style: Enable vscode spellcheck and fix typos/style (#2888)

Signed-off-by: fria <138676274+friadev@users.noreply.github.com>
Signed-off-by: Daniel Gray <dngray@privacyguides.org>

.markdownlint.yml

@@ -27,5 +27,6 @@ code-block-style: false
 no-hard-tabs: true
 emphasis-style:
   style: "asterisk"
-no-duplicate-header: false
 no-trailing-punctuation: false
+no-duplicate-heading:
+  siblings_only: true

.vscode/ltex.dictionary.en-US.txt

@@ -5,3 +5,499 @@ TODO
 MotionScore
 GaitMetrics
 Bayometric
+eSIM
+microSD
+Cellebrite
+GrapheneOS
+Gboard
+IMEs
+Briar
+Meshtastic
+Gizmodo
+Wickr
+Gizmodo
+Arel
+CryptPad
+itemprop
+md-button
+XWiki
+CryptDrive
+scrypt
+Anytype
+PeerTube
+Startpage
+PrivacyTools
+FedResults
+Brøgger
+EasyOptOuts
+Optery
+DeleteMe
+PeopleConnect
+dFPI
+Arkenfox
+LocalCDN
+fingerprintable
+NeatURLs
+ClearURLs
+Bromite
+GeckoView
+Thorin-Oakenpants
+customizability
+DoH
+DNSCrypt
+eSNI
+Mullvad
+CalyxOS
+microG
+DejaVu
+DroidGuard
+NewPipe
+WebView
+linux-hardened
+malloc
+Malloc
+ASLR
+Grindr
+USCCB
+USCCB-owned
+de-anonymize
+MkDocs
+privacyguides
+balenaEtcher
+img
+thumbsup
+KeePassXC
+OnionShare
+Exif
+ExifTool
+zsh
+ImageOptim
+SendTo
+Handoff
+Jailbreaking
+Flatpaks
+ChromeOS
+Flatseal
+dbus
+XWayland
+filesystem
+Firejail
+Whonix
+seccomp
+AppArmor
+MicroOS
+setuid
+Bubblewrap
+Krathalan
+noatsecure
+Seirdy
+Podman
+Kata
+Wonderfall
+Vaultwarden
+LinuxServer
+io
+daemonless
+gVisor
+syscalls
+Portmaster
+OpenSnitch
+firewalld
+Netfilter
+bypassable
+sysctl
+KickSecure
+fepitre
+QubesOS
+COPR
+GRSecurity
+Kicksecure
+umask
+SUID
+Umask
+Qubes-Whonix
+USBGuard
+initramfs
+dracut
+BadUSB
+chronyd
+swdate
+sysfs
+cgroups
+MathML
+WebAuthn
+BlockBlock
+HELLOTUX
+Véliz
+Poitras
+Anonym
+ISRG
+Orbot
+Qubes
+public‑interest
+Warne
+Pham
+material-youtube
+OpenCollective
+Monero
+CoinJoin
+Banxa
+@proton
+CashApp
+Samouri
+Coinjoin
+USDC
+Stablecoins
+stablecoins
+IWAs
+IWA
+Beens
+Techlore
+whitehouse
+ShredOS
+del
+OMEMO
+reglock
+nofollow
+SecureDrop
+Cwtch
+OTF
+SimpleX
+noyb
+darknet
+Surfshark
+ExpressVPN
+PerfectPrivacy
+IPVanish
+CyberGhost
+ibVPN
+SurfShark
+VPNArea
+ThatOnePrivacySite
+fluffily
+Huxleyan
+MPRs
+INVISV
+QUIC
+Fastly
+OHTTP
+Appelbaum
+md-button--primary
+Niek
+openpgp
+material-github
+Tweakers
+fontawesome-brands-creative-commons
+fontawesome-brands-creative-commons-by
+fontawesome-brands-creative-commons-sa
+Attribution-ShareAlike
+ChatGPT
+LLMs
+OLMoE
+MMLU-Pro
+OpenLLM
+GGUF
+Llamafile
+Ollama
+cpp
+fontawesome-brands-windows
+simple-linux
+LLaVA
+fontawesome-solid-desktop
+llamafiles
+simple-torbrowser
+simple-googleplay
+eepsites
+simple-firefoxbrowser
+simple-googlechrome
+fontawesome-brands-edge
+scriptlet
+Adguard
+simple-appstore
+Tuta
+simple-flathub
+Flathub
+Cryptomator
+Securitum
+Tresorit
+Computest
+Peergos
+InterPlanetary
+IPFS
+DocumentsProvider
+Modmail
+CipherTrace
+Monero-only
+Monerujo
+CEX
+RetoSwap
+Haveno-Reto
+Haveno
+Guardarian
+BeenVerified
+CheckPeople
+ClustrMaps
+Dataveria
+InfoTracer
+PeekYou
+PublicDataUSA
+Radaris
+USPhonebook
+Whitepages
+Grauer
+simple-github
+ExifEraser
+permissionless
+Accrescent
+ExtendedXMP
+IPTC
+NoScript
+cryptominers
+non-proxied
+Solana
+PipeWire
+Btrfs
+openQA
+NixOS
+Toolbx
+Nixpkgs
+ProxyVM
+deanonymized
+qubes
+Xen
+pg-viridian
+qube
+KingsPawn
+sysdiagnose
+iMazing
+keystore
+Cleartext
+DoT
+DoQ
+eu
+NextDNS
+RethinkDNS
+dnscrypt-proxy
+anycast
+geo-steering
+QNAME
+PII
+SimpleLogin
+twemoji
+addy
+material-apple-ios
+@addy
+ProxyStore
+@username
+backported
+FairEmail
+Kontact
+Mailvelope
+NeoMutt
+WKD
+BitPay
+paydirekt
+Sofortüberweisung
+YubiCloud
+@mailbox
+@secure
+ActiveSync
+non-Tuta
+SOGo
+Mailcow
+OpenSMTPD
+Rspamd
+Mbox
+JMAP
+Hardenize
+Subresource
+cryptolib
+cryptofs
+siv-mode
+cryptolib-swift
+cryptomator-objc-cryptor
+Picocrypt
+VeraCrypt
+TrueCrypt
+cryptoprocessor
+non-Bitlocker
+FileVault
+FDE
+udiskie
+Polkit
+Kryptor
+Minisign
+Intevation
+OpenKeychain
+ffsend
+FreedomBox
+Syncthing
+simple-freebsd
+MySudo
+Coincards
+Redlib
+ProxiTok
+Yattee
+eepsite
+proxying
+LibreTube
+FramaTube
+IVPN
+Cromite
+Adblock
+EasyList
+fontawesome-solid-ellipsis
+adblock
+LineageOS
+NitroPhone
+Nitrokey
+Ente
+Akregator
+NewsFlash
+Inoreader
+Miniflux
+NetNewsWire
+Newsboat
+Newsbeuter
+Notesnook
+Cryptee
+Psono
+KeePassX
+KeePassDX
+gopass
+Pastebins
+PrivateBin
+ZeroBin
+pastebin
+pastebins
+Stingle
+PhotoPrism
+UnifiedPush
+simple-fdroid
+Mollysocket
+Olm
+util-linux
+uClibc
+BusyBox
+OPNsense
+Netgate
+pfSense
+SearXNG
+SearX
+Yubico
+PIV-compatibile
+CCID
+PIV
+HOTP
+YubiKeys
+Nitrokeys
+Obtainium
+deanonymization
+VpnService
+torrenting
+AntiTracker
+VMess
+DAITA
+deanonymize
+OTPs
+SafetyNet
+IDEMIA
+backport
+Silverblue
+Šamalík
+PKGBUILDs
+PPAs
+Linux-libre
+Libre
+ConfinedUsers
+ZRAM
+Linux-libre-based
+Spectre
+SWAPGS
+DEs
+NetworkManager
+systemd-networkd
+rpm-ostree-countme
+countme
+Hackintoshes
+OCSP
+XProtect
+appVM
+inter-qube
+AppVM
+vchan
+qrexec
+Qube
+sys-net
+sys-firewall
+sys-proxyvm
+sys-whonix
+anon-whonix
+ProxyVMs
+NetVM
+Rutkowska
+AutoRun
+PINs
+OnTheHub
+DevContainers
+fullwidth
+Fullwidth
+OptiPNG
+cwebp
+Keyring
+JustDeleteMe
+NotPetya
+EternalBlue
+Technopolice
+Datalogix
+Cryptoprocessor
+TPMs
+Pluton
+Buskill
+BusKill
+diceware
+Diceware
+geo-restrictions
+ECH
+dVPNs
+dVPN
+Pseudonymity
+@Thorin-Oakenpants
+DocumentsUI
+CameraX
+AFWall
+AdAway
+TrackerControl
+loopback
+Aptoide
+APKPure
+simple-gitlab
+IzzyOnDroid
+Gadgetbridge
+tshark
+systemd
+systemd-resolved
+EDNS
+Chainalysis
+BadExit
+HSDir
+deanonymizing
+WebTunnel
+Computerphile
+namazso
+HelloTux
+wordmark
+Bagnard
+sublicensees
+BurungHantu
+privacytoolsIO
+privacytools
+trai
+PrivacyGuides
+@dngray
+simple-youtube
+simple-peertube
+simple-bluesky
+dngray
+bsky
+@freddy

.vscode/ltex.hiddenFalsePositives.en-US.txt

@@ -6,3 +6,65 @@
 {"rule":"MORFOLOGIK_RULE_EN_US","sentence":"^\\QImage Credit: clockit.io\\E$"}
 {"rule":"MORFOLOGIK_RULE_EN_US","sentence":"^\\QExample of finger minutiae including forks (where one line splits into multiple lines), ends (where a line ends), islands (isolated dots), and inclosures (lines that split into two and then reconnect)\\E$"}
 {"rule":"MORFOLOGIK_RULE_EN_US","sentence":"^\\QIllustration: Jonah Aragon / Privacy Guides | Photo: Jair Lázaro / Unsplash\\E$"}
+{"rule":"MORFOLOGIK_RULE_EN_US","sentence":"^\\QIllustration: Jonah Aragon / Privacy Guides | Photo: Koshu Kunii / Unsplash\\E$"}
+{"rule":"COMMA_COMPOUND_SENTENCE","sentence":"^\\QYou should also make sure your mobile plan is topped up and you have enough mobile data prior to the event.\\E$"}
+{"rule":"MORFOLOGIK_RULE_EN_US","sentence":"^\\QA good rule of thumb is that unless a post from GrapheneOS is specifically talking about GrapheneOS-specific, privacy-related functionality and not about other projects/software/etc., it is probably off-topic here.\\E$"}
+{"rule":"MORFOLOGIK_RULE_EN_US","sentence":"^\\QIn an interview with Gizmodo, Christopher Soghoian, Principal Technologist and Senior Policy Analyst at the American Civil Liberties Union said that, \"There are many Telegram users who think they are communicating in an end-to-end encrypted way, when they're not because they don't realize that they have to turn on an additional setting,\" he continued to say that while he's happy they offer the encryption, it's not useful if it's turned off.\\E$"}
+{"rule":"ALL_MOST_SOME_OF_NOUN","sentence":"^\\QOpen source may be the most used phrase in all of privacy and security, and for good reason.\\E$"}
+{"rule":"MORFOLOGIK_RULE_EN_US","sentence":"^\\QIllustration: Jordan Warne / Privacy Guides | Photo: Christin Hume / Unsplash\\E$"}
+{"rule":"EN_UNPAIRED_BRACKETS","sentence":"^\\QIf you need to erase this history for safety but keep the document, you can go to \"File\" > \"Make a copy\", then go back to the original document with the history you need to erase, click on \"Access\", then \"Destroy\", then click again on \"Are you sure?\".\\E$"}
+{"rule":"MORFOLOGIK_RULE_EN_US","sentence":"^\\QWe reached out to System1 CEO Ian Weingarten for an explanation.\\E$"}
+{"rule":"IF_THERE","sentence":"^\\QIn an interview with TechCrunch, Wire CEO Morten Brøgger said of privacy laws: “We are in Switzerland, which has the best privacy laws in the world” — it's subject to Europe's General Data Protection Regulation framework (GDPR) on top of its own local laws — “and Wire now belongs to a new group holding, but there no change in control.” sic\\E$"}
+{"rule":"MORFOLOGIK_RULE_EN_US","sentence":"^\\Qadvancedbackgroundchecks.com :white_check_mark: Removed :white_check_mark: Removed\nbeenverified.com :white_check_mark: Removed :warning: Found\ncheckpeople.com :white_check_mark: Removed :white_check_mark: Removed\nclustrmaps.com :white_check_mark: Removed :white_check_mark: Removed\ndataveria.com :white_check_mark: Removed :white_check_mark: Removed\ngladiknow.com :white_check_mark: Removed :white_check_mark: Removed\ninfotracer.com :white_check_mark: Removed :warning: Found\nintelius.com* :warning: Found :warning: Found\npeekyou.com* :warning: Found :warning: Found\npublicdatausa.com^1 :white_check_mark: Removed :white_check_mark: Removed\nradaris.com :white_check_mark: Removed :white_check_mark: Removed\nspokeo.com :white_check_mark: Removed ::white_check_mark: Removed\nthatsthem.com :white_check_mark: Removed :white_check_mark: Removed\nusphonebook.com :white_check_mark: Removed :white_check_mark: Removed\nspyfly.com :white_check_mark: Removed :white_check_mark: Removed\nRemaining Results 13% 23%\\E$"}
+{"rule":"WHITESPACE_RULE","sentence":"^\\QPerson A Person B\\E$"}
+{"rule":"MORFOLOGIK_RULE_EN_US","sentence":"^\\QCalyxOS uses the default AOSP Scudo Malloc, which is generally less effective.\\E$"}
+{"rule":"MORFOLOGIK_RULE_EN_US","sentence":"^\\QIllustration: Jonah Aragon / Privacy Guides | Photo: Aleksander Dumała / Pexels\\E$"}
+{"rule":"MORFOLOGIK_RULE_EN_US","sentence":"^\\QDisable the option \"Anonymously report errors and usage statistics to balena.io\", then click \"OK\".\\E$"}
+{"rule":"EN_UNPAIRED_BRACKETS","sentence":"^\\QThe button on the right is blue and labeled \"Flash!\".\\E$"}
+{"rule":"PREPOSITION_VERB","sentence":"^\\QAdd a Receive action and set it to receive Images from Share Sheet\\E$"}
+{"rule":"A_INFINITIVE","sentence":"^\\QWindows allows you to place files in a SendTo folder which then appear in the Send to context menu.\\E$"}
+{"rule":"A_INFINITIVE","sentence":"^\\QRight-click a supported file and choose ExifTool.bat within the Send to context menu.\\E$"}
+{"rule":"COMMA_COMPOUND_SENTENCE","sentence":"^\\QYour location data is not E2EE when your device is online and you use Find My iPhone remotely to locate your device.\\E$"}
+{"rule":"MORFOLOGIK_RULE_EN_US","sentence":"^\\QOther technologies that were disabled include WebGL, MathML, Gamepad API, Web Audio API, RTCDataChannel, and SVG Fonts.\\E$"}
+{"rule":"MORFOLOGIK_RULE_EN_US","sentence":"^\\QOnion Browser is an open-source app created by Mike Tigas, who has worked closely with Tor Project in the past and was previously an investigative journalist at ProPublica (he is currently an advisor at the FTC).\\E$"}
+{"rule":"MISSING_COMMA_AFTER_INTRODUCTORY_PHRASE","sentence":"^\\QBesides leaving it blank for the default, it comes with three built-in user agent strings you can choose from, or you can enter your own.\\E$"}
+{"rule":"COMMA_COMPOUND_SENTENCE_2","sentence":"^\\QStartpage CEO Robert Beens discusses the investment from Privacy One / System1\nWhat is Startpage's relationship with Privacy One/System1 and what does this mean for my privacy protections?\\E$"}
+{"rule":"MORFOLOGIK_RULE_EN_US","sentence":"^\\QSelect :material-dots-vertical: > Settings > Privacy\n Turn off Show Calls in Recents\\E$"}
+{"rule":"COMMA_COMPOUND_SENTENCE","sentence":"^\\QWhile this change makes sense from the perspective of making it so you cannot \"hold a number hostage\" as long as you keep checking in, it is particularly important for people who've used disposable phone numbers to know this.\\E$"}
+{"rule":"MORFOLOGIK_RULE_EN_US","sentence":"^\\QPhoto: ev / Unsplash\\E$"}
+{"rule":"MORFOLOGIK_RULE_EN_US","sentence":"^\\QEnter the-company formerly-known-as-Facebook's rival to the birdsite: Threads.\\E$"}
+{"rule":"MORFOLOGIK_RULE_EN_US","sentence":"^\\QThreads' naffness won't stop its success.\\E$"}
+{"rule":"EXTREME_ADJECTIVES","sentence":"^\\QIt feels really good.\\E$"}
+{"rule":"MORFOLOGIK_RULE_EN_US","sentence":"^\\QSam is an elearning designer and privacy advocate interested in free (libre) software and how it can protect civil liberties.\\E$"}
+{"rule":"MORFOLOGIK_RULE_EN_US","sentence":"^\\QThis article was originally published on my personal blog at samhowell.uk, on February 15th, 2019.\\E$"}
+{"rule":"MORFOLOGIK_RULE_EN_US","sentence":"^\\Q:japanese_goblin:{ .lg .middle } Kevin Pham\\E$"}
+{"rule":"MORFOLOGIK_RULE_EN_US","sentence":"^\\Q2022: ISO/IEC 27001:2013^1 Compliance Certification by TÜV Rheinland InterCert Kft\n2021: Penetration Testing by Computest\nThis review assessed the security of the Tresorit web client, Android app, Windows app, and associated infrastructure.\\E$"}
+{"rule":"MORFOLOGIK_RULE_EN_US","sentence":"^\\Q2022: ISO/IEC 27001:2013^1 Compliance Certification by TÜV Rheinland InterCert Kft\n2021: Penetration Testing by Computest\nThis review assessed the security of the Tresorit web client, Android app, Windows app, and associated infrastructure.\\E$"}
+{"rule":"MORFOLOGIK_RULE_EN_US","sentence":"^\\QFirefox sends data about your Firefox version and language; device operating system and hardware configuration; memory, basic information about crashes and errors; outcome of automated processes like updates, safebrowsing, and activation to us.\\E$"}
+{"rule":"MORFOLOGIK_RULE_EN_US","sentence":"^\\QNewPipe is a free and open-source Android application for YouTube, SoundCloud, media.ccc.de, Bandcamp, and PeerTube (1).\\E$"}
+{"rule":"ADD_AN_ADDITIONAL","sentence":"^\\QThis setting adds an additional Adblock Plus list that may increase the effectiveness of Cromite's content blocking.\\E$"}
+{"rule":"MORFOLOGIK_RULE_EN_US","sentence":"^\\QUncheck the autoupdate setting\\E$"}
+{"rule":"CLEAN_UP","sentence":"^\\QIf your device supports it, you can use the Clean Up feature to pixelate faces or remove objects from images.\\E$"}
+{"rule":"MORFOLOGIK_RULE_EN_US","sentence":"^\\QTurn off AutoPlay: Enabled\nDisallow Autoplay for nonvolume devices: Enabled\nSet the default behavior for AutoRun: Enabled\nDefault AutoRun Behavior: Do not execute any AutoRun commands\\E$"}
+{"rule":"MORFOLOGIK_RULE_EN_US","sentence":"^\\QLorem ipsum dolor sit amet, consectetur adipiscing elit.\\E$"}
+{"rule":"MORFOLOGIK_RULE_EN_US","sentence":"^\\QNulla et euismod nulla.\\E$"}
+{"rule":"MORFOLOGIK_RULE_EN_US","sentence":"^\\QCurabitur feugiat, tortor non consequat finibus, justo purus auctor massa, nec semper lorem quam in massa.\\E$"}
+{"rule":"MORFOLOGIK_RULE_EN_US","sentence":"^\\QThe name of the Subreddit is r/PrivacyGuides or the Privacy Guides Subreddit.\\E$"}
+{"rule":"MORFOLOGIK_RULE_EN_US","sentence":"^\\QTurn off Remove the XML declaration\nx Turn on Remove metadata\nx Turn on Remove comments\nx Turn on Embedded raster images\nx Turn on Enable viewboxing\\E$"}
+{"rule":"MORFOLOGIK_RULE_EN_US","sentence":"^\\QSource: plainlanguage.gov\\E$"}
+{"rule":"MORFOLOGIK_RULE_EN_US","sentence":"^\\QKathy McGinty offers tongue-in-cheek instructions for bulking up your simple, direct sentences:\\E$"}
+{"rule":"MORFOLOGIK_RULE_EN_US","sentence":"^\\QIn France, you can take a look at the Technopolice website maintained by the non-profit association La Quadrature du Net.\\E$"}
+{"rule":"MORFOLOGIK_RULE_EN_US","sentence":"^\\QFIDO (Fast IDentity Online)\\E$"}
+{"rule":"MORFOLOGIK_RULE_EN_US","sentence":"^\\QThe entropy per word in a diceware passphrase is calculated as    log 2  ( WordsInList )\\E$"}
+{"rule":"MORFOLOGIK_RULE_EN_US","sentence":"^\\QTo calculate the amount of possible passphrases, all we have to do is   WordsInList WordsInPhrase\\E$"}
+{"rule":"MORFOLOGIK_RULE_EN_US","sentence":"^\\QThey ultimately paid two companies (Chainalysis and Integra Fec) a combined $1.25 million to further develop tools to do so.\\E$"}
+{"rule":"MORFOLOGIK_RULE_EN_US","sentence":"^\\QWe also especially thank our dedicated community moderation team on Matrix and our forum: Austin Huang, namazso, hik, riley, and Valynor.\\E$"}
+{"rule":"MORFOLOGIK_RULE_EN_US","sentence":"^\\QPortions of this notice itself were adopted from opensource.guide on GitHub.\\E$"}
+{"rule":"MORFOLOGIK_RULE_EN_US","sentence":"^\\Qr/redditrequest is Reddit's way of making sure communities have active moderators and is part of the Moderator Code of Conduct.\\E$"}
+{"rule":"MORFOLOGIK_RULE_EN_US","sentence":"^\\QIf you were removed as moderator from a Subreddit through Reddit request it is because your lack of response and lack of activity qualified the Subreddit for an r/redditrequest transfer.\\E$"}
+{"rule":"MORFOLOGIK_RULE_EN_US","sentence":"^\\QIf you were removed as moderator from a subreddit through Reddit request it is because your lack of response and lack of activity qualified the subreddit for an r/redditrequest transfer.\\E$"}
+{"rule":"IN_OR_WITH_REGARDS_TO_OF","sentence":"^\\QRetaliation from any moderator with regards to removal requests is disallowed.\\E$"}
+{"rule":"MORFOLOGIK_RULE_EN_US","sentence":"^\\QPhoto: Dimmis Vart / Unsplash\\E$"}
+{"rule":"SENT_START_CONJUNCTIVE_LINKING_ADVERB_COMMA","sentence":"^\\QFurther develop an individual story or line of coverage.\\E$"}
+{"rule":"DOUBLE_PUNCTUATION","sentence":"^\\QOur readership is entitled to as much information as possible in order to judge the reliability of our sources themselves..\\E$"}
+{"rule":"DOUBLE_PUNCTUATION","sentence":"^\\QOur contributors should always question the motives behind a source requesting anonymity..\\E$"}

.vscode/settings.json

@@ -21,8 +21,9 @@
 {
     "git.ignoreLimitWarning": true,
     "ltex.diagnosticSeverity": {
-      "COMMA_COMPOUND_SENTENCE": "error",
+      "COMMA_COMPOUND_SENTENCE": "information",
-      "MORFOLOGIK_RULE_EN_US": "information",
+      "COMMA_COMPOUND_SENTENCE_2": "information",
+      "MORFOLOGIK_RULE_EN_US": "warning",
       "HE_VERB_AGR": "hint",
       "WHETHER": "hint",
       "MAKE_SINCE": "information",
@@ -30,7 +31,61 @@
       "EN_COMPOUNDS": "warning",
       "ADMIT_ENJOY_VB": "hint",
       "ABOUT_WHO_TO": "warning",
-      "default": "hint"
+      "MISSING_GENITIVE": "hint",
+      "ENGLISH_WORD_REPEAT_BEGINNING_RULE": "hint",
+      "EN_UNPAIRED_BRACKETS": "warning",
+      "MISSING_ARTICLE": "warning",
+      "SENT_START_CONJUNCTIVE_LINKING_ADVERB_COMMA": "warning",
+      "CONDITIONAL_CLAUSE": "hint",
+      "DAMAGE_OF_TO": "hint",
+      "ETC_PERIOD": "warning",
+      "WHITESPACE_RULE": "hint",
+      "UPPERCASE_SENTENCE_START": "hint",
+      "LARGE_NUMBER_OF": "information",
+      "ENGLISH_WORD_REPEAT_RULE": "hint",
+      "SOME_OF_THE": "hint",
+      "IF_OF": "warning",
+      "THE_JJR_THE_MORE_COMMA": "warning",
+      "POSSESSIVE_APOSTROPHE": "hint",
+      "BY_DEFAULT_COMMA": "warning",
+      "ADVERB_WORD_ORDER": "hint",
+      "E_G": "warning",
+      "YOUR_RE": "warning",
+      "TOR_FOR": "hint",
+      "COMMA_PARENTHESIS_WHITESPACE": "hint",
+      "AGREEMENT_SENT_START": "hint",
+      "SETUP_VERB": "warning",
+      "MD_NO_VB": "warning",
+      "CLICK_HYPHEN": "information",
+      "NON3PRS_VERB": "hint",
+      "SENTENCE_WHITESPACE": "hint",
+      "BE_TO_VBG": "warning",
+      "I_NOT_JJ": "warning",
+      "PROFANITY": "hint",
+      "AD_ADD": "hint",
+      "THE_SUPERLATIVE": "hint",
+      "PLURAL_VERB_AFTER_THIS": "hint",
+      "LC_AFTER_PERIOD": "hint",
+      "PREPOSITION_VERB": "hint",
+      "OTHER_OTHERS": "hint",
+      "ON_THE_NOVEL": "hint",
+      "OUTSIDE_OF": "warning",
+      "UNLIKELY_OPENING_PUNCTUATION": "hint",
+      "SMALL_NUMBER_OF": "hint",
+      "A_UNCOUNTABLE": "hint",
+      "AFFORD_VB": "hint",
+      "AN_INVITE": "hint",
+      "HAVE_PART_AGREEMENT": "hint",
+      "PHRASE_REPETITION": "hint",
+      "THIS_NNS_VB": "hint",
+      "NNS_IN_NNP_VBZ": "hint",
+      "APPLE_PRODUCTS": "warning",
+      "OVER_TIME": "hint",
+      "IN_THE_MOMENT": "hint",
+      "ARROWS": "hint",
+      "AUXILIARY_DO_WITH_INCORRECT_VERB_FORM": "hint",
+      "MISSING_COMMA_AFTER_YEAR": "hint",
+      "default": "error"
     },
     "editor.unicodeHighlight.ambiguousCharacters": true,
     "editor.unicodeHighlight.invisibleCharacters": true,

blog/editorial.md

@@ -30,7 +30,7 @@ Privacy Guides contributors must always be independent voices in the privacy com
 
 ### Fairness and Impartiality
 
-Many stories have at least two sides. While we are not obligated to present every viewpoint in every article we publish, our stories are balanced and add context. Our impertial reporting is a significant part of why our community has trust and confidence in our work.
+Many stories have at least two sides. While we are not obligated to present every viewpoint in every article we publish, our stories are balanced and add context. Our impartial reporting is a significant part of why our community has trust and confidence in our work.
 
 ### Humanity
 
@@ -68,7 +68,7 @@ We trust the integrity of our contributors and the accuracy of content published
 
 ## Unnamed Sources Policy
 
-Privacy Guides will only used unnamed sources in our news reporting if:
+Privacy Guides will only use unnamed sources in our news reporting if:
 
 1. The material is informative, not opinion or speculation.
 2. The material is vital to the news report.

blog/posts/activists-guide-securing-your-smartphone.md

@@ -84,7 +84,7 @@ Barring a massive security exploit (more on this [later](#consider-your-phones-s
 
 In the United States and many other countries it is legal to refuse to unlock your phone or provide your passcode to law enforcement. **Know your rights** wherever you're located before attending a protest, so you aren't blindly following orders later.
 
-### Disable Biometic Authentication
+### Disable Biometric Authentication
 
 We commonly recommend using biometric features like Face ID or Touch ID to prevent "shoulder surfing" attacks, where an attacker steals your PIN by discreetly watching you enter it, or where your PIN is recorded by surveillance cameras in the area.
 
@@ -194,7 +194,7 @@ Even after mitigating the risks of 2G networks, your cellular activity can still
 
 To prevent this, you should keep your phone turned off or use Airplane Mode to disable cellular connections whenever possible. Ideally you should only connect to networks in an emergency situation to communicate with others in your group, otherwise keeping messages and network transmissions to a minimum is key.
 
-If you absolutely need internet connectivity and it's possible, you should keep Airplane Mode on and connect to a public Wi-Fi network instead, which brings me to:
+If you absolutely need internet connectivity, and if it's possible, you should keep Airplane Mode on and connect to a public Wi-Fi network instead, which brings me to:
 
 ### Use Public Wi-Fi
 
@@ -245,7 +245,7 @@ Signal is battle-tested for this situation. [Signal has responded to 6 governmen
 
 Keep in mind that using Signal could still expose your phone's location, simply due to making a network request as we covered above. You should still keep your phone in [Airplane Mode](#use-airplane-mode-frequently) and minimize the use of Signal or any other networked app during the event.
 
-There *are* other [encrypted messengers](https://www.privacyguides.org/en/real-time-communication/), some of them even making use of technologies developed by Signal. However, they all come with trade-offs that could easily compromise your security. WhatsApp and Facebook Messenger are end-to-end encrypted for example, but they collect copious amounts of *metadata* about your messages, such as who you're sending them to, when you're sending them, your location when you're sending them, etc. Apple's iMessage service in the Messages app has strong encryption but similar metadata concerns, and only works if everyone in your group has an iPhone.
+There *are* other [encrypted messengers](https://www.privacyguides.org/en/real-time-communication/), some of them even making use of technologies developed by Signal. However, they all come with trade-offs that could easily compromise your security. WhatsApp and Facebook Messenger are end-to-end encrypted for example, but they collect copious amounts of *metadata* about your messages, such as whom you're sending them to, when you're sending them, your location when you're sending them, etc. Apple's iMessage service in the Messages app has strong encryption but similar metadata concerns, and only works if everyone in your group has an iPhone.
 
 ### Protect Your Access to Information
 
@@ -273,7 +273,7 @@ The backup situation on Android is not nearly as robust unfortunately, but you c
 
 ### Keep Your Device Locked
 
-You should always use your camera to take pictures or videos while your phone is locked, in case your device is taken while filming. This is easier if you've [disabled biometrics](#disable-biometic-authentication), because Face ID or similar features might unlock your device automatically when you don't want that to happen.
+You should always use your camera to take pictures or videos while your phone is locked, in case your device is taken while filming. This is easier if you've [disabled biometrics](#disable-biometric-authentication), because Face ID or similar features might unlock your device automatically when you don't want that to happen.
 
 On an iPhone you can hold down the camera icon on the lock screen to open the camera without unlocking your device. You could also configure the Action Button to open the camera, or use the dedicated camera button on the latest iPhone model.
 

blog/posts/biometrics-explained.md

@@ -9,6 +9,8 @@ tags:
     - Biometrics
 license: BY-SA
 schema_type: BackgroundNewsArticle
+description: |
+  Biometrics are a convenient and secure way to authenticate our devices. Many of us use and trust the biometrics of our devices without much thought, but are they really secure? With so many options, which ones are the best?
 ---
 # Biometrics Explained
 
@@ -201,9 +203,9 @@ They claim it can uniquely identify individuals as well as penetrate walls, a wo
 
 ### :material-cloud-off: Local Storage
 
-As with most things, keeping everything on your device is the key to private biometrics. A secure and private biometric authentication system should store any biometric data fully on-device and further, shouldn't make it acessible at all, even to the user. Biometric data is so incredibly sensitive and uniquely identifying that it needs to be treated with the utmost care. For example, apps on your phone don't have direct access to your fingerprint or face data, they must use an [API](https://developer.apple.com/documentation/localauthentication) to use biometric authentication.
+As with most things, keeping everything on your device is the key to private biometrics. A secure and private biometric authentication system should store any biometric data fully on-device and further, shouldn't make it accessible at all, even to the user. Biometric data is so incredibly sensitive and uniquely identifying that it needs to be treated with the utmost care. For example, apps on your phone don't have direct access to your fingerprint or face data, they must use an [API](https://developer.apple.com/documentation/localauthentication) to use biometric authentication.
 
-On the other end of the spectrum we have companies like [IDEMIA](https://www.idemia.com) which boast about their [Augmented Vision](https://www.idemia.com/wp-content/uploads/2021/01/augmented-vision-platform-idemia-brochure-202102.pdf), designed to take video data from the myriad surveillance cameras littering every US city and track you around everywhere you go. It combines facial recognition, object recognition, plate reading, and much more to create an Orwelian surveillance apparatus that stores all your data in some server somewhere, fully accessible to their customers (or any hackers that want a treasure trove of surveillance data). They also hae a product called [Mobile Biometric Check](https://www.idemia.com/wp-content/uploads/2021/02/mobile-biometric-check-idemia-brochure-202007.pdf) that allows cops to use their phone camera to take a picture of your fingerprints and compare them to a database. This is the exact opposite of responsible biometrics.
+On the other end of the spectrum we have companies like [IDEMIA](https://www.idemia.com) which boast about their [Augmented Vision](https://www.idemia.com/wp-content/uploads/2021/01/augmented-vision-platform-idemia-brochure-202102.pdf), designed to take video data from the myriad surveillance cameras littering every US city and track you around everywhere you go. It combines facial recognition, object recognition, plate reading, and much more to create an Orwellian surveillance apparatus that stores all your data in some server somewhere, fully accessible to their customers (or any hackers that want a treasure trove of surveillance data). They also have a product called [Mobile Biometric Check](https://www.idemia.com/wp-content/uploads/2021/02/mobile-biometric-check-idemia-brochure-202007.pdf) that allows cops to use their phone camera to take a picture of your fingerprints and compare them to a database. This is the exact opposite of responsible biometrics.
 
 ### :material-chip: Secure Element
 

blog/posts/choosing-the-right-messenger.md

@@ -56,7 +56,7 @@ This article will not get into the complexities of the best kinds of end-to-end
 
 The popular messaging app Telegram has come under fire the most for this. Telegram says on their homepage that, “Telegram messages are heavily encrypted and can self-destruct.” Yet, this statement is only partially true. Yes, you can set your messages to self-destruct, a great privacy feature for some, and yes, they do offer encryption, but what they don’t tell users is that encryption isn’t turned on by default.
 
-In an [interview](https://web.archive.org/web/20210729190737/https://gizmodo.com/why-you-should-stop-using-telegram-right-now-1782557415) with Gizmodo, Christopher Soghoian, Principal Technologist and Senior Policy Analyst at the American Civil Liberties Union said that, "There are many Telegram users who think they are communicating in an [end-to-end] encrypted way, when they’re not because they don’t realize that they have to turn on an additional setting,” he continued to say that while he’s happy they offer the encryption, it’s not useful if it’s turned off.
+In an [interview](https://web.archive.org/web/20210729190737/https://gizmodo.com/why-you-should-stop-using-telegram-right-now-1782557415) with Gizmodo, Christopher Soghoian, Principal Technologist and Senior Policy Analyst at the American Civil Liberties Union said that, "There are many Telegram users who think they are communicating in an [end-to-end] encrypted way, when they’re not because they don’t realize that they have to turn on an additional setting," he continued to say that while he’s happy they offer the encryption, it’s not useful if it’s turned off.
 
 Apps such as Signal, Keybase, and Wickr offer E2EE by default. Less popular but quickly growing apps such as Element, offer E2EE but like Telegram, have not made it a default setting, though the Matrix.org team has [said](https://web.archive.org/web/20210729190737/https://github.com/vector-im/element-web/issues/6779) that default encryption is on their road map.
 
@@ -66,7 +66,7 @@ Ensuring your conversations and metadata are E2EE is one of the best practices y
 
 When it comes to your goals and threat model, you will need to decide how much, if any, information you’re willing to give this company on signup. Do they require a phone number and or SIM card? Do they require an email address, or do they allow completely anonymous signups, and how anonymous is anonymous? Are they storing that info (remember the metadata) unencrypted?
 
-Giving up your phone number or email won’t be a big deal for many, as any good privacy policy will state they won’t use it for any purpose other than those you’ve granted permission for. Yet, for those avoiding state-sponsored surveillance, you may have a regularly changing number, no number, or would rather not risk giving that information up. Same goes for email.
+Giving up your phone number or email won’t be a big deal for many, as any good privacy policy will state they won’t use it for any purpose other than those you’ve granted permission for. Yet, for those avoiding state-sponsored surveillance, you may have a regularly changing number, no number, or would rather not risk giving that information up. The same goes for email.
 
 So, you will want to find a service that fits this need. While Signal is currently testing signup without a phone number, currently you’re unable to do so. Element, Wickr, many XMPP services, don’t require anything but choosing a username.
 
@@ -86,9 +86,9 @@ If you’re unsure what to do here, it’s always a safe bet to stick with open
 
 ## Ownership & Trust
 
-An often overlooked, but increasingly important part of choosing a secure messenger is, who owns the company that’s providing your service? What would the gain or lose from selling your data and who does the company answer to?
+An often overlooked, but increasingly important part of choosing a secure messenger is, who owns the company that’s providing your service? What would the gain or lose from selling your data, and who does the company answer to?
 
-Wire [recently lost](https://web.archive.org/web/20210729190737/https://blog.privacytools.io/delisting-wire/) a great deal of trust and standing in the privacy world because they quietly sold their company and moved it to the US. They also changed parts of their privacy policy making it harder for users to tell when Wire would share customer data. They did all of this while never updating their current users of such changes, either to the change of the privacy policy, or the move to the US.
+Wire [recently lost](https://web.archive.org/web/20210729190737/https://blog.privacytools.io/delisting-wire/) a great deal of trust and standing in the privacy world because they quietly sold their company and moved it to the US. They also changed parts of their privacy policy, making it harder for users to tell when Wire would share customer data. They did all of this while never updating their current users of such changes, either to the change of the privacy policy, or the move to the US.
 
 Wire also took in more than $8 million in venture capital funding. So now, users wanted to know more about who owned their data and what jurisdictional rights were changing with the move from Europe to the United States?
 
@@ -98,7 +98,7 @@ Signal on the other hand is a [non-profit](https://signal.org/blog/signal-founda
 
 Matrix.org (the service Element uses) runs a similar business model as Signal, located in the UK instead of the US, they reply on donations, partnerships, and grants. Matrix.org is heavily supported by New Vector, a venture capital backed company, however, Matrix.org as a non-profit is transparent about its spending, income, and influences.
 
-Not all services are non-profit, and that should not rule them out immediately. You can also follow their funding goals. Wire lost credibility because instead of simply relying on user signups, they wanted to be the next Skype for Business and wanted to build a larger enough user base to get the attention of investors. Meanwhile apps such as Wickr, while for-profit, is transparent about taking limited investors to become sustainable on subscriptions.
+Not all services are non-profit, and that should not rule them out immediately. You can also follow their funding goals. Wire lost credibility because instead of simply relying on user signups, they wanted to be the next Skype for Business and wanted to build a larger enough user base to get the attention of investors. Meanwhile, apps such as Wickr, while for-profit, is transparent about taking limited investors to become sustainable on subscriptions.
 
 This can take some time, because it’s important to know who the investors are, and what the organizational goals are. Will they eventually need to resort to data harvesting to sustain itself, if they do, and you decide to leave the platform, will you leave behind data you don’t want them to get their hands on?
 
@@ -110,7 +110,7 @@ You’ll need to decide who you trust, and who your other contacts trust, and th
 
 The important thing to remember is there is no one size fits all for messengers, and that each user must decide what is best for them. If someone is an avid WhatsApp or Facebook Messenger user, even Telegram is a step in the right direction. Yet, if that user is concerned with more than just giving data over to Facebook, they may need to look at more secure options.
 
-Ensure you keep your messenger apps up to date. You don’t want to discover you’ve been compromised because a bug found in version 1 was fixed in version 2 but you didn’t bother upgrading your apps.
+Ensure you keep your messenger apps up to date. You don’t want to discover you’ve been compromised because a bug found in version 1 was fixed in version 2, but you didn’t bother upgrading your apps.
 
 One last piece of advice is that users need to be diligent and never become complacent in their decision. You must be willing to change services if the goals and values of your messenger of choice change in a way that no longer match yours. Look for news of sales, mergers, or acquisitions that could compromise the organization.
 

blog/posts/cryptpad-review.md

@@ -177,7 +177,7 @@ Each time you create a new document, no matter which type, you will have the fol
 
 ### Self-destruction
 
-For any sensitive document, it's a great idea to enable the auto-destruction feature, even if it's far in the future. This adds an additional layer of security in case you lose your password, forget about an important file that shouldn't be lingering around, or for any other sensitive situations.
+For any sensitive document, it's a great idea to enable the auto-destruction feature, even if it's far in the future. This adds a layer of security in case you lose your password, forget about an important file that shouldn't be lingering around, or for any other sensitive situations.
 
 ### Password lock
 
@@ -313,7 +313,7 @@ CryptPad uses a variety of reputable algorithms for its encryption needs. Here's
 - For hashes: The [SHA-512](https://en.wikipedia.org/wiki/SHA-2) algorithm.
 - For all other cryptographic operations: The [TweetNaCl.js](https://tweetnacl.js.org/#/) library.
 
-You can read more details about how CryptPad implements encryption in [CryptPad's whitepaper](https://blog.cryptpad.org/2023/02/02/Whitepaper/).
+You can read more details about how CryptPad implements encryption in [CryptPad's white paper](https://blog.cryptpad.org/2023/02/02/Whitepaper/).
 
 You can read more on a comparison of cryptography libraries CryptPad uses in [CryptPad's Blueprints](https://blueprints.cryptpad.org/review/libraries/).
 
@@ -341,13 +341,13 @@ Here's a few things you should remember to keep your CryptPad data secure and pr
 
 **IP address:** Don't forget that whenever you connect to a server, website, or any service online, you are sharing your IP address, which can be used to identify and locate you, more or less accurately. If this is a threat to you, consider using a trustworthy VPN or the Tor network to protect your IP address.
 
-**HTTPS:** Make sure the CryptPad instance's address you use starts with "https".
+**HTTPS:** Make sure the CryptPad instance's address you use starts with "HTTPS".
 
-**Document links:** Because CryptPad includes the keys to decrypt your document in the links you use and share, anyone who can access your browsing history could potentially read your decrypted document. This is also true for anything in your browser or device that can access your browser's history (extensions, synced accounts, screen-sharing, Windows Recall, etc). To mitigate this, you should [enable](https://docs.cryptpad.org/en/user_guide/user_account.html#security-privacy) the option "Safe links" in "Settings" > "Security & Privacy".
+**Document links:** Because CryptPad includes the keys to decrypt your document in the links you use and share, anyone who can access your browsing history could potentially read your decrypted document. This is also true for anything in your browser or device that can access your browser's history (extensions, synced accounts, screen-sharing, Windows Recall, etc.). To mitigate this, you should [enable](https://docs.cryptpad.org/en/user_guide/user_account.html#security-privacy) the option "Safe links" in "Settings" > "Security & Privacy".
 
 **Password:** It's important to safeguard your password properly and *choose a password that is unique, complex, and long*. No matter how good the encryption is, if someone guesses your password, it's game over.
 
-**Multi-factor authentication:** As soon as you create an account, you should enable a second factor of authentication. This will help protect your data against account takeover, in case your password were to be guessed or leaked. This is true for any account you have.
+**Multifactor authentication:** As soon as you create an account, you should enable a second factor of authentication. This will help protect your data against account takeover, in case your password were to be guessed or leaked. This is true for any account you have.
 
 **Document accesses:** Be careful to reduce the document's access to the minimum access required for functionality. For example, if you share a document link publicly, make sure it's a read-only link that doesn't allow anyone to edit it.
 

blog/posts/delisting-startpage.md

@@ -21,20 +21,20 @@ schema_type: NewsArticle
 
 Dear *Privacy Guides* Community,
 
-On the 15th of October, it was [brought to our attention](https://web.archive.org/web/20201127034309/https://www.reddit.com/r/privacy/comments/di5rn3/startpage_is_now_owned_by_an_advertising_company/) that Startpage.com was reportedly (partially?) taken over by a company called the Privacy One Group, which is in turn owned by a company called System1. We found this quite remarkable as the two companies seem to have conflicting business models.<!-- more --> Startpage has been known for basing their advertisements on what their users enter in their search bar. System1 on the other hand, is a pay-per-click advertising company that "[has developed a pre-targeting platform that identifies and unlocks  consumer intent across channels including social, native, email, search,  market research and lead generation rather than relying solely on what  consumers enter into search boxes.](https://web.archive.org/web/20201127034309/https://www.bizjournals.com/losangeles/news/2017/09/20/system1-raises-270-million-for-consumer-intent.html)"
+On the 15th of October, it was [brought to our attention](https://web.archive.org/web/20201127034309/https://www.reddit.com/r/privacy/comments/di5rn3/startpage_is_now_owned_by_an_advertising_company/) that Startpage.com was reportedly (partially?) taken over by a company called the Privacy One Group, which is in turn owned by a company called System1. We found this quite remarkable as the two companies seem to have conflicting business models.<!-- more --> Startpage has been known for basing their advertisements on what their users enter in their search bar. System1 on the other hand, is a pay-per-click advertising company that "[has developed a pre-targeting platform that identifies and unlocks consumer intent across channels including social, native, email, search, market research and lead generation rather than relying solely on what consumers enter into search boxes.](https://web.archive.org/web/20201127034309/https://www.bizjournals.com/losangeles/news/2017/09/20/system1-raises-270-million-for-consumer-intent.html)"
 
 We reached out to System1 CEO [Ian Weingarten](https://web.archive.org/web/20201127034309/https://finance.yahoo.com/news/system1-appoints-ian-weingarten-ceo-185700741.html) for an explanation. We received a very general response that did not address key questions.
 
 Seemingly prompted by our ongoing concerns, Startpage released a public letter addressed to us from their CEO, and hosted a [Q&A](https://web.archive.org/web/20201127034309/https://www.reddit.com/r/StartpageSearch/comments/djshn3/hello_reddit_startpage_mod_team/) on their Subreddit to try and explain the situation. While some of our questions were answered, we noted that the company seemed to be evasive, essentially restating information from a previously published [blog post](https://web.archive.org/web/20201127034309/https://www.startpage.com/blog/company-updates/startpage-and-privacy-one-group/) or posting the same response to different questions. People had to really dig to get answers and puzzle all information together, instead of getting a clearly explained and comprehensive answer from the start. Requests for clarification to some important questions went ignored.
 
-Because of the conflicting business model and the unusual way the company reacted, claiming to be fully transparent but being evasive at the same time, we have no choice but to de-list Startpage from our recommendations until it is fully transparent about its new ownership and data processing. Remaining questions include:
+Because of the conflicting business model and the unusual way the company reacted, claiming to be fully transparent but being evasive at the same time, we have no choice but to delist Startpage from our recommendations until it is fully transparent about its new ownership and data processing. Remaining questions include:
 
 - The % of Startpage and Surfboard Holding B.V. (the Startpage holding company) System1 acquired in December 2018.
 - The current % ownership by System1 at the time of the audit (and any other major owners).
 - Information about Privacy One Group Ltd. Where is it registered and in what city, state and country does it operate? (We have not been able to verify registration information.)
 - A diagram of data flows, including flows to outside organizations, like System1, Privacy One etc.
 
-This de-listing does not necessarily mean Startpage is violating its privacy policy. We have no evidence of that. But because there are still so many unanswered questions, we can no longer recommend the service with good confidence. If Startpage aims to be re-considered, they will have to answer the questions above, preferably along with an explanation of why it took them so long to get proper answers out to the public.
+This delisting does not necessarily mean Startpage is violating its privacy policy. We have no evidence of that. But because there are still so many unanswered questions, we can no longer recommend the service with good confidence. If Startpage aims to be re-considered, they will have to answer the questions above, preferably along with an explanation of why it took them so long to get proper answers out to the public.
 
 Sincerely,
 Blacklight447

blog/posts/delisting-wire.md

@@ -33,7 +33,7 @@ Even if he is correct, the move and statement do bring up further questions. Wit
 
 Wire also quietly made an adjustment to its own privacy policy. A [previous version](https://web.archive.org/web/20180324221043/https://wire.com/en/legal/#privacy-7) of the policy (July 18, 2017) stated it would only share user data when required by law. Now (Updated September 1, 2018), it reads they will share user data when "necessary." What does necessary mean, and necessary to whom? Necessary to law enforcement, shareholders, or advertisers? The word "necessary" is an alarming change because "necessary" is purposefully vague terminology that could conceivably be used as a tool to justify any action. This change doesn't leave the user with much confidence as to when the company may share your data.
 
-Yet another red flag, and one of the more important ones to us, was is that Wire decided not to disclose this policy change to its users, and when asked why, Brøgger was flippant in his response, stating: “Our evaluation was that this was not necessary. Was it right or wrong? I don’t know.”
+Yet another red flag, and one of the more important ones to us, was that Wire decided not to disclose this policy change to its users, and when asked why, Brøgger was flippant in his response, stating: “Our evaluation was that this was not necessary. Was it right or wrong? I don’t know.”
 
 We feel we do know, and the answer was that it was wrong. Privacy and security are not built solely on strong technology, but on trust. Yes, we can review Wire's open source code on GitHub, but we can't ever be sure that code is the same exact code that runs on their servers in practice. Yet, we have trusted them in the past because Wire had built a trustworthy reputation for themselves. We now feel that Wire has lost this reputation. By deciding to withhold information regarding its ownership and policies from its users, Wire has broken the trust our community has placed in it, and worse yet sounds almost dismissive of the worries voiced by the privacy community that had long held them in high regard.
 

blog/posts/easyoptouts-review.md

@@ -119,7 +119,7 @@ Using standard engine search results is one of the most common methods of discov
 
 </div>
 
-We also performed a manual search for their information on 15 different "high-priority" data brokers. These brokers represent either the most commonly used people-search sites, and/or cover a large number of people-search sites with their databases, so having your data removed from these companies can have an outsized positive effect on your overall privacy.
+We also performed a manual search for their information on 15 different "high-priority" data brokers. These brokers represent either the most commonly used people-search sites, and/or cover numerous people-search sites with their databases, so having your data removed from these companies can have an outsized positive effect on your overall privacy.
 
 | Service | Person A | Person B |
 | ----- | ----- | ----- |
@@ -140,7 +140,7 @@ We also performed a manual search for their information on 15 different "high-pr
 | spyfly.com | :warning: Found | :warning: Found |
 | **Remaining Results** | **100%** | **100%** |
 
-It should be noted that EasyOptOuts does not claim or advertise that they have the ability to opt you out of some of the websites above, so we do not expect 100% coverage. However, the site compatibility of EasyOptOuts *is* a real-world limitation of the service we think you should consider before making a decision, so we intentionally did not limit our review to only the sites they advertise support for. The sites EasyOptOuts does *not* advertise support for are marked with an asterisk (*).
+It should be noted that EasyOptOuts does not claim or advertise that they have the ability to opt you out of some websites above, so we do not expect 100% coverage. However, the site compatibility of EasyOptOuts *is* a real-world limitation of the service we think you should consider before making a decision, so we intentionally did not limit our review to only the sites they advertise support for. The sites EasyOptOuts does *not* advertise support for are marked with an asterisk (*).
 
 ## User Experience
 
@@ -312,7 +312,7 @@ In addition to the websites we performed an [initial search](#initial-search) wi
 
 **Person A:**
 
-??? warning "We found your information and performed opt outs for the following 112 sites"
+??? warning "We found your information and performed opt-outs for the following 112 sites"
 
     - 411.com
     - advancedbackgroundchecks.com
@@ -427,7 +427,7 @@ In addition to the websites we performed an [initial search](#initial-search) wi
     - whitepages.com
     - yellowbook.com
 
-??? info "We checked the following 10 sites, but didn't find any personal information, so we didn't perform opt outs"
+??? info "We checked the following 10 sites, but didn't find any personal information, so we didn't perform opt-outs"
 
     - americaphonebook.com
     - floridaresidentsdirectory.com
@@ -446,7 +446,7 @@ In addition to the websites we performed an [initial search](#initial-search) wi
 
 **Person B:**
 
-??? warning "We found your information and performed opt outs for the following 107 sites"
+??? warning "We found your information and performed opt-outs for the following 107 sites"
 
     - 411.com
     - advancedbackgroundchecks.com
@@ -556,7 +556,7 @@ In addition to the websites we performed an [initial search](#initial-search) wi
     - whitepages.com
     - yellowbook.com
 
-??? info "We checked the following 15 sites, but didn't find any personal information, so we didn't perform opt outs"
+??? info "We checked the following 15 sites, but didn't find any personal information, so we didn't perform opt-outs"
 
     - americaphonebook.com
     - clustrmaps.com
@@ -578,7 +578,7 @@ In addition to the websites we performed an [initial search](#initial-search) wi
 
 </div>
 
-In addition, for all subscriptions EasyOptOuts says that "the following 10 sites aren't freely searchable. We always perform opt outs for them:"
+In addition, for all subscriptions EasyOptOuts says that "the following 10 sites aren't freely searchable. We always perform opt-outs for them:"
 
 - acxiom.com
 - adstradata.com

blog/posts/firefox-privacy-2021-update.md

@@ -19,13 +19,13 @@ schema_type: AnalysisNewsArticle
 
 <small aria-hidden="true">Illustration: Jonah Aragon / Privacy Guides | Photo: Unsplash</small>
 
-A lot changed between 2019 and now, not least in regards to Firefox. Since our last post, Mozilla has [improved](https://blog.mozilla.org/en/products/firefox/latest-firefox-rolls-out-enhanced-tracking-protection-2-0-blocking-redirect-trackers-by-default/) privacy with [Enhanced Tracking Protection (ETP)](https://blog.mozilla.org/en/products/firefox/firefox-now-available-with-enhanced-tracking-protection-by-default/). Earlier this year Mozilla introduced [Total Cookie Protection](https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/) (Dynamic First Party Isolation dFPI). This was then further tightened with [Enhanced Cookie Clearing](https://blog.mozilla.org/security/2021/08/10/firefox-91-introduces-enhanced-cookie-clearing/). We’re also looking very forward to [Site Isolation](https://blog.mozilla.org/security/2021/05/18/introducing-site-isolation-in-firefox/) (code named Fission) being enabled by default in the coming releases.<!-- more -->
+A lot changed between 2019 and now, not least with regard to Firefox. Since our last post, Mozilla has [improved](https://blog.mozilla.org/en/products/firefox/latest-firefox-rolls-out-enhanced-tracking-protection-2-0-blocking-redirect-trackers-by-default/) privacy with [Enhanced Tracking Protection (ETP)](https://blog.mozilla.org/en/products/firefox/firefox-now-available-with-enhanced-tracking-protection-by-default/). Earlier this year Mozilla introduced [Total Cookie Protection](https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/) (Dynamic First Party Isolation dFPI). This was then further tightened with [Enhanced Cookie Clearing](https://blog.mozilla.org/security/2021/08/10/firefox-91-introduces-enhanced-cookie-clearing/). We’re also looking very forward to [Site Isolation](https://blog.mozilla.org/security/2021/05/18/introducing-site-isolation-in-firefox/) (code named Fission) being enabled by default in the coming releases.<!-- more -->
 
 Now that so many privacy features are built into the browser, there is little need for extensions made by third-party developers. Accordingly, we have updated our very outdated [browser](https://www.privacyguides.org/desktop-browsers/) section. If you’ve got an old browser profile we suggest **creating a new one**. Some of the old advice may make your browser *more* unique.
 
 ## Privacy Tweaks “about:config”
 
-We’re no longer recommending that users set `about:config` switches manually. Those switches need to be up to date and continuously maintained. They should be studied before blindly making modifications. Sometimes their behaviour changes in between Firefox releases, is superseded by other keys or they are removed entirely. We do not see any point in duplicating the efforts of the community [Arkenfox](https://github.com/arkenfox/user.js) project. Arkenfox has very good documentation in their [wiki](https://github.com/arkenfox/user.js/wiki) and we use it ourselves.
+We’re no longer recommending that users set `about:config` switches manually. Those switches need to be up-to-date and continuously maintained. They should be studied before blindly making modifications. Sometimes their behavior changes in between Firefox releases, is superseded by other keys, or gets removed entirely. We do not see any point in duplicating the efforts of the community [Arkenfox](https://github.com/arkenfox/user.js) project. Arkenfox has very good documentation in their [wiki](https://github.com/arkenfox/user.js/wiki), and we use it ourselves.
 
 ## LocalCDN and Decentraleyes
 
@@ -35,7 +35,7 @@ Replacing scripts on CDNs with local versions is not a comprehensive solution an
 
 CDN extensions never really improved privacy as far as sharing your IP address was concerned and their usage is fingerprintable as this Tor Project developer [points out](https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/22089#note_2639603). They are the wrong tool for the job and are not a substitute for a good VPN or Tor. Its worth noting the [resources](https://git.synz.io/Synzvato/decentraleyes/-/tree/master/resources) for Decentraleyes are hugely out of date and would not be likely used anyway.
 
-## NeatURLs and ClearURLS
+## NeatURLs and ClearURLs
 
 Previously we recommended ClearURLs to remove tracking parameters from URLs you might visit. These extensions are no longer needed with uBlock Origin’s [`removeparam`](https://github.com/gorhill/uBlock/wiki/Static-filter-syntax#removeparam) feature.
 
@@ -47,7 +47,7 @@ The EFF announced back in September they were [deprecating HTTPS-Everywhere](htt
 
 Container extensions aren’t as important as they used to be for privacy now that we have [Total Cookie Protection](https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/).
 
-Multi Account Container will still have some use if you use [Mozilla VPN](https://en.wikipedia.org/wiki/Mozilla_VPN) as it is going to be [integrated](https://github.com/mozilla/multi-account-containers/issues/2210) allowing you to configure specified containers to use a particular VPN server. Another use might be if you want to login to multiple accounts on the same domain.
+Multi Account Container will still have some use if you use [Mozilla VPN](https://en.wikipedia.org/wiki/Mozilla_VPN) as it is going to be [integrated](https://github.com/mozilla/multi-account-containers/issues/2210) allowing you to configure specified containers to use a particular VPN server. Another use might be if you want to log in to multiple accounts on the same domain.
 
 ## Just-In-Time Compilation (JIT)
 
@@ -67,7 +67,7 @@ Firefox has the ability to block known third party [fingerprinting resources](ht
 
 We do not recommend extensions that promise to change your [browser fingerprint](https://blog.torproject.org/browser-fingerprinting-introduction-and-challenges-ahead/). Some of those extensions [are detectable](https://www.cse.chalmers.se/~andrei/codaspy17.pdf) by websites through JavaScript and [CSS](https://hal.archives-ouvertes.fr/hal-03152176/file/style-fingerprinting-usenix.pdf) methods, particularly those which inject anything into the web content.
 
-This includes **all** extensions that try to change the user agent or other browser behaviour to prevent fingerprinting. We see these often recommended on Reddit and would like to say that they will likely make you more unique and can be circumvented. Arkenfox has [a good list](https://github.com/arkenfox/user.js/wiki/4.1-Extensions) of extensions you could use, and a list of ones you [needn't bother with](https://github.com/arkenfox/user.js/wiki/4.1-Extensions#-dont-bother). We also like to say testing sites which show you how unique you are in a set of users are often using hugely tainted results that are not indicative of real-world usage.
+This includes **all** extensions that try to change the user agent or other browser behavior to prevent fingerprinting. We see these often recommended on Reddit and would like to say that they will likely make you more unique and can be circumvented. Arkenfox has [a good list](https://github.com/arkenfox/user.js/wiki/4.1-Extensions) of extensions you could use, and a list of ones you [needn't bother with](https://github.com/arkenfox/user.js/wiki/4.1-Extensions#-dont-bother). We also like to say testing sites which show you how unique you are in a set of users are often using hugely tainted results that are not indicative of real-world usage.
 
 ----------
 

blog/posts/firefox-privacy.md

@@ -19,13 +19,13 @@ schema_type: AnalysisNewsArticle
 
 <small aria-hidden="true">Illustration: Jonah Aragon / Privacy Guides | Photo: Unsplash</small>
 
-Mozilla Firefox is one of the most popular web browsers around, and for good reason. It's fast, secure, open-source, and it's backed by an organization that actually respects your privacy. Unlike many other Chrome alternatives and forks, it has a massive development team behind it that publishes new updates on a constant, regular basis. Regular updates doesn't only mean shiny new features, it means you'll also receive security updates that will keep you protected as you browse the web.<!-- more -->
+Mozilla Firefox is one of the most popular web browsers around, and for good reason. It's fast, secure, open-source, and it's backed by an organization that actually respects your privacy. Unlike many other Chrome alternatives and forks, it has a massive development team behind it that publishes new updates on a constant, regular basis. Regular updates don't only mean shiny new features, it means you'll also receive security updates that will keep you protected as you browse the web.<!-- more -->
 
 Because of all of this, [we recommend Firefox](https://www.privacyguides.org/desktop-browsers/#firefox) as our general-purpose browser for most users. It's the best alternative to Chrome and Edge for privacy conscious individuals.
 
 Firefox is fantastic out of the box, but where it really shines is customizability. By adjusting Firefox privacy settings and using helpful add-ons, you can increase your privacy and security even further. Making those changes is what we're going to go over in this Firefox privacy guide.
 
-Before we get started, there's a couple things that should be noted that are not only applicable to this guide, but privacy in general:
+Before we get started, there's a couple of things that should be noted that are not only applicable to this guide, but privacy in general:
 
 ## Considerations
 
@@ -33,7 +33,7 @@ Protecting your privacy online is a tricky proposition, there are so many factor
 
 ### Threat Modeling
 
-What is [threat modeling](https://www.privacyguides.org/basics/threat-modeling/)? Consider who you're trying to keep your data hidden from. Do you need to keep your information hidden from the government, or just the average stranger? Maybe you are just looking to alternatives to Big Tech like Google and Facebook. You'll also want to consider how much time and resources you want to spend hiding your data from those "threats". Some solutions might not be feasible from a financial or time standpoint and you'll have to make compromises. Taking all those questions into account creates a basic threat model for you to work with.
+What is [threat modeling](https://www.privacyguides.org/basics/threat-modeling/)? Consider who you're trying to keep your data hidden from. Do you need to keep your information hidden from the government, or just the average stranger? Maybe you are just looking to alternatives to Big Tech like Google and Facebook. You'll also want to consider how much time and resources you want to spend hiding your data from those "threats". Some solutions might not be feasible from a financial or time standpoint, and you'll have to make compromises. Taking all those questions into account creates a basic threat model for you to work with.
 
 We want to publish a more complete guide on threat modeling in the future, so stay tuned to this blog for further updates. But for now, just keep those thoughts in the back of your mind as we go through this article. Not every solution might be for you, or conversely you may need to pay more attention to certain areas we aren't able to cover completely.
 
@@ -41,7 +41,7 @@ We want to publish a more complete guide on threat modeling in the future, so st
 
 Another consideration is your browser's fingerprint. When you visit a web page, your browser voluntarily sends information about its configuration, such as available fonts, browser type, and add-ons. If this combination of information is unique, it may be possible to identify and track you without using more common tracking tools, like cookies.
 
-That's right, add-ons contribute to your fingerprint. Another thing a lot of people miss when they are setting up their browser is that more is not always the best solution to their problems. You don't need to use every add-on and tweak we recommend installed, and the more you configure the greater chance there is that your browser will appear more unique to websites. Think about your specific situation and pick and choose the add-ons and tweaks we recommend only if you think they will help you.
+That's right, add-ons contribute to your fingerprint. Another thing a lot of people miss when they are setting up their browser is that more is not always the best solution to their problems. You don't need to use every add-on and tweak we recommend installed, and the more you configure, the greater chance there is that your browser will appear more unique to websites. Think about your specific situation and pick and choose the add-ons and tweaks we recommend only if you think they will help you.
 
 ## Firefox Privacy Settings
 
@@ -55,7 +55,7 @@ Encrypted DNS takes many forms: DNS over HTTPS (DoH), DNS over TLS, DNSCrypt, et
 
 Keep in mind that by using DoH you're sending all your queries to a single provider, probably Cloudflare unless you choose [another provider](https://www.privacyguides.org/dns/) that supports DNS over HTTPS. While it may add some privacy protection from your ISP, you're only shifting that trust to the DoH provider. Make sure that's something you want to do.
 
-It should also be noted that even with DoH, your ISP will still be able to see what domain you're connecting to because of a technology called Server Name Indication (SNI). Until SNI is encrypted as well, there's no getting around it. Encrypted SNI (eSNI) is in the works — and can actually be [enabled on Firefox](https://blog.cloudflare.com/encrypt-that-sni-firefox-edition/) today — but it only works with a small number of servers, mainly ones operated by Cloudflare, so its use is limited currently. Therefore, while DoH provides some additional privacy and integrity protections, its use as a privacy tool is limited until other supplemental tools like eSNI and [DNSSEC](https://www.icann.org/resources/pages/dnssec-what-is-it-why-important-2019-03-05-en) are finalized and implemented.
+It should also be noted that even with DoH, your ISP will still be able to see what domain you're connecting to because of a technology called Server Name Indication (SNI). Until SNI is encrypted as well, there's no getting around it. Encrypted SNI (eSNI) is in the works — and can actually be [enabled on Firefox](https://blog.cloudflare.com/encrypt-that-sni-firefox-edition/) today — but it only works with a few servers, mainly ones operated by Cloudflare, so its use is limited currently. Therefore, while DoH provides some additional privacy and integrity protections, its use as a privacy tool is limited until other supplemental tools like eSNI and [DNSSEC](https://www.icann.org/resources/pages/dnssec-what-is-it-why-important-2019-03-05-en) are finalized and implemented.
 
 ### Change Your Search Engine
 
@@ -67,11 +67,11 @@ Now we'll delve into the biggest set of options for people like us, Firefox's **
 
 In rare occasions, Strict browsing protections might cause some of the websites you visit to not function properly. But there's no need to worry! If you suspect the Strict browsing protection is breaking a website you visit frequently, you can disable it on a site by site basis with the shield icon in the address bar.
 
-Disabling Enhanced Tracking Protection will of course decrease your privacy on that site, so you will have consider whether that's something you are willing to compromise on, on a site-by-site basis.
+Disabling Enhanced Tracking Protection will of course decrease your privacy on that site, so you will have to consider whether that's something you are willing to compromise on, on a site-by-site basis.
 
 Another benefit of Firefox's Enhanced Tracking Protection is that it can actually speed up your browsing! Advertising networks and social media embeds can sometimes make your browser download huge files just to show an ad or a like button, and blocking those out trims the fat, in a sense.
 
-### Disabling Telemetrics
+### Disabling Telemetry
 
 When you use Firefox, Mozilla collects information about what you do, what kind of extensions you have installed, and various other aspects of your browser. While they claim to do this in a privacy-respecting way, sending as little data as possible is always preferred from a privacy standpoint, so we would go ahead and uncheck all the boxes under **Firefox Data Collection and Use** just to be safe.
 
@@ -81,7 +81,7 @@ This one is for more advanced users, so if you don't understand what this is doi
 
 This will likely log you out of websites quite often, so make sure that's an inconvenience you're willing to put up with for enhanced privacy.
 
-## Firefox Privacy Add-Ons
+## Firefox Privacy Add-ons
 
 Of course, just the browser settings alone won't go quite far enough to protect your privacy. Mozilla has made a lot of compromises in order to provide a more functional browsing experience for the average user, which is completely understandable. But, we can take it even further with some browser add-ons that prevent tracking and make your experience more private and secure.
 
@@ -99,7 +99,7 @@ Out of the box, these add-ons only complement the settings we've described in th
 
 ### uBlock Origin
 
-[**uBlock Origin**](https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/) is an efficient ad- and tracker-blocker that is easy on memory, and yet can load and enforce thousands more filters than competing blockers. We trust it because it is completely open-source. Additionally, unlike its competitors it has no monetization strategy: There's no "Acceptable" ads program or a similar whitelist like many other adblockers feature.
+[**uBlock Origin**](https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/) is an efficient ad- and tracker-blocker that is easy on memory, and yet can load and enforce thousands more filters than competing blockers. We trust it because it is completely open-source. Additionally, unlike its competitors it has no monetization strategy: There's no "Acceptable" ads program or a similar whitelist like many other ad blockers feature.
 
 ### HTTPS Everywhere
 
@@ -111,11 +111,11 @@ Of course, it only works with sites that support HTTPS on the server's side, so
 
 ### Decentraleyes
 
-When you connect to many websites, your browser is most likely making connections to a myriad of "Content Delivery Networks" like Google Fonts, Akamai, and Cloudflare, to download fonts and Javascript that make the website run. This generally makes websites look and feel better, but it means you're constantly making connections to these servers, allowing them to build a fairly accurate tracking profile of you.
+When you connect to many websites, your browser is most likely making connections to a myriad of "Content Delivery Networks" like Google Fonts, Akamai, and Cloudflare, to download fonts and JavaScript that make the website run. This generally makes websites look and feel better, but it means you're constantly making connections to these servers, allowing them to build a fairly accurate tracking profile of you.
 
 [**Decentraleyes**](https://addons.mozilla.org/en-US/firefox/addon/decentraleyes) works by impersonating those CDNs locally in your browser. When a website wants to download a program like jQuery, instead of connecting to a remote CDN Decentraleyes will serve the file from its own cache of files. This means that you'll won't have to make remote CDN connections for the files that Decentraleyes supports, and therefore the remote CDNs can't track your browser. Because everything is stored locally instead of on a far away server, Decentraleyes has the added benefit of speeding up your browsing as well. Everything happens instantly, and you won't see a difference in the websites you visit.
 
-### Additional Privacy Add-Ons
+### Additional Privacy Add-ons
 
 There is of course more functionality that can be achieved at the expense of more time spent configuring your browser and reduced website functionality. If you're looking for the most privacy options possible however, they may be for you. Check out our [desktop browsers recommendations page](https://www.privacyguides.org/desktop-browsers/) for further information and additional resources.
 
@@ -125,7 +125,7 @@ Firefox has developed a number of other privacy tools that can be used to enhanc
 
 ### Firefox Private Network
 
-Firefox Private Network is a new extension developed by Mozilla that serves as a [Virtual Private Network](https://www.privacyguides.org/basics/vpn-overview/) (VPN), securing you on public WiFi networks and other situations where you might trust Mozilla more than the ISP or network administrator. It is free in beta, but will likely be available at some subscription pricing once the test pilot ends.
+Firefox Private Network is a new extension developed by Mozilla that serves as a [Virtual Private Network](https://www.privacyguides.org/basics/vpn-overview/) (VPN), securing you on public Wi-Fi networks and other situations where you might trust Mozilla more than the ISP or network administrator. It is free in beta, but will likely be available at some subscription pricing once the test pilot ends.
 
 Firefox Private Network is still just a VPN, and there are a number of drawbacks you would want to consider before using it. We wrote an entire article on [choosing a VPN provider](https://www.jonaharagon.com/posts/choosing-a-vpn/) that is worth a read, but it boils down to the fact that your VPN provider will be able to see your web traffic. All you are accomplishing is shifting the trust from your network to the VPN provider, in this case *Cloudflare*, the operators behind this service.
 
@@ -139,13 +139,13 @@ If you require a Virtual Private Network, we would look elsewhere. There are a n
 
 Mozilla has an in-house add-on called [Multi-Account Containers](https://support.mozilla.org/en-US/kb/containers) that allows you to isolate websites from each other. For example, you could have Facebook in a container separate from your other browsing. In this situation, Facebook would only be able to set cookies with your profile on sites within the container, keeping your other browsing protected.
 
-A containers setup may be a good alternative to techniques like regularly deleting cookies, but requires a lot of manual intervention to setup and maintain. If you want complete control of what websites can do in your browser, it's definitely worth looking into, but we wouldn't call it a necessary addition by any means.
+A containers setup may be a good alternative to techniques like regularly deleting cookies, but requires a lot of manual intervention to set up and maintain. If you want complete control of what websites can do in your browser, it's definitely worth looking into, but we wouldn't call it a necessary addition by any means.
 
 ## Additional Resources
 
 [Desktop Browsers (Privacy Guides)](https://www.privacyguides.org/desktop-browsers/) — Our comprehensive set of recommendations for browsers and tweaks you can make to enhance your privacy is a great next step for more advanced users looking to protect their privacy online.
 
-[arkenfox user.js](https://github.com/arkenfox/user.js) — For more advanced users, the arkenfox user.js  is a "configuration file that can control hundreds of Firefox settings [...] which aims to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and breakage".
+[Arkenfox user.js](https://github.com/arkenfox/user.js) — For more advanced users, the Arkenfox user.js is a "configuration file that can control hundreds of Firefox settings [...] which aims to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and breakage".
 
 [Mozilla's Privacy Policy](https://www.mozilla.org/en-US/privacy/) — Of course, we always recommend reading through the privacy statement of any organization you deal with, and Mozilla is no exception.
 

blog/posts/grapheneos-or-calyxos.md

@@ -35,7 +35,7 @@ microG is a partially open-source re-implementation of Google Play Services.[^1]
 
 When using Sandboxed Google Play, you have the option to reroute location requests to the Play Services API back to the OS location API, which uses satellite based location services. With microG, you have the option to choose between different backend location providers, including *shifting trust* to another location backend, like Mozilla; using [DejaVu](https://github.com/n76/DejaVu), a location backend that locally collects and saves RF-based location data to an offline database which can be used when GPS is not available; or to simply not use a network location backend at all.
 
-Network location providers like Play Services or Mozilla rely the on the MAC addresses of surrounding WiFi access points and Bluetooth devices being submitted for location approximation. Choosing a network location like Mozilla to use with microG provides little to no privacy benefit over Google because you are still submitting the same data and trusting them to not profile you.
+Network location providers like Play Services or Mozilla rely the on the MAC addresses of surrounding Wi-Fi access points and Bluetooth devices being submitted for location approximation. Choosing a network location like Mozilla to use with microG provides little to no privacy benefit over Google because you are still submitting the same data and trusting them to not profile you.
 
 Local RF location backends like DejaVu require that the phone has a working GPS first for the local RF data collected to be useful. This makes them less effective as location providers, as the job of a location provider is to assist location approximation when satellite based services are not working.
 
@@ -51,9 +51,9 @@ Larger apps, especially games, require [Play Asset Delivery](https://android-dev
 
 Currently, eSIM activation is tied to a privileged proprietary application by Google. The app has the `READ_PRIVILEGED_PHONE_STATE` permission, giving Google access to your hardware identifiers such as the IMEI.
 
-On GrapheneOS, the app comes disabled and you can *optionally* enable it after installing Sandboxed Google Play.
+On GrapheneOS, the app comes disabled, and you can *optionally* enable it after installing Sandboxed Google Play.
 
-On CalyxOS, the app comes installed by default (regardless of whether you choose to have microG or not) and you cannot opt-out. This means that Google still has access to your hardware identifiers regardless of whether or not you need eSIM activation and they can be accessed persistently.
+On CalyxOS, the app comes installed by default (regardless of whether you choose to have microG or not) and you cannot opt out. This means that Google still has access to your hardware identifiers regardless of whether you need eSIM activation, and they can be accessed persistently.
 
 ## Privileged App Extensions
 
@@ -61,11 +61,11 @@ Android 12 comes with special support for seamless app updates with [third-party
 
 CalyxOS includes the [privileged extension](https://f-droid.org/en/packages/org.fdroid.fdroid.privileged), which may lower device security.
 
-On the other hand, GrapheneOS officially recommends [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play) instead. Many FOSS Android apps are also in Google's Play Store but sometimes they are not (like [NewPipe](https://www.privacyguides.org/frontends#newpipe-android)). In those cases, you can [keep up with updates using RSS](https://www.privacyguides.org/android/#manually-with-rss-notifications).
+On the other hand, GrapheneOS officially recommends [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play) instead. Many FOSS Android apps are also in Google's Play Store, but sometimes they are not (like [NewPipe](https://www.privacyguides.org/frontends#newpipe-android)). In those cases, you can [keep up with updates using RSS](https://www.privacyguides.org/android/#manually-with-rss-notifications).
 
 ## Profiles
 
-GrapheneOS significantly improves [user profiles](https://www.privacyguides.org/android/overview#user-profiles) in [multiple ways](https://grapheneos.org/features#improved-user-profiles), such as increasing the limit of how many profiles you can create (32 instead of the standard 4), allowing you to log out of user profiles, disabling app installation, and notification forwarding. All of these improvements make it so user profiles can be daily driven without sacrificing too much usability.
+GrapheneOS significantly improves [user profiles](https://www.privacyguides.org/android/overview#user-profiles) in [multiple ways](https://grapheneos.org/features#improved-user-profiles), such as increasing the limit of how many profiles you can create (32 instead of the standard 4), allowing you to log out of user profiles, disabling app installation, and notification forwarding. All of these improvements make it so that user profiles can be daily driven without sacrificing too much usability.
 
 CalyxOS doesn't feature any improvements to user profiles over AOSP, and instead includes a device controller app so that the [work profile](https://www.privacyguides.org/android/overview#work-profile) can be used without needing to download a third party app such as [Shelter](https://www.privacyguides.org/android/#shelter). However, work profiles are not nearly as flexible (as you're limited to only one) and don't provide the same amount of isolation and security.
 

blog/posts/hide-nothing.md

@@ -32,7 +32,7 @@ In countries were organizing around political dissent is legal, that doesn't mea
 
 And even if you break away from the legal aspects, we all have something to hide. You may not be ready to reveal your sexual or gender identity, but your internet usage could potentially do that for you. You don't want to make your bank account public; you have that information to hide. And you can continue to list things about your life you'd just rather not make public, regardless of potential legality.
 
-In July of 2021, a Catholic priest by the name of Jeffrey Burrill lost his job and was forced to resign after data collected through his cell phone showed that he was active on the gay dating app Grindr, and that he had visited multiple gay bars in the area. [According](https://www.washingtonpost.com/religion/2021/07/20/bishop-misconduct-resign-burrill/) to the *Washington Post*:
+In July 2021, a Catholic priest by the name of Jeffrey Burrill lost his job and was forced to resign after data collected through his cell phone showed that he was active on the gay dating app Grindr, and that he had visited multiple gay bars in the area. [According](https://www.washingtonpost.com/religion/2021/07/20/bishop-misconduct-resign-burrill/) to the *Washington Post*:
 
 > “A mobile device correlated to Burrill emitted app data signals from the location-based hookup app Grindr on a near-daily basis during parts of 2018, 2019, and 2020 —– at both his USCCB office and his USCCB-owned residence, as well as during USCCB meetings and events in other cities,” the Pillar reported.
 >

blog/posts/i18n-announcement.md

@@ -42,19 +42,19 @@ Please note that the English version of the site is the primary version, meaning
 
 #### Some tips for translators
 
-Crowdin has good documentation and we suggest looking at their [Getting Started](https://support.crowdin.com/crowdin-intro/) guide. Our site is in [Markdown](https://en.wikipedia.org/wiki/Markdown), so it should be easy to chip in.
+Crowdin has good documentation, and we suggest looking at their [Getting Started](https://support.crowdin.com/crowdin-intro/) guide. Our site is in [Markdown](https://en.wikipedia.org/wiki/Markdown), so it should be easy to chip in.
 
 #### Admonitions
 
 Throughout the site we use MkDocs's [admonitions](https://squidfunk.github.io/mkdocs-material/reference/admonitions/#usage), to show information to readers about the products such as `example`, `warning`, `tip`, etc.
 
-By default when admonitions are used they will have an English string on the site. This can be [customized](https://squidfunk.github.io/mkdocs-material/reference/admonitions/#changing-the-title), without too much effort. For example if you were translating and admonition of type [warning](https://squidfunk.github.io/mkdocs-material/reference/admonitions/#type:warning) to Dutch, this is how you would write it:
+By default, when admonitions are used they will have an English string on the site. This can be [customized](https://squidfunk.github.io/mkdocs-material/reference/admonitions/#changing-the-title), without too much effort. For example if you were translating and admonition of type [warning](https://squidfunk.github.io/mkdocs-material/reference/admonitions/#type:warning) to Dutch, this is how you would write it:
 
 ```text
 !!! warning "Waarschuwing"
 ```
 
-Downloads are a [custom admonition](https://squidfunk.github.io/mkdocs-material/reference/admonitions/#custom-admonitions) that we use and you would write that like:
+Downloads are a [custom admonition](https://squidfunk.github.io/mkdocs-material/reference/admonitions/#custom-admonitions) that we use, and you would write that like:
 
 ```text
 ??? downloads "Downloaden"
@@ -76,6 +76,6 @@ For example:
 ![Software logo](assets/img/path/to/image.svg){ align=right }
 ```
 
-We have sometimes found that the syntax for inserting an image like above was missing the `![` or an extra space was placed between the text and the path, eg `](`. If a translation string is clearly not correct, we encourage you to **delete** it by pressing the trash icon [or vote](https://support.crowdin.com/enterprise/getting-started-for-volunteers/#voting-view) which one you think sounds best. When invalid strings are deleted they are removed from the organization's [translation memory](https://support.crowdin.com/enterprise/translation-memory), meaning that when the source string is seen again, it won't suggest the incorrect translation.
+We have sometimes found that the syntax for inserting an image like above was missing the `![` or an extra space was placed between the text and the path, e.g. `](`. If a translation string is clearly not correct, we encourage you to **delete** it by pressing the trash icon [or vote](https://support.crowdin.com/enterprise/getting-started-for-volunteers/#voting-view) which one you think sounds best. When invalid strings are deleted they are removed from the organization's [translation memory](https://support.crowdin.com/enterprise/translation-memory), meaning that when the source string is seen again, it won't suggest the incorrect translation.
 
 We'd like to thank the [translation team](https://crowdin.com/project/privacyguides/reports/top-members) who spent many hours on translating the content, that we now have. We're going to launch in Dutch, French and Hebrew.

blog/posts/installing-and-using-tails.md

@@ -34,7 +34,7 @@ Once you have securely reached out to a trusted ally to request their help, and
 
 </div>
 
-If you are completing this installation for someone else, or if the device your are currently using cannot put you at risk, here's why, when, and how you can install and use the portable system Tails:
+If you are completing this installation for someone else, or if the device you are currently using cannot put you at risk, here's why, when, and how you can install and use the portable system Tails:
 
 ## What is Tails?
 
@@ -94,7 +94,7 @@ Tails protects some data very well, but it will not magically protect everything
 
 - Be careful with using any mobile data network to connect to the internet. Information related to [your mobile device could identify you](https://tails.net/doc/anonymous_internet/no-wifi/index.en.html).
 
-- A very powerful adversary, such as a government, could potentially reidentify some information despite you using Tails. Read more about Tails' limitations here: [https://tails.net/doc/about/warnings/index.en.html](https://tails.net/doc/about/warnings/index.en.html)
+- A very powerful adversary, such as a government, could potentially identify some information despite you using Tails. Read more about Tails' limitations here: [https://tails.net/doc/about/warnings/index.en.html](https://tails.net/doc/about/warnings/index.en.html)
 
 ### When you should **not** use Tails
 
@@ -232,7 +232,7 @@ Depending on your macOS version, your Mac might open a popup window saying '**Ve
 
 ![Screenshot of a macOS popup with a warning message with the options to Cancel or Open.](../assets/images/installing-and-using-tails/tails-installation-mac-8.png)
 
-4.2. Open *balenaEtcher* and click on the settings gear button on the upper-right. Disable the option  "**Anonymously report errors and usage statistics to balena.io**", then click "**OK**".
+4.2. Open *balenaEtcher* and click on the settings gear button on the upper-right. Disable the option "**Anonymously report errors and usage statistics to balena.io**", then click "**OK**".
 
 ![Screenshot of a balenaEtcher window showing a gear icon on the upper-right, and a disabled option to share anonymous error reports.](../assets/images/installing-and-using-tails/tails-installation-mac-9.webp)
 
@@ -295,7 +295,7 @@ If you see a notification about a USB stick that appears to be unreadable, click
 
 ### Step 5: Continue this tutorial from paper or from another device (if you can do so safely)
 
-For the rest of this tutorial, you will have to shut down the computer you will be using or testing Tails with. If this is the same computer you are currently using, you will need an aternative way to keep following along with the instructions. Make sure you either:
+For the rest of this tutorial, you will have to shut down the computer you will be using or testing Tails with. If this is the same computer you are currently using, you will need an alternative way to keep following along with the instructions. Make sure you either:
 
 - Note the rest of the instructions in advance on something that will be easy to delete/erase/destroy after.
 
@@ -312,7 +312,7 @@ If the computer you will be using Tails with is a [Mac with a T2 Security Chip](
 
 Here's how to modify options in your Mac's [Startup Security Utility](https://support.apple.com/en-us/102522) to make this works:
 
-1. Turn off your Mac, then turn it on again and right away press and hold **Command(⌘)+R**, this will enter your Mac's recovery mode. The startup process will take longer than usual and you will see the screen flashing a few times, this is normal.
+1. Turn off your Mac, then turn it on again and right away press and hold **Command(⌘)+R**, this will enter your Mac's recovery mode. The startup process will take longer than usual, and you will see the screen flashing a few times, this is normal.
 
 2. You will see a "**Language**" menu appear, select a language then click on the arrow at the bottom-right.
 
@@ -322,7 +322,7 @@ Here's how to modify options in your Mac's [Startup Security Utility](https://su
 
 5. Once you see a window with 4 options, select none of these and instead go to the upper-left menu to select the "**Utilities**" drop-menu, then select "**Startup Security Utility**".
 
-6. You will see an "**Authentication Needed**" window appear and you will need to enter your macOS user password again.
+6. You will see an "**Authentication Needed**" window appear, and you will need to enter your macOS user password again.
 
 7. Once you see the "**Startup Security Utility**" window with 5 options, in the "**Secure Boot**" section select "**No Security**" and in the "**External Boot**" or "**Allowed Boot Media**" section select "**Allow booting from external or removable media**".
 
@@ -396,7 +396,7 @@ If Windows does not display a "**Boot Menu**", plug in your Tails USB stick then
 
 ## Starting and using Tails
 
-If the installation was successful and the process of booting from the USB stick went well, you will see Tails starting. You will see some grey screens, you will see some flashes, you will see some black screen with lots of white text rolling down very quickly!
+If the installation was successful and the process of booting from the USB stick went well, you will see Tails starting. You will see some gray screens, you will see some flashes, you will see some black screen with lots of white text rolling down very quickly!
 
 Don't panic! This is normal :thumbsup:
 
@@ -409,15 +409,15 @@ There, you will see language options, the [Persistent Storage](https://tails.net
 <div class="admonition bug" markdown>
 <p class="admonition-title">No keyboard! No mouse!</p>
 
-At this point you might realize your mouse and/or keyboard are not working. If this happens, you can use a wired (or dongle) mouse and a wired (or dongle) keyboard to fix this problem quickly. If you plug a peripheral in and it is still not working, leave all peripherals plugged in and restart Tails (see [Step 6](#step-6-boot-your-computer-from-your-tails-usb-stick)).
+At this point you might realize your mouse and/or keyboard are not working. If this happens, you can use a wired (or dongle) mouse and a wired (or dongle) keyboard to fix this problem quickly. If it is still not working after plugging one in, leave all peripherals plugged in and restart Tails (see [Step 6](#step-6-boot-your-computer-from-your-tails-usb-stick)).
 
 </div>
 
 ### Using Persistent Storage
 
-Make sure to test this feature works well multiple times before storing anything of value there. If you forget the Persistent Storage's password or if a bug occurs, you might no be able to access these files anymore. Know that you also have the option to plug in a separate (ideally encrypted) USB stick to store files on it, even while using Tails. If you encounter a problem when using Tails' Persistent Storage feature, you can troubleshoot it here: [https://tails.net/doc/persistent_storage/fsck/index.en.html](https://tails.net/doc/persistent_storage/fsck/index.en.html)
+Make sure to test this feature works well multiple times before storing anything of value there. If you forget the Persistent Storage's password or if a bug occurs, you might not be able to access these files anymore. Know that you also have the option to plug in a separate (ideally encrypted) USB stick to store files on it, even while using Tails. If you encounter a problem when using Tails' Persistent Storage feature, you can troubleshoot it here: [https://tails.net/doc/persistent_storage/fsck/index.en.html](https://tails.net/doc/persistent_storage/fsck/index.en.html)
 
-If you decide to setup Persistent Storage:
+If you decide to set up Persistent Storage:
 
 1. Choose a long passphrase that is **not** something known like music lyrics or movie quotes. Choose something you do not usually say/write and that you could not Google. Choose **something long and unique**, that nobody else has used before, and that you will be able to remember well. Practice this passphrase in your head regularly.
 
@@ -438,7 +438,7 @@ If using Tor is dangerous for you, read more about the other options before deci
 
 ![Screenshot of a window within Tails titled "Tor Connection" and showing various options.](../assets/images/installing-and-using-tails/tails-usage-torconnection.webp)
 
-If the connection is successful, you should see this window and you will be ready to browse the internet anonymously:
+If the connection is successful, you should see this window, and you will be ready to browse the internet anonymously:
 
 ![Screenshot of a window within Tails titled "Tor Connection" indicating the connection to Tor was successful. There is a button at the bottom labeled "Start Tor Browser".](../assets/images/installing-and-using-tails/tails-usage-torconnection-successful.webp)
 

blog/posts/integrating-metadata-removal.md

@@ -171,4 +171,4 @@ Windows allows you to place files in a **SendTo** folder which then appear in th
 
 ### Using the shortcut
 
-1. Right click a supported file and choose **ExifTool.bat** within the *Send to* context menu.
+1. Right-click a supported file and choose **ExifTool.bat** within the *Send to* context menu.

blog/posts/ios-configuration-guide.md

@@ -35,7 +35,7 @@ Select **iCloud Backup**
 
 - [ ] Turn off **Back Up This iPhone**
 
-**Private Relay** is a paid ([**iCloud+**](https://support.apple.com/en-us/HT201318)) proxy service which relays your Safari traffic through two servers: one owned by Apple and one owned by Cloudflare. Because Private Relay is still in beta and it only covers the Safari browser, we recommend you choose a proper [VPN](https://www.privacyguides.org/vpn/) instead.
+**Private Relay** is a paid ([**iCloud+**](https://support.apple.com/en-us/HT201318)) proxy service which relays your Safari traffic through two servers: one owned by Apple and one owned by Cloudflare. Because Private Relay is still in beta, and it only covers the Safari browser, we recommend you choose a proper [VPN](https://www.privacyguides.org/vpn/) instead.
 
 Select **Private Relay**
 
@@ -108,7 +108,7 @@ If you don't want anyone to be able to control your phone with Siri when it is l
 
 ## Face ID or Touch ID & Passcode
 
-Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make tradeoffs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
+Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make trade-offs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
 
 Select **Turn Passcode On** or **Change Passcode** > **Passcode Options** > **Custom Alphanumeric Code**. Make sure that you create a [secure password](https://www.privacyguides.org/basics/passwords-overview/).
 
@@ -116,7 +116,7 @@ If you wish to use Face ID or Touch ID, you can go ahead and set it up now. Your
 
 If you use biometrics, you should know how to turn them off quickly in an emergency. Holding down the side or power button and *either* volume button until you see the Slide to Power Off slider will disable biometrics, requiring your passcode to unlock. Your passcode will also be required after device restarts.
 
-On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID you may just have to hold down the power button and nothing else. Make sure you try this in advance so you know which method works for your device.
+On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID you may just have to hold down the power button and nothing else. Make sure you try this in advance, so you know which method works for your device.
 
 **Allow Access When Locked** gives you options for what you can allow when your phone is locked. The more of these options you disable, the less someone without your password can do, but the less convenient it will be for you. Pick and choose which of these you don't want someone to have access to if they get their hands on your phone.
 
@@ -193,7 +193,7 @@ If either you or your messaging partner have iCloud Backup enabled, the encrypti
 
 ### Blacking Out Faces/Information
 
-If you need to hide information in a photo, you can use Apple's built-in tools to do so. Open the photo you want to edit, press edit at the top right corner of the screen, then press the markup symbol at the top right. Press the plus at the bottom right of the screen, then press the rectangle icon. Now, you can place a rectangle anywhere on the image. Make sure to press the shape icon at the bottom left and select the filled-in rectangle. **Don't** use the highlighter to obfuscate information, because its opacity is not quite 100%.
+If you need to hide information in a photo, you can use Apple's built-in tools to do so. Open the photo you want to edit, press edit in the top right corner of the screen, then press the markup symbol at the top right. Press the plus at the bottom right of the screen, then press the rectangle icon. Now, you can place a rectangle anywhere on the image. Make sure to press the shape icon at the bottom left and select the filled-in rectangle. **Don't** use the highlighter to obfuscate information, because its opacity is not quite 100%.
 
 ### Installing Beta Versions of iOS
 
@@ -201,4 +201,4 @@ Apple always makes beta versions of iOS available early for those that wish to h
 
 ### Before First Unlock
 
-If your threat model includes forensic tools and you want to minimize the chance of exploits being used to access your phone, you should restart your device frequently. The state *after* a reboot but *before* unlocking your device is referred to as "Before First Unlock" (BFU), and when your device is in that state it makes it [significantly more difficult](https://belkasoft.com/checkm8_glossary) for forensic tools to exploit vulnerabilities to access your data. This BFU state allows you to receive notifications for calls, texts, and alarms, but most of the data on your device is still encrypted and inaccessible. This can be impractical, so consider whether these trade-offs make sense for your situation.
+If your threat model includes forensic tools, and you want to minimize the chance of exploits being used to access your phone, you should restart your device frequently. The state *after* a reboot but *before* unlocking your device is referred to as "Before First Unlock" (BFU), and when your device is in that state it makes it [significantly more difficult](https://belkasoft.com/checkm8_glossary) for forensic tools to exploit vulnerabilities to access your data. This BFU state allows you to receive notifications for calls, texts, and alarms, but most of the data on your device is still encrypted and inaccessible. This can be impractical, so consider whether these trade-offs make sense for your situation.

blog/posts/linux-application-sandboxing.md

@@ -18,7 +18,7 @@ Some sandboxing solutions for desktop Linux distributions do exist, however they
 
 ## Flatpak
 
-[Flatpak](https://flatpak.org) aims to be a universal package manager for Linux. One of its main functions is to provide a universal package format which can be used in most Linux distributions. It provides some [permission control](https://docs.flatpak.org/en/latest/sandbox-permissions.html).However, [it is known](https://madaidans-insecurities.github.io/linux.html#flatpak) that Flatpak sandboxing could be improved as particular Flatpaks often have greater permission than required. There does seem to be [some agreement](https://theevilskeleton.gitlab.io/2021/02/11/response-to-flatkill-org.html) that this is the case.
+[Flatpak](https://flatpak.org) aims to be a universal package manager for Linux. One of its main functions is to provide a universal package format which can be used in most Linux distributions. It provides some [permission control](https://docs.flatpak.org/en/latest/sandbox-permissions.html). However, [it is known](https://madaidans-insecurities.github.io/linux.html#flatpak) that Flatpak sandboxing could be improved as particular Flatpaks often have greater permission than required. There does seem to be [some agreement](https://theevilskeleton.gitlab.io/2021/02/11/response-to-flatkill-org.html) that this is the case.
 
 You can restrict applications further by issuing [Flatpak overrides](https://docs.flatpak.org/en/latest/flatpak-command-reference.html#flatpak-override). This can be done with the command-line or by using [Flatseal](https://flathub.org/apps/details/com.github.tchx84.Flatseal). Some sample overrides are provided by [rusty-snake](https://github.com/rusty-snake/kyst/tree/main/flatpak).
 

blog/posts/linux-system-hardening.md

@@ -23,7 +23,7 @@ A [firewall](https://en.wikipedia.org/wiki/Firewall_(computing)) may be used to
 
 Red Hat distributions (such as Fedora) are typically configured through [firewalld](https://en.wikipedia.org/wiki/Firewalld). Red Hat has plenty of [documentation](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_and_managing_networking/using-and-configuring-firewalld_configuring-and-managing-networking) regarding this topic. There is also the [Uncomplicated Firewall](https://en.wikipedia.org/wiki/Uncomplicated_Firewall) which can be used as an alternative.
 
-You could also set your default firewall zone to drop packets. If you're on a Redhat based distribution, such as Fedora this can be done with the following commands:
+You could also set your default firewall zone to drop packets. If you're on a Red Hat based distribution, such as Fedora this can be done with the following commands:
 
 !!! Example
 
@@ -80,9 +80,9 @@ If you are using Whonix, Kicksecure or the AUR package, consider setting up `LD_
 
 If you are not using openSUSE, consider changing the default [umask](https://en.wikipedia.org/wiki/Umask) for both regular user accounts and root to 077. Changing umask to 077 can break snapper on openSUSE and is **not** recommended.
 
-## Mountpoint hardening
+## Mount point hardening
 
-Consider adding the [following options](https://man7.org/linux/man-pages/man8/mount.8.html) `nodev`, `noexec`, and `nosuid` to [mountpoints](https://en.wikipedia.org/wiki/Mount_(computing)) which do not need them. Typically, these could be applied to `/boot`, `/boot/efi`, and `/var`.
+Consider adding the [following options](https://man7.org/linux/man-pages/man8/mount.8.html) `nodev`, `noexec`, and `nosuid` to [mount points](https://en.wikipedia.org/wiki/Mount_(computing)) which do not need them. Typically, these could be applied to `/boot`, `/boot/efi`, and `/var`.
 
 These flags could also be applied to `/home` and `/root` as well, however, `noexec` will prevent applications from working that require binary execution in those locations. This includes products such as Flatpak and Snap.
 
@@ -102,7 +102,7 @@ Users of other distributions can adapt the permission hardener to their own syst
 
 ## Secure Time Synchronization
 
-Most Linux distributions by default (especially Arch based distributions with `systemd-timesyncd`) use un-encrypted NTP for time synchronization. Securing NTP can be achieved by [configuring NTS with chronyd](https://fedoramagazine.org/secure-ntp-with-nts/) or by using [swdate](https://github.com/Kicksecure/sdwdate) on Debian based distributions.
+Most Linux distributions by default (especially Arch based distributions with `systemd-timesyncd`) use unencrypted NTP for time synchronization. Securing NTP can be achieved by [configuring NTS with chronyd](https://fedoramagazine.org/secure-ntp-with-nts/) or by using [swdate](https://github.com/Kicksecure/sdwdate) on Debian based distributions.
 
 ## Linux Pluggable Authentication Modules (PAM)
 
@@ -124,17 +124,17 @@ Another alternative option if you’re using the [linux-hardened](#linux-hardene
 
 ## Secure Boot
 
-[Secure Boot](https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface#Secure_Boot) can be used to secure the boot process by preventing the loading of [unsigned](https://en.wikipedia.org/wiki/Public-key_cryptography) [UEFI](https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface) drivers or [boot loaders](https://en.wikipedia.org/wiki/Bootloader).
+[Secure Boot](https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface#Secure_Boot) can be used to secure the boot process by preventing the loading of [unsigned](https://en.wikipedia.org/wiki/Public-key_cryptography) [UEFI](https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface) drivers or [bootloaders](https://en.wikipedia.org/wiki/Bootloader).
 
-One of the problems with Secure Boot, particularly on Linux is, that only the [chainloader](https://en.wikipedia.org/wiki/Chain_loading#Chain_loading_in_boot_manager_programs) (shim), the [boot loader](https://en.wikipedia.org/wiki/Bootloader) (GRUB), and the [kernel](https://en.wikipedia.org/wiki/Kernel_(operating_system)) are verified and that's where verification stops. The [initramfs](https://en.wikipedia.org/wiki/Initial_ramdisk) is often left unverified, unencrypted, and open up the window for an [evil maid](https://en.wikipedia.org/wiki/Evil_maid_attack) attack. The firmware on most devices is also configured to trust Microsoft's keys for Windows and its partners, leading to a large attacks surface.
+One of the problems with Secure Boot, particularly on Linux is, that only the [chain loader](https://en.wikipedia.org/wiki/Chain_loading#Chain_loading_in_boot_manager_programs) (shim), the [bootloader](https://en.wikipedia.org/wiki/Bootloader) (GRUB), and the [kernel](https://en.wikipedia.org/wiki/Kernel_(operating_system)) are verified and that's where verification stops. The [initramfs](https://en.wikipedia.org/wiki/Initial_ramdisk) is often left unverified, unencrypted, and open up the window for an [evil maid](https://en.wikipedia.org/wiki/Evil_maid_attack) attack. The firmware on most devices is also configured to trust Microsoft's keys for Windows and its partners, leading to a large attacks surface.
 
 To eliminate the need to trust Microsoft's keys, follow the "Using your own keys" section on the [Arch Wiki](https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot). The important thing that needs to be done here is to replace the OEM's key with your own Platform Key.
 
 - If you enroll your own keys as described above, and your distribution supports Secure Boot by default, you can add your distribution's EFI Key into the list of trusted keys (db keys). It can then be enrolled into the firmware. Then, you should move all of your keys off your local storage device.
-- If you enroll your own keys as described above, and your distribution does **not** support Secure Boot out of the box (like Arch Linux), you have to leave the keys on the disk and setup automatic signing of the [kernel](https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot#Signing_the_kernel_with_a_pacman_hook) and bootloader. If you are using Grub, you can install it with the `--no-shim-lock` option and remove the need for the chainloader.
+- If you enroll your own keys as described above, and your distribution does **not** support Secure Boot out of the box (like Arch Linux), you have to leave the keys on the disk and setup automatic signing of the [kernel](https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot#Signing_the_kernel_with_a_pacman_hook) and bootloader. If you are using Grub, you can install it with the `--no-shim-lock` option and remove the need for the chain loader.
 
-The second option is to creating an [EFI Boot Stub](https://wiki.archlinux.org/title/Unified_kernel_image) that contains the [kernel](https://en.wikipedia.org/wiki/Kernel_(operating_system)), [initramfs](https://en.wikipedia.org/wiki/Initial_ramdisk), and [microcode](https://en.wikipedia.org/wiki/Microcode). This EFI stub can then be signed. If you use [dracut](https://en.wikipedia.org/wiki/Dracut_(software)) this can easily be done with the [`--uefi-stub` switch](https://man7.org/linux/man-pages/man8/dracut.8.html) or the [`uefi_stub` config](https://www.man7.org/linux/man-pages/man5/dracut.conf.5.html) option. This option also requires you to leave the keys on the disk to setup automatic signing, which weakens the security model.
+The second option is creating an [EFI Boot Stub](https://wiki.archlinux.org/title/Unified_kernel_image) that contains the [kernel](https://en.wikipedia.org/wiki/Kernel_(operating_system)), [initramfs](https://en.wikipedia.org/wiki/Initial_ramdisk), and [microcode](https://en.wikipedia.org/wiki/Microcode). This EFI stub can then be signed. If you use [dracut](https://en.wikipedia.org/wiki/Dracut_(software)) this can easily be done with the [`--uefi-stub` switch](https://man7.org/linux/man-pages/man8/dracut.8.html) or the [`uefi_stub` config](https://www.man7.org/linux/man-pages/man5/dracut.conf.5.html) option. This option also requires you to leave the keys on the disk to set up automatic signing, which weakens the security model.
 
 After setting up Secure Boot it is crucial that you set a “firmware password” (also called a “supervisor password”, “BIOS password” or “UEFI password”), otherwise an adversary can simply disable Secure Boot.
 
-These recommendations can make you a little more resistant to [evil maid](https://en.wikipedia.org/wiki/Evil_maid_attack) attacks, but they not good as a proper verified boot process such as that found on [Android](https://source.android.com/security/verifiedboot), [ChromeOS](https://www.chromium.org/chromium-os/chromiumos-design-docs/security-overview/#verified-boot), [macOS](https://support.apple.com/en-us/HT208198), or [Windows](https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process).
+These recommendations can make you a little more resistant to [evil maid](https://en.wikipedia.org/wiki/Evil_maid_attack) attacks, but they are not good as a proper verified boot process such as that found on [Android](https://source.android.com/security/verifiedboot), [ChromeOS](https://www.chromium.org/chromium-os/chromiumos-design-docs/security-overview/#verified-boot), [macOS](https://support.apple.com/en-us/HT208198), or [Windows](https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process).

blog/posts/macos-ventura-privacy-security-updates.md

@@ -69,7 +69,7 @@ Some other device functionality is limited with Lockdown Mode enabled as well. I
 
 Using a passkey stored on your phone is supported by most browsers in macOS, but only Safari currently allows you to use a passkey stored on your Mac. Passkeys generated on your iPhone or Mac are stored in iCloud Keychain, which is end-to-end encrypted with your phone or computer's lock screen password. In Safari, passkeys are replacing the single-device WebAuthn registration, which allowed you to use your computer as a hardware key with Touch ID.
 
-The benefits of passkeys are fairly limited at the moment, until more services support the standard for primary or multi-factor authentication.
+The benefits of passkeys are fairly limited at the moment, until more services support the standard for primary or multifactor authentication.
 
 ## Rapid Security Responses
 

blog/posts/merch-announcement.md

@@ -24,8 +24,8 @@ HELLOTUX is a family business who have been making high quality merchandise for
 
 We're excited to launch a range of dashing t-shirts and Polo shirts, along with our very own hoodies and jackets. Check them out at [`www.hellotux.com/privacyguides`](https://www.hellotux.com/privacyguides).
 
-Buying our merch is a great way to support us financially. We get between three to five dollars per garment, depending on the product. Privacy Guides is a non-profit, socially motivated website so all the money we receive will be put towards improving our site and community. Our finances can be viewed publicly via the [Open Collective](https://opencollective.com/privacyguides).
+Buying our merch is a great way to support us financially. We get between three and five dollars per garment, depending on the product. Privacy Guides is a non-profit, socially motivated website so all the money we receive will be put towards improving our site and community. Our finances can be viewed publicly via the [Open Collective](https://opencollective.com/privacyguides).
 
-A fun fact about HELLOTUX is that they make everything with Linux: the embroidery, the website, the customer service - the whole shebang. They also offer a money back guarantee. If you're not happy with your order, just send it back within three months, and they will sort you out with a replacement or refund.
+A fun fact about HELLOTUX is that they make everything with Linux: the embroidery, the website, the customer service - the whole shebang. They also offer a money-back guarantee. If you're not happy with your order, just send it back within three months, and they will sort you out with a replacement or refund.
 
 So go ahead: bag yourself some Privacy Guides swag today!

blog/posts/move-fast-and-break-things.md

@@ -23,11 +23,11 @@ It’s the first part of that sentence that is worrying.
 
 Is this what Zuckerberg sees himself as: a modern-day emperor hellbent on using any means he can to gain world peace? Probably not, but it would have been reassuring if he just told us he liked doing Sudoku and dad-dancing with his daughter (interestingly named August).
 
-The Zuck once [joked](https://www.esquire.com/uk/latest-news/a19490586/mark-zuckerberg-called-people-who-handed-over-their-data-dumb-f/) to a friend that he could get them ‘info’ about anyone in Harvard. He had email addresses, pictures, real addresses: the lot. When the friend asked how, this was his riposte: ‘People just submitted it. I don’t know why. They trust me. Dumb f*cks.’ We now live in a reality where Zuckerberg can get ‘info’ about almost anyone in the world.
+The Zuck once [joked](https://www.esquire.com/uk/latest-news/a19490586/mark-zuckerberg-called-people-who-handed-over-their-data-dumb-f/) to a friend that he could get them ‘info’ about anyone in Harvard. He had email addresses, pictures, real addresses: the lot. When the friend asked how, this was his riposte: ‘People just submitted it. I don’t know why. They trust me. Dumb fucks.’ We now live in a reality where Zuckerberg can get ‘info’ about almost anyone in the world.
 
 Like a depraved tabloid journalist fishing through a minor celebrity’s trash, Facebook collects everything it can about its users. Even if it means sifting through garbage, they want that data. But Facebook is not technically in the data business. It is in what author and professor Carissa Véliz [terms](https://aeon.co/essays/privacy-matters-because-it-empowers-us-all) ‘the business of power’ – which sounds rather more sinister than flogging off mildly irritating adverts.
 
-Véliz argues that privacy is a form of power. It is the power to influence you, show you adverts and predict your behaviour. In this sense, personal data is being used to make us do things we otherwise would not do: to buy a certain product or to vote a certain way. Filmmaker Laura Poitras [described](https://www.washingtonpost.com/news/the-switch/wp/2014/10/23/snowden-filmmaker-laura-poitras-facebook-is-a-gift-to-intelligence-agencies/) Facebook as ‘a gift to intelligence agencies’. It allows governments to arrest people planning to participate in protests before they have even begun.
+Véliz argues that privacy is a form of power. It is the power to influence you, show you adverts and predict your behavior. In this sense, personal data is being used to make us do things we otherwise would not do: to buy a certain product or to vote a certain way. Filmmaker Laura Poitras [described](https://www.washingtonpost.com/news/the-switch/wp/2014/10/23/snowden-filmmaker-laura-poitras-facebook-is-a-gift-to-intelligence-agencies/) Facebook as ‘a gift to intelligence agencies’. It allows governments to arrest people planning to participate in protests before they have even begun.
 
 The social media giant is tip-toeing ever closer into our personal lives. When Facebook encountered competition it just bought it, adding Instagram and WhatsApp to its roster. The company even tried to make its own cryptocurrency so that one day the Facebook would control all our purchases too. Earlier this year, the project was [killed](https://www.ft.com/content/a88fb591-72d5-4b6b-bb5d-223adfb893f3) by regulators. It is worth noting that when Zuckerberg purchased WhatsApp and Instagram, they had no revenue. Author Tim Wu notes in his book *The Attention Merchants* that Facebook is ‘a business with an exceedingly low ratio of invention to success’. Perhaps that is a part of Zuck’s genius.
 

blog/posts/onion-browser-review.md

@@ -54,7 +54,7 @@ We already recommend Onion Browser for any iOS users out there, with the importa
 
 Of course installing Onion Browser is as easy as any other app on iOS, Apple ID unfortunately required. Onion Browser can be set as your default browser in system settings too, which is nice.
 
-When you open Onion Browser for the first time you're given the option to connect to Tor via [Orbot](https://www.privacyguides.org/en/tor/#orbot), or with a built-in Tor network proxy. Using the built-in option is the easiest, it connects very quickly and doesn't require a separate app. It also allows you to [use Tor alongside another VPN app](https://www.privacyguides.org/en/advanced/tor-overview/#safely-connecting-to-tor), which may be helpful in certain circumstances. The Orbot app acts as its own "VPN connection" in iOS preventing the possibility of combining it with another VPN, but it is more flexible and it extends Tor network protections to every app on your device.
+When you open Onion Browser for the first time you're given the option to connect to Tor via [Orbot](https://www.privacyguides.org/en/tor/#orbot), or with a built-in Tor network proxy. Using the built-in option is the easiest, it connects very quickly and doesn't require a separate app. It also allows you to [use Tor alongside another VPN app](https://www.privacyguides.org/en/advanced/tor-overview/#safely-connecting-to-tor), which may be helpful in certain circumstances. The Orbot app acts as its own "VPN connection" in iOS preventing the possibility of combining it with another VPN, but it is more flexible, and it extends Tor network protections to every app on your device.
 
 <figure markdown="span">
   ![A screenshot asking whether you want to use Orbot or built-in Tor to connect, noting the built-in Tor has security problems.](../assets/images/onion-browser-review/757A93D0-CCCB-4743-8AF2-17B001EC774A_1_102_o.webp){ width="200" }

blog/posts/privacy-guides-hires-three-staff-members.md

@@ -33,7 +33,7 @@ We’re excited to welcome Em (she/her), our new journalist, who will play an im
 
 We also welcome Jordan Warne (they/them), our new content producer who will manage our channels on various video platforms! Jordan has a strong background in video production and content strategy, and we’re confident that they will help us expand our reach and connect with a broader audience. Through informative, easy-to-understand videos, Jordan will simplify complex privacy topics and keep our community engaged. Expect a significantly larger presence on our [PeerTube](https://neat.tube/c/privacyguides/videos) and [YouTube](https://www.youtube.com/@privacyguides) channels in the coming months!
 
-*Jordan is a passionate creative with an education in both cybersecurity and photography. Having completed a Diploma of Digital Imaging at Billy Blue College of Design, Jordan is equipped with the skills and experience to take Privacy Guides' video content to the next level. Having recently completed a Diploma of Information Technology (Cybersecurity) Jordan has the unique skillset to simplify complex cybersecurity topics and turn them into engaging and approachable content.*
+*Jordan is a passionate creative with an education in both cybersecurity and photography. Having completed a Diploma of Digital Imaging at Billy Blue College of Design, Jordan is equipped with the skills and experience to take Privacy Guides' video content to the next level. Having recently completed a Diploma of Information Technology (Cybersecurity) Jordan has the unique skill set to simplify complex cybersecurity topics and turn them into engaging and approachable content.*
 
 *Outside producing high-quality videos, Jordan enjoys exploring the Australian bush, capturing intricate details of its flora and fauna through photography.*
 
@@ -47,7 +47,7 @@ Last but not least, we are excited to start working with Kevin Pham (he/him), ou
 
 *Kevin is a senior at Tufts University studying Political Science and Science & Technology Studies. Originally from Florida, he is now freezing up in the greater Boston area. Kevin is passionate about usable security and privacy for vulnerable populations. He has previously worked with Freedom of the Press Foundation's Digital Security Team and Cornell Tech's Clinic to End Tech Abuse to help journalists and domestic violence survivors alike.*
 
-*Besides doomscrolling on social media, he loves cooking new recipes, reading philosophy essays, and perpetuating his caffeine addiction with Vietnamese coffee. Please feel free to reach out to him to discuss anything regarding best operational security practices and threat modeling...or just say hi!*
+*Besides doom scrolling on social media, he loves cooking new recipes, reading philosophy essays, and perpetuating his caffeine addiction with Vietnamese coffee. Please feel free to reach out to him to discuss anything regarding best operational security practices and threat modeling...or just say hi!*
 
 [:material-mastodon: Follow Kevin at @kevpham@mastodon.social](https://mastodon.social/@kevpham)
 

blog/posts/privacy-guides-partners-with-magic-grants-501-c-3.md

@@ -14,9 +14,9 @@ schema_type: BackgroundNewsArticle
 
 <small aria-hidden="true">Illustration: Jonah Aragon / Privacy Guides</small>
 
-In February, the OpenCollective Foundation (OCF)—[our fiscal host of 4 years](https://blog.privacyguides.org/2019/10/31/weve-joined-the-open-collective-foundation/)—sent us an email to [announce](https://docs.opencollective.foundation/) that they would be shutting down, and they would no longer be able to collect donations on our behalf (or for any of the hundreds of projects they provided fiscal hosting services to). We immediately began to consider multiple options for the future of this project, including forming our own non-profit or finding another [fiscal host](https://en.wikipedia.org/wiki/Fiscal_sponsorship).<!-- more -->
+In February, the OpenCollective Foundation (OCF)—[our fiscal host of 4 years](https://blog.privacyguides.org/2019/10/31/weve-joined-the-open-collective-foundation/)—emailed us to [announce](https://docs.opencollective.foundation/) that they would be shutting down, and they would no longer be able to collect donations on our behalf (or for any of the hundreds of projects they provided fiscal hosting services to). We immediately began to consider multiple options for the future of this project, including forming our own non-profit or finding another [fiscal host](https://en.wikipedia.org/wiki/Fiscal_sponsorship).<!-- more -->
 
-We're excited to announce a [partnership](https://magicgrants.org/2024/07/22/Privacy-Guides-Fund) with MAGIC Grants, a Public 501(c)(3) charity with the mission of supporting privacy projects like ours and providing undergraduate scholarships for students interested in cryptocurrencies and privacy. They will immediately take over all of the operations previously provided by OCF, including accepting donations on our behalf, handling any of our accounting and taxes, reimbursing team members and volunteers, and taking legal ownership of assets like our domains and servers.
+We're excited to announce a [partnership](https://magicgrants.org/2024/07/22/Privacy-Guides-Fund) with MAGIC Grants, a Public 501(c)(3) charity with the mission of supporting privacy projects like ours and providing undergraduate scholarships for students interested in cryptocurrencies and privacy. They will immediately take over all the operations previously provided by OCF, including accepting donations on our behalf, handling any of our accounting and taxes, reimbursing team members and volunteers, and taking legal ownership of assets like our domains and servers.
 
 This last point is important, because we want to ensure Privacy Guides is never fully reliant on a single individual like myself. This setup ensures Privacy Guides never strays from its mission of providing free and accessible privacy and security resources to protect consumers.
 
@@ -24,7 +24,7 @@ Of course, all of our projects including the [open-source](https://github.com/pr
 
 MAGIC Grants was the right choice for our project for a number of reasons:
 
-1. They are a 501(c)(3) non-profit, which allows us to retain our tax deductible status in the United States, and means there are legal safeguards in place to prevent Privacy Guides from being used for personal profit.
+1. They are a 501(c)(3) non-profit, which allows us to retain our tax-deductible status in the United States, and means there are legal safeguards in place to prevent Privacy Guides from being used for personal profit.
 2. They've provided us with a great deal of flexibility and independence over how we run our project, and added many safeguards to ensure the current Privacy Guides team retains ultimate control over the project. This means that nothing about Privacy Guides will change, now or in the future, due to outside influence.
 3. They've generously offered to provide their services to us for no fee, in support of our shared core mission of creating great educational materials.
 

blog/posts/proton-wallet-review.md

@@ -66,7 +66,7 @@ Creating your wallet is a simple process, after registering you'll be asked to c
 
 The default currency here isn't the currency being *stored* in Proton Wallet. It is just used to show you the current conversion rate between Bitcoin and your local currency.
 
-Once you're in, Proton Wallet is fairly straightforward. In fact, there's not much to explore beyond finding your wallet address and buying Bitcoin. Clicking the **Recieve** button brings up a panel which shows your address and allows you to generate a new one on the fly. When you generate a new address, all of your previous addresses will continue to work, but are no longer displayed anywhere.
+Once you're in, Proton Wallet is fairly straightforward. In fact, there's not much to explore beyond finding your wallet address and buying Bitcoin. Clicking the **Receive** button brings up a panel which shows your address and allows you to generate a new one on the fly. When you generate a new address, all of your previous addresses will continue to work, but are no longer displayed anywhere.
 
 ![Proton wallet address QR code and text displayed in sidebar](../assets/images/proton-wallet-review/3.webp)
 
@@ -92,7 +92,7 @@ I'm not convinced this is particularly revolutionary though. Many Bitcoin wallet
 
 ## What else sets it apart?
 
-There isn't much separating Proton Wallet from the existing options on the market. It is a *non-custodial* wallet, meaning that you control the private keys rather than Proton. This is a huge step-up in security compared to keeping your Bitcoin in an online exchange like Coinbase, but it isn't a big differentiator from other software wallets where non-custodial key storage is typically the norm.
+There isn't much separating Proton Wallet from the existing options on the market. It is a *noncustodial* wallet, meaning that you control the private keys rather than Proton. This is a huge step-up in security compared to keeping your Bitcoin in an online exchange like Coinbase, but it isn't a big differentiator from other software wallets where noncustodial key storage is typically the norm.
 
 Besides that, and Bitcoin via Email, if you visit Proton's website to see how else they differentiate themselves the best third reason they could muster up is:
 

blog/posts/pwa-vs-iwa.md

@@ -13,19 +13,19 @@ license: BY-SA
 ---
 # State of the Web App: Current Woes and Promising Futures
 
-The concept of a [progressive web app](https://developer.mozilla.org/en-US/docs/Web/Progressive_web_apps) is enticing: an application using web technologies that is inherently cross platform (since it runs in a browser) and acts like a native app, even functioning offline. Support for PWAs in traditionally locked-down platforms like iOS means that PWAs can give users the freedom to install apps without having to go through Apple’s App Store. But there are problems with web content that PWAs haven't solved.<!-- more -->
+The concept of a [progressive web app](https://developer.mozilla.org/en-US/docs/Web/Progressive_web_apps) is enticing: an application using web technologies that is inherently cross-platform (since it runs in a browser) and acts like a native app, even functioning offline. Support for PWAs in traditionally locked-down platforms like iOS means that PWAs can give users the freedom to install apps without having to go through Apple’s App Store. But there are problems with web content that PWAs haven't solved.<!-- more -->
 
 ## Current Web-Based Apps
 
-Attempts at similar things have been made before, the most infamous of which is [Electron](https://www.electronjs.org). Electron is a software framework that allows developers to easily create cross-platform apps by essentially bundling an entire Chromium browser in with the app. This approach has its [drawbacks](https://usa.kaspersky.com/blog/electron-framework-security-issues/28952/?srsltid=AfmBOor_UcYY-84soHz5K2ULTmhlX44-DsIfJp_StotBrusD63MweSGO), though. Browsers have huge attack surface so it's important to keep them updated with the latest security fixes, but many Electron apps ship outdated versions, leaving those apps vulnerable. Each Electron app has its own version of Chromium with its own attack surface, amounting to a performance and security nightmare. In contrast, PWAs use the browser that you already have installed, so as long as you keep it updated, all your apps will have the latest security fixes.
+Attempts at similar things have been made before, the most infamous of which is [Electron](https://www.electronjs.org). Electron is a software framework that allows developers to easily create cross-platform apps by essentially bundling an entire Chromium browser in with the app. This approach has its [drawbacks](https://usa.kaspersky.com/blog/electron-framework-security-issues/28952/?srsltid=AfmBOor_UcYY-84soHz5K2ULTmhlX44-DsIfJp_StotBrusD63MweSGO), though. Browsers have huge attack surface, so it's important to keep them updated with the latest security fixes, but many Electron apps ship outdated versions, leaving those apps vulnerable. Each Electron app has its own version of Chromium with its own attack surface, amounting to a performance and security nightmare. In contrast, PWAs use the browser that you already have installed, so as long as you keep it updated, all your apps will have the latest security fixes.
 
-So why isn't every Electron app shipping as a PWA? The answer is an age-old problem with web content: the fact that you have to trust the server fully. You make an HTML GET request and you're served the content (i.e., the site's HTML, CSS, and JavaScript), but if the server is compromised, you'll be served a compromised website. You also need to rely on the security of DNS name resolution and the [certificate authority](https://www.digicert.com/blog/what-is-a-certificate-authority) system. This is a huge problem for security-sensitive applications like messengers. An attacker that gains access to their server—even just temporarily—could distribute compromised clients to millions of people, potentially breaking E2EE or executing a host of other malicious actions.
+So why isn't every Electron app shipping as a PWA? The answer is an age-old problem with web content: the fact that you have to trust the server fully. You make an HTML GET request, and you're served the content (i.e., the site's HTML, CSS, and JavaScript), but if the server is compromised, you'll be served a compromised website. You also need to rely on the security of DNS name resolution and the [certificate authority](https://www.digicert.com/blog/what-is-a-certificate-authority) system. This is a huge problem for security-sensitive applications like messengers. An attacker that gains access to their server—even just temporarily—could distribute compromised clients to millions of people, potentially breaking E2EE or executing a host of other malicious actions.
 
 ## Improving Web Apps
 
 A typical native app is downloaded onto your computer from some kind of trusted place like an app store and only receives updates when the developers push them out. Additionally, there's usually a process of checks and verification before that happens, like Apple's [App Review](https://developer.apple.com/distribute/app-review) and the Google Play [App Review](https://support.google.com/googleplay/android-developer/answer/9859455) process. In contrast to PWAs, with which the threat of an attacker with server access constantly looms, it's much more difficult to target a particular person. In other words, a malicious app update is much less likely to escape scrutiny than a highly targeted attack via compromised servers.
 
-Isolated Web Apps (IWAs) build on the work done on PWAs and [Web Packaging](https://github.com/WICG/webpackage). They are a specification that allows web content to be distributed offline outside of a browser, much like a traditional app. It can be signed just like a regular app too, allowing you to verify that it came from the proper place and hasn't been modified. You could install an IWA from your favorite app store just like any other app and have the same security assurances. This would be incredibly useful in allowing for cross-platform E2EE web apps that don't need to trust a server every time you use them.
+Isolated Web Apps (IWAs) build on the work done on PWAs and [Web Packaging](https://github.com/WICG/webpackage). They are a specification that allows web content to be distributed offline outside a browser, much like a traditional app. It can be signed just like a regular app too, allowing you to verify that it came from the proper place and hasn't been modified. You could install an IWA from your favorite app store just like any other app and have the same security assurances. This would be incredibly useful in allowing for cross-platform E2EE web apps that don't need to trust a server every time you use them.
 
 Google [distinguishes](https://chromeos.dev/en/web/isolated-web-apps) between the drive by web, PWAs, and IWAs. The drive by web requires more conservative access to the system as the most accessible and is therefore least trusted. PWAs are a bit more trusted and can integrate a bit more deeply into the system as a result. IWAs are the most trusted and, as such, can have deeper access into the system and more powerful capabilities.
 

blog/posts/relisting-startpage.md

@@ -24,7 +24,7 @@ In October 2019, we learned that System1 had become the majority shareholder in
 
 > ...there are still so many unanswered questions, we can no longer recommend the service with good confidence. If Startpage aims to be re-considered, they will have to answer the questions above, preferably along with an explanation of why it took them so long to get proper answers out to the public.
 
-Shortly after this, the *Privacy Guides* team was able to get an open line of communication with Startpage.com CEO Robert Beens, who vocalized his regret for not answering our questions more quickly and providing more clarity to the community from the start. From their perspective nothing fundamental had changed due to the acquisition, except that they would now have the resources to market Startpage efficiently thanks to System1. Unfortunately, Startpage failed to put themselves in the place of their users, and understand that their lack of transparancy at the beginning would erode the trust they shared with the privacy community.
+Shortly after this, the *Privacy Guides* team was able to get an open line of communication with Startpage.com CEO Robert Beens, who vocalized his regret for not answering our questions more quickly and providing more clarity to the community from the start. From their perspective nothing fundamental had changed due to the acquisition, except that they would now have the resources to market Startpage efficiently thanks to System1. Unfortunately, Startpage failed to put themselves in the place of their users, and understand that their lack of transparency at the beginning would erode the trust they shared with the privacy community.
 
 By December, Startpage had [responded](https://code.privacyguides.dev/privacyguides/privacytools.io/issues/1562#issue-737) to our questions. More recently they also clarified that [System1's privacy policy](https://web.archive.org/web/20201110100140/https://system1.com/terms/privacy-policy) does not relate to Startpage; Startpage's privacy policy remains [unchanged](https://web.archive.org/web/20201110100140/https://www.startpage.com/en/privacy-policy/):
 

blog/posts/restrict-act.md

@@ -25,7 +25,7 @@ Terrible acronym aside, the RESTRICT Act claims to...
 
 In reality, this act would grant the government broad powers to restrict access to any site or service they claim could pose a threat to national security, akin to China's "[great firewall](https://en.wikipedia.org/wiki/Great_Firewall)."
 
-Currently, if you go on the internet and try and find out what the RESTRICT Act *actually does*, you'll find a lot of confusing and conflicting information. This is by design, not from a lack of analysis. Simply put, the RESTRICT Act has been interpreted in so many different ways because the wording is so broad that it *can* be interpreted in so many different ways. This is obviously a problematic form of government overreach.
+Currently, if you go on the internet and try and find out what the RESTRICT Act *actually does*, you'll find a lot of confusing and conflicting information. This is by design, not from a lack of analysis. Simply put, the RESTRICT Act has been interpreted in so many ways because the wording is so broad that it *can* be interpreted in so many ways. This is obviously a problematic form of government overreach.
 
 So what does it actually do? Well, nothing! For now anyway: Like many bills lately, this bill has no immediate effects, but it does grant the White House power to create rules and regulations which will have the power of law. Section 8 grants the Secretary of Commerce the power to "establish such rules, regulations, and procedures as the Secretary considers appropriate." These rules can include almost anything as long as they are targeting an entity covered by the bill.
 
@@ -52,7 +52,7 @@ Ultimately, the provisions in this bill are so broad that it is inconceivable th
 
 ## Is this good privacy regulation?
 
-Absolutely not. Fundamentally, the RESTRICT Act does nothing to address the actual privacy concerns of American citizens, it only ensures that the digital data of Americans is exploited *exclusively* by America-friendly companies. If Congress was legitimately concerned about data collection in America, they could implement strong consumer protections that enhance individuals' control and rights over their personal data on *every* platform instead of playing whac-a-mole with every foreign technology entity.
+Absolutely not. Fundamentally, the RESTRICT Act does nothing to address the actual privacy concerns of American citizens, it only ensures that the digital data of Americans is exploited *exclusively* by America-friendly companies. If Congress was legitimately concerned about data collection in America, they could implement strong consumer protections that enhance individuals' control and rights over their personal data on *every* platform instead of playing whack-a-mole with every foreign technology entity.
 
 You may still be thinking that this bill would only really impact large, foreign entities like China/TikTok, but we've seen time and time again how bills like this that are sold as attacks on huge, nebulous entities like "terrorists" and "foreign state adversaries" wind up mainly used to attack the little guy with minor infractions.
 

blog/posts/secure-data-erasure.md

@@ -38,7 +38,7 @@ Once you have your boot media, enter your system's UEFI settings and boot from t
 
 ### Flash Storage
 
-For [flash memory](https://en.wikipedia.org/wiki/Flash_memory) (SSD, NVMe, etc) devices we suggest the ATA Secure Erase command. Methods such as `nwipe` should not be used on flash storage devices as it may damage their performance. The "Secure Erase" feature is often accessible through the UEFI setup menu. NVMe storage can be erased using the [`nvme-cli`](https://github.com/linux-nvme/nvme-cli) tools. For that see:
+For [flash memory](https://en.wikipedia.org/wiki/Flash_memory) (SSD, NVMe, etc.) devices we suggest the ATA Secure Erase command. Methods such as `nwipe` should not be used on flash storage devices as it may damage their performance. The "Secure Erase" feature is often accessible through the UEFI setup menu. NVMe storage can be erased using the [`nvme-cli`](https://github.com/linux-nvme/nvme-cli) tools. For that see:
 
 ```text
 nvme format /dev/nvme0 -s 2 -n 1

blog/posts/signal-configuration-and-hardening.md

@@ -74,7 +74,7 @@ To view the safety number for a particular contact, you need to follow these ste
 
 Once you've compared the safety numbers on both devices, you can mark that contact as **Verified**.
 
-A checkmark will appear in the chat header by your contact's name when the safety number is marked as verified. It will remain verified unless the safety number changes or you manually change the verification status.
+A checkmark will appear in the chat header by your contact's name when the safety number is marked as verified. It will remain verified unless the safety number changes, or you manually change the verification status.
 
 After doing that, any time the safety number changes, you'll be notified.
 
@@ -188,7 +188,7 @@ You can learn more about Signal's proxy support on their [website](https://suppo
 
 ### Disable Signal Call History (iOS)
 
-Signal allows you to see your call history from your regular phone app. This allows your iOS device to sync your call history with iCloud, including who you spoke to, when, and for how long.
+Signal allows you to see your call history from your regular phone app. This allows your iOS device to sync your call history with iCloud, including whom you spoke to, when, and for how long.
 
 If you use iCloud and you don’t want to share call history on Signal, confirm it’s turned off:
 
@@ -205,7 +205,7 @@ Avoid linking your Signal account to a desktop device to reduce your attack surf
 
 ### Molly (Android)
 
-If you use [Molly](https://www.privacyguides.org/en/real-time-communication/#molly-android) on Android to access the Signal network, there are a number of privacy- and security-enhancing features that you may want to explore.
+If you use [Molly](https://www.privacyguides.org/en/real-time-communication/#molly-android) on Android to access the Signal network, there are many privacy and security-enhancing features that you may want to explore.
 
 #### Privacy and Security Features
 

blog/posts/signal-number-registration-update.md

@@ -28,7 +28,7 @@ As outlined in our [Signal Configuration & Hardening Guide](signal-configuration
 
 ## How It Works Now
 
-As outlined in this [issue](https://github.com/signalapp/Signal-Android/issues/12595#issuecomment-1310752097) on the Signal-Android GitHub repository, if someone tries to register with that number and is able to get the SMS code, they can kick you out of your Signal account. At that point, you have to re-register by receiving an SMS for that number, and inputting your Signal PIN. If you are unable to do this, the Registration Lock is not enforced after 7 days. Someone who tries to register after that will be prompted to enter the Signal PIN once more. If the correct PIN is not entered, the app will prompt you to create a new PIN, and the account is wiped and the number can be claimed by a person who can receive an SMS code for it.
+As outlined in this [issue](https://github.com/signalapp/Signal-Android/issues/12595#issuecomment-1310752097) on the Signal-Android GitHub repository, if someone tries to register with that number and is able to get the SMS code, they can kick you out of your Signal account. At that point, you have to re-register by receiving an SMS for that number, and inputting your Signal PIN. If you are unable to do this, the Registration Lock is not enforced after 7 days. Someone who tries to register after that will be prompted to enter the Signal PIN once more. If the correct PIN is not entered, the app will prompt you to create a new PIN, and the account is wiped allowing the number to be claimed by a person who can receive an SMS code for it.
 
 You can find the relevant changes in the code [here](https://github.com/signalapp/Signal-Server/commit/80a3a8a43c8698be9f561a42762ffafe2db1409b#diff-c99f1a5184455de55e73623642ad010e2269a2d217a911e6bcf8f6bc8a79f6eaR484).
 

blog/posts/staff-announcement.md

@@ -14,7 +14,7 @@ schema_type: NewsArticle
 
 # Jonah Aragon Hired as Project Director
 
-We are thrilled to announce a significant milestone for Privacy Guides: the addition of our first paid staff member, Jonah Aragon. This achievement is a testament to the unwavering support and generous donations from our incredible community. Another major donation came from [Power Up Privacy](https://powerupprivacy.com/){ rel=nofollow }, a privacy advocacy group that funds privacy-related research and development, which helped us achieve this goal earlier then expected!<!-- more -->
+We are thrilled to announce a significant milestone for Privacy Guides: the addition of our first paid staff member, Jonah Aragon. This achievement is a testament to the unwavering support and generous donations from our incredible community. Another major donation came from [Power Up Privacy](https://powerupprivacy.com/){ rel=nofollow }, a privacy advocacy group that funds privacy-related research and development, which helped us achieve this goal earlier than expected!<!-- more -->
 
 Jonah Aragon is no stranger to Privacy Guides. As a founding member, Jonah has been instrumental in shaping our organization and its mission. With his extensive background in privacy and cybersecurity, Jonah brings a wealth of knowledge and experience to his new role.
 

blog/posts/the-future-of-privacy.md

@@ -54,9 +54,9 @@ On the good side of regulatory influence, there are regulations like the [Genera
 
 ### What is the GDPR
 
-The GDPR is a data privacy regulation that was adopted by the European Union (EU) in 2016 and became effective in May 2018. Its scope encompasses all of the EU member states as well as all the countries part of the European Economic Area (EEA), which together count 30 countries to this day. The United Kingdom also uses an [amended version](https://www.gdpreu.org/differences-between-the-uk-and-eu-gdpr-regulations/) of the GDPR post-Brexit.
+The GDPR is a data privacy regulation that was adopted by the European Union (EU) in 2016 and became effective in May 2018. Its scope encompasses all the EU member states as well as all the countries part of the European Economic Area (EEA), which together count 30 countries to this day. The United Kingdom also uses an [amended version](https://www.gdpreu.org/differences-between-the-uk-and-eu-gdpr-regulations/) of the GDPR post-Brexit.
 
-However, the reach of the GDPR isn't limited to Europe. Every organization based *outside of the EU* that is offering goods or services to, or is monitoring the behavior of, individuals located in the EU [must comply](https://commission.europa.eu/law/law-topic/data-protection/rules-business-and-organisations/application-regulation/who-does-data-protection-law-apply_en) as well. This means that **most organizations operating worldwide, regardless of where they are located in the world, must comply** with the GDPR.
+However, the reach of the GDPR isn't limited to Europe. Every organization based *outside the EU* that is offering goods or services to, or is monitoring the behavior of, individuals located in the EU [must comply](https://commission.europa.eu/law/law-topic/data-protection/rules-business-and-organisations/application-regulation/who-does-data-protection-law-apply_en) as well. This means that **most organizations operating worldwide, regardless of where they are located in the world, must comply** with the GDPR.
 
 As is often the case with data privacy laws, it took a few years before [Data Subjects](https://www.gdprsummary.com/gdpr-definitions/data-subject/) (your legal designation under the GDPR) noticed any concrete changes. One change that has become prominent in the past few years, and is likely a direct product of the GDPR, is data deletion features within apps and accounts.
 
@@ -77,7 +77,7 @@ If you wish to exercise or have questions related to your Right to Erasure or Ri
 
 ## Chat Control wants to break end-to-end encryption
 
-If you are not European, please bear with me. First of all, everyone outside of Europe should care about what is happening in Europe, regardless. But even if you don't care, you should know **this kind of mass surveillance proposition will inevitably leak west**, and if adopted will affect us all globally.
+If you are not European, please bear with me. First, everyone outside of Europe should care about what is happening in Europe, regardless. But even if you don't care, you should know **this kind of mass surveillance proposition will inevitably leak west**, and if adopted will affect us all globally.
 
 ### What is Chat Control
 
@@ -91,7 +91,7 @@ Such legislation might sound like a noble cause at first, but consider this: Sca
 
 Chat Control would hurt everyone, [including the children](https://digitalcommons.law.uw.edu/wlr/vol99/iss1/9/). Not only would mass scanning of all messages be [ineffective](https://volteuropa.org/news/chat-control-wont-protect-children) at reducing CSAM, but it would endanger the children even further by also scanning their communications. Because yes, children also communicate online. Parents also communicate sensitive information about their children online, with trusted family or doctors. All this data would get scanned and collected, only [one breach away](https://techcrunch.com/2025/01/28/powerschool-begins-notifying-students-and-teachers-after-massive-data-breach/) from being made public.
 
-*Protecting the children* is a pretext regularly used to implement abusive regulations undermining individual liberties and protections. Do not get fooled by this demagogical stratagem. **Chat Control is the opposite of protecting the children.**
+*Protecting the children* is a pretext regularly used to implement abusive regulations undermining individual liberties and protections. Do not get fooled by this demagogic stratagem. **Chat Control is the opposite of protecting the children.**
 
 Chat Control would only lead to destroying the end-to-end encryption messaging features that are protecting us and the children so well already. Criminals exploiting children would simply move to underground channels, unbothered.
 
@@ -109,7 +109,7 @@ Age Verification policies generally start with the premise that some content sho
 
 ### Who will decide what content should be walled online?
 
-First of all, even putting aside the fact that there is plenty of disturbing content accessible *outside* the internet (newspapers, television, movies, radio, advertising, etc), who would be [the deciders](https://www.eff.org/deeplinks/2025/01/impact-age-verification-measures-goes-beyond-porn-sites) of which specific content can be accessed by children or not? This can be extremely problematic, to say the least.
+First, even putting aside the fact that there is plenty of disturbing content accessible *outside* the internet (newspapers, television, movies, radio, advertising, etc.), who would be [the deciders](https://www.eff.org/deeplinks/2025/01/impact-age-verification-measures-goes-beyond-porn-sites) of which specific content can be accessed by children or not? This can be extremely problematic, to say the least.
 
 There is no objective measure to decide on this, and what might be deemed appropriate by one might not be by another. More importantly in the context of our discussion, what one government might judge appropriate might be very different from the next or previous administration.
 

blog/posts/threads-launch-twitter.md

@@ -21,7 +21,7 @@ schema_type: OpinionNewsArticle
 
 Silicon Valley could well be built on the principle of scrapping principles. Now Elon Musk, perhaps the ultimate tech bro, is shredding another well-regarded convention with an *original business strategy*.<!-- more -->
 
-Generally, in business, it is sensible to provide your customers with what they want. With Twitter, the meme-makers' favourite billionaire is doing the opposite. The cyber-trucker is trying his best to [cull](https://jottings.lol/2022/12/bravo-elon) his customer base. Instead of finding gaps in the market, Musk is helping to create them. Ever the [copycat](https://blog.privacyguides.org/2022/04/04/move-fast-and-break-things/), Mark Zuckerberg wants to give these innovative tactics a try. Enter the-company formerly-known-as-Facebook's rival to the birdsite: Threads.
+Generally, in business, it is sensible to provide your customers with what they want. With Twitter, the meme-makers' favorite billionaire is doing the opposite. The cyber-trucker is trying his best to [cull](https://jottings.lol/2022/12/bravo-elon) his customer base. Instead of finding gaps in the market, Musk is helping to create them. Ever the [copycat](https://blog.privacyguides.org/2022/04/04/move-fast-and-break-things/), Mark Zuckerberg wants to give these innovative tactics a try. Enter the-company formerly-known-as-Facebook's rival to the birdsite: Threads.
 
 The Zuck is, by all accounts, good at making social media platforms. This doesn't mean the platforms themselves are good - they [aren't](https://blog.privacyguides.org/2021/11/01/virtual-insanity/). But they are unarguably successful: Instagram and WhatsApp have comfortably over a billion users, Facebook has nearly three. If only half of these users adopt the new platform, it would instantly eclipse Twitter. As it happens, Threads allows you to import all your followers from Instagram. Of all the Twitter alternatives, Zuckerberg's looks like the most promising.
 

blog/posts/virtual-insanity.md

@@ -32,7 +32,7 @@ The similarities are uncanny.
 
 This wouldn’t be the first time that Facebook has been described as dystopian. One *Mashable* article [called](https://mashable.com/article/facebook-dystopia) the social media giant ‘Orwellian and Huxleyan at the same time.’ Quite a feat.
 
-The ‘Facebook Papers’ have some pretty shocking - though not entirely surprising - revelations as well. The leaked documents demonstrate the extent to which Facebook values engagement above all else (including a good experience). For instance, we learnt that the algorithm is [optimised](https://www.wired.com/story/facebook-transparency-biggest-sites-pages-links/) for low quality content, [prioritises](https://www.washingtonpost.com/technology/2021/10/26/facebook-angry-emoji-algorithm/) rage over happiness for profit, and [promotes](https://www.theatlantic.com/ideas/archive/2021/10/facebook-papers-democracy-election-zuckerberg/620478/) extremist content. Most alarming was that the firm [failed](https://apnews.com/article/the-facebook-papers-covid-vaccine-misinformation-c8bbc569be7cc2ca583dadb4236a0613) to reduce disinformation during the pandemic even when given the opportunity. Zuckerberg said no to this, presumably because it would reduce engagement and, in turn, Facebook’s advertising revenue.
+The ‘Facebook Papers’ have some pretty shocking - though not entirely surprising - revelations as well. The leaked documents demonstrate the extent to which Facebook values engagement above all else (including a good experience). For instance, we learned that the algorithm is [optimized](https://www.wired.com/story/facebook-transparency-biggest-sites-pages-links/) for low quality content, [prioritizes](https://www.washingtonpost.com/technology/2021/10/26/facebook-angry-emoji-algorithm/) rage over happiness for profit, and [promotes](https://www.theatlantic.com/ideas/archive/2021/10/facebook-papers-democracy-election-zuckerberg/620478/) extremist content. Most alarming was that the firm [failed](https://apnews.com/article/the-facebook-papers-covid-vaccine-misinformation-c8bbc569be7cc2ca583dadb4236a0613) to reduce disinformation during the pandemic even when given the opportunity. Zuckerberg said no to this, presumably because it would reduce engagement and, in turn, Facebook’s advertising revenue.
 
 Let’s not forget all Facebook’s previous scandals. From the Cambridge Analytica kerfuffle to [conducting](https://www.theregister.com/2014/06/29/researchers_mess_with_facebook_users_emotions/) manipulative social experiments in secret.
 

blog/posts/where-are-all-the-mprs.md

@@ -45,7 +45,7 @@ Typically, the first relay is controlled by the provider (either Apple or INVISV
 
 They also provide *speed*. Private Relay uses the QUIC protocol and as a result it's lightning fast. You wouldn't even know you were connecting to two servers in between your cat videos. The reliability is so good that I forget I even have it on. It even integrates with Safari and gives you a different IP address for different websites, similar to Tor's stream isolation.
 
-So why haven't MPRs taken off? INVISV's Pretty Good Phone Privacy service never seemed to make it out of [beta](https://invisv.com/pgpp/#pgpp-release-notes). INVISV [partnered](https://invisv.com/articles/vivaldi-privacy-guard) with Vivaldi, but I can't seem to find any mention of it in the Vivaldi settings or on their website outside of the original [announcement](https://vivaldi.com/blog/desktop/privacy-guard-your-privacy-matters-vivaldi-browser-snapshot-3319-12/). INVISV ultimately [shut down](https://invisv.com/articles/service_shutdown.html) their service back in June. I hope to see more from them in the future because they were providing something that currently isn't possible to get anymore on Android.
+So why haven't MPRs taken off? INVISV's Pretty Good Phone Privacy service never seemed to make it out of [beta](https://invisv.com/pgpp/#pgpp-release-notes). INVISV [partnered](https://invisv.com/articles/vivaldi-privacy-guard) with Vivaldi, but I can't seem to find any mention of it in the Vivaldi settings or on their website outside the original [announcement](https://vivaldi.com/blog/desktop/privacy-guard-your-privacy-matters-vivaldi-browser-snapshot-3319-12/). INVISV ultimately [shut down](https://invisv.com/articles/service_shutdown.html) their service back in June. I hope to see more from them in the future because they were providing something that currently isn't possible to get anymore on Android.
 
 That leaves [iCloud Private Relay](https://support.apple.com/en-us/102602) as the only commercial offering that I'm aware of, but it's limited to Apple devices only. Great for Apple users, but everyone else is left high and dry. As is Apple's way, they didn't want any extra inconvenience from using their service, so they restrict you to your real country and timezone. You don't have the same freedom to choose a server wherever in the world you want like a [traditional VPN service](https://www.privacyguides.org/en/vpn) would allow.
 

blog/posts/why-i-run-a-tor-relay.md

@@ -41,7 +41,7 @@ And this is when it struck me, as I hope it struck many others at that talk: Am
 
 It struck me that I have enough money, time and access to the right information to run my own relay. So it begged the question: Why *wouldn’t* I?
 
-At the time of writing my relay has been flagged ‘valid’, ‘running’ and ‘fast’ and is on track to have relayed around 750GB by the end of the month. It feels good. It feels really good.
+At the time of writing my relay has been flagged ‘valid’, ‘running’ and ‘fast’ and is on track to have relayed around 750 GB by the end of the month. It feels good. It feels really good.
 
 ---
 

docs/about.md

@@ -23,7 +23,7 @@ schema:
 [:octicons-home-16:](https://www.privacyguides.org){ .card-link title=Homepage }
 [:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" }
 
-Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team&order=solutions&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever changing cybersecurity threat landscape.
+Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team&order=solutions&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever-changing cybersecurity threat landscape.
 
 In addition to our core team, [many other people](about/contributors.md) have made contributions to the project. You can too! We're open source on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides).
 

docs/about/contributors.md

@@ -6,7 +6,7 @@ description: A complete list of contributors who have collectively made an enorm
 ---
 <!-- Do NOT manually edit this file, please add yourself to the .all-contributorsrc file instead. See our GitHub Issues for more details -->
 
-This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside of this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
+This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
 
 | Emoji | Type | Description
 | --- | --- | ---

docs/about/criteria.md

@@ -24,7 +24,7 @@ We have these requirements in regard to developers which wish to submit their pr
 
 - Must disclose affiliation, i.e. your position within the project being submitted.
 
-- Must have a security whitepaper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
+- Must have a security white paper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
     - Regarding third party audit status, we want to know if you have undergone one, or have requested one. If possible please mention who will be conducting the audit.
 
 - Must explain what the project brings to the table in regard to privacy.

docs/about/executive-policy.md

@@ -5,7 +5,7 @@ description: These are policies formally adopted by our executive committee, and
 
 These are policies formally adopted by Privacy Guides' executive committee, and take precedence over all other statements expressed on this website.
 
-The key words **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
+The keywords **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
 
 ## EP1: Freely-Provided Product Samples
 

docs/about/notices.md

@@ -31,7 +31,7 @@ This does not include third-party code embedded in the Privacy Guides code repos
 * The [Public Sans](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans) font used for most text on the site is licensed under the terms detailed [here](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans/LICENSE.txt).
 * The [DM Mono](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono) font used for monospaced text on the site is licensed under the [SIL Open Font License 1.1](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono/LICENSE.txt).
 
-We believe that the logos and other images in `assets` obtained from third-party providers are either in the public domain or **fair use**. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject matter for purposes of public comment. However, these logos and other images may still be subject to trademark laws in one or more jurisdictions. Before using this content, please ensure that it is used to identify the entity or organization that owns the trademark and that you have the right to use it under the laws which apply in the circumstances of your intended use. *When copying content from this website, you are solely responsible for ensuring that you do not infringe someone else's trademark or copyright.*
+We believe that the logos and other images in `assets` obtained from third-party providers are either in the public domain or **fair use**. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject for purposes of public comment. However, these logos and other images may still be subject to trademark laws in one or more jurisdictions. Before using this content, please ensure that it is used to identify the entity or organization that owns the trademark and that you have the right to use it under the laws which apply in the circumstances of your intended use. *When copying content from this website, you are solely responsible for ensuring that you do not infringe someone else's trademark or copyright.*
 
 When you contribute to our website you are doing so under the above licenses, and you are granting Privacy Guides a perpetual, worldwide, non-exclusive, transferable, royalty-free, irrevocable license with the right to sublicense such rights through multiple tiers of sublicensees, to reproduce, modify, display, perform and distribute your contribution as part of our project.
 

docs/about/privacytools.md

@@ -36,9 +36,9 @@ At the end of July 2021, we [informed](https://web.archive.org/web/2021072918442
 
 ## Control of r/privacytoolsIO
 
-Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the subreddit. The subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep was the only active moderator at the time, and [posted](https://reddit.com/comments/o9tllh) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
+Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the Subreddit. The Subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the Subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep was the only active moderator at the time, and [posted](https://reddit.com/comments/o9tllh) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
 
-Reddit requires that subreddits have active moderators. If the primary moderator is inactive for a lengthy period of time (such as a year) the primary moderation position can be re-appointed to the next moderator in line. For this request to have been granted, BurungHantu had to have been completely absent from all Reddit activity for a long period of time, which was consistent with his behaviors on other platforms.
+Reddit requires that Subreddits have active moderators. If the primary moderator is inactive for a lengthy period of time (such as a year) the primary moderation position can be re-appointed to the next moderator in line. For this request to have been granted, BurungHantu had to have been completely absent from all Reddit activity for a long period of time, which was consistent with his behaviors on other platforms.
 
 > If you were removed as moderator from a subreddit through Reddit request it is because your lack of response and lack of activity qualified the subreddit for an r/redditrequest transfer.
 >
@@ -54,7 +54,7 @@ This change [entailed:](https://reddit.com/comments/pnhn4a)
 
 - Redirecting `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org).
 - Archiving the source code on GitHub to preserve our past work and issue tracker, which we continued to use for months of future development of this site.
-- Posting announcements to our subreddit and various other communities informing people of the official change.
+- Posting announcements to our Subreddit and various other communities informing people of the official change.
 - Formally closing privacytools.io services, like Matrix and Mastodon, and encouraging existing users to migrate as soon as possible.
 
 Things appeared to be going smoothly, and most of our active community made the switch to our new project exactly as we hoped.
@@ -65,11 +65,11 @@ Roughly a week following the transition, BurungHantu returned online for the fir
 
 At this point, BurungHantu claimed he wanted to continue working on privacytools.io on his own and requested that we remove the redirect from `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org). We obliged and requested that he keep the subdomains for Matrix, Mastodon, and PeerTube active for us to run as a public service to our community for at least a few months, in order to allow users on those platforms to easily migrate to other accounts. Due to the federated nature of the services we provided, they were tied to specific domain names making it very difficult to migrate (and in some cases impossible).
 
-Unfortunately, because control of the r/privacytoolsIO subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
+Unfortunately, because control of the r/privacytoolsIO Subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
 
 Following this, BurungHantu made false accusations about Jonah stealing donations from the project. BurungHantu had over a year since the alleged incident occurred, and yet he never made anyone aware of it until after the Privacy Guides migration. BurungHantu has been repeatedly asked for proof and to comment on the reason for his silence by the team [and the community](https://twitter.com/TommyTran732/status/1526153536962281474), and has not done so.
 
-BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim.
+BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our Subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim.
 
 ## PrivacyTools.io Now
 
@@ -79,7 +79,7 @@ As of September 25th 2022 we are seeing BurungHantu's overall plans come to frui
 
 ## r/privacytoolsIO Now
 
-After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
+After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both Subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
 
 > [...] The growth of this Sub was the result of great effort, across several years, by the PrivacyGuides.org team. And by every one of you.
 >
@@ -87,11 +87,11 @@ After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it wa
 
 Subreddits do not belong to anybody, and they especially do not belong to brand-holders. They belong to their communities, and the community and its moderators made the decision to support the move to r/PrivacyGuides.
 
-In the months since, BurungHantu has threatened and begged for returning subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
+In the months since, BurungHantu has threatened and begged for returning Subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
 
 > Retaliation from any moderator with regards to removal requests is disallowed.
 
-For a community with many thousands of remaining subscribers, we feel that it would be incredibly disrespectful to return control of that massive platform to the person who abandoned it for over a year, and who now operates a website that we feel provides very low-quality information. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.
+For a community with many thousands of remaining subscribers, we feel that it would be incredibly disrespectful to return control of that massive platform to the person who abandoned it for over a year, and who now operates a website that we feel provides very low-quality information. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the Subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.
 
 ## OpenCollective Now
 

docs/about/statistics.md

@@ -9,7 +9,7 @@ We self-host [Umami](https://umami.is) to create a nice visualization of our tra
 
 With this process:
 
-- Your information is never shared with a third-party, it stays on servers we control
+- Your information is never shared with a third party, it stays on servers we control
 - Your personal data is never saved, we only collect data in aggregate
 - No client-side JavaScript is used
 

docs/advanced/communication-network-types.md

@@ -44,7 +44,7 @@ When self-hosted, members of a federated server can discover and communicate wit
 - Allows for greater control over your own data when running your own server.
 - Allows you to choose whom to trust your data with by choosing between multiple "public" servers.
 - Often allows for third-party clients which can provide a more native, customized, or accessible experience.
-- Server software can be verified that it matches public source code, assuming you have access to the server or you trust the person who does (e.g., a family member).
+- Server software can be verified that it matches public source code, assuming you have access to the server, or you trust the person who does (e.g., a family member).
 
 **Disadvantages:**
 
@@ -60,7 +60,7 @@ When self-hosted, members of a federated server can discover and communicate wit
 
 P2P messengers connect to a [distributed network](https://en.wikipedia.org/wiki/Distributed_networking) of nodes to relay a message to the recipient without a third-party server.
 
-Clients (peers) usually find each other through the use of a [distributed computing](https://en.wikipedia.org/wiki/Distributed_computing) network. Examples of this include [Distributed Hash Tables](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT), used by [torrents](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) and [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) for example. Another approach is proximity based networks, where a connection is established over WiFi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
+Clients (peers) usually find each other through the use of a [distributed computing](https://en.wikipedia.org/wiki/Distributed_computing) network. Examples of this include [Distributed Hash Tables](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT), used by [torrents](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) and [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) for example. Another approach is proximity based networks, where a connection is established over Wi-Fi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
 
 Once a peer has found a route to its contact via any of these methods, a direct connection between them is made. Although messages are usually encrypted, an observer can still deduce the location and identity of the sender and recipient.
 
@@ -85,9 +85,9 @@ P2P networks do not use servers, as peers communicate directly between each othe
 
 A messenger using [anonymous routing](https://doi.org/10.1007/978-1-4419-5906-5_628) hides either the identity of the sender, the receiver, or evidence that they have been communicating. Ideally, a messenger should hide all three.
 
-There are [many](https://doi.org/10.1145/3182658) different ways to implement anonymous routing. One of the most famous is [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (i.e. [Tor](tor-overview.md)), which communicates encrypted messages through a virtual [overlay network](https://en.wikipedia.org/wiki/Overlay_network) that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly and only meet through a secret rendezvous node so that there is no leak of IP addresses nor physical location. Nodes cannot decrypt messages, nor the final destination; only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers."
+There are [many](https://doi.org/10.1145/3182658) ways to implement anonymous routing. One of the most famous is [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (i.e. [Tor](tor-overview.md)), which communicates encrypted messages through a virtual [overlay network](https://en.wikipedia.org/wiki/Overlay_network) that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly and only meet through a secret rendezvous node so that there is no leak of IP addresses nor physical location. Nodes cannot decrypt messages, nor the final destination; only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers."
 
-Self-hosting a node in an anonymous routing network does not provide the hoster with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
+Self-hosting a node in an anonymous routing network does not provide the host with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
 
 **Advantages:**
 

docs/advanced/dns-overview.md

@@ -4,7 +4,7 @@ icon: material/dns
 description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for.
 ---
 
-The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers.
+The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phone book of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers.
 
 ## What is DNS?
 
@@ -24,7 +24,7 @@ Below, we discuss and provide a tutorial to prove what an outside observer may s
     tshark -w /tmp/dns.pcap udp port 53 and host 1.1.1.1 or host 8.8.8.8
     ```
 
-2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, MacOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Software such as web browsers do these lookups automatically, unless they are configured to use encrypted DNS.
+2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, macOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Software such as web browsers do these lookups automatically, unless they are configured to use encrypted DNS.
 
     === "Linux, macOS"
 
@@ -39,7 +39,7 @@ Below, we discuss and provide a tutorial to prove what an outside observer may s
         nslookup privacyguides.org 8.8.8.8
         ```
 
-3. Next, we want to [analyse](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
+3. Next, we want to [analyze](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
 
     === "Wireshark"
 
@@ -70,7 +70,7 @@ Encrypted DNS can refer to one of a number of protocols, the most common ones be
 
 ### DNSCrypt
 
-[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) was one of the first methods of encrypting DNS queries. DNSCrypt operates on port 443 and works with both the TCP or UDP transport protocols. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside of a few [implementations](https://dnscrypt.info/implementations). As a result, it has been largely replaced by the more popular [DNS over HTTPS](#dns-over-https-doh).
+[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) was one of the first methods of encrypting DNS queries. DNSCrypt operates on port 443 and works with both the TCP or UDP transport protocols. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside a few [implementations](https://dnscrypt.info/implementations). As a result, it has been largely replaced by the more popular [DNS over HTTPS](#dns-over-https-doh).
 
 ### DNS over TLS (DoT)
 
@@ -118,7 +118,7 @@ In this example we will record what happens when we make a DoH request:
 
 3. After making the request, we can stop the packet capture with <kbd>CTRL</kbd> + <kbd>C</kbd>.
 
-4. Analyse the results in Wireshark:
+4. Analyze the results in Wireshark:
 
     ```bash
     wireshark -r /tmp/dns_doh.pcap
@@ -136,13 +136,13 @@ When we do a DNS lookup, it's generally because we want to access a resource. Be
 
 The simplest way to determine browsing activity might be to look at the IP addresses your devices are accessing. For example, if the observer knows that `privacyguides.org` is at `198.98.54.105`, and your device is requesting data from `198.98.54.105`, there is a good chance you're visiting Privacy Guides.
 
-This method is only useful when the IP address belongs to a server that only hosts few websites. It's also not very useful if the site is hosted on a shared platform (e.g. Github Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). It also isn't very useful if the server is hosted behind a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy), which is very common on the modern Internet.
+This method is only useful when the IP address belongs to a server that only hosts few websites. It's also not very useful if the site is hosted on a shared platform (e.g. GitHub Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). It also isn't very useful if the server is hosted behind a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy), which is very common on the modern Internet.
 
 ### Server Name Indication (SNI)
 
-Server Name Indication is typically used when a IP address hosts many websites. This could be a service like Cloudflare, or some other [Denial-of-service attack](https://en.wikipedia.org/wiki/Denial-of-service_attack) protection.
+Server Name Indication is typically used when an IP address hosts many websites. This could be a service like Cloudflare, or some other [Denial-of-service attack](https://en.wikipedia.org/wiki/Denial-of-service_attack) protection.
 
-1. Start capturing again with `tshark`. We've added a filter with our IP address so you don't capture many packets:
+1. Start capturing again with `tshark`. We've added a filter with our IP address, so you don't capture many packets:
 
     ```bash
     tshark -w /tmp/pg.pcap port 443 and host 198.98.54.105
@@ -294,7 +294,7 @@ graph TB
     ispDNS --> | No | nothing(Do nothing)
 ```
 
-Encrypted DNS with a third-party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences or you're interested in a provider that does some rudimentary filtering.
+Encrypted DNS with a third party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences, or you're interested in a provider that does some rudimentary filtering.
 
 [List of recommended DNS servers](../dns.md){ .md-button }
 

docs/advanced/tor-overview.md

@@ -20,7 +20,7 @@ Tor works by routing your internet traffic through volunteer-operated servers, i
 
 Before connecting to Tor, you should carefully consider what you're looking to accomplish by using Tor in the first place, and who you're trying to hide your network activity from.
 
-If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [de-stigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
+If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [destigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
 
 If you have the ability to access a trusted VPN provider and **any** of the following are true, you almost certainly should connect to Tor through a VPN:
 

docs/ai-chat.md

@@ -25,7 +25,7 @@ Alternatively, you can run AI models locally so that your data never leaves your
 
 ### Hardware for Local AI Models
 
-Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
+Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8 GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
 
 LLMs can usually be differentiated by the number of parameters, which can vary between 1.3B to 405B for open-source models available for end users. For example, models below 6.7B parameters are only good for basic tasks like text summaries, while models between 7B and 13B are a great compromise between quality and speed. Models with advanced reasoning capabilities are generally around 70B.
 
@@ -33,9 +33,9 @@ For consumer-grade hardware, it is generally recommended to use [quantized model
 
 | Model Size (in Parameters) | Minimum RAM | Minimum Processor |
 |---|---|---|
-| 7B | 8GB | Modern CPU (AVX2 support) |
+| 7B | 8 GB | Modern CPU (AVX2 support) |
-| 13B | 16GB | Modern CPU (AVX2 support) |
+| 13B | 16 GB | Modern CPU (AVX2 support) |
-| 70B | 72GB | GPU with VRAM |
+| 70B | 72 GB | GPU with VRAM |
 
 To run AI locally, you need both an AI model and an AI client.
 
@@ -143,7 +143,7 @@ Llamafile also supports LLaVA. However, it doesn't support speech recognition or
 
 </div>
 
-Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4GB, and most models are larger than that.
+Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4 GB, and most models are larger than that.
 
 To circumvent these issues, you can [load external weights](https://github.com/Mozilla-Ocho/llamafile#using-llamafile-with-external-weights).
 
@@ -162,7 +162,7 @@ To check the authenticity and safety of the model, look for:
 - Matching checksums[^1]
     - On Hugging Face, you can find the hash by clicking on a model file and looking for the **Copy SHA256** button below it. You should compare this checksum with the one from the model file you downloaded.
 
-A downloaded model is generally safe if it satisfies all of the above checks.
+A downloaded model is generally safe if it satisfies all the above checks.
 
 ## Criteria
 
@@ -174,14 +174,14 @@ Please note we are not affiliated with any of the projects we recommend. In addi
 - Must not transmit personal data, including chat data.
 - Must be multi-platform.
 - Must not require a GPU.
-- Must have support for GPU-powered fast inference.
+- Must support GPU-powered fast inference.
 - Must not require an internet connection.
 
 ### Best-Case
 
 Our best-case criteria represent what we *would* like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
 
-- Should be easy to download and set up, e.g. with a one-click install process.
+- Should be easy to download and set up, e.g. with a one-click installation process.
 - Should have a built-in model downloader option.
 - The user should be able to modify the LLM parameters, such as its system prompt or temperature.
 

docs/alternative-networks.md

@@ -67,7 +67,7 @@ You can enable Snowflake in your browser by opening it in another tab and turnin
 
 Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours.
 
-Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
+Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavors. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
 
 ### I2P (The Invisible Internet Project)
 
@@ -76,7 +76,7 @@ Running a Snowflake proxy is low-risk, even more so than running a Tor relay or
 ![I2P logo](assets/img/self-contained-networks/i2p.svg#only-light){ align=right }
 ![I2P logo](assets/img/self-contained-networks/i2p-dark.svg#only-dark){ align=right }
 
-**I2P** is an network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
+**I2P** is a network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
 
 [:octicons-home-16: Homepage](https://geti2p.net/en){ .md-button .md-button--primary }
 [:octicons-info-16:](https://geti2p.net/en/about/software){ .card-link title=Documentation }
@@ -105,7 +105,7 @@ You can try connecting to *Privacy Guides* via I2P at [privacyguides.i2p](http:/
 
 </div>
 
-Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side-effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottlenecked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
+Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottle necked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
 
 There are downsides to I2P's approach, however. Tor relying on dedicated exit nodes means more people in less safe environments can use it, and the relays that do exist on Tor are likely to be more performant and stable, as they generally aren't run on residential connections. Tor is also far more focused on **browser privacy** (i.e. anti-fingerprinting), with a dedicated [Tor Browser](tor.md) to make browsing activity as anonymous as possible. I2P is used via your [regular web browser](desktop-browsers.md), and while you can configure your browser to be more privacy-protecting, you probably still won't have the same browser fingerprint as other I2P users (there's no "crowd" to blend in with in that regard).
 

docs/android/general-apps.md

@@ -98,7 +98,7 @@ Main privacy features include:
 <div class="admonition note" markdown>
 <p class="admonition-title">Note</p>
 
-Metadata is not currently deleted from video files but that is planned.
+Metadata is not currently deleted from video files, but that is planned.
 
 The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
 

docs/basics/account-creation.md

@@ -5,7 +5,7 @@ icon: 'material/account-plus'
 description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private.
 ---
 
-Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line.
+Often people sign up for services without thinking. Maybe it's a streaming service to watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line.
 
 There are risks associated with every new service that you use. Data breaches; disclosure of customer information to third parties; rogue employees accessing data; all are possibilities that must be considered when giving your information out. You need to be confident that you can trust the service, which is why we don't recommend storing valuable data on anything but the most mature and battle-tested products. That usually means services which provide E2EE and have undergone a cryptographic audit. An audit increases assurance that the product was designed without glaring security issues caused by an inexperienced developer.
 
@@ -13,11 +13,11 @@ It can also be difficult to delete the accounts on some services. Sometimes [ove
 
 ## Terms of Service & Privacy Policy
 
-The ToS are the rules that you agree to follow when using the service. With larger services these rules are often enforced by automated systems. Sometimes these automated systems can make mistakes. For example, you may be banned or locked out of your account on some services for using a VPN or VOIP number. Appealing such bans is often difficult, and involves an automated process too, which isn't always successful. This would be one of the reasons why we wouldn't suggest using Gmail for email as an example. Email is crucial for access to other services you might have signed up for.
+The ToS are the rules that you agree to follow when using the service. With larger services these rules are often enforced by automated systems. Sometimes these automated systems can make mistakes. For example, you may be banned or locked out of your account on some services for using a VPN or VoIP number. Appealing such bans is often difficult, and involves an automated process too, which isn't always successful. This would be one of the reasons why we wouldn't suggest using Gmail for email as an example. Email is crucial for access to other services you might have signed up for.
 
-The Privacy Policy is how the service says they will use your data and it is worth reading so that you understand how your data will be used. A company or organization might not be legally obligated to follow everything contained in the policy (it depends on the jurisdiction). We would recommend having some idea what your local laws are and what they permit a provider to collect.
+The Privacy Policy is how the service says they will use your data, and it is worth reading so that you understand how your data will be used. A company or organization might not be legally obligated to follow everything contained in the policy (it depends on the jurisdiction). We would recommend having some idea what your local laws are and what they permit a provider to collect.
 
-We recommend looking for particular terms such as "data collection", "data analysis", "cookies", "ads" or "3rd-party" services. Sometimes you will be able to opt-out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start.
+We recommend looking for particular terms such as "data collection", "data analysis", "cookies", "ads" or "3rd-party" services. Sometimes you will be able to opt out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start.
 
 Keep in mind you're also placing your trust in the company or organization and that they will comply with their own privacy policy.
 
@@ -42,7 +42,7 @@ You will be responsible for managing your login credentials. For added security,
 
 #### Email aliases
 
-If you don't want to give your real email address to a service, you have the option to use an alias. We described them in more detail on our email services recommendation page. Essentially, alias services allow you to generate new email addresses that forward all emails to your main address. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign up process. Those can be filtered automatically based on the alias they are sent to.
+If you don't want to give your real email address to a service, you have the option to use an alias. We described them in more detail on our email services recommendation page. Essentially, alias services allow you to generate new email addresses that forward all emails to your main address. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign-up process. Those can be filtered automatically based on the alias they are sent to.
 
 Should a service get hacked, you might start receiving phishing or spam emails to the address you used to sign up. Using unique aliases for each service can assist in identifying exactly what service was hacked.
 
@@ -76,7 +76,7 @@ Malicious applications, particularly on mobile devices where the application has
 
 We recommend avoiding services that require a phone number for sign up. A phone number can identify you across multiple services and depending on data sharing agreements this will make your usage easier to track, particularly if one of those services is breached as the phone number is often **not** encrypted.
 
-You should avoid giving out your real phone number if you can. Some services will allow the use of VOIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
+You should avoid giving out your real phone number if you can. Some services will allow the use of VoIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
 
 In many cases you will need to provide a number that you can receive SMS or calls from, particularly when shopping internationally, in case there is a problem with your order at border screening. It's common for services to use your number as a verification method; don't let yourself get locked out of an important account because you wanted to be clever and give a fake number!
 

docs/basics/account-deletion.md

@@ -27,7 +27,7 @@ Desktop platforms also often have a password manager which may help you recover
 
 ### Email
 
-If you didn't use a password manager in the past or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. On your email client, search for keywords such as "verify" or "welcome." Almost every time you make an online account, the service will send a verification link or an introductory message to your email. This can be a good way to find old, forgotten accounts.
+If you didn't use a password manager in the past, or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. On your email client, search for keywords such as "verify" or "welcome." Almost every time you make an online account, the service will send a verification link or an introductory message to your email. This can be a good way to find old, forgotten accounts.
 
 ## Deleting Old Accounts
 
@@ -39,7 +39,7 @@ When attempting to regain access, if the site returns an error message saying th
 
 ### GDPR (EEA residents only)
 
-Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. If it's applicable to you, read the privacy policy for any given service to find information on how to exercise your right to erasure. Reading the privacy policy can prove important, as some services have a "Delete Account" option that only disables your account and for real deletion you have to take additional action. Sometimes actual deletion may involve filling out surveys, emailing the data protection officer of the service or even proving your residence in the EEA. If you plan to go this way, do **not** overwrite account information—your identity as an EEA resident may be required. Note that the location of the service does not matter; GDPR applies to anyone serving European users. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and you may be entitled to monetary compensation.
+Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. If it's applicable to you, read the privacy policy for any given service to find information on how to exercise your right to erasure. Reading the privacy policy can prove important, as some services have a "Delete Account" option that only disables your account and for real deletion you have to take additional action. Sometimes actual deletion may involve filling out surveys, emailing the data protection officer of the service or even proving your residence in the EEA. If you plan to go this way, do **not** overwrite account information—your identity as an EEA resident may be required. Note that the location of the service does not matter; GDPR applies to anyone serving European users. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and may be entitled to monetary compensation.
 
 ### Overwriting Account information
 

docs/basics/common-misconceptions.md

@@ -63,13 +63,13 @@ The privacy policies and business practices of providers you choose are very imp
 
 ## "Complicated is better"
 
-We often see people describing privacy threat models that are overly complex. Often, these solutions include problems like many different email accounts or complicated setups with lots of moving parts and conditions. The replies are usually answers to "What is the best way to do *X*?"
+We often see people describing privacy threat models that are overly complex. Often, these solutions include problems like multiple email accounts or complicated setups with lots of moving parts and conditions. The replies are usually answers to "What is the best way to do *X*?"
 
 Finding the "best" solution for yourself doesn't necessarily mean you are after an infallible solution with dozens of conditions—these solutions are often difficult to work with realistically. As we discussed previously, security often comes at the cost of convenience. Below, we provide some tips:
 
 1. ==Actions need to serve a particular purpose:== think about how to do what you want with the fewest actions.
 2. ==Remove human failure points:== We fail, get tired, and forget things. To maintain security, avoid relying on manual conditions and processes that you have to remember.
-3. ==Use the right level of protection for what you intend.== We often see recommendations of so-called law-enforcement or subpoena-proof solutions. These often require specialist knowledge and generally aren't what people want. There's no point in building an intricate threat model for anonymity if you can be easily de-anonymized by a simple oversight.
+3. ==Use the right level of protection for what you intend.== We often see recommendations of so-called law-enforcement or subpoena-proof solutions. These often require specialist knowledge and generally aren't what people want. There's no point in building an intricate threat model for anonymity if you can be easily deanonymized by a simple oversight.
 
 So, how might this look?
 
@@ -94,4 +94,4 @@ One of the clearest threat models is one where people *know who you are* and one
 
     Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.)
 
-[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added a obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
+[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added an obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.

docs/basics/common-threats.md

@@ -4,7 +4,7 @@ icon: 'material/eye-outline'
 description: Your threat model is personal to you, but these are some of the things many visitors to this site care about.
 ---
 
-Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat.
+Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat.
 
 <span class="pg-purple">:material-incognito: **Anonymity**</span>
 
@@ -16,7 +16,7 @@ Broadly speaking, we categorize our recommendations into the [threats](threat-mo
 
 <span class="pg-viridian">:material-package-variant-closed-remove: **Supply Chain Attacks**</span>
 
-:    Typically a form of <span class="pg-red">:material-target-account: Targeted Attack</span> that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
+:    Typically, a form of <span class="pg-red">:material-target-account: Targeted Attack</span> that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
 
 <span class="pg-orange">:material-bug-outline: **Passive Attacks**</span>
 
@@ -36,7 +36,7 @@ Broadly speaking, we categorize our recommendations into the [threats](threat-mo
 
 <span class="pg-green">:material-account-search: **Public Exposure**</span>
 
-:   Limiting the information about you that is accessible online—to search engines or the general public.
+:   Limiting the information about you that is accessible online—to search engines or the public.
 
 <span class="pg-blue-gray">:material-close-outline: **Censorship**</span>
 
@@ -67,7 +67,7 @@ To minimize the damage that a malicious piece of software *could* do, you should
 
 Mobile operating systems generally have better application sandboxing than desktop operating systems: Apps can't obtain root access, and require permission for access to system resources.
 
-Desktop operating systems generally lag behind on proper sandboxing. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt-in to sandboxing for applications). However, these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
+Desktop operating systems generally lag behind on proper sandboxing. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt in to sandboxing for applications). However, these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
 
 </div>
 
@@ -134,7 +134,7 @@ Therefore, you should use native applications over web clients whenever possible
 
 </div>
 
-Even with E2EE, service providers can still profile you based on **metadata**, which typically isn't protected. While the service provider can't read your messages, they can still observe important things, such as who you're talking to, how often you message them, and when you're typically active. Protection of metadata is fairly uncommon, and—if it's within your [threat model](threat-modeling.md)—you should pay close attention to the technical documentation of the software you're using to see if there's any metadata minimization or protection at all.
+Even with E2EE, service providers can still profile you based on **metadata**, which typically isn't protected. While the service provider can't read your messages, they can still observe important things, such as whom you're talking to, how often you message them, and when you're typically active. Protection of metadata is fairly uncommon, and—if it's within your [threat model](threat-modeling.md)—you should pay close attention to the technical documentation of the software you're using to see if there's any metadata minimization or protection at all.
 
 ## Mass Surveillance Programs
 
@@ -147,7 +147,7 @@ Mass surveillance is the intricate effort to monitor the "behavior, many activit
 
 If you want to learn more about surveillance methods and how they're implemented in your city you can also take a look at the [Atlas of Surveillance](https://atlasofsurveillance.org) by the [Electronic Frontier Foundation](https://eff.org).
 
-In France you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
+In France, you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
 
 </div>
 
@@ -180,7 +180,7 @@ If you're concerned about mass surveillance programs, you can use strategies lik
 
 For many people, tracking and surveillance by private corporations is a growing concern. Pervasive ad networks, such as those operated by Google and Facebook, span the internet far beyond just the sites they control, tracking your actions along the way. Using tools like content blockers to limit network requests to their servers, and reading the privacy policies of the services you use can help you avoid many basic adversaries (although it can't completely prevent tracking).[^4]
 
-Additionally, even companies outside of the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. You can't automatically assume your data is safe just because the service you're using doesn't fall within the typical AdTech or tracking business model. The strongest protection against corporate data collection is to encrypt or obfuscate your data whenever possible, making it difficult for different providers to correlate data with each other and build a profile on you.
+Additionally, even companies outside the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. You can't automatically assume your data is safe just because the service you're using doesn't fall within the typical AdTech or tracking business model. The strongest protection against corporate data collection is to encrypt or obfuscate your data whenever possible, making it difficult for different providers to correlate data with each other and build a profile on you.
 
 ## Limiting Public Information
 

docs/basics/email-security.md

@@ -29,13 +29,13 @@ If you use a shared domain from a provider which doesn't support WKD, like @gmai
 
 ### What Email Clients Support E2EE?
 
-Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multi-factor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
+Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multifactor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
 
 ### How Do I Protect My Private Keys?
 
-A smartcard (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smartcard and the decrypted content is sent back to the device.
+A smart card (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smart card and the decrypted content is sent back to the device.
 
-It is advantageous for the decryption to occur on the smartcard to avoid possibly exposing your private key to a compromised device.
+It is advantageous for the decryption to occur on the smart card to avoid possibly exposing your private key to a compromised device.
 
 ## Email Metadata Overview
 
@@ -49,4 +49,4 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http
 
 ### Why Can't Metadata be E2EE?
 
-Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc.
+Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as whom you're emailing, the subject lines, when you're emailing, etc.

docs/basics/hardware.md

@@ -55,7 +55,7 @@ Most implementations of face authentication require you to be looking at your ph
 <div class="admonition warning" markdown>
 <p class="admonition-title">Warning</p>
 
-Some devices do not have the proper hardware for secure face authentication. There's two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
+Some devices do not have the proper hardware for secure face authentication. There are two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
 
 </div>
 
@@ -102,7 +102,7 @@ A dead man's switch stops a piece of machinery from operating without the presen
 
 Some laptops are able to [detect](https://support.microsoft.com/en-us/windows/managing-presence-sensing-settings-in-windows-11-82285c93-440c-4e15-9081-c9e38c1290bb) when you're present and can lock automatically when you aren't sitting in front of the screen. You should check the settings in your OS to see if your computer supports this feature.
 
-You can also get cables, like [Buskill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
+You can also get cables, like [BusKill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
 
 ### Anti-Interdiction/Evil Maid Attack
 

docs/basics/multi-factor-authentication.md

@@ -1,9 +1,9 @@
 ---
-title: "Multi-Factor Authentication"
+title: "Multifactor Authentication"
 icon: 'material/two-factor-authentication'
 description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others.
 ---
-**Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app.
+**Multifactor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app.
 
 Normally, if a hacker (or adversary) is able to figure out your password then they’d gain access to the account that password belongs to. An account with MFA forces the hacker to have both the password (something you *know*) and a device that you own (something you *have*), like your phone.
 
@@ -25,7 +25,7 @@ The security of push notification MFA is dependent on both the quality of the ap
 
 ### Time-based One-time Password (TOTP)
 
-TOTP is one of the most common forms of MFA available. When you set up TOTP, you are generally required to scan a [QR Code](https://en.wikipedia.org/wiki/QR_code) which establishes a "[shared secret](https://en.wikipedia.org/wiki/Shared_secret)" with the service that you intend to use. The shared secret is secured inside of the authenticator app's data, and is sometimes protected by a password.
+TOTP is one of the most common forms of MFA available. When you set up TOTP, you are generally required to scan a [QR Code](https://en.wikipedia.org/wiki/QR_code) which establishes a "[shared secret](https://en.wikipedia.org/wiki/Shared_secret)" with the service that you intend to use. The shared secret is secured inside the authenticator app's data, and is sometimes protected by a password.
 
 The time-limited code is then derived from the shared secret and the current time. As the code is only valid for a short time, without access to the shared secret, an adversary cannot generate new codes.
 
@@ -81,7 +81,7 @@ This presentation discusses the history of password authentication, the pitfalls
 
 FIDO2 and WebAuthn have superior security and privacy properties when compared to any MFA methods.
 
-Typically for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). It uses public key authentication and is more secure than shared secrets used in Yubico OTP and TOTP methods, as it includes the origin name (usually, the domain name) during authentication. Attestation is provided to protect you from phishing attacks, as it helps you to determine that you are using the authentic service and not a fake copy.
+Typically, for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). It uses public key authentication and is more secure than shared secrets used in Yubico OTP and TOTP methods, as it includes the origin name (usually, the domain name) during authentication. Attestation is provided to protect you from phishing attacks, as it helps you to determine that you are using the authentic service and not a fake copy.
 
 Unlike Yubico OTP, WebAuthn does not use any public ID, so the key is **not** identifiable across different websites. It also does not use any third-party cloud server for authentication. All communication is completed between the key and the website you are logging into. FIDO also uses a counter which is incremented upon use in order to prevent session reuse and cloned keys.
 
@@ -115,15 +115,15 @@ If you use SMS MFA, use a carrier who will not switch your phone number to a new
 
 ## More Places to Set Up MFA
 
-Beyond just securing your website logins, multi-factor authentication can be used to secure your local logins, SSH keys or even password databases as well.
+Beyond just securing your website logins, multifactor authentication can be used to secure your local logins, SSH keys or even password databases as well.
 
 ### macOS
 
-macOS has [native support](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) for authentication with smart cards (PIV). If you have a smartcard or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smartcard/hardware security vendor's documentation and set up second factor authentication for your macOS computer.
+macOS has [native support](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) for authentication with smart cards (PIV). If you have a smart card or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smart card or hardware security vendor's documentation and set up second factor authentication for your macOS computer.
 
 Yubico have a guide [Using Your YubiKey as a Smart Card in macOS](https://support.yubico.com/hc/articles/360016649059) which can help you set up your YubiKey on macOS.
 
-After your smartcard/security key is set up, we recommend running this command in the Terminal:
+After your smart card/security key is set up, we recommend running this command in the Terminal:
 
 ```text
 sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin -bool YES
@@ -158,4 +158,4 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How
 
 ### KeePass (and KeePassXC)
 
-KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
+KeePass and KeePassXC databases can be secured using HOTP or Challenge-Response as a second-factor of authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.

docs/basics/passwords-overview.md

@@ -24,7 +24,7 @@ All of our [recommended password managers](../passwords.md) include a built-in p
 
 You should avoid changing passwords that you have to remember (such as your password manager's master password) too often unless you have reason to believe it has been compromised, as changing it too often exposes you to the risk of forgetting it.
 
-When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multi-factor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Most password managers allow you to set an expiry date for your password to make this easier to manage.
+When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multifactor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Most password managers allow you to set an expiry date for your password to make this easier to manage.
 
 <div class="admonition tip" markdown>
 <p class="admonition-title">Checking for data breaches</p>
@@ -54,13 +54,13 @@ To generate a diceware passphrase using real dice, follow these steps:
 <div class="admonition Note" markdown>
 <p class="admonition-title">Note</p>
 
-These instructions assume that you are using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other wordlists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
+These instructions assume that you are using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other word lists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
 
 </div>
 
 1. Roll a six-sided die five times, noting down the number after each roll.
 
-2. As an example, let's say you rolled `2-5-2-6-6`. Look through the [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
+2. As an example, let's say you rolled `2-5-2-6-6`. Look through the [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
 
 3. You will find the word `encrypt`. Write that word down.
 
@@ -75,12 +75,12 @@ You should **not** re-roll words until you get a combination of words that appea
 
 If you don't have access to or would prefer to not use real dice, you can use your password manager's built-in password generator, as most of them have the option to generate diceware passphrases in addition to regular passwords.
 
-We recommend using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [other wordlists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
+We recommend using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [word lists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
 
 <details class="note" markdown>
 <summary>Explanation of entropy and strength of diceware passphrases</summary>
 
-To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
+To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
 
 One metric to determine the strength of a diceware passphrase is how much entropy it has. The entropy per word in a diceware passphrase is calculated as <math>
   <mrow>
@@ -132,19 +132,19 @@ Therefore, each word in the aforementioned list results in ~12.9 bits of entropy
   </mrow>
 </math>).
 
-The [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is <math>
+The [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is <math>
   <msup>
     <mtext>WordsInList</mtext>
     <mtext>WordsInPhrase</mtext>
   </msup>
 </math>, or in our case, <math><msup><mn>7776</mn><mn>7</mn></msup></math>.
 
-Let's put all of this in perspective: A seven word passphrase using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
+Let's put all of this in perspective: A seven word passphrase using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
 
 On average, it takes trying 50% of all the possible combinations to guess your phrase. With that in mind, even if your adversary is capable of ~1,000,000,000,000 guesses per second, it would still take them ~27,255,689 years to guess your passphrase. That is the case even if the following things are true:
 
 - Your adversary knows that you used the diceware method.
-- Your adversary knows the specific wordlist that you used.
+- Your adversary knows the specific word list that you used.
 - Your adversary knows how many words your passphrase contains.
 
 </details>
@@ -164,7 +164,7 @@ There are many good options to choose from, both cloud-based and local. Choose o
 <div class="admonition warning" markdown>
 <p class="admonition-title">Don't place your passwords and TOTP tokens inside the same password manager</p>
 
-When using [TOTP codes as multi-factor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
+When using [TOTP codes as multifactor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
 
 Storing your TOTP tokens in the same place as your passwords, while convenient, reduces the accounts to a single factor in the event that an adversary gains access to your password manager.
 

docs/basics/threat-modeling.md

@@ -35,7 +35,7 @@ An “asset” is something you value and want to protect. In the context of dig
 
 To answer this question, it's important to identify who might want to target you or your information. ==A person or entity that poses a threat to your assets is an “adversary”.== Examples of potential adversaries are your boss, your former partner, your business competition, your government, or a hacker on a public network.
 
-*Make a list of your adversaries or those who might want to get ahold of your assets. Your list may include individuals, a government agency, or corporations.*
+*Make a list of your adversaries or those who might want to get hold of your assets. Your list may include individuals, a government agency, or corporations.*
 
 Depending on who your adversaries are, this list might be something you want to destroy after you've finished developing your threat model.
 

docs/browser-extensions.md

@@ -85,7 +85,7 @@ uBlock Origin Lite only receives block list updates whenever the extension is up
 
 ### AdGuard
 
-We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, Adguard provides an adequate alternative:
+We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, AdGuard provides an adequate alternative:
 
 <div class="admonition recommendation" markdown>
 

docs/calendar.md

@@ -18,7 +18,7 @@ cover: calendar.webp
 ![Tuta logo](assets/img/email/tuta.svg#only-light){ align=right }
 ![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ align=right }
 
-**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multi-factor authentication, and [more](https://tuta.com/calendar-app-comparison).
+**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multifactor authentication, and [more](https://tuta.com/calendar-app-comparison).
 
 Multiple calendars and extended sharing functionality is limited to paid subscribers.
 

docs/cloud.md

@@ -27,7 +27,7 @@ Nextcloud is [still a recommended tool](document-collaboration.md#nextcloud) for
 
 ![Proton Drive logo](assets/img/cloud/protondrive.svg){ align=right }
 
-**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5GB.
+**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2 GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5 GB.
 
 [:octicons-home-16: Homepage](https://proton.me/drive){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://proton.me/drive/privacy-policy){ .card-link title="Privacy Policy" }
@@ -120,7 +120,7 @@ Running a local version of Peergos alongside a registered account on their paid,
 
 Peergos was [audited](https://peergos.org/posts/security-audit-2024) in November 2024 by Radically Open Security and all issues were fixed. They were previously [audited](https://cure53.de/pentest-report_peergos.pdf) by Cure53 in June 2019, and all found issues were subsequently fixed.
 
-An Android app is not available but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
+An Android app is not available, but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
 
 ## Criteria
 
@@ -130,7 +130,7 @@ An Android app is not available but it is [in the works](https://discuss.privacy
 
 - Must enforce end-to-end encryption.
 - Must offer a free plan or trial period for testing.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
 - Must offer a web interface which supports basic file management functionality.
 - Must allow for easy exports of all files/documents.
 

docs/cryptocurrency.md

@@ -74,7 +74,7 @@ There are numerous centralized exchanges (CEX) as well as P2P marketplaces where
 - [Kraken](https://kraken.com): A well-known CEX. Registration and KYC are mandatory. Card payments and bank transfers accepted. Make sure not to leave your newly purchased Monero on Kraken's platform after the purchase; withdraw them to a self-custody wallet. Monero is not available in all jurisdictions that Kraken operates in.[^1]
 - [Cake Wallet](https://cakewallet.com): A self-custody cross-platform wallet for Monero and other cryptocurrencies. You can buy Monero directly in the app using card payments or bank transfers (through third-party providers such as [Guardarian](https://guardarian.com) or [DFX](https://dfx.swiss)).[^2] KYC is usually not required, but it depends on your country and the amount you are purchasing. In countries where directly purchasing Monero is not possible, you can also use a provider within Cake Wallet to first buy another cryptocurrency such as Bitcoin, Bitcoin Cash, or Litecoin and then exchange it to Monero in-app.
     - [Monero.com](https://monero.com) is an associated website where you can buy Monero and other cryptocurrencies without having to download an app. The funds will simply be sent to the wallet address of your choice.
-- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, Paypal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
+- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, PayPal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
 
 ## Criteria
 

docs/data-broker-removals.md

@@ -55,11 +55,11 @@ This sets you up on a nice schedule to re-review each website approximately ever
 
 Once you have opted-out of all of these sites for the first time, it's best to wait a week or two for the requests to propagate to all their sites. Then, you can start to search and opt-out of any remaining sites you find. It can be a good idea to use a web crawler like [Google's *Results about you*](#google-results-about-you-free) tool to help find any data that remains on the internet.
 
-Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go though each site to determine whether they have your information, and remove it:
+Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go through each site to determine whether they have your information, and remove it:
 
 [:simple-github: Big Ass Data Broker Opt-Out List](https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List){ .md-button }
 
-If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand new people search sites even after you opt-out.
+If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand-new people search sites even after you opt out.
 
 ## EasyOptOuts <small>Paid</small>
 
@@ -124,7 +124,7 @@ In our testing, this tool worked to reliably remove people search sites from Goo
 
 Our picks for removal services are primarily based on independent professional testing from third-parties as noted in the sections above, our own internal testing, and aggregated reviews from our community.
 
-- Must not be a whitelabeled service or reseller of another provider.
+- Must not be a white labeled service or reseller of another provider.
 - Must not be affiliated with the data broker industry or purchase advertising on people search sites.
 - Must only use your personal data for the purposes of opting you out of data broker databases and people search sites.
 

docs/desktop-browsers.md

@@ -108,7 +108,7 @@ This is required to prevent advanced forms of tracking, but does come at the cos
 
 ### Mullvad Leta
 
-Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes preinstalled with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. Mullvad Leta queries Google's paid search API directly, which is why it is limited to paying subscribers. However, it is possible for Mullvad to correlate search queries and Mullvad VPN accounts because of this limitation. For this reason we discourage the use of Mullvad Leta, even though Mullvad collects very little information about their VPN subscribers.
+Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes pre-installed with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. Mullvad Leta queries Google's paid search API directly, which is why it is limited to paying subscribers. However, it is possible for Mullvad to correlate search queries and Mullvad VPN accounts because of this limitation. For this reason we discourage the use of Mullvad Leta, even though Mullvad collects very little information about their VPN subscribers.
 
 ## Firefox
 
@@ -188,7 +188,7 @@ According to Mozilla's privacy policy for Firefox,
 
 > Firefox sends data about your Firefox version and language; device operating system and hardware configuration; memory, basic information about crashes and errors; outcome of automated processes like updates, safebrowsing, and activation to us. When Firefox sends data to us, your IP address is temporarily collected as part of our server logs.
 
-Additionally, the Mozilla Accounts service collects [some technical data](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt-out:
+Additionally, the Mozilla Accounts service collects [some technical data](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt out:
 
 1. Open your [profile settings on accounts.firefox.com](https://accounts.firefox.com/settings#data-collection)
 2. Uncheck **Data Collection and Use** > **Help improve Firefox Accounts**
@@ -203,7 +203,7 @@ With the release of Firefox 128, a new setting for [privacy-preserving attributi
 
 - [x] Select **Enable HTTPS-Only Mode in all windows**
 
-This prevents you from unintentionally connecting to a website in plain-text HTTP. Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day to day browsing.
+This prevents you from unintentionally connecting to a website in plain-text HTTP. Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day-to-day browsing.
 
 ##### DNS over HTTPS
 
@@ -296,7 +296,7 @@ Brave allows you to select additional content filters within the internal `brave
 
 </div>
 
-1. This option disables JavaScript, which will break a lot of sites. To unbreak them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
+1. This option disables JavaScript, which will break a lot of sites. To fix them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
 2. If you wish to stay logged in to a particular site you visit often, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
 
 #### Privacy and security

docs/desktop.md

@@ -100,7 +100,7 @@ These operating systems differ from Fedora Workstation as they replace the [DNF]
 
 After the update is complete, you will reboot the system into the new deployment. `rpm-ostree` keeps two deployments of the system so that you can easily roll back if something breaks in the new deployment. There is also the option to pin more deployments as needed.
 
-[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside of a container on top of the base image.
+[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside a container on top of the base image.
 
 As an alternative to Flatpaks, there is the option of [Toolbx](https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox) to create [Podman](https://podman.io) containers which mimic a traditional Fedora environment, a [useful feature](https://containertoolbx.org) for the discerning developer. These containers share a home directory with the host operating system.
 
@@ -122,7 +122,7 @@ NixOS is an independent distribution based on the Nix package manager with a foc
 
 NixOS’s package manager keeps every version of every package in a different folder in the **Nix store**. Due to this you can have different versions of the same package installed on your system. After the package contents have been written to the folder, the folder is made read-only.
 
-NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
+NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot, or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
 
 The Nix package manager uses a purely functional language—which is also called Nix—to define packages.
 

docs/device-integrity.md

@@ -28,7 +28,7 @@ This means an attacker would have to regularly re-infect your device to retain a
 If any of the following tools indicate a potential compromise by spyware such as Pegasus, Predator, or KingsPawn, we advise that you contact:
 
 - If you are a human rights defender, journalist, or from a civil society organization: [Amnesty International's Security Lab](https://securitylab.amnesty.org/contact-us)
-- If a business or government device is compromised: the appropriate security liason at your enterprise, department, or agency
+- If a business or government device is compromised: the appropriate security liaison at your enterprise, department, or agency
 - Local law enforcement
 
 **We are unable to help you directly beyond this.** We are happy to discuss your specific situation or circumstances and review your results in our [community](https://discuss.privacyguides.net) spaces, but it is unlikely we can assist you beyond what is written on this page.
@@ -128,7 +128,7 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
 
 </div>
 
-iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
+iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
 
 ## On-Device Verification
 

docs/dns.md

@@ -79,7 +79,7 @@ AdGuard Home features a polished web interface to view insights and manage block
 
 ## Cloud-Based DNS Filtering
 
-These DNS filtering solutions offer a web dashboard where you can customize the blocklists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
+These DNS filtering solutions offer a web dashboard where you can customize the block lists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
 
 ### Control D
 
@@ -168,7 +168,7 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](ad
 
 </div>
 
-While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a Wireguard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
+While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a WireGuard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
 
 ### dnscrypt-proxy
 

docs/document-collaboration.md

@@ -85,4 +85,4 @@ In general, we define collaboration platforms as full-fledged suites which could
 Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
 
 - Should store files in a conventional filesystem.
-- Should support TOTP or FIDO2 multi-factor authentication support, or passkey logins.
+- Should support TOTP or FIDO2 multifactor authentication support, or passkey logins.

docs/email-aliasing.md

@@ -79,7 +79,7 @@ If you cancel your subscription, you will still enjoy the features of your paid
 
 <div class="admonition recommendation" markdown>
 
-![Simplelogin logo](assets/img/email-aliasing/simplelogin.svg){ align=right }
+![SimpleLogin logo](assets/img/email-aliasing/simplelogin.svg){ align=right }
 
 **SimpleLogin** is a free service which provides email aliases on a variety of shared domain names, and optionally provides paid features like unlimited aliases and custom domains.
 

docs/email.md

@@ -55,7 +55,7 @@ OpenPGP also does not support Forward secrecy, which means if either your or the
 
 ![Proton Mail logo](assets/img/email/protonmail.svg){ align=right }
 
-**Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+**Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
 
 [:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary }
 [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" }
@@ -94,7 +94,7 @@ Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in
 
 #### :material-check:{ .pg-green } Account Security
 
-Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) and [hardware security keys](https://proton.me/support/2fa-security-key) using FIDO2 or U2F standards. The use of a hardware security key requires setting up TOTP two factor authentication first.
+Proton Mail supports TOTP [two-factor authentication](https://proton.me/support/two-factor-authentication-2fa) and [hardware security keys](https://proton.me/support/2fa-security-key) using FIDO2 or U2F standards. The use of a hardware security key requires setting up TOTP two-factor authentication first.
 
 #### :material-check:{ .pg-green } Data Security
 
@@ -114,7 +114,7 @@ If you have a paid account and your [bill is unpaid](https://proton.me/support/d
 
 #### :material-information-outline:{ .pg-blue } Additional Functionality
 
-Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500GB of storage.
+Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500 GB of storage.
 
 Proton Mail doesn't offer a digital legacy feature.
 
@@ -124,7 +124,7 @@ Proton Mail doesn't offer a digital legacy feature.
 
 ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ align=right }
 
-**Mailbox.org** is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2GB storage, which can be upgraded as needed.
+**Mailbox.org** is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2 GB storage, which can be upgraded as needed.
 
 [:octicons-home-16: Homepage](https://mailbox.org){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Privacy Policy" }
@@ -145,11 +145,11 @@ Mailbox.org lets you use your own domain, and they support [catch-all](https://k
 
 #### :material-check:{ .pg-green } Private Payment Methods
 
-Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung.
+Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and a couple of German-specific processors: paydirekt and Sofortüberweisung.
 
 #### :material-check:{ .pg-green } Account Security
 
-Mailbox.org supports [two factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported.
+Mailbox.org supports [two-factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported.
 
 #### :material-information-outline:{ .pg-blue } Data Security
 
@@ -169,7 +169,7 @@ Your account will be set to a restricted user account when your contract ends. I
 
 #### :material-information-outline:{ .pg-blue } Additional Functionality
 
-You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors.
+You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). However, their webmail interface cannot be accessed via their .onion service, and you may experience TLS certificate errors.
 
 All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/en/private/drive-article/encrypt-files-on-your-drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/en/private/e-mail-article/ensuring-e-mails-are-sent-securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3.
 
@@ -192,7 +192,7 @@ These providers store your emails with zero-knowledge encryption, making them gr
 ![Tuta logo](assets/img/email/tuta.svg#only-light){ align=right }
 ![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ align=right }
 
-**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
 
 [:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" }
@@ -223,11 +223,11 @@ Paid Tuta accounts can use either 15 or 30 aliases depending on their plan and u
 
 #### :material-information-outline:{ .pg-blue } Private Payment Methods
 
-Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with Proxystore.
+Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with ProxyStore.
 
 #### :material-check:{ .pg-green } Account Security
 
-Tuta supports [two factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
+Tuta supports [two-factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
 
 #### :material-check:{ .pg-green } Data Security
 
@@ -294,7 +294,7 @@ We regard these features as important in order to provide a safe and optimal ser
 **Minimum to Qualify:**
 
 - Encrypts email account data at rest with zero-access encryption.
-- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .eml with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
+- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .EML with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
 - Allow users to use their own [domain name](https://en.wikipedia.org/wiki/Domain_name). Custom domain names are important to users because it allows them to maintain their agency from the service, should it turn bad or be acquired by another company which doesn't prioritize privacy.
 - Operates on owned infrastructure, i.e. not built upon third-party email service providers.
 

docs/encryption.md

@@ -114,7 +114,7 @@ VeraCrypt is a fork of the discontinued TrueCrypt project. According to its deve
 
 When encrypting with VeraCrypt, you have the option to select from different [hash functions](https://en.wikipedia.org/wiki/VeraCrypt#Encryption_scheme). We suggest you **only** select [SHA-512](https://en.wikipedia.org/wiki/SHA-512) and stick to the [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) block cipher.
 
-Truecrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
+TrueCrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
 
 ## Operating System Encryption
 
@@ -188,7 +188,7 @@ Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device
 
 ![FileVault logo](assets/img/encryption-software/filevault.png){ align=right }
 
-**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple silicon SoC or T2 Security Chip.
+**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple Silicon SoC or T2 Security Chip.
 
 [:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title="Documentation" }
 

docs/file-sharing.md

@@ -12,7 +12,7 @@ Discover how to privately share your files between your devices, with your frien
 
 ## File Sharing
 
-If you have already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
+If you already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
 
 ### Send
 

docs/frontends.md

@@ -250,7 +250,7 @@ By default, LibreTube blocks all YouTube advertisements. Additionally, LibreTube
 
 <div class="admonition recommendation annotate" markdown>
 
-![Newpipe logo](assets/img/frontends/newpipe.svg){ align=right }
+![NewPipe logo](assets/img/frontends/newpipe.svg){ align=right }
 
 **NewPipe** is a free and open-source Android application for [YouTube](https://youtube.com), [SoundCloud](https://soundcloud.com), [media.ccc.de](https://media.ccc.de), [Bandcamp](https://bandcamp.com), and [PeerTube](https://joinpeertube.org) (1).
 

docs/index.md

@@ -90,7 +90,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
 
     ---
 
-    Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+    Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
 
     [:octicons-arrow-right-24: Read Full Review](email.md#proton-mail)
 
@@ -98,7 +98,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
 
     ---
 
-    Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2GB storage, which can be upgraded as needed.
+    Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2 GB storage, which can be upgraded as needed.
 
     [:octicons-arrow-right-24: Read Full Review](email.md#mailboxorg)
 
@@ -106,7 +106,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
 
     ---
 
-    Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+    Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
 
     [:octicons-arrow-right-24: Read Full Review](email.md#tuta)
 
@@ -176,7 +176,7 @@ As seen in **WIRED**, **Tweakers.net**, **The New York Times**, and many other p
 <div markdown>
 ## What are privacy tools?
 
-We recommend a wide variety of **privacy tools** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can adopt to improve your privacy. Many of the tools we recommend are completely free to use and open-source software, while some are commercial services available for purchase. Switching from mainstream data-hungry software like Google Chrome and Windows to privacy-focused tools like [Brave](desktop-browsers.md#brave) and [Linux](desktop.md) can go a long way towards controlling the information you share with companies and others.
+We recommend a wide variety of **privacy tools** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can use to improve your privacy. Many of the tools we recommend are completely free to use and open-source software, while some are commercial services available for purchase. Switching from mainstream data-hungry software like Google Chrome and Windows to privacy-focused tools like [Brave](desktop-browsers.md#brave) and [Linux](desktop.md) can go a long way towards controlling the information you share with companies and others.
 
 [:material-check-all: Our General Criteria](about/criteria.md){ class="md-button" }
 </div>

docs/meta/brand.md

@@ -12,7 +12,7 @@ The name of the website is **Privacy Guides** and should **not** be changed to:
 - PG.org
 </div>
 
-The name of the subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**.
+The name of the Subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**.
 
 Additional branding guidelines can be found at [github.com/privacyguides/brand](https://github.com/privacyguides/brand)
 

docs/meta/translations.md

@@ -27,8 +27,8 @@ For examples like the above admonitions, quotation marks, e.g.: `" "` must be us
 
 ## Fullwidth alternatives and Markdown syntax
 
-CJK writing systems tend to use alternative "fullwidth" variants of common symbols. These are different characters and cannot be used for markdown syntax.
+CJK writing systems tend to use alternative "fullwidth" variants of common symbols. These are different characters and cannot be used for Markdown syntax.
 
-- Links must use regular parenthesis ie `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `（` (Fullwidth Left Parenthesis U+FF08) or `）` (Fullwidth Right Parenthesis U+FF09)
+- Links must use regular parenthesis i.e. `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `（` (Fullwidth Left Parenthesis U+FF08) or `）` (Fullwidth Right Parenthesis U+FF09)
 - Indented quoted text must use `:` (Colon U+003A) and not `：` (Fullwidth Colon U+FF1A)
 - Pictures must use `!` (Exclamation Mark U+0021) and not `！` (Fullwidth Exclamation Mark U+FF01)

docs/meta/uploading-images.md

@@ -48,7 +48,7 @@ In the **SVG Output** tab under **Document options**:
 - [ ] Turn off **Remove the XML declaration**
 - [x] Turn on **Remove metadata**
 - [x] Turn on **Remove comments**
-- [x] Turn on **Embeded raster images**
+- [x] Turn on **Embedded raster images**
 - [x] Turn on **Enable viewboxing**
 
 In the **SVG Output** under **Pretty-printing**:

docs/meta/writing-style.md

@@ -64,7 +64,7 @@ We should try to avoid abbreviations where possible, but technology is full of a
 
 ## Be concise
 
-> Unnecessary words waste your audience’s time. Great writing is like a conversation. Omit information that the audience doesn’t need to know. This can be difficult as a subject matter expert so it’s important to have someone look at the information from the audience’s perspective.
+> Unnecessary words waste your audience’s time. Great writing is like a conversation. Omit information that the audience doesn’t need to know. This can be difficult as a subject-matter expert, so it’s important to have someone look at the information from the audience’s perspective.
 
 Source: [plainlanguage.gov](https://plainlanguage.gov/guidelines/concise)
 

docs/mobile-browsers.md

@@ -246,7 +246,7 @@ This prevents you from unintentionally connecting to a website in plain-text HTT
 
 These options can be found in :material-menu: → :gear: **Settings** → **Adblock Plus settings**.
 
-Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **FIlter lists** menu.
+Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **Filter lists** menu.
 
 Using extra lists will make you stand out from other Cromite users and may also increase attack surface if a malicious rule is added to one of the lists you use.
 
@@ -270,7 +270,7 @@ On iOS, any app that can browse the web is [restricted](https://developer.apple.
 
 ![Safari logo](assets/img/browsers/safari.svg){ align=right }
 
-**Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
+**Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites, so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
 
 [:octicons-home-16: Homepage](https://apple.com/safari){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://apple.com/legal/privacy/data/en/safari){ .card-link title="Privacy Policy" }
@@ -371,7 +371,7 @@ Open Safari and tap the Tabs button, located in the bottom right. Then, expand t
 
 - [x] Select **Private**
 
-Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are also other smaller privacy benefits with Private Browsing, such as not sending a webpage’s address to Apple when using Safari's translation feature.
+Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are other smaller privacy benefits with Private Browsing too, such as not sending a webpage’s address to Apple when using Safari's translation feature.
 
 Do note that Private Browsing does not save cookies and website data, so it won't be possible to remain signed in to sites. This may be an inconvenience.
 

docs/multi-factor-authentication.md

@@ -1,7 +1,7 @@
 ---
-title: "Multi-Factor Authentication"
+title: "Multifactor Authentication"
 icon: 'material/two-factor-authentication'
-description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party.
+description: These tools assist you with securing your internet accounts with Multifactor Authentication without sending your secrets to a third-party.
 cover: multi-factor-authentication.webp
 ---
 <small>Protects against the following threat(s):</small>
@@ -15,7 +15,7 @@ cover: multi-factor-authentication.webp
 
 </div>
 
-**Multi-Factor Authentication Apps** implement a security standard adopted by the Internet Engineering Task Force (IETF) called **Time-based One-time Passwords**, or **TOTP**. This is a method where websites share a secret with you which is used by your authenticator app to generate a six (usually) digit code based on the current time, which you enter while logging in for the website to check. Typically these codes are regenerated every 30 seconds, and once a new code is generated the old one becomes useless. Even if a hacker gets one six-digit code, there is no way for them to reverse that code to get the original secret or otherwise be able to predict what any future codes might be.
+**Multifactor Authentication Apps** implement a security standard adopted by the Internet Engineering Task Force (IETF) called **Time-based One-time Passwords**, or **TOTP**. This is a method where websites share a secret with you which is used by your authenticator app to generate a six (usually) digit code based on the current time, which you enter while logging in for the website to check. Typically, these codes are regenerated every 30 seconds, and once a new code is generated the old one becomes useless. Even if a hacker gets one six-digit code, there is no way for them to reverse that code to get the original secret or otherwise be able to predict what any future codes might be.
 
 We highly recommend that you use mobile TOTP apps instead of desktop alternatives as Android and iOS have better security and app isolation than most desktop operating systems.
 
@@ -25,7 +25,7 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative
 
 ![Ente Auth logo](assets/img/multi-factor-authentication/ente-auth.svg){ align=right }
 
-**Ente Auth** is a free and open-source app which stores and generates TOTP tokens. It can be used with an online account to backup and sync your tokens across your devices (and access them via a web interface) in a secure, end-to-end encrypted fashion. It can also be used offline on a single device with no account necessary.
+**Ente Auth** is a free and open-source app which stores and generates TOTP tokens. It can be used with an online account to back up and sync your tokens across your devices (and access them via a web interface) in a secure, end-to-end encrypted fashion. It can also be used offline on a single device with no account necessary.
 
 [:octicons-home-16: Homepage](https://ente.io/auth){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://ente.io/privacy){ .card-link title="Privacy Policy" }

docs/news-aggregators.md

@@ -139,16 +139,16 @@ A **news aggregator** is software which aggregates digital content from online n
 
 ## Social Media RSS Support
 
-Some social media services also support RSS although it's not often advertised.
+Some social media services also support RSS, although it's not often advertised.
 
 ### Reddit
 
-Reddit allows you to subscribe to subreddits via RSS.
+Reddit allows you to subscribe to Subreddits via RSS.
 
 <div class="admonition example" markdown>
 <p class="admonition-title">Example</p>
 
-Replace `[SUBREDDIT]` with the subreddit you wish to subscribe to.
+Replace `[SUBREDDIT]` with the Subreddit you wish to subscribe to.
 
 ```text
 https://reddit.com/r/[SUBREDDIT]/new/.rss

docs/notebooks.md

@@ -8,7 +8,7 @@ cover: notebooks.webp
 
 - [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers){ .pg-teal }
 
-Keep track of your notes and journalings without giving them to a third-party.
+Keep track of your notes and journals without giving them to a third party.
 
 If you are currently using an application like Evernote, Google Keep, or Microsoft OneNote, we suggest you pick an alternative here that supports E2EE.
 
@@ -83,7 +83,7 @@ Standard Notes has [joined Proton AG](https://standardnotes.com/blog/joining-for
 
 ![Joplin logo](assets/img/notebooks/joplin.svg){ align=right }
 
-**Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle a large number of markdown notes organized into notebooks and tags. It offers E2EE and can sync through Nextcloud, Dropbox, and more. It also offers easy import from Evernote and plain-text notes.
+**Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle numerous markdown notes organized into notebooks and tags. It offers E2EE and can sync through Nextcloud, Dropbox, and more. It also offers easy import from Evernote and plain-text notes.
 
 [:octicons-home-16: Homepage](https://joplinapp.org){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://joplinapp.org/privacy){ .card-link title="Privacy Policy" }
@@ -133,7 +133,7 @@ Since January 2023, Joplin [supports biometrics](https://github.com/laurent22/jo
 
 </div>
 
-Cryptee offers 100MB of storage for free, with paid options if you need more. Sign-up doesn't require an e-mail or other personally identifiable information.
+Cryptee offers 100 MB of storage for free, with paid options if you need more. Sign-up doesn't require an e-mail or other personally identifiable information.
 
 ## Local notebooks
 

docs/os/android-overview.md

@@ -83,7 +83,7 @@ If an app is mostly a web-based service, the tracking may occur on the server si
 <div class="admonition note" markdown>
 <p class="admonition-title">Note</p>
 
-Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics.
+Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all the analytics features that are provided by Google Firebase Analytics.
 
 </div>
 
@@ -113,7 +113,7 @@ Like user profiles, a private space is encrypted using its own encryption key, a
 
 Unlike work profiles, Private Space is a feature native to Android that does not require a third-party app to manage it. For this reason, we generally recommend using a private space over a work profile, though you can use a work profile alongside a private space.
 
-### VPN Killswitch
+### VPN kill switch
 
 Android 7 and above supports a VPN kill switch, and it is available without the need to install third-party apps. This feature can prevent leaks if the VPN is disconnected. It can be found in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
 
@@ -123,7 +123,7 @@ Modern Android devices have global toggles for disabling Bluetooth and location
 
 ## Google Services
 
-If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
+If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play Services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
 
 ### Advanced Protection Program
 

docs/os/ios-overview.md

@@ -124,7 +124,7 @@ If you don't want anyone to be able to control your phone with Siri when it is l
 
 #### Face ID/Touch ID & Passcode
 
-Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make tradeoffs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
+Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make trade-offs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
 
 Select **Turn Passcode On** or **Change Passcode** → **Passcode Options** → **Custom Alphanumeric Code**. Make sure that you create a [secure password](../basics/passwords-overview.md).
 
@@ -132,7 +132,7 @@ If you wish to use Face ID or Touch ID, you can go ahead and set it up now. Your
 
 If you use biometrics, you should know how to turn them off quickly in an emergency. Holding down the side or power button and *either* volume button until you see the Slide to Power Off slider will disable biometrics, requiring your passcode to unlock. Your passcode will also be required after device restarts.
 
-On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance so you know which method works for your device.
+On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance, so you know which method works for your device.
 
 **Stolen Device Protection** adds additional security intended to protect your personal data if your device is stolen while unlocked. If you use biometrics and the Find My Device feature in your Apple Account settings, we recommend enabling this new protection:
 
@@ -246,7 +246,7 @@ Similarly, rather than allow an app to access all the contacts saved on your dev
 
 iOS offers the ability to lock most apps behind Touch ID/Face ID or your passcode, which can be useful for protecting sensitive content in apps which do not provide the option themselves. You can lock an app by long-pressing on it and selecting **Require Face ID/Touch ID**. Any app locked in this way requires biometric authentication whenever opening it or accessing its contents in other apps. Also, notification previews for locked apps will not be shown.
 
-In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable tradeoff of hiding an app is that you will not receive any of its notifications.
+In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable trade off of hiding an app is that you will not receive any of its notifications.
 
 You can hide an app by long-pressing on it and selecting **Require Face ID/Touch ID** → **Hide and Require Face ID/Touch ID**. Note that pre-installed Apple apps, as well as the default web browser and email app, cannot be hidden. Hidden apps reside in a **Hidden** folder at the bottom of the App Library, which can be unlocked using biometrics. This folder appears in the App Library whether you hid any apps or not, which provides you a degree of plausible deniability.
 
@@ -259,7 +259,7 @@ If your device supports it, you can use the [Clean Up](https://support.apple.com
 - Open the **Photos** app and tap the photo you have selected for redaction
 - Tap the :material-tune: (at the bottom of the screen)
 - Tap the button labeled **Clean Up**
-- Draw a circle around whatever you want to redact. Faces will be pixelated and it will attempt to delete anything else.
+- Draw a circle around whatever you want to redact. Faces will be pixelated, and it will attempt to delete anything else.
 
 Our warning [against blurring text](../data-redaction.md) also applies here, so we recommend to instead add a black shape with 100% opacity over it. In addition to redacting text, you can also black out any face or object using the **Photos** app.
 

docs/os/linux-overview.md

@@ -55,7 +55,7 @@ Atomic updating distributions, on the other hand, apply updates in full or not a
 
 The atomic update method can achieve reliability with this model and is used for [distributions](../desktop.md#atomic-distributions) like Silverblue and NixOS. [Adam Šamalík](https://twitter.com/adsamalik) provides a presentation on how `rpm-ostree` works with Silverblue:
 
-- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalik](https://youtu.be/aMo4ZlWznao) <small>(YouTube)</small>
+- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalík](https://youtu.be/aMo4ZlWznao) <small>(YouTube)</small>
 
 ### “Security-focused” distributions
 
@@ -92,7 +92,7 @@ SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-gett
 
 ### Drive Encryption
 
-Most Linux distributions have an option within its installer for enabling [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to backup your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device:
+Most Linux distributions have an option within its installer for enabling [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to back up your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device:
 
 - [Secure Data Erasure :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/05/25/secure-data-erasure)
 

docs/os/macos-overview.md

@@ -5,7 +5,7 @@ description: macOS is Apple's desktop operating system that works with their har
 ---
 **macOS** is a Unix operating system developed by Apple for their Mac computers. To enhance privacy on macOS, you can disable telemetry features and harden existing privacy and security settings.
 
-Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple silicon](https://support.apple.com/HT211814).
+Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple Silicon](https://support.apple.com/HT211814).
 
 ## Privacy Notes
 
@@ -13,7 +13,7 @@ There are a few notable privacy concerns with macOS that you should consider. Th
 
 ### Activation Lock
 
-Brand new Apple silicon devices can be set up without an internet connection. However, recovering or resetting your Mac will **require** an internet connection to Apple's servers to check against the Activation Lock database of lost or stolen devices.
+Brand-new Apple Silicon devices can be set up without an internet connection. However, recovering or resetting your Mac will **require** an internet connection to Apple's servers to check against the Activation Lock database of lost or stolen devices.
 
 ### App Revocation Checks
 
@@ -121,7 +121,7 @@ Decide whether you want personalized ads based on your usage.
 
 ##### FileVault
 
-On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
+On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple Silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
 
 On older Intel-based Mac computers, FileVault is the only form of disk encryption available by default, and should always be enabled.
 
@@ -206,7 +206,7 @@ If an app is sandboxed, you should see the following output:
         [Bool] true
 ```
 
-If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the unsandboxed app altogether.
+If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the non-sandboxed app altogether.
 
 ##### Hardened Runtime
 
@@ -229,7 +229,7 @@ macOS comes with two forms of malware defense:
 1. Protection against launching malware in the first place is provided by the App Store's review process for App Store applications, or *Notarization* (part of *Gatekeeper*), a process where third-party apps are scanned for known malware by Apple before they are allowed to run. Apps are required to be signed by the developers using a key given to them by Apple. This ensures that you are running software from the real developers. Notarization also requires that developers enable the Hardened Runtime for their apps, which limits methods of exploitation.
 2. Protection against other malware and remediation from existing malware on your system is provided by *XProtect*, a more traditional antivirus software built-in to macOS.
 
-We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyways, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
+We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyway, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
 
 ##### Backups
 
@@ -237,7 +237,7 @@ macOS comes with automatic backup software called [Time Machine](https://support
 
 ### Hardware Security
 
-Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple silicon, and not older Intel-based Mac computers or Hackintoshes.
+Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple Silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple Silicon, and not older Intel-based Mac computers or Hackintoshes.
 
 Some of these modern security features are available on older Intel-based Mac computers with the Apple T2 Security Chip, but that chip is susceptible to the *checkm8* exploit which could compromise its security.
 
@@ -255,7 +255,7 @@ Mac computers can be configured to boot in three security modes: *Full Security*
 
 #### Secure Enclave
 
-The Secure Enclave is a security chip built into devices with Apple silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
+The Secure Enclave is a security chip built into devices with Apple Silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
 
 You can think of the Secure Enclave as your device's security hub: it has an AES encryption engine and a mechanism to securely store your encryption keys, and it's separated from the rest of the system, so even if the main processor is compromised, it should still be safe.
 
@@ -267,7 +267,7 @@ Your biometric data never leaves your device; it's stored only in the Secure Enc
 
 #### Hardware Microphone Disconnect
 
-All laptops with Apple silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
+All laptops with Apple Silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
 
 Note that the camera does not have a hardware disconnect, since its view is obscured when the lid is closed anyway.
 
@@ -286,7 +286,7 @@ When it is necessary to use one of these processors, Apple works with the vendor
 
 #### Direct Memory Access Protections
 
-Apple silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
+Apple Silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
 
 ## Sources
 

docs/os/windows/group-policies.md

@@ -2,9 +2,9 @@
 title: Group Policy Settings
 description: A quick guide to configuring Group Policy to make Windows a bit more privacy respecting.
 ---
-Outside of modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
+Outside modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
 
-These settings should be set on a brand new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictible behavior and is done at your own risk.
+These settings should be set on a brand-new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictable behavior and is done at your own risk.
 
 All of these settings have an explanation attached to them in the Group Policy editor which explains exactly what they do, usually in great detail. Please pay attention to those descriptions as you make changes, so you know exactly what we are recommending here. We've also explained some of our choices below whenever the explanation included with Windows is inadequate.
 
@@ -67,7 +67,7 @@ Setting the cipher strength for the Windows 7 policy still applies that strength
 - Require additional authentication at startup: **Enabled**
 - Allow enhanced PINs for startup: **Enabled**
 
-Despite the names of these policies, this doesn't *require* you to do anything by default, but it will unlock the *option* to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the Bitlocker setup wizard.
+Despite the names of these policies, this doesn't *require* you to do anything by default, but it will unlock the *option* to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the BitLocker setup wizard.
 
 #### Cloud Content
 

docs/os/windows/index.md

@@ -20,13 +20,13 @@ You can enhance your privacy and security on Windows without downloading any thi
 <div class="admonition example" markdown>
 <p class="admonition-title">This section is new</p>
 
-This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy friendly than other operating systems.
+This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy-friendly than other operating systems.
 
 </div>
 
 ## Privacy Notes
 
-Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_(virtual_assistant)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising.  At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
+Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy-friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_(virtual_assistant)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising.  At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
 
 With Windows 11 there are a number of restrictions or defaults such as:
 
@@ -42,11 +42,11 @@ Microsoft often uses the automatic updates feature to add new functionality to y
 
 ## Windows Editions
 
-Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include Bitlocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
+Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include BitLocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
 
 Windows **Enterprise** provides the most flexibility when it comes to configuring privacy and security settings built in to Windows. For example, they are the only editions that allow you to enable the highest level of restrictions on data sent to Microsoft via telemetry tools. Unfortunately, Enterprise is not available for retail purchase, so it may not be available to you.
 
-The best version available for *retail* purchase is Windows **Pro** as it has nearly all of the features you'll want to use to secure your device, including Bitlocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry unfortunately.
+The best version available for *retail* purchase is Windows **Pro** as it has nearly all the features you'll want to use to secure your device, including BitLocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry, unfortunately.
 
 Students and teachers may be able to obtain a Windows **Education** (equivalent to Enterprise) or **Pro Education** license (equivalent to Pro) for free, including on personal devices, from their educational institution. Many schools partner with Microsoft via OnTheHub or Microsoft Azure for Education, so you can check those sites or your school's benefits page to see if you qualify. Whether or not you are able to get these licenses depends entirely on your institution. This may be the best way for many people to obtain an Enterprise-level edition of Windows for personal use. There are no additional privacy or security risks associated with using an Education license compared to the retail versions.
 
@@ -58,6 +58,6 @@ Currently, only Windows 11 license keys are available for purchase, but these ke
 
 The official [Media Creation Tool](https://microsoft.com/software-download/windows11) is the best way to put a Windows installer on a USB flash drive. Third-party tools like Rufus or Etcher may unexpectedly modify the files, which could lead to boot issues or other troubles when installing.
 
-This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the install. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
+This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the installation. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
 
 If you are installing an **Education** license then you will typically have a private download link that will be provided alongside your license key when you obtain it from your institution's benefits portal.

docs/passwords.md

@@ -228,7 +228,7 @@ Bitwarden's server-side code is [open source](https://github.com/bitwarden/serve
 
 With the acquisition of SimpleLogin in April 2022, Proton has offered a "hide-my-email" feature that lets you create 10 aliases (free plan) or unlimited aliases (paid plans).
 
-The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June of 2023. The security analysis company concluded:
+The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June 2023. The security analysis company concluded:
 
 > Proton Pass apps and components leave a rather positive impression in terms of security.
 
@@ -327,7 +327,7 @@ These options allow you to manage an encrypted password database locally.
 
 ![KeePassXC logo](assets/img/password-management/keepassxc.svg){ align=right }
 
-**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bugfixes to provide a feature-rich, cross-platform, and modern open-source password manager.
+**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bug fixes to provide a feature-rich, cross-platform, and modern open-source password manager.
 
 [:octicons-home-16: Homepage](https://keepassxc.org){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://keepassxc.org/privacy){ .card-link title="Privacy Policy" }
@@ -357,7 +357,7 @@ KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-se
 
 ![KeePassDX logo](assets/img/password-management/keepassdx.svg){ align=right }
 
-**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms in a secure way. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
+**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms securely. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
 
 [:octicons-home-16: Homepage](https://keepassdx.com){ .md-button .md-button--primary }
 [:octicons-info-16:](https://github.com/Kunzisoft/KeePassDX/wiki){ .card-link title="Documentation" }

docs/photo-management.md

@@ -18,7 +18,7 @@ Most cloud **photo management solutions** like Google Photos, Flickr, and Amazon
 ![Ente logo](assets/img/photo-management/ente.svg#only-light){ align=right }
 ![Ente logo](assets/img/photo-management/ente-dark.svg#only-dark){ align=right }
 
-**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5GB of storage as long as you use the service at least once a year.
+**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5 GB of storage as long as you use the service at least once a year.
 
 [:octicons-home-16: Homepage](https://ente.io){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://ente.io/privacy){ .card-link title="Privacy Policy" }
@@ -50,7 +50,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
 ![Stingle logo](assets/img/photo-management/stingle.png#only-light){ align=right }
 ![Stingle logo](assets/img/photo-management/stingle-dark.png#only-dark){ align=right }
 
-**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
+**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1 GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
 
 [:octicons-home-16: Homepage](https://stingle.org){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://stingle.org/privacy){ .card-link title="Privacy Policy" }
@@ -99,7 +99,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
 
 - Cloud-hosted providers must enforce end-to-end encryption.
 - Must offer a free plan or trial period for testing.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
 - Must offer a web interface which supports basic file management functionality.
 - Must allow for easy exports of all files/documents.
 - Must be open source.

docs/real-time-communication.md

@@ -258,7 +258,7 @@ Oxen requested an independent audit for Session in March 2020. The audit [conclu
 
 > The overall security level of this application is good and makes it usable for privacy-concerned people.
 
-Session has a [whitepaper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
+Session has a [white paper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
 
 ## Criteria
 

docs/router.md

@@ -18,7 +18,7 @@ Below are a few alternative operating systems that can be used on routers, Wi-Fi
 ![OpenWrt logo](assets/img/router/openwrt.svg#only-light){ align=right }
 ![OpenWrt logo](assets/img/router/openwrt-dark.svg#only-dark){ align=right }
 
-**OpenWrt** is a Linux-based operating system; it's primarily used on embedded devices to route network traffic. It includes util-linux, uClibc, and BusyBox. All of the components have been optimized for home routers.
+**OpenWrt** is a Linux-based operating system; it's primarily used on embedded devices to route network traffic. It includes util-linux, uClibc, and BusyBox. All the components have been optimized for home routers.
 
 [:octicons-home-16: Homepage](https://openwrt.org){ .md-button .md-button--primary }
 [:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Documentation}

docs/security-keys.md

@@ -9,7 +9,7 @@ cover: multi-factor-authentication.webp
 - [:material-target-account: Targeted Attacks](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red }
 - [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange }
 
-A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multi-factor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
+A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multifactor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
 
 ## Yubico Security Key
 
@@ -66,7 +66,7 @@ The **YubiKey** series from Yubico are among the most popular security keys. The
 
 The [comparison table](https://yubico.com/store/compare) shows the features and how the YubiKeys compare to each other and to Yubico's [Security Key](#yubico-security-key) series. One of the benefits of the YubiKey series is that one key can do almost everything you could expect from a hardware security key. We encourage you to take their [quiz](https://yubico.com/quiz) before purchasing in order to make sure you make the right choice.
 
-The Yubikey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [Yubikey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
+The YubiKey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [YubiKey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
 
 YubiKeys can be programmed using the [YubiKey Manager](https://yubico.com/support/download/yubikey-manager) or [YubiKey Personalization Tools](https://yubico.com/support/download/yubikey-personalization-tools). For managing TOTP codes, you can use the [Yubico Authenticator](https://yubico.com/products/yubico-authenticator). All of Yubico's clients are open source.
 

docs/tools.md

@@ -186,7 +186,7 @@ If you're looking for added **security**, you should always ensure you're connec
 
     ---
 
-    Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+    Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
 
     [Read Full Review :material-arrow-right-drop-circle:](email.md#proton-mail)
 
@@ -194,7 +194,7 @@ If you're looking for added **security**, you should always ensure you're connec
 
     ---
 
-    Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2GB storage, which can be upgraded as needed.
+    Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2 GB storage, which can be upgraded as needed.
 
     [Read Full Review :material-arrow-right-drop-circle:](email.md#mailboxorg)
 
@@ -202,7 +202,7 @@ If you're looking for added **security**, you should always ensure you're connec
 
     ---
 
-    Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+    Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
 
     [Read Full Review :material-arrow-right-drop-circle:](email.md#tuta)
 
@@ -226,7 +226,7 @@ If you're looking for added **security**, you should always ensure you're connec
 
 <div class="grid cards" markdown>
 
-- ![mailcow logo](assets/img/email/mailcow.svg){ .twemoji loading=lazy } [mailcow](email.md#self-hosting-email)
+- ![Mailcow logo](assets/img/email/mailcow.svg){ .twemoji loading=lazy } [Mailcow](email.md#self-hosting-email)
 - ![Mail-in-a-Box logo](assets/img/email/mail-in-a-box.svg){ .twemoji loading=lazy } [Mail-in-a-Box](email.md#self-hosting-email)
 
 </div>
@@ -652,10 +652,10 @@ For encrypting your OS drive, we typically recommend using the encryption tool y
 
 - ![Qubes OS logo](assets/img/qubes/qubes_os.svg){ .twemoji loading=lazy } [Qubes OS (Xen VM Distribution)](desktop.md#qubes-os)
 - ![Fedora logo](assets/img/linux-desktop/fedora.svg){ .twemoji loading=lazy } [Fedora Workstation](desktop.md#fedora-workstation)
-- ![openSUSE Tumbleweed logo](assets/img/linux-desktop/opensuse-tumbleweed.svg){ .twemoji loading=lazy } [OpenSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
+- ![openSUSE Tumbleweed logo](assets/img/linux-desktop/opensuse-tumbleweed.svg){ .twemoji loading=lazy } [openSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
 - ![Arch logo](assets/img/linux-desktop/archlinux.svg){ .twemoji loading=lazy } [Arch Linux](desktop.md#arch-linux)
 - ![Fedora logo](assets/img/linux-desktop/fedora.svg){ .twemoji loading=lazy } [Fedora Atomic Desktops](desktop.md#fedora-atomic-desktops)
-- ![nixOS logo](assets/img/linux-desktop/nixos.svg){ .twemoji loading=lazy } [NixOS](desktop.md#nixos)
+- ![NixOS logo](assets/img/linux-desktop/nixos.svg){ .twemoji loading=lazy } [NixOS](desktop.md#nixos)
 - ![Whonix logo](assets/img/linux-desktop/whonix.svg){ .twemoji loading=lazy } [Whonix (Tor)](desktop.md#whonix)
 - ![Tails logo](assets/img/linux-desktop/tails.svg){ .twemoji loading=lazy } [Tails (Live Boot)](desktop.md#tails)
 - ![Kicksecure logo](assets/img/linux-desktop/kicksecure.svg){ .twemoji loading=lazy } [Kicksecure](desktop.md#kicksecure)

docs/tor.md

@@ -43,7 +43,7 @@ There are a variety of ways to connect to the Tor network from your device, the
 
 Some of these apps are better than others, and again making a determination comes down to your threat model. If you are a casual Tor user who is not worried about your ISP collecting evidence against you, using apps like [Orbot](#orbot) or mobile browser apps to access the Tor network is probably fine. Increasing the number of people who use Tor on an everyday basis helps reduce the bad stigma of Tor, and lowers the quality of "lists of Tor users" that ISPs and governments may compile.
 
-If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against de-anonymization.
+If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against deanonymization.
 
 ## Tor Browser
 
@@ -113,11 +113,11 @@ We previously recommended enabling the *Isolate Destination Address* preference
 <div class="admonition tip" markdown>
 <p class="admonition-title">Tips for Android</p>
 
-Orbot can proxy individual apps if they support SOCKS or HTTP proxying. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN killswitch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
+Orbot can proxy individual apps if they support SOCKS or HTTP proxying. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN kill switch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
 
 Orbot is often outdated on the Guardian Project's [F-Droid repository](https://guardianproject.info/fdroid) and [Google Play](https://play.google.com/store/apps/details?id=org.torproject.android), so consider downloading directly from the [GitHub repository](https://github.com/guardianproject/orbot/releases) instead.
 
-All versions are signed using the same signature so they should be compatible with each other.
+All versions are signed using the same signature, so they should be compatible with each other.
 
 </div>