20240316

- Removed Mozilla Monitor on account of being a whitelabled OneRep, who Brian Krebs recently discovered is not trustworthy.
- Removed News Scheduler as he resigned.
- Removed Matrix as we recently added more stringent messaging recommendations about ephemeral messaging.
- Updated the Sponsorship criteria page to be more constructive
- Reorganized mobile app recommendations (and added Notes and Photos recommendations)
- Qualified my recommendation of Switched to Linux for news only
- Solidified Proton in the affiliates section
- Added a note about services not listed on the About page in the Disclaimers section
- Added a note about PimEyes on public-protections
- Added more elaboration about password managers
- Added a stat about ransomware to the Why page
- Our Matrix server is currently not available while we make some changes, so the Matrix page has been modified to remove registration requests.

.gitignore

@@ -16,4 +16,4 @@ src/pages/index.mdx
 .vite-inspect
 
 # Typescript
-.tsbuildinfo
+.tsbuildinfo

README.md

@@ -43,4 +43,4 @@ _You can also see how these donations will be used, by visiting our [roadmap](ht
 -   [**2023 Transparency Report**](https://blog.thenewoil.org/transparency-report-2023)
 -   [**2022 Transparency Report**](https://blog.thenewoil.org/transparency-report-2022-and-goals-for-2023)
 -   [**2021 Transparency Report**](https://blog.thenewoil.org/transparency-report-2021-and-goals-for-2022)
--   [**2020 Transparency Report**](https://blog.thenewoil.org/2020-recap-2021-plans)
+-   [**2020 Transparency Report**](https://blog.thenewoil.org/2020-recap-2021-plans)

astro.config.ts

@@ -38,7 +38,10 @@ export default defineConfig({
     sitemap(),
     robotsTxt({ sitemap: false, policy: [{disallow: "/", userAgent: "GPTBot"}, {disallow: "/", userAgent: "ia_archiver"}, {disallow: "/", userAgent: "User-Agent: Google-Extended"}] }),
     compress({
-      JavaScript: false,
+      css: { comments: false },
+      html: { removeComments: true },
+      js: false,
+      logger: 1,
     }),
     languagePlugin({
       supportedLanguageCodes: config.languages.map((lang) => lang.code),

caddy/90-onion.example-caddy → caddy/90-onion.caddy

@@ -1,7 +1,7 @@
 # Replace example.onion with your hidden service hostname and rename this file from 90-onion.example-caddy to 90-onion.caddy after doing so.
 # Specifying http:// for this site is important so Caddy doesn't try to redirect the onion hostname.
 
-http://example.onion {
+http://r5jopxwjyy3pberv7a43r3e2i3whtxvk5lsotl3cap3zqltxev67zqid.onion {
 	# These two lines configure Caddy to serve from the www subdirectory of this repo
 	# see: https://caddyserver.com/docs/caddyfile/directives/file_server
 	root /home/website/thenewoil/www

crowdin.yml

@@ -1,8 +1,8 @@
 #
 # Your Crowdin credentials
 #
-project_id_env: CROWDIN_PROJECT_ID
-api_token_env: CROWDIN_PERSONAL_TOKEN
+# project_id_env: CROWDIN_PROJECT_ID
+# api_token_env: CROWDIN_PERSONAL_TOKEN
 base_path: "./src"
 # base_url: "./src/"
 

docs/getting-started.md

@@ -17,7 +17,7 @@ nvm install v20
 Then to use the newly installed version of Node type the following for your specific version of Node:
 
 ```console
-nvm use 20
+nvm use 20.x.x
 ```
 
 Once Node v20 is installed you have access to two new commands `node` and `npm`. `npm` (short for Node Package Manager) is the official package manager provided by Node. It is used to install and manage dependencies. The `node` command is for running raw `.js` files, but we will not be using that.

public/.htaccess

@@ -0,0 +1,53 @@
+#Redirects the http verion of the website to the https verion of the website (e.g. http://example.com/ to https://example.com/).
+RewriteEngine On
+RewriteCond %{HTTPS} off
+RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
+
+#Removes html file extension (e.eg. example.com/page.html to example.com/page).
+RewriteEngine On
+RewriteCond %{REQUEST_FILENAME} !-d
+RewriteCond %{REQUEST_FILENAME} !-f
+RewriteRule ^([^\.]+)$ $1.html [NC, L]
+
+#Redirects from www to normal site
+RewriteEngine On
+RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
+RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
+
+Header Strict-Transport-Security: max-age=63072000; includeSubDomains; preload env=HTTPS
+
+Header Access-Control-Allow-Origin: *
+
+Header Content-Security-Policy: "default-src 'none'; script-src 'none'; script-src-elem 'none'; script-src-attr 'none'; style-src 'self'; style-src-elem 'self'; style-src-attr 'unsafe-inline'; img-src 'self'; font-src 'self' data: ; connect-src 'none'; media-src 'self' data: ; object-src 'none'; child-src 'none'; frame-src 'none'; worker-src 'none'; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-scripts allow-popups; base-uri 'none'; manifest-src 'none';"
+
+Header add Request-OTR: 1
+
+#Header Public-Key-Pins "pin-sha256=\"base64+primary==\"; pin-sha256=\"base64+backup==\"; max-age=5184000; includeSubDomains"
+
+#Header always set Public-Key-Pins "pin-sha256=\"base64+primary==\"; pin-sha256=\"base64+backup==\"; max-age=5184000; includeSubDomains"
+
+Header always set X-Frame-Options "SAMEORIGIN"
+
+Header X-Content-Type-Options: nosniff
+
+Header always set Permissions-Policy "microphone=(), camera=(), geolocation=(), payment=(), display-capture=(), fullscreen=(self), gyroscope=(), sync-xhr=(), midi=(), magnetometer=(), usb=()"
+
+#Header Feature-Policy: "microphone 'none'; camera 'none'; geolocation 'none'; payment 'none'; display-capture 'none'; fullscreen 'self'; gyroscope 'none'; sync-xhr 'none'; midi 'none', magnetometer 'none', usb 'none'"
+
+Header Cross-Origin-Embedder-Policy-Report-Only: (unsafe-none|require-corp);
+
+Header Cross-Origin-Opener-Policy: (same-origin|same-origin-allow-popups|unsafe-none);
+
+Header Cross-Origin-Opener-Policy-Report-Only: (same-origin|same-origin-allow-popups|unsafe-none);
+
+Header Cross-Origin-Resource-Policy: (same-site|same-origin|cross-origin)
+
+Header X-XSS-Protection 1; mode=block
+
+Header Cache-Control: private, no-store
+
+#Header Set-Cookie: uid=7; Secure; HttpOnly; SameSite=Lax
+
+#Header Clear-Site-Data:
+
+options -Indexes

src/assets/data/BlogPages.json

@@ -1,4 +1,9 @@
 [ 
+  {
+    "slug": "the-best-password-managers-in-2024",
+    "created": "2024-03-02T19:58:34Z",
+    "title": "The Best Password Managers in 2024"
+  },
   {
     "slug": "how-i-learned-to-stop-worrying-and-love-insecurity",
     "created": "2024-02-25T03:11:39Z",

src/assets/data/pages/en/about/Team.json

@@ -25,16 +25,5 @@
         "icon": "/images/logos/website.png"
       }
     ]
-  },
-  {
-    "name": "Robert Dalton",
-    "title": "News Scheduler",
-    "links": [
-      {
-        "name": "Website",
-        "link": "https://robertdalton.lol/",
-        "icon": "/images/logos/website.png"
-      }
-    ]
   }
 ]

src/assets/data/pages/en/charts/Messaging.json

@@ -8,30 +8,10 @@
     "Available in F-Droid?",
     "Available on iOS?",
     "Decentralized?",
-    "Phone number or username?",
     "Disappearing messages?",
     "Additional notes?"
   ],
   "tools": {
-    "matrix": {
-      "name": "Matrix",
-      "values": {
-        "Audited?": "No",
-        "Available on Linux?": "Yes",
-        "Available on Mac?": "Yes",
-        "Available on Windows?": "Yes",
-        "Available on Android?": "Yes",
-        "Available in F-Droid?": "Some clients",
-        "Available on iOS?": "Yes",
-        "Decentralized?": "Yes",
-        "Phone number or username?": "Username",
-        "Disappearing messages?": "No",
-        "Additional notes?": [
-          "Matrix is the protocol, not the client",
-          "Can be self-hosted"
-        ]
-      }
-    },
     "signal": {
       "name": "Signal",
       "values": {
@@ -43,7 +23,6 @@
         "Available in F-Droid?": "No",
         "Available on iOS?": "Yes",
         "Decentralized?": "No",
-        "Phone number or username?": "Phone number",
         "Disappearing messages?": "Yes",
         "Additional notes?": []
       }
@@ -59,9 +38,8 @@
         "Available in F-Droid?": "Directly ([from here](https://simplex.chat/fdroid/))",
         "Available on iOS?": "Yes",
         "Decentralized?": "Yes",
-        "Phone number or username?": "QR-Code or temporary link",
         "Disappearing messages?": "Yes",
-        "Additional notes?": ["Early in development", "Small userbase"]
+        "Additional notes?": ["Early in development"]
       }
     },
     "threema": {
@@ -75,7 +53,6 @@
         "Available in F-Droid?": "No",
         "Available on iOS?": "Yes",
         "Decentralized?": "No",
-        "Phone number or username?": "Yes",
         "Disappearing messages?": "Yes",
         "Additional notes?": []
       }

src/assets/data/pages/en/guides/less-important/Messaging.json

@@ -1,24 +1,4 @@
 {
-  "matrix": {
-    "name": "Matrix",
-    "logo": "/images/logos/matrix.png",
-    "logo_alt": "Matrix Logo",
-    "link": "https://matrix.org/",
-    "pros": [
-      "Available on all operating systems",
-      "Decentralized",
-      "Username-based",
-      "No identifiable user data required at signup",
-      "Can be self-hosted",
-      "Can be bridged to communicate with other services such as Slack, Telegram, Signal, Discord, Facebook, and more.",
-      "Popular clients include [Element](https://element.io/), [FluffyChat](https://fluffychat.im/), and [SchildiChat](https://schildi.chat/)."
-    ],
-    "cons": [
-      "Not audited",
-      "Not [metadata resistant](/criteria#definitions)",
-      "Does not offer disappearing messages"
-    ]
-  },
   "signal": {
     "name": "Signal",
     "logo": "/images/logos/signal.png",
@@ -27,12 +7,12 @@
     "pros": [
       "[Recently audited](https://community.signalusers.org/t/wiki-overview-of-third-party-security-audits/13243)",
       "Available on all operating systems",
-      "Offers disappearing messages",
+	  "Usernames can be changed at any time an unlimited number of times",
+	  "[World-renowned security](https://en.wikipedia.org/wiki/Signal_(software)#Security)",
       "[Metadata resistant](/criteria#definitions)"
     ],
     "cons": [
       "Centralized",
-      "Phone number required",
       "[Server source code went almost a year without a public update with no explanation](https://linuxreviews.org/Signal_Just_Made_One_Years_Worth_Of_Server-Side_Source_Code_Available_In_One_Huge_Dump)"
     ]
   },
@@ -44,7 +24,6 @@
     "pros": [
       "[Recently audited](https://simplex.chat/blog/20221108-simplex-chat-v4.2-security-audit-new-website.html)",
       "Available on all operating systems",
-      "Offers disappearing messages",
       "Decentralized",
       "No personal information required",
       "No user IDs, add contacts via QR code or temporary link",
@@ -63,7 +42,6 @@
     "pros": [
       "[Recently audited](https://threema.ch/en/blog/posts/audit-2020-en)",
       "Available on Android, and iOS",
-      "Username-based",
       "[Metadata resistant](/criteria#definitions)",
       "Offers disappearing messages"
     ],

src/assets/data/pages/en/guides/less-important/Vpns.json

@@ -34,7 +34,7 @@
   },
   "protonvpn": {
     "name": "Proton VPN",
-    "logo": "/images/logos/proton.png",
+    "logo": "/images/logos/protonvpn.png",
     "logo_alt": "Proton VPN logo",
     "referral_link": "https://go.getproton.me/aff_c?offer_id=26&aff_id=2187&url=https%3A%2F%2Fproton.me%2F%3FvisitorId%3Dho-{transaction_id}%26aid%3D{affiliate_id}%26offer_id%3D{offer_id}%26url_id%3D{offer_url_id}%26utm_campaign%3Dww-all-2c-vpn-gro_aff-g_acq-partners_program%26utm_source%3Daid-tune-{affiliate_id}%26utm_medium%3Dlink%26utm_term%3Dgeneric_vpn_landing%26utm_content%3D{offer_id}%26hfp%3Dfalse%26spl%3D{affiliate_id}%26aap%3D{affiliate_id}",
     "link": "https://protonvpn.com/",

src/assets/data/pages/en/guides/moderately-important/DataRemoval.json

@@ -9,11 +9,6 @@
     "img": "/images/logos/easyoptouts.png",
     "name": "EasyOptOuts"
   },
-  {
-    "link": "https://monitor.mozilla.org/",
-    "img": "/images/logos/mozilla_monitor.png",
-    "name": "Mozilla Monitor+"
-  },
   {
     "link": "https://www.mydataremoval.com/",
     "img": "/images/logos/mydataremoval.png",

src/assets/data/pages/en/guides/moderately-important/EmailAliasing.json

@@ -17,13 +17,13 @@
           "Aliases": "Unlimited",
           "Bandwidth": "10MB",
           "Reply/Send": 0,
-          "Mailboxes": 2,
+          "Mailboxes": 1,
           "Custom domains": 0,
           "PGP Encryption": "Yes"
         },
         "Lite": {
           "Aliases": "Unlimited",
-          "Bandwidth": "50MB",
+          "Bandwidth": "100MB",
           "Reply/Send": "20/day",
           "Mailboxes": 5,
           "Custom domains": 1,