qubes vpn update

content/posts/grapheneos/index.md

@@ -118,7 +118,7 @@ To reiterate, the user profiles and their purposes are:
 
 The GrapheneOS app store contains the standalone applications developed by the GrapheneOS project, such as Vanadium, Auditor, Camera, and PDF Viewer. These are automatically updated. 
 
-To install additional software, a [Sandboxed](/glossary/#sandboxing) Google Play can be installed through the GrapheneOS app store: ["Google Play receives absolutely no special access or privileges on GrapheneOS."](https://grapheneos.org/features#sandboxed-google-play) 
+To install additional software, [Sandboxed](/glossary/#sandboxing) Google Play can be installed through the GrapheneOS app store: ["Google Play receives absolutely no special access or privileges on GrapheneOS."](https://grapheneos.org/features#sandboxed-google-play) 
 
 Avoid F-Droid due to its numerous [security issues](https://www.privacyguides.org/en/android/#f-droid). The [Aurora Store](https://www.privacyguides.org/en/android/#aurora-store) has [some of the same security issues as F-Droid](https://privsec.dev/posts/android/f-droid-security-issues/#conclusion-what-should-you-do).
 
@@ -134,6 +134,8 @@ To install and configure Sandboxed Google Play:
 * Automatic updates are enabled by default on the Google Play Store: **Google Play Store Settings → Network Preferences → Auto-update apps**.   
 * Notifications for Google Play Store and Google Play Services must be enabled for auto-updates to work: **Settings → Apps → Google Play Store / Google Play Services → Notifications**. If you get notifications from the Play Store that it wants to update itself, [accept them](https://discuss.grapheneos.org/d/4191-what-were-your-less-than-ideal-experiences-with-grapheneos/18).
 
+### Installing a VPN
+
 You are now ready to install applications from the Google Play Store. The first application we are going to install is a [VPN](/glossary/#vpn-virtual-private-network). If you can afford to pay for a VPN, we recommend both [Mullvad](https://www.privacyguides.org/en/vpn/#mullvad) and [IVPN](https://www.privacyguides.org/en/vpn/#ivpn). Otherwise, we recommend RiseupVPN. A VPN subscription should be purchased anonymously — vouchers are available from [Mullvad](https://mullvad.net/en/blog/2022/9/16/mullvads-physical-voucher-cards-are-now-available-in-11-countries-on-amazon/) and [IVPN](https://www.ivpn.net/knowledgebase/billing/voucher-cards-faq/) to purchase the subscription anonymously without cryptocurrency. 
 
 VPNs must be installed in each user profile separately. All standard GrapheneOS connections will be forced through the VPN (except for [connectivity checks](https://grapheneos.org/faq#default-connections), which can be optionally [disabled](https://privsec.dev/posts/android/android-tips/#connectivity-check)). We recommended using a VPN in every profile, for reasons that are well-summarized by the [Security Lab](https://securitylab.amnesty.org/latest/2023/10/technical-deep-dive-into-intellexa-alliance-surveillance-products/):
@@ -142,6 +144,8 @@ VPNs must be installed in each user profile separately. All standard GrapheneOS
 
 Using the example of RiseupVPN, once installed, accept the 'Connection request' prompt. A green display means that the VPN has been successfully connected. Note that **Always-on VPN** and **Block connections without VPN** are enabled by default on GrapheneOS. From now on, the VPN will connect automatically when you turn on your phone. Continue installing other apps — see [Encrypted Messaging for Anarchists](/posts/e2ee/) for ideas. 
 
+### Delegating apps 
+
 Now we will delegate apps to the profiles they are needed in:
 
 * In the Owner profile, disable all applications downloaded from the Play Store except for the VPN: **Settings → Apps → [Example] → Disable**. 
@@ -159,7 +163,7 @@ As an example of how to use Obtainium, Molly-FOSS is a hardened version of Signa
 
 If there is an app you want to use that requires Google Play services, create another secondary user profile for it. This is also a good way to isolate any app you need to use that isn't [open-source](/glossary/#open-source) or reputable. You will need to install and configure Sandboxed Google Play in this "Google" user profile. 
 
-Many [banking apps](https://grapheneos.org/usage#banking-apps) will require Sandboxed Google Play. However, banking can simply be accessed through a computer to avoid the need for this Google user profile.  
+Many [banking apps](https://grapheneos.org/usage#banking-apps) will require Sandboxed Google Play. However, banking can simply be accessed through a computer to avoid the need for this "Google" user profile.  
 
 # VoIP