9 changed files with 146 additions and 44 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,4 +1,3 @@
 _site/
-Gemfile.lock
 .sass-cache/
 .DS_Store
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -0,0 +1,70 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    addressable (2.5.2)
+      public_suffix (>= 2.0.2, < 4.0)
+    colorator (1.1.0)
+    concurrent-ruby (1.1.5)
+    em-websocket (0.5.1)
+      eventmachine (>= 0.12.9)
+      http_parser.rb (~> 0.6.0)
+    eventmachine (1.2.7)
+    ffi (1.11.1)
+    forwardable-extended (2.6.0)
+    http_parser.rb (0.6.0)
+    i18n (0.9.5)
+      concurrent-ruby (~> 1.0)
+    jekyll (3.8.5)
+      addressable (~> 2.4)
+      colorator (~> 1.0)
+      em-websocket (~> 0.5)
+      i18n (~> 0.7)
+      jekyll-sass-converter (~> 1.0)
+      jekyll-watch (~> 2.0)
+      kramdown (~> 1.14)
+      liquid (~> 4.0)
+      mercenary (~> 0.3.3)
+      pathutil (~> 0.9)
+      rouge (>= 1.7, < 4)
+      safe_yaml (~> 1.0)
+    jekyll-multiple-languages-plugin (1.6.0)
+      jekyll (>= 2.0, < 4.0)
+    jekyll-sass-converter (1.5.2)
+      sass (~> 3.4)
+    jekyll-sitemap (1.2.0)
+      jekyll (~> 3.3)
+    jekyll-watch (2.2.1)
+      listen (~> 3.0)
+    kramdown (1.17.0)
+    liquid (4.0.0)
+    listen (3.1.5)
+      rb-fsevent (~> 0.9, >= 0.9.4)
+      rb-inotify (~> 0.9, >= 0.9.7)
+      ruby_dep (~> 1.2)
+    mercenary (0.3.6)
+    pathutil (0.16.2)
+      forwardable-extended (~> 2.6)
+    public_suffix (3.1.1)
+    rb-fsevent (0.10.3)
+    rb-inotify (0.10.0)
+      ffi (~> 1.0)
+    rouge (2.2.1)
+    ruby_dep (1.5.0)
+    safe_yaml (1.0.5)
+    sass (3.7.4)
+      sass-listen (~> 4.0.0)
+    sass-listen (4.0.0)
+      rb-fsevent (~> 0.9, >= 0.9.4)
+      rb-inotify (~> 0.9, >= 0.9.7)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  jekyll
+  jekyll-multiple-languages-plugin
+  jekyll-sitemap
+  tzinfo-data
+
+BUNDLED WITH
+   2.0.1
--- a/_i18n/en.yml
+++ b/_i18n/en.yml
@ -157,6 +157,7 @@ footer:
  socially_motivated: "privacytools.io is a socially motivated website that provides information for protecting your data security and privacy. Never trust any company with your privacy, always encrypt."
  privacy_policy: "View our privacy policy"
  learn_more: "Learn More"
+  javascript: "JavaScript Licenses"
 resources:
  tools: "Privacy Tools"
  classic: "Prefer the classic site? View a single-page layout."
--- a/_includes/footer.html
+++ b/_includes/footer.html
@ -71,8 +71,19 @@
  </div>

  <div class="copyright-text">
-    <p><strong>{% t footer.no_ads %}</strong> <em>{% t footer.socially_motivated %}</em> <a href="/privacy-policy/">{% t footer.privacy_policy %}</a>.</p>
-    <p class="text-left">Tor v3: <strong>privacy2zbidut4m4jyj3ksdqidzkw3uoip2vhvhbvwxbqux5xy5obyd.onion</strong> (<a href="https://write.privacytools.io/jonah/tor-on-privacytools-io">{% t footer.learn_more %}</a>)</p>
-  </div>
+    <a href="/about/javascript" data-jslicense="1">
+      <span class="fab fa-js fa-lg"></span>
+      {% t footer.javascript %}
+    </a>
+    <p class="mt-2">
+      <strong>{% t footer.no_ads %}</strong>
+      <em>{% t footer.socially_motivated %}</em>
+      <a href="/privacy-policy/">{% t footer.privacy_policy %}</a>.
+    </p>
+    <p class="text-left">
+      Tor v3: <strong>privacy2zbidut4m4jyj3ksdqidzkw3uoip2vhvhbvwxbqux5xy5obyd.onion</strong>
+      (<a href="https://write.privacytools.io/jonah/tor-on-privacytools-io">{% t footer.learn_more %}</a>)
+    </p>

+  </div>
 </footer>
--- a/_includes/scripts.html
+++ b/_includes/scripts.html
@ -11,17 +11,4 @@
  - User privacy protection
 -->

-<script type="text/javascript">
-  var _paq = window._paq || [];
-  /* tracker methods like "setCustomDimension" should be called before "trackPageView" */
-  _paq.push(['trackPageView']);
-  _paq.push(['enableLinkTracking']);
-  (function() {
-    var u="https://stats.privacytools.io/";
-    _paq.push(['setTrackerUrl', u+'matomo.php']);
-    _paq.push(['setSiteId', '1']);
-    var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
-    g.type='text/javascript'; g.async=true; g.defer=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s);
-  })();
-</script>
 <noscript><img src="https://stats.privacytools.io/matomo.php?idsite=1&amp;rec=1" style="border:0" alt=""/></noscript>
--- a/_includes/sections/browser-tweaks.html
+++ b/_includes/sections/browser-tweaks.html
@ -52,9 +52,6 @@
  <dt>dom.event.clipboardevents.enabled = false</dt>
  <dd>Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected.</dd>

-  <dt>geo.enabled = false</dt>
-  <dd>Disables geolocation.</dd>
-
  <dt>media.eme.enabled = false</dt>
  <dd>
  <p>Disables playback of DRM-controlled HTML5 content, which, if enabled, automatically downloads the Widevine Content Decryption Module provided by Google Inc. <a href="https://support.mozilla.org/kb/enable-drm#w_opt-out-of-cdm-playback-uninstall-cdms-and-stop-all-cdm-downloads">Details</a></p>
@ -118,23 +115,8 @@
  </ul>
  </dd>

-  <dt>network.trr.mode = 2</dt>
-  <dd>
-  Use Trusted Recursive Resolver (DNS-over-HTTPS) first and if it fails, use the system resolver <a href="https://wiki.mozilla.org/Trusted_Recursive_Resolver">Source</a>
-  <ul>
-    <li>0 = disabled by default, may change in the future</li>
-    <li>1 = use the faster resolver</li>
-    <li>2 = use DoH first, fallback to system resolver</li>
-    <li>3 = only use DoH. This may require <code>network.trr.bootstrapAddress</code> or using an IP address in <code>network.trr.uri</code>.</li>
-    <li>5 = explicitly disable DoH</li>
-  </ul>
-  </dd>
-
-  <dt>network.trr.uri = CHANGEME</dt>
-  <dd>The address of your DNS-over-HTTPS provider, if you don't have one, <a href="/providers/dns/#icanndns">check our encrypted DNS recommendations</a>. It can also be changed in <em>Settings, Network Settings, Enable DNS over HTTPS, Use Provider, Custom</em>.</dd>
-
-  <dt>network.security.esni.enabled = true</dt>
-  <dd>Hide the address which you are requesting SSL certificate for if the server supports it. This <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1500289">requires DoH/TRR to be enabled</a> even <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1542754">on Android 9+ when Private DNS is enabled</a>.</dd>
+  <dt>Looking for TRR, DoH or ESNI?</dt>
+  <dd>They have moved to <a href="/providers/dns/#icanndns">our DNS page</a>.</dd>

  <dt>webgl.disabled = true</dt>
  <dd>WebGL is a potential security risk. <a href="https://security.stackexchange.com/questions/13799/is-webgl-a-security-concern">Source</a></dd>
--- a/_includes/sections/dns.html
+++ b/_includes/sections/dns.html
@ -307,6 +307,10 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
    <li><strong>Encrypted DNS clients for desktop:</strong>
      <ul>
        <li><em>Firefox</em> comes with built-in DoH support with Cloudflare set as the default resolver, but can be configured to use any DoH resolver. <span class="badge badge-warning" data-toggle="tooltip" data-placement="bottom" data-original-title='"Cloudflare has agreed to collect only a limited amount of data about the DNS requests that are sent to the Cloudflare Resolver for Firefox via the Firefox browser."'><a href="https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/firefox/"><i class="fas fa-exclamation-triangle"></i></a></span> Currently Mozilla is <a href="https://blog.mozilla.org/futurereleases/2019/07/31/dns-over-https-doh-update-detecting-managed-networks-and-user-choice/">conducting studies</a> before enabling DoH by default for all US-based Firefox users.</li>
+            <ul>
+                <li>DNS over HTTPS can be enabled in Menu -> Preferences (<code>about:preferences</code>) -> Network Settings -> Enable DNS over HTTPS. Set "Use Provider" to "Custom," and enter your DoH provider's address.</li>
+                <li>Advanced users may enable it in <code>about:config</code> by setting <code>network.trr.custom_uri</code> and <code>network.trr.uri</code> as the address you find from the documentation of your DoH provider and <code>network.trr.mode</code> as <code>2</code>. It may also be desirable to set <code>network.esni.enabled</code> to <code>True</code> in order to enable encrypted SNI and make sites supporting ESNI a bit more difficult to track.</li>
+            </ul>
      </ul>
    </li>
    <li><strong>Encrypted DNS clients for mobile:</strong>
@ -330,6 +334,13 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
    </li>
    <li><strong>Further reading:</strong>
      <ul>
+        <li>On Firefox, DoH and ESNI</li>
+            <ul>
+                <li><a href="https://wiki.mozilla.org/Trusted_Recursive_Resolver">Trusted Recursive Resolver (DoH) on MozillaWiki</a></li>
+                <li><a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1500289">Firefox bug report requesting the ability to use ESNI without DoH</a></li>
+                <li><a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1542754">Firefox bug report requesting the ability to use Android 9+'s Private DNS (DoT) and benefit from encrypted SNI without having to enable DoH</a></li>
+                <li><a href="https://blog.cloudflare.com/encrypted-sni/">Encrypt it or lose it: how encrypted SNI works on Cloudflare blog</a></li>
+            </ul>
        <li><a href="https://www.isc.org/blogs/qname-minimization-and-privacy/">QNAME Minimization and Your Privacy</a> by the Internet Systems Consortium (ISC)</li>
        <li><a href="https://www.isc.org/dnssec/">DNSSEC and BIND 9</a> by the ISC</li>
      </ul>
--- a/about/javascript/index.html
+++ b/about/javascript/index.html
@ -0,0 +1,27 @@
+<h3>JavaScript Licenses</h3>
+<table id="jslicense-labels1" border="1">
+  <tr>
+    <td><a href="/assets/js/main.js">main.js</a></td>
+    <td><a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode">CC0-1.0-only</a></td>
+  </tr>
+  <tr>
+    <td><a href="/assets/js/redirects.js">redirects.js</a></td>
+    <td><a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode">CC0-1.0-only</a></td>
+  </tr>
+  <tr>
+    <td><a href="/assets/js/bootstrap.min.js">bootstrap.min.js</a></td>
+    <td><a href="http://www.jclark.com/xml/copying.txt">Expat</a></td>
+  </tr>
+  <tr>
+    <td><a href="/assets/js/jquery-3.3.1.min.js">jquery-3.3.1.min.js</a></td>
+    <td><a href="http://www.jclark.com/xml/copying.txt">Expat</a></td>
+  </tr>
+  <tr>
+    <td><a href="/assets/js/popper.min.js">popper.min.js</a></td>
+    <td><a href="http://www.jclark.com/xml/copying.txt">Expat</a></td>
+  </tr>
+  <tr>
+    <td><a href="/assets/js/sortable.min.js">sortable.min.js</a></td>
+    <td><a href="http://www.jclark.com/xml/copying.txt">Expat</a></td>
+  </tr>
+</table>
--- a/assets/js/main.js
+++ b/assets/js/main.js
@ -1,13 +1,8 @@
-// Tooltips
-$(function () {
+$(function() {
  $("[data-toggle='tooltip']").tooltip();
 });

-
-//
 // Navbar dropdowns
-//
-
 const navSections = document.querySelectorAll(".nav-details");

 navSections.forEach(navSection => {
@ -31,3 +26,22 @@ function navSectionsClose(event) {
    navSection.open = !open;
  });
 }
+
+// Matomo
+var _paq = window._paq || [];
+/* tracker methods like "setCustomDimension" should be called before "trackPageView" */
+_paq.push(["trackPageView"]);
+_paq.push(["enableLinkTracking"]);
+(function() {
+  var u = "https://stats.privacytools.io/";
+  _paq.push(["setTrackerUrl", u + "matomo.php"]);
+  _paq.push(["setSiteId", "1"]);
+  var d = document,
+    g = d.createElement("script"),
+    s = d.getElementsByTagName("script")[0];
+  g.type = "text/javascript";
+  g.async = true;
+  g.defer = true;
+  g.src = u + "matomo.js";
+  s.parentNode.insertBefore(g, s);
+})();