Tor complete, image fixes, header/misc edits

site/03-todo.md

@@ -18,17 +18,11 @@
     - Device-specific Guides <connectivity, performance, resilience and/or tuning>
         - (after release) create badges for topic boxes
 - Configuration
-    - Tor Setup
-        - Mac
-        - Android
-        - FF OS
-        - FF Mobile
     - LAN Setup
         - Mac
         - Android
-        - iOS
         - Browsers
-- Tuning
+- Tunin
     - DIY Guide
     - Advanced Config
         - SSH over Tor
@@ -45,7 +39,7 @@
 - Mission / values
 - Backups
     - CIFS
-        - OS guides for CIFS
+        - OS guides for CIFS (screens)
     - Local
 - Migrations
 - Possible sounds in troubleshooting (and walkthrough?)

site/source/learn/concepts/networks.rst

@@ -8,20 +8,26 @@ Networks
 
 LAN
 ---
-
 A Local Area Network (LAN) is a computer network that interconnects computers within a limited area such as a residence, school, laboratory, university campus, or office building.
 
 Devices on a LAN are private and protected, such that only devices connected to the same Ethernet or WiFi network can see or communicate with them.
 
 Your Embassy hosts itself on the LAN and is reachable by visiting its ``embassy.local`` URL in the browser while also connected to the LAN.
 
-.. note:: Any device connected to a LAN can inspect all communications on that LAN. To avoid snooping, your Embassy's LAN communications are encrypted using :ref:`ssl`, which requires :ref:`additional setup <ssl-setup>`.
+.. note:: Any device connected to a LAN can inspect all communications on that LAN. To avoid snooping, your Embassy's LAN communications are encrypted using :ref:`ssl`, which requires :ref:`additional setup <lan-setup>`.
+
+.. _lan-cert:
+
+LAN Certificate
+---------------
+When you visit an SSL secured website (https://), in addition to the connection being secured using SSL/TSL encryption, the website will present your browser with an SSL certificate showing that it (or more accurately ownership of the website's public key) has been authenticated by a recognized Certificate Authority (CA).  In the case of your Embassy, this certificate is "self-signed," and as such, the CA is you.
+
+Your certificate is created when you initially setup your Embassy, or migrate to a new version, such as 0.3.0.
 
 .. _mdns:
 
 MDNS
 ----
-
 Multicast Domain Name System (MDNS) is a protocol that resolves a human-readable hostname to an IP address on a small network, such as the home or office network you might host your Embassy on.
 
 This is known as a "zeroconf," or zero-configuration service, meaning that you can instantly visit a human-recognizable domain name, such as ``embassy.local`` from your network.
@@ -32,7 +38,6 @@ This domain is not broadcast outside of your local network, so it is as private
 
 SSL
 ---
-
 Visiting websites on the Tor network is slow. We wanted to provide a better option to access the Embassy at home. That’s why we created an address for the Embassy that can be accessed on your Local Area Network.
 
 By default, this ``.local`` address is served like a regular website, over HTTP. Browsers make it noticeable when visiting a site over HTTP in the URL bar - it could be red, show an unlocked lock, or warn that the connection is not secure.
@@ -52,7 +57,6 @@ For more information on how to setup your devices to enable this feature visit :
 
 Tor
 ---
-
 The Onion Router, or Tor, is a free and open source software that enables anonymous communication. By routing Internet traffic though a worldwide, volunteer overlay network of nodes, requests are bundled in layers of encryption like the layers of an onion. The request is relayed across nodes, decrypting a layer only to reveal the next relay destination, until the request meets its final destination, without revealing the source IP address.
 
 If a malicious third party were to intercept a request, they would see a garbled mess of the remaining onion encryption, and would only know that it came from some onion node and was heading to some other onion node. The contents, source, and destination of the message are totally anonymous.
@@ -67,7 +71,6 @@ Here's an introductory video on `Tor <https://www.youtube.com/watch?v=6czcc1gZ7A
 
 Tor Browser
 -----------
-
 The Tor Browser is a version of Firefox specifically made for use with the Tor Network.  Tor Browser has Tor built-in, so that you do not need to be running Tor natively in order to use the network.  This makes it a great browser for use with your Embassy.
 
 .. caution::  Tor Browser has some advanced security and privacy settings, which can be useful, but please keep in mind that if you raise them from the standard level, you may be unable to use some websites, such as your Embassy UI.
@@ -76,7 +79,6 @@ The Tor Browser is a version of Firefox specifically made for use with the Tor N
 
 Tor Hidden Service
 ------------------
-
 A Tor Hidden Service is essentially just software or a website that is only broadcast on the Tor network.  These are identified by a long, random public key, and end with the ``.onion`` suffix.  For example, you can visit http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion to view the Start9 homepage on Tor.
 
 In order to reach a Hidden Service, you must use a browser that can handle ``.onion`` domains, such as `The Tor Browser <https://www.torproject.org/download/>`_ or by configuring :ref:`Firefox <>` ***REF NEEDED***.

site/source/support/user-manual/configuration/lan-setup/lan-browser/index.rst

@@ -1,11 +1,13 @@
 .. _lan-browser:
 
-=======================
-Local Access (Browsers)
-=======================
+======================
+LAN Setup for Browsers
+======================
 
 When you are on the same network as your Embassy (typically a home or small office), :ref:`Local Access<lan>` is much faster and will allow access to your data, even with no Internet connection.
 
+.. caution:: You will first need to complete :ref:`LAN Setup<lan-os>` for your device before continuing.
+
 .. toctree::
   :maxdepth: 2
 

site/source/support/user-manual/configuration/lan-setup/lan-os/index.rst

@@ -1,8 +1,8 @@
 .. _lan-os:
 
-======================
-Local Access (Devices)
-======================
+=====================
+LAN Setup for Devices
+=====================
 
 When you are on the same network as your Embassy (typically a home or small office), :ref:`Local Access<lan>` is much faster and will allow access to your data, even with no Internet connection.
 

site/source/support/user-manual/configuration/lan-setup/lan-os/lan-ios.rst

@@ -4,77 +4,74 @@
 iOS
 ===
 
-#. Navigate back to the `Start9 Setup App <https://apps.apple.com/us/app/start9-setup-app/id1528125889>`_.
+.. note:: For security, this will need to be done using a Tor connection.  Please use Onion Browser or Consulate to access your Embassy and complete the following steps.
 
-#. Select your claimed Embassy to view the setup results.
+#. You will first need to get your :ref:`LAN Certificate<lan-cert>`, which can be found either:
 
-#. Find the "LAN (advanced)" menu item at the bottom of the Setup App screen.
+   #. When completing your Embassy :ref:`Initial Setup<initial-setup>`, it is provided on the final screen
 
-   .. figure:: /_static/images/ssl/mobile/ssl_setup_app_complete.png
-    :width: 70%
-    :alt: Setup app complete
+      or:
 
-    Completed Setup App screen
+   #. In the ``Embassy`` tab in your Embassy, under ``Settings`` -> ``LAN``
 
-#. Select the "Embassy Local Root CA" menu item. Clicking this will prompt you to “Save to device”.
+      .. figure:: /_static/images/embassy_lan_setup.svg
+         :width: 60%
+         :alt: LAN setup menu item
 
-   .. figure:: /_static/images/ssl/mobile/ssl_setup_app_advanced.png
-    :width: 70%
-    :alt: Setup app advanced menu
+#. Select ``Download Root CA``. Clicking this will prompt you to “Save to device”.
 
-    Setup App advanced menu
+   .. figure:: /_static/images/embassy_lan_setup0.svg
+      :width: 60%
+      :alt: LAN setup page
 
-#. You will be directed to a page in your default browser indicating next steps and that the profile has been successfully downloaded.
+#. You will be directed to a page in your default browser indicating next steps and that the profile has been successfully downloaded.  Be sure to complete all steps in this process! These steps are also outlined below.
 
    .. note::
         If you have changed the default browser from Safari to Brave, the following auto save certificate to device flow will *not* work. Safari, Firefox, and Chrome work as expected. We recommend you temporarily use one of these browsers to complete this action.
 
-#. Be sure to complete all steps in this process! These steps are also outlined below.
-
-   .. figure:: /_static/images/ssl/mobile/ssl_certificate_install_page.png
-    :width: 70%
+   .. figure:: /_static/images/ssl/mobile/ssl_certificate_install_page.svg
+    :width: 40%
     :alt: Certificate install page
 
     Select "Allow" on the certificate install page
 
 #. Go to Settings on your iOS device.
 
-   .. figure:: /_static/images/ssl/mobile/ssl_ipad_general_settings.png
-    :width: 70%
+   .. figure:: /_static/images/ssl/mobile/ssl_ipad_general_settings.svg
+    :width: 40%
     :alt: General settings
 
-    General settings
-
 #. Navigate to *General > Profile(s) > Downloaded Profile > Install*.
 
-   .. figure:: /_static/images/ssl/mobile/ssl_ipad_profiles.png
-    :width: 70%
+   .. figure:: /_static/images/ssl/mobile/ssl_ipad_profiles.svg
+    :width: 40%
     :alt: Profiles
 
-    Profiles view
-
-   .. figure:: /_static/images/ssl/mobile/ssl_ipad_install_profile.png
-    :width: 70%
+   .. figure:: /_static/images/ssl/mobile/ssl_ipad_install_profile.svg
+    :width: 40%
     :alt: Install profile
 
     Select "Install" for Embassy Local Root CA
 
-#. Select “yes” to any warning prompts.
+#. Select “Yes” to any warning prompts.
 
 #. Next, navigate to *General > About > Certificate Trust Settings*.
 
-   .. figure:: /_static/images/ssl/mobile/ssl_ipad_cert_trust_settings.png
-    :width: 70%
+   .. figure:: /_static/images/ssl/mobile/ssl_ipad_cert_trust_settings.svg
+    :width: 40%
     :alt: Certificate trust settings
 
     Select Certificate Trust Settings (scroll all the way down)
 
 #. Enable full trust for root certificates.
 
-   .. figure:: /_static/images/ssl/mobile/ssl_ipad_cert_trust.png
-    :width: 70%
+   .. figure:: /_static/images/ssl/mobile/ssl_ipad_cert_trust.svg
+    :width: 40%
     :alt: Enable full trust
 
     Toggle to enable full trust for root certificates. "Continue" when warning prompts.
 
-#. Test that this process worked successfully by navigating to the LAN address provided in the Setup App. You should no longer see warnings about the security of this site in your browser. We recommend using Start9’s own `Consulate browser <https://apps.apple.com/us/app/consulate/id1528124570>`_ for a faster and better experience.
+#. Test that this process worked successfully by navigating to the LAN address provided from one of the locations listed under Step 1 at the top of this page. You should not see warnings about the security of this site in your browser (if you do, setup was not successful).
+
+
+

site/source/support/user-manual/configuration/lan-setup/lan-os/lan-linux.rst

@@ -13,13 +13,13 @@ Nothing specific needs to be configured for the Linux environment, so you just n
 #. Navigate to the :ref:`Embassy tab<embassy-tab>` -> Settings -> LAN
 
    .. figure:: /_static/images/embassy_lan_setup.svg
-    :width: 90%
+    :width: 60%
     :alt: LAN setup menu item
 
 #. Click "Download Root CA". This will prompt a download to save the certificate file to your machine.
 
    .. figure:: /_static/images/embassy_lan_setup0.svg
-    :width: 90%
+    :width: 60%
     :alt: LAN setup page
 
 Then open your favorite browser to import this certificate and follow the steps for :ref:`browser setup <lan-browser>`.

site/source/support/user-manual/configuration/limitations/lim-ios.rst

@@ -6,11 +6,11 @@ iOS Known Limitations
 
 Tor
 ---
-It is not currently possible to run Tor natively (in the background) on iOS.  The best chance for this functionality coming to iOS is via the `iCepa Project <https://github.com/iCepa>`_.
+It is not currently possible to run Tor natively (in the background) on iOS.  The best chance for this functionality coming to iOS in the future is via the `iCepa Project <https://github.com/iCepa>`_.
 
 Workarounds
 ===========
-The only way to use Tor on iOS is with apps that come with Tor built-in, such as :ref:`Zap Wallet <zap>`.
+The only way to use Tor (in the background) on iOS is with apps that come with Tor built-in, such as :ref:`Zap Wallet <zap>`.  For visiting Embassy UI Tor sites, you may use `Onion Browser <https://apps.apple.com/us/app/onion-browser/id519296448>`_ or `Start9's Consulate <https://apps.apple.com/us/app/start9-consulate-browser/id1528124570>`_ application.
 
 Matrix
 ------
@@ -18,7 +18,7 @@ The lack of Tor support on iOS means that Element/Matrix cannot be run on an iPh
 
 Workarounds
 ===========
-None currently known.
+None currently known, but may be solved with forthcoming "clearnet" support on EmbassyOS.
 
 Spark Wallet
 ------------

site/source/support/user-manual/configuration/tor-setup/tor-firefox/index.rst

@@ -1,7 +1,7 @@
 .. _tor-firefox:
 
 ====================
-Using Tor on Firefox
+Setup Tor on Firefox
 ====================
 
 .. caution::  This guide assumes you are already :ref:`running Tor on your phone or computer<running-tor>`.

site/source/support/user-manual/configuration/tor-setup/tor-firefox/torff-android.rst

@@ -15,33 +15,35 @@ Once Tor is setup on your system, you can proceed to setup Firefox:
 
 3. Navigate to ``about:config`` in the Firefox URL bar.
 
-.. figure:: /_static/images/tor/about_config.png
-  :width: 50%
-  :alt: Firefox about config
+  .. figure:: /_static/images/tor/about_config.svg
+    :width: 50%
+    :alt: Firefox about config
 
 4. You are going to have to change a few options in here. First, type ``network.proxy.type`` into the search bar, and set the value to ``2``.
 
-.. figure:: /_static/images/tor/network_proxy_type.png
-  :width: 50%
-  :alt: Firefox network proxy type setting screenshot
+  .. figure:: /_static/images/tor/network_proxy_type.svg
+    :width: 50%
+    :alt: Firefox network proxy type setting screenshot
 
 5. Search for ``network.proxy.autoconfig_url``, and set the value to ``file:///storage/emulated/0/Download/proxy.pac``.
 
-.. figure:: /_static/images/tor/autoconfig_url.png
-  :width: 50%
-  :alt: Firefox autoconfig url setting screenshot
+  .. note:: For newer Android's, and those running CalyxOS, it may be necessary to place the file within the application's ``data`` folder, such as ``file:///storage/emulated/0/Android/data/org.mozilla.firefox_beta/files/Download/proxy.pac``.  Please reach out to support if you have issues.
+
+  .. figure:: /_static/images/tor/autoconfig_url.svg
+    :width: 50%
+    :alt: Firefox autoconfig url setting screenshot
 
 6. Search for ``network.proxy.socks_remote_dns``, and set the value to ``true``.
 
-.. figure:: /_static/images/tor/socks_remote_dns.png
-  :width: 50%
-  :alt: Firefox socks remote dns setting screenshot
+  .. figure:: /_static/images/tor/socks_remote_dns.svg
+    :width: 50%
+    :alt: Firefox socks remote dns setting screenshot
 
 7. Search for ``dom.securecontext.whitelist_onions`` and set the value to ``true``.
 
-.. figure:: /_static/images/tor/firefox_whitelist_mobile.png
-  :width: 50%
-  :alt: Firefox whitelist onions screenshot
+  .. figure:: /_static/images/tor/firefox_whitelist_mobile.svg
+    :width: 50%
+    :alt: Firefox whitelist onions screenshot
 
-8. Restart Firefox, and you’re all set! You should now be able to navigate to `.onion` URLs in Firefox. This means you can bookmark Cups Messenger, and use your Bitwarden Tor address in the `Bitwarden Password Manager <https://play.google.com/store/apps/details?id=com.x8bit.bitwarden&hl=en_US&gl=US>`_ native application.
+8. Restart Firefox, and you're all set! You should now be able to navigate to `.onion` URLs in Firefox. This means you can bookmark Cups Messenger, or other Embassy ``.onion`` addresses, as well as use the :ref:`Bitwarden<vaultwarden>` browser extension.
 

site/source/support/user-manual/configuration/tor-setup/tor-firefox/torff-ios.rst

@@ -4,6 +4,4 @@
 iOS
 ===
 
-Unfortunately, Apple does not allow tor to be run natively on iOS.  This means that Firefox cannot be configured to use tor.  This leaves the following options:
-
-You can use Start9's own Consulate Browser, which is available `here <https://apps.apple.com/us/app/start9-consulate-browser/id1528124570>`_, or you can select another Tor Browser by searching the `App Store <https://www.apple.com/us/search/onion-browser?src=serp>`_.
+Unforutnately, it is not currently possible to run Tor natively on iOS.  This means that Firefox cannot be configured to use tor.  Please see :ref:`iOS Limitations<lim-ios>` for details and workarounds.

site/source/support/user-manual/configuration/tor-setup/tor-firefox/torff-linux.rst

@@ -1,94 +1,52 @@
 .. _torff-linux:
 
 =====
-Linux - ***NEEDS UPDATED***
+Linux
 =====
 
 .. caution::
   This guide assumes you have completed :ref:`setting up Tor<running-tor>`. Please visit this section first before you proceed as it is required for Firefox to properly work with Tor.
 
-1. Open Firefox.
+#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that may appear about accessing advanced settings.
 
-2. Enter ``about:config`` in the URL bar. Accept any warnings that may appear about accessing advanced settings.
+#. Search for ``dom.securecontext.whitelist_onions`` and set the value to ``true``.
 
-3. Search for ``dom.securecontext.whitelist_onions`` and set the value to ``true``.
+    .. figure:: /_static/images/tor/firefox_whitelist.svg
+      :width: 60%
+      :alt: Firefox whitelist onions screenshot
 
-   .. figure:: /_static/images/tor/firefox_whitelist.png
-    :width: 80%
-    :alt: Firefox whitelist onions screenshot
-
-4. Download a `Proxy Auto Config` file to inform Firefox how to use the Tor daemon running on your computer. You can get Start9's standard file by following the OS-specific instructions below:
-    Windows:
-
-    Click `here <https://registry.start9labs.com/sys/proxy.pac>`_ to get the file and save the file somewhere you won’t delete it.  Please remember the location you save the file in if you do not use our example location.  For this example:
-
-    .. code-block::
-
-      C:\Program Files\Tor Browser\proxy.pac
-
-    Mac:
-
-    Open the ``Terminal`` App on your Mac. You can find it in your list of Applications.  In the terminal, enter:
-
-    .. code-block::
-
-      brew install wget
-
-    And then:
-
-    .. code-block::
-
-      wget -P /usr/local/etc/tor https://registry.start9labs.com/sys/proxy.pac
-
-    Linux:
-
-    From a terminal, enter:
+#. Download a `Proxy Auto Config` file to inform Firefox how to use the Tor daemon running on your computer. You can get Start9's standard file from a terminal, by using:
 
     .. code-block::
 
       sudo wget -P /etc/tor https://registry.start9labs.com/sys/proxy.pac
 
 
-5. Now open your Firefox web browser, and select options (Windows), or preferences (Mac/Linux):
+#. Now, back in your Firefox web browser, select ``Settings`` from the right-hand hamburger menu:
 
-   .. figure:: /_static/images/tor/firefox_options_windows.png
-    :width: 80%
-    :alt: Firefox options screenshot
-
-    Select :menuselection:``Settings --> Options``
+    .. figure:: /_static/images/tor/os_ff_settings.svg
+      :width: 30%
+      :alt: Firefox options screenshot
 
 
-6. Search for the term “proxy” in the search bar in the upper right, then select the button that says ``Settings…``:
+#. Search for the term “proxy” in the search bar in the upper right, then select the button that says ``Settings…``:
 
-   .. figure:: /_static/images/tor/firefox_search.png
-    :width: 80%
-    :alt: Firefox search screenshot
+    .. figure:: /_static/images/tor/firefox_search.svg
+      :width: 60%
+      :alt: Firefox search screenshot
 
-7. This should open a menu that will allow you to configure your proxy settings. Select ``Automatic proxy configuration URL`` and paste in the path to your PAC file from earlier, prefixed with ``file://``. For example:
-    Windows:
-
-    .. code-block::
-
-      file://C:/Program Files/Tor Browser/proxy.pac
-
-    Mac:
-
-    .. code-block::
-
-      file:///usr/local/etc/tor/proxy.pac
-
-    Linux:
+#. This should open a menu that will allow you to configure your proxy settings. Select ``Automatic proxy configuration URL`` and paste in the path to your PAC file from earlier, prefixed with ``file://``. For example:
 
     .. code-block::
 
       file:///etc/tor/proxy.pac
 
-8. Then, check the box labeled ``Proxy DNS when using SOCKS v5``:
+#. Then, check the box labeled ``Proxy DNS when using SOCKS v5``:
 
-   .. figure:: /_static/images/tor/firefox_proxy.png
-    :width: 80%
-    :alt: Firefox proxy settings screenshot
+    .. figure:: /_static/images/tor/firefox_proxy.svg
+      :width: 60%
+      :alt: Firefox proxy settings screenshot
 
-9. Click ``OK`` and then restart Firefox for the changes to take effect.
+#. Click ``OK`` and then restart Firefox for the changes to take effect.
 
-10. You’re all set! You should now be able to navigate to ``.onion`` URLs in Firefox. This means you can bookmark Cups Messenger, and use your Bitwarden Tor address in the `Bitwarden Firefox Plugin <https://addons.mozilla.org/en-US/firefox/addon/bitwarden-password-manager/>`_.
+#. You're all set! You should now be able to navigate to ``.onion`` URLs in Firefox. This means you can access tor-only service :ref:`WebUIs <web-ui>`, such as Cups Messenger, and use your :ref:`Vaultwarden<valutwarden>` Tor address in the `Bitwarden Firefox Plugin <https://addons.mozilla.org/en-US/firefox/addon/bitwarden-password-manager/>`_.  You can test this by going to Start9's ``.onion`` homepage, `here <http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion/>`_.

site/source/support/user-manual/configuration/tor-setup/tor-firefox/torff-mac.rst

@@ -7,28 +7,15 @@ Mac
 .. caution::
   This guide assumes you have completed :ref:`setting up Tor<running-tor>`. Please visit this section first before you proceed as it is required for Firefox to properly work with Tor.
 
-1. Open Firefox.
+#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that may appear about accessing advanced settings.
 
-2. Enter ``about:config`` in the URL bar. Accept any warnings that may appear about accessing advanced settings.
+#. Search for ``dom.securecontext.whitelist_onions`` and set the value to ``true``.
 
-3. Search for ``dom.securecontext.whitelist_onions`` and set the value to ``true``.
-
-   .. figure:: /_static/images/tor/firefox_whitelist.png
-    :width: 80%
+   .. figure:: /_static/images/tor/firefox_whitelist.svg
+    :width: 60%
     :alt: Firefox whitelist onions screenshot
 
-4. Download a `Proxy Auto Config` file to inform Firefox how to use the Tor daemon running on your computer. You can get Start9's standard file by following the OS-specific instructions below:
-    Windows:
-
-    Click `here <https://registry.start9labs.com/sys/proxy.pac>`_ to get the file and save the file somewhere you won’t delete it.  Please remember the location you save the file in if you do not use our example location.  For this example:
-
-    .. code-block::
-
-      C:\Program Files\Tor Browser\proxy.pac
-
-    Mac:
-
-    Open the ``Terminal`` App on your Mac. You can find it in your list of Applications.  In the terminal, enter:
+#. Download a `Proxy Auto Config` file to inform Firefox how to use the Tor daemon running on your computer. You can get Start9's standard file by opening the ``Terminal`` App on your Mac. You can find it in your list of Applications.  In the terminal, enter:
 
     .. code-block::
 
@@ -40,55 +27,30 @@ Mac
 
       wget -P /usr/local/etc/tor https://registry.start9labs.com/sys/proxy.pac
 
-    Linux:
+#. Now, back in your Firefox web browser, select ``Settings`` from the right-hand hamburger menu:
 
-    From a terminal, enter:
-
-    .. code-block::
-
-      sudo wget -P /etc/tor https://registry.start9labs.com/sys/proxy.pac
-
-
-5. Now open your Firefox web browser, and select options (Windows), or preferences (Mac/Linux):
-
-   .. figure:: /_static/images/tor/firefox_options_windows.png
-    :width: 80%
+   .. figure:: /_static/images/tor/os_ff_settings.svg
+    :width: 30%
     :alt: Firefox options screenshot
 
-    Select :menuselection:``Settings --> Options``
+#. Search for the term “proxy” in the search bar in the upper right, then select the button that says ``Settings…``:
 
-
-6. Search for the term “proxy” in the search bar in the upper right, then select the button that says ``Settings…``:
-
-   .. figure:: /_static/images/tor/firefox_search.png
-    :width: 80%
+   .. figure:: /_static/images/tor/firefox_search.svg
+    :width: 60%
     :alt: Firefox search screenshot
 
-7. This should open a menu that will allow you to configure your proxy settings. Select ``Automatic proxy configuration URL`` and paste in the path to your PAC file from earlier, prefixed with ``file://``. For example:
-    Windows:
-
-    .. code-block::
-
-      file://C:/Program Files/Tor Browser/proxy.pac
-
-    Mac:
+#. This should open a menu that will allow you to configure your proxy settings. Select ``Automatic proxy configuration URL`` and paste in the path to your PAC file from earlier, prefixed with ``file://``. For example:
 
     .. code-block::
 
       file:///usr/local/etc/tor/proxy.pac
 
-    Linux:
+#. Then, check the box labeled ``Proxy DNS when using SOCKS v5``:
 
-    .. code-block::
-
-      file:///etc/tor/proxy.pac
-
-8. Then, check the box labeled ``Proxy DNS when using SOCKS v5``:
-
-   .. figure:: /_static/images/tor/firefox_proxy.png
-    :width: 80%
+   .. figure:: /_static/images/tor/firefox_proxy.svg
+    :width: 60%
     :alt: Firefox proxy settings screenshot
 
-9. Click ``OK`` and then restart Firefox for the changes to take effect.
+#. Click ``OK`` and then restart Firefox for the changes to take effect.
 
-10. You’re all set! You should now be able to navigate to ``.onion`` URLs in Firefox. This means you can bookmark Cups Messenger, and use your Bitwarden Tor address in the `Bitwarden Firefox Plugin <https://addons.mozilla.org/en-US/firefox/addon/bitwarden-password-manager/>`_.
+#. You're all set! You should now be able to navigate to ``.onion`` URLs in Firefox. This means you can access tor-only service :ref:`WebUIs <web-ui>`, such as Cups Messenger, and use your :ref:`Vaultwarden<valutwarden>` Tor address in the `Bitwarden Firefox Plugin <https://addons.mozilla.org/en-US/firefox/addon/bitwarden-password-manager/>`_.  You can test this by going to Start9's ``.onion`` homepage, `here <http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion/>`_.

site/source/support/user-manual/configuration/tor-setup/tor-firefox/torff-windows.rst

@@ -4,15 +4,14 @@
 Windows
 =======
 
-.. caution::
-  This guide assumes you have completed :ref:`setting up Tor<running-tor>`. Please visit this section first before you proceed as it is required for Firefox to properly work with Tor.
+.. caution::  This guide assumes you have completed :ref:`setting up Tor<running-tor>`. Please visit this section first before you proceed as it is required for Firefox to properly work with Tor.
 
 #. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that may appear about accessing advanced settings.
 
 #. Search for ``dom.securecontext.whitelist_onions`` and set the value to ``true``.
 
-    .. figure:: /_static/images/tor/firefox_whitelist.png
-      :width: 80%
+    .. figure:: /_static/images/tor/firefox_whitelist.svg
+      :width: 60%
       :alt: Firefox whitelist onions screenshot
 
 #. Download a `Proxy Auto Config` file to inform Firefox how to use the Tor daemon running on your computer. You can get Start9's standard file by following instructions below:
@@ -23,17 +22,17 @@ Windows
 
       C:\Program Files\Tor Browser\proxy.pac
 
-#. Now open your Firefox web browser, and select ``Settings -> Options``:
+#. Now, back in your Firefox web browser, select ``Options`` from the right-hand hamburger menu:
 
-    .. figure:: /_static/images/tor/firefox_options_windows.png
-      :width: 80%
+    .. figure:: /_static/images/tor/firefox_options_windows.svg
+      :width: 60%
       :alt: Firefox options screenshot
 
 
 #. Search for the term “proxy” in the search bar in the upper right, then select the button that says ``Settings…``:
 
-    .. figure:: /_static/images/tor/firefox_search.png
-      :width: 80%
+    .. figure:: /_static/images/tor/firefox_search.svg
+      :width: 60%
       :alt: Firefox search screenshot
 
 #. This should open a menu that will allow you to configure your proxy settings. Select ``Automatic proxy configuration URL`` and paste in the path to your PAC file from earlier, prefixed with ``file://``. For example:
@@ -44,10 +43,10 @@ Windows
 
 #. Then, check the box labeled ``Proxy DNS when using SOCKS v5``:
 
-    .. figure:: /_static/images/tor/firefox_proxy.png
-      :width: 80%
+    .. figure:: /_static/images/tor/firefox_proxy.svg
+      :width: 60%
       :alt: Firefox proxy settings screenshot
 
 #. Click ``OK`` and then restart Firefox for the changes to take effect.
 
-#. You're all set! You should now be able to navigate to ``.onion`` URLs in Firefox. You can test by going to Start9's ``.onion`` homepage, `here <http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion/>`_. This means you can access tor-only service :ref:`WebUIs <web-ui>`, such as Cups Messenger, and use your Bitwarden Tor address in the `Bitwarden Firefox Plugin <https://addons.mozilla.org/en-US/firefox/addon/bitwarden-password-manager/>`_.
+#. You're all set! You should now be able to navigate to ``.onion`` URLs in Firefox. This means you can access tor-only service :ref:`WebUIs <web-ui>`, such as Cups Messenger, and use your :ref:`Vaultwarden<valutwarden>` Tor address in the `Bitwarden Firefox Plugin <https://addons.mozilla.org/en-US/firefox/addon/bitwarden-password-manager/>`_.  You can test this by going to Start9's ``.onion`` homepage, `here <http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion/>`_.

site/source/support/user-manual/configuration/tor-setup/tor-os/index.rst

@@ -1,8 +1,8 @@
 .. _tor-os:
 
-==================
-Using Tor Natively
-==================
+=====================
+Setup Tor for Devices
+=====================
 
 Select your Operating System to setup Tor to run in the background (natively) of any device that you might want to use to access your Embassy with remotely.
 

site/source/support/user-manual/configuration/tor-setup/tor-os/tor-android.rst

@@ -6,79 +6,80 @@ Android
 
 Some apps, such as :ref:`Tor Browser<tor-browser>`, have Tor built in. They do not require additional software or configurations to utilize Tor. Most apps, however, do not have Tor built in. They require an app called Orbot to be installed in order to utilize the Tor Network.
 
-.. youtube:: b__mVfN-BP8
+  .. youtube:: b__mVfN-BP8
 
-Running Orbot
+  Running Orbot
 -------------
 
 Orbot is a system wide proxy for your Android device that enables communications over Tor.
 
-1. Download Orbot from the `Play Store <https://play.google.com/store/apps/details?id=org.torproject.android>`_ , or from `F-Droid <https://f-droid.org/packages/org.torproject.android>`_.
+1. Download and install Orbot from the `Play Store <https://play.google.com/store/apps/details?id=org.torproject.android>`_, or from `F-Droid <https://f-droid.org/packages/org.torproject.android>`_ (must open with F-Droid app).
+
+  .. tip:: When using F-Droid, you will want to activate the Guardian Project repository by visiting the ``Settings`` menu (bottom right) -> ``Repositories`` -> ``Guardian Project Official Releases``
 
 2. Launch Orbot.
 
 3. Open the kebab menu in the upper right hand corner and select `Settings`:
 
-.. figure:: /_static/images/tor/orbot_menu.png
-  :width: 50%
-  :alt: Orbot menu
+  .. figure:: /_static/images/tor/orbot_menu.svg
+    :width: 50%
+    :alt: Orbot menu
 
 4. Make sure the options for `Start Orbot on Boot` and `Allow Background Starts` are checked:
 
-.. figure:: /_static/images/tor/orbot_settings.png
-  :width: 50%
-  :alt: Orbot settings
+  .. figure:: /_static/images/tor/orbot_settings.svg
+    :width: 50%
+    :alt: Orbot settings
 
 5. Go back, and tap start:
 
-.. figure:: /_static/images/tor/orbot_start.png
-  :width: 50%
-  :alt: Orbot start
+  .. figure:: /_static/images/tor/orbot_start.svg
+    :width: 50%
+    :alt: Orbot start
 
 6. Orbot will start up the Tor service. Once complete, you will see:
 
-.. figure:: /_static/images/tor/orbot_started.png
-  :width: 50%
-  :alt: Orbot started
+  .. figure:: /_static/images/tor/orbot_started.svg
+    :width: 50%
+    :alt: Orbot started
 
-7. That's it. Certain apps, such as Firefox or DuckDuckGo will now just work. Other apps, however, require that Orbot be running VPN mode.
+7. That's it, you're now running a Tor client on your Android device! Certain apps, such as Firefox, Fennec, and DuckDuckGo will now just work. Other apps, however, require that Orbot be running VPN mode.
 
 Orbot VPN mode
 --------------
 
-To utilize Tor, most apps require that Orbot be running in VPN mode.
+To utilize Tor, some apps require that Orbot be running in VPN mode.  This means that you are sending your application's traffic across the Tor network via Orbot.
 
-1. Disable Private DNS on your device. To do so, navigate to:
+1. Disable Private DNS on your device. Note: This is not necessary if running GrapheneOS.  To do edit Private DNS, navigate to:
 
    ``Settings > Network & Internet > Advanced > Private DNS > Off``
 
-.. figure:: /_static/images/tor/private_dns_off.png
-  :width: 50%
-  :alt: Private DNS off
+  .. figure:: /_static/images/tor/private_dns_off.svg
+    :width: 50%
+    :alt: Private DNS off
 
   Toggle Private DNS to "off"
 
 2. Launch Orbot and toggle VPN Mode on:
 
-.. figure:: /_static/images/tor/orbot_vpn.png
-  :width: 50%
-  :alt: Orbot vpn mode
+  .. figure:: /_static/images/tor/orbot_vpn.svg
+    :width: 50%
+    :alt: Orbot vpn mode
 
   Toggle VPN Mode to "on"
 
 Under `Tor-Enabled Apps`, click the gear icon and add apps you want to utilize Tor.
 
-.. figure:: /_static/images/tor/orbot_apps.png
-  :width: 50%
-  :alt: Orbot apps
+  .. figure:: /_static/images/tor/orbot_apps.svg
+    :width: 50%
+    :alt: Orbot apps
 
 Examples of applications that need this feature are:
 
 - Bitwarden
 - Element (Matrix)
-- Zeus
 
 You can also add the following browsers to the Tor-Enabled Apps list to easily access Tor addresses (`.onion` URLs):
 
 - Chrome
-- Firefox
+- Vanadium

site/source/support/user-manual/configuration/tor-setup/tor-os/tor-ios.rst

@@ -4,4 +4,4 @@
 iOS
 ===
 
-Unforutnately, Tor it is not currently possible to run Tor natively on iOS.  Please see :ref:`iOS Limitations<lim-ios>` for details.
+Unforutnately, it is not currently possible to run Tor natively on iOS.  Please see :ref:`iOS Limitations<lim-ios>` for details and workarounds.

site/source/support/user-manual/configuration/tor-setup/tor-os/tor-mac.rst

@@ -7,36 +7,36 @@ Mac
 Install Homebrew
 ----------------
 
-1. If you do not have Homebrew installed, follow the installation instructions `here <https://brew.sh/>`_.  TLDR: Open the Terminal and paste the following line:
+#. If you do not have Homebrew installed, follow the installation instructions `here <https://brew.sh/>`_.  TLDR: Open the Terminal and paste the following line:
 
     .. code-block::
 
         /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)"
 
-2. You will be prompted for your system password before installation; proceed with entering your password:
+    .. note:: On new (M1) Macs, you might need to be root for this in which case add ``sudo`` at the front of the command, with a space before ``/bin/bash``
 
-.. figure:: /_static/images/tor/install_homebrew.png
-    :width: 80%
-    :alt: Homebrew installation
+#. You will be prompted for your system password before installation; proceed with entering your password.  You may be asked more than once.
 
-    Enter your password
+    .. figure:: /_static/images/tor/install_homebrew.svg
+        :width: 80%
+        :alt: Homebrew installation
 
-3. You will be notified which directories Homebrew is going to create, hit :code:`RETURN`:
+#. You will be notified which directories Homebrew is going to create, hit :code:`RETURN`:
 
-.. figure:: /_static/images/tor/install_homebrew1.png
-    :width: 80%
-    :alt: Homebrew installation
+    .. figure:: /_static/images/tor/install_homebrew1.svg
+        :width: 80%
+        :alt: Homebrew installation
 
-Homebrew creates the directories and downloads any other files it needs e.g. “Command Line Tool for Xcode” and “Homebrew”.
+    Homebrew creates the directories and downloads any other files it needs e.g. “Command Line Tool for Xcode” and “Homebrew”.
 
-Wait a few minutes while it downloads and installs what it needs.
+    Wait a few minutes while it downloads and installs what it needs.
 
 .. warning:: Surprisingly, Homebrew uses Google Analytics to collect anonymous usage data. You can deselect the option to share usage data by `opting out <https://docs.brew.sh/Analytics#opting-out>`_.
 
 Install Tor
 -----------
 
-.. warning:: If you have the Tor Browser open, close it and quit the application.
+.. caution:: If you have the Tor Browser open, close it and quit the application.
 
 #. In the command line, install Tor:
 
@@ -46,7 +46,7 @@ Install Tor
 
     Once it is finished you have the following options:
 
-    .. figure:: /_static/images/tor/install_tor.png
+    .. figure:: /_static/images/tor/install_tor.svg
         :width: 80%
         :alt: Tor installation
 
@@ -56,4 +56,4 @@ Install Tor
 
         brew services start tor
 
-This will start Tor and ensure that it is always running, even after a restart.  See the `Tor Project <https://2019.www.torproject.org/docs/tor-doc-osx.html.en>`_ for more details.
+This will start Tor and ensure that it is always running, even after a restart.  See the `Tor Project docs <https://2019.www.torproject.org/docs/tor-doc-osx.html.en>`_ for more details.

site/source/support/user-manual/walkthrough/overview.rst

@@ -32,7 +32,7 @@ The Embassy Tab is where you can perform :ref:`Backups<backups>`, get Insights i
 Backups
 =======
 
-One of the most important actions you can do on your Embassy is to keep a regular backup of your data.  See the following page on :ref:`Backups<backup>`, and select your device for more details.  In this section, you can create, and restore from, backups.
+One of the most important actions you can do on your Embassy is to keep a regular backup of your data.  See the page on :ref:`Backups<backups>`, and select your device for more details.  In this section, you can create, and restore from, backups.
 
 Insights
 ========