pages/02.tutorials/02.Cloud/02.Settings/docs.en.md

@@ -15,176 +15,243 @@ page-toc:
 ---
 
 # Settings
-Here is where we will find and manage our personal and cloud settings.
+As it was mentioned in the previous chapter, to access our settings we just click on our profile picture on the top right corner and choose **"Settings"** *(if we did not set a picture yet, we will see a round avatar with the first letter of your username inside)*.
 
-  ![](en/settings.png)
+  ![](en/settings.menu.gif)
 
-# Personal Settings
+Here is where we can manage our personal and cloud settings.
 
-Click on your profile picture on the top right corner and choose **"Settings"** *(if you didn't set a picture yet, you'll see a round avatar with the first letter of your username inside)*.
+  ![](en/settings.png?lightbox)
 
-  ![](en/settings.gif)
-
-## Personal Info
-This is the place where you can add information about yourself, which then you can choose to share with others.
-
-  ![](en/personal.png)
-
-### 1. Profile picture
-By clicking the "user" icon ![](en/user_icon.png) (right next to the information title) you can set the privacy level you want to assign to it. By default, your profile picture, full name and email are set to be visible only to the local users and the servers you trust.
-
-![](en/privacy_setting.gif)
-
-Depending on the information, the levels you can choose are:
-
-  - **Private**: You are the only person that can see this information
-
-  - **Local**: The information will be visible to other **Disroot Cloud** users (only if they know your username)
-
-  - **Contacts**: Besides other **Disroot Cloud** users, the information will be shared with users on other **Nextcloud** instances when you share data or files with them.
-
-  - **Public**: The information will be sent to a global address book (which means it can be viewed by anyone)
+Let's start with our **Personal info**.
 
 
-!!**NOTE:**
-!! You should pay extra attention when filling up this information *(which is optional)* and decide how much information about yourself you want to share and reveal to others.
+# Personal Info
+Here we can add information about ourselves, which then we can choose to share or not with others.
 
-### 2. Details
-Below the profile picture you can see:
+  ![](en/personal.info.png)
+
+We can identify three "sections".
+
+## 1. The profile section
+In this section we can:
+- change our **Profile picture** by uploading an image or selecting one from our files in the cloud;
+
+  ![](en/profile.pic.gif)
+
+- enable/disable our **Profile** which is a page that contains certain information we choose to share. When enabled, access to our profile appears in the user menu;
+
+  ![](en/view.profile.png)
+
+- see our cloud account **Details** which are
 
   ![](en/details.png)
 
-  - **the groups** you belong to (if any). By default, **Disroot** accounts are not associated with any group,
-  - **the quota** of storage space you are using.
+  - **the groups** we belong to (if any), by default, **Disroot** accounts are not associated with any group, and
+  - **the quota** of storage space we are using.
 
-### 3. User and contact information
-Your full name and email are taken from your **Disroot** account settings. To learn how to change this information, please check [this tutorial](/tutorials/user/account/administration/profile).
+Now, you may have noticed that right next to the title, in this case of the **Profile picture**, there is a user icon. By clicking on it we can set the privacy scope we want to assign to this particular information.
 
-![](en/info.png)
+  ![](en/privacy.scope.png)
 
-### 4. Language
-Usually, the Cloud will automatically detect the **Language** and the **Locale** (which defines how dates and other formats are displayed) but if it does not, you can select the language of your choice from the dropdown menues.
+And depending on the information, the scopes we can choose are:
+
+  - **Private**: this means it will be only visible to us;
+
+  - **Local**: only visible to other **Disroot Cloud** users;
+
+  - **Federated**: besides other **Disroot Cloud** users, the information will be seen by other **Nextcloud** trusted instances (those added by our cloud administrators); and
+
+  - **Published**: the information can be viewed by anyone.
 
 
-![](en/settings_language.png)
+## 2. The user and contact information section
+Except for our full name and email (which are taken from our **Disroot** account settings), we can fill in or modify the rest of the information fields.
+
+*To learn how to change our full name, we can check [**this tutorial**](/tutorials/user/account/administration/profile).*
+
+  ![](en/user.info.png)
+
+In this section we can also change our **Language** and the **Locale** (which defines how dates and other formats are displayed).
+
+## 3. The profile visibility
+To finish with our profile settings we have the third and last section, **the profile visibility**.
+
+![](en/profile.visibility.png)
+
+In the previous section we have a number of personal information that we can complete and share (or not) and on which we set a privacy parameter that we call "scope".
+
+In this section, we can decide the visibility of that information in our profile.
+
+![](en/visibility.info.png)
+
+We have to keep in mind that if we set certain information as "private", for example, and its visibility as "show to everyone", the most restrictive rule is the one that will take precedence, in this case, the first one.
+
+All right, let's continue.
+
+---
 
------
 # Security
-Security is the place where you can review, set (additional) and revoke security settings.
+**Security** is the place where we can review, set and revoke security settings as well as add new ones.
 
-![](en/security.png)
+![](en/security.png?lightbox)
+
+But before we can change anything we need two things:
+
+!! **1. pay close attention to what we are enabling or modifying**, and  
+!! **2. to fully understand how some features such as two-factor authentication work**,  
+!! **otherwise we may end up losing our files.**
 
 ## Two-Factor Authentication
 
-**Two-factor authentication (2FA)** is a security process that has a two steps verification, usually, the combination of two factors:<br>
-  - 1: something you know (like a password),<br>
-  - 2: something you have (could be a security token, a card, a QR code, etc.) or<br>
-  - 3: something you are (like your fingerprint).<br>
+![](en/2fa.png?lightbox)
 
-**An example of how it works**: _when you go to an ATM to extract money you need to use your bank card (something you have) and a PIN (something you know). If the combination fails, you can't extract the money._
+The **two-factor authentication (2FA)** is a security process that has a two steps verification, usually the combination of two factors (hence the name):
 
-Two-factor authentication can be used if you want have a more secure login (you can read more about it [here](https://en.wikipedia.org/wiki/Multi-factor_authentication)). When enabled, you will be asked not only for your login name and password, but also for an extra authentication like a one-time-password (OTP) or verification via a hardware device.<br>
+  - 1: something **we know** (like a password),
 
-### Two-factor backup codes
+  - 2: something **we have** (could be a security token, a card, a QR code, etc.) or
 
-![](en/2fa_bup.png)
+  - 3: something **we are** (like our fingerprint).
 
-It's highly advisable to download backup codes when you have enabled two-factor. If, for some reason, your OTP app doesn't work (*you lost your phone!*), you still be able to login. You should keep these backup codes in a safe place (*not your phone!*). Each code allows you to login once. Then, when you are in, you can reconfigure you OTP or disable two-factor.
+!!! Let's take a an everyday example of its use to understand how it works:
+!!! - when we go to an ATM to extract money, we need to use our bank card (something **we have**) and a PIN (something **we know**). If the combination fails, we cannot extract the money.
 
-### TOTP and U2F
+The two-factor authentication can be used if we want have a more secure login. When enabled, we will be asked not only for our login name and password, but also for an extra authentication like a one-time-password (OTP) or verification via a hardware device.
 
-![](en/2fa.png)
+So first we will need a software to generate the temporary codes that we will be asked for after entering our password.
 
-**Disroot** offers two types of two-factor authentication:
+Examples of these programs are:
+- [Aegis Authenticator (Android)](https://f-droid.org/en/packages/com.beemdevelopment.aegis/)
+- [FreeOTP (Android)](https://f-droid.org/en/packages/org.fedorahosted.freeotp/)
+- [FreeOTP+ (Android)](https://f-droid.org/en/packages/org.liberty.android.freeotpplus/)
+- [KeePassXC (desktop)](https://keepassxc.org/download/)
 
-- **TOTP (Time-based One-Time-Password)**: You can install and run an app on your phone that generates a time based password. Some open source authenticators are [andOTP](https://f-droid.org/en/packages/org.shadowice.flocke.andotp/) and [FreeOTP](https://f-droid.org/en/packages/org.liberty.android.freeotpplus/).
+### Enabling 2FA
 
-  ![](en/totp_auth.png)
+![](en/2fa.gif)
 
-- **U2F (Universal 2nd Factor)**: U2F uses a hardware device like the [USB key by Yubico](https://en.wikipedia.org/wiki/YubiKey). You plug the device into your laptop and press the device button to authorize or you just tap the U2F device (NFC-enabled is required). After adding it, the browser will communicate with the U2F device to authorize you to log in.
+1. We enable TOTP (Time-based One-Time Password)
+2. Enter our Disroot password (if requested)
+3. We will get a TOTP secret (to manually configure a TOTP application) and a QR code to scan with a mobile app.
+4. In our application we generate the code and then fill in with it the verification field.
+
+If all goes well, the we will see that TOTP is enabled.
+
+![](en/2fa.enabled.png)
+
+### 2FA Backup codes
+Next step is to generate backup codes. These codes are useful in case, for some reason, our TOTP application does not work (e.g. we lost our phone). With them we can still log in again.
+
+![](en/2fa.backup.gif)
+
+So once generated we should keep them in a safe place (certainly, not in our phone!).
+
+Each code allows us to login once. Then, when we are in, we can reconfigure our OTP or disable the two-factor authentication.
+
+Once enabled 2FA, every time we log in to the cloud we will be asked for
+1. our Disroot credentials and
+
+2. the temporary authentication code.
+
+![](en/2fa.login.png)
+
+
+## Security key
+
+![](en/2fa.security.keys.png)
+
+Besides the TOTP (Time-based One-Time-Password) method we have just seen, **Disroot** offers another one based on hardware tokens like USB keys.
 
   ![](en/u2f.png)
 
+The **U2F (Universal 2nd Factor)** is an open standard that simplifies 2FA by using a hardware device like the USB [YubiKey](https://en.wikipedia.org/wiki/YubiKey).
+
+All we need to do is plug the device into our computer or laptop and press the device button to authorize it. After adding it, the browser will communicate with the U2F device to authorize us to log in.
+
+A similar mechanics applies to **Passwordless Authentication**.
+
+![](en/webauthn.png)
+
+**WebAuthn** is a standard web API that enables users to sign in with a cryptographic key pair.
+
+**How it works?**
+
+- our client device creates a key pair—keeping the private key on the device and registering the public key with the cloud;
+- the client device authenticates us by proving possession of the private key to the service by signing a challenge (such as scanning a finger, entering a PIN, or pressing a button);
+- when we go to log in, we unlock the FIDO authenticator following the same method as when we registered it;
+- the device selects the correct key and signs the service’s challenge based on our account identifier;
+- the service verifies the signed challenge with the stored public key and signs in us.
+
 ## Basic encryption module
 
-![](en/b_e_module.png)
+![](en/basic.encrypt.png)
 
-Here you can decide whether or not an administrator will be able to recover your files in case you lose your password. This option is disabled by default as it enables admins of **Disroot** to decrypt and view your files.
+Here we can decide whether or not an administrator will be able to recover our files in case we lose our password.
 
+Although here at **Disroot** we are very respectful of people's privacy and we are committed to it, the whole thing, of course, comes down to a matter of trust.
 
-!! ![](en/note.png)<br>
-!! **Enabling this option after your password was lost will not recover your files!** You must make this decision beforehand. **We strongly encourage you keep your password stored in a safe place.** This is the best way to keep your files and your account safe. We really don't want to have access to it.
+This option is disabled by default as it enables admins of **Disroot** to decrypt our files. So it is our choice to enable it or not but it also increases our level of accountability in managing and caring our credentials.
 
+!! **Enabling this option after our password was lost will not recover our files!** !! We must make this decision beforehand.
+!! **Disroot strongly encourage us keep our password stored in a safe place.** This is the best and only way to keep our files and account safe. We really do not want to have access to it.
 
-## Inavlid private key for encryption app
+## Invalid private key for encryption app
 
-![](en/invalid_encrypt.png)
+![](en/invalid.encrypt.key.png)
 
-If you receive a message like this when you log in to the cloud, it is because you have probably changed your password recently. Since **Nextcloud** uses the user password to generate the encryption keys, it’s necessary to regenerate them from your new password. To do so, you must:
-
-  - Go to the Settings menu and then to **Security**...
-
-  ![](en/setting_menu.png)
-
-  - scroll down to the **Basic encryption module**...
-
-  ![](en/invalid_encrypt_bem.png)
-
-  - type in your old password, then the new one...
-
-  ![](en/invalid_encrypt_bem_pass.png)
+If we receive a message like this when we log in to the cloud, it is because we have probably changed our password recently. Since **Nextcloud** uses our user password to generate the encryption keys, it is necessary to regenerate them from our new password. To do so, we must:
 
+  - go to the Settings menu and then to **Security**;
+  - scroll down to the **Basic encryption module**;
+  - type in our old password, then the new one;
   - click **Update Private Key Password**
 
-  ![](en/invalid_encrypt_bem_pass_2.png)
+![](en/invalid.mp4?resize=1024,492&loop)
 
-After login out and back into the Cloud again you should see your files and the message should have disappeared.
+After login out and back into the Cloud again we should see our files and the message should have disappeared.
 
-!! ![](en/note.png)<br>
-!! If you don't remember your old password, it's still possible to reset the account but **it won't be possible to recover any files on the cloud as they are encrypted with the old key**. What you have to do is to remove all files from the Cloud (this does not include calendars, contacts, etc., just files), and to contact us (support@disroot.org). We will then proceed wiping the key so the new key pair based on your current password can be re-generated automatically upon new login.
+!! If we do not remember our old password, it is still possible to reset the account but **it will not be possible to recover any files on the cloud as they are encrypted with the old key**. What we have to do is to remove all files from the Cloud (this does not include calendars, contacts, etc., only files), and to contact Disroot support (support@disroot.org). Admins will then proceed wiping the key so the new key pair based on our current password can be re-generated automatically upon new login.
 
 
 ## Devices & sessions
 
 ![](en/devices.png)
 
-Here you can see how many devices are currently connected to your account. If you don't recognize one connected device, it might mean your account has been compromised and you should proceed to change your password.
+Here we can see how many devices are currently connected to our account. If we do not recognize one connected device, it might mean our account has been compromised and we should proceed to change our password.
 
-
-!! ![](en/note.png)<br>
-!! Keep in mind that every browser, mobile, computer, etc., will be shown as separate devices each time you change your network, for example. So don't freak out at first. Just seriously double check everything, before you go full on paranoid mode.
+!! We need to keep in mind that every browser, mobile, computer, etc., will be shown as separate devices each time we change our network, for example. So we do not have to freak out at first. We just seriously double check everything, before we go full on paranoid mode.
 
 ### App password
 
-![](en/app_pass.png)
+![](en/app.pass.png)
 
-When Two-Factor Authentication is enabled, third party applications (like your email, notes or news clients) won't be able to login your account with your user credentials only. For those devices you can create a specific password for the app.
+When two-Factor authentication is enabled, third party applications (like our email or notes clients) will not be able to login our account with our user credentials only. For those devices we can create a specific password for the app.
 
 ----
 
-# Activity
+# Notifications
 
-![](en/activity.png)
+![](en/notifications.png?lightbox)
+
+Here we can configure whether we want to be notified or not and how when certain actions or activities take place. The configurations in this section are quite simple and straightforward.
 
-In the Activity section you can choose how do you want to be informed about what's happening on your cloud. You can get email notifications, being notified in the **Activity** stream or even not being notified at all. If you choose to get email notifications, you can set the frecuency from "**As soon as posible** to **Hourly**, **Daily** or **Weekly**.
 
-----
 # External storages
 
-![](en/external.png)
+![](en/external.storage.png)
 
-The external storage application allows you to mount external storage services and/or devices as secondary **Nextcloud** storage devices.
+The external storage application allows us to mount external storage services and/or devices as secondary **Nextcloud** storage devices.
 
 ## Configuring an external storage
 
-Select an available external storage option and then an authentication method.
-
+First we need to create a folder in our Files where the external storage will be mounted. Then select an available option and then an authentication method.
 
 ![](en/external_storage_auth.gif)
 
 - **Username and password**: it requires a manually-defined username and password. These get passed directly to the backend and are specified during the setup of the mount point.
 
-- **Log-in credentials, save in session**: it uses your **Cloud** login credentials to connect to the storage. These are not stored anywhere on the server, but rather in the user session, giving increased security. Although sharing is disabled when using this method, since **Nextcloud** has no access to the storage credentials.
+- **Log-in credentials, save in session**: it uses our **Cloud** login credentials to connect to the storage. These are not stored anywhere on the server, but rather in the user session, giving increased security. Although sharing is disabled when using this method, since **Nextcloud** has no access to the storage credentials.
 
 - **Log-in credentials, save in database**: as the previous method, it uses your login credentials to connect to the storage, but these are stored in the database encrypted. This allows to share files from within this mount point.
 
@@ -209,12 +276,7 @@ Here you'll find shortcuts to the mobile and desktop **Nextcloud** applications.
 ![](en/mobile_app.png)
 
 ----
-# Accesibility
-In this section you can change the default high contrast theme to the dark theme and the default cloud font to the Dyslexia font.
 
-![](en/accessibility.png)
-
-----
 # Sharing
 
 This is the very purpose of **Nextcloud**, to share. Here you can find your **Federated Cloud ID**, your identity in the ecosystem of platforms that use the same or similar software to store and share information.
@@ -238,7 +300,19 @@ By default, you will automatically accept user and/or groups shares. You can dis
 
 ![](en/sharing.png)
 
+
 ----
+# Appeareance and accesibility
+In this section you can change the default high contrast theme to the dark theme and the default cloud font to the Dyslexia font.
+
+![](en/accessibility.png)
+
+---
+
+# Availability
+
+---
+
 # Flow
 
 Flow is an application that aims to help users automate tasks. For example, if you are working in a group on a document, you can set up a flow that sends a notification to your team's chat room when someone changes, creates or uploads files in a specific folder.
@@ -260,6 +334,7 @@ Suppose you create a document that requires the participation of others and for
 ![](en/flow_chat_3.png)
 
 ----
+
 # Privacy
 
 This section is merely informative. Here you can find the **Nextcloud** User Data Manifesto...
@@ -276,14 +351,12 @@ This section is merely informative. Here you can find the **Nextcloud** User Dat
 
 
 ----
-# App order
+
+# Custom menu
 
 Here you can check/uncheck the applications you want to appear on the top bar and change the order by dragging them to the position you want.
 
 ![](en/app_order.gif)
+
 ------
-# Additional settings
-
-This app prevents the **Nextcloud** sync clients from uploading files with known ransomware file endings, though it does not help in case the server is infected directly by a ransomware nor guarantee that your files can not be affected by another way.
-
-![](en/additional.png)
+# Connected accounts