Add Galaxy Note II

Removes OnlyKey: https://github.com/privacytoolsIO/privacytools.io/pull/1713#issuecomment-588311326
Rewords iPhone recommendation: https://github.com/privacytoolsIO/privacytools.io/pull/1713#issuecomment-587419590

.github/ISSUE_TEMPLATE/1_Software_Suggestion.md

@@ -12,3 +12,16 @@ labels: 🆕 software suggestion
 **URL:**
 
 ## Description
+
+
+
+## Why I am making the suggestion
+
+<!-- Anything you would like to tell us about the software? -->
+
+
+## My connection with the software
+
+<!-- Are you the author? Enthustiastic or early adopter? Friends with the author or requested by them to open the isue? An employee of the software maker? -->
+
+- [ ] I will keep the issue up-to-date if something I have said changes or I remember a connection with the software.

.github/ISSUE_TEMPLATE/2_Software_Removal.md

@@ -7,3 +7,15 @@ labels: ❌ software removal
 
 ## Description
 
+
+
+## Why I am making the suggestion
+
+<!-- Anything you would like to tell us about the software? -->
+
+
+## My connection with the software
+
+<!-- Are you the author? Competitor? Just hating the software with passsion for some reason? -->
+
+- [ ] I will keep the issue up-to-date if something I have said changes or I remember a connection with the software.

.github/ISSUE_TEMPLATE/5_Website_Issues.md

@@ -2,7 +2,7 @@
 name: "🌐 Website Issue"
 about: Report an issue with the website.
 title: "🌐 Website Issue | "
-labels: 🌐 website issue, high priority
+labels: 🌐 website issue
 ---
 
 ## Description

.github/ISSUE_TEMPLATE/7_DNS_provider.md

@@ -34,3 +34,14 @@ labels: 🌐 website issue, 🗄️ DNS
 #### Desired features
 
 * [ ] supports QNAME minimization <!-- if you have access to the dig command run `dig +short txt qnamemintest.internet.nl` or `Resolve-DnsName -Type TXT -Name qnamemintest.internet.nl` if you are on Windows 10 -->
+
+## Why I am making the suggestion
+
+<!-- Anything you would like to tell us about the software? -->
+
+
+## My connection with the software
+
+<!-- Are you the author? Enthustiastic or early adopter? Friends with the author or requested by them to open the isue? An employee of the software maker? -->
+
+- [ ] I will keep the issue up-to-date if something I have said changes or I remember a connection with the software.

.github/PULL_REQUEST_TEMPLATE.md

@@ -6,6 +6,8 @@ Resolves: #none <!-- A link to the (discussion) issue resolved by this pull requ
 
 #### Check List <!-- Please add an x in each box below, like so: [x] -->
 
+- [ ] I understand that by not opening an issue about a software/service/similar addition/removal, this pull request will be closed without merging.
+
 - [ ] I have read and understand [the contributing guidelines](https://github.com/privacytoolsIO/privacytools.io/blob/master/.github/CONTRIBUTING.md).
 
 - [ ] The project is [Free Libre](https://en.wikipedia.org/wiki/Free_software) and/or [Open Source](https://en.wikipedia.org/wiki/Open-source_software) Software

_includes/nav.html

@@ -1,7 +1,7 @@
 <nav class="fixed-top bg-dark">
   <div id="navbar" class="d-flex flex-wrap justify-content-between align-items-center">
     <div class="w-50">
-      <a id="nav-home-mobile" class="nav-anchor" href="/index.html">
+      <a id="nav-home-mobile" class="nav-anchor" href="/">
         <img src="/assets/img/svg/layout/brand/horizontal.svg" width="150px" />
       </a>
     </div>
@@ -10,7 +10,7 @@
 
     <div class="menu w-100">
       <div id="nav-left" class="position-relative flex-col">
-        <a class="nav-anchor" href="/index.html">
+        <a class="nav-anchor" href="/">
           <span id="nav-home" class="fas fa-home fa-fw"></span>
         </a>
 
@@ -77,6 +77,22 @@
           </span>
         </details>
 
+        <!-- Hardware -->
+        <details class="nav-details">
+          <summary>
+            <span class="nav-summary">
+              Hardware
+              <span class="dropdown-toggle"></span>
+            </span>
+          </summary>
+          <span class="nav-dropdown">
+            <a class="dropdown-item" href="/hardware/#mobile"><span class="fas fa-mobile-alt fa-fw"></span> Mobile Devices</a>
+            <a class="dropdown-item" href="/hardware/#u2f"><span class="fas fa-key fa-fw"></span> U2F Security Keys</a>
+            <a class="dropdown-item" href="/hardware/#routers"><span class="fas fa-network-wired fa-fw"></span> Routers</a>
+            <a class="dropdown-item" href="/hardware/#laptops"><span class="fas fa-coins fa-fw"></span> Hardware Wallets</a>
+          </span>
+        </details>
+
         <!-- OS -->
         <details class="nav-details">
           <summary>

_includes/sections/browser-tweaks.html

@@ -6,7 +6,7 @@
 
 <ol>
   <li>Enter "about:config" in the firefox address bar and press enter.</li>
-  <li>Press the button "I'll be careful, I promise!"</li>
+  <li>Press the button "Accept the Risk and Continue" [FF71+] or "I accept the risk".</li>
   <li>Follow the instructions below...</li>
 </ol>
 

_includes/sections/file-sharing.html

@@ -3,8 +3,9 @@
 {% include cardv2.html
 title="Firefox Send"
 image="/assets/img/svg/3rd-party/firefox_send.svg"
-website="https://send.firefox.com/"
+labels="warning:<a href=//send.firefox.com/legal>Warning</a>: IP addresses are retained in logs for 90 days."
 description="Firefox Send uses end-to-end encryption to keep your data secure from the moment you share to the moment your file is opened. It also offers security controls that you can set. You can choose when your file link expires, the number of downloads, and whether you would like to add a password for an extra layer of security."
+website="https://send.firefox.com/"
 forum="https://forum.privacytools.io/t/discussion-firefox-send/755"
 github="https://github.com/mozilla/send"
 web="https://send.firefox.com/"
@@ -15,8 +16,8 @@ googleplay="https://play.google.com/store/apps/details?id=org.mozilla.firefoxsen
 title="OnionShare"
 image="/assets/img/svg/3rd-party/onionshare.svg"
 website="https://onionshare.org/"
-tor="http://elx57ue5uyfplgva.onion/"
+tor="http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion/"
-description="OnionShare is an open-source tool that lets you securely and anonymously share a file of any size. It works by starting a web server, making it accessible as a Tor onion service, and generating an unguessable URL for you to share so that the recipients can access and download the files."
+description="OnionShare is an open-source tool that lets you securely and anonymously share a file of any size. It works by starting a web server accessible as a Tor onion service, with an unguessable URL that you can share with the recipients to download or send files."
 forum="https://forum.privacytools.io/t/discussion-onionshare/754"
 github="https://github.com/micahflee/onionshare"
 windows="https://onionshare.org/#downloads"
@@ -44,6 +45,7 @@ netbsd="https://pypi.org/project/magic-wormhole/"
 <h3>Worth Mentioning</h3>
 
 <ul>
-  <li><a href="https://github.com/schollz/croc">croc</a> - Easily and securely send things from one computer to another.</li>
+  <li><a href="https://framadrop.org/">FramaDrop</a> - Stores a file of any size for 24h. Data is end-to-end encrypted from your browser, powered by <a href="https://framagit.org/fiat-tux/hat-softwares/lufi">LuFi</a>. <span class="badge badge-warning" data-toggle="tooltip" title="FramaDrop logs IP addresses and fingerprints the browser for an unclear amount of time."><a href="https://framasoft.org/en/cgu/"><i class="fas fa-exclamation-triangle"></i></a></span></li>
-  <li><a href="https://freedombox.org/">FreedomBox</a> - Designed to be your own inexpensive server at home. It runs free software and offers an increasing number of services ranging from a calendar or Jabber server, to a wiki, or VPN.</li>
+  <li><a href="https://github.com/schollz/croc">croc</a> - Easily and securely send arbitrary-sized files from one computer to another. Similar to Magic Wormhole but without dependencies.</li>
+  <li><a href="https://freedombox.org/">FreedomBox</a> - Designed to be your own inexpensive server at home. It runs free software and offers an increasing number of services ranging from a calendar or XMPP server, to a wiki, or VPN.</li>
 </ul>

_includes/sections/hardware-wallets.html

@@ -0,0 +1,24 @@
+<h1 id="hardware-wallets" class="anchor"><a href="#hardware-wallets"><i class="fas fa-link anchor-icon"></i></a> Hardware Wallets</h1>
+
+{% include cardv2.html
+title="Trezor One"
+image="/assets/img/png/3rd-party/trezor-one.png"
+description='A fully open-source cryptocurrency wallet with support for over 1,000 coins/tokens. Trezor also has password manager functionality, supports GPG and SSH key storage functionality, and can act as a U2F key, making it a great backup for your U2F key (or vice versa).'
+website="https://trezor.io/"
+github="https://github.com/trezor"
+%}
+
+{% include cardv2.html
+title="Trezor Model T"
+badges="info:Upgrade Pick"
+image="/assets/img/png/3rd-party/trezor-model-t.png"
+description='The Trezor Model T supports all the same functionality as the Trezor One, as well as FIDO2 authentication support, a wider variety of coins/tokens, and a full color touchscreen for easier use.'
+website="https://trezor.io/"
+github="https://github.com/trezor"
+%}
+
+<h3>Worth Mentioning</h3>
+
+<ul>
+  <li><a href="https://www.ledger.com/">Ledger Nano X</a> - A great pick if you are an iOS user, or if the Trezor One does not support the coins/tokens you use. It does have some closed-source components, and it is not as intuitive to use as Trezor's devices.</li>
+</ul>

_includes/sections/hosting-provider.html

@@ -13,7 +13,7 @@ forum="https://forum.privacytools.io/t/discussion-bahnhof-net/341"
 title="VPS & Domain: Njalla"
 image="/assets/img/svg/3rd-party/njalla.svg"
 image-dark="/assets/img/svg/3rd-party/njalla-dark.svg"
-description="Njalla is a privacy-aware domain registration service and VPS provider based in Nevis (with VPS data centers in Sweden). It is created by people from The Pirate Bay and IPredator VPN. Accepted payments: Bitcoin, Litecoin, Monero, DASH, Bitcoin Cash and PayPal."
+description="Njalla is a privacy-aware domain registration service and VPS provider based in Nevis (with VPS data centers in Sweden). It is created by people from The Pirate Bay and IPredator VPN. Accepted payments: Bitcoin, Litecoin, Monero, Zcash, DASH, Bitcoin Cash and PayPal."
 website="https://njal.la/"
 tor="http://njalladnspotetti.onion"
 forum="https://forum.privacytools.io/t/discussion-njalla/339"

_includes/sections/key-disclosure-law.html

@@ -28,7 +28,7 @@
   title="Key disclosure laws may apply"
   body='
   <ol class="card-ol">
-    <li><a href="https://en.wikipedia.org/wiki/Key_disclosure_law#Belgium">Belgium *</a> <div class="float-right"><span class="flag-icon flag-icon-be"></span></div></li>
+    <li><a href="https://tweakers.net/nieuws/163116/belgische-rechter-verdachte-mag-verplicht-worden-code-smartphone-af-te-staan.html">Belgium</a> <div class="float-right"><span class="flag-icon flag-icon-be"></span></div></li>
     <li><a href="https://www.riigiteataja.ee/akt/106012016019">Estonia</a> <div class="float-right"><span class="flag-icon flag-icon-ee"></span></div></li>
     <li><a href="https://en.wikipedia.org/wiki/Key_disclosure_law#Finland">Finland *</a> <div class="float-right"><span class="flag-icon flag-icon-fi"></span></div></li>
     <li><a href="https://en.wikipedia.org/wiki/Key_disclosure_law#New_Zealand">New Zealand</a> (unclear) <div class="float-right"><span class="flag-icon flag-icon-nz"></span></div></li>

_includes/sections/mobile-devices.html

@@ -0,0 +1,65 @@
+<h1 id="mobile" class="anchor"><a href="#mobile"><i class="fas fa-link anchor-icon"></i></a> Mobile Hardware</h1>
+
+<p><em><strong>A note from the team:</strong> It is important to remember that you can only truly have privacy if the devices you use are secure. This includes security against both remote and physical attackers, and passive and active attacks. In the mobile computing space this dramatically limits your available options to devices that many would consider to be unsafe by default. You will need to make both software and lifestyle modifications to make these devices privacy-respecting. If you are unable or unwilling to do so, consider using mobile devices as little as possible, as they are at odds with your privacy almost by design. Please understand that we will never recommend any "privacy-respecting" mobile hardware that sacrifices your security.</em></p>
+
+<div class="container-fluid">
+
+  <div class="row mb-2">
+    <div class="col-lg-3 col-sm-12 pt-lg-5">
+      <img
+        src="/assets/img/png/3rd-party/pixel-3.png"
+        data-theme-src="/assets/img/png/3rd-party/pixel-3.png"
+        height="200"
+        width="200"
+        class="img-fluid d-block mr-auto ml-auto align-middle"
+        alt="Pixel 3 XL">
+    </div>
+    <div class="col">
+    <h2>Google Pixel 3</h2>
+    <p>The <strong>Google Pixel 3/3 XL</strong> and the <strong>Google Pixel 3a/3a XL</strong> are the only secure Android devices currently on the market that can be made privacy-respecting. They have hardware-backed keystores, verified boot functionality <em>with custom ROMs</em>, attestation support, as well as proper ongoing support for their firmware and proper ongoing support for software specific to the hardware used in the device, which is necessary for <em>complete</em> security updates.</p>
+
+    <h5><span class="badge badge-danger">Google OS</span></h5>
+    <p>Google Pixel devices come with a modified version of Android specific to Pixel devices. This software comes with added functionality specific to Pixel devices, but also is heavily linked with Google and Google Play Services. Using the stock ROM on a Google Pixel device is <em>strongly discouraged</em>. We recommend the use of either GrapheneOS or LineageOS to "de-Google" your device.</p>
+
+    <h5><span class="badge badge-success">GrapheneOS Support</span></h5>
+    <p>The Google Pixel supports GrapheneOS, the free and open-source mobile operating system <a href="/operating-systems/#mobile_os">we currently recommend</a> for use on mobile devices.</p>
+    <p>Note that using a custom Android operating system means you have to make the compromise between app availibility and stability, and having decent security and privacy. This operating system does not come with Google Play Services by default, nor is it possible to install Google Play Services or microG. We recommend using F-Droid for app installations as needed, and to avoid third-party apps as much as possible. For this reason, a Pixel with GrapheneOS may not be the best choice for less technical users and users requiring the use of many third-party apps.</p>
+
+    <h5><span class="badge badge-success">Titan M</span></h5>
+    <p>The Google Pixel 3 has a new hardware security chip, the Titan M, making it more secure than its predecessors or other Android devices. This chip is tasked with protecting your device against boot-time attacks, too many log-in attempts, and secure data storage, among other security-related processes. Unlike other mobile hardware security solutions such as ARM TrustZone, the Titan M is a dedicated chip with physically separate RAM and processing power, preventing sidechannel attacks (a la Spectre, Meltdown, Rowhammer).</p>
+    </div>
+  </div>
+
+  <div class="row mb-2">
+    <div class="col-lg-3 col-sm-12 pt-lg-5">
+      <img
+        src="/assets/img/png/3rd-party/iphone-11-pro.png"
+        data-theme-src="/assets/img/png/3rd-party/iphone-11-pro.png"
+        height="200"
+        width="200"
+        class="img-fluid d-block mr-auto ml-auto align-middle"
+        alt="iPhone 11 Pro">
+    </div>
+    <div class="col">
+    <h2>iPhone 11</h2>
+    <p>The <strong>iPhone 11 Pro</strong> and the <strong>iPhone 11</strong> are some of the most secure and tested mobile devices on the market. They support verified boot, strong sandboxing, and strong hardware security (Secure Enclave). They also receive regular and frequent security updates, and they will receive updates far longer than competing Android devices.</p>
+    <p>An iPhone does not make people compromise between the avalibility of third-party apps and having strong security and privacy from their device. Therefore we believe it is the most suitable option for less technical users, or users looking for a better out-of-the-box experience.</p>
+
+    <h5><span class="badge badge-danger">iCloud</span></h5>
+    <p>It is important to note that iOS comes with numerous iCloud integrations, many of which are enabled by default. We recommend advoiding the use of iCloud whenever possible to avoid your personal information being stored on Apple's servers, and we only recommend the use of an Apple ID for App Store use.</p>
+    <p>Contrary to popular belief, iCloud device backups are currently <strong>not</strong> End-to-End Encrypted. You should only backup your device using iTunes.</p>
+
+    <h5><span class="badge badge-success">No Known Exploits</span></h5>
+    <p>There are no known, major <em>hardware</em> exploits for the iPhone 11 series, making them a safer choice over older iPhone models. All iPhone models up to and including the iPhone X are affected by <strong>checkm8</strong>, a permanent unpatchable bootrom exploit that <em>may</em> compromise your device's security.</p>
+    <p>This does not mean an exploit is impossible: <strong>unc0ver</strong> is an iOS 13 software exploit that affects even the iPhone 11, however it has been patched in iOS 13.3.1. Always keeping your device up-to-date is the most important step to take to keep your devices secure.</p>
+    </div>
+  </div>
+
+</div>
+
+<h3>Worth Mentioning</h3>
+
+<ul>
+  <li><a href="https://devices.ubuntu-touch.io/device/FP2">Fairphone 2</a> <span class="badge badge-info">Ubuntu Touch</span> - The Fairphone 2 is an interesting look into modular, ethical, and sustainable mobile devices with an emphasis on open source. This our preferred hardware if you wish to run Ubuntu Touch, however using older and less tested hardware like this inherently forces you to make significant security compromises.</li>
+  <li><a href="https://redmine.replicant.us/projects/replicant/wiki/GalaxyS3I9300">Samsung Galaxy S3</a> and <a href="https://redmine.replicant.us/projects/replicant/wiki/GalaxyNote2N7100">Samsung Galaxy Note II</a> <span class="badge badge-info">ReplicantOS</span> - This is the best hardware available if you wish to run ReplicantOS, however using older hardware like this inherently forces you to make significant security and usability compromises.</li>
+</ul>

_includes/sections/notebooks.html

@@ -60,7 +60,7 @@ chrome="https://chrome.google.com/webstore/detail/turtl/dgcojenhfdjhieoglmiaheih
 <h3>Worth Mentioning</h3>
 
 <ul>
-  <li><a href="https://github.com/notable/notable">Notable</a> - The markdown-based note-taking app that doesn't suck.</li>
+  <li><a href="https://notable.md/">Notable</a> - The markdown-based note-taking app that doesn't suck.</li>
   <li><a href="https://paperwork.cloud/">Paperwork</a> - An open-source and self-hosted solution. For PHP / MySQL servers.</li>
   <li><a href="https://orgmode.org">Org-mode</a> - A major mode for GNU Emacs. Org-mode is for keeping notes, maintaining TODO lists, planning projects, and authoring documents with a fast and effective plain-text system. </li>
 </ul>

_includes/sections/password-managers.html

@@ -81,4 +81,7 @@
   <li>
     <a href="https://pwsafe.org/">Password Safe</a> - Whether the answer is one or hundreds, Password Safe allows you to safely and easily create a secured and encrypted username/password list. With Password Safe all you have to do is create and remember a single "Master Password" of your choice in order to unlock and access your entire username/password list.
   </li>
+  <li>
+    <a href="https://www.passwordstore.org/">Pass</a> - Pass is a bare-bones password store that keeps passwords using gpg2 encrypted files inside a simple directory tree residing at <code>~/.password-store</code>. It has a simple terminal interface where the user can perform the usual actions, and it's functionality can be extended by plugins. It can also be used in scripts without having to input the actual password in plain text.
+  </li>
 </ul>

_includes/sections/quotes.html

@@ -14,6 +14,11 @@
    <footer class="blockquote-footer">Joshua in <cite title="The Crypto Paper"><a href="https://github.com/cryptoseb/CryptoPaper#let-me-explain-further">The Crypto Paper</a></cite></footer>
 </blockquote>
 
+<blockquote class="blockquote">
+  <p>[...] But saying that you don't need or want privacy because you have nothing to hide is to assume that no one should have, or could have, to hide anything -- including their immigration status, unemployment history, financial history, and health records. You're assuming that no one, including yourself, might object to revealing to anyone information about their religious beliefs, political affiliations, and sexual activities, as casually as some choose to reveal their movie and music tastes and reading preferences.</p>
+  <footer class="blockquote-footer">Edward Snowden in <cite title="Permanent Record"><a href="https://en.wikipedia.org/wiki/Permanent_Record_(autobiography)">Permanent Record</a></cite></footer>
+</blockquote>
+
 <h4>Read also:</h4>
 
 <ul>
@@ -25,8 +30,8 @@
 <h1 id="quotes" class="anchor"><a href="#quotes"><i class="fas fa-link anchor-icon"></i></a> Quotes</h1>
 
 <blockquote class="blockquote">
-  <p>Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say.</p>
+  <p>Ultimately, saying that you don't care about privacy because you have nothing to hide is no different from saying you don't care about freedom of speech because you have nothing to say.  Or that you don't care about freedom of the press because you don't like to read. Or that you don't care about freedom of religion because you don't believe in God. Or that you don't care about the freedom to peacably assemble because you're a lazy, antisocial agoraphobe. </p>
-  <footer class="blockquote-footer">Edward Snowden on <cite title="Just days left to kill mass surveillance under Section 215 of the Patriot Act. We are Edward Snowden and the ACLU's Jameel Jaffer. AUA."><a href="https://www.reddit.com/r/IAmA/comments/36ru89/just_days_left_to_kill_mass_surveillance_under/crglgh2">Reddit</a></cite></footer>
+  <footer class="blockquote-footer">Edward Snowden in <cite title="Permanent Record"><a href="https://en.wikipedia.org/wiki/Permanent_Record_(autobiography)">Permanent Record</a></cite></footer>
 </blockquote>
 
 <blockquote class="blockquote">

_includes/sections/resources.html

@@ -28,6 +28,14 @@
   description="Discover a variety of open source software built to protect your privacy and keep your digital data secure."
   %}
 
+  {% include card.html color="danger"
+  title="Hardware"
+  icon="fas fa-laptop"
+  iconcolor="dark"
+  page="/hardware/"
+  description="You can't protect your privacy without starting with the right hardware. Discover the devices for the job."
+  %}
+
   {% include card.html color="info"
   title="Operating Systems"
   icon="fas fa-desktop"
@@ -41,15 +49,7 @@
   icon="far fa-eye-slash"
   iconcolor="dark"
   page="/services/"
-  description="The PrivacyTools team is proud to launch a variety of privacy-centric online services, including a Mastodon instance, search engine, and more!"
+  description="We are proud to operate a variety of privacy-centric services, including Mastodon, Matrix, and more!"
-  %}
-
-  {% include card.html color="danger"
-  title="Donate"
-  icon="fas fa-donate"
-  iconcolor="dark"
-  page="/donate/"
-  description="We can't operate this site without the generous contributions we receive from our viewers. If you love privacy and our website please consider donating."
   %}
 
 </div>

_includes/sections/routers.html

@@ -0,0 +1,36 @@
+<h1 id="routers" class="anchor"><a href="#routers"><i class="fas fa-link anchor-icon"></i></a> Home Routers</h1>
+
+<div class="container-fluid">
+  <div class="row mb-2">
+    <div class="col-lg-3 col-sm-12 pt-lg-5 text-center">
+      <img
+        src="/assets/img/png/3rd-party/turris-omnia.png"
+        data-theme-src="/assets/img/png/3rd-party/turris-omnia.png"
+        height="200"
+        width="200"
+        class="img-fluid d-block mr-auto ml-auto align-middle"
+        alt="Turris Omnia">
+        <a class="btn btn-primary mt-4" href="https://www.turris.cz/en/omnia/" role="button"><i class="fas fa-external-link-alt fa-fw"></i> Website</a>
+    </div>
+    <div class="col">
+    <h2>Turris Omnia</h2>
+    <p><strong>Turris Omnia</strong> is a secure, high performance, and open-source home router. It has specifications that would allow it to easily handle Gigabit-level networking, as well as additional functionality (NAS, printserver, or other server type use-cases).</p>
+    <p>Turris Omnia was created by <strong>NIC.CZ</strong>, the non-profit .CZ domain registry behind many massive internet open-source projects including Knot (DNS Server), BIRD (Internet routing daemon), and FRED (Domain registry platform). As such, we believe they have the experience required to make a secure routing platform.</p>
+
+    <h5><span class="badge badge-success">OpenWrt</span></h5>
+    <p>Turris Omnia runs OpenWrt, the router operating system platform <a href="/operating-systems/#firmware">we recommend</a> for home users. It is an incredibly lightweight operating system perfect for this workload, and it is well supported by its developers.</p>
+
+    <h5><span class="badge badge-success">Secure Defaults</span></h5>
+    <p>Turris Omnia is configured securely and privately by default. It also features <strong>automatic updates</strong> that require no user interaction. The lack of updates is a security problem for most home router brands.</p>
+
+    <h5><span class="badge badge-info">Additional Functionality</span></h5>
+    <p>This device can be used for more than just routing. It is a highly extensible product, allowing you to do things like add mSATA storage. It features a SIM slot that can be used alongside an LTE USB or miniPCIe modem for backup connectivity. It comes with a "virtual server", which allows you to install normal Linux applications or even entirely seperate Linux distros like Ubuntu or Debian independently of the main software, improving security and allowing for safe software experimentation.</p>
+    </div>
+  </div>
+</div>
+
+<h3>Worth Mentioning</h3>
+
+<ul>
+  <li><a href="https://www.peplink.com/products/pepwave-surf-soho/">Pepwave Surf SOHO</a> - A lower-end business-class router with stable, secure, and easy-to-use firmware. Unlike most business-class routers, the interface is easy to use while still feature-rich.</li>
+</ul>

_includes/sections/security-keys.html

@@ -0,0 +1,24 @@
+<h1 id="u2f" class="anchor"><a href="#u2f"><i class="fas fa-link anchor-icon"></i></a> U2F Security Keys</h1>
+
+{% include cardv2.html
+title="SoloKeys"
+image="/assets/img/png/3rd-party/solokey.png"
+description='The SoloKey is the "first open-source FIDO2 security key", available in both USB-A and USB-C variants with optional NFC capability for mobile devices. It is less feature-rich compared to the YubiKey 5 lineup, but at $20 it is a great starting point for securing your accounts, or backup U2F authenticator.'
+website="https://solokeys.com/"
+github="https://github.com/solokeys"
+%}
+
+{% include cardv2.html
+title="YubiKey 5"
+badges="info:Upgrade Pick"
+image="/assets/img/png/3rd-party/yubikey-5c.png"
+description='The YubiKey 5 is a multi-protocol security key, providing strong two-factor, multi-factor and passwordless authentication, and seamless touch-to-sign. It supports FIDO2, FIDO U2F, one-time password (OTP), and OpenPGP smart card functionality. It is available in a variety of form factors for desktop or laptop.'
+website="https://www.yubico.com/products/yubikey-5-overview/"
+github="https://github.com/yubico"
+%}
+
+<h3>Worth Mentioning</h3>
+
+<ul>
+  <li><a href="https://www.nitrokey.com/">Nitrokey</a> - A variety of security key products for different workloads. All Nitrokey products are open-source and customizable. The <a href="https://www.nitrokey.com/sites/default/files/NitrokeyFirmwareSecurityAuditReport05-2015.pdf">firmware</a> and <a href="https://www.nitrokey.com/sites/default/files/NitrokeyHardwareSecurityAuditReport08-2015.pdf">hardware</a> have been independently assessed by Cure53 in 2015. We have found that there is no best overall product (the <em>Pro 2</em> lacks Curve25519 while the lower-end <em>Start</em> supports it, for example) and they are lacking a variety of form factors such as USB-C and NFC that would be more convenient for many users.</li>
+</ul>

_includes/sections/vpn.html

@@ -18,9 +18,10 @@
     </div>
     <div class="col">
     <h2>Mullvad <span class="badge badge-info">EUR €60/Year</span></h2>
-    <p><strong>Mullvad</strong> is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since <strong>2009</strong>. Mullvad is based in <span class="flag-icon flag-icon-se"></span> Sweden and does not have a free trial. Visit <a href="https://mullvad.net/">mullvad.net</a> to create an account.</p>
+    <p><strong><a href="https://mullvad.net/">Mullvad.net</a> </strong> is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since <strong>2009</strong>. Mullvad is based in <span class="flag-icon flag-icon-se"></span> Sweden and does not have a free trial.</p>
-    <h5><span class="badge badge-success">406+ Servers</span></h5>
+    <h5><span class="badge badge-success">35 Countries</span></h5>
-    <p>Mullvad has 409 servers in 39 countries at the time of writing this page. Typically the more servers a provider offers, the better: With hundreds of servers in operation, you are far more likely to find a fast connection and a server geographically closest to you.</p>
+    <p>Mullvad has <a href="https://mullvad.net/en/servers/">servers in 35 countries</a> at the time of writing this page. Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (less hops) to the destination.</p>
+    <p>We also think it's better for the security of the VPN provider's private keys if they use <a href="https://en.wikipedia.org/wiki/Dedicated_hosting_service">dedicated servers</a>, instead of cheaper shared solutions (with other customers) such as <a href="https://en.wikipedia.org/wiki/Virtual_private_server">virtual private servers</a>.</p>
     <h5><span class="badge badge-success">Independently Audited</span></h5>
     <p>Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report <a href="https://cure53.de/pentest-report_mullvad_v2.pdf">published at cure53.de</a>. The security researchers concluded:</p>
     <blockquote class="blockquote">
@@ -28,14 +29,14 @@
     </blockquote>
     <h5><span class="badge badge-success">Open Source Clients</span></h5>
     <p>Mullvad provides the source code for their desktop and mobile clients in their <a href="https://github.com/mullvad/mullvadvpn-app">GitHub organization</a>.</p>
+    <h5><span class="badge badge-success">Accepts Bitcoin</span></h5>
+    <p>Mullvad in addition to accepting credit/debit cards and PayPal, accepts <strong>Bitcoin</strong>, <strong>Bitcoin Cash</strong>, and <strong>cash/local currency</strong> as anonymous forms of payment. They also accept Swish and bank wire transfers.</p>
     <h5><span class="badge badge-success">WireGuard Support</span></h5>
     <p>In addition to standard OpenVPN connections, Mullvad supports WireGuard. WireGuard is an experimental protocol with theoretically better security and higher reliability, although it is not currently recommended for production use.</p>
     <h5><span class="badge badge-success">IPv6 Support</span></h5>
     <p>Mullvad supports the future of networking <a href="https://en.wikipedia.org/wiki/IPv6">IPv6</a>. Their network allows users to <a href="https://mullvad.net/en/blog/2014/9/15/ipv6-support/">access services hosted on IPv6</a> as opposed to other providers who block IPv6 connections.</p>
     <h5><span class="badge badge-success">Remote Port Forwarding</span></h5>
     <p>Remote <a href="https://en.wikipedia.org/wiki/Port_forwarding">port forwarding</a> is allowed on Mullvad, see <a href="https://mullvad.net/help/port-forwarding-and-mullvad/">Port forwarding with Mullvad VPN</a>.</p>
-    <h5><span class="badge badge-success">Accepts Bitcoin</span></h5>
-    <p>Mullvad in addition to accepting credit/debit cards and PayPal, accepts <strong>Bitcoin</strong>, <strong>Bitcoin Cash</strong>, and <strong>cash/local currency</strong> as anonymous forms of payment. They also accept Swish and bank wire transfers.</p>
     <h5><span class="badge badge-warning">No Mobile Clients</span></h5>
     <p>While iOS and Android clients are reportedly in the works, mobile users will need to use a traditional OpenVPN client and configuration files, which are a bit more difficult to configure.</p>
     <h5><span class="badge badge-info">Extra Functionality</span></h5>
@@ -48,9 +49,10 @@
     </div>
     <div class="col">
     <h2>ProtonVPN <span class="badge badge-info">Free</span> <span class="badge badge-info">USD $96/year</span></h2>
-    <p><strong>ProtonVPN</strong> is a strong contender in the VPN space, and they have been in operation since <strong>2016</strong>. ProtonVPN is based in <span class="flag-icon flag-icon-ch"></span> Switzerland and offers a limited free pricing tier, as well as premium options. Visit <a href="https://protonvpn.com/">protonvpn.com</a> to create an account.</p>
+    <p><strong><a href="https://protonvpn.com/">ProtonVPN.com</a></strong> is a strong contender in the VPN space, and they have been in operation since <strong>2016</strong>. ProtonVPN is based in <span class="flag-icon flag-icon-ch"></span> Switzerland and offers a limited free pricing tier, as well as premium options.</p>
-    <h5><span class="badge badge-success">610+ Servers</span></h5>
+    <h5><span class="badge badge-success">44 Countries</span></h5>
-    <p>ProtonVPN has 610 servers in 44 countries at the time of writing this page. Typically the more servers a provider offers, the better: With hundreds of servers in operation, you are far more likely to find a fast connection and a server geographically closest to you.</p>
+    <p>ProtonVPN has <a href="https://protonvpn.com/vpn-servers">servers in 44 countries</a> at the time of writing this page. Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (less hops) to the destination.</p>
+    <p>We also think it's better for the security of the VPN provider's private keys if they use <a href="https://en.wikipedia.org/wiki/Dedicated_hosting_service">dedicated servers</a>, instead of cheaper shared solutions (with other customers) such as <a href="https://en.wikipedia.org/wiki/Virtual_private_server">virtual private servers</a>.</p>
     <h5><span class="badge badge-success">Independently Audited</span></h5>
     <p>As of January 2020 ProtonVPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in ProtonVPN's Windows, Android, and iOS applications, all of which were "properly fixed" by ProtonVPN before the reports were published. None of the issues identified would have provided an attacker remote access to a user's device or traffic. You can view individual reports for each platform at <a href="https://protonvpn.com/blog/open-source/">protonvpn.com</a>.
     <h5><span class="badge badge-success">Open Source Clients</span></h5>
@@ -65,16 +67,6 @@
     <p>The ProtonVPN clients have a built-in killswitch to block internet connections outside of the VPN. They also are able to automatically start on boot. ProtonVPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using <a href="https://www.torproject.org/">the official Tor Browser</a> for this purpose.</p>
     </div>
   </div>
-</div>
-
-<div class="alert alert-warning" role="alert">
-  <strong>Note: Using a VPN provider will not make you anonymous, but it will give you better privacy in certain situations. A VPN is not a tool for illegal activities. Don't rely on a "no log" policy.</strong>
-</div>
-
-<h1 id="vpn" class="anchor"><a href="#worth-mentioning"><i class="fas fa-link anchor-icon"></i></a> Other Provider Worth Mentioning</h1>
-
-<div class="container-fluid">
-
   <div class="row mb-2">
     <div class="col-lg-3 col-sm-12 pt-lg-5">
       <img src="/assets/img/svg/3rd-party/ivpn.svg" height="70" width="200" class="img-fluid d-block mr-auto ml-auto align-middle" alt="IVPN">
@@ -85,20 +77,26 @@
       <span class="badge badge-info">Standard USD $60/Year</span>
       <span class="badge badge-secondary">Pro USD $100/Year</span>
     </h2>
-    <p><strong>IVPN</strong> is another strong premium VPN provider, and they have been in operation since <strong>2009</strong>. IVPN is based in <span class="flag-icon flag-icon-gi"></span> Gibraltar and offers a 3 day free trial. Unfortunately, due to its lack of an independent security audit, it does not meet the complete criteria for recommendation, see our notes below.</p>
+    <p><strong><a href="https://www.ivpn.net">IVPN.net</a></strong> is another premium VPN provider, and they have been in operation since <strong>2009</strong>. IVPN is based in <span class="flag-icon flag-icon-gi"></span> Gibraltar and offers a 3 day free trial.</p>
-    <h5><span class="badge badge-danger">No Security Audit</span></h5>
+    <h5><span class="badge badge-success">32 Countries</span></h5>
-    <p>IVPN has undergone a <a href="https://cure53.de/audit-report_ivpn.pdf">no-logging audit from Cure53</a> which concluded in agreement with IVPN's no-logging claim. However, IVPN has not undergone a more comprehensive security audit by an independent third party, and therefore cannot be strongly recommended at this time.</p><p>We have still chosen to list it on this page with the assumption that an audit will be published soon. <a href="https://nitter.net/ivpnnet/status/1181954975687163905">IVPN has hired Cure53</a> to undertake a comprehensive audit covering the IVPN website, public and internal server infrastucture. They expect the audit to begin in November 2019 and be completed by the 6 auditors in January 2020.</p>
+    <p>IVPN has <a href="https://www.ivpn.net/server-locations">servers in 32 countries</a> at the time of writing this page. Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (less hops) to the destination.</p>
-    <h5><span class="badge badge-success">77+ Servers</span></h5>
+    <p>We also think it's better for the security of the VPN provider's private keys if they use <a href="https://en.wikipedia.org/wiki/Dedicated_hosting_service">dedicated servers</a>, instead of cheaper shared solutions (with other customers) such as <a href="https://en.wikipedia.org/wiki/Virtual_private_server">virtual private servers</a>.</p>
-    <p>IVPN has 77 servers in 31 countries at the time of writing this page. Typically the more servers a provider offers, the better. IVPN has a decent (but not exceptional) server count that will most likely provide adequate coverage to most users.</p>
+    <h5><span class="badge badge-success">Independently Audited</span></h5>
-    <h5><span class="badge badge-success">Remote port forwarding</span></h5>
+    <p>IVPN has undergone a <a href="https://cure53.de/audit-report_ivpn.pdf">no-logging audit from Cure53</a> which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a <a href="https://cure53.de/summary-report_ivpn_2019.pdf">comprehensive pentest report Cure53</a> in January 2020. IVPN has also said they plan to have <a href="https://www.ivpn.net/blog/independent-security-audit-concluded">annual reports</a> in the future.</p>
-    <p>Remote <a href="https://en.wikipedia.org/wiki/Port_forwarding">port forwarding</a> is possible with a Pro plan. Port forwarding <a href="https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html">can be activated</a> via the client area. Port forwarding is only available on IVPN when <a href="https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html">using OpenVPN and is disabled on US servers</a>.</p>
+    <h5><span class="badge badge-success">Open Source Clients</span></h5>
+    <p>As of Feburary 2020 <a href="https://www.ivpn.net/blog/ivpn-applications-are-now-open-source">IVPN applications are now open source</a>. Source code can be obtained from their <a href="https://github.com/ivpn">GitHub organization</a>.</p>
     <h5><span class="badge badge-success">Accepts Bitcoin</span></h5>
     <p>In addition to accepting credit/debit cards and PayPal, IVPN accepts <strong>Bitcoin</strong> and <strong>cash/local currency</strong> (on annual plans) as anonymous forms of payment.</p>
+    <h5><span class="badge badge-success">Remote Port Forwarding</span></h5>
+    <p>Remote <a href="https://en.wikipedia.org/wiki/Port_forwarding">port forwarding</a> is possible with a Pro plan. Port forwarding <a href="https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html">can be activated</a> via the client area. Port forwarding is only available on IVPN when <a href="https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html">using OpenVPN and is disabled on US servers</a>.</p>
     <h5><span class="badge badge-success">Mobile Clients</span></h5>
     <p>In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for iOS or Android allowing for easy connections to their servers.</p>
     <h5><span class="badge badge-info">Extra Functionality</span></h5>
-    <p>The IVPN clients have a built-in killswitch to block internet connections outside of the VPN. They also are able to automatically start on boot. IVPN also provides "AntiTracker" functionality, which blocks advertising networks and trackers from the network level.</p>
+    <p>The IVPN clients have a built-in killswitch to block internet connections outside of the VPN. They also are able to automatically start on boot. IVPN also provides "<a href="https://www.ivpn.net/antitracker">AntiTracker</a>" functionality, which blocks advertising networks and trackers from the network level.</p>
     </div>
   </div>
-
+</div>
+
+<div class="alert alert-warning" role="alert">
+  <strong>Note: Using a VPN provider will not make you anonymous, but it will give you better privacy in certain situations. A VPN is not a tool for illegal activities. Don't rely on a "no log" policy.</strong>
 </div>

pages/about.html

@@ -38,7 +38,6 @@ twitter="privacytoolsIO"
 {% include team.html
 avatar="jonah.png"
 name="Jonah Aragon"
-nick="Jonah"
 role="Administrator"
 bio="I run the website and services for PrivacyTools. My goal is to spread the word about data privacy as widely as possible."
 email="mailto:jonah@privacytools.io"
@@ -51,11 +50,12 @@ blog="jonah"
 
 {% include team.html
 avatar="blacklight447.png"
-name="blacklight447"
+name="Niek de Wilde"
 bio="I research new privacy recommendations and moderate our communities. My expertise is endpoint security and networking."
-role="Community Manager"
+role="Editor-in-chief"
 email="mailto:blacklight447@privacytools.io"
 mastodon="https://social.privacytools.io/@blacklight447"
+blog="blacklight447"
 %}
 
 {% include team.html
@@ -80,6 +80,7 @@ website="https://dawidpotocki.com"
 email="https://dawidpotocki.com/accounts/#email"
 keys="https://dawidpotocki.com/accounts/#pgp"
 mastodon="https://social.privacytools.io/@dawidpotocki"
+blog="dawidpotocki"
 %}
 
 {% include team.html

pages/hardware.html

@@ -0,0 +1,18 @@
+---
+layout: page
+permalink: /hardware/
+title: "Hardware"
+description: "Your privacy is only as strong as the devices you use."
+---
+
+{% include sections/mobile-devices.html %}
+
+{% include sections/security-keys.html %}
+
+{% include sections/routers.html %}
+<h3>Further Reading</h3>
+<ul>
+  <li><a href="https://routersecurity.org/">RouterSecurity.org</a> - A list of router configuration tips to keep your router and network secure.</li>
+</ul>
+
+{% include sections/hardware-wallets.html %}

pages/old.html

@@ -71,6 +71,14 @@ permalink: /classic/
 
 {% include sections/productivity-tools.html %}
 
+{% include sections/mobile-devices.html %}
+
+{% include sections/security-keys.html %}
+
+{% include sections/routers.html %}
+
+{% include sections/hardware-wallets.html %}
+
 {% include sections/operating-systems.html %}
 
 {% include sections/live-operating-systems.html %}

pages/providers/vpn.html

@@ -55,6 +55,7 @@ breadcrumb: "VPN"
       <ul>
         <li>OpenVPN support.</li>
         <li>Killswitch built in to clients.</li>
+        <li>If VPN cients are provided, they should be <a href="https://en.wikipedia.org/wiki/Open_source">open source</a>, like the VPN software they generally have built into them. We believe that <a href="https://en.wikipedia.org/wiki/Source_code">source code</a> availability provides greater transparency to the user about what their device is actually doing. Ideally we like to see these applications <a href="https://www.f-droid.org/en/2019/05/05/trust-privacy-and-free-software.html">available in F-Droid</a>.</li>
       </ul>
     </div>
     <div class="col-md-6">
@@ -63,7 +64,6 @@ breadcrumb: "VPN"
         <li>OpenVPN and WireGuard support.</li>
         <li>Killswitch with highly configurable options (enable/disable on certain networks, on boot, etc.)</li>
         <li>Easy-to-use VPN clients</li>
-        <li>Clients are <a href="https://en.wikipedia.org/wiki/Open_source">open source</a>. We believe that <a href="https://en.wikipedia.org/wiki/Source_code">source code</a> availability provides greater transparency to the user about what their device is actually doing. Ideally we like to see these applications <a href="https://www.f-droid.org/en/2019/05/05/trust-privacy-and-free-software.html">available in F-Droid</a>.</li>
         <li>Supports <a href="https://en.wikipedia.org/wiki/IPv6">IPv6</a>. We expect that servers will allow incoming connections via IPv6 and allow users to access services hosted on IPv6 addresses.</li>
         <li>Capability of <a href="https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding">remote port forwarding</a> assists in creating connections when using P2P (<a href="https://en.wikipedia.org/wiki/Peer-to-peer">Peer-to-Peer</a>) filesharing software, Freenet, or hosting a server (e.g., Mumble).</li>
       </ul>

pages/software/real-time-communication.html

@@ -14,6 +14,11 @@ description: "Discover secure and private ways to communicate with others online
     Recent news about breaking E2EE on centralized instant messengers
 </h3>
 
+<h5>January 2020</h5>
+<ul>
+    <li><a href="https://cyberlaw.stanford.edu/blog/2020/01/earn-it-act-how-ban-end-end-encryption-without-actually-banning-it">The EARN IT Act: How to Ban End-to-End Encryption Without Actually Banning It</a></li>
+</ul>
+
 <h5>November 2019</h5>
 <ul>
     <li><a href="https://www.reuters.com/article/us-interpol-encryption-exclusive-idUSKBN1XR0S7">Exclusive: Interpol plans to condemn encryption spread, citing predators, sources say (Reuters)</a></li>

pages/sponsors.html

@@ -26,6 +26,13 @@ permalink: /sponsors/
   <h3>Why sponsor {{ site.name }}?</h3>
   <p>This sponsorship program is designed to allow companies, organizations, and individuals partner with the {{ site.name }} team to support our vision of a more privacy-respecting internet and the greater online community.</p>
   <p>With this exposure and sponsorship, your customers will recognize your intrinsic understanding and commitment to user privacy. Moreover, you'll directly contribute to our mission of spreading privacy-respecting tools and knowledge worldwide!</p>
+  <p>At PrivacyTools, we believe in...</p>
+  <ul>
+    <li><strong>Privacy</strong>, of course. Privacy gives you as a user control over how your information is used and spread online. Trustworthy and secure products and services are the key to that future.</li>
+    <li><strong>Security</strong>. We believe services cannot provide privacy at all without being secure. Strong encryption is the only way to prevent malicious actors from snooping in on our communications.</li>
+    <li><strong>Freedom</strong>. The right to express your opinion online without interference or surveillance is the only way we can grow as a society, and privacy-respecting tools should foster that growth.</li>
+  </ul>
+  <p>We reserve the right or deny all sponsors from receiving the benefits detailed below if we believe that your organization or product is not aligned with our key values. Therefore, if you are interested in sponsoring our project, please first email <a href="mailto:sponsors@privacytools.io">sponsors@privacytools.io</a> so we may discuss further.</p>
   <p>As a sponsor of {{ site.name }}, your company will be widely recognized in a variety of ways, some of which we've detailed below.</p>
   <h5>General Information</h5>
   <p>This website receives well over 250,000 pageviews on a monthly basis and is highly ranked for privacy-related keywords. In addition to the benefits below your contribution will be featured on our OpenCollective page and we will thank you via social media for your contribution.</p>
@@ -48,6 +55,6 @@ permalink: /sponsors/
   <h5>More Information</h5>
   <p>If you are interested and have further questions, you are welcome to reach out to us directly at <a href="mailto:sponsors@privacytools.io">sponsors@privacytools.io</a>.</p>
   <div class="mt-5 text-center">
-    <a href="https://opencollective.com/privacytoolsio#section-contribute" class="btn btn-success mb-5">Become a Sponsor</a>
+    <a href="https://opencollective.com/privacytoolsio#section-contribute" class="btn btn-success mb-5">Contribute to PrivacyTools</a>
   </div>
 </div>