Clarify threat model

docs/advanced/tor-overview.md

@@ -8,9 +8,15 @@ Tor is a free to use, decentralized network designed for using the internet with
 
 ## Safely Connecting to Tor
 
-You almost certainly should connect to Tor through a [VPN](../vpn.md) server.
+Before connecting to Tor, you should carefully consider what you're looking to accomplish by using Tor in the first place, and who you're trying to hide your network activity from.
 
-Connecting directly to Tor will make your connection stand out to any local network administrators or your ISP. Detecting and correlating this traffic [has been done](https://edition.cnn.com/2013/12/17/justice/massachusetts-harvard-hoax/) in the past to identify Tor users. On the other hand, connecting to a VPN is almost always less suspicious, because commercial VPN providers are used by everyday consumers for a variety of mundane tasks like bypassing geo-restrictions, even in countries which face heavy censorship.
+If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [de-stigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
+
+If your adversary is capable of extracting information from your ISP, or includes your ISP itself, you almost certainly should connect to Tor through a [VPN](../vpn.md) server.
+
+This is **not** censorship circumvention advice, because if Tor is blocked entirely by your ISP, your VPN likely is as well. Rather, this recommendation aims to make your traffic blend in better with commonplace VPN user traffic, and provide you with some level of plausible deniability by obscuring the fact that you're connecting to Tor from your ISP.
+
+Connecting directly to Tor will make your connection stand out to any local network administrators or your ISP. Detecting and correlating this traffic [has been done](https://edition.cnn.com/2013/12/17/justice/massachusetts-harvard-hoax/) in the past by network administrators to identify and deanonymize specific Tor users on their network. On the other hand, connecting to a VPN is almost always less suspicious, because commercial VPN providers are used by everyday consumers for a variety of mundane tasks like bypassing geo-restrictions, even in countries with heavy internet restrictions.
 
 Therefore, you should make an effort to hide your IP address **before** connecting to the Tor network. You can do this by simply connecting to a VPN (through a client installed on your computer) and then accessing [Tor](../tor.md) as normal, through Tor Browser for example. This creates a connection chain like:
 
@@ -38,14 +44,14 @@ Setting up **bad** configurations like these usually involves either setting up
 
     Therefore, it's not unreasonable to believe that encrypted Tor traffic hidden by a VPN could also be detected via similar methods. There are no research papers on this subject, and we still consider the benefits of using a VPN to far outweigh these risks, but it is something to keep in mind.
 
-Determining whether you should first use a VPN to connect to the Tor network will require some common sense and knowledge of your own government's and ISP's policies relating to what you're connecting to. However, again in most cases you will be better off being seen as connecting to a commercial VPN network than directly to the Tor network. If VPN providers are censored in your area, then you can consider using Tor pluggable transports (e.g. Snowflake or meek bridges) as an alternative, but using these bridges or pluggable transports may arise more suspicion than standard Wireguard/OpenVPN tunnels.
+Determining whether you should first use a VPN to connect to the Tor network will require some common sense and knowledge of your own government's and ISP's policies relating to what you're connecting to. However, again in most cases you will be better off being seen as connecting to a commercial VPN network than directly to the Tor network. If VPN providers are censored in your area, then you can also consider using Tor pluggable transports (e.g. Snowflake or meek bridges) as an alternative, but using these bridges or pluggable transports may arise more suspicion than standard WireGuard/OpenVPN tunnels.
 
 ## What Tor is Not
 
 Tor is **not** a free VPN:
 
 - Unlike Tor exit nodes, VPN providers are usually not actively [malicious](#caveats).
-- As we've alluded to already, Tor is also easily identifiable on the network. Unlike an actual VPN provider, using Tor will make you stick out as a person likely attempting to evade authorities. In a perfect world, Tor would be seen by authorities as a tool with many uses, but the perception of Tor is still far less legitimate than the perception of commercial VPNs, so using a real VPN provides you with excuses like "I was just using it to watch Netflix," etc.
+- As we've alluded to already, Tor is also easily identifiable on the network. Unlike an actual VPN provider, using Tor will make you stick out as a person likely attempting to evade authorities. In a perfect world, Tor would be seen by authorities as a tool with many uses, but in reality the perception of Tor is still far less legitimate than the perception of commercial VPNs, so using a real VPN provides you with excuses like "I was just using it to watch Netflix," etc.
 
 Tor Browser is also **not** the most *secure* browser:
 
@@ -131,10 +137,11 @@ Tor allows us to connect to a server without any single party knowing the entire
 
 Though Tor does provide strong privacy guarantees, one must be aware that Tor is not perfect:
 
+- Tor never protects you from exposing yourself by mistake, such as if you share too much information about your real identity.
 - Tor exit nodes can **modify** unencrypted traffic which passes through them. This means traffic which is not encrypted, such as plain HTTP traffic, can be changed by a malicious exit node. **Never** download files from an unencrypted `http://` website over Tor, and ensure your browser is set to always upgrade HTTP traffic to HTTPS.
 - Tor exit nodes can also monitor traffic that passes through them. Unencrypted traffic which contains personally identifiable information can deanonymize you to that exit node. Again, we recommend only using HTTPS over Tor.
-- Well-funded adversaries with the capability to passively watch most network traffic over the globe have a chance of deanonymizing Tor users by means of advanced traffic analysis.
-- Tor never protects you from exposing yourself by mistake, such as if you share too much information about your real identity.
+- Powerful adversaries with the capability to passively watch *all* network traffic around the globe ("Global Passive Adversaries") are **not** something that Tor protects you against (and using Tor [with a VPN](#safely-connecting-to-tor) doesn't change this fact).
+- Well-funded adversaries with the capability to passively watch *most* network traffic around the globe still have a *chance* of deanonymizing Tor users by means of advanced traffic analysis.
 
 If you wish to use Tor for browsing the web, we only recommend the **official** Tor Browser—it is designed to prevent fingerprinting.
 

docs/android.md

@@ -351,7 +351,7 @@ Aurora Store does not allow you to download paid apps with their anonymous accou
 
 ### Manually with RSS Notifications
 
-For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](/news-aggregators) that will help you keep track of new releases.
+For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](news-aggregators.md) that will help you keep track of new releases.
 
 ![RSS APK](./assets/img/android/rss-apk-light.png#only-light) ![RSS APK](./assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](./assets/img/android/rss-changes-light.png#only-light) ![APK Changes](./assets/img/android/rss-changes-dark.png#only-dark)
 

docs/basics/common-threats.md

@@ -39,7 +39,7 @@ To minimize the damage that a malicious piece of software *could* do, you should
 
     Mobile operating systems generally have better application sandboxing than desktop operating systems: Apps can't obtain root access, and require permission for access to system resources.
 
-    Desktop operating systems generally lag behind on proper sandboxing. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt-in to sandboxing for applications). However, these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../../desktop/#qubes-os).
+    Desktop operating systems generally lag behind on proper sandboxing. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt-in to sandboxing for applications). However, these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
 
 <span class="pg-red">:material-target-account: Targeted Attacks</span>
 

docs/basics/vpn-overview.md

@@ -48,7 +48,9 @@ However, VPNs can **never** protect you from themselves. Your VPN provider will
 
 ## Should I use Tor *and* a VPN?
 
-Maybe, Tor is not necessarily suitable for everybody. If you do use Tor then yes, you are likely best off connecting to the Tor network via a commercial VPN provider. We've written more about this subject on our [Tor overview](../advanced/tor-overview.md) page.
+Maybe, Tor is not necessarily suitable for everybody in the first place. Consider your [threat model](threat-modeling.md), because if your adversary is not capable of extracting information from your VPN provider, using a VPN alone may provide enough protection.
+
+If you do use Tor then you are *probably* best off connecting to the Tor network via a commercial VPN provider. We've written more about this subject on our [Tor overview](../advanced/tor-overview.md) page.
 
 ## Should I access Tor through VPN providers that provide "Tor nodes"?
 

docs/tor.md

@@ -41,7 +41,7 @@ Tor works by routing your internet traffic through those volunteer-operated serv
 
 !!! tip
 
-    Before connecting to Tor, please ensure you've read our [overview](advanced/tor-overview.md) on what Tor is and how to connect to it safely. We recommend connecting to Tor through a trusted [VPN provider](vpn.md), but you have to do so **properly** to avoid decreasing your anonymity.
+    Before connecting to Tor, please ensure you've read our [overview](advanced/tor-overview.md) on what Tor is and how to connect to it safely. We often recommend connecting to Tor through a trusted [VPN provider](vpn.md), but you have to do so **properly** to avoid decreasing your anonymity.
 
 There are a variety of ways to connect to the Tor network from your device, the most commonly used being the **Tor Browser**, a fork of Firefox designed for anonymous browsing for desktop computers and Android. In addition to the apps listed below, there are also operating systems designed specifically to connect to the Tor network such as [Whonix](desktop.md#whonix) on [Qubes OS](desktop.md#qubes-os), which provide even greater security and protections than the standard Tor Browser.