first presentable version

11 files changed, 76 insertions, 168 deletions

diff --git a/pages/help/vpn/android/en.text b/pages/help/vpn/android/en.text
index f154626..fe0fb12 100644
--- a/pages/help/vpn/android/en.text
+++ b/pages/help/vpn/android/en.text
@@ -1,4 +1,23 @@
-@title = "Encrypted Internet on Android"
-@nav_title = "Android Usage"
+@title = 'VPN on Android'
+@nav_title = 'Android'
+@summary = 'Using Bitmask VPN on Android devices'
 
-How to use bitmask on android
\ No newline at end of file
+h2. VPN States
+
+The current state of the VPN connection is displayed as a notification icon:
+
+*(android-on) VPN is *connected*, traffic is securely routed to the provider.
+*(android-wait) VPN is *waiting* to connect or to reconnect after the loss of network access. Traffic might escape unencrypted during this period.
+*(android-off) VPN is *off*. No traffic is encrypted.
+
+h2. Logging In
+
+When you first run the Bitmask VPN, you will need to log in to authenticate with your provider. Subsequently, you will be able to run the VPN without logging in.
+
+Once in a while, Bitmask may require that you login again in order to refresh the credentials used when the VPN is connecting. The default time between required log ins is one month, although your provider may be configured differently.
+
+h2. Anonymous VPN
+
+Some providers support an anonymous VPN mode. When enabled, you do not need to ever log in to use the VPN service. However, these providers often offer faster service when you do log in.
+
+When you are running Bitmask in anonymous VPN mode you might be blocked from reaching some sites. This is because some sites will block all traffic that is originating from known anonymous proxies.
diff --git a/pages/help/vpn/benefits/en.text b/pages/help/vpn/benefits/en.text
deleted file mode 100644
index 1d9391b..0000000
--- a/pages/help/vpn/benefits/en.text
+++ /dev/null
@@ -1,36 +0,0 @@
-- @title = 'Benefits of EIP'
-- @nav_title = 'Benefits'
-
-h2. Why would you want an Encrypted Internet Proxy?
-
-The internet is being broken by governments, internet service providers (ISPs), and corporations.
-
-h3. Broken by governments
-
-Around the world, governments are using the internet for social control, through both surveillance and censorship. Many countries, such as China, Iran, and the United States practice active surveillance of the social relationships of everyone and the European Union countries require all ISPs and website operators to record and retain personal data on your behavior. With three-strikes laws, many countries now deny citizens access to the internet if accused of file sharing. Some countries even forbid the use of new communication technologies, like Skype.
-
-h3. Broken by ISPs
-
-Internet service providers are breaking the internet too. They happily cooperate with government repression, they practice intrusive monitoring of your traffic through deep packet inspection, they track your DNS usage, and they get people thrown in jail, expelled from school, or banned from the internet, merely from the accusation of copyright infringement. Also, ISPs typically limit you to one internet address. If you want to share your internet connection with multiple devices, you must put all the devices on a local network. This works OK if you just want to browse the web, but makes life difficult if you want to take advantage of many applications.
-
-h3. Broken by corporations
-
-Corporations have discovered how to make money from the internet: surveillance. By tracking your online habits, advertising companies build detailed profiles of your individual behavior in order to better sell you useless crap. Every single major internet ad company now uses behavioral tracking. Also, to comply with national copyright, many companies only make their services available to some internet users, those who reside in the 'right' country.
-
-h2. How an Encrypted Internet Proxy helps
-
-There are many ways that EIP can help:
-
-# *protect against ISP surveillance*: An EIP eliminates the ability of your ISP to monitor your communication. They have no meaningful records which can be used against you, either by marketers or the government.
-# *bypass government censorship*: An EIP can entirely bypass all government censorship, so long as you still have access to the internet. Note, however, that careful analysis of your traffic could reveal that you are using an EIP, which may or may not be legal in your jurisdiction.
-# *access the entire internet, regardless of where you live*: An EIP allows you to pretend to live in any country where we have a EIP gateway server. This gives you access to restricted content only available in those countries. An EIP also allows you to use services that may be blocked in your country.
-# *secure your Wi-Fi connection*: Any time you use a public Wi-Fi connection, everyone else using that access point can spy on your traffic. An EIP will prevent this.
-# *keep websites from logging your IP address*: Most all websites will log your IP address and some even retain this information for several years. Because your IP address is effectively an unique identifier that is connected to your real identity and your real location, there are many reasons why someone might not want every website they visit to have access to this personal information.
-
-h2. Special features of Bitmask EIP
-
-The Bitmask application provides an Encrypted Internet that has several advantages over traditional "Personal VPN":
-
-* Does not leak traffic: IPv6, DNS, Does not "Fail Open"
-* No logging: by default...
-* Semi-anonymous
\ No newline at end of file
diff --git a/pages/help/vpn/en.text b/pages/help/vpn/en.text
index 45f5fdd..00653a9 100644
--- a/pages/help/vpn/en.text
+++ b/pages/help/vpn/en.text
@@ -1,6 +1,8 @@
-@title = 'VPN'
+@nav_title = 'VPN'
+@title = 'Bitmask VPN'
+@this.toc = false
 
-h2. What is Bitmask VPN?
+h1. What is Bitmask VPN?
 
 By using the Bitmask VPN, you are able to securely route all your internet traffic through the server of your choice.
 
@@ -11,10 +13,5 @@ For more information, see:
 * [[Benefits of using Encrypted Internet => benefits]]
 * [[Limitations of Encrypted Internet => limitations]]
 
-h2. How do I use it?
-
-* [[Android => vpn/android]]
-* [[Linux => vpn/linux]]
-* [[Mac => vpn/mac]]
-* [[Windows => vpn/windows]]
+<%= child_summaries :include_toc => true, :heading => 1 %>
 
diff --git a/pages/help/vpn/faq/en.text b/pages/help/vpn/faq/en.text
deleted file mode 100644
index 708965f..0000000
--- a/pages/help/vpn/faq/en.text
+++ /dev/null
@@ -1,36 +0,0 @@
-@nav_title = "FAQ"
-@title = "Riseup's Encrypted Internet Proxy FAQ"
-@summary = "Frequently Asked Questions and their Answers"
-
-h2. What happened with the old RiseupVPN?
-
-The main issue with the RiseupVPN system was that it was not user friendly, resulting in several people with massive headaches when they tried to set it up, or when trying to fix it when it didn't work. Encryption needs to be easy, not something  that is easy to screw up! We are switching to a new service powered by LEAP that comes with a brand new client that provides hassle-free configuration and a enchanced level of security on Linux and Android (with Windows and OSX in the works). We are calling this new service Riseup's EIP.
-
-h2. What does EIP mean?
-
-EIP stands for Encrypted Internet Proxy, some people might know it as a VPN. It is a tool that provides censorship circumvention, location anonymization and traffic encryption to activists around the globe. Using the Bitmask client, you will encrypt all your internet traffic and send it through riseup.net servers where it then goes to the public internet. Just like the old VPN does, but with an easy and accessible client.
-
-This is an integral part of the Riseup's next generation of anti-surveillance services powered by the LEAP Encryption Access Project.
-
-h2. What's LEAP?
-
-LEAP is a project focused to make encryption easy to use and widely avaiable but not compromissing it's security. Adapting existing technologies, LEAP creates tools that let you excercise the right to digitally whisper, as a fundamental precondition for a free society.
-
-h2. What's the status of the Riseup's EIP?
-
-We are currently in a beta period, this means we are looking for possible issues so we can fix them! Can you give us a hand with that? Because it is a beta, there are a couple things you need to know:
-    
-    * You will not be able to use your riseup account username during this period. Please create a new one. Later you will be able to migrate your current account to a LEAP powered one.
-    * You need to suscribe to a low volume mailing list to receive important news about the service, as we will notify you of changes important changes you need to take care. Please do at https://lists.riseup.net/riseup-leap-beta
-
-h2. What systems are supported?
-
-The Bitmask client runs on linux (as a package on Debian and Ubuntu and as a bundle for other distributions), Mac OSX and Android. Please check the Setup intructions for those systems
-
-h2. Where do I send the bugs I found?
-
-Please file an issue under your account at https://black.riseup.net
-
-h2. Can I invite all my friends to use Riseup's EIP Beta?
-
-We are running a semi-closed beta period to check things out, find issues and to solve them. You are part of a special secret group, please keep it that way :)
diff --git a/pages/help/vpn/limitations/en.text b/pages/help/vpn/limitations/en.text
deleted file mode 100644
index 146a343..0000000
--- a/pages/help/vpn/limitations/en.text
+++ /dev/null
@@ -1,74 +0,0 @@
-@title = "Limitations of EIP"
-@nav_title = "Limitations"
-
-To understand the limitations of *Encrypted Internet Proxy*, let us first look at the different types of security and how EIP works.
-
-h2. Types of security
-
-<table class="table table-striped">
-<tr>
-  <th style="width: 10em">Type of security</th>
-  <th>What is it?</th>
-</tr>
-<tr>
-  <td>Human Security</td>
-  <td>Human behavior that keeps you safe and out of harms way.</td>
-</tr>
-<tr>
-  <td>Device Security</td>
-  <td>The integrity of your computing devices to be free from hardware or software modifications that steal your information.</td>
-</tr>
-<tr>
-  <td>Message Security</td>
-  <td>The confidentiality of messages you send and receive, and the pattern of your associations.</td>
-</tr>
-<tr>
-  <td>Network Security</td>
-  <td>Protection of your internet traffic against behavioral tracking, account hijacking, censorship, eavesdropping, and advertising.</td>
-</tr>
-</table>
-
-An *Encrypted Internet Proxy* only applies to *Network Security*. For example, it cannot improve your behavior, protect your device against viruses, or ensure your messages are end-to-end encrypted.
-
-h2. How it works
-
-h3. A normal internet connection
-
-!vpn-01_large.png!
-
-In a normal internet connection, all your traffic is routed from your computer through your ISP (Internet Service Provider) and out onto the internet and finally to its destinate. At every step of the way, your data is being recorded and is vulnerable to eavesdropping or man-in-the-middle attacks.
-
-h3. An internet connection with EIP
-
-!vpn-02_large.png!
-
-With an EIP, your traffic is encrypted on your computer, passes through your ISP and on to your EIP provider. Because the data is encrypted, your ISP has no knowledge of what is in your data that they relay on to your EIP provider. Once your data reaches the EIP provider, it is decrypted and forwarded on to its final destination.
-
-With the *Encrypted Internet Proxy*, if your data is not using a secure connections then it is still vulnerable from the point it leaves the EIP Gateway. However, by routing your data through the EIP provider, you have acheived two important advantages:
-
-* Your data is protected from blocking, tracking, or man-in-the-middle attacks conducted by your ISP or network operators in your local country.
-* Your data now appears to use the IP address of the EIP provider, and not your real IP address. Most websites gather and retain extensive data base on this IP address, which has now been anonymized.
-
-h3. EIP anonymizes your connection
-
-!vpn-03_large.png!
-
-Because your traffic appears to originate from the EIP provider, the recipient of your network communication does not know where you actually reside (unless, of course, you tell them). Also, your traffic has been mixed together with the traffic of hundreds or even thousands of other people.
-
-In the case illustrated above, the website in California thinks that the laptop in Brazil, the laptop in Europe, and the giant cellphone floating over Canada are all coming from New York, because that is where the EIP provider is.
-
-h2. Limitations of EIP
-
-* *Legality*: If you live in an non-democratic state, it may be illegal to use an EIP or personal VPN to access the internet that has not been approved by the government.
-
-* *Mobile network*: Using an EIP on your mobile device will secure your data connection, but the telephone company will still know your location by recording which towers your device communicates with.
-
-* *An insecure connection is still insecure*: Although Bitmask will anonymize your location and protect you from surveillance from your ISP, once your data is securely routed through through your provider it will go out on the internet as it normally would. This means you should still use TLS when available (ie. https, imaps, etc).
-
-* *EIP only applies to network security*: Using an EIP will not protect your communication if your computer is already compromised with software or hardware that is stealing your personal information. Also, if you give personal information to a website, there is little that an EIP can do to maintain your anonymity with that website or its partners.
-
-* *Browser fingerprints*: Every web browser effectively has a fingerprint that can uniquely identify your web traffic from everyone else. Although websites rely on cookies for tracking, a powerful network observer could use the uniqueness of your browser in order to de-anonymize your traffic.
-
-* *The internet might get slower*: the Bitmask EIP routes all your traffic through an encrypted connection to your provider of choice before it goes out onto the normal internet. This extra step can slow things down. To minimize the slowdown, try to choose a EIP gateway server close to where you actually live.
-
-* *Anonymous proxies*: There are some websites that block access from "Anonymous Proxies". For this reason, depending on which EIP gateway you are using, your traffic might be blocked.
\ No newline at end of file
diff --git a/pages/help/vpn/limitations/vpn-01_large.png b/pages/help/vpn/limitations/vpn-01_large.png
deleted file mode 100644
index 64bad2a..0000000
--- a/pages/help/vpn/limitations/vpn-01_large.png
+++ /dev/null
diff --git a/pages/help/vpn/limitations/vpn-02_large.png b/pages/help/vpn/limitations/vpn-02_large.png
deleted file mode 100644
index a2d5355..0000000
--- a/pages/help/vpn/limitations/vpn-02_large.png
+++ /dev/null
diff --git a/pages/help/vpn/limitations/vpn-03_large.png b/pages/help/vpn/limitations/vpn-03_large.png
deleted file mode 100644
index 6bfb62a..0000000
--- a/pages/help/vpn/limitations/vpn-03_large.png
+++ /dev/null
diff --git a/pages/help/vpn/linux/en.text b/pages/help/vpn/linux/en.text
index 31a4675..ccfa69e 100644
--- a/pages/help/vpn/linux/en.text
+++ b/pages/help/vpn/linux/en.text
@@ -1,4 +1,50 @@
-@title = 'Encrypted Internet on Linux'
-@nav_title = "Linux Usage"
+@title = 'VPN on Linux'
+@nav_title = 'Linux'
+@summary = 'Using Bitmask VPN on Linux devices'
+
+h2. VPN States
+
+The current state of the VPN connection is displayed in the system tray:
+
+*(desktop-off) VPN is *off*. No traffic is encrypted.
+** If the VPN was previously on, then all traffic is blocked until the VPN is turned back on.
+** Hit <button>Turn OFF</button> if you want to restore normal unencrypted network access.
+*(desktop-wait) VPN is *waiting* to connect or to reconnect after the loss of network access.
+** All traffic is blocked until the VPN connects.
+** Hit <button>Cancel</button> if you want to restore normal network access.
+*(desktop-on) VPN is *connected*, all traffic is securely routed to the provider.
+
+h2. Logging In
+
+When you first run the Bitmask VPN, you will need to log in to authenticate with your provider. Subsequently, you will be able to run the VPN without logging in.
+
+Once in a while, Bitmask may require that you login again in order to refresh the credentials used when the VPN is connecting. The default time between required log ins is one month, although your provider may be configured differently.
+
+h2. Troubleshooting
+
+h3. DNS
+
+Domain Name Service (DNS) is the system that allows your computer to resolve domain names like "bitmask.net" to find the real internet address of the appropriate computer. Unfortunately, DNS has many problems:
+
+# Most DNS is very insecure, and an attacker can easily forge DNS responses in order to send you to an incorrect server.
+# DNS doesn't use secure connections, so an eavesdropper can easily record a history of what internet sites you visit.
+# Most DNS servers also keep a historical log of all the sites you visit.
+
+For these reasons, Bitmask will ensure that all DNS requests that your computer makes are rerouted to the DNS server of the provider.
+
+This means that you will not be able to make a DNS request to any other DNS server, even if you want to. For example, the command @host bitmask.net 8.8.8.8@ will not use the nameserver 8.8.8.8 to resolve the name bitmask.net, because the request will get rewritten to use the DNS server of your provider.
+
+You will also not be able to run a local nameserver that attempts to connect directly to the root DNS zone. The packages @bind9@ or @unbound@ are configured this way by default. These requests will get rewritten to the provider's DNS server and will fail. Bitmask is compatible with @dnsmasq@ however.
+
+If you wish to disable this behavior for debugging purposes, you can run the command @sudo bitmask-root firewall stop@ although doing so may allow some traffic to bypass the VPN and escape your computer unencrypted.
+
+h3. Break glass in case of emergency
+
+In rare cases, your computer might get stuck in a mode that blocks all network traffic. Try this:
+
+* You can run @sudo bitmask-root firewall stop@ to remove all the Bitmask firewall rules that prevent traffic from leaking insecurely.
+* If all else fails, you can try logging out or restarting your computer.
+
+If you encounter a bug, please [[report it => support]].
+
 
-linux usage
\ No newline at end of file
diff --git a/pages/help/vpn/mac/en.text b/pages/help/vpn/mac/en.text
deleted file mode 100644
index 3429d49..0000000
--- a/pages/help/vpn/mac/en.text
+++ /dev/null
@@ -1,4 +0,0 @@
-@title = 'Encrypted Internet on Mac'
-@nav_title = "Mac Usage"
-
-mac usage
\ No newline at end of file
diff --git a/pages/help/vpn/windows/en.text b/pages/help/vpn/windows/en.text
deleted file mode 100644
index d3b1206..0000000
--- a/pages/help/vpn/windows/en.text
+++ /dev/null
@@ -1,4 +0,0 @@
-@title = 'Encrypted Internet on Windows'
-@nav_title = "Windows Usage"
-
-windows usage
\ No newline at end of file