Build docs

2025-05-02 06:26:10 -04:00 · 2021-09-09 19:50:11 -07:00 · 2021-09-09 19:50:11 -07:00 · e0c74b705e
commit e0c74b705e
parent 9e4df9c8e0
61 changed files with 4580 additions and 2796 deletions
--- a/docs/gettext/.doctrees/advanced.doctree
+++ b/docs/gettext/.doctrees/advanced.doctree
--- a/docs/gettext/.doctrees/develop.doctree
+++ b/docs/gettext/.doctrees/develop.doctree
--- a/docs/gettext/.doctrees/environment.pickle
+++ b/docs/gettext/.doctrees/environment.pickle
--- a/docs/gettext/.doctrees/features.doctree
+++ b/docs/gettext/.doctrees/features.doctree
--- a/docs/gettext/.doctrees/help.doctree
+++ b/docs/gettext/.doctrees/help.doctree
--- a/docs/gettext/.doctrees/index.doctree
+++ b/docs/gettext/.doctrees/index.doctree
--- a/docs/gettext/.doctrees/install.doctree
+++ b/docs/gettext/.doctrees/install.doctree
--- a/docs/gettext/.doctrees/security.doctree
+++ b/docs/gettext/.doctrees/security.doctree
--- a/docs/gettext/.doctrees/tor.doctree
+++ b/docs/gettext/.doctrees/tor.doctree
--- a/docs/gettext/advanced.pot
+++ b/docs/gettext/advanced.pot
@ -6,9 +6,9 @@
 #, fuzzy
 msgid ""
 msgstr ""
-"Project-Id-Version: OnionShare 2.3.3\n"
+"Project-Id-Version: OnionShare 2.4\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2021-08-20 13:23-0700\n"
+"POT-Creation-Date: 2021-09-09 19:49-0700\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@ -33,7 +33,7 @@ msgid "To make any tab persistent, check the \"Save this tab, and automatically
 msgstr ""

 #: ../../source/advanced.rst:18
-msgid "When you quit OnionShare and then open it again, your saved tabs will start opened. You'll have to manually start each service, but when you do they will start with the same OnionShare address and password."
+msgid "When you quit OnionShare and then open it again, your saved tabs will start opened. You'll have to manually start each service, but when you do they will start with the same OnionShare address and private key."
 msgstr ""

 #: ../../source/advanced.rst:21
@ -41,19 +41,23 @@ msgid "If you save a tab, a copy of that tab's onion service secret key will be
 msgstr ""

 #: ../../source/advanced.rst:26
-msgid "Turn Off Passwords"
+msgid "Turn Off Private Key"
 msgstr ""

 #: ../../source/advanced.rst:28
-msgid "By default, all OnionShare services are protected with the username ``onionshare`` and a randomly-generated password. If someone takes 20 wrong guesses at the password, your onion service is automatically stopped to prevent a brute force attack against the OnionShare service."
+msgid "By default, all OnionShare services are protected with a private key, which Tor calls \"client authentication\"."
 msgstr ""

-#: ../../source/advanced.rst:31
-msgid "Sometimes you might want your OnionShare service to be accessible to the public, like if you want to set up an OnionShare receive service so the public can securely and anonymously send you files. In this case, it's better to disable the password altogether. If you don't do this, someone can force your server to stop just by making 20 wrong guesses of your password, even if they know the correct password."
+#: ../../source/advanced.rst:30
+msgid "When browsing to an OnionShare service in Tor Browser, Tor Browser will prompt for the private key to be entered."
+msgstr ""
+
+#: ../../source/advanced.rst:32
+msgid "Sometimes you might want your OnionShare service to be accessible to the public, like if you want to set up an OnionShare receive service so the public can securely and anonymously send you files. In this case, it's better to disable the private key altogether."
 msgstr ""

 #: ../../source/advanced.rst:35
-msgid "To turn off the password for any tab, just check the \"Don't use a password\" box before starting the server. Then the server will be public and won't have a password."
+msgid "To turn off the private key for any tab, check the \"This is a public OnionShare service (disables private key)\" box before starting the server. Then the server will be public and won't need a private key to view in Tor Browser."
 msgstr ""

 #: ../../source/advanced.rst:40
@ -85,61 +89,41 @@ msgid "**Scheduling an OnionShare service to automatically start can be used as
 msgstr ""

 #: ../../source/advanced.rst:60
-msgid "**Scheduling an OnionShare service to automatically stop can be useful to limit exposure**, like if you want to share secret documents while making sure they're not available on the Internet for more than a few days."
-msgstr ""
-
-#: ../../source/advanced.rst:65
-msgid "Command-line Interface"
+msgid "**Scheduling an OnionShare service to automatically stop can be useful to limit exposure**, like if you want to share secret documents while making sure they're not available on the internet for more than a few days."
 msgstr ""

 #: ../../source/advanced.rst:67
-msgid "In addition to its graphical interface, OnionShare has a command-line interface."
+msgid "Command-line Interface"
 msgstr ""

 #: ../../source/advanced.rst:69
+msgid "In addition to its graphical interface, OnionShare has a command-line interface."
+msgstr ""
+
+#: ../../source/advanced.rst:71
 msgid "You can install just the command-line version of OnionShare using ``pip3``::"
 msgstr ""

-#: ../../source/advanced.rst:73
+#: ../../source/advanced.rst:75
 msgid "Note that you will also need the ``tor`` package installed. In macOS, install it with: ``brew install tor``"
 msgstr ""

-#: ../../source/advanced.rst:75
+#: ../../source/advanced.rst:77
 msgid "Then run it like this::"
 msgstr ""

-#: ../../source/advanced.rst:79
+#: ../../source/advanced.rst:81
+msgid "For information about installing it on different operating systems, see the `CLI readme file <https://github.com/onionshare/onionshare/blob/develop/cli/README.md>`_ in the git repository."
+msgstr ""
+
+#: ../../source/advanced.rst:83
 msgid "If you installed OnionShare using the Linux Snapcraft package, you can also just run ``onionshare.cli`` to access the command-line interface version."
 msgstr ""

-#: ../../source/advanced.rst:82
+#: ../../source/advanced.rst:86
 msgid "Usage"
 msgstr ""

-#: ../../source/advanced.rst:84
+#: ../../source/advanced.rst:88
 msgid "You can browse the command-line documentation by running ``onionshare --help``::"
 msgstr ""
-
-#: ../../source/advanced.rst:147
-msgid "Legacy Addresses"
-msgstr ""
-
-#: ../../source/advanced.rst:149
-msgid "OnionShare uses v3 Tor onion services by default. These are modern onion addresses that have 56 characters, for example::"
-msgstr ""
-
-#: ../../source/advanced.rst:154
-msgid "OnionShare still has support for v2 onion addresses, the old type of onion addresses that have 16 characters, for example::"
-msgstr ""
-
-#: ../../source/advanced.rst:158
-msgid "OnionShare calls v2 onion addresses \"legacy addresses\", and they are not recommended, as v3 onion addresses are more secure."
-msgstr ""
-
-#: ../../source/advanced.rst:160
-msgid "To use legacy addresses, before starting a server click \"Show advanced settings\" from its tab and check the \"Use a legacy address (v2 onion service, not recommended)\" box. In legacy mode you can optionally turn on Tor client authentication. Once you start a server in legacy mode you cannot remove legacy mode in that tab. Instead you must start a separate service in a separate tab."
-msgstr ""
-
-#: ../../source/advanced.rst:165
-msgid "Tor Project plans to `completely deprecate v2 onion services <https://blog.torproject.org/v2-deprecation-timeline>`_ on October 15, 2021, and legacy onion services will be removed from OnionShare before then."
-msgstr ""
--- a/docs/gettext/develop.pot
+++ b/docs/gettext/develop.pot
@ -6,9 +6,9 @@
 #, fuzzy
 msgid ""
 msgstr ""
-"Project-Id-Version: OnionShare 2.3.3\n"
+"Project-Id-Version: OnionShare 2.4\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2021-08-20 13:37-0700\n"
+"POT-Creation-Date: 2021-09-09 19:16-0700\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@ -72,54 +72,54 @@ msgstr ""
 msgid "When developing, it's convenient to run OnionShare from a terminal and add the ``--verbose`` (or ``-v``) flag to the command. This prints a lot of helpful messages to the terminal, such as when certain objects are initialized, when events occur (like buttons clicked, settings saved or reloaded), and other debug info. For example::"
 msgstr ""

-#: ../../source/develop.rst:121
+#: ../../source/develop.rst:117
 msgid "You can add your own debug messages by running the ``Common.log`` method from ``onionshare/common.py``. For example::"
 msgstr ""

-#: ../../source/develop.rst:125
+#: ../../source/develop.rst:121
 msgid "This can be useful when learning the chain of events that occur when using OnionShare, or the value of certain variables before and after they are manipulated."
 msgstr ""

-#: ../../source/develop.rst:128
+#: ../../source/develop.rst:124
 msgid "Local Only"
 msgstr ""

-#: ../../source/develop.rst:130
+#: ../../source/develop.rst:126
 msgid "Tor is slow, and it's often convenient to skip starting onion services altogether during development. You can do this with the ``--local-only`` flag. For example::"
 msgstr ""

-#: ../../source/develop.rst:167
-msgid "In this case, you load the URL ``http://onionshare:train-system@127.0.0.1:17635`` in a normal web-browser like Firefox, instead of using the Tor Browser."
+#: ../../source/develop.rst:165
+msgid "In this case, you load the URL ``http://127.0.0.1:17641`` in a normal web-browser like Firefox, instead of using the Tor Browser. The private key is not actually needed in local-only mode, so you can ignore it."
 msgstr ""

-#: ../../source/develop.rst:170
+#: ../../source/develop.rst:168
 msgid "Contributing Translations"
 msgstr ""

-#: ../../source/develop.rst:172
+#: ../../source/develop.rst:170
 msgid "Help make OnionShare easier to use and more familiar and welcoming for people by translating it on `Hosted Weblate <https://hosted.weblate.org/projects/onionshare/>`_. Always keep the \"OnionShare\" in latin letters, and use \"OnionShare (localname)\" if needed."
 msgstr ""

-#: ../../source/develop.rst:174
+#: ../../source/develop.rst:172
 msgid "To help translate, make a Hosted Weblate account and start contributing."
 msgstr ""

-#: ../../source/develop.rst:177
+#: ../../source/develop.rst:175
 msgid "Suggestions for Original English Strings"
 msgstr ""

-#: ../../source/develop.rst:179
+#: ../../source/develop.rst:177
 msgid "Sometimes the original English strings are wrong, or don't match between the application and the documentation."
 msgstr ""

-#: ../../source/develop.rst:181
+#: ../../source/develop.rst:179
 msgid "File source string improvements by adding @kingu to your Weblate comment, or open a GitHub issue or pull request. The latter ensures all upstream developers see the suggestion, and can potentially modify the string via the usual code review processes."
 msgstr ""

-#: ../../source/develop.rst:185
+#: ../../source/develop.rst:183
 msgid "Status of Translations"
 msgstr ""

-#: ../../source/develop.rst:186
+#: ../../source/develop.rst:184
 msgid "Here is the current translation status. If you want start a translation in a language not yet started, please write to the mailing list: onionshare-dev@lists.riseup.net"
 msgstr ""
--- a/docs/gettext/features.pot
+++ b/docs/gettext/features.pot
@ -6,9 +6,9 @@
 #, fuzzy
 msgid ""
 msgstr ""
-"Project-Id-Version: OnionShare 2.3.3\n"
+"Project-Id-Version: OnionShare 2.4\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2021-08-20 13:23-0700\n"
+"POT-Creation-Date: 2021-09-09 19:16-0700\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@ -25,218 +25,226 @@ msgid "Web servers are started locally on your computer and made accessible to o
 msgstr ""

 #: ../../source/features.rst:8
-msgid "By default, OnionShare web addresses are protected with a random password. A typical OnionShare address might look something like this::"
+msgid "By default, OnionShare web addresses are protected with a private key."
 msgstr ""

-#: ../../source/features.rst:12
-msgid "You're responsible for securely sharing that URL using a communication channel of your choice like in an encrypted chat message, or using something less secure like unencrypted e-mail, depending on your `threat model <https://ssd.eff.org/module/your-security-plan>`_."
+#: ../../source/features.rst:10
+msgid "OnionShare addresses look something like this::"
 msgstr ""

 #: ../../source/features.rst:14
-msgid "The people you send the URL to then copy and paste it into their `Tor Browser <https://www.torproject.org/>`_ to access the OnionShare service."
-msgstr ""
-
-#: ../../source/features.rst:16
-msgid "If you run OnionShare on your laptop to send someone files, and then suspend it before the files are sent, the service will not be available until your laptop is unsuspended and on the Internet again. OnionShare works best when working with people in real-time."
+msgid "And private keys might look something like this::"
 msgstr ""

 #: ../../source/features.rst:18
+msgid "You're responsible for securely sharing that URL and private key using a communication channel of your choice like in an encrypted chat message, or using something less secure like unencrypted email, depending on your `threat model <https://ssd.eff.org/module/your-security-plan>`_."
+msgstr ""
+
+#: ../../source/features.rst:20
+msgid "The people you send the URL to then copy and paste it into their `Tor Browser <https://www.torproject.org/>`_ to access the OnionShare service. Tor Browser will then prompt for the private key, which the people can also then copy and paste in."
+msgstr ""
+
+#: ../../source/features.rst:24
+msgid "If you run OnionShare on your laptop to send someone files, and then suspend it before the files are sent, the service will not be available until your laptop is unsuspended and on the internet again. OnionShare works best when working with people in real-time."
+msgstr ""
+
+#: ../../source/features.rst:26
 msgid "Because your own computer is the web server, *no third party can access anything that happens in OnionShare*, not even the developers of OnionShare. It's completely private. And because OnionShare is based on Tor onion services too, it also protects your anonymity. See the :doc:`security design </security>` for more info."
 msgstr ""

-#: ../../source/features.rst:21
+#: ../../source/features.rst:29
 msgid "Share Files"
 msgstr ""

-#: ../../source/features.rst:23
+#: ../../source/features.rst:31
 msgid "You can use OnionShare to send files and folders to people securely and anonymously. Open a share tab, drag in the files and folders you wish to share, and click \"Start sharing\"."
 msgstr ""

-#: ../../source/features.rst:27
-#: ../../source/features.rst:104
+#: ../../source/features.rst:35
+#: ../../source/features.rst:112
 msgid "After you add files, you'll see some settings. Make sure you choose the setting you're interested in before you start sharing."
 msgstr ""

-#: ../../source/features.rst:31
-msgid "As soon as someone finishes downloading your files, OnionShare will automatically stop the server, removing the website from the Internet. To allow multiple people to download them, uncheck the \"Stop sharing after files have been sent (uncheck to allow downloading individual files)\" box."
-msgstr ""
-
-#: ../../source/features.rst:34
-msgid "Also, if you uncheck this box, people will be able to download the individual files you share rather than a single compressed version of all the files."
-msgstr ""
-
-#: ../../source/features.rst:36
-msgid "When you're ready to share, click the \"Start sharing\" button. You can always click \"Stop sharing\", or quit OnionShare, immediately taking the website down. You can also click the \"↑\" icon in the top-right corner to show the history and progress of people downloading files from you."
-msgstr ""
-
-#: ../../source/features.rst:40
-msgid "Now that you have a OnionShare, copy the address and send it to the person you want to receive the files. If the files need to stay secure, or the person is otherwise exposed to danger, use an encrypted messaging app."
+#: ../../source/features.rst:39
+msgid "As soon as someone finishes downloading your files, OnionShare will automatically stop the server, removing the website from the internet. To allow multiple people to download them, uncheck the \"Stop sharing after files have been sent (uncheck to allow downloading individual files)\" box."
 msgstr ""

 #: ../../source/features.rst:42
-msgid "That person then must load the address in Tor Browser. After logging in with the random password included in the web address, the files can be downloaded directly from your computer by clicking the \"Download Files\" link in the corner."
+msgid "Also, if you uncheck this box, people will be able to download the individual files you share rather than a single compressed version of all the files."
 msgstr ""

-#: ../../source/features.rst:47
+#: ../../source/features.rst:44
+msgid "When you're ready to share, click the \"Start sharing\" button. You can always click \"Stop sharing\", or quit OnionShare, immediately taking the website down. You can also click the \"↑\" icon in the top-right corner to show the history and progress of people downloading files from you."
+msgstr ""
+
+#: ../../source/features.rst:48
+msgid "Now that you have a OnionShare, copy the address and the private key and send it to the person you want to receive the files. If the files need to stay secure, or the person is otherwise exposed to danger, use an encrypted messaging app."
+msgstr ""
+
+#: ../../source/features.rst:50
+msgid "That person then must load the address in Tor Browser. After logging in with the private key, the files can be downloaded directly from your computer by clicking the \"Download Files\" link in the corner."
+msgstr ""
+
+#: ../../source/features.rst:55
 msgid "Receive Files and Messages"
 msgstr ""

-#: ../../source/features.rst:49
+#: ../../source/features.rst:57
 msgid "You can use OnionShare to let people anonymously submit files and messages directly to your computer, essentially turning it into an anonymous dropbox. Open a receive tab and choose the settings that you want."
 msgstr ""

-#: ../../source/features.rst:54
+#: ../../source/features.rst:62
 msgid "You can browse for a folder to save messages and files that get submitted."
 msgstr ""

-#: ../../source/features.rst:56
+#: ../../source/features.rst:64
 msgid "You can check \"Disable submitting text\" if want to only allow file uploads, and you can check \"Disable uploading files\" if you want to only allow submitting text messages, like for an anonymous contact form."
 msgstr ""

-#: ../../source/features.rst:58
+#: ../../source/features.rst:66
 msgid "You can check \"Use notification webhook\" and then choose a webhook URL if you want to be notified when someone submits files or messages to your OnionShare service. If you use this feature, OnionShare will make an HTTP POST request to this URL whenever someone submits files or messages. For example, if you want to get an encrypted text messaging on the messaging app `Keybase <https://keybase.io/>`_, you can start a conversation with `@webhookbot <https://keybase.io/webhookbot>`_, type ``!webhook create onionshare-alerts``, and it will respond with a URL. Use that as the notification webhook URL. If someone uploads a file to your receive mode service, @webhookbot will send you a message on Keybase letting you know as soon as it happens."
 msgstr ""

-#: ../../source/features.rst:63
+#: ../../source/features.rst:71
 msgid "When you are ready, click \"Start Receive Mode\". This starts the OnionShare service. Anyone loading this address in their Tor Browser will be able to submit files and messages which get uploaded to your computer."
 msgstr ""

-#: ../../source/features.rst:67
+#: ../../source/features.rst:75
 msgid "You can also click the down \"↓\" icon in the top-right corner to show the history and progress of people sending files to you."
 msgstr ""

-#: ../../source/features.rst:69
+#: ../../source/features.rst:77
 msgid "Here is what it looks like for someone sending you files and messages."
 msgstr ""

-#: ../../source/features.rst:73
+#: ../../source/features.rst:81
 msgid "When someone submits files or messages to your receive service, by default they get saved to a folder called ``OnionShare`` in the home folder on your computer, automatically organized into separate subfolders based on the time that the files get uploaded."
 msgstr ""

-#: ../../source/features.rst:75
+#: ../../source/features.rst:83
 msgid "Setting up an OnionShare receiving service is useful for journalists and others needing to securely accept documents from anonymous sources. When used in this way, OnionShare is sort of like a lightweight, simpler, not quite as secure version of `SecureDrop <https://securedrop.org/>`_, the whistleblower submission system."
 msgstr ""

-#: ../../source/features.rst:78
+#: ../../source/features.rst:86
 msgid "Use at your own risk"
 msgstr ""

-#: ../../source/features.rst:80
-msgid "Just like with malicious e-mail attachments, it's possible someone could try to attack your computer by uploading a malicious file to your OnionShare service. OnionShare does not add any safety mechanisms to protect your system from malicious files."
+#: ../../source/features.rst:88
+msgid "Just like with malicious email attachments, it's possible someone could try to attack your computer by uploading a malicious file to your OnionShare service. OnionShare does not add any safety mechanisms to protect your system from malicious files."
 msgstr ""

-#: ../../source/features.rst:82
+#: ../../source/features.rst:90
 msgid "If you receive an Office document or a PDF through OnionShare, you can convert these documents into PDFs that are safe to open using `Dangerzone <https://dangerzone.rocks/>`_. You can also protect yourself when opening untrusted documents by opening them in `Tails <https://tails.boum.org/>`_ or in a `Qubes <https://qubes-os.org/>`_ disposableVM."
 msgstr ""

-#: ../../source/features.rst:84
+#: ../../source/features.rst:92
 msgid "However, it is always safe to open text messages sent through OnionShare."
 msgstr ""

-#: ../../source/features.rst:87
+#: ../../source/features.rst:95
 msgid "Tips for running a receive service"
 msgstr ""

-#: ../../source/features.rst:89
-msgid "If you want to host your own anonymous dropbox using OnionShare, it's recommended you do so on a separate, dedicated computer always powered on and connected to the Internet, and not on the one you use on a regular basis."
+#: ../../source/features.rst:97
+msgid "If you want to host your own anonymous dropbox using OnionShare, it's recommended you do so on a separate, dedicated computer always powered on and connected to the internet, and not on the one you use on a regular basis."
 msgstr ""

-#: ../../source/features.rst:91
-msgid "If you intend to put the OnionShare address on your website or social media profiles, save the tab (see :ref:`save_tabs`) and run it as a public service (see :ref:`turn_off_passwords`). It's also a good idea to give it a custom title (see :ref:`custom_titles`)."
-msgstr ""
-
-#: ../../source/features.rst:94
-msgid "Host a Website"
-msgstr ""
-
-#: ../../source/features.rst:96
-msgid "To host a static HTML website with OnionShare, open a website tab, drag the files and folders that make up the static content there, and click \"Start sharing\" when you are ready."
-msgstr ""
-
-#: ../../source/features.rst:100
-msgid "If you add an ``index.html`` file, it will render when someone loads your website. You should also include any other HTML files, CSS files, JavaScript files, and images that make up the website. (Note that OnionShare only supports hosting *static* websites. It can't host websites that execute code or use databases. So you can't for example use WordPress.)"
+#: ../../source/features.rst:99
+msgid "If you intend to put the OnionShare address on your website or social media profiles, save the tab (see :ref:`save_tabs`) and run it as a public service (see :ref:`turn_off_private_key`). It's also a good idea to give it a custom title (see :ref:`custom_titles`)."
 msgstr ""

 #: ../../source/features.rst:102
+msgid "Host a Website"
+msgstr ""
+
+#: ../../source/features.rst:104
+msgid "To host a static HTML website with OnionShare, open a website tab, drag the files and folders that make up the static content there, and click \"Start sharing\" when you are ready."
+msgstr ""
+
+#: ../../source/features.rst:108
+msgid "If you add an ``index.html`` file, it will render when someone loads your website. You should also include any other HTML files, CSS files, JavaScript files, and images that make up the website. (Note that OnionShare only supports hosting *static* websites. It can't host websites that execute code or use databases. So you can't for example use WordPress.)"
+msgstr ""
+
+#: ../../source/features.rst:110
 msgid "If you don't have an ``index.html`` file, it will show a directory listing instead, and people loading it can look through the files and download them."
 msgstr ""

-#: ../../source/features.rst:109
+#: ../../source/features.rst:117
 msgid "Content Security Policy"
 msgstr ""

-#: ../../source/features.rst:111
-msgid "By default OnionShare helps secure your website by setting a strict `Content Security Police <https://en.wikipedia.org/wiki/Content_Security_Policy>`_ header. However, this prevents third-party content from loading inside the web page."
-msgstr ""
-
-#: ../../source/features.rst:113
-msgid "If you want to load content from third-party websites, like assets or JavaScript libraries from CDNs, check the \"Don't send Content Security Policy header (allows your website to use third-party resources)\" box before starting the service."
-msgstr ""
-
-#: ../../source/features.rst:116
-msgid "Tips for running a website service"
-msgstr ""
-
-#: ../../source/features.rst:118
-msgid "If you want to host a long-term website using OnionShare (meaning not something to quickly show someone something), it's recommended you do it on a separate, dedicated computer always powered on and connected to the Internet, and not on the one you use on a regular basis. Save the tab (see :ref:`save_tabs`) so you can resume the website with the same address if you close OnionShare and re-open it later."
+#: ../../source/features.rst:119
+msgid "By default OnionShare helps secure your website by setting a strict `Content Security Policy <https://en.wikipedia.org/wiki/Content_Security_Policy>`_ header. However, this prevents third-party content from loading inside the web page."
 msgstr ""

 #: ../../source/features.rst:121
-msgid "If your website is intended for the public, you should run it as a public service (see :ref:`turn_off_passwords`)."
+msgid "If you want to load content from third-party websites, like assets or JavaScript libraries from CDNs, check the \"Don't send Content Security Policy header (allows your website to use third-party resources)\" box before starting the service."
 msgstr ""

 #: ../../source/features.rst:124
-msgid "Chat Anonymously"
+msgid "Tips for running a website service"
 msgstr ""

 #: ../../source/features.rst:126
+msgid "If you want to host a long-term website using OnionShare (meaning not just to quickly show someone something), it's recommended you do it on a separate, dedicated computer that is always powered on and connected to the internet, and not on the one you use on a regular basis. Save the tab (see :ref:`save_tabs`) so you can resume the website with the same address if you close OnionShare and re-open it later."
+msgstr ""
+
+#: ../../source/features.rst:129
+msgid "If your website is intended for the public, you should run it as a public service (see :ref:`turn_off_private_key`)."
+msgstr ""
+
+#: ../../source/features.rst:132
+msgid "Chat Anonymously"
+msgstr ""
+
+#: ../../source/features.rst:134
 msgid "You can use OnionShare to set up a private, secure chat room that doesn't log anything. Just open a chat tab and click \"Start chat server\"."
 msgstr ""

-#: ../../source/features.rst:130
-msgid "After you start the server, copy the OnionShare address and send it to the people you want in the anonymous chat room. If it's important to limit exactly who can join, use an encrypted messaging app to send out the OnionShare address."
+#: ../../source/features.rst:138
+msgid "After you start the server, copy the OnionShare address and private key and send them to the people you want in the anonymous chat room. If it's important to limit exactly who can join, use an encrypted messaging app to send out the OnionShare address and private key."
 msgstr ""

-#: ../../source/features.rst:135
+#: ../../source/features.rst:143
 msgid "People can join the chat room by loading its OnionShare address in Tor Browser. The chat room requires JavasScript, so everyone who wants to participate must have their Tor Browser security level set to \"Standard\" or \"Safer\", instead of \"Safest\"."
 msgstr ""

-#: ../../source/features.rst:138
+#: ../../source/features.rst:146
 msgid "When someone joins the chat room they get assigned a random name. They can change their name by typing a new name in the box in the left panel and pressing ↵. Since the chat history isn't saved anywhere, it doesn't get displayed at all, even if others were already chatting in the room."
 msgstr ""

-#: ../../source/features.rst:144
+#: ../../source/features.rst:152
 msgid "In an OnionShare chat room, everyone is anonymous. Anyone can change their name to anything, and there is no way to confirm anyone's identity."
 msgstr ""

-#: ../../source/features.rst:147
+#: ../../source/features.rst:155
 msgid "However, if you create an OnionShare chat room and securely send the address only to a small group of trusted friends using encrypted messages, you can be reasonably confident the people joining the chat room are your friends."
 msgstr ""

-#: ../../source/features.rst:150
+#: ../../source/features.rst:158
 msgid "How is this useful?"
 msgstr ""

-#: ../../source/features.rst:152
+#: ../../source/features.rst:160
 msgid "If you need to already be using an encrypted messaging app, what's the point of an OnionShare chat room to begin with? It leaves less traces."
 msgstr ""

-#: ../../source/features.rst:154
-msgid "If you for example send a message to a Signal group, a copy of your message ends up on each device (the devices, and computers if they set up Signal Desktop) of each member of the group. Even if disappearing messages is turned on, it's hard to confirm all copies of the messages are actually deleted from all devices, and from any other places (like notifications databases) they may have been saved to. OnionShare chat rooms don't store any messages anywhere, so the problem is reduced to a minimum."
-msgstr ""
-
-#: ../../source/features.rst:157
-msgid "OnionShare chat rooms can also be useful for people wanting to chat anonymously and securely with someone without needing to create any accounts. For example, a source can send an OnionShare address to a journalist using a disposable e-mail address, and then wait for the journalist to join the chat room, all without compromosing their anonymity."
-msgstr ""
-
-#: ../../source/features.rst:161
-msgid "How does the encryption work?"
-msgstr ""
-
-#: ../../source/features.rst:163
-msgid "Because OnionShare relies on Tor onion services, connections between the Tor Browser and OnionShare are all end-to-end encrypted (E2EE). When someone posts a message to an OnionShare chat room, they send it to the server through the E2EE onion connection, which then sends it to all other members of the chat room using WebSockets, through their E2EE onion connections."
+#: ../../source/features.rst:162
+msgid "If you for example send a message to a Signal group, a copy of your message ends up on each device (the smartphones, and computers if they set up Signal Desktop) of each member of the group. Even if disappearing messages is turned on, it's hard to confirm all copies of the messages are actually deleted from all devices, and from any other places (like notifications databases) they may have been saved to. OnionShare chat rooms don't store any messages anywhere, so the problem is reduced to a minimum."
 msgstr ""

 #: ../../source/features.rst:165
+msgid "OnionShare chat rooms can also be useful for people wanting to chat anonymously and securely with someone without needing to create any accounts. For example, a source can send an OnionShare address to a journalist using a disposable email address, and then wait for the journalist to join the chat room, all without compromosing their anonymity."
+msgstr ""
+
+#: ../../source/features.rst:169
+msgid "How does the encryption work?"
+msgstr ""
+
+#: ../../source/features.rst:171
+msgid "Because OnionShare relies on Tor onion services, connections between the Tor Browser and OnionShare are all end-to-end encrypted (E2EE). When someone posts a message to an OnionShare chat room, they send it to the server through the E2EE onion connection, which then sends it to all other members of the chat room using WebSockets, through their E2EE onion connections."
+msgstr ""
+
+#: ../../source/features.rst:173
 msgid "OnionShare doesn't implement any chat encryption on its own. It relies on the Tor onion service's encryption instead."
 msgstr ""
--- a/docs/gettext/help.pot
+++ b/docs/gettext/help.pot
@ -6,9 +6,9 @@
 #, fuzzy
 msgid ""
 msgstr ""
-"Project-Id-Version: OnionShare 2.3.3\n"
+"Project-Id-Version: OnionShare 2.4\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2021-08-20 13:37-0700\n"
+"POT-Creation-Date: 2021-09-09 19:16-0700\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
--- a/docs/gettext/index.pot
+++ b/docs/gettext/index.pot
@ -6,9 +6,9 @@
 #, fuzzy
 msgid ""
 msgstr ""
-"Project-Id-Version: OnionShare 2.3.3\n"
+"Project-Id-Version: OnionShare 2.4\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2021-08-20 13:23-0700\n"
+"POT-Creation-Date: 2021-09-09 19:16-0700\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
--- a/docs/gettext/install.pot
+++ b/docs/gettext/install.pot
@ -6,9 +6,9 @@
 #, fuzzy
 msgid ""
 msgstr ""
-"Project-Id-Version: OnionShare 2.3.3\n"
+"Project-Id-Version: OnionShare 2.4\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2021-08-20 13:23-0700\n"
+"POT-Creation-Date: 2021-09-09 19:16-0700\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@ -29,7 +29,7 @@ msgid "You can download OnionShare for Windows and macOS from the `OnionShare we
 msgstr ""

 #: ../../source/install.rst:12
-msgid "Install in Linux"
+msgid "Linux"
 msgstr ""

 #: ../../source/install.rst:14
@ -53,53 +53,61 @@ msgid "You can also download and install PGP-signed ``.flatpak`` or ``.snap`` pa
 msgstr ""

 #: ../../source/install.rst:28
-msgid "Verifying PGP signatures"
+msgid "Command-line only"
 msgstr ""

 #: ../../source/install.rst:30
+msgid "You can install just the command line version of OnionShare on any operating system using the Python package manager ``pip``. See :ref:`cli` for more information."
+msgstr ""
+
+#: ../../source/install.rst:35
+msgid "Verifying PGP signatures"
+msgstr ""
+
+#: ../../source/install.rst:37
 msgid "You can verify that the package you download is legitimate and hasn't been tampered with by verifying its PGP signature. For Windows and macOS, this step is optional and provides defense in depth: the OnionShare binaries include operating system-specific signatures, and you can just rely on those alone if you'd like."
 msgstr ""

-#: ../../source/install.rst:34
+#: ../../source/install.rst:41
 msgid "Signing key"
 msgstr ""

-#: ../../source/install.rst:36
+#: ../../source/install.rst:43
 msgid "Packages are signed by Micah Lee, the core developer, using his PGP public key with fingerprint ``927F419D7EC82C2F149C1BD1403C2657CD994F73``. You can download Micah's key `from the keys.openpgp.org keyserver <https://keys.openpgp.org/vks/v1/by-fingerprint/927F419D7EC82C2F149C1BD1403C2657CD994F73>`_."
 msgstr ""

-#: ../../source/install.rst:38
+#: ../../source/install.rst:45
 msgid "You must have GnuPG installed to verify signatures. For macOS you probably want `GPGTools <https://gpgtools.org/>`_, and for Windows you probably want `Gpg4win <https://www.gpg4win.org/>`_."
 msgstr ""

-#: ../../source/install.rst:41
+#: ../../source/install.rst:48
 msgid "Signatures"
 msgstr ""

-#: ../../source/install.rst:43
+#: ../../source/install.rst:50
 msgid "You can find the signatures (as ``.asc`` files), as well as Windows, macOS, Flatpak, Snap, and source packages, at https://onionshare.org/dist/ in the folders named for each version of OnionShare. You can also find them on the `GitHub Releases page <https://github.com/micahflee/onionshare/releases>`_."
 msgstr ""

-#: ../../source/install.rst:47
+#: ../../source/install.rst:54
 msgid "Verifying"
 msgstr ""

-#: ../../source/install.rst:49
+#: ../../source/install.rst:56
 msgid "Once you have imported Micah's public key into your GnuPG keychain, downloaded the binary and and ``.asc`` signature, you can verify the binary for macOS in a terminal like this::"
 msgstr ""

-#: ../../source/install.rst:53
+#: ../../source/install.rst:60
 msgid "Or for Windows, in a command-prompt like this::"
 msgstr ""

-#: ../../source/install.rst:57
+#: ../../source/install.rst:64
 msgid "The expected output looks like this::"
 msgstr ""

-#: ../../source/install.rst:69
-msgid "If you don't see 'Good signature from', there might be a problem with the integrity of the file (malicious or otherwise), and you should not install the package. (The \"WARNING:\" shown above, is not a problem with the package, it only means you haven't already defined any level of 'trust' of Micah's PGP key.)"
+#: ../../source/install.rst:76
+msgid "If you don't see ``Good signature from``, there might be a problem with the integrity of the file (malicious or otherwise), and you should not install the package. (The ``WARNING:`` shown above, is not a problem with the package, it only means you haven't defined a level of \"trust\" of Micah's PGP key.)"
 msgstr ""

-#: ../../source/install.rst:71
+#: ../../source/install.rst:78
 msgid "If you want to learn more about verifying PGP signatures, the guides for `Qubes OS <https://www.qubes-os.org/security/verifying-signatures/>`_ and the `Tor Project <https://support.torproject.org/tbb/how-to-verify-signature/>`_ may be useful."
 msgstr ""
--- a/docs/gettext/security.pot
+++ b/docs/gettext/security.pot
@ -6,9 +6,9 @@
 #, fuzzy
 msgid ""
 msgstr ""
-"Project-Id-Version: OnionShare 2.3.3\n"
+"Project-Id-Version: OnionShare 2.4\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2021-08-20 13:23-0700\n"
+"POT-Creation-Date: 2021-09-09 19:16-0700\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@ -45,7 +45,7 @@ msgid "**Anonymity of OnionShare users are protected by Tor.** OnionShare and To
 msgstr ""

 #: ../../source/security.rst:17
-msgid "**If an attacker learns about the onion service, it still can't access anything.** Prior attacks against the Tor network to enumerate onion services allowed the attacker to discover private .onion addresses. If an attack discovers a private OnionShare address, a password will be prevent them from accessing it (unless the OnionShare user chooses to turn it off and make it public). The password is generated by choosing two random words from a list of 6800 words, making 6800², or about 46 million possible passwords. Only 20 wrong guesses can be made before OnionShare stops the server, preventing brute force attacks against the password."
+msgid "**If an attacker learns about the onion service, it still can't access anything.** Prior attacks against the Tor network to enumerate onion services allowed the attacker to discover private ``.onion`` addresses. If an attack discovers a private OnionShare address, they will also need to guess the private key used for client authentication in order to access it (unless the OnionShare user chooses make their serivce public by turning off the private key -- see :ref:`turn_off_private_key`)."
 msgstr ""

 #: ../../source/security.rst:20
@ -53,9 +53,9 @@ msgid "What OnionShare doesn't protect against"
 msgstr ""

 #: ../../source/security.rst:22
-msgid "**Communicating the OnionShare address might not be secure.** Communicating the OnionShare address to people is the responsibility of the OnionShare user. If sent insecurely (such as through an email message monitored by an attacker), an eavesdropper can tell that OnionShare is being used. If the eavesdropper loads the address in Tor Browser while the service is still up, they can access it. To avoid this, the address must be communicateed securely, via encrypted text message (probably with disappearing messages enabled), encrypted email, or in person. This isn't necessary when using OnionShare for something that isn't secret."
+msgid "**Communicating the OnionShare address and private key might not be secure.** Communicating the OnionShare address to people is the responsibility of the OnionShare user. If sent insecurely (such as through an email message monitored by an attacker), an eavesdropper can tell that OnionShare is being used. If the eavesdropper loads the address in Tor Browser while the service is still up, they can access it. To avoid this, the address must be communicateed securely, via encrypted text message (probably with disappearing messages enabled), encrypted email, or in person. This isn't necessary when using OnionShare for something that isn't secret."
 msgstr ""

 #: ../../source/security.rst:24
-msgid "**Communicating the OnionShare address might not be anonymous.** Extra precautions must be taken to ensure the OnionShare address is communicated anonymously. A new email or chat account, only accessed over Tor, can be used to share the address. This isn't necessary unless anonymity is a goal."
+msgid "**Communicating the OnionShare address and private key might not be anonymous.** Extra precautions must be taken to ensure the OnionShare address is communicated anonymously. A new email or chat account, only accessed over Tor, can be used to share the address. This isn't necessary unless anonymity is a goal."
 msgstr ""
--- a/docs/gettext/sphinx.pot
+++ b/docs/gettext/sphinx.pot
@ -6,9 +6,9 @@
 #, fuzzy
 msgid ""
 msgstr ""
-"Project-Id-Version: OnionShare 2.3.3\n"
+"Project-Id-Version: OnionShare 2.4\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2021-08-20 13:23-0700\n"
+"POT-Creation-Date: 2021-09-09 19:16-0700\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
--- a/docs/gettext/tor.pot
+++ b/docs/gettext/tor.pot
@ -6,9 +6,9 @@
 #, fuzzy
 msgid ""
 msgstr ""
-"Project-Id-Version: OnionShare 2.3.3\n"
+"Project-Id-Version: OnionShare 2.4\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2021-08-20 13:23-0700\n"
+"POT-Creation-Date: 2021-09-09 19:16-0700\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@ -130,7 +130,7 @@ msgid "Using Tor bridges"
 msgstr ""

 #: ../../source/tor.rst:109
-msgid "If your access to the Internet is censored, you can configure OnionShare to connect to the Tor network using `Tor bridges <https://2019.www.torproject.org/docs/bridges.html.en>`_. If OnionShare connects to Tor without one, you don't need to use a bridge."
+msgid "If your access to the internet is censored, you can configure OnionShare to connect to the Tor network using `Tor bridges <https://2019.www.torproject.org/docs/bridges.html.en>`_. If OnionShare connects to Tor without one, you don't need to use a bridge."
 msgstr ""

 #: ../../source/tor.rst:111