Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

-awesome-privacy-tips

https://github.com/qaisarafridi/-awesome-privacy-tips

here
Personal Security Checklist
Bitwarden - featured, open source password manager with cloud-sync. Bitwarden is easy-to-use with a clean UI and client apps for desktop, web and mobile. See also [Vaultwarden](https://github.com/dani-garcia/vaultwarden), a self-hosted, Rust implementation of the Bitwarden server and compatible with [upstream Bitwarden clients](https://bitwarden.com/download/).
KeePass - sync baked in, deemed to be [gold standard](https://keepass.info/ratings.html) for secure password managers. KeePass clients: [Strongbox](https://apps.apple.com/us/app/strongbox-keepass-pwsafe/id897283731) *(Mac & iOS)*, [KeePassDX](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.free) *(Android)*, [KeeWeb](https://keeweb.info) *(Web-based/ self-hosted)*, [KeePassXC](https://keepassxc.org) *(Windows, Mac & Linux)*, see more KeePass clients and extensions at [awesome-keepass](https://github.com/lgg/awesome-keepass) by @lgg.
LessPass - Hosted)* | LessPass is a little different, since it generates your passwords using a hash of the website name, your username and a single main-passphrase that you reuse. It omits the need for you to ever need to store or sync your passwords. They have apps for all the common platforms and a CLI, but you can also self-host it.
Padloc - host it as well.
Password Safe
PassBolt - hosted, extensible and OpenPGP based. It is specifically good for development and DevOps useage, with integrations for the terminal, browser and chat, and can be easily extended for custom usage, and deployed quickly with Docker
1Password - featured cross-platform password manager with sync. Free for self-hosted data (or $3/ month hosted). Be aware that 1Password is not fully open source, but they do regularly publish results of their independent [security audits](https://support.1password.com/security-assessments), and they have a solid reputation for transparently disclosing and fixing vulnerabilities
Buttercup
Firefox Lockwise
Password Management Checklist
Aegis
Authenticator Pro - source two factor authentication app for Android. It features encrypted backups, icons, categories and a high level of customisation. It also has a Wear OS companion app
Tofu - to-use, open-source two-factor authentication app designed specifically for iOS
Authenticator - FA Client for iOS, which never connects to the internet - built by @mattrubin.me
Raivo OTP - time-password (OTP) client built for iOS; Raivo OTP! - built by @tijme
WinAuth - users. It's open source and well-established (since mid-2010)
Authenticator - based OTP authenticator. Has native With GNOME Shell integration. Also available through [flathub](https://flathub.org/apps/details/com.belmoussaoui.Authenticator).
Authenticator - browser One-Time Password (OTP) client, supports both Time-Based One-Time Password (TOTP, specified in [RFC 6238](https://tools.ietf.org/html/rfc6238) and HMAC-Based One-Time Password (HOTP, specified in [RFC 4226](https://tools.ietf.org/html/rfc4226).
2fa.directory
OTPClient - Hosted, Web-based)*, [Etopa](https://play.google.com/store/apps/details?id=de.ltheinrich.etopa) *(Android)*
TrayTop - offline and compatible with Windows, Mac and Linux.
Authy
2FA Security Checklist
VeraCrypt - platform disk encryption software. You can use it to either encrypt a specific file or directory, or an entire disk or partition. VeraCrypt is incredibly feature-rich, with comprehensive encryption options, yet the GUI makes it easy to use. It has a CLI version, and a portable edition. VeraCrypt is the successor of (the now deprecated) TrueCrypt.
Cryptomator - side encryption for cloud files - Cryptomator is geared towards using alongside cloud-backup solutions, and hence preserves individual file structure, so that they can be uploaded. It too is easy to use, but has fewer technical customizations for how the data is encrypted, compared with VeraCrypt. Cryptomator works on Windows, Linux and Mac - but also has excellent mobile apps.
age - style composability
AES Crypt - weight and easy file encryption utility. It includes applications for Windows, Mac OS, BSD and Linux, all of which can be interacted with either through the GUI, CLI or programatically though an API (available for Java, C, C# and Python). Although it is well established, with an overall positive reputation, there have been some [security issues](https://www.reddit.com/r/privacytoolsIO/comments/b7riov/aes_crypt_security_audit_1_serious_issue_found/) raised recently.
CryptSetup - crypt](https://wiki.archlinux.org/index.php/Dm-crypt). [EncFS](https://www.arg0.net/encfs) is a cross-platform file-based encryption module, for use within user local directories. [geli](https://www.freebsd.org/cgi/man.cgi?query=geli&sektion=8) is a disk encryption subsystem included with FreeBSD.
BitLocker - not-bitlocker/), which could lead to your system being compromised. Similarly, Apple's [FileVault](https://support.apple.com/en-us/HT204837) on MacOS is easy and secure, but again, the source code is proprietary.
DiskCryptor - only, open source, file and volume encryption solution, that makes a good alternative to BitLocker.
PeaZip - platform open source file archiver utility. It allows you to create, open, and extract RAR TAR ZIP archives. It also has a [password-protection feature](https://peazip.github.io/peazip-password.html), which encrypts compressed files using AES-256, which is also compatible with most other archive utilities
LibreWolf
Brave Browser - it provides speed, security, and privacy by blocking trackers with a clean, yet fully-featured UI. It also pays you in [BAT tokens](https://basicattentiontoken.org/) for using it. Brave also has Tor built-in, when you open up a private tab/ window.
Firefox - privacy/) or [12Bytes](https://12bytes.org/7750)
Tor Browser - impossible for you to be tracked by your ISP/ provider. It does make every-day browsing a little slower, and some sites may not work correctly. As with everything there are [trade-offs](https://github.com/Lissy93/personal-security-checklist/issues/19)
Bromite - respecting fork of Chromium for Android. Comes with built-in adblock and additional settings for hardening.
Mull - Fenix (Android), [Firefox Focus](https://support.mozilla.org/en-US/kb/focus) (Android/ iOS), [DuckDuckGo Browser](https://help.duckduckgo.com/duckduckgo-help-pages/mobile/ios/) (Android/ iOS), [Orbot](https://guardianproject.info/apps/orbot/) + [Tor](https://www.torproject.org/download/#android) (Android), [Onion Browser](https://onionbrowser.com/) (iOS)
Nyxt - project.org/), [Ungoogled-Chromium](https://github.com/Eloston/ungoogled-chromium), [Basilisk Browser](https://www.basilisk-browser.org/) and [IceCat](https://www.gnu.org/software/gnuzilla/)
extensions
Firefox Configuration for Privacy and Performance
Browser & Search Security Checklist - extensions) for privacy & security.
DuckDuckGo - friendly, fast and secure search engine. It's totally private, with no trackers, cookies or ads. It's also highly customisable, with dark-mode, many languages and features. They even have a [.onion](https://3g2upl4pq6kufc4m.onion) URL, for use with Tor and a [no Javascript version](https://duckduckgo.com/html/)
Qwant - party advertising. It returns non-biased search results, with no promotions. Qwant has a unique, but nice UI.
Startpage
MetaGear
Searx
privacy-respecting search engines
Browser & Search Security Checklist
Signal - to-use, functioning similar to WhatsApp - with instant messaging, read-receipts, support for media attachments and allows for high-quality voice and video calls. It's cross-platform, open-source and totally free. Signal is [recommended](https://twitter.com/Snowden/status/661313394906161152) by Edward Snowden, and is a perfect solution for most users
Session
XMPP - to-end encryption](https://en.wikipedia.org/wiki/OMEMO), which is based on the [Double Ratchet Algorithm](https://en.wikipedia.org/wiki/Double_Ratchet_Algorithm) that is used in Signal. For more hands-on information and to register an account you can visit [JoinJabber](https://joinjabber.org). Below you can find a list of OMEMO-enabled clients for all the major platforms.<br><br><table><thead><tr><th>Program</th><th>Linux</th><th>MacOS</th><th>Windows</th><th>Android</th><th>iOS</th></tr></thead><tbody><tr><td><a href="https://gajim.org">Gajim</a> (<a href="https://gajim.org/download/#install-instructions">OMEMO plugin</a>)</td><td>✓</td><td><a href="https://dev.gajim.org/gajim/gajim/-/wikis/help/Gajim-on-macOS">~</a></td><td>✓</td><td></td><td></td></tr><tr><td><a href="https://dino.im">Dino</a> ✆</td><td>✓</td><td></td><td><a href="https://github.com/LAGonauta/dino/releases">✓</a></td><td></td><td></td></tr><tr><td><a href="https://conversations.im">Conversations</a> / <a href="https://blabber.im">Blabber</a> ✆</td><td></td><td></td><td></td><td>✓</td><td></td></tr><tr><td><a href="https://monal-im.org">Monal IM</a></td><td></td><td>✓</td><td></td><td></td><td>✓</td></tr><tr><td><a href="https://beagle.im">Beagle IM</a> / <a href="https://siskin.im">Siskin IM</a> ✆</td><td></td><td>✓</td><td></td><td></td><td>✓</td></tr></tbody></table>
Matrix
Surespot - messenger)s been removed from the list, since development has halted.
OpenPGP
not easy - bit key IDs](https://evil32.com/) - they are too short to be secure. There have also been vulnerabilities found in the OpenPGP and S/MIME, defined in [EFAIL](https://efail.de/), so although it still considered secure for general purpose use, for general chat, it may be better to use an encrypted messaging or email app instead.
Telegram - and-solutions/silent-phone/) and [Viber](https://www.viber.com/), to name a few - these apps should not be used to communicate any sensitive data. [Wire](https://wire.com/) has also been removed, due to a [recent acquisition](https://blog.privacytools.io/delisting-wire/)
Peer-to-Peer - down or forced to turn over data. There are P2P networks available that are open source, E2E encrypted, routed through Tor services, totally anonymous and operate without the collection of metadata.
Session - based network. Session is a desktop and mobile app that uses these private routing protocols to secure messages, media and metadata.
Briar - based Android app for P2P encrypted messaging and forums. Where content is stored securely on your device (not in the cloud). It also allows you to connect directly with nearby contacts, without internet access (using Bluetooth or WiFi).
Ricochet Refresh
Jami - platform GNU client apps. Jami supports audio and video calls, screen sharing, conference hosting and instant messaging.
Tox - see [supported clients](https://tox.chat/clients.html). Clearly documented code and multiple language bindings make it easy for developers to integrate with Tox.
Cwtch - tor-messenger) *(deprecated)*, [TorChat2](https://github.com/prof7bit/TorChat) *(deprecated)*, [Ricochet](https://ricochet.im) *(deprecated)*
Prism Program - to-end encrypted) - this applies to Gmail, Outlook Mail, Yahoo Mail, GMX, ZoHo, iCloud, AOL and more.
good email practices
ProtonMail - source, end-to-end encrypted anonymous email service. ProtonMail has a modern easy-to-use and customizable UI, as well as fast, secure native mobile apps. ProtonMail has all the features that you'd expect from a modern email service and is based on simplicity without sacrificing security. It has a free plan or a premium option for using custom domains (starting at $5/month). ProtonMail requires no personally identifiable information for signup, they have a [.onion](https://protonirockerxow.onion) server, for access via Tor, and they accept anonymous payment: BTC and cash (as well as the normal credit card and PayPal).
Tutanota - featured free plan or a premium subscription for businesses allowing for custom domains ($12/ month).<br>Tutanota [does not use OpenPGP](https://tutanota.com/blog/posts/differences-email-encryption/) like most encrypted mail providers, instead they use a standardized, hybrid method consisting of a symmetrical and an asymmetrical algorithm (with 128 bit AES, and 2048 bit RSA). This causes compatibility issues when communicating with contacts using PGP. But it does allow them to encrypt much more of the header data (body, attachments, subject lines, and sender names etc) which PGP mail providers cannot do
Mailfence - featured free plan, or you can pay for premium, and use a custom domain ($2.50/ month, or $7.50/ month for 5 domains), where Bitcoin, LiteCoin or credit card is accepted
MailBox.org - based, eco-friendly secure mail provider. There is no free plan, the standard service costs €12/year. You can use your own domain, with the option of a [catch-all alias](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain). They provide good account security and email encryption, with OpenPGP, as well as encrypted storage. There is no dedicated app, but it works well with any standard mail client with SSL. There's also currently no anonymous payment option
Skiff - to-end encrypted, open-source, and privacy-first email that also integrates Web3 features such as crypto wallets and decentralized storage. Skiff has a simple and intuitive UI, supports [mobile apps](https://skiff.com/download) on iOS and Android, and requires no personally identifiable information to sign up or create an account. Skiff offers a Pro plan with additional storage space, aliases, custom domains, and more for $8 per month that can be paid using a credit card or with a crypto wallet.
OpenTechFund - Secure Email
Comparison or Private Email Providers - security-checklist/blob/master/README.md#emails)
HushMail
Mail-in-a-box - to-go self-hosted mail options include [Mailu](https://mailu.io/1.7/) and [Mail Cow](https://mailcow.email/), both of which are docker containers.
Mozilla Thunderbird - it's secure, private easy and customizable. ~~The [Enigmail](https://www.enigmail.net) add-on allows for easy encryption/ decryption of PGP messages~~ (as of V 78.2.1 encryption is built in), and the [TorBirdy](https://trac.torproject.org/projects/tor/wiki/torbirdy) extension routes all traffic through the Tor network. Forks, such as [Betterbird](https://github.com/Betterbird/thunderbird-patches) may add additional features
eM Client - based email client, for Windows and MacOS. eM Client has a clean user interface, snappy performance and good compatibility. There is a paid version, with some handy features, including snoozing incoming emails, watching for replies for a specific thread, message translation, send later, and built-in Calendar, Tasks, Contacts and Notes. Note, eM Client is proprietary, and not open source
SnappyMail - based mail client. This is an IMAP-only fork of [RainLoop](http://www.rainloop.net) that mitigates a severe [RainLoop vulnerability](https://thehackernews.com/2022/04/unpatched-bug-in-rainloop-webmail-could.html) and adds several new [features](https://snappymail.eu/comparison).
RoundCube - based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an email client, including MIME support, address book, folder manipulation, message searching and spell checking
FairEmail - featured and easy mail client for Android. Supports unlimited accounts and email addresses with the option for a unified inbox. Clean user interface, with a dark mode option, it is also very lightweight and consumes minimal data usage
K-9 Mail - 9 is open source, very well supported and trusted - k9 has been around for nearly as long as Android itself! It supports multiple accounts, search, IMAP push email, multi-folder sync, flagging, filing, signatures, BCC-self, PGP/MIME & more. Install OpenKeychain along side it, in order to encrypt/ decrypt emails using OpenPGP
p≡p - to-end encrypted mail client, for "automatic privacy". It has some nice features, however it is not open source
Anonaddy
33Mail - standing aliasing service. As well as receiving, 33Mail also lets you reply to forwarded addresses anonymously. Free plan, as well as Premium plan ($1/ month) if you'd like to use a custom domain
SimpleLogin - login)) allias service with many additional features. Can be self-hosted, or the managed version has a free plan, as well as hosted premium option ($2.99/ month) for using custom domains
Firefox Private Relay - private-relay), and able to me self-hosted for advanced usage
ForwardEmail - all email forwarding service. Easy to self-host (see on [GitHub](https://github.com/forwardemail/free-email-forwarding)), or the hosted version has a free plan as well as a ($3/month) premium plan
ProtonMail - All Email feature.
Mailu - catchall](https://github.com/Pro/exchange-catchall)
mailhero.io - in encryption, so you will need to use PGP, but it is free.
Enigmail - on, enabling the use of OpenPGP to easily encrypt, decrypt, verify and sign emails. Free and open source, Enigmail is compatible with Interlink Mail & News and Postbox. Their website contains thorough documentation and quick-start guides, once set up it is extremely convenient to use.
Email Privacy Tester - receipts or other tracking data your mail client allows to be sent back to the sender. The system is open source ([on GitLab](https://gitlab.com/mikecardwell/ept3)), developed by [Mike Cardwell](https://www.grepular.com/) and trusted, but if you do not want to use your real email, creating a second account with the same provider, should yield identical results
DKIM Verifier - mail header, in order to help spot spoofed emails (which do not come from the domain that they claim to)
ProtonMail Bridge
Mumble - latency, high quality voice chat software. You can host your own server, or use a hosted instance, there are client applications for Windows, MacOS and Linux as well as third-party apps for Android and iOS.
Linphone - in media server. [SIP](https://en.wikipedia.org/wiki/Session_Initiation_Protocol)-based evolving to [RCS](https://en.wikipedia.org/wiki/Rich_Communication_Services). Native apps for Android, iOS, Windows, GNU/Linux and MacOS
SpoofCard
MicroSip
Silent.link - wide roaming. No data is required at sign-up. Affordable pricing, with payments and top-ups accepted in BTC. Requires an eSim-compatible device
Crypton.sh
Jmp.chat
MoneroSMS
Slack - teams-meeting-data-privacy), [Google for Work](https://www.wired.com/story/google-tracks-you-privacy/) and [Discord](https://cybernews.com/privacy/discord-privacy-tips-that-you-should-use-in-2020/) all come with some serious privacy implications.
Rocket.Chat - to-deploy, self-hosted team collaboration platform with stable, feature-rich cross-platform client apps. The UI is fast, good looking and intuitive, so very little technical experience is needed for users of the platform. Rocket.Chat's feature set is similar to Slack's, making it a good replacement for any team looking to have greater control over their data
RetroShare - to-1 chats with text and rich media using decentralized chat rooms, with a mail feature for delivering messages to offline contacts. A channels feature makes it possible for members of different teams to stay up-to-date with each other, and to share files. Also includes built-in forums, link aggregations, file sharing and voice and video calling. RetroShare is a bit more complex to use than some alternatives, and the UI is quite *retro*, so may not be appropriate for a non-technical team
Element - focused messenger using the Matrix protocol. The Element client allows for group chat rooms, media sharing voice and video group calls.
variety of clients - popular options include: [The Longe](https://thelounge.chat/) (Web-based), [HexChat](https://hexchat.github.io/) (Linux), [Pidgin](https://pidgin.im/help/protocols/irc/) (Linux), [WeeChat](https://weechat.org/) (Linux, terminal-based), [IceChat](https://www.icechat.net/) (Windows), [XChat Aqua](https://xchataqua.github.io/) (MacOS), [Palaver](https://palaverapp.com/) (iOS) and [Revolution](https://github.com/MCMrARM/revolution-irc) (Android)
Mattermost - hosted. It makes a good Slack alternative, with native desktop, mobile and web apps and a wide variety of [integrations](https://integrations.mattermost.com/)
Dialog
Tox
OSEM - in-one conference management tool, providing Registration, Schedules, Live and Recorded Sessions, Paper Submissions, Marketing Pages and Administration.
Privacy Badger - parties from secretly tracking where you go and what pages you look at. **Download**: [Chrome][privacy-badger-chrome] \ [Firefox][privacy-badger-firefox]
HTTPS Everywhere - https.html)). Note this functionality is now included by default in most modern browsers. **Download**: [Chrome][https-everywhere-chrome] \ [Firefox][https-everywhere-firefox]
uBlock Origin - weight, fast browser extension for Firefox and Chromium (Chrome, Edge, Brave Opera etc), that blocks tracking, ads and known malware. uBlock is easy-to-use out-of-the-box, but also has a highly customisable advanced mode, with a point-and-click firewall which can be configured on a per-site basis
ScriptSafe - safe-chrome] \ [Firefox][script-safe-firefox]
Firefox Multi-Account Containers - Account Containers lets you keep parts of your online life separated into color-coded tabs that preserve your privacy. Cookies are separated by container, allowing you to use the web with multiple identities or accounts simultaneously. **Download**: [Firefox](https://addons.mozilla.org/en-US/firefox/addon/multi-account-containers/)
Temporary Containers - Account Containers, let's you isolate cookies and other private data for each web site. **Download**: [Firefox](https://github.com/stoically/temporary-containers)
WebRTC-Leak-Prevent - rtc-chrome]. For Firefox users, you can do this through [browser settings](https://www.privacytools.io/browsers/#webrtc). Test for WebRTC leaks, with [browserleaks.com/webrtc](https://browserleaks.com/webrtc)
Canvas Fingerprint Blocker - blocker-fingerprin/nomnklagbgmgghhjidfhnoelnjfndfpd) \ [Firefox](https://addons.mozilla.org/en-US/firefox/addon/canvas-blocker-no-fingerprint/) \ [Edge](https://microsoftedge.microsoft.com/addons/detail/ahiddppepedlomdleppkbljnmkchlmdc) \ [Source](https://github.com/joue-quroi/canvas-fingerprint-blocker)
ClearURLs - US/firefox/addon/clearurls/) / [Source](https://gitlab.com/KevinRoebert/ClearUrls)
CSS Exfil Protection - exfil-protection/ibeemfhcbbikonfajhamlkdgedmekifo) \ [Firefox](https://addons.mozilla.org/en-US/firefox/addon/css-exfil-protection/) \ [Source](https://github.com/mlgualtieri/CSS-Exfil-Protection)
First Party Isolation - US/firefox/addon/first-party-isolation/)
Privacy-Oriented Origin Policy - US/firefox/addon/privacy-oriented-origin-policy/) \ [Source](https://github.com/claustromaniac/poop)
LocalCDN - US/firefox/addon/localcdn-fork-of-decentraleyes/)
Decentraleyes - party CDN. Improves privacy and load times. Works out-of-the-box and plays nicely with regular content blockers. **Download**: [Chrome][decentraleyes-chrome] \ [Firefox][decentraleyes-firefox] \ [Opera][decentraleyes-opera] \ [Pale Moon][decentraleyes-pale-moon] \ [Source][decentraleyes-source]
Privacy Essentials - essentials-chrome] \ [Firefox][privacy-essentials-firefox]
Self-Destructing Cookies - destructing-cookies-chrome] \ [Firefox][self-destructing-cookies-firefox] \ [Opera][self-destructing-cookies-opera] \ [Source][self-destructing-cookies-source]
Privacy Redirect - US/firefox/addon/privacy-redirect/) / [Chrome](https://chrome.google.com/webstore/detail/privacy-redirect/pmcmeagblkinmogikoikkdjiligflglb)
Site Bleacher - US/firefox/addon/site-bleacher/) \ [Chrome](https://chrome.google.com/webstore/detail/site-bleacher/mlcfcepfmnjphcdkfbfgokkjodlkmemo) \ [Source](https://github.com/wooque/site-bleacher)
User Agent Switcher - Agent string, making it appear that you are on a different device, browser and version to what you are actually using. This alone does very little for privacy, but combined with other tools, can allow you to keep your fingerprint changing, and feed fake info to sites tracking you. Some websites show different content, depending on your user agent.<br>**Download**: [Chrome](https://chrome.google.com/webstore/detail/user-agent-switcher/bhchdcejhohfmigjafbampogmaanbfkg) \ [Fireforx](https://addons.mozilla.org/firefox/addon/user-agent-string-switcher/) \ [Edge](https://microsoftedge.microsoft.com/addons/detail/cnjkedgepfdpdbnepgmajmmjdjkjnifa) \ [Opera](https://addons.opera.com/extensions/details/user-agent-switcher-8/) \ [Source](https://github.com/ray-lothian/UserAgent-Switcher/)
PrivacySpy - an open project that rates, annotates, and archives privacy policies. The extension shows a score for the privacy policy of the current website.<br>**Download**: [Chrome](https://chrome.google.com/webstore/detail/privacyspy/ppembnadnhiknioggbglgiciihgmkmnd) \ [Fireforx](https://addons.mozilla.org/en-US/firefox/addon/privacyspy/)
HTTPZ - Everywhere) <br>**Download**: [Firefox](https://addons.mozilla.org/en-US/firefox/addon/httpz/)
Skip Redirect - on tries to extract the final url from the intermediary url and goes there straight away if successful <br>**Download**: [Firefox](https://addons.mozilla.org/en-US/firefox/addon/skip-redirect/) \ [Source](https://github.com/sblask/webextension-skip-redirect)
Web Archives - US/firefox/addon/view-page-archive/) \ [Chrome](https://chrome.google.com/webstore/detail/web-archives/hkligngkgcpcolhcnkgccglchdafcnao) \ [Edge](https://microsoftedge.microsoft.com/addons/detail/apcfghlggldjdjepjnahfdjgdcdekhda) \ [Source](https://github.com/dessant/web-archives)
Flagfox - US/firefox/addon/flagfox/)
Lightbeam - firefox] \ [Source][lightbeam-source]
Track Me Not - profiling, through creating meaningless noise and obfuscation, outlined in their [whitepaper][tmn-whitepaper]. Controversial whether or not this is a good approach **Download**: [Chrome][tmn-chrome] \ [Firefox][tmn-firefox] \ [Source][tmn-source]
AmIUnique Timeline - chrome] \ [Firefox][amiunique-firefox]
Netcraft Extension - anti-phishing-ex/bmejphbfclcpmpohkggcjeibfilpamia) \ [Firefox](https://addons.mozilla.org/en-us/firefox/addon/netcraft-toolbar?src=external-apps-hero) \ [Opera](https://addons.opera.com/en/extensions/details/netcraft-anti-phishing-extension/) \ [Edge](https://microsoftedge.microsoft.com/addons/detail/netcraft-extension/ngjhgbnmdjjnmejmpamalgnlnmopllkm)
Extension source viewer
arkenfox wiki
Browser & Search Security Checklist
XPrivacyLua
Haven - snowden-haven-app/)
Fing App
FlutterHole
DPI Tunnel
Blokada - does-blokada-work/).
SnoopSnitch - the-air updates
TrackerControl
Greentooth - disable Bluetooth, then it is not being used. Saves battery, and prevent some security risks
PrivateLock
CamWings - camera-cover-set-ii)
ScreenWings
AFWall+ - grained control over which Android apps are allowed to access the network
Catch the Man-in-the-Middle - 1 fingerprints of the the SSL certificates seen from your device, and the certificate seen from an external network. If they do not match, this may indicate a man-in-the-middle modifying requests
RethinkDNS + Firewall - source ad-blocker and firewall app for Android 6+ (does not require root)
F-Droid - Droid is an installable catalogue of FOSS applications for Android. The client enabled you to browse, install, and keep track of updates on your device
Nethunter Catalogue
Mobile Security Checklist
';--have i been pwned?
εxodus
Am I Unique?
Panopticlick - ons protect you against online tracking techniques, and if your system is uniquely configured—and thus identifiable
Phish.ly
Browser Leak Test
IP Leak Test
EXIF Remove
Redirect Detective
Blocked.org
Virus Total - suspicious web resources (by URL, IP, domain or file hash) to detect types of malware (*note: files are scanned publicly*)
Hardenize
Is Legit?
Deseat Me - Instantly get a list of all your accounts, delete the ones you are not using
Should I Remove It?
10 Minute Mail
MXToolBox Mail Headers
Am I FloCed?
Site Report
Tor
Mullvad
Azire - security-checklist/issues/140).
IVPN - source apps and website. Strong ethics: no trackers, no false promises, no surveillance ads. Accepts various payment methods including crypotcurrencies.
ProtonVPN - friendly native mobile and desktop apps. ProtonVPN is one of the few "trustworthy" providers that also offer a free plan
OVPN - proven VPN service with support for Wireguard and OpenVPN support, and optional ad-blocking. Running on dedicated hardware, with no hard drives
Read more about fingerprinting
VPN leaks
What is a DNS leak - to-fix-a-dns-leak.html)*
Tor - networks)) may be a better option for anonimity*
Streisand
Digital Ocean - to-set-up-and-configure-an-openvpn-server-on-centos-7) or [Ubuntu 18.4+](https://www.digitalocean.com/community/tutorials/how-to-set-up-and-configure-an-openvpn-server-on-centos-7). See more about configuring [OpenVPN](https://openvpn.net/vpn-server-resources/digital-ocean-quick-start-guide/) or [IKEv2](https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ikev2-vpn-server-with-strongswan-on-ubuntu-18-04-2). Alternatively, here is a [1-click install script](http://dovpn.carlfriess.com/)for on [Digital Ocean](https://m.do.co/c/3838338e7f79), by Carl Friess.
Outline - wide access to the free and open internet. And since you have full control over the server, you can be confident that there is no logging or monitoring happening. However it comes at the cost of anonymity, especially if it's only you using your instance.
Pi-Hole - level advertisement and Internet tracker blocking application which acts as a DNS sinkhole. Pi-Hole can significantly speed up your internet, remove ads and block malware. It comes with a nice web interface and a mobile app with monitoring features, it's open source, easy to install and very widely used
Technitium - invasive content at it's source. Technitium doesn't require much of a setup, and basically works straight out of the box, it supports a wide range of systems (and can even run as a portable app on Windows). It allows you to do some additional tasks, such as add local DNS addresses and zones with specific DNS records. Compared to Pi-Hole, Technitium is very lightweight, but lacks the deep insights that Pi-Hole provides, and has a significantly smaller community behind it
IPFire - of-the-art open source firewall based on Linux. Its ease of use, high performance and extensibility make it usable for everyone
PiVPN - works nicely along-side PiHole
E2guardian
SquidGuard - in for Squid and uses blacklists to define sites for which access is redirected
PF Sense
Zeek - infected computer on your network, and powerful network analysis framework and monitor
Firezone - source self-hosted VPN and firewall built on WireGuard®.
Pre-configured security boxes
Mix networks - to-trace communications, by encrypting and routing traffic through a series of nodes. They help keep you anonymous online, and unlike VPNs -there are no logs
Tor - layered encryption by default, meaning you can browse freely. Tor also allows access to OnionLand: hidden services
I2P - lived tunnels, it is packet-switched (instead of circuit-switched) with TCP and UDP, and continuously profiles peers, in order to select the best performing ones. <br>I2P is less mature, but fully-distributed and self-organising, its smaller size means that it hasn't yet been blocked or DOSed much
Freenet
here
GNUnet - project.eu), and [Nym](https://nymtech.neteu)
made arrests - be aware of information leaks through DNS, other programs or human error. Tor-supported browsers may might lag behind their upstream forks, and include exploitable unpatched issues. See [#19](https://github.com/Lissy93/personal-security-checklist/issues/19)
running a Tor relay
free
ShadowSocks - platform and easy to deploy, see [GitHub repo](https://github.com/shadowsocks)
Privoxy - caching web proxy with advanced filtering capabilities for enhancing privacy, modifying web page data and HTTP headers, controlling access, and removing ads and other obnoxious Internet junk
V2ray-core - vpn)
Malicious Proxies - use the Tor network.
CloudFlare - class protection. They have native cross-platform apps, for easy set-up.
AdGuard - source DNS provider, specialising in the blocking of ads, trackers and malicious domains. They have been independently audited and do not keep logs
NextDNS - blocking, privacy-protecting, censorship-bypassing DNS. Also comes with analytics, and the ability to shield kids from adult content
Full List of Public DoH Servers - Hosted also has a [good list](https://awesome.tilde.fun/d/23-list-of-dns-servers
this article - and-security-focused-dns-resolver/).
Quad9 - funded, performant DNS with a strong focus on privacy and security and easy set-up, however questions have been raised about the motivation of some of the financial backers.
BlahDNS - focused DNS
OpenNIC - focused DNS
Unbound
Clean Browsing - based Content Filtering
Mullvad - enhancing service even if you don’t use Mullvad.
DNS leak test
RTC-7858 - over-HTTPS specification was outlined in [RFC8484](https://tools.ietf.org/html/rfc8484) in October '18. [DNSCrypt](https://dnscrypt.info/), is a protocol that authenticates communications between a DNS client and a DNS resolver. It prevents DNS spoofing, through using cryptographic signatures to verify that responses originate from the chosen DNS resolver, and haven’t been tampered with. DNSCrypt is a well battle-tested protocol, that has been in use since 2013, and is still widely used.
DNScrypt-proxy 2 - BSD, Linux, Solaris, Windows, MacOS & Android) | A flexible DNS proxy, with support for modern encrypted DNS protocols including DNSCrypt V2, DNS-over-HTTPS and Anonymized DNSCrypt. Also allows for advanced monitoring, filtering, caching and client IP protection through Tor, SOCKS proxies or Anonymized DNS relays.
Unbound - BSD, Linux, Windows & MacOS) | Validating, recursive, caching DNS resolve with support for DNS-over-TLS. Designed to be fast, lean, and secure Unbound incorporates modern features based on open standards. It's fully open source, and recently audited. *(For an in-depth tutorial, see [this article](https://dnswatch.com/dns-docs/UNBOUND/) by DNSWatch.)*
Nebulo - root, small-sized DNS changer utilizing DNS-over-HTTPS and DNS-over-TLS. *(Note, since this uses Android's VPN API, it is not possible to run a VPN while using Nebulo)*
RethinkDNS + Firewall - over-HTTPS, DNS-over-Tor, and DNSCrypt v3 with _Anonymized Relays_. *(Note, since this uses Android's VPN API, it is not possible to run a VPN while using RethinkDNS + Firewall)*
DNS Cloak - proxy 2 on an iPhone.
Stubby - Linux, Mac, OpenWrt & [Windows](https://dnsprivacy.org/wiki/display/DP/Windows+installer+for+Stubby)) | Acts as a local DNS Privacy stub resolver (using DNS-over-TLS). Stubby encrypts DNS queries sent from a client machine (desktop or laptop) to a DNS Privacy resolver increasing end user privacy. Stubby can be used in combination with Unbound - Unbound provides a local cache and Stubby manages the upstream TLS connections (since Unbound cannot yet re-use TCP/TLS connections), [see example configuration](https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Clients)
NetGuard - Fi and/or mobile connection
NoRoot Firewall
AFWall+ - Rooted) | Android Firewall+ (AFWall+) is an advanced iptables editor (GUI) for rooted Android devices, which provides very fine-grained control over which Android apps are allowed to access the network
RethinkDNS + Firewall - source ad-blocker and firewall app for Android 6+ (does not require root)
Lockdown
SimpleWall
LuLu
Little Snitch - app basis
OpenSnitch - app basis. GNU/Linux port of the Little Snitch application firewall
Gufw - overhead, under active maintenance and backed by a strong community. Installable through most package managers, or compile from [source](https://answers.launchpad.net/gui-ufw)
Uncomplicated Firewall
IPFire - of-the-art Open Source firewall based on Linux. Easy to install on a raspberry Pi, since it is lightweight and heavily customizable
Shorewall
OpenSense
types - us/help/4028544/windows-10-turn-windows-defender-firewall-on-or-off), [Mac OS](https://support.apple.com/en-us/HT201642), [Ubuntu](https://wiki.ubuntu.com/UncomplicatedFirewall) and other [Linux distros](https://www.tecmint.com/start-stop-disable-enable-firewalld-iptables-firewall).
Pi-Hole - wide ad-blocker. Works out-of-the-box, light-weight with an intuitive web interface, but still allows for a lot of advanced configuration for power users. As well as blocking ads and trackers, Pi-Hole speeds up your network speeds quite significantly. The dashboard has detailed statistics, and makes it easy to pause/ resume Pi-Hole if needed.
Diversion - blocking, Dnsmasq logging, Entware and pixelserv-tls installations and more on supported routers running [Asuswrt-Merlin firmware](https://www.asuswrt-merlin.net/), including its forks
DN66 - based host and ad blocker for Android. Easy to configure, but the default config uses several widely-respected host files. aimed at stopping ads, malware, and other weird stuff
BlockParty - wide ad-blocking. Can be customized with custom host lists, primarily aimed for just ad-blocking
hBlock - compliant shell script, designed for Unix-like systems, that gets a list of domains that serve ads, tracking scripts and malware from multiple sources and creates a hosts file (alternative formats are also supported) that prevents your system from connecting to them. Aimed at improving security and privacy through blocking advert, tracking and malware associated domains
Blokada - blocker that acts like a firewall. Since it's device-wide, once connected all apps will have ads/ trackers blocked, and the blacklist can be edited. The app is free, but there is a [premium option](https://community.blokada.org/t/what-is-blokada-plus-vpn/37), which has a built-in VPN
RethinkDNS + Firewall - blocker and a firewall for Android 6+ (no root required)
Ad Block Radio
uBlock Origin - weight, fast browser extension for Firefox and Chromium (Chrome, Edge, Brave Opera etc), that blocks tracking, ads and known malware. uBlock is easy-to-use out-of-the-box, but also has a highly customisable advanced mode, with a point-and-click firewall which can be configured on a per-site basis
uMatrix - development-has-ended/) being actively maintained**. Another light-weight browser extension, for Chromium and Firefox browsers. uMatrix acts more like a firewall, giving you the option for super fine-grained control over every aspect of resource blocking. It is possible to use both uBlock (for simple/ cosmetic ad blocking) and uMatrix (for detailed JavaScript blocking) at the same time
AdGuardHome - platform DNS Ad Blocker, similar to Pi Hole, but with some additional features, like parental controls, per-device configuration and the option to force safe search. This may be a good solution for families with young children.
TrackStop with PerfectPrivacy
Private Internet Access - 9242873-13842740), and [NordVPN](https://www.kqzyfj.com/l5115shqnhp4E797DC8467D69A6D) also have ad-block features.
SomeoneWhoCares/ Hosts - to-date host list, maintained by Dan Pollock - to make the internet not suck (as much)
Hosts by StevenBlack - maintained consolidated and extending hosts files from several well-curated sources. You can optionally pick extensions to block p0rn, Social Media, gambling, fake news and other categories
No Google
EasyList
iBlockList - for) for blocking content based on certain topics, inducing: spam, abuse, political, illegal, hijacked, bad peers and more
Energized - maintained lists, available in all common formats, with millions of hosts included
OpenWRT - configured port forwarding protocols (UPnP, NAT-PMP + upnpd, etc), Load balancing, IP tunneling, IPv4 & IPv6 support
DD-WRT - in for firewall, and there's great VPN support as well as additional plug-and-play and wake-on-lan features
Tomato - router.com), [LibreCMC](https://librecmc.org) and [DebWRT](http://www.debwrt.net)
OONI - A free tool and global observation network, for detecting censorship, surveillance and traffic manipulation on the internet. Developed by The Tor Project, and available for [Android](https://play.google.com/store/apps/details?id=org.openobservatory.ooniprobe), [iOS](https://apps.apple.com/us/app/id1199566366) and [Linux](https://ooni.org/install/ooniprobe)
Mongol
Goodbye DPI
DPITunnel
Proxy Checker - do-i-know-what-proxy-server-im-using)
Zeek
OSSEC - based intrusion detection system, that performs log analysis, integrity checking, monitoring, rootkit detection, real-time alerting and active response
Kismet
Snare
picosnitch
Njalla - focused domain registrar and VPN hosting provider. They own and manage all their own servers, which are based in Sweden. They accept crypto, for anonymous payments, and allow you to sign up with OTR XMPP if you do not want to provide an email address. Both VPS and domain name pricing is reasonable, with packages starting at $15/ month
Vindo - managed virtual private servers and domain registration
Private Layer - grade, high-speed offshore dedicated servers, they own their own data centres, have a solid privacy policy and accept anonymous payment
Servers Guru - currencies (Bitcoin, Monero, Ethereum etc..) and don't require any personal informations. They resell from reliable main actors in the industry and provide multiple hosting locations across europe. Their VPS offers starts at 4.99€/ month
1984 - shore dedicated servers. [Orange Website](https://www.orangewebsite.com) specialises in protecting online privacy and free speech, hosted in Iceland. [RackBone](https://rackbone.ch) (previously [DataCell](https://datacell.is)) provides secure and ethical hosting, based in Switzerland. And [Bahnhof](https://www.bahnhof.net) offers high-security and ethical hosting, with their data centres locates in Sweden. Finally [Simafri](https://www.simafri.com/anonymous) has a range of packages, that support Tor out of the box
5 eyes
Njal.la - aware domain service with anonymous sign-up and accepts crypto currency
Orange Website - eyes jurisdiction (in Iceland)
deSEC
Mail-in-a-box - to-deploy fully-featured and pre-configured SMTP mail server. It includes everything from webmail, to spam filtering and backups
Docker Mailserver - stack but simple mailserver (smtp, imap, antispam, antivirus, ssl...) using Docker. Very complete, with everything you will need, customizable and very easy to deploy with docker
Cryptee - text documents. Cryptee has encryption and anonymity at its core, it also has a beautiful and minimalistic UI. You can use Cryptee from the browser, or download native Windows, Mac OS, Linux, Android and iOS apps. Comes with many additional features, such as support for photo albums and file storage. The disadvantage is that only the frontend is open source. Pricing is free for starter plan, $3/ month for 10GB, additional plans go up-to 2TB
Standard Notes - source, and completely encrypted private notes app. It has a simple UI, yet packs in a lot of features, thanks to the [Extensions Store](https://standardnotes.com/features), allowing for: To-Do lists, Spreadsheets, Rich Text, Markdown, Math Editor, Code Editor and many more. You can choose between a number of themes (yay, dark mode!), and it features built-in secure file store, tags/ folders, fast search and more. There is a web app as well as native Windows, Mac OS, Linux, Android and iOS apps. Standard Notes is actively developed, and fully open-source, so you can host it yourself, or use their hosted version: free without using plug-ins or $3/ month for access to all features
Turtle - host it yourself (see [repo](https://github.com/turtl)), or use their hosted plan (free edition or $3/ month for premium)
Joplin - platform desktop and mobile note-taking and todo app. Easy organisation into notebooks and sections, revision history and a simple UI. Allows for easy import and export of notes to or from other services. Supports synchronisation with cloud services, implemented with E2EE - however it is only the backed up data that is encrypted
Notable - based note editor for desktop, with a simple, yet feature-rich UI. All notes are saved individually as .md files, making them easy to manage. No mobile app, or built-in cloud-sync or encryption
Logseq - first, open-source knowledge base that works on top of local plain-text Markdown and Org-mode files
AFFiNE - source alternative to Notion, monday.com and Miro.
SafeRoom
Org Mode - all in plaintext.
Protected Text - platform secure notes app, where all entries are formatted with markdown.
CryptPad - CryptPad is entirely web-based. You can use their web service, or you can host your own instance (see [CryptPad GitHub](https://github.com/xwiki-labs/cryptpad) repo). Price for hosted: free for 50mb or $5/ month for premium
NextCloud - hosted productivity platform, with a strong community and growing [app store](https://apps.nextcloud.com). NextCloud is similar to (but arguably more complete than) Google Drive, Office 365 and Dropbox, originally it was a fork from [OwnCloud](https://owncloud.org/), but since have diverged. Clear UI and stable native apps across all platforms, and also supports file sync. Supports encrypted files, but you need to configure this yourself. Fully open source, so you can self-host it yourself (or use a hosted solution, starting from $5/ month)
Disroot - it is widely used by journalists, activists and whistle-blowers. It is free to use, but there have been reported reliability issues of the cloud services
Sandstorm - hosting web apps. Once you've set it up, you can install items from the Sandstorm [App Market](https://apps.sandstorm.io/) with -click, similar to NextCloud in terms of flexibility
Vikunja - source to-do application. It is suitable for a wide variety of projects, supporting List, Gantt, Table and Kanban views to visualize all tasks in different contexts. For collaboration, it has sharing support via private teams or public links. It can be self-hosted or used as a managed service for a small fee.
Skiff Pages - to-end encrypted, privacy-first collaborative document, note-taking, and wiki product. Skiff Pages has a modern, easy-to-use UI and supports rich text documents with embedded content. Skiff also supports end-to-end encrypted file upload and sharing ([Skiff Drive](https://skiff.com/drive)), as well as workspaces for multiple users to collaborate. [Skiff Pages is available](https://skiff.com/download) on web, iOS, and Android.
SeaFile
Syncthing - encrypted and private. Syncthing can be deployed with Docker, and there are native clients for Windows, Mac, Linux, BSD and Android
NextCloud - rich productivity platform, that can be used to backup and selectively sync encrypted files and folders between 1 or more clients. See [setting up sync](https://docs.nextcloud.com/desktop/3.3/navigating.html). A key benefit the wide range of plug-ins in the [NextCloud App Store](https://apps.nextcloud.com), maintained by the community. NextCloud was a hard fork off [OwnCloud](https://owncloud.org).
Duplicacy
SpiderOak - in
FileRun - hosted file explorers, with cross-platform sync capabilities.
secure the server - use a strong password, keep your credentials safe and enable 2FA.
Cryptomator - platform, open source encryption app, designed for just this.
Tresorit - to-end encrypted zero knowledge file storage, syncing and sharing provider, based in Switzerland. The app is cross-platform, user-friendly client and with all expected features. £6.49/month for 500 GB
IceDrive - platform apps. Starts as £1.50/month for 150 GB or £3.33/month for 1 TB
Sync.com
pCloud - platform client apps. £3.99/month for 500 GB
Peergos - to-peer end-to-end encrypted global filesystem with fine grained access control. Provides a secure and private space online where you can store, share and view your photos, videos, music and documents. Also includes a calendar, news feed, task lists, chat and email client. Fully open source and self-hostable (or use hosted solution, £5/month for 50 GB)
Internxt - knowledge cloud storage service based on best-in-class privacy and security. Made in Spain. Open-source mobile and desktop apps. 10GB FREE and Paid plans starting from €0.99/month for 20GB.
FileN - to-end encrypted affordable cloud storage made in Germany. Open-source mobile and desktop apps. 10GB FREE with paid plans starting at €0.92/month for 100GB.
FilePizza - to-peer based file transfer from the browser, using [Web Torrent](https://webtorrent.io/). It's quick and easy to use, and doesn't require any software to be installed. Can also be self-hosted: [repo](https://github.com/kern/filepizza)
FileSend - day retention. Files are secured with client-side AES-256 encryption and no IP address or device info is logged. Files are permanently deleted after download or after specified duration. Developed by [StandardNotes](https://standardnotes.org/?s=chelvq36), and has built-in integration with the SN app.
OnionShare
Instant.io - to-peer based solution, using [Web Torrent](https://webtorrent.io). For specifically transferring images, [Up1](https://github.com/Upload/Up1) is a good self-hosted option, with client-side encryption. Finally [PsiTransfer](https://github.com/psi-4ward/psitransfer) is a feature-rich, self-hosted file drop, using streams.
Floccus - US/firefox/addon/floccus/) and [Edge](https://microsoftedge.microsoft.com/addons/detail/gjkddcofhiifldbllobcamllmanombji)
XBrowserSync - run sync server](https://www.xbrowsersync.org/#status), or host your own with their [docker image](https://hub.docker.com/r/xbrowsersync/api). Extensions are available for [Chrome](https://chrome.google.com/webstore/detail/xbrowsersync/lcbjdhceifofjlpecfpeimnnphbcjgnc), [Firefox](https://addons.mozilla.org/en-GB/firefox/addon/xbs/) and on [Android](https://play.google.com/store/apps/details?id=com.xBrowserSync.android)
Unmark - host it, or use their [managed service](https://unmark.it) which has a free and paid-for tier
Reminiscence - hosted bookmark and archive manager. Reminiscence is more geared towards archiving useful web pages either for offline viewing or to preserve a copy. It is a web application, that can be installed with Docker on either a local or remote server, although it has a comprehensive and well-documented REST API, there is currently [no browser extension](https://github.com/kanishka-linux/reminiscence/wiki/Browser-Addons)
Geekmarks - driven, quick-to-use bookmark manager with powerful organisation features. Geekmarks is thoroughly documented, but a little more technical than other options, extension is currently only available for [Chromium-based](https://chrome.google.com/webstore/detail/geekmarks-client/nhiodffdihhkdlkfmpmmnanekkbbfkgk) browsers
Shiori - linux/reminiscence), [unmark](https://github.com/cdevroe/unmark)
Ymarks - based self-hosted bookmark synchronization server and [Chrome](https://chrome.google.com/webstore/detail/ymarks/gefignhaigoigfjfbjjobmegihhaacfi) extension.
syncmarx - US/firefox/addon/syncmarx/)).
NextCloud Bookmarks - US/firefox/addon/freedommarks/) (Firefox) and [OwnCloud Bookmarks](https://chrome.google.com/webstore/detail/owncloud-bookmarks/eomolhpeokmbnincelpkagpapjpeeckc) (Chrome).
Turtl Notes - in
RainDrop - featured all-in-1 bookmarking and web-snip suite. It has a beautiful UI, good data controls and some very handy integrations and features. Available on desktop, mobile, web and through a browser extension. The catch is that it is not open source, there is a free and premium plan, but no option for self-hosting.
ClearURLs
many, many security issues with Zoom
Jami - to-peer, and has full end-to-end encryption with perfect forward secrecy for all communications, complying with the [X.509](https://en.wikipedia.org/wiki/X.509) standard. Supported nativity on Windows, macOS, iOS, GNU/Linux, Android and Android TV. Video quality is quite good, but very dependent on network speeds, some of the apps are lacking in features
Jitsi - host your own, or use a [community hosted instance](https://github.com/jitsi/jitsi-meet/wiki/Jitsi-Meet-Instances)
Apache OpenMeetings - hosted video-conferencing, chat rooms, file server and tools for meetings. [together.brave.com](https://together.brave.com) is Brave's Jitsi Fork.
BigBlueButton - hosted conference call software, aimed specifically at schools and Universities. It allows for the host/ teacher to have full control over the session, and provides high-quality video streaming, multi-user whiteboards, breakout rooms, and instant chat.
GnuPG
SeaHorse
Kleopatra
GPG4Win
GPG Suite
OpenKeychain - alone, and as integrated into other apps, including [k9-Mail](https://k9mail.app)
PGP Everywhere
FlowCrypt
EnigMail - inc.com), integrates natively within mail app
p≡p - to-use decentralied PGP encryption for Android, iOS, Thunderbird, Enigmail, and Outlook. Popular solution for enterprises
Mailvelope
PGP4USB
Exif - magazine-just-accidentally-revealed-where-john-mca-5965295) to.
may reveal the location
ExifCleaner - platform, open source, performant EXIF meta data removal tool. This GUI tool makes cleaning media files really easy, and has great batch process support. Created by @szTheory, and uses [ExifTool](https://exiftool.org)
ExifTool - independent open source Perl library & CLI app, for reading, writing and editing meta data. Built by Phill Harvey. Very good performance, and supports all common metadata formats (including EXIF, GPS, IPTC, XMP, JFIF, GeoTIFF, ICC Profile, Photoshop IRB, FlashPix, AFCP and ID3). An official [GUI application](https://exiftool.org/gui/) is available for Windows, implemented by Bogdan Hrastnik.
ImageOptim
ImageMagic - strip path/to/image.png` to remove all metadata. If you have [GIMP](https://www.gimp.org) installed, then just go to `File --> Export As --> Export --> Advanced Options --> Uncheck the "Save EXIF data" option`.
go-exif
not remove it - to-recover-deleted-files-2622870). Therefore, to protect your privacy, you should erase/ overwrite data from the disk, before you destroy, sell or give away a hard drive.
Eraser
Hard Disk Scrubber - 5020, DoD 5220.22-M, and Random Data
SDelete - M
OW Shredder
DBAN - contained boot disk that securely wipes the hard disks of most computers. DBAN will automatically and completely delete the contents of any hard disk that it can detect, which makes it an appropriate utility for bulk or emergency data destruction. DBAN is the free edition of [Blanco](https://www.blancco.com/products/drive-eraser/), which is an enterprise tool designed for legal compliance.
nwipe - platform) | C-based secure light-weight disk eraser, operated through the easy-to-use CLI or a GUI interface
shred
Secure Remove
Mr. Phone - source suite of forensic data tools for mobile. The data eraser allows for both Android and iOS to be fully wiped, through connecting them to a PC.
`dd` - wsv /dev/sdd`. An effective method of erasing an SSD, it to use [hdparm](https://en.wikipedia.org/wiki/Hdparm) to issue a [secure erase](https://en.wikipedia.org/wiki/Parallel_ATA#HDD_passwords_and_security) command, to your target storage device, for this, see step-by-step instructions via: [wiki.kernel.org](https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase). Finally, `[srm](https://www.systutorials.com/docs/linux/man/1-srm/)` can be use to securely remove files or directories, just run `srm -zsv /path/to/file` for a single pass over.
VirtualBox - rich virtualization product, supporting x86 and AMD64/Intel64 architectures. Available for Windows, MacOS, Linux and BSD, and free for both personal and enterprise use. VirtualBox is backed by a strong community, and has been under active development since 2007.
Xen Project - 1 hyperviser for multiple operating systems using the same hardware - very useful for servers, as it allows for fully independent virtual Linux machines
UTM - 64 OSes on Apple Silicon Macs
QEMU
VMWare - V](https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/quick-start/enable-hyper-v), which is a native Windows product, developed by Microsoft.
cost of our privacy - but you, the user should be able to choose with whom you share what, and that is what the following sites aim to do.
Aether - governing communities with auditable moderation - a similar concept to Reddit, but more privacy-sensitive, democratic and transparent. Aether is open source and peer-to-peer, it runs on Windows, Mac and Linux
Discourse - hostable discussion platform you can use as a mailing list, discussion forum or long-form chat room.
Mastodon - source, distributed across independent servers, and with no algorithms that mess with users timelines
Minds
Vero - source) A mobile-based social network, whose USP is that they have "No Ads. No Data Mining. No Algorithms." Since Vero is not open source, it is not possible to verify the validity of these claims
diaspora\* - distributed, decentralized social networks, built on open protocols
Tildes - bulletin boards and news aggregators (similar to Reddit)
Pixelfed - A free, ethical, federated photo sharing platform (FOSS alternative to Instagram)
tweaks - respecting client - such as [Reditr](http://reditr.com/). Other main-stream social networking sites do not respect your privacy, so should be avoided, but if you choose to keep using them see [this guide](https://proprivacy.com/guides/social-media-privacy-guide) for tips on protecting your privacy
PeerTube - source federated video platform that uses peer-to-peer technology to reduce load on individual servers when viewing videos. You can [self-host](https://docs.joinpeertube.org/#/install-any-os), or [find an instance](https://joinpeertube.org/instances#instances-list), and then watch videos from any PeerTube server
DTube - free video platform with little to no moderation that uses cryptocurrency and blockchain technology to pay its users.
BitTube - to-peer, decentralized, censorship-free, ad-free video sharing and live streaming platform based on IPFS and blockchain technology
BitChute
Invidious - library/download-youtube-plus-ipa-ios) (iOS)
youtube-dl - dl-gui](https://github.com/MrS0m30n3/youtube-dl-gui) (gui). For just audio, there is [PodSync](https://podsync.net/)
Petey Vid - biased video search engine. Unlike normal search engines it indexes videos from a lot of sources, including Twitter, Veoh, Instagram, Twitch, MetaCafe, Minds, BitChute, Brighteon, D-Tube, PeerTube, and many others.
Write Freely
Telegraph - anonymous-blogging-platform-telegraph), Telegraph is fast, anonymous and simple
Mataroa - blog/mataroa) and privacy-conscious.
Bear Blog - first, no-nonsense, super-fast blogging platform. [Repo on GitHub](https://github.com/HermanMartinus/bearblog).
Movim - source](https://github.com/movim/movim) web frontend for XMPP that supports decentralized blogging and chatrooms.
Standard Notes
telegra.ph
Ghost
Tiny RSS - based news feed (RSS/Atom) reader and aggregator
RSSOwl - based RSS reader, with powerful organisation features
Feedly - to-digest clean and modern interface. It works with more than just RSS feeds, since it is well integrated with many major news outlets. It does not manipulate the stories you see, and is mostly open source
Tonic - you can use throwaway accounts for posting.
reputation - and for that a lot of data needs to have been collected about you, your habits, interests and routines.
Nitter - end focused on privacy, it prevents Twitter from tracking your IP or browser fingerprint. It does not include any JavaScript, and all requests go through the backend, so the client never talks directly to Twitter. It's written in Nim, is super lightweight, with multiple themes and a responsive mobile version available, as well as customizable RSS feeds. Uses an unofficial API, with no rate limits or and no developer account required.
Invidious - focused, open source alternative frontend for YouTube. It prevents/ reduces Google tracking, and adds additional features, including an audio-only mode, Reddit comment feed, advanced video playback settings. It's super lightweight, and does not require JavaScript to be enabled, and you can import/ export your subscriptions list, and customize your feed. See list of [Invidious Public Instances](https://github.com/iv-org/invidious/wiki/Invidious-Instances).
Libreddit - end for Reddit written in Rust. Massively [faster than Reddit](https://github.com/spikecodes/libreddit#speed) by not including ads, trackers or bloat. Libreddit can be deployed and selfhosted through `cargo`, Docker and Repl.it and proxies all requests through the back-end. Libreddit currently implements most of Reddit's functionalities that don't require users to be signed in.
WebProxy - blocked content. The service is maintained by [DevroLabs](https://devrolabs.com/), who also run the [OnionSite](https://onionsite.weboproxy.com/) web proxy, they claim to that all traffic is 256-bit SSL-encrypted, but this cannot be verified - never enter any potentially personally identifiable information, and use it purely for consuming content.
NewPipe - respecting YouTube client for Android.
FreeTube - feel desktop app. It is built upon the [Invidious](https://invidious.io/) API.
Monero - chain cryptographic methods such as Ring signatures, RingCT, Kovri, and Stealth addresses all of which help protect the privacy of users
ZCash - knowledge proofs to protect privacy cryptographic technique, that allows two users to transact without ever revealing their true identity or address. The Zcash blockchain uses two types of addresses and transactions, Z transactions and addresses are private and T transactions and addresses are transparent like Bitcoin.
Local Bitcoins
PIVX
Wasabi Wallet
Trezor - platform, offline, crypto wallet, compatible with 1000+ coins. Your private key is generated on the device, and never leaves it, all transactions are signed by the Trezor, which ensures your wallet is safe from theft. There are native apps for Windows, Linux, MacOS, Android and iOS, but Trezor is also compatible with other wallets, such as Wasabi. You can back the Trezor up, either by writing down the seed, or by duplicating it to another device. It is simple and intuitive to use, but also incredible customisable with a large range of advanced features.
ColdCard - to-use, super secure Bitcoin hardware wallet, which can be used independently as an air-gapped wallet. ColdCard is based on partially signed Bitcoin transactions following the [BIP174](https://github.com/bitcoin/bips/blob/main/bip-0174.mediawiki) standard. Built specifically for Bitcoin, and with a variety of unique security features, ColdCard is secure, trustless, private and easy-to-use. Companion products for the ColdCard include: [BlockClock](http://blockclockmini.com/), [SeedPlate](http://bitcoinseedbackup.com/) and [ColdPower](http://usbcoldpower.com/)
Electrum - standing Python-based Bitcoin wallet with good security features. Private keys are encrypted and do not touch the internet and balance is checked with a watch-only wallet. Compatible with other wallets, so there is no tie-in, and funds can be recovered with your secret seed. It supports proof-checking to verify transactions using SPV, multi-sig and add-ons for compatibility with hardware wallets. A decentralized server indexes ledger transactions, meaning it's fast and doesn't require much disk space. The potential security issue here would not be with the wallet, but rather your PC - you must ensure your computer is secure and your wallet has a long, strong passphrase to encrypt it with.
Samourai Wallet - source, Bitcoin-only privacy-focused wallet, with some innovative features.<br>Samourai Wallet works under any network conditions, with a full offline mode, useful for cold storage. It also supports a comprehensive range of privacy features including: STONEWALL that helps guard against address clustering deanonymization attacks, PayNym which allows you to receive funds without revealing your public address for all to see, Stealth Mode which hides Samourai from your devices launcher, Remote SMS Commands to wipe or recover your wallet if device is seized or stolen, and Whirlpool which is similar to a coin mixer, and OpenDime is also supported for offline USB hardware wallets.
Sparrow Wallet - on the contrary it attempts to provide as much detail as possible about your transactions and UTXOs, but in a way that is manageable and usable.
Atomic Wallet - does-atomic-wallet-offer-hardware-wallet-integration) hardware wallets yet. Therefor, it may only be a good choice as a secondary wallet, for storing small amounts of your actively used currency
CryptoSteel - CryptoSteel is a good fire-proof, shock-proof, water-proof and stainless cryptocurrency backup solution.
BitBox02 - 20 tokens) | Open source hardware wallet, supporting secure multisig with the option for making encrypted backups on a MicroSD card.
ColdCard
Metamask - based app means that you need to stay vigilant with what services you give access to.
Bisq - source, peer-to-peer application that allows you to buy and sell cryptocurrencies in exchange for national currencies. Fully decentralized, and no registration required.
LocalBitcoins - to-person exchange, find people local to your area, and trade directly with them, to avoid going through any central organisation. Primarily focused on Bitcoin, Ethereum, Ripple and LiteCoin, as it gets harder to find people near you selling niche alt-coins
AtomicDEX - to-person cryptocurrency exchange with no KYC or registration required and uses atomic swaps to perform trustless trades. The orderbook uses a modified libp2p protocol to prevent censorship and maintain decentralization. Fiat currencies are not supported, but hundreds of alt-coins and major cryptocurrencies are supported.
RoboSats - to-peer experience and makes use lightning hold invoices to minimize custody and trust requirements. The deterministically generated avatars help users stick to best privacy practices.
BaseFEX - coins, [Binance](https://www.binance.com/en/register?ref=X2BHKID1) has a wide range of currencies, and ID verification is not needed for small-value trades.
Privacy.com
Revolut Premium
MySudo
Blur
PayLasso
Firefly III - hosted) | A free and open source personal finance manager. Firefly III has all essential features, a clean and clear UI and is easy to set up and use (see [live demo](https://demo.firefly-iii.org)). It's backed by a strong community, and is regularly updated with new features, improvements and fixes. There is also a hass.io [addon](https://github.com/hassio-addons/addon-firefly-iii), and it works nicely with [Home Assistant](https://www.home-assistant.io). Note: Since it is self-hosted, you will need to ensure that your server (either local or remote) is correctly configured for security.
EasyBudget - to-use app open source budgeting app. It doesn't have all the features that alternatives offer, but it does simple budget management and planning very effectively
HomeBank - party port for Mac OS)
GnuCash - featured cross-platform accounting application, which works well for both personal and small business finance. First released in 1998, GnuCash is long standing and very stable, and despite a slightly dated UI, it's still a very popular option. Originally developed for Linux, GnuCash is now available for Windows, Mac and Linux and also has a well rated official [Android app](https://play.google.com/store/apps/details?id=org.gnucash.android&hl=en)
Plain Text Accounting - line-friendly software, such as Ledger](https://www.ledger-cli.org), [hledger](https://hledger.org/), [Beancount](https://github.com/beancount/beancount) and [more](https://plaintextaccounting.org/#pta-apps). Unlike other tools, you have full control over your data, and are not tied to a particular vendor
Collabora - populate your spreadsheets from your financial data, using publicly accessible API - mitigating the requirement for a dedicated budgeting application.
Smart Wallet - Budget](https://rezach.github.io/my-budget) (Desktop), [MoneyManager EX](https://www.moneymanagerex.org), [Skrooge](https://skrooge.org), [kMyMoney](https://kmymoney.org) and [Budget Zen](https://budgetzen.net) (a simple E2E encrypted budget manager)
Google tracks you
custom ROM - free mobile OS that can be [flashed](https://www.xda-developers.com/how-to-install-custom-rom-android/) to your device.
GrapheneOS - support).
CalyxOS
DivestOS - span of discontinued devices, enhancing user privacy, and providing a modest increase of security where/when possible. Project is developed and maintained solely by Tad (SkewedZeppelin) since 2014.
LineageOS - source operating system for various devices, based on the Android mobile platform - Lineage is light-weight, well maintained, supports a wide range of devices, and comes bundled with [Privacy Guard](https://en.wikipedia.org/wiki/Android_Privacy_Guard)
Replicant OS - featured distro, with an emphasis on freedom, privacy and security. [OmniRom](https://www.omnirom.org/), [Resurrection Remix OS](https://resurrectionremix.com/), and [Paranoid Android](http://paranoidandroid.co/) are also popular options. Alternatively, [Ubuntu Touch](https://ubports.com/) is a Linux (Ubuntu)- based OS. It is secure by design and runs on almost any device, - but it does fall short when it comes to the app store.
Aurora Store
Qubes OS - source security-oriented operating system for single-user desktop computing. It uses virtualisation, to run each application in its own compartment to avoid data being leaked. It features [Split GPG](https://www.qubes-os.org/doc/split-gpg/), [U2F Proxy](https://www.qubes-os.org/doc/u2f-proxy/), and [Whonix integration](https://www.qubes-os.org/doc/whonix/). Qubes makes is easy to create [disposable VMs](https://www.qubes-os.org/doc/disposablevm/) which are spawned quickly and destroyed when closed. Qubes is [recommended](https://twitter.com/Snowden/status/781493632293605376) by Edward Snowden
Whonix - Whonix is based on Debian, [KickSecure](https://www.whonix.org/wiki/Kicksecure) and [Tor](https://www.whonix.org/wiki/Whonix_and_Tor)
Tails - in system-wide, and uses state-of-the-art cryptographic tools to encrypt your files, emails and instant messaging. Open source, and built on top of Debian. Tails is simple to stop, configure and use
Parrot - based operating system, that is geared towards security, privacy and development. It is fully-featured yet light-weight, very open. There are 3 editions: General Purpose, Security and Forensic. The Secure distribution includes its own sandbox system obtained with the combination of [Firejail](https://firejail.wordpress.com/) and [AppArmor](https://en.wikipedia.org/wiki/AppArmor) with custom security profiles. While the Forensics Edition is bundled with a comprehensive suite of security/ pen-testing tools, similar to Kali and Black Arch
Discreete Linux - blowers, Discreete Linux is similar to Tails, in that it is booted live from external media, and leaves no/ minimal trace on the system. The aim of the project, was to provide all required cryptographic tools offline, to protect against Trojan-based surveillance
Alpine Linux - oriented, lightweight distro based on musl libc and busybox. It compiles all user-space binaries as position-independent executables with stack-smashing protection. Install and setup may be quite complex for some new users
Septor - based distro with the KDE Plasma desktop environment, and Tor baked-in. Designed for surfing the web anonymously, and completing other internet-based activities (with Thunderbird, Ricochet IM, HexChat, QuiteRSS, OnionShare). Septor is light-weight, but comes bundled with all the essential privacy + security utilities (including: Gufw, Ark, Sweeper, KGpg, Kleopatra, KWallet, VeraCrypt, Metadata Anonymisation Toolkit and more).
Subgraph OS - wide attack mitigations, and all key applications run in sandbox environments. Subgraph is still in beta (at the time of writing), but still is well tested, and has some nice anonymization features
Kali
TENS OS - kodachi/) and [IprediaOS](https://www.ipredia.org). (Avoid systems that are not being actively maintained)
Fedora - all of which have a large community behind them. **[Manjaro](https://manjaro.org/)** (based of Arch) is a good option, with a simple install process, used by new comers, and expers alike. **[POP_OS](https://pop.system76.com/)** and **[PureOS](https://www.pureos.net/)** are reasonably new general purpose Linux, with a strong focus on privacy, but also very user-friendly with an intuitive interfac and install process. See [Simple Comparison](https://computefreely.org/) or [Detailed Comparison](https://en.wikipedia.org/wiki/Comparison_of_Linux_distributions).
OpenBSD
Windows 10 AME - intrusive yet fully functional build of Windows 10 to anyone, who requires the Windows operating system natively. Core applications, such as the included Edge web-browser, Windows Media Player, Cortana, as well as any appx applications (appx apps will no longer work), have also been successfully eliminated. The total size of removed files is about 2 GB. Comes as a pre-built ISO or option to build from scratch with de-bloat scripts. Strong, supportive community on Telegram.
Windows 10 LTSC - cost Windows 10 version, that is intended for specialized systems, and receives less regular feature updates. What makes it appealing, is that it doesn't come with any bloatware or non-essential applications, and needs to be configured from the ground up by the user. This gives you much better control over what is running on your system, ultimately improving security and privacy. It also includes several enterprise-grade [security features](https://docs.microsoft.com/en-us/windows/whats-new/ltsc/whats-new-windows-10-2019#security), which are not available in a standard Windows 10 instance. It does require some technical knowledge to get started with, but once setup should perform just as any other Windows 10 system. Note that you should only download the LTSC ISO from the Microsoft's [official page](https://www.microsoft.com/en-in/evalcenter/evaluate-windows-10-enterprise)
Windows 10 security guide - privacy-tips/) or [Linux security guide](https://spreadprivacy.com/linux-privacy-tips/).
Firejail - bpf. Written in C, virtually no dependencies, runs on any modern Linux system, with no daemon running in the background, no complicated configuration, and it's super lightweight and super secure, since all actions are implemented by the kernel. It includes security profiles for over 800 common Linux applications. FireJail is recommended for running any app that may potential pose some kind of risk, such as torrenting through Transmission, browsing the web, opening downloaded attachments
Gufw - overhead, under active maintenance and backed by a strong community. Installable through most package managers, or compile from [source](https://answers.launchpad.net/gui-ufw)<br>Other popular firewalls are [OpenSnitch](https://github.com/evilsocket/opensnitch) and [Uncomplicated Firewall](https://en.wikipedia.org/wiki/Uncomplicated_Firewall), see more [firewalls](#firewalls)
ClamTk - end for ClamAV, making it an easy to use, light-weight, on-demand virus scanner for Linux systems
chkrootkit
Snort - time traffic analysis and packet
BleachBit
SecTools.org
Windows Spy Blocker
ShutUp10
WPD
KeyScrambler
SafeKeys V3.0
BleachBit
USBFix
GMER
ScreenWings
CamWings
SpyDish
SharpApp
Debotnet - weight, portable app for controlling the many privacy-related settings within Windows 10- with the aim of helping to keep private data, private
PrivaZer - logs, cache, history, etc
ClamAV - platform antivirus engine for detecting viruses, malware & other malicious threats. It is versatile, performant and very effective
VirusTotal - based malware scanner, that inspects files and URLs with over 70 antivirus scanners, URL/domain services, and other tools to extract signals and determine the legitimacy
Armadito - based anti-virus and malware detection for Windows and Linux. Supports both ClamAV signatures and YARA rules. Has a user-friendly interface, and includes a web-based admin panel for remote access.
MalwareBytes - open-source)
Home Assistant - 1500+ integrations. Runs well on a Raspberry Pi, accessible though a web interface and CLI, as well as several controller apps (such as [HassKit](https://play.google.com/store/apps/details?id=com.thhkstudio.hasskit) and the official [Home Assistant App](https://play.google.com/store/apps/details?id=io.homeassistant.companion.android))
OpenHAB - powered home server, and again there are some great apps for, such as the official [OpenHabb App](https://play.google.com/store/apps/details?id=org.openhab.habdroid) and the [HomeHabit](https://play.google.com/store/apps/details?id=app.homehabit.view) wall dashboard
Domoticz
Node-RED - RED is a programming tool for wiring together hardware devices, APIs and online services, it provides a browser-based editor that makes it easy to build flows with a wide range of supported nodes, and it is easy to deploy locally in your network
ThingsBoard
Smart Home Security Checklist
SourceHut - based build pipelines. Can be self-hosted, or used through the managed instance at [sr.ht](https://sr.ht/)
Codeberg - managed instance of [Forgejo](https://forgejo.org)
GitLab - featured git, CI and project management platform. Managed instance available, but can also be self-hosted
Gitea - hosted git platform, written in Go
Gogs - hosted git platform, written in Go
reputation - google-home-security-vulnerability-srlabs-phishing-eavesdropping). For that reason it is recommended not to have these devices in your house. The following are open source AI voice assistants, that aim to provide a human voice interface while also protecting your privacy and security
Mycroft - respecting AI platform, that runs on many platforms (Raspberry Pi, desktop, or dedicated Mycroft device). It is in active development, with thorough documentation and a broad range of available skills, but also Mycroft makes it really easy to develop new skills
Kalliope - on voice controlled personal assistant designed for home automation. It runs well on Raspberry Pi, Debian or Ubuntu and is easy to program with simple YAML-based skills, but does not have a wide library of pre-built add-ons
Project Alias - Gives you full-control, and better privacy of your Google Home or Alexa
Dragonfire - by-design voice assistant frameworks that can be built on by developers, or used by enterprises. [Jasper](https://jasperproject.github.io), [Stephanie](https://github.com/SlapBot/stephanie-va) and [Hey Athena](https://github.com/rcbyron/hey-athena-client) are Python-based voice assistant, but neither is under active development anymore. See also [OpenAssistant](https://openassistant.org).
RefSeek
Matomo
Mycroft - project.github.io), [Project-Alias](https://github.com/bjoernkarmann/project_alias) (for Google Home/ Alexa)
Aegis
Write Freely - Hosted)
Brave - privacy/)), [Vivaldi](https://vivaldi.com)
EteSync - beta-announcement), [NextCloud Calendar](https://apps.nextcloud.com/apps/calendar) (self-hosted), [Radicale](https://radicale.org/v3.html) (self-hosted, also supports contact lists)
Njalla
Cloudflare
NextCloud
Wallmine - activity/stocks)
SkyScanner
Private Kit
ProtonMail - d2adc0&tap_s=724845-260ce4&program=hushmail-for-small-business), [Skiff](https://skiff.com/mail)
OpenStreetMaps
Signal
LineageOS
Cryptee
BitWarden
Monero
Privacy.com
PhotoPrism - Hosted)
F-Droid
DuckDuckGo - hosted), [Qwant](https://www.qwant.com)
SeaFile
Apertium
Geometric Weather
Riot
PeerTube
GIMP
Audacity
Shortcut
HandBreak
VLC Player
Kodi
Blender
GoDot
LuxCoreRender
Matomo
Hexo
Shiori - linux/reminiscence), [unmark](https://github.com/cdevroe/unmark)
Gotify
Strapi
Jami
Paperless
Qor
Rainloop
Mailu - catchall](https://github.com/Pro/exchange-catchall)
PsiTransfer
FileRun
SoGo
LewsNetter - mail)
CryptPad
Snibox
PhotoPrism
Searx
Mastodon
Zammad
Shlink
Gollum
ejabberd - web)
PiHole
E2Guardian
HealthChecks
Homer - dash)
CoreDNS - dns.cz), [Bind 9](https://www.isc.org/bind), [PowerDNS](https://www.powerdns.com)
DomainMod
IPFire
GoAccess
Alerta - dash). [NetData](https://www.netdata.cloud), [PS Dash](https://github.com/Jahaja/psdash)
ShaddowSocks
Statup
RTop
OpenTSBD
OpenVPN
NGINX
Kong
Code Server - workspace](https://github.com/ml-tooling/ml-workspace) (for Data science and ML), [r-studio](https://github.com/rstudio/rstudio) (for R programming)
Phabricator
Docker
Drone - CD/strider), [Jenkins](https://github.com/jenkinsci/jenkins)
Capustrano - deploy/mina), [Munki](https://github.com/munki/munki), [Rocketeer](https://github.com/rocketeers/rocketeer), [Sup](https://github.com/pressly/sup)
FlatDoc - doc/sphinx), [ReadTheDocs](https://github.com/readthedocs/readthedocs.org), [Docusarus](https://github.com/facebook/docusaurus), [mkdocs](https://github.com/mkdocs/mkdocs)
GitBucket - org/gitlab-foss), [Gogs](https://gogs.io)
Weblate
OpenFaas - io/functions), [LocalStack](https://github.com/localstack/localstack), [fx](https://github.com/metrue/fx)
StaticGen.com
Selenoid
Request Bin - Inspect HTTP requests and Debug webhooks
Regexr - Web tool for for creating, testing, and learning about Regular Expressions
JS Bin - Collaborative JavaScript Debugging App, create, test, run and send web code snippets
Koding - A development platform to orchestrates your project-specific dev environment
Judge0 - A web compiler accessed through either an API of web-IDE, for executing trusted or untrusted code
SourceGraph - Self-hosted universal code search and navigation engine
enaqx/awesome-pentest
OnionPi - Create an Anonymizing Tor Proxy using a Raspberry Pi
CIRCLean - A Pi-based USB Sanitizer, plug an untrusted USB in, and get clean files out
Pi Hole - A network-wide ad-block, that improves network performance as well as privacy
Project Alias - Gives you full-control, and better privacy of your Google Home or Alexa
Raspiblitz - Build your own Bitcoin & Lightning Node on a Pi, see also [Trezor](https://github.com/trezor/trezor-firmware) wallet
PiVPN - Simple low-cost yet secure VPN, for the Raspberry Pi (or set up manually, as outlined in [this guide](https://pimylifeup.com/raspberry-pi-vpn-server/))
DeauthDetector - Detect deauthentication frames using an ESP8266, useful to be aware of ongoing wireless attacks
IPFire - Hardened open source firewall to prevent common attacks on your network. Capable of running on a Pi
SquidGuard - Fast and free URL redirector, which can work well as a home caching server
E2guardian - Comprehensive content filtering, with powerful configuration options
DBAN - Bootable hard drive erasers for destroying data
Syncthing - Create automated backups to an external medium
KeePass Portable - Portable password manager. For hardware-encrypted password manager, see [HardPass 2.0](https://hackaday.io/project/21227-hardpass02-hardware-passwd-manager-w-smart-card)
VeraCrypt - Full drive encryption for USB devices
hardware-based security solutions
awesome-windows-apps
awesome-macOS-apps
awesome-linux-software - komorebi
open-source-ios-apps
open-source-android-apps
awesome-selfhosted
**More GitHub Awesome Lists →**
here
personal security checklist
Colourama was found in the PyPI Repository
all these wonderful people
open an issue - privacy/pull/new/main), see: [`CONTRIBUTING.md`](/.github/CONTRIBUTING.md). Contributions are welcome, and always much appreciated* ☺️
![Attribution 4.0 International - privacy/blob/main/LICENSE)
Creative Commons, CC BY 4.0
:octocat: @Lissy93

Programming Languages

JavaScript 17 Python 14 Go 10 C 5 TypeScript 4 Ruby 4 Shell 3 PHP 2 Objective-C 2 C# 1

Keywords

privacy 16 security 10 linux 6 firefox 6 adblock 6 awesome 6 javascript 5 awesome-list 5 open-source 5 firewall 5 windows 4 self-hosted 4 dnscrypt 4 extension 4 android 4 protection 4 monitoring 3 machine-learning 3 macos 3 proxy 3 networking 3 vpn 3 ad-blocker 3 blocker 3 webextension 3 golang 3 docker 3 dns 3 ssh 3 dns-over-https 3 python 3 otp 3 webrtc 3 wireguard 3 ruby 3 cloud 3 email 3 chromium 3 server 3 ios 3 django 2 voip 2 selfhosted 2 artificial-intelligence 2 chat 2 gui 2 tracking 2 blacklist 2 cross-platform 2 mail 2