fix: Update last criterion on MFA tools page (#2618)

- Update links for Qubes VPN docs
- Update Nitrokey internal link

Signed-off-by: Jonah Aragon <jonah@privacyguides.org>
Signed-off-by: Freddy <freddy@privacyguides.org>
Signed-off-by: Daniel Gray <dngray@privacyguides.org>

docs/basics/email-security.md

@@ -33,7 +33,7 @@ Email providers which allow you to use standard access protocols like IMAP and S
 
 ### How Do I Protect My Private Keys?
 
-A smartcard (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../multi-factor-authentication.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smartcard and the decrypted content is sent back to the device.
+A smartcard (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smartcard and the decrypted content is sent back to the device.
 
 It is advantageous for the decryption to occur on the smartcard to avoid possibly exposing your private key to a compromised device.
 

docs/multi-factor-authentication.md

@@ -72,5 +72,4 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative
 
 - Source code must be publicly available.
 - Must not require internet connectivity.
-- Must not sync to a third-party cloud sync/backup service.
-    - **Optional** E2EE sync support with OS-native tools is acceptable, e.g. encrypted sync via iCloud.
+- Cloud syncing must be optional, and (if available) sync functionality must be E2EE.

docs/os/qubes-overview.md

@@ -58,7 +58,7 @@ The [qrexec framework](https://qubes-os.org/doc/qrexec) is a core part of Qubes
 
 We [recommend](../advanced/tor-overview.md) connecting to the Tor network via a [VPN](../vpn.md) provider, and luckily Qubes makes this easy to do with a combination of ProxyVMs and Whonix.
 
-After [creating a new ProxyVM](https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/vpn.md) which connects to the VPN of your choice, you can chain your Whonix qubes to that ProxyVM **before** they connect to the Tor network, by setting the NetVM of your Whonix **Gateway** (`sys-whonix`) to the newly-created ProxyVM.
+After [creating a new ProxyVM](https://forum.qubes-os.org/t/configuring-a-proxyvm-vpn-gateway/19061) which connects to the VPN of your choice, you can chain your Whonix qubes to that ProxyVM **before** they connect to the Tor network, by setting the NetVM of your Whonix **Gateway** (`sys-whonix`) to the newly-created ProxyVM.
 
 Your qubes should be configured in a manner similar to this:
 
@@ -66,7 +66,7 @@ Your qubes should be configured in a manner similar to this:
 |-----------------|------------------------------------------------------------------------------------------------------------------|-----------------|
 | sys-net         | *Your default network qube (pre-installed)*                                                                      | *n/a*           |
 | sys-firewall    | *Your default firewall qube (pre-installed)*                                                                     | sys-net         |
-| ==sys-proxyvm== | The VPN ProxyVM you [created](https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/vpn.md) | sys-firewall    |
+| ==sys-proxyvm== | The VPN ProxyVM you [created](https://forum.qubes-os.org/t/configuring-a-proxyvm-vpn-gateway/19061) | sys-firewall    |
 | sys-whonix      | Your Whonix Gateway VM                                                                                           | ==sys-proxyvm== |
 | anon-whonix     | Your Whonix Workstation VM                                                                                       | sys-whonix      |