diff --git a/docs/linux-desktop/hardening.en.md b/docs/linux-desktop/hardening.en.md
index da3a9982..25da222c 100644
--- a/docs/linux-desktop/hardening.en.md
+++ b/docs/linux-desktop/hardening.en.md
@@ -18,7 +18,7 @@ All these firewalls use the [Netfilter](https://en.wikipedia.org/wiki/Netfilter)
 
 If you are using Flatpak packages, you can revoke their network socket access using Flatseal and prevent those applications from accessing your network. This permission is not bypassable.
 
-If you are using non-classic [Snap](https://en.wikipedia.org/wiki/Snap_(package_manager)) packages on a system with proper snap confinement support (with both AppArmor and [CGroupsv1](https://en.wikipedia.org/wiki/Cgroups) present), you can use the Snap Store to revoke network permission as well. This is also not bypassable.
+If you are using non-classic [Snap](https://en.wikipedia.org/wiki/Snap_(package_manager)) packages on a system with proper snap confinement support (with both AppArmor and [cgroups](https://en.wikipedia.org/wiki/Cgroups) v1 present), you can use the Snap Store to revoke network permission as well. This is also not bypassable.
 
 ## Kernel hardening
 
@@ -94,3 +94,5 @@ One of the problems with Secure Boot particularly on Linux is that only the [cha
 After setting up Secure Boot it is crucial that you set a “firmware password” (also called a “supervisor password, “BIOS password” or “UEFI password”), otherwise an adversary can simply disable Secure Boot.
 
 These recommendations can make you a little more resistant to [evil maid](https://en.wikipedia.org/wiki/Evil_maid_attack) attacks, but they not good as a proper verified boot process such as that found on [Android](https://source.android.com/security/verifiedboot), [ChromeOS](https://support.google.com/chromebook/answer/3438631) or [Windows](https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process).
+
+--8<-- "includes/abbreviations.en.md"
diff --git a/docs/linux-desktop/overview.en.md b/docs/linux-desktop/overview.en.md
index 99c074bd..2d99d036 100644
--- a/docs/linux-desktop/overview.en.md
+++ b/docs/linux-desktop/overview.en.md
@@ -74,3 +74,5 @@ For advanced users, we only recommend Arch Linux, not any of its derivatives. We
 ## Linux-libre kernel and “Libre” distributions
 
 We strongly recommend **against** using the Linux-libre kernel, since it [removes security mitigations](https://www.phoronix.com/scan.php?page=news_item&px=GNU-Linux-Libre-5.7-Released) and [suppresses kernel warnings](https://news.ycombinator.com/item?id=29674846) about vulnerable microcode for ideological reasons.
+
+--8<-- "includes/abbreviations.en.md"
diff --git a/docs/linux-desktop/sandboxing.en.md b/docs/linux-desktop/sandboxing.en.md
index d3cbfa17..7e7b99bb 100644
--- a/docs/linux-desktop/sandboxing.en.md
+++ b/docs/linux-desktop/sandboxing.en.md
@@ -62,3 +62,5 @@ Red Hat develops [Podman](https://docs.podman.io/en/latest/) and secures it with
 Another option is [Kata containers](https://katacontainers.io/), where virtual machines masquerade as containers. Each Kata container has its own Linux kernel and is isolated from the host.
 
 These container technologies can be useful even for enthusiastic home users who may want to run certain web app software on their local area network (LAN) such as [Vaultwarden](https://github.com/dani-garcia/vaultwarden) or images provided by [linuxserver.io](https://www.linuxserver.io) to increase privacy by decreasing dependence on various web services.
+
+--8<-- "includes/abbreviations.en.md"
diff --git a/docs/passwords.en.md b/docs/passwords.en.md
index 9bda71d7..d81c0333 100644
--- a/docs/passwords.en.md
+++ b/docs/passwords.en.md
@@ -36,7 +36,7 @@ These password managers store the password database locally.
 
 !!! warning
 
-    KeePassXC stores its export data as [comma-separated values (CSV)](https://en.wikipedia.org/wiki/Comma-separated_values). This may mean data loss if you import this file into another password manager. We advise you check each record manually.
+    KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-separated_values) files. This may mean data loss if you import this file into another password manager. We advise you check each record manually.
 
 ### KeePassDX
 
diff --git a/includes/abbreviations.en.md b/includes/abbreviations.en.md
index 1afda0d6..5c823a68 100644
--- a/includes/abbreviations.en.md
+++ b/includes/abbreviations.en.md
@@ -1,49 +1,60 @@
 <!-- markdownlint-disable -->
+*[2FA]: 2-Factor Authentication
 *[AOSP]: Android Open Source Project
 *[AVB]: Android Verified Boot
-*[DNS]: Domain Name System
+*[CLI]: Command Line Interface
+*[CSV]: Comma-Separated Values
 *[DNSSEC]: Domain Name System Security Extensions
+*[DNS]: Domain Name System
 *[DoH]: DNS over HTTPS
 *[DoT]: DNS over TLS
+*[E2EE]: End-to-End Encryption/Encrypted
 *[ECS]: EDNS Client Subnet
 *[Exif]: Exchangeable image file format
-*[E2EE]: End-to-End Encryption/Encrypted
 *[FDE]: Full Disk Encryption
 *[FIDO]: Fast IDentity Online
-*[GnuPG]: GNU Privacy Guard (PGP implementation)
 *[GPG]: GNU Privacy Guard (PGP implementation)
 *[GPS]: Global Positioning System
-*[HTTP]: Hypertext Transfer Protocol
+*[GUI]: Graphical User Interface
+*[GnuPG]: GNU Privacy Guard (PGP implementation)
+*[HOTP]: HMAC (Hash-based Message Authentication Code) based One-Time Password
 *[HTTPS]: Hypertext Transfer Protocol Secure
+*[HTTP]: Hypertext Transfer Protocol
+*[I2P]: Invisible Internet Project
 *[IMAP]: Internet Message Access Protocol
 *[IP]: Internet Protocol
+*[IPv4]: Internet Protocol version 4
+*[IPv6]: Internet Protocol version 6
 *[ISP]: Internet Service Provider
 *[ISPs]: Internet Service Providers
-*[I2P]: Invisible Internet Project
 *[LUKS]: Linux Unified Key Setup (Full-Disk Encryption)
+*[MAC]: Media Access Control
 *[MFA]: Multi-Factor Authentication
 *[OCSP]: Online Certificate Status Protocol
 *[OEM]: Original Equipment Manufacturer
 *[OEMs]: Original Equipment Manufacturers
-*[OpenPGP]: Open-source implementation of Pretty Good Privacy (PGP)
 *[OS]: Operating System
 *[OTP]: One-Time Password
 *[OTPs]: One-Time Passwords
-*[PGP]: Pretty Good Privacy (see OpenPGP)
+*[OpenPGP]: Open-source implementation of Pretty Good Privacy (PGP)
 *[P2P]: Peer-to-Peer
+*[PGP]: Pretty Good Privacy (see OpenPGP)
 *[QNAME]: Qualified Name
-*[SaaS]: Software as a Service (cloud software)
+*[RSS]: Really Simple Syndication
 *[SELinux]: Security-Enhanced Linux
 *[SMS]: Short Message Service (standard text messaging)
 *[SMTP]: Simple Mail Transfer Protocol
 *[SNI]: Server Name Indication
+*[SSH]: Secure Shell
+*[SaaS]: Software as a Service (cloud software)
 *[TCP]: Transmission Control Protocol
 *[TEE]: Trusted Execution Environment
 *[TLS]: Transport Layer Security
 *[TOTP]: Time-based One-Time Password
-*[UDP]: User Datagram Protocol
 *[U2F]: Universal 2nd Factor
-*[VoIP]: Voice over IP (Internet Protocol)
+*[UDP]: User Datagram Protocol
 *[VPN]: Virtual Private Network
+*[VoIP]: Voice over IP (Internet Protocol)
 *[W3C]: World Wide Web Consortium
-*[2FA]: 2-Factor Authentication
+*[XMPP]: Extensible Messaging and Presence Protocol
+*[cgroups]: Control Groups