4>Anonymized DNSCrypt</h4>
-<p>
-  A <a href="https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Anonymized-DNS">lightweight protocol</a> that hides the client IP address by using pre-configured relays to forward encrypted DNS data. This is a relatively new protocol created in 2019 currently only supported by <a href="#dns-desktop-clients">dnscrypt-proxy</a> and a limited number of <a href="https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v2/relays.md">relays</a>.
-</p>

pages/providers/email.html

@@ -177,7 +177,7 @@ description: "Find a secure email provider that will keep your privacy in mind.
       <p><a href="https://en.wikipedia.org/wiki/End-to-end_encryption">End-to-end encryption (E2EE)</a> is a way of encrypting email contents so that nobody but the recipient(s) can read the email message.</p>
       <h3>How can I encrypt my email?</h3>
       <p>The standard way to do email E2EE and have it work between different email providers is with <a href="https://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP">OpenPGP</a>. There are different implementations of the OpenPGP standard, the most common being <a href="https://en.wikipedia.org/wiki/GNU_Privacy_Guard">GnuPG</a> and <a href=https://openpgpjs.org>OpenPGP.js</a>.</p>
-      <p>There is another standard that was popular with business called <a href="https://en.wikipedia.org/wiki/S/MIME">S/MIME</a>, however it requires a certificate issued from a <a href="https://en.wikipedia.org/wiki/Certificate_authority">Certificate Authority</a> (not all of them issue S/MIME certificates). It has support in <a href="https://support.google.com/a/topic/9061730?hl=en&ref_topic=9061731">G Suite Enterprise/Education</a> and <a href="https://support.office.com/en-us/article/encrypt-messages-by-using-s-mime-in-outlook-on-the-web-878c79fc-7088-4b39-966f-14512658f480">Office 365 Business or Exchange Server 2016, 2019</a>.</p>
+      <p>There is another standard that was popular with business called <a href="https://en.wikipedia.org/wiki/S/MIME">S/MIME</a>, however it requires a certificate issued from a <a href="https://en.wikipedia.org/wiki/Certificate_authority">Certificate Authority</a> (not all of them issue S/MIME certificates). It has support in <a href="https://support.google.com/a/topic/9061730?hl=en&ref_topic=9061731">Google Workplace</a> and <a href="https://support.office.com/en-us/article/encrypt-messages-by-using-s-mime-in-outlook-on-the-web-878c79fc-7088-4b39-966f-14512658f480">Outlook for Web or Exchange Server 2016, 2019</a>.</p>
       <h3>What software can I use to get E2EE?</h3>
       <p>Email providers which allow you to use standard access protocols like <a href="https://en.wikipedia.org/wiki/Internet_Message_Access_Protocol">IMAP</a> and <a href="https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol">SMTP</a> can be used with any of the <a href="/software/email/">email clients we recommend</a>. This can be less secure as you are now relying on email providers to ensure that their encryption implementation works and has not been compromised in anyway.</p>
     </div>
@@ -205,7 +205,7 @@ description: "Find a secure email provider that will keep your privacy in mind.
       <h3>Where is the email metadata?</h3>
       <p>Email metadata is stored in the <a href="https://en.wikipedia.org/wiki/Email#Message_header">message header</a> of the email message.</p>
       <h3>Why can't email metadata be E2EE?</h3>
-      <p>Email metadata is is cruicial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally and is also optional, therefore, only the message content is protected.</p>
+      <p>Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally and is also optional, therefore, only the message content is protected.</p>
       <h3>How is my metadata protected?</h3>
       <p>When emails travel between email providers an encrypted connection is negotiated using <a href="https://en.wikipedia.org/wiki/Opportunistic_TLS">Opportunistic TLS</a>. This protects the metadata from outside observers, but as it is not E2EE, server administrators can snoop on the metadata of an email.</p>
     </div>

pages/providers/vpn.html

@@ -222,6 +222,7 @@ breadcrumb: "VPN"
 
         <ul>
           <li><a href="https://thatoneprivacysite.net/vpn-comparison-chart/">Spreadsheet with unbiased, independently verifiable data on over 100 VPN services.</a></li>
+          <li><a href="https://blog.privacytools.io/the-trouble-with-vpn-and-privacy-reviews/">The Trouble with VPN and Privacy Review Sites</a></li>
           <li><a href="https://vikingvpn.com/blogs/off-topic/beware-of-vpn-marketing-and-affiliate-programs">Beware of False Reviews - VPN Marketing and Affiliate Programs</a></li>
           <li><a href="https://torrentfreak.com/proxy-sh-vpn-provider-monitored-traffic-to-catch-hacker-130930/">Proxy.sh VPN Provider Sniffed Server Traffic to Catch Hacker</a></li>
           <li><a href="https://proxy.sh/panel/knowledgebase.php?action=displayarticle&id=5">Ethical policy - All of the reasons why Proxy.sh might enable logging</a></li>
@@ -266,27 +267,32 @@ breadcrumb: "VPN"
 
   <hr>
 
+  <div id="vpn-breaches" class="container">
+    <div class="row">
+      <div class="col-md-12">
+
+        <h3>VPN Related breaches - why external auditing is important!</h3>
+
+        <ul>
+          <li><a href="https://www.comparitech.com/blog/vpn-privacy/ufo-vpn-data-exposure/">"Zero logs" VPN exposes millions of logs including user passwords, claims data is anonymous</a> July 2020 </li>
+          <li><a href="https://www.zdnet.com/article/nordvpn-http-post-bug-exposed-sensitive-customer-information/">NordVPN HTTP POST bug exposed customer information, no authentication required</a> March 2020</li>
+          <li><a href="https://www.theregister.com/2019/10/21/nordvpn_security_issue/">Row erupts over who to blame after NordVPN says: One of our servers was hacked via remote management tool</a> October 2019</li>
+        </ul>
+      </div>
+    </div>
+  </div>
+
   <div class="container">
     <div class="row">
-      <div>
-        <h3>Related Videos</h3>
-      </div>
       <div class="col-lg-6 col-12">
-        <a href="https://youtube.com/watch?v=WVDQEoe6ZWY" target="_blank">
+      <h3>Related Videos</h3>
+        <a href="https://invidiou.site/watch?v=WVDQEoe6ZWY" target="_blank">
           <img
             src="/assets/img/png/layout/this-video-is-sponsored-by-vpn.png"
             class="img-fluid float-left mr-3"
             alt="This Video Is Sponsored By censored VPN">
         </a>
       </div>
-      <div class="col-lg-6 col-12">
-        <a href="https://www.youtube.com/watch?v=6ohvf03NiIA" target="_blank">
-          <img
-            src="/assets/img/png/layout/this-video-is-sponsored-by-vpn.png"
-            class="img-fluid float-left mr-3"
-            alt="Tor vs VPN | Which one should you use for privacy, anonymity and security">
-        </a>
-      </div>
     </div>
   </div>
 </div>

pages/services/chat.html

@@ -11,7 +11,7 @@ description: "chat.privacytools.io is our official Matrix homeserver. You can re
   <h1 class="display-4">Matrix</h1>
   <p class="lead"><code>chat.privacytools.io</code> is our official Matrix homeserver.</p>
   <hr class="my-4">
-  <p>You can register a user account on this homeserver using any Matrix client, no email required. However, you do not need to be a member of this homeserver to join our rooms, and choosing a smaller instance or <a href="https://element.io/matrix-services">buying</a> or <a href="https://matrix.org/docs/guides/installing-synapse">hosting</a> your own will help promote decentralization and performance in the Matrix fediverse!</p>
+  <p>You can register a user account on this homeserver using any Matrix client, no email required. However, you do not need to be a member of this homeserver to join our rooms, and choosing a smaller instance or <a href="https://element.io/matrix-services">buying</a> or <a href="https://matrix.org/docs/guides/installing-synapse">hosting</a> your own will help promote decentralization and performance on Matrix!</p>
   <p class="lead">
     <a class="btn btn-primary btn-lg" href="https://element.privacytools.io/" role="button">Open in Element</a>
     <a class="btn btn-secondary btn-lg" href="https://www.hello-matrix.net/public_servers.php" role="button">Find Another Homeserver</a>
@@ -20,6 +20,7 @@ description: "chat.privacytools.io is our official Matrix homeserver. You can re
 
 <h2 class="pt-4" id="homeserverinfo">Connection Information</h2>
 <p><strong>To register on or connect to our homeserver, simply use <code>https://chat.privacytools.io</code> as the homeserver in your Matrix client.</strong></p>
+<p><mark>You must read and accept our community <a href="https://wiki.privacytools.io/view/PrivacyTools:Code_of_Conduct">code of conduct</a> before joining our rooms or using our services.</mark></p>
 
 {%
   include cardv2.html
@@ -30,7 +31,7 @@ description: "chat.privacytools.io is our official Matrix homeserver. You can re
   website="https://element.io"
   privacy-policy="https://element.io/privacy"
   forum="https://forum.privacytools.io/t/discussion-element-io/665"
-  github="https://github.com/vector-im/riot-web/"
+  github="https://github.com/vector-im/element-web"
   windows="https://element.io/get-started"
   mac="https://element.io/get-started"
   linux="https://element.io/get-started"
@@ -50,7 +51,7 @@ description: "chat.privacytools.io is our official Matrix homeserver. You can re
 <p><strong>No.</strong> Messages sent to the #general chat are encrypted from with client-to-server encryption, i.e. HTTPS. This means that your messages can't be viewed by an attacker on your network, or your ISP, etc. <strong>However</strong>, because this is a public chat room anybody can view your messages if they are a member, and newcomers will be able to see all message history. Do not say anything in rooms that don't use End-to-End (E2E) encryption that you wouldn't want tied to you personally.</p>
 
 <h4>Isn't Matrix behind Cloudflare?</h4>
-<p>Matrix.org is, chat.privacytools.io isn't. If you use our homeserver and our Element install, you should be good.</p>
+<p>The default matrix.org homeserver is behind Cloudflare. The PrivacyTools homeserver is not.
 
 <h4>Isn't Matrix slow?</h4>
 <p>It can be, for some! Due to the trememdous amount of people registering on the matrix.org homeserver, it is often overloaded and occasionally slow to respond. Therefore, users on that homeserver occasionally report a less than ideal chat experience. If that's you, you can fix this problem by switching to another homeserver. Good alternatives include...
@@ -58,7 +59,7 @@ description: "chat.privacytools.io is our official Matrix homeserver. You can re
     <li>ours of course, at <mark><strong>chat.privacytools.io</strong></mark>, you're here right?</li>
     <li>feneas.org, tchncs.de, weho.st, pine64.org, kde.org, halogen.city...</li>
     <li>purchasing an instance from <a href="https://element.io/matrix-services">Element Matrix Services</a></li>
-    <li>running your own by installing <a href="https://github.com/matrix-org/synapse">synapse</a> — certainly the best option for the technically inclined!</li>
+    <li>running your own by installing <a href="https://github.com/matrix-org/synapse">Synapse</a> — certainly the best option for the technically inclined!</li>
   </ul>
 <p>Note that at time of writing, switching homeservers requires re-registering with another account at that server, as nomadic identities haven't been implemented yet.</p>
 
@@ -68,14 +69,17 @@ description: "chat.privacytools.io is our official Matrix homeserver. You can re
 <h4>Why do XMPP users keep joining and leaving all the time?</h4>
 <p><a href="https://github.com/matrix-org/matrix-bifrost/issues/63">It's an issue with the XMPP bridge</a>.</p>
 
+<h4>I'm not using the PrivacyTools homeserver, can I find PrivacyTools rooms in Element?</h4>
+<p>Yes! Open the room explorer (compass icon on Element desktop), click the server selection drop down next to the search bar, click "Add a new server", type <code>privacytools.io</code>, and click Add. You should then be able to view and search through rooms that the PrivacyTools server is aware of. Note that not every room hosted on PrivacyTools is affiliated with or moderated by the PrivacyTools team.</p>
+
 <h2 class="pt-4">Rooms</h2>
 <p>To join a room, just type <code>/join [room address]</code> in any room. You can run this command from any server, not just ours!</p>
 <p>The PrivacyTools administration operates the following channels:</p>
 <ul>
-  <li><code>#dev:privacytools.io</code>: Discussions relating to <a href="https://github.com/privacytoolsIO/privacytools.io/">building</a> www.privacytools.io.</li>
+  <li><code>#dev:privacytools.io</code>: Discussions relating to <a href="https://github.com/privacytools/privacytools.io/">building</a> www.privacytools.io.</li>
   <li><code>#forum:privacytools.io</code>: All PrivacyTools Forum updates (Automated).</li>
   <li><strong><code>#general:privacytools.io</code>: Main discussion room.</strong></li>
-  <li><code>#github:privacytools.io</code>: GitHub updates for @privacytoolsIO (Automated).</li>
+  <li><code>#github:privacytools.io</code>: GitHub updates for @privacytools (Automated).</li>
   <li><code>#guides:privacytools.io</code>: Privacy Guides development work.</li>
   <li><strong><code>#privacy:privacytools.io</code>: On-topic privacy, security, opsec discussion and support.</strong></li>
   <li><code>#wiki:privacytools.io</code>: <a href="https://wiki.privacytools.io/view/Main_Page">Wiki</a>-building discussion room.</li>
@@ -90,7 +94,6 @@ description: "chat.privacytools.io is our official Matrix homeserver. You can re
   <li><code>#plume:disroot.org</code>: Discussion for Plume: Federated blogging.</li>
   <li><code>#element-android:matrix.org</code>: Element Android discussion and support.</li>
   <li><code>#element-ios:matrix.org</code>: Element iOS discussion and support.</li>
-  <li><code>#riotx:matrix.org</code>: RiotX (soon to be: Element Android) discussion and support.</li>
   <li><code>#element-web:matrix.org</code>: Element Web/Desktop discussion and support.</li>
 </ul>
 <p>If you are a room operator and want your room listed here, feel free to contact us. Especially if you operate a large room and/or are a member of our homeserver!</p>