Domain is no longer under my control.

I have no way to contact Lena, but she's back. So let's talk? You could've talked to me, what's up? I have a FUCK ton of work put into the guide, over the past years, and you just swoop down from your high horse? Let's chat. Seriously. Your site's broken, your links don't work at all, the design is meh. Not saying I'm not glad you're back, but this isn't how we do things around here. You can be cool and come talk to me. Please? Let's squash this beef you have where you saw my work and decided it wasn't good enough? Years of working on a personal project gone, for what? I have so much more to put into this project. The whole organization is basically still under my control, but now I don't have a platform. I control the Open Collective, the anonymousplanet.net domain, I have the knowledge, and you know you need me for this. Why are you cutting me off? Why not just come back and talk? Do people ever just call or text or email anymore? Before shoving a knife in someone's gut...
chore(export): update PDFs, hashes and signatures [skip ci]
2026-06-21 04:58:04 +02:00 · 2026-06-01 12:50:20 -04:00 · 2026-05-31 10:29:39 +00:00 · 2026-05-31 06:24:20 -04:00 · 2026-05-31 03:42:30 -04:00 · 2026-05-30 11:49:26 -04:00
27 changed files with 11692 additions and 11643 deletions
@@ -1,7 +1,7 @@
-# 1. Push to main → build.yml runs automatically → note the run ID
+# 1. Push to main → 01-build.yml runs automatically → note the run ID
-# 2. Manually trigger sign.yml with that build run ID → note the sign run ID
+# 2. Manually trigger 02-sign.yml with that build run ID → note the sign run ID
-# 3. Manually trigger release.yml with: version=v1.2.5, sign_run_id=<id>
+# 3. Manually trigger 03-release.yml with: version=v1.2.5, sign_run_id=<id>
-# 4. Manually trigger changelog.yml with: version=v1.2.5
+# 4. Manually trigger 04-changelog.yml with: version=v1.2.5
 name: 📖 Build PDFs
@@ -24,7 +24,7 @@ on:
      - "docs/**"
      - "mkdocs.yml"
      - "scripts/**"
-      - ".github/workflows/build.yml"
+      - ".github/workflows/01-build.yml"
 permissions:
  contents: read
@@ -142,7 +142,7 @@ jobs:
            git push origin main
          fi
-      # Upload artifacts for release.yml and verify job to consume
+      # Upload artifacts for 03-release.yml and verify job to consume
      - name: 📤 Upload signatures artifact
        uses: actions/upload-artifact@v4
        with:
@@ -1,14 +1,13 @@
 name: 🚀 Release
 # Manual only — run this deliberately after build and sign are confirmed good.
-# Provide the sign.yml run ID to pull artifacts from. The release tag is
+# Provide the 02-sign.yml run ID to pull artifacts from. The release tag is
-# generated automatically as release-YYYYMMDD-<short-sha> — no version input
+# automatically passed to the tag input. Exports "inputs.version" to $TAG.
 # needed, no semver drift possible.
 on:
  workflow_dispatch:
    inputs:
      sign_run_id:
-        description: 'sign.yml run ID to pull signatures and PDFs from'
+        description: '02-sign.yml run ID to pull signatures and PDFs from'
        required: true
        type: string
      prerelease:
@@ -16,6 +15,10 @@ on:
        required: false
        default: false
        type: boolean
      version:
        description: 'Version string to record (e.g. v1.2.4) — required'
        required: true
        type: string
 permissions:
  contents: write # create releases and tags
@@ -95,7 +98,7 @@ jobs:
        run: |
          SHORT_SHA=$(echo "${{ github.sha }}" | cut -c1-7)
          DATE=$(date -u +'%Y%m%d')
-          TAG="release-${DATE}-${SHORT_SHA}"
+          TAG="${{ inputs.version }}"
          NAME="Release ${DATE} (${SHORT_SHA})"
          echo "tag=$TAG"   >> $GITHUB_OUTPUT
          echo "name=$NAME" >> $GITHUB_OUTPUT
@@ -108,12 +111,12 @@ jobs:
          tag_name:   ${{ steps.tag.outputs.tag }}
          name:       ${{ steps.tag.outputs.name }}
          prerelease: ${{ inputs.prerelease || false }}
-          draft:      false
+          draft:      true
          fail_on_unmatched_files: false
          body: |
            ## 📖 The Hitchhiker's Guide to Online Anonymity
-            Built from [`${{ github.sha }}`](${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }}) on `${{ github.ref_name }}`.
+            Built from [`${{ inputs.version }}`](${{ github.server_url }}/${{ github.repository }}/releases/tag/${{ inputs.version }}).
            ---
@@ -1,25 +0,0 @@
 name: 🗑️ DEPRECATED — Build & Sign & Release (combined)
 # DEPRECATED — replaced by build.yml, sign.yml, and release.yml
 # This workflow is disabled. It is kept only as a reference until the
 # split workflows have been confirmed stable in production.
 # Do not trigger this workflow.
 on:
  workflow_dispatch:
    inputs:
      _disabled:
        description: 'This workflow is deprecated. Use build.yml → sign.yml → release.yml instead.'
        required: false
        type: string
 jobs:
  noop:
    name: Deprecated — no-op
    runs-on: ubuntu-latest
    steps:
      - name: ❌ Workflow is deprecated
        run: |
          echo "This workflow is deprecated."
          echo "Use build.yml → sign.yml → release.yml instead."
          exit 1
@@ -1 +1 @@
-anonymousplanet.org
+www.anonymousplanet.org
@@ -57,16 +57,16 @@ To contact me, see the updated information on the website or send an e-mail to <
 **Please consider [donating](../guide/index.md#donations) if you enjoy the project and want to support the hosting fees or support the funding of initiatives like the hosting of Tor Exit Nodes.**
-### Recommended Reading
+???+ example "Recommended Reading"
-Some of those resources may, in order to sustain their project, contain or propose:
+    Some of those resources may, in order to sustain their project, contain or propose:
- Sponsored commercial content
+    - Sponsored commercial content
- Monetized content through third party platforms (such as YouTube)
+    - Monetized content through third party platforms (such as YouTube)
- Affiliate links to commercial services
+    - Affiliate links to commercial services
- Paid Services such as consultancy
+    - Paid Services such as consultancy
- Premium content such as ad-free content or updated content
+    - Premium content such as ad-free content or updated content
- Merchandising
+    - Merchandising
 _Note that these websites could contain affiliate/sponsored content and/or merchandising. This guide does not endorse and is not sponsored by any commercial entity in any way._
@@ -74,7 +74,7 @@ If you skipped those, you should really still consider viewing this YouTube play
 _Anonymous Planet_ **does not** participate in any sponsoring, endorsement, advertising, or other affiliate programs for any entity. We only rely on anonymous donations in a closed, transparent loop system.
-??? Note "Privacy related"
+??? tip "Privacy related"
    - AnarSec: <https://www.anarsec.guide/>
    - EFF Surveillance Self-Defense: <https://ssd.eff.org/>
@@ -84,14 +84,14 @@ _Anonymous Planet_ **does not** participate in any sponsoring, endorsement, adve
    - The New Oil: <https://thenewoil.org>
    - PrivacyTools.io: <https://privacytools.io>
-??? Note "Blogs and personal websites"
+??? tip "Blogs and personal websites"
    - CIA Officer's Blog: <https://officercia.mirror.xyz/>
    - Continuing Ed: <https://edwardsnowden.substack.com/>
    - Madaidan's Insecurities: <https://madaidans-insecurities.github.io/>
    - Seirdy's Home: <https://seirdy.one/>
-??? Note "Useful resources"
+??? tip "Useful resources"
    - KYC? Not me: <https://kycnot.me/>
    - Library Genesis: <https://en.wikipedia.org/wiki/Library_Genesis> <sup>[[Wikiless]](https://wikiless.com/wiki/Library_Genesis)</sup> (see their latest known URL in the Wikipedia article)
@@ -100,7 +100,7 @@ _Anonymous Planet_ **does not** participate in any sponsoring, endorsement, adve
    - Terms of Service, Didn't Read: <https://tosdr.org>
    - Whonix Documentation: <https://www.whonix.org/wiki/Documentation>
-??? Note "We are not affiliated with Anonymous or Riseup"
+??? note "We are not affiliated with Anonymous or Riseup"
    One or two of our community members uses or has used the resources of Riseup. We are not affiliated with Riseup in any manner.
@@ -20,6 +20,28 @@ Notable changes to the guide and its tooling. Follows [Keep a Changelog](https:/
 ---
 ## [v1.2.4]
 !!! Note "Meta"
    - Rename workflows (GH - now we can know the order)
 !!! Note "Changed"
    - Change the repo URL for our tor mirror
    - Fix recommended reading admonition
    - Refactoring some things and removing others
    - More meta changes to the pipeline
    - Rewrite developer guide for current pipeline
 !!! Note "Fixed"
    - Fix an inline reference
    - Use the Anonymous Planet RSK for releases (we used the MSK for testing)
    - Prevent history dump and filter noise commits
    - Actually save per-page PDFs for qpdf, not PNGs
    - Fail fast with helpful message if pdftoppm or qpdf missing
 ## [v1.2.3]
 CI/CD pipeline split into independent stages, dark PDF quality improved, release signing automated, and the changelog now updates itself on every build. Skipping v1.2.2 which was a placeholder and contained broken Python unsuitable for a tag/release.
@@ -28,17 +50,17 @@ CI/CD pipeline split into independent stages, dark PDF quality improved, release
    - **Dark mode PDF** (`scripts/convert.py`): pixel-level converter replaces the broken `--prefers-color-scheme=dark` Chromium flag. Produces a 200 DPI hacker-themed PDF (`#1f1f31` background, `#e0e0e0` text, `#5e8bde` links) with batched page processing to avoid OOM on large documents.
    - **Three independent CI workflows** replacing the old monolithic `build-sign-release.yml`:
-        - `build.yml`: builds PDFs and uploads them as an artifact; no secrets required, can be re-run freely.
+        - `01-build.yml`: builds PDFs and uploads them as an artifact; no secrets required, can be re-run freely.
-        - `sign.yml`: downloads the PDF artifact, computes SHA-256 and BLAKE2b hashes, GPG-signs all outputs, and uploads a `signatures` artifact. Can be re-run against any historical build.
+        - `02-sign.yml`: downloads the PDF artifact, computes SHA-256 and BLAKE2b hashes, GPG-signs all outputs, and uploads a `signatures` artifact. Can be re-run against any historical build.
-        - `release.yml`: downloads both artifacts, uploads to VirusTotal, and publishes a tagged GitHub Release with all 12 assets attached. Can be triggered manually against any previous sign run.
+        - `03-release.yml`: downloads both artifacts, uploads to VirusTotal, and publishes a tagged GitHub Release with all 12 assets attached. Can be triggered manually against any previous sign run.
    - **`scripts/update_changelog.py`**: reads `git log` since the last version tag, categorises commits by conventional-commit prefix, and prepends a new entry to this file automatically after each successful build.
-    - **`changelog.yml`** workflow: commits the auto-generated changelog entry back to `main` after every build, with `dry_run` and `manual_version` dispatch inputs for safe local testing.
+    - **`04-changelog.yml`** workflow: commits the auto-generated changelog entry back to `main` after every build, with `dry_run` and `manual_version` dispatch inputs for safe local testing.
    - **`scripts/tag_release.py`**: interactive guided helper for maintainers to create GPG-signed annotated tags. Checks clean tree and branch, auto-increments the version, pulls the message from the changelog, resolves the release signing key, creates and verifies the tag, then prints the push command.
    - **`docs/code/develop.md`**: full developer reference covering prerequisites, local build instructions, the pipeline flow, all required GitHub Secrets, the release process, verification steps, and a troubleshooting section for every known CI failure mode.
 !!! warning "Changed"
-    - `build-sign-release.yml` deprecated - push triggers removed, manual dispatch only. Will be deleted once in-flight runs complete.
+    - `build-sign-release.yml` deprecated (now removed) - push triggers removed, manual dispatch only. Will be deleted once in-flight runs complete.
    - The full pipeline (build → sign → release → changelog) now chains automatically via `workflow_run` on every push to `main`.
    - GPG signing uses `--pinentry-mode loopback` and `--passphrase-fd 0` to avoid interactive prompts on headless runners.
    - VirusTotal scans moved to the release stage so they run once per release, not once per build.
@@ -79,5 +101,6 @@ First automated PDF build and the start of the CI pipeline.
 ---
 [v1.2.4]: https://github.com/Anon-Planet/thgtoa/releases/tag/v1.2.4
 [v1.2.3]: https://github.com/Anon-Planet/thgtoa/releases/tag/v1.2.3
 [v1.2.1]: https://github.com/Anon-Planet/thgtoa/releases/tag/v1.2.1
@@ -52,26 +52,25 @@ You also need **Google Chrome** or **Microsoft Edge** installed for the light-mo
 ```
 .github/
  workflows/
-    build.yml              # builds PDFs, uploads artifact
+    01-build.yml      # builds PDFs, uploads artifact
-    sign.yml               # hashes + GPG signs, uploads signatures artifact
+    02-sign.yml       # hashes + GPG signs, uploads signatures artifact
-    release.yml            # publishes GitHub Release with all assets
+    03-release.yml    # publishes GitHub Release with all assets
-    changelog.yml          # prepends a new entry to docs/changelog/index.md
+    04-changelog.yml  # prepends a new entry to docs/changelog/index.md
-    publish.yml            # deploys MkDocs site to GitHub Pages
+    publish.yml       # deploys MkDocs site to GitHub Pages
    build-sign-release.yml # DEPRECATED - fails on trigger, kept for reference
 docs/
-  guide/index.md           # the guide (single Markdown file)
+  guide/index.md      # the guide (single Markdown file)
-  changelog/               # release notes
+  changelog/          # release notes
-  code/                    # this page
+  code/               # this page
-export/                    # PDF output (PDFs gitignored; .sha256, .b2sum, .asc tracked)
+export/               # PDF output (PDFs gitignored; .sha256, .b2sum, .asc tracked)
-pgp/                       # public signing keys
+pgp/                  # public signing keys
 scripts/
-  build_guide_pdf.py       # MkDocs + Chromium PDF builder
+  build_guide_pdf.py  # MkDocs + Chromium PDF builder
-  convert.py               # pixel-based dark mode PDF converter
+  convert.py          # pixel-based dark mode PDF converter
-  update_changelog.py      # auto-generates changelog entries from git log
+  update_changelog.py # auto-generates changelog entries from git log
-  setup_workflow.py        # GitHub Secrets setup assistant
+  setup_workflow.py   # GitHub Secrets setup assistant
-  verify_pdf.py            # signature verification helper
+  verify_pdf.py       # signature verification helper
  archived/
-    tag_release.py         # ARCHIVED - GPG tag helper (not used in current flow)
+    tag_release.py    # ARCHIVED - GPG tag helper (not used in current flow)
 ```
 ---
@@ -120,39 +119,39 @@ Opens at `http://127.0.0.1:8000`.
 ## CI/CD pipeline overview
-The pipeline is fully manual after the initial build - no step automatically triggers the next. This prevents version mismatches between what was built, what was signed, and what gets released.
+The pipeline is fully manual after the initial build - no step automatically triggers the next. This prevents version mismatches between what was built, what was signed, and what gets released. The workflows are numbered to help guide you.
 ```
 push to main  (or manual trigger)
      │
      ▼
-  build.yml
+  01-build.yml
  Builds thgtoa.pdf + thgtoa-dark.pdf.
  Uploads artifact: pdfs
  Note the run ID.
      │
-      │  # manually trigger sign.yml with the build run ID
+      │  # manually trigger 02-sign.yml with the build run ID
      ▼
-  sign.yml
+  02-sign.yml
  Downloads pdfs artifact. Hashes (SHA-256 + BLAKE2b) and GPG-signs
  all files. Commits export/ back to main. Uploads artifacts:
  signatures, pdfs-signed
  Note the run ID.
      │
-      │  # manually trigger release.yml with the sign run ID
+      │  # manually trigger 03-release.yml with the sign run ID
      ▼
-  release.yml
+  03-release.yml
  Downloads signatures + pdfs-signed artifacts. Runs VirusTotal.
  Creates GitHub Release tagged release-YYYYMMDD-<short-sha>.
      │
-      │  # manually trigger changelog.yml with the version string
+      │  # manually trigger 04-changelog.yml with the version string
      ▼
-  changelog.yml
+  04-changelog.yml
  Runs update_changelog.py, prepends a new ## [vX.Y.Z] entry,
  commits back to main.
 ```
-Each stage is independent. If signing fails (e.g. an expired key), re-run only `sign.yml` pointing at the existing build artifact - no need to rebuild the PDFs.
+Each stage is independent. If signing fails (e.g. an expired/revoked key, other problems in CI), re-run only `02-sign.yml` pointing at the existing build artifact - no need to rebuild the PDFs.
 !!! warning "Before you push"
@@ -166,7 +165,7 @@ Each stage is independent. If signing fails (e.g. an expired key), re-run only `
 ### 1. Trigger a build
-Push to `main` - `build.yml` runs automatically when `docs/`, `mkdocs.yml`, or `scripts/` change. You can also trigger it manually from **Actions → Build PDFs → Run workflow**.
+Push to `main` - `01-build.yml` runs automatically when `docs/`, `mkdocs.yml`, or `scripts/` change. You can also trigger it manually from **Actions → Build PDFs → Run workflow**.
 Once it completes successfully, **note the run ID** from the URL or the Actions list.
@@ -180,7 +179,7 @@ Go to **Actions → Sign PDFs → Run workflow**.
 |-------|-------|
 | `build_run_id` | The run ID from step 1 |
-`sign.yml` will:
+`02-sign.yml` will:
 - Download the PDFs artifact from the build run
 - Compute SHA-256 and BLAKE2b hashes, writing `thgtoa.pdf.sha256`, `thgtoa.pdf.b2sum`, `sha256sums.txt`, `b2sums.txt`, and the dark equivalents
@@ -201,7 +200,7 @@ Go to **Actions → Release → Run workflow**.
 | `sign_run_id` | The run ID from step 2 |
 | `prerelease` | `false` for a normal release |
-`release.yml` will:
+`03-release.yml` will:
 - Download `signatures` and `pdfs-signed` artifacts from the sign run
 - Upload both PDFs to VirusTotal
@@ -221,7 +220,7 @@ Go to **Actions → Update Changelog → Run workflow**.
 | `version` | The human-readable version string, e.g. `v1.2.4` |
 | `dry_run` | `true` to preview without committing |
-`changelog.yml` runs `scripts/update_changelog.py`, which:
+`04-changelog.yml` runs `scripts/update_changelog.py`, which:
 - Reads git log since the last `## [vX.Y.Z]` heading in the changelog
 - Categorises commits into Added / Changed / Fixed using conventional-commit prefixes
@@ -249,7 +248,7 @@ This format is always unique, requires no version decision at release time, and
 ## Commit message format
-All commits must follow the [Conventional Commits](https://www.conventionalcommits.org) format. This is enforced by the `commitizen` pre-commit hook.
+All commits must follow the [Conventional Commits](https://www.conventionalcommits.org) format. This is enforced by the `commitizen` pre-commit hook. Not because we want to limit cooperation with others, but becasue it promotes a cleaner Changelog; we can avoid all the noise by doing this programatically.
 ```
 <type>(<scope>): <description>
@@ -297,7 +296,7 @@ The passphrase protecting the private key above. Must match exactly - no trailin
 ### `ACTIONS_SSH_SIGNING_KEY`
-An SSH private key used by `sign.yml` to sign the commit that pushes `export/` back to `main`. Generate a dedicated key for this:
+An SSH private key used by `02-sign.yml` to sign the commit that pushes `export/` back to `main`. Generate a dedicated key for this:
 ```bash
 ssh-keygen -t ed25519 -C "github-actions signing key" -f actions_signing_key
@@ -307,11 +306,11 @@ Add the **private key** as the `ACTIONS_SSH_SIGNING_KEY` secret, and the **publi
 ### `VT_API_KEY`
-A [VirusTotal](https://www.virustotal.com) API key with file upload permissions. Used by `release.yml` to scan both PDFs before publishing. Get one by creating a free account at `virustotal.com` → API key under your profile. The free tier (4 lookups/minute, 500/day) is sufficient.
+A [VirusTotal](https://www.virustotal.com) API key with file upload permissions. Used by `03-release.yml` to scan both PDFs before publishing. Get one by creating a free account at `virustotal.com` → API key under your profile. The free tier (4 lookups/minute, 500/day) is sufficient.
 ### `CHANGELOG_PAT`
-A GitHub Personal Access Token with `contents: write` scope on this repository. Needed because `changelog.yml` commits back to `main` - commits made with the default `GITHUB_TOKEN` do not trigger further workflow runs (GitHub loop-prevention). A PAT bypasses this. If absent, falls back to `GITHUB_TOKEN` - the commit still happens, it just won't trigger downstream workflows.
+A GitHub Personal Access Token with `contents: write` scope on this repository. Needed because `04-changelog.yml` commits back to `main` - commits made with the default `GITHUB_TOKEN` do not trigger further workflow runs (GitHub loop-prevention). A PAT bypasses this. If absent, falls back to `GITHUB_TOKEN` - the commit still happens, it just won't trigger downstream workflows.
 **Creating one:** GitHub → Settings → Developer settings → Personal access tokens → Fine-grained tokens → set Contents to Read and write for this repo only.
@@ -319,11 +318,11 @@ A GitHub Personal Access Token with `contents: write` scope on this repository.
 | Secret | Required by | What happens if missing |
 |--------|------------|------------------------|
-| `GPG_PRIVATE_KEY` | `sign.yml` | Signing step fails - no `.asc` files produced |
+| `GPG_PRIVATE_KEY` | `02-sign.yml` | Signing step fails - no `.asc` files produced |
-| `GPG_PASSPHRASE` | `sign.yml` | GPG import succeeds but signing fails |
+| `GPG_PASSPHRASE` | `02-sign.yml` | GPG import succeeds but signing fails |
-| `ACTIONS_SSH_SIGNING_KEY` | `sign.yml` | Export commit is unsigned (may fail if branch protection requires signed commits) |
+| `ACTIONS_SSH_SIGNING_KEY` | `02-sign.yml` | Export commit is unsigned (may fail if branch protection requires signed commits) |
-| `VT_API_KEY` | `release.yml` | VirusTotal step fails - release is not published |
+| `VT_API_KEY` | `03-release.yml` | VirusTotal step fails - release is not published |
-| `CHANGELOG_PAT` | `changelog.yml` | Falls back to `GITHUB_TOKEN` - changelog updates but commit won't trigger downstream workflows |
+| `CHANGELOG_PAT` | `04-changelog.yml` | Falls back to `GITHUB_TOKEN` - changelog updates but commit won't trigger downstream workflows |
 ---
@@ -350,9 +349,27 @@ b2sum     -c b2sums.txt
 A successful verify looks like:
 ```txt
 gpg: Signature made Sun 31 May 2026 03:23:26 AM EDT
 gpg:                using EDDSA key C3023DBEA3FB38C438BA1EEDCEC60AEDE8B992A2
 gpg: Good signature from "Anonymous Planet Release Signing Key" [ultimate]
 Primary key fingerprint: C302 3DBE A3FB 38C4 38BA  1EED CEC6 0AED E8B9 92A2
 ```
-gpg: Signature made ...
+
-gpg: Good signature from "Anonymous Planet (Release) ..."
+You can safely ignore Github, Codeberg, etc. warnings like "The email in this signature doesn’t match the committer email."
 ```txt
 λ > git tag -v v1.2.3
 object cdc54d8b3bc2b286827b23921d8d4062f85295cf
 type commit
 tag v1.2.3
 tagger nopeitsnothing <no@anonymousplanet.org> 1780212206 -0400
 v1.2.3
 gpg: Signature made Sun 31 May 2026 03:23:26 AM EDT
 gpg:                using EDDSA key C3023DBEA3FB38C438BA1EEDCEC60AEDE8B992A2
 gpg: Good signature from "Anonymous Planet Release Signing Key" [ultimate]
 Primary key fingerprint: C302 3DBE A3FB 38C4 38BA  1EED CEC6 0AED E8B9 92A2
 ```
 ---
@@ -374,10 +391,10 @@ The `GPG_PRIVATE_KEY` secret is missing or malformed. Re-export with `gpg --armo
 **GPG signing fails with `Bad passphrase`**
 The `GPG_PASSPHRASE` secret has a trailing space or newline. Paste it again with no surrounding whitespace.
-**`release.yml` fails on VirusTotal**
+**`03-release.yml` fails on VirusTotal**
 The `VT_API_KEY` is missing, invalid, or over the rate limit (500 requests/day on the free tier). Check the secret and re-run after a few minutes.
-**`sign.yml` fails downloading PDF artifact**
+**`02-sign.yml` fails downloading PDF artifact**
 The `build_run_id` is wrong, or the artifact has expired (90-day retention). Trigger a new build and use the fresh run ID.
 **Changelog already contains version X**
@@ -11112,7 +11112,7 @@ As mentioned before in this guide multiple times, we strongly recommend the use
 - **Stay away from so-called "private" mixers, tumblers and coinjoiners.** You might think this is a good idea, but not only are they useless with cryptocurrencies such as BTC/ETH/LTC, they are also dangerous. They take custody of your coins. Use Monero to anonymize your crypto. Do not use a normal KYC-enabled exchange to buy/sell your Monero (such as Kraken), since this information on your purchases and withdrawals (for intended use) are retained in the exchange. Instead, use a P2P exchange that doesn't require KYC such as what can be found on <https://kycnot.me/>.
- **See [Warning about special tumbling, mixing, coinjoining privacy wallets and services].**
+- **See [Warning about special tumbling, mixing, coinjoining privacy wallets and services](#warning-about-special-tumbling-mixing-coinjoining-privacy-wallets-and-services).**
 ## Using Bitcoin anonymously option
@@ -11148,7 +11148,7 @@ The origin of those BTC cannot be traced back to your real identity due to the u
 **Regarding Zcash: this section previously included use of Zcash but it has been removed in light of newer, more accurate information.**
-## Warning about special tumbling, mixing, coinjoining privacy wallets and services: <sup>[Wikiless](https://wikiless.com/wiki/Cryptocurrency_tumbler) [Archive.org](https://web.archive.org/web/https://wikiless.com/wiki/Cryptocurrency_tumbler)</sup>
+## Warning about special tumbling, mixing, coinjoining privacy wallets and services
 Centralized "private" tumblers, mixers and coinjoiners are not recommended since they do not provide anonymity in a way that truly unlinks an output from its history.  Here are some references about this issue:
@@ -1,2 +1,2 @@
-52ff5f4453c38e37374e6dd0af77a78f8d5912482ce20572e2963b95e142e2e61247c2033ca8e73300a0f70453cd3936d0b94ab8b4f00b6e02d95fe5155a784a  thgtoa.pdf
+39e7f8098d6c9511b98f83f4548ef8bac0d604fe820c4dbe1f731dbdff47676c0800872ba329492427cdfdf66734f55d03e3b4dd95b48e9e2ca2b3b4cd716213  thgtoa.pdf
-7c5c529f28698ed4f69cbc2b7251b60c9770e702007f33c034586f0b8c84a78cdb92886e3f996d4f15c023b069f929a22c6eff7f8bd9d9b46c1fa7c8677785e3  thgtoa-dark.pdf
+ba29fcd4ee9bd43a7ed96752bc372f7d374d69f3d37e33e04d07fd14fe4e62afccbc05471e8ad89632d31045a56eee9bde7c15a0c405f64c977e5e4ac30654fa  thgtoa-dark.pdf
@@ -1,2 +1,2 @@
-ac4e509b2b05c6baae0d63e51107e87ab81c1fe655ea54b4d052381c00fcf6bd  thgtoa.pdf
+ad7b3e327559dd835755615103bb1c59ef6f41ba652f6ee40c8fcdd082914f49  thgtoa.pdf
-6bdb1291611cca1fdf3d0be9d9e83afbe4b2bb148c5fea872b7cbb06b06d4e08  thgtoa-dark.pdf
+1174ec6f1e074b6b0115cea54ee135e82e56771d7129dcf367037a7020d5b39c  thgtoa-dark.pdf
@@ -1,7 +1,7 @@
 -----BEGIN PGP SIGNATURE-----
-iHUEABYKAB0WIQTDAj2+o/s4xDi6Hu3Oxgrt6LmSogUCahrz/QAKCRDOxgrt6LmS
+iHUEABYKAB0WIQTDAj2+o/s4xDi6Hu3Oxgrt6LmSogUCahwNewAKCRDOxgrt6LmS
-ov/+AP9PyENLxi/AbHOARbDs/wsgHXCNJSZ/oSgxgmi9sjBTngD/c2Pj8XauGH1o
+opw7AQDdsg3JaS2vy2ZYCI4L1F+guKHF/zItJUSTj76DdOVzSAD+PKDCa4Io6OO9
-ftHJmfwKvy2Q/FjsBIHiA6gxKtXktAU=
+7v2odiJHOrbYNmte5FhhffUZL8Nz1A4=
-=x6hs
+=oBfF
 -----END PGP SIGNATURE-----
@@ -1 +1 @@
-7c5c529f28698ed4f69cbc2b7251b60c9770e702007f33c034586f0b8c84a78cdb92886e3f996d4f15c023b069f929a22c6eff7f8bd9d9b46c1fa7c8677785e3
+ba29fcd4ee9bd43a7ed96752bc372f7d374d69f3d37e33e04d07fd14fe4e62afccbc05471e8ad89632d31045a56eee9bde7c15a0c405f64c977e5e4ac30654fa
@@ -1,8 +1,8 @@
 -----BEGIN PGP SIGNATURE-----
-iJEEABYKADkWIQSfpUNtDuNgmFFXOCUX7KBfdo3t9gUCaeXaqxsUgAAAAAAEAA5t
+iJEEABYKADkWIQTDAj2+o/s4xDi6Hu3Oxgrt6LmSogUCahwDIRsUgAAAAAAEAA5t
-YW51MiwyLjUrMS4xMiwyLDIACgkQF+ygX3aN7fbdDgEAoSslLR47ydW/3r1wJOPY
+YW51MiwyLjUrMS4xMiwyLDIACgkQzsYK7ei5kqJkrQD/etBsZk8BI71Dn0mgTDIQ
-X/waLkVbkGZpHqwd4RjywwcA/3B7Ci+jUg+yP5TRsuChagEhwyO5vw2DxSlUGoB4
+HaYuAqtld5MmKaV9AxlniWABANt6V/0ivcXSsxajFdvpdu4TI9D4GR07ZeKFjYXV
-+ksH
+EZsM
-=2ja9
+=/p57
 -----END PGP SIGNATURE-----
@@ -1,8 +1,8 @@
 -----BEGIN PGP SIGNATURE-----
-iJEEABYKADkWIQSfpUNtDuNgmFFXOCUX7KBfdo3t9gUCaeXaqxsUgAAAAAAEAA5t
+iJEEABYKADkWIQTDAj2+o/s4xDi6Hu3Oxgrt6LmSogUCahwDHxsUgAAAAAAEAA5t
-YW51MiwyLjUrMS4xMiwyLDIACgkQF+ygX3aN7faErgD/Svj1G+B7gmrZQ6AsLZ5J
+YW51MiwyLjUrMS4xMiwyLDIACgkQzsYK7ei5kqIsEgD+PNgOOJy7GPQUYuaDlxeh
-HfeldxjmrXE99dig1iHtl5IBAMndZZb+95TO03IZ9eLGfYuyTz4GCUanmftsY9yv
+ldQWf58ivLfQ6zpgeSSTiqIA/19EDw+Un9AYuxikZGp39vcNFxEhnwD7dRWZo/Ie
-LAIN
+ZyAE
-=MEd0
+=OrTx
 -----END PGP SIGNATURE-----
@@ -1,7 +1,7 @@
 -----BEGIN PGP SIGNATURE-----
-iHUEABYKAB0WIQTDAj2+o/s4xDi6Hu3Oxgrt6LmSogUCahrz/AAKCRDOxgrt6LmS
+iHUEABYKAB0WIQTDAj2+o/s4xDi6Hu3Oxgrt6LmSogUCahwNegAKCRDOxgrt6LmS
-osMBAPwP7tBv/bIAbXr0PL1atLoqxLsU6T1uMrr+9wAgq+xDwwD9FnT98tFNt2Ql
+ov0tAQCNiaIONY2A6zRVXUcOolOOCJY1pi9SvuJ/yalbTQewawEAsi7bhFYAo6c0
-+ob/WDNBLcJG7EUEy3pUU11ryYOY5wc=
+yAy/jBcGD5E5HzLlmjkGvYcwsvWPfQo=
-=ihf4
+=lnwq
 -----END PGP SIGNATURE-----
@@ -1 +1 @@
-52ff5f4453c38e37374e6dd0af77a78f8d5912482ce20572e2963b95e142e2e61247c2033ca8e73300a0f70453cd3936d0b94ab8b4f00b6e02d95fe5155a784a
+39e7f8098d6c9511b98f83f4548ef8bac0d604fe820c4dbe1f731dbdff47676c0800872ba329492427cdfdf66734f55d03e3b4dd95b48e9e2ca2b3b4cd716213
@@ -1,8 +1,8 @@
 -----BEGIN PGP SIGNATURE-----
-iJEEABYKADkWIQSfpUNtDuNgmFFXOCUX7KBfdo3t9gUCaeXaqxsUgAAAAAAEAA5t
+iJEEABYKADkWIQTDAj2+o/s4xDi6Hu3Oxgrt6LmSogUCahwDIBsUgAAAAAAEAA5t
-YW51MiwyLjUrMS4xMiwyLDIACgkQF+ygX3aN7fatsgEAixDzH+zTnKYMEx3sikWp
+YW51MiwyLjUrMS4xMiwyLDIACgkQzsYK7ei5kqJ6/QEAk2Ta0gygpWKSKstLjKwX
-dsNTiHTU6wJY/brVJIU879UBAJntBIq72vqwKtMb/ZlVvomdDvKVllZw8ZsYBz1n
+wmqIyrEza93Xk22owhYi3FAA/jQslZb0MahgPZyf3PQ8syUlBJS8gKQ8nBEpf5BO
-aTkM
+Q/EK
-=vkgy
+=Fvmv
 -----END PGP SIGNATURE-----
@@ -1,8 +1,8 @@
 -----BEGIN PGP SIGNATURE-----
-iJEEABYKADkWIQSfpUNtDuNgmFFXOCUX7KBfdo3t9gUCaeXaqxsUgAAAAAAEAA5t
+iJEEABYKADkWIQTDAj2+o/s4xDi6Hu3Oxgrt6LmSogUCahwDHxsUgAAAAAAEAA5t
-YW51MiwyLjUrMS4xMiwyLDIACgkQF+ygX3aN7faAGQEAyEhVKrRoXIsV3E5f1FZg
+YW51MiwyLjUrMS4xMiwyLDIACgkQzsYK7ei5kqIN4gEA2T011PhyNNqhGcj0uVTD
-8fcsmbxCnKBqxichCkf0dWYBAIvbI146mQLHaNqLDaTIqCUQbkq1aE/YMFDGykUG
+47AZKLxWhZXnLzD0sRUHY/oBAMWFfSXrKN5q8yml5dWLbvFqbcIpefgHD8smBd6v
-ngsJ
+fzUH
-=/0RY
+=3Cxi
 -----END PGP SIGNATURE-----
@@ -67,7 +67,7 @@ extra:
      link: http://wmj5kiic7b6kjplpbvwadnht2nh2qnkbnqtcv3dyvpqtz7ssbssftxid.onion/
      name: "0xacab"
    - icon: simple/gitea
-      link: http://it7otdanqu7ktntxzm427cba6i53w6wlanlh23v5i3siqmos47pzhvyd.onion/anonymousplanetorg
+      link: http://it7otdanqu7ktntxzm427cba6i53w6wlanlh23v5i3siqmos47pzhvyd.onion/anonypla
      name: Darktea
    - icon: simple/github
      link: https://github.com/anon-planet
@@ -1,16 +1,18 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
-
+
-mDMEY2cNGBYJKwYBBAHaRw8BAQdAbKn/ExAQ+aq6/o2yc04B9jx5PMloaxux1eoT
+mDMEZc0J8xYJKwYBBAHaRw8BAQdAWIpOKf8GnTINRH7uW4oeGW4D4vfmK9xeQrnq
-iKwQgX60JEFub255bW91cyBQbGFuZXQgUmVsZWFzZSBTaWduaW5nIEtleYiQBBMW
+n/TMIMe0JEFub255bW91cyBQbGFuZXQgUmVsZWFzZSBTaWduaW5nIEtleYiTBBMW
-CgA4FiEEg6bPnvV6wltcf10pKF5gSKEjIbIFAmNnDRgCGwMFCwkIBwMFFQoJCAsF
+CgA7FiEEwwI9vqP7OMQ4uh7tzsYK7ei5kqIFAmXNCfMCGwMFCwkIBwICIgIGFQoJ
-FgIDAQACHgECF4AACgkQKF5gSKEjIbI5+QD/YSQ5E+LW4YJEAQQ+D3LFsGtGGRf3
+CAsCBBYCAwECHgcCF4AACgkQzsYK7ei5kqJJVgD+NKdW7U/uMWl6Ov1Ye9PPy6Mb
-qQRD5plsUvTtBfsA/15EJaIjzSwrsf/3wsW48zSYKCer/nrhGY9y5yd0m2gBiHUE
+IyyCYd2j5snO60e7msQA/0rxLaeLwzraevcE+WpdPMadxP2M8MxIKrKeAkKAe+IJ
-EBYKAB0WIQSeqYJ4Y58c2FPglsv/lFB1h6apuQUCY2cNxAAKCRD/lFB1h6apuXun
+iHUEEBYKAB0WIQSfpUNtDuNgmFFXOCUX7KBfdo3t9gUCZqRFIAAKCRAX7KBfdo3t
-AQCSNwZBNybUZzN/K4Zl1j6uhCqqnvbUlO80wvbHDMXpywD/dpabqjmpfxfJC20n
+9o9LAP426yx71EP9sLKKpkkdAT19HJgsNBeA7SdR/DtMzWEbegD/f2oQYwVz3O1w
-t3OFxKSeIbfJ0VHvoHKpwcaGuwC4OARjZw0YEgorBgEEAZdVAQUBAQdAE7WMDHTx
+7xuUqJMHS6/bN1E8B78JSi576up9rA2IdQQQFgoAHRYhBJ+lQ20O42CYUVc4JRfs
-zWp542lXGLxSsiE4gtMvVxkEneKmZWwzbDcDAQgHiHgEGBYKACAWIQSDps+e9XrC
+oF92je32BQJp508bAAoJEBfsoF92je32TM8A/2j51Jc3owAx9STceeamG5GG7inq
-W1x/XSkoXmBIoSMhsgUCY2cNGAIbDAAKCRAoXmBIoSMhsowLAP42HbiJIsIodWwn
+5jRMyKlMG4Kw1y1lAQD2kKSR9tz/l4Yhvy96WOuQYb+uG0W78T12l2c61F/xBrg4
-C3yBzwGrd1xRtf/91MpQUgFpCx7xuAD9G0F3l04hKkjxiHK+wJ27LnYcigaTVdje
+BGXNCfMSCisGAQQBl1UBBQEBB0DOf/mxiZClX/sJqtj7Ob+pCHbsMp9Wd4SHW7/P
-6d7bt7TerwE=
+FaUKHwMBCAeIeAQYFgoAIBYhBMMCPb6j+zjEOLoe7c7GCu3ouZKiBQJlzQnzAhsM
-=Hgos
+AAoJEM7GCu3ouZKie1EBAL5P2th3moOj4IDdXrP6KgdBB0kYweAHix0djG1jV/1+
-----END PGP PUBLIC KEY BLOCK-----
+AQDrgVyMPBbTEztpvc4cyyGAmI42SLM/jKbqO2yWqwVoAg==
 =UoL3
 -----END PGP PUBLIC KEY BLOCK-----
@@ -4,4 +4,4 @@ Scripts kept for reference but no longer part of the active pipeline.
 | Script | Why archived |
 |--------|-------------|
-| `tag_release.py` | Created GPG-signed `vX.Y.Z` annotated tags. Superseded by the `release-YYYYMMDD-<sha>` timestamp tagging built into `release.yml`. Re-enable if semver release tagging is reintroduced. |
+| `tag_release.py` | Created GPG-signed `vX.Y.Z` annotated tags. Superseded by the `release-YYYYMMDD-<sha>` timestamp tagging built into `03-release.yml`. Re-enable if semver release tagging is reintroduced. |
@@ -396,7 +396,7 @@ def main() -> int:
    print("\n" + "=" * 70)
    print("  ✓ All done. Push the tag with:")
    print(f"\n    git push origin {version}\n")
-    print("  The release.yml workflow can then be triggered manually from")
+    print("  The 03-release.yml workflow can then be triggered manually from")
    print("  GitHub Actions to publish the GitHub Release for this tag.")
    print("=" * 70 + "\n")
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 """Auto-generate and prepend a changelog entry to docs/changelog/index.md.
-Called by .github/workflows/changelog.yml. Reads git log since the last
+Called by .github/workflows/04-changelog.yml. Reads git log since the last
 changelog version, categorises commits by conventional-commit prefix,
 and prepends a new ## [vX.Y.Z] section in the MkDocs admonition format used
 by the rest of the file.
Author	SHA1	Message	Date
nopeitsnothing	6428461bf5	Domain is no longer under my control. I have no way to contact Lena, but she's back. So let's talk? You could've talked to me, what's up? I have a FUCK ton of work put into the guide, over the past years, and you just swoop down from your high horse? Let's chat. Seriously. Your site's broken, your links don't work at all, the design is meh. Not saying I'm not glad you're back, but this isn't how we do things around here. You can be cool and come talk to me. Please? Let's squash this beef you have where you saw my work and decided it wasn't good enough? Years of working on a personal project gone, for what? I have so much more to put into this project. The whole organization is basically still under my control, but now I don't have a platform. I control the Open Collective, the anonymousplanet.net domain, I have the knowledge, and you know you need me for this. Why are you cutting me off? Why not just come back and talk? Do people ever just call or text or email anymore? Before shoving a knife in someone's gut...	2026-06-01 12:50:20 -04:00
github-actions[bot]	933bf00bce	chore(export): update PDFs, hashes and signatures [skip ci]	2026-05-31 10:29:39 +00:00
nopeitsnothing	45a8539a9e	ci(GitHub-CI): draft only, also use version output Set the draft to true and manually verify tags before release Set our version tag so we use [vX.X.X] for cleaner release	2026-05-31 06:24:20 -04:00
nopeitsnothing	cc5ad371a8	ci(darktea): change the repo URL for our tor mirror The repo is defunct - please use the new one.	2026-05-31 03:42:30 -04:00
nopeitsnothing	84a7ccbdd9	fix: fix inline reference The ref should be [link](#target)	2026-05-30 11:49:26 -04:00
nopeitsnothing	4eaca49a1c	style(docs): fix recommended reading admonition - docs/about/index.md: convert "Recommended Reading" to collapsible admonition	2026-05-30 11:01:51 -04:00
`@@ -1,2 +1,2 @@`
	`52ff5f4453c38e37374e6dd0af77a78f8d5912482ce20572e2963b95e142e2e61247c2033ca8e73300a0f70453cd3936d0b94ab8b4f00b6e02d95fe5155a784a thgtoa.pdf`	`39e7f8098d6c9511b98f83f4548ef8bac0d604fe820c4dbe1f731dbdff47676c0800872ba329492427cdfdf66734f55d03e3b4dd95b48e9e2ca2b3b4cd716213 thgtoa.pdf`
	`7c5c529f28698ed4f69cbc2b7251b60c9770e702007f33c034586f0b8c84a78cdb92886e3f996d4f15c023b069f929a22c6eff7f8bd9d9b46c1fa7c8677785e3 thgtoa-dark.pdf`	`ba29fcd4ee9bd43a7ed96752bc372f7d374d69f3d37e33e04d07fd14fe4e62afccbc05471e8ad89632d31045a56eee9bde7c15a0c405f64c977e5e4ac30654fa thgtoa-dark.pdf`
`@@ -1,2 +1,2 @@`
	`ac4e509b2b05c6baae0d63e51107e87ab81c1fe655ea54b4d052381c00fcf6bd thgtoa.pdf`	`ad7b3e327559dd835755615103bb1c59ef6f41ba652f6ee40c8fcdd082914f49 thgtoa.pdf`
	`6bdb1291611cca1fdf3d0be9d9e83afbe4b2bb148c5fea872b7cbb06b06d4e08 thgtoa-dark.pdf`	`1174ec6f1e074b6b0115cea54ee135e82e56771d7129dcf367037a7020d5b39c thgtoa-dark.pdf`
`@@ -1 +1 @@`
	`7c5c529f28698ed4f69cbc2b7251b60c9770e702007f33c034586f0b8c84a78cdb92886e3f996d4f15c023b069f929a22c6eff7f8bd9d9b46c1fa7c8677785e3`	`ba29fcd4ee9bd43a7ed96752bc372f7d374d69f3d37e33e04d07fd14fe4e62afccbc05471e8ad89632d31045a56eee9bde7c15a0c405f64c977e5e4ac30654fa`