Sign local copy

Signed-off-by: nopeitsnothing <no@anonymousplanet.org>
Tweaking some of the build to function
2026-05-06 11:34:18 +02:00 · 2026-04-20 03:50:31 -04:00 · 2026-04-20 03:43:52 -04:00 · 2026-04-20 03:38:27 -04:00 · 2026-04-20 03:34:47 -04:00 · 2026-04-20 03:29:54 -04:00
35 changed files with 2193 additions and 898 deletions
@@ -1,10 +0,0 @@
 [tool.commitizen]
 bump_message = "release $current_version → $new_version []"
 annotated_tag = true
 version = "1.2.1"
 update_changelog_on_bump = false
 gpg_sign = true
 allow_abort = true
 version_files = [
    "_config.yml:version"
 ]
@@ -0,0 +1,105 @@
 name: 📖 Build & Sign PDFs
 on:
  workflow_dispatch:
    inputs:
      build_mode:
        description: 'PDF build mode'
        required: true
        default: 'both'
        type: choice
        options:
          - light
          - dark
          - both
  push:
    branches:
      - main
    paths:
      - "docs/**"
      - "mkdocs.yml"
      - "scripts/**"
      - ".github/workflows/**"
 permissions:
  contents: write
  id-token: write
 jobs:
  build-sign-release:
    name: Build, Sign & Release PDFs
    runs-on: ubuntu-latest
    steps:
      - name: 🛠️ Checkout
        uses: actions/checkout@v4
      - name: 🐍 Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: "3.13"
      - name: 📦 Install MkDocs Material
        run: pip install mkdocs-material
      - name: Setup Chrome
        uses: browser-actions/setup-chrome@v2
        with:
          chrome-version: 120
          install-dependencies: true
          install-chromedriver: true
      - name: 🔑 Install GPG tools
        run: |
          sudo apt-get update
          sudo apt-get install gnupg
      - name: 🖨️ Build & Hash PDFs
        env:
          CI: true
        run: |
          python scripts/build_guide_pdf.py --${{ inputs.build_mode || 'both' }}
          for f in ./export/*.pdf; do
            echo "sha256sums: $f"; sha256sum "$f" >> export/sha256sums.txt; done
          for f in ./export/*.pdf; do
            echo "b2sums: $f"; b2sum "$f" >> export/b2sums.txt; done
      - name: 🦠 Upload PDFs to VirusTotal
        uses: crazy-max/ghaction-virustotal@v5
        with:
          vt_api_key: ${{ secrets.VT_API_KEY }}
          files: |
            export/thgtoa.pdf
            export/thgtoa-dark.pdf
      - name: 📊 Extract VT scan results
        id: vt-scan
        run: |
          echo "status=completed" >> $GITHUB_OUTPUT
      - name: 🔗 Generate VT report links
        run: |
          # Create a markdown file with VT scan results and links
          cat > export/virus-total-results.md << EOF
          ## VirusTotal Scan Results
          **Scan Date:** \$(date -u +"%Y-%m-%d %H:%M UTC")
          ### thgtoa.pdf (Light Mode)
          - **VT Report:** https://www.virustotal.com/gui/file/\$(sha256sum export/thgtoa.pdf | cut -d' ' -f1)
          ### thgtoa-dark.pdf (Dark Mode) (currently broken)
          - **VT Report:** https://www.virustotal.com/gui/file/\$(sha256sum export/thgtoa-dark.pdf | cut -d' ' -f1)
          ---
          *Scan performed automatically by GitHub Actions*
          EOF
      - name: 📤 Upload export directory as artifact
        uses: actions/upload-artifact@v4
        with:
          name: export
          path: |
            export/*
          if-no-files-found: error
          retention-days: 90
          compression-level: 0
@@ -1,4 +1,4 @@
-name: Publish docs via GitHub Pages
+name: 🚀 Publish docs via GitHub Pages
 on:
  push:
    branches:
@@ -1,130 +1,27 @@
-# Byte-compiled / optimized / DLL files
+# Visual Studio (Windows) solution metadata
 .vs/
 .vscode/
 # Python (MkDocs, scripts/build_guide_pdf.py)
 __pycache__/
 *.py[cod]
 *$py.class
-
+.venv/
 # C extensions
 *.so
 # Distribution / packaging
 .Python
 build/
 develop-eggs/
 dist/
 downloads/
 eggs/
 .eggs/
 lib/
 lib64/
 parts/
 sdist/
 var/
 wheels/
 pip-wheel-metadata/
 share/python-wheels/
 *.egg-info/
 .installed.cfg
 *.egg
 MANIFEST
 # PyInstaller
 #  Usually these files are written by a python script from a template
 #  before PyInstaller builds the exe, so as to inject date/other infos into it.
 *.manifest
 *.spec
 # Installer logs
 pip-log.txt
 pip-delete-this-directory.txt
 # Unit test / coverage reports
 htmlcov/
 .tox/
 .nox/
 .coverage
 .coverage.*
 .cache
 nosetests.xml
 coverage.xml
 *.cover
 *.py,cover
 .hypothesis/
 .pytest_cache/
 # Translations
 *.mo
 *.pot
 # Django stuff:
 *.log
 local_settings.py
 db.sqlite3
 db.sqlite3-journal
 # Flask stuff:
 instance/
 .webassets-cache
 # Scrapy stuff:
 .scrapy
 # Sphinx documentation
 docs/_build/
 # PyBuilder
 target/
 # Jupyter Notebook
 .ipynb_checkpoints
 # IPython
 profile_default/
 ipython_config.py
 # pyenv
 .python-version
 # pipenv
 #   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
 #   However, in case of collaboration, if having platform-specific dependencies or dependencies
 #   having no cross-platform support, pipenv may install dependencies that don't work, or not
 #   install all needed dependencies.
 #Pipfile.lock
 # PEP 582; used by e.g. github.com/David-OConnor/pyflow
 __pypackages__/
 # Celery stuff
 celerybeat-schedule
 celerybeat.pid
 # SageMath parsed files
 *.sage.py
 # Environments
 .env
 .venv
 env/
 venv/
 env/
 ENV/
-env.bak/
+.env
 venv.bak/
-# Spyder project settings
+# Cache
-.spyderproject
+.cache/
 .spyproject
-# Rope project settings
+# MkDocs build output and local PDF export
-.ropeproject
+site/
 # mkdocs documentation
 /site
 _site/
 _site_test/
 build/
-# mypy
+# Export directory - but track hash files and signatures
-.mypy_cache/
+export/thgtoa.pdf.sha256
-.dmypy.json
+export/thgtoa-dark.pdf.sha256
-dmypy.json
+*.sig
 # Pyre type checker
 .pyre/
@@ -5,7 +5,7 @@ default_install_hook_types: [pre-commit, commit-msg]
 repos:
  - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.6.0
+    rev: v5.0.0
    hooks:
      - id: check-added-large-files
      - id: check-merge-conflict
@@ -21,7 +21,3 @@ repos:
    hooks:
      - id: markdownlint
      - id: markdownlint-fix
  - hooks:
    - id: commitizen
    repo: https://github.com/commitizen-tools/commitizen
    rev: v3.28.0
@@ -2,47 +2,13 @@ Welcome.
 **[IMPORTANT RECOMMENDATION FOR UKRAINIANS. ВАЖЛИВА РЕКОМЕНДАЦІЯ ДЛЯ УКРАЇНЦІВ](briar.html)**
-This is a maintained guide with the aim of providing an introduction to various online tracking techniques, online ID verification techniques, and detailed guidance to creating and maintaining (truly) anonymous online identities. <span style="color: red">**It is written with hope for activists, journalists, scientists, lawyers, whistle-blowers, and good people being oppressed, censored, harassed anywhere!**</span> This guide has no affiliation with the [Anonymous](https://en.wikipedia.org/wiki/Anonymous_(hacker_group)) <sup>[[Wikiless]](https://wikiless.org/wiki/Anonymous_(hacker_group))</sup> <sup>[[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Anonymous_(hacker_group))</sup> collective/movement.
+This is a maintained guide with the aim of providing an introduction to various online tracking techniques, online ID verification techniques, and detailed guidance to creating and maintaining (truly) anonymous online identities. <span style="color: red">**It is written with hope for activists, journalists, scientists, lawyers, whistle-blowers, and good people being oppressed, censored, harassed anywhere!**</span> This guide has no affiliation with the [Anonymous](https://en.wikipedia.org/wiki/Anonymous_(hacker_group)) <sup>[[Wikiless]](https://wikiless.com/wiki/Anonymous_(hacker_group))</sup> <sup>[[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Anonymous_(hacker_group))</sup> collective/movement.
 This guide is an open-source non-profit initiative, [licensed](LICENSE.html) under **Creative Commons Attribution-NonCommercial 4.0 International** ([cc-by-nc-4.0](https://creativecommons.org/licenses/by-nc/4.0/) <sup>[[Archive.org]](https://web.archive.org/web/https://creativecommons.org/licenses/by-nc/4.0/)</sup>) and is **not sponsored/endorsed by any commercial/governmental entity**. This means that you are free to use our guide for pretty much any purpose **excluding commercially** as long as you do attribute it. There are no ads or any affiliate links.
 **If you would like to make a donation to help this project, you can do so from [here](donations.html) where you will also find the project goals. All the donations will be strictly used within the context of this project. All donations and spendings are logged on the donations page.**
-**View the guide:**
+**Ways to read or export the guide**
 - [In your browser](guide.html)
 - [PDF](export/guide.pdf)
 - [OpenDocument (ODT)](export/guide.odt)
 - Raw [Markdown](https://raw.githubusercontent.com/Anon-Planet/thgtoa/main/guide.md).
-Mirrors:
+- **In your browser:** [Hitchhiker's Guide](https://www.anonymousplanet.org/guide/) (hosted site). After a local build you can also open `site/guide/index.html` directly.
- Tor Onion Mirror: <http://thgtoa3jzy3doku7hkna32htpghjijefscwvh4dyjgfydbbjkeiohgid.onion/>
+- **Local HTML preview:** from the repository root, with Python 3 and [MkDocs Material](https://squidfunk.github.io/mkdocs-material/getting-started/) installed (`pip install mkdocs-material`), run `mkdocs serve` and open the URL printed in the terminal (for example `http://127.0.0.1:8000`).
 The guide and all the files are also readily available on Archive.org and Archive.today:
 - Archive.org: <https://web.archive.org/web/https://anonymousplanet.org/>
 - Archive.today: <https://archive.ph/anonymousplanet.org/>
 - Archive.today over Tor: <http://archiveiya74codqgiixo33q62qlrqtkgmcitqx5u2oeqnmn5bpcbiyd.onion/anonymousplanet.org/>
 If you want to access/see the original/legacy project, please see the [legacy resources](legacy.html) page.
 If you want to see the changes between your PDF and the latest PDF, you could use one of these tools (we do not endorse those):
 - <https://tools.pdf24.org/en/compare-pdf>
 - <https://products.aspose.app/pdf/comparison>
 - <https://draftable.com/compare>
 If you want to compare an older ODT file with a newer one, use the LibreWriter compare features as explained here: <https://help.libreoffice.org/7.1/en-US/text/shared/guide/redlining_doccompare.html> <sup>[[Archive.org]](https://web.archive.org/wen/https://help.libreoffice.org/7.1/en-US/text/shared/guide/redlining_doccompare.html)</sup>)
 **If you want to check the files for integrity, safety, authenticity, please refer to this ["How To"](verify.html).**
 Feel free to submit issues using Github Issues with the repository link above. Criticism, opinions, and ideas are welcome!
 Follow or contact us on:
 Discussion Channels:
 - Matrix room: `#anonymity:matrix.org` <https://matrix.to/#/#anonymity:matrix.org>
 - Matrix space: `#privacy-security-anonymity:matrix.org` <https://matrix.to/#/#privacy-security-anonymity:matrix.org>
 - Twitter at https://twitter.com/AnonyPla
 - Mastodon at https://mastodon.social/@anonymousplanet
 Have a good read and feel free to share and/or recommend it!
@@ -1,113 +1,114 @@
---
+---
-title: "About Anonymous Planet"
+title: "About Anonymous Planet"
-description: We are the maintainers of the Hitchhiker's Guide and the PSA Matrix space.
+description: We are the maintainers of the Hitchhiker's Guide and the PSA Matrix space.
-schema:
+schema:
-  "@context": https://schema.org
+  "@context": https://schema.org
-  "@type": Organization
+  "@type": Organization
-  "@id": https://www.anonymousplanet.org/
+  "@id": https://www.anonymousplanet.org/
-  name: Anonymous Planet
+  name: Anonymous Planet
-  url: https://www.anonymousplanet.org/about/
+  url: https://www.anonymousplanet.org/about/
-  logo: ../media/favicon.png
+  logo: ../media/favicon.png
-  sameAs:
+  sameAs:
-    - https://github.com/Anon-Planet
+    - https://github.com/Anon-Planet
-    - https://opencollective.com/anonymousplanetorg
+    - https://opencollective.com/anonymousplanetorg
-    - https://mastodon.social/@anonymousplanet
+    - https://mastodon.social/@anonymousplanet
---
+---
-![Anonymous Planet logo](../media/profile.png){ align=right }
+![Anonymous Planet logo](../media/profile.png){ align=right }
-
+
-**Anonymous Planet** are the maintainers of the [_Hitchhiker's Guide_](https://anonymousplanet.org/guide.html) and the [_PSA Community_](https://psa.anonymousplanet.org). It is responsible for maintaining the projects and code repositories.
+**Anonymous Planet** are the maintainers of the [_Hitchhiker's Guide_](../guide/index.md) and the [_PSA Community_](https://psa.anonymousplanet.org). It is responsible for maintaining the projects and code repositories. This project is part of our ongoing efforts to provide open-source tools and resources for the community, with regular updates and improvements added to the changelog.
-
+
-The purpose: providing an introduction to various online tracking techniques, online ID verification techniques, and detailed guidance to creating and maintaining (truly) anonymous online identities. It is written with the hopes that good people (e.g., activists, journalists, scientists, lawyers, whistle-blowers, etc.) will be able to fight oppression, censorship and harassment! The website and projects are free (as in freedom) and not affiliated with any donor or projects discussed.
+The purpose: providing an introduction to various online tracking techniques, online ID verification techniques, and detailed guidance to creating and maintaining (truly) anonymous online identities. It is written with the hopes that good people (e.g., activists, journalists, scientists, lawyers, whistle-blowers, etc.) will be able to fight oppression, censorship and harassment! The website and projects are free (as in freedom) and not affiliated with any donor or projects discussed.
-
+
-??? Note "Where do I start?"
+??? Note "Where do I start?"
-
+
-    Start either by going to [the beginning](../guide/index.md) or using the search at top right of the page. It is also available at whatever point you are in your reading.
+    Start either by going to [the beginning](../guide/index.md) or using the search at top right of the page. It is also available at whatever point you are in your reading.
-
+
-??? Note "Notes on the journey"
+??? Note "Notes on the journey"
-
+
-    This guide is a work in progress. It will probably never be "finished". You may (will) find broken links when you click on some search results and during some navigation steps. Please report these. Otherwise, most of the search functionality is a great experience and can help you find linked topics. Try to search for something in one section of the reading. It will show up in many other places.
+    This guide is a work in progress. It will probably never be "finished". You may (will) find broken links when you click on some search results and during some navigation steps. Please report these. Otherwise, most of the search functionality is a great experience and can help you find linked topics. Try to search for something in one section of the reading. It will show up in many other places.
-
+
-??? Note "Disclaimer"
+??? Note "Disclaimer"
-
+
-    There might be some wrong or outdated information in this guide because no one is perfect. Your experience may vary. Remember, check regularly for an updated version of this guide. Please do your own independent, well-thought research. There is no one resource online that can provide 100% security, anonymity, and/or privacy.
+    There might be some wrong or outdated information in this guide because no one is perfect. Your experience may vary. Remember, check regularly for an updated version of this guide. Please do your own independent, well-thought research. There is no one resource online that can provide 100% security, anonymity, and/or privacy.
-
+
-This guide is a non-profit open-source initiative, licensed under Creative Commons **Attribution-NonCommercial** 4.0 International ([cc-by-nc-4.0](https://creativecommons.org/licenses/by-nc/4.0/) <sup>[[Archive.org]](https://web.archive.org/web/https://creativecommons.org/licenses/by-nc/4.0/)</sup>).
+This guide is a non-profit open-source initiative, licensed under Creative Commons **Attribution-NonCommercial** 4.0 International ([cc-by-nc-4.0](https://creativecommons.org/licenses/by-nc/4.0/) <sup>[[Archive.org]](https://web.archive.org/web/https://creativecommons.org/licenses/by-nc/4.0/)</sup>).
-
+
- For mirrors see [Mirrors](../mirrors/index.md) and the links at the bottom right of the page. You should see these on every page.
+- For mirrors see [Mirrors](../mirrors/index.md) and the links at the bottom right of the page. You should see these on every page.
-
+
- For help in comparing versions see [Comparing versions](../guide/index.md#appendix-a7-comparing-versions)
+- For help in comparing versions see [Comparing versions](../guide/index.md#appendix-a6-comparing-versions)
-
+
-Feel free to submit issues **(please do report anything wrong)** using GitHub Issues at: <https://github.com/Anon-Planet/thgtoa/issues>. We also accept Merge Requests (MR) from our Gitlab and many other places. Do not hesitate to report issues and suggestions!
+Feel free to submit issues **(please do report anything wrong)** using GitHub Issues at: <https://github.com/Anon-Planet/thgtoa/issues>. We also accept Merge Requests (MR) from our Gitlab and many other places. Do not hesitate to report issues and suggestions!
-
+
-??? Note "Discuss ideas on Matrix for real-time chat"
+??? Note "Discuss ideas on Matrix for real-time chat"
-
+
-    We offer a Matrix.org hosted space of our own. Check it out!
+    We offer a Matrix.org hosted space of our own. Check it out!
-
+
-    - Read [the rules](https://anonymousplanet.org/chatrooms-rules.html), please
+    - Read [the rules](https://psa.anonymousplanet.org/), please
-    - Matrix Room: [#anonymity:matrix.org](https://matrix.to/#/#anonymity:matrix.org)
+    - Matrix Room: https://matrix.to/#/#nth:anonymousplanet.net
-    - Matrix Space: [#privacy-security-anonymity:matrix.org](https://matrix.to/#/#privacy-security-anonymity:matrix.org)
+    - Matrix Space: https://matrix.to/#/#psa:anonymousplanet.net
-
+    - Admins: @daskolburn:thomcat.rocks and @thehidden:tchncs.de
-Follow us on:
+
-
+Follow us on:
- Twitter at <https://twitter.com/AnonyPla>
+
-
+- Twitter at <https://twitter.com/AnonyPla>
- Mastodon at <https://mastodon.social/@anonymousplanet>
+
-
+- Mastodon at <https://mastodon.social/@anonymousplanet>
-To contact me, see the updated information on the website or send an e-mail to <contact@anonymousplanet.org>
+
-
+To contact me, see the updated information on the website or send an e-mail to <contact@anonymousplanet.org>
-**Please consider [donating](../guide/index.md#donations) if you enjoy the project and want to support the hosting fees or support the funding of initiatives like the hosting of Tor Exit Nodes.**
+
-
+**Please consider [donating](../guide/index.md#donations) if you enjoy the project and want to support the hosting fees or support the funding of initiatives like the hosting of Tor Exit Nodes.**
-### Recommended Reading
+
-
+### Recommended Reading
-Some of those resources may, in order to sustain their project, contain or propose:
+
-
+Some of those resources may, in order to sustain their project, contain or propose:
- Sponsored commercial content
+
- Monetized content through third party platforms (such as YouTube)
+- Sponsored commercial content
- Affiliate links to commercial services
+- Monetized content through third party platforms (such as YouTube)
- Paid Services such as consultancy
+- Affiliate links to commercial services
- Premium content such as ad-free content or updated content
+- Paid Services such as consultancy
- Merchandising
+- Premium content such as ad-free content or updated content
-
+- Merchandising
-_Note that these websites could contain affiliate/sponsored content and/or merchandising. This guide does not endorse and is not sponsored by any commercial entity in any way._
+
-
+_Note that these websites could contain affiliate/sponsored content and/or merchandising. This guide does not endorse and is not sponsored by any commercial entity in any way._
-If you skipped those, you should really still consider viewing this YouTube playlist from the Techlore Go Incognito project (<https://github.com/techlore-official/go-incognito> <sup>[[Archive.org]](https://web.archive.org/web/https://github.com/techlore-official/go-incognito)</sup>) as an introduction before going further: <https://www.youtube.com/playlist?list=PL3KeV6Ui_4CayDGHw64OFXEPHgXLkrtJO> <sup>[[Invidious]](https://yewtu.be/playlist?list=PL3KeV6Ui_4CayDGHw64OFXEPHgXLkrtJO)</sup>. This guide will cover many of the topics in the videos of this playlist with more details and references as well as some added topics not covered within that series. This will just take you 2 or 3 hours to watch it all.
+
-
+If you skipped those, you should really still consider viewing this YouTube playlist from the Techlore Go Incognito project (<https://github.com/techlore-official/go-incognito> <sup>[[Archive.org]](https://web.archive.org/web/https://github.com/techlore-official/go-incognito)</sup>) as an introduction before going further: <https://www.youtube.com/playlist?list=PL3KeV6Ui_4CayDGHw64OFXEPHgXLkrtJO> <sup>[[Invidious]](https://yewtu.be/playlist?list=PL3KeV6Ui_4CayDGHw64OFXEPHgXLkrtJO)</sup>. This guide will cover many of the topics in the videos of this playlist with more details and references as well as some added topics not covered within that series. This will just take you 2 or 3 hours to watch it all.
-_Anonymous Planet_ **does not** participate in any sponsoring, endorsement, advertising, or other affiliate programs for any entity. We only rely on anonymous donations in a closed, transparent loop system.
+
-
+_Anonymous Planet_ **does not** participate in any sponsoring, endorsement, advertising, or other affiliate programs for any entity. We only rely on anonymous donations in a closed, transparent loop system.
-??? Note "Privacy related"
+
-
+??? Note "Privacy related"
-    - AnarSec: <https://www.anarsec.guide/>
+
-    - EFF Surveillance Self-Defense: <https://ssd.eff.org/>
+    - AnarSec: <https://www.anarsec.guide/>
-    - Prism-Break: <https://prism-break.org/>
+    - EFF Surveillance Self-Defense: <https://ssd.eff.org/>
-    - Privacy Guides: <https://privacyguides.org>
+    - Prism-Break: <https://prism-break.org/>
-    - Techlore: <https://techlore.tech>
+    - Privacy Guides: <https://privacyguides.org>
-    - The New Oil: <https://thenewoil.org>
+    - Techlore: <https://techlore.tech>
-    - PrivacyTools.io: <https://privacytools.io>
+    - The New Oil: <https://thenewoil.org>
-
+    - PrivacyTools.io: <https://privacytools.io>
-??? Note "Blogs and personal websites"
+
-
+??? Note "Blogs and personal websites"
-    - CIA Officer's Blog: <https://officercia.mirror.xyz/>
+
-    - Continuing Ed: <https://edwardsnowden.substack.com/>
+    - CIA Officer's Blog: <https://officercia.mirror.xyz/>
-    - Madaidan's Insecurities: <https://madaidans-insecurities.github.io/>
+    - Continuing Ed: <https://edwardsnowden.substack.com/>
-    - Seirdy's Home: <https://seirdy.one/>
+    - Madaidan's Insecurities: <https://madaidans-insecurities.github.io/>
-
+    - Seirdy's Home: <https://seirdy.one/>
-??? Note "Useful resources"
+
-
+??? Note "Useful resources"
-    - KYC? Not me: <https://kycnot.me/>
+
-    - Library Genesis: <https://en.wikipedia.org/wiki/Library_Genesis> <sup>[[Wikiless]](https://wikiless.org/wiki/Library_Genesis)</sup> (see their latest known URL in the Wikipedia article)
+    - KYC? Not me: <https://kycnot.me/>
-    - Real World Onion Sites: <https://github.com/alecmuffett/real-world-onion-sites>
+    - Library Genesis: <https://en.wikipedia.org/wiki/Library_Genesis> <sup>[[Wikiless]](https://wikiless.com/wiki/Library_Genesis)</sup> (see their latest known URL in the Wikipedia article)
-    - Sci-Hub <https://en.wikipedia.org/wiki/Sci-Hub> <sup>[[Wikiless]](https://wikiless.org/wiki/Sci-Hub)</sup> (see their latest known URL in the main Wikipedia article)
+    - Real World Onion Sites: <https://github.com/alecmuffett/real-world-onion-sites>
-    - Terms of Service, Didn't Read: <https://tosdr.org>
+    - Sci-Hub <https://en.wikipedia.org/wiki/Sci-Hub> <sup>[[Wikiless]](https://wikiless.com/wiki/Sci-Hub)</sup> (see their latest known URL in the main Wikipedia article)
-    - Whonix Documentation: <https://www.whonix.org/wiki/Documentation>
+    - Terms of Service, Didn't Read: <https://tosdr.org>
-
+    - Whonix Documentation: <https://www.whonix.org/wiki/Documentation>
-??? Note "We are not affiliated with Anonymous or Riseup"
+
-
+??? Note "We are not affiliated with Anonymous or Riseup"
-    One or two of our community members uses or has used the resources of Riseup. We are not affiliated with Riseup in any manner.
+
-
+    One or two of our community members uses or has used the resources of Riseup. We are not affiliated with Riseup in any manner.
-    We also hold **no affiliation** with the [Anonymous](https://en.wikipedia.org/wiki/Anonymous_(hacker_group)) <sup>[[Wikiless]](https://wikiless.org/wiki/Anonymous_(hacker_group))</sup> <sup>[[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Anonymous_(hacker_group))</sup> hacker collective.
+
-
+    We also hold **no affiliation** with the [Anonymous](https://en.wikipedia.org/wiki/Anonymous_(hacker_group)) <sup>[[Wikiless]](https://wikiless.com/wiki/Anonymous_(hacker_group))</sup> <sup>[[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Anonymous_(hacker_group))</sup> hacker collective.
-## License
+
-
+## License
-!!! Danger ""
+
-
+!!! Danger ""
-:fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: This guide is an open-source non-profit initiative, licensed under [Creative Commons Attribution-NonCommercial 4.0 International](https://github.com/Anon-Planet/thgtoa/blob/master/LICENSE.md) and is not sponsored/endorsed by any commercial/governmental entity. This means that you are free to use our guide for pretty much any purpose excluding commercially as long as you do attribute it. There are no ads or any affiliate links.
+
 :fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: This guide is an open-source non-profit initiative, licensed under [Creative Commons Attribution-NonCommercial 4.0 International](https://github.com/Anon-Planet/thgtoa/blob/master/LICENSE.md) and is not sponsored/endorsed by any commercial/governmental entity. This means that you are free to use our guide for pretty much any purpose excluding commercially as long as you do attribute it. There are no ads or any affiliate links.
@@ -0,0 +1,68 @@
 ---
 title: "TBA"
 description: ""
 schema:
  "@context": https://schema.org
  "@type": Organization
  "@id": https://www.anonymousplanet.org/
  name: Anonymous Planet
  url: https://www.anonymousplanet.org/authors/
  logo: ../media/favicon.png
  sameAs:
    - https://github.com/Anon-Planet
    - https://opencollective.com/anonymousplanetorg
    - https://mastodon.social/@anonymousplanet
 ---
 # Changelog
 All notable changes to this project will be documented in this file.
 ## [Unreleased]
 ### Added
 - This changelog page
 - Add ways to verify the files
 ### Changed
 - Refactored GitHub Actions workflow **Build PDF** (`scripts\build_guide_pdf.py`): now builds both light and dark mode PDFs (`export/thgtoa.pdf` and `export/thgtoa-dark.pdf` respectively).
 - Restored previous VT scans
 ## Fixed
 - `docs/about/index.md`: replace broken reference-style internal links
 - `docs/guide/index.md`: Appendix A6: comment out deprecated ODT information because we don't and probably won't use it in the future
 ### Feature
 - Updated `scripts/build_guide_pdf.py` to use `--print-to-pdf` instead of `--save-as` for PDF generation, and added a new `--dark-mode` flag to generate dark mode PDFs. The script now supports generating both light and dark mode PDFs with a single command invocation by using the `--both` flag. This change improves the PDF generation process and provides better support for dark mode users. Save your eyes - you only get one pair.
 ## [1.2.1] - 2026-04-11
 ### Added
 - GitHub Actions workflow **Build PDF** (`.github/workflows/build-pdf.yml`): installs Chromium on `ubuntu-latest`, runs `scripts/build_guide_pdf.py`, uploads `export/guide.pdf` as the `guide-pdf` artifact. Runs on `workflow_dispatch`, on pushes to `main` that touch docs or build inputs, and on matching pull requests.
 - `scripts/build_guide_pdf.py` to build the MkDocs site and render the guide to a single PDF (`export/guide.pdf` by default) using a Chromium-based browser (Chrome or Edge) headless print-to-PDF.
 - `docs/stylesheets/extra.css` and `extra_css` in `mkdocs.yml` for shared site styling.
 - This `CHANGELOG.md`.
 ### Changed
 - `README.md` “Ways to read or export the guide”: hosted link, local `mkdocs serve`, PDF build via the script, ODT note, raw Markdown link.
 - Guide landing layout: wrap the opening block in `docs/guide/index.md` with a `guide-intro-lead` container so the logo and first sections share one layout context for web and print.
 - `.gitignore` to exclude local build outputs `export/`, `site/`, and `_site_test/`.
 - `scripts/build_guide_pdf.py`: when the `CI` environment variable is set, pass Chromium flags (`--no-sandbox`, `--disable-setuid-sandbox`, `--disable-dev-shm-usage`) so headless print works on typical CI images.
 - `README.md`: note the **Build PDF** GitHub Actions workflow and the `guide-pdf` artifact.
 ### Fixed
 - `docs/guide/index.md`: replace broken reference-style internal links (`[label][label:]`) with working same-page fragment links to the correct headings; correct the mismatched “Real-Name System” cross-reference; fix a broken footnote marker on the “free (unallocated) space of your hard drive” list item.
 [Unreleased]: https://github.com/Anon-Planet/thgtoa/compare/v1.2.1...HEAD
 [1.2.1]: https://github.com/Anon-Planet/thgtoa/releases/tag/v1.2.1
 ***The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),***
 ***and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).***
@@ -1,111 +1,111 @@
---
+---
-title: How to Get Involved
+title: How to Get Involved
---
+---
-There are multiple ways you can add to the guide. Donations to support this project are welcome but are entirely optional. Those donations are mainly used to pay for Tor onion hosting (VPS), mail hosting, domain name registration, and to maintain/run Tor exit nodes. **No profit is ever being made**. All donations and spendings are being logged here below for transparency. Some costs for load balancer servers have been omitted for privacy reasons, but are not paid for with existing Anonymous Planet finances.
+There are multiple ways you can add to the guide. Donations to support this project are welcome but are entirely optional. Those donations are mainly used to pay for Tor onion hosting (VPS), mail hosting, domain name registration, and to maintain/run Tor exit nodes. **No profit is ever being made**. All donations and spendings are being logged here below for transparency. Some costs for load balancer servers have been omitted for privacy reasons, but are not paid for with existing Anonymous Planet finances.
-
+
-<span style="color: red">**Current project donation goals:**</span>
+<span style="color: red">**Current project donation goals:**</span>
-
+
- <del>Funding for a VPS for hosting our .onion website</del>: **done**
+- <del>Funding for a VPS for hosting our .onion website</del>: **done**
- <del>Funding for extending our domain name</del>: **Recovery of original domain secured until 2029**
+- <del>Funding for extending our domain name</del>: **Recovery of original domain secured until 2029**
- Funding for a decent mail hosting
+- Funding for a decent mail hosting
- Funding for a VPS for hosting various services
+- Funding for a VPS for hosting various services
-
+
-## Donate using Monero (XMR)
+## Donate using Monero (XMR)
-
+
-Total Monero donations received: **7.101317184263 XMR**
+Total Monero donations received: **7.101317184263 XMR**
-Total Monero remaining: **2.059336719397 XMR**
+Total Monero remaining: **2.059336719397 XMR**
-
+
-Here is the address for the main project:
+Here is the address for the main project:
-
+
-```46crzj54eL493BA68pPT4A1MZyKQxrpZu9tVNsfsoa5nT85QqCt8cDTfy1fcTH1oyjdtUbhmpZ4QcVtfEXB337Ng6PS21ML```
+```46crzj54eL493BA68pPT4A1MZyKQxrpZu9tVNsfsoa5nT85QqCt8cDTfy1fcTH1oyjdtUbhmpZ4QcVtfEXB337Ng6PS21ML```
-
+
-![][1]
+![][1]
-
+
-## Donate using Bitcoin (BTC)
+## Donate using Bitcoin (BTC)
-
+
-Total Bitcoin donations received: **1.89353 mBTC**
+Total Bitcoin donations received: **1.89353 mBTC**
-Total Bitcoin remaining: **0 mBTC**
+Total Bitcoin remaining: **0 mBTC**
-
+
-Here are the addresses for the main project:
+Here are the addresses for the main project:
-
+
-SegWit address: ```bc1qp9g2c6dquh5lnvft50esxsl97kupdpyqyd4kkv```
+SegWit address: ```bc1qp9g2c6dquh5lnvft50esxsl97kupdpyqyd4kkv```
-Legacy address: ```1BBgBSVe6w4DWq2BewUQhDEjsNovhfPswD```
+Legacy address: ```1BBgBSVe6w4DWq2BewUQhDEjsNovhfPswD```
-
+
-![][2]_____________________![][3]
+![][2]_____________________![][3]
-
+
-## Content Contributions
+## Content Contributions
-
+
-You can easily contribute code or information suggestions at our code repositories listed at the bottom of the website and on the [Mirrors](../mirrors/index.md) tab above. We have many options that are easily accessible. Please follow our [contributing guidelines](../code/index.md) and use good PR syntax.
+You can easily contribute code or information suggestions at our code repositories listed at the bottom of the website and on the [Mirrors](../mirrors/index.md) tab above. We have many options that are easily accessible. Please follow our [contributing guidelines](../code/index.md) and use good PR syntax.
-
+
-**Thank you for any contribution. All donations will be mentioned on this page.**
+**Thank you for any contribution. All donations will be mentioned on this page.**
-
+
-### Donations log
+### Donations log
-
+
- 2021-02-06 16:48: 0.1 XMR
+- 2021-02-06 16:48: 0.1 XMR
- 2021-03-15 00:09: 1.24869 mBTC
+- 2021-03-15 00:09: 1.24869 mBTC
- 2021-03-15 08:41: 0.07896 mBTC
+- 2021-03-15 08:41: 0.07896 mBTC
- 2021-03-31 16:28: 1 XMR (Special thanks for this very generous donation)
+- 2021-03-31 16:28: 1 XMR (Special thanks for this very generous donation)
- 2021-04-03 22:31: 0.5 XMR (Special thanks for this very generous donation)
+- 2021-04-03 22:31: 0.5 XMR (Special thanks for this very generous donation)
- 2021-05-07 06:22: 0.010433355105 XMR
+- 2021-05-07 06:22: 0.010433355105 XMR
- 2021-06-16 03:05: 0.03 XMR
+- 2021-06-16 03:05: 0.03 XMR
- 2021-06-27 18:39: 0.05 XMR
+- 2021-06-27 18:39: 0.05 XMR
- 2021-07-12 07:24: 0.02 XMR
+- 2021-07-12 07:24: 0.02 XMR
- 2021-07-16 14:31: 0.1 mBTC
+- 2021-07-16 14:31: 0.1 mBTC
- 2021-07-20 21:01: 0.058981 XMR
+- 2021-07-20 21:01: 0.058981 XMR
- 2021-07-24 15:16: 0.000000000001 XMR
+- 2021-07-24 15:16: 0.000000000001 XMR
- 2021-07-25 02:37: 0.000000000001 XMR
+- 2021-07-25 02:37: 0.000000000001 XMR
- 2021-08-03 00:17: 0.04119191113 XMR
+- 2021-08-03 00:17: 0.04119191113 XMR
- 2021-08-07 15:05: 0.206328241262 XMR
+- 2021-08-07 15:05: 0.206328241262 XMR
- 2021-08-10 11:42: 0.21 mBTC
+- 2021-08-10 11:42: 0.21 mBTC
- 2021-08-13 00:25: 0.25 XMR
+- 2021-08-13 00:25: 0.25 XMR
- 2021-08-14 04:58: 0.25588 mBTC
+- 2021-08-14 04:58: 0.25588 mBTC
- 2021-08-30 17:32: 0.000000000001 XMR
+- 2021-08-30 17:32: 0.000000000001 XMR
- 2021-09-17 14:34: 0.018 XMR
+- 2021-09-17 14:34: 0.018 XMR
- 2021-10-01 06:23: 0.000000002137 XMR
+- 2021-10-01 06:23: 0.000000002137 XMR
- 2021-10-02 19:16: 1 XMR (Special thanks for this very generous donation)
+- 2021-10-02 19:16: 1 XMR (Special thanks for this very generous donation)
- 2021-10-17 15:40: 0.02 XMR
+- 2021-10-17 15:40: 0.02 XMR
- 2021-10-18 16:06: 0.1958 XMR
+- 2021-10-18 16:06: 0.1958 XMR
- 2021-11-12 20:42: 0.02 XMR
+- 2021-11-12 20:42: 0.02 XMR
- 2021-11-14 18:28: 0.018 XMR
+- 2021-11-14 18:28: 0.018 XMR
- 2021-12-03 21:38: 0.10134722595 XMR
+- 2021-12-03 21:38: 0.10134722595 XMR
- 2021-12-16 01:16: 1 XMR (Special thanks for this very generous donation)
+- 2021-12-16 01:16: 1 XMR (Special thanks for this very generous donation)
- 2021-12-16 18:06: 0.017 XMR
+- 2021-12-16 18:06: 0.017 XMR
- 2022-01-09 17:54: 0.045918219893 XMR
+- 2022-01-09 17:54: 0.045918219893 XMR
- 2022-01-15 17:35: 0.014 XMR
+- 2022-01-15 17:35: 0.014 XMR
- 2022-01-24 21:08: 0.010786 XMR
+- 2022-01-24 21:08: 0.010786 XMR
- 2022-01-26 12:07: 0.010391 XMR
+- 2022-01-26 12:07: 0.010391 XMR
- 2022-02-03 19:59: 0.013013984 XMR
+- 2022-02-03 19:59: 0.013013984 XMR
- 2022-02-18 17:27: 0.019 XMR
+- 2022-02-18 17:27: 0.019 XMR
- 2022-03-14 10:25: 0.0139887 XMR
+- 2022-03-14 10:25: 0.0139887 XMR
- 2022-07-30 03:51: 0.0222 XMR
+- 2022-07-30 03:51: 0.0222 XMR
- 2022-09-28 05:13: 2 XMR
+- 2022-09-28 05:13: 2 XMR
- 2022-08-19: SimpleLogin.io Lifetime Premium
+- 2022-08-19: SimpleLogin.io Lifetime Premium
- 2022-09-19: 0.345024603905 XMR (Special thanks to a previous maintainer)
+- 2022-09-19: 0.345024603905 XMR (Special thanks to a previous maintainer)
-
+
-#### Spendings log
+#### Spendings log
-
+
- 2021-03-12: 0.08181086 XMR (+fees) for domain anonymousplanet.org (1 year)
+- 2021-03-12: 0.08181086 XMR (+fees) for domain anonymousplanet.org (1 year)
- 2021-03-16: 1.20179 mBTC (+fees) for domain anonymousplanet.org renewal (extension 3 years totalling 4 years)
+- 2021-03-16: 1.20179 mBTC (+fees) for domain anonymousplanet.org renewal (extension 3 years totalling 4 years)
- 2021-04-01: 0.8317 XMR (+fees) for basic VPS for Tor Mirror hosting
+- 2021-04-01: 0.8317 XMR (+fees) for basic VPS for Tor Mirror hosting
- <del>2021-04-05: 0.99367 mBTC (+fees +exchange from XMR to BTC) for Mail Hosting (1 year): <span style="color: red">**Lost**</span>
+- <del>2021-04-05: 0.99367 mBTC (+fees +exchange from XMR to BTC) for Mail Hosting (1 year): <span style="color: red">**Lost**</span>
- <del>2021-04-13: 0.71895 mBTC (+fees +exchange from XMR to BTC) for Mail Hosting (extension to 2 years)</del>: <span style="color: red">**Lost**</span>
+- <del>2021-04-13: 0.71895 mBTC (+fees +exchange from XMR to BTC) for Mail Hosting (extension to 2 years)</del>: <span style="color: red">**Lost**</span>
- 2021-04-25: 0.02892 mBTC (Wallet to Wallet transfer fee)
+- 2021-04-25: 0.02892 mBTC (Wallet to Wallet transfer fee)
- 2021-07-13: 0.78463 mBTC (+fees +exchange from BTC to XMR) for consolidation
+- 2021-07-13: 0.78463 mBTC (+fees +exchange from BTC to XMR) for consolidation
- <del>2021-07-13: 0.067261698061 XMR (+fees) for a Tor Exit Node (01) Hosting (3 months)</del>: <span style="color: red">**Lost**</span>
+- <del>2021-07-13: 0.067261698061 XMR (+fees) for a Tor Exit Node (01) Hosting (3 months)</del>: <span style="color: red">**Lost**</span>
- <del>2021-07-15: 0.151959953047 XMR (+fees) for a Tor Exit Node (02) Hosting (6 months)</del>: <span style="color: red">**Lost**</span>
+- <del>2021-07-15: 0.151959953047 XMR (+fees) for a Tor Exit Node (02) Hosting (6 months)</del>: <span style="color: red">**Lost**</span>
- <del>2021-08-16: 0.253331471239 XMR (+fees) for a Tor Exit Node (03) Hosting (12 months)</del>: <span style="color: red">**Lost**</span>
+- <del>2021-08-16: 0.253331471239 XMR (+fees) for a Tor Exit Node (03) Hosting (12 months)</del>: <span style="color: red">**Lost**</span>
- 2021-08-18: AtomicSwap conversion from remaining mBTC (-0.56588) to XMR (+0.081904862179)
+- 2021-08-18: AtomicSwap conversion from remaining mBTC (-0.56588) to XMR (+0.081904862179)
- <del>2021-08-19: 0.0644 XMR (+fees) for Mail Hosting extension</del>: <span style="color: red">**Lost**</span>
+- <del>2021-08-19: 0.0644 XMR (+fees) for Mail Hosting extension</del>: <span style="color: red">**Lost**</span>
- <del>2021-09-18: 0.246971511836 XMR (+fees) for renewal 1 year of Tor Exit Node 01</del>: <span style="color: red">**Lost**</span>
+- <del>2021-09-18: 0.246971511836 XMR (+fees) for renewal 1 year of Tor Exit Node 01</del>: <span style="color: red">**Lost**</span>
- 2021-10-04: 0.26954 XMR (+fees) for domain anonymousplanet.org extension until 2029
+- 2021-10-04: 0.26954 XMR (+fees) for domain anonymousplanet.org extension until 2029
- <del>2021-10-06: 0.236073464623 XMR (+fees) for a Tor Exit Node (04) Hosting (12 months)</del>: <span style="color: red">**Lost**</span>
+- <del>2021-10-06: 0.236073464623 XMR (+fees) for a Tor Exit Node (04) Hosting (12 months)</del>: <span style="color: red">**Lost**</span>
- <del>2021-10-18: 0.01952 XMR (+fees) for testing a new VPS hosting provider (Privex.io) for one month</del>: <span style="color: red">**Ended**</span>
+- <del>2021-10-18: 0.01952 XMR (+fees) for testing a new VPS hosting provider (Privex.io) for one month</del>: <span style="color: red">**Ended**</span>
- <del>2021-10-30: 0.240787814495 XMR (+fees) for a Synapse Hosting VPS (12 months) with bots to help grow the community. This is a test program that will be converted into a Tor Exit Node in case of failure</del>: <span style="color: red">**Lost**</span>
+- <del>2021-10-30: 0.240787814495 XMR (+fees) for a Synapse Hosting VPS (12 months) with bots to help grow the community. This is a test program that will be converted into a Tor Exit Node in case of failure</del>: <span style="color: red">**Lost**</span>
- <del>2022-01-01: 0.28055816111 XMR (+fees) for renewal 1 year of Tor Exit Node 02</del>: <span style="color: red">**Lost**</span>
+- <del>2022-01-01: 0.28055816111 XMR (+fees) for renewal 1 year of Tor Exit Node 02</del>: <span style="color: red">**Lost**</span>
- <del>2022-02-02: 0.966793601024 XMR (+fees) to sponsor a special project (w/ Universal Declaration of Human Rights)</del>: <span style="color: red">**Lost**</span>
+- <del>2022-02-02: 0.966793601024 XMR (+fees) to sponsor a special project (w/ Universal Declaration of Human Rights)</del>: <span style="color: red">**Lost**</span>
- <del>2022-07-11: 0.503232784687 XMR (+fees) for 1984.is VPS (12 months)</del>: <span style="color: red">**Ended**</span>
+- <del>2022-07-11: 0.503232784687 XMR (+fees) for 1984.is VPS (12 months)</del>: <span style="color: red">**Ended**</span>
- <del>2022-09-19: 0.345024603905 XMR (+fees) for upgrading VPS RAM/Disk</del>: <span style="color: red">**Ended**</span>
+- <del>2022-09-19: 0.345024603905 XMR (+fees) for upgrading VPS RAM/Disk</del>: <span style="color: red">**Ended**</span>
-
+
-[1]: ../media/monero.png
+[1]: ../media/monero.png
-[2]: ../media/bitcoin-segwit.png
+[2]: ../media/bitcoin-segwit.png
-[3]: ../media/bitcoin-legacy.png
+[3]: ../media/bitcoin-legacy.png
@@ -0,0 +1,50 @@
 # Development
 ??? Note "How the pipeline works"
    **Automatic PDF Generation:** - Builds both light and dark mode PDFs from MkDocs source
    **SHA256 Hash Generation:** - Creates hash files for integrity verification
    **GPG Signature Signing:** - Signs all PDFs and hash files with repository GPG key
    **VirusTotal Scanning:** - Automatically scans PDFs and updates release notes
    **Release Automation:** - Packages everything into GitHub releases
 ## Workflow Architecture
 ### Build PDF Workflow (`build-sign-release.yml`)
 ??? Note "Steps"
    - Checkout repository
    - Set up Python and MkDocs Material
    - Install Chromium browser
    - Generate both light and dark mode PDFs with `scripts\build_guide_pdf.py`
    - Create SHA256 and blake2 hash files in `export/`
    - Sign all files with GPG in `export/`
    - Upload artifacts to GitHub Actions **manually**
 ### SHA256 Hash Verification
 !!! Note "**How it works**"
    - Each PDF gets a unique SHA256 hash calculated at build time
    - Hash stored in `.sha256` files alongside the PDFs
    - Combined `sha256sum.txt` for batch verification
 ### GPG Signature Verification
 **Purpose:** Verify authenticity and prevent tampering
 ??? Note "How it works"
    - Detached signatures created for each PDF and hash file
    - Public keys available in `/pgp/` directory
 **Verification command:**
 ```bash
 gpg --import pgp/anonymousplanet-master.asc
 gpg --verify export/thgtoa.pdf.sig export/thgtoa.pdf
 ```
 ---
 *This workflow is designed for security-conscious users who need to verify the authenticity and integrity of downloaded documents.*
@@ -13,19 +13,23 @@ schema:
    - https://opencollective.com/anonymousplanetorg
    - https://mastodon.social/@anonymousplanet
 ---
 ![Anonymous Planet logo](media/profile.png){ align=right }
-**Welcome to the Hitchhiker's Guide.**
+# **Hello, and welcome to the Hitchhiker's Guide.**
 **9FA5 436D 0EE3 6098 5157  3825 17EC A05F 768D EDF6**
 You'll use it to [**verify the checksum** and **GPG signature** of all files for authenticity.](verify/index.md)
 Please share this project if you enjoy it and you think it might be useful to others.
-Anonymous Planet is a collective of volunteers and contributors. No one person is considered more valuable than another, and no one person should be viewed as having "more impact" on Anonymous Planet. We have moved away from Matrix. Please avoid it as it contains harmful (illegal) spam. We are not moderating the rooms in PSA at present. It is likely that we will see a complete move away from Matrix in the future.
+![Anonymous Planet logo](media/profile.png){ align=right }
 Anonymous Planet is a collective of volunteers.
 ??? person "Das Kolburn"
    - [:simple-github: GitHub](https://github.com/NobodySpecial256 "@NobodySpecial256")
    - [:fontawesome-solid-envelope: E-mail](mailto:contact@anonymousplanet.org)
-    - [:simple-matrix: Matrix](https://matrix.to/#/@memorysafetybelike:envs.net)
+    - [:simple-matrix: Personal Matrix](https://matrix.to/#/@daskolburn:thomcat.rocks "@daskolburn:thomcat.rocks"),  [:simple-matrix: Org Matrix](https://matrix.to/#/@daskolburn:anonymousplanet.net "@daskolburn:anonymousplanet.net")
 ??? person "Nope"
@@ -33,5 +37,4 @@ Anonymous Planet is a collective of volunteers and contributors. No one person i
    - [:simple-mastodon: Mastodon](https://ioc.exchange/@unknown "@unknown@ioc.exchange"){rel=me}
    - [:fontawesome-solid-house: Homepage](https://www.itsnothing.net)
    - [:fontawesome-solid-envelope: E-mail](mailto:contact@anonymousplanet.org)
-    - [:simple-matrix: Matrix](https://matrix.to/#/@thehidden:tchncs.de)
+    - [:simple-matrix: Personal Matrix](https://matrix.to/#/@thehidden:tchncs.de "@thehidden:tchncs.de"), [:simple-matrix: Org Matrix](https://matrix.to/#/@nope:anonymousplanet.net "@nope:anonymousplanet.net")
    - [:fontawesome-solid-shield: Canary](https://itsnothing.net/canary.txt)
@@ -20,12 +20,16 @@ schema:
 !!! Note "Where to find the Hitchhiker's Guide"
      -   [Original](https://anonymousplanet.org)
-      <!-- -   (offline) [Tor Onion Mirror](http://thgtoa27ujspeqxasrfvcf5aozqdczvgmwgorrmblh6jn4nino3spcqd.onion)     -->
+      -   [Tor v3](http://thgtoa3jzy3doku7hkna32htpghjijefscwvh4dyjgfydbbjkeiohgid.onion) **Down**
      -   [Archive.org](https://web.archive.org/web/https://anonymousplanet.org)
      -   [Archive.today](https://archive.fo/anonymousplanet.org)
      -   [Archive.today over Tor](http://archiveiya74codqgiixo33q62qlrqtkgmcitqx5u2oeqnmn5bpcbiyd.onion/anonymousplanet.org)
-      <!-- -  (n/a) [PDF](https://anonymousplanet.org/export/guide.pdf) <sup>[[Archive.org]](https://web.archive.org/web/https://anonymousplanet.org/export/guide.pdf)</sup> <sup>[[Tor Mirror]](http://thgtoa27ujspeqxasrfvcf5aozqdczvgmwgorrmblh6jn4nino3spcqd.onion/export/guide.pdf)</sup> -->
+
-      <!-- -   (n/a) [ODT](https://anonymousplanet.org/export/guide.odt) <sup>[[Archive.org]](https://web.archive.org/web/https://anonymousplanet.org/export/guide.odt)</sup> <sup>[[Tor Mirror]](http://thgtoa27ujspeqxasrfvcf5aozqdczvgmwgorrmblh6jn4nino3spcqd.onion/export/guide.odt)</sup> -->
+!!! Note "PDF export (single file)"
    The guide is also available as a **PDF** (images and layout preserved). It is built automatically in GitHub Actions: open [**Build guide PDF**](https://github.com/Anon-Planet/thgtoa/actions/workflows/build-pdf.yml) on the [**source repository**](https://github.com/Anon-Planet/thgtoa), pick a successful run, and download the **`thgtoa`** and **`thgtoa-dark`** artifacts. You can start a fresh build anytime (**Actions** → **Build guide PDF** → **Run workflow**).
    To produce the same file locally, clone the repository and run `python3 scripts/build_guide_pdf.py --both` (Python, [MkDocs Material](https://squidfunk.github.io/mkdocs-material/getting-started/), and **Google Chrome** or **Microsoft Edge** required). More detail is in the [repository README](https://github.com/Anon-Planet/thgtoa#ways-to-read-or-export-the-guide).
 !!! Note "Our official git mirrors"
@@ -0,0 +1,130 @@
 /* Generate dark mode PDF of the HTML at guide/index.html */
 /*
  DARK_MODE_PDF.CSS
  Use this stylesheet when generating a PDF from HTML.
 */
 :root {
  /* Color Palette */
  --bg-color: #121212;           /* Deep dark grey (easier on eyes than pure black) */
  --text-primary: #e0e0e0;       /* Off-white for readability */
  --text-secondary: #a0a0a0;     /* Grey for captions/metadata */
  --accent-color: #bb86fc;       /* Light purple accent (optional) */
  --border-color: #333333;       /* Subtle borders */
  /* Fonts - System fonts ensure best rendering across PDF engines */
  --font-main: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Helvetica, Arial, sans-serif;
 }
 /* --- RESET & BASE STYLES --- */
 * {
  box-sizing: border-box;
 }
 body {
  background-color: var(--bg-color);
  color: var(--text-primary);
  font-family: var(--font-main);
  line-height: 1.6;
  margin: 0;
  padding: 0;
 }
 /* --- TYPOGRAPHY & HEADINGS --- */
 h1, h2, h3, h4, h5, h6 {
  color: var(--text-primary);
  font-weight: 700;
  margin-top: 1.5em;
  margin-bottom: 0.5em;
 }
 p {
  margin-bottom: 1rem;
  color: var(--text-secondary); /* Slightly dimmer text for body copy */
 }
 a {
  color: var(--accent-color);
  text-decoration: underline;
 }
 /* --- CONTAINER & LAYOUT --- */
 .container {
  max-width: 800px;
  margin: 40px auto;
  padding: 20px;
 }
 /* Cards / Sections with dark backgrounds */
 .card {
  background-color: #1e1e1e;
  border: 1px solid var(--border-color);
  border-radius: 8px;
  padding: 20px;
  margin-bottom: 20px;
 }
 /* --- TABLES (Common in PDFs) --- */
 table {
  width: 100%;
  border-collapse: collapse;
  margin: 20px 0;
  color: var(--text-primary);
 }
 th, td {
  padding: 12px;
  text-align: left;
  border-bottom: 1px solid var(--border-color);
 }
 th {
  background-color: #2c2c2c;
  font-weight: bold;
 }
 tr:last-child td {
  border-bottom: none;
 }
 /* --- IMAGES --- */
 img {
  max-width: 100%;
  height: auto;
  display: block;
  margin: 20px 0;
  /* This ensures high contrast images don't get washed out */
  filter: brightness(1.1);
 }
 /* --- CRITICAL FOR PDF GENERATORS --- */
 /* Forces the browser/PDF engine to print background colors and graphics */
@media print {
  @page {
    size: A4; /* Change to 'Letter' if preferred */
    margin: 20mm;
  }
  body {
    background-color: var(--bg-color) !important;
    color: var(--text-primary) !important;
  }
  .card, table th {
    -webkit-print-color-adjust: exact !important; /* Chrome/Safari */
    print-color-adjust: exact !important;          /* Firefox/Standard */
    background-color: #1e1e1e !important;
    color: var(--text-primary) !important;
  }
  /* Prevent page breaks in the middle of a sentence or card if possible */
  .card {
    break-inside: avoid;
  }
  /* Hide elements you don't want in PDF (like navigation bars) */
  nav, footer, button {
    display: none !important;
  }
 }
@@ -0,0 +1,55 @@
 /* Title sheet: visible only when printing / generating PDF (not on screen). */
 .pdf-title-page {
  display: none;
 }
@media print {
  .pdf-title-page {
    display: block;
    box-sizing: border-box;
    text-align: center;
    padding: 5rem 2rem 4rem;
    page-break-after: always;
  }
  .pdf-title-page__title {
    font-size: 1.65rem;
    font-weight: 700;
    line-height: 1.25;
    margin: 0 0 1.25rem;
  }
  .pdf-title-page__subtitle {
    font-size: 1.05rem;
    line-height: 1.4;
    margin: 0 0 2rem;
  }
  .pdf-title-page__meta {
    font-size: 0.95rem;
    font-style: normal;
    margin: 0;
  }
 }
 /* Guide landing: small floating logo so opening copy flows beside it (HTML + PDF). */
 .guide-intro-lead {
  overflow: auto;
 }
 .guide-intro-lead > p:first-child {
  margin-top: 0;
 }
 .guide-intro-lead > p:first-child img {
  float: right;
  max-width: 6.5rem;
  height: auto;
  margin: 0 0 0.5rem 1rem;
 }
@media print {
  .guide-intro-lead > p:first-child img {
    max-width: 5rem;
  }
 }
@@ -0,0 +1,126 @@
 ---
 title: "Verify"
 description: How to verify the authenticity of our files and check virus scans
 ---
 # PDF Verification Guide
 ## Files Provided
 For each PDF release, you'll receive:
 - **PDF file** (`thgtoa.pdf` or `thgtoa-dark.pdf`) - The actual document
 - **Signature file** (`.sig`) - GPG detached signature for authenticity verification
 - **Hash file** (`.sha256`) - SHA256 checksum for integrity verification
 ## Quick Verification
 ### Using Python Script (Recommended)
 ```bash
 # Verify everything (hashes, signatures, and optionally VirusTotal)
 python scripts/verify_pdf.py --all
 # Only verify hashes
 python scripts/verify_pdf.py --hashes
 # Only verify GPG signatures
 python scripts/verify_pdf.py --signatures
 # Check VirusTotal scan status (requires VT_API_KEY environment variable)
 python scripts/verify_pdf.py --vt
 ```
 ### Manual Verification
 #### 1. Verify SHA256 Hash
 **Linux/macOS:**
 ```bash
 cd /path/to/repo
 sha256sum -c sha256sum-light.txt
 ```
 **Windows (PowerShell):**
 ```powershell
 Get-FileHash -Algorithm SHA256 export\thgtoa.pdf | Select-Object Hash
 # Compare with the hash in thgtoa.pdf.sha256
 ```
 #### 2. Verify GPG Signature
 First, import the public key:
 ```bash
 gpg --import pgp/anonymousplanet-master.asc
 ```
 Then verify the signature:
 ```bash
 gpg --verify export/thgtoa.pdf.sig export/thgtoa.pdf
 gpg --verify export/thgtoa-dark.pdf.sig export/thgtoa-dark.pdf
 ```
 Expected output for successful verification:
 ```
 gpg: Signature made Mon 20 Apr 2026 01:46:40 AM EDT
 gpg:                using EDDSA key 9FA5436D0EE360985157382517ECA05F768DEDF6
 gpg: Good signature from "Anonymous Planet Master Signing Key" [unknown]
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:          There is no indication that the signature belongs to the owner.
 Primary key fingerprint: 9FA5 436D 0EE3 6098 5157  3825 17EC A05F 768D EDF6
 ```
 #### 3. Check VirusTotal Status
 Visit the VirusTotal report links (automatically generated in release notes):
 - Light mode: `https://www.virustotal.com/gui/file/[hash]`
 - Dark mode: `https://www.virustotal.com/gui/file/[hash]`
 Or use the Python script with API key:
 ```bash
 export VT_API_KEY=your_vt_api_key
 python scripts/verify_pdf.py --vt
 ```
 ## Automated Verification in CI/CD
 The GitHub Actions workflows automatically:
 1. **Build PDFs** from MkDocs source
 2. **Generate SHA256 hashes** and save to root directory
 3. **Sign files with GPG** using the repository's private key
 4. **Scan with VirusTotal** and update release notes
 5. **Create releases** with all verification artifacts
 ## Security Best Practices
 1. **Always verify signatures** before opening PDFs from untrusted sources
 2. **Check hashes** to ensure files weren't corrupted during download
 3. **Review VirusTotal results** for any suspicious detections
 4. **Import keys securely** - verify key fingerprints with the project maintainers
 5. **Keep verification scripts updated** to match current security standards
 ## Troubleshooting
 ### "Good signature" but wrong owner?
 - Ensure you imported the correct public key
 - Check the key fingerprint matches the official one from the repository
 ### Hash mismatch?
 - Re-download the file (corruption during transfer)
 - Verify you're checking against the correct hash file
 - Check for disk errors on your system
 ### GPG not found?
 - Install GPG: `sudo apt install gnupg` (Debian/Ubuntu) or `brew install gnupg` (macOS)
 - On Windows, use [Gpg4win](https://www.gpg4win.org/)
 ## Key Information
 **Signing Key:** Anonymous Planet Master Signing Key ("MSK")
 **Key ID:** See `pgp/anonymousplanet-master.asc` for details
 **Fingerprint:** Verify from the repository's official documentation
 ---
 *For questions or issues with verification, please open an issue on GitHub.*
@@ -0,0 +1,8 @@
 -----BEGIN PGP SIGNATURE-----
 iJEEABYKADkWIQSfpUNtDuNgmFFXOCUX7KBfdo3t9gUCaeXaqxsUgAAAAAAEAA5t
 YW51MiwyLjUrMS4xMiwyLDIACgkQF+ygX3aN7fY6QAD/YCGJqs9HiRllFrF9EluE
 Ga4XUEQ/R6Q2zc+X6lX856sBAJIpxeMxUmMUXyr3xBAHxUf5eV+nQYkQQMKI81L1
 x8gL
 =VX6l
 -----END PGP SIGNATURE-----
@@ -0,0 +1 @@
 f212d0425b38d5cd10da6dc804b60f143da23d4b07051aae31d0966082519b300af0e1c423683e0223738b33b138c687232b1c8bd68cf643777bbc5b588152bd  ./export/thgtoa-dark.pdf
@@ -0,0 +1,8 @@
 -----BEGIN PGP SIGNATURE-----
 iJEEABYKADkWIQSfpUNtDuNgmFFXOCUX7KBfdo3t9gUCaeXaqxsUgAAAAAAEAA5t
 YW51MiwyLjUrMS4xMiwyLDIACgkQF+ygX3aN7fbdDgEAoSslLR47ydW/3r1wJOPY
 X/waLkVbkGZpHqwd4RjywwcA/3B7Ci+jUg+yP5TRsuChagEhwyO5vw2DxSlUGoB4
 +ksH
 =2ja9
 -----END PGP SIGNATURE-----
@@ -0,0 +1,8 @@
 -----BEGIN PGP SIGNATURE-----
 iJEEABYKADkWIQSfpUNtDuNgmFFXOCUX7KBfdo3t9gUCaeXaqxsUgAAAAAAEAA5t
 YW51MiwyLjUrMS4xMiwyLDIACgkQF+ygX3aN7faErgD/Svj1G+B7gmrZQ6AsLZ5J
 HfeldxjmrXE99dig1iHtl5IBAMndZZb+95TO03IZ9eLGfYuyTz4GCUanmftsY9yv
 LAIN
 =MEd0
 -----END PGP SIGNATURE-----
@@ -0,0 +1,8 @@
 -----BEGIN PGP SIGNATURE-----
 iJEEABYKADkWIQSfpUNtDuNgmFFXOCUX7KBfdo3t9gUCaeXaqxsUgAAAAAAEAA5t
 YW51MiwyLjUrMS4xMiwyLDIACgkQF+ygX3aN7favvgEAvFFSB5NrsrKMYvGG5ZYB
 iLIyt8Sn1rZmlVkibssMPq0BAImpZe8S7hWNkbukyEC4sLbKiOYvjbVipQHnrIUV
 xPMH
 =0hnj
 -----END PGP SIGNATURE-----
@@ -0,0 +1 @@
 436ed0df78c299f95b8d5ff94f43f26ec2e7825d92d843fc15419630d55ed5e0c98485e738c12715a2b6242633faae38e8a98935b361d44ddde97a1692cb01a1  ./export/thgtoa.pdf
@@ -0,0 +1,8 @@
 -----BEGIN PGP SIGNATURE-----
 iJEEABYKADkWIQSfpUNtDuNgmFFXOCUX7KBfdo3t9gUCaeXaqxsUgAAAAAAEAA5t
 YW51MiwyLjUrMS4xMiwyLDIACgkQF+ygX3aN7fatsgEAixDzH+zTnKYMEx3sikWp
 dsNTiHTU6wJY/brVJIU879UBAJntBIq72vqwKtMb/ZlVvomdDvKVllZw8ZsYBz1n
 aTkM
 =vkgy
 -----END PGP SIGNATURE-----
@@ -0,0 +1,8 @@
 -----BEGIN PGP SIGNATURE-----
 iJEEABYKADkWIQSfpUNtDuNgmFFXOCUX7KBfdo3t9gUCaeXaqxsUgAAAAAAEAA5t
 YW51MiwyLjUrMS4xMiwyLDIACgkQF+ygX3aN7faAGQEAyEhVKrRoXIsV3E5f1FZg
 8fcsmbxCnKBqxichCkf0dWYBAIvbI146mQLHaNqLDaTIqCUQbkq1aE/YMFDGykUG
 ngsJ
 =/0RY
 -----END PGP SIGNATURE-----
@@ -0,0 +1,16 @@
 ## VirusTotal Scan Results
 **Scan Date:** 2026-04-19 01:48 UTC
 ---
 ### thgtoa.pdf
 - **SHA256 Hash:** `f82f6f53319315568fc2524b4eaf01126fe52356a20363cd358ad5977388ba28`
 - **VirusTotal Report:** VT_API_KEY not configured, scan skipped
 ### thgtoa-dark.pdf
 - **SHA256 Hash:** `94a0c8e3b81b0aeeb921029a41713d81b836da893a9bc9f905ca7296e82bd70f`
 - **VirusTotal Report:** VT_API_KEY not configured, scan skipped
 ---
 *Scan performed automatically by GitHub Actions*
@@ -0,0 +1,8 @@
 -----BEGIN PGP SIGNATURE-----
 iJEEABYKADkWIQSfpUNtDuNgmFFXOCUX7KBfdo3t9gUCaeXaqxsUgAAAAAAEAA5t
 YW51MiwyLjUrMS4xMiwyLDIACgkQF+ygX3aN7fYpCgEA209U3QewChp7mdrrFjH1
 CaBMIk2sCHwRMCcmbMDkNTAA/RIchAKex13ZjZWC9xsJpZEktvBENFsQLsNPReqR
 UZ8C
 =TYsa
 -----END PGP SIGNATURE-----
@@ -52,14 +52,14 @@ plugins:
 # - git-authors: {}
 #  - git-latest-release: {}
 extra_css:
  - stylesheets/extra.css
 extra:
  social:
    - icon: simple/mastodon
      link: https://mastodon.social/@anonymousplanet
      name: Mastodon
 #    - icon: simple/matrix
 #      link: https://matrix.to/#/#p-s-a:matrix.org
 #      name: Matrix Space
    - icon: simple/gitlab
      link: http://wmj5kiic7b6kjplpbvwadnht2nh2qnkbnqtcv3dyvpqtz7ssbssftxid.onion/
      name: "0xacab"
@@ -75,9 +75,9 @@ extra:
    - icon: simple/codeberg
      link: https://codeberg.org/anonymousplanet
      name: Codeberg
-#    - icon: simple/torbrowser
+    # - icon: simple/torbrowser
-#      link: TODO
+    #   link: http://thgtoa3jzy3doku7hkna32htpghjijefscwvh4dyjgfydbbjkeiohgid.onion/
-#      name: Hidden service
+    #   name: Hidden service
 markdown_extensions:
  - pymdownx.highlight:
@@ -98,7 +98,7 @@ markdown_extensions:
      custom_fences:
      - name: mermaid
        class: mermaid
-        format: materialx.superfences.fence_code_format
+        format: !!python/name:pymdownx.superfences.fence_code_format
  - pymdownx.tabbed:
      alternate_style: true
@@ -121,5 +121,19 @@ markdown_extensions:
      permalink: true
      toc_depth: 3
 nav:
  - Home: index.md
  - About: about/index.md
  - Verify: verify/index.md
  - Guide:
    - guide/index.md
    - Workflow Documentation: guide/dev-workflow.md
  - Code: code/index.md
  - Contribute: contribute/index.md
  - Constitution: constitution/index.md
  - Mirrors: mirrors/index.md
  - Twitter: twitter/index.md
  - TBA: changelog/index.md
 copyright: |
-  &copy; 2023-2025 <a href="https://anonymousplanet.org/"  target="_blank" rel="noopener">Anonymous Planet</a>
+  &copy; 2023-2026 <a href="https://anonymousplanet.org/"  target="_blank" rel="noopener">Anonymous Planet</a>
@@ -1,13 +1,23 @@
 # Import
-```
+```bash
 $ gpg --import pgp/core-devs/*
 ```
 # Verify
-TODO
+```bash
 $ gpg --verify pgp/core-devs/than/than-crypto.txt
-### All signing keys are signed by the Master Signing Key
+
 gpg: Signature made Sat 19 Jul 2025 02:04:10 AM EDT
 gpg:                using EDDSA key 8B3A74890536BAD50D9376EBF1CB32F67E3302A1
 gpg: Good signature from "nopenothinghere@proton.me <nopenothinghere@proton.me>" [ultimate]
 gpg:                 aka "Nope Nothing (Anonymous Planet Contact) <no@anonymousplanet.org>" [ultimate]
 gpg:                 aka "Nope Nothing (Systems Administrator) <admin@itsnothing.net>" [ultimate]
 Primary key fingerprint: 8B3A 7489 0536 BAD5 0D93  76EB F1CB 32F6 7E33 02A1
 ```
 ## All signing keys are signed by the Master Signing Key
 TODO
@@ -1,80 +0,0 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 Tue Jul 25 14:51:36 EDT 2023
 I am the admin of itsnothing.net (@Unknown@ioc.exchange) and co-admin of THGTOA.
 I will update this canary within 1 month.
 Latest bitcoin block hash:
 00000000000000000000d9330bf8a03ce70cbe5542bddd16558693a43ea32fd3
 I am in complete control of all my key material.
 All previous keys have been revoked as part of standard OPSEC key rotation procedures.
 Do not encrypt communications to my old keys, I will not read them.
 The key currently published on my website https://itsnothing.net/pgp.txt with a fingerprint
 of C87D87466FD205945CF10A3821AB6B6A6CB2C337, is my only PGP key for public communication.
 Permanent record of old and new PGP keys:
 the old key was:
 pub   rsa4096/0xB208C4084A2C582D 2022-11-04 [SC] [expires: 2027-11-03]
      Key fingerprint = D793 9998 F78B ADB5 18C1  B600 B208 C408 4A2C 582D
 uid                   [ultimate] Nope <no@anonymousplanet.org>
 And the new key is:
 pub   ed25519/0x21AB6B6A6CB2C337 2023-07-14 [SC]
      Key fingerprint = C87D 8746 6FD2 0594 5CF1  0A38 21AB 6B6A 6CB2 C337
 uid                   [ultimate] nopenothinghere@proton.me <nopenothinghere@proton.me>
 To fetch the full key, you can simply do:
  gpg --keyserver keys.openpgp.org --recv-key 0x21AB6B6A6CB2C337
 **
  Note: this keyserver is experimental.[0] I still have yet to add this key to
  the I2P keyserver pool, and I don't know if I will. If you have previously
  signed my key but did a local-only signature (lsign), you will not want to
  issue the following, instead you will want to use --lsign-key, and not send
  the signatures to the keyserver.
 **
  gpg --sign-key 0x21AB6B6A6CB2C337
 I'd like to receive your signatures on my key. You can either send me an e-mail
 with the new signatures (if you have a functional MTA on your system):
  gpg --export 0x21AB6B6A6CB2C337 | gpg --encrypt -r 0x21AB6B6A6CB2C337 --armor \
      | mail -s 'OpenPGP Signatures' <nopenothinghere@proton.me>
 Additionally, I highly recommend that you implement a mechanism to keep your key
 material up-to-date so that you obtain the latest revocations, and other updates
 in a timely manner. You can do regular key updates by using parcimonie[1] to
 refresh your keyring. Parcimonie is a daemon that slowly refreshes your keyring
 from a keyserver over Tor. It uses a randomized sleep, and fresh tor circuits
 for each key. The purpose is to make it hard for an attacker to correlate the
 key updates with your keyring.
 I also highly recommend checking out the excellent Riseup GPG best practices
 doc, from which I stole most of the text for this transition message ;-)
 https://we.riseup.net/riseuplabs+paow/openpgp-best-practices
 Please let me know if you have any questions, or problems, and sorry for the
 inconvenience.
  Nope (Anonymous Planet) <no@anonymousplanet.org>
 0. https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f
 1. https://directory.fsf.org/wiki/Parcimonie
 -----BEGIN PGP SIGNATURE-----
 iHUEARYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZMAZwAAKCRAhq2tqbLLD
 N3l3AQC28SZK5HHU1o7K36ifOd/OKj97urrMZF+NUkaRmAwQxgEAlIa2y9g0JoQW
 epEpViXFDwyWIUfNhVaJwUWjn/DLoAI=
 =A72C
 -----END PGP SIGNATURE-----
@@ -0,0 +1,132 @@
 # PDF Build, Scan & Release Scripts
 This directory contains scripts for building PDFs from MkDocs documentation, scanning them with VirusTotal, generating hashes, and uploading artifacts to GitHub releases.
 ## Scripts
 ### `pdf_release.sh` (v2 - Recommended)
 The main script that handles:
 - SHA256 hash generation for PDF files
 - VirusTotal scanning of PDFs
 - Release creation/update on GitHub
 - GPG signature verification support
 **Usage:**
 ```bash
 ./scripts/pdf_release.sh --build <light|dark|both> --release <tag|latest> [--vt-api-key VT_KEY] [--github-token TOKEN]
 ```
 **Options:**
 - `--build`: PDF build mode (`light`, `dark`, or `both`) - Required
 - `--release`: Release update mode (`tag` for tagged releases, `latest` to always update) - Default: `tag`
 - `--vt-api-key`: VirusTotal API key (optional)
 - `--github-token`: GitHub token for release operations (optional)
 ### `build_guide_pdf.py`
 Python script that builds MkDocs documentation and converts it to PDF using Chromium/Chrome.
 **Usage:**
 ```bash
 python scripts/build_guide_pdf.py --both  # Build both light and dark mode
 python scripts/build_guide_pdf.py --dark-mode  # Dark mode only
 python scripts/build_guide_pdf.py --skip-mkdocs  # Skip MkDocs build, use existing site
 ```
 ## GitHub Actions Workflow
 The workflow `.github/workflows/build-pdf-combined.yml` combines all operations:
 1. **Build PDFs** - Generates light/dark mode PDFs with GPG signatures
 2. **Scan & Release** - Scans with VirusTotal and updates/releases artifacts
 ### Required Secrets
 Add these to your repository settings under **Settings > Secrets and variables > Actions**:
 - `GPG_PRIVATE_KEY`: Your GPG private key for signing
 - `GPG_PASSPHRASE`: Passphrase for the GPG key (if any)
 - `VT_API_KEY`: VirusTotal API key for malware scanning
 - `GITHUB_TOKEN`: Automatically available, but can be manually added
 ### Workflow Triggers
 The workflow runs on:
 - Manual dispatch (`workflow_dispatch`) with customizable options
 - Push to main branch when docs, mkdocs.yml, or scripts change
 ## Output Files
 After running the build and release process, you'll get:
 ```
 export/
 ├── thgtoa.pdf                    # Light mode PDF
 ├── thgtoa-dark.pdf               # Dark mode PDF
 ├── thgtoa.pdf.sig                # GPG signature for light PDF
 ├── thgtoa-dark.pdf.sig           # GPG signature for dark PDF
 ├── thgtoa.pdf.sha256             # SHA256 hash for light PDF
 ├── thgtoa-dark.pdf.sha256        # SHA256 hash for dark PDF
 ├── sha256sum-combined.txt        # Combined hash file
 ├── sha256sum-combined.txt.sig    # GPG signature for combined hashes
 └── virus-total-results.md        # VirusTotal scan results
 ```
 ## Hash Verification
 To verify the integrity of downloaded PDFs:
 ```bash
 # Verify against individual hash file
 sha256sum -c thgtoa.pdf.sha256
 # Or verify against combined hash file
 sha256sum -c sha256sum-combined.txt
 ```
 ## VirusTotal Integration
 When a `VT_API_KEY` is provided, the script will:
 1. Upload each PDF to VirusTotal's API
 2. Generate individual scan reports
 3. Include VT report links in release notes and artifacts
 The VT results file (`virus-total-results.md`) contains:
 - Scan timestamp
 - SHA256 hashes for each PDF
 - Direct links to VirusTotal GUI reports
 ## Release Management
 The script supports two release modes:
 1. **Tag mode** (`--release tag`): Updates the release matching the current git tag
 2. **Latest mode** (`--release latest`): Always updates the most recent release (useful for continuous deployment)
 When running in a GitHub Actions workflow with a tag push, it will automatically create or update the corresponding release.
 ## Troubleshooting
 ### PDF Build Fails
 - Ensure Chrome/Chromium is installed: `sudo apt install chromium-browser`
 - Check MkDocs configuration is valid: `mkdocs build --strict`
 - Verify all documentation files are present and properly formatted
 ### VirusTotal Scan Fails
 - Check VT_API_KEY secret is correctly set in repository settings
 - Verify the API key has sufficient quota (free tier allows 4 requests/minute)
 - Check network connectivity to VirusTotal API
 ### Release Upload Fails
 - Ensure GITHUB_TOKEN has appropriate permissions (repo scope)
 - For existing releases, use `--release latest` instead of `tag`
 - Check that the release tag format matches GitHub's requirements (e.g., `v1.0.0`)
 ## Security Notes
 - **GPG Keys**: Never commit private keys to version control. Use GitHub Secrets.
 - **VT API Key**: Keep your VirusTotal API key secret and rotate periodically.
 - **Release Artifacts**: All uploaded artifacts are publicly visible on your releases page.
 ## License
 These scripts are part of the "The How-To Guide To Anonymity" project and follow the same licensing as the main repository.
@@ -0,0 +1,247 @@
 #!/usr/bin/env python3
 """Experimental dark mode support.
 This script builds both light and dark mode MkDocs site, then renders docs/guide/ to single PDFs via Chromium.
 Usage:
  python scripts/build_guide_pdf.py                    # Generate light mode PDF only
  python scripts/build_guide_pdf.py --dark-mode        # Generate dark mode PDF only
  python scripts/build_guide_pdf.py --both             # Generate both light and dark mode PDFs
 Examples:
  python scripts/build_guide_pdf.py --site-dir build/html --pdf-light export/thgtoa.pdf
  python scripts/build_guide_pdf.py --dark-mode --pdf-dark export/thgtoa-dark.pdf
 """
 from __future__ import annotations
 import argparse
 import os
 import shutil
 import subprocess
 import sys
 import time
 from pathlib import Path
 def repo_root() -> Path:
    return Path(__file__).resolve().parent.parent
 def find_chromium_executable() -> Path | None:
    if sys.platform == "win32":
        paths = [
            Path(os.environ.get("PROGRAMFILES(X86)", "")) / "Microsoft/Edge/Application/msedge.exe",
            Path(os.environ.get("LOCALAPPDATA", "")) / "Microsoft/Edge/Application/msedge.exe",
            Path(os.environ.get("PROGRAMFILES", "")) / "Google/Chrome/Application/chrome.exe",
            Path(os.environ.get("PROGRAMFILES(X86)", "")) / "Google/Chrome/Application/chrome.exe",
            Path(os.environ.get("LOCALAPPDATA", "")) / "Google/Chrome/Application/chrome.exe",
        ]
        for p in paths:
            if p.is_file():
                return p
        for name in ("chrome", "msedge"):
            w = shutil.which(name)
            if w:
                return Path(w)
    elif sys.platform == "darwin":
        for p in (
            "/Applications/Google Chrome.app/Contents/MacOS/Google Chrome",
            "/Applications/Microsoft Edge.app/Contents/MacOS/Microsoft Edge",
            "/Applications/Chromium.app/Contents/MacOS/Chromium",
        ):
            if os.path.isfile(p):
                return Path(p)
    for name in ("google-chrome-stable", "google-chrome", "chromium-browser", "chromium", "chrome"):
        w = shutil.which(name)
        if w:
            return Path(w)
    return None
 def run_mkdocs(site_dir: Path) -> None:
    site_dir.mkdir(parents=True, exist_ok=True)
    subprocess.run(
        [sys.executable, "-m", "mkdocs", "build", "-d", str(site_dir)],
        cwd=repo_root(),
        check=True,
    )
 def print_to_pdf(browser: Path, html_file: Path, pdf_out: Path, dark_mode: bool = False) -> Path:
    """Write PDF to ``pdf_out``. Uses a temp file first so an open ``guide.pdf`` on Windows
    does not block the build: if the final path is locked, writes ``guide-new.pdf`` instead.
    Args:
        browser: Path to Chromium executable
        html_file: Path to HTML file to convert
        pdf_out: Output PDF path
        dark_mode: If True, use dark mode color scheme via --prefers-color-scheme flag
    """
    pdf_out.parent.mkdir(parents=True, exist_ok=True)
    partial = pdf_out.parent / f".{pdf_out.name}.writing"
    partial.unlink(missing_ok=True)
    uri = html_file.resolve().as_uri()
    # Chromium headless print; allow time for fonts/images on very large pages.
    cmd = [str(browser)]
    if os.environ.get("CI"):
        # GitHub Actions / other CI runners often need these for Chromium to start.
        cmd += [
            "--no-sandbox",
            "--disable-setuid-sandbox",
            "--disable-dev-shm-usage",
        ]
    cmd += [
        "--headless=new",
        "--disable-gpu",
        "--no-pdf-header-footer",
    ]
    # Add dark mode preference if requested
    if dark_mode:
        cmd.append("--prefers-color-scheme=dark")
    cmd += [
        f"--print-to-pdf={partial.resolve()}",
        uri,
    ]
    subprocess.run(cmd, check=True, timeout=600)
    deadline = time.time() + 120
    while time.time() < deadline:
        if partial.exists() and partial.stat().st_size > 0:
            break
        time.sleep(0.25)
    else:
        partial.unlink(missing_ok=True)
        raise RuntimeError(f"PDF was not written to {partial}")
    try:
        if pdf_out.exists():
            pdf_out.unlink()
    except PermissionError:
        fallback = pdf_out.with_name(f"{pdf_out.stem}-new{pdf_out.suffix}")
        fallback.unlink(missing_ok=True)
        partial.replace(fallback)
        return fallback
    partial.replace(pdf_out)
    return pdf_out
 def generate_dark_mode_html(html_file: Path, output_file: Path, dark_css_path: Path) -> None:
    """Create a temporary HTML file with dark mode stylesheet applied.
    This is used when we need to force dark mode rendering via CSS rather than browser flags.
    """
    try:
        from bs4 import BeautifulSoup
        # Read the original HTML
        html_content = html_file.read_text(encoding='utf-8')
        soup = BeautifulSoup(html_content, 'html.parser')
        # Add dark mode stylesheet link if not present
        existing_links = [link.get('href', '') for link in soup.find_all('link', rel='stylesheet')]
        if not any(dark_css_path.name in link for link in existing_links):
            head = soup.head or soup.new_tag('head')
            link_tag = soup.new_tag('link', rel='stylesheet', href=str(dark_css_path))
            if soup.head:
                soup.head.append(link_tag)
            else:
                # Create a new head section
                new_head = soup.new_tag('head')
                new_head.append(link_tag)
                soup.insert(0, new_head)
        # Write the modified HTML
        output_file.parent.mkdir(parents=True, exist_ok=True)
        output_file.write_text(str(soup), encoding='utf-8')
    except ImportError:
        print("BeautifulSoup not available. Skipping CSS injection.")
 def main() -> int:
    root = repo_root()
    ap = argparse.ArgumentParser(description="Build MkDocs + single-page guide PDF (light and/or dark mode).")
    ap.add_argument(
        "--site-dir",
        type=Path,
        default=root / "build" / "html",
        help="MkDocs output directory (default: ./build/html)",
    )
    ap.add_argument(
        "--pdf-light",
        type=Path,
        default=root / "export" / "thgtoa.pdf",
        help="Output PDF path for light mode (default: ./export/thgtoa.pdf)",
    )
    ap.add_argument(
        "--pdf-dark",
        type=Path,
        default=root / "export" / "thgtoa-dark.pdf",
        help="Output PDF path for dark mode (default: ./export/thgtoa-dark.pdf)",
    )
    ap.add_argument("--skip-mkdocs", action="store_true", help="Reuse existing site dir; only run print-to-pdf.")
    ap.add_argument("--dark-mode", action="store_true", help="Generate dark mode PDF only")
    ap.add_argument("--both", action="store_true", help="Generate both light and dark mode PDFs")
    args = ap.parse_args()
    # Determine which modes to generate
    if args.dark_mode:
        modes = ["dark"]
    elif args.both:
        modes = ["light", "dark"]
    else:
        modes = ["light"]
    guide_html = args.site_dir / "guide" / "index.html"
    if not args.skip_mkdocs or any(mode == "light" for mode in modes):
        run_mkdocs(args.site_dir)
    if not guide_html.is_file():
        print(f"Missing {guide_html}; run without --skip-mkdocs first.", file=sys.stderr)
        return 1
    browser = find_chromium_executable()
    if not browser:
        print(
            "No Chromium-based browser found (Chrome, Edge, or Chromium). "
            "Install Google Chrome or Microsoft Edge, or add Chromium to PATH.",
            file=sys.stderr,
        )
        return 1
    dark_css_path = root / "docs" / "stylesheets" / "dark-extra.css"
    # Generate light mode PDF (default)
    if "light" in modes:
        out_light = print_to_pdf(browser, guide_html, args.pdf_light, dark_mode=False)
        size_kb = out_light.stat().st_size // 1024
        print(f"Wrote {out_light.resolve()} ({size_kb} KiB) [Light Mode]")
        if out_light.resolve() != args.pdf_light.resolve():
            print(
                f"Note: {args.pdf_light.name} was in use; close it and rename or replace with the file above.",
                file=sys.stderr,
            )
    # Generate dark mode PDF
    if "dark" in modes:
        out_dark = print_to_pdf(browser, guide_html, args.pdf_dark, dark_mode=True)
        size_kb = out_dark.stat().st_size // 1024
        print(f"Wrote {out_dark.resolve()} ({size_kb} KiB) [Dark Mode]")
        if out_dark.resolve() != args.pdf_dark.resolve():
            print(
                f"Note: {args.pdf_dark.name} was in use; close it and rename or replace with the file above.",
                file=sys.stderr,
            )
    return 0
 if __name__ == "__main__":
    raise SystemExit(main())
@@ -0,0 +1,288 @@
 #!/usr/bin/env python3
 """Setup helper for PDF workflow configuration.
 This script helps you configure the necessary GitHub Secrets for the automated
 PDF build, signing, and VirusTotal scanning workflows.
 Usage:
  python scripts/setup_workflow.py
 Requirements:
  - Python 3.8+
  - GPG installed (for key export)
  - Access to GitHub repository settings
 What it does:
  1. Validates your GPG key setup
  2. Exports the public key for verification
  3. Provides instructions for adding secrets to GitHub
 """
 from __future__ import annotations
 import subprocess
 import sys
 from pathlib import Path
 def repo_root() -> Path:
    return Path(__file__).resolve().parent.parent
 def check_gpg_installed() -> bool:
    """Check if GPG is installed and accessible."""
    try:
        result = subprocess.run(
            ["gpg", "--version"],
            capture_output=True,
            text=True,
            timeout=10,
        )
        return result.returncode == 0
    except (FileNotFoundError, subprocess.TimeoutExpired):
        return False
 def list_gpg_keys() -> list[dict]:
    """List all GPG keys in the keyring."""
    try:
        result = subprocess.run(
            ["gpg", "--list-keys", "--with-colons"],
            capture_output=True,
            text=True,
            check=True,
        )
        keys = []
        current_key = {}
        for line in result.stdout.split('\n'):
            if line.startswith('pub:'):
                if current_key:
                    keys.append(current_key)
                parts = line.split(':')
                current_key = {
                    'type': parts[1],
                    'key_id': parts[4],
                    'fingerprint': parts[9] if len(parts) > 9 else None,
                    'created': parts[5],
                    'expires': parts[6],
                    'uid': None,
                }
            elif line.startswith('uid:'):
                parts = line.split(':')
                current_key['uid'] = parts[9] if len(parts) > 9 else None
        if current_key:
            keys.append(current_key)
        return keys
    except subprocess.CalledProcessError as e:
        print(f"Error listing GPG keys: {e}")
        return []
 def export_public_key(key_id: str, output_file: Path | None = None) -> str | None:
    """Export a public key in ASCII armor format."""
    try:
        result = subprocess.run(
            ["gpg", "--armor", "--export", key_id],
            capture_output=True,
            text=True,
            check=True,
        )
        if output_file:
            output_file.write_text(result.stdout)
            print(f"✓ Public key exported to {output_file}")
        return result.stdout
    except subprocess.CalledProcessError as e:
        print(f"Error exporting public key: {e}")
        return None
 def export_private_key(key_id: str, output_file: Path | None = None) -> str | None:
    """Export a private key in ASCII armor format (requires passphrase)."""
    try:
        # This will prompt for passphrase interactively
        result = subprocess.run(
            ["gpg", "--armor", "--export-secret-keys", key_id],
            capture_output=True,
            text=True,
            check=True,
        )
        if output_file:
            output_file.write_text(result.stdout)
            print(f"✓ Private key exported to {output_file}")
        return result.stdout
    except subprocess.CalledProcessError as e:
        print(f"Error exporting private key: {e}")
        return None
 def validate_gpg_key(key_id: str) -> bool:
    """Validate that a GPG key has signing capability."""
    try:
        result = subprocess.run(
            ["gpg", "--list-keys", "--with-colons", key_id],
            capture_output=True,
            text=True,
            check=True,
        )
        # Check for 's' (signing) in the pub line
        for line in result.stdout.split('\n'):
            if line.startswith('pub:'):
                flags = line.split(':')[1]
                return 's' in flags
        return False
    except subprocess.CalledProcessError:
        return False
 def print_setup_instructions():
    """Print instructions for configuring GitHub Secrets."""
    print("\n" + "="*70)
    print("GITHUB SECRETS SETUP INSTRUCTIONS")
    print("="*70)
    print("""
 To enable the automated PDF workflow, you need to add three secrets to your
 GitHub repository:
 1. GPG_PRIVATE_KEY
   - Your GPG private key in ASCII armor format
   - Used to sign PDFs and hash files
   - IMPORTANT: Keep this secret! Never commit it publicly
 2. GPG_PASSPHRASE
   - The passphrase for your GPG private key
   - Required to unlock the private key for signing
 3. VT_API_KEY (optional but recommended)
   - VirusTotal API key for malware scanning
 TROUBLESHOOTING:
 - If GPG signing fails: Check that your key has signing capability ('s' flag)
 - If passphrase is wrong: Verify you're using the correct passphrase
 - If VT scan fails: Ensure API key is valid and within rate limits
 """)
 def main() -> int:
    print("\n" + "="*70)
    print("PDF WORKFLOW SETUP HELPER")
    print("="*70)
    # Check GPG installation
    if not check_gpg_installed():
        print("⚠ WARNING: GPG is not installed or not in PATH")
        print("Please install GPG before continuing:")
        print("  - Linux: sudo apt install gnupg")
        print("\nContinuing anyway...")
    # List available keys
    print("\n🔑 Available GPG Keys:")
    print("-" * 70)
    keys = list_gpg_keys()
    if not keys:
        print("No GPG keys found in your keyring.")
        print("Generate a key with: gpg --full-generate-key")
        return 1
    for i, key in enumerate(keys, 1):
        status = "✓" if validate_gpg_key(key['key_id']) else "✗"
        print(f"\n{i}. {status} Key ID: {key['key_id']}")
        print(f"   Fingerprint: {key.get('fingerprint', 'N/A')}")
        print(f"   UID: {key.get('uid', 'Unknown')}")
        print(f"   Created: {key.get('created', 'Unknown')}")
        if key.get('expires'):
            print(f"   Expires: {key['expires']}")
    # Ask user to select key
    print("\n" + "-" * 70)
    try:
        choice = input("\nEnter the number of the key you want to use (1-{}): ".format(len(keys)))
        selected_index = int(choice) - 1
        if not (0 <= selected_index < len(keys)):
            print("Invalid selection!")
            return 1
    except ValueError:
        print("Invalid input! Please enter a number.")
        return 1
    selected_key = keys[selected_index]
    # Validate key has signing capability
    if not validate_gpg_key(selected_key['key_id']):
        print(f"\n⚠ WARNING: Selected key does not have signing capability!")
        print("You need a key with 's' (signing) flag for PDF signatures.")
        confirm = input("Continue anyway? (y/N): ")
        if confirm.lower() != 'y':
            return 1
    # Export public key
    print(f"\n📤 Exporting public key for {selected_key['uid']}...")
    public_key_file = repo_root() / "pgp" / "workflow-public.asc"
    public_key = export_public_key(selected_key['key_id'], public_key_file)
    if not public_key:
        print("Failed to export public key!")
        return 1
    # Show public key info
    print("\n✓ Public Key Information:")
    print("-" * 70)
    for line in public_key.split('\n')[:5]:
        print(line)
    print("...")
    # Instructions for private key export
    print("\n🔐 Private Key Export:")
    print("-" * 70)
    print("""
 To get your private key for the GPG_PRIVATE_KEY secret:
 1. Run this command (you'll be prompted for passphrase):
   gpg --armor --export-secret-keys {} > workflow-private.asc
 2. Copy the ENTIRE output including BEGIN and END lines
 3. Add it to GitHub Secrets as 'GPG_PRIVATE_KEY'
 ⚠ IMPORTANT: Keep your private key secure! Never commit it publicly.
 """.format(selected_key['key_id']))
    # Print setup instructions
    print_setup_instructions()
    print("\n" + "="*70)
    print("SETUP COMPLETE!")
    print("="*70)
    print(f"\nPublic key saved to: {public_key_file}")
    print("Next steps:")
    print("1. Export your private key (see instructions above)")
    print("2. Add all three secrets to GitHub repository settings")
    print("3. Test the workflow by triggering a manual build")
    print("\nFor more information, see: docs/guide/dev-workflow.md\n")
    return 0
 if __name__ == "__main__":
    raise SystemExit(main())
@@ -0,0 +1,214 @@
 #!/usr/bin/env python3
 """Verification script for PDF files.
 This script verifies:
 1. SHA256 hash integrity of PDF files
 2. GPG signature authenticity
 3. VirusTotal scan status (optional)
 Usage:
  python scripts/verify_pdf.py --all                    # Verify everything
  python scripts/verify_pdf.py --hashes                 # Only verify hashes
  python scripts/verify_pdf.py --signatures             # Only verify signatures
  python scripts/verify_pdf.py --vt                     # Check VT status (requires API key)
 Examples:
  python scripts/verify_pdf.py --all
  python scripts/verify_pdf.py --hashes --file export/thgtoa.pdf
 """
 from __future__ import annotations
 import argparse
 import hashlib
 import os
 import subprocess
 import sys
 from pathlib import Path
 def repo_root() -> Path:
    return Path(__file__).resolve().parent.parent
 def calculate_sha256(file_path: Path) -> str:
    """Calculate SHA256 hash of a file."""
    sha256_hash = hashlib.sha256()
    with open(file_path, "rb") as f:
        for byte_block in iter(lambda: f.read(4096), b""):
            sha256_hash.update(byte_block)
    return sha256_hash.hexdigest()
 def verify_hash(file_path: Path, expected_hash: str) -> bool:
    """Verify file hash against expected value."""
    actual_hash = calculate_sha256(file_path)
    is_valid = actual_hash == expected_hash
    status = "✓ PASS" if is_valid else "✗ FAIL"
    print(f"{status}: {file_path.name}")
    print(f"  Expected: {expected_hash}")
    print(f"  Actual:   {actual_hash}")
    return is_valid
 def verify_signature(file_path: Path, sig_file: Path) -> bool:
    """Verify GPG signature of a file."""
    if not sig_file.exists():
        print(f"✗ FAIL: Signature file not found: {sig_file}")
        return False
    try:
        result = subprocess.run(
            ["gpg", "--verify", str(sig_file), str(file_path)],
            capture_output=True,
            text=True,
            check=False,
        )
        if result.returncode == 0:
            print(f"✓ PASS: {file_path.name} signature verified")
            # Extract key info from GPG output
            for line in result.stdout.split('\n'):
                if 'Good signature' in line or 'key ID' in line.lower():
                    print(f"  {line.strip()}")
            return True
        else:
            print(f"✗ FAIL: {file_path.name} signature verification failed")
            print(f"  Error: {result.stderr}")
            return False
    except FileNotFoundError:
        print("⚠ WARNING: GPG not installed. Skipping signature verification.")
        return None
 def verify_from_hash_file(file_path: Path, hash_file: Path) -> bool:
    """Verify file hash from a hash file."""
    if not hash_file.exists():
        print(f"✗ FAIL: Hash file not found: {hash_file}")
        return False
    expected_hash = None
    with open(hash_file, 'r') as f:
        for line in f:
            parts = line.strip().split()
            if len(parts) >= 2 and parts[1] == str(file_path):
                expected_hash = parts[0]
                break
    if not expected_hash:
        print(f"✗ FAIL: Hash not found in {hash_file.name} for {file_path.name}")
        return False
    return verify_hash(file_path, expected_hash)
 def check_virustotal(file_hash: str, api_key: str | None = None) -> dict | None:
    """Check VirusTotal scan status for a file hash."""
    if not api_key:
        print("⚠ WARNING: VT_API_KEY not set. Skipping VirusTotal check.")
        return None
    try:
        import urllib.request
        import json
        url = f"https://www.virustotal.com/api/v3/files/{file_hash}"
        request = urllib.request.Request(url, headers={"x-apikey": api_key})
        with urllib.request.urlopen(request, timeout=30) as response:
            data = json.loads(response.read().decode())
            stats = data.get('data', {}).get('attributes', {}).get('last_analysis_stats', {})
            total = sum(stats.values()) if stats else 0
            print(f"\n🦠 VirusTotal Results for {file_hash[:16]}...")
            print(f"  Total scans: {total}")
            if stats:
                print(f"  Malicious:    {stats.get('malicious', 0)}")
            print(f"  Suspicious:   {stats.get('suspicious', 0)}")
            print(f"  Undetected:   {stats.get('undetected', 0)}")
            print(f"  Clean:        {stats.get('harmless', 0)}")
            return data
    except Exception as e:
        print(f"⚠ ERROR checking VirusTotal: {e}")
        return None
 def main() -> int:
    root = repo_root()
    ap = argparse.ArgumentParser(description="Verify PDF files (hashes, signatures, VT).")
    # File paths
    ap.add_argument(
        "--light-pdf",
        type=Path,
        default=root / "export" / "thgtoa.pdf",
        help="Light mode PDF file",
    )
    ap.add_argument(
        "--dark-pdf",
        type=Path,
        default=root / "export" / "thgtoa-dark.pdf",
        help="Dark mode PDF file",
    )
    ap.add_argument(
        "--hash-file",
        type=Path,
        default=root / "export" / "thgtoa.pdf.sha256",
        help="Hash file to verify against",
    )
    # Verification modes
    group = ap.add_mutually_exclusive_group()
    group.add_argument("--all", action="store_true", help="Verify everything")
    group.add_argument("--hashes", action="store_true", help="Only verify hashes")
    group.add_argument("--signatures", action="store_true", help="Only verify signatures")
    ap.add_argument("--vt", action="store_true", help="Check VirusTotal status")
    args = ap.parse_args()
    # Determine what to verify
    if not any([args.all, args.hashes, args.signatures, args.vt]):
        args.all = True
    all_passed = True
    pdf_files = [
        ("Light", args.light_pdf),
        ("Dark", args.dark_pdf),
    ]
    for mode_name, pdf_file in pdf_files:
        if not pdf_file.exists():
            print(f"⚠ WARNING: {pdf_file.name} not found. Skipping.")
            continue
        print(f"\n{'='*60}")
        print(f"Verifying {mode_name} PDF: {pdf_file.name}")
        print('='*60)
        # Verify hash if requested
        if args.all or args.hashes:
            if not verify_from_hash_file(pdf_file, args.hash_file):
                all_passed = False
        # Verify signature if requested
        if args.all or args.signatures:
            sig_file = pdf_file.with_suffix(pdf_file.suffix + ".sig")
            result = verify_signature(pdf_file, sig_file)
            if result is False:  # None means skipped (GPG not installed)
                all_passed = False
        # Check VirusTotal if requested
        if args.all or args.vt:
            file_hash = calculate_sha256(pdf_file)
            api_key = os.environ.get("VT_API_KEY")
            check_virustotal(file_hash, api_key)
    print(f"\n{'='*60}")
    if all_passed:
        print("✓ All verifications PASSED")
        return 0
    else:
        print("✗ Some verifications FAILED")
        return 1
 if __name__ == "__main__":
    raise SystemExit(main())
Author	SHA1	Message	Date
nopeitsnothing	1bb0acc3e8	Sign local copy Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2026-04-20 03:50:31 -04:00
nopeitsnothing	25bc901ece	Tweaking some of the build to function Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2026-04-20 03:43:52 -04:00
nopeitsnothing	78a0a37ee8	Tweaking some of the build to function Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2026-04-20 03:38:27 -04:00
nopeitsnothing	aeb63cd7ba	Tweaking some of the build to function Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2026-04-20 03:34:47 -04:00
nopeitsnothing	64ddd18535	Tweaking some of the build to function Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2026-04-20 03:29:54 -04:00
nopeitsnothing	7c9847e7d1	Tweaking some of the build to function Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2026-04-20 03:23:15 -04:00
nopeitsnothing	1e8c90513f	Tweaking some of the build to function Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2026-04-20 03:21:00 -04:00
nopeitsnothing	2d09d7c01c	Tweaking some of the build to function pt6 Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2026-04-20 03:15:19 -04:00
nopeitsnothing	1938e031ee	Tweaking some of the build to function pt5 Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2026-04-20 03:13:28 -04:00
nopeitsnothing	8483d6336b	Tweaking some of the build to function pt4 Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2026-04-20 03:08:28 -04:00
nopeitsnothing	1c168691c5	Tweaking some of the build to function pt3 Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2026-04-20 03:04:39 -04:00
nopeitsnothing	ae50911375	Tweaking some of the build to function pt2 Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2026-04-20 02:58:56 -04:00
nopeitsnothing	df2dd61676	Tweaking some of the build to function Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2026-04-20 02:50:05 -04:00
nopeitsnothing	904fa24478	Moving some things around Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2026-04-20 02:45:06 -04:00
nopeitsnothing	28556c016c	One job to rule them all Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2026-04-19 00:46:00 -04:00
nopeitsnothing	7bc3ed6bb6	Forgot to add flag Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2026-04-19 00:36:07 -04:00
nopeitsnothing	9a58ca1b7c	The GPG bit fails, let's try again pt2 Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2026-04-19 00:27:35 -04:00
nopeitsnothing	655e47fb8d	The GPG bit fails, let's try again Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2026-04-19 00:25:57 -04:00
nopeitsnothing	c0eb8aa6f3	Move out some scripts Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2026-04-19 00:17:39 -04:00
nopeitsnothing	90aa8b5442	Combined actions refactor Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2026-04-19 00:05:27 -04:00
nopeitsnothing	85912692d2	Combined actions into one file for less overhead Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2026-04-18 23:45:03 -04:00
nopeitsnothing	6305e1fbbb	Overhaul the Hashing, scanning, release management tool :) pt 2 Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2026-04-18 22:05:52 -04:00
nopeitsnothing	0b71c3f49a	Overhaul the Hashing, scanning, release management ...tool :) Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2026-04-18 22:03:40 -04:00
nopeitsnothing	468ff8f4a1	Refactor build action Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2026-04-17 13:44:04 -04:00
nopeitsnothing	11c2882ba5	Slightly refactor the workflow task Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2026-04-16 17:10:39 -04:00
nopeitsnothing	4c3ca7bfd7	Fix README Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2026-04-16 06:56:12 -04:00
nopeitsnothing	5636291c8a	Build pipeline WIP Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2026-04-16 06:44:59 -04:00
nopeitsnothing	41ac52de0a	Add: How to verify the authenticity of our files and check virus scans Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2026-04-16 06:03:23 -04:00
nopeitsnothing	f100633632	Refactoring the VT job Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2026-04-16 05:58:25 -04:00
nopeitsnothing	062128732e	Downgrade to working versions to fix broken jobs Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2026-04-16 05:55:35 -04:00
nopeitsnothing	e0d16797ed	Appendix A6: comment out deprecated ODT information Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2026-04-16 01:36:06 -04:00
nopeitsnothing	d5659af3f7	Replace broken internal link with correct rel path Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2026-04-16 01:34:20 -04:00
nopeitsnothing	a2dbdd10e9	Add nav in mkdocs.yml config Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2026-04-16 01:27:59 -04:00
nopeitsnothing	cd00fa79fd	Fix broken link to page Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2026-04-15 18:04:19 -04:00
nopeitsnothing	c49cc87390	Update VT scan workflow - Use v6.x for latest stable actions/checkout - Use v6.x for latest stable Go version - Add release line - Scan on push using rules Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2026-04-14 04:50:59 -04:00
nopeitsnothing	a14191bc7b	Use VT v5.x Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2026-04-14 04:35:26 -04:00
nopeitsnothing	a47e02939d	Add VirusTotal scans for submitted PDFs Submit locally crafted PDFs (currently, dark mode is broken and I'm refactoring the CSS and HTML to fix this). First runs likely will fail due to how runners work on GitHub Actions. Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2026-04-14 04:21:12 -04:00
nopeitsnothing	52a38f5deb	Fix path Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2026-04-14 03:34:45 -04:00
nopeitsnothing	206a6ff6b7	Refactor PDF build in CI, add dark mode PDF (pt 4) Refactored GitHub Actions workflow Build guide PDF (`scripts\build_guide_pdf.py`): now builds both light and dark mode PDFs (`export/thgtoa.pdf` and `export/thgtoa-dark.pdf` respectively). Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2026-04-14 03:22:13 -04:00
nopeitsnothing	0e8de6ccc0	Fix PDF build in CI Added workflow for building PDF. Progress. Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2026-04-12 05:01:54 -04:00
nopeitsnothing	d0dfec95db	Fix PDF build in CI Added workflow for building PDF. Progress. Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2026-04-12 04:21:50 -04:00
nopeitsnothing	783f02f404	services: archive Matrix database and shutdown We are temporarily disabling the Matrix homeserver at anonymousplanet dot net due to the inability to keep up with infrastructure costs. This is the last attempt we will make until we know the services will be more reliable and we apologize for the inconvenience and instability. This is a joint decision caused by late payments to our hosting provider and we decided it best to simply leave things down and focus on other matters. We never really wanted to make a big deal about servers and services on them, it was mostly about community and chatting with like-minded individuals. We'll be around on Matrix still, just reach out to us if you have questions or comments. (Matrix) nope: thehidden at tchncs dot de (Matrix) daskolburn: daskolburn at thomcat dot rocks Our email remains the same: contact at anonymousplanet dot org Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2026-01-18 21:52:46 -05:00
nopeitsnothing	6c8dba5d5f	The Tor onion v3 address works Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2025-12-29 23:30:21 -05:00
nopeitsnothing	ee32450516	Merge branch 'fix-broken-markdown-links' 5745d29b - amend previous commit, fixing another found markdown link that was broken.	2025-12-29 22:37:34 -05:00
nopeitsnothing	c7452ea796	Fix Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2025-12-29 22:02:53 -05:00
nopeitsnothing	3621967517	Revert "Fix some metadata" This reverts commit `6448e2b786`.	2025-12-29 21:50:00 -05:00
nopeitsnothing	88896a4f15	File endings Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2025-12-29 21:47:32 -05:00
nopeitsnothing	14de26d77d	Missing parenthesis Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2025-12-22 01:45:28 -05:00
nopeitsnothing	3b430dc96a	Extra parenthesis Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2025-12-22 01:43:57 -05:00
nopeitsnothing	565f3b8516	Creating your anonymous online identities Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2025-12-22 01:42:23 -05:00
nopeitsnothing	fd60ef8460	Traffic anonymization Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2025-12-22 01:39:44 -05:00
nopeitsnothing	fb5e1fca74	OPSEC thoughts Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2025-12-22 01:31:47 -05:00
nopeitsnothing	02764539f2	Watermarking Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2025-12-22 01:30:33 -05:00
nopeitsnothing	2e0b7a9716	Browser and device fingerprinting Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2025-12-22 01:28:29 -05:00
nopeitsnothing	239d1c632f	Requirements refs Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2025-12-22 00:24:53 -05:00
nopeitsnothing	c76ccd3e43	Local data leaks, forensics Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2025-12-22 00:21:07 -05:00
nopeitsnothing	37068765cc	Whonix virtual machines Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2025-12-22 00:19:45 -05:00
nopeitsnothing	2c3dea5f41	Some more Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2025-12-22 00:18:16 -05:00
nopeitsnothing	d623dda610	Adversarial considerations (threats) Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2025-12-22 00:15:40 -05:00
nopeitsnothing	8e386addb8	Some more Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2025-12-22 00:13:35 -05:00
nopeitsnothing	7b3599df63	Some Tails refs Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2025-12-22 00:09:11 -05:00
nopeitsnothing	ac870b1497	Some additional measures against forensics refs Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2025-12-22 00:03:46 -05:00
nopeitsnothing	88cee5a3c0	Comparing versions ref Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2025-12-22 00:00:58 -05:00
nopeitsnothing	56678b3567	Persistent plausible deniability Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2025-12-21 23:57:18 -05:00
nopeitsnothing	3b1c5946ae	All refs I have time for at the moment Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2025-12-21 22:03:26 -05:00
nopeitsnothing	6448e2b786	Fix some metadata Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2025-12-16 12:51:03 -05:00
nopeitsnothing	957da7e2af	Update admin info in Matrix listing Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2025-12-03 16:48:02 -05:00
nopeitsnothing	6c4fd4a5c0	Fix some metadata - remove some old references to "files" we don't host. - the guide is not available in PDF in favor of a modern website. - the website can be cloned and redistributed using various tools. b34f4e1464e1f30fee960b50895b85ecb9e5eb6e2e33d97f1b3da730553176ad0248f437220dcb9628cd5a93ec809b9625e8e60eba4dab13efa002f7f4c6273a Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2025-10-30 09:06:23 -04:00
nopeitsnothing	2f5254a9fb	Fix discussion channels Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2025-10-07 19:04:29 -04:00
nopeitsnothing	23f2acb788	Fix nope's Matrix pushed to only one repo Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2025-10-03 16:14:29 -04:00
nopeitsnothing	2bfa84de28	Fix Das' Matrix pushed to only one repo Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2025-10-03 16:10:10 -04:00
nopeitsnothing	9b98497ed3	chore(commit): remove commitizen requirement Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2025-10-03 16:05:58 -04:00
nopeitsnothing	d212e86012	chore(crypto): remove than/nope signed canary I will no longer include my canary here, please see: https://itsnothing.net/crypto.txt and https://itsnothing.net/pgp.txt Signed-off-by: nopeitsnothing <no@anonymousplanet.org>	2025-10-03 15:43:29 -04:00
nopeitsnothing	621a6ae3d0	chore(pre-commit): upgrade pre-commit hooks	2025-10-03 15:39:16 -04:00
nopeitsnothing	377e8ecad7	docs(link): Wikiless.org --> Wikiless.com	2025-08-05 03:35:19 -04:00
nopeitsnothing	2c35d7ced8	gpg(than): minor updated information Cryptographic, canary, etc.	2025-07-19 03:18:19 -04:00
		`@@ -0,0 +1 @@`
							`f212d0425b38d5cd10da6dc804b60f143da23d4b07051aae31d0966082519b300af0e1c423683e0223738b33b138c687232b1c8bd68cf643777bbc5b588152bd ./export/thgtoa-dark.pdf`
		`@@ -0,0 +1 @@`
							`436ed0df78c299f95b8d5ff94f43f26ec2e7825d92d843fc15419630d55ed5e0c98485e738c12715a2b6242633faae38e8a98935b361d44ddde97a1692cb01a1 ./export/thgtoa.pdf`